Fixing annoying Android's 'insufficient storage available' issue

The root of all evil: ridiculously small amount of free space in '/data' partition

Android 'Apps' phone screenshot

I am happy CAT B15 user. So far it's the only phone in my possession which survived more than 1 year — it is rugged and therefore can cope with my lifestyle. But last months it became almost unusable because of 'insufficient storage available' message which came out all the time.

The reason is simple — system updates are installed to the '/data' partition which has only 1 GB and they take around half of available space. I googled and found a lot of ridiculous solutions like 'install app X and it will magically solve all your problems including this', 'put all apps to the SD and you will save additional 40M' etc.

These advices sounded like a meaningless loss of time and I decided to fix the real problem which is lack of space in '/data'. 1 GB is ridiculously low limit for modern device with a lot of apps and updates for Android components.

May be my way of fixing the problem can be helpful for other users of Caterpillar phones and other Android phones with similar issues.

Read more

#android #linux

[ipsec, iptables, ebtables] How to avoid leakage of packets addressed to/from private IP space

Background

I've been asked by SEED4.ME VPN to investigate the package leakaging issue in their environment raised after delivering new VPN features for Apple devices.

We've agreed that we do want not only to solve this particular problem with Apple IPsec, but to build a fence system which can completely eliminate any packet leaking problems in future caused by any bug, feature, misconfiguration etc.

I hope results of this small project can be useful for other engineers facing similar challenges.

Problem: packet leakage

Packets belonging to private IP address space shall not appear in the network interfaces which do not belong to private networks.

Typical example is VPS hosted in the cloud. If it sends packets addressed to private IP address space through its external NIC, it usually means that something wrong is happening. More providers started to implement BCP38 RFC for defeating Denial of Service Attacks which employ IP Source Address Spoofing. They block such packets and complain to VPS administrators.

However, errare humanum est — administrators are people too. Typical cases are NAT- and IPsec-related.

This article describes Castle Approach to this problem. An idea is simple:

  1. Leaked packets are filtered by Linux firewall (netfilter iptables)
  2. If packets are not filtered by Linux firewall, they are filtered by Linux ethernet bridging firewall (netfilter ebtables). In the same time, they are logged and became visible to the monitoring system

Read more

#ebtables #firewall #iptables #linux #vpn

How to automatically deploy static web site to the hosting

The problem: publishing your web site efficiently

When web site is updated on a regular basis (as it happens with blogs) it becomes important to automate the process of uploading site to the hosting. Using cpanel or FTP is boring and time-consuming.

The goal is to be able to sync the static-generated content (e.g., _site directory generated by Jekyll) with just one command. My post refers to Jekyll and hostgator but the methods suggested are not limited to these platforms — they are applicable to any static-generated web content.

Read more

#blogging #hostgator #hosting #jekyll

Is ECB really enemy of the euro? More on Bagehot's rule

ECB did not follow Bagehot's rule

Martin Sandbu criticizes ECB for its course of action in the weeks before voting in Greece (Financial Times, July 6):

Recall that the closure of Greece's banks was caused by the ECB's decision to do the opposite of what Walter Bagehot taught, which that to steam a bank run, the central bank should lend against collateral that, but for the crisis, is solid. In Grece fearful people have wanted cash, but the banks have little cash left. The normal course of action would be for the banks to get cash from the central bank, pledging their investments as security for the loan. But after Athens declared a referendum, the ECB said no further such loans should (for now) be given.

Martin's article has a plenty of interesting and valuable comments. However, in order to see bigger picture it makes sense to examine Bagehot's rule a little bit deeper.

Read more

#crisis #finance