Monday, 10 October 2016

XRDP in centos7: installation, enabling it and setting port for reconnecting a previous session

RDP is more efficient and has better performing than VNC and probably is more secure.


The adventage of x11vnc is that you have the same desktop that is open in your workstation and two persons can share the screen. The cons is that you need to have a logged user in the Xs before using it. If you restart the machine then you need to do some tricks to us x11vnc as root to be able to go to the splash window.

XRDP is better but by default you open different sessions each time and is not trivial how to get the current session active in your workstation.

Anyway, if you use Centos7 you will have probles usig XRDP because there are some issues with selenux (the security system for applications in redhat)

XRDP can be installed from EPEL repo (the essential extra packages).
# install EPEL repo
$ sudo yum install epel-release
$ sudo yum update

# install XRDP
$ sudo yum install xrdp tigervnc-server

After installing, activate the service
 $ sudo systemctl enable xrdp.service
Confirm that XRDP is runing
# netstat -antup | grep xrdp
tcp        0      0  *               LISTEN      1508/xrdp
tcp        0      0*               LISTEN      1507/xrdp-sesman
But the job is not finished. By default XRDP listen to 3389 but this service is not allowed to listen to this port by default. You need to fix security and firewall to allow XRDP listen to 3389 (selenux) and allow external connections to 2289 (firewall)
# allow selemux (use one of the two options. Option 2 is prefered) 
## option 1
$ sudo chcon --type=bin_t /usr/sbin/xrdp
$ sudo chcon --type=bin_t /usr/sbin/xrdp-sesman

## option 2
$ sudo semanage fcontext -a -t bin_t /usr/sbin/xrdp
$ sudo semanage fcontext -a -t bin_t /usr/sbin/xrdp-sesman
$ sudo restorecon -v /usr/sbin/xrdp*

# using chcon updates the SELinux context temporarily until the next relabelling.
# A permanent method is to use semanage and restorecon

# allow firewall for external connections (just in case is not open by default)
$ sudo firewall-cmd --permanent --zone=public --add-port=3389/tcp
$ sudo firewall-cmd --reload 


The config file is in /etc/xrdp/xrdp.ini
The port by default is 3389 and you can change here:
# xrdp.ini file version number


And the setting for reconnecting to the previous session is in section "[XRDP1]" for port attribute. Set to ask-1

ask would ask you for a port in the log in. If no port given, with the -1 a new one is assigned

If you can remember the current port for your session see next section

How to find the current XRDP session port

You could login a ssh session and find out the number by
netstat -tulpn | grep vnc
and you will get something like the following
tcp        0      0*               LISTEN      5365/Xvnc
and then you know 5910 was the port you connected to.

More infor about XRDP and X11vnc and vnc links can be found at

Saturday, 13 February 2016

Choosing the right dark theme in R studio

Rstudio Dark Themes

Seems that Iddle fingers, Mervibore soft,Twilight and Tomorrow Night have the softest color schema with good contrast for comments and not to bright colours for the long coding nights ahead. I like the comments in italic and with not a prominent color (I want to keep my attention at the code) so Twilight is my current chose.

All dark themes in R-studio


Sunday, 31 January 2016

Installing mysqlworkbench and mysql utils in MacOSX Yosemite

Installing MySQL, mysqlworkbench and mysql-utils in Yosemite

For installing things like *nix in MacOSX I use homebrew.

Homebrew is fantastic for installing tar.gz files in textual way, but there are some packages that are only in .dmg format and you need to use a package manager that knows how to install this GUI based installers. This package manager is homebrew cask (caskroom project)

First you need to install mysql

$ brew install mysql
$ mysql.server start 
# and optionaly make it more secure
$ mysql_secure_installation

Then you need to 'tap' the cask project and then get your 'cask' before 'pouring' it.

$ brew tap caskroom/cask
# optional
$ brew install homebrew/completions/brew-cask-completion

## install workbench and utils

$ brew cask install mysqlworkbench
# mysqlworkbench staged at '/opt/homebrew-cask/Caskroom/mysqlworkbench/6.3.6'
# Symlinking App '' to '/Users/pmg/Applications/'

$ brew cask install mysql-utilities
# mysql-utilities staged at '/opt/homebrew-cask/Caskroom/mysql-utilities/1.5.6'

Note that workbench is symlinked to your home apps not the main Application folder


Launch it and you will get this window with the MySQL Utils icon at the top right

When you click in the MySQL Utilities.... OPS!! it does not work!

MySQL Utils launch a console and the error message is

$ mysqluc -e "help utilities"
ERROR: The MySQL Connector/Python module was not found. MySQL Utilities requires the connector to be installed. Please check your paths or download and install the Connector/Python from

OK, lets find the connector googleing it. And find it

[EDIT] I have just missed that the mysql-connector-python is also in cask and you can install with `brew cask install mysql-connector-python` BUT IT DID NOT WORK FOR ME

$ brew search mysql
automysqlbackup                    mysql                             mysql++                            mysql-cluster                      mysql-connector-c                  mysql-connector-c++                mysql-sandbox                      mysql-search-replace               mysqltuner                       
homebrew/php/php53-mysqlnd_ms                       homebrew/php/php55-mysqlnd_ms                       homebrew/versions/mysql51                           homebrew/versions/mysql56                           Caskroom/cask/mysql-utilities                       Caskroom/cask/navicat-for-mysql                   
homebrew/php/php54-mysqlnd_ms                       homebrew/php/php56-mysqlnd_ms                       homebrew/versions/mysql55                           Caskroom/cask/mysql-connector-python                Caskroom/cask/mysqlworkbench                      

$ brew cask install mysql-connector-python
Error: No available Cask for mysql-connector-python
Error: nothing to install

at but instead of selecting Mac choose "platform independent"

choose download and and then copy the link from "no thanks, just start download"

Go back to your shell and download it (you can do it in the mysql-utils dir just to have all together)

$ cd /opt/homebrew-cask/Caskroom/mysql-utilities/
$ wget
$ tar -zxvf mysql-connector-python-2.1.3.tar.gz
$ cd mysql-connector-python-2.1.3/

# install for both python
$ sudo python ./ install
$ sudo python3 ./ install
</ pre>

Now when you click in the MySQL-Utils you have a working connection and you see this in the launched terminal


I have tried to install the connector from python using pip but it did not work due a problem with ConfigParser. I did not investigate it further because I have already a working solution.

        $ pip3 install MySQL-python
        Collecting MySQL-python
          Downloading (108kB)
            Complete output from command python egg_info:
            Traceback (most recent call last):
              File "<string>", line 20, in <module>
              File "/private/var/folders/m0/spbgfzvd17jdfqgx90w1_hx40000gn/T/pip-build-0nif_qmi/MySQL-python/", line 13, in <module>
                from setup_posix import get_config
              File "/private/var/folders/m0/spbgfzvd17jdfqgx90w1_hx40000gn/T/pip-build-0nif_qmi/MySQL-python/", line 2, in <module>
                from ConfigParser import SafeConfigParser
            ImportError: No module named 'ConfigParser'

        Command "python egg_info" failed with error code 1 in /private/var/folders/m0/spbgfzvd17jdfqgx90w1_hx40000gn/T/pip-build-0nif_qmi/MySQL-python
        You are using pip version 7.1.2, however version 8.0.2 is available.
        You should consider upgrading via the 'pip install --upgrade pip' command.
        $ pip3 install ConfigParser
        Collecting ConfigParser
          Downloading configparser-3.3.0r2.tar.gz
            Complete output from command python egg_info:
            Traceback (most recent call last):
              File "<string>", line 3, in <module>
              File "/usr/local/lib/python3.5/site-packages/setuptools/", line 5, in <module>
                import distutils.core
              File "/usr/local/Cellar/python3/3.5.0/Frameworks/Python.framework/Versions/3.5/lib/python3.5/distutils/", line 18, in <module>
                from distutils.config import PyPIRCCommand
              File "/usr/local/Cellar/python3/3.5.0/Frameworks/Python.framework/Versions/3.5/lib/python3.5/distutils/", line 7, in <module>
                from configparser import ConfigParser
              File "/private/var/folders/m0/spbgfzvd17jdfqgx90w1_hx40000gn/T/pip-build-0ouo8j8z/ConfigParser/", line 397
                _KEYCRE = re.compile(ur"%\(([^)]+)\)s")
            SyntaxError: invalid syntax


Wednesday, 15 October 2014

new security vulnerability called POODLE

There Is a New Security Vulnerability Named POODLE, and It Is Not Cute:

POODLE affects SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the recent Heartbleed and Shellshock vulnerabilities, but POODLE could allow an attacker to hijack and decrypt the session cookie that identifies you to a service like Twitter or Google, and then take over your accounts without needing your password.

According to the team's Bodo Möller: "This vulnerability allows the plaintext of secure connections to be calculated by a network attacker."

This is a client security hole. This is a vulnerability in the old SSLv3 (relaying in 80's code), but even if you have all set for using TLS, in many applications the server can trick you to downgrade to SSL and then it can stole you some security cookies.

This vulnerability is a risk in public wifi but not at home or work.


Mozilla says that it is making Firefox 34 safe from POODLE by disabling SSL 3.0 by default. The code which does this is already baked into the Nightly channel, and will make its way to the Aurora and Beta channels also "in the next few weeks".

MicroSoft Advisory and Workarounds:
This workaround involves Group Policy Editor. For those using versions of Windows that don't include GPE simply go to Control Panel/Internet Options/Advanced/Security and uncheck the box for SSL 3.0 (SSL 2.0 should already be unchecked).

Thursday, 7 August 2014

Ubuntu 14.04 new Ibus is interfering with default emacs keybinding control-space

In emacs you select text marking a starting selection point with control-space. This is a fundamental key binding in emacs. Now in the new version of Ubuntu (14.04) the default service for controlling multilingual input in linux has been changed to Ibus. The issue is that Ibus default key binding to control-space.

If you want to use emacs you probably should change this to something else. Go to a terminal and write 'ibus-setup' and at the right of the input method line you will find three dots '...' click there and change your key binding to Ibus pressing in the three dots in the key code line and then clik in disable. The text will change to 'new accelerator', press your combination of keys and you are done. I have changed mine to super-alt-space (super is the windows key).

Thursday, 27 February 2014

perl gzip libraries (probably zlib issue) does not play well with bgzip files.

In bioinformatcis, bgzip files are important for random access to big files . Bgzip is a program modified from gzip program that uses block compression and is fully backwards compatible with gzip. But I have issues when using bgzip compressed vcf files with Perl scripts that uses IO::Uncompress::Gunzip (that I believe it uses zlib under the hood). A similar problem happen to my recently with snpeff program (Java). In both cases the data is decompressed but truncated after a few hundred lines aprox. I could be totally wrong but I was wondering if zlib (or whatever gzip compatible library they are using) is getting confused with the bgzip bloks and only processing one or a few of them leaving the output incomplete. perl code that does not work:

#!/usr/bin/env perl
use strict;
use IO::Uncompress::Gunzip qw(gunzip $GunzipError) ;

my $infile = shift;
my $infh = IO::Uncompress::Gunzip->new( $infile ) 
         or die "IO::Uncompress::Gunzip failed: $GunzipError\n";
my $line_count = 0;
while (my $line=<$infh>){

print "total lines read = $line_count\n";
This gives 419 lines
    $ perl /home/pmg/tmp/ varsit.vcf.gz
    total lines read = 419
but using open with gzip pipe works:
    #!/usr/bin/env perl
    use strict;
    # I can use bgzip intead gzip
    my $infile = shift;

    open(my $infh , 'gzip -dc '.$infile.' |'); 
    my $line_count = 0;
    while (my $line=<$infh>){

    print "total lines read = $line_count\n"; 
Gives the expected number of lines
    $ perl /home/pmg/tmp/ varsit.vcf.gz
    total lines read = 652829
I googled about and I was unable to find quickly any relevant entry, but this is something that I am sure other people would have already faced. Do someone have a clue about why is this happening? I am using ubuntu 12.04.4 with perl 5.16

[UPDATE 2014-02-28]: finally a clue come from biostars where Heng Li remind me a footnote in the SAM specs about a java library for gzip that only sees first block of bgzip when decompressing. Seems that Perl gzip implementations had the same problem.

Monday, 24 February 2014

automatic encrypting decrypting with emacs

I have been for long time wondering if there was a way to automatically encrypt and decrypt files when accessing them, not leaving an unencrypted file around.

Today I have an epiphany: "let's see if emacs can do that". As an emacs power user I felt as an idiot. Emacs has in the core this ability since emacs 23!! and I never realized about it :-(.

Emacs has incorporated the EasyPG code into its core.

 Things can not be more easy. Put in your .emacs

(require 'epa-file)

;; as it is annoying to be asked if I want passphrase or publick/private key
;; I set passphrase as default
(setq epa-file-select-keys nil)

I also would like to have a gpg agent cache. In ubuntu 12.04 the package is called gnupg-agent

sudo apt-get install gnupg-agent
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  libassuan0 pinentry-gtk2
Suggested packages:
The following NEW packages will be installed:
  gnupg-agent libassuan0 pinentry-gtk2
0 upgraded, 3 newly installed, 0 to remove and 1 not upgraded.  

Now you only need to open a file ended with .gpg and automatically emacs would ask you for the pasword for decryption and again for saving. No unencrypted temporary files are stored, or at least I am not aware of them.

Tuesday, 20 August 2013

Reducing batch effects in methylation analysis

In our sequencing facility we have processed 4 illumina 450K methylation chips for the same study at 2 diferent times. We took care of spreading case and controls among all the chips. We can see a clear time-of-processing batch effect:

The chips were run in two different days one month apart. first 24 samples and then the other 24 samples.

The negative controls of the second batch  have a wider range.

And wen looking at the MDS and PCA we can see that the main parameter for grouping samples is the run day (the two chips starting with 835... where done the same day and the other two another day)

I have used the nice rnbeads R package for reporting the batch effects.

Now I am exploring two methods of correcting the batch effect:
  1.   limma using the batch date as block effect
    • design <- model.matrix(~Block+Treatment)
  2. ComBat in the R SVA package for correcting this
I will post the results soon. Meanwhile any comment for dealing with batch effects in 450K chips is more than wellcome.

Tuesday, 2 July 2013

where is vnc viewer vinagre storing its history of connections?

not easy to find manually so I did

find ~/ -name vinagre


analysis[~] cat .local/share/vinagre/history

unbuntu 12.10 install hangs in first boot 'waiting for battery status'. Seems it was a problem with my graphics card.

I have two new i7 servers and I installed ubuntu 12.10. Unfortunately after installation (without network) both of them did not started the Xs and stoped with a message ''waiting for battery status". After googling for answers for this issue, I saw that many of the solutions either fixed it feedling with the display manager or Xauthorities or Xorgs or simply being practical and starting a Xserver from ctr-alt-f1 but for some users none of these actions fixed the problem.

Seems that all solutions are related with the Xs or display. In my case both computers have an Asus GForce 210 graphical card but I have a third identical server without the card has no problem. So my first guess was a possible issue with the linux drivers for the card. So first solution was to go to the BIOS and change the GPU to iGPU (the integrated one). Voilà, the machine boots into graphical mode with no problem.

Once I obtained the IP for my mac address, I upgraded (on computer only upgrade, and the odter dist-upgrade to 13.04) and now I am able to boot correctly using my PCI GPU card from both computers.

So if you find this problem (that seems not so rare, but I have never seen before and I have intalled a lot of ubuntus in a lot of machines since the 'noname-distribution'), before doing other things try to upgrade your computer to the same or  a newer distro. If none of the web suggestions fix the problem you can always try to use your integrated GPU o change your graphics card.