The Blog of Ben Rockwood

Using RBAC on (Open)Solaris

30 Sep '05 - 23:20 by benr

The second worst thing a sysadmin can be asked for is the root password on a system[1]. Generally there are a small handful of things the user (namely DBAs) need to actually do as root, the rest of the time they tend to just be lazy and use root rather than setup permissioning properly. The classic solution to this problem has been "sudo", by which you can either allow users to access certain specific commands as root, or alternatively let them access everything as root, but in both cases the user is identified and logged. Of course, the worst thing that a user with root access can do is log in as root, such that you have to guess based on IP which user is actually messing with your system.

Trusted Solaris 8 introduced an alternative to "sudo", known as Role-based Access Control, or RBAC. RBAC is a flexible method of dishing out permissions in a variety of ways. RBACs chief advantage of "sudo" is that its fully integrated and supported by Sun, rather than a 3rd party unsupported package. However, sudo is simpler to use, more widely used and known, is portable, and has an excellent logging mechanism. Lets see if we can't change some of this.

When using RBAC we want to first clarify some concepts and definitions, namely: Users and Roles, Authorizations and Rights. Notice that I group these together. Lets define these:

User: A plain ol' user account, who can login, and do everything you expect.
Role: Similar to a user, but is not allowed to login, can only be accessed via "su" allowing a user to assume a role.
Authorizations: A named permission, which can be used by applications that adhere to the Solaris permission system.
Rights: Description of access to execute a specific executable as a privileged user (typically root)

Both Users and Roles can be assigned rights and authorizations, but because a role can't login to the system your ensured that any user assuming a role is identified. In all other respects a role is just like a normal user, able to have its own home directory, shell, etc, which is useful in instances where you want to have certain environmental variables set prior doing something as that user, plus unlike "sudo", you don't have to append each command with "sudo". Roles are so flexible, in fact, that in Trusted Solaris root itself is a role. Something that you can do as well on Solaris10. Roles are specified in /etc/passwd, just like users, except that they use one of the "Profile" (RBAC) aware shells: pfsh, pfcsh, or pfksh.

Authorizations can become confusing when looking at RBAC. They are specified in /etc/security/auth_attr. Here is an example:

solaris.system.shutdown:::Shutdown the System::help=SysShutdown.html

You'll notice that this line isn't terribly informative. Its merely mapping an authorization ("solaris.system.shutdown") with a description and a pointer to the help file. So where do I find out where that authorization is actually mapped to something? The answer is you don't, its application specific. If an application is written to be authorization aware it gains the ability to use this fine grain authentication method. Many of the Solaris tools are able to leverage these authorizations. You can use them in your own applications by using the getauthattr() function. [See getauthattr(3SECDB) for details.]

Rights, on the other hand, are much more "sudo-like". They are specified in /etc/security/exec_attr. Lets look at some example lines:

DHCP Management:suser:cmd:::/usr/lib/inet/dhcp/svcadm/dhcpconfig:uid=0
Zone Management:solaris:cmd:::/usr/sbin/zoneadm:uid=0
Zone Management:solaris:cmd:::/usr/sbin/zonecfg:uid=0
User Management:solaris:cmd:::/usr/sbin/useradd:euid=0

So in these examples your mapping a specific executable (zoneadm for example) with a profile name (more on this in a minute), and the permissions the executable should be executed as (uid 0 for example). You'll notice one line above specifies "suser" in the second field while the others use "solaris", this defines the security policy associated with the executable; solaris is used for executables that understand the Solaris privileges system and suser for those that don't. For details on the solaris privilege system have a look at the privileges(5) man page.

Now, with that out of the way, we can group authorizations and rights into profiles. Profiles don't do anything except to allow us to group things nicely. They are defined in /etc/security/prof_attr. Here are some examples:

Operator:::Can perform simple administrative tasks:profiles=Printer Management,Media Backup,All;help=RtOperator.html
User Security:::Manage passwords, clearances:auths=solaris.role.*,solaris.profmgr.*,solaris.admin.usermgr.*;help=RtUserSecurity.html
Zone Management:::Zones Virtual Application Environment Administration:help=RtZoneMngmnt.html

If you look at these 3 examples you can see that the first field specifies the profile name itself, then a pretty description is listed, and the last field is an HTML help file. Between the description and helpfile we can specify authorizations that are associated with this profile, these come directly from the auths database we just looked at (/etc/security/auth_attr). Along with authorizations profiles can also be associated, such as the "Operator" profile above that groups the "Printer Management", "Media Backup" and "All" profiles together under a single easy to assign profile.

Now, look back at the rights database example for just a moment, you'll note that the first field of each line in that database is a profile name. This is why some profiles in the profile database have nothing associated with them at all (such as "Zone Management" in our example above), the associations are actually made in the rights database.

So, to briefly review the files we've looked at so far:

/etc/security/auth_attr: Database mapping Solaris Authorizations to descriptions, which can later be added to Profiles.
/etc/security/exec_attr: Database mapping Rights to Profiles.
/etc/security/prof_attr: Database mapping Profiles to Authorizations and other Profiles.

Now that you understand those you can now start associating these authorizations, rights and profiles with users and roles. This is done in the /etc/user_attr database. Lets look at an example:

root::::auths=solaris.*,solaris.grant;profiles=Web Console Management,All;lock_after_retries=no
myrole::::type=role;profiles=All

Looking at the root example, you can see that here is where we associate authorizations, rights, and profiles to users and roles. The mappings in this file can be done via direct editing or by using the "usermod" and "rolemod" tools.

Lets take a quick example. Say that I want to manipulate SMF services without having to become root all the time. I notice that SMF has authorizations in the /etc/security/auth_attr database, as well as 2 profiles that map those authorizations in /etc/security/prof_attr. I can associate the auths directly with my user account or use the profiles, but for cleanliness I'll use a profile. So lets try it:

benr@monolyth benr$ svcadm disable svc:/network/talk:default
svcadm: svc:/network/talk:default: Permission denied.

Now I add the following line to /etc/user_attr: "benr::::profiles=Service Management". Lets try it again.

benr@monolyth benr$ tail -1 /etc/user_attr
benr::::profiles=Service Management
benr@monolyth benr$ svcadm disable svc:/network/talk:default
benr@monolyth benr$ svcs svc:/network/talk:default
STATE          STIME    FMRI
disabled       15:10:17 svc:/network/talk:default

Kool. Now I can bring services up and down without having to become root all the time.

If you look at the argument list to the useradd and usermod commands you'll notice that right there are arguments for associating authorizations (-A) and profiles (-P), as well as linking users to roles (-R). You can play around and do all kinds of stuff.

Is this better or worse than sudo? Thats for you to decide. Clearly it has its advantages. Using Solaris Authorizations profiles a fine grained permissioning scheme that is superior in many ways to the on/off black and white world of UNIX permissions, but of course is dependent upon whether or not the application your accessing understands them. In my opinion, however, sudo has two things up on RBAC: first, each user has to enter their own password (if configured) before executing the command in question which is a nice "You better know what your doing" message to the user, and secondly all commands executed with sudo (if configured) are logged by syslog making a nice audit trail. RBAC integrates "nicely" with Solaris BSM Auditing (Basic Security Module) but honestly thats getting your hands way dirtier than you typically want to. So, there is give and take, but RBAC is already there and fully supported which definitely makes it worth while. You be the judge.

For more information about RBAC, check out these resources:

System Administration Guide: Security Services - 19. Role-Based Access Control (Reference) (Best place to look.)
Role Based Access Control and Secure Shell - A Closer Look At Two Solaris Security Features[PDF] (BluePrints)
RBAC in the Solaris Operating Enviroment[PDF] (White Paper, very good.)
Great RBAC resource page

[1]: The first worst thing that a user can ask for is how to do something they should know how to do, such as failover clusters, restart services, shutdown databases, etc. Its bad enough that they have root access, but knowing how to use it is even worse. ;)

Posted in OpenSolaris | two comments, already

New Kenwood HT

23:17 by benr

Looks like Kenwood has released a new HT into the world, the TH-K2AT 2m HT. Its s stylish rig, 2m only, 5W rig with all the standard bells and whistles. Word is that its nearly indestructable, as you expect a 2m only rig to be. One strange thing is that its actually sold in 2 diffrent setups, one with the Ni-MH battery, another with only a AA dry cell enclosure. eHam's reviews are positive, minus the normal "mine didn't work" report on occasion, which is normal fare.

Frankly, it doesn't seem like great value to me. With a list price of $179.95 its running really pricy for a 2m HT. Most shops online are selling it closer to $160, but that still pretty high. Personally I don't expect to pay more than $100 for a single band HT. Nevertheless, its a Kenwood, legendary for quality and features. The only thing that stuck out to me was the inclusion of an internal VOX, which is something not often seen in this class or rig (but handy for fathers needing a makeshift baby monitor... which I did last weekend with my F6A when I was in LA).

The competition to this rig clearly seems to be the Yaesu VX-150 which is better value, and as Nova has proved on many occasions, simply indestructable. But, Yaesu recently released the new VX-120 and VX-170 2m HT's, which are a middle ground between the VX-150 and the innovasions of the VX-7R. Both these new Yaesu's are fully submersible, include WiRES-II (VoIP) support, and have goodies normally only found on their bigger dual band brothers. The only diffrence between the two is that the VX-120 has 8 buttons, while the VX-170 has 16, just like the VX-110 and the VX-150. Even with these two new rigs, I still like that the VX-150 has a screen that was mounted closer to the top at a 45deg angle, for easy viewing when in a pouch or pocket, so I'm not looking to replace the VX-150 any time soon. (You can order the VX-170 from Gigaparts... screw HRO.)

Either way you look at it, Kenwood still has the best HT's around, hands down. The TH-F6A is the most versital HT on the planet and its brother the TH-D7AG is a geeks best friend with that built in TNC (a TNC is a radios version of a modem). Pair either of those rigs up with a Kenwood D700 in the car and your in communications heaven.

Posted in cuddletech | seven comments, already

Solaris 10 Update 1 Enters Beta Program

01:20 by benr

If your a member of the Sun beta program you'll be interested to know that they are now accepting applications for Solaris 10 Update 1 testing. I'm not sure how much I can or can't say about whats exactly in Update 1, but I doubt there is harm in at least letting it be known that its being tested and coming soon. I will say that Update 1 is going to be a very important release and one that I'm looking forward to deploying.

The beta program portal can be found here at feedbackprograms.sun.com.

Posted in Solaris | 93 comments, already

Red Hat Shares rise by nearly 30% in a day

29 Sep '05 - 15:35 by benr

Red Hat (RHAT) shares surged nearly 30% in trading today, closing at $21.44, a gain of $4.93 from yesterdays close. Word is that revinue in the quarter ending Aug 31st totaled $65.7 million, with a net profit of $16.7 million, or 9 cents a share. Red Hat is further reporting that they are on track to beat analyst expectation moving forward.

Sun, on the other hand, closed at $3.87, down a penny, a far cry from the $4.10 share price that we touched on the release of Galaxy.

Posted in cuddletech | 121 comments, already

Stargate Atlantis Season 1 DVD

28 Sep '05 - 16:14 by benr

The Stargate Atlantis - The Complete First Season is finally coming to DVD. Pre-orders are avalible now with the box set coming on November 15th. 5 disks total. Its about time. I caught most of it, but with 2 young ones I didn't always catch all of it. In fact just last week was the 2nd season finale and it didn't disappoint. Frankly I think Stargate Atlantis is the only decent show on TV these days and certain the only Sci Fi show still in production that I enjoy. Even Stargate:SG1 sucked, imho. I mean whats with the big angry black guy with puff paint on his forehead always being pissed off? He's like a Kligon without style. The SG1 dialog is bad, the plots are boring and repedative, and it just gets tired. Sure the movie was kool, but the show blows. But, SG:A is perfect. The dialog is realistic, not overdramatised, the charrectors are believable and likable, the effects are seemless (nothing beats the stargate in orbit!), and its just a show that delievers what you want. I like that fact that when something sucks, Sheppard will actually say "Well, that sucks." Every charrector is just about perfect, the only one I didn't like was Ford, but he's sorta been dealt with.... but we'll find out what happens in Season 3. Tayla is alittle over the top sometimes, but she's supposed to be. But, come on, ya just gotta love McKay. Check out this from his acting bio:

Hewlett became hooked on acting while hiding behind a couch in Selsey, England, watching "Dr. Who," where he realized that being a 'Time Lord' was impractical and not as well paying as acting like one. Hewlett connected with several fellow sci-fi geek friends at the age of 15 and started making short films. He still runs with the same crowd, having made the feature films "Cube," "Cypher," and "Nothing" together.

See? McKay rules.

Posted in cuddletech | 106 comments, already

AMD in the Enterprise Online Event

12:48 by benr

AMD has put online an online event similiar to Sun's quarterly Network Events. Featured today is Sun, including chats with John Fowler and Andy Bechtolsheim. Other speakers include Andy Mendelsohn of Oracle, and Reed Smith of EDS. Check it out, every professional and very kool. (Did I mention free Tshirts?)

Check out the AMD Online Event.

Posted in Sun | 109 comments, already

DTrace on FreeBSD Milestone

27 Sep '05 - 23:15 by benr

Our very own Mr. Devon H. O'Dell (aka: dho) has made some amazing progress on bringing DTrace to FreeBSD, but I don't wanna steal his thunder so go learn more about it in Devon's Blog and on the brand-spankin' new FreeBSDtrace homepage. (Read his blog first.)

If you've never heard of Mr. O'Dell before you'd be amazed at what he's accomplished already in life. He's already co-authored 2 books on PHP (one of the is pictured above, the other went out of print), proved himself as a world traveller, established himself in the PHP community, *BSD community, Plan9 community, and OpenSolaris community, and proved to the world that life is best lived in a Beastie suit. (He wears the FreeBSD Daemon suit at confrences.)

Devon's a rising star to be sure, right here in the Silicon Valley... and definately someone to keep your eyes on. You can read his blog on his website sitetronics.com.

Posted in OpenSolaris | seven comments, already

OpenSolaris Invades Brazil

14:16 by benr

Simon Phipps just reported on the OpenSolaris Marketing Community List that OpenSolaris has got a cover story in Brazil's favourite Linux magazine, complete with all 4 install disks! Way kool!

Out of curiousity... ever notice that American magazine covers are pretty boring compared to those of the rest of the world? Its probly a good thing though.

Posted in OpenSolaris | 123 comments, already

Scribus on OpenSolaris

26 Sep '05 - 19:22 by benr

Mr. Ken Mays has recently packaged Scribus, the GPL Desktop Publishing tool, version 1.3.1 (CVS) for Blastwave and asked me to give a try. (Pkg avalible here.) If you've never used Scribus before, think of it as a cross between Adobe PageMaker and Adobe Illustrator. Here's my review:

Scribus 1.3.1 runs well on Nevada B18/AMD64. The user experience is good. Definately the most mature and well rounded Desktop Publishing application on any UNIX platform that I've used. Other applications, such as Sodipodi or OpenOffice are well suited to graphics or text layout but neither do both well, and using the applications together can become tedious. For this reason I still tend to do things the "old fashioned way" and simply use GIMP and vi in connection with various established text-based publishing methods such as DocBook and LaTeX. Various parts of Scribus could still do with some polish, namely the layers dialog, but in general the quality and profesionalism of the application is beyond expectation.

The only bugs, per se, that I ran into felt like toggle issues, such as opening the properties dialog and then closing the window. The next time you selected properties nothing happened. You then had to do it once more to open the dialog, as though when you bring up the properties your just toggling the window and because I didn't toggle it off I had to punch it and extra time to reset it.

As a test I created a little mock flyer for the Silicon Valley OpenSolaris Users Group. Its just text pasted in from the SVOSUG community page with 2 images added and edited in. You can check it out here.

Scribus fills a big open gapping hole and is really an amazing app. Give it a shot.

Posted in OpenSolaris | 106 comments, already

"Everybody Hates Chris" Pilot on Google for Free

18:46 by benr

After reading the results of the Code Jam I swung by Google Labs, and sitting there on video.google.com is the entire 22 minute pilot for the new TV show "Everybody Hates Chris". As I've said before, I'm not big on TV, not so much because I'm a luddite or anything, just that there is a massive lack of decent content. A show about Chris Rock's childhood probly wasn't gonna be a big draw, so I was skeptical, but wtf, might was well have a look. Suprisingly the pilot is pretty good! Its clean. Its family oriented. Its a pleasant show to watch. Go figure. It's sort of like the "Wonder Years" (which was a great show) but with a comedic twist, but not so slapstick or outragious as you'd expect. All in all, its just balanced. Not was I expected at all. Most of the plot comes direct from his standup (such as the big peice of chicken). If you've been wondering why Scrubs is the only watchable non-SciFi show on TV, check it out, you might just like it.

Oh, and it plays just beautifully on OpenSolaris.

Posted in cuddletech | 95 comments, already

SledgeHammer on DVD

17:12 by benr

It just feels like this is gonna be a slow week. Maybe it will be, maybe it won't... but either way, if you need some pick-me-up this week I'd suggest one of my favorite TV shows:

Never was a more entertaining show made. I generally hate TV, but SledgeHammer ruled the 80's for the two seasons it was on. The DVD was released a while back (I picked it up the day it released) so you can probly find some good deals on it. 4 disks per season, crammed full of Sledge goodness.

Buy Season 1.

Buy Season 2.

(Might wanna pick up a copy of Patton while your at it.)

Posted in cuddletech | seven comments, already

Sun Studio for Linux Alpha's for free

15:47 by benr

Sun's has made available alpha builds of Sun Studio Compilers for the Linux OS, at no cost. Try the latest and the greatest and see how you like it.

Even if you aren't interested in switching off GCC, the tools provided with Sun Studio are excellent, the IDE plays nice with both VIM and Emacs (if you care about IDEs), and while Studio's compiler is much more picky than GCC its useful for production quality testing. Even if you don't ship Studio compiled binaries your code will benifit from being run though the Studio tools and compilers just to clean things up. (Warning: if you write shitty code you'll immediately hate Studio when it points out all your bad habits that GCC's let you get away with for years.)

Posted in Sun | 94 comments, already

UNIX is dead, Linux’s the future...

00:56 by benr

We'll see about that. [Expletives removed.]

It is funny though. Look at where the innovation is. Linux is simply a kernel and is following behind the innovations of others, such as Intel, but then Intel is following behind many of the innovations of AMD these days, and the innovations that truely are Intel's (such as IPMI) don't get much press. The future is with OpenSolaris, with Java, with Niagara, with Rock, with UltraSPARC IV+, with Galaxy, with Sun Ray, with Sun. I think what Mr. Donald Feinberg should have said is that propriatry is dead, Open Source/Free Software is the future, in which case he'd be right. Lets again be reminded for the seven thousandth f'ing time, GNOME isn't Linux, KDE isn't Linux, GNU isn't Linux... Linux is a kernel, lots of stuff sits on top, and all that on top is Open Source and Free Software... and almost all of that runs on OpenSolaris, as well as many other UNIX platforms thanks to standards.

Might it also be said... this isn't the first time we've been told UNIX is dead, nor will it be the last.

Posted in Sun | 23 comments, already

NextCom.. Don't hurt yourself laughing

24 Sep '05 - 18:46 by benr

I suppose I should thank mrussell@nextcomputing.com for the wonderful spam. Always love to get it. Hopefully the insane number of spambots that troll my site can help return the favor.

Contained within said spam was this:

FleXtreme eclipses Sun's Galaxy. Discover extreme performance in FleXtreme's elite combination of mobile server AND workstation. Combines the highest performance Dual-Core AMD Opteron™ mobile server with a high performance graphics workstation in one briefcase-like form factor. AMD technology allows simultaneous 32- and 64-bit processing with no performance loss. The Dual- Core AMD Opteron™ processor generates less heat than recent single-core processors. The PCI Express 16x bus uses a switch mechanism to speed up communication to and from peripherals through 16 simultaneous lines.

Its firstly odd that they are trying to compete with Sun given that they are a partner. But if you want a good laugh have a look at these: FleXtreme Opteron. A dual opteron luggable... oh goodie. Yup, I'd use that as a workstation/server/portable.... er, wait, no, no I wouldn't. I might hold a door open with it, but luggables went out of style about the same time that 5.25" Floppies did. I suppose if your still stuck on Bernulli's your in line for this gettup, but who even wants to guess what the pile of crap costs. Not to mention that its likely a cooling disaster. So they eclipse Galaxy? Ya, in the "really expensive doorstop" market, sure.

Anyway, mrussell@nextcomputing.com, thanks for the spam.

Posted in Sun | 108 comments, already

The Beauty and Power of E

21 Sep '05 - 03:40 by benr

At LinuxWorld 2004 in San Francisco many of us in the Enlightenment project gathered together thanks to a booth in .Org Pavilion. For us this was a rare oppertunity so I decided I wanted Shirts for the event, everyone agreed it would be a great idea and thus our CafePress Enlightenment Store was born. (Doesn't make us a dime... actually costs me personally every 3 months, but its nice to be able to buy shirts.) This is the shirt I wanted to wear but we ended up agreeing it wasn't probly the best idea.

The only diffrence is that the one for LinuxWorld used the largest print I could, to ensure that even from the other side of Moscone you could see it.

Anyway... I really just want to show off E. Check it out, E17 on the Ultra20:

E rules.

Posted in Enlightenment | 102 comments, already

Ruby 1.8.3 Released

02:17 by benr

Hours ago Ruby 1.8.3 was released to the world. The previous version, 1.8.2, was released back in December of last year, and boy oh boy has Ruby come a long way since then. It seems that Ruby's popularity just keeps steamrolling along, picking up steam every month, based both on its own merits but particularly in the last year thanks to Ruby on Rails. You can see the 1.8.3 Changelog here and nab the 1.8.3 source itself here. The release builds nice and clean on OpenSolaris and the test suite ran clean using both GCC 3.4.3 and Sun Studio 10.

If your new to Ruby here are some kool things you might want to check out:

RubyForge: Great repository of Ruby projects
Ruby-EFL: The power of the Enlightenment Foundation Libraries in the hands of Ruby
Ruby Garden: Nifty Ruby community site
Ruby on Rails: The magical Ruby based framework
Programming Ruby (2nd. Ed.): The best Ruby book out there.
Ruby in a Nutshell: O'Reilly's handy desk reference.
Programming Ruby 1st Edition online: Learn from the best for free, including reference.
"Ruby user's guide": A really wonderful tutorial, I highly recommend it.
Learn to program, using Ruby: Soft, gentle, and very well written tutorial.
PL/Ruby: Use Ruby as a PostgreSQL Procedural Language

Somewhat ironically, Ruby on Blastwave apparently has a new maintainer and just got updated to 1.8.2 (from 1.8.1) last night. I would imagine this is a good sign that we might get 1.8.3 via Blastwave sometime very soon. Looks like Mr. Cory Omand is the new maintianer. You can also find Rake on Blastwave making it easy to pkg-get both Ruby and Rake, then install RubyGems and have yourself a good ol' time. Ruby is fun... reminds me of the excitement I had for Tcl/Tk when I first used it.

Posted in cuddletech | 94 comments, already

Panther Leaves the Den

20 Sep '05 - 13:20 by benr

UltraSPARC IV+ is finally out. Too bad the V1280's can't accept them, thats what you get for being an early adopter.

Posted in Sun | 35 comments, already

Ultra20: Initial Reactions

05:32 by benr

I'd fully expected to post a complete review of the Ultra20 within the first 48 hours of having it, but due to a trip to LA for the weekend, work, and all that other life stuff (kids are more fun than workstations) I just haven't come to a place yet where I'm comfortable reviewing it completely. So, in the meantime here are the initial reactions.

The case is kool... looking that is. The case cooling is adiquate for what it was intended to do, however the Tyan K8E's BIOS makes overclocking a dream... too bad you dont' have the cooling capability. The CPU cooler is pretty slick, complete with heat pipes, but adding additional cooling to drives, chipset, video, and case just isn't gonna happen unless you tie-wrap a Delta to the grill.
The nVidia Quadro NVS 280 that came in my system (Medium config) is just what you'd expect from a workstation card... which means it sucks. 2D performance is par, you can hit some nice resolutions, and TwinView is always welcome, but intensive GL is just out.
If you play games, don't bother with the medium configuration unless you plan to ditch the Quadro and plop in a decent card (which if your on a budget right now would be an nVidia GeForce 6600GT, better if you've got some bucks). I loaded up WinXP to test multiboot and figured I'd give Battlefield 2 a shot while I was there... the video was terrible and game performance was just horrific. I couldn't even walk from the spawn point to a vehicle before giving up.
I did some math... I figure that if you build the medium config system from parts around the net, a comperable setup (adjusting for the case and SATA backplane which are Sun specific) you'd end up paying about $1,000US or there abouts. The medium config runs $1,395.00, which you'll remember also includes support and warrenty for 3 years on the whole system plus the entire software stack provided with it, making it a great value for money. But, that also means that if your a hardcore user you'll end up immediately mod'ing the system, making the value proposition less attractive.
The Lite-On DVD-ROM was a mistake, imho. Plan to replace the thing with a DVD writer as soon as you get the box, I personally like the NEC dual layer writers (pick one up on NewEgg for about $40).

I'm having to change my thinking slightly. I want maximum flexability and maximum power. I want to play games at 60FPS+ and have massive stability for work. I need alittle of everything... this box is a workstation, and, as a workstation it seems to live up to the standard at this point. I'm not going to comment on the speed of the box yet, except to mention that I did a full nightly build of B22 in 1:51. Monolyth (Athlon64 3200+) took almost twice as long.

An important note to those booting Windows! I setup WinXP 64bit Beta on the box using GRUB from OpenSolaris as a test. I booted XP from GRUB, got the login screen, then reboot... following the reboot, no GRUB. When I took a look with fdisk it turned out that it removed the boot flag from the Solaris partition and put it on the XP partition. In order to keep this from happening simply do not use the "makeactive" keyword in your GRUB setup. To boot Windows you only need two commands: root(...) and chainloader +1.

This is also my first time using Ubuntu. My only reaction is: whats the big deal? Lots of people love it. I often hear people rave about its package system, but its just apt. And, honestly, I've never been a Debian person... I got burned by dselect years ago and never recovered. LFS and Gentoo for me. I'll admit that if I was gonna give my Dad a Linux system I'd be very likely to give him Ubuntu, its dead simple and the integration is pretty nice. Never the less, I'd never run it as a full time distro.

Hopefully I'll have a decent review worked out soon.

Posted in Sun | 94 comments, already

Multibooting Best Practices

18 Sep '05 - 00:45 by benr

Sun's happy to announce that its new x64 systems are certified for multi-os use. But how do you best go about multibooting all those OS's? I'd been planning to do a write up on it to help hedge the confusion, but our good buddies at Sun BluePrints have once again got us covered. Mr. Barton Fiske has written an excellent expose on the subject: "Configuring Multiboot Environments on Sun x64 Systems with AMD Opteron Processors". Weighing in at a nice 36 pages in beautiful PDF its an excellent indepth look at the subject. He even discusses such important but often neglected details as MBR and partition header layout. Not only that, but he goes even deeper to discuss methods for multibooting more than 4 operating systems! This paper illustrates the process using WindowsXP, JDS (Linux), and Solaris10.

This paper is far more complete than what I have time to write up, so I'm not going to bother and just refer everyone to this paper. I just did a test multiboot setup on my Ultra20 using WindowsXP 64bit Beta, Ubuntu Linux, and Solaris Express: Community Release B22. Works very nicely, although now that it works smoothly I'm wiping out WinXP for either FreeBSD or Xen. Plan9 might be fun except that it doesn't recognize my USB keyboard.

Posted in Sun | 72 comments, already

Tape Robot Control in Solaris

16 Sep '05 - 17:09 by benr

I ran into a problem this week: I was given an LTO2 changer (Dell PV-122T, sorry Jonathan) to cut some tapes for a vendor, but in order to make sure the recipient doesn't have troubles with the tapes I decided to just use GNU Tar (much faster than Solaris Tar) to cut the tapes. This created a problem for me... I've got a changer but can't control it. That means I don't know which tape is actually loaded into the drive and so I decided to load only a single tape into the 8 tape changer, that way I didn't question which tape I was using, but that means I have to swap tapes manually, and the robot is colo'ed 20 miles from the office. I need to cut more than a single tape. Lame. And, I'm going to LA this weekend for a family event and it turns out my boss wants me to cut tapes all weekend long. So... now its unavoidable, I need some way to control that robot.

If you've ever managed NetBackup your probly familiar with its "robtest" utility. Its nice. Frankly, its probly my favorite part of NetBackup. I'd love to just use that but frankly thats a licensing issue. So robtest is out. What now?

MTX to the rescue. MTX is an open source "SCSI Media Changer and Backup Device Control". And lookie! Solaris support! Sweeeeeeeet.

You can download MTX from MTX main site (I used 1.2.18). Not having compilers on the system in question I built it on another Solaris9 box that already had compilers and tools in place and then moved over the binaries.

To use MTX, like robtest, you'll need a SCSI Generic device for control. You can find instructions on doing this here. Just add lines to the sgen.conf, modload sgen, and then add the device (always run "devfsadm -vs" prior to actually changing something). Once the device is in place and I move the binaries in I become very happy:

# mtx -f /dev/scsi/changer/c2t5d0 inquiry
Product Type: Medium Changer
Vendor ID: 'DELL    '
Product ID: 'PV-122T         '
Revision: 'K17r'
Attached Changer: No
# mtx -f /dev/scsi/changer/c2t5d0 status
  Storage Changer /dev/scsi/changer/c2t5d0:1 Drives, 8 Slots ( 0 Import/Export )
Data Transfer Element 0:Full (Storage Element 1 Loaded):VolumeTag = 000001
      Storage Element 1:Empty
      Storage Element 2:Empty
      Storage Element 3:Empty
      Storage Element 4:Empty
      Storage Element 5:Empty
      Storage Element 6:Empty
      Storage Element 7:Empty
      Storage Element 8:Empty
# mt rewind
# mt status
IBM Ultrium Gen 2 LTO tape drive:
   sense key(0x0)= No Additional Sense   residual= 0   retries= 0
   file no= 0   block no= 0
# mtx -f /dev/scsi/changer/c2t5d0 unload
Unloading Data Transfer Element into Storage Element 1...done
# mt status
/dev/rmt/0n: no tape loaded or drive offline

Now, thanks to MTX, I can go to LA, swap tapes myself without having to bug someone else back at the office over the weekend, and be aware of exactly which tape is loaded at which time. Very kool.

Posted in Solaris | five comments, already

Sun's Network Computing 05Q3: Cuddletech Wrapup

15 Sep '05 - 17:06 by benr

Another NC Event come and gone. Thought I'd share some thought about it...

So we've got 3 new servers (X2100,X4100, and X4200), 1 new networking device (N1000 App Switch), 2 new tape offerings (C2 Autoloader and C4 library), a NAS gateway and a new array. Storage first, cause thats just my style.

When I first say that 3320 I wondered how this differentiated itself from 3310, both are SCSI LVD, both basically just SCSI versions of the 3510. Looks like the only diffrence is that the 3310 was SCSI Ultra160 whereas the new 3320 is SCSI Ultra320. Otherwise I'm not seeing a diffrence. I don't see pricing on the unit yet but the 3310 with 1.7TB (12x146GB Drives) and redundant controllers rolls in at $26,500... I would hope that there would be little to no price diffrence between the two.

The two new tape offerings are pretty nice really. Looks like they are avalible in white or purple depending on what gear you want to match (based on the keynote). Both can go LTO3 or SDLT600 (but who would buy SDLT I have no idea beyond backward compatability). While the units look diffrent, the specs look more like a "small" and "large" compliment. C2 has a single drive and up to 16 slot, whereas the C4 has up to 2 drives and as many as 38slots (which in 4U is pretty damned good). Both are LVD SCSI but the C4 has a Fibre Channel option (read: bridge). The C2 with LTO3 rolls in at $9,695 (with both magazines) and the C4 comes right behind at $15,990 for 1 LTO3 drive and 38 slots. Of course, when you sit down and think about really rolling out a C4 the cost when you include the second LTO3 drive, 3 years of Silver support, 40 LTO3 barcoded tapes, and an extra magazine for quick loading brings the grand total to $38,263, not including the fibre bridge. But, all in all, thats not so bad considering what you get and that your support is paid up for 3 years. In comparison, Dell's equivelent is the PowerVault 132T library, with similar specs is only $21,248 (again, including tapes, labels, service, the works), however the Dell has a maximum capacity of 24 slots, which hurts. One thing I don't understand though is that Dell adds in $3,000 for the second drive, whereas Sun adds in $11,000. Sun's cost seems right to me... how is Dell selling LTO3 drives for $3,000? Looks like Dell's drives are UltraWide SCSI2 (80MB/s) versus Sun's drives which are Ultra320. I'd like to see the two side-by-side.

And so we come to the NAS Gateway StorEdge 5310. I'll be honest, when I see "NAS" and "Sun" in the same sentance I get suspicious. I think it was caused by all those years of Sun putting an UltraSPARC box on top of a StorEdge array and then super-glueing the chasis together and calling it a NAS solution. And, from the looks of it this is no diffrent. Immediately I noted two things: 1) it starts at $54,995, and 2) I don't hear anything about iSCSI. So I'm buying a Xeon powered server with a webgui on it to server out storage and paying more than $55,000 for the privelege? No thanks. That makes NetApp look even more affordable since that $55,000 doesn't include disk... and honestly, when you look at a NetApp system the cost of the software (OnTap/WAFL and the RTU) is about that, the hardware itself is fairly inexpensive. If you wanna feel better about paying too much for your NetApp, the 5310 will make you happy, but personally I'd say put your money into something far more powerful and useful such as a Maranti CoreStor. I mean I understand that its price according to the competition, but its still obscene.

App switches... I liked it when we called 'em "load balancers". I think there still have to be people in the market that haven't make the mental switch. The N1000 definately has a nice 1U form factor, and the pricing in the mid to low $20,000's is competative against other players such as NetScaler. But, when it comes to App Switches I'm really interested in what that interface looks and feels like and I don't see any demos.

Now to the servers. Holy shit. What can you say? AMD64 power. Sun engineering. SAS drives (w00t!), with lots of IO. What isn't to love? The Galaxy line is lining up to be just what we needed. And the pricing model is amazing. One thing that stands out to me is the quad-Gigabit ethernet. Finally, a vendor that understands that in the enterprise world 1+1=1 due to redundant root disks and networking. The decision to use 2.5" drives is, imho, a bold move but a neccisary one I think. The mainboard definately has some serious IO capability but due to the 1U and 2U form factors I can't see all those slots being accessable, so I'd like to see one in person.

Doesn't the X2100 just scream OpenMOSIX? I think it would be absolutely awesome if Sun donated 6 X2100's to the OpenMOSIX project. The PR would be great and they'd love 'em!

Speaking of the X2100, Anandtech has a full review online.

It was good to see a new Sun Ray Server Software version. I think that Sun Ray is still somewhat ahead of its time. Frankly, JavaStation, Sun Ray, JDS, and Linux desktop replacement in the enterprise space have all suffered from a similar problem: continuing to run existing Win32 applications. Several solutions have arisen such as Citrix, Wine, and various commercially marketed varients such as CodeWeavers CrossOver, but they've never made much of a dent toward wide-scale desktop replacement. I'm hoping that Sun's aquision of Tarantella will finally be the hook Sun Ray has needed. But we'll see.

All in all, a very good NC event. Looks like systems won't ship till October, despite Scott saying that systems are "shipping in volume now". If they are shipping I'm not sure who they are shipping too. Never the less, Octobers good.

I have some words reguarding the keynote though:

Firstly, the keynote seemed burried on the NC site, not being called a keynote but "Watch Encore", which I simply ignored untill I'd gone through everything else and wondered what it was. In the future labeling the keynote webcast for what it is might be more useful.

Secondly, some words reguarding Mr. John Fowlers keynote. The jokes weren't funny, they just fell flat. In my experience Sun keynote crowds, in fact keynote crowds in general, are hard to get laughing so the jokes just don't fly. The presentation didn't seem smooth and directed at all, and it was all together too light-hearted. In otherwords, the presentation wasn't professional. The first time Jonathan was corrected it was called for, he did misstate a fact, however following that it was more so done in jest that just didn't work. Further, saying seemingly light hearted things like "I'm not interested in the consumer space" made my skin crawl. You might not, but don't say that. Now, granted, it turned out that you were talking about putting iPod skins on a rack (or "Pod") but for about 60 seconds I didn't know that and started fuming. Don't make jokes about your pay check, don't comment about who you'd rather work for, don't try to tell jokes.

One last minor note reguarding the keynote... it would have been nice to get more than a single sentance from the panel members. I'd have liked to hear more from MySQL, more from Oracle, and possible more from Red Hat. I know time was short and you'd already gone an hour, but 5 minutes more wouldn't have hurt. Perhaps some other panel discussion happened during the event that wasn't webcast, and I know this is just how these things go, its more of a photo op than a panel discussion, but just a bit more would have been nice.

The one thing missing from the whole NC event that I expected (and I don't think I'm alone) was some word on Niagara. In fact, word about UltraSPARC in general was missing. Sliding in UltraSPARC and SunFire here and there wouldn't have hurt. Perhaps put some V1280's on stage with the new systems just to get a pretty picture of a full Sun rollout. And pointing out the strengths of Opteron as compared to UltraSPARC and explaining why the two are such a natural fit would be really good too. I don't see seperate product offerings, but I still see them being sold that way, there are two chip lines in a unified product offering, and we shouldn't allow people to continue to see such diverse technology rifts occur when I don't think they truely exist. But, anyway, I was hoping we'd possiblity get Galaxy's with Niagara to make this a sort of wholistic UltraSPARC/Opteron rollout but I guess I was wrong...but they'd definately be kickass. Hopefully the Galaxy systems stick around for awhile unlike the previous X86 systems, and the fact that Sun actually designed them is some hope that they will. Low cost UltraSPARC Galaxy would be pretty sweet, but then, thats what Opteron is all about right? :)

So, in the end I walk away with really two take-aways: 1) I'm feeling better about the StorageTek acquisition thanks to Jonathan's keynote, and 2) All Hail Andy! Welcome home!

BTW, I know your a big MaryMary reader already, but in case you haven't looked lately she's got tons of awesome behind the scenes footage including a great picture of Sun at NASDAQ.

Posted in Sun | six comments, already

OpenSolaris ON_NV Build 22 Online

14 Sep '05 - 17:04 by benr

Build 22 of Nevada is now available. Both Solaris Express: Community Release (for X86 and SPARC) and source/bfu's are available, so you can take your pick. The Genunix mirror will be updated shortly.

Posted in OpenSolaris | No comments yet

Ultra20's are shipping!

05:49 by benr

w00t! Finally got my Ultra20 today! And, looking at store.sun.com, they are now showing a 6 day shipping timeframe versus the "Call Sun" we had since announcement. Also, a reader was nice enough to mail me and let me know that he ordered an Ultra20 from a VAR in Australia and he got the system in less than 2 weeks.

I'm already planning a full review. Tonight I've been tied up prep'ing operating systems for the box. I'm planning to install OpenSolaris SX:CR Build 22 (40G partition), Ubuntu Linux (I've been on Gentoo for years, time to try something else for a bit, 20G partition), and...bleh... Windows XP 64bit Beta (really for only two reasons, to verify and be able to demonstrate how easy multiboot is and perhaps to see whats changed in the last 10 years since I've used Windows). Once I get the OS's installed I can start doing some real performance testing and stressing the system to see what she can do. So far I can tell that the system is fast, but can't really determine just how fast. I can say that the BIOS flies by so fast that you don't see it. :)

My one major observation is that the supplied DVD drive has gotta go. As soon as I finish burning all these install CDs, I'm pulling the NEC Dual Layer DVD burner in my Linux box and putting it in the Ultra20. Also, if you ordered an Ultra20 for yourself you might want to be aware that while the system ships with a DVI splitter for dual head it doesn't ship with a DVI-to-VGA adapter, so if you don't have one make sure to have one ready if you need it or you'll be really bummed out untill you find one.

Initial reactions are good. Solaris10 GA is installed by default, but that means that you've got that horrible pre-NewBoot bootloader of doom, which just sucks. Honestly, I'll never run Solaris on x86 prior to ON_NV Build 14 (when NewBoot was integrated), live without GRUB is just crappy on X86. Plus, driver additions in B16 and B18 are really nice. So, when you get the box play with GA, check out the preinstalled tools, and then install a Solaris Express release.

Pictures and full review coming soon.

Posted in Sun | 116 comments, already

Clearview: Rethinking Solaris IP MultiPathing (IPMP)

09 Sep '05 - 16:28 by benr

Here is an excellent example of OpenSolaris and Sun's new commitment at work. Solaris's IP MultiPathing (IPMP) feature, which enables the transparent failover of network adapters (if a switch or network card dies, no one notices), among other things, is undergoing a rearchitecture and we, the community, have the unique oppertunity to be part of that rearchitect! This project is dubbed "Clearview". Whether your an OpenSolaris developer, sysadmin, or just a Solaris end-user, this is a chance for you to get in on the action and provide your ideas and thoughts direct the developers doing the work.

You can find the origonal posting about Clearview here, then go and download the "IPMP Reachitecture: High-Level Design Specification to get details. Dig through, think a bit about what you like currently, what you don't like, and what would make life easier (and more robust) for your enviroment and your needs and then think about how those ideas could be of use to the whole community and add your two bits! How easy is that!

I've had lots of ideas about IPMP over the years myself, and so I'm absolutely elated to be part of this process. Perhaps the most interesting thing is that I now have to think not just about myself, but about all customers and users. Many of the things I want to change would negatively impact existing users or break compatability, which is easy enough to think "Bah, they'll just have to change", but thats not what we expect from Solaris. This is a unique chance to put your feet in the shoes of a Solaris Networking and Kernel Engineer (one of many chances in the OpenSolaris project) and its eye opening and exciting.

Additionally, stop by the OpenSolaris Networking community main page for information on a wide variety of really kool projects happening, including Nemo (GLDv3), FireEngine (IP rearchitecture), NL7C (Network Layer 7 Cache) Project, Yosemite (UDP performance), Surya (Forwarding Performance), CrossBow (virtual stacks for utility computing), and more! I'm not a network guy at heart, but Nemo, Clearview, and CrossBow are so damned amazingly kool that I'm dusting off my old reference library.

A big thank you goes out to Peter 'meem' Memishian and the rest of the Solaris Networking team for letting us be involved.

If your new to IPMP, I discussed it in this blog back in Feb.

Posted in OpenSolaris | 349 comments, already

Calling all Enlightenment Users!

08 Sep '05 - 15:45 by benr

Tux Magazine is running a poll on their site asking: Which Graphical User Interface (desktop environment) do you primarily use on your Linux desktop? If your an E user go vote! Make our mighty voices heard. And, lets not slight them for not thinking of OpenSolaris, this is Tux Magazine, so even if your on OpenSolaris, put in your vote.

Posted in Enlightenment | 68 comments, already

DistroWatch.com Donation to Enlightenment

15:42 by benr

I've got to send a hearty thank you to our friends at DistroWatch.com for making a generous donation to The Enlightenment Project. They made a donation of $250, which to most projects isn't much, but to us is extremely useful. Every penny counts for unfunded projects like ours. A big big big thanks to DistroWatch for recognizing the amazing work being done by The Enlightenment Project.

(If anyone else wants to help out too, we'd be most thankful.) :)

On a related note, Elive (the Linux LiveCD featuring E in all its glory) has been named Featured distribution of the week! w00t. Congrats and thanks to Thanatermesis for all his hard work on the distro. Elive didn't start as an Enlightenment official project, Thanatermesis just started on his own, seeing an opportunity, and that is the open source spirit.

Learn more about E on Enlightenment.org, Edevelop.org, and Get-E.org.

Posted in Enlightenment | 110 comments, already

Niagara: Holy Crap!

07 Sep '05 - 17:02 by benr

I don't like to endorse leaks (and imho, this is a leak) but you gotta see this! There are lots of things in life which you, as an intellegent carbon based lifeform are aware of and understand at an intellectual level... but, then, there are certain things that reguardless of this fact just sort of hit you in the face when fact becomes reality, the intangable becomes tangable. Child birth is such a thing. Marrage is such a thing. Your first kiss is such a thing. And now, Niagara is such a thing! I mean, I knew it had 8 cores and 4 threads per, blah blah blah, but holy crap, just look at that psrinfo! 32 threads at a time! With just one of these I could replace a rack of aging 1U front end webservers and have room to grow! Could you imagine the Apache benchmarks this thing is gonna smash! Imagine an entire rack of these babies providing more power than the rest of your server room! Replacing you honkin' RDBMS on UltraSPARC IV its not (and thats what Rock is all about) but for anything medium weight that just needs tons of cycles this baby is gonna scream. For years we've heard the stream from vendors, including Sun, to consolidate... and then onces you've consolidated, do it again... and again. But damnit, this is what I call compelling! And if this baby is on JBus and relatively low cost, you can absolutely kiss the competition good bye.

I offer one peice of advice to Sun. Guys, I love ya'll, you know that... but, the Ultra20 thing hasn't gone so well. You hyped us, you hooked us, you gave us an offer we couldn't refuse, but customers are still waiting. You built a fire, instilled it in your customerbase and let it spread like wild fire, and then, almost 3 months later they are still waiting. The fire is dying down, the excitement has deministed. Sun once had a great tradition of delievering on announcement. I'll never forget the Sun Cluster 3.0 event when Sun Cluster was announced, demo'ed, and then handed to attendees as they left the room (I wasn't there, webcasts rules). Sun was a company that was delievering... now we're like everyone else, talking and announcing months prior to release and avaliblity. Ya, ya, ya, I know that with the shares being what they are we need all the excitement we can get and try to bring around the perception people have about the company forward looking, but the faster you can get those products into the hands of the customer base the sooner their going to be able to pass on that fire and keep the train rollin', all the way untill we get Rock and blow IBM out of the water for good. DEC down. HP down. SGI quit. Red Hats not helping itself... lets make IBM wish they'd kept that ThinkPad division.

Posted in Sun | eight comments, already

The Sun I/O Podcast: Episode 2

16:59 by benr

Mr Richard Giles has released the second Sun I/O PodCast. This time around he has a conversation about OpenSolaris featuring Jim Grisanzio and some other guy that I've never heard of. Check it out to get a view of the project from two people in the thick of it all.

...so, the backstory. This PodCast was interesting, when Richard and Jim asked me to participate I was flattered and then alittle scared, because I can talk Sun and Solaris and OpenSolaris for hours and hours on end, but scoping that down to a nice 30 minute PodCast is rough, especially after Simon did such a great job in the first one. But what really freaked me out was when I found out that due to the time diffrence (Richard is in Australia) we'd be doing this at 9am PST. Okey, thats a problem, because I typically wake up at 9:30 and I'm not really aware of where I am or what I'm doing till about noon, prior to that its just autopilot and coffee drinking, so I was afraid that I'd be completely incoherent. The upside is that when the PodCast was released tonight I was interested to find out what I said too. Apparently I did ok. At least I hope I did. You judge. I do need to say a very special thank you to Tamarah for ensuring I got up and pumping me full of coffee prior to the call, that combined with chainsmoking through the whole thing got me through, if it weren't for her I would have just mumbled the whole thing.

Posted in OpenSolaris | four comments, already

Bryan Cantrill: Even MIT thinks he's a genius

06 Sep '05 - 16:57 by benr

I hate to jump on the bandwagon, but this is a big thing. Congrats to Bryan on being one of Technology Review Magazine's Top 35 Innovators under 35. Just look at that list, most of these guys are from academia, thats a tough crowd, and while we all appreciate DTrace its really kool that MIT does too, given the scope of MIT's Technology Review.

You know how ever year at Christmas you've got to slump around trying to deal with all the people that give you crap because your not this or that... can you image how kool its gotta be for Bryan to call home "Hey Mom... ya, just chillin', playing with my son... you know normal Top 35 Innovators kinda stuff." Made in the shade. Although, I think I could become CEO and my family would still give me crap for not going to college.

Posted in Sun | five comments, already

Demystifying Sun's UltraSPARC Lines

00:01 by benr

Today I set out to do a quick blog entry mapping a variety of Sun codenames to the actual product name... but in the process I got off on a chip tanget, which led to updating myself on where the current UltraSPARC roadmap is going, which led to the discovery of a "new" interconnect I wasn't aware of before, which led to some insite into the Sun server line. This is the result. Please bear in mind that all this isn't laid out anywhere that I know of, so I'm piecing this together from about 30 sources and my own poor memory, so if I get things wrong please let me know:

Sun's current server line is pretty confusing. In fact, the UltraSPARC product line is pretty damn confusing too. UltraSPARC III, UltraSPARC IIIi, UltraSPARC IV, "kickers", interconnects, multicore, partnerships, changing naming convension, Niagra, Rock, the list goes on and on and on. Add it up and your a really confused customer who doesn't know what the heck to buy. So our demystification process begins with the chips. Here is the basic outline of the chips as I can best construct it right now:

Phantom	UltraSPARC-IIi Processor (.18 micron, 6 layer Cu Metal, Up to 650Mhz, PCI) [enterprise proc]
Hummingbird	UltraSPARC-IIe Processor (.18 micro, 6 layer AL, 500Mhz, PCI) [low end an embedded proc]
Cheetah	UltraSPARC-III Processor (.13 micron, 1050MHz-1.2GHz, Fireplane interconnect)
Tomatillo	JBus Interconnect
Jalapeno	UltraSPARC-IIIi Processor (.13 micro, 7layer copper, up to 1.593Ghz, JBus interconnect)
Jaguar	UltraSPARC-IV Processor, First Generation SPARC CMT (dual Cheetah cores, 1.05-1.35GHz)
Panther	UltraSPARC-IV+ Processor (CMT dual Jalapeno(??) cores) [Forthcoming, due Q4 2005]
Millennium	UltraSPARC-V Processor (Killed, was reportedly a multi-core UltraSPARC-II proessor?)
Gemini	UltraSPARC-V Processor (Killed, was reportedly a low-power version of Millennium?)
Olympus	Fujitsu Sparc64-VI processor in partnership with Sun (dual-core) [Forthcoming, due late 2006 or early 2007]
Niagara	Forthcoming Second generation SPARC CMT (utilizes 8 cores (CMP) with each core proccessing 4 threads each (SMT), for a total of 32 threads simultaneous, reportedly each core is a scaled down UltraSPARC-II) [Forthcoming, due Q1 2006]
Rock	Forthcoming Third generation SPARC CMT (No details.) Forthcoming, due mid-2008

The best place to understand all this is on the Sun Servers: View by Processor page.

So, UltraSPARC II isn't dead. In fact, its getting a new lease on life (more on this later). Its still used on low costs systems such as the V100 and V120 servers as well as several Netra systems. On the workstation side its also seen in the Blade 150 and the "new" Sun Ultra 3 laptops.

UltraSPARC III gets confusing though, mostly due to the use of two diffrent interconnects. UltraSPARC III rolled out utilizing the Fireplane interconnect, replacing UltraSPARC II's UPA, which coupled nicely with this "Fire-feever" with Sun FireLink high-speed serial external cluster interconnects, Sun Fire branding scheme, and so forth. But then UltraSPARC IIIi rolled out to complicate things. Apparently in an effort to create a low cost, high performance interconnect that was CMP (multicore) capable a new interconnect named JBus (codenamed "Tomatillo") rolled out. The thing about JBus is that while its CMP capable and fast, its only capable of supporting up to 4 procs, which means its not going to be seen in the Sun Fire midrange systems, which means that Fireplane ain't dyin' yet. Plus, to mix things up the UltraSPARC III cu was released as a copper version thanks to the Sun/TI partnership. The UltraSPARC III cu is exactly the same as UltraSPARC III, except that thanks to the copper process clocks push upward to 1.2Ghz.

So we can fracture the US III product line into two camps, based on the interconnect:

JBus UltraSPARC IIIi Systems in the 1-4 CPU space, which will likely get CMP'ed in the future.
Fireplane UltraSPARC III Systems in the 1-12 CPU space. (Not including the previous Sun Fire midrange line, E?800 systems, which can run UltraSPARC III's and III cu's depite being currently marketed with US IV's)

UltraSPARC IV is Sun's first generation CMT (Chip Multi-Threading). The way Sun looks at it there are two ways to do CMT: utilize Simultaneous Multithreading (SMT, what Intel calls Hyper-Threading) to run multiple instructions at the same time or utilize Chip MultiProcessing (CMP) to put multiple execution pipelines on a single chip (what most people refer to as multi-core). Put these two together and you get what Sun calls ,a href="http://www.sun.com/processors/throughput/">"Throughput Computing". UltraSPARC IV utilizes only CMP by means of two Cheetah (UltraSPARC III) cores, each core running a thread, making for 2 threads per CPU. The kool bit is that UltraSPARC IV is pin compatable with UltraSPARC III, so now almost every system that previously was sold with UltraSPARC III is going out the door as an UltraSPARC IV system.

Thats where we are, UltraSPARC IV... now we get into the future...

There isn't much information about Pather, UltraSPARC IV+. word is that this new chip will be produced using 90nm copper technology, include onboard 2MB L2 caches per chip including up to a 32MB L3 external cache, and clocks at 1.8Ghz and upwards possibly eventually beyond 2Ghz. Add all three of those up and you've got a moster chip. I'm tempted to ask whether US IV+ will utilize Fireplane or JBus, but I'd imagine Sun wants to be able to pop these babies into the existing US IV line of servers and offer them as upgrades, which means not changing the interconnect. It would seem that we're going to find out all the answer in a couple days at the Sun Network Computing Q3 05 event.

UltraSPARC V was supposed to be the second stage of the first generation of Sun's Throughput Computing strategy, but was killed on the table. Word was that Millennium actually taped out (which means they were ready to send finished chip plans to the fab for production) but apparently went no further. Furthermore, apparently UltraSPARC V was going to utilize UltraSPARC II cores rather than US III, which is similar to Niagara... so could we take a guess that Millennium and its low-power bother Gemini were going to be dual core (CMP) and multithreaded (SMT) as a sort of scaled down Niagara? I've not seen sources that say, so I'm just guessing. Either way, its dead.

Niagara is the talk of the town. It doesn't have an UltraSPARC designation that I'm aware of but is the full realization of the Throughput Computing model. Reportedly based on scaled down UltraSPARC II cores, each chip packs 8 cores (CMP), which are capable of running 4 threads (SMT) per core, making for 32 threads per chip. This is said to be the second generation of SPARC CMT. This is coming sooner than we could imagine. Again, which interconnect are we going to be using? JBus perhaps? With 32 threads per chip a 4 way system is way more than enough for now.

Shrouded in mystory is the "Rock" processor, what would seem to be the third generation of SPARC CMT. Niagara is said to be a "Network Facing" chip, which we can assume means fast yet lightweight executions, such as would be made by web servers and the like. Rock, on the otherhand is said to be a "Data Facing" chip, which we can assume means large data driven industrial strenght workloads. If Niagara truly is based on the UltraSPARC II core does that provide grounds for us to guess that Rock will be based on UltraSPARC III cores? Its a logical assumption, but somehow I wonder. Some hints can be derived from the graphs on this page.

Whats clear is that we're going in an interesting direction. Its also clear that all this is a hell of a lot more complicated than it sounds. Its so easy for me to say "Ya, they just crammed two cores onto the chip" which is the decades biggest understatement, particularly with Niagara. And if they are using UltraSPARC II cores, how did they pull it off? US II would need a good ammount of work before it could be bent that far into the future. Reguardless, its clear that not only does UltraSPARC have a future, but its going to shortly regain the Revolutionary Processor title again. After years of getting into UltraSPARC vs (ProcessorX) debates and arguments it going to be nice for us Sun zealots to take a break and enjoy the limelight.

When it comes to the future of SPARC you want to keep your eyes peeled on two guys in particular: David W. Yen, Ph.D., Executive Vice President of the Scalable Systems Group and Dr. Marc Tremblay, Sun Fellow, Vice President, and Chief Architect of Processor and Network Products (Good interview with him here and here.) Additionally, watch for Andy Ingram, Vice President of Marketing of Processor and Network Products, and Sun's Man of Steel, Greg Papadopoulos, along with the usual suspects. But... if your thinking, I'm only gonna run 1 OS on all those cores? Then my main man Dr. Tim Marsland is the guy to keep both eyes on.

...and, seeing as this entry is way too long as it is, I'll talk server lines and how they relate (and how they don't) some other time.

Posted in Sun | four comments, already

Solaris9 9/05 Released

03 Sep '05 - 05:05 by benr

Solaris 9 users and customers will be happy to know that 9/05 is out. Get it for both SPARC and X86. Sadly the Whats New docs for Solaris 9 don't include a per-update review of changes, however the customer notification mail states: It supports the newer hardware models such as SPARC servers based on the UltraSPARCIV+ processor and the Galaxy x64 servers. The Galaxy servers of course being those kickin' little sexxy boxes that Mark Mayo filled us in on (which don't have designations yet, but presumably will get Ultra titles despite having Opteron's in them). So, the big news here boils down to multi-core support for Solaris 9.

Note: If you are a new Solaris user and considering Solaris on X86, I personally do not recommend Solaris 9. Solaris 9 is amazing on SPARC and works well as an X86 server, but the driver support in pre-Solaris 10 releases are... less than ideal. Solaris9/X86 will, no doubt, run beautifully on Sun supplied X86 systems, but if your thinking of tossing Solaris on a box laying around the office I highly recommend that you use Solaris10. Besides, remember that all those innovations that are changing the industry are in Solaris 10 and OpenSolaris, such as DTrace, SMF, FMA, etc, etc.

Posted in Solaris | 70 comments, already

AnySystem.com: Commited to Community

03:31 by benr

I've been sitting on this entry for a while now, I've been so appreciative that I've been trying to stage a big blowout responce but nothing seems quite fitting enough so I'll just put it out there...

I have to extend the warmest and most sincere thanks to AnySystem.com. They are commited to the community, existing and evolving, around Solaris and OpenSolaris and started looking for ways to help, and it just so happens that they thought of me. I doubt I have to tell anyone just how big a fan and supporter I've been of AnySystem. For years now I've had only one "ad" on my site, which you can find on my Veritas Volume Manager KickStart page for AnySystem. The reason its there isn't because they asked for it or made a deal with me or anything, but simply because they are an amazing company that has been hugely important to me and many other admins and Solaris developers over the years. Reading about storage is good, but you can't truely expand your skillset untill you sit down and try it, break it, try it again, break it, test it, bench it, learn it, relearn it... you need real experience, and it was only because of AnySystem selling dirt cheap A5100 Fibre Channel Arrays and Ultra2's that I was able to truely aquire that. I don't believe in learning on the job so much as I believe in learning the night before... when I'm on the job I should be implementing, not learning to implement, thats not what they pay you for (can you tell I was a consultant?). Whereas other people were coming on job confused and unsure of what to do I had as my worst-case answer "I'll know how to do it tomorow", because I had my Ultra2 and A5100 at home and the ability to implement a test case of any scenario in my own private personal lab enviroment, bought and paid for completely out of my own pocket for less than $1,200, which was an investment in my future. And because of that investment I've been able to do the things that I'm doing today and was able to write the tutorials that I've written that have helped so many others. If it weren't for AnySystem making it possible for someone like me, who doesn't have a lot of extra cash and doesn't have friends who can "hook me up", I'd have had to rely simply on the work of other people and on the manuals and such, all of which sucked. When the 3.x Veritas Volume Manager doc set was being written I was asked to share my thoughts and my papers were looked at and I was able to make some suggestions, which maybe isn't anything big and important, but is beyond kool for just some guy sitting at home playing around and writting alittle about it. If it weren't for that "Ugly Duckling" Photon it wouldn't have happened. And they've made similar things possible for others.

Needless to say, AnySystem has already done more for me than I can express. Which made their offer to help me even more special. They asked if they could help or what I might need and mentioned that I was currently trying to save some money to buy one of their Sun Blade 1000's. And, to my unbelievable suprise they donated one to me! I just about shit myself when I read the mail saying that it was on the way. I have no delusions, I'm no body special, just another guy trying to do my bit like so many others (see my blogroll for just a few), so its just incredable to me that they would actually be so generous to me.

In recent months my Ultra2's (I have two, both from AnySystem, with QFE's to enable me to do cluster testing and design) have continued to serve well as servers but just were taking too long to build large software packages and while Enlightenment DR16 runs wonderfully on my Ultra2's, DR17 was just going to be painful on them. I continued to get by, in fact the first ever OpenSolaris builds during the pilot phase were build and booted on my Ultra2's, but building something with dependancies took so long that I'd start one build per night (for E that ment Imlib2 on night, EVAS the next, Ecore the next, and so on) and it just slowed my productivity on SPARC ot a near halt. But thanks to AnySystem's donation of the Sun Blade I'm finally catching up on piles of old projects. I'm building software like crazy, I'm able to test SPARC specific or SPARC only things (such as the nifty features of FMA) that were previously difficult or not possible.

But this donation is even more important to me than that. Many of you have seen over the last months some of the struggles I've had with my primary home development Linux box, which 3 weeks ago completely up and died (a week later I hobbled it back together but its still unstable, panicing every couple days). Initially I wasn't so worried about my Linux box because my Ultra20 was due to arrive any day and I'd migrate to it... but my Ultra20 still hasn't shipped and I was without a development system beyond the Ultra2's. As luck would have it and purely by coincidence the day after my Linux box bit the dust a big wonderful box with "ANYSYSTEM" stickers on it arrived. And, you've got to understand that my Linux box wasn't just a workstation, it was my mail server, all my work and notes are maintained in Subversion repos served on that box, private webservers and my development material, source for all my projects, etc, etc. When I lost my Linux box I lost access to my mail, my work, everything, I was completely in the dark. Thanks to the Sun Blade I was able to put all those services back in place and what was intended to be used as a development, porting and testing system has no become my primary workstation, on which I am making this blog entry now. Without this box I'd be in deep deep shit, and money is too tight right now for me to just run out and buy something while I wait for my Ultra20.

I simply can not express in any way just how much I appreciate what AnySystem has done for me and what they've enabled me to be able to do for the community. I loved them prior to this and I just don't know what to say now. Thank you AnySystem!!!

Posted in cuddletech | 130 comments, already

SysAdmin's for Hurricane Katrina Relief

02 Sep '05 - 02:46 by benr

This has been a tough week and is going to be an even tougher weekend. Labor day weekend is a busy time; school is starting up for many, its the time for big end-of-summer events and gatherings (such as the annual Pleasanton Highland Games), travel and vacations, one of the biggest Formula 1 races of the year (Monza, the Grand Prix of Italy), and more. Amoungst all these plans are the day-to-day issues of our communities and projects, including some tense ones such as the current situation with Blastwave, which you'll note I have yet to mentioned this week. We're all busy and have lots to do and coming up in the week ahead... but, in all of this my country, the United States of America, is in massive distress. New Orleans is under water, American citizens are being classified as "refugees", we're seeing pictures every hour of every day of our own nation that make most horrified third world nations look civilized, rampant violence, on top of which our federal government is unprepared to deal with the situations that are arising and even more so can't articulate what is in fact being done. The American economy is in flux due to changes in American capacity, one of our nations largest and most vital ports has been destroyed, not to mention the facilities that were supplied by the port, drilling capacity in the gulf has been crippled, petrol costs are sky rocketing out of control, above and beyond what we were already suffering, and to top all that off a large amount of our population is now re-evaluating our own opinions and views of our own governments ability to manage the situation. This is a difficult time. In light of his historic and trying time its hard to get terribly worked up over just about anything else, and everything looks pretty petty and pointless in comparison.

i want to help. I have a family to support and commitments to keep, but that doesn't mean I can't. If you have an organization that has been effected by Katrina and need administrative help to get back on your feet, I want to know! Many of us can't go to the area and help, nor would we be much use if we were given the current situation, but many sysadmins like myself could help organizations that need to get an infrastructure back up outside of the area. Maybe you know someone who needs resources to get mail systems functioning again. Small and medium size businesses that need websites and contact systems replaced. Whatever it is, there have got to be hundreds of people and organizations down there that could use IT help and likely will have as their biggest need to get their IT assets either moved out or recovered somewhere outside the area. I'm in the Silicon Valley, we could take tape backups and try to procure colocation space here and get your services back up. There are other admins around the country and world that I'm sure would also be willing to help you do what needs to be done to get back online. If you've got systems that survived and need a new home, we can find a place for them and get them back up. I'm sure there are plenty of companies that would donate resources, temporary software licensing, and so forth to meet the needs. I can personally guarrentee that if you need systems from Sun to help you rebuild after this disaster that they will ensure that your order is pushed to the front of the line to get your needs meet as quickly as possible. I'm sure that other vendors would do the same for their customers.

If there is anyone in the Gulf Coast area screaming for IT and UNIX systems help, there are people like myself out here that want to help you, we just need to find a way to connect. Part of the recovery from this disaster is going to mean getting all those small business in the area back on their feet as quickly as possible to ensure their survival, business doesn't pause untill a disaster has ended, we need to get these organizations back on their feet as quickly as we can. Small business is essential to the industry and to the American economy, its the America Spirit. I can't rescue people from flooded homes, but I might be able to help some organizations in need have a fighting chance to stay alive. Maybe no one needs sysadmins right now, maybe there is just no way to connect with the people who might need IT help, and most likely the individuals that need our help have bigger issues on their hands right now, but I've sure as hell got to try to do something for them.

If your an admin who feels the same way and wants to help, use your blogs and put out the word. If your a vendor, get the word out that your ready and willing to do what is needed to re-establish those small and medium sized regional businesses and organizations infrastructures, not to mention getting resources to rescue and support organizations. In this day and age, situations like this depend on water and shovels and sweat and blood, but they also depend on databases and mail servers and IM clients. In situations like this the types of performance issues that we as sysadmins deal with every day can be slowing down decision making proccesses that could be saving lives.

Most importantly, if your effected by this catastrophy and need IT/UNIX systems help, please please please let me know and lets find out how to help you get back on your feet as quickly as possible. If you know of an organization that needs help from an admin, let me know. There are lots of needs down there and there are lots of us that can help, its just getting together thats the hard part.

Anyone that knows me has heard my motto "Admins help Admins", thats the UNIX way, as far as I'm concerned. Thats the foundation of UNIX and BSD and open source and the modern electronic world, we all help each other and thats what makes SysAdmins and Systems Engineers so special. In extreme situations like this as an admin and as an American I might not be able to do much more than send some money to the Red Cross but I have a duty to both my nation and profession to at least try.

To everyone in the Gulf Coast, our prayers and thoughts are with you. To the surrounding areas and to all the people who will be helping with the relocation efforts, we're thinking of you and your difficult task ahead. To those in law enforcement, the National Guard, and the US Military that are going over, we pray for your safety and judgement while tending to the strained and dangerous situation. For all those who have the ability to volenteer and are helping, whether by collecting blood, housing families, proving resources, tending to the displaced, search and rescue, medical assistance, security, or even just prayers, God Bless You.

Posted in cuddletech | 104 comments, already