Setting up a PBX for Israel<->US communication

[Ori Berger]

Least year, there was a thread discussing set up of an asterisk system, 
which included a description by Arik Baratz (see e.g. 
 and 
)


I am planning to set up something similar, and before I embark, wanted 
to ask anyone on the list if they have anything to add to that 
discussion. From looking around, it seems that:


- VPSLink is still the cheapest VPS host at $8/month (or $80/year) for
  64MB of memory. It seems like the OpenVZ package is better suited
  than the Xen package, being less resource intensive. And from past
  experience I would bet on Debian -- however, can anyone here share
  their experience (Arik?). Will "apt-get install asterisk" be enough,
  or will I have to compile everything myself?

- grnvoip still seems like the cheapest termination service - but
  only provides SIP connection, whereas voipjet, still competitive,
  provides only IAX2. Any recommendation here? IAX2 is supposed to
  be less resource intensive than SIP, but I don't know if that'll
  matter on a 64MB machine routing at most two calls.

- didww.com is competitive on DIDs ($3/month for 077- number in IL,
  $10/month for 03- number, $2/month US number), but other such as
  diamondcard.us provide same prices, and also do termination (although
  not as cheaply as grnvoip or voipjet).

- Any positive or negative experiences routing SMS between those
  systems?

Does anyone have experience, specific software versions and/or 
configuration scripts to share with regards to such a setup?


Thanks in advance,
Ori.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

sammy ominsky wrote:
Worse than that, asterisk will not work in an OpenVZ VE unless you have 
access to the underlying host to install the zaptel kernel modules.


(Note that in another email, Sammy mentions that it works but some 
features don't).


It looks like Xen would therefore be needed?

The truth is, between the cost of a VPS and termination of calls, I 
would think you're better off just signing up with a voip provider.  Can 
you do better than $25/month for unlimited calling to the US?


For the kind of setup I want (similar to what Arik described in his 
first email), no one offers that at all, let alone at $25. The most 
important feature being accessible from ANY phone (e.g., us mobile to il 
mobile at local prices, and the other way around, without having any 
predefined list of destination on any side) without any FXO/FXS or other 
equipment needed.


But it's not about the money -- primarily, it is because I _want_ to 
tinker with Asterisk in the process, and trying to minimize the budget 
at the same time just adds a little spice.


Thanks,
Ori.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

Amos Shapira wrote:

OK,

So I've setup CentOS 5.2 on Xen VPS at VPSLink, compiled latest
Asterisk (1.4.23) very smoothly according to the instructions at
http://www.voip-info.org/wiki/view/CentOS+5+and+Asterisk+1.4.x+installation
up to and including the "asterisk -...vvvc" and "stop now". Also
installed the rest of the addons.


Does that include the zaptel "ztdummy" server required for MeetMe and 
MusicOnHold? I couldn't get it to work; I don't really need it either, 
but it would be nice to have.


Lylix.net is priced competitively with VPSlink, and have ztdummy 
available within their virtual machines - however, their lowest level is 
 equivalent to VPSlink's "link2" which sets you back at $15/month. I'm 
considering switching over there if I'd need meetme and didn't get 
ztdummy to work on VPSlink.



How do I test this?


I recommend "twinkle" on Linux. It has a "log" view that is immensely 
helpful in debugging, and got me much farther than Ekiga or Wengo did.



Going to didww.com I'm not sure what should I look for - "Phone to
VOIP" or "Phone to IP-PBX"? both options cost $US10 a month, I don't
see an option to pick the allegedly cheaper 077 numbers.


There were also 073 numbers (cellcom) that were $3/month. However, 
everything except 03 disappeared from DIDWW and also diamondcard.us - 
this doesn't look like a coincidence. Perhaps someone knows what has 
happened? I already have a couple of 077 DIDs but this is troubling.



Anything beyond about $5/month makes this possibly uneconomical, as
for the long term I don't spend that much on international calls and
Skypeout subscription can provide unlimited calls for 5 euro/month
(for minimum of three months). (We have 4000 free Skype minutes from
our mobiles so Skypeout is very convenient to call from wherever we
are).


Having played with Asterisk a little, and having set up hosting and 
stuff - I'd say that there are services that will be pricewise 
competitive, such as Jajah, Skype, and OlehPhone. Each one has a 
different set of restrictions on the flexibility that an asterisk server 
provides, but they take away all the headaches. If you're only looking 
to save money, this is probably NOT the best option when you also factor 
in the cost of your time, paid or leisure.



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

Amos Shapira wrote:

which is very close to the lost 077 numbers for
$3/month with DIDWW. These are
03 numbers (http://gizmo5.com/pc/network/callin-numbers/).


FWIW, I asked DIDWW about the disappearing numbers (03 numbers are not 
there either at this moment), and they replied both 077 and 03 be back 
shortly (but I don't know what "shortly" means). Diamondcard still 
offers 03 numbers for $10/year. (Do note that their DID costs are 
competitive, but their termination rates are not).




___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Weird DNS proxy issue on ECI Bfocus modem?

[Ori Berger]

The DNS proxy on my ECI ADSL modem ran flawlessly for years, but 
recently, every few days it will abort with a segmentation fault. (I've 
been away for a few months, so I don't know exactly when it started -- 
later than October, earlier than February).


Restarting it (by running "/sbin/dproxy -c /etc/dproxy.conf"), solves 
the problem, and there are no other visible problems.


A hardware failure is possible but unlikely, given that it's all solid 
state (flash + ram) that has been doing the same thing for years.


Another thing I suspect is bad, possibly malicious, DNS packets that 
make the proxy die. It's an old 2.4.17 MontaVista kernel, but I don't 
even know what version of dproxy.


I found  but the dproxy 
is not listening for requests from the world, and thus (assuming my own 
machine is not a zombie -- I'm optimistic!) if it is indeed relevant, 
then it's possible some upstream DNS servers are not playing nice.


Does anyone have a suggestion what I should be looking for, or to which 
firmware version should I update my modem?


Thanks,
Ori.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

Some information that may be useful if anyone is still interested:

- I can recommend grnvoip's termination service: They have good routes, 
good rates, competent technical support. They do not officially support 
IAX2 termination (only SIP and H323), but they will provide it if asked 
(supposedly; I'm using SIP termination). I heard great things about 
voipjet, but apparently they now actively require you to be a non-person 
entity (read, company) to join.


- The cheap setup described by Arik is perfect for call _routing_ so 
long as the asterisk server is only there for routing, and can "step 
out" of the communication chain once call routing is finished. 
Otherwise, at least with a Xen setup on vpslink, the CPU slice is not 
regular enough to provide acceptable quality, even for things like a 
voicemail app. (Everything works, but sound is occasionally choppy). 
OpenVZ might be better; Lylix.net might be better; I only have 
experience with Xen, and it's NOT good enough.


- In order to enable Asterisk to step out of call routing (and network 
routing), the DID mapping protocol and the termination protocol must be 
the same -- either both should be IAX2 (when using VoipJet) or both 
should be SIP (when using grnvoip). Otherwise, asterisk will need to 
remain "on the line" to do protocol translation.


- Asterisk rocks! It takes a little effort to configure, and looks weird 
at first (at least to my originally telephony-uninitiated self), but in 
most cases, there's a good reason for the way it needs to be configured. 
I think it's worthwhile to try to understand why Asterisk is built the 
way it is, rather than just look for an easy to configure GUI.


Ori Berger wrote:
FWIW, I asked DIDWW about the disappearing numbers (03 numbers are not 
there either at this moment), and they replied both 077 and 03 be back 
shortly (but I don't know what "shortly" means). Diamondcard still 
offers 03 numbers for $10/year. (Do note that their DID costs are 
competitive, but their termination rates are not).


Israeli Numbers appear and disappear -- apparently they do not replenish 
their inventory regularly anymore, and you can get a number when someone 
gives their one up. However, if you want to use DIDWW -- talk to their 
sales team, they may have a DID for you even if it's not visible in the 
online shop. A US number is cheaper at diacmondcard. Israeli numbers 
were more available at DIDWW a month ago.


Ori.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

Amos Shapira wrote:


Googl'ing for "asterisk hosting provider" Lylix.net indeed comes up
near the top and seem to be asterisk-centric but their cheapest plan
of AsteriskNow is $35/month. No competition for the $8/month from
VPSLink.


They do have a non-managed $15/month plan (that still includes ztdummy 
and friends), comparable to what you get from vpslink at $15 -- however, 
they do not have a $8/month plan like vpslink.



But I'm actually stuck at a more basic stage - I can't get incoming
audio on any of the software SIP clients I tried on my Ubuntu (8.10,
i386). I tried Twinkle (recommended here for its better logging),
Ekiga and Gizmo.


I haven't done it myself, but apparently there are recommendations to 
open UDP ports 1-2 to your PC. I wouldn't.



I use an ADSL2+ with D-Link DSL-G604T modem/router. I also have a
Sipura ATA-3000 connected to my ISP's VoIP (SIP) service with no
problem (and no port forwarding required in the modem). 


Is it possible the Sipura uses UPNP or something to punch holes in the 
firewall itself?


Is it possible that they both use the same UDP port (e.g. 5000 or 5004), 
and for whatever reason the sipura gets the packets sent to your softphone?


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

Tzafrir Cohen wrote:


You mean in case that the hosting provider provides the necessary
kernel modules in OpenVZ?


Kernel modules? What kernel modules? :-)

(See the second part. Well, maybe this is more for future installations
than for now)


Well, following Tzafrir's lead, I've just installed a 1.6.1-rc1 on my 
vpslink server with a res_timing_pthread time source, and the sound is 
slightly less clear but had no choppy sounds in the 5 minutes I played 
with it.


I assume this has more to do with the time source than the 1.6 upgrade, 
but I don't know that.


It's possible that a ztdummy driver on openvz provides a good enough 
time source that makes it work better than Xen+pthread -- if that's the 
case, lylix.net would be superior. A friend of mine is trying them now, 
we'll see how that works.


As far as vpslink is concerned, I've been unsuccessful in getting a 
ztdummy to work. It's a Xen setup, but you can only use a very specific 
centos kernel, no matter what system you are running -- just getting the 
ztdummy to compile with the required gcc-4.1 for that kernel is a lot of 
effort. And when the module didn't work, I gave up.



OpenVZ consumes less resources. Hence you can use more instances per
server. Hence it costs less. VPSLink seem to price them the same. Most
others don't from my previous searches.


Tzafrir, do you know of any OpenVZ provider that charges something 
comparable to the $8/month vpslink plan?


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Setting up a PBX for Israel<->US communication

[Ori Berger]

Amos Shapira wrote:

BTW - About Israeli DID's - I just received an ad from Gizmo5 (I
probably registered with them a while ago) advertising their new free
SIP-to-Skype gateway. So I went to their web site and found that they
offer a "callin number" for $12/3-months or $35/12-months, which is
very close to the lost 077 numbers for $3/month with DIDWW. These are
03 numbers (http://gizmo5.com/pc/network/callin-numbers/).


Anyone still interested in this thread -- it seems DIDWW has acquired 
another number block from Hot. Numbers still available at $3/month 
(+$3/setup).


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: 2:1 Down:Up internet traffic ratio?

[Ori Berger]

Dotan Cohen wrote:

I just noticed this info in my modem's interface:
Data Transmitted1285141280 bytes
Data Received   2111269904 bytes

Could it really be that normal internet browsing and emailing produces
only a 2:1 downloaded:uploaded ratio? I figure with youtube and all
the images on websites that the ratio would be much higher. We do not
do any filesharing or other p2p activities. And the network consists
of two linux machines, so I doubt that there may be a malware
infection. Can anybody shed some insight?


Two things I can think of:

1) Is your modem also your hub/switch? perhaps it is also aggregating 
internal network traffic in those numbers somehow?


2) Both numbers are between 30 and 31 bits in magnitude, which means 
they might just be the result of some weird overflow or scaling law due 
to using a 32-bit counter.


If you can, reset the counters before you go to sleep; if you don't have 
a torrent or mule running, counters in the morning should be very low. 
Then work for a day and then check your counters again.



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: what's the least expensive way to call israel from the usa?

[Ori Berger]

Michael Shiloh wrote:
calling cards and skypeout have been recommended, but i haven't yet 
compared prices. what other options are there?


i'm calling from california, if that makes a difference.

michael


Depending on the volume and your access to a server.


You can get voip termination (equivalent to "smtp" -- letting you 
originate calls from a voip device) for ~1 cent/min to a landline, ~9 
cent/min to a mobile. grnvoip works for me (they have "regular routes" 
and "premium routes"; Terminating in Israel, regular routes are good 
enough. Terminating in the US, I switched to premium because regular is 
not good enough for me).


As for how you actually make the call -- you can run a SIP server at 
home if you have the bandwidth and reliability, or you can get a VPS for 
$8/month and do that remotely.


The following thread may be helpful:


If it's a low call volume, and you don't need flexibility then skypeout, 
olehphone or just getting a 012 smile (area code 072) in Israel and 
taking the adapter to california may be preferable.


Ori.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Linux Workstation ADSL Networking Problems at Bezeqint

[Ori Berger]

Shlomi Fish wrote:
I tried reducing it to 1,400 and the FF problem persisted. Now I'm trying to 
reduce it to 1,300 and see how it goes.


Thanks for your help.

Regards,

Shlomi Fish


When I had such problems (a few years back) the solution was to disable 
ipv6 (as in, blacklist the ipv6 kernel module). If that MTU doesn't 
help, this might.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

New government already hard at work (though, I'm not sure who for)

[Ori Berger]

Microsoft is going to be participating in government sessions dealing 
with IT. Government is not obligated to purchase Microsoft stuff. 
Microsoft will share its security experience with the government.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: [OT] Always Innovating TouchBook - A Linux based Netbook

[Ori Berger]

Amichai Rotman wrote:
...and they will probably find a way to bring it with Window$ XP 
pr-installed...


Luckily (?) it is ARM based. So they won't bring it with XP 
pre-installed, although some clever importer just might manage Windows 
Mobile.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Why is GNU/Linux so Bloated?

[Ori Berger]

Shlomi Fish wrote:

I've compared the size of the Linux .so file (after -Os and strip) to the size 
of the Windows MSVC-generated .dll. 


With gcc -Os before strip - 86,464 bytes
same after strip - 74,584

With gcc -Os that can solve Freecell only - before strip: 71,440
After strip - 60,312

Now on Windows, Visual C++ generated the files in:

http://tech.groups.yahoo.com/group/fc-solve-discuss/message/999

I have some freecell-solver.dll's there and since it is the output of cygwin's 
"ls -l", you can determine their size. The Freecell-only DLL after strip is 
18,944 bytes long.
  



This is a good description of what might be causing this, and how to 
solve it. As the page notes, the "visibility" option has been integrated 
into gcc 4, but you do have to use it.



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Building 32 bit (Intel X86) kernel module on a 64 bit (Intel x86_64) machine

[Ori Berger]

Dan Shimshoni wrote:

I want to add that "make ARCH=i686" (on the 64 bit machine) gave me errors
(and also trying to passing various gcc 32 bit arch flags ).
  
What errors  you got will be very helpful in getting to a solution - my 
guess would be link problems and/or wrong Makefile configuration

It seems to me that both these tools are more complicated then needed.
Does anyone know a better way for achieving this ? for example, building
binutils on the x86_64 machine (maybe with a specific 32 bit flag, and
maybe also building glibc with a flag specifying the target is intel
x86 machine is a must ?), and then building gcc against this libraries
?
  
If you're looking for the simplest solution, run a 32-bit environment - 
either in a virtual machine (virtual box, kvm, qemu or even vmware) or a 
chroot environment (google "debootstrap"). The virtual machine solution 
has the property that you'll also be able to test said kernel module and 
not just compile it.


Kernel modules will very often only work against the exact kernel 
version for which they were compiled. You're in for redoing the work if 
you upgrade the kernel on the 32-bit machine.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Please recommend a web host in Israel

[Ori Berger]

Itay Donenhirsch wrote:


hi folks,
has anyone used vpslink.com? i got a recommendation for them but i was
wondering about response times from israel.
thanks
Itay
  
Up until this week their response time from Israel was atrocious, 
because they only had a farm in Seattle. As of this week, they offer 
virtual hosting in New York as well, so it's probably just going to be 
horrible, rather than atrocious. But their service works very well, and 
they are very well connected within the US.


Disclosure: a satisfied user of vpslink in Seattle (They deliver 
bandwidth, which I care about; latency, I care less about; I'll probably 
switch to New York soon).


prgmr.com is a little cheaper than vpslink - you can get a 128MB xen VM 
with reasonable CPU and great bandwidth for $6/month on a monthly basis 
($4.5/month or so on a yearly basis), but they are even farther away 
from Israel in San Jose. I like their slogan: "We don't assume you're 
stupid". Haven't had a chance to use them so far, but heard good things 
about them.


(Oh, and hi!)

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Need Recommendation for Israeli Rails Hosting

[Ori Berger]

ASAF HALILI wrote:

Hi everybody,

I need a recommendation for a hosting that support ruby on rails, 
linux hosting.

I prefer shared hosting but VPS is also acceptable.
I need really good response time so I prefer that the hosting will be 
located in Israel.


Anoyone knows such a hosting?

Thanks, Asaf.


I can recommend 34sp.com for great service. Never tried running ruby 
there myself, but the checklist say it is supported. I'm still using 
their "personal hosting" $2/month program which has since been 
discontinued, and the service is great. The cheapest program they offer 
now is $8/month, and I assume the service is just as good.


They are located in the UK, which is not as good as being located in 
Israel, but for a well designed site is not much of a difference.


Not affiliated with them, except for being a happy customer for 9 years now.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Desktop effects stopped working on Ubuntu 9.04

[Ori Berger]

Ori Idan wrote:

I have an Ubuntu 9.04 laptop with Intel 945 graphics adapter.
Desktop effects worked until this morning when I connected it to an 
external monitor.
After disconnecting the external monitor and restarting the laptop, 
desktop effects stopped working.

Does someone have an idea how to reenable them?
It's a known bug in the Intel driver: You placed the external screen to 
the left/right of the laptop screen, causing the effective screen width 
to be one that the Intel Driver does not support 3D acceleration for, 
thereby causing compiz to turn off effects.


If effects won't turn on, check /etc/X11.conf under section "Screen" 
subsection "Display" to see it doesn't still list a too-wide screen 
(your laptop is probably 1024 or 1280 pixels wide). When this happened 
to me, I deleted the "Display" altogether and let Ubuntu re-figure it 
out itself, but a "sudo dpkg-reconfigure xserver-xorg" might be helpful.


And from now on, when you connect an external monitor, just be sure to 
place the screen above/below the laptop screen rather than to the 
left/right of it.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: Cheap VOIP to cell?

[Ori Berger]

Hetz Ben Hamo wrote:

Hi,

I was just shocked by the huge cellphone bill I got, I decided to look 
for some alternatives..


Skype has unlimited call in Israel, but it's only for landlines. 
 Their mobile prices are pretty high compared to what cell phone 
companies offer. 

So, does anyone had/have this issue and found good solution? (not 
calling cell numbers is not a solution).
Apparently, betamax ( ; see for more info 
 ) can get you 4 
eurocents (6 usd cents = ~24 ag). I have no experience with them; The 
only guy I know who uses them has good experience, but the wikipedia 
article doesn't seem as cheerful.


Personally, I'm happy with grnvoip/ezcall (). 
Rates change periodically, but at this moment: 
 
mobile phones are 8.2 usd cents, landlines are less than 1 usd cent. Not 
affiliated with them in any way except as a customer. Service is decent, 
tech support is competent and always available, although I had to switch 
to the "premium" routes to get decent USA calls (but if you only plan to 
call Israel, you can do just as well with the "standard" routes)


You may be interested in this thread I started early this year:
; the 
latest relevant summary I posted is in 



But, all in all -- it doesn't seem like you can really get cheap mobile 
calls in Israel.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: SIP provider questions.

[Ori Berger]

geoffrey mendelson wrote:
1. There is a SIP (or IAX) provider selling Israeli DIDs? I need them 
to be in Israel and accept "Israel only" credit cards.
Cheap is more important than providing customer support, or good 
service.
didww.com; They are cheap ($3/month for an Israeli DID, flat -- some 
providers charge per incoming minute). They don't always have Israeli 
numbers on stock, though. Also, they are an Israeli company so they'll 
probably be able to accommodate your payment.


2. Is there a pay-as-you go SIP (or IAX) provider that works with the 
Israeli system besides SKYPE?
grnvoip.com / ezcall is reasonable everywhere if you use their premium 
routes (which is still cheap), and specifically in Israel their 
"regular" routes are just as good and cheaper still (8c/minute mobile, 
<1c/minute landline).
I'm looking for something someone can set up and not have to worry 
about either a hacker (or a teenager) running up hundreds of shequels 
in calls to cell phones.
Prepay is the way to go for that. grnvoip will only accept calls coming 
in from an IP you give them in advance (up to 3, IIRC). I've heard good 
things about voipjet as well, but they stopped accepting individuals; if 
you can do this from within your company, they would also be an option.


Not affiliated with either of these companies, but I have been using 
their services for a year, and am very satisfied with their price, and 
reasonably satisfied with the quality of their service.


See also: 
 a 
thread you already participated in; most of it is still up to date, 
surprisingly.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Question about VOIP and Faxes

[Ori Berger]

Dear Linux-IL,

I've been using asterisk, a pstn->sip DID (didww) and a sip->pstn 
termination (grnvoip) for the last year, and it's been working very 
well. I'm about to purchase[1] an Epson Artisan 810, which can also work 
as a Fax, and I would like to put it to that use. (Oh, and I'm located 
in the US)


From what I've been able to gather, didww say they do not support T.38 
(voip fax protocol); grnvoip do support T.38; Faxes may still work 
through a voice codec if bandwidth is high enough; Which means I might 
have problem receiving faxes, although no problem sending faxes to PSTN 
numbers.


Does anyone on this list have experience with using FAX through voip?
* Which provider would you recommend for did or termination?
* Are there any alternative recommended services (mail-to-fax, 
fax-to-mail) that don't cost an arm and a leg? (I pay $3/month for a 
phone number, and <1c/minute for termination; so, e.g. a $20/month fax 
service IS expensive).

* Any other Asterisk/Printer/etc. configuration tips you have?

Thanks in advance,
Ori

[1] provided I manage to print to it in the store before buying. There 
are drivers for linux here 
, there was only one 
reference on the whole web I can find to anyone trying this printer with 
linux, and for some reason they were not successful.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Looking for a cheap (and relatively reliable) .us/.ca-based SSH/rsync/PHP/Perl 5 web hosting

[Ori Berger]

Shlomi Fish wrote:
1. Be able to host a web-service for http://backup.shlomifish.org/ there. 
Optionally other arbitrary domains at no extra charge.


2. Static content, Perl 5 CGI and PHP 5.

3. SSH with rsync. (No virtual server - and please don't bug me about it).
  
I assume you're ok with a Virtual Machine, though; if not, that is at 
odds with the requirement for 'cheap'.

4. Ability to accept payments by PayPal.

5. Cheap.

6. Located in .us/.ca.
  
You can get a 128MB virtual machine which would be sufficient unless 
your perl5/php5 code is really memory hungry. At  
it costs $6/month,  less than $60/year. (You can go cheaper with a 64MB 
plan; however, don't expect to e.g. compile anything on it). VPSlink 
gives same service and costs a little more. I believe both accept 
paypal, but I'm not sure.


You will have to set up your own DNS, web server etc, but anything's doable.

Just in case managed virtual server in the UK with ssh and rsync is 
acceptable,  will cost you 
$7/month. Can host subdomains but not arbitrary domains.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Working with Sentos packages

[Ori Berger]

Geoff Shang wrote:


Hi,

I need to do a job on a Sentos system.  I'm not used to dealing with 
RPM-based systems, I'm a Debian man myself, so am wondering what the 
equivalents of


apt-cache search

and

apt-get install

are?

rpm == dpkg
yum == apt

apt-cache search = yum list  / yum list | grep 
apt-get install =  yum install

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure DNS hosting?

[Ori Berger]

shimi wrote:

Are there such things as "specialized secure DNS host" or just about

any host is good enough (e.g. we registered most of our domainsat
godaddy).


You could use the UltraDNS from Neustar services [1]. It WILL cost you 
:-) But I guess those guys know what they're doing: They run one of 
the root DNS servers of the Internet... they provide DNS service to 
some major companies out there, including Amazon.com. They use Anycast 
to take the queries to network-wise close locations, so they'll be 
answered fast and also limit the effect of DoS attacks to only the 
part of the world where the attack came from.
I have no specific knowledge of UltraDNS, and if Amazon uses them, I'm 
sure they're very good at what they are doing.


However,  please be aware that DNS based attacks are often not directed 
at infrastructure under the attacked entity's control (e.g. poisoning 
resolvers, netbios replies, initiatiating domain transfers through a 
less-than-competent registrar, etc). And while you should do what you 
can to secure your DNS infrastructure, you should be using other means 
as well - e.g. server certificates; client certificates; RSA tokens, etc.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure DNS hosting?

[Ori Berger]

Amos Shapira wrote:

What are you refering to by "server certificates, client certificates,
RSA tokens etc"? Are you talking about DNS-SEC or just general web
server security practices?
  
General web server security practices; A server certificate tells the 
client that this server has been trusted by a known certificate 
authority to serve a specific domain. That's not perfect, as hackers 
have already demonstrated being able to get certificates for domains 
they do not own, and a specific certificate signing bug (since patched) 
allowed certificates for specially crafted domain names to pass as 
certificates for other domains.


It does, however, make life harder for the hacker and works well against 
simple "man-in-the-middle" attack.


A client certificate proves to your server that the client posses a 
certificate, without sending it online. This provides some defense 
against a man-in-the-middle attack or keyboard logging/password sniffing 
-- but of course, not helpful if the client machine was compromised and 
rooted.


RSA tokens (I'm sure there are other manufacturers) are small devices, 
usually credit card sized, that display a password that keeps changing 
every minute. Identity is verified by the client having access to the up 
to date password at log-in times and when performing sensitive actions.



I'm at the "reading the brochure" stage and google'ing a bit about
them but one of the points I think I got through is that they have
their own servers and cooperation with major ISP's in many places
around the world in order to reduce the exposure to external DNS
vulnerabilities.
  
That sounds like good practice. Make sure that this is true regarding 
where your clients are located; e.g. they might have wonderful 
infrastructure in the US but not in Australia, or vice versa.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: XWindows - how capture window ?

[Ori Berger]

Valery Reznic wrote:

Do you have any ideas, how can I render this window off screen and capture it's 
content ?
  
You can probably run an Xvnc server (X server that sends updates out 
through the vnc protocol, rather than actually updating screen). As far 
as any software is concerned, this is a real screen, so you can run 
anything on it. However, it does not need to be visible on any physical 
display; Also, if the whole reason is to let this app work through the 
network, then xvnc is a complete solution all by itself


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: kernel optimization for long distance download??

[Ori Berger]

Shachar Shemesh wrote:


Short answer - run a sniffer on both downloads.

Longer answer - there are some tricks you can do, some of them 
"legal", others violating the TCP/IP standard, in order to handle high 
latency links better. They might be referring to those.


Conclusion - run a sniffer :-)
As someone who is interested in this subject, but does not have access 
to a slow-vs-fast connection to sniff on, I would appreciate a 
description of the dirty tricks, "legal" or not.


Thanks,

Ori

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: FTP or NTPv3 are examples for application protocols that embed network-layer addresses

[Ori Berger]

Ron Varburg wrote:

I saw in the wikipedia, don't remember the exact entry, that 


in contrast to most transport- and application-layer protocols, FTP or NTPv3
 are examples for application protocols that embed network-layer addresses

Can someone elaborate on that ? 


FTP in active mode, requires whoever does the get to give his 
address/port (PORT command), using six 8 bit numbers; similarly in 
passive mode, the server gives another address for the client to use -- 
possibly on another server. These were ipv4 addresses; I'm sure there's 
an ipv6 extension as well.


An NTP server gives the ipv4 network addresses of the servers it syncs 
from (if it's using it's own source).


In contrast, HTTP only uses names -- e.g., redirect will be to 
"Location: http://blahblah"; with no network-layer addresses. Similarly, 
SMTP only uses host names, not network layer addresses.


Ori

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: hosting in USA

[Ori Berger]

Serge wrote:

Sorry, I didn't mentioned that.
We are looking for VPS/dedicated server managed by us, depends from the
price what to take.


vpslink.com ; linode.com ; prgmr.com

Prices are great. I have experience with good service from linode and 
vpslink; no experience with prgmr, but I heard great things about them 
-- and their motto is "we don't assume you are stupid".


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: sipme.me and Linux voip softphone

[Ori Berger]

Stan Goodman wrote:
I use a VoIP provider in the US (more convenient for me for several 
reasons). His support desk was helpful in the setup phase and who remains 
ready to answer questions (I pay $0.019/minute, with no monthLy fee, for 
calls to virtually anywhere on the planet, with excellent sound quality). 
The provider I used previously (also in the US) was equally helpful. 
If "sipme" is unwilling to even try to support you, what you need is a 
different provider; there is no excuse for limiting their interest in you 
to only collecting money from your credit card account.


Care to name said provider?

Does that 1.9c/min include calls to Israeli mobile phones? I'm using 
grnvoip, which charges <1c/min for US calls or landlines, but 8c/min for 
mobile phones. I would gladly switch as most of my calls to Israel end 
up on mobile phones.


Thanks,

Ori

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Hebrew problem - ripping CDs

[Ori Berger]

Shlomo Solomon wrote:
I've been using k3b to rip my collection of CDs and I noticed that on some CDs 
the Hebrew file names are recognized and on others not. I assume that Hebrew, 
encoding, fonts etc are properley set up. Otherwise, it wouldn't work on some 
CDs. Can anyone tell me if this is a problem in CDDB or the specific CD and if 
there's a way to fix it (other than manually re-naming each file)?


BTW - I tried GRIP and had the same problem.


Some of the Hebrew albums in CDDB are stored in CP-1255 (Windows Hebrew 
Codepage) and some in UTF-8. As far as I know it doesn't say anywhere 
inside CDDB how it is stored, so if it doesn't work with one, it should 
work with the other (you have a place to specify that inside grip in the 
DB tab; have no idea about k3b). While it's possible to write a program 
that will detect this automatically with very high probability, I don't 
know of one that exists.


Same problem exists for other non-English albums, btw: some are stored 
in CP-1252, and some in UTF-8; if you have a bjork CD you might have a 
problem getting the umlaut (two dots above the o) to show with the wrong 
encoding.


Ori

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: heard about internetto?

[Ori Berger]

Stan Goodman wrote:
For comparison, using the VoIP connection I already have, and adding an 
Israel DID number would cost $5/mo for the DID (~NIS20); price for calls 
is $0.019/minute (~8 agorot). The advantage, although it won't change my 
financial condition, is in favor of VoIP.

.
.
.
The VoIP solution also relieves me of extra charges for "other carriers", 
i.e. for the privilege of calling this or that cellular company.


Am I reading correctly that your VoIP provider lets you call Cellular 
providers for less than 2 cents a minute? If so, could you please tell 
us who that is?


e.g. grnvoip, which is cheap (though not the cheapest) gives 
1c/bezeq&hot, 8c/mobile. 
 
I would happily switch to a cheaper provider.


Ori

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: CPU & RAM in a storage box

[Ori Berger]

Nadav Har'El wrote:

At Backblaze, we provide unlimited storage to our customers for only $5 per
month, so we had to figure out how to store hundreds of petabytes of

Looking at their site, it appears that while their systems run on Linux,
they don't give service to Linux machines. Is that true? Is there a similar
online backup service which does support Linux? I'd love to use such a service
for my home Linux computer.


Not quite as cheap, but  is 30c/(compressed GB) 
storage or bandwidth, and support Linux. windows support is exclusively 
through Cygwin.


(Not a user or affiliated in any way; can't comment on how good/bad they 
are)


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: secure/ssl vpn in linux with phone clients

[Ori Berger]

ik wrote:

Hello,

I'm looking for an open source VPN that is secure (such as ssl vpn that 
arrive with openvpn) but also have clients for cellular phones including 
iPhone.
OpenVPN as far as I know have support for all cellular phones except 
iPhone (unless you know any non jailbreak based clients for it).


The Cellular phones that I require support for are:
1. Symbian,
2. iPhone,
3. Android
4. Blackberry
5. Windows mobile :(


I know Windows Mobile and iPhone support a PPTP VPN. I can vouch for the 
iPhone implementation - it works flawlessly. This connects to my Ubuntu 
8.04 server, which I set up for this more than two years ago and did not 
even touch once since.


The pptp server is libre/free/open source.

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: The riddle of atomic data transfer from process A to process B

[Ori Berger]

On 04/13/2011 09:41 AM, Omer Zak wrote:


A full fledged queue would force the consuming process (process A) to
read and process all data written by the producing process (process M)
even when process A needs only the most recent value whenever it reads
process M's data.


I forgot how this scheme is called, but assuming you have some shared 
memory between the processes, what you do is:


have value variable (e.g. "value") and counter variable ("counter")
also shadow_value and shadow_counter

initialize counter to 0 (any even number will do)

in process M:

atomic_increase counter; (or follow with memory_barrier())
write value;
atomic_increase counter; (or follow with memory_barrier())

in process A:

pre_counter = atomic_read counter; (or precede with memory_barrier())
new_value = read value;
post_counter = atomic_read counter; (or precede with memory_barrier())

if (pre_counter == post_counter) && (pre_counter%2 == 0), new_value has 
been safely read; write it to "shadow_value", use that as value, (and 
for good measure store pre_counter in "shadow_counter").


if pre_counter != post_counter, use "shadow_value" - and be aware that 
your value is actually up to date only for "shadow_counter".


This is lock free in the sense that no process blocks waiting for the 
other one. However, you may end up using an older value. You might put 
'A's reader in a loop, so that it retries until it manages to read an 
up-to-date value.


Also, in a fully deterministic system, you might get to a situation 
where A and B interlace in such a way that you *always* read the value 
while it is being modified, so the shadow value never gets updated. In a 
random system, the probability of being more than 'n' updates behind the 
producer drops exponentially with n.


Note that unlike CAS and friends, the "value" here can be any size 
whatsoever - only the counter needs to be read/written atomically (or 
otherwise synchronized through the memory barrier).


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: The riddle of atomic data transfer from process A to process B

[Ori Berger]

On 04/13/2011 05:04 PM, Omer Zak wrote:


If the counter is one byte wide, then any updates to it would be atomic
by definition (of course, the context is that only process M ever
modifies it).


While that is true, I was wrong in asserting that "atomic" is enough. It 
needs to be ordered with respect to the value updates. the 
"memory_barrier()" is enough. On x86 with cache coherent everything and 
using a "lock xadd", it should work as is.



I wondered whether it is enough to realize the counter using two bits.
However such a design won't protect process A from reading inconsistent
data if process M was updating data twice while process A was reading
the same data.


True. You need a no-realistic-possibility-of-overflow counter there. 8 
bits if process A reads sufficiently quickly compared to M updates. 64 
bits would be sufficient for anything on any processor. 32 bits might be 
enough for you.



Also, in a fully deterministic system, you might get to a situation
where A and B interlace in such a way that you *always* read the value
while it is being modified, so the shadow value never gets updated. In a
random system, the probability of being more than 'n' updates behind the
producer drops exponentially with n.


The ideal solution needs a mechanism to prevent this theoretical
possibility.


But you also wrote:

> Even a bigger counter won't provide full protection as long as the
> counter can overflow.  We need a way for process A to signal back to
> process M that A is in middle of reading data, so process M should not
> update it this time.

This suffers from the same problem. Either you do locks (which risk 
blocking), or you risk using an older value (potentially, very old). Or 
you do a "wait free" algorithm (contrast with "lock free", which is what 
I described; no locks but has a "wait" - either a busy wait in reading 
an up-to-date value, or a delay in using an up-to-date value), which is 
beyond the scope of this email, and probably your implementation.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: umount and data is lost?

[Ori Berger]

On 11/05/2011 05:12 PM, Diego wrote:

Hi list,

I am trying to debug this problem in a system I am developing:

at some point I need to write a number to a file, and then reboot via an
external device the machine. That device will cut of the power for a moment,
and the machine will power on again (this is to overcome a fault we could not
overcome otherwise). Before the reboot, I "umount" the proper partition and
then "sync".


Have you tried a sync() before the umount? I have experienced (on older 
Ubuntus, may or may not be relevant to your system) that "sync" after 
unmount doesn't actually do anything, whereas a "sync" before unmount 
does -- perhaps it only syncs the list of mounted filesystems.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Detecting runaway process

[Ori Berger]

On 11/17/2011 07:41 AM, ik wrote:

Can't use gdb, it's a Ruby daemon (I didn't wrote it).
And strace gives different outputs on each crash :(

I can't figure out what is wrong.


Possibly Ruby itself: 
 - might be 
more work than you're looking for trying to figure this class of bugs.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Modern Linux memory management

[Ori Berger]

On 01/26/2012 10:16 AM, Baruch Siach wrote:


Only by using valgrind, that I could find the exact location and figure
out, that it was another function that had the problem.

How does the modern memory management system is working then, that it takes
so much time for the problem to surface ?


Now, if you corrupt the internal glibc data structure, glibc won't notice
until you try to call one of malloc(), free(), etc.


And in addition to what Baruch said:

Valgrind will always catch these errors, but will result in significant 
slowdown (x10-x20). There are tools like DUMA (and its earlier 
incarnation, Electric Fence) incur almost no CPU overhead and can detect 
many kinds of corruptions as soon as they happen, by using the memory 
management units.


(Because of the MMU granularity, you need to run your program twice - 
one in which allocations are aligned to the lower address, and one when 
they are aligned to the top address)


There is also a middle ground; gcc's mudflap 
 and -- if your program is 
pure C and can be compiled by tcc, 
; These are comparable to 
valgrind in functionality (for code you compile with them; standard 
library code runs at full speed/unchecked), but usually only introduce a 
small slowdown (10% or so).



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: DID/SIP provider in Israel

[Ori Berger]

On 03/07/2012 06:00 PM, Baruch Shpirer wrote:

I also need outbound calls or else I would continue to use them


I have had good experience with grnvoip.com; They are more expensive for 
Israeli routes than voippro.com, about which I've learned from Robert's 
post (thus I can't really compare)


grnvoip does offer a free reseller and "calling card" infrastructure you 
can piggy back on, with sub-account quotas, which might come in useful 
to you (it hasn't to me so far). They're service, should you need it, is 
competent and responsive. I've last needed to talk to them early in 2010 
(I've been using them since early 2009).


I'll give voippro.com next time I recharge my account - a $50 prepay 
seems to last forever these days.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: suggestions sought for a framework for a quick, dirty, really simple GUI prototype

[Ori Berger]

On 07/18/2012 04:50 AM, Oleg Goldshmidt wrote:

What is important here is speed and painless ramp-up to some fairly low
level. I want to be up and running as fast as possible with as little
coding as possible. No need for bells and whistles. No need for long
term maintenance. It is for a throw away demo/prototype - and yes, I am
sure it (the GUI part) will be thrown away.

Any suggestions / experiences / war stories / whatever?


I've been using fltk since 1999, with great success. It is remarkably 
simple compared to just about every other framework out there, and it is 
ridiculously fast (but only slightly less capable than Qt). This is the 
toolkit that CinePaint switched to from GTK.


It is "C+-" style - that is, it is C++ as it was usable in the year 
2000: Classes, but no multiple inheritance; no exceptions or rtti used; 
threads supported by virtue of keeping GUI on one thread, and providing 
simple signaling to the GUI thread.


It is "90s" style - that is, there are a lot of globals. Don't diss it 
until you've tried - the code is simpler and faster as a result, and 
nothing is missing; e.g., if you want to draw text in in red with 
helvetica, size 10, you just do:


fl_font(FL_HELVETICA, 10);
fl_color(FL_RED);
fl_draw("text", x, y);

It is very well documented, and comes with tens of simple-to-understand 
yet very useful examples.


If you do take fltk, you want the recently released 1.3 branch (ignore 2.0).

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: where to host web server

[Ori Berger]

On 10/23/2012 10:57 AM, Shahar Dag wrote:

The students will decide which web server and supporting programs to
install (but it will be Linux) and then install everything they need.

We cannot test in advanced that the web site & the machine behave in a
reasonable way.

Everything can be accessed internally via a limited network.


If this network is on the Technion network, and it has free access 
outside, everything bad that people described can happen. You just need 
an ssh tunnel or a  redirect, and you're on the 
open internet, almost equivalently to being there in the first place.



The problem starts for example if you want to test your system from a
mobile device via 3G. Here you need to open your system to the world.
Currently we can’t do it (for next year we will try to host a virtual
cluster in the DMZ).


one ssh -L to tx, or a pagekite account, is all it takes to make it 
accessible to everything and everyone. (I'm not suggesting you do that - 
I'm suggesting that being directly routeable is not a requirement for it 
to be "open").


If you want to test it from a mobile device, you can put a $30 wireless 
router, and set that mobile device to use that wireless router's wifi. 
If you want 3G speeds and problems, you can do traffic shaping.


If you can afford ~50nis/project, use a VPS server. A quick review of 
LowEndBox says you can get a 256MB VPS, internet routable, for $4/month, 
which would be 50 nis for a semester. (There are even cheaper options).



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Home made NAS

[Ori Berger]

On 12/05/2012 08:00 AM, Moish wrote:

I use WD MyBook Duo 2x3T.
http://www.wdc.com/en/products/products.aspx?id=620
Transfer rate more than enough for HD over N-wireless network.

On A side note:
Above storage is used (among other devices) by two Apple Tv 2 (jb with
Xbmc) and for fun, I will
add a Raspberry Pi model B which cost me almost 50$ in the USA. (ATV2
cost 103$ w/tax)



For those going the DIY route, older PogoPlugs can often be found for 
between $12-$25 in the US (new from the store; they've spent the last 
year clearing this inventory). These things come with Linux and some 
software that lets you pierce firewall and access them from everywhere 
(which is useful), as well as some photo and video conversion software.


You can reflash them with debian if you want full control. They are rock 
solid, completely silent, 6W maximum draw (with 4 portable USB powered 
drives), ARM with 128MB or 256MB (depending on model), with 1Gb ethernet 
and 4 USB 2.0 - perfect with 1-2TB portable drives.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: filesystem capable of deduping tar.gz's content

[Ori Berger]

On 05/08/2013 09:22 PM, Elazar Leibovich wrote:

Hi,

I have a software product being built a few times a day (continuous
integration style). The end product is an installable tar.gz with many
java jars.

Since the content of the tar.gz's is mostly the same, I want to use a
filesystem that would dedupe the duplicated content.

As I see it, it's s FUSE filesystem that:


.
.snip
.

Is there anything like that available?
Is there a smarter solution?

.

Apologies for being late to the party.

The tar.gz makes everything a problem - a zip would work better for what 
you want (because, unlike a .tar.gz, it will not compress across files - 
each one will compress individually).


However, there is an (essentially) ready made solution which will work 
with .zips, but much much much better with the original folders: bup


https://github.com/bup/bup

As long as you don't care about ownership/permissions/modification-time 
(there's a branch that has those as well, but IIRC it's not in the main 
branch yet), bup:


a) dedups at the sub-file level (that is, if you add/delete/change 1 
byte in a 100GB file, the additional version will take ~10KB on 
average). bup breaks file into "easy to find again" sections, and 
actually stores those sections. A change of one byte will likely change 
just one such section, which has expected size of ~8KB


b) gzips each such section individually (so it won't be much larger than 
a .tar.gz except for pathological cases)


c) is randomly accessible - any version, any time

d) comes with a command line front end, an FTP front end, a FUSE front 
end, and possibly more I forgot.


e) uses git as a storage format. If all else fails, you can poke at the 
internals using git.


f) has a "manual mode" (bup split / bup join), in which you supply your 
own file through stdin, and bup still does its own dedup magic. You'd 
still want to use .tar (best) or .zip (2nd best) rather than .tar.gz, of 
course.


bup is the best thing for backup since sliced bread. It's also 
reasonably fast, works locally or client/server through ssh, and more. 
The only thing I'm really missing is built-in encryption, and some 
people who care more about perms and ctime/mtime/atime in backups miss 
those - but otherwise, it is teh awesome.


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: NTP

[Ori Berger]

On 05/08/2014 04:25 PM, Amos Shapira wrote:

+1 for Smart Time Sync + ntp server.
Now the perfectionist in me would still like to combine what it does
with an NTP daemon reference clock :)


Unless you already have an old smartphone that you want to keep for this 
use, look for a simple USB GPS receiver - between $20-$40 (I can see it 
now for $35 in Amazon 
 
). Supported natively by ntpd 
, uses less power, does 
not cook your brain, and slightly less useful for the NSA to spy on you 
with :)


___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Looking for a performance/health monitoring and alerting solution

[Ori Berger]

I'm looking for a single system that can track all of a remote server's 
health and performance status, and which stores a detailed 
every-few-seconds history. So far, I haven't found one comprehensive 
system that does it all; also, triggering alarms in "bad" situations 
(such as no disk space, etc). Things I'm interested in (in parentheses - 
how I track them at the moment. Note shinken is a nagios-compatible thing).


Free disk space (shinken)
Server load (shinken)
Debian package and security updates  (shinken)
NTP drift (shinken)
Service ping/reply time (shinken)
Upload/download rates per interface (mrtg)
Temperatures (sensord, hddtemp)
Security logs, warning and alerts e.g. fail2ban, auth.log (rsync of log 
files)


I have a few tens of servers to monitor, which I would like to do with 
one software and one console. Those servers are not all physically on 
the same network, nor do they have a VPN (so, no UDP) but tcp and ssh 
are mostly reliable even though they are low bandwidth.


Please note that shinken (much like nagios) doesn't really give a good 
visible history of things it measures - only alerts; Also, it can't 
really sample things every few seconds - the lowest reasonable update 
interval (given shinken's architecture) is ~5 minutes for the things it 
measures above.


Any recommendations?

Thanks in advance,
Ori

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Corrupt file system: Replace hard disk or not?

[Ori Berger]

This could be the result of anything from a power glitch, strong RF 
transmission from another device next to the computer, bad power supply 
or bad memory. The hard disk itself is not more suspect than any other 
component in your system.


Personally, I've twice had data mysteriously corrupted (once on Win2K, 
once on Linux), and in both cases it turned out that the RAM was bad; 
Since then, I never start using a system until it has successfully run 
through 48 hours of memtest.


When you install your next system, consider ZFS / ZoL - it tends to 
alert you to bad RAM or bad power supply rather quickly.


On 09/22/2017 12:11 PM, Eli Billauer wrote:

Hello all,

TL;DR: My hard disk's filesystem was corrupt, but the SMART statistics
is perfect. Should I replace the hard disk?



___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: Gmail and Claws

[Ori Berger]

On 25/04/2020 22:22, shlomo solomon wrote:


Google/Gmail has decided to drive me crazy and I hope someone can help.

5 - to allow this, I have Gmail set up to allow POP access and my
Google account set up to allow "Less secure app access" (Google-speak
for anything not provided or controlled by Google).


No, that's not what allowing "Less secure app access" means.

It used to be, that you had one password to an account (say, your gmail 
account), and knowing that password would automatically give every 
permission to whoever provided it. But as more and more things need to 
interface these things today, it is now common to break the security 
such that:


a) There is still indeed one main account password (potentially aided by 
a 2nd factor), however ...


b) That account password is ONLY used with the main interface - in 
Google's case, the "accounts.google.com" domain; and that once you log 
in there


c) You can delegate specific, limited access to different applications 
through that interface.


Now, as long as you're within the Google system (e.g. YouTube, Calendar, 
Hangouts, etc.), this is all handled internally. But as soon as you exit 
that system, e.g. by using Thunderbird or Claws, you have some friction 
with the delegation step (c).


One way supported by Google (and Facebook, and Apple, and others) is 
OAuth2 - that app makes a request to Google for specific permissions; 
You log in to accounts.google.com (after being redirected into it by 
that app), and Google asks you to approve the specific permissions 
requested by that app or website. If you do, that app/site gets a 
"token" (for all practical purposes, a username+password for that 
app/site uniquely generated for that approval process) that they can 
use, but that is limited to exactly those permissions that the app 
requested and that you approved. Thunderbird has a "Google" connector 
these days which does exactly that.


For older applications which do not support OAuth2, you can just go in 
and generate an "App specific password" and specify those permissions 
yourself; That's what you need to do for Claws. What you get is a 
password that (assuming you asked for smtp/imap access) only works for 
smtp/imap, and cannot be used to e.g. log into the Gmail web 
applications and set up new forwards/filters. I do not know, but I 
suspect, that they expect this password to be strictly used by one app - 
e.g., I expect them to reject it if one day they see it being used from 
Claws and the next day by Outlook; this information is sometimes 
available directly in the protocol itself - e.g. claws and thunderbird 
put a "User-Agent" mime header when they send a message - and is 
sometimes inferred - e.g., if you have an X-MS-TNEF header, it's Outlook)


The rationale behind this system is not to give Google more control 
(it's not like you previously could add forwarding setup through 
imap/pop3) - but rather to limit the probability that your main, 
all-powerful, password would leak from systems like Thunderbird or Claws 
or PEBKAC which Google cannot directly secure. (There is, of course, a 
very busniessy reason here as well - sites like LinkedIn and Facebook 
used to ask you for your mail username/password, "so we could make it 
easier for you to see who of your contacts is in our system and send 
them invites", which is a bad idea for everyone involved except 
LinkedIn/Facebook - especially Google who competes with them; The speed 
bump and warning "they can READ YOUR MAIL" significantly decreased the 
viability of this spying method, to the point that LinkedIn and Facebook 
dropped it - opting instead to ask for those permissions on their mobile 
app.)


So, disabling "less secure app access" basically means "I will only use 
my main google password on the google web site, not in any other way", 
which is generally good for you.



BUT, in the past few weeks, Gmail has randomly refused to let Claws
access my mail. Sometimes this lasts for a short time and sometimes
for hours or even a day or more.

The Claws log shows:

* Account 'GMail': Connecting to POP3 server: pop.gmail.com:995...
[21:49:25] POP< +OK Gpop ready for requests from 89.237.110.180
s20mb165349719wra
[21:49:25] POP> USER shlomo.solo...@gmail.com
[21:49:25] POP< +OK send PASS
[21:49:25] POP> PASS 
[21:49:25] POP< -ERR [AUTH] Web login required:
https://support.google.com/mail/answer/78754
*** error occurred on authentication
*** Authentication failed.


I have experienced this before several times, and 95% of the time it is 
when I am outside Israel, which likely triggers the Google hacking/fraud 
detection system, as I am using an IP that doesn't fit my standard usage 
profile. If you have changed your ISP recently, either your home or 
mobile, or occasionally use a VPN or Tor and have used your account in 
non-standard (for you) context, that is a likely cause.


Gmail accounts are highly sought by spammers as they have virtually no 
deliverability probl