Col’s Tech Stuff

If you’ve ever had to setup and troubleshoot NIS+, you’ll know what a nightmare it can be and quite frankly how unreliable it is unless you’re 100% accurate with all your configuration and settings and really know what you’re doing. Well, you’ll also be pleased to know NIS+ is also finally DEAD!!!

Sun have been been advising that NIS+ will be removed from a future release of Solaris for quite some time in the various docs on docs.sun.com (like the Naming and Directory Services guide which deals with setting up NIS+) and they’ve finally pulled the plug.

NIS+ is no longer in OpenSolaris as of build 130 (snv_130), so if you’re running NIS+ AND are keeping up to date with OpenSolaris or are planning on migrating to OpenSolaris and are still using NIS+, now’s a good time to consider migrating to LDAP or to the less complex NIS.

Update: I forgot to mention the PSARC (PSARC/2009/530) and CR ID (6874309) so you can track it down/monitor yourself.

Links of interest for 5 Nov 2009 - 2 Dec 2009:

• J is for JVM: Why the ‘J’ in JRuby? | Engine Yard Blog - A good explanation on why the guys behind jRuby like the J, aka Java Virtual Machine, part of JRuby. Interesting performance figures too when compared to the standard Ruby, especially considering people complain Java is slow.
• Senators press EU to speed its Oracle-Sun probe - I very much doubt this is going to have any effect on the EU regulators. They'll just perform the usual Gallic shrug and ignore the letter.
• DTrace Cheatsheet : Brendan Gregg - Vital resource for hacking up those dtrace scripts.
• mdb(1) background, intro, and cheatsheet : Jonathan Adams’s Weblog - A very useful resource if you have to delve into mdb.
• No, ZFS really doesn’t need a fsck - c0t0d0s0.org - A good response from Joerg to the OS New article Should ZFS Have a fsck Tool?

If you think Solaris patching is a complete nightmare, have a bit of spare time on your hands (don’t worry, you can still check emails etc) and really want to get up speed on Sun’s best practices for patching on Solaris 10, then check out the FREE Solaris 10 Patching Best Practices (WS-2700-S10) training course.

It’s a little on the cheesy side and uses some pretty poor Second Life like images, but it provides some useful information on how to make your patching experience considerably easier. The main emphasis is on using Live Upgrade for all your patching and maintenance and works around 5 key points they call the “patching philosophy”:

1. Use Solaris Live Upgrade
2. Avoid patching live systems with zones when possible (use Live Upgrade)
3. Avoid “Dim Sum” Patching ( ie mix and matching of patches)
4. Consistently apply Solaris 10 Best Practices
5. Don’t hesitate to seek guidance

The best practices mentioned in point 4 are:

1. Install the latest patch and package utility patches first (SPARC: 119254 / X86: 119255)
2. Upgrade to the latest Solaris 10 Update release during your next major maintenance window
3. Keep as up to date as possible with the contents of the Sun Alert patch cluster in between major maintenance windows.
4. Use Live Upgrade to patch or upgrade an inactive boot environment
5. If you are going to use Live Upgrade to patch a system with non-global zone that are running Solaris 10 8/07 (update 4) or an earlier Solaris 10 update release, apply the Solaris 10 Live Upgrade Zones Starter Patch Bundle

… which is essentially what is detailed in the Patch Management Best Practices document on BigAdmin, which I might add has a great patching section.

Most of the course revolves around using Live Upgrade and guides you through the process of creating the boot environments, upgrading, applying patches and activating the various boot environments. If you’re a little unsure about using Live Upgrade, this is a great free course to help you, and help you setup a good patching strategy at the same time. As an added bonus, there’s also a section on Deferred Activation Patching and the Kernel patch.

I’ve slowly been improving my main site since migrating to Habari and so far so good, however one thing I didn’t like prevailed - SPAM!!

This isn’t anything Habari specific - I had loads of spam when using Wordpress - however on Wordpress I used Akismet so didn’t really see it. I also soon gave up checking my spam queue in Wordpress as Akismet seemed to be doing a good job. With the move to Habari, I lost, or more precisely gave up Akismet and very quickly started seeing the spam I’d forgotten about.

Time to fix that.

Continue reading ‘Spam Fighting in Habari’

I encountered a problem this evening that I can’t really explain, I couldn’t install any pkgs via the Package Manager or command line. Both were failing with the same error:

$ pfexec pkg install SUNWant
Creating Plan -
pkg: The following pattern(s) did not match any packages in the current catalog.
Try relaxing the pattern, refreshing and/or examining the catalogs:
	SUNWant

$

At the time I had 2 pkg publishers defined:

$ pkg publisher
PUBLISHER                     TYPE     STATUS   URI
OpenSolaris-dev  (preferred)  origin   online   http://pkg.opensolaris.org/dev/
WebStack                      origin   online   http://pkg.opensolaris.org/webstack/
$

Both look good to me and have been working fine.

I tried rebuilding the index, but this didn’t seem to make any difference, so as usual, I turned to my trusted browser and found this thread. Whilst not the same pkg, looks like I’m not alone in hitting this issue. I checked my GUI in more depth and found I too was experiencing the same problem with it only showing installed pkgs.

The final entry in the thread in which the user details their solution sounded good, however I’m not too keen on the idea of unnecessarily hacking at files. The interesting part about this comment was the “requirement” for a publisher named “opensolaris.org”. Huh?? I’ve not needed this in the past and though I did have one, it was inactive so wouldn’t (shouldn’t?) have been used. Oh well, maybe something has changed without notice.

So, armed with this info, I fired up the GUI, removed my old opensolaris.org/release publisher which had the name “opensolaris.org” assigned to it and then added a new opensolaris.org entry, but this time pointing at the opensolaris.org/dev repo.

A short while later my pkg publishers looked like this:

$ pkg publisher
PUBLISHER                     TYPE     STATUS   URI
OpenSolaris-dev  (preferred)  origin   online   http://pkg.opensolaris.org/dev/
WebStack                      origin   online   http://pkg.opensolaris.org/webstack/
opensolaris.org               origin   online   http://pkg.opensolaris.org/dev/
$

… and I was able to install the pkgs I wanted without any problems.

I’m not really sure if it was changing the name of the repo or the refreshing of the catalogs that resolved the issue, but it’s working now .

Links of interest for 17 Oct 2009 - 2 Nov 2009:

• ZFS Deduplication : Jeff Bonwick’s Blog - Deduplication has just made its way into ZFS and Jeff provides a great explanation on what dedup it and why you need it, along with details on how to use it with ZFS.
• ZFS for MacOS X - One door closes, and thanks to Open Source, another opens.
• Apple cans ZFS project - It doesn't say much, but it speaks volumes.
• Monty, Stallman, MySQL, Oracle, and Sun: Open Letter Wars - Finally. Someone taking a subjective and clear headed view of the MySQL side of the Oracle/Sun acquisition.
• Solaris Auditing (BSM) in the Real World - A great post on what to do with those audit logs, once you've enabled auditing on Solaris.

I’ve just had a “how cool is this” moment. I was browsing through the zfs(1M) man page on OpenSolaris and spotted this excerpt…

     vscan=on | off

         Controls whether regular files  should  be  scanned  for
         viruses when a file is opened and closed. In addition to
         enabling this property, the virus scan service must also
         be  enabled  for  virus  scanning  to occur. The default
         value is off.

Huh??? Virus scan???!!! Solaris viruses are almost unheard of. In fact I can only think of the telnet worm. So I did a bit more research and sure enough, ZFS now has the ability to interface with a 3rd party virus scanning engine that can be used on Solaris.

Continue reading ‘ZFS Has Virus Scanning Functionality Built In’

I’m really starting to look forward to Sun being taken over by Oracle, especially if their current advertising battle is an indication of things to come.

In the on-going battle between Oracle and IBM, comes the latest TPC-C benchmark results which pit a 9 rack Sun/Oracle T5440/F5100 configuration (TPC-C results) against IBM’s monster 76 rack POWER 595 (TPC-C results).

Historically Sun has ignored the TPC-C benchmark as it’s not really a good indicator of real world use, however IBM hasn’t, and they continue to use it. Not for much longer though. Oracle has taken them to task and given them a jolly good hiding.

Continue reading ‘Oracle Bashing IBM’

Links of interest for 26 Sep 2009 - 14 Oct 2009:

• xkcd - Static - Hee hee hee
• Guest Account Bug in Snow Leopard Causes Data Loss - Ooops. Just as well I disabled this account a long time ago.
• MySQL ex-CEO tells EU to let Oracle buy Sun - Some very valid points here. Lets hope the EU listens and pulls finger. Their heel dragging is causing more harm than the acquisition would.
• Is cloud computing the Hotel California of tech? - Good point. I've not embraced "cloud computing" in this sense as I don't really need it, but more importantly I don't like not knowing I can easily move across to another provider in the future.
• Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES) - XKCD-esque stick figure comic explaining the Advanced Encryption Standard (AES): where it came from, why it was necessary, and most-illuminatingly, how it works. Very good.