Re: RavKav Online

[Amos Shapira]

I registered by Opal cards on the web site so it's possible to refill
online without a card reader.
If I haven't registered them then I can only refill them in a store with a
card reader.
(registering online also allows me to get auto-refill and have the credit
insured and reimbursed in case I report the card lost).
Are you saying that all users who want to refill by themselves have to own
a card reader?

On 8 March 2017 at 19:59, Efraim Flashner <efr...@flashner.co.il> wrote:

> $ ldd ravkavonline/usr/bin/ravkavonline
> linux-vdso.so.1 (0x7fffaf2df000)
> libpcsclite.so.1 => /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
> (0x7f665b623000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x7f665b406000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f665b068000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x7f665ae64000)
> librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1
> (0x7f665ac5c000)
> /lib64/ld-linux-x86-64.so.2 (0x5567dfd74000)
>
> libpcsc-lite.so.1 works with a smart-card reader. I have no idea where
> linux-vdso.so.1 is from, but the rest can be found in glibc (and with
> the license text suggesting the program is written in GO). I haven't
> checked out opal.com.au, but does it allow refilling your card from the
> website without a card reader?
>
>
> On Wed, Mar 08, 2017 at 03:21:05PM +1100, Amos Shapira wrote:
> > Why do they need a client anyway?
> > What does the special client do that a browser can't?
> >
> > I suppose the parallel here in Sydney is https://www.opal.com.au/ and it
> > all works from the browser.
> > Even the "mobile support" is just a mobile view of the same web site at
> > https://m.opal.com.au/
> >
> > On 8 March 2017 at 05:53, Daniel Shahaf <d...@daniel.shahaf.name> wrote:
> >
> > > Efraim Flashner wrote on Tue, Mar 07, 2017 at 14:56:17 +0200:
> > > > grumble grumble .deb only.
> > >
> > > It's a binary blob:
> > >
> > > % find
> > > .
> > > ./usr
> > > ./usr/bin
> > > ./usr/bin/ravkavonline
> > > ./usr/share
> > > ./usr/share/doc
> > > ./usr/share/doc/ravkavonline
> > > ./usr/share/doc/ravkavonline/LICENSE.txt
> > > ./usr/share/doc/ravkavonline/changelog.gz
> > > ./usr/share/applications
> > > ./usr/share/applications/ravkavonline.desktop
> > > % file usr/bin/ravkavonline
> > > usr/bin/ravkavonline: ELF 64-bit LSB executable, x86-64, version 1
> (SYSV),
> > > dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for
> GNU/Linux
> > > 2.6.32, BuildID[sha1]=3b16f56a9473ef060b60c7ae071ec861bb78e9ad,
> stripped
> > > % zcat ./usr/share/doc/ravkavonline/changelog.gz | wc -l
> > > 0
> > > %
> > >
> > > So yeah, it's a step in the right direction, but they have a lot of
> room
> > > for improvement.
> > >
> > > Somebody should reach out and ask them to improve things for 1.2.0.
> > >
> > > Cheers,
> > >
> > > Daniel
> > >
> > >
> > > > Still happy that we're at least represented.
> > > >
> > > >
> > > > On Tue, Mar 07, 2017 at 10:21:42AM +0200, Yehuda Deutsch wrote:
> > > > > Thanks,
> > > > >
> > > > > They finally identify the OS correctly in the website.
> > > > >
> > > > > Yehuda
> > > > >
> > > > > --
> > > > > *Yehuda Deutsch | IT Developer*
> > > > >
> > > > > On Tue, Mar 7, 2017 at 12:08 AM, Dimid Duchovny <dim...@gmail.com>
> > > wrote:
> > > > >
> > > > > > Just noticed this:
> > > > > > https://ravkavonline.co.il/releases/linux/
> > > > > >
> > > > > > 2016-02-15 22:38 GMT+02:00 Amichai Rotman <amic...@iglu.org.il>:
> > > > > >
> > > > > >> Great Job, Yaron!
> > > > > >>
> > > > > >> Thanks!
> > > > > >>
> > > > > >> 2016-02-15 10:06 GMT+02:00 Yaron de Leeuw <jdlm...@gmail.com>:
> > > > > >>
> > > > > >>> Hi.
> > > > > >>>
> > > > > >>> I have managed to get it working on ArchLinux, and adapting the
> > > solution
> > > > > >>> to
> > > > > >>> other distributions sho

Re: RavKav Online

[Amos Shapira]

Why do they need a client anyway?
What does the special client do that a browser can't?

I suppose the parallel here in Sydney is https://www.opal.com.au/ and it
all works from the browser.
Even the "mobile support" is just a mobile view of the same web site at
https://m.opal.com.au/

On 8 March 2017 at 05:53, Daniel Shahaf  wrote:

> Efraim Flashner wrote on Tue, Mar 07, 2017 at 14:56:17 +0200:
> > grumble grumble .deb only.
>
> It's a binary blob:
>
> % find
> .
> ./usr
> ./usr/bin
> ./usr/bin/ravkavonline
> ./usr/share
> ./usr/share/doc
> ./usr/share/doc/ravkavonline
> ./usr/share/doc/ravkavonline/LICENSE.txt
> ./usr/share/doc/ravkavonline/changelog.gz
> ./usr/share/applications
> ./usr/share/applications/ravkavonline.desktop
> % file usr/bin/ravkavonline
> usr/bin/ravkavonline: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
> dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux
> 2.6.32, BuildID[sha1]=3b16f56a9473ef060b60c7ae071ec861bb78e9ad, stripped
> % zcat ./usr/share/doc/ravkavonline/changelog.gz | wc -l
> 0
> %
>
> So yeah, it's a step in the right direction, but they have a lot of room
> for improvement.
>
> Somebody should reach out and ask them to improve things for 1.2.0.
>
> Cheers,
>
> Daniel
>
>
> > Still happy that we're at least represented.
> >
> >
> > On Tue, Mar 07, 2017 at 10:21:42AM +0200, Yehuda Deutsch wrote:
> > > Thanks,
> > >
> > > They finally identify the OS correctly in the website.
> > >
> > > Yehuda
> > >
> > > --
> > > *Yehuda Deutsch | IT Developer*
> > >
> > > On Tue, Mar 7, 2017 at 12:08 AM, Dimid Duchovny 
> wrote:
> > >
> > > > Just noticed this:
> > > > https://ravkavonline.co.il/releases/linux/
> > > >
> > > > 2016-02-15 22:38 GMT+02:00 Amichai Rotman :
> > > >
> > > >> Great Job, Yaron!
> > > >>
> > > >> Thanks!
> > > >>
> > > >> 2016-02-15 10:06 GMT+02:00 Yaron de Leeuw :
> > > >>
> > > >>> Hi.
> > > >>>
> > > >>> I have managed to get it working on ArchLinux, and adapting the
> solution
> > > >>> to
> > > >>> other distributions should be trivial.
> > > >>> https://github.com/jarondl/ravkav_linux
> > > >>>
> > > >>> I have also emailed their support to ask for official linux
> packages,
> > > >>> and I encourage
> > > >>> you all to do so as well.
> > > >>>
> > > >>> Thank you Dimid Duchovny for finding the Mac OS installation
> package and
> > > >>> posting their url on the list.
> > > >>>
> > > >>> Yaron
> > > >>>
> > > >>
> > > >
> > > > ___
> > > > Linux-il mailing list
> > > > Linux-il@cs.huji.ac.il
> > > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> > > >
> > > >
> >
> > > ___
> > > Linux-il mailing list
> > > Linux-il@cs.huji.ac.il
> > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> >
> > --
> > Efraim Flashner      אפרים פלשנר
> > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> > Confidentiality cannot be guaranteed on emails sent or received
> unencrypted
>
>
>
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sendmail or ssmtp or ??

[Amos Shapira]

Why do you need an SMTP server? You need an SMTP client talking to
whichever SMTP server your hosting provider provides you.
e.g. https://github.com/PHPMailer/PHPMailer (I only remember it because of
a security flaw published about it last week, but it's PHP so... meh.)

On 6 January 2017 at 07:34, Steve Litt  wrote:

> On Thu, 5 Jan 2017 14:45:58 +0100
> Tzafrir Cohen  wrote:
>
> > On Thu, Jan 05, 2017 at 02:44:00PM +0200, David Suna wrote:
> > > I have an Ubuntu machine that I am using to develop PHP based web
> > > application. I now need to configure it so that PHP can send out
> > > mail. The default seems to be to install sendmail. However, I have
> > > seen comments that sendmail is overkill and some references to
> > > ssmtp.
> >
> > The main difference is that ssmtp and nullmailer (and other similar
> > "sendmails") don't queue. This greatly simplifies them.
> >
> > >
> > > What would be the recommended way to configure this? Sendmail,
> > > ssmtp or something else?
> >
> > I tried using ssmtp for some servers. It lacked too many basic
> > features. Nullmailer came closer. I don't recall the specific issues
> > now, though. But I ended up using either postfix. Or even exim4 in
> > some cases where I didn't bother.
>
> Nullmailer queues. It doesn't perform some other SMTP functionalities,
> but it queues. You can see it happen by ls'ing the queue directory
> while sending a bunch of email with it.
>
> I've never been able to have Nullmailer deliver messages to my local
> machine, probably because I just don't know how.
>
> SteveT
>
> Steve Litt
> December 2016 featured book: Rapid Learning for the 21st Century
> http://www.troubleshooters.com/rl21
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: CentOS yum install problem

[Amos Shapira]

I'd also check that your DNS configuration haven't changed, e.g. try "host
mirrorlist.centos.org" and see if you can get it to resolve.

On 9 December 2016 at 08:35, Rabin Yasharzadehe  wrote:

> Seems right, try commenting the mirror line and use a direct URL, and see
> if it's help. You can also try using curl or wget to check if it's a
> network problem
>
> On Thu, 8 Dec 2016, 21:33 David Suna,  wrote:
>
>> I tried "yum clean all" but that didn't help. I am not sure how to tell
>> where the url's should be pointing. Here is what I have in CentOS-Base.repo
>>
>> # CentOS-Base.repo
>> #
>> # The mirror system uses the connecting IP address of the client and the
>> # update status of each mirror to pick mirrors that are updated to and
>> # geographically close to the client.  You should use this for CentOS
>> updates
>> # unless you are manually picking other mirrors.
>> #
>> # If the mirrorlist= does not work for you, as a fall back you can try the
>> # remarked out baseurl= line instead.
>> #
>> #
>>
>> [base]
>> name=CentOS-$releasever - Base
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever=$basearch=os=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
>> enabled=1
>> gpgcheck=1
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #released updates
>> [updates]
>> name=CentOS-$releasever - Updates
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever=$basearch=updates=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
>> enabled=1
>> gpgcheck=1
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #additional packages that may be useful
>> [extras]
>> name=CentOS-$releasever - Extras
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever=$basearch=extras=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
>> gpgcheck=1
>> pgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #additional packages that extend functionality of existing packages
>> [centosplus]
>> name=CentOS-$releasever - Plus
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever=$basearch=centosplus=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/
>> centosplus/$basearch/
>> gpgcheck=1
>> enabled=0
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #contrib - packages by Centos Users
>> [contrib]
>> name=CentOS-$releasever - Contrib
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever=$basearch=contrib=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
>> gpgcheck=1
>> enabled=0
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>>
>> On 08/12/16 21:00, Rabin Yasharzadehe wrote:
>>
>> +1 for `yum clean all`
>>
>> also make sure your repos in the `/etc/yum.repo.d/` folder are enabled
>> and are pointing to a valid repos.
>> some VPS provider will change the url's in this files to point to there
>> proxy server to save time and BW,
>>
>>
>>
>>
>> --
>> Rabin
>>
>> On 8 December 2016 at 18:57, David Suna 
>> wrote:
>>
>> I am using CentOS for the first time on a GoDaddy Virtual Private Server.
>> Yesterday I was able to install packages without a problem. Today, for some
>> reason, any package I try to search for I get a No Matches found error. And
>> any package I try to install I get No package  available.
>>
>> I am a Debian / Ubuntu user so I am a little lost in the CentOS - yum
>> world. GoDaddy support is completely worthless. I have tried searching on
>> Google but have not found what I am looking for.
>>
>> Can anyone give me a pointer to how I can solve this problem?
>>
>> Thanks,
>>
>>
>> --
>> David Suna
>> da...@davidsconsultants.com
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>>
>> --
>> David sunada...@davidsconsultants.com
>>
>>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ping and traceroute results

[Amos Shapira]

Anycast is not suitable for TCP.
It IS fantastic for DNS (which uses UDP), which is the first thing a client
does most of the time to find the server.
Akamai control server groups by allocating per-customer per-object host
names, then these can be resolved using their very highly customised DNS
servers to the right server (also taking into account dynamic changes like
server cluster load or failure).
Since DNS uses UDP and the traffic consists on one packet in each
direction, Anycast is ideal for that scenario.
The actual content transfer (e.g. move streams, which is where I with
Akamai for stan.com.au) doesn't use Anycast.

On 24 November 2016 at 04:06, Shachar Shemesh <shac...@shemesh.biz> wrote:

> On 22/11/16 02:19, Amos Shapira wrote:
>
> On 21 November 2016 at 18:20, Shachar Shemesh <shac...@shemesh.biz> wrote:
>
>> The DNS resolving google.com guesses your gegraphical location, and
>> gives you an answer that is nearest where you are. If you use another DNS
>> to query the domain, you will get a different IP:
>>
>
> It's not always a "guess your geographic location". The smarter ones use
> Anycast to advertise the same IP address from multiple locations on the
> Internet and let BGP do its magic to route your packets to the nearest
> server, taking into account any congestion or other transient connection
> speed changes. This is how Google's DNS 8.8.8.8 works, or Akamai's CDN. The
> nice thing about it is that you get optimal response even at the host
> resolution stage. The DNS server can then take its knowledge of the DNS
> query source address into account when it decides which IP address to
> resolve to.
>
> It's pretty neat, personally I find it a fascinating trick:
> https://en.wikipedia.org/wiki/Anycast
>
> It is, quite fascinating. It is not, unfortunately, as useful as you make
> it out to be. Neither Google nor Akamai use it for web traffic, for example.
>
> The reason is twofold. First, anycast is poorly equipted to handle TCP
> connections. There is a (remote) possibility that the handler of your IP
> would change mid-request, which would not play nice with your connection.
>
> The second, more pertinent, reason is that , at least for Akamai, they
> would like to be able to control which server you reach when you make a
> request. The would like to be able to re-route your in case something bad
> happens to that server. DNS TTL can be set as low as 30 or 60 seconds. BGP
> routes have much longer settle times.
>
> Shachar
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ping and traceroute results

[Amos Shapira]

On 21 November 2016 at 18:20, Shachar Shemesh  wrote:

> The DNS resolving google.com guesses your gegraphical location, and gives
> you an answer that is nearest where you are. If you use another DNS to
> query the domain, you will get a different IP:
>

It's not always a "guess your geographic location". The smarter ones use
Anycast to advertise the same IP address from multiple locations on the
Internet and let BGP do its magic to route your packets to the nearest
server, taking into account any congestion or other transient connection
speed changes. This is how Google's DNS 8.8.8.8 works, or Akamai's CDN. The
nice thing about it is that you get optimal response even at the host
resolution stage. The DNS server can then take its knowledge of the DNS
query source address into account when it decides which IP address to
resolve to.

It's pretty neat, personally I find it a fascinating trick:
https://en.wikipedia.org/wiki/Anycast

--Amos
-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ping and traceroute results

[Amos Shapira]

Google.com is not one computer. Google spreads their locations all over the
world including pops in many ISP's.

https://peering.google.com/#/

On 20 November 2016 at 19:18, shimi  wrote:

>
>
> On Sun, Nov 20, 2016 at 9:38 AM, Shlomo Solomon 
> wrote:
>
>> On Sun, 20 Nov 2016 08:25:18 +0200
>> shimi  wrote:
>>
>> > I believe it's called a CDN and/or local compute clusters and the
>> > purpose of it is to give you a better user experience, which is a
>> > Good Thing (TM).
>> >
>> snip ... snip ... snip
>> >
>> > Why do you think it's a problem and are trying to avoid it?
>> >
>>
>> Thanks. I agree that this is "normally" a Good Thing (TM). So I guess I
>> have to explain my problem. For a course I'm doing, I had to write
>> traceroute in Python   -   re-invent the wheel :-)
>>
>> My program works, but I noticed it never reaches www.google.com so I
>> checked the "real" traceroute and found the same behaviour.
>>
>> It seems that neither my program nor the real traceroute handle this
>> properly - i.e. they never report that they've reached the final hop.
>> I've included traceroute www.godaddy.com and traceroute www.google.com
>> for comparison. You can see that traceroute www.google.com never
>> reaches the address it's trying to reach - 213.57.24.49
>>
>>
> I do not believe the fact that you "can't reach it" has anything to do
> with www.google.com resolving to an IP in Israel.
>
> Since I am assuming that for your re-inventing the wheel exercise, you did
> learn and understood what traceroute does; But let me explain it anyway for
> the answer to your question lies within...
>
> What traceroute does is essentially send packets to the destination IP by
> certain protocol. Popular choices include UDP (I believe that's what the
> Linux one does by default), ICMP (I believe that's what the Windows one
> does by default) and TCP.
>
> However, it doesn't send the packet as one normally would, with a large
> TTL (Time To Live) value which is expected to reach anywhere on the
> Internet (typical values: >= 64), rather than it starts of with setting a
> minimal value for TTL, for the purpose of _not_ getting into the target IP,
> rather than the packet being dropped by the very first router (hop) on the
> chain, resulting in error in packet  delivery.
>
> Per the IP specification, such a packet discarding SHOULD produce an ICMP 
> (Internet
> Control Message Protocol) message being sent by the hop that has discarded
> the packet towards the originator of the original packet, telling it that
> "TTL expired in transit". The original idea was to avoid packets travelling
> to infinitum in routing loops - by decreasing the TTL by 1 on every hop the
> packet passes, eventually it will zero out, and the packet will be
> discarded, not causing a bandwidth storm.
>
> So, I said SHOULD. Does it always? Well, no. Some hosts on the Internet
> employ something called "a firewall", which blocks ICMP for various reasons
> (you'll hear the word "security" in some places); As a regular user who
> opens his browser and types in 'https://www.google.com/' - you don't
> really care. ICMP is not typically used when establishing a connection to a
> server on the Internet (well, that's not accurate; lack of PMTU discovery
> is an excellent way to get your IT people to pull some hairs out when any
> tunnel is involved, including dialup and Israeli "MPLS" connections, a.k.a.
> "dialer-less HOT"... but for the sake of discussion and to explain how did
> they ended up deciding to filter those packets and affect you - probably
> not knowing what else they break - then "it's not typically used")
>
> Sometimes the filtering is not of ICMP at all, rather than the original
> protocol you're trying to probe with; A random UDP port at the area of
> 30,000 typically has no business traversing their network, so your original
> packet (if you're using UDP packets for your traceroute program) may have
> been firewalled and never reached a router to lower its TTL by 1 and expire
> it in transit to produce the ICMP message you're expecting... In that case,
> where ICMP is not actually block, rather your UDP connection is, you might
> find out that running:
>
> traceroute -I 213.57.24.49
>
> (I for ICMP Echo based traceroute)
>
> Does actually get you to the target. However, you'll have to run this as
> root, because generating ICMP packets is not something the regular user can
> do. Of course, you can opt to chmod +s your traceroute binary...
>
> Hope this helps,
>
> -- Shimi
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Gradual installation of debian packages

[Amos Shapira]

I see. Valid points.
Whenever you break a production site - do you try to add a test which
simulates the parameters of the breakage?
It sounds to me like some sort of an image versioning could still help
here, that way you can really "roll back" (actually boot to a previous
version of the image) properly.
For instance, VyOS (http://vyos.net/wiki/Upgrade) roll out new versions
this way. I'm not sure how exactly they do that but the bottom line is that
it's possible to upgrade to the next release and still save all the
versions and configuration to roll back if you have to.

On 7 August 2016 at 14:18, Elazar Leibovich <elaz...@gmail.com> wrote:

> It's radio antenna.
>
> It is of course tested before to some extent, in a "staging" environment.
>
> But since the physical environment varies, and sometimes antenna related
> parameters change between releases (e.g., duration of receive time), it is
> not easy to know you're not breaking something for someone by mistake.
>
> It could be for example the physical location of the antenna at the client
> which would make a difference.
>
>
> On Sat, Aug 6, 2016 at 2:27 AM, Amos Shapira <amos.shap...@gmail.com>
> wrote:
>
>> What kind of hardware is this that's connected to the servers, and what
>> does the software do that you can't test before installing on production
>> servers?
>>
>> On 6 August 2016 at 02:14, Elazar Leibovich <elaz...@gmail.com> wrote:
>>
>>> All real servers, with custom hardware attached, geographically
>>> distributed across the planet.
>>>
>>> Real people actually use the hardware attached to this computers, and
>>> it's not obvious to test whether or not it failed.
>>>
>>> The strategy therefor is, deploy randomly to small percentage of the
>>> machines, wait to see if you get complains from those customers using these
>>> hardware devices, and if everything went well, update the rest of the
>>> servers.
>>>
>>> The provisioning solution is chef, but I'm open to changing it. As I
>>> said, I don't think it makes too much difference.
>>>
>>> As of immutable server images, I'd do it with ZFS/brtfs snapshots
>>> (+docker/machinectl/systemd-nspawn if you must have some sort of
>>> virtual environment), but it's probably a better idea than apt-get install
>>> pkg=oldversion. Immutable filesystem for execution is of course not enough,
>>> since you might have migrations for the mutable part, etc. In this
>>> particular case, I don't think it's a big deal.
>>>
>>> You see, not everything is a web startup with customer facing website ;-)
>>>
>>> Thanks,
>>> Appreciate you sharing your experience.
>>> I'm not disagreeing with your points, but in this particular case, where
>>> testing is expensive, not all of them seems valid.
>>>
>>> On Fri, Aug 5, 2016 at 3:15 PM, Amos Shapira <amos.shap...@gmail.com>
>>> wrote:
>>>
>>>> What provisioning tools do you use to manage these servers? Please tell
>>>> me you aren't doing all of this manually.
>>>> Also what's your environment? All hardware servers? Any virtualisation
>>>> involved? Cloud servers?
>>>>
>>>> Reading your question it feels like you are setting yourself up to fail
>>>> instead of minimising the failure altogether.
>>>>
>>>> What I suggest is that you test your package automatically in a test
>>>> environment (to me, Vagrant + Rspec/ServerSpec would be first candidates to
>>>> check) then rollout the package to the repository for the servers to pick
>>>> it up.
>>>>
>>>> As for "roll-back" - with comprehensive automatic testing this concept
>>>> is becoming obsolete, there is no such thing as "roll-back" only
>>>> "roll-forward", i.e. since the testing and rolling out are small and
>>>> "cheap", it should be feasible to fix whatever problem was found instead of
>>>> having to revert the change altogether.
>>>>
>>>> If you are in a properly supported virtual environment then I'd even go
>>>> for immutable server images (e.g. Packer building AMI's, or Docker
>>>> containers), then it's a matter of just firing up an instance of the new
>>>> image both when testing and in production.
>>>>
>>>> --Amos
>>>>
>>>> On 3 August 2016 at 16:55, Elazar Leibovich <elaz...@gmail.com> wrote:
>>>>
>>>>> How exactly you 

Re: Gradual installation of debian packages

[Amos Shapira]

What kind of hardware is this that's connected to the servers, and what
does the software do that you can't test before installing on production
servers?

On 6 August 2016 at 02:14, Elazar Leibovich <elaz...@gmail.com> wrote:

> All real servers, with custom hardware attached, geographically
> distributed across the planet.
>
> Real people actually use the hardware attached to this computers, and it's
> not obvious to test whether or not it failed.
>
> The strategy therefor is, deploy randomly to small percentage of the
> machines, wait to see if you get complains from those customers using these
> hardware devices, and if everything went well, update the rest of the
> servers.
>
> The provisioning solution is chef, but I'm open to changing it. As I said,
> I don't think it makes too much difference.
>
> As of immutable server images, I'd do it with ZFS/brtfs snapshots
> (+docker/machinectl/systemd-nspawn if you must have some sort of virtual
> environment), but it's probably a better idea than apt-get install
> pkg=oldversion. Immutable filesystem for execution is of course not enough,
> since you might have migrations for the mutable part, etc. In this
> particular case, I don't think it's a big deal.
>
> You see, not everything is a web startup with customer facing website ;-)
>
> Thanks,
> Appreciate you sharing your experience.
> I'm not disagreeing with your points, but in this particular case, where
> testing is expensive, not all of them seems valid.
>
> On Fri, Aug 5, 2016 at 3:15 PM, Amos Shapira <amos.shap...@gmail.com>
> wrote:
>
>> What provisioning tools do you use to manage these servers? Please tell
>> me you aren't doing all of this manually.
>> Also what's your environment? All hardware servers? Any virtualisation
>> involved? Cloud servers?
>>
>> Reading your question it feels like you are setting yourself up to fail
>> instead of minimising the failure altogether.
>>
>> What I suggest is that you test your package automatically in a test
>> environment (to me, Vagrant + Rspec/ServerSpec would be first candidates to
>> check) then rollout the package to the repository for the servers to pick
>> it up.
>>
>> As for "roll-back" - with comprehensive automatic testing this concept is
>> becoming obsolete, there is no such thing as "roll-back" only
>> "roll-forward", i.e. since the testing and rolling out are small and
>> "cheap", it should be feasible to fix whatever problem was found instead of
>> having to revert the change altogether.
>>
>> If you are in a properly supported virtual environment then I'd even go
>> for immutable server images (e.g. Packer building AMI's, or Docker
>> containers), then it's a matter of just firing up an instance of the new
>> image both when testing and in production.
>>
>> --Amos
>>
>> On 3 August 2016 at 16:55, Elazar Leibovich <elaz...@gmail.com> wrote:
>>
>>> How exactly you connect to the server is not in the scope of the
>>> discussion, and I agree that ansible is a sensible solution.
>>>
>>> But what you're proposing is to manually update the package on a small
>>> percent of the machines.
>>>
>>> Manual solution is fine, but I would like to hear experience of people
>>> who actually did that on many servers.
>>>
>>> There are many other issues, for example, how to you roll back?
>>>
>>> apt-get remove exposes you to the risk that the uninstallation script
>>> would be buggy. There are other solutions, e.g., btrfs snapshots on root
>>> partitions, but I'm curious to hear someone experienced with it to expose
>>> issues I didn't even thought of.
>>>
>>> Another issue is, how do you select the servers you try it?
>>>
>>> You suggested a static "beta" list, and I think it's better to select
>>> the candidates randomly on each update.
>>>
>>> Anyhow, how exactly you connect to the server is not the essence of the
>>> issue.
>>>
>>> On Wed, Aug 3, 2016 at 9:30 AM, Evgeniy Ginzburg <nad@gmail.com>
>>> wrote:
>>>
>>>> Hello.
>>>> I'm assuming that you have paswordless ssh to the servers in question
>>>> as root.
>>>> Also I assume that you don't use central management/deployment software
>>>> (ansible/puppet/chef)
>>>> In similar cases I usully use parallel-ssh (gnu-parallel is another
>>>> alternative).
>>>> First stage install the package manually on one server to see that
>>

Re: Gradual installation of debian packages

[Amos Shapira]

What provisioning tools do you use to manage these servers? Please tell me
you aren't doing all of this manually.
Also what's your environment? All hardware servers? Any virtualisation
involved? Cloud servers?

Reading your question it feels like you are setting yourself up to fail
instead of minimising the failure altogether.

What I suggest is that you test your package automatically in a test
environment (to me, Vagrant + Rspec/ServerSpec would be first candidates to
check) then rollout the package to the repository for the servers to pick
it up.

As for "roll-back" - with comprehensive automatic testing this concept is
becoming obsolete, there is no such thing as "roll-back" only
"roll-forward", i.e. since the testing and rolling out are small and
"cheap", it should be feasible to fix whatever problem was found instead of
having to revert the change altogether.

If you are in a properly supported virtual environment then I'd even go for
immutable server images (e.g. Packer building AMI's, or Docker containers),
then it's a matter of just firing up an instance of the new image both when
testing and in production.

--Amos

On 3 August 2016 at 16:55, Elazar Leibovich  wrote:

> How exactly you connect to the server is not in the scope of the
> discussion, and I agree that ansible is a sensible solution.
>
> But what you're proposing is to manually update the package on a small
> percent of the machines.
>
> Manual solution is fine, but I would like to hear experience of people who
> actually did that on many servers.
>
> There are many other issues, for example, how to you roll back?
>
> apt-get remove exposes you to the risk that the uninstallation script
> would be buggy. There are other solutions, e.g., btrfs snapshots on root
> partitions, but I'm curious to hear someone experienced with it to expose
> issues I didn't even thought of.
>
> Another issue is, how do you select the servers you try it?
>
> You suggested a static "beta" list, and I think it's better to select the
> candidates randomly on each update.
>
> Anyhow, how exactly you connect to the server is not the essence of the
> issue.
>
> On Wed, Aug 3, 2016 at 9:30 AM, Evgeniy Ginzburg 
> wrote:
>
>> Hello.
>> I'm assuming that you have paswordless ssh to the servers in question as
>> root.
>> Also I assume that you don't use central management/deployment software
>> (ansible/puppet/chef)
>> In similar cases I usully use parallel-ssh (gnu-parallel is another
>> alternative).
>> First stage install the package manually on one server to see that
>> configuration is OK, daemons restart, etc...
>> If this stage is ok second step will be creating list of servers for
>> "complain" list and install package on them trough parallel-ssh.
>> Instead of waiting for complains, one can define metrics to check and use
>> some monitoring appliance for verification.
>> I case of failure remove package from repository and remove-install again.
>> Third will be parallel-ssh install on all the servers.
>>
>> P. S. In case of few tens of servers I'd prefer to work with ansible or
>> alternative, it's worh it in most cases/
>>
>> Best Regards, Evgeniy.
>>
>>
>> On Tue, Aug 2, 2016 at 8:50 PM, Elazar Leibovich 
>> wrote:
>>
>>> Hi,
>>>
>>> I'm having a few (say, a few tens) Debian machines, with a local
>>> repository defined.
>>>
>>> In the local repository I have some home made packages I'm building and
>>> pushing to the local repository.
>>>
>>> When I'm upgrading my package, I want to be sure the update wouldn't
>>> cause a problem.
>>>
>>> So I wish to install them on a few percentage of the machines, wait for
>>> complaints.
>>>
>>> If complaints arrive - roll back.
>>> Otherwise keep upgrading the whole machines.
>>>
>>> I'll appreciate your advice and experience of similar situation,
>>> I'll appreciate if someone who had actual real life experience with this
>>> situation would mention it in the comments.
>>>
>>> Thanks,
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>>
>> --
>> So long, and thanks for all the fish.
>>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

IS there anyone here with experience with VyOS/Vyatta?

[Amos Shapira]

I'm looking for answers about some corner cases I hit with it.

I generally managed to get it up and running and connecting my AWS VPC's
over IPSec
VPN with BGP-4 routing (fully automated, I'll publish the AMI Packer
receipe and CloudFormation
stack later), but have a few other annoyances.

Specifically I'm now trying to use it for remote-access l2tp/ipsec and also
have an issue with
the office VyOS having trouble generating DNS traffic using the right
source address.

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Questions for network/hardware engineer candidates?

[Amos Shapira]

Almost all our laptops are Mac Book pros, they don't require much handling
(usually if there is a problem then just take it to the Apple store a
couple of blocks away).

I'm after someone who can take care of our fibre-optic office line, modems,
WiFi, LAN and the router (the router is actually fun to work with - it runs
VyOS on a Dell rack), the card entrance system (Lenel).

I'm not quiet concerned with them being experts about the specific hardware
we have but trying to estimate their aptitude in attacking hardware/network
problems and troubleshooting by themselves, without me having to keep
holding their hand.

On 5 July 2016 at 10:04, Shay Gover <govers...@gmail.com> wrote:

> Hi Amos,
>
> Please define Hardware and Network. Server? PCs? PC Technician? Something
> else?
>
> Shay
>
> On Tue, Jul 5, 2016 at 2:36 AM, Amos Shapira <amos.shap...@gmail.com>
> wrote:
>
>> Hi,
>>
>> My workplace is looking to fill in a position for a hardware/network
>> person, someone to look mostly after the office network.
>>
>> Do people here have ideas about where to look for good interview
>> questions/exercises for such a role?
>>
>> Thanks,
>>
>> --Amos
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Questions for network/hardware engineer candidates?

[Amos Shapira]

Hi,

My workplace is looking to fill in a position for a hardware/network
person, someone to look mostly after the office network.

Do people here have ideas about where to look for good interview
questions/exercises for such a role?

Thanks,

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Amos Shapira]

Yes I know it's possible to fork multiple processes with one thread in each
and all that jazz.

I'm asking in the context of Erez' response - if he runs single-threaded
code on a multiprocessor hardware, how would he take advantage of more than
one processor core?


On 3 July 2016 at 08:35, Steve Litt <sl...@troubleshooters.com> wrote:

> On Sun, 3 Jul 2016 07:13:13 +1000
> Amos Shapira <amos.shap...@gmail.com> wrote:
>
> > Thanks for the explanation. I like this.
> > How would a single-threaded process take advantage of muti- CPU?
>
> Threads is just one method of multiprocessing. IIRC, back in the day
> Apache multiprocessed by forking a new process for every HTTP
> connection. Certainly those processes would be apportioned among the
> many processors or cores.
>
> SteveT
>
> Steve Litt
> June 2016 featured book: Troubleshooting: Why Bother?
> http://www.troubleshooters.com/twb
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Amos Shapira]

Thanks for the explanation. I like this.
How would a single-threaded process take advantage of muti- CPU?
On 2 Jul 2016 5:49 PM, "Erez D" <erez0...@gmail.com> wrote:

> doing some research on servers i found out that i can handle more
> connections simultaneously as single threaded.
> on thread per connection i have a huge overhead, just think of the default
> 2MB stack per connection - 1000 connections is 2GB ram just for stack.
> however as single threaded, i can server connections by the 10,000s(or
> even a million).
>
> later to my surprise, i found out that that was exactly one of the main
> considerations behind node.js
>
> but node.js requires code in js. and i am more of a c++ guy
> (and of course c++ is more efficient than js)
>
> C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par with
> other modern languages.
> the idea behind c++11/14 was to make it simple for beginners, while still
> keeping the option to control every bit for advanced users.
> one thing i hear people hate about c and c++ is its memory handling
> (malloc/free or new/delete), however in forgot about it years ago using
> shared_ptr ( now in c++11 and before that, use boost instead).. you can
> still control when it is freed if you want (in countrary to
> garbage-disposal-thread languages). as a matter of fact, i use this a lot -
> i create an object that cleans up,. and no matter how i exit the function
> it gets cleaned up.
>
> so i wanted a node.c++ instead of writing my own
>
> in theory simple single threaded web server usage code could look
> something like:
>
> int main()
> {
>   auto server=HttpServer::create(80,[](Request )
> {
>   if (request.header=="HelloWorld")
>   {
>  HttpResponse(200,"Hello, world");
>   } else {
> File::Read(request,header,[](bool success, string body)
>   {
>  if (success)
>HttpResponse(400,body);
>   } else {
>HttpResponse(404);
>   }
> );
>   }
> }
>   );
> }
>
>
>
>
>
> On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira <amos.shap...@gmail.com>
> wrote:
>
>> I'm curious - what's the background of this question? What's the original
>> goal that led you to ask this?
>>
>> On 28 June 2016 at 18:04, Erez D <erez0...@gmail.com> wrote:
>>
>>> i tried searching the web but got no result
>>>
>>> what web servers other than node.js are single threaded ?
>>> anyone has experience with one ?
>>> is there one in which the cgi is in c++ ?
>>>
>>>
>>>
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Amos Shapira]

I'm curious - what's the background of this question? What's the original
goal that led you to ask this?

On 28 June 2016 at 18:04, Erez D  wrote:

> i tried searching the web but got no result
>
> what web servers other than node.js are single threaded ?
> anyone has experience with one ?
> is there one in which the cgi is in c++ ?
>
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: iba.org.il programs

[Amos Shapira]

I don't watch much but noticed that היהודים באים is available on youtube
officially by IBA. Here is the Youtube account which makes it available,
perhaps the program you are interested in is also available?
https://www.youtube.com/user/MEDIAIBA


On 6 June 2016 at 08:02, Tzafrir Cohen  wrote:

> Hi,
>
> Lately I'm no longer able to view programs from iba.org.il even with a
> flash plug-in. Any way to download them without using the flash plugin?
>
> --
> Tzafrir Cohen | tzaf...@jabber.org | VIM is
> http://tzafrir.org.il || a Mutt's
> tzaf...@cohens.org.il ||  best
> tzaf...@debian.org|| friend
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: vdsl2 router

[Amos Shapira]

On 8 March 2016 at 21:01, E.S. Rosenberg <esr+linux...@g.jct.ac.il> wrote:

>
>
> 2016-03-08 9:10 GMT+02:00 Amos Shapira <amos.shap...@gmail.com>:
>
>> What exact model of TP-Link have you got?
>>
> WR740N (v4.x), WR841ND (v5.x), WR1043ND (v1.x)
>
>> I have a TP-Link AC1750 ADSL2+ modem router which is great except that
>> OpenWRT doesn't support this specific model's WiFi well (see multiple
>> "Notes" in https://wiki.openwrt.org/toh/tp-link/archer-c5-c7-wdr7500)
>>
> Did you check recently? The way I understand the notes v2 is fully
> supported while v1.x only the 2.4GHz Band is supported (though they do
> write that they don't do hardware NAT which will affect you if you have a
> WAN line > 300MBit/s).
>

I've just double checked this morning - the serial label on the router says
"v1.0", which means I can't take advantage of 802.11ac with OpenWRT on it
:(.


>
> So I'm half-heartedly on the lookout for something to run OpenWRT or VyOS
>> on, with 1Gb ethernet and 802.11ac WiFi and which can be used to do smart
>> and efficient routing especially over OpenVPN tunnels.
>>
> Let us know if you find something in a few month OpenWRT should be
> releasing 16.x (Designated Driver, if they manage to stick to the roughly
> yearly releases) which may bring improved support for your existing device
> considering how they already have half decent support there is someone (and
> probably more then one someone) working on it
>
> If you want something really powerful with a very powerful OS have a look
> at this:
> http://routerboard.com/RB962UiGS-5HacT2HnT
>

Perhaps my top priority, after having something that's flexible enough, is
hardware which won't take more than 3W to run.

Thanks,

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: vdsl2 router

[Amos Shapira]

What exact model of TP-Link have you got?
I have a TP-Link AC1750 ADSL2+ modem router which is great except that
OpenWRT doesn't support this specific model's WiFi well (see multiple
"Notes" in https://wiki.openwrt.org/toh/tp-link/archer-c5-c7-wdr7500)
So I'm half-heartedly on the lookout for something to run OpenWRT or VyOS
on, with 1Gb ethernet and 802.11ac WiFi and which can be used to do smart
and efficient routing especially over OpenVPN tunnels.


On 8 March 2016 at 10:07, E.S. Rosenberg  wrote:

> Personally I don't bother with the modem/router supporting OpenWRT, I
> bought a nice TP-Link router which functions as the router of my
> networks and runs OpenWRT then the provider router/bridge/whatever box
> is just used as a bridge device and nothing more.
>
> There are far less xDSL devices that support *WRT and also you never
> know if the device you'll get from your provider is under your full
> control (these days with 2/3-play packages the router tends to not be
> under your control since it also does your VoIP/TV) so as far as I am
> concerned the provider-device is 'outside' my network and should be
> treated as such
>
> Also the provider devices tend to have terrible firmware/updates which
> of course you want to salvage with *WRT.
>
> Regards,
> Eliyahu - אליהו
>
> 2016-03-01 13:40 GMT+02:00 Rabin Yasharzadehe :
> > In my opinion , a good place to start is this list -
> > http://www.netcheif.com/Articles/VDSL_Router/VDSL_Router.htm
> > find one/two that meet your demand, and then check if they have support
> for
> > openwrt/dd-wrt
> >
> > --
> > Rabin
> >
> > On 1 March 2016 at 12:43, sara fink  wrote:
> >>
> >> Hi Everyone
> >>
> >> I would like to buy a vdsl2 router that supports openwrt or ddwrt.
> Anyone
> >> has experience with a good router? Xphone gives dlink 225 which doesn't
> >> support openwrt.
> >>
> >> ___
> >> Linux-il mailing list
> >> Linux-il@cs.huji.ac.il
> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >>
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Amos Shapira]

I too would recommend letsenctlrypt. The only down side is possibly that
you have to keep renewing (automatically with a cron job) every three
months.
Alternatively, www.ssls.com lists very very cheap certs.
On 8 Mar 2016 4:49 p.m., "Baruch Siach"  wrote:

> Hi Gabor,
>
> On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
> > A found plenty of companies offering SSL certificates. One of them
> > https://www.ssl.com/
> > that was recommended by the domain registrar I am using had
> > $177 / year for the first 3 hostname and then $49 / year for each
> > additional hostname and $129/year for each wildcard domain.
> >
> > Is that a reasonable price? Any suggestions?
>
> How about https://letsencrypt.org/ free certs?
>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Password regex change on mybills.co.il

[Amos Shapira]

One condition I see from this regex which wasn't mentioned yet is that
there should be at least two *consecutive* letters in the password.

All in all, as Steve said - this is an idiotic way to enforce such complex
requirements (and I consider myself a regex enthusiast), and they should
fix their own shit. Just send them a password you tried so they can see for
yourself that it doesn't work.
On 28 Feb 2016 6:47 a.m., "Valery Reznic"  wrote:

> Hi, All.
>
> It's not actually Linux-related, but more regular-expression question.
> Nevertheless ...
>
> Recently I was unable to login into site mybills.co.il
>
> Attempt to reset password also failed due to regular expression test
> failed.
>
> Mybills claims that password should be 8-10 characters long and should
> include at least two digits and Latin letters.
>
> Whatever I tried as password - I was not able to pass their regex test.
>
> After a bit of digging
> I found following in the https://www.mybills.co.il/js/Validations.js
>
>
> //var passREGEX =
> /^(?=.{8,10}$)(?=(.*[0-9]){2,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%^&*()+-_=])).*/;
> var passREGEX =
> /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[~#%&=\$\-\!\?\^@])(?=.{8,})/;
>
> I tried first (commented out) regex in
>  the regex101.com and indeed password with 2 digits and 2 Latin letters
> matches
>
> I tried the second (active) one- no matches.
>
> Any idea what password should looks like to match this regex?
>
> I tried to contact mybills's support - no luck here :(
>
> Valery
>
>
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: problems upgrading an Ubuntu EC2 node

[Amos Shapira]

Thanks for coming back with the solution.

Though in a broader perspective: "you are holding it wrong" - get used to
the fact that you are running in the cloud and use it right - learn to
build your images from scratch so you can move to a  updated base image and
automatically install and configure your system on top of it. Otherwise I
can guarantee that you'll hit such a problem (or be very worried about it)
in your next upgrade.
On 23 Feb 2016 9:09 a.m., "Amit Aronovitch"  wrote:

> Posting the fix to list, in case someone searches the archives:
>
> Turns out that there were some leftover upstart files in /etc/init/, which
> apparently belonged to an old package (lxcguest) which had been uninstalled
> but left configured (possibly a remainder from a previous upgrade).
> Moving them away (by attaching and mounting the root volume onto another,
> live, machine) made the upgraded-ubuntu-machine bootable.
>
> The solution was taken from this link (which also details the diagnosis):
>
> http://www.nicksherlock.com/2015/01/my-ec2-server-wouldnt-boot-after-apt-get-dist-upgrade-i-fixed-it/
>
> Thanks Shimi for the quick response and for pointing out that link to me.
>
> AA
>
> p.s. I still have no idea why attaching this volume to a stopped machine
> had made it unbootable (upstart cannot be affected by extra disks that are
> not even automounted via fstab).
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: More pieces of the IPv6 puzzle (Re: ISP with native ipv6 in isarael)

[Amos Shapira]

Thanks everyone.
On 30 Jan 2016 12:43 a.m., "Yuval Adam" <yu...@y3xz.com> wrote:

>
>
> On 01/29/2016 11:52 AM, Amos Shapira wrote:
> >
> > Does anyone here have experience with public IPv6 in the cloud
> > (AWS/DigitalOcean/Google, in decreasing order of preference)?
> >
>
> Yes, I run my personal server on Digital Ocean + native IPv6 and it
> works great.
>
> Unfortunately, IPv6 support on AWS is partial, at best -
> If you use Route53 for your DNS records you can assign  records to
> domains, but the Route53 nameservers do not publish any IPv6 addresses
> so it's impossible to reach them on IPv6-only.
> EC2 instances are not assigned IPv6 addresses, and you have to route
> through an ELB if you want that.
>
> No information on Google Cloud.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: More pieces of the IPv6 puzzle (Re: ISP with native ipv6 in isarael)

[Amos Shapira]

Does anyone here have experience with public IPv6 in the cloud
(AWS/DigitalOcean/Google, in decreasing order of preference)?
On 29 Jan 2016 6:19 a.m., "E.S. Rosenberg"  wrote:

2016-01-28 20:37 GMT+02:00 Beni Cherniavsky-Paskin <
beni.cherniav...@gmail.com>:
> Due to bezeq's modem's wifi unreliability, I'm mostly connecting to my
> own wifi router anyway.
> I'd have switched to it completely and use a firewall there, except
> it's old and doesn't support IPv6 at all, and I haven't gotten around
> to buy a new one and/or install *WRT.
I also use bezeq boxes as modem-only and have an OpenWRT box behind
them, TP-Link makes very nice boxes that support OpenWRT (their
cheapest model is the 80NIS 741ND which is very good alue for money)
>
> I'm also a general believer in securing my laptops rather than my
> network, as I'm connecting to any and all wifis when traveling,
> and I've been deliberately running an unsecured wifi for years,
> valuing helping neighbors & passers-by over security (nowdays there is
> no dillema I'm shifting to separate guest networks).
No question that your laptop should be secure but that is no reason to
leave your desktop, printer, NAS, home automation, home security etc.
unsecured.
>
> To some degree, the desire of dropping NAT and having
> world-addressable machines inherently conflicts with the desire to
> have a firewall.
That is non-sense, I worked at several locations with IP addresses as
water and just because we had all our machines (even on WiFi) have
world-addressable IPs didn't mean we didn't have a firewall to limit
access from the outside to be only through the paths we allowed.
There is also no real valid reason to allow the outside world to be
able to scan your inside network NAT always sort provided that out
of the box but a good firewall does that even without NAT.
>
> But the wisdom of all this is of course debatable.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Python for Kids

[Amos Shapira]

I'd be interested to hear about resources for these ages in English too.

On 11 January 2016 at 01:11, Justin  wrote:

> Has anyone discovered good resources for teaching kids python? Hebrew?
>  (Ages 8-11)
>
> Code.org has great resources for abstract programing. They even translate
> into Hebrew. But very little to teach kids skills they can use on their
> own.
>
> Now I want to teach my oldest Python but I can't find any good resources.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Problems while trying to install CENTOS 7

[Amos Shapira]

You should also take the offer by the installer to checksum the media.

On 1 January 2016 at 03:18, Shlomi Fish  wrote:

> Hi Israel!
>
> On Thu, Dec 31, 2015 at 5:26 PM, Israel Shikler 
> wrote:
>
>> I  downloaded Centos 7 from a mirror site in Israel,
>> In the first time I created an installation dvd by imgburn and got the
>> following message while installing:
>> Error msg: centos 7 dev/root does not exist
>> In the second time the dvd was crated via expressburn, this time I got :
>> Error msg: not a com32r image
>>
>> Any idea what could go wrong?
>>
>
> Did you verify that the SHA-256 sum of the .iso file is correct? See
> http://mirror.isoc.org.il/pub/centos/7.2.1511/isos/x86_64/sha256sum.txt -
> if there's a mismatch then you'll need to use rsync (see
> https://en.wikipedia.org/wiki/Rsync ) or zsync (see
> http://zsync.moria.org.uk/ ) to make sure you got the right file
> contents. Otherwise, it's possible that you have used bad DVD media or that
> your hardware is incompatible with CentOS 7 (or faulty).
>
> Regards,
>
> -- Shlomi Fish
>
> --
> --
> Shlomi Fish http://www.shlomifish.org/
>
> Chuck Norris helps the gods that help themselves.
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: How to search Linux Kernel changelogs? (USB disconnect problem)

[Amos Shapira]

Backports?
https://packages.debian.org/jessie-backports/
On 25 Dec 2015 9:04 a.m., "E.S. Rosenberg"  wrote:

> Unless it has dependencies that force you 'onward' there is no reason
> not to download the deb and install it manually
>
> 2015-12-24 20:14 GMT+02:00 Omer Zak :
> > As it turned out, it did not matter that I misunderstood tlp's name.
> > The package tlp exists only in Debian Stretch (testing) and in Debian
> > Sid (unstable), and my PC runs on Debian Jessie, so there is no tlp in
> > my near future.
> >
> > On Wed, 2015-12-23 at 09:32 +, Daniel Shahaf wrote:
> >> Omer Zak wrote on Mon, Dec 21, 2015 at 13:54:50 +0200:
> >> > At your hint, I have installed powertop.
> >> > I did not find a tip in Debian, but there is a tiptop command in my
> >> > system.
> >>
> >> Rabin wrote "tlp" with an 'L', not "tip" with an 'I'.
> >>
> >> Daniel
> >>
> >> > How can they help me diagnose USB problems?
> >> >
> >> >
> >> > On Mon, 2015-12-21 at 13:35 +0200, Rabin Yasharzadehe wrote:
> >> > > do you install/use powertop or tlp ?
> >
> > --
> > Did you shave a yak today?
> > My own blog is at http://www.zak.co.il/tddpirate/
> >
> > My opinions, as expressed in this E-mail message, are mine alone.
> > They do not represent the official policy of any organization with which
> > I may be affiliated in any way.
> > WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Summary: Which Linux distribution is stable yet up-to-date

[Amos Shapira]

I tried to avoid this discussion but I'm a little surprised that nobody
mentioned Debian Testing.
I've used it as a desktop for a decade or so and it had a great combination
of very good stability (i.e. I can't recall it ever disappointed me) and
still relatively up to date.
But then again - it's been a while since I used it.
These days I use Ubuntu LTS for servers and Mac for laptop, and for a few
months around a year ago also Ubuntu LTS for a work laptop.

On 2 December 2015 at 06:35, Geoff Shang  wrote:

> On Tue, 1 Dec 2015, Omer Zak wrote:
>
> Yet another option is to use Debian Stable as the host operating system,
>> like I did so far, but compile and install my own kernel builds
>> according to the instructions in places such as:
>>
>> http://www.cyberciti.biz/faq/debian-ubuntu-building-installing-a-custom-linux-kernel/
>>
>
> You can also use Debian Backports to get more recent kernel releases.
>
> deb http://httpredir.debian.org/debian jessie-backports main contrib
> non-free
>
> Here's the most recent kernel in jessie-backports at time of writing:
>
> Package: linux-image-4.2.0-0.bpo.1-amd64
> Source: linux
> Version: 4.2.6-1~bpo8+1
>
> HTH,
> Geoff.
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: persistent private browsing ?

[Amos Shapira]

Thanks.

As far as I know (I left this company almost four years ago), this is a
subset of the metrics they collect.

On 18 November 2015 at 21:49, Yedidyah Bar David <d...@bardavid.org> wrote:

> On Wed, Nov 18, 2015 at 4:07 AM, Amos Shapira <amos.shap...@gmail.com>
> wrote:
>
>> Tell me about it :)
>> I used to work for an Australian startup which makes money from just
>> doing this (and a few other tricks) - threatmetrix.com
>>
>
> See also panopticlick.eff.org if interested.
>
>
>>
>> On 18 November 2015 at 07:46, E.S. Rosenberg <esr+linux...@g.jct.ac.il>
>> wrote:
>>
>>> BTW The plugins/addons/language preferences you use and advertise to
>>> the website actually help identify you too... depending on how
>>> standard or non-standard your settings are just your browser agent and
>>> http headers may be enough of a fingerprint
>>>
>>> 2015-11-17 14:19 GMT+02:00 Rabin Yasharzadehe <ra...@rabin.io>:
>>> > In my case for each new Chrome session I install `ublock origin` ,
>>> which
>>> > allow you to backup your setting to a file.
>>> > but you may find where the plugin save it configuration and re-apply
>>> them
>>> > after chrome start.
>>> >
>>> > I also now about `proxy switchysharp` which allow you to export it
>>> > configurations.
>>> >
>>> >
>>> >
>>> > --
>>> > Rabin
>>> >
>>> > On 17 November 2015 at 12:52, Erez D <erez0...@gmail.com> wrote:
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Nov 17, 2015 at 12:33 PM, Rabin Yasharzadehe <ra...@rabin.io>
>>> >> wrote:
>>> >>>
>>> >>> That's right, Incognito/Privet Browsing mode share the same session.
>>> >>> this is why you need to create a new profile for each case.
>>> >>>
>>> >>> Chrome & Firefox can be configure to run with pre-installed addons,
>>> >>> but you may need to configure them if needed.
>>> >>> but there some extension which allow you to export there settings (so
>>> >>> maybe you can automate the import ?).
>>> >>
>>> >> do you know which ?
>>> >>>
>>> >>>
>>> >>> --
>>> >>> Rabin
>>> >>>
>>> >>> On 17 November 2015 at 11:19, Erez D <erez0...@gmail.com> wrote:
>>> >>>>
>>> >>>> you are correct
>>> >>>>
>>> >>>> however, it is  needed to re-configire each and every profile -
>>> plugins,
>>> >>>> master password etc
>>> >>>>
>>> >>>> would be nice to have different profiles with some common settings,
>>> on
>>> >>>> different tabs on same window ...
>>> >>>>
>>> >>>> btw, i found that even 'private browsing' is not so private as if
>>> you
>>> >>>> open multiple tabs or windows of private browsing, they all share
>>> the same
>>> >>>> cookies.
>>> >>>> the only thing different about private browsing is that the cookies
>>> are
>>> >>>> deleted when all the private browsing sessions end.
>>> >>>>
>>> >>>> On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg <e...@g.jct.ac.il>
>>> wrote:
>>> >>>>>
>>> >>>>> If I'm not mistaken you should be able to accomplish this by
>>> starting
>>> >>>>> Firefox with a different profile (firefox -P or firefox
>>> --profile)
>>> >>>>>
>>> >>>>> 2015-11-15 10:36 GMT+02:00 Efraim Flashner <efr...@flashner.co.il
>>> >:
>>> >>>>> > I'm using privacy badger to block the following aspects of the
>>> >>>>> > different ads, including facebook. Doesn't sandbox them, but
>>> does keep them
>>> >>>>> > all from following me around the web.  I'm also using privoxy
>>> with tor to
>>> >>>>> > pass my browser traffic through tor, but that's not really going
>>> to make a
>>> >>>>> > difference in relation to your question.
>>> >>>>> >
>>> >>>>> >
>>> >&

Any Chrome extension developers around here?

[Amos Shapira]

Hi,

I have a itch with Chrome I'd like to scratch but don't have time to learn
how to program a Chrome extension.

Does anyone here know how to program Chrome extensions and is interested in
a small project?

It's about controlling which of multiple parallel logged in Chrome users
(think - workplace Google Apps login in paralel to a personal Google login)
will be used when opening a link from another app (in my case - on OSX)
based on URL matching.

Thanks.

-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Void Linux tips

[Amos Shapira]

What's the advantage of this distro?

I may be old and tired but I have to see a unique strong benefit for
deviating from the mainstream.

On 22 October 2015 at 06:18, Steve Litt  wrote:

> Hi all,
>
> I recently switched over to Void Linux, a KISS principle distro much
> closer to Slack than to Ubuntu, but with an oustanding, full
> dependency handling package manager. So far, I really like it.
>
> I've put together a bunch of tips for installing and using Void, so
> that the next guy has an easier time than I did:
>
> http://troubleshooters.com/linux/void/voidtips.htm
>
> Hope you like it.
>
> SteveT
>
> Steve Litt
> October 2015 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: KODI on Raspberry PI2 - no screen output

[Amos Shapira]

There very active forums for OpenELEC and kodi. I suggest that you try
asking there too.
On 21 Oct 2015 6:37 a.m., "Shlomi Fish"  wrote:

> Hi Shlomo!
>
> Just a question:
>
> Shlomo Solomon
>> http://the-solomons.net
>> Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4
>>
>>
> Are you still using Mageia 4? If so, I should note that it was
> end-of-lifed (EOLed) and will no longer receive updates (including security
> ones) and that you should really upgrade to Mageia 5 (and update your
> signature).
>
> Regards,
>
> -- Shlomi Fish
>
>
> --
> --
> Shlomi Fish http://www.shlomifish.org/
>
> Chuck Norris helps the gods that help themselves.
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Deleting Thousends of Messages in Gmail

[Amos Shapira]

What would be the advantage of Claws e-mail over the previously provided
GMail web interface search?
I got the impression the web interface can achieve this on the server side,
which will save network bandwidth and time.

On 24 August 2015 at 11:28, Steve Litt sl...@troubleshooters.com wrote:

 On Sun, 23 Aug 2015 23:07:02 +0300
 Amichai Rotman amic...@iglu.org.il wrote:

  I know it's kinda off-topic, but I am really at a loss...
 
  I m trying to free spcace on my Google free storage, so i am sifting
  through very old messages to delete in my Gmail box (as far as 2005
  and beyond!)
 
  I have this one label containing 12,000(!) messages. I'd like to
  delete all messages dated  before the current year.

 One easy way, if you can let things run overnight, is to install
 Claws-Mail, which is pretty darn fast. Point it at your Gmail IMAP,
 filter out everything before 1/1/2015 (the advanced search thing for
 selecting just the older messages is ag followed by a number of days
 (the number of days since 12/31/2014. Then highlight them all and run
 delete. Be sure you set Claws to delete immediately and not leave a
 ghost copy (I don't know how to explain it any better).

 Don't try this with Thunderbird. 12K messages with Thunderbird could
 take several days just to load up.

 SteveT

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Major rendering bug affecting Hebrew in pango has been fixed

[Amos Shapira]

Is this the same code used in Android?
Just today I read a Hebrew article in Pocket (https://getpocket.com/) on my
Nexus 5 and was reminded that it still justifies the mobilized version to
the left.

On 23 August 2015 at 05:53, Dov Grobgeld dov.grobg...@gmail.com wrote:

 This might be interesting to someone on the list.

 A major bug affecting rendering of Hebrew with justification in pango has
 been fixed after more than 8 years.

 See the following animated gif showing the rendering before and after the
 latest pango updates.

 https://bug753772.bugzilla-attachments.gnome.org/attachment.cgi?id=309871

 Though the animated gif shows Hebrew with nikud, the problem exists just
 the same without nikud.

 My only contribution was reporting the bug and giving feedback to Behdad
 who fixed it.

 Regards,
 Dov




 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Any Chrome extension developer looking for a project?

[Amos Shapira]

Hi,

I'm looking for a Chrome extension which can do the following (copied from
my unanswered question at
https://productforums.google.com/forum/#!msg/chrome/hIH8rDKCpgI/aYD_rvSSW6AJ
):

I'm logged in to two accounts on my workplace Chrome in parallel, let's
call them work and home. I keep at least one Chrome window open for
each account.

I sometimes click on links which are only accessible to the work person,
but they are opened by Chrome on whichever was the last window I was in,
i.e. sometimes Chrome tries to open the link as my home account (and
fails). I then have to copy the link and re-open it in a new tab on the
work window.

What I'd love to have is to be able to specify URL substrings (e.g.
prefixes, for instance https://bitbucket.org/work/*; or https:
work.atlassian.net*) and tell Chrome If you are sent these URL's then
open them using the 'work' account.


Now, since nobody could point me to an existing way to do that, and I
couldn't find such an extension myself, I thought it might be an
interesting project for someone who knows their Chrome stuff.

Any takers?

Thanks,

--Amos
-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

[JOB] Looking for a Linux NetFilter or general Kernel module programmer

[Amos Shapira]

Hi,

A startup is looking for a contractor with proven experience in writing
Linux kernel modules for a short contract job.

Preference for candidates with proven experience in writing NetFilter
modules (http://www.netfilter.org/).

Forwarding this e-mail to others you know, or suggestions for other forums
to publish this job, would be greatly appreciated.

Please respond in private e-mail to me (amos.shap...@gmail.com), more
details will be provided to relevant responses.

Thanks.

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Extending R.E. Syntax

[Amos Shapira]

The sages of Linux has a saying Talk is cheap, show me the code.

https://en.wikiquote.org/wiki/Linus_Torvalds#2000-04


On 21 July 2015 at 15:22, Omer Zak w...@zak.co.il wrote:

 The ancient sages of Israel have a saying סוף מעשה - במחשבה תחילה,
 meaning that the end of a project is as planned in the beginning.

 In our case it means some discussion and feedback about proposed
 features and their use cases, before one plunges into implementing them.

 On Tue, 2015-07-21 at 06:38 +0300, Shachar Shemesh wrote:
  On 20/07/15 21:46, Omer Zak wrote:
 
   Instead of, it would have been better to
  Good job! Where can I download your patch?
 
  Shachar

 --
 There is no IGLU Cabal because
 My own blog is at http://www.zak.co.il/tddpirate/

 My opinions, as expressed in this E-mail message, are mine alone.
 They do not represent the official policy of any organization with which
 I may be affiliated in any way.
 WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Eliminating binary from a text file

[Amos Shapira]

+1 for tr -d '\0'  file  newfile, based on the updated description.
But prevention is better than a cure - find a way to avoid this in the
first place.

On 21 July 2015 at 07:22, Boruch Baum boruch_b...@gmx.com wrote:

 I see that I'm late to the discussion and that your original problem has
 morphed a bit. Maybe the simplest and oldest solution is the `tr -d'
 command. See `man tr'.

 On 07/20/2015 04:56 AM, Orna Agmon Ben-Yehuda wrote:
  Hello everyone,
 
  I often have damaged text files (due to a lovely storage system). The
 files
  are of different formats, although I can usually assume they contain
  spaces. The files are structured as lines.
 
  Every once in a while, the lovely destruction (ahmstorage) system
  inserts binary garbage to the file. I wish to fix the files by removing
 the
  cancer without leaving any leftovers. That is, I want to lose partial
 lines.
 
  I tried using grep with all sorts of keys, but it did not do the trick.
  strings catches too little - it leaves partial lines.
  Is there an elegant  way to  do the trick line-wise?
 
  Thanks
  Orna
 
 
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 


 --
 hkp://keys.gnupg.net
 CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Eliminating binary from a text file

[Amos Shapira]

Then how about:

grep -v -P -a '\x00' file?

Based on http://superuser.com/a/612336/27453. Explantion of the flags:

-v - inverse - print NON-matching lines
-P - use Perl regexp
-a - force treating the file as a text file

On 21 July 2015 at 13:39, Shachar Shemesh shac...@shemesh.biz wrote:

  On 21/07/15 00:22, Boruch Baum wrote:

 I see that I'm late to the discussion and that your original problem has
 morphed a bit. Maybe the simplest and oldest solution is the `tr -d'
 command. See `man tr'.


  Read the original question again. She needs to eliminate the entire line
 where a corruption happened, not just the corrupt bytes themselves.

 Shachar

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Fwd: [SLUG] Fwd: 8TiB HDD, 10^14 bit error rate, approaching certainty of error for each drive of data read

[Amos Shapira]

Interesting thread about ZFS and large disks bit-rot...

-- Forwarded message --
From: Zenaan Harkness z...@freedbms.net
Date: 10 June 2015 at 11:52
Subject: [SLUG] Fwd: 8TiB HDD, 10^14 bit error rate, approaching certainty
of error for each drive of data read
To: s...@slug.org.au


FYI

-- Forwarded message --
From: Zenaan Harkness
Date: Wed, 10 Jun 2015 11:50:48 +1000
Subject: 8TiB HDD, 10^14 bit error rate, approaching certainty of
error for each drive of data read
To: d-community-offto...@lists.alioth.debian.org

Seems ZFS' and BTRFS' time has come. ZFS on Linux (ZFSoL) seems more
stable to me, and has 10 years of deployment under its belt too.

Any news on Debian GNU/Linux distributing ZFSoL? We see ZFS on Debian
GNU/kFreeBSD being distributed by Debian...

FYI
Zenaan


-- Forwarded message --
From: Zenaan Harkness
Date: Tue, 26 May 2015 20:31:41 +1000
Subject: Re: Thank Ramen for ddrescue!!!

On 5/25/15, Michael wrote:
 The LVM volumes on the external drives are ok.

Reminds me, also that I've been reading heaps about zfs over the last
couple days, HDD error rates are close to biting us with current gen
filesystems (like ext4). Armour plate your arse with some ZFS- or
possibly the less battle tested BTRFS- armour.

At one URE (UnRecoverable Errors) rate in 10^14 bits read from a drive
(most consumer drives are 10^14 - one advertises 2^15, and enterprise
drives are usually 2^16), we're talking 1 bit flip, on average, in
10^14 bits read, whilst:

8TiB drive =
8 * 1024^4 * 8bits =
70368744177664 bits

So if we read each bit once, say in a mirror recovery/ disk rebuild
situation, where that mirror disk has failed and a new one has been
connected and refilled with the data of the sole surviving disk, there
is an (8 * 1024^4 * 8) / 10^14, or ~70% chance that that whole disk
read (of the good disk) will itself produce an unrecoverable
bit-flip error, and so if you're using RAID hardware, you're now
officially rooted - you can't rebuild your mirror (RAID1) disk array.

Now think about a 4-disk (8TiB disks) RAID5 array (one parity disk),
and it's as good as an absolute certainty that when (not if) one disk
fails in that array, you will simply never recover/ rebuild the array,
due to one of the remaining disks producing its own error - and at the
point the first drive fails, the remaining drives are quite likely
closer to failure anyway...

Concerning stuff for data junkies like myself.

Thus RAID6, RAID7, or better yet the ZFS solutions to this problem -
RAIDZ2 and RAIDZ3 - where you have 2 or 3 parity disks respectively
and funky ZFS magic built in (disk scrubbing, hot spare disks and
more, all on commodity consumer disks and dumb controllers), where
-any- 2 (or 3) disks in your raid set can fail, and the set can
still rebuild itself - or if it's just sectors failing (random bit
flips), ZFS will automatically detect and repair those sectors with
bit flips, and warn you in the logs that this is happening - and it
will otherwise keep using a drive that's on the way out until you
replace it.

See here to wake us all up:
http://www.zdnet.com/article/why-raid-6-stops-working-in-2019/

http://arstechnica.com/information-technology/2014/01/bitrot-and-atomic-cows-inside-next-gen-filesystems/1/

(That second article slags ZFS with (what seems to me as) a claim that
ZFS COW (copy on write) functionality is per-file, not per-block,
which AIUI is total bollocks - ZFS most certainly is a per-block COW
filesystem, not per-file, but that's just a reflection of the bold
assumptions and lack of fact checking of that article's author -
otherwise I think the article is useful!)

Z

-- Forwarded message --
From: Zenaan Harkness
Date: Tue, 26 May 2015 22:34:50 +1000
Subject: Re: Thank Ramen for ddrescue!!!

 On 26 May 2015 12:31, Zenaan Harkness wrote:
 Reminds me, also that I've been reading heaps about zfs over the last
 couple days, HDD error rates are close to biting us with current gen
 filesystems (like ext4). Armour plate your arse with some ZFS- or
 possibly the less battle tested BTRFS- armour.

 At one URE (UnRecoverable Errors) rate in 10^14 bits read from a drive
 (most consumer drives are 10^14 - one advertises 2^15, and enterprise
 drives are usually 2^16), we're talking 1 bit flip, on average, in
 10^14 bits read, whilst:


 Base 10 or base 2? It's an order of magnitude of difference here, or one
 thousand more errors, so kinda a big deal...

Base 10. And the difference is much more than an order of magnitude:
2^14 = 16384
10^14 = 100

Unless I'm not understanding what you're asking...

For current HDDs:
10^15 URE rate means an order of magnitude less likely to have a problem.
10^16, one O better again.

The problem is, 10^14, with a 10T drive, is now at certainty - you are
all but guaranteed an random unrecoverable read error on that drive,
every time you read it - or rather, everytime you read a drives worth
of data off of that drive, 

Re: New Qemu and VirtualBox docs for Linux

[Amos Shapira]

Hi Steve,

I only read the first articles you sent a few weeks ago and they were
pretty good. Well done.

In relation to the latest installments - I'd like to suggest looking at
Vagrant and Packer too. I find that configuring everything in a text file
(basically, a Ruby script) is an extremely powerful way to document
repeatable and automated steps.

Cheers,

--Amos

On 24 May 2015 at 08:31, Steve Litt sl...@troubleshooters.com wrote:

 Hi all,

 As part of my DIY Linux push, I've completed documents on running and
 modifying Linux distros on Qemu and VirtualBox. There are many
 advantages, including convenience and speed (on hardware with hardware
 VM assist), and not collecting a vast pile of labeled hard disks for
 the various experiments.

 Here are the articles:

 * http://troubleshooters.com/linux/diy/virtualbox.htm

 * http://troubleshooters.com/linux/diy/qemu.htm

 I hope you enjoy them.

 SteveT

 Steve Litt
 May 2015 featured book: Quit Joblessness: Start Your Own Business
 http://www.troubleshooters.com/startbiz

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Linux Kernel 4.0 is Out + Debian Jessie Planned Upcoming Release

[Amos Shapira]

On 15 April 2015 at 22:29, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 2015-04-15 14:49 GMT+03:00 Shlomi Fish shlo...@gmail.com:
  “May you live in interesting times.”
 Thanks, you too and all of us.


Actually in the English context it's considered a curse (even though the
myth that it's originally a Chinese curse is unsubstantiated).
https://en.wikipedia.org/wiki/May_you_live_in_interesting_times

Break a leg is a wish for good luck, though :)

Go figure...

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: formatting a disk for a home NAS

[Amos Shapira]

If all you want is for this server to be there and not have to worry about
it then I'd recommend ext4.

Put the data and the OS on separate disks if you can.

Many years ago (over ten years), I used ReiserFS for my desktop. It worked
great and didn't have the limitations of the other fs's of the time
(ext2/ext3).
Until one day I tried to shrink it to make room for another distro. BIG
mistake. The tools weren't mature and I lost all my data.

*MY* take-away from this - stick to mainstream if you want things to just
work, and without knowing more about your context I'd expect 99% that ext4
will do just fine for the job.

Good luck,

--Amos

On 14 April 2015 at 17:17, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 Of course you're going to reformat, after all the technicalities of
 the local fs will be hidden from the clients by nfs/smb/(web)dav.

 As far as which FS goes, ext4 is a safe bet, it seems the big server
 players are recently opting for XFS.

 And if you feel adventurous and want the power of ZFS that is also an
 option these days or if you want something similar btrfs is also
 pretty good these days (my phone uses it for it's main storage and I
 have no complaints).

 HTH,
 Eliyahu - אליהו

 2015-04-14 6:44 GMT+03:00 Shlomo Solomon shlomo.solo...@gmail.com:
  I'm setting up a home NAS - Raspberry PI2, Raspbian, Samba, external
  disk. It's meant to serve files to a mixed network - Linux, Windows and
  Android devices. The new disk comes formatted as NTFS. My gut tells
  me to re-format as EXT4 - any comments or suggestions?
 
  Additional info: The files will be a mix of music, video and office
  files. I will also be backing up at least one of the Linux boxes on
  this server, so there will also be a fair number of small files -
  e-mail, config files, etc. In the past I used to prefer ReiserFS, but
  over the years, I've gradually moved to EXT4 for new disks.
 
  --
  Shlomo Solomon
  http://the-solomons.net
  Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4
 
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

[Amos Shapira]

On 14 April 2015 at 02:34, Shachar Shemesh shac...@shemesh.biz wrote:

 If I just reinstall the server (both time consuming and expensive, as I
 need provision a temporary server to make a smooth transition), I'm still
 going to be open to the same attack vector unless I do something.


Don't you have a DR plan?
How about automating the server setup, so you can both test changes (ever
heard of Vagrant?) and get it back to life without worrying about it?

Remember - todays servers should be treated like cattle, not pets:
http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg

(from http://www.slideshare.net/gmccance/cern-data-centre-evolution, origin
at
http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story)

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

[Amos Shapira]

Please allow me to disagree,

I see top value in spending some time to learn to set it up automatically -
it'll pay itself in spades every time you have to update anything on that
server, let alone migrate or rebuild it.

Setting up a test environment with Vagrant, setting things up with Puppet
(or whatever else is your favourite poison), testing the changes with
Serverspec and friends shouldn't take more than a day of hacking, will make
you much more relaxed about maintaining this server, and give you fantastic
tools to use in your other work.

E.g. I'm hacking now on my own project and see the value of automatic tests
so as my code progresses, I can make sure I didn't break something which
worked before. Sure its a hassle to kickstart it but once it's up it's
invaluable.

On 14 April 2015 at 12:53, Shachar Shemesh shac...@shemesh.biz wrote:

 Yes. That's top advice IF you are working off someone elses money and/or
 paying for your own time.

 If, however, this is something done in your spare time, serving mostly you
 and being paid for out of your own pocket, the difference between 8€/mo and
 what you said becomes big.

 Shachar
 On Apr 14, 2015 3:02 AM, Amos Shapira amos.shap...@gmail.com wrote:

 On 14 April 2015 at 02:34, Shachar Shemesh shac...@shemesh.biz wrote:

 If I just reinstall the server (both time consuming and expensive, as I
 need provision a temporary server to make a smooth transition), I'm still
 going to be open to the same attack vector unless I do something.


 Don't you have a DR plan?
 How about automating the server setup, so you can both test changes (ever
 heard of Vagrant?) and get it back to life without worrying about it?

 Remember - todays servers should be treated like cattle, not pets:
 http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg

 (from http://www.slideshare.net/gmccance/cern-data-centre-evolution,
 origin at
 http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story
 )

 --Amos




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Bezeq Ruter

[Amos Shapira]

I wonder - do you have to get the modem from Bezeq? Can't you buy anything
compatible on the free market?

On 13 April 2015 at 16:18, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 In addition to the fancy (read crappy) wireless routers that Bezeq
 will always try to offer you to lease/buy/get/whatever the latest fad
 is, they also have simple modems.
 Really these are bridge routers with one ethernet port and one DSL
 port, also running Linux, you can use them as router and create a DMZ
 between your wireless router and the bridge, though I don't recommend
 that because then you:
 - can't just drop in a replacement when they break down
 - are relying on the bridges' firmware for security on your DMZ

 They have currently 2 models as far as I can tell:
 - (Rotal) RTA 1320+
 - D-Link DSL-25xx (newer, haven't seen very often)

 Bezeq does not like giving these devices out most likely because it
 prevents them from having a Bezeq_free network at your address, the
 last time I had to replace my modem they told me that they actually
 repair them and aren't making/buying new ones (which makes sense for
 the rta1320 which is old but supports up to 24M).
 The fact that they are repairing does seem to be starting to lead to
 failures happing more often recently...
 It also prevents them from trouble shooting your network since the
 most they will have access to is the bridge whereas they generally
 have remote access to the wireless-routers (you often don't even get
 full root/admin on the router).

 To me using these devices only has advantages:
 - cost less then the fancy modem/routers.
 - allows me full control over my network infrastructure.
 - no Bezeq network freeloading on my DSL connection
 - no Bezeq access to my home network
 - allows me to easily upgrade my wireless router if/when I want some
 newer technology/toy.

 BTW: It is of course also possible to use a Bezeq wireless router
 together with your own wireless router either in a DMZ like setup or
 even as a bridge (though that takes some real effort), but that seems
 like a major overkill and a waste of money.

 HTH,
 Eliyahu - אליהו

 2015-04-12 23:15 GMT+03:00 Geoff Shang ge...@quitelikely.com:
  On Sun, 12 Apr 2015, E.S. Rosenberg wrote:
 
  Personally I always insist on Bezeq giving me their simple modem and
  use a decent router of my choosing (obviously vetted for OpenWRT
  support and specs) for WiFi etc (the modem ends up being a bridge
  device about whose fw etc I don't care as much).
 
 
  Ha!  I didn't know you could do this.  Typical that I find out 6 weeks
  before I leave the country. :)
 
  for the benefit of anyone else who didn't know, please tel more.
 
  Geoff.
 
 
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Hebrew keyboard cups?

[Amos Shapira]

Not specifically Linux related but I hope members here can help me with
antique hardware question.

I just ordered a couple of MS ergonomic keyboards like this:
http://www.microsoft.com/hardware/en-au/p/natural-ergonomic-keyboard-4000
and now I'm looking to make them Hebrew friendly.

I had an OK experience with Hebrew stickers but looking for a more durable
solution. What I have in mind are those optional plastic keycups which used
to be available to put on top of the keys.

So far I haven't found them online. Does anyone know where can I get them?
(I live outside Israel but perhaps I can get friends/family to buy offline
and ship with someone I'm expecting to come over soon if that's the only
option).

Thanks.

Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Back to the Future with C++ and Seastar

[Amos Shapira]

Hi Nadav,

Will it be video taped?
Slides made available?

Thanks,

--Amos

On 2 April 2015 at 05:53, Nadav Har'El n...@math.technion.ac.il wrote:

 On Wed, Apr 01, 2015, Oleg Goldshmidt wrote about Re: Back to the Future
 with C++ and Seastar:
  Nadav Har'El n...@math.technion.ac.il writes:
   Seastar is an open source (http://www.seastar-project.org/) library.
   It is based on the concept of futures (like in Node.js, just
 implemented
   in a much more efficient way). Part of the talk will also introduce
 futures,
   how Seastar implements them in C++, and how much C++ has changed in
 recent
   years from what you may remember about it.
 
  I might come (close to work :). C++ has futures and promises natively,
  as a part of its standard library. Can you add a couple of words on how
  Seastar's futures differ?

 Sure, though I'm sure Avi will explain it better in his talk :-)

 The first difference is that C++11's support for futures is incomplete:
 Futures are supported, but not *continuations*, which are code you want
 to run when the future value becomes available. C++17 will probably have
 continuations, but Seastar has them now.

 The second difference is that C++11's futures are indeed powerful, but not
 optimized for performance. They make excessive use of allocations, they
 rely on threads and everything uses atomic operations and locks. Seastar's
 design, on the other hand, is aimed at modern SMP design, for achieving
 the top possible performance: Continuations are very lightweight (not
 based on thread context switching), you write with Seastar a share-nothing
 server (each core deals with its own data) so no locks, no atomic
 operations,
 and very little cache contention. These things make a *huge* difference
 in performance in modern SMPs - especially when you try to scale up to
 many cores.

 The third difference is that Seastar is much more than just an
 implementation of futures - it is a complete library for writing
 asynchronous I/O-heavy (network and disk) applications - consider http
 servers, proxies, nosql servers - any server application you can think of
 will be much faster if rewritten in Seastar (Avi will present some
 benchmarks, showing near perfect scalability to 40 cores, 5x speed
 improvements compared to traditional thought-to-be-efficient applications,
 etc. Seastar completely bypasses the operating system by using DPDK,
 but as you may know DPDK only supports L2 packets and has no TCP/IP stack.
 But that's no longer true: We actually implemented in Seastar a full
 TCP/IP stack over DPDK, write in Seastar's own futures framework.

 And Seastar is even more. I'll leave a few surprises for Avi's talk ;-)

 --
 Nadav Har'El| Wednesday, Apr 1 2015, 13 Nisan
 5775
 n...@math.technion.ac.il
  |-
 Phone +972-523-790466, ICQ 13349191 |My opinions may have changed, but
 not the
 http://nadav.harel.org.il   |fact that I am right.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Good design to expose debug info from kernel module

[Amos Shapira]

On 29 March 2015 at 08:14, Elazar Leibovich elaz...@gmail.com wrote:

 4) I really think nowadays text is a bit obsolete. I can hardly think of a
 case where text would be more convenient than, say, json or HTML. Web
 browser is at your fingertips, and HTML table is easier to handle than
 whitespace separated output based on your terminal size.
 trtdeth0/tdtd100/td/tr is just as grep'able as the tab
 separated version, and is easier to view, sort, etc.


By text I DID mean JSON. I think that using JSON should address all the
concerns above and keep the protocol future-proof. I didn't find
kernel-specific JSON parser implementations but suspect that it should be
possible to use any simple user-space C implementation.



 [0] https://github.com/elazarl/cpu_affinity/blob/master/tracecpu.d
 [1]
 https://github.com/elazarl/cpu_affinity/blob/master/test/linux/plot_ftrace_sched_switch.py


 On Sat, Mar 28, 2015 at 12:49 AM, Amos Shapira amos.shap...@gmail.com
 wrote:

 If serialisation (aka marshalling) is considered, how about making it
 text based?
 Then you can use simple shell tools to talk to it.


 On 27 March 2015 at 22:34, Elazar Leibovich elaz...@gmail.com wrote:

 IMHO, C structs are no way near as usable as proper serialization
 format. For example, what about optional fields? What about variable
 length array? What about binary backwards compatibility? What about
 supporting other languages? It's not trivial to take a C struct and
 generate the proper struct.unpack string for it.

 Look at the complexity in perf_event_open(2), just parsing the event
 stream takes a good chunk of code[0], with many potential bugs.
 Parsing it with protobuf (or one of the other serialization formats)
 would take three lines or so, would be more efficient, and would be
 easier to program against, and less prone to bugs, etc.

 [0] Here is my take, and it's not even complete
 https://gist.github.com/elazarl/c8404686e71ef0b36cc7

 On Fri, Mar 27, 2015 at 12:26 PM, guy keren guy.choo.ke...@gmail.com
 wrote:
 
  i imagine, if you use the proper 'packing' pragmas, you can simply
 mempcy
  structures, without really writing serialization code (there's no
 endianess
  issues, with both sides running on the same host, by definition).
 
  --guy
 
 
  On 03/27/2015 10:03 AM, Elazar Leibovich wrote:
 
  Thanks, didn't know netlink.
 
  You still need a solution to parse the sent message, where protocol
  buffers etc, can help. (e.g., binary data into struct
  mymodule_request).
 
  Or am I missing something?
 
  On Fri, Mar 27, 2015 at 3:33 AM, guy keren guy.choo.ke...@gmail.com
  wrote:
 
 
  take a look at this:
 
 
 
 http://www.linuxfoundation.org/collaborate/workgroups/networking/generic_netlink_howto
 
  (link got broken - place it all on a single line)
 
  --guy
 
 
  On 03/26/2015 11:36 PM, Elazar Leibovich wrote:
 
 
  Hi,
 
  I'm writing a kernel module, and I want to expose some debug
  information about it.
 
  The debug information is often of the form of request-response.
 
  For example:
 
  - Hey module, what's up with data at 0xe8ff0040c000?
  - Cached, populated two hours ago.
 
  - Hey module, please invalidate data at 0xe8ff0002cb00
  - Sure thing.
 
  - Hey module, please record all accesses to 0xe8ff0006bbf0.
  - OK, ask me again for stats-5
  ...
  - Hey module, what's in stats-5?
  - So far, 41 accesses by 22 users.
 
  Now, the question is, what is a good design to expose this
 information.
 
  I think that the most reasonable way to interact with userspace is
  through a debugfs file.
 
  The user would open the debugfs file in read+write mode, would
 write a
  request, and accept a response from it.
 
  As I see it, there are two fundamental problems needs to be solved:
 
  - Parsing the request from the client.
  - Writing the response in a recognizeable format.
 
  A simple solution I first came up with, is to use a ad-hoc
  request-response format. In my case, request and response are line
  delimited, request is a hex address, and response is a translated
 hex
  address.
 
  Here is the relevant snippet.
 
  struct pipe {
   DECLARE_KFIFO(fifo, T, (14));
   wait_queue_head_t queue;
   char buf[100];
   int buflen;
   char resp[100];
   int resp_len;
  };
  static DEFINE_MUTEX(mutex);
  static int open(struct inode *inode, struct file *file)
  {
struct pipe *pipe;
if (!(file-f_mode  FMODE_READ) || !(file-f_mode 
 FMODE_READ))
  {
pr_warn(must open with O_RDWR\n);
return -EINVAL;
}
mutex_lock(mutex);
pipe = kzalloc(sizeof(*pipe), GFP_KERNEL);
INIT_KFIFO(pipe-fifo);
init_waitqueue_head(pipe-queue);
file-private = pipe;
  }
 
  static int write(struct file *file, const char __user *ubuf, size_t
  count, loff_t *ppos)
  {
char *eol;
size_t n = min_t(size_t, count, sizeof(pipe-buf));
struct pipe *pipe = file-private_data

Re: HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

[Amos Shapira]

OK, I think I understand you now.

Let's take a step back for a moment - you say that the client fails to
resolve IP address back to hostnames and that causes you problems?

How about configuring your DNS server to provide the right PTR records?

--Amos

On 23 March 2015 at 19:13, Lev Olshvang l...@nyotron.com wrote:

  Hi Amos,



 Perhaps I was not clear enough.

 Yes, I  want to prevent client from revert lookup.

 The client is not my application, It is part of Linux installation in some
 docs named DNS resolver.

 It is configured in /etc/nsswitch.conf and then control flow of
 gethostbyname() does IP lookup and reverse lookup





 But back to my question – I see in sniffer  DNS query for type A record
 issued  and then DNS query for PTR record ( reverse lookup)

 And I want to know if there is a way to configure nsswitch to prevent
 reverse since I already get IP ith the peer.



 Hope now I explained the queston more thoroughly.



 L.



 *From:* Amos Shapira [mailto:amos.shap...@gmail.com]
 *Sent:* Sunday, March 22, 2015 10:08 PM
 *To:* Lev Olshvang
 *Cc:* linux-il
 *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
 (record of PTR type)?



 I'm not sure what you are trying to achieve here - PTR records and A
 records are completely separate entities living under different domains.
 Both of them should be maintained separately (there are probably tons of
 tools to keep them in sync if you like, but from DNS' perspective there is
 no relation between them).



 If you want to prevent reverse lookup then you should tell the client
 not to do this.



 On 22 March 2015 at 22:31, Lev Olshvang l...@nyotron.com wrote:

  Hi Linuxers,



 I am jumping on today’s DNS thread,



 My Linux Debian  uses DNS service some Windows server.



 Linux resolver  gets back  IP address ( type A and AAA records), but fail
 to get back PTR record.

 ( I am observing DNS queries and failures with Wireshark)



 This  cause ldap to use address instead of  host name in  authentication
 realm and fail.

 When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
 name in the realm claim)







 I did not yet find a way to change nsswitch.conf to some resolver that
 prevents reverse lookup,

 Please give me some ideas if it is possible.





 Lev.


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --

 [image: Image removed by sender.] http://au.linkedin.com/in/gliderflyer




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

[Amos Shapira]

On 24 March 2015 at 01:57, Lev Olshvang l...@nyotron.com wrote:

  Hi Amos,



 I managed to persuade our sysadmin to give me permission in AD DNS server
 and I put there PTR record.


It should be part of his job - otherwise the PTR records will keep getting
out of sync with the A/ records.




 The question is whether it is possible to confugre nsswitch, or dnsmasq,
 nscd  or other resolver from doing reverse lookup.


Not that I'm aware - what do you expect it to do when the client asks to
resolve an IP address? Aways fail?




 *From:* Amos Shapira [mailto:amos.shap...@gmail.com]
 *Sent:* Monday, March 23, 2015 12:50 PM
 *To:* Lev Olshvang
 *Cc:* linux-il
 *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
 (record of PTR type)?



 OK, I think I understand you now.



 Let's take a step back for a moment - you say that the client fails to
 resolve IP address back to hostnames and that causes you problems?



 How about configuring your DNS server to provide the right PTR records?



 --Amos



 On 23 March 2015 at 19:13, Lev Olshvang l...@nyotron.com wrote:

  Hi Amos,



 Perhaps I was not clear enough.

 Yes, I  want to prevent client from revert lookup.

 The client is not my application, It is part of Linux installation in some
 docs named DNS resolver.

 It is configured in /etc/nsswitch.conf and then control flow of
 gethostbyname() does IP lookup and reverse lookup





 But back to my question – I see in sniffer  DNS query for type A record
 issued  and then DNS query for PTR record ( reverse lookup)

 And I want to know if there is a way to configure nsswitch to prevent
 reverse since I already get IP ith the peer.



 Hope now I explained the queston more thoroughly.



 L.



 *From:* Amos Shapira [mailto:amos.shap...@gmail.com]
 *Sent:* Sunday, March 22, 2015 10:08 PM
 *To:* Lev Olshvang
 *Cc:* linux-il
 *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
 (record of PTR type)?



 I'm not sure what you are trying to achieve here - PTR records and A
 records are completely separate entities living under different domains.
 Both of them should be maintained separately (there are probably tons of
 tools to keep them in sync if you like, but from DNS' perspective there is
 no relation between them).



 If you want to prevent reverse lookup then you should tell the client
 not to do this.



 On 22 March 2015 at 22:31, Lev Olshvang l...@nyotron.com wrote:

  Hi Linuxers,



 I am jumping on today’s DNS thread,



 My Linux Debian  uses DNS service some Windows server.



 Linux resolver  gets back  IP address ( type A and AAA records), but fail
 to get back PTR record.

 ( I am observing DNS queries and failures with Wireshark)



 This  cause ldap to use address instead of  host name in  authentication
 realm and fail.

 When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
 name in the realm claim)







 I did not yet find a way to change nsswitch.conf to some resolver that
 prevents reverse lookup,

 Please give me some ideas if it is possible.





 Lev.


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --

 [image: Image removed by sender.] http://au.linkedin.com/in/gliderflyer





 --

 [image: Image removed by sender.] http://au.linkedin.com/in/gliderflyer




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Server stopped DNS name resolution

[Amos Shapira]

1. Sounds like the ip's in your resolv.conf are wrong. Where does the
server get them from? ip's 8.8.8.8 and 8.8.4.4 are the Google unicast
public DNS servers. They are reliable but it's not optimal for a server to
have to reach out to them on every query.

2. The ssh login is possibly slow because the ssh server is configured to
try to reverse-resolve the incoming client ip address for logging. Look for
UseDNS in your SERVER config (/etc/sshd_config). The default is usually
no but perhaps in your case it's on.

3. Telnet is not a good indicator of reachability of DNS servers, DNS is
UDP based and usually even the TCP port 53 is blocked because no one is
supposed to have to access it. On the other hand, traceroute (yes, good old
traceroute, as opposed to ping and tcptraceroute) uses UDP packets and you
can tell it to use port 53 as destination so perhaps try that (again - pass
-n flag to it to stop it from failing to reverse-resolve the ip address
of each response).

Good luck.

On 22 March 2015 at 22:13, Gabor Szabo ga...@szabgab.com wrote:

 I tried that, and although I am not sure what should I look for in there
 it seems to be claiming

 rt_sigsuspend([];; connection timed out; no servers could be reached


 I tried to telnet 72.14.179.5 53  (one of the DNS servers) and that did
 not got a response.


 Anyway, Linode support told me to add this to the resolve.conf

 nameserver 8.8.8.8

 nameserver 8.8.4.4

 and that seemed to do the trick.

 Gabor

 On Sun, Mar 22, 2015 at 1:00 PM, guy keren guy.choo.ke...@gmail.com
 wrote:


 run this on the host:

 strace host www.google.com

 and scan the output.

 more efficient then guessing.

 --guy

 On 03/22/2015 12:50 PM, Gabor Szabo wrote:

 Hi,

 I run an Ubuntu based VPS on Linode.
 I few hours ago the machine stopped resolving hostnames.
 I think it was after an aptitude safe-upgrade and a reboot, but I am
 not sure. Maybe was like this earlier.

 It takes ages to ssh to it, once I got to the machine I can ping IP
 addresses from it, but I cannot ping anything with a hostname.

 this is what I have in resolv.conf

 # cat /etc/resolv.conf

 domain members.linode.com http://members.linode.com

 search members.linode.com http://members.linode.com

 nameserver 72.14.179.5

 nameserver 72.14.188.5

 options rotate


 I tried to replace the nameservers with others that are listed in
 another of my servers, but that did not make a change.

 How can I track down what has the server stopped resolving hostnames?

 Accessing the server via HTTP work as expected.

 Gabor



 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

[Amos Shapira]

I'm not sure what you are trying to achieve here - PTR records and A
records are completely separate entities living under different domains.
Both of them should be maintained separately (there are probably tons of
tools to keep them in sync if you like, but from DNS' perspective there is
no relation between them).

If you want to prevent reverse lookup then you should tell the client not
to do this.

On 22 March 2015 at 22:31, Lev Olshvang l...@nyotron.com wrote:

  Hi Linuxers,



 I am jumping on today’s DNS thread,



 My Linux Debian  uses DNS service some Windows server.



 Linux resolver  gets back  IP address ( type A and AAA records), but fail
 to get back PTR record.

 ( I am observing DNS queries and failures with Wireshark)



 This  cause ldap to use address instead of  host name in  authentication
 realm and fail.

 When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
 name in the realm claim)







 I did not yet find a way to change nsswitch.conf to some resolver that
 prevents reverse lookup,

 Please give me some ideas if it is possible.





 Lev.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Server stopped DNS name resolution

[Amos Shapira]

Google unicast public DNS servers

s/unicast/anycast/, I keep forgetting that term.

On 22 March 2015 at 22:28, Amos Shapira amos.shap...@gmail.com wrote:

 1. Sounds like the ip's in your resolv.conf are wrong. Where does the
 server get them from? ip's 8.8.8.8 and 8.8.4.4 are the Google unicast
 public DNS servers. They are reliable but it's not optimal for a server to
 have to reach out to them on every query.

 2. The ssh login is possibly slow because the ssh server is configured to
 try to reverse-resolve the incoming client ip address for logging. Look for
 UseDNS in your SERVER config (/etc/sshd_config). The default is usually
 no but perhaps in your case it's on.

 3. Telnet is not a good indicator of reachability of DNS servers, DNS is
 UDP based and usually even the TCP port 53 is blocked because no one is
 supposed to have to access it. On the other hand, traceroute (yes, good old
 traceroute, as opposed to ping and tcptraceroute) uses UDP packets and you
 can tell it to use port 53 as destination so perhaps try that (again - pass
 -n flag to it to stop it from failing to reverse-resolve the ip address
 of each response).

 Good luck.

 On 22 March 2015 at 22:13, Gabor Szabo ga...@szabgab.com wrote:

 I tried that, and although I am not sure what should I look for in there
 it seems to be claiming

 rt_sigsuspend([];; connection timed out; no servers could be reached


 I tried to telnet 72.14.179.5 53  (one of the DNS servers) and that did
 not got a response.


 Anyway, Linode support told me to add this to the resolve.conf

 nameserver 8.8.8.8

 nameserver 8.8.4.4

 and that seemed to do the trick.

 Gabor

 On Sun, Mar 22, 2015 at 1:00 PM, guy keren guy.choo.ke...@gmail.com
 wrote:


 run this on the host:

 strace host www.google.com

 and scan the output.

 more efficient then guessing.

 --guy

 On 03/22/2015 12:50 PM, Gabor Szabo wrote:

 Hi,

 I run an Ubuntu based VPS on Linode.
 I few hours ago the machine stopped resolving hostnames.
 I think it was after an aptitude safe-upgrade and a reboot, but I am
 not sure. Maybe was like this earlier.

 It takes ages to ssh to it, once I got to the machine I can ping IP
 addresses from it, but I cannot ping anything with a hostname.

 this is what I have in resolv.conf

 # cat /etc/resolv.conf

 domain members.linode.com http://members.linode.com

 search members.linode.com http://members.linode.com

 nameserver 72.14.179.5

 nameserver 72.14.188.5

 options rotate


 I tried to replace the nameservers with others that are listed in
 another of my servers, but that did not make a change.

 How can I track down what has the server stopped resolving hostnames?

 Accessing the server via HTTP work as expected.

 Gabor



 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
 http://au.linkedin.com/in/gliderflyer




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Something is injecting malware into my HTTP traffic

[Amos Shapira]

Just speculating, but could it be that your ISP uses a caching transparent
proxy (which would explain why it doesn't happen on SSL) and its cache got
corrupted?
The other ISP case could be explained if it's actually
upstream/downstream from your ISP, or they share a proxy cache for other
reasons.


On 21 March 2015 at 04:07, Roman Ovseitsev rom...@gmail.com wrote:

 Please forgive the slight off-topic, but I am experiencing a rather
 strange issue while downloading a certain file over HTTP.

 Instead of getting node.js installer as expected from here
 http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi I am receiving a
 completely different executable - an installer for Elcomsoft's Advanced EFS
 Password Recovery whatever that is.

 Both files are exactly the same size but SHA sums obviously don't match.

 SSL version of the link -
 https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi works as expected.
 i.e. downloads the correct node.js installer.


 I have verified this on three different machines running Fedora, CentOS,
 and Windows. None of these machines ever exchanged any files or used
 anything else but the default repos. In fact the windows machine is a 13
 years old pc with a freshly installed OS. So presumably that dismisses any
 possibility of rootkits.

 It doesn't seems to be due to my router or ISP either. I am getting the
 wrong executable on two of my neighbours' Wi-Fi networks and at least one
 of them seems to be using a different ISP.
 However it doesn't happen on another Israeli nor a couple of US and UK
 servers I've tried so far.
 I am not using any proxies either.

 nodejs.org domain on all of the above resolves to the same IP.


 What's going on?
 Could be that the ISPs are the culprit?

 Considering that the application is relatively popular and I am the only
 one experiencing this issue it doesn't seem to be the case of nodejs.org
 server doing this on purpose (knowingly or not).

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Something is injecting malware into my HTTP traffic

[Amos Shapira]

So there might be your answer - I guess nv stands for netvision - give
them the URL and ask them to clear the cache for it.

On 22 March 2015 at 05:56, Michael Tewner tew...@gmail.com wrote:

 I'm seeing the same thing, that is, the downloaded files start to differ
 at byte #4101

- The HTTPS version downloaded quite fast on my 5Mbps connection. The
HTTP one is taking forever, quite literally; it's stalled
- I've tried adding Cache-Control: no-cache and Pragma: no-cache,
but still getting the alternate file.

 tcptraceroute shows that the HTTP is most probably being cached; First
 using HTTP, then using HTTPS:

 MacBook-Air:tmp $ tcptraceroute nodejs.org 80
 Selected device en0, address 192.168.1.107, port 57585 for outgoing packets
 Tracing the path to nodejs.org (165.225.133.150) on TCP port 80 (http),
 30 hops max
  1  192.168.1.1  4.144 ms  1.739 ms  1.139 ms
  2  lo10.cab2.hfa.nv.net.il (212.143.205.233)  15.141 ms  12.162 ms
  11.659 ms
  3  core1-cab1-hfa.hfa.nv.net.il (212.143.207.16)  15.204 ms  13.932 ms
  12.857 ms
  4  gw2-0-2-0-1-core1.hfa.nv.net.il (212.143.7.25)  11.599 ms  12.655 ms
  16.048 ms
  5  165.225.133.150 [open]  157.406 ms  157.195 ms  168.028 ms

 MacBook-Air:tmp $ tcptraceroute nodejs.org 443
 Selected device en0, address 192.168.1.107, port 57586 for outgoing packets
 Tracing the path to nodejs.org (165.225.133.150) on TCP port 443 (https),
 30 hops max
  1  192.168.1.1  3.398 ms  1.755 ms  1.230 ms
  2  lo10.cab2.hfa.nv.net.il (212.143.205.233)  11.704 ms  16.318 ms
  11.138 ms
  3  core1-cab1-hfa.hfa.nv.net.il (212.143.207.16)  14.981 ms  13.580 ms
  17.064 ms
  4  gw2-0-3-0-0-core1.hfa.nv.net.il (212.143.7.53)  12.450 ms  14.393 ms
  10.653 ms
  5  10.10.40.1  12.454 ms  18.778 ms  14.951 ms
  6  gw2-fra-0-3-0-3-200-gw2.hfa.nv.net.il (212.143.12.12)  67.772 ms
  68.099 ms  110.025 ms
  7  10.10.70.1  70.582 ms  76.711 ms  66.120 ms
  8  xe-4-3-2-302.fra23.ip4.gtt.net (77.67.94.5)  67.824 ms  66.694 ms
  97.753 ms
  9  xe-1-2-3.was14.ip4.gtt.net (89.149.180.198)  154.917 ms  167.244 ms
  168.940 ms
 10  internap-gw.ip4.gtt.net (77.67.69.254)  164.903 ms  175.436 ms
  158.257 ms
 11  border10.pc2-bbnet2.wdc002.pnap.net (216.52.127.73)  156.724 ms
  153.793 ms  164.227 ms
 12  joyent-3.border10.wdc002.pnap.net (64.94.31.202)  166.082 ms  163.434
 ms  163.415 ms
 13  165.225.143.105  163.860 ms  169.177 ms  154.384 ms
 14  165.225.143.15  178.280 ms  152.575 ms  159.958 ms
 15  165.225.133.150 [open]  157.337 ms  162.811 ms  164.262 ms



 On Sat, Mar 21, 2015 at 7:48 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il
 wrote:

 Depending on the version of windows and it's network environment you
 freshly installed rootkits could be likely, but that is OT here.

 Note that different ISP in Israel is a fairly relative statement since
 there are basically just a few major players who own a bunch of the smaller
 ISPs and could have caching proxies on their international lines...

 Did you traceroute the connection both from working and non-working
 settings?

 Regards,
 Eliyahu - אליהו

 2015-03-21 8:30 GMT+02:00 Amos Shapira amos.shap...@gmail.com:

 Just speculating, but could it be that your ISP uses a caching
 transparent proxy (which would explain why it doesn't happen on SSL) and
 its cache got corrupted?
 The other ISP case could be explained if it's actually
 upstream/downstream from your ISP, or they share a proxy cache for other
 reasons.


 On 21 March 2015 at 04:07, Roman Ovseitsev rom...@gmail.com wrote:

 Please forgive the slight off-topic, but I am experiencing a rather
 strange issue while downloading a certain file over HTTP.

 Instead of getting node.js installer as expected from here
 http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi I am receiving a
 completely different executable - an installer for Elcomsoft's Advanced EFS
 Password Recovery whatever that is.

 Both files are exactly the same size but SHA sums obviously don't match.

 SSL version of the link -
 https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi works as
 expected. i.e. downloads the correct node.js installer.


 I have verified this on three different machines running Fedora,
 CentOS, and Windows. None of these machines ever exchanged any files or
 used anything else but the default repos. In fact the windows machine is a
 13 years old pc with a freshly installed OS. So presumably that dismisses
 any possibility of rootkits.

 It doesn't seems to be due to my router or ISP either. I am getting the
 wrong executable on two of my neighbours' Wi-Fi networks and at least one
 of them seems to be using a different ISP.
 However it doesn't happen on another Israeli nor a couple of US and UK
 servers I've tried so far.
 I am not using any proxies either.

 nodejs.org domain on all of the above resolves to the same IP.


 What's going on?
 Could be that the ISPs are the culprit?

 Considering that the application is relatively popular and I am the
 only one experiencing this issue

Re: OT: Biometric ID

[Amos Shapira]

mv Israel Chelm

(ref for the uninitiated:
http://en.wikipedia.org/wiki/Jewish_humour#Che.C5.82m)
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: Biometric ID

[Amos Shapira]

BTW this anecdote might interest Yonathan Klinger and other anti-bio-id
activists since it could be pointing a fatal flaw in the system.
On 15 Mar 2015 9:26 pm, Gabor Szabo ga...@szabgab.com wrote:

 A few weeks ago I asked to get a biometric ID. They took my finger prints
 and asked all kinds of funny questions to make sure its me.
 Today I went to pick up my new ID and their system could not recognize my
 finger prints.

 I got a bit nervous, but they calmed me down that I have nothing to worry
 because the finger prints are only for the Interior Ministry and they are
 sure the one in the system matches the one on my finger and that I will
 only need it when dealing with Interior Ministry and they will mark in the
 system that the fingerprints did not match when I received the ID.

 So apparently they have a field in the database for this information.

 They offered to order a new biometric card - claiming that the problem is
 only in the card,
 but they can only do that if first they give the broken one to me.

 So I'd have a card that can identify me without any doubt, except that
 the fingerprint in it cannot be matched to mine.

 I asked if I could get a new non-biometric ID, but I was told I cannot any
 more. Once I signed up for biometric ID, I cannot go back.

 Madness.

 Gabor


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Thanks both of you for your input.
Yes I'm aware of the caveats (luckily I get to play with AWS, and AWS
automation, all day in my current job :) ).

Cheers,

--Amos

On 15 January 2015 at 21:17, Etzion Bar-Noy eza...@tournament.org.il
wrote:

 I believe that the time required for system start depends on the list of
 services. It could be shorted than two minutes, or longer. Depends.

 I used a condition - 'if' he can trim the image to startup in about 15
 seconds, it becomes feasible.

 Etzion

 On Thu, Jan 15, 2015 at 8:11 AM, Orna Agmon Ben-Yehuda ladyp...@gmail.com
  wrote:

 Hi Amos, Etzion,

 You are talking about 15 seconds for bringing up the machine, and about
 shutting down the machine according to idleness detection. Last time I
 checked (and maybe I am not up-to-date),
 1. It took about two minutes to bring up the machine.
 2. Amazon charged per full hour. That is, if you use the instance for 20
 minutes, shut it down and then bring it up for 20 minutes, you pay for two
 hours. So it might be beneficial to wait a bit, at least until the end of a
 full hour.

 Orna

 On Thu, Jan 15, 2015 at 2:33 AM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Thanks Etzion.

 Yes you are on the same track as me.

 An unmapped Elastic IP will cost $3.65/month, which is a significant
 amount in comparison to the numbers I'm looking at skimming, so you are
 probably right about using a no-ip address.

 Finding the instance IP is a matter of a trivial curl call to the
 right URL, and no-ip can just use the current update requests source
 address automatically anyway.

 The next step would be to automatically identify idleness of the
 application for automatic shut down.

 Would people in the audience here see themselves using such a service
 (to fire up your server) if it was offered?

 --Amos


 On 15 January 2015 at 09:38, Etzion Bar-Noy eza...@tournament.org.il
 wrote:

 Hi Amos.
 It means you make use of an instance which is very quick to load.
 Removing non-esential services, or postponing them to after Jira starts,
 using a lightweight system, etc. If you can remove boot-time hogs, you can
 reach a fast-booting system. A script using Amazon API will prepare it for
 you.
 I wouldn't use the elastic IP because of its price (I get the feeling
 you seek something cheap). no-ip.com or other no-dns services could do
 the trick, except that the VM in Amazon network is unaware of its external
 IP (you might be able to query that using the API, BTW), and that it might
 take a few minutes (one, maybe more) before you could connect to the
 machine, because their update might no be immediate.
 Other than that - seems fine.

 Etzion

 On Tue, Jan 13, 2015 at 12:28 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Etzion, just a question: Amos 0 if you can customise your instance
 to be very very light, - what do you mean by that?

 Your description is close to what I have in mind.

 As for the changing IP address - this can be easily overcome using
 Elastic IP and/or no-ip.com and friends.

 Thanks,

 --Amos

 On 13 January 2015 at 08:11, Etzion Bar-Noy eza...@tournament.org.il
 wrote:

 Except that NUC costs about 700+ ILS (I have three. I know. This is
 the Celeron version).
 Amos 0 if you can customise your instance to be very very light, and
 it can startup in about 15 seconds or so, it is acceptable to have it
 on-demand. You can wrap it in a script (using AWS API and tools) to just
 start it up. Since it will be about 15 seconds boot/startup time, you 
 will
 find that very economical, and very simple to achieve. In any case,
 considering your requirements, this does seem to be the most simple and
 easy solution. Note that your IP *will* change each time you start
 your instance, so your API interface should also tell you what's the IP
 address of the machine (or you could use some no-dns service, but it will
 probably be slower).

 Etzion

 On Mon, Jan 12, 2015 at 8:57 PM, E.S. Rosenberg 
 esr+linux...@g.jct.ac.il wrote:

 I don't know what type of load JIRA presents but for low load
 private stuff a raspberrypi or something similar (for heavier but still
 fairly 'light' stuff maybe an Intel NUC system or a mini-itx system) at
 home + noip/dyndns or some other form of locating it by yourself can be
 more then enough

 2015-01-08 11:37 GMT+02:00 Amos Shapira amos.shap...@gmail.com:

 I was thinking about running it on my own laptop, and perhaps I
 will.

 But that would mean leaving it on around the clock which I don't
 want to (I'm very conscious of power consumption, both economically and
 environmentally), and I don't carry it with me most of the time but 
 would
 like to have access to my server from both my mobile and workplace.

 On 8 January 2015 at 19:59, Vitaly li...@karasik.org wrote:

 Amos,
 IMHO, it's not technical, but more  human issue. For example, as
 far as you decide that you need Jira every last day of month, you can
 launch instance automatically.
 But typically Jira usage is more random

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Thanks Etzion.

Yes you are on the same track as me.

An unmapped Elastic IP will cost $3.65/month, which is a significant amount
in comparison to the numbers I'm looking at skimming, so you are probably
right about using a no-ip address.

Finding the instance IP is a matter of a trivial curl call to the right
URL, and no-ip can just use the current update requests source address
automatically anyway.

The next step would be to automatically identify idleness of the
application for automatic shut down.

Would people in the audience here see themselves using such a service (to
fire up your server) if it was offered?

--Amos


On 15 January 2015 at 09:38, Etzion Bar-Noy eza...@tournament.org.il
wrote:

 Hi Amos.
 It means you make use of an instance which is very quick to load. Removing
 non-esential services, or postponing them to after Jira starts, using a
 lightweight system, etc. If you can remove boot-time hogs, you can reach a
 fast-booting system. A script using Amazon API will prepare it for you.
 I wouldn't use the elastic IP because of its price (I get the feeling you
 seek something cheap). no-ip.com or other no-dns services could do the
 trick, except that the VM in Amazon network is unaware of its external IP
 (you might be able to query that using the API, BTW), and that it might
 take a few minutes (one, maybe more) before you could connect to the
 machine, because their update might no be immediate.
 Other than that - seems fine.

 Etzion

 On Tue, Jan 13, 2015 at 12:28 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Etzion, just a question: Amos 0 if you can customise your instance to
 be very very light, - what do you mean by that?

 Your description is close to what I have in mind.

 As for the changing IP address - this can be easily overcome using
 Elastic IP and/or no-ip.com and friends.

 Thanks,

 --Amos

 On 13 January 2015 at 08:11, Etzion Bar-Noy eza...@tournament.org.il
 wrote:

 Except that NUC costs about 700+ ILS (I have three. I know. This is the
 Celeron version).
 Amos 0 if you can customise your instance to be very very light, and it
 can startup in about 15 seconds or so, it is acceptable to have it
 on-demand. You can wrap it in a script (using AWS API and tools) to just
 start it up. Since it will be about 15 seconds boot/startup time, you will
 find that very economical, and very simple to achieve. In any case,
 considering your requirements, this does seem to be the most simple and
 easy solution. Note that your IP *will* change each time you start your
 instance, so your API interface should also tell you what's the IP address
 of the machine (or you could use some no-dns service, but it will probably
 be slower).

 Etzion

 On Mon, Jan 12, 2015 at 8:57 PM, E.S. Rosenberg 
 esr+linux...@g.jct.ac.il wrote:

 I don't know what type of load JIRA presents but for low load private
 stuff a raspberrypi or something similar (for heavier but still fairly
 'light' stuff maybe an Intel NUC system or a mini-itx system) at home +
 noip/dyndns or some other form of locating it by yourself can be more then
 enough

 2015-01-08 11:37 GMT+02:00 Amos Shapira amos.shap...@gmail.com:

 I was thinking about running it on my own laptop, and perhaps I will.

 But that would mean leaving it on around the clock which I don't want
 to (I'm very conscious of power consumption, both economically and
 environmentally), and I don't carry it with me most of the time but would
 like to have access to my server from both my mobile and workplace.

 On 8 January 2015 at 19:59, Vitaly li...@karasik.org wrote:

 Amos,
 IMHO, it's not technical, but more  human issue. For example, as
 far as you decide that you need Jira every last day of month, you can
 launch instance automatically.
 But typically Jira usage is more random, so I don't think  there is
 technical solution exist.
 If you're the only Jira user, why don't run it from your own computer
 for free?

 And, BTW, AWS reserved instances allow you to modify everything; plus
 up-front pay isn't must anymore.

 regards,
 Vitaly

 On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Yes I'm well aware of the RI option. It can save up to %70 for
 high-load (i.e. machines which are up 24/7), but much less saving 
 compared
 to something that you can keep bringing up and down on demand.
 Also the up-front cost is not cheap, and commits you to that type of
 instance (as far as I remember, you can't buy switch or upgrade an RI 
 slot,
 what's paid is paid).

 On 8 January 2015 at 12:47, Aviram Jenik avi...@jenik.com wrote:

 I'm not an AWS expert and would love to hear from those who are.
 But we do have a few (dozen) instances on AWS.

 We have them running 24/7. I get that you could start and stop on
 demand, but don't get how you would do that without changing the way 
 you
 work in a drastic way (compared to a physical machine). To save costs, 
 buy
 a 'reserved instance'. You are paying up front for 1-3 years (I

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Etzion, just a question: Amos 0 if you can customise your instance to be
very very light, - what do you mean by that?

Your description is close to what I have in mind.

As for the changing IP address - this can be easily overcome using Elastic
IP and/or no-ip.com and friends.

Thanks,

--Amos

On 13 January 2015 at 08:11, Etzion Bar-Noy eza...@tournament.org.il
wrote:

 Except that NUC costs about 700+ ILS (I have three. I know. This is the
 Celeron version).
 Amos 0 if you can customise your instance to be very very light, and it
 can startup in about 15 seconds or so, it is acceptable to have it
 on-demand. You can wrap it in a script (using AWS API and tools) to just
 start it up. Since it will be about 15 seconds boot/startup time, you will
 find that very economical, and very simple to achieve. In any case,
 considering your requirements, this does seem to be the most simple and
 easy solution. Note that your IP *will* change each time you start your
 instance, so your API interface should also tell you what's the IP address
 of the machine (or you could use some no-dns service, but it will probably
 be slower).

 Etzion

 On Mon, Jan 12, 2015 at 8:57 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il
 wrote:

 I don't know what type of load JIRA presents but for low load private
 stuff a raspberrypi or something similar (for heavier but still fairly
 'light' stuff maybe an Intel NUC system or a mini-itx system) at home +
 noip/dyndns or some other form of locating it by yourself can be more then
 enough

 2015-01-08 11:37 GMT+02:00 Amos Shapira amos.shap...@gmail.com:

 I was thinking about running it on my own laptop, and perhaps I will.

 But that would mean leaving it on around the clock which I don't want to
 (I'm very conscious of power consumption, both economically and
 environmentally), and I don't carry it with me most of the time but would
 like to have access to my server from both my mobile and workplace.

 On 8 January 2015 at 19:59, Vitaly li...@karasik.org wrote:

 Amos,
 IMHO, it's not technical, but more  human issue. For example, as far
 as you decide that you need Jira every last day of month, you can launch
 instance automatically.
 But typically Jira usage is more random, so I don't think  there is
 technical solution exist.
 If you're the only Jira user, why don't run it from your own computer
 for free?

 And, BTW, AWS reserved instances allow you to modify everything; plus
 up-front pay isn't must anymore.

 regards,
 Vitaly

 On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Yes I'm well aware of the RI option. It can save up to %70 for
 high-load (i.e. machines which are up 24/7), but much less saving compared
 to something that you can keep bringing up and down on demand.
 Also the up-front cost is not cheap, and commits you to that type of
 instance (as far as I remember, you can't buy switch or upgrade an RI 
 slot,
 what's paid is paid).

 On 8 January 2015 at 12:47, Aviram Jenik avi...@jenik.com wrote:

 I'm not an AWS expert and would love to hear from those who are. But
 we do have a few (dozen) instances on AWS.

 We have them running 24/7. I get that you could start and stop on
 demand, but don't get how you would do that without changing the way you
 work in a drastic way (compared to a physical machine). To save costs, 
 buy
 a 'reserved instance'. You are paying up front for 1-3 years (I 
 recommend 3
 years) and then paying a very very low cost per hour. If your load is 
 low,
 buy the 'low load' machine to save even more costs (but then you pay hire
 fees if you cross the threshold). I don't know how this works well 
 enough -
 we always buy the 'high load' instance and buy them for 3 years; the 
 total
 average cost is equivalent to what we would have paid for the hosting and
 so the hardware is free.


 - Aviram



 On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Hi,

 Do people here keep EC2 instances running?
 Do you leave it running 24/7 or do you fire them up when you need
 them?

 I'd like to run my own EC2 instance running $10 Jira + $10
 Confluence (+$10 some extra useful add-ons) (to clarify - these are 
 one-off
 $10 for each product), but can't justify running a $30/month small EC2 
 (and
 perhaps more, Jira alone requires 1.5-2GB of RAM) just to be used at 
 most a
 few hours a month if not less.

 But logging in to the console to fire it up (or through aws cli, or
 using an Android based app) every time I want to access it also would be
 inconvenient.

 So is there another way?

 Thanks,

 --Amos


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --
 http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --
 http://au.linkedin.com/in/gliderflyer

Re: Skimping on AWS EC2 bills

[Amos Shapira]

I own a Solid-Run Cubox-i4Pro with a couple of GB of RAM and 4 ARMv7 cores
and run OpenELEC on it. I don't think that running Jira + Confluence (each
requiring its own JVM) is practical on this hardware, in parallel to the
other things I use it for.

On 13 January 2015 at 05:57, E.S. Rosenberg esr+linux...@g.jct.ac.il
wrote:

 I don't know what type of load JIRA presents but for low load private
 stuff a raspberrypi or something similar (for heavier but still fairly
 'light' stuff maybe an Intel NUC system or a mini-itx system) at home +
 noip/dyndns or some other form of locating it by yourself can be more then
 enough

 2015-01-08 11:37 GMT+02:00 Amos Shapira amos.shap...@gmail.com:

 I was thinking about running it on my own laptop, and perhaps I will.

 But that would mean leaving it on around the clock which I don't want to
 (I'm very conscious of power consumption, both economically and
 environmentally), and I don't carry it with me most of the time but would
 like to have access to my server from both my mobile and workplace.

 On 8 January 2015 at 19:59, Vitaly li...@karasik.org wrote:

 Amos,
 IMHO, it's not technical, but more  human issue. For example, as far
 as you decide that you need Jira every last day of month, you can launch
 instance automatically.
 But typically Jira usage is more random, so I don't think  there is
 technical solution exist.
 If you're the only Jira user, why don't run it from your own computer
 for free?

 And, BTW, AWS reserved instances allow you to modify everything; plus
 up-front pay isn't must anymore.

 regards,
 Vitaly

 On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Yes I'm well aware of the RI option. It can save up to %70 for
 high-load (i.e. machines which are up 24/7), but much less saving compared
 to something that you can keep bringing up and down on demand.
 Also the up-front cost is not cheap, and commits you to that type of
 instance (as far as I remember, you can't buy switch or upgrade an RI slot,
 what's paid is paid).

 On 8 January 2015 at 12:47, Aviram Jenik avi...@jenik.com wrote:

 I'm not an AWS expert and would love to hear from those who are. But
 we do have a few (dozen) instances on AWS.

 We have them running 24/7. I get that you could start and stop on
 demand, but don't get how you would do that without changing the way you
 work in a drastic way (compared to a physical machine). To save costs, buy
 a 'reserved instance'. You are paying up front for 1-3 years (I recommend 
 3
 years) and then paying a very very low cost per hour. If your load is low,
 buy the 'low load' machine to save even more costs (but then you pay hire
 fees if you cross the threshold). I don't know how this works well enough 
 -
 we always buy the 'high load' instance and buy them for 3 years; the total
 average cost is equivalent to what we would have paid for the hosting and
 so the hardware is free.


 - Aviram



 On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Hi,

 Do people here keep EC2 instances running?
 Do you leave it running 24/7 or do you fire them up when you need
 them?

 I'd like to run my own EC2 instance running $10 Jira + $10 Confluence
 (+$10 some extra useful add-ons) (to clarify - these are one-off $10 for
 each product), but can't justify running a $30/month small EC2 (and 
 perhaps
 more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
 hours a month if not less.

 But logging in to the console to fire it up (or through aws cli, or
 using an Android based app) every time I want to access it also would be
 inconvenient.

 So is there another way?

 Thanks,

 --Amos


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --
 http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --
 http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Skimping on AWS EC2 bills

[Amos Shapira]

I was thinking about running it on my own laptop, and perhaps I will.

But that would mean leaving it on around the clock which I don't want to
(I'm very conscious of power consumption, both economically and
environmentally), and I don't carry it with me most of the time but would
like to have access to my server from both my mobile and workplace.

On 8 January 2015 at 19:59, Vitaly li...@karasik.org wrote:

 Amos,
 IMHO, it's not technical, but more  human issue. For example, as far as
 you decide that you need Jira every last day of month, you can launch
 instance automatically.
 But typically Jira usage is more random, so I don't think  there is
 technical solution exist.
 If you're the only Jira user, why don't run it from your own computer for
 free?

 And, BTW, AWS reserved instances allow you to modify everything; plus
 up-front pay isn't must anymore.

 regards,
 Vitaly

 On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Yes I'm well aware of the RI option. It can save up to %70 for high-load
 (i.e. machines which are up 24/7), but much less saving compared to
 something that you can keep bringing up and down on demand.
 Also the up-front cost is not cheap, and commits you to that type of
 instance (as far as I remember, you can't buy switch or upgrade an RI slot,
 what's paid is paid).

 On 8 January 2015 at 12:47, Aviram Jenik avi...@jenik.com wrote:

 I'm not an AWS expert and would love to hear from those who are. But we
 do have a few (dozen) instances on AWS.

 We have them running 24/7. I get that you could start and stop on
 demand, but don't get how you would do that without changing the way you
 work in a drastic way (compared to a physical machine). To save costs, buy
 a 'reserved instance'. You are paying up front for 1-3 years (I recommend 3
 years) and then paying a very very low cost per hour. If your load is low,
 buy the 'low load' machine to save even more costs (but then you pay hire
 fees if you cross the threshold). I don't know how this works well enough -
 we always buy the 'high load' instance and buy them for 3 years; the total
 average cost is equivalent to what we would have paid for the hosting and
 so the hardware is free.


 - Aviram



 On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Hi,

 Do people here keep EC2 instances running?
 Do you leave it running 24/7 or do you fire them up when you need them?

 I'd like to run my own EC2 instance running $10 Jira + $10 Confluence
 (+$10 some extra useful add-ons) (to clarify - these are one-off $10 for
 each product), but can't justify running a $30/month small EC2 (and perhaps
 more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
 hours a month if not less.

 But logging in to the console to fire it up (or through aws cli, or
 using an Android based app) every time I want to access it also would be
 inconvenient.

 So is there another way?

 Thanks,

 --Amos


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --
 http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Skimping on AWS EC2 bills

[Amos Shapira]

Hi,

Do people here keep EC2 instances running?
Do you leave it running 24/7 or do you fire them up when you need them?

I'd like to run my own EC2 instance running $10 Jira + $10 Confluence (+$10
some extra useful add-ons) (to clarify - these are one-off $10 for each
product), but can't justify running a $30/month small EC2 (and perhaps
more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
hours a month if not less.

But logging in to the console to fire it up (or through aws cli, or using
an Android based app) every time I want to access it also would be
inconvenient.

So is there another way?

Thanks,

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Yes I'm well aware of the RI option. It can save up to %70 for high-load
(i.e. machines which are up 24/7), but much less saving compared to
something that you can keep bringing up and down on demand.
Also the up-front cost is not cheap, and commits you to that type of
instance (as far as I remember, you can't buy switch or upgrade an RI slot,
what's paid is paid).

On 8 January 2015 at 12:47, Aviram Jenik avi...@jenik.com wrote:

 I'm not an AWS expert and would love to hear from those who are. But we do
 have a few (dozen) instances on AWS.

 We have them running 24/7. I get that you could start and stop on demand,
 but don't get how you would do that without changing the way you work in a
 drastic way (compared to a physical machine). To save costs, buy a
 'reserved instance'. You are paying up front for 1-3 years (I recommend 3
 years) and then paying a very very low cost per hour. If your load is low,
 buy the 'low load' machine to save even more costs (but then you pay hire
 fees if you cross the threshold). I don't know how this works well enough -
 we always buy the 'high load' instance and buy them for 3 years; the total
 average cost is equivalent to what we would have paid for the hosting and
 so the hardware is free.


 - Aviram



 On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Hi,

 Do people here keep EC2 instances running?
 Do you leave it running 24/7 or do you fire them up when you need them?

 I'd like to run my own EC2 instance running $10 Jira + $10 Confluence
 (+$10 some extra useful add-ons) (to clarify - these are one-off $10 for
 each product), but can't justify running a $30/month small EC2 (and perhaps
 more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
 hours a month if not less.

 But logging in to the console to fire it up (or through aws cli, or using
 an Android based app) every time I want to access it also would be
 inconvenient.

 So is there another way?

 Thanks,

 --Amos


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Linux on Android related question

[Amos Shapira]

Just a few weeks ago I read (I think on DarkReading) that there are many
cheap phones which come with malware built in. I google'd for this when I
found this link:

http://researchcenter.paloaltonetworks.com/2014/12/coolreaper-revealed-backdoor-coolpad-android-devices/

Bottom line - avoid these devices, and if already got them then see whether
you can wipe them out completely and replace with an open ROM like
CyanogenMod (http://www.cyanogenmod.org/) or others
(http://www.needrom.com/category/coolpad/)

On 27 December 2014 at 00:54, David Harel harel...@gmail.com wrote:

 Greetings'

 I have an Android/Linux related question here. I hope I am not out of line
 in this request for help.

 My son purchased an Android phone in China (against my recommendation).
 It's a phone by Coolpad the module is 7620l
 Apparently the Android installation for Chinese is different than what we
 are used to get in Western countries. No Google account, no Google play
 store and it seems that all network activities went through China (for
 inspection?, really slow on network activity).
 It took me a while to find English Rom for it and then some time to root
 it (temporarily - will explain later).
 Now I got Google account and other Western stuff but still:
 1. Root is removed after reboot
 2. Google play services crashes and so does the address book sync
 operation.

 Looking at the article: http://elinux.org/Android_Booting
 my questions:
 1. Any idea where I can find strace for Android (based on Arm CPU)
 2. Can I go into Console mode ? In case I fiddle with init*.rc scripts
 and break the OS (for manual recovery of those scripts).
 3. The su command (and copies of it that had SUID bit set on it) were
 deleted during boot. Any idea what could have done that?
 4. Any idea what cold make the google play services get killed every time?

 Thanks
 David Harel
 Amuka

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Recommendations for drive recovery

[Amos Shapira]

Mounting the partition could add a lot of unnecessary disk access and could
hang the system.

It's true that scanning the whole partition accesses every block on it as
opposed to the filesystem code knowing where the data really is, but the OP
seemed to suggest that the partition is pretty full, so a read will require
access to most blocks anyway.

Also a full image of the filesystem makes it easier to test multiple ways
to recover data, for instance - make a copy of the rescued partition image
then try difference fsck's and executions of PhotoRec (
http://www.cgsecurity.org/wiki/PhotoRec).


On 24 December 2014 at 02:31, E.S. Rosenberg esr+linux...@g.jct.ac.il
wrote:

 I have used the same trick with success at least once, it working does
 depend on the type of failure but yours sounds like the type that would
 work, in my case I think I even mounted the partitions and just copied the
 data. (rsync iirc)

 2014-12-22 12:26 GMT+02:00 Amos Shapira amos.shap...@gmail.com:

 I once helped a friend in a similar situation (family photos and
 documents on a dying disk without backups).

 I followed broadly the following procedure:
 1. Put the disk in an airtight plastic bag (reason - to avoid humidity
 getting in during the following steps).
 2. Put in the freezer for an hour.
 3. Remove from freezer and leave inside the bag for a few minutes (again
 - to minimise risk of condensation).
 4. remove from the bag, make sure no condensation builds up on it, wrap
 in a kitchen towel (it was Sydney summer, so high temps and humid, though
 not like Tel-Aviv summer). The idea was to keep any humidity away.
 4. Put it on a block of icepack, and another icepack on top of it.
 5. Connect it to a comp through an external USB box
 6. GNU ddrescue (don't confuse with the non-GNU implementation). It can
 keep track of where it got to in a previous run so you can pick up from
 there.
 7. Rinse, repeat.

 It took 2-3 weeks of repeating this process but I managed to save all his
 data (I think it was half a tera or so) except a tiny part (single-digit
 kilobytes, I think).

 The extra twist was that it was a Mac HFS file system and he wanted the
 data accessible to Windows - Only Linux could be used to support both
 filesystem formats :)


 On 22 December 2014 at 16:15, Alon Barzilai a...@skylinesoft.com wrote:

  Hi,

 there is tic tac  ( http://www.tictac.co.il )
 and recover (http://recover.co.il)

 I used them both in the past. and they both offered good service, but
 this service is not cheap.
 tic tac ares in this field for longer time, but as I recall their price
 is higher than recover.

 Alon.



 On 12/21/2014 11:46 PM, Geoff Shang wrote:

 Hi,

 We have a 500 GB external USB drive that's about 5 or so years old
 (can't remember exactly when we got it).  It's now not spinning up
 propperly and we figure its days are numbered.

 Much of what is on it has not been backed up anywhere else (yes, I
 know).

 Is there somewhere I can take/send it to see if anything can be
 salvaged?

 Geoff.


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



 --
 http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Recommendations for drive recovery

[Amos Shapira]

I once helped a friend in a similar situation (family photos and documents
on a dying disk without backups).

I followed broadly the following procedure:
1. Put the disk in an airtight plastic bag (reason - to avoid humidity
getting in during the following steps).
2. Put in the freezer for an hour.
3. Remove from freezer and leave inside the bag for a few minutes (again -
to minimise risk of condensation).
4. remove from the bag, make sure no condensation builds up on it, wrap in
a kitchen towel (it was Sydney summer, so high temps and humid, though not
like Tel-Aviv summer). The idea was to keep any humidity away.
4. Put it on a block of icepack, and another icepack on top of it.
5. Connect it to a comp through an external USB box
6. GNU ddrescue (don't confuse with the non-GNU implementation). It can
keep track of where it got to in a previous run so you can pick up from
there.
7. Rinse, repeat.

It took 2-3 weeks of repeating this process but I managed to save all his
data (I think it was half a tera or so) except a tiny part (single-digit
kilobytes, I think).

The extra twist was that it was a Mac HFS file system and he wanted the
data accessible to Windows - Only Linux could be used to support both
filesystem formats :)


On 22 December 2014 at 16:15, Alon Barzilai a...@skylinesoft.com wrote:

  Hi,

 there is tic tac  ( http://www.tictac.co.il )
 and recover (http://recover.co.il)

 I used them both in the past. and they both offered good service, but this
 service is not cheap.
 tic tac ares in this field for longer time, but as I recall their price is
 higher than recover.

 Alon.



 On 12/21/2014 11:46 PM, Geoff Shang wrote:

 Hi,

 We have a 500 GB external USB drive that's about 5 or so years old (can't
 remember exactly when we got it).  It's now not spinning up propperly and
 we figure its days are numbered.

 Much of what is on it has not been backed up anywhere else (yes, I know).

 Is there somewhere I can take/send it to see if anything can be salvaged?

 Geoff.


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Adding external HDD to Raspberry Pi

[Amos Shapira]

Get a powered USB hub (i.e. a usb hub which also connects to a wall power
socket). I'm not familiar with RPi USB version but check for USB 3.0 vs.
2.0.

On 15 December 2014 at 06:07, Gabor Szabo ga...@szabgab.com wrote:

 Hmm, good question. The Raspberry does see the device when it is
 connected, so is it possible that it needs more
 power after later on?

 How can I check?

 If the problem is lack of current, how can I solve that? Can I put one of
 these usb hubs that also provide power between the two?

 Gabor

 On Sun, Dec 14, 2014 at 8:43 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il
 wrote:

 Are you providing the external HDD with sufficient electricity? The
 Raspberry is most likely not capable of providing enough current...

 2014-12-14 19:30 GMT+02:00 Gabor Szabo ga...@szabgab.com:

 So finally I install the Raspberry Pi I bought a few weeks ago and
 wanted to add an external HDD.
 I plugged in the external hard drive and /var/log/syslog printed the
 following:


 Dec 14 17:02:55 pi kernel: [  759.981949] usb 1-1.3: new high-speed USB
 device number 8 using dwc_otg

 Dec 14 17:02:55 pi kernel: [  760.163364] usb 1-1.3: New USB device
 found, idVendor=1058, idProduct=0820

 Dec 14 17:02:55 pi kernel: [  760.163398] usb 1-1.3: New USB device
 strings: Mfr=1, Product=2, SerialNumber=5

 Dec 14 17:02:55 pi kernel: [  760.163414] usb 1-1.3: Product: My
 Passport 0820

 Dec 14 17:02:55 pi kernel: [  760.163429] usb 1-1.3: Manufacturer:
 Western Digital

 Dec 14 17:02:55 pi kernel: [  760.163444] usb 1-1.3: SerialNumber:
 57583431413432454363833

 Dec 14 17:02:55 pi kernel: [  760.169522] usb-storage 1-1.3:1.0: USB
 Mass Storage device detected

 Dec 14 17:02:55 pi kernel: [  760.181935] scsi0 : usb-storage 1-1.3:1.0

 Dec 14 17:02:56 pi kernel: [  761.183065] scsi 0:0:0:0: Direct-Access
   WD   My Passport 0820 1012 PQ: 0 ANSI: 6

 Dec 14 17:02:56 pi kernel: [  761.187365] scsi 0:0:0:1: Enclosure
   WD   SES Device   1012 PQ: 0 ANSI: 6

 Dec 14 17:02:56 pi kernel: [  761.189473] sd 0:0:0:0: [sda] Spinning up
 disk...

 Dec 14 17:02:56 pi kernel: [  761.277106] sd 0:0:0:0: Attached scsi
 generic sg0 type 0

 Dec 14 17:02:56 pi kernel: [  761.278094] scsi 0:0:0:1: Attached scsi
 generic sg1 type 13


 But then when I try to run


 $ sudo fdisk /dev/sda

 I get

 fdisk: unable to open /dev/sda: No such device or address

 $ ls -l /dev/sda

 brw-rw---T 1 root floppy 8, 0 Dec 14 17:21 /dev/sda

 $ sudo fdisk -l

 only lists the sdcard


 The external disk is brand new and it has NTFS on it. I have not handled
 disk in linux for a long time, but a I recall I am supposed to use fdisk to
 partition it and then use mkfs.ext4 to format.


 So what am I missing here?


 Gabor




 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Mageia 4 - update delay

[Amos Shapira]

Also - what do you see in the logs?

On 7 December 2014 at 03:39, Shlomo Solomon shlomo.solo...@gmail.com
wrote:

 I tried running ps -A before clicking, a few times during the 4 minute
 wait and after the GUI started. I then used diff to compare. The only
 change I found during the wait was an additional kworker/2:0 (there
 were already over 20 kworker processes running). Could this be
 significant? I haven't yet run strace as you suggested.

 When the GUI started, I found a MageiaUpdate process and an additional
 drakrpm-update process (for a total of 2). I assume the first one is
 responsible for the periodic check if new updates are available.

 On Fri, 5 Dec 2014 00:10:06 +0200
 shimi linux...@shimi.net wrote:

  On Thu, Dec 4, 2014 at 8:06 PM, Shlomo Solomon
  shlomo.solo...@gmail.com wrote:
 
   Since upgrading from Mageia 3 to Mageia 4, when I get a
   notification that updates are available, I click on it but Software
   Package Update starts only after exactly a 4 minute delay.
  
   Any ideas why?
  
  
  
  Maybe it is waiting on some lock file? Package managers has this
  tendency...
 
  Does it really start after 4 minutes, or does it just start showing
  the UI after 4 minutes? See if new process has been created. If
  there's a new process, try to strace -f -p pid to see what it is
  waiting on (you probably want to suffix this command with
  [ update.strace 21 ] as the output will probably become quite
  large. Also you should run this as root if the process launched is
  not in your own UID)
 
  -- Shimi



 --
 Shlomo Solomon
 http://the-solomons.net
 Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Mageia 4 - update delay

[Amos Shapira]

Use strace -p pid -f -rT -o strace.out to see what the process and its
children spend time on.

On 7 December 2014 at 03:39, Shlomo Solomon shlomo.solo...@gmail.com
wrote:

 I tried running ps -A before clicking, a few times during the 4 minute
 wait and after the GUI started. I then used diff to compare. The only
 change I found during the wait was an additional kworker/2:0 (there
 were already over 20 kworker processes running). Could this be
 significant? I haven't yet run strace as you suggested.

 When the GUI started, I found a MageiaUpdate process and an additional
 drakrpm-update process (for a total of 2). I assume the first one is
 responsible for the periodic check if new updates are available.

 On Fri, 5 Dec 2014 00:10:06 +0200
 shimi linux...@shimi.net wrote:

  On Thu, Dec 4, 2014 at 8:06 PM, Shlomo Solomon
  shlomo.solo...@gmail.com wrote:
 
   Since upgrading from Mageia 3 to Mageia 4, when I get a
   notification that updates are available, I click on it but Software
   Package Update starts only after exactly a 4 minute delay.
  
   Any ideas why?
  
  
  
  Maybe it is waiting on some lock file? Package managers has this
  tendency...
 
  Does it really start after 4 minutes, or does it just start showing
  the UI after 4 minutes? See if new process has been created. If
  there's a new process, try to strace -f -p pid to see what it is
  waiting on (you probably want to suffix this command with
  [ update.strace 21 ] as the output will probably become quite
  large. Also you should run this as root if the process launched is
  not in your own UID)
 
  -- Shimi



 --
 Shlomo Solomon
 http://the-solomons.net
 Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backdoor?

[Amos Shapira]

There are various chrome tools, e.g. the Task Manager.

On 24 November 2014 at 07:45, Amichai Rotman amic...@iglu.org.il wrote:

 Hi All,

 I am trying to troubleshoot a bottleneck in my internet connection.

 I came across a few lines like these ones when I run 'netstat -ptW':

 tcp0  0 10.0.0.3:42239
  82-166-201-152.barak-online.net:http ESTABLISHED 5881/chrome
 tcp0  0 10.0.0.3:55224
  bzq-179-180-121.static.bezeqint.net:https ESTABLISHED 5881/chrome

 I was once connected to these ISPs, but not for some time

 I have Netgear DGN2200 v2 provided by Bezeq, running firmware
  V1.0.8.31_1.8.31.

 Does Bezeq and the ISPs open a backdoor in my router somehow?

 How can I find out exactly where I am connected and why?

 Thanks!

 Amichai


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: good free dynamic dns server ?

[Amos Shapira]

I did this for years until I broke down and paid the $16 for a year of
avoiding these.
On 9 Nov 2014 10:31, Erez D erez0...@gmail.com wrote:

 hi

 i am currently using no-ip.org as a free dynamic dns server for my home.
 however it has the annoying feature of sending me the following emails:
 Please confirm your hostname now or it will be deleted

 anyone knows of a good free dyndns server ?

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: How do I debug this (mailman)?

[Amos Shapira]

Either way, where are the logs?

what does lsof say?

On 12 October 2014 14:00, Shachar Shemesh shac...@shemesh.biz wrote:

  On 12/10/14 00:24, Daniel Shahaf wrote:

 Could that be caused by MX records for the list not yet pointing at the
 new host? i.e., perhaps the new mailman instance is not handling the list
 yet because MX records don't point at it (the new mailman instance). HTH
 Daniel

 It *could*, but I find it unlikely. The local MTA considers those domains
 to be local, and does local delivery for them. Also, mailman is not bound
 to only handle locally handled domains, so long as the emails reach it.

 Either way, where are the logs?

 Shachar

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: How do I debug this (mailman)?

[Amos Shapira]

mailman logs?
I mean - if the MTA doesn't say anything about this then perhaps the client
haven't sent anything?

On 10 October 2014 23:38, Shachar Shemesh shac...@shemesh.biz wrote:

  I'm trying to set up mailman on a new host (transferring my VPS to a new
 machine). This is running Debian. Mailman is set up, shows up in the web
 interface. I transferred the mailing list. I'm trying to send myself a
 password reminder, and nothing.

 The postfix logs don't show anything at all.
 /var/lib/mailman/qfils/virgin shows something that looks like the password
 reminder
 Nothing appears in my inbox.

 All tips on the internet say to look for the mailer's logs to find out
 what's wrong, but the mailer doesn't show any logs at all.

 Ideas?

 Shachar

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Daemontools intro

[Amos Shapira]

About a year ago I wrote a Puppet module to install and configure
daemontools services which we used very successfully at my previous
workplace. I got permission to open-source it but can't find it right now.
I'll try to dig it up when I get home.


On 25 September 2014 12:46, Steve Litt sl...@troubleshooters.com wrote:

 Hi all,

 I wrote this introduction to daemontools:

 http://www.troubleshooters.com/linux/djbdns/daemontools_intro.htm

 Enjoy!

 SteveT

 Steve Litt*  http://www.troubleshooters.com/
 Troubleshooting Training  *  Human Performance


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

better antenna for a USB DVB-T dongle?

[Amos Shapira]

Hi,

I'm asking here since I saw that quiet a few members here mentioned using
things like this in the past.

I bought a USB DVB dongle for my Cubox-I running OpenELEC (here is the item
on ebay: http://www.ebay.com.au/itm/251537079924) and although it's well
supported and the kernel recognises it without a hitch, scanning for
channels (both through tvheadend and command line w_scan) can't lock on any
channels.

I live less than 2 km from the antennas which broadcast to all of Sydney
(~80km radius service area).

According to the instructions at http://baratel.com/guides/mythTV.htm, the
internal antenna which comes with such dongles is worthless for more than
500m.

But the antenna input socket is not the standard wide one (e.g. like the
one you can see in this wikipedia image:
http://en.wikipedia.org/wiki/Coaxial_cable#mediaviewer/File:N_Connector.jpg)
but something that looks like 1 mm headphone jack with an itsy bitsy hole
in the middle.

Does anyone know how can I extend the reception for this baby?

I think of two main options:

1. Connect it to normal/common coaxial wall socket, so I can take
advantage of the antenna on the roof.
2. Buy a bigger internal antenna which can connect to this weird jack.

Any pointers would be appreciated.

Thanks,

--Amos
-- 
 http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: better antenna for a USB DVB-T dongle?

[Amos Shapira]

Thanks everyone for chipping in.

Once I learned the name of the connector (MCX) and based on this and
finding that the regular plug is called also Type N I found a pig
tail converter and ordered it (http://www.ebay.com.au/itm/121310526140).

Tomer - why wouldn't the roof antenna be useful. Is it about the TV signal
type? Antenna type? Or is it because I live so close to the transmitter
that you expect that the signal strength is not the issue?

BTW - so far I tested the dongle facing the transmitter almost directly -
next to the front balcony glass door, with perhaps only the balcony rail
blocking it from direct line of sight.

Cheers,

--Amos


On 27 July 2014 01:09, Tomer Cohen to...@gmx.net wrote:

 Roof antenna could not be very helpful in your case, but you can buy an
 active antenna or place the current one near a window. As for the antenna
 connector, you can buy a cheap adapter; I bought this one:
 http://www.dx.com/p/lwj-023-mcx-male-to-tv-female-antenna-adapter-cable-black-17-5cm-207418


 On Sat, Jul 26, 2014 at 2:00 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Hi,

 I'm asking here since I saw that quiet a few members here mentioned using
 things like this in the past.

 I bought a USB DVB dongle for my Cubox-I running OpenELEC (here is the
 item on ebay: http://www.ebay.com.au/itm/251537079924) and although it's
 well supported and the kernel recognises it without a hitch, scanning for
 channels (both through tvheadend and command line w_scan) can't lock on any
 channels.

 I live less than 2 km from the antennas which broadcast to all of Sydney
 (~80km radius service area).

 According to the instructions at http://baratel.com/guides/mythTV.htm,
 the internal antenna which comes with such dongles is worthless for more
 than 500m.

 But the antenna input socket is not the standard wide one (e.g. like the
 one you can see in this wikipedia image:
 http://en.wikipedia.org/wiki/Coaxial_cable#mediaviewer/File:N_Connector.jpg)
 but something that looks like 1 mm headphone jack with an itsy bitsy hole
 in the middle.

 Does anyone know how can I extend the reception for this baby?

 I think of two main options:

 1. Connect it to normal/common coaxial wall socket, so I can take
 advantage of the antenna on the roof.
 2. Buy a bigger internal antenna which can connect to this weird jack.

 Any pointers would be appreciated.

 Thanks,

 --Amos
 --
  http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
 Tomer Cohen
 http://tomercohen.com




-- 
http://au.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Amos Shapira]

On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote:

 Hi Erez,

 On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote:


 it is not even a dynamic ip, it is a private ip behind a dynamic one


 Then,  what Eliyahu wrote should serve you a perfect solution.

 Also, there's not much advantage in the point of hiding behind the
 security by obscurity method (i.e serve SSH at port 9000. or whichever).

 The increase to security by using  that method is in doubt - when taking
 under consideration  tools used by bad guys (and girls) nowadays .
 If you must do it, that's fine, but don't let it be a reason for not using
 much better methods, as Eliyahu suggested.


From personal experience - there is a huge advantage in picking a random
port for external SSH (and external HTTP). I always had port scanners on my
standard, dynamic ISP ADSL addresses until I moved them to different
non-standard ports. Since then my logs are clean, and I'm talking about
over 5 years of experience (I don't remember exactly when I did the switch).

This is of course not the only measure I take for security. I still treat
them as vulnerable etc. But after years of not having a single probe on the
new ports I have to say that it removed the threat of pretty much 100% of
the probes on my home network.

Perhaps they are more thorough on static ip addresses, known targets etc.,
but in my experience this is a very successful step.




 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Amos Shapira]

Whatever.

I'm speaking from personal experience that I didn't find this necessary.



On 22 July 2014 08:21, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 Any decent port scanner (nmap for instance) will find the SSH service
 regardless of the port its' on, while the likelihood of a firewall blocking
 access to random non-standard ports is very high.

 I use fail2ban to prevent brute forcing and generally also try to have
 some form of port knocking (knockd and fwknop are good options) to prevent
 initial access to the SSH server to unidentified machines.


 2014-07-22 1:11 GMT+03:00 Amos Shapira amos.shap...@gmail.com:

 On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote:

 Hi Erez,

 On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote:


 it is not even a dynamic ip, it is a private ip behind a dynamic one


 Then,  what Eliyahu wrote should serve you a perfect solution.

 Also, there's not much advantage in the point of hiding behind the
 security by obscurity method (i.e serve SSH at port 9000. or whichever).

  The increase to security by using  that method is in doubt - when
 taking under consideration  tools used by bad guys (and girls) nowadays .
 If you must do it, that's fine, but don't let it be a reason for not
 using much better methods, as Eliyahu suggested.


 From personal experience - there is a huge advantage in picking a random
 port for external SSH (and external HTTP). I always had port scanners on my
 standard, dynamic ISP ADSL addresses until I moved them to different
 non-standard ports. Since then my logs are clean, and I'm talking about
 over 5 years of experience (I don't remember exactly when I did the switch).

 This is of course not the only measure I take for security. I still treat
 them as vulnerable etc. But after years of not having a single probe on the
 new ports I have to say that it removed the threat of pretty much 100% of
 the probes on my home network.

 Perhaps they are more thorough on static ip addresses, known targets
 etc., but in my experience this is a very successful step.




 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
  [image: View my profile on LinkedIn]
 http://www.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backing up to encrypted Blu-rays

[Amos Shapira]

There's even no need for that - there are web sites for subtitles and all
media players I use (currently almost exclusively XBMC) will automatically
use the subtitles files if they find it next to the movie file (if it's
somewhere else then you can tell it where it is).
On 16 Jul 2014 07:31, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 I more recently stopped ripping my DVDs in favor of just downloading
 movies other people already encoded and only ripping the Hebrew dubs/subs
 and then joining the lot with mkvtoolnix.
 Saves hours of encoding work.

 2014-07-15 4:22 GMT+03:00 Steve Litt sl...@troubleshooters.com:

 Hi all,

 I just wrote the following documentation on backing up to encrypted
 Blu-rays:

 http://troubleshooters.com/lpm/201408/201408.htm

 When your backup discs are encrypted, offsite backups are much safer.
 Everything in the documentation applies equally to dvd backups.

 Hope you enjoy it.

 Thanks,

 SteveT

 Steve Litt*  http://www.troubleshooters.com/
 Troubleshooting Training  *  Human Performance


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [Call-for-Action] Indigogo Campaign for Putting Emma Watson Getting Interviewed for a Tech Job under CC-by

[Amos Shapira]

https://i.chzbgr.com/maxW500/1366510848/h28F3DD64/


On 11 July 2014 16:34, Shlomi Fish shlo...@gmail.com wrote:

 Hello Dan,

 thanks for clarifying your position. Let me reply.


 On Thu, Jul 10, 2014 at 8:16 PM, Dan Yasny dya...@gmail.com wrote:




 On Thu, Jul 10, 2014 at 1:00 PM, Shlomi Fish shlo...@gmail.com wrote:

 1. What makes you feel this is spam? I don't see it as unoslicited
 bulk E-mail.


 Any email sent to a list is bulk. And I didn't, in any way, solicit
 this Emma Watson bs, nor your pleas for funding or support.


 In this case, I may well as argue that a job offer for a Java Enterprise
 software developer with 5 years of experience in Java sent to this list is
 spam as well, because: 1. It's bulk. 2. I didn't solicit it nor am
 interested in it. But I don't argue that is the case.



 The very least you could do, out of common courtesy (I really hope you
 know what that is) is mark your email as offtopic, you know, like everyone
 in every other LUG does, with the [OT] marker in the subject?


 I don't feel it is offtopic. The fictional interview highlights several
 real problems with the software industry. Like I said earlier, some people
 get a knee-jerk reaction to fiction, but fiction is not only often an
 effective tool as writing an essay, but often superior. A lot of ink was
 spilled about how the concept of an Abrahamic God was harmful until this
 delivered a swift deathblow to it -
 http://www.roflcat.com/ceiling-cat-is-watching-you-masturbate .
 Furthermore, there was a significant risk that the USA will get carried
 away into unnecessary paranoia during the late 60s until Sesame Street
 started airing as a show depicting a happy, safe, carefree street where
 children live and have fun together with adults, animated animals and even
 cute furry monsters (!!).

 Nevertheless, I am willing to mark it as [Slightly OT].


 This way I, and anyone else not interested in anything but the technology
 this list is about, can filter it out, and let you keep spamming those who
 are for some reason interested.



 2. What makes you feel it kills a good and useful mailing list?


 As soon as a list(/community/forum/etc) turns into an offtopic promoting
 medium, the useful and productive community members leave. I've managed
 enough forums to see that happen.



 There may be a more significant risk of this list becoming overly dry, too
 inbred (see
 http://www.shlomifish.org/humour/fortunes/show.cgi?id=larry-wall-all-truth-is-gods-truh
 ), and too routine. We need to constantly seek external influences: from
 other operating systems, from other fields of knowledge, from popular and
 not so popular culture, from linguistics, history and humanities, from
 ancient sources, etc.

 Otherwise we risk stagnation. My post was not off-topic, just made use of
 some popular culture metaphors. Do you  agree?



 Vague complaints are vague. ;-)


 Nothing is vague here. This is off topic, your stories aren't
 interesting, aren't funny and would not belong in a LUG, even if they were.


 First of all you're stating these things as facts instead of saying I
 don't find them interesting, funny, etc. or IMHO, they are non funny.
 Like someone once told me In my opinion, it's a fact.. You'll evoke much
 less antagonism if you follow this guideline.

 For the record, quite a few people told me that they liked one or more of
 the things I wrote, and if you ask me - if one person besides me enjoyed my
 work - it was a spectacular success:

 https://plus.google.com/+ShlomiFish/posts/UdiPzsSGc66

 I don't mind writing a study / midrash of the Emma Watson interview story
 for those who are not familiar with its sources and subtleties, but many
 people liked it even without that.

 

 I hope I made myself clear. Please reply to the list if you have any
 further objections or comments.

 Best regards,

 -- Shlomi Fish

 --
 --
 Shlomi Fish http://www.shlomifish.org/

 Chuck Norris helps the gods that help themselves.

 Please reply to list if it's a mailing list post - http://shlom.in/reply .

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [Call-for-Action] Indigogo Campaign for Putting Emma Watson Getting Interviewed for a Tech Job under CC-by

[Amos Shapira]

On 10 July 2014 23:24, Dan Yasny dya...@gmail.com wrote:

 This is the kind of spam that kills an otherwise good and useful mailing
 list and community.


+1.




 On Thu, Jul 10, 2014 at 2:22 AM, Shlomi Fish shlo...@gmail.com wrote:

 Hi all,

 you can find the Indiegogo campaign here:

 *
 https://www.indiegogo.com/projects/emma-watson-tech-interview-story-make-ccby/x/8136150

 * https://twitter.com/shlomif/status/486970414610923520

 * https://www.facebook.com/shlomi.fish/posts/10152143825556981

 * https://plus.google.com/+ShlomiFish/posts/XSgj2fgYaZ1

 Reading from the links:

 
 Not only about that, but about allowing me to create such future artworks
 and essays, while becoming financially independent. I'm OK with getting a
 part time job, but I refuse to be a wage slave (and it's mentioned in the
 link).
 

 Please donate even if it's just a dollar or two, and please help spread
 the word, if you found my stories, aphorisms, articles and essays
 (including the blog/Twitter/G+/Facebook/Reddit/etc. posts) of inspiration
 and enlightenment. I want proof that there are good people in the world.

 Best regards,

 -- Shlomi Fish

 P.S: incidentally, some of the people who most needed to read the
 original screenplay (= the wage slaves) did not due to lack of time ,
 even though it was not long.

 --
 --
 Shlomi Fish http://www.shlomifish.org/

 Chuck Norris helps the gods that help themselves.

 Please reply to list if it's a mailing list post - http://shlom.in/reply
 .

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: bugzilla+postfix+email_in.pl

[Amos Shapira]

Sorry perhaps I forgot to reply all.

It should be easy (and encouraged) to put executables outside she docroot
tree.
On 23 Jun 2014 02:04, Oleg Goldshmidt p...@goldshmidt.org wrote:




 On Sun, Jun 22, 2014 at 6:46 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il
 wrote:

 ​

  # ls -l /var/www/bugzilla/email_in.pl
 -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/
 email_in.pl

 You are showing correct permissions on the file so I assume you also
 made sure that all the parent dirs are at least executable to the daemon?
  Regards,
 Eliyahu - אליהו


 ​This - and a similar comment from Amos sent privately (I think) - gave a
 clue. I have to chmod o+r all the files - and chmod o+rx all the
 directories - both above and below /var/www/bugzilla. After that (and
 installation of a number of perl modules from CPAN) I am getting emails.

 This is a hack and is not completely satisfying, because I really relaxed
 the permissions on /var/www and /bar/www/bugzilla, and I don't like it one
 single (permission) bit. I had thought that adding users postfix and bugs
 to the group that owns the hierarchy should be enough, but apparently isn't.

 I'll admit that my experience with Ubuntu and postfix is very limited - I
 am used to RH and sendmail. And I hadn't installed Bugzilla myself in this
 instance. Things look a bit weird.

 Thanks again, everyone!


 --
 Oleg Goldshmidt | p...@goldshmidt.org

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Satire: Emma Watson getting interviewed for a software development position

[Amos Shapira]

Please don't send this sort of stuff here.
On 19 Jun 2014 19:12, Shlomi Fish shlo...@gmail.com wrote:

 Hi all,

 in this URL:


 http://www.shlomifish.org/humour/bits/Emma-Watson-applying-for-a-software-dev-job/

 you can find a short satire titled “Emma Watson getting interviewed for a
 software development position” under the CC-by-sa licence.

 In case you don't know, Watson is
 https://en.wikipedia.org/wiki/Emma_Watson - a
 1990 born British actress and model, who rose to fame playing Hermione in
 the
 Harry Potter films, and [quoting from the Wikipedia page] «In October
 2013, she
 was voted Sexiest Female Movie Star in a worldwide poll conducted by Empire
 magazine.[7] In May 2014, BuzzFeed dubbed her the most flawless woman of
 the
 decade.».

 Now the question is: does she has what it takes to work as a Java
 Enterprise
 Software developer… ;-)

 I also quoted the plaintext version below. Share and enjoy!

 Regards,

 Shlomi Fish

 

 s id=EmWatson-interview-main title=Emma Watson getting interviewed for
 a software developer job.

 [
 This is satire and did not actually take place.

 The year is 2014. a href=https://en.wikipedia.org/wiki/Emma_Watson;Emma
 Watson/a - a British actress who rose to fame after playing Hermione
 Granger
 in the Harry Potter films - just graduated from Brown University with a
 degree
 in English Literature. She decides to take a break from acting and find a
 temporary job as a software developer. Here is an interview conducted with
 her.
 ]

 s id=EmWatson-interview-text title=Transcript

 Interviewer: Hello Ms. Watson, your résumé indicates that you are
 underqualified for a job here at Foobarbaznix Enterprise Software
 Enterprises,
 but we decided to give you a chance anyway. So why do you think we should
 hire
 you?

 EmWatson: Well, to be frank, I'm trying to get a lower-profile job now, to
 take a break after graduating from Brown University with a degree in
 English
 Literature, and I figured out learning how to code properly may prove to be
 a useful skill in this day and age.

 Interviewer: English Literature, eh? What makes you think you are better
 than
 all the Comp. Sci. grads we are hiring.

 EmWatson: Well, reportedly a href=
 https://en.wikipedia.org/wiki/Edsger_W._Dijkstra;Dijkstra/a
 said that good programming requires good writing and reading skills, and
 that
 he prefers hiring students of English and other humane subjects over
 students
 of Computer Science, Mathematics or Electrical Engineering, because they
 tend
 to write better code.

 Interviewer: So you've heard about Dijkstra, eh? GOTO Statement Considered
 Harmful!, hah, hah!

 EmWatson: Well, that “considered harmful” choice of title was unfortunate
 (and selected by Dijkstra’s editor), and he did not mean that GOTO should
 never be used. So please do not take take it as gospel.

 Interviewer: OK, back on topic: how much experience do you have in
 developing
 enterprise software?

 EmWatson: Not a lot, but I wrote some shell/Perl/Ruby/Python/etc. scripts,
 know
 how to make a good use of my smartphone and home computer, and have done
 some
 simple HTML, CSS and JavaScript / jQuery / etc. web pages, and I know the
 basics of how to use Git and GitHub (but I'm certainly not an expert in
 them).

 Interviewer: So you don't have 5 years of experience in developing Java
 enterprise software?

 EmWatson: I'm afraid not, sir.

 Interviewer: OK. Here's another thing: why do you wish to become a low-paid
 (for some values of low-paid) hired programmer, when it is well-known that
 you charge an obscene amount of money for each film you take part in?

 EmWatson: Well, to paraphrase on the old Hollywood adage: “There are no
 small jobs - only small workers.”. A good and resourceful person will make
 the best out of even the least esteemed job, like the fact that a good
 waitress or waitor are friendly, express interest in the customers, take
 their job seriously, are well-groomed, and show genuine interest in the
 business.

 EmWatson: While I wouldn't object to work at a restaurant or a different
 place that sells decent-or-better food, I think that I can learn much more
 by
 becoming a coder. And like I said - I need a break.

 Interviewer: I see… OK, next question, Ms. Watson: as you may well be aware
 of you starred in the 8 Harry Potter films, despite the fact that they were
 criticised as being bad. Why did you persist?

 EmWatson: Well, there are several reasons, but the main one is that for an
 actor, it is better to play well (or even not so well) in a bad film, than
 to not play at all. ”Publish or Perish”, like they say, which is also true
 for the Academia, and, as you may well know, for the software world.

 Interviewer: I see. Well we pride ourselves on releasing
 industrial-strength
 and high-quality enterprise software.

 EmWatson: I see. OK, I think I've heard enough. I'm not going to work for
 you
 even for a thousand million dollars per month. 

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

How do you configure zabbix outside its GUI? As far as I saw so far it's
not possible so you have to point and click your way through its gui.
Most of what I wrote against nagios is relevant to Zabbix as well - central
server etc.
On 16 Jun 2014 17:49, Rabin Yasharzadehe ra...@rabin.io wrote:

 I can recommend Zabbix, I was never used it on a large network (~30 server
 most), but i was happy with it.

 - you can set the monitoring interval for each item (from 1s - days)
 - samples are stored in the DB, and graphs are plotted only when you need
 them
 - have a build in support for SMS and Jabber message alerts.
 - works with agent, but also works with SNMP and scripts you can writes.

 note that you'll need to provide enough storage for it.
 (i think they have the formula or a calculator in there website, which you
 can use to calculate the storage you'll need )


 *--Rabin*


 On Mon, Jun 16, 2014 at 2:12 AM, Ori Berger linux...@orib.net wrote:

 I'm looking for a single system that can track all of a remote server's
 health and performance status, and which stores a detailed
 every-few-seconds history. So far, I haven't found one comprehensive system
 that does it all; also, triggering alarms in bad situations (such as no
 disk space, etc). Things I'm interested in (in parentheses - how I track
 them at the moment. Note shinken is a nagios-compatible thing).

 Free disk space (shinken)
 Server load (shinken)
 Debian package and security updates  (shinken)
 NTP drift (shinken)
 Service ping/reply time (shinken)
 Upload/download rates per interface (mrtg)
 Temperatures (sensord, hddtemp)
 Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log
 files)

 I have a few tens of servers to monitor, which I would like to do with
 one software and one console. Those servers are not all physically on the
 same network, nor do they have a VPN (so, no UDP) but tcp and ssh are
 mostly reliable even though they are low bandwidth.

 Please note that shinken (much like nagios) doesn't really give a good
 visible history of things it measures - only alerts; Also, it can't really
 sample things every few seconds - the lowest reasonable update interval
 (given shinken's architecture) is ~5 minutes for the things it measures
 above.

 Any recommendations?

 Thanks in advance,
 Ori

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

On 16 June 2014 19:11, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 Amos - can you add a TL;DR about your mail?


Nagios and its ilk are not scalable or efficient, resulting in very complex
setup and too slow event discovery.
Zabbix is not a good fit if you want to have an automatic setup using
things like Puppet.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

For a start, it looks like you put both trending and alerting in one
basket. I'd keep them separate though alerting based on collected trending
data is useful (e.g. don't alert just when a load threshold is crossed but
only if the trending average for the part X minutes is above the threshold,
or even only if it's derivative shows that it's not going to get better
soon enough).

See http://fractio.nl/2013/03/25/data-failures-compartments-pipelines/ for
high level theory about monitoring pipelines, and a bit of a pitch for
Flapjack (and start by reading the first link from it). Lindsay is a very
eloquent speaker and author in general and fun to watch and read.

Bottom line from the above - I'm currently not aware of a single silver
bullet to do everything you need for proper monitoring.

Last time I had to setup such a system (monitoring hundreds of servers for
trends AND alerts) I used:
1. collectd (https://collectd.org/) for trending data - it can sample
things down to once a second if you want
2. statsd (https://github.com/etsy/statsd/) for event counting (e.g. every
time a Bamboo build plan started or stopped, or failed or succeeded, or
other such events happend, an event was shot over to statsd to coalace and
ship over to graphite). nice overview:
http://codeascraft.com/2011/02/15/measure-anything-measure-everything/
3. both of the above send data to graphite (
https://github.com/graphite-project)
4. To track things like upgraded Bamboo events, we used tricks like
http://codeascraft.com/2010/12/08/track-every-release/. I since then
learned about another project to help stick extra data with events (e.g.
the version that Bamboo was upgraded to), but I can't find it right now.

Here is a good summary with Graphite tips:
http://kevinmccarthy.org/blog/2013/07/18/10-things-i-learned-deploying-graphite/

Alerts were generated by opsview (stay away from it, it was a mistake),
which is yet another Nagios wrapper, many of the checks were based on
reading the Graphite data whenever it was available (
https://github.com/olivierHa/check_graphite), but many also with plain old
nrpe (e.g. is the collectd/bamboo/apache/mysql/postgres/whatever process
still running?).

I don't like nagios specifically and its centralization in general (which
affects all other nagios replacement impolementations) and would rather
look for something else, perhaps Sensu (http://sensuapp.org/), though it
wasn't ready last time I evaluated it about a year ago.

My main beef with Nagios and the other central monitoring systems is that
there is a central server which orchestrates most of the monitoring. This
means that:
1. There is one server which has to go through all the checks on all
monitored servers in each iteration to trigger a check. With hundreds of
servers and thousands of checks this could take a very long time. It could
be busy checking whether the root filesystem on a throw-away bamboo agent
is full (while the previous check showed that it's far from that) while
your central Maven repository is burning for a few minutes. And it wouldn't
help to say check Maven repo more often because it'll be like the IBM vs.
DEC boat race - row harder! (
http://www.panix.com/~clp/humor/computers/programming/dec-ibm.html).
2. That server is a single point of failure, or you have to start using
complex clustering solutions to keep it (and only one of it!) up - no
parallel servers.
3. This server has to be very beefy to keep up with all the checks AND
serve the results. In one of my former workplaces (second largest
Australian ISP at the time) there was a cluster of four such servers with
the checks carefully spread among them. Updating the cluster configuration
was a delicate business and keeping them up wasn't pleasant and still it
was very slow to serve the web interface.
4. The amount of traffic and load on the network and monitored servers is
VERY wasteful - open TCP for each check, fork/exec via the NRPE agent,
process exit, collect results, rinse, repeat, millions of times a day.

Nagios doesn't encourage what it calls passive monitoring (i.e. the
monitored servers initiate checks and send results, whether positive or
negative, to a central server) and in general its protocol (NRPE) means
that the central monitoring data collector is a bottleneck.

Sensu, on the other hand, works around this by encouraging more passive
monitoring, i.e. each monitored server is responsible to monitor itself
without the overhead of a central server doing the rounds and loading the
network, it uses RabbitMQ message bus so its data transport and collection
servers are more scalable (it also supports multiple servers), and it's OK
with not sending anything if there is nothing to report (the system will
still has keepalive checks (http://sensuapp.org/docs/0.12/keepalives) to
monitor for nodes which went down).

But my favourite idea for scalability is the one presented in
http://linux-ha.org/source-doc/assimilation/html/index.html - each
monitored host is 

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

Another thing - while I was digging the Sydney DevOps meetups for a talk
about monitoring by a dude from Google, I stumbled across a reference to
InfluxDB: http://influxdb.com/.



On 16 June 2014 10:49, Amos Shapira amos.shap...@gmail.com wrote:

 For a start, it looks like you put both trending and alerting in one
 basket. I'd keep them separate though alerting based on collected trending
 data is useful (e.g. don't alert just when a load threshold is crossed but
 only if the trending average for the part X minutes is above the threshold,
 or even only if it's derivative shows that it's not going to get better
 soon enough).

 See http://fractio.nl/2013/03/25/data-failures-compartments-pipelines/
 for high level theory about monitoring pipelines, and a bit of a pitch for
 Flapjack (and start by reading the first link from it). Lindsay is a very
 eloquent speaker and author in general and fun to watch and read.

 Bottom line from the above - I'm currently not aware of a single silver
 bullet to do everything you need for proper monitoring.

 Last time I had to setup such a system (monitoring hundreds of servers for
 trends AND alerts) I used:
 1. collectd (https://collectd.org/) for trending data - it can sample
 things down to once a second if you want
 2. statsd (https://github.com/etsy/statsd/) for event counting (e.g.
 every time a Bamboo build plan started or stopped, or failed or succeeded,
 or other such events happend, an event was shot over to statsd to coalace
 and ship over to graphite). nice overview:
 http://codeascraft.com/2011/02/15/measure-anything-measure-everything/
 3. both of the above send data to graphite (
 https://github.com/graphite-project)
 4. To track things like upgraded Bamboo events, we used tricks like
 http://codeascraft.com/2010/12/08/track-every-release/. I since then
 learned about another project to help stick extra data with events (e.g.
 the version that Bamboo was upgraded to), but I can't find it right now.

 Here is a good summary with Graphite tips:
 http://kevinmccarthy.org/blog/2013/07/18/10-things-i-learned-deploying-graphite/

 Alerts were generated by opsview (stay away from it, it was a mistake),
 which is yet another Nagios wrapper, many of the checks were based on
 reading the Graphite data whenever it was available (
 https://github.com/olivierHa/check_graphite), but many also with plain
 old nrpe (e.g. is the collectd/bamboo/apache/mysql/postgres/whatever
 process still running?).

 I don't like nagios specifically and its centralization in general (which
 affects all other nagios replacement impolementations) and would rather
 look for something else, perhaps Sensu (http://sensuapp.org/), though it
 wasn't ready last time I evaluated it about a year ago.

 My main beef with Nagios and the other central monitoring systems is that
 there is a central server which orchestrates most of the monitoring. This
 means that:
 1. There is one server which has to go through all the checks on all
 monitored servers in each iteration to trigger a check. With hundreds of
 servers and thousands of checks this could take a very long time. It could
 be busy checking whether the root filesystem on a throw-away bamboo agent
 is full (while the previous check showed that it's far from that) while
 your central Maven repository is burning for a few minutes. And it wouldn't
 help to say check Maven repo more often because it'll be like the IBM vs.
 DEC boat race - row harder! (
 http://www.panix.com/~clp/humor/computers/programming/dec-ibm.html).
 2. That server is a single point of failure, or you have to start using
 complex clustering solutions to keep it (and only one of it!) up - no
 parallel servers.
 3. This server has to be very beefy to keep up with all the checks AND
 serve the results. In one of my former workplaces (second largest
 Australian ISP at the time) there was a cluster of four such servers with
 the checks carefully spread among them. Updating the cluster configuration
 was a delicate business and keeping them up wasn't pleasant and still it
 was very slow to serve the web interface.
 4. The amount of traffic and load on the network and monitored servers is
 VERY wasteful - open TCP for each check, fork/exec via the NRPE agent,
 process exit, collect results, rinse, repeat, millions of times a day.

 Nagios doesn't encourage what it calls passive monitoring (i.e. the
 monitored servers initiate checks and send results, whether positive or
 negative, to a central server) and in general its protocol (NRPE) means
 that the central monitoring data collector is a bottleneck.

 Sensu, on the other hand, works around this by encouraging more passive
 monitoring, i.e. each monitored server is responsible to monitor itself
 without the overhead of a central server doing the rounds and loading the
 network, it uses RabbitMQ message bus so its data transport and collection
 servers are more scalable (it also supports multiple servers), and it's OK

Re: advanced dhcpd.conf

[Amos Shapira]

Yup.
Or do what we did at my workplace and use puppet to maintain (and generate,
if needed) the configuration.
On 10 Jun 2014 05:33, shimi linux...@shimi.net wrote:

 On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote:

 no, i want:
 host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
 host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
 host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
 ...
 host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
 10.0.5.254 }


 If it doesn't work out...

 php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0',
 STR_PAD_LEFT). { hardware ethernet 00:11:22:33:44:.str_pad(dechex($id),
 2, '0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;'

 -- Shimi

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: self mail hosting

[Amos Shapira]

On 8 June 2014 21:38, Efraim Flashner efraim.flash...@gmail.com wrote:

 a bit more, but not so much.  I also have it running deluge, which
 crashes a little too often for me, so I have a cron job running to
 relaunch it if it crashes.  Fileserving works well.  I tried using it


Consider runit (http://smarden.org/runit/) - a supposedly better iteration
of daemontools (http://cr.yp.to/daemontools.html) - for process watchdog.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Amos Shapira]

Yes I think we got this. I'm not the OP bit I wonder what can an AP admin
do to configure it in a way which triggers this OS smarts on the client.
On 27 May 2014 07:16, Guy Gold guy1g...@gmail.com wrote:

 On Mon, May 26, 2014 at 4:51 AM, Erez D erez0...@gmail.com wrote:

 however, that not what i ment
 i was only asking how it generated a notification on my phone without
 me opening a browser


 Hi Erez,
 At the risk of needlessly reiterating some detail:

 In cases I've encountered, the alerts seemed to be  OS generated, (done by
 OS rather by the site/AP you connected to).
 Microsoft does the same thing with the additional credentials may be
 required pop-up on its Windows OS.

 The OS gets the fact that an IP address was acquired on an interface,
 but - no full 'www' access is available, rather an access to a single
 web-page (i.e a captive portal).  The alert is helpful for folks who assume
 that (IP address == www access) at any time, and try to place a skype call,
 or pull email, and get frustrated with 'it not working'.
 I've configured a Captive portal on a proprietary system, not long ago,
 for deployment, so I cannot be 100% sure if there's any type of messaging
 from the AP to the OS informing it that it's captivated, or, as I
 mentioned, the entire wisdom in within the OS' network stack.



 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: twisted and python3

[Amos Shapira]

I'm not a Python Guru (you might be better off asking on Python-specific
forums), but from both working on contributing to a twisted-based
application (carbon cache - https://github.com/graphite-project/carbon) and
from talking to at least one person about this framework, it seems that
it's too complicated and still too limited.

You could end up writing more code to work around twisted limitations than
if you wrote your own simple server using standard Python (e.g.
https://docs.python.org/2/library/socketserver.html,
http://www.codeproject.com/Articles/462525/Simple-HTTP-Server-and-Client-in-Python
).

My suggestion - beyond checking its status for the Python version you want,
have a spike (http://www.techopedia.com/definition/9503/spike) and see what
the code you come up with looks like and whether you like it.

--Amos


On 22 May 2014 20:11, Oleg Goldshmidt p...@goldshmidt.org wrote:


 ​Hi,

 Can anyone out there comment on the state of twisted on python3?

 We use python3, and we are considering twisted as a candidate platform to
 develop a server framework. We have not tried anything yet, just mulling
 possibilities at this point. While researching the topic multiple tidbits ​
 ​of concern came up, such as

 ​
 http://twisted.readthedocs.org/en/latest/projects/core/howto/python3.html

 http://twistedmatrix.com/trac/browser/tags/releases/twisted-14.0.0/twisted/python/dist3.py

 ​etc.

 If twisted in its current state is not well-supported on python3​
 ​ we would prefer to drop it as a candidate early and concentrate on other
 options. If problems are few and far between ​
 ​we will be willing to invest time in researching how much it will affect
 our development. Twisted is a big anaconda, and we are not likely to use
 more than some parts of it. This means that we'd like to​
 ​ learn of really disqualifying issues ASAP.

 Thanks a lot for any input,​


 --
 Oleg Goldshmidt | p...@goldshmidt.org

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Amos Shapira]

Most of the times when I use chroot, I usually do something a-la (from
memory):

for i in proc dev sys; do mount -o bind /$i /chrootdir/$i; done
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Upgrading Ubuntu from 12.04 to 14.04

[Amos Shapira]

Beyond the original specific question - upgrades like this should be tested
using a Vagrant box, preferably also using an automatic provisioning tool
like Puppet (my personal preference) or Chef (obligatory mention) and
automatic testing using things like Cucumber, Spec, ServerSpec or perhaps
other testing frameworks.

That way you can write the tests to verify your current setup and repeat
the verification after the update.

Also - once you have automatic provisioning and testing in place, you
should consider treating the servers as immutable, i.e. once they are setup
they are not upgraded in-place but rebuilt whenever such a large change is
required. This way you are sure that what you run is exactly what you
tested in your Vagrant environment and what will be re-installed in case of
a disaster.


On 15 May 2014 23:27, Efraim Flashner efraim.flash...@gmail.com wrote:

 I don't believe it is possible for a user to create a partition.  Of
 course that is more of a brain-fart on my part, because it's not so
 useful to your situation.  Gparted should be able to resize unmounted
 ext3/4 partitions, and from there you can create a new partition, copy
 your /home directory there and edit /etc/fstab to point to the new
 partition.

 I found these release notes:
 https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes, but it looks rather
 short, and doesn't mention django.  Fortunately django has its own release
 notes here: https://docs.djangoproject.com/en/1.6/releases/ which should
 help with the upgrade.

 Sorry I couldn't be more helpful, I've never used django.

 -Efraim


 On Thu, 15 May 2014 16:00:00 +0300
 Uri Even-Chen u...@speedy.net wrote:

  Thank you, it's a good idea. At work my home directory is not in a
  separate partition so it's not kept if I reinstall Ubuntu. Do you
  know how I can create a partition and move it to a separate partition?
 
  Uri Even-Chen
  Mobile Phone: +972-50-9007559
  E-mail: u...@speedy.net
  Speedy Net: http://www.speedy.net/
  Speedy Composer: http://www.speedycomposer.com/
 
 
 
  On Thu, May 15, 2014 at 3:46 PM, Ori Idan o...@helicontech.co.il
  wrote:
 
  
   On Thu, May 15, 2014 at 3:20 PM, Uri Even-Chen u...@speedy.net
   wrote:
  
   Hi people,
  
   I work at my job with Ubuntu 12.04 and we run Django 1.4.12
   locally with Python 2.7.3 and PostgreSQL. We want to upgrade
   Django from 1.4 to 1.6 and I also thought it would be a good idea
   to upgrade Python to 2.7.6 and maybe even 3, so I tried to upgrade
   Ubuntu to 14.04. But after I completed the upgrade, Django didn't
   work and I couldn't even run migrations (with South). I had to
   reinstall Ubuntu 12.04 and I lost all the files I had in my home
   directory (because I chose not to keep Ubuntu 14.04) except some
   files that I backed up. My questions are:
  
   1. What do we need to do in order for Django to work with Ubuntu
   14.04? 2. Why isn't it possible to reinstall Ubuntu 12.04 after
   upgrading to 14.04 and still keep all the files in my home
   directory, while not keeping all the other files (the operating
   system files)?
  
   Why do you think it is not possible?  I do it all the time.
   I  keep my home directory in a separate partition so when I upgrade
   (or downgrade) the OS the home directory stays the same.
  
   --
   Ori Idan
  
  



 --
 Efraim Flashner
 efraim.flash...@gmail.com 4096R/CA3D8351 created: 2013-10-08
 GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Amos Shapira]

How about ddrescue (the GNU one I think, there are multiple implementations
with same name) into an image file then try to fix the fs around the bad
sectors?


On 12 May 2014 18:46, Erez D erez0...@gmail.com wrote:

 Hi

 i need to clone a nand flash. which has ubifs on it

 doing 'dd' didn't work as the source and dest have different bad sectors.

 is there an easy way to clone a ubifs nand-flash ?


 thanks
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Amos Shapira]

Umm, thanks. I might try this connected to the cubox-i I plan to buy.
On 9 May 2014 17:16, Ori Berger linux...@orib.net wrote:

 On 05/08/2014 04:25 PM, Amos Shapira wrote:

 +1 for Smart Time Sync + ntp server.
 Now the perfectionist in me would still like to combine what it does
 with an NTP daemon reference clock :)


 Unless you already have an old smartphone that you want to keep for this
 use, look for a simple USB GPS receiver - between $20-$40 (I can see it now
 for $35 in Amazon http://www.amazon.com/GlobalSat-BU-353-S4-USB-
 Receiver-Black/dp/B008200LHW/ref=sr_1_1 ). Supported natively by ntpd 
 http://doc.ntp.org/4.2.4/drivers/driver20.html, uses less power, does
 not cook your brain, and slightly less useful for the NSA to spy on you
 with :)

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Amos Shapira]

Which software? Smart Tome Sync?
On 9 May 2014 18:02, geoffrey mendelson geoffreymendel...@gmail.com
wrote:


  Unless you already have an old smartphone that you want to keep for this
 use, look for a simple USB GPS receiver - between $20-$40 (I can see it now
 for $35 in Amazon http://www.amazon.com/GlobalSat-BU-353-S4-USB-
 Receiver-Black/dp/B008200LHW/ref=sr_1_1 ). Supported natively by ntpd 
 http://doc.ntp.org/4.2.4/drivers/driver20.html, uses less power, does
 not cook your brain, and slightly less useful for the NSA to spy on you
 with :)

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


 They only ship to the  US.

 Since the software we found runs on Android 2.1 up, it should be pretty
 easy to find a used phone for less than that or free.

 Geoff.

 --
 Geoffrey S. Mendelson 4X1GM/N3OWJ
 Jerusalem Israel.


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Amos Shapira]

Yeah I'm with you about taking advantage of the phone's GPS signal to get a
good clock, and I thought that this is what this time-server thing does.
What does it do if not that?

It's weird that nothing does it yet. Any takers?


On 7 May 2014 14:27, geoffrey mendelson geoffreymendel...@gmail.com wrote:

 On 5/5/2014 8:13 AM, Amos Shapira wrote:

 Please update here with the respons.

  It does not.

 This is in reference to an NTP server Android App being able to access the
 GPS hardware for time sync. Since most (all?) Android phones have GPS chips
 and Wifi, run Linux, etc, it would be a cheap way to get a stratum 1 time
 server without spending a lot of money.


 Geoff.

 --
 Geoffrey S. Mendelson 4X1GM/N3OWJ
 Jerusalem Israel.




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Amos Shapira]

I posted a question in
http://android.stackexchange.com/questions/68996/using-android-gps-as-ntp-refclock


On 8 May 2014 10:56, geoffrey mendelson geoffreymendel...@gmail.com wrote:

 On 5/8/2014 10:49 AM, Amos Shapira wrote:

 Yeah I'm with you about taking advantage of the phone's GPS signal to get
 a good clock, and I thought that this is what this time-server thing does.
 What does it do if not that?


 The one I saw was just an Android port of the standard NTP server, which
 syncs to other NTP servers.


 It's weird that nothing does it yet. Any takers?


 My opinion too.

 I'd settle for an RS232 serial emulation over USB of the old GPSs. :-)


 Geoff.

 --
 Geoffrey S. Mendelson 4X1GM/N3OWJ
 Jerusalem Israel.




-- 
 [image: View my profile on LinkedIn]
http://www.linkedin.com/in/gliderflyer
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il