Re: problem with cron on Kubuntu 22.04
On Wed, Feb 7, 2024 at 6:44 PM Mark E. Fuller wrote: > need to run `sudo systemctl enable cron` to get it going at every boot > and `sudo systemctl start cron` to start it immediately > Or better, 'sudo systemctl enable --now cron', which does both actions in one command. ditto for 'disable' / stop. P.S. I know the OP's issue has been resolved, this is for future Googlers... ___ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-le...@cs.huji.ac.il
Re: How to image a linux computer
On Sat, Nov 4, 2023 at 9:35 AM Michael Shiloh wrote: > Hello all, > > Situation: We have a linux computer with various software installed on old > hardware that may malfunction and be unsupported. To mitigate this risk, we > would like to make an image of this machine so that we can run it in a > virtual machine. > > How do we do this? > > Beyond what has been suggested before me on this thread, you can also rescue-boot both the old and the new system that has a disk same-size-or-larger, and just bit-copy the hard drive as a whole (including partition table) over the network, without passing through an 'image' stage. You can either do so securely (but slower) over SSH, or in plaintext if your network is secure (using netcat). See: https://www.thegeekdiary.com/how-to-clone-linux-disk-partition-over-network-using-dd/ . Note: The above tutorial suggests using compression when SSH is not involved (not sure why the difference in approaches), which you may wish to consider removing from the pipeline, especially if cloning over fast LAN - as there's a good chance that the compression, which /may/ not reduce the data volume transferred much (unless you're looking at lots of space that is filled with a static pattern like zeros) and the CPU may become the bottleneck instead of the network, and then, מה הועילו חכמים בתקנתם? DISCLAIMER: Make sure you understand what you do, so you'll not by mistake write TO the source disk from the target (or from nowhere...), overwriting all your data. :) I would say it wouldn't be a problem if you kept backups, but the original question suggests that one may not be available in this case... so, be careful. As a rule of thumb, the dd _of=_ parameter on the _SOURCE_ should NEVER point to anything local, and quite frankly, should NEVER appear on the source altogether... HTH, -- Shimi ___ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-le...@cs.huji.ac.il
Re: OT (but I don't know who else to ask) - e-mail forwarding
Additionally, Cloudflare are a "no markup" registrar (they charge you the price they're charged by the registry, and don't make any money from you on domain registration, including WHOIS privacy), which, for most TLDs, give you the best rates on the market (where they don't, either a specific registrar has favorable business terms with the registry, or it's a loss-leader sale, or first year/transfer only, but not renewals...) The only "downside" is, that you have to use their reliable highly-available DNS service on your domain, if you choose them as your registry. On Tue, 15 Mar 2022, 09:26 Yuval Adam, <_...@yuv.al> wrote: > Cloudflare have recently opened their new Email Routing product to a > public beta that also includes the free tier of their service. > > https://blog.cloudflare.com/email-routing-open-beta/ > > > On 3/15/22 08:14, Shlomo Solomon wrote: > > I use my domain - the-solomons.net - for only one thing - e-mail > forwarding. I do not have or need any other services such as site > hosting, storage, "real" e-mail, etc. > > I'm about to renew and discovered that GoDaddy's prices have gone up, > so I looked at options to transfer to another registrar. > > But, I discovered that in many cases, the 100 free e-mail forwarding > addresses are subject to spam and/or virus filtering or do not forward > certain attachments such as .zip. > > I want all my mail forwarded and certainly don't want .zip, etc to be > dropped. > > Can anyone suggest a cheap registrar who will not "tamper" with my > forwarded e-mail? > > > -- > Yuval Adamhttps://yuv.al > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT (or maybe not) - what happened to lxer.com?
On Sat, Feb 19, 2022 at 7:04 PM Shlomo Solomon wrote: > Yehuda Deutsch - if you mean whois, I also get a normal response: >Domain Name: LXER.COM >Registry Domain ID: 109446700_DOMAIN_COM-VRSN >Registrar WHOIS Server: whois.enom.com >Registrar URL: http://www.enomdomains.com >Updated Date: 2022-01-06T10:42:51Z >Creation Date: 2004-01-06T22:15:59Z >Registry Expiry Date: 2023-01-06T22:15:59Z >Registrar: eNom, LLC > > > > But the site is not there. As Geoff Shang wrote, the site looks > like a landing site of some kind. > > I didn't know the site, but it doesn't look like a parking page for upselling an expired domain. Let's try to be more constructive in debugging this. First - are you getting to the site as published by the site's owner. First, you learn from WHOIS (and also from 'dig @a.gtld-servers.net ns lxer.com') that the nameservers for this site are: ns1.wmkt.net [66.232.124.26] ns2.wmkt.net [66.232.124.28] ns3.wmkt.net [66.232.124.30] Then you follow by 'dig @ns1.wmkt.net lxer.com'. You should be getting: $ dig @ns1.wmkt.net lxer.com ; <<>> DiG 9.16.25 <<>> @ns1.wmkt.net lxer.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1540 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;lxer.com. IN A ;; ANSWER SECTION: *lxer.com <http://lxer.com>. 3600IN A 66.232.124.26 * ;; AUTHORITY SECTION: lxer.com. 3600IN NS ns3.wmkt.net. lxer.com. 3600IN NS ns1.wmkt.net. lxer.com. 3600IN NS ns2.wmkt.net. ;; ADDITIONAL SECTION: ns1.wmkt.net. 86400 IN A 66.232.124.26 ns2.wmkt.net. 86400 IN A 66.232.124.28 ns3.wmkt.net. 86400 IN A 66.232.124.30 ;; Query time: 183 msec ;; SERVER: 66.232.124.26#53(66.232.124.26) ;; WHEN: Sat Feb 19 21:13:12 IST 2022 ;; MSG SIZE rcvd: 163 Now, run just 'dig lxer.com' - do you get the same IP? If not, something/someone is messing with your DNS. In that case make sure that the SERVER line indeed has the correct IP address I mentioned above (that I got from the glue records provided for wmkt.net by a.gtld-servers.net) If you do get the same IP, someone can still be messing with your traffic, because that site is HTTP and not HTTPS, so really no one can guarantee you're in fact talking with 66.232.124.26... HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: mail.log
On Mon, Jan 17, 2022 at 10:58 AM אורי wrote:
> Hi,
>
> I want to check mail.log for how many emails are sent every day. The
> format of my mail.log is something like this:
>
> Jan 17 08:49:23 www (the rest of the log)
>
> I'm running a command such as:
>
> cat mail.log* |fgrep "status=sent (250 Ok"|awk '{print $1" "$2}'|sort
> -n|uniq -c
>
> And I receive the number of emails sent every day. But the date doesn't
> contain the year, the months are sorted alphabetically and the line of Jan
> 17 comes before the line of Jan 2. I would like to sort the lines according
> to the date order such as in -mm-dd and with including the year. How do
> I do it?
>
>
If the format is broken, why not fix the format itself, at the source?
https://serverfault.com/questions/967286/how-to-change-the-date-format-of-maillog
HTH,
-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: recover ssh-agent socket
On Sat, 8 Jan 2022, 13:24 Shachar Shemesh, wrote: > You can probably find it under /proc/$SSH_AGENT_PID/fd. > > > With that said, I'm not sure whether that brings you any closer to > recovering it. Maybe a move (the syscall, not the command line) from there > to $SSH_AUTH_SOCK? > > Wouldn't ln -s /proc/$SSH_AGENT_PID/fd/ $SSH_AUTH_SOCK achieve the /purpose/ of the OP (even if without actually creating a socket file)? Assuming I understand correctly the purpose... -- Shimi > > Shachar > > > On 08/01/2022 11:06, Tzafrir Cohen wrote: > > Hi, > > I accidentally deleted my ssh-agent's socket from /tmp. The agent is > still running and I have $SSH_AGENT_PID and $SSH_AUTH_SOCK set in > various processes, so I know where it should have been. > > Is there any way to recover the socket? Short of restarting the X > session, of course. > > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: saving files on the network
On Tue, Dec 28, 2021 at 5:59 AM Shlomo Solomon wrote: > I think the relevant line in my /etc/fstab is the equivalent of what > you suggested, but for some reason, all files "seem" to be owned by > root, rather than the actual owner, so I use smb:// or fish:// in KDE > Dolphin and then I can access files properly. > > The fstab line is: > > //pi/PI-PUBLIC /mnt/PI-PUBLIC cifs > user,credentials=/etc/samba/auth.pi.solomon 0 0 > > CIFS file ownership is root unless you also specify in your mount command -o uid= (or equivalent uid=user in fstab options column) There's also a 'multiuser' CIFS mount option, but not sure you want to go there, especially if you're a single luser on your workstation accessing this shared CIFS mount. Once all files appear with yourself as owner, many permission problems (derived from 'other' not having [write on files/execute on dirs] permissions) will go away. You can also use dir_more and file_mode to force 777/666 for all files in the mount, but that's frowned upon for obvious reasons :-) HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mail blocked by Google
On Sun, May 16, 2021 at 6:49 AM אורי wrote: > > The IP of the server is 157.245.76.159, the sender is > r...@www.speedypedia.info and SPF is defined. Is there a way to receive > mail from this server, without using another SMTP server to send mail? This > server only sends mail to myself and I never marked it as spam. > > You could try adding DKIM too, to cryptographically authenticate outgoing mail from your domain, which I think is one of the markers GMail is looking at when deciding reputation. OR (and probably much simpler if you're doing roll-your-own), if you haven't done so already and you don't mind, you can try sending *authenticated SMTP*, using Google's mail servers as your official SMTP server (relay), authenticating with a GMail account on your domain (preferably not your primary one, in case your server gets hacked and everything). HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: SMART error each hour for a SSD, due to "unreadable (pending) sectors"
On Wed, May 5, 2021 at 1:10 AM Omer Zak wrote: > I have a laptop with a 1TB SSD. > The smartd daemon logs an error each hour as follows: > -=-=-=-> > Device: /dev/sda [SAT], 1 Currently unreadable (pending) sectors > > Googling this sentence finds this: https://serverfault.com/a/851486 - which sounds plausible enough... HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Closing laptop lid while Zoom is running prevents wake-from-suspend when lid opened
On Sat, Apr 24, 2021 at 1:05 PM Michael Shiloh wrote: > > I don't even know where to start looking. > > Any suggestions? > Where to start: https://01.org/node/3721 My hunch, whenever NVIDIA or Intel are involved, is to start off your investigation with the graphics adapter. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Create a static network configuration from a DHCP lease`
On Wed, Sep 30, 2020 at 4:26 PM David Cohen wrote: > Hi, > I'm looking for an automated way to convert the DHCP address a server gets > during installation to a static IP configuration. > I have fixed leases so no future conflict is expected. > Is there a ready to use cli tool/script for CentOS 7 ? > > I don't know of an existing solution, however, you can probably throw a bash script to /etc/dhcp/dhclient.d/whatever.sh, and in it take the DHCP data stored in the variables: $interface $new_ip_address $new_subnet_mask $new_routers $new_dhcp_lease_time $new_domain_name_servers and use them in nmcli commands to alter the existing connection to a static one with those settings, e.g. something along the lines of: nmcli con mod "$connection" ipv4.addresses $new_ip_address/$new_subnet_mask(may need to convert to CIDR?) gw4 $new_routers nmcli con mod "$connection" ipv4.method manual nmcli dev disconnect "$connection" nmcli -w 10 dev connect "$connection" HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Access host from QEMU guest
On Sun, May 17, 2020 at 12:58 PM Lev Olshvang wrote: > I read once that QEMU linux guest has reserved IP of the host. > > I did not bookmarked it, can anyone help? > > Do you mean that the IP allocation to the MAC is reserved the next time you start the VM? I don't have a reference, but on my system this is libvirt running dnsmasq... my allocations are at /var/lib/libvirt/dnsmasq/ ... HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: What would be a proper way to shutdown a sata disk connect with a usb interface ?
On Sun, Dec 16, 2018 at 9:53 AM wrote: > I'm using sata to usb interface to extract data and to work with end user > hard > drives connected to a laptop. > > I'm using that for a periodic offline backups to HDD and an SSD (I know > unreliable but that is the best I have for now). > > What I do today when I need to shutdown it are the next steps : > > unmount everything > sync > umount (assuming -l is not used), by definition, cleanly un-mounts the filesystem - it makes sure all pending writes are written and all metadata is cleanly committed, then completes. This makes 'sync' unnecessary - the filesystem would not be considered unmounted before all blocks were already reported written by the disk. So your 'sync', IMHO, does nothing. I assume it returns immediately (assuming no dirty data exists on other fs's...). You would see the umount waiting the way you would expect sync to wait (if you reversed the order...) see also https://unix.stackexchange.com/questions/345917/does-umount-calls-sync-to-complete-any-pending-writes sdpram -S 30 /dev/sdX (I'm not sure if does anything honestly) > Wait for ~20 minutes > physically touch the disk if I feel any movement , if not unplug the power > the > usb cord and then unplug the power plug. > > To what end? Why do you believe this is different from a normal shutdown of your computer with your internal HDDs where the filesystems get unmounted (the rootfs being re-mounted read-only) and then power off of the ATX power supply? I have both SSD and plain old HDDs plugged this way. > > I'm feeling that I'm working in an unsafe manner, does any of you have a > better suggestion how to shutdown the devices correctly to prolong the > disk > life ? > What is unsafe in your opinion? Can you please elaborate? How does it relate to prolonging disk life? Clean unmount is (so I believe...) for filesystem integrity more than anything else... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: how to copy an ubuntu system disk containing a logical volume.
On Sun, Nov 18, 2018 at 8:14 PM Geoffrey Mendelson <
geoffreymendel...@gmail.com> wrote:
> The lvm volume is something I dont understand.
>
Essentially LVM creates an abstraction layer between the actual block
device and your filesystems. Usually, your filesystems are written directly
on the block device.
With LVM, instead you get multiple layers that allows you flexibility (at
the cost of some performance degradation, there IS some translation going
on there) in such a way that you can make many small block
devices/partitions for just about everything, so nothing will surprise you
taking too much disk, and then gradually grow those that you wish, on the
fly, without even unmounting your filesystem (assume your filesystem
supports online resizing; most modern ones do).
Additionally it allows you to concatenate multiple disks into one large
store pool (similar to the concept of RAID0)
The way it works is like this:
You create PVs on actual block devices. From one PV or more ('pvs' to see
all PVs), you create a VG (Volume Group) ('vgs' to see all VGs'). So you
can create a VG that spans two PVs from two disks. The VG is like a regular
block device - you can 'partition' it, and those partitions are called LVs
- Logical Volumes ('lvs' to see all LVs). They behave in a similar manner
to your /dev/sda1 for that matter, just that you can always enlarge them
with the 'lvresize' command, as long there's free space in your VG.
You don't really need a tool to copy them. It's fairly simple - you create
partition on all the available disk space, change the partition type to
Linux LVM, use pvcreate on it, then use vgcreate to create a VG on the PV,
and then lvcreate to create volumes/partitions on the VG, after which you
mkfs them as you normally would mkfs /dev/sda1 - just with
/dev/mapper/vgname-logvolname instead... the one place where you might be
bothered is if your root directory itself is over LVM. In that case, the
kernel will not directly be able to use it with a root= boot parameter,
rather then you'll need to use initramfs that will be capable of
enumerating all the LVM hierarchy, and then things like UUIDs/Labels become
available and you can use them in your root= parameter. I am assuming your
existing system already does that if that's your current setup, so you can
copy from there and just modify the GRUB config to your new details.
Having said all the above - you can get all that, and more, and especially
snapshots which were mentioned before, which... suck... I've no better
word, in LVM, better, in ZFS (https://en.wikipedia.org/wiki/ZFS). But
it's even more complicated ;-)
HTH,
-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: SOLVED but WHY? (was Re: problem with ownership of files on Samba share)
Maybe the Dolphin mount (via kio-smb I guess?) runs the mount command with parameters like uid=$USER,gid=$USER ? Have you compared the options of the two mounts when they're both mounted with "mount | grep PI-PUBLIC" ? On Fri, Aug 24, 2018 at 9:56 AM, Shlomo Solomon wrote: > Answering my own post with a solution, but I don't know WHY this works. > > I discovered that if I access fish://pi/media/PUBLIC/ in Dolphin the > file ownerships are shown correctly. > > Can anyone tell me why this works when the following 2 don't? > > > If I access /mnt/PI-PUBLIC in Dolphin, all the files "seem" to be > > owned by root. > > If I access smb://solomon@pi/PI-PUBLIC/ then all the files "seem" to > > be owned by solomon. > > > > > > > On Fri, 17 Aug 2018 10:58:06 +0300 > Shlomo Solomon wrote: > > > Since moving from Mageia5 to Kubuntu 18.04 I have an annoying problem. > > > > I have a Raspberry PI file server running Samba and sharing > > PI-PUBLIC. Files are created (and owned) by various users. > > > > This is a mixed Linux and Windows network. > > All Linux computers on the network (including the PI) have the same > > users and UIDs, to prevent confusion about file ownership. > > In the PI-PUBLIC section of smb.conf on the PI, all the relevant users > > are listed as valid users = > > > > In Mageia I could mount the share with either of the > > following /etc/fstab entries (note that pi is defined in /etc/hosts): > > > > //pi/PI-PUBLIC /mnt/PI-PUBLIC cifs > > username=solomon,password=mypassword,rw,user 0 0 > > > > //pi/PI-PUBLIC /mnt/PI-PUBLIC cifs > > user,credentials=/etc/samba/auth.pi.solomon 0 0 > > > > But in Kubuntu, all the files "seem" to be owned by the wrong user. > > If I access /mnt/PI-PUBLIC in Dolphin, all the files "seem" to be > > owned by root. > > If I access smb://solomon@pi/PI-PUBLIC/ then all the files "seem" to > > be owned by solomon. > > > > > > > > > > -- > Shlomo Solomon > http://the-solomons.net > Claws Mail 3.16.0 - Kubuntu 18.04 > > ___ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: raspberry PI - no X11
On Sun, Feb 4, 2018 at 11:54 AM, Shlomo Solomon <shlomo.solo...@gmail.com> wrote: > I really don't know how I screwed this up, but I've been "playing" with > this for hours with no success. > > I have a raspberry PI file server. I rarely use the GUI and when I do > it's usually over VNC (I use KRDC) or with ssh -X. > > As of today: > 1 - KRDC won't connect > > 2 - ssh -X pi@pi (pi is defined in /etc/hosts) gives only a console > login and says: > X11 connection rejected because of wrong authentication. > > 3 - I connected a monitor directly to the PI and it will not accept the > pi password when I try to login to X11 - but DOES accept the root > password. So X11 is OK, but only for root - not the regular pi user. > > > Not a Pi expert so I'll answer this as if it was a generic Linux question... 1. You didn't mention if you tried to simply reset the pi user password from root by invoking 'passwd pi'? 2. Assuming SSH authentication via public key (I have to assume because I couldn't find the authentication method in the question...), one has to make sure that the home directory of the user authenticating to is with not-too-open permissions (for starters the safest bet is chmod 700), likewise for all all ancestor directories of said home directory, because if they're too open, another user might be able to simply replace your homedir with another homedir, and then log in as you; To discourage such possibility, SSH blocks authentication whenever the permissions are too wide. 3. If all the above fails (or you already tried and everything is in order), I would look at /var/log/messages (or Pi equivalent) while attempting to login to the user, to see if any hint is available there. Also, over ssh, using 'ssh -v' might output something useful. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Internet recommendations
Hi Sara, To calculate the said cost, we will need to know the input wattage/amperage of whatever they installed there. If for example it's 1watt (not saying that it is), the cost would be negligible. Tripled the electricity cost? >From how much? Without numbers, we can only guess. Let's say the equipment (what is it? isn't it a simple fiber to ethernet converter? something similar to http://www.fibrolan.com/FibroLAN/Templates/showpage.asp?DBID=1=1=108=1223=3990=3852 ?) consumes 2A on 12V so 24W. Power to run such a device for 24 hours a day, 30 days a month would be 24 x 24 x 30 = 17.28kWh. Price of 1kWh is 55.29 agorot (based on https://www.iec.co.il/homeclients/pages/tariffs.aspx), so for monthly usage of 17.28kWh, the price would be 9.55 NIS - this of course should be divided by the number of households in the same entrance. If there are for example 10 households, each one will pay less than 1NIS/mo. per device with such consumption. Of course, it may consume much more. Can you please take a look at either the rated wattage on the device(s), or, if not rated, the model(s) of it, so its' spec sheet could be looked up online to find out the actual cost to be attributed to these devices? Thanks! By the way, YES also put amplifiers that consume electricity from the building 24x7x365... and perhaps such amplifiers are also installed for reception of IDAN+ public broadcasts. Likely they're all nothing compared to power consumption for lighting fixtures and elevator engines... Thanks, -- Shimi On Tue, Jul 18, 2017 at 12:31 AM, sara fink <sara.f...@gmail.com> wrote: > Hi Geoff > > I have some bad critics about unlimited. Besides what was mentioned in > this list, I can tell you that they install communication equipment on the > building entrance without installing separate electricity clock. This > equipment serves the whole building but only one entrance pays for the > whole building (I checked it with them, so this is the situation). This is > what they did where my mother lives. Now imagine that this equipment works > 24x7x365 and calculate how much this electricity costs. I can tell you that > in the case where my mother lives, the electricity bills jumped 3 times > more compared to previous bills. > > When I sent them an email they didn't even bothered to answer. According > to their web page you don't know who is the personnel. Just a simple email > (to which they don't answer) or phone. > > On Mon, Jul 17, 2017 at 7:13 AM, Alon Barzilai <a...@skylinesoft.com> > wrote: > >> Hi, >> >> If you plan to buy a modem/router this list (in hebrew) may help. >> >> http://www.netcheif.com/Articles/VDSL_Router/VDSL_Router.htm >> >> about unlimited: >> they have a very limited areas where they have service, and they expand >> very slowly. >> >> hot may have better infrastructure than bezeq at some areas ( this is my >> case). they do not have CAPTCHA in their routers. >> it might be a good idea to ask you neighbors what they use, and if they >> are happy with it. >> >> Cheers, >> Alon. >> >> >> >> On 7/16/2017 11:30 PM, Geoff Shang wrote: >> >> Hello, >> >> This could get a bit lengthy, so please bare with me. Also, there is a >> direct connection to Linux if you read far enough. >> >> We are moving house in two weeks and have the opportunity to change ISP >> and infrastructure providers. I'm hoping you all can help us decide who to >> go with. >> >> Our preference is for a high-quality Internet service, and we have been >> prepared to pay for it. Up until two years ago, we were happily using >> Bezeqint's Gamers' package, over Bezeq NGN. But then we started running >> into a problem. >> >> My wife and I are both blind. When we got our service reconnected in >> November 2015, after being out of the country for six months, we discovered >> that the Bezeq routers now have a CAPTCHA in addition to the username and >> password. Moreover, this CAPTCHA has no audio challenge, only visual ones. >> >> This of course makes it difficult to get into the router to administer >> it, and while there are solutions that can help a blind person solve these >> challenges, you of course need to be connected to the Internet to use them, >> which limits their usefulness in this case. >> >> When we moved in earli 2016, we tried getting our infrastructure from >> Bezeqint instead of Bezeq, the point being that the people you pay for the >> infrastructure provide the router. Unfortunately, they also had a CAPTCHA >> challenge on their login page, so this did not help particularly. >> >> Late last year, we tried switching to 012. To be honest,
Re: strange ping and traceroute results
On Sun, Nov 20, 2016 at 9:38 AM, Shlomo Solomon <shlomo.solo...@gmail.com> wrote: > On Sun, 20 Nov 2016 08:25:18 +0200 > shimi <linux...@shimi.net> wrote: > > > I believe it's called a CDN and/or local compute clusters and the > > purpose of it is to give you a better user experience, which is a > > Good Thing (TM). > > > snip ... snip ... snip > > > > Why do you think it's a problem and are trying to avoid it? > > > > Thanks. I agree that this is "normally" a Good Thing (TM). So I guess I > have to explain my problem. For a course I'm doing, I had to write > traceroute in Python - re-invent the wheel :-) > > My program works, but I noticed it never reaches www.google.com so I > checked the "real" traceroute and found the same behaviour. > > It seems that neither my program nor the real traceroute handle this > properly - i.e. they never report that they've reached the final hop. > I've included traceroute www.godaddy.com and traceroute www.google.com > for comparison. You can see that traceroute www.google.com never > reaches the address it's trying to reach - 213.57.24.49 > > I do not believe the fact that you "can't reach it" has anything to do with www.google.com resolving to an IP in Israel. Since I am assuming that for your re-inventing the wheel exercise, you did learn and understood what traceroute does; But let me explain it anyway for the answer to your question lies within... What traceroute does is essentially send packets to the destination IP by certain protocol. Popular choices include UDP (I believe that's what the Linux one does by default), ICMP (I believe that's what the Windows one does by default) and TCP. However, it doesn't send the packet as one normally would, with a large TTL (Time To Live) value which is expected to reach anywhere on the Internet (typical values: >= 64), rather than it starts of with setting a minimal value for TTL, for the purpose of _not_ getting into the target IP, rather than the packet being dropped by the very first router (hop) on the chain, resulting in error in packet delivery. Per the IP specification, such a packet discarding SHOULD produce an ICMP (Internet Control Message Protocol) message being sent by the hop that has discarded the packet towards the originator of the original packet, telling it that "TTL expired in transit". The original idea was to avoid packets travelling to infinitum in routing loops - by decreasing the TTL by 1 on every hop the packet passes, eventually it will zero out, and the packet will be discarded, not causing a bandwidth storm. So, I said SHOULD. Does it always? Well, no. Some hosts on the Internet employ something called "a firewall", which blocks ICMP for various reasons (you'll hear the word "security" in some places); As a regular user who opens his browser and types in 'https://www.google.com/' - you don't really care. ICMP is not typically used when establishing a connection to a server on the Internet (well, that's not accurate; lack of PMTU discovery is an excellent way to get your IT people to pull some hairs out when any tunnel is involved, including dialup and Israeli "MPLS" connections, a.k.a. "dialer-less HOT"... but for the sake of discussion and to explain how did they ended up deciding to filter those packets and affect you - probably not knowing what else they break - then "it's not typically used") Sometimes the filtering is not of ICMP at all, rather than the original protocol you're trying to probe with; A random UDP port at the area of 30,000 typically has no business traversing their network, so your original packet (if you're using UDP packets for your traceroute program) may have been firewalled and never reached a router to lower its TTL by 1 and expire it in transit to produce the ICMP message you're expecting... In that case, where ICMP is not actually block, rather your UDP connection is, you might find out that running: traceroute -I 213.57.24.49 (I for ICMP Echo based traceroute) Does actually get you to the target. However, you'll have to run this as root, because generating ICMP packets is not something the regular user can do. Of course, you can opt to chmod +s your traceroute binary... Hope this helps, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: strange ping and traceroute results
On 20 Nov 2016 07:02, "Shlomo Solomon" <shlomo.solo...@gmail.com> wrote: > > When I try ping or traceroute to www.google.com, I get strange results. > Both utilities "think" that www.google.com is at 213.57.*.*, but those > addresses belong to my Internet provider - Hotnet. > > What am I missing? > > [solomon@shlomo1]$ ping www.google.com > PING www.google.com (213.57.23.29) 56(84) bytes of data. > 64 bytes from 213.57.23.29: icmp_seq=1 ttl=59 time=17.1 ms > 64 bytes from 213.57.23.29: icmp_seq=2 ttl=59 time=16.8 ms > 64 bytes from 213.57.23.29: icmp_seq=3 ttl=59 time=17.1 ms > > [solomon@shlomo1]$ sudo traceroute www.google.com > traceroute to www.google.com (213.57.24.55), 30 hops max, 60 byte packets > 1 router-1.solomon (10.0.0.138) 1.010 ms 1.007 ms 1.006 ms > 2 core-213-57-3-7.ptr.hotnet.net.il (213.57.3.7) 15.379 ms 15.741 ms 16.551 ms > 3 ae7.101.hfa.mx-lns.con.hotnet.net.il (213.57.3.221) 36.177 ms 36.182 ms 36.178 ms > 4 core-213-57-3-217.ptr.hotnet.net.il (213.57.3.217) 17.736 ms 17.736 ms 17.733 ms > 5 * * * > 6 * * * > 7 * * * > 8 * * * I believe it's called a CDN and/or local compute clusters and the purpose of it is to give you a better user experience, which is a Good Thing (TM). There are other similar POPs I saw at least in BezeqInt. The question really is: Why do you think it's a problem and are trying to avoid it? If your reply includes the letters M-I-T-M, please consider that without installing a fake CA cert on your host, MITMing an SSL/TLS connection WILL cause a connection set up error from your browser. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: single threaded web servers
On Sun, Jul 3, 2016 at 5:13 AM, Amos Shapira <amos.shap...@gmail.com> wrote: > Yes I know it's possible to fork multiple processes with one thread in > each and all that jazz. > > I'm asking in the context of Erez' response - if he runs single-threaded > code on a multiprocessor hardware, how would he take advantage of more than > one processor core? > > It sounds as if from some reason the term 'single threaded' has been used throughout this discussion while in fact the discussion, IMHO, was actually about 'event based' as the connection processing mechanism of the servers. If you replace 'single threaded' with 'events based' and leave the assumption of 'just a single thread' out (which doesn't necessarily mean 'one thread per connection'), you can then realize that you can use event based servers... with multiple threads - one per each CPU core, and then you're not limited to one core's power. Some servers are even smart enough to figure out the right number automatically http://nginx.org/en/docs/ngx_core_module.html#worker_processes (which happens to be my preferable web server for many years now). And... you can always "why not write an Nginx module in C?" [1] -- Shimi [1] https://www.youtube.com/watch?v=bzkRVzciAZg - please don't take this as if I agree with every word mentioned there; it's just for the fun of it, and it's kind of on-topic. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: revisioning mysql server
On Wed, Mar 23, 2016 at 9:22 AM, Erez D <erez0...@gmail.com> wrote: > hi > > i have a running mysql server, and want to be able to restore it to any > day, with as little backup space as needed > > i do mysqldump to the same file every day then commit the file with "svn > ci" > the idea is that if there are no changes, it takes no space > > it works well if i just append entries to a database, as svn will just > save the changes > > however, if i insert a record, and for instance the dump file has 5 record > at every line > then the change is big and actually svn will save most of the file though > there is a very small change actually. > > another issue - if the records hold changing info like timestamps etc. > > any idea ? > > What about xdelta[1] and saving the .xdelta files ? (from last copy or original copy - your choice, but the cost of choosing the former to save space would be that you'll have to roll the opposite operation in sequence for any recovery) -- Shimi [1] http://xdelta.org/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: SSL certificates
On Tue, Mar 8, 2016 at 9:33 PM, Gabor Szabo <ga...@szabgab.com> wrote: > I am trying letsencrypt.org . <http://letsencrypt.org> > I just cloned their repo and started to follow their instructions, but > then they say "nginx support is experimental, buggy, and not installed by > default" and I am using nginx for most of my servers. I guess their nginx > support will come soon and I can wait a bit though I wonder, have any of > you used it on nginx? > > When they say 'nginx support' they mean 'automatically configuring nginx for you'. There are plenty other ways (including manual, with other clients that doesn't force you to provide them with root access to your machine) to just issue the cert from a CSR, and install the cert normally on any web server you want. See for example https://tty1.net/blog/2015/using-letsencrypt-in-manual-mode_en.html and https://github.com/diafygi/letsencrypt-nosudo HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Something is injecting malware into my HTTP traffic
On Sun, Mar 22, 2015 at 11:10 AM, Roman Ovseitsev rom...@gmail.com wrote: Thanks everyone! That explains it then. It interesting how the cached version is actually slower to download than the non-cached. I haven't noticed the speed difference prior to Michael mentioning it, but now after some random tests the behaviour seems to be consistent with other sites as well. Too bad not everyone provides secure versions... Not too surprising. Nodejs uses Joyent as a provider. Likely they have ample bandwidth capacity and common-use objects (and I am guessing the main downloadables of latest versions are THE most commonly downloaded file from NodeJS's servers) which are likely in RAM cache of the server. Compare with an Israeli ISP that would try to squeeze any cent it can when utilizing their international links (which is why I left them) and just put everything on some huge cache machine, likely with not-so-fast-disks (i.e. disks with notiacable seek time, i.e. not SSDs) because they're trying to save money, remember, and the fact that while 'all the cool kids use node.js', comparing to the rest of your ISP customers, it is likely not a popular choice as compared to things like Torrent sites, etc, so likely not in RAM cache, so it must load from a busy disk, and... there you have it :) Your solution is to switch ISP, so they'll learn not to mess with their customers. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: ISP and infrastructure bundling
On Tue, Feb 17, 2015 at 10:27 PM, Mord Behar mord...@gmail.com wrote: So, today is the day that Bezeq is finally starting to subcontract their ADSL infrastructure to other companies, thus allowing an ISP to provide the full service. I personally think that this is a good thing, the somewhat artificial distinction between ISP and infrastructure seemed like a good way to make rich people richer, without actually benefitting anybody else. I am thoroughly sick and tired of having to deal with two separate tech support systems, each one blaming the other for their own faults. Anyway, it looks like right now the only sensible option to bundle the two services is with 018 Xfone. (018.co.il) Looking around, I found very little information about the company that doesn't look like it came from the company's own press team. Does anybody use their services? How is it? Do they deliver on their promised up/down speeds? (Bezeq and Bezeqint don't, at least for me) How is their tech support? How is their customer support? Has anybody heard any rumors about other companies bundling service and infrastructure? I use 018 (30Mbps), but not through DSL... I would say they're quite stable... by far most of my issues are from the infra and not from them. Downloads are reasonable (but who doesn't have a CDN with an Israeli endpoint nowdays? so you're likely downloading from Israel which is fast for everybody...) I've seen traffic to abroad go through gtt.net, sometimes through bezeqint (!!!)... If you d/l with multiple (like, 30) TCP connections (e.g. from an NNTP that allows you), you usually get your full speed even in busy hours. If you want me to download a specific resource at a specific time of the day to check performance, let me know As for tech support - rarely do I call them, but I remember one time I did and the person on the other side (equivalent to the regular checklist-reading-representative, not an escalation in any way) was actually knowledgable. He figured out what was wrong (I have to use their L2TP as IP and not a hostname due to a limitation of my router - and the IP I used became oversubscribed). We discussed their L2TP servers load balancing algorithm... I think the regular techsupport guy doesn't know what load balancing means. So, surprising. But really, it's just an anecdote and perhaps a corner case... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: DNAT and MASQUERADE
On Thu, Jan 8, 2015 at 10:43 AM, Erez D erez0...@gmail.com wrote: On Wed, Jan 7, 2015 at 11:41 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote: hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that If computer1 can access ext_ip:, all you need is to allow ip_forward (/etc/sysctl.conf for permanent, and echo 1 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers have a static route to ext_ip via computer1 Then, in computer1, iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i interface subnet of computers come from ] -s subnet of computers/netmask -p tcp --dport -j MASQUERADE should do... (of course, assuming the iptables FORWARD chain is not dropping those packets; otherwise you'ld need an ACCEPT rule there, too...) HTH, -- Shimi And on a second read, I think I got you wrong and the purpose was to access computer1 port (hopefully listening on 0.0.0.0) from computersN by using the external IP from the inside? yes couputerN default route is the linux firewall. without any rules on linux firewall, it will forward packets from computer1 destined to ext_ip to NAT1. and they will not reach computer1 att all, so rules on computer 1 are useless. Doing a DNAT on linux firewall will direct the packets to computer1, however computer 1 will know comuterN and will reply directly without going through linux firewall, and computer1 will not match the packets to the original connection. But if you create a static route on computerN towards the external IP via computer1 like I suggested, then these connections will not get to linux firewall at all, rather then get to computer1 (I'm assuming they're on the same L2 and share IP addresses in the same IP subnet) - so rules on computer1 will apply, wouldn't they? What am I missing? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: DNAT and MASQUERADE
On Wed, Jan 7, 2015 at 11:35 AM, shimi linux...@shimi.net wrote: On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote: hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that If computer1 can access ext_ip:, all you need is to allow ip_forward (/etc/sysctl.conf for permanent, and echo 1 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers have a static route to ext_ip via computer1 Then, in computer1, iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i interface subnet of computers come from ] -s subnet of computers/netmask -p tcp --dport -j MASQUERADE should do... (of course, assuming the iptables FORWARD chain is not dropping those packets; otherwise you'ld need an ACCEPT rule there, too...) HTH, -- Shimi And on a second read, I think I got you wrong and the purpose was to access computer1 port (hopefully listening on 0.0.0.0) from computersN by using the external IP from the inside? If so, did: iptables -I PREROUTING -i interface of computersN subnet -s subnet of computers/netmask -p tcp --dport -j REDIRECT --to-port not work? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: DNAT and MASQUERADE
On Wed, Jan 7, 2015 at 10:16 AM, Erez D erez0...@gmail.com wrote: hello. I have an iptables question i have the following ext_ip - NAT1 - linux firewall- network - computer1:eth0 .. computer99 i have no control over NAT1. computer1 also can reach the internet via eth1. linux firewall redirects incoming port from ext_ip to computer1 however i need coputer2 .. computer99 to connect to ext_ip: and also reach computer1 so first i did a NAT rule in linux firewall to redirect all packets from internal to ext_ip: to computer1. and did an 'ifconfig eth0:1 $ext_ip up' on computer1. this works. however it causes computer1 not to be able to access real ext_ip via eth1 which is connected to the internet as well so i though of both doing DNAT and MASQ, which will do the same but will not require assiging ext_ip to computer1. howerver i do not know how to do that If computer1 can access ext_ip:, all you need is to allow ip_forward (/etc/sysctl.conf for permanent, and echo 1 /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers have a static route to ext_ip via computer1 Then, in computer1, iptables -t nat -I POSTROUTING -o interface going towards ext_ip [ -i interface subnet of computers come from ] -s subnet of computers/netmask -p tcp --dport -j MASQUERADE should do... (of course, assuming the iptables FORWARD chain is not dropping those packets; otherwise you'ld need an ACCEPT rule there, too...) HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: udev persistance promblems
On Wed, Dec 10, 2014 at 12:30 PM, Erez D erez0...@gmail.com wrote: I have a strange problem when i insert my wlan usb dongle, I get wlan0. if i remove and reinsert, i get wlan1 next time - wlan2 etc.. if i look at /etc/udev/rules.d/*Persistance* i see multiple lines that are completely identical, except the wlan number any idea ? any idea of how to debug this ? But, do you have a specific rule that forces this specific dongle to be wlan0? i.e. by direct identification of it, like by MAC or Manufacturer ID? ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mageia 4 - update delay
On Sat, Dec 6, 2014 at 6:39 PM, Shlomo Solomon shlomo.solo...@gmail.com wrote: I tried running ps -A before clicking, a few times during the 4 minute wait and after the GUI started. I then used diff to compare. The only change I found during the wait was an additional kworker/2:0 (there were already over 20 kworker processes running). Could this be significant? I haven't yet run strace as you suggested. Highly doubt it. kworker are kernel threads... not userspace programs... When the GUI started, I found a MageiaUpdate process and an additional drakrpm-update process (for a total of 2). I assume the first one is responsible for the periodic check if new updates are available. So it seems that the process is indeed not launched for the 4 minutes. My next suggestion would be to run 'ps auxf' (or pstree?) after the package manager has launched, and hopefully you'll see *which* process runs your update processes (the parent); At this point I would assume the issue is there. First, check which package it belongs to and verify you're running latest update for this package (you don't want to mess with already-fixed-bugs). Then, assuming you're up-to-date and the issue remains, strace -f this process, and only then click whatever you click there - to see which system calls it does between the time you click what you click, and the package manager going up. Perhaps this process waits on something before it starts the actual update manager... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mageia 4 - update delay
On Thu, Dec 4, 2014 at 8:06 PM, Shlomo Solomon shlomo.solo...@gmail.com wrote: Since upgrading from Mageia 3 to Mageia 4, when I get a notification that updates are available, I click on it but Software Package Update starts only after exactly a 4 minute delay. Any ideas why? Maybe it is waiting on some lock file? Package managers has this tendency... Does it really start after 4 minutes, or does it just start showing the UI after 4 minutes? See if new process has been created. If there's a new process, try to strace -f -p pid to see what it is waiting on (you probably want to suffix this command with [ update.strace 21 ] as the output will probably become quite large. Also you should run this as root if the process launched is not in your own UID) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Backdoor?
On Sun, Nov 23, 2014 at 10:45 PM, Amichai Rotman amic...@iglu.org.il wrote: Hi All, I am trying to troubleshoot a bottleneck in my internet connection. I came across a few lines like these ones when I run 'netstat -ptW': tcp0 0 10.0.0.3:42239 82-166-201-152.barak-online.net:http ESTABLISHED 5881/chrome This is a server on the Akamai CDN. Could be any website using Akamai. Use a sniffer instead of netstat if you want to know what's going on. tcp0 0 10.0.0.3:55224 bzq-179-180-121.static.bezeqint.net:https ESTABLISHED 5881/chrome Using -n in netstat is advised; Some IPs have a reverse DNS without a matching forward DNS. Anyways, this is likely 212.179.180.121. Also known as: $ host www.google.com | grep 212.179.180.121 www.google.com has address 212.179.180.121 Does Bezeq and the ISPs open a backdoor in my router somehow? They could be, but this log is probably not showing the case. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: preventing dhclient from running under certain conditions
On Wed, Oct 29, 2014 at 2:06 PM, Oleg Goldshmidt p...@goldshmidt.org wrote: [*] Without discussing the actual requirements, consider a trivial example. Suppose you have several DHCP VLANs configured on eth1, and suppose that for various operational reasons the eth1 link may occasionally be down. What happens in such a case is that dhclient keeps trying, for all VLANs and for a long time, before giving up. You don't want this to keep a machine from booting, to keep other interfaces from starting, etc. One would want to detect this early (e.g., using ethtool or similar) and not even attempt to bring up DHCP interfaces. [In my mind, this is a bug in dhclient, but this is beside the point...] What about allow-hotplug? http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_basic_syntax_of_etc_network_interfaces -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: (OT - but I don't know who to ask) - Android tablet charger
On Sun, Sep 7, 2014 at 9:20 AM, Mord Behar mord...@gmail.com wrote: You not only need the proper dimensions but also the correct voltage, amperage and direction (not sure what to call that last one). s/direction/polarity/ ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Who is leaking memory in my Linux Jessie/KDE4 installation?
First things first: What is Used Memory in Linux? Most people think that Used Memory means used by my running applications. When Linux says used, it means used for any purpose, and furthermore, used does NOT mean total - available for applications. So what one sees as free does not mean that's the amount of memory available for applications. It can, and usually is, a much higher number. In Linux, everything in use, including by the kernel, for purposes of caches and buffers, i*s* ALSO used, but, when memory is needed by applications, these buffers and caches can, and are, being discarded (after all, they're cache, they don't contain anything not written elsewhere, e.g. on disk). Usually very little buffers would not be on the disk - such ones cannot be reclaimed as free memory before they're flushed. So, one should add 'cached' and 'buffers' from 'top' to be considered as the 'free memory pool', and not take the 'free' number as the real free memory. Linux, in its way of operation, will always have a growing and growing 'cached' value. This is OK, by design, and part of the thing that makes it so fast. When RAM is needed, cache is evicted. There are a few examples for this on www.linuxatemyram.com Now, there are a few other places where RAM can be taken, which do not count towards 'cached', even though they're cache. There's the SLAB. You can examine it by running cat /proc/slabinfo (as root). There's even a top-like utility for it: slabtop(1). Some of the Slab is reclaimable for use (you can 'grep Reclaim /proc/meminfo '), some is not. Likely lots of Slab would be for dentry cache, especially if you're opening many many files. Some buggy-designed software does this (for example nss... which is unfortunately used by default in cURL SSL connections if you've not compiled cURL to use OpenSSL instead...). See: https://www.splyt.com/blog/2014-05-16-optimizing-aws-nss-softoken I would also appreciate others insights on the subject :) HTH, -- Shimi On Fri, Aug 29, 2014 at 11:41 AM, Omer Zak w...@zak.co.il wrote: I have a 8GB PC which runs Linux Debian Jessie with KDE 4.4. My problem is to find out who is occupying almost 4GB memory some time after rebooting, even when nothing heavy is running. The heaviest applications that I run are: - A VirtualBox virtual machine occupying 3GB memory - Google Chrome browser (version 37.0.2062.94, 64-bit) - Evolution 3.12.2. However, even when they are closed, a lot memory is still reported to be in use. My question is: besides top, what tools can be used to find who is using all this memory? The next question, of course, is how to get rid of those memory hogs without destabilizing the system. --- Omer -- More proof the End of the World has started. Just saw this online: I think it's beginning! Ten minutes ago there was a group of people waiting at the bus stop outside my house. Now, they're all gone! My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: cgi bg
On Mon, Aug 25, 2014 at 10:25 AM, Erez D erez0...@gmail.com wrote:
hi
i have a php cgi scripts that
1. generates an http response , this takes less than a second
2. do some stuff that may take some time, lets say a minute
when posting to that cgi, although the html is returned in less then a
second, the request is not closed until the minute has passed.
The request will end when PHP will tell its upstream that it has ended.
After all, it may still produce output, which the client is supposed to
receive.
i want the http transaction to be closed when done (i.e. less than a
minute)
but the php script to continue it's action (e.g. the minute it takes)
can i do it in php ? i.e. flush, or send eof, which will finish the
request but leave the php running until done ?
You could at the worst case execute the code from an external file with a
system() and backgrounded (append to the command), a solution that will
always work (but is ugly).
An alternative approach which was possible in the past was to use
http://php.net/register-shutdown-function to handle the request 'cleanup'
(which is what I assume you are trying to do) - but since PHP 4.1 this
stuff is no longer possible because now this can also send output to the
client. Assuming you have a newer PHP... which is highly likely... you
could try this instead:
?php
ob_end_clean();
header(Connection: close);
ignore_user_abort(); // optional
ob_start();
echo ('Text the user will see');
$size = ob_get_length();
header(Content-Length: $size);
ob_end_flush(); // Strange behaviour, will not work
flush();// Unless both are called !
// Do processing here
sleep(30);
echo('Text user will never see');
?
( Shamelessly copied from http://php.net/connection-handling )
The idea is to buffer all the response in memory, then measure the buffer
size of the response, then tell that to the server/client, and also let the
connection to not support keep-alive. Then throw everything to the client.
Since the response is of a given size, and the server/client has got all of
it, it has nothing to do further with the server, so it has no reason not
to close the socket.
HTH,
-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Hebrew File Names
On Thu, Aug 21, 2014 at 10:21 AM, Aharon Schkolnik aschkol...@gmail.com wrote: Hi. I have some files with Hebrew names on an NTFS file system. The file system is accessible from Linux but not from Vista (on the same box) - Vista doesn't have a driver for the SCSI controller. I want to transfer the files to a SATA disk on the same box - which is accessible from Vista. I tried tarring the files, but the Hebrew file names were unreadable under Vista. I tried this line in my fstab, but it didn't help: UUID=F2ACCD26ACCCE5E7 /WindowsD/ ntfs ro,nls=iso8859-8,users 0 0 I believe NTFS uses UTF-16 for filenames, not iso8859-8 ? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: diff/patch rootfs
On Thu, Jul 10, 2014 at 9:08 AM, Erez D erez0...@gmail.com wrote: hello i am dealing with rootfs images i install on embedded linux from time to time i update the rootfs - add some file, remove other, update others, mknod etc ... currently, when i do this, i need to reinstall the image i am looking to create a patch, i can patch an old rootfs to update it however, diff does not handle create file, remove file, special files and binary files very well i am looking for a tool that can do that. anyone ? If modifying an _image_ is your purpose, and you want to avoid distributing the whole image, and you can do that 'offline' (i.e. you have two partitions, one active, second for upgrade and boot from - so you don't touch a system with a mounted filesystem), and you have your way to manage this versioning (i.e. you know for a fact what the previous image blob is, so what you need is really the blocks that changed from it) - maybe take a look at http://xdelta.org/ -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced dhcpd.conf
On Tue, Jun 10, 2014 at 8:29 AM, Erez D erez0...@gmail.com wrote:
On Mon, Jun 9, 2014 at 10:31 PM, shimi linux...@shimi.net wrote:
On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote:
no, i want:
host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address
10.0.5.1 }
host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address
10.0.5.2 }
host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address
10.0.5.3 }
...
host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
10.0.5.254 }
If it doesn't work out...
php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0',
STR_PAD_LEFT). { hardware ethernet
00:11:22:33:44:.str_pad(dechex($id), 2,
'0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;'
-- Shimi
thanks.
i didn't want to do this that way
I understand that. But sometimes the trivial solutions work best [not to
mention it took me 1 minute] :)
This was just a suggestion for the case you can't get your way to work
eventually and do need a solution to the problem you're trying to solve.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced dhcpd.conf
On Mon, Jun 9, 2014 at 6:15 PM, Erez D erez0...@gmail.com wrote:
no, i want:
host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
...
host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
10.0.5.254 }
If it doesn't work out...
php -r 'foreach(range(1,254) as $id) echo host vm.str_pad($id, 3, '0',
STR_PAD_LEFT). { hardware ethernet 00:11:22:33:44:.str_pad(dechex($id),
2, '0', STR_PAD_LEFT). ; fixed-address 10.0.5.$id }\n;'
-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: self mail hosting
On Sun, Jun 8, 2014 at 7:42 PM, Guy Gold guy1g...@gmail.com wrote: Using a globally recognized smart host makes the most sense, technically and financially. And then, there's The Cloud (TM). http://aws.amazon.com/ses/ -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Googlebot searching for .../bin/en.jsp
On Tue, May 20, 2014 at 10:15 AM, Rabin Yasharzadehe ra...@rabin.io wrote: I have installed fail2ban on one of my servers, and created a set of rules to block some request the (from my point of view) looks like probing attempts. One of the rules is to block on site, any request to *.jsp which i don't have on this server. Today i got a mail about a blocked IP which belong to Google (based on whois). # whois 66.249.79.57 can any one tell me, why Googlebot will search for something i don't have any reference to in my site? The .. does look strange, I think Googlebot always use Canonical URLs in general... Just a note: The fact that there's no reference in your site (if that is indeed a fact...) - does NOT say that there isn't such a reference in any other site on the Internet... Note that Google also has GCE - I would assume the netblocks for GCE would also say Google... maybe it's a crawler which is not really Googlebot, rather than an impersonator running through GCE... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: Cell phone service providers
Hi, Try doing manual network selection, and choose the one in which your handset is always on roaming (the r doesn't turn off) on. Might require trial and error. Best to try in a location when the R is off (where Golan has their cells) Most issues are derived from hopping between Golan cells and Cellcom cells. When you force it to roam all the time (stay on Cellcom's antennas), you have coverage nationwide so no black spots that require hopping inter-carrier... Good luck (Golan user from day one of the network giving public service) On 20 Apr 2014 10:30, Mord Behar mord...@gmail.com wrote: After two months on Golan, my results are as follows: About 1 in 3 calls has a problem. A problem is either garbled audio, a lack of connection or a disconnect. There seems to be no correlation between problems and the carrier at the other end. Obviously garbled audio is more common than disconnects. The ratio is approximately 1:7. Text messages are unreliable. I receive them 3-4 minutes before they are sent (the timestamp from the server) and they often (unfortunately I have no numbers for this) take several hours to arrive. The cellular internet is noticeably slower than our previous provider (Pelephone) and coverage is worse. The network time does not work. At all. Not even a little bit. Neither my Nokia candybar nor my wife's Samsung II s2 updated the DST. In summary: you get what you pay for. The 10 NIS a month plan is great for me, since my phone doesn't really do internet. For that price I'm willing to accept service problems. The 60 NIS plan for my wife is borderline okay. If the service gets a little bit worse we'll need to reevaluate. I hope this helps someone in the future. Thank you everybody for your input. We went with Golan. One phone the 59 NIS a month unlimited plan, the other the 10 NIS a month plan. On the 10 NIS phone I'm trying to keep track of dropped and garbled calls, as well as good calls. Not exactly scientific, since I forget a few and I don't always know the carrier on the other end. But maybe it will help somebody in the future. On Tue, Feb 11, 2014 at 8:15 PM, Beni Cherniavsky-Paskin beni.cherniav...@gmail.com wrote: + Golan also have the nice property that they throttle you if you exceed 3G instead of charging huge overage fees. I guess throttling = 2G speed, which is barely usable, but I'm more concerned with paying a predictable bill — an option to hard-limit data usage would also be acceptable. e.g. Rami Levi told me they don't have a have a hard-limit option, I have to monitor my usage (and they'll send me SMSes when I approach the limit). It's easy enough to set up a limit in android, just made me a little annoyed as an approach. - What annoyed me more with Rami Levi was when I upgraded the data plan in the middle of the month (1G-5G IIRC) and they charged me some overage at that moment because my usage since the start of the month exceeded 1G * portion of the month. Pre-paid plans guarantee a predictable bill, of course. But these cost more at all providers. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sending to same dest via different interfaces
First Google result for raw sending packet linux might help: http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/ The other way is to do normal packets, and modify the kernel routing behavior in between (like with 'ip rule'...) - your choice which option to choose :) -- Shimi On Tue, Mar 4, 2014 at 10:02 AM, Erez D erez0...@gmail.com wrote: Hello I have 2 external interfaces via two eth cards, both connected to the internet I want to send a udp packet to same host:port, but choose dynamically which interface to use. can this be done with linux, and how ? 10x erez. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: OT: wiki hosting
On Fri, Feb 28, 2014 at 10:29 AM, Mord Behar mord...@gmail.com wrote: Does anybody have any experience with free (ad-supported) wiki hosting? Looking on https://www.mediawiki.org/wiki/Hosting_services I see that there is a large selection of possibilities. Has anybody used any of these? Heard about any of them? I know that an alternative is to buy some cheap web hosting and do it there, but it seems a waste if all I want is a wiki... Seen Wikia as the domain in many Google search results... not sure I've ever encountered any of the others on the list. Not that this says anything :) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Chinese KitKat
On Mon, Jan 6, 2014 at 4:07 AM, geoffrey mendelson geoffreymendel...@gmail.com wrote: No manufacturer is updating their Android 2 phones to Android 4, however most Android 4.1/4.2 phones (Jellybean) are giving their owns the option to update to 4.4 (KitKat). That is an interesting claim; Given that my Galaxy S2, originally running 2.3.4 (Gingerbread), now runs 4.1.2 (Jellybean) with a *stock* ROM from the manufacturer... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Android and the 64 billion bytes question.
On Thu, Oct 10, 2013 at 9:35 AM, geoffrey mendelson geoffreymendel...@gmail.com wrote: On 10/10/2013 8:50 AM, Ira Abramov wrote: I also thought splitting the card into two 32G partitions could save me from loosing more than one partition at once, if anything bad happens. Unless it is a software error, it is unlikely that if one partition goes on the card, the other will survive. Remember that memory cards are not like disk drives. Data is not stored sequentially, but randomly and the hardware keeps track of the location of it. This is so that sectors that are often written such as the FAT (or the equivalent in that particular file system) do not die quickly from being written to too often. Unless the part of the media that got broke happens to be on your current location of the File Allocation Table... if memory serves me right, there's no multiple copies of the superblock-ext-equivalent in FAT... Flashback from the past: Problems in sector 0 on floppies :) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Android and the 64 billion bytes question.
On Thu, Oct 10, 2013 at 9:54 AM, geoffrey mendelson geoffreymendel...@gmail.com wrote: On 10/10/2013 9:48 AM, shimi wrote: Flashback from the past: Problems in sector 0 on floppies :) I guess Peter Norton isn't Jewish. Or as a less obscure reference, the Norton Utilities to read the SECOND FAT did not make it to Israel. Like a backup superblock, DOS has a backup FAT. I stand corrected then. Does make me wonder how so much important stuff got lost over the years if there are two copies (maybe they're at the same disk area, and thus, was a lousy backup to begin with?) when only sector 0 got bad (probably due to multiple writes on the same area...) Still, I would prefer two partitions if switching between them is rather easy. Personally I would probably instead buy two 32GB cards which is less putting all your eggs in one basket, but that's not what the OP wants, it seems :) ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Winter clock issues in linux
On Sat, Sep 7, 2013 at 8:45 PM, Geoff Shang ge...@quitelikely.com wrote: Hi, Apologies for not reading the rest of my mail but I wanted to answer this. On Sat, 7 Sep 2013, Amichay P. K. wrote: Will the Israeli winter clock changes have any effect in linux? Do you consider it safer to change the location to Greece? http://www.themarker.com/**technation/1.2111316http://www.themarker.com/technation/1.2111316 I'm running Debian Squeeze and the timezone database is fine. But I do subscribe to Debian updates. If you want to be sure, run this command: tzdump -v Asia/Jerusalem |grep 2013 It should output something like this: Asia/Jerusalem Thu Mar 28 23:59:59 2013 UTC = Fri Mar 29 01:59:59 2013 IST isdst=0 gmtoff=7200 Asia/Jerusalem Fri Mar 29 00:00:00 2013 UTC = Fri Mar 29 03:00:00 2013 IDT isdst=1 gmtoff=10800 Asia/Jerusalem Sat Oct 5 22:59:59 2013 UTC = Sun Oct 6 01:59:59 2013 IDT isdst=1 gmtoff=10800 Asia/Jerusalem Sat Oct 5 23:00:00 2013 UTC = Sun Oct 6 01:00:00 2013 IST isdst=0 gmtoff=7200 And if you have Geoff's output, then your clock would be moving at the wrong time[1] :) This is with a really up to date timezone data: $ /usr/sbin/zdump -v /etc/localtime | grep 2013 /etc/localtime Thu Mar 28 23:59:59 2013 UTC = Fri Mar 29 01:59:59 2013 IST isdst=0 /etc/localtime Fri Mar 29 00:00:00 2013 UTC = Fri Mar 29 03:00:00 2013 IDT isdst=1 /etc/localtime Sat Oct 26 22:59:59 2013 UTC = Sun Oct 27 01:59:59 2013 IDT isdst=1 /etc/localtime Sat Oct 26 23:00:00 2013 UTC = Sun Oct 27 01:00:00 2013 IST isdst=0 (you can use Asia/Jerusalem too, but make sure /etc/localtime indeed contains the content of /usr/share/zoneinfo/Israel or /usr/share/zoneinfo/Asia/Jerusalem - or a symlink to one of them.) You need version *2013d* of the database if you want the latest Israeli law. -- Shimi [1] http://www.justice.gov.il/NR/rdonlyres/FCE198C8-66FD-4AA8-AB9D-958264583207/41529/2401.pdf#page=8 ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Winter clock issues in linux
On Sat, Sep 7, 2013 at 9:00 PM, Hetz Ben Hamo h...@hetz.biz wrote: Shimi, 2013-c2 updates (available for centos 5.x/rhel 5.x) should be sufficient too. I used the official timezone database naming convention ( http://www.iana.org/time-zones), not a specific distro. And the official version where Israel's latest timezone got included, is 2013d, like I said. Source: http://mm.icann.org/pipermail/tz-announce/2013-July/12.html I checked http://mirror.centos.org/centos/5/updates/x86_64/RPMS/tzdata-2013c-2.el5.x86_64.rpmand the file does have a timestamp of a couple of days after the above announcement (unfortunately, my zdump can't read it, so I can't tell for sure what's inside...) - and if you say you have checked and it shows Oct 27th as the day we move to IST... great. Why can't RedHat/CentOS call a file originating from upstream 2013d by a name that suggests the origin version name (if that is indeed the case), like 2013-d (if they must add extra dashes) - is beyond me. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: password managers
On Tue, Sep 3, 2013 at 8:16 PM, Michael Shiloh michaelshiloh1...@gmail.comwrote: does lastpass automatically sync between these devices? that would be worth $12/year for me, since Ubuntu One is not always reliable on my phone. SuperGenPass is a JavaScript bookmarklet, that runs on every modern browser, and doesn't need to sync anything; It simply generates the same password for the same domain based on the same master password, locally on your device. Price: $0/year. There's even a Hebrew version which I translated (pass.shimi.net) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: List of Israeli contributions to open source/Linux/Mint?
On Fri, Aug 16, 2013 at 12:21 PM, Amos Shapira amos.shap...@gmail.comwrote: I then remembered (or think that I remember) that back when all the shitstorm was happening someone on this list proposed a very cunning response - a list of technologies/software/hardware made in Israel or contributed to by Israelis which should be reconsidered if used by the said individual or his distribution. But alas, I can't find it now, even with all my Google foo. Does anyone know what I'm talking about? If you mean in general (not Linux/Mint) Israeli innovations, maybe you mean this: http://www.youtube.com/watch?v=AbIQto3KPUM ? (though, I am not sure the list there is 100% accurate...) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mageia3 doesn't like my Palm Zire 72
On Sun, Aug 11, 2013 at 8:50 AM, Shlomo Solomon shlomo.solo...@gmail.comwrote: strange - I get conflicting results. [solomon@shlomo1 ~]$ id uid=500(solomon) gid=500(solomon) groups=500(solomon),418(vboxusers) [solomon@shlomo1 ~]$ groups solomon vboxusers [solomon@shlomo1 ~]$ cat /etc/group |grep solomon dialout:x:83:solomon solomon:x:500: vboxusers:x:418:solomon On the other hand, you're right - this is a permissions problem. I tried the same command as root and it worked. I take it you added yourself to the 'dialout' command only after my e-mail? If so, you need to re-login (or 're-pass' through root) in order to 'obtain' your group memberships to the active process tree. You could su to root and then su to solomon from there, for example. Both your 'group' and 'cat' commands read configuration files, while 'id' actually uses system calls to read information on the currently running process to print out whatever they print. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mageia3 doesn't like my Palm Zire 72
On Sun, Aug 11, 2013 at 9:03 AM, shimi linux...@shimi.net wrote: Both your 'group' and 'cat' commands read configuration files, while 'id' actually uses system calls to read information on the currently running process to print out whatever they print. Correcting myself (my excuse: haven't slept all night...) - only the cat reads the configuration file. 'groups', like 'id', uses the getegid() system call ... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mageia3 doesn't like my Palm Zire 72
On Sun, Aug 11, 2013 at 6:58 AM, Shlomo Solomon shlomo.solo...@gmail.comwrote: I'm trying to connect my Palm Zire 72 (yeah - I know - who uses an 8 year old Palm device?). The following command worked on my old Mandriva 2011 but not on Mageia 3. [solomon@shlomo1 ~]$ pilot-xfer --list --port=ttyUSB1 Unable to bind to port: ttyUSB1 ls -laR |grep ttyUSB1 crw-rw-r-- 1 rootdialout 188, 1 Aug 11 06:37 ttyUSB1 lrwxrwxrwx 1 root root 10 Aug 11 06:37 188:1 - ../ttyUSB1 I notice you're not root. Is the user 'solomon' member of the group 'dialout'? check out the 'id' command. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: how to determine PSU wattage
On 1 Aug 2013 12:29, Oleg Goldshmidt p...@goldshmidt.org wrote: shimi linux...@shimi.net writes: Assuming you can indeed measure the consumption of ALL the components on your computer (which I believe you cannot) - you still need to account for energy being converted to plain heat inside the PSU itself. This can easily get to 20% or even more on lousy PSUs. As I mentioned, I was onlyinterested in the Watts for which the PSU was rated, nominally. I solved the problem by powering the box off, popping it open, and looking around. I was hoping for some vendor info (a googlable make+model?) accessible by management software, but I guess there isn't. Thanks, problem solved. My bad for mis-reading that. The number written on the sticker never has any true meaning (read: it's false). I guess that's why it never occurred to me that this is what you're looking for... If you're looking for an equivalent PSU you must buy the exact same model - not same wattage... ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: how to determine PSU wattage
On 1 Aug 2013 12:48, Oleg Goldshmidt p...@goldshmidt.org wrote: shimi linux...@shimi.net writes: If you're looking for an equivalent PSU you must buy the exact same model - not same wattage... No, I wanted to plug in another PCIe card and I wanted to estimate roughly which models my existing PSU could handle. I just fired up one of those minimal power requirements calculators on the Web. I am guessing that a rough estimate (is it a 400W, 600W, 800W PSU?) should be OK for the purpose. Not really. What you really should be looking at is the maximum amperage on the specific voltage rails you're going to use... the total maximum of all rails is meaningless... if you don't have enough amperes on the specific voltage you actually consume from... and if the PSU doesn't have protection, you might even fry it... ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: how to determine PSU wattage
On Wed, Jul 31, 2013 at 7:35 PM, Oleg Goldshmidt p...@goldshmidt.org wrote: Hi, Is there a way to determine the nominal PSU power without taking the computer apart (actually, preferably without powering it down)? Is there any vendor information that Linux could in principle read? It's a vanilla home desktop, not a brand name server. I know of dmidecode and lshw, but neither returned anything for PSU. There is nothing on the outside of the PSU that I can find (well, it does say 220Vac). Can acpid help? Am I out of luck? Assuming you can indeed measure the consumption of ALL the components on your computer (which I believe you cannot) - you still need to account for energy being converted to plain heat inside the PSU itself. This can easily get to 20% or even more on lousy PSUs. Products such as this: http://www.powersaver.co.il/pl_product~EM-IL-01~3~0.htm will tell you how much the device really takes from your wall socket (not including heat wasted on wires resistance from IEC's meter to your socket ;))... HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Mobile phone question
On Sat, Jul 27, 2013 at 3:39 PM, Zvi Grauer zvi.gra...@gmail.com wrote: I am a happy user of Samsung mini with android, and golan telecom service. However, my wife is looking for a better phone (we live abroad in the process of moving to Israel), and was told to look for refurbished older models of Apple's iPhone - without a SIM (chip) in the US for the best prices. Be advised that some phones (this is especially true for Apple products in the US, with their ATT deal, I think...) are locked to the original Cellular Carrier that sold them to the customer; As such you'll not be able to use them in any other carrier, unless you break them, a task you may, or may not be, successful in. If you're not successful, then it would be a pricey paperweight... Any advice which model is most cost effective, and what technology it has to have in order to be used in Israel (GSM, G3, G4, what not - I don't know what all this means, quite frankly)? The 2nd issue is the frequencies; Not all companies work with all of them. Not all companies provide 2G (everything that sits on Pelephone's infrastructure - Pelephone themselves, Rami Levy, HOT Mobile, Cellact - will not work on 3G phones) See list here: https://en.wikipedia.org/wiki/Mobile_country_code#I (and verify with other sources for the carrier you finally select; I have seen errors there regarding Golan, which I fixed...) What it mostly means (for you, as a user) - the higher the generation, the higher maximum bandwidth you can get with the cell tower; That does not mean that a network with 3.9G will necessarily give you better Internet performance than a 3.5G network - it really depends on how much BW they get to their cells, and how many customers (ab)use it besides you... Old 2G phones probably have better reception than the new smartphones, due to usage of the sub-1GHz spectrum. Rumor has it, that those frequencies penetrate walls better... they also definitely have a much longer battery life, due to the huge colorful LCD screens power consumption... but unfortunately, 2G won't be here forever; Eventually carriers will want to clear this spectrum for other stuff, given the very low amount of subscribers still using it - something that already happened in the US, and I do not see a reason for it not to happen in Israel. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Permissions to access USB camera under debian
On Tue, Jul 2, 2013 at 8:09 PM, Micha Feigin mi...@post.tau.ac.il wrote: Hi All, I'm trying to connect a camera (Mesa Imaging Swissranger specifically) to a Debian unstable box. I'm getting an error that the user does not have permissions to open the USB device (needs read/write access). Couldn't find any relevant group to add my user to to solve the problem. Any idea as to how to grant access? I've manged to get some information when running as sudo although it still was a bit problematic, and I'd rather explore the issue as a regular user and not root. Do you have a 'camera' group? Alternatively you could look for *v4l* and *video* under the /dev tree... HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Permissions to access USB camera under debian
On Tue, Jul 2, 2013 at 8:41 PM, Micha Feigin mi...@post.tau.ac.il wrote: Doesn't seem to be a camera group (there is a camera user, which may affect that), no v4l and video under the dev tree. Only thing I found that changes under dev during connection is these two files: lrwxrwxrwx 1 root root 18 Jul 2 13:35 /dev/char/189:389 - ../bus/usb/004/006 crw-rw-r-T 1 root root 189, 389 Jul 2 13:35 /dev/bus/usb/004/006 So I don't think that it shows up as a camera but rather as a USB device (which makes sense as it's a depth camera that returns three images per frame with some extra related parameters, not a regular camera) Looks like I need to change something in the system setup to change the default group or something similar Device shows up as this: 1865748.404803] usb 4-2: new high-speed USB device number 6 using ehci-pci [1865748.537404] usb 4-2: New USB device found, idVendor=1ad2, idProduct=0075 [1865748.537410] usb 4-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [1865748.537413] usb 4-2: Product: 3D-SR4000 [1865748.537417] usb 4-2: Manufacturer: MESA If you want to control the default owner/group and/or permissions of devices as they're discovered based on their characteristics, probably udev's rules[1] is what you're looking for. HTH, -- Shimi [1] http://www.reactivated.net/writing_udev_rules.html ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: help with conserver
On Mon, May 20, 2013 at 3:19 AM, Ido Admon ido...@gmail.com wrote: dear linux-il folks, i thought i might try here before the conserver mailing list. i have a nice little setup of a soekris net4801 (http://soekris.com/products/net4801.html) that serves (with a minimal debian and mpd) as a music box. the only way to communicate with it other than networking (wlan or ethernet) is the serial console. now,occasionally, i want to access the console without hooking up the serial cable, because i'm lazy. i found conserver (http://www.conserver.com), which is supposed to do just that - allow remote access to the actual console device. the problem is it doesn't work for me for whatever reason. i'm able to connect to the server, attach to the console, but then it freezes and i can do nothing except use the escape sequence to quit. if i'm already connected at the same time to the console with the cable (of course it can't really work together, this is just for testing), i can actually see characters being sent to the console, but with no apparent response, as if it's just displayed instead of being taken as commands. But is the console actually 'listening' ? I mean, do you have [a]getty running and everything? (see http://www.cyberciti.biz/faq/howto-setup-serial-console-on-debian-linux/) I would assume that it is, because from your wording, I understand that sometimes you do use the physical serial connection with success... but I have to ask. The next question would of course be if conserver console was set to type 'device' and the device path was set to the device file name of a serial console listening with the aforementioned getty ? And the buadrate, start/stop bit, parity, all match to what has been set on getty? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: help with conserver
On Mon, May 20, 2013 at 7:25 AM, Ido Admon ido...@gmail.com wrote:
hi shimi, thanks. yes, i'm sorry if i wasn't clear enough. the console
is working flawlessly when physically connected. here's my
conserver.cf (192.168.43.168 is my laptop):
root@krzysztof:~# cat /etc/conserver/conserver.cf
# The character '' in logfile names are substituted with the console
# name.
#
config * {
}
default * {
logfile /var/log/conserver/.log;
timestamp ;
rw *;
}
console serial {
master localhost;
type device;
device /dev/ttyS0;
baud 19200;
parity none;
}
access * {
trusted 192.168.43.168;
trusted 127.0.0.1;
}
and the relevant line in inittab:
root@krzysztof:~# grep ttyS0 /etc/inittab
T0:23:respawn:/sbin/getty -L ttyS0 19200 vt100
and what setserial says:
root@krzysztof:~# setserial /dev/ttyS0
/dev/ttyS0, UART: 16550A, Port: 0x03f8, IRQ: 4
thanks again!
ido
ok, i'm an idiot. of course /dev/ttyS0 is not the console itself but the
serial device. that's not going to work. but /dev/console doesn't work
either, and it seems that conserver can't actually do what i want,
which is to access the local console, not some other server connected
via the serial port. i'm not sure how, if at all, it can be done.
Truth to be told, I really did wonder how this is supposed to work (I never
used conserver; What you're trying to do is typically done in the IT world
by devices like this:
http://www.perle.com/products/IOLAN-DS-Terminal-Server.shtml ... usually
with 16 ports and beyond...) - but I assumed you researched this and found
that it's supposed work :)
I have to wonder, what is so special on the serial console that you want to
specifically use it? I mean, if you have to go over IP anyways, what does
it matter if it's 'serial' or not? The usual advantage of serial (IMHO) is
being out-of-band and not dependent on the machine's networking
configuration, which is not the case here, obviously. The other is maybe
the output of kernel messages (but that goes into files, or even to remote
machines if set up correctly).
Maybe you don't want the SSH encryption overhead? You could run telnetd
instead... or conserver can be used with 'exec' instead of 'device' if you
want the parallel connections feature.
So, what is the purpose? :)
-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: power failure - no keyboard in grub menu
On Wed, Apr 24, 2013 at 10:03 AM, Gabor Szabo szab...@gmail.com wrote: hi after a power failure when I try to boot my Ubuntu 12.04 machine it displays the Grub menu but it does not react to any keyboard combination I tried. If I press Del earlier, it does get in the BIOS and there I can use the keyboard, so it does not seem to be a hardware issue, but in the GRUB menu no reaction. So this things seems to be stuck. Any idea what could I do? Check your BIOS for an option that blocks keyboard until the OS is up. This bit may have been flagged in the BIOS memory by the power glitch. If you can't find it, you can simply try to restore your BIOS to factory/fail-safe conditions, or disconnect it from mains, pull out the CMOS battery for a minute or so, and then return it.. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Cloud Backup
On Sat, Feb 23, 2013 at 6:15 PM, Nadav Har'El n...@math.technion.ac.ilwrote: Hi, I'm looking for a cloud backup solution for Linux, where I'll be able to use rsync, sftp (and similar utilities) to a remote server to back up by files, and when needed, look at individual files (e.g., using sshfs) or restore all my files. I am *not* looking for a solution based on special purpose (and usually, closed source) utilities or daemons that attempt to decide for me what to back up and when - I want to be of full control of this process. For the last 3 years, I've been using the services of rsync.net, and they're doing exactly what I want. However, the storage price I pay them is 40 cents per gigabyte per month, is 4 times that of Amazon's, so I think there must be a cheaper solution. One thing I've been thinking - wouldn't it be fairly easy to store my files on Amazon's S3 or even more simply EBS, and then run rsync server on a micro instance on EC2? Sounds like a cheap, convenient backup solution for Linux diehards like myself, and I wonder if anyone has done this before and then I won't need to code this myself? There's http://s3rsync.com - they allow you to use rsync and they act as a layer to S3 Not sure if their pricing model (especially 'to be consumed within X days from the prepayment) fits you, however. and obviously the data goes through them... but that didn't disturb you in rsync.net, so I am suggesting it. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: Dear Linux-IL colleagues, An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries. His Israeli service providers have responded to these attacks by cutting off his service. Is there someone in ISOC-IL Don't know (even if they would, what power do they have? besides being the .il domain registration expensive monopoly) or the police who will take a complaint seriously? They most probably won't. Not to mention that even if they would, you can't police foreign countries. You need Interpol. Do you think that's gonna happen? I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service. Did he read his contract? Did he notice if the customer becomes a detriment to the network... clause? Does his ISP need to suffer because of his business? Bandwidth cost their money. Denial of service can cause issues to other customers, and ISP might be hurt financially via lawsuits from said customers. Will he compensate ISP for that? What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 8:52 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: Hi Shimi, You are suggesting that there is no recourse to DDOS attacks, that Israelis are fair game for foreign attacks and it is no one's business except for the victim. Hi Jonathan, Yes, I believe that's the situation. Don't confuse my response with 'what should be', rather than 'what will happen'. I'll give you some story - and while this is merely _one_ example, and while one may not conclude from a single occasion to any other event in life - I have yet to have heard in the media for an opposite case[*] - so I *suspect* that is the norm. Here's the story. As part of both my professional (for pay) and hobby (free) work, I run servers on the Internet, just like your friend. Many years ago (almost a decade), someone defaced a site I did the IT for. He didn't get in by cracking through the OS / webserver stack. It was a 'shelf-product' that ran the site, and that product had bugs. Pretty much written by a lousy programmer, and there wasn't much to do about that - code reviewing everything didn't make sense, given the size of this and the resources we had as a free website (part of the reason the platform was dumped eventually). Now, since only the specific application was sabotaged, there weren't issues of privilege escalations etc, so we had server logs. We found the relevant entries that caused the crack, learned what the attacker did, found the relevant Perl code bug, closed it, and then restored a backup. Funny thing, the IP address of the attacker was one from Netvision's static pool. To save future headache (assuming the guy will find more bugs), an iptables (or was it ipchains back then? I don't remember) rule was added to block this IP. Then, after a 'view' command for iptables - it did the natural thing and showed the reverse DNS of that IP. Apparently, Netvision on many occasions set reverse DNS for fixed IPs to the name of the customer. So I knew who was the customer. It had been a competitor of the cracked website. A copy of all the logs, with an explanation what was done, how it was then, when, from where, THE IDENTITY OF THE ATTACKER, were all compiled to a long complaint which was filed with our Israeli Police. A couple of weeks later, the police sent the site owner a letter, telling him that the case is closed, due to the lack of interest by the public. This is for something that happened completely in Israel, where they had the suspect handed to them on a plate of silver, and they did nothing. This is why I wouldn't hold my breath... [*] Exceptions I have seen were PR could be generated. Such as the Trojan Horse story: http://www.ynet.co.il/home/0,7340,L-3439,00.html ...or when the DoS is directed at the Government or one of its sub-organizations... Does your friend's case constitute one of the above? The ISP does need to suffer in this case, in that the ISP has allowed an act of war to be committed through his service. I see little difference between this and the cab drivers who transport illegal workers from the Palestinian territories to jobs in Israel. We require the drivers to take some responsibility for whom they transport. Going to take someone from a forbidden territory is not the same like being a transparent transit for something. They're not willingly doing that! Believe me, if there would be a block DDoS command on every route out there, EVERYONE would enable it. But this requires effort. Sometimes a lot of it. Sometimes beyond the capability of the ISP, simply because the vast amounts of traffic crossing their links, due to that customer. Even if you drop the traffic at your border, you still wasted International bandwidth for it, a scarce resource as it is... I am suggesting that ISP's be charged with some level responsibility for investigating and reporting these attacks. That's in the national interest. I suspect that in the cases of large institutions, even non-governmental institutions such as banks, that there is in fact some national response, but that this protection is not currently extended to smaller players. If a rocket hit's your home you get some protection at the national level. If a DDOS attack from a hostile government attacks your business, it's not in the national interest to provide some level of protection? Do you know a law that tells them they should do so at a discretion of the customer? If not, there's nothing much you can do. ISPs live on very low margins in the hosting business (for the best of my knowledge...) - what interest do they have to spend their dollars on a customer that just causes them trouble? (Seems most websites don't get DDoSed... there are reasons why people get DDoSed...) Of course, he can go for a court order (maybe through police). Let's say he has the IPs in China, Arab countries etc etc of the attackers. What's next? How will you stop the DDoS? Mind you, the DDoS comes from infected computers, and you'll
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. For example? http://www.prolexic.com/services-dos-and-ddos-mitigation.html Not a recommendation in any way, just an example. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%** D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... Good luck! -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham y...@tkos.co.ilwrote: On Sun, 27 Jan 2013, shimi wrote: Date: Sun, 27 Jan 2013 00:30:02 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%* *D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Hi Shimi, This law is in fact applied to ongoing crime as well as futire crime. It's not enough that you know someone has been trafficking Ukrainain girls for two years already to exempt you from reporting it if you find out about it. This is not an ongoing crime. Your friend server is offline, the attacker noticed and stopped bombarding. ISP is happy. That's the reason they disconnected your friend at the first place - they knew their infrastructure will no longer be attacked when they do. This is the reason why people DDoS in the first place! Because it works... Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... It's is enough for the victim to be affected in Israel for it to be a crime in Israel. This may be true (I don't know our law. it was more of a quandary). Still, jurisdiction over the entire Internet, not located in Israel? That's not simple! I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... I'm wondering if there isn't a public policy initiative that we should be pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's necessary, but sometimes concrete action is required. The problem here is that some small players are getting soaked disproportionately for the county's wars. I already asked and couldn't see your answer, so I will ask again: What actions do you want your government to do against the computers in China, North Korea, or Arab countries? Please elaborate. Don't just say that 'someone needs to do something' - tell us what can they do that they don't, that would help in situations like this... also tell us what should they do after they somehow made 20,000 computers clean, just to realize that in a keystroke, the attacker infected 20,000 other computers, and all what they, basically had no influence whatsoever. b.t.w. why are you so sure that those are country's wars ? Running an innocent IRC server is very likely to get you DDoS'd too. A decade ago, DALnet, the biggest IRC network users-wise (AFAIK), had been on netsplit more time than not, because someone DDoS'd them. For months. The network lost servers because ISPs that donated them didn't want the headache - their legitimate business got hurt. The network never recovered. At the top they had 100k users online globally. This second the number is 12,727 users. Israel was not a side... Your friend got DDoS'd because he got DDoS'd. The country he lives at had nothing to do with it. Unless of course he hosted specific websites that made people angry. If that was the case, it was his war, not the country's. Sof Ma'ase, Be-Machashava Techila... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT] Troubleshooting Bezeq Int'l problems
On Sun, Jan 27, 2013 at 8:59 AM, David Suna da...@davidsconsultants.comwrote: This is not directly related to Linux but the problem is also occurring on my Linux machines. Since people here seem to be very knowledgeable about how to diagnose and document problems with ISPs I am turning to your collective wisdom for some help. We have been using Bezeq Int'l as our ISP for years (ever since Actcom was bought out). For the most part we have been satisfied even if the Linux support in the early years was not the best. We are now connected with a 20Mb DSL connection. Recently I have noticed a problem with downloading certain zip file that the zip files end up truncated. I.e. rather than downloading a zip file of 1.2 MB the download completes successfully but the zip file will only be 800 KB and is obviously not usable. This does not happen on all zip files and it does not seem to be connected to a particular size of zip file (i.e. larger zip files will work sometimes). I have not been able to pin point a particular characteristic of the zip file that causes it to fail. Windows XP, Windows 7 and Ubuntu all encounter the same problem. However, if I connect my laptop via my phone's 3G network I am able to download the zip file without a problem. A second symptom that has come up recently is that when I have clicked on some links, instead of going to the requested site I am shown an error page from Bezeq Int'l saying that this site is dangerous and I cannot go there. If I hit the back button and try again I am able to get to the site without a problem. Putting these two items together I have come to the theory that Bezeq Int'l has updated their firewalls / anti virus software which is somehow causing both of these issues. Has anyone else using Bezeq Int'l encountered similar problems? Other than just calling and complaining are there any tools that I can use to further trouble shoot the problem? If the support people say it is not their problem I would like to have as much support as possible to force them to deal with the issue. Do you use Bezeq Int's DNS services? If so, try switching to 8.8.8.8 and 8.8.4.4, see if it helps. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Parts of the internet keep on disappearing on me
On Thu, Jan 24, 2013 at 2:53 PM, Shachar Shemesh shac...@shemesh.bizwrote: On 01/24/2013 02:44 PM, E.S. Rosenberg wrote: When you enable timestamps they don't match so the packet is discarded, this could be due to the ISP fiddling with the packets on the way. I know what timestamp is, and what it is used for. I have not, yet, rebooted to see whether this does not happen when the problem is dormant. What I told Shimi was that I want as much information as possible, and since he seems to know a bit about it, I would like to hear it all. If you want to know it all, I never did manage to penetrate the first-line representative (What's MTR? send me Windows traceroute so I can't see the instability over time!). Arguing with customer service is like fighting the Borg. Resistance is futile... So I solved it the way I know best: If you can't change them, show them you put your money where your mouth is. Just like I did to Orange. I am waiting for the day that most people in Israel would be like that, but unfortunately, that day does not seem close :( We only care about substantially lower price to make a difference... like what was caused by Golan T. Some people not even that (still pay 100NIS/mo. for even sometimes a LIMITED cell line...) Now I am connected through another ISP (which funnily enough, uses BezeqInt for Intl' traffic, at least per traceroute, and is actually cheaper...), and the problem is gone[*]. Now you know how I knew you were there... -- Shimi [*] Of course, that may have been sheer luck. It might happen to me again one bright day in the future :) But for now, it probably simply doesn't pass through their QoS engine, probably because the ISP has a fixed bandwidth with them, and they don't really care _what_ passes on the link... ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Parts of the internet keep on disappearing on me
On Thu, Jan 24, 2013 at 8:54 AM, Shachar Shemesh shac...@shemesh.bizwrote: Hail the conquering hero! Color me dumbfounded. Disabling TCP timestamps actually allows me to connect to Google. Reenabling them re-introduces the problem. The only question still remaining is why? I have up on the site two captures. One of the working session, and one of the not working session. To me, this still looks like a kernel bug. Get them: http://www.shemesh.biz/connection/working.dump http://www.shemesh.biz/connection/notworking.dump Ideas, anyone? Really have to go now, so I cannot take a look at the captures, but... You started the thread with This is NOT an ISP problem. Any chance you're using BezeqInt? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Parts of the internet keep on disappearing on me
On Sun, Jan 20, 2013 at 9:49 PM, Shachar Shemesh shac...@shemesh.bizwrote: Hi all, I have a really strange problem. On one of the computers in my house, parts of the internet keep on disappearing. Sometimes half the internet is inaccessible, and sometimes it's just a couple of sites (google is a favorite for this problem). This is, most definitely, NOT a router or ISP problem. Other computers on the same network are working fine. A virtual machine connecting via a bridge on the same network is working fine (via NAT it does not). Bringing the interface down and back up does not help. Existing connections remain connected, without a problem. The only thing that restores connectivity is rebooting (!!) There is nothing out of the ordinary in the routing table. Ideas? Does ping work when the internet is 'down'? If so, I would go for: TCP Timestamps, TCP SYN Cookies, Selective ACKs, Window Scaling try eliminating all of them ;) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: /proc/sys/vm/mmap_min_addr missing
On Mon, Jan 14, 2013 at 11:40 PM, Valery Reznic valery_rez...@yahoo.comwrote: Recently I stumbled upon some mystery that I can't understand. My Google search bring no results. I have 3 VM with different Linuxes that run under QEMU and now I noticed that all of them don't have /proc/sys/vm/mmap_min_addr files (/proc is mounted) Are you emulating ARM on the guests by any chance? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Off topic, but only a little since it's about hardware
On Sat, Jan 5, 2013 at 1:48 PM, Steve G. word...@gmail.com wrote: There is a whole lot of devices that are capable of being charged through a USB port - smart phones, iPod, iPad, Kindle and similar readers, etc. Is there a device that can be used as an external battery and/or charger for these toys? So when their battery runs out, I can plug the external battery through the device's USB connector and continue to use it/charge it? I am talking about a rechargeable, portable battery. Not a connector that plugs the device into an electric outlet or a car 12V plug. Those come with some of the devices already. If you know of one, please advise. This one does so, and can also be charged by the Sun: http://dx.com/p/solar-ac-powered-rechargeable-2600mah-portable-power-pack-with-charging-adapters-black-73468 * though I am not accountable for how good does it work,if at all :) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: SSD drives
On Sun, Dec 30, 2012 at 7:37 PM, Dan Shimshoni danshi...@gmail.com wrote: Thanks! Which File System do you have on your SSD, if I may ask ? Note that this is unrelated to the hdparm benchmark, which was on the device, and not through the filesystem layer :) # mount | grep sda2 /dev/sda2 on / type ext4 (rw,noatime,data=ordered) # tune2fs -l /dev/sda2 tune2fs 1.42.6 (21-Sep-2012) Filesystem volume name: none Last mounted on: / Filesystem UUID: [redacted] Filesystem magic number: 0xEF53 Filesystem revision #:1 (dynamic) Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg sparse_super large_file huge_file uninit_bg dir_nlink extra_isize Filesystem flags: signed_directory_hash Default mount options:(none) Filesystem state: clean Errors behavior: Continue Filesystem OS type: Linux Inode count: 1937712 Block count: 7743330 Reserved block count: 387166 Free blocks: 618763 Free inodes: 1445964 First block: 0 Block size: 4096 Fragment size:4096 Reserved GDT blocks: 1022 Blocks per group: 32768 Fragments per group: 32768 Inodes per group: 8176 Inode blocks per group: 511 Flex block group size:16 Filesystem created: [redacted] Last mount time: Sun Dec 30 18:19:33 2012 Last write time: Sun Dec 30 18:19:33 2012 Mount count: 4 Maximum mount count: 30 Last checked: [redacted] Check interval: 15552000 (6 months) Next check after: [redacted] Lifetime writes: [redacted] Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 256 Required extra isize: 28 Desired extra isize: 28 Journal inode:8 First orphan inode: 279868 Default directory hash: half_md4 Directory Hash Seed: [redacted] Journal backup: inode blocks -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: SSD drives
On Sun, Dec 30, 2012 at 6:26 AM, Dan Shimshoni danshi...@gmail.com wrote: Hi, 2 Questions about SSD drives: First, I would appreciate of someone who has SSD disk will run hdparm -t /dev/sda and post the results here. (In the spirit of the recent thread about HW for linux). I have /dev/sda: Timing buffered disk reads: 586 MB in 3.01 seconds = 194.68 MB/sec And it interests me to compare results An almost two years old Intel X25-E : # hdparm -t /dev/sda /dev/sda: Timing buffered disk reads: 714 MB in 3.01 seconds = 237.40 MB/sec # uname -a Linux matrix 3.6.2-gentoo #1 SMP PREEMPT Sun Oct 21 22:49:01 IST 2012 x86_64 AMD Phenom(tm) II X4 955 Processor AuthenticAMD GNU/Linux Does a result of, let's say, 400 MB/sec, which is double speed comparing the above result, will boost a task of building a linux kernel (on a dual core machine) in about 1.5 or 2? I really don't think so. SSDs (IMHO) makes computer much faster due to the VERY low seek time - the time it takes you to get a block. Compare 10-20ms with ~0.1ms. A regular hard drive simply wastes a lost of time seeking the data, instead of... reading it :) When you work with a lot of files, getting to the file fast makes a tremendous difference. This is similar to the reason why browsing websites which are close to you network-wise is much faster - even though the bandwidth you have is the same - the client/server latency due to the network affects the time it takes you to negotiate (compare to 'seek') with the server the content you want. The more objects you want, the higher the latency, the slower the site will load. This is why using CDNs and reducing the number of HTTP requests (e.g. by using CSS Sprites) - help a lot in speeding websites. Second question: I must admit that I am a newbie with SSD, so this question might seem obvoious to others: I saw that inner SSD disks, which are sold in stores like KSP/Ivory, are in laptop form factor (2.5''). Is there some reason that there are no inner 3.5'' disks for Desktops (there are extenal SSD which can be , so I believe, used with desktops) ? Hard Drives have a reason to be large - they have a platter that occupies space. If you reduce the platter size, you need to enlarge the density, or add more platters - which adds thickness, noise, heat, and lowers your MTBF. Electronics nowdays are small and doesn't need all that... There's no point in making a large chassis just for the purpose of a large chassis... Is there something which prevent us from connecting 2.5'' inner SSD to a desktop (I mean STAT2- based or SATA3-based) ? Not really. The SATA is the same. Your only issue is fixating the drive to your PC chassis. Some computer cases have a special place for 2.5 drives for SSD (like my Antec 1200). Alternatively there are 3.5-2.5 adapters. But learn from someone who made a mistake (me ;)) - check before you buy that they're compatible with the screws location of the SSD. HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
[no subject]
On Dec 27, 2012 11:54 AM, Geoffrey S. Mendelson geoffreymendel...@gmail.com wrote: They still are illegal here, and some manufacturers simply don't sell those devices here (for example the Apple routers), or sell special 802.11n devices without the 5gHz channels. Sure they are? http://www.moc.gov.il/sip_storage/FILES/1/1061.pdf -- Shimi * sent from mobile device ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Android phone question
On Mon, Nov 12, 2012 at 11:30 PM, Steve G. word...@gmail.com wrote: I hear Samsung Galaxy 2 is good, but I don't know if it has a GPS or whether programming for it is the same as for the later models (can it take the latest dessert-OS from Google?) - any better suggestions? SGS2 is upgraded by the manufacturer themselves to 4.0.x, which is pretty modern (depending who you ask :)). You can of course run your own firmware at your own risk (i.e. cyanogenmod). Of course it has GPS. Up not until a while ago, it probably was the best-spec phone you could get... :) (IMHO, and including Apple's white bricks) Any recommended calling plan (remember, the 054 number probably limits me to Orange)? Any way to do it without breaking the bank? For a few years now, Israel has Number Portability. You don't have to stick with Orange. You can go to whichever company you want, as long as your line is not a pre-paid one (and if it is, you can convert it to a non pre-paid one for last one time fee for your current provider, and then port your number to a cheaper/better provider). The cheap ones nowdays are Golan, Hot Mobile, YouPhone and Rami Levi, all depending on your usage patterns. (e.g. if you SMS a lot but talk a little, Golan is probably best. If you talk a lot, SMS a little, Hot would be cheaper. And if you do both [or use tons of 3G], one of the 'unlimited' offers of any one of them... would be better). HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Android phone question
On Tue, Nov 13, 2012 at 6:59 AM, Steve G. word...@gmail.com wrote: If I want to play with programming the phone - installing an app, not changing the OS - do I risk bricking the phone, or is there a sandbox for dummies to play with? Do I need a special toolkit? You can create your own APK with whatever way you see fit (there are SDK's, automatic app generators, and what not, a simply Google search will find them all for you) - and then you have two options: 1. Create a Google Play account (one time fee), upload your app to the Google Play store, and then install it just like any other app on any phone 2. Set the phone to accept ANY package, and then simply put it on some server (or upload it to the phone), and browse to it. It is advisable [at least by me] to turn off that feature once your app has been installed, to avoid installing other apps from the net by mistake... There are also Android emulators that you could run on your own PC to test apps prior to uploading them to the phone. Android has a permissions system - if you didn't ask for a permission to do something in the manifest, the app won't be able to do it. Those can be very specific. For example, if you don't allow access to storage - your app can't touch the storage (at least allegedly ;)). When you install an app, the phone prompts you which privileges it wants, and you may decided whether you want to install that app or not. (the dangerous combinations are 'full internet access' with 'access to personal stuff' such as USB Storage or Contacts List. also services that cost you money if you don't have an unlimited package, or you do, but your line is open to premium services or int'l calling...) HTH, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Samba permission problem
On Sun, Nov 4, 2012 at 1:06 AM, Shlomo Solomon shlomo.solo...@gmail.comwrote: I have a partition on my computer defined as a share on Samba. A user on another machine can read and create files. Files are created as rw-r--r-- as intended. But even though the user can create a file, the new file can't be saved after editing/changing it. By the user? Maybe it's a locking issue. Did you try on very simple programs, such as Notepad, that does not use lockfiles? I've looked at all the Samba parameters I could think of but can't find anything. If you're looking at locks, you should check the oplocks parameters... See: http://oreilly.com/catalog/samba/chapter/book/ch05_05.html BTW - I always thought that w allows creating and also updating existing files. What am I missing here? In Linux you're (AFAIK) right, but there's another OS here, that may not be working the same way you think :) I am assuming you already increased verbosity levels and tried to check the samba logs for the specific client, to see any errors there? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Samba permission problem
On Sun, Nov 4, 2012 at 2:14 AM, Shlomo Solomon shlomo.solo...@gmail.comwrote: It's not a lock problem (see further details below) and the other machine is also Linux. Just to be a bit clearer, if I open Kwrite on the other (Linux) machine, write some text and save as to the shared partition, the file is created. If I now make a change to the file and try to save, I get an error message saying I don't have permission (sorry, I don't remember the exact message and am not at the other machine right now). My bad for assuming you're using Samba to share with Windows :) I googled for how Kwrite saves a file, and found someone who said (although that he's not sure) that Kwrite first writes the file with a new name, and when that's success, it renames the file to the old name. (myself adding: since a rename is an atomic operation, that means that you can never end up with a truncated file, even in a filesystem full situation...) If that is true (sorry, going to sleep, won't be doing straces now), then you may be effectively trying to overwrite a file that is currently open (as per samba), which is similar to a lock. What happens if you save a file, close kwrite, verify that the connection is dead in smbstatus, and then try to echo bla bla filename? Does that fail to with a permission problem? And again, look at the verbose logs :) -- Shimi P.S. If you're sharing Linux to Linux only, NFS will probably give you better performance... ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Fortigate router, and security attacks
On Mon, Oct 22, 2012 at 11:13 AM, ik ido...@gmail.com wrote: Hello, I have a network with Fortigate router, active firewalls and the network itself is under NAT. It recently started to get attacked by external class A IP's (several of class A based IP blocks). We scan from outside, the network, the whole IP addresses of the network itself (that should go inside), and they are not visible from outside (except for a handful of IP addresses). The thing is, that they arrive to servers inside the network, and constantly try to attack them, scan them etc, while we see the external IP addresses of the attackers. The network contain Windows, Linux and Mac OS X machines (almost all of the desktops are Windows, and few Mac OS X). I'm looking for better ideas on what can be checked in that matter, to better understand from where they are coming from, or to figure out what is the vulnerability they are exploiting. If I'm reading you correctly - you're saying that internal IPs get connection attempts from the outside EVEN THOUGH they're not supposed to? (there's no NAT rule that sends an external IP to in internal one)? If so - are you sure they're _attacking_ you? Absolutely positive that what you're seeing is NOT returning packets for packets that have originated from YOUR network? (could be internal computers with malware...) The reason I'm asking, is, that for a new connection to be established to a machine behind NAT, you would need the NAT router to explicitly DNAT the traffic to the internal scope. If you didn't do that - it's very weird to see new sessions traversing the NAT router... However, if I am not reading you correctly, and you did open access to the internal network with DNAT rules, then I am not sure I understand what you're actually asking - it seems it works as expected? Please explain what do you mean by 'where they are coming from' - I think you already answered the question yourself (several of class A based...) So, please clarify the scenario more precisely. :) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Fortigate router, and security attacks
On Tue, Oct 23, 2012 at 7:40 PM, ik ido...@gmail.com wrote: If so - are you sure they're _attacking_ you? Absolutely positive that what you're seeing is NOT returning packets for packets that have originated from YOUR network? (could be internal computers with malware...) I see the automated scanners in the log, trying to do stuff, but they are very narrow cans for specific tasks of specific servers. For example attempting to connect to SIP extensions on Asterisk and try to dial. I can only answer to the scenario's you're giving. So I'll have to start with SIP. SIP as a protocol has a feature that allows you to re-route the RTP stream over the fly between different endpoints. Common case I can think of: * Your Asterisk box is connecting to an external SIP termination service; * Your Asterisk has canreinvite=1 for endpoints. * You start a call to a number that belongs on the SIP termination service trunk * The call is answered * If the endpoint can reach the Internet, there's really no point in sending all the RTP traffic through Asterisk (unless it's doing MeetMe conferencing, IVR et al...) * SIP renegotiates the streams to go directly from your endpoint to the media gateway on the other side * Your firewall is SIP aware, reads the traffic, allows RTP to 'punch a hole through the firewall' - even though you have no specific rule. (search for SIP ALG (=Application Level Gateway) in your FW settings) * The RTP stream could look like an attack attempt of UDP traffic at a random high port number... Makes any sense? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced routing q
On Wed, Sep 5, 2012 at 8:28 AM, Erez D erez0...@gmail.com wrote: On Mon, Aug 20, 2012 at 10:52 AM, shimi linux...@shimi.net wrote: On Aug 20, 2012 9:34 AM, Erez D erez0...@gmail.com wrote: hello i have a server with two eth ports, each connects to a different router, and then to the internet. i want all normal trafic to the internet to go via router 1 (eth0), so i added a default route to it i want connections TCP coming from all over the internet to the second router(eth1), to be accepted. the problem is that altough connections are coming from eth1, due to the default route, they are answered from eth0, which means a tcp connection can not be established. i know that linux has a conntrack module, can i use it to tell the kernel to answer on the same eth it got SYN from ? Are the two ports on the same netblock? what do you mean by that ? I mean that one is 10.1.2.3 with netmask 255.255.255.0 and the other is 10.1.2.4 with netmask 255.255.255.0, for example. That means that they're both on the same network block. If so, can they be separated to two non overlapping blocks? didn't get that So that one would be 10.1.2.3 with netmask 255.255.255.0 and the other would be 10.1.3.3 with netmask 255.255.255.0 i have many clients from many differnet ips connecting to my server. the server has two eth interfaces, with many ports open. there is no relation between eth and port, the same port can receive connections from either interface. i just want to route the relayed packets of the same connection to the eth the syn packet came from. So, the solution I gave you in the original mail is supposed to work. I only forgot one word in the command I gave over mobile, so now I'll give the full solution when it's easier to type. Variables (assumptions) : IP address currently going through DGW that shouldn't be: 1.2.3.4 Alternative gateway for 1.2.3.4: 1.2.3.254 First, create an alternative routing table for traffic coming from the IP that is not supposed to go to the default GW: # ip route add 0.0.0.0/0 via 1.2.3.254 table 200 Then, ask Linux to use that routing table whenever the source of the traffic is from 1.2.3.4: # ip rule add from 1.2.3.4 table 200 200 is an arbitrary number. You could use an alias for it to look nicer; If you want that, you can alias a name to a number by editing /etc/iproute2/rt_tables. There are examples there you can copy from. If you have an alias for the number, you can use it in both the ip route and ip rule commands, instead of the number. That's it, I believe. If it still doesn't work, you may be looking at the route cache. You can wait some time, or issue an: # ip route flush cache If it still doesn't work (or commands fail...), be sure to have iproute2 utilities and support in the kernel. Good luck, -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Bphone Asterisk Hack?
On Mon, Sep 3, 2012 at 7:13 AM, Geoffrey S. Mendelson geoffreymendel...@gmail.com wrote: Anyone know of a way to get Asterisk to use BEZEQ's BPhone? I do not have an android or iOS device. I need to keep a real BEZEQ landline, but having it on my asterisk system would be really helpful. I know about FXO cards, but the days of $10 ones are long gone. The only ones I could find were well over $100. :-( Short Google search sent me to a blog post of a member of the Linux-IL community: http://benhamo.org/wp/%D7%90%D7%99%D7%9A-%D7%9C%D7%94%D7%A4%D7%A2%D7%99%D7%9C-%D7%90%D7%AA-%D7%94-bphone-%D7%A9%D7%9C-%D7%91%D7%96%D7%A7-%D7%91%D7%9C%D7%99%D7%A0%D7%95%D7%A7%D7%A1/ It does not explicitly talk about Asterisk, but, I believe that once you have the SIP credentials, you would manage to create a SIP trunk yourself... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Bphone Asterisk Hack?
On Mon, Sep 3, 2012 at 7:47 AM, shimi linux...@shimi.net wrote: On Mon, Sep 3, 2012 at 7:13 AM, Geoffrey S. Mendelson geoffreymendel...@gmail.com wrote: Anyone know of a way to get Asterisk to use BEZEQ's BPhone? I do not have an android or iOS device. I need to keep a real BEZEQ landline, but having it on my asterisk system would be really helpful. I know about FXO cards, but the days of $10 ones are long gone. The only ones I could find were well over $100. :-( Short Google search sent me to a blog post of a member of the Linux-IL community: http://benhamo.org/wp/%D7%90%D7%99%D7%9A-%D7%9C%D7%94%D7%A4%D7%A2%D7%99%D7%9C-%D7%90%D7%AA-%D7%94-bphone-%D7%A9%D7%9C-%D7%91%D7%96%D7%A7-%D7%91%D7%9C%D7%99%D7%A0%D7%95%D7%A7%D7%A1/ It does not explicitly talk about Asterisk, but, I believe that once you have the SIP credentials, you would manage to create a SIP trunk yourself... Replying to myself after reading ALL the talkbacks (and not just the first 'thanks, it works' ones) - It seems that Bezeq found out that people managed to make the service USEFUL to them, and as this is Bezeq, they didn't like it very much (they appear to prefer people will NOT pass minutes through them...), and at least according to the talkbacks, the authentication is now a rolling password... that's a shame :( -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: advanced routing q
On Aug 20, 2012 9:34 AM, Erez D erez0...@gmail.com wrote: hello i have a server with two eth ports, each connects to a different router, and then to the internet. i want all normal trafic to the internet to go via router 1 (eth0), so i added a default route to it i want connections TCP coming from all over the internet to the second router(eth1), to be accepted. the problem is that altough connections are coming from eth1, due to the default route, they are answered from eth0, which means a tcp connection can not be established. i know that linux has a conntrack module, can i use it to tell the kernel to answer on the same eth it got SYN from ? Are the two ports on the same netblock? If so, can they be separated to two non overlapping blocks? If so, I believe that would solve your problem... Otherwise, two listeners and an 'ip rule from 2nd ip lookup alt. routing table'[*], would probably do the trick... [*] syntax by heart, consult man page to be sure -- Shimi from Samsung Galaxy S II ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: mobile service providers updates
Yes. You got Golan's MNC code wrong. You wrote Pelephone's MNC as Golan's code. The correct code is 08. Sorry for top posting, sent from mobile due to urgency... -- Shimi from Samsung Galaxy S II On Aug 7, 2012 3:07 PM, Tzafrir Cohen tzaf...@cohens.org.il wrote: Hi I figured I'd submit an update to the service providers database[1]. From a quick search (using e.g. [2] and [3]) I got the following. Any comments and fixes before I submit it? diff --git a/serviceproviders.xml b/serviceproviders.xml index a624d35..9c44e8f 100644 --- a/serviceproviders.xml +++ b/serviceproviders.xml @@ -4895,6 +4895,45 @@ conceived. /apn /gsm /provider + provider + nameGolanTelecomm/name + gsm + network-id mcc=425 mnc=03/ + apn value=internet.golantelecomm.net.il + plan type=postpaid/ + usage type=internet/ + name3G/name + usernamepcl@3g/username + passwordpcl/password + /apn + /gsm + /provider + provider + nameHot Mobile/name + gsm + network-id mcc=425 mnc=07/ + apn value=net.hotm + plan type=postpaid/ + usage type=internet/ + name3G/name + username/username + password/password + /apn + /gsm + /provider + provider + nameRami Levi/name + gsm + network-id mcc=425 mnc=03/ + apn value=internet.rl + plan type=postpaid/ + usage type=internet/ + name3G/name + usernamerl@3g/username + passwordrl/password + /apn + /gsm + /provider /country !-- Isle of Man -- [1] https://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders [2] http://wiki.apnchanger.org/Israel [3] http://www.iopanel.net/forum/thread46469.html -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il || a Mutt's tzaf...@cohens.org.il || best tzaf...@debian.org|| friend ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: extra bytes in zip archive when used with logrotate
On Mon, Aug 6, 2012 at 5:35 PM, Oleg Goldshmidt p...@goldshmidt.org wrote: $ unzip -l file.log.zip Archive: file.log.zip warning [file.log.zip]: 16 extra bytes at beginning or within zipfile (attempting to process anyway) Length DateTimeName - -- - 71992 08-06-2012 16:05 zipit.10182 - --- 71992 1 file and the archive cannot be opened: Maybe I missed it, but, what _are_ the first 16 bytes? Anything interesting? It sounds like something is sent to the zip that is not supposed to be sent there, e.g. redirect from stderr, like a notice going there. Any chance those 16 bytes are human readable ASCII? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: extra bytes in zip archive when used with logrotate
On Mon, Aug 6, 2012 at 7:16 PM, Oleg Goldshmidt p...@goldshmidt.org wrote:
shimi linux...@shimi.net writes:
On Mon, Aug 6, 2012 at 5:35 PM, Oleg Goldshmidt p...@goldshmidt.org
wrote:
$ unzip -l file.log.zip
Archive: file.log.zip
warning [file.log.zip]: 16 extra bytes at beginning or within
zipfile
(attempting to process anyway)
Length DateTimeName
- -- -
71992 08-06-2012 16:05 zipit.10182
- ---
71992 1 file
and the archive cannot be opened:
Maybe I missed it, but, what _are_ the first 16 bytes? Anything
interesting? It sounds like something is sent to the zip that is not
supposed to be sent there, e.g. redirect from stderr, like a notice
going there. Any chance those 16 bytes are human readable ASCII?
Hmm... It never occurred to me to check because the warning does not
say that the extra bytes are at the beginning - it says at beginning
or within. This seems to be consistent with the unzip code that
outputs the warning when some combination of offsets does not look
right (maybe I missed something but it didnt look like the beginning
of the file was specificlly checked).
I will only regain access to the test system on Wednesday - will od or
similar then.
Good point. Though if my direction is true, good chances are that it will
be in the beginning or the end, no? I guess 'strings' can be used, too :-)
Actually, thinking it further, ZIP's directory ('filesystem'), AFAIK, is at
the end of the file, and you get the error even with listing only. Maybe
gibberish went to the end :-)
-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: extra bytes in zip archive when used with logrotate
On Mon, Aug 6, 2012 at 9:15 PM, Oleg Goldshmidt p...@goldshmidt.org wrote: Now, while the problem is fixed I am not satisfied yet: 1) I have never had to add -q before: zip/unzip have always worked fine. Why now? The man page does not say anything really 2) It is my script that calls zip - it is not called by logrotate or anything: why piping from cat or gunzip (used by logrtate) works fine but piping from logrotate somehow causes the problem? Note also that the script does not zip stdin directly - it zips a file. Ideas (at no particular order...) : * Environment variables with default settings for various commands in the mess * Aliases existing on some user and not on the other * Running from shell vs. not from shell (related to above two) * being attached to a pty / not being (where does output go?) * a default of a tool may have changed, did you upgrade your system lately? * stdout / stderr redirections on various invocations Finally, strace is your friend, you can see how a process was called if you log strace output. Also, this could be nonsense, but, I note that your logrotate is with -v - I'm too tired to think, but maybe the logrotate verbosity goes into the mix... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sms via icq with the new mobile companies
On Sun, Aug 5, 2012 at 8:43 AM, sara fink sara.f...@gmail.com wrote: Shimi, thanks for the detailed info. The regular companies have some agreement with icq? We know that at some point cellcom stopped their service and it's possible to send free sms via their web site online. Ill check today with Rami Levi network. Yes, they have an agreement. See http://www.ynet.co.il/articles/0,7340,L-3828098,00.html -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sms via icq with the new mobile companies
On Sun, Aug 5, 2012 at 9:55 AM, Geoffrey S. Mendelson geoffreymendel...@gmail.com wrote: Yes, they have an agreement. See http://www.ynet.co.il/**articles/0,7340,L-3828098,00.**htmlhttp://www.ynet.co.il/articles/0,7340,L-3828098,00.html 1. That article is 2 and 1/2 years old. A lot may have changed since then. Perhaps, but no matter what, you cannot access a Telecom network subscriber without negotiating some agreement with the subscriber's network (or with someone else who has access to them). And if a subscriber network takes money for inbound access (and at least in Israel - they do...), if you want to send traffic to them FOR FREE, well, someone will have to make an agreement. It doesn't matter how old the article is. The above assertion will of course be void if and when the dmey kishuriyut will be 0 agorot per SMS. We are not there yet (nor is that planned for the near future, AFAIK). So far the cellular companies always charged from their peers the maximum possible by law. So to get there, it would probably require the MOC to decide that. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: sms via icq with the new mobile companies
On Sat, Aug 4, 2012 at 10:00 PM, Hetz Ben Hamo het...@gmail.com wrote: Hi, I imagine that some might work. Rami Levi is using Pelephone infrastructure, so it might work. Golan Telecom is using Cellcom's so this might not work (well, it still doesn't get my SMS from Google). IMHO the best is to test using Google SMS chat and try sending messages, see if those new numbers get those messages. Golan and Hot Mobile are using Cellcom/Pelephone's antennas, but that doesn't say anything besides that. Specifically, they (I'm sure about Golan, almost sure about Hot) have their own network switching cores (Golan purchased 2 of them from Nokia Siemens Networks), and that (AFAIK) includes the SMSC and MMSC gateways... so they're a completely different service provider, even though they share RF antennas while they build their own. Both Golan and Hot have a unique MNC[1] code. Rami Levi is indeed different, because they use Pelephone's switches. Still, I don't see any good reason for Pelephone to provide them connectivity to ICQ... every service they don't have to give to the virtual operators by law, there's no reason for them to help their competition... -- Shimi [1] http://en.wikipedia.org/wiki/Mobile_Network_Code ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Web gallery software
On Mon, Jun 25, 2012 at 10:49 PM, Mordechai Behar mordecha.be...@mail.huji.ac.il wrote: Hi Does anybody know/use any good, open source software for hosting a gallery on a web server? Ideally it should be: - indexed - searchable - easy to browse/navigate - have author pages - links to the same artwork in several sizes - and of course have different functionality for authors and people browsing. Thanks. There's of course http://gallery.menalto.com/ - not sure about author pages though I think it does everything else and more... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Astrerisk question, anyone sell a cellphone that can be used to make calls?
Be advised that this probably qualifies as non fair-use usage, which is forbidden in a clause in every unlimited contract I've seen to date (with Golan and Hot, I admit I haven't checked the more expensive deals of אפס), and as such, may be grounds for termination of your subscription -- Shimi Sent from mobile, sorry for top posting On Jun 10, 2012 2:10 PM, geoffrey mendelson geoffreymendel...@gmail.com wrote: Now that I can get a cell phone plan that gives me unlimited minutes and unlimited SMS's, does anyone know of a cell phone that can be connected to an asterisk system and used for outgoing (and possibly incoming) calls? Just to be clear, I don't want to run asterisk on a cell phone, I want to connect it to a server and use it to forward calls from within my system out via the cell phone. Thanks, Geoff. -- Geoffrey S. Mendelson, N3OWJ/4X1GM/KBUH7245/KBUW5379 To put it in terms everyone understands, the US debt is over 275 Facebooks. __**_ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-ilhttp://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Walla mail from Linux - Error 101 (net::ERR_CONNECTION_RESET) : The connection was reset.
On Mon, Jun 4, 2012 at 9:12 AM, Aharon Schkolnik schkol...@013.net wrote: ** On Thursday, May 31, 2012, shimi wrote: On Thu, May 31, 2012 at 2:19 PM, Oleg Goldshmidt p...@goldshmidt.org wrote: On Thu, May 31, 2012 at 2:10 PM, ronys ro...@gmx.net wrote: Looks like Walla's having electric problems at their servers: http://www.globes.co.il/news/article.aspx?did=1000753302 FWIW, I get connection reset *all the time* from various Google services - gmail, news, search, maps, youtube. I stopped raising a brow, just hit the try again button. It never occurred to me to suspect Linux (this looks to me a Google-specific issue) - I thought those were glitches in Google's massive datacenters... Or maybe in some Israeli cache or whatever. More likely than a Linux's fault, is faulty routers (or appliances) on your path to Google's servers, that think they're smarter than Internet endpoints, instead of just... routing traffic, what they were originally supposed to do. Sometimes it's those smart QoS boxes... Recently I did a very long debugging session on a customer of Netvision/Barak, and realized that their equipment doesn't like the advanced features enabled by Linux by default - the behavior of the ISP network changed as I modified the things below. I would start echoing 0 to numerous stuff under /proc/sys/net/ipv4/* to see if the problem alleviates. If the problem is related to one of these features, would that explain the instances where I can get an URL with wget, but not access it from a browser ? Yes, different apps can use different features of TCP. Actually, when I started this debugging what I was talking about, Telnet (from netkit-telnetd) to port 80 and access from FF, and MSIE, all behaved differently... Try tcpdump port 80 and compare the options... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: LDAP (Active Directory) and user statuses
On Fri, Jun 1, 2012 at 6:53 PM, ik ido...@gmail.com wrote: Thank you both, I'm thinking in forcing the DC to add me a property of login with boolean field or something like that, because as I understand, they do know if a user is logged in. For me the number of logins is not important, only that they are logged in somewhere. A typical Microsoft configuration would have more than one domain controller. In large organizations, you could have 20 of them. Not all of their data is necessarily synchronized (and clients contact DC's pretty much randomlly, either globally in the org, or within a Site, if that is configured right), and even when they do, this is not always in real time, there could be significant delays. Let's assume you manage to know that someone logged in. How do you know he logged out? If he turned off his computer, will he remain logged in forever? Points to take... (maybe you're trying to find the wrong solution to the problem, which I don't even know what is it?) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Walla mail from Linux - Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.
On Thu, May 31, 2012 at 2:19 PM, Oleg Goldshmidt p...@goldshmidt.org wrote: On Thu, May 31, 2012 at 2:10 PM, ronys ro...@gmx.net wrote: Looks like Walla's having electric problems at their servers: http://www.globes.co.il/news/article.aspx?did=1000753302 FWIW, I get connection reset *all the time* from various Google services - gmail, news, search, maps, youtube. I stopped raising a brow, just hit the try again button. It never occurred to me to suspect Linux (this looks to me a Google-specific issue) - I thought those were glitches in Google's massive datacenters... Or maybe in some Israeli cache or whatever. More likely than a Linux's fault, is faulty routers (or appliances) on your path to Google's servers, that think they're smarter than Internet endpoints, instead of just... routing traffic, what they were originally supposed to do. Sometimes it's those smart QoS boxes... Recently I did a very long debugging session on a customer of Netvision/Barak, and realized that their equipment doesn't like the advanced features enabled by Linux by default - the behavior of the ISP network changed as I modified the things below. I would start echoing 0 to numerous stuff under /proc/sys/net/ipv4/* to see if the problem alleviates. Start with disabling: TCP Timestamps TCP SYN Cookies Window Scaling Selective ACKs (SACKs) Also try MTU @ 1300 for the fun And if you have TCP Offloading... might want to disable that, too. It could be your NIC / NIC driver. Good luck :-) -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
