Re: RavKav Online

[Amos Shapira]

I registered by Opal cards on the web site so it's possible to refill
online without a card reader.
If I haven't registered them then I can only refill them in a store with a
card reader.
(registering online also allows me to get auto-refill and have the credit
insured and reimbursed in case I report the card lost).
Are you saying that all users who want to refill by themselves have to own
a card reader?

On 8 March 2017 at 19:59, Efraim Flashner  wrote:

> $ ldd ravkavonline/usr/bin/ravkavonline
> linux-vdso.so.1 (0x7fffaf2df000)
> libpcsclite.so.1 => /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
> (0x7f665b623000)
> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
> (0x7f665b406000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f665b068000)
> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
> (0x7f665ae64000)
> librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1
> (0x7f665ac5c000)
> /lib64/ld-linux-x86-64.so.2 (0x5567dfd74000)
>
> libpcsc-lite.so.1 works with a smart-card reader. I have no idea where
> linux-vdso.so.1 is from, but the rest can be found in glibc (and with
> the license text suggesting the program is written in GO). I haven't
> checked out opal.com.au, but does it allow refilling your card from the
> website without a card reader?
>
>
> On Wed, Mar 08, 2017 at 03:21:05PM +1100, Amos Shapira wrote:
> > Why do they need a client anyway?
> > What does the special client do that a browser can't?
> >
> > I suppose the parallel here in Sydney is https://www.opal.com.au/ and it
> > all works from the browser.
> > Even the "mobile support" is just a mobile view of the same web site at
> > https://m.opal.com.au/
> >
> > On 8 March 2017 at 05:53, Daniel Shahaf  wrote:
> >
> > > Efraim Flashner wrote on Tue, Mar 07, 2017 at 14:56:17 +0200:
> > > > grumble grumble .deb only.
> > >
> > > It's a binary blob:
> > >
> > > % find
> > > .
> > > ./usr
> > > ./usr/bin
> > > ./usr/bin/ravkavonline
> > > ./usr/share
> > > ./usr/share/doc
> > > ./usr/share/doc/ravkavonline
> > > ./usr/share/doc/ravkavonline/LICENSE.txt
> > > ./usr/share/doc/ravkavonline/changelog.gz
> > > ./usr/share/applications
> > > ./usr/share/applications/ravkavonline.desktop
> > > % file usr/bin/ravkavonline
> > > usr/bin/ravkavonline: ELF 64-bit LSB executable, x86-64, version 1
> (SYSV),
> > > dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for
> GNU/Linux
> > > 2.6.32, BuildID[sha1]=3b16f56a9473ef060b60c7ae071ec861bb78e9ad,
> stripped
> > > % zcat ./usr/share/doc/ravkavonline/changelog.gz | wc -l
> > > 0
> > > %
> > >
> > > So yeah, it's a step in the right direction, but they have a lot of
> room
> > > for improvement.
> > >
> > > Somebody should reach out and ask them to improve things for 1.2.0.
> > >
> > > Cheers,
> > >
> > > Daniel
> > >
> > >
> > > > Still happy that we're at least represented.
> > > >
> > > >
> > > > On Tue, Mar 07, 2017 at 10:21:42AM +0200, Yehuda Deutsch wrote:
> > > > > Thanks,
> > > > >
> > > > > They finally identify the OS correctly in the website.
> > > > >
> > > > > Yehuda
> > > > >
> > > > > --
> > > > > *Yehuda Deutsch | IT Developer*
> > > > >
> > > > > On Tue, Mar 7, 2017 at 12:08 AM, Dimid Duchovny 
> > > wrote:
> > > > >
> > > > > > Just noticed this:
> > > > > > https://ravkavonline.co.il/releases/linux/
> > > > > >
> > > > > > 2016-02-15 22:38 GMT+02:00 Amichai Rotman :
> > > > > >
> > > > > >> Great Job, Yaron!
> > > > > >>
> > > > > >> Thanks!
> > > > > >>
> > > > > >> 2016-02-15 10:06 GMT+02:00 Yaron de Leeuw :
> > > > > >>
> > > > > >>> Hi.
> > > > > >>>
> > > > > >>> I have managed to get it working on ArchLinux, and adapting the
> > > solution
> > > > > >>> to
> > > > > >>> other distributions should be trivial.
> > > 

Re: RavKav Online

[Amos Shapira]

Why do they need a client anyway?
What does the special client do that a browser can't?

I suppose the parallel here in Sydney is https://www.opal.com.au/ and it
all works from the browser.
Even the "mobile support" is just a mobile view of the same web site at
https://m.opal.com.au/

On 8 March 2017 at 05:53, Daniel Shahaf  wrote:

> Efraim Flashner wrote on Tue, Mar 07, 2017 at 14:56:17 +0200:
> > grumble grumble .deb only.
>
> It's a binary blob:
>
> % find
> .
> ./usr
> ./usr/bin
> ./usr/bin/ravkavonline
> ./usr/share
> ./usr/share/doc
> ./usr/share/doc/ravkavonline
> ./usr/share/doc/ravkavonline/LICENSE.txt
> ./usr/share/doc/ravkavonline/changelog.gz
> ./usr/share/applications
> ./usr/share/applications/ravkavonline.desktop
> % file usr/bin/ravkavonline
> usr/bin/ravkavonline: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
> dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux
> 2.6.32, BuildID[sha1]=3b16f56a9473ef060b60c7ae071ec861bb78e9ad, stripped
> % zcat ./usr/share/doc/ravkavonline/changelog.gz | wc -l
> 0
> %
>
> So yeah, it's a step in the right direction, but they have a lot of room
> for improvement.
>
> Somebody should reach out and ask them to improve things for 1.2.0.
>
> Cheers,
>
> Daniel
>
>
> > Still happy that we're at least represented.
> >
> >
> > On Tue, Mar 07, 2017 at 10:21:42AM +0200, Yehuda Deutsch wrote:
> > > Thanks,
> > >
> > > They finally identify the OS correctly in the website.
> > >
> > > Yehuda
> > >
> > > --
> > > *Yehuda Deutsch | IT Developer*
> > >
> > > On Tue, Mar 7, 2017 at 12:08 AM, Dimid Duchovny 
> wrote:
> > >
> > > > Just noticed this:
> > > > https://ravkavonline.co.il/releases/linux/
> > > >
> > > > 2016-02-15 22:38 GMT+02:00 Amichai Rotman :
> > > >
> > > >> Great Job, Yaron!
> > > >>
> > > >> Thanks!
> > > >>
> > > >> 2016-02-15 10:06 GMT+02:00 Yaron de Leeuw :
> > > >>
> > > >>> Hi.
> > > >>>
> > > >>> I have managed to get it working on ArchLinux, and adapting the
> solution
> > > >>> to
> > > >>> other distributions should be trivial.
> > > >>> https://github.com/jarondl/ravkav_linux
> > > >>>
> > > >>> I have also emailed their support to ask for official linux
> packages,
> > > >>> and I encourage
> > > >>> you all to do so as well.
> > > >>>
> > > >>> Thank you Dimid Duchovny for finding the Mac OS installation
> package and
> > > >>> posting their url on the list.
> > > >>>
> > > >>> Yaron
> > > >>>
> > > >>
> > > >
> > > > ___
> > > > Linux-il mailing list
> > > > Linux-il@cs.huji.ac.il
> > > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> > > >
> > > >
> >
> > > ___
> > > Linux-il mailing list
> > > Linux-il@cs.huji.ac.il
> > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
> >
> > --
> > Efraim Flashner  אפרים פלשנר
> > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> > Confidentiality cannot be guaranteed on emails sent or received
> unencrypted
>
>
>
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sendmail or ssmtp or ??

[Amos Shapira]

Why do you need an SMTP server? You need an SMTP client talking to
whichever SMTP server your hosting provider provides you.
e.g. https://github.com/PHPMailer/PHPMailer (I only remember it because of
a security flaw published about it last week, but it's PHP so... meh.)

On 6 January 2017 at 07:34, Steve Litt  wrote:

> On Thu, 5 Jan 2017 14:45:58 +0100
> Tzafrir Cohen  wrote:
>
> > On Thu, Jan 05, 2017 at 02:44:00PM +0200, David Suna wrote:
> > > I have an Ubuntu machine that I am using to develop PHP based web
> > > application. I now need to configure it so that PHP can send out
> > > mail. The default seems to be to install sendmail. However, I have
> > > seen comments that sendmail is overkill and some references to
> > > ssmtp.
> >
> > The main difference is that ssmtp and nullmailer (and other similar
> > "sendmails") don't queue. This greatly simplifies them.
> >
> > >
> > > What would be the recommended way to configure this? Sendmail,
> > > ssmtp or something else?
> >
> > I tried using ssmtp for some servers. It lacked too many basic
> > features. Nullmailer came closer. I don't recall the specific issues
> > now, though. But I ended up using either postfix. Or even exim4 in
> > some cases where I didn't bother.
>
> Nullmailer queues. It doesn't perform some other SMTP functionalities,
> but it queues. You can see it happen by ls'ing the queue directory
> while sending a bunch of email with it.
>
> I've never been able to have Nullmailer deliver messages to my local
> machine, probably because I just don't know how.
>
> SteveT
>
> Steve Litt
> December 2016 featured book: Rapid Learning for the 21st Century
> http://www.troubleshooters.com/rl21
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: CentOS yum install problem

[Amos Shapira]

I'd also check that your DNS configuration haven't changed, e.g. try "host
mirrorlist.centos.org" and see if you can get it to resolve.

On 9 December 2016 at 08:35, Rabin Yasharzadehe  wrote:

> Seems right, try commenting the mirror line and use a direct URL, and see
> if it's help. You can also try using curl or wget to check if it's a
> network problem
>
> On Thu, 8 Dec 2016, 21:33 David Suna,  wrote:
>
>> I tried "yum clean all" but that didn't help. I am not sure how to tell
>> where the url's should be pointing. Here is what I have in CentOS-Base.repo
>>
>> # CentOS-Base.repo
>> #
>> # The mirror system uses the connecting IP address of the client and the
>> # update status of each mirror to pick mirrors that are updated to and
>> # geographically close to the client.  You should use this for CentOS
>> updates
>> # unless you are manually picking other mirrors.
>> #
>> # If the mirrorlist= does not work for you, as a fall back you can try the
>> # remarked out baseurl= line instead.
>> #
>> #
>>
>> [base]
>> name=CentOS-$releasever - Base
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever&arch=$basearch&repo=os&infra=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
>> enabled=1
>> gpgcheck=1
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #released updates
>> [updates]
>> name=CentOS-$releasever - Updates
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever&arch=$basearch&repo=updates&infra=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
>> enabled=1
>> gpgcheck=1
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #additional packages that may be useful
>> [extras]
>> name=CentOS-$releasever - Extras
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever&arch=$basearch&repo=extras&infra=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
>> gpgcheck=1
>> pgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #additional packages that extend functionality of existing packages
>> [centosplus]
>> name=CentOS-$releasever - Plus
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever&arch=$basearch&repo=centosplus&infra=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/
>> centosplus/$basearch/
>> gpgcheck=1
>> enabled=0
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>> #contrib - packages by Centos Users
>> [contrib]
>> name=CentOS-$releasever - Contrib
>> mirrorlist=http://mirrorlist.centos.org/?release=$
>> releasever&arch=$basearch&repo=contrib&infra=$infra
>> #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
>> gpgcheck=1
>> enabled=0
>> gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
>>
>>
>> On 08/12/16 21:00, Rabin Yasharzadehe wrote:
>>
>> +1 for `yum clean all`
>>
>> also make sure your repos in the `/etc/yum.repo.d/` folder are enabled
>> and are pointing to a valid repos.
>> some VPS provider will change the url's in this files to point to there
>> proxy server to save time and BW,
>>
>>
>>
>>
>> --
>> Rabin
>>
>> On 8 December 2016 at 18:57, David Suna 
>> wrote:
>>
>> I am using CentOS for the first time on a GoDaddy Virtual Private Server.
>> Yesterday I was able to install packages without a problem. Today, for some
>> reason, any package I try to search for I get a No Matches found error. And
>> any package I try to install I get No package  available.
>>
>> I am a Debian / Ubuntu user so I am a little lost in the CentOS - yum
>> world. GoDaddy support is completely worthless. I have tried searching on
>> Google but have not found what I am looking for.
>>
>> Can anyone give me a pointer to how I can solve this problem?
>>
>> Thanks,
>>
>>
>> --
>> David Suna
>> da...@davidsconsultants.com
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>>
>> --
>> David sunada...@davidsconsultants.com
>>
>>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ping and traceroute results

[Amos Shapira]

Anycast is not suitable for TCP.
It IS fantastic for DNS (which uses UDP), which is the first thing a client
does most of the time to find the server.
Akamai control server groups by allocating per-customer per-object host
names, then these can be resolved using their very highly customised DNS
servers to the right server (also taking into account dynamic changes like
server cluster load or failure).
Since DNS uses UDP and the traffic consists on one packet in each
direction, Anycast is ideal for that scenario.
The actual content transfer (e.g. move streams, which is where I with
Akamai for stan.com.au) doesn't use Anycast.

On 24 November 2016 at 04:06, Shachar Shemesh  wrote:

> On 22/11/16 02:19, Amos Shapira wrote:
>
> On 21 November 2016 at 18:20, Shachar Shemesh  wrote:
>
>> The DNS resolving google.com guesses your gegraphical location, and
>> gives you an answer that is nearest where you are. If you use another DNS
>> to query the domain, you will get a different IP:
>>
>
> It's not always a "guess your geographic location". The smarter ones use
> Anycast to advertise the same IP address from multiple locations on the
> Internet and let BGP do its magic to route your packets to the nearest
> server, taking into account any congestion or other transient connection
> speed changes. This is how Google's DNS 8.8.8.8 works, or Akamai's CDN. The
> nice thing about it is that you get optimal response even at the host
> resolution stage. The DNS server can then take its knowledge of the DNS
> query source address into account when it decides which IP address to
> resolve to.
>
> It's pretty neat, personally I find it a fascinating trick:
> https://en.wikipedia.org/wiki/Anycast
>
> It is, quite fascinating. It is not, unfortunately, as useful as you make
> it out to be. Neither Google nor Akamai use it for web traffic, for example.
>
> The reason is twofold. First, anycast is poorly equipted to handle TCP
> connections. There is a (remote) possibility that the handler of your IP
> would change mid-request, which would not play nice with your connection.
>
> The second, more pertinent, reason is that , at least for Akamai, they
> would like to be able to control which server you reach when you make a
> request. The would like to be able to re-route your in case something bad
> happens to that server. DNS TTL can be set as low as 30 or 60 seconds. BGP
> routes have much longer settle times.
>
> Shachar
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ping and traceroute results

[Amos Shapira]

On 21 November 2016 at 18:20, Shachar Shemesh  wrote:

> The DNS resolving google.com guesses your gegraphical location, and gives
> you an answer that is nearest where you are. If you use another DNS to
> query the domain, you will get a different IP:
>

It's not always a "guess your geographic location". The smarter ones use
Anycast to advertise the same IP address from multiple locations on the
Internet and let BGP do its magic to route your packets to the nearest
server, taking into account any congestion or other transient connection
speed changes. This is how Google's DNS 8.8.8.8 works, or Akamai's CDN. The
nice thing about it is that you get optimal response even at the host
resolution stage. The DNS server can then take its knowledge of the DNS
query source address into account when it decides which IP address to
resolve to.

It's pretty neat, personally I find it a fascinating trick:
https://en.wikipedia.org/wiki/Anycast

--Amos
-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ping and traceroute results

[Amos Shapira]

Google.com is not one computer. Google spreads their locations all over the
world including pops in many ISP's.

https://peering.google.com/#/

On 20 November 2016 at 19:18, shimi  wrote:

>
>
> On Sun, Nov 20, 2016 at 9:38 AM, Shlomo Solomon 
> wrote:
>
>> On Sun, 20 Nov 2016 08:25:18 +0200
>> shimi  wrote:
>>
>> > I believe it's called a CDN and/or local compute clusters and the
>> > purpose of it is to give you a better user experience, which is a
>> > Good Thing (TM).
>> >
>> snip ... snip ... snip
>> >
>> > Why do you think it's a problem and are trying to avoid it?
>> >
>>
>> Thanks. I agree that this is "normally" a Good Thing (TM). So I guess I
>> have to explain my problem. For a course I'm doing, I had to write
>> traceroute in Python   -   re-invent the wheel :-)
>>
>> My program works, but I noticed it never reaches www.google.com so I
>> checked the "real" traceroute and found the same behaviour.
>>
>> It seems that neither my program nor the real traceroute handle this
>> properly - i.e. they never report that they've reached the final hop.
>> I've included traceroute www.godaddy.com and traceroute www.google.com
>> for comparison. You can see that traceroute www.google.com never
>> reaches the address it's trying to reach - 213.57.24.49
>>
>>
> I do not believe the fact that you "can't reach it" has anything to do
> with www.google.com resolving to an IP in Israel.
>
> Since I am assuming that for your re-inventing the wheel exercise, you did
> learn and understood what traceroute does; But let me explain it anyway for
> the answer to your question lies within...
>
> What traceroute does is essentially send packets to the destination IP by
> certain protocol. Popular choices include UDP (I believe that's what the
> Linux one does by default), ICMP (I believe that's what the Windows one
> does by default) and TCP.
>
> However, it doesn't send the packet as one normally would, with a large
> TTL (Time To Live) value which is expected to reach anywhere on the
> Internet (typical values: >= 64), rather than it starts of with setting a
> minimal value for TTL, for the purpose of _not_ getting into the target IP,
> rather than the packet being dropped by the very first router (hop) on the
> chain, resulting in error in packet  delivery.
>
> Per the IP specification, such a packet discarding SHOULD produce an ICMP 
> (Internet
> Control Message Protocol) message being sent by the hop that has discarded
> the packet towards the originator of the original packet, telling it that
> "TTL expired in transit". The original idea was to avoid packets travelling
> to infinitum in routing loops - by decreasing the TTL by 1 on every hop the
> packet passes, eventually it will zero out, and the packet will be
> discarded, not causing a bandwidth storm.
>
> So, I said SHOULD. Does it always? Well, no. Some hosts on the Internet
> employ something called "a firewall", which blocks ICMP for various reasons
> (you'll hear the word "security" in some places); As a regular user who
> opens his browser and types in 'https://www.google.com/' - you don't
> really care. ICMP is not typically used when establishing a connection to a
> server on the Internet (well, that's not accurate; lack of PMTU discovery
> is an excellent way to get your IT people to pull some hairs out when any
> tunnel is involved, including dialup and Israeli "MPLS" connections, a.k.a.
> "dialer-less HOT"... but for the sake of discussion and to explain how did
> they ended up deciding to filter those packets and affect you - probably
> not knowing what else they break - then "it's not typically used")
>
> Sometimes the filtering is not of ICMP at all, rather than the original
> protocol you're trying to probe with; A random UDP port at the area of
> 30,000 typically has no business traversing their network, so your original
> packet (if you're using UDP packets for your traceroute program) may have
> been firewalled and never reached a router to lower its TTL by 1 and expire
> it in transit to produce the ICMP message you're expecting... In that case,
> where ICMP is not actually block, rather your UDP connection is, you might
> find out that running:
>
> traceroute -I 213.57.24.49
>
> (I for ICMP Echo based traceroute)
>
> Does actually get you to the target. However, you'll have to run this as
> root, because generating ICMP packets is not something the regular user can
> do. Of course, you can opt to chmod +s your traceroute binary...
>
> Hope this helps,
>
> -- Shimi
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Gradual installation of debian packages

[Amos Shapira]

I see. Valid points.
Whenever you break a production site - do you try to add a test which
simulates the parameters of the breakage?
It sounds to me like some sort of an image versioning could still help
here, that way you can really "roll back" (actually boot to a previous
version of the image) properly.
For instance, VyOS (http://vyos.net/wiki/Upgrade) roll out new versions
this way. I'm not sure how exactly they do that but the bottom line is that
it's possible to upgrade to the next release and still save all the
versions and configuration to roll back if you have to.

On 7 August 2016 at 14:18, Elazar Leibovich  wrote:

> It's radio antenna.
>
> It is of course tested before to some extent, in a "staging" environment.
>
> But since the physical environment varies, and sometimes antenna related
> parameters change between releases (e.g., duration of receive time), it is
> not easy to know you're not breaking something for someone by mistake.
>
> It could be for example the physical location of the antenna at the client
> which would make a difference.
>
>
> On Sat, Aug 6, 2016 at 2:27 AM, Amos Shapira 
> wrote:
>
>> What kind of hardware is this that's connected to the servers, and what
>> does the software do that you can't test before installing on production
>> servers?
>>
>> On 6 August 2016 at 02:14, Elazar Leibovich  wrote:
>>
>>> All real servers, with custom hardware attached, geographically
>>> distributed across the planet.
>>>
>>> Real people actually use the hardware attached to this computers, and
>>> it's not obvious to test whether or not it failed.
>>>
>>> The strategy therefor is, deploy randomly to small percentage of the
>>> machines, wait to see if you get complains from those customers using these
>>> hardware devices, and if everything went well, update the rest of the
>>> servers.
>>>
>>> The provisioning solution is chef, but I'm open to changing it. As I
>>> said, I don't think it makes too much difference.
>>>
>>> As of immutable server images, I'd do it with ZFS/brtfs snapshots
>>> (+docker/machinectl/systemd-nspawn if you must have some sort of
>>> virtual environment), but it's probably a better idea than apt-get install
>>> pkg=oldversion. Immutable filesystem for execution is of course not enough,
>>> since you might have migrations for the mutable part, etc. In this
>>> particular case, I don't think it's a big deal.
>>>
>>> You see, not everything is a web startup with customer facing website ;-)
>>>
>>> Thanks,
>>> Appreciate you sharing your experience.
>>> I'm not disagreeing with your points, but in this particular case, where
>>> testing is expensive, not all of them seems valid.
>>>
>>> On Fri, Aug 5, 2016 at 3:15 PM, Amos Shapira 
>>> wrote:
>>>
>>>> What provisioning tools do you use to manage these servers? Please tell
>>>> me you aren't doing all of this manually.
>>>> Also what's your environment? All hardware servers? Any virtualisation
>>>> involved? Cloud servers?
>>>>
>>>> Reading your question it feels like you are setting yourself up to fail
>>>> instead of minimising the failure altogether.
>>>>
>>>> What I suggest is that you test your package automatically in a test
>>>> environment (to me, Vagrant + Rspec/ServerSpec would be first candidates to
>>>> check) then rollout the package to the repository for the servers to pick
>>>> it up.
>>>>
>>>> As for "roll-back" - with comprehensive automatic testing this concept
>>>> is becoming obsolete, there is no such thing as "roll-back" only
>>>> "roll-forward", i.e. since the testing and rolling out are small and
>>>> "cheap", it should be feasible to fix whatever problem was found instead of
>>>> having to revert the change altogether.
>>>>
>>>> If you are in a properly supported virtual environment then I'd even go
>>>> for immutable server images (e.g. Packer building AMI's, or Docker
>>>> containers), then it's a matter of just firing up an instance of the new
>>>> image both when testing and in production.
>>>>
>>>> --Amos
>>>>
>>>> On 3 August 2016 at 16:55, Elazar Leibovich  wrote:
>>>>
>>>>> How exactly you connect to the server is not in the sco

Re: Gradual installation of debian packages

[Amos Shapira]

What kind of hardware is this that's connected to the servers, and what
does the software do that you can't test before installing on production
servers?

On 6 August 2016 at 02:14, Elazar Leibovich  wrote:

> All real servers, with custom hardware attached, geographically
> distributed across the planet.
>
> Real people actually use the hardware attached to this computers, and it's
> not obvious to test whether or not it failed.
>
> The strategy therefor is, deploy randomly to small percentage of the
> machines, wait to see if you get complains from those customers using these
> hardware devices, and if everything went well, update the rest of the
> servers.
>
> The provisioning solution is chef, but I'm open to changing it. As I said,
> I don't think it makes too much difference.
>
> As of immutable server images, I'd do it with ZFS/brtfs snapshots
> (+docker/machinectl/systemd-nspawn if you must have some sort of virtual
> environment), but it's probably a better idea than apt-get install
> pkg=oldversion. Immutable filesystem for execution is of course not enough,
> since you might have migrations for the mutable part, etc. In this
> particular case, I don't think it's a big deal.
>
> You see, not everything is a web startup with customer facing website ;-)
>
> Thanks,
> Appreciate you sharing your experience.
> I'm not disagreeing with your points, but in this particular case, where
> testing is expensive, not all of them seems valid.
>
> On Fri, Aug 5, 2016 at 3:15 PM, Amos Shapira 
> wrote:
>
>> What provisioning tools do you use to manage these servers? Please tell
>> me you aren't doing all of this manually.
>> Also what's your environment? All hardware servers? Any virtualisation
>> involved? Cloud servers?
>>
>> Reading your question it feels like you are setting yourself up to fail
>> instead of minimising the failure altogether.
>>
>> What I suggest is that you test your package automatically in a test
>> environment (to me, Vagrant + Rspec/ServerSpec would be first candidates to
>> check) then rollout the package to the repository for the servers to pick
>> it up.
>>
>> As for "roll-back" - with comprehensive automatic testing this concept is
>> becoming obsolete, there is no such thing as "roll-back" only
>> "roll-forward", i.e. since the testing and rolling out are small and
>> "cheap", it should be feasible to fix whatever problem was found instead of
>> having to revert the change altogether.
>>
>> If you are in a properly supported virtual environment then I'd even go
>> for immutable server images (e.g. Packer building AMI's, or Docker
>> containers), then it's a matter of just firing up an instance of the new
>> image both when testing and in production.
>>
>> --Amos
>>
>> On 3 August 2016 at 16:55, Elazar Leibovich  wrote:
>>
>>> How exactly you connect to the server is not in the scope of the
>>> discussion, and I agree that ansible is a sensible solution.
>>>
>>> But what you're proposing is to manually update the package on a small
>>> percent of the machines.
>>>
>>> Manual solution is fine, but I would like to hear experience of people
>>> who actually did that on many servers.
>>>
>>> There are many other issues, for example, how to you roll back?
>>>
>>> apt-get remove exposes you to the risk that the uninstallation script
>>> would be buggy. There are other solutions, e.g., btrfs snapshots on root
>>> partitions, but I'm curious to hear someone experienced with it to expose
>>> issues I didn't even thought of.
>>>
>>> Another issue is, how do you select the servers you try it?
>>>
>>> You suggested a static "beta" list, and I think it's better to select
>>> the candidates randomly on each update.
>>>
>>> Anyhow, how exactly you connect to the server is not the essence of the
>>> issue.
>>>
>>> On Wed, Aug 3, 2016 at 9:30 AM, Evgeniy Ginzburg 
>>> wrote:
>>>
>>>> Hello.
>>>> I'm assuming that you have paswordless ssh to the servers in question
>>>> as root.
>>>> Also I assume that you don't use central management/deployment software
>>>> (ansible/puppet/chef)
>>>> In similar cases I usully use parallel-ssh (gnu-parallel is another
>>>> alternative).
>>>> First stage install the package manually on one server to see that
>>&g

Re: Gradual installation of debian packages

[Amos Shapira]

What provisioning tools do you use to manage these servers? Please tell me
you aren't doing all of this manually.
Also what's your environment? All hardware servers? Any virtualisation
involved? Cloud servers?

Reading your question it feels like you are setting yourself up to fail
instead of minimising the failure altogether.

What I suggest is that you test your package automatically in a test
environment (to me, Vagrant + Rspec/ServerSpec would be first candidates to
check) then rollout the package to the repository for the servers to pick
it up.

As for "roll-back" - with comprehensive automatic testing this concept is
becoming obsolete, there is no such thing as "roll-back" only
"roll-forward", i.e. since the testing and rolling out are small and
"cheap", it should be feasible to fix whatever problem was found instead of
having to revert the change altogether.

If you are in a properly supported virtual environment then I'd even go for
immutable server images (e.g. Packer building AMI's, or Docker containers),
then it's a matter of just firing up an instance of the new image both when
testing and in production.

--Amos

On 3 August 2016 at 16:55, Elazar Leibovich  wrote:

> How exactly you connect to the server is not in the scope of the
> discussion, and I agree that ansible is a sensible solution.
>
> But what you're proposing is to manually update the package on a small
> percent of the machines.
>
> Manual solution is fine, but I would like to hear experience of people who
> actually did that on many servers.
>
> There are many other issues, for example, how to you roll back?
>
> apt-get remove exposes you to the risk that the uninstallation script
> would be buggy. There are other solutions, e.g., btrfs snapshots on root
> partitions, but I'm curious to hear someone experienced with it to expose
> issues I didn't even thought of.
>
> Another issue is, how do you select the servers you try it?
>
> You suggested a static "beta" list, and I think it's better to select the
> candidates randomly on each update.
>
> Anyhow, how exactly you connect to the server is not the essence of the
> issue.
>
> On Wed, Aug 3, 2016 at 9:30 AM, Evgeniy Ginzburg 
> wrote:
>
>> Hello.
>> I'm assuming that you have paswordless ssh to the servers in question as
>> root.
>> Also I assume that you don't use central management/deployment software
>> (ansible/puppet/chef)
>> In similar cases I usully use parallel-ssh (gnu-parallel is another
>> alternative).
>> First stage install the package manually on one server to see that
>> configuration is OK, daemons restart, etc...
>> If this stage is ok second step will be creating list of servers for
>> "complain" list and install package on them trough parallel-ssh.
>> Instead of waiting for complains, one can define metrics to check and use
>> some monitoring appliance for verification.
>> I case of failure remove package from repository and remove-install again.
>> Third will be parallel-ssh install on all the servers.
>>
>> P. S. In case of few tens of servers I'd prefer to work with ansible or
>> alternative, it's worh it in most cases/
>>
>> Best Regards, Evgeniy.
>>
>>
>> On Tue, Aug 2, 2016 at 8:50 PM, Elazar Leibovich 
>> wrote:
>>
>>> Hi,
>>>
>>> I'm having a few (say, a few tens) Debian machines, with a local
>>> repository defined.
>>>
>>> In the local repository I have some home made packages I'm building and
>>> pushing to the local repository.
>>>
>>> When I'm upgrading my package, I want to be sure the update wouldn't
>>> cause a problem.
>>>
>>> So I wish to install them on a few percentage of the machines, wait for
>>> complaints.
>>>
>>> If complaints arrive - roll back.
>>> Otherwise keep upgrading the whole machines.
>>>
>>> I'll appreciate your advice and experience of similar situation,
>>> I'll appreciate if someone who had actual real life experience with this
>>> situation would mention it in the comments.
>>>
>>> Thanks,
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>>
>> --
>> So long, and thanks for all the fish.
>>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

IS there anyone here with experience with VyOS/Vyatta?

[Amos Shapira]

I'm looking for answers about some corner cases I hit with it.

I generally managed to get it up and running and connecting my AWS VPC's
over IPSec
VPN with BGP-4 routing (fully automated, I'll publish the AMI Packer
receipe and CloudFormation
stack later), but have a few other annoyances.

Specifically I'm now trying to use it for remote-access l2tp/ipsec and also
have an issue with
the office VyOS having trouble generating DNS traffic using the right
source address.

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Questions for network/hardware engineer candidates?

[Amos Shapira]

Almost all our laptops are Mac Book pros, they don't require much handling
(usually if there is a problem then just take it to the Apple store a
couple of blocks away).

I'm after someone who can take care of our fibre-optic office line, modems,
WiFi, LAN and the router (the router is actually fun to work with - it runs
VyOS on a Dell rack), the card entrance system (Lenel).

I'm not quiet concerned with them being experts about the specific hardware
we have but trying to estimate their aptitude in attacking hardware/network
problems and troubleshooting by themselves, without me having to keep
holding their hand.

On 5 July 2016 at 10:04, Shay Gover  wrote:

> Hi Amos,
>
> Please define Hardware and Network. Server? PCs? PC Technician? Something
> else?
>
> Shay
>
> On Tue, Jul 5, 2016 at 2:36 AM, Amos Shapira 
> wrote:
>
>> Hi,
>>
>> My workplace is looking to fill in a position for a hardware/network
>> person, someone to look mostly after the office network.
>>
>> Do people here have ideas about where to look for good interview
>> questions/exercises for such a role?
>>
>> Thanks,
>>
>> --Amos
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Questions for network/hardware engineer candidates?

[Amos Shapira]

Hi,

My workplace is looking to fill in a position for a hardware/network
person, someone to look mostly after the office network.

Do people here have ideas about where to look for good interview
questions/exercises for such a role?

Thanks,

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Amos Shapira]

Yes I know it's possible to fork multiple processes with one thread in each
and all that jazz.

I'm asking in the context of Erez' response - if he runs single-threaded
code on a multiprocessor hardware, how would he take advantage of more than
one processor core?


On 3 July 2016 at 08:35, Steve Litt  wrote:

> On Sun, 3 Jul 2016 07:13:13 +1000
> Amos Shapira  wrote:
>
> > Thanks for the explanation. I like this.
> > How would a single-threaded process take advantage of muti- CPU?
>
> Threads is just one method of multiprocessing. IIRC, back in the day
> Apache multiprocessed by forking a new process for every HTTP
> connection. Certainly those processes would be apportioned among the
> many processors or cores.
>
> SteveT
>
> Steve Litt
> June 2016 featured book: Troubleshooting: Why Bother?
> http://www.troubleshooters.com/twb
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Amos Shapira]

Thanks for the explanation. I like this.
How would a single-threaded process take advantage of muti- CPU?
On 2 Jul 2016 5:49 PM, "Erez D"  wrote:

> doing some research on servers i found out that i can handle more
> connections simultaneously as single threaded.
> on thread per connection i have a huge overhead, just think of the default
> 2MB stack per connection - 1000 connections is 2GB ram just for stack.
> however as single threaded, i can server connections by the 10,000s(or
> even a million).
>
> later to my surprise, i found out that that was exactly one of the main
> considerations behind node.js
>
> but node.js requires code in js. and i am more of a c++ guy
> (and of course c++ is more efficient than js)
>
> C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par with
> other modern languages.
> the idea behind c++11/14 was to make it simple for beginners, while still
> keeping the option to control every bit for advanced users.
> one thing i hear people hate about c and c++ is its memory handling
> (malloc/free or new/delete), however in forgot about it years ago using
> shared_ptr ( now in c++11 and before that, use boost instead).. you can
> still control when it is freed if you want (in countrary to
> garbage-disposal-thread languages). as a matter of fact, i use this a lot -
> i create an object that cleans up,. and no matter how i exit the function
> it gets cleaned up.
>
> so i wanted a node.c++ instead of writing my own
>
> in theory simple single threaded web server usage code could look
> something like:
>
> int main()
> {
>   auto server=HttpServer::create(80,[](Request &request)
> {
>   if (request.header=="HelloWorld")
>   {
>  HttpResponse(200,"Hello, world");
>   } else {
> File::Read(request,header,[](bool success, string body)
>   {
>  if (success)
>HttpResponse(400,body);
>   } else {
>HttpResponse(404);
>   }
> );
>   }
> }
>   );
> }
>
>
>
>
>
> On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira 
> wrote:
>
>> I'm curious - what's the background of this question? What's the original
>> goal that led you to ask this?
>>
>> On 28 June 2016 at 18:04, Erez D  wrote:
>>
>>> i tried searching the web but got no result
>>>
>>> what web servers other than node.js are single threaded ?
>>> anyone has experience with one ?
>>> is there one in which the cgi is in c++ ?
>>>
>>>
>>>
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Amos Shapira]

I'm curious - what's the background of this question? What's the original
goal that led you to ask this?

On 28 June 2016 at 18:04, Erez D  wrote:

> i tried searching the web but got no result
>
> what web servers other than node.js are single threaded ?
> anyone has experience with one ?
> is there one in which the cgi is in c++ ?
>
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: iba.org.il programs

[Amos Shapira]

I don't watch much but noticed that היהודים באים is available on youtube
officially by IBA. Here is the Youtube account which makes it available,
perhaps the program you are interested in is also available?
https://www.youtube.com/user/MEDIAIBA


On 6 June 2016 at 08:02, Tzafrir Cohen  wrote:

> Hi,
>
> Lately I'm no longer able to view programs from iba.org.il even with a
> flash plug-in. Any way to download them without using the flash plugin?
>
> --
> Tzafrir Cohen | tzaf...@jabber.org | VIM is
> http://tzafrir.org.il || a Mutt's
> tzaf...@cohens.org.il ||  best
> tzaf...@debian.org|| friend
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: vdsl2 router

[Amos Shapira]

On 8 March 2016 at 21:01, E.S. Rosenberg  wrote:

>
>
> 2016-03-08 9:10 GMT+02:00 Amos Shapira :
>
>> What exact model of TP-Link have you got?
>>
> WR740N (v4.x), WR841ND (v5.x), WR1043ND (v1.x)
>
>> I have a TP-Link AC1750 ADSL2+ modem router which is great except that
>> OpenWRT doesn't support this specific model's WiFi well (see multiple
>> "Notes" in https://wiki.openwrt.org/toh/tp-link/archer-c5-c7-wdr7500)
>>
> Did you check recently? The way I understand the notes v2 is fully
> supported while v1.x only the 2.4GHz Band is supported (though they do
> write that they don't do hardware NAT which will affect you if you have a
> WAN line > 300MBit/s).
>

I've just double checked this morning - the serial label on the router says
"v1.0", which means I can't take advantage of 802.11ac with OpenWRT on it
:(.


>
> So I'm half-heartedly on the lookout for something to run OpenWRT or VyOS
>> on, with 1Gb ethernet and 802.11ac WiFi and which can be used to do smart
>> and efficient routing especially over OpenVPN tunnels.
>>
> Let us know if you find something in a few month OpenWRT should be
> releasing 16.x (Designated Driver, if they manage to stick to the roughly
> yearly releases) which may bring improved support for your existing device
> considering how they already have half decent support there is someone (and
> probably more then one someone) working on it
>
> If you want something really powerful with a very powerful OS have a look
> at this:
> http://routerboard.com/RB962UiGS-5HacT2HnT
>

Perhaps my top priority, after having something that's flexible enough, is
hardware which won't take more than 3W to run.

Thanks,

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: vdsl2 router

[Amos Shapira]

What exact model of TP-Link have you got?
I have a TP-Link AC1750 ADSL2+ modem router which is great except that
OpenWRT doesn't support this specific model's WiFi well (see multiple
"Notes" in https://wiki.openwrt.org/toh/tp-link/archer-c5-c7-wdr7500)
So I'm half-heartedly on the lookout for something to run OpenWRT or VyOS
on, with 1Gb ethernet and 802.11ac WiFi and which can be used to do smart
and efficient routing especially over OpenVPN tunnels.


On 8 March 2016 at 10:07, E.S. Rosenberg  wrote:

> Personally I don't bother with the modem/router supporting OpenWRT, I
> bought a nice TP-Link router which functions as the router of my
> networks and runs OpenWRT then the provider router/bridge/whatever box
> is just used as a bridge device and nothing more.
>
> There are far less xDSL devices that support *WRT and also you never
> know if the device you'll get from your provider is under your full
> control (these days with 2/3-play packages the router tends to not be
> under your control since it also does your VoIP/TV) so as far as I am
> concerned the provider-device is 'outside' my network and should be
> treated as such
>
> Also the provider devices tend to have terrible firmware/updates which
> of course you want to salvage with *WRT.
>
> Regards,
> Eliyahu - אליהו
>
> 2016-03-01 13:40 GMT+02:00 Rabin Yasharzadehe :
> > In my opinion , a good place to start is this list -
> > http://www.netcheif.com/Articles/VDSL_Router/VDSL_Router.htm
> > find one/two that meet your demand, and then check if they have support
> for
> > openwrt/dd-wrt
> >
> > --
> > Rabin
> >
> > On 1 March 2016 at 12:43, sara fink  wrote:
> >>
> >> Hi Everyone
> >>
> >> I would like to buy a vdsl2 router that supports openwrt or ddwrt.
> Anyone
> >> has experience with a good router? Xphone gives dlink 225 which doesn't
> >> support openwrt.
> >>
> >> ___
> >> Linux-il mailing list
> >> Linux-il@cs.huji.ac.il
> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >>
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

[Amos Shapira]

I too would recommend letsenctlrypt. The only down side is possibly that
you have to keep renewing (automatically with a cron job) every three
months.
Alternatively, www.ssls.com lists very very cheap certs.
On 8 Mar 2016 4:49 p.m., "Baruch Siach"  wrote:

> Hi Gabor,
>
> On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
> > A found plenty of companies offering SSL certificates. One of them
> > https://www.ssl.com/
> > that was recommended by the domain registrar I am using had
> > $177 / year for the first 3 hostname and then $49 / year for each
> > additional hostname and $129/year for each wildcard domain.
> >
> > Is that a reasonable price? Any suggestions?
>
> How about https://letsencrypt.org/ free certs?
>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Password regex change on mybills.co.il

[Amos Shapira]

One condition I see from this regex which wasn't mentioned yet is that
there should be at least two *consecutive* letters in the password.

All in all, as Steve said - this is an idiotic way to enforce such complex
requirements (and I consider myself a regex enthusiast), and they should
fix their own shit. Just send them a password you tried so they can see for
yourself that it doesn't work.
On 28 Feb 2016 6:47 a.m., "Valery Reznic"  wrote:

> Hi, All.
>
> It's not actually Linux-related, but more regular-expression question.
> Nevertheless ...
>
> Recently I was unable to login into site mybills.co.il
>
> Attempt to reset password also failed due to regular expression test
> failed.
>
> Mybills claims that password should be 8-10 characters long and should
> include at least two digits and Latin letters.
>
> Whatever I tried as password - I was not able to pass their regex test.
>
> After a bit of digging
> I found following in the https://www.mybills.co.il/js/Validations.js
>
>
> //var passREGEX =
> /^(?=.{8,10}$)(?=(.*[0-9]){2,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%^&*()+-_=])).*/;
> var passREGEX =
> /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[~#%&=\$\-\!\?\^@])(?=.{8,})/;
>
> I tried first (commented out) regex in
>  the regex101.com and indeed password with 2 digits and 2 Latin letters
> matches
>
> I tried the second (active) one- no matches.
>
> Any idea what password should looks like to match this regex?
>
> I tried to contact mybills's support - no luck here :(
>
> Valery
>
>
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: problems upgrading an Ubuntu EC2 node

[Amos Shapira]

Thanks for coming back with the solution.

Though in a broader perspective: "you are holding it wrong" - get used to
the fact that you are running in the cloud and use it right - learn to
build your images from scratch so you can move to a  updated base image and
automatically install and configure your system on top of it. Otherwise I
can guarantee that you'll hit such a problem (or be very worried about it)
in your next upgrade.
On 23 Feb 2016 9:09 a.m., "Amit Aronovitch"  wrote:

> Posting the fix to list, in case someone searches the archives:
>
> Turns out that there were some leftover upstart files in /etc/init/, which
> apparently belonged to an old package (lxcguest) which had been uninstalled
> but left configured (possibly a remainder from a previous upgrade).
> Moving them away (by attaching and mounting the root volume onto another,
> live, machine) made the upgraded-ubuntu-machine bootable.
>
> The solution was taken from this link (which also details the diagnosis):
>
> http://www.nicksherlock.com/2015/01/my-ec2-server-wouldnt-boot-after-apt-get-dist-upgrade-i-fixed-it/
>
> Thanks Shimi for the quick response and for pointing out that link to me.
>
> AA
>
> p.s. I still have no idea why attaching this volume to a stopped machine
> had made it unbootable (upstart cannot be affected by extra disks that are
> not even automounted via fstab).
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: More pieces of the IPv6 puzzle (Re: ISP with native ipv6 in isarael)

[Amos Shapira]

Thanks everyone.
On 30 Jan 2016 12:43 a.m., "Yuval Adam"  wrote:

>
>
> On 01/29/2016 11:52 AM, Amos Shapira wrote:
> >
> > Does anyone here have experience with public IPv6 in the cloud
> > (AWS/DigitalOcean/Google, in decreasing order of preference)?
> >
>
> Yes, I run my personal server on Digital Ocean + native IPv6 and it
> works great.
>
> Unfortunately, IPv6 support on AWS is partial, at best -
> If you use Route53 for your DNS records you can assign  records to
> domains, but the Route53 nameservers do not publish any IPv6 addresses
> so it's impossible to reach them on IPv6-only.
> EC2 instances are not assigned IPv6 addresses, and you have to route
> through an ELB if you want that.
>
> No information on Google Cloud.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: More pieces of the IPv6 puzzle (Re: ISP with native ipv6 in isarael)

[Amos Shapira]

Does anyone here have experience with public IPv6 in the cloud
(AWS/DigitalOcean/Google, in decreasing order of preference)?
On 29 Jan 2016 6:19 a.m., "E.S. Rosenberg"  wrote:

2016-01-28 20:37 GMT+02:00 Beni Cherniavsky-Paskin <
beni.cherniav...@gmail.com>:
> Due to bezeq's modem's wifi unreliability, I'm mostly connecting to my
> own wifi router anyway.
> I'd have switched to it completely and use a firewall there, except
> it's old and doesn't support IPv6 at all, and I haven't gotten around
> to buy a new one and/or install *WRT.
I also use bezeq boxes as modem-only and have an OpenWRT box behind
them, TP-Link makes very nice boxes that support OpenWRT (their
cheapest model is the 80NIS 741ND which is very good alue for money)
>
> I'm also a general believer in securing my laptops rather than my
> network, as I'm connecting to any and all wifis when traveling,
> and I've been deliberately running an unsecured wifi for years,
> valuing helping neighbors & passers-by over security (nowdays there is
> no dillema I'm shifting to separate guest networks).
No question that your laptop should be secure but that is no reason to
leave your desktop, printer, NAS, home automation, home security etc.
unsecured.
>
> To some degree, the desire of dropping NAT and having
> world-addressable machines inherently conflicts with the desire to
> have a firewall.
That is non-sense, I worked at several locations with IP addresses as
water and just because we had all our machines (even on WiFi) have
world-addressable IPs didn't mean we didn't have a firewall to limit
access from the outside to be only through the paths we allowed.
There is also no real valid reason to allow the outside world to be
able to scan your inside network NAT always sort provided that out
of the box but a good firewall does that even without NAT.
>
> But the wisdom of all this is of course debatable.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Python for Kids

[Amos Shapira]

I'd be interested to hear about resources for these ages in English too.

On 11 January 2016 at 01:11, Justin  wrote:

> Has anyone discovered good resources for teaching kids python? Hebrew?
>  (Ages 8-11)
>
> Code.org has great resources for abstract programing. They even translate
> into Hebrew. But very little to teach kids skills they can use on their
> own.
>
> Now I want to teach my oldest Python but I can't find any good resources.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Problems while trying to install CENTOS 7

[Amos Shapira]

You should also take the offer by the installer to checksum the media.

On 1 January 2016 at 03:18, Shlomi Fish  wrote:

> Hi Israel!
>
> On Thu, Dec 31, 2015 at 5:26 PM, Israel Shikler 
> wrote:
>
>> I  downloaded Centos 7 from a mirror site in Israel,
>> In the first time I created an installation dvd by imgburn and got the
>> following message while installing:
>> Error msg: centos 7 dev/root does not exist
>> In the second time the dvd was crated via expressburn, this time I got :
>> Error msg: not a com32r image
>>
>> Any idea what could go wrong?
>>
>
> Did you verify that the SHA-256 sum of the .iso file is correct? See
> http://mirror.isoc.org.il/pub/centos/7.2.1511/isos/x86_64/sha256sum.txt -
> if there's a mismatch then you'll need to use rsync (see
> https://en.wikipedia.org/wiki/Rsync ) or zsync (see
> http://zsync.moria.org.uk/ ) to make sure you got the right file
> contents. Otherwise, it's possible that you have used bad DVD media or that
> your hardware is incompatible with CentOS 7 (or faulty).
>
> Regards,
>
> -- Shlomi Fish
>
> --
> --
> Shlomi Fish http://www.shlomifish.org/
>
> Chuck Norris helps the gods that help themselves.
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: How to search Linux Kernel changelogs? (USB disconnect problem)

[Amos Shapira]

Backports?
https://packages.debian.org/jessie-backports/
On 25 Dec 2015 9:04 a.m., "E.S. Rosenberg"  wrote:

> Unless it has dependencies that force you 'onward' there is no reason
> not to download the deb and install it manually
>
> 2015-12-24 20:14 GMT+02:00 Omer Zak :
> > As it turned out, it did not matter that I misunderstood tlp's name.
> > The package tlp exists only in Debian Stretch (testing) and in Debian
> > Sid (unstable), and my PC runs on Debian Jessie, so there is no tlp in
> > my near future.
> >
> > On Wed, 2015-12-23 at 09:32 +, Daniel Shahaf wrote:
> >> Omer Zak wrote on Mon, Dec 21, 2015 at 13:54:50 +0200:
> >> > At your hint, I have installed powertop.
> >> > I did not find a tip in Debian, but there is a tiptop command in my
> >> > system.
> >>
> >> Rabin wrote "tlp" with an 'L', not "tip" with an 'I'.
> >>
> >> Daniel
> >>
> >> > How can they help me diagnose USB problems?
> >> >
> >> >
> >> > On Mon, 2015-12-21 at 13:35 +0200, Rabin Yasharzadehe wrote:
> >> > > do you install/use powertop or tlp ?
> >
> > --
> > Did you shave a yak today?
> > My own blog is at http://www.zak.co.il/tddpirate/
> >
> > My opinions, as expressed in this E-mail message, are mine alone.
> > They do not represent the official policy of any organization with which
> > I may be affiliated in any way.
> > WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Summary: Which Linux distribution is stable yet up-to-date

[Amos Shapira]

I tried to avoid this discussion but I'm a little surprised that nobody
mentioned Debian Testing.
I've used it as a desktop for a decade or so and it had a great combination
of very good stability (i.e. I can't recall it ever disappointed me) and
still relatively up to date.
But then again - it's been a while since I used it.
These days I use Ubuntu LTS for servers and Mac for laptop, and for a few
months around a year ago also Ubuntu LTS for a work laptop.

On 2 December 2015 at 06:35, Geoff Shang  wrote:

> On Tue, 1 Dec 2015, Omer Zak wrote:
>
> Yet another option is to use Debian Stable as the host operating system,
>> like I did so far, but compile and install my own kernel builds
>> according to the instructions in places such as:
>>
>> http://www.cyberciti.biz/faq/debian-ubuntu-building-installing-a-custom-linux-kernel/
>>
>
> You can also use Debian Backports to get more recent kernel releases.
>
> deb http://httpredir.debian.org/debian jessie-backports main contrib
> non-free
>
> Here's the most recent kernel in jessie-backports at time of writing:
>
> Package: linux-image-4.2.0-0.bpo.1-amd64
> Source: linux
> Version: 4.2.6-1~bpo8+1
>
> HTH,
> Geoff.
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: persistent private browsing ?

[Amos Shapira]

Thanks.

As far as I know (I left this company almost four years ago), this is a
subset of the metrics they collect.

On 18 November 2015 at 21:49, Yedidyah Bar David  wrote:

> On Wed, Nov 18, 2015 at 4:07 AM, Amos Shapira 
> wrote:
>
>> Tell me about it :)
>> I used to work for an Australian startup which makes money from just
>> doing this (and a few other tricks) - threatmetrix.com
>>
>
> See also panopticlick.eff.org if interested.
>
>
>>
>> On 18 November 2015 at 07:46, E.S. Rosenberg 
>> wrote:
>>
>>> BTW The plugins/addons/language preferences you use and advertise to
>>> the website actually help identify you too... depending on how
>>> standard or non-standard your settings are just your browser agent and
>>> http headers may be enough of a fingerprint
>>>
>>> 2015-11-17 14:19 GMT+02:00 Rabin Yasharzadehe :
>>> > In my case for each new Chrome session I install `ublock origin` ,
>>> which
>>> > allow you to backup your setting to a file.
>>> > but you may find where the plugin save it configuration and re-apply
>>> them
>>> > after chrome start.
>>> >
>>> > I also now about `proxy switchysharp` which allow you to export it
>>> > configurations.
>>> >
>>> >
>>> >
>>> > --
>>> > Rabin
>>> >
>>> > On 17 November 2015 at 12:52, Erez D  wrote:
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Nov 17, 2015 at 12:33 PM, Rabin Yasharzadehe 
>>> >> wrote:
>>> >>>
>>> >>> That's right, Incognito/Privet Browsing mode share the same session.
>>> >>> this is why you need to create a new profile for each case.
>>> >>>
>>> >>> Chrome & Firefox can be configure to run with pre-installed addons,
>>> >>> but you may need to configure them if needed.
>>> >>> but there some extension which allow you to export there settings (so
>>> >>> maybe you can automate the import ?).
>>> >>
>>> >> do you know which ?
>>> >>>
>>> >>>
>>> >>> --
>>> >>> Rabin
>>> >>>
>>> >>> On 17 November 2015 at 11:19, Erez D  wrote:
>>> >>>>
>>> >>>> you are correct
>>> >>>>
>>> >>>> however, it is  needed to re-configire each and every profile -
>>> plugins,
>>> >>>> master password etc
>>> >>>>
>>> >>>> would be nice to have different profiles with some common settings,
>>> on
>>> >>>> different tabs on same window ...
>>> >>>>
>>> >>>> btw, i found that even 'private browsing' is not so private as if
>>> you
>>> >>>> open multiple tabs or windows of private browsing, they all share
>>> the same
>>> >>>> cookies.
>>> >>>> the only thing different about private browsing is that the cookies
>>> are
>>> >>>> deleted when all the private browsing sessions end.
>>> >>>>
>>> >>>> On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg 
>>> wrote:
>>> >>>>>
>>> >>>>> If I'm not mistaken you should be able to accomplish this by
>>> starting
>>> >>>>> Firefox with a different profile (firefox -P or firefox
>>> --profile)
>>> >>>>>
>>> >>>>> 2015-11-15 10:36 GMT+02:00 Efraim Flashner >> >:
>>> >>>>> > I'm using privacy badger to block the following aspects of the
>>> >>>>> > different ads, including facebook. Doesn't sandbox them, but
>>> does keep them
>>> >>>>> > all from following me around the web.  I'm also using privoxy
>>> with tor to
>>> >>>>> > pass my browser traffic through tor, but that's not really going
>>> to make a
>>> >>>>> > difference in relation to your question.
>>> >>>>> >
>>> >>>>> >
>>> >>>>> > On Sun, 15 Nov 2015 10:26:18 +0200
>>> >>>>> > Rabin Yasharzadehe  wrote:
>>> >>>>> >
>>> >>>>> >> I&

Re: persistent private browsing ?

[Amos Shapira]

Tell me about it :)
I used to work for an Australian startup which makes money from just doing
this (and a few other tricks) - threatmetrix.com

On 18 November 2015 at 07:46, E.S. Rosenberg 
wrote:

> BTW The plugins/addons/language preferences you use and advertise to
> the website actually help identify you too... depending on how
> standard or non-standard your settings are just your browser agent and
> http headers may be enough of a fingerprint
>
> 2015-11-17 14:19 GMT+02:00 Rabin Yasharzadehe :
> > In my case for each new Chrome session I install `ublock origin` , which
> > allow you to backup your setting to a file.
> > but you may find where the plugin save it configuration and re-apply them
> > after chrome start.
> >
> > I also now about `proxy switchysharp` which allow you to export it
> > configurations.
> >
> >
> >
> > --
> > Rabin
> >
> > On 17 November 2015 at 12:52, Erez D  wrote:
> >>
> >>
> >>
> >> On Tue, Nov 17, 2015 at 12:33 PM, Rabin Yasharzadehe 
> >> wrote:
> >>>
> >>> That's right, Incognito/Privet Browsing mode share the same session.
> >>> this is why you need to create a new profile for each case.
> >>>
> >>> Chrome & Firefox can be configure to run with pre-installed addons,
> >>> but you may need to configure them if needed.
> >>> but there some extension which allow you to export there settings (so
> >>> maybe you can automate the import ?).
> >>
> >> do you know which ?
> >>>
> >>>
> >>> --
> >>> Rabin
> >>>
> >>> On 17 November 2015 at 11:19, Erez D  wrote:
> 
>  you are correct
> 
>  however, it is  needed to re-configire each and every profile -
> plugins,
>  master password etc
> 
>  would be nice to have different profiles with some common settings, on
>  different tabs on same window ...
> 
>  btw, i found that even 'private browsing' is not so private as if you
>  open multiple tabs or windows of private browsing, they all share the
> same
>  cookies.
>  the only thing different about private browsing is that the cookies
> are
>  deleted when all the private browsing sessions end.
> 
>  On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg 
> wrote:
> >
> > If I'm not mistaken you should be able to accomplish this by starting
> > Firefox with a different profile (firefox -P or firefox
> --profile)
> >
> > 2015-11-15 10:36 GMT+02:00 Efraim Flashner :
> > > I'm using privacy badger to block the following aspects of the
> > > different ads, including facebook. Doesn't sandbox them, but does
> keep them
> > > all from following me around the web.  I'm also using privoxy with
> tor to
> > > pass my browser traffic through tor, but that's not really going
> to make a
> > > difference in relation to your question.
> > >
> > >
> > > On Sun, 15 Nov 2015 10:26:18 +0200
> > > Rabin Yasharzadehe  wrote:
> > >
> > >> I'm using chrome and launch it with a new DATADIR each time. (see
> > >> here
> > >>
> > >> <
> http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension
> >
> > >> )
> > >> useful for sites which need flash.
> > >>
> > >> I was having problems downloading the CRX files so now i just
> point
> > >> them
> > >> directly in the config file
> > >> and each new Chrome run will download them.
> > >>
> > >> --
> > >> Rabin
> > >>
> > >> On 15 November 2015 at 10:18, Erez D  wrote:
> > >>
> > >> > Hello
> > >> >
> > >> > Today browsers support Private Browsing mode (e.g. sandbox) .
> > >> > however,
> > >> > when i close that window, all it's data is lost, next time i
> will
> > >> > again
> > >> > need to supply my login, password, etc
> > >> >
> > >> > What i want, is a way to sandbox a site (e.g. facebook), and
> > >> > reopen it
> > >> > tomorrow in the same sandbox. i.e. when i am going to a web page
> > >> > not from
> > >> > that sandbox, if that web page includes pages from facebook, it
> > >> > will not be
> > >> > able to track my facebook identity as i login to facebook only
> > >> > from the
> > >> > sandbox.
> > >> >
> > >> > the only way i can do it right now is by accessing facebook
> from a
> > >> > different browser than the rest of the pages.
> > >> >
> > >> > however there are many websites (facebook, google twiter etc.)
> and
> > >> > i do
> > >> > not have so many browsers
> > >> >
> > >> > is there a way to open a private browsing page, and be able to
> > >> > access it
> > >> > again after reopening the browser ?
> > >> >
> > >
> > > --
> > > Efraim Flashner  אפרים פלשנר
> > > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> > > Confidentiality cannot be guaranteed on emails sent or received
> > > unencrypted
> > >
> > > ___
> > 

Any Chrome extension developers around here?

[Amos Shapira]

Hi,

I have a itch with Chrome I'd like to scratch but don't have time to learn
how to program a Chrome extension.

Does anyone here know how to program Chrome extensions and is interested in
a small project?

It's about controlling which of multiple parallel logged in Chrome users
(think - workplace Google Apps login in paralel to a personal Google login)
will be used when opening a link from another app (in my case - on OSX)
based on URL matching.

Thanks.

-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Void Linux tips

[Amos Shapira]

What's the advantage of this distro?

I may be old and tired but I have to see a unique strong benefit for
deviating from the mainstream.

On 22 October 2015 at 06:18, Steve Litt  wrote:

> Hi all,
>
> I recently switched over to Void Linux, a KISS principle distro much
> closer to Slack than to Ubuntu, but with an oustanding, full
> dependency handling package manager. So far, I really like it.
>
> I've put together a bunch of tips for installing and using Void, so
> that the next guy has an easier time than I did:
>
> http://troubleshooters.com/linux/void/voidtips.htm
>
> Hope you like it.
>
> SteveT
>
> Steve Litt
> October 2015 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: KODI on Raspberry PI2 - no screen output

[Amos Shapira]

There very active forums for OpenELEC and kodi. I suggest that you try
asking there too.
On 21 Oct 2015 6:37 a.m., "Shlomi Fish"  wrote:

> Hi Shlomo!
>
> Just a question:
>
> Shlomo Solomon
>> http://the-solomons.net
>> Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4
>>
>>
> Are you still using Mageia 4? If so, I should note that it was
> end-of-lifed (EOLed) and will no longer receive updates (including security
> ones) and that you should really upgrade to Mageia 5 (and update your
> signature).
>
> Regards,
>
> -- Shlomi Fish
>
>
> --
> --
> Shlomi Fish http://www.shlomifish.org/
>
> Chuck Norris helps the gods that help themselves.
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Deleting Thousends of Messages in Gmail

[Amos Shapira]

What would be the advantage of Claws e-mail over the previously provided
GMail web interface search?
I got the impression the web interface can achieve this on the server side,
which will save network bandwidth and time.

On 24 August 2015 at 11:28, Steve Litt  wrote:

> On Sun, 23 Aug 2015 23:07:02 +0300
> Amichai Rotman  wrote:
>
> > I know it's kinda off-topic, but I am really at a loss...
> >
> > I m trying to free spcace on my Google free storage, so i am sifting
> > through very old messages to delete in my Gmail box (as far as 2005
> > and beyond!)
> >
> > I have this one label containing 12,000(!) messages. I'd like to
> > delete all messages dated  before the current year.
>
> One easy way, if you can let things run overnight, is to install
> Claws-Mail, which is pretty darn fast. Point it at your Gmail IMAP,
> filter out everything before 1/1/2015 (the advanced search thing for
> selecting just the older messages is "ag" followed by a number of days
> (the number of days since 12/31/2014. Then highlight them all and run
> delete. Be sure you set Claws to delete immediately and not leave a
> ghost copy (I don't know how to explain it any better).
>
> Don't try this with Thunderbird. 12K messages with Thunderbird could
> take several days just to load up.
>
> SteveT
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Major rendering bug affecting Hebrew in pango has been fixed

[Amos Shapira]

Is this the same code used in Android?
Just today I read a Hebrew article in Pocket (https://getpocket.com/) on my
Nexus 5 and was reminded that it still justifies the "mobilized" version to
the left.

On 23 August 2015 at 05:53, Dov Grobgeld  wrote:

> This might be interesting to someone on the list.
>
> A major bug affecting rendering of Hebrew with justification in pango has
> been fixed after more than 8 years.
>
> See the following animated gif showing the rendering before and after the
> latest pango updates.
>
> https://bug753772.bugzilla-attachments.gnome.org/attachment.cgi?id=309871
>
> Though the animated gif shows Hebrew with nikud, the problem exists just
> the same without nikud.
>
> My only contribution was reporting the bug and giving feedback to Behdad
> who fixed it.
>
> Regards,
> Dov
>
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Any Chrome extension developer looking for a project?

[Amos Shapira]

Hi,

I'm looking for a Chrome extension which can do the following (copied from
my unanswered question at
https://productforums.google.com/forum/#!msg/chrome/hIH8rDKCpgI/aYD_rvSSW6AJ
):

I'm logged in to two accounts on my workplace Chrome in parallel, let's
call them "work" and "home". I keep at least one Chrome window open for
each account.

I sometimes click on links which are only accessible to the "work" person,
but they are opened by Chrome on whichever was the last window I was in,
i.e. sometimes Chrome tries to open the link as my "home" account (and
fails). I then have to copy the link and re-open it in a new tab on the
"work" window.

What I'd love to have is to be able to specify URL substrings (e.g.
prefixes, for instance "https://bitbucket.org/work/*"; or "https:
work.atlassian.net*") and tell Chrome "If you are sent these URL's then
open them using the 'work' account".


Now, since nobody could point me to an existing way to do that, and I
couldn't find such an extension myself, I thought it might be an
interesting project for someone who knows their Chrome stuff.

Any takers?

Thanks,

--Amos
-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

[JOB] Looking for a Linux NetFilter or general Kernel module programmer

[Amos Shapira]

Hi,

A startup is looking for a contractor with proven experience in writing
Linux kernel modules for a short contract job.

Preference for candidates with proven experience in writing NetFilter
modules (http://www.netfilter.org/).

Forwarding this e-mail to others you know, or suggestions for other forums
to publish this job, would be greatly appreciated.

Please respond in private e-mail to me (amos.shap...@gmail.com), more
details will be provided to relevant responses.

Thanks.

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Extending R.E. Syntax

[Amos Shapira]

The sages of Linux has a saying "Talk is cheap, show me the code".

https://en.wikiquote.org/wiki/Linus_Torvalds#2000-04


On 21 July 2015 at 15:22, Omer Zak  wrote:

> The ancient sages of Israel have a saying "סוף מעשה - במחשבה תחילה",
> meaning that the end of a project is as planned in the beginning.
>
> In our case it means some discussion and feedback about proposed
> features and their use cases, before one plunges into implementing them.
>
> On Tue, 2015-07-21 at 06:38 +0300, Shachar Shemesh wrote:
> > On 20/07/15 21:46, Omer Zak wrote:
> >
> > > Instead of, it would have been better to
> > Good job! Where can I download your patch?
> >
> > Shachar
>
> --
> There is no IGLU Cabal because
> My own blog is at http://www.zak.co.il/tddpirate/
>
> My opinions, as expressed in this E-mail message, are mine alone.
> They do not represent the official policy of any organization with which
> I may be affiliated in any way.
> WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Eliminating binary from a text file

[Amos Shapira]

Then how about:

"grep -v -P -a '\x00' file"?

Based on http://superuser.com/a/612336/27453. Explantion of the flags:

-v - inverse - print NON-matching lines
-P - use Perl regexp
-a - force treating the file as a text file

On 21 July 2015 at 13:39, Shachar Shemesh  wrote:

>  On 21/07/15 00:22, Boruch Baum wrote:
>
> I see that I'm late to the discussion and that your original problem has
> morphed a bit. Maybe the simplest and oldest solution is the `tr -d'
> command. See `man tr'.
>
>
>  Read the original question again. She needs to eliminate the entire line
> where a corruption happened, not just the corrupt bytes themselves.
>
> Shachar
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Eliminating binary from a text file

[Amos Shapira]

+1 for "tr -d '\0' < file > newfile", based on the updated description.
But "prevention is better than a cure" - find a way to avoid this in the
first place.

On 21 July 2015 at 07:22, Boruch Baum  wrote:

> I see that I'm late to the discussion and that your original problem has
> morphed a bit. Maybe the simplest and oldest solution is the `tr -d'
> command. See `man tr'.
>
> On 07/20/2015 04:56 AM, Orna Agmon Ben-Yehuda wrote:
> > Hello everyone,
> >
> > I often have damaged text files (due to a lovely storage system). The
> files
> > are of different formats, although I can usually assume they contain
> > spaces. The files are structured as lines.
> >
> > Every once in a while, the lovely destruction (ahmstorage) system
> > inserts binary garbage to the file. I wish to fix the files by removing
> the
> > cancer without leaving any leftovers. That is, I want to lose partial
> lines.
> >
> > I tried using grep with all sorts of keys, but it did not do the trick.
> > strings catches too little - it leaves partial lines.
> > Is there an elegant  way to  do the trick line-wise?
> >
> > Thanks
> > Orna
> >
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
>
>
> --
> hkp://keys.gnupg.net
> CA45 09B5 5351 7C11 A9D1  7286 0036 9E45 1595 8BC0
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Fwd: [SLUG] Fwd: 8TiB HDD, 10^14 bit error rate, approaching certainty of error for each "drive of data" read

[Amos Shapira]

Interesting thread about ZFS and large disks bit-rot...

-- Forwarded message --
From: Zenaan Harkness 
Date: 10 June 2015 at 11:52
Subject: [SLUG] Fwd: 8TiB HDD, 10^14 bit error rate, approaching certainty
of error for each "drive of data" read
To: s...@slug.org.au


FYI

-- Forwarded message --
From: Zenaan Harkness
Date: Wed, 10 Jun 2015 11:50:48 +1000
Subject: 8TiB HDD, 10^14 bit error rate, approaching certainty of
error for each "drive of data" read
To: d-community-offto...@lists.alioth.debian.org

Seems ZFS' and BTRFS' time has come. ZFS on Linux (ZFSoL) seems more
stable to me, and has 10 years of deployment under its belt too.

Any news on Debian GNU/Linux distributing ZFSoL? We see ZFS on Debian
GNU/kFreeBSD being distributed by Debian...

FYI
Zenaan


-- Forwarded message --
From: Zenaan Harkness
Date: Tue, 26 May 2015 20:31:41 +1000
Subject: Re: Thank Ramen for ddrescue!!!

On 5/25/15, Michael wrote:
> The LVM volumes on the external drives are ok.

Reminds me, also that I've been reading heaps about zfs over the last
couple days, HDD error rates are close to biting us with current gen
filesystems (like ext4). Armour plate your arse with some ZFS- or
possibly the less battle tested BTRFS- armour.

At one URE (UnRecoverable Errors) rate in 10^14 bits read from a drive
(most consumer drives are 10^14 - one advertises 2^15, and enterprise
drives are usually 2^16), we're talking 1 bit flip, on average, in
10^14 bits read, whilst:

8TiB drive =
8 * 1024^4 * 8bits =
70368744177664 bits

So if we read each bit once, say in a mirror recovery/ disk rebuild
situation, where that mirror disk has failed and a new one has been
connected and refilled with the data of the sole surviving disk, there
is an (8 * 1024^4 * 8) / 10^14, or ~70% chance that that "whole disk
read" (of the "good" disk) will itself produce an unrecoverable
bit-flip error, and so if you're using RAID hardware, you're now
officially rooted - you can't rebuild your mirror (RAID1) disk array.

Now think about a 4-disk (8TiB disks) RAID5 array (one parity disk),
and it's as good as an absolute certainty that when (not if) one disk
fails in that array, you will simply never recover/ rebuild the array,
due to one of the remaining disks producing its own error - and at the
point the first drive fails, the remaining drives are quite likely
closer to failure anyway...

Concerning stuff for data junkies like myself.

Thus RAID6, RAID7, or better yet the ZFS solutions to this problem -
RAIDZ2 and RAIDZ3 - where you have 2 or 3 parity disks respectively
and funky ZFS magic built in (disk scrubbing, hot spare disks and
more, all on commodity consumer disks and dumb controllers), where
-any- 2 (or 3) disks in your "raid" set can fail, and the set can
still rebuild itself - or if it's just sectors failing (random bit
flips), ZFS will automatically detect and repair those sectors with
bit flips, and warn you in the logs that this is happening - and it
will otherwise keep using a drive that's on the way out until you
replace it.

See here to wake us all up:
http://www.zdnet.com/article/why-raid-6-stops-working-in-2019/

http://arstechnica.com/information-technology/2014/01/bitrot-and-atomic-cows-inside-next-gen-filesystems/1/

(That second article slags ZFS with (what seems to me as) a claim that
ZFS COW (copy on write) functionality is per-file, not per-block,
which AIUI is total bollocks - ZFS most certainly is a per-block COW
filesystem, not per-file, but that's just a reflection of the bold
assumptions and lack of fact checking of that article's author -
otherwise I think the article is useful!)

Z

-- Forwarded message --
From: Zenaan Harkness
Date: Tue, 26 May 2015 22:34:50 +1000
Subject: Re: Thank Ramen for ddrescue!!!

> On 26 May 2015 12:31, "Zenaan Harkness" wrote:
>> Reminds me, also that I've been reading heaps about zfs over the last
>> couple days, HDD error rates are close to biting us with current gen
>> filesystems (like ext4). Armour plate your arse with some ZFS- or
>> possibly the less battle tested BTRFS- armour.
>>
>> At one URE (UnRecoverable Errors) rate in 10^14 bits read from a drive
>> (most consumer drives are 10^14 - one advertises 2^15, and enterprise
>> drives are usually 2^16), we're talking 1 bit flip, on average, in
>> 10^14 bits read, whilst:
>>
>
> Base 10 or base 2? It's an order of magnitude of difference here, or one
> thousand more errors, so kinda a big deal...

Base 10. And the difference is much more than an order of magnitude:
2^14 = 16384
10^14 = 100

Unless I'm not understanding what you're asking...

For current HDDs:
10^15 URE rate means an order of magnitude less likely to have a problem.
10^16, one O better again.

The problem is, 10^14, with a 10T drive, is now at certainty - you are
all but guaranteed an random unrecoverable read error on that drive,
every time you read it - or rather, everytime you read a drives worth
of data o

Re: New Qemu and VirtualBox docs for Linux

[Amos Shapira]

Hi Steve,

I only read the first articles you sent a few weeks ago and they were
pretty good. Well done.

In relation to the latest installments - I'd like to suggest looking at
Vagrant and Packer too. I find that configuring everything in a text file
(basically, a Ruby script) is an extremely powerful way to document
repeatable and automated steps.

Cheers,

--Amos

On 24 May 2015 at 08:31, Steve Litt  wrote:

> Hi all,
>
> As part of my DIY Linux push, I've completed documents on running and
> modifying Linux distros on Qemu and VirtualBox. There are many
> advantages, including convenience and speed (on hardware with hardware
> VM assist), and not collecting a vast pile of labeled hard disks for
> the various experiments.
>
> Here are the articles:
>
> * http://troubleshooters.com/linux/diy/virtualbox.htm
>
> * http://troubleshooters.com/linux/diy/qemu.htm
>
> I hope you enjoy them.
>
> SteveT
>
> Steve Litt
> May 2015 featured book: Quit Joblessness: Start Your Own Business
> http://www.troubleshooters.com/startbiz
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Linux Kernel 4.0 is Out + Debian Jessie Planned Upcoming Release

[Amos Shapira]

On 15 April 2015 at 22:29, E.S. Rosenberg  wrote:

> 2015-04-15 14:49 GMT+03:00 Shlomi Fish :
> > “May you live in interesting times.”
> Thanks, you too and all of us.
>

Actually in the English context it's considered a curse (even though the
myth that it's originally a Chinese curse is unsubstantiated).
https://en.wikipedia.org/wiki/May_you_live_in_interesting_times

"Break a leg" is a wish for good luck, though :)

Go figure...

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: formatting a disk for a home NAS

[Amos Shapira]

If all you want is for this server to be there and not have to worry about
it then I'd recommend ext4.

Put the data and the OS on separate disks if you can.

Many years ago (over ten years), I used ReiserFS for my desktop. It worked
great and didn't have the limitations of the other fs's of the time
(ext2/ext3).
Until one day I tried to shrink it to make room for another distro. BIG
mistake. The tools weren't mature and I lost all my data.

*MY* take-away from this - stick to mainstream if you want things to "just
work", and without knowing more about your context I'd expect 99% that ext4
will do just fine for the job.

Good luck,

--Amos

On 14 April 2015 at 17:17, E.S. Rosenberg  wrote:

> Of course you're going to reformat, after all the technicalities of
> the local fs will be hidden from the clients by nfs/smb/(web)dav.
>
> As far as which FS goes, ext4 is a safe bet, it seems the big server
> players are recently opting for XFS.
>
> And if you feel adventurous and want the power of ZFS that is also an
> option these days or if you want something similar btrfs is also
> pretty good these days (my phone uses it for it's main storage and I
> have no complaints).
>
> HTH,
> Eliyahu - אליהו
>
> 2015-04-14 6:44 GMT+03:00 Shlomo Solomon :
> > I'm setting up a home NAS - Raspberry PI2, Raspbian, Samba, external
> > disk. It's meant to serve files to a mixed network - Linux, Windows and
> > Android devices. The new disk comes formatted as NTFS. My "gut" tells
> > me to re-format as EXT4 - any comments or suggestions?
> >
> > Additional info: The files will be a mix of music, video and office
> > files. I will also be backing up at least one of the Linux boxes on
> > this server, so there will also be a fair number of small files -
> > e-mail, config files, etc. In the past I used to prefer ReiserFS, but
> > over the years, I've gradually moved to EXT4 for new disks.
> >
> > --
> > Shlomo Solomon
> > http://the-solomons.net
> > Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

[Amos Shapira]

Please allow me to disagree,

I see top value in spending some time to learn to set it up automatically -
it'll pay itself in spades every time you have to update anything on that
server, let alone migrate or rebuild it.

Setting up a test environment with Vagrant, setting things up with Puppet
(or whatever else is your favourite poison), testing the changes with
Serverspec and friends shouldn't take more than a day of hacking, will make
you much more relaxed about maintaining this server, and give you fantastic
tools to use in your other work.

E.g. I'm hacking now on my own project and see the value of automatic tests
so as my code progresses, I can make sure I didn't break something which
worked before. Sure its a hassle to kickstart it but once it's up it's
invaluable.

On 14 April 2015 at 12:53, Shachar Shemesh  wrote:

> Yes. That's top advice IF you are working off someone elses money and/or
> paying for your own time.
>
> If, however, this is something done in your spare time, serving mostly you
> and being paid for out of your own pocket, the difference between 8€/mo and
> what you said becomes big.
>
> Shachar
> On Apr 14, 2015 3:02 AM, Amos Shapira  wrote:
>
> On 14 April 2015 at 02:34, Shachar Shemesh  wrote:
>
>> If I just reinstall the server (both time consuming and expensive, as I
>> need provision a temporary server to make a smooth transition), I'm still
>> going to be open to the same attack vector unless I do something.
>>
>
> Don't you have a DR plan?
> How about automating the server setup, so you can both test changes (ever
> heard of Vagrant?) and get it back to life without worrying about it?
>
> Remember - todays servers should be treated like cattle, not pets:
> http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg
>
> (from http://www.slideshare.net/gmccance/cern-data-centre-evolution,
> origin at
> http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story
> )
>
> --Amos
>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: I've been hacked, or not?

[Amos Shapira]

On 14 April 2015 at 02:34, Shachar Shemesh  wrote:

> If I just reinstall the server (both time consuming and expensive, as I
> need provision a temporary server to make a smooth transition), I'm still
> going to be open to the same attack vector unless I do something.
>

Don't you have a DR plan?
How about automating the server setup, so you can both test changes (ever
heard of Vagrant?) and get it back to life without worrying about it?

Remember - todays servers should be treated like cattle, not pets:
http://image.slidesharecdn.com/cerndatacentreevolution-sdcd2012-121119074533-phpapp02/95/cern-data-centre-evolution-17-638.jpg

(from http://www.slideshare.net/gmccance/cern-data-centre-evolution, origin
at
http://www.slideshare.net/randybias/pets-vs-cattle-the-elastic-cloud-story)

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Bezeq Ruter

[Amos Shapira]

I wonder - do you have to get the modem from Bezeq? Can't you buy anything
compatible on the free market?

On 13 April 2015 at 16:18, E.S. Rosenberg  wrote:

> In addition to the "fancy" (read crappy) wireless routers that Bezeq
> will always try to offer you to lease/buy/get/whatever the latest fad
> is, they also have simple modems.
> Really these are bridge routers with one ethernet port and one DSL
> port, also running Linux, you can use them as router and create a DMZ
> between your wireless router and the bridge, though I don't recommend
> that because then you:
> - can't just drop in a replacement when they break down
> - are relying on the bridges' firmware for security on your DMZ
>
> They have currently 2 models as far as I can tell:
> - (Rotal) RTA 1320+
> - D-Link DSL-25xx (newer, haven't seen very often)
>
> Bezeq does not like giving these devices out most likely because it
> prevents them from having a Bezeq_free network at your address, the
> last time I had to replace my modem they told me that they actually
> repair them and aren't making/buying new ones (which makes sense for
> the rta1320 which is old but supports up to 24M).
> The fact that they are repairing does seem to be starting to lead to
> failures happing more often recently...
> It also prevents them from trouble shooting your network since the
> most they will have access to is the bridge whereas they generally
> have remote access to the wireless-routers (you often don't even get
> full root/admin on the router).
>
> To me using these devices only has advantages:
> - cost less then the "fancy" modem/routers.
> - allows me full control over my network infrastructure.
> - no Bezeq network freeloading on my DSL connection
> - no Bezeq access to my home network
> - allows me to easily upgrade my wireless router if/when I want some
> newer technology/toy.
>
> BTW: It is of course also possible to use a Bezeq wireless router
> together with your own wireless router either in a DMZ like setup or
> even as a bridge (though that takes some real effort), but that seems
> like a major overkill and a waste of money.
>
> HTH,
> Eliyahu - אליהו
>
> 2015-04-12 23:15 GMT+03:00 Geoff Shang :
> > On Sun, 12 Apr 2015, E.S. Rosenberg wrote:
> >
> >> Personally I always insist on Bezeq giving me their simple modem and
> >> use a decent router of my choosing (obviously vetted for OpenWRT
> >> support and specs) for WiFi etc (the modem ends up being a bridge
> >> device about whose fw etc I don't care as much).
> >
> >
> > Ha!  I didn't know you could do this.  Typical that I find out 6 weeks
> > before I leave the country. :)
> >
> > for the benefit of anyone else who didn't know, please tel more.
> >
> > Geoff.
> >
> >
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Hebrew keyboard cups?

[Amos Shapira]

Not specifically Linux related but I hope members here can help me with
"antique" hardware question.

I just ordered a couple of MS ergonomic keyboards like this:
http://www.microsoft.com/hardware/en-au/p/natural-ergonomic-keyboard-4000
and now I'm looking to make them Hebrew friendly.

I had an OK experience with Hebrew stickers but looking for a more durable
solution. What I have in mind are those optional plastic keycups which used
to be available to put on top of the keys.

So far I haven't found them online. Does anyone know where can I get them?
(I live outside Israel but perhaps I can get friends/family to buy offline
and ship with someone I'm expecting to come over soon if that's the only
option).

Thanks.

Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Back to the Future with C++ and Seastar

[Amos Shapira]

Hi Nadav,

Will it be video taped?
Slides made available?

Thanks,

--Amos

On 2 April 2015 at 05:53, Nadav Har'El  wrote:

> On Wed, Apr 01, 2015, Oleg Goldshmidt wrote about "Re: Back to the Future
> with C++ and Seastar":
> > "Nadav Har'El"  writes:
> > > Seastar is an open source (http://www.seastar-project.org/) library.
> > > It is based on the concept of "futures" (like in Node.js, just
> implemented
> > > in a much more efficient way). Part of the talk will also introduce
> futures,
> > > how Seastar implements them in C++, and how much C++ has changed in
> recent
> > > years from what you may remember about it.
> >
> > I might come (close to work :). C++ has futures and promises natively,
> > as a part of its standard library. Can you add a couple of words on how
> > Seastar's futures differ?
>
> Sure, though I'm sure Avi will explain it better in his talk :-)
>
> The first difference is that C++11's support for futures is incomplete:
> Futures are supported, but not *continuations*, which are code you want
> to run when the future value becomes available. C++17 will probably have
> continuations, but Seastar has them now.
>
> The second difference is that C++11's futures are indeed powerful, but not
> optimized for performance. They make excessive use of allocations, they
> rely on threads and everything uses atomic operations and locks. Seastar's
> design, on the other hand, is aimed at modern SMP design, for achieving
> the top possible performance: Continuations are very lightweight (not
> based on thread context switching), you write with Seastar a share-nothing
> server (each core deals with its own data) so no locks, no atomic
> operations,
> and very little cache contention. These things make a *huge* difference
> in performance in modern SMPs - especially when you try to scale up to
> many cores.
>
> The third difference is that Seastar is much more than just an
> implementation of futures - it is a complete library for writing
> asynchronous I/O-heavy (network and disk) applications - consider http
> servers, proxies, nosql servers - any server application you can think of
> will be much faster if rewritten in Seastar (Avi will present some
> benchmarks, showing near perfect scalability to 40 cores, 5x speed
> improvements compared to traditional thought-to-be-efficient applications,
> etc. Seastar completely bypasses the operating system by using DPDK,
> but as you may know DPDK only supports L2 packets and has no TCP/IP stack.
> But that's no longer true: We actually implemented in Seastar a full
> TCP/IP stack over DPDK, write in Seastar's own futures framework.
>
> And Seastar is even more. I'll leave a few surprises for Avi's talk ;-)
>
> --
> Nadav Har'El| Wednesday, Apr 1 2015, 13 Nisan
> 5775
> n...@math.technion.ac.il
>  |-
> Phone +972-523-790466, ICQ 13349191 |My opinions may have changed, but
> not the
> http://nadav.harel.org.il   |fact that I am right.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Good design to expose debug info from kernel module

[Amos Shapira]

On 29 March 2015 at 08:14, Elazar Leibovich  wrote:

> 4) I really think nowadays text is a bit obsolete. I can hardly think of a
> case where text would be more convenient than, say, json or HTML. Web
> browser is at your fingertips, and HTML table is easier to handle than
> whitespace separated output based on your terminal size.
> eth0100 is just as grep'able as the tab
> separated version, and is easier to view, sort, etc.
>

By "text" I DID mean JSON. I think that using JSON should address all the
concerns above and keep the protocol future-proof. I didn't find
kernel-specific JSON parser implementations but suspect that it should be
possible to use any simple user-space C implementation.


>
> [0] https://github.com/elazarl/cpu_affinity/blob/master/tracecpu.d
> [1]
> https://github.com/elazarl/cpu_affinity/blob/master/test/linux/plot_ftrace_sched_switch.py
>
>
> On Sat, Mar 28, 2015 at 12:49 AM, Amos Shapira 
> wrote:
>
>> If serialisation (aka "marshalling") is considered, how about making it
>> text based?
>> Then you can use simple shell tools to talk to it.
>>
>>
>> On 27 March 2015 at 22:34, Elazar Leibovich  wrote:
>>
>>> IMHO, C structs are no way near as usable as proper serialization
>>> format. For example, what about optional fields? What about variable
>>> length array? What about binary backwards compatibility? What about
>>> supporting other languages? It's not trivial to take a C struct and
>>> generate the proper struct.unpack string for it.
>>>
>>> Look at the complexity in perf_event_open(2), just parsing the event
>>> stream takes a good chunk of code[0], with many potential bugs.
>>> Parsing it with protobuf (or one of the other serialization formats)
>>> would take three lines or so, would be more efficient, and would be
>>> easier to program against, and less prone to bugs, etc.
>>>
>>> [0] Here is my take, and it's not even complete
>>> https://gist.github.com/elazarl/c8404686e71ef0b36cc7
>>>
>>> On Fri, Mar 27, 2015 at 12:26 PM, guy keren 
>>> wrote:
>>> >
>>> > i imagine, if you use the proper 'packing' pragmas, you can simply
>>> mempcy
>>> > structures, without really writing serialization code (there's no
>>> endianess
>>> > issues, with both sides running on the same host, by definition).
>>> >
>>> > --guy
>>> >
>>> >
>>> > On 03/27/2015 10:03 AM, Elazar Leibovich wrote:
>>> >>
>>> >> Thanks, didn't know netlink.
>>> >>
>>> >> You still need a solution to parse the sent message, where protocol
>>> >> buffers etc, can help. (e.g., binary data into struct
>>> >> mymodule_request).
>>> >>
>>> >> Or am I missing something?
>>> >>
>>> >> On Fri, Mar 27, 2015 at 3:33 AM, guy keren 
>>> >> wrote:
>>> >>>
>>> >>>
>>> >>> take a look at this:
>>> >>>
>>> >>>
>>> >>>
>>> http://www.linuxfoundation.org/collaborate/workgroups/networking/generic_netlink_howto
>>> >>>
>>> >>> (link got broken - place it all on a single line)
>>> >>>
>>> >>> --guy
>>> >>>
>>> >>>
>>> >>> On 03/26/2015 11:36 PM, Elazar Leibovich wrote:
>>> >>>>
>>> >>>>
>>> >>>> Hi,
>>> >>>>
>>> >>>> I'm writing a kernel module, and I want to expose some debug
>>> >>>> information about it.
>>> >>>>
>>> >>>> The debug information is often of the form of request-response.
>>> >>>>
>>> >>>> For example:
>>> >>>>
>>> >>>> - Hey module, what's up with data at 0xe8ff0040c000?
>>> >>>> - Cached, populated two hours ago.
>>> >>>>
>>> >>>> - Hey module, please invalidate data at 0xe8ff0002cb00
>>> >>>> - Sure thing.
>>> >>>>
>>> >>>> - Hey module, please record all accesses to 0xe8ff0006bbf0.
>>> >>>> - OK, ask me again for stats-5
>>> >>>> ...
>>> >>>> - Hey module, what's in stats-5?
>>> >>>> - So far, 41 accesses by 

Re: Good design to expose debug info from kernel module

[Amos Shapira]

If serialisation (aka "marshalling") is considered, how about making it
text based?
Then you can use simple shell tools to talk to it.


On 27 March 2015 at 22:34, Elazar Leibovich  wrote:

> IMHO, C structs are no way near as usable as proper serialization
> format. For example, what about optional fields? What about variable
> length array? What about binary backwards compatibility? What about
> supporting other languages? It's not trivial to take a C struct and
> generate the proper struct.unpack string for it.
>
> Look at the complexity in perf_event_open(2), just parsing the event
> stream takes a good chunk of code[0], with many potential bugs.
> Parsing it with protobuf (or one of the other serialization formats)
> would take three lines or so, would be more efficient, and would be
> easier to program against, and less prone to bugs, etc.
>
> [0] Here is my take, and it's not even complete
> https://gist.github.com/elazarl/c8404686e71ef0b36cc7
>
> On Fri, Mar 27, 2015 at 12:26 PM, guy keren 
> wrote:
> >
> > i imagine, if you use the proper 'packing' pragmas, you can simply mempcy
> > structures, without really writing serialization code (there's no
> endianess
> > issues, with both sides running on the same host, by definition).
> >
> > --guy
> >
> >
> > On 03/27/2015 10:03 AM, Elazar Leibovich wrote:
> >>
> >> Thanks, didn't know netlink.
> >>
> >> You still need a solution to parse the sent message, where protocol
> >> buffers etc, can help. (e.g., binary data into struct
> >> mymodule_request).
> >>
> >> Or am I missing something?
> >>
> >> On Fri, Mar 27, 2015 at 3:33 AM, guy keren 
> >> wrote:
> >>>
> >>>
> >>> take a look at this:
> >>>
> >>>
> >>>
> http://www.linuxfoundation.org/collaborate/workgroups/networking/generic_netlink_howto
> >>>
> >>> (link got broken - place it all on a single line)
> >>>
> >>> --guy
> >>>
> >>>
> >>> On 03/26/2015 11:36 PM, Elazar Leibovich wrote:
> 
> 
>  Hi,
> 
>  I'm writing a kernel module, and I want to expose some debug
>  information about it.
> 
>  The debug information is often of the form of request-response.
> 
>  For example:
> 
>  - Hey module, what's up with data at 0xe8ff0040c000?
>  - Cached, populated two hours ago.
> 
>  - Hey module, please invalidate data at 0xe8ff0002cb00
>  - Sure thing.
> 
>  - Hey module, please record all accesses to 0xe8ff0006bbf0.
>  - OK, ask me again for stats-5
>  ...
>  - Hey module, what's in stats-5?
>  - So far, 41 accesses by 22 users.
> 
>  Now, the question is, what is a good design to expose this
> information.
> 
>  I think that the most reasonable way to interact with userspace is
>  through a debugfs file.
> 
>  The user would open the debugfs file in read+write mode, would write a
>  request, and accept a response from it.
> 
>  As I see it, there are two fundamental problems needs to be solved:
> 
>  - Parsing the request from the client.
>  - Writing the response in a recognizeable format.
> 
>  A simple solution I first came up with, is to use a ad-hoc
>  request-response format. In my case, request and response are line
>  delimited, request is a hex address, and response is a translated hex
>  address.
> 
>  Here is the relevant snippet.
> 
>  struct pipe {
>   DECLARE_KFIFO(fifo, T, (1<<4));
>   wait_queue_head_t queue;
>   char buf[100];
>   int buflen;
>   char resp[100];
>   int resp_len;
>  };
>  static DEFINE_MUTEX(mutex);
>  static int open(struct inode *inode, struct file *file)
>  {
>    struct pipe *pipe;
>    if (!(file->f_mode & FMODE_READ) || !(file->f_mode &
> FMODE_READ))
>  {
>    pr_warn("must open with O_RDWR\n");
>    return -EINVAL;
>    }
>    mutex_lock(&mutex);
>    pipe = kzalloc(sizeof(*pipe), GFP_KERNEL);
>    INIT_KFIFO(pipe->fifo);
>    init_waitqueue_head(&pipe->queue);
>    file->private = pipe;
>  }
> 
>  static int write(struct file *file, const char __user *ubuf, size_t
>  count, loff_t *ppos)
>  {
>    char *eol;
>    size_t n = min_t(size_t, count, sizeof(pipe->buf));
>    struct pipe *pipe = file->private_data;
>    if (copy_from_user(&pipe->buf[pipe->buflen], ubuf, n)
>    return -EFAULT;
>    eol = memchr(buf, '\n', n);
>    if (eol == NULL)
>    return count;
>    *eol = '\0';
>    // TODO: wait when queue full
>    if (!kfifo_in(&pipe->fifo, processLine(buf), 1)
>    return -EFAULT;
>    wake_up_interruptible(&pipe->queue);
>    memmove(&pipe->buf[0], &pipe->buf[n], pipe->buflen-n);
>  }
> 
>  static int read(struct file *file, const char __user

Re: HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

[Amos Shapira]

On 24 March 2015 at 01:57, Lev Olshvang  wrote:

>  Hi Amos,
>
>
>
> I managed to persuade our sysadmin to give me permission in AD DNS server
> and I put there PTR record.
>

It should be part of his job - otherwise the PTR records will keep getting
out of sync with the A/ records.


>
>
> The question is whether it is possible to confugre nsswitch, or dnsmasq,
> nscd  or other resolver from doing reverse lookup.
>

Not that I'm aware - what do you expect it to do when the client asks to
resolve an IP address? Aways fail?


>
>
> *From:* Amos Shapira [mailto:amos.shap...@gmail.com]
> *Sent:* Monday, March 23, 2015 12:50 PM
> *To:* Lev Olshvang
> *Cc:* linux-il
> *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
> (record of PTR type)?
>
>
>
> OK, I think I understand you now.
>
>
>
> Let's take a step back for a moment - you say that the client fails to
> resolve IP address back to hostnames and that causes you problems?
>
>
>
> How about configuring your DNS server to provide the right PTR records?
>
>
>
> --Amos
>
>
>
> On 23 March 2015 at 19:13, Lev Olshvang  wrote:
>
>  Hi Amos,
>
>
>
> Perhaps I was not clear enough.
>
> Yes, I  want to prevent client from revert lookup.
>
> The client is not my application, It is part of Linux installation in some
> docs named DNS resolver.
>
> It is configured in /etc/nsswitch.conf and then control flow of
> gethostbyname() does IP lookup and reverse lookup
>
>
>
>
>
> But back to my question – I see in sniffer  DNS query for type A record
> issued  and then DNS query for PTR record ( reverse lookup)
>
> And I want to know if there is a way to configure nsswitch to prevent
> reverse since I already get IP ith the peer.
>
>
>
> Hope now I explained the queston more thoroughly.
>
>
>
> L.
>
>
>
> *From:* Amos Shapira [mailto:amos.shap...@gmail.com]
> *Sent:* Sunday, March 22, 2015 10:08 PM
> *To:* Lev Olshvang
> *Cc:* linux-il
> *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
> (record of PTR type)?
>
>
>
> I'm not sure what you are trying to achieve here - PTR records and A
> records are completely separate entities living under different domains.
> Both of them should be maintained separately (there are probably tons of
> tools to keep them in sync if you like, but from DNS' perspective there is
> no relation between them).
>
>
>
> If you want to "prevent reverse lookup" then you should tell the client
> not to do this.
>
>
>
> On 22 March 2015 at 22:31, Lev Olshvang  wrote:
>
>  Hi Linuxers,
>
>
>
> I am jumping on today’s DNS thread,
>
>
>
> My Linux Debian  uses DNS service some Windows server.
>
>
>
> Linux resolver  gets back  IP address ( type A and AAA records), but fail
> to get back PTR record.
>
> ( I am observing DNS queries and failures with Wireshark)
>
>
>
> This  cause ldap to use address instead of  host name in  authentication
> realm and fail.
>
> When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
> name in the realm claim)
>
>
>
>
>
>
>
> I did not yet find a way to change nsswitch.conf to some resolver that
> prevents reverse lookup,
>
> Please give me some ideas if it is possible.
>
>
>
>
>
> Lev.
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
>
>
>
> --
>
> [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer>
>
>
>
>
>
> --
>
> [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer>
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

[Amos Shapira]

OK, I think I understand you now.

Let's take a step back for a moment - you say that the client fails to
resolve IP address back to hostnames and that causes you problems?

How about configuring your DNS server to provide the right PTR records?

--Amos

On 23 March 2015 at 19:13, Lev Olshvang  wrote:

>  Hi Amos,
>
>
>
> Perhaps I was not clear enough.
>
> Yes, I  want to prevent client from revert lookup.
>
> The client is not my application, It is part of Linux installation in some
> docs named DNS resolver.
>
> It is configured in /etc/nsswitch.conf and then control flow of
> gethostbyname() does IP lookup and reverse lookup
>
>
>
>
>
> But back to my question – I see in sniffer  DNS query for type A record
> issued  and then DNS query for PTR record ( reverse lookup)
>
> And I want to know if there is a way to configure nsswitch to prevent
> reverse since I already get IP ith the peer.
>
>
>
> Hope now I explained the queston more thoroughly.
>
>
>
> L.
>
>
>
> *From:* Amos Shapira [mailto:amos.shap...@gmail.com]
> *Sent:* Sunday, March 22, 2015 10:08 PM
> *To:* Lev Olshvang
> *Cc:* linux-il
> *Subject:* Re: HOW to prevent DNS resolver from going into revert lookup
> (record of PTR type)?
>
>
>
> I'm not sure what you are trying to achieve here - PTR records and A
> records are completely separate entities living under different domains.
> Both of them should be maintained separately (there are probably tons of
> tools to keep them in sync if you like, but from DNS' perspective there is
> no relation between them).
>
>
>
> If you want to "prevent reverse lookup" then you should tell the client
> not to do this.
>
>
>
> On 22 March 2015 at 22:31, Lev Olshvang  wrote:
>
>  Hi Linuxers,
>
>
>
> I am jumping on today’s DNS thread,
>
>
>
> My Linux Debian  uses DNS service some Windows server.
>
>
>
> Linux resolver  gets back  IP address ( type A and AAA records), but fail
> to get back PTR record.
>
> ( I am observing DNS queries and failures with Wireshark)
>
>
>
> This  cause ldap to use address instead of  host name in  authentication
> realm and fail.
>
> When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
> name in the realm claim)
>
>
>
>
>
>
>
> I did not yet find a way to change nsswitch.conf to some resolver that
> prevents reverse lookup,
>
> Please give me some ideas if it is possible.
>
>
>
>
>
> Lev.
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
>
>
>
> --
>
> [image: Image removed by sender.] <http://au.linkedin.com/in/gliderflyer>
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: HOW to prevent DNS resolver from going into revert lookup (record of PTR type)?

[Amos Shapira]

I'm not sure what you are trying to achieve here - PTR records and A
records are completely separate entities living under different domains.
Both of them should be maintained separately (there are probably tons of
tools to keep them in sync if you like, but from DNS' perspective there is
no relation between them).

If you want to "prevent reverse lookup" then you should tell the client not
to do this.

On 22 March 2015 at 22:31, Lev Olshvang  wrote:

>  Hi Linuxers,
>
>
>
> I am jumping on today’s DNS thread,
>
>
>
> My Linux Debian  uses DNS service some Windows server.
>
>
>
> Linux resolver  gets back  IP address ( type A and AAA records), but fail
> to get back PTR record.
>
> ( I am observing DNS queries and failures with Wireshark)
>
>
>
> This  cause ldap to use address instead of  host name in  authentication
> realm and fail.
>
> When I add address –hostname pairs in /etc/hosts,  ldap succeeds. (it uses
> name in the realm claim)
>
>
>
>
>
>
>
> I did not yet find a way to change nsswitch.conf to some resolver that
> prevents reverse lookup,
>
> Please give me some ideas if it is possible.
>
>
>
>
>
> Lev.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Server stopped DNS name resolution

[Amos Shapira]

"Google unicast public DNS servers"

s/unicast/anycast/, I keep forgetting that term.

On 22 March 2015 at 22:28, Amos Shapira  wrote:

> 1. Sounds like the ip's in your resolv.conf are wrong. Where does the
> server get them from? ip's 8.8.8.8 and 8.8.4.4 are the Google unicast
> public DNS servers. They are reliable but it's not optimal for a server to
> have to reach out to them on every query.
>
> 2. The ssh login is possibly slow because the ssh server is configured to
> try to reverse-resolve the incoming client ip address for logging. Look for
> "UseDNS" in your SERVER config (/etc/sshd_config). The default is usually
> "no" but perhaps in your case it's on.
>
> 3. Telnet is not a good indicator of reachability of DNS servers, DNS is
> UDP based and usually even the TCP port 53 is blocked because no one is
> supposed to have to access it. On the other hand, traceroute (yes, good old
> traceroute, as opposed to ping and tcptraceroute) uses UDP packets and you
> can tell it to use port 53 as destination so perhaps try that (again - pass
> "-n" flag to it to stop it from failing to reverse-resolve the ip address
> of each response).
>
> Good luck.
>
> On 22 March 2015 at 22:13, Gabor Szabo  wrote:
>
>> I tried that, and although I am not sure what should I look for in there
>> it seems to be claiming
>>
>> rt_sigsuspend([];; connection timed out; no servers could be reached
>>
>>
>> I tried to telnet 72.14.179.5 53  (one of the DNS servers) and that did
>> not got a response.
>>
>>
>> Anyway, Linode support told me to add this to the resolve.conf
>>
>> nameserver 8.8.8.8
>>
>> nameserver 8.8.4.4
>>
>> and that seemed to do the trick.
>>
>> Gabor
>>
>> On Sun, Mar 22, 2015 at 1:00 PM, guy keren 
>> wrote:
>>
>>>
>>> run this on the host:
>>>
>>> strace host www.google.com
>>>
>>> and scan the output.
>>>
>>> more efficient then guessing.
>>>
>>> --guy
>>>
>>> On 03/22/2015 12:50 PM, Gabor Szabo wrote:
>>>
>>>> Hi,
>>>>
>>>> I run an Ubuntu based VPS on Linode.
>>>> I few hours ago the machine stopped resolving hostnames.
>>>> I think it was after an "aptitude safe-upgrade" and a reboot, but I am
>>>> not sure. Maybe was like this earlier.
>>>>
>>>> It takes ages to ssh to it, once I got to the machine I can ping IP
>>>> addresses from it, but I cannot ping anything with a hostname.
>>>>
>>>> this is what I have in resolv.conf
>>>>
>>>> # cat /etc/resolv.conf
>>>>
>>>> domain members.linode.com <http://members.linode.com>
>>>>
>>>> search members.linode.com <http://members.linode.com>
>>>>
>>>> nameserver 72.14.179.5
>>>>
>>>> nameserver 72.14.188.5
>>>>
>>>> options rotate
>>>>
>>>>
>>>> I tried to replace the nameservers with others that are listed in
>>>> another of my servers, but that did not make a change.
>>>>
>>>> How can I track down what has the server stopped resolving hostnames?
>>>>
>>>> Accessing the server via HTTP work as expected.
>>>>
>>>> Gabor
>>>>
>>>>
>>>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
> <http://au.linkedin.com/in/gliderflyer>
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Server stopped DNS name resolution

[Amos Shapira]

1. Sounds like the ip's in your resolv.conf are wrong. Where does the
server get them from? ip's 8.8.8.8 and 8.8.4.4 are the Google unicast
public DNS servers. They are reliable but it's not optimal for a server to
have to reach out to them on every query.

2. The ssh login is possibly slow because the ssh server is configured to
try to reverse-resolve the incoming client ip address for logging. Look for
"UseDNS" in your SERVER config (/etc/sshd_config). The default is usually
"no" but perhaps in your case it's on.

3. Telnet is not a good indicator of reachability of DNS servers, DNS is
UDP based and usually even the TCP port 53 is blocked because no one is
supposed to have to access it. On the other hand, traceroute (yes, good old
traceroute, as opposed to ping and tcptraceroute) uses UDP packets and you
can tell it to use port 53 as destination so perhaps try that (again - pass
"-n" flag to it to stop it from failing to reverse-resolve the ip address
of each response).

Good luck.

On 22 March 2015 at 22:13, Gabor Szabo  wrote:

> I tried that, and although I am not sure what should I look for in there
> it seems to be claiming
>
> rt_sigsuspend([];; connection timed out; no servers could be reached
>
>
> I tried to telnet 72.14.179.5 53  (one of the DNS servers) and that did
> not got a response.
>
>
> Anyway, Linode support told me to add this to the resolve.conf
>
> nameserver 8.8.8.8
>
> nameserver 8.8.4.4
>
> and that seemed to do the trick.
>
> Gabor
>
> On Sun, Mar 22, 2015 at 1:00 PM, guy keren 
> wrote:
>
>>
>> run this on the host:
>>
>> strace host www.google.com
>>
>> and scan the output.
>>
>> more efficient then guessing.
>>
>> --guy
>>
>> On 03/22/2015 12:50 PM, Gabor Szabo wrote:
>>
>>> Hi,
>>>
>>> I run an Ubuntu based VPS on Linode.
>>> I few hours ago the machine stopped resolving hostnames.
>>> I think it was after an "aptitude safe-upgrade" and a reboot, but I am
>>> not sure. Maybe was like this earlier.
>>>
>>> It takes ages to ssh to it, once I got to the machine I can ping IP
>>> addresses from it, but I cannot ping anything with a hostname.
>>>
>>> this is what I have in resolv.conf
>>>
>>> # cat /etc/resolv.conf
>>>
>>> domain members.linode.com 
>>>
>>> search members.linode.com 
>>>
>>> nameserver 72.14.179.5
>>>
>>> nameserver 72.14.188.5
>>>
>>> options rotate
>>>
>>>
>>> I tried to replace the nameservers with others that are listed in
>>> another of my servers, but that did not make a change.
>>>
>>> How can I track down what has the server stopped resolving hostnames?
>>>
>>> Accessing the server via HTTP work as expected.
>>>
>>> Gabor
>>>
>>>
>>>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Something is injecting malware into my HTTP traffic

[Amos Shapira]

So there might be your answer - I guess "nv" stands for "netvision" - give
them the URL and ask them to clear the cache for it.

On 22 March 2015 at 05:56, Michael Tewner  wrote:

> I'm seeing the same thing, that is, the downloaded files start to differ
> at byte #4101
>
>- The HTTPS version downloaded quite fast on my 5Mbps connection. The
>HTTP one is taking forever, quite literally; it's "stalled"
>- I've tried adding "Cache-Control: no-cache" and "Pragma: no-cache",
>but still getting the alternate file.
>
> tcptraceroute shows that the HTTP is most probably being cached; First
> using HTTP, then using HTTPS:
>
> MacBook-Air:tmp $ tcptraceroute nodejs.org 80
> Selected device en0, address 192.168.1.107, port 57585 for outgoing packets
> Tracing the path to nodejs.org (165.225.133.150) on TCP port 80 (http),
> 30 hops max
>  1  192.168.1.1  4.144 ms  1.739 ms  1.139 ms
>  2  lo10.cab2.hfa.nv.net.il (212.143.205.233)  15.141 ms  12.162 ms
>  11.659 ms
>  3  core1-cab1-hfa.hfa.nv.net.il (212.143.207.16)  15.204 ms  13.932 ms
>  12.857 ms
>  4  gw2-0-2-0-1-core1.hfa.nv.net.il (212.143.7.25)  11.599 ms  12.655 ms
>  16.048 ms
>  5  165.225.133.150 [open]  157.406 ms  157.195 ms  168.028 ms
>
> MacBook-Air:tmp $ tcptraceroute nodejs.org 443
> Selected device en0, address 192.168.1.107, port 57586 for outgoing packets
> Tracing the path to nodejs.org (165.225.133.150) on TCP port 443 (https),
> 30 hops max
>  1  192.168.1.1  3.398 ms  1.755 ms  1.230 ms
>  2  lo10.cab2.hfa.nv.net.il (212.143.205.233)  11.704 ms  16.318 ms
>  11.138 ms
>  3  core1-cab1-hfa.hfa.nv.net.il (212.143.207.16)  14.981 ms  13.580 ms
>  17.064 ms
>  4  gw2-0-3-0-0-core1.hfa.nv.net.il (212.143.7.53)  12.450 ms  14.393 ms
>  10.653 ms
>  5  10.10.40.1  12.454 ms  18.778 ms  14.951 ms
>  6  gw2-fra-0-3-0-3-200-gw2.hfa.nv.net.il (212.143.12.12)  67.772 ms
>  68.099 ms  110.025 ms
>  7  10.10.70.1  70.582 ms  76.711 ms  66.120 ms
>  8  xe-4-3-2-302.fra23.ip4.gtt.net (77.67.94.5)  67.824 ms  66.694 ms
>  97.753 ms
>  9  xe-1-2-3.was14.ip4.gtt.net (89.149.180.198)  154.917 ms  167.244 ms
>  168.940 ms
> 10  internap-gw.ip4.gtt.net (77.67.69.254)  164.903 ms  175.436 ms
>  158.257 ms
> 11  border10.pc2-bbnet2.wdc002.pnap.net (216.52.127.73)  156.724 ms
>  153.793 ms  164.227 ms
> 12  joyent-3.border10.wdc002.pnap.net (64.94.31.202)  166.082 ms  163.434
> ms  163.415 ms
> 13  165.225.143.105  163.860 ms  169.177 ms  154.384 ms
> 14  165.225.143.15  178.280 ms  152.575 ms  159.958 ms
> 15  165.225.133.150 [open]  157.337 ms  162.811 ms  164.262 ms
>
>
>
> On Sat, Mar 21, 2015 at 7:48 PM, E.S. Rosenberg 
> wrote:
>
>> Depending on the version of windows and it's network environment you
>> freshly installed rootkits could be likely, but that is OT here.
>>
>> Note that different ISP in Israel is a fairly relative statement since
>> there are basically just a few major players who own a bunch of the smaller
>> ISPs and could have caching proxies on their international lines...
>>
>> Did you traceroute the connection both from working and non-working
>> settings?
>>
>> Regards,
>> Eliyahu - אליהו
>>
>> 2015-03-21 8:30 GMT+02:00 Amos Shapira :
>>
>>> Just speculating, but could it be that your ISP uses a caching
>>> transparent proxy (which would explain why it doesn't happen on SSL) and
>>> its cache got corrupted?
>>> The "other ISP" case could be explained if it's actually
>>> upstream/downstream from your ISP, or they share a proxy cache for other
>>> reasons.
>>>
>>>
>>> On 21 March 2015 at 04:07, Roman Ovseitsev  wrote:
>>>
>>>> Please forgive the slight off-topic, but I am experiencing a rather
>>>> strange issue while downloading a certain file over HTTP.
>>>>
>>>> Instead of getting node.js installer as expected from here
>>>> http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi I am receiving a
>>>> completely different executable - an installer for Elcomsoft's Advanced EFS
>>>> Password Recovery whatever that is.
>>>>
>>>> Both files are exactly the same size but SHA sums obviously don't match.
>>>>
>>>> SSL version of the link -
>>>> https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi works as
>>>> expected. i.e. downloads the correct node.js installer.
>>>>
>>>>
>>>> I have verified this on three different machines running Fedora,
>>>> CentOS, and Windows. None of these 

Re: Something is injecting malware into my HTTP traffic

[Amos Shapira]

Just speculating, but could it be that your ISP uses a caching transparent
proxy (which would explain why it doesn't happen on SSL) and its cache got
corrupted?
The "other ISP" case could be explained if it's actually
upstream/downstream from your ISP, or they share a proxy cache for other
reasons.


On 21 March 2015 at 04:07, Roman Ovseitsev  wrote:

> Please forgive the slight off-topic, but I am experiencing a rather
> strange issue while downloading a certain file over HTTP.
>
> Instead of getting node.js installer as expected from here
> http://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi I am receiving a
> completely different executable - an installer for Elcomsoft's Advanced EFS
> Password Recovery whatever that is.
>
> Both files are exactly the same size but SHA sums obviously don't match.
>
> SSL version of the link -
> https://nodejs.org/dist/v0.12.0/node-v0.12.0-x86.msi works as expected.
> i.e. downloads the correct node.js installer.
>
>
> I have verified this on three different machines running Fedora, CentOS,
> and Windows. None of these machines ever exchanged any files or used
> anything else but the default repos. In fact the windows machine is a 13
> years old pc with a freshly installed OS. So presumably that dismisses any
> possibility of rootkits.
>
> It doesn't seems to be due to my router or ISP either. I am getting the
> wrong executable on two of my neighbours' Wi-Fi networks and at least one
> of them seems to be using a different ISP.
> However it doesn't happen on another Israeli nor a couple of US and UK
> servers I've tried so far.
> I am not using any proxies either.
>
> nodejs.org domain on all of the above resolves to the same IP.
>
>
> What's going on?
> Could be that the ISPs are the culprit?
>
> Considering that the application is relatively popular and I am the only
> one experiencing this issue it doesn't seem to be the case of nodejs.org
> server doing this on purpose (knowingly or not).
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: Biometric ID

[Amos Shapira]

BTW this anecdote might interest Yonathan Klinger and other anti-bio-id
activists since it could be pointing a fatal flaw in the system.
On 15 Mar 2015 9:26 pm, "Gabor Szabo"  wrote:

> A few weeks ago I asked to get a biometric ID. They took my finger prints
> and asked all kinds of funny questions to make sure its me.
> Today I went to pick up my new ID and their system could not recognize my
> finger prints.
>
> I got a bit nervous, but they calmed me down that I have nothing to worry
> because the finger prints are only for the Interior Ministry and they are
> sure the one in the system matches the one on my finger and that I will
> only need it when dealing with Interior Ministry and they will mark in the
> system that the fingerprints did not match when I received the ID.
>
> So apparently they have a field in the database for this information.
>
> They offered to order a new biometric card - claiming that the problem is
> only in the card,
> but they can only do that if first they give the broken one to me.
>
> So I'd have a card that can identify me "without any doubt", except that
> the fingerprint in it cannot be matched to mine.
>
> I asked if I could get a new non-biometric ID, but I was told I cannot any
> more. Once I signed up for biometric ID, I cannot go back.
>
> Madness.
>
> Gabor
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: Biometric ID

[Amos Shapira]

"mv Israel Chelm"

(ref for the uninitiated:
http://en.wikipedia.org/wiki/Jewish_humour#Che.C5.82m)
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Thanks both of you for your input.
Yes I'm aware of the caveats (luckily I get to play with AWS, and AWS
automation, all day in my current job :) ).

Cheers,

--Amos

On 15 January 2015 at 21:17, Etzion Bar-Noy 
wrote:

> I believe that the time required for system start depends on the list of
> services. It could be shorted than two minutes, or longer. Depends.
>
> I used a condition - 'if' he can trim the image to startup in about 15
> seconds, it becomes feasible.
>
> Etzion
>
> On Thu, Jan 15, 2015 at 8:11 AM, Orna Agmon Ben-Yehuda  > wrote:
>
>> Hi Amos, Etzion,
>>
>> You are talking about 15 seconds for bringing up the machine, and about
>> shutting down the machine according to idleness detection. Last time I
>> checked (and maybe I am not up-to-date),
>> 1. It took about two minutes to bring up the machine.
>> 2. Amazon charged per full hour. That is, if you use the instance for 20
>> minutes, shut it down and then bring it up for 20 minutes, you pay for two
>> hours. So it might be beneficial to wait a bit, at least until the end of a
>> full hour.
>>
>> Orna
>>
>> On Thu, Jan 15, 2015 at 2:33 AM, Amos Shapira 
>> wrote:
>>
>>> Thanks Etzion.
>>>
>>> Yes you are on the same track as me.
>>>
>>> An unmapped Elastic IP will cost $3.65/month, which is a significant
>>> amount in comparison to the numbers I'm looking at skimming, so you are
>>> probably right about using a no-ip address.
>>>
>>> Finding the instance IP is a matter of a trivial "curl" call to the
>>> right URL, and no-ip can just use the current update requests source
>>> address automatically anyway.
>>>
>>> The next step would be to automatically identify idleness of the
>>> application for automatic shut down.
>>>
>>> Would people in the audience here see themselves using such a service
>>> (to fire up your server) if it was offered?
>>>
>>> --Amos
>>>
>>>
>>> On 15 January 2015 at 09:38, Etzion Bar-Noy 
>>> wrote:
>>>
>>>> Hi Amos.
>>>> It means you make use of an instance which is very quick to load.
>>>> Removing non-esential services, or postponing them to after Jira starts,
>>>> using a lightweight system, etc. If you can remove boot-time hogs, you can
>>>> reach a fast-booting system. A script using Amazon API will prepare it for
>>>> you.
>>>> I wouldn't use the elastic IP because of its price (I get the feeling
>>>> you seek something cheap). no-ip.com or other no-dns services could do
>>>> the trick, except that the VM in Amazon network is unaware of its external
>>>> IP (you might be able to query that using the API, BTW), and that it might
>>>> take a few minutes (one, maybe more) before you could connect to the
>>>> machine, because their update might no be immediate.
>>>> Other than that - seems fine.
>>>>
>>>> Etzion
>>>>
>>>> On Tue, Jan 13, 2015 at 12:28 PM, Amos Shapira 
>>>> wrote:
>>>>
>>>>> Etzion, just a question: "Amos 0 if you can customise your instance
>>>>> to be very very light," - what do you mean by that?
>>>>>
>>>>> Your description is close to what I have in mind.
>>>>>
>>>>> As for the changing IP address - this can be easily overcome using
>>>>> Elastic IP and/or no-ip.com and friends.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> --Amos
>>>>>
>>>>> On 13 January 2015 at 08:11, Etzion Bar-Noy 
>>>>> wrote:
>>>>>
>>>>>> Except that NUC costs about 700+ ILS (I have three. I know. This is
>>>>>> the Celeron version).
>>>>>> Amos 0 if you can customise your instance to be very very light, and
>>>>>> it can startup in about 15 seconds or so, it is acceptable to have it
>>>>>> on-demand. You can wrap it in a script (using AWS API and tools) to just
>>>>>> start it up. Since it will be about 15 seconds boot/startup time, you 
>>>>>> will
>>>>>> find that very economical, and very simple to achieve. In any case,
>>>>>> considering your requirements, this does seem to be the most simple and
>>>>>> easy solution. Note that your IP *will* change each time you start
>>>>>> your instance, so you

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Thanks Etzion.

Yes you are on the same track as me.

An unmapped Elastic IP will cost $3.65/month, which is a significant amount
in comparison to the numbers I'm looking at skimming, so you are probably
right about using a no-ip address.

Finding the instance IP is a matter of a trivial "curl" call to the right
URL, and no-ip can just use the current update requests source address
automatically anyway.

The next step would be to automatically identify idleness of the
application for automatic shut down.

Would people in the audience here see themselves using such a service (to
fire up your server) if it was offered?

--Amos


On 15 January 2015 at 09:38, Etzion Bar-Noy 
wrote:

> Hi Amos.
> It means you make use of an instance which is very quick to load. Removing
> non-esential services, or postponing them to after Jira starts, using a
> lightweight system, etc. If you can remove boot-time hogs, you can reach a
> fast-booting system. A script using Amazon API will prepare it for you.
> I wouldn't use the elastic IP because of its price (I get the feeling you
> seek something cheap). no-ip.com or other no-dns services could do the
> trick, except that the VM in Amazon network is unaware of its external IP
> (you might be able to query that using the API, BTW), and that it might
> take a few minutes (one, maybe more) before you could connect to the
> machine, because their update might no be immediate.
> Other than that - seems fine.
>
> Etzion
>
> On Tue, Jan 13, 2015 at 12:28 PM, Amos Shapira 
> wrote:
>
>> Etzion, just a question: "Amos 0 if you can customise your instance to
>> be very very light," - what do you mean by that?
>>
>> Your description is close to what I have in mind.
>>
>> As for the changing IP address - this can be easily overcome using
>> Elastic IP and/or no-ip.com and friends.
>>
>> Thanks,
>>
>> --Amos
>>
>> On 13 January 2015 at 08:11, Etzion Bar-Noy 
>> wrote:
>>
>>> Except that NUC costs about 700+ ILS (I have three. I know. This is the
>>> Celeron version).
>>> Amos 0 if you can customise your instance to be very very light, and it
>>> can startup in about 15 seconds or so, it is acceptable to have it
>>> on-demand. You can wrap it in a script (using AWS API and tools) to just
>>> start it up. Since it will be about 15 seconds boot/startup time, you will
>>> find that very economical, and very simple to achieve. In any case,
>>> considering your requirements, this does seem to be the most simple and
>>> easy solution. Note that your IP *will* change each time you start your
>>> instance, so your API interface should also tell you what's the IP address
>>> of the machine (or you could use some no-dns service, but it will probably
>>> be slower).
>>>
>>> Etzion
>>>
>>> On Mon, Jan 12, 2015 at 8:57 PM, E.S. Rosenberg <
>>> esr+linux...@g.jct.ac.il> wrote:
>>>
>>>> I don't know what type of load JIRA presents but for low load private
>>>> stuff a raspberrypi or something similar (for heavier but still fairly
>>>> 'light' stuff maybe an Intel NUC system or a mini-itx system) at home +
>>>> noip/dyndns or some other form of locating it by yourself can be more then
>>>> enough
>>>>
>>>> 2015-01-08 11:37 GMT+02:00 Amos Shapira :
>>>>
>>>>> I was thinking about running it on my own laptop, and perhaps I will.
>>>>>
>>>>> But that would mean leaving it on around the clock which I don't want
>>>>> to (I'm very conscious of power consumption, both economically and
>>>>> environmentally), and I don't carry it with me most of the time but would
>>>>> like to have access to my server from both my mobile and workplace.
>>>>>
>>>>> On 8 January 2015 at 19:59, Vitaly  wrote:
>>>>>
>>>>>> Amos,
>>>>>> IMHO, it's not technical, but more  "human" issue. For example, as
>>>>>> far as you decide that you need Jira every last day of month, you can
>>>>>> launch instance automatically.
>>>>>> But typically Jira usage is more random, so I don't think  there is
>>>>>> technical solution exist.
>>>>>> If you're the only Jira user, why don't run it from your own computer
>>>>>> for free?
>>>>>>
>>>>>> And, BTW, AWS reserved instances allow you to modify everything; plus
>>>>>> up

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Etzion, just a question: "Amos 0 if you can customise your instance to be
very very light," - what do you mean by that?

Your description is close to what I have in mind.

As for the changing IP address - this can be easily overcome using Elastic
IP and/or no-ip.com and friends.

Thanks,

--Amos

On 13 January 2015 at 08:11, Etzion Bar-Noy 
wrote:

> Except that NUC costs about 700+ ILS (I have three. I know. This is the
> Celeron version).
> Amos 0 if you can customise your instance to be very very light, and it
> can startup in about 15 seconds or so, it is acceptable to have it
> on-demand. You can wrap it in a script (using AWS API and tools) to just
> start it up. Since it will be about 15 seconds boot/startup time, you will
> find that very economical, and very simple to achieve. In any case,
> considering your requirements, this does seem to be the most simple and
> easy solution. Note that your IP *will* change each time you start your
> instance, so your API interface should also tell you what's the IP address
> of the machine (or you could use some no-dns service, but it will probably
> be slower).
>
> Etzion
>
> On Mon, Jan 12, 2015 at 8:57 PM, E.S. Rosenberg 
> wrote:
>
>> I don't know what type of load JIRA presents but for low load private
>> stuff a raspberrypi or something similar (for heavier but still fairly
>> 'light' stuff maybe an Intel NUC system or a mini-itx system) at home +
>> noip/dyndns or some other form of locating it by yourself can be more then
>> enough
>>
>> 2015-01-08 11:37 GMT+02:00 Amos Shapira :
>>
>>> I was thinking about running it on my own laptop, and perhaps I will.
>>>
>>> But that would mean leaving it on around the clock which I don't want to
>>> (I'm very conscious of power consumption, both economically and
>>> environmentally), and I don't carry it with me most of the time but would
>>> like to have access to my server from both my mobile and workplace.
>>>
>>> On 8 January 2015 at 19:59, Vitaly  wrote:
>>>
>>>> Amos,
>>>> IMHO, it's not technical, but more  "human" issue. For example, as far
>>>> as you decide that you need Jira every last day of month, you can launch
>>>> instance automatically.
>>>> But typically Jira usage is more random, so I don't think  there is
>>>> technical solution exist.
>>>> If you're the only Jira user, why don't run it from your own computer
>>>> for free?
>>>>
>>>> And, BTW, AWS reserved instances allow you to modify everything; plus
>>>> up-front pay isn't must anymore.
>>>>
>>>> regards,
>>>> Vitaly
>>>>
>>>> On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira 
>>>> wrote:
>>>>
>>>>> Yes I'm well aware of the RI option. It can save up to %70 for
>>>>> high-load (i.e. machines which are up 24/7), but much less saving compared
>>>>> to something that you can keep bringing up and down on demand.
>>>>> Also the up-front cost is not cheap, and commits you to that type of
>>>>> instance (as far as I remember, you can't buy switch or upgrade an RI 
>>>>> slot,
>>>>> what's paid is paid).
>>>>>
>>>>> On 8 January 2015 at 12:47, Aviram Jenik  wrote:
>>>>>
>>>>>> I'm not an AWS expert and would love to hear from those who are. But
>>>>>> we do have a few (dozen) instances on AWS.
>>>>>>
>>>>>> We have them running 24/7. I get that you could start and stop on
>>>>>> demand, but don't get how you would do that without changing the way you
>>>>>> work in a drastic way (compared to a physical machine). To save costs, 
>>>>>> buy
>>>>>> a 'reserved instance'. You are paying up front for 1-3 years (I 
>>>>>> recommend 3
>>>>>> years) and then paying a very very low cost per hour. If your load is 
>>>>>> low,
>>>>>> buy the 'low load' machine to save even more costs (but then you pay hire
>>>>>> fees if you cross the threshold). I don't know how this works well 
>>>>>> enough -
>>>>>> we always buy the 'high load' instance and buy them for 3 years; the 
>>>>>> total
>>>>>> average cost is equivalent to what we would have paid for the ho

Re: Skimping on AWS EC2 bills

[Amos Shapira]

I own a Solid-Run Cubox-i4Pro with a couple of GB of RAM and 4 ARMv7 cores
and run OpenELEC on it. I don't think that running Jira + Confluence (each
requiring its own JVM) is practical on this hardware, in parallel to the
other things I use it for.

On 13 January 2015 at 05:57, E.S. Rosenberg 
wrote:

> I don't know what type of load JIRA presents but for low load private
> stuff a raspberrypi or something similar (for heavier but still fairly
> 'light' stuff maybe an Intel NUC system or a mini-itx system) at home +
> noip/dyndns or some other form of locating it by yourself can be more then
> enough....
>
> 2015-01-08 11:37 GMT+02:00 Amos Shapira :
>
>> I was thinking about running it on my own laptop, and perhaps I will.
>>
>> But that would mean leaving it on around the clock which I don't want to
>> (I'm very conscious of power consumption, both economically and
>> environmentally), and I don't carry it with me most of the time but would
>> like to have access to my server from both my mobile and workplace.
>>
>> On 8 January 2015 at 19:59, Vitaly  wrote:
>>
>>> Amos,
>>> IMHO, it's not technical, but more  "human" issue. For example, as far
>>> as you decide that you need Jira every last day of month, you can launch
>>> instance automatically.
>>> But typically Jira usage is more random, so I don't think  there is
>>> technical solution exist.
>>> If you're the only Jira user, why don't run it from your own computer
>>> for free?
>>>
>>> And, BTW, AWS reserved instances allow you to modify everything; plus
>>> up-front pay isn't must anymore.
>>>
>>> regards,
>>> Vitaly
>>>
>>> On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira 
>>> wrote:
>>>
>>>> Yes I'm well aware of the RI option. It can save up to %70 for
>>>> high-load (i.e. machines which are up 24/7), but much less saving compared
>>>> to something that you can keep bringing up and down on demand.
>>>> Also the up-front cost is not cheap, and commits you to that type of
>>>> instance (as far as I remember, you can't buy switch or upgrade an RI slot,
>>>> what's paid is paid).
>>>>
>>>> On 8 January 2015 at 12:47, Aviram Jenik  wrote:
>>>>
>>>>> I'm not an AWS expert and would love to hear from those who are. But
>>>>> we do have a few (dozen) instances on AWS.
>>>>>
>>>>> We have them running 24/7. I get that you could start and stop on
>>>>> demand, but don't get how you would do that without changing the way you
>>>>> work in a drastic way (compared to a physical machine). To save costs, buy
>>>>> a 'reserved instance'. You are paying up front for 1-3 years (I recommend 
>>>>> 3
>>>>> years) and then paying a very very low cost per hour. If your load is low,
>>>>> buy the 'low load' machine to save even more costs (but then you pay hire
>>>>> fees if you cross the threshold). I don't know how this works well enough 
>>>>> -
>>>>> we always buy the 'high load' instance and buy them for 3 years; the total
>>>>> average cost is equivalent to what we would have paid for the hosting and
>>>>> so the hardware is "free".
>>>>>
>>>>>
>>>>> - Aviram
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira 
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Do people here keep EC2 instances running?
>>>>>> Do you leave it running 24/7 or do you fire them up when you need
>>>>>> them?
>>>>>>
>>>>>> I'd like to run my own EC2 instance running $10 Jira + $10 Confluence
>>>>>> (+$10 some extra useful add-ons) (to clarify - these are one-off $10 for
>>>>>> each product), but can't justify running a $30/month small EC2 (and 
>>>>>> perhaps
>>>>>> more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
>>>>>> hours a month if not less.
>>>>>>
>>>>>> But logging in to the console to fire it up (or through aws cli, or
>>>>>> using an Android based app) every time I want to access it also would be
>>>>>> inconvenient.
>>>>>>
>>>>>> So is there another way?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> --Amos
>>>>>>
>>>>>>
>>>>>> ___
>>>>>> Linux-il mailing list
>>>>>> Linux-il@cs.huji.ac.il
>>>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> <http://au.linkedin.com/in/gliderflyer>
>>>>
>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>>
>>>
>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Skimping on AWS EC2 bills

[Amos Shapira]

I was thinking about running it on my own laptop, and perhaps I will.

But that would mean leaving it on around the clock which I don't want to
(I'm very conscious of power consumption, both economically and
environmentally), and I don't carry it with me most of the time but would
like to have access to my server from both my mobile and workplace.

On 8 January 2015 at 19:59, Vitaly  wrote:

> Amos,
> IMHO, it's not technical, but more  "human" issue. For example, as far as
> you decide that you need Jira every last day of month, you can launch
> instance automatically.
> But typically Jira usage is more random, so I don't think  there is
> technical solution exist.
> If you're the only Jira user, why don't run it from your own computer for
> free?
>
> And, BTW, AWS reserved instances allow you to modify everything; plus
> up-front pay isn't must anymore.
>
> regards,
> Vitaly
>
> On Thu, Jan 8, 2015 at 4:40 AM, Amos Shapira 
> wrote:
>
>> Yes I'm well aware of the RI option. It can save up to %70 for high-load
>> (i.e. machines which are up 24/7), but much less saving compared to
>> something that you can keep bringing up and down on demand.
>> Also the up-front cost is not cheap, and commits you to that type of
>> instance (as far as I remember, you can't buy switch or upgrade an RI slot,
>> what's paid is paid).
>>
>> On 8 January 2015 at 12:47, Aviram Jenik  wrote:
>>
>>> I'm not an AWS expert and would love to hear from those who are. But we
>>> do have a few (dozen) instances on AWS.
>>>
>>> We have them running 24/7. I get that you could start and stop on
>>> demand, but don't get how you would do that without changing the way you
>>> work in a drastic way (compared to a physical machine). To save costs, buy
>>> a 'reserved instance'. You are paying up front for 1-3 years (I recommend 3
>>> years) and then paying a very very low cost per hour. If your load is low,
>>> buy the 'low load' machine to save even more costs (but then you pay hire
>>> fees if you cross the threshold). I don't know how this works well enough -
>>> we always buy the 'high load' instance and buy them for 3 years; the total
>>> average cost is equivalent to what we would have paid for the hosting and
>>> so the hardware is "free".
>>>
>>>
>>> - Aviram
>>>
>>>
>>>
>>> On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira 
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Do people here keep EC2 instances running?
>>>> Do you leave it running 24/7 or do you fire them up when you need them?
>>>>
>>>> I'd like to run my own EC2 instance running $10 Jira + $10 Confluence
>>>> (+$10 some extra useful add-ons) (to clarify - these are one-off $10 for
>>>> each product), but can't justify running a $30/month small EC2 (and perhaps
>>>> more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
>>>> hours a month if not less.
>>>>
>>>> But logging in to the console to fire it up (or through aws cli, or
>>>> using an Android based app) every time I want to access it also would be
>>>> inconvenient.
>>>>
>>>> So is there another way?
>>>>
>>>> Thanks,
>>>>
>>>> --Amos
>>>>
>>>>
>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>>
>>>
>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Skimping on AWS EC2 bills

[Amos Shapira]

Yes I'm well aware of the RI option. It can save up to %70 for high-load
(i.e. machines which are up 24/7), but much less saving compared to
something that you can keep bringing up and down on demand.
Also the up-front cost is not cheap, and commits you to that type of
instance (as far as I remember, you can't buy switch or upgrade an RI slot,
what's paid is paid).

On 8 January 2015 at 12:47, Aviram Jenik  wrote:

> I'm not an AWS expert and would love to hear from those who are. But we do
> have a few (dozen) instances on AWS.
>
> We have them running 24/7. I get that you could start and stop on demand,
> but don't get how you would do that without changing the way you work in a
> drastic way (compared to a physical machine). To save costs, buy a
> 'reserved instance'. You are paying up front for 1-3 years (I recommend 3
> years) and then paying a very very low cost per hour. If your load is low,
> buy the 'low load' machine to save even more costs (but then you pay hire
> fees if you cross the threshold). I don't know how this works well enough -
> we always buy the 'high load' instance and buy them for 3 years; the total
> average cost is equivalent to what we would have paid for the hosting and
> so the hardware is "free".
>
>
> - Aviram
>
>
>
> On Wed, Jan 7, 2015 at 7:33 PM, Amos Shapira 
> wrote:
>
>> Hi,
>>
>> Do people here keep EC2 instances running?
>> Do you leave it running 24/7 or do you fire them up when you need them?
>>
>> I'd like to run my own EC2 instance running $10 Jira + $10 Confluence
>> (+$10 some extra useful add-ons) (to clarify - these are one-off $10 for
>> each product), but can't justify running a $30/month small EC2 (and perhaps
>> more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
>> hours a month if not less.
>>
>> But logging in to the console to fire it up (or through aws cli, or using
>> an Android based app) every time I want to access it also would be
>> inconvenient.
>>
>> So is there another way?
>>
>> Thanks,
>>
>> --Amos
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Skimping on AWS EC2 bills

[Amos Shapira]

Hi,

Do people here keep EC2 instances running?
Do you leave it running 24/7 or do you fire them up when you need them?

I'd like to run my own EC2 instance running $10 Jira + $10 Confluence (+$10
some extra useful add-ons) (to clarify - these are one-off $10 for each
product), but can't justify running a $30/month small EC2 (and perhaps
more, Jira alone requires 1.5-2GB of RAM) just to be used at most a few
hours a month if not less.

But logging in to the console to fire it up (or through aws cli, or using
an Android based app) every time I want to access it also would be
inconvenient.

So is there another way?

Thanks,

--Amos
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Linux on Android related question

[Amos Shapira]

Just a few weeks ago I read (I think on DarkReading) that there are many
cheap phones which come with malware built in. I google'd for this when I
found this link:

http://researchcenter.paloaltonetworks.com/2014/12/coolreaper-revealed-backdoor-coolpad-android-devices/

Bottom line - avoid these devices, and if already got them then see whether
you can wipe them out completely and replace with an open ROM like
CyanogenMod (http://www.cyanogenmod.org/) or others
(http://www.needrom.com/category/coolpad/)

On 27 December 2014 at 00:54, David Harel  wrote:

> Greetings'
>
> I have an Android/Linux related question here. I hope I am not out of line
> in this request for help.
>
> My son purchased an Android phone in China (against my recommendation).
> It's a phone by Coolpad the module is 7620l
> Apparently the Android installation for Chinese is different than what we
> are used to get in "Western countries". No Google account, no Google play
> store and it seems that all network activities went through China (for
> inspection?, really slow on network activity).
> It took me a while to find English Rom for it and then some time to root
> it (temporarily - will explain later).
> Now I got Google account and other "Western" stuff but still:
> 1. Root is removed after reboot
> 2. Google play services crashes and so does the address book sync
> operation.
>
> Looking at the article: http://elinux.org/Android_Booting
> my questions:
> 1. Any idea where I can find strace for Android (based on Arm CPU)
> 2. Can I go into "Console mode" ? In case I fiddle with init*.rc scripts
> and break the OS (for manual recovery of those scripts).
> 3. The su command (and copies of it that had SUID bit set on it) were
> deleted during boot. Any idea what could have done that?
> 4. Any idea what cold make the google play services get killed every time?
>
> Thanks
> David Harel
> Amuka
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Recommendations for drive recovery

[Amos Shapira]

Mounting the partition could add a lot of unnecessary disk access and could
hang the system.

It's true that scanning the whole partition accesses every block on it as
opposed to the filesystem code knowing where the data really is, but the OP
seemed to suggest that the partition is pretty full, so a read will require
access to most blocks anyway.

Also a full image of the filesystem makes it easier to test multiple ways
to recover data, for instance - make a copy of the rescued partition image
then try difference "fsck"'s and executions of PhotoRec (
http://www.cgsecurity.org/wiki/PhotoRec).


On 24 December 2014 at 02:31, E.S. Rosenberg 
wrote:

> I have used the same trick with success at least once, it working does
> depend on the type of failure but yours sounds like the type that would
> work, in my case I think I even mounted the partitions and just copied the
> data. (rsync iirc)
>
> 2014-12-22 12:26 GMT+02:00 Amos Shapira :
>
>> I once helped a friend in a similar situation (family photos and
>> documents on a dying disk without backups).
>>
>> I followed broadly the following procedure:
>> 1. Put the disk in an airtight plastic bag (reason - to avoid humidity
>> getting in during the following steps).
>> 2. Put in the freezer for an hour.
>> 3. Remove from freezer and leave inside the bag for a few minutes (again
>> - to minimise risk of condensation).
>> 4. remove from the bag, make sure no condensation builds up on it, wrap
>> in a kitchen towel (it was Sydney summer, so high temps and humid, though
>> not like Tel-Aviv summer). The idea was to keep any humidity away.
>> 4. Put it on a block of icepack, and another icepack on top of it.
>> 5. Connect it to a comp through an external USB box
>> 6. GNU ddrescue (don't confuse with the non-GNU implementation). It can
>> keep track of where it got to in a previous run so you can pick up from
>> there.
>> 7. Rinse, repeat.
>>
>> It took 2-3 weeks of repeating this process but I managed to save all his
>> data (I think it was half a tera or so) except a tiny part (single-digit
>> kilobytes, I think).
>>
>> The extra twist was that it was a Mac HFS file system and he wanted the
>> data accessible to Windows - Only Linux could be used to support both
>> filesystem formats :)
>>
>>
>> On 22 December 2014 at 16:15, Alon Barzilai  wrote:
>>>
>>>  Hi,
>>>
>>> there is tic tac  ( http://www.tictac.co.il )
>>> and recover (http://recover.co.il)
>>>
>>> I used them both in the past. and they both offered good service, but
>>> this service is not cheap.
>>> tic tac ares in this field for longer time, but as I recall their price
>>> is higher than recover.
>>>
>>> Alon.
>>>
>>>
>>>
>>> On 12/21/2014 11:46 PM, Geoff Shang wrote:
>>>
>>> Hi,
>>>
>>> We have a 500 GB external USB drive that's about 5 or so years old
>>> (can't remember exactly when we got it).  It's now not spinning up
>>> propperly and we figure its days are numbered.
>>>
>>> Much of what is on it has not been backed up anywhere else (yes, I
>>> know).
>>>
>>> Is there somewhere I can take/send it to see if anything can be
>>> salvaged?
>>>
>>> Geoff.
>>>
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>>
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Recommendations for drive recovery

[Amos Shapira]

I once helped a friend in a similar situation (family photos and documents
on a dying disk without backups).

I followed broadly the following procedure:
1. Put the disk in an airtight plastic bag (reason - to avoid humidity
getting in during the following steps).
2. Put in the freezer for an hour.
3. Remove from freezer and leave inside the bag for a few minutes (again -
to minimise risk of condensation).
4. remove from the bag, make sure no condensation builds up on it, wrap in
a kitchen towel (it was Sydney summer, so high temps and humid, though not
like Tel-Aviv summer). The idea was to keep any humidity away.
4. Put it on a block of icepack, and another icepack on top of it.
5. Connect it to a comp through an external USB box
6. GNU ddrescue (don't confuse with the non-GNU implementation). It can
keep track of where it got to in a previous run so you can pick up from
there.
7. Rinse, repeat.

It took 2-3 weeks of repeating this process but I managed to save all his
data (I think it was half a tera or so) except a tiny part (single-digit
kilobytes, I think).

The extra twist was that it was a Mac HFS file system and he wanted the
data accessible to Windows - Only Linux could be used to support both
filesystem formats :)


On 22 December 2014 at 16:15, Alon Barzilai  wrote:
>
>  Hi,
>
> there is tic tac  ( http://www.tictac.co.il )
> and recover (http://recover.co.il)
>
> I used them both in the past. and they both offered good service, but this
> service is not cheap.
> tic tac ares in this field for longer time, but as I recall their price is
> higher than recover.
>
> Alon.
>
>
>
> On 12/21/2014 11:46 PM, Geoff Shang wrote:
>
> Hi,
>
> We have a 500 GB external USB drive that's about 5 or so years old (can't
> remember exactly when we got it).  It's now not spinning up propperly and
> we figure its days are numbered.
>
> Much of what is on it has not been backed up anywhere else (yes, I know).
>
> Is there somewhere I can take/send it to see if anything can be salvaged?
>
> Geoff.
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Adding external HDD to Raspberry Pi

[Amos Shapira]

Get a powered USB hub (i.e. a usb hub which also connects to a wall power
socket). I'm not familiar with RPi USB version but check for USB 3.0 vs.
2.0.

On 15 December 2014 at 06:07, Gabor Szabo  wrote:
>
> Hmm, good question. The Raspberry does see the device when it is
> connected, so is it possible that it needs more
> power after later on?
>
> How can I check?
>
> If the problem is lack of current, how can I solve that? Can I put one of
> these usb hubs that also provide power between the two?
>
> Gabor
>
> On Sun, Dec 14, 2014 at 8:43 PM, E.S. Rosenberg 
> wrote:
>>
>> Are you providing the external HDD with sufficient electricity? The
>> Raspberry is most likely not capable of providing enough current...
>>
>> 2014-12-14 19:30 GMT+02:00 Gabor Szabo :
>>
>>> So finally I install the Raspberry Pi I bought a few weeks ago and
>>> wanted to add an external HDD.
>>> I plugged in the external hard drive and /var/log/syslog printed the
>>> following:
>>>
>>>
>>> Dec 14 17:02:55 pi kernel: [  759.981949] usb 1-1.3: new high-speed USB
>>> device number 8 using dwc_otg
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.163364] usb 1-1.3: New USB device
>>> found, idVendor=1058, idProduct=0820
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.163398] usb 1-1.3: New USB device
>>> strings: Mfr=1, Product=2, SerialNumber=5
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.163414] usb 1-1.3: Product: My
>>> Passport 0820
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.163429] usb 1-1.3: Manufacturer:
>>> Western Digital
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.163444] usb 1-1.3: SerialNumber:
>>> 57583431413432454363833
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.169522] usb-storage 1-1.3:1.0: USB
>>> Mass Storage device detected
>>>
>>> Dec 14 17:02:55 pi kernel: [  760.181935] scsi0 : usb-storage 1-1.3:1.0
>>>
>>> Dec 14 17:02:56 pi kernel: [  761.183065] scsi 0:0:0:0: Direct-Access
>>>   WD   My Passport 0820 1012 PQ: 0 ANSI: 6
>>>
>>> Dec 14 17:02:56 pi kernel: [  761.187365] scsi 0:0:0:1: Enclosure
>>>   WD   SES Device   1012 PQ: 0 ANSI: 6
>>>
>>> Dec 14 17:02:56 pi kernel: [  761.189473] sd 0:0:0:0: [sda] Spinning up
>>> disk...
>>>
>>> Dec 14 17:02:56 pi kernel: [  761.277106] sd 0:0:0:0: Attached scsi
>>> generic sg0 type 0
>>>
>>> Dec 14 17:02:56 pi kernel: [  761.278094] scsi 0:0:0:1: Attached scsi
>>> generic sg1 type 13
>>>
>>>
>>> But then when I try to run
>>>
>>>
>>> $ sudo fdisk /dev/sda
>>>
>>> I get
>>>
>>> fdisk: unable to open /dev/sda: No such device or address
>>>
>>> $ ls -l /dev/sda
>>>
>>> brw-rw---T 1 root floppy 8, 0 Dec 14 17:21 /dev/sda
>>>
>>> $ sudo fdisk -l
>>>
>>> only lists the sdcard
>>>
>>>
>>> The external disk is brand new and it has NTFS on it. I have not handled
>>> disk in linux for a long time, but a I recall I am supposed to use fdisk to
>>> partition it and then use mkfs.ext4 to format.
>>>
>>>
>>> So what am I missing here?
>>>
>>>
>>> Gabor
>>>
>>>
>>>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Mageia 4 - update delay

[Amos Shapira]

Also - what do you see in the logs?

On 7 December 2014 at 03:39, Shlomo Solomon 
wrote:

> I tried running ps -A before clicking, a few times during the 4 minute
> wait and after the GUI started. I then used diff to compare. The only
> change I found during the wait was an additional kworker/2:0 (there
> were already over 20 kworker processes running). Could this be
> significant? I haven't yet run strace as you suggested.
>
> When the GUI started, I found a MageiaUpdate process and an additional
> drakrpm-update process (for a total of 2). I assume the first one is
> responsible for the periodic check if new updates are available.
>
> On Fri, 5 Dec 2014 00:10:06 +0200
> shimi  wrote:
>
> > On Thu, Dec 4, 2014 at 8:06 PM, Shlomo Solomon
> >  wrote:
> >
> > > Since upgrading from Mageia 3 to Mageia 4, when I get a
> > > notification that updates are available, I click on it but Software
> > > Package Update starts only after exactly a 4 minute delay.
> > >
> > > Any ideas why?
> > >
> > >
> > >
> > Maybe it is waiting on some lock file? Package managers has this
> > tendency...
> >
> > Does it really start after 4 minutes, or does it just start showing
> > the UI after 4 minutes? See if new process has been created. If
> > there's a new process, try to strace -f -p  to see what it is
> > waiting on (you probably want to suffix this command with
> > [ >update.strace 2>&1 ] as the output will probably become quite
> > large. Also you should run this as root if the process launched is
> > not in your own UID)
> >
> > -- Shimi
>
>
>
> --
> Shlomo Solomon
> http://the-solomons.net
> Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Mageia 4 - update delay

[Amos Shapira]

Use "strace -p  -f -rT -o strace.out" to see what the process and its
children spend time on.

On 7 December 2014 at 03:39, Shlomo Solomon 
wrote:

> I tried running ps -A before clicking, a few times during the 4 minute
> wait and after the GUI started. I then used diff to compare. The only
> change I found during the wait was an additional kworker/2:0 (there
> were already over 20 kworker processes running). Could this be
> significant? I haven't yet run strace as you suggested.
>
> When the GUI started, I found a MageiaUpdate process and an additional
> drakrpm-update process (for a total of 2). I assume the first one is
> responsible for the periodic check if new updates are available.
>
> On Fri, 5 Dec 2014 00:10:06 +0200
> shimi  wrote:
>
> > On Thu, Dec 4, 2014 at 8:06 PM, Shlomo Solomon
> >  wrote:
> >
> > > Since upgrading from Mageia 3 to Mageia 4, when I get a
> > > notification that updates are available, I click on it but Software
> > > Package Update starts only after exactly a 4 minute delay.
> > >
> > > Any ideas why?
> > >
> > >
> > >
> > Maybe it is waiting on some lock file? Package managers has this
> > tendency...
> >
> > Does it really start after 4 minutes, or does it just start showing
> > the UI after 4 minutes? See if new process has been created. If
> > there's a new process, try to strace -f -p  to see what it is
> > waiting on (you probably want to suffix this command with
> > [ >update.strace 2>&1 ] as the output will probably become quite
> > large. Also you should run this as root if the process launched is
> > not in your own UID)
> >
> > -- Shimi
>
>
>
> --
> Shlomo Solomon
> http://the-solomons.net
> Sent by Claws Mail 3.11.1 - KDE 4.12.15 - LINUX Mageia 4
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backdoor?

[Amos Shapira]

There are various chrome tools, e.g. the Task Manager.

On 24 November 2014 at 07:45, Amichai Rotman  wrote:

> Hi All,
>
> I am trying to troubleshoot a bottleneck in my internet connection.
>
> I came across a few lines like these ones when I run 'netstat -ptW':
>
> tcp0  0 10.0.0.3:42239
>  82-166-201-152.barak-online.net:http ESTABLISHED 5881/chrome
> tcp0  0 10.0.0.3:55224
>  bzq-179-180-121.static.bezeqint.net:https ESTABLISHED 5881/chrome
>
> I was once connected to these ISPs, but not for some time
>
> I have Netgear DGN2200 v2 provided by Bezeq, running firmware
>  V1.0.8.31_1.8.31.
>
> Does Bezeq and the ISPs open a backdoor in my router somehow?
>
> How can I find out exactly where I am connected and why?
>
> Thanks!
>
> Amichai
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: good free dynamic dns server ?

[Amos Shapira]

I did this for years until I "broke down" and paid the $16 for a year of
avoiding these.
On 9 Nov 2014 10:31, "Erez D"  wrote:

> hi
>
> i am currently using no-ip.org as a free dynamic dns server for my home.
> however it has the annoying feature of sending me the following emails:
> "Please confirm your hostname now or it will be deleted"
>
> anyone knows of a good free dyndns server ?
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: How do I debug this (mailman)?

[Amos Shapira]

"Either way, where are the logs?"

what does "lsof" say?

On 12 October 2014 14:00, Shachar Shemesh  wrote:

>  On 12/10/14 00:24, Daniel Shahaf wrote:
>
> Could that be caused by MX records for the list not yet pointing at the
> new host? i.e., perhaps the new mailman instance is not handling the list
> yet because MX records don't point at it (the new mailman instance). HTH
> Daniel
>
> It *could*, but I find it unlikely. The local MTA considers those domains
> to be local, and does local delivery for them. Also, mailman is not bound
> to only handle locally handled domains, so long as the emails reach it.
>
> Either way, where are the logs?
>
> Shachar
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: How do I debug this (mailman)?

[Amos Shapira]

mailman logs?
I mean - if the MTA doesn't say anything about this then perhaps the client
haven't sent anything?

On 10 October 2014 23:38, Shachar Shemesh  wrote:

>  I'm trying to set up mailman on a new host (transferring my VPS to a new
> machine). This is running Debian. Mailman is set up, shows up in the web
> interface. I transferred the mailing list. I'm trying to send myself a
> password reminder, and nothing.
>
> The postfix logs don't show anything at all.
> /var/lib/mailman/qfils/virgin shows something that looks like the password
> reminder
> Nothing appears in my inbox.
>
> All tips on the internet say to look for the mailer's logs to find out
> what's wrong, but the mailer doesn't show any logs at all.
>
> Ideas?
>
> Shachar
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Daemontools intro

[Amos Shapira]

About a year ago I wrote a Puppet module to install and configure
daemontools services which we used very successfully at my previous
workplace. I got permission to open-source it but can't find it right now.
I'll try to dig it up when I get home.


On 25 September 2014 12:46, Steve Litt  wrote:

> Hi all,
>
> I wrote this introduction to daemontools:
>
> http://www.troubleshooters.com/linux/djbdns/daemontools_intro.htm
>
> Enjoy!
>
> SteveT
>
> Steve Litt*  http://www.troubleshooters.com/
> Troubleshooting Training  *  Human Performance
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>



-- 

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: better antenna for a USB DVB-T dongle?

[Amos Shapira]

Thanks everyone for chipping in.

Once I learned the name of the connector (MCX) and based on this and
finding that the "regular" plug is called also "Type N" I found a "pig
tail" converter and ordered it (http://www.ebay.com.au/itm/121310526140).

Tomer - why wouldn't the roof antenna be useful. Is it about the TV signal
type? Antenna type? Or is it because I live so close to the transmitter
that you expect that the signal strength is not the issue?

BTW - so far I tested the dongle facing the transmitter almost directly -
next to the front balcony glass door, with perhaps only the balcony rail
blocking it from direct line of sight.

Cheers,

--Amos


On 27 July 2014 01:09, Tomer Cohen  wrote:

> Roof antenna could not be very helpful in your case, but you can buy an
> active antenna or place the current one near a window. As for the antenna
> connector, you can buy a cheap adapter; I bought this one:
> http://www.dx.com/p/lwj-023-mcx-male-to-tv-female-antenna-adapter-cable-black-17-5cm-207418
>
>
> On Sat, Jul 26, 2014 at 2:00 PM, Amos Shapira 
> wrote:
>
>> Hi,
>>
>> I'm asking here since I saw that quiet a few members here mentioned using
>> things like this in the past.
>>
>> I bought a USB DVB dongle for my Cubox-I running OpenELEC (here is the
>> item on ebay: http://www.ebay.com.au/itm/251537079924) and although it's
>> well supported and the kernel recognises it without a hitch, scanning for
>> channels (both through tvheadend and command line w_scan) can't lock on any
>> channels.
>>
>> I live less than 2 km from the antennas which broadcast to all of Sydney
>> (~80km radius service area).
>>
>> According to the instructions at http://baratel.com/guides/mythTV.htm,
>> the internal antenna which comes with such dongles is worthless for more
>> than 500m.
>>
>> But the antenna input socket is not the standard wide one (e.g. like the
>> one you can see in this wikipedia image:
>> http://en.wikipedia.org/wiki/Coaxial_cable#mediaviewer/File:N_Connector.jpg)
>> but something that looks like 1 mm headphone jack with an itsy bitsy hole
>> in the middle.
>>
>> Does anyone know how can I extend the reception for this baby?
>>
>> I think of two main options:
>>
>> 1. Connect it to "normal"/"common" coaxial wall socket, so I can take
>> advantage of the antenna on the roof.
>> 2. Buy a bigger internal antenna which can connect to this weird jack.
>>
>> Any pointers would be appreciated.
>>
>> Thanks,
>>
>> --Amos
>> --
>>  <http://au.linkedin.com/in/gliderflyer>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
> Tomer Cohen
> http://tomercohen.com
>



-- 
<http://au.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

better antenna for a USB DVB-T dongle?

[Amos Shapira]

Hi,

I'm asking here since I saw that quiet a few members here mentioned using
things like this in the past.

I bought a USB DVB dongle for my Cubox-I running OpenELEC (here is the item
on ebay: http://www.ebay.com.au/itm/251537079924) and although it's well
supported and the kernel recognises it without a hitch, scanning for
channels (both through tvheadend and command line w_scan) can't lock on any
channels.

I live less than 2 km from the antennas which broadcast to all of Sydney
(~80km radius service area).

According to the instructions at http://baratel.com/guides/mythTV.htm, the
internal antenna which comes with such dongles is worthless for more than
500m.

But the antenna input socket is not the standard wide one (e.g. like the
one you can see in this wikipedia image:
http://en.wikipedia.org/wiki/Coaxial_cable#mediaviewer/File:N_Connector.jpg)
but something that looks like 1 mm headphone jack with an itsy bitsy hole
in the middle.

Does anyone know how can I extend the reception for this baby?

I think of two main options:

1. Connect it to "normal"/"common" coaxial wall socket, so I can take
advantage of the antenna on the roof.
2. Buy a bigger internal antenna which can connect to this weird jack.

Any pointers would be appreciated.

Thanks,

--Amos
-- 
 
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Amos Shapira]

Whatever.

I'm speaking from personal experience that I didn't find this necessary.



On 22 July 2014 08:21, E.S. Rosenberg  wrote:

> Any decent port scanner (nmap for instance) will find the SSH service
> regardless of the port its' on, while the likelihood of a firewall blocking
> access to random non-standard ports is very high.
>
> I use fail2ban to prevent brute forcing and generally also try to have
> some form of port knocking (knockd and fwknop are good options) to prevent
> initial access to the SSH server to "unidentified" machines.
>
>
> 2014-07-22 1:11 GMT+03:00 Amos Shapira :
>
>> On 22 July 2014 00:52, Guy Gold  wrote:
>>
>>> Hi Erez,
>>>
>>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D  wrote:
>>>
>>>>
>>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>>
>>>
>>> Then,  what Eliyahu wrote should serve you a perfect solution.
>>>
>>> Also, there's not much advantage in the point of hiding behind the
>>> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>>>
>>  The increase to security by using  that method is in doubt - when
>>> taking under consideration  tools used by "bad guys (and girls)" nowadays .
>>> If you must do it, that's fine, but don't let it be a reason for not
>>> using much better methods, as Eliyahu suggested.
>>>
>>
>> From personal experience - there is a huge advantage in picking a random
>> port for external SSH (and external HTTP). I always had port scanners on my
>> standard, dynamic ISP ADSL addresses until I moved them to different
>> non-standard ports. Since then my logs are clean, and I'm talking about
>> over 5 years of experience (I don't remember exactly when I did the switch).
>>
>> This is of course not the only measure I take for security. I still treat
>> them as vulnerable etc. But after years of not having a single probe on the
>> new ports I have to say that it removed the threat of pretty much 100% of
>> the probes on my home network.
>>
>> Perhaps they are more thorough on static ip addresses, known targets
>> etc., but in my experience this is a very successful step.
>>
>>
>>>
>>>
>>> --
>>> Guy Gold
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>>
>> --
>>  [image: View my profile on LinkedIn]
>> <http://www.linkedin.com/in/gliderflyer>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>


-- 
 [image: View my profile on LinkedIn]
<http://www.linkedin.com/in/gliderflyer>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Amos Shapira]

On 22 July 2014 00:52, Guy Gold  wrote:

> Hi Erez,
>
> On Mon, Jul 21, 2014 at 4:18 AM, Erez D  wrote:
>
>>
>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>
>
> Then,  what Eliyahu wrote should serve you a perfect solution.
>
> Also, there's not much advantage in the point of hiding behind the
> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>
 The increase to security by using  that method is in doubt - when taking
> under consideration  tools used by "bad guys (and girls)" nowadays .
> If you must do it, that's fine, but don't let it be a reason for not using
> much better methods, as Eliyahu suggested.
>

>From personal experience - there is a huge advantage in picking a random
port for external SSH (and external HTTP). I always had port scanners on my
standard, dynamic ISP ADSL addresses until I moved them to different
non-standard ports. Since then my logs are clean, and I'm talking about
over 5 years of experience (I don't remember exactly when I did the switch).

This is of course not the only measure I take for security. I still treat
them as vulnerable etc. But after years of not having a single probe on the
new ports I have to say that it removed the threat of pretty much 100% of
the probes on my home network.

Perhaps they are more thorough on static ip addresses, known targets etc.,
but in my experience this is a very successful step.


>
>
> --
> Guy Gold
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Backing up to encrypted Blu-rays

[Amos Shapira]

There's even no need for that - there are web sites for subtitles and all
media players I use (currently almost exclusively XBMC) will automatically
use the subtitles files if they find it next to the movie file (if it's
somewhere else then you can tell it where it is).
On 16 Jul 2014 07:31, "E.S. Rosenberg"  wrote:

> I more recently stopped ripping my DVDs in favor of just downloading
> movies other people already encoded and only ripping the Hebrew dubs/subs
> and then joining the lot with mkvtoolnix.
> Saves hours of encoding work.
>
> 2014-07-15 4:22 GMT+03:00 Steve Litt :
>
>> Hi all,
>>
>> I just wrote the following documentation on backing up to encrypted
>> Blu-rays:
>>
>> http://troubleshooters.com/lpm/201408/201408.htm
>>
>> When your backup discs are encrypted, offsite backups are much safer.
>> Everything in the documentation applies equally to dvd backups.
>>
>> Hope you enjoy it.
>>
>> Thanks,
>>
>> SteveT
>>
>> Steve Litt*  http://www.troubleshooters.com/
>> Troubleshooting Training  *  Human Performance
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [Call-for-Action] Indigogo Campaign for Putting "Emma Watson Getting Interviewed for a Tech Job" under CC-by

[Amos Shapira]

https://i.chzbgr.com/maxW500/1366510848/h28F3DD64/


On 11 July 2014 16:34, Shlomi Fish  wrote:

> Hello Dan,
>
> thanks for clarifying your position. Let me reply.
>
>
> On Thu, Jul 10, 2014 at 8:16 PM, Dan Yasny  wrote:
>
>>
>>
>>
>> On Thu, Jul 10, 2014 at 1:00 PM, Shlomi Fish  wrote:
>>>
>>> 1. What makes you feel this is "spam"? I don't see it as unoslicited
>>> bulk E-mail.
>>>
>>
>> Any email sent to a list is "bulk". And I didn't, in any way, solicit
>> this Emma Watson bs, nor your pleas for funding or support.
>>
>
> In this case, I may well as argue that a job offer for a Java Enterprise
> software developer with 5 years of experience in Java sent to this list is
> spam as well, because: 1. It's bulk. 2. I didn't solicit it nor am
> interested in it. But I don't argue that is the case.
>
>
>
>> The very least you could do, out of common courtesy (I really hope you
>> know what that is) is mark your email as offtopic, you know, like everyone
>> in every other LUG does, with the [OT] marker in the subject?
>>
>
> I don't feel it is offtopic. The fictional interview highlights several
> real problems with the software industry. Like I said earlier, some people
> get a knee-jerk reaction to fiction, but fiction is not only often an
> effective tool as writing an essay, but often superior. A lot of ink was
> spilled about how the concept of an Abrahamic God was harmful until this
> delivered a swift deathblow to it -
> http://www.roflcat.com/ceiling-cat-is-watching-you-masturbate .
> Furthermore, there was a significant risk that the USA will get carried
> away into unnecessary paranoia during the late 60s until Sesame Street
> started airing as a show depicting a happy, safe, carefree street where
> children live and have fun together with adults, animated animals and even
> cute furry monsters (!!).
>
> Nevertheless, I am willing to mark it as "[Slightly OT]".
>
>
>> This way I, and anyone else not interested in anything but the technology
>> this list is about, can filter it out, and let you keep spamming those who
>> are for some reason interested.
>>
>>
>>>
>>> 2. What makes you feel it kills a good and useful mailing list?
>>>
>>
>> As soon as a list(/community/forum/etc) turns into an offtopic promoting
>> medium, the useful and productive community members leave. I've managed
>> enough forums to see that happen.
>>
>>
>
> There may be a more significant risk of this list becoming overly dry, too
> inbred (see
> http://www.shlomifish.org/humour/fortunes/show.cgi?id=larry-wall-all-truth-is-gods-truh
> ), and too routine. We need to constantly seek external influences: from
> other operating systems, from other fields of knowledge, from popular and
> not so popular culture, from linguistics, history and humanities, from
> ancient sources, etc.
>
> Otherwise we risk stagnation. My post was not off-topic, just made use of
> some popular culture metaphors. Do you  agree?
>
>
>>
>>> Vague complaints are vague. ;-)
>>>
>>>
>> Nothing is vague here. This is off topic, your stories aren't
>> interesting, aren't funny and would not belong in a LUG, even if they were.
>>
>
> First of all you're stating these things as facts instead of saying "I
> don't find them interesting, funny, etc." or "IMHO, they are non funny".
> Like someone once told me "In my opinion, it's a fact.". You'll evoke much
> less antagonism if you follow this guideline.
>
> For the record, quite a few people told me that they liked one or more of
> the things I wrote, and if you ask me - if one person besides me enjoyed my
> work - it was a spectacular success:
>
> https://plus.google.com/+ShlomiFish/posts/UdiPzsSGc66
>
> I don't mind writing a study / midrash of the Emma Watson interview story
> for those who are not familiar with its sources and subtleties, but many
> people liked it even without that.
>
> 
>
> I hope I made myself clear. Please reply to the list if you have any
> further objections or comments.
>
> Best regards,
>
> -- Shlomi Fish
>
> --
> --
> Shlomi Fish http://www.shlomifish.org/
>
> Chuck Norris helps the gods that help themselves.
>
> Please reply to list if it's a mailing list post - http://shlom.in/reply .
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [Call-for-Action] Indigogo Campaign for Putting "Emma Watson Getting Interviewed for a Tech Job" under CC-by

[Amos Shapira]

On 10 July 2014 23:24, Dan Yasny  wrote:

> This is the kind of spam that kills an otherwise good and useful mailing
> list and community.
>

+1.


>
>
> On Thu, Jul 10, 2014 at 2:22 AM, Shlomi Fish  wrote:
>
>> Hi all,
>>
>> you can find the Indiegogo campaign here:
>>
>> *
>> https://www.indiegogo.com/projects/emma-watson-tech-interview-story-make-ccby/x/8136150
>>
>> * https://twitter.com/shlomif/status/486970414610923520
>>
>> * https://www.facebook.com/shlomi.fish/posts/10152143825556981
>>
>> * https://plus.google.com/+ShlomiFish/posts/XSgj2fgYaZ1
>>
>> Reading from the links:
>>
>> 
>> Not only about that, but about allowing me to create such future artworks
>> and essays, while becoming financially independent. I'm OK with getting a
>> part time job, but I refuse to be a wage slave (and it's mentioned in the
>> link).
>> 
>>
>> Please donate even if it's just a dollar or two, and please help spread
>> the word, if you found my stories, aphorisms, articles and essays
>> (including the blog/Twitter/G+/Facebook/Reddit/etc. posts) of inspiration
>> and enlightenment. I want proof that there are good people in the world.
>>
>> Best regards,
>>
>> -- Shlomi Fish
>>
>> P.S: incidentally, some of the people who most needed to read the
>> original screenplay (= the wage slaves) did not due to "lack of time" ,
>> even though it was not long.
>>
>> --
>> --
>> Shlomi Fish http://www.shlomifish.org/
>>
>> Chuck Norris helps the gods that help themselves.
>>
>> Please reply to list if it's a mailing list post - http://shlom.in/reply
>> .
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: bugzilla+postfix+email_in.pl

[Amos Shapira]

Sorry perhaps I forgot to "reply all".

It should be easy (and encouraged) to put executables outside she docroot
tree.
On 23 Jun 2014 02:04, "Oleg Goldshmidt"  wrote:

>
>
>
> On Sun, Jun 22, 2014 at 6:46 PM, E.S. Rosenberg 
> wrote:
>
>> ​
>>
>>>  # ls -l /var/www/bugzilla/email_in.pl
 -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/
 email_in.pl

>>> You are showing correct permissions on the file so I assume you also
>> made sure that all the parent dirs are at least executable to the daemon?
>>  Regards,
>> Eliyahu - אליהו
>>
>
> ​This - and a similar comment from Amos sent privately (I think) - gave a
> clue. I have to chmod o+r all the files - and chmod o+rx all the
> directories - both above and below /var/www/bugzilla. After that (and
> installation of a number of perl modules from CPAN) I am getting emails.
>
> This is a hack and is not completely satisfying, because I really relaxed
> the permissions on /var/www and /bar/www/bugzilla, and I don't like it one
> single (permission) bit. I had thought that adding users postfix and bugs
> to the group that owns the hierarchy should be enough, but apparently isn't.
>
> I'll admit that my experience with Ubuntu and postfix is very limited - I
> am used to RH and sendmail. And I hadn't installed Bugzilla myself in this
> instance. Things look a bit weird.
>
> Thanks again, everyone!
>
>
> --
> Oleg Goldshmidt | p...@goldshmidt.org
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Satire: Emma Watson getting interviewed for a software development position

[Amos Shapira]

Please don't send this sort of stuff here.
On 19 Jun 2014 19:12, "Shlomi Fish"  wrote:

> Hi all,
>
> in this URL:
>
>
> http://www.shlomifish.org/humour/bits/Emma-Watson-applying-for-a-software-dev-job/
>
> you can find a short satire titled “Emma Watson getting interviewed for a
> software development position” under the CC-by-sa licence.
>
> In case you don't know, Watson is
> https://en.wikipedia.org/wiki/Emma_Watson - a
> 1990 born British actress and model, who rose to fame playing Hermione in
> the
> Harry Potter films, and [quoting from the Wikipedia page] «In October
> 2013, she
> was voted Sexiest Female Movie Star in a worldwide poll conducted by Empire
> magazine.[7] In May 2014, BuzzFeed dubbed her the "most flawless woman of
> the
> decade".».
>
> Now the question is: does she has what it takes to work as a Java
> Enterprise
> Software developer… ;-)
>
> I also quoted the plaintext version below. Share and enjoy!
>
> Regards,
>
> Shlomi Fish
>
> 
>
> 
>
> [
> This is satire and did not actually take place.
>
> The year is 2014. https://en.wikipedia.org/wiki/Emma_Watson";>Emma
> Watson - a British actress who rose to fame after playing Hermione
> Granger
> in the Harry Potter films - just graduated from Brown University with a
> degree
> in English Literature. She decides to take a break from acting and find a
> temporary job as a software developer. Here is an interview conducted with
> her.
> ]
>
> 
>
> Interviewer: Hello Ms. Watson, your résumé indicates that you are
> underqualified for a job here at Foobarbaznix Enterprise Software
> Enterprises,
> but we decided to give you a chance anyway. So why do you think we should
> hire
> you?
>
> EmWatson: Well, to be frank, I'm trying to get a lower-profile job now, to
> take a break after graduating from Brown University with a degree in
> English
> Literature, and I figured out learning how to code properly may prove to be
> a useful skill in this day and age.
>
> Interviewer: English Literature, eh? What makes you think you are better
> than
> all the Comp. Sci. grads we are hiring.
>
> EmWatson: Well, reportedly https://en.wikipedia.org/wiki/Edsger_W._Dijkstra";>Dijkstra
> said that good programming requires good writing and reading skills, and
> that
> he prefers hiring students of English and other humane subjects over
> students
> of Computer Science, Mathematics or Electrical Engineering, because they
> tend
> to write better code.
>
> Interviewer: So you've heard about Dijkstra, eh? "GOTO Statement Considered
> Harmful!", hah, hah!
>
> EmWatson: Well, that “considered harmful” choice of title was unfortunate
> (and selected by Dijkstra’s editor), and he did not mean that GOTO should
> never be used. So please do not take take it as gospel.
>
> Interviewer: OK, back on topic: how much experience do you have in
> developing
> enterprise software?
>
> EmWatson: Not a lot, but I wrote some shell/Perl/Ruby/Python/etc. scripts,
> know
> how to make a good use of my smartphone and home computer, and have done
> some
> simple HTML, CSS and JavaScript / jQuery / etc. web pages, and I know the
> basics of how to use Git and GitHub (but I'm certainly not an expert in
> them).
>
> Interviewer: So you don't have 5 years of experience in developing Java
> enterprise software?
>
> EmWatson: I'm afraid not, sir.
>
> Interviewer: OK. Here's another thing: why do you wish to become a low-paid
> (for some values of low-paid) hired programmer, when it is well-known that
> you charge an obscene amount of money for each film you take part in?
>
> EmWatson: Well, to paraphrase on the old Hollywood adage: “There are no
> small jobs - only small workers.”. A good and resourceful person will make
> the best out of even the least esteemed job, like the fact that a good
> waitress or waitor are friendly, express interest in the customers, take
> their job seriously, are well-groomed, and show genuine interest in the
> business.
>
> EmWatson: While I wouldn't object to work at a restaurant or a different
> place that sells decent-or-better food, I think that I can learn much more
> by
> becoming a coder. And like I said - I need a break.
>
> Interviewer: I see… OK, next question, Ms. Watson: as you may well be aware
> of you starred in the 8 Harry Potter films, despite the fact that they were
> criticised as being bad. Why did you persist?
>
> EmWatson: Well, there are several reasons, but the main one is that for an
> actor, it is better to play well (or even not so well) in a bad film, than
> to not play at all. ”Publish or Perish”, like they say, which is also true
> for the Academia, and, as you may well know, for the software world.
>
> Interviewer: I see. Well we pride ourselves on releasing
> industrial-strength
> and high-quality enterprise software.
>
> EmWatson: I see. OK, I think I've heard enough. I'm not going to work for
> you
> even for a thousand million dollars per month. I got a different offer
> from a
> ni

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

On 16 June 2014 19:11, E.S. Rosenberg  wrote:

> Amos - can you add a TL;DR about your mail?
>

Nagios and its ilk are not scalable or efficient, resulting in very complex
setup and too slow event discovery.
Zabbix is not a good fit if you want to have an automatic setup using
things like Puppet.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

How do you configure zabbix outside its GUI? As far as I saw so far it's
not possible so you have to point and click your way through its gui.
Most of what I wrote against nagios is relevant to Zabbix as well - central
server etc.
On 16 Jun 2014 17:49, "Rabin Yasharzadehe"  wrote:

> I can recommend Zabbix, I was never used it on a large network (~30 server
> most), but i was happy with it.
>
> - you can set the monitoring interval for each item (from 1s -> days)
> - samples are stored in the DB, and graphs are plotted only when you need
> them
> - have a build in support for SMS and Jabber message alerts.
> - works with agent, but also works with SNMP and scripts you can writes.
>
> note that you'll need to provide enough storage for it.
> (i think they have the formula or a calculator in there website, which you
> can use to calculate the storage you'll need )
>
>
> *--Rabin*
>
>
> On Mon, Jun 16, 2014 at 2:12 AM, Ori Berger  wrote:
>
>> I'm looking for a single system that can track all of a remote server's
>> health and performance status, and which stores a detailed
>> every-few-seconds history. So far, I haven't found one comprehensive system
>> that does it all; also, triggering alarms in "bad" situations (such as no
>> disk space, etc). Things I'm interested in (in parentheses - how I track
>> them at the moment. Note shinken is a nagios-compatible thing).
>>
>> Free disk space (shinken)
>> Server load (shinken)
>> Debian package and security updates  (shinken)
>> NTP drift (shinken)
>> Service ping/reply time (shinken)
>> Upload/download rates per interface (mrtg)
>> Temperatures (sensord, hddtemp)
>> Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log
>> files)
>>
>> I have a few tens of servers to monitor, which I would like to do with
>> one software and one console. Those servers are not all physically on the
>> same network, nor do they have a VPN (so, no UDP) but tcp and ssh are
>> mostly reliable even though they are low bandwidth.
>>
>> Please note that shinken (much like nagios) doesn't really give a good
>> visible history of things it measures - only alerts; Also, it can't really
>> sample things every few seconds - the lowest reasonable update interval
>> (given shinken's architecture) is ~5 minutes for the things it measures
>> above.
>>
>> Any recommendations?
>>
>> Thanks in advance,
>> Ori
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

Another thing - while I was digging the Sydney DevOps meetups for a talk
about monitoring by a dude from Google, I stumbled across a reference to
InfluxDB: http://influxdb.com/.



On 16 June 2014 10:49, Amos Shapira  wrote:

> For a start, it looks like you put both trending and alerting in one
> basket. I'd keep them separate though alerting based on collected trending
> data is useful (e.g. don't alert just when a load threshold is crossed but
> only if the trending average for the part X minutes is above the threshold,
> or even only if it's derivative shows that it's not going to get better
> soon enough).
>
> See http://fractio.nl/2013/03/25/data-failures-compartments-pipelines/
> for high level theory about monitoring pipelines, and a bit of a pitch for
> Flapjack (and start by reading the first link from it). Lindsay is a very
> eloquent speaker and author in general and fun to watch and read.
>
> Bottom line from the above - I'm currently not aware of a single silver
> bullet to do everything you need for proper monitoring.
>
> Last time I had to setup such a system (monitoring hundreds of servers for
> trends AND alerts) I used:
> 1. collectd (https://collectd.org/) for trending data - it can sample
> things down to once a second if you want
> 2. statsd (https://github.com/etsy/statsd/) for event counting (e.g.
> every time a Bamboo build plan started or stopped, or failed or succeeded,
> or other such events happend, an event was shot over to statsd to coalace
> and ship over to graphite). nice overview:
> http://codeascraft.com/2011/02/15/measure-anything-measure-everything/
> 3. both of the above send data to graphite (
> https://github.com/graphite-project)
> 4. To track things like "upgraded Bamboo" events, we used tricks like
> http://codeascraft.com/2010/12/08/track-every-release/. I since then
> learned about another project to help stick extra data with events (e.g.
> the version that Bamboo was upgraded to), but I can't find it right now.
>
> Here is a good summary with Graphite tips:
> http://kevinmccarthy.org/blog/2013/07/18/10-things-i-learned-deploying-graphite/
>
> Alerts were generated by opsview (stay away from it, it was a mistake),
> which is yet another Nagios wrapper, many of the checks were based on
> reading the Graphite data whenever it was available (
> https://github.com/olivierHa/check_graphite), but many also with plain
> old "nrpe" (e.g. "is the collectd/bamboo/apache/mysql/postgres/whatever
> process still running?").
>
> I don't like nagios specifically and its centralization in general (which
> affects all other "nagios replacement" impolementations) and would rather
> look for something else, perhaps Sensu (http://sensuapp.org/), though it
> wasn't ready last time I evaluated it about a year ago.
>
> My main beef with Nagios and the other central monitoring systems is that
> there is a central server which orchestrates most of the monitoring. This
> means that:
> 1. There is one server which has to go through all the checks on all
> monitored servers in each iteration to trigger a check. With hundreds of
> servers and thousands of checks this could take a very long time. It could
> be busy checking whether the root filesystem on a throw-away bamboo agent
> is full (while the previous check showed that it's far from that) while
> your central Maven repository is burning for a few minutes. And it wouldn't
> help to say "check Maven repo more often" because it'll be like the IBM vs.
> DEC boat race - "row harder!" (
> http://www.panix.com/~clp/humor/computers/programming/dec-ibm.html).
> 2. That server is a single point of failure, or you have to start using
> complex clustering solutions to keep it (and only one of it!) up - no
> parallel servers.
> 3. This server has to be very beefy to keep up with all the checks AND
> serve the results. In one of my former workplaces (second largest
> Australian ISP at the time) there was a cluster of four such servers with
> the checks carefully spread among them. Updating the cluster configuration
> was a delicate business and keeping them up wasn't pleasant and still it
> was very slow to serve the web interface.
> 4. The amount of traffic and load on the network and monitored servers is
> VERY wasteful - open TCP for each check, fork/exec via the NRPE agent,
> process exit, collect results, rinse, repeat, millions of times a day.
>
> Nagios doesn't encourage what it calls "passive monitoring" (i.e. the
> monitored servers initiate checks and send results, whether positive or
> negative, to a central server) and in general its protocol (NRPE) means
> that the central m

Re: Looking for a performance/health monitoring and alerting solution

[Amos Shapira]

For a start, it looks like you put both trending and alerting in one
basket. I'd keep them separate though alerting based on collected trending
data is useful (e.g. don't alert just when a load threshold is crossed but
only if the trending average for the part X minutes is above the threshold,
or even only if it's derivative shows that it's not going to get better
soon enough).

See http://fractio.nl/2013/03/25/data-failures-compartments-pipelines/ for
high level theory about monitoring pipelines, and a bit of a pitch for
Flapjack (and start by reading the first link from it). Lindsay is a very
eloquent speaker and author in general and fun to watch and read.

Bottom line from the above - I'm currently not aware of a single silver
bullet to do everything you need for proper monitoring.

Last time I had to setup such a system (monitoring hundreds of servers for
trends AND alerts) I used:
1. collectd (https://collectd.org/) for trending data - it can sample
things down to once a second if you want
2. statsd (https://github.com/etsy/statsd/) for event counting (e.g. every
time a Bamboo build plan started or stopped, or failed or succeeded, or
other such events happend, an event was shot over to statsd to coalace and
ship over to graphite). nice overview:
http://codeascraft.com/2011/02/15/measure-anything-measure-everything/
3. both of the above send data to graphite (
https://github.com/graphite-project)
4. To track things like "upgraded Bamboo" events, we used tricks like
http://codeascraft.com/2010/12/08/track-every-release/. I since then
learned about another project to help stick extra data with events (e.g.
the version that Bamboo was upgraded to), but I can't find it right now.

Here is a good summary with Graphite tips:
http://kevinmccarthy.org/blog/2013/07/18/10-things-i-learned-deploying-graphite/

Alerts were generated by opsview (stay away from it, it was a mistake),
which is yet another Nagios wrapper, many of the checks were based on
reading the Graphite data whenever it was available (
https://github.com/olivierHa/check_graphite), but many also with plain old
"nrpe" (e.g. "is the collectd/bamboo/apache/mysql/postgres/whatever process
still running?").

I don't like nagios specifically and its centralization in general (which
affects all other "nagios replacement" impolementations) and would rather
look for something else, perhaps Sensu (http://sensuapp.org/), though it
wasn't ready last time I evaluated it about a year ago.

My main beef with Nagios and the other central monitoring systems is that
there is a central server which orchestrates most of the monitoring. This
means that:
1. There is one server which has to go through all the checks on all
monitored servers in each iteration to trigger a check. With hundreds of
servers and thousands of checks this could take a very long time. It could
be busy checking whether the root filesystem on a throw-away bamboo agent
is full (while the previous check showed that it's far from that) while
your central Maven repository is burning for a few minutes. And it wouldn't
help to say "check Maven repo more often" because it'll be like the IBM vs.
DEC boat race - "row harder!" (
http://www.panix.com/~clp/humor/computers/programming/dec-ibm.html).
2. That server is a single point of failure, or you have to start using
complex clustering solutions to keep it (and only one of it!) up - no
parallel servers.
3. This server has to be very beefy to keep up with all the checks AND
serve the results. In one of my former workplaces (second largest
Australian ISP at the time) there was a cluster of four such servers with
the checks carefully spread among them. Updating the cluster configuration
was a delicate business and keeping them up wasn't pleasant and still it
was very slow to serve the web interface.
4. The amount of traffic and load on the network and monitored servers is
VERY wasteful - open TCP for each check, fork/exec via the NRPE agent,
process exit, collect results, rinse, repeat, millions of times a day.

Nagios doesn't encourage what it calls "passive monitoring" (i.e. the
monitored servers initiate checks and send results, whether positive or
negative, to a central server) and in general its protocol (NRPE) means
that the central monitoring data collector is a bottleneck.

Sensu, on the other hand, works around this by encouraging more "passive
monitoring", i.e. each monitored server is responsible to monitor itself
without the overhead of a central server doing the rounds and loading the
network, it uses RabbitMQ message bus so its data transport and collection
servers are more scalable (it also supports multiple servers), and it's OK
with not sending anything if there is nothing to report (the system will
still has "keepalive" checks (http://sensuapp.org/docs/0.12/keepalives) to
monitor for nodes which went down).

But my favourite idea for scalability is the one presented in
http://linux-ha.org/source-doc/assimilation/html/index.html - each
monito

Re: advanced dhcpd.conf

[Amos Shapira]

Yup.
Or do what we did at my workplace and use puppet to maintain (and generate,
if needed) the configuration.
On 10 Jun 2014 05:33, "shimi"  wrote:

> On Mon, Jun 9, 2014 at 6:15 PM, Erez D  wrote:
>
>> no, i want:
>> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
>> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
>> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
>> ...
>> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
>> 10.0.5.254 }
>>
>>
> If it doesn't work out...
>
> php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0',
> STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id),
> 2, '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";'
>
> -- Shimi
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: self mail hosting

[Amos Shapira]

On 8 June 2014 21:38, Efraim Flashner  wrote:

> a bit more, but not so much.  I also have it running deluge, which
> crashes a little too often for me, so I have a cron job running to
> relaunch it if it crashes.  Fileserving works well.  I tried using it


Consider runit (http://smarden.org/runit/) - a supposedly better iteration
of daemontools (http://cr.yp.to/daemontools.html) - for process watchdog.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Amos Shapira]

Yes I think we got this. I'm not the OP bit I wonder what can an AP admin
do to configure it in a way which triggers this OS smarts on the client.
On 27 May 2014 07:16, "Guy Gold"  wrote:

> On Mon, May 26, 2014 at 4:51 AM, Erez D  wrote:
>
>> however, that not what i ment
>> i was only asking how it generated a notification on my phone without
>> me opening a browser
>>
>>
> Hi Erez,
> At the risk of needlessly reiterating some detail:
>
> In cases I've encountered, the alerts seemed to be  OS generated, (done by
> OS rather by the site/AP you connected to).
> Microsoft does the same thing with the "additional credentials may be
> required" pop-up on its Windows OS.
>
> The OS "gets" the fact that an IP address was acquired on an interface,
> but - no full 'www' access is available, rather an access to a single
> web-page (i.e a captive portal).  The alert is helpful for folks who assume
> that (IP address == www access) at any time, and try to place a skype call,
> or pull email, and get frustrated with 'it not working'.
> I've configured a Captive portal on a proprietary system, not long ago,
> for deployment, so I cannot be 100% sure if there's any type of messaging
> from the AP to the OS informing it that it's captivated, or, as I
> mentioned, the entire wisdom in within the OS' network stack.
>
>
>
> --
> Guy Gold
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: twisted and python3

[Amos Shapira]

I'm not a Python Guru (you might be better off asking on Python-specific
forums), but from both working on contributing to a twisted-based
application (carbon cache - https://github.com/graphite-project/carbon) and
from talking to at least one person about this framework, it seems that
it's too complicated and still too limited.

You could end up writing more code to work around twisted limitations than
if you wrote your own simple server using standard Python (e.g.
https://docs.python.org/2/library/socketserver.html,
http://www.codeproject.com/Articles/462525/Simple-HTTP-Server-and-Client-in-Python
).

My suggestion - beyond checking its status for the Python version you want,
have a spike (http://www.techopedia.com/definition/9503/spike) and see what
the code you come up with looks like and whether you like it.

--Amos


On 22 May 2014 20:11, Oleg Goldshmidt  wrote:

>
> ​Hi,
>
> Can anyone out there comment on the state of twisted on python3?
>
> We use python3, and we are considering twisted as a candidate platform to
> develop a server framework. We have not tried anything yet, just mulling
> possibilities at this point. While researching the topic multiple tidbits ​
> ​of concern came up, such as
>
> ​
> http://twisted.readthedocs.org/en/latest/projects/core/howto/python3.html
>
> http://twistedmatrix.com/trac/browser/tags/releases/twisted-14.0.0/twisted/python/dist3.py
>
> ​etc.
>
> If twisted in its current state is not well-supported on python3​
> ​ we would prefer to drop it as a candidate early and concentrate on other
> options. If problems are few and far between ​
> ​we will be willing to invest time in researching how much it will affect
> our development. Twisted is a big anaconda, and we are not likely to use
> more than some parts of it. This means that we'd like to​
> ​ learn of really disqualifying issues ASAP.
>
> Thanks a lot for any input,​
>
>
> --
> Oleg Goldshmidt | p...@goldshmidt.org
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Amos Shapira]

Most of the times when I use chroot, I usually do something a-la (from
memory):

for i in proc dev sys; do mount -o bind /$i /chrootdir/$i; done
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Upgrading Ubuntu from 12.04 to 14.04

[Amos Shapira]

Beyond the original specific question - upgrades like this should be tested
using a Vagrant box, preferably also using an automatic provisioning tool
like Puppet (my personal preference) or Chef (obligatory mention) and
automatic testing using things like Cucumber, Spec, ServerSpec or perhaps
other testing frameworks.

That way you can write the tests to verify your current setup and repeat
the verification after the update.

Also - once you have automatic provisioning and testing in place, you
should consider treating the servers as immutable, i.e. once they are setup
they are not upgraded in-place but rebuilt whenever such a large change is
required. This way you are sure that what you run is exactly what you
tested in your Vagrant environment and what will be re-installed in case of
a disaster.


On 15 May 2014 23:27, Efraim Flashner  wrote:

> I don't believe it is possible for a user to create a partition.  Of
> course that is more of a brain-fart on my part, because it's not so
> useful to your situation.  Gparted should be able to resize unmounted
> ext3/4 partitions, and from there you can create a new partition, copy
> your /home directory there and edit /etc/fstab to point to the new
> partition.
>
> I found these release notes:
> https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes, but it looks rather
> short, and doesn't mention django.  Fortunately django has its own release
> notes here: https://docs.djangoproject.com/en/1.6/releases/ which should
> help with the upgrade.
>
> Sorry I couldn't be more helpful, I've never used django.
>
> -Efraim
>
>
> On Thu, 15 May 2014 16:00:00 +0300
> Uri Even-Chen  wrote:
>
> > Thank you, it's a good idea. At work my home directory is not in a
> > separate partition so it's not kept if I reinstall Ubuntu. Do you
> > know how I can create a partition and move it to a separate partition?
> >
> > Uri Even-Chen
> > Mobile Phone: +972-50-9007559
> > E-mail: u...@speedy.net
> > Speedy Net: http://www.speedy.net/
> > Speedy Composer: http://www.speedycomposer.com/
> >
> >
> >
> > On Thu, May 15, 2014 at 3:46 PM, Ori Idan 
> > wrote:
> >
> > >
> > > On Thu, May 15, 2014 at 3:20 PM, Uri Even-Chen 
> > > wrote:
> > >
> > >> Hi people,
> > >>
> > >> I work at my job with Ubuntu 12.04 and we run Django 1.4.12
> > >> locally with Python 2.7.3 and PostgreSQL. We want to upgrade
> > >> Django from 1.4 to 1.6 and I also thought it would be a good idea
> > >> to upgrade Python to 2.7.6 and maybe even 3, so I tried to upgrade
> > >> Ubuntu to 14.04. But after I completed the upgrade, Django didn't
> > >> work and I couldn't even run migrations (with South). I had to
> > >> reinstall Ubuntu 12.04 and I lost all the files I had in my home
> > >> directory (because I chose not to keep Ubuntu 14.04) except some
> > >> files that I backed up. My questions are:
> > >>
> > >> 1. What do we need to do in order for Django to work with Ubuntu
> > >> 14.04? 2. Why isn't it possible to reinstall Ubuntu 12.04 after
> > >> upgrading to 14.04 and still keep all the files in my home
> > >> directory, while not keeping all the other files (the operating
> > >> system files)?
> > >>
> > > Why do you think it is not possible?  I do it all the time.
> > > I  keep my home directory in a separate partition so when I upgrade
> > > (or downgrade) the OS the home directory stays the same.
> > >
> > > --
> > > Ori Idan
> > >
> > >
>
>
>
> --
> Efraim Flashner
> efraim.flash...@gmail.com 4096R/CA3D8351 created: 2013-10-08
> GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Amos Shapira]

How about ddrescue (the GNU one I think, there are multiple implementations
with same name) into an image file then try to fix the fs around the bad
sectors?


On 12 May 2014 18:46, Erez D  wrote:

> Hi
>
> i need to clone a nand flash. which has ubifs on it
>
> doing 'dd' didn't work as the source and dest have different bad sectors.
>
> is there an easy way to clone a ubifs nand-flash ?
>
>
> thanks
> erez.
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>


-- 
 [image: View my profile on LinkedIn]

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Amos Shapira]

Which software? Smart Tome Sync?
On 9 May 2014 18:02, "geoffrey mendelson" 
wrote:

>
>  Unless you already have an old smartphone that you want to keep for this
>> use, look for a simple USB GPS receiver - between $20-$40 (I can see it now
>> for $35 in Amazon > Receiver-Black/dp/B008200LHW/ref=sr_1_1> ). Supported natively by ntpd <
>> http://doc.ntp.org/4.2.4/drivers/driver20.html>, uses less power, does
>> not cook your brain, and slightly less useful for the NSA to spy on you
>> with :)
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
> They only ship to the  US.
>
> Since the software we found runs on Android 2.1 up, it should be pretty
> easy to find a used phone for less than that or free.
>
> Geoff.
>
> --
> Geoffrey S. Mendelson 4X1GM/N3OWJ
> Jerusalem Israel.
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Amos Shapira]

Umm, thanks. I might try this connected to the cubox-i I plan to buy.
On 9 May 2014 17:16, "Ori Berger"  wrote:

> On 05/08/2014 04:25 PM, Amos Shapira wrote:
>
>> +1 for Smart Time Sync + ntp server.
>> Now the perfectionist in me would still like to combine what it does
>> with an NTP daemon reference clock :)
>>
>
> Unless you already have an old smartphone that you want to keep for this
> use, look for a simple USB GPS receiver - between $20-$40 (I can see it now
> for $35 in Amazon <http://www.amazon.com/GlobalSat-BU-353-S4-USB-
> Receiver-Black/dp/B008200LHW/ref=sr_1_1> ). Supported natively by ntpd <
> http://doc.ntp.org/4.2.4/drivers/driver20.html>, uses less power, does
> not cook your brain, and slightly less useful for the NSA to spy on you
> with :)
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il