Half a week

I was out half this week, helping my younger son deal with a nasty sinus infection—and then an allergic reaction to the prescribed antibiotic. So, between finishing various deliverables, I've been trying to catch up on my opensolaris.org mailing list traffic. This afternoon, I got to ogb-discuss, the Governing Board alias, which has been exploring the next steps for the Architecture Review process for open development.

A few minutes ago, I replied to one message in the thread, and then reread the message was from Tuesday. Given that I was out three days, this makes quasi-arithmetical sense, as

Friday - ~2.5 days = Tuesday

Maybe in an hour or two, I'll be able to prove "Monday = Monday", give or take.

[ T: OpenSolaris OGB ARC ]

(2007-06-08 17:39:25.0) Permalink

Untuning for 53

Since I bumped into a couple of problems after moving to Build 53, I thought I should make a note and save folks some time. My laptop's a reasonably standard install, but I do turn off a few more daemons, in the hope of squeezing out a few minutes' more battery life. With the new GNOME bits, you need to make sure that

$ svcs \*hal\* \*fc-cache\*
STATE          STIME    FMRI
online         Nov_28   svc:/application/font/fc-cache:default
online         12:27:47 svc:/system/hal:default

shows that both hal(1M) and fc-cache(1M) are running, as their functionality is required by other components. (If you don't have application/font/fc-cache enabled, you'll have trouble getting much of GNOME to run--you'll see core files, running on which pstack(1) will reveal a stack trace filled with symbols beginning with "FC"...) A couple of svcadm enable invocations will bring things back into spec.

If you haven't customized your system and you're still having similar problems, you probably want to visit desktop-discuss.

[ T: OpenSolaris Solaris GNOME HAL fc-cache ]

(2006-12-04 14:08:29.0) Permalink

53 looks good

About six weeks ago, in anticipation of GNOME 2.16, I switched my desktop from an Ion window manager-based X11 environment to the JDS environment integrated with Solaris. Now, with the delivery of Build 53—not yet on the Download Centre, apparently—the wait is over:

A few keyboard shortcuts input, a tweak of the window preferences, and it's back to normal work. (Or better: using evince and gnome-terminal in their full screen modes are distinct improvements for reading documents onscreen.)

Background image by Mandolux.

[ T: OpenSolaris Solaris JDS GNOME ]

(2006-11-29 16:36:55.0) Permalink Comments [2]

OpenSolaris: TechDays, Buenos Aires, 23 - 25 October

I'll be visiting Argentina for the first time, to present at the upcoming TechDays in Buenos Aires. As with all TechDays, the event itself is free, but you must register in advance. The event is being held at the Hilton Buenos Aires; OpenSolaris day is 23 October.

As always, if you want to meet up and talk about OpenSolaris, software development in Argentina, or any other topic, leave me a comment or send me some email.

I'm a little tired today, as I made a round-trip to Los Angeles to visit the Argentinian consulate there and obtain a visa. 700+ miles on the road, but the friendly officers were able to do the turnaround in only a few hours.

[ T: Solaris OpenSolaris TechDays Buenos_Aires ]

(2006-10-11 11:24:43.0) Permalink Comments [3]

OpenSolaris: TechDays, Seattle, 5 - 7 September

I'll be up in the Seattle area for 5 – 7 September—I'll be presenting on OpenSolaris at the upcoming Tech Days there. If you're interested in attending, then get over to the registration site; the event is free, but space is limited.

(Undecided? Peruse the Seattle agenda.)

If you'd like to have a beer or a coffee and talk about OpenSolaris, Solaris, software development, or the like, drop me a line. 6 September has the main OpenSolaris track, but I'll be around the evening before and most of the day following.

I can't find one here, so I'll ask: anyone thinking about starting a Seattle OSUG?

[ T: OpenSolaris Solaris Tech_Days Seattle ]

(2006-08-22 11:47:56.0) Permalink

Cryptically content

For me, on the whole, this week was a pretty good one. Dave and I wrapped up some interface work on Wednesday (and one of my favourite projects, Visual Panels, went public using the project hosting on opensolaris.org). And we've been making progress on many fronts for OpenSolaris: the source code management evaluation is starting to pick up, project proposal rates are increasing, and governance efforts are nearing their next milestone.

I may even have enough time to dust off some unfinished blog entries.

[ T: OpenSolaris Solaris smf vpanels ]

(2006-02-10 16:00:52.0) Permalink

LISA05 Wednesday: Autopod and PKI

While the vendor exhibition opened and inquiries were handled at the Sun booth, I went to the technical session on Configuration Managment Theory and to Radia Perlman's invited talk.

The most interesting talk to a kernel developer in the technical session was Shaya Potter presenting on the Autopod work he and Jason Nieh have been pursuing at Columbia. It's a nice combination of an isolated application environment with process checkpointing, with a number of nice advantages—foremost among them being migration of a running pod (application environment) between systems running different operating system versions.

Shaya mentioned about the port from 2.4 Linux kernel to 2.6, and the loss of simple system call interpositioning in the newer implementation. One interesting area for investigation of similar work on OpenSolaris would be to assess the suitability of the BrandZ technology for creating a checkpointable zone—the preexisting application environment on which to build. There's a wide variety of potential kernel state to capture, but the appropriateness of the brand architecture may simplify aspects of a prototype.

If you're interested in thinking about such things, the BrandZ community should open up on OpenSolaris soon; you can already subscribe to the brandz-discuss alias on the Discussions page.

Despite being at Sun for a while, I've never heard Radia Perlman speak before, and I can now highly recommend it: she's engaging and funny, as well as a very clear technical presenter. Radia gave an overview of the ideas and implementation issues around Public Key Infrastructure (PKI). Apparently, she and her co-authors have released a new edition of their text, Network Security: Private Communication in a Public World [Amazon], which I'll put on my wish list.

[ T: OpenSolaris LISA05 BrandZ PKI ]

(2005-12-08 10:23:52.0) Permalink Comments [0]

LISA05 Tuesday

After the N1 Grid BoF session led by Eric Nielsen, Liane took the lead on a well attended BoF about Solaris 10 and OpenSolaris. (I missed the N1 BoF, enjoying a nice conversation with Bernd Haug, who has been architecting solutions using Solaris in various scenarios in Austria.)

As with any presentation, it takes some cable jujitsu to achive laptop/projector union:

The audience was definitely interested in Zones, and Dan fielded some of the more involved questions with gusto:

A particularly passionate point about the general performance issues around patching systems with zones was raised; one audience member noted that placing one's zones explicitly in single user mode would speed zones patching.

Dan and Jan watch the questions come in:

Jan answered some questions regarding PXE and the new boot architecture on x86/x64 systems.

Frank Liborio came down to explain some of the finer points of the patching and update changes and their association with the Solaris support plans:

There were some good questions about the new pricing for software in general; the main point, I thought, was to emphasize that the components are not crippled free variants, but the same enterprise version, just with no support.

At the end of the BoF, people moved purposefully to the room's front, either to ask questions of the various experts, or perhaps to snag a free Solaris DVD kit:

John Groenveld stopped to say hello as David and I were milling near the doors; it's nice to talk with other Solaris advocates (other than the bunch I lunch with every day, I mean).

Today, the vendor exhibits open, so there should be some technical discussions and demos at the Sun booth, and Dan will host a BoF of Solaris futures tonight. My plan is to listen to some of the interesting looking talks, and then get to the BoF.

I'm getting used to the behaviour of the camera, particularly at full telephoto. Being polite, I didn't use the flash much—and I'm doubt it would matter at 60'—so these photos vary in quality. I was fiddling with adjusting for indoors, incandescent lighting, and longer exposures at different times.

[ T: Solaris OpenSolaris LISA05 ]

(2005-12-07 11:07:48.0) Permalink Comments [0]

Conferring again

It's been a few years and a couple of kids since my last conference, but I'm happy to be packing to be ready to attend LISA 2005, which is happening in San Diego, CA this week. My plane lands mid-afternoon Tuesday, and I'll be there until Friday. Liane's giving a paper on smf(5), and Liane and Dan are each hosting BoF sessions on aspects of Solaris and OpenSolaris. Bryan is coming for a technical session, and Jonathan, Dave, and David from the smf(5) team will be there, too. (Ask Dave and David for a demo.) Plus, there's a booth in the Vendor Exhibition and a sponsored reception, and events I don't know about and am probably not invited to...

A particular attraction for administrators: I wanted to point out that Bill Moore of the ZFS team will be available at the booth to demonstrate and answer your initial, subsequent, and follow-up questions about ZFS. If you're curious about ZFS or have been working on your best volume management/file system stumpers, come interrogate Bill.

I'll be at LISA with two hats on: I'm still trying to think about service management and system approachability (and administrators see a lot of common and worst cases for each of these efforts), but I'll also be there to hear about issues and concerns you might have about OpenSolaris. The schedule for the conference is busy, but I'd be happy to meet up with folks during the day, as well as at either BoF session; do feel free to send me email. If you're looking for me physically, I'll be the one wearing the tie.

UPS willing, I'll also be trying out a new camera—I hope to get some photos up during the week.

[ T: Solaris OpenSolaris smf zfs LISA05 ]

(2005-12-04 14:51:48.0) Permalink Comments [2]

Yet another quiet week

Once again, we've sent a delegation of engineers to Portland for OSCON. The absence of that group—Bryan, Keith, and Liane are there —and of the many other folks involved with OpenSolaris, plus the usual August vacations, is leaving the halls here in Menlo Park rather quiet.

Of course, while I may be enjoying an audible quiet, the OpenSolaris lists are hopping: the vigorous discussions on compatibility as a community value, packaging systems, new communities, as well as technical questions, are showing how much energy there is across the larger (Open)Solaris community. If only I could sleep less...

[ T: OpenSolaris Solaris ]

(2005-08-03 11:26:40.0) Permalink Comments [2]

Recovery from another hiatus; an smf(5) one-liner

I was out with sick children last week and have been engaged in a form of mental wrestling learning the Dvorak keyboard for the past two—both impediments to concentration, and thus to smooth blogging. Everybody is on the mend; evening wakeups are on the decline. I no longer want to hurl my keyboard across the office; my brain is remapping favourite commands and key sequences. (slrn and ls, which use the fourth and fifth fingers of the right hand (or only the fifth), feel very awkward still.)

There were some interesting smf(5)-related asides in some Slashdot discussions last week. One requires a separate, detailed reply. The other—a request for a single command that hardens your Solaris system—can be answered briefly. There are two answers: one a flip one-liner, one responsible.

The glib smf(5) one-liner answer is:

# svccfg apply /var/svc/profile/generic_limited_net.xml

which applies the "limited networking" profile to your system. This profile deactivates about three dozen services that are active in the traditional install case, including all passwords-in-the-clear login services. There are still RPC and likely other services active on the system that serious system auditors will want to examine. (The limited networking profile was written by members of the Solaris Security Technology group and will be present in the initial release of Solaris 10. And we're now working to make that initial install initially and increasingly secure.)

The more responsible answer is to point out that system hardening requires both minimization and reconfiguration (beyond service deactivation) and that there is a productized distillation of security practices for Solaris in the form of the Solaris Security Toolkit. Although its use might exceed a one line constraint, the toolkit makes fungible years of Solaris hardening experience.

(I'll refrain from describing how the now-integrated IPFilter or tcpwrapper support can reduce the exposure of some of the remaining services. But I will point out that the combination of the least privileges feature and the smf(5) service description's ability to define the appropriate privileges for a service lead to an rpcbind(1M) that cannot successfully call exec(2) (among other things):

# ppriv `pgrep -z global rpcbind`
100220: /usr/sbin/rpcbind
flags = PRIV_AWARE
        E: basic,!file_link_any,net_privaddr,!proc_exec,!proc_info,!proc_session,sys_nfs
        I: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session
        P: basic,!file_link_any,net_privaddr,!proc_exec,!proc_info,!proc_session,sys_nfs
        L: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session

As I noted: increasingly secure.)

(2005-01-24 23:20:34.0) Permalink Comments [2]

Back from scatteredness

August was hectic. smf(5) required care and feeding, as did our newborn Nathaniel. I took a strange kind of quasi-paternity leave, by remaining home Tuesdays and Thursdays. (Don't do this—you're left with very few long concentration blocks on the workdays.) I also took Ben to Muskoka to celebrate a family history centennial, and we all went to Chicago for a memorial service for Dina's father. Plus we had a yellowjacket nest in the walls of our home. I'll write these all up shortly.

But I'm back at work now, and cooking up some entries on smf(5), resource management, and Solaris in general. (And for all of you who've written me in the meanwhile, if I haven't already replied, then I'm probably composing a reply now.)

(2004-09-03 10:16:16.0) Permalink

Another quiet week

There's a sizeable troupe of kernel engineers at the O'Reilly Open Source Convention this week, so once again the office is a little quieter. (Bryan's around, so the office isn't silent.) Most of the blog entries are "the author has left the building" style, but I'm hoping that those of us who remain chained to our keyboards will get an opportunity to read about how the conference is progressing, particularly regarding tonight's birds-of-a-feather session on opening Solaris source.

(2004-07-29 09:37:34.0) Permalink

How not to communicate novelty

Adam seems to have recovered from his initial embarrassment regarding the alleged lack of novelty around describing a Solaris 9 feature. There's no such shame here—I look at S9 at one of our Dangerfield releases (along with S7), that didn't get the respect it deserved. (There's no comparison to S10.)

I mentioned in a previous entry that I wasn't particularly proud of how I had talked about S9RM. In this vein, I dug up a paper I wrote for SUPerG 2001 in Amsterdam. SUPerG is a Sun conference for datacenter customers, and focusses a lot on best practices for large Solaris systems. I was pretty giddy after S9RM wrapped up, and wrote a paper to present there, on the various mechanisms we envisioned and were in the process of implementing. It was received very quietly.

While I was writing the paper, I was trying out various text analyzers. One that I used was the Lingua::EN::Fathom module, available at CPAN. The results?

13 $ perl fathom.pl superg-2001-paper.ltx
[ ... vocabulary list elided ... ]
Number of characters       : 19918
Number of words            : 2865
Percent of complex words   : 26.21
Average syllables per word : 1.9763
Number of sentences        : 104
Average words per sentence : 27.5481
Number of text lines       : 353
Number of blank lines      : 101
Number of paragraphs       : 69

READABILITY INDICES

Fog                        : 21.5044
Flesch                     : 11.6817
Flesch-Kincaid             : 18.4737

The Fog scale informally corresponds to the number of years of education an average reader needs to read the text once and understand it. (21.5 is somewhere in graduate school.) The Flesch scale rates text on a 100 point scale; higher is better, with 60 being a reasonable target. (It's safe to say that 11 is not in the vicinity of 60.) The Flesch-Kincaid is meant to correlate roughly with the U.S. school grade: 18 (graduate school again) is bad. The indices agree: this text is not good, or clear, writing.

So this document is a pretty solid indicator that, indeed, I didn't do a good job explaining the value of resource management. For posterity, I'm making the paper available. Now I work harder on not having sentences that are more than twenty seven words long, or use 25% complex words—and if there's a resource management topic you would like to see examined, feel free to tell me and I'll try to write something understandable.

And, yes, Tim and Andy are blameless.

(2004-07-12 17:49:27.0) Permalink

Quiet in the office

With the DTrace folks at the USENIX Technical Conference, a contingent at JavaOne, and the remainder focussed on finishing their work for Solaris 10, it's pretty quiet at the office. Oh, except for the fact that my team's multi-year project is wending its way through the final stages of the processes surrounding Solaris integration. Checklist, checklist, test transcript, architectural updates, performance results, status meetings. And maybe one or two more checklists. But we're almost there.

(2004-06-28 22:56:09.0) Permalink Comments [2]