Sun Country's Weblog archive
Category : Open Source

Backups using rsync and duplicity

by alan
Published on: October 11, 2012
Comments: No Comments
Categories: Open Source

Slide Deck from a UUASC meeting.  Easy to follow along.


Oracle Makes More Moves To Kill Open Source MySQL

by alan
Published on: August 19, 2012
Comments: No Comments
Categories: Open Source

HP-VUE Lives!

by alan
Published on: August 6, 2012
Comments: No Comments
Categories: Open Source

I just saw this on the OpenIndiana mailing list.

HP-VUE (Visual User Environment) was a Graphical User Interface created by Hewlett Packard.

After a while it was adopted by Sun and others as the default GUI for a Unix Environment.

A lot of money and time was poured into it’s development.

While VUE was renamed the Common Desktop Environment another GUI project was started as an open source program.

That was Gnome version 1.0.

Gnome 1.0 could be compile in a day or two and worked fairly well.

Then came Gnome 2.x which replaced CDE as the default GUI environment for both Unix as well as Linux.

And some Linux distros now support Gnome 3.x while Solaris still uses 2.x.

And now CDE has come back as an Open Source Program.

As Alan Coopersmith (Solaris X Windows God/Programmer) wrote:

Holy water … check.
Wooden stakes … check.
Silver bullets … check.
Chainsaw … check.

Okay, all ready here, we’ll make sure it can’t get back in.

For the rest of you head on over to:

and prepare to relive the horror.

The Wiki is here:

Sudo insults — what a fun feature!

by alan
Published on: August 2, 2012
Comments: No Comments
Categories: Open Source

Painless OpenStack Deployments Using Puppet SlideDeck – UUASC

by alan
Published on: July 6, 2012
Comments: No Comments
Categories: Open Source Presentation.

UUASC – LA – Openstack Presentation Slide Deck

by alan
Published on: June 8, 2012
Comments: No Comments
Categories: Open Source

How to compile C code has been updated

by alan
Published on: April 28, 2012
Comments: No Comments
Categories: Open Source

I’ve updated my web pages on How to compile C code.

Most of the updates revolve around Solaris 11 Release version as well as cmake.

It looks like cmake will become more entrenched over time and I don’t see it going away so I’ve added a web page on how to use it.  It’s a lot like configure and attempts to ease the process of creating Makefiles on a whole bunch of different Operating Systems.

It’s used in notable projects such as Oracle’s own MySQL database.  It’s not that hard to learn and you should be able to pick it up in less than an hour if your sleeping alot.

I also added a link to an Oracle article on how to make an iPKG file so as you transition from Solaris 10 to Solaris 11 you can redo your Solaris 10 packages as Solaris 11 ipkg’s.

I’m not aware of any tool that will migrate from Sys V to ipkg so you’ll probably have to just install your old package first and then redo it again as an Solaris 11 ipkg.  Oh well.  Keeps you employed and gives you something to do.

I’ll add any new RFC’s to the IPv6 pages and then redo the RBAC pages for Solaris 11 as well.  I don’t anticipate much if any changes to the sendmail pages since sendmail hasn’t changed much in the last few months.  And then somewhere in there I’ll add some more stuff to the Networking Tutorial section of the blog as well.



Unbound – Running a DNSSEC aware DNS server on Solaris 11

by alan
Published on: April 8, 2012
Comments: No Comments
Categories: Open Source

It seemed so simple.  How hard can it be.

All I want is a DNS client that understands DNSSEC.  Shouldn’t be difficult.

And it’s not that hard really.

After fiddling with the Berkeley Internet Name Daemon (BIND) (and actually it’s Berkeley Internet Name Domain) that comes with Solaris 11 I went looking elsewhere.

DJBDNS doesn’t seem to support DNSSEC.  Search some more.

Unbound?!  Heard of that.  But does it support DNS Security extensions.

Yes it does.

So how hard is it to setup?

Not that hard.  It just needs libdns as the sole dependency and then you can compile it.  So since Solaris 11 no longer boots 32-bits I configure gcc to compile it as a 64-bit app.

./configure -C –disable-gost

Target: i386-pc-solaris2.11

looks good.  32-bits anyways.  Oh well.  Compile and dump it into /opt/dns

Switch over to the unbound directory.

./configure -C –disable-gost –with-ldns=/opt/dns


Ahh.  Looks better.  64-bits on the x86 platform running Solaris 11.

Compile it up and also install it to /opt/dns

So the config file is named /opt/dns/etc/unbound/unbound.conf

It’s a fully commented config file unlike BIND’s which you just create by hand.

I change the username to alan and setup logging.

After changing the config so unbound will run as a daemon process I start it up.

unbound-anchor tells unbound to update the root anchor files with the most current data.

And then just run:


on a command line by itself.

After it starts it confines itself to a change root jail and runs as user alan so if someone does compromise the daemon they won’t get root access to the system.

I’ll change this in a day or two since alan does have sudo access on the system but for now just note that it does change the user than it can run as.  An important security consideration.

And then I change the resolver to use the unbound server to do it’s queries.

svccfg -s “dns/client” setprop config/nameserver=

And now the big test to see if I can resolve using dnssec

dig +dnssec . @

; <<>> DiG 9.6-ESV-R4-P3 <<>> +dnssec . @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23960
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

; EDNS: version: 0, flags: do; udp: 4096
;.                IN    A

.            7026    IN    SOA 2012040801 1800 900 604800 86400
.            7026    IN    RRSIG    SOA 8 0 86400 20120415000000 20120407230000 56158 . nTw7qILH8bHHuHl1pO4Bf21N97u/od0B6AZDU5YdKMqpD3thZvGHSHWd i/XTTK/MRqtB/jmwOg0qkmA8j4UWDaqV4B8NRcQId3rJOu7xXMDURkym 5F/RPsjt/yKz0fSV7w3qO3pNeW1tDQKGZ9XR/Ock6x5lDWPcHqsYnT+u 8Oo=
.            7026    IN    NSEC    ac. NS SOA RRSIG NSEC DNSKEY
.            7026    IN    RRSIG    NSEC 8 0 86400 20120415000000 20120407230000 56158 . EIqwqBQKhId6KHvzpuHc635JSuk+yoFKQQ6wzFM5dET8A2GGO4TN+z+d 1tuzF0sTOSbI4iEC3Xx6s/dmaocgLPyB9bwHN3lBaTiMqEW8Jk4iF3QM O9pw9L25OePXYyB+EVTR0jh3FZtAVicZi5iYDS+OEpHWjBK8KCxrtTRM CJU=

;; Query time: 1 msec
;; WHEN: Sun Apr  8 13:46:45 2012
;; MSG SIZE  rcvd: 443

Searching on . (dot) in case you can’t see it means to look at the root domain for the Internet.  There are 13 root servers labeled a-m and as you can see in the query it returns the information for root server a.

The important part of the returned information is the flags.  In this example it returned:

;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

With ad being the critical one.  So looking at the man page for dig I see this entry:


Set [do not set] the AD  (authentic  data)  bit  in  the
query.  This requests that the server return, regardless
of whether all of the answer and authority sections have
all  been  validated as secure according to the security
policy of the server. A setting of AD=1  indicates  that
all records have been validated as secure and the answer
is not from an OPT-OUT range. AD=0 indicates  that  some
part of the answer is insecure or not validated.

Which means that this entry has been validated as authentic which means that my resolver is now using DNSSEC if the domain has it set.  And the root domains for the Internet were signed in 2010.  So it works!  And all I had to do was to replace BIND with Unbound and then point the resolver to the unbound server.

So then I tarred it all up and then compressed it so if you want to play around just download the file and stick it in /opt and then unzip it and then untar it.

I was surprised to learn that authenticated does not mean encrypted.  They are not the same.

The documentation for Unbound can be found at their webite:

InfoQ: And It All Went Horribly Wrong: Debugging Production Systems

by alan
Published on: March 30, 2012
Comments: No Comments
Categories: Open Source

~ 1 hour – MP3s and the Slide Deck are available at the link above.

The Magic of Editable PDFs

by alan
Published on: March 27, 2012
Comments: No Comments
Categories: Computerworld / IT World / IDG, Open Source

Flattr Me
Welcome , today is Monday, July 28, 2014