Wednesday Feb 06, 2008

Israel Web Tour 2008 & בלוג רישון בעיברית

Sun Microsystems was a sponsor of the Israel Web Tour -representatives from 15 select Web 2.0 Israeli startups visiting Silicon Valley. Representatives from the startups visited the Sun Menlo Park campus, on Tuesday February 5th, where Juan Carlos Soto briefed them in the Sun Executive Business Center.
I was fortunate to get a ticket to the showcase which took place at Microsoft on Wednesday the 6th of February. Each of the 15 companies had five minutes to pitch their company's concept.
I was intrigued by:
1.5min    - user submitted content of “how to” guides.
2.AllofMe – you basically add photos and videos of yourself and your family and make an online movie of your life, relatives etc. What's neat is you can zoom in or out to view a snapshot of your life on a day or even over a century.
3.BlogTv – blogging via video. The IsraelWebTour showcase at Microsoft was broadcast via BlogTv.
4.Clicktale & nuConomy – web analytics beyond page views. In particular, Clicktale can make a video of a customer's entire interaction on your webpage. Thus for example, you can see why a customer completed half the shopping cart form and then discarded the transaction.  nuConomy will deliver reports on all customer interactions on your website.
5.Pageonce – an aggregation tool for all your finances, email, airline miles etc. It will also alert you, for example when a payment is due, when you are about to reach your maximum free cellular minutes or  when airline miles will expire.
6.Ply – a platform for video. They demo'd a cute video clip of the movie “When Harry met Sally” and the user can mouse over Sally and a little pop up window will display a brief bio of Meg Ryan.
7.Velingo (used to be Tagsense) – web search enhanced by tag words. Try it here: When I tried a search on Sun Microsystems, I got this: There is a firefox extension but for Windows only <sigh>

Now will have a go at blogging in Hebrew, painstakingly slow one letter at a time, as  I cannot touch-type in Hebrew

                                                                               סן מיפרו חברה טחנולוגי באמק הסיליקון נתמה חסות ל15 חברות ווב 2.0 לבקר אמק הסיליקון.

הם פגשו עים משקיעות וחברות.

נהנתי ליפגוש ישראלים וללמוד קצת ווב 2.0 תחנולוגים

Wednesday Jan 30, 2008

OpenID & Yahoo

Yahoo have released an OpenID Provider Service
Read all about it!

Tuesday Jan 22, 2008

Sun Java Directory Server 6.2 corruption and recovery...

This has not been classified as a Sun Directory Server error, rather it led to a method of recovery that I would like to share.

I was working on a pair of Sun Directory Servers (version 6.2) recently, with a custom plugin. The servers would only start with a very peculiar error logged every second in the error log (anyone know what this means?)

[18/Jan/2008:18:49:15 +0000] - INFORMATION - conn=-1 op=-1 msgId=-1 - allow_operation: component identity is NULL

After a day of researching the error proved futile, we decided to rebuild from scratch. Fortunately the data appeared intact, though there were replication errors galore! Secondly, the partner master server logged the same error every second so that server also needed to be rebuilt.

I followed the following steps. Note that this was a pair of Sun Directory Servers (version 6.2) with only a few thousand objects (development and QA environment). The steps below may not be optimal for many replicated servers containing hundreds of thousands or millions of users.

  • Export the old instance to LDIF

  • Create a new instance

  • Copy the certificates and schema from the old instance to the new

  • Import the LDIF file

  • Enable replication


Assumptions

  1. Sun Java Directory Server 6.2

  2. Solaris 10

  3. PKG version of Directory Server.(location of commands differs for the ZIP version)

  4. The hostname & IP address of the new and faulty Directory instances are the same

  5. Two servers in MMR (multi-master replication)

  6. Custom schema in 99user.ldif


Perform the following.................


First Solaris host

1. Shutdown the faulty Directory Server

/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1


2.Export the data without replication information

/opt/SUNWdsee/ds6/bin/dsadm export -Q /var/opt/SUNWdsee/dsins1 dc=company,dc=com /export/home/CleanExport.ldif


3. Create a new instance on port 389 since the faulty instance is not running

/opt/SUNWdsee/ds6/bin/dsadm create /var/opt/SUNWdsee/dsins2


4. Copy custom schema from the faulty directory server to the new instance

(a) backup the new 99user.ldif

cp /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP


(b) copy the schema

cp /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif /var/opt/SUNWdsee/dsins1/config/schema/


5. Start the new instance

/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2


6. Create the suffix

/opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=company,dc=com


7. Import the data into the new instance

/opt/SUNWdsee/ds6/bin/dsadm import /var/opt/SUNWdsee/dsins2 /export/home/CleanExport.ldif dc=company,dc=com


8. Enable replication on the new instance

/opt/SUNWdsee/ds6/bin/dsconf enable-repl /var/opt/SUNWdsee/dsins2 -d 40404 master dc=company,dc=com


Second Solaris host

1. Shutdown the faulty Directory Server

/opt/SUNWdsee/ds6/bin/dsadm stop /var/opt/SUNWdsee/dsins1


2.Create a new instance on port 389 since the faulty instance is not running

/opt/SUNWdsee/ds6/bin/dsadm create /var/opt/SUNWdsee/dsins2


3. Copy custom schema from the faulty directory server to the new instance

(a) backup the new 99user.ldif

cp /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif /var/opt/SUNWdsee/dsins2/config/schema/99user.ldif.BACKUP


(b) copy the schema

cp /var/opt/SUNWdsee/dsins1/config/schema/99user.ldif /var/opt/SUNWdsee/dsins1/config/schema/


4. Create the suffix

/opt/SUNWdsee/ds6/bin/dsconf create-suffix dc=company,dc=com


5. Start the new instance

/opt/SUNWdsee/ds6/bin/dsadm start /var/opt/SUNWdsee/dsins2


6. Enable replication on the new instance

/opt/SUNWdsee/ds6/bin/dsconf enable-repl /var/opt/SUNWdsee/dsins2 -d 50505 master dc=company,dc=com


First Solaris host


1.Create replication agreement from host 1 to host 2

/opt/SUNWdsee/ds6/bin/dsconf create-repl-agmt dc=company,dc=com secondhost:389


2.Initialize the second Directory Server with data from the first Directory Server

/opt/SUNWdsee/ds6/bin/dsconf init-repl-dest dc=company,dc=com secondhost:389



Technorati Tags:

Monday Jan 14, 2008

Humbled by those who have less, much less.

Although it has been 20+ years since I finished high school, The English poetry I learnt, still resonates with me and I can recall phrases and lines to this day. William Wordsworth wrote a sonnet that I shall reproduce here, since it is, of course, only 14 lines.

The world is too much with us; late and soon,
Getting and spending, we lay waste our powers;
Little we see in Nature that is ours;
We have given our hearts away, a sordid boon!
This Sea that bares her bosom to the moon,
The winds that will be howling at all hours,
And are up-gathered now like sleeping flowers,
For this, for everything, we are out of tune;
It moves us not.--Great God! I'd rather be
A Pagan
suckled in a creed outworn; (1)
So might I, standing on this pleasant
lea, (2)
Have glimpses that would make me less forlorn;
Have sight of
Proteus (3) rising from the sea;
Or hear old
Triton (4) blow his wreathed horn.

(1) Brought up in an outdated religion.
(2) Meadow.
(3) Greek sea god capable of taking many shapes.
(4) Another sea god, often depicted as trumpeting on a shell.

For two years our family was very fortunate to have the services of a live-in nanny who began her employment with us a year after our son was born. A rather simple woman, almost illiterate, and not conversant in English, I recall that when our daughter started grade one and began to learn reading and writing, our nanny used some of her free time to study English reading and writing as well. I remarked to myself that a 60 and 6 year old were learning to read and write English for the first time. Our nanny grew very fond of our younger son and loved him as if he were the son she could not bear (her husband divorced her in their youth as they were unable to conceive). Upon recent a visit to her home country, she phoned us with the most unfortunate news that she was not returning to America as she had been diagnosed with breast cancer.

With no dependents of her own, our nanny worked to save for her and her sisters' retirement. Her sole possessions accompanied her in one suitcase when she went home a few weeks ago. Thus when she called to inform us of her condition, we offered to send her few remaining possessions to her but she refused and suggested we give them away.

As I cleaned her room I found notes she had taken in her English language classes. In the notebook, among other sentences, was written:

“I love children.”

“I love to cook for the children.”

I was moved to tears. Here we live in one of the most sought after areas in the world. Our children attend magnificent schools and not deprived of toys nor clothing nor extra-curricular activities. And a woman who at age 60 is learning English for the first time, writes of her love for children that she could not bear herself. Those of us consumed by the rat-race and materialism that American consumerism thrusts upon us, as Wordsworth wrote, should stop and smell the flowers.....




Technorati Tags:

Tuesday Jan 08, 2008

a useful link - searching all libraries

I am a member at two public libraries and occasionally use university libraries too.

I found this link that will search for a book across multiple public and university libraries.

The website lists libraries near you, so I am guessing it does a reverse DNS lookup and then determines your location?

Search any library

Monday Jan 07, 2008

Patches required to enable Solaris servers and workstations to migrate to native-ldap clients


Notes:

  1. The tables below list patches required to allow Solaris SPARC servers and workstations to migrate to native-ldap clients. (The equivalent x86 patch is available on the download links below).

  2. The patch column contains a number which references the patch to install. The number is hyperlinked to http://sunsolve.sun.com to enable patch downloads. The links are current as of January 8th, 2008.

  3. IMPORTANT: Solaris patches are revised and replaced by newer patches. The links in the patch column to download the patch, may not resolve the latest patch available. Please read the patch notes carefully, be aware of obsoleted patches and download the newer patch.


Solaris 10 patches

Install SUNWnisu package from the Solaris 10 DVD, before installing patches


Order

Patch

Prerequisite patch

1

119213 (NSS patch)

n/a

2

119042

n/a

3

119963

n/a

4

119574

n/a

5

119578

n/a

6

126419

n/a

7

118918

n/a

8

120900

n/a

9

125547

n/a

10

125378

n/a

11

121133

120900

12

126538

119042

13

119254

121133

14

118833

118918

119042

119578

119254

15

120272

119042

126538

118833

16

126897

119578

17

122640

118833

18

125503

118833

118918

119042

119574

119578

120272

120900

121133

126538

122640

126897

19

125369

118833

119578

126897

20

120011

119574

126538

122640

125369

125503

125547

126419

126897



Solaris 9 patches


Order

Patch

Prerequisite patch

1

119211 (NSS patch)

n/a

2

112233

n/a

3

112874

112233

4

112960

112874

Solaris 8 patches


Order

Patch

Prerequisite patch

1

119209 (NSS patch)

n/a

2

111310

n/a

3

111111

n/a

4

112936

n/a

5

116602

n/a

6

115827

n/a

7

113648

n/a

8

111317

n/a

9

111023

n/a

10

110386

n/a

11

108987

112936

12

108528

108987

111111

111310

13

108989

108528

14

128624

108528

108989

110386

111023

111317

113648

115827

116602

15

108993

108528

108989

110386

111023

111317

113648

115827

116602





Monday Dec 10, 2007

Shibboleth

Shibboleth is a standard for federated Single-SignOn.
It is also a new art exhibit at the Tate gallery in London, consisting of a crack in the floor....
Perhaps OpenId would be a more appropriate name

Tuesday Nov 13, 2007

Enterprise Role Management to be part of the Sun Identity stack

Sun has entered into an agreement to acquire VAAU a premier provider of Enterprise Role Management software.

Here is the press release

What is role management?

A role represents access rights to resources or data, that often corresponds to a business function. Example a tax manager has the rights to view financial data.

How do roles gel with Identity Management and Sun Identity Manager in particular?

If you have worked with Sun Identity Manager, you will have a assigned a role to a resource and then a user to that role to grant the user access to the resource.

Role management software simplifies that process especially in a large deployment with hundreds of applications and thousands of roles. Often roles usurp users in their quantity - more roles than users!

With good role management, security policies can be easier to manage and enforce, example ensuring users only have the roles they are entitled to, to perform their job.

Read more at VAAU's website

Sunday Nov 11, 2007

Sun Directory Server 6.2 upgrade process



This blog entry outlines the process of upgrading the Sun Directory Server from version 6.0 to version 6.2


Assumptions

This procedure assumes the following:

  1. The operating system is Solaris SPARC.

  2. The PKG version of Directory Server 6.0 has been installed.

  3. The DCC is deployed in the Sun Java Web Console (not as a .war file in a J2EE container).

  4. The services are managed in SMF.

  5. The patches are downloaded to a directory “RequiredPatches”. Note: installation of the first patch requires a reboot, therefore do NOT download the patches to /tmp or /var/tmp (some systems) otherwise the files will be lost after the reboot.

  6. The installation paths are as follows:



Software

Instances

DSCC

Cacao

WebConsole

/opt/SUNWdsee

/var/opt/SUNWdsee/dsins1

/var/opt/SUNWdsee/dscc/ads

/var/cacao

/usr/share/webconsole


Patches required before upgrade

Inventory the patches on each server and establish what versions exist.

To inventory the patches, execute ‘showrev –p | grep “Patch: <patchnumber>”’

Example:

# showrev -p | grep "Patch: 119963"

Patch: 119963-05 Obsoletes: Requires: Incompatibles: Packages: SUNWlibC

Patch: 119963-08 Obsoletes: Requires: Incompatibles: Packages: SUNWlibC

#


The list of patches is in column one and is hyperlinked to enable download of the patch from sunsolve.sun.com


Patch to install

118833-36

119963-08

119254-44

125378-02

119810-04

119345-05

119044-03

123893-04

125937-05


Patches required to perform 6.2 upgrade



125276-05



Verify current version installed


Execute LDAPSEARCH to display the current version, substituting <PASSWORD> for the Directory Manager password.


# ldapsearch -h localhost -b cn=config -D "cn=directory manager" -w <PASSWORD> objectclass=nsslapdConfig nsslapd-versionstring

version: 1

dn: cn=config

nsslapd-versionstring: Sun-Java(tm)-System-Directory/6.0


Begin the upgrade process


Stop the processes


Disable DCC Directory server

# svcadm disable svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads


Disable LDAP instance

# svcadm disable svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1


Disable CACAO

#svcadm disable svc:/application/management/common-agent-container-1:default


Disable Java Web Console

#svcadm disable svc:/application/management/wbem:default

#svcadm disable svc:/system/webconsole:console


Installation of patches


Before installing patch 118836 a workaround for a small defect is required.

(see note here)


Workaround

#mkdir /var/tmp/118833-36.SUNWcslr


Click each of the following to view the output of the above patch installations



118833-36.txt see above workaround. Also, reboot after installing this patch.

119044-03.txt

119254-44.txt

119810-04.txt

123893-04.txt

125378-02.txt

125937-05.txt

Upgrade to Directory Server 6.2

Install patch 125276-05.txt


Restart Directory and Console services


Start cacaoagent

#svcadm enable svc:/application/management/common-agent-container-1:default


Start DCC

# svcadm enable svc:/application/sun/ds:ds--var-opt-SUNWdsee-dscc6-dcc-ads


Start LDAP instance

# svcadm enable svc:/application/sun/ds:ds--var-opt-SUNWdsee-dsins1


Start Java Web Console

#svcadm enable svc:/application/management/wbem:default

#svcadm enable svc:/system/webconsole:console



Verify that server was upgraded

Execute LDAPSEARCH to display the current version, substituting <PASSWORD> for the Directory Manager password.


#ldapsearch -h localhost -b cn=config -D "cn=directory manager" -w <PASSWORD> objectclass=nsslapdConfig nsslapd-versionstring

version: 1

dn: cn=config

nsslapd-versionstring: Sun-Java(tm)-System-Directory/6.2


View the Directory Server documentation here

Article published in the ISSA journal

I published an article titled "Trends in Identity and Access Management" in the November edition of ISSA.
ISSA is a prestigious international information systems security asssociation. Thanks to Glenn and Joel for their encouragement.

If you would like a copy of my article, I encourage you to become an ISSA member .

Alternatively, here is a copy of my article in PDF.




Life with two kids :)

Most days my kids are the sweet, kind and cute.

Occasionally I get home from work to this:


Sunday Oct 14, 2007

Finals, here we come

The Springboks played a great game against Argentina and will meet England in the finals.
Ludo, sorry you lost to the "roast beefs", don't worry, we will take care of them for you....!


Thursday Oct 04, 2007

Privacy priorities and Identity

So I had to call my wife's health insurance to get some information on her behalf. The polite lady at the call center answered and asked me some identifying questions first: birth date, last four digits of social security, address etc. Satisfied with the answers she relinquished the information I requested. I guess they answer so many calls per day, it did not occur to her that a male voice was requesting information on someone with a female name. Or it means that anyone who presents the answers to the questions is entitled to the information. I wonder what HIPAA dictates?

A few days later, my wife went to the public library and I asked her to bring home a book that I had reserved. The library refused to allow her to check out a book reserved under my account, using her card. She produced her driver's license showing the same surname and address as the library's computer had for me. No success. However, if she produced my library card, which holds no picture of me, they would have happily checked out the book.

Why is that personal medical information can be released over the phone to anyone who answers four or five identifying questions about an individual, yet a book cannot be checked out unless one produces a library card that bears no visual identification of the bearer on it whatsoever?

Wednesday Oct 03, 2007

Marriage in the Internet age


Wednesday Sep 19, 2007

Telecommuting is so 1990s..

In the age of social networks it is called co-working. If you work remote and get lonely, join or start a co-working group. I just joined the group in Palo Alto and am at the premises right now. A superb idea. Thanks Liz Henry!


About

Jonathan Gershater

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today