Re: Can a PHP script run in the background?
Great script! I just used it with the following text: Subject: Please Do Something for Polard Today Please do something for Polard today. You're welcome, Chaim On Wednesday 07 March 2007 12:51, Uri Even-Chen wrote: Hi people, I wrote a PHP program that sends E-mail to 121 E-mail addresses at once [http://www.speedy.net/knesset/]. The problem is, it takes many seconds until the program completes sending all the E-mails. I want to give the user an instant feedback, and send E-mails later (after the HTML output is complete). How do I do it? Can I postpone the mail sending function? My program calls sendmail 121 times, and I think that's the only slow part of the program. The rest is quite fast. Can I call sendmail in such a way that PHP will regain control right away? Or alternatively, can I run another PHP script in the background? Below is my mail sending script. Uri. ?php $tmp_addresses_clone= $tmp_addresses; // Flush the output buffer. ob_flush(); flush(); $tmp_count= count($tmp_addresses_clone); while ($tmp_count 0) { $tmp_random= rand(0, $tmp_count - 1); // Open Mail Command. $tmp_mail_command= '/usr/sbin/sendmail -f ' . $tmp_email . ' ' . $tmp_addresses_clone[$tmp_random] . ' /dev/null 21'; $tmp_mail_file_pointer= popen($tmp_mail_command, w); if ($tmp_mail_file_pointer) { // Print mail header. fputs($tmp_mail_file_pointer, From: . '=?UTF-8?B?' . base64_encode($tmp_name) . '?=' . ' ' . '' . $tmp_email . '' . \n); fputs($tmp_mail_file_pointer, To: . $tmp_addresses_clone[$tmp_random] . \n); fputs($tmp_mail_file_pointer, Subject: . '=?UTF-8?B?' . base64_encode($tmp_subject) . '?=' . \n); fputs($tmp_mail_file_pointer, MIME-Version: 1.0\n); fputs($tmp_mail_file_pointer, Content-Type: text/plain; charset=UTF-8\n); fputs($tmp_mail_file_pointer, \n); // Print mail body. fputs($tmp_mail_file_pointer, $tmp_content . \n); fputs($tmp_mail_file_pointer, \n); // Close file. pclose($tmp_mail_file_pointer); } echo ($tmp_addresses_clone[$tmp_random] . 'br' . \n); $tmp_addresses_clone[$tmp_random]= $tmp_addresses_clone[$tmp_count - 1]; unset($tmp_addresses_clone[$tmp_count - 1]); // Flush the output buffer. ob_flush(); flush(); $tmp_count= count($tmp_addresses_clone); } ? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Chaim Keren Tzion [EMAIL PROTECTED] +972-(0)54-465-2983 +972-(0)2-53-53-363 ICQ: 2076934 AIM: lifelionzionray MSN: [EMAIL PROTECTED] Yahoo: chakatz Skype: lionslife = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
apache behind firewall
Good day. I have apache server behind firewall, which block all incoming connection and allow all outgoing and I'd like to access it from outside Is it a way to access this apache server from outside ? (something like ssh's option -R ) Valery. It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Leumit not working in Firefox
Please call Leumit (1-700-705-705) and complain that they are idiots, er no, that Leumit.co.il does not work in Firefox. Specifically, the login page for blood checks is all M$-specific Javascript and it is impossible to use with Firefox, Opera, Konqueror, etc. They require 500 NIS of software (MS operating system) to use their website. The excuse they gave me was that this is to comply with Misrad Habriut requirements of security. The only other way to get the blood results is to call to request a fax. They send a Ishur Vitur Sodiut, which we must fax back, and then they send the results. Which is a pain for those who HAVE fax machines at home. What about those without? Thanks, group. Dotan Cohen http://lyricslist.com/ http://what-is-what.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
do I have some method to manipulating calling shell environment variables?
Hi list, I would like to make changes to my environment variables, using automation (script) that is called conditionally (that is after bashrc was sourced). Do I have some method of doing this in bash? The following obvious method sadly doesn't work: [EMAIL PROTECTED] builder]$ cat setenv.sh export TTOTHER=123 [EMAIL PROTECTED] builder]$ ./setenv.sh [EMAIL PROTECTED] builder]$ echo $TTOTHER -- Cheers, Maxim Veksler Free as in Freedom - Do u GNU ? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: do I have some method to manipulating calling shell environment variables?
Maxim Veksler wrote: Hi list, I would like to make changes to my environment variables, using automation (script) that is called conditionally (that is after bashrc was sourced). Do I have some method of doing this in bash? The following obvious method sadly doesn't work: [EMAIL PROTECTED] builder]$ cat setenv.sh export TTOTHER=123 [EMAIL PROTECTED] builder]$ ./setenv.sh [EMAIL PROTECTED] builder]$ echo $TTOTHER setenv.sh or source setenv.sh -- Meir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
On Mon, 12 Mar 2007, Valery Reznic wrote: Good day. I have apache server behind firewall, which block all incoming connection and allow all outgoing and I'd like to access it from outside Is it a way to access this apache server from outside ? (something like ssh's option -R ) You are looking for port forwarding: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
--- Peter [EMAIL PROTECTED] wrote: On Mon, 12 Mar 2007, Valery Reznic wrote: Good day. I have apache server behind firewall, which block all incoming connection and allow all outgoing and I'd like to access it from outside Is it a way to access this apache server from outside ? (something like ssh's option -R ) You are looking for port forwarding: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html I saw this link before. Or I don't understand how can I use this HOWTO or I don't explain myself plain :( . Let me try again. There is computer A, Firewall F, and another linux box B A F - B Firewall allow only outgoing connection from A. Apache run on the box A. I'd like to do port forwarding (or something), so http://B... will work, accessing apache on box A. It's looks for me, that this HowTo describe how do port forwarding if you got incoming connection. But I haven't. Am I miss something ? Valery Peter Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Can I disable kernel switching?
Hi all! Here at work, we would like to test our two-ports network card using a loopback self-test. What we want to do is to connect a cable between the two ports and transfer packets from one port to the other. However, if we say assign the first port the Interface of eth1 and the IP of $IP1, and the second one the interface of eth2 and the IP of $IP2, then when transferring packets from $IP1 to $IP2 the kernel will transfer them directly in memory instead of over the wire. So, is there any way to disable this kernel switching at the kernel level, so we can still use higher-level protocols such as TCP/IP? Regards, Shlomi Fish -- -- Shlomi Fish http://www.shlomifish.org/ If his programming is anything like his philosophising, he would find 10 imaginary bugs in the Hello World program. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
On Mon, Mar 12, 2007 at 08:47:33AM -0700, Valery Reznic wrote: --- Peter [EMAIL PROTECTED] wrote: On Mon, 12 Mar 2007, Valery Reznic wrote: Good day. I have apache server behind firewall, which block all incoming connection and allow all outgoing and I'd like to access it from outside Is it a way to access this apache server from outside ? (something like ssh's option -R ) You are looking for port forwarding: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html I saw this link before. Or I don't understand how can I use this HOWTO or I don't explain myself plain :( . Let me try again. There is computer A, Firewall F, and another linux box B A F - B How about: - On B, do ssh [EMAIL PROTECTED] -L80:localhost:80 -Nf - Next, any connections to B, port 80 will be forwarded to port 80 on A. - Of course, this requires SSH open on the FW on A, allowing incoming connections. Another option, done solely from A is (better suits your requirements, I think): - On A, do ssh [EMAIL PROTECTED] -R80:localhost:80 -Nf Try with caution - I'm not 100% sure of the above. Boaz. Firewall allow only outgoing connection from A. Apache run on the box A. I'd like to do port forwarding (or something), so http://B... will work, accessing apache on box A. It's looks for me, that this HowTo describe how do port forwarding if you got incoming connection. But I haven't. Am I miss something ? Valery Peter Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: do I have some method to manipulating calling shell environment variables?
Meir Kriheli wrote: Maxim Veksler wrote: Hi list, I would like to make changes to my environment variables, using automation (script) that is called conditionally (that is after bashrc was sourced). Do I have some method of doing this in bash? The following obvious method sadly doesn't work: [EMAIL PROTECTED] builder]$ cat setenv.sh export TTOTHER=123 [EMAIL PROTECTED] builder]$ ./setenv.sh [EMAIL PROTECTED] builder]$ echo $TTOTHER setenv.sh or source setenv.sh -- Meir Sorry for replying to my own post, but looks like the list manager removed the dot at the beginning of the 1st method (something to do with list commands maybe ?). It appears in my sent folder. It should be: . setenv.sh Testing: setenv.sh Cheers -- Meir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: sendmail question - discard messages on out of disk
On 05/03/07, Jonathan Ben Avraham [EMAIL PROTECTED] wrote: Hi Amos, I don't know how to answer your question inside Sendmail. Hi Jonathan, sorry for getting back so late - very limited access to GMail in the last couple of weeks. I would opt for a (simple and dirty) solution outside of Sendmail using a milter script in Perl that checks disk space and returns a service temporarily unavailable error in the event that there is no space left. Not elegant but easily maintainable by the next engineer. My 2c, Thanks . I'll try to look into that. Basically - this is NOT what I want - sendmail already have directives to temporarily reject e-mails on grounds of limited disk space. But your pointer to milter might stear me in the right direction. Can milter just drop the e-mail to /dev/null AFTER sendmail confirmed its receipt to the sender? Again - the e-mails in this mailbox are spam reports which are better dropped instead of waiting in a queue. Thanks, --Amos
Re: apache behind firewall
On 13/03/07, Valery Reznic [EMAIL PROTECTED] wrote: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html I saw this link before. Or I don't understand how can I use this HOWTO or I don't explain myself plain :( . Let me try again. There is computer A, Firewall F, and another linux box B A F - B Firewall allow only outgoing connection from A. Apache run on the box A. I'd like to do port forwarding (or something), so http://B... will work, accessing apache on box A. It's looks for me, that this HowTo describe how do port forwarding if you got incoming connection. But I haven't. You want that http://B will reach A, *without* configuring firewall F to allow incoming connections? Then you'll have to find a way to punch a hole by opening a tunnel from A to B and try to transfer the incoming HTTP connections on top of that. As you describe, ssh might be your friend - open an SSH connection from A to B with the -R option (run it on A), something like: ssh -R 80:127.1:80 [EMAIL PROTECTED]. You need to be root on B to be able to bind to privileged ports and make sure that nothing else listens on port 80 on B. autossh (http://www.harding.motd.ca/autossh/, also has a Debian package) might be a good way to keep this tunnel persistent. Am I miss something ? Apparently not - you already got the answer yourself with SSH. If you tried this and failed then give more details - what have you executed and what was the outcome (e.g. output, behaviour). --Amos
Re: Just another project management question
On 27/02/07, Oded Arbel [EMAIL PROTECTED] wrote: I'm looking for a project management software that I can run on my Linux box as well as have my partners use on their windows platform (or interoperate using some standard file format). The main problem I'm having is that we have a few large projects detailed in Microsoft Project format - do anyone know how one can get the data out of those files and into something useful? See http://en.wikipedia.org/wiki/List_of_project_management_software GanttProject's wikipedia page claims that it can import/export MS Project files, maybe other packages in that list can too. --Amos
Re: Can I disable kernel switching?
On Monday, 12 בMarch 2007, Shlomi Fish wrote: Here at work, we would like to test our two-ports network card using a loopback self-test. What we want to do is to connect a cable between the two ports and transfer packets from one port to the other. However, if we say assign the first port the Interface of eth1 and the IP of $IP1, and the second one the interface of eth2 and the IP of $IP2, then when transferring packets from $IP1 to $IP2 the kernel will transfer them directly in memory instead of over the wire. So, is there any way to disable this kernel switching at the kernel level, so we can still use higher-level protocols such as TCP/IP? First, terminology: s/switching/forwarding/ Either: echo 0 /proc/sys/net/ipv4/ip_forward Or the equivalent: sysctl -w net.ipv4.ip_forward=0 Now you can send/receive packets from all your network interfaces but there's no routing for packets among them. Bye, -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron ICQ UIN: 16527398 If I have been able to see farther, it was only because I stood on the shoulders of giants. -- Sir Isaac Newton = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Configuring BIND - DNS server
OK, I understand. Thanks. I'm not going to change the current configuration right away, but I took this issue into account. Currently it's technically too complicated and time consuming to run 2 separate BIND servers on the same machine, and I only have one IP address. But if there will be an issue of abuse or performance, I will consider changing the current configuration. Uri. On 3/11/07, Ariel Biener [EMAIL PROTECTED] wrote: On Sunday 11 March 2007 12:13, Uri Even-Chen wrote: Of course I want to learn, but I don't understand what's wrong with the current configuration. And also, many technical people forget that hardware costs money. 2 servers would cost me double; 3 servers would cost me 3 times etc. I'm not Google, I don't have millions of servers. If I can save money by putting everything on one single server, and if it works - then what's wrong with it? I don't see any problem with solving domain names recursively while being open to queries from the entire world. And of course no one said that you need to buy more hardware, just run two BIND servers on the same machine, each bound to its own IP address... Of course, if my service was abused and things were not working, that's a different issue. But since it works, I don't see any reason to change the current configuration. I don't agree with your opinion that my current configuration is wrong. How would you even know if your service is abused ? Are you waiting for it to be abused ? What kind of technical (or management) decision is this ? But since you think it's my opinion, let me quote a few other opinions: http://www.zytrax.com/books/dns/ch4/ Note: Running any DNS server that does not require to support recursive queries for external users (an Open DNS) is a bad idea. While it may look like a friendly and neighbourly thing to do it carries with it a possible threat from DoS attacks and an increased risk of cache poisoning. The various configurations have been modified to reflect this. http://articles.techrepublic.com.com/5100-1035_11-5860968.html http://www.sprintlink.net/faq/dns.html http://net.berkeley.edu/DNS/recursion-detail.shtml It is possible to have both authoritative and caching functions running on the same DNS server, and this was typical in the early days of the DNS. More recently it has become a best practice to separate these functions, and IST did this a few years ago. More information on our DNS servers can be found here (http://net.berkeley.edu/DNS/campus.shtml) http://cr.yp.to/djbdns/separation.html The importance of separating DNS caches from DNS servers DNS caches should always have separate IP addresses from DNS servers. In other words, the IP addresses listed in /etc/resolv.conf should never match any IP addresses listed in NS records. This separation is widely recognized as the right way to run DNS. As stated in the ``DNS and BIND'' book, third edition, ``Securing Your Name Server,'' page 255: Some of your name servers answer nonrecursive queries from other name servers on the Internet, because your name servers appear in NS records delegating your zones to them. ... You should make sure that these servers don't receive any recursive queries (that is, you don't have any resolvers configured to use these servers, and no name servers use them as forwarders). Now, I can go on and quote tens of other resources on proper DNS configuration, however, I hope you get the picture. If I wanted I could change the current configuration and use Netvision's name servers to resolve domain names, and my own name server only as an authoritative name server. It wouldn't cost me more money. But would my server perform better? I'm not sure. Doron Shikmoni told me not to use Netvision's servers, and I guess he is right. Doron is right, and you should not point your nameservers to use the NV NSs, basically since every query will go over your link to them, which I assume is not LAN. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can I disable kernel switching?
Hi Oron! On 3/12/07, Oron Peled [EMAIL PROTECTED] wrote: On Monday, 12 בMarch 2007, Shlomi Fish wrote: Here at work, we would like to test our two-ports network card using a loopback self-test. What we want to do is to connect a cable between the two ports and transfer packets from one port to the other. However, if we say assign the first port the Interface of eth1 and the IP of $IP1, and the second one the interface of eth2 and the IP of $IP2, then when transferring packets from $IP1 to $IP2 the kernel will transfer them directly in memory instead of over the wire. So, is there any way to disable this kernel switching at the kernel level, so we can still use higher-level protocols such as TCP/IP? First, terminology: s/switching/forwarding/ Either: echo 0 /proc/sys/net/ipv4/ip_forward Or the equivalent: sysctl -w net.ipv4.ip_forward=0 Now you can send/receive packets from all your network interfaces but there's no routing for packets among them. Thanks! That's what I recalled, but I wasn't sure of. Regards, Shlomi Fish Bye, -- Oron Peled Voice/Fax: +972-4-8228492 [EMAIL PROTECTED] http://www.actcom.co.il/~oron ICQ UIN: 16527398 If I have been able to see farther, it was only because I stood on the shoulders of giants. -- Sir Isaac Newton -- -- Shlomi Fish http://www.shlomifish.org/ If his programming is anything like his philosophising, he would find 10 imaginary bugs in the Hello World program.
Re: Can I disable kernel switching?
On 13/03/07, Oron Peled [EMAIL PROTECTED] wrote: First, terminology: s/switching/forwarding/ Either: echo 0 /proc/sys/net/ipv4/ip_forward Or the equivalent: sysctl -w net.ipv4.ip_forward=0 Now you can send/receive packets from all your network interfaces but there's no routing for packets among them. I think what the Shlomi was refering to is that the kernel will automatically optimize away the hardware layer because it knows that the address it sends to is actually its own. I'm not 100% sure he's right (it used to be that you had to have an additional routing entry to achieve that on old systems, and as far as I remember today's kernels are smart enough to do that automatically), but if he is - is there a way to prevent this? What puzzels me in the original question is: level, so we can still use higher-level protocols such as TCP/IP? What did you mean by that? The question seemed to be at the IP/ethernet level until now, TCP should go wherever IP will boldly take it --Amos
Re: Fax over VoIP
On 11/03/07, Geoffrey S. Mendelson [EMAIL PROTECTED] wrote: None of the people responding that had cable modems were able to do it. HOT technical support told me that it did not work due to the design of their network. I looked this too - I have a SIP VoIP line over ADSL at home which works great for voice but all the research I did about sending regular faxes over it suggests that if it works for you then you are a very lucky man - it mostly depends on your FAX machine and the quality of your ADSL connection because the specifications just don't add up (the combination of the sound quality of VoIP and the requirements for a proper fax transmission). The proper way to do that is to use a T.38 gateway so your T.38 FAX machine actually sends IP packets with the data to the gateway which will then convert it back to POTS analogue signal for the other side. (I use an HP PSC2410 all-in-one for faxing). --Amos
Re: Can I disable kernel switching?
On Monday 12 March 2007, Amos Shapira wrote: On 13/03/07, Oron Peled [EMAIL PROTECTED] wrote: First, terminology: s/switching/forwarding/ Either: echo 0 /proc/sys/net/ipv4/ip_forward Or the equivalent: sysctl -w net.ipv4.ip_forward=0 Now you can send/receive packets from all your network interfaces but there's no routing for packets among them. I think what the Shlomi was refering to is that the kernel will automatically optimize away the hardware layer because it knows that the address it sends to is actually its own. I'm not 100% sure he's right (it used to be that you had to have an Who do you mean by he? additional routing entry to achieve that on old systems, and as far as I remember today's kernels are smart enough to do that automatically), but if he is - is there a way to prevent this? What puzzels me in the original question is: level, so we can still use higher-level protocols such as TCP/IP? What did you mean by that? The question seemed to be at the IP/ethernet level until now, TCP should go wherever IP will boldly take it By TCP/IP I meant the entire protocol stack. Naturally if IP works then TCP will work as well. Regards, Shlomi Fish - Shlomi Fish [EMAIL PROTECTED] Homepage:http://www.shlomifish.org/ Chuck Norris wrote a complete Perl 6 implementation in a day but then destroyed all evidence with his bare hands, so no one will know his secrets. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: Configuring BIND - DNS server
You can enjoy the benefits of Ariel's configuration tips, without running two instances of Bind. Read on Bind's views feature (http://www.zytrax.com/books/dns/ch7/view.html). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uri Even-Chen Sent: Monday, March 12, 2007 7:37 PM To: Ariel Biener Cc: linux-il Subject: Re: Configuring BIND - DNS server OK, I understand. Thanks. I'm not going to change the current configuration right away, but I took this issue into account. Currently it's technically too complicated and time consuming to run 2 separate BIND servers on the same machine, and I only have one IP address. But if there will be an issue of abuse or performance, I will consider changing the current configuration. Uri. On 3/11/07, Ariel Biener [EMAIL PROTECTED] wrote: On Sunday 11 March 2007 12:13, Uri Even-Chen wrote: Of course I want to learn, but I don't understand what's wrong with the current configuration. And also, many technical people forget that hardware costs money. 2 servers would cost me double; 3 servers would cost me 3 times etc. I'm not Google, I don't have millions of servers. If I can save money by putting everything on one single server, and if it works - then what's wrong with it? I don't see any problem with solving domain names recursively while being open to queries from the entire world. And of course no one said that you need to buy more hardware, just run two BIND servers on the same machine, each bound to its own IP address... Of course, if my service was abused and things were not working, that's a different issue. But since it works, I don't see any reason to change the current configuration. I don't agree with your opinion that my current configuration is wrong. How would you even know if your service is abused ? Are you waiting for it to be abused ? What kind of technical (or management) decision is this ? But since you think it's my opinion, let me quote a few other opinions: http://www.zytrax.com/books/dns/ch4/ Note: Running any DNS server that does not require to support recursive queries for external users (an Open DNS) is a bad idea. While it may look like a friendly and neighbourly thing to do it carries with it a possible threat from DoS attacks and an increased risk of cache poisoning. The various configurations have been modified to reflect this. http://articles.techrepublic.com.com/5100-1035_11-5860968.html http://www.sprintlink.net/faq/dns.html http://net.berkeley.edu/DNS/recursion-detail.shtml It is possible to have both authoritative and caching functions running on the same DNS server, and this was typical in the early days of the DNS. More recently it has become a best practice to separate these functions, and IST did this a few years ago. More information on our DNS servers can be found here (http://net.berkeley.edu/DNS/campus.shtml) http://cr.yp.to/djbdns/separation.html The importance of separating DNS caches from DNS servers DNS caches should always have separate IP addresses from DNS servers. In other words, the IP addresses listed in /etc/resolv.conf should never match any IP addresses listed in NS records. This separation is widely recognized as the right way to run DNS. As stated in the ``DNS and BIND'' book, third edition, ``Securing Your Name Server,'' page 255: Some of your name servers answer nonrecursive queries from other name servers on the Internet, because your name servers appear in NS records delegating your zones to them. ... You should make sure that these servers don't receive any recursive queries (that is, you don't have any resolvers configured to use these servers, and no name servers use them as forwarders). Now, I can go on and quote tens of other resources on proper DNS configuration, however, I hope you get the picture. If I wanted I could change the current configuration and use Netvision's name servers to resolve domain names, and my own name server only as an authoritative name server. It wouldn't cost me more money. But would my server perform better? I'm not sure. Doron Shikmoni told me not to use Netvision's servers, and I guess he is right. Doron is right, and you should not point your nameservers to use the NV NSs, basically since every query will go over your link to them, which I assume is not LAN. --Ariel -- Ariel Biener e-mail: [EMAIL PROTECTED] PGP: http://www.tau.ac.il/~ariel/pgp.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Fax over VoIP
On Tue, Mar 13, 2007 at 05:18:47AM +1100, Amos Shapira wrote: The proper way to do that is to use a T.38 gateway so your T.38 FAX machine actually sends IP packets with the data to the gateway which will then convert it back to POTS analogue signal for the other side. It depends. IMHO the proper way would be a Hylafax gateway where you wanted to send the faxes. It will handle all of the functions of error recovery, resending incomplete faxes, busy signals etc. If you need to scan something to fax, you can scan it to a JPEG or TIFF file and use the convert command (which has been part of most Linux distros for a long time) to make a postscript file out of it. In the late 1990's someone set up a world wide network of free fax servers, but it never got very far. I think they have a gateway in Israel. It uses their own front end to Hylafax. Don't ask me what it is, I can't remember or I would have mentioned it by name. Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
Q1: what kind of firewall ? NAT ? direct ? stateless ? stateful ? Q2: what type ? (linux, router, bsd, cisco ...) Peter _ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Fax over VoIP
On Tue, 13 Mar 2007, Amos Shapira wrote: because the specifications just don't add up (the combination of the sound quality of VoIP and the requirements for a proper fax transmission). G711 is the SAME quality as POTS, or better. But you have to get rid of dropouts of any kind. Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: do I have some method to manipulating calling shell environment variables?
On 3/12/07, Meir Kriheli [EMAIL PROTECTED] wrote: Sorry for replying to my own post, but looks like the list manager removed the dot at the beginning of the 1st method (something to do with list commands maybe ?). It appears in my sent folder. It should be: . setenv.sh Testing: . setenv.sh Actually I got it ok the first time. I would like to comment that I had no idea source (.) actually runs the file it's sourcing. I was sure it's just a quick short cut to typing each command at the terminal. Because I've used it for something that is cool (IMHO) I would like to share with the list. I'm patching our dev's environment and was looking for a way to automate the PATH setup for them (taking into account that not all the devs are unix gurus). We are using subversion as the scm and scons as the builder. Note that the scons version is local, that is you get it with the source once you checkout, no install is needed (besides python, obviously). With the help you Meir and Peter I now have a setup the allows me to dynamically set the PATH variable once a developer cd's into the root of his checked-out working copy. The OS is RH 4 WS, the shell is bash. It's set up is the following way: $ cat /etc/profile.d/hooks.sh # Add custom hooks to user-activity in the shell export PROMPT_COMMAND='[[ -x Utils/bin/local_setup_bashenv.sh ]] source Utils/bin/local_setup_bashenv.sh' $ pwd /home/hq4ever/development/builder $ cat Utils/bin/local_setup_bashenv.sh #!/bin/bash for export_val in $(python Utils/bin/local_setup_environment.py); do export $export_val; done $ cat Utils/bin/ml_setup_environment.py #!/bin/python import os def find_svn_wcroot(): homedir_len=len(os.getenv('HOME').split('/')) cwddir_len=len(os.getcwd().split('/')) cwddir_text=os.getcwd() for i in range(cwddir_len, homedir_len, -1): if not os.path.exists('/'.join(cwddir_text.split('/')[:i]) + '/.svn'): return '/'.join(cwddir_text.split('/')[:i+1]) #else: #print 'Still ok: ' + '/'.join(cwddir_text.split('/')[:i]) + '/.svn' def setPATH(export_environment): try: os.getenv('PATH').split(':').index(find_svn_wcroot()+'/Utils/bin') except ValueError: export_environment['PATH']=[find_svn_wcroot()+'/Utils/bin'] + os.getenv('PATH').split(':') export_env = {} setPATH(export_env) #export_env['SOMEVAL']=['maxim'] for (k, v) in export_env.items(): print k + '=' + ':'.join(v) Note that I've only written it today and haven't actually tried to work with it, so bugs are real. Cheers -- Meir -- Cheers, Maxim Veksler Free as in Freedom - Do u GNU ? = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Leumit not working in Firefox
Hi, Fortunately, health care clinics in Israel are doing whatever they can to retain peoples, especially the young and healthy ones. If we can wrap the firefox requirement into something like the other health clinics _does_ allows clients to..., they would listen. So my questions are: 1. What on-line services other clinics allow (in comparison to the Leumit site)? 2. From which browser? -- Arieh On 3/12/07, Dotan Cohen [EMAIL PROTECTED] wrote: Please call Leumit (1-700-705-705) and complain that they are idiots, er no, that Leumit.co.il does not work in Firefox. Specifically, the login page for blood checks is all M$-specific Javascript and it is impossible to use with Firefox, Opera, Konqueror, etc. They require 500 NIS of software (MS operating system) to use their website. The excuse they gave me was that this is to comply with Misrad Habriut requirements of security. The only other way to get the blood results is to call to request a fax. They send a Ishur Vitur Sodiut, which we must fax back, and then they send the results. Which is a pain for those who HAVE fax machines at home. What about those without? Thanks, group. Dotan Cohen http://lyricslist.com/ http://what-is-what.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Arieh
Re: Just another project management question
ביום שני 12 מרץ 2007, 19:24, נכתב על ידי Amos Shapira: On 27/02/07, Oded Arbel [EMAIL PROTECTED] wrote: I'm looking for a project management software that I can run on my Linux box as well as have my partners use on their windows platform (or interoperate using some standard file format). The main problem I'm having is that we have a few large projects detailed in Microsoft Project format - do anyone know how one can get the data out of those files and into something useful? See http://en.wikipedia.org/wiki/List_of_project_management_software GanttProject's wikipedia page claims that it can import/export MS Project files, maybe other packages in that list can too. My list of Linux project management software, which I compiled quite a long ago, but always reverted to the infamous and impossible Microsoft project: * Dotproject.net * TaskJuggler * NetOffice And of course, there's always basecamp.. --y --Amos -- יובל To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
--- Boaz Rymland [EMAIL PROTECTED] wrote: On Mon, Mar 12, 2007 at 08:47:33AM -0700, Valery Reznic wrote: --- Peter [EMAIL PROTECTED] wrote: On Mon, 12 Mar 2007, Valery Reznic wrote: Good day. I have apache server behind firewall, which block all incoming connection and allow all outgoing and I'd like to access it from outside Is it a way to access this apache server from outside ? (something like ssh's option -R ) You are looking for port forwarding: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html I saw this link before. Or I don't understand how can I use this HOWTO or I don't explain myself plain :( . Let me try again. There is computer A, Firewall F, and another linux box B A F - B How about: - On B, do ssh [EMAIL PROTECTED] -L80:localhost:80 -Nf - Next, any connections to B, port 80 will be forwarded to port 80 on A. - Of course, this requires SSH open on the FW on A, allowing incoming connections. Another option, done solely from A is (better suits your requirements, I think): - On A, do ssh [EMAIL PROTECTED] -R80:localhost:80 -Nf Thank you, it did thet trick. I just don't realized before, that 'ssh -R' create prot forwardind for everything, I was thinking it can be used just for ssh itself. Valery. Try with caution - I'm not 100% sure of the above. Boaz. Firewall allow only outgoing connection from A. Apache run on the box A. I'd like to do port forwarding (or something), so http://B... will work, accessing apache on box A. It's looks for me, that this HowTo describe how do port forwarding if you got incoming connection. But I haven't. Am I miss something ? Valery Peter Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
--- Peter [EMAIL PROTECTED] wrote: Q1: what kind of firewall ? NAT ? direct ? stateless ? stateful ? A1: no idea Q2: what type ? (linux, router, bsd, cisco ...) A2: No idea. I just know, that all incoming connections are blocked. But never mind - ssh -R solve the problem Valery Peter _ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/features_spam.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
Valery Reznic wrote: [ snip ] http://tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html I saw this link before. Or I don't understand how can I use this HOWTO or I don't explain myself plain :( . Let me try again. There is computer A, Firewall F, and another linux box B A F - B How about: - On B, do ssh [EMAIL PROTECTED] -L80:localhost:80 -Nf - Next, any connections to B, port 80 will be forwarded to port 80 on A. - Of course, this requires SSH open on the FW on A, allowing incoming connections. Another option, done solely from A is (better suits your requirements, I think): - On A, do ssh [EMAIL PROTECTED] -R80:localhost:80 -Nf Thank you, it did thet trick. I just don't realized before, that 'ssh -R' create prot forwardind for everything, I was thinking it can be used just for ssh itself. Port forwarding simply does... port forwarding :-) , regardless of protocol used (above TCP level), HTTP in our case. A very powerful tool in your disposal, that's for sure. You can do magic or raise havoc(...) with it. Boaz. Valery. Try with caution - I'm not 100% sure of the above. Boaz. Firewall allow only outgoing connection from A. Apache run on the box A. I'd like to do port forwarding (or something), so http://B... will work, accessing apache on box A. It's looks for me, that this HowTo describe how do port forwarding if you got incoming connection. But I haven't. Am I miss something ? Valery Peter Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: apache behind firewall
--- Boaz Rymland [EMAIL PROTECTED] wrote: Thank you, it did thet trick. I just don't realized before, that 'ssh -R' create prot forwardind for everything, I was thinking it can be used just for ssh itself. Port forwarding simply does... port forwarding :-) , regardless of protocol used (above TCP level), HTTP in our case. Yes, I see it now. Before I expect this kind of functionality in protocol-neutral netcat or socat, but for some reason it's not there but in ssh. By the way, is ssh-client implement -R on it's own, or with cooperaion from sshd ? Valery. A very powerful tool in your disposal, that's for sure. You can do magic or raise havoc(...) with it. Ummm. I have root on both A and B, so I got a simpler way to raise havoc :) Valery Boaz. Valery. Try with caution - I'm not 100% sure of the above. Boaz. Firewall allow only outgoing connection from A. Apache run on the box A. I'd like to do port forwarding (or something), so http://B... will work, accessing apache on box A. It's looks for me, that this HowTo describe how do port forwarding if you got incoming connection. But I haven't. Am I miss something ? Valery Peter Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Leumit not working in Firefox
You may start open letter at http://www.iglu.org.il/wiki/index.php/Main_Page to support browser friendly sites. On 3/12/07, Arieh Skliarouk [EMAIL PROTECTED] wrote: Hi, Fortunately, health care clinics in Israel are doing whatever they can to retain peoples, especially the young and healthy ones. If we can wrap the firefox requirement into something like the other health clinics _does_ allows clients to..., they would listen. So my questions are: What on-line services other clinics allow (in comparison to the Leumit site)? From which browser?-- Arieh On 3/12/07, Dotan Cohen [EMAIL PROTECTED] wrote: Please call Leumit (1-700-705-705) and complain that they are idiots, er no, that Leumit.co.il does not work in Firefox. Specifically, the login page for blood checks is all M$-specific Javascript and it is impossible to use with Firefox, Opera, Konqueror, etc. They require 500 NIS of software (MS operating system) to use their website. The excuse they gave me was that this is to comply with Misrad Habriut requirements of security. The only other way to get the blood results is to call to request a fax. They send a Ishur Vitur Sodiut, which we must fax back, and then they send the results. Which is a pain for those who HAVE fax machines at home. What about those without? Thanks, group. Dotan Cohen http://lyricslist.com/ http://what-is-what.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] -- Arieh = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: Can I disable kernel switching?
On 13/03/07, Shlomi Fish [EMAIL PROTECTED] wrote: On Monday 12 March 2007, Amos Shapira wrote: On 13/03/07, Oron Peled [EMAIL PROTECTED] wrote: First, terminology: s/switching/forwarding/ Either: echo 0 /proc/sys/net/ipv4/ip_forward Or the equivalent: sysctl -w net.ipv4.ip_forward=0 Now you can send/receive packets from all your network interfaces but there's no routing for packets among them. I think what the Shlomi was refering to is that the kernel will automatically optimize away the hardware layer because it knows that the address it sends to is actually its own. I'm not 100% sure he's right (it used to be that you had to have an Who do you mean by he? You, Shlomi. I've since saw that you were satisfied with Oron's reply. I'm still curious, though - will the Linux kernel in your situation go through the hassle to assemble and transmit Ethernet frames or will it notice that it's actually sending to its own address and just say sod it - I'll just copy the buffer in memory (which is what I half expect)? --Amos
Re: Can I disable kernel switching?
Amos Shapira wrote: I'm still curious, though - will the Linux kernel in your situation go through the hassle to assemble and transmit Ethernet frames or will it notice that it's actually sending to its own address and just say sod it - I'll just copy the buffer in memory (which is what I half expect)? --Amos I haven't checked the kernel's code, but from what I know, Oron's solution will not work. I don't think there is a way to do what Shlomi is looking to do. The kernel views all IP addresses of all interfaces as his addresses. I know for a fact that, at least in the past, it would answer ARP requests destined for one of its interfaces, even if the request arrived on another interface. I don't remember at the moment for sure, but I think even the proxy arp would not affect this setting. One thing is for sure, though. If any kernel option will affect this case, it is proxy arp, and not IP forwarding. It's the layer 2 you wish to bypass, not the layer 3. One thing I would try is to send it to the broadcast address, rather than to the specific address for the other interface. This will, for sure, cause the packet to go out on the wire. You can disconnect the cable to find out whether it will also prevent the kernel from short-looping the packet. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]