Re: ISP recommendation in Israel - geek-friendly & IPv6

[Erez D]

I do not know, I only know to begin with my external ip was a private one
(if I remember correctly it was 172.x.x.x)

On Sun, Apr 16, 2023 at 2:50 PM  wrote:

> On Sunday, 16 April 2023 9:07:10 IDT Erez D wrote:
> > You look for a Fixed ipv4 IP, Note that some ISPs do not give you even a
> > real IP but you are already behind NAT and can't even use Dynamic DNS.
> >
>
> Carrier grade NAT or something else ?
>
>
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ISP recommendation in Israel - geek-friendly & IPv6

[Erez D]

You look for a Fixed ipv4 IP, Note that some ISPs do not give you even a
real IP but you are already behind NAT and can't even use Dynamic DNS.

With HOT they gave me a non-real IP and I needed to persuade them to change
it to a real one (I do not need a real one as I am using DynDNS)

At the end they gave me a real IP with no extra cost

Erez.

On Sat, Apr 15, 2023 at 10:10 AM Lionel Élie Mamane 
wrote:

> Hi,
>
> What would you recommend as a geek-friendly ISP for a "consumer price
> level" glass fiber-based Internet connection in Israel, in Qesarya
> specifically? I'd like to have dual stack IPv4 + IPv6, with one fixed
> IPv4 address and a fixed IPv6 prefix (whatever it is one gets as
> standard... a /48, a /56...). Not sure if I can hope for competent
> customer support in English, but if that exists, even better.
>
> My family currently has Bezeq with a fixed IPv4 in our "2nd home /
> vacation home", that was setup by a local guy that knows a guy that
> knows a guy that knows my mother, without my intervention, supposed to
> be a "surprise we got fast Internet now, you can now spend more time
> in Israel and work remotely" for me, and well... I'd like us to
> upgrade to something better. The guy tells me that if we activate IPv6
> on our Bezeq connection, we will not only loose the fixed IPv4
> address, but also be behind double (carrier-grade, I assume) NAT,
> which would be major suckage. Is that true? Anyone has experience with
> that?
>
> Is it realistic to hope significantly less than 100ms ping times to
> Western Europe from Israel? That's what I currently get, and in usage
> as "remote desktop" / VNC / ssh sessions (with graphical / X11
> programs running over the link), this kind of lag is really felt...
>
> Thanks in advance,
>
> Lionel
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

porting a new camera and chipset to linux

[Erez D]

hi
I want to port a new camera and chipset to linux
I searched the web but all i could find is how to setup your camera or port
already supported chipset for new cameras

does anyone has pointers for me to start with (other than reading the
kernel source)

Thanks,
Erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: strange network problem

[Erez D]

On Tue, Jan 11, 2022 at 3:14 PM Ohad Levy  wrote:

>
>
> On Tue, Jan 11, 2022 at 11:26 AM Erez D  wrote:
>
>>
>>
>> On Tue, Jan 11, 2022 at 9:29 AM Ohad Levy  wrote:
>>
>>>
>>>
>>> On Tue, Jan 11, 2022 at 9:19 AM Erez D  wrote:
>>>
>>>> The windows 169.25. ip is from APIPA and not from any DHCP server
>>>> (ipconfig does not specify a dhcp server).
>>>> to be on the safe side I verified udp port 67 is unused on my mac (via
>>>> netstat, fuser and socat)
>>>>
>>>> what boggles me is why can't the window machine access the router and
>>>> get an ip when the mac is sleeping
>>>>
>>>> as the AP switch is layer 2, i would susspect the switch disables the
>>>> windows machin for some reason,
>>>> e.g. it sees the same mac address from another port or detects abuse of
>>>> somewhat from the windows eth port
>>>> however i do not understand how is this related to the mac sleeping
>>>>
>>>> I thought the AP switch maybe defective but puting another GB switch
>>>> instead causes the same results ...
>>>>
>>>
>>> can you run tcpdump on your router? does it show the dhcp requests from
>>> your windows machine?
>>>
>> Alas, No. I know it is sacrilege but I use a hot cable modem/router.
>> I do not have hardware that can support 500Mb to be used as a linux
>> firewall ...
>>
> openwrt :)
>
I'm probably getting old, in my time running openwrt required hardware to
run on  ;-)

>
> but technically, if you have a 3rd machine, you should be able to see dhcp
> requests being broadcasted on layer2
>
> I'll try that though i do not understand why there should be a difference
if my mac is up or not ...
Thanks

>
>> Thanks,
>> Erez.
>>
>>
>>>> why do you thing HOMEGROUP is related ? it is a higher layer protocol
>>>> when the problems seems to me on layer 2
>>>>
>>>> Thanks,
>>>> Erez
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Jan 11, 2022 at 8:36 AM  wrote:
>>>>
>>>>> On Monday, 10 January 2022 19:30:55 IST Erez D wrote:
>>>>> > I've encountered a network problem
>>>>> >
>>>>> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
>>>>> > (switch mode).
>>>>> > a third eth from the AP goes to the router which is also a DHCP
>>>>> server
>>>>> >
>>>>> > everything works well until the mac goes to sleep.
>>>>> > when the mac goes to sleep, the win10 machine looses it's ip address
>>>>> > which becomes a 169. address
>>>>> >
>>>>> > as soon as i wake the mac up, the win machine regain a valid
>>>>> 10.0.0.x ip
>>>>> >
>>>>> > i tried to replace the AP with a 4 port switch and got same results
>>>>> >
>>>>> >
>>>>> > any idea ?
>>>>> >
>>>>>
>>>>> IP in the  169.254.0.0/16 range is related to bonjour protocol , it
>>>>> is a link local communication.
>>>>>
>>>>> your windows would move to a bonjur ip in many cases but most common
>>>>> that can happen if your machine has a bonjour service enabled and an
>>>>> Ethernet card with dhcp that can not get an ip from the router.
>>>>>
>>>>> 1. Check if when the mac is running your windows machine got it's ip
>>>>> from the mac and not from the router. in some cases mac can have dhcpd
>>>>> running on it, if that is the case you should disable it if you do not 
>>>>> need
>>>>> it.
>>>>> 2. Check if homegroup is enabled on win10, if it is disable it (by
>>>>> version 1803 it is no longer active by default, but you could have hacked
>>>>> to enable it).
>>>>>
>>>>>
>>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: strange network problem

[Erez D]

On Tue, Jan 11, 2022 at 9:29 AM Ohad Levy  wrote:

>
>
> On Tue, Jan 11, 2022 at 9:19 AM Erez D  wrote:
>
>> The windows 169.25. ip is from APIPA and not from any DHCP server
>> (ipconfig does not specify a dhcp server).
>> to be on the safe side I verified udp port 67 is unused on my mac (via
>> netstat, fuser and socat)
>>
>> what boggles me is why can't the window machine access the router and get
>> an ip when the mac is sleeping
>>
>> as the AP switch is layer 2, i would susspect the switch disables the
>> windows machin for some reason,
>> e.g. it sees the same mac address from another port or detects abuse of
>> somewhat from the windows eth port
>> however i do not understand how is this related to the mac sleeping
>>
>> I thought the AP switch maybe defective but puting another GB switch
>> instead causes the same results ...
>>
>
> can you run tcpdump on your router? does it show the dhcp requests from
> your windows machine?
>
Alas, No. I know it is sacrilege but I use a hot cable modem/router.
I do not have hardware that can support 500Mb to be used as a linux
firewall ...

Thanks,
Erez.


>> why do you thing HOMEGROUP is related ? it is a higher layer protocol
>> when the problems seems to me on layer 2
>>
>> Thanks,
>> Erez
>>
>>
>>
>>
>> On Tue, Jan 11, 2022 at 8:36 AM  wrote:
>>
>>> On Monday, 10 January 2022 19:30:55 IST Erez D wrote:
>>> > I've encountered a network problem
>>> >
>>> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
>>> > (switch mode).
>>> > a third eth from the AP goes to the router which is also a DHCP server
>>> >
>>> > everything works well until the mac goes to sleep.
>>> > when the mac goes to sleep, the win10 machine looses it's ip address
>>> > which becomes a 169. address
>>> >
>>> > as soon as i wake the mac up, the win machine regain a valid 10.0.0.x
>>> ip
>>> >
>>> > i tried to replace the AP with a 4 port switch and got same results
>>> >
>>> >
>>> > any idea ?
>>> >
>>>
>>> IP in the  169.254.0.0/16 range is related to bonjour protocol , it is
>>> a link local communication.
>>>
>>> your windows would move to a bonjur ip in many cases but most common
>>> that can happen if your machine has a bonjour service enabled and an
>>> Ethernet card with dhcp that can not get an ip from the router.
>>>
>>> 1. Check if when the mac is running your windows machine got it's ip
>>> from the mac and not from the router. in some cases mac can have dhcpd
>>> running on it, if that is the case you should disable it if you do not need
>>> it.
>>> 2. Check if homegroup is enabled on win10, if it is disable it (by
>>> version 1803 it is no longer active by default, but you could have hacked
>>> to enable it).
>>>
>>>
>>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: strange network problem

[Erez D]

The windows 169.25. ip is from APIPA and not from any DHCP server (ipconfig
does not specify a dhcp server).
to be on the safe side I verified udp port 67 is unused on my mac (via
netstat, fuser and socat)

what boggles me is why can't the window machine access the router and get
an ip when the mac is sleeping

as the AP switch is layer 2, i would susspect the switch disables the
windows machin for some reason,
e.g. it sees the same mac address from another port or detects abuse of
somewhat from the windows eth port
however i do not understand how is this related to the mac sleeping

I thought the AP switch maybe defective but puting another GB switch
instead causes the same results ...

why do you thing HOMEGROUP is related ? it is a higher layer protocol when
the problems seems to me on layer 2

Thanks,
Erez




On Tue, Jan 11, 2022 at 8:36 AM  wrote:

> On Monday, 10 January 2022 19:30:55 IST Erez D wrote:
> > I've encountered a network problem
> >
> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
> > (switch mode).
> > a third eth from the AP goes to the router which is also a DHCP server
> >
> > everything works well until the mac goes to sleep.
> > when the mac goes to sleep, the win10 machine looses it's ip address
> > which becomes a 169. address
> >
> > as soon as i wake the mac up, the win machine regain a valid 10.0.0.x ip
> >
> > i tried to replace the AP with a 4 port switch and got same results
> >
> >
> > any idea ?
> >
>
> IP in the  169.254.0.0/16 range is related to bonjour protocol , it is a
> link local communication.
>
> your windows would move to a bonjur ip in many cases but most common that
> can happen if your machine has a bonjour service enabled and an Ethernet
> card with dhcp that can not get an ip from the router.
>
> 1. Check if when the mac is running your windows machine got it's ip from
> the mac and not from the router. in some cases mac can have dhcpd running
> on it, if that is the case you should disable it if you do not need it.
> 2. Check if homegroup is enabled on win10, if it is disable it (by version
> 1803 it is no longer active by default, but you could have hacked to enable
> it).
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

OT: strange network problem

[Erez D]

I've encountered a network problem

i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
(switch mode).
a third eth from the AP goes to the router which is also a DHCP server

everything works well until the mac goes to sleep.
when the mac goes to sleep, the win10 machine looses it's ip address
which becomes a 169. address

as soon as i wake the mac up, the win machine regain a valid 10.0.0.x ip

i tried to replace the AP with a 4 port switch and got same results


any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: disabling ipv6

[Erez D]

as I said, best is a firewall, however  GBE capable pfsense HW starts at
1000 NIS + need at least another 200 for an AP,
this 1k NIS i wanted to save if i could find a satisfying solution

however  in HOT 4 router i can't disable or firewall ipv6, so i thought a
simple dhcpv6 server could solve my problem ...

On Sun, Nov 7, 2021 at 10:52 AM Rabin Yasharzadehe  wrote:

> For best control you should go with the option of splitting the ISP router
> to only act as modem, and have a FW like PFsense/OpenSense for the rest
> (FW,DHCP 4/6, DNS,  ).
> and have several wireless APs spread across the house, which act only as
> AP base stations. It's a bit more expensive, but it will give you the peace
> of mind you are looking for.
>
>
>
>
> --
> Rabin
>
>
> On Sun, 7 Nov 2021 at 10:28, Erez D  wrote:
>
>> Hello
>>
>> I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't
>> turn off.
>> I have a few issues with ipv6:
>> 1. no NAT so all my devices are accessible from outside
>> 2. can't redirect DNS traffic to my DNS server
>>
>> I thought about adding a firewall, but this way i need a small
>> fast-enough HW for this which is expensive, as well as disable HOT's router
>> wifi so i actually need a wifi router ...
>>
>> can't i just install a dhcpv6 server on an RPi, which will hijack the
>> default route and DNS servers, and so actually disable ipv6 ?
>>
>> Thanks,
>> Erez.
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

disabling ipv6

[Erez D]

Hello

I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't
turn off.
I have a few issues with ipv6:
1. no NAT so all my devices are accessible from outside
2. can't redirect DNS traffic to my DNS server

I thought about adding a firewall, but this way i need a small fast-enough
HW for this which is expensive, as well as disable HOT's router wifi so i
actually need a wifi router ...

can't i just install a dhcpv6 server on an RPi, which will hijack the
default route and DNS servers, and so actually disable ipv6 ?

Thanks,
Erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Any Cellphone providers have a non-NAT option

[Erez D]

last time i checked (a year ago) with celcom, it depended on the APN

sphone - used NAT
internetg - did not use NAT

On Fri, Jun 2, 2017 at 1:12 AM, E.S. Rosenberg 
wrote:

> Hi all,
> I was told by Bezeq that they currently don't have infrastructure
> where I am living so I'm looking at using a cellular modem instead.
> Ideally I'd like to have some remote access to home but if the
> Cellular network is Carrier Grade NAT I can forget about that (unless
> I create a reverse SSH tunnel from one of my servers which I guess can
> be an option).
>
> Is any carrier offering 3/4G with real IP(v6) addresses?
> Thanks,
> Eliyahu - אליהו
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

On Sat, Jul 2, 2016 at 2:00 PM, guy keren <guy.choo.ke...@gmail.com> wrote:

>
> https://en.wikipedia.org/wiki/Thttpd

dont know if it fits my requierments but last version dated 2014

>
>
> and
>
> https://www.lighttpd.net/

uses fastcgi. fastcgi is multithreaded.

>
>
> both existed before anyone used javascript on server side, as far as i know
>
> (and they are written in C, not C++)
>
> --guy
>
>
> On 07/02/2016 10:49 AM, Erez D wrote:
>
>> doing some research on servers i found out that i can handle more
>> connections simultaneously as single threaded.
>> on thread per connection i have a huge overhead, just think of the
>> default 2MB stack per connection - 1000 connections is 2GB ram just for
>> stack.
>> however as single threaded, i can server connections by the 10,000s(or
>> even a million).
>>
>> later to my surprise, i found out that that was exactly one of the main
>> considerations behind node.js
>>
>> but node.js requires code in js. and i am more of a c++ guy
>> (and of course c++ is more efficient than js)
>>
>> C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par
>> with other modern languages.
>> the idea behind c++11/14 was to make it simple for beginners, while
>> still keeping the option to control every bit for advanced users.
>> one thing i hear people hate about c and c++ is its memory handling
>> (malloc/free or new/delete), however in forgot about it years ago using
>> shared_ptr ( now in c++11 and before that, use boost instead).. you can
>> still control when it is freed if you want (in countrary to
>> garbage-disposal-thread languages). as a matter of fact, i use this a
>> lot - i create an object that cleans up,. and no matter how i exit the
>> function it gets cleaned up.
>>
>> so i wanted a node.c++ instead of writing my own
>>
>> in theory simple single threaded web server usage code could look
>> something like:
>>
>> int main()
>> {
>>auto server=HttpServer::create(80,[](Request )
>>  {
>>if (request.header=="HelloWorld")
>>{
>>   HttpResponse(200,"Hello, world");
>>} else {
>>  File::Read(request,header,[](bool success, string body)
>>{
>>   if (success)
>> HttpResponse(400,body);
>>} else {
>> HttpResponse(404);
>>}
>>  );
>>}
>>  }
>>);
>> }
>>
>>
>>
>>
>> On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira <amos.shap...@gmail.com
>> <mailto:amos.shap...@gmail.com>> wrote:
>>
>> I'm curious - what's the background of this question? What's the
>> original goal that led you to ask this?
>>
>> On 28 June 2016 at 18:04, Erez D <erez0...@gmail.com
>> <mailto:erez0...@gmail.com>> wrote:
>>
>> i tried searching the web but got no result
>>
>> what web servers other than node.js are single threaded ?
>> anyone has experience with one ?
>> is there one in which the cgi is in c++ ?
>>
>>
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il <mailto:Linux-il@cs.huji.ac.il>
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>>
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

doing some research on servers i found out that i can handle more
connections simultaneously as single threaded.
on thread per connection i have a huge overhead, just think of the default
2MB stack per connection - 1000 connections is 2GB ram just for stack.
however as single threaded, i can server connections by the 10,000s(or even
a million).

later to my surprise, i found out that that was exactly one of the main
considerations behind node.js

but node.js requires code in js. and i am more of a c++ guy
(and of course c++ is more efficient than js)

C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par with
other modern languages.
the idea behind c++11/14 was to make it simple for beginners, while still
keeping the option to control every bit for advanced users.
one thing i hear people hate about c and c++ is its memory handling
(malloc/free or new/delete), however in forgot about it years ago using
shared_ptr ( now in c++11 and before that, use boost instead).. you can
still control when it is freed if you want (in countrary to
garbage-disposal-thread languages). as a matter of fact, i use this a lot -
i create an object that cleans up,. and no matter how i exit the function
it gets cleaned up.

so i wanted a node.c++ instead of writing my own

in theory simple single threaded web server usage code could look something
like:

int main()
{
  auto server=HttpServer::create(80,[](Request )
{
  if (request.header=="HelloWorld")
  {
 HttpResponse(200,"Hello, world");
  } else {
File::Read(request,header,[](bool success, string body)
  {
 if (success)
   HttpResponse(400,body);
  } else {
   HttpResponse(404);
  }
);
  }
}
  );
}





On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira <amos.shap...@gmail.com> wrote:

> I'm curious - what's the background of this question? What's the original
> goal that led you to ask this?
>
> On 28 June 2016 at 18:04, Erez D <erez0...@gmail.com> wrote:
>
>> i tried searching the web but got no result
>>
>> what web servers other than node.js are single threaded ?
>> anyone has experience with one ?
>> is there one in which the cgi is in c++ ?
>>
>>
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
> <http://au.linkedin.com/in/gliderflyer>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

if anybody is interested, i found nghttp2 (
https://nghttp2.org/documentation/libnghttp2_asio.html ).

On Tue, Jun 28, 2016 at 11:04 AM, Erez D <erez0...@gmail.com> wrote:

> i tried searching the web but got no result
>
> what web servers other than node.js are single threaded ?
> anyone has experience with one ?
> is there one in which the cgi is in c++ ?
>
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

On Tue, Jun 28, 2016 at 4:39 PM, Baruch Siach <bar...@tkos.co.il> wrote:

> Hi Erez,
>
> On Tue, Jun 28, 2016 at 11:04:49AM +0300, Erez D wrote:
> > i tried searching the web but got no result
> >
> > what web servers other than node.js are single threaded ?
>
> nginx uses one single threaded process per CPU core to handle HTTP requests
> (
> https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/
> ).
>
> > anyone has experience with one ?
>
> Not me.
>
> > is there one in which the cgi is in c++ ?
>
> Given the nature of CGI you can write CGI programs in any language you
> like,
> as long as it can write text to standard output file descriptor.
>
correct, however in such it breaks the 'single process per thread'

>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

single threaded web servers

[Erez D]

i tried searching the web but got no result

what web servers other than node.js are single threaded ?
anyone has experience with one ?
is there one in which the cgi is in c++ ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

ot: outsource task offer

[Erez D]

hi

we are looking for outsourcing a small task:

knoledege/experiance required:
1. mariadb galera cluster
2. mariadb replication
3. setting up a server on amazon
4. setting up a server on rackspace

please pm me if one is interested.

thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

revisioning mysql server

[Erez D]

hi

i have a running mysql server, and want to be able to restore it to any
day, with as little backup space as needed

i do mysqldump to the same file every day then commit the file with "svn ci"
the idea is that if there are no changes, it takes no space

it works well if i just append entries to a database, as svn will just save
the changes

however, if i insert a record, and for instance the dump file has 5 record
at every line
then the change is big and actually svn will save most of the file though
there is a very small change actually.

another issue - if the records hold changing info like timestamps etc.

any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Thunderbird + Fribidi

[Erez D]

  
  
i'm using "bidi mail ui" plugin
  
  On 04/02/2016 14:14, Tzafrir Cohen wrote:


  On Thu, Feb 04, 2016 at 10:24:45AM +0200, Yuval Adam wrote:

  
Is there any nice way to get Thunderbird to automatically process
e-mails in Hebrew via Fribidi? (When composing, but possibly when
viewing as well)

  
  
Thunderbird is built on top of the Gecko browser engine. Gecko uses a
library called ICU which serves a somewhat similar role to Fribidi.

However, from what I know of Thunderbird, it is basically written on top
of Gecko, and thus works with HTML, CSS and such. It should already
provide good bidirectionality support (and if not: it's a bug that
should be fixed).




  


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Testing my network for vulnerabilities

[Erez D]

I would like to tighten my internal network security and to protect against
rouge computers on my LAN.

Anybody knows of a good tool to scan my network for vulnerabilities ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: persistent private browsing ?

[Erez D]

On Tue, Nov 17, 2015 at 12:33 PM, Rabin Yasharzadehe <ra...@rabin.io> wrote:

> That's right, Incognito/Privet Browsing mode share the same session.
> this is why you need to create a new profile for each case.
>
> Chrome & Firefox can be configure to run with pre-installed addons,
> but you may need to configure them if needed.
> but there some extension which allow you to export there settings (so
> maybe you can automate the import ?).
>
do you know which ?

>
> --
> Rabin
>
> On 17 November 2015 at 11:19, Erez D <erez0...@gmail.com> wrote:
>
>> you are correct
>>
>> however, it is  needed to re-configire each and every profile - plugins,
>> master password etc
>>
>> would be nice to have different profiles with some common settings, on
>> different tabs on same window ...
>>
>> btw, i found that even 'private browsing' is not so private as if you
>> open multiple tabs or windows of private browsing, they all share the same
>> cookies.
>> the only thing different about private browsing is that the cookies are
>> deleted when all the private browsing sessions end.
>>
>> On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg <e...@g.jct.ac.il> wrote:
>>
>>> If I'm not mistaken you should be able to accomplish this by starting
>>> Firefox with a different profile (firefox -P or firefox --profile)
>>>
>>> 2015-11-15 10:36 GMT+02:00 Efraim Flashner <efr...@flashner.co.il>:
>>> > I'm using privacy badger to block the following aspects of the
>>> different ads, including facebook. Doesn't sandbox them, but does keep them
>>> all from following me around the web.  I'm also using privoxy with tor to
>>> pass my browser traffic through tor, but that's not really going to make a
>>> difference in relation to your question.
>>> >
>>> >
>>> > On Sun, 15 Nov 2015 10:26:18 +0200
>>> > Rabin Yasharzadehe <ra...@rabin.io> wrote:
>>> >
>>> >> I'm using chrome and launch it with a new DATADIR each time. (see here
>>> >> <
>>> http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension
>>> >
>>> >> )
>>> >> useful for sites which need flash.
>>> >>
>>> >> I was having problems downloading the CRX files so now i just point
>>> them
>>> >> directly in the config file
>>> >> and each new Chrome run will download them.
>>> >>
>>> >> --
>>> >> Rabin
>>> >>
>>> >> On 15 November 2015 at 10:18, Erez D <erez0...@gmail.com> wrote:
>>> >>
>>> >> > Hello
>>> >> >
>>> >> > Today browsers support Private Browsing mode (e.g. sandbox) .
>>> however,
>>> >> > when i close that window, all it's data is lost, next time i will
>>> again
>>> >> > need to supply my login, password, etc
>>> >> >
>>> >> > What i want, is a way to sandbox a site (e.g. facebook), and reopen
>>> it
>>> >> > tomorrow in the same sandbox. i.e. when i am going to a web page
>>> not from
>>> >> > that sandbox, if that web page includes pages from facebook, it
>>> will not be
>>> >> > able to track my facebook identity as i login to facebook only from
>>> the
>>> >> > sandbox.
>>> >> >
>>> >> > the only way i can do it right now is by accessing facebook from a
>>> >> > different browser than the rest of the pages.
>>> >> >
>>> >> > however there are many websites (facebook, google twiter etc.) and
>>> i do
>>> >> > not have so many browsers
>>> >> >
>>> >> > is there a way to open a private browsing page, and be able to
>>> access it
>>> >> > again after reopening the browser ?
>>> >> >
>>> >
>>> > --
>>> > Efraim Flashner   <efr...@flashner.co.il>   אפרים פלשנר
>>> > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
>>> > Confidentiality cannot be guaranteed on emails sent or received
>>> unencrypted
>>> >
>>> > ___
>>> > Linux-il mailing list
>>> > Linux-il@cs.huji.ac.il
>>> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>> >
>>>
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: portable encypted filesystem

[Erez D]

On Tue, Nov 17, 2015 at 12:35 PM, Rabin Yasharzadehe <ra...@rabin.io> wrote:

> TrueCrypt ?
>
just reading about it ;-)
however it is unmaintained (should i use veracrypt ? no audit done on it,)
and i do not need all this functionality

what i liked about ecryptfs is that it is the default ubuntu encryption
(which raise my trust in it), and that it encrypts file by file rather than
volume (which better fits to running it over dropbox or gdrive)

>
> --
> Rabin
>
> On 17 November 2015 at 11:27, Erez D <erez0...@gmail.com> wrote:
>
>> Hello
>>
>> It is very nice to hold some data on the cloud accessible from everywhere
>> however if i do not want the cloud to have access to it, it requires
>> encryption
>>
>> i could mount gdrive, dropbox or other cloud fs localy
>> and mount ecryptfs on it so i have transparent encryption
>>
>> my only problem is that it works on linux only
>>
>> does anyone knows a way of having a portable transparent encryption
>> which will support linux, and windows ?
>> (would be nice if it will also support android (even if  i can not
>> insmod) and ios)
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: persistent private browsing ?

[Erez D]

you are correct

however, it is  needed to re-configire each and every profile - plugins,
master password etc

would be nice to have different profiles with some common settings, on
different tabs on same window ...

btw, i found that even 'private browsing' is not so private as if you open
multiple tabs or windows of private browsing, they all share the same
cookies.
the only thing different about private browsing is that the cookies are
deleted when all the private browsing sessions end.

On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg <e...@g.jct.ac.il> wrote:

> If I'm not mistaken you should be able to accomplish this by starting
> Firefox with a different profile (firefox -P or firefox --profile)
>
> 2015-11-15 10:36 GMT+02:00 Efraim Flashner <efr...@flashner.co.il>:
> > I'm using privacy badger to block the following aspects of the different
> ads, including facebook. Doesn't sandbox them, but does keep them all from
> following me around the web.  I'm also using privoxy with tor to pass my
> browser traffic through tor, but that's not really going to make a
> difference in relation to your question.
> >
> >
> > On Sun, 15 Nov 2015 10:26:18 +0200
> > Rabin Yasharzadehe <ra...@rabin.io> wrote:
> >
> >> I'm using chrome and launch it with a new DATADIR each time. (see here
> >> <
> http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension
> >
> >> )
> >> useful for sites which need flash.
> >>
> >> I was having problems downloading the CRX files so now i just point them
> >> directly in the config file
> >> and each new Chrome run will download them.
> >>
> >> --
> >> Rabin
> >>
> >> On 15 November 2015 at 10:18, Erez D <erez0...@gmail.com> wrote:
> >>
> >> > Hello
> >> >
> >> > Today browsers support Private Browsing mode (e.g. sandbox) . however,
> >> > when i close that window, all it's data is lost, next time i will
> again
> >> > need to supply my login, password, etc
> >> >
> >> > What i want, is a way to sandbox a site (e.g. facebook), and reopen it
> >> > tomorrow in the same sandbox. i.e. when i am going to a web page not
> from
> >> > that sandbox, if that web page includes pages from facebook, it will
> not be
> >> > able to track my facebook identity as i login to facebook only from
> the
> >> > sandbox.
> >> >
> >> > the only way i can do it right now is by accessing facebook from a
> >> > different browser than the rest of the pages.
> >> >
> >> > however there are many websites (facebook, google twiter etc.) and i
> do
> >> > not have so many browsers
> >> >
> >> > is there a way to open a private browsing page, and be able to access
> it
> >> > again after reopening the browser ?
> >> >
> >
> > --
> > Efraim Flashner   <efr...@flashner.co.il>   אפרים פלשנר
> > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> > Confidentiality cannot be guaranteed on emails sent or received
> unencrypted
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

portable encypted filesystem

[Erez D]

Hello

It is very nice to hold some data on the cloud accessible from everywhere
however if i do not want the cloud to have access to it, it requires
encryption

i could mount gdrive, dropbox or other cloud fs localy
and mount ecryptfs on it so i have transparent encryption

my only problem is that it works on linux only

does anyone knows a way of having a portable transparent encryption
which will support linux, and windows ?
(would be nice if it will also support android (even if  i can not insmod)
and ios)
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

persistent private browsing ?

[Erez D]

Hello

Today browsers support Private Browsing mode (e.g. sandbox) . however, when
i close that window, all it's data is lost, next time i will again need to
supply my login, password, etc

What i want, is a way to sandbox a site (e.g. facebook), and reopen it
tomorrow in the same sandbox. i.e. when i am going to a web page not from
that sandbox, if that web page includes pages from facebook, it will not be
able to track my facebook identity as i login to facebook only from the
sandbox.

the only way i can do it right now is by accessing facebook from a
different browser than the rest of the pages.

however there are many websites (facebook, google twiter etc.) and i do not
have so many browsers

is there a way to open a private browsing page, and be able to access it
again after reopening the browser ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

media center

[Erez D]

Hi

up to about a year ago, for about 10 years, i used mythtv as my media
center / PVR
the last year or so, i just used HOT's PVR abilities, and they suck

I want to go back to using a proper Media Center / PVR,
However, many things have changed

first, many sources are from the internet, and i have children which
english is not their native language, so they need at least translation if
not dubbing.
second, i need to support multiple TVs and looking for a cheap and good
frontend
third, MYTHTV is old, not sure if supported very well, and hard to manage

I tried looking on the net and found a lot of information on many
alternatives which i do not know what to choose from and which hardware to
use

some people are using KODI (formerly XBMC).It can play movies and videos
and can stream, however to record TV it needs a backend (MYTHTV ? )

what hardware do i need for it to work good and stay supported (and cheap
as i need many)

what alternatives are there ?

I also have chromecast, what is it good for other than playing youtube and
mirroring your android phone on it

there is just too much confusing info on the net

can someone shed some light or make some order into the chaos ?

thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Back to the Future with C++ and Seastar

[Erez D]

On Thu, Apr 2, 2015 at 12:14 AM, Amos Shapira amos.shap...@gmail.com
wrote:

 Hi Nadav,

 Will it be video taped?
 Slides made available?

That would be great


 Thanks,

 --Amos

 On 2 April 2015 at 05:53, Nadav Har'El n...@math.technion.ac.il wrote:

 On Wed, Apr 01, 2015, Oleg Goldshmidt wrote about Re: Back to the Future
 with C++ and Seastar:
  Nadav Har'El n...@math.technion.ac.il writes:
   Seastar is an open source (http://www.seastar-project.org/) library.
   It is based on the concept of futures (like in Node.js, just
 implemented
   in a much more efficient way). Part of the talk will also introduce
 futures,
   how Seastar implements them in C++, and how much C++ has changed in
 recent
   years from what you may remember about it.
 
  I might come (close to work :). C++ has futures and promises natively,
  as a part of its standard library. Can you add a couple of words on how
  Seastar's futures differ?

 Sure, though I'm sure Avi will explain it better in his talk :-)

 The first difference is that C++11's support for futures is incomplete:
 Futures are supported, but not *continuations*, which are code you want
 to run when the future value becomes available. C++17 will probably have
 continuations, but Seastar has them now.

 The second difference is that C++11's futures are indeed powerful, but not
 optimized for performance. They make excessive use of allocations, they
 rely on threads and everything uses atomic operations and locks. Seastar's
 design, on the other hand, is aimed at modern SMP design, for achieving
 the top possible performance: Continuations are very lightweight (not
 based on thread context switching), you write with Seastar a share-nothing
 server (each core deals with its own data) so no locks, no atomic
 operations,
 and very little cache contention. These things make a *huge* difference
 in performance in modern SMPs - especially when you try to scale up to
 many cores.

 The third difference is that Seastar is much more than just an
 implementation of futures - it is a complete library for writing
 asynchronous I/O-heavy (network and disk) applications - consider http
 servers, proxies, nosql servers - any server application you can think of
 will be much faster if rewritten in Seastar (Avi will present some
 benchmarks, showing near perfect scalability to 40 cores, 5x speed
 improvements compared to traditional thought-to-be-efficient applications,
 etc. Seastar completely bypasses the operating system by using DPDK,
 but as you may know DPDK only supports L2 packets and has no TCP/IP stack.
 But that's no longer true: We actually implemented in Seastar a full
 TCP/IP stack over DPDK, write in Seastar's own futures framework.

 And Seastar is even more. I'll leave a few surprises for Avi's talk ;-)

 --
 Nadav Har'El| Wednesday, Apr 1 2015, 13 Nisan
 5775
 n...@math.technion.ac.il
  |-
 Phone +972-523-790466, ICQ 13349191 |My opinions may have changed, but
 not the
 http://nadav.harel.org.il   |fact that I am right.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
 http://au.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: compiling kernel module

[Erez D]

On Wed, Mar 4, 2015 at 11:09 AM, Leon Romanovsky l...@leon.nu wrote:

 i tried downloading source from lenovo.
 they have instructions to compile with:
 ./mk x2ap n k

 however i cannot find 'mk' anywhere, not in their tar, not in android sdk
 nor ndk etc.

 ./mk is a symlink to ./makeMtk script which is part of Mediatek build
 system.
 The script is located at mediatek/build folder.

 thanks,
where do i get  Mediatek build system from ?


 --
 Leon Romanovsky | Independent Linux Consultant
 www.leon.nu | l...@leon.nu

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: compiling kernel module

[Erez D]

On Wed, Mar 4, 2015 at 11:55 AM, Leon Romanovsky l...@leon.nu wrote:

 On Wed, Mar 4, 2015 at 11:12 AM, Erez D erez0...@gmail.com wrote:
 
 
 
  On Wed, Mar 4, 2015 at 11:09 AM, Leon Romanovsky l...@leon.nu wrote:
 
  i tried downloading source from lenovo.
  they have instructions to compile with:
  ./mk x2ap n k
 
  however i cannot find 'mk' anywhere, not in their tar, not in android
 sdk nor ndk etc.
 
  ./mk is a symlink to ./makeMtk script which is part of Mediatek build
 system.
  The script is located at mediatek/build folder.
 
  thanks,
  where do i get  Mediatek build system from ?
 AFAIK It depends on phone/tablet manufacturer, since the build system
 is not GPL.
 Generally, you can try to setup it by yourself:
 1. Take one of the available builds for other MTK chipset based phones [1].
 2. Download source code which was provided by Lenovo [2].
 3. Built new kernel with platform config from Lenovo's package [3]

 [1] https://github.com/suribi/Thunder-Kernel
 [2]
 http://support.lenovo.com/us/en/products/phones/vibe-series/vibe-x2/downloads/DS101342
 [3] bsp/mediatek/config/mt6595/autoconfig/kconfig/platform


do you have a link for [3] ?

thanks for your help


 
 
  --
  Leon Romanovsky | Independent Linux Consultant
  www.leon.nu | l...@leon.nu
 
 



 --
 Leon Romanovsky | Independent Linux Consultant
 www.leon.nu | l...@leon.nu

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

compiling kernel module

[Erez D]

hi

i have a rooted lenovo vibe x2. i want to compile a kernel module for it.

i did a 'make ARCH=arm CROSS_COMPILE=... M=subdir' and got my module.ko

when i insmod, i get: exec format error
and dmesg:
version magic '3.10.35 mod_unload modversions ARMv7 p2v8 ' should be
'3.10.35 SMP preempt mod_unload ARMv7 '

i tried playing with configuration, and got to '3.10.35 SMP preempt
mod_unload ARMv7 p2v8 '
however i can not loose the p2v8

this seems to come from: CONFIG_ARM_PATCH_PHYS_VIRT,if i comment out the
CONFIG_ARM_PATCH_PHYS_VIRT, it reenables it when i compile.

looking further i found:

Symbol: ARM_PATCH_PHYS_VIRT [=y]
Type  : boolean
Prompt: Patch physical to virtual translations at runtime
Defined at arch/arm/Kconfig:219
Depends on: !XIP_KERNEL [=n]  MMU [=y]  (!ARCH_REALVIEW [=n] ||
!SPARSEMEM [=n])
Selected by: ARCH_MXC [=n] || ARCH_PICOXCELL [=n] || ARCH_MULTIPLATFORM
[=y]  choice  MMU

i can not disable MMU, as it changes to armv5
disabling ARCH_MULTIPLATFORM  means i need to select a processor type
any of the 'ARM Ltd.' either doesn't compile or is ignored
and i do not know what the 'choice' is

i tried downloading source from lenovo.
they have instructions to compile with:
./mk x2ap n k

however i cannot find 'mk' anywhere, not in their tar, not in android sdk
nor ndk etc.
and can't find any specific config file.
compiling with their source gives the same magic '3.10.35 mod_unload
modversions ARMv7 p2v8 ' as the vanilla does

any idea anyone ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DNAT and MASQUERADE

[Erez D]

On Mon, Jan 12, 2015 at 8:50 PM, E.S. Rosenberg esr+linux...@g.jct.ac.il
wrote:

 Alternatively you could also have a local dns/local hosts entries that
 point computerN at computer_1 when they are looking up whatever hostname is
 resolving to ext_ip

nice idea. nut i'm not using DNS for that. also will cause all access to
ext_ip to go to computer1 (i may want to forward some ports to computer1
and some to other computers)


 If they are on the same LAN all normal (sane) security policy will cause
 the drop of their packets when they are trying to reach ext_ip from inside
 the network that has ext_ip and you need to bend over backwards to get them
 accepted..

 2015-01-08 23:02 GMT+02:00 shimi linux...@shimi.net:


 On Thu, Jan 8, 2015 at 10:43 AM, Erez D erez0...@gmail.com wrote:



 On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote:



 On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote:



 On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote:

 hello.

 I have an iptables question

 i have the following

 ext_ip - NAT1 - linux firewall- network - computer1:eth0 ..
 computer99

 i have no control over NAT1.
 computer1 also can reach the internet via eth1.

 linux firewall redirects incoming port  from ext_ip to computer1
 however i need coputer2 .. computer99 to connect to ext_ip: and
 also reach computer1

 so first i did a NAT rule in linux firewall to redirect all packets
 from internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1
 $ext_ip up' on computer1.
 this works. however it causes computer1 not to be able to access real
 ext_ip via eth1 which is connected to the internet as well

 so i though of both doing DNAT and MASQ, which will do the same but
 will not require assiging ext_ip to computer1.
 howerver i do not know how to do that


 If computer1 can access ext_ip:, all you need is to allow
 ip_forward (/etc/sysctl.conf for permanent, and echo 1 
 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers
 have a static route to ext_ip via computer1

 Then, in computer1,

 iptables -t nat -I POSTROUTING -o interface going towards ext_ip [
 -i interface subnet of computers come from ] -s subnet of
 computers/netmask -p tcp --dport  -j MASQUERADE

 should do...

 (of course, assuming the iptables FORWARD chain is not dropping those
 packets; otherwise you'ld need an ACCEPT rule there, too...)

 HTH,

 -- Shimi


 And on a second read, I think I got you wrong and the purpose was to
 access computer1 port  (hopefully listening on 0.0.0.0) from computersN
 by using the external IP from the inside?

 yes


 couputerN default route is the linux firewall. without any rules on
 linux firewall, it will forward packets from computer1 destined to ext_ip
 to NAT1. and they will not reach computer1 att all, so rules on computer 1
 are useless.


 Doing a DNAT on linux firewall will direct the packets to computer1,
 however computer 1 will know comuterN and will reply directly without going
 through linux firewall, and computer1 will not match the packets to the
 original connection.


 But if you create a static route on computerN towards the external IP via
 computer1 like I suggested, then these connections will not get to linux
 firewall at all, rather then get to computer1 (I'm assuming they're on the
 same L2 and share IP addresses in the same IP subnet) - so rules on
 computer1 will apply, wouldn't they?

 What am I missing?

 -- Shimi

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DNAT and MASQUERADE

[Erez D]

On Thu, Jan 8, 2015 at 11:02 PM, shimi linux...@shimi.net wrote:


 On Thu, Jan 8, 2015 at 10:43 AM, Erez D erez0...@gmail.com wrote:



 On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote:



 On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote:



 On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote:

 hello.

 I have an iptables question

 i have the following

 ext_ip - NAT1 - linux firewall- network - computer1:eth0 ..
 computer99

 i have no control over NAT1.
 computer1 also can reach the internet via eth1.

 linux firewall redirects incoming port  from ext_ip to computer1
 however i need coputer2 .. computer99 to connect to ext_ip: and
 also reach computer1

 so first i did a NAT rule in linux firewall to redirect all packets
 from internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1
 $ext_ip up' on computer1.
 this works. however it causes computer1 not to be able to access real
 ext_ip via eth1 which is connected to the internet as well

 so i though of both doing DNAT and MASQ, which will do the same but
 will not require assiging ext_ip to computer1.
 howerver i do not know how to do that


 If computer1 can access ext_ip:, all you need is to allow
 ip_forward (/etc/sysctl.conf for permanent, and echo 1 
 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers
 have a static route to ext_ip via computer1

 Then, in computer1,

 iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i
 interface subnet of computers come from ] -s subnet of
 computers/netmask -p tcp --dport  -j MASQUERADE

 should do...

 (of course, assuming the iptables FORWARD chain is not dropping those
 packets; otherwise you'ld need an ACCEPT rule there, too...)

 HTH,

 -- Shimi


 And on a second read, I think I got you wrong and the purpose was to
 access computer1 port  (hopefully listening on 0.0.0.0) from computersN
 by using the external IP from the inside?

 yes


 couputerN default route is the linux firewall. without any rules on
 linux firewall, it will forward packets from computer1 destined to ext_ip
 to NAT1. and they will not reach computer1 att all, so rules on computer 1
 are useless.


 Doing a DNAT on linux firewall will direct the packets to computer1,
 however computer 1 will know comuterN and will reply directly without going
 through linux firewall, and computer1 will not match the packets to the
 original connection.


 But if you create a static route on computerN towards the external IP via
 computer1 like I suggested, then these connections will not get to linux
 firewall at all, rather then get to computer1 (I'm assuming they're on the
 same L2 and share IP addresses in the same IP subnet) - so rules on
 computer1 will apply, wouldn't they?

 What am I missing?

1. this means that i need to put static routes on computerN which is
computer2 .. computer99, which some are linux, some windows, some android,
some iphone, etc ...
the same thing can be acheved by adding a static route on linux firewall to
do the same
2. computer 1 will receive packets destined to ext_ip, so they will be
ignored.


 -- Shimi

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Audio streaming

[Erez D]

can you elaborate on what are you trying to do
do you want to stream from android to linux or vice versa or somthing else
whatsoever
(maybe we can enjoy your setup as well)

On Sat, Jan 10, 2015 at 12:38 AM, David Harel harel...@gmail.com wrote:

 Eventually I succeeded using yaacc  which I found on fdroid.
 For client side I prefer the onkyo remote for now.

 Thanks for the lead.
 On Jan 9, 2015 8:06 PM, Amichai Rotman amic...@iglu.org.il wrote:

 Is this what you  are looking for?

 https://play.google.com/store/apps/details?id=es.mediaserver

 Amichai.

 2015-01-09 17:24 GMT+02:00 David Harel harel...@gmail.com:

 Greetings,

 I am trying to setup an audio server using a scrap android Teac Accord
 714b tablet running android 4.1.1
 I am looking for recommendation on server side app that can receive
 audio streams on local WiFi home network from android phones used by our
 family.

 Thanks

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DNAT and MASQUERADE

[Erez D]

On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote:



 On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote:



 On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote:

 hello.

 I have an iptables question

 i have the following

 ext_ip - NAT1 - linux firewall- network - computer1:eth0 ..
 computer99

 i have no control over NAT1.
 computer1 also can reach the internet via eth1.

 linux firewall redirects incoming port  from ext_ip to computer1
 however i need coputer2 .. computer99 to connect to ext_ip: and also
 reach computer1

 so first i did a NAT rule in linux firewall to redirect all packets from
 internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1 $ext_ip
 up' on computer1.
 this works. however it causes computer1 not to be able to access real
 ext_ip via eth1 which is connected to the internet as well

 so i though of both doing DNAT and MASQ, which will do the same but will
 not require assiging ext_ip to computer1.
 howerver i do not know how to do that


 If computer1 can access ext_ip:, all you need is to allow ip_forward
 (/etc/sysctl.conf for permanent, and echo 1 
 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers
 have a static route to ext_ip via computer1

 Then, in computer1,

 iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i
 interface subnet of computers come from ] -s subnet of
 computers/netmask -p tcp --dport  -j MASQUERADE

 should do...

 (of course, assuming the iptables FORWARD chain is not dropping those
 packets; otherwise you'ld need an ACCEPT rule there, too...)

 HTH,

 -- Shimi


 And on a second read, I think I got you wrong and the purpose was to
 access computer1 port  (hopefully listening on 0.0.0.0) from computersN
 by using the external IP from the inside?

yes


 If so, did:

 couputerN default route is the linux firewall. without any rules on linux
firewall, it will forward packets from computer1 destined to ext_ip  to
NAT1. and they will not reach computer1 att all, so rules on computer 1 are
useless.
Doing a DNAT on linux firewall will direct the packets to computer1,
however computer 1 will know comuterN and will reply directly without going
through linux firewall, and computer1 will not match the packets to the
original connection.



 iptables -I PREROUTING -i interface of computersN subnet -s subnet of
 computers/netmask -p tcp --dport -j REDIRECT --to-port 

 not work?

 -- Shimi

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

DNAT and MASQUERADE

[Erez D]

hello.

I have an iptables question

i have the following

ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99

i have no control over NAT1.
computer1 also can reach the internet via eth1.

linux firewall redirects incoming port  from ext_ip to computer1
however i need coputer2 .. computer99 to connect to ext_ip: and also
reach computer1

so first i did a NAT rule in linux firewall to redirect all packets from
internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1 $ext_ip
up' on computer1.
this works. however it causes computer1 not to be able to access real
ext_ip via eth1 which is connected to the internet as well

so i though of both doing DNAT and MASQ, which will do the same but will
not require assiging ext_ip to computer1.
howerver i do not know how to do that

anyone ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

udev persistance promblems

[Erez D]

I have a strange problem

when i insert my wlan usb dongle, I get wlan0.
if i remove and reinsert, i get wlan1
next time - wlan2
etc..

if i look at /etc/udev/rules.d/*Persistance*
i see multiple lines that are completely identical, except the wlan number

any idea ?
any idea of how to debug this ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: udev persistance promblems

[Erez D]

On Wed, Dec 10, 2014 at 12:34 PM, shimi linux...@shimi.net wrote:

 On Wed, Dec 10, 2014 at 12:30 PM, Erez D erez0...@gmail.com wrote:

 I have a strange problem

 when i insert my wlan usb dongle, I get wlan0.
 if i remove and reinsert, i get wlan1
 next time - wlan2
 etc..

 if i look at /etc/udev/rules.d/*Persistance*
 i see multiple lines that are completely identical, except the wlan number

 any idea ?
 any idea of how to debug this ?


 it auto generates a rule on first wlan insertion
it doesn't honor the above rule on the second insertion, but generates a
new identical one
etc ...

 But, do you have a specific rule that forces this specific dongle to be
 wlan0? i.e. by direct identification of it, like by MAC or Manufacturer ID?

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

good free dynamic dns server ?

[Erez D]

hi

i am currently using no-ip.org as a free dynamic dns server for my home.
however it has the annoying feature of sending me the following emails:
Please confirm your hostname now or it will be deleted

anyone knows of a good free dyndns server ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Xml grabber for hot

[Erez D]

I had an xml grabber for hot (someone wrote it for .net few years ago and i
ran it with mono but it stopped working)
Anyone knows of a working one ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

shell shock

[Erez D]

just read about the new linux bug in ynet
found out it is a bash exploit

just fyi,

see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: shell shock

[Erez D]

On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi dol...@yahoo.com wrote:

 Yes its all over the place.

that is why I was suprised it was not mentioned in linux-il ;-)



 For people with web sites, you can use the following online shellshock
 tester website to check if you are vulnerable in the following url:

 https://shellshock.detectify.com



 -- Original message--

 *From: *Erez D

 *Date: *Sat, Sep 27, 2014 16:25

 *To: *linux-il;

 *Subject:*shell shock


 just read about the new linux bug in ynet
 found out it is a bash exploit

 just fyi,

 see http://www.engadget.com/2014/09/25/what-is-the-shellshock/


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

cgi bg

[Erez D]

hi

i have a php cgi scripts that
1. generates an http response , this takes less than a second
2. do some stuff that may take some time, lets say a minute

when posting to that cgi, although the html is returned in less then a
second, the request is not closed until the minute has passed.

i want the http transaction to be closed when done (i.e. less than a minute)
but the php script to continue it's action (e.g. the minute it takes)

can i do it in php ? i.e. flush, or send eof, which will finish the request
but leave the php running until done ?


thanks
erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: cgi bg

[Erez D]

On Mon, Aug 25, 2014 at 10:29 AM, Jonathan Ben Avraham y...@tkos.co.il
wrote:

 Hi Erez,
 Did you include the response header

 Connection: close

 ?

yes


  - yba


 On Mon, 25 Aug 2014, Erez D wrote:

  Date: Mon, 25 Aug 2014 10:25:49 +0300
 From: Erez D erez0...@gmail.com
 To: linux-il linux-il@cs.huji.ac.il
 Subject: cgi bg


 hi

 i have a php cgi scripts that
 1. generates an http response , this takes less than a second
 2. do some stuff that may take some time, lets say a minute

 when posting to that cgi, although the html is returned in less then a
 second, the request
 is not closed until the minute has passed.

 i want the http transaction to be closed when done (i.e. less than a
 minute)
 but the php script to continue it's action (e.g. the minute it takes)

 can i do it in php ? i.e. flush, or send eof, which will finish the
 request but leave the
 php running until done ?


 thanks
 erez



 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
 =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo-
 ---{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
 skype:benavrhm
 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: cgi bg

[Erez D]

thanks,


not so easy to use, as i can not use stdout anymore
but it works.


On Mon, Aug 25, 2014 at 10:57 AM, shimi linux...@shimi.net wrote:

 On Mon, Aug 25, 2014 at 10:25 AM, Erez D erez0...@gmail.com wrote:

 hi

 i have a php cgi scripts that
 1. generates an http response , this takes less than a second
 2. do some stuff that may take some time, lets say a minute

 when posting to that cgi, although the html is returned in less then a
 second, the request is not closed until the minute has passed.

 The request will end when PHP will tell its upstream that it has ended.
 After all, it may still produce output, which the client is supposed to
 receive.


 i want the http transaction to be closed when done (i.e. less than a
 minute)
 but the php script to continue it's action (e.g. the minute it takes)

 can i do it in php ? i.e. flush, or send eof, which will finish the
 request but leave the php running until done ?


 You could at the worst case execute the code from an external file with a
 system() and backgrounded (append  to the command), a solution that will
 always work (but is ugly).

 An alternative approach which was possible in the past was to use
 http://php.net/register-shutdown-function to handle the request 'cleanup'
 (which is what I assume you are trying to do) - but since PHP 4.1 this
 stuff is no longer possible because now this can also send output to the
 client. Assuming you have a newer PHP... which is highly likely... you
 could try this instead:

 ?php
 ob_end_clean();
 header(Connection: close);
 ignore_user_abort(); // optional
 ob_start();
 echo ('Text the user will see');
 $size = ob_get_length();
 header(Content-Length: $size);
 ob_end_flush(); // Strange behaviour, will not work
 flush();// Unless both are called !
 // Do processing here
 sleep(30);
 echo('Text user will never see');
 ?

 ( Shamelessly copied from http://php.net/connection-handling )

 The idea is to buffer all the response in memory, then measure the buffer
 size of the response, then tell that to the server/client, and also let the
 connection to not support keep-alive. Then throw everything to the client.
 Since the response is of a given size, and the server/client has got all of
 it, it has nothing to do further with the server, so it has no reason not
 to close the socket.

 HTH,

 -- Shimi


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Q: suspend and resume a usb device from command line

[Erez D]

On Thu, Aug 14, 2014 at 3:45 PM, Dolev Farhi dol...@yahoo.com wrote:

 Have a look here:
 http://unix.stackexchange.com/questions/63199/how-to-disable-usb-devices-based-on-vendor-id-in-linux-environment


although it does not do what i wanted. it is still interesting to know.
especially the link at the end of answer 1


 it seems to be answering your request

 
 On Thu, 8/14/14, Erez D erez0...@gmail.com wrote:

  Subject: Q: suspend and resume a usb device from command line
  To: linux-il linux-il@cs.huji.ac.il
  Date: Thursday, August 14, 2014, 1:22 PM

  i
  searched and could not find a solution

  i need to suspend a specific usb device, and later
  resume it
  i have no 'power/level' or
  'power/pm_qos_no_power_off' under
  /sys/bus/usb/devices/...



  does anyone know how i can achieve this ?

  -Inline Attachment Follows-

  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Q: suspend and resume a usb device from command line

[Erez D]

i searched and could not find a solution

i need to suspend a specific usb device, and later resume it
i have no 'power/level' or 'power/pm_qos_no_power_off' under
/sys/bus/usb/devices/...

does anyone know how i can achieve this ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

1. only refer to non-privileged ports
2. btw, ssh will warn you if the server cert changes, so if someone
takes the port for it's ssh server, you will know

i'll still stick with a non standard privileged port.

On Tue, Jul 22, 2014 at 3:47 PM, Guy Gold guy1g...@gmail.com wrote:


 On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote:

 Hi Erez,

 On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote:


 it is not even a dynamic ip, it is a private ip behind a dynamic one


 Then,  what Eliyahu wrote should serve you a perfect solution.


 Although this can become a flame-war :)

 Source:
 https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/

 ==Begin quote ==

 But there are more reasons why this is a bad idea and one of the most
 important reason has to do with a bit of the (Linux) way of handling TCP/IP
 ports. When you are logged onto a system as a non-root user (anyone not
 being uid 0), you cannot create a listing TCP or UDP port below 1024. This
 is because port numbers below 1024 are so-called privileged ports and can
 only be opened by root or processes that are running as root. So for
 instance, when your webserver (apache, nginx etc) will start, it will do so
 as the privileged root user in order to open up a listening connection to
 port 80 (the port that by default will be used for HTTP traffic). Now, as
 soon as the port is opened and everything that needs to be done as root is
 done, the webserver will fall back to a non-privileged user (either the
 www-data, apache, or nobody user). From that point, when something bad is
 happening, it is only limited to the rights that that user has.

 Now, back to SSH: when we start SSH on port 22, we know for a fact that this
 is done by root or a root-process since no other user could possibly open
 that port. But what happens when we move SSH to port ? This port can be
 opened without a privileged account, which means I can write a simple script
 that listens to port  and mimics SSH in order to capture your passwords.
 And this can easily be done with simple tools commonly available on every
 linux system/server. So running SSH on a non-privileged port makes it
 potentially LESS secure, not MORE. You have no way of knowing if you are
 talking to the real SSH server or not. This reason, and this reason alone
 makes it that you should NEVER EVER use a non-privileged port for running
 your SSH server.

 ==End quote==

 Reading the whole page is recommended.

 Though, some of Joshua Thijssen's points can be argued against (not by
 myself, but I'm sure some folks can find some caveats in his article). I
 tend to agree with what he points out.

 I do acknowledge that SBO (security by...) divides quite a bit sysadmins
 apart. Some live by it, and some, well, ridicule it, and for them, seeing
 another sysadmin use such method is a tell sign of anachronism.  The beauty
 is that we can all choose, and what is important is  being informed.

 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

and i forgot:
what if my router redirect any port to my computer's port 22 ?
this can be a non priviledge port

if only i have access to the router settings ...

On Wed, Jul 23, 2014 at 11:44 AM, Erez D erez0...@gmail.com wrote:
 1. only refer to non-privileged ports
 2. btw, ssh will warn you if the server cert changes, so if someone
 takes the port for it's ssh server, you will know

 i'll still stick with a non standard privileged port.

 On Tue, Jul 22, 2014 at 3:47 PM, Guy Gold guy1g...@gmail.com wrote:


 On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote:

 Hi Erez,

 On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote:


 it is not even a dynamic ip, it is a private ip behind a dynamic one


 Then,  what Eliyahu wrote should serve you a perfect solution.


 Although this can become a flame-war :)

 Source:
 https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/

 ==Begin quote ==

 But there are more reasons why this is a bad idea and one of the most
 important reason has to do with a bit of the (Linux) way of handling TCP/IP
 ports. When you are logged onto a system as a non-root user (anyone not
 being uid 0), you cannot create a listing TCP or UDP port below 1024. This
 is because port numbers below 1024 are so-called privileged ports and can
 only be opened by root or processes that are running as root. So for
 instance, when your webserver (apache, nginx etc) will start, it will do so
 as the privileged root user in order to open up a listening connection to
 port 80 (the port that by default will be used for HTTP traffic). Now, as
 soon as the port is opened and everything that needs to be done as root is
 done, the webserver will fall back to a non-privileged user (either the
 www-data, apache, or nobody user). From that point, when something bad is
 happening, it is only limited to the rights that that user has.

 Now, back to SSH: when we start SSH on port 22, we know for a fact that this
 is done by root or a root-process since no other user could possibly open
 that port. But what happens when we move SSH to port ? This port can be
 opened without a privileged account, which means I can write a simple script
 that listens to port  and mimics SSH in order to capture your passwords.
 And this can easily be done with simple tools commonly available on every
 linux system/server. So running SSH on a non-privileged port makes it
 potentially LESS secure, not MORE. You have no way of knowing if you are
 talking to the real SSH server or not. This reason, and this reason alone
 makes it that you should NEVER EVER use a non-privileged port for running
 your SSH server.

 ==End quote==

 Reading the whole page is recommended.

 Though, some of Joshua Thijssen's points can be argued against (not by
 myself, but I'm sure some folks can find some caveats in his article). I
 tend to agree with what he points out.

 I do acknowledge that SBO (security by...) divides quite a bit sysadmins
 apart. Some live by it, and some, well, ridicule it, and for them, seeing
 another sysadmin use such method is a tell sign of anachronism.  The beauty
 is that we can all choose, and what is important is  being informed.

 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

although port scanners can scan every port, it takes x 65536 times more
than scanning only port 22
and there are enough available port 22s,

so using a non-standard port is a smart move
as long as it is not the only one.


On Tue, Jul 22, 2014 at 3:07 AM, Amos Shapira amos.shap...@gmail.com
wrote:

 Whatever.

 I'm speaking from personal experience that I didn't find this necessary.



 On 22 July 2014 08:21, E.S. Rosenberg esr+linux...@g.jct.ac.il wrote:

 Any decent port scanner (nmap for instance) will find the SSH service
 regardless of the port its' on, while the likelihood of a firewall blocking
 access to random non-standard ports is very high.

 I use fail2ban to prevent brute forcing and generally also try to have
 some form of port knocking (knockd and fwknop are good options) to prevent
 initial access to the SSH server to unidentified machines.


 2014-07-22 1:11 GMT+03:00 Amos Shapira amos.shap...@gmail.com:

 On 22 July 2014 00:52, Guy Gold guy1g...@gmail.com wrote:

 Hi Erez,

 On Mon, Jul 21, 2014 at 4:18 AM, Erez D erez0...@gmail.com wrote:


 it is not even a dynamic ip, it is a private ip behind a dynamic one


 Then,  what Eliyahu wrote should serve you a perfect solution.

 Also, there's not much advantage in the point of hiding behind the
 security by obscurity method (i.e serve SSH at port 9000. or whichever).

  The increase to security by using  that method is in doubt - when
 taking under consideration  tools used by bad guys (and girls) nowadays .
 If you must do it, that's fine, but don't let it be a reason for not
 using much better methods, as Eliyahu suggested.


 From personal experience - there is a huge advantage in picking a random
 port for external SSH (and external HTTP). I always had port scanners on my
 standard, dynamic ISP ADSL addresses until I moved them to different
 non-standard ports. Since then my logs are clean, and I'm talking about
 over 5 years of experience (I don't remember exactly when I did the switch).

 This is of course not the only measure I take for security. I still
 treat them as vulnerable etc. But after years of not having a single probe
 on the new ports I have to say that it removed the threat of pretty much
 100% of the probes on my home network.

 Perhaps they are more thorough on static ip addresses, known targets
 etc., but in my experience this is a very successful step.




 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
  [image: View my profile on LinkedIn]
 http://www.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il





 --
  [image: View my profile on LinkedIn]
 http://www.linkedin.com/in/gliderflyer

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 11:54 PM, E.S. Rosenberg
esr+linux...@g.jct.ac.il wrote:
 I think we need to reset here for a minute...

 Is your goal to connect to a machine with a IP on a private range where
 there exists a gateway machine or router with a (known) public IP?
 In that case the solution is very simple: port-forwarding
 However I would not do that without also running fail2ban and maybe also
 fwknop so that evil SSH traffic would have a harder time at getting at my
 server.

 Or is your goal to connect to a machine reachable via a dynamic IP and you
 have a machine with a fixed IP that you can route via?
 In that case solutions are more complex, most of the solutions above related
 to that scenario I think.
it is not even a dynamic ip, it is a private ip behind a dynamic one

 So please clear up for us what your exact goal is.
 Regards,
 Eliyahu - אליהו


 2014-07-20 18:46 GMT+03:00 Erez D erez0...@gmail.com:

 On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg e...@g.jct.ac.il wrote:
  You can have something running on the machine you want to SSH to that
  updates the machine with a fixed IP what its' IP is and have a firewall
  rule
  or some other way to redirect specific traffic like for instance traffic
  to
  TCP:2 from that machine to the IP that it was updated to be
 
 still do not understand what you mean, and how it will let me connect
 to a machine with a private ip
 
  2014-07-20 14:33 GMT+03:00 Erez D erez0...@gmail.com:
 
  On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
  linux...@didi.bardavid.org wrote:
   If you just want an ssh connection you can simply redirect connection
   attempts to some port on the
   Internet-accessible machine to port 22 on the private-ip one - using
   whatever tool that fits you best -
   iptables, xinetd, redir, probably many others.
   --
   Didi
 
  i do not understand what do you mean
  
  
   2014-07-20 13:31 GMT+03:00 Erez D erez0...@gmail.com:
  
   looks a little complicated - extra ssh server, firewall with port
   knocking
   all this for a ssh connection ...
  
   On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe
   ra...@rabin.io
   wrote:
you can add a port-knocking tool like fwknop to add a dynamic rule
to
forward your connection into the privet machine.
   
--
Rabin
   
   
On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com
wrote:
   
On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan
kaplanl...@gmail.com
wrote:
 Didn't check it, but login in with a user who has /bin/true
 might
 do
 the
 trick.
you are correct, it works.
however it is still a security risk, as this means the client may
listen on unused port ...
   

 Kaplan


 On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com
 wrote:

 On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan
 kaplanl...@gmail.com
 wrote:
  ssh itself ?
 
  http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
 nice, however this requires me to give access to my server,
 which
 i
 do
 not want ...
 (or, can i give people permission to ssh to my server only for
 reverse
 tunnels and no shell ?)

 
  Kaplan
 
 
  On Sun, Jul 20, 2014 at 11:36 AM, Erez D
  erez0...@gmail.com
  wrote:
 
  hello
 
  i have a linux machine with a private ip connected to the
  internet
  i have a public ip and need to ssh to the linux box
 
  any tools for that ?
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 


   
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
   
   
  
   ___
   Linux-il mailing list
   Linux-il@cs.huji.ac.il
   http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
  
  
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

reverse ssh

[Erez D]

hello

i have a linux machine with a private ip connected to the internet
i have a public ip and need to ssh to the linux box

any tools for that ?

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com wrote:
 ssh itself ?

 http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
nice, however this requires me to give access to my server, which i do
not want ...
(or, can i give people permission to ssh to my server only for reverse
tunnels and no shell ?)


 Kaplan


 On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote:

 hello

 i have a linux machine with a private ip connected to the internet
 i have a public ip and need to ssh to the linux box

 any tools for that ?

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com wrote:
 Didn't check it, but login in with a user who has /bin/true might do the
 trick.
you are correct, it works.
however it is still a security risk, as this means the client may
listen on unused port ...


 Kaplan


 On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote:

 On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com
 wrote:
  ssh itself ?
 
  http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
 nice, however this requires me to give access to my server, which i do
 not want ...
 (or, can i give people permission to ssh to my server only for reverse
 tunnels and no shell ?)

 
  Kaplan
 
 
  On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote:
 
  hello
 
  i have a linux machine with a private ip connected to the internet
  i have a public ip and need to ssh to the linux box
 
  any tools for that ?
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

looks a little complicated - extra ssh server, firewall with port knocking
all this for a ssh connection ...

On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io wrote:
 you can add a port-knocking tool like fwknop to add a dynamic rule to
 forward your connection into the privet machine.

 --
 Rabin


 On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote:

 On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com
 wrote:
  Didn't check it, but login in with a user who has /bin/true might do the
  trick.
 you are correct, it works.
 however it is still a security risk, as this means the client may
 listen on unused port ...

 
  Kaplan
 
 
  On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote:
 
  On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com
  wrote:
   ssh itself ?
  
   http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
  nice, however this requires me to give access to my server, which i do
  not want ...
  (or, can i give people permission to ssh to my server only for reverse
  tunnels and no shell ?)
 
  
   Kaplan
  
  
   On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com wrote:
  
   hello
  
   i have a linux machine with a private ip connected to the internet
   i have a public ip and need to ssh to the linux box
  
   any tools for that ?
  
   ___
   Linux-il mailing list
   Linux-il@cs.huji.ac.il
   http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
  
  
 
 

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
linux...@didi.bardavid.org wrote:
 If you just want an ssh connection you can simply redirect connection
 attempts to some port on the
 Internet-accessible machine to port 22 on the private-ip one - using
 whatever tool that fits you best -
 iptables, xinetd, redir, probably many others.
 --
 Didi

i do not understand what do you mean


 2014-07-20 13:31 GMT+03:00 Erez D erez0...@gmail.com:

 looks a little complicated - extra ssh server, firewall with port knocking
 all this for a ssh connection ...

 On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io
 wrote:
  you can add a port-knocking tool like fwknop to add a dynamic rule to
  forward your connection into the privet machine.
 
  --
  Rabin
 
 
  On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote:
 
  On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com
  wrote:
   Didn't check it, but login in with a user who has /bin/true might do
   the
   trick.
  you are correct, it works.
  however it is still a security risk, as this means the client may
  listen on unused port ...
 
  
   Kaplan
  
  
   On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com wrote:
  
   On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan kaplanl...@gmail.com
   wrote:
ssh itself ?
   
http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
   nice, however this requires me to give access to my server, which i
   do
   not want ...
   (or, can i give people permission to ssh to my server only for
   reverse
   tunnels and no shell ?)
  
   
Kaplan
   
   
On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com
wrote:
   
hello
   
i have a linux machine with a private ip connected to the
internet
i have a public ip and need to ssh to the linux box
   
any tools for that ?
   
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
   
   
  
  
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg e...@g.jct.ac.il wrote:
 You can have something running on the machine you want to SSH to that
 updates the machine with a fixed IP what its' IP is and have a firewall rule
 or some other way to redirect specific traffic like for instance traffic to
 TCP:2 from that machine to the IP that it was updated to be

still do not understand what you mean, and how it will let me connect
to a machine with a private ip

 2014-07-20 14:33 GMT+03:00 Erez D erez0...@gmail.com:

 On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
 linux...@didi.bardavid.org wrote:
  If you just want an ssh connection you can simply redirect connection
  attempts to some port on the
  Internet-accessible machine to port 22 on the private-ip one - using
  whatever tool that fits you best -
  iptables, xinetd, redir, probably many others.
  --
  Didi

 i do not understand what do you mean
 
 
  2014-07-20 13:31 GMT+03:00 Erez D erez0...@gmail.com:
 
  looks a little complicated - extra ssh server, firewall with port
  knocking
  all this for a ssh connection ...
 
  On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe ra...@rabin.io
  wrote:
   you can add a port-knocking tool like fwknop to add a dynamic rule to
   forward your connection into the privet machine.
  
   --
   Rabin
  
  
   On Sun, Jul 20, 2014 at 12:16 PM, Erez D erez0...@gmail.com wrote:
  
   On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan kaplanl...@gmail.com
   wrote:
Didn't check it, but login in with a user who has /bin/true might
do
the
trick.
   you are correct, it works.
   however it is still a security risk, as this means the client may
   listen on unused port ...
  
   
Kaplan
   
   
On Sun, Jul 20, 2014 at 12:03 PM, Erez D erez0...@gmail.com
wrote:
   
On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan
kaplanl...@gmail.com
wrote:
 ssh itself ?

 http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
nice, however this requires me to give access to my server, which
i
do
not want ...
(or, can i give people permission to ssh to my server only for
reverse
tunnels and no shell ?)
   

 Kaplan


 On Sun, Jul 20, 2014 at 11:36 AM, Erez D erez0...@gmail.com
 wrote:

 hello

 i have a linux machine with a private ip connected to the
 internet
 i have a public ip and need to ssh to the linux box

 any tools for that ?

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


   
   
  
   ___
   Linux-il mailing list
   Linux-il@cs.huji.ac.il
   http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
  
  
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: diff/patch rootfs

[Erez D]

On Thu, Jul 10, 2014 at 4:50 PM, Amos Shapira amos.shap...@gmail.com
wrote:

 How about rsync's --only-write-batch/--read-batch?


great
this is the closest as it gets to what i wanted
only caveat, is that if the system is modified, it will not merge like
'patch' does
however, i can live with this

thanks,
erez.




 On 10 July 2014 18:55, Erez D erez0...@gmail.com wrote:

 to make it clear:
 i need to compare two directory trees - old and new, both holds files,
 binaries, special files, symbolic and hard links. and create a patch
 file

 than, on another system which has a copy of the old dir tree (and
 possible some modifications), i need to patch it to make it a 'new'

 what i would like to have is somthing like rsync, which can create a
 diff file ...

 On Thu, Jul 10, 2014 at 10:39 AM, Rabin Yasharzadehe ra...@rabin.io
 wrote:
  I was just about to write the same suggesting,
  on my current Android ROM (OmniROM) i have update system called
 OpenDelta
  which use xdelta to create the the update images.
 
  you can look at the code in github -
  https://github.com/omnirom/android_packages_apps_OpenDelta
 
  --
  Rabin
 
 
  On Thu, Jul 10, 2014 at 10:34 AM, shimi linux...@shimi.net wrote:
 
  On Thu, Jul 10, 2014 at 9:08 AM, Erez D erez0...@gmail.com wrote:
 
  hello
 
 
  i am dealing with rootfs images  i install on embedded linux
 
  from time to time i update the rootfs - add some file, remove other,
  update others, mknod etc ...
 
  currently, when i do this, i need to reinstall the image
 
  i am looking to create a patch, i can patch an old rootfs to update it
 
  however, diff does not handle create file, remove file, special files
  and binary files very well
 
  i am looking for a tool that can do that.
 
  anyone ?
 
 
 
  If modifying an _image_ is your purpose, and you want to avoid
  distributing the whole image, and you can do that 'offline' (i.e. you
 have
  two partitions, one active, second for upgrade and boot from - so you
 don't
  touch a system with a mounted filesystem), and you have your way to
 manage
  this versioning (i.e. you know for a fact what the previous image blob
 is,
  so what you need is really the blocks that changed from it) - maybe
 take a
  look at http://xdelta.org/
 
  -- Shimi
 
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
  [image: View my profile on LinkedIn]
 http://www.linkedin.com/in/gliderflyer

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

diff/patch rootfs

[Erez D]

hello


i am dealing with rootfs images  i install on embedded linux

from time to time i update the rootfs - add some file, remove other,
update others, mknod etc ...

currently, when i do this, i need to reinstall the image

i am looking to create a patch, i can patch an old rootfs to update it

however, diff does not handle create file, remove file, special files
and binary files very well

i am looking for a tool that can do that.

anyone ?


btw: distro is emdebian/debian on armel

thanks,
erez.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: diff/patch rootfs

[Erez D]

On Thu, Jul 10, 2014 at 9:54 AM, Oleg Goldshmidt p...@goldshmidt.org wrote:
 Erez D erez0...@gmail.com writes:

 hello

 i am dealing with rootfs images  i install on embedded linux

 from time to time i update the rootfs - add some file, remove other,
 update others, mknod etc ...

 currently, when i do this, i need to reinstall the image

 i am looking to create a patch, i can patch an old rootfs to update it

 however, diff does not handle create file, remove file, special files
 and binary files very well

 i am looking for a tool that can do that.

 anyone ?

 btw: distro is emdebian/debian on armel

 Proper (IMHO) solution - package your updates (in .deb in your case, I
 presume). This includes modifying existing packages if you need to roll
 your own stuff - to avoid clashes.
interesting idea, altough seems trivial, it never came into mind
however:
1. will take a lot of work (note that i overwrite some of debian's
file with my own, and will need to resove this)
2. will be a big patch (and i pay by the byte, have low flash/ram. and
must be done offline)

currently i need something simpler, which will be small, offline


 Barring that, rsync is the first thing that comes to my mind.
that was my first idea, however it need to be done offline.
searched to see if rsync creates diffs,  and never found any info about this ...


 I assume I don't need to remind you to be very, very careful, especially
 with --delete. ;-)
sure

 I suppose if you screw up an update you can still reinstall as today,
 right?
yes, if i have access to the product (which is not always true)


 Possible enhancements (going on a tangent here):

 I don't know your circumstances, nor am I familiar with emdebian, but
 personally I'd prefer to get as much as possible packaged from the
 distro and not touch rootfs by hand, and keep my own stuff on a separate
 partition (that I can clobber, e.g., with rsync, even multiple times if
 things go wrong).
no problems with emdebian

 I realize this may not be an option, so back to rootfs. Have you
 considered having 2 partitions side-by-side and swapping old for new
 (that you have, e.g., rsync'ed, etc.) with the possibility of rolling
 back?  Once new is running you can update old, too, if it is needed to
 prepare for the next upgrade. The second partition will cost you some
 space, of course...

think of a software patch to a filesystem, like (god forbid ;-)
windows-update ;-)


 --
 Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: diff/patch rootfs

[Erez D]

to make it clear:
i need to compare two directory trees - old and new, both holds files,
binaries, special files, symbolic and hard links. and create a patch
file

than, on another system which has a copy of the old dir tree (and
possible some modifications), i need to patch it to make it a 'new'

what i would like to have is somthing like rsync, which can create a
diff file ...

On Thu, Jul 10, 2014 at 10:39 AM, Rabin Yasharzadehe ra...@rabin.io wrote:
 I was just about to write the same suggesting,
 on my current Android ROM (OmniROM) i have update system called OpenDelta
 which use xdelta to create the the update images.

 you can look at the code in github -
 https://github.com/omnirom/android_packages_apps_OpenDelta

 --
 Rabin


 On Thu, Jul 10, 2014 at 10:34 AM, shimi linux...@shimi.net wrote:

 On Thu, Jul 10, 2014 at 9:08 AM, Erez D erez0...@gmail.com wrote:

 hello


 i am dealing with rootfs images  i install on embedded linux

 from time to time i update the rootfs - add some file, remove other,
 update others, mknod etc ...

 currently, when i do this, i need to reinstall the image

 i am looking to create a patch, i can patch an old rootfs to update it

 however, diff does not handle create file, remove file, special files
 and binary files very well

 i am looking for a tool that can do that.

 anyone ?



 If modifying an _image_ is your purpose, and you want to avoid
 distributing the whole image, and you can do that 'offline' (i.e. you have
 two partitions, one active, second for upgrade and boot from - so you don't
 touch a system with a mounted filesystem), and you have your way to manage
 this versioning (i.e. you know for a fact what the previous image blob is,
 so what you need is really the blocks that changed from it) - maybe take a
 look at http://xdelta.org/

 -- Shimi


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Erez D]

On Tue, May 20, 2014 at 12:13 PM, Erez D erez0...@gmail.com wrote:
 ok, it now works
 /proc/sys/fs/binfmt_misc/qemu-arm was missing,
 internet searc told me to look for 'binfmt-support' pkg, however i
 could not find none for centos6
 so as chrooted systems share the same kernel (just need to mount /proc
 under the chroot dir), I chroot to my wheezy_i686 (i have some chroots
 for testing other disros), and there i did apt-get install
 binfmt-support qemu-user-static, and update-binfmts --display

 now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again


 (i do not know if this is permenent or will require redoing after
 reboot), but i will check it at next reboot (somthing like in 6 months
 ;-)

it seems that it not permamenent.
my chroot has a /etc/init.d/binfmt-support script which makes it permanent,
however i do not boot the chroot system ;-)
so i added the following line to rc.local :
chroot /home/chroot/wheezy_i686/  /etc/init.d/binfmt-support start

now it is permenent
(i wish centos had this package so i wouldn't have to deal with such hacks).


 thanks
 erez

 On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen tzaf...@cohens.org.il wrote:
 On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote:
 I am using centos 6 and  developing for an armel platform

 i created a rootfs using multistrap/debbootstrap

 i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static

 There's something missing from your description. I suspect you forgot to
 mention it: debootstrap's run can be broken to two parts: one that
 downloads everything, and the second stage that needs to run inside the
 chroot. In that case:

   debootstrap --foreign [--arch=] [rest of parameters]
   chroot to/chroot
   ./debootstrap --second-stage

 At least in Debian, the package qemu-user-static includes the wrapper
 qemu-debootstrap to do just that, and also copy the required
 qemu-user-static.


 and i was astonished that doing just 'chroot rootfs' worked, without
 explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
 automatically to run everything under qemu-arm-static without me telling it
 to.


 after a restart of the server. rootfs does not work anymore automatically,
 i get a chroot: failed to run command `/bin/bash': Exec format error
 doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but
 i get : bash: /bin/cat: cannot execute binary file (although
 rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target).
 i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok

 A chroot does not replace the kernel. It's running on your kernel and
 that kernel does not natively support the armel binaries.

 In Debian, the package qemu-user-static registers foreign Linux ELF
 formats. So maybe you forgot this is needed. Specifically:

 $ cat /proc/sys/fs/binfmt_misc/qemu-arm
 enabled
 interpreter /usr/bin/qemu-arm-static
 flags:
 offset 0
 magic 7f454c460101010002002800
 mask ff00feff

 --
 Tzafrir Cohen | tzaf...@jabber.org | VIM is
 http://tzafrir.org.il || a Mutt's
 tzaf...@cohens.org.il ||  best
 tzaf...@debian.org|| friend

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

thanks

On Tue, Jun 10, 2014 at 11:50 AM, Rabin Yasharzadehe ra...@rabin.io wrote:
 not a answer, but you can try and use the log option to debug your conf
 file,
 and make sure each function return what you expecting it to return.

 also you have tools like dhcping  dhcpdump
 which can help you debug the problem.

 --
 Rabin


 On Mon, Jun 9, 2014 at 10:14 AM, Erez D erez0...@gmail.com wrote:

 i'm trying to match ip to macs


 e.g.:
 mac 00:11:22:33:44:01 - 10.0.5.1
 mac 00:11:22:33:44:02 - 10.0.5.2
 mac 00:11:22:33:44:03 - 10.0.5.3
 mac 00:11:22:33:44:04 - 10.0.5.4



 it does not seem to work
 is it possible to do that ?


 highlights of dhcpd.conf:

 class vm {
 match if binary-to-ascii (16,8,:,substring(hardware, 1, 5)) =
 0:11:22:33:44;
 set lastMacByte=binary-to-ascii (10,8,:,substring(hardware, 6, 1);
 set vmName=concat(VM-,lastMacByte);
 set vmIp=concat(10.0.5.,lastMacByte);
 }

 and

 host vmName {
   fixed-address vmIp;
 }

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

advanced dhcpd.conf

[Erez D]

i'm trying to match ip to macs


e.g.:
mac 00:11:22:33:44:01 - 10.0.5.1
mac 00:11:22:33:44:02 - 10.0.5.2
mac 00:11:22:33:44:03 - 10.0.5.3
mac 00:11:22:33:44:04 - 10.0.5.4



it does not seem to work
is it possible to do that ?


highlights of dhcpd.conf:

class vm {
match if binary-to-ascii (16,8,:,substring(hardware, 1, 5)) = 0:11:22:33:44;
set lastMacByte=binary-to-ascii (10,8,:,substring(hardware, 6, 1);
set vmName=concat(VM-,lastMacByte);
set vmIp=concat(10.0.5.,lastMacByte);
}

and

host vmName {
  fixed-address vmIp;
}

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

On Mon, Jun 9, 2014 at 10:33 AM, geoffrey mendelson
geoffreymendel...@gmail.com wrote:
 On 6/9/2014 10:14 AM, Erez D wrote:

 i'm trying to match ip to macs


 e.g.:
 mac 00:11:22:33:44:01 - 10.0.5.1
 mac 00:11:22:33:44:02 - 10.0.5.2
 mac 00:11:22:33:44:03 - 10.0.5.3
 mac 00:11:22:33:44:04 - 10.0.5.4



 it does not seem to work
 is it possible to do that ?


 highlights of dhcpd.conf:

 class vm {
 match if binary-to-ascii (16,8,:,substring(hardware, 1, 5)) =
 0:11:22:33:44;
 set lastMacByte=binary-to-ascii (10,8,:,substring(hardware, 6, 1);
 set vmName=concat(VM-,lastMacByte);
 set vmIp=concat(10.0.5.,lastMacByte);
 }



 Is this what you want?

 host danny3
 {
 fixed-address danny3;
 hardware ethernet  00:11:95:8e:8d:80;
  option host-name danny3;
 }

 dann3 resolves to the IP address I want.

 Geoff.

no, i want:
host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
...
host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address 10.0.5.254 }

 --
 Geoffrey S. Mendelson 4X1GM/N3OWJ
 Jerusalem Israel.


 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

On Mon, Jun 9, 2014 at 10:31 PM, shimi linux...@shimi.net wrote:
 On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote:

 no, i want:
 host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
 host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
 host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
 ...
 host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
 10.0.5.254 }


 If it doesn't work out...

 php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0',
 STR_PAD_LEFT). { hardware ethernet 00:11:22:33:44:.str_pad(dechex($id), 2,
 '0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;'

 -- Shimi
thanks.
i didn't want to do this that way

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

On Tue, Jun 10, 2014 at 12:11 AM, Amos Shapira amos.shap...@gmail.com wrote:
 Yup.
 Or do what we did at my workplace and use puppet to maintain (and generate,
 if needed) the configuration.

just buy a cow for a cup of milk ;-)
 On 10 Jun 2014 05:33, shimi linux...@shimi.net wrote:

 On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote:

 no, i want:
 host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1
 }
 host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2
 }
 host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3
 }
 ...
 host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
 10.0.5.254 }


 If it doesn't work out...

 php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0',
 STR_PAD_LEFT). { hardware ethernet 00:11:22:33:44:.str_pad(dechex($id), 2,
 '0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;'

 -- Shimi

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

partly OT: notification of url when connecting to open wifi

[Erez D]

this is partially off topic

some times when i connect to open wifi on aitports, my phone (android)
gives me a notification of a site i need to go to, and if i click on
it, it opens a browser with a predefined URL


i was wandering - is that part of an RFC or standard ?


10x
erez.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

On Mon, May 26, 2014 at 10:18 AM, Rabin Yasharzadehe ra...@rabin.io wrote:
 I think it's the same/some implementation of Google chrome to check if you
 are behind a proxy and have access to the internet.

 https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup

Thanks, i'll look into this. however this is done without me opening a
browser or searching
i just select a wireless network, and immediatly i get a notification

 --
 Rabin


 On Mon, May 26, 2014 at 10:11 AM, Erez D erez0...@gmail.com wrote:

 this is partially off topic

 some times when i connect to open wifi on aitports, my phone (android)
 gives me a notification of a site i need to go to, and if i click on
 it, it opens a browser with a predefined URL


 i was wandering - is that part of an RFC or standard ?


 10x
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il wrote:
 Hi Erez,
 No. The ability to configure a payment/authentication gateway is a router
 feature. I worked on this feature for Alvarion's WBSn. Every router designer
 develops their own feature.

can you elaborate ?

  - yba


 On Mon, 26 May 2014, Erez D wrote:

 Date: Mon, 26 May 2014 10:11:54 +0300
 From: Erez D erez0...@gmail.com
 To: linux-il linux-il@cs.huji.ac.il
 Subject: partly OT: notification of url when connecting to open wifi


 this is partially off topic

 some times when i connect to open wifi on aitports, my phone (android)
 gives me a notification of a site i need to go to, and if i click on
 it, it opens a browser with a predefined URL


 i was wandering - is that part of an RFC or standard ?


 10x
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
 =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

thanks,

however, that not what i ment

i was only asking how it generated a notification on my phone without
me opening a browser
i do not want to restrict access to anything

thanks,
erez.
On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham y...@tkos.co.il wrote:
 Hi Erez,
 For each AP you need to maintain a table of client connections that are
 accepted, meaning that the client has presented some type of credential or
 payment or whatever.

 Packets from clients that are not accepted are routed to some authentication
 or payment gateway, with possible port translation.

 The accepted client table does not have to be on the AP itself. It is
 usually held in a RADIUS server upstream. The authentication gateway also
 does not need to be on the AP itself. It can be upstream and does not have
 to be the same as the RADIUS server. You can also have more than one payment
 gateway but use the same RADIUS server.

 That, in a nutshell is how it is done. There's a lot of netfilter/iptables
 smoke an mirrors going on on the AP.


  - yba


 On Mon, 26 May 2014, Erez D wrote:

 Date: Mon, 26 May 2014 10:26:52 +0300
 From: Erez D erez0...@gmail.com
 To: Jonathan Ben Avraham y...@tkos.co.il
 Cc: linux-il linux-il@cs.huji.ac.il
 Subject: Re: partly OT: notification of url when connecting to open wifi


 On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il
 wrote:

 Hi Erez,
 No. The ability to configure a payment/authentication gateway is a router
 feature. I worked on this feature for Alvarion's WBSn. Every router
 designer
 develops their own feature.


 can you elaborate ?


  - yba


 On Mon, 26 May 2014, Erez D wrote:

 Date: Mon, 26 May 2014 10:11:54 +0300
 From: Erez D erez0...@gmail.com
 To: linux-il linux-il@cs.huji.ac.il
 Subject: partly OT: notification of url when connecting to open wifi


 this is partially off topic

 some times when i connect to open wifi on aitports, my phone (android)
 gives me a notification of a site i need to go to, and if i click on
 it, it opens a browser with a predefined URL


 i was wandering - is that part of an RFC or standard ?


 10x
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
 Systems
 =} Jonathan Ben-Avraham (yba)
 --ooO--U--Ooo{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
 skype:benavrhm



 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
 =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

On Mon, May 26, 2014 at 12:29 PM, Rabin Yasharzadehe ra...@rabin.io wrote:
 the code is in the first answer


 http://stackoverflow.com/questions/13958614/how-to-check-for-unrestricted-internet-access-captive-portal-detection

nice,
now i know the term is called walled garden or captive portal

do if i understand correctly,
android expect a captive portal to return a redirect, and so generates
a notification with the redirect url ?


 --
 Rabin


 On Mon, May 26, 2014 at 11:51 AM, Erez D erez0...@gmail.com wrote:

 thanks,

 however, that not what i ment

 i was only asking how it generated a notification on my phone without
 me opening a browser
 i do not want to restrict access to anything

 thanks,
 erez.
 On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham y...@tkos.co.il
 wrote:
  Hi Erez,
  For each AP you need to maintain a table of client connections that are
  accepted, meaning that the client has presented some type of
  credential or
  payment or whatever.
 
  Packets from clients that are not accepted are routed to some
  authentication
  or payment gateway, with possible port translation.
 
  The accepted client table does not have to be on the AP itself. It is
  usually held in a RADIUS server upstream. The authentication gateway
  also
  does not need to be on the AP itself. It can be upstream and does not
  have
  to be the same as the RADIUS server. You can also have more than one
  payment
  gateway but use the same RADIUS server.
 
  That, in a nutshell is how it is done. There's a lot of
  netfilter/iptables
  smoke an mirrors going on on the AP.
 
 
   - yba
 
 
  On Mon, 26 May 2014, Erez D wrote:
 
  Date: Mon, 26 May 2014 10:26:52 +0300
  From: Erez D erez0...@gmail.com
  To: Jonathan Ben Avraham y...@tkos.co.il
  Cc: linux-il linux-il@cs.huji.ac.il
  Subject: Re: partly OT: notification of url when connecting to open
  wifi
 
 
  On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il
  wrote:
 
  Hi Erez,
  No. The ability to configure a payment/authentication gateway is a
  router
  feature. I worked on this feature for Alvarion's WBSn. Every router
  designer
  develops their own feature.
 
 
  can you elaborate ?
 
 
   - yba
 
 
  On Mon, 26 May 2014, Erez D wrote:
 
  Date: Mon, 26 May 2014 10:11:54 +0300
  From: Erez D erez0...@gmail.com
  To: linux-il linux-il@cs.huji.ac.il
  Subject: partly OT: notification of url when connecting to open wifi
 
 
  this is partially off topic
 
  some times when i connect to open wifi on aitports, my phone
  (android)
  gives me a notification of a site i need to go to, and if i click on
  it, it opens a browser with a predefined URL
 
 
  i was wandering - is that part of an RFC or standard ?
 
 
  10x
  erez.
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
 
 
  --
   9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
  Systems
  =} Jonathan Ben-Avraham (yba)
  --ooO--U--Ooo{=
  mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
  skype:benavrhm
 
 
 
  --
   9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
  Systems
  =} Jonathan Ben-Avraham (yba)
  --ooO--U--Ooo{=
  mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
  skype:benavrhm

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

Jonathan, if we are talking about walled garden/captive portal
implementation under linux, i'll take the opportunity to ask something
related.

how does the AP redirect every web access to the login page (for non
accepted clients)
i guess using a transparent proxy with a redirection page, am i correct ?
if i am correct, i would like to know:
1. does the AP allow real DNS access, or does it return the IP of the
AP for every dns query. (and if so what about DNS cache ?)
2. what webserver/proxy is used to return the same redirect answer
to every requested url


On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham y...@tkos.co.il wrote:
 Hi Erez,
 For each AP you need to maintain a table of client connections that are
 accepted, meaning that the client has presented some type of credential or
 payment or whatever.

 Packets from clients that are not accepted are routed to some authentication
 or payment gateway, with possible port translation.

 The accepted client table does not have to be on the AP itself. It is
 usually held in a RADIUS server upstream. The authentication gateway also
 does not need to be on the AP itself. It can be upstream and does not have
 to be the same as the RADIUS server. You can also have more than one payment
 gateway but use the same RADIUS server.

 That, in a nutshell is how it is done. There's a lot of netfilter/iptables
 smoke an mirrors going on on the AP.


  - yba


 On Mon, 26 May 2014, Erez D wrote:

 Date: Mon, 26 May 2014 10:26:52 +0300
 From: Erez D erez0...@gmail.com
 To: Jonathan Ben Avraham y...@tkos.co.il
 Cc: linux-il linux-il@cs.huji.ac.il
 Subject: Re: partly OT: notification of url when connecting to open wifi


 On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham y...@tkos.co.il
 wrote:

 Hi Erez,
 No. The ability to configure a payment/authentication gateway is a router
 feature. I worked on this feature for Alvarion's WBSn. Every router
 designer
 develops their own feature.


 can you elaborate ?


  - yba


 On Mon, 26 May 2014, Erez D wrote:

 Date: Mon, 26 May 2014 10:11:54 +0300
 From: Erez D erez0...@gmail.com
 To: linux-il linux-il@cs.huji.ac.il
 Subject: partly OT: notification of url when connecting to open wifi


 this is partially off topic

 some times when i connect to open wifi on aitports, my phone (android)
 gives me a notification of a site i need to go to, and if i click on
 it, it opens a browser with a predefined URL


 i was wandering - is that part of an RFC or standard ?


 10x
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
 Systems
 =} Jonathan Ben-Avraham (yba)
 --ooO--U--Ooo{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
 skype:benavrhm



 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
 =} Jonathan Ben-Avraham (yba) --ooO--U--Ooo{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

Do you know what linux software can be used to proxy dns for some
clients, resolve everything to a predetermained IP to other clients ?

can dnsmasq do that ? other open software ?

On Tue, May 27, 2014 at 5:56 AM, Guy Gold guy1g...@gmail.com wrote:
 On Mon, May 26, 2014 at 7:25 PM, Amos Shapira amos.shap...@gmail.com
 wrote:

 Yes I think we got this. I'm not the OP bit I wonder what can an AP admin
 do to configure it in a way which triggers this OS smarts on the client.

 At least, on my part, configuring our WiFi AP concentrator, I did nothing in
 order to make that happen, I configured the captive portal web page, but not
 more than that, which leads my believe it's an OS feature, rather then AP
 feature. (just my opinion though, no proof).
 The unit in production is an Enterasys C-25.

 As for how the Captive works, in our case,  it allows any client :53
 traffic, and blocks any other traffic,  also, it  resolves  any DNS query to
 to its own captive portal address, once a client (identified by MAC)
 authenticates, it then  stops the forced resolution to its own address,  and
 lets :53 and all  traffic through, to real Name Servers and the www.



 --
 Guy Gold

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

qemu and chroot

[Erez D]

I am using centos 6 and  developing for an armel platform

i created a rootfs using multistrap/debbootstrap

i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static

and i was astonished that doing just 'chroot rootfs' worked, without
explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
automatically to run everything under qemu-arm-static without me telling it
to.


after a restart of the server. rootfs does not work anymore automatically,
i get a chroot: failed to run command `/bin/bash': Exec format error
doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but
i get : bash: /bin/cat: cannot execute binary file (although
rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target).
i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok

i mounted the rootfs on the armel target using nfs, and chrooted from the
target, and it works perfectly, meaning there is nothing wrong with the
rootfs filesystem

as it wonderously worked, now it wonerously  doesn't

tryed googleling for it , but still cant find how to make it work

any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Erez D]

On Tue, May 20, 2014 at 9:24 AM, Baruch Siach bar...@tkos.co.il wrote:

 Hi Erez,

 On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote:
  I am using centos 6 and  developing for an armel platform
 
  i created a rootfs using multistrap/debbootstrap
 
  i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static

 Is this QEMU built for your host (presumably x86) or your target (ARM)?

obviously for my host


 Do you really need to run QEMU on your target?

no, my target runs armel natively, my host uses qemu-arm for that


  and i was astonished that doing just 'chroot rootfs' worked, without
  explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
  automatically to run everything under qemu-arm-static without me telling
 it
  to.
 
  after a restart of the server. rootfs does not work anymore
 automatically,
  i get a chroot: failed to run command `/bin/bash': Exec format error
  doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but
  i get : bash: /bin/cat: cannot execute binary file (although
  rootfs/bin/cat is a perfectly ok armel binary, tested on the armel
 target).
  i also checked the md5sum of the rootfs/qemu-arm-static binary, and it
 is ok
 
  i mounted the rootfs on the armel target using nfs, and chrooted from the
  target, and it works perfectly, meaning there is nothing wrong with the
  rootfs filesystem

 Chrooted from what target? Is it a hardware ARM system? QEMU?

my target is armel and it chrooted to rootfs dir and ran the armel code
natively,just to show that the rootfs a valid armel rootfs.


 baruch

  as it wonderously worked, now it wonerously  doesn't
 
  tryed googleling for it , but still cant find how to make it work
 
  any idea ?

 --
  http://baruch.siach.name/blog/  ~. .~   Tk Open
 Systems
 =}ooO--U--Ooo{=
- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Erez D]

ok, it now works
/proc/sys/fs/binfmt_misc/qemu-arm was missing,
internet searc told me to look for 'binfmt-support' pkg, however i
could not find none for centos6
so as chrooted systems share the same kernel (just need to mount /proc
under the chroot dir), I chroot to my wheezy_i686 (i have some chroots
for testing other disros), and there i did apt-get install
binfmt-support qemu-user-static, and update-binfmts --display

now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again


(i do not know if this is permenent or will require redoing after
reboot), but i will check it at next reboot (somthing like in 6 months
;-)

thanks
erez

On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen tzaf...@cohens.org.il wrote:
 On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote:
 I am using centos 6 and  developing for an armel platform

 i created a rootfs using multistrap/debbootstrap

 i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static

 There's something missing from your description. I suspect you forgot to
 mention it: debootstrap's run can be broken to two parts: one that
 downloads everything, and the second stage that needs to run inside the
 chroot. In that case:

   debootstrap --foreign [--arch=] [rest of parameters]
   chroot to/chroot
   ./debootstrap --second-stage

 At least in Debian, the package qemu-user-static includes the wrapper
 qemu-debootstrap to do just that, and also copy the required
 qemu-user-static.


 and i was astonished that doing just 'chroot rootfs' worked, without
 explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
 automatically to run everything under qemu-arm-static without me telling it
 to.


 after a restart of the server. rootfs does not work anymore automatically,
 i get a chroot: failed to run command `/bin/bash': Exec format error
 doing chroot rootfs /usr/bin/qemu-arm-static /bin/bash does chroot, but
 i get : bash: /bin/cat: cannot execute binary file (although
 rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target).
 i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok

 A chroot does not replace the kernel. It's running on your kernel and
 that kernel does not natively support the armel binaries.

 In Debian, the package qemu-user-static registers foreign Linux ELF
 formats. So maybe you forgot this is needed. Specifically:

 $ cat /proc/sys/fs/binfmt_misc/qemu-arm
 enabled
 interpreter /usr/bin/qemu-arm-static
 flags:
 offset 0
 magic 7f454c460101010002002800
 mask ff00feff

 --
 Tzafrir Cohen | tzaf...@jabber.org | VIM is
 http://tzafrir.org.il || a Mutt's
 tzaf...@cohens.org.il ||  best
 tzaf...@debian.org|| friend

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

ubi cloning

[Erez D]

Hi

i need to clone a nand flash. which has ubifs on it

doing 'dd' didn't work as the source and dest have different bad sectors.

is there an easy way to clone a ubifs nand-flash ?


thanks
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

On Mon, May 12, 2014 at 11:51 AM, Amos Shapira amos.shap...@gmail.comwrote:

 How about ddrescue (the GNU one I think, there are multiple
 implementations with same name) into an image file then try to fix the fs
 around the bad sectors?

 ubifs already handles the bad sectors, and i do not want to mess with it.


 On 12 May 2014 18:46, Erez D erez0...@gmail.com wrote:

  Hi

 i need to clone a nand flash. which has ubifs on it

 doing 'dd' didn't work as the source and dest have different bad sectors.

 is there an easy way to clone a ubifs nand-flash ?


 thanks
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
  [image: View my profile on LinkedIn]
 http://www.linkedin.com/in/gliderflyer

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

On Mon, May 12, 2014 at 12:05 PM, Baruch Siach bar...@tkos.co.il wrote:

 Hi Erez,

 On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote:
  i need to clone a nand flash. which has ubifs on it
 
  doing 'dd' didn't work as the source and dest have different bad sectors.

 dd is not the way to go with raw NAND flash access; it's not aware of bad
 blocks.

  is there an easy way to clone a ubifs nand-flash ?

 You may be able get a working system using nanddump/nandwrite (see
 http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but
 read
 the whole thread). Generally, tough, this is not what you want to do with
 UBI/UBIFS. You should use ubiformat on the target, and copy the content
 with
 tar. See http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat
 .

will tar preserve uid/gid hard links, special files, /dev extended attr etc
?


 baruch

 --
  http://baruch.siach.name/blog/  ~. .~   Tk Open
 Systems
 =}ooO--U--Ooo{=
- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

On Mon, May 12, 2014 at 12:28 PM, Baruch Siach bar...@tkos.co.il wrote:

 Hi Erez,

 On Mon, May 12, 2014 at 12:14:14PM +0300, Erez D wrote:
  On Mon, May 12, 2014 at 12:05 PM, Baruch Siach bar...@tkos.co.il
 wrote:
   On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote:
i need to clone a nand flash. which has ubifs on it
   
doing 'dd' didn't work as the source and dest have different bad
 sectors.
  
   dd is not the way to go with raw NAND flash access; it's not aware of
 bad
   blocks.
  
is there an easy way to clone a ubifs nand-flash ?
  
   You may be able get a working system using nanddump/nandwrite (see
   http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but
   read
   the whole thread). Generally, tough, this is not what you want to do
 with
   UBI/UBIFS. You should use ubiformat on the target, and copy the content
   with
   tar. See
 http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat
 
  will tar preserve uid/gid hard links, special files, /dev

 Yes, by default.

  extended attr etc ?

 Yes. Use --xattrs.

 baruch


thanks, i'll try that.

can I ubiformat + untar from u-boot ?


 --
  http://baruch.siach.name/blog/  ~. .~   Tk Open
 Systems
 =}ooO--U--Ooo{=
- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

thanks for your help


On Mon, May 12, 2014 at 2:53 PM, Baruch Siach bar...@tkos.co.il wrote:

 Hi Erez,

 On Mon, May 12, 2014 at 02:14:34PM +0300, Erez D wrote:
  On Mon, May 12, 2014 at 12:28 PM, Baruch Siach bar...@tkos.co.il
 wrote:
   On Mon, May 12, 2014 at 12:14:14PM +0300, Erez D wrote:
On Mon, May 12, 2014 at 12:05 PM, Baruch Siach bar...@tkos.co.il
   wrote:
 On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote:
  i need to clone a nand flash. which has ubifs on it
 
  doing 'dd' didn't work as the source and dest have different bad
   sectors.

 dd is not the way to go with raw NAND flash access; it's not aware
 of
   bad
 blocks.

  is there an easy way to clone a ubifs nand-flash ?

 You may be able get a working system using nanddump/nandwrite (see
 http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024,
 but
 read
 the whole thread). Generally, tough, this is not what you want to
 do
   with
 UBI/UBIFS. You should use ubiformat on the target, and copy the
 content
 with
 tar. See
   http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat
   
will tar preserve uid/gid hard links, special files, /dev
  
   Yes, by default.
  
extended attr etc ?
  
   Yes. Use --xattrs.
  
   baruch
 
  thanks, i'll try that.
 
  can I ubiformat + untar from u-boot ?

 I don't see support for either in mainline U-Boot. Barebox supports
 ubiformat
 but not tar extraction.

 Your best option is to boot into RAM using a kernel combined with a minimal
 Busybox based initramfs, and extract you tar from there. Note tough that
 Busybox tar does not support extended attributes, so you must use GNU tar
 for
 this. Buildroot can generate a minimal initramfs image for you quite
 easily.

 baruch

 --
  http://baruch.siach.name/blog/  ~. .~   Tk Open
 Systems
 =}ooO--U--Ooo{=
- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

strange ( * vs ./* )

[Erez D]

erez@homer:~$ grep pppd *
erez@homer:~$

however:

erez@homer:~$ grep pppd ./*
./chat.sh:pppd connect 'chat -v -s ABORT ERROR ABORT'

and:

erez@homer:~$ grep pppd chat.sh
pppd connect 'chat -v -s ABORT ERROR ABORT'

strange !!!



btw:
erez@homer:~$ echo $SHELL
/bin/bash
erez@homer:~$ cat /etc/issue
CentOS release 6.3 (Final)
Kernel \r on an \m
erez@homer:~$ uname -a
Linux homer 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ( * vs ./* )

[Erez D]

On Wed, Apr 9, 2014 at 1:17 PM, Matan Ziv-Av ma...@svgalib.org wrote:

 On Wed, 9 Apr 2014, Erez D wrote:

  erez@homer:~$ grep pppd *
 erez@homer:~$

 however:

 erez@homer:~$ grep pppd ./*
 ./chat.sh:pppd connect 'chat -v -s ABORT ERROR ABORT'


 Do you have a file whose name starts with a dash (-)?

 that was the issue.
i had a file called '-q' .
renaming it solved it

thanks.


 --
 Matan Ziv-Av. ma...@svgalib.org



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

strange mac address issue

[Erez D]

i have an embbeded linux board. connected a usb2eth (rj45), and through
that to the lan.

suprisingly, another usb2eth on another copy of the embedded board, has the
same mac address, and so i get conflicts on the network.

swapping different modules of usb2eth on the same board gives same mac
address.
I'll call this mac address 'Mac Address A'

so i wanted to see if linux is causing this issue. i tried to connect these
usb2eth on a win7 machine.

on win7, all of the usb2eth get the same mac address. however this is a
differnet mac address then the previous. i'll call it 'Mac Address B'

on another usb port on the same win7, i get 'Mac Address C'. again it does
not matter which usb2eth i use


All the usb2eth are idVendor=0fe6, idProduct=9700 (dm9601)
(although physically different)

any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

compiling one kernel tree + module from another tree

[Erez D]

Hi

i am cross compiling modules for kernel 3.6.9 for an arm embedded board
(comes with kernel but no modules).
however, i need a driver for 8188eu, which does not come with this kernel.

i downloaded a new kernel tree with 8188eu driver. it is not 3.6.9 so it
will not insmod if i compile it directly (what file holds the kernel
version ?)

i copied the subdir from kernel tree 2 to kernel tree 1, however do not
know how to configure the kernel to compile it
adding 'CONFIG_RTL8188EU=m' to .config and 'make modules' does not do it

how do i do that ?



thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

sending to same dest via different interfaces

[Erez D]

Hello


I have 2 external interfaces via two eth cards, both connected to the
internet

I want to send a udp packet to same host:port, but choose dynamically which
interface to use.

can this be done with linux, and how ?



10x
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sending to same dest via different interfaces

[Erez D]

On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote:

 Hello


 I have 2 external interfaces via two eth cards, both connected to the
 internet

 I want to send a udp packet to same host:port, but choose dynamically
 which interface to use.

 can this be done with linux, and how ?


i forgot to say that the pkt source is a c program. which i have the source
for.




 10x
 erez.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sending to same dest via different interfaces

[Erez D]

On Tue, Mar 4, 2014 at 11:05 AM, Elazar Leibovich elaz...@gmail.com wrote:

 use the SO_BINDTODEVICE setsockopt.

requires me to be root ...



 On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote:

 Hello


 I have 2 external interfaces via two eth cards, both connected to the
 internet

 I want to send a udp packet to same host:port, but choose dynamically
 which interface to use.

 can this be done with linux, and how ?



 10x
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sending to same dest via different interfaces

[Erez D]

On Tue, Mar 4, 2014 at 10:20 AM, shimi linux...@shimi.net wrote:

 First Google result for raw sending packet linux might help:
 http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/

this is raw ethernet. i want to use the udp stack, and also use other
interfaces other then ethernet (e.g. ppp)


 The other way is to do normal packets, and modify the kernel routing
 behavior in between (like with 'ip rule'...) - your choice which option to
 choose :)

1. need to be root
2. tried that. couldn't make it work with udp


 -- Shimi


 On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote:

  Hello


 I have 2 external interfaces via two eth cards, both connected to the
 internet

 I want to send a udp packet to same host:port, but choose dynamically
 which interface to use.

 can this be done with linux, and how ?



 10x
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: svn on debian chroot android

[Erez D]

On Feb 13, 2014 3:58 PM, Tzafrir Cohen tzaf...@cohens.org.il wrote:

 On Thu, Feb 13, 2014 at 11:09:37AM +0200, Erez D wrote:
  Hello
 
  i am trying to use svn on my chrooted android (chrooted with app called
  lil's debian)
 
  it seems i can not get network connection using a regular user. any svn
or
  wget command is returned with permission denied.
  however as root it works
 
  but doing 'sudo svn ...' generates files with root ownership. which
means i
  need to 'chown -R' after every update.
 
  so:
  1. is there a way to get internet access for a regular user ?
  2. is there a way to tell svn to create files with regular user
ownership
  but run as root

 Your kernel is paranoid:

 It has CONFIG_ANDROID_PARANOID_NETWORK set. To get network access, add
 your user to group 3003 (inet).

Thamks. I'll try that
 See http://elinux.org/Android_Security#Paranoid_network-ing


 --
 Tzafrir Cohen | tzaf...@jabber.org | VIM is
 http://tzafrir.org.il || a Mutt's
 tzaf...@cohens.org.il ||  best
 tzaf...@debian.org|| friend

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: svn on debian chroot android

[Erez D]

On Thu, Feb 13, 2014 at 8:24 PM, Erez D erez0...@gmail.com wrote:


 On Feb 13, 2014 3:58 PM, Tzafrir Cohen tzaf...@cohens.org.il wrote:
 
  On Thu, Feb 13, 2014 at 11:09:37AM +0200, Erez D wrote:
   Hello
  
   i am trying to use svn on my chrooted android (chrooted with app called
   lil's debian)
  
   it seems i can not get network connection using a regular user. any
 svn or
   wget command is returned with permission denied.
   however as root it works
  
   but doing 'sudo svn ...' generates files with root ownership. which
 means i
   need to 'chown -R' after every update.
  
   so:
   1. is there a way to get internet access for a regular user ?
   2. is there a way to tell svn to create files with regular user
 ownership
   but run as root
 
  Your kernel is paranoid:
 
  It has CONFIG_ANDROID_PARANOID_NETWORK set. To get network access, add
  your user to group 3003 (inet).
 
 Thamks. I'll try that

works


  See http://elinux.org/Android_Security#Paranoid_network-ing
 
 
  --
  Tzafrir Cohen | tzaf...@jabber.org | VIM is
  http://tzafrir.org.il || a Mutt's
  tzaf...@cohens.org.il ||  best
  tzaf...@debian.org|| friend
 
  ___
  Linux-il mailing list
  Linux-il@cs.huji.ac.il
  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

svn on debian chroot android

[Erez D]

Hello

i am trying to use svn on my chrooted android (chrooted with app called
lil's debian)

it seems i can not get network connection using a regular user. any svn or
wget command is returned with permission denied.
however as root it works

but doing 'sudo svn ...' generates files with root ownership. which means i
need to 'chown -R' after every update.

so:
1. is there a way to get internet access for a regular user ?
2. is there a way to tell svn to create files with regular user ownership
but run as root


thanks
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: time report tool

[Erez D]

however not all of my workers work on linux boxes, and command line may be
foreign for some, thats why i preffer a web interface ...

Thanks,
erez.


On Sun, Jan 12, 2014 at 9:04 PM, Steve Litt sl...@troubleshooters.comwrote:

 On Sun, 12 Jan 2014 15:08:13 +0200
 Erez D erez0...@gmail.com wrote:

  hello
 
  i'm looking for an open source tool, prefferebly web based tool, that
  employees can report what they have worked on (i.e. this and this
  time on that task etc ...)
 
  i need this so i can extract information for reporting to the mad'an
 
 
  thanks
  erez

 Hi Erez,

 I made a very simple one:

 http://www.troubleshooters.com/projects/tslips/

 Pros:
 * GPL/v2
 * Command interface, simple
 * Time file simple to parse and report
 * Can be front ended by UMENU or other menu software
 * Software is simple: Easily changed to your own needs
 * Survives reboots

 Cons:
 * Command interface, difficult for some users
 * Reports must be written in software, no specific reporting facility
 * Cannot track concurrent tasks (but for one person, wouldn't that be
   cheating anyway?)

 HTH,

 SteveT

 Steve Litt*  http://www.troubleshooters.com/
 Troubleshooting Training  *  Human Performance

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

time report tool

[Erez D]

hello

i'm looking for an open source tool, prefferebly web based tool, that
employees can report what they have worked on (i.e. this and this time on
that task etc ...)

i need this so i can extract information for reporting to the mad'an


thanks
erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

slept too long in select()

[Erez D]

hello

i've wrote a native c++ program on linux
it uses select to wait on events.


int n=select(maxFd+1,rfd,wfds,NULL, timeval);

some times, time spent in select() is larger than the time originally in
timeval prior to calling select.
i see that many time when i run it on my phone (android).

is it possible that android uses some machanism to susspend and resume
native code
(i know it does so to java)
if so, how can i overcome it ?


thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: slept too long in select()

[Erez D]

On Wed, Dec 25, 2013 at 6:09 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote:

 Hi Erez,
 Depends on what resolution you want. See http://lwn.net/Articles/296578/for 
 some background. I doubt that Android can interfere in any way except
 to affect latency in general. What about using an hrtimer?

 thanks

just FYI, i expected select to sleep for 2 seconds, it slept for 20
seconds. this is the resolution of the problem.

  - yba


 On Wed, 25 Dec 2013, Erez D wrote:

  Date: Wed, 25 Dec 2013 17:27:46 +0200
 From: Erez D erez0...@gmail.com
 To: linux-il linux-il@cs.huji.ac.il
 Subject: slept too long in select()


 hello

 i've wrote a native c++ program on linux
 it uses select to wait on events.


 int n=select(maxFd+1,rfd,wfds,NULL, timeval);

 some times, time spent in select() is larger than the time originally in
 timeval prior to
 calling select.
 i see that many time when i run it on my phone (android).

 is it possible that android uses some machanism to susspend and resume
 native code
 (i know it does so to java)
 if so, how can i overcome it ?


 thanks,
 erez.




 --
  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
 =}ooO--U--
 Ooo{=
 mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.ilskype:benavrhm
 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Fwd: DVB-T and Linux updated.

[Erez D]

you can get the r820T version. on eithed dx.com or ebay for around 13 usd.


On Sun, Nov 24, 2013 at 6:43 AM, Baruch Siach bar...@tkos.co.il wrote:

 Hi geoffrey,

 On Sat, Nov 23, 2013 at 06:56:35PM +0200, geoffrey mendelson wrote:
  The third is a TerraTec Cinergy +, which uses an RTL2382U chipset and an
  Elonics E4000 receiver.
  These used to be available for as little as $10 on eBay.
 
  It is supported in the 3.8 Kernel.
 
  These are now very hard to get. The TerraTec ones are over $40 on eBay,
 but
  there are ones that claim to have E4000 receivers,
  for around $15. Many of them are listed as E4000 upgrade version and
  really have (it's in the fine print) R820T tuners.
 
  THESE STICKS ARE NOT SUPPORTED IN LINUX. There is a working Kernel module
  for them available, but you have to compile it yourself.
  It is scheduled to be included in the 3.10 Kernel.

 It seems that support for the R820T tuner has been added in kernel version
 3.11. See http://git.kernel.org/linus/a80abc58f.

 baruch

 --
  http://baruch.siach.name/blog/  ~. .~   Tk Open
 Systems
 =}ooO--U--Ooo{=
- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

mysql q

[Erez D]

hello

i have a web page that refreshes all the time to display things from a
mysql database which is updated from time to time.
however. this meens a lot of un-needed acesses to the database. and this
refresshing page may be openede by many browsers. causing a huge load on
the database.

i know mysql supports triggers, but it seems this is only internal (i.e.
trigger may do a query, usually an update query, but this is not what i
need).

I am looking for a way to leave the connection open with mysql, not sending
any queries, just waiting for mysql to notify me when a somthing changes.

does mysql support that ?
examples of doing that will be nice


thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: mysql q

[Erez D]

On Sun, Nov 17, 2013 at 10:36 AM, ik ido...@gmail.com wrote:

 Hi, I think you tackle it wrong.

 If there is no need for accessing the database all the time, why not cache
 the result in tools such as Memcached or Redis ?

then i will still need to poll  Memcached or Redis. this may speedup
things, but it is still polling, which i try to avoid

 If they are different clients (as in agents), then there are other tools
 at your disposal, such as Varnish, that create cached version for the web.

still neab client need to poll the server


 Secondly, the MySQL/MariaDB triggers really basics if you compare them to
 PG and Fb (true open source solutions), not to mention non open source
 databases such as SQL Server and Oracle.

 Third, try to see how you can optimize the page. If there is no need for
 constant data reading, why does it constantly refresh itself ?

i do not refresh the whole page, i use ajax.

i need a repsonse time from db change, to display on browser of 5 seconds,
however the db may not change in days, and then can change every second...
if we talk about polling, i need to poll every 5 seconds, but if there is
no db change, then this is in vain

i want to work event driven, and not polling, so i thought mysql has a
builtin machanism for this.
if it doesn't i will need to warp it up in some other code - i was trying
to avoid that.

thanks,
erez.



 Ido


 On Sun, Nov 17, 2013 at 10:18 AM, Erez D erez0...@gmail.com wrote:

 hello

 i have a web page that refreshes all the time to display things from a
 mysql database which is updated from time to time.
 however. this meens a lot of un-needed acesses to the database. and this
 refresshing page may be openede by many browsers. causing a huge load on
 the database.

 i know mysql supports triggers, but it seems this is only internal (i.e.
 trigger may do a query, usually an update query, but this is not what i
 need).

 I am looking for a way to leave the connection open with mysql, not
 sending any queries, just waiting for mysql to notify me when a somthing
 changes.

 does mysql support that ?
 examples of doing that will be nice


 thanks,
 erez.

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Winter clock issues in linux

[Erez D]

Thanks, I needed that ;-)


On Mon, Sep 9, 2013 at 11:57 PM, Antony Gelberg antony.gelb...@gmail.comwrote:

 I put a compiled file at http://db.tt/wVCB6HJd.  I copied it to
 /usr/share/zoneinfo/Asia/Jerusalem, and on my Debian system I did
 dpkg-reconfigure tzdata which as far as I can tell copies the file to
 /etc/localtime.  You may wish to use cp instead. ;)

 Disclaimer: I'm not responsible for anything the file may do to your
 systems, etc, yadda.

 Antony


 On Sun, Sep 8, 2013 at 12:04 PM, Rabin Yasharzadehe ra...@rabin.iowrote:

 Download the current tzdate file from iana and compile the file yourself

 e.g -
 http://www.borngeek.com/2009/03/16/updating-time-zone-information-in-linux/



 On Sun, Sep 8, 2013 at 11:56 AM, geoffrey mendelson 
 geoffreymendel...@gmail.com wrote:

 On 9/8/2013 12:21 AM, E.S. Rosenberg wrote:

 What puzzles me in this whole thing is that it seems to me tzdata
 updates should be available to all versions regardless of their
 production state, but it seems a lot of distros are locked to
 specific versions

  Can anyone point me to a correct Asia/Jerusalem file without having to
 install a package? I have two old systems I want to fix, without any other
 mods?

 TIA.
 Geoff

 Geoff.

 --
 Geoffrey S. Mendelson 4X1GM/N3OWJ
 Jerusalem Israel.



 __**_
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-ilhttp://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
 *Rabin*

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il




 --
 http://www.linkedin.com/in/antgel
 http://twitter.com/antgel

 ___
 Linux-il mailing list
 Linux-il@cs.huji.ac.il
 http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

gdb q

[Erez D]

hello,


using remote gdb, can i use a stripped binary on the target, and a
non-stiripped locally ?


thanks,
erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il