Letters to the editor -- SunWorld, January 1996">
Letters to the editor
In your answer to the person whose NNTP server had overworked disks, you said adding an NVRAM SIMM and Legato's Prestoserve software was the best thing to do. I had always associated Prestoserve with NFS service. Does your advice imply these pieces of hardware and software are for use in more than just NFS servers? Should I consider putting them in any machine with a high I/O load?
--(name and firm withheld)
Directory and inode updates are synchronous, also files are flushed when they are closed. The NVSIMM defers and coalesces all synchronous I/Os, and has no effect on regular writes to a local filesystem. NFS writes are also synchronous, which is why it helps NFS. News and mail do a lot of directory and inode updates, and create/move/delete small files which is why NVSIMM helps a lot.
Hello Adrian. I have read your book a dozen times and use your tools. Excellent. I have a question about an "Allocation errors, kmap full?" message we received last week on one of our production servers. It is a SS20 with 512 megabytes of RAM. For some weird reason, it started canceling telnet and rlogin connections and I have a feeling they were during the same time we received the kmap full error messages. Could you explain? Every once in a while we would receive mutex contention errors as well.
I know this is in the dark work without the specs on the system, processes running, system configuration and things like that. But, you are an expert and I figured you could point me in the right direction.
--Neil Greene, Sr Oracle DBA / Unix Administrator, SHL Systemhouse
If it persists, the machine stops working, and you need a reboot to fix, it means the kernel got too big. To fix this reduce maxusers to 200 or so, set bufhwm to 4000, upgrade to 2.5 (which has more kmap on sun4m) or upgrade to SS1000 or UltraSPARC systems that have much bigger kmap.
If it comes and goes, then the free list was empty so no pages for the kernel to grab. Set lotsfree to 512 and desfree to 256, leaving minfree alone. Increase slowscan to 500.
This is a fairly common problem with 512MB SS20's.
I was wondering if you could point me in the right direction on which Solaris 2.4 patch will enable me to do asynchronous I/Os (aio_read and aio_write). The man page says that async. support is a future release, but in one of your articles you mentioned a patch that would allow async. I/O. I just installed the latest jumbo patch (101945-34) but the routines still return -1 (errno set to ENOSYS). Any help would be greatly appreciated.
--Chuck Williams, Senior Telecommunication Systems Engineer, Loral Test & Information Systems
You need to look on the second CD that comes with 2.4 or in the Patches directory on the main 2.4 CD. Kernel async I/O was shipped with the 2.4 release but was not installed by default. There is probably an updated release of that patch to look for once you know its number.
In the meantime, the aioread calls should work with no patches, the KAIO fast path in the patch is only really needed for Sybase on raw disks.
My guess is that you are not using the API correctly in some way.
I always face hot comments when I suggest to bundle /, /usr and /var under one large partition... I do not think that having separate partitions is needed anymore. Am I right? Is there any good reason to split them these days ? I know that in the past it was needed because of small disks but now ? It is an issue I would like to close once and for all. What are your thoughts about this?
--Benoit Gendron, (firm indeterminate)
Also makes upgrades much easier.
This is in response to your December Performance Q&A column and the question about what causes slow rlogins.
The most common reason I see (and hear about) a slow login is the remote site using daemons or protocol wrappers that use the ident protocol to lookup who is trying to connect. I use a TCP wrapper that logs user names on a daily to weekly basis. The lookup can cause a login delay of up to a configurable timeout (2 seconds) if the client machine is not running an identd daemon.
Another common cause on a busy machine is when the remote site does not have enough physical memory and must swap to get the login daemons or the shell loaded and running. Hope this helps...
--Michael Johnson, CS Undergrad, Oregon State University
I understand that some people will always love emacs, and that's fine. But I do expect a little thought. To say that vi's key bindings are cryptic while extolling emacs -- that's just too funny! I'm sure a modicum of thought will explain emacs key bindings, but who has the time? I can learn yet another editor, or do some real work (with vi, because I know it). vi key bindings make sense if you think, or read, just a bit.
You missed a vi resource, by the way. A colleague and I prepared a brief tutorial and quick reference on vi; both are available in plain text or PostScript form at
Finally, I offer my standard response to how emacs will solve any problem:
Who cares? The masses don't WANT lisp, utterly insane ctrl-meta-alt-shift-splut-compose://roll_your_forehead_across_the_keyboard/key-sequences, or to handle their mail, programming, phones, diapers and baby delivery through their editor. (Nor, for that matter, do I.) Nor are the general masses capable of using emacs to edit their .sig file, much less tour the infobahn without becoming roadkill.
Hey, we could hack vi and eve to do all that stuff, too! And it would be just two more implementations of a bad idea!
Yes, we are glad you have emacs to play with. We are most impressed that the 12 best albums last year were all composed, recorded, and performed live using emacs on a Timex/Sinclair. We wish we were studly enough to use it. We admit it is God's gift to computer users, and that we're not worthy. So please go be smugly self-righteous about it in comp.editors.religion.jihad or something. Better yet, go hack emacs to:
and then maybe we'll listen.
--Miles O'Neall, Pencom
P.S. Who, me? tired of hearing how emacs will cleanse me of my sins? No, why do you ask?
I read your on-line column and thought it was pretty good, but (IMHO) you didn't give enough press to true, simple, network-wide monitoring tools at a high enough level to be useful.
One in particular is nfswatch, which is a great tool to spot trends of who is pounding on you. snoop is great, but too low-level to see the big picture, or maybe there's some PD software tool that does this? nfswatch shows which clients are hitting on a server, how many packets, etc.
nfswatch runs on a bunch of OS's (including SunOS and Solaris) and I've used it for years to keep an eye on things. It is especially helpful when you have a runaway client -- it jumps right out at you.
Now, I have an ulterior motive for sending you this e-mail! ;-) We recently turned on our FDDI port for our SS1000 ... and nfswatch doesn't work with FDDI on Solaris. Here's what the author's had to say:
> The code for FDDI is there, but not having any FDDI interfaces, I have not > tested it in some time. I think the last thing it was tested on was SunOS > 4.1.1. Most likely there's a bug in the code that extracts the "ethernet" > header the Sun drivers attach from the FDDI packet.
I bet it would be pretty trivial for a network guru at Sun to get this working; and IMHO this would benefit a lot of folks. BTW, the other other author, who works at DEC, recommended I buy an Alpha! ;-)
'nuff said ... I've enjoyed reading your stuff over the years.
--Alek, (firm indeterminate)
I just finished to read your article Hardening a Unix computer for Internet duty. I would like to ask you if you know how to make the transition from NIS to NIS+. If you do know, write a generic document with unix example to teach me how to deploy the NIS+ service. I would like to understand the following steps:
I know that there is more steps but these should be enough to speed me up to NIS+
--Ron, (firm indeterminate)
Regarding the November Connectivity column, our campus computer center networked my building this week. Unfortunately, I have been an early adopter of Windows 95. They tell me the NDS client driver is unstable (buggy) for Windows 95. So, now I have two computers on my desk -- one with Windows 95, the other with Windows 3.1 and networked using Novell. Will the drivers be past the beta test stage soon? Must I scrap Windows 95? Two computers on my desk is more than I can handle for very long!
--Henry Smith, (firm indeterminate)
The Network Device Interface Specification (NDIS) drivers for Windows 95 are perfectly functional and are specific to the network card, not the NetWare protocol system. Novell's NetWare client for Windows 95 is much buggier than Microsoft's NetWare client for Windows 95, but neither of these have much to do with the NDIS drivers. Today, if you want to install NetWare services for Windows 95, I would choose the one that comes from Microsoft with the Windows 95 CD.
Novell promises to fix its bugs by the first quarter of 1996.
The article was good. I'm concerned that Microsoft will attempt to gain control of Java by making proprietary extensions to it. I would like to here that there is some control on them to prevent this.
For example, if I knew there was some form of "standard" and that if it didn't conform to the standard they couldn't call it Java I would feel a lot better.
--(name and firm indeterminate)
OK I invite you Java Heads to see my JAVA HEAD graphic at http://www.slip.net/~gaftee/java.html where you can see for yourself that my creative sense of humor foresaw the power of the caffeine god in the form of wearable art.
--GAF, (firm indeterminate)
I enjoyed your article. Had a couple of questions... Have you any ideas about the performance and viability of any "real" applets (i.e., ones that do real work)? How does Java compare with other languages in terms of code size?
Also how viable do you believe is a generic massage passing scheme for client-server applets?
--Thanos Triant, Sr VP and CTO , Vanstar Corp
To my knowledge, "real" Java applets are few and far between. All of the ones I've seen consist of letters jumping around and other little bits of animation. Big deal. However, I can give you some ideas based on the design of the language.
The nearest analog to Java that I know of is byte-compiled Lisp, as in emacs lisp. Lisp compiles down to about half the source size. The byte code can be quite compact because of the nature of the interpreter required to run it: a simple, clean stack machine.
I would guess that Java compiles down a bit smaller than that -- to maybe a third of source size. Here are the tradeoffs:
As for efficiency, I would guess that it's acceptable but not great. Byte compiled Lisp becomes slow when it has to do, e.g., a nontrivial amount of loop iterations. Another comparison would be with Visual Basic, which is pretty fast but relies on lots of Windows functionality built in as machine code. My suspicion is that Java on Win 3.1 -- which doesn't exist -- is not good. And that's probably one reason why it doesn't exist (yet, to my knowledge).
Message passing: what exactly do you mean -- message passing between applets on the client side, or message passing between a client and a web server (i.e., a "protocol layer" above HTTP)? The latter is sorely needed in order to implement, e.g., reasonable database queries over the internet, and it may be doable, because
The former (client applet-to-applet) would imply an OS-independent message passing scheme. The problem is that this is really the same thing as a universal object model. Bill Gates will tell you that such a thing already exists -- OLE and COM. Sun and other such vendors will tell you that it's CORBA. But CORBA has not gotten very far. The possibilities of doing COM or CORBA over the Web are intriguing and bear some thought. I'm sure Netscape has considered what to do with regard to OLE.
I have heard a lot of hoop-la recently regarding so called $500 Internet boxes. From what I can discern from a lot of information tidbits so far, quite a few companies (including Sun Microsystems) are developing stripped down boxes called Internet or Java terminals (with only a uP, RAM, and I/O). One of the applications I've heard is a home consumer Internet box, hooked to a TV like a VCR, providing Internet access to the average income household. Another use may be as a corporate desktop replacement (a stripped box with a stripped operating system running applets from a Java server), eliminating the $2,500 box from "Wintel" on every corporate desktop.
What do Sunworld Online's readers think about the future of these boxes, their possible applications, and what are the various plans from companies salivating over new Java/Internet hardware markets?
--(name and firm indeterminate)
I have been working as an independent computer PC consultant since 1986. Most of my work entails hands-on experience in setting up LANs, training on hardware usage and lots of troubleshooting at the enduser level including support calls day and night. The support calls will be in hardware, Windows, etc.
As the computer industry changes, I find my technical skills to be eating up much more technical time researching the best possible avenue for my clients in terms of networking systems or training. I have no problems adapting to new technology as long as I can work with customers needs and have the products to provide for their needs. i.e., Novell, Lantastic etc.
Since I work as an independent consultant in the PC world, I feel it is time to jump on the band wagon and work in a team environment with a strong product producing company such as Sun Microsystems. Such companies have the immediate resources to work with, support, and to grow with. Yes, I am not getting any younger and working for the actual manufacturer sounds like a stronger future than working as an independent reseller.
How and what should I do to make the change into a company like Sun Microsystems? Do I need to get a CNA (Certified Novell Admin) or any other certifications prior to employment? What positions should I be most likely to fill with my experience background?
--Steve, (firm indeterminate)
Your career advise columns are fantastic. I am currently an Oracle DBA for a large consulting firm. My background is in Unix Systems Administration, commercial C/Assembler/C++ programming and PC/LAN support. I was wondering what is the best approach to maintaining these skills when I am stuck on a dead-end project. I practice my coding skills by developing Microsoft Windows utilities but SA stuff is very difficult to practice without boxes. Any advice would be greatly appreciated.
--(name and firm indeterminate)
Regarding the December Career Advisor column, speaking as someone who broke into System Administration from another field, I think that there is a lot that could be added to the article.
For those that want to break into system admin work, the first thing to do is to go back to school. It is important here to realize that you shouldn't go to a college or university, not because they only teach theory, but because few courses are offered for system admins in the degree areas. The degree you get would not be worth the time spent.
Now that I have said to go back to school, where should someone go? There are dozens of continuing education college courses and vocational school courses that offer the basics of system administration in about a week.
Once you have the bare bones of how to be a system admin and know what is involved, there are dozens of entry-level system admin jobs. They usually only involve one part of system administration, not all parts. For example, companies move all of the time; get a contract job moving computers. Companies are also always upgrading their systems (at least the large ones are); get a job just doing upgrades. If you want to learn about Internet administration, get a copy of Linux and setup your own Internet domain. That is a wonderful portfolio to prove that you know how to do stuff.
There are groups that need high tech support but can't afford it. They are usually the non-profit organizations. Contact CompuMentor to get some more info on volunteer work.
There are system admin user groups all over, SAGE the system admin guild for Usenix is one, LISA is another. These groups can help people network with one another and get jobs.
There are dozens of ways to break in.
--Mary Morris, Columnist, www.sun.com
Glad to see mainstream NFS finally on TCP. The article about same in the BSD 4.4 Sys Admin reference has had me looking forward to this for some time. Is the new protocol published? Is it available on other platforms? Interoperability is a big deal around here.
--(name and firm indeterminate)
Please have pity on those of us with modem access and reduce the amount and size of graphics on your page. I come here for news and information, not to wait for a pretty picture (I go elsewhere for that)
--(name and firm indeterminate)
I hate Internet ads. Why don't you set a better example for other pages and exclude any ads, even if you sponsor what the ad is trying to sell? We need to keep the net apart from the standards of the modern telecommunications industry.
--James S Pappas, (firm indeterminate)
I don't hate Internet ads, James, and I don't consider ad-free media morally superior to ad-supported media. Ads pay the freight here. Many of our readers (not all, of course) find ads valuable when they advertise something the reader is interested in. And they put up with ads about things they aren't interested in. This is true in SunWorld Online and in print magazines. This is especially true in trade magazines, where new products as well as new techniques and new technologies are equally interesting to professional readers.
I also don't agree that the Net should be kept apart from the standards you refer to, nor from commercial exploitation in the form of advertising. Some services/info will be offered in the traditional way, in which others (taxpayers usually) pay the bill and others get a free ride; others will be paid for directly by users in some proportional way; others will be paid for by third parties with ulterior motives, usually advertisers or sponsors, or those moved by charitable impulses; still others will be paid for by one's employer as a perq (like most business Internet e-mail). And people like me are always trying to figure out new ways to make a buck delivering info to people who want it, in forms they want and find useful. And I don't think that's a bad thing.
The bottom line is, I am not offended that somebody else wants to pay to allow publishers to send me info I am interested in. It is possible, of course, for them to create loud, intrusive, offensive, ineffective, stupid, annoying advertising, or for the technology to be executed in a way that slows everything to a crawl (a la Prodigy of old). And I'm sure there are myriad other ways people will find to be offensive and inconvenient, in advertising and elsewise; there always are. But I am not opposed in principle or in practice to advertising-supported media; actually, my business plan hinges on it. --Michael McCarthy, Publisher
If you have problems with this magazine, contact email@example.com
Last updated: 29 January 1996
If you have technical problems with this magazine, contact firstname.lastname@example.org