Friday, September 20, 2019

Solaris 10: Extended Support to 2024

Solaris 10: Extended Support to 2024

Solaris 10: Introduction

Oracle Solaris 10 has been an amazing OS update, including ground breaking features like Zones (Solaris Containers), ZFS, Services, Dynamic Tracing (against live production operating systems without impact), and Logical Domains. These features have been emulated by the market (imitation is the finest form of flattery!)

Solaris 10: End of Life

As with all good things, they must come to an end. Sun Microsystems was purchased by Oracle and eventually, the greatest OS known to the industry needed to be updated. Oracle set a retirement date of January 2021. Oracle had indicated an uplift in support costs would be needed, for Solaris 10 systems.

Solaris 10: Extended Support to 2024

No migration tools were ever provided by Oracle to facilitate migration from Solaris 10 to Solaris 11, so migration to Solaris has been slow. Oracle had decided in September 2019 that Extended Support for Solaris 10, without additional financial penalty, would be delayed to 2024!

Saturday, September 7, 2019

Creating an SFTP Server

Creating an SFTP Server

Abstract

In the early days of the internet, the file transfer mode of choice was FTP. This had remained the internet standard for many years, until the need for encryption  had become so prevalent. SFTP happens to be one option for delivering files.

Example

A good reference on creating an SFTP server can be see on this web site. This is not isolated to Linux, but can be used under SVR4 & POSIX systems like Solaris, or other Open Sourced based operating systems based upon OpenSolaris or Illumos.

Caveats

Usually if SFTP is all that is desired to be granted, one should not allow standard TTY based logins. One option is to set up a shell using the "nologin" binary. A quick reference on using "nologin" vs other binaries like "false". In early UNIX days, "sync" was sometimes used!

Saturday, August 31, 2019

Packaging: OpenSolaris, Solaris 11 & Illumos

Packaging: OpenSolaris, Solaris 11 & Illumos

Packaging under UNIX Systems had traditionally been the SRV4 type of packaging. Under newer Operating Systems, network enabling the packaging had been accomplished, through proprietary extensions. Open Source Communities, like OpenCSW, had created network enablement for SVR4 packages. Illumos had done a similar move, from the OpenSolaris base. This tool is called "pkg".

What is "pkg"

The "pkg" tool is called the Image Packaging Systems. Today, packaging under the direction of Oracle had moved to Python language based packaging, instead of native C based binaries, placing greater levels of external language dependencies on the base OS. SVR4 packaging uses multiple binaries (i.e. pkgadd, pkgrm, pkgproto, etc.), while "pkg" bundles many aspects of packaging into a single executable.

Cheat Sheet & Exercises

A short Image Packaging System cheat-sheet is available from Oracle on the , using "wireshark" as an example. The cheat-sheet can be used for developing other exercises to download & manage other tools like: fping & top

Wednesday, July 31, 2019

ZombieLoad Vulnerability: SPARC Solaris Immune

[ ZombieLoad Logo, courtesy ZombieLoadAttack.com ]

ZombieLoad Vulnerability: SPARC Solaris Immune

Abstract:

Computing platforms have long had issues with MalWare, dating back to the MS-DOS days. Windows systems had been targeted, due to their ubiquity as well as the ability to install software with no user interaction into the system using pre-bundled keys. For the most part, UNIX Systems have been immune to most malware. A new classification of malware had become apparent, using CPU vulnerabilities, normally related to the Intel processor (leaving SPARC processors immune.) The latest vulnerability is ZomieLoad, affecting Intel processors and non-UNIX platforms such as Linux and Windows.

What is ZombieLoad

A new family of vulnerabilities on the Intel Processor have become apparent in Mid-May 2019. As an aggregate, they are referred to as "Microarchitectural Data Sampling" or MDS vulnerabilities. ZombieLoad is one of these vulnerabilities. Oracle provided a nice list of CVE's with summary details: CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, and CVE-2018-12127
  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) 
  • CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS)


  • How does it affect SPARC Solaris?

    If you return back t the Oracle provided CVE's above, you will notice the following 2x lines:

    Oracle Hardware

    •Oracle has determined that Oracle SPARC servers are not affected by these MDS vulnerabilities.

     

    Oracle Operating Systems (… Solaris) and Virtualization:

    •Oracle has determined that Oracle Solaris on SPARC is not affected by these MDS vulnerabilities.


    Conclusions:

    If you are fortunate enough to be running SPARC Solaris, you are immune again. If you are not on SPARC Solaris, but on a less secure Intel based Windows or Linux platform - well, you will be needing to supply your operating system vendor's CPU microarchitecture patch and probably reboot. Let's hope you are not having to roll-your-own fix.

    Monday, July 29, 2019

    NYLUG: Talk on ZFS on Linux

    NYLUG: Talk on ZFS on Linux

    Abstract:

    Older file systems were based upon 32 bit UFS (UNIX File System) technologies, which lasted about 10 years, but started becoming tight with modern storage. Sun had produced a modern file system to last the next 10 years - it was called ZFS. ZFS is a 128 bit file system, created by Sun Microsystems, who was acquired by Oracle Corporation, is the primary active maintainer, and feature record of reference. ZFS was open sourced with OpenSolaris and other Open Source distributions started to use it, including Illumos. Eventually, Linux started to leverage ZFS. This talk is by Paul Zuchowski with a little bit of information regarding ZFS on Linux.


    New York Linux User Group:

    Paul Zuchowski is a former Sun Microsystems engineer. I became aware of him when he left a comment on a blog that I followed, He recently gave a talk at the NYLUG in April 2019 regarding the current state of ZFS on Linux. Many of the features, which are currently in the Oracle Solaris 11 release of ZFS are being actively worked on, in order to catch up, in the Linux Community.


    Conclusions:

    While some performance problems engineered by Oracle for Solaris based ZFS features may not even be a sparkle in the Linux community's eye, they are actively trying to find solutions. Hundreds of PB's of storage is currently contained in ZFS on Linux, just with a couple of companies, so clearly ZFS under Linux is mainstream enough for production use.

    Tuesday, June 4, 2019

    The Business Plan for Sun Microsystems

    [Sun Microsystems Logo]

    The Business Plan for Sun Microsystems

    Have you ever wondered what the business plan looked like for a tech startup which becomes a multi-billion dollar international corporation?

    Well, this is an example Business Plan for Sun Microsystems, from back in 1982!

    Tuesday, May 7, 2019

    Fujitsu SPARC M10 and M12 Physical Partitions

    [SPARC Logo, courtesy SPARC International]

    Fujitsu SPARC M10 and M12 Physical Partitions

    Abstract

    A conversation occurred recently, with a marketing expert regarding, whether an OS instance could span multiple chassis. At the time, this author indicated that it was not possible, but capabilities of the Fujitsu SPARC products were not well advertised. Fujitsu published a presentation describing the capabilities.
    [Solaris Logo, courtesy Oracle and Sun Microsystems]

    Oracle Solaris

    There is an off-the-shelf OS, which has the ability to span multiple chassis, but you have to have the right chassis. Fujitsu has long engineered high-end servers with mainframe reliability. Fujitsu had also supplied SPARC hardware for Solaris, from the days f the first SPARC processors! When engineered correctly, Solaris can span chassis.

     An example slide which shows a Physical Partition on individual chassis or spanning 2 chassis.
    [Fujitsu Logo, Courtesy Fujitsu]

    Building Blocks

    One may ask, how this physically works?
    Fujitsu offers a system with an expandable chassis, where there is an external crossbar, attaching multiple chassis together, similar to the way cards in a traditional Oracle chassis uses a crossbar inside the same chassis.

    An example slide of physical Building Blocks illustrated above.

    Conclusions

    SPARC Solaris continues to have unusual features, which are not common in other equipment vendor equipment. Had this author been aware of this capability, cloud building may have been done a different way... providing a seamless way to expand clouds by merely adding one chassis at a time and never having to worry if an OS instance needs to grow large.