Saturday, August 31, 2019

Government Assistance on Welfare Programs

S. B. 311 will reform the current system of welfare. The reform of the national system is based on the Wisconsin Works or W-2 bill. The bill makes it necessary for people receiving financial, medical, and other various types of government assistance to work for what they receive. The goal of this bill is to eventually get everyone off of the current welfare system. This bill requires everyone who is currently receiving welfare to find employment or enter a job training program. The part of the W-2 bill that will be included is the part that deals with job location. Every participant would have to meet with a financial and employment planner, who would help develop a money and time management program for that person. They would also determine which level of employment or training the participant is ready for. Here are the levels from top to bottom: Unsubsidized Employment: People entering at this level will be offered the best available and immediate job opportunity. If the job does not provide a high enough income to support oneself, income credits, food stamps, Medical Assistance, and child care may be accessible for 6 months. This period of time is given to the participant to locate a higher income job. Trial Jobs: These jobs are designed for people who are not able to locate unsubsidized work. The bill would cover added costs to the employer for training an employee which might need extra support in job training for the first 3-6 months. These trial jobs should result in permanent positions. While a participant is working at a trial job the would be eligible for all of the current assistance programs. If a person quits a trial job they will be ineligible for any further financial or any other type of assistance. Community Service Jobs: This category is reserved for people who do not have the job skills necessary to be hired by a regular employer. CSJ workers would receive $700 per week for up to eight months. During this period, a participant would have to work 30 hours a week and have 10 hours of educational training a week. After the eight months, the participant would be transferred to a trial job. Transition: Transition jobs are only for those people unable to perform self-sustaining work. These participants would receive up to $700 a week for up to a year. During this period, a participant would be required to have 30 hours of work and/or developmental training a week and 10 hours of educational training a week. Participants would be eligible for all assistance programs and would be required to move to the CSJ category after a year. These are the measures that would be taken to help people find employment and permanently get them off of welfare. The current national system that is being used for work requirements is TANF. TANF stands for the Temporary Assistance to Needy Families. The required number of monthly hours of participation in the program is 25 hours for 1999. Job skills ttraining, education related to employment, and secondary school or GED completion does not count towards the first 20 hours of participation. They can be in the program for up to 24 months and can receive all of the current welfare benefits. Then job searching is allowed for an additional 3 months, while participants still receive benefits. The only punishment this programs implements for able adults that do not work is that the adult would only receive foods stamps for 3 months out of a three year period. However, the person would still be eligible for other assistance benefits. The current national system seems like a joke. It is practically encouraging people not to work. It has a basis for some practical ideas, but the requirements are far too small and there is virtually no motivation for a person to work. Everyone is not given an equal chance to get a job growing up, but that does not mean working Americans should have to support them. S. B. 311 proposes a practical working plans for unemployed citizens and also has rigid standards. The expectations are high of the participants, but it is time that unemployed people have to work for what they receive. The bill proposes a plan which provides adequate assistance for people receiving job training and assistance to those who are starting unsubsidized work. On the other hand, the guidelines of the bill were designed not to tolerate an unwillingness to work. If a person chooses not to work, or to go through the levels of job training, they will receive no government assistance. This seems harsh, but who wants to support someone who refuses to work? The participants of this program are given more than a fair chance to find employment and if they choose not to work, they will suffer the consequences.

Australia Pre-Primary Education Industry Essay

Rising Traction of Private Players to Foster Growth of Australia Pre-primary Education Industry: Ken Research The pre-primary education and childcare markets in Australia have showcased separate growth trajectory over the years. The pre-primary market in Australia is an emerging market characterized by the rising awareness about the quality early childhood education and care amongst parents. Although the public spending on the pre-primary education in Australia is amongst the lowest spending countries in the OECD, the government has taken substantial steps to promote the access and the importance of the pre-primary education amongst the masses. The regional pre-primary markets in each of the state or territory differ from another as the governing system is decentralized. Henceforth while the market-run kindergartens account for a dominant share in the states such as New South Wales, Victoria and Queens land, in states including Western Australia, South Australia, Tasmania, Australian Capital Territory and Northern Territory, a vast majority of preschools are government funded and run. Subsequently, the format of education and age-group of the children varies accordingly. The childcare market in Australia is a developed and matured market and is marked by a high degree of fragmentation. The childcare market caters to children aged up to twelve and has experienced a steady growth in the last six years, propelled by high demand prevailing in the market. In the last few years, childcare market has been increasingly recognized by the government as a means of increasing women’s employability in the workforce. Henceforth, various provisions such as Child Care Rebates, Child Care Benefit have been provided, which has encouraged increasing enrollments in this sector. The market revenues of the childcare market have increased from USD 7,081. 6 million in FY’2008 at a CAGR of 5. 6% during FY’2008-FY’2012. The marketplace of pre-primary education and childcare industry in Australia has witnessed a growing number of market players after the fall of the market leader ABC Learning in FY’2008. A majority of the ABC centers was taken over by Goodstart Learning, a nonprofit organization, which accounted for ~% of the market share of the childcare market in FY’2012. Other major players include G8 education and KU children services. The market has showcased an increasing number of profit-making players over the years, owing to the growing attractiveness of the market. With the increasing number of Long-day care centers providing preschool education, the pre-primary education market of Australia has been reflecting signs of growing integration with the childcare market. As the number of nuclear families and women workers has grown in the Australian economy, the dependency on child care has also consequently increased, leading to many preschools providing child care services as well. The report â€Å"Australia Pre-primary Education and Childcare Industry Outlook to FY’2017† provides detailed overview on the pre-primary education and childcare industry from various perspectives. The report encloses a comprehensive analysis of the various segments of the market reflecting the present scenario and future growth affected by changing industry dynamics in coming years. Additionally, the report also entails information about the public and private sector initiatives, rational analysis of the macroeconomic factors, along with the profiles of the major market players of the pre-primary education and childcare industry. The report will help industry consultants, companies and other stakeholders to align their market centric strategies according to ongoing and expected trends in future. For more information on the industry research report please refer to the below mentioned link: http://www. kenresearch. com/education/pre-school-education/australia-pre-primary-educationresearch-report/398-99. html The report titled â€Å"Australia Pre-Primary Education and Childcare Industry Outlook to FY’2017Increasing Influx of Private Players to Foster Industry Revenues† provides a detailed analysis of the preprimary education and childcare industry covering various aspects including market size of pre-primary education and childcare markets in terms of revenues, enrollments, establishments and number of teachers, and market segmentation on the basis of gender and region-wise enrollments and type of funding institutions along with ongoing trends in the industry. The report also includes competitive landscape and profiles of the major players operating in the industry. The future projections are included to provide an insight on the prospects in the Australia childcare market. The pre-primary and childcare industry of Australia is a diverse market which has undergone significant changes over the years. The pre-primary education and childcare markets in Australia are distinguished by the age-group of the target population and the mode of education. The childcare market of Australia is a matured market serving to children aged up to twelve. The type of services provided in the Australian market is quite diverse catering to the various needs and requirement of the families. The revenues of the child care market have grown strongly over the years, with supply largely keeping in pace with demand. Over the past years, child care in Australia has evolved from a form of early learning and education to a key mechanism to support labor force participation. The market for the childcare is competed by private businesses, communities and government run centres. The pre-primary education market of Australia is an emerging market marked by low penetration of the services. The enrollment rates for the children aged 3 and above are still very low. The formats and settings for preschool education in Australia vary from one state or territory to another with departments of education responsible for governing the preschool sector each state. Consequently, the market setting of pre-primary education sector is assorted, with Queensland being one of states which has mandated the admission in the pre-primary education for young kids. Preschool programs in Australia are run by both government and non-government services, including community preschools and child care providers. The competitive landscape of the Australia pre-primary and childcare industry is quite fragmented which has witnessed increasing market entries over the years after the fall of ABC Learning in FY’2008, the market leader the industry. Presently, the childcare market of the industry features a number of players which operate on non-profit basis. However, the increasing influx of the profit-making players has been driving the revenues of the market in recent years. Goodstart Learning, G8 education and KU children services constitute some of the major players of the industry. The pre-primary education and childcare industry in Australia has been witnessing growing integration of the pre-primary and childcare markets with the increasing number of Long day care centers with preschool programs in the country. Preschools with childcare facilities are increasingly becoming a common phenomenon, with increasing trend of customized services being offered by the providers. Computer-based education has also entered into the preschool segment, reflecting the increasing quality of the education imparted.

Friday, August 30, 2019

Mental Freedom

Definition Essay- Mental Freedom It has been said that the mind is a powerful instrument and whatever the mind perceives, the body can achieve. Although these statements are used very often, the power that the mind holds is still underestimated in my opinion. Mental freedom means being able to express the constructive qualities of the mind easily and more understandably. These qualities include self-expression, analysis, responsibility, patience, etc. Though physical freedom is important, one should also remember that this physical liberty is almost insignificant without being mentally free.It is through this mental freedom that one can be able to have an open mind and be able to reach their highest potential. Also, being able to enlighten others and move forward as a community. However, this freedom is often overlooked because of the mindset of an individual, community or society on a whole. It is also not easily seen unless being contrasted by the term ‘mental slavery’ which is more commonly spoken about in society. The word mental means ‘of or relating to the mind’ and slavery means to be in a state of subjection.Slavery is also synonymous to the word bondage and emphasizes the idea of being controlled. Therefore, the phrase ‘mental slavery’ implies one’s thoughts being controlled by someone else and being forced to think the way that person does and not being able to express one’s personal train of thought. Being mentally enslaved is dangerous because it leads a person to eventually having a lack of individuality and readily accepting and believing what is told to them. In extreme cases, it may even lead to self-hate.When a person has this state of mind, it proposes many problems because it gives way to this person letting go of their culture, traditions, or heritage, and these are the qualities that allow society to be as diverse as it should be. One can almost say that mental bondage destroys a person p sychologically because they begin to lack, or no longer possess, originality. Having that lack of originality may be self-restricting as this is a quality that helps one to reach their highest potential.As the prolific and popular American writer, James F. Cooper, once said, â€Å"All greatness of character is dependent on individuality. The man who has no other existence than that, which he partakes in common with all around him, will never have any other than an existence of mediocrity. † Therefore, being mentally enslaved, or lacking that mental freedom, inhibits growth and causes one to create a mental prison for themselves, thus leaving no room for independence.Having that lack of independence may cause a person to be subjected to any kind of power from a majority, not necessarily because they hold the most legitimate viewpoints, but because they seem to be the strongest group. Henry David Thoreau, an American writer and philosopher best known for his attacks on American social institutions, believed firmly in the importance of independence, individuality and self-reliance.Thoreau spent a night in jail refusing to pay taxes in protestant of the Mexican War and disconnected himself from the American government ideologically to indicate his refusal of participation in their institutions. This was Thoreau’s mental freedom from the government’s view of slavery during the 1800’s and he was able to state this on paper when he wrote his essay Civil Disobedience which showed his objections against the actions of the government. Thoreau’s essay spoke about transcendentalism, a philosophy that shows the importance of mental freedom.This philosophy rejects the idea that knowledge can be fully derived from observations of the physical world or through the experiences of others, but rather through the individual examining how they came to know things. This idea targets the individual analyzing their own thought-process and focusing o n their own connections and experiences which can only exist through intuition and feeling, and not through the information or thoughts others try to feed them.According to this philosophy, through mental freedom, one should be able to gain self-reliance and individuality which is critical for people to find truths within themselves and live their lives through reason and not based solely on the opinions of others. Another famous writer whose work demonstrates the importance of mental freedom is Fredrick Douglass. However, in this case, Douglass was not only mentally enslaved but also physically a slave. In his autobiography, Narrative of the Life of Fredrick Douglass, An American Slave, he tells his story of being born a slave and the struggle it took to really know what hat meant. As he gets older, he is taught an important lesson, the power of literacy, after his master forces his wife to stop teaching a young Douglass how to read. Fredrick Douglass then determines to continue hi s education by befriending white children and learning how to read and write from them. This is the point in his life where he realizes one can only be kept in slavery as long as they are in ignorance. Douglass then becomes mentally emancipated from the idea of him having to be someone’s slave and destines that he would no longer have someone control him.In the future, he is able to buy his physical freedom from his slave master and become a famous antislavery writer that tells his story about how he broke away from bondage and helps others still caught in its trap. From the story of Fredrick Douglass, one can see that just his refusal to accept himself as a slave and not be limited to what his masters wanted of him, he was able to reach his full potential and also enrich the lives of others who need to gain mental liberty. Also, his mental freedom led to his physical freedom.Through the experiences of Thoreau, Douglass and other daily examples in society, such as inner city teens limiting themselves by not going to college because they see it pointless if they are not as privileged as other children with well-paying jobs and careers, one can see how important it is to be mentally free and not create psychological prisons for oneself. Mental freedom means showcasing and expressing individuality and building up motivation and confidence within that individual.It also means exhausting the possibilities of restricting oneself to a point that someone else thought they should not pass and enlightening others on their way to exceeding those restrictions. An enslaved mind is like a blind person; they only know the world through the opinions of others around them, but unless that blind person decides to help themselves, or that person decided to be mentally free, then can they have their personal experiences that give way to a higher potential in life.

Thursday, August 29, 2019

Computer Operating Systems Research Paper Example | Topics and Well Written Essays - 3250 words

Computer Operating Systems - Research Paper Example It manages the resources of the computer. It allocates the CPU, memory and the input/output devices. It manages the data that is it handles the storage of the data it manages the input and output. It enables communication between the system and the user. There are different types of operating system available in the market such as Real-time, Multi-user, Multi-tasking, Distributed and Embedded. Real-time operating systems are used in applications which are real-time . Multi-user operating system are useful when there are more than one users to access a single computer at the same time. In Multi-tasking operating systems different tasks are executed at the same time. In Distributed operating system many computers are connected together to give the appearance of a single computer. Embedded operating systems are used in systems which are embedded. â€Å"Examples of popular modern operating systems include Android,BSD,iOS,GNU/Linux,Mac OS X,Microsoft Windows, Windows Phone and IBM z/OSâ €  (Operating System para. 4). In this research we will discuss various operating systems such as Snow Leopard, Windows, Linux, Unix and Ubuntu. We will study the advantages and disadvantages of these operating systems. We will also learn how these operating systems are installed in the computer. Snow Leopard – Snow leopard is an operating system used in Macintosh systems. It has a high performance, good efficiency and uses less memory to run. It is compatible with the new hardware of Macintosh. â€Å"New programming frameworks such as OpenCL were created allowing software developers to use graphic cards in their applications† (Mac OS X Snow Leopard para.2). It is not compatible with the Mac systems which use processors like PowerPC. â€Å"As support for Rosetta was dropped in Mac OS Lion, Snow Leopard is the last version of Mac OS X that is able to run PowerPC-only applications† (Mac OS X Snow Leopard para.2). It supports Intel’s Core Solo and Core Du o Processors which are 32-bit. Power is managed properly as new features like the â€Å"wake on demand feature supported on more recent Macintosh hardware. Wake on demand takes advantage of the sleepy proxy service implemented in Airport and Time Capsule routers, so that the computer can sleep while the router responds to mDNS queries. Should the request require the host computer to wake up, the router sends the necessary special wake-up-packet to sleeping computer† (Mac OS X Snow Leopard pg.4). System requirements of Snow Leopard are – A Mac Computer consisting of Intel processor RAM of 1GB Minimum 5GB free space DVD drive or USB for installing Some features need more requirements such as – â€Å"QuickTime H.264 hardware acceleration support, requires an Nvidia GeForce 9400M,320M, or GT330M graphics card† â€Å"OpenCL, requires a supported Nvidia or ATI graphics card† (Mac OS X Snow Leopard pg.2). Advantages and disadvantages – It is best t o use same company’s software and hardware while designing a system, but Snow Leopard uses Intel Processors and Nvidia graphic cards. This affects the performance of the system. There are least chances of virus attacks as compared to windows. There are less gaming features in it as most gaming companies prefer providing softwares for Windows operating system. There are interesting softwares bundled with Snow Leopard. Its desktop is very attractive. Installation – 1. Insert the Snow Leopard installation DVD in to the disk. 2. Double- click Install button. 3. Click on the continue button and accept

Wednesday, August 28, 2019

Should us allow more foreighn workers with VH1 visas Essay

Should us allow more foreighn workers with VH1 visas - Essay Example of immigrants that currently live and work in USA should be considered as extremely high while the entrance of new immigrants in the country on a daily basis (in accordance with the data presented above) is an issue that should lead the country’s governor to take significant measures in order to protect the country from the flows of immigrants mostly by making the procedure for the provision of visas extremely difficult so that the number of immigrants in USA to be limited. Regarding this issue, we could refer to the study of Bach (1986, 139) who noticed that ‘the incorporation of immigrants into the advanced industrial states may be best understood in the context of recent theoretical debates over the changing character of racial and gender inequality’. It should be also noticed that immigration in USA has been related with many aspects of the country’s social and political life. In fact, in accordance with the study of Fairchild (2004, 528) ‘the rac ial politics of immigration have punctuated national discussions about immigration at different periods in US history, particularly when concerns about losing an American way of life or American population have coincided with concerns about infectious diseases’. All the above issues have significant importance in the identification and the evaluation of position of immigrants in USA. The legal and financial support of immigrants arriving in the country (through the provision of necessary documentation in order to have the right to work) should be explained at a next level. In current paper the provision of a particular type of visa (VH1 visa) is being examined trying to identify the effectiveness of the terms required for granting this visa to immigrants across USA. On the other hand, the governmental policies regarding the procedure of granting VH1 visas to immigrants is being examined highlighting the issues that possible appear in relation with the particular problem. Traditionally, USA has been

Tuesday, August 27, 2019

A Study of Chromosome formation through observation of the cell cycle Research Paper

A Study of Chromosome formation through observation of the cell cycle (Abstract) - Research Paper Example We grew union roots to two centimeters, retrieved a 1cm sample, allowed them to steep in a fixative solution for 24 hours which keeps them in stasis, exposed them to hydochloric acid at sixty degrees Celsius, prepared the onion onto a slide, applied the reagent, sealed the slide and observed using an optical microscope. We did a similar process to a kanoi, in order to understand differences and similarities in chromosomal formation. Chromosomal bunching was observed, and it became difficult to distinguish between chromosomes. Most observations were of the interphase period. Chromosomes split, reproduced on DNA molecules during the S stage, became thicker and shorter and produced spindle fiber. Only a tiny minority of cells observed were in metaphase, moving to the equatorial plane; however, this tiny minority was more than expected, as metaphase is by far the most brief phase and it is likely in any given sample that no cells would be in metaphase at the time of the application of th e fixative. Anaphase and telophase samples were also observed. 7% more interphase cells were perceived than would be expected by random chance, well within standard error. P value was .734, larger than expected but still not sufficient to reject the null hypothesis.

Monday, August 26, 2019

Ethical and Legal Problems & Employee Benefits Assignment

Ethical and Legal Problems & Employee Benefits - Assignment Example Thus, protocol ethics are closely associated with equity-based recognition. In addition, employees have to make key decisions either as an employee or as a shareholder. Each of these levels requires different reasoning and responsibilities. Ethics related to loyalty towards the company comes into consideration. For instance, an employee may have knowledge of some sensitive information about the company. However, he is not expected to release such information to ordinary shareholders. Equity-based recognition plan also attract a number of legal issues. Worker, who upgrades their status into shareholders of the company, requires a new set of legislation to protect their interests. For instance, legal issues related to bankruptcy of the company are applicable in the recognition plan. Workers need to know their accountability to the company’s liabilities. Leaders should be aware of possible abuse of employee’s that might result from equity-based recognition. In order to prevent any form of abuse, leaders should ensure that company employees understand their responsibilities and rights both as company employees and as a shareholder. In addition, leaders should ensure that legislation and ethics associated with the plan are clearly stipulated in workers contracts. Retirement benefit authority is a scheme managed by the government to provide financial support to the elderly population. Although the government and other social welfare encourage organization to enroll their employees for retirement benefits, most of them do not provide the benefit. Retirement benefit scheme divide industries into two categories. The first category is for industries that provide the service to their employees while the second category consist industries that do not provide the service. There is also a significant inclination of certain

Sunday, August 25, 2019

The oil and gas industry in Canada Research Paper

The oil and gas industry in Canada - Research Paper Example Most of Canada’s, which is about 283,000 cubic meters per day, is exported. Most of it is imported to the United States. The production of oil and gas in Canada is very efficient. For instance, over 25,000 new oil wells were sunk in 2005. In Alberta province, over 100 new wells are dug every day. Production operations include upstream (mainly, exploration and production of gas and oil), and downstream (here oil and gas is refined, distributed and sold). Most exploration happens in the province of Alberta with many operations in British Columbia and Saskatchewan (Daniel, 2012). Oil fields that have been of paramount importance to Canada economically include, Athabasca Oil Sands in Alberta, White Rose oil field, Terra Nova oil field and Hamburg oil field in Alberta. The oil and gas industry in Canada works within a complex framework of regulations and laws that govern and guide industry operation in terms of the environment, safety, hiring and personnel, land access, landowner rights, surface and mineral rights and many more. For instance, every gas and oil activity must be applied for and given approval before any work can begin. Some major federal players in the Canadian oil and gas industry include National Energy Board and Natural Resources Canada (Ballem, 2011). National Energy Board established by parliament of Canada in 1959 is mandated with the regulation of international and interprovincial aspects of the gas, oil and electric utility industries. It therefore regulates energy development, pipelines and the public interest of the Canadian citizens as concerns matters of oil and gas. The At the provincial level, there is BC Oil and Gas Commission, Saskatchewan Energy and Resources, Energy Resources Conservation Board (Alberta), Ontario Energy Board, Newfoundland and Labrador Natural Resources, and Nova Scotia Energy. The legislation in the oil

Saturday, August 24, 2019

External Analysis on Noble Energy INC Case Study

External Analysis on Noble Energy INC - Case Study Example An organization is directly impacted by the occurrences of the external environment in which the organization functions. Moreover, the external environment provides the impetus and paradigm that shapes the function of a company. A number of reports and observation of the eminent scholars reflected that organization having the ability to adjust itself to the exterior environment, essentially survives in the marketplace. On the contrary, companies that fail to match up with the external requirements get eliminated from the competition and the industry. Therefore, from the above discussion it is obvious that a company should carry out in-depth analysis of the external business environment to enhance the chances of prospering. Proper analysis will not only help in better understanding and formulating appropriate strategies, but will also ensure improved productivity and better performance of the company (Williams and Cutis 4-8). This study will analyze the external business environment o f Noble Energy INC, which is a US based company involved in manufacturing and distribution of petroleum and natural gas. The external analysis of the company will encompass an overview of the general environment. Demographic segment, economic segment, political/legal segment, socio-cultural segment, technological segment as well as the global segment will be highlighted. In addition to the analysis of the external business environment, the study will also shed light on the industry driving forces. The next half of the study will carry out the activities mentioned above. However, before getting further deep into the study, a brief overview of the company is presented below: - Noble Energy INC: A Brief Overview Noble Energy, Inc. also known as Noble Affiliates Inc. is a Houston based oil and natural gas production and exploration Company. The company was founded in the year 1932 and is currently headquartered in Houston, Texas, United States. During the year 1985, the Noble Affiliates spun off the subsidiary Noble Drilling Corporation to the shareholders. This company in turn went public in the early 1990s. From then Noble Energy, Inc. became one of the major brands of as Noble Affiliates and customers started to recognize this company in the name of Noble Energy Inc. It is now an S&P 500 company of the world. During this span of 80 years in the market, the company has been able to achieve colossal success and added several feathers to its cap. Noble Energy is also the first company to have explored the Gulf of Mexico for the purpose of oil exploration. Moreover, it enjoyed so much power during a phase that it helped in shaping the industry as well as shaped its own future. Charles D. Davidson is the current chairman of the company and also acts as the CEO and president of the firm. As per the views of the stakeholders and customers, the company is best known for the proficiency in exploration, flexibility, innovation and technical expertise. Furthermore, the st rong financial platform and a well balanced portfolio offer prospering opportunities across the commodity price and economic cycles. Apart from USA, the company operates in several other parts of the world as well. For example, in South America it operates in Nicaragua and Argentina; in Africa, it functions in Cameroon and

Friday, August 23, 2019

The Worst Day of My Life Essay Example | Topics and Well Written Essays - 750 words

The Worst Day of My Life - Essay Example My brother told me that there was an earthquake in the middle of the night which had shaken the whole house and left it in clutter. I was amazed because I did not move one bit and thus could not recall anything in the previous night. I made my way towards the washroom to find out that there was no water in the entire building as the overhead tank had leaked during the night because of the earthquake. I somehow or the other made it to college within the next 1 hour. There I found out that the class had been delayed until noon. This was a horrid time for me because I had to wait for about 3 hours before the studies could start. I decided to text message my friends and tell them about the re-scheduling of the class. But what was in store for me was something not less than horrible. I had forgotten my cell phone at home. It was later that I realized that all my friends knew that the class would be re-scheduled and hence the reason that literally no one showed up for the class at the designated time. I was left speechless, thanks to the horrible beginning of the day. By then, I had realized that there was something totally insane about the day and which was being experienced by me till then. I went to the cafeteria to get myself some refreshments but I found out that the cafeteria was out of stock on just about everything. I could only purchase chewing gums as these were available and so I did. Chewing gums were an interesting pastime because I do not recall having so many of them at a single time. Noon struck on the college clock and my friends started pouring in. The class finally started. The professor told us that there was a surprise test in store for us which was the last thing on my mind at that time. I had already lost all hope for the day but somehow or the other I took the test. I had forgotten to bring my favorite ball pen resulting in a serious scolding from my lecturer. He told me how naà ¯ve I was in forgetting on my pen and what I would do in the future if I did not stop making such mistakes. I realized my entire future was being carved by my lecturer for a mere pen, but then again that was the kind of day it was in essence.  

Business Ethics Week 2 Term Paper Example | Topics and Well Written Essays - 250 words

Business Ethics Week 2 - Term Paper Example â€Å"Eminent Domain shall not be exercised unless it substantially furthers an important Government interest, and with respect to housing unless it specially fulfills an overriding Government purpose† (Ryskamp, 2007, p. 31). One can accept Eminent Domain as a positive activity if done to take over a decayed or unused area, for constructing institutions like hospitals, schools and other inevitable human requirements, for real economic development of the land, which is in public interest. It will also open up employment avenues and increase revenue of the community. Thus, the final result will be the revitalization of the community around that vicinity. Eminent Domain right will negatively affect individual who are living in that area for a long time, or have been locating their business centre in that area over a considerable period of time. Obviously, their fear that it will affect their business negatively is justified. Therefore, they may not be willing to part with their properly. The confiscation of one’s property without his full will despite for being a ‘just compensation† relates to a person’s feelings and emotions. A person apart from the money worth has feelings and memories attached to a place because it might be his or her roots. Therefore, it hampers the individual’s sentiments when the property or place is confiscated without the full permission of the individual. Quality and professional standard will have distinguished improvement and professional entry will be restricted which will help both government and public to avoid malpractices and encourage healthy competition. Renuemaration and wages of the professionals will have positive changes. Demerits includes factors like consumer cost will be relatively higher and it will force the consumer pay more for specialized work. Besides, it will also restrain the mobility of practitioners.

Thursday, August 22, 2019

North Richmond Street Essay Example for Free

North Richmond Street Essay The combination of emotions of loneliness, love, and the human condition of isolation will be the bridge by which the works, Araby by Joyce, Digging by Heaney, and The Stronger by Strindberg will be examined. Joyce’s story sets the reader up for a fantastical journey taking place at North Richmond Street. In Joyce’s personal style that mixes despondency and blindness. The story is set up to be themed after isolation, and the reader gets a sense of being ostracized. Joyce creates the scene by allowing the setting to have its own characterizations: such as the street being a blind street, the house being at the ‘blind end’. Even the two houses which Joyce disturbing includes in his personification seem conscious of their surroundings, so that the reader becomes fully aware of how eerily set is the landscape. Mangan’s sister is the obsession by which the narrator defines his daily routine. The description of this obsession allows the reader to forgo the likening to a sweetheart and delve into the less traveled trenches of a young boy’s heart and strike straight to love. The story however remains brilliant in its fantastical descriptions of the town, with violet skies, and the impatience of some of the characters. The ostracized nature of the story then becomes one of unrequited love which in its way begets loneliness, which is what troubles, and excites, the narrator, as Joyce writes, â€Å"†¦yet her name was like a summons to all my foolish blood. Her image accompanied me even in places the most hostile to romance. † It is in this power of speech which the narrator becomes entrapped. His lack of gumption defines his loneliness and yet he remains constant through his passion for her. Then, the conversation of going to Araby lights up the narrator’s life. It seems that the best and well thought out theme of the story is that of awe: awe of the girl he loves, and then awe of Araby, as Joyce writes, â€Å"I recognized a silence like that which pervades a church after a service. † However, this awe is short lived, and Joyce transports the reader back into that initial state of despondency and weariness of the human heart, as he writes, â€Å"Gazing up into the darkness I saw myself as a creature driven and derided by vanity; and my eyes burned with anguish and anger† and it is with this anger caused by lost determination, and love, that pervades the essence of the story. Along a similar vein, Seamus Heaney suggests in his poem Digging a slightly more cerebrally active loneliness. The danger in this poem becomes apparent in the first stanza in which the narrator suggests how the â€Å"pen rests; as snug as a gun†, which permits the reader to imagine a theme in the poem equivalent to Joyce’s isolation in Araby. The second stanza reveals an even more macabre scene in which the father of the poem is digging a grave: although the grave at this point may not be a literal grave but perhaps a grave built from years of a job digging potatoes, the essence of a son witnessing a father dig his own grave as it were suggests, not empathy for the parent but rather a gloomy sense of expectancy from the son. This expectancy allows the speaker to put the idea forth to the reader that acceptance of death can be met with anger and cynicism. This cynicism is highlighted by Heaney when he writes, â€Å"By God, the old man could handle a spade† and furthermore, â€Å"Just like his old man. † which tells the reader the speaker is seeing his own future played out from previous generations. Although hesitancy and awe are a bit twisted in this work of literature, the elements from Araby still remain the same; that of a mounting disparagement, in not gaining the things the speaker’s want and the feeling that they’ve met their limit and they fell short. In other words, both works created a world in which the main character in control of their fate was the lack of something: hope. There is no hope in either work; its essence is bashed away, especially in Heaney’s lines, â€Å"But I`ve no spade to follow men like them†. In the end of both stories, the theme of cynicism becomes apparent. The Stronger by August Strindberg is a play in which identity is the focus, and the human emotions which allow the characters to learn, advance, or perhaps share their life story, is trickled through to the reader through irony, and poor circumstances. The play begins with Frau X complaining about the other being alone on Christmas. Here the reader again is witness to the theme of isolation. Although in Araby the isolation was from the self’s inability to act in an emotional state, and in Heaney’s work the isolation was from breaking the tradition of digging, the speaker’s heritage passed from father to son, and ending in a grave, the isolation in The Stronger is one in which isolation is a choice. It is difficult at times to worry into the character’s psyche without knowing a background story of cause and effect but in The Stronger the feeling of choice in any given moment pervades the pages so strongly that the reader is left only with a feeling that the character’s purpose in wanting to be alone can only be given without a sense of despondency. It is with Frau X’s determination in becoming an identity outside of the personality of Mlle Y that best describes the climax of the play. There is action in this play as with the previous stories which suggest character development, whether or not it’s in a positive or negative way; it is progression in the character. Although love was an underscoring element in each story it is with the element of loneliness, and fear which allow each character to develop into themselves, and reveal their inner self to the reader that remains with the reader after the stories are told. In Joyce’s story the boy loves, but cannot act upon that love, being stultified by his emotional state, and driven into a type of fear of speaking, even to the woman who would have sold him a vase for his girl. In Heaney’s poem, the idea of escaping from a history of digging is troublesome, and yet he makes a choice to severe the bonds which could call him to the fate of his father, and father’s father. In The Stronger it is clear to the reader that choice is the main theme of the play; choice to become ones own person and not give into the demands of the other characters. Work Cited Portable Literature: Reading, Reacting, Writing. 6th Edition. Maryland: Kirszner and Mandell Publishing Co. , Thomson Wordsworth, 2007.

Wednesday, August 21, 2019

Religion Essays Religion Versus Science

Religion Essays Religion Versus Science Religion versus Science Science has often challengedreligious dogma, since Copernicus first upset the Church-approved, heliocentricmodel of the cosmos. However, after the Enlightenment, when the empiricalmethod of scientific enquiry was fully established, science has come to be seenas a competing, and viable method of explanation for all phenomena. Darwininitiated interest in the modern science of biology, in The Origin ofSpecies, which advanced the theory of evolution, and this was contra to thetraditional religious explanation. This stated that all animals, humansincluded, were evolved through natural selection from single-celled organismsto the multi-cellular ones that are extant today. This laid the foundationsfor the study of genetics, which was advanced by Watson and Crick whodiscovered the way DNA, the chemical code in each cell nuclei, could replicateitself. In June 2000, the first draft sequence of the human genome waspublished, representing a breakthrough for the Human Genome Project. Creationism The religious explanation forthe origin of life is based on some form of creationist account. This, in themonotheistic religions, and most notably in the Judeo-Christian tradition, is adoctrine, often in the form of a story, of how a superior, divine being createdthe world according to a master plan, and for a teleological end. In theJudeo-Christian tradition, we find such an account in Genesis which manymodern, liberal Christians are content to take as allegory rather than as astraightforward factual account. This tells how God created the world in sixdays, and on the seventh rested. Mankind was created last, and given dominionover all the animals. Humankind is also made in the image and likeness of man,and is for this reason most like God. However, in a later part of Genesis,we learn that woman was created second to man, and was in fact formed out ofhis flesh (the rib of Adam) for the purpose of being a companion to man. It isobvious from this story that man plays a secondary role to God, being formed onhis image and likeness. Religious Objections toEugenics Eugenics is from the AncientGreek eu (meaning well) and genos (meaning tribe, or race). Thescience is therefore concerned with producing the best human beings byselective breeding. The modern understanding of genetics has enabled eugenicsto be carried out on a highly scientific basis, though it is worth noting thateugenics is by no means a modern phenomenon alone. Humans have practisedagriculture and farming for many centuries, and for much of this time haveknown to select the best animals for breeding, so that desirablecharacteristics are passed along to the next generation. In modern times, the science ofeugenics has figured badly in the popular imagination, largely due to the Nazipartys vision of a supreme state (the Third Reich) from which inferior raceswere deliberately excluded (such as the Jews). However, religious objectionsto eugenics do not necessarily stem from its former negative associations. Ifone believes that God played a direct role in the creation of mankind, then itis an upset of a divinely-ordained system to take such a discriminatory view ofhuman sexual reproduction. If God has allowed able-bodied and disabled,healthy and diseased humans to be born, then surely He desires both to be ableto reproduce? Religious Objections toGenetic Engineering Genetic Engineering is thescience of selecting specific genes from cell nuclei, and then splicing theminto a second nuclei, in order to engineer species with a specific gene suchthat could confer some biological advantage. This is commonly done with crops,in order to create strains that have been engineered with a high resistance topests, and so will be less in need of expensive fertilisers. Maybe humans will be able toorder their children, and to ask for certain characteristics to be selectedfor their offspring. These could range from the trivial, such as eye-colour orhair colour, to biological, such as resistance to disease and full physical andmental soundness, to the more subjective, such as musical talent or high IQ.However, there have been increasing worries over the application of geneticengineering to humans. Religious objections usually stem from the idea that itis an act of hubris to meddle with the created order. Religious objections stemfrom the eschatology contained within most religious doctrine. This means thatsome idea about life after death is a significant part of most religiouscodes. If can extend life for many, many more years, then this naturally leadsus to wonder about the importance of life after death as well. The idea ofHeaven, salvation, or even damnation may recede in importance as average life expectancyis extended well beyond the traditional Biblical three score years and ten. The Human Genome Project hasshown conclusively that we do in fact share the majority of our genes withother species especially other vertebrates. This is troubling for those whohold that mankind is separate and above other animals, since we are created inthe likeness and the image of God. Conclusion As difficult as the ethics ofgenetic technology are, we should remember that scientific advancement hasoften been viewed in negative light, initially. Organ transplantation startedin the 1970s, and was first seen as controversial, yet now it is a routinepractice, and there are very few who have any religious objections to thismedical procedure. Geneticengineering and eugenics have both advanced by leaps and bounds in the 20thcentury, and no doubt will continue to do so, as humans continue to facesignificant population problems which could be eradicated by genetictechnology. It seems that genetic technology could solve many of theseproblems, such as disease and ageing. However, religious objections remind usthat these new technologies often ask as many new questions as they answer. Bibliography C.Deane-Drummond,B.Szerszynski, R.Grove-White (eds) Re-ordering Nature: Theology Society andthe New Genetics (London, TT Clark Ltd, 2003) C.Deane-Drummond (ed) Brave New World? Theology,Ethics and the Human Genome (London, TT ClarkLtd, 2003) A.Bruce D.Bruce (eds) Engineering Genesis:The Ethics of Genetic Engineering in Non-Human Species (London, EarthscanPublications Ltd, 1998)

Tuesday, August 20, 2019

Impact Of Globalisation For Children And Families Education Essay

Impact Of Globalisation For Children And Families Education Essay What is globalisation. Globalisation is the process by which the world is becoming increasingly interconnected as a result of massively increased trade and cultural exchange. Globalisation has increased the production of goods and services†¦ Although globalisation is probably helping to create more wealth in developing countries it is not helping to close the gap between the worlds poorest countries and the worlds richest (BBC, 2012). As we can see from the definition of globalisation that it has created great impact on the world. Every child is different. Children vary from the way they brought up and the culture of their society and what they learn from their environment (Penn.H, 2004). Since environment, society and culture affects the children and family due to the differences in the world. We understand that globalisation impacts the world and the world indirectly impact the child through a chain of reaction (Bronfenbrenner, 1990). As you go along we will discuss on the pr ocess on how the children are being affected by globalisation by using the bronfenbrenners ecological theory and then moving on to what ways the globalisation can impact the child. From there we will look into the different kind of impact it has on the poor and the rich. Finally in our conclusion we will evaluate on how the children are being protected or given help to overcome the globalisation. Let me move from the outer layer of the ecological system to the inner layer which is where it is referred to the child. Macrosystem This is the outer most layer of the ecological system. In this system it involves the law, policies, values and customs (John.R, 2001). They are first area which been affected by the globalisation. The impact of globalisation causes the laew and policies to change and it will then have an influence on the values and customs of the people. This then interconnected and affects the next layer of the ecological system which is the exosystem. Exosystem- this system consists of Community, Society and culture (John.R, 2001). The impact of globalisation passes from macrosystem to exosystem by creating a change in the community. When law n polices changes it also brings in the change in the community. Peoples mind sets and the priority of the community changes according to how the polices and laws are being changed. This community changes are brought into home practices and even to the schools and lastly makes difference in the beliefs and culture of a family. Thats how the exosystem interconnects with mesosystem. Mesosystem this system consist of Family, School and Religon (John.R, 2001). The impact from the law connects to the community and slowly connects to the individual families of the community and as well as the schools of the community. When families are being affected by the globalisation through the chain effect it is then passed down to their children. When schools have any changes in their practices then its passed down also to the children. This impact moves to the closes layer to the child which is the microsystem. Microsystem This system consist the child himself (John.R, 2001). Now we have seen how the globalisation interconnects with one another and finally impacts the child indirectly. Through this we understand the process on how globalisation impacts the child but now we are going to see in what ways those globalisation impacts the child and the difference between the impact on the poor and the rich. We learnt that through globalisation culture and beliefs changes as well. The upbringing of a family from a low literacy family is different from the highly educated family. The poor might not understand the importance of education and childrens well being as much as the rich. Due to the rapid changing world the rich will proceed fast and their children will gain all the benefit of the changing world. Experiencing IT, and technology based school infrastructure. But the child from the poor will lose out from all the benefits due to the lack of awareness. The other reason for the impact is the finance. During globalisation, if there is a downfall it may cause high unemployment rate and it will make the community to have financial crises. When community has financial cr ises it means some member of certain families are unemployed and this would affect the ability to provide for the child, be it medical or education. This situation is mostly affected by the poor rather than the rich. It is because the rich would have a basic amount of money to sustain through the downfalls whereas the poor are solely depended on the monthly income to run their family. During globalisation when the economy is picking up it is also going to pick a toll on the poor because when economy is high the living expense gets increased. It is commented in BBC that globalisation brings in a wide gap between the poor and the rich (BBC, 2008). Therefore from here we can see that the children from the poor families are being mostly affected then the rich children. Poor families are enable to give the children the full benefits and meet the basic needs of the children like education, healthcare and even safety. The environment and the community of the poor families have great influe nce in the children. Children might get hurt from fights in the neighbourhood or even get into bad company and go into illegal activity. Whereas the community of the rich are educated and the environment is safe for the children compared to the poor. Through this it is able to see that children from the poor need help from globalisation. Many Schemes from different countries are working to help all children to gain the benefits of education, health and safety. Schemes like Triple P from Australia, Head start from USA and Sure Start from England are working towards the aim to provide the best for the children. Some schemes brought in by Singapore government to help the children to get what they deserve are subsides from Ministry of Community Development, Youth and Sports (MCYS). Every child born in Singapore gets baby bonus to support their medical and education (MCYS, 2012). There are also different racial communities to concentrate on their racial group people and help the needy in any assistance they need. Schools come out with newsletters and parenting seminars to educate the parents on the importance childhood education and parenting skills. These schemes may be of great help for children and families to overcome the impact o f globalisation. In this assignment we have discussed on how the globalisation impacts children with the help of bronfernburrners ecological theory. We were able to see the interconnection of the world to the child. From there we broke down to the different ways globalisation can impact a child and its family and how it affects the poor and the rich. We also covered on how different nations have brought in schemes to help the families to provide the best for children. We took Singapore and listed the various ways it helped in providing the best for the child and its family. With this we evaluated that there is great impact on children due to globalisation. Referencing Penn, H, 2004. The Globalisation of Early childhood Education and Care. An Introduction to Early Childhood Studies , 2 edition, 47- 59 Government of Singapore. 2012. Ministry od community Development, Youth and Sports (MCYS). [ONLINE] Available at: http://app1.mcys.gov.sg/. [Accessed 25 October 12]. Bronfenbrenner, U. 1990. Discovering what families do. In Rebuilding the Nest: A New Commitment to the American Family . [ONLINE] Available at: http://www.montana.edu/www4h/process.html. [Accessed 25 October 12]. Ryan, J, 2001. Bronfenbrenners Ecological Systems Theory. [ONLINE] Available at: http://people.usd.edu/~mremund/bronfa.pdf. [Accessed 25 October 12]. GCSE Bitesize. 2012. BBC. [ONLINE] Available at: http://www.bbc.co.uk/schools/gcsebitesize/geography/globalisation/globalisation_rev1.shtml. [Accessed 25 October 12].

Monday, August 19, 2019

The Impact of the System of Patronage Upon Works of Art Essay examples

The Impact of the System of Patronage Upon Works of Art During the Renaissance, the system of patronage came into being, mainly as a reflection of the increasing capitalist emphasis being placed on life in Renaissance Italy, most notably in Florence. In its very nature as a commercial, capitalist place, Renaissance Italy was a hugely competitive place. It was therefore not surprising that works of art were very often commissioned for competitive reasons. During the Renaissance, art was not just as we think of it today, as an expressive, interesting creation. Art was a focal point of society, and a very powerful tool that powerful people used to gain an advantage. Discarding the effects it had on society for a moment, it was the key feature of the Renaissance. In earlier times, art had less status. However, mirroring the economic development of the time, art became the thing to spend money on, for various reasons. Money lay at the centre of art, and that is why patronage is so important. The system of patronage is a wide term and therefore there are a number of influences to consider when answering this question. Among them are the glory of the family; the honour of the city; the increasing economic power of individuals and groups; and the classical legacy that influenced art so much. Although in the later Renaissance time, Rome became increasingly involved (with the Pope's influence), Florence and Venice were the two leading protagonists as centres of culture in the earlier years. Not surprisingly, they were also the two leading cities economically. The two cities heavily competed with the other; honour was of primal importance. As merchants and artists were encouraged to travel as much as possible, innovative ideas in pieces from other cities quickly became incorporated into artists' own city. For example, after the death of Savonarola, Florence sought to make her constitution much more similar to Venice's. As a reflection of this, a large room in the palace of the signoria was designed to act and look like Venetian Hall of the Great Council and two huge frescoes were commissioned, one by Leonardo, the other by Michelangelo. By commissioning their own great works of art, smaller states could quickly achieve prominence and be "put on the map". Padua and Mantua were two lesser states at the beginning of the Renais... ...is was the greatest period in the history of art because of the healthy economic situation of Renaissance Italy. The rich did not save their money. Art was the thing to spend disposable income on. It was a way of showing wealth and gaining prestige and influence. Without patronage and consumer demand, being an artist could not have been a profession. In the Renaissance, wealth was power. And wealth was shown through owning works of art. So, as has been seen, the system of patronage was extremely important in Renaissance Italy. It brought with it mixed blessings for artists. On the one hand, it gave them the income to support themselves and continue to produce works. On the other hand, though, it could be very constrictive on what the artist could produce, and could even sometimes decide the quality of a work. But ultimately it can be said that the art patronage allowed the Renaissance to be remembered as a golden age in history and a way of distinguishing the period from the Middle Ages. Patronage did effect works of art, but there is little evidence supporting a theory that it stopped the art of the time being as beautiful and expressive as it could have been.

Sunday, August 18, 2019

Essay --

Role of renewable energy sources in environmental protection. Munthir ALMoslem Student # 1001020682 Course: EES1100 Date: 9th December 2013 Area of interests The Saudi Arabia economy is highly dependent on oil exports; the country has approximately â€Å"one-fifth of the world's proven oil reserves, and it is the largest producer and exporter of oil†, producing 12 million barrels per day (Saudi Arabia Country Profile, 2013). Saudi Arabia is the biggest consumer of oil in the Middle East; in 2009, the country was ranked as the world’s 13th highest consumer of energy, of which about 60 percent was petroleum-based and the other 40 percent was natural gas (Saudi Arabia Country Profile, 2013). From all the accessible sources, the current capacity of producing energy in Saudi Arabia is about 55 gigawatts and grows by 3 gigawatts annually (Alaindroos & He, 2012). The Saudi Arabian government invests about 1,125 billion dollars to cater to its energy needs between now and 2018 (Alaindroos & He, 2012). In the year 2009 alone, the country used about 100 million barrels of oil to produce energy and this implies that they consume one q uarter of all their oil in domestic uses. The demand for electricity in Saudi Arabia is estimated to increase by 70 GW in the next twenty years (Saudi Arabia Country Profile, 2013). The current dependence on unsustainable energy sources has a different effect on the environment due to gases they emit into the atmosphere. If the country fully implements the use of sustainable sources of energy, it will help to expand the use of energy for security purposes. The use of sustainable sources of energy would lead to reduced emissions of greenhouse gases, effluents and other wastes that have a negative im... ...s. Environment, 37(9): 6-15. Maithani, P. (2008). Renewable Energy in the Global Context. New York: Concept Publishing Company. Mani. (2013). Saudi Arabia Invests $109B To Meet 1/3 Energy Needs From Renewables. ValueWalk. Retrieved from http://www.valuewalk.com/2013/07/saudi-arabia-invests-109b/ Nogee , A . , Clemmer, S. , Donovan, D. ,& Deyette, J. (2002). Clean Energy Blueprint: Increasing Energy Security, Saving Money, and Protecting the Environment with Energy Efficiency and Renewable Energy. Bulletin of Science, Technology & Society, 22(2): 100-109. Olivier, J. , Janssens-Maenhout , G. , Muntean, M. ,& Peters, J. (2013) . Trends in global CO2 emissions: 2013 Report. Retrieved from http://www.pbl.nl/sites/default/files/cms/publicaties/pbl-2013-trends-in-global-co2-emissions-2013-report-1148.pdf Saudi Arabia Country Profile. (2013). Environmental Analysis. MEED

Saturday, August 17, 2019

High School and Handball Essay

There should always be something special to you that will warm your heart when you think of it. As I sit at home everyday, I think of this special thing that will brighten my day and get me off my seat. Ever since I can remember, handball was one of the few things I never got bored of in my life. Handball to me is more than a sport or something to past time. It has been a way for me to meet new people and make new friends. It all began when I was a little kid. I would always play games and never stop even if my parents took them away. But nothing could stop me from waking up at night secretly, and playing my Game Boy until I fell asleep. Then there was that one day when my mom bought me this red bouncy ball. She told me to play with it instead of my stupid games. I listened to her, and I started playing with the ball daily. At that time, I didn’t know what this ball would bring to my life, but soon I realized. After playing countless hours, I stopped staying up late, because I was so exhausted. I didn’t just bounce the ball around my house because I was bored. Sometimes, I threw it at my house walls and smacked it back with my hand so it wouldn’t get past me. This was probably when I first started doing something similar to what we know as â€Å"handball. † As I was a teenager, there was this park across the street from my junior high school. The park was quite big and was called Seth Low Park. I remember one day, during 6th grade, a friend of mine, named Nabeel asked me if I wanted to play handball with him after school at Seth Low Park. Excitedly, I told him that I would love to, but I didn’t know how to play. He didn’t mind, so after school that day, I went to play with him. He told me that all I had to do was hit the ball to the wall with my hands. I was eager to try this sport, so I practiced with him every day. He noticed that I was a quick learner and asked me if I ever played handball before. I told him I used to smack a ball around at home and he commented on how well I could return the ball to the wall. I didn’t know what to say. This was my first time playing, and it seemed like I was a better player than he was. I guess I really was born to be a handball player. As years went by, the only thing that I cared about was school and handball. Whenever I stressed from school or wanted to feel free and away from work, I would put on my shorts and run out to play. Nothing matters to me when I step on the court. I forget everything and just concentrate on my game. My love for handball was so great that when the sun had set and the sky was dark, I was still at the park swinging away my arm. Sometimes my arm began to hurt after playing for several hours but I continued to play, ignoring the pain. Even with these side effects, handball has helped me improve my reflexes and increased my stamina. Even to this day I still play handball. My present reflects my past on how I play. I keep getting better and better and every once in a while I meet new people, who are even better than me or people who play around my level. And as I get better, I helped them realize their mistakes and flaws which made me a better player as well. When I have a hard game, I feel challenged and it’s a wonderful feeling when you step on a court with another good player. When I win, it feels even better but when I lose I know I tried my best. However, as I played more and more handball, I realized I had a gift in this sport. I couldn’t wait to play in real competition in high school. Apparently, I realized I was better then a lot of people, so I tried out for the Madison handball team. I was really surprised when I got in because I had to play against the top players in the school. I was so sure that I would not make the cut, but I did and I was really excited. I couldn’t wait for the 1st practice and see how good the team was. After a few days of practice, I realized there were a lot of good players on the team. This motivated me to practice harder and get better at the sport. In the future, I hope I will have enough time to continue playing handball. It has had a huge impact on my life and I will never forget about it. It is both a great sport, and a friend to me that has helped me through rough times. When I did not know what to do, I turned to handball. It takes my mind off problems and most importantly, when I need it, its there. Meeting new people through handball and becoming friends with them is a wonderful thing. There is always something to share with them and they are always there at the handball courts with you. Handball will always have a special place in my life because without it, I would be another boring person.

Research Design and Methodology Essay

Method of Research This Study will use the Experimental method of research.The experimental method involves manipulating one variable to determine if changes in one variable cause changes in another variable. This method relies on controlled methods, random assignment and the manipulation of variables to test a hypothesis. The researchers decided to use experimental method because it is the most suited kind of method of research for our Investigatory Project which is involves creating a new product. Respondents of the study The respondents of our study are the 1st year students of Roosevelt College Rodriguez School Year 2012 – 2013. The researchers decided to use the 1st year students because they are the youngest among the high school students, proving that they are the ones that are most obedient and cooperative students. The researchers used 5 neighbor are chosen as respondens. Locale of the Study The study was conducted at the Roosevelt College Rodriguez, in the high school department. Roosevelt College Rodriguez is a private non-sectarian high school which is located at Manggahan, Rodriguez Rizal. It was established in 1962 and it is one of the branches of Roosevelt College System. It is a three-story building which has 53 well-ventilated and well-lighted rooms. Roosevelt College Rodriguez has facilities like elderly care rooms for the care giver course. It has also fine laboratories namely three computer laboratories, in which each has approximately 25 computer units. One highly maintained speech laboratory which contains 40 cubicles and one equipment and apparatus. The school has its own air conditioned resource learning center (library) with several books that can help the students in doing researches and home works. It has an audio visual room (AVR) to be used for meetings, small sized events and presentation of videos to the students. A function hall was built recently that serves as a venue for different events/programs, seminars conducted inside the campus for the whole year round. Roosevelt College Rodriguez also has facilities like a  canteen, covered walk, basketball court, herbal garden and a wide school ground that were highly maintained and can assure the security of the students. Being managed by our beloved directress, Mrs. Carmencita V. Alcantara, Roosevelt College Rodriguez has passed the PAASCU level 1 status accredited private school and is now undertaking and complementing requirements for the level 1 PAASCU accreditation. Research Instrument The research instrument that the researchers used is a questionnaire which was made by the researchers. The questionnaire consists of 5 different questions all concerning our product, the Spinanggay Cookies. The questionnaire will be answered by checking 1 of the boxes that corresponds to the following Excellent – 5, Very Satisfactory – 4, Satisfactory – 3, Failed – 2, Poor – 1. Procedure: 1. Preheat the oven to 375 °F/190 °C 2. In a medium bowl, combine flour, salt, and baking soda. To reduce lumpiness, sift through a sifter or sieve. Gently mix these together, then set the bowl aside. 3. In a large bowl, beat the butter and sugars together, then beat in eggs and vanilla. The coarseness of the sugar granules will help break the butter down, so be sure to do these first. Then add the eggs and vanilla and mix again until completely combined. 4. Slowly add the dry ingredients from the medium bowl to the wet ingredients in the large bowl, and then add spinanggay powder. Pour some of the dry ingredients, stir, and repeat until the dry and wet ingredients are totally combined. 5. Drop spoonful of cookie dough onto a pre-greased or a lined baking sheet. Leave at least an inch of space between the cookies because they’ll spread out when they cook. You can usually fit 12 cookies on a full-sized cookie sheet at a time. 6. Bake for about 9 to 11 minutes. Remove the pan from the oven and let the cookies rest on the pan for 3-4 minutes. Seventh, using a spatula, lift cookies off and place onto wax paper or a cooling rack. Let cool for about 5 more minutes. Last, Eat when hot and steamy or cooled and slightly crisp. Experimental Design In gathering the data for our research, we conducted a survey on the 1st year students of Roosevelt College Rodriguez. The â€Å"table of random numbers† was used to identify the 30% of the 1st year students which was going to be our respondents. Before conducting the survey we passed a copy of our questionnaire to our teacher to validate the questionnaire. To conduct the survey we went to each section of the 1st year and handed out the questionnaires and a piece of the Spinanggay cookies. After answering the questionnaires, the questionnaires were returned to us for the tabulation of results to make a conclusion. Statistical Tools Weighted Mean We will use the weighted mean to rate and get the results of the questionnaire that will be given to our respondents and to make our study accurate. Table 1 represents the tally of the respondents’ answers together with the computed weighted mean and the verbal interpretation. Question 1, earned a weighted mean value of 3.00 interpreted as satisfactory. This suggests that the spinanggay cookies tastes good and the respondents liked the Spinanggay Cookies. Question 2, got a weighted mean value of 3.00 weighted mean value in table 1. It is interpreted as Very Satisfactory, showing that the respondents find it easy to observe the taste of the Malunggay and spinach while eating the cookies. Question 3, obtained a weighted mean value of 3.00, and interpreted as   Satisfactory. This shows that the respondents think that the Spinach and Malunggay tastes good when mixed together. Question 4, got a weighted mean value of 3.00, and interpreted as satisfactory,implicating that the respondents think that the Spinanggay Cookies is not too good but is good enough to sell in the market. Question 5, earned a weighted mean value of 3.00, and interpreted as Satisfactory,implicating that the Spinanggay Cookies may be as good as the commercially sold cookies.  Based on the table 1, the product is acceptable. The respondents particularly liked the taste of Spinaggay cookies. The taste of spinach and malunggay may be observed easily as it was the one with the highest weighted mean value, with 3.00 weighted mean. The lowest is 3.00 which correspond to number 4 asking if the product is ready to be sold in the market. It acquired the verbal interpretation of Satisfactory showing that the product is ready to be sold but may still be improved to increase sales if it is sold. 1. Does the Spinanggay cookies taste good? 2. Were you able to taste the spinach and Malunggay in the Spinanggay cookies? 3. Do you think that the Malunggay and Spinach in Spinanggay cookies complement each other? 4. Is the spinanggay cookies good enough to sell in the market? 5. Is the Spinanggay cookies comparable to commercially sold cookies?

Friday, August 16, 2019

Selinux

Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Note Before using this information and the product it supports, read the information in â€Å"Notices† on page 17. First Edition (August 2009)  © Copyright IBM Corporation 2009. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction . . . . . . . . . . . . . v First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server . . . . . . . . . . . . 1 Scope, requirements, and support Security-Enhanced Linux overview Access control: MAC and DAC SELinux basics. . . . . . SELinux and Apache . . . . Installing and running HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 1 2 5 5 HTTPD and context types . . . . . . . . . 5 HTTPD and SE Linux Booleans . . . . . . . 8 Configuring HTTPD security using SELinux . . . . 9 Securing Apache (static content only) . . . . . 9 Hardening CGI scripts with SELinux . . . . . 12 Appendix. Related information and downloads . . . . . . . . . . . . . 15 Notices . . . . . . . . . . . . . . 17 Trademarks . . . . . . . . . . . . . 18  © Copyright IBM Corp. 2009 iii iv Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Introduction This blueprint provides a brief introduction to basic Security-Enhanced Linux (SELinux) commands and concepts, including Boolean variables. In addition, the paper shows you how to increase the security of the Apache Web server with SELinux by using these concepts. Key tools and technologies discussed in this demonstration include security-enhanced Linux (SELinux), mandatory access control (MAC), getenforce, sestatus, getsebool, and setsebool. Intended audienceThis blueprint is intended for Linux system or network administrators who want to learn more about securing their systems with SELinux. You should be familiar with installing and configuring Linux distributions, networks, and the Apache Web server. Scope and purpose This paper provides a basic overview of SELinux, SELinux Boolean variables, and hardening Apache on Red Hat Enterprise Linux (RHEL) 5. 3. For more information about configuring RHEL 5. 3, see the documentation supplied with your installation media or the distribution Web site. For more information about SELinux, see â€Å"Related information and downloads,† on page 15.Software requirements This blueprint is written and tested using Red Hat Enterprise Linux (RHEL) 5. 3. Hardware requirements The information contained in this blueprint is tested on different models of IBM System x and System p hardware. For a list of hardware supported by RHEL 5. 3, see the documentation supplied with your Linux distribution. Author names Robert Sisk Other contributors Monza Lui Kersten Richter Robb Romans IBM Services Linux offers flexibility, options, and competitive total cost of ownership with a world class enterprise operating system.Community innovation integrates leading-edge technologies and best practices into Linux. IBM ® is a leader in the Linux community with over 600 developers in the IBM Linux Technology Center working on over 100 open source projects in the community. IBM supports Linux on all IBM servers, storage, and middleware, offering the broadest flexibility to match your business needs.  © Copyright IBM Corp. 2009 v For more information about IBM and Linux, go to ibm. com/linux (https://www. ibm. com/linux) IBM Support Questions and comments regarding this documentation can be posted on the developerWorks Security Blueprint Community Forum: http://www. bm. com/developerworks/forums/forum. jspa? forumID=1271 The IBM developerWorks ® discussion forums let you ask questions, share knowledge, ideas, and opinions about technologies and progr amming techniques with other developerWorks users. Use the forum content at your own risk. While IBM will attempt to provide a timely response to all postings, the use of this developerWorks forum does not guarantee a response to every question that is posted, nor do we validate the answers or the code that are offered. Typographic conventionsThe following typographic conventions are used in this Blueprint: Bold Identifies commands, subroutines, keywords, files, structures, directories, and other items whose names are predefined by the system. Also identifies graphical objects such as buttons, labels, and icons that the user selects. Identifies parameters whose actual names or values are to be supplied by the user. Identifies examples of specific data values, examples of text like what you might see displayed, examples of portions of program code like what you might write as a programmer, messages from the system, or information you should actually type.Italics Monospace Related ref erence: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x ® running Linux and PowerLinux. You can learn more about the systems to which this information applies. vi Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Scope, requirements, and support This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Systems to which this information applies System x running Linux and PowerLinux Security-Enhanced Linux overview Security-Enhanced Linux (SELinux) is a component of the Linux operating system developed primarily by the United States National Security Agency. SELinux provides a method for creation and enforcement of mandatory access control (MAC) policies. These policies confine users and processes to the minimal amount of privilege req uired to perform assigned tasks. For more information about the history of SELinux, see http://en. wikipedia. org/wiki/Selinux.Since its release to the open source community in December 2000, the SELinux project has gained improvements such as predefined Boolean variables that make it easier to use. This paper helps you understand how to use these variables to configure SELinux policies on your system and to secure the Apache httpd daemon. Related reference: â€Å"Scope, requirements, and support† This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Access control: MAC and DAC Access level is important to computer system security.To compromise a system, attackers try to gain any possible level of access and then try to escalate that level until they are able to obtain restricted data or make unapproved system modifications. Because each user has some level of system access, every user account on your system increases the potential for abuse. System security has historically relied on trusting users not to abuse their access, but this trust has proven to be problematic. Today, server consolidation leads to more users per system. Outsourcing of Systems Management gives legitimate access, often at the system administrator level, to unknown users.Because server consolidation and outsourcing can be financially advantageous, what can you do to prevent abuse on Linux systems? To begin to answer that question, let's take a look at discretionary access control (DAC) and mandatory access control (MAC) and their differences. Discretionary access control (DAC), commonly known as file permissions, is the predominant access control mechanism in traditional UNIX and Linux systems. You may recognize the drwxr-xr-x or the ugo abbreviations for owner, group, and other permissions seen in a directory listing. In DAC, generally the resource owner (a user) controls who has access to a resour ce.For convenience, some users commonly set dangerous DAC file permissions that allow every user on the system to read, write, and execute many files that they own. In addition, a process started by a user can modify or delete any file to which the user has access. Processes that elevate their privileges high enough could therefore modify or delete system files. These instances are some of the disadvantages of DAC.  © Copyright IBM Corp. 2009 1 In contrast to DAC, mandatory access control (MAC) regulates user and process access to resources based upon an organizational (higher-level) security policy.This policy is a collection of rules that specify what types of access are allowed on a system. System policy is related to MAC in the same way that firewall rules are related to firewalls. SELinux is a Linux kernel implementation of a flexible MAC mechanism called type enforcement. In type enforcement, a type identifier is assigned to every user and object. An object can be a file or a process. To access an object, a user must be authorized for that object type. These authorizations are defined in a SELinux policy. Let's work through some examples and you will develop a better understanding of MAC and how it relates to SELinux.Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. SELinux basics It is a good practice not to use the root user unless necessary. However for demonstrating how to use SELinux, the root user is used in the examples in this blueprint. Some of the commands shown require root privileges to run them; for example, running getenforce and editing the /etc/selinux/config file. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. Run modes You can enable or disable SELinux policy enforcement on a Red Hat Enterprise Linux system during or after operating system installation. When disabled, SELinux has no effect on the system. When enabled, SELinux runs in one of two modes: v Enforcing: SELinux is enabled and SELinux policy is enforced v Permissive: SELinux is enabled but it only logs warnings instead of enforcing the policy When prompted during operating system installation, if you choose to enable SELinux, it is installed with a default security policy and set to run in the enforcing mode.Confirm the status of SELinux on your system. Like in many UNIX or Linux operating systems, there is more than one way to perform a task. To check the current mode, run one of the following commands: getenforce, sestatus, or cat /etc/selinux/config. v The getenorce command returns the current SELinux run mode, or Disabled if SELinux is not enabled. In the following example, getenforce shows that SELinux is enabled and enforcin g the current SELinux policy: [[email  protected] ~]$ getenforce EnforcingIf your system is displaying Permissive or Disabled and you want to follow along with the instructions, change the /etc/selinux/config file to run in Enforcing mode before continuing with the demonstration. Remember that if you are in Disabled mode, you should change first to Permissive and then to Enforcing. v The setstatus command returns the current run mode, along with information about the SELinux policy if SELinux is enabled. In the following example, setstatus shows that SELinux is enabled and enforcing the current SELinux policy: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: enabled /selinux Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Current mode: Mode from config file: Policy version: Policy from config file: enforcing enforcing 21 targeted v The /etc/selinux/config file configures SELinux and controls the mode as well as the active policy. Changes to the /etc/selinux/config file become effective only after you reboot the system. In the following example, the file shows that the mode is set to enforcing and the current policy type is targeted. [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. SELINUX= can take one of these three values: # enforcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection. SELINUXTYPE=targeted To enable SELinux, you need to set the value of the SELINUX parameter in the /etc/selinux/config file to either enforcing or permissive. If you enable SELinux in the config file, you must reboot your system to start SELinux.We recommend that y ou set SELINUX=permissive if the file system has never been labeled, has not been labeled recently, or you are not sure when it was last labeled. Note that file system labeling is the process of assigning a label containing security-relevant information to each file. In SELinux a file label is composed of the user, role, and type such as system_u:object_r:httpd_sys_content_t. Permissive mode ensures that SELinux does not interfere with the boot sequence if a command in the sequence occurs before the file system relabel is completed. Once the system is up and running, you can change the SELinux mode to enforcing.If you want to change the mode of SELinux on a running system, use the setenforce command. Entering setenforce enforcing changes the mode to enforcing and setenforce permissive changes the mode to permissive. To disable SELinux, edit the /etc/selinux/config file as described previously and reboot. You cannot disable or enable SELinux on a running system from the command line; you can only switch between enforcing and permissive when SELinux is enabled. Change the mode of SELinux to permissive by entering the following command: [[email  protected] ~]$ setenforce permissiveRecheck the output from getenforce, sestatus, and cat /etc/selinux/config. v The getenforce command returns Permissive, confirming the mode change: [[email  protected] ~]$ getenforce Permissive v The sestatus command also returns a Permissive mode value: [[email  protected] ~]$sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux permissive enforcing 21 targeted v After changing the mode to permissive, both the getenforce and sestatus commands return the correct permissive mode.However, look carefully at the output from the sestatus command: [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enfo rcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. First Steps with Security-Enhanced Linux (SELinux) 3 # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection.SELINUXTYPE=targeted [[email  protected] ~]$ The Mode from config file parameter is enforcing. This setting is consistent with the cat /etc/selinux/config output because the config file was not changed. This status implies that the changes made by the setenforce command does not carry over to the next boot. If you reboot, SELinux returns to run state as configured in /etc/selinux/conf in enforcing mode. Change the running mode back to enforcing by entering the following command: [[email  protected] ~]$ setenforce enforcing The following output confirms the mode change: [[email  pr otected] ~]$ getenforce EnforcingRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Security contexts The concept of type enforcement and the SELinux type identifier were discussed in the Overview. Let's explore these concepts in more detail. The SELinux implementation of MAC employs a type enforcement mechanism that requires every subject and object to be assigned a type identifier. The terms subject and object are defined in the Bell-La Padula multilevel security model (see http://en. wikipedia. rg/wiki/Bell-La_Padula_model for more information). Think of the subject as a user or a process and the object as a file or a process. Typically, a subject accesses an object; for example, a user modifies a file. When SELinux runs in enforcing mode, a subject cannot access an object unless the type identifier assigned to the subje ct is authorized to access the object. The default policy is to deny all access not specifically allowed. Authorization is determined by rules defined in the SELinux policy. An example of a rule granting access may be as simple as: allow httpd_t httpd_sys_content_t : file {ioctol read getattr lock};In this rule, the subject http daemon, assigned the type identifier of httpd_t, is given the permissions ioctol, read, getattr, and lock for any file object assigned the type identifier httpd_sys_content_t. In simple terms, the http daemon is allowed to read a file that is assigned the type identifier httpd_sys_content_t. This is a basic example of an allow rule type. There are many types of allow rules and some are very complex. There are also many type identifiers for use with subjects and objects. For more information about rule definitions, see: SELinux by Example in the â€Å"Related information and downloads,† on page 15 section.SELinux adds type enforcement to standard Linux distributions. To access an object, the user must have both the appropriate file permissions (DAC) and the correct SELinux access. An SELinux security context contains three parts: the user, the role, and the type identifier. Running the ls command with the –Z switch displays the typical file information as well as the security context for each item in the subdirectory. In the following example, the security context for the index. html file is composed of user_u as the user, object_r as the role, and httpd_sys_content_t as the type identifier [[email  protected] html]$ ls -Z index. tml -rw-r–r– web_admin web_admin user_u:object_r:httpd_sys_content_t index. html 4 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information a pplies. SELinux and Apache Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Installing and running HTTPD Now that you have a general understanding of the SELinux security context, you can secure an Apache Web server using SELinux. To follow along, you must have Apache installed on your system. You can install Apache on Red Hat Linux by entering the following command: [[email  protected] html]$ yum install httpd Next, start the Apache http daemon by entering service httpd start, as follows: [[email  protected] html]$ service httpd start Starting httpd: Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. HTTPD and context types Red Hat Enterprise Linux 5. 3, at th e time of this writing, uses selinux-policy-2. 4. 6-203. el5. This policy defines the security context for the http daemon object as httpd_t. Because SELinux is running in enforcing mode, entering /bin/ps axZ | grep httpd produces the following output: [[email  protected] html]$ ps axZ | grep http rootroot:system_r:httpd_t 2555 ? Ss 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2593 ? S 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2594 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2595 ?S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2596 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2597 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2598 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2599 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2600 ? S 0:00 /usr/sbin/httpd The Z option to ps shows the security context for the httpd processes as root:system_r:httpd_t, confirming that httpd is running as the security type httpd_t. The selinux-policy-2. 4. 6-203. el5 also defines several file security context types to be used with the http daemon. For a listing, see the man page for httpd_selinux.The httpd_sys_content_t context type is used for files and subdirectories containing content to be accessible by the http daemon and all httpd scripts. Entering ls –Z displays the security context for items in the default http directory (/var/www/), as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 5 The /var/www/html directory is the default location for all Web server content (defined by the variable setting of DocumentRoot /var/www/html in the /etc/httpd/conf/httpd. conf http configuration file).This directory is assigned the type httpd_sys_content_t as part of its security context which allows the http daemon to access its contents. Any file or subdirectory inherits the security context of the directory in which it is created; therefo re a file created in the html subdirectory inherits the httpd_sys_content_t type. In the following example, the root user creates the index. html file in the /root directory. The index. html inherits the security root:object_r:user_home_t context which is the expected security context for root in RHEL 5. 3. [[email  protected] ~]$ touch /root/index. html [[email  protected] ~]$ ls -Z /root/index. tml -rw-r–r– root root root:object_r:user_home_t /root/index. html If the root user copies the newly created index. html file to the /var/www/html/ directory, the file inherits the security context (httpd_sys_content_t) of the html subdirectory because a new copy of the file is created in the html subdirectory: [[email  protected] ~]$ cp /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:httpd_sys_content_t /var/www/html/index. html If you move the index. html file instead of copying it, a new file is not created in the html subdirectory and index. tml retains the user_home_t type: [[email  protected] ~]$ mv -f /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:user_home_t /var/www/html/index. html When a Web browser or network download agent like wget makes a request to the http daemon for the moved index. html file, with user_home_t context, the browser is denied access because SELinux is running in enforcing mode. [[email  protected] ~]# wget localhost/index. html –21:10:00– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ onnected. HTTP request sent, awaiting response†¦ 403 Forbidden 21:10:00 ERROR 403: Forbidden. SELinux generates error messages in both /var/log/messages and /var/log/httpd/error_log. The following message in /var/log/httpd/error_log is not very helpful because it t ells you only that access is being denied: [Wed May 20 12:47:57 2009] [error] [client 172. 16. 1. 100] (13) Permission denied: access to /index. html denied The following error message in /var/log/messages is more helpful because it tells you why SELinux is preventing access to the /var/www/html/index. html file – a potentially mislabeled file.Furthermore, it provides a command that you can use to produce a detailed summary of the issue. May 20 12:22:48 localhost setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files (/var/www/html/index. html). For complete SELinux messages. run sealert -l 9e568d42-4b20-471c-9214-b98020c4d97a Entering sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 as suggested in the previous error message returns the following detailed error message: [[email  protected] ~]$ sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 Summary: SELinux is preventing the httpd from using potentially mislabeled files (/var/www /html/index. html).Detailed Description: SELinux has denied httpd access to potentially mislabeled file(s) (/var/www/html/index. html). This means that SELinux will not allow httpd to use these files. It is common for users to edit files in their home directory or tmp directories and then 6 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want httpd to access this files, you need to relabel them using restorecon -v ’/var/www/html/index. tml’. You might want to relabel the entire directory using restorecon -R -v ’/var/www/html’. Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:user_home_t Target Objects /var/www/html/index. html [ file ] Source httpd Source Path /usr/sbin/httpd Port Host loc alhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages Policy RPM selinux-policy-2. 4. 6-203. el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name localhost. localdomain Platform Linux localhost. ocaldomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 24 First Seen Fri May 15 13:36:32 2009 Last Seen Wed May 20 12:47:56 2009 Local ID 9e568d42-4b20-471c-9214-b98020c4d97a Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1242838076. 937:1141): avc: denied { getattr } for pid=3197 comm=†httpd† path=†/var/www/html/index. html† dev=dm-0 ino=3827354 scontext=root:system_r:httpd_t:s0 context=root:object_r:user_home_t:s0 tclass=file host=localhost. localdomain type=SYSCALL msg=audit(1242838076. 37:1141): arch=40000003 syscall=196 success=no exit=-13 a0=8eaa788 a1=bfc8d49c a2=419ff4 a3=2008171 items=0 ppid=3273 pid=3197 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm=†httpd† exe=†/usr/sbin/httpd† subj=root:system_r:httpd_t:s0 key=(null) Although called a summary, this output is a very detailed report that provides the necessary commands to resolve the issue. As shown below, entering /sbin/restorecon -v ’/var/www/html/index. html as suggested not only resolves the problem, but also explains how you should change the security context for the /var/www/html/index. tml file. [[email  protected] ~]$ restorecon -v ’/var/www/html/index. html’ /sbin/restorecon reset /var/www/html/index. html context root:object_r:user_home_t:s0-; root:object_r:httpd_sys_content_t:s0 The previous restorecon -v command changed the security context of /var/www/html/index. html from root:object_r:user_home_t to root:object_r:httpd_sys_content_t. With a root:object_r:httpd_sys_content_t security context, the http dae mon can now access /var/www/html/index. html. Use a Web browser or wget to make another request to the httpd daemon for the index. html file with a restored security context.This time, the request is permitted: [[email  protected] ~]# wget localhost/index. html –21:09:21– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ connected. HTTP request sent, awaiting response†¦ 200 OK Length: 0 [text/html] Saving to: ’index. html’ First Steps with Security-Enhanced Linux (SELinux) 7 [ ] 0 –. -K/s in 0s 21:09:21 (0. 00 B/s) – ’index. html’ saved [0/0] Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.HTTPD and SELinux Booleans SELinux has a set of built-in switches named Booleans or conditional policies t hat you can use to turn specific SELinux features on or off. Entering the getsebool -a | grep http command lists the 23 Booleans related to the http daemon, which are a subset of the 234 Booleans currently defined in the selinux-policy-2. 4. 6-203. el5 policy. These 23 Booleans allow you to customize SELinux policy for the http daemon during runtime without modifying, compiling, or loading a new policy. You can customize the level of http security by setting the relevant Boolean values or toggling between on and off values. [email  protected] ~]$ getsebool -a | grep http allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> on httpd_can_network_connect –> off httpd_can _network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> on httpd_disable_trans –> off httpd_enable_cgi –> on httpd_enable_ftp_server –> off httpd_enable_homedirs –> on httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> on httpd_unified –> on httpd_use_cifs –> off httpd_use_nfs –> off SELinux provides three command-line tools for working with Booleans: getsebool, setsebool, and togglesebool. The getsebool –a command returns the current state of all the SELinux Booleans defined by the policy.You can also use the command without the –a option to return settings for one or more specific Booleans entered on the command line, as follows: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on Use setsebool to set the current state of one or more Booleans by specifying the Boolean and its value. Acceptable values to enable a Boolean are 1, true, and on. Acceptable values to disable a Boolean are 0, false, and off. See the following cases for examples. You can use the -P option with the setsebool command to write the specified changes to the SELinux policy file. These changes are persistent across reboots; unwritten changes remain in effect until you change them or the system is rebooted. Use setsebool to change status of the httpd_enable_cgi Boolean to off: [[email  protected] ~]$ setsebool httpd_enable_cgi 0 8Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Confirm status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> off The togglesebool tool flips the current value of one or more Booleans. This tool does not have an option that writes the changes to the policy file. Changes remain in effect until changed or the system is reb ooted. Use the togglesebool tool to switch the status of the httpd_enable_cgi Boolean, as follows: [[email  protected] ~]$ togglesebool httpd_enable_cgi httpd_enable_cgi: active Confirm the status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> onRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Configuring HTTPD security using SELinux Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Securing Apache (static content only) The default Red Hat Enterprise Linux 5. 3 installation with SELinux running in enforcing mode provides a basic level of Web server security. You can increase that security level with a little effort.Because security is related to the function of the system, let's start with a Web server that only serves static content from the /var/www/html directory. 1. Ensure that SELinux is enabled and running in enforcing mode: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux enforcing enforcing 21 2. Confirm that httpd is running as type httpd_t: [[email  protected] html]$ /bin/ps axZ root:system_r:httpd_t 2555 ? root:system_r:httpd_t 2593 ? root:system_r:httpd_t 2594 ? root:system_r:httpd_t 2595 ? root:system_r:httpd_t 2596 ? root:system_r:httpd_t 2597 ? root:system_r:httpd_t 2598 ? root:system_r:httpd_t 2599 ? root:system_r:httpd_t 2600 ? grep http Ss 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd 3. Confirm that the /var/www/html directory is assigned the httpd_sys_content_t con text type: [[email  protected] ~]$ ls -Z /var/www/ drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_content_t error drwxr-xr-x root root root:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 9 drwxr-xr-x drwxr-xr-x drwxr-xr-x root root root:object_r:httpd_sys_content_t icons root root root:object_r:httpd_sys_content_t manual webalizer root root:object_r:httpd_sys_content_t usage 4.Confirm that the content to be served is assigned the httpd_sys_content_t context type. For example: [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root root:object_r:httpd_sys_content_t /var/www/html/index. html Use a Web browser or wget to make a request to the httpd daemon for the index. html file and you should see that permission is granted. To increase the level of protection provided by SELinux, disable any httpd-related features that you do not want by turning off their corresponding Boolean. By default, the following six Boolean are set to on. If you do not need these features, turn them off by setting their Boolean variables to off. [email  protected] ~]# getsebool -a|grep http|grep â€Å"–> on† httpd_builtin_scripting –> on httpd_can_sendmail –> on httpd_enable_cgi –> on httpd_enable_homedirs –> on httpd_tty_comm –> on httpd_unified –> on httpd_can_sendmail If the Web server does not use Sendmail, turn this Boolean to off. This action prevents unauthorized users from sending e-mail spam from this system. httpd_enable_homedirs When this Boolean is set to on, it allows httpd to read content from subdirectories located under user home directories. If the Web server is not configured to serve content from user home directories, set this Boolean to off. httpd_tty_comm By default, httpd is allowed to access the controlling terminal.This action is necessary in certain situations where httpd must prompt the user for a password. If the Web server does not require this feature, set the Boolean to off. httpd_unified This Boolean affects the transition of the http daemon to security domains defined in SELinux policy. Enabling this Boolean creates a single security domain for all http-labeled content. For more information, see SELinux by Example listed under the â€Å"Related information and downloads,† on page 15 section. httpd_enable_cgi If your content does not use the Common Gateway Interface (CGI) protocol, set this Boolean to off. If you are unsure about using CGI in the Web server, try setting it to off and examine the log entries in the /var/log/messages file.The following example shows an error message from /var/log/messages resulting from SELinux blocking httpd execution of a CGI script: May 28 15:48:37 localhost setroubleshoot: SELinux is preventing the http daemon from executing cgi scripts. For complete SELinux messages. run sealert -l 0fdf4649-60df -47b5-bfd5-a72772207adc Entering sealert -l 0fdf4649-60df-47b5-bfd5-a72772207adc produces the following output: Summary: SELinux is preventing the http daemon from executing cgi scripts. Detailed Description: SELinux has denied the http daemon from executing a cgi script. httpd can be setup in a locked down mode where cgi scripts are not allowed to be executed. If the httpd server has been setup to not execute cgi scripts, this could signal a intrusion attempt.Allowing Access: If you want httpd to be able to run cgi scripts, you need to turn on the httpd_enable_cgi Boolean: â€Å"setsebool -P httpd_enable_cgi=1†³ 10 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server The following command will allow this access: setsebool -P httpd_enable_cgi=1 Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:httpd_sys_script_exec_t Target Objects /var/www/cgi-bin [ dir ] Source httpd Source Path httpd Port Hos t localhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages httpd-2. 2. 3-22. el5 Policy RPM selinux-policy-2. 4. 6-203. l5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name httpd_enable_cgi Host Name localhost. localdomain Platform Linux localhost. localdomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 1 First Seen Thu May 28 15:48:36 2009 Last Seen Thu May 28 15:48:36 2009 Local ID 0fdf4649-60df-47b5-bfd5-a72772207adc Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1243540116. 963:248): avc: denied { getattr } for pid=2595 comm=†httpd† path=†/var/www/cgi-bin† dev=dm-0 ino=5527166 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir host=localhost. localdomain type=SYSCALL msg=audit(1243540116. 63:248): arch=40000003 syscall=196 success=no exit=-13 a0=8bd0a88 a1=bfc790bc a2=4 d0ff4 a3=2008171 items=0 ppid=2555 pid=2595 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=†httpd† exe=†httpd† subj=root:system_r:httpd_t:s0 key=(null) At the end of the previous output, listed under the Raw Audit Messages are these lines: â€Å"scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir† This output shows you that httpd attempted to access a subdirectory with the httpd_sys_script_exec_t context type. This type is the context type of /var/www/cgi-bin, the directory where httpd looks for CGI scripts. The httpd daemon, with a httpd_t context type, was unable to access this subdirectory because the httpd_enable_cgi variable is set to off.With this configuration, SELinux does not allow a user or process of type httpd_t to access a directory, file, or process of type httpd_sys_script_exec_t. Therefore, the http daemon was denied access to the CGI script located in /var/www/cgi-bin. If you find similar messages in your log file, set the httpd_enable_cgi Boolean to on. httpd_builtin_scripting If you did not configure Apache to load scripting modules by changing the /etc/httpd/conf/ httpd. conf configuration file, set this Boolean to off. If you are unsure, turn httpd_builtin_scripting to off and check the /var/log/messages file for any httpd-related SELinux warnings. See the description of httpd_enable_cgi for an example. PHP and other scripting modules run with the same level of access as the http daemon.Therefore, turning httpd_builtin_scripting to off reduces the amount of access available if the Web server is compromised. To turn off all six of these Booleans and write the values to the policy file by using the setsebool -P command follow these steps: 1. Enter the setsebool -P command: First Steps with Security-Enhanced Linux (SELinux) 11 [[email  protected] ~]# setsebool -P httpd_can_sendmail=0 httpd_enable_homedirs =0 httpd_tty_comm=0 httpd_unified=0 httpd_enable_cgi=0 httpd_builtin_scripting=0 2. Check all the Boolean settings related to httpd by entering getsebool –a | grep httpd. The following output shows that all Boolean are set to off, including the six previously described variables which default to on. [email  protected] ~]$ getsebool -a | grep httpd allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> off httpd_can_network_connect –> off httpd_can_network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> off httpd_disable_trans –> off httpd_enable_cgi –> off httpd_enable_ftp_server –> off httpd_enable _homedirs –> off httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> off httpd_unified –> off httpd_use_cifs –> off httpd_use_nfs –> off 3. Use a Web browser or wget to make another request to the httpd daemon for the index. html file and you should succeed. Rebooting your machine does not change this configuration. This completes the necessary basic SELinux settings for hardening a Web server with static content. Next, look at hardening scripts accessed by the http daemon. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Hardening CGI scripts with SELinux In the previous section, you used SELinux Booleans to disable scripting because the Web server used only static content. Beginning with that configuration, you can enable CGI scripting and use SELinux to secure the scripts. 1. Confirm that your Web server is configured as described in section â€Å"Securing Apache (static content only)† on page 9. 2. Red Hat Enterprise Linux provides a CGI script that you can use for testing. You can find the script at /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. cgi. Copy this script to the /var/www/cgi-bin/ directory, as follows: [[email  protected] ~]$ cp /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. gi /var/www/cgi-bin/ 3. Make sure that the first line of the tryit. cgi script contains the correct path to the perl binary. From the which perl output shown below, the path should be changed to ! #/usr/bin/perl. [[email  protected] ~]# which perl /usr/bin/perl [[email  protected] ~]# head -1 /var/www/cgi-bin/tryit. cgi #! /usr/local/bin/perl 4. Confirm that /var/www/cgi-bin is assigned the httpd_sys_script_exec_t context type as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin 12 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server 5.Allow and confirm read and execute permission for the tryit. cgi script to all users: [[email  protected] cgi-bin]# chmod 555 /var/www/cgi-bin/tryit. cgi [[email  protected] cgi-bin]# ls -Z -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t tryit. cgi 6. Confirm that /var/www/cgi-bin/tryit. cgi is assigned the httpd_sys_script_exec_t context type: [[email  protected] ~]$ ls -Z /var/www/cgi-bin/tryit. cgi -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/tryit. cgi 7. Enable CGI scripting in SELinux and confirm that it is enabled: [[email  protected] cgi-bin]$ setsebool httpd_enable_cgi=1 [[email  protected] cgi-bin]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on 8.Open a Web browser and type the Web server address into the location bar. Include the /cgi-bin/tryit. cgi in the URL. For example, type http://192. 168. 1. 100/cgi-bin/tryit. cgi. The tryit. cgi script should return output similar to Figure 1: Figure 1. Figure 1: A Simple Example 9. Provide test answers to the form fields and click Submit Query. The tryit. cgi script should return output similar to Figure 2: First Steps with Security-Enhanced Linux (SELinux) 13 Figure 2. Figure 2: A Simple Example with results Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. 14Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Appendix. Related information and downloads Related information v Wikipedia: Security-Enhanced Linux http://en. wikipedia. org/wiki/Selinux v Bell-La Padula model http://en. wikipedia. org/wiki/Bell-La_Padula_model v NSA Security-Enhanced Linux http://www. nsa. gov/research/selinux /index. shtml v Managing Red Hat Enterprise Linux 5 presentation http://people. redhat. com/dwalsh/SELinux/Presentations/ManageRHEL5. pdf v developerWorks Security Blueprint Community Forum http://www. ibm. com/developerworks/forums/forum. jspa? forumID=1271 v Red Hat Enterprise Linux 4: Red Hat SELinux Guide http://www. linuxtopia. rg/online_books/redhat_selinux_guide/rhlcommon-section-0055. html v F. Mayer, K. MacMillan, D. Caplan, â€Å"SELinux By Example – Using Security Enhanced Linux† Prentice Hall, 2007 Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.  © Copyright IBM Corp. 2009 15 16 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Notices This information was developed for products and services offered in the U. S. A. IBM may not offer the products, s ervices, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents.You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U. S. A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION â€Å"AS IS† WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other progr ams (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Dept. LRAS/Bldg. 903 11501 Burnet Road Austin, TX 78758-3400 U. S. A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.  © Copyright IBM Corp. 2009 17 For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Informatio n concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an ac tual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm. com ® are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( ® and â„ ¢), these symbols indicate U. S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www. ibm. com/legal/copytrade. html Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others. 18 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Printed in USA