SUNWzsh (4.3.4) without largefile support on sxce 75 !
Im currently running sxce 75 and, as usual, downloaded the latest 3 x86 chunks (build 76) from
the OpenSolaris site.
After unzipping and having verified the chunks' md5 checksums ( digest -va md5 file is yur friend ) it was time to concat the 3 files together to create the iso which is needed for the LiveUpgrade process.
mcp% cat sol-nv-b76-x86-dvd-iso-a sol-nv-b76-x86-dvd-iso-b sol-nv-b76-x86-dvd-iso-c > sol-nv-b76-x86-dvd.iso
after waiting awhile i suddenly got a ' cat: write error: File too large '. (the output file at that point was about 2 gigs in size).
further investigation showed nuffin out of the ordinary at first
plenty of available storage space on my ZFS filesystem ( so i didn't hafta investigate whether that particular filesystem was mounted with 'largefiles' cuz that is the default with ZFS ).
mcp% zfs list -o name,used,available,reservation,quota mypool/home/foo
NAME USED AVAIL RESERV QUOTA
mypool/home/foo 18.2G 22.8G none none
so also
NO reservations set and
NO quota to mess stuff up!
so what the hell was going on here ?!?!
after digging even further i came to the conclusion that the shell meh was using (/bin/zsh from SUNWzsh) had been compiled without largefile support !
i've always used zsh from SUNWzsh on previous sxce builds too and never hit this problem before!
after switching to bash from SUNWbash i was able to successfully create the iso to start the usual LiveUpgrade routine to be able to boot into sxce 76.
i'm curious as to whether i will hit this problem again during creation of the 77 iso using SUNWzsh when i'm actually running 76!
Intel vs PPC differences for Leopard
For those of us lucky enuff to run Leopard, we all know what great new features have been introduced.
However, a difference was spotted by a friend and former colleague of mine in the behavior of the /bin/ps utility.
Read his rants and findings
Here
iPhone a piece of shit ? Part 2
Well, first after being really amused by the initial article in Part 1 i found this little gem of an
Article.
This seems like some serious exploit in the Safari webbrowser code.
Luckily tho Apple has been notified of the exploit and according to the article a proposed fix with full public disclosure is coming at the BlackHat conference on August 2nd.
yours truly is eagerly awaiting the software update for Mac OS X too should the same exploit also affect Safari on OS X ;)
i'll switch to using Firefox for the time being again.
Can you say eek!
iPhone a piece of shit ?
I know, it's been a while since my last post ;)
I just read such a hilarious article via my friends from
Digg i just couldn't withhold to share with you guys.
I really cracked myself up reading this one, i was actually crying from laughter.
You be the judge, hop over to
the article and see for yurself.
Sun LU (LiveUpgrade) koolness
I recently started playing with LiveUpgrade since i wanted at least 2 boot environments residing on a single-disk system which i could easily boot from so it was time for a little HowTo :)
This HowTo describes the process to create a 2nd
BE (Boot Environment) using the
LU (LiveUpgrade) suite of tools on a single-disk system and to use that 2nd BE to upgrade to a later nevada build to boot from.
Note: We initially install snv_52 and create the 2nd BE with the goal to luupgrade
(1M) that 2nd BE to snv_53.
First when creating your system, reserve some diskspace for a slice to actually ho
ld the 2nd BE (this slice needs to be equal or bigger in size than the root slice of the install you're about to commit to).
I tend to create the following disk scheme during the initial install of the 1st BE:
c1d0s0 / 15g
c1d0s1 swap 2g
All the remaining disk space can then be later allocated via format
(1M)So once you're done with the whole installation process and have a running nevada instance it's time to prepare the 2nd BE.
We run format
(1M) and create a 15g slice to house the 2nd BE on slice 7 (c1d0s7) and label the disk.
Now that we've got this slice we can use this as the destination slice for lucreate
(1M) the 2nd BE into.
snv_52 comes with the SUNWlu packages installed (5 in total) but when upgrading to a later nevada build it's always advised to use the SUNWlu packages from the build you're upgrading to since they tend to be a bit more recent!
So first pkgrm
(1M) the following packages:
# pkgrm SUNWlucfg SUNWlur SUNWluu SUNWluxop SUNWluzone
I downloaded the snv_53 x86 ISO and mounted it via lofiadm
(1M) as so:
# lofiadm -a /path/to/sol-nv-b53-x86-dvd.iso /dev/lofi/1
# mount -F hsfs -o ro /dev/lofi/1 /mnt
Now that the nevada image is mounted on /mnt it's time to install the newer versions of the SUNWlu packages.
# pkgadd -d /mnt/Solaris_11/Product/ SUNWlur SUNWluu SUNWlucfg SUNWluxop SUNWluzone
Now comes the part where you lucreate
(1M) your current BE to the new BE.
# lucreate -c snv_current -m /:/dev/dsk/c1d0s7:ufs -n snv_53
This populates the c1d0s7 slice by copying the current contents of the active BE onto this new slice.
Once this process has successfully ended, verify thru lustatus
(1M) whether the new BE has been created.
# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
-------------------------- -------- ------ --------- ------ ----------
snv_current yes yes yes no -
snv_53 yes no no yes -
Next we upgrade the newly created BE (snv_53 which still holds a snv_52 image) to the snv_53 nevada build:
# luupgrade -u -n snv_53 -s /mnt/
Again we wait for this process to finish so we can luactivate
(1M) this BE.
If everything went smoothly no warnings/errors should've been mentioned.
The kool thing about using the lu tools in this manner is that parts of the initial BE are shared into the new BE so user accounts and their home directories will simply be available when switching to the new BE !
# luactivate snv_53
No tinkering with grub
(5)'s bootfile is required by using bootadm
(1M).
Luactivate
(1M) takes care of populating grub
(5)'s menu with the appropriate entries and making the snv_53 BE the default boot choice.
Now the only thing left to do is to either shutdown
(1M) or init
(1M) to boot into the new BE.
Note:
DO NOT use reboot
(1M) or the new BE will not be booted from !!
That's it, we now have 2 BE's on the same disk which we can boot from.
Reverting back to the snv_52 build is as simple as running luactivate
(M) passing the old BE as its argument and rebooting again via shutdown
(1M) or init
(1M).
# luactivate snv_current
Should the luupgrade
(1M) leave you with an unbootable system the following sequence of events will revert your system back to the initial BE:
- boot from dvd and bring the system to single user
# mount -F ufs /dev/dsk/c1d0s0 /mnt
- luactivate (without args)
- exit single user and reboot (use shutdown
(1M) or init
(1M))
w00t!
PCA: The future of Solaris patching ??
Here is another post about patching Sun Solaris systems.
Even though I personally think that the features provided by smpatch
(1M) are an improvement compared to the previous patch utilities like patchdiag, patchcheck and patchpro there's always room for improvement.
So i started snooping around to find a utility called PCA which stands for Patch Check Advanced.
PCA is only 2 files, a small perl script (around 1500 lines of code) and a manpage.
Here's a quote from the pca author's website to give you an impression about pca's design:
"A lot of care is taken to guarantee that pca doesn't omit patches which might apply to a system. This is the most important design principle. I'm manually checking that it's fulfilled on a daily basis".
You can run pca without root privileges to see which patches can be applied to your system.
When being run without any arguments, pca produces a nice and clean overview of the required patches (after having analyzed the dependencies) which are applicable for your system and it shows this overview in the correct order of installation.
PCA makes it real easy to list the contents of a patch's README file as well which i find to be tremendously usefull.
I could sum up all the options pca is currently offering but a link to the
PCA website is much more appropriate :)
I've been using pca for about a week now so i'm aware that's not a really long time but what i've seen so far, i'm already impressed by pca's capabilities.
Enabling the Solaris 10 IP packet filter (IP Filter) HowTo
Okay, here a little post to stay on the security topic :)
How does one enable the supplied packet filter within the Solaris 10 OS to secure ones system?
Note: in my case, i already setup the actual filtering policy by populating /etc/ipf/ipf.conf.
Well here we go:
You start by reading either ipf
(1M) or ipfilter
(5) which clearly states you need to edit /etc/ipf/pfil.ap to include the names of the network interface(s) to be filtered.
My system uses a Broadcom Gigabit Ethernet controller using the bge
(7D) driver.
So uncomment the bge line in the pfil.ap file and write the change to that file.
Then you need to configure the network interface so it makes use of the network/pfil service.
You can accomplish this by rebooting the system (this clearly is the easiest way).
Once you've rebooted your system you can verify via ifconfig
(1M) if the pfil module has been inserted to the ethernet controller.
# ifconfig bge0 modlist
0 arp
1 ip
2 pfil
3 bge
So you can see that the pfil module has been successfully inserted at position 2.
After the reboot you only have to enable the network/ipfilter service instance via svcadm
(1M) to end up with a working packet filter.
For those who wonder why you only need to enable the network/ipfilter service instance and not also the network/pfil service instance is 'cuz the network/pfil service instance is actually a dependency for the network/ipfilter instance and thus will be enabled automagically thanks to the great smf
(5) implementation into the Solaris 10 OS !
# svcs -d network/ipfilter
STATE STIME FMRI
online 11:42:34 svc:/network/pfil:default
online 11:42:42 svc:/system/filesystem/usr:default
online 11:42:45 svc:/network/physical:default
online 11:42:46 svc:/system/identity:node
But ipf
(1M) clearly states that you can also restart/enable the network/pfil service instance via svcadm
(1M) and then enable the network/ipfilter service instance.
Then unplumb and plumb the network interface and manually enable ipf.
That way you don't have to reboot your system.
If you have the Solaris IP Filter up and running you can use ipfstat
(1M) to list your active ruleset by issueing the following command(s):
# ipfstat -ihn (dislays the inbound list)
# ipfstat -ohn (displays the outbound list)
As always, please do read the supplied manpages as they are valuable information for getting things working ;)
Changing user-level attributes with Solaris 10 security policy
A colleague at work told me that he changed the CRYPT_DEFAULT in policy.conf
(4) on his nevada box to md5 (the Sun implementation of md5).
I actually forgot to change the default unix crypt for generating the password for my user login when i installed my Solaris 10 1/05 system a long time ago so it was about time I changed this myself into something a little more secure wouldn't you say? ;)
The only thing that's required if you want to change the salt via crypt_gensalt
(3C) to generate a new crypted password for your account is to change the CRYPT_DEFAULT setting in policy.conf
(4) from the default __unix__ value to either:
1 (will use the BSD/Linux md5 algo)
2a (will use the BSD Blowfish algo)
md5 (will use Sun's md5 algo)
My personal favorite has always been the blowfish algo so i'm sticking with it.
Once you've changed the value of the CRYPT_DEFAULT key in /etc/security/policy.conf and have written the file, the only thing left to do is setting a new password on your account via passwd
(1) and you're done!
To verify whether the crypt change worked is to take a look at the line in /etc/shadow for your user account and see whether the password column has changed (actually logging into the box again would be a good method too ;) )
w00t, that simple :)
Solaris 10 6/06 and ZFS behavior
I'm running the official Solaris 10 6/06 (aka Update 2) release on an x86 laptop.
This release comes with ZFS version 2 and I decided to try it out a bit.
Having played with ZFS before running on various builds of Solaris Express Community Release (SX:CR for short) i was interested to give ZFS on a Solaris 10 release a spin.
I got to this 6/06 install via an upgrade from the Update 1 release (which didn't come with ZFS) and thus the filesystem with its slices was already laid out.
So i had no more room for a couple of slices to create a ZFS storage pool from (let alone having a second drive).
Well, no biggy 'cuz ZFS also lets you experiment by creating a pool from files (for experimental purposes according to ZFS(
1M)).
So I created 2 1 gigabyte files thru mkfile(
1M) within my homedirectory handled by the automounter.
Once the files were created, i created a storage pool out of them.
Commands used:
# zpool create zstorage /home/marcovl/zstor1 /home/marcovl/zstor2 (zpool requires absolute pathnames to the location of the files to be used)
# zfs create zstorage/stuff
# zfs set mountpoint=/export/stuff zstorage/stuff
Well, all was well, i got a storage pool of 2 gigs mounted on /zstorage and a zfs filesystem called zstorage/stuff mounted on /export/stuff.
I hadn't run the smpatch utility for a while and there were some patches to be applied so i decided to patch the system.
After the smpatch process was finished i had to reboot the system for some patches to be applied cleanly.
Then came the surprise: my freshly created ZFS storage pool wasn't automounted by default after system reboot (the pool did still exist however so i was curious as to what caused the storage pool not to be mounted after reboot).
The trick is that you can't put the backing store for a ZFS pool in an automounted directory and have it come up at boot time 'cuz the automounter doesn't start until after the "zfs mount" runs.
My investigation didn't take that long (actually i found this cause reasonably quickly by using the svcs(
1) utility).
In other words, create the 2 files for the storage pool anywhere but under /home and you'll be fine.
NLOSUG has arrived
Yesterday I got an invite via email from Sun Microsystems in The Netherlands to attend the first NLOSUG meeting at their HQ in Amersfoort.
Much of the following text is taken from the invite email I got from Sun.
The meeting will take place Thursday the 26th of October and Solaris users, enthusiasts, experts, novices are all welcome.
Casper Dik, the resident guru and CAB member will introduce OpenSolaris and be present for questions.
Darren Moffat, described in the email as guest guru, will also attend to speak on the OpenSolaris development in general and on the 'encryption for ZFS' project.
A small install fest will be conducted too.
All attendees will get a tshirt and a starter kit.
Did I say w00t already? :)
EVETV - Sport for Nerds
Yesterday evening i downloaded another EVE movie on
EVE Files.com.
it was a competition between 2 EVE corps.
great in-depth commentary is provided by 2 commentators during the battle, which is really great.
the funny thing is that today i read an /. article about EVETV which actually shows an online coverage schedule when the matches can be followed freely by the audience.
who needs sports on the telly when you can tune into
EVETV.
did i say w00t already? ;)
EVE on my birthday
July 10 was my birthday.
Rebecca (my wife) invited some friends over at our house for a little get together and bbq.
the birthday party was the 1st surprise for me.
then after the bbq was about over, she started to bring out some presents.
that too was a surprise but the surprise only became bigger when the presents turned out to be EVE Online goodies :)
i got:
. an EVE shirt, black
. an EVE 100 day prepaid Game Time Card
. an EVE coffee cup, black when cold, but when you pour a hot beverage into it, it reveils a beautiful EVE backdrop ... very kool :)
and saving the best for last: a 70x50cm EVE poster.
beautiful EVE goodies, thanks to becca and my friends for getting me such kool goodies.
w00t
FreeBSD on Sun's UltraSPARC T1
w00t, the -HEAD branch of FreeBSD (a.k.a FreeBSD 7.0-CURRENT) runs on Sun's UltraSPARC T1 processor systems :)
to get a feel what kind of an achievement this is: the UltraSPARC T1 systems is in essence a 32 cpu system so this is massive SMP'ing.
so when one talks about scaling, i'd say the FreeBSD Release Engineering team has done a wonderful job getting their development branch to run on Sun's T1 platform.
here's a
link to the dmesg of the particular system.
EVE Online addict #2
I know it's been quite some time since my last post but as the title of this post points out, i've been rather busy playing EVE :)
since then i've joined a corporation and have taken part in 2 wars.
a lot of buzz is taking place on the official EVE forum about the improved gfx engine (hopefully soon to be released).
to illustrate, here are some pix comparing a Megathron battleship rendered via the old and new/improved engine.
you decide for yourself which style you like best:
EVE Online addict
A colleague at work introduced me to the massive multiplayer online game (MMOG) 'EVE Online'.
EVE is a sci-fi based game in which the player takes the role of a spaceship pilot, seeking fame, fortune and adventure.
the game itself won't cost you anything (a 500meg M$ windows download executable) and you can apply for a 14 day trial account to see if the game is for you.
if it is, you can even apply for a 20 day extension of your trial account, but AFAIK after that period, it's game over.
i haven't looked at the pricing of registering an account, but hopefully that's not too steep.
my experiences so farthe game contains over 5000 different solar systems so the galaxy you can explore is utterly
massive.
you start by creating a character (choosing from 4 races) after which you'll start inside a space station of some kind.
you're wise to take part of the tutorial (even though that will take you a couple of hours) because lots of helpful tips will be revealed.
the game world speaks of "persistent worlds" meaning the world will keep evolving even when you have gone offline (just like the real world when you take a nap).
to become better at certain skills, you need to first train these skills.
the training occurs in real time, so you choose a skill you want to bring to the next level simply by clicking a mouse button.
after the training process has initiated, you can simply log off and the training process will continue in real time until the required time has elapsed and the chosen skill has reached the next level.
this training of skill is prolly the most important feature of the game: you need to keep evolving all the time to be able to pilot certain space ships for example.
this MMOG is one truly brilliant thing, and the sci-fi bit makes it even a better experience for me.
check EVE out at
EVE Onlinethe site contains a huge fan submitted screenshots section.
speaking of screenshots: here are a couple of mine (taken during the tutorial):
w00t :)
![[OpenSolaris love at first boot]](http://lordsith.net/blog/uploaded_images/love1st_os_blk_180.gif)
![[OpenSolaris: Innovation happens everywhere]](http://lordsith.net/blog/uploaded_images/bnr_OpenSolaris_125x125-a-722732.gif)
![[EVE Online]](http://lordsith.net/blog/uploaded_images/88x31_02.gif){kind=small}
![[Second Life]](http://lordsith.net/images/secondlife.jpg)