Wednesday, July 27, 2016

ExpressVPN protects your on-line anonymity and privacy

This post reviews ExpressVPN, a hosted Virtual Private Network (VPN) service. A hosted VPN service is a paid subscription service. With a VPN, all your Internet communication is encrypted and passed through a secure proxy (the VPN server) before continuing to the intended destination. To the rest of the world, the Internet traffic appears to come from the VPN server, not your home computer.


Why VPN?

Subscription to a VPN service provides many benefits. For a brief video introduction, please click here.


Anonymity and privacy



When you connect to the Internet, you are exposing yourself to the world of hackers and government spy agencies who want to track your on-line activities, and steal your private information.

Many people have misplaced their trust in the Internet Service Providers (ISP) to protect their on-line anonymity and privacy. It is generally well known that ISPs do log your Internet activities. They are obliged to hand over the data if they are subpoenaed by government authorities.

The tech savvy may run Tor, a popular security tool, on their home computers. But, running Tor by itself is not good enough. While the data is well protected, your ISP does know that you are using Tor. The mere usage of Tor may arouse suspicion and attract extra unwanted attention from the authorities.

By using VPN, all your Internet data and activities (including Tor usages) are protected, even from your ISP. The key is that the VPN vendor must not track your VPN traffic. This "no data logging" policy is written into ExpressVPN's terms of service agreement.


Breaking censorship


Even if you live in a democratic country, you may be subject to regional Internet restrictions. For example, I cannot watch NBC on-line because I live in Canada and they restrict access to American viewers only. Likewise, American viewers cannot stream hockey games from the Canadian CBC website.

With a VPN, you can break censorship by opening a VPN connection to a server located in the target country. For example, to watch the American NBC, I connect my computer to a VPN server located in the USA. In this way, my request to watch NBC is granted because it appears to come from an American location.

For better security and service to you, VPN vendors must deploy servers in as many cities and countries as possible. ExpressVPN's servers are located in 136 cities across 87 countries. This should cover the location requirement for most people.


VPN service features


Pricing & payment options

ExpressVPN's pricing is not the cheapest in the industry. However, it does offer a flexible term: you can sign up for 1 month, or you save money by committing for 6 or 12 months. All plans come with a generous 30-day money-back guarantee, and 7x24 live chat support.

I like the payment options that ExpressVPN offers. In addition to the major credit cards, ExpressVPN also accepts PayPal and Bitcoin. If you pay with a credit card, your identity is associated with your VPN account. On the other hand, you can buy bitcoins anonymously. If you pay with bitcoins which you purchased anonymously, you remain anonymous even to the VPN vendor.

Linux support

Many VPN vendors claim support for Linux. Windows users can download a VPN client which automatically configures your VPN connection. In contrast, the degree of Linux support is often in the form of instructions on how to manually set up a VPN connection.

ExpressVPN's Linux support is exceptional. You can download the VPN client for major Linux distributions such as Debian, Ubuntu, Fedora, and CentOS. You use the client for all your day-to-day VPN operations, such as connecting and disconnecting from the VPN, listing available servers, and reporting the connection status.



Installing ExpressVPN client


After you sign up for the service, download the VPN client according to the instructions in the official welcome email. You need to specify the Linux distribution before the download can proceed. For Debian or Ubuntu, select Ubuntu (there is no Debian option per se). Similarly, for Fedora or Centos, select Fedora.

It is also a good idea to download the VPN client's
signature file. For instructions on how to use the signature file to verify the client download, click here.

After you successfully download the client (expressvpn_1.1.0_amd64.deb), installing it is as easy as running the following command:


$ sudo dpkg -i expressvpn_1.1.0_amd64.deb

Next, you need to activate the VPN service. Note that you only need to do it once. You will be prompted to enter the activation code as provided to you in the welcome email.


$ expressvpn activate

You can download and install the VPN client on as many devices as you wish. But, you can only
have a maximum of 3 simultaneous VPN connections.

The next section explains how you will use the ExpressVPN client.

Useful commands

To connect to the VPN, run this command:


$ expressvpn connect
Connecting to Smart Location...
Connecting to Canada - Montreal - 2... 100.0%
Connected.

Note that I did not specify which VPN server to connect to. When you connect for the very first time and you do not specify the server, it will default to a recommended server, the 'smart' server, e.g., Montreal. In subsequent connections, it will default to the previous server.

What if I don't want to connect to the Montreal server? I live in Vancouver which is about 4,000 kilometres (or 2,485 miles) away from Montreal. So, I want to connect to a nearer server.

To switch servers, follow the steps below.

  1. List the available servers using the following command.
  2. $ expressvpn list    
    ALIAS COUNTRY            LOCATION          RECOMMENDED     
    ----- ---------------    ----------------- -----------    
    smart Smart Location     Canada-Montreal-2  Y
    ...
    usny  United States (US) USA - New York     Y
    ...
    usse                     USA - Seattle      Y
    ...    
    
    Of all the servers, it turns out that Seattle is closest to Vancouver. Later, I will use the alias "usse" from column 1 as a short form for the Seattle server.
  3. Disconnect from the current server.
  4. $ expressvpn disconnect 
    
  5. Connect to the target server.
  6. $ expressvpn connect usse   
    Connecting to USA - Seattle...  100.0%   
    Connected.
    

To verify the status of the VPN connection, run this command:


$ expressvpn status
Connected to USA - Seattle


Performance test



A VPN service encrypts and reroutes your Internet traffic through the VPN server. Because of this indirection, it adds some level of overhead to the VPN speed performance.

To measure the performance overhead of ExpressVPN, I run the following tests.

  1. Baseline (No VPN)

    I run 3 tests without VPN. A good test tool to use is Speedcheck.org. Each test measures the download and upload speeds. Results from the 3 tests are averaged and recorded in the row labeled 'No VPN' in the table below.

  2. VPN connection to the nearest server (Seattle)

    3 more tests were run with VPN connection to the Seattle server. Note that the download and upload speeds take a 21% and 18% hit respectively when you compare the results with tests performed without VPN. A drop in speed is unavoidable because of the inherent VPN performance overhead. This level of performance degradation is often acceptable to most users, and can be viewed as the cost of protecting your on-line privacy and anonymity.

  3. VPN connection to the smart server (Montreal)

    The Montreal server is located 4,000 kilometres (or 2,485 miles) away from Vancouver. In contrast, the Seattle server is only 200 kilometres (or 124 miles) away. In light of the greater distance, it is not surprising that the Montreal speed tests took a bigger hit than the Seattle tests.

VPN status Ave download speed (Mbps) Download speed penalty (%) Ave upload speed (Mbps) Upload speed penalty (%)
No VPN 26.73 N/A 6.69 N/A
Connected to USA - Seattle 21.10 21 5.49 18
Connected to Canada - Montreal 18.80 30 5.40 19

Summary & conclusion



Pros


  • Excellent Linux command-line interface

  • 30-day money back guarantee

  • 7x24 customer support via live chat or email

  • PayPal, Bitcoin and many more payment method options



Cons


  • Restricted number of devices for simultaneous connections






There are many VPN solutions in the market. But, if you are looking for Linux support, you should definitely give ExpressVPN a try. Linux power users will enjoy the use of the command-line VPN client.


Disclaimer

Linuxcommando was provided a free ExpressVPN subscription for this review.

Tuesday, January 26, 2016

Running bash commands in parallel

Introduction


A modern server is typically multi-core, perhaps even multi-CPU. That is plenty of computing power to unleash on a given job. However, unless you run a job in parallel, you are not maximizing the use of all that power.


Below are some typical everyday operations we can speed up using parallel computing:

  1. Backup files from multiple source directories to a removable disk.
  2. Resize image files in a directory.
  3. Compress files in a directory.

To execute a job in parallel, you can use any of the following commands:

  • ppss
  • pexec
  • GNU parallel

This post focuses on the GNU parallel command.

Installation of GNU parallel

To install GNU parallel on a Debian/Ubuntu system, run the following command:

$ sudo apt-get install parallel

General Usage

The GNU parallel program provides many options which you can specify to customize its behavior. Interested readers can read its man page to learn more about their usage. In this post, I will narrow the execution of GNU parallel to the following scenario.

My objective is to run a shell command in parallel, but on the same multi-core machine. The command can take multiple options, but only 1 is variable. Specifically, you run concurrent instances of the command by providing a different value for that one variable option. The different values are fed, one per line, to GNU parallel via the standard input.

The rest of this post shows how GNU parallel can backup multiple source directories by running rsync in parallel.

Parallel backup

The following command backs up 2 directories in parallel: /home/peter and /data.

$ echo -e '/home/peter\n/data' | parallel -j-2 -k --eta rsync -R -av {} /media/myBKUP

Standard input

The echo command assembles the 2 source directory locations, separated by a newline character (\n), and pipes it to GNU parallel.

How many jobs?

By default, GNU parallel deploys 1 job per core. You can override the default usint the -j option.

-j specifies the maximum number of parallel jobs that GNU parallel can deploy. The maximum number can be specified in 1 of several ways:

  • -j followed by a number

    -j2 means that up to 2 jobs can run in parallel.

  • -j+ followed by a number

    -j+2 means that the maximum number of jobs is the number of cores plus 2.

  • -j- followed by a number

    -j-2 means that the maximum number of jobs is the number of cores minus 2.

If you don't know how many cores the machine has, run the command below:

$ parallel --number-of-cores
8

Keeping output order

Each job may output lines to the standard output. When multiple jobs are run in parallel, the default behavior is that a job's output is displayed as soon as the job finishes. You may find this confusing because the output order may be different from the input order. The -k option keeps the output sequence the same as the input sequence.

Showing progress

The --eta option reports progress while GNU parallel executes, including the estimated remaining time (in seconds).

Input place-holder

GNU parallel substitutes the {} parameter with the next line in the standard input.

Each input line is a directory location, e.g., /home/peter. Instead of the full location, you can specify other parameters in order to extract a portion thereof - e.g., the directory name(/home) and the basename (peter). Please refer to the man page for details.

Summary

GNU parallel is a tool that Linux administrators should add to their repertoire. Running a job in parallel can only improve one's efficiency. If you are already familiar with xargs, you will find the syntax familiar. Even if you are new to the command, there is a wealth of on-line help on the GNU parallel website.