Tuesday, February 13, 2007

Windows users come back

I recently got a message from Craig Bender over at ThinGuy informing me that my blog wasn't rendering so well in IE, but that it worked fine in FireFox. Not having anything running windows I tried my phone which displayed similar problems (Blazer on a Treo).


It appears that I had an extra </div> but that is fixed now. The title banner still looks bad in Blazer, but it stops where it is supposed to now.

Thanks Craig.


Unfortunate rendering of this page 

Solaris 10 all AMPed up

The latest news in (S/L)AMP system is pre-built packaged coolstack software. To quote the coolstack site discussing compile time optimization "This results in anywhere between 30-200% performance improvement (depending on workload/application) over standard binaries." To which I say WOOT!

I have to say Solaris AMP or AMPS. SAMP really doesn't do it for me.


In other vaguely related news, I saw mail recently that PHP 5.5 should be available by default in OpenSolaris some time soon.


Also if you are quick about it, it appears that you can have a DVD of the latest SXDE (Solaris Express Developer Edition) sent to you for free. The DVD includes the Solaris AMP packages (so does the download) so you don't have to get them separately.


I am currently one rev prior to the SXDE release in my parallels instance, I guess I should start downloading a new iso.

Another 5 things post

Jon has tagged me, so here we go with 5 things most people don't know about me

1. I have in the past ridden long distances on my bike (and should again in the future).
Almost unimaginably long for some and not really that far at all for others, 100 miles on back to back days, more than long enough for me.
As part of a couple of  330 mile bike rides to raise money for local charities including the Whitman-Walker Clinic and Food & Friends.

2. A three legged cat lives in the cabinet under my bathroom sink.
No really, she choses to live there. She comes out to say hello and try to convince me to turn the tap on low so she can drink from it. Then when she is done she hops back down noses open the door and back in she goes.

3. I have recently started a diet.
Where diet is fairly accurately defined as eating reasonable portions of food and getting more exercise (See 1). In the past four weeks I have lost ~12lbs, I rather expect that rate to drop off, 31lbs and (hopefully) a year or less to go. For those following along at home that is Start: 238 Goal: 195

4. I eat and breath fire.

I started eating fire ~7-8 years ago. At a previous job I had the title "Cheif Fire Eater" and business cards to prove it. I have performed for a party during Pennsic in front of more than a thousand people. A fair number of people's first real memory of me is a younger man with really dark purple hair playing with fire. I have taught my wife and youngest sister (much to my parents chagrin) to eat fire. Edit: My Wife read this and said it sounded like I was saying that I had taught my wife ... who is also my youngest sister. This would not be the case.

5. There are myriad other things, I just can't think of one.

I really had all of this done except for 5 last week then I couldn't decide what the last thing should be. The I started Yakshaving for other things like interesting pictures of the things I have listed. Now I have lost 16lbs. Maybe there will be pictures later.

Five bloggers to tag: I'm late in the game and it would take me a few more weeks to pick five. Possibly I will get to that too.

Monday, February 12, 2007

The Solaris 10 telnet exploit

So at this point you have probably heard about the "0-day" telnet exploit which appears to be a problem with user authentication with in.telnetd. I have seen one proposed work around for the problem that I think may cause some heartburn if implemented.

In Another Good Reason to Stop Using Telnet Donald Smith reports a work around that appears to work. However in simple testing this appears to break normal applications of telnet.
e.g. if you ARE USING PASSWORD BASED USER AUTHENTICATION you will no longer be able to login

The mitigation of the vulnetability which allows logins as any user including root to login without a password.
inetdadm -m svc:/network/telnet:default exec="/usr/sbin/in.telnetd -a user"

I don't have a kerberos enabled environment to test with so I don't know if ticket based authentication would still work in this configuration.

My general thought process would be:

If you are still using telnet, hopefully it is because you absolutely need to use it.
e.g. hard coded legacy application that uses telnet

If you need to use telnet, enable tcp_wrappers
and allow only telnet from your trusted and required hosts.
inetdadm -m svc:/network/telnet:default tcp_wrappers=TRUE

UPDATE 1 (02/13 9:48):

Interim Security Relief (ISRs)  Patches are available in the Sun Alert document. The README does not seem to indicate that a reboot is required. If you need telnet it would seem appropriate to install these patches ASAP. (No really read the README, installing an IDR limits your ability to re-patch the affected areas without first removing the IDR)

Sun Alert ID: 102802 Security Vulnerability in the in.telnetd(1M) Daemon May Allow Unauthorized Remote Users to Gain Access to a Solaris Host

 US-CERT VU#881872 Sun Solaris telnet authentication bypass vulnerability

Thursday, February 1, 2007

Sun Blade 8000 Chassis and Servers are Cool

I have been listening to/watching the Sun internal Blade Summit. (Really a couple of days ago, but I never got around to posting this)

Interesting notes on hardware in general. The things that struck me the most about the general hardware discussion was the power cost of FB-DIMMS. The expectation is that with the high power consumption of FB-DIMMS that the memory will use more, even significantly more power than the CPUs. We have more IO and higher CPU density. That even with the memory power consumption and our higher slot density we still come in at lower power consumption rates. Everything is fully hot swap and hot plug.

Of course there are an incredible number of other cool things that are available now and that will be available soon. Unfortunately as I am attending this because I am interested and I have customers that may be deploying full chassis in relatively large numbers. I can't quite justify not doing everything else I needed to do today. 

Had I been paying more attention to the whole thing I would have a better feel about which of the really cool things I can freely talk about.

Mean Time Service Interruption (MTSI) is reduced, fewer components == fewer failures. Fewer higher reliability fans and power supplies etc.

The concerns aren't really any different. Cooling capacity, Floor Space, Power.  High density in blades helps address floor space. Cooling and Power are the new black.
Peter Snelling, just gave a very interesting and compelling talk about the limitations caused by power draw and as a result cooling capacity.

I had to drop off again, but not before one of the parts I had been waiting for. The management aspects and how the Chassis and Blade management would interact. Not much of a surprise, now I just want to get my hands on a few and play.  

 Sun Blade 8000

The Uptime Institute