Archive for April, 2009

Home Office Geekdom: Two Paths to Glory

Thursday, April 30th, 2009

I need to buy a new office chair. My $100 Ikea office chair that I’ve used for the last couple years finally is beyond what duck-tape and super-glue can remedy and its time for a change. In looking at Ikea’s current selection of chairs I see no equivalent replacement and thus am having to look elsewhere. So I take a trip to my local OfficeDepot store and see what they have…. a big line up of high cost low quality chairs. Suddenly I’m struck with fear that I’m going to either buy a crappy chair at Target or get ripped off at OfficeDepot; either way I’m not going to be happy.

There are enough of you reading this who took the input “need” and “chair” to produce the thought “Buy an Aeron!” that I felt compelled to look into it. I’ve never liked following the crowd, so when Aeron’s became all the rage in ’99 I was put off by it. The big bubble bust only seemed to benefit geeks in one way… a lot of Areon chairs flooded the market as companies who’d just ordered hundreds of them went bust. The result was that the uber-expensive and exclusive chair become far more commonly possessed and I think opened the expensive chair market wide open.

So in examining my variety of choices in quality office chairs I’ve come to think even more broadly about my home office. I’ve worked from home for over 3 years now, but frankly I never actually made changes to my setup as a result. Being a geek I’ve always required a dedicated room as an office/den, if for no other reason to keep all the noise confined.

This led me to reflect on something I call the “two paths to glory”. That is, every geek seems to need to one-up those around them and somehow differentiate and prove their geekdom… this is done in one of two ways:

  1. More is More: These are the guys with a deep wallet that always have the fastest processors, biggest screens, flashy furniture, etc.
  2. Less is More: The geek who does the most with the least (and generally brags about it). The more obscure your setup the better.

In the old days this divided nicely along OS lines. The Windows and Mac guys would boast about their MacWorld or PC World top rated gadgets. The UNIX/Linux guys would boast about their SGI Indigo2 or 486 running Linux on a 14″ screen and how that was all you really needed. Recently, especially with the proliferation of affordable, powerful laptops the less-is-more crowd has tended toward a MacBook Pro… no office, no network, just a MacBook Pro and some wifi, if it can’t be done with that it doesn’t need doing.

So the lines blur when you work full time from home, suddenly your not sure which camp in which you fit. For instance, I bought a good desk several years ago and a cheap chair and I upgrade my Solaris workstation once a year with a complete system replacement around every 3-4 years. I only currently have a single system and that works for me. I just don’t see the point in putting a lot of money into lots of gear, because I got into system administration when I realized that the computers I really wanted to play with were so expensive I’d never be able to afford them…. the only way to use such gear was to let others pay you to do it. Sweet deal.

On the other side is the argument everyone has heard applied to mattresses: “You spend almost 25% of your life on your mattress, so [spend a lot]…” When I recently asked folks what they thought about paying $600 for a new office chair I was surprised how many people thought it was reasonable, with similar logic: “If you spend more than 8 hours a day in a chair, you’ve got to invest in a good one.” I understand the argument, but still can’t get past the sticker shock. $600 for a chair? $2 for a cup of coffee? What the hell is wrong with people!?!

This leads me to think the only rational explanation for the two camps is experience. That is, if I never spend time using a $1,000 chair or a 30″ display or whatever, I’m unlikely to feel I need it. But, if by some chance I do get that luxury, giving it up may be impossible. This jives with most of the Areon elite I know… they first used them in an office and then when they started working from home they just had to have them. Likewise, those like myself that don’t see the point are folks like me that either never had a choice in chairs or never gave them any thought and just used whatever was available.

The argument extends not only to chairs and workstations, but to input devices. To this day I only use Sun Type5/6 keyboards or cheapo $10 Keytronics. I only use mechanical 3 button USB Logitech mice because I absolutely hate mouse-wheels (hate hate hate!!!). I’m terrified of the day I have to diverge… but there are plenty of people who think that, like a chair, you’ve got to invest is $100+ keyboards and high end mice. Wierd. Granted, I’d love to have an Optimus Maximus, but then I’d actually prefer to just find a cheap Sun Type 5 to USB adapter. :)

So here is the question for you my friends….. in which camp do you fall? Do you equip your home office with a 24″ trihead Xinerama setup, high end desk, home NAS box, test box, workstation, laptop, Herman Miller chair and all the goodies you could to afford to buy from ThinkGeek? Or, are you like me, cheap and unaware of the need for such things, buying up gear when you find a deal but generally getting by with gear that does the job?

Posted in cuddletech | 58 Comments »

What now… Facing the Post-Sun Era

Thursday, April 23rd, 2009

The initial shock of the Oracle deal is starting to fade. Without doubt there will be lingering regret, sadness, and quite rightly anger, for years to come. Some have referred to Sun as being as much a religion as a company, and for some of us that perhaps more true that we wish to admit. In that light, placations like “its business, not personal” is little consolation. We’ve lost something and an era has past into history, much like DEC, something is gone that we can’t get back.

In the wake, there is a fear for a great many of us. A lot of us have a lot of stock in Sun Microsystems… not shares of common or preferred, but emotional, personal, professional. How many of us are known as “the Sun guy”… a great many. What happens to that intangible vested stock? What do we do?

Sound over-dramatic? I’m sure that about half of you reading this are thinking “really, life goes on, get a grip” and the other half are now struggling with an uncertainty you previously took for granted. It is to the latter that I speak.

Almost everyone seems to agree that given the choice between IBM and Oracle, the latter is better. I admit I liked IBM as a prospect only because I think that the cultures of Sun and IBM are so different that the two couldn’t integrate. Rather, Sun would be like a rebel alliance deep within the deathstar. Some element of the counter-culture would survive. But Oracle… they fit almost too well, I can see the two integrating and it will force Sun’s products back into that old enterprise mentality.

I think whats really changed at Sun in the last 10 years is a shift in the definition of “enterprise”. It used to be those with the cash for big SPARC servers, Solaris licenses, and a passion for support contracts. The shift was for us to counter Linux by saying “everything is (or can be) enterprise”! Solaris is the premier enterprise grade operating system, and you can put it on your E10K, or your X4200, or your Supermicro, or your Asus EEE. DTrace belongs on your $500,000 server and your MacBook.

Whats the underlying problem Sun has been unwilling to face? I think its that Sun is too many things to too many people. We all have solutions for how to “fix Sun”… but all of our solutions are different. Because we all see Sun differently. My brother-in-law is one of the industries premier J2ME developers; we’re on opposite parts of the same company, he could care less about the systems group, and I believe that Sun is a systems company and should focus there. As I’ve said many times in the past, Sun is a house divided. And for all the attempts and efforts, producing a real end-to-end offering hasn’t bore enough fruit.

I think Oracle is going to do what Sun’s management has been too afraid to do… their going to make the tough choices and unify the products. Its going to be painful and ugly… but they may finally align all the cogs and wheels to provide aligned solutions. They’ve said as much in the initial releases and I believe it thoroughly.

People keep speculating on what will survive and what will be chomped. Will Oracle kill X86? Or will they dump OpenSolaris? Or will they…. Frankly, I doubt non-overlapping products have any concern. Some of the middleware will be integrated and melt into the mix, but I think thats the extent. Rather, I expect Oracle to do a lot of pruning. Just as with gardening, you need to trim away less productive stems to channel maximum resource into those with the most promise. Therefore I think we’ll see fewer offerings, but much stronger ones.

For those of us with a vested interest in Sun, I think this is a time to shine. The change will be potentially radical, and that provides an opportunity for first-mover advantage. There are going to be a lot of questions, a lot of concerns, a lot of uncertainty, and people with answers and solutions stand to gain. Consulting should be lucrative. Bloggers and writers, and those who are ready to help on mailing lists and within organizations can prosper.

The key is to pick ourselves up, individual and collectively, and be ready to embrace the change. Not because we want to, but because thats the reality of it.

If Oracle does what it seeks to do, there should more opportunity for skilled Solaris admins and developers than we’ve seen in several years. All that SPARC knowledge you shelved may need a refresher. And if Oracle can truly provide that end-to-end experience, there will be a tremendous need for engineers that not only understand UNIX or even Solaris, but understand DTrace and ZFS and ILOM and LDOMs and xVM and Crossbow and Zones and SPARC and Cluster and on and on. The value will come from those individuals who not just understand a given Sun technology but rather a complete integrated stack view.

Oracle’s going to follow up product offerings with support and consulting… but we all know that only goes so far, the rest of us will need to go the distance.

So my advice is nothing extraordinary, but rather the obvious, as an encouragement. Soon all your skills may be required of you. We all have a head start. If Oracle puts its weight behind Solaris and even SPARC it may dislodge some of the inroads Linux has made and put Solaris back on top in the enterprises of the world. We must be ready, we must be watchful, and we must seize opportunity as it arises.

DEC went down a road of destruction. We can be thankful we’ve been spared a similar fate, which may well have been with IBM. As sysadmins, developers, enthusiasts, employees, partners… as a community… we’ve got to dust ourselves off and look ahead and look around us for all the possibilities that present themselves.

I’ll leave you with this thought:

A wise and dear friend of mine today asked me: “Where does your allegiance lie: with Sun or with Solaris?” That’s a question each of us has to re-evaluate very carefully.

Posted in Sun | 56 Comments »

Jonathan Speaks…

Wednesday, April 22nd, 2009

Jonathan sent a email to the company, the WSJ has reposted it here: Sun’s Schwartz Tries to Reassure His Troops in Email.

The following amazes me…

We’ve never walked away from the wholesale reinvention of business models, the redefinition of technology boundaries or the pursuit of new routes to market.

Apparently there is no time like the present in which to start. Going on…

We’ve never walked away from a challenge – or an opportunity.

um…. what?

I do not consider the announcement to be the end of the road, not by any stretch of the imagination. I believe this is the first step down a different path, one that takes us and our innovations to an even broader market, one that ensures the ubiquitous role we play in the world around us.

Did I miss something? I know I’ve been drinking Jonathan’s kool-aid a long time, but if Sun ceases being Sun and become a part of Oracle, isn’t that the end of the road? Sun badge replaced with Oracle badge… I think thats sorta the end.


Thank you for everything you’ve done over the years, and for everything you will do in the future to carry the business forward.

Ya, to carry their business forward. What the hell?

Lets please separate things a bit. Solaris, Java, MySQL, SPARC, etc, will go on…. Sun will not. His email sort of glosses over that fact with the same old crufty flowery “we rule” statements… except that “we” don’t exist anymore, or at least we won’t in a couple months.

I think the Oracle deal may very well be transformational for Solaris, Java and SPARC, but Sun Microsystems is something very near and dear to many of us… and now its done. I realize he was trying to avoid a “sorry, we tried, it was time to throw in the towel” mail, but wow… our great and mighty leader is himself in denial. Sad.

In a cloud of sadness and bewilderment, I find comfort in Ecclesiastes, the wisdom of Solomon, approx 3,000 years ago he had the right words: 

3:1 For everything there is a season, and a time for every matter under heaven:

2 a time to be born, and a time to die;
a time to plant, and a time to pluck up what is planted;

3 a time to kill, and a time to heal;
a time to break down, and a time to build up;

4 a time to weep, and a time to laugh;
a time to mourn, and a time to dance;

5 a time to cast away stones, and a time to gather stones together;
a time to embrace, and a time to refrain from embracing;

6 a time to seek, and a time to lose;
a time to keep, and a time to cast away;

7 a time to tear, and a time to sew;
a time to keep silence, and a time to speak;

8 a time to love, and a time to hate;
a time for war, and a time for peace.

Posted in Sun | 30 Comments »

Sun Microsystems: R.I.P.

Monday, April 20th, 2009

Sun’s board has achieved its goal of whoring the company. The odd thing about it is that rather than selling to a hardware business such as IBM or HP or Dell or even Cisco, out of the blue came Oracle to seal the deal. So, if you haven’t yet heard the news: “Sun and Oracle today announced a definitive agreement for Oracle to acquire Sun for $9.50 per share in cash. The Sun Board of Directors has unanimously approved the transaction. It is anticipated to close this summer.”

There is no way for me to take this positively. Many of you, loyal readers, know that I tend to err on the side of idealism; frequently to my peril. Rather than seeing an acquisition as a way to save Sun, I rather see it as the final failure of Sun’s board of directors and the leadership of Jonathan Schwartz.

Jonathan is himself idealistic, which has always drawn me to his banner. I’ve frequently taken exception to criticism against him… because I believe in what he wanted to do. However, I can no longer avoid the inevitable conclusion that his inability to execute has killed my beloved company.

Frankly, I see this as complete cowardice. Sun needed to make radical changes to its business.. but rather than do so they opted to ride it out and wait for someone else to make the tough choices. While this may be the best choice for shareholders, its tough for those close to the business to take. In years time people will be speaking about Sun the same way we currently talk about DEC. Will the Sun brand die? Maybe not. Will Sun’s products be more prominent than ever? Quite possibly…. but it won’t be the same company.

So is this the end? No, I don’t think so… quite the opposite, I see it as a new beginning. I’m simply angry that Oracle is going to do the work that the Sun Board of Directors failed to do; damn the shareholders (of which I am one).

One of the inevitable consequences of this sort of deal is that sales are going to grind to a halt for a season. For instance, I’m super excited about the new Intel X5500 powered Sun Fire X4275… 12 3.5″ drives, Sun SSD, ILOM, Intel Networking… its a killer!

…. but what will become of the Sun X86 line? Do I want to buy a bunch of boxes that may not have a future? I’m not putting my money on that bet.

As for Oracle… this is what scares me. To this very day, Oracle 11g is not available for Solaris/X64! Oracle has completely ignored Solaris/X64 for some time now. Combined with Oracle’s promise to put Sun’s margins in order, suggests a new life for SPARC. While I think the better future is to push Oracle 11g RAC on Sun X64 systems that may not be in the cards.

What will happen? There is a lot of speculating I can do, but I’m going to wait for details. It’s like being a 20 year old kid living away from home and the parents have shown up unexpected, and you know you’re in deep shit but not sure what’ll happen next. Parties over, thats for damned sure.

Posted in Sun | 55 Comments »

OpenSolaris vs Nexenta: Distro Wars

Sunday, April 12th, 2009

OpenSolaris is drawing close to its 3rd distribution release. Nexenta is closed to releasing NCP 2. It’s nearing the time to decide. Here are some of my thoughts in an attempt to stimulate the conversation after recently spending some time with both.

Nexenta really is impressive. NCP is true to its name, its a core and nothing more. Despite that, if you’re not a Windows…erm, I mean, GNOME, fan this simply means there is less crap to uninstall post install. The number of packages in Nexenta Apt is very impressive, not everything you’ll want is there but all the build environment basics are there. Installing software using apt is fast… scary fast. So fast that I often didn’t believe it truly installed the software but indeed it had. But best of all, Nexenta lets you build software as though you were on Linux, very few porting changes required. Solaris kernel, ZFS, DTrace and you can compile software without getting suicidal? Amazing! Nexenta warms my heart.

The only disadvantages for Nexenta are that it lags behind Nevada bits quite a lot and finding components from Nevada can be tricky.

OpenSolaris has that nifty installer LiveCD and is powered by IPS… but comes with traditional baggage. IPS is slow compared to apt, package naming is confusing and frustrating (SUNW has got to go, seriously people), and often times its hard to tell if you’ve installed all the bits you want (more Metapackages required). IPS seems to want to re-index and re-fetch catalogs way too often causing even simple actions to slow down even further. And the old GNU or SysV debate seems to still rage in IPS repos making software as painful to build as always. Never the less, IPS Images (boot environments) are a clever use of ZFS but of course rules out UFS root which shockingly some people do still prefer (namely, those of us who like breaking ZFS in unique and torturous ways).

SX:CE is an addiction I admit finding hard to give up. For the Solaris pureist it is what we’ve known and loved for a decade. Not having to figure out what package includes what feature by simply doing a full install of SX:CE provides you with a very predictable canvas upon which to do amazing things. There are drawbacks but they are well understood and addressed.

And so, what to use? Nexenta provides me with a painless environment in which to build software on my own. OpenSolaris (Indiana) is the future but still has a lot of maturing to do and making it what I want is a considerable investment of time (ie: make it dev friendly like Nexenta). SX:CE is still near and dear to my heart but I am constantly threatened with its ultimate demise, which thankfully still hasn’t happened.

So what is your choice? If you’re hooked on SX:CE, when you’re forced to choose which will you embrace? Or will you abandon Nevada for S10 when that happens? Is this an Indiana vs Nexenta debate or really an Apt vs IPS debate, or even a GNU friendly vs not so much discussion?

Posted in OpenSolaris | 116 Comments »

IBM/Sun Deal Dead

Monday, April 6th, 2009

Ashlee Vance and Steve Lohr at the New York Times reported that I.B.M. Withdraws $7 Billion Offer for Sun Microsystems: “On Sunday, I.B.M.’s board decided to withdraw the offer.” Read the article for (sketchy) details.

Is this good or bad? For those of us who didn’t think the acquisition was in the best interest of Sun’s products and communities its positive, but regardless the article rightly quotes: “Sun is now sort of damaged goods,” Peter Falvey, the co-founder of Revolution Partners, a technology-focused investment bank

Damaged goods indeed. Whatever Sun says or does, we know it doesn’t believe in itself and has, in my mind, simply given up. Even if this isn’t the case, Sun’s going to spend a lot of time, energy and money convincing customers that its committed. Sun made a big gamble and they blew it.

Will Cisco rocket into the server business by picking up the broken pieces? Who knows. All eyes will no doubt be on JAVA shares to free-fall on the market open Monday morning.

I will say, if Sun has to be acquired, just please please please don’t let it be HP. :)

Additional Thought:

I rarely intend to come off as negative but some times I do… let me propose an alternative reason for Sun’s desire for acquisition.

Many of us believe that if Sun really wants to grow its going to have to radically reorganize, to become lean and mean. This would make its slow, painful, and frequent RIF’s look like a pregame show. It is possible that Sun’s executives hope to avoid these radical cuts through acquisition by a larger entity that can absorb the workforce in order to save as many products and personnel as possible. That is an honorable possibility.

Posted in Sun | 35 Comments »

Solaris Loopback Crypto & Compression

Wednesday, April 1st, 2009

Linux has always been in love with its loopback trickery for implementing compression and cryptography but a cry has gone out for similar capabilities in Solaris and those requests have been answered. The Solaris Loopback File driver (aka: LOFI) has supported compression for some time now, and as of snv_105 encryption has been added as well.

LOFI Basics

If your unfamiliar with LOFI, lets catch you up. LOFI is used for accessing a file as a block device. The most common use is for loopback mounting ISO images. You simply create a loopback device for the file and then mount the image (CD/DVD’s are typically the HighSiera FileSystem: “hsfs” as opposed to the iso9960 filesystem type on Linux): 

root@quadra ISO$ lofiadm -d /dev/lofi/1
root@quadra ISO$
root@quadra ISO$ lofiadm
Block Device             File                           Options
root@quadra ISO$ lofiadm -a dfly-gui-2.2.0_REL.iso
/dev/lofi/1
root@quadra ISO$ lofiadm
Block Device             File                           Options
/dev/lofi/1              /home/benr/ISO/dfly-gui-2.2.0_REL.iso  -

root@quadra ISO$ mount -F hsfs /dev/lofi/1 /a

root@quadra ISO$ cd /a
root@quadra a$ ls
COPYRIGHT   autorun      autorun.pif  boot.catalog  etc         kernel.smp  root      sys  var
README      autorun.bat  bin          dev           etc.hdd     mnt         rr_moved  tmp
README.USB  autorun.inf  boot         dflybsd.ico   index.html  proc        sbin      usr

root@quadra a$ cd /
root@quadra /$ umount /a
root@quadra /$ lofiadm -d /dev/lofi/1

root@quadra /$ lofiadm
Block Device             File                           Options
root@quadra /$

Another way to LOFI is to create an empty file, create a loopback device for it and then to treat it like a disk, creating a filesystem on it and such. This has its usefulness but can be kinda boring. 

root@quadra ~$ mkfile 100m lumpospace       

root@quadra ~$ lofiadm -a /home/benr/lumpospace
/dev/lofi/1

root@quadra ~$ newfs /dev/lofi/1
newfs: construct a new file system /dev/rlofi/1: (y/n)? y
/dev/rlofi/1:   204600 sectors in 341 cylinders of 1 tracks, 600 sectors
        99.9MB in 22 cyl groups (16 c/g, 4.69MB/g, 2240 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
 32, 9632, 19232, 28832, 38432, 48032, 57632, 67232, 76832, 86432,
 115232, 124832, 134432, 144032, 153632, 163232, 172832, 182432, 192032, 201632

root@quadra ~$ mount /dev/lofi/1 /a
root@quadra ~$ df -h /a
Filesystem            Size  Used Avail Use% Mounted on
/dev/lofi/1            94M  1.1M   84M   2% /a

root@quadra ~$ umount /a
root@quadra ~$ lofiadm -d /dev/lofi/1

LOFI Compression

Compression is slightly non-intuative in that you can compress and existing image but thereafter it is available read only. You can not read/write a compressed image. Images can be compressed by running lofiadm -C gzip somefile, before adding the file as usual. The only (currently) available algorithm is GZip, which can by default is set to gzip6 but can be tweek such as by specifying “gzip-9″.

Lets compress the image we created with UFS above for fun. I’ve added 26MB of binaries to it and it was originally a 100MB file (image). 

root@quadra /$ lofiadm -C gzip-9 /home/benr/lumpospace
root@quadra /$ ls -lh /home/benr/lumpospace
-rw------T 1 root root 9.7M Apr  1 15:15 /home/benr/lumpospace
root@quadra /$ lofiadm -a /home/benr/lumpospace
/dev/lofi/1
root@quadra /$ lofiadm
Block Device             File                           Options
/dev/lofi/1              /home/benr/lumpospace          Compressed(gzip-9)
root@quadra /$ mount /dev/lofi/1 /a
mount: I/O error
mount: Cannot mount /dev/lofi/1

Notice the mount failed… thats because the image is read-only… try again with the read-only mount option (ro): 

root@quadra ~$ mount -o ro /dev/lofi/1 /a
root@quadra ~$ cd /a
root@quadra a$ ls
7z                     avahi-publish-service        chat                       cxref                            dvd+rw-format
7za                    avahi-resolve                checkeq                    daps                             dvd+rw-mediainfo
...

So the result of compressing the image is that its now read-only… but the 100MB image with 26MB of data now only consumes 9.7MB of disk.

If you decide you need to add data to a compressed image, you’ll need to uncompress it (using ‘lofiadm -U compressedfile’), do your thing, then re-compress it.

Truth is, compressed lofi is fairly uninteresting in most cases because ZFS already does a great job with read/write compression. So… moving on to encryption….

LOFI Encryption

Encryption is more interesting. You can use a variety of algorithms including AES (128bit, 192bit, and 256bit), 3DES, and Blowfish, with a variety of key stores.

Lets do a simple example using Blowfish. Notice that if you do not specify a key store it will resort to using passwords: 

root@quadra ~$ mkfile 100m secrets
root@quadra ~$ lofiadm -a secrets -c blowfish-cbc
Enter key:   goawaynow
Re-enter key:  goawaynow  <--- Not echo'ed
/dev/lofi/1
root@quadra ~$ lofiadm
Block Device             File                           Options
/dev/lofi/1              /home/benr/secrets             Encrypted

root@quadra ~$ newfs /dev/lofi/1
newfs: construct a new file system /dev/rlofi/1: (y/n)? y
/dev/rlofi/1:   204600 sectors in 341 cylinders of 1 tracks, 600 sectors
        99.9MB in 22 cyl groups (16 c/g, 4.69MB/g, 2240 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
 32, 9632, 19232, 28832, 38432, 48032, 57632, 67232, 76832, 86432,
 115232, 124832, 134432, 144032, 153632, 163232, 172832, 182432, 192032, 201632
root@quadra ~$ mount /dev/lofi/1 /a
root@quadra ~$ cp IBM-TakeoverPlan /a
root@quadra ~$ umount /a
root@quadra ~$ lofiadm -d /dev/lofi/1

So we created an empty file for loopback use, added it with Blowfish encryption enabled, and created a UFS filesystem on it. Then we use it like any normal filesystem, unmount it and destroy the LOFI when we're done.

When you decided you need to use it again, you'll preform the exact same steps, however the password you enter will be the same password. This is the strange bit... if you get the password wrong everything will seem to work but the data is unreadable. (this is because the password is your key and the key is wrong, therefore the data won't decrypt): 

root@quadra ~$ lofiadm -a secrets -c blowfish-cbc
Enter key:   thisismykey
Re-enter key:   thisismykey <--- this is not echo'ed
/dev/lofi/1
root@quadra ~$ lofiadm
Block Device             File                           Options
/dev/lofi/1              /home/benr/secrets             Encrypted
root@quadra ~$ mount /dev/lofi/1 /a
mount: /dev/lofi/1 is not this fstype

When it comes to key stores... you have the option to use an ephemeral (one-time) key (-e), a raw key file (-k keyfile), or a PKCS#11 token (-T).

Lets try using a raw key file. We'll generate it for AES256 using the Solaris Key Management Framekwork's pktool: 

root@quadra ~$ pktool genkey keystore=file outkey=lofi.key keytype=aes keylen=256 print=y
        Key Value ="b2998f7634863a563e6030085dcf01d4680b4fd90f0de6661824fba215ba9cb9"

root@quadra ~$ mkfile 100m toomanysecrets
root@quadra ~$ lofiadm -a toomanysecrets -c aes-256-cbc -k lofi.key
/dev/lofi/1
root@quadra ~$ lofiadm
Block Device             File                           Options
/dev/lofi/1              /home/benr/toomanysecrets      Encrypted
root@quadra ~$ newfs /dev/lofi/1
newfs: construct a new file system /dev/rlofi/1: (y/n)? y
/dev/rlofi/1:   204600 sectors in 341 cylinders of 1 tracks, 600 sectors
        99.9MB in 22 cyl groups (16 c/g, 4.69MB/g, 2240 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
 32, 9632, 19232, 28832, 38432, 48032, 57632, 67232, 76832, 86432,
 115232, 124832, 134432, 144032, 153632, 163232, 172832, 182432, 192032, 201632
root@quadra ~$ mount /dev/lofi/1 /a

While KMF PKCS#11 is supported, all attempts on my part to use it failed... so I'll blog about that some other day when I work it out.

In parting, I'll suggest that anyone serious about crypto and compressed filesystem should check out the OpenSolaris FUSE Project and stay tuned for ZFS Crypto support.

Posted in OpenSolaris | 38 Comments »

SGI Acquired by Rackable Systems Inc

Wednesday, April 1st, 2009

Here is an example of why I hate April Fools: Rackable Systems Announces Agreement to Acquire Silicon Graphics Inc., and here is the press release by Rackable: RACKABLE SYSTEMS ANNOUNCES AGREEMENT TO ACQUIRE SILICON GRAPHICS INC..

A joke? No, apparently not, unless the SEC is in on it, here is the SEC Form 8-K filed today: SEC FORM 8-K RACKABLE SYSTEMS, INC.

And so, the end of an era… finally and officially. SGI is dead, may she rest well. We will miss the awesome workstations which we drewled over and then bought on eBay when they were cheap and worthless but still made us smile. We will pray for the free release of CXFS. We will forgive you for the sins against Cray and the harm that you needlessly did. SGI, RIP.

Posted in cuddletech | 63 Comments »