Planet Solaris
January 06, 2009
Since end of Analog TV service is coming shortly here in the U.S. I would hope all my readers know this and have ordered there
coupons Digital TV converter boxes for all there older TV sets and helped there relatives and friends get there coupons as well.
Now after years of seeing Cable TV companies flex there muscles and screw there subscribers its time to give them the boot and show them that you do have a real choice and one that is cheaper as well. I recomend that you cancel your cable subscription and take the money you save and build or upgrade your Linux box to support
Mythtv, yes you have to run Linux on it, yes you are on the right blog, I am telling people to run Linux. Of course mythtv hasn't been ported to Solaris and the drivers for the tuner cards haven't been ported either so you really don't have a choice.
You can buy a digital tuner card for about $80, less than most people pay for a month of cable these days. Take your second month of cable fees and get a digital ready tv antenae and a 250+GB harddisk now you have a digital TV recorder that can hold 30+ hours of HD programming and it doesn't automaticly expire like the DVR that the cable company was providing you.
If you live in any major city you should have more than a decent selection of digtal TV channels to choose from, here in Milwaukee we have 5 digital PBS channels and 3 more that provide music and weather and traffic, we also have all the major networks some of them are providing multiple channels to choose from. Even if you have to rent some DVDs or sign up for netflix to fill out your entertainment needs you are still well ahead of the game.
The only question left is what to do with the $60+ a month you are saving.
Of course MythTV also gives you a lot more benefits over cable, one mythtv box can provide services to many other boxes, via its mythweb feature it can stream recorded shows to any other networked computer system in the house. During the summer you can now watch your favorite show while sitting on a lawn chair in your back yard, it also has a pretty slick interface for accessing streaming media from the internet and play your dvd's that you have ripped.
I see attack politics and attack marketing as pretty much the same thing. Or, a distinction without much of a difference, anyway. Politicians generally attack enemies who threaten their getting elected or getting some policy implemented. If you aren't a threat, though, you are basically ignored in that system. And if you are a little guy trying to attack powerful politicians, you are generally ignored, too. This is why collective protest is a necessary prerequisite for change. Strength comes in numbers. You have to make yourself a threat to even get noticed, and that has to happen well before you have a shot at changing things (whatever your thing is). But from the politicians point of view, since they have the power, it seems the attack principle dictates that they shouldn`t want to give too much exposure to a competitor or group they don`t support, so many politicians actually tend to attack pretty carefully. The rhetorically skilled know this very well. They think out a few moves ahead. Who should do the attacking? What`s the venue of the attack? What will the counter punch look like? Where will it come from? And when? What does it mean when no counter attack comes back at all and instead they are met with silence? And heck, what if the opponent praises in return instead of attacking as expected? The answers to these questions are imprecise at best.
I used to do competitive marketing, and I went through this exact same process. However, I always told my clients that attacks are best done by third parties and only in response to a precipitating attack. In other words, you don`t attack first. It`s not worth the headline. Instead, you be the one responding. Here`s why: those who attack first generally give away at least some of their position, and that gives you much more flexibility to respond. Unskilled politicians and marketers make this mistake all the time when they shoot their mouths off, but the concept holds up pretty well over time. I`ve said before that I think people attack for basically two reasons: (1) they are afraid that someone smaller than them may grow up and kick their butt, or (2) they are small themselves and want to pick a fight with a big guy to get attention. Either way, if you study your attacker you can learn a lot.
It's a game, granted. And everyone in it knows this. Most attacks can be quite easily turned around with some basic facts and logic. But rationality is irrelevant in the arena of delivering really good emotional propaganda for the purpose of influencing behavior. That's why attacks can work in some cases if they generate a strong reaction from the attacked. Attacks spread fear. And many times that fear shapes how people think if it`s not characterized properly. In fact, the term used to describe this process is sometimes called FUD -- fear, uncertainty, and doubt. It`s a silly sounding term, but it should be taken seriously because the best propagandists out there can be rather dangerous people if they have a power base and resources supporting them (a country, a company, an interest group, a foundation, a university, a union, whatever). In other cases, however, attacks and fear mongering backfire badly, and we saw this in the recent political campaign in the U.S. where pols on both sides took some things too far and the people (remember the people?) called them out on it.
So, what should you do if you are attacked in the marketplace? First, stop. Think. Don`t react immediately with the first counter attack you can think of in the first publication you can find. You`ve been attacked so you now have the upper hand for a period of time (not forever, though). What is the attack telling you about your attacker? Is he or she responding go your attack? If so, you deserve the counter attack so enjoy your stupid little fight. If not, though, something else is going on and you may be in a much better position than you think. It means that you got someone`s attention for some reason. You may have not even intended to get this attention, but that`s what the attack may mean and that`s valuable competitive intelligence if you can confirm it. Remember, if you were really irrelevant, chances are you`d be ignored. So, dig right there before responding and respond to defend and deflect not to attack back. And if you can praise the attacker (or his product or community or company or whatever) so much the better. Attackers are generally simple minded and angry and unable to deal with praise as a response. Alternatively, your attacker could just be engaging in bad marketing or politicking. Consider that too. Either way, you have the upper hand if you do the responding, not the attacking.
Tags:
propaganda attacks
I took these images a while ago, but spent some time cropping and adjusting tonight. I liked the characters and the old mixing with the young so I tried to get in closer and increase the contrast with a lot of black. The originals are here and here. I like these two here much better. They sounded pretty good, too. :)
- Propaganda war: trusting what we see?
Interesting, insightful and informative article examining the propaganda war around the events in Gaza. - A prediction that's a safe bet
"Excess wealth is gone like the codpiece. The free market will continue but any respect for the idea of free money is all over." - Amtrak photo contestant arrested by Amtrak police in NYC’s Penn Station
What for? Why, for trying to enter the competition by taking a photograph, of course! Personally I think the competition is a cunning scheme by Amtrak to flush out all the subversives so the police can arrest them and snuff out this disgusting train photography hobby for once and for all. - OpenTable: So Web 1.0 It Hurts.
Mirrors my experience. OpenTable is definitely ripe for a competitor that is about gathering an epicurean community and delivering it to deserving restaurants. - Cornyn promises filibuster on Franken
Any system contains within it the games that will be used to play it. Corollary: The more complex the system, the easier it is to find ways to game it. Corollary: Complex systems get gamed for longer than simple systems.
January 05, 2009
If you haven't seen it, DTrace is now shipping in Mac OS X Leopard. This is very exciting for us here at Sun, but one could be forgiven for asking an obvious question: why? How is having our technology in Leopard (which, if Ars Technica is to be believed, is "perhaps the most significant change in the Leopard kernel") helping Sun? More bluntly, haven't we in Sun handed Apple a piece of technology that we could have sold them instead? The answer to these questions -- which are very similar in spirit to the questions that were asked over and over again internally as we prepared to open source Solaris -- is that they are simply the wrong questions.
The thrust of the business questions around open source should not be "how does this directly help me?" or "can't I sell them something instead?" but rather "how much does it cost me?" and "does it hurt me?" Why must one shift the bias of the questions? Because open source often helps in much more profound (and unanticipated) ways than just this quarter's numbers; one must look at open source as long term strategy rather than short term tactics. And as for the intense (and natural) desire to sell a technology instead of giving away the source code, one has to understand that the choice is not between "I give a customer my technology" and "I sell a customer my technology", but rather between "a customer that I never would have had uses my technology" and "a customer that I never would have had uses someone else's technology." When one thinks of open source in this way, the business case becomes much clearer -- but this still may be a bit abstract, so let's apply these questions to the specific case of DTrace in Leopard...
The first question is "how much did it cost Sun to get DTrace on Leopard?" The answer to this first question is that it cost Sun just about nothing. And not metaphorical nothing -- I'm talking actual, literal nothing: Adam, Mike and I had essentially one meeting with the Apple folks, answering some questions that we would have answered for anyone anyway. But answering questions doesn't ship product; how could the presence of our software in another product cost us nothing? This is possible because of that most beautiful property of software: it has no variable cost; the only meaningful costs associated with software are fixed costs, and those costs were all borne by Apple. Indeed, it has cost Sun more money in terms of my time to blog how this didn't cost anything to Sun than it did in fact cost Sun in the first place...
With that question answered, the second question is "does the presence of DTrace on Leopard hurt Sun?" The answer is that it's very hard to come up with a situation whereby this hurts Sun: one would have to invent a fictitious customer who is happily buying Sun servers and support -- but only because they can't get DTrace on their beloved Mac OS X. In fact, this mythical customer apparently hates Sun (but paradoxically loves DTrace?) so much that they're willing to throw out all of their Sun and Solaris investment over a single technology -- and one that is present in both systems no less. Even leaving aside that Solaris and Mac OS X are not direct competitors, this just doesn't add up -- or at least, it adds up to such a strange, irrational customer that you'll find them in the ones and twos, not the thousands or millions.
But haven't we lost some competitive advantage to Apple? Doesn't that hurt Sun? The answer, again, is no. If you love DTrace (and again, that must be presupposed in the question -- if DTrace means nothing to you, then its presence in Mac OS X also means nothing to you), then you are that much more likely to look at (and embrace) other perhaps less ballyhooed Solaris
technologies like SMF, FMA, Zones, least-privilege, etc. That is, the kind of technologist who appreciates DTrace is also likely to appreciate the competitive advantages of Solaris that run far, far beyond merely DTrace -- and that appreciation is not likely to be changed by the presence of DTrace in another system.
Okay, so this doesn't cost Sun anything, and it doesn't hurt Sun. Once one accepts that, one is open to a much more interesting and meaningful question: namely, does this help Sun? Does it help Sun to have our technology -- especially a revolutionary one -- present in other systems? The answer is "you bet!" There are of course some general, abstract ways that it helps -- it grows our DTrace community, it creates larger markets for our partners and ISVs that wish to offer DTrace-based solutions and services, etc. But there are also more specific, concrete ways: for example, how could it not help Solaris to have Ruby developers (the vast majority of whom develop on Mac OS X) become accustomed to using DTrace to debug their Rails app? Today, Rails apps are generally developed on Mac OS X and deployed on Linux -- but one can make a very, very plausible argument that getting Rails developers hooked on DTrace on the development side could well the change the dynamics on the deployment side. (After all, DTrace + Leopard + Ruby-on-Rails is crazy delicious!) This all serves as an object lesson of how unanticipatable the benefits of open source can be: despite extensive war-gaming, no one at Sun anticipated that open sourcing DTrace would allow it to be used to Sun's advantage on a hot web development platform running on a hip development system, neither of which originated at Sun.
And the DTrace/Leopard/Ruby triumvirate points to a more profound change: the presence of DTrace in other systems assures that it transcends a company or its products -- that it moves beyond a mere a feature, and becomes a technological advance. As such, you can be sure that systems that lack DTrace will become increasingly unacceptable over time. DTrace's shift from product to technological advance -- just like the shifts in NFS or Java before it -- is decidedly and indisputably in Sun's interest, and indeed it embodies the value proposition of the open systems vision that started our shop in the first place. So here's to DTrace on Leopard, long may it reign!
Nice to see DTrace officially in FreeBSD 7.1.
ZDNet news article here.
FreeBSD announcement here.
DTrace community on OpenSolaris here. Also, I see that the
AsiaBSDCon 2009 conference will be held at the Tokyo University of Science in mid March. Cool. I should be around in March, so I`m looking forward to hanging around this conference for a bit.
Vacation over, left the mountains, back to work tomorrow. Good to get away for a bit, but it was too short. I have a million emails to delete. Better get started ...
For once, "Tokyo" refers in fact to a physical place, not some code project. Shocking but true.
Just prior to Christmas, I took a week-long trip to Tokyo Japan on Joyent business. This was interesting for me because it was both my first time to Japan and in fact first time to leave the country. Given that I am a California native, I've had little reason to leave. We commonly say here "Your within a 4 hour drive of almost any environment on earth". California is just a great place and I figured if I ever did leave the country, it should be some place particularly interesting, not just Mexico or Canada.
The first thing about traveling to Japan is that jet lag sucks and travel is painful. Sure, like everone has a tragic "I took a 36 hour flight" story, but a 12 hour flight in coach just sucks. The flight is 12 hours there and 9 hours back, thanks to trade winds... shocking that they take a full 3 hours off, but its true. When you take all travel concerns into account (including, in my case, a connection through LAX) I lost about 3 days to travel. I wanted to go to the Tokyo OpenSolaris Users Group OpenSolaris 2008.11 release event, and it was funny that I was scrambling Wed morning (PST) to make it in time for a Thursday evening (JST) event.
Once you get there, "jet lag" takes on a new meaning. Typically I think of "jet lag" as a minor diviation of your sleep schedule, like going coast-to-coast. But in Japan the time is so off, that you get hit hard about 5PM (JST) and then get a second wind around 7PM and then have trouble sleeping till 3-4AM. The first morning I was there I woke up at 5AM and by 6 gave up on trying to sleep.
While I can't talk much about my work there, I was in a data center for 2 days straight, then did a hand off to our other staff at home while we were on standby for another 2 days. We used that time for customer meetings and taking in as much of Tokyo as possible. Lesson to my fellow administrators, when your in a strange place and up against a deadline... pre-stage, pre-stage, pre-stage. I actually took a 2.5" USB powered drive with ZFS Datasets ready for mount and use. ZFS rules.
Anyway... I thought I'd share some miscellaneous thoughts in general about Tokyo for those who've never ventured to Japan:
- They say that going to Japan is like going to another planet. Not true. It was very much like any other large metropolis... people just don't speak English.
- I was told, that in a city like Tokyo which does a lot of international business that most people know english pretty well. Bullshit. In the large hotels in Shinjuku, ya, but everywhere else they don't know english. Due to the ammount that Japanese culture has integrated english words, they might know a couple of words, but it really comes down to hand jestures. If you walk into McDonalds and say "how are you today?" you get a blank smile. In my hotel (a really nice one actually, in Ariake, even the front desk barely knew any english.)
- "Large Coffee" in Japanese is "Oh-key ko-he"... life was difficult before this.
- You always see Japanese crowded into packed areas in the media, so you think Japanese like being crowded. Wrong. They like space too... but when you need to rely on public transportation to get anywhere and you can squeeze into a train, you bear it and cram.
- Japanese don't look at anyone else. At least, young people don't. In America we're constantly sizing up everyone around us, looking, thinking, perhaps even commenting.... not in Japan. In America if you walk past someone that is alone, you commonly say something like "hey", "yo", "hows it going?", nod, or otherwise acknowledge their existence. In Japan you can be around hundreds of people and feel absolutely isolated and alone. Consequently, its a really depressing and lonely place if your alone.
- ...unless you wear a kilt. I wore a kilt one day when there and people couldn't believe what they were seeing, women especially. After 3 days of feeling like I didn't exist this was a welcome reaffirmation of my humanity. :)
- Elderly Japanese (70+?) are much more friendly... they'll commonly give you a smile or say something back if you say hello (in Japanese obviously).
- The American understanding of "Hello" in Japanese is "Konichiwa"... but in fact, that means "Good Afternoon". There are variations for morning, afternoon and evening. Commonly this is followed with the word "gozaimasu", which adds some formality, like saying "Good morning sir" instead of "Morning" ("Ohayoo gozaimasu").
- Japanese pronunciation is more important than even the words themselves. I asked the from desk where I could find a "Key-mo-noh" (Kimono)... this turned into a confusing number of jestures and ultimately a dash for a Casio pocket translator. The word was right but due to my bad pronunciation we could not connect.
- In America we give people a hard time about "butchering our language"... if felt somehow redeeming to have people giving me a look of dispare and amusement as I butchered theirs.
- Learning Japanese is really tough. Pronunciation is the key to spoken Japanese... but writing is a whole seperate problem, as they have 3 seperate major writing systems Kanji (iconic, drawn from Chinese), Katakana (syllabic, meaning characters that you can sound out), and Hiragana (the American equivalent is cursive). The kick in the teeth is that commonly in Japanese they will use all 3 in a single sentence.
- Tokyo is huge. Taxi's are expensive, especially if your traveling more than a couple miles. Supposedly a taxi ride from the Narita airport on the edge of town (feels way out of town actually) to the heart of the city will run you US$500 and takes about an hour.
- Navigating trains in Tokyo is really complex. There are hundreds of stops and the kicker is that unlike most places there is not a single central train authority that runs all the trains.... there are several different train companies with their own lines, so you commonly cross over from one to another. As a result there were many people who have lived there for 5+ years and had considerable trouble navigating the train system unless they were familiar with that particular route.
- Tokyo is clean. Super clean. And, ironically, finding a trash can is hard to do. All the taxi's and buses have clean white doily things on the head-rests, and people just don't litter. You see the occasional cigarette butt, but thats about it.
- Bathrooms are fun in Japan. They use electric dryers exclusively, commonly a "toaster" like contraption in which you insert your hands, and a stream of high-pressure air blows across your hands as you slowly pull them up... bone dry hands, totally awesome. Even bathrooms in Japan don't have trash-cans.
- Toto toilets are scary and wonderful things. You know, you've seen those images of Japanese toilets with an instrument panel right? I could write a whole series just on those things, but needless to say the first time you sit down on a toilet seat thats warm, it freaks you out.
- The ability to order Sushi like a pro in the US doesn't mean jack sh*t in Japan.
- All Japanese are short. Totally wrong. I'm 6'4", everyone wanted pictures of me towering over the little Japanese. Just plain wrong, I didn't notice any difference between California and Japan in terms of variation in height. In fact, there were several Japanese construction workers that were massive and definitely not to me messed with.
- If the Toyota released all their japanese cars in the US, GM and Ford would be out of business. I saw several Toyota's that put Mercedes to shame. You have to see it to believe it.
- Japanese quality is awesome. If I traveled there regularly I'd probly buy all my clothes in Japan.
- Adjusting to coinage is odd. The smallest Japanese bill is 1,000 yen (round it to US$10; less due to conversion, but ballpark). $5 and down is all coinage. In the US we tend to discard change (collected in jars, or whatever)... but there, you have to adjust to using coinage frequently or you walk around with a bulging pocket all the time.
- Mint... apparently mint isn't big in Japan, you don't hardly see it. If its green its almost certainly green tea flavored. Strawberry, however, is very popular.
- Japanese aren't big on candybars or chocolate in general. At least, not like we are in the US. In a mini-mart in the US we have one or more isles dedicated just to chocolate, commonly in candy-bar form. Over there you find only a couple varieties. Kit Kat and Snickers are the only US bars I saw.
- Yes, Hentai is as common as they say. Also, Japanese Manga is telephone book sized, not little things like we read in the US.
- Strange observation... I was hard pressed to find a Japanese magazine about business or computers. I found one magazine about PC's, but most were about TV or culture. I wanted to pick up some economic/news magazines but couldn't find 'em.
- Vending Machines. You hear that they are everywhere. This is true, there is almost always one within eye shot... however the notion that you can "buy anything in a vending machine" is overblown. Most of the vending machines were just drinks and maybe a can of nuts or something. I didn't see any vending machines for portable electronics, or books, or all the wierd stuff you hear about. I'm sure they exist, but some people make it sounds like you can buy a Sony Walkman in a vending machine in the middle of a park.
- Dress. Dress varies based on what area ("Ward") of Tokyo you are in, but in general they dress much nicer than in the US. Men most commonly wear a 2 button suit. Young women wear short skirts with knee or thigh high tights and either leg-warmers or tall boots. Teenage boys tend toward jeans and a tshirt.
- Video Games. If you walk into an arcade, all the arcades are played sitting down! What we commonly consider an "up-right" game, has a little bench. The "crane-pickup" games are really popular and have kool prizes. One arcade had these games filled with food items like ice-cream bars and such.
- Couples. I was really amazed at how many couples I saw! In the US its generally difficult to tell who is a couple because we've lost the tradition of holding hands. A man and women in San Francisco exiting a restaurants may be a couple, or brother-sister, or friends, or co-workers... its hard to tell. In Tokyo there were tons of couples holding hands and cuddling on trains.
- Gambling. Gambling is big in Tokyo. Commonly in the form of slot machines and a game called "Pachinko". They don't have card games, and thus most people didn't seem to think of it as gambling, but these things are eveywhere!
- Mini-marts. Mini-marts are big there, particularly 7-11 and Circle K. People buy lunch, breakfast, and dinner at these places, typically before or after getting on a train. They sell a lot of Ramen (yes, they do sell "Cup o' Noodle" in Japan) and provide hot-water to fill it up before leaving. Other meal items include every variation of rice and seafood you can think of, including sushi.
- Sushi. I wondered how much better sushi was there than here. I wasn't shocked, the sushi in Japan is unlike anything you've had in the US. I've eaten at some of the high-end places in San Francisco and they don't come close to your average box-lunch sushi there.
I could go on for a while but will leave it there. I commonly reflected on the movie "Lost in Transation" while in Tokyo. I even got to quickly venture into Shinjuku to the Tokyo Hyatt where it was largely filmed (the "bar" that he hangs out in has a 1,000 Yen cover charge JUST to sit there. A Guinness in a pub can cost me 1800 yen. But man oh man it was a beautiful lounge.) The theme of being disconnected and alone in Tokyo rings true from the film.
I didn't get to see as much of the city as I wanted to. I especially wish I'd had time to see the legendary Akihabara (Japanese Geek Central), but time didn't permit. None-the-less I'm happy with what I was able to take in. We spent one day without a guide just taking the train some place and exploring around the station, the other day with a guide in between customer meetings.
I'm absolutely indebted to Alain Hoang who helped guide us and answer our questions. He's an amazing sysadmin and one of the nicest guys I've ever met. If it weren't for his help we would have probly never ventured further than we can walk. Besides that, he deserves a metal for helping me stumble through some basic Japanese and better understand the culture.
I don't know if I'll ever have reason to return to Tokyo. I certainly would enjoy being able to, especially if it weren't so close to Christmas (I returned the day before Christmas Eve), but given the cost I doubt I would ever return to vacation. Never the less, I've picked up an odd desire to continue learning Japanese and katakana... I've got an odd feeling I'll be back again one day. Who knows.
So, in short, if you ever have the opportunity to visit Tokyo I encourage you to take it, but make sure you pad the trip with at least 5 days to take in as much as possible.
January 04, 2009
That’s it, simple like that! As every software combination should be. ;-)
I was resisting to really create a virtualized development environment on my laptop, not because i do not trust in virtualization, actually i’m a big fan… the problem is the big deceptions i had on the past trying to do so. Most because in [...]
www.c0t0d0s0.org has an interesting entry
what will be after Linux.
I found the first comment the most interesting, The Linux croud are still trying to say that Solaris is great for big servers. Of course that has been the ralying cry for the Linux crowd since the beginning of time, but Solaris 10 now has lots of technology that makes it better for smaller systems especially the home user, which I will get to in a moment. Yes linux has lots of features that are common on UNIX and enterprise class stuff, LVM (Logical Volume Manager), Systemtap, EXT4, NFSv4, iscsi, network Bonding where it is faling down on the job is making stuff easier to use.
Solaris started out on the big hardware and yes it was terrible to use, but if you know it and understand how it fits together it pays well. Now with Solaris 10 they are adding things that make all the peices fit together without a soldering iron and a manual bit flipper. For instance:
ZFS gives all the functionality of Linux's LVM, and a state of the art filesystem, all with a simple user interface just two commands allow you to do nearly everything in ZFS. I won't bore you but here is how you create a raidz pool, and create an iscsi shared volume, a smb shared filesystem, and a nfs shared filesystem take a snapshot of every filesystem and volume just created, no cryptic commands, its all thought out well and allows the administrator to start simple and move from one network file system to all others with a shallow learning curve, no work has been done in Linux to make the parts fit together as they have been done in Solaris nine commands did all this work, I know I could of did it in less but I didn't use the short cuts. Any one want to admit to how many it would be in Linux?
zpool pool raidz drive1 drive2 drive3 drive4
zfs set compression=on pool
zfs create pool/smbshared
zfs set sharesmb=name=shared pool/smbshared
zfs create -V 10g pool/iscsivol
zfs set shareiscsi=on pool/iscsivol
zfs create pool/nfsshare
zfs set sharenfs=on pool/nfsshare
zfs snapshot -r pool@snapshot
Solaris 10 also has Zones, that are like Freebsd jails on steroids, and are multiple generations beyond the chroot that Linux tradionally uses, I've heard that zoning type solutions are in planning but they have not been intergrated into any of the main stream Linux distrobution. So the user is faced with reinventing the wheel for each program they want to include in a chroot and its much more complex like documented at
Chroot BIND Howto in Solaris 10 and beyond you just create a small zone config using a well documented process that adds a layer of seperation of not just the filesystems, but network, and read-only mounted copies of the files.
# zonecfg -z z1
z1: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:z1> create
zonecfg:z1> set zonepath=/export/z1
zonecfg:z1> set autoboot=true
zonecfg:z1> add net
zonecfg:z1:net> set address=192.168.1.10
zonecfg:z1:net> set physical=hme0
zonecfg:z1:net> end
zonecfg:z1> verify
zonecfg:z1> commit
zonecfg:z1>exit
and then create the zones, using zoneadm -z z1 install, no knowledge of what particular program you are encapsulating, so you can create zones for each service (.i.e. Apache, MySQL, bind) without a full day of researching each service and of this is done with just 2 commands, zonecfg and zoneadm.
Solaris is now simplifying network administration in the "
clearview" project. In the past Solaris Networking configuration has been ugly to say the least, to enable large packets you had to edit different drive configuration files based on which Network interface card you had. Trunking and teaming required special drivers and programs to be installed and worked on a limited number of cards. Now Solaris 10 has merged all the bits into one place, dladm is a new control program that allows you to do all this in a unified way. Including network tunneling, aggregation, vanity naming and more. Recently the next generation to networking in Solaris was released its called
crossbow which adds network vitalization to Solaris, you can create virtual switches and divide physical nics into chunks and they do it using the dladm introduced for crossview. You can do some of this with Linux but its not easy, and each project seems to reinvent the wheel. Xen offers the virtual switches, the advanced router howto shows how to limit network bandwidth. Solaris gives it all a unified interface.
Now all this new functionality has been added into Solaris 10 with just 5 commands. While this is pretty amazing, its just the first step, I guess you are surprised that I say its just the first step. The real power becomes when you tie these technologies together. You can use ZFS filesystem snapshots and clones to make zone creation faster and use less space and yes is just as simple, and the crossbow and clearview are integrated into zones as well. I won't try and show all this as its all ready done at
Crossbow Hands on.
All of integration just isn't limited to these projects, DTrace has it as well, you can tell dtrace you are only want to watch stuff from a specific zone. DTrace has a network provider set of probes that allow you to watch events related to networking including ipf (the firewall), ipv6, and because Solaris uses a smart frame work these probes usually work on new features as well.
Some Christmas lights tonight from the place next door, and some bamboo growing across the street.
I can`t quite get the bamboo I`m looking for but it`s coming along.
Merry Christmas!
January 03, 2009
Sink or swim: Haruka Nishimatsu, chief executive Japan Airlines: "Nishimatsu says that in the big picture, JAL's change process has to be much more than just talk - Asia's biggest airline needs to genuinely be overhauled. While some say his plan does not go far enough, particularly in terms of job cuts, Nishimatsu says pragmatism must be adhered to. He also insists that if his targets are not met that he will take full responsibility. 'If you were to ask is this the perfect, completely realisable cost-cutting plan, then that is a very difficult thing to declare,' he says. 'But if we don't achieve our targets, I do not intend to stay on.' "
A leader asserting ... responsibility? I find that especially shocking. Usually leaders spin, deflect, duck, attack, point fingers, lie, and steal. And they usually get away with it, too.
I don`t see very many people leading by example these days, do you? And I don`t see very many leaders emerging from real communities of people engaged in direct action, do you? I`m talking about people who actually
work not just
talk. These people are
obvious on every project. They are the leaders even though they don`t have the title and most times never get the title. That`s unfortunate. It seems to me that the era of the experts and special people spinning us like sheep should be over. Humor me. I can dream, can`t I? But is that happening at JAL? Can it happen in government too?
January 02, 2009
As you can see in the sidebar, i’m using twitter and actually i’m enjoying it! I talk a lot, and so i many times talk to myself… i know, weird… so, with twitter i can write instead of talk to myself (but i’m still talking to myself :). Anyway, i will try to use it [...]
Some things are reasonably obvious in hindsight. This was one of them.
I've been consolidating some old applications into
zones on a
Solaris server.
Some of them were on physical servers, some were already in zones on other hardware. It turned out that the applications I was consolidating lived on two different subnets, and I didn't really want to go to the trouble of changing IP addresses.
No problem. The
T5140 I was using has multiple interfaces, so I connected one of the unused interfaces to the second subnet and gave it an address (the server's primary interface was already in the first subnet I was using).
Then configure up the zones, remembering that you need to choose the correct network device depending on which subnet the zone is in.
And the zones didn't work. Bother. What did I forget? This:
At least one of the network interfaces used by a zone needs to have a default route associated with it.Specifically, that second network interface needs to have a default route added to it. For the main host, it didn't matter - it will route packets over whichever interface it needs to. But if a zone is only associated with the second network interface, it can't use the default route associated with the first interface.
I add routes explicitly, so just a quick manual
route add net default 10.2.3.254
to add a default route for the second interface did the trick - you can have multiple default routes and Solaris will always use the right one.
To make this permanent, just add multiple lines to the
/etc/defaultrouter file.
January 01, 2009
- OOoCon 2009 - Call for Location
Want to host the next OpenOffice.org conference? the 2008 event was in Beijing so I'd have to guess a location in Europe would stand a good chance this year... - Dan Gilbert researches happiness
Just watched this TED talk from 2005 and it's a brilliant and entertaining explanation - which seems so obvious in retrospect - of what influences our choices and why we are so often wrong. Unusually for a TED video there's also a Q & A at the end that's worth watching. - On Christmas Day in the morning
25 million downloads of OpenOffice.org 3.0. Regardless of the self-interested whining from some quarters, it's clear something about this release gets it right for the people who really matter, the users of the software. - FUD from the Linux Foundation or: Mr Zemlin again
"Using FUD is a good fear detector in my daily business. The amount of spreaded FUD is proportional to the amount of fear. Thus i have to assume that Mr. Zemlin of the Linux Foundation is really afraid of Solaris." - Matthew Alexander on Torture
"I learned in Iraq that the No. 1 reason foreign fighters flocked there to fight were the abuses carried out at Abu Ghraib and Guantanamo." (the book looks interesting too). - Blog Response guide
Excellent flow chart by the USAF PR team for responding to commentary on blogs that captures what many of us already learned and try to practice (even if we do end up feeding the odd troll). - Ring flash
Fascinating idea - a ring-light that works by redirecting and diffusing a normal flash.
What I love about bullet trains in Japan is that they look fast even when they just cruise into the station. This is a very tough train, no question about it. These bullets are pretty old now, but Japan will be
upgrading to the jet fast maglev bullets in the future.
And that is a fast train.
But I still want a fast train from Tokyo to Narita, though. That has to come first before anything else. Anyway, I love when the bullet glides into Tokyo Station. It`s like a jet boat pulling into the harbor. Everyone knows it`s fast. It doesn`t have to say a damn thing.
Wouldn`t it be nice to lay bullet tracks all across the United States? The billionaire oil guys wouldn`t be happy at all but we`d surely be. And
we should come before
them for a change. It`s been them before us for far too long.
Part of Shogatsu in Japan involves going to temples and shrines to pray. Last night at midnight we went down in the valley in a lovely light snowfall to this temple to pray, ring the bell that you can hear for miles around, and meet others in the community. People pray at three locations at this temple and then walk down the hill to a shrine to pray there as well. Shrines and temples mix in Japan totally freely ...
Today, Brendan made a very interesting discovery about the potential sources of disk latency in the datacenter. Here's a video we made of Brendan explaining (and demonstrating) his discovery:
This may seem silly, but it's not farfetched: Brendan actually made this discovery while exploring drive latency that he had seen in a lab machine due to a missing screw on a drive bracket. (!) Brendan has more details on the discovery, demonstrating how he used the Fishworks analytics to understand and visualize it.
If this has piqued your curiosity about the nature of disk mechanics, I encourage you to read Jon Elerath's excellent ACM Queue article, Hard disk drives: the good, the bad and the ugly! As Jon notes, noise is a known cause of what is called a non-repeatable runout (NRRO) -- though it's unclear if Brendan's shouting is exactly the kind of noise-induced NRRO that Jon had in mind...
December 31, 2008
If you missed this years excellent Systems Administration Advent Calendar Blog you missed some great content. But do not despair! Its all there for your reading pleasure. Articles on scripting, new technology, primers, and workflow are there to help you into the new year. I even contributed an entry: Day 17 - Time Management.
A warm round of applause goes to Jordan Sissel for organizing it and rallying various bloggers to participate.
Just before the end of the year, the third episode of SA Pro, featuring a 1 hour interview with OmniTI Founder & CEO Theo Schlossnagle.
Its a bit long, I admit, but Theo is an amazing guy and refreshing to talk with. Fire it up while you tweek on something fun for New Years.
Some images from the train ride along Chikumagawa (gawa means river) earlier today about an hour outside Nagano. I have these in color so I tried black and white tonight. I used my Canon PowerShot, but for a little point/shoot they came out quite nice I think. It`s cold and snowy out here in the mountains of Kijima for Shogatsu (Japanese New Year).
I wanted to play a little deeper with Crossbow, and in particular get my mind around Etherstubs and inter-stub routing. So I devised the following experimental architecture:
Etherstub0
|----> vnic0 ---> zone001
|----> vnic1 ---> zone002
+----> vnic2 --
Etherstub1 +-> router01
|----> vnic3 --/
|----> vnic4 ---> zone003
+----> vnic5 ---> zone004
The idea is to have 2 zones on one etherstub (virtual switch) on one subnet, 2 on another, and then an additional zone that sits on both acting as a router.
So I set forth to do this. Create a template zone, cloned it out and brought them all up. I created all the vnic's assigned to the appropriate etherstubs and gave them to the zones as exclusive-ip interfaces and then configured each zones networking stack by plumbing and ifconfig'ing.
root@quadra ~$ dladm create-etherstub etherstub0
root@quadra ~$ dladm create-etherstub etherstub1
root@quadra ~$
root@quadra ~$ dladm create-vnic -l etherstub0 vnic0
root@quadra ~$ dladm create-vnic -l etherstub0 vnic1
root@quadra ~$ dladm create-vnic -l etherstub0 vnic2
root@quadra ~$ dladm create-vnic -l etherstub1 vnic3
root@quadra ~$ dladm create-vnic -l etherstub1 vnic4
root@quadra ~$ dladm create-vnic -l etherstub1 vnic5
root@quadra ~$
root@quadra ~$ dladm show-link
LINK CLASS MTU STATE OVER
e1000g1 phys 1500 up --
e1000g2 phys 1500 down --
e1000g0 phys 1500 unknown --
etherstub0 etherstub 9000 unknown --
etherstub1 etherstub 9000 unknown --
vnic0 vnic 9000 up etherstub0
vnic1 vnic 9000 up etherstub0
vnic2 vnic 9000 up etherstub0
vnic3 vnic 9000 up etherstub1
vnic4 vnic 9000 up etherstub1
vnic5 vnic 9000 up etherstub1
Here is the zone configuration:
zonecfg:template0> info
zonename: template0
zonepath: /quadra/zones/template0
brand: native
autoboot: false
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: exclusive
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
inherit-pkg-dir:
dir: /opt
net:
address not specified
physical: vnic0
defrouter not specified
I then decided on the following IP scheme:
IPs:
vnic0 10.0.90.10 /24
vnic1 10.0.90.11
vnic2 10.0.90.12
vnic3 10.0.91.12
vnic4 10.0.91.11
vnic5 10.0.91.10
Zones up, and it looks like this:
root@quadra ~$ zoneadm list -vc
ID NAME STATUS PATH BRAND IP
0 global running / native shared
3 zone001 running /quadra/zones/zone001 native excl
4 zone002 running /quadra/zones/zone002 native excl
5 zone003 running /quadra/zones/zone003 native excl
6 zone004 running /quadra/zones/zone004 native excl
7 router01 running /quadra/zones/router01 native excl
- template0 installed /quadra/zones/template0 native excl
Now we play!
First things first... can I touch an interface other than the one explicit assigned to it? And, do dladm commands work in a zone?
root@zone001 ~$ dladm show-vnic
root@zone001 ~$ dladm show-vnic vnic0
dladm: invalid vnic name 'vnic0': object not found
root@zone001 ~$ dladm show-vnic vnic1
dladm: invalid vnic name 'vnic1': object not found
root@zone001 ~$ dladm show-vnic vnic2
dladm: invalid vnic name 'vnic2': object not found
root@zone001 ~$ dladm show-ether
root@zone001 ~$ dladm show-usage
dladm: show-usage requires a file
root@zone001 ~$ dladm create-etherstub zonestub0
dladm: etherstub creation failed: object not found
root@template0 ~$ ifconfig vnic2 plumb
ifconfig: cannot open link "vnic2": DLPI link does not exist
root@template0 ~$ ifconfig vnic1 plumb
Ok, so dladm is useless and I can't plumb an interface not assigned. Good.
Now, to setup our router. All we should have to do is enable IPv4 Forwarding on a zone with 2 interfaces, one on each network:
root@router01 ~$ routeadm -e ipv4-forwarding
root@router01 ~$ routeadm -u
root@router01 ~$ routeadm
Configuration Current Current
Option Configuration System State
---------------------------------------------------------------
IPv4 routing enabled enabled
IPv6 routing disabled disabled
IPv4 forwarding enabled enabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/ripng:quagga
online svc:/network/routing/ndp:default
disabled svc:/network/routing/zebra:quagga
disabled svc:/network/routing/rip:quagga
disabled svc:/network/routing/ospf:quagga
disabled svc:/network/routing/ospf6:quagga
disabled svc:/network/routing/bgp:quagga
online svc:/network/routing/route:default
disabled svc:/network/routing/rdisc:default
root@router01 ~$ ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
vnic2: flags=201100843 mtu 9000 index 2
inet 10.0.90.12 netmask ffffff00 broadcast 10.0.90.255
ether 2:8:20:27:5f:6
vnic3: flags=201100843 mtu 9000 index 3
inet 10.0.91.12 netmask ffffff00 broadcast 10.0.91.255
ether 2:8:20:e9:65:94
lo0: flags=2002000849 mtu 8252 index 1
inet6 ::1/128
Easy enough. In the old days you would enable the "ROUTER" flag on each interface and such, but now its all nicely wrapped by routeadm. Yeah!
I won't bore you with the ping scenario details, but thanks to in.routed running in each zone by default the gateway just appeared auto-magically:
root@zone004 ~$ netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 10.0.91.12 UG 1 0 vnic5
10.0.91.0 10.0.91.10 U 1 1 vnic5
127.0.0.1 127.0.0.1 UH 1 0 lo0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 1 0 lo0
root@zone004 ~$ ping -s 10.0.90.10
PING 10.0.90.10: 56 data bytes
64 bytes from 10.0.90.10: icmp_seq=0. time=0.549 ms
64 bytes from 10.0.90.10: icmp_seq=1. time=0.091 ms
^C
----10.0.90.10 PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 0.091/0.320/0.549/0.324
root@zone004 ~$ traceroute 10.0.90.10
traceroute to 10.0.90.10 (10.0.90.10), 30 hops max, 40 byte packets
1 10.0.91.12 (10.0.91.12) 0.087 ms 0.041 ms 0.034 ms
2 10.0.90.10 (10.0.90.10) 0.086 ms 0.056 ms 0.052 ms
How kool is that! I could take this further by adding in a public interface to the router and routing it as well, but I'd need to bring IP NAT into the mix and I'm not terribly interesting in that tonight.
Of course, one other test of interest is will snoop work properly? We know it works with IP Instances, but still work fine with vnic's and etherstubs? Yes!
root@zone001 ~$ snoop
Using device vnic0 (promiscuous mode)
10.0.91.10 -> zone001 ICMP Echo request (ID: 496 Sequence number: 5)
zone001 -> 10.0.91.10 ICMP Echo reply (ID: 496 Sequence number: 5)
10.0.91.10 -> zone001 ICMP Echo request (ID: 496 Sequence number: 6)
zone001 -> 10.0.91.10 ICMP Echo reply (ID: 496 Sequence number: 6)
Furthermore, Etherstub does act as a switch. Other zones on the same etherstub will not see traffic unless its addressed to it.
As a sidenote, you'll notice that Etherstub's default to JumboFrame. You should be able to modify this, however the link-property shows as read-only... I'll look into that later.
Ever wanted to roll out a functioning, routing, VLAN'ed, multicast network of hundreds of nodes to test your dream setup but only have a laptop? Now you can. All my test zones are consuming only 12MB of disk each, and I've got 300GB free on my home SATA RAIDZ2... so do that math. :)
BTW.... I did all this from architect to implementation and fully tested in 1 hour, including the time it took to install and configure all the zones. Solaris rules.
Can't resist... lets try IP Filter within the Zone just to see that its happy. I'll use a simple ruleset that blocks everything but SSH:
root@zone001 ~$ cat /etc/ipf/ipf.conf
#
# ipf.conf
pass in quick proto tcp from any to 10.0.90.10/32 port = 22
block in log from any to 10.0.90.10/32
root@zone001 ~$ svcadm enable ipfilter
Now we'll test from another node:
root@zone004 ~$ ssh 10.0.90.10
The authenticity of host '10.0.90.10 (10.0.90.10)' can't be established.
RSA key fingerprint is 2e:fc:c7:36:33:70:db:16:d7:74:35:04:1a:3f:02:bb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.90.10' (RSA) to the list of known hosts.
Password:
root@zone004 ~$ ftp 10.0.90.10
^C
Sweet. Now just a look at the IP Filter stats to make sure its not a fluke:
root@zone001 ~$ ipfstat
bad packets: in 0 out 0
IPv6 packets: in 0 out 0
input packets: blocked 5 passed 25 nomatch 8 counted 0 short 0
output packets: blocked 0 passed 15 nomatch 15 counted 0 short 0
input packets logged: blocked 5 passed 0
Perfect! Its actually blocking the packets. IP Filter works as you expect it too, in a zone on a vnic. Super sweet.
December 30, 2008
Here it is, big post 1,000. I'm fairly proud of that given that the vast bulk of all my blog entries are technical and not just brainless linkdumps. There is still a lot to blog about and I've still written a great many entries that ended with "more to come...", never the less its a good milestone.
Looking back at 2008, we've had a very good a productive year in OpenSolaris land. COMSTAR arrived, Crossbow arrived, ZFS is getting stronger all the time, we got a new iSCSI Target, the first and second release in the 6 month cycle of Indiana went out on schedule, and Solaris 10 is now more or less on par with Nevada. Technically there is a lot to be proud of and excited about.
On the non-technical side we had another OpenSolaris Developers Summit and the first annual OpenSolaris Storage Summit. Ian Murdock gave a keynote at CommunityOne and there was a heavy emphasis on OpenSolaris at JavaOne. We did several good conferences this year, although not as many as in years prior. We had a dominant year at SNIA's Developers Conference, helping solidify Sun's role in the future of storage development.
On the Sun side, the mighty FISHworks released to the world and the response to the resulting offerings has been tremendous thus far and sets a new standard in storage particularly in the realm of the Sun-created buzzword "OpenStorage". Business for Sun is poor but there are several areas of growth and although I think the MySQL acquisition was a massive blunder it may all pan out in the end.
On the OpenSolaris governance side, its been a sad year. Rather than moving forward the OGB decided to rehash old ground and fall right back into the same pitfalls. An all Sun OGB proved to be less effective than a mixed OGB. OpenSolaris governance in general is more closed off and insular than ever, but thats indirectly what Simon Phipps and others were shooting for.
The Silicon Valley OpenSolaris Users Group fell into significant decline over previous years, but tends to be a valley trend as technologies loose their initial buzz and become more established... the Silicon Valley Linux Users Group felt the same kind of declines, although not as sharply.
As we look to 2009, I think the word is "established". OpenSolaris is here, Nevada is strong, we've proven that its not going to disappear. We now need to set the tone for the future by definitively establishing the future of Solaris 11 (or lack of one), upgrade path from Solaris 10 (if there is one beyond HP-UX like Update-forever), and wrapping extension technologies like xVM, Sun Cluster, and others around OpenSolaris. In general, customers are still largely unclear on where this is all ultimately going and what it means to them. If you have big SPARC box like Sun Fire E2900 in production running Sun Cluster, what does the future hold? S10 till you retire it? OpenSolaris makes a lot of sense to new adopting customers, but then a lot of them are running it on non-Sun hardware (Dell, HP, and Supermicro are popular)... how do we monetize them in a compelling way? And how do we continue to ramp Sun support of Nevada? To date most experiences with Sun Support over post-S10 releases are horrible as a lot of Sun's Support organization simply doesn't know it well enough.
So, the pave stones are on the ground, they now need to be shifted into a resting position so we can start walking people across the path. Its time to unify offerings and improve Sun's sales, marketing and support around it.
Here's to 2009!
A simple test to see how the ZIL code behaves on a configuration where the slog could be a bottleneck…
ZPOOL with 12 disks(750gb each) in load share:
ZPOOL with 12 disks(750gb each) in load share, plus a 32gb slog:
The ZIL code should not avoid write to the slog if the pool have a better throughput?
I find most conversations about "leadership" little more than
meaningless chit-chat. A waste of time. Talk is
cheap. Just ignore it. Action speaks clearly. With that in mind, watch
this CNN clip of Japan Airlines CEO Haruka Nishimatsu's attempt to
manage his company through tough times -- Evolving Excellence: $20 Billion Company CEO ... Takes the Bus.
What do you think? I've watched the darn thing a dozen times. I can't
get enough. It's an inspiration. Yet, it's so stupidly simple. And it
speaks quite clearly about this guy's priorities and those of his
company. Can you imagine in your wildest dreams business, labor, and political
leaders in modern America following this reality of
leadership? Yah, I doubt it too.
Now, some of this is cultural in that
the distribution of wealth in Japan is not nearly as insane as it is in
the United States, and the so-called "talent" market in Japan is
nothing like it is in the West as well. The Japanese think very differently
about individual talent and its value in relation to an overall
organization. It's difficult to explain, but I see it everywhere around
here. And I can see both good and bad in it as well. So, I'm not saying that the Japanese know best in all cases. They don't. Neither do we, actually, but we tend to not recognize that. But I do find it remarkable that this story in
Japan is really not a big deal at all. Should it be? Regardless of the obvious
cultural differences, the United States may be forced to make some
cultural changes like these in the near future. It will be fascinating
to see how the country deals with it. Is all that "talent" worth all that
cash? If it is, so be it. I'm all for paying for the best. But if not, can we finally recognize it,
please? Can this be any more obvious now? So far the solution is simply
to raid the pockets of us regular people to save all the experts and
billionaires with a never ending series of bailouts. How long that will
last who knows. I suspect not for very long before people get really
pissed, but what do I know. I'm nobody. I have no power. I'm not
special in that system, and don't think for a minute that that doesn't
get me very down at times. I know, I know ... Obama is going to save
us. Right. Got it.
Oh, and by the way, when I travel throughout Asia for Sun, Japan
Airlines is always an option for obvious reasons. They fly there a lot.
And I generally choose based on times and prices, etc -- just like
everyone else (well, everyone else who flies 3rd class, I mean). So, do
you think knowing that JAL's CEO is taking the freaking bus to work
hanging on to the damn strap like I do and making less money than his
pilots will affect my decision to choose an airline? You can absolutely count on it.
Never mind that the service on JAL (and most Asian airlines) is vastly
superior to every single American and European carrier in the air, I'm
talking this guy's plane because he's talking the bus. Period. And Nishimatsu didn't initiate this no-frills style of
management when the U.S. fell off the financial cliff a few months ago.
Nope. He started a couple of years ago. Anyway, I gotta calm down. Here are some
related links talking about this issue. Good stuff. All worth a read if
you are just a regular working stiff trying to figure out how to retire
and put your kid through college.
Ah, one more thing before I forget. And this is a big deal. If you want
to build community in this new era -- one where the people have more of a voice than ever before -- do what
Nishimatsu-san does. It's required. How else would you have any
credibility whatsoever?
December 29, 2008
Hurley with a gun?? Maybe an Aaron’s toy… ;-)
Sorry, but that was really bad (or funny)! I’m old, ok… in the past, when i was starting to use GNU/Linux, install packages was sad (Slackware, RedHat/Conectiva/Mandrake/RPM, etc). We had to download the packages and dependencies…
But the world has changed, and a smart guy did create Debian.. another smart person did create Gentoo…
Well, [...]
Here`s a good article about how some Chinese and Japanese view the word "normal" as it relates to Japan`s role in the world -- China wary of a 'normal' Japan. The Japanese tend to view the term as enabling Japan to participate in international peacekeeping activities around the world in collaboration with the UN, but some in China worry that normal means militarization. It turns out that both sides need to cut each other some slack. It`s a difficult issue given the history here in East Asia, but this article deals with it quite calmly and rationally.
A couple weeks ago we encountered the "
sp diff" message below on bootup. The message iterated about 15-20 times before continuing the final bootup sequence, which took at least twice as long as normal.
A colleague of mine recalled performing some multipathing activities a few days earlier and thought there might be some dangling dev links as a result.
To resolve the issue, the devfsadm command was executed in cleanup mode, -C.
sp diff: name finddevice, nargs 1, nret 1,sp 0xf05d35b8 osp 0xf05d35a8
sp diff: name finddevice, nargs 1, nret 1,sp 0xf05d35b8 osp 0xf05d35a8
sp diff: name finddevice, nargs 1, nret 1,sp 0xf05d35b8 osp 0xf05d35a8
sp diff: name finddevice, nargs 1, nret 1,sp 0xf05d35b8 osp 0xf05d35a8
sp diff: name finddevice, nargs 1, nret 1,sp 0xf05d35b8 osp 0xf05d35a8
...
# devfsadm -C -v
# init 6
Update: A message from a colleague who requested not to be named.
stmsboot -e will enable multipathing, the system needs to be rebooted in order for it to take effect.
When the system comes up, you will notice long device names in
/dev/dsk/. It may be coincidence but I noticed that the number of
multipathing devices listed match the number of sp diff lines that are
displayed.
Next, I did a stmsboot -d to disable multipathing and rebooted the
system. When the system came back online, I still saw the sp diff lines.
Lastly, I did the devfsadm -C -v and I saw it clean up the device links. I rebooted the system again and the sp diff lines were gone.
You would think that disabling multipathing should delete the links but
it doesn't.
After 2 years of waiting, Project Crossbow has arrived! It integrated into Nevada Build 105 on Dec 4th, and BFU's became available around the middle of the month. SX:CE isn't available just yet, but should be up in about a week I hope. Crossbow is huge. This is a monumental improvement to Solaris and continues to push the bar out of reach of its competitors.
Simply put, Crossbow redefines the nature of network virtualization. To date, virtualization was limited to creating traditional "virtual interfaces" like so:
root@quadra ~$ ifconfig e1000g1:1 plumb 10.0.0.50 netmask 255.255.255.0 up
root@quadra ~$ ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=201000843 mtu 1500 index 2
inet 10.0.0.18 netmask ffffff00 broadcast 10.0.0.255
ether 0:1b:21:25:3e:7b
e1000g1:1: flags=201000843 mtu 1500 index 2
inet 10.0.0.50 netmask ffffff00 broadcast 10.0.0.255
Creating virtual interfaces like this gets the job done but has a number of drawbacks, all based on the fact that its not a real interface. Stats are screwed up, you can't snoop the interface, you can't tune it, etc.
Crossbow changes all that. Now we can create Virtual NIC's (vnic's) which are, for all intents and purposes, real interfaces. They have their own network stack and queues, they can be tuned, the can be snooped, they can be VLAN'ed, etc. Anything you can do to a real interface you can do to a VNIC.
While VNICs are handy things to have in the globalzone, they really shine when used with virtualization such as Solaris Containers (zones) or Xen guests, because we now can hand off interfaces that are fully controllable from within the virtual environment without having to dedicate a physical NIC to each one. The result is virtualized environments that feel way more like real servers.
If you're not already familiar with the dladm command its time for you to get acquainted. dladm is short for "Data Link Administration", and now compliments ifconfig. For some time now its been used for managing WIFI, 802.11ad Link Aggregation ("teaming" or "trunking", depending on your pedigree), and more recently VLANs. its even replacing the old (and crappy) ndd with dladm's "link properties"... a welcome improvement.
As of snv_105 several new options are available, namely sub-commands for creating VNICs and Etherstubs. A VNIC is a virtual network interface with all the trimmings of a real network interface. For the moment, it appears the max number of vnic's is 799, but thats not set in stone, and frankly if you need more than that you need to re-architect. Etherstubs are in-software switches which can be used in concert with VNIC's to create entirely virtualized in-software networks! In short, a standard VNIC will be associated with a physical GLDv3 network adapter, but we can also create a VNIC associated with an Etherstub to keep anything from ever touching the wire.
Lets ponder this. Why would you want a VNIC that uses a software switch (etherstub)? Seems completely useless right? Not entirely. On a traditional network you would create a DMZ with firewall and other goodies which routes to a private internal network... imagine that you can now do that all inside a single system!
Ok, so lets get cracking. Once you have snv_105 installed, we'll create a VNIC associated with physical e1000g1, then an etherstub and 3 more VNICs that are internal using that etherstub:
root@quadra ~$ dladm show-link
LINK CLASS MTU STATE OVER
e1000g1 phys 1500 up --
e1000g2 phys 1500 down --
e1000g0 phys 1500 unknown --
root@quadra ~$ dladm create-vnic -l e1000g1 vnic0
root@quadra ~$ dladm create-etherstub etherstub0
root@quadra ~$ dladm create-vnic -l etherstub0 vnic1
root@quadra ~$ dladm create-vnic -l etherstub0 vnic2
root@quadra ~$ dladm create-vnic -l etherstub0 vnic3
root@quadra ~$ dladm show-link
LINK CLASS MTU STATE OVER
e1000g1 phys 1500 up --
e1000g2 phys 1500 down --
e1000g0 phys 1500 unknown --
vnic0 vnic 1500 up e1000g1
etherstub0 etherstub 9000 unknown --
vnic1 vnic 9000 up etherstub0
vnic2 vnic 9000 up etherstub0
vnic3 vnic 9000 up etherstub0
So we have a variety of VNIC's at our disposal. We now treat these like regular interfaces, using ifconfig to plumb them and assign IP's:
root@quadra ~$ ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=201000843 mtu 1500 index 2
inet 10.0.0.18 netmask ffffff00 broadcast 10.0.0.255
ether 0:1b:21:25:3e:7b
root@quadra ~$ ifconfig vnic0 plumb 10.0.0.19 up
root@quadra ~$ ifconfig vnic1 plumb 10.100.0.2 netmask 255.255.255.0 up
root@quadra ~$ ifconfig vnic2 plumb 10.100.0.3 netmask 255.255.255.0 up
root@quadra ~$ ifconfig vnic3 plumb 10.100.0.4 netmask 255.255.255.0 up
root@quadra ~$ ifconfig -a
lo0: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g1: flags=201000843 mtu 1500 index 2
inet 10.0.0.18 netmask ffffff00 broadcast 10.0.0.255
ether 0:1b:21:25:3e:7b
vnic0: flags=201000843 mtu 1500 index 7
inet 10.0.0.19 netmask ff000000 broadcast 10.255.255.255
ether 2:8:20:3a:70:5a
vnic1: flags=201000843 mtu 9000 index 8
inet 10.100.0.2 netmask ffffff00 broadcast 10.100.0.255
ether 2:8:20:f2:56:4d
vnic2: flags=201000843 mtu 9000 index 9
inet 10.100.0.3 netmask ffffff00 broadcast 10.100.0.255
ether 2:8:20:bc:b1:a1
vnic3: flags=201000843 mtu 9000 index 10
inet 10.100.0.4 netmask ffffff00 broadcast 10.100.0.255
ether 2:8:20:55:11:56
Please notice that they all have individual MAC addresses! There are severla methods for how the MAC is chosen, but I won't go into them here.
If you are using Solaris Containers these VNIC's would be given to a Zone as an "IP-Instance" (exclusive mode), a feature which was added some time ago but untill now only usable by dedicating a physical interface. The same should apply to Xen or other virtualization tools.
Finally, in our whirlwind tour of this amazing technology, lets look at my favorite feature of Crossbow.
Crossbow is both Network Virtualization (we looked at that above) and Network Resource Control. With Crossbow we have a real network resource control capability that is free from the terror that is IPQoS.
There are three types of resource controls at present: max bandwidth (rate limiting), priority (relative to other traffic), and cpu's. Please note that these controls are not cumulative, but rather apply to any given point in time. These controls can be applied either to an entire link (NIC or VNIC) or alternatively to a particular network flow.
Let me pause here. If your not familiar with a "network flow", it is a defined collection of network communication. For instance, a flow might refer to all HTTP (port 80) traffic to a given IP address, or perhaps all TCP traffic, or perhaps a combination of FTP, SMTP, and HTTP ports. If you've worked with firewall rules your familiar with the concept, a flow simply allows us a way to apply some action to a specific flow of traffic.
Crossbow adds the new command flowadm to define and control network flows. Here is an example:
root@quadra ~$ flowadm add-flow -l vnic0 -a transport=tcp,local_port=80 httpflow
root@quadra ~$ flowadm add-flow -l vnic0 -a transport=tcp,local_port=443 httpsflow
root@quadra ~$ flowadm show-flow
FLOW LINK IP ADDR PROTO PORT DSFLD
httpflow vnic0 -- tcp 80 --
httpsflow vnic0 -- tcp 443 --
flowadm relies on attributes that describe a flow, and properties which assign some resource control. We'll add bandwith control to the flows above by modifying the "maxbw" property:
root@quadra ~$ flowadm show-flowprop
FLOW PROPERTY VALUE DEFAULT POSSIBLE
httpflow maxbw 50 -- 50M
httpflow priority -- --
httpsflow maxbw 80 -- 80M
httpsflow priority -- --
Here the maxbw is specified in Mbps. Docs show that percentages, Kbps, etc are supported, but they don't seem to work right now.
maxbw will rate limit to the specified throughput, priority can be set "low", "normal", "high" or "rt" (real time). Using these controls carefully you can partition off bandwidth pretty nicely.
In addition to all this, extended accounting has been extended to incorporate accounting based on links or flows, but I'll save that for another day.
Congrats to everyone on the Crossbow team. This is a major achievement and an amazing technological advance!
December 28, 2008
The putback of:
PSARC/2008/094 Korn Shell 93 Integration project update 1 ARC case
PSARC/2008/344 ksh93 Integration Update 1 Amendments 1
6619428 RFE: Update ksh93 in Solaris to ast-ksh.2007-10-15 (or higher)
6595183 RFE: Update ksh93-integration demo code
6561901 RFE: Add "shcomp" (shell script compiler) + kernel module to exec binary sh code
6599668 RFE: Move consumers of alias.sh over to ksh93
has updated /usr/bin/ksh93 in OpenSolaris to a newer version. The
putback also added new utilities such as the shell script
compiler "shcomp", Solaris support to recognize and execute compiled shell code and updated several other utilities, including
/usr/bin/test, /usr/bin/kill and /usr/bin/sum.
The full annoucement can be found here.
- The shell script compiler "
shcomp" is now included
- Solaris now recognizes compiled shell code by default via a new kernel module ("
shbinexec")
- Support for record-oriented pipes has been added
/etc/ksh.kshrc now sets a default prompt (PS1) for interactive sessions- Many bugfixes, primarily focussing on stability, improved error checking, performance and fixing support for large, complex variable trees.
- Many closed-source binaries are replaced with opensource versions
- Many new demos including:
… and much more…
The following log lists the changes between ast-ksh.2007-04-18
integrated into OS/Net B72 and ast-ksh.2008-11-04 integrated
into B106:
#### Changes to ksh93 (
usr/src/lib/libshell): ####
08-10-31 --- Release ksh93t ---
08-10-31 Variable scoping/initialization bugs that could dump core were fixed.
08-10-24 The lexer now accepts all RE characters for patterns prefixed
with a ksh ~(...) option expression.
08-10-24 For ${var/pat/sub} \0 in sub expands to the text matched by pat.
08-10-18 A bug in array scoping that could dump core has been fixed.
08-10-10 read -n and -N fixed to count characters in multibyte locales.
08-10-10 A bug that mishandled _.array[] type references has been fixed.
08-10-09 ${.sh.version} now contains a catenation of the following (after
'Version') denoting compile time features:
A SHOPT_AUDIT
B SHOPT_BASH
L SHOPT_ACCT
M SHOPT_MULTIBYTE
08-10-09 A bug that caused subshell command substitution with redirection
to hang has been fixed.
08-10-08 Output errors, other than to stderr, now result in a diagnostic.
08-10-08 ksh93 now supports types that contain arrays of other types as
members. Earlier versions core dumped in this case.
08-10-05 A bug which caused the shell to emit a syntax error for an arithmetic
statement of the form (( var.name[sub] = value)) has been fixed.
08-10-01 A bug that caused subshell command substitution to hang has
been fixed.
08-09-29 When the -p export option of typeset is used with other options,
only those variables matching the specified options are displayed.
08-09-29 When the shell reads the environment and finds variables that are
not valid shell assignments, it now passes these on to subsequent
commands rather than deleting them.
08-09-29 A bug in the display of compound variables containing an indexed
array of compound variables has been fixed.
08-09-29 A bug in the display of compound variables containing an associative
array with a subscript containing a . in the name has been fixed.
08-09-26 A core dump in the subshell environment restore has been fixed.
08-09-24 $(...) has been fixed to properly set the exit status in $?.
08-09-23 $(<...) with IFS=$'\n\n' has been fixed to retain all but the last
of multiple trailing newlines.
08-09-23 The -p option to typeset when used with other attributes, restricts
the output to variables with the specified attributes.
08-09-22 A bug that sometimes lost the exit status of a job has been fixed.
08-09-21 A bug that retained trailing command substitution newlines in
cases where the command caused the shell to fork has been fixed.
08-09-19 type, whence -v, and command -v were fixed to comply with POSIX
by writing 'not found' diagnostics to the standard error.
08-09-18 test and [...] were fixed to comply with POSIX in the case
of test '(' binop ')' where binop is a valid binary test operator.
08-09-16 If a method discipline named create is specified when defining a
type, this function will be called when an instance is created.
08-09-15 The variable _ is now set as a reference to the compound variable
when defining a compound variable or a type.
08-09-10 The shell now prints an error message when the type name specified
for an indexed array subscript is not an enumeration type.
08-09-10 A bug in which a subshell that spawned a background process could
loose output that was produced after the foreground completed
has been fixed.
08-09-10 A timing bug on some systems that could cause coprocesses started by a
subshell to not clean up and prevent other coprocesses has been fixed.
08-09-09 The typeset -m option is now able to rename array elements from
the same array.
08-09-09 The exit status of 2 from the DEBUG trap causes the next command
to be skipped. An exit value of 255 from a DEBUG trap called from
a function causes the function to return.
08-09-08 A bug in which a coprocess created in a subshell that did not
complete when the subshell terminated could prevent a coprocess
from being created in the parent shell has been fixed.
08-09-05 An assignment of the form name1=name2 where name1 and name2
are both compound variables causes name1 to get a copy of name2.
name1+=name2 causes name2 sub-variables to be appended to name1.
08-09-05 A bug in which unsetting a compound variable did not unset all
the sub-variables has been fixed.
08-09-01 A bug in the subshell cleanup code that could cause SIGSEGV has
been fixed.
06-08-26 The SHLVL variable which is an environment variable used by bash
and zsh that gets incremented when the shell starts.
08-08-25 For an indexed array, a negative subscript now refers to offsets
from the end so that -1 refers to the last element.
08-08-24 An alignment error for shorts on 64 bit architectures has been fixed.
08-08-22 If oldvar is a compound variable, typeset -C newvar=oldvar creates
newvar as a copy of oldvar.
08-08-19 The ALRM signal no longer cause the sleep builtin to terminate.
08-08-13 When used in an arithmetic expression, the .sh.version variable
now produces a number that will be increasing for each release.
08-08-11 A bug in which type instantiation with a compound assignment in
a dot script in which the type is defined has been fixed.
08-08-07 The -m option has been added to typeset to move or rename a
variable. Not documented yet.
08-08-06 A bug in read when used in a loop when a prompt was specified
when reading from a terminal has been fixed.
08-08-01 A bug with the pipefail option in which a nested pipeline could
cause an asynchronous command to block has been fixed.
08-08-01 A for loop optimizer bug that treats .sh.lineno as an invariant
has been fixed.
08-07-30 A bug in which expanding compound variable that had a get discipline
from with a here document could cause a syntax error has been fixed.
08-07-18 A bug in which a nameref caused a local variable to be created
rather than binding to an existing variable in the global scope
has been fixed.
08-07-17 A bug which occurred when a nameref was created from within a
function that was part of a pipeline has been fixed.
08-07-14 The compile option SHOPT_STATS was added. With this option the
compound variable .sh.stats keeps usage statistics that could help
with performance tuning.
08-07-10 The output of set now always uses a single line for each variable.
For array variables, the complete set of values is now displayed.
08-07-09 The typeset -C option can be used with arrays to indicate that
each element should default to a compound variable.
08-07-08 The %B format now outputs compound variables and arrays. The
alternate flag # can be used to cause output into a single line.
08-07-03 When the window change signal, WINCH, is received, the current
edit line is redrawn in place.
08-07-01 A bug in the handling of shared variables when inside an embedded
type has been fixed.
08-06-29 A bug in multiline edit mode which occurred when the prompt length
was three characters or less has been fixed.
08-06-23 A bug in which the SIGCLD was not be triggered when background
jobs completed has been fixed.
08-06-23 KSH_VERSION added as a name reference to .sh.version.
08-06-20 type now outputs 'special builtin' for special builtins.
08-06-19 A couple of bugs in multi-dimensional arrays have been fxied.
08-06-19 A bug in which a syntax error in a dot script could generated
a syntax error in the next subsequent command has been fixed.
08-06-17 Reduced the maximum function call depth to 2048 to avoid exceptions
on some architectures.
08-06-16 A bug in which printf "%B" could generate an exception when the
specified variable was not set has been fixed.
08-06-16 When typeset -p is followed by variable names, it now displays
the attributes names and values for the specific names.
08-06-14 A bug that could effect the drawing of the screen from multiline
emacs or gmacs mode when walking up the history file has been fixed.
08-06-13 A bug in which a compound variable defined in a subshell could
have side effects into the parent shell has been fixed.
08-06-13 A number of bugs related to using .sh.level to set the stack from
for DEBUG traps have been fixed.
08-06-13 The .sh.lineno variable has been added. When .sh.level is changed
inside a DEBUG trap, the .sh.lineno contains the calling line number
for the specified stack frame.
08-06-13 The .sh.level variable has been documented and now works.
08-06-11 The -C option has been added to read for reading compound command
definitions from a file.
08-06-11 The . command is now permitted inside a compound command definition.
The dot script can contain declaration commands and dot commands.
08-06-09 Add -C option to typeset so that typeset -C foo, is equivalent
to foo=().
08-06-09 Added -n warning message for typeset option orderings that are valid
with ksh88 but not valid with ksh93, for example Lx5.
08-06-09 A bug in which the return value for an assignment command containing
a command substitution with that failed was zero when the assignment
contained redirections has been fixed.
08-06-09 A bug in the quoting of $ inside a ERE pattern ~(E)(pattern)
has been fixed.
08-06-06 A bug when processing `` command substitution with the character
sequence \$' has been fixed.
08-06-02 When defining a type, the typeset -r attribute causes this field
to be required to be specified for each instance of the type and
does not allow a default value.
08-06-02 Several bugs in which compound variables were modified by
subshells have been fixed.
08-05-22 The ceil function has been added to the math functions.
08-05-21 A bug in which a name reference defined in a function and passed
as an argument to another function could cause an incorrect binding.
08-05-21 A bug in freeing compound variables that are local to functions
has been fixed.
08-05-19 The array expansions ${array[sub1..sub2]} and ${!array[sub1..sub2]}
to expand to the value (or subscripts) for array between sub1 and
sub2 inclusive. For associative arrays, the range is based on
location in the POSIX locale. The .. must be explicit and cannot
result from an expansion.
08-05-15 The trap on SIGCLD is no longer triggered by the completion of
the foreground job as with ksh88.
08-05-14 A bug in the implementation of the editing feature added on
07-09-19 in emacs mode has been fixed.
08-05-12 A bug in processing the test built-in with parenthesis has been
fixed.
08-05-12 The unset built-in now returns non-zero when deleting an array
subscript that is not set.
08-05-08 Changing the value of HISTFILE or HISTSIZE will cause the old
history file to be close and reopened with the new name or size.
08-05-08 When FPATH is changed functions that were found via a path search
will be searched for again.
08-05-08 A parser bug in which reserved words and labels were recognized
inside compound indexed array assignment after a new-line has
been fixed.
08-05-07 A bug in getopts when handling numerical option arguments has
been fixed.
08-05-07 The typeset -S option was added for variables outside type
definitions to provide a storage class similar to C static
inside a function defined with function name. When outside
type definitions and outside a function, the -S option cause
the specified variable so be unset before the assignment and
before the remaining attributes are supplied.
08-05-07 A bug that affected the cursor movement in multiline mode when
a character was deleted from near the beginning of the any
line other than the first.
08-05-01 In multiline edit mode, the refresh operation will now clear
the remaining portion of the last line.
08-05-01 A bug in computing prompt widths for the edit modes for prompts
with multibyte characters has been fixed.
08-05-01 A bug in the multiline edit mode which could cause the current
line to be displayed incorrectly when moving backwards from third
or higher line to the previous line has been fixed.
08-05-01 A bug in which options set in functions declared with the function
name syntax were carried across into functions invoked by these
functions has been fixed.
08-04-30 A bug which could cause a coprocess to hang when the read end
is a builtin command has been fixed.
08-04-30 The emacs and vi editors have been modified to handle window
change commands as soon as they happen rather than waiting for
the next command.
08-04-28 A bug in which ${!x} did not expand to x when x was unset has been
fixed.
08-04-27 A bug in which the assignment x=(typeset -a foo=([0]=abc)) created
x.foo as an associative array has been fixed.
08-04-25 A bug in which $# did not report correctly when there were more
than 32K positional parameters has been fixed.
08-04-04 Choose the name _ as the sub-variable that holds type or instance
specific data used by discipline functions.
08-03-27 A bug in which the terminal group was not given back to the parent
shell when the last part of a pipeline was handled by the parent shell
and the other parts of the pipeline complete has been fixed.
The symptom was that the pipeline became uninterruptable.
08-03-25 A bug in restricted mode introduced in ksh93s that caused scripts
that did not use #! to executed in restricted mode has been fixed.
08-03-25 A bug in which the pipefail option did not work for a pipeline
within a pipeline has been fixed.
08-03-24 A bug in which OPTIND was not set correctly in subshells has
been fixed.
08-03-24 A bug which could cause a memory exception when a compound variable
containing an indexed array with only element 0 defined was expanded.
08-03-20 A bug in which ${!var[sub].*} was treated as an error has been fixed.
08-03-20 Associative array assignments of the form ([name]=value ...)
now allow ; as well as space tab and new line to separate elements.
08-03-18 A buffering problem in which standard error was sometimes
not flushed before sleep has been fixed.
08-03-17 A bug in which a signal sent to $$ while in a subshell would be
sent to the subshell rather than the parent has been fixed.
08-03-17 --default option added to set(1) to handle set +o POSIX semantics.
set --state added as a long name al
