Monday Jan 03, 2011

ZFS Encryption for USB sticks on Solaris 11 Express

USB memory sticks are easily lost, so to keep your data safe, it's best to use the new encryption feature of ZFS available since snv_149 (ZFS version 30). Here's how to take advantage of it.
[paulie@adrenaline ~]$ uname -a
SunOS adrenaline 5.11 snv_155 i86pc i386 i86pc Solaris
Get the device id for the USB stick using rmformat.
[paulie@adrenaline ~]$ rmformat
Looking for devices...
     1. Logical Node: /dev/rdsk/c11t0d0p0
        Physical Node: /pci@0,0/pci108e,534a@2/hub@4/storage@1/disk@0,0
        Connected Device: SanDisk  U3 Cruzer Micro  8.02
        Device Type: Removable
	Bus: USB
	Size: 1.9 GB
	Access permissions: Medium is not write protected.
The device id is c11t0d0p0. Using this id, we can make a pool on the device called 'secret'. You can call yours whatever you want.
[paulie@adrenaline ~]# zpool create -O encryption=on secret c11t0d0p0
Enter passphrase for 'secret': 
Enter again: 
Let's create a random 128MB file in the new pool called file.enc.
[paulie@adrenaline ~]# cd /secret; mkfile 128m file.enc
Now, let's make sure it works by exporting and importing the secret pool and hope it asks for a password.
[paulie@adrenaline ~]# zpool export secret
[paulie@adrenaline ~]# zpool import secret
Enter passphrase for 'secret': 
It works as expected. Let's check for the created file.
[paulie@adrenaline ~]# ls /secret
We can also check the encryption of any zfs filesystem by using the following command:
[paulie@adrenaline ~]# zfs get encryption secret
secret  encryption  on           local
For more information visit:

Friday Jun 11, 2010

Flash Player 10.1 RC available for Solaris / OpenSolaris

Adobe Flash Player 10.1 RC is now available as a prerelease. This version does not require the medialib dependency and should work on its own after installation. You can find it at the Adobe Labs site.

$ wget
$ bzip2 -d flashplayer10_1_rc1_solaris_x86_061010.tar.bz2
$ tar xvf flashplayer10_1_rc1_solaris_x86_061010.tar
$ mkdir -p ~/.mozilla/plugins/
$ mv flash_player_solaris_10_1_53_64_x86/ ~/.mozilla/plugins/
$ pfexec mv flash_player_solaris_10_1_53_64_x86/ /usr/lib/firefox/plugins/
$ wget
Follow x86 directions above

Wednesday Jun 09, 2010

"Cannot open device" Error

On occasion if you are trying to fdisk or mount a USB disk on Solaris 10 you may get an error that says "Cannot open device." For example:
# fdisk /dev/rdsk/c2t0d0s2
Cannot open device
Things to check:
  • 1. Make sure you are root or have the correct user privilege
  • 2. Try `devfsadm -Cv` to remove any stale disk entries
  • 3. Stop volume management `svcadm disable volfs`

Wednesday Apr 28, 2010

Packages Renamed in OpenSolaris

If you have been using the package management system in the newest builds of OpenSolaris (b133+), you may have noticed the naming scheme changes that affect new and existing packages. [Full list of changes]

For example, trying to find the usb header file package is a bit trickier. These files, namely usba.h, usbai.h, and usbdevs.h, are not installed into /usr/include/sys/usb in the default installation. To retrieve them, use this command:

$ pfexec pkg install header-usb

In previous version, these files could have been obtained from either SUNWusbu or SUNWsfwhea. The removal of the SUNW prefix is the most apparent name change for the package collection. Now you can get busy building the latest apcupsd version!

Tuesday Feb 09, 2010

Retrieving MAC Address in Solaris using C as a non-root user

I needed to find a way to get the physical (MAC) address using C. From what I could gather from searching, there are two methods for retrieving it: libdlpi and arp. libdlpi is the more elegant solution as it requires a simple call to dlpi_get_physaddr(). This is how ifconfig prints your network interface's MAC address. Unfortunately, libdlpi calls are only permitted as root.

As explained by James Carlson:

The reason it was like this was historical: getting the MAC address in
ifconfig meant opening up the DLPI node and talking to the driver. As
the drivers didn't have discrete privileges for each operation, and
you had to be almighty root to touch them, 'ifconfig' didn't show the
MAC address when not privileged.

The second solution is to use arp. In Solaris you can determine the physical address by looking at the arp tables directly (`arp -a | grep <INTERFACE>` or `netstat -p | grep <INTERFACE>`). With C, this can be done by using the if sockets and arp libraries.

I wrote up a solution called "getmac" using both methods. You can gather it here.

  • Directions
    $ wget
    $ gcc getmac.c -o getmac -lsocket -ldlpi
    $ ./getmac <interface_name>
    arp:	ffffffffffff
    dlpi:	dlpi failure, are you root?
    $ pfexec ./getmac <interface_name>
    arp:	ffffffffffff
    dlpi:	ffffffffffff
Remember to use pfexec for the libdlpi method.

Thursday Jan 21, 2010

OpenSolaris + Fit-PC2 + Mediasonic Pro Box 4 Bay Enclosure

After the failure of the SATA and USB ports on my Intel D945GCL Atom board, I decided to build out a new file server. Sticking to the Atom theme, I decided to go small and get the CompuLab FIT-PC2. This little toy uses the Z530 1.6Ghz CPU that apparently uses only 6 watts of power. I'm assuming that means *without* a hard drive installed.

Measuring in at around 115 x 101 x 27mm (~ 4.5"x4.0"x1.0"), it is only big enough to hold one laptop sized 2.5" SATA drive.

The drive I installed only has 80GB of space. That would run out real quick with my needs, so I decided to get a MediaSonic USB disk enclosure to link up with my server. It can hold up to 4 SATA drives.

The PC sits on top of the enclosure on my bookshelf taking up 8.5" x 5.0" x 6.5" amount of space. This is not only power efficient, but space efficient since I am using 4 x 1TB drives. 4TB total (theoretical), ~2.6TB in a ZFS raidz. If I were to have purchased the 2TB drives, it would be even better.

Doug's blog on the FIT-PC2 gives a good overview on the features of the device and what works. There is no wifi driver and Xorg doesn't work, so you may want to install OpenSolaris on another machine before installing the internal HDD. My server is headless and uses the built-in gigabit ethernet, so I don't care about those issues.

Links and prices Total = $748

Monday Dec 14, 2009

Capture Live Webcam Images and Create Time-Lapse Videos with Linksys WVC54GCA

On occasion I get an e-mail asking me about my live webcam. What model is it? Does it support FTP/SSH? How does it automatically upload to your site? And so on...

Some answers:

Model: Linksys WVC54GCA Wireless G Home Monitoring Camera
FTP/SSH support: Nope

Capturing Live Images

So how do I automate taking pictures with the thing? Well, a hidden feature to the camera is to navigate to the static picture site of the webcam. For my example, I use DNS to map my camera hostname garfunkel to its IP address. You may want to enter whatever IP your camera uses instead of garfunkel.
To grab a picture at any given time, use wget.
wget http://garfunkel/img/snapshot.cgi?size=3\\&quality=1 -O webcam.jpg
If you have a UNIX-based or UNIX-like OS, you can schedule a cron job to grab this image as often as you like. I prefer capturing once every half hour, so I use this template:
\*/30 \* \* \* \* /path/to/wget/script
Now, if you have your own web page, you can use ftp/sftp/scp to upload the picture to your server using one script.

Creating Time-Lapse Videos

If you can capture a picture once every minute, you can create a pretty neat time-lapse video every day. This can be accomplished using wget and ffmpeg. For my camera, I point it outside, so it's only worth capturing between certain hours, say 6am to 6pm. After 6pm, I will have created over 700 pictures. I can then use ffmpeg to stitch them together to form a short video on the day's weather. It's a little complicated to discuss every detail behind this, so I'll just post the bourne script I use.

hour=`date +%H`
captime=`date +%H%M`
img=`ls ${dirpath}\*jpg | wc -l`;
expr=`expr 1 + $img`

	# File format will be Month.Day.Year.flv (flv for flash)
	date=`date +%m.%d.%y.flv`

	# ffmpeg reads in each image and incrementally makes a flash video at
	# 16 fps
	cd ${dirpath}
	ffmpeg -i %04d.jpg -r 16 ${dirpath}${date}

        # Cleanup, upload time-lapse to server and remove all jpg files
	# scp user@host:location
	# rm ${dirpath}\*jpg

        # ffmpeg expects pictures in the format 0001.jpg ... 0001.jpg so
        # we need to add a fluff of zeros to make each pic 4 digits long

	if [ $expr -lt 10 ]

	elif [ $expr -lt 100 ]

	elif [ $expr -lt 1000 ]

        wget http://garfunkel/img/snapshot.cgi?size=3\\&quality=1 --output-document=${dirpath}${expr}.jpg

case "$hour" in
# Eliminate the hours of the day that are too dark to capture
# If it is 6:00pm (18), time to make a video
	if [ $captime -eq 1800 ]
# Every other hour is assumed to have light, so take a pic
You might want to change the dirpath variable to wherever you want to store the pictures. Finally, add a cron entry to run every minute:
\* \* \* \* \* /path/to/timelapse/script
After 6pm, you will have an flv file. This is a flash file that can be played by various flash players for viewing on the web. You can change the file format to avi or mpg instead of flv if you just want to view it on your computer.

Sample video from my camera

Wednesday Dec 09, 2009

Can't use NumPad in OpenSolaris?

Today I thought I broke the numpad on my keyboard; none of then numbers were working. Switching on and off the Num Lock key didn't work. However, anytime I hit a number and held the key down, the mouse cursor would move across the screen. By some sort of black magic, I found a secret keyboard combo to turn on Mouse control via keypad.

Solution to turn it off
System ⇾ Preferences ⇾ Assistive Technologies ⇾ Keyboard Accessibility ⇾ Mouse Keys

Uncheck 'Pointer can be controlled using the keypad'
I must admit, however, this can be a handy feature when working with a mouse-less machine.

Wednesday Nov 25, 2009

Latex for OpenSolaris

Ever wanted to experiment with latex to write a paper or redesign your resume, but unsure how to install a latex package or compose a latex document? I'll try to explain it simply using OpenSolaris.

Install Latex

d its dependencies from our friends at
cd /tmp
gzip -d \*.gz
  • Install the packages
  • pfexec pkgadd -d libgcc-3.3-sol10-intel-local
    pfexec pkgadd -d ncurses-5.6-sol10-x86-local
    pfexec pkgadd -d libiconv-1.11-sol10-x86-local
    pfexec pkgadd -d tetex-3.0-sol10-x86-local

    Play with Latex
    For my simple uses of latex, I use two binaries to compose my documents: latex and dvipdf. Latex requires a tex file to generate a document. For this example, I will use my favorite resume template created by David Grant.
    cd /tmp
    mv resume.tex.txt resume.tex
    mv shading.sty.txt shading.sty
    Now, let's use the binaries I mentioned earlier to create a pdf file.
    /usr/local/teTeX/bin/i386-pc-solaris2.10/latex resume.tex
    /usr/local/teTeX/bin/i386-pc-solaris2.10/dvipdft resume.dvi
    You should find a pdf file in /tmp called resume.pdf. View it with acroread or evince to get an idea of how awesome latex is. I won't go into too much detail on how to create the resume.tex file, but viewing and editing it will you give you a good understanding on its syntax. This is David's resume that is generated:

    Tuesday Sep 29, 2009

    Compiling Alpine on OpenSolaris 2009.06

    For Alpine 2.00, the configure file looks around in the wrong directories for the OpenSSL header files.
          if test -d /usr/sfw/include/openssl ; then
          elif test -d /opt/csw/include/openssl ; then
            if test -d /opt/csw/ssl/certs ; then
    Unfortunately, configure never looks for the new location: /usr/include/openssl. Thankfully, there is an easy fix:
    ./configure --with-ssl-include-dir=/usr/include/openssl

    Wednesday May 20, 2009

    Cannot remove directory: File exists

    If you try to delete a directory over NFS and get an error such as...
    rm: cannot remove directory `asdf/': File exists
    ... you will notice that conventional methods won't be good enough to remove it.
    $ chmod -R 777 asdf/
    $ rm -rf asdf/
    $ rm: cannot remove directory `asdf/': File exists
    Usually there is a file like .nfs234B inside the directory than can be displayed with ls -la
    $ ls -la
    total 146
    drwxr-xr-x 2 user group    512 2009-05-20 08:51 .
    drwxr-xr-x 3 user group    512 2009-05-19 08:59 ..
    -rwxr-xr-x 1 user group 134888 2009-05-18 12:45 .nfs234B
    Removing this file only replaces it with another. There are two solutions: manually delete the file on the NFS server, or (if you don't have that type of access) kill its process.
    $fuser -u asdf/.\*
    asdf/.:     9070c(user)
    asdf/..:    28690c(user)   24845c(user)
    asdf/.nfs934B:     9070tm(user)
    9070 is the offending process. Kill it with fire.
    $ kill -9 9070
    Should be able to remove that directory now.

    Monday Jan 05, 2009

    Testing Network Performance in Solaris

    So you think your wireless link is slow, or your gigabit ethernet card is under performing. How can you tell? Here are two tools I use to test network throughput.


    Created by Kai Uwe Rommel, it tests by sending and receiving packets of varying sizes and reports throughput in kilobytes per second.

  • x86
  • # wget
    # gzip -d netio-1.26-sol10-x86-local.gz
    # pkgadd -d netio-1.26-sol10-x86-local
  • # wget
    # gzip -d netio-1.26-sol10-sparc-local.gz
    # pkgadd -d netio-1.26-sol10-sparc-local
  • Server-side
  • # netio -u -s
  • Client-side
  • # netio -u SERVER_IP_ADDRESS

    Here are results on a 100Mbps link:
    UDP connection established.
    Packet size  1k bytes:  11913 KByte/s (0%) Tx,  11468 KByte/s (0%) Rx.
    Packet size  2k bytes:  11954 KByte/s (0%) Tx,  11509 KByte/s (0%) Rx.
    Packet size  4k bytes:  12274 KByte/s (0%) Tx,  11687 KByte/s (0%) Rx.
    Packet size  8k bytes:  12284 KByte/s (0%) Tx,  11697 KByte/s (0%) Rx.
    Packet size 16k bytes:  12292 KByte/s (0%) Tx,  11702 KByte/s (0%) Rx.
    Packet size 32k bytes:  12348 KByte/s (0%) Tx,  11714 KByte/s (0%) Rx.
    Sending and receiving hovered around 11-12MB/s which is on par with 100Mbps.


    Created by Rick Jones and discovers the maximum throughput of a link, reporting in megabits per second.

    # wget
    # tar zxvf netperf-2.4.4.tar.gz
    # cd netperf-2.4.4
    # export CFLAGS="-lsocket -lnsl -lkstat"
    # ./configure
    # make
    # make install
  • Server-side
  • # netserver
  • Client-side
  • # netperf -H SERVER_IP_ADDRESS

    Here are results on a 100Mbps link:
    Recv   Send    Send                          
    Socket Socket  Message  Elapsed              
    Size   Size    Size     Time     Throughput  
    bytes  bytes   bytes    secs.    10\^6bits/sec  
     49152  49152  49152    10.00      94.88

    94.88 Mbps is the final result, not bad.

    Thursday Dec 18, 2008

    OpenSolaris Installation Checklist

    When I reinstall OpenSolaris, I have a small checklist of things I execute to create a familiar environment between my systems. This might be helpful to others.

  • Allow NIS user (really any user) access to the root role (lets them access packagemanager)
  • # vi /etc/user_attr
    Append to end of file:
    USERNAME::::profiles=Primary Administrator;roles=root

  • Enable NTP
  • # vi /etc/inet/ntp.conf
    # svcadm enable ntp
    # svcadm restart ntp

  • Install OpenOffice
  • # pkg install openoffice

  • Install gconf-editor
  • # pkg install SUNWgnome-config-editor

  • Disable Audible Alert Sound
  • I hate the audible alert sound. If you wear headphones while you're computin' and use tab-completion excessively on your shell or have a mail client that beeps on every new message, you know what I'm talking about.
    However, when I click on System->Preferences->Sound, the Play Alert Sound option is grayed out. Here is the solution:
    $ gconf-editor
    /apps/metacity/general/ and decheck audible bell

  • Allow root user to login directly
  • Don't do this.
    # rolemod -K type=normal root

    Thursday Dec 11, 2008

    2008.11 on the Asus EEE 701

    Things that have been fixed/work out of the box since 2008.05

  • Keyboard/mouse now fully functional throughout the install
  • Sound works by default
  • Webcam *should* work by default (my model doesn't have one so I can't test)
  • Atheros wi-fi still requires an additional download
    $ wget
    $ tar zxvf ath-x86-ar5007eg-pkg.tar.gz
    # pkgadd -d SUNWatheros
    # init 6
  • Attansic L1/L2 ethernet is now functional thanks to our good friend Masayuki Murayama
    $ wget
    $ tar zxvf atge-2.6.2.tar.gz
    $ cd atge-2.6.2
    # make install
    # ./
    # devfsadm -i atge0
    # ifconfig atge0 plumb

    Asus EEE 701 vs. 30 inch Dell Monitor
    800x480 vs. 2560x1600 resolution
    Longs Peak in the background
  • Monday Jul 28, 2008

    APC UPS on OpenSolaris (apcupsd)

    One of the best consumer UPS manufacturer on the market is APC. They make great products that can interface nicely with any UNIX-based system, whether it be Linux, BSD, or Solaris. Using their daemon (apcupsd), you can download the source and create a nice link-up with your UPS so you can be notified anytime your power goes out (or if you accidentally unplug it)

    My home model is the APC ES550 which is USB-based and has a weird USB->RJ45 cable to link a computer with the UPS. Let me explain how to get this running with OpenSolaris with at least this model.

    First you will need the latest apcupsd tarball located on Source Forge. Then, follow some standard compiling directions:

        $ tar zxvf apcupsd-3.14.4.tar.gz && cd apcupsd-3.14.4
        $ ./configure --enable-usb
        $ make
        # make install
    If your model is USB-based, you need the enable-usb flag with the configure script. Now when you make, however, it will most likely fail with the following error.
    libusb.h:9:34: /usr/sfw/include/usb.h: No such file or directory
    ... lots of errors ...

    'make' fails on OpenSolaris because by default it is missing a usb.h header file located in /usr/sfw/include. This can be retrieved by running this command inside that directory as root.

        # wget
    Binaries are stored inside /etc/opt/apcupsd/sbin.

    The file apcupsd.conf is needed to configure this USB device. Two lines that say the following must be included in this file.

    UPSCABLE usb
    UPSTYPE usb
    Delete any other UPSCABLE/UPSTYPE lines. The apcupsd.conf file documents other types of APC UPS devices as well, usually those that rely on serial as opposed to usb.

    Now, you should be able to run the daemon and you can verify that it will notify you by simply pulling the plug on the UPS. If you modify your root alias in /etc/mail/aliases the UPS will send you an e-mail when the power goes out. This sounds handy if I'm campus and I lose the electricity in my apartment, so I'll have plenty of time to power off my machine remotely.


    Hiya, my name is Paul Johnson and I'm a software engineer working on the Oracle ZFS Storage Appliance .


    « March 2015