From esr+linux-il at g.jct.ac.il Mon Jun 2 13:34:47 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Mon, 2 Jun 2014 13:34:47 +0300 Subject: =?UTF-8?B?UmU6IEZ3OiBb4oCO15zXmdeg15XXp9eh4oCOXSDigI7igKvXotee15XXqteqINeU157Xpw==?= =?UTF-8?B?15XXqCDXp9eZ15nXnteqINen16bXqiDXmdeV16rXqCDXntei16nXldeoLCDXldee15jXqNeV16rXmdeU?= =?UTF-8?B?Li4u4oCs4oCO?= In-Reply-To: References: <20140520143156.20d5dfeb@telaviv1.shlomifish.org> Message-ID: Anyone care to summarize? 2014-05-20 15:33 GMT+03:00 Shlomi Fish : > > > ---------- Forwarded message ---------- > From: Shlomi Fish > Date: 2014-05-20 14:31 GMT+03:00 > Subject: Fw: [????????] ??????? ????? ????? ??? ???? ?????, ????????...?? > To: shlomif at gmail.com > > > > > Begin forwarded message: > > Date: Fri, 16 May 2014 03:42:54 -0700 > From: "Tomer Cohen" > To: ?????? > Subject: [????????] ??????? ????? ????? ??? ???? ?????, ????????...?? > > > Tomer Cohen posted in ???????? > > ????? ????? ????? ??? ???? ?????, > ???????? ???????? ?? ????? ?? ??? ???? > ?????? ?????? ????. ????? ???????? ?? > ?????? ????? ???? ?????, ???? ???? ?? > ??? ?????? ????? ?? ???? ????????? > ??????? ?????, ?????? ???????? ????? > ????? ???????? ?????? ??????? ??? > ????? ???? ????? ?????? ??????? ??? > ???? ??? ???? ?????? ???????? ?????? > ???? ?? ?????? ?????? ?????. > > ?????? ????????? ?????? ???? ????? > ????? ?????? ????? ????. ????? ?????? > ??????? ????? ???? ????? ??? ?????? > ?????? ???? ???? ?????? ??? ???????, > ?????? ??? ???? ?????? ????? ????? > ????? ??????? ?? ???? ?????? ?? ?????? > ????? ???? ?? ????? ?????? ?? ????? > ???? ????? ?????. > > ?????? ?????? ???, ???? ?? ????? > ?????? ?????? ?? ????? ?? ????? ????? > ???? ???? ????? ?? ????? ???? ?? > ?????? ????? ?? ????. ??? ????? ?? > ?????? ??? ?????? ?? ?? ?????? ??? ?? > ????? ??????? ????? ??? ?? ?????? ?? > ???? ???? ????? ?????. ???? ????? > ????? ????? ???? ????? ??? ??????? > ???? ?? ???? ?????? ???????? ???????, > ??? ?? ???? ?????? ????? ??? ????? > ?????? ????? ????? ??????. > > > > ????? ????? ????? ? ?????? ?????! > > http://www.facebook.com/l/4AQF-nhBGAQEItOxRuztcE3zaF5sKmA4I9Dzjxda5doFdeA/t.co/UZEquXgst8 > > ???? ????? ?????? ??????? ????? > ?????? ?? ????? ?????, ????? ???? ?? > ??????? ???? ??????? ?????? ?? ?????? > ????? ????? ?????? ??????? ??????? > ??? ?????? ????. ????? ????? ?????? > ???? 18:00, ????? ?... > > > Reply to this email to comment on this post. > > > > https://www.facebook.com/n/?groups%2Flinux.il%2Fpermalink%2F634694503283809%2F&aref=206374880&medium=email&mid=9dfe8dcG27b2eaf4Gc4d07e0G96Gfce3&bcode=1.1400236974.AblD1W-r8600vloj&n_m=shlomif%40shlomifish.org > > ======================================= > Reply to this email to add a comment. Change your notification settings: > > https://www.facebook.com/n/?settings&tab=notifications§ion=group_notification&aref=206374880&medium=email&mid=9dfe8dcG27b2eaf4Gc4d07e0G96Gfce3&bcode=1.1400236974.AblD1W-r8600vloj&n_m=shlomif%40shlomifish.org > > > > -- > ----------------------------------------------------------------- > Shlomi Fish http://www.shlomifish.org/ > Chuck Norris/etc. Facts - http://www.shlomifish.org/humour/bits/facts/ > > Nobody expects the Randal Schwartz condition! > ? David Fetter > > Please reply to list if it's a mailing list post - http://shlom.in/reply . > > > > -- > ------------------------------------------ > Shlomi Fish http://www.shlomifish.org/ > > Chuck Norris helps the gods that help themselves. > > Please reply to list if it's a mailing list post - http://shlom.in/reply . > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From eli at billauer.co.il Thu Jun 5 15:57:26 2014 From: eli at billauer.co.il (Eli Billauer) Date: Thu, 05 Jun 2014 15:57:26 +0300 Subject: Haifux, this Monday, on Web Weakness Message-ID: <53906936.2000207@billauer.co.il> Hello all, On Monday (June 9th), Haifux will once again reinforce our natural paranoia in Aviad Carmel's talk on Web Weakness. The short abstract is at http://www.haifux.org/lectures/324/ This is an extra announcement, as the lecture was added recently See you, Eli -- Web: http://www.billauer.co.il From eli at billauer.co.il Sat Jun 7 20:36:54 2014 From: eli at billauer.co.il (Eli Billauer) Date: Sat, 07 Jun 2014 20:36:54 +0300 Subject: [HAIFUX LECTURE] Web Weakness -- Aviad Carmel Message-ID: <53934DB6.5010406@billauer.co.il> On Monday, June 9th at 18:30, Haifux will gather to hear a talk by Aviad Carmel: Web Weakness Abstract In this talk we will go over a few weaknesses that appear in today's web: * Insecure scripts * SQL Injection * Croos Site Scripting (XSS) ================================================================= We meet in Taub building, room 6. For instructions see: http://www.haifux.org/where.html Attendance is free, and you are all invited! ================================================================== Future lectures: 23/06/14 Hash Tables TLB: Idan Yaniv ================================================================== We are always interested in hearing your talks and ideas. If you wish to give a talk, hold a discussion, or just plan some event haifux might be interested in, please contact us at webmaster at haifux.org -- Web:http://www.billauer.co.il From idokan at gmail.com Sun Jun 8 12:11:15 2014 From: idokan at gmail.com (ik) Date: Sun, 8 Jun 2014 12:11:15 +0300 Subject: detecting what does a reboot Message-ID: Hello I have a server (old centos 5) that does sometimes few times a reboot, in random hours. I removed non root permissions to execute halt, reboot and shutdown, but I wish also to try and track down what causing that reboot. Is there a way to audit-trail or just log any kind of rebooting request (including system calls), and finding out what or whom execute it ? Thanks, Ido -------------- next part -------------- An HTML attachment was scrubbed... URL: From efraim.flashner at gmail.com Sun Jun 8 12:27:58 2014 From: efraim.flashner at gmail.com (Efraim Flashner) Date: Sun, 8 Jun 2014 12:27:58 +0300 Subject: self mail hosting Message-ID: <20140608122758.3be2ddf0@x120e> I've registered a domain and set up my raspberry pi to recieve and send emails. Everything seems to be working fine, except that emails that I send to gmail get rejected by google. I've been told that google rejects email where the reverse-dns doesn't match the dns record, and because I don't have a static IP address there's not much I can do. Has anyone had success getting a static IP address without too much hassle? Currently I'm getting my internet through netvision, but we were planning on switching to 018 for their cheaper prices. Getting a static IP address seems like it would be the easiest option, followed by reconfiguring postfix to use a SMTP relay to send mail through another server, but I'd need to make sure that the header isn't changed (too much) if I do that. Also I've found keeping my sanity involves interacting with Israeli beaurocracy as little as possible, so I'd rather not call netvision for a static IP since I'm planning on leaving them anyway. If anyone has any experience doing their own mail and want to share, I'd love to hear about it. -Efraim -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From geoffreymendelson at gmail.com Sun Jun 8 12:37:57 2014 From: geoffreymendelson at gmail.com (geoffrey mendelson) Date: Sun, 08 Jun 2014 12:37:57 +0300 Subject: self mail hosting In-Reply-To: <20140608122758.3be2ddf0@x120e> References: <20140608122758.3be2ddf0@x120e> Message-ID: <53942EF5.4040303@gmail.com> On 6/8/2014 12:27 PM, Efraim Flashner wrote: > I've registered a domain and set up my raspberry pi to recieve and send > emails. Everything seems to be working fine, except that emails that I > send to gmail get rejected by google. I've been told that google > rejects email where the reverse-dns doesn't match the dns record, and > because I don't have a static IP address there's not much I can do. > > Has anyone had success getting a static IP address without too much > hassle? Currently I'm getting my internet through netvision, but we > were planning on switching to 018 for their cheaper prices. > > Getting a static IP address seems like it would be the easiest option, > followed by reconfiguring postfix to use a SMTP relay to send mail > through another server, but I'd need to make sure that the header isn't > changed (too much) if I do that. Also I've found keeping my sanity > involves interacting with Israeli beaurocracy as little as possible, so > I'd rather not call netvision for a static IP since I'm planning on > leaving them anyway. > > If anyone has any experience doing their own mail and want to share, > I'd love to hear about it. > > Gmail has a pro option where for a small fee they will act as your mail server. It may be worth it. Geoff. -- Geoffrey S. Mendelson 4X1GM/N3OWJ Jerusalem Israel. From linux at karasik.org Sun Jun 8 12:45:13 2014 From: linux at karasik.org (Vitaly) Date: Sun, 8 Jun 2014 12:45:13 +0300 Subject: self mail hosting In-Reply-To: <20140608122758.3be2ddf0@x120e> References: <20140608122758.3be2ddf0@x120e> Message-ID: You can get static IP for just about 15NIS/month, I have one from 012. Regards Vitaly On Sun, Jun 8, 2014 at 12:27 PM, Efraim Flashner wrote: > I've registered a domain and set up my raspberry pi to recieve and send > emails. Everything seems to be working fine, except that emails that I > send to gmail get rejected by google. I've been told that google > rejects email where the reverse-dns doesn't match the dns record, and > because I don't have a static IP address there's not much I can do. > > Has anyone had success getting a static IP address without too much > hassle? Currently I'm getting my internet through netvision, but we > were planning on switching to 018 for their cheaper prices. > > Getting a static IP address seems like it would be the easiest option, > followed by reconfiguring postfix to use a SMTP relay to send mail > through another server, but I'd need to make sure that the header isn't > changed (too much) if I do that. Also I've found keeping my sanity > involves interacting with Israeli beaurocracy as little as possible, so > I'd rather not call netvision for a static IP since I'm planning on > leaving them anyway. > > If anyone has any experience doing their own mail and want to share, > I'd love to hear about it. > > -Efraim > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yba at tkos.co.il Sun Jun 8 13:04:02 2014 From: yba at tkos.co.il (Jonathan Ben Avraham) Date: Sun, 8 Jun 2014 13:04:02 +0300 (IDT) Subject: detecting what does a reboot In-Reply-To: References: Message-ID: Hi Ido, If the reboot occurs as a result of a hardware fault, you might never see anything in the logs. AFAIK nothing in the Centos 5 configuration does a reboot on its own. - yba On Sun, 8 Jun 2014, ik wrote: > Date: Sun, 8 Jun 2014 12:11:15 +0300 > From: ik > To: linux-il > Subject: detecting what does a reboot > > Hello > > I have a server (old centos 5) that does sometimes few times a reboot, in random hours. > I removed non root permissions to execute halt, reboot and shutdown, but I wish also to try and track down what causing that reboot. > > Is there a way to audit-trail or just log any kind of rebooting request (including system calls), and finding out what or whom execute > it ? > > Thanks, > > Ido > > -- 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems =}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo------------{= mailto:yba at tkos.co.il tel:+972.52.486.3386 http://tkos.co.il skype:benavrhm -------------- next part -------------- _______________________________________________ Linux-il mailing list Linux-il at cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il From rabin at rabin.io Sun Jun 8 13:21:43 2014 From: rabin at rabin.io (Rabin Yasharzadehe) Date: Sun, 8 Jun 2014 13:21:43 +0300 Subject: detecting what does a reboot In-Reply-To: References: Message-ID: you can try with auditctl auditctl -w /tmp/1 -p wa -k write_or_access > *--Rabin* On Sun, Jun 8, 2014 at 12:11 PM, ik wrote: > Hello > > I have a server (old centos 5) that does sometimes few times a reboot, in > random hours. > I removed non root permissions to execute halt, reboot and shutdown, but I > wish also to try and track down what causing that reboot. > > Is there a way to audit-trail or just log any kind of rebooting request > (including system calls), and finding out what or whom execute it ? > > Thanks, > > Ido > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From moish at mln.co.il Sun Jun 8 13:08:19 2014 From: moish at mln.co.il (Moish) Date: Sun, 08 Jun 2014 13:08:19 +0300 Subject: self mail hosting In-Reply-To: <20140608122758.3be2ddf0@x120e> References: <20140608122758.3be2ddf0@x120e> Message-ID: <53943613.7020508@mln.co.il> An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Sun Jun 8 13:31:24 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 8 Jun 2014 13:31:24 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> Message-ID: If you use your ISPs' smart host you should also be OK... 2014-06-08 12:45 GMT+03:00 Vitaly : > You can get static IP for just about 15NIS/month, I have one from 012. > Regards > Vitaly > > > On Sun, Jun 8, 2014 at 12:27 PM, Efraim Flashner < > efraim.flashner at gmail.com> wrote: > >> I've registered a domain and set up my raspberry pi to recieve and send >> emails. Everything seems to be working fine, except that emails that I >> send to gmail get rejected by google. I've been told that google >> rejects email where the reverse-dns doesn't match the dns record, and >> because I don't have a static IP address there's not much I can do. >> >> Has anyone had success getting a static IP address without too much >> hassle? Currently I'm getting my internet through netvision, but we >> were planning on switching to 018 for their cheaper prices. >> >> Getting a static IP address seems like it would be the easiest option, >> followed by reconfiguring postfix to use a SMTP relay to send mail >> through another server, but I'd need to make sure that the header isn't >> changed (too much) if I do that. Also I've found keeping my sanity >> involves interacting with Israeli beaurocracy as little as possible, so >> I'd rather not call netvision for a static IP since I'm planning on >> leaving them anyway. >> >> If anyone has any experience doing their own mail and want to share, >> I'd love to hear about it. >> >> -Efraim >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matanya at foss.co.il Sun Jun 8 13:35:24 2014 From: matanya at foss.co.il (matanya) Date: Sun, 08 Jun 2014 13:35:24 +0300 Subject: self mail hosting In-Reply-To: References: Message-ID: <20ee5fa79439a75b4d39943e99fd5c33@foss.co.il> I got Static ip from netvision for 9NIS/Month before I left them. Just say you have camera's and file servers. -------------- next part -------------- An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Sun Jun 8 13:55:31 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 8 Jun 2014 13:55:31 +0300 Subject: self mail hosting In-Reply-To: <20ee5fa79439a75b4d39943e99fd5c33@foss.co.il> References: <20ee5fa79439a75b4d39943e99fd5c33@foss.co.il> Message-ID: Do those static IPs include setting the PTR record to whatever you want it to be? Otherwise there is really no point since a part (though not all) of the security is "is the PTR and the claimed hostname.domain.tld the same?" Since the IP is theirs you have no control over the PTR unless they give that to you as well. Regards, Eliyahu - ????? 2014-06-08 13:35 GMT+03:00 matanya : > I got Static ip from netvision for 9NIS/Month before I left them. Just > say you have camera's and file servers. > > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matanya at foss.co.il Sun Jun 8 13:59:08 2014 From: matanya at foss.co.il (matanya) Date: Sun, 08 Jun 2014 13:59:08 +0300 Subject: self mail hosting In-Reply-To: References: <20ee5fa79439a75b4d39943e99fd5c33@foss.co.il> Message-ID: <7cf0b85ec910d0b2e238070af78335b1@foss.co.il> You should be able to set that in your domain dns panel from your provider. It should point to your Static IP On 2014-06-08 13:55, E.S. Rosenberg wrote: > Do those static IPs include setting the PTR record to whatever you want it to be? Otherwise there is really no point since a part (though not all) of the security is "is the PTR and the claimed hostname.domain.tld the same?" Since the IP is theirs you have no control over the PTR unless they give that to you as well. > > Regards, > Eliyahu - ????? > > 2014-06-08 13:35 GMT+03:00 matanya : > >> I got Static ip from netvision for 9NIS/Month before I left them. Just say you have camera's and file servers. >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il [1] Links: ------ [1] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -------------- next part -------------- An HTML attachment was scrubbed... URL: From efraim.flashner at gmail.com Sun Jun 8 14:22:32 2014 From: efraim.flashner at gmail.com (Efraim Flashner) Date: Sun, 8 Jun 2014 14:22:32 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> Message-ID: <20140608142232.565a9d79@x120e> using netvision's smart host shouldn't change my from or reply-to something at netvision? On Sun, 8 Jun 2014 13:31:24 +0300 "E.S. Rosenberg" wrote: > If you use your ISPs' smart host you should also be OK... > > > 2014-06-08 12:45 GMT+03:00 Vitaly : > > > You can get static IP for just about 15NIS/month, I have one from > > 012. Regards > > Vitaly > > > > > > On Sun, Jun 8, 2014 at 12:27 PM, Efraim Flashner < > > efraim.flashner at gmail.com> wrote: > > > >> I've registered a domain and set up my raspberry pi to recieve and > >> send emails. Everything seems to be working fine, except that > >> emails that I send to gmail get rejected by google. I've been > >> told that google rejects email where the reverse-dns doesn't match > >> the dns record, and because I don't have a static IP address > >> there's not much I can do. > >> > >> Has anyone had success getting a static IP address without too much > >> hassle? Currently I'm getting my internet through netvision, but we > >> were planning on switching to 018 for their cheaper prices. > >> > >> Getting a static IP address seems like it would be the easiest > >> option, followed by reconfiguring postfix to use a SMTP relay to > >> send mail through another server, but I'd need to make sure that > >> the header isn't changed (too much) if I do that. Also I've found > >> keeping my sanity involves interacting with Israeli beaurocracy as > >> little as possible, so I'd rather not call netvision for a static > >> IP since I'm planning on leaving them anyway. > >> > >> If anyone has any experience doing their own mail and want to > >> share, I'd love to hear about it. > >> > >> -Efraim > >> > >> _______________________________________________ > >> Linux-il mailing list > >> Linux-il at cs.huji.ac.il > >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > >> > >> > > > > _______________________________________________ > > Linux-il mailing list > > Linux-il at cs.huji.ac.il > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > -- Efraim Flashner efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From efraim.flashner at gmail.com Sun Jun 8 14:38:54 2014 From: efraim.flashner at gmail.com (Efraim Flashner) Date: Sun, 8 Jun 2014 14:38:54 +0300 Subject: self mail hosting In-Reply-To: <53943613.7020508@mln.co.il> References: <20140608122758.3be2ddf0@x120e> <53943613.7020508@mln.co.il> Message-ID: <20140608143854.6a9de236@x120e> I have a 256MB modelB with an 8GB SD card and an external harddrive. Postfix and dovecote don't take a lot of processing power, spamassassin a bit more, but not so much. I also have it running deluge, which crashes a little too often for me, so I have a cron job running to relaunch it if it crashes. Fileserving works well. I tried using it as a SIP host but something wasn't working so I gave up on that one. I also tried owncloud, but it was way too laggy and also prone to crashing, so I gave up on it also. I haven't tried running a mumble or irc server, but I'm guessing it should work. mpd should work but it isn't something I particularly need. With how low the demand is on the server with postfix and dovecot, I'm assuming that it should be able to run mailman for a mailinglist easily. On Sun, 08 Jun 2014 13:08:19 +0300 Moish wrote: > I'm using static ip from Netvision. 40+nis inc vat for 10mb/0.8 mb. > What kind of storage do you use (usb disk, mem card..)?? How does RP > perform? > > On 08/06/2014 12:27, Efraim Flashner wrote: > I've registered a domain and set up my raspberry pi to recieve and > send emails. Everything seems to be working fine, except that emails > that I send to gmail get rejected by google. I've been told that > google rejects email where the reverse-dns doesn't match the dns > record, and because I don't have a static IP address there's not much > I can do. > > Has anyone had success getting a static IP address without too much > hassle? Currently I'm getting my internet through netvision, but we > were planning on switching to 018 for their cheaper prices. > > Getting a static IP address seems like it would be the easiest option, > followed by reconfiguring postfix to use a SMTP relay to send mail > through another server, but I'd need to make sure that the header > isn't changed (too much) if I do that. Also I've found keeping my > sanity involves interacting with Israeli beaurocracy as little as > possible, so I'd rather not call netvision for a static IP since I'm > planning on leaving them anyway. > > If anyone has any experience doing their own mail and want to share, > I'd love to hear about it. > > -Efraim > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -- Efraim Flashner efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From gabor at szabgab.com Sun Jun 8 14:39:19 2014 From: gabor at szabgab.com (Gabor Szabo) Date: Sun, 8 Jun 2014 14:39:19 +0300 Subject: self mail hosting In-Reply-To: <20140608142232.565a9d79@x120e> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> Message-ID: Instead of getting a static IP and doing this at home, have you considered renting a VPS? For example at Digital Ocean you can get one for $5/month which is not much more than the 15 NIS / month that was mentioned here for static IP and it is very easy to handle. Such server can do way more than just handling your e-mail. I have two "droplets" there. https://www.digitalocean.com/ Gabor and if you are in the mood, use my refcode to give me some credit https://www.digitalocean.com/?refcode=0d4cc75b3a74 -------------- next part -------------- An HTML attachment was scrubbed... URL: From efraim.flashner at gmail.com Sun Jun 8 14:56:10 2014 From: efraim.flashner at gmail.com (Efraim Flashner) Date: Sun, 8 Jun 2014 14:56:10 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> Message-ID: <20140608145610.20ef8562@x120e> On Sun, 8 Jun 2014 14:39:19 +0300 Gabor Szabo wrote: > Instead of getting a static IP and doing this at home, have you > considered renting a VPS? > For example at Digital Ocean you can get one for $5/month which is > not much more than > the 15 NIS / month that was mentioned here for static IP and it is > very easy to handle. > > Such server can do way more than just handling your e-mail. I have > two "droplets" there. > > https://www.digitalocean.com/ > > Gabor > > and if you are in the mood, use my refcode to give me some credit > > https://www.digitalocean.com/?refcode=0d4cc75b3a74 Thats my plan B or so. It is more powerful than the RPi and it would free me up to play with the RPi as a desktop system. -- Efraim Flashner efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From esr+linux-il at g.jct.ac.il Sun Jun 8 17:38:12 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 8 Jun 2014 17:38:12 +0300 Subject: self mail hosting In-Reply-To: <7cf0b85ec910d0b2e238070af78335b1@foss.co.il> References: <20ee5fa79439a75b4d39943e99fd5c33@foss.co.il> <7cf0b85ec910d0b2e238070af78335b1@foss.co.il> Message-ID: Re:All 2014-06-08 13:59 GMT+03:00 matanya : > You should be able to set that in your domain dns panel from your > provider. It should point to your Static IP > You can't set a PTR record for an IP that is in a block you don't own, PTR records are unique, only one per IP is supposed to exists, so if your domain provider and your ISP are not the same there is no way for you to set a PTR without your ISPs' cooperation. (PTR lookups go to the nameserver of whoever owns the IP block, not of some random nameserver that happens to have a PTR record for that block) Also note that though you can get a fixed IP at home the IP may still be flagged in anti-spam databases as "non-server" space and therefor suspicious/no-accept. Regards, Eliyahu - ????? > > > > On 2014-06-08 13:55, E.S. Rosenberg wrote: > > Do those static IPs include setting the PTR record to whatever you want > it to be? > Otherwise there is really no point since a part (though not all) of the > security is "is the PTR and the claimed hostname.domain.tld the same?" > Since the IP is theirs you have no control over the PTR unless they give > that to you as well. > > Regards, > Eliyahu - ????? > > > 2014-06-08 13:35 GMT+03:00 matanya : > >> I got Static ip from netvision for 9NIS/Month before I left them. Just >> say you have camera's and file servers. >> >> >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Sun Jun 8 17:47:18 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 8 Jun 2014 17:47:18 +0300 Subject: self mail hosting In-Reply-To: <20140608142232.565a9d79@x120e> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> Message-ID: 2014-06-08 14:22 GMT+03:00 Efraim Flashner : > using netvision's smart host shouldn't change my from or reply-to > something at netvision? > No, as long as you are an authenticated user it should pass whetever mail you want, it may or may not be flagged as 100% trustworthy since it won't be your "official" smtp server, but you may be able to set policies that declare that it is a trusted origin server. ( You can for instance also send you @gmail mail through a smarthost, but it will result in a warning showing in gmail that the mail may not be from the person since the mail came from a non-google smtp server. Also note that the smart host will most likely not use TLS for communication between smtp servers (it may use it for you>smarthost, depending on how good your ISP is), but you would anyhow only be able to do that if you are willing to shell out the required money to get a signed certificate (self signed is nice for testing but 3rd parties will never accept them [as they should]). By the way does your ISP even allow incoming port 25 traffic? They generally block that in an attempt to stymie spam. (Outgoing is often only through the smarthost while incoming is generally completely blocked). Regards, Eliyahu - ????? > > > On Sun, 8 Jun 2014 13:31:24 +0300 > "E.S. Rosenberg" wrote: > > > If you use your ISPs' smart host you should also be OK... > > > > > > 2014-06-08 12:45 GMT+03:00 Vitaly : > > > > > You can get static IP for just about 15NIS/month, I have one from > > > 012. Regards > > > Vitaly > > > > > > > > > On Sun, Jun 8, 2014 at 12:27 PM, Efraim Flashner < > > > efraim.flashner at gmail.com> wrote: > > > > > >> I've registered a domain and set up my raspberry pi to recieve and > > >> send emails. Everything seems to be working fine, except that > > >> emails that I send to gmail get rejected by google. I've been > > >> told that google rejects email where the reverse-dns doesn't match > > >> the dns record, and because I don't have a static IP address > > >> there's not much I can do. > > >> > > >> Has anyone had success getting a static IP address without too much > > >> hassle? Currently I'm getting my internet through netvision, but we > > >> were planning on switching to 018 for their cheaper prices. > > >> > > >> Getting a static IP address seems like it would be the easiest > > >> option, followed by reconfiguring postfix to use a SMTP relay to > > >> send mail through another server, but I'd need to make sure that > > >> the header isn't changed (too much) if I do that. Also I've found > > >> keeping my sanity involves interacting with Israeli beaurocracy as > > >> little as possible, so I'd rather not call netvision for a static > > >> IP since I'm planning on leaving them anyway. > > >> > > >> If anyone has any experience doing their own mail and want to > > >> share, I'd love to hear about it. > > >> > > >> -Efraim > > >> > > >> _______________________________________________ > > >> Linux-il mailing list > > >> Linux-il at cs.huji.ac.il > > >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > >> > > >> > > > > > > _______________________________________________ > > > Linux-il mailing list > > > Linux-il at cs.huji.ac.il > > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > > > > > > -- > Efraim Flashner > efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From efraim.flashner at gmail.com Sun Jun 8 17:58:50 2014 From: efraim.flashner at gmail.com (Efraim Flashner) Date: Sun, 8 Jun 2014 17:58:50 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> Message-ID: <20140608175850.38e90339@x120e> On Sun, 8 Jun 2014 17:47:18 +0300 "E.S. Rosenberg" wrote: > 2014-06-08 14:22 GMT+03:00 Efraim Flashner > : > > > using netvision's smart host shouldn't change my from or reply-to > > something at netvision? > > > No, as long as you are an authenticated user it should pass whetever > mail you want, it may or may not be flagged as 100% trustworthy since > it won't be your "official" smtp server, but you may be able to set > policies that declare that it is a trusted origin server. ( > You can for instance also send you @gmail mail through a smarthost, > but it will result in a warning showing in gmail that the mail may > not be from the person since the mail came from a non-google smtp > server. Also note that the smart host will most likely not use TLS for > communication between smtp servers (it may use it for you>smarthost, > depending on how good your ISP is), but you would anyhow only be able > to do that if you are willing to shell out the required money to get > a signed certificate (self signed is nice for testing but 3rd parties > will never accept them [as they should]). I have my certificate signed by CACert, but if that doesn't look like enough then I'll probably decide if it's worth it based on the price. > By the way does your ISP even allow incoming port 25 traffic? They > generally block that in an attempt to stymie spam. > (Outgoing is often only through the smarthost while incoming is > generally completely blocked). > Regards, > Eliyahu - ????? > Incoming works completely, I test mailed myself from gmail using my cellphone. > > > > > > On Sun, 8 Jun 2014 13:31:24 +0300 > > "E.S. Rosenberg" wrote: > > > > > If you use your ISPs' smart host you should also be OK... > > > > > > > > > 2014-06-08 12:45 GMT+03:00 Vitaly : > > > > > > > You can get static IP for just about 15NIS/month, I have one > > > > from 012. Regards > > > > Vitaly > > > > > > > > > > > > On Sun, Jun 8, 2014 at 12:27 PM, Efraim Flashner < > > > > efraim.flashner at gmail.com> wrote: > > > > > > > >> I've registered a domain and set up my raspberry pi to recieve > > > >> and send emails. Everything seems to be working fine, except > > > >> that emails that I send to gmail get rejected by google. I've > > > >> been told that google rejects email where the reverse-dns > > > >> doesn't match the dns record, and because I don't have a > > > >> static IP address there's not much I can do. > > > >> > > > >> Has anyone had success getting a static IP address without too > > > >> much hassle? Currently I'm getting my internet through > > > >> netvision, but we were planning on switching to 018 for their > > > >> cheaper prices. > > > >> > > > >> Getting a static IP address seems like it would be the easiest > > > >> option, followed by reconfiguring postfix to use a SMTP relay > > > >> to send mail through another server, but I'd need to make sure > > > >> that the header isn't changed (too much) if I do that. Also > > > >> I've found keeping my sanity involves interacting with Israeli > > > >> beaurocracy as little as possible, so I'd rather not call > > > >> netvision for a static IP since I'm planning on leaving them > > > >> anyway. > > > >> > > > >> If anyone has any experience doing their own mail and want to > > > >> share, I'd love to hear about it. > > > >> > > > >> -Efraim > > > >> > > > >> _______________________________________________ > > > >> Linux-il mailing list > > > >> Linux-il at cs.huji.ac.il > > > >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > >> > > > >> > > > > > > > > _______________________________________________ > > > > Linux-il mailing list > > > > Linux-il at cs.huji.ac.il > > > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > > > > > > > > > > > > -- > > Efraim Flashner > > efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 > > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > > > _______________________________________________ > > Linux-il mailing list > > Linux-il at cs.huji.ac.il > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > -- Efraim Flashner efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From baruch at tkos.co.il Sun Jun 8 18:03:37 2014 From: baruch at tkos.co.il (Baruch Siach) Date: Sun, 8 Jun 2014 18:03:37 +0300 Subject: self mail hosting In-Reply-To: References: <20ee5fa79439a75b4d39943e99fd5c33@foss.co.il> <7cf0b85ec910d0b2e238070af78335b1@foss.co.il> Message-ID: <20140608150337.GD4074@tarshish> Hi Eliyahu, Matanya, On Sun, Jun 08, 2014 at 05:38:12PM +0300, E.S. Rosenberg wrote: > Also note that though you can get a fixed IP at home the IP may still be > flagged in anti-spam databases as "non-server" space and therefor > suspicious/no-accept. These are called RBLs or DNSBLs (http://en.wikipedia.org/wiki/DNSBL). You can use a multi-RBL service like http://multirbl.valli.org/ to check whether your own static IP address is listed in any of 200+ RBLs. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - From esr+linux-il at g.jct.ac.il Sun Jun 8 18:21:49 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 8 Jun 2014 18:21:49 +0300 Subject: self mail hosting In-Reply-To: <20140608175850.38e90339@x120e> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <20140608175850.38e90339@x120e> Message-ID: 2014-06-08 17:58 GMT+03:00 Efraim Flashner : > On Sun, 8 Jun 2014 17:47:18 +0300 > "E.S. Rosenberg" wrote: > > > 2014-06-08 14:22 GMT+03:00 Efraim Flashner > > : > > > > > using netvision's smart host shouldn't change my from or reply-to > > > something at netvision? > > > > > No, as long as you are an authenticated user it should pass whetever > > mail you want, it may or may not be flagged as 100% trustworthy since > > it won't be your "official" smtp server, but you may be able to set > > policies that declare that it is a trusted origin server. ( > > You can for instance also send you @gmail mail through a smarthost, > > but it will result in a warning showing in gmail that the mail may > > not be from the person since the mail came from a non-google smtp > > server. Also note that the smart host will most likely not use TLS for > > communication between smtp servers (it may use it for you>smarthost, > > depending on how good your ISP is), but you would anyhow only be able > > to do that if you are willing to shell out the required money to get > > a signed certificate (self signed is nice for testing but 3rd parties > > will never accept them [as they should]). > > I have my certificate signed by CACert, but if that doesn't look like > enough then I'll probably decide if it's worth it based on the price. > If CAcert is referring to an accepted authority and not to the signing script provided by openssl you should be fine, otherwise you would need to convince the 3rd parties that they should trust you as a signing body... If I'm not mistaken there is a free ssl signing auth for applications like this, I just don't remember their name. > > > By the way does your ISP even allow incoming port 25 traffic? They > > generally block that in an attempt to stymie spam. > > (Outgoing is often only through the smarthost while incoming is > > generally completely blocked). > > Regards, > > Eliyahu - ????? > > > > Incoming works completely, I test mailed myself from gmail using my > cellphone. > > > > > > > > > > On Sun, 8 Jun 2014 13:31:24 +0300 > > > "E.S. Rosenberg" wrote: > > > > > > > If you use your ISPs' smart host you should also be OK... > > > > > > > > > > > > 2014-06-08 12:45 GMT+03:00 Vitaly : > > > > > > > > > You can get static IP for just about 15NIS/month, I have one > > > > > from 012. Regards > > > > > Vitaly > > > > > > > > > > > > > > > On Sun, Jun 8, 2014 at 12:27 PM, Efraim Flashner < > > > > > efraim.flashner at gmail.com> wrote: > > > > > > > > > >> I've registered a domain and set up my raspberry pi to recieve > > > > >> and send emails. Everything seems to be working fine, except > > > > >> that emails that I send to gmail get rejected by google. I've > > > > >> been told that google rejects email where the reverse-dns > > > > >> doesn't match the dns record, and because I don't have a > > > > >> static IP address there's not much I can do. > > > > >> > > > > >> Has anyone had success getting a static IP address without too > > > > >> much hassle? Currently I'm getting my internet through > > > > >> netvision, but we were planning on switching to 018 for their > > > > >> cheaper prices. > > > > >> > > > > >> Getting a static IP address seems like it would be the easiest > > > > >> option, followed by reconfiguring postfix to use a SMTP relay > > > > >> to send mail through another server, but I'd need to make sure > > > > >> that the header isn't changed (too much) if I do that. Also > > > > >> I've found keeping my sanity involves interacting with Israeli > > > > >> beaurocracy as little as possible, so I'd rather not call > > > > >> netvision for a static IP since I'm planning on leaving them > > > > >> anyway. > > > > >> > > > > >> If anyone has any experience doing their own mail and want to > > > > >> share, I'd love to hear about it. > > > > >> > > > > >> -Efraim > > > > >> > > > > >> _______________________________________________ > > > > >> Linux-il mailing list > > > > >> Linux-il at cs.huji.ac.il > > > > >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > >> > > > > >> > > > > > > > > > > _______________________________________________ > > > > > Linux-il mailing list > > > > > Linux-il at cs.huji.ac.il > > > > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > > > > > > > > > > > > > > > > > > -- > > > Efraim Flashner > > > efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 > > > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > > > > > _______________________________________________ > > > Linux-il mailing list > > > Linux-il at cs.huji.ac.il > > > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > > > > > > -- > Efraim Flashner > efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 > GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From geoff at QuiteLikely.com Sun Jun 8 18:26:50 2014 From: geoff at QuiteLikely.com (Geoff Shang) Date: Sun, 8 Jun 2014 18:26:50 +0300 (IDT) Subject: self mail hosting In-Reply-To: <20140608122758.3be2ddf0@x120e> References: <20140608122758.3be2ddf0@x120e> Message-ID: Hi, We use a VPS for this. This is much easier than trying to do it on an ISP-hosted IP address/setup and is likely to remain so. It is worth checking that the IP address you get for a VPS isn't on any DNSBLs before you set it up. Geoff. From baruch at tkos.co.il Sun Jun 8 18:33:11 2014 From: baruch at tkos.co.il (Baruch Siach) Date: Sun, 8 Jun 2014 18:33:11 +0300 Subject: self mail hosting In-Reply-To: <20140608175850.38e90339@x120e> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <20140608175850.38e90339@x120e> Message-ID: <20140608153311.GE4074@tarshish> Hi Efraim, On Sun, Jun 08, 2014 at 05:58:50PM +0300, Efraim Flashner wrote: > On Sun, 8 Jun 2014 17:47:18 +0300 > "E.S. Rosenberg" wrote: > > > 2014-06-08 14:22 GMT+03:00 Efraim Flashner > > : > > > > > using netvision's smart host shouldn't change my from or reply-to > > > something at netvision? > > > > > No, as long as you are an authenticated user it should pass whetever > > mail you want, it may or may not be flagged as 100% trustworthy since > > it won't be your "official" smtp server, but you may be able to set > > policies that declare that it is a trusted origin server. ( > > You can for instance also send you @gmail mail through a smarthost, > > but it will result in a warning showing in gmail that the mail may > > not be from the person since the mail came from a non-google smtp > > server. Also note that the smart host will most likely not use TLS for > > communication between smtp servers (it may use it for you>smarthost, > > depending on how good your ISP is), but you would anyhow only be able > > to do that if you are willing to shell out the required money to get > > a signed certificate (self signed is nice for testing but 3rd parties > > will never accept them [as they should]). > > I have my certificate signed by CACert, but if that doesn't look like > enough then I'll probably decide if it's worth it based on the price. CAcert's certificate are not generally trusted (see http://lwn.net/Articles/590879/). A free alternative is StartCom's StartSSL. See http://arstechnica.com/information-technology/2014/03/taking-e-mail-back-part-2-arming-your-server-with-postfix-dovecot/ for a detailed description. baruch -- http://baruch.siach.name/blog/ ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - From shachar at shemesh.biz Sun Jun 8 19:00:12 2014 From: shachar at shemesh.biz (Shachar Shemesh) Date: Sun, 08 Jun 2014 19:00:12 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> Message-ID: <5394888C.3050503@shemesh.biz> On 08/06/14 14:39, Gabor Szabo wrote: > Instead of getting a static IP and doing this at home, have you > considered renting a VPS? > For example at Digital Ocean you can get one for $5/month which is not > much more than > the 15 NIS / month that was mentioned here for static IP and it is > very easy to handle. > > Such server can do way more than just handling your e-mail. I have > two "droplets" there. > > https://www.digitalocean.com/ > > Gabor > > and if you are in the mood, use my refcode to give me some credit > > https://www.digitalocean.com/?refcode=0d4cc75b3a74 > > > > I personally use contabo (http://contabo.com/?show=vps). Their cheapest plan is slightly more expensive (8Euro/month), but provide oh so much more (comparing with the similarly priced plan at digital ocean: 200GB storage vs. 30GB, 4GB memory vs. 1GB, Unlimited traffic (so long as the average isn't over 20Mb/s) vs. 2TB). To be fair, assuming completely uniform traffic distribution, that last number translates to a bit over 6TB/month. Since no one's traffic is really uniform, I think we can assume that the traffic cap is, more or less, the same. I'd send a syndicated link, but I don't think they have such a program. I have absolutely zero stake in whether you use their service or not. Shachar -------------- next part -------------- An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Sun Jun 8 19:11:15 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 8 Jun 2014 19:11:15 +0300 Subject: self mail hosting In-Reply-To: <5394888C.3050503@shemesh.biz> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> Message-ID: Slightly OT, but if I went for a VPS for my mail I'd probably want them to be outside of US jurisdition, are these? 2014-06-08 19:00 GMT+03:00 Shachar Shemesh : > On 08/06/14 14:39, Gabor Szabo wrote: > > Instead of getting a static IP and doing this at home, have you considered > renting a VPS? > For example at Digital Ocean you can get one for $5/month which is not > much more than > the 15 NIS / month that was mentioned here for static IP and it is very > easy to handle. > > Such server can do way more than just handling your e-mail. I have two > "droplets" there. > > https://www.digitalocean.com/ > > Gabor > > and if you are in the mood, use my refcode to give me some credit > > https://www.digitalocean.com/?refcode=0d4cc75b3a74 > > > I personally use contabo (http://contabo.com/?show=vps). Their cheapest > plan is slightly more expensive (8Euro/month), but provide oh so much more > (comparing with the similarly priced plan at digital ocean: 200GB storage > vs. 30GB, 4GB memory vs. 1GB, Unlimited traffic (so long as the average > isn't over 20Mb/s) vs. 2TB). > > To be fair, assuming completely uniform traffic distribution, that last > number translates to a bit over 6TB/month. Since no one's traffic is really > uniform, I think we can assume that the traffic cap is, more or less, the > same. > > I'd send a syndicated link, but I don't think they have such a program. I > have absolutely zero stake in whether you use their service or not. > > Shachar > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shachar at shemesh.biz Sun Jun 8 19:39:17 2014 From: shachar at shemesh.biz (Shachar Shemesh) Date: Sun, 08 Jun 2014 19:39:17 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> Message-ID: <539491B5.3050301@shemesh.biz> On 08/06/14 19:11, E.S. Rosenberg wrote: > Slightly OT, but if I went for a VPS for my mail I'd probably want > them to be outside of US jurisdition, are these? > It is #%$*!@# difficult to answer whether anything is outside the US jurisdiction. I can tell you that these servers are hosted in Germany, by what appears to be a German company. These are better opening conditions than most, but that is as far as I can assure you. Shachar -------------- next part -------------- An HTML attachment was scrubbed... URL: From guy1gold at gmail.com Sun Jun 8 19:42:33 2014 From: guy1gold at gmail.com (Guy Gold) Date: Sun, 8 Jun 2014 12:42:33 -0400 Subject: self mail hosting In-Reply-To: <20140608122758.3be2ddf0@x120e> References: <20140608122758.3be2ddf0@x120e> Message-ID: On Sun, Jun 8, 2014 at 5:27 AM, Efraim Flashner wrote: > > If anyone has any experience doing their own mail and want to share, > I'd love to hear about it. > > -Efraim > Efraim, Using a globally recognized smart host makes the most sense, technically and financially. If you do end up getting a static IP, no one can assure you that it would not have a bad record somewhere, is some span engine. (many times, they do), and, if it was ever used to send spam, you'll have to go through the ranks of each spam data provider, to convince them you're actually a nice guy. When I was doing my own email, I was using smtp.com as my smarthost, they cost (about 2 years ago), 5$/month, for a high volume of email. My emails never ended up in anyone's Spam folder after using them, AFAIK. They're U.S based, so, I wonder (and hope), that someone closer to ISR offers the same service. My exim.conf (on debian) file had this: smarthost: driver = manualroute domains = ! +local_domains transport = remote_msa route_data = smtp.com:25025 no_more and also , the authentication string. And that was is it. -- Guy Gold -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux-il at shimi.net Sun Jun 8 20:40:15 2014 From: linux-il at shimi.net (shimi) Date: Sun, 8 Jun 2014 20:40:15 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> Message-ID: On Sun, Jun 8, 2014 at 7:42 PM, Guy Gold wrote: > > Using a globally recognized smart host makes the most sense, technically > and financially. > > And then, there's The Cloud (TM). http://aws.amazon.com/ses/ -- Shimi -------------- next part -------------- An HTML attachment was scrubbed... URL: From efraim.flashner at gmail.com Sun Jun 8 21:04:51 2014 From: efraim.flashner at gmail.com (Efraim Flashner) Date: Sun, 8 Jun 2014 21:04:51 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> Message-ID: <20140608210451.038661ed@x120e> On Sun, 8 Jun 2014 19:11:15 +0300 "E.S. Rosenberg" wrote: > Slightly OT, but if I went for a VPS for my mail I'd probably want > them to be outside of US jurisdition, are these? > DigitalOcean lists on the bottom of their page that they're "Proudly Made in NY" so I assume that their servers are physically located in the USA. > > 2014-06-08 19:00 GMT+03:00 Shachar Shemesh : > > > On 08/06/14 14:39, Gabor Szabo wrote: > > > > Instead of getting a static IP and doing this at home, have you > > considered renting a VPS? > > For example at Digital Ocean you can get one for $5/month which is > > not much more than > > the 15 NIS / month that was mentioned here for static IP and it is > > very easy to handle. > > > > Such server can do way more than just handling your e-mail. I have > > two "droplets" there. > > > > https://www.digitalocean.com/ > > > > Gabor > > > > and if you are in the mood, use my refcode to give me some credit > > > > https://www.digitalocean.com/?refcode=0d4cc75b3a74 > > I have $10 credit there from a promotion from jupiterbroadcasting, and I do like their pricing by the hour setup, but 20GB doesn't seem like a lot. Its plenty for me for git-annex, but I need to think of more reasons to use it before i spin up my first droplet. > > > > I personally use contabo (http://contabo.com/?show=vps). Their > > cheapest plan is slightly more expensive (8Euro/month), but provide > > oh so much more (comparing with the similarly priced plan at > > digital ocean: 200GB storage vs. 30GB, 4GB memory vs. 1GB, > > Unlimited traffic (so long as the average isn't over 20Mb/s) vs. > > 2TB). > > > > To be fair, assuming completely uniform traffic distribution, that > > last number translates to a bit over 6TB/month. Since no one's > > traffic is really uniform, I think we can assume that the traffic > > cap is, more or less, the same. > > > > I'd send a syndicated link, but I don't think they have such a > > program. I have absolutely zero stake in whether you use their > > service or not. > > > > Shachar > > The larger size sounds great, and with that much storage and ram there's a lot more options for playing with. Even if its not based in the US I'd still prefer to encrypt it, since I wouldn't have sole physical access to it. -- Efraim Flashner efraim.flashner at gmail.com 4096R/CA3D8351 created: 2013-10-08 GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available URL: From geoff at QuiteLikely.com Sun Jun 8 21:16:53 2014 From: geoff at QuiteLikely.com (Geoff Shang) Date: Sun, 8 Jun 2014 21:16:53 +0300 (IDT) Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> Message-ID: On Sun, 8 Jun 2014, E.S. Rosenberg wrote: > Slightly OT, but if I went for a VPS for my mail I'd probably want them to > be outside of US jurisdition, are these? US jurisdiction is something that is likely to change with the wind and also probably is yet to be fully tested in court. But certainly being outside the US would be a good start. I have a VPS with Gandi (gandi.net) and am pretty happy with it. They have boxes in Paris and Baltimore so make sure you pick the right one. Linode also have boxes in places like London and Japan, but as I believe they're a US company, it may not be such a good idea. Of course, non-US hosting will probably not be as cheap as US hosting, but that's just life. Geoff. From dotancohen at gmail.com Sun Jun 8 21:25:05 2014 From: dotancohen at gmail.com (Dotan Cohen) Date: Sun, 8 Jun 2014 21:25:05 +0300 Subject: self mail hosting In-Reply-To: References: <20140608122758.3be2ddf0@x120e>

Message-ID: On Sun, Jun 8, 2014 at 8:40 PM, shimi wrote: > And then, there's The Cloud (TM). http://aws.amazon.com/ses/ > This is what I use. I think I pay something like $1 monthly. I'm very happy with AWS in general. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com From gabor at szabgab.com Sun Jun 8 21:36:13 2014 From: gabor at szabgab.com (Gabor Szabo) Date: Sun, 8 Jun 2014 21:36:13 +0300 Subject: self mail hosting In-Reply-To: <20140608210451.038661ed@x120e> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> <20140608210451.038661ed@x120e> Message-ID: On Sun, Jun 8, 2014 at 9:04 PM, Efraim Flashner wrote: > On Sun, 8 Jun 2014 19:11:15 +0300 > "E.S. Rosenberg" wrote: > > > Slightly OT, but if I went for a VPS for my mail I'd probably want > > them to be outside of US jurisdition, are these? > > > > DigitalOcean lists on the bottom of their page that they're "Proudly > Made in NY" so I assume that their servers are physically located in > the USA. > > DO has servers in New York, San Francisco, Amsterdam and Singapore, but AFAIK they are a US-based company, so even if you select a server in one of the other locations, I think they are still somewhat under US jurisdiction. Who knows. IANAL. Gabor -------------- next part -------------- An HTML attachment was scrubbed... URL: From shachar at shemesh.biz Sun Jun 8 22:23:34 2014 From: shachar at shemesh.biz (Shachar Shemesh) Date: Sun, 08 Jun 2014 22:23:34 +0300 Subject: self mail hosting In-Reply-To: <20140608210451.038661ed@x120e> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> <20140608210451.038661ed@x120e> Message-ID: <5394B836.9060701@shemesh.biz> On 08/06/14 21:04, Efraim Flashner wrote: > The larger size sounds great, and with that much storage and ram > there's a lot more options for playing with. Even if its not based in > the US I'd still prefer to encrypt it, since I wouldn't have sole > physical access to it. Yeah, good luck with that. Don't forget that your hosting company has access not only to your hard disk, but also to your RAM. Encryption doesn't buy you much protection. Shachar -------------- next part -------------- An HTML attachment was scrubbed... URL: From idokan at gmail.com Sun Jun 8 22:43:49 2014 From: idokan at gmail.com (ik) Date: Sun, 8 Jun 2014 22:43:49 +0300 Subject: detecting what does a reboot In-Reply-To: References: Message-ID: Hi Jonathan, We ruled out that it happens from hardware, and at the messages log, you see a normal reboot, we just can't place the finger who or what does it. Thanks, Ido On Sun, Jun 8, 2014 at 1:04 PM, Jonathan Ben Avraham wrote: > Hi Ido, > If the reboot occurs as a result of a hardware fault, you might never see > anything in the logs. AFAIK nothing in the Centos 5 configuration does a > reboot on its own. > > - yba > > > On Sun, 8 Jun 2014, ik wrote: > > Date: Sun, 8 Jun 2014 12:11:15 +0300 >> From: ik >> To: linux-il >> Subject: detecting what does a reboot >> >> >> Hello >> >> I have a server (old centos 5) that does sometimes few times a reboot, in >> random hours. >> I removed non root permissions to execute halt, reboot and shutdown, but >> I wish also to try and track down what causing that reboot. >> >> Is there a way to audit-trail or just log any kind of rebooting request >> (including system calls), and finding out what or whom execute >> it ? >> >> Thanks, >> >> Ido >> >> >> > -- > 9590 8E58 D30D 1660 C349 673D B205 4FC4 B8F5 B7F9 ~. .~ Tk Open Systems > =}-------- Jonathan Ben-Avraham ("yba") ----------ooO--U--Ooo--------- > ---{= > mailto:yba at tkos.co.il tel:+972.52.486.3386 http://tkos.co.il > skype:benavrhm > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From elcuco at kde.org Sun Jun 8 22:53:38 2014 From: elcuco at kde.org (Diego Iastrubni) Date: Sun, 08 Jun 2014 22:53:38 +0300 Subject: detecting what does a reboot In-Reply-To: References: Message-ID: <5394BF42.3040400@kde.org> And when everything else fails - good old serial console and another machine to capture the last dieing words of this server. On 06/08/2014 01:21 PM, Rabin Yasharzadehe wrote: > you can try with auditctl > > auditctl -w /tmp/1 -p wa -k write_or_access > > > *-- > Rabin* > > > On Sun, Jun 8, 2014 at 12:11 PM, ik > wrote: > > Hello > > I have a server (old centos 5) that does sometimes few times a > reboot, in random hours. > I removed non root permissions to execute halt, reboot and > shutdown, but I wish also to try and track down what causing that > reboot. > > Is there a way to audit-trail or just log any kind of rebooting > request (including system calls), and finding out what or whom > execute it ? > > Thanks, > > Ido > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il From oron at actcom.co.il Mon Jun 9 01:03:11 2014 From: oron at actcom.co.il (Oron Peled) Date: Mon, 09 Jun 2014 01:03:11 +0300 Subject: detecting what does a reboot In-Reply-To: References: Message-ID: <2135027.4kYyeJBoxY@neon.home.il> On Sunday 08 June 2014 22:43:49 ik wrote: > We ruled out that it happens from hardware, and at the messages log, you > see a normal reboot, we just can't place the finger who or what does it. It's easy to confirm/reject that's the "reboot" command itself: * Move original command to new name (e.g: /sbin/reboot.orig) * Put in its place (e.g: /sbin/reboot) a short script. * The script would simply run: "pstree -p >> /root/reboot.log" Look at the process hierarchy in the log to find the culprit. If this log isn't generated, that means somebody doesn't run "reboot" but do an equivalent operation from software... -- Oron Peled Voice: +972-4-8228492 oron at actcom.co.il http://users.actcom.co.il/~oron ?If I have seen a little further it is by standing on the shoulders of Giants." --Isaac Newton. From esr+linux-il at g.jct.ac.il Mon Jun 9 01:18:53 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Mon, 9 Jun 2014 01:18:53 +0300 Subject: self mail hosting In-Reply-To: <5394B836.9060701@shemesh.biz> References: <20140608122758.3be2ddf0@x120e> <20140608142232.565a9d79@x120e> <5394888C.3050503@shemesh.biz> <20140608210451.038661ed@x120e> <5394B836.9060701@shemesh.biz> Message-ID: The physical location of a server is afaik irrelevant if you are dealing with a US company, an EU company which is subject to the more strict EU privacy laws would seem to be better in this case... 2014-06-08 22:23 GMT+03:00 Shachar Shemesh : > On 08/06/14 21:04, Efraim Flashner wrote: > > The larger size sounds great, and with that much storage and ram > > there's a lot more options for playing with. Even if its not based in > > the US I'd still prefer to encrypt it, since I wouldn't have sole > > physical access to it. > Yeah, good luck with that. Don't forget that your hosting company has > access not only to your hard disk, but also to your RAM. Encryption doesn't > buy you much protection. > > Shachar > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Mon Jun 9 04:37:27 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Mon, 9 Jun 2014 11:37:27 +1000 Subject: self mail hosting In-Reply-To: <20140608143854.6a9de236@x120e> References: <20140608122758.3be2ddf0@x120e> <53943613.7020508@mln.co.il> <20140608143854.6a9de236@x120e> Message-ID: On 8 June 2014 21:38, Efraim Flashner wrote: > a bit more, but not so much. I also have it running deluge, which > crashes a little too often for me, so I have a cron job running to > relaunch it if it crashes. Fileserving works well. I tried using it Consider runit (http://smarden.org/runit/) - a supposedly better iteration of daemontools (http://cr.yp.to/daemontools.html) - for process watchdog. -------------- next part -------------- An HTML attachment was scrubbed... URL: From erez0001 at gmail.com Mon Jun 9 10:14:39 2014 From: erez0001 at gmail.com (Erez D) Date: Mon, 9 Jun 2014 10:14:39 +0300 Subject: advanced dhcpd.conf Message-ID: i'm trying to match ip to macs e.g.: mac 00:11:22:33:44:01 -> 10.0.5.1 mac 00:11:22:33:44:02 -> 10.0.5.2 mac 00:11:22:33:44:03 -> 10.0.5.3 mac 00:11:22:33:44:04 -> 10.0.5.4 it does not seem to work is it possible to do that ? highlights of dhcpd.conf: class "vm" { match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) = "0:11:22:33:44"; set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1); set vmName=concat("VM-",lastMacByte); set vmIp=concat("10.0.5.",lastMacByte); } and host vmName { fixed-address vmIp; } From geoffreymendelson at gmail.com Mon Jun 9 10:33:17 2014 From: geoffreymendelson at gmail.com (geoffrey mendelson) Date: Mon, 09 Jun 2014 10:33:17 +0300 Subject: advanced dhcpd.conf In-Reply-To: References: Message-ID: <5395633D.2040605@gmail.com> On 6/9/2014 10:14 AM, Erez D wrote: > i'm trying to match ip to macs > > > e.g.: > mac 00:11:22:33:44:01 -> 10.0.5.1 > mac 00:11:22:33:44:02 -> 10.0.5.2 > mac 00:11:22:33:44:03 -> 10.0.5.3 > mac 00:11:22:33:44:04 -> 10.0.5.4 > > > > it does not seem to work > is it possible to do that ? > > > highlights of dhcpd.conf: > > class "vm" { > match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) = "0:11:22:33:44"; > set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1); > set vmName=concat("VM-",lastMacByte); > set vmIp=concat("10.0.5.",lastMacByte); > } > Is this what you want? host danny3 { fixed-address danny3; hardware ethernet 00:11:95:8e:8d:80; option host-name "danny3"; } dann3 resolves to the IP address I want. Geoff. -- Geoffrey S. Mendelson 4X1GM/N3OWJ Jerusalem Israel. From erez0001 at gmail.com Mon Jun 9 18:15:58 2014 From: erez0001 at gmail.com (Erez D) Date: Mon, 9 Jun 2014 18:15:58 +0300 Subject: advanced dhcpd.conf In-Reply-To: <5395633D.2040605@gmail.com> References: <5395633D.2040605@gmail.com> Message-ID: On Mon, Jun 9, 2014 at 10:33 AM, geoffrey mendelson wrote: > On 6/9/2014 10:14 AM, Erez D wrote: >> >> i'm trying to match ip to macs >> >> >> e.g.: >> mac 00:11:22:33:44:01 -> 10.0.5.1 >> mac 00:11:22:33:44:02 -> 10.0.5.2 >> mac 00:11:22:33:44:03 -> 10.0.5.3 >> mac 00:11:22:33:44:04 -> 10.0.5.4 >> >> >> >> it does not seem to work >> is it possible to do that ? >> >> >> highlights of dhcpd.conf: >> >> class "vm" { >> match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) = >> "0:11:22:33:44"; >> set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1); >> set vmName=concat("VM-",lastMacByte); >> set vmIp=concat("10.0.5.",lastMacByte); >> } >> > > > Is this what you want? > > host danny3 > { > fixed-address danny3; > hardware ethernet 00:11:95:8e:8d:80; > option host-name "danny3"; > } > > dann3 resolves to the IP address I want. > > Geoff. > no, i want: host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } ... host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address 10.0.5.254 } > -- > Geoffrey S. Mendelson 4X1GM/N3OWJ > Jerusalem Israel. > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il From linux-il at shimi.net Mon Jun 9 22:31:49 2014 From: linux-il at shimi.net (shimi) Date: Mon, 9 Jun 2014 22:31:49 +0300 Subject: advanced dhcpd.conf In-Reply-To: References: <5395633D.2040605@gmail.com> Message-ID: On Mon, Jun 9, 2014 at 6:15 PM, Erez D wrote: > no, i want: > host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } > host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } > host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } > ... > host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address > 10.0.5.254 } > > If it doesn't work out... php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0', STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id), 2, '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";' -- Shimi -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Tue Jun 10 00:11:25 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Tue, 10 Jun 2014 07:11:25 +1000 Subject: advanced dhcpd.conf In-Reply-To: References: <5395633D.2040605@gmail.com> Message-ID: Yup. Or do what we did at my workplace and use puppet to maintain (and generate, if needed) the configuration. On 10 Jun 2014 05:33, "shimi" wrote: > On Mon, Jun 9, 2014 at 6:15 PM, Erez D wrote: > >> no, i want: >> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } >> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } >> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } >> ... >> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address >> 10.0.5.254 } >> >> > If it doesn't work out... > > php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0', > STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id), > 2, '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";' > > -- Shimi > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From erez0001 at gmail.com Tue Jun 10 08:29:22 2014 From: erez0001 at gmail.com (Erez D) Date: Tue, 10 Jun 2014 08:29:22 +0300 Subject: advanced dhcpd.conf In-Reply-To: References: <5395633D.2040605@gmail.com> Message-ID: On Mon, Jun 9, 2014 at 10:31 PM, shimi wrote: > On Mon, Jun 9, 2014 at 6:15 PM, Erez D wrote: >> >> no, i want: >> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 } >> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 } >> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 } >> ... >> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address >> 10.0.5.254 } >> > > If it doesn't work out... > > php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0', > STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id), 2, > '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";' > > -- Shimi thanks. i didn't want to do this that way From erez0001 at gmail.com Tue Jun 10 08:30:04 2014 From: erez0001 at gmail.com (Erez D) Date: Tue, 10 Jun 2014 08:30:04 +0300 Subject: advanced dhcpd.conf In-Reply-To: References: <5395633D.2040605@gmail.com> Message-ID: On Tue, Jun 10, 2014 at 12:11 AM, Amos Shapira wrote: > Yup. > Or do what we did at my workplace and use puppet to maintain (and generate, > if needed) the configuration. > just buy a cow for a cup of milk ;-) > On 10 Jun 2014 05:33, "shimi" wrote: >> >> On Mon, Jun 9, 2014 at 6:15 PM, Erez D wrote: >>> >>> no, i want: >>> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address 10.0.5.1 >>> } >>> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address 10.0.5.2 >>> } >>> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address 10.0.5.3 >>> } >>> ... >>> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address >>> 10.0.5.254 } >>> >> >> If it doesn't work out... >> >> php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0', >> STR_PAD_LEFT)." { hardware ethernet 00:11:22:33:44:".str_pad(dechex($id), 2, >> '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";' >> >> -- Shimi >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > From linux-il at shimi.net Tue Jun 10 09:27:50 2014 From: linux-il at shimi.net (shimi) Date: Tue, 10 Jun 2014 09:27:50 +0300 Subject: advanced dhcpd.conf In-Reply-To: References: <5395633D.2040605@gmail.com> Message-ID: On Tue, Jun 10, 2014 at 8:29 AM, Erez D wrote: > On Mon, Jun 9, 2014 at 10:31 PM, shimi wrote: > > On Mon, Jun 9, 2014 at 6:15 PM, Erez D wrote: > >> > >> no, i want: > >> host vm01 { hardware ethernet 00:11:22:33:44:01 ; fixed-address > 10.0.5.1 } > >> host vm02 { hardware ethernet 00:11:22:33:44:02 ; fixed-address > 10.0.5.2 } > >> host vm03 { hardware ethernet 00:11:22:33:44:03 ; fixed-address > 10.0.5.3 } > >> ... > >> host vm254 { hardware ethernet 00:11:22:33:44:fe ; fixed-address > >> 10.0.5.254 } > >> > > > > If it doesn't work out... > > > > php -r 'foreach(range(1,254) as $id) echo "host vm".str_pad($id, 3, '0', > > STR_PAD_LEFT)." { hardware ethernet > 00:11:22:33:44:".str_pad(dechex($id), 2, > > '0', STR_PAD_LEFT)." ; fixed-address 10.0.5.$id }\n";' > > > > -- Shimi > thanks. > i didn't want to do this that way > I understand that. But sometimes the trivial solutions work best [not to mention it took me < 1 minute] :) This was just a suggestion for the case you can't get your way to work eventually and do need a solution to the problem you're trying to solve. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rabin at rabin.io Tue Jun 10 11:50:20 2014 From: rabin at rabin.io (Rabin Yasharzadehe) Date: Tue, 10 Jun 2014 11:50:20 +0300 Subject: advanced dhcpd.conf In-Reply-To: References: Message-ID: not a answer, but you can try and use the log option to debug your conf file, and make sure each function return what you expecting it to return. also you have tools like dhcping & dhcpdump which can help you debug the problem. *--Rabin* On Mon, Jun 9, 2014 at 10:14 AM, Erez D wrote: > i'm trying to match ip to macs > > > e.g.: > mac 00:11:22:33:44:01 -> 10.0.5.1 > mac 00:11:22:33:44:02 -> 10.0.5.2 > mac 00:11:22:33:44:03 -> 10.0.5.3 > mac 00:11:22:33:44:04 -> 10.0.5.4 > > > > it does not seem to work > is it possible to do that ? > > > highlights of dhcpd.conf: > > class "vm" { > match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) = > "0:11:22:33:44"; > set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1); > set vmName=concat("VM-",lastMacByte); > set vmIp=concat("10.0.5.",lastMacByte); > } > > and > > host vmName { > fixed-address vmIp; > } > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -------------- next part -------------- An HTML attachment was scrubbed... URL: From erez0001 at gmail.com Tue Jun 10 16:33:40 2014 From: erez0001 at gmail.com (Erez D) Date: Tue, 10 Jun 2014 16:33:40 +0300 Subject: advanced dhcpd.conf In-Reply-To: References:

Message-ID: thanks On Tue, Jun 10, 2014 at 11:50 AM, Rabin Yasharzadehe wrote: > not a answer, but you can try and use the log option to debug your conf > file, > and make sure each function return what you expecting it to return. > > also you have tools like dhcping & dhcpdump > which can help you debug the problem. > > -- > Rabin > > > On Mon, Jun 9, 2014 at 10:14 AM, Erez D wrote: >> >> i'm trying to match ip to macs >> >> >> e.g.: >> mac 00:11:22:33:44:01 -> 10.0.5.1 >> mac 00:11:22:33:44:02 -> 10.0.5.2 >> mac 00:11:22:33:44:03 -> 10.0.5.3 >> mac 00:11:22:33:44:04 -> 10.0.5.4 >> >> >> >> it does not seem to work >> is it possible to do that ? >> >> >> highlights of dhcpd.conf: >> >> class "vm" { >> match if binary-to-ascii (16,8,":",substring(hardware, 1, 5)) = >> "0:11:22:33:44"; >> set lastMacByte=binary-to-ascii (10,8,":",substring(hardware, 6, 1); >> set vmName=concat("VM-",lastMacByte); >> set vmIp=concat("10.0.5.",lastMacByte); >> } >> >> and >> >> host vmName { >> fixed-address vmIp; >> } >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > From linux-il at orib.net Mon Jun 16 02:12:47 2014 From: linux-il at orib.net (Ori Berger) Date: Mon, 16 Jun 2014 02:12:47 +0300 Subject: Looking for a performance/health monitoring and alerting solution Message-ID: <539E286F.7030105@orib.net> I'm looking for a single system that can track all of a remote server's health and performance status, and which stores a detailed every-few-seconds history. So far, I haven't found one comprehensive system that does it all; also, triggering alarms in "bad" situations (such as no disk space, etc). Things I'm interested in (in parentheses - how I track them at the moment. Note shinken is a nagios-compatible thing). Free disk space (shinken) Server load (shinken) Debian package and security updates (shinken) NTP drift (shinken) Service ping/reply time (shinken) Upload/download rates per interface (mrtg) Temperatures (sensord, hddtemp) Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log files) I have a few tens of servers to monitor, which I would like to do with one software and one console. Those servers are not all physically on the same network, nor do they have a VPN (so, no UDP) but tcp and ssh are mostly reliable even though they are low bandwidth. Please note that shinken (much like nagios) doesn't really give a good visible history of things it measures - only alerts; Also, it can't really sample things every few seconds - the lowest reasonable update interval (given shinken's architecture) is ~5 minutes for the things it measures above. Any recommendations? Thanks in advance, Ori From slitt at troubleshooters.com Mon Jun 16 02:42:35 2014 From: slitt at troubleshooters.com (Steve Litt) Date: Sun, 15 Jun 2014 19:42:35 -0400 Subject: Light weight, fast performance desktop computing Message-ID: <20140615194235.1d84eb7c@mydesk> Hi all, The latest Linux Productivity Magazine deals with light weight, fast performance desktop computing: http://www.troubleshooters.com/lpm/201406/201406.htm Thanks, SteveT Steve Litt * http://www.troubleshooters.com/ Troubleshooting Training * Human Performance From amos.shapira at gmail.com Mon Jun 16 03:49:06 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Mon, 16 Jun 2014 10:49:06 +1000 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: <539E286F.7030105@orib.net> References: <539E286F.7030105@orib.net> Message-ID: For a start, it looks like you put both trending and alerting in one basket. I'd keep them separate though alerting based on collected trending data is useful (e.g. don't alert just when a load threshold is crossed but only if the trending average for the part X minutes is above the threshold, or even only if it's derivative shows that it's not going to get better soon enough). See http://fractio.nl/2013/03/25/data-failures-compartments-pipelines/ for high level theory about monitoring pipelines, and a bit of a pitch for Flapjack (and start by reading the first link from it). Lindsay is a very eloquent speaker and author in general and fun to watch and read. Bottom line from the above - I'm currently not aware of a single silver bullet to do everything you need for proper monitoring. Last time I had to setup such a system (monitoring hundreds of servers for trends AND alerts) I used: 1. collectd (https://collectd.org/) for trending data - it can sample things down to once a second if you want 2. statsd (https://github.com/etsy/statsd/) for event counting (e.g. every time a Bamboo build plan started or stopped, or failed or succeeded, or other such events happend, an event was shot over to statsd to coalace and ship over to graphite). nice overview: http://codeascraft.com/2011/02/15/measure-anything-measure-everything/ 3. both of the above send data to graphite ( https://github.com/graphite-project) 4. To track things like "upgraded Bamboo" events, we used tricks like http://codeascraft.com/2010/12/08/track-every-release/. I since then learned about another project to help stick extra data with events (e.g. the version that Bamboo was upgraded to), but I can't find it right now. Here is a good summary with Graphite tips: http://kevinmccarthy.org/blog/2013/07/18/10-things-i-learned-deploying-graphite/ Alerts were generated by opsview (stay away from it, it was a mistake), which is yet another Nagios wrapper, many of the checks were based on reading the Graphite data whenever it was available ( https://github.com/olivierHa/check_graphite), but many also with plain old "nrpe" (e.g. "is the collectd/bamboo/apache/mysql/postgres/whatever process still running?"). I don't like nagios specifically and its centralization in general (which affects all other "nagios replacement" impolementations) and would rather look for something else, perhaps Sensu (http://sensuapp.org/), though it wasn't ready last time I evaluated it about a year ago. My main beef with Nagios and the other central monitoring systems is that there is a central server which orchestrates most of the monitoring. This means that: 1. There is one server which has to go through all the checks on all monitored servers in each iteration to trigger a check. With hundreds of servers and thousands of checks this could take a very long time. It could be busy checking whether the root filesystem on a throw-away bamboo agent is full (while the previous check showed that it's far from that) while your central Maven repository is burning for a few minutes. And it wouldn't help to say "check Maven repo more often" because it'll be like the IBM vs. DEC boat race - "row harder!" ( http://www.panix.com/~clp/humor/computers/programming/dec-ibm.html). 2. That server is a single point of failure, or you have to start using complex clustering solutions to keep it (and only one of it!) up - no parallel servers. 3. This server has to be very beefy to keep up with all the checks AND serve the results. In one of my former workplaces (second largest Australian ISP at the time) there was a cluster of four such servers with the checks carefully spread among them. Updating the cluster configuration was a delicate business and keeping them up wasn't pleasant and still it was very slow to serve the web interface. 4. The amount of traffic and load on the network and monitored servers is VERY wasteful - open TCP for each check, fork/exec via the NRPE agent, process exit, collect results, rinse, repeat, millions of times a day. Nagios doesn't encourage what it calls "passive monitoring" (i.e. the monitored servers initiate checks and send results, whether positive or negative, to a central server) and in general its protocol (NRPE) means that the central monitoring data collector is a bottleneck. Sensu, on the other hand, works around this by encouraging more "passive monitoring", i.e. each monitored server is responsible to monitor itself without the overhead of a central server doing the rounds and loading the network, it uses RabbitMQ message bus so its data transport and collection servers are more scalable (it also supports multiple servers), and it's OK with not sending anything if there is nothing to report (the system will still has "keepalive" checks (http://sensuapp.org/docs/0.12/keepalives) to monitor for nodes which went down). But my favourite idea for scalability is the one presented in http://linux-ha.org/source-doc/assimilation/html/index.html - each monitored host is responsible to monitor itself, without bothering anyone if there is nothing to write home about (so a bit like Sensu), and a couple of servers near it, so the "is host is alive" external monitoring is distributed across the network (and doesn't fall on the servers alone, like in Sensu), it also saves unnecessary network traffic. Unfortunately, it seems not to be ready yet ( http://linux-ha.org/source-doc/assimilation/html/_release_descriptions.html ). More points: Lack of VPN - if you can't setup a "proper" vpn then you can always look at ssh vpn (e.g. Ubuntu instructions: https://help.ubuntu.com/community/SSH_VPN), and if you can't be bothered with ssh_config "Tunnel"/"TunnelDevice" (ssh "-w" flag) then even a simple ssh port redirection with ssh -NT and autossh could do. Log concentration - look at Logstash (http://logstash.net/) for proper log collection and analysis. Hope this gives you some ideas. --Amos On 16 Jun 2014 09:13, "Ori Berger" wrote: > I'm looking for a single system that can track all of a remote server's > health and performance status, and which stores a detailed > every-few-seconds history. So far, I haven't found one comprehensive system > that does it all; also, triggering alarms in "bad" situations (such as no > disk space, etc). Things I'm interested in (in parentheses - how I track > them at the moment. Note shinken is a nagios-compatible thing). > > Free disk space (shinken) > Server load (shinken) > Debian package and security updates (shinken) > NTP drift (shinken) > Service ping/reply time (shinken) > Upload/download rates per interface (mrtg) > Temperatures (sensord, hddtemp) > Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log > files) > > I have a few tens of servers to monitor, which I would like to do with one > software and one console. Those servers are not all physically on the same > network, nor do they have a VPN (so, no UDP) but tcp and ssh are mostly > reliable even though they are low bandwidth. > > Please note that shinken (much like nagios) doesn't really give a good > visible history of things it measures - only alerts; Also, it can't really > sample things every few seconds - the lowest reasonable update interval > (given shinken's architecture) is ~5 minutes for the things it measures > above. > > Any recommendations? > > Thanks in advance, > Ori > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Mon Jun 16 04:19:59 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Mon, 16 Jun 2014 11:19:59 +1000 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: References: <539E286F.7030105@orib.net> Message-ID: Another thing - while I was digging the Sydney DevOps meetups for a talk about monitoring by a dude from Google, I stumbled across a reference to InfluxDB: http://influxdb.com/. On 16 June 2014 10:49, Amos Shapira wrote: > For a start, it looks like you put both trending and alerting in one > basket. I'd keep them separate though alerting based on collected trending > data is useful (e.g. don't alert just when a load threshold is crossed but > only if the trending average for the part X minutes is above the threshold, > or even only if it's derivative shows that it's not going to get better > soon enough). > > See http://fractio.nl/2013/03/25/data-failures-compartments-pipelines/ > for high level theory about monitoring pipelines, and a bit of a pitch for > Flapjack (and start by reading the first link from it). Lindsay is a very > eloquent speaker and author in general and fun to watch and read. > > Bottom line from the above - I'm currently not aware of a single silver > bullet to do everything you need for proper monitoring. > > Last time I had to setup such a system (monitoring hundreds of servers for > trends AND alerts) I used: > 1. collectd (https://collectd.org/) for trending data - it can sample > things down to once a second if you want > 2. statsd (https://github.com/etsy/statsd/) for event counting (e.g. > every time a Bamboo build plan started or stopped, or failed or succeeded, > or other such events happend, an event was shot over to statsd to coalace > and ship over to graphite). nice overview: > http://codeascraft.com/2011/02/15/measure-anything-measure-everything/ > 3. both of the above send data to graphite ( > https://github.com/graphite-project) > 4. To track things like "upgraded Bamboo" events, we used tricks like > http://codeascraft.com/2010/12/08/track-every-release/. I since then > learned about another project to help stick extra data with events (e.g. > the version that Bamboo was upgraded to), but I can't find it right now. > > Here is a good summary with Graphite tips: > http://kevinmccarthy.org/blog/2013/07/18/10-things-i-learned-deploying-graphite/ > > Alerts were generated by opsview (stay away from it, it was a mistake), > which is yet another Nagios wrapper, many of the checks were based on > reading the Graphite data whenever it was available ( > https://github.com/olivierHa/check_graphite), but many also with plain > old "nrpe" (e.g. "is the collectd/bamboo/apache/mysql/postgres/whatever > process still running?"). > > I don't like nagios specifically and its centralization in general (which > affects all other "nagios replacement" impolementations) and would rather > look for something else, perhaps Sensu (http://sensuapp.org/), though it > wasn't ready last time I evaluated it about a year ago. > > My main beef with Nagios and the other central monitoring systems is that > there is a central server which orchestrates most of the monitoring. This > means that: > 1. There is one server which has to go through all the checks on all > monitored servers in each iteration to trigger a check. With hundreds of > servers and thousands of checks this could take a very long time. It could > be busy checking whether the root filesystem on a throw-away bamboo agent > is full (while the previous check showed that it's far from that) while > your central Maven repository is burning for a few minutes. And it wouldn't > help to say "check Maven repo more often" because it'll be like the IBM vs. > DEC boat race - "row harder!" ( > http://www.panix.com/~clp/humor/computers/programming/dec-ibm.html). > 2. That server is a single point of failure, or you have to start using > complex clustering solutions to keep it (and only one of it!) up - no > parallel servers. > 3. This server has to be very beefy to keep up with all the checks AND > serve the results. In one of my former workplaces (second largest > Australian ISP at the time) there was a cluster of four such servers with > the checks carefully spread among them. Updating the cluster configuration > was a delicate business and keeping them up wasn't pleasant and still it > was very slow to serve the web interface. > 4. The amount of traffic and load on the network and monitored servers is > VERY wasteful - open TCP for each check, fork/exec via the NRPE agent, > process exit, collect results, rinse, repeat, millions of times a day. > > Nagios doesn't encourage what it calls "passive monitoring" (i.e. the > monitored servers initiate checks and send results, whether positive or > negative, to a central server) and in general its protocol (NRPE) means > that the central monitoring data collector is a bottleneck. > > Sensu, on the other hand, works around this by encouraging more "passive > monitoring", i.e. each monitored server is responsible to monitor itself > without the overhead of a central server doing the rounds and loading the > network, it uses RabbitMQ message bus so its data transport and collection > servers are more scalable (it also supports multiple servers), and it's OK > with not sending anything if there is nothing to report (the system will > still has "keepalive" checks (http://sensuapp.org/docs/0.12/keepalives) > to monitor for nodes which went down). > > But my favourite idea for scalability is the one presented in > http://linux-ha.org/source-doc/assimilation/html/index.html - each > monitored host is responsible to monitor itself, without bothering anyone > if there is nothing to write home about (so a bit like Sensu), and a couple > of servers near it, so the "is host is alive" external monitoring is > distributed across the network (and doesn't fall on the servers alone, like > in Sensu), it also saves unnecessary network traffic. Unfortunately, it > seems not to be ready yet ( > http://linux-ha.org/source-doc/assimilation/html/_release_descriptions.html > ). > > More points: > > Lack of VPN - if you can't setup a "proper" vpn then you can always look > at ssh vpn (e.g. Ubuntu instructions: > https://help.ubuntu.com/community/SSH_VPN), and if you can't be bothered > with ssh_config "Tunnel"/"TunnelDevice" (ssh "-w" flag) then even a simple > ssh port redirection with ssh -NT and autossh could do. > > Log concentration - look at Logstash (http://logstash.net/) for proper > log collection and analysis. > > Hope this gives you some ideas. > > --Amos > > On 16 Jun 2014 09:13, "Ori Berger" wrote: > >> I'm looking for a single system that can track all of a remote server's >> health and performance status, and which stores a detailed >> every-few-seconds history. So far, I haven't found one comprehensive system >> that does it all; also, triggering alarms in "bad" situations (such as no >> disk space, etc). Things I'm interested in (in parentheses - how I track >> them at the moment. Note shinken is a nagios-compatible thing). >> >> Free disk space (shinken) >> Server load (shinken) >> Debian package and security updates (shinken) >> NTP drift (shinken) >> Service ping/reply time (shinken) >> Upload/download rates per interface (mrtg) >> Temperatures (sensord, hddtemp) >> Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log >> files) >> >> I have a few tens of servers to monitor, which I would like to do with >> one software and one console. Those servers are not all physically on the >> same network, nor do they have a VPN (so, no UDP) but tcp and ssh are >> mostly reliable even though they are low bandwidth. >> >> Please note that shinken (much like nagios) doesn't really give a good >> visible history of things it measures - only alerts; Also, it can't really >> sample things every few seconds - the lowest reasonable update interval >> (given shinken's architecture) is ~5 minutes for the things it measures >> above. >> >> Any recommendations? >> >> Thanks in advance, >> Ori >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > -- [image: View my profile on LinkedIn] -------------- next part -------------- An HTML attachment was scrubbed... URL: From rabin at rabin.io Mon Jun 16 10:47:50 2014 From: rabin at rabin.io (Rabin Yasharzadehe) Date: Mon, 16 Jun 2014 10:47:50 +0300 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: <539E286F.7030105@orib.net> References: <539E286F.7030105@orib.net> Message-ID: I can recommend Zabbix, I was never used it on a large network (~30 server most), but i was happy with it. - you can set the monitoring interval for each item (from 1s -> days) - samples are stored in the DB, and graphs are plotted only when you need them - have a build in support for SMS and Jabber message alerts. - works with agent, but also works with SNMP and scripts you can writes. note that you'll need to provide enough storage for it. (i think they have the formula or a calculator in there website, which you can use to calculate the storage you'll need ) *--Rabin* On Mon, Jun 16, 2014 at 2:12 AM, Ori Berger wrote: > I'm looking for a single system that can track all of a remote server's > health and performance status, and which stores a detailed > every-few-seconds history. So far, I haven't found one comprehensive system > that does it all; also, triggering alarms in "bad" situations (such as no > disk space, etc). Things I'm interested in (in parentheses - how I track > them at the moment. Note shinken is a nagios-compatible thing). > > Free disk space (shinken) > Server load (shinken) > Debian package and security updates (shinken) > NTP drift (shinken) > Service ping/reply time (shinken) > Upload/download rates per interface (mrtg) > Temperatures (sensord, hddtemp) > Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log > files) > > I have a few tens of servers to monitor, which I would like to do with one > software and one console. Those servers are not all physically on the same > network, nor do they have a VPN (so, no UDP) but tcp and ssh are mostly > reliable even though they are low bandwidth. > > Please note that shinken (much like nagios) doesn't really give a good > visible history of things it measures - only alerts; Also, it can't really > sample things every few seconds - the lowest reasonable update interval > (given shinken's architecture) is ~5 minutes for the things it measures > above. > > Any recommendations? > > Thanks in advance, > Ori > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nad.oby at gmail.com Mon Jun 16 11:06:56 2014 From: nad.oby at gmail.com (Evgeniy Ginzburg) Date: Mon, 16 Jun 2014 11:06:56 +0300 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: References: <539E286F.7030105@orib.net> Message-ID: I can second Zabbix. We use it in our current setup 100+ servers, works OK. Also you can take Nagios. or one of the clones One of previous my previous monitoring solutions had 10000+ specialized requests/hour with help of custom scripts in perl & C. One thing to consider. Most of monitoring solutioms use Round-Robin Database (RRD) as backend storage for time-series data. If you'll need fine granularity for "old" (beginning with minuts/hours) data avoid those setups. https://en.wikipedia.org/wiki/Round-Robin_Database Regards, Evgeniy. On Mon, Jun 16, 2014 at 10:47 AM, Rabin Yasharzadehe wrote: > I can recommend Zabbix, I was never used it on a large network (~30 server > most), but i was happy with it. > > - you can set the monitoring interval for each item (from 1s -> days) > - samples are stored in the DB, and graphs are plotted only when you need > them > - have a build in support for SMS and Jabber message alerts. > - works with agent, but also works with SNMP and scripts you can writes. > > note that you'll need to provide enough storage for it. > (i think they have the formula or a calculator in there website, which you > can use to calculate the storage you'll need ) > > > *--Rabin* > > > On Mon, Jun 16, 2014 at 2:12 AM, Ori Berger wrote: > >> I'm looking for a single system that can track all of a remote server's >> health and performance status, and which stores a detailed >> every-few-seconds history. So far, I haven't found one comprehensive system >> that does it all; also, triggering alarms in "bad" situations (such as no >> disk space, etc). Things I'm interested in (in parentheses - how I track >> them at the moment. Note shinken is a nagios-compatible thing). >> >> Free disk space (shinken) >> Server load (shinken) >> Debian package and security updates (shinken) >> NTP drift (shinken) >> Service ping/reply time (shinken) >> Upload/download rates per interface (mrtg) >> Temperatures (sensord, hddtemp) >> Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log >> files) >> >> I have a few tens of servers to monitor, which I would like to do with >> one software and one console. Those servers are not all physically on the >> same network, nor do they have a VPN (so, no UDP) but tcp and ssh are >> mostly reliable even though they are low bandwidth. >> >> Please note that shinken (much like nagios) doesn't really give a good >> visible history of things it measures - only alerts; Also, it can't really >> sample things every few seconds - the lowest reasonable update interval >> (given shinken's architecture) is ~5 minutes for the things it measures >> above. >> >> Any recommendations? >> >> Thanks in advance, >> Ori >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -- So long, and thanks for all the fish. -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Mon Jun 16 11:25:34 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Mon, 16 Jun 2014 18:25:34 +1000 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: References: <539E286F.7030105@orib.net> Message-ID: How do you configure zabbix outside its GUI? As far as I saw so far it's not possible so you have to point and click your way through its gui. Most of what I wrote against nagios is relevant to Zabbix as well - central server etc. On 16 Jun 2014 17:49, "Rabin Yasharzadehe" wrote: > I can recommend Zabbix, I was never used it on a large network (~30 server > most), but i was happy with it. > > - you can set the monitoring interval for each item (from 1s -> days) > - samples are stored in the DB, and graphs are plotted only when you need > them > - have a build in support for SMS and Jabber message alerts. > - works with agent, but also works with SNMP and scripts you can writes. > > note that you'll need to provide enough storage for it. > (i think they have the formula or a calculator in there website, which you > can use to calculate the storage you'll need ) > > > *--Rabin* > > > On Mon, Jun 16, 2014 at 2:12 AM, Ori Berger wrote: > >> I'm looking for a single system that can track all of a remote server's >> health and performance status, and which stores a detailed >> every-few-seconds history. So far, I haven't found one comprehensive system >> that does it all; also, triggering alarms in "bad" situations (such as no >> disk space, etc). Things I'm interested in (in parentheses - how I track >> them at the moment. Note shinken is a nagios-compatible thing). >> >> Free disk space (shinken) >> Server load (shinken) >> Debian package and security updates (shinken) >> NTP drift (shinken) >> Service ping/reply time (shinken) >> Upload/download rates per interface (mrtg) >> Temperatures (sensord, hddtemp) >> Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log >> files) >> >> I have a few tens of servers to monitor, which I would like to do with >> one software and one console. Those servers are not all physically on the >> same network, nor do they have a VPN (so, no UDP) but tcp and ssh are >> mostly reliable even though they are low bandwidth. >> >> Please note that shinken (much like nagios) doesn't really give a good >> visible history of things it measures - only alerts; Also, it can't really >> sample things every few seconds - the lowest reasonable update interval >> (given shinken's architecture) is ~5 minutes for the things it measures >> above. >> >> Any recommendations? >> >> Thanks in advance, >> Ori >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> > > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rabin at rabin.io Mon Jun 16 11:44:38 2014 From: rabin at rabin.io (Rabin Yasharzadehe) Date: Mon, 16 Jun 2014 11:44:38 +0300 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: References: <539E286F.7030105@orib.net> Message-ID: On Mon, Jun 16, 2014 at 11:25 AM, Amos Shapira wrote: > How do you configure zabbix outside its GUI? As far as I saw so far it's > not possible so you have to point and click your way through its gui. > Yes, can be a lot of work at first, and the lack of proper "auto-discovery" ?& device detection , can make it a very time-consuming. Most of what I wrote against nagios is relevant to Zabbix as well - central > server etc. > Aagreed, but you can setup a zabbix proxy servers to collect the data, and one server to store it and graph it, distributing the load of a single Zabbix server. *--Rabin* -------------- next part -------------- An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Mon Jun 16 12:11:14 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Mon, 16 Jun 2014 12:11:14 +0300 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: References: <539E286F.7030105@orib.net>

Message-ID: Zabbix, nagios (which focuses more on alerts/checks but can be extended to graph) or cacti (which focuses more on graphing but can be extended to do alerts) are all excellent solutions. Amos - can you add a TL;DR about your mail? Regards, Eliyahu - ????? 2014-06-16 11:44 GMT+03:00 Rabin Yasharzadehe : > > On Mon, Jun 16, 2014 at 11:25 AM, Amos Shapira > wrote: > >> How do you configure zabbix outside its GUI? As far as I saw so far it's >> not possible so you have to point and click your way through its gui. >> > Yes, can be a lot of work at first, and the lack of proper > "auto-discovery" ?& device detection , can make it a very time-consuming. > > Most of what I wrote against nagios is relevant to Zabbix as well - >> central server etc. >> > Aagreed, but you can setup a zabbix proxy servers to collect the data, and > one server to store it and graph it, distributing the load of a single > Zabbix server. > > > > > *--Rabin* > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Mon Jun 16 13:38:24 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Mon, 16 Jun 2014 20:38:24 +1000 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: References: <539E286F.7030105@orib.net>

Message-ID: On 16 June 2014 19:11, E.S. Rosenberg wrote: > Amos - can you add a TL;DR about your mail? > Nagios and its ilk are not scalable or efficient, resulting in very complex setup and too slow event discovery. Zabbix is not a good fit if you want to have an automatic setup using things like Puppet. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vitaly at karasik.org Mon Jun 16 15:01:35 2014 From: vitaly at karasik.org (Vitaly) Date: Mon, 16 Jun 2014 15:01:35 +0300 Subject: Looking for a performance/health monitoring and alerting solution In-Reply-To: <539E286F.7030105@orib.net> References: <539E286F.7030105@orib.net> Message-ID: I vote for Zenoss Core (http://www.zenoss.org/) - takes care of both performance monitoring & events/alerts, with very flexible events processing. For some reason less popular in Israel when Zabbix, but has very impressive list of US customers. regards, Vitaly PS: presented Zenoss for ILTechTalk http://www.meetup.com/ILTechTalks/events/125902492/ On Mon, Jun 16, 2014 at 2:12 AM, Ori Berger wrote: > I'm looking for a single system that can track all of a remote server's > health and performance status, and which stores a detailed > every-few-seconds history. So far, I haven't found one comprehensive system > that does it all; also, triggering alarms in "bad" situations (such as no > disk space, etc). Things I'm interested in (in parentheses - how I track > them at the moment. Note shinken is a nagios-compatible thing). > > Free disk space (shinken) > Server load (shinken) > Debian package and security updates (shinken) > NTP drift (shinken) > Service ping/reply time (shinken) > Upload/download rates per interface (mrtg) > Temperatures (sensord, hddtemp) > Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log > files) > > I have a few tens of servers to monitor, which I would like to do with one > software and one console. Those servers are not all physically on the same > network, nor do they have a VPN (so, no UDP) but tcp and ssh are mostly > reliable even though they are low bandwidth. > > Please note that shinken (much like nagios) doesn't really give a good > visible history of things it measures - only alerts; Also, it can't really > sample things every few seconds - the lowest reasonable update interval > (given shinken's architecture) is ~5 minutes for the things it measures > above. > > Any recommendations? > > Thanks in advance, > Ori > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pub at goldshmidt.org Mon Jun 16 20:34:09 2014 From: pub at goldshmidt.org (Oleg Goldshmidt) Date: Mon, 16 Jun 2014 20:34:09 +0300 Subject: console widgets without X Message-ID: <87r42o4v3i.fsf@goldshmidt.org> Hi, I have a marketing problem. Imagine a linux box running in runlevel 3, no X. I want to have a special user who is only allowed to configure a few things on the console (physcal, VMware, whatever), but - marketing put their collective foot down hard here - the interface must "look nice". Definition of "nice" will be made clear a few lines down. The functional requirements are simple - a form with a few labeled input fields (with default values filled in at the start) + "save" and "cancel" buttons. The form may be full screen. I'd like to have the application as the special user's login shell. But, console only! What are my options for such an application? Is there any toolkit capable of presenting a nice-looking form withut X? Here are things I've thought about: 1. ncurses - obviously. Not a very sophisticated look, to the point that I can't be sure it will be acceptable - this is the "nice" border, and ncurses may actually be on the wong side of it. I'd prefer to research alternatives before suggesting it. 2. newt - seems similar to ncurses visually. 3. pdmenu - ugly as hell, and not sure forms are possible. Will never pass the nice-looking test. 4. A web server. Rather than have a special user with an app for the login shell, connect using a browser. Very good from the nice looking POV. However, can't run a web server, really, for reasons I won't go into. 5. dialog(1) - actualy may pass the muster... A notch beter looking than newt... My current favourite. 6. Various toolkits (Tcl/Tk, Tinker, etc.) would probably pass the aesthetics committee, but all seem to require X. Any other suggestions? Thanks, -- Oleg Goldshmidt | pub at goldshmidt.org From tsnoam at gmail.com Mon Jun 16 21:17:09 2014 From: tsnoam at gmail.com (Noam Meltzer) Date: Mon, 16 Jun 2014 21:17:09 +0300 Subject: console widgets without X In-Reply-To: <87r42o4v3i.fsf@goldshmidt.org> References: <87r42o4v3i.fsf@goldshmidt.org> Message-ID: Hi, On a similar scenario I chose newt. 1. IMHO, it looks very good considering it's a tui. 2. For Linux people it looks familiar and professional as red hat had used it for years in the installation (anaconda) and configuration tools (system-config-*). 3. The python binding is very good. - Noam On 16 Jun 2014 20:34, "Oleg Goldshmidt" wrote: > > Hi, > > I have a marketing problem. Imagine a linux box running in runlevel 3, > no X. I want to have a special user who is only allowed to configure a > few things on the console (physcal, VMware, whatever), but - marketing > put their collective foot down hard here - the interface must "look > nice". Definition of "nice" will be made clear a few lines down. > > The functional requirements are simple - a form with a few labeled input > fields (with default values filled in at the start) + "save" and > "cancel" buttons. The form may be full screen. I'd like to have the > application as the special user's login shell. > > But, console only! What are my options for such an application? Is there > any toolkit capable of presenting a nice-looking form withut X? > > Here are things I've thought about: > > 1. ncurses - obviously. Not a very sophisticated look, to the point that > I can't be sure it will be acceptable - this is the "nice" border, > and ncurses may actually be on the wong side of it. I'd prefer to > research alternatives before suggesting it. > > 2. newt - seems similar to ncurses visually. > > 3. pdmenu - ugly as hell, and not sure forms are possible. Will never > pass the nice-looking test. > > 4. A web server. Rather than have a special user with an app for the > login shell, connect using a browser. Very good from the nice looking > POV. However, can't run a web server, really, for reasons I won't go > into. > > 5. dialog(1) - actualy may pass the muster... A notch beter looking than > newt... My current favourite. > > 6. Various toolkits (Tcl/Tk, Tinker, etc.) would probably pass the > aesthetics committee, but all seem to require X. > > Any other suggestions? > > Thanks, > > -- > Oleg Goldshmidt | pub at goldshmidt.org > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > -------------- next part -------------- An HTML attachment was scrubbed... URL: From oron at actcom.co.il Wed Jun 18 00:32:18 2014 From: oron at actcom.co.il (Oron Peled) Date: Wed, 18 Jun 2014 00:32:18 +0300 Subject: console widgets without X In-Reply-To: <87r42o4v3i.fsf@goldshmidt.org> References: <87r42o4v3i.fsf@goldshmidt.org> Message-ID: <42526780.hcJMm6eYcV@neon.home.il> Hi, On Monday 16 June 2014 20:34:09 Oleg Goldshmidt wrote: > But, console only! What are my options for such an application? Is there > any toolkit capable of presenting a nice-looking form withut X? In 2001 I used OpenGUI (http://www.tutok.sk/fastgl). It now seems orphaned (Last release in 2007), but: * Looks very nice: http://www.tutok.sk/fastgl/screens.htm * Can be compiled for: - Linux VGA-framebuffer (several resolutions) - X11 - Windows * Support OpenGL (on all these targets) Fork it for maintenance? -- Oron Peled Voice: +972-4-8228492 oron at actcom.co.il http://users.actcom.co.il/~oron .--. |o_o | |:_/ | // \ \ (| | ) /'\_ _/`\ \___)=(___/ From shlomif at gmail.com Thu Jun 19 12:11:16 2014 From: shlomif at gmail.com (Shlomi Fish) Date: Thu, 19 Jun 2014 12:11:16 +0300 Subject: Satire: Emma Watson getting interviewed for a software development position Message-ID: Hi all, in this URL: http://www.shlomifish.org/humour/bits/Emma-Watson-applying-for-a-software-dev-job/ you can find a short satire titled ?Emma Watson getting interviewed for a software development position? under the CC-by-sa licence. In case you don't know, Watson is https://en.wikipedia.org/wiki/Emma_Watson - a 1990 born British actress and model, who rose to fame playing Hermione in the Harry Potter films, and [quoting from the Wikipedia page] ?In October 2013, she was voted Sexiest Female Movie Star in a worldwide poll conducted by Empire magazine.[7] In May 2014, BuzzFeed dubbed her the "most flawless woman of the decade".?. Now the question is: does she has what it takes to work as a Java Enterprise Software developer? ;-) I also quoted the plaintext version below. Share and enjoy! Regards, Shlomi Fish ==================================== [ This is satire and did not actually take place. The year is 2014. Emma Watson - a British actress who rose to fame after playing Hermione Granger in the Harry Potter films - just graduated from Brown University with a degree in English Literature. She decides to take a break from acting and find a temporary job as a software developer. Here is an interview conducted with her. ] Interviewer: Hello Ms. Watson, your r?sum? indicates that you are underqualified for a job here at Foobarbaznix Enterprise Software Enterprises, but we decided to give you a chance anyway. So why do you think we should hire you? EmWatson: Well, to be frank, I'm trying to get a lower-profile job now, to take a break after graduating from Brown University with a degree in English Literature, and I figured out learning how to code properly may prove to be a useful skill in this day and age. Interviewer: English Literature, eh? What makes you think you are better than all the Comp. Sci. grads we are hiring. EmWatson: Well, reportedly Dijkstra said that good programming requires good writing and reading skills, and that he prefers hiring students of English and other humane subjects over students of Computer Science, Mathematics or Electrical Engineering, because they tend to write better code. Interviewer: So you've heard about Dijkstra, eh? "GOTO Statement Considered Harmful!", hah, hah! EmWatson: Well, that ?considered harmful? choice of title was unfortunate (and selected by Dijkstra?s editor), and he did not mean that GOTO should never be used. So please do not take take it as gospel. Interviewer: OK, back on topic: how much experience do you have in developing enterprise software? EmWatson: Not a lot, but I wrote some shell/Perl/Ruby/Python/etc. scripts, know how to make a good use of my smartphone and home computer, and have done some simple HTML, CSS and JavaScript / jQuery / etc. web pages, and I know the basics of how to use Git and GitHub (but I'm certainly not an expert in them). Interviewer: So you don't have 5 years of experience in developing Java enterprise software? EmWatson: I'm afraid not, sir. Interviewer: OK. Here's another thing: why do you wish to become a low-paid (for some values of low-paid) hired programmer, when it is well-known that you charge an obscene amount of money for each film you take part in? EmWatson: Well, to paraphrase on the old Hollywood adage: ?There are no small jobs - only small workers.?. A good and resourceful person will make the best out of even the least esteemed job, like the fact that a good waitress or waitor are friendly, express interest in the customers, take their job seriously, are well-groomed, and show genuine interest in the business. EmWatson: While I wouldn't object to work at a restaurant or a different place that sells decent-or-better food, I think that I can learn much more by becoming a coder. And like I said - I need a break. Interviewer: I see? OK, next question, Ms. Watson: as you may well be aware of you starred in the 8 Harry Potter films, despite the fact that they were criticised as being bad. Why did you persist? EmWatson: Well, there are several reasons, but the main one is that for an actor, it is better to play well (or even not so well) in a bad film, than to not play at all. ?Publish or Perish?, like they say, which is also true for the Academia, and, as you may well know, for the software world. Interviewer: I see. Well we pride ourselves on releasing industrial-strength and high-quality enterprise software. EmWatson: I see. OK, I think I've heard enough. I'm not going to work for you even for a thousand million dollars per month. I got a different offer from a nice consulting company as a Python/shell/Perl/etc. coder (you could say ?code monkey?). While the monthly wage is not spectacular, it seems like a decent place to work while I'm taking a break from acting and modelling. Interviewer: Fair enough, Ms. Watson, it was an interesting interview. EmWatson: That's one way to put it. I think I'll go around your offices now, asking if anyone wants a signed photograph, to take a photo of me and them together, or just to chat a little. Interviewer: I guess that would be acceptable. Just make it quick. -- ------------------------------------------ Shlomi Fish http://www.shlomifish.org/ Chuck Norris helps the gods that help themselves. Please reply to list if it's a mailing list post - http://shlom.in/reply . -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Thu Jun 19 13:03:16 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Thu, 19 Jun 2014 20:03:16 +1000 Subject: Satire: Emma Watson getting interviewed for a software development position In-Reply-To: References: Message-ID: Please don't send this sort of stuff here. On 19 Jun 2014 19:12, "Shlomi Fish" wrote: > Hi all, > > in this URL: > > > http://www.shlomifish.org/humour/bits/Emma-Watson-applying-for-a-software-dev-job/ > > you can find a short satire titled ?Emma Watson getting interviewed for a > software development position? under the CC-by-sa licence. > > In case you don't know, Watson is > https://en.wikipedia.org/wiki/Emma_Watson - a > 1990 born British actress and model, who rose to fame playing Hermione in > the > Harry Potter films, and [quoting from the Wikipedia page] ?In October > 2013, she > was voted Sexiest Female Movie Star in a worldwide poll conducted by Empire > magazine.[7] In May 2014, BuzzFeed dubbed her the "most flawless woman of > the > decade".?. > > Now the question is: does she has what it takes to work as a Java > Enterprise > Software developer? ;-) > > I also quoted the plaintext version below. Share and enjoy! > > Regards, > > Shlomi Fish > > ==================================== > > > > [ > This is satire and did not actually take place. > > The year is 2014. Emma > Watson - a British actress who rose to fame after playing Hermione > Granger > in the Harry Potter films - just graduated from Brown University with a > degree > in English Literature. She decides to take a break from acting and find a > temporary job as a software developer. Here is an interview conducted with > her. > ] > > > > Interviewer: Hello Ms. Watson, your r?sum? indicates that you are > underqualified for a job here at Foobarbaznix Enterprise Software > Enterprises, > but we decided to give you a chance anyway. So why do you think we should > hire > you? > > EmWatson: Well, to be frank, I'm trying to get a lower-profile job now, to > take a break after graduating from Brown University with a degree in > English > Literature, and I figured out learning how to code properly may prove to be > a useful skill in this day and age. > > Interviewer: English Literature, eh? What makes you think you are better > than > all the Comp. Sci. grads we are hiring. > > EmWatson: Well, reportedly Dijkstra > said that good programming requires good writing and reading skills, and > that > he prefers hiring students of English and other humane subjects over > students > of Computer Science, Mathematics or Electrical Engineering, because they > tend > to write better code. > > Interviewer: So you've heard about Dijkstra, eh? "GOTO Statement Considered > Harmful!", hah, hah! > > EmWatson: Well, that ?considered harmful? choice of title was unfortunate > (and selected by Dijkstra?s editor), and he did not mean that GOTO should > never be used. So please do not take take it as gospel. > > Interviewer: OK, back on topic: how much experience do you have in > developing > enterprise software? > > EmWatson: Not a lot, but I wrote some shell/Perl/Ruby/Python/etc. scripts, > know > how to make a good use of my smartphone and home computer, and have done > some > simple HTML, CSS and JavaScript / jQuery / etc. web pages, and I know the > basics of how to use Git and GitHub (but I'm certainly not an expert in > them). > > Interviewer: So you don't have 5 years of experience in developing Java > enterprise software? > > EmWatson: I'm afraid not, sir. > > Interviewer: OK. Here's another thing: why do you wish to become a low-paid > (for some values of low-paid) hired programmer, when it is well-known that > you charge an obscene amount of money for each film you take part in? > > EmWatson: Well, to paraphrase on the old Hollywood adage: ?There are no > small jobs - only small workers.?. A good and resourceful person will make > the best out of even the least esteemed job, like the fact that a good > waitress or waitor are friendly, express interest in the customers, take > their job seriously, are well-groomed, and show genuine interest in the > business. > > EmWatson: While I wouldn't object to work at a restaurant or a different > place that sells decent-or-better food, I think that I can learn much more > by > becoming a coder. And like I said - I need a break. > > Interviewer: I see? OK, next question, Ms. Watson: as you may well be aware > of you starred in the 8 Harry Potter films, despite the fact that they were > criticised as being bad. Why did you persist? > > EmWatson: Well, there are several reasons, but the main one is that for an > actor, it is better to play well (or even not so well) in a bad film, than > to not play at all. ?Publish or Perish?, like they say, which is also true > for the Academia, and, as you may well know, for the software world. > > Interviewer: I see. Well we pride ourselves on releasing > industrial-strength > and high-quality enterprise software. > > EmWatson: I see. OK, I think I've heard enough. I'm not going to work for > you > even for a thousand million dollars per month. I got a different offer > from a > nice consulting company as a Python/shell/Perl/etc. coder (you could say > ?code > monkey?). While the monthly wage is not spectacular, it seems like a decent > place to work while I'm taking a break from acting and modelling. > > Interviewer: Fair enough, Ms. Watson, it was an interesting interview. > > EmWatson: That's one way to put it. I think I'll go around your offices > now, > asking if anyone wants a signed photograph, to take a photo of me and them > together, or just to chat a little. > > Interviewer: I guess that would be acceptable. Just make it quick. > > > > > > -- > ------------------------------------------ > Shlomi Fish http://www.shlomifish.org/ > > Chuck Norris helps the gods that help themselves. > > Please reply to list if it's a mailing list post - http://shlom.in/reply . > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wordz2u at gmail.com Thu Jun 19 18:03:16 2014 From: wordz2u at gmail.com (Steve G.) Date: Thu, 19 Jun 2014 18:03:16 +0300 Subject: Satire: Emma Watson getting interviewed for a software development position In-Reply-To: References:

Message-ID: Why not? It can't be a lot worse than the endless discussion about hamakor. Or is this a different list? On Thu, Jun 19, 2014 at 1:03 PM, Amos Shapira wrote: > Please don't send this sort of stuff here. > On 19 Jun 2014 19:12, "Shlomi Fish" wrote: > >> Hi all, >> >> in this URL: >> >> >> http://www.shlomifish.org/humour/bits/Emma-Watson-applying-for-a-software-dev-job/ >> >> you can find a short satire titled ?Emma Watson getting interviewed for a >> software development position? under the CC-by-sa licence. >> >> In case you don't know, Watson is >> https://en.wikipedia.org/wiki/Emma_Watson - a >> 1990 born British actress and model, who rose to fame playing Hermione in >> the >> Harry Potter films, and [quoting from the Wikipedia page] ?In October >> 2013, she >> was voted Sexiest Female Movie Star in a worldwide poll conducted by >> Empire >> magazine.[7] In May 2014, BuzzFeed dubbed her the "most flawless woman of >> the >> decade".?. >> >> Now the question is: does she has what it takes to work as a Java >> Enterprise >> Software developer? ;-) >> >> I also quoted the plaintext version below. Share and enjoy! >> >> Regards, >> >> Shlomi Fish >> >> ==================================== >> >> >> >> [ >> This is satire and did not actually take place. >> >> The year is 2014. Emma >> Watson - a British actress who rose to fame after playing Hermione >> Granger >> in the Harry Potter films - just graduated from Brown University with a >> degree >> in English Literature. She decides to take a break from acting and find a >> temporary job as a software developer. Here is an interview conducted >> with her. >> ] >> >> >> >> Interviewer: Hello Ms. Watson, your r?sum? indicates that you are >> underqualified for a job here at Foobarbaznix Enterprise Software >> Enterprises, >> but we decided to give you a chance anyway. So why do you think we should >> hire >> you? >> >> EmWatson: Well, to be frank, I'm trying to get a lower-profile job now, to >> take a break after graduating from Brown University with a degree in >> English >> Literature, and I figured out learning how to code properly may prove to >> be >> a useful skill in this day and age. >> >> Interviewer: English Literature, eh? What makes you think you are better >> than >> all the Comp. Sci. grads we are hiring. >> >> EmWatson: Well, reportedly Dijkstra >> said that good programming requires good writing and reading skills, and >> that >> he prefers hiring students of English and other humane subjects over >> students >> of Computer Science, Mathematics or Electrical Engineering, because they >> tend >> to write better code. >> >> Interviewer: So you've heard about Dijkstra, eh? "GOTO Statement >> Considered >> Harmful!", hah, hah! >> >> EmWatson: Well, that ?considered harmful? choice of title was unfortunate >> (and selected by Dijkstra?s editor), and he did not mean that GOTO should >> never be used. So please do not take take it as gospel. >> >> Interviewer: OK, back on topic: how much experience do you have in >> developing >> enterprise software? >> >> EmWatson: Not a lot, but I wrote some shell/Perl/Ruby/Python/etc. >> scripts, know >> how to make a good use of my smartphone and home computer, and have done >> some >> simple HTML, CSS and JavaScript / jQuery / etc. web pages, and I know the >> basics of how to use Git and GitHub (but I'm certainly not an expert in >> them). >> >> Interviewer: So you don't have 5 years of experience in developing Java >> enterprise software? >> >> EmWatson: I'm afraid not, sir. >> >> Interviewer: OK. Here's another thing: why do you wish to become a >> low-paid >> (for some values of low-paid) hired programmer, when it is well-known that >> you charge an obscene amount of money for each film you take part in? >> >> EmWatson: Well, to paraphrase on the old Hollywood adage: ?There are no >> small jobs - only small workers.?. A good and resourceful person will make >> the best out of even the least esteemed job, like the fact that a good >> waitress or waitor are friendly, express interest in the customers, take >> their job seriously, are well-groomed, and show genuine interest in the >> business. >> >> EmWatson: While I wouldn't object to work at a restaurant or a different >> place that sells decent-or-better food, I think that I can learn much >> more by >> becoming a coder. And like I said - I need a break. >> >> Interviewer: I see? OK, next question, Ms. Watson: as you may well be >> aware >> of you starred in the 8 Harry Potter films, despite the fact that they >> were >> criticised as being bad. Why did you persist? >> >> EmWatson: Well, there are several reasons, but the main one is that for an >> actor, it is better to play well (or even not so well) in a bad film, than >> to not play at all. ?Publish or Perish?, like they say, which is also true >> for the Academia, and, as you may well know, for the software world. >> >> Interviewer: I see. Well we pride ourselves on releasing >> industrial-strength >> and high-quality enterprise software. >> >> EmWatson: I see. OK, I think I've heard enough. I'm not going to work for >> you >> even for a thousand million dollars per month. I got a different offer >> from a >> nice consulting company as a Python/shell/Perl/etc. coder (you could say >> ?code >> monkey?). While the monthly wage is not spectacular, it seems like a >> decent >> place to work while I'm taking a break from acting and modelling. >> >> Interviewer: Fair enough, Ms. Watson, it was an interesting interview. >> >> EmWatson: That's one way to put it. I think I'll go around your offices >> now, >> asking if anyone wants a signed photograph, to take a photo of me and them >> together, or just to chat a little. >> >> Interviewer: I guess that would be acceptable. Just make it quick. >> >> >> >> >> >> -- >> ------------------------------------------ >> Shlomi Fish http://www.shlomifish.org/ >> >> Chuck Norris helps the gods that help themselves. >> >> Please reply to list if it's a mailing list post - http://shlom.in/reply >> . >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -- Sincerely, Steve http://www.words2u.net - GPS points and tracks (mainly in Costa Rica) http://www.words2u.net/recipes - Recipe collection -------------- next part -------------- An HTML attachment was scrubbed... URL: From shlomif at gmail.com Thu Jun 19 20:11:09 2014 From: shlomif at gmail.com (Shlomi Fish) Date: Thu, 19 Jun 2014 20:11:09 +0300 Subject: Fwd: Satire: Emma Watson getting interviewed for a software development position In-Reply-To: <20140619182702.24e2dfbb@telaviv1.shlomifish.org> References:

<20140619182702.24e2dfbb@telaviv1.shlomifish.org> Message-ID: ---------- Forwarded message ---------- From: Shlomi Fish Date: Thu, Jun 19, 2014 at 6:27 PM Subject: Re: Satire: Emma Watson getting interviewed for a software development position To: Amos Shapira Cc: Shlomi Fish , linux-il Hi Amos, On Thu, 19 Jun 2014 20:03:16 +1000 Amos Shapira wrote: > Please don't send this sort of stuff here. first of all - you should have trimmed the quoted part. Trimmed now. Otherwise... why not? This post was: 1. On topic. Mentioned various technologies. 2. I know for a fact that many people enjoyed. 3. Insightful. 4. I've seen many job posts here that it referred to. 5. I'm a contributing member of this mailing list and a local Israeli. 6. It's CC-by-sa , which allows for a lot of reuse and fair use and for the right price, I can make it CC-by too. So why not? OK, I get it - it's fiction and funny and a satire. But to quote http://en.wikiquote.org/wiki/Peter_Ustinov , ?Comedy is simply a funny way of being serious.? (which may not have been a 100% original sentiment). People have shared jokes and stories from their life on Linux-IL in the past (see http://www.shlomifish.org/humour/fortunes/tinic.html ) and I find it more interesting than "Company X is looking for a Top Gun Linux Kernel Guru" or "How do I do [insert obscure feat here that no one except me cares about]" posts which I also think are on-topic and worth sharing. Many people get a knee-jerk reaction when someone posts fiction, but fiction and satire is often as influential as a boring essay or rant, if not more. I'd be glad to hear your opinion on this but please use inline posting to reply to each point separately. Regards, Shlomi Fish -- ----------------------------------------------------------------- Shlomi Fish http://www.shlomifish.org/ List of Portability Libraries - http://shlom.in/port-libs He says ?One and one and one is three?. Got to be good?looking ?cause he?s so hard to see. ? The Beatles, ?Come Together? Please reply to list if it's a mailing list post - http://shlom.in/reply . -- ------------------------------------------ Shlomi Fish http://www.shlomifish.org/ Chuck Norris helps the gods that help themselves. Please reply to list if it's a mailing list post - http://shlom.in/reply . -------------- next part -------------- An HTML attachment was scrubbed... URL: From eli at billauer.co.il Sat Jun 21 21:22:18 2014 From: eli at billauer.co.il (Eli Billauer) Date: Sat, 21 Jun 2014 21:22:18 +0300 Subject: [HAIFUX LECTURE] Efficient Virtual Memory: Hash, Don't Walk -- Idan Yaniv Message-ID: <53A5CD5A.60508@billauer.co.il> On Monday, June 23rd at 18:30, Haifux will gather to hear a talk by Idan Yaniv: Efficient Virtual Memory: Hash, Don't Walk Abstract Radix page tables as implemented in the x86-64 micro-architecture incur a penalty of four memory references on each TLB miss. The problem aggravates in virtualized environments with nested page tables where every page walk requires 24 memory references. The virtual memory overhead on guest performance can approach 90% in servers or scientific applications. Trying to mitigate the cost of TLB misses hardware vendors have added MMU caches that store partial translations. Current MMU caches exploit the reuse of page table entries to accelerate native address translation. Extending those caches to support 2D page walks in virtualized systems will make the hardware more complicated and power consuming. We propose using hashed page tables for both native and virtualized systems. A recent study have concluded that hashed page tables increase the number of DRAM accesses per walk by over 400%. However we show that properly designed hashed page tables are even superior to the radix page tables augmented with MMU caches. Our results indicate that hash-based page tables are particularly effective for virtualized systems and nested virtualization. ================================================================= We meet in Taub building, room 6. For instructions see: http://www.haifux.org/where.html Attendance is free, and you are all invited! ================================================================== Future lectures: There are no scheduled lectures. ================================================================== We are always interested in hearing your talks and ideas. If you wish to give a talk, hold a discussion, or just plan some event haifux might be interested in, please contact us atwebmaster at haifux.org -- Web:http://www.billauer.co.il From erez0001 at gmail.com Sun Jun 22 10:41:25 2014 From: erez0001 at gmail.com (Erez D) Date: Sun, 22 Jun 2014 10:41:25 +0300 Subject: qemu and chroot In-Reply-To: References: <20140520082236.GR2552@lemon.cohens.org.il> Message-ID: On Tue, May 20, 2014 at 12:13 PM, Erez D wrote: > ok, it now works > /proc/sys/fs/binfmt_misc/qemu-arm was missing, > internet searc told me to look for 'binfmt-support' pkg, however i > could not find none for centos6 > so as chrooted systems share the same kernel (just need to mount /proc > under the chroot dir), I chroot to my wheezy_i686 (i have some chroots > for testing other disros), and there i did apt-get install > binfmt-support qemu-user-static, and update-binfmts --display > > now i have /proc/sys/fs/binfmt_misc/qemu-arm. amd everything works again > > > (i do not know if this is permenent or will require redoing after > reboot), but i will check it at next reboot (somthing like in 6 months > ;-) it seems that it not permamenent. my chroot has a /etc/init.d/binfmt-support script which makes it permanent, however i do not boot the chroot system ;-) so i added the following line to rc.local : chroot /home/chroot/wheezy_i686/ /etc/init.d/binfmt-support start now it is permenent (i wish centos had this package so i wouldn't have to deal with such hacks). > > thanks > erez > > On Tue, May 20, 2014 at 11:22 AM, Tzafrir Cohen wrote: >> On Tue, May 20, 2014 at 09:14:16AM +0300, Erez D wrote: >>> I am using centos 6 and developing for an armel platform >>> >>> i created a rootfs using multistrap/debbootstrap >>> >>> i copied qemu-arm-static to rootfs/usr/bin/qemu-arm-static >> >> There's something missing from your description. I suspect you forgot to >> mention it: debootstrap's run can be broken to two parts: one that >> downloads everything, and the second stage that needs to run inside the >> chroot. In that case: >> >> debootstrap --foreign [--arch=] [rest of parameters] >> chroot to/chroot >> ./debootstrap --second-stage >> >> At least in Debian, the package qemu-user-static includes the wrapper >> qemu-debootstrap to do just that, and also copy the required >> qemu-user-static. >> >>> >>> and i was astonished that doing just 'chroot rootfs' worked, without >>> explicitly telling 'chroot' to use qemu-arm-static - somehow it decided >>> automatically to run everything under qemu-arm-static without me telling it >>> to. >>> >>> >>> after a restart of the server. rootfs does not work anymore automatically, >>> i get a "chroot: failed to run command `/bin/bash': Exec format error" >>> doing "chroot rootfs /usr/bin/qemu-arm-static /bin/bash" does chroot, but >>> i get : "bash: /bin/cat: cannot execute binary file" (although >>> rootfs/bin/cat is a perfectly ok armel binary, tested on the armel target). >>> i also checked the md5sum of the rootfs/qemu-arm-static binary, and it is ok >> >> A chroot does not replace the kernel. It's running on your kernel and >> that kernel does not natively support the armel binaries. >> >> In Debian, the package qemu-user-static registers foreign Linux ELF >> formats. So maybe you forgot this is needed. Specifically: >> >> $ cat /proc/sys/fs/binfmt_misc/qemu-arm >> enabled >> interpreter /usr/bin/qemu-arm-static >> flags: >> offset 0 >> magic 7f454c4601010100000000000000000002002800 >> mask ffffffffffffff00fffffffffffffffffeffffff >> >> -- >> Tzafrir Cohen | tzafrir at jabber.org | VIM is >> http://tzafrir.org.il | | a Mutt's >> tzafrir at cohens.org.il | | best >> tzafrir at debian.org | | friend >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il From pub at goldshmidt.org Sun Jun 22 14:39:46 2014 From: pub at goldshmidt.org (Oleg Goldshmidt) Date: Sun, 22 Jun 2014 14:39:46 +0300 Subject: bugzilla+postfix+email_in.pl Message-ID: ?Hi, I have an old Ubuntu server with? ? Bugzilla 4.4 and postfix? ? as MTA. I am trying to set up incoming mail to Bugzilla using email_in.pl, and I am stumped. ? ?I tried .forward, .procmail, etc., but whatever happens there is an error invoking email_in.pl. No problem with mail though. My current setup includes: In /etc/aliases I have bugs: |/var/www/bugzilla/email_in.pl (obviously, postalias has been run and postfix has been restarted). # ls -l /var/www/bugzilla/email_in.pl -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/ email_in.pl (I made the file world-readable and world-executable out of desperation). # grep www-data /etc/group www-data:x:33:postfix,bugs ?(i.e., both user postfix and user bugs are members of the www-data group that owns the bugzilla installation).? ?Whenever I send an email to user bugs at therightaddress I see in /var/log/mail.log: ? Jun 22 14:23:43 ? ? postfix/local[23326]: E5671240A2B: to=? >, orig_to=, relay=local, delay=518, delays=518/0.24/0/0.07, dsn=4.3.0, status=deferred (temporary failure. Command output: local: fatal: execvp /var/www/bugzilla/email_in.pl: Permission denied ) ?This happens with or without user bugs (i.e., whether bugs is just a mail alias or there is a shell user named bugs). ? ?So, it looks like mail gets delivered to the right alias and the right processing is attempted, but something prevents email_in.pl to be invoked, and I have no idea what. Needless to say, mails do not appear where I expect them in Bugzilla. I googled extensively, and I think I tried every possible delivery recipe. it seems that the particular recipe is not the problem - for some reason email_in.pl cannot be run. I have not seen this particular error while googling. The server is old, I inherited it, and I cannot re-install it for various reasons (at least i am *extremely* reluctant to). Has anyone seen anything like this? ? ?Any ideas?? ? What am I missing?? -- Oleg Goldshmidt | pub at goldshmidt.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From rabin at rabin.io Sun Jun 22 15:22:14 2014 From: rabin at rabin.io (Rabin Yasharzadehe) Date: Sun, 22 Jun 2014 15:22:14 +0300 Subject: bugzilla+postfix+email_in.pl In-Reply-To: References: Message-ID: you can run postfix in debug mode for a specific IP to get a more verbose logs, maybe you'll find something there debug_peer_list = xxx.xxx.xxx.xxx > *--Rabin* On Sun, Jun 22, 2014 at 2:39 PM, Oleg Goldshmidt wrote: > > ?Hi, > > I have an old Ubuntu server with? > ? Bugzilla 4.4 and postfix? > ? as MTA. I am trying to set up incoming mail to Bugzilla using > email_in.pl, and I am stumped. ? > ?I tried .forward, .procmail, etc., but whatever happens there is an error > invoking email_in.pl. > > No problem with mail though. > > My current setup includes: > > In /etc/aliases I have > > bugs: |/var/www/bugzilla/email_in.pl > > (obviously, postalias has been run and postfix has been restarted). > > > # ls -l /var/www/bugzilla/email_in.pl > -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/ > email_in.pl > > (I made the file world-readable and world-executable out of desperation). > > # grep www-data /etc/group > www-data:x:33:postfix,bugs > > ?(i.e., both user postfix and user bugs are members of the www-data group > that owns the bugzilla installation).? > > > ?Whenever I send an email to user bugs at therightaddress I see in > /var/log/mail.log: > > ? > Jun 22 14:23:43 > ? ? > postfix/local[23326]: E5671240A2B: to= ?? > >, orig_to=, relay=local, delay=518, > delays=518/0.24/0/0.07, dsn=4.3.0, status=deferred (temporary failure. > Command output: local: fatal: execvp /var/www/bugzilla/email_in.pl: > Permission denied ) > > ?This happens with or without user bugs (i.e., whether bugs is just a mail > alias or there is a shell user named bugs). > ? > > ?So, it looks like mail gets delivered to the right alias and the right > processing is attempted, but something prevents email_in.pl to be > invoked, and I have no idea what. Needless to say, mails do not appear > where I expect them in Bugzilla. > > I googled extensively, and I think I tried every possible delivery recipe. > it seems that the particular recipe is not the problem - for some reason > email_in.pl cannot be run. I have not seen this particular error while > googling. > > The server is old, I inherited it, and I cannot re-install it for various > reasons (at least i am *extremely* reluctant to). > > Has anyone seen anything like this? ? > ?Any ideas?? > ? What am I missing?? > > > -- > Oleg Goldshmidt | pub at goldshmidt.org > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Sun Jun 22 18:46:14 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 22 Jun 2014 18:46:14 +0300 Subject: bugzilla+postfix+email_in.pl In-Reply-To: References:

Message-ID: 2014-06-22 15:22 GMT+03:00 Rabin Yasharzadehe : > you can run postfix in debug mode for a specific IP to get a more verbose > logs, > maybe you'll find something there > > debug_peer_list = xxx.xxx.xxx.xxx >> > > > *--Rabin* > > > On Sun, Jun 22, 2014 at 2:39 PM, Oleg Goldshmidt > wrote: > >> >> ?Hi, >> >> I have an old Ubuntu server with? >> ? Bugzilla 4.4 and postfix? >> ? as MTA. I am trying to set up incoming mail to Bugzilla using >> email_in.pl, and I am stumped. ? >> ?I tried .forward, .procmail, etc., but whatever happens there is an >> error invoking email_in.pl. >> >> No problem with mail though. >> >> My current setup includes: >> >> In /etc/aliases I have >> >> bugs: |/var/www/bugzilla/email_in.pl >> >> (obviously, postalias has been run and postfix has been restarted). >> >> >> # ls -l /var/www/bugzilla/email_in.pl >> -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/ >> email_in.pl >> > You are showing correct permissions on the file so I assume you also made sure that all the parent dirs are at least executable to the daemon? Regards, Eliyahu - ????? > >> (I made the file world-readable and world-executable out of desperation). >> >> # grep www-data /etc/group >> www-data:x:33:postfix,bugs >> >> ?(i.e., both user postfix and user bugs are members of the www-data group >> that owns the bugzilla installation).? >> >> >> ?Whenever I send an email to user bugs at therightaddress I see in >> /var/log/mail.log: >> >> ? >> Jun 22 14:23:43 >> ? ? >> postfix/local[23326]: E5671240A2B: to=> ?? >> >, orig_to=, relay=local, delay=518, >> delays=518/0.24/0/0.07, dsn=4.3.0, status=deferred (temporary failure. >> Command output: local: fatal: execvp /var/www/bugzilla/email_in.pl: >> Permission denied ) >> >> ?This happens with or without user bugs (i.e., whether bugs is just a >> mail alias or there is a shell user named bugs). >> ? >> >> ?So, it looks like mail gets delivered to the right alias and the right >> processing is attempted, but something prevents email_in.pl to be >> invoked, and I have no idea what. Needless to say, mails do not appear >> where I expect them in Bugzilla. >> >> I googled extensively, and I think I tried every possible delivery >> recipe. it seems that the particular recipe is not the problem - for some >> reason email_in.pl cannot be run. I have not seen this particular error >> while googling. >> >> The server is old, I inherited it, and I cannot re-install it for various >> reasons (at least i am *extremely* reluctant to). >> >> Has anyone seen anything like this? ? >> ?Any ideas?? >> ? What am I missing?? >> >> >> -- >> Oleg Goldshmidt | pub at goldshmidt.org >> >> _______________________________________________ >> Linux-il mailing list >> Linux-il at cs.huji.ac.il >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >> >> > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pub at goldshmidt.org Sun Jun 22 19:03:38 2014 From: pub at goldshmidt.org (Oleg Goldshmidt) Date: Sun, 22 Jun 2014 19:03:38 +0300 Subject: bugzilla+postfix+email_in.pl In-Reply-To: References:

Message-ID: On Sun, Jun 22, 2014 at 6:46 PM, E.S. Rosenberg wrote: > ? > >> # ls -l /var/www/bugzilla/email_in.pl >>> -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/ >>> email_in.pl >>> >> You are showing correct permissions on the file so I assume you also made > sure that all the parent dirs are at least executable to the daemon? > Regards, > Eliyahu - ????? > ?This - and a similar comment from Amos sent privately (I think) - gave a clue. I have to chmod o+r all the files - and chmod o+rx all the directories - both above and below /var/www/bugzilla. After that (and installation of a number of perl modules from CPAN) I am getting emails. This is a hack and is not completely satisfying, because I really relaxed the permissions on /var/www and /bar/www/bugzilla, and I don't like it one single (permission) bit. I had thought that adding users postfix and bugs to the group that owns the hierarchy should be enough, but apparently isn't. I'll admit that my experience with Ubuntu and postfix is very limited - I am used to RH and sendmail. And I hadn't installed Bugzilla myself in this instance. Things look a bit weird. Thanks again, everyone! -- Oleg Goldshmidt | pub at goldshmidt.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From esr+linux-il at g.jct.ac.il Sun Jun 22 19:32:07 2014 From: esr+linux-il at g.jct.ac.il (E.S. Rosenberg) Date: Sun, 22 Jun 2014 19:32:07 +0300 Subject: bugzilla+postfix+email_in.pl In-Reply-To: References:

Message-ID: I have seen (but never had enough incentive to investigate) that changes in groups very often only become effective for running procs or even restarted daemons after more drastic steps (like reboot or start/stop cycles), I don't think there is a real need for the dirs to be readable too, that just enables listing the content and if you aren't interested in that a system should work just fine with only execute permissions. 2014-06-22 19:03 GMT+03:00 Oleg Goldshmidt : > > > > On Sun, Jun 22, 2014 at 6:46 PM, E.S. Rosenberg > wrote: > >> ? >> >>> # ls -l /var/www/bugzilla/email_in.pl >>>> -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/ >>>> email_in.pl >>>> >>> You are showing correct permissions on the file so I assume you also >> made sure that all the parent dirs are at least executable to the daemon? >> Regards, >> Eliyahu - ????? >> > > ?This - and a similar comment from Amos sent privately (I think) - gave a > clue. I have to chmod o+r all the files - and chmod o+rx all the > directories - both above and below /var/www/bugzilla. After that (and > installation of a number of perl modules from CPAN) I am getting emails. > > This is a hack and is not completely satisfying, because I really relaxed > the permissions on /var/www and /bar/www/bugzilla, and I don't like it one > single (permission) bit. I had thought that adding users postfix and bugs > to the group that owns the hierarchy should be enough, but apparently isn't. > > I'll admit that my experience with Ubuntu and postfix is very limited - I > am used to RH and sendmail. And I hadn't installed Bugzilla myself in this > instance. Things look a bit weird. > > Thanks again, everyone! > > > -- > Oleg Goldshmidt | pub at goldshmidt.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amos.shapira at gmail.com Mon Jun 23 00:01:37 2014 From: amos.shapira at gmail.com (Amos Shapira) Date: Mon, 23 Jun 2014 07:01:37 +1000 Subject: bugzilla+postfix+email_in.pl In-Reply-To: References:

Message-ID: Sorry perhaps I forgot to "reply all". It should be easy (and encouraged) to put executables outside she docroot tree. On 23 Jun 2014 02:04, "Oleg Goldshmidt" wrote: > > > > On Sun, Jun 22, 2014 at 6:46 PM, E.S. Rosenberg > wrote: > >> ? >> >>> # ls -l /var/www/bugzilla/email_in.pl >>>> -rwxr-xr-x 1 root www-data 21820 2013-05-23 19:02 /var/www/bugzilla/ >>>> email_in.pl >>>> >>> You are showing correct permissions on the file so I assume you also >> made sure that all the parent dirs are at least executable to the daemon? >> Regards, >> Eliyahu - ????? >> > > ?This - and a similar comment from Amos sent privately (I think) - gave a > clue. I have to chmod o+r all the files - and chmod o+rx all the > directories - both above and below /var/www/bugzilla. After that (and > installation of a number of perl modules from CPAN) I am getting emails. > > This is a hack and is not completely satisfying, because I really relaxed > the permissions on /var/www and /bar/www/bugzilla, and I don't like it one > single (permission) bit. I had thought that adding users postfix and bugs > to the group that owns the hierarchy should be enough, but apparently isn't. > > I'll admit that my experience with Ubuntu and postfix is very limited - I > am used to RH and sendmail. And I hadn't installed Bugzilla myself in this > instance. Things look a bit weird. > > Thanks again, everyone! > > > -- > Oleg Goldshmidt | pub at goldshmidt.org > > _______________________________________________ > Linux-il mailing list > Linux-il at cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il > > -------------- next part -------------- An HTML attachment was scrubbed... URL: