Re: Creating a User with Access to a Single Command
That's not what you want. Please read about restricted shell. A working example: /etc/passwd: ariel:x:uid:gid::/home/ariel:/bin/rbash ls -l /bin/rbash lrwxrwxrwx 1 root root 4 Apr 10 2006 /bin/rbash - bash drwx-t 4 ariel mygroup 4096 Apr 1 22:50 /home/ariel ls -al ~ariel -r-xr-xr-x1 root root 688 Apr 7 2010 .profile -rw-r--r--1 root root 0 Apr 7 2010 .inputrc lrwxrwxrwx1 root root 8 Apr 7 2010 .bashrc - .profile lrwxrwxrwx1 root root 8 Apr 7 2010 .bash_profile - .profile -rw-r--r--1 root root 0 Apr 7 2010 .bash_logout lrwxrwxrwx1 root root 8 Apr 7 2010 .bash_login - .profile drwx--2 ariel mygroup 4096 Apr 23 2010 .ssh -rw---1 ariel mygroup 660 Apr 1 22:50 .Xauthority cat .profile #! /bin/rbash declare -r PS1='(myhost)' unset BASH_VERSION unset HISTFILE unset HISTFILESIZE unset HOSTTYPE unset MACHTYPE unset OSTYPE unset _INIT_PREV_LEVEL unset _INIT_RUN_LEVEL unset _INIT_RUN_NPREV unset _INIT_UTS_ISA unset _INIT_UTS_MACHINE unset _INIT_UTS_NODENAME unset _INIT_UTS_PLATFORM unset _INIT_UTS_RELEASE unset _INIT_UTS_SYSNAME unset _INIT_UTS_VERSION unset PATH unset MAIL unset MAILCHECK unset HISTFILESIZE unset HISTSIZE unset HZ unset PS2 unset PS4 declare -rx PATH=/usr/local/restricted declare -rx HOSTNAME=myhost.mydomain declare -rx TZ=Israel echo Welcome to gate. The following commands can be used: telnet, ssh. declare -rx HOME=~ = ls -l /usr/local/restricted lrwxrwxrwx 1 root root 12 Apr 10 2006 ssh - /usr/bin/ssh lrwxrwxrwx 1 root root 24 Mar 13 2006 telnet - /usr/kerberos/bin/telnet -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Linux has won!
On 04/03/2011 02:33 PM, Nadav Har'El wrote: Sorry for top posting. I think however that you're wrong. As a desktop platform, Linux has not won, and that was what your colleague was referring to. The fact Linux is embedded into many devices, and that some of them even present a UI to you is not irrelevant, Linux is indeed a platform that is uniquely adept for these devices (both in terms of stability, development and most probably in terms of licensing), however, he meant his desktop OS, and we're not there yet. --Ariel Today over lunch, a few of us were talking about Linux vs. Windows. Somebody said, among other things, that he prefers Windows because it is more popular. Then it dawned on me: We're so used to thinking that Linux is a niche OS that only 1% of the people use at home, that we (or at least I) missed the fact that this changed! Over the last few years, suddenly that is no longer true: Today there are probably more copies of Linux than Windows running in people's homes! Why am I saying this? Because while most traditional PCs are still running Windows, new kinds of consumer home have appeared to replace or accompany the home computer, and many of them are running Linux: * Smartphones and Tablets with Android, WebOS or MeeGo. * Media streamers (e.g., Xtreamer, Popcorn, etc). * Residential gateways (a.k.a. home routers). * DVRs (e.g., Tivo) * Televisions (e.g., from Samsung and Sony) * GPS (e.g., from Garmin) * Networked hard disks (e.g., WD My Book Live) * Personal video screens on airplains So probably the number of home installations of Linux, in one of these home devices, is already greater than the number of home installations of Windows! And of course, add to this the fact that Linux is also more popular on servers, e.g., Google's and Facebook's servers - over a million (!) of them, all use Linux - so even if your PC is running Windows, the Web sites you use are actually based on Linux. Some might argue that the fact that these devices use Linux is irrelevant, because their Linux is not exposed to the users. I argue that this is not accurate: Some of them do expose an operating system (e.g., Android), in some of them you need to be aware of Linux to add extensions or understand their on-disk formats. But more importantly - The fact that these devices are *not* based on Windows is what matters. It is starting to educate the users that Windows isn't the only allowed user interface: People used to hate Linux's UI (e.g., Gnome, KDE, OpenOffice) because they are different from Windows'. But now everything is different from Windows: Android is different from Windows, Apple iOS is different from Windows, Xtreamer's menu system is different from Windows, Gmail's UI is different from Windows - suddenly Linux doesn't look that alien any more. And finally, as Linux-based devices outnumbers Windows-based PCs, and perhaps even out-costs them, the amount of investment into Linux development will increase, to the benefit of all Linux users. So, We won!!! Vive la revolution :-) -- -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Using ComSign smart card
On 11/14/2010 11:46 AM, Ori Idan wrote: Currently only 4 millions annually but from next year all companies and from 2011 everyone including small businesses. So we have to be ready for this. Call Comsign (the Certificates arm of Comda). They are most helpful with regards to their CA operation. -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Hebrew DNS
I am always surprised to see how sure of themselves people are when writing to this list, despite having no idea what they're talking about. --Ariel shimi wrote: 2010/8/30 Tomer Cohen to...@gmx.net mailto:to...@gmx.net Please note that ISOC does not provide Hebrew domains domains just yet (in the scheme of HebrewString.co.il http://HebrewString.co.il and HebrewString.net.il http://HebrewString.net.il), and there is no known plans to allow it anytime soon. That's a wrong assertion... http://www.isoc.org.il/domain_heb/idn/idn.html -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Playing TAU lectures from videos.tau.ac.il
Actually, my comment was occasioned not by their responsiveness (about which I know nothing), but by the smug confidence and defensive counter attack with which he explains away complaints. Populistic was a real gem. Yes, it was, wasn't it. And indeed the state comptroller lecture was nothing but a populistic stunt. Now to the subject at hand. First of all, I answered Micha in private, since I have some local patriotism in me, and thus I will not argue with TAU staff on the list. As for my smug confidence, and hot baloon, and talking out of my (replace with whatever you wish), you can believe whatever you want. I've been at TAU for 15 years, and I know exactly what we can or cannot do. We take every helpdesk call seriously. We can't always fix stuff, due to various reasons, and not all of them are technical. We are doing all we can, as far as our budget allows us to, in order to make our content and services available to all, regardless of their platform, be it Windows, Unix or Mac. Some of our services are provided based on outside software (like Virtual TAU for example). Services provided by code we write are always portable, since they are designed from the ground up to be so. As for what was said, if someone doesn't check if things change, he wont know that they did. Being stuck in your own perceptions doesn't really allow one to grow. I never said we didn't have problems in the past. And we still have problems even now, and even more faults. But we are committed to providing a good service, and our aim is true. -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Playing TAU lectures from videos.tau.ac.il
Can we please stop this thread? The sort of apologetics I read on this thread might be suited to discussion of religious dogma, but not Linux. That's your opinion. I often find the way Linux users behave to be very similar to the way religious people would, that is, they are zealots. Ariel, to an outsider like me, what you're saying sounds like: TAU is making every effort to support Linux users, but for some applications there was a political/financial reason to NOT support them, and in those cases Linux users are kindly requested to keep quiet, and not try to find workarounds for these applications to work on Linux. To prevent Linux users from looking for such workarounds, such workarounds are branded illegal or immoral (I have to admit I couldn't even follow the reasoning why). Certainly you know perfectly well that I didn't say that. Also I didn't mention politics anywhere. I said that we're doing the best we can with what we have, which is the truth. Even if sometimes we lack the funding to do this or that, it is not dropped, only delayed till it can be funded. I also asked TAU people to NOT keep quiet, but instead to talk to our HelpDesk, and escalate the tickets if required. Please keep these sort of arguments on internal TAU mailing lists, and let people who actually want technical advice (how to view certain kinds of videos on Linux) get it here. Unless you want to unsubscribe me, you will allow me to say what I deem necessary, unless you think shutting me up is your best choice. It sounds like everyone claimed that for the application at hand (video viewing) nothing changed and it still doesn't work on Linux. You didn't claim it changed (i.e., works on Linux) either. So I don't understand your argument. The remnants of the discussion didn't speak of the Video issues at all, but discussed the quality of TAU web team and helpdesk, and our e-learning systems. I agree they are completely irrelevant to the original topic. The original topic was already escalated internally, and it's being worked on as we speak. Sometimes the solution to a technical problem is not technical at all. I wont make the mistake of trying to provide someone with a solution that works next time. -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Playing TAU lectures from videos.tau.ac.il
First and foremost I think that you don't understand my question. I'll emphasize it again. I'm NOT interested in a way to access the TAU videos without username and password. I AM interested in a way to access the TAU videos WITH my [1] legitimate username and password, from a Linux system. Which means, in the bottom line, using mplayer or VLC. That is, the point about distributing the mms:// links is not valid for my question. The mms:// shouldn't help you if you don't have username and password for the videos site in the TAU. The mms links should be password protected. I understood you quite fine. I wasn't referring to you in my replies, but to those who answered. However, no authentication request prompted when I fed the link to vlc or mplayer. Maybe they just don't support authenticated mms links correctly. What probably happened is, there was no good way to authenticate the mms:// links in the server, so they used a hacky way which happens to work for WMP only. No. As I said, it will work from ANY browser, but it requires your player to be a browser plugin, and not a standalone player (that is the way it works at the moment). It might be that the TAU want people to access their content exclusively with WMP. I'm not sure if they can legally enforce that (I'm pretty sure viewing copyrighted material with a player not authorized by the rights owner is considered fair use, but maybe they can say hey, student! If you're accessing our videos in our website you must use WMP, otherwise stay out, and it would be something like HASAGAT GVUL to use that from linux). Oh please. About your second point. I was always disappointed when using the official support channel for linux support. Usually the answer is we don't support linux. The linux support you get at Linux-IL, is actually much better than the official channel. As I already said on the previous mail, your prejudice here is uncalled for. I really don't care what usual reply you get when you call X ISP or whomever. Use TAU HelpDesk. Have your friend open a ticket, the link is: h t t p : / / h e l p d e s k . t a u . a c . i l Have your friend login with his/her user/password, and help him/her fill in the request. best, -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Playing TAU lectures from videos.tau.ac.il
I'll bite. What this thread asks is not how to redistribute these films for free or for pay [FreeDist], but rather how to legitimately view them on Linux while fully respecting the copyrights. Apparently, the TAU workers did not do enough work to ensure portability and interoperability for non-Microsoft-based operating systems, and the people who asked here want to find a good workaround. This thread is entirely due to their lack of ability (or because they did not care enough), and it should be expected given that people use Linux and want to view the lectures there, which is within their rights as TAU students. Agreed. That may not be a bad thing, because it gives publicity to the university, and allows other people to enjoy your content. See: * http://remix.lessig.org/ * http://ocw.mit.edu/ (OpenCourseWare). Yes, but TAUs policy on copyright is not on discussion, nor am I authorized to change it. These internal means likely take time, as many people who have tried to contact the operators of web-sites that do not function in non-MSIE-browsers can attest to. In the meanwhile, people would need some Linux-specific workarounds, which would not be needed if the TAU staff cared enough about checking that. You reap what you sow. I do not like prejudice. The only way to fix TAU issues is via the help desk. Trust me, we're not your usual Joe ISP. We are a strong Unix/Linux shop, and most of our applications, especially web apps, are based on open source. -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: TAU lectures, BG Airport departures/arrivals, Kupat Holim lab results -- Linux
Going to the state comptroller is a avenue to be used after you have exhausted other possible options. I have no idea about other sites, but if you do have a problem with TAU websites or browser compatibility, the least would be to open a ticket with TAU helpdesk, and let TAU fix the problem (which they will if they can, unlike other sites). While I may agree that in general, it is desirable that sites would be cross platform, and that if other avenues were tried and they failed, turning to the state comptroller may be an option, I find the below e-mail a popolistic arms wrestling attempt, nothing more. --Ariel Stan Goodman wrote: There was some discussion here not long ago about the tendency of Israeli website owners to ignore issues of access by users of non-Microsoft browsers, and there seemed then to be a feeling that something ought to be done about it. That feeling seems to have dissipated, although the problem remains (and promises to get worse). To challenge the indifference of web designers to the problem seems a lost cause, as many of them have learned (I use the term loosely) to code in inexpensive Microsoft-sponsored courses which exist largely for the purpose of indoctrinating their students in the belief that MS enhancements are the best or only way to code web pages; they are not knowledgeable enough to understand arguments to the contrary. Owners of websites are also not a productive target for persuasion, e.g. because they feel that if they are reaching 90% of their clients, they have done as well as they ever can do, which really is not an illogical business decision. On the other hand, all the organizations listed in the Subject line above are quasi-governmental agencies, and therefore have a responsibility to serve any member of the public who is equipped with standard apparatus, without regard to specific proprietary gear. They are all subject to the oversight of the State Comptroller, and I submit that the State Comptroller is the office that should be approached with the complaint and argument that these agencies are delinquent in their responsibility, given that e.g. Firefox is compliant with standards, whereas Internet Explorer (although universally favored by the ignoramuses who code the websites in question) is not. If this makes sense to others, and if there is still interest in rectifying this long-time problem, I propose that a proper complaint be lodged with the Comptroller, who is bound to respond within a length of time set by law (I think it is three months). I think that this letter should be be drafted by a committee representing IGLU and signed by the largest possible number of members. The problem is not going to go away by itself. -- -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Playing TAU lectures from videos.tau.ac.il
On 07/22/2010 09:06 AM, Boris shtrasman wrote: Don't know if that the case , but at least for some I had to work with you must login to a web site (full auth) prior to to that the server will disable the access to the files. Also make sure with wireshark. Did you try with a perl script ? to connect and download the mms ? I do not understand this thread. It is obvious that TAU does not want you to circumvent it's access protection. Even if this was possible, why would you do it ? If you're pissed that it doesn't work well with Linux, and you are a TAU student/staff member, contact the TAU helpdesk, and open a ticket on the subject, and request they find a suitable solution for you. That said, as TAUs CISO I am *telling* you that we are interested to see our staff and students access our protected data in the proper way, and that any other person is kept out. Until we enforced this, many students sites not affiliated with TAU have published direct mms:// links to our content, which became available to anyone, anywhere, regardless of being affiliated with TAU or not, and thus infringing on our copyrights, on our academic staff copyrights, and also on Film studios copyright for some of our material. If a staff member or student has a problem, we can find solutions via our internal means of doing so, and not via asking Linux-IL how to circumvent us. --Ariel ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Israeli spam! Who do I contact?
On Thursday, 7 בMay 2009 08:32, Dotan Cohen wrote: I just got a nice bit of spam, for a paid service, in Hebrew, to an obviously-harvested address! That sounds like a cool 1000 NIS to me. Does anyone know to whom to complain to collect? Naturally, half of it will be donated to hamakor. I usually use the information on this page as a guide: http://www.isoc.org.il/spam/ -- Ariel -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: suid root - bash script
@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- -- Ariel Biener e-mail: ar...@post.tau.ac.il PGP: http://www.tau.ac.il/~ariel/pgp.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Penetration testing tools?
On Thursday, 16 בOctober 2008 07:49, Aviram Jenik wrote: Thanks for the plug ;) Our service starts at $30 per month, so only do that if your time for finding the tool, installing it, running it, weeding out the false positives and compiling a report from the results costs more than $30. I would kindly request that commercial information (solicitation) like the above will not make its way onto this list. The ROI for using your services may be interesting to Amos, and you can provide him with the sales quote in private, please. thank you, --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Israeli ISP and Blacklisting
On Wednesday, 30 בJuly 2008 20:53, Dotan Cohen wrote: This dog is not biting those who wear black or green. This dog is biting ISP's who let their users send spam. No, this is a irresponsible RBL maintainer. In the end they'll get sued and close shop, just like other such RBLs have. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Israeli ISP and Blacklisting
On Friday, 25 בJuly 2008 14:12, sara fink wrote: Hacking into the system- privelege escalation- spamming (and this is only one aspect after the system was hacked). DDos is a much nicer effect from the hacker standpoint of view. Actually, this is not quite so. The hackers/hacking scene has changed considerably during the past few years, and there is alot of money involved. Hackers get payed for creating these botnets of hacked computers (also known as drones, zombies ,etc..). They then use these armies for whatever the purpose of the person who hired them is. More often than not, this purpose is either spam or phishing. DDoS is rare nowadays, and most of the money comes from spam and phishing, at least when compared with DDoS. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Israeli ISP and Blacklisting [summary and stop]
On Thursday, 24 בJuly 2008 23:39, Oron Peled wrote: While I do have a faint hope to see this thread die eventually, and I avoided saying anything so far, I do want to make one or two contributions, mostly factual, and some based on my own experience and beliefs, so bear with me. 1. SPAM is here to stay, mostly due to human nature. For people who want to sell something, this is an easy and cheap way to get more clients. This is from the human psychology/sociology point of view 2. SPAM is here to stay, from a technical point of view, due to the fact that SMTP (and the following RFCs that enhance it) were not designed to deal with sender authenticity. In fact, I believe that up to this day, an RFC compliant mail system is required to accept the following: MAIL FROM: 3. ISPs should, in general, serve as a model of the phone system, that is, their job, as long as the law doesn't say otherwise, is to pass the packet of their user to wherever this packet may want to go. ISPs were not chartered to be a census. Of course that laws extend this bit, but this is in general what ISPs should do. Breaking this model in order to combat SPAM will destroy something, that to me is at the core of what an ISP should do on one hand, and it will NOT win the fight for the spam fighters, it'll be just another step in this escalation war. Remeber that the budgets available for the people who want to SPAM and their interests are far too great to not overcome this. 4. As long as there are people who want to sell something, and who desperately need the clients, the race between the spammers and the spam fighters will continue, and will escalate. SPAM will cease only when it becomes non profitable to the SPAM originators. That is, the day when using SPAM to advertise will no longer prove useful (aka wont generate enough income, or more efficient ways of electronic advertising will arrise) that is the day when SPAM will die. 5. ISPs should, despite what I portray in point 3., behave responsibly. That requires a responsive and understanding crowd though, that is, the customers. For example, the default dynamic IP account at an ISP should include a preset services base. Adding more services (like opening port 25) should be done per request (opt in), and might also be something you need to pay for (as you increase the liability of the ISP itself). Think of it as advanced user account. Of course you'll have to sign whatever document required, etc. 6. Another point I thought about is that a customer who is repeatedly hacked, (trojaned, etc) should be limited in access, and he should be offered a protection pack from the ISP, which includes a basic training in Internet dangers, and also A/V, antispyware, App firewall etc, and also that his traffic should be proxied and cleaned on it's way out. Of course that his package will be more expensive, due to him being a liability. Think of insurance companies. When one becomes a liability (repeated cases), the insurance company will either refuse to insure you anymore, or will charge more for the same coverage, due to the customer being a liability. Just to make sure, I believe that the Israeli customer (on the avg.) is far from the point of caring whether his/her actions hurt others, and as such is not ready for the above described ideas. In this case, what is needed is an ISP who will be pioneer and take this road. Others will follow suit eventually. 7. I do believe that some people on this list, while they have a theoretical point of view on how things should operate, lack the understanding of how things really turn out to be in the real world of ISP operations. Forgetting that the ISPs first, and foremost interest is to make money and make their shareholders happy is a fatal error, on the part of theoreticians. That however doesn't mean that everything ISPs do is acceptable, and sometimes very far from it. A balanced view however, that understands both the theory, and the practice is needed to be able to solve problems in the real ISP world. I bid you all a nice weekend. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ubuntu is Dead - Stay Away
On Friday, 6 בJune 2008 15:27, Shlomi Fish wrote: As I wrote on: http://community.livejournal.com/shlomif_tech/11379.html Ubuntu is dying as most of the bigwigs in its online community are infested with ego, ping-pong legitimate complaints to oblivion, and refuse to take responsibility for their own problems. The #ubunutu* channels suffer from fragmentation, over-specialisation, an obseesion with supposedly staying on-topic, and from ops who abuse their power. All of these are very unconventional on Freenode where they are hosted. Bad day on IRC, ha ? Just remember, the IRC virtual world is not the real world, so adequate proportions are required in order to enjoy IRC. And you can trust me on that specific (IRC) topic. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Status of IPv6 deployment in Israel?
On Tuesday 06 May 2008 00:10, Omer Zak wrote: What is the current status of IPv6 deployment in Israel? Hello Omer, The status of IPv6 deployment is as follows: 1. Machba/IIUCC (israel academic network) has IPv6 in it's core, and IPv6 is provided to each campus. It also has IPv6 connectivity to the world via it's service provider (GEANT- PanEuropean academic/research network). It also has IPv6 connectivity to IIX. 2. IIX is IPv6 enabled and supports peering via IPv6. BezeqINT and IIUCC already peer with it via v6. 3. BezeqINT has IPv6 in some of its core, and is connected to the IIX via IPv6. They might also have IPv6 connectivity to their upstream providers abroad (I assume they have at least one such v6 peering). 4. Smile Communications (012 + Internet Zahav) have IPv6 in the core network of what used to be Internet Zahav, and they also have at least one v6 peering with one of their upstreams. They also provide a v6 service, that is irc.ipv6.inter.net.il The above only includes v6 data of applications/implementations on the public internet, there may also be deployments inside companies for tests, product development, etc, but I do not have data on those. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ot Job Offer - הצעת עבודה
On Monday 31 March 2008 23:54, Lior Kaplan wrote: Daniel, Unsubscribing list offenders is not uncommon, and is an option. List owner ? --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: choice of groupware, choice of provisioning server?
On Tuesday 01 April 2008 00:41, Amos Shapira wrote: Oh good - all the points given against using Google web applications PLUS having the opportunity to use Lookout, get infected with viruses, and always worry that they will pull out another hotmail.co.il on you :) I suggest you first read/hear the relevant data, analyze it, and then criticize. Cheap popolism is maybe fun, but very counter productive. For people who just have to use Exchange this might be a good go-between as managing a private exchange server can be indeed a major resource drain (with the caveat that the connection to it is reliable). Well, it's 2008, and the solution this time will be hosted in Israel. I suggest not to remain entranched into ideas and things that happened 5 years ago, without being able to re-examine beliefs. I'm not sure you can save on these anyway - you'd want to backup e-mails even from your hosted solution, wouldn't you? And you'll have some sort of a shared file server anyway (which will require all of the above). All you save is the headache of having to figure out the right click path whenever you have to configure the damn thing, and understand the quirky MS network terminology. No, the backup solution will be provided as a service most likely. No need to buy a LTO library, backup software, software contracts, backup server, sysadmin with relevant knowledge, etc etc etc. Exchange backup (without taking it down and at brick level) is a very different beast to backup and maintain compared to a file server. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: choice of groupware, choice of provisioning server?
On Monday 31 March 2008 11:59, Marc A. Volovic wrote: With due respect to budding startups, and aesthetic judgements aside, both Scalix and ZImbra provide reasonably good products for a reasonable amount of money. I think Scalix is overpriced. It wont be noticeable if you do not have many users. I don't think it's cheaper than MS Exchange 2007. Also, if you're gonna be at Tech-Ed on Sunday, Microsoft Israel is launching it's hosted exchange service, which gives you a full exchange server and experience, on their infrastructure, which in your case, might be more suitable than maintaining the thing yourself (it most certanly be cheaper if you take into consideration the overall maintenance of a mail system: storage, backups, system administration, upgrade path of hardware, maintenance contracts for hardware, etc etc). --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Centralized Linux Authentication With CentOS
What exactly do you need ? Do you need only login and related issues, like groups, password expiration, and all that is related to user management, or will you also use centralized mount permissions (like you'd use NIS for mount permissions) ? I'd use OpenLdap, with a good open/free ldap access tool, and there a few wonderful such tools, I was introduced to yet another one (based on eclipse) last week, very powerfull. I don't think you need kerberos, especially if your comparison point is NIS. If you're gonna use NFSv4, and integrate mounts with the directory, then yes. Use LDAP over SSL or TLS. If you have a large directory, use nscd. I have a good configuration for a directory with some 80,000 user objects and a few tens of thousands of groups (see below). Be sure to disable nscd caching for hosts. threads 10 max-threads 50 server-user nscd debug-level 99 enable-cachepasswd yes positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 32749 check-files passwd yes persistent passwd no shared passwd yes max-db-size passwd 100663296 auto-propagate passwd yes enable-cachegroup yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 32749 check-files group yes persistent group no shared group yes max-db-size group 100663296 auto-propagate group yes enable-cachehosts no --Ariel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: List of Israeli Open-Source Projects
On Sunday, 17 בFebruary 2008 09:46, Kohn Emil Dan wrote: Are we only discussing Open-Source projects fully developed by Israelis, or does this include stuff like for example, hebrew pine/pico done by HUJI (the hebrew support coded by them or added by them to PINE). This is of course not only translation of the UI. --Ariel Hi, AFAIK Qlusters no longer develops openmosix. You might add LKVM (Linux Kernel Virtual Machine) http://kvm.qumranet.com which is/was developed by Quramnet (www.quramnet.com) Emil On Sat, 16 Feb 2008, Shlomi Fish wrote: Hi all! I restored the list of Israeli open-source projects that used to be maintained at the Hackers-IL wiki and placed it on my home-site: http://www.shlomifish.org/open-source/resources/israel/list-of-projects/ Any additions or corrections would be welcome, so please send them to me at [EMAIL PROTECTED] . Regards, Shlomi Fish - Shlomi Fish [EMAIL PROTECTED] Homepage:http://www.shlomifish.org/ I'm not an actor - I just play one on T.V. ___ Discussions mailing list [EMAIL PROTECTED] http://hamakor.org.il/cgi-bin/mailman/listinfo/discussions = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- -- Ariel Biener, CISO Tel-Aviv University CIT div. e-mail: [EMAIL PROTECTED] phone: 03-6406086 PGP key:http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: List of Israeli Open-Source Projects
On Sunday, 17 בFebruary 2008 09:46, Kohn Emil Dan wrote: Are we only discussing Open-Source projects fully developed by Israelis, or does this include stuff like for example, hebrew pine/pico done by HUJI (the hebrew support coded by them or added by them to PINE). This is of course not only translation of the UI. --Ariel Hi, AFAIK Qlusters no longer develops openmosix. You might add LKVM (Linux Kernel Virtual Machine) http://kvm.qumranet.com which is/was developed by Quramnet (www.quramnet.com) Emil On Sat, 16 Feb 2008, Shlomi Fish wrote: Hi all! I restored the list of Israeli open-source projects that used to be maintained at the Hackers-IL wiki and placed it on my home-site: http://www.shlomifish.org/open-source/resources/israel/list-of-projects/ Any additions or corrections would be welcome, so please send them to me at [EMAIL PROTECTED] . Regards, Shlomi Fish - Shlomi Fish [EMAIL PROTECTED] Homepage:http://www.shlomifish.org/ I'm not an actor - I just play one on T.V. ___ Discussions mailing list [EMAIL PROTECTED] http://hamakor.org.il/cgi-bin/mailman/listinfo/discussions = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- -- Ariel Biener, CISO Tel-Aviv University CIT div. e-mail: [EMAIL PROTECTED] phone: 03-6406086 PGP key:http://www.tau.ac.il/~ariel/pgp.html -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Fwd: Re: Fwd: mirror.isoc.org.il updated?
-- Forwarded Message -- Subject: Re: Fwd: mirror.isoc.org.il updated? Date: Monday 31 December 2007 00:58 From: ISOC Mirror Admin [EMAIL PROTECTED] To: Yedidyah Bar-David [EMAIL PROTECTED] Cc: Ariel Biener [EMAIL PROTECTED] Hi, This is a problem with debian, not with the mirror itself. The packages are unavailable for the moment due to build problems, and the old ones were already removed. You'll have to wait for debian to figure their problem first. -- Lior Kaplan [EMAIL PROTECTED] http://mirror.isoc.org.il --- --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [YBA] NIS vs LDAP
On Tuesday, 25 בDecember 2007 09:34, Jonathan Ben Avraham wrote: Hi Linux-IL members, I am considering setting up a heterogenous work environment with about 100 high-end Linux work stations, 40 MS Windows, and 10 Mac's. The underlying common authentication system will likely be LDAP. Would NIS or Active Directories be more appropriate for this type of environment? TIA, - yba Well, I wouldn't chose any of the above in the way it is described. I believe that MS AD is the best tool to use for Windows environment, LDAP is the best tool for a Linux environment, and NIS is the best tool in that it is alot simpler for automounting and mount permissions for file servers (no password data here). What I would do is integrate. Configure a MetaDirectory, which will be either the source of data, or one level below the source of data (the source can be a CRM system, a database, whatever). Then, using a Directory sync solution, you can sync data from the meta directory to: 1. LDAP tree 2. AD tree 3. NIS system Each environment will use the system that is best for it, and the data each of these systems will see is the same data (since all changes are done at the top level, of the meta directory). This will ensure that all systems work with what they are best suited for on one hand, and that the data all see is the same in terms of permissions, authentication parameters, etc on the other hand. This however requires some integration, and is definetly for the larger operations. However, it is very scalable, and once implemented allows for tremendous flexibility and ability to add more connected systems on very different environments. If you are interested in this, e-mail me in private to [EMAIL PROTECTED] --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [YBA] NIS vs LDAP
On Tuesday, 25 בDecember 2007 17:13, Geoffrey S. Mendelson wrote: However be aware that except for Windows, NFS uses *NIX user numbers for access control. If your user name to user number mapping is not consistent across all your systems you can have security problems. Indeed, consistency is at the heart of things. I like to use Netapp storages since they do multi-protocol access to the same filesystem so well. One of the biggest problems with NFS is that if someone knows a user number (or you allow root access over NFS), is that they can boot a *NIX Live CD and create an account with the correct user number and access any files on an NFS share they want. Yes, NFS was not designed for personal workstations basically, it was designed for servers, assuming that you can't boot a server with LiveCD. This is indeed a very big problem, since NFS(v1/2/3) doesn't authenticate before allowing access. I haven't looked hard enough at NFSv4, I know it does have kerberos incorporated in it, I am not however familiar yet with the implementation. Geoff. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [YBA] NIS vs LDAP
On Tuesday, 25 בDecember 2007 21:54, Shachar Shemesh wrote: There is one thing that everyone in this discussion seem to have missed so far, and that is that AD *is* LDAP. Ariel Biener wrote: Well, I wouldn't chose any of the above in the way it is described. I believe that MS AD is the best tool to use for Windows environment, LDAP is the best tool for a Linux environment Assuming that is the case (open to discussions), then open an AD server and use it as an LDAP server for the non-Windows machines. Sorry, despite MSs claim that their directory server is an implementation of LDAPv3, I find it often missing, non-standard and minimalist for such a claim. Given the choice (and I was actually given this choice when I had to chose which directory server to go for @TAU), I left AD to do what it is good at, that is, management and authentication in a windows based environment, and I used a directory that is the most proven, oldest, and most extensible in the industry. It's called eDirectory. Sun's directory server is also an option. That are also others, which are not bad. MS is definetly not there, they came in late and have quite some catching up to do. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: dns of 012
On Sunday 02 December 2007 14:33, Leonid Podolny wrote: Name: pdns.012.net.il Address: 212.117.129.3 Name: sdns.012.net.il Address: 212.117.128.6 I think they have internal caching only servers for customers, rather than having customers use the authoritative only NSs for their domain. Are you sure that this is the sanctioned config from 012 ? --Ariel -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FTP problem
On Saturday 17 November 2007 22:35, Amos Shapira wrote: On 16/11/2007, Geoffrey S. Mendelson [EMAIL PROTECTED] wrote: In the Internet as people would like it to be, identd runs and returns information about the host computer and the user. I'd change that to In the Internet as stupid admins would like it to be. Identd is the stupidest security-related protocol and had I not seen it keep being mentioned for almost 20 years I wouldn't have believed it still being used for anything else but waste of time and network bandwidth. Does anyone here run an identd server or trust its replies? No. Identd is a security breach, especially if open to the world. Also, the current identd daemons can reply with whatever you want if you use a .file in your home directory, which tells it how to respond instead of giving out your username. Identd makes as much sense now as finger @host does. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: FTP problem
On Sunday 18 November 2007 09:49, Aharon Schkolnik wrote: Please run wireshark, and capture the server response code via sniffing your session with ftp.cs.huji.ac.il. Please get back to us with results. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: OT: Netvision and the damn routing
ציטוט Hetz Ben Hamo: All went well, with 1 tiny problem: lets look at a snip of the traceroute from my house to bluehost: 4 ge9-0.gw1.hfa.nv.net.il (212.143.8.209) 38.486 ms ge0-1.gw2.hfa.nv.net.il (212.143.8.212) 39.195 ms ge9-0.gw1.hfa.nv.net.il (212.143.8.209) 40.675 ms 5 pos5-4.brdr1.nyc.nv.net.il (212.143.12.35) 253.237 ms pos1-0.brdr1.nyc.nv.net.il (212.143.12.13) 247.734 ms pos5-4.brdr1.nyc.nv.net.il (212.143.12.35) 255.950 ms 6 Gigabitethernet4-0.GW12.NYC4.ALTER.NET (157.130.25.37) 450.531 ms 435.170 ms 437.170 ms hmm, 435 ms at Gigabitethernet4-0.GW12.NYC4.ALTER.NET, thats a no-no for video streaming, whether it's in Flash video using HTTP or using Macromedia streaming server. However, this will be the standard RTT for international links whose routes go Israel-Europe-US. This is not something to do with business package, but with what link you are routed through. I could disconnect from Netivision within a minute, but my problem is that lots of my readers and viewers are coming from Israel and they are connected to Netvision, which means that they will have a problem to watch any video clip without a severe buffering problems. First of all, there are other ISPs in Israel, to which Netvision is connected via multiple gigabit links, so they will have no problem watching your video. NV are connected to the big 2 (SmileComm - aka 012+I Zahav - and BezeqINT) via multiple gigabit links. As for video, the most important factor is jitter, rather than RTT. I am not saying that a link with 20ms delay vs. a link with 1500ms delay are the same, however, the universities run video conferences with multiple users in different countries, both europe and US, and it works fine. The problem with ISPs usually is the fact they overbook their international connectivity, which means that their links are at 80-90% most of the time, which creates peaks of 100%, and this creates high jitter on the link. --Ariel To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Which is the best ISP in Israel when accessing US server using ssh
On Sunday 21 October 2007 09:30, Michael Ben-Nes wrote: Found a way to go around the problem. I currently open a ssh connection to server in Barak that tunnel my work PC localhost port to the server in the US. Now its fast. Though I still confused about the cause of the problem. Have you tried diagnosing it bit by bit like I described ? --Ariel Cheers 2007/10/16, Amos Shapira [EMAIL PROTECTED]: On 16/10/2007, Michael Ben-Nes [EMAIL PROTECTED] wrote: What can be the problem? Its an ordinary 64bit RedHat 5 on a new dell hardware. I ssh using blowfish. In the morning the speed is lame but acceptable. in the evening I can even wait 15 sec for a response. Checked ping with no significant packet loss. Traceroute is around 300 for both ISP ( upload is 200ms ) What else I can check? Maximum compression on ssh? Generally go through ssh_config(5) and sshd_config(5) and see what can you squeeze out of it. --Amos -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Which is the best ISP in Israel when accessing US server using ssh
On Monday, 15 בOctober 2007 16:20, Michael Ben-Nes wrote: Hi, I'm working on a project that require me to ssh to a US server. The problem is that through Netvision Bezeqint the performance are horrible ( though Bezeqint its almost always faster then Netvision ) I don't mind paying double for a better connection. Waiting 10 sec to see something happens over ssh is too much. The IP of the server is 216.139.210.179 and its located at HostWay data center in Texas. Any recommendations? Hi Miki, The problem you described can have various reasons to it, so I will add a few disclaimers. 1. Israeli ISPs shift traffic over lines from time to time, due to their notorious tendency to buy STM1 links, due to them being cheaper (a STM4 takes time to fill, and while it's not full, they waste money). Thus, their STM-1s get filled up quickly, and they shift traffic based on alot of variables, depends on what you've bought, the kind of traffic you pass through, etc. 2. There are four virtual segments to check. a. One is your local loop (meaning the connection from your office to the ISP, and I include in this the connection inside you office). b. Two is the connectivity of the edge router that you connect to on the ISP side to the ISP internal core network. c. The international connectivity of the ISP in regards to the IP block which you are part of, since they don't advertise all IP blocks equally, including possible QoS tagging they may do, or other traffic shaping. d. The local loop of the ISP you want to get, including the connectivity in the LAN of the hosting place, or company. I suggest you try to isolate each of these, and see where the network problem is. Of course that `a.` will be very easy to check, `b.` you'll have to take the word of your ISP, but you can nudge them, `c.` is the same as `b.` but the possibility of the ISP lying to you about it is higher, and `d.` is hard to check unless you have connections on the other end of the pond. 10 seconds delays are very unusual on today's Internet that connects western world countries. It can result from various reasons, including congestion, packet loss (which can be either due to congestion, or due to virtual congestion because of QoS, or due to duplex mismatch), or something fishy in the ssh client side or the SSH server side. Usually, you wont have to debug all the possible interractions of the variables described above to find the culprit. It usually takes me not more than 1/3 of the possible checks, with a very difficult problem. Use common sense, and use GOOD TOOLS. Be systematic. Write stuff down. Best, Miki --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Which is the best ISP in Israel when accessing US server using ssh
On Monday, 15 בOctober 2007 16:20, Michael Ben-Nes wrote: Hi, I'm working on a project that require me to ssh to a US server. The problem is that through Netvision Bezeqint the performance are horrible ( though Bezeqint its almost always faster then Netvision ) I don't mind paying double for a better connection. Waiting 10 sec to see something happens over ssh is too much. The IP of the server is 216.139.210.179 and its located at HostWay data center in Texas. Any recommendations? Hi Miki, The problem you described can have various reasons to it, so I will add a few disclaimers. 1. Israeli ISPs shift traffic over lines from time to time, due to their notorious tendency to buy STM1 links, due to them being cheaper (a STM4 takes time to fill, and while it's not full, they waste money). Thus, their STM-1s get filled up quickly, and they shift traffic based on alot of variables, depends on what you've bought, the kind of traffic you pass through, etc. 2. There are four virtual segments to check. a. One is your local loop (meaning the connection from your office to the ISP, and I include in this the connection inside you office). b. Two is the connectivity of the edge router that you connect to on the ISP side to the ISP internal core network. c. The international connectivity of the ISP in regards to the IP block which you are part of, since they don't advertise all IP blocks equally, including possible QoS tagging they may do, or other traffic shaping. d. The local loop of the ISP you want to get, including the connectivity in the LAN of the hosting place, or company. I suggest you try to isolate each of these, and see where the network problem is. Of course that `a.` will be very easy to check, `b.` you'll have to take the word of your ISP, but you can nudge them, `c.` is the same as `b.` but the possibility of the ISP lying to you about it is higher, and `d.` is hard to check unless you have connections on the other end of the pond. 10 seconds delays are very unusual on today's Internet that connects western world countries. It can result from various reasons, including congestion, packet loss (which can be either due to congestion, or due to virtual congestion because of QoS, or due to duplex mismatch), or something fishy in the ssh client side or the SSH server side. Usually, you wont have to debug all the possible interractions of the variables described above to find the culprit. It usually takes me not more than 1/3 of the possible checks, with a very difficult problem. Use common sense, and use GOOD TOOLS. Be systematic. Write stuff down. Best, Miki -- -- Ariel Biener *.il EFnet Admin PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: 32Gb servers?
On Monday, 18 בJune 2007 10:32, Amos Shapira wrote: Amos, what is your budget for this ? There are a few options: SGI 1200 or SGI 2100 HP DL360G5 Dell PowerEdge 1950 IBM x3455 IBM x3550 No name Intel based boards stuff (if you're talking about 5 exits, try Data-Store - they are one and the same AFAIK - www.datastore.co.il) However, for a server with 32GB memory, I would go for one of the brand names. --Ariel Hello, Where would you go if you had to get a 32Gb RAM server, much preferably rack-mounted. Don't care so much about CPU or very fast disks, just needs lots of RAM. Can run either Windows (possibly developer's preference) or Linux (my preference). Dell's smallest server which supports 32Gb jumps the price to over 45k when it comes with 32Gb, 44k of this is just for the ram. I'm trying to dig the other big name brands (IBM, Sun, SGI, HP) but so far their web sites weren't very helpful to understand what can they offer that answers these simple requirements. Thanks, --Amos = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- -- Ariel Biener *.il EFnet Admin PGP: http://www.tau.ac.il/~ariel/pgp.html -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Hacked server
On Sunday, 8 בApril 2007 00:33, Ori Idan wrote: A server I managed was hacked by a libian hacker. The only thing he did was changing the index.html of some web sites. The server is based on fedora core 2 running: httpd sendmail bind proftp (through xinetd) ssh Any ideas how he could have done it? Based on your description, and on Internet statistics, I'd say: 1. Flawed PHP based application or code (photo album, forum, etc) 2. Flawed flash application (chat server) 3. Buggy apache. What should I do to prevent such hackes in the future? Run a supported release of OS. Be careful what webapps you run on your web server. Keep them up-to-date. Try running them (including the web server itself) in chroot. While this wont help if your app is broken, at least the attacker will be locked into a a chrooted environment. Audit your server, run tripwire and look at the daily logs for binaries or files that were changed. Read online and printed material about basic system administration and security practices. Based on your questions, you need an overall understanding of how to run a system in a secure manner. --Ariel -- Ariel Biener *.il EFnet Admin PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Configuring BIND - DNS server
On Sunday 11 March 2007 12:13, Uri Even-Chen wrote: Of course I want to learn, but I don't understand what's wrong with the current configuration. And also, many technical people forget that hardware costs money. 2 servers would cost me double; 3 servers would cost me 3 times etc. I'm not Google, I don't have millions of servers. If I can save money by putting everything on one single server, and if it works - then what's wrong with it? I don't see any problem with solving domain names recursively while being open to queries from the entire world. And of course no one said that you need to buy more hardware, just run two BIND servers on the same machine, each bound to its own IP address... Of course, if my service was abused and things were not working, that's a different issue. But since it works, I don't see any reason to change the current configuration. I don't agree with your opinion that my current configuration is wrong. How would you even know if your service is abused ? Are you waiting for it to be abused ? What kind of technical (or management) decision is this ? But since you think it's my opinion, let me quote a few other opinions: http://www.zytrax.com/books/dns/ch4/ ... Note: Running any DNS server that does not require to support recursive queries for external users (an Open DNS) is a bad idea. While it may look like a friendly and neighbourly thing to do it carries with it a possible threat from DoS attacks and an increased risk of cache poisoning. The various configurations have been modified to reflect this. ... http://articles.techrepublic.com.com/5100-1035_11-5860968.html http://www.sprintlink.net/faq/dns.html http://net.berkeley.edu/DNS/recursion-detail.shtml ... It is possible to have both authoritative and caching functions running on the same DNS server, and this was typical in the early days of the DNS. More recently it has become a best practice to separate these functions, and IST did this a few years ago. More information on our DNS servers can be found here (http://net.berkeley.edu/DNS/campus.shtml) ... http://cr.yp.to/djbdns/separation.html ... The importance of separating DNS caches from DNS servers DNS caches should always have separate IP addresses from DNS servers. In other words, the IP addresses listed in /etc/resolv.conf should never match any IP addresses listed in NS records. This separation is widely recognized as the right way to run DNS. As stated in the ``DNS and BIND'' book, third edition, ``Securing Your Name Server,'' page 255: Some of your name servers answer nonrecursive queries from other name servers on the Internet, because your name servers appear in NS records delegating your zones to them. ... You should make sure that these servers don't receive any recursive queries (that is, you don't have any resolvers configured to use these servers, and no name servers use them as forwarders). ... Now, I can go on and quote tens of other resources on proper DNS configuration, however, I hope you get the picture. If I wanted I could change the current configuration and use Netvision's name servers to resolve domain names, and my own name server only as an authoritative name server. It wouldn't cost me more money. But would my server perform better? I'm not sure. Doron Shikmoni told me not to use Netvision's servers, and I guess he is right. Doron is right, and you should not point your nameservers to use the NV NSs, basically since every query will go over your link to them, which I assume is not LAN. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Configuring BIND - DNS server
On Saturday 10 March 2007 15:50, Uri Even-Chen wrote: I don't see any reason to split. I only have one server machine, and I'm using the same DNS server for both purposes. It works. Of course, if you want you can use my DNS server as your own resolver, but I don't care. By the way, Netvision also uses the same 2 name servers for both purposes. You can use their name servers too as your own resolver, even if you're not a customer. And the same is with all ISP's I know. That is not correct, and in general, no one will police you into doing things right. Also, no one can police you into learning anything. I thought that you, just like I and others, are on this list to both learn and help. There are quite a number of ISPs (big ones) in Israel who have split their authoritative DNS service, and do not provide recursive services to the world. The fact Netvision are not doing it right doesn't mean a thing. You can also test your domain at www.dnsreport.com and see what you are doing right and what you are not doing right. By the way, alot of things done the wrong way work. That doesn't make them right. By the way, I'm using the same Linux machine to run DNS (BIND), mail (sendmail), and HTTP (apache) - and it works. Good for you. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Configuring BIND - DNS server
On Thursday 08 March 2007 14:27, Uri Even-Chen wrote: On 3/8/07, Oded Arbel [EMAIL PROTECTED] wrote: What are you using a name server for ? * If you are using a name server to provide DNS services to your own local network, then you better reference the main root servers. No. * If you are using a name server to cache DNS queries for local processes (caching name server) then you should forward all real requests to your ISP's DNS - same as what a regular process would do. Yes. This goes to Oded, rather than Uri. Below it there is something for Uri as well. Oded I do not see what is the technical difference between these two. The real life difference is that the clients of the first name server are devices on the net on which this NS is on, while the clients of the second are processes on the same machine. Both are caching-only (if they do not have local zones on them), and the choice to use forwarders is a matter of getting faster results, while risking less redundancy, and possible stale cached data for a while. /Oded My DNS server is both a authoritative name server for my domain names, and also a caching name server for all other domain names. I also have a mail server, which uses my DNS server to resolve domain names. And also, my ISP has only 2 DNS servers, and I don't want to rely completely only on them. If both of them don't work, I still want my server to work. I'm using my 2 ISP DNS servers also as secondary name servers for some of my domain names (such as speedy.net), and as caching name servers for the rest of my domain names (such as pazgal.com) - that is, they are listed as authoritative name servers although they are not. It works fine (they return a correct non-authoritative answer). When I shut down my DNS server, the domain names such as speedy.net resolve fine, while domain names such as pazgal.com do not (depends on the cache). The right (well, I am not Paul Vixie but, this is the general consensus) is to split the DNS setup into the following: 1. Authoritative, a set of name servers that only respond to queries of data sets that are local to them. Used for you and others around the world to know about stuff in your domains/zones. These have port 53 of both tcp and udp open to your network and to the world. 2. Caching only, used for your network to resolve stuff that is foreign to your own zones. These are not accessible from the world, and are only accessible to you/your clients. The idea is that all your applications/computers/devices will have the caching only NS defined as their resolver (with a backup to 1-2 ISP based NSs that are available to you due to buying transit from them). As for some more quirks, for larger installations, when you have a few slaves (secondaries) of your authoritative server, it is customary to use something called a stealth master. Usually, in a larger organization, there is one machine that gets the data from all kinds of apps, like CRM, provisioning, automated scripts and local data, and makes it into the zones served by your NS. This name server is also an application server, as it loads, recreates and changes zones as part of its job. This server should better remain unknown to the public, and since the name server on it sometimes is restarted, it will also affect people querying it. In this case, you run a stealth master on it. This means that this name server doesn't appear in your zone as a NS record, nor do you register it with your DNS provider. Its job is to serve the zones to the slaves (secondaries), who design it as the master in their named.conf. P.S. How do I check which version of BIND I'm using? I usually do rpm -q bind, why ? what do you do ? /path/to/named -v (usually /usr/sbin/named in Linux). Like: /usr/sbin/named -v BIND 9.3.1 --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ID theft (offtipicish)
On Sunday 04 February 2007 08:07, Ira Abramov wrote: Quoting Michael Vasiliev, from the post of Thu, 01 Feb: What reason do you have to believe that your identity is worth stealing? Ira, some people are paranoid, don't look for logic, it is a mental thing. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: New line in bash variables pain
On Tuesday 14 November 2006 12:34, Ehud Karni wrote: I don't understand why all this voodoo is needed. If you have a list of spaced delimited values and want to use a for or while loop to read them, just fix $IFS locally (the default of IFS is tab or space or newline). You can make $IFS only be newline for the local process (IFS=something; your for loop here), and it will work. If that is too much (man bash), then you can just use awk. I am not sure why the '/^[^[].+[^\n]$/' gives you what you want, since you have not said much about your input (except a hint that it may be in the shape of user = password). More information about your input is needed in order to formulate the right awk recipe for you. --Ariel -- Ariel Biener, CISO Tel-Aviv University CIT div. e-mail: [EMAIL PROTECTED] phone: 03-6406086 PGP key:http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Novell and Microsoft
On Tuesday 14 November 2006 02:45, Amit Aronovitch wrote: I'll be happier if you convince me that this is all completely wrong... How can one convince you that your prophecy of something that has not happened yet is wrong ? It may be true, and then again, it may be not true. No one knows. If you want to hear what my hunches are, I think you're overly worried, and I am not sure for how long Novell and Microsoft's interests are going to coincide. This marriage is an unholy marriage, and the bride was probably not the first choice of the groom. In my opinion, no virtualization platform available today is a real choice for high powered servers. It's nice for developers, and servers that are doing little (especially when I/O bound processing is in question). Since I don't see yet a virtualization platform that really threatens the dedicated servers world, and since the 1U high powered servers platform prices decrease all the time, I am not sure why all this hooha was made of this agreement. Just FYI: A vmware license would cost minimum $4000 for the basic 2CPU server. A server which you can run say, 10 machines on, with good performance per machine would be a 16GB 2xquad core CPU machine, with at least 2 gbit/s interfaces available. It would require 15k rpm disks, or if using a central storage to hold the OSs on, a 4gbit/s interface for fibre-channel or a bundle of at least 2xgigabit/s iscsi. Assuming this server would cost some $12,000, and the VMware license some $4000-$6000, and yearly maintenance of some $2000, this deal costs in 3 years at least $22,000 (one should also include the maintenance on the server itself, probably some 8-12%, which makes it a total of $24k). (prices will probably be higher for commercial companies, the prices we get in the academia are better). For $24k, you can buy 10 DL360 machines from HP, and have פחת on all the sum, and of course get better performance, alot better redundancy, and less problems. If you wanted to have good redundancy as well, you'd need two VMware machines, and 2 vmotion licenses, and a central iSCSI or fibrechannel storage. The VMware/XEN/whatever bundle is not good for servers. It's good for engineering/software companies that want to create and dismantle debug/test environments on the fly, without the need to buy hardware and wait for purchase. It is good for such development projects and test environments, and also for servers that don't do much, and then you can load 20-30 machines on the server I described above, without worrying about redundancy, since the services are not mission critical, and as such, no need for 2 VMware servers and vmotion. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Novell and Microsoft
On Sunday 12 November 2006 21:02, Oron Peled wrote: PLEASE DO YOUR RESEARCH - the NTFS isn't covered by any patent, You determinism has nothing to build upon. Some reading will help put your claims into proper perspective: Is it at all possible for people on this list to accept the following: 1). We can only speculate at the motivations behind Microsoft+Novell agreement. 2). None of us has a definitive version of the real reasons, I personally believe that probably none of the opinions here really hit the marker. 3). Even Novell+Microsoft themselves cannot foretell the outcome of their agreement in the years to come. 4). The FOSS paranoid will always cry wolf at anything MS related. I think this step that MS and Novell have taken is at least interesting, especially if we are to consider the fact that these companies haven't seen eye-to-eye for a very long time. However, I suggest that we wait a bit, beyond the statements, press conferences, blogs and all that, and see what are they actually going to do, since actions are what counts here. So, instead of being prophets, lets wait this out, and see what happens. When we have facts and actions, then we'll be better able to judge whether this is a threat to FOSS, to RedHat, to the world climate, or maybe it'll turn out to actually be a good thing, like some people on this list think. Or, you can continue to take your best shots at being a prophet. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [SLUG] Backups keeping symbolic links.
On Monday 13 November 2006 00:21, Amos Shapira wrote: much luck... Any suggestions? Does he wanna backup files, or a file system (using dump for example). And, I think Linux cpio supports symlinks, doesn't it ? --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Novell and Microsoft
On Thursday 09 November 2006 13:14, Jonathan Ben Avraham wrote: Hi Shlomo, There are a lot of companies that demand mixed solutions - Windows desktops and Linux servers. Many of us on this list are making a living from this niche already. Microsoft and Novell decided to enter this niche together for their own separate reasons - Microsoft realizes that in the end they will need a Linux partner and Novell because if they don't make some move soon they will be out of business by the end of 2007. Novell is Novell being out of business by 2007 is simply not true. Your statement has nothing to do with reality. There are some good editorials about this agreement on the Internet, try InfoWorld and others for what the quality analysts say. the natural choice for Microsoft since Novell has lots of experience dealing with Microsoft compatibility issues and they are weaker than RedHat. The Microsoft alliance gives Novell a way to try to bypass RedHat Novell is in no way weaker than RedHat is. In fact, RedHat's share has taken a 30% fall (and risen some 10% back) since Oracle announced they will ship their own Linux OS with their Oracle servers, and they will maintain and provide support themselves, at a fraction of the cost that RHEL support costs. as the recognized leader of the corporate Linux world and at the present time it looks like the world has room for only one major Linux distro company. If you ask me, Novell will bypass RHEL, due to their added value. I believe that they will do with their OES just as they did and are doing with their Suse Desktop version, which means fully integrate it into their added value services (to which RHEL is not even close), and possibly ending up deprecating Netware in favour of SuSE. The desktop version was fully integrated it into their eDirectory (considered to be the best on the market) allow ZenWorks to fully control and customize the desktops, integrated iFolder support, iPrint support, and all the functionality of the Novell client. I believe that in a year or so it will be best Enterprise ready desktop distro on the market. If any of you is interested to see what wonders we worked out by integrating Novell and Linux @TAU, you're welcome to come and visit (mail me offline). I think that it'll be enough to say that we created solutions for IDM and data synchronization between incompatible entities using Novell products for about 1/100 the cost of such systems or integration on the commercial market. We've had large (and rich) companies come over to see and learn (like Teva for example). --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Novell and Microsoft
On Thursday 09 November 2006 13:36, Michael Jaffe wrote: The move is widely seen as Microsoft's attempt to eliminate Linux as a significant player in the server business. They've done this before. This strategy of coopting or buying businesses is jokingly called the roach motel. Partnering or purchased businesses go in - but they don't come out. If you would be so kind as to please enlighten us how exactly would Microsoft partnership with Novell threaten the Linux in the servers market (or any market), I'd be much obliged. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: irc client
On Tuesday 03 October 2006 11:10, Erez D wrote: hi i'm looking for an irc client to install on my linux box (rhel 4.4 x86_64) i found rpms of both ircII and bitchX, which was very old i even tried to rpmbuild the from src-rpm, but had failed any idea ? just need a text base irc client ! The fact an IRC client is old doesn't mean that it is bad. IRC clients, especially the text based ones, are not seing much development. I am using BitchX, from: ircii-pana-1.1-final.tar.gz. It works perfectly. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Backup advice
On Monday 21 August 2006 11:54, Ami Chayun wrote: Hi all, I would like to get some advice for a backup utility with the following capabilities: Try rsnapshot (http://www.rsnapshot.org) --Ariel 1. Be able to snap-shot directories and databases (not the entire file system). 2. Perform incremental backups (at least for directories) 3. Good integrity checks 4. Sane recovery process The main problem I have with rsync and friends is that I cannot get just the increment between two snapshots. Any recommendation will be much appreciated. Thanks, Ami = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Tutoring GNU/Linux
On Sunday 11 June 2006 11:49, Amichai Rotman wrote: Q1: How much should I charge? He's your friend... :) $35-40/hr for teaching $50/hr for preparation of the sylabus and the teaching materials... Q2: Is there any silabus I could follow? I never done this before... Well, use common sense... Try thinking what is the basis of Linux: a. explain what linux is b. explain about basic shell c. explain about basic unix commands d. explain about processes, networking, important daemons .. Maybe if there's someone on the list who does this regularily, he/she would be kind enough to share their views too. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ways to split single passwd cracking john?
On Saturday 26 January 2002 12:07, guy keren wrote: On Sun, 11 Jun 2006, Michael Green wrote: Is there an easy way to split a single john process into several (smaller?) tasks each running ona separate CPU in order to speed up the cracking process? I've got a dozen of Opteron cores idling here... Assuming this is a academic cracking process, then read john's manual and FAQ. John the Ripper password cracker, version 1.7.0.1 Copyright (c) 1996-2006 by Solar Designer and others Homepage: http://www.openwall.com/john/ Usage: john [OPTIONS] [PASSWORD-FILES] --single single crack mode --wordlist=FILE --stdinwordlist mode, read words from FILE or stdin --rulesenable word mangling rules for wordlist mode --incremental[=MODE] incremental mode [using section MODE] --external=MODEexternal mode or word filter --stdout[=LENGTH] just output candidate passwords [cut at LENGTH] --restore[=NAME] restore an interrupted session [called NAME] --session=NAME give a new session the NAME --status[=NAME]print status of a session [called NAME] --make-charset=FILEmake a charset, FILE will be overwritten --show show cracked passwords --test perform a benchmark --users=[-]LOGIN|UID[,..] [do not] load this (these) user(s) only --groups=[-]GID[,..] load users [not] of this (these) group(s) only --shells=[-]SHELL[,..] load users with[out] this (these) shell(s) only --salts=[-]COUNT load salts with[out] at least COUNT passwords only --format=NAME force ciphertext format NAME: DES/BSDI/MD5/BF/AFS/LM --save-memory=LEVELenable memory saving, at LEVEL 1..3 Now, I don't know what mode you're running John in, but, this is what I did for TAU: Split the 55k user:password entries into 5.5k entries, and ran it on 10 cpus. I used wordlist crack (gave it a few dictionaries plus the /etc/passwd format of the LDAP directory itself - with the full names of the users, and other details about them...). --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: hosts.allow issue.
On Thursday 08 June 2006 10:38, Livneh Ran wrote: Hi. Is there a way to block certain user from specific network? I'd like to deny access for user internal from the outside world, or allow access to that user only from 10.x.x.x networks. What Linux flavour, and to what services ? --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: company looking for Embedded Linux experts, to work as sub-contractors, 2-3 jobs
On Tuesday 06 June 2006 07:32, Marc A. Volovic wrote: Quoth Ariel Biener: A respectable company (that can also pay properly) is looking for 2-3 experts in embedded Linux and more stuff, see below. Please reply off list. s'possible... I am sure Gilad, YBA and myself would be interested... If you can pass details, would be obliged. Marc, I need you and Gilad and YBA to contact me off list as requested... --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
company looking for Embedded Linux experts, to work as sub-contractors, 2-3 jobs
Hello guys and gals, A respectable company (that can also pay properly) is looking for 2-3 experts in embedded Linux and more stuff, see below. Please reply off list. thanks, --Ariel -- Forwarded Message -- Subject: Linux Experts Date: Monday 05 June 2006 14:36 From: *** removed for privacy *** To: [EMAIL PROTECTED] Ma kore Ariel, Can you ask if you know any Linux experts with knowledge in Embedded Systems (ARM maybe) for Kernel BSP development and/or Application development under Linux? We are looking for 2 or 3 people with think experience for sub-contracting work to develop our Linux drivers and application for our ARM processor. Thanks, *** removed for privacy *** --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: the PAIN that is Adaptec
On Sunday 04 June 2006 21:37, Ira Abramov wrote: On a separate issue, the machine crashed when I let Anaconda boot into the Graphic install mode, so I had to do a text install. But that blew up when I booted into the OS because it defaulted to Runlevel 5 (the text mode installation does not come with an option for a text-only install). That was with Centos 4.0. tomorrow I'll try 4.3 (both x86_64, btw). Anyone has a clue? I don't mind running it with no X at all, since it IS a server afterall... Change the /etc/inittab in the `/' that the installer is installing to before the installer finishes the installation of the OS and reboots. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Yum problem (or: do RedHat suck ? why, yes they do!)
On Wednesday 31 May 2006 00:34, Oded Arbel wrote: Funny. upgrading between different brands of the same company works in every other Linux I've used - SLE-NLD-SuSE, Ubuntu-Kubuntu, Mandriva-NMS-Corporate Stop thinking of Fedora as RedHat. I can see plenty of reasons to change RHEL to Fedora - only one of them is the fact that RHEL uses outdated software. s/outdated/stable/g That's the gist of it - I don't want to do a full upgrade. I want to update select packages, but keep the basic system. Problem is - RedHat (unlike other OS vendors) don't like that, so - for example - you can't install two different major versions of the same library (like readline 4 and readline 5) unless there's compat package (and even then its a problem, because yum prefers to update 40 packages depending on the old version instead of simply installing the compat version). Redhat package management system is unfortunately not on par with other package systems from other Linux vendors (see: apt). --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: hd dopy with dd
On Tuesday 23 May 2006 17:14, Yedidyah Bar-David wrote: Just to make it clear - even without really getting deep into your problem, you should know that 'dd conv=noerror' is pointless in your situation, because it does not write zeros (or anything) instead of the unreadable sectors - its writes nothing. So all the data after the first bad sector will be shifted compared to where it should have been, which will practically appear as a damaged filesystem, probably very damaged. Also, I'd use 512 bytes blocks for such cases. While it is slower, it will be less prone to errors than 1M blocks, and is the only way I do it when creating images between disks of different sizes, especially when there are errors on the source. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [YBA] Job Opening
On Wednesday 17 May 2006 16:13, Ori Idan wrote: Free word viewer? yes, free as in free beer. YBA is talking about free software in the sense of free speach. He wants a person to understand the meaning of free software and sending in a free format is one way of showing it. It is a very narrow minded view to try to guess at one's character, interests and tendencies by judging the headers of the mail he sent, or the format of the document he used. There could be a plethora of reasons why the person used this or that mail client, OS or format (for example, being abroad, or at an Internet Cafe or at his parents house), which has nothing to do with his abilities, interests and orientation. It is not in the job description to control the location of where the mail is being sent from (and it is absurd). In short, YBA would rather dimiss a person based on a bad premise, than being open minded and judge the person by knowledge, abilities and resume. That is his privilege of course, but, you already understand what I think of it. Pluralism is a good thing, it widens horizons and by opening up to people you gain more than you lose. But then again, you can decide to require of them to be of your religion, so even if they are FOSS developers for years, or have contributed alot to FOSS, but like to use hotmail, or god forbid, had to use Outlook Express for some reason, they're out. As for Microsoft or Bill gates, we all understand that they are not the root of all evil. We are not against Microsoft, we are against the idea that someone will have control over the software we use or over the format we use to distribute our documents. Thank you, you just proved Imri's point. No one here is beconnimg religous. Protecting my own (and others) freedom is not a religous war. Of course it is, when you force others to use or not use something. You then become as bad as the ones you try to escape from. If you want to fight that war (not that it needs fighting), be plural and tolerant, which is exactly what FOSS is about. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Helping mirror.[hamakor,iglu,isoc].org.il
On Saturday 29 April 2006 16:08, Dan Kenigsberg wrote: This is the Fedora Core yum conf: [main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest distroverpkg=fedora-release tolerant=1 exactarch=1 retries=20 [base] gpgcheck=1 name=Fedora Core $releasever base baseurl=http://download.fedoralegacy.org/fedora/$releasever/os/$basearch [updates] gpgcheck=1 name=Fedora Core $releasever updates baseurl=http://download.fedoralegacy.org/fedora/$releasever/updates/$basearch [legacy-utils] gpgcheck=1 name=Fedora Legacy utilities for Fedora Core $releasever baseurl=http://download.fedoralegacy.org/fedora/$releasever/legacy-utils/$basearch Extract what you need from it. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Google responds
On Monday 24 April 2006 19:24, Yonah Russ wrote: Can we please stop the drama ? This Off-Topic thread has outlived its welcome by far. Thank you Yonah for portraying Israelies the way you did. Just like those who steal faucets in Turkey, you, again, have shown the face of the ugly Israeli, this time, to Google. Congratulations, you've just joined a long (and not distiguished) list. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Don't Panic! (OT) Netvision
On Thursday 20 April 2006 19:22, Tzahi Fadida wrote: The bandwidth capabilities from israel won't be depleted 20 years from now (med). They have the capability they just want to earn more on you. Yet, that bandwidth is not available to the ISPs, they have to buy the links, and Med Nautilus needs to cover their costs of installing and maintaining their submarine cables. So, ISPs buy as much as they need, they do not have any spares. If they'll continue with their policy, mass exodus will begin from netvision and we will probably not hear about this nonsense again. While this is possible, you should look up a similar policy set by British Telecomm about a month or so ago. The logic that some people take all the bandwidth is not sound. Today they need more bandwidth and tommorow you will need more bandwidth. However, when you'll need it you will cry out that the prices are too high for you. This way, you have the option to use more bandwidth when you need to. I prefer to pay more to have that future option. No, what they are trying to stop is those people who do not need it today but do not need it tomorrow, but the people who need it 24/7/365. Those people buy a 256k or 512k package, and then download 24/7/365. So, if one calculates the amount of bandwidth to buy (I am speaking about the ISP) in order to supply proper speeds for their users, the leecher users (those who buy low packages and download 24/7/365) are fucking up the statistics, since overbooking is calculated based on the assumption that users do not download non-stop (24/7/365). Personally, I find this a good thing done by Netvision, and I hope the others will follow suit. This will increase the income for the ISPs and allow them to provide better services to the home users in the long run. This whole issue reminds me of YES and HOT. The Israeli customer wants lower prices all the time. So, in their battle for the customer, HOT and YES reduce prices, and hurt their income. That being so, they do not have enough money to buy quality content, so all we have to watch is mostly shit, while quality content from large networks like HBO and such remains unavailable to us. We're shooting ourselves in the foot. And I will conclude with the immortal phrase: You get what you pay for. Oh, and for the ones who're looking for HUMOR tags, the above text was not meant to be humoristic :) --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Don't Panic! (OT) Netvision
On Thursday 20 April 2006 20:37, Ilya Konstantinov wrote: Ariel, Knowing that you're quite a veteran in this field, I'm feeling you must have inner knowledge which leads you to conclude that ISPs and TV companies have the noble goal of providing customers with the best value for their money, rather than maximizing shareholders value. No, their goal is maximizing shareholders value, you misinterpreted me. What I said is that instead of the Israeli customer chosing YES or HOT based on content (which will force them to buy better content), the Israeli customer is chosing based solely on price (which forces them to reduce prices). Since you can't have both (dirt cheap prices and good content), it seems that we (the customers) are setting the tone. So, what I would like to see is customers chosing based on content quality rather than only price, and customers accepting the fact the better content might mean higher prices, and sending that message to YES and HOT, aka - we're willing to pay some more if you're gonna get good content. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Ben Gurion University Internet site
On Wednesday 22 February 2006 19:28, Shlomo Solomon wrote: Does anyone on the list know if (and how) to access www.bgu.ac.il in Linux? I've tried Firefox 1.5.0.1 and Opera 8.51. I can login with my son's password, but many of the pages are either empty, un-accessable or unreadable. Is this a known problem? Yes, I already contacted BGU about it about 2 months ago, and I was told that they are working on it. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Actcom without a dailer costs more
On Monday 26 September 2005 12:06, El-al, Netta wrote: so you think that customers should pay double prices to their favorite businesses in order to keep them in business. that's not what capitalism and competition is about. hey, if you're a little business and then a bigger business starts offering the same thing but for much cheaper and you go bankrupt, then it may not be fair, but that's life. i, as a customer, care about myself. i want the best deal and i don't want to be screwed. period. like i said, if i want to donate towards the linux cause, i'll donate to my favorite distro, not to businesses who support linux. those businesses will only have me as a customer if i also like what they offer. That is your right, and you'll do as you please. Lucky enough, not all of us are like you. --Ariel -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Actcom without a dailer costs more
On Monday 26 September 2005 15:27, El-al, Netta wrote: Hello, Please stop posting the whole thread in your mail, it is uselessly long, and against the list etiquette. Secondly, please stop using this list in your piss fight against Actcom, as we're not your rant amplifiers. I think we have given you too much stage as it is. We already got the picture of what you consider to be wrong, and Amir's answers. Enough is enough. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Actcom without a dailer costs more
On Monday 26 September 2005 21:06, Oleg Goldshmidt wrote: By the way, as quite a few others on this list I use my Internet connection at home to connect to my employer's LAN over VPN. It was my employer who insisted on a no-dialer setup because the protocols dialers use (L2TP, PPTP) interfere with the VPN stack. Therefore, for some of us a dialer is simply not an option. What VPN do you have that is affected by the link layer ? I had no problem using either PPTP or L2TP VPNs, or IPSEC VPNs from either Cisco, Checkpoint and the free projects over either PPPoA or PPPoE, with dialer and everything. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Working for over a year
On Wednesday 07 September 2005 16:29, Omer Zak wrote: Wow wow wow, what long dicks you have over there! And now, for the embarassing questions: Does FC1 have regular security updates? If not, how do you secure your long dicks (sorry, long uptimers) against infections due to intimate contact (oops, Internet based attacks)? # uptime 5:08pm up 1198 day(s), 1:24, 5 users, load average: 0.11, 0.10, 0.10 Solaris8. As for your question, look at the redhat/fedora legacy project. It tells you all that you need in order to keep FC1/FC2/RH7.3/RH9 updated using yum or apt, and using their repositories. As easy as yum update on some old systems I run. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: A stupid bash quote question.
On Wednesday 31 August 2005 12:27, Ehud Karni wrote: --- #!/bin/bash subject='Set UID program scan results' address=[EMAIL PROTECTED] mailcommand=mutt $address -s $subject $mailcommand okfff Some message body. okfff --- One other way is: cat EOD | $mailcommand However, the whole $mailcommand idea here is useless, I 'd do (by the way, why use mutt as a command line mail sender ? I'd use /bin/mail). #!/bin/bash subject=`/some/setuid/program/runs/here` mailaddr=[EMAIL PROTECTED] mailcmd=/usr/bin/mutt cat EOF | $mailcmd $mailaddr -s $subject blah blah blah blah EOF exit 0 Some message body. okfff The way to overcome this is to use the IFS environment variable. subject='Set UID program scan results' address=[EMAIL PROTECTED] mailcommand=mutt/$address/-s/$subject## space replaced by / IFS=/## use / as word separator $mailcommand okfff Some message body. okfff Of course you can use any other character that is not in your text (e.g ~, =, :, %) but do not try to use characters with shell meaning (e.g. (, ), [, ], , , ;, *). Ehud. -- Ehud Karni Tel: +972-3-7966-561 /\ Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign Insurance agencies (USA) voice mail and X Against HTML Mail http://www.mvs.co.il FAX: 1-815-5509341 / \ GnuPG: 98EA398D http://www.keyserver.net/Better Safe Than Sorry = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Idiotic benchmark
On Monday 08 August 2005 21:30, Shachar Shemesh wrote: Actually, something extremely weird it going on here. The result change, Not weird, Anatoly didn't read what I sent through, see gcc man page for what -fno-math-errno does. I'll repaste it: -fno-math-errno Do not set ERRNO after calling math functions that are executed with a single instruction, e.g., sqrt. A program that relies on IEEE exceptions for math error handling may want to use this flag for speed while maintaining IEEE arithmetic compatibility. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Idiotic benchmark
On Monday 08 August 2005 16:02, Marc A. Volovic wrote:
gcc -O2 -fno-math-errno -o /tmp/bnch1 /tmp/1.c -lm
See gcc(1) man page:
-fno-math-errno
Do not set ERRNO after calling math functions that are executed
with a single instruction, e.g., sqrt. A program that relies on
IEEE exceptions for math error handling may want to use this flag
for speed while maintaining IEEE arithmetic compatibility.
This option should never be turned on by any -O option since it
can result in incorrect output for programs which depend on an
exact implementation of IEEE or ISO rules/specifications for math
functions.
YMMV, but the difference between running with gcc 3.4.3 was huge:
1). No optimization:
gcc -o /tmp/bnch-noop /tmp/drek.c -lm
real0m5.067s
user0m5.048s
sys 0m0.018s
2). With -O2 (or -O3):
gcc -O2 /tmp/bnch-O2 /tmp/drek.c -lm
real0m4.440s
user0m4.358s
sys 0m0.001s
3). With -O2(or -O3) and -fno-math-errno:
gcc -O2 -fno-math-errno -o /tmp/bnch-O2-no-math-errno /tmp/drek.c -lm
real0m0.228s
user0m0.226s
sys 0m0.002s
--Ariel
Example of an idiotic benchmark:
int
main()
{
long long i;
double q;
for (i=0; i1000; i++) {
q = sqrt(i);
}
}
Under gcc 3.3.5 (Debian Sarge) this pile of drek executes in 1.4-1.8
seconds (depending on -O level). Under icc 9.0 it executes between in
3.4 seconds for -O0 and -O1, and in 0.015 seconds for -O2.
And don't tell me this is not a valid benchmark. I know. This is as
artificial as I can get without using a wooden leg.
M
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word unsubscribe in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
+++
This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.
--
--
Ariel Biener
e-mail: [EMAIL PROTECTED]
PGP: http://www.tau.ac.il/~ariel/pgp.html
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word unsubscribe in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
Re: system clock loops
On Wednesday 27 July 2005 00:39, Amos Shapira wrote: Why not? As long as its owner doesn't care? There is no law that requires it, and the NTP server operator can do whatever he/she deems right. However, the way it was designed to work is below... From the original NTP RFC1059: The purpose of NTP is to connect a number of primary reference sources, synchronized to national standards by wire or radio, to widely accessible resources such as backbone gateways. These gateways, acting as primary time servers, use NTP between them to cross-check the clocks and mitigate errors due to equipment or propagation failures. Some number of local-net hosts or gateways, acting as secondary time servers, run NTP with one or more of the primary servers. In order to reduce the protocol overhead the secondary servers distribute time via NTP to the remaining local-net hosts. Since you seem to be up to date with the situation, do you think you know who to talk to in order to organize an il.pool.ntp.org sub-domain (see http://www.pool.ntp.org/)? I think it's more of a matter of having a concent from the server's owner than anything else. I read the project description, but I guess it requires FULLY public ntp servers to join. In this case, you'd have to suggest this to the operators of these servers, in the case of .ac.il clocks, you can e-mail Hank Nussbacher [EMAIL PROTECTED] and he can propagate the request for you to the appropriate people inside IIUCC. In the case of the IIX clocks, you'll have to send an e-mail to Doron Shikmoni [EMAIL PROTECTED]. The ISPs don't open their NTP servers to non-clients, so they are not usefull. In what way? Screwing with the signal or just logging in and running date(1)? Isn't it recommanded to setup a local NTP server for large networks? And what's the difference of this recommandation from the best practice... ISP's setup their own clock that you mentioned above? It is recommended to install a local NTP server for large networks, I just said one needs to be careful when installing it, to keep it secure. ISPs are large networks in this context, and as such there is no contradiction with the above. All I said is that people that sync with a server provided by their service provider expect the time to not be tampered with, as this is a service that their provider supplies (in contrast with public servers which provide a as is service with no guarantees or obligations). Thanks for the update. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: system clock loops
On Monday 25 July 2005 21:40, Yedidyah Bar-David wrote: And the netvision server. All seem to sync from that startum 1 server at HUJI. No, timeserver.iix.net.il has its own gps. Hello, Among the public NTP servers available, none is stratum 1, as stratum 1 should never be made public, but instead it should serve a series of stratum 2 servers who serve the public. The legendary ntp.ac.il, which was for a long period the only stratum 1 NTP server in Israel used to sync from an atomic clock at the National physics laboratory at HUJI. That clock however is no longer used, and ntp.ac.il is now ntp.ilan.net.il, to be used by the Academia but I think it's also public, and it is a GPS based clock. Also, HUJI has ntp.huji.ac.il, but it can only be used by .ac.il AFAIR (GPS as well). As for other public clocks, ntp.iix.net.il (also known as timeserver.iix.net.il) is actually two clocks (both stratum 2, do nslookup and see you get 2 IPs), each clock is sync'ed by 3 stratum 1 servers, 2 of them mentioned above, and the remaining one is a GPS clock owned by ISOC-IL. The standing best practice would be to have the ISPs and large enterprise organizations install their own NTP server inside their network, which in turn would sync with ntp.iix.net.il and 2 other sources of choice, and will provide NTP service to their customers. This server would be stratum 3 (or stratum 2 if the ISP/Enterprise decides to install it's own stratum 1). This model follows closely the original idea behind the way NTP was designed. Installing an NTP server for ones clients needs to be done carefully, in terms of security, in order to not allow someone to change the time on the NTP server, and to allow the NTP server to only sync with authorized and if possible authenticated clocks. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: system clock loops
On Tuesday 26 July 2005 01:03, Amos Shapira wrote: A reverse lookup confirms it's good old relay.huji.ac.il. I wonder a reverse of what confirms the obviously wrong fact you stated above. ntp.ac.il (aka ntp.ilan.net.il) is 128.139.6.20, while good old relay.huji.ac.il is 128.139.6.1. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Linux NAS like Solution
On Thursday 10 March 2005 11:07, Baruch Shpirer wrote: Hi, I have been fiddling for the last 2 weeks with idea of saving my company more then 2000$ and making my own kind of NAS like solution via linux. My considerations were highly to maintain the list of standard features NAS solution hold today including snapshots (lvm2) and hotswap disk rebuild. Hi Baruch, Unless this $2k is absolutely critical, I suggest you go for a supported and full featured NAS solution. What solutions exactly are $2k more expensive than what you propose ? None of the good ones are in that price range, and I am talking about prices for university, which are lower than usual, and still. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT, but so often discussed] www.iaa.gov.il wants IE
On Sunday 06 March 2005 10:28, Shlomi Fish wrote: Hi Oleg! Well, I browsed to the site, and tried to access the real-time flight schedules and the planned flight schedules, and had no problem whatsoever in accessing them. (Firefox 1.0.1, that identifies as itself). They also seemed to be displayed pretty well. Works fine with Firefox 1.0PR. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [EMAIL PROTECTED]: Re: Looking for an experienced Linux system administrator]
On Friday 25 February 2005 00:22, Geoffrey S. Mendelson wrote: I also have 34 years as a systems programmer, applications developer, independent consultant, etc. I was maintaning operating systems, providing customer support, etc long before you were born. Low blow, pulling rank is the call of the desperate. As for my attitude, yes it sucks by Israeli standards. But I'm not interested in working for a company that buys a five computer site license and refuses to update it (not in the budget) when then are 60 computers using it. It sucks by any standard, including american or european. It would be advisable, especially considering your long years in the industry, to get the facts right before climbing high horses. Or likes to multiply microsoft licenses. Or use free for home use: only software without paying for a license. This is not our case. He did not communicate that very effectivly, in fact I thought that by reading his post he had no idea of what he was talking about, he was posting for a friend. He offered a job. If there was a taker, he'd give him more information. He doesn't owe you or the list anything. Think carefully, if people that actually have something to offer (a job in this case) get this kind of treatment here, what incentive would they have to continue to do so ? Did not seem to be for me, why didn't he say? Two years ago in the middle of the blight I was offered more for less. I did not take it as it was in Herzalia Pituach and I live in Jerusalem and don't drive. I did not want to take a job with a 3 hour each way commute. You were too self involved with your righteous crusade to actually get the facts. Maybe too many years in the business makes you too cynical. Listening and checking facts however, regardless of your experience, is still the way to go, and no one is exempt. Well, actually they would be. If he was asking for my advice as to what to expect with such a job offer. If he has an an unusal job to offer, or a great benefits plan, or something else he should say it. He wasn't looking for your advice. He was advertising a job. That's it. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ATM Direct
On Monday 31 January 2005 16:26, Eli Marmor wrote: Hi Eli, The ATM direct service is agnostic to the routing device you chose to implement at your end, provided that whatever does your routing understands Fast Ethernet/Ethernet. You can use any routing platform you like, it has nothing to do with the ATM direct service, but rather with the customers needs, in terms of performance, reliability, security, support, etc. best, --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ATM Direct
On Monday 31 January 2005 16:59, Ariel Biener wrote: On Monday 31 January 2005 16:26, Eli Marmor wrote: Hi Eli, The ATM direct service is agnostic to the routing device you chose to implement at your end, provided that whatever does your routing understands Fast Ethernet/Ethernet. Oh, I forgot to mention it needs to understand VLANs as well, aka 802.1q --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Students on Linux woes
On Sunday 31 October 2004 22:03, Alexander Maryanovsky wrote: Ideally, it would be officialy policy to have all course materials available in an open format, but I would settle for having that as a de-facto policy. Hi, I know that this doesn't address your direct complaint about portability issues, however, the latest OpenOffice works very nice for me in reading/seing PowerPoint/Excel/MsWord. Have you tried it ? --Ariel Any ideas what can be done about this? Alexander (aka Sasha) Maryanovsky. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Students on Linux woes
On Sunday 31 October 2004 23:29, Yosef Meller wrote: Perhaps we TAU students can write a joint letter to the people at the top windows (not the computing division) about why openness is in the true university spirit? I can't see a lot we can do when the budget is shrinking and the entire attitude at TAU is usually 'go find someone to shake you down' (lech hapes mi yenaanea otcha'). Hi, Speaking for the TAU computing division (which for some reason you seem to so quickly dismiss), it would be nice if you could arrange such a petition, and DO mail it to us as well as to the University bodies like the Rector and Vice Rector, and the students Dean. We are doing alot during the past years to make sure that all content we can control is standards aware and not IE specific. There are limitations to what we can do, for example, the availability of standards aware commercial products and alternatives (like the Virtual TAU system you mentioned). best, --Ariel I'm open to sugestions too. Maybe people here had similar experiences and can give advice? -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Optimized NFS
On Sunday 03 October 2004 12:05, Hyams Iftach wrote: (Fedora core 1, intending to put G-Ethernet PLANET ENW-9605) 1) I know the NFS server support V.3 but how can I tell the maximal packets it support ? (Over UDP) Is it a kernel thing or export flag ? Linux supports both udp and tcp based NFS (client and server). I've had varied experiences with NFS over different platforms and enviroments, so, if you'll say a bit more about yours, a recommendation on either tcp/udp can be made. About the NFS packet size, it is an fstab option, and is limited by the ability of your NFS server. Another limiting option is the networking infrastructure (the switch you'll be using). Too large packets can cause very big problems with NFS on most switches, even the expensive ones from Cisco. From TAUs experience, if your NFS servers does good NFS over tcp, then anything passing through the network core would be best served by tcp, a bit slower, but more reliable, no silent corruption and other problems. If you do back-to-back NFS, udp will do as well. About NFS packet size, we use NFSv3 with 8k packet size (the NFS packet size, not the ethernet MTU), with the lock,hard,intr options for the mount (and sometimes we play with the default timeo= definitions). These work well on networked enviroments. For back to back, I think 16k packets will also work good. 2) Does anyone has experience with that card ? Does it support Jumbo packets ? Should I use ifconfig to enable it ? About Jumbo frames, you can use it only if your entire infastructure does (if you wanna use it safely), or back-to-back. I don't know which NFS server you count on serving 30MB/s, but I think this is rather optimistic, but it depends on what kind of data is being served. Are you reading alot of small files, or big chunks of data, like large files ? Is it based on random or sequential access ? How many applications would be accessing the NFS mount at one time ? The above questions are important in order to plan and implement a solution that will use the resources you have in an optimal way, allowing you the best mixture of speed and reliability. --Ariel A throughput of 30MB/sec is needed (read only). Thank you, Iftach This e-mail message has been sent by Elbit Systems Ltd. and is for the use of the intended recipients only. The message may contain privileged or commercial confidential information . If you are not the intended recipient you are hereby notified that any use, distribution or copying of this communication is strictly prohibited, and you are requested to delete the e-mail and any attachments and notify the sender immediately. +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Fedora Core 1 slowness?
On Wed, 2 Jun 2004, Omer Zak wrote: Omer, what did you run there before ? Was it faster ? What hard disk does it have ? 128M RAM ? --Ariel I have the feeling that my Fedora Core 1 Linux installation on a IBM ThinkPad R40e laptop is too slow to start up applications. Once an application has been started, its response time is adequate. This happens even when I start up only a term and a relatively fast application (AbiWord). The system configuration is: 128MB memory 256MB swap 1.7GHz Intel Mobile Celeron (stepping 07) processor (3381.65 BogoMIPS) Gnome desktop What should I check in order to speed up the system? My suspectsare: 1. Too many services - how to determine how much memory each service consumes? 2. Slow version of libraries (I vaguely remember having read something about this about RedHat 9.0).A google search caused me to feel as if I am searching for aneedle in a big pile of hay. --- Omer My blog is at http://www.livejournal.com/users/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS:at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Israeli hosting
On Wednesday 19 May 2004 09:59, Gilad Ben-Yossef wrote: OK, let's give it a shot: I have several web site with very minior number of visitors but from time to time I use them to transfer large (as in 60M) files. I have several email boxes witha LOT of emails and I keep all my emails on the servers and use IMAP over SSL. I also need some very simple CGI/PHP ability. I want a service which Linux or other Free Unix like based, includes support for multiple domains, IMAP, ssh access and the ability to run CGI and/OR PHP. Over 1G of file system space, have a fast connection to Israeli site and it must have a back service. So you're looking to host a few web sites and your own stuff on a multi-domain server, owned by the ISP, rather than host a server of your own. Right ? My dream configuration would a virtual private host using something like the Linux VServer project (http://www.linux-vserver.org/) + backup in some IIX connected ISP machine room (dedicated machines costs too much and regular virtual web gosting offers too little), but I didn't manage to find any such offer from an Israeli ISP or hosting provider. Have you only tried ISPs like BezeqINT, Barak, GoldenLines, Internet Zahav Netvision (to quote the large ones), or have you also tried hosting services like Interspace for example ? Actcom's 100$ per month for a dedicated 1U solution is the closest thing to what I want - but it doesn't include any backup. What kind of prices are you aiming at ? Have you tried finding out what would a solution similar to what you state above would cost in the US (not in order to host it there, but in order to have a relatively acurate price estimate of such solution) ? I think $100/month is a low price for what you're looking for. Any suggestions? I'd try the ones who do hosting + backup. Since the location of the hosting is not interesting to you (you're not hosting a real machine), then I'd try Internet Zahav, Netvision, BezeqINT for the ISP side (they all provide solutions that include backup, etc), and also, would try hosting sites like Interspace, who are connected to the IIX as well, and are a reseller of Verio NTT in Israel - http://www.interspace.net/ --Ariel Gilad -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Israeli hosting
Hey, if no one really sells them in Israel maybe it's a business opurtunity. Anyone want to grab it? I'm willing to pay the first few month by creating all the software setup required for such a solution, I just don't want the headache to manage it afterwards... :-) I have two questions. Is the $35 you speak ok include backups ? What kind of backups ? I can offer this solutions you speak of here to people at the big ISPs, you'd be surprised how good ideas can catch fire if the right person talks to the right people. --Ariel Thanks, Gilad -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Israeli hosting
Yes, it happend quite a few years ago. Maybe they got better since. Maybe. I'm not going to risk my data to find out thank-you-very-much... :-) Stagnation is the mother of all our problems. Do try to re-test your beliefs once in a while. --Ariel Cheers, Gilad -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Israeli hosting
On Tuesday 18 May 2004 19:24, you wrote: Quoting Gilad Ben-Yossef [EMAIL PROTECTED]: In short - nice, but does anyone has something more close to home, as in - connected to the IIX? Well, I can't really recommend anyone, but the list of IIX peers in http://www.isoc.org.il/iix/2x_list.html is not very long. If you could provide what are the requirements you need for this hosting location, I could probably point you towards the right people. thanks, --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Which RH or FC to install for company developer desktop?
On Sat, 3 Apr 2004, guy keren wrote: We already have CD's of RH 8 and RH9 at the office. We expect to see both of them at customer sites. from stability point of view, you should install RH 9.0 - but it's a dead goat because of redhat's recent moves. i got my PC installed with fedora (fedora core I - with the patches that were available from redhat at the time). i use it for java development (althought i don't use an IDE yet...) and it works mostly stable. it's overloaded since i run on it something that was planned to be run on 3-4 different machines, but it did not crash on me yet. it's open-office seems to be the version that doesn't support hebrew (althought i think it should - i think it's version 1.1.0 or soemthing similar - perhaps this is just a fonts problem?), but it shows the english documents written inside the company quite ok (until there are drawings in the documents - that's where it 'squashes' the drawing onto the text). i use mozilla for surfing, since i was too lazy to get a different browser there. since the machine has a pentium 4 with hyper-threading, i installed an SMP kernel and it now runs with '2 CPUs' - does windows XP does this out ofthe box, by the way? (i don't know since i didn't check). i was somewhat skeptic about finding RPMs for redora, or running commercial applications - but at least some things seem to work (such as vmware). i didn't yet manage to get the Java IDE (Idea's IntelliJ) running on it - thought i didn't try realy hard. i don't use any C++ IDE either - by my room-mate, which also runs fedora on his desktop, runs both IntelliJ (Java) and anjuta (C/C++) on his fedora with no noticeable problems. I should also be careful not to setup something too shaky if I want to convicne them to switch the entire office to Linux desktops. why do you want to do that? people should stick with what gives them their pleasure - unless this is an everyone must have the same platform kind of office. as for the issue of developing on windows and deploying on Unix - i've seen that somewhere, and that was part of what kept me away from that place... -- guy For world domination - press 1, or dial0, and please hold, for the creator. -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Which RH or FC to install for company developer desktop?
On Sat, 3 Apr 2004, guy keren wrote: Hi, Sorry for the missfire earlier (pine ...). since the machine has a pentium 4 with hyper-threading, i installed an SMP kernel and it now runs with '2 CPUs' - does windows XP does this out ofthe box, by the way? (i don't know since i didn't check). Yes, it does. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: The Fedora Mystery
On Tuesday 10 February 2004 22:03, Omer Zak wrote: I bought a new laptop, paid the MS-Tax (for Windows XP), and I want to install Linux on it. When looking for ISO images of Fedora, I found no Israeli mirror of Fedora ISO's. The most recent mirrored version in that lineage is RedHat 9. So I am downloading Fedora ISOs (slowly) from abroad. ftp://ftp.tau.ac.il/pub/OS/RedHat/Fedora-core-iso/ yarrow-i386-disc1.iso yarrow-i386-disc2.iso yarrow-i386-disc3.iso --Ariel Meanwhile, the above observation leads me to asking, in a nervous way, whether there is any brown bag type problem with Fedora or with its level of Hebrew support. --- Omer My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] +++ This Mail Was Scanned By Mail-seCure System at the Tel-Aviv University CC. -- -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Annoyance with Israeli ISPs
On Sat, 7 Feb 2004, Itamar Ravid wrote: The point in this post - I was wondering if there is anyone here who connects directly using DHCP. Using the PPTP dialer slows my boot-process by ~15 seconds, since the PPTP tunnel apparently takes some time to be established. Also, if I wasn't using a GRE tunnel, my Netfilter matters would be less complicated. sarcasm My my, 15 seconds delay at boot time !!! That must completely ruin your computing experience, I say switch ISPs. /sarcasm Now with that out of the way, this complaint can clearly show you why the Israeli customer is such an annoying one, never satisfied, always bickering and complaining. Had you been in the US or even Europe, you'd be told the following: 1). We offer PPtP connections. 2). We do not offer anything else. That response would be uniform across the board. You must understand that maintaining various ways of connecting means $$$ for the ISPs, complicated procedures, both in Customer Support and network maintennace, and other problems I am not going to go into. Since this service (DHCP direct) offers a minuscule advantage to you (15 seconds shorter boot time, and one less iptables rule), I'd say that your ISP is not being unfair to you. However, if you chose Ilya's (in a reply mail to you) 1st point (threatening to leave), I believe you will be unfair to them. Not that Israeli's care about others. --Ariel -- Regards, Itamar Ravid [EMAIL PROTECTED] -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
weird grep issue (performance issue)
Hi, I have spent about an hour diagnosing the following: I have a passwd file, about 50,000 lines in length. I had a problem with a script grepping something from it, and when debugging I found out that: Pentium4 Xeon, RedHat 9, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~1 minute, 12 seconds Pentium4 Xeon, RedHat 7.2, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.04 seconds Pentium3, RedHat 9, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.08 seconds However, using `pcregrep' on the same systems yielded: Pentium4 Xeon, RedHat 9, latest RH kernel, fully updated system: time pcregrep : passwdfile /dev/null ~0.05 seconds Pentium4 Xeon, RedHat 7.2, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.08 seconds Pentium3, RedHat 9, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.12 seconds As you can see, there is a HUGE discrepancy between all the results above and the Pentium4 Xeon, RedHat 9 `grep' case, about 900 times slower. I tried recompiling the .src.rpm of the RedHat 9 grep locally on the Xeon, but it yielded the same result. As such, this appears (to me) to be some kind of a grep problem when coupled with 2 Gigabytes of RAM, Xeon P4 CPU (with the HT on) on RedHat 9. While I am researching some more on this, does any of you have any idea ? My hunch is towards write(), since I also tested it with grep --mmap (which uses mmap() instead of read() for reading) and it yielded the same results. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: weird grep issue (performance issue)
On Tue, 6 Jan 2004, Ariel Biener wrote: Ok, problem located. grep version 2.5.x includes UTF-8 support. If the systems default LANG variable is a UTF-8 one, like the following: # echo $LANG en_US.UTF-8 then grep is dog slow. Change it to en_US, and if flies like an eagle. RedHat --Ariel Hi, I have spent about an hour diagnosing the following: I have a passwd file, about 50,000 lines in length. I had a problem with a script grepping something from it, and when debugging I found out that: Pentium4 Xeon, RedHat 9, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~1 minute, 12 seconds Pentium4 Xeon, RedHat 7.2, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.04 seconds Pentium3, RedHat 9, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.08 seconds However, using `pcregrep' on the same systems yielded: Pentium4 Xeon, RedHat 9, latest RH kernel, fully updated system: time pcregrep : passwdfile /dev/null ~0.05seconds Pentium4 Xeon, RedHat 7.2, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.08 seconds Pentium3, RedHat 9, latest RH kernel, fully updated system: time grep : passwdfile /dev/null ~0.12 seconds As you can see, there is a HUGE discrepancy between all the results above and the Pentium4 Xeon, RedHat 9 `grep' case, about 900 times slower. I tried recompiling the .src.rpm of the RedHat 9 grep locally on the Xeon, but it yielded the same result. As such, this appears (to me) to be some kind of a grep problem when coupled with 2 Gigabytes of RAM, Xeon P4 CPU (with the HT on) on RedHat 9. While I am researching some more on this, does any of you have any idea ? My hunch is towards write(), since I also tested it with grep --mmap (which uses mmap() instead of read() for reading) and it yielded the same results. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] This Mail Was Scanned By Mail-seCure System This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence ofmalicious code, vandals computer viruses. -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: weird grep issue (performance issue)
On Tue, 6 Jan 2004, Ariel Biener wrote: One more piece of information if anyone was wondering how the following is consistent with the P3 results (which seemed to be unaffected by the bug): On the P3, LC_CTYPE was set to he_IL. Unsetting that immediately caused the same behaviour like on the Xeon. So now all the loose ends are tied. --Ariel On Tue, 6 Jan 2004, Ariel Biener wrote: Ok, problem located. grep version 2.5.x includes UTF-8 support. If the systems default LANG variable is a UTF-8 one, like the following: # echo $LANG en_US.UTF-8 then grep is dog slow. Change it to en_US, and if flies like an eagle. RedHat -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Reiserfs acting up
On Wed, 12 Nov 2003, Muli Ben-Yehuda wrote: It makes no difference at all. What purpose would it supposedly serve? Freing up memory, sometimes some modules have bugs and can be exploited in ways beyond us, and also, software tends to interract. --Ariel -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ the nucleus of linux oscillates my world - [EMAIL PROTECTED] -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: GUI language for beginners
On Sun, 2 Nov 2003, Shachar Shemesh wrote: A good begginer's GUI tool for a univ. project. Which would be best? tcl/tk probably. --Ariel Shachar aviad wrote: i wonder if you could help me choose between several languages to develop gui based application i gotlost between : Python,perl,tcl/tk,qt,gtk+ i need a language that will help me to develop a small gui that will communicate with a non gui linux program (send parameters via gui) hope to hear from you aviad -- Shachar Shemesh Open Source integration consultant Home page resume - http://www.shemesh.biz/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: GUI language for beginners
On Sun, 2 Nov 2003, Diego Iastrubni wrote: Heh, you programmers, never pragmatical, always aiming at the overkill. --Ariel Here is my opinion: any one of this 3 sounds cool. I put here only the downsides of each approach. gtk: * not object oriented (looks un-natural to build gui's in no oop language) * looks funkey on win32 qt: * not free in win32 * does not compile with mingw or friends on win32 java: * funky look everywhere. * difficult to install, big download * needs interperter on the client side wxwindows: * problems with hebrew (no reversed menus for example) * in linux, app's run in he_IL locale will be reversed, under windows same code does not get reversed (different layers behave differently) , 2 2003, 23:18,Shachar Shemesh: Hi Aviad, I've decided that a lot of voices make for a more interesting conversation. I'm therefor forwarding your email to a mailing list I read (and occasionally even write to). I'm sure the good people here will have plenty to say. You may want to clarify what sending parameters mean, though. Is that a guiapplication that invokes a cli application with arguments? Ok, guys. I decided that the distro war from a few days ago was not interesting enough. Let's have a programming language war, while wer'e at it. A good begginer's GUI tool for a univ. project. Which would be best? Shachar aviad wrote: i wonder if you could help me choose between several languages to develop gui based application i got lost between : Python,perl,tcl/tk,qt,gtk+ i need a language that will help me to develop a small gui that will communicate with a non gui linux program (send parameters via gui) hope to hear from you aviad To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Networking my new home (or RJ45's vs. WiFi)
On Sun, 28 Sep 2003, Shachar Shemesh wrote: How would that stop a spammer parked outside your house from sending spam? You are going to unneeded and plain useless extremes. Spammers will not travel around in cars with wireless detectors to send spam from their laptop via the poor man's unsecured home network. You know this as well as I. Spammers will look for high profile open relays or will use someone who intentionally has these pink agreements with spammers and allows spam from his high profile mailing system, and send enormous quantities of spam to a vast address list from those systems. Lets stay focused, please. --Ariel Geoff. Shachar -- Shachar Shemesh Open Source integration consultant Home page resume - http://www.shemesh.biz/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Networking my new home (or RJ45's vs. WiFi)
On Sun, 28 Sep 2003, Shachar Shemesh wrote: Hi, This is eactly the reason why I answered `depends on the implementation'. There are a few ways to implement a wireless network, and there is a set of reasonable requirements for security @home, this set is different than the requirements on a corporate network, and yet different than those required on a military or similar network. One always needs to weigh the possible threats with what actually we are protecting, the possible damage, and counter that with the investment we need to make, and see what is the price/performance, and where we draw the line. In the case of home security for WiFi, I wouldn't invest in a VPN device, be it a firewall (Checkpoint/Cisco/Netscreen SOHO) or any similar device, and add the complexity of VPN clients. Also, I don't know how Linux implements connecting to such entities. On the other hand, I don't know how well (if at all) the Linux wireless driver supports the WiFi security module (key exchange, etc), and in this case, it may be possible that while the WiFi security would be optimal for home usage, one may get pushed into using VPN due to lack of Linux support. There are other options, but they are more annoying to implement, including ssh tunnels for a certain set of ports, and similar stuff. --Ariel That depends on how secure you want to get. WEP (Wire Equivalent Privacy) is quite secure in the sense thatit takes several minutes to crack. This applies to the 56bit as well as the 128bit modes. WEP was broken on every concievable level, and on several inconcievable levels. If you are trying to defend against an occasional sniffer, it may be enough. You will find, however, that a moderately determined attacker will see no difference between WEP turned on or not. Shachar -- Shachar Shemesh Open Source integration consultant Home page resume - http://www.shemesh.biz/ -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Networking my new home (or RJ45's vs. WiFi)
On Sun, 28 Sep 2003, Shachar Shemesh wrote: I'm sorry, but apparently you are ill informed. Spammers do, as a matter of day to day matter, exploit Wifi to send anonymous email. The phenomena is mostly documented in the US at the moment, but you can never tell when it will make aliya. Exploit home networks or corporate WiFi networks ? --Ariel Shachar -- Shachar Shemesh Open Source integration consultant Home page resume - http://www.shemesh.biz/ -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Networking my new home (or RJ45's vs. WiFi)
On Sun, 28 Sep 2003, Shachar Shemesh wrote: Key exchange? What key exchange? If WEP had key exchange, it wouldn't be so #$(%!$! broken. Well, maybe it would, who knows? In any case, WEP has no key exchange, which is part of the problem. Buy Cisco. Don't use WEP. -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
