[OpenIndiana-discuss] 13 days to anniversary: why i love Solaris

[the outsider]

system# uptime

  1:26pm  up 1082 day(s), 22:50,  1 user,  load average: 12.32, 12.37, 12.48

system# uname -a

SunOS X4140 5.10 Generic_142901-11 i86pc i386 i86pc

system# who -b

   .   system boot  Jun 25 14:36

 

 

System is already 10 years old, running on 3x 146GB SAS drives. 

Last reboot was because of rearrangement of the power connections in the
datacenter. 

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] arp response tuning for IP Source Guard

[the outsider]

Are you or the technicians SURE that this technique is still valid for
current world with a lot of virtual servers attached to one switch port? 
This technique was invented in a time that every switchport was connected to
at most one MAC address, so when the switch detects more than one MAC
address at a port there was something illegal happening. (or the switchport
was connected to a switch) 

-Oorspronkelijk bericht-
Van: Tim Mooney [mailto:tim.moo...@ndsu.edu] 
Verzonden: vrijdag 6 januari 2017 0:50
Aan: openindiana-discuss@openindiana.org
Onderwerp: Re: [OpenIndiana-discuss] arp response tuning for IP Source Guard

In regard to: Re: [OpenIndiana-discuss] arp response tuning for IP
Source...:

> On 01/05/17 15:37, Tim Mooney wrote:
>> When that was enabled for the subnet I'm on, my hipster workstation 
>> and the hipster VirtualBox VM I have both started experiencing packet
loss.
>> Talking with the network engineers, the Cisco switch is sending 
>> batches of 3 ARP probes periodically, and both my workstation and the 
>> VM appear to be periodically not responding to the ARP probes.  That 
>> causes the switch to temporarily ban/block packets from either 
>> system, which is what's causing the intermittent packet loss.
>>
>> Anyone have any suggestions for what tuning I should be looking at 
>> that would tell the Illumos network stack that it's OK to respond to 
>> semi-frequent batches of ARP probes?
>
> It would be great to see the syslog messages and (if possible) a 
> packet trace showing what's going on.  In general, if the system 
> itself is directly responsible for these outages, it will at least log 
> something about the event.

At the log level I've been running at, there hasn't been anything useful
logged related to this.  If necessary, I can definitely dial up the logging.

> Are these ARP requests or responses?  There are subtle differences 
> between the two.

According to our principal network engineer, the Cisco switch was defaulting
to sending 3 ARP probes (in quick succession) every 60 seconds.  He has
since dialed that back to just 1 per 60 seconds for this particular switch,
to see if that had any impact on the issue, but it did not.

He's done a bunch more research since I sent my initial question to this
list, and right now he thinks the issue may be that the ARP probe from the
Cisco switch is unicast, but Solaris apparently may be issuing ARP responses
as *broadcast*, which the switch may not be expecting.

The reference he found related to broadcast ARP responses is here:

http://seclists.org/nmap-dev/2009/q1/176
 
http://unix.derkeiler.com/Mailing-Lists/SunManagers/2009-01/msg00015.html

He's also suggested that I might be able to set 'arp_defend_interval'
to something like 20 seconds, so that my workstation just periodically sends
unsolicited ARPs for itself, to essentially preempt the switch's probes.
Based on the docs he found:

http://docs.oracle.com/cd/E36784_01/html/E36845/gnogz.html

Since the docs say "Never" in answer to the "When to change" for any of
these settings, I haven't actually tried setting arp_defend_interval.
The way I read the docs, it seems like arp_publish_interval might be better,
but I know better than to argue with our principal network engineer about
anything network related.  :-)

> Based on what I remember from working on this code many years ago, one 
> of the really confusing bits to deal with is Ethernet bridge 
> ("switch") behavior itself.  Many bridges (I think at least Extreme, 
> and probably
> others) have special mechanisms built-in to protect against ARP 
> storms, and they rate-limit based on the number of broadcasts.  This 
> is (I
> believe!) independent of any sort of "Source Guard" feature.  I ran 
> into this issue numerous times when testing Solaris IP Duplicate 
> Address Detection.

Thanks much for the response!

Tim
-- 
Tim Mooney tim.moo...@ndsu.edu
Enterprise Computing & Infrastructure  701-231-1076 (Voice)
Room 242-J6, Quentin Burdick Building  701-231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Cisco IPSec VPN

[the outsider]

Not a single problem. 

I am using it 24/7 in the same setup. 
Just put your OI server in the network and set the gateway to the cisco VPN
device.. 

-Oorspronkelijk bericht-
Van: Jim Klimov [mailto:jimkli...@cos.ru] 
Verzonden: maandag 14 november 2016 13:35
Aan: OI-Discuss 
Onderwerp: [OpenIndiana-discuss] Cisco IPSec VPN

Hi all,

I am faced with a prospect of connecting to a remote network behind Cisco
IPSec VPN (the one with user, password, group and shared keys; will be
practically trying sometime soon this week). Should I expect it to work in
OI Hipster out of the box? Are there docs/blogs on it, or would Oracle docs
I found so far (some hints about conf files and then ipadm tun commands) be
relevant here? Or should I try some other OS right away?

TIA, Jim
--
Typos courtesy of K-9 Mail on my Samsung Android

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Is there a handy way to add users?

[the outsider]

Does useradd fail at creating the user?  Or is the user directory not
created? 

Otherwise:
mkdir -p /home/{username}
useradd -G {staff} {username}

passwd { username} 

chown -R {username} : { staff} /home/{username}

-Oorspronkelijk bericht-
Van: Harry Putnam [mailto:rea...@newsguy.com] 
Verzonden: maandag 31 oktober 2016 20:04
Aan: openindiana-discuss@openindiana.org
Onderwerp: [OpenIndiana-discuss] Is there a handy way to add users?

The useradd tool seem not to be able to add users when a home dir is
stipulated.  I know there has been a bug filed some time back.

Am I likely to end in a mess if I just edit /etc/passwd/group to add a user?

Are there other things to edit beyond the two mentioned above?


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device

[the outsider]

Ouch.. 

No insult intended, i apologize mr. Tribble. 

I shouldn't read and respond during business meetings ;-) 

-Oorspronkelijk bericht-
Van: Peter Tribble [mailto:peter.trib...@gmail.com] 
Verzonden: vrijdag 19 augustus 2016 13:57
Aan: Discussion list for OpenIndiana <openindiana-discuss@openindiana.org>
Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless 
Network Device

On Fri, Aug 19, 2016 at 12:46 PM, the outsider <openindi...@out-side.nl>
wrote:

> And this one seems to have it working too:
> http://www.renatomorano.net/?p=291
>
> Funny thing is that Peter dribble is mentioned in that page. He's on 
> this list too?
>

Tribble. Ahem.

The NDIS stuff is, in general, *really* old. My experience was mixed at best.
I think it got me through an OpenSolaris summit, but it never worked in the 
office, and was pretty unstable in busy environments (eg the airport, where it 
would kernel panic in under a minute).


> And I found this:
> https://thestaticvoid.com/post/2011/06/09/wireless-802-
> 1x-support-in-solaris
> /
>
> ( I can remember that I had a laptop once where I installed OI on. It 
> worked with WPA out of the box for as far as I can remember)
>
> -Oorspronkelijk bericht-
> Van: Carsten Grzemba [mailto:grze...@contac-dt.de]
> Verzonden: vrijdag 19 augustus 2016 13:17
> Aan: Discussion list for OpenIndiana 
> <openindiana-discuss@openindiana.org
> >;
> openindiana-discuss@openindiana.org
> Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My 
> Wireless Network Device
>
>
>
> On 19.08.16 12:20, Jean-Pierre André  <jean-pierre.an...@wanadoo.fr>
> wrote:
> >
> > Aurélien Larcher wrote:
> > >On Fri, Aug 19, 2016 at 11:13 AM, jay <j...@m5.chicago.il.us> wrote:
> > >>
> > >>Esteemed Colleagues,
> > >>
> > >>Yesterday I booted my new laptop (well, new to me) from the latest 
> > >>hipster iso, intending to proceed immediately therefrom to an 
> > >>installation. I noticed, alas, that the system had no knowledge of 
> > >>my wireless network device. This makes the system useless for my 
> > >>computer, it is, after all, a laptop, it is a portable device that 
> > >>on occasion literally sits atop my lap, it has to be able to 
> > >>connect to a network without there being an Ethernet cable stuck into it.
> > >>The Device Driver Utility (or whatever it's called, I don't have 
> > >>it on the screen anymore, otherwise I would be running OpenIndiana 
> > >>and would therefore be unable to send this e-mail) noted, 
> > >>correctly, the existence of a
> > >>
> > >> Broadcom Corporation BCM4312 802.11b/g LP-PHY
> > >>
> > >>but it had no driver for it.
> > >
> > >There has been some work to user NDIS wrapper:
> > >
> > >https://www.illumos.org/issues/3367
> > >
> >
> > This can only use WEP encryption, because the interface to NDIS5 is 
> > not compatible with the WPA four-step handshake (some user level 
> > replies from the access point have to be redirected to the 
> > supplicant).
> >
> > I would volunteer to interface to the Broadcom supplied driver
> > (hybrid-port) for which an unterface to Linux is available, or to a 
> > more recent open source driver for Linux (which supports newer 
> > Broadcom hardware, though the BCM4312 is said to be poorly supported).
> >
> > But I have (again) to ask for help for doing that. The relations 
> > between net80211, mac, dladm and wpad are opaque.
> > There has been a Google summer of code about WPA2, but I could not 
> > get anything useful from it (apparently WPA Enterprise requires a 
> > significant reworking of the relations between these modules).
> >
> > Jean-Pierre
> >
> >
> >
> >
> > ___
> > openindiana-discuss mailing list
> > openindiana-discuss@openindiana.org
> > https://openindiana.org/mailman/listinfo/openindiana-discuss
> >
> I tried to merge the GSoC WPA-Enterprise stuff in illumos but it did 
> not work. Because I couldn't contact the maintainer I stopped my effort.
>
> https://github.com/cgrzemba/illumos-gate
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>
>
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
>



--
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ 
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device

[the outsider]

And this one seems to have it working too:
http://www.renatomorano.net/?p=291

Funny thing is that Peter dribble is mentioned in that page. He's on this
list too? 

And I found this:
https://thestaticvoid.com/post/2011/06/09/wireless-802-1x-support-in-solaris
/

( I can remember that I had a laptop once where I installed OI on. It worked
with WPA out of the box for as far as I can remember) 

-Oorspronkelijk bericht-
Van: Carsten Grzemba [mailto:grze...@contac-dt.de] 
Verzonden: vrijdag 19 augustus 2016 13:17
Aan: Discussion list for OpenIndiana ;
openindiana-discuss@openindiana.org
Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless
Network Device



On 19.08.16 12:20, Jean-Pierre André   wrote: 
> 
> Aurélien Larcher wrote:
> >On Fri, Aug 19, 2016 at 11:13 AM, jay  wrote:
> >>
> >>Esteemed Colleagues,
> >>
> >>Yesterday I booted my new laptop (well, new to me) from the latest 
> >>hipster iso, intending to proceed immediately therefrom to an 
> >>installation. I noticed, alas, that the system had no knowledge of 
> >>my wireless network device. This makes the system useless for my 
> >>computer, it is, after all, a laptop, it is a portable device that 
> >>on occasion literally sits atop my lap, it has to be able to connect 
> >>to a network without there being an Ethernet cable stuck into it. 
> >>The Device Driver Utility (or whatever it's called, I don't have it 
> >>on the screen anymore, otherwise I would be running OpenIndiana and 
> >>would therefore be unable to send this e-mail) noted, correctly, the 
> >>existence of a
> >>
> >> Broadcom Corporation BCM4312 802.11b/g LP-PHY
> >>
> >>but it had no driver for it.
> >
> >There has been some work to user NDIS wrapper:
> >
> >https://www.illumos.org/issues/3367
> >
> 
> This can only use WEP encryption, because the interface to NDIS5 is 
> not compatible with the WPA four-step handshake (some user level 
> replies from the access point have to be redirected to the 
> supplicant).
> 
> I would volunteer to interface to the Broadcom supplied driver 
> (hybrid-port) for which an unterface to Linux is available, or to a 
> more recent open source driver for Linux (which supports newer 
> Broadcom hardware, though the BCM4312 is said to be poorly supported).
> 
> But I have (again) to ask for help for doing that. The relations 
> between net80211, mac, dladm and wpad are opaque.
> There has been a Google summer of code about WPA2, but I could not get 
> anything useful from it (apparently WPA Enterprise requires a 
> significant reworking of the relations between these modules).
> 
> Jean-Pierre
> 
> 
> 
> 
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
> 
I tried to merge the GSoC WPA-Enterprise stuff in illumos but it did not
work. Because I couldn't contact the maintainer I stopped my effort.

https://github.com/cgrzemba/illumos-gate
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless Network Device

[the outsider]

http://forum2.kingofcoders.com/archiver/?tid-854.html

Seems someone had it running? 

-Oorspronkelijk bericht-
Van: Carsten Grzemba [mailto:grze...@contac-dt.de] 
Verzonden: vrijdag 19 augustus 2016 13:17
Aan: Discussion list for OpenIndiana ;
openindiana-discuss@openindiana.org
Onderwerp: Re: [OpenIndiana-discuss] OpenIndiana Drivers For My Wireless
Network Device



On 19.08.16 12:20, Jean-Pierre André   wrote: 
> 
> Aurélien Larcher wrote:
> >On Fri, Aug 19, 2016 at 11:13 AM, jay  wrote:
> >>
> >>Esteemed Colleagues,
> >>
> >>Yesterday I booted my new laptop (well, new to me) from the latest 
> >>hipster iso, intending to proceed immediately therefrom to an 
> >>installation. I noticed, alas, that the system had no knowledge of 
> >>my wireless network device. This makes the system useless for my 
> >>computer, it is, after all, a laptop, it is a portable device that 
> >>on occasion literally sits atop my lap, it has to be able to connect 
> >>to a network without there being an Ethernet cable stuck into it. 
> >>The Device Driver Utility (or whatever it's called, I don't have it 
> >>on the screen anymore, otherwise I would be running OpenIndiana and 
> >>would therefore be unable to send this e-mail) noted, correctly, the 
> >>existence of a
> >>
> >> Broadcom Corporation BCM4312 802.11b/g LP-PHY
> >>
> >>but it had no driver for it.
> >
> >There has been some work to user NDIS wrapper:
> >
> >https://www.illumos.org/issues/3367
> >
> 
> This can only use WEP encryption, because the interface to NDIS5 is 
> not compatible with the WPA four-step handshake (some user level 
> replies from the access point have to be redirected to the 
> supplicant).
> 
> I would volunteer to interface to the Broadcom supplied driver 
> (hybrid-port) for which an unterface to Linux is available, or to a 
> more recent open source driver for Linux (which supports newer 
> Broadcom hardware, though the BCM4312 is said to be poorly supported).
> 
> But I have (again) to ask for help for doing that. The relations 
> between net80211, mac, dladm and wpad are opaque.
> There has been a Google summer of code about WPA2, but I could not get 
> anything useful from it (apparently WPA Enterprise requires a 
> significant reworking of the relations between these modules).
> 
> Jean-Pierre
> 
> 
> 
> 
> ___
> openindiana-discuss mailing list
> openindiana-discuss@openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss
> 
I tried to merge the GSoC WPA-Enterprise stuff in illumos but it did not
work. Because I couldn't contact the maintainer I stopped my effort.

https://github.com/cgrzemba/illumos-gate
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Patience

[the outsider]

Hi,

 

We are running a 24/7 business with several OI servers and zones. 

Today I am in our datacentre suite and I discovered that I forgot my laptop.
Because I am waiting for replacement parts of one of our servers I thought I
could play a game of patience on one of the servers. 

The server is a dual 8 core with 128GB RAM and 48 SSD drives, so that should
do it. 

 

But I discovered now that it has an Intel graphics card..

 

Is there any chance that I could play patience on this machine? 

 

 

 

 

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
https://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] struct msghdr and _XPG4_2

[the outsider]

http://stackoverflow.com/questions/1034587/how-does-xpg4-2-and-other-defines
-work-on-solaris 

-Oorspronkelijk bericht-
Van: Alexander Pyhalov [mailto:a...@rsu.ru] 
Verzonden: woensdag 25 mei 2016 9:16
Aan: Discussion list for OpenIndiana 
Onderwerp: [OpenIndiana-discuss] struct msghdr and _XPG4_2

Hi.
It seems illumos/Solaris is the only OS which doesn't have msg_control and
msg_controllen in struct msghdr by default. So, code like this (this time
taken from scrren), fails.

   struct sockaddr_un a;
   struct msghdr msg;
   struct iovec iov;
   char control[1024];

   len = sizeof(a);
   debug("Ha, there was someone knocking on my socket??\n");
   if ((ns = accept(ns, (struct sockaddr *) , (void *))) < 0)
 {
   Msg(errno, "accept");
   return;
 }

   p = (char *) 
   left = sizeof(m);
   bzero(, sizeof(msg));
   iov.iov_base = 
   iov.iov_len = left;
   msg.msg_iov = 
   msg.msg_iovlen  = 1;
   msg.msg_controllen = sizeof(control);
   msg.msg_control = 

I know I can define _XPG4_2 or experiment with _XOPEN_SOURCE, but it seems
ugly. Is it because of some standard requirements or just historical
artifact? Can we somehow alleviate this issue?
--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] struct msghdr and _XPG4_2

[the outsider]

Interesting topic! 

A quick search brought me this:
https://bugs.php.net/bug.php?id=66013 (but it seems you found it too)

It seems you are bound to XPG4_2... 
http://docs.oracle.com/cd/E19253-01/817-4415/sockets-27/index.html

http://linux.die.net/man/2/recvmsg
http://pubs.opengroup.org/onlinepubs/7908799/xns/syssocket.h.html

I read: 
"The field msg_control, which has length msg_controllen, points to a buffer
for other protocol control-related messages or miscellaneous ancillary data.
When recvmsg() is called, msg_controllen should contain the length of the
available buffer in msg_control; upon return from a successful call it will
contain the length of the control message sequence."

So the use of msg_control is optional if I read it correctly. 


-Oorspronkelijk bericht-
Van: Alexander Pyhalov [mailto:a...@rsu.ru] 
Verzonden: woensdag 25 mei 2016 9:16
Aan: Discussion list for OpenIndiana 
Onderwerp: [OpenIndiana-discuss] struct msghdr and _XPG4_2

Hi.
It seems illumos/Solaris is the only OS which doesn't have msg_control and
msg_controllen in struct msghdr by default. So, code like this (this time
taken from scrren), fails.

   struct sockaddr_un a;
   struct msghdr msg;
   struct iovec iov;
   char control[1024];

   len = sizeof(a);
   debug("Ha, there was someone knocking on my socket??\n");
   if ((ns = accept(ns, (struct sockaddr *) , (void *))) < 0)
 {
   Msg(errno, "accept");
   return;
 }

   p = (char *) 
   left = sizeof(m);
   bzero(, sizeof(msg));
   iov.iov_base = 
   iov.iov_len = left;
   msg.msg_iov = 
   msg.msg_iovlen  = 1;
   msg.msg_controllen = sizeof(control);
   msg.msg_control = 

I know I can define _XPG4_2 or experiment with _XOPEN_SOURCE, but it seems
ugly. Is it because of some standard requirements or just historical
artifact? Can we somehow alleviate this issue?
--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] More recent modsecurity pkg

[the outsider]

-Oorspronkelijk bericht-
Van: Nikola M [mailto:minik...@gmail.com] 
Verzonden: donderdag 5 mei 2016 10:02
Aan: Discussion list for OpenIndiana <openindiana-discuss@openindiana.org>
Onderwerp: Re: [OpenIndiana-discuss] More recent modsecurity pkg

On 05/ 5/16 09:48 AM, the outsider wrote:
> I also have a Solaris 11.3 machine with contract.
> But what are the legal consequences if I compile anything on it?

Your code, your binaries. plus you have a contract.
Even if you don't I know they (Orcl) makes OS releases (without
support/updates) available fo your use and for development.

Openindiana can be used for production use without a contract, but it suppose 
you are active in tresting and making it better :)

> The costs of a contract are not as high as many people think.

I think they are 1K USD per 1 socket server?
But it's sort of off-topic on this list to advocate proprietary products 
support contracts.

I do not advocate anything, but it costs ~ € 750,- for any SUN hardware server 
per year. Dual or single processor same price. And you get hard- and software 
support, even on X4140 and X4150 servers. 
It is a bargain if you compare it with Windows server datacentre. 
The price you mention is for non-sun/oracle hardware
There are nice second hand systems available on Ebay. 

Speaking of proprietary, Orcl Solaris is not as proprietary as one might think, 
since there are open parts of Solaris: https://solaris.java.net/ where 
Openindiana uses a part of it (IPS, parts of X etc
hg.openindiana.org)

OmniTI and Joyent as I know sell support for their illumos-based distros.
(And Nexenta but with pool size limitation and weren't following it lately.)


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] More recent modsecurity pkg

[the outsider]

I also have a Solaris 11.3 machine with contract. 
But what are the legal consequences if I compile anything on it? 

The costs of a contract are not as high as many people think. 
 

-Oorspronkelijk bericht-
Van: Nikola M [mailto:minik...@gmail.com] 
Verzonden: donderdag 5 mei 2016 8:24
Aan: Discussion list for OpenIndiana 
Onderwerp: Re: [OpenIndiana-discuss] More recent modsecurity pkg

On 05/ 3/16 11:25 PM, Stefan Müller-Wilken wrote:
> Dear all,
>
> could anyone with access to the Sun Studio environment do me a great favor
and lift the mod_security package from its current IPS incarnation to the
2.9.1 available from modsecurity.org? I tried to compile it with 'gcc' but
that will crash Apache httpd under oi_151a9 when loading the module.

It is not easy to get older patched Studio releases today. I also tried to
install newest Studio on newest OI hipster, but Orcl is making Studio only
Solaris-aware and it doesn't regularly install, because of a linker
depending on Solaris 11.
If anyone of you have support contract with Oracle and wnat Solaris studio
to support building on illumos, please ask them via regular channel.

Studio that used to be used to compile illumos and OI, before moving to GCC,
with md5sums is named:
43ecac9ceecf0dbe8297ae8caacce457
sunstudio12-patched-ii-2009Sep-sol-x86.tar.bz2
1490e3a8eddd972d7467a36afdf88a5a
sunstudio12u1-patched-ii-2010Feb-sol-x86.tar.gz
(Hash: d08486a68dda65b045b9cd887559fb771da4852c )

Patched SPARC Studio is also not easy to find,
(Hash: dde33b1801b8148df06b6980da750c4294f9afdc ) if someone has
older,patched Studio for SPARC, please report.


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OpenIndiana Docs (proof of concept) - What is it all about?

[the outsider]

Hi Michael,

I admire your dedication, knowledge and your love for OpenIndiana. 
But imho I think you are too late. OpenIndiana is almost near extinction. 

I have been on the mailing lists quite some time and questions and responses
are declining rapidly. 
In my opinion this is caused by the separation of OI users in 2 groups: the
PC/laptop OS users and the server users. 
Too many times there have been devastating discussions about getting Firefox
ready on OI and if or not one should bake pizza's to create the code. While
on the other hand updates for every day used server programs are not
available. 

For server usage in a professional way OI is lacking more and more security
updates, only if you use the hipster or hipster2 or no wait the
hipster-hipster version. (I lost track of it) 
I have long tried to use OI as a professional server but in December I
installed SmartOS and I went from hell to heaven. 
I went from 7 days half-baked "make" "configure" "install" search and
destroy deployment nightmares to 15 minutes deployment. 

There is only one big problem with SmartOS and that it has opensource
sourced by a commercial company. So there can always be a point in time
where the opensource will be closed or unreachable. 
But at this moment Joyent flows there advantages back to the Illumos core.
(http://mail-index.netbsd.org/pkgsrc-users/2016/04/29/msg023314.html) so
even OI should benefit from it. 

So IMHO someone (preferable more than one) should build the bridge between
documentation scattered over illumos, solaris, smartos and Openindiana
websites and creators. 

This is my opinion, no insults intended. 

Br,

Roel

-Oorspronkelijk bericht-
Van: Michael Kruger [mailto:makruger2...@gmail.com] 
Verzonden: woensdag 4 mei 2016 7:00
Aan: OpenIndiana Developer mailing list ; Discussion
list for OpenIndiana 
Onderwerp: [OpenIndiana-discuss] OpenIndiana Docs (proof of concept) - What
is it all about?

Now that the dust has settled a little bit after my initial presentation,
perhaps I should elaborate a bit about my motivations and intentions in
creating this little proof of concept.

In the responses and discussions that followed, some feathers were ruffled,
and a number of points where raised, many of which could be distilled into
at least 3 distinct themes.

I'll start by talking about the first theme as everything else hinges upon
it.


* Community conduct
* Project visibility
* Proof of concepts

* Version control
* Hosting infrastructure
* Project marketing, SEO

* Existing docs (OSOL Docs)
* Viability/Usability of Wiki
* dlc.openindiana.org/docs
* Documentation Standards (media types, etc.)
* Licensing/Contributer agreements/copyrights, branding etc.


It's now been about 3 months since I volunteered to help the project 
with documentation. I have learned quite a bit and overall it's been 
very interesting. I chose this project because it was very small, needed 
people, and I thought I might be able to make a meaningful difference. I 
still believe that.

So, this is my creative outlet. This is a place where I can express 
myself, learn, try new things, and explore new ideas. It's a place where 
I can (hopefully) make a difference.

Having a creative outlet is very important to me, because in my day job 
I work for a government bureaucracy. There each department is it's own 
little kingdom where nobody shares information or works together. As a 
result, innovation is stifled and dysfunction is pervasive. Even worse, 
most people are unhappy, and everyone complains. But the money is good 
and my commute is very short, so I put up with it all.

Here however, we're all volunteering our time. So I think having an 
atmosphere of acceptance, civility, and respect is extremely important. 
If not, the project will eventually curl up and die.

However, before any of that happens, people may find themselves needing 
to work alone or in small groups specifically and intentionally 
excluding individuals with problematic behaviors. This will occur 
because it's simply not possible to get anything done in an atmosphere 
of hostility, jumping to premature conclusions, or where kvetching is 
the rule of the day.

This leads me to suggest there should be an OpenIndiana 'Code of 
Conduct' to help reign in people with troublesome behaviors. After all, 
such individuals effectively prevent others from achieving anything 
meaningful. The future of the project may very well depend on it.

Having said all of that, let me turn the discussion back to my little 
docs website proof of concept. For starters, it's not a submarine 
project, nor do I intend to apply any kind of licensing which may 
restrict it's reuse in any way. Frankly I could care less how it's 
licensed. I wrote it all for the pure joy of writing. And in the spirit 
of community, it's free and available to all.

As for how it evolved the way it did, there are a number of reasons.

As soon as I 

Re: [OpenIndiana-discuss] Looking for experienced user input on specific Machine purchase

[the outsider]

The Specs are quite good indeed.
I don't know where you want to use the machine for, but keep in mind:
1. type of disk controller, only a few are supported by OI
2. number of attachable devices on the harddisk controller, most only accept
2 drives which is too low IMHO
3. I have a ML350G6 server, bought it for the same price. It has low power
consumption, but if i put something in a PCIe slot the fans start to run at
60% which creates a lot of sound. So I need to stick to the embedded P410i
controller.
4. Xeon's X5460 are fast, but consume a awful lot of energy. That is why i
choose the Xeon L5630
(http://cpuboss.com/cpus/Intel-Xeon-X5460-vs-Intel-Xeon-L5630)
5. I searched the internet several weeks for a good second hand server. In
Holland there is a nice second hand server shop: serverhome.nl

Br,

Roel


-Oorspronkelijk bericht-
Van: Harry Putnam [mailto:rea...@newsguy.com] 
Verzonden: zondag 24 januari 2016 1:53
Aan: openindiana-discuss@openindiana.org
Onderwerp: [OpenIndiana-discuss] Looking for experienced user input on
specific Machine purchase

Hoping a few here may have experience with this hardware and can speak from
experience about installing OI and using as a home NAS.

My skill level is weak but I have done something very similar on one
previous occasion. (With plenty of help from this list)

Am I likely to be walking into known headaches?

And finally, I'd like to know if stated specs and price are something of a
bargain?

----   ---=---   -   
HP XW8600 Workstation 2x Xeon Quad Core X5460

Price is $660
----   ---=---   -   
Condition:   Seller refurbished: [...]
Brand:   HPxw8600 workstation
Processors:  2x Xeon (5460)
Processor Speed: 3.1 GHz
Product Line:Workstation
Graphics Processing Type:Dedicated Graphics
Memory:  32GB
Operating System:Windows 7
Hard Drive Capacity: 2TB
Processor Type:  Xeon Quad Core


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] [informational] HyperX Predator PCIe SSD usable as ZFS cache device

[the outsider]

Just to inform everyone, i tested the HyperX Predator PCIe SSD 240GB in a HP
ML350G6 server yesterday and it was detected by the OS as a new drive. 

I must say I that the OS was SmartOS, but I am almost certain that the
device will work on OI also. 

 

I have attached it as a cache device  to my ZFS mirror and it worked very
well. 

Unfortunality HP made a crapy bios for the ML350G6 which detects the PCIe
device and adjusts the ventilatorspeeds to 70% without any need. 

Since I use the ML as a home/office server the increased acoustics of the
vents made me crazy and I removed the Predator. 

 

When I have time I will install it in a server in the datacentre where we
have a 16x 300GB ZFS storage and I can run different benchmarks.  

Format detected the device without any troubles as c1t0d0 and I could
partition it. 

It would be nice to create some partitions for cache and ZIL on the device,
but I don't know if ZFS needs a whole drive or just a partition? 

 

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Mailservers and clients that work on OI

[the outsider]

Ok, but OCUCS  is the top of the bill 
I played with it in SUN time and it was already impressive at that time!
Just like the SUN java webserver, which has now split into iPlanet and Liferay. 
Like all SUN products they were invented and created by the best and most 
creative people. 
I still think that Steve Jobs was sleeping when Oracle wanted to buy SUN. Apple 
could have ruled the world on desktop and server level.
(although it wouldn't be good for the world)

The product I use costs ~€ 1300,- for the first year and a 25 user license. The 
next year you pay approx. € 250,- each year. 
Pricing is beyond home server usage, but for institutional usage it is very 
good and a good alternative for Exchange online. And it runs on OI 100%. 



-Oorspronkelijk bericht-
Van: Jim Klimov [mailto:jimkli...@cos.ru] 
Verzonden: vrijdag 18 december 2015 12:42
Aan: Discussion list for OpenIndiana <openindiana-discuss@openindiana.org>; the 
outsider <openindi...@out-side.nl>; 'Discussion list for OpenIndiana' 
<openindiana-discuss@openindiana.org>
Onderwerp: Re: [OpenIndiana-discuss] Mailservers and clients that work on OI

18 декабря 2015 г. 10:52:20 CET, the outsider <openindi...@out-side.nl> пишет:
>I just want to share this because I see a lot of people moving to
>office365
>and google because they are tiered of all problems with hosting their 
>own mailserver and to keep it up to date and running.
>
>I use a commercial product that works out of the box on Openindiana.
>But it
>is free for 5 users. (although you lose 1 for the "postmaster") It 
>supports SMTP, POP3, RPOP, AIRSYNC, SIP, XMPP, WEBCAL, Webmail and 
>more.
>
>With RPOP you can fetch email from different mail accounts into 1 mail 
>account on this server. So I fetch my mail from several accounts with a
>pop3
>box every 2 minutes and store it in 1 user account on my server. My 
>phone and mailclient connect via IMAP with my server and I can read all 
>mail with
>1 account and 1 password. 
>
>I searched the internet for weeks for a good Solaris ready mailserver 
>and this was the best I could find. Even Oracle doesn't offer 
>mailserver solutions for Solaris.
>
>Since I don't want to be called a spammer I will not post the name of 
>the program.
>If you are interested please DM me, I have 0.0 connections with this 
>mail program but I hate it when people discard OpenIndiana as a 
>server-OS because they think they can do more with something else.
> 
>
>
>___
>openindiana-discuss mailing list
>openindiana-discuss@openindiana.org
>http://openindiana.org/mailman/listinfo/openindiana-discuss
>
>
>___
>openindiana-discuss mailing list
>openindiana-discuss@openindiana.org
>http://openindiana.org/mailman/listinfo/openindiana-discuss

> Even Oracle doesn't offer mailserversolutions for Solaris. 

Not quite true, the last I checked, Sun Mail Server (nee Netscape mail, then 
Java CommSuite, now OCUCS) lives on and produces new versions.

My old job supported it for a number of ccustomers with my hands, a pretty good 
product. Although in Oracle hands it is now only paid-for, and with a minimal 
purchase baseline so it is aimed at providers or very large organizations. 
Things are negotiatable but it is difficult.

Jim

--
Typos courtesy of K-9 Mail on my Samsung Android


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] [HEADSUP] serious security issue in sysding

[the outsider]

Which OI versions are impacted? 
Only Hipster or also 1.59? 


-Oorspronkelijk bericht-
Van: Alexander Pyhalov [mailto:a...@rsu.ru] 
Verzonden: dinsdag 22 december 2015 23:58
Aan: Discussion list for OpenIndiana 
Onderwerp: [OpenIndiana-discuss] [HEADSUP] serious security issue in sysding

If you followed, we've just replaced sysidtool with sysding.
This could have serious consequences for OI zones. sysding has logic which
checks on the first run if zone's root password was set in sysding.conf. If
it wasn't set, it is set to 'NP'. This is necessary for zlogin to work
correctly.

The issue is that until last version it didn't check if root password in
/etc/shadow is non-empty. It is aggravated by the fact, that
service/management/sysidtool was renamed to service/management/sysding. 
So, on zone update sysding thinks that it is run for the first time and
resets root password to 'NP'. The issue is resolved in
pkg://openindiana.org/service/management/sysding@0.5.11,5.11-2015.0.2.12
So, if you update system, ensure that this version is installed in your
zones. If you have earlier version installed, please, check you root
password's hash in /etc/shadow.

The scope of the issue is decreased by the fact that package with sysidtool
=> sysding renaming existed only several hours until updated sysding landed
to the repository.
--
System Administrator of Southern Federal University Computer Center

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Mailservers and clients that work on OI

[the outsider]

I just want to share this because I see a lot of people moving to office365
and google because they are tiered of all problems with hosting their own
mailserver and to keep it up to date and running. 

I use a commercial product that works out of the box on Openindiana. But it
is free for 5 users. (although you lose 1 for the "postmaster")
It supports SMTP, POP3, RPOP, AIRSYNC, SIP, XMPP, WEBCAL, Webmail and more. 

With RPOP you can fetch email from different mail accounts into 1 mail
account on this server. So I fetch my mail from several accounts with a pop3
box every 2 minutes and store it in 1 user account on my server. My phone
and mailclient connect via IMAP with my server and I can read all mail with
1 account and 1 password. 

I searched the internet for weeks for a good Solaris ready mailserver and
this was the best I could find. Even Oracle doesn't offer mailserver
solutions for Solaris. 

Since I don't want to be called a spammer I will not post the name of the
program. 
If you are interested please DM me, I have 0.0 connections with this mail
program but I hate it when people discard OpenIndiana as a server-OS because
they think they can do more with something else. 
 


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] ML350G6 What to do?

[the outsider]

I already use OI 151a9 on a HP N54L server since 2013 but I build it poorly,
with 2x2TB in basic ZFS mirror and 1 very old 250GB for OI itself. 

 

To prevent myself from disaster I searched for a bargain and found something
nicely second hand, so I bought an HP ML350G6 with the (infamous) P410i RAID
card with 512MB RAM and battery backup. 

Server has 1 Xeon L5630, 6x 3,5" SAS/SATA bays and 32 GB RAM. It should
consume low power due to the 40W processor. 

 

it is just a little bit bigger then the HP microserver ;-) But now I have a
battery backupped HD controller, 32GB RAM and 6 3,5" bays and it was cheaper
than a new Microserver. 

 

The server is for home use. I would appreciate suggestions based on the
following needs:

1. the server needs to run several Solaris zones for testing and separating
different jobs

2. the server needs to have SATA drives (WD RED series) 2,3 or 4 TB each

3. idea is to create a ZFS RAID Z2 pool with 4 or more drives

 

The questions I have:

1. What should I install: OI Hipster or OI 151a8 or ??

2. What is the current limit for OI and WD RED series SATA drive sizes? 

3. I could create a RAID1 config on the P410i with 2x 500GB for the OI OS,
then I am a bit safer regarding disk failure. But would it work? 

4. Because the P410i doesn't have JBOD function I want to set all disks as
RAID0 single disk and create a ZFS pool around them, or ? 

 

Br,

Roel

 

 

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OI roadmap (for production)

[the outsider]

Or see these articles:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html#ThirdPa
rtyBulletin

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.ht
ml



-Oorspronkelijk bericht-
Van: Peter Tribble [mailto:peter.trib...@gmail.com] 
Verzonden: dinsdag 8 december 2015 16:25
Aan: Discussion list for OpenIndiana 
Onderwerp: Re: [OpenIndiana-discuss] OI roadmap (for production)

On Tue, Dec 8, 2015 at 11:14 AM, Jim Klimov  wrote:

>
> >From: Tim Mooney [mailto:tim.moo...@ndsu.edu]
>
> >
> >I'm trying to find a way to verify component security that doesn't 
> >rely on more work from the few people that are already doing the 
> >security work, but it's not clear what a good method is to perform 
> >that verification.
> >
> >Tim
>
> Might it make sense to use some pkg(5) metadata to list the cve's 
> known covered by a particular release+patch recipe used in the build? 
> I know i'd quickly stop maintaining such data though, but there may be 
> even pedantical people than mysekf out there ;) And for a 
> commercialized or otherwise paid effort, someone could be doing this 
> sysiphus task. Anyhow, someone has to revise if a cve applies to our 
> code and write down the inspection results somewhere - might as well
accompany the relevant code snapshot.
>
> reminds me sort of like sun's patch readmes with lists of changelogs 
> and bugids and errata...
>

You mean like the way Oracle Solaris has additional IPS metadata to track
CVEs?

https://blogs.oracle.com/darren/entry/cve_metadata_in_solaris_ips

--
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] OI roadmap (for production)

[the outsider]

How far is the foundation of this foundation? 

Would it be an idea to create an international pool of students to work on OI? 

In Holland companies have trainee possibilities for polytechnic students, it 
would be possible to let them work on OI (partially). 
Personally i would like to focus on a secure(=patched) server environment of OI 
and that will take lots of work. 

In this new digital world borders are gone and people can work together easily 
around the world. 
With SVN, Git, skype, irc and so on there are no limits. 

I hope OI will survive in the next coming years.

Br,

Roelof

-Oorspronkelijk bericht-
Van: Private openbabel [mailto:openba...@gmail.com] 
Verzonden: zondag 6 december 2015 22:00
Aan: openindiana-discuss@openindiana.org
Onderwerp: Re: [OpenIndiana-discuss] OI roadmap (for production)



On 05/12/2015 21:16, Bob Friesenhahn wrote:
> On Fri, 4 Dec 2015, Predrag Zečević - Unix Systems Administrator wrote:
>>
>> Also, number of people involved in OS maintenance made me suggest 
>> SmartOS or OmniIT...
>
> OmniOS succeeds due to its quite limited scope rather than a large 
> number of maintainers.  It leaves the responsibility for providing 
> common server applications (e.g. Apache) to others.  SFE is in a 
> fledgling state for OmniOS, but might prove to be a significant future 
> source of applications (in addition to Joyent-supported pkgsrc and 
> third parties who have provided public access to their IPS packages).
>
> SmartOS does not likely have a large number of maintainers either, but 
> Joyent has bet its future on it.  SmartOS also succeeds by limiting 
> its scope.
>
> OpenIndiana has a much larger scope given how many packages it offers 
> by default.
>
> Bob

Dear Bob,

I would like to see a foundation registered in the UK in early 2016 to receive 
donations and sponsorship similar to Libre Office.This will help with some of 
the development objectives outlined.

Regards


Robert Jones

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] Moving zone

[the outsider]

I tried to move a zone from the basic rpool ZFS system to a larger ZFS
system on the same machine. 

 

(The name of my zone is "zonegate", the large ZFS system is called largetank
)

Since there are many different "manuals" on the internet and I tried one
which told to do "zoneadm -z zonegate move. 

 

But this resulted in a partially moved zone. Which states:

 

ZFS list

rpool/zones/zonegate  9.90G  19.9G33K
/largetank/zones/zonegate

rpool/zones/zonegate/ROOT 9.90G  19.9G31K  legacy

rpool/zones/zonegate/ROOT/zbe 9.90G  19.9G  3.11G  legacy

rpool/zones/zonegate/ROOT/zbe-1   85.5K  19.9G  1.96G  legacy

 

So i messed up bigtime. 

And this zone is very important for its data, so I can't afford to make
mistakes. 

 

What is the best thing to do? 

 

 

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] network errors

[the outsider]

zonecfg -z gls3  info
zonename: gl3
zonepath: /zones/gls3
brand: ipkg
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
hostid:
fs-allowed:
net:
address: 192.168.132.173/24
allowed-address not specified
physical: nge0
defrouter: 192.168.132.1

I have multiple zones that share nics over net0, net1 and net2. 
I come from the dark lands of solaris 10 and never used crossbow or vnics
because it was never needed. 

Today I tried to use a vnic setup for a zone to test with it, but Oi
documentation is very limited and new solaris11 documentation uses
instructions that are not incorporated in OI. 
Ipadm create-ip is for example a solaris 11 instruction which is not
available in OI. There is a ipadm create-if in OI, but I don't know if it is
the same.  

When I finally had a zone running with a vnic it couldn't reach the network,
so I moved the complete webserver to solaris 11 and there it runs without
problems with the same ip-address. 

Roel

-Oorspronkelijk bericht-
Van: Jonathan Adams [mailto:t12nsloo...@gmail.com] 
Verzonden: vrijdag 19 juni 2015 18:04
Aan: Discussion list for OpenIndiana
Onderwerp: Re: [OpenIndiana-discuss] network errors

just to start, are these ip-type=shared, or ip-type=exclusive?

If they are shared, can you show us a limited net only section of your
svccfg -z zone info ?

Is there any reason that you are using separate cards for each zone, and not
just virtualizing the cards?

Jon


On 19 June 2015 at 16:56, the outsider openindi...@out-side.nl wrote:

 I have a server with 3 networkports connected to the local network 
 (1GB)

 On my server I run multiple zones all within the same range.
 (192.168.132.x)




 I have several OI and solaris 11 servers and have never seen these 
 problems before, they seem to be related:

 Problem 1:

 When I try pkg update from the global zone I get only error messages 
 like

 URL: 'http://pkg.openindiana.org/sfe'. (happened 4 times)

 3: Framework error: code: 7 reason: Failed to connect to 91.194.74.133:
 Cannot assign requested address

 URL: 'http://pkg.openindiana.org/legacy'. (happened 4 times)



 This Cannot assign requested address can be caused by a limit on 
 free sockets, but I tried netstat -s |fgrep -i listendrop and it
reports:

 netstat -s |fgrep -i listendrop

 tcpListenDrop   = 0 tcpListenDropQ0 = 0

 sctpListenDrop  = 0 sctpInClosed= 0



 so no packets seem to get dropped



 Problem 2:

 From the within the zones I get ping and other connection errors like 
 DNS to all IP-adresses outside the server. This happens randomly it 
 seems.

 root@GF03:~# traceroute openindiana.org

 traceroute to openindiana.org (95.131.249.92), 30 hops max, 40 byte 
 packets

 1  * * *

 2  * * *

 3 ^C



 But 2 minutes later:

 root@GF03:~# traceroute openindiana.org

 traceroute: unknown host openindiana.org

 root@GF03:~# traceroute openindiana.org

 traceroute: unknown host openindiana.org



 a couple of weeks ago the problems were even bigger and I stumbled 
 upon a helpfile on the internet suggesting to turn on 
 svc:/network/location:default

 svcadm enable svc:/network/location:default

 It cured a lot of connection problems, but it was the first time that 
 I had to enable it within zones and there a still strange connection
errors.



 OS is : SunOS PSK-OI 5.11 oi_151a9 i86pc i386 i86pc Solaris



 The server is connected to a 24 port Gigabit switch, together with 
 another Solaris 11 box and a windows server. These 2 servers don't 
 have any problem.








 ___
 openindiana-discuss mailing list
 openindiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

[OpenIndiana-discuss] network errors

[the outsider]

I have a server with 3 networkports connected to the local network (1GB) 

On my server I run multiple zones all within the same range. (192.168.132.x)


 

I have several OI and solaris 11 servers and have never seen these problems
before, they seem to be related:

Problem 1:  

When I try pkg update from the global zone I get only error messages like 

URL: 'http://pkg.openindiana.org/sfe'. (happened 4 times)

3: Framework error: code: 7 reason: Failed to connect to 91.194.74.133:
Cannot assign requested address

URL: 'http://pkg.openindiana.org/legacy'. (happened 4 times)

 

This Cannot assign requested address can be caused by a limit on free
sockets, but I tried netstat -s |fgrep -i listendrop and it reports:

netstat -s |fgrep -i listendrop

tcpListenDrop   = 0 tcpListenDropQ0 = 0

sctpListenDrop  = 0 sctpInClosed= 0

 

so no packets seem to get dropped

 

Problem 2:

From the within the zones I get ping and other connection errors like DNS to
all IP-adresses outside the server. This happens randomly it seems. 

root@GF03:~# traceroute openindiana.org

traceroute to openindiana.org (95.131.249.92), 30 hops max, 40 byte packets

1  * * *

2  * * *

3 ^C 

 

But 2 minutes later:

root@GF03:~# traceroute openindiana.org

traceroute: unknown host openindiana.org

root@GF03:~# traceroute openindiana.org

traceroute: unknown host openindiana.org

 

a couple of weeks ago the problems were even bigger and I stumbled upon a
helpfile on the internet suggesting to turn on svc:/network/location:default

svcadm enable svc:/network/location:default

It cured a lot of connection problems, but it was the first time that I had
to enable it within zones and there a still strange connection errors. 

 

OS is : SunOS PSK-OI 5.11 oi_151a9 i86pc i386 i86pc Solaris

 

The server is connected to a 24 port Gigabit switch, together with another
Solaris 11 box and a windows server. These 2 servers don't have any problem.


 

 

 

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Postfix

[The Outsider]

Try communigate. Works out of the box on oi and has very nice features.
This not spam, i just think it is the best mail solution i ever tried.


On 6 april 2015 21:57:00 j...@m5.chicago.il.us wrote:



Centuries ago, Nostradamus predicted that Dmitry Kozhinov 
d...@desktopfay.com would write on Sun, 29 Mar 2015 20:37:00 +0500:



 As far as I know, Postfix resides in SFE repository. Before installing
 Postfix, add SFE repository (if not have added yet):

 pkg set-publisher -p http://pkg.openindiana.org/sfe


Thank you for telling me this.  I would not otherwise have had any way
of knowing it.  Using your information, I did successfully install
postfix.  It did not work right away, because my postfix configuration
file refers to hash: databases, and the OpenIndiana postfix does not
support hash: databases.  The error message produced by postfix was
completely useless; it was Temporary lookup failure on the recipient
address, an error message that persisted even after the alias database
had been changed from a hash: database to a dbm: database.  I
eventually figured out that I had to rename all of the hash: databases
in my configuration file to dbm: databases, and I had to recreate all
of them with the makedbm program (I have not yet tested whether the
dir and .pag files that were thus created are recognized on the other
operating systems that share the hardware).  But that is to be
expected.  Open-source software never works correctly on
Solaris-derived systems the first time you install it.  It is working
now.  Thank you again for your help.


Jay F. Shachter
6424 North Whipple Street
Chicago IL  60645-4111
(1-773)7613784   landline
(1-410)9964737   GoogleVoice
http://m5.chicago.il.us
j...@m5.chicago.il.us

	But when she traced the killer's IP address ... it was in the 192.168/16 
block!



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Sendmail on oi 151_a9

[The Outsider]

Is that really true?

I mean even Sun's solaris 10 were not-redistributable. I have a lot of 
solaris 10 documents that i don't dare to share because of the disclaimers 
at the first pages.


Even Sun solaris 10 had a line in the disclaimer that is was not allowed to 
post any benchmark results without written permission of Sun.


So therefor my question, has it really changed?


On 15 oktober 2014 07:16:00 Alan Coopersmith alan.coopersm...@oracle.com 
wrote:



On 10/14/14 09:47 PM, Nikola M. wrote:
 On 10/13/14 07:05 PM, Alan Coopersmith wrote:
 On 10/13/14 08:30 AM, Harry Putnam wrote:
 You mentioned docs for solaris 11.  How do I know when I'm looking at
 solaris 11 and not something a bit older?

 Solaris 11 docs have a new style with Oracle Solaris 11 Information 
Library

 And licensing for Oracle docs is also changed from Opensolaris days?
 Like they are owned and controlled by Oracle and non- contributable and
 non-redistributable?

Yes, just like for most other IP Oracle owns in Solaris.

-alan-

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Device driver utility source

[The Outsider]

A year or so ago there were people on the list that claimed they copied 
the whole tree for backup.


Maybe they are still on this list or google might point to these shadow copies.


On 15 oktober 2014 22:56:00 Aurélien Larcher aurelien.larc...@gmail.com 
wrote:



Hi,
thank you, I have already checked several times in the past (including 2
days ago) it seems that tarballs and source repositories are not archived
(or at least the few I have checked).
Best regards

Aurelien

On Wed, Oct 15, 2014 at 10:35 PM, Bruce Lilly bruce.li...@gmail.com wrote:

 Given some formerly working URI which has vanished, one way is to go to
 https://archive.org and enter the URI there.
 E.g.: doing so for opensolaris.org yields the saved archives at
 https://web.archive.org/web/*/http://opensolaris.org

 On Wed, Oct 15, 2014 at 3:23 PM, Aurélien Larcher 
 aurelien.larc...@gmail.com wrote:

  Hi,
  since Nikola brought up the topic of resurrection attempts, I wonder if
  someone has a tarball of the source hosted by the DDU project on (now
  defunct) opensolaris.org ?
 
  Aside from some old 1.1 version that I patched with some 1.3.1 webrev
  leftovers in an attempt to setup a git repository and fix some issues, I
  could not find it on the web.
 
  Same applies in general to projects hosted on opensolaris.org (like
  SAM-QFS).
  Best regards
 
  Aurelien
  ___
  openindiana-discuss mailing list
  openindiana-discuss@openindiana.org
  http://openindiana.org/mailman/listinfo/openindiana-discuss
 
 ___
 openindiana-discuss mailing list
 openindiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss




--
---
LARCHER Aurélien  | KTH, School of Computer Science and
Communication
Work: +46 (0) 8 790 71 42 | Lindstedtsvägen 5, Plan 4, 100 44 Stockholm,
SWEDEN
---
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Device driver utility source

[The Outsider]

Sometimes the answer is so close you can't imagine to look there...

http://wiki.openindiana.org/oi/Package+Repositories


On 15 oktober 2014 22:56:00 Aurélien Larcher aurelien.larc...@gmail.com 
wrote:



Hi,
thank you, I have already checked several times in the past (including 2
days ago) it seems that tarballs and source repositories are not archived
(or at least the few I have checked).
Best regards

Aurelien

On Wed, Oct 15, 2014 at 10:35 PM, Bruce Lilly bruce.li...@gmail.com wrote:

 Given some formerly working URI which has vanished, one way is to go to
 https://archive.org and enter the URI there.
 E.g.: doing so for opensolaris.org yields the saved archives at
 https://web.archive.org/web/*/http://opensolaris.org

 On Wed, Oct 15, 2014 at 3:23 PM, Aurélien Larcher 
 aurelien.larc...@gmail.com wrote:

  Hi,
  since Nikola brought up the topic of resurrection attempts, I wonder if
  someone has a tarball of the source hosted by the DDU project on (now
  defunct) opensolaris.org ?
 
  Aside from some old 1.1 version that I patched with some 1.3.1 webrev
  leftovers in an attempt to setup a git repository and fix some issues, I
  could not find it on the web.
 
  Same applies in general to projects hosted on opensolaris.org (like
  SAM-QFS).
  Best regards
 
  Aurelien
  ___
  openindiana-discuss mailing list
  openindiana-discuss@openindiana.org
  http://openindiana.org/mailman/listinfo/openindiana-discuss
 
 ___
 openindiana-discuss mailing list
 openindiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss




--
---
LARCHER Aurélien  | KTH, School of Computer Science and
Communication
Work: +46 (0) 8 790 71 42 | Lindstedtsvägen 5, Plan 4, 100 44 Stockholm,
SWEDEN
---
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Sendmail on oi 151_a9

[The Outsider]

I am curious what you want to change to sendmail?

It still would suggest the use of webmin, since it will let you set and 
change 85% of the sendmail setting in 5 minutes.



On 13 oktober 2014 20:08:00 Gary Mills gary_mi...@fastmail.fm wrote:


On Mon, Oct 13, 2014 at 12:48:53PM -0500, Bob Friesenhahn wrote:

 The best information available may be found on your system in the
 file /etc/mail/cf/README, which is provided by the sendmail package.

The other place to look is the documents site:

http://www.sendmail.com/sm/open_source/docs/

The release notes and the operation guide are useful.

 It is advised to have a good 'm4' program available since the .mc
 file gets converted to a .cf file using m4.

 For example:

   cd /etc/mail
   vi myconfig.mc
   m4 /usr/lib/mail/m4/cf.m4 myconfig.mc  sendmail.cf

There's a Makefile that does that for you.

 You should save your original .mc file in a safe place (e.g. on
 several systems) so that it does not get lost.  Putting it under
 version control is a good idea.

--
-Gary Mills--refurb--Winnipeg, Manitoba, Canada-

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] is this project still active

[The Outsider]

I have no knowledge of programming. But i am willing to help on the 
website, testsystems, hosting or other needs. Unfortunality i have little 
to zero free time.


It would be nice if we could find students that have interest in developing OI.

But a roadmap would be nice for the above.





On 11 oktober 2014 13:38:00 Alexander Pyhalov a...@rsu.ru wrote:


Mark Stephens писал 11.10.2014 00:22:
 I am trying to decide if I should go with Omnios or OpenIndiana for my
 storage needs. So I would like to ask is this project still under
 active
 development? I do not see much activity on the website or any other
 medium
 such a twitter.

Hello.
The project is still alive. Perhaps, it's not evident, looking at our
site, but it is.
If someone wants to update it, he is welcome.
There are sufficient problems, as OI developer is a more and more
extinct kind of beast.
If you want just basic storage (i.e., fresh base and ~ Solaris 11 level
of userland software
(I mean, a bit outdated)), you can look at OI Hipster. We are trying to
deliver at least most
urgent security fixes. On other hand, illumos-gate provided packages is
rebuilt every day,
which may be not so convenient in server environment - pkg update will
always want to update all
base packages. You can try to stick to Hipster snapshots. We are going
to prepare them
once per several months. The current one is cooking now.
---
System Administrator of Southern Federal University Computer Center


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Future of OI (was Bash Bug issue)

[The Outsider]

True!

That's why i pay for hardsoftware support on solaris 11.2. (Prices are 
reasonable when you have Sun hardware)


But 11.2 != openindiana.




On 10 oktober 2014 02:08:00 Dave Pooser dave...@pooserville.com wrote:


On 10/9/14 5:13 PM, The Outsider openindi...@out-side.nl wrote:

Hmm i am sorry. I seem to have missed that.
Last time i installed and tested it i needed to get a registrationkey and
wasn't allowed to use nexenta for business without paying a quite high
amount of euros.

But that was 3 years ago.

Open source != free-as-in-beer
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com



___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Future of OI (was Bash Bug issue)

[The Outsider]

Hmm i am sorry. I seem to have missed that.
Last time i installed and tested it i needed to get a registrationkey and 
wasn't allowed to use nexenta for business without paying a quite high 
amount of euros.


But that was 3 years ago.


On 9 oktober 2014 23:18:03 Bayard Bell buffer.g.overf...@gmail.com wrote:


On 9 October 2014 20:41, openindi...@out-side.nl openindi...@out-side.nl
wrote:

 From my limited tunnelview:

 Nexenta: closed source, no real root, no zones. IF you want storage with
 support this is the best option.


Please define closed source while accounting for this fundamental fact:

https://github.com/nexenta/illumos-nexenta
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Join to AD Domain with HA kpasswd server

[The Outsider]

I think  joining domain failed (c001) might give you a clue.
When the NAT translates you computers ip-address to a new local, no dns 
reference will exist for that IP.


At least that is what came up in google..


On 8 oktober 2014 21:00:00 Andrew Martin amar...@xes-inc.com wrote:


Hello,

I am attempting to join an OpenIndiana server to an Active Directory domain for
authenticating smb/server following this guide:
http://docs.oracle.com/cd/E19120-01/open.solaris/820-2429/configuredomainmodetask/index.html

However, I do not want to specify just a single domain controller in the kdc,
admin_server, and kpasswd_server fields since that would be a single point of
failure. I have a pair of forwarding servers that host a VIP (ad.example.com)
and NAT traffic to any of the available DCs, so I'd prefer to put the hostname
of this VIP in these fields instead:

[libdefaults]
   default_realm = EXAMPLE.COM

[realms]
   EXAMPLE.COM = {
   kdc = ad.example.com
   admin_server = ad.example.com
   kpasswd_server = ad.example.com
   kpasswd_protocol = SET_CHANGE
   }

[domain_realm]
   .example.com = EXAMPLE.COM

However, this doesn't work when I run smbadm join:
Tree Connection SUCCEEDED (0)
Authentication SUCCEEDED (0) for administra...@example.com by dc0
Using ad.example.com (dc0) as DC for domain example.com (example)
Tree Connection SUCCEEDED (0)
Authentication SUCCEEDED (0) for administra...@example.com by dc0
getting initial credentials (Incorrect net address)
getting initial credentials (Incorrect net address)
Joining domain to alter computer account FAILED (1) using 
administra...@example.com credentials.

Failed to connect to an Active Directory server.
Joining domain failed (c001)

I think this Incorrect net address error is occurring because the address
list provided to Kerberos contains the IP addresses of the OpenIndiana server,
not the NAT server (ad.example.com). According to the manpage, I should be able
to add no_addresses to the [appdefaults] section to request an address-less
ticket:


[libdefaults]
   default_realm = EXAMPLE.COM

[realms]
   EXAMPLE.COM = {
   kdc = ad.example.com
   admin_server = ad.example.com
   kpasswd_server = ad.example.com
   kpasswd_protocol = SET_CHANGE
   }

[domain_realm]
   .example.com = EXAMPLE.COM

[appdefaults]
kinit = {
renewable = true
forwardable = true
no_addresses = true
}

However, doing this does not improve the situation when running smbadm join.
This DOES work when running kinit manually. Changing the kdc, admin_server,
and kpasswd_server to use one of the DCs directly, e.g dc0.example.com, makes
smbadm join work successfully. What can I do to successfully join the domain
using this NAT server for HA?

Thanks,

Andrew Martin

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Bash bug issue

[The Outsider]

There are a lot of tools depending on bash. Including virusscanners and 
spamfilters.


The openCSW bash installs into another directory then the real/old  bash. 
How can you change the old bash with the openCSW bash?


I saw that solaris 11.2 supports a lot of (old) sparc hardware. And most of 
the ever produced X86 servers. Supportcontracts are  reasonable priced i 
think. Aspecialy in this situation...





On 6 oktober 2014 19:28:00 David Brodbeck bro...@uw.edu wrote:


On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith 
alan.coopersm...@oracle.com wrote:

 On 10/ 2/14 07:00 AM, Brandon Hume wrote:

 On many (most?  all?) Linuxes, /bin/sh *is* /bin/bash.


 Many, but not all - the Debian family and some others use a lighter weight,
 POSIX compatible shell instead, dash, the Debian Almquist Shell; and many
 embedded distros use BusyBox instead.

 https://en.wikipedia.org/wiki/Almquist_shell
 http://lwn.net/Articles/343924/



A big driver of this was faster boot, since boot scripts run on /bin/sh.
On some systems the startup time for all those bash processes was a
considerable portion of the total boot time.

Note: It's not enough to make sure no CGI scripts are being run with
/bin/bash.  You also need to make sure no bash processes are being launched
by other scripts, since many scripting languages launch a shell to run
external commands.  Unless the environment is explicitly cleared these are
likely to inherit the environment of the calling process, with all the
nasties in it.

--
D. Brodbeck
System Administrator, Linguistics
University of Washington
GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] TUN driver for AMD64 machine running Openidiana

[The Outsider]

The SFE version isn't the latest version. But it works out-of-the-box.

Compiling the latest version from openvpn sources should be possible. You 
can then copy the new version over the SFE version i guess. This shouldn't 
break the SMF paths.



On 6 oktober 2014 14:38:00 Jonathan Adams t12nsloo...@gmail.com wrote:


root@jadlaptop:~# pkg publisher
PUBLISHER   TYPE STATUS P LOCATION
openindiana.org  origin   online F
http://pkg.openindiana.org/hipster-2014.1/
jds.openindiana.org (non-sticky, disabled) origin   online F
http://opensolaris.cz:1/
sfe-encumbered  origin   online F
http://pkg.openindiana.org/sfe-encumbered/
sfe(non-sticky) origin   online F
http://pkg.openindiana.org/sfe/
localhost  (non-sticky, disabled) origin   online F
http://localhost:1/

root@jadlaptop:~# pkg list | grep tuntap
system/network/tuntap (sfe)
1.3.2.0.0.1-0.151.1.9  i--


On 6 October 2014 12:48, Marc Lobelle marc.lobe...@uclouvain.be wrote:

 On 06/10/14 13:03, Jonathan Adams wrote:

 I have the OpenVPN package installed from the sfe repository, that
 includes
 the tuntap from sfe ...

 works fine on hipster.

 Jon

 I had installed the opencsw version but apparently no tuntap in there.
 What is the url to get the sfe package ?

 Thanks

 Marc



 On 6 October 2014 11:42, Marc Lobellemarc.lobe...@uclouvain.be  wrote:

  Hi,
 I would like to connect an openindiana machine (AMD64) with openvpn over
 TUN. Does anybody of you know were i can get a precompiled TUN driver for
 openindiana ? I'm certainly not the first needing this.

 Thanks

 Marc


 ___
 openindiana-discuss mailing list
 openindiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

  ___
 openindiana-discuss mailing list
 openindiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss



 ___
 openindiana-discuss mailing list
 openindiana-discuss@openindiana.org
 http://openindiana.org/mailman/listinfo/openindiana-discuss

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Bash bug issue

[The Outsider]

Search q-nap  shellshock and you see how deep this goes...


On 6 oktober 2014 19:28:00 David Brodbeck bro...@uw.edu wrote:


On Thu, Oct 2, 2014 at 8:12 AM, Alan Coopersmith 
alan.coopersm...@oracle.com wrote:

 On 10/ 2/14 07:00 AM, Brandon Hume wrote:

 On many (most?  all?) Linuxes, /bin/sh *is* /bin/bash.


 Many, but not all - the Debian family and some others use a lighter weight,
 POSIX compatible shell instead, dash, the Debian Almquist Shell; and many
 embedded distros use BusyBox instead.

 https://en.wikipedia.org/wiki/Almquist_shell
 http://lwn.net/Articles/343924/



A big driver of this was faster boot, since boot scripts run on /bin/sh.
On some systems the startup time for all those bash processes was a
considerable portion of the total boot time.

Note: It's not enough to make sure no CGI scripts are being run with
/bin/bash.  You also need to make sure no bash processes are being launched
by other scripts, since many scripting languages launch a shell to run
external commands.  Unless the environment is explicitly cleared these are
likely to inherit the environment of the calling process, with all the
nasties in it.

--
D. Brodbeck
System Administrator, Linguistics
University of Washington
GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss




___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Bash bug issue

[outsider]

 

Has anyone tried to install the patched BASH version of
https://unixpackages.com [1] ? 

It installs to a different location then the OI Bash and gives an error
: 

bash --version 

ld.so.1: bash: fatal: libintl.so.8: open failed: No such file or
directory Killed 

does anyone have a solution for a manual update of bash? 
 

Links:
--
[1] https://unixpackages.com
___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Bash bug issue

[outsider]

It is very strange with the oracle updates for Solaris 10  11

Is far as I can see, Solaris 10 and Solaris 11 get different bash versions
after the patch. 
I don't know what is allowed to say about it in public, but both test
negative on the (simple) shockshell tests I found. 
(so they seem secured) 







-Oorspronkelijk bericht-
Van: Alan Coopersmith [mailto:alan.coopersm...@oracle.com] 
Verzonden: donderdag 2 oktober 2014 17:10
Aan: Discussion list for OpenIndiana
Onderwerp: Re: [OpenIndiana-discuss] Bash bug issue

On 10/ 2/14 07:20 AM, Bob Friesenhahn wrote:
 On Thu, 2 Oct 2014, Brandon Hume wrote:

 On 26/09/2014 8:47 PM, Gary Gendel wrote:
 The current maintainer says it's been in bash for ~20 years, why 
 it's not in Solaris 10 is a mystery.

 It is in Solaris 10.  (And 11.)  The test being used is flawed:

   env X=() { :;} ; echo busted /bin/sh -c echo completed

 The good news is that if you have a support contract, there is a 
 Solaris 10 bash patch which seems to solve all the reported attack vectors
(in my own testing).
 It took Oracle two patches to get things right.

People found more bugs after the first patch went out.   There are 6 CVE's
for
bash announced in the last week after all.

-- 
-Alan Coopersmith-  alan.coopersm...@oracle.com
 Oracle Solaris Engineering - http://blogs.oracle.com/alanc

___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] New OI /dev release, release structure

[outsider]

It would also be nice to see a split between home-usage and (partial) 
professional usage. 
For the way I use OpenIndiana I don't need a GUI, nor firefox nor codecs or 
movie players. 
I just need a good, stable and secure platform with zones and ZFS. 
And capable of being patchable to the latest available secure versions of BASH, 
SSH, SSL, JAVA and other common Unix OS belongings. 

Who is now managing the code? 
Is there a way to organise a roadmap? 
What if some students are put on the project? 

-Oorspronkelijk bericht-
Van: Alexander Pyhalov [mailto:a...@rsu.ru] 
Verzonden: donderdag 2 oktober 2014 22:41
Aan: Discussion list for OpenIndiana
Onderwerp: Re: [OpenIndiana-discuss] New OI /dev release, release structure

Hello.

Bob Friesenhahn писал 02.10.2014 23:43:
 On Thu, 2 Oct 2014, Nikola M. wrote:
 
 On 09/28/14 04:40 PM, Bob Friesenhahn wrote:
 Hopefully some kind person with necessary knowlege and access will 
 push an updated bash package which works on 151a8/9 so that servers 
 based on OpenIndiana are no longer a disaster situation.
 It would imply that OI servers have automatic updates turned on and 
 that is not exactly the case I think.
 
 The system administrator would have to request the package update.
 First, the package update needs to be available.
 
 As an OI user, I am unable to tell who is/has produced OI and who is 
 still able to produce new packages and prepare releases.
 
 I continue to hear about hipster but then I also hear that there is no 
 longer a useful path from 'dev' to 'hipster' and that 'hipster' is 
 more unstable.  I get the impression that 'hipster' mostly focuses on
 X11 desktop and multimedia software.

First statement is unfortunately true. To make /dev = /hipster update possible 
we need
1) to republish packages which were not rebuilt since /dev a8 with higher 
numbers (2014.x)
2) republish incorporations so that they either are empty or depend on actual 
packages
3) publish neccessary obsoletion / renaming packages
4) test that at least typical text / GUI install can be updated from latest 
/dev to /hipster.
Noone volunteered to do it yet.

Second statement is not accurate enough. There is a lot of activity on desktop 
software, because it should be adapted to new build system.
Also, desktop support is one of OI differentiating features among illumos 
distributions.
So we (at least I) care about both server and desktop software.
However, I understand that with current development model installing Hipster on 
production server is some kind of insanity, as we sometimes update software in 
incompatible ways (major versions update) and sometimes testing is 
insufficient. It doesn't mean that I forget or don't think about testing, it 
means that there are no enough users to thoroughly test system (for example 
today I had to fix python because after last update recompilation with gcc4.8 
triggerred specific bug which was found out only when I tried to build 
python-dependent software in illumos-gate, however, tests, shipped with python 
were successfully passed (at least, no difference with previous python 
version)).

As for multimedia software, I think SFE deals with this much better now. 
At least
they shouldn't avoid shipping programs which are illegal in US (different 
codecs, video/audio players, even wine).
---
System Administrator of Southern Federal University Computer Center


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


___
openindiana-discuss mailing list
openindiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss