[Letters to the editor]

Readers speak out:
May Letters to the Editor

[SunWorld]
[Table ofContents]
[Search]
[Sun's Site]

Kudos from our readers

To The Editors:

Just wanted to thank you for setting up the SunWorld site. I find two or three articles of interest every month about the Web or Unix. I am always looking for ways to leverage my existing Unix environment and your articles are very helpful, especially on tuning and Web management.

Brian J. Mulreany

Thanks Brian, always glad to help!

Carolyn Wong, Senior Editor

Sun plans: the unofficial update

To Bob McMillan:

Bob,

In your article "Veritas says Sun will dump DiskSuite", http://www.sunworld.com/swol-04-1997/swol-04-disksuite.html, you state that DiskSuite has "suffered, too, from the recent exodus of engineers at Sun's Colorado Springs campus."

Why is this? I recall hearing a while back that Sun was going to shut down the CO Springs facility. True? I am from the Denver area and am interested in knowing anything about Sun plans involving Colorado. It was announced that Sun would build a plant in Broomfield... any details?

Laura Deibel

Bob replies:

Laura,

Sun has not made any "official" announcements on this, but I understand that that is the plan. As for why, the gossip is that some engineers have gone to start-ups and that some simply didn't want to relocate -- but again, Sun doesn't officially comment on this stuff. You could check out this link: http://www.sun.com/smi/Press/sunflash/9612/sunflash.961206.6605.html, for further information. Both SunSoft and SMCC's storage division have mentioned Broomfield in their future plans.

Bob McMillan, Associate Editor

System lock down: check the FAQ's

To Peter Galvin:

Peter,

Did you write an article on how to lock down a system? If so which one is it, and where can I find it? I am putting some machines outside of my firewall and I would like to know what OS packages to install to best accomplish this.

Thanks,
Joe Budsock

Peter responds:

Joe,

The FAQ is the best source for this information. It is kept up-to-date, but old columns are not. The last section should have what you need. The Security FAQ is at: http://www.sunworld.com/common/security-faq.html

A few suggestions

To Peter Galvin:

Peter,

I like your Security FAQ list (http://www.sunworld.com/common/security-faq.html) a lot, but I'd reorganize the document. When I went to use it as a checklist, I felt I was jumping around. When I've done similar docs, I've tried to organize them so that people walk alphabetically through the file system. I find that this makes it easy to see if I'm missing anything. Regarding S/key (or other secrets), I find that the `pick a phrase and use the first letter of the phrase' method of choosing passwords works well for users (they don't tend to write down their password), and provides very crack-resistant passwords.

Adam Shostack

Peter responds:

Good comments, Adam. I just released a new version of the FAQ for publication, but I'll implement these changes in the next release.

Peter

Solaris 2.5 support questions

To Peter Galvin:

Does Solaris 2.5 provide support for:

  1. Protected Memory Space
    Does it prohibit any application from seizing control of, or writing data into, space assigned to the OS, or another user's program area?
  2. Reserved Instruction Set
    Is there one class of machine instructions reserved for exclusive use of the OS to maintain system controlled user directories?
  3. Object reuse
    Not necessarily to the degree called for in the Orange book, just need to know of files, workspace, devices, etc., get "cleaned up" after a user manipulates them, prior to access by another user?

The above list, 1, 2, and 3 are requirements from the Automated Information System Security Implementation Manual (AISSIM-200) if you care, or if it makes a difference in the answer.

Thanks much,
Bob Ferguson

Peter responds:

Bob,

In answer to your first two questions, yes. To the third, generally yes. Some devices allow for shared access though. For instance one user could write to a tape and another could read from it. However, disk devices and terminal devices are managed by the OS and reset between uses.

Hope this helps,
Peter

Computer Security Policy

To Peter Galvin:

Peter,

More power to you!

I would like to request a copy of a template for writing Computer Security Policies, if you have one, that is. If none is available, can you please point me to the right URL? I have already seen the RFC___ (the number escapes me for the moment) and the Houston University Site Security Manual.

Thank you very much,
Drexx Laggui

Peter replies:

Hi Drexx,

I covered this topic in SunWorld, September 1995: http://www.sun.com:80/sunworldonline/swol-09-1995/swol-09-security.html

Peter

Sounds like a bug...

To Adrian Cockroft:

Hi Adrian,

We use UltraSPARC and Ex000s at our sites. Every now and then we get a Stack Overflow or Stack Underflow error, and the system goes to the "ok" prompt. From what I know, this usually means that there are too many processes running (rapid spawn), and the system does not have enough memory (since each process is associated with its own stack).

Is it possible that one of the applications is not truly multithreaded? (This system runs Samba).

Thanks in advance,
Srinivas Chitrapu

Adrian responds:

Srinivas,

It sounds to me like a bug in kernel space, probably in Samba. I'd load up with the latest set of Solaris patches and the latest Samba patches as well. You can often force a kernel dump by typing "sync" at the "ok" prompt, then running savecore once it's back up. Next, you need to figure out how to debug it, but that isn't a performance issue, so I'm afraid I'm not the right person to ask.

Good Luck,
Adrian

Sizing up IMAP mail servers

To Adrian Cockroft:

Adrian,

We are looking at deploying IMAP/SMTP servers running on Solaris 2.5.1 as a replacement for our cc:Mail network. Do you know of any published information, specifically on the sizing of IMAP mail servers, given that there will be more I/O than with a POP3 server?

Thanks for your help,
Wilson Sinclair

Adrian responds:

Wilson,

There is some work in progress to get this information out, but I don't have much to say yet. We are monitoring Sun's SIMS 2.0 product using accounting to collect real world usage levels on some servers inside Sun (SIMS = Solstice Internet Mail Server = IMAP4 server).

So far it appears that sendmail itself uses more resources than SIMS 2.0 on a per-system basis. There is a lot less network I/O with IMAP than POP with a real world usage pattern. I'm not sure about disks at this point.

Adrian

A small error

To Adrian Cockroft:

Adrian,

Thanks for the wonderful article on caching -- http://rwanda.wpi.com/sunworldonline/swol-05-1997/swol-05-perf.html. Just a small error in the diagram for NFS caching. The arrow labeled `lookup' is pointing in the wrong direction. It should point from the client side to the server side.

Sincerely,
Kapil Chowksey

Adrian replies:

I'm glad to hear that you liked the article Kapil.

Each NFS op is a two way thing. I show the information flow, and the information about the file flows from the server to the client, hence the arrow points that way and the client caches the looked-up data. I tried to avoid too many arrows by simplifying everything.

Adrian

SymbEL 2.4

To Adrian Cockroft:

Dear Adrian,

I am an engineer at Rayes company. A few days ago, a friend introduced your product (SymbEL release 2.4) to me. I downloaded it from your web site and tested it in a Sun Sparc 2.0 with Solaris 2.5. I'm very satisfied, but I have one question: How can I convert log files to HTML so that I can monitor a remote workstation for a web site?

By the way, I can't seem to run two commands: aw.se and mon_cm.se. What can I do?

Shiyong Jiang

Adrian responds:

Shiyong,

You should be using SE 2.5.0.2 - check with se -v.

First, you can view unformatted text files with a browser. Second, the tools are provided as source scripts, so you can change them to do whatever you want. The code is basically interpreted C.

Regarding the commands, what error do you get?

Adrian

Solaris 2.6

To Adrian Cockroft:

Hello SunWorld!

I work with a Sun Authorized Business Partner here in the Philippines. Right now I have a client who is eager to get and use Solaris 2.6. They will use Red Pepper software -- a supply chain management software -- and will use the Production Response Agent (PRA) module. The software resides on the memory and, according to the sizing the Project Manager has made, she'll be needing seven gigabytes of memory.

My concerns are: When will Solaris 2.6 be released and how much memory can be addressed per process in the 2.6 version?

Thanks for your help. Your column is always worth reading and can be easily grasped, even by not-so-techno weenies like me.

Best regards,
Rose Ami

Adrian responds:

Rose,

Solaris 2.6 will be released during the second half of this year (August, we hear). See our in-depth review of Solaris 2.6 http://www.sunworld.com/swol-03-1997/swol-03-solaris2.6.html, and http://www.sunworld.com/swol-04-1997/swol-04-opengroup.html, for more information.

Memory addressed per process is the same in 2.6 and 2.5.1. The thing that changes in 2.6 is that it can deal with files bigger than two gigabytes (up to one terabyte), but address space is still four gigabytes per process plus four gigabytes for the kernel. Your eight gigabytes of RAM would be used by multiple processes, with perhaps one to two gigabytes of shared memory used by all of them if it is like an Oracle or Sybase database.

In short, I think you can use 2.5.1 for this job. From what I can tell, you do not need any 2.6 features and, in regards to your memory requirements, 2.5.1 is just as good as 2.6.

Thanks for the feedback Rose. See my article on 64 bits from November 1995, http://www.sunworld.com/swol-11-1995/swol-11-perf.html, for more information.

Adrian

System hangs... crash dump!

To Adrian Cockroft:

Adrian,

I have a problem with my E4000. It periodically hangs even with very minimal system activity. However, there is no apparent pattern to it. I called Sun and they suggested forcing a crash dump when the system hangs, but I'm not too keen on that option.

I was thinking of using the TNF s/w to diagnose the problem, but I am not sure what to trace on. Any suggestions? What else can I use to pinpoint the hanging problem?

Thanks for your time,
Umesh Vaghela

Adrian replies:

Umesh,

I don't think you're using the right tool for this job. The traces would be lost in the hang and would have too big a performance impact for general continuous use. I think you should force a crash dump.

See the Panic! Book by Kim Brown, who works at the U.K. Answer Center, if you want any more ideas. In general I'd do what Sun suggests. After a hang, what alternative do you have? A reboot is really no different than a forced crash dump.

Good luck,
Adrian

UltraSPARC-1

To Adrian Cockroft:

Adrian,

We are working on a project called INCA -- Integrated Communication Architecture -- and are keen to know the folowing regarding the I cache, D cache, and E cache in the UltraSPARC-1 architecture: 1. Read policy 2. Write policy 3. Write miss policy 4. Indexing and tagging 5. The exact scheme of interaction between the caches and the other functional units in the design.

We have often found conflicting information regarding the above in the Technology White papers on Sun's home page and in the rest of the literature that it supports such as FAQs and papers, etc.

We have benefited greatly from the information posted by you on the Sun site. It would be great if you could also give us some information regarding the above at your earliest.

Thanks again,
Srivani Jade

Adrian responds:

Srivani,

It seems as if you need the hardware datasheets. I need to know what you have already tried to get and what conflicting information you have. I don't have this stuff at hand myself. How much detail do you want? I would think that by using the VIS bcopy instruction the caches are bypassed and you should not need to know much about their architecture...

Adrian

Measuring wait on a multiple CPU system

To Adrian Cockroft:

Adrian,

Solaris 2.x provides a wait for I/O statistic for the total system. My question: is there a way to measure wait for I/O per CPU on a multiple CPU system?

Thank you in advance for your help,
Jeff Schultz

Adrian's reply:

Jeff,

It is only provided on a per-CPU basis. See mpstat for the raw data. vmstat/iostat/sar add up averages for all CPUs. Much more interesting is wait per process, from /proc using PIOCUSAGE, see proc(4) man pages.

Adrian


[Table of Contents]  [Search]  [Sun'sSite]

[(c) Copyright 1997 Web Publishing Inc., and IDG Communicationcompany]

If you have technical problems with this magazine, contact webmaster@sunworld.com

URL: http://www.sunworld.com/swol-05-1997/swol-05-letters.html
Last modified: