Re: ISP recommendation in Israel - geek-friendly & IPv6
I do not know, I only know to begin with my external ip was a private one (if I remember correctly it was 172.x.x.x) On Sun, Apr 16, 2023 at 2:50 PM wrote: > On Sunday, 16 April 2023 9:07:10 IDT Erez D wrote: > > You look for a Fixed ipv4 IP, Note that some ISPs do not give you even a > > real IP but you are already behind NAT and can't even use Dynamic DNS. > > > > Carrier grade NAT or something else ? > > > > > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: ISP recommendation in Israel - geek-friendly & IPv6
You look for a Fixed ipv4 IP, Note that some ISPs do not give you even a real IP but you are already behind NAT and can't even use Dynamic DNS. With HOT they gave me a non-real IP and I needed to persuade them to change it to a real one (I do not need a real one as I am using DynDNS) At the end they gave me a real IP with no extra cost Erez. On Sat, Apr 15, 2023 at 10:10 AM Lionel Élie Mamane wrote: > Hi, > > What would you recommend as a geek-friendly ISP for a "consumer price > level" glass fiber-based Internet connection in Israel, in Qesarya > specifically? I'd like to have dual stack IPv4 + IPv6, with one fixed > IPv4 address and a fixed IPv6 prefix (whatever it is one gets as > standard... a /48, a /56...). Not sure if I can hope for competent > customer support in English, but if that exists, even better. > > My family currently has Bezeq with a fixed IPv4 in our "2nd home / > vacation home", that was setup by a local guy that knows a guy that > knows a guy that knows my mother, without my intervention, supposed to > be a "surprise we got fast Internet now, you can now spend more time > in Israel and work remotely" for me, and well... I'd like us to > upgrade to something better. The guy tells me that if we activate IPv6 > on our Bezeq connection, we will not only loose the fixed IPv4 > address, but also be behind double (carrier-grade, I assume) NAT, > which would be major suckage. Is that true? Anyone has experience with > that? > > Is it realistic to hope significantly less than 100ms ping times to > Western Europe from Israel? That's what I currently get, and in usage > as "remote desktop" / VNC / ssh sessions (with graphical / X11 > programs running over the link), this kind of lag is really felt... > > Thanks in advance, > > Lionel > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
porting a new camera and chipset to linux
hi I want to port a new camera and chipset to linux I searched the web but all i could find is how to setup your camera or port already supported chipset for new cameras does anyone has pointers for me to start with (other than reading the kernel source) Thanks, Erez ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: strange network problem
On Tue, Jan 11, 2022 at 3:14 PM Ohad Levy wrote: > > > On Tue, Jan 11, 2022 at 11:26 AM Erez D wrote: > >> >> >> On Tue, Jan 11, 2022 at 9:29 AM Ohad Levy wrote: >> >>> >>> >>> On Tue, Jan 11, 2022 at 9:19 AM Erez D wrote: >>> >>>> The windows 169.25. ip is from APIPA and not from any DHCP server >>>> (ipconfig does not specify a dhcp server). >>>> to be on the safe side I verified udp port 67 is unused on my mac (via >>>> netstat, fuser and socat) >>>> >>>> what boggles me is why can't the window machine access the router and >>>> get an ip when the mac is sleeping >>>> >>>> as the AP switch is layer 2, i would susspect the switch disables the >>>> windows machin for some reason, >>>> e.g. it sees the same mac address from another port or detects abuse of >>>> somewhat from the windows eth port >>>> however i do not understand how is this related to the mac sleeping >>>> >>>> I thought the AP switch maybe defective but puting another GB switch >>>> instead causes the same results ... >>>> >>> >>> can you run tcpdump on your router? does it show the dhcp requests from >>> your windows machine? >>> >> Alas, No. I know it is sacrilege but I use a hot cable modem/router. >> I do not have hardware that can support 500Mb to be used as a linux >> firewall ... >> > openwrt :) > I'm probably getting old, in my time running openwrt required hardware to run on ;-) > > but technically, if you have a 3rd machine, you should be able to see dhcp > requests being broadcasted on layer2 > > I'll try that though i do not understand why there should be a difference if my mac is up or not ... Thanks > >> Thanks, >> Erez. >> >> >>>> why do you thing HOMEGROUP is related ? it is a higher layer protocol >>>> when the problems seems to me on layer 2 >>>> >>>> Thanks, >>>> Erez >>>> >>>> >>>> >>>> >>>> On Tue, Jan 11, 2022 at 8:36 AM wrote: >>>> >>>>> On Monday, 10 January 2022 19:30:55 IST Erez D wrote: >>>>> > I've encountered a network problem >>>>> > >>>>> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP >>>>> > (switch mode). >>>>> > a third eth from the AP goes to the router which is also a DHCP >>>>> server >>>>> > >>>>> > everything works well until the mac goes to sleep. >>>>> > when the mac goes to sleep, the win10 machine looses it's ip address >>>>> > which becomes a 169. address >>>>> > >>>>> > as soon as i wake the mac up, the win machine regain a valid >>>>> 10.0.0.x ip >>>>> > >>>>> > i tried to replace the AP with a 4 port switch and got same results >>>>> > >>>>> > >>>>> > any idea ? >>>>> > >>>>> >>>>> IP in the 169.254.0.0/16 range is related to bonjour protocol , it >>>>> is a link local communication. >>>>> >>>>> your windows would move to a bonjur ip in many cases but most common >>>>> that can happen if your machine has a bonjour service enabled and an >>>>> Ethernet card with dhcp that can not get an ip from the router. >>>>> >>>>> 1. Check if when the mac is running your windows machine got it's ip >>>>> from the mac and not from the router. in some cases mac can have dhcpd >>>>> running on it, if that is the case you should disable it if you do not >>>>> need >>>>> it. >>>>> 2. Check if homegroup is enabled on win10, if it is disable it (by >>>>> version 1803 it is no longer active by default, but you could have hacked >>>>> to enable it). >>>>> >>>>> >>>>> ___ >>>> Linux-il mailing list >>>> Linux-il@cs.huji.ac.il >>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >>>> >>> ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: strange network problem
On Tue, Jan 11, 2022 at 9:29 AM Ohad Levy wrote: > > > On Tue, Jan 11, 2022 at 9:19 AM Erez D wrote: > >> The windows 169.25. ip is from APIPA and not from any DHCP server >> (ipconfig does not specify a dhcp server). >> to be on the safe side I verified udp port 67 is unused on my mac (via >> netstat, fuser and socat) >> >> what boggles me is why can't the window machine access the router and get >> an ip when the mac is sleeping >> >> as the AP switch is layer 2, i would susspect the switch disables the >> windows machin for some reason, >> e.g. it sees the same mac address from another port or detects abuse of >> somewhat from the windows eth port >> however i do not understand how is this related to the mac sleeping >> >> I thought the AP switch maybe defective but puting another GB switch >> instead causes the same results ... >> > > can you run tcpdump on your router? does it show the dhcp requests from > your windows machine? > Alas, No. I know it is sacrilege but I use a hot cable modem/router. I do not have hardware that can support 500Mb to be used as a linux firewall ... Thanks, Erez. >> why do you thing HOMEGROUP is related ? it is a higher layer protocol >> when the problems seems to me on layer 2 >> >> Thanks, >> Erez >> >> >> >> >> On Tue, Jan 11, 2022 at 8:36 AM wrote: >> >>> On Monday, 10 January 2022 19:30:55 IST Erez D wrote: >>> > I've encountered a network problem >>> > >>> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP >>> > (switch mode). >>> > a third eth from the AP goes to the router which is also a DHCP server >>> > >>> > everything works well until the mac goes to sleep. >>> > when the mac goes to sleep, the win10 machine looses it's ip address >>> > which becomes a 169. address >>> > >>> > as soon as i wake the mac up, the win machine regain a valid 10.0.0.x >>> ip >>> > >>> > i tried to replace the AP with a 4 port switch and got same results >>> > >>> > >>> > any idea ? >>> > >>> >>> IP in the 169.254.0.0/16 range is related to bonjour protocol , it is >>> a link local communication. >>> >>> your windows would move to a bonjur ip in many cases but most common >>> that can happen if your machine has a bonjour service enabled and an >>> Ethernet card with dhcp that can not get an ip from the router. >>> >>> 1. Check if when the mac is running your windows machine got it's ip >>> from the mac and not from the router. in some cases mac can have dhcpd >>> running on it, if that is the case you should disable it if you do not need >>> it. >>> 2. Check if homegroup is enabled on win10, if it is disable it (by >>> version 1803 it is no longer active by default, but you could have hacked >>> to enable it). >>> >>> >>> ___ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: strange network problem
The windows 169.25. ip is from APIPA and not from any DHCP server (ipconfig does not specify a dhcp server). to be on the safe side I verified udp port 67 is unused on my mac (via netstat, fuser and socat) what boggles me is why can't the window machine access the router and get an ip when the mac is sleeping as the AP switch is layer 2, i would susspect the switch disables the windows machin for some reason, e.g. it sees the same mac address from another port or detects abuse of somewhat from the windows eth port however i do not understand how is this related to the mac sleeping I thought the AP switch maybe defective but puting another GB switch instead causes the same results ... why do you thing HOMEGROUP is related ? it is a higher layer protocol when the problems seems to me on layer 2 Thanks, Erez On Tue, Jan 11, 2022 at 8:36 AM wrote: > On Monday, 10 January 2022 19:30:55 IST Erez D wrote: > > I've encountered a network problem > > > > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP > > (switch mode). > > a third eth from the AP goes to the router which is also a DHCP server > > > > everything works well until the mac goes to sleep. > > when the mac goes to sleep, the win10 machine looses it's ip address > > which becomes a 169. address > > > > as soon as i wake the mac up, the win machine regain a valid 10.0.0.x ip > > > > i tried to replace the AP with a 4 port switch and got same results > > > > > > any idea ? > > > > IP in the 169.254.0.0/16 range is related to bonjour protocol , it is a > link local communication. > > your windows would move to a bonjur ip in many cases but most common that > can happen if your machine has a bonjour service enabled and an Ethernet > card with dhcp that can not get an ip from the router. > > 1. Check if when the mac is running your windows machine got it's ip from > the mac and not from the router. in some cases mac can have dhcpd running > on it, if that is the case you should disable it if you do not need it. > 2. Check if homegroup is enabled on win10, if it is disable it (by version > 1803 it is no longer active by default, but you could have hacked to enable > it). > > > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
OT: strange network problem
I've encountered a network problem i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP (switch mode). a third eth from the AP goes to the router which is also a DHCP server everything works well until the mac goes to sleep. when the mac goes to sleep, the win10 machine looses it's ip address which becomes a 169. address as soon as i wake the mac up, the win machine regain a valid 10.0.0.x ip i tried to replace the AP with a 4 port switch and got same results any idea ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: disabling ipv6
as I said, best is a firewall, however GBE capable pfsense HW starts at 1000 NIS + need at least another 200 for an AP, this 1k NIS i wanted to save if i could find a satisfying solution however in HOT 4 router i can't disable or firewall ipv6, so i thought a simple dhcpv6 server could solve my problem ... On Sun, Nov 7, 2021 at 10:52 AM Rabin Yasharzadehe wrote: > For best control you should go with the option of splitting the ISP router > to only act as modem, and have a FW like PFsense/OpenSense for the rest > (FW,DHCP 4/6, DNS, ). > and have several wireless APs spread across the house, which act only as > AP base stations. It's a bit more expensive, but it will give you the peace > of mind you are looking for. > > > > > -- > Rabin > > > On Sun, 7 Nov 2021 at 10:28, Erez D wrote: > >> Hello >> >> I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't >> turn off. >> I have a few issues with ipv6: >> 1. no NAT so all my devices are accessible from outside >> 2. can't redirect DNS traffic to my DNS server >> >> I thought about adding a firewall, but this way i need a small >> fast-enough HW for this which is expensive, as well as disable HOT's router >> wifi so i actually need a wifi router ... >> >> can't i just install a dhcpv6 server on an RPi, which will hijack the >> default route and DNS servers, and so actually disable ipv6 ? >> >> Thanks, >> Erez. >> ___ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
disabling ipv6
Hello I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't turn off. I have a few issues with ipv6: 1. no NAT so all my devices are accessible from outside 2. can't redirect DNS traffic to my DNS server I thought about adding a firewall, but this way i need a small fast-enough HW for this which is expensive, as well as disable HOT's router wifi so i actually need a wifi router ... can't i just install a dhcpv6 server on an RPi, which will hijack the default route and DNS servers, and so actually disable ipv6 ? Thanks, Erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT] Any Cellphone providers have a non-NAT option
last time i checked (a year ago) with celcom, it depended on the APN sphone - used NAT internetg - did not use NAT On Fri, Jun 2, 2017 at 1:12 AM, E.S. Rosenbergwrote: > Hi all, > I was told by Bezeq that they currently don't have infrastructure > where I am living so I'm looking at using a cellular modem instead. > Ideally I'd like to have some remote access to home but if the > Cellular network is Carrier Grade NAT I can forget about that (unless > I create a reverse SSH tunnel from one of my servers which I guess can > be an option). > > Is any carrier offering 3/4G with real IP(v6) addresses? > Thanks, > Eliyahu - אליהו > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: single threaded web servers
On Sat, Jul 2, 2016 at 2:00 PM, guy keren <guy.choo.ke...@gmail.com> wrote: > > https://en.wikipedia.org/wiki/Thttpd dont know if it fits my requierments but last version dated 2014 > > > and > > https://www.lighttpd.net/ uses fastcgi. fastcgi is multithreaded. > > > both existed before anyone used javascript on server side, as far as i know > > (and they are written in C, not C++) > > --guy > > > On 07/02/2016 10:49 AM, Erez D wrote: > >> doing some research on servers i found out that i can handle more >> connections simultaneously as single threaded. >> on thread per connection i have a huge overhead, just think of the >> default 2MB stack per connection - 1000 connections is 2GB ram just for >> stack. >> however as single threaded, i can server connections by the 10,000s(or >> even a million). >> >> later to my surprise, i found out that that was exactly one of the main >> considerations behind node.js >> >> but node.js requires code in js. and i am more of a c++ guy >> (and of course c++ is more efficient than js) >> >> C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par >> with other modern languages. >> the idea behind c++11/14 was to make it simple for beginners, while >> still keeping the option to control every bit for advanced users. >> one thing i hear people hate about c and c++ is its memory handling >> (malloc/free or new/delete), however in forgot about it years ago using >> shared_ptr ( now in c++11 and before that, use boost instead).. you can >> still control when it is freed if you want (in countrary to >> garbage-disposal-thread languages). as a matter of fact, i use this a >> lot - i create an object that cleans up,. and no matter how i exit the >> function it gets cleaned up. >> >> so i wanted a node.c++ instead of writing my own >> >> in theory simple single threaded web server usage code could look >> something like: >> >> int main() >> { >>auto server=HttpServer::create(80,[](Request ) >> { >>if (request.header=="HelloWorld") >>{ >> HttpResponse(200,"Hello, world"); >>} else { >> File::Read(request,header,[](bool success, string body) >>{ >> if (success) >> HttpResponse(400,body); >>} else { >> HttpResponse(404); >>} >> ); >>} >> } >>); >> } >> >> >> >> >> On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira <amos.shap...@gmail.com >> <mailto:amos.shap...@gmail.com>> wrote: >> >> I'm curious - what's the background of this question? What's the >> original goal that led you to ask this? >> >> On 28 June 2016 at 18:04, Erez D <erez0...@gmail.com >> <mailto:erez0...@gmail.com>> wrote: >> >> i tried searching the web but got no result >> >> what web servers other than node.js are single threaded ? >> anyone has experience with one ? >> is there one in which the cgi is in c++ ? >> >> >> >> >> ___ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il <mailto:Linux-il@cs.huji.ac.il> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> >> >> >> -- >> <http://au.linkedin.com/in/gliderflyer> >> >> >> >> >> ___ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: single threaded web servers
doing some research on servers i found out that i can handle more connections simultaneously as single threaded. on thread per connection i have a huge overhead, just think of the default 2MB stack per connection - 1000 connections is 2GB ram just for stack. however as single threaded, i can server connections by the 10,000s(or even a million). later to my surprise, i found out that that was exactly one of the main considerations behind node.js but node.js requires code in js. and i am more of a c++ guy (and of course c++ is more efficient than js) C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par with other modern languages. the idea behind c++11/14 was to make it simple for beginners, while still keeping the option to control every bit for advanced users. one thing i hear people hate about c and c++ is its memory handling (malloc/free or new/delete), however in forgot about it years ago using shared_ptr ( now in c++11 and before that, use boost instead).. you can still control when it is freed if you want (in countrary to garbage-disposal-thread languages). as a matter of fact, i use this a lot - i create an object that cleans up,. and no matter how i exit the function it gets cleaned up. so i wanted a node.c++ instead of writing my own in theory simple single threaded web server usage code could look something like: int main() { auto server=HttpServer::create(80,[](Request ) { if (request.header=="HelloWorld") { HttpResponse(200,"Hello, world"); } else { File::Read(request,header,[](bool success, string body) { if (success) HttpResponse(400,body); } else { HttpResponse(404); } ); } } ); } On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira <amos.shap...@gmail.com> wrote: > I'm curious - what's the background of this question? What's the original > goal that led you to ask this? > > On 28 June 2016 at 18:04, Erez D <erez0...@gmail.com> wrote: > >> i tried searching the web but got no result >> >> what web servers other than node.js are single threaded ? >> anyone has experience with one ? >> is there one in which the cgi is in c++ ? >> >> >> >> >> ___ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > > > -- > <http://au.linkedin.com/in/gliderflyer> > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: single threaded web servers
if anybody is interested, i found nghttp2 ( https://nghttp2.org/documentation/libnghttp2_asio.html ). On Tue, Jun 28, 2016 at 11:04 AM, Erez D <erez0...@gmail.com> wrote: > i tried searching the web but got no result > > what web servers other than node.js are single threaded ? > anyone has experience with one ? > is there one in which the cgi is in c++ ? > > > > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: single threaded web servers
On Tue, Jun 28, 2016 at 4:39 PM, Baruch Siach <bar...@tkos.co.il> wrote: > Hi Erez, > > On Tue, Jun 28, 2016 at 11:04:49AM +0300, Erez D wrote: > > i tried searching the web but got no result > > > > what web servers other than node.js are single threaded ? > > nginx uses one single threaded process per CPU core to handle HTTP requests > ( > https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/ > ). > > > anyone has experience with one ? > > Not me. > > > is there one in which the cgi is in c++ ? > > Given the nature of CGI you can write CGI programs in any language you > like, > as long as it can write text to standard output file descriptor. > correct, however in such it breaks the 'single process per thread' > > baruch > > -- > http://baruch.siach.name/blog/ ~. .~ Tk Open > Systems > =}ooO--U--Ooo{= >- bar...@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il - > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
single threaded web servers
i tried searching the web but got no result what web servers other than node.js are single threaded ? anyone has experience with one ? is there one in which the cgi is in c++ ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
ot: outsource task offer
hi we are looking for outsourcing a small task: knoledege/experiance required: 1. mariadb galera cluster 2. mariadb replication 3. setting up a server on amazon 4. setting up a server on rackspace please pm me if one is interested. thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
revisioning mysql server
hi i have a running mysql server, and want to be able to restore it to any day, with as little backup space as needed i do mysqldump to the same file every day then commit the file with "svn ci" the idea is that if there are no changes, it takes no space it works well if i just append entries to a database, as svn will just save the changes however, if i insert a record, and for instance the dump file has 5 record at every line then the change is big and actually svn will save most of the file though there is a very small change actually. another issue - if the records hold changing info like timestamps etc. any idea ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Thunderbird + Fribidi
i'm using "bidi mail ui" plugin On 04/02/2016 14:14, Tzafrir Cohen wrote: On Thu, Feb 04, 2016 at 10:24:45AM +0200, Yuval Adam wrote: Is there any nice way to get Thunderbird to automatically process e-mails in Hebrew via Fribidi? (When composing, but possibly when viewing as well) Thunderbird is built on top of the Gecko browser engine. Gecko uses a library called ICU which serves a somewhat similar role to Fribidi. However, from what I know of Thunderbird, it is basically written on top of Gecko, and thus works with HTML, CSS and such. It should already provide good bidirectionality support (and if not: it's a bug that should be fixed). ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Testing my network for vulnerabilities
I would like to tighten my internal network security and to protect against rouge computers on my LAN. Anybody knows of a good tool to scan my network for vulnerabilities ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: persistent private browsing ?
On Tue, Nov 17, 2015 at 12:33 PM, Rabin Yasharzadehe <ra...@rabin.io> wrote: > That's right, Incognito/Privet Browsing mode share the same session. > this is why you need to create a new profile for each case. > > Chrome & Firefox can be configure to run with pre-installed addons, > but you may need to configure them if needed. > but there some extension which allow you to export there settings (so > maybe you can automate the import ?). > do you know which ? > > -- > Rabin > > On 17 November 2015 at 11:19, Erez D <erez0...@gmail.com> wrote: > >> you are correct >> >> however, it is needed to re-configire each and every profile - plugins, >> master password etc >> >> would be nice to have different profiles with some common settings, on >> different tabs on same window ... >> >> btw, i found that even 'private browsing' is not so private as if you >> open multiple tabs or windows of private browsing, they all share the same >> cookies. >> the only thing different about private browsing is that the cookies are >> deleted when all the private browsing sessions end. >> >> On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg <e...@g.jct.ac.il> wrote: >> >>> If I'm not mistaken you should be able to accomplish this by starting >>> Firefox with a different profile (firefox -P or firefox --profile) >>> >>> 2015-11-15 10:36 GMT+02:00 Efraim Flashner <efr...@flashner.co.il>: >>> > I'm using privacy badger to block the following aspects of the >>> different ads, including facebook. Doesn't sandbox them, but does keep them >>> all from following me around the web. I'm also using privoxy with tor to >>> pass my browser traffic through tor, but that's not really going to make a >>> difference in relation to your question. >>> > >>> > >>> > On Sun, 15 Nov 2015 10:26:18 +0200 >>> > Rabin Yasharzadehe <ra...@rabin.io> wrote: >>> > >>> >> I'm using chrome and launch it with a new DATADIR each time. (see here >>> >> < >>> http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension >>> > >>> >> ) >>> >> useful for sites which need flash. >>> >> >>> >> I was having problems downloading the CRX files so now i just point >>> them >>> >> directly in the config file >>> >> and each new Chrome run will download them. >>> >> >>> >> -- >>> >> Rabin >>> >> >>> >> On 15 November 2015 at 10:18, Erez D <erez0...@gmail.com> wrote: >>> >> >>> >> > Hello >>> >> > >>> >> > Today browsers support Private Browsing mode (e.g. sandbox) . >>> however, >>> >> > when i close that window, all it's data is lost, next time i will >>> again >>> >> > need to supply my login, password, etc >>> >> > >>> >> > What i want, is a way to sandbox a site (e.g. facebook), and reopen >>> it >>> >> > tomorrow in the same sandbox. i.e. when i am going to a web page >>> not from >>> >> > that sandbox, if that web page includes pages from facebook, it >>> will not be >>> >> > able to track my facebook identity as i login to facebook only from >>> the >>> >> > sandbox. >>> >> > >>> >> > the only way i can do it right now is by accessing facebook from a >>> >> > different browser than the rest of the pages. >>> >> > >>> >> > however there are many websites (facebook, google twiter etc.) and >>> i do >>> >> > not have so many browsers >>> >> > >>> >> > is there a way to open a private browsing page, and be able to >>> access it >>> >> > again after reopening the browser ? >>> >> > >>> > >>> > -- >>> > Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר >>> > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 >>> > Confidentiality cannot be guaranteed on emails sent or received >>> unencrypted >>> > >>> > ___ >>> > Linux-il mailing list >>> > Linux-il@cs.huji.ac.il >>> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >>> > >>> >> >> > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: portable encypted filesystem
On Tue, Nov 17, 2015 at 12:35 PM, Rabin Yasharzadehe <ra...@rabin.io> wrote: > TrueCrypt ? > just reading about it ;-) however it is unmaintained (should i use veracrypt ? no audit done on it,) and i do not need all this functionality what i liked about ecryptfs is that it is the default ubuntu encryption (which raise my trust in it), and that it encrypts file by file rather than volume (which better fits to running it over dropbox or gdrive) > > -- > Rabin > > On 17 November 2015 at 11:27, Erez D <erez0...@gmail.com> wrote: > >> Hello >> >> It is very nice to hold some data on the cloud accessible from everywhere >> however if i do not want the cloud to have access to it, it requires >> encryption >> >> i could mount gdrive, dropbox or other cloud fs localy >> and mount ecryptfs on it so i have transparent encryption >> >> my only problem is that it works on linux only >> >> does anyone knows a way of having a portable transparent encryption >> which will support linux, and windows ? >> (would be nice if it will also support android (even if i can not >> insmod) and ios) >> >> >> ___ >> Linux-il mailing list >> Linux-il@cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: persistent private browsing ?
you are correct however, it is needed to re-configire each and every profile - plugins, master password etc would be nice to have different profiles with some common settings, on different tabs on same window ... btw, i found that even 'private browsing' is not so private as if you open multiple tabs or windows of private browsing, they all share the same cookies. the only thing different about private browsing is that the cookies are deleted when all the private browsing sessions end. On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg <e...@g.jct.ac.il> wrote: > If I'm not mistaken you should be able to accomplish this by starting > Firefox with a different profile (firefox -P or firefox --profile) > > 2015-11-15 10:36 GMT+02:00 Efraim Flashner <efr...@flashner.co.il>: > > I'm using privacy badger to block the following aspects of the different > ads, including facebook. Doesn't sandbox them, but does keep them all from > following me around the web. I'm also using privoxy with tor to pass my > browser traffic through tor, but that's not really going to make a > difference in relation to your question. > > > > > > On Sun, 15 Nov 2015 10:26:18 +0200 > > Rabin Yasharzadehe <ra...@rabin.io> wrote: > > > >> I'm using chrome and launch it with a new DATADIR each time. (see here > >> < > http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension > > > >> ) > >> useful for sites which need flash. > >> > >> I was having problems downloading the CRX files so now i just point them > >> directly in the config file > >> and each new Chrome run will download them. > >> > >> -- > >> Rabin > >> > >> On 15 November 2015 at 10:18, Erez D <erez0...@gmail.com> wrote: > >> > >> > Hello > >> > > >> > Today browsers support Private Browsing mode (e.g. sandbox) . however, > >> > when i close that window, all it's data is lost, next time i will > again > >> > need to supply my login, password, etc > >> > > >> > What i want, is a way to sandbox a site (e.g. facebook), and reopen it > >> > tomorrow in the same sandbox. i.e. when i am going to a web page not > from > >> > that sandbox, if that web page includes pages from facebook, it will > not be > >> > able to track my facebook identity as i login to facebook only from > the > >> > sandbox. > >> > > >> > the only way i can do it right now is by accessing facebook from a > >> > different browser than the rest of the pages. > >> > > >> > however there are many websites (facebook, google twiter etc.) and i > do > >> > not have so many browsers > >> > > >> > is there a way to open a private browsing page, and be able to access > it > >> > again after reopening the browser ? > >> > > > > > -- > > Efraim Flashner <efr...@flashner.co.il> אפרים פלשנר > > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > Confidentiality cannot be guaranteed on emails sent or received > unencrypted > > > > ___ > > Linux-il mailing list > > Linux-il@cs.huji.ac.il > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
portable encypted filesystem
Hello It is very nice to hold some data on the cloud accessible from everywhere however if i do not want the cloud to have access to it, it requires encryption i could mount gdrive, dropbox or other cloud fs localy and mount ecryptfs on it so i have transparent encryption my only problem is that it works on linux only does anyone knows a way of having a portable transparent encryption which will support linux, and windows ? (would be nice if it will also support android (even if i can not insmod) and ios) ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
persistent private browsing ?
Hello Today browsers support Private Browsing mode (e.g. sandbox) . however, when i close that window, all it's data is lost, next time i will again need to supply my login, password, etc What i want, is a way to sandbox a site (e.g. facebook), and reopen it tomorrow in the same sandbox. i.e. when i am going to a web page not from that sandbox, if that web page includes pages from facebook, it will not be able to track my facebook identity as i login to facebook only from the sandbox. the only way i can do it right now is by accessing facebook from a different browser than the rest of the pages. however there are many websites (facebook, google twiter etc.) and i do not have so many browsers is there a way to open a private browsing page, and be able to access it again after reopening the browser ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
media center
Hi up to about a year ago, for about 10 years, i used mythtv as my media center / PVR the last year or so, i just used HOT's PVR abilities, and they suck I want to go back to using a proper Media Center / PVR, However, many things have changed first, many sources are from the internet, and i have children which english is not their native language, so they need at least translation if not dubbing. second, i need to support multiple TVs and looking for a cheap and good frontend third, MYTHTV is old, not sure if supported very well, and hard to manage I tried looking on the net and found a lot of information on many alternatives which i do not know what to choose from and which hardware to use some people are using KODI (formerly XBMC).It can play movies and videos and can stream, however to record TV it needs a backend (MYTHTV ? ) what hardware do i need for it to work good and stay supported (and cheap as i need many) what alternatives are there ? I also have chromecast, what is it good for other than playing youtube and mirroring your android phone on it there is just too much confusing info on the net can someone shed some light or make some order into the chaos ? thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Back to the Future with C++ and Seastar
On Thu, Apr 2, 2015 at 12:14 AM, Amos Shapira amos.shap...@gmail.com wrote: Hi Nadav, Will it be video taped? Slides made available? That would be great Thanks, --Amos On 2 April 2015 at 05:53, Nadav Har'El n...@math.technion.ac.il wrote: On Wed, Apr 01, 2015, Oleg Goldshmidt wrote about Re: Back to the Future with C++ and Seastar: Nadav Har'El n...@math.technion.ac.il writes: Seastar is an open source (http://www.seastar-project.org/) library. It is based on the concept of futures (like in Node.js, just implemented in a much more efficient way). Part of the talk will also introduce futures, how Seastar implements them in C++, and how much C++ has changed in recent years from what you may remember about it. I might come (close to work :). C++ has futures and promises natively, as a part of its standard library. Can you add a couple of words on how Seastar's futures differ? Sure, though I'm sure Avi will explain it better in his talk :-) The first difference is that C++11's support for futures is incomplete: Futures are supported, but not *continuations*, which are code you want to run when the future value becomes available. C++17 will probably have continuations, but Seastar has them now. The second difference is that C++11's futures are indeed powerful, but not optimized for performance. They make excessive use of allocations, they rely on threads and everything uses atomic operations and locks. Seastar's design, on the other hand, is aimed at modern SMP design, for achieving the top possible performance: Continuations are very lightweight (not based on thread context switching), you write with Seastar a share-nothing server (each core deals with its own data) so no locks, no atomic operations, and very little cache contention. These things make a *huge* difference in performance in modern SMPs - especially when you try to scale up to many cores. The third difference is that Seastar is much more than just an implementation of futures - it is a complete library for writing asynchronous I/O-heavy (network and disk) applications - consider http servers, proxies, nosql servers - any server application you can think of will be much faster if rewritten in Seastar (Avi will present some benchmarks, showing near perfect scalability to 40 cores, 5x speed improvements compared to traditional thought-to-be-efficient applications, etc. Seastar completely bypasses the operating system by using DPDK, but as you may know DPDK only supports L2 packets and has no TCP/IP stack. But that's no longer true: We actually implemented in Seastar a full TCP/IP stack over DPDK, write in Seastar's own futures framework. And Seastar is even more. I'll leave a few surprises for Avi's talk ;-) -- Nadav Har'El| Wednesday, Apr 1 2015, 13 Nisan 5775 n...@math.technion.ac.il |- Phone +972-523-790466, ICQ 13349191 |My opinions may have changed, but not the http://nadav.harel.org.il |fact that I am right. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- http://au.linkedin.com/in/gliderflyer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: compiling kernel module
On Wed, Mar 4, 2015 at 11:09 AM, Leon Romanovsky l...@leon.nu wrote: i tried downloading source from lenovo. they have instructions to compile with: ./mk x2ap n k however i cannot find 'mk' anywhere, not in their tar, not in android sdk nor ndk etc. ./mk is a symlink to ./makeMtk script which is part of Mediatek build system. The script is located at mediatek/build folder. thanks, where do i get Mediatek build system from ? -- Leon Romanovsky | Independent Linux Consultant www.leon.nu | l...@leon.nu ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: compiling kernel module
On Wed, Mar 4, 2015 at 11:55 AM, Leon Romanovsky l...@leon.nu wrote: On Wed, Mar 4, 2015 at 11:12 AM, Erez D erez0...@gmail.com wrote: On Wed, Mar 4, 2015 at 11:09 AM, Leon Romanovsky l...@leon.nu wrote: i tried downloading source from lenovo. they have instructions to compile with: ./mk x2ap n k however i cannot find 'mk' anywhere, not in their tar, not in android sdk nor ndk etc. ./mk is a symlink to ./makeMtk script which is part of Mediatek build system. The script is located at mediatek/build folder. thanks, where do i get Mediatek build system from ? AFAIK It depends on phone/tablet manufacturer, since the build system is not GPL. Generally, you can try to setup it by yourself: 1. Take one of the available builds for other MTK chipset based phones [1]. 2. Download source code which was provided by Lenovo [2]. 3. Built new kernel with platform config from Lenovo's package [3] [1] https://github.com/suribi/Thunder-Kernel [2] http://support.lenovo.com/us/en/products/phones/vibe-series/vibe-x2/downloads/DS101342 [3] bsp/mediatek/config/mt6595/autoconfig/kconfig/platform do you have a link for [3] ? thanks for your help -- Leon Romanovsky | Independent Linux Consultant www.leon.nu | l...@leon.nu -- Leon Romanovsky | Independent Linux Consultant www.leon.nu | l...@leon.nu ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
compiling kernel module
hi i have a rooted lenovo vibe x2. i want to compile a kernel module for it. i did a 'make ARCH=arm CROSS_COMPILE=... M=subdir' and got my module.ko when i insmod, i get: exec format error and dmesg: version magic '3.10.35 mod_unload modversions ARMv7 p2v8 ' should be '3.10.35 SMP preempt mod_unload ARMv7 ' i tried playing with configuration, and got to '3.10.35 SMP preempt mod_unload ARMv7 p2v8 ' however i can not loose the p2v8 this seems to come from: CONFIG_ARM_PATCH_PHYS_VIRT,if i comment out the CONFIG_ARM_PATCH_PHYS_VIRT, it reenables it when i compile. looking further i found: Symbol: ARM_PATCH_PHYS_VIRT [=y] Type : boolean Prompt: Patch physical to virtual translations at runtime Defined at arch/arm/Kconfig:219 Depends on: !XIP_KERNEL [=n] MMU [=y] (!ARCH_REALVIEW [=n] || !SPARSEMEM [=n]) Selected by: ARCH_MXC [=n] || ARCH_PICOXCELL [=n] || ARCH_MULTIPLATFORM [=y] choice MMU i can not disable MMU, as it changes to armv5 disabling ARCH_MULTIPLATFORM means i need to select a processor type any of the 'ARM Ltd.' either doesn't compile or is ignored and i do not know what the 'choice' is i tried downloading source from lenovo. they have instructions to compile with: ./mk x2ap n k however i cannot find 'mk' anywhere, not in their tar, not in android sdk nor ndk etc. and can't find any specific config file. compiling with their source gives the same magic '3.10.35 mod_unload modversions ARMv7 p2v8 ' as the vanilla does any idea anyone ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: DNAT and MASQUERADE
On Mon, Jan 12, 2015 at 8:50 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote: Alternatively you could also have a local dns/local hosts entries that point computerN at computer_1 when they are looking up whatever hostname is resolving to ext_ip nice idea. nut i'm not using DNS for that. also will cause all access to ext_ip to go to computer1 (i may want to forward some ports to computer1 and some to other computers) If they are on the same LAN all normal (sane) security policy will cause the drop of their packets when they are trying to reach ext_ip from inside the network that has ext_ip and you need to bend over backwards to get them accepted.. 2015-01-08 23:02 GMT+02:00 shimi linux...@shimi.net: On Thu, Jan 8, 2015 at 10:43 AM, Erez D erez0...@gmail.com wrote: On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote: hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that If computer1 can access ext_ip:, all you need is to allow ip_forward (/etc/sysctl.conf for permanent, and echo 1 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers have a static route to ext_ip via computer1 Then, in computer1, iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i interface subnet of computers come from ] -s subnet of computers/netmask -p tcp --dport -j MASQUERADE should do... (of course, assuming the iptables FORWARD chain is not dropping those packets; otherwise you'ld need an ACCEPT rule there, too...) HTH, -- Shimi And on a second read, I think I got you wrong and the purpose was to access computer1 port (hopefully listening on 0.0.0.0) from computersN by using the external IP from the inside? yes couputerN default route is the linux firewall. without any rules on linux firewall, it will forward packets from computer1 destined to ext_ip to NAT1. and they will not reach computer1 att all, so rules on computer 1 are useless. Doing a DNAT on linux firewall will direct the packets to computer1, however computer 1 will know comuterN and will reply directly without going through linux firewall, and computer1 will not match the packets to the original connection. But if you create a static route on computerN towards the external IP via computer1 like I suggested, then these connections will not get to linux firewall at all, rather then get to computer1 (I'm assuming they're on the same L2 and share IP addresses in the same IP subnet) - so rules on computer1 will apply, wouldn't they? What am I missing? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: DNAT and MASQUERADE
On Thu, Jan 8, 2015 at 11:02 PM, shimi linux...@shimi.net wrote: On Thu, Jan 8, 2015 at 10:43 AM, Erez D erez0...@gmail.com wrote: On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote: hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that If computer1 can access ext_ip:, all you need is to allow ip_forward (/etc/sysctl.conf for permanent, and echo 1 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers have a static route to ext_ip via computer1 Then, in computer1, iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i interface subnet of computers come from ] -s subnet of computers/netmask -p tcp --dport -j MASQUERADE should do... (of course, assuming the iptables FORWARD chain is not dropping those packets; otherwise you'ld need an ACCEPT rule there, too...) HTH, -- Shimi And on a second read, I think I got you wrong and the purpose was to access computer1 port (hopefully listening on 0.0.0.0) from computersN by using the external IP from the inside? yes couputerN default route is the linux firewall. without any rules on linux firewall, it will forward packets from computer1 destined to ext_ip to NAT1. and they will not reach computer1 att all, so rules on computer 1 are useless. Doing a DNAT on linux firewall will direct the packets to computer1, however computer 1 will know comuterN and will reply directly without going through linux firewall, and computer1 will not match the packets to the original connection. But if you create a static route on computerN towards the external IP via computer1 like I suggested, then these connections will not get to linux firewall at all, rather then get to computer1 (I'm assuming they're on the same L2 and share IP addresses in the same IP subnet) - so rules on computer1 will apply, wouldn't they? What am I missing? 1. this means that i need to put static routes on computerN which is computer2 .. computer99, which some are linux, some windows, some android, some iphone, etc ... the same thing can be acheved by adding a static route on linux firewall to do the same 2. computer 1 will receive packets destined to ext_ip, so they will be ignored. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Audio streaming
can you elaborate on what are you trying to do do you want to stream from android to linux or vice versa or somthing else whatsoever (maybe we can enjoy your setup as well) On Sat, Jan 10, 2015 at 12:38 AM, David Harel harel...@gmail.com wrote: Eventually I succeeded using yaacc which I found on fdroid. For client side I prefer the onkyo remote for now. Thanks for the lead. On Jan 9, 2015 8:06 PM, Amichai Rotman amic...@iglu.org.il wrote: Is this what you are looking for? https://play.google.com/store/apps/details?id=es.mediaserver Amichai. 2015-01-09 17:24 GMT+02:00 David Harel harel...@gmail.com: Greetings, I am trying to setup an audio server using a scrap android Teac Accord 714b tablet running android 4.1.1 I am looking for recommendation on server side app that can receive audio streams on local WiFi home network from android phones used by our family. Thanks ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: DNAT and MASQUERADE
On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote: hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that If computer1 can access ext_ip:, all you need is to allow ip_forward (/etc/sysctl.conf for permanent, and echo 1 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers have a static route to ext_ip via computer1 Then, in computer1, iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i interface subnet of computers come from ] -s subnet of computers/netmask -p tcp --dport -j MASQUERADE should do... (of course, assuming the iptables FORWARD chain is not dropping those packets; otherwise you'ld need an ACCEPT rule there, too...) HTH, -- Shimi And on a second read, I think I got you wrong and the purpose was to access computer1 port (hopefully listening on 0.0.0.0) from computersN by using the external IP from the inside? yes If so, did: couputerN default route is the linux firewall. without any rules on linux firewall, it will forward packets from computer1 destined to ext_ip to NAT1. and they will not reach computer1 att all, so rules on computer 1 are useless. Doing a DNAT on linux firewall will direct the packets to computer1, however computer 1 will know comuterN and will reply directly without going through linux firewall, and computer1 will not match the packets to the original connection. iptables -I PREROUTING -i interface of computersN subnet -s subnet of computers/netmask -p tcp --dport -j REDIRECT --to-port not work? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
DNAT and MASQUERADE
hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that anyone ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
udev persistance promblems
I have a strange problem when i insert my wlan usb dongle, I get wlan0. if i remove and reinsert, i get wlan1 next time - wlan2 etc.. if i look at /etc/udev/rules.d/*Persistance* i see multiple lines that are completely identical, except the wlan number any idea ? any idea of how to debug this ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: udev persistance promblems
On Wed, Dec 10, 2014 at 12:34 PM, shimi linux...@shimi.net wrote: On Wed, Dec 10, 2014 at 12:30 PM, Erez D erez0...@gmail.com wrote: I have a strange problem when i insert my wlan usb dongle, I get wlan0. if i remove and reinsert, i get wlan1 next time - wlan2 etc.. if i look at /etc/udev/rules.d/*Persistance* i see multiple lines that are completely identical, except the wlan number any idea ? any idea of how to debug this ? it auto generates a rule on first wlan insertion it doesn't honor the above rule on the second insertion, but generates a new identical one etc ... But, do you have a specific rule that forces this specific dongle to be wlan0? i.e. by direct identification of it, like by MAC or Manufacturer ID? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
good free dynamic dns server ?
hi i am currently using no-ip.org as a free dynamic dns server for my home. however it has the annoying feature of sending me the following emails: Please confirm your hostname now or it will be deleted anyone knows of a good free dyndns server ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Xml grabber for hot
I had an xml grabber for hot (someone wrote it for .net few years ago and i ran it with mono but it stopped working) Anyone knows of a working one ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
shell shock
just read about the new linux bug in ynet found out it is a bash exploit just fyi, see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: shell shock
On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi dol...@yahoo.com wrote: Yes its all over the place. that is why I was suprised it was not mentioned in linux-il ;-) For people with web sites, you can use the following online shellshock tester website to check if you are vulnerable in the following url: https://shellshock.detectify.com -- Original message-- *From: *Erez D *Date: *Sat, Sep 27, 2014 16:25 *To: *linux-il; *Subject:*shell shock just read about the new linux bug in ynet found out it is a bash exploit just fyi, see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
cgi bg
hi i have a php cgi scripts that 1. generates an http response , this takes less than a second 2. do some stuff that may take some time, lets say a minute when posting to that cgi, although the html is returned in less then a second, the request is not closed until the minute has passed. i want the http transaction to be closed when done (i.e. less than a minute) but the php script to continue it's action (e.g. the minute it takes) can i do it in php ? i.e. flush, or send eof, which will finish the request but leave the php running until done ? thanks erez ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: cgi bg
On Mon, Aug 25, 2014 at 10:29 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, Did you include the response header Connection: close ? yes - yba On Mon, 25 Aug 2014, Erez D wrote: Date: Mon, 25 Aug 2014 10:25:49 +0300 From: Erez D erez0...@gmail.com To: linux-il linux-il@cs.huji.ac.il Subject: cgi bg hi i have a php cgi scripts that 1. generates an http response , this takes less than a second 2. do some stuff that may take some time, lets say a minute when posting to that cgi, although the html is returned in less then a second, the request is not closed until the minute has passed. i want the http transaction to be closed when done (i.e. less than a minute) but the php script to continue it's action (e.g. the minute it takes) can i do it in php ? i.e. flush, or send eof, which will finish the request but leave the php running until done ? thanks erez -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo- ---{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: cgi bg
thanks, not so easy to use, as i can not use stdout anymore but it works. On Mon, Aug 25, 2014 at 10:57 AM, shimi linux...@shimi.net wrote: On Mon, Aug 25, 2014 at 10:25 AM, Erez D erez0...@gmail.com wrote: hi i have a php cgi scripts that 1. generates an http response , this takes less than a second 2. do some stuff that may take some time, lets say a minute when posting to that cgi, although the html is returned in less then a second, the request is not closed until the minute has passed. The request will end when PHP will tell its upstream that it has ended. After all, it may still produce output, which the client is supposed to receive. i want the http transaction to be closed when done (i.e. less than a minute) but the php script to continue it's action (e.g. the minute it takes) can i do it in php ? i.e. flush, or send eof, which will finish the request but leave the php running until done ? You could at the worst case execute the code from an external file with a system() and backgrounded (append to the command), a solution that will always work (but is ugly). An alternative approach which was possible in the past was to use http://php.net/register-shutdown-function to handle the request 'cleanup' (which is what I assume you are trying to do) - but since PHP 4.1 this stuff is no longer possible because now this can also send output to the client. Assuming you have a newer PHP... which is highly likely... you could try this instead: ?php ob_end_clean(); header(Connection: close); ignore_user_abort(); // optional ob_start(); echo ('Text the user will see'); $size = ob_get_length(); header(Content-Length: $size); ob_end_flush(); // Strange behaviour, will not work flush();// Unless both are called ! // Do processing here sleep(30); echo('Text user will never see'); ? ( Shamelessly copied from http://php.net/connection-handling ) The idea is to buffer all the response in memory, then measure the buffer size of the response, then tell that to the server/client, and also let the connection to not support keep-alive. Then throw everything to the client. Since the response is of a given size, and the server/client has got all of it, it has nothing to do further with the server, so it has no reason not to close the socket. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Q: suspend and resume a usb device from command line
On Thu, Aug 14, 2014 at 3:45 PM, Dolev Farhi dol...@yahoo.com wrote: Have a look here: http://unix.stackexchange.com/questions/63199/how-to-disable-usb-devices-based-on-vendor-id-in-linux-environment although it does not do what i wanted. it is still interesting to know. especially the link at the end of answer 1 it seems to be answering your request On Thu, 8/14/14, Erez D erez0...@gmail.com wrote: Subject: Q: suspend and resume a usb device from command line To: linux-il linux-il@cs.huji.ac.il Date: Thursday, August 14, 2014, 1:22 PM i searched and could not find a solution i need to suspend a specific usb device, and later resume it i have no 'power/level' or 'power/pm_qos_no_power_off' under /sys/bus/usb/devices/... does anyone know how i can achieve this ? -Inline Attachment Follows- ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Q: suspend and resume a usb device from command line
i searched and could not find a solution i need to suspend a specific usb device, and later resume it i have no 'power/level' or 'power/pm_qos_no_power_off' under /sys/bus/usb/devices/... does anyone know how i can achieve this ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
1. only refer to non-privileged ports 2. btw, ssh will warn you if the server cert changes, so if someone takes the port for it's ssh server, you will know i'll still stick with a non standard privileged port. On Tue, Jul 22, 2014 at 3:47 PM, Guy Gold guy1g...@gmail.com wrote: On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote: Hi Erez, On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote: it is not even a dynamic ip, it is a private ip behind a dynamic one Then, what Eliyahu wrote should serve you a perfect solution. Although this can become a flame-war :) Source: https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ ==Begin quote == But there are more reasons why this is a bad idea and one of the most important reason has to do with a bit of the (Linux) way of handling TCP/IP ports. When you are logged onto a system as a non-root user (anyone not being uid 0), you cannot create a listing TCP or UDP port below 1024. This is because port numbers below 1024 are so-called privileged ports and can only be opened by root or processes that are running as root. So for instance, when your webserver (apache, nginx etc) will start, it will do so as the privileged root user in order to open up a listening connection to port 80 (the port that by default will be used for HTTP traffic). Now, as soon as the port is opened and everything that needs to be done as root is done, the webserver will fall back to a non-privileged user (either the www-data, apache, or nobody user). From that point, when something bad is happening, it is only limited to the rights that that user has. Now, back to SSH: when we start SSH on port 22, we know for a fact that this is done by root or a root-process since no other user could possibly open that port. But what happens when we move SSH to port ? This port can be opened without a privileged account, which means I can write a simple script that listens to port and mimics SSH in order to capture your passwords. And this can easily be done with simple tools commonly available on every linux system/server. So running SSH on a non-privileged port makes it potentially LESS secure, not MORE. You have no way of knowing if you are talking to the real SSH server or not. This reason, and this reason alone makes it that you should NEVER EVER use a non-privileged port for running your SSH server. ==End quote== Reading the whole page is recommended. Though, some of Joshua Thijssen's points can be argued against (not by myself, but I'm sure some folks can find some caveats in his article). I tend to agree with what he points out. I do acknowledge that SBO (security by...) divides quite a bit sysadmins apart. Some live by it, and some, well, ridicule it, and for them, seeing another sysadmin use such method is a tell sign of anachronism. The beauty is that we can all choose, and what is important is being informed. -- Guy Gold ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
and i forgot: what if my router redirect any port to my computer's port 22 ? this can be a non priviledge port if only i have access to the router settings ... On Wed, Jul 23, 2014 at 11:44 AM, Erez D erez0...@gmail.com wrote: 1. only refer to non-privileged ports 2. btw, ssh will warn you if the server cert changes, so if someone takes the port for it's ssh server, you will know i'll still stick with a non standard privileged port. On Tue, Jul 22, 2014 at 3:47 PM, Guy Gold guy1g...@gmail.com wrote: On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote: Hi Erez, On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote: it is not even a dynamic ip, it is a private ip behind a dynamic one Then, what Eliyahu wrote should serve you a perfect solution. Although this can become a flame-war :) Source: https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ ==Begin quote == But there are more reasons why this is a bad idea and one of the most important reason has to do with a bit of the (Linux) way of handling TCP/IP ports. When you are logged onto a system as a non-root user (anyone not being uid 0), you cannot create a listing TCP or UDP port below 1024. This is because port numbers below 1024 are so-called privileged ports and can only be opened by root or processes that are running as root. So for instance, when your webserver (apache, nginx etc) will start, it will do so as the privileged root user in order to open up a listening connection to port 80 (the port that by default will be used for HTTP traffic). Now, as soon as the port is opened and everything that needs to be done as root is done, the webserver will fall back to a non-privileged user (either the www-data, apache, or nobody user). From that point, when something bad is happening, it is only limited to the rights that that user has. Now, back to SSH: when we start SSH on port 22, we know for a fact that this is done by root or a root-process since no other user could possibly open that port. But what happens when we move SSH to port ? This port can be opened without a privileged account, which means I can write a simple script that listens to port and mimics SSH in order to capture your passwords. And this can easily be done with simple tools commonly available on every linux system/server. So running SSH on a non-privileged port makes it potentially LESS secure, not MORE. You have no way of knowing if you are talking to the real SSH server or not. This reason, and this reason alone makes it that you should NEVER EVER use a non-privileged port for running your SSH server. ==End quote== Reading the whole page is recommended. Though, some of Joshua Thijssen's points can be argued against (not by myself, but I'm sure some folks can find some caveats in his article). I tend to agree with what he points out. I do acknowledge that SBO (security by...) divides quite a bit sysadmins apart. Some live by it, and some, well, ridicule it, and for them, seeing another sysadmin use such method is a tell sign of anachronism. The beauty is that we can all choose, and what is important is being informed. -- Guy Gold ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
although port scanners can scan every port, it takes x 65536 times more than scanning only port 22 and there are enough available port 22s, so using a non-standard port is a smart move as long as it is not the only one. On Tue, Jul 22, 2014 at 3:07 AM, Amos Shapira amos.shap...@gmail.com wrote: Whatever. I'm speaking from personal experience that I didn't find this necessary. On 22 July 2014 08:21, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote: Any decent port scanner (nmap for instance) will find the SSH service regardless of the port its' on, while the likelihood of a firewall blocking access to random non-standard ports is very high. I use fail2ban to prevent brute forcing and generally also try to have some form of port knocking (knockd and fwknop are good options) to prevent initial access to the SSH server to unidentified machines. 2014-07-22 1:11 GMT+03:00 Amos Shapira amos.shap...@gmail.com: On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote: Hi Erez, On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote: it is not even a dynamic ip, it is a private ip behind a dynamic one Then, what Eliyahu wrote should serve you a perfect solution. Also, there's not much advantage in the point of hiding behind the security by obscurity method (i.e serve SSH at port 9000. or whichever). The increase to security by using that method is in doubt - when taking under consideration tools used by bad guys (and girls) nowadays . If you must do it, that's fine, but don't let it be a reason for not using much better methods, as Eliyahu suggested. From personal experience - there is a huge advantage in picking a random port for external SSH (and external HTTP). I always had port scanners on my standard, dynamic ISP ADSL addresses until I moved them to different non-standard ports. Since then my logs are clean, and I'm talking about over 5 years of experience (I don't remember exactly when I did the switch). This is of course not the only measure I take for security. I still treat them as vulnerable etc. But after years of not having a single probe on the new ports I have to say that it removed the threat of pretty much 100% of the probes on my home network. Perhaps they are more thorough on static ip addresses, known targets etc., but in my experience this is a very successful step. -- Guy Gold ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- [image: View my profile on LinkedIn] http://www.linkedin.com/in/gliderflyer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- [image: View my profile on LinkedIn] http://www.linkedin.com/in/gliderflyer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
On Sun, Jul 20, 2014 at 11:54 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote: I think we need to reset here for a minute... Is your goal to connect to a machine with a IP on a private range where there exists a gateway machine or router with a (known) public IP? In that case the solution is very simple: port-forwarding However I would not do that without also running fail2ban and maybe also fwknop so that evil SSH traffic would have a harder time at getting at my server. Or is your goal to connect to a machine reachable via a dynamic IP and you have a machine with a fixed IP that you can route via? In that case solutions are more complex, most of the solutions above related to that scenario I think. it is not even a dynamic ip, it is a private ip behind a dynamic one So please clear up for us what your exact goal is. Regards, Eliyahu - אליהו 2014-07-20 18:46 GMT+03:00 Erez D erez0...@gmail.com: On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg e...@g.jct.ac.il wrote: You can have something running on the machine you want to SSH to that updates the machine with a fixed IP what its' IP is and have a firewall rule or some other way to redirect specific traffic like for instance traffic to TCP:2 from that machine to the IP that it was updated to be still do not understand what you mean, and how it will let me connect to a machine with a private ip 2014-07-20 14:33 GMT+03:00 Erez D erez0...@gmail.com: On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David linux...@didi.bardavid.org wrote: If you just want an ssh connection you can simply redirect connection attempts to some port on the Internet-accessible machine to port 22 on the private-ip one - using whatever tool that fits you best - iptables, xinetd, redir, probably many others. -- Didi i do not understand what do you mean 2014-07-20 13:31 GMT+03:00 Erez D erez0...@gmail.com: looks a little complicated - extra ssh server, firewall with port knocking all this for a ssh connection ... On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io wrote: you can add a port-knocking tool like fwknop to add a dynamic rule to forward your connection into the privet machine. -- Rabin On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com wrote: Didn't check it, but login in with a user who has /bin/true might do the trick. you are correct, it works. however it is still a security risk, as this means the client may listen on unused port ... Kaplan On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote: ssh itself ? http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ nice, however this requires me to give access to my server, which i do not want ... (or, can i give people permission to ssh to my server only for reverse tunnels and no shell ?) Kaplan On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote: hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
reverse ssh
hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote: ssh itself ? http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ nice, however this requires me to give access to my server, which i do not want ... (or, can i give people permission to ssh to my server only for reverse tunnels and no shell ?) Kaplan On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote: hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com wrote: Didn't check it, but login in with a user who has /bin/true might do the trick. you are correct, it works. however it is still a security risk, as this means the client may listen on unused port ... Kaplan On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote: ssh itself ? http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ nice, however this requires me to give access to my server, which i do not want ... (or, can i give people permission to ssh to my server only for reverse tunnels and no shell ?) Kaplan On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote: hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
looks a little complicated - extra ssh server, firewall with port knocking all this for a ssh connection ... On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io wrote: you can add a port-knocking tool like fwknop to add a dynamic rule to forward your connection into the privet machine. -- Rabin On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com wrote: Didn't check it, but login in with a user who has /bin/true might do the trick. you are correct, it works. however it is still a security risk, as this means the client may listen on unused port ... Kaplan On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote: ssh itself ? http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ nice, however this requires me to give access to my server, which i do not want ... (or, can i give people permission to ssh to my server only for reverse tunnels and no shell ?) Kaplan On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote: hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David linux...@didi.bardavid.org wrote: If you just want an ssh connection you can simply redirect connection attempts to some port on the Internet-accessible machine to port 22 on the private-ip one - using whatever tool that fits you best - iptables, xinetd, redir, probably many others. -- Didi i do not understand what do you mean 2014-07-20 13:31 GMT+03:00 Erez D erez0...@gmail.com: looks a little complicated - extra ssh server, firewall with port knocking all this for a ssh connection ... On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io wrote: you can add a port-knocking tool like fwknop to add a dynamic rule to forward your connection into the privet machine. -- Rabin On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com wrote: Didn't check it, but login in with a user who has /bin/true might do the trick. you are correct, it works. however it is still a security risk, as this means the client may listen on unused port ... Kaplan On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote: ssh itself ? http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ nice, however this requires me to give access to my server, which i do not want ... (or, can i give people permission to ssh to my server only for reverse tunnels and no shell ?) Kaplan On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote: hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: reverse ssh
On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg e...@g.jct.ac.il wrote: You can have something running on the machine you want to SSH to that updates the machine with a fixed IP what its' IP is and have a firewall rule or some other way to redirect specific traffic like for instance traffic to TCP:2 from that machine to the IP that it was updated to be still do not understand what you mean, and how it will let me connect to a machine with a private ip 2014-07-20 14:33 GMT+03:00 Erez D erez0...@gmail.com: On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David linux...@didi.bardavid.org wrote: If you just want an ssh connection you can simply redirect connection attempts to some port on the Internet-accessible machine to port 22 on the private-ip one - using whatever tool that fits you best - iptables, xinetd, redir, probably many others. -- Didi i do not understand what do you mean 2014-07-20 13:31 GMT+03:00 Erez D erez0...@gmail.com: looks a little complicated - extra ssh server, firewall with port knocking all this for a ssh connection ... On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io wrote: you can add a port-knocking tool like fwknop to add a dynamic rule to forward your connection into the privet machine. -- Rabin On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com wrote: Didn't check it, but login in with a user who has /bin/true might do the trick. you are correct, it works. however it is still a security risk, as this means the client may listen on unused port ... Kaplan On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote: On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote: ssh itself ? http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/ nice, however this requires me to give access to my server, which i do not want ... (or, can i give people permission to ssh to my server only for reverse tunnels and no shell ?) Kaplan On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote: hello i have a linux machine with a private ip connected to the internet i have a public ip and need to ssh to the linux box any tools for that ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: diff/patch rootfs
On Thu, Jul 10, 2014 at 4:50 PM, Amos Shapira amos.shap...@gmail.com wrote: How about rsync's --only-write-batch/--read-batch? great this is the closest as it gets to what i wanted only caveat, is that if the system is modified, it will not merge like 'patch' does however, i can live with this thanks, erez. On 10 July 2014 18:55, Erez D erez0...@gmail.com wrote: to make it clear: i need to compare two directory trees - old and new, both holds files, binaries, special files, symbolic and hard links. and create a patch file than, on another system which has a copy of the old dir tree (and possible some modifications), i need to patch it to make it a 'new' what i would like to have is somthing like rsync, which can create a diff file ... On Thu, Jul 10, 2014 at 10:39 AM, Rabin Yasharzadehe ra...@rabin.io wrote: I was just about to write the same suggesting, on my current Android ROM (OmniROM) i have update system called OpenDelta which use xdelta to create the the update images. you can look at the code in github - https://github.com/omnirom/android_packages_apps_OpenDelta -- Rabin On Thu, Jul 10, 2014 at 10:34 AM, shimi linux...@shimi.net wrote: On Thu, Jul 10, 2014 at 9:08 AM, Erez D erez0...@gmail.com wrote: hello i am dealing with rootfs images i install on embedded linux from time to time i update the rootfs - add some file, remove other, update others, mknod etc ... currently, when i do this, i need to reinstall the image i am looking to create a patch, i can patch an old rootfs to update it however, diff does not handle create file, remove file, special files and binary files very well i am looking for a tool that can do that. anyone ? If modifying an _image_ is your purpose, and you want to avoid distributing the whole image, and you can do that 'offline' (i.e. you have two partitions, one active, second for upgrade and boot from - so you don't touch a system with a mounted filesystem), and you have your way to manage this versioning (i.e. you know for a fact what the previous image blob is, so what you need is really the blocks that changed from it) - maybe take a look at http://xdelta.org/ -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- [image: View my profile on LinkedIn] http://www.linkedin.com/in/gliderflyer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
diff/patch rootfs
hello i am dealing with rootfs images i install on embedded linux from time to time i update the rootfs - add some file, remove other, update others, mknod etc ... currently, when i do this, i need to reinstall the image i am looking to create a patch, i can patch an old rootfs to update it however, diff does not handle create file, remove file, special files and binary files very well i am looking for a tool that can do that. anyone ? btw: distro is emdebian/debian on armel thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: diff/patch rootfs
On Thu, Jul 10, 2014 at 9:54 AM, Oleg Goldshmidt p...@goldshmidt.org wrote: Erez D erez0...@gmail.com writes: hello i am dealing with rootfs images i install on embedded linux from time to time i update the rootfs - add some file, remove other, update others, mknod etc ... currently, when i do this, i need to reinstall the image i am looking to create a patch, i can patch an old rootfs to update it however, diff does not handle create file, remove file, special files and binary files very well i am looking for a tool that can do that. anyone ? btw: distro is emdebian/debian on armel Proper (IMHO) solution - package your updates (in .deb in your case, I presume). This includes modifying existing packages if you need to roll your own stuff - to avoid clashes. interesting idea, altough seems trivial, it never came into mind however: 1. will take a lot of work (note that i overwrite some of debian's file with my own, and will need to resove this) 2. will be a big patch (and i pay by the byte, have low flash/ram. and must be done offline) currently i need something simpler, which will be small, offline Barring that, rsync is the first thing that comes to my mind. that was my first idea, however it need to be done offline. searched to see if rsync creates diffs, and never found any info about this ... I assume I don't need to remind you to be very, very careful, especially with --delete. ;-) sure I suppose if you screw up an update you can still reinstall as today, right? yes, if i have access to the product (which is not always true) Possible enhancements (going on a tangent here): I don't know your circumstances, nor am I familiar with emdebian, but personally I'd prefer to get as much as possible packaged from the distro and not touch rootfs by hand, and keep my own stuff on a separate partition (that I can clobber, e.g., with rsync, even multiple times if things go wrong). no problems with emdebian I realize this may not be an option, so back to rootfs. Have you considered having 2 partitions side-by-side and swapping old for new (that you have, e.g., rsync'ed, etc.) with the possibility of rolling back? Once new is running you can update old, too, if it is needed to prepare for the next upgrade. The second partition will cost you some space, of course... think of a software patch to a filesystem, like (god forbid ;-) windows-update ;-) -- Oleg Goldshmidt | p...@goldshmidt.org ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: diff/patch rootfs
to make it clear: i need to compare two directory trees - old and new, both holds files, binaries, special files, symbolic and hard links. and create a patch file than, on another system which has a copy of the old dir tree (and possible some modifications), i need to patch it to make it a 'new' what i would like to have is somthing like rsync, which can create a diff file ... On Thu, Jul 10, 2014 at 10:39 AM, Rabin Yasharzadehe ra...@rabin.io wrote: I was just about to write the same suggesting, on my current Android ROM (OmniROM) i have update system called OpenDelta which use xdelta to create the the update images. you can look at the code in github - https://github.com/omnirom/android_packages_apps_OpenDelta -- Rabin On Thu, Jul 10, 2014 at 10:34 AM, shimi linux...@shimi.net wrote: On Thu, Jul 10, 2014 at 9:08 AM, Erez D erez0...@gmail.com wrote: hello i am dealing with rootfs images i install on embedded linux from time to time i update the rootfs - add some file, remove other, update others, mknod etc ... currently, when i do this, i need to reinstall the image i am looking to create a patch, i can patch an old rootfs to update it however, diff does not handle create file, remove file, special files and binary files very well i am looking for a tool that can do that. anyone ? If modifying an _image_ is your purpose, and you want to avoid distributing the whole image, and you can do that 'offline' (i.e. you have two partitions, one active, second for upgrade and boot from - so you don't touch a system with a mounted filesystem), and you have your way to manage this versioning (i.e. you know for a fact what the previous image blob is, so what you need is really the blocks that changed from it) - maybe take a look at http://xdelta.org/ -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: qemu and chroot
On Tue, May 20, 2014 at 12:13 PM, Erez D erez0...@gmail.com wrote: ok, it now works /proc/sys/fs/binfmt_misc/qemu-arm was missing, internet searc told me to look for 'binfmt-support' pkg, however i could not find none for centos6 so as chrooted systems share the same kernel (just need to mount /proc under the chroot dir), I chroot to my wheezy_i686 (i have some chroots for testing other disros), and there i did apt-get install binfmt-support qemu-user-static, and update-binfmts --display now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again (i do not know if this is permenent or will require redoing after reboot), but i will check it at next reboot (somthing like in 6 months ;-) it seems that it not permamenent. my chroot has a /etc/init.d/binfmt-support script which makes it permanent, however i do not boot the chroot system ;-) so i added the following line to rc.local : chroot /home/chroot/wheezy_i686/ /etc/init.d/binfmt-support start now it is permenent (i wish centos had this package so i wouldn't have to deal with such hacks). thanks erez On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen tzaf...@cohens.org.il wrote: On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote: I am using centos 6 and developing for an armel platform i created a rootfs using multistrap/debbootstrap i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static There's something missing from your description. I suspect you forgot to mention it: debootstrap's run can be broken to two parts: one that downloads everything, and the second stage that needs to run inside the chroot. In that case: debootstrap --foreign [--arch=] [rest of parameters] chroot to/chroot ./debootstrap --second-stage At least in Debian, the package qemu-user-static includes the wrapper qemu-debootstrap to do just that, and also copy the required qemu-user-static. and i was astonished that doing just 'chroot rootfs' worked, without explicitly telling 'chroot' to use qemu-arm-static - somehow it decided automatically to run everything under qemu-arm-static without me telling it to. after a restart of the server. rootfs does not work anymore automatically, i get a chroot: failed to run command `/bin/bash': Exec format error doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but i get : bash: /bin/cat: cannot execute binary file (although rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target). i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok A chroot does not replace the kernel. It's running on your kernel and that kernel does not natively support the armel binaries. In Debian, the package qemu-user-static registers foreign Linux ELF formats. So maybe you forgot this is needed. Specifically: $ cat /proc/sys/fs/binfmt_misc/qemu-arm enabled interpreter /usr/bin/qemu-arm-static flags: offset 0 magic 7f454c460101010002002800 mask ff00feff -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best tzaf...@debian.org|| friend ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced dhcpd.conf
thanks On Tue, Jun 10, 2014 at 11:50 AM, Rabin Yasharzadehe ra...@rabin.io wrote: not a answer, but you can try and use the log option to debug your conf file, and make sure each function return what you expecting it to return. also you have tools like dhcping dhcpdump which can help you debug the problem. -- Rabin On Mon, Jun 9, 2014 at 10:14 AM, Erez D erez0...@gmail.com wrote: i'm trying to match ip to macs e.g.: mac 00:11:22:33:44:01 - 10.0.5.1 mac 00:11:22:33:44:02 - 10.0.5.2 mac 00:11:22:33:44:03 - 10.0.5.3 mac 00:11:22:33:44:04 - 10.0.5.4 it does not seem to work is it possible to do that ? highlights of dhcpd.conf: class vm { match if binary-to-ascii (16,8,:,substring(hardware, 1, 5)) = 0:11:22:33:44; set lastMacByte=binary-to-ascii (10,8,:,substring(hardware, 6, 1); set vmName=concat(VM-,lastMacByte); set vmIp=concat(10.0.5.,lastMacByte); } and host vmName { fixed-address vmIp; } ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
advanced dhcpd.conf
i'm trying to match ip to macs e.g.: mac 00:11:22:33:44:01 - 10.0.5.1 mac 00:11:22:33:44:02 - 10.0.5.2 mac 00:11:22:33:44:03 - 10.0.5.3 mac 00:11:22:33:44:04 - 10.0.5.4 it does not seem to work is it possible to do that ? highlights of dhcpd.conf: class vm { match if binary-to-ascii (16,8,:,substring(hardware, 1, 5)) = 0:11:22:33:44; set lastMacByte=binary-to-ascii (10,8,:,substring(hardware, 6, 1); set vmName=concat(VM-,lastMacByte); set vmIp=concat(10.0.5.,lastMacByte); } and host vmName { fixed-address vmIp; } ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced dhcpd.conf
On Mon, Jun 9, 2014 at 10:33 AM, geoffrey mendelson geoffreymendel...@gmail.com wrote: On 6/9/2014 10:14 AM, Erez D wrote: i'm trying to match ip to macs e.g.: mac 00:11:22:33:44:01 - 10.0.5.1 mac 00:11:22:33:44:02 - 10.0.5.2 mac 00:11:22:33:44:03 - 10.0.5.3 mac 00:11:22:33:44:04 - 10.0.5.4 it does not seem to work is it possible to do that ? highlights of dhcpd.conf: class vm { match if binary-to-ascii (16,8,:,substring(hardware, 1, 5)) = 0:11:22:33:44; set lastMacByte=binary-to-ascii (10,8,:,substring(hardware, 6, 1); set vmName=concat(VM-,lastMacByte); set vmIp=concat(10.0.5.,lastMacByte); } Is this what you want? host danny3 { fixed-address danny3; hardware ethernet 00:11:95:8e:8d:80; option host-name danny3; } dann3 resolves to the IP address I want. Geoff. no, i want: host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } ... host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address 10.0.5.254 } -- Geoffrey S. Mendelson 4X1GM/N3OWJ Jerusalem Israel. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced dhcpd.conf
On Mon, Jun 9, 2014 at 10:31 PM, shimi linux...@shimi.net wrote: On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote: no, i want: host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } ... host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address 10.0.5.254 } If it doesn't work out... php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0', STR_PAD_LEFT). { hardware ethernet 00:11:22:33:44:.str_pad(dechex($id), 2, '0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;' -- Shimi thanks. i didn't want to do this that way ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced dhcpd.conf
On Tue, Jun 10, 2014 at 12:11 AM, Amos Shapira amos.shap...@gmail.com wrote: Yup. Or do what we did at my workplace and use puppet to maintain (and generate, if needed) the configuration. just buy a cow for a cup of milk ;-) On 10 Jun 2014 05:33, shimi linux...@shimi.net wrote: On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote: no, i want: host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } ... host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address 10.0.5.254 } If it doesn't work out... php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0', STR_PAD_LEFT). { hardware ethernet 00:11:22:33:44:.str_pad(dechex($id), 2, '0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;' -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
partly OT: notification of url when connecting to open wifi
this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: partly OT: notification of url when connecting to open wifi
On Mon, May 26, 2014 at 10:18 AM, Rabin Yasharzadehe ra...@rabin.io wrote: I think it's the same/some implementation of Google chrome to check if you are behind a proxy and have access to the internet. https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup Thanks, i'll look into this. however this is done without me opening a browser or searching i just select a wireless network, and immediatly i get a notification -- Rabin On Mon, May 26, 2014 at 10:11 AM, Erez D erez0...@gmail.com wrote: this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: partly OT: notification of url when connecting to open wifi
On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, No. The ability to configure a payment/authentication gateway is a router feature. I worked on this feature for Alvarion's WBSn. Every router designer develops their own feature. can you elaborate ? - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:11:54 +0300 From: Erez D erez0...@gmail.com To: linux-il linux-il@cs.huji.ac.il Subject: partly OT: notification of url when connecting to open wifi this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: partly OT: notification of url when connecting to open wifi
thanks, however, that not what i ment i was only asking how it generated a notification on my phone without me opening a browser i do not want to restrict access to anything thanks, erez. On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, For each AP you need to maintain a table of client connections that are accepted, meaning that the client has presented some type of credential or payment or whatever. Packets from clients that are not accepted are routed to some authentication or payment gateway, with possible port translation. The accepted client table does not have to be on the AP itself. It is usually held in a RADIUS server upstream. The authentication gateway also does not need to be on the AP itself. It can be upstream and does not have to be the same as the RADIUS server. You can also have more than one payment gateway but use the same RADIUS server. That, in a nutshell is how it is done. There's a lot of netfilter/iptables smoke an mirrors going on on the AP. - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:26:52 +0300 From: Erez D erez0...@gmail.com To: Jonathan Ben Avraham y...@tkos.co.il Cc: linux-il linux-il@cs.huji.ac.il Subject: Re: partly OT: notification of url when connecting to open wifi On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, No. The ability to configure a payment/authentication gateway is a router feature. I worked on this feature for Alvarion's WBSn. Every router designer develops their own feature. can you elaborate ? - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:11:54 +0300 From: Erez D erez0...@gmail.com To: linux-il linux-il@cs.huji.ac.il Subject: partly OT: notification of url when connecting to open wifi this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: partly OT: notification of url when connecting to open wifi
On Mon, May 26, 2014 at 12:29 PM, Rabin Yasharzadehe ra...@rabin.io wrote: the code is in the first answer http://stackoverflow.com/questions/13958614/how-to-check-for-unrestricted-internet-access-captive-portal-detection nice, now i know the term is called walled garden or captive portal do if i understand correctly, android expect a captive portal to return a redirect, and so generates a notification with the redirect url ? -- Rabin On Mon, May 26, 2014 at 11:51 AM, Erez D erez0...@gmail.com wrote: thanks, however, that not what i ment i was only asking how it generated a notification on my phone without me opening a browser i do not want to restrict access to anything thanks, erez. On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, For each AP you need to maintain a table of client connections that are accepted, meaning that the client has presented some type of credential or payment or whatever. Packets from clients that are not accepted are routed to some authentication or payment gateway, with possible port translation. The accepted client table does not have to be on the AP itself. It is usually held in a RADIUS server upstream. The authentication gateway also does not need to be on the AP itself. It can be upstream and does not have to be the same as the RADIUS server. You can also have more than one payment gateway but use the same RADIUS server. That, in a nutshell is how it is done. There's a lot of netfilter/iptables smoke an mirrors going on on the AP. - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:26:52 +0300 From: Erez D erez0...@gmail.com To: Jonathan Ben Avraham y...@tkos.co.il Cc: linux-il linux-il@cs.huji.ac.il Subject: Re: partly OT: notification of url when connecting to open wifi On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, No. The ability to configure a payment/authentication gateway is a router feature. I worked on this feature for Alvarion's WBSn. Every router designer develops their own feature. can you elaborate ? - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:11:54 +0300 From: Erez D erez0...@gmail.com To: linux-il linux-il@cs.huji.ac.il Subject: partly OT: notification of url when connecting to open wifi this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: partly OT: notification of url when connecting to open wifi
Jonathan, if we are talking about walled garden/captive portal implementation under linux, i'll take the opportunity to ask something related. how does the AP redirect every web access to the login page (for non accepted clients) i guess using a transparent proxy with a redirection page, am i correct ? if i am correct, i would like to know: 1. does the AP allow real DNS access, or does it return the IP of the AP for every dns query. (and if so what about DNS cache ?) 2. what webserver/proxy is used to return the same redirect answer to every requested url On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, For each AP you need to maintain a table of client connections that are accepted, meaning that the client has presented some type of credential or payment or whatever. Packets from clients that are not accepted are routed to some authentication or payment gateway, with possible port translation. The accepted client table does not have to be on the AP itself. It is usually held in a RADIUS server upstream. The authentication gateway also does not need to be on the AP itself. It can be upstream and does not have to be the same as the RADIUS server. You can also have more than one payment gateway but use the same RADIUS server. That, in a nutshell is how it is done. There's a lot of netfilter/iptables smoke an mirrors going on on the AP. - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:26:52 +0300 From: Erez D erez0...@gmail.com To: Jonathan Ben Avraham y...@tkos.co.il Cc: linux-il linux-il@cs.huji.ac.il Subject: Re: partly OT: notification of url when connecting to open wifi On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: Hi Erez, No. The ability to configure a payment/authentication gateway is a router feature. I worked on this feature for Alvarion's WBSn. Every router designer develops their own feature. can you elaborate ? - yba On Mon, 26 May 2014, Erez D wrote: Date: Mon, 26 May 2014 10:11:54 +0300 From: Erez D erez0...@gmail.com To: linux-il linux-il@cs.huji.ac.il Subject: partly OT: notification of url when connecting to open wifi this is partially off topic some times when i connect to open wifi on aitports, my phone (android) gives me a notification of a site i need to go to, and if i click on it, it opens a browser with a predefined URL i was wandering - is that part of an RFC or standard ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: partly OT: notification of url when connecting to open wifi
Do you know what linux software can be used to proxy dns for some clients, resolve everything to a predetermained IP to other clients ? can dnsmasq do that ? other open software ? On Tue, May 27, 2014 at 5:56 AM, Guy Gold guy1g...@gmail.com wrote: On Mon, May 26, 2014 at 7:25 PM, Amos Shapira amos.shap...@gmail.com wrote: Yes I think we got this. I'm not the OP bit I wonder what can an AP admin do to configure it in a way which triggers this OS smarts on the client. At least, on my part, configuring our WiFi AP concentrator, I did nothing in order to make that happen, I configured the captive portal web page, but not more than that, which leads my believe it's an OS feature, rather then AP feature. (just my opinion though, no proof). The unit in production is an Enterasys C-25. As for how the Captive works, in our case, it allows any client :53 traffic, and blocks any other traffic, also, it resolves any DNS query to to its own captive portal address, once a client (identified by MAC) authenticates, it then stops the forced resolution to its own address, and lets :53 and all traffic through, to real Name Servers and the www. -- Guy Gold ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
qemu and chroot
I am using centos 6 and developing for an armel platform i created a rootfs using multistrap/debbootstrap i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static and i was astonished that doing just 'chroot rootfs' worked, without explicitly telling 'chroot' to use qemu-arm-static - somehow it decided automatically to run everything under qemu-arm-static without me telling it to. after a restart of the server. rootfs does not work anymore automatically, i get a chroot: failed to run command `/bin/bash': Exec format error doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but i get : bash: /bin/cat: cannot execute binary file (although rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target). i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok i mounted the rootfs on the armel target using nfs, and chrooted from the target, and it works perfectly, meaning there is nothing wrong with the rootfs filesystem as it wonderously worked, now it wonerously doesn't tryed googleling for it , but still cant find how to make it work any idea ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: qemu and chroot
On Tue, May 20, 2014 at 9:24 AM, Baruch Siach bar...@tkos.co.il wrote: Hi Erez, On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote: I am using centos 6 and developing for an armel platform i created a rootfs using multistrap/debbootstrap i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static Is this QEMU built for your host (presumably x86) or your target (ARM)? obviously for my host Do you really need to run QEMU on your target? no, my target runs armel natively, my host uses qemu-arm for that and i was astonished that doing just 'chroot rootfs' worked, without explicitly telling 'chroot' to use qemu-arm-static - somehow it decided automatically to run everything under qemu-arm-static without me telling it to. after a restart of the server. rootfs does not work anymore automatically, i get a chroot: failed to run command `/bin/bash': Exec format error doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but i get : bash: /bin/cat: cannot execute binary file (although rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target). i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok i mounted the rootfs on the armel target using nfs, and chrooted from the target, and it works perfectly, meaning there is nothing wrong with the rootfs filesystem Chrooted from what target? Is it a hardware ARM system? QEMU? my target is armel and it chrooted to rootfs dir and ran the armel code natively,just to show that the rootfs a valid armel rootfs. baruch as it wonderously worked, now it wonerously doesn't tryed googleling for it , but still cant find how to make it work any idea ? -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: qemu and chroot
ok, it now works /proc/sys/fs/binfmt_misc/qemu-arm was missing, internet searc told me to look for 'binfmt-support' pkg, however i could not find none for centos6 so as chrooted systems share the same kernel (just need to mount /proc under the chroot dir), I chroot to my wheezy_i686 (i have some chroots for testing other disros), and there i did apt-get install binfmt-support qemu-user-static, and update-binfmts --display now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again (i do not know if this is permenent or will require redoing after reboot), but i will check it at next reboot (somthing like in 6 months ;-) thanks erez On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen tzaf...@cohens.org.il wrote: On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote: I am using centos 6 and developing for an armel platform i created a rootfs using multistrap/debbootstrap i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static There's something missing from your description. I suspect you forgot to mention it: debootstrap's run can be broken to two parts: one that downloads everything, and the second stage that needs to run inside the chroot. In that case: debootstrap --foreign [--arch=] [rest of parameters] chroot to/chroot ./debootstrap --second-stage At least in Debian, the package qemu-user-static includes the wrapper qemu-debootstrap to do just that, and also copy the required qemu-user-static. and i was astonished that doing just 'chroot rootfs' worked, without explicitly telling 'chroot' to use qemu-arm-static - somehow it decided automatically to run everything under qemu-arm-static without me telling it to. after a restart of the server. rootfs does not work anymore automatically, i get a chroot: failed to run command `/bin/bash': Exec format error doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but i get : bash: /bin/cat: cannot execute binary file (although rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target). i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok A chroot does not replace the kernel. It's running on your kernel and that kernel does not natively support the armel binaries. In Debian, the package qemu-user-static registers foreign Linux ELF formats. So maybe you forgot this is needed. Specifically: $ cat /proc/sys/fs/binfmt_misc/qemu-arm enabled interpreter /usr/bin/qemu-arm-static flags: offset 0 magic 7f454c460101010002002800 mask ff00feff -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best tzaf...@debian.org|| friend ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
ubi cloning
Hi i need to clone a nand flash. which has ubifs on it doing 'dd' didn't work as the source and dest have different bad sectors. is there an easy way to clone a ubifs nand-flash ? thanks erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: ubi cloning
On Mon, May 12, 2014 at 11:51 AM, Amos Shapira amos.shap...@gmail.comwrote: How about ddrescue (the GNU one I think, there are multiple implementations with same name) into an image file then try to fix the fs around the bad sectors? ubifs already handles the bad sectors, and i do not want to mess with it. On 12 May 2014 18:46, Erez D erez0...@gmail.com wrote: Hi i need to clone a nand flash. which has ubifs on it doing 'dd' didn't work as the source and dest have different bad sectors. is there an easy way to clone a ubifs nand-flash ? thanks erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- [image: View my profile on LinkedIn] http://www.linkedin.com/in/gliderflyer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: ubi cloning
On Mon, May 12, 2014 at 12:05 PM, Baruch Siach bar...@tkos.co.il wrote: Hi Erez, On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote: i need to clone a nand flash. which has ubifs on it doing 'dd' didn't work as the source and dest have different bad sectors. dd is not the way to go with raw NAND flash access; it's not aware of bad blocks. is there an easy way to clone a ubifs nand-flash ? You may be able get a working system using nanddump/nandwrite (see http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but read the whole thread). Generally, tough, this is not what you want to do with UBI/UBIFS. You should use ubiformat on the target, and copy the content with tar. See http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat . will tar preserve uid/gid hard links, special files, /dev extended attr etc ? baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: ubi cloning
On Mon, May 12, 2014 at 12:28 PM, Baruch Siach bar...@tkos.co.il wrote: Hi Erez, On Mon, May 12, 2014 at 12:14:14PM +0300, Erez D wrote: On Mon, May 12, 2014 at 12:05 PM, Baruch Siach bar...@tkos.co.il wrote: On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote: i need to clone a nand flash. which has ubifs on it doing 'dd' didn't work as the source and dest have different bad sectors. dd is not the way to go with raw NAND flash access; it's not aware of bad blocks. is there an easy way to clone a ubifs nand-flash ? You may be able get a working system using nanddump/nandwrite (see http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but read the whole thread). Generally, tough, this is not what you want to do with UBI/UBIFS. You should use ubiformat on the target, and copy the content with tar. See http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat will tar preserve uid/gid hard links, special files, /dev Yes, by default. extended attr etc ? Yes. Use --xattrs. baruch thanks, i'll try that. can I ubiformat + untar from u-boot ? -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: ubi cloning
thanks for your help On Mon, May 12, 2014 at 2:53 PM, Baruch Siach bar...@tkos.co.il wrote: Hi Erez, On Mon, May 12, 2014 at 02:14:34PM +0300, Erez D wrote: On Mon, May 12, 2014 at 12:28 PM, Baruch Siach bar...@tkos.co.il wrote: On Mon, May 12, 2014 at 12:14:14PM +0300, Erez D wrote: On Mon, May 12, 2014 at 12:05 PM, Baruch Siach bar...@tkos.co.il wrote: On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote: i need to clone a nand flash. which has ubifs on it doing 'dd' didn't work as the source and dest have different bad sectors. dd is not the way to go with raw NAND flash access; it's not aware of bad blocks. is there an easy way to clone a ubifs nand-flash ? You may be able get a working system using nanddump/nandwrite (see http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but read the whole thread). Generally, tough, this is not what you want to do with UBI/UBIFS. You should use ubiformat on the target, and copy the content with tar. See http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat will tar preserve uid/gid hard links, special files, /dev Yes, by default. extended attr etc ? Yes. Use --xattrs. baruch thanks, i'll try that. can I ubiformat + untar from u-boot ? I don't see support for either in mainline U-Boot. Barebox supports ubiformat but not tar extraction. Your best option is to boot into RAM using a kernel combined with a minimal Busybox based initramfs, and extract you tar from there. Note tough that Busybox tar does not support extended attributes, so you must use GNU tar for this. Buildroot can generate a minimal initramfs image for you quite easily. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
strange ( * vs ./* )
erez@homer:~$ grep pppd * erez@homer:~$ however: erez@homer:~$ grep pppd ./* ./chat.sh:pppd connect 'chat -v -s ABORT ERROR ABORT' and: erez@homer:~$ grep pppd chat.sh pppd connect 'chat -v -s ABORT ERROR ABORT' strange !!! btw: erez@homer:~$ echo $SHELL /bin/bash erez@homer:~$ cat /etc/issue CentOS release 6.3 (Final) Kernel \r on an \m erez@homer:~$ uname -a Linux homer 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: strange ( * vs ./* )
On Wed, Apr 9, 2014 at 1:17 PM, Matan Ziv-Av ma...@svgalib.org wrote: On Wed, 9 Apr 2014, Erez D wrote: erez@homer:~$ grep pppd * erez@homer:~$ however: erez@homer:~$ grep pppd ./* ./chat.sh:pppd connect 'chat -v -s ABORT ERROR ABORT' Do you have a file whose name starts with a dash (-)? that was the issue. i had a file called '-q' . renaming it solved it thanks. -- Matan Ziv-Av. ma...@svgalib.org ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
strange mac address issue
i have an embbeded linux board. connected a usb2eth (rj45), and through that to the lan. suprisingly, another usb2eth on another copy of the embedded board, has the same mac address, and so i get conflicts on the network. swapping different modules of usb2eth on the same board gives same mac address. I'll call this mac address 'Mac Address A' so i wanted to see if linux is causing this issue. i tried to connect these usb2eth on a win7 machine. on win7, all of the usb2eth get the same mac address. however this is a differnet mac address then the previous. i'll call it 'Mac Address B' on another usb port on the same win7, i get 'Mac Address C'. again it does not matter which usb2eth i use All the usb2eth are idVendor=0fe6, idProduct=9700 (dm9601) (although physically different) any idea ? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
compiling one kernel tree + module from another tree
Hi i am cross compiling modules for kernel 3.6.9 for an arm embedded board (comes with kernel but no modules). however, i need a driver for 8188eu, which does not come with this kernel. i downloaded a new kernel tree with 8188eu driver. it is not 3.6.9 so it will not insmod if i compile it directly (what file holds the kernel version ?) i copied the subdir from kernel tree 2 to kernel tree 1, however do not know how to configure the kernel to compile it adding 'CONFIG_RTL8188EU=m' to .config and 'make modules' does not do it how do i do that ? thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
sending to same dest via different interfaces
Hello I have 2 external interfaces via two eth cards, both connected to the internet I want to send a udp packet to same host:port, but choose dynamically which interface to use. can this be done with linux, and how ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sending to same dest via different interfaces
On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote: Hello I have 2 external interfaces via two eth cards, both connected to the internet I want to send a udp packet to same host:port, but choose dynamically which interface to use. can this be done with linux, and how ? i forgot to say that the pkt source is a c program. which i have the source for. 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sending to same dest via different interfaces
On Tue, Mar 4, 2014 at 11:05 AM, Elazar Leibovich elaz...@gmail.com wrote: use the SO_BINDTODEVICE setsockopt. requires me to be root ... On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote: Hello I have 2 external interfaces via two eth cards, both connected to the internet I want to send a udp packet to same host:port, but choose dynamically which interface to use. can this be done with linux, and how ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sending to same dest via different interfaces
On Tue, Mar 4, 2014 at 10:20 AM, shimi linux...@shimi.net wrote: First Google result for raw sending packet linux might help: http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/ this is raw ethernet. i want to use the udp stack, and also use other interfaces other then ethernet (e.g. ppp) The other way is to do normal packets, and modify the kernel routing behavior in between (like with 'ip rule'...) - your choice which option to choose :) 1. need to be root 2. tried that. couldn't make it work with udp -- Shimi On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote: Hello I have 2 external interfaces via two eth cards, both connected to the internet I want to send a udp packet to same host:port, but choose dynamically which interface to use. can this be done with linux, and how ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: svn on debian chroot android
On Feb 13, 2014 3:58 PM, Tzafrir Cohen tzaf...@cohens.org.il wrote: On Thu, Feb 13, 2014 at 11:09:37AM +0200, Erez D wrote: Hello i am trying to use svn on my chrooted android (chrooted with app called lil's debian) it seems i can not get network connection using a regular user. any svn or wget command is returned with permission denied. however as root it works but doing 'sudo svn ...' generates files with root ownership. which means i need to 'chown -R' after every update. so: 1. is there a way to get internet access for a regular user ? 2. is there a way to tell svn to create files with regular user ownership but run as root Your kernel is paranoid: It has CONFIG_ANDROID_PARANOID_NETWORK set. To get network access, add your user to group 3003 (inet). Thamks. I'll try that See http://elinux.org/Android_Security#Paranoid_network-ing -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best tzaf...@debian.org|| friend ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: svn on debian chroot android
On Thu, Feb 13, 2014 at 8:24 PM, Erez D erez0...@gmail.com wrote: On Feb 13, 2014 3:58 PM, Tzafrir Cohen tzaf...@cohens.org.il wrote: On Thu, Feb 13, 2014 at 11:09:37AM +0200, Erez D wrote: Hello i am trying to use svn on my chrooted android (chrooted with app called lil's debian) it seems i can not get network connection using a regular user. any svn or wget command is returned with permission denied. however as root it works but doing 'sudo svn ...' generates files with root ownership. which means i need to 'chown -R' after every update. so: 1. is there a way to get internet access for a regular user ? 2. is there a way to tell svn to create files with regular user ownership but run as root Your kernel is paranoid: It has CONFIG_ANDROID_PARANOID_NETWORK set. To get network access, add your user to group 3003 (inet). Thamks. I'll try that works See http://elinux.org/Android_Security#Paranoid_network-ing -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best tzaf...@debian.org|| friend ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
svn on debian chroot android
Hello i am trying to use svn on my chrooted android (chrooted with app called lil's debian) it seems i can not get network connection using a regular user. any svn or wget command is returned with permission denied. however as root it works but doing 'sudo svn ...' generates files with root ownership. which means i need to 'chown -R' after every update. so: 1. is there a way to get internet access for a regular user ? 2. is there a way to tell svn to create files with regular user ownership but run as root thanks erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: time report tool
however not all of my workers work on linux boxes, and command line may be foreign for some, thats why i preffer a web interface ... Thanks, erez. On Sun, Jan 12, 2014 at 9:04 PM, Steve Litt sl...@troubleshooters.comwrote: On Sun, 12 Jan 2014 15:08:13 +0200 Erez D erez0...@gmail.com wrote: hello i'm looking for an open source tool, prefferebly web based tool, that employees can report what they have worked on (i.e. this and this time on that task etc ...) i need this so i can extract information for reporting to the mad'an thanks erez Hi Erez, I made a very simple one: http://www.troubleshooters.com/projects/tslips/ Pros: * GPL/v2 * Command interface, simple * Time file simple to parse and report * Can be front ended by UMENU or other menu software * Software is simple: Easily changed to your own needs * Survives reboots Cons: * Command interface, difficult for some users * Reports must be written in software, no specific reporting facility * Cannot track concurrent tasks (but for one person, wouldn't that be cheating anyway?) HTH, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
time report tool
hello i'm looking for an open source tool, prefferebly web based tool, that employees can report what they have worked on (i.e. this and this time on that task etc ...) i need this so i can extract information for reporting to the mad'an thanks erez ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
slept too long in select()
hello i've wrote a native c++ program on linux it uses select to wait on events. int n=select(maxFd+1,rfd,wfds,NULL, timeval); some times, time spent in select() is larger than the time originally in timeval prior to calling select. i see that many time when i run it on my phone (android). is it possible that android uses some machanism to susspend and resume native code (i know it does so to java) if so, how can i overcome it ? thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: slept too long in select()
On Wed, Dec 25, 2013 at 6:09 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: Hi Erez, Depends on what resolution you want. See http://lwn.net/Articles/296578/for some background. I doubt that Android can interfere in any way except to affect latency in general. What about using an hrtimer? thanks just FYI, i expected select to sleep for 2 seconds, it slept for 20 seconds. this is the resolution of the problem. - yba On Wed, 25 Dec 2013, Erez D wrote: Date: Wed, 25 Dec 2013 17:27:46 +0200 From: Erez D erez0...@gmail.com To: linux-il linux-il@cs.huji.ac.il Subject: slept too long in select() hello i've wrote a native c++ program on linux it uses select to wait on events. int n=select(maxFd+1,rfd,wfds,NULL, timeval); some times, time spent in select() is larger than the time originally in timeval prior to calling select. i see that many time when i run it on my phone (android). is it possible that android uses some machanism to susspend and resume native code (i know it does so to java) if so, how can i overcome it ? thanks, erez. -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =}ooO--U-- Ooo{= mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.ilskype:benavrhm ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Fwd: DVB-T and Linux updated.
you can get the r820T version. on eithed dx.com or ebay for around 13 usd. On Sun, Nov 24, 2013 at 6:43 AM, Baruch Siach bar...@tkos.co.il wrote: Hi geoffrey, On Sat, Nov 23, 2013 at 06:56:35PM +0200, geoffrey mendelson wrote: The third is a TerraTec Cinergy +, which uses an RTL2382U chipset and an Elonics E4000 receiver. These used to be available for as little as $10 on eBay. It is supported in the 3.8 Kernel. These are now very hard to get. The TerraTec ones are over $40 on eBay, but there are ones that claim to have E4000 receivers, for around $15. Many of them are listed as E4000 upgrade version and really have (it's in the fine print) R820T tuners. THESE STICKS ARE NOT SUPPORTED IN LINUX. There is a working Kernel module for them available, but you have to compile it yourself. It is scheduled to be included in the 3.10 Kernel. It seems that support for the R820T tuner has been added in kernel version 3.11. See http://git.kernel.org/linus/a80abc58f. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}ooO--U--Ooo{= - bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
mysql q
hello i have a web page that refreshes all the time to display things from a mysql database which is updated from time to time. however. this meens a lot of un-needed acesses to the database. and this refresshing page may be openede by many browsers. causing a huge load on the database. i know mysql supports triggers, but it seems this is only internal (i.e. trigger may do a query, usually an update query, but this is not what i need). I am looking for a way to leave the connection open with mysql, not sending any queries, just waiting for mysql to notify me when a somthing changes. does mysql support that ? examples of doing that will be nice thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: mysql q
On Sun, Nov 17, 2013 at 10:36 AM, ik ido...@gmail.com wrote: Hi, I think you tackle it wrong. If there is no need for accessing the database all the time, why not cache the result in tools such as Memcached or Redis ? then i will still need to poll Memcached or Redis. this may speedup things, but it is still polling, which i try to avoid If they are different clients (as in agents), then there are other tools at your disposal, such as Varnish, that create cached version for the web. still neab client need to poll the server Secondly, the MySQL/MariaDB triggers really basics if you compare them to PG and Fb (true open source solutions), not to mention non open source databases such as SQL Server and Oracle. Third, try to see how you can optimize the page. If there is no need for constant data reading, why does it constantly refresh itself ? i do not refresh the whole page, i use ajax. i need a repsonse time from db change, to display on browser of 5 seconds, however the db may not change in days, and then can change every second... if we talk about polling, i need to poll every 5 seconds, but if there is no db change, then this is in vain i want to work event driven, and not polling, so i thought mysql has a builtin machanism for this. if it doesn't i will need to warp it up in some other code - i was trying to avoid that. thanks, erez. Ido On Sun, Nov 17, 2013 at 10:18 AM, Erez D erez0...@gmail.com wrote: hello i have a web page that refreshes all the time to display things from a mysql database which is updated from time to time. however. this meens a lot of un-needed acesses to the database. and this refresshing page may be openede by many browsers. causing a huge load on the database. i know mysql supports triggers, but it seems this is only internal (i.e. trigger may do a query, usually an update query, but this is not what i need). I am looking for a way to leave the connection open with mysql, not sending any queries, just waiting for mysql to notify me when a somthing changes. does mysql support that ? examples of doing that will be nice thanks, erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Winter clock issues in linux
Thanks, I needed that ;-) On Mon, Sep 9, 2013 at 11:57 PM, Antony Gelberg antony.gelb...@gmail.comwrote: I put a compiled file at http://db.tt/wVCB6HJd. I copied it to /usr/share/zoneinfo/Asia/Jerusalem, and on my Debian system I did dpkg-reconfigure tzdata which as far as I can tell copies the file to /etc/localtime. You may wish to use cp instead. ;) Disclaimer: I'm not responsible for anything the file may do to your systems, etc, yadda. Antony On Sun, Sep 8, 2013 at 12:04 PM, Rabin Yasharzadehe ra...@rabin.iowrote: Download the current tzdate file from iana and compile the file yourself e.g - http://www.borngeek.com/2009/03/16/updating-time-zone-information-in-linux/ On Sun, Sep 8, 2013 at 11:56 AM, geoffrey mendelson geoffreymendel...@gmail.com wrote: On 9/8/2013 12:21 AM, E.S. Rosenberg wrote: What puzzles me in this whole thing is that it seems to me tzdata updates should be available to all versions regardless of their production state, but it seems a lot of distros are locked to specific versions Can anyone point me to a correct Asia/Jerusalem file without having to install a package? I have two old systems I want to fix, without any other mods? TIA. Geoff Geoff. -- Geoffrey S. Mendelson 4X1GM/N3OWJ Jerusalem Israel. __**_ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-ilhttp://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- *Rabin* ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- http://www.linkedin.com/in/antgel http://twitter.com/antgel ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
gdb q
hello, using remote gdb, can i use a stripped binary on the target, and a non-stiripped locally ? thanks, erez ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il