![[Letters to the editor]](/sunworldonline/icons/ch-letters.gif){kind=icon}
Readers speak out:
May Letters to the Editor
![[SunWorld]](/sunworldonline/icons/tb-swservices.gif){kind=icon}
![[Table ofContents]](/sunworldonline/icons/tb-toc.gif){kind=icon}
![[Search]](/sunworldonline/icons/tb-search.gif){kind=icon}
![[Sun's Site]](/sunworldonline/icons/tb-sun.gif){kind=icon}
Readers speak out:
|
|
Just wanted to thank you for setting up the SunWorld site. I find two or three articles of interest every month about the Web or Unix. I am always looking for ways to leverage my existing Unix environment and your articles are very helpful, especially on tuning and Web management.
Brian J. Mulreany
Thanks Brian, always glad to help!
Carolyn Wong, Senior Editor
Bob,
In your article "Veritas says Sun will dump DiskSuite", http://www.sunworld.com/swol-04-1997/swol-04-disksuite.html, you state that DiskSuite has "suffered, too, from the recent exodus of engineers at Sun's Colorado Springs campus."
Why is this? I recall hearing a while back that Sun was going to shut down the CO Springs facility. True? I am from the Denver area and am interested in knowing anything about Sun plans involving Colorado. It was announced that Sun would build a plant in Broomfield... any details?
Laura Deibel
Bob replies:
Laura,
Sun has not made any "official" announcements on this, but I
understand that that is the plan. As for why, the gossip is that
some engineers have gone to start-ups and that some simply didn't
want to relocate -- but again, Sun doesn't officially comment on this
stuff. You could check out this link:
http://www.sun.com/smi/Press/sunflash/9612/sunflash.961206.6605.html, for
further information. Both SunSoft and SMCC's storage division have mentioned
Broomfield in their future plans.
Bob McMillan, Associate Editor
Peter,
Did you write an article on how to lock down a system? If so which one is it, and where can I find it? I am putting some machines outside of my firewall and I would like to know what OS packages to install to best accomplish this.
Thanks,
Joe Budsock
Peter responds:
Joe,
The FAQ is the best source for this information. It is kept
up-to-date, but old columns are not. The last section should have
what you need. The Security FAQ is at: http://www.sunworld.com/common/security-faq.html
Peter,
I like your Security FAQ list (http://www.sunworld.com/common/security-faq.html) a lot, but I'd reorganize the document. When I went to use it as a checklist, I felt I was jumping around. When I've done similar docs, I've tried to organize them so that people walk alphabetically through the file system. I find that this makes it easy to see if I'm missing anything. Regarding S/key (or other secrets), I find that the `pick a phrase and use the first letter of the phrase' method of choosing passwords works well for users (they don't tend to write down their password), and provides very crack-resistant passwords.
Adam Shostack
Peter responds:
Good comments, Adam. I just released a new version of the FAQ for
publication, but I'll implement these changes in the next release.
Peter
Does Solaris 2.5 provide support for:
The above list, 1, 2, and 3 are requirements from the Automated Information System Security Implementation Manual (AISSIM-200) if you care, or if it makes a difference in the answer.
Thanks much,
Bob Ferguson
Peter responds:
Bob,
In answer to your first two questions, yes. To the third, generally
yes. Some devices allow for shared access though. For instance one
user could write to a tape and another could read from it. However,
disk devices and terminal devices are managed by the OS and reset
between uses.
Hope this helps,
Peter
Peter,
More power to you!
I would like to request a copy of a template for writing Computer Security Policies, if you have one, that is. If none is available, can you please point me to the right URL? I have already seen the RFC___ (the number escapes me for the moment) and the Houston University Site Security Manual.
Thank you very much,
Drexx Laggui
Peter replies:
Hi Drexx,
I covered this topic in SunWorld, September 1995:
http://www.sun.com:80/sunworldonline/swol-09-1995/swol-09-security.html
Peter
Hi Adrian,
We use UltraSPARC and Ex000s at our sites. Every now and then we get a Stack Overflow or Stack Underflow error, and the system goes to the "ok" prompt. From what I know, this usually means that there are too many processes running (rapid spawn), and the system does not have enough memory (since each process is associated with its own stack).
Is it possible that one of the applications is not truly multithreaded? (This system runs Samba).
Thanks in advance,
Srinivas Chitrapu
Adrian responds:
Srinivas,
It sounds to me like a bug in kernel space, probably in Samba. I'd
load up with the latest set of Solaris patches and the latest Samba
patches as well. You can often force a kernel dump by typing "sync"
at the "ok" prompt, then running savecore once it's back up. Next,
you need to figure out how to debug it, but that isn't a performance
issue, so I'm afraid I'm not the right person to ask.
Good Luck,
Adrian
Adrian,
We are looking at deploying IMAP/SMTP servers running on Solaris 2.5.1 as a replacement for our cc:Mail network. Do you know of any published information, specifically on the sizing of IMAP mail servers, given that there will be more I/O than with a POP3 server?
Thanks for your help,
Wilson Sinclair
Adrian responds:
Wilson,
There is some work in progress to get this information out, but I
don't have much to say yet. We are monitoring Sun's SIMS 2.0
product using accounting to collect real world usage levels on some
servers inside Sun (SIMS = Solstice Internet Mail Server = IMAP4
server).
So far it appears that sendmail itself uses more resources than SIMS
2.0 on a per-system basis. There is a lot less network I/O with IMAP
than POP with a real world usage pattern. I'm not sure about disks
at this point.
Adrian
Adrian,
Thanks for the wonderful article on caching -- http://rwanda.wpi.com/sunworldonline/swol-05-1997/swol-05-perf.html. Just a small error in the diagram for NFS caching. The arrow labeled `lookup' is pointing in the wrong direction. It should point from the client side to the server side.
Sincerely,
Kapil Chowksey
Adrian replies:
I'm glad to hear that you liked the article Kapil.
Each NFS op is a two way thing. I show the information flow, and the
information about the file flows from the server to the client,
hence the arrow points that way and the client caches the looked-up
data. I tried to avoid too many arrows by simplifying everything.
Adrian
Dear Adrian,
I am an engineer at Rayes company. A few days ago, a friend introduced your product (SymbEL release 2.4) to me. I downloaded it from your web site and tested it in a Sun Sparc 2.0 with Solaris 2.5. I'm very satisfied, but I have one question: How can I convert log files to HTML so that I can monitor a remote workstation for a web site?
By the way, I can't seem to run two commands: aw.se and mon_cm.se. What can I do?
Shiyong Jiang
Adrian responds:
Shiyong,
You should be using SE 2.5.0.2 - check with se -v.
First, you can view unformatted text files with a browser. Second,
the tools are provided as source scripts, so you can change them to
do whatever you want. The code is basically interpreted C.
Regarding the commands, what error do you get?
Adrian
Hello SunWorld!
I work with a Sun Authorized Business Partner here in the Philippines. Right now I have a client who is eager to get and use Solaris 2.6. They will use Red Pepper software -- a supply chain management software -- and will use the Production Response Agent (PRA) module. The software resides on the memory and, according to the sizing the Project Manager has made, she'll be needing seven gigabytes of memory.
My concerns are: When will Solaris 2.6 be released and how much memory can be addressed per process in the 2.6 version?
Thanks for your help. Your column is always worth reading and can be easily grasped, even by not-so-techno weenies like me.
Best regards,
Rose Ami
Adrian responds:
Rose,
Solaris 2.6 will be released during the second half of this year
(August, we hear). See our in-depth review of Solaris 2.6
http://www.sunworld.com/swol-03-1997/swol-03-solaris2.6.html,
and http://www.sunworld.com/swol-04-1997/swol-04-opengroup.html,
for more information.
Memory addressed per process is the same in 2.6 and 2.5.1. The thing
that changes in 2.6 is that it can deal with files bigger than two
gigabytes (up to one terabyte), but address space is still four
gigabytes per process plus four gigabytes for the kernel. Your
eight gigabytes of RAM would be used by multiple processes, with
perhaps one to two gigabytes of shared memory used by all of them if
it is like an Oracle or Sybase database.
In short, I think you can use 2.5.1 for this job. From what I can
tell, you do not need any 2.6 features and, in regards to your
memory requirements, 2.5.1 is just as good as 2.6.
Thanks for the feedback Rose. See my article on 64 bits from November 1995,
http://www.sunworld.com/swol-11-1995/swol-11-perf.html, for more
information.
Adrian
Adrian,
I have a problem with my E4000. It periodically hangs even with very minimal system activity. However, there is no apparent pattern to it. I called Sun and they suggested forcing a crash dump when the system hangs, but I'm not too keen on that option.
I was thinking of using the TNF s/w to diagnose the problem, but I am not sure what to trace on. Any suggestions? What else can I use to pinpoint the hanging problem?
Thanks for your time,
Umesh Vaghela
Adrian replies:
Umesh,
I don't think you're using the right tool for this job. The traces
would be lost in the hang and would have too big a performance
impact for general continuous use. I think you should force a crash
dump.
See the Panic! Book by Kim Brown, who works at the U.K. Answer Center,
if you want any more ideas. In general I'd do what Sun suggests.
After a hang, what alternative do you have? A reboot is really no
different than a forced crash dump.
Good luck,
Adrian
Adrian,
We are working on a project called INCA -- Integrated Communication Architecture -- and are keen to know the folowing regarding the I cache, D cache, and E cache in the UltraSPARC-1 architecture: 1. Read policy 2. Write policy 3. Write miss policy 4. Indexing and tagging 5. The exact scheme of interaction between the caches and the other functional units in the design.
We have often found conflicting information regarding the above in the Technology White papers on Sun's home page and in the rest of the literature that it supports such as FAQs and papers, etc.
We have benefited greatly from the information posted by you on the Sun site. It would be great if you could also give us some information regarding the above at your earliest.
Thanks again,
Srivani Jade
Adrian responds:
Srivani,
It seems as if you need the hardware datasheets. I need to know what
you have already tried to get and what conflicting information you
have. I don't have this stuff at hand myself. How much detail do
you want? I would think that by using the VIS bcopy instruction the
caches are bypassed and you should not need to know much about their
architecture...
Adrian
Adrian,
Solaris 2.x provides a wait for I/O statistic for the total system. My question: is there a way to measure wait for I/O per CPU on a multiple CPU system?
Thank you in advance for your help,
Jeff Schultz
Adrian's reply:
Jeff,
It is only provided on a per-CPU basis. See mpstat for the raw
data. vmstat/iostat/sar add up averages for all CPUs. Much more
interesting is wait per process, from /proc using PIOCUSAGE, see
proc(4) man pages.
Adrian
![[(c) Copyright 1997 Web Publishing Inc., and IDG Communicationcompany]](/sunworldonline/icons/b-copyright97.gif){kind=icon}
If you have technical problems with this magazine, contact webmaster@sunworld.com
URL:
http://www.sunworld.com/swol-05-1997/swol-05-letters.html
Last modified: