Re: Setting up a PBX for Israel-US communication
2009/2/12 Amos Shapira amos.shap...@gmail.com: How do I test this? Write an extensions file and use http://www.didww.com/service_did.php to test DIDs for free. I have a Nokia E71 with a built-in SIP client which I'd like to connect to this thing. Set up the credentials in sip.conf and connect from the Nokia, verify you can register and you can see the registration. Going to didww.com I'm not sure what should I look for - Phone to VOIP or Phone to IP-PBX? both options cost $US10 a month, I don't see an option to pick the allegedly cheaper 077 numbers. Indeed, it is gone from their screen. A mistake perhaps? Try emailing sa...@didww.com. Disclaimer: I'm not affiliated with DIDWW in any way other than being a happy customer. Anything beyond about $5/month makes this possibly uneconomical, as for the long term I don't spend that much on international calls and Skypeout subscription can provide unlimited calls for 5 euro/month (for minimum of three months). (We have 4000 free Skype minutes from our mobiles so Skypeout is very convenient to call from wherever we are). For me it's not about my cost, it's about the (perceived) cost of people who call me. This way I can have people call an Israeli number to get at me and they know they don't pay much. Plus don't dis the geek factor... -- Arik ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Setting up a PBX for Israel-US communication
2009/2/1 Ori Berger linux...@orib.net: sammy ominsky wrote: Worse than that, asterisk will not work in an OpenVZ VE unless you have access to the underlying host to install the zaptel kernel modules. (Note that in another email, Sammy mentions that it works but some features don't). It looks like Xen would therefore be needed? Personally I'm using OpenVZ. I wanted to switch to Xen, but didn't put the time and effort into it. I get what I need from the system, and yes it does complain that it doesn't have a timing source, but It Works For Me (tm). -- Arik ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Setting up a PBX for Israel-US communication
Hey Ori, long time. 2009/1/31 Ori Berger linux...@orib.net: - VPSLink is still the cheapest VPS host at $8/month (or $80/year) for 64MB of memory. It seems like the OpenVZ package is better suited than the Xen package, being less resource intensive. And from past experience I would bet on Debian -- however, can anyone here share their experience (Arik?). Will apt-get install asterisk be enough, or will I have to compile everything myself? I have installed Ubuntu and not Debian. I installed Asterisk from packages, I didn't compile anything. In fact I don't have any dev tools in my machine and I doubt they will run with only 64MB of RAM. Heck I have to stop Asterisk when I want to run some commands, like for example apt-get... - grnvoip still seems like the cheapest termination service - but only provides SIP connection, whereas voipjet, still competitive, provides only IAX2. Any recommendation here? IAX2 is supposed to be less resource intensive than SIP, but I don't know if that'll matter on a 64MB machine routing at most two calls. I use voipjet/IAX2. Viopjet claim that they are not to be used by end users, and I simply ignore that. So far I haven't asked for support and haven't gotten any. They have the occasional downtime, if you use a DNS name for the host and not an IP you will usually not feel it because they change DNS records to compensate. You have to have more than $20 in your account at all times or else you can't use most of their servers. - didww.com is competitive on DIDs ($3/month for 077- number in IL, $10/month for 03- number, $2/month US number), but other such as diamondcard.us provide same prices, and also do termination (although not as cheaply as grnvoip or voipjet). I use didww.com. I did not check out any others. I have a number in the US, in Israel and in Australia. I used to have a number in France but some stupid French decided to limit VoIP numbers to the physical region they seem to be from, so lacking an address in Paris I had to give that number up. - Any positive or negative experiences routing SMS between those systems? Didn't try it, I have no idea if it will be successful. I know Nir Simionovich and Oded Arbel have messed around with SMS quite a bit, and I think they are both on the list. Does anyone have experience, specific software versions and/or configuration scripts to share with regards to such a setup? I can share my extensions.conf with you if you want. -- Arik ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OFFTOPIC] Daily Maily Spam
2008/12/9 Gilad Ben-Yossef [EMAIL PROTECTED] Omer Zak wrote: During December (since the anti-spam law came into force), I received so far three E-mail messages from Daily Maily, without giving them permission to continue to E-mail me. If you ever went to one of those free people Computers events, such as Go Linux, you signed an agreement to receive their publication. So it might not be my cup of tea or yours, but neither it is SPAM as the law defines it. Just unsubscribe and AFAIK they'll stop. My experience is that they stop immediately. Mine started when I gave Peli the Tiger my business card after he took my photo. I guess he subscribed me manually so I can see the result... -- Arik
Re: Israeli ISP and Blacklisting
On Fri, Jul 25, 2008 at 6:30 PM, Imri Zvik [EMAIL PROTECTED] wrote: I cannot discuss this further when you refuse to give ANY factual data. You publicy trash people (the abuse@ and all the other people behind that ISP) with quite a harsh words, and refuse to back it up with facts. So don't. I didn't mean you to. It was a rant. It was a single sided exclamation of my thoughts about the topic. If I wanted your response, I could have asked for it. You, yet again, dismiss my attempts to help you, saying it's won't help (???). It seems you don't really want to be helped, but just taking advantage of the free and cheap shot. Precisely. This is exactly what I did. I used this stage to rant. Finally, you got it. I must emphasize this - almost 24 hours after the original flametory post, I still didn't get ANYTHING to work with. Nor will you, unless you happen to belong to the ISP I was talking about and have access to the abuse mailbox. Actually, I bet the messages to the abuse mailbox are archived somewhere. My name is pretty unique. Since my sophisticated loop detection algorithms detected a loop in this conversation, I will stop responding unless I observe something new. -- Arik
Re: Israeli ISP and Blacklisting
On Thu, Jul 24, 2008 at 10:11 PM, Noam Rathaus [EMAIL PROTECTED] wrote: I am taking my stuff elsewhere, the ISP's responsibility is to provide service, and it should be good service - meaning stopping others from abusing the network, which in turn is used against me - as I am blocked in an RBL. Let me suggest a radical idea. I think that it is a good thing that Israel will be blocked in as many RBLs as possible. And here's why. For the people on this list, it's a big deal but not critical. I put it to you that most companies will deal with it one way or another, by tunneling their ways somehow. I can think of 10 ways right now. The people who will suffer are the regular users, those who use the ISP mailbox (gaaa!) and have zero technical knowhow. There are a lot of them, which means that they will make a lot of noise. The ISPs will then become a relatively unregulated industry that apparently doesn't work properly without regulation. It also has a status of a quasi-essential infrastructure. I sincerely hope that the regulator will step up to the plate and regulate the ISPs and what they need to do to spammers, in an effort to make the infrastructure usable again. Maybe our star will shine and we'll see some heavy-handed anti-spam law, especially if the ISPs respond to regulation by saying the burden is too high because spammers don't have an incentive to stop. So before you start flaming, consider this: Change only happen out of necessity. The stronger the necessity - the swifter the change. Lithium-ion batteries did not come to be before laptops and cellphones became a commodity. Hybrid cars didn't become a reality before gas prices went so high that people actually started buying them. And conversly, think of Israel's desalination plants - how they come to be whenever there's a year or two of draft, and then fall apart at the first sign of a rainy year. And since one of the participants in this discussion at least seems to work for an ISP, the same ISP from which I get most of my Hebrew spam, the same ISP from which spam contains the header of the ISP's own relay, and passes SPF checks, the same ISP which gets messages to the abuse alias from me every month and never responds (robots excluded) - I view your behaviour as aiding and abetting the spammers. I have proof that the addresses the spammers use could never have been gotten from me (heck my domain was dictionary-attacked by them), and I hope that you get blacklisted as much as possible. I also hope that your users leave you for this very reason and that you fail financially, so the spammers have to find a less hospitable environ. I wish this ruin on you because you are acting, in my personal opinion, in bad faith and in cohorts with the sort of people who I would like to see their activity as felonious. I hope that once the regulation comes you will continue with your bad behaviour as to become the first test case of disobeying the regulation and that you shall lose and become the precedent for any other such case. You know who you are. -- Arik
Re: Israeli ISP and Blacklisting
On Thu, Jul 24, 2008 at 11:22 PM, Imri Zvik [EMAIL PROTECTED] wrote: I can only assume you are addressing me. Due to the latest trend of libel suits, I cannot confirm nor deny. You are just flaming now. You have no idea what we are doing to stop or fight spam, and this public list is not the place to list those things. For the particular ISP I was talking about, I know that the same authenticated user has sent me messages after several complaints, so I know for a fact that the same user keeps spamming. I'm only answering you here because I don't want to create the state of שתיקה כהודאה (silence as admittance, lit trans) 2. If you have any repeating issues with spammers using our mail system, I would be GLAD to know about it. Please provide me with full headers. I appreciate your suggestion. I will obviously not contact you because that would mean that you are the ISP I was talking about. I will however make an attempt to create a compendium of the headers from the last 30 days of spam that I have and send it to the abuse address of the offending ISP. It will take me some time as analyzing 1000s of spam messages means that I need to write code to do it, but I will get to it eventually. -- Arik
Re: Israeli ISP and Blacklisting
On Thu, Jul 24, 2008 at 11:59 PM, Imri Zvik [EMAIL PROTECTED] wrote: It means they have 208 IPs that sent at least *one* spam in the past 7 days from a range that includes 131070 hosts! The way they are calculating it, it means it could be that they only got 208 spam emails in the last 7 days, and that was enough to block the whole A class. I'm sorry, but this is not reasonable - It doesn't even leave room for the ISP to cooperate and deal with the spammer. I need to understand - are you in favor of blocking port 25? How many people in this list thinks it's a good idea? Although I don't think it's good to block port 25, I think that allowing port 25 only for customers who sign an agreement which says that: * They will pay 1500NIS for every message from their account - backed by a credit card with pre-authorization of the card * If a recipient has complained - showing the full headers - and the message was sent in bulk - and the sender cannot prove that the recipient actually asked for the message = by showing the double opt-in message logs complete with IP addresses Sometimes people forget that they signed up for a list. -- Arik
Re: Israeli ISP and Blacklisting [summary and stop]
On Fri, Jul 25, 2008 at 12:13 AM, Noam Rathaus [EMAIL PROTECTED] wrote: Arik didn't disappear, maybe he has work to do beside answering emails here - I trust Arik to get back to you. Only one person (Arik) complained about actual problem, and when I asked for information he disappeared. Nope I didn't disappear - I sent a message 35 minutes ago to the list - wasn't it received? -- Arik
Re: SIP gateway providers in Israel?
On Thu, Jun 26, 2008 at 12:40 AM, Gadi Cohen [EMAIL PROTECTED] wrote: I've been using www.didww.com successfully for a few years now as a Have you ever had any problems with them? I'm only been using them now for a few days :), but yesterday all of my DIDs were unavailable at random intervals. From a tcpdump and the call log, it looks like they only tried to connect the call some 20 minutes after it was made. Anyways, today is everything is working. Most of my complaints are for the low bandwidth allocation that made a few of my calls hard to hear, but that has been resolved, I'm having clear calls for about a year now. My termination service for the box is voipjet.com which has a very And your experiences with them? I signed up a week ago (and paid!) and my account still hasn't been activated yet... they keep posting a message on their website saying new accounts might only be activated on approximately XX and keep moving the date forward. No response from their fastsupport email, and from reports on the Internet it doesn't look like they've ever answered that email for the past few years. Interesting. When I signed up with them they opened the account automatically immediately and I was able to use their free 25c on the spot. That was almost 3 years ago, though. I never used their support. There was a recent outage of about a day, which is the first time I had such a long outage, but they're back. There have been a few outages for an hour or two here and there, but they're generally okay. Join their mailing list, it's important. Since I don't use it for business, only making private calls, it's been really good. I must also point out that they are in violation of PayPal's terms of use (they charge a surcharge for payments) and their own TOS is incredibly dodgy. You're actually already in violation for disclosing to other people that you use their service. You also agreed never to sue them, and of course that, the customer acknowledges that the service may not be working for some, most or all of the time.. Unenforceable, in my opinion. IANAL. There is nothing that they can write and that you agree to that can make you not sue them. I don't know who wrote that but I am willing to bet it wasn't a lawyer. The potentially good news though is that after A LOT of searching (indeed, good rates to Israel aren't easy to come by), I did find the services of grnvoip.com. Here's a comparison of prices to Israel (in USD): Land Line Cell VoipJert.Com 0.01980.0949 GrnVoip Standard 0.0138 0.0792 GrnVoip Premium0.0166 0.0951 Thanks, I will research that. I have no loyalty to voipjet whatsoever. My setup allows the following: Did you configure everything by hand? Or did you use a web manager? By hand, sure. The machine I use is so small that I can't run a web server on it when Asterisk is running. Downside: I get calls in the middle of the night from MILUIM... don't ask. Mmm... you could always block calls from unlisted numbers... at the very least after hours. Or you could direct unlisted numbers to some silence and they'll need to know in advance they'll have 5 seconds to press 1 after the phone stops ringing... there are a lot of creative solutions here :) My plan is actually have the system know where I am (perhaps I'll get my phone to send the timezone or something automatically) and make it play a recording when I go to sleep in local time - to make sure I don't get that. It won't help with the Miluim automated draft drill system - unless I teach it to dial my personal number :-) Again, thanks for the inspiration. You're welcome. Your bill for 2c is in the mail. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: SIP gateway providers in Israel?
On Sun, Jun 15, 2008 at 11:38 PM, Amos Shapira [EMAIL PROTECTED] wrote: Could you explain exactly what part of the equation does voipjet fullfill? Voipjet is a Termination service - it takes a VOIP call and terminates it in the public telephone system network. I.e. you connect using VoIP and a physical telephone rings. I'm a relative newbie in this area (been using VoIP at home for a couple of years but once I setup the ATA to login to my SIP provider I never touched it). I'll try to explain the two situations I have: 1. Family in Brazil - I'd like to enable them to just pickup the phone there and dial a local Brazilian number and make it ring my phone (already connect to one SIP provider, Sipura SPA-3000, I think it can be called from multiple SIP providers). didww.com should allow me to do just that - right? For that you need a DID in Brazil, and indeed didww has that option ($10/month). Then the phone needs to be terminated at your phone. I don't know the details of your SIP provider; didww will forward calls for you to several providers for free. If not you can always use an Asterisk box as the destination of your calls, where you can do whatever you want, for example, use voipjet to initiate a call too your home / cellphone / computer whenever someone dials the DID. 2. Calling family in Brazil from Israel - how? I want to pick up the phone in Israel and dial an Israeli number and have it ring in the home in Brazil. Is this where VoIPjet comes into play? Another interesting scenario is to program some special prefix in the ATA in Israel to behave as if the dial-tone is from Brazil. For that to work you need a DID in Israel, and use a termination service that serves Brazil. voipjet is such a termination service. It's not the only one though, shop for prices. didww offers to redirect the call to a land-line for you, but I think they charge too much for it ($15 flat rate, where call to Brazil with voipjet cost 3-4 cent/min). You need an Asterisk box (or another PBX) to do the switching for you. 3. My company is in the process of setting up our small sales office in the Silicon Valley. We bought a couple of VoIP boxes (IP PABX and ATA for the main office, another ATA for the branch in the valley). We are looking at ways to allow: 3.1. People in the main office to pick up the phone and call the office in the Valley through the VPN - that's probably doable with PABX programming. 3.3. People in the US pick up their mobiles, call the office in the Valley and get an Israeli dial tone. All of these are doable. You can do it over the VPN or outside of the VPN, your choice. You don't need a DID provider or a termination provider if you supply your own phone lines and the necessary hardware to connect to them on both ends. My solution is nice because it uses zero hardware. 2. Whenever I dial my own US DID (caller ID...) I get a second dial tone and after punching a code I can dial anywhere in the world, like a calling card. Is this (2) what VoipJet gives you or is this doable with didww alone? It's using both. didww supplies the US number that I call, and voipjet supplies the connectivity for the call from my asterisk box to the destination. Downside: I get calls in the middle of the night from MILUIM... don't ask. Caller ID? :) I need to write some scripts for that and I'm lazy. I want to set up a recorded message to tell people that if they continue with the call they'll wake me up, and make the message play only when I am asleep, local time. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: SIP gateway providers in Israel?
On Mon, Jun 16, 2008 at 1:06 PM, Geoff Shang [EMAIL PROTECTED] wrote: Note that Voipjet only accepts inter-asterisk exchange (IAX2) protocol connections. I thought I should mention this as the original poster was asking about SIP. Of course, you can get Asterisk to do the switching duties and I in fact do this. The original poster did not specify a protocol in his question. Being a Linux list, I assumed asking for a solution may include a Linux system running Asterisk. Perhaps I was wrong. Yes Voipjet is only meant to be for carriers but like others, I'm a happy customer and they've not kicked me off yet. I'd be interested in Israeli termination services though if people know of any that don't want you to rent an ATA. I'd say that voipjet's rates are competitive even as an Israeli termination service. They're not the cheapest, 2c/min is expensive for a landline, but 9.4c/min (=40 agorot, right?) is pretty good for cellphones. When I come back to Israel I intend to use them to call cellphones. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: SIP gateway providers in Israel?
On Sun, Jun 15, 2008 at 6:52 AM, Ira Abramov [EMAIL PROTECTED] wrote: A friend of mine is moving abroad, and wanted to keep in cheap contact with his friends and fanily in Israel. He tried talking me into installing Asterisk at my home for him to be able to do that, but I don't want to diving into the maintenance of more equipment and software (though he was more than willing to donate all the hardware needed, etc). Question is, if there's an Israeli company that provides Packet8 or Vonage-like service with an Israeli local line and number? Hi Ira, I have moved to the US 3 years ago, and I have a system in place that I believe accomplishes what he wants. I've been using www.didww.com successfully for a few years now as a DID in Israel. Friends and family call my Israeli number and the call gets routed to my Asterisk box in the US. The cost is very reasonable (an 077 number is $3/month) and it's a flat rate for up to two simultaneous calls. My termination service for the box is voipjet.com which has a very reasonable rate for Israel (2c/min LL, 10c/min cell). They say that they don't want end users to use their services, only carriers; they didn't kick me out though so I guess that as long as everything is okay they won't care. As for the asterisk box, I'm hosting it on the cheapest Linux VPS server from www.vpslink.com, and it costs $8/month. I can't run anything else when the asterisk process is running (it has only 64M RAM), but it's working like a charm for over two years now. Plus, an extra box to SSH to in times of need is always nice. I use it to tunnel out of tough spots on occasion (ssh -N -n -f -D 1080 host) My setup allows the following: 1. People dialling the DID in Israel, France and the US (coming soon: Australia) get routed to both my softphone and my US cellphone (whichever answers first) 2. Whenever I dial my own US DID (caller ID...) I get a second dial tone and after punching a code I can dial anywhere in the world, like a calling card. Downside: I get calls in the middle of the night from MILUIM... don't ask. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Store selling Linux computer with support
On Tue, Dec 4, 2007 at 10:04 AM, Maxim Veksler [EMAIL PROTECTED] wrote: http://d-source.co.il are resellers of http://affordy.com which delivery hardware + software for the home marked based on Ubuntu. 1. They will support you in your first steps of connecting to the Internet by working with the ISP. 2. They sell Monthly (100NIS) / Yearly (600NIS) technical support. A home visit will cost you 250 NIS. Their support covers PC not booting, no X and other user land stuff. From the business point of view, they've sold ~100 PCs in Israel and are expending abroad. Their offer includes Ubuntu core + 3rd party software (mostly binary freeware such as Skype, games and toys). It's seems like a small PC shop (6 employees with hardware backing from d-source). On the community side, they have plans on donating hardware for ubuntu.org.il, I'll believe it when I see it happening. Hello list, Does any of you have an update on this? My brother is contemplating buying a computer now, and he came across their advert. If anyone has one of those, I'd love to get in touch and hear any comments, for better or worse. The one downside that I already discovered is that at least one of their resellers advertise using SPAM. I'm going to report it to the company and see how they handle it. Thanks in advance and take care, -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: external DNS service
On 4/9/07, Gabor Szabo [EMAIL PROTECTED] wrote: Looking at http://www.granitecanyon.com/ again their server keeps giving me Internal Server Error on some of the management pages. Not a good start. What about http://xname.org/ ? That's free and if I understand it is built on some free software too. I had a good track record with xname.org for the last few years. They write the software and maintain the DNS, either primary or secondary. Their interface leaves much to be desired and (my pet peeve) they don't support SRV RRs but they're good friendly and reliable. They will also appreciate a monetary donation for any sum. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Why doesn't traceroute work for me?
On 3/8/07, Shachar Shemesh [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] speedy]$ /usr/sbin/traceroute www.walla.co.il traceroute to www.walla.co.il (192.118.82.140), 30 hops max, 38 byte packets 1 192.118.82.140 (192.118.82.140) 0.641 ms 0.611 ms 0.572 ms Sound like your firewall mangles the TTL of outgoing packets. Try to do a manual traceroute using ICMP packets instead, in the following manner: ping -t 1 www.google.com ping -t 2 www.google.com . . until you stop seeing the Time to live exceeded error message. This is actually what traceroute does, only it does it with UDP packets. Post the results. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Preventing email spoofing
On 6/19/06, Ilya Konstantinov [EMAIL PROTECTED] wrote: Note that SPF is not something reserved for high-profile domains. Every Nigerian scam domain can deploy SPF and then it'll be verifiable fair and square. So, no easy way of killing off all those Nigerian scams? You betcha there isn't. That's because SPF is not intended to solve the spam problem, it's intended to solve the domain masquarading problem. It's basically an authentication method where you trust a trusted 3rd party (the DNS server) to tell you which hosts are allowed to send mail on behalf of the domain that you're querying about. For example, my SPF record is: arik.baratz.org.43200 IN TXT v=spf1 include:aspmx.googlemail.com ~all This means that I trust aspmx.googlemail.com to tell which hosts are allowed to send email on my behalf. Google's SPF record is: aspmx.googlemail.com. 7200IN TXT v=spf1 redirect=_spf.google.com and _spf.google.com.274 IN TXT v=spf1 ip4:216.239.56.0/23 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ?all so these are the addresses that can send email for my domain. The immediate benefit from SPF is that it prevents joe-jobs, some spammer using your domain to send spam from. The future benefit when it is widely deployed would be black-list of domains that have sent spam. Since you can't forge your domain, you'd have to send spam from a domain you own, therefore you'd have to keep on buying domains as the existing ones get into the blacklist. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: hosts.allow issue.
On 6/8/06, Livneh Ran [EMAIL PROTECTED] wrote: Hi. Is there a way to block certain user from specific network? I'd like to deny access for user internal from the outside world, or allow access to that user only from 10.x.x.x networks. You can prevent a user from accessing a network by socksifying your network applications and using socks for access control. It's not a perfect solution though. Another way is using netfilter: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3 using the owner module: owner This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even then some packets (such as ICMP ping responses) may have no owner, and hence never match. --uid-owner userid Matches if the packet was created by a process with the given effective (numerical) user id. --gid-owner groupid Matches if the packet was created by a process with the given effective (numerical) group id. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: No interactive shell prompt when using passwordless (rsa) ssh login ?
On 5/8/06, Maxim Vexler [EMAIL PROTECTED] wrote: debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 Did you try adding a -t parameter to force tty allocation? -- Arik
Re: [OT] Google is Anti-semetic
On 4/24/06, Yonah Russ [EMAIL PROTECTED] wrote: Google is a bunch of Anti-Semites. You can read the details on my blog: http://www.yonahruss.com/2006/04/google-supports-terrorism.html I do believe, Yonah, that you might be jumping to conclusions here. In fact, I think what you have written above is calumniatory, defamatory, denigratory, libellous and slanderous. Had I been Google I would have sued you for that. I suggest everyone write an email to [EMAIL PROTECTED] complaining about this injustice. Here is a sample email for your use: - To whom it may concern, To Google Analytics Support It has been brought to my attention that Google, much like Hamas, refuses to recognize the Sovereign State of Israel. I find this deeply disturbing, especially in light of the fact that countries like Iran, Iraq, Afghanistan, and North Korea (the likes of which threaten the existence millions on a daily basis) are listed in your Analytics service without prejudice This is a demagogic statement, meant to illogicaly tie Google to the Hammas. You took one fact - that Israel's time zone is missing - and built a mountain of logically inconguant statements that cannot be proven or even strongly tied to the original fact. You completely ignore mitigating factors - like the existence of google.co.il, of news.google.co.il, the Hebrew interface language and the Hebrew language translation project, and the fact that they have an office in Israel and hiring Israelis. Oh, don't let reality get in your way to righteousness. Please correct this immediately and may I suggest that a public apology to Israel and the Jewish people would be appropriate. That's rich, considering you send your email messages from GMail (yes I checked the headers) and use their Analytics service. If this goes uncorrected, I'm afraid I will have to boycott Google's services. Were I Google I would have closed all your accounts after that email. But I think that they will follow Hanlon's Razor [1], which you should have followed when you discovered that missing timezone: - Never attribute to malice what you can attribute to stupidity. -- Arik [1] http://en.wikipedia.org/wiki/Hanlon's_Razor
[OT] Google is Anti-semetic
On 4/24/06, Yonah Russ [EMAIL PROTECTED] wrote: Google is a bunch of Anti-Semites. You can read the details on my blog: http://www.yonahruss.com/2006/04/google-supports-terrorism.html I do believe, Yonah, that you might be jumping to conclusions here. In fact, I think what you have written above is calumniatory, defamatory, denigratory, libellous and slanderous. Had I been Google I would have sued you for that. I suggest everyone write an email to [EMAIL PROTECTED] complaining about this injustice. Here is a sample email for your use: - To whom it may concern, To Google Analytics Support It has been brought to my attention that Google, much like Hamas, refuses to recognize the Sovereign State of Israel. I find this deeply disturbing, especially in light of the fact that countries like Iran, Iraq, Afghanistan, and North Korea (the likes of which threaten the existence millions on a daily basis) are listed in your Analytics service without prejudice This is a demagogic statement, meant to illogicaly tie Google to the Hammas. You took one fact - that Israel's time zone is missing - and built a mountain of logically inconguant statements that cannot be proven or even strongly tied to the original fact. You completely ignore mitigating factors - like the existence of google.co.il, of news.google.co.il, the Hebrew interface language and the Hebrew language translation project, and the fact that they have an office in Israel and hiring Israelis. Oh, don't let reality get in your way to righteousness. Please correct this immediately and may I suggest that a public apology to Israel and the Jewish people would be appropriate. That's rich, considering you send your email messages from GMail (yes I checked the headers) and use their Analytics service. If this goes uncorrected, I'm afraid I will have to boycott Google's services. Were I Google I would have closed all your accounts after that email. But I think that they will follow Hanlon's Razor [1], which you should have followed when you discovered that missing timezone: - Never attribute to malice what you can attribute to stupidity. -- Arik [1] http://en.wikipedia.org/wiki/Hanlon's_Razor
Re: [OT] Google is Anti-Semitic
On 4/24/06, Yonah Russ [EMAIL PROTECTED] wrote: That was more to get your attention than anything else- it worked- right? So what you are saying that you are in fact not only engaging in libel but also in manipulation of this group for your own agenda. Tsk Tsk. Companies like google should not go public with non-policy websites. Besides, Huh? Should? a) several people have told me that in the past Analytics allowed the choice of Israel so this has apparently been removed on purpose. How do you know? Do you have some insight into the Google Timezone Removal Comeetee deliberations? b) Palestinian territory was never included in any stock country list I found on the web when creating a website. Uh, unfortunately for you, this is also a mistake on your side. Gaza is its own timezone, and when contemplating timezones, see there, you have to include it. It's different from the Jerusalem timezone by the application of Daylight Saving Time or lack thereof. And for the record, Google employs several Israelis and Jews, have an Israeli office, and have set up the http://www.google.co.il/ localised portal. So it would be a stretch to say they are anti-Israeli. As I've told others, unfortunately I know many anti-semetic Jews. In any case, my point is that google has taken a side in our little conflict and I don't believe it to be a valid one. Whoa! Did I read that correctly? Are you accusing the Jewish Google employees of being anti-Semitic? I wish I was a Google employee just so I can take you to court for just that statement. You could also comment on and digg the story: http://digg.com/links/Google_Supports_Terrorism Actually I'm going to do it right now. I don't suppose you'd like what I write though. -- Arik
Re: [OT] Google is Anti-Semitic
On 4/24/06, Yonah Russ [EMAIL PROTECTED] wrote: [deleted] Here's a dilema. On one hand I'm offended by what you write. On the other, any future word I write would be simply troll food. I opt to stop this right now. -- Arik
Re: [Solved] Burning podcasts easily?
On 4/3/06, Oded Arbel [EMAIL PROTECTED] wrote: The next problem is that most podcasts are very large, and I can fit maybe one or two at most to a CD - sometimes just half. K3b has a nice option where you can split a track (that is stored in a single file) and you can burn one CD compilation with the first part, and just drag and drop it to a second CD compilation to burn the other half. That's why I've solved the problem by buying the cheapest flash MP3 player I could find. No more CDs to burn. I interface it to the radio with an FM transmitter. Since I don't listen to regular radio (just podcasts) I folded the car's antenna, it improves the transmitter's reception quality considerably. -- Arik
Re: Apache to do everything except milk delivery (was: Re: My Anti-qmail Page)
On 11/6/05, Omer Zak [EMAIL PROTECTED] wrote: Then all it will miss is mod_bootloader. You forgot the catch-all mod_emacs. Uh uh, tsk tsk. mod_vi comes first, I say! -- Arik
Re: My Anti-qmail Page
On 11/5/05, Eli Marmor [EMAIL PROTECTED] wrote: [snip] Maybe it's too early to include mod_smtpd in the list of alternatives, but I believe that in the long run, it has good chances to become the best MTA for Linux/UNIX, especially if it will be integrated well with the HTTP module, as well as the surrounding modules (mod_pop3, mod_mbox, the black lists module, etc.). The only missing piece, at least in my opinion, is mod_dns (or mod_bind or mod_named, the name is not important...). Then all it will miss is mod_bootloader. -- Arik
Re: PC-to-phone VoIP
On 25/08/05, Geoffrey S. Mendelson [EMAIL PROTECTED] wrote: They invested $100,000,000 in BPL, which will destroy all long range radio communictions including shortwave radio, ham radio, VHF lowband television and all of the IDF communitcaions where you see the long antennas. Too bad it will go down the drain - it's my personal belief BPL (Broadband over Power Lines) will never see the light of day. A friend of mine from the U.S. pointed out that Google Earth uses the Arabic names for places in Israel that have both Hebrew and Arabic names. This has caused quite a stir in the Jewish community in Silicon Valley. Well, I just checked. Not true. The place names layer has the Hebrew name for all Israeli cities that I checked, including Ariel settlement and places in the Golan Height. There is also a layer of locations specified by users on the web forum, where you can find Hafa' near Haifa and Acre near Akko, but the name layer Google provides has the current, modern, Hebrew names. They are planing on blanketing the world with free wifi, putting out of business the small business that are doing the same thing, and preventing places that offer wifi such as coffee houses from turning it off when they want customers to come and buy drinks, not use free wifi and buy nothing or stay for hours keeping other customers out. Sorry, but this is the meaning of competition. It's much like Linux is putting (or will put) the commercial OS makers out of business because it's free. And if the coffee shops don't like freeloaders, they can kick them out. If you come into a coffee shop and read a book for hour you will also be kicked out, wifi or no wifi. The New York times has an article about how their hiring practices have destoyed the job market in that area for startups. Personaly I think that's good, maybe more people will invest in startups here instead. Can you enlighten us? I can't imagine how a company's hiring practice may destroy the job market in this area. I live in Palo Alto now, and I don't really see it happening. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: PC-to-phone VoIP
On 25/08/05, Nadav Har'El [EMAIL PROTECTED] wrote: [snip] you mention (shortwave, etc.) actually should matter to any of us, now that we have the Internet, which is far better than any of those options (most of us never could operated *servers* for these technologies, but can do so on the Internet. Also, Internet *clients* are far more versetile than the clients of these older technologies you mentioned). All this technology is great, and better than shortwave, but: A. Shortwave is widely deployed and used, practically everywhere in the marine and avionic world, for emergency and for daily use B. Shortwave is a simple and reliable technology. In case of emergency, it is immeasurably easier to set up a shortwave station. Not to mention build one from available parts. Let's meet after the EMP pulse hits and see who has emergency services faster. C. I had email sent on SF systems over shortwave at 9600 baud when most people's modems were 1200 baud, so don't diss it. BPL does threaten to hurt shortwave quite a bit, and this is precisely the reason why it won't come to be, IMHO - quite a bit will be way too much in case of emergency. -- Arik 4Z5RX To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Private instant messaging server
On 08/08/05, Shachar Shemesh [EMAIL PROTECTED] wrote: Hi all, I'm trying to set up a network for a client in extreme paranoia mode. The network will be unconnected from the Internet, no floppies, etc. No, this is not a military institution. If the clients are using GAIM, and you don't necessarily have to have a protocol accessible by Windows machines, you can sse SILC from http://www.silcnet.org/ for which there is a native GAIM plugin - a super-secure network complete with public key infrastructure etc. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Parsing a hebrew website and maintaining the encoding to something readable
On 05/07/05, Dvir Volk [EMAIL PROTECTED] wrote:
I'm not a python expert, but you can use libiconv to convert the text to
utf-8. I use it with C and PHP, it probably has pyhton bindings, and it
also has a small app called iconv, which you can pipe to get what you need.
if you're not sure what your source encoding will be in all cases, i'd
also recommend trying to detect the encoding from the html source, with
a regex, and passing the result to iconv as the source encoding.
Python has its own conversion routines, and an internal Unicode
representation. The way to go is to use the decode() string method to
convert the page to the internal unicode representation, and then
render that representation in the encoding of your choice using
encode(). For instance:
s='Hebrew cp-1255 text שלום'
u8=s.decode('cp-1255').encode('utf-8')
-- Arik
Re: Parsing a hebrew website and maintaining the encoding to something readable
On 05/07/05, Lior Kesos [EMAIL PROTECTED] wrote:
Pasted from the python-il list.
-
Thanks Viktorija (vika?) - that provided half of the solution.
The full one is -
unicode(text,'cp1255').encode('utf-8')
This one uses the unicode constructor to create the unicode object. I
rather like factories over constructors. It's a matter of personal
preference :-)
-- Arik
To unsubscribe,
send mail to [EMAIL PROTECTED] with
the word unsubscribe in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
Re: primary / second DNS Records
On 02/06/05, shimi [EMAIL PROTECTED] wrote: nameserver about your domain. The TLD's authoritative nameserver replies with the list of nameservers you supplied to the registrar; If those nameservers are within your domain, it'll also send _in_the_same_reply_ the IP addresses of these nameservers; No loop. The technical name for this is Glue records -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Prive mail-server issues (or: I am not a spammer!)
On 21/05/05, Hetz Ben Hamo [EMAIL PROTECTED] wrote: [snip] 2. I see that you have a GMAIL account, so I would suggest you to use it's SMTP capabilities instead of your machine's SMTP. Gmail rewrite the sender to point to the GMAIL account, AFAIK -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: ms on the offensive again
On 20/05/05, Tzafrir Cohen [EMAIL PROTECTED] wrote: [snip] For the record: what are the limitations of such XP/cheapo? IIRC it is not intended to be a real independent workstation but rather a thin client mostly. It won't run on a modern machine - only celerons and PIIIs and Durons. Checked by CPUID. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: nezeq overcharge for internet calls
On 20/05/05, Peter [EMAIL PROTECTED] wrote: Has anyone had this problem or similar and how did you solve it. Complaining and asking for a recheck sometimes help. It's called the system - eyther they succeed or they don't. In my company we have an always-on 128k ISDN line for backup (when the ADSL goes down). ISDN is a dialing medium, and there's a Cisco router that's constantly dialing the line if it goes down. No big deal. There's a payment to Bezeq, around 100 NIS a month, for dialing to ISPs from that line. Anyway, the company's accountant came to me one day asking me if we need this line. I said sure, that's our backup, and it doesn't cost much anyways. Not much? How about 4000NIS per month? My jaw dropped. It turns out we weren't on the program for paying only 100NIS for dialing to ISPs. We used to be, but for some reason we weren't. I told the accountant to straighten it with Bezeq. He said they said we never were on that program, and we can go on it starting next month... I told the accountant I was SURE we were at a time in the past on this program, and he has dug into the old bills and records, and he found out that indeed up to 10 months back we were. A few more calls to Bezeq and a 40K NIS check from Bezeq was mailed to us. Do double-check every bill. It's worth your time. And raise hell if it doesn't seem right. If you're on the wrong, you won't lose a thing. I have more stories, but I have to go now. -- Arik
Re: nezeq overcharge for internet calls
On 20/05/05, Peter [EMAIL PROTECTED] wrote: On Fri, 20 May 2005, Arik Baratz wrote: Date: Fri, 20 May 2005 21:08:40 +0300 From: Arik Baratz [EMAIL PROTECTED] To: linux-il@linux.org.il Subject: Re: nezeq overcharge for internet calls [Error: Formatting error: Internal base64 decoder error] Sorry Arik, can't read your reply. Your mailer does something wrong or it doesn't treat the message as UTF-8. Complaining and asking for a recheck sometimes help. It's called the 'MAZLIAX' system - either they succeed or they don't. In my company we have an always-on 128k ISDN line for backup (when the ADSL goes down). ISDN is a dialing medium, and there's a Cisco router that's constantly dialing the line if it goes down. No big deal. There's a payment to Bezeq, around 100 NIS a month, for dialing to ISPs from that line. Anyway, the company's accountant came to me one day asking me if we need this line. I said sure, that's our backup, and it doesn't cost much anyways. Not much? How about 4000NIS per month? My jaw dropped. It turns out we weren't on the program for paying only 100NIS for dialing to ISPs. We used to be, but for some reason we weren't. I told the accountant to straighten it with Bezeq. He said they said we never were on that program, and we can go on it starting next month... I told the accountant I was SURE we were at a time in the past on this program, and he has dug into the old bills and records, and he found out that indeed up to 10 months back we were. A few more calls to Bezeq and a 40K NIS check from Bezeq was mailed to us. Do double-check every bill. It's worth your time. And raise hell if it doesn't seem right. If you're on the wrong, you won't lose a thing. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Maintaining Python code
On 01/05/05, ik [EMAIL PROTECTED] wrote: [snip] jToolkitSetup.py Traceback (most recent call last): File ./jToolkitSetup.py, line 6, in ? from distutils import log ImportError: cannot import name log [snip] I'm using Python 2.2 on a Red-Hat server. 'log' is a relatively new module in package 'distutils'. My Python 2.3 has it. Upgrade to Python 2.3 or 2.4 and it should work. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: A Brief History of Linux in Israel
On 23/04/05, Shlomi Fish [EMAIL PROTECTED] wrote: I did the best to get the facts right, and do justice to the history. I'm not aware of any other one who documented the Israeli open-source history this way. Note that the page is world-editable so feel free to correct typos and stuff. I just ask that if you have more substantial modifications you'd like to incorporate there, that you'll raise them here before actually editing the page. I don't know if it's relevant, but I have installed the 1st Linux machine in the Technion's computer center (TCC), it's name was ccarik.technion.ac.il on my own personal machine with a TCC network card. Slackware, Kernel was 1.2.3. I was working with Oved Ben-Aroya at the time, and after a while Oved installed his own Linux on another machine, and used it as a backup DNS server for the technion during maintenance work on the network infrastructure. Slackware 2.2 with kernel 1.2.3 is dated April 1995, so that's around when it came to be. I'm not sure it was a first in any university's computer center, but it's definitely one of the first systems around. Oved, feel free to correct or add details about the second Linux in TCC. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: weirdest problem ticket opened today.
On 21/04/05, Ez-Aton [EMAIL PROTECTED] wrote: It's not a contest I want to win in. It happened once, and the backups were one week old. Yep. Bad luck. Yeah, bad luck. And I quote from your own words: I played with a spare disk (small one) I had, and a backup script, using tar... It happened that I was very drunk that night, and it seemed like the best idea to play with the script Your honor, this is a clear and cut case of DUI - Debugging Under the Influence. The accused was trying to hide his actions, as is plainly clear from his words again: ...a user starts talkint to me, saying he can't login to his home dir... I've explained there are some maintanance works on the server, and that it will be ok by morning. He claimed he can't read his mail using pine (wonder why...), and I've used the same explanation... After this overwhelming evidence, the prosecution demands that the accused will receive the maximum penalty set for DUI in the law: Running Windows 3.10 for 3 years. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: weirdest problem ticket opened today.
On 19/04/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: [snip] Few years ago, while (and still) administrating the Israeli Radio Amature Commette (IARC) server, which is a Linux machine, and back then it was old [snip] rm -Rf home AAARG! NOW I know what happened to my f-ing files on that server! Your backups were NOT up to date enough!!! -- Arik 4z5rx To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: print a formatted directory tree
On Apr 7, 2005 3:44 PM, Noam Meltzer [EMAIL PROTECTED] wrote: Hi, I remember I once encounted a utility which can print a formatted output of the directory tree. But can't find it now. Hi Noam There's a package named tree on my Mandrake installation, but I mainly use a Python routine which I customize to my heart's content. -- Arik #!/usr/bin/env python import os,sys,stat def Crawl(sFolder,sIndent=): crawl a folder lFiles=os.listdir(sFolder) for sFile in lFiles: sAbsFile=os.path.join(sFolder,sFile) try: tStat=os.stat(sAbsFile) except OSError: print 'Cannot stat file %s' % sAbsFile continue nMode=tStat[stat.ST_MODE] if stat.S_ISDIR(nMode): print %s%s/ % (sIndent,sFile) Crawl(sAbsFile,sIndent+ ) else: print %s%s % (sIndent,sFile) def main(): if len(sys.argv)1: sFolder=sys.argv[1] else: sFolder=os.getcwd() Crawl(sFolder) if __name__ == '__main__': main() = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Linux AP at a good price in Israel?
On Mon, 14 Mar 2005 13:55:59 +0200, Ira Abramov [EMAIL PROTECTED] wrote: I was hoping for something closer to 350-400 NIS... am I dreaming? Have someone import it for you. It's less than $200 so it can easily be brought in the green lane, and even if the tax persons find it you can show a receipt and tell them it's a wireless network adaptor. They will probably not bother with figuring if it's legal or not. What I usually do is I take the package apart, fold it, ship it in another bag with my clothes, same goes for manuals etc. and put the actual electronics in my carryon, which is littered with other, visibly used electronics, cables and stuff anyway. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] Python code is not Pseudocode [was Re: [OT] CS Languages for Teaching ]
On Wed, 9 Feb 2005 13:14:30 +0200, Shlomi Fish [EMAIL PROTECTED] wrote: Another thing to note is that I'm not sure Python code will be understandable by people who are not familiar with it, with OOP, etc. Pseudo-code can be understood by people with a minimal amount of CS education. Shlomi, I think Pseudo-code needs to transmit an idea. Describe an idea in a way that is relatively accurate and compact. When you want to describe an algorithm in a way that it can be readily programmed. It does NOT NOT NOT need to be understood by people without CS education or little CS education, because writing pseudo-code already intends your article to this type of audience. From my experience with real people, python-esque pseudo-code is well understood by people 'skilled in the art'. Even 2-page algorithms. And Shlomi, stop nitpicking. If there is one way to find the len() of an object, and that limits you in the pseudo-code that you are writing, well, I can't do anything for you, but for me (and I believe for most) it is EASIER to READ pseudo-code written in a single, consistant way. Yes I know it's the one-way vs. many-ways argument, but I think it holds especially for code that is read ONLY by humans, and almost never by a computer. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone using 013 ADSL here? (make sure they work with linux)
On Fri, 04 Feb 2005 02:08:38 +0200, Shaul Karl [EMAIL PROTECTED] wrote: On Thu, Feb 03, 2005 at 07:07:35PM +0200, Arik Baratz wrote: Don't tell them you're using Linux. Big mistake. I believe you are wrong. That doesn't mean they will support it. But they won't hang up either. I do believe that these days many supporters on the support desk are interested in other OSs too. I'm sorry, Shaul, but in those times when the network is down and I needed support, the people I had spoken to had me (get this!) take a laptop, plug it to my ADSL network, change my ADSL address back to the original 10.0.0.138, set up a fixed address of 10.200.1.1 on my laptop, and try to login. Of course it wouldn't work that way as well. My strategy is to try to avert the subject as much as I can, for instance, if I see 'LCP Timeout' I just say timeout, etc, and the supporter assumes I am using windows. In these rare cases when I did tell the supporter I am using Linux, he asked me if I can switch BACK to Windows and check again. So I tell the guy okay, switching... Hold on... Nope, didn't work The only times I was successful was when I insisted that I was working the exact same way for a year and didn't change my setup. Favorite ISP support dialog: Me: Hello, I have a problem with the backup DNS you are hosting for us... or Me: Hello, I am having problem running traceroute on your net or Me: Hello, for some reason I can't ping a host on your network Supporter: Can you surf okay? -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone using 013 ADSL here? (make sure they work with linux)
On Fri, 04 Feb 2005 02:08:38 +0200, Shaul Karl [EMAIL PROTECTED] wrote: On Thu, Feb 03, 2005 at 07:07:35PM +0200, Arik Baratz wrote: Don't tell them you're using Linux. Big mistake. I believe you are wrong. That doesn't mean they will support it. But they won't hang up either. I do believe that these days many supporters on the support desk are interested in other OSs too. I didn't say they hang up. In my experience the knee-jerk reaction is to tell you to try it in Windows, or tell you that they don't support Linux. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Anyone using 013 ADSL here? (make sure they work with linux)
On Fri, 28 Jan 2005 19:28:36 +0200, Micha Feigin [EMAIL PROTECTED] wrote: I was wondering if anyone connects to them through linux, and what is needed? I am currently using PPPoE with beseqint, and that is relatively easy to setup. What do 013 use? I use a PPTP tunnel with them, but I guess if your PPPoE setup works with BezeqInt it should work with 013, just change your secrets file and your login. Tip: They sometimes have strange login names, which can be very VERY long, for example [EMAIL PROTECTED] Yes, the barak.net.il is part of the username. From previous experience when I call support and tell them that I connect through a gateway which is an old G3 mac running linux I loose them on the spot ;-) so I want to be prepared before hand. Don't tell them you're using Linux. Big mistake. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
OT: Looking for Alcatel SpeedTouch Home
Hi all Looking for an Alcatel SpeedTouch Home DSL modem, in working condition, either modified or unmodified. It's the one with the Ethernet connection. TIA -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: OT: Looking for Alcatel SpeedTouch Home
On Thu, 3 Feb 2005 19:13:53 +0200, Arik Baratz [EMAIL PROTECTED] wrote: Hi all Looking for an Alcatel SpeedTouch Home DSL modem, in working condition, either modified or unmodified. It's the one with the Ethernet connection. Oh, sorry, I forgot to mention: I am looking to BUY it. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: OT: Looking for Alcatel SpeedTouch Home
On Thu, 3 Feb 2005 21:08:13 +0200, Marc A. Volovic [EMAIL PROTECTED] wrote: Oh, sorry, I forgot to mention: I am looking to BUY it. ebay, dear. Well, there are not many Israeli sellers in eBay, and I don't want to ship it from abroad. If requesting on Linux-IL won't help, then maybe. But my current Alcatel SpeedTouch Home was bought on... Linux-IL, from Amos. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Help make OpenOffice 2.0 better for Hebrew users
On Sun, 09 Jan 2005 15:30:25 +0200, Shoshannah Forbes [EMAIL PROTECTED] wrote: [snip] I have complied a list of the most important of these bugs, and I would be glad if people take the time, sign up to the bug tracking system, and vote for them: http://www.xslf.com/archives/000122.html I just did it, and I must say that the OOO registration process is super-easy, and so is the voting. Registration and voting takes literally 5 minutes of your time. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: sign up for go-linux
On Mon, 20 Dec 2004 16:29:34 +0100, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have just visited the signup page. I whanted to know out why my ID number is needed in order to sign up ? Just lie to them. Very simple. You're under no obligation - moral or otherwise - to give them the correct information. I can proudly say that I always lie about my national ID number, except for one case when I didn't (so if you ask me if I lied to you, I can say you're the one case I didn't lie about) And if they run a checksum, keep trying - 1 in 10 numbers is valid, a manual brute force attack would do it. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] buying a domain name
On Fri, 10 Dec 2004 18:01:41 +0200, Noam Meltzer [EMAIL PROTECTED] wrote: [snip] I was looking for a referal to one of those. GoDaddy http://www.godaddy.com I've been with them for several years now, and they are okay, very cheap. They also have a feature that prevents domain hijacking. I get no kickback. -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: BLUE MURDER!
On Sun, 28 Nov 2004 17:21:04 +0200, Ira Abramov [EMAIL PROTECTED] wrote: - Ira, the windows server's NIC died, we want to take the unused one from the Linux, OK? I am afraid there is only one thing to do. Seppuko! Actually, the ethernet emPOWERment device might be useful :-) http://bofh.ntk.net/Bastard7.html -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Google and Firefox
I guess Google has Firefox fans http://www.google.com/firefox http://www.google.co.il/firefox -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Configuring Postfix to use shlomif@iglu.org.il in the MAIL FROM SMTP Command.
On Mon, 25 Oct 2004 16:58:12 +0200, Shlomi Fish [EMAIL PROTECTED] wrote: Hi all! I'm using postfix on Mandrake, so I can use the sendmail command to send mail. At the moment, postfix sends messages like this: http://www.shlomifish.org/bugs/CPAN-Input-Report.txt As you can see the problem there is that the MAIL FROM header reads: MAIL FROM:[EMAIL PROTECTED] SIZE=2444 First your domain setup is incorrect. Refer to http://www.postfix.org/basic.html#myorigin Second, you need to modify your send command - add the '-f' command to the sendmail command and specify the envelope address: sendmail -f [EMAIL PROTECTED] ... More postfix's sendmail emulation options in http://www.postfix.org/sendmail.1.html -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: sweet!
who wants to kiss at midnight? [EMAIL PROTECTED] ~]$ uptime 20:48:22 up 355 days, 19:48, 4 users, load average: 2.35, 0.96, 0.71 Anything can happen in 10 days... -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: as root doing 'ls' i get Permission denied
On Sat, 11 Sep 2004 15:50:46 +0300, Kfir Lavi [EMAIL PROTECTED] wrote: stat64(spaces2points, 0x805b08c) = -1 EACCES (Permission denied) How about the following commands in order: # chmod 777 dir-name # chmod -R 777 dir-name # chown -R 0.0 dir-name -- Arik = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Hauppauge WinTV-PVR in Israel
I got this in my mail today: --- cp --- New stuff @ Plonter We got Hauppauge PVR Cards (PVR = Personal video recorder) http://www.plonter.co.il/stores/main.tmpl?store=Hauppauge --- cp --- The prices are a bit higher there. -- Arik On Mon, 19 Jul 2004 13:55:16 +0300, Udi Finkelstein [EMAIL PROTECTED] wrote: Recently several people have looked for Hauppauge's hardware TV encoding cards: It seems that www.digitize.co.il have started selling Hauppauge cards in Israel: WinTV-PVR 350 for 1250 NIS (IR remote + TV-0ut + FM Radio) WinTV-PVR 250 for 925 NIS (IR remote) WinTV-PVR 250 MCE for 850 NIS (FM Radio) Note: I have no connection with www.digitize.co.il, nor am I their customer. I just ran into their site. I have a WinTV-PVR 350 bought elsewhere. Udi = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Postfix and DNS question
Hello all I have a question regarding postfix and DNS servers. I'm running postfix, and I'm trying to get it to use a specific DNS server. Try as I might, I can't seem to convince it to use the DNS server in /etc/resolv.conf - it goes to the DNS installed on the machine, as tcpdump confirms. How does postfix decide on the DNS server to use? I couldn't make it out. Oh, and /var/spool/postfix/etc/resolv.conf is linked to /etc/resolv.conf TIA -- Arik
RE: Fwd: FW: Skype for Linux
-Original Message- From: Tzahi Fadida [mailto:[EMAIL PROTECTED] there are numerous others that can do the same. the only difference of skype to others is that if you are in some office or some isp that don't provide a real ip(which is not really done anymore since no one will pay for this) and also your other friend have the same problem then you have a problem other then that many applications match skype ability to call another user. Like I mentioned before, Free World Dialup (http://www.fwd.pulver.com) works nicely with (or without) NAT on both sides of the link. It does this by employing some kind of nat traversal equipment which coordinates the two communication sides ports, and in the case of the really bad NATs, even makes the packets go through it and tunnels it to the other side. And the protocol is both OPEN and STANDARD (SIP/RTP) I have it working very nice for me. Saved me a small fortune in international phone calls too! -- Arik (FWD #23501) To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Fwd: FW: Skype for Linux - an alternative
-Original Message- From: Diego Iastrubni [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 4:15 AM To: Ilya Konstantinov; [EMAIL PROTECTED]; Linux-IL Subject: Re: Fwd: FW: Skype for Linux and yet, I have not decent way to talk with my family abroad using linux/free tools. Any ideas? How about giving FreeWorldDialup (FWD) a try? http://www.fwd.pulver.com/ The protocol is SIP (RFC2543). Interoperability - check. The audio uses RTP. The endpoint needs to be a SIP phone - either a hardware one (and there's one for $70) or a software one. There's KPhone and some proprietary Linux ones. http://www.fwd.pulver.com/content/view/full/274/ The service itself is free. There are a few other free proxies, so if this one goes down you can use another. What's really nice about FWD is that Pulver supplies a NAT proxy. If both sides are behind a NAT, they can still converse! If you get to configure it and use it, drop me a line at FWD #23501 I can testify that I had spoken with my X-GF for literally HOURS from India to Israel, for nothing. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: X on the machine
Now that he's able to ssh, he cannot run X appl., he needs to use Lyx: [EMAIL PROTECTED]:~$ lyx X11 connection rejected because of wrong authentication at Tue May 11 11:37:12 2004. a Rejected connection at Tue May 11 11:37:12 2004: X11 connection from rocky.bfr.co.il port 1356 lyx: Fatal IO error: client killed if he's logged on directly to that machine without ssh'ing to it he is able to run X appl. Try to logout and login again using: ssh -X [EMAIL PROTECTED] That turns on X11 forwarding, and ssh handles the authentication. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. Vidius, Inc. Protecting Your Information from the Inside Out. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Help manipulating new cell phone numbers
-Original Message-
From: Ehud Karni [mailto:[EMAIL PROTECTED]
On Sun, 18 Apr 2004 21:17:18 +0300 (IDT), Geoffrey S. Mendelson [EMAIL PROTECTED]
wrote:
Enclosed is a perl script I wrote (in simple easy to follow code) that
reads a file exported by morotola phone tools, and converts it. The
actual conversion is done in a subroutine that can be used elsewhere.
Below is an Emacs command that will find current cellular phone numbers
and possibly (with user approval) will replace it.
Below is a Python script that is multi-functional.
Usage:
To convert a single number:
./CellNum.py num=055-123456
To convert a Nokia Content Copier 1.3 file (part of Nokia Data
Suite 4.88 and maybe others) use (supply only the PhoneBook.ncc
and Calendar.ncc files):
./CellNum.py nokiafile=PhoneBook.ncc
To convert an excel spreadsheet by scanning the entire spreadsheet
and changing everything that looks like a phone number (WARNING
Win32 platform only):
CellNum.py excel=c:\temp\file.xls
For all conversions, you can add the keyword 'i18n' anywhere on
the command line and if the number was in the local notation
(055-123456) it will be converted to an international notation
(+97255-123456):
./CellNum.py num=055 123-456 i18n
The script recognizes the following formats:
+97255123456
+972055123456
97255123456
972055123456
01197255123456
055123456
55123456
and it tries to maintain formatting as much as possible, so
if you write:
./CellNum.py num=+972 (55) 123-456
you will get:
+972 (54) 512-3456
If you wish, you can extend it for more file formats (I'll
leave CSV files as an excercise to the reader).
You can also use the convertion function in your own Python
scripts. The API is simple - it takes a string and returns a
string. If the conversion fails or is unnecessary it returns
the original string. If an optional 2nd parameter is True, i18n
conversion is performed.
import CellNum
...
sNum=055-123456
print NumConvert(sNum,True)
-- Arik
--cut here--
#!/usr/bin/python
#
# Israeli cellular smart numbering system convertion
#
import os
import time
import codecs
def NumConvert(sNumber,bI18N=False):
Detect the different parts of an Israeli phone number
Convert the number to the new system
Prefixes an international prefix (+972) if it doesn't exist (optional)
Retains as much as possible from the original format of the number
dAddedDigit = { u'50':(u'50',u'5'), u'51':(u'50',u'7'), u'52':(u'52',u'2'),
u'53':(u'52',u'3'), u'54':(u'54',u'4'), u'55':(u'54',u'5'),
u'56':(u'50',u'6'), u'57':(u'57',u'7'), u'58':(u'52',u'8'),
u'64':(u'52',u'4'), u'65':(u'52',u'5'),
u'66':(u'54',u'6'), u'67':(u'54',u'7'), u'68':(u'50',u'8') }
sNumDigits = u'+1234567890'
sCellPrefix = u'56'
sRealNum=u''
lOrig=[]
# scan the original number, extract digits and link back to original position
for i in range(len(sNumber)):
if sNumber[i] in sNumDigits:
sRealNum+=sNumber[i]
lOrig.append(i)
# sanity
if len(sRealNum)8:
return sNumber
# already internationalized?
bAlreadyI18N=True
bHasZero=True
# check for intel prefix like +972-55-987617
if sRealNum[0:4]==u'+972':
nPrefixStart=4
# fix misguided people who write '+972 (055) 987617'
if sRealNum[4]==u'0':
nPrefixStart=5
# check for intel prefix w/o the plus, like 972.55.987617
elif sRealNum[0:3]==u'972':
nPrefixStart=3
# fix misguided people who write '972.055.987617'
if sRealNum[3]==u'0':
nPrefixStart=4
# check for dialing from the US, like 011 (972) 55-987617
elif sRealNum[0:6]==u'011972':
nPrefixStart=6
# check for local prefix, like 055-987617
elif sRealNum[0]==u'0':
nPrefixStart=1
bAlreadyI18N=False
# check for poorly formatted numbers of the form (55) 987 617
elif len(sRealNum)==8:
nPrefixStart=0
bAlreadyI18N=False
bHasZero=False
# else unknown format
else:
return sNumber
# check for cellular
if not sRealNum[nPrefixStart] in sCellPrefix:
return sNumber
# extract the prefix component
sPrefix=sRealNum[nPrefixStart:nPrefixStart+2]
# verify that it's a cell number due for change
if not sPrefix in dAddedDigit:
return sNumber
# extract the suffix
nSuffixStart=nPrefixStart+2
sSuffix=sRealNum[nSuffixStart:]
# verify old length
if not len(sSuffix)==6:
return sNumber
# It's eligable for change!
sNewPrefix,sNewDigit = dAddedDigit[sPrefix]
## build the new number
sNewNumber=u''
nStartChar=0
# I18N?
if bI18N and not bAlreadyI18N:
sNewNumber=u'+972'
# if the first character was not a digit, add a space for better formatting
if lOrig[0]!=0:
RE: bounced messages
Oh well, time to get the magnifying glass out again... matchnet.com are routing the mail back to cs.huji.ac.il: Received: from 64-52-90-18.client.cypresscom.net ([64.52.90.18] helo=clex01.matchnet.com) by cs.huji.ac.il with esmtp id 1At30B-0007it-Fx for [EMAIL PROTECTED]; Tue, 17 Feb 2004 13:03:01 +0200 which in turn redirect it to the list again ad infinitum (or until the built-in loop detection mechanism in SMTP kicks in). This can be caused by some piece of software in that company that attempts to deliver to a sender that's not in the envelope but rather in the body of the message somewhere. A clue may be found in this header: x-bbh: 2/17/2004 3:02:48 AM which is stuck between two Exchange Server 2003 headers: Received: from mail pickup service by CLMAILQ04.matchnet.com with Microsoft SMTPSVC; Tue, 17 Feb 2004 03:02:49 -0800 thread-index: AcP1RZRfFG3/AIG2RnGN2CKbWwQbFQ== x-bbh: 2/17/2004 3:02:48 AM Received: from mxcorp01.matchnet-plc.com ([192.168.1.70]) by CLMAILQ04.matchnet.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 17 Feb 2004 03:02:48 -0800 The Ex2K3 server, CLMAILQ4, gets the mail and does something with it. The second Receive line, after the strange x-bbh header, belongs to the same CLMAILQ04 server, but this time it receives the mail from a mail pickup service - if I'm not mistaken this is the Exchange pickup folder (similar to the pickup folder in postfix). After that, CLEX02 gets the message. Its name suggest a cluster, and in my experience this means mailbox server. My guess is a direct delivery by means of a smarthost on CLMAILQ4. Then CLEX02 sends the message outside, doing MX-based delivery, but the envelope recipient has changed: Received: from 64-52-90-18.client.cypresscom.net ([64.52.90.18] helo=clex01.matchnet.com) by cs.huji.ac.il with esmtp id 1At30B-0007it-Fx for [EMAIL PROTECTED]; Tue, 17 Feb 2004 13:03:01 +0200 it is now [EMAIL PROTECTED] - this address could not have appeared in the envelope prior to entering matchnet.com - it was invented along the way Something has copied the To: header from the body of the email message and used it as an envelope recipient - something that's expressly forbidden by RFC2821. I don't have enough experience with Ex2K3, but my Ex2K experience tells me that Exchange doesn't violate the RFC in such a blatant way (it does, but in more subtle areas). I would guess that the whole reason for CLMAILQ4's existance is to filter incoming mail (for viruses?) and the piece of crappy software used is nick-named or shortened to BBH. Someone should clue these guys. I've CC-ed their postmaster. If the list maintainer cares, they should search the address database for @matchnet.com addresses or any address which MX resolves to a matchnet address, and send them a warning (and remove them from the list if they fail to clue their sysadmins) -- Arik -Original Message- From: Ely Levy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: bounced messages hey, I saw few bounced messages to the list, I can't figure out from which list subscriber it comes, last one headers was: Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Tue, 17 Feb 2004 13:12:29 +0200 Received: from localhost ([127.0.0.1] helo=cs ident=listar) by cs.huji.ac.il with esmtp id 1At31p-0007rZ-Pp; Tue, 17 Feb 2004 13:04:38 +0200 Received: with LISTAR (v0.124a; list linux-il); Tue, 17 Feb 2004 13:03:35 +0200 (IST) Received: from 64-52-90-18.client.cypresscom.net ([64.52.90.18] helo=clex01.matchnet.com) by cs.huji.ac.il with esmtp id 1At30B-0007it-Fx for [EMAIL PROTECTED]; Tue, 17 Feb 2004 13:03:01 +0200 Received: from CLEX02.matchnet.com ([192.168.3.38]) by clex01.matchnet.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 17 Feb 2004 03:02:49 -0800 Received: from CLMAILQ04.matchnet.com ([216.69.234.43]) by CLEX02.matchnet.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 17 Feb 2004 03:02:49 -0800 Received: from mail pickup service by CLMAILQ04.matchnet.com with Microsoft SMTPSVC; Tue, 17 Feb 2004 03:02:49 -0800 thread-index: AcP1RZRfFG3/AIG2RnGN2CKbWwQbFQ== x-bbh: 2/17/2004 3:02:48 AM Received: from mxcorp01.matchnet-plc.com ([192.168.1.70]) by CLMAILQ04.matchnet.com with Microsoft SMTPSVC(6.0.3790.0); Tue, 17 Feb 2004 03:02:48 -0800 Content-Transfer-Encoding: 7bit Content-Class: urn:content-classes:message Importance: normal Received: from cs.huji.ac.il (132.65.16.30) by mxcorp01.matchnet-plc.com with ESMTP; 17 Feb 2004 03:02:48 -0800 Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0 X-BrightmailFiltered: true Received: from localhost ([127.0.0.1] helo=cs ident=listar) by cs.huji.ac.il with esmtp id 1At2qM-0007FS-5t; Tue, 17 Feb 2004 12:52:46 +0200 Received: with LISTAR (v0.124a;
RE: Configuring GDM to limit user actions
-Original Message- From: David Sapir [mailto:[EMAIL PROTECTED] Hi Arik, Thanks for your answer. How can I disable the RunAs service? Start -- Run -- Settings -- Control Panel -- Administrative tools -- Services Right-click the Run-As service, select properties, click 'Stop', change the startup mode to 'Disabled', click Ok. It's a WINDOWS service. There's no Linux parallel (except maybe sudo but that's not a service). How can I modify the menues? Reminder: running Gnome on RH9. Sorry, I don't do Linux desktop yet. I work in a Windows-oriented company. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Configuring GDM to limit user actions
-Original Message- From: Mark Veltzer [mailto:[EMAIL PROTECTED] 1. The operating system does not, per se, state which applications each user can run. If a user has running capabilities then he can launch any executable file. Even an executable file which was derived from consulting some greek all knowing oracle who can program in binary. Nope. It is definitely possible. Using group permissions, it is possible to define different levels of users who can run different applications depending on their group membership. All that's needed to do is: A. put the users in relevant groups B. restrict execute access to the binaries to the relevant groups C. prevent the users from running their own binaries, by restricting execution rights to disk space they can write into 2. The desktop may hide some buttons but this is no guaratee what so ever that the user wont be able to launch an application. You better look at buttons as fast ways of doing things and not as you can/can't separators. This is not windows we are talking about. You can limit access to the actual binaries, see my previous response. 3. No set of standard desktop applications has been certified as not allowing in some strage way to launch a shell since launching a shell is absolutely allowed in Linux (and encouraged for that matter). If your application dictates it, you can indeed restrict a user from running a shell, using the mechanism disscussed before. 4. If you take konqueror for example, it will allow you to have a shell running inside it. Konq. still needs to run the actual shell, and it runs under the UID of the launching user, so any restrictions you put on the shell will be reflected by Knoq. 5. The number of ways you could manipulate an application to launch a shell for you is so numerous that I can't really think of a large GUI application which I CANT launch a shell from by manipulating it in some way. If you limit access to the actual shell executables on your system and make sure everything the user runs is with his own privileges, you can do it. It takes work but very possible, I say 1-2 days of tinkering. 6. If this entire concept of yours is some marketing peoples idea for the users not touching our system go back to them and tell them it's a dream On the contrary, it is very possible, and I have seen it done more than once on various free-shell accounts and other places. 7. GDM is just the login application and does not control what the user sees or does not see on his desktop. The user can even login from GDM to a KDE environment. Agree. BTW: just for the record - the situation in windows is a lot worse since in most windows distributions the user has installation priveleges on the machine so he can actually halt the machine (for instance by running an installation process which removes critical files) or render the machine unbootable. In Linux he could just launch applications and not hurt anyone but himself. Quite an improvement. Actually Microsoft has enough tools to make it possible. Indeed the original configuration NT (4.0 and above) comes with does define the global user Everyone with permission to most of the hard-drive, but it is very possible to build a machine with the correct permission-set. Oh, yes, and disable the RunAs service. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: [OT] SPAM: Hakupon shel Hamdina / Ha'Luach Hainterneti
I complained to both 012 (where the mail came from) and BezeqInt (where they host their site which serves the images). -- Arik -Original Message- From: Ben-Nes Michael [mailto:[EMAIL PROTECTED] Sent: Sunday, February 01, 2004 5:08 PM To: Alon Altman; Linux-IL Subject: Re: [OT] SPAM: Hakupon shel Hamdina / Ha'Luach Hainterneti I think we all should complain infront of the ISP about this spam I already forwarded this mail to spamcop -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-4-6991122 Fax: 972-4-6990098 http://www.canaan.net.il -- - Original Message - From: Alon Altman [EMAIL PROTECTED] To: Linux-IL [EMAIL PROTECTED] Sent: Sunday, February 01, 2004 1:21 PM Subject: [OT] SPAM: Hakupon shel Hamdina / Ha'Luach Hainterneti Hi, The person behind these Israeli spams is Gil Dayan [EMAIL PROTECTED] from Nitzan HR (09-7671788). Use this e-mail or phone number to remove an address or domain from his list. If you want to cost them some money, use this fax number instead: 09-7671787. Alon -- This message was sent by Alon Altman ([EMAIL PROTECTED]) ICQ:1366540 GPG public key at http://alon.wox.org/pubkey.txt Key fingerprint = A670 6C81 19D3 3773 3627 DE14 B44A 50A3 FE06 7F24 -- -=[ Random Fortune ]=- You'll feel devilish tonight. Toss dynamite caps under a flamenco dancer's heel. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: [JOB OFFER] Adwise Seeking - PHP Professional
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] [snip] so, what do you chose - to keep people antagonized towards your company, or to be a little more flexible? Our company wants to get people that are open minded. Not the ones that will be stuck with something. We are working here, not playing games with 'open' source. We need a professional programmers. People that can create products. Huh? Run that by me again? Playing games? I can't begin to describe how wrong you are. Really all those messages looked childish to me. Eliezer Ben Yehuda had to take exactly this kind of cr*p when he tried to convert people to use Hebrew in Israel. If you have some moral reasons for using MS Word you are not welcomed here. You are on the wrong mailing-list, buddy. Marc, don't you have some SCSI cable handy for this purpose? For people that just do not have MS Word send you documents in HTML or rtf of plain ASCII format. Now that's more like it. At least the need is recognized. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: and what's with pine+imap? (was: Re: Suggentions for server sidespam control)
-Original Message- From: guy keren [mailto:[EMAIL PROTECTED] i'm beginning to think i'm asking for the imposible - to filter the letter, i need to first download it. however, i should be able to filter out by the message headers that _are_ downloaded by imap, thus eliminating a large part of the spam, and only then downloading the rest of it for further inspection... oh, well. no spam solution for me... Actually there is. http://spambayes.sourceforge.net/applications.html#imap I'm using the Outlook plugin version, and it works great. Basically what they say is that there are two folders: Decided spam and Suspected spam. There are two thresholds, spam threshold and suspect threshold. The suspect folder is intended to catch all those messages that are undecided for the purpose of training (and initially they are all suspect). After some training it gets really good at it. The application is an IMAP proxy. You set it up on some port, and connect through it. It senses when you move mail to the spam folder or from the suspect folder into the inbox folder and considers that to be traininig. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Analysis of the Y1 authentication scheme (RE: An approach I madeto 1st yashir bank)
Hi Shachar 3. To unlock the teller's terminal, you have to answer a challange provided by the terminal. The teller aids you by reading the challange to you and typing your vocal reply into the terminal. The challange is derived from a one-time-pad that you have filled out during your This is not a one time pad. For one thing, it's not one time. This can be more correctly called broken zero knowledge proof. You must admit that it does provide SOME protection from replay attacks. You are correct and I appologize - it's a shared secret. 1. Replay attack - the 1 time pad I filled upon signup is 5x8=40 characters. Authentication is done based on the first few letters of the one time pad (I was never asked to provide a char farther than 5th) so it is 25 possible characters. If someone has been listening to 10 random calls they have a 33% chance of making it in the 1st try and 56% on both attempts, without guessing. I'm not sure that part is correct. Did you take into account the chances that some of those 10 calls I listened on will not yeild me new questions? No, I didn't specify my assumption that they choose questions in a pattern that repeats only after the pool is exhausted, but you are correct. In reality they don't, which only improves on the chances. 2. The users are asked to choose hebrew names for the OTP. This increases the chance of success considerably. If the evesdropper can pick out enough characters they can guess at the responses, without resorting to social engineering notwithstanding. Some of the questions are damn right easy to guess - name of the city you were born? from a 26**8 = 2e11 possibilities this field is now only the number of cities in Israel (less than 1000, I think), with some large cities with a higher probability. Names are not much better. IMHO the strongest question is the name of the school attended, which is usualy not mentioned and doesn't follow any pattern, except the word IRONI () That's where the implementation is broken beyond the chosen security level. This security is a constant tradeoff between needing the human to remember the passwords and securing the authentication. I don't really care about that level, because I'm not the one taking responsibility for it. Everything I do over the phone is insured against identity theft. Are you sure? What if John Doe does something to your account which costs you a bundle. You call the bank to complain, and they reply that YOU have committed those changes. You're screwed, because they have the bank records to show you did, and the phone conversation was conviniently erased. A while back, however, I noticed that I get asked ONLY THE SAME 4 LETTERS THE WHOLE TIME!! This means that if I listen in to a single call, and then call you ONCE, I have a 50% chance of breaking the system. Like I wrote in the fax, I never got around to actually telling anyone about it. I even worked out a scheme where I can do this practically using only a cell-phone frequency scanner. I feel this problem has been fixed, since. I will follow up on this. I rarely call today because I do most stuff over the internet. The problem I have today is not that bad, but still negligant. When I have to answer a question with one of the final letters, I have to specifically say whether it's a final form or not. This gives Eve more information about the word in question than intended. I wasn't aware of that, thanks. Answering two questions is a nice idea! I'll suggest it if/when someone gets back to me. Increasing the size of the shared secret (that's what it is) is nice. And necessary, I'm afraid. Please remember that humans are notorious for not remembering important stuff. Maybe you can remember a random sequence of characters, but most can't. It's not random, it's pseudo random in an associative way. Let's say their question is . I take the identifying theme - - - and I invent a phrase which associated with it: (which associates with another story of me contradicting my 6th grade nature teacher regarding this issue) Now take the first letter of each word, and fill as the 8 chars in the shared secret: =. It's easy to remember (I have to remember a sentence associatively) and when asked the question I have to go over the phrase and give the 1st letter of the word. It's less strong than random, but it's not so weak. That's how I choose passwords too, BTW. And no, please don't try to hack my bank account, this is not the sentence I used. And the 3rd point can be countered by refusing to supply the teller (or imposter) with any details that can aid in a MitM attack. Demand that they supply you with verifyable information. Put them on hold while you call and verify. I had them tell me the last two digits of my balance, which I could verify by calling back. I usually force out
Analysis of the Y1 authentication scheme (RE: An approach I made to 1st yashir bank)
I wish to comment about the stupid/lacking security. First, a description. The Y1 authentication mechanism relies on the following two methods: 1. Upon calling, you have to type in your account number and a 6 digit password. You can only try the password 3 times before you are locked out. The system forces the user to replace the password every few months. The password is sent using touch-tone dialing, which makes it vulnerable to a replay attack on the audio signal and to a replay attack where the attacker can decode and re-encode the signal. New passwords are sent in-band. Chance of a brute-force attack: 1% (due to the lockout) After the password is supplied you have read-only access to a lot of information that can be either read to you over the phone or faxed to you. It is rumored that there are some operations that you may perform on your account from some obscured menu, but I was never successful (although I tried) and the actions are limited and non- destructive. 2. When you request it, you can ask to talk to a teller. The system then puts you on a queue and connects you to a human. The human has very limited read-only access to your account information, and cannot be social-engineered to give it to you - it is unavailable. 3. To unlock the teller's terminal, you have to answer a challange provided by the terminal. The teller aids you by reading the challange to you and typing your vocal reply into the terminal. The challange is derived from a one-time-pad that you have filled out during your account set-up. The size of the challange is a position on the OTP, and the response size is one Hebrew character from that position on the OTP. You are locked out after two attempts. The OTP has a 5x8=40 positions. Each row has a name, and each column has an ordinal number. The chance of a successful brute force attack is 9%, in theory, due to the small length of the response. 3a. A relatively new system has been installed, which replaces step 3, identifies the user's voice to the terminal. If the voice identification is successful the terminal is unlocked, while if it is unsuccessful the terminal reverts to method 3. I have no data regarding the accuracy of that system. This provides the bank with a true 2F authentication... with a fallback to a 1F method. Go figure. Although the system sounds good on paper, it is lacking in these respects: 1. Replay attack - the 1 time pad I filled upon signup is 5x8=40 characters. Authentication is done based on the first few letters of the one time pad (I was never asked to provide a char farther than 5th) so it is 25 possible characters. If someone has been listening to 10 random calls they have a 33% chance of making it in the 1st try and 56% on both attempts, without guessing. 2. The users are asked to choose hebrew names for the OTP. This increases the chance of success considerably. If the evesdropper can pick out enough characters they can guess at the responses, without resorting to social engineering notwithstanding. Some of the questions are damn right easy to guess - name of the city you were born? from a 26**8 = 2e11 possibilities this field is now only the number of cities in Israel (less than 1000, I think), with some large cities with a higher probability. Names are not much better. IMHO the strongest question is the name of the school attended, which is usualy not mentioned and doesn't follow any pattern, except the word IRONI () 3. Sometimes they call you back. When they do, THEY ask YOU to identify yourself to THEM. Hilarious! When I demanded that they first prove to me that they are indeed the Y1, they put me on hold SO I CAN LISTEN TO THE HOLD MUSIC!!! which is very vulnerable to a replay attack. I think the system is not bad to begin with. If you are not paranoid enough to suspect a wiretap, you can disregard #1, although the size of the OTP is really small. I'd be happy with a longer one, from which you have to reply with 4-5 letters. Even replying with two letters reduces the chance of a random attack from 9% to below 0.5%. The chance of someone reaching that stage is low, because they have to guess the 6-digit password first. To counter point #2, you obviously have to disregard the stupid questions they ask you and invent your own scheme for filling up the OTP with random or pseudo-random data. My OTP does NOT have any hebrew words in it. And the 3rd point can be countered by refusing to supply the teller (or imposter) with any details that can aid in a MitM attack. Demand that they supply you with verifyable information. Put them on hold while you call and verify. I had them tell me the last two digits of my balance, which I could verify by calling back. It's not foolproof, but if you are security conscious you are safer than most people. Regretfully
RE: Hard Disk mirroring
It really depends on what you're trying to do. If you want a logical copy, you can use the ol' tar trick: tar --preserve --one-file-system -cf - | (cd /mountpoint ; tar --preserve -xf -) If you want a physical copy, you can do: mount /mountpoint-of-old-disk -oremount,ro dd if=/dev/old-disk-dev of=/dev/new-disk-dev This will probably mess up your patrition table on the new disk, you'll have a partitioning scheme the same as the old drive, but it's good for backup. If you are worried about a disk failure, you can leave both disks in the machine and run them in RAID-1 mode using raidtoold or mdadm. There's a procedure to be followed for adding another disk to an existing one and creating a mirrored pair without destroying your current copy, at: http://linas.org/linux/Software-RAID/Software-RAID-3.html (read Q 10 and the reply) http://unthought.net/Software-RAID.HOWTO/Software-RAID.HOWTO-4.html#ss4.14 - older but still true The mdadm tools are better and newer. Some of the stuff I have linked to refers to raidtools which are older. -- Arik -Original Message- From: Amir Spivak [mailto:[EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: Hard Disk mirroring Hi, I have a server which i want to copy in case of a HD failure, the way i want to do it is just copying all its contents to a new HD that i will mount on the server, after mounting, i want a utility that will mirror entire HD to it in the simplest way possible, thx. ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Hard Disk mirroring
Okay: 1. Boot from a Redhat rescue disk or Mandrake rescue disk or some other kind of bootable CD or floppy that has mount, tar, mkfs for your filesystem, fdisk etc. 2. Mount both disk drives (I assume the new drive is partitioned and formatted) 3. CD to the original drive 4. Run the tar command from below 5. Chroot to the new drive 6. Run /sbin/lilo or whatever you need to run to rebuild the boot record on the drive 7. Test it before you announce that it's good. Enjoy -- Arik -Original Message- From: Amir Spivak [mailto:[EMAIL PROTECTED] Sent: Monday, December 22, 2003 1:47 PM To: Arik Baratz Subject: Re: Hard Disk mirroring i want to copy all the contents of the old HD into the newly mounted drive, so in the case of failure of the old one i can just install the newly mounted one and everything will work. - Original Message - From: Arik Baratz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 1:30 PM Subject: RE: Hard Disk mirroring It really depends on what you're trying to do. If you want a logical copy, you can use the ol' tar trick: tar --preserve --one-file-system -cf - | (cd /mountpoint ; tar --preserve -xf -) If you want a physical copy, you can do: mount /mountpoint-of-old-disk -oremount,ro dd if=/dev/old-disk-dev of=/dev/new-disk-dev This will probably mess up your patrition table on the new disk, you'll have a partitioning scheme the same as the old drive, but it's good for backup. If you are worried about a disk failure, you can leave both disks in the machine and run them in RAID-1 mode using raidtoold or mdadm. There's a procedure to be followed for adding another disk to an existing one and creating a mirrored pair without destroying your current copy, at: http://linas.org/linux/Software-RAID/Software-RAID-3.html (read Q 10 and the reply) http://unthought.net/Software-RAID.HOWTO/Software-RAID.HOWTO-4.html#ss4.14 - older but still true The mdadm tools are better and newer. Some of the stuff I have linked to refers to raidtools which are older. -- Arik -Original Message- From: Amir Spivak [mailto:[EMAIL PROTECTED] Sent: Monday, December 22, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: Hard Disk mirroring Hi, I have a server which i want to copy in case of a HD failure, the way i want to do it is just copying all its contents to a new HD that i will mount on the server, after mounting, i want a utility that will mirror entire HD to it in the simplest way possible, thx. ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** == To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Hebrew CMS / Wiki
Hello all I'm on the look for a Hebrew CMS or Wiki. My requirements are: 1. That it will be localized (i.e. the on-screen instructions will also be localized) 2. That it will have the option to lock pages to a specific author, and password-protect the author's account 3. Easy to install on a standard web host (a Linux one) 4. Better if it's written in a programming language one can read and make changes to (i.e. not Perl CGI) I've been looking at MoinMoin, and it does most of what I want, except for the protection of pages. The stable CVS dump works quite nicely, but it doesn't have localized Hebrew. Since MacMac (mac.plonter.co.il) is localized, I guess the nightly contains the localized he.py file. Do you know of any other? One that's in active development and has Hebrew? -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Hebrew CMS / Wiki
-Original Message- From: Gabor Szabo [mailto:[EMAIL PROTECTED] 4. Better if it's written in a programming language one can read and make changes to (i.e. not Perl CGI) Talk about FUD Sorry, Gabor, I'm a Python person. My ignorance of Perl combined with my lack of will to study it prompted me to mentioned it. Perl might be a wonderful language but it's not for me. Hence I respectfully prefer other languages to it, although if there's one which supports what I want more fully I will go for it. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Hebrew CMS / Wiki
If it's a CMS-type thingy I prefer one more akin to movabletype.org. My PHP/HTTP skillz are not good. I prefer to work on things closer to my heart, where I can express myself more fully. -- Arik -Original Message- From: Oleg Kobets [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 4:38 PM To: Arik Baratz; Linux-IL Subject: Re: Hebrew CMS / Wiki Actually, I faced the exact same problem. In the end I wrote my own CMS, as you can look at my site: http://pagan.clean-mail.net. I do not have some of the functions that you mentioned, but we can come with something up if you are willing to help on the dev side. I use PHP and MySQL and nothing else. What do you say, let's make it an opensource project ? :-) Oleg. - Original Message - From: Arik Baratz [EMAIL PROTECTED] To: Linux-IL [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 4:06 PM Subject: Hebrew CMS / Wiki Hello all I'm on the look for a Hebrew CMS or Wiki. My requirements are: 1. That it will be localized (i.e. the on-screen instructions will also be localized) 2. That it will have the option to lock pages to a specific author, and password-protect the author's account 3. Easy to install on a standard web host (a Linux one) 4. Better if it's written in a programming language one can read and make changes to (i.e. not Perl CGI) I've been looking at MoinMoin, and it does most of what I want, except for the protection of pages. The stable CVS dump works quite nicely, but it doesn't have localized Hebrew. Since MacMac (mac.plonter.co.il) is localized, I guess the nightly contains the localized he.py file. Do you know of any other? One that's in active development and has Hebrew? -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** == To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Hebrew (was [KINDERGARDEN])
-Original Message- From: Aaron [aamehl at bezeqint dot net] How about configuring people, who don't know Hebrew, but their E-mail clients are already Hebrew-enabled, so that they can understand perfectly Hebrew language messages? sounds painful A few weeks in a decent ULPAN and they can start conversing. Add a year or so of constant effort, reading newspapers etc... -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: I wish stack traces had line numbers
-Original Message- From: Oded Arbel [mailto:[EMAIL PROTECTED] But they don't. instead they have memory addresses and the function name. so I've been thinking - suppose I have a binary with debugging information, and the source code and a stack trace - shouldn't I be able to extrapolate from it in what line in the code each frame in the stack is ? Note: I don't have a core dump - just a textual stack trace. Well, from what I recall from Compiler Theory 101, if you have enough debug information to enable a good IDE to give you visual step-by-step debugging, you should have enough info to correlate addresses with lines. Given that, all you have to do is correlate the address on the stack with the appropriate line, and go one line back (because the stack trace always gives you the line after the call). I think you need to adjust the values in the binary with the process load address if you want to do that. Maybe the main() address on the stack (provided you get it) can give you the load address if you use it right, and then you can work out the rest. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: VMWare in Israel
Actually I have some VMWare licenses that I bought for my company. I have bought some online and some from REL. I have to say there is absolutely no difference, in price or in service, between the two options. VMWare is a good product, which needs little support. I am using VMWare but otherwise have no connection with VMWare the company. -- Arik -Original Message- From: Gil Freund [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 8:17 AM To: IGLU Mailing list Subject: Re: VMWare in Israel Not quite, VMWare is (also?) represented by WE (http://www.we-can.co.il/), which did some rather impressive work with it (consolidating Windows servers). I have no commercial relation with either WE or VMware. Gil Daniel Feiglin wrote: Hello! This may be of interest : REL claims to be the sole local agent for VMWare. Contact info: *Carmit Harari* Marketing Manager REL (Renaissance) Tel. +972-9-7643571 Fax. +972-9-7643566 e-mail : [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.REL.co.il http://www.rel.co.il/ www.SecurityCenter.co.il http://www.securitycenter.co.il/ I have no commercial interest whatsoever in REL Daniel = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- = Gil Freund Sysnet consulting - [EMAIL PROTECTED] http://www.sysnet.co.il voice: +972-52-676906 Fax: +972-8-9356026 = = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: disk problems
And don't use the computer (halt(8) it) until you do.
-- Arik
-Original Message-
From: Aaron [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 02, 2003 12:23 AM
To: [EMAIL PROTECTED]
Cc: Moshe Kaminsky; [EMAIL PROTECTED]
Subject: Re: disk problems
Hi I got the same errors,
I even backed up to cds but never checked if they were good.
when the hard drive finally died I lost over 5 months of work.
quick backup and get a new drive.
Aaron
On Mon, 2003-12-01 at 23:57, Shachar Tal wrote:
Moshe Kaminsky wrote:
Hi,
I have some disk problems: when I try to access certain files, I hear
strange sounds from the hard disk, the computer has a delay, and I get
the following type of messages in /var/log/messages:
Dec 1 23:05:36 localhost kernel: hda: dma_intr: status=0x51 { DriveReady
SeekComplete Error }
Dec 1 23:05:36 localhost kernel: hda: dma_intr: error=0x40 { UncorrectableError },
LBAsect=34897754, sector=1048672
Dec 1 23:05:36 localhost kernel: end_request: I/O error, dev 03:0a (hda), sector
1048672
Dec 1 23:05:36 localhost kernel: EXT3-fs error (device ide0(3,10)):
ext3_get_inode_loc: unable to read inode block - inode=59969, block=131084
Anyone knows what is it, and how can it be fixed?
This is a very strong indication of a bad sector (especially if the
problem persists). If you value your data, you better replace the drive.
Probably even if you don't.
Thanks,
Moshe
Shachar.
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word unsubscribe in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word unsubscribe in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
**
This email and attachments have been scanned for
potential proprietary or sensitive information leakage.
PortAuthority(TM) Server
Keeping Information Inside
Vidius, Inc.
www.vidius.com
**
To unsubscribe, send
mail to [EMAIL PROTECTED] with
the word unsubscribe in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
RE: X Forwarding via SSH
-Original Message- From: Leonid Podolny [mailto:[EMAIL PROTECTED] [snip] On Mon, 17 Nov 2003, Arik Baratz wrote: Can you plese post the result of: ssh -v -n -X [EMAIL PROTECTED] xlogo -- Attached file included as plaintext by Listar -- -- File: out.log OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6k 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config [snip] _X11TransSocketOpen: socket() failed for tcp Leonid, Can you please do ssh -X to the machine, and then: echo $DISPLAY will give you something along the lines of localhost:10.0 Then take the number after the ':' (10 in this example) and add 6000 to it, and run telnet: telnet localhost 6010 Replace the 6010 with the number you got (if it's different than 10). Let us all know what that gives you - the exact error message. Can you also do iptables -L -v -n and mail the result? I'm assuming that the machine has iptables. The ipchains command is very similar. My current guess is that you have ipchains/iptables rules on computer A that prevent local users from connecting to port 6010 from localhost, but that needs to be confirmed. What's baffeling to me is that the error message mentions the socket() function rather than the connect() function as I would expect in the case that my assumption is correct. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Fw: What's wrong with this code?
-Original Message- From: Gilad Ben-Yossef [mailto:[EMAIL PROTECTED] [snip] Bad closed source company: no one watches the code. Good closed source comapny: one or two person watches the code. Open Source: ~10k of the world best programmer watch the code. I think you should rather say: Popular open source: ~10k of the world's best programmers watch the code. Unpopular open source: One of the maintainers watch the code, occasionally, when he introduces new code. Abandoned open source: No one watches the code. Ever. No one knows where to find it. Only binaries are left, and only on ftp.funet.fi and only in some obscure folder. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: X Forwarding via SSH
-Original Message- From: Leonid Podolny [mailto:[EMAIL PROTECTED] [snip] _X11TransSocketOpen: socket() failed for tcp _X11TransSocketOpenCOTSClient: Unable to open socket for tcp _X11TransOpen: transport open failed for tcp/localhost:10 Error: Can't open display: localhost:10.0 Hope someone can help, L. Can you plese post the result of: ssh -v -n -X [EMAIL PROTECTED] xlogo Type the password if necessary. If the window opens, close it. Cut and paste the results and post here. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Fw: What's wrong with this code?
-Original Message- From: Muli Ben-Yehuda [mailto:[EMAIL PROTECTED] [snip] Abandoned open source: No one watches the code. Ever. No one knows where to find it. Only binaries are left, and only on ftp.funet.fi and only in some obscure folder. If no sources are left, it's not open source, is it? Sometimes the sources are no longer available because the original homepage domain is no longer registered, it's not GNU, and some binary package is in simtel or similar repository. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Red Hat 9 installation problem.
-Original Message- From: Josh Roden [mailto:[EMAIL PROTECTED] One of our students tried to install RH9 on a computer with the following: Mother board: ABIT Chipset: VIA Hard disk: Seagate SATA When he got to the disk formatting part of the installation he got an error stating that no hard disk was found. Does anybody have any idea what can be the problem and a possible solution? Have him try to temporarily put an IDE disk in the machine, install Linux, make sure he has the SATA loadable modules in place, mount the SATA disk and copy everything over. He'd probably need to rebuild his initrd to have the drivers load on boot time. I've never tried it, but I do know that Mandrake 9.1 doesn't come with SATA drivers compiled in. Maybe it can be done with an external drivers disk for the installer, but I don't know how. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: he-en dictionaries...
-Original Message- From: Dan Kenigsberg [mailto:[EMAIL PROTECTED] It would be very nice if somebody would add english description to each of the words that are available in the hspell distribution ( http://www.ivrix.org.il/spell-checker ). I do not plan to start doing it anytime soon, although it has very interesting implications, such as germinating a hebrew-english automated translation. If you create a nice web interface for the entry of translations, and open it up on the web, and let people subscribe to a 'daily translation' mailing list and translate a word a day, and announce it in linux-il, I bet you can have a working dictionary file in notime, created by and for the community. You'd have to accept multiple submissions for each word and choose the ones that were received the most times, to prevent wiseguys translating to obscene words... -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: AOL doesn't accept mail - free relaying of email
-Original Message- From: Boris Ratner [mailto:[EMAIL PROTECTED] Now all customers suffer from this if their ISP got blocked by AOL. And they should. They should suffer for choosing an ISP that disrespects its own acceptable use policy, and gets itself into some kind of blackhole or another. What the customer must do is switch to an ISP that actually enforces its AUP and doesn't get its address blocks blackholed. This is the ONLY way IMHO to convince an ISP to change their ways. Once large customers start doing their business elsewhere because of the ISP's incompetence, they will think twice before deleting the next abuse report. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: AOL doesn't accept mail - free relaying of email
-Original Message- From: Herouth Maoz [mailto:[EMAIL PROTECTED] Great. I don't know which ISPs AOL blocks, but I assume based on my own past spams that these include Internet Zahav, Netvision, 012, Actcom, and if I'm not mistaken, Barak. Now tell me which viable option can I have for an ISP in Israel that knows how to spell Linux, and is not a lying cheat (like, say, Aquanet). Well, you can start by moving to a different ISP, explaining them why you did. Then you should choose the one with the best record... If none of them is perfect, choose the least worse. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: AOL doesn't accept mail - free relaying of email
-Original Message- From: Stanislav Malyshev [mailto:[EMAIL PROTECTED] AB And they should. They should suffer for choosing an ISP that AB disrespects its own acceptable use policy, and gets itself into AB some kind of blackhole or another. What the customer must do is Oh come on. It is a common knowledge that at least some of these relays are too quick to add whole netblocks and too slow to explain why they did that or how to make this not happen again. And the ISP couldn't care less what some freak out there thinks about its policies - its responcibility is its own paying clients and not convinvcing some trigger-happy sysadmin jumping out of his pants to be BOFH-like and blacklist whatever possible without too much investigation. As I see it, depending on who you are and how important it is for your messages to get 'there'. If you're a corporate and contact mostly other corporates, mostly you don't care. I know I don't. If someone from my company wants to send mail to someone with an RBL that doesn't let my static IP (I don't use the IP relay, heavens forbid) send him mail - I'm fine with that. The person on the other side will have to find a way to accept this mail message, because it's also his priority to do business with us. If you're a private person, or contact mostly private people, that's damn annoying. In the rare occasions I have encountered it I opted to use a different provider to send a message telling that person that they are using an RBL and he should do something about it. Personally I use a BezeqInt ISDN line to send and receive email, and it seems like this IP range is pretty much okay. I had it blocked once, and the BezeqInt guys went out of their way to un-block it. But BezeqInt is guilty of spamming me themselves, for which I did never forgive them. I have stopped buying new services from them and I am slowly switching. There should really be an Israeli ISP monitoring site, which will score ISPs based on their non-blackholeness, but I am not the one who will set it up so I have no right to speak about it. You're right about RBL admins that are too trigger happy, but I never encountered a case when I asked to be removed (when I had my own address range) and not removed within a few days. Yes, some ignoramus has misconfigured a mail server on my range, and I picked up the pieces. And regarding the ISP's responsibility for the customer - the quick BezeqInt reaction came after I have told them that since I use their network to send email, and it is important to me that the email gets there, I hold them responsible for any blackholing of their range and will switch if I can't send my email decently from my equipment. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: AOL doesn't accept mail - free relaying of email
Well, you can start by moving to a different ISP, explaining them why you did. Then you should choose the one with the best record... If none of them is perfect, choose the least worse. Yes, and don't forget to put an elephant at the end to make sure the algorithm will terminate. Do you want to open the Israeli ISP-monitoring site? You can rate the ISPs based on the precentage of their address ranges that are black-holed. The position is yours if you accept :-) -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: filesystem for database box
Hello, Linux People! after short consultation, i have come to this conclusion about which filesystem i should use on my database box (or server) the winner is: ex2 linux extended filesystem, yes, lassies lads - why not ext3/Reiser's ? - because journalling is already implemented in the DBMS. The DBMS journal and the FS journal serve two distinct purposes. The DBMS journal is there to make sure the database transactions either finish successfully or disappear altogether like they never happened (commit or roll-back in DB-speak). The log is also kept until the next backup, so that the database objects (like a database table) can actually be reset to a specific point in time, as long as in that point there are no open transactions (actually it can be restored to a point in time when there are open transactions but the open transactions would not have any effect on the database - they would have been 'rolled back'). To sum it up, the role of the DB journal in recovery is to undo/redo database operations. The database assumes that the journal itself is okay. The FS journal is kind of the same thing, but the database objects are files, and the transaction is a write() operation. This log is used to maintain the file system integrity in case of a failure. When a failure occurs the log is traversed and any transaction that can be completed is completed, while the FS data structures are maintained. Once the file system reaches some point when the disk representation of the file system is consistent enough, the log is deleted (this can be thought of a database full backup) and everything starts from scratch. If in your imaginary setup a power failure occurs, the file system will lose consistency (because an ext2 file system saves parts of its internal data structures in memory. Every FS does). If you are lucky, you can fsck it back to life, long fsck time applies. After you do that, and only if you are successful, you can proceed to the database restoration section, where the log will be examined by your DBMS, and will be compared to the database status. Any completed transaction will be written, and incomplete transactions will be rolled back. Only then can you take the database online again. If you opt to use the ext2, more power to you. Remember that you will stand longer recovery times and a higher likelihood of data corruption. If you manage to corrupt your database file, you will have to restore it from backup and re-apply the log file (you did backup the file, and keep all the logs from the backup until present time, right?). If you loose the log file... may the deity you believe in have mercy on whatever concept of soul you may posses, as your database will be at an unknown state. If you have points of quiescence, and your DBMS supports this feature, you may be able to recover to that point. Otherwise your latest backup (which I trust does exist) is your only resort, and you will lose whatever data you have written to your database since the latest backup. To sum it up, the integrity of your log files is of utmost importance. When you use a raw device for your database, the DBMS manages it, in effect creating its own file system. Whether it's good or bad for recoverability is left as an exercise to the reader. -- Arik To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: when was the beginning?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] [snip] When did the use of Linux in Israel have begun ?? First Linux box in the Technion computer center - August 1995. My personal 486/DX33/16MB, a borrowed LAN card, slackware 3.0.3, kernel 1.23 from floppies Second box was a DX66, installed by Oved Ben-Aroya, used to back up the main nameserver during maintenance Third was IIRC a sparc - after the good experience with the nameserver Oved installed it in a dual-boot with Solaris 2.5 on his pet machine for testing. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: [arrest@tmicha.net: Warning! Your message was rejected]
-Original Message- From: Shaul Karl [mailto:[EMAIL PROTECTED] Sent: Saturday, August 02, 2003 5:43 AM [snip] Hello all You are talking about the SPAM problem but ignoring a bigger problem: The misuse of SMTP. This announcement is automatic; yet instead of replying to the envelope sender (a la RFC2821) it replies to the sender in the body. That's why the message got to [EMAIL PROTECTED] instead of [EMAIL PROTECTED] In fact, if the sender IP address or the sender envelope would have been used for the test, Shaul's message wouldn't have been stopped. What could be even MORE conductive is a 5xy SMTP error message with the proper explanation - that would have prevented the need for the delivery of the entire message and the delivery of an additional bounce message back, while reducing the chance of a mail loop. This is extremely annoying, because many auto responders do that. It is the stuff mail loops are made from. -- Arik Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Sat, 02 Aug 2003 04:37:23 +0300 Received: from localhost ([127.0.0.1] ident=fetchmail) by localhost with esmtp (Exim 4.14) id 19ilKk-0001Lq-SK for [EMAIL PROTECTED]; Sat, 02 Aug 2003 04:37:22 +0300 X-Sieve: cmu-sieve 2.0 Received: from mail3.actcom.net.il [192.114.47.14] by localhost with POP3 (fetchmail-6.2.2) for [EMAIL PROTECTED] (single-drop); Sat, 02 Aug 2003 04:37:22 +0300 (IDT) Received: from smtp1.actcom.net.il (mail.actcom.co.il [192.114.47.13]) by mail3.actcom.co.il (8.11.6/8.11.6) with ESMTP id h721RU209100 for [EMAIL PROTECTED]; Sat, 2 Aug 2003 04:27:30 +0300 Received: from tmicha.net ([213.8.90.214]) by smtp1.actcom.net.il (8.12.8/8.12.8) with ESMTP id h721SYr9030061 for [EMAIL PROTECTED]; Sat, 2 Aug 2003 04:28:35 +0300 Received: from tmicha.net [127.0.0.1] by tmicha.net [127.0.0.1] with RAW (MDaemon.PRO.v6.5.2.R) for [EMAIL PROTECTED]; Sat, 02 Aug 2003 04:24:45 +0200 Date: Sat, 02 Aug 2003 04:24:45 +0200 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Warning! Your message was rejected To: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Mime-Version: 1.0 X-Actual-From: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII Hello, [EMAIL PROTECTED] Your message was delayed by Tmicha.net mail server. The reasons for that might be the following: 1. Your ISP (Internet Service Provider) is unwilling to cancel spammers' accounts 2. Your ISP does not enforce/have Acceptable User Policy (AUP) 3. Your ISP does not have anti-spam policy Message delay is necessary to verify that you are an actual person and not a spammer. In order to deliver your message to the original recipient, please RESEND the original message including the following words in the 'Subject' field (including parentheses): (not spam) Regards, Tmicha.net Abuse Dept. Message delayed: Subject: Re: Keysigning issues Date: Sat, 2 Aug 2003 04:13:49 +0300 - End forwarded message - Script started on Sat Aug 2 05:25:33 2003 $ whois Tmicha.net Found a referral to whois.namesdirect.com. The data contained in the WHOIS database, while believed by the company to be reliable, is provided as is, with no guarantee or warranties regarding its accuracy. This information is provided for the sole purpose of assisting you in obtaining information about domain name registration records. Any use of this data for any other purpose, including, but not limited to, allowing or making possible dissemination or collection of this data in part or in its entirety for any purpose, such as the transmission of unsolicited advertising and solicitations, is expressly forbidden without the prior written permission of this company. By submitting an inquiry, you agree to these terms of usage and limitations of warranty. Please limit your queries to 10 per minute and one connection. Registrant: Slav BA Confidential Tel Aviv, 90210 IL Registrar: NAMESDIRECT Domain Name: TMICHA.NET Created on: 07-MAY-01 Expires on: 07-MAY-04 Last Updated on: 05-MAY-03 Administrative, Technical Contact: BA, Slav [EMAIL PROTECTED] Confidential Tel Aviv, 90210 IL 972-52-294612 Domain servers in listed order: NS1.MYDOMAIN.COM NS2.MYDOMAIN.COM NS3.MYDOMAIN.COM NS4.MYDOMAIN.COM End of Whois Information $ whois 213.8.90.214 % This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 213.8.0.0 - 213.8.255.255 netname: IL-EURONET-RG-990603 descr:Euronet Digital Communications descr:Provider Local Registry country: IL
RE: SMB mount point hangs
-Original Message- From: Gil Freund [mailto:[EMAIL PROTECTED] [snip] Arik Baratz wrote: [snip] In short: Why doesn't smbumount have a 'force' option? It's SUID root anyways, so it can in theory run umount as root. I don't know, but I guess such an option would actually be very dangerous. If you mount an smb share under one login context, use it under another login and try to force an unmount under a third, you other logins things can get really confusing. A windows client will not have this problem, as windows is not multi-user. smbumount can allow only the mounting user or root to unmount the share. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: SMB mount point hangs
-Original Message- From: Oded Arbel [mailto:[EMAIL PROTECTED] On Sunday 27 July 2003 22:37, Arik Baratz wrote: [snip] Did anyone encounter this before? Yes, can't tell you why or how to fix it, but if you can't unmount the share, you can kill -9 the smbmount process. Actually I managed to kill it with a TERM signal (-15) and the process died It did not, however, cause the mountpoint to clear up. It is still unusable. I had to mount using a different mountpoint, but this is clearly not a solution. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: SMB mount point hangs
1. Do you get a valid responce when do: nmblookup win2000host [EMAIL PROTECTED] arikb]$ nmblookup -A arikb.vidius.co.il Looking up status of 10.0.3.2 ARIKB 00 - M ACTIVE VIDIUS-IL 00 - GROUP M ACTIVE ARIKB 03 - M ACTIVE ARIKB$ 03 - M ACTIVE ARIKB 20 - M ACTIVE VIDIUS-IL 1e - GROUP M ACTIVE INet~Services 1c - GROUP M ACTIVE IS~ARIKB00 - M ACTIVE 2. Do you use WINS (Samba pre 3.0 is closer in nature to Windows NT then to Windows 2000, and will use WINS), and who is the WINS server? I use both WINS and DNS, both are updated correctly and give the same result (my WINS server is 10.0.0.32): [EMAIL PROTECTED] arikb]$ nmblookup -A arikb -U 10.0.0.32 Looking up status of 10.0.3.2 ARIKB 00 - M ACTIVE VIDIUS-IL 00 - GROUP M ACTIVEARIKB 03 - M ACTIVE ARIKB$ 03 - M ACTIVE ARIKB 20 - M ACTIVE VIDIUS-IL 1e - GROUP M ACTIVE INet~Services 1c - GROUP M ACTIVE IS~ARIKB00 - M ACTIVE Also check the following: 1. Has the share (mount) been unused for over a week? (Windows cycles host credentials once a week) It's been mounted for over a week, but used during this period. How come my Win2K can maintain a share window open for this amount of time but SAMBA can't? And if the credentials are incorrect, why can't I unmount? 2. Has the user information under which the mount taken place changed? Now that you've mentioned it, I recently replaced my password (in Active Direcory). I will test it again, because I am pretty sure that I have had that happen even between password changes (our policy is 45 days). And then again: So the credentials don't match; so what? Why prevent me from unmounting it? Can I change the credentials in smbmount while the folder is mounted? Thanks for the info and for your help. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: SMB mount point hangs
-Original Message- From: Gil Freund [mailto:[EMAIL PROTECTED] [snip] More to the point: You cannot change credentials on a monted CIFS share. Even in Windows, if you changed your password while logged in, you will find that network shares will act in an unpredicted manner (Some will work, some will not, as windows caches the credentials). the smbmount command is acts as a proxy between the unix mount and the CIFS file system. If the credentials have changed, samba cannot determine the state of the share and returns the actual mount (or umount) an invalid state. I can dig that, but this behaviour is IMHO not acceptable. If I do something as a regular user, I should not need root privileges to tidy it up. If smbmount (which is SUID root) messes up my mount point, and I need to be root to clear it up, I cannot for instance allow regular users to mount CIFS filesystems. Short: If it messed things up, it should be able to fix them. For instance - allow smbumount to unmount it regardless of the credentials. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
SMB mount point hangs
Hello folks When I mount an SMB share over the network from a 2000 machine, after a few days the mount point becomes unreachable, to the point that stat () on the mount point fails. Furthermore it cannot be unmounted. Did anyone encounter this before? -- Arik kernel-secure-2.4.19.16mdk-1-1mdk samba-server-2.2.6-1.0.pre2.2mdk samba-client-2.2.6-1.0.pre2.2mdk samba-winbind-2.2.6-1.0.pre2.2mdk samba-swat-2.2.6-1.0.pre2.2mdk samba-common-2.2.6-1.0.pre2.2mdk mount-2.11u-1mdk Windows 2000 Professional / SP2 [EMAIL PROTECTED] arikb]$ stat mnt stat: cannot stat `mnt': Input/output error [EMAIL PROTECTED] arikb]$ smbumount mnt Could not umount mnt: Device or resource busy [EMAIL PROTECTED] arikb]$ ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: [OT] Public wifi access
[lotastuff deleted]
Internet Explorer needs to be used on public hotspots where
authentication is
web based (haven't seen those in Israel, but it's the common hotspot
authentication mechanism abroad). Many of those
authentication gateways
simply hijack your browser to the authentication page.
Konquerrer and
mozilla seem to be less hijackable than IE, and therefore
you may need IE
for some hotspots.
A. If you're in Ra'anana you can drop by my company for 5 minutes, I'll let you use my
AP for the test.
B. The 'hijacking' thingie is done using port redirection, and it works with EVERY
browser. The web server might not serve Mozilla-compatible pages, but I never
encountered one that did not, and I've been places. My Mozilla works fine.
C. Get an iPASS account, and install their dialer (if it works with WINE). There are
some access points that work only with iPASS, and I didn't see any charge in my iPASS
account for them (Narita airport, Japan is one example). Getting an iPass account is
easy and free (at least in Barak, where I tried).
-- Arik
**
This email and attachments have been scanned for
potential proprietary or sensitive information leakage.
PortAuthority(TM) Server
Keeping Information Inside
Vidius, Inc.
www.vidius.com
**èº{.nÇ+·¬zwfj)m¢X§»¥ê®zËe{±¢¸Ø^{.nÇ+·¢Ø^ë,j¡»§¶¢i§²æìr¸zf¢X§»¥ê®zËe{±¢¸�
RE: [OT] Public wifi access
A. If you're in Ra'anana you can drop by my company for 5 minutes, I'll let you use my AP for the test. Thanks :-) Next time I come to visit Guy... Amazing. It seems like everybody knows him. I hope your card supports WEP, because that's what we use. B. The 'hijacking' thingie is done using port redirection, and it works with EVERY browser. The web server might not serve Mozilla-compatible pages, but I never encountered one that did not, and I've been places. My Mozilla works fine. Can you elaborate on that? (off list, pehaps, as I'm sure there aren't many people who are really interested) I'm just curious about it. Yes, sure. It's the same trick used when using transparent proxy. First you get an IP address from a private range, and DNS server using DHCP. Then there are rules that rewrite the destination address. They do it for all unknown MAC addresses. The new address points to themselves, where there is a web server with the appropriate script. What you actually do is go to your homepage (mine's google for example). They allow DNS traffic, so resolution is no problem. Then the address is rewritten so you actually see the logon screen. The equivalent iptables rule is: iptables -A PREROUTING -t nat -s 10.0.0.0/8 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 80 Then after you login, the rule is no longer valid for your MAC address, hence you undergo routing as usual. Anyway, it didn't work with my mozilla, but there could be hundreds of reasons for that (Narita airport, for example, has a submission form that didn't work for me for anything that wasn't IE). Mozilla isn't my primary browser, so you're probably right to assume it was a configuration problem on my part. Like I said I used iPass for Narita. There are many other places (Starbucks on the west coast, many European airports) that worked perfectly with konquerrer, so I guess there are different versions. Perhaps. Since you mention Narita: no need to use the dialer there, you can easily input the iPass name and password using the web interface. I totally agree about the advantage of iPass: but has here got iPass working under Linux? (I'd really rather not use their dialer under WINE). Frankly I used Windows XP and iPass, so I don't know. But while I was there I saved some dumps of the communication between the iPass client and the server, and they seem like regular HTTP. I don't have those logs, but maybe it's worth reverse-engineering. -- Arik ** This email and attachments have been scanned for potential proprietary or sensitive information leakage. PortAuthority(TM) Server Keeping Information Inside Vidius, Inc. www.vidius.com ** To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
