Tuesday, April 26, 2005

Simple DTrace

One of the headline features in Solaris 10 is DTrace, allowing you to probe the inner workings of a system in more detail than ever before.

I'm no expert, but I like some of Brendan Gregg's DTrace Tools.

In fact, my favourite so far is execsnoop.

(I think this says rather more about the sort of activity on my systems than anything else. We don't run significant databases or servers; many systems run random junk. Desktop use; development use; loads of badly written shells scripts. And I don't need DTrace to tell me that most of the compute applications are awful.)

So execsnoop tells me how badly written some of this scripting is.

The worst I've found so far is mozilla. This isn't a binary - almost 60 shell commands happen before the mozilla binary is reached. And essentially all this scripting is completely pointless - the parameters that are being set are fixed and don't need to be worked out afresh each time you launch it.

Another interesting thing I spotted was uname being run when I logged in. This turned out to be my tcsh startup working out what sort of machine I was using. It turns out that tcsh already knows exactly what sort of system it's running on. The OSTYPE and MACHTYPE environment variables tell you all you need to know. I knew this already, of course - but DTrace revealed that there was one place I had missed. (And also - in tcsh you don't need to exec any comands to set a dynamic prompt: tcsh has builtin variables you can use.)

I've also found unnecessary duplication of work in various system monitoring shell scripts, and lots of simple cases of inefficient coding. Most common things I see are excessive calls to uname (often generic scripts finding out that they're using Solaris, which they ought to have known already) and excessive use of expr (either learn to iterate over $# correctly, or rewrite in a more advanced shell like ksh that can do arithmetic).

In short: try leaving execsnoop running and see what stupidities show up!

Friday, April 22, 2005

Can Sybase get it?

At ZDNet: � CEO John Chen sees open source in Sybase’s future:

Sybase has a free version of its high-end database for Linux

However, as I commented on the BTL blog entry, this comes with limitations. In fact, the same limitations I've complained about recently.

Come on Sybase! If you really want to drum up business, have the same deal for all operating systems - Solaris in particular.

As it is, we're just moving to MySQL, which is free on all platforms.

Envy

There's a slightly imperfect press release: Sun Announces Dual-Core Technology Across Entire x64 Server Product Line.

For one thing, Sun's x64 server product line consists of two models in its entirety, and even then they've only actually announced dual-core on the V40z. Ho hum.

I still want one!

One of the annoying aspects of working at an institute facing imminent closure is that we simply can't get access to any of the exciting new technology that's emerging. Hence the title, which describes how I feel right now.

Monday, April 18, 2005

Is Linux becoming Windows?

From ZDNet: � Is Linux becoming Windows?:

Some people are starting to think so. There is support for so many features in the Linux 2.6 kernel that it may be getting so fat as to be unstable.

The Open source community that's seeing a problem is CA. Not the most obvious Open Source Company. Mind you, they seem to be getting their fingers into a lot of pies at the moment.

Now, sure, I see the logic that says you can build yourself a custom kernel. But you shouldn't have to mess like this - I still can't understand why Linux can't accept a stable driver ABI and make every kernel feature a loadable module (and have it support loadable modules for 5 years or more). After all, Solaris can do it, why can't Linux?

Actually, I don't think it's just restricted to Linux, or the Kernel. I see other open-source projects getting to be more like windows, in terms of bloat and complexity - modern desktop environments spring to mind.

Oh great...

Yikes: Mozilla flaws could allow attacks, data access | Tech News on ZDNet:

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox open-source browser.

Oh dear, let's get downloading away!

Are upgrades viable?

In an article: Choosing an upgrade path from Windows 98 the author describes how to:

...give a new lease on life to aging laptops and PCs by replacing obsolete OSes such as Windows 98 with a combination of Linux, free open source applications, and inexpensive commercial software.


OK, good idea. But how viable is this in practice? The argument goes that they aren't good enough to run Windows XP, but make brilliant machines to run Linux.

Frankly, I don't see this working. My experience of all modern desktop environments and applications is that they're bloated with significant memory and CPU requirements. We're talking about using applications like openoffice, crossover office, KDE, Gnome - and I wouldn't want to run any of them on an ancient machine.

As I see it, new hardware (or even nearly new) is dirt cheap, and the cost of making the old stuff work, and supporting it, and the time lost due to it being slower than a new machine, makes the idea of trying to re-use old machines financially unattractive.

Bad Journalism - Janus non-article

In this article, it says (about Janus):

Customers who want the stability and security of the Solaris Operating System and the flexibility to also use Linux applications won't have to wait much longer.

So, where is it? Now, I wouldn't mind having Janus available - and soon - but at the present time I haven't actually seen any sign of Janus.

Where on earth did this article come from anyway? It looks like a straight ripoff of a 6-month old Sun feature story, without correct attribution, and makes it out as if it's current news.

(Mind you, over 6 months after that Sun article appeared, still no Janus.)

Thursday, April 14, 2005

Pssst... Free Linux! Only $799!

Paul Murphy has a story: Pssst... Free Linux! Only $799!. Note that the point he's making isn't against Linux, or even Red Hat - it's against suppliers of hardware and software that essentially force you into paying for an expensive Red Hat license that you don't want.

The nub of it is:

If your application vendor only supports one of the Red Hat enterprise editions and this obligates you to pay at least $799 for your first year, is it still free?

Of course not, and remember - it's not Red Hat's fault. It's the other vendor adding a bad dependency that is the problem.

We have a system bought to run a particular piece of commercial software. This software used to run on SGI boxes running IRIX. And any old SGI would do. But our O2s were getting a bit long in the tooth and not really up to it, so they offered to let us transfer the license to Linux. Which is where the trouble began. The vendor's spec for the machine didn't put it in the bargain basement category, and we had to get a Red Hat Workstation License - not cheap - and a fancy quadro card - not cheap either.

Even worse is that we had to use Workstation 2.1. The application just refused to work - point blank - under 3.0. (What is it with Linux compatibility between releases? Don't the distribution builders or application suppliers care? I have applications running flawlessly under Solaris that are 15, 20 years old. God I love Solaris.)

Which is another common point - many commercial applications seem to want a Linux version that is, to put it nicely, antique. Red Hat 7.2 is pretty common. I don't understand why this is. Is it that it doesn't work under newer releases (often, yes, unfortunately)? Can't they be bothered to get it working under something newer (who knows)?

(This phenomenon isn't restricted to Linux. We've had the same problem in the past with commercial applications under Solaris not supporting current versions. Or even Sun stupidly not supporting their own hardware under current Solaris [think back to the disaster of the Sun Blade 1500 and Solaris 9 - ours sat in their boxes for 6 months because Sun couldn't be bothered to get Solaris 9 running on them - and that after delivering them months late]; or Sun not supporting their own products on Solaris 10 yet [or Solaris x86] - think SunRay.)

Overall, this is the biggest beef I have with commercial application software. Not it's quality, or price, or anything religious about licensing. Simply the fact that they force you into a straitjacket when it comes to configuring your system, and that hurts.

Tuesday, April 12, 2005

More dubious methodology

In this article: Linux servers praised for security - ZDNet UK News we discover how they worked out this fascinating conclusion:

Over 6000 software development managers were asked in a survey conducted by BZ Media to rate the security of server operating systems

Oh great. So, being that software development managers obviously know all there is to know about operating system security, we can all sleep soundly in our beds knowing that reports like this are based on expert fact.

Or was it clueless opinion?

(I have nothing against software development managers. If I needed someone to manage software development, that's precisely who I would likely turn to. But the more I discover about the methodology used in some of the reports currently appearing, the more I treat those reports as a joke.)

Industry to adopt open source constitution - vnunet.com

There's some coverage on vnunet.com of the CA plan to simplify the open source licensing nightmare.

It's not clear to me how the CA plan will necessarily work. Sure, it's nice that they're thinking about something like CDDLas the foundation, but how will an infinite number of variations of the CDDL help?

The article also contains the following misleading statement:

To deal with those issues, Sun Microsystems has created the CDDL for the release of the Solaris 10 source code, and Computer Associates formed CA-TOSL when it released its Ingress database last year.

But this has led to a proliferation of open source licences and caused confusion with both end users and developers.


Let's be absolutely clear here: the CDDL and TOSL didn't create the license proliferation problem. It already existed - these new licenses didn't suddenly create a problem. The fact that new licenses needed to be created is symptomatic of the problem, and the CDDL is explicit in identifying the problem and taking steps to address it. Blaming it for being the cause simply won't wash (but then, when did shooting the messenger ever go out of fashion?).

IT Observer - Mozilla: The Honeymoon is over

According to IT Observer Mozilla: The Honeymoon is over. One snippet:

But then it may be asked is it really within the remit of a browser to guarantee Internet security. Are we asking too much? We don’t expect our browsers to block viruses, spyware or malicious scripts so why should we have such high expectations for their security capabilities.

It's not a case of guaranteeing security. I expect security by default. And I don't expect my browser to block viruses, spyware or malicious scripts - I expect that a web browser should be immune to them, so that blocking is irrelevant.

I don't often get decent security by default, mind you.

On my home PC, with Windows XP, for a couple of days when I first got it I was using IE (just until I got round to installing Netscape and later Firefox). And just a couple of days using IE was enough to persuade me never to do so again. Something that will allow a web site to randomly install software on my machine without even bothering to tell me has no place on my machine. I currently have IE set up so that everything except windows update is run at the highest possible security setting, and don't use IE anyway as I have something other than IE as the default browser. Since then, I've been trouble free. (And I don't read mail on my PC with anything - I ssh onto a Sun box and use good old ucb mail for that.)

Are the unix variants maintaining the high ground in terms of security? On the server side, I could honestly argue that they are. I'm not at all sure that this is true on the desktop, though. The problem I see here is the increasing complexity of desktop environments, with tight integration and extra services opening up new avenues of attack (or the same sorts of avenues that have been present on Windows for some time).

Monday, April 11, 2005

Dubious Testing

I was reading an article: Study Finds Windows More Reliable than Linux.

One thing that caught my eye was the testing methodology:

During the test, VeriTest also initiated a series of events that broke or disabled various system services in the administrators' test environments, which remained down until they were fixed by the administrators.

and then the conclusion is that it took longer to fix the Linux system than the Windows one.

The staggering thing - to me - is the idea that systems breaking down is normal. I'm sure we must have service failures, but they're incredibly rare on my Solaris machines. In fact, so rare that I'm really having trouble trying to think of one that wasn't a direct and obvious result of hardware failure. The Linux machines seem to need a kick once in a while, but the Windows machines generate a constant steam of calls along the lines of "help - my machine's stopped working! again!".

It's not just how quickly problems can be fixed, it's how often they crop up. (Both MTBF and MTTR enter into the equation here.)

The fact that Windows gets repaired quicker may simply be a reflection of the fact that Windows admins have more practice fixing problems...

One example from personal experience. We used to have a couple of RS/6000 machines running AIX. These were astonishingly reliable. (They were a pain in the neck because, while they were really fast, most applications we ran on them had to be ported, so we had to have a dedicated person to not only do user support for those applications, but also to port and test them. So when he left we had to move the applications onto Suns, where they compiled and ran without any effort. But I digress.) So reliable, in fact, that I had to log in to them maybe once a year to do some minor housekeeping. The fact is, I got so little practice in looking after them that I was starting afresh from my manual and course notes every time, and there was a slight delay before I found the right place in SMIT (and it's not as if the AIX commands are identical to Solaris).

And, of course, if the systems in the test were running Solaris 10, the chances are that SMF would have silently fixed the problems in no time at all.

&@#^ serial connections

If there's one thing I hate it's serial connections and the monstrosity known as RS-232.

Whoever invented this beast I don't know, but the whole thing has caused me no end of trouble over the years.

For starters, there's the question of finding something that's got the right connector on it. OK, so there are reasonably common connectors like 9-pin and 25-pin, but then you have male and female, and Sun have at times combined two serial ports into one so you need a splitter. Modern systems might have RJ-45 connections. And then is it straight through or crossover? Whatever, it's a matter of luck if it ever works. Or sacrificing an intern or two.

But then there's older stuff - this morning we (ourselves plus Sun engineer) were trying to connect to the serial port on an A3500 controller, which has a 15-pin gadget that looks suspiciously like an old AUI ethernet port. Apparently there's a special cable that you can get if you are ever unfortunate enough to need to connect to the serial port on an A3500, but we don't have one. (For all I know, Sun might just have the one cable - I can imagine it being passed from engineer to engineer like an ancient relic, and who knows whether it was blessed or cursed.) So the A3500 is still sick.

Still, it could be worse. I reckon I'm cursed when it comes to serial connections, printers, and scanners. Trust me on this: you really wouldn't want me going anywhere near a fax machine!

Friday, April 08, 2005

Welcome Stephen Harpster

As Ben Rockwood noted, Stephen Harpster has started blogging.

Stephen noted in his blog that there had been some concern over his taking charge of OpenSolaris. I spoke to Stephen in San Francisco a month ago and, like Ben, I came away confident that Stephen is one of the good guys and that OpenSolaris is in good hands.

(Mind you, I would have loved to have been able to get back to SF for the CAB launch and OSBC. I really envy those guys who are on the spot.)

Sun shooting themselves in the foot

So Sun recently announced that they're going to restrict access to certain sunsolve features and the system handbook to contract (paying) customers only.

Frankly, this is daft. This is a valuable resource that is also highly valuable to potential customers. Sun is telling them to take their custom elsewhere.

Not only that, I'm a paying contract customer and I'm locked out. What on earth are they trying to do here?

Thursday, April 07, 2005

Sun VP Tom Goguen Discusses Evolution of OpenSolaris

So Tom Goguen was interviewed about OpenSolaris.

OK, so I thought I would take some of the questions and give some brief answers of my own:

LinuxInsider: What expertise do the Advisory Board members bring to the OpenSolaris initiative?

It's sort of difficult to answer this. We're heading out into uncharted territory, but I think we've got a good mix here. A Solaris insider, a Sun open source advocate, and a couple of community members of wide experience and great enthusiasm. I think it's the variety of expertise that's important - we really don't know how opensolaris is going to develop, and exactly what the role of the CAB is, so we'll just have to get some smart guys and see how it plays out.

My own view here is that Roy Fielding is going to play a crucial role in defining the character of the CAB and, by extension, the operation of the OpenSolaris community.

LinuxInsider: Do you see strong community support behind OpenSolaris initiative today?

Oh yes. And I'm surprised how varied it is. We have the usual suspects from the Solaris community, but also significant and active involvement from outside the traditional Solaris base.

LinuxInsider: Analysts have said of one of the hurdles that the Advisory Board will face is making it easier for developers with a computer science background and no prior Solaris coding experience to actually do a Solaris build. How will you get over that hurdle?

I would like to know which analysts said this sort of thing, because doing a Solaris build is easy. Plenty of pilot members successfully built and installed OpenSolaris as soon as we got our hands on the code.

I don't have any particular Solaris coding experience either. Having worked with bits of the code, I've found it very easy to understand what's going on and to make modifications. There's a lot of code here, though, and it takes a little while to work out how the whole fits together. But that's true of getting to grips with any piece of source you're not familiar with.

Wednesday, April 06, 2005

Job Hunting

Later this year (August 24th to be precise) I'm going to be out of a job.

This isn't coming as a surprise. The capricious decisions of funding bodies are well known, and it's been 18 months since it first became clear that the place I work wasn't going to get funded.

So what to do? The severance package isn't to be sneezed at, and I haven't yet seen anything sufficently attractive to be worth turning redundancy down. So I'm going to hang on till the end - and expect to be busy keeping systems running while decommissioning as much as possible and setting up those researchers moving elsewhere.

Family commitments limit me to Cambridge (so we're not moving or emigrating). Or within an hour or so travelling - which could include some parts of London. Fortunately the area isn't a technological wasteland. And I don't mind travelling, using home as a base.

I really want to stick with Solaris, at some level. It's what I know, and what I enjoy. And I'm reasonably confident that some part of the University or some research group will need someone like me.

Should I stick to regular employment though? Or should I think about consultancy?

At least, with a redundancy package, I have the luxury of being able to wait a while rather than having to take the first thing that comes along just to pay the mortgage. Or I can try something different and be able to pull out if it turns out to be a mistake.

So, if anyone reading this has an interesting Solaris/OpenSolaris project that could use someone in the Cambridge (UK) area later in 2005, let me know!

Tuesday, April 05, 2005

OpenSolaris CAB

Sun have announced the members of the OpenSolaris Community Advisory Board.

It looks good. Solid. Professional. Nothing too flashy. Basically, I trust these people.

And I can claim to have met two of them, even. Casper briefly at a Solaris 10 meeting over a year ago, and Rich in a former life of his through SunService here in the UK.

Simon Phipps has talked about the process the CAB is going to go through. This is uncharted territory, and these guys are going to steer us through it.

I think Sun have done well with a difficult balancing act. Clearly, as the foundation for Solaris, there needs to be some measure of control by Sun on the way that OpenSolaris develops. And yet they are absolutely committed to opening up. In fact, many people I know are really concerned that Sun are giving up too much control and that the core values of Solaris will suffer. I don't think that will happen - most of the Solaris and OpenSolaris community have the same values, and so the mainstream OpenSolaris will keep many of those values. Meanwhile, there will undoubtedly be criticism from outside that Sun have chosen the majority of the CAB and the community members are pretty partisan too. And that's fair enough. But, remember: OpenSolaris is open source, and anybody is free to take it and set up a project of their own outside of the CAB's governance if they so choose.

Monday, April 04, 2005

Cleaning up Solaris with removef

On Solaris, you can manage packages with the pkgadd and pkgrm commands. Those operate at the level of packages. What if you want to work at a finer level of granularity?

The removef command allows you to delete files, rather than packages.

So, for example, I want to remove the (very broken) copy of cc in /usr/ucb. One possibility is to remove the package (SUNWscpu) that contains it, but that removes the whole of /usr/ucb which could stop a lot of scripts working and removes some useful commands as well.

So, how do we remove /usr/ucb/cc cleanly?

If we look in /var/sadm/install/contents we can see that it's only used by the SUNWscpu package:

# grep /usr/ucb/cc /var/sadm/install/contents
/usr/ucb/cc f none 0555 root bin 3487 14483 1106351583 SUNWscpu

This means that we don't have to worry about dependencies, or other packages. So, we tell Solaris that we want to remove the file:

# removef SUNWscpu /usr/ucb/cc
/usr/ucb/cc

It prints out the names of those files you can remove. (If the file were also part of another package, you wouldn't be able to delete it.) This doesn't do the delete for you, it just marks it in the contents file:

# grep /usr/ucb/cc /var/sadm/install/contents
/usr/ucb/cc f none 0555 root bin 3487 14483 1106351583 -SUNWscpu

OK, so we can go and delete it for real:

# rm /usr/ucb/cc

And then we have to get Solaris to clean up the install database:

# removef -f SUNWscpu

And, yes, it's no longer listed:

# grep /usr/ucb/cc /var/sadm/install/contents

Alongside /usr/ucb/cc, it's an excellent idea to also eradicate /usr/ucb/lint and /usr/ucb/ld (and pkgrm the SUNWsrh and SUNWsra packages).

Note that, while useful, this technique isn't safe against patches, updates, and upgrades. They'll cheerfully put a copy back for you.

Sunday, April 03, 2005

The numbers game: RHEL vs Solaris

In a eweek article: Red Hat Tops Its Records in Revenue, Sales, we get the snippet:

Red Hat's gains and Sun's losses

On the other hand, we have some actual numbers: Red Hat have 175,000 licenses (new and renewed) over the year. And Sun shipped over a million copies of Solaris 10 in less than 2 months.

Let me get this sorted out. Who's winning here?

Friday, April 01, 2005

Record Uptime?

This ought to be an April Fool's Joke, but isn't:

% uptime
4:37pm up 36894 day(s), 3:59, 0 users, load average: 1.02, 1.02, 1.02

Beat that!

(This is on my dual Opteron running Solaris 10, and apparently is a manifestation of bug 6247281.)