Re: ISP recommendation in Israel - geek-friendly & IPv6

[Erez D]

I do not know, I only know to begin with my external ip was a private one
(if I remember correctly it was 172.x.x.x)

On Sun, Apr 16, 2023 at 2:50 PM  wrote:

> On Sunday, 16 April 2023 9:07:10 IDT Erez D wrote:
> > You look for a Fixed ipv4 IP, Note that some ISPs do not give you even a
> > real IP but you are already behind NAT and can't even use Dynamic DNS.
> >
>
> Carrier grade NAT or something else ?
>
>
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ISP recommendation in Israel - geek-friendly & IPv6

[Erez D]

You look for a Fixed ipv4 IP, Note that some ISPs do not give you even a
real IP but you are already behind NAT and can't even use Dynamic DNS.

With HOT they gave me a non-real IP and I needed to persuade them to change
it to a real one (I do not need a real one as I am using DynDNS)

At the end they gave me a real IP with no extra cost

Erez.

On Sat, Apr 15, 2023 at 10:10 AM Lionel Élie Mamane 
wrote:

> Hi,
>
> What would you recommend as a geek-friendly ISP for a "consumer price
> level" glass fiber-based Internet connection in Israel, in Qesarya
> specifically? I'd like to have dual stack IPv4 + IPv6, with one fixed
> IPv4 address and a fixed IPv6 prefix (whatever it is one gets as
> standard... a /48, a /56...). Not sure if I can hope for competent
> customer support in English, but if that exists, even better.
>
> My family currently has Bezeq with a fixed IPv4 in our "2nd home /
> vacation home", that was setup by a local guy that knows a guy that
> knows a guy that knows my mother, without my intervention, supposed to
> be a "surprise we got fast Internet now, you can now spend more time
> in Israel and work remotely" for me, and well... I'd like us to
> upgrade to something better. The guy tells me that if we activate IPv6
> on our Bezeq connection, we will not only loose the fixed IPv4
> address, but also be behind double (carrier-grade, I assume) NAT,
> which would be major suckage. Is that true? Anyone has experience with
> that?
>
> Is it realistic to hope significantly less than 100ms ping times to
> Western Europe from Israel? That's what I currently get, and in usage
> as "remote desktop" / VNC / ssh sessions (with graphical / X11
> programs running over the link), this kind of lag is really felt...
>
> Thanks in advance,
>
> Lionel
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

porting a new camera and chipset to linux

[Erez D]

hi
I want to port a new camera and chipset to linux
I searched the web but all i could find is how to setup your camera or port
already supported chipset for new cameras

does anyone has pointers for me to start with (other than reading the
kernel source)

Thanks,
Erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: strange network problem

[Erez D]

On Tue, Jan 11, 2022 at 3:14 PM Ohad Levy  wrote:

>
>
> On Tue, Jan 11, 2022 at 11:26 AM Erez D  wrote:
>
>>
>>
>> On Tue, Jan 11, 2022 at 9:29 AM Ohad Levy  wrote:
>>
>>>
>>>
>>> On Tue, Jan 11, 2022 at 9:19 AM Erez D  wrote:
>>>
>>>> The windows 169.25. ip is from APIPA and not from any DHCP server
>>>> (ipconfig does not specify a dhcp server).
>>>> to be on the safe side I verified udp port 67 is unused on my mac (via
>>>> netstat, fuser and socat)
>>>>
>>>> what boggles me is why can't the window machine access the router and
>>>> get an ip when the mac is sleeping
>>>>
>>>> as the AP switch is layer 2, i would susspect the switch disables the
>>>> windows machin for some reason,
>>>> e.g. it sees the same mac address from another port or detects abuse of
>>>> somewhat from the windows eth port
>>>> however i do not understand how is this related to the mac sleeping
>>>>
>>>> I thought the AP switch maybe defective but puting another GB switch
>>>> instead causes the same results ...
>>>>
>>>
>>> can you run tcpdump on your router? does it show the dhcp requests from
>>> your windows machine?
>>>
>> Alas, No. I know it is sacrilege but I use a hot cable modem/router.
>> I do not have hardware that can support 500Mb to be used as a linux
>> firewall ...
>>
> openwrt :)
>
I'm probably getting old, in my time running openwrt required hardware to
run on  ;-)

>
> but technically, if you have a 3rd machine, you should be able to see dhcp
> requests being broadcasted on layer2
>
> I'll try that though i do not understand why there should be a difference
if my mac is up or not ...
Thanks

>
>> Thanks,
>> Erez.
>>
>>
>>>> why do you thing HOMEGROUP is related ? it is a higher layer protocol
>>>> when the problems seems to me on layer 2
>>>>
>>>> Thanks,
>>>> Erez
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Jan 11, 2022 at 8:36 AM  wrote:
>>>>
>>>>> On Monday, 10 January 2022 19:30:55 IST Erez D wrote:
>>>>> > I've encountered a network problem
>>>>> >
>>>>> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
>>>>> > (switch mode).
>>>>> > a third eth from the AP goes to the router which is also a DHCP
>>>>> server
>>>>> >
>>>>> > everything works well until the mac goes to sleep.
>>>>> > when the mac goes to sleep, the win10 machine looses it's ip address
>>>>> > which becomes a 169. address
>>>>> >
>>>>> > as soon as i wake the mac up, the win machine regain a valid
>>>>> 10.0.0.x ip
>>>>> >
>>>>> > i tried to replace the AP with a 4 port switch and got same results
>>>>> >
>>>>> >
>>>>> > any idea ?
>>>>> >
>>>>>
>>>>> IP in the  169.254.0.0/16 range is related to bonjour protocol , it
>>>>> is a link local communication.
>>>>>
>>>>> your windows would move to a bonjur ip in many cases but most common
>>>>> that can happen if your machine has a bonjour service enabled and an
>>>>> Ethernet card with dhcp that can not get an ip from the router.
>>>>>
>>>>> 1. Check if when the mac is running your windows machine got it's ip
>>>>> from the mac and not from the router. in some cases mac can have dhcpd
>>>>> running on it, if that is the case you should disable it if you do not 
>>>>> need
>>>>> it.
>>>>> 2. Check if homegroup is enabled on win10, if it is disable it (by
>>>>> version 1803 it is no longer active by default, but you could have hacked
>>>>> to enable it).
>>>>>
>>>>>
>>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: strange network problem

[Erez D]

On Tue, Jan 11, 2022 at 9:29 AM Ohad Levy  wrote:

>
>
> On Tue, Jan 11, 2022 at 9:19 AM Erez D  wrote:
>
>> The windows 169.25. ip is from APIPA and not from any DHCP server
>> (ipconfig does not specify a dhcp server).
>> to be on the safe side I verified udp port 67 is unused on my mac (via
>> netstat, fuser and socat)
>>
>> what boggles me is why can't the window machine access the router and get
>> an ip when the mac is sleeping
>>
>> as the AP switch is layer 2, i would susspect the switch disables the
>> windows machin for some reason,
>> e.g. it sees the same mac address from another port or detects abuse of
>> somewhat from the windows eth port
>> however i do not understand how is this related to the mac sleeping
>>
>> I thought the AP switch maybe defective but puting another GB switch
>> instead causes the same results ...
>>
>
> can you run tcpdump on your router? does it show the dhcp requests from
> your windows machine?
>
Alas, No. I know it is sacrilege but I use a hot cable modem/router.
I do not have hardware that can support 500Mb to be used as a linux
firewall ...

Thanks,
Erez.


>> why do you thing HOMEGROUP is related ? it is a higher layer protocol
>> when the problems seems to me on layer 2
>>
>> Thanks,
>> Erez
>>
>>
>>
>>
>> On Tue, Jan 11, 2022 at 8:36 AM  wrote:
>>
>>> On Monday, 10 January 2022 19:30:55 IST Erez D wrote:
>>> > I've encountered a network problem
>>> >
>>> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
>>> > (switch mode).
>>> > a third eth from the AP goes to the router which is also a DHCP server
>>> >
>>> > everything works well until the mac goes to sleep.
>>> > when the mac goes to sleep, the win10 machine looses it's ip address
>>> > which becomes a 169. address
>>> >
>>> > as soon as i wake the mac up, the win machine regain a valid 10.0.0.x
>>> ip
>>> >
>>> > i tried to replace the AP with a 4 port switch and got same results
>>> >
>>> >
>>> > any idea ?
>>> >
>>>
>>> IP in the  169.254.0.0/16 range is related to bonjour protocol , it is
>>> a link local communication.
>>>
>>> your windows would move to a bonjur ip in many cases but most common
>>> that can happen if your machine has a bonjour service enabled and an
>>> Ethernet card with dhcp that can not get an ip from the router.
>>>
>>> 1. Check if when the mac is running your windows machine got it's ip
>>> from the mac and not from the router. in some cases mac can have dhcpd
>>> running on it, if that is the case you should disable it if you do not need
>>> it.
>>> 2. Check if homegroup is enabled on win10, if it is disable it (by
>>> version 1803 it is no longer active by default, but you could have hacked
>>> to enable it).
>>>
>>>
>>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: strange network problem

[Erez D]

The windows 169.25. ip is from APIPA and not from any DHCP server (ipconfig
does not specify a dhcp server).
to be on the safe side I verified udp port 67 is unused on my mac (via
netstat, fuser and socat)

what boggles me is why can't the window machine access the router and get
an ip when the mac is sleeping

as the AP switch is layer 2, i would susspect the switch disables the
windows machin for some reason,
e.g. it sees the same mac address from another port or detects abuse of
somewhat from the windows eth port
however i do not understand how is this related to the mac sleeping

I thought the AP switch maybe defective but puting another GB switch
instead causes the same results ...

why do you thing HOMEGROUP is related ? it is a higher layer protocol when
the problems seems to me on layer 2

Thanks,
Erez




On Tue, Jan 11, 2022 at 8:36 AM  wrote:

> On Monday, 10 January 2022 19:30:55 IST Erez D wrote:
> > I've encountered a network problem
> >
> > i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
> > (switch mode).
> > a third eth from the AP goes to the router which is also a DHCP server
> >
> > everything works well until the mac goes to sleep.
> > when the mac goes to sleep, the win10 machine looses it's ip address
> > which becomes a 169. address
> >
> > as soon as i wake the mac up, the win machine regain a valid 10.0.0.x ip
> >
> > i tried to replace the AP with a 4 port switch and got same results
> >
> >
> > any idea ?
> >
>
> IP in the  169.254.0.0/16 range is related to bonjour protocol , it is a
> link local communication.
>
> your windows would move to a bonjur ip in many cases but most common that
> can happen if your machine has a bonjour service enabled and an Ethernet
> card with dhcp that can not get an ip from the router.
>
> 1. Check if when the mac is running your windows machine got it's ip from
> the mac and not from the router. in some cases mac can have dhcpd running
> on it, if that is the case you should disable it if you do not need it.
> 2. Check if homegroup is enabled on win10, if it is disable it (by version
> 1803 it is no longer active by default, but you could have hacked to enable
> it).
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

OT: strange network problem

[Erez D]

I've encountered a network problem

i have a mac and a win10 machine connected to a 4 port Gbit wifi6 AP
(switch mode).
a third eth from the AP goes to the router which is also a DHCP server

everything works well until the mac goes to sleep.
when the mac goes to sleep, the win10 machine looses it's ip address
which becomes a 169. address

as soon as i wake the mac up, the win machine regain a valid 10.0.0.x ip

i tried to replace the AP with a 4 port switch and got same results


any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: disabling ipv6

[Erez D]

as I said, best is a firewall, however  GBE capable pfsense HW starts at
1000 NIS + need at least another 200 for an AP,
this 1k NIS i wanted to save if i could find a satisfying solution

however  in HOT 4 router i can't disable or firewall ipv6, so i thought a
simple dhcpv6 server could solve my problem ...

On Sun, Nov 7, 2021 at 10:52 AM Rabin Yasharzadehe  wrote:

> For best control you should go with the option of splitting the ISP router
> to only act as modem, and have a FW like PFsense/OpenSense for the rest
> (FW,DHCP 4/6, DNS,  ).
> and have several wireless APs spread across the house, which act only as
> AP base stations. It's a bit more expensive, but it will give you the peace
> of mind you are looking for.
>
>
>
>
> --
> Rabin
>
>
> On Sun, 7 Nov 2021 at 10:28, Erez D  wrote:
>
>> Hello
>>
>> I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't
>> turn off.
>> I have a few issues with ipv6:
>> 1. no NAT so all my devices are accessible from outside
>> 2. can't redirect DNS traffic to my DNS server
>>
>> I thought about adding a firewall, but this way i need a small
>> fast-enough HW for this which is expensive, as well as disable HOT's router
>> wifi so i actually need a wifi router ...
>>
>> can't i just install a dhcpv6 server on an RPi, which will hijack the
>> default route and DNS servers, and so actually disable ipv6 ?
>>
>> Thanks,
>> Erez.
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

disabling ipv6

[Erez D]

Hello

I've swapped isp (hot/hotnet) and now i have ipv6 support which i can't
turn off.
I have a few issues with ipv6:
1. no NAT so all my devices are accessible from outside
2. can't redirect DNS traffic to my DNS server

I thought about adding a firewall, but this way i need a small fast-enough
HW for this which is expensive, as well as disable HOT's router wifi so i
actually need a wifi router ...

can't i just install a dhcpv6 server on an RPi, which will hijack the
default route and DNS servers, and so actually disable ipv6 ?

Thanks,
Erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Any Cellphone providers have a non-NAT option

[Erez D]

last time i checked (a year ago) with celcom, it depended on the APN

sphone - used NAT
internetg - did not use NAT

On Fri, Jun 2, 2017 at 1:12 AM, E.S. Rosenberg 
wrote:

> Hi all,
> I was told by Bezeq that they currently don't have infrastructure
> where I am living so I'm looking at using a cellular modem instead.
> Ideally I'd like to have some remote access to home but if the
> Cellular network is Carrier Grade NAT I can forget about that (unless
> I create a reverse SSH tunnel from one of my servers which I guess can
> be an option).
>
> Is any carrier offering 3/4G with real IP(v6) addresses?
> Thanks,
> Eliyahu - אליהו
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

On Sat, Jul 2, 2016 at 2:00 PM, guy keren  wrote:

>
> https://en.wikipedia.org/wiki/Thttpd

dont know if it fits my requierments but last version dated 2014

>
>
> and
>
> https://www.lighttpd.net/

uses fastcgi. fastcgi is multithreaded.

>
>
> both existed before anyone used javascript on server side, as far as i know
>
> (and they are written in C, not C++)
>
> --guy
>
>
> On 07/02/2016 10:49 AM, Erez D wrote:
>
>> doing some research on servers i found out that i can handle more
>> connections simultaneously as single threaded.
>> on thread per connection i have a huge overhead, just think of the
>> default 2MB stack per connection - 1000 connections is 2GB ram just for
>> stack.
>> however as single threaded, i can server connections by the 10,000s(or
>> even a million).
>>
>> later to my surprise, i found out that that was exactly one of the main
>> considerations behind node.js
>>
>> but node.js requires code in js. and i am more of a c++ guy
>> (and of course c++ is more efficient than js)
>>
>> C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par
>> with other modern languages.
>> the idea behind c++11/14 was to make it simple for beginners, while
>> still keeping the option to control every bit for advanced users.
>> one thing i hear people hate about c and c++ is its memory handling
>> (malloc/free or new/delete), however in forgot about it years ago using
>> shared_ptr ( now in c++11 and before that, use boost instead).. you can
>> still control when it is freed if you want (in countrary to
>> garbage-disposal-thread languages). as a matter of fact, i use this a
>> lot - i create an object that cleans up,. and no matter how i exit the
>> function it gets cleaned up.
>>
>> so i wanted a node.c++ instead of writing my own
>>
>> in theory simple single threaded web server usage code could look
>> something like:
>>
>> int main()
>> {
>>auto server=HttpServer::create(80,[](Request &request)
>>  {
>>if (request.header=="HelloWorld")
>>{
>>   HttpResponse(200,"Hello, world");
>>} else {
>>  File::Read(request,header,[](bool success, string body)
>>{
>>   if (success)
>> HttpResponse(400,body);
>>} else {
>>     HttpResponse(404);
>>}
>>  );
>>}
>>  }
>>);
>> }
>>
>>
>>
>>
>> On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira > <mailto:amos.shap...@gmail.com>> wrote:
>>
>> I'm curious - what's the background of this question? What's the
>> original goal that led you to ask this?
>>
>> On 28 June 2016 at 18:04, Erez D > <mailto:erez0...@gmail.com>> wrote:
>>
>> i tried searching the web but got no result
>>
>> what web servers other than node.js are single threaded ?
>> anyone has experience with one ?
>> is there one in which the cgi is in c++ ?
>>
>>
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il <mailto:Linux-il@cs.huji.ac.il>
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>>
>>
>> --
>> <http://au.linkedin.com/in/gliderflyer>
>>
>>
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

doing some research on servers i found out that i can handle more
connections simultaneously as single threaded.
on thread per connection i have a huge overhead, just think of the default
2MB stack per connection - 1000 connections is 2GB ram just for stack.
however as single threaded, i can server connections by the 10,000s(or even
a million).

later to my surprise, i found out that that was exactly one of the main
considerations behind node.js

but node.js requires code in js. and i am more of a c++ guy
(and of course c++ is more efficient than js)

C++ did a long way and now modern c++ (i.e. c++11 / c++14 ) is on par with
other modern languages.
the idea behind c++11/14 was to make it simple for beginners, while still
keeping the option to control every bit for advanced users.
one thing i hear people hate about c and c++ is its memory handling
(malloc/free or new/delete), however in forgot about it years ago using
shared_ptr ( now in c++11 and before that, use boost instead).. you can
still control when it is freed if you want (in countrary to
garbage-disposal-thread languages). as a matter of fact, i use this a lot -
i create an object that cleans up,. and no matter how i exit the function
it gets cleaned up.

so i wanted a node.c++ instead of writing my own

in theory simple single threaded web server usage code could look something
like:

int main()
{
  auto server=HttpServer::create(80,[](Request &request)
{
  if (request.header=="HelloWorld")
  {
 HttpResponse(200,"Hello, world");
  } else {
File::Read(request,header,[](bool success, string body)
  {
 if (success)
   HttpResponse(400,body);
  } else {
   HttpResponse(404);
  }
);
  }
}
  );
}





On Fri, Jul 1, 2016 at 4:58 AM, Amos Shapira  wrote:

> I'm curious - what's the background of this question? What's the original
> goal that led you to ask this?
>
> On 28 June 2016 at 18:04, Erez D  wrote:
>
>> i tried searching the web but got no result
>>
>> what web servers other than node.js are single threaded ?
>> anyone has experience with one ?
>> is there one in which the cgi is in c++ ?
>>
>>
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
> <http://au.linkedin.com/in/gliderflyer>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

if anybody is interested, i found nghttp2 (
https://nghttp2.org/documentation/libnghttp2_asio.html ).

On Tue, Jun 28, 2016 at 11:04 AM, Erez D  wrote:

> i tried searching the web but got no result
>
> what web servers other than node.js are single threaded ?
> anyone has experience with one ?
> is there one in which the cgi is in c++ ?
>
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: single threaded web servers

[Erez D]

On Tue, Jun 28, 2016 at 4:39 PM, Baruch Siach  wrote:

> Hi Erez,
>
> On Tue, Jun 28, 2016 at 11:04:49AM +0300, Erez D wrote:
> > i tried searching the web but got no result
> >
> > what web servers other than node.js are single threaded ?
>
> nginx uses one single threaded process per CPU core to handle HTTP requests
> (
> https://www.nginx.com/blog/inside-nginx-how-we-designed-for-performance-scale/
> ).
>
> > anyone has experience with one ?
>
> Not me.
>
> > is there one in which the cgi is in c++ ?
>
> Given the nature of CGI you can write CGI programs in any language you
> like,
> as long as it can write text to standard output file descriptor.
>
correct, however in such it breaks the 'single process per thread'

>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

single threaded web servers

[Erez D]

i tried searching the web but got no result

what web servers other than node.js are single threaded ?
anyone has experience with one ?
is there one in which the cgi is in c++ ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

ot: outsource task offer

[Erez D]

hi

we are looking for outsourcing a small task:

knoledege/experiance required:
1. mariadb galera cluster
2. mariadb replication
3. setting up a server on amazon
4. setting up a server on rackspace

please pm me if one is interested.

thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

revisioning mysql server

[Erez D]

hi

i have a running mysql server, and want to be able to restore it to any
day, with as little backup space as needed

i do mysqldump to the same file every day then commit the file with "svn ci"
the idea is that if there are no changes, it takes no space

it works well if i just append entries to a database, as svn will just save
the changes

however, if i insert a record, and for instance the dump file has 5 record
at every line
then the change is big and actually svn will save most of the file though
there is a very small change actually.

another issue - if the records hold changing info like timestamps etc.

any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Thunderbird + Fribidi

[Erez D]

  
  
i'm using "bidi mail ui" plugin
  
  On 04/02/2016 14:14, Tzafrir Cohen wrote:


  On Thu, Feb 04, 2016 at 10:24:45AM +0200, Yuval Adam wrote:

  
Is there any nice way to get Thunderbird to automatically process
e-mails in Hebrew via Fribidi? (When composing, but possibly when
viewing as well)

  
  
Thunderbird is built on top of the Gecko browser engine. Gecko uses a
library called ICU which serves a somewhat similar role to Fribidi.

However, from what I know of Thunderbird, it is basically written on top
of Gecko, and thus works with HTML, CSS and such. It should already
provide good bidirectionality support (and if not: it's a bug that
should be fixed).




  


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Testing my network for vulnerabilities

[Erez D]

I would like to tighten my internal network security and to protect against
rouge computers on my LAN.

Anybody knows of a good tool to scan my network for vulnerabilities ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: persistent private browsing ?

[Erez D]

On Tue, Nov 17, 2015 at 12:33 PM, Rabin Yasharzadehe  wrote:

> That's right, Incognito/Privet Browsing mode share the same session.
> this is why you need to create a new profile for each case.
>
> Chrome & Firefox can be configure to run with pre-installed addons,
> but you may need to configure them if needed.
> but there some extension which allow you to export there settings (so
> maybe you can automate the import ?).
>
do you know which ?

>
> --
> Rabin
>
> On 17 November 2015 at 11:19, Erez D  wrote:
>
>> you are correct
>>
>> however, it is  needed to re-configire each and every profile - plugins,
>> master password etc
>>
>> would be nice to have different profiles with some common settings, on
>> different tabs on same window ...
>>
>> btw, i found that even 'private browsing' is not so private as if you
>> open multiple tabs or windows of private browsing, they all share the same
>> cookies.
>> the only thing different about private browsing is that the cookies are
>> deleted when all the private browsing sessions end.
>>
>> On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg  wrote:
>>
>>> If I'm not mistaken you should be able to accomplish this by starting
>>> Firefox with a different profile (firefox -P or firefox --profile)
>>>
>>> 2015-11-15 10:36 GMT+02:00 Efraim Flashner :
>>> > I'm using privacy badger to block the following aspects of the
>>> different ads, including facebook. Doesn't sandbox them, but does keep them
>>> all from following me around the web.  I'm also using privoxy with tor to
>>> pass my browser traffic through tor, but that's not really going to make a
>>> difference in relation to your question.
>>> >
>>> >
>>> > On Sun, 15 Nov 2015 10:26:18 +0200
>>> > Rabin Yasharzadehe  wrote:
>>> >
>>> >> I'm using chrome and launch it with a new DATADIR each time. (see here
>>> >> <
>>> http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension
>>> >
>>> >> )
>>> >> useful for sites which need flash.
>>> >>
>>> >> I was having problems downloading the CRX files so now i just point
>>> them
>>> >> directly in the config file
>>> >> and each new Chrome run will download them.
>>> >>
>>> >> --
>>> >> Rabin
>>> >>
>>> >> On 15 November 2015 at 10:18, Erez D  wrote:
>>> >>
>>> >> > Hello
>>> >> >
>>> >> > Today browsers support Private Browsing mode (e.g. sandbox) .
>>> however,
>>> >> > when i close that window, all it's data is lost, next time i will
>>> again
>>> >> > need to supply my login, password, etc
>>> >> >
>>> >> > What i want, is a way to sandbox a site (e.g. facebook), and reopen
>>> it
>>> >> > tomorrow in the same sandbox. i.e. when i am going to a web page
>>> not from
>>> >> > that sandbox, if that web page includes pages from facebook, it
>>> will not be
>>> >> > able to track my facebook identity as i login to facebook only from
>>> the
>>> >> > sandbox.
>>> >> >
>>> >> > the only way i can do it right now is by accessing facebook from a
>>> >> > different browser than the rest of the pages.
>>> >> >
>>> >> > however there are many websites (facebook, google twiter etc.) and
>>> i do
>>> >> > not have so many browsers
>>> >> >
>>> >> > is there a way to open a private browsing page, and be able to
>>> access it
>>> >> > again after reopening the browser ?
>>> >> >
>>> >
>>> > --
>>> > Efraim Flashner  אפרים פלשנר
>>> > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
>>> > Confidentiality cannot be guaranteed on emails sent or received
>>> unencrypted
>>> >
>>> > ___
>>> > Linux-il mailing list
>>> > Linux-il@cs.huji.ac.il
>>> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>> >
>>>
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: portable encypted filesystem

[Erez D]

On Tue, Nov 17, 2015 at 12:35 PM, Rabin Yasharzadehe  wrote:

> TrueCrypt ?
>
just reading about it ;-)
however it is unmaintained (should i use veracrypt ? no audit done on it,)
and i do not need all this functionality

what i liked about ecryptfs is that it is the default ubuntu encryption
(which raise my trust in it), and that it encrypts file by file rather than
volume (which better fits to running it over dropbox or gdrive)

>
> --
> Rabin
>
> On 17 November 2015 at 11:27, Erez D  wrote:
>
>> Hello
>>
>> It is very nice to hold some data on the cloud accessible from everywhere
>> however if i do not want the cloud to have access to it, it requires
>> encryption
>>
>> i could mount gdrive, dropbox or other cloud fs localy
>> and mount ecryptfs on it so i have transparent encryption
>>
>> my only problem is that it works on linux only
>>
>> does anyone knows a way of having a portable transparent encryption
>> which will support linux, and windows ?
>> (would be nice if it will also support android (even if  i can not
>> insmod) and ios)
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

portable encypted filesystem

[Erez D]

Hello

It is very nice to hold some data on the cloud accessible from everywhere
however if i do not want the cloud to have access to it, it requires
encryption

i could mount gdrive, dropbox or other cloud fs localy
and mount ecryptfs on it so i have transparent encryption

my only problem is that it works on linux only

does anyone knows a way of having a portable transparent encryption
which will support linux, and windows ?
(would be nice if it will also support android (even if  i can not insmod)
and ios)
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: persistent private browsing ?

[Erez D]

you are correct

however, it is  needed to re-configire each and every profile - plugins,
master password etc

would be nice to have different profiles with some common settings, on
different tabs on same window ...

btw, i found that even 'private browsing' is not so private as if you open
multiple tabs or windows of private browsing, they all share the same
cookies.
the only thing different about private browsing is that the cookies are
deleted when all the private browsing sessions end.

On Sun, Nov 15, 2015 at 5:53 PM, E.S. Rosenberg  wrote:

> If I'm not mistaken you should be able to accomplish this by starting
> Firefox with a different profile (firefox -P or firefox --profile)
>
> 2015-11-15 10:36 GMT+02:00 Efraim Flashner :
> > I'm using privacy badger to block the following aspects of the different
> ads, including facebook. Doesn't sandbox them, but does keep them all from
> following me around the web.  I'm also using privoxy with tor to pass my
> browser traffic through tor, but that's not really going to make a
> difference in relation to your question.
> >
> >
> > On Sun, 15 Nov 2015 10:26:18 +0200
> > Rabin Yasharzadehe  wrote:
> >
> >> I'm using chrome and launch it with a new DATADIR each time. (see here
> >> <
> http://blog.rabin.io/linux/start-chrome-temp-profile-with-preinstalled-extension
> >
> >> )
> >> useful for sites which need flash.
> >>
> >> I was having problems downloading the CRX files so now i just point them
> >> directly in the config file
> >> and each new Chrome run will download them.
> >>
> >> --
> >> Rabin
> >>
> >> On 15 November 2015 at 10:18, Erez D  wrote:
> >>
> >> > Hello
> >> >
> >> > Today browsers support Private Browsing mode (e.g. sandbox) . however,
> >> > when i close that window, all it's data is lost, next time i will
> again
> >> > need to supply my login, password, etc
> >> >
> >> > What i want, is a way to sandbox a site (e.g. facebook), and reopen it
> >> > tomorrow in the same sandbox. i.e. when i am going to a web page not
> from
> >> > that sandbox, if that web page includes pages from facebook, it will
> not be
> >> > able to track my facebook identity as i login to facebook only from
> the
> >> > sandbox.
> >> >
> >> > the only way i can do it right now is by accessing facebook from a
> >> > different browser than the rest of the pages.
> >> >
> >> > however there are many websites (facebook, google twiter etc.) and i
> do
> >> > not have so many browsers
> >> >
> >> > is there a way to open a private browsing page, and be able to access
> it
> >> > again after reopening the browser ?
> >> >
> >
> > --
> > Efraim Flashner  אפרים פלשנר
> > GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> > Confidentiality cannot be guaranteed on emails sent or received
> unencrypted
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

persistent private browsing ?

[Erez D]

Hello

Today browsers support Private Browsing mode (e.g. sandbox) . however, when
i close that window, all it's data is lost, next time i will again need to
supply my login, password, etc

What i want, is a way to sandbox a site (e.g. facebook), and reopen it
tomorrow in the same sandbox. i.e. when i am going to a web page not from
that sandbox, if that web page includes pages from facebook, it will not be
able to track my facebook identity as i login to facebook only from the
sandbox.

the only way i can do it right now is by accessing facebook from a
different browser than the rest of the pages.

however there are many websites (facebook, google twiter etc.) and i do not
have so many browsers

is there a way to open a private browsing page, and be able to access it
again after reopening the browser ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

media center

[Erez D]

Hi

up to about a year ago, for about 10 years, i used mythtv as my media
center / PVR
the last year or so, i just used HOT's PVR abilities, and they suck

I want to go back to using a proper Media Center / PVR,
However, many things have changed

first, many sources are from the internet, and i have children which
english is not their native language, so they need at least translation if
not dubbing.
second, i need to support multiple TVs and looking for a cheap and good
frontend
third, MYTHTV is old, not sure if supported very well, and hard to manage

I tried looking on the net and found a lot of information on many
alternatives which i do not know what to choose from and which hardware to
use

some people are using KODI (formerly XBMC).It can play movies and videos
and can stream, however to record TV it needs a backend (MYTHTV ? )

what hardware do i need for it to work good and stay supported (and cheap
as i need many)

what alternatives are there ?

I also have chromecast, what is it good for other than playing youtube and
mirroring your android phone on it

there is just too much confusing info on the net

can someone shed some light or make some order into the chaos ?

thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Back to the Future with C++ and Seastar

[Erez D]

On Thu, Apr 2, 2015 at 12:14 AM, Amos Shapira 
wrote:

> Hi Nadav,
>
> Will it be video taped?
> Slides made available?
>
That would be great

>
> Thanks,
>
> --Amos
>
> On 2 April 2015 at 05:53, Nadav Har'El  wrote:
>
>> On Wed, Apr 01, 2015, Oleg Goldshmidt wrote about "Re: Back to the Future
>> with C++ and Seastar":
>> > "Nadav Har'El"  writes:
>> > > Seastar is an open source (http://www.seastar-project.org/) library.
>> > > It is based on the concept of "futures" (like in Node.js, just
>> implemented
>> > > in a much more efficient way). Part of the talk will also introduce
>> futures,
>> > > how Seastar implements them in C++, and how much C++ has changed in
>> recent
>> > > years from what you may remember about it.
>> >
>> > I might come (close to work :). C++ has futures and promises natively,
>> > as a part of its standard library. Can you add a couple of words on how
>> > Seastar's futures differ?
>>
>> Sure, though I'm sure Avi will explain it better in his talk :-)
>>
>> The first difference is that C++11's support for futures is incomplete:
>> Futures are supported, but not *continuations*, which are code you want
>> to run when the future value becomes available. C++17 will probably have
>> continuations, but Seastar has them now.
>>
>> The second difference is that C++11's futures are indeed powerful, but not
>> optimized for performance. They make excessive use of allocations, they
>> rely on threads and everything uses atomic operations and locks. Seastar's
>> design, on the other hand, is aimed at modern SMP design, for achieving
>> the top possible performance: Continuations are very lightweight (not
>> based on thread context switching), you write with Seastar a share-nothing
>> server (each core deals with its own data) so no locks, no atomic
>> operations,
>> and very little cache contention. These things make a *huge* difference
>> in performance in modern SMPs - especially when you try to scale up to
>> many cores.
>>
>> The third difference is that Seastar is much more than just an
>> implementation of futures - it is a complete library for writing
>> asynchronous I/O-heavy (network and disk) applications - consider http
>> servers, proxies, nosql servers - any server application you can think of
>> will be much faster if rewritten in Seastar (Avi will present some
>> benchmarks, showing near perfect scalability to 40 cores, 5x speed
>> improvements compared to traditional thought-to-be-efficient applications,
>> etc. Seastar completely bypasses the operating system by using DPDK,
>> but as you may know DPDK only supports L2 packets and has no TCP/IP stack.
>> But that's no longer true: We actually implemented in Seastar a full
>> TCP/IP stack over DPDK, write in Seastar's own futures framework.
>>
>> And Seastar is even more. I'll leave a few surprises for Avi's talk ;-)
>>
>> --
>> Nadav Har'El| Wednesday, Apr 1 2015, 13 Nisan
>> 5775
>> n...@math.technion.ac.il
>>  |-
>> Phone +972-523-790466, ICQ 13349191 |My opinions may have changed, but
>> not the
>> http://nadav.harel.org.il   |fact that I am right.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
>
> --
> 
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: compiling kernel module

[Erez D]

On Wed, Mar 4, 2015 at 11:55 AM, Leon Romanovsky  wrote:

> On Wed, Mar 4, 2015 at 11:12 AM, Erez D  wrote:
> >
> >
> >
> > On Wed, Mar 4, 2015 at 11:09 AM, Leon Romanovsky  wrote:
> >>>
> >>> i tried downloading source from lenovo.
> >>> they have instructions to compile with:
> >>> ./mk x2ap n k
> >>>
> >>> however i cannot find 'mk' anywhere, not in their tar, not in android
> sdk nor ndk etc.
> >>
> >> ./mk is a symlink to ./makeMtk script which is part of Mediatek build
> system.
> >> The script is located at mediatek/build folder.
> >>
> > thanks,
> > where do i get  Mediatek build system from ?
> AFAIK It depends on phone/tablet manufacturer, since the build system
> is not GPL.
> Generally, you can try to setup it by yourself:
> 1. Take one of the available builds for other MTK chipset based phones [1].
> 2. Download source code which was provided by Lenovo [2].
> 3. Built new kernel with platform config from Lenovo's package [3]
>
> [1] https://github.com/suribi/Thunder-Kernel
> [2]
> http://support.lenovo.com/us/en/products/phones/vibe-series/vibe-x2/downloads/DS101342
> [3] bsp/mediatek/config/mt6595/autoconfig/kconfig/platform
>

do you have a link for [3] ?

thanks for your help

>
> >>
> >>
> >> --
> >> Leon Romanovsky | Independent Linux Consultant
> >> www.leon.nu | l...@leon.nu
> >
> >
>
>
>
> --
> Leon Romanovsky | Independent Linux Consultant
> www.leon.nu | l...@leon.nu
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: compiling kernel module

[Erez D]

On Wed, Mar 4, 2015 at 11:09 AM, Leon Romanovsky  wrote:

> i tried downloading source from lenovo.
>> they have instructions to compile with:
>> ./mk x2ap n k
>>
>> however i cannot find 'mk' anywhere, not in their tar, not in android sdk
>> nor ndk etc.
>>
> ./mk is a symlink to ./makeMtk script which is part of Mediatek build
> system.
> The script is located at mediatek/build folder.
>
> thanks,
where do i get  Mediatek build system from ?

>
> --
> Leon Romanovsky | Independent Linux Consultant
> www.leon.nu | l...@leon.nu
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

compiling kernel module

[Erez D]

hi

i have a rooted lenovo vibe x2. i want to compile a kernel module for it.

i did a 'make ARCH=arm CROSS_COMPILE=... M=subdir' and got my module.ko

when i insmod, i get: exec format error
and dmesg:
version magic '3.10.35 mod_unload modversions ARMv7 p2v8 ' should be
'3.10.35 SMP preempt mod_unload ARMv7 '

i tried playing with configuration, and got to '3.10.35 SMP preempt
mod_unload ARMv7 p2v8 '
however i can not loose the p2v8

this seems to come from: CONFIG_ARM_PATCH_PHYS_VIRT,if i comment out the
CONFIG_ARM_PATCH_PHYS_VIRT, it reenables it when i compile.

looking further i found:

Symbol: ARM_PATCH_PHYS_VIRT [=y]
Type  : boolean
Prompt: Patch physical to virtual translations at runtime
Defined at arch/arm/Kconfig:219
Depends on: !XIP_KERNEL [=n] && MMU [=y] && (!ARCH_REALVIEW [=n] ||
!SPARSEMEM [=n])
Selected by: ARCH_MXC [=n] || ARCH_PICOXCELL [=n] || ARCH_MULTIPLATFORM
[=y] &&  && MMU

i can not disable MMU, as it changes to armv5
disabling ARCH_MULTIPLATFORM  means i need to select a processor type
any of the 'ARM Ltd.' either doesn't compile or is ignored
and i do not know what the '' is

i tried downloading source from lenovo.
they have instructions to compile with:
./mk x2ap n k

however i cannot find 'mk' anywhere, not in their tar, not in android sdk
nor ndk etc.
and can't find any specific config file.
compiling with their source gives the same magic '3.10.35 mod_unload
modversions ARMv7 p2v8 ' as the vanilla does

any idea anyone ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DNAT and MASQUERADE

[Erez D]

On Mon, Jan 12, 2015 at 8:50 PM, E.S. Rosenberg 
wrote:

> Alternatively you could also have a local dns/local hosts entries that
> point computerN at computer_1 when they are looking up whatever hostname is
> resolving to ext_ip
>
nice idea. nut i'm not using DNS for that. also will cause all access to
ext_ip to go to computer1 (i may want to forward some ports to computer1
and some to other computers)

>
> If they are on the same LAN all normal (sane) security policy will cause
> the drop of their packets when they are trying to reach ext_ip from inside
> the network that has ext_ip and you need to bend over backwards to get them
> accepted..
>
> 2015-01-08 23:02 GMT+02:00 shimi :
>
>>
>> On Thu, Jan 8, 2015 at 10:43 AM, Erez D  wrote:
>>
>>>
>>>
>>> On Wed, Jan 7, 2015 at 11:41 AM, shimi  wrote:
>>>
>>>>
>>>>
>>>> On Wed, Jan 7, 2015 at 11:35 AM, shimi  wrote:
>>>>
>>>>>
>>>>>
>>>>> On Wed, Jan 7, 2015 at 10:16 AM, Erez D  wrote:
>>>>>
>>>>>> hello.
>>>>>>
>>>>>> I have an iptables question
>>>>>>
>>>>>> i have the following
>>>>>>
>>>>>> ext_ip -> NAT1 -> linux firewall-> network -> computer1:eth0 ..
>>>>>> computer99
>>>>>>
>>>>>> i have no control over NAT1.
>>>>>> computer1 also can reach the internet via eth1.
>>>>>>
>>>>>> linux firewall redirects incoming port  from ext_ip to computer1
>>>>>> however i need coputer2 .. computer99 to connect to ext_ip: and
>>>>>> also reach computer1
>>>>>>
>>>>>> so first i did a NAT rule in linux firewall to redirect all packets
>>>>>> from internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1
>>>>>> $ext_ip up' on computer1.
>>>>>> this works. however it causes computer1 not to be able to access real
>>>>>> ext_ip via eth1 which is connected to the internet as well
>>>>>>
>>>>>> so i though of both doing DNAT and MASQ, which will do the same but
>>>>>> will not require assiging ext_ip to computer1.
>>>>>> howerver i do not know how to do that
>>>>>>
>>>>>>
>>>>> If computer1 can access ext_ip:, all you need is to allow
>>>>> ip_forward (/etc/sysctl.conf for permanent, and echo 1 >
>>>>> /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers
>>>>> have a static route to ext_ip via computer1
>>>>>
>>>>> Then, in computer1,
>>>>>
>>>>> iptables -t nat -I POSTROUTING -o  [
>>>>> -i  ] -s >>>> computers/netmask> -p tcp --dport  -j MASQUERADE
>>>>>
>>>>> should do...
>>>>>
>>>>> (of course, assuming the iptables FORWARD chain is not dropping those
>>>>> packets; otherwise you'ld need an ACCEPT rule there, too...)
>>>>>
>>>>> HTH,
>>>>>
>>>>> -- Shimi
>>>>>
>>>>>
>>>> And on a second read, I think I got you wrong and the purpose was to
>>>> access computer1 port  (hopefully listening on 0.0.0.0) from computersN
>>>> by using the external IP from the inside?
>>>>
>>> yes
>>>
>>>>
>>>> couputerN default route is the linux firewall. without any rules on
>>> linux firewall, it will forward packets from computer1 destined to ext_ip
>>> to NAT1. and they will not reach computer1 att all, so rules on computer 1
>>> are useless.
>>>
>>>
>>> Doing a DNAT on linux firewall will direct the packets to computer1,
>>> however computer 1 will know comuterN and will reply directly without going
>>> through linux firewall, and computer1 will not match the packets to the
>>> original connection.
>>>
>>
>> But if you create a static route on computerN towards the external IP via
>> computer1 like I suggested, then these connections will not get to linux
>> firewall at all, rather then get to computer1 (I'm assuming they're on the
>> same L2 and share IP addresses in the same IP subnet) - so rules on
>> computer1 will apply, wouldn't they?
>>
>> What am I missing?
>>
>> -- Shimi
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DNAT and MASQUERADE

[Erez D]

On Thu, Jan 8, 2015 at 11:02 PM, shimi  wrote:

>
> On Thu, Jan 8, 2015 at 10:43 AM, Erez D  wrote:
>
>>
>>
>> On Wed, Jan 7, 2015 at 11:41 AM, shimi  wrote:
>>
>>>
>>>
>>> On Wed, Jan 7, 2015 at 11:35 AM, shimi  wrote:
>>>
>>>>
>>>>
>>>> On Wed, Jan 7, 2015 at 10:16 AM, Erez D  wrote:
>>>>
>>>>> hello.
>>>>>
>>>>> I have an iptables question
>>>>>
>>>>> i have the following
>>>>>
>>>>> ext_ip -> NAT1 -> linux firewall-> network -> computer1:eth0 ..
>>>>> computer99
>>>>>
>>>>> i have no control over NAT1.
>>>>> computer1 also can reach the internet via eth1.
>>>>>
>>>>> linux firewall redirects incoming port  from ext_ip to computer1
>>>>> however i need coputer2 .. computer99 to connect to ext_ip: and
>>>>> also reach computer1
>>>>>
>>>>> so first i did a NAT rule in linux firewall to redirect all packets
>>>>> from internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1
>>>>> $ext_ip up' on computer1.
>>>>> this works. however it causes computer1 not to be able to access real
>>>>> ext_ip via eth1 which is connected to the internet as well
>>>>>
>>>>> so i though of both doing DNAT and MASQ, which will do the same but
>>>>> will not require assiging ext_ip to computer1.
>>>>> howerver i do not know how to do that
>>>>>
>>>>>
>>>> If computer1 can access ext_ip:, all you need is to allow
>>>> ip_forward (/etc/sysctl.conf for permanent, and echo 1 >
>>>> /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers
>>>> have a static route to ext_ip via computer1
>>>>
>>>> Then, in computer1,
>>>>
>>>> iptables -t nat -I POSTROUTING -o  [ -i
>>>>  ] -s >>> computers/netmask> -p tcp --dport  -j MASQUERADE
>>>>
>>>> should do...
>>>>
>>>> (of course, assuming the iptables FORWARD chain is not dropping those
>>>> packets; otherwise you'ld need an ACCEPT rule there, too...)
>>>>
>>>> HTH,
>>>>
>>>> -- Shimi
>>>>
>>>>
>>> And on a second read, I think I got you wrong and the purpose was to
>>> access computer1 port  (hopefully listening on 0.0.0.0) from computersN
>>> by using the external IP from the inside?
>>>
>> yes
>>
>>>
>>> couputerN default route is the linux firewall. without any rules on
>> linux firewall, it will forward packets from computer1 destined to ext_ip
>> to NAT1. and they will not reach computer1 att all, so rules on computer 1
>> are useless.
>>
>>
>> Doing a DNAT on linux firewall will direct the packets to computer1,
>> however computer 1 will know comuterN and will reply directly without going
>> through linux firewall, and computer1 will not match the packets to the
>> original connection.
>>
>
> But if you create a static route on computerN towards the external IP via
> computer1 like I suggested, then these connections will not get to linux
> firewall at all, rather then get to computer1 (I'm assuming they're on the
> same L2 and share IP addresses in the same IP subnet) - so rules on
> computer1 will apply, wouldn't they?
>
> What am I missing?
>
1. this means that i need to put static routes on computerN which is
computer2 .. computer99, which some are linux, some windows, some android,
some iphone, etc ...
the same thing can be acheved by adding a static route on linux firewall to
do the same
2. computer 1 will receive packets destined to ext_ip, so they will be
ignored.

>
> -- Shimi
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Audio streaming

[Erez D]

can you elaborate on what are you trying to do
do you want to stream from android to linux or vice versa or somthing else
whatsoever
(maybe we can enjoy your setup as well)

On Sat, Jan 10, 2015 at 12:38 AM, David Harel  wrote:

> Eventually I succeeded using yaacc  which I found on fdroid.
> For client side I prefer the onkyo remote for now.
>
> Thanks for the lead.
> On Jan 9, 2015 8:06 PM, "Amichai Rotman"  wrote:
>
>> Is this what you  are looking for?
>>
>> https://play.google.com/store/apps/details?id=es.mediaserver
>>
>> Amichai.
>>
>> 2015-01-09 17:24 GMT+02:00 David Harel :
>>
>>> Greetings,
>>>
>>> I am trying to setup an audio "server" using a scrap android Teac Accord
>>> 714b tablet running android 4.1.1
>>> I am looking for recommendation on server side app that can receive
>>> audio streams on local WiFi home network from android phones used by our
>>> family.
>>>
>>> Thanks
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DNAT and MASQUERADE

[Erez D]

On Wed, Jan 7, 2015 at 11:41 AM, shimi  wrote:

>
>
> On Wed, Jan 7, 2015 at 11:35 AM, shimi  wrote:
>
>>
>>
>> On Wed, Jan 7, 2015 at 10:16 AM, Erez D  wrote:
>>
>>> hello.
>>>
>>> I have an iptables question
>>>
>>> i have the following
>>>
>>> ext_ip -> NAT1 -> linux firewall-> network -> computer1:eth0 ..
>>> computer99
>>>
>>> i have no control over NAT1.
>>> computer1 also can reach the internet via eth1.
>>>
>>> linux firewall redirects incoming port  from ext_ip to computer1
>>> however i need coputer2 .. computer99 to connect to ext_ip: and also
>>> reach computer1
>>>
>>> so first i did a NAT rule in linux firewall to redirect all packets from
>>> internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1 $ext_ip
>>> up' on computer1.
>>> this works. however it causes computer1 not to be able to access real
>>> ext_ip via eth1 which is connected to the internet as well
>>>
>>> so i though of both doing DNAT and MASQ, which will do the same but will
>>> not require assiging ext_ip to computer1.
>>> howerver i do not know how to do that
>>>
>>>
>> If computer1 can access ext_ip:, all you need is to allow ip_forward
>> (/etc/sysctl.conf for permanent, and echo 1 >
>> /proc/sys/net/ipv4/ip_forward) on computer1, and have all other computers
>> have a static route to ext_ip via computer1
>>
>> Then, in computer1,
>>
>> iptables -t nat -I POSTROUTING -o  [ -i
>>  ] -s > computers/netmask> -p tcp --dport  -j MASQUERADE
>>
>> should do...
>>
>> (of course, assuming the iptables FORWARD chain is not dropping those
>> packets; otherwise you'ld need an ACCEPT rule there, too...)
>>
>> HTH,
>>
>> -- Shimi
>>
>>
> And on a second read, I think I got you wrong and the purpose was to
> access computer1 port  (hopefully listening on 0.0.0.0) from computersN
> by using the external IP from the inside?
>
yes

>
> If so, did:
>
> couputerN default route is the linux firewall. without any rules on linux
firewall, it will forward packets from computer1 destined to ext_ip  to
NAT1. and they will not reach computer1 att all, so rules on computer 1 are
useless.
Doing a DNAT on linux firewall will direct the packets to computer1,
however computer 1 will know comuterN and will reply directly without going
through linux firewall, and computer1 will not match the packets to the
original connection.



> iptables -I PREROUTING -i  -s  computers/netmask> -p tcp --dport -j REDIRECT --to-port 
>
> not work?
>
> -- Shimi
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

DNAT and MASQUERADE

[Erez D]

hello.

I have an iptables question

i have the following

ext_ip -> NAT1 -> linux firewall-> network -> computer1:eth0 .. computer99

i have no control over NAT1.
computer1 also can reach the internet via eth1.

linux firewall redirects incoming port  from ext_ip to computer1
however i need coputer2 .. computer99 to connect to ext_ip: and also
reach computer1

so first i did a NAT rule in linux firewall to redirect all packets from
internal to ext_ip:  to computer1. and did an 'ifconfig eth0:1 $ext_ip
up' on computer1.
this works. however it causes computer1 not to be able to access real
ext_ip via eth1 which is connected to the internet as well

so i though of both doing DNAT and MASQ, which will do the same but will
not require assiging ext_ip to computer1.
howerver i do not know how to do that

anyone ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: udev persistance promblems

[Erez D]

On Wed, Dec 10, 2014 at 12:34 PM, shimi  wrote:

> On Wed, Dec 10, 2014 at 12:30 PM, Erez D  wrote:
>
>> I have a strange problem
>>
>> when i insert my wlan usb dongle, I get wlan0.
>> if i remove and reinsert, i get wlan1
>> next time - wlan2
>> etc..
>>
>> if i look at /etc/udev/rules.d/*Persistance*
>> i see multiple lines that are completely identical, except the wlan number
>>
>> any idea ?
>> any idea of how to debug this ?
>>
>>
> it auto generates a rule on first wlan insertion
it doesn't honor the above rule on the second insertion, but generates a
new identical one
etc ...

> But, do you have a specific rule that forces this specific dongle to be
> wlan0? i.e. by direct identification of it, like by MAC or Manufacturer ID?
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

udev persistance promblems

[Erez D]

I have a strange problem

when i insert my wlan usb dongle, I get wlan0.
if i remove and reinsert, i get wlan1
next time - wlan2
etc..

if i look at /etc/udev/rules.d/*Persistance*
i see multiple lines that are completely identical, except the wlan number

any idea ?
any idea of how to debug this ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Xml grabber for hot

[Erez D]

I had an xml grabber for hot (someone wrote it for .net few years ago and i
ran it with mono but it stopped working)
Anyone knows of a working one ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

good free dynamic dns server ?

[Erez D]

hi

i am currently using no-ip.org as a free dynamic dns server for my home.
however it has the annoying feature of sending me the following emails:
"Please confirm your hostname now or it will be deleted"

anyone knows of a good free dyndns server ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: shell shock

[Erez D]

On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi  wrote:

> Yes its all over the place.
>
that is why I was suprised it was not mentioned in linux-il ;-)

>
>
> For people with web sites, you can use the following online shellshock
> tester website to check if you are vulnerable in the following url:
>
> https://shellshock.detectify.com
>
>
>
> -- Original message--
>
> *From: *Erez D
>
> *Date: *Sat, Sep 27, 2014 16:25
>
> *To: *linux-il;
>
> *Subject:*shell shock
>
>
> just read about the "new linux bug" in ynet
> found out it is a bash exploit
>
> just fyi,
>
> see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

shell shock

[Erez D]

just read about the "new linux bug" in ynet
found out it is a bash exploit

just fyi,

see http://www.engadget.com/2014/09/25/what-is-the-shellshock/
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: cgi bg

[Erez D]

thanks,


not so easy to use, as i can not use stdout anymore
but it works.


On Mon, Aug 25, 2014 at 10:57 AM, shimi  wrote:

> On Mon, Aug 25, 2014 at 10:25 AM, Erez D  wrote:
>
>> hi
>>
>> i have a php cgi scripts that
>> 1. generates an http response , this takes less than a second
>> 2. do some stuff that may take some time, lets say a minute
>>
>> when posting to that cgi, although the html is returned in less then a
>> second, the request is not closed until the minute has passed.
>>
>> The request will end when PHP will tell its upstream that it has ended.
> After all, it may still produce output, which the client is supposed to
> receive.
>
>
>> i want the http transaction to be closed when done (i.e. less than a
>> minute)
>> but the php script to continue it's action (e.g. the minute it takes)
>>
>> can i do it in php ? i.e. flush, or send eof, which will finish the
>> request but leave the php running until done ?
>>
>>
> You could at the worst case execute the code from an external file with a
> system() and backgrounded (append & to the command), a solution that will
> always work (but is ugly).
>
> An alternative approach which was possible in the past was to use
> http://php.net/register-shutdown-function to handle the request 'cleanup'
> (which is what I assume you are trying to do) - but since PHP 4.1 this
> stuff is no longer possible because now this can also send output to the
> client. Assuming you have a newer PHP... which is highly likely... you
> could try this instead:
>
>  ob_end_clean();
> header("Connection: close");
> ignore_user_abort(); // optional
> ob_start();
> echo ('Text the user will see');
> $size = ob_get_length();
> header("Content-Length: $size");
> ob_end_flush(); // Strange behaviour, will not work
> flush();// Unless both are called !
> // Do processing here
> sleep(30);
> echo('Text user will never see');
> ?>
>
> ( Shamelessly copied from http://php.net/connection-handling )
>
> The idea is to buffer all the response in memory, then measure the buffer
> size of the response, then tell that to the server/client, and also let the
> connection to not support keep-alive. Then throw everything to the client.
> Since the response is of a given size, and the server/client has got all of
> it, it has nothing to do further with the server, so it has no reason not
> to close the socket.
>
> HTH,
>
> -- Shimi
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: cgi bg

[Erez D]

On Mon, Aug 25, 2014 at 10:29 AM, Jonathan Ben Avraham 
wrote:

> Hi Erez,
> Did you include the response header
>
> Connection: close
>
> ?
>
yes

>
>  - yba
>
>
> On Mon, 25 Aug 2014, Erez D wrote:
>
>  Date: Mon, 25 Aug 2014 10:25:49 +0300
>> From: Erez D 
>> To: linux-il 
>> Subject: cgi bg
>>
>>
>> hi
>>
>> i have a php cgi scripts that
>> 1. generates an http response , this takes less than a second
>> 2. do some stuff that may take some time, lets say a minute
>>
>> when posting to that cgi, although the html is returned in less then a
>> second, the request
>> is not closed until the minute has passed.
>>
>> i want the http transaction to be closed when done (i.e. less than a
>> minute)
>> but the php script to continue it's action (e.g. the minute it takes)
>>
>> can i do it in php ? i.e. flush, or send eof, which will finish the
>> request but leave the
>> php running until done ?
>>
>>
>> thanks
>> erez
>>
>>
>>
> --
>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
> =} Jonathan Ben-Avraham ("yba") --ooO--U--Ooo-
> ---{=
> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
> skype:benavrhm
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

cgi bg

[Erez D]

hi

i have a php cgi scripts that
1. generates an http response , this takes less than a second
2. do some stuff that may take some time, lets say a minute

when posting to that cgi, although the html is returned in less then a
second, the request is not closed until the minute has passed.

i want the http transaction to be closed when done (i.e. less than a minute)
but the php script to continue it's action (e.g. the minute it takes)

can i do it in php ? i.e. flush, or send eof, which will finish the request
but leave the php running until done ?


thanks
erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Q: suspend and resume a usb device from command line

[Erez D]

On Thu, Aug 14, 2014 at 3:45 PM, Dolev Farhi  wrote:

> Have a look here:
> http://unix.stackexchange.com/questions/63199/how-to-disable-usb-devices-based-on-vendor-id-in-linux-environment
>

although it does not do what i wanted. it is still interesting to know.
especially the link at the end of answer 1

>
> it seems to be answering your request
>
> ----
> On Thu, 8/14/14, Erez D  wrote:
>
>  Subject: Q: suspend and resume a usb device from command line
>  To: "linux-il" 
>  Date: Thursday, August 14, 2014, 1:22 PM
>
>  i
>  searched and could not find a solution
>
>  i need to suspend a specific usb device, and later
>  resume it
>  i have no 'power/level' or
>  'power/pm_qos_no_power_off' under
>  /sys/bus/usb/devices/...
>
>
>
>  does anyone know how i can achieve this ?
>
>  -Inline Attachment Follows-
>
>  ___
>  Linux-il mailing list
>  Linux-il@cs.huji.ac.il
>  http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Q: suspend and resume a usb device from command line

[Erez D]

i searched and could not find a solution

i need to suspend a specific usb device, and later resume it
i have no 'power/level' or 'power/pm_qos_no_power_off' under
/sys/bus/usb/devices/...

does anyone know how i can achieve this ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

and i forgot:
what if my router redirect any port to my computer's port 22 ?
this can be a non priviledge port

if only i have access to the router settings ...

On Wed, Jul 23, 2014 at 11:44 AM, Erez D  wrote:
> 1. only refer to non-privileged ports
> 2. btw, ssh will warn you if the server cert changes, so if someone
> takes the port for it's ssh server, you will know
>
> i'll still stick with a non standard privileged port.
>
> On Tue, Jul 22, 2014 at 3:47 PM, Guy Gold  wrote:
>>
>>>>>>
>>>>>> On 22 July 2014 00:52, Guy Gold  wrote:
>>>>>>>
>>>>>>> Hi Erez,
>>>>>>>
>>>>>>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D  wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>>>>>
>>>>>>>
>>>>>>> Then,  what Eliyahu wrote should serve you a perfect solution.
>>
>>
>> Although this can become a flame-war :)
>>
>> Source:
>> https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
>>
>> ==Begin quote ==
>>
>> But there are more reasons why this is a bad idea and one of the most
>> important reason has to do with a bit of the (Linux) way of handling TCP/IP
>> ports. When you are logged onto a system as a non-root user (anyone not
>> being uid 0), you cannot create a listing TCP or UDP port below 1024. This
>> is because port numbers below 1024 are so-called privileged ports and can
>> only be opened by root or processes that are running as root. So for
>> instance, when your webserver (apache, nginx etc) will start, it will do so
>> as the privileged root user in order to open up a listening connection to
>> port 80 (the port that by default will be used for HTTP traffic). Now, as
>> soon as the port is opened and everything that needs to be done as root is
>> done, the webserver will fall back to a non-privileged user (either the
>> www-data, apache, or nobody user). From that point, when something bad is
>> happening, it is only limited to the rights that that user has.
>>
>> Now, back to SSH: when we start SSH on port 22, we know for a fact that this
>> is done by root or a root-process since no other user could possibly open
>> that port. But what happens when we move SSH to port ? This port can be
>> opened without a privileged account, which means I can write a simple script
>> that listens to port  and mimics SSH in order to capture your passwords.
>> And this can easily be done with simple tools commonly available on every
>> linux system/server. So running SSH on a non-privileged port makes it
>> potentially LESS secure, not MORE. You have no way of knowing if you are
>> talking to the real SSH server or not. This reason, and this reason alone
>> makes it that you should NEVER EVER use a non-privileged port for running
>> your SSH server.
>>
>> ==End quote==
>>
>> Reading the whole page is recommended.
>>
>> Though, some of Joshua Thijssen's points can be argued against (not by
>> myself, but I'm sure some folks can find some caveats in his article). I
>> tend to agree with what he points out.
>>
>> I do acknowledge that SBO (security by...) divides quite a bit sysadmins
>> apart. Some live by it, and some, well, ridicule it, and for them, seeing
>> another sysadmin use such method is a tell sign of anachronism.  The beauty
>> is that we can all choose, and what is important is  being informed.
>>
>> --
>> Guy Gold
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

1. only refer to non-privileged ports
2. btw, ssh will warn you if the server cert changes, so if someone
takes the port for it's ssh server, you will know

i'll still stick with a non standard privileged port.

On Tue, Jul 22, 2014 at 3:47 PM, Guy Gold  wrote:
>
>>>>>
>>>>> On 22 July 2014 00:52, Guy Gold  wrote:
>>>>>>
>>>>>> Hi Erez,
>>>>>>
>>>>>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D  wrote:
>>>>>>>
>>>>>>>
>>>>>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>>>>
>>>>>>
>>>>>> Then,  what Eliyahu wrote should serve you a perfect solution.
>
>
> Although this can become a flame-war :)
>
> Source:
> https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
>
> ==Begin quote ==
>
> But there are more reasons why this is a bad idea and one of the most
> important reason has to do with a bit of the (Linux) way of handling TCP/IP
> ports. When you are logged onto a system as a non-root user (anyone not
> being uid 0), you cannot create a listing TCP or UDP port below 1024. This
> is because port numbers below 1024 are so-called privileged ports and can
> only be opened by root or processes that are running as root. So for
> instance, when your webserver (apache, nginx etc) will start, it will do so
> as the privileged root user in order to open up a listening connection to
> port 80 (the port that by default will be used for HTTP traffic). Now, as
> soon as the port is opened and everything that needs to be done as root is
> done, the webserver will fall back to a non-privileged user (either the
> www-data, apache, or nobody user). From that point, when something bad is
> happening, it is only limited to the rights that that user has.
>
> Now, back to SSH: when we start SSH on port 22, we know for a fact that this
> is done by root or a root-process since no other user could possibly open
> that port. But what happens when we move SSH to port ? This port can be
> opened without a privileged account, which means I can write a simple script
> that listens to port  and mimics SSH in order to capture your passwords.
> And this can easily be done with simple tools commonly available on every
> linux system/server. So running SSH on a non-privileged port makes it
> potentially LESS secure, not MORE. You have no way of knowing if you are
> talking to the real SSH server or not. This reason, and this reason alone
> makes it that you should NEVER EVER use a non-privileged port for running
> your SSH server.
>
> ==End quote==
>
> Reading the whole page is recommended.
>
> Though, some of Joshua Thijssen's points can be argued against (not by
> myself, but I'm sure some folks can find some caveats in his article). I
> tend to agree with what he points out.
>
> I do acknowledge that SBO (security by...) divides quite a bit sysadmins
> apart. Some live by it, and some, well, ridicule it, and for them, seeing
> another sysadmin use such method is a tell sign of anachronism.  The beauty
> is that we can all choose, and what is important is  being informed.
>
> --
> Guy Gold
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

although port scanners can scan every port, it takes x 65536 times more
than scanning only port 22
and there are enough available port 22s,

so using a non-standard port is a smart move
as long as it is not the only one.


On Tue, Jul 22, 2014 at 3:07 AM, Amos Shapira 
wrote:

> Whatever.
>
> I'm speaking from personal experience that I didn't find this necessary.
>
>
>
> On 22 July 2014 08:21, E.S. Rosenberg  wrote:
>
>> Any decent port scanner (nmap for instance) will find the SSH service
>> regardless of the port its' on, while the likelihood of a firewall blocking
>> access to random non-standard ports is very high.
>>
>> I use fail2ban to prevent brute forcing and generally also try to have
>> some form of port knocking (knockd and fwknop are good options) to prevent
>> initial access to the SSH server to "unidentified" machines.
>>
>>
>> 2014-07-22 1:11 GMT+03:00 Amos Shapira :
>>
>>> On 22 July 2014 00:52, Guy Gold  wrote:
>>>
>>>> Hi Erez,
>>>>
>>>> On Mon, Jul 21, 2014 at 4:18 AM, Erez D  wrote:
>>>>
>>>>>
>>>>> it is not even a dynamic ip, it is a private ip behind a dynamic one
>>>>>
>>>>
>>>> Then,  what Eliyahu wrote should serve you a perfect solution.
>>>>
>>>> Also, there's not much advantage in the point of hiding behind the
>>>> "security by obscurity" method (i.e serve SSH at port 9000. or whichever).
>>>>
>>>  The increase to security by using  that method is in doubt - when
>>>> taking under consideration  tools used by "bad guys (and girls)" nowadays .
>>>> If you must do it, that's fine, but don't let it be a reason for not
>>>> using much better methods, as Eliyahu suggested.
>>>>
>>>
>>> From personal experience - there is a huge advantage in picking a random
>>> port for external SSH (and external HTTP). I always had port scanners on my
>>> standard, dynamic ISP ADSL addresses until I moved them to different
>>> non-standard ports. Since then my logs are clean, and I'm talking about
>>> over 5 years of experience (I don't remember exactly when I did the switch).
>>>
>>> This is of course not the only measure I take for security. I still
>>> treat them as vulnerable etc. But after years of not having a single probe
>>> on the new ports I have to say that it removed the threat of pretty much
>>> 100% of the probes on my home network.
>>>
>>> Perhaps they are more thorough on static ip addresses, known targets
>>> etc., but in my experience this is a very successful step.
>>>
>>>
>>>>
>>>>
>>>> --
>>>> Guy Gold
>>>>
>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>>
>>>
>>>
>>> --
>>>  [image: View my profile on LinkedIn]
>>> <http://www.linkedin.com/in/gliderflyer>
>>>
>>> ___
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>
>
> --
>  [image: View my profile on LinkedIn]
> <http://www.linkedin.com/in/gliderflyer>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 11:54 PM, E.S. Rosenberg
 wrote:
> I think we need to reset here for a minute...
>
> Is your goal to connect to a machine with a IP on a private range where
> there exists a gateway machine or router with a (known) public IP?
> In that case the solution is very simple: port-forwarding
> However I would not do that without also running fail2ban and maybe also
> fwknop so that evil SSH traffic would have a harder time at getting at my
> server.
>
> Or is your goal to connect to a machine reachable via a dynamic IP and you
> have a machine with a fixed IP that you can route via?
> In that case solutions are more complex, most of the solutions above related
> to that scenario I think.
it is not even a dynamic ip, it is a private ip behind a dynamic one
>
> So please clear up for us what your exact goal is.
> Regards,
> Eliyahu - אליהו
>
>
> 2014-07-20 18:46 GMT+03:00 Erez D :
>
>> On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg  wrote:
>> > You can have something running on the machine you want to SSH to that
>> > updates the machine with a fixed IP what its' IP is and have a firewall
>> > rule
>> > or some other way to redirect specific traffic like for instance traffic
>> > to
>> > TCP:2 from that machine to the IP that it was updated to be
>> >
>> still do not understand what you mean, and how it will let me connect
>> to a machine with a private ip
>> >
>> > 2014-07-20 14:33 GMT+03:00 Erez D :
>> >
>> >> On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
>> >>  wrote:
>> >> > If you just want an ssh connection you can simply redirect connection
>> >> > attempts to some port on the
>> >> > Internet-accessible machine to port 22 on the private-ip one - using
>> >> > whatever tool that fits you best -
>> >> > iptables, xinetd, redir, probably many others.
>> >> > --
>> >> > Didi
>> >>
>> >> i do not understand what do you mean
>> >> >
>> >> >
>> >> > 2014-07-20 13:31 GMT+03:00 Erez D :
>> >> >>
>> >> >> looks a little complicated - extra ssh server, firewall with port
>> >> >> knocking
>> >> >> all this for a ssh connection ...
>> >> >>
>> >> >> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe
>> >> >> 
>> >> >> wrote:
>> >> >> > you can add a port-knocking tool like fwknop to add a dynamic rule
>> >> >> > to
>> >> >> > forward your connection into the privet machine.
>> >> >> >
>> >> >> > --
>> >> >> > Rabin
>> >> >> >
>> >> >> >
>> >> >> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D 
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan
>> >> >> >> 
>> >> >> >> wrote:
>> >> >> >> > Didn't check it, but login in with a user who has /bin/true
>> >> >> >> > might
>> >> >> >> > do
>> >> >> >> > the
>> >> >> >> > trick.
>> >> >> >> you are correct, it works.
>> >> >> >> however it is still a security risk, as this means the client may
>> >> >> >> listen on unused port ...
>> >> >> >>
>> >> >> >> >
>> >> >> >> > Kaplan
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D 
>> >> >> >> > wrote:
>> >> >> >> >>
>> >> >> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan
>> >> >> >> >> 
>> >> >> >> >> wrote:
>> >> >> >> >> > ssh itself ?
>> >> >> >> >> >
>> >> >> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> >> >> >> >> nice, however this requires me to give access to my server,
>> >> >> >> >> which
>> >> >> >> >> i
>> >> >> >> >> do
>

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 3:36 PM, E.S. Rosenberg  wrote:
> You can have something running on the machine you want to SSH to that
> updates the machine with a fixed IP what its' IP is and have a firewall rule
> or some other way to redirect specific traffic like for instance traffic to
> TCP:2 from that machine to the IP that it was updated to be
>
still do not understand what you mean, and how it will let me connect
to a machine with a private ip
>
> 2014-07-20 14:33 GMT+03:00 Erez D :
>
>> On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
>>  wrote:
>> > If you just want an ssh connection you can simply redirect connection
>> > attempts to some port on the
>> > Internet-accessible machine to port 22 on the private-ip one - using
>> > whatever tool that fits you best -
>> > iptables, xinetd, redir, probably many others.
>> > --
>> > Didi
>>
>> i do not understand what do you mean
>> >
>> >
>> > 2014-07-20 13:31 GMT+03:00 Erez D :
>> >>
>> >> looks a little complicated - extra ssh server, firewall with port
>> >> knocking
>> >> all this for a ssh connection ...
>> >>
>> >> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe 
>> >> wrote:
>> >> > you can add a port-knocking tool like fwknop to add a dynamic rule to
>> >> > forward your connection into the privet machine.
>> >> >
>> >> > --
>> >> > Rabin
>> >> >
>> >> >
>> >> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D  wrote:
>> >> >>
>> >> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan 
>> >> >> wrote:
>> >> >> > Didn't check it, but login in with a user who has /bin/true might
>> >> >> > do
>> >> >> > the
>> >> >> > trick.
>> >> >> you are correct, it works.
>> >> >> however it is still a security risk, as this means the client may
>> >> >> listen on unused port ...
>> >> >>
>> >> >> >
>> >> >> > Kaplan
>> >> >> >
>> >> >> >
>> >> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D 
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan
>> >> >> >> 
>> >> >> >> wrote:
>> >> >> >> > ssh itself ?
>> >> >> >> >
>> >> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> >> >> >> nice, however this requires me to give access to my server, which
>> >> >> >> i
>> >> >> >> do
>> >> >> >> not want ...
>> >> >> >> (or, can i give people permission to ssh to my server only for
>> >> >> >> reverse
>> >> >> >> tunnels and no shell ?)
>> >> >> >>
>> >> >> >> >
>> >> >> >> > Kaplan
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D 
>> >> >> >> > wrote:
>> >> >> >> >>
>> >> >> >> >> hello
>> >> >> >> >>
>> >> >> >> >> i have a linux machine with a private ip connected to the
>> >> >> >> >> internet
>> >> >> >> >> i have a public ip and need to ssh to the linux box
>> >> >> >> >>
>> >> >> >> >> any tools for that ?
>> >> >> >> >>
>> >> >> >> >> ___
>> >> >> >> >> Linux-il mailing list
>> >> >> >> >> Linux-il@cs.huji.ac.il
>> >> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >> >> >
>> >> >> >> >
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> ___
>> >> >> Linux-il mailing list
>> >> >> Linux-il@cs.huji.ac.il
>> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >
>> >> >
>> >>
>> >> ___
>> >> Linux-il mailing list
>> >> Linux-il@cs.huji.ac.il
>> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >
>> >
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 1:30 PM, Yedidyah Bar David
 wrote:
> If you just want an ssh connection you can simply redirect connection
> attempts to some port on the
> Internet-accessible machine to port 22 on the private-ip one - using
> whatever tool that fits you best -
> iptables, xinetd, redir, probably many others.
> --
> Didi

i do not understand what do you mean
>
>
> 2014-07-20 13:31 GMT+03:00 Erez D :
>>
>> looks a little complicated - extra ssh server, firewall with port knocking
>> all this for a ssh connection ...
>>
>> On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe 
>> wrote:
>> > you can add a port-knocking tool like fwknop to add a dynamic rule to
>> > forward your connection into the privet machine.
>> >
>> > --
>> > Rabin
>> >
>> >
>> > On Sun, Jul 20, 2014 at 12:16 PM, Erez D  wrote:
>> >>
>> >> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan 
>> >> wrote:
>> >> > Didn't check it, but login in with a user who has /bin/true might do
>> >> > the
>> >> > trick.
>> >> you are correct, it works.
>> >> however it is still a security risk, as this means the client may
>> >> listen on unused port ...
>> >>
>> >> >
>> >> > Kaplan
>> >> >
>> >> >
>> >> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D  wrote:
>> >> >>
>> >> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan 
>> >> >> wrote:
>> >> >> > ssh itself ?
>> >> >> >
>> >> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> >> >> nice, however this requires me to give access to my server, which i
>> >> >> do
>> >> >> not want ...
>> >> >> (or, can i give people permission to ssh to my server only for
>> >> >> reverse
>> >> >> tunnels and no shell ?)
>> >> >>
>> >> >> >
>> >> >> > Kaplan
>> >> >> >
>> >> >> >
>> >> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D 
>> >> >> > wrote:
>> >> >> >>
>> >> >> >> hello
>> >> >> >>
>> >> >> >> i have a linux machine with a private ip connected to the
>> >> >> >> internet
>> >> >> >> i have a public ip and need to ssh to the linux box
>> >> >> >>
>> >> >> >> any tools for that ?
>> >> >> >>
>> >> >> >> ___
>> >> >> >> Linux-il mailing list
>> >> >> >> Linux-il@cs.huji.ac.il
>> >> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >> >
>> >> >> >
>> >> >
>> >> >
>> >>
>> >> ___
>> >> Linux-il mailing list
>> >> Linux-il@cs.huji.ac.il
>> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >
>> >
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

looks a little complicated - extra ssh server, firewall with port knocking
all this for a ssh connection ...

On Sun, Jul 20, 2014 at 11:38 AM, Rabin Yasharzadehe  wrote:
> you can add a port-knocking tool like fwknop to add a dynamic rule to
> forward your connection into the privet machine.
>
> --
> Rabin
>
>
> On Sun, Jul 20, 2014 at 12:16 PM, Erez D  wrote:
>>
>> On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan 
>> wrote:
>> > Didn't check it, but login in with a user who has /bin/true might do the
>> > trick.
>> you are correct, it works.
>> however it is still a security risk, as this means the client may
>> listen on unused port ...
>>
>> >
>> > Kaplan
>> >
>> >
>> > On Sun, Jul 20, 2014 at 12:03 PM, Erez D  wrote:
>> >>
>> >> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan 
>> >> wrote:
>> >> > ssh itself ?
>> >> >
>> >> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> >> nice, however this requires me to give access to my server, which i do
>> >> not want ...
>> >> (or, can i give people permission to ssh to my server only for reverse
>> >> tunnels and no shell ?)
>> >>
>> >> >
>> >> > Kaplan
>> >> >
>> >> >
>> >> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D  wrote:
>> >> >>
>> >> >> hello
>> >> >>
>> >> >> i have a linux machine with a private ip connected to the internet
>> >> >> i have a public ip and need to ssh to the linux box
>> >> >>
>> >> >> any tools for that ?
>> >> >>
>> >> >> ___
>> >> >> Linux-il mailing list
>> >> >> Linux-il@cs.huji.ac.il
>> >> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >> >
>> >> >
>> >
>> >
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 11:06 AM, Lior Kaplan  wrote:
> Didn't check it, but login in with a user who has /bin/true might do the
> trick.
you are correct, it works.
however it is still a security risk, as this means the client may
listen on unused port ...

>
> Kaplan
>
>
> On Sun, Jul 20, 2014 at 12:03 PM, Erez D  wrote:
>>
>> On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan 
>> wrote:
>> > ssh itself ?
>> >
>> > http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
>> nice, however this requires me to give access to my server, which i do
>> not want ...
>> (or, can i give people permission to ssh to my server only for reverse
>> tunnels and no shell ?)
>>
>> >
>> > Kaplan
>> >
>> >
>> > On Sun, Jul 20, 2014 at 11:36 AM, Erez D  wrote:
>> >>
>> >> hello
>> >>
>> >> i have a linux machine with a private ip connected to the internet
>> >> i have a public ip and need to ssh to the linux box
>> >>
>> >> any tools for that ?
>> >>
>> >> ___
>> >> Linux-il mailing list
>> >> Linux-il@cs.huji.ac.il
>> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >
>> >
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: reverse ssh

[Erez D]

On Sun, Jul 20, 2014 at 10:39 AM, Lior Kaplan  wrote:
> ssh itself ?
>
> http://www.thegeekstuff.com/2013/11/reverse-ssh-tunnel/
nice, however this requires me to give access to my server, which i do
not want ...
(or, can i give people permission to ssh to my server only for reverse
tunnels and no shell ?)

>
> Kaplan
>
>
> On Sun, Jul 20, 2014 at 11:36 AM, Erez D  wrote:
>>
>> hello
>>
>> i have a linux machine with a private ip connected to the internet
>> i have a public ip and need to ssh to the linux box
>>
>> any tools for that ?
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

reverse ssh

[Erez D]

hello

i have a linux machine with a private ip connected to the internet
i have a public ip and need to ssh to the linux box

any tools for that ?

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: diff/patch rootfs

[Erez D]

On Thu, Jul 10, 2014 at 4:50 PM, Amos Shapira 
wrote:

> How about rsync's --only-write-batch/--read-batch?
>

great
this is the closest as it gets to what i wanted
only caveat, is that if the system is modified, it will not merge like
'patch' does
however, i can live with this

thanks,
erez.

>
>
>
> On 10 July 2014 18:55, Erez D  wrote:
>
>> to make it clear:
>> i need to compare two directory trees - old and new, both holds files,
>> binaries, special files, symbolic and hard links. and create a patch
>> file
>>
>> than, on another system which has a copy of the old dir tree (and
>> possible some modifications), i need to patch it to make it a 'new'
>>
>> what i would like to have is somthing like rsync, which can create a
>> diff file ...
>>
>> On Thu, Jul 10, 2014 at 10:39 AM, Rabin Yasharzadehe 
>> wrote:
>> > I was just about to write the same suggesting,
>> > on my current Android ROM (OmniROM) i have update system called
>> OpenDelta
>> > which use xdelta to create the the update images.
>> >
>> > you can look at the code in github -
>> > https://github.com/omnirom/android_packages_apps_OpenDelta
>> >
>> > --
>> > Rabin
>> >
>> >
>> > On Thu, Jul 10, 2014 at 10:34 AM, shimi  wrote:
>> >>
>> >> On Thu, Jul 10, 2014 at 9:08 AM, Erez D  wrote:
>> >>>
>> >>> hello
>> >>>
>> >>>
>> >>> i am dealing with rootfs images  i install on embedded linux
>> >>>
>> >>> from time to time i update the rootfs - add some file, remove other,
>> >>> update others, mknod etc ...
>> >>>
>> >>> currently, when i do this, i need to reinstall the image
>> >>>
>> >>> i am looking to create a patch, i can patch an old rootfs to update it
>> >>>
>> >>> however, diff does not handle create file, remove file, special files
>> >>> and binary files very well
>> >>>
>> >>> i am looking for a tool that can do that.
>> >>>
>> >>> anyone ?
>> >>>
>> >>>
>> >>
>> >> If modifying an _image_ is your purpose, and you want to avoid
>> >> distributing the whole image, and you can do that 'offline' (i.e. you
>> have
>> >> two partitions, one active, second for upgrade and boot from - so you
>> don't
>> >> touch a system with a mounted filesystem), and you have your way to
>> manage
>> >> this versioning (i.e. you know for a fact what the previous image blob
>> is,
>> >> so what you need is really the blocks that changed from it) - maybe
>> take a
>> >> look at http://xdelta.org/
>> >>
>> >> -- Shimi
>> >>
>> >>
>> >> ___
>> >> Linux-il mailing list
>> >> Linux-il@cs.huji.ac.il
>> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >>
>> >
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
>
> --
>  [image: View my profile on LinkedIn]
> <http://www.linkedin.com/in/gliderflyer>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: diff/patch rootfs

[Erez D]

to make it clear:
i need to compare two directory trees - old and new, both holds files,
binaries, special files, symbolic and hard links. and create a patch
file

than, on another system which has a copy of the old dir tree (and
possible some modifications), i need to patch it to make it a 'new'

what i would like to have is somthing like rsync, which can create a
diff file ...

On Thu, Jul 10, 2014 at 10:39 AM, Rabin Yasharzadehe  wrote:
> I was just about to write the same suggesting,
> on my current Android ROM (OmniROM) i have update system called OpenDelta
> which use xdelta to create the the update images.
>
> you can look at the code in github -
> https://github.com/omnirom/android_packages_apps_OpenDelta
>
> --
> Rabin
>
>
> On Thu, Jul 10, 2014 at 10:34 AM, shimi  wrote:
>>
>> On Thu, Jul 10, 2014 at 9:08 AM, Erez D  wrote:
>>>
>>> hello
>>>
>>>
>>> i am dealing with rootfs images  i install on embedded linux
>>>
>>> from time to time i update the rootfs - add some file, remove other,
>>> update others, mknod etc ...
>>>
>>> currently, when i do this, i need to reinstall the image
>>>
>>> i am looking to create a patch, i can patch an old rootfs to update it
>>>
>>> however, diff does not handle create file, remove file, special files
>>> and binary files very well
>>>
>>> i am looking for a tool that can do that.
>>>
>>> anyone ?
>>>
>>>
>>
>> If modifying an _image_ is your purpose, and you want to avoid
>> distributing the whole image, and you can do that 'offline' (i.e. you have
>> two partitions, one active, second for upgrade and boot from - so you don't
>> touch a system with a mounted filesystem), and you have your way to manage
>> this versioning (i.e. you know for a fact what the previous image blob is,
>> so what you need is really the blocks that changed from it) - maybe take a
>> look at http://xdelta.org/
>>
>> -- Shimi
>>
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: diff/patch rootfs

[Erez D]

On Thu, Jul 10, 2014 at 9:54 AM, Oleg Goldshmidt  wrote:
> Erez D  writes:
>
>> hello
>>
>> i am dealing with rootfs images  i install on embedded linux
>>
>> from time to time i update the rootfs - add some file, remove other,
>> update others, mknod etc ...
>>
>> currently, when i do this, i need to reinstall the image
>>
>> i am looking to create a patch, i can patch an old rootfs to update it
>>
>> however, diff does not handle create file, remove file, special files
>> and binary files very well
>>
>> i am looking for a tool that can do that.
>>
>> anyone ?
>>
>> btw: distro is emdebian/debian on armel
>
> Proper (IMHO) solution - package your updates (in .deb in your case, I
> presume). This includes modifying existing packages if you need to roll
> your own stuff - to avoid clashes.
interesting idea, altough seems trivial, it never came into mind
however:
1. will take a lot of work (note that i overwrite some of debian's
file with my own, and will need to resove this)
2. will be a big patch (and i pay by the byte, have low flash/ram. and
must be done offline)

currently i need something simpler, which will be small, offline

>
> Barring that, rsync is the first thing that comes to my mind.
that was my first idea, however it need to be done offline.
searched to see if rsync creates diffs,  and never found any info about this ...

>
> I assume I don't need to remind you to be very, very careful, especially
> with --delete. ;-)
sure
>
> I suppose if you screw up an update you can still reinstall as today,
> right?
yes, if i have access to the product (which is not always true)

>
> Possible enhancements (going on a tangent here):
>
> I don't know your circumstances, nor am I familiar with emdebian, but
> personally I'd prefer to get as much as possible packaged from the
> distro and not touch rootfs by hand, and keep my own stuff on a separate
> partition (that I can clobber, e.g., with rsync, even multiple times if
> things go wrong).
no problems with emdebian
>
> I realize this may not be an option, so back to rootfs. Have you
> considered having 2 partitions side-by-side and swapping old for new
> (that you have, e.g., rsync'ed, etc.) with the possibility of rolling
> back?  Once new is running you can update old, too, if it is needed to
> prepare for the next upgrade. The second partition will cost you some
> space, of course...

think of a software patch to a filesystem, like (god forbid ;-)
windows-update ;-)

>
> --
> Oleg Goldshmidt | p...@goldshmidt.org

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

diff/patch rootfs

[Erez D]

hello


i am dealing with rootfs images  i install on embedded linux

from time to time i update the rootfs - add some file, remove other,
update others, mknod etc ...

currently, when i do this, i need to reinstall the image

i am looking to create a patch, i can patch an old rootfs to update it

however, diff does not handle create file, remove file, special files
and binary files very well

i am looking for a tool that can do that.

anyone ?


btw: distro is emdebian/debian on armel

thanks,
erez.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Erez D]

On Tue, May 20, 2014 at 12:13 PM, Erez D  wrote:
> ok, it now works
> /proc/sys/fs/binfmt_misc/qemu-arm was missing,
> internet searc told me to look for 'binfmt-support' pkg, however i
> could not find none for centos6
> so as chrooted systems share the same kernel (just need to mount /proc
> under the chroot dir), I chroot to my wheezy_i686 (i have some chroots
> for testing other disros), and there i did apt-get install
> binfmt-support qemu-user-static, and update-binfmts --display
>
> now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again
>
>
> (i do not know if this is permenent or will require redoing after
> reboot), but i will check it at next reboot (somthing like in 6 months
> ;-)

it seems that it not permamenent.
my chroot has a /etc/init.d/binfmt-support script which makes it permanent,
however i do not boot the chroot system ;-)
so i added the following line to rc.local :
chroot /home/chroot/wheezy_i686/  /etc/init.d/binfmt-support start

now it is permenent
(i wish centos had this package so i wouldn't have to deal with such hacks).

>
> thanks
> erez
>
> On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen  wrote:
>> On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote:
>>> I am using centos 6 and  developing for an armel platform
>>>
>>> i created a rootfs using multistrap/debbootstrap
>>>
>>> i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static
>>
>> There's something missing from your description. I suspect you forgot to
>> mention it: debootstrap's run can be broken to two parts: one that
>> downloads everything, and the second stage that needs to run inside the
>> chroot. In that case:
>>
>>   debootstrap --foreign [--arch=] [rest of parameters]
>>   chroot to/chroot
>>   ./debootstrap --second-stage
>>
>> At least in Debian, the package qemu-user-static includes the wrapper
>> qemu-debootstrap to do just that, and also copy the required
>> qemu-user-static.
>>
>>>
>>> and i was astonished that doing just 'chroot rootfs' worked, without
>>> explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
>>> automatically to run everything under qemu-arm-static without me telling it
>>> to.
>>>
>>>
>>> after a restart of the server. rootfs does not work anymore automatically,
>>> i get a "chroot: failed to run command `/bin/bash': Exec format error"
>>> doing "chroot rootfs /usr/bin/qemu-arm-static /bin/bash" does chroot, but
>>> i get : "bash: /bin/cat: cannot execute binary file" (although
>>> rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target).
>>> i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok
>>
>> A chroot does not replace the kernel. It's running on your kernel and
>> that kernel does not natively support the armel binaries.
>>
>> In Debian, the package qemu-user-static registers foreign Linux ELF
>> formats. So maybe you forgot this is needed. Specifically:
>>
>> $ cat /proc/sys/fs/binfmt_misc/qemu-arm
>> enabled
>> interpreter /usr/bin/qemu-arm-static
>> flags:
>> offset 0
>> magic 7f454c460101010002002800
>> mask ff00feff
>>
>> --
>> Tzafrir Cohen | tzaf...@jabber.org | VIM is
>> http://tzafrir.org.il || a Mutt's
>> tzaf...@cohens.org.il ||  best
>> tzaf...@debian.org|| friend
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

thanks

On Tue, Jun 10, 2014 at 11:50 AM, Rabin Yasharzadehe  wrote:
> not a answer, but you can try and use the log option to debug your conf
> file,
> and make sure each function return what you expecting it to return.
>
> also you have tools like dhcping & dhcpdump
> which can help you debug the problem.
>
> --
> Rabin
>
>
> On Mon, Jun 9, 2014 at 10:14 AM, Erez D  wrote:
>>
>> i'm trying to match ip to macs
>>
>>
>> e.g.:
>> mac 00:11:22:33:44:01 -> 10.0.5.1
>> mac 00:11:22:33:44:02 -> 10.0.5.2
>> mac 00:11:22:33:44:03 -> 10.0.5.3
>> mac 00:11:22:33:44:04 -> 10.0.5.4
>>
>>
>>
>> it does not seem to work
>> is it possible to do that ?
>>
>>
>> highlights of dhcpd.conf:
>>
>> class "vm" {
>> match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) =
>> "0:11:22:33:44";
>> set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1);
>> set vmName=concat("VM-",lastMacByte);
>> set vmIp=concat("10.0.5.",lastMacByte);
>> }
>>
>> and
>>
>> host vmName {
>>   fixed-address vmIp;
>> }
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

On Tue, Jun 10, 2014 at 12:11 AM, Amos Shapira  wrote:
> Yup.
> Or do what we did at my workplace and use puppet to maintain (and generate,
> if needed) the configuration.
>
just buy a cow for a cup of milk ;-)
> On 10 Jun 2014 05:33, "shimi"  wrote:
>>
>> On Mon, Jun 9, 2014 at 6:15 PM, Erez D  wrote:
>>>
>>> no, i want:
>>> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1
>>> }
>>> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2
>>> }
>>> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3
>>> }
>>> ...
>>> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
>>> 10.0.5.254 }
>>>
>>
>> If it doesn't work out...
>>
>> php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0',
>> STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id), 2,
>> '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";'
>>
>> -- Shimi
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

On Mon, Jun 9, 2014 at 10:31 PM, shimi  wrote:
> On Mon, Jun 9, 2014 at 6:15 PM, Erez D  wrote:
>>
>> no, i want:
>> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
>> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
>> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
>> ...
>> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address
>> 10.0.5.254 }
>>
>
> If it doesn't work out...
>
> php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0',
> STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id), 2,
> '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";'
>
> -- Shimi
thanks.
i didn't want to do this that way

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: advanced dhcpd.conf

[Erez D]

On Mon, Jun 9, 2014 at 10:33 AM, geoffrey mendelson
 wrote:
> On 6/9/2014 10:14 AM, Erez D wrote:
>>
>> i'm trying to match ip to macs
>>
>>
>> e.g.:
>> mac 00:11:22:33:44:01 -> 10.0.5.1
>> mac 00:11:22:33:44:02 -> 10.0.5.2
>> mac 00:11:22:33:44:03 -> 10.0.5.3
>> mac 00:11:22:33:44:04 -> 10.0.5.4
>>
>>
>>
>> it does not seem to work
>> is it possible to do that ?
>>
>>
>> highlights of dhcpd.conf:
>>
>> class "vm" {
>> match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) =
>> "0:11:22:33:44";
>> set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1);
>> set vmName=concat("VM-",lastMacByte);
>> set vmIp=concat("10.0.5.",lastMacByte);
>> }
>>
>
>
> Is this what you want?
>
> host danny3
> {
> fixed-address danny3;
> hardware ethernet  00:11:95:8e:8d:80;
>  option host-name "danny3";
> }
>
> dann3 resolves to the IP address I want.
>
> Geoff.
>
no, i want:
host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 }
host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 }
host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 }
...
host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address 10.0.5.254 }

> --
> Geoffrey S. Mendelson 4X1GM/N3OWJ
> Jerusalem Israel.
>
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

advanced dhcpd.conf

[Erez D]

i'm trying to match ip to macs


e.g.:
mac 00:11:22:33:44:01 -> 10.0.5.1
mac 00:11:22:33:44:02 -> 10.0.5.2
mac 00:11:22:33:44:03 -> 10.0.5.3
mac 00:11:22:33:44:04 -> 10.0.5.4



it does not seem to work
is it possible to do that ?


highlights of dhcpd.conf:

class "vm" {
match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) = "0:11:22:33:44";
set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1);
set vmName=concat("VM-",lastMacByte);
set vmIp=concat("10.0.5.",lastMacByte);
}

and

host vmName {
  fixed-address vmIp;
}

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

Do you know what linux software can be used to proxy dns for some
clients, resolve everything to a predetermained IP to other clients ?

can dnsmasq do that ? other open software ?

On Tue, May 27, 2014 at 5:56 AM, Guy Gold  wrote:
> On Mon, May 26, 2014 at 7:25 PM, Amos Shapira 
> wrote:
>>
>> Yes I think we got this. I'm not the OP bit I wonder what can an AP admin
>> do to configure it in a way which triggers this OS smarts on the client.
>
> At least, on my part, configuring our WiFi AP concentrator, I did nothing in
> order to make that happen, I configured the captive portal web page, but not
> more than that, which leads my believe it's an OS feature, rather then AP
> feature. (just my opinion though, no proof).
> The unit in production is an Enterasys C-25.
>
> As for how the Captive works, in our case,  it allows any client :53
> traffic, and blocks any other traffic,  also, it  resolves  any DNS query to
> to its own captive portal address, once a client (identified by MAC)
> authenticates, it then  stops the forced resolution to its own address,  and
> lets :53 and all  traffic through, to "real" Name Servers and the www.
>
>
>
> --
> Guy Gold
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

Jonathan, if we are talking about walled garden/captive portal
implementation under linux, i'll take the opportunity to ask something
related.

how does the AP redirect every web access to the login page (for "non
accepted" clients)
i guess using a transparent proxy with a redirection page, am i correct ?
if i am correct, i would like to know:
1. does the AP allow real DNS access, or does it return the IP of the
AP for every dns query. (and if so what about DNS cache ?)
2. what "webserver/proxy" is used to return the same redirect answer
to every requested url


On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham  wrote:
> Hi Erez,
> For each AP you need to maintain a table of client connections that are
> "accepted", meaning that the client has presented some type of credential or
> payment or whatever.
>
> Packets from clients that are not accepted are routed to some authentication
> or payment gateway, with possible port translation.
>
> The accepted client table does not have to be on the AP itself. It is
> usually held in a RADIUS server upstream. The authentication gateway also
> does not need to be on the AP itself. It can be upstream and does not have
> to be the same as the RADIUS server. You can also have more than one payment
> gateway but use the same RADIUS server.
>
> That, in a nutshell is how it is done. There's a lot of netfilter/iptables
> smoke an mirrors going on on the AP.
>
>
>  - yba
>
>
> On Mon, 26 May 2014, Erez D wrote:
>
>> Date: Mon, 26 May 2014 10:26:52 +0300
>> From: Erez D 
>> To: Jonathan Ben Avraham 
>> Cc: linux-il 
>> Subject: Re: partly OT: notification of url when connecting to open wifi
>>
>>
>> On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham 
>> wrote:
>>>
>>> Hi Erez,
>>> No. The ability to configure a payment/authentication gateway is a router
>>> feature. I worked on this feature for Alvarion's WBSn. Every router
>>> designer
>>> develops their own feature.
>>
>>
>> can you elaborate ?
>>>
>>>
>>>  - yba
>>>
>>>
>>> On Mon, 26 May 2014, Erez D wrote:
>>>
>>>> Date: Mon, 26 May 2014 10:11:54 +0300
>>>> From: Erez D 
>>>> To: linux-il 
>>>> Subject: partly OT: notification of url when connecting to open wifi
>>>>
>>>>
>>>> this is partially off topic
>>>>
>>>> some times when i connect to open wifi on aitports, my phone (android)
>>>> gives me a notification of a site i need to go to, and if i click on
>>>> it, it opens a browser with a predefined URL
>>>>
>>>>
>>>> i was wandering - is that part of an RFC or standard ?
>>>>
>>>>
>>>> 10x
>>>> erez.
>>>>
>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>
>>> --
>>>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
>>> Systems
>>> =} Jonathan Ben-Avraham ("yba")
>>> --ooO--U--Ooo{=
>>> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
>>> skype:benavrhm
>>
>>
>
> --
>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
> =} Jonathan Ben-Avraham ("yba") --ooO--U--Ooo{=
> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

On Mon, May 26, 2014 at 12:29 PM, Rabin Yasharzadehe  wrote:
> the code is in the first answer
>
>>
>> http://stackoverflow.com/questions/13958614/how-to-check-for-unrestricted-internet-access-captive-portal-detection

nice,
now i know the term is called "walled garden" or "captive portal"

do if i understand correctly,
android expect a captive portal to return a redirect, and so generates
a notification with the redirect url ?

>
> --
> Rabin
>
>
> On Mon, May 26, 2014 at 11:51 AM, Erez D  wrote:
>>
>> thanks,
>>
>> however, that not what i ment
>>
>> i was only asking how it generated a notification on my phone without
>> me opening a browser
>> i do not want to restrict access to anything
>>
>> thanks,
>> erez.
>> On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham 
>> wrote:
>> > Hi Erez,
>> > For each AP you need to maintain a table of client connections that are
>> > "accepted", meaning that the client has presented some type of
>> > credential or
>> > payment or whatever.
>> >
>> > Packets from clients that are not accepted are routed to some
>> > authentication
>> > or payment gateway, with possible port translation.
>> >
>> > The accepted client table does not have to be on the AP itself. It is
>> > usually held in a RADIUS server upstream. The authentication gateway
>> > also
>> > does not need to be on the AP itself. It can be upstream and does not
>> > have
>> > to be the same as the RADIUS server. You can also have more than one
>> > payment
>> > gateway but use the same RADIUS server.
>> >
>> > That, in a nutshell is how it is done. There's a lot of
>> > netfilter/iptables
>> > smoke an mirrors going on on the AP.
>> >
>> >
>> >  - yba
>> >
>> >
>> > On Mon, 26 May 2014, Erez D wrote:
>> >
>> >> Date: Mon, 26 May 2014 10:26:52 +0300
>> >> From: Erez D 
>> >> To: Jonathan Ben Avraham 
>> >> Cc: linux-il 
>> >> Subject: Re: partly OT: notification of url when connecting to open
>> >> wifi
>> >>
>> >>
>> >> On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham 
>> >> wrote:
>> >>>
>> >>> Hi Erez,
>> >>> No. The ability to configure a payment/authentication gateway is a
>> >>> router
>> >>> feature. I worked on this feature for Alvarion's WBSn. Every router
>> >>> designer
>> >>> develops their own feature.
>> >>
>> >>
>> >> can you elaborate ?
>> >>>
>> >>>
>> >>>  - yba
>> >>>
>> >>>
>> >>> On Mon, 26 May 2014, Erez D wrote:
>> >>>
>> >>>> Date: Mon, 26 May 2014 10:11:54 +0300
>> >>>> From: Erez D 
>> >>>> To: linux-il 
>> >>>> Subject: partly OT: notification of url when connecting to open wifi
>> >>>>
>> >>>>
>> >>>> this is partially off topic
>> >>>>
>> >>>> some times when i connect to open wifi on aitports, my phone
>> >>>> (android)
>> >>>> gives me a notification of a site i need to go to, and if i click on
>> >>>> it, it opens a browser with a predefined URL
>> >>>>
>> >>>>
>> >>>> i was wandering - is that part of an RFC or standard ?
>> >>>>
>> >>>>
>> >>>> 10x
>> >>>> erez.
>> >>>>
>> >>>> ___
>> >>>> Linux-il mailing list
>> >>>> Linux-il@cs.huji.ac.il
>> >>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >>>>
>> >>>
>> >>> --
>> >>>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
>> >>> Systems
>> >>> =} Jonathan Ben-Avraham ("yba")
>> >>> --ooO--U--Ooo{=
>> >>> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
>> >>> skype:benavrhm
>> >>
>> >>
>> >
>> > --
>> >  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
>> > Systems
>> > =} Jonathan Ben-Avraham ("yba")
>> > --ooO--U--Ooo{=
>> > mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
>> > skype:benavrhm
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

thanks,

however, that not what i ment

i was only asking how it generated a notification on my phone without
me opening a browser
i do not want to restrict access to anything

thanks,
erez.
On Mon, May 26, 2014 at 10:44 AM, Jonathan Ben Avraham  wrote:
> Hi Erez,
> For each AP you need to maintain a table of client connections that are
> "accepted", meaning that the client has presented some type of credential or
> payment or whatever.
>
> Packets from clients that are not accepted are routed to some authentication
> or payment gateway, with possible port translation.
>
> The accepted client table does not have to be on the AP itself. It is
> usually held in a RADIUS server upstream. The authentication gateway also
> does not need to be on the AP itself. It can be upstream and does not have
> to be the same as the RADIUS server. You can also have more than one payment
> gateway but use the same RADIUS server.
>
> That, in a nutshell is how it is done. There's a lot of netfilter/iptables
> smoke an mirrors going on on the AP.
>
>
>  - yba
>
>
> On Mon, 26 May 2014, Erez D wrote:
>
>> Date: Mon, 26 May 2014 10:26:52 +0300
>> From: Erez D 
>> To: Jonathan Ben Avraham 
>> Cc: linux-il 
>> Subject: Re: partly OT: notification of url when connecting to open wifi
>>
>>
>> On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham 
>> wrote:
>>>
>>> Hi Erez,
>>> No. The ability to configure a payment/authentication gateway is a router
>>> feature. I worked on this feature for Alvarion's WBSn. Every router
>>> designer
>>> develops their own feature.
>>
>>
>> can you elaborate ?
>>>
>>>
>>>  - yba
>>>
>>>
>>> On Mon, 26 May 2014, Erez D wrote:
>>>
>>>> Date: Mon, 26 May 2014 10:11:54 +0300
>>>> From: Erez D 
>>>> To: linux-il 
>>>> Subject: partly OT: notification of url when connecting to open wifi
>>>>
>>>>
>>>> this is partially off topic
>>>>
>>>> some times when i connect to open wifi on aitports, my phone (android)
>>>> gives me a notification of a site i need to go to, and if i click on
>>>> it, it opens a browser with a predefined URL
>>>>
>>>>
>>>> i was wandering - is that part of an RFC or standard ?
>>>>
>>>>
>>>> 10x
>>>> erez.
>>>>
>>>> ___
>>>> Linux-il mailing list
>>>> Linux-il@cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>
>>> --
>>>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open
>>> Systems
>>> =} Jonathan Ben-Avraham ("yba")
>>> --ooO--U--Ooo{=
>>> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il
>>> skype:benavrhm
>>
>>
>
> --
>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
> =} Jonathan Ben-Avraham ("yba") --ooO--U--Ooo{=
> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

On Mon, May 26, 2014 at 10:23 AM, Jonathan Ben Avraham  wrote:
> Hi Erez,
> No. The ability to configure a payment/authentication gateway is a router
> feature. I worked on this feature for Alvarion's WBSn. Every router designer
> develops their own feature.

can you elaborate ?
>
>  - yba
>
>
> On Mon, 26 May 2014, Erez D wrote:
>
>> Date: Mon, 26 May 2014 10:11:54 +0300
>> From: Erez D 
>> To: linux-il 
>> Subject: partly OT: notification of url when connecting to open wifi
>>
>>
>> this is partially off topic
>>
>> some times when i connect to open wifi on aitports, my phone (android)
>> gives me a notification of a site i need to go to, and if i click on
>> it, it opens a browser with a predefined URL
>>
>>
>> i was wandering - is that part of an RFC or standard ?
>>
>>
>> 10x
>> erez.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
> --
>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
> =} Jonathan Ben-Avraham ("yba") --ooO--U--Ooo{=
> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: partly OT: notification of url when connecting to open wifi

[Erez D]

On Mon, May 26, 2014 at 10:18 AM, Rabin Yasharzadehe  wrote:
> I think it's the same/some implementation of Google chrome to check if you
> are behind a proxy and have access to the internet.
>
> https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup

Thanks, i'll look into this. however this is done without me opening a
browser or searching
i just select a wireless network, and immediatly i get a notification
>
> --
> Rabin
>
>
> On Mon, May 26, 2014 at 10:11 AM, Erez D  wrote:
>>
>> this is partially off topic
>>
>> some times when i connect to open wifi on aitports, my phone (android)
>> gives me a notification of a site i need to go to, and if i click on
>> it, it opens a browser with a predefined URL
>>
>>
>> i was wandering - is that part of an RFC or standard ?
>>
>>
>> 10x
>> erez.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

partly OT: notification of url when connecting to open wifi

[Erez D]

this is partially off topic

some times when i connect to open wifi on aitports, my phone (android)
gives me a notification of a site i need to go to, and if i click on
it, it opens a browser with a predefined URL


i was wandering - is that part of an RFC or standard ?


10x
erez.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Erez D]

ok, it now works
/proc/sys/fs/binfmt_misc/qemu-arm was missing,
internet searc told me to look for 'binfmt-support' pkg, however i
could not find none for centos6
so as chrooted systems share the same kernel (just need to mount /proc
under the chroot dir), I chroot to my wheezy_i686 (i have some chroots
for testing other disros), and there i did apt-get install
binfmt-support qemu-user-static, and update-binfmts --display

now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again


(i do not know if this is permenent or will require redoing after
reboot), but i will check it at next reboot (somthing like in 6 months
;-)

thanks
erez

On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen  wrote:
> On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote:
>> I am using centos 6 and  developing for an armel platform
>>
>> i created a rootfs using multistrap/debbootstrap
>>
>> i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static
>
> There's something missing from your description. I suspect you forgot to
> mention it: debootstrap's run can be broken to two parts: one that
> downloads everything, and the second stage that needs to run inside the
> chroot. In that case:
>
>   debootstrap --foreign [--arch=] [rest of parameters]
>   chroot to/chroot
>   ./debootstrap --second-stage
>
> At least in Debian, the package qemu-user-static includes the wrapper
> qemu-debootstrap to do just that, and also copy the required
> qemu-user-static.
>
>>
>> and i was astonished that doing just 'chroot rootfs' worked, without
>> explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
>> automatically to run everything under qemu-arm-static without me telling it
>> to.
>>
>>
>> after a restart of the server. rootfs does not work anymore automatically,
>> i get a "chroot: failed to run command `/bin/bash': Exec format error"
>> doing "chroot rootfs /usr/bin/qemu-arm-static /bin/bash" does chroot, but
>> i get : "bash: /bin/cat: cannot execute binary file" (although
>> rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target).
>> i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok
>
> A chroot does not replace the kernel. It's running on your kernel and
> that kernel does not natively support the armel binaries.
>
> In Debian, the package qemu-user-static registers foreign Linux ELF
> formats. So maybe you forgot this is needed. Specifically:
>
> $ cat /proc/sys/fs/binfmt_misc/qemu-arm
> enabled
> interpreter /usr/bin/qemu-arm-static
> flags:
> offset 0
> magic 7f454c460101010002002800
> mask ff00feff
>
> --
> Tzafrir Cohen | tzaf...@jabber.org | VIM is
> http://tzafrir.org.il || a Mutt's
> tzaf...@cohens.org.il ||  best
> tzaf...@debian.org|| friend
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: qemu and chroot

[Erez D]

On Tue, May 20, 2014 at 9:24 AM, Baruch Siach  wrote:

> Hi Erez,
>
> On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote:
> > I am using centos 6 and  developing for an armel platform
> >
> > i created a rootfs using multistrap/debbootstrap
> >
> > i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static
>
> Is this QEMU built for your host (presumably x86) or your target (ARM)?
>
obviously for my host

>
> Do you really need to run QEMU on your target?
>
no, my target runs armel natively, my host uses qemu-arm for that

>
> > and i was astonished that doing just 'chroot rootfs' worked, without
> > explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
> > automatically to run everything under qemu-arm-static without me telling
> it
> > to.
> >
> > after a restart of the server. rootfs does not work anymore
> automatically,
> > i get a "chroot: failed to run command `/bin/bash': Exec format error"
> > doing "chroot rootfs /usr/bin/qemu-arm-static /bin/bash" does chroot, but
> > i get : "bash: /bin/cat: cannot execute binary file" (although
> > rootfs/bin/cat is a perfectly ok armel binary, tested on the armel
> target).
> > i also checked the md5sum of the rootfs/qemu-arm-static binary, and it
> is ok
> >
> > i mounted the rootfs on the armel target using nfs, and chrooted from the
> > target, and it works perfectly, meaning there is nothing wrong with the
> > rootfs filesystem
>
> Chrooted from what target? Is it a hardware ARM system? QEMU?
>
my target is armel and it chrooted to rootfs dir and ran the armel code
natively,just to show that the rootfs a valid armel rootfs.

>
> baruch
>
> > as it wonderously worked, now it wonerously  doesn't
> >
> > tryed googleling for it , but still cant find how to make it work
> >
> > any idea ?
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

qemu and chroot

[Erez D]

I am using centos 6 and  developing for an armel platform

i created a rootfs using multistrap/debbootstrap

i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static

and i was astonished that doing just 'chroot rootfs' worked, without
explicitly telling 'chroot' to use qemu-arm-static - somehow it decided
automatically to run everything under qemu-arm-static without me telling it
to.


after a restart of the server. rootfs does not work anymore automatically,
i get a "chroot: failed to run command `/bin/bash': Exec format error"
doing "chroot rootfs /usr/bin/qemu-arm-static /bin/bash" does chroot, but
i get : "bash: /bin/cat: cannot execute binary file" (although
rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target).
i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok

i mounted the rootfs on the armel target using nfs, and chrooted from the
target, and it works perfectly, meaning there is nothing wrong with the
rootfs filesystem

as it wonderously worked, now it wonerously  doesn't

tryed googleling for it , but still cant find how to make it work

any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

thanks for your help


On Mon, May 12, 2014 at 2:53 PM, Baruch Siach  wrote:

> Hi Erez,
>
> On Mon, May 12, 2014 at 02:14:34PM +0300, Erez D wrote:
> > On Mon, May 12, 2014 at 12:28 PM, Baruch Siach 
> wrote:
> > > On Mon, May 12, 2014 at 12:14:14PM +0300, Erez D wrote:
> > > > On Mon, May 12, 2014 at 12:05 PM, Baruch Siach 
> > > wrote:
> > > > > On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote:
> > > > > > i need to clone a nand flash. which has ubifs on it
> > > > > >
> > > > > > doing 'dd' didn't work as the source and dest have different bad
> > > sectors.
> > > > >
> > > > > dd is not the way to go with raw NAND flash access; it's not aware
> of
> > > bad
> > > > > blocks.
> > > > >
> > > > > > is there an easy way to clone a ubifs nand-flash ?
> > > > >
> > > > > You may be able get a working system using nanddump/nandwrite (see
> > > > > http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024,
> but
> > > > > read
> > > > > the whole thread). Generally, tough, this is not what you want to
> do
> > > with
> > > > > UBI/UBIFS. You should use ubiformat on the target, and copy the
> content
> > > > > with
> > > > > tar. See
> > > http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat
> > > >
> > > > will tar preserve uid/gid hard links, special files, /dev
> > >
> > > Yes, by default.
> > >
> > > > extended attr etc ?
> > >
> > > Yes. Use --xattrs.
> > >
> > > baruch
> >
> > thanks, i'll try that.
> >
> > can I ubiformat + untar from u-boot ?
>
> I don't see support for either in mainline U-Boot. Barebox supports
> ubiformat
> but not tar extraction.
>
> Your best option is to boot into RAM using a kernel combined with a minimal
> Busybox based initramfs, and extract you tar from there. Note tough that
> Busybox tar does not support extended attributes, so you must use GNU tar
> for
> this. Buildroot can generate a minimal initramfs image for you quite
> easily.
>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

On Mon, May 12, 2014 at 12:28 PM, Baruch Siach  wrote:

> Hi Erez,
>
> On Mon, May 12, 2014 at 12:14:14PM +0300, Erez D wrote:
> > On Mon, May 12, 2014 at 12:05 PM, Baruch Siach 
> wrote:
> > > On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote:
> > > > i need to clone a nand flash. which has ubifs on it
> > > >
> > > > doing 'dd' didn't work as the source and dest have different bad
> sectors.
> > >
> > > dd is not the way to go with raw NAND flash access; it's not aware of
> bad
> > > blocks.
> > >
> > > > is there an easy way to clone a ubifs nand-flash ?
> > >
> > > You may be able get a working system using nanddump/nandwrite (see
> > > http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but
> > > read
> > > the whole thread). Generally, tough, this is not what you want to do
> with
> > > UBI/UBIFS. You should use ubiformat on the target, and copy the content
> > > with
> > > tar. See
> http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat
> >
> > will tar preserve uid/gid hard links, special files, /dev
>
> Yes, by default.
>
> > extended attr etc ?
>
> Yes. Use --xattrs.
>
> baruch
>

thanks, i'll try that.

can I ubiformat + untar from u-boot ?

>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

On Mon, May 12, 2014 at 12:05 PM, Baruch Siach  wrote:

> Hi Erez,
>
> On Mon, May 12, 2014 at 11:46:43AM +0300, Erez D wrote:
> > i need to clone a nand flash. which has ubifs on it
> >
> > doing 'dd' didn't work as the source and dest have different bad sectors.
>
> dd is not the way to go with raw NAND flash access; it's not aware of bad
> blocks.
>
> > is there an easy way to clone a ubifs nand-flash ?
>
> You may be able get a working system using nanddump/nandwrite (see
> http://thread.gmane.org/gmane.linux.drivers.mtd/45792/focus=46024, but
> read
> the whole thread). Generally, tough, this is not what you want to do with
> UBI/UBIFS. You should use ubiformat on the target, and copy the content
> with
> tar. See http://www.linux-mtd.infradead.org/faq/ubifs.html#L_why_ubiformat
> .
>
will tar preserve uid/gid hard links, special files, /dev extended attr etc
?

>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: ubi cloning

[Erez D]

On Mon, May 12, 2014 at 11:51 AM, Amos Shapira wrote:

> How about ddrescue (the GNU one I think, there are multiple
> implementations with same name) into an image file then try to fix the fs
> around the bad sectors?
>
> ubifs already handles the bad sectors, and i do not want to mess with it.

>
> On 12 May 2014 18:46, Erez D  wrote:
>
>>  Hi
>>
>> i need to clone a nand flash. which has ubifs on it
>>
>> doing 'dd' didn't work as the source and dest have different bad sectors.
>>
>> is there an easy way to clone a ubifs nand-flash ?
>>
>>
>> thanks
>> erez.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
>  [image: View my profile on LinkedIn]
> <http://www.linkedin.com/in/gliderflyer>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

ubi cloning

[Erez D]

Hi

i need to clone a nand flash. which has ubifs on it

doing 'dd' didn't work as the source and dest have different bad sectors.

is there an easy way to clone a ubifs nand-flash ?


thanks
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

strange mac address issue

[Erez D]

i have an embbeded linux board. connected a usb2eth (rj45), and through
that to the lan.

suprisingly, another usb2eth on another copy of the embedded board, has the
same mac address, and so i get conflicts on the network.

swapping different modules of usb2eth on the same board gives same mac
address.
I'll call this mac address 'Mac Address A'

so i wanted to see if linux is causing this issue. i tried to connect these
usb2eth on a win7 machine.

on win7, all of the usb2eth get the same mac address. however this is a
differnet mac address then the previous. i'll call it 'Mac Address B'

on another usb port on the same win7, i get 'Mac Address C'. again it does
not matter which usb2eth i use


All the usb2eth are idVendor=0fe6, idProduct=9700 (dm9601)
(although physically different)

any idea ?
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: strange ( * vs ./* )

[Erez D]

On Wed, Apr 9, 2014 at 1:17 PM, Matan Ziv-Av  wrote:

> On Wed, 9 Apr 2014, Erez D wrote:
>
>  erez@homer:~$ grep pppd *
>> erez@homer:~$
>>
>> however:
>>
>> erez@homer:~$ grep pppd ./*
>> ./chat.sh:pppd connect 'chat -v -s ABORT ERROR ABORT'
>>
>
> Do you have a file whose name starts with a dash (-)?
>
> that was the issue.
i had a file called '-q' .
renaming it solved it

thanks.

>
> --
> Matan Ziv-Av. ma...@svgalib.org
>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

strange ( * vs ./* )

[Erez D]

erez@homer:~$ grep pppd *
erez@homer:~$

however:

erez@homer:~$ grep pppd ./*
./chat.sh:pppd connect 'chat -v -s ABORT ERROR ABORT'

and:

erez@homer:~$ grep pppd chat.sh
pppd connect 'chat -v -s ABORT ERROR ABORT'

strange !!!



btw:
erez@homer:~$ echo $SHELL
/bin/bash
erez@homer:~$ cat /etc/issue
CentOS release 6.3 (Final)
Kernel \r on an \m
erez@homer:~$ uname -a
Linux homer 2.6.32-358.14.1.el6.x86_64 #1 SMP Tue Jul 16 23:51:20 UTC 2013
x86_64 x86_64 x86_64 GNU/Linux
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

compiling one kernel tree + module from another tree

[Erez D]

Hi

i am cross compiling modules for kernel 3.6.9 for an arm embedded board
(comes with kernel but no modules).
however, i need a driver for 8188eu, which does not come with this kernel.

i downloaded a new kernel tree with 8188eu driver. it is not 3.6.9 so it
will not insmod if i compile it directly (what file holds the kernel
version ?)

i copied the subdir from kernel tree 2 to kernel tree 1, however do not
know how to configure the kernel to compile it
adding 'CONFIG_RTL8188EU=m' to .config and 'make modules' does not do it

how do i do that ?



thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sending to same dest via different interfaces

[Erez D]

On Tue, Mar 4, 2014 at 10:20 AM, shimi  wrote:

> First Google result for "raw sending packet linux" might help:
> http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/
>
this is raw ethernet. i want to use the udp stack, and also use other
interfaces other then ethernet (e.g. ppp)

>
> The other way is to do normal packets, and modify the kernel routing
> behavior in between (like with 'ip rule'...) - your choice which option to
> choose :)
>
1. need to be root
2. tried that. couldn't make it work with udp

>
> -- Shimi
>
>
> On Tue, Mar 4, 2014 at 10:02 AM, Erez D  wrote:
>
>>  Hello
>>
>>
>> I have 2 external interfaces via two eth cards, both connected to the
>> internet
>>
>> I want to send a udp packet to same host:port, but choose dynamically
>> which interface to use.
>>
>> can this be done with linux, and how ?
>>
>>
>>
>> 10x
>> erez.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sending to same dest via different interfaces

[Erez D]

On Tue, Mar 4, 2014 at 11:05 AM, Elazar Leibovich  wrote:

> use the SO_BINDTODEVICE setsockopt.
>
requires me to be root ...

>
>
> On Tue, Mar 4, 2014 at 10:02 AM, Erez D  wrote:
>
>> Hello
>>
>>
>> I have 2 external interfaces via two eth cards, both connected to the
>> internet
>>
>> I want to send a udp packet to same host:port, but choose dynamically
>> which interface to use.
>>
>> can this be done with linux, and how ?
>>
>>
>>
>> 10x
>> erez.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sending to same dest via different interfaces

[Erez D]

On Tue, Mar 4, 2014 at 10:02 AM, Erez D  wrote:

> Hello
>
>
> I have 2 external interfaces via two eth cards, both connected to the
> internet
>
> I want to send a udp packet to same host:port, but choose dynamically
> which interface to use.
>
> can this be done with linux, and how ?
>

i forgot to say that the pkt source is a c program. which i have the source
for.

>
>
>
> 10x
> erez.
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

sending to same dest via different interfaces

[Erez D]

Hello


I have 2 external interfaces via two eth cards, both connected to the
internet

I want to send a udp packet to same host:port, but choose dynamically which
interface to use.

can this be done with linux, and how ?



10x
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: svn on debian chroot android

[Erez D]

On Feb 13, 2014 3:58 PM, "Tzafrir Cohen"  wrote:
>
> On Thu, Feb 13, 2014 at 11:09:37AM +0200, Erez D wrote:
> > Hello
> >
> > i am trying to use svn on my chrooted android (chrooted with app called
> > "lil's debian")
> >
> > it seems i can not get network connection using a regular user. any svn
or
> > wget command is returned with permission denied.
> > however as root it works
> >
> > but doing 'sudo svn ...' generates files with root ownership. which
means i
> > need to 'chown -R' after every update.
> >
> > so:
> > 1. is there a way to get internet access for a regular user ?
> > 2. is there a way to tell svn to create files with regular user
ownership
> > but run as root
>
> Your kernel is paranoid:
>
> It has CONFIG_ANDROID_PARANOID_NETWORK set. To get network access, add
> your user to group 3003 (inet).
>
Thamks. I'll try that
> See http://elinux.org/Android_Security#Paranoid_network-ing
>
>
> --
> Tzafrir Cohen | tzaf...@jabber.org | VIM is
> http://tzafrir.org.il || a Mutt's
> tzaf...@cohens.org.il ||  best
> tzaf...@debian.org|| friend
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: svn on debian chroot android

[Erez D]

On Thu, Feb 13, 2014 at 8:24 PM, Erez D  wrote:

>
> On Feb 13, 2014 3:58 PM, "Tzafrir Cohen"  wrote:
> >
> > On Thu, Feb 13, 2014 at 11:09:37AM +0200, Erez D wrote:
> > > Hello
> > >
> > > i am trying to use svn on my chrooted android (chrooted with app called
> > > "lil's debian")
> > >
> > > it seems i can not get network connection using a regular user. any
> svn or
> > > wget command is returned with permission denied.
> > > however as root it works
> > >
> > > but doing 'sudo svn ...' generates files with root ownership. which
> means i
> > > need to 'chown -R' after every update.
> > >
> > > so:
> > > 1. is there a way to get internet access for a regular user ?
> > > 2. is there a way to tell svn to create files with regular user
> ownership
> > > but run as root
> >
> > Your kernel is paranoid:
> >
> > It has CONFIG_ANDROID_PARANOID_NETWORK set. To get network access, add
> > your user to group 3003 (inet).
> >
> Thamks. I'll try that

works

>
> > See http://elinux.org/Android_Security#Paranoid_network-ing
> >
> >
> > --
> > Tzafrir Cohen | tzaf...@jabber.org | VIM is
> > http://tzafrir.org.il || a Mutt's
> > tzaf...@cohens.org.il ||  best
> > tzaf...@debian.org|| friend
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

svn on debian chroot android

[Erez D]

Hello

i am trying to use svn on my chrooted android (chrooted with app called
"lil's debian")

it seems i can not get network connection using a regular user. any svn or
wget command is returned with permission denied.
however as root it works

but doing 'sudo svn ...' generates files with root ownership. which means i
need to 'chown -R' after every update.

so:
1. is there a way to get internet access for a regular user ?
2. is there a way to tell svn to create files with regular user ownership
but run as root


thanks
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: time report tool

[Erez D]

however not all of my workers work on linux boxes, and command line may be
foreign for some, thats why i preffer a web interface ...

Thanks,
erez.


On Sun, Jan 12, 2014 at 9:04 PM, Steve Litt wrote:

> On Sun, 12 Jan 2014 15:08:13 +0200
> Erez D  wrote:
>
> > hello
> >
> > i'm looking for an open source tool, prefferebly web based tool, that
> > employees can report what they have worked on (i.e. this and this
> > time on that task etc ...)
> >
> > i need this so i can extract information for reporting to the mad'an
> >
> >
> > thanks
> > erez
>
> Hi Erez,
>
> I made a very simple one:
>
> http://www.troubleshooters.com/projects/tslips/
>
> Pros:
> * GPL/v2
> * Command interface, simple
> * Time file simple to parse and report
> * Can be front ended by UMENU or other menu software
> * Software is simple: Easily changed to your own needs
> * Survives reboots
>
> Cons:
> * Command interface, difficult for some users
> * Reports must be written in software, no specific reporting facility
> * Cannot track concurrent tasks (but for one person, wouldn't that be
>   cheating anyway?)
>
> HTH,
>
> SteveT
>
> Steve Litt*  http://www.troubleshooters.com/
> Troubleshooting Training  *  Human Performance
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

time report tool

[Erez D]

hello

i'm looking for an open source tool, prefferebly web based tool, that
employees can report what they have worked on (i.e. this and this time on
that task etc ...)

i need this so i can extract information for reporting to the mad'an


thanks
erez
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: slept too long in select()

[Erez D]

On Wed, Dec 25, 2013 at 6:09 PM, Jonathan Ben Avraham wrote:

> Hi Erez,
> Depends on what resolution you want. See http://lwn.net/Articles/296578/for 
> some background. I doubt that Android can interfere in any way except
> to affect latency in general. What about using an hrtimer?
>
> thanks

just FYI, i expected select to sleep for 2 seconds, it slept for 20
seconds. this is the resolution of the problem.

>  - yba
>
>
> On Wed, 25 Dec 2013, Erez D wrote:
>
>  Date: Wed, 25 Dec 2013 17:27:46 +0200
>> From: Erez D 
>> To: linux-il 
>> Subject: slept too long in select()
>>
>>
>> hello
>>
>> i've wrote a native c++ program on linux
>> it uses select to wait on events.
>>
>>
>> int n=select(maxFd+1,&rfd,&wfds,NULL, &timeval);
>>
>> some times, time spent in select() is larger than the time originally in
>> timeval prior to
>> calling select.
>> i see that many time when i run it on my phone (android).
>>
>> is it possible that android uses some machanism to susspend and resume
>> native code
>> (i know it does so to java)
>> if so, how can i overcome it ?
>>
>>
>> thanks,
>> erez.
>>
>>
>>
>>
> --
>  9590 8E58 D30D 1660 C349  673D B205 4FC4 B8F5 B7F9  ~. .~  Tk Open Systems
> =}ooO--U--
> Ooo{=
> mailto:y...@tkos.co.il tel:+972.52.486.3386 http://tkos.co.ilskype:benavrhm
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

slept too long in select()

[Erez D]

hello

i've wrote a native c++ program on linux
it uses select to wait on events.


int n=select(maxFd+1,&rfd,&wfds,NULL, &timeval);

some times, time spent in select() is larger than the time originally in
timeval prior to calling select.
i see that many time when i run it on my phone (android).

is it possible that android uses some machanism to susspend and resume
native code
(i know it does so to java)
if so, how can i overcome it ?


thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Fwd: DVB-T and Linux updated.

[Erez D]

you can get the r820T version. on eithed dx.com or ebay for around 13 usd.


On Sun, Nov 24, 2013 at 6:43 AM, Baruch Siach  wrote:

> Hi geoffrey,
>
> On Sat, Nov 23, 2013 at 06:56:35PM +0200, geoffrey mendelson wrote:
> > The third is a TerraTec Cinergy +, which uses an RTL2382U chipset and an
> > Elonics E4000 receiver.
> > These used to be available for as little as $10 on eBay.
> >
> > It is supported in the 3.8 Kernel.
> >
> > These are now very hard to get. The TerraTec ones are over $40 on eBay,
> but
> > there are ones that claim to have E4000 receivers,
> > for around $15. Many of them are listed as E4000 "upgrade version" and
> > really have (it's in the fine print) R820T tuners.
> >
> > THESE STICKS ARE NOT SUPPORTED IN LINUX. There is a working Kernel module
> > for them available, but you have to compile it yourself.
> > It is scheduled to be included in the 3.10 Kernel.
>
> It seems that support for the R820T tuner has been added in kernel version
> 3.11. See http://git.kernel.org/linus/a80abc58f.
>
> baruch
>
> --
>  http://baruch.siach.name/blog/  ~. .~   Tk Open
> Systems
> =}ooO--U--Ooo{=
>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: mysql q

[Erez D]

On Sun, Nov 17, 2013 at 10:36 AM, ik  wrote:

> Hi, I think you tackle it wrong.
>
> If there is no need for accessing the database all the time, why not cache
> the result in tools such as Memcached or Redis ?
>
then i will still need to poll  Memcached or Redis. this may speedup
things, but it is still polling, which i try to avoid

> If they are different clients (as in agents), then there are other tools
> at your disposal, such as Varnish, that create cached version for the web.
>
still neab client need to poll the server

>
> Secondly, the MySQL/MariaDB triggers really basics if you compare them to
> PG and Fb (true open source solutions), not to mention non open source
> databases such as SQL Server and Oracle.
>
> Third, try to see how you can optimize the page. If there is no need for
> constant data reading, why does it constantly refresh itself ?
>
i do not refresh the whole page, i use ajax.

i need a repsonse time from db change, to display on browser of 5 seconds,
however the db may not change in days, and then can change every second...
if we talk about polling, i need to poll every 5 seconds, but if there is
no db change, then this is in vain

i want to work event driven, and not polling, so i thought mysql has a
builtin machanism for this.
if it doesn't i will need to warp it up in some other code - i was trying
to avoid that.

thanks,
erez.


>
> Ido
>
>
> On Sun, Nov 17, 2013 at 10:18 AM, Erez D  wrote:
>
>> hello
>>
>> i have a web page that refreshes all the time to display things from a
>> mysql database which is updated from time to time.
>> however. this meens a lot of un-needed acesses to the database. and this
>> refresshing page may be openede by many browsers. causing a huge load on
>> the database.
>>
>> i know mysql supports triggers, but it seems this is only internal (i.e.
>> trigger may do a query, usually an "update" query, but this is not what i
>> need).
>>
>> I am looking for a way to leave the connection open with mysql, not
>> sending any queries, just waiting for mysql to notify me when a somthing
>> changes.
>>
>> does mysql support that ?
>> examples of doing that will be nice
>>
>>
>> thanks,
>> erez.
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

mysql q

[Erez D]

hello

i have a web page that refreshes all the time to display things from a
mysql database which is updated from time to time.
however. this meens a lot of un-needed acesses to the database. and this
refresshing page may be openede by many browsers. causing a huge load on
the database.

i know mysql supports triggers, but it seems this is only internal (i.e.
trigger may do a query, usually an "update" query, but this is not what i
need).

I am looking for a way to leave the connection open with mysql, not sending
any queries, just waiting for mysql to notify me when a somthing changes.

does mysql support that ?
examples of doing that will be nice


thanks,
erez.
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Winter clock issues in linux

[Erez D]

Thanks, I needed that ;-)


On Mon, Sep 9, 2013 at 11:57 PM, Antony Gelberg wrote:

> I put a compiled file at http://db.tt/wVCB6HJd.  I copied it to
> /usr/share/zoneinfo/Asia/Jerusalem, and on my Debian system I did
> dpkg-reconfigure tzdata which as far as I can tell copies the file to
> /etc/localtime.  You may wish to use cp instead. ;)
>
> Disclaimer: I'm not responsible for anything the file may do to your
> systems, etc, yadda.
>
> Antony
>
>
> On Sun, Sep 8, 2013 at 12:04 PM, Rabin Yasharzadehe wrote:
>
>> Download the current tzdate file from iana and compile the file yourself
>>
>> e.g -
>> http://www.borngeek.com/2009/03/16/updating-time-zone-information-in-linux/
>>
>>
>>
>> On Sun, Sep 8, 2013 at 11:56 AM, geoffrey mendelson <
>> geoffreymendel...@gmail.com> wrote:
>>
>>> On 9/8/2013 12:21 AM, E.S. Rosenberg wrote:
>>>
 What puzzles me in this whole thing is that it seems to me tzdata
 updates should be available to all versions regardless of their
 "production" state, but it seems a lot of distros are locked to
 specific versions

  Can anyone point me to a correct Asia/Jerusalem file without having to
>>> install a package? I have two old systems I want to fix, without any other
>>> mods?
>>>
>>> TIA.
>>> Geoff
>>>
>>> Geoff.
>>>
>>> --
>>> Geoffrey S. Mendelson 4X1GM/N3OWJ
>>> Jerusalem Israel.
>>>
>>>
>>>
>>> __**_
>>> Linux-il mailing list
>>> Linux-il@cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-il
>>>
>>
>>
>>
>> --
>> *Rabin*
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
>
> --
> http://www.linkedin.com/in/antgel
> http://twitter.com/antgel
>
> ___
> Linux-il mailing list
> Linux-il@cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: gdb q

[Erez D]

thanks


On Mon, Aug 5, 2013 at 9:52 AM, Constantine Shulyupin  wrote:

> It is possible
> Read more
> http://sourceware.org/gdb/onlinedocs/gdb/Separate-Debug-Files.html
>
> http://marcioandreyoliveira.blogspot.co.il/2008/03/how-to-debug-striped-programs-with-gdb.html
>
>
> On Mon, Aug 5, 2013 at 9:20 AM, Erez D  wrote:
> > hello,
> >
> >
> > using remote gdb, can i use a stripped binary on the target, and a
> > non-stiripped locally ?
> >
> >
> > thanks,
> > erez
> >
> > ___
> > Linux-il mailing list
> > Linux-il@cs.huji.ac.il
> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
> >
>
>
>
> --
> Constantine Shulyupin
> http://www.MakeLinux.co.il/
> Embedded Linux Systems
> Tel Aviv
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il