Tuesday Jan 25, 2011
Tuesday Jan 18, 2011
Tuesday Nov 02, 2010
By danmcd on Nov 02, 2010
Thursday Aug 19, 2010
By danmcd on Aug 19, 2010
Sunday Feb 07, 2010
By danmcd on Feb 07, 2010
Hello you half-dozen readers!
Recently I reinstalled my home server to OpenSolaris, build 130. I used zfs send and zfs recv to recover my relevant bits of data. I also constructed new zones, this time using ipkg zones.
Using ipkg zones takes a bit of acclimation. The biggest thing to note is that if you need a specific software package, you have to use pkg install in the zone you wish to have the software. For example, I have three zones:
- The Global, internal-only, server zone - My global zone spends most of its time without a default route, serving NFSv4 and anything else I can think of only to my local LAN. If I need a new service, I temporarily add a global route, and pkg install away.
- The Webserver zone - Just like it says. I needed Apache here, and had to pkg install Apache here.
- The Router/NAT/IPsec-remote-access/Firewall zone - If you're going to put potential targets on the Internet, why put the global zone there? Especially with Crossbow VNICs and IP Instances!
I posed this problem to email@example.com. Right now, pkg image-update won't upgrade the non-global zones. Worse still, I need to upgrade a zone that's also acting as my NAT and router. Luckily for me, Ed Pilatowicz gave me some good advice:So I took Ed at his word.
Even if you have an ultra-paranoid global zone, you need to get it talking to an IPS repository. Either temporarily add an off-link route like I do, or have a local repository handy. Proceed and pkg image-update your global zone. Make sure you use --be-name to pick a BE name that you'll remember.
Next, you literally beadm mount new-be-name /mnt and for each zone root directory (while still able to reach the repository from your global zone) do pkg -R zone-root-path image-update. For my own example, I did:
- pkg image-update --be-name 132
- beadm mount 132 /mnt
- pkg -R /mnt/export/home/webserver/root image-update
- pkg -R /mnt/export/home/router/root image-update
- beadm umount 132
This worked quite well for me moving up from 130 to 132. Just make sure your global zone can reach the repository, and you should be golden.
Wednesday Jan 27, 2010
By danmcd on Jan 27, 2010
In all honesty, I'm glad this regulatory dance is over. We've all been having a little itch in our brains about this. Even if any of us have had real work to do, we've been at least a little distracted by by this whole acquisition uncertainty.
Well, we're finally part of Oracle now, and I think that's pretty cool. Larry E. wants to butt heads with IBM and HP directly, and quite honestly, we at Sun have been doing that on-and-off for at least my not-quite-14-years here. Now that this uncertainty has been removed, we can at least narrow the uncertainty to any internal-to-Oracle decisions, which given certain statements both in the past and yesterday seem pretty encouraging, at least from my engineering perspective.
Wednesday Jan 20, 2010
By danmcd on Jan 20, 2010
My wife is the "cookie mom" for our twin girls who are in Daisy Scouts. She was very surprised when she logged in to the regional Girl Scouts cookie site (URL withheld in case any rabid fanboys do something stupid), and discovered that apparently, she needs to use Windows and Internet Explorer.
Their user documentation says: "We do not provide Mac support," and "Use any (non-Mac) computer at home or at work or at the local library." Does this mean they support OpenSolaris, Linux, or \*BSD? Naaah, didn't think so.
We're a no-Windows household. We have three Macs, one work-issued OpenSolaris laptop, and a homebuilt OpenSolaris server. Especially in this age of people understanding vendor lock-in as a Bad Idea (TM), I'm shocked and appalled.
I'm going to forward this to a few Mac sites, and maybe slashdot. I'm sure nothing's going to change, but at least this should be discussed a bit, no?
Tuesday Jan 05, 2010
Wednesday Dec 02, 2009
By danmcd on Dec 02, 2009
Glenn Brunette asked me if OpenSolaris could access the Amazon Virtual Private Cloud or not. I told him it had better, or else there was a bug. He then did some scripting work, got some BGP help from Sowmini, and consulted Sebastien on some tunneling details. It's now up, running, and in a nice package, ready to use.
Monday Nov 30, 2009
Monday Nov 23, 2009
By danmcd on Nov 23, 2009
Let me quote BBN's Craig Partridge on the Internet Research Task Force's end2end-interest mailing list:
Dear Friends and Colleagues: After 26 years, the End-to-End Research Group has decided to cease existence as of January 1st, 2010. While there is certainly still end-to-end research to be done, the group had ceased to effectively serve as a forum for those discussions. The E2E group had a great run, serving as a place where many researchers could bring their ideas for initial, informal, airing. The meetings could be bruising. (At one meeting, a member tried to encourage a speaker by saying "We're all friends here" only to pause and say, "No, I'm sorry, actually we eat our young, but proceed anyway"). But the meetings usually also brought insights. Ideas that were tested in E2E meetings include slow start and improved round-trip time estimation, Random Early Drop, Integrated and Differentiated Services, Weighted Fair Queuing, PAWS, and Transaction TCP.
When I learned about the group (and their enlightening e-mail list), my networking professor described it as covering, "End to end, and everything in between..." Now you half-dozen readers know the exact origin of this blog's name.
Luckily, the mailing alias will still be around. Still, the cliche, "End of an era," really applies here. It's yet another sign of the Internet's maturity, and that the really new places for research are probably somewhere not a lot of people are examining.
Anyone else have something to say about the End-to-End Research Group going away?
Sunday Jul 12, 2009
Thursday Jun 18, 2009
By danmcd on Jun 18, 2009
Friday May 29, 2009
Monday Mar 09, 2009
By danmcd on Mar 09, 2009
I'm so furious, I can't even begin to describe it. Did I miss fine-print on their page saying they'd do something this stupid?
UPDATE: They also store your password in the clear on-disk. Check out ~/.gconf/apps/ekiga/protocols/%gconf.xml if you wanna see it in all of its cleartext glory!
- A final suggested read
- I'm leaving, and switching gears for a bit
- MAC-then-encrypt - also harmful, also hard to do in Solaris
- Thinking about the Birthday Problem on my Birthday, as it applies to my Birthday Present
- Do a "pkg image-update" with multiple zones!!!
- I, for one, welcome our new database-selling overlords.
- Wanna help your Girl Scouts? Not unless you have Windows. :-P
- IKEv2 project page updated
- OpenSolaris works out of the box with Amazon Virtual Private Cloud
- IKEv2 project now on OpenSolaris
Other Solaris Developers
No bookmarks in folder