Tuesday, November 25, 2008

Watching YouTube videos at higher resolutions

Yes, it's (finally) true, and you'll probably have noticed it if you watched this.

This week I was digging into this because of an article I read on Corriere della sera. There were rumors about Google desiring to launch a higher-definition version of his video-sharing technology, probably because Google is interested in launching a platform to distribute content such as HD movies for which the YouTube platform was clearly insufficient.

Until Google won't officially launch the enhanced version of YouTube (or whatever the name will be), you can see video stored in higher resolutions using a trick: just add the fmt parameter to the URL of the video you want to see and use one of these:
  • fmt=18: with this parameter, the video resolution will be set to 480x270 pixel2 and stereo audio
  • fmt=22: with this parameter, the video resolution will be set to 1280x720, which is a pretty interesting resolution if you like watching full-screen videos
Please note that this parameter will have any effect only if Google is storing a higher definition version of the video you want to see, which will probably be true if the video is recent.

Look at the difference:
Enjoy!

I switched from Squid to Sun Java System Web Proxy Server

I've been running Squid Web Proxy Cache for quite a while and also documented some basic setup in another article. But the last time we set up a server I decided to try Sun Java System Web Proxy Server. Since then, I switched the remaining Squid servers to Sun's proxy and lived happily ever after.

Why? Well, Squid was giving me no problem but sometimes setting it up and managing it was boring and error prone. Sun's Web Proxy Server has got the (familiar) administrator's web interface and I practically never touch a configuration file by hand. Creating a basic setup it's really a question of clicking a couple of button and the proxy's up and running.

Installation.
Installation is pretty straightforward. I downloaded the Sun Java Enterprise System and launched the installer. Once launched, I just checked the Sun Java System Web Proxy Server and the installer did it all. The installer also gives you the possibility of automatically creating a proxy server with the default configuration values and if you need a good starting point that's a good hint.

Creating a server.
This was easy too. I had to create two different web proxies because we're serving two subnets with different requirements. Once the installer finishes its work, you can connect to the administration console using the configuration values you provided during the installation:
  • administration port
  • admin password
Open your favorite browser and launch the console. Once you're in, you'll find yourserlf in the Server/Manage Server section:


Adding a server is pretty easy, it just asks you for (very) basic information:



Inspecting default configuration.
Once you're done with creating your server(s), you can inspect the default configuration with the Manage Servers/Preferences/View server settings option:



Configuring system preferences.
Using the Manage Servers/Preferences/Configure system preferences tab you can modify basic preferences for your proxy:


In this page you can set:
  • server user: by default, it's nobody, and it's a value I usually don't need to change.
  • processes: the number of the background processes used to serve incoming requests.
  • listen queue size: the maximum number of pending connections on a socket.
  • request throttle: the number of concurrent transactions that the proxy can handle.
  • enable DNS: this is useful mostly for logging and for managing access control. If you enable DNS, the proxy will resolve IP into host names.
There are other configurable options, many of which are useful if you plan to implement distributed caching, whic I'll not cover in this post.

Adding listen sockets.
The next thing you'll probably want to do is setting up listen sockets, which are the endpoints of the proxy to which your clients will connect. If during the installation a default server was created for you, you'll probably want to edit the default port value for the listen socket:


Setting up cache properties.
The last thing you'll probably do to set this basic web proxy server is configuring the cache. You can start in the Manage servers/Cache section of the admin application. The first panel is Set cache specifics where you can set the most common properties for you cache.



The first thing I usually do is changing the cache working directory. Remember that when you change the cache directory you must pay attention that the proxy user (in my case nobody) can write into that directory, otherwise the cache won't work.

One chosen your favorite directory, you can set up the cache capacity either with the provided drop down list or via the Cache capacity configurator.

In this page you can also configure basic caching behavior for HTTP, FTP and Gopher protocols. As far as it concerns the HTTP protocol:
  • Always check if the document is up to date: this option does exactly what it says: every time a document is requested to the proxy, the proxy will check that the version it is caching is up to date. This may be useful in some circumstances but will rise the number of outgoing connection from the proxy server.
  • Check only if last check more than: if you choose this option, the proxy server will open a connection to check if the document is up to date only if the last time it did was more than what you specify. The default is two hours and depending on the situation I use to rise it up to one entire day.
  • Using: this option controls how the proxy server checks if the document is up to date. You can choose either using the last-modification factor, which is the set of headers that the web server sends along with the document, or the explicit expiration information, which are the internal headers used by the proxy server.
  • Never report accesses to remote server: this option tells the proxy server not to report a cache hit to remote servers.
  • Report cache hits to remote server: this option tells the proxy server to report to the remote server the number of times a document has been hit in the cache and accessed from there. This option rises the number of outgoing connection from the proxy server and may hit latencies and performance.
Cache partitions.
The cache partitions are the parts of disk reserved for caching purposes by the proxy server. You'll need to edit the cache partitions properties in the case, for example, you rise the cache capacity and you need to reserve more space on disk by adding a new cache partition.


In the previous screenshot the cache partition is 1.6 GB, which is the cache capacity I set up for this server. Adding a cache partition is trivial, you're only asked about the directory which will host the partition.

Set garbage collection.
As long as you use the proxy server, it will cache documents you request and the cache will keep growing up maintaining the allocated space in the range specified by the caching configuration. The garbage collection is the process that cleans up documents from the proxy cache and must be performed periodically. By default, this property is set as Automatic. I observed in my proxy server instances that if the cache hits are high and you are caching big documents, even if the garbage collection is automatic, it seems to never take place and the cache keeps growing up. For this reason I suggest you plan and schedule regular gargabe collection cycles. You may schedule them via the system cron or via the internal proxy scheduler. I usually use the system cron. Once chosen the manual configuration option, explicit garbage collection cycles can be scheduled in the Schedule garbage collection panel.

Caching configuration.
Other useful options you may want to set up can be found on the Set caching configuration panel. By default, the caching default is the derived configuration. If you want to explicitely set up every option, you can then set cache as the caching default value. Once done that and pushed the OK button, a new form will appear:



The options you'll find usually are:
  • The cache default
  • How to cache pages that require authentication
  • How to cache queries
  • The minimum and maximum cache file sizes
  • When to refresh a cached document
  • The cache expiration policy
  • The caching behavior for client interruptions
  • The caching behavior for failed connections to origin servers
An option which is often overlooked and might be pretty important for your proxy performance are the last two which rule what happens when a proxy connection is broken. This may happen if, for example, your user exits the browser or cancel a connection: the proxy may continue downloading the entire file even if the client is not retrieving it any more and this effect may sum up when many client are connected leading to proxy saturation and lost of performance. I saw this happen many times, even if with multimedia content such as flash-based solutions which deliver content, like YouTube. For this reason, I usually set 100% for the caching behavior for client interruptions which in effect has the proxy close the remote connection whenever a client disconnects.

Conclusion.
With just few and simple steps you've set up an enterprise grade web proxy server. I suggest you to check the official documentation at Sun documentation center to fine tune your setup and read about more advanced configurations such as connecting to an LDAP to authenticate users, setting up SOCKS and setting up proxy arrays for distributed caching.

Now, enjoy your new proxy server!

Loreena McKennitt - The lady of Shalott

One of my favorite songs. From an Arthurian legend put into words by Lord Tennyson and a beautiful arrangement from Loreena McKennitt.

Click here to view it on YouTube.

A letter of Professor Saint Illicit - by Beppe Severgnini

This imaginary letter from an University Professor to a newspaper, written by Italian columnist Beppe Severgnini, has caught my attention because you prove a delicious intelligence and a fine irony, one more time, Mr. Severgnini. This post would surely enrich another post I recently wrote, Italy's a geriatrics hospital whose hall is full of spoiled children, but I prefer this stand-alone post because, at least this time, we can laugh.

Read the original letter.

Sun releases xVM VirtualBox 2.0.6

Sun announced the release of Sun xVM VirtualBox 2.0.6, a maintenance release.
The original changelog can be read here.

Friday, November 21, 2008

Setting up Blastwave's MySQL 5 (5.1.23) on Solaris 10

It's just a post update to inform you that Blastwave has just released version MySQL 5.1.23 for Solaris 10.

The instructions I posted on the other blog entry are still valid and if you want to start the installation of this new version, you can just start it by typing:
# /opt/csw/bin/pkg-get -i mysql51
Enjoy!

Thursday, November 20, 2008

What a luck! I didn't buy an Apple MacBook (and I won't)

As I told you some posts ago, I was absolutely convinced to buy the recently released Apple MacBook Pro. This morning, reading the press, I discovered something I didn't even imagine which is being discussed even in Apple users' forums.

The news was first brought to attention by Ars Technica, in the an article titled Apple brings HDCP to a new aluminium MacBook near you. To make it short: you won't be able to play some protected material on non-HDCP compliant devices (such as screen, projectors, etc.)

Internet is full of articles about this problem, like this by CNet.

The problem I had while ordering the laptop turned out to be my biggest luck! It spared me an headache and a stupid loss of money! MacBook Pro data sheets don't even mention this "little" detail and I wouldn't have known, hadn't I read these articles by chance. I don't want to imagine the reaction I would have had, when I had discovered I couldn't connect the laptop to any device I own, because no one is HDCP compliant.

Leonids above the woods of the Sierra of Guadarrama

Yesterday I took my girlfriend home after a relaxing dinner with some of our friends. She lives in a town between Madrid and Segovia and we usually drive through the Guadarrama mountain pass, from which you can admire both the lights of Madrid and the woods and the darkness which open the way to Segovia.

When I was back on the road, returning to Madrid, as soon as I passed by the Alto del León, I was captured by the beauty of the night: the lights of Madrid were far away, the snake of lampposts of the A6 was creeping into the woods below a dark sky filled with stars and an already small but brilliant decrescing moon. I don't know why, but it all were so clear that I thought about the famous 2001: A space Odessy scene of Paul Bowman entering the gate in his pod and exclaiming: "Oh my God, it's full of stars."

I stopped the car and smoked a cigarette, while Leonids started dancing in the sky.

Wednesday, November 19, 2008

Don't use Solaris Express Community Edition build 102

I already wrote about this on my precedent post but I think this deserves a better exposure. Long story short: don't use Solaris Express Community Edition build 102, if you already downloaded it. As you can check on the official announcement thread for build 102, it's affected by a bug which may seriously compromise your root ZFS filesystem:
Due to the following bug, I have removed build 102 from the Download page.

6771840 zpool online on ZFS root can panic system

It apparently may cause data corruption and may have been implicated in damage to one or more systems that have upgraded to build 102 or beyond.

We will remove it from the SDLC on Monday. I will notify about the schedule for a repsin.

Derek

Wondering where's your CDROM gone in your HVM domain?

That's what I've been wondering since a couple of weeks ago...

I have a couple of Microsoft Windows Server 2003 Enterprise HVM domains running on Sun xVM shipped with Solaris Express Community Edition (build 101). Yes, I know... but it's not my fault! ;) When I installed the machine I had that "bad feeling" you perceive, because I had to manually trick the virtual machine definition, dumped by a
# virsh dumpxml [hvm-domain]
command as suggested by many documents I found googling. One of them was an official Sun Microsystems technical brief titled Install Sun xVM hypervisor & use it to configure domains found on the excellent BigAdmin portal. Page 8 of this brief states:
There is a bug 6648448 with respect to the Windows 2003 guest and the CD. The install will halt with a Windows error message with regard to access to the CDROM.
By using the suggested workaround I happily resolved the problem. That problem.

Indeed, when I had to configure an Active Directory instance in one of these machines, at the end of the DNS configuration I was asked for Windows Server 2003 CD 2. No problem, thought I, just do a
# virsh block-attach [hvm-domain] file:/your/iso/file hdb:cdrom r
but it was impossible for me to succeed in mounting the cdrom. The following error was raised:
Error: Device [put your number here] (vbd) could not be connected. Backend device not found.

Nevertheless the device seemed to be created because the cdrom was appearing in the block-list output. The system couldn't see anything, nor the empty CDROM, indeed. The worst thing, I didn't want to stop the machine just in the middle of the Active Directory installation.

At the end I desperately gave up and stopped the machine, checked the dumpxml output and restarted the machine. The block-attach call now succeeded. What was happening to my HVM domain? I didn't know and probably still do not, but the changelog for Solaris Express Community Edition build 102 makes me think that I hit the following bug:
Empty CD-ROM disappears from HVM domains
So, where was my cdrom? It had simply disappeared.

If you are experiencing a similar error and you're running Solaris Express Community Edition up to build 101, I suggest you to give up and restart the domain. At least, you'll spare some time banging your head against the wall.

Another bad thing after the initial happiness (I was indeed eager to update my system) was the following post on the Solaris Express announcement forum:
Due to the following bug, I have removed build 102 from the Download page.

6771840 zpool online on ZFS root can panic system

It apparently may cause data corruption and may have been implicated in damage to one or more systems that have upgraded to build 102 or beyond.

We will remove it from the SDLC on Monday. I will notify about the schedule for a repsin.

Derek
I'll have to wait some more time to be able to insert a CDROM on an already running HVM domain but I want to put in a word for xVM: except for these... minor glitches ;) I'm very pleased with it and I'm looking forward to trying Sun xVM Server as soon as Sun will ship it.

Sunday, November 16, 2008

Back to CLIs: it's really funny running btdownload* on Solaris 10 (with a screen multiplexer)

After having used I don't even know how many bittorrent GUI clients (such as Azureus, KTorrent, etc.), I recently fell back to bittorrent CLIs. Why? Because I've got a server with a pretty good DSL connection (more than 10 time faster than what I've got at my home...) and I usually ssh-to it. Problems where two: remotely opening a GUI (my home connection is not so slow, but clearly insufficient for remote graphical sessions) and not having killed the process when disconnecting. Both problems are easily solved, many bittorrent clients I've seen so far support some kind of daemon mode. But using a screen multiplexer was simpler.

I already told you about GNU Screen multiplexer
, and this is the typical use case GNU Screen fits perfectly in.

Installing bittorrent (the original)
As usual, from Blastwave. Here's the package and here's the command line to install it:
# /opt/csw/bin/pkg-get -U
# /opt/csw/bin/pkg-get -i bittorrent
and follow on as usual.

Running bittorrent in a multiplexed terminal
Now that we have your copy of the bittorrent client installed it, it's time to use it. The reason why I want to use a terminal multiplexer is because I'll be running bittorrent on another machine. I could nohup the process, but once done that and disconnected, I couldn't reattach to it and see output in the console, the only thing I could do would be reading the files where standard output was redirected (by nohup). It's not a good way to go, with such program as bittorrent.

First, launch bittorrent in a screen session: I prefer this way, as stated in another blog post:
$ /opt/csw/bin/screen -m -d /opt/csw/bin/btdownloadcurses [your-torrent-file]
If you feel like checking what's going on before leaving it there to download, you could check bittorrent status reattaching to it
$ screen -r PID
and then using CTRL+A,D to detach another time.

You can now safely log out from the machine and leave bittorrent working. From time to time, you can log in and reattach the screen to check for progress and just hit q to exit bittorrent when it's done.

Enjoy!

Back to CLIs: using a physical terminal multiplexer on Solaris 10

How many times did a remote terminal session unexpectedly close and you lost some work? How many times did you fell that a nohup was insufficient but it was the only option left to you? In many situations GNU Screen was very useful to me.

What GNU Screen is not.
It's not a full fledged solution to open, detach and reattach graphical session. It's not VNC or similar software.

What GNU Screen is.
Technically it's a screen multiplexer. This means that with screen you can literally multiplex physical terminals, launch processes inside them, detach from sessions and reattach from whichever machine. Screen is pretty powerful and I suggest you to read the official documentation. Nevertheless, a quick crash course may be useful.

Installing GNU's screen (a screen multiplexer).
This applies only to Solaris 10. Screen is also included in some Solaris Express and OpenSolaris versions. As usual, I'll install it from Blastwave, which will take care of all dependencies (which in this case it's just CSWcommon which will be installed if you'd already configured Blastwave on your machine). Here's the package and here are commands. First, let's refresh the software catalog from out preferred mirror:
# /opt/csw/bin/pkg-get -U
Then, let's install screen:
# /opt/csw/bin/pkg-get -i screen
How to start a screen session
It's easy, just typing screen:
$ screen
Screen will present you a welcome screen and hitting space or enter will bring you to your new screen session. Since now on, every process will be running inside screen's multiplexed physical terminal.

Exiting a session

This is easy too. Just exit screen as you'll exit your favorite shell:
$ exit
[screen is terminating]
Detaching from a session
If you want to detach from the current session and leave programs running, you can just hit CTRL+A,D and you'll detach the screen you're using:
$ [hit CTRL+A,D]
[detaching]
Listing the open sessions
Sessions are maintained on a per-user base. Just log in with your user and type:
$ screen -ls
There are screens on:
3492.console.PCS30575 (Dead ???)
4544.console.PCS30575 (Detached)
6028.console.PCS30575 (Dead ???)
Remove dead screens with 'screen -wipe'.
3 Sockets in /tmp/uscreens/S-A144286.
Screen's telling you that you have 3 open sessions: one is a detached screen (4544.console.PCS30575) and another two which are probably dead session you couldn't wake up any more. If you want to wipe them, just use the wipe option (note that the using the PID is sufficient because we're connecting from and to the same machines we detached screens from):
$ screen -wipe 3492
There is a screen on:
3492.console.PCS30575 (Removed)
1 socket wiped out.
No Sockets found in /tmp/uscreens/S-A144286.
You can know wipe the other one. To reattach to the 4544 session:
$ screen -r 4544
If you check screen documentation you'll see plenty of options which allow you to detach and reattach with a single command (if you're connecting from another client and you left a session open on another machine), etc.

Launching a command on a new screen session and detach it immediately
This is one of those I use most. If you need to launch a program and you want to launch it inside a new screen session without even attaching to it, you can use the following syntax:
$ screen -m -d [your-command]
This will create a new session, launch your-command inside it and leave it detached.

Wednesday, November 12, 2008

Italy's a geriatrics hospital whose hall is full of spoiled children

I don't know where to start writing this. It's such a long time I want to shout out all the shame I feel towards the news I read on Italian newspapers, towards the things I see every time I fly to my hometown, towards the attitude of the people I meet with, that I don't really know how to do it properly.

Let's try and put order into the chaotic mix of anger, sadness and deception I feel almost daily. I'll do that just making examples. This post could also be titled What you'll find every day digging into an Italian newspaper or A small guide to survive Italian paradoxes.

Let's open the home page of the two most read Italian newspapers: Il corriere della sera and La repubblica.

Alitalia
Both newspapers open with the struggle of Alitalia. I don't known what a stranger would feel if he tried to follow what's going on with our national airline. History of Alitalia may be both an interesting anthropological and historical study over political corruption and medieval phenomenons such as feudalism. But the result is what's important: years of debts, a great percentage of workers doing absolutely nothing except throwing their shadows on the floor, above the average fees, impossibility of restructuring the enterprise because of the unity and the power of the workers' organizations which want to defend every single privilege they've gained over the years. I'm absolutely favorable to workers' organizations as a mean of organizing and protecting the individuals' rights but I think that every thing's a limit. Your firm is slowly and inexorably sinking with few spikes of vitality artificially produced by injections of liquidity by the State or by some banks and you don't want to face reality. You're going to lose your work and the only thing you can gain protesting is delaying the few possibilities left to Alitalia. For example, what's the point of a (yet another) strike at this stage of the events? Moreover, in Italy strikes are something normal and recurrent just as full moon nights, and they scare nobody.

Global state of economy and people perception
The annual report of the National Institute of Statistics confirms the trend of the last few years. It can be resumed in the following points:
  • a poorer country with even less hope for the future
  • one fifth of the population is over 65
  • population growth produced only for the effect of immigration: of about 488.000 new Italians registered, 494.871 are immigrants which neutralized the -6.868 loss for death
  • the percentage of the population satisfied or quite satisfied for their situation has dropped one year more: 43.7% against the 51.2% registered in 2007.
  • the percentage of the population who perceived a worsening in their situation has raised to 54.5% from the 41% registered in 2007. A 16% of this percentage thinks that their situation has worsened greatly over the last year.
  • the report confirms the great gap and the perception of the differences between the North and the South of the country.
  • 40% of the populations is suffering for chronic pathologies.
  • difficult access to basic services such as Hospitals is perceived by the 55.7% of the population

People asks: what's the government doing?
It's a spontaneous question. Given the fact that Italians aren't great readers, what would they find in the newspapers? News like these, which are daily overlooked by television and by themselves. It's something normal, politicians often steal. Costs of the Politics continue to rise. How? Well:
  • beautiful desktop calendars exclusively designed by Nazareno Gabrielli: 260.000 Eur. More than 200% of the budget for every research about children leukemia coordinated by the City of the hope, in Padova, which, amongst other things, it's hosting the database of children affected by cancer. Another example which is cited by the article is a research of the University of Pennsylvania: according to their data, desktop calendars cost 28.000 Eur more than the salary of the Governors of Colorado, Tennessee, Arkansan and Maine. To-ge-ther.
  • This is funny: Mr. Schwarzenegger salary as Governor of California, which he is not receiving, amount to 162.598 Eur. Less than a Counsellor's one for the County of Abruzzo.
  • Going on with salaries. USA Governors salary is 88.523 Eur on the average. Less than half than what a Counselor receives in Lombardy. Luis Durnwalder, president of the Autonomous County of Bolzano, receives a salary of 320.496 Eur. More than the president of the United States.
The government is unable to resolve the situation. Saying that the barber service is no longer free for Senators sounds like a grotesque joke. The Senate expenses in 2008 amount to 570.000.000 Eur. I repeat: 570.000.000 Eur. Five hundred seventy thousand millions of Euros. 13.000.000 more than during 2007 balance. Some examples? Here they are:
  • 19.080 Eur for the renting of plants and flowers (6 months)
  • 8.200 Eur for stockings (3 months). Yes, it's not a joke. Stockings. Sarah Palin is like Mother Teresa, compared to Italian Senators.
  • 56.000 Eur for shirts (6 months)
  • 16.200 Eur for motor bikers' equipment
  • The best for last: life annuities for non reelected members of the Senate and the Chambers. The official name in Italian is: Assegno per il reinserimento nella vita sociale. As I already said, grotesque.
Summing up: in Italy, during 2008, expenses rose up to 1.998.000.000 Eur, more than in 2007, despite promises of cutting up these kind of expenses. But the goal has finally been achieved: Italian politicians sacrificed and cut the 0.3% of the expenses. Her Majesty Queen Elisabeth achieved a 61% cut in one year but that's another story.

But are these cuts realistic?
No. At the end, on the balance weighs heavy a monstrous number: 2.055.000.000 Eur. And the cuts? They're not there. What's there, is a 5.6% increase with respect to the 2007 balance closings.

Is there any cut?
Yes, as usual: Mr. Berlusconi's government is fond of cutting funds to instruction and research and innovation institutions.

What does people do?
Well, as far as I read and as far as I can see what is thinking the people I met during my trips to Italy: closing their eyes, closing their nose and keep on dreaming the situation is not so bad. Cellular phones, cars, are the good old first class priorities for the average Italian. Look at data and you'll see with your eyes.

My thought.
I just reported data from newspapers but today is no special day, it's the same news I keep on reading year after year. The very sad part of the story is that the population living in Italy seems not to realize the gap which is opening between Italy and other European countries. When I think about this, most of the times I cannot but think that mine, will be the first generation since World War II whose life condition will be worse than its fathers'.

Google launches voice chat for gmail users and google talk users (and why I'm not going to use it)

Once more, winds of innovation come from Mountain View. Google has launched another offensive against Microsoft and... Skype. Yes, because it just added new voice and video call support into google chat and gmail.

Since the first time I saw the spartan google search engine main page, I felt sympathy for Google and the quality of its software (well, google software I use) never deceived me. I'm not the average user: as soon as I login I open a terminal window and start typing, rather than moving a mouse. Even in gmail I use the keyboard interface. The real Google revolution, in my opinion, it's in the fact that even in a world in which the great majority of the host operating systems is Windows (sadly), when an user logs in he usually opens up a browser and "googles" for something, looks for addresses or routes in Google maps, manages its photos with Picasa, writes its blog with Google docs and shares it with blogger, etc. Summarizing: the real desktop, for many people, is made up of a browser and Google software.

When people realize that they can speak and see their friends at the eyes without even leaving the gmail tab in their browsers, they'll probably uninstall (or leave there to rot) their copies of Skype or similar software. This is partially true, in reality, because Skype users often call landlines phones but at the end, there'll be a reason less to rely on Skype or Microsoft Messenger.

I'll be clear: I like what Google does, and I like the way Google does it, most of the times. I use Google software every day and, as far as it concerns my out-of-business activities, Google is probably the provider of most of the software I use. Google search engine, Gmail, Google docs, Google calendar, Google reader and so on: they're all part of the toolbox I use every day. I don't even feel like making the list, because probably I could just cut and past the list of Google software and remove a few entries.

Now, why am I not going to use it, then? Well, I would really like to explore this new functionality and satisfy my (technical and non) curiosity without having to look for information on the net. But I can not, because I'm a 95% Solaris user and the remaining 5% I'm a GNU/Linux user. And the beta version of this service, which relies on a browser plugin, is only available for Windows users and I'm not hoping to see it, ever, on Solaris. Just as it happens with Skype and many other proprietary software. If I were a 100% GNU/Linux user, moreover, I would probably be disappointed: my experience with GNU/Linux versions of some software bundles (such as Skype) is negative. Skype for Linux sucks (even more when compared with Windows or Mac OS X editions), and Picasa for Linux is even worse: I never thought I would see a customized Wine distribution to run a Windows binary on GNU/Linux, and less if who's doing this is Google. And I won't talk about Apple, who left us without Quicktime even if it ported ZFS on Mac OS X ;)

I won't trade off the proverbial stability of my Solaris for another OS. Neither I'll run (yet another) branded zone just to play with that plugin. I'll stick with VoIP and you, who can, enjoy.

Joining an NTP server pool

Now that you've configured your Solaris NTP service, you might be able to give back some of your bandwidth and make a service to the community. As you've probably done, you're receiving data from random server from a pool you've chosen. NTP Pool Project pools' servers are servers like yours and if you've got some spare bandwidth to give for free (an estimate peak of 120 kbit/s it's a realistic traffic estimation) you could join the project and add your server.

Requirements
As explained in the project's webpage, the only requirement it's (not too variable) static IP address and an adequate bandwidth. NTP Pool Project historical data suggests an average traffiic about [10,15] kbit/s with peaks of about [50,120] kbit/s. Joining it's easy and you can monitor performance data of your server on the administration webpage which can be accessed after registration.

A quick warning before you rush and public your server(s):
Finally, I must emphasize that joining the pool is a long term commitment. We are happy to take you out of the pool again if your circumstances change, but because of how the ntp clients operate it will take weeks, months or even YEARS before the traffic completely goes away.

Configuring NTP server and client on Solaris 10 and Solaris 11

One of the task which often performed during the setup of a machine is the setup of the NTP daemon.

NTP is one of the oldest internet protocol still in use and it allows the synchronization of computer clocks distributing UTC (Coordinated Universal Time) over the network. NTP design is focused on compensating the variable latency of the network.

A machine may be an NTP client or an NTP server. Roughly, an NTP client it's a machine that uses the NTP protocol to synchronize its clock and an NTP server it's a machine that provides NTP client the information needed to synchronize their clocks. An NTP server often uses other NTP servers to keep its own clock in sync.

This blog post has been slightly updated to accomodate some minor modifications to support Solaris 11.

NTP on Solaris 10 and Solaris 11

Solaris 10 introduced the SMF framework (to simplify and enhance the service management tasks in Solaris environments) and the NTP service is now managed by SMF. Solaris ships with an NTP daemon, ntpd, configured via SMF (svc:/network/ntp:default) and a bunch of sample ntp.conf files to quickly configure a machine as a client or as a server.

# svcs ntp
STATE  STIME   FMRI
online 0:43:33 svc:/network/ntp:default

Solaris 11 only ships with NTP v. 4, while your Solaris 10 installation may ship with both. In this case, the NTP v. 4 service is identified by the name ntp4. I suggest you always use the latest version. As we'll see in the following sections, NTP v. 4 offers you more flexibility when configuring your server.


Configuring a client

If your machine is just a client, you can just pick the /etc/inet/ntp.client and copy it to /etc/inet/ntp.conf. The default client configuration it's just a one-liner:

multicastclient 224.0.0.1


This configuration, as explained in the same file, it's a passive configuration for a host that just listens for NTP server putting packets on the NTP multicast network, 224.0.0.1.

Obviously, if your machine it's in a LAN without an NTP server, you're probably never going to receive such a packet, and you should use some public NTP server instead.

Using a server from a pool

I personally recommend using random servers from an NTP pool such as pool.ntp.org. In the official website of the NTP Pool Project you can find instruction about using the pool or picking up some server from the list they maintain. Pools maintained by the NTP Pool Project are organized in geographical hierarchy so that, for example, you can use server from a continent-level pool or, where available, from a country-level pool. The recipe is always the same: the nearer, the quicker and the better. In the case of the NTP protocol, moreover, the nearer the server you use, the more accurate the synchronization.

In my case, I'm using the European pool europe.pool.ntp.org and my configuration file contains:

server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
server 3.europe.pool.ntp.org

Normally NTP requires a poll period to elapse before starting synchronizing your clock. If you want NTP to start immediately, which you most probably will if you're configuring a desktop environment, you can take advantage of iburst keyword, introduced in NTP v. 4: it instructs NTP to start the synchronization almost right away.

server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst

Another option, instead of manually maintaining multiple server lines, is using the pool keyword. The difference between the two is subtle and may be very convenient to use: server just tells NTP to use the first IP address returned by the DNS lookup, while pool tells NTP to use them all.

Beware that iburst and pool are NFS v. 4 specific keywords: make sure you're configuring NTP implementation corresponding to the syntax you're using.

Setting up the drift file

The only thing left to set up it's just the drift file location, which in my case it's:

driftfile /var/ntp/ntp.drift

Starting the service

Once your ntp.conf is set up, you can start (or restart) the ntp service:

# svcadm restart ntp
# svcs ntp
STATE  STIME   FMRI
online 0:43:33 svc:/network/ntp:default

In case you're wondering: there's no need to run the ntpdate command. The SMF scripts of the NTP service takes care of all (in this case, during the execution of the start method).

Querying the service

Once the service is running, you can check which server you're using with ntpq:


$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+dns2.vnet.sk    195.113.144.201  2 u  122  128  377   90.907    5.002   0.678
*ptbtime1.ptb.de .PTB.            1 u   26  128  377   91.754    2.971   2.715
-ntppub.le.ac.uk 158.43.192.66    2 u  105  128  377   76.720   10.182   3.701
+mx-dub.bofh.so  193.1.31.66      2 u   84  128  377   70.090    8.049   0.549

You'll get a similar output. After a while, your query will output similar results. The server prefixed with an asterisk is the server you're synchronizing with. If you don't get an asterisk after a while, probably no NTP server is reachable, which is probably due to a firewall which is blocking UDP port 123.

The difference between your clock and the data provided by NTP servers can be examined by catting the drift file:

# cat /var/ntp/ntp.drift -50.645

Setting up an NTP server

Now that you have an NTP client running, you'll probably want to setup all of your machines. If you're in a LAN, you can setup an internal NTP server which will provide data to other clients on your LAN. As before, you can take inspiration from the server configuration file shipped with Solaris 10 or Solaris 11, /etc/inet/ntp.server. After setting up the drift file and the clients you're going to use, you can examine the other options and fine-tune them at your taste. Let's give a quick look at it.

server 127.127.XType.0

This line pretty much resembles the server statement we described in the previous sections but it's fundamentally different. The argument of the server keyword, which resembles an IP address, give NTP information about the kind of device used to provide the (supposedly) accurate time to the NTP server.

The server type and the XType value must be substituted with the correct value from the provided table (and reported in the configuration file shipped with Solaris as well):

# XType Device RefID Description

# -------------------------------------------------------
# 1 local LCL Undisciplined Local Clock
# 2 trak GPS TRAK 8820 GPS Receiver
# 3 pst WWV PSTI/Traconex WWV/WWVH Receiver
# 4 wwvb WWVB Spectracom WWVB Receiver
# 5 true TRUE TrueTime GPS/GOES Receivers
# 6 irig IRIG IRIG Audio Decoder
# 7 chu CHU Scratchbuilt CHU Receiver
# 8 parse ---- Generic Reference Clock Driver
# 9 mx4200 GPS Magnavox MX4200 GPS Receiver
# 10 as2201 GPS Austron 2201A GPS Receiver
# 11 arbiter GPS Arbiter 1088A/B GPS Receiver
# 12 tpro IRIG KSI/Odetics TPRO/S IRIG Interface
# 13 leitch ATOM Leitch CSD 5300 Master Clock Controller
# 15 * * TrueTime GPS/TM-TMD Receiver
# 17 datum DATM Datum Precision Time System
# 18 acts ACTS NIST Automated Computer Time Service
# 19 heath WWV Heath WWV/WWVH Receiver
# 20 nmea GPS Generic NMEA GPS Receiver
# 22 atom PPS PPS Clock Discipline
# 23 ptb TPTB PTB Automated Computer Time Service
# 24 usno USNO USNO Modem Time Service
# 25 * * TrueTime generic receivers
# 26 hpgps GPS Hewlett Packard 58503A GPS Receiver
# 27 arc MSFa Arcron MSF Receiver

In my case, it's just a (very) plain 1: an undiscilplined local clock.

broadcast 224.0.1.1 ttl 4

This line is the server equivalent of the multicast line seen in the default client configuration: it tells the NTP server to broadcast on the NTP multicast network.

Further readings

Complete documentation about ntp.conf syntax can be found on the xntpd man page:

# man xntpd

Thursday, November 6, 2008

Stupidity never ends, as time, it continues to flow...

Just few hours ago I spent some time writing an entry about Mr. Berlusconi and his will to give advice to young and inexpert Mr. Obama.

No time has passed since then and I find myself writing again about the Italian Prime Minister and his first, and I bet not last, gaffe. If you can read italian, read it yourself. Here's the translated excerpt:
"Barack Obama? Young, beatiful and sun-tanned."
Mr Berlusconi goes just where nobody has, and wouldn't, gone before. I cannot even imagine Mr. McCain referring to Mr. Obama as "sun-tanned". What's worst, when he returned at his hotel and was asked about that unhappy statement, he quickly answered:
"If they don't have any sense of humor then it means that those fools have come into action, that they go be [offensive verb has been omitted]."
It's very sad, but sometimes I'm really ashamed that in my country, such a guy has been elected Prime Minister.

What a wonderful gift: a dish of boletus edulis

I spent the last two weeks wondering what I'd cook as a "surprise dish" for my girlfriend who was coming to spend some days at my house. The last week, moreover, winter seemed to have made its way to Spain, and I was thinking about some heat dish: a soup or a good risotto.

I then decided I wanted to feel at home: my dish would have Boletus Edulis as main flavour. Now, let's go and solve the first problem: finding good boletus. Here in Madrid (Spain), it shouldn't be such a difficult task. During the last week, the weather was favoring mush growth.

Well... difficult, it was. I started looking for gourmet shops and spent at least 20 EUR of gasoline jumping from one shop to the other. The best options I found were nothing but cheap: one mushroom, 20 EUR. The problem was the mushroom itself: I think whoever saw a boletus edulis in its natural environment before, would refuse eating that "thing". There was no option left, and I bought a couple of those micro-"boletus"...

I cleaned them carefully and put them in the pot. Where was that fantastic perfume evaporating from the mushrooms? I don't know. And I went out, going to pick my girlfriend up.

When I arrived, the big surprise! My brother-in-law's father is fond of walking into the woods looking for mushrooms. And two big, very big, boletus edulis, in all of their splendour, were waiting for me! I felt like a children with a new toy. And here's the recipe to serve boletus edulis as a side dish or, if you're really fond of them, to fully taste them melting in your mouth.

To preserve the taste of the mushrooms, don't wash them with water. Try to clean them first with the blade of a knife, retiring all the earth and only if it's necessary, quickly wash them without rubbing them too much below cold water.

Just heat some garlic in a pot with a couple of spoons of extra virgin olive oil, retire the garlic when it starts to brown, cut the boletus in thick pieces (about 2 centimeters), put them in the pot with some parsley and let them cook slowly 15 minutes, until all the water released by the mushroom evaporates. Salt them almost at the end and add oil at pleasure.

You can now enjoy a fantastic side dish with some good meat or eat them all as a second dish!

Yes, with Silvio, we can

Weren't he Mr. Berlusconi, when I read the news, I wouldn't believe somebody would say it. And when this somebody is such Prime Minister, it's even more unbelievable.

Here's the article (sorry once more, it's Italian) and here's the translated excerpt:
"The Prime Minister Mr. Silvio Berlusconi sent a message to Mr. Obama «for the important job waiting for him»: «I'm absolutely certain that friendship and collaboration between our two countries will continue growing and strengthening.». During his visit to the Eicma Fair in Milan, Mr. Berlusconi more informally added: «I can advise him [Mr. Obama] because I'm elder than him. I'll do it as soon as I'll be personally hugging him.»"
I'm recalling into my mind the victory speech of Mr. Obama. I was imagining him standing in front of his supporters and adding: "Yes, with Silvio, we can." It's no coincidence that Mr. Severgnini had a very similar reaction, has he commented in his blog, Italians, in the Corriere della Sera homepage. Thanks Beppe for this image.

Mr. Berlusconi, I would like to ask you some sincere questions: do you really believe what you're saying or it's just demagogy? And if it were demagogy, do you really think the average Italian is so stupid?

Personally I believe, Mr. Berlusconi, you should be asking Mr. Obama for advices, rather than offering yours. Italy would have its chance to change, too.

Wednesday, November 5, 2008

Why I set up my home network with Solaris

I often worked with Solaris, and I felt in love with it years ago, but until 2004 I never thought about installing it at home, mainly because what I really wanted was the system and a Sun machine. And in those times I couldn't afford buying a decent machine, neither was I interested in looking for an old-one and substituting my Slackware-based network, which was running on decent hardware.

I started to use Solaris for core network services, like exporting NFS shares, DHCP and so on. When Solaris 10 made was released and the Solaris Express program started, things have changed a lot and know I find myself running a pure 100% Solaris network and was left with not even a single GNU/Linux machine. Technologies like ZFS, DTrace and containers are revolutionary, I found them astonishing since the beginning: you canLink virtualize operating system and storage, or instrument your system with a new ad-hoc language and clean set of administrative commands; this, and much more, supported by good documentation. I think they are a major feature I would really miss using another operating system. I couldn't think living without ZFS or zones, nowadays.

I have a X2100 M2 server running the following services on top of Solaris 10 update 4:
  • DHCP server (global zone)
  • DHCP relay (zoned)
  • DNS server (global)
  • Subversion server (global zone, zoned)
  • NFS server (global)
  • LDAP server (global)
  • Web Proxy Server (global)
  • packet forwarding
All of these services, except LDAP and Subversion, are built-in in Solaris. Configuring them and starting them up was trivial, just a read-the-manual exercise. A good Subversion package, with even an SMF manifest, was installed from Blastwave repository, my favorite choice when I look for a Solaris package. The LDAP service is run with Sun Java System Directory Server, while the web proxy is a Sun Web Proxy Server instace, both of which are part of the Sun Java Enterprise System. Integration of Sun software packages and Solaris is obviously very good, and that's why everytime I can, I go for a Sun package rather than using an altenative. Installers are well done, your system is automatically patched, the installer usually let the administrator perform the initial configuration of the product and in a short time the service is up and running.

Another thing I love in Solaris 10 is the philosophy of some administrative commands: if you want to read the classical plain text UNIX configuration files, they're there. But the administrator is help by a great set of administrative command which act as a front-end to such files, greatly reducing the possibility of typos and misconfigurations which sometimes can be an headache.Link
All of the clients I have are either Solaris 10 or Solaris Express Community Edition whose setup is trivial: just install the system and load the LDAP profile. Voilà, 5 minutes after the first reboot, the machine is up and running and you can login with your LDAP-maintained account. And this is the same procedure I configure non-global zones, too. Moreover, since the earliest releases of the now defunct Solaris Express Developer Edition, I don't feel any longer the need of installing GNU/Linux in my clients because I have a good desktop and everything I need.

Another great feature of Solaris 10 are zones. Configuring a basic sparse zone is easy and it's a well documented procedure. The first zone I setup was aimed to solve a problem I had with deploying Blastwave's software. The second zone I deployed is used as development zone with an instance of Glassfish application server and Subversion server. The server is relatively small and always ran without any glitch. I don't have numbers, and I would like to have them, but zones seems a very lightweight solution with a good potential for scalability.

I can now connect to my home network, receive a DHCP number for the subnet I am connected to and start to browse files shared via NFS (or via the SMB protocol in the case a Windows succeeds entering my home), listening to music, watching a movie stored in my ZFS base RAID-Z disk array, or using remotely whichever program I need.

The only thing of which I'm left with the curiosity to try is buying a Sun Ray Client and give it a try.

100% Solaris, rock-solid, and free.

Choosing a laptop to connect to my home Solaris network

I need to change my (very) old laptop to something more powerful. It's been running for more or less four years and nowadays, even if it installs without problem, using Solaris Express or a modern GNU/Linux distribution is quite unthinkable. Or, I just got accustomed to more powerful machines and switching back to my laptop is always a pain.

It's a very long time I'm not buying a laptop so I started looking around. I mostly use PCs as a Java developer (listening MP3s) and the only requirement, for me, is an easy integration with my home network, which is a 100% Solaris network. I'd always been running Slackware Linux on the few PCs I owned and since two years ago, I was also running a Debian Linux virtual machine, and never experienced any integration problems with the other Solaris machines I have. Setting up DHCP on my network interfaces and configuring NFS shares it's a no brainer, even with the CLI. So, I was just looking for a sufficiently powerful machine to run Slackware without major problems: my (good) experience with Slackware started back in the 90's and I'm "inoculated" against the anxiety syndrome generated by non-working hardware.

But an interference unexpectedly appeared: a friend of mine, an Apple zealot, started to trying to convince me to buy an Apple machine. To say the truth, I must be one of the few guys in the world which isn't desiring buying a machine from Cupertino (at least for my statistically insignificant experience). GUI bells and whistles don't usually hypnotize me, neither does the beautiful and polished appearance of Apple machines. I wasn't seeing any major advantage to buying an Apple rather than an HP or a Lenovo and running GNU/Linux. Until my friend came to my house and showed me the OS X.

Connecting to the network and mounting an NFS share took approximately 5 seconds, without having used (ever) that system before. You may say that's nothing special, but: did you try that on Slackware or Debian? Even a potential problem, such as the fact that the user created by my friend for me had a different UID and GID that those I needed (and there was no way to change that with the GUI), was easily solved consulting the very good documentation of the system. I don't like opening a terminal and discovering that usermod does not exist but at least the quality of the documentation filled the gap. The price of a MacBook or a MacBook Pro isn't exagerated, compared to the price of a quality-equivalent machine from Lenovo, for example.

Some may say I could install Ubuntu and give it a try. Well, I did it. But there's no comparison with Mac OS X GUI. I'm a Solaris user and a long-time slacker, so CLIs don't scare me: I indeed prefer very often opening a terminal rather than clicking with the mouse. But I want to recognize the high quality of the GUI of OS X, which is, in my humble opinion, much more user-centric, intuitive and good-looking than any other GUI I saw on a GNU/Linux system.

Summarizing, I played an entire day with that laptop, ssh-ing to my server, opening remote X11 connections and so on. And it felt very comfortable and productive.

I really think I'll give Apple (and Mac OS X) a try.

America has chosen: Obama

If there is anyone out there who still doubts that America is a place where all things are possible, who still wonders if the dream of our founders is alive in our time, who still questions the power of our democracy, tonight is your answer.” - Barack Obama

The racial barrier has been swept away: the 44th President of the United Stated of America will the first black man who will enter the Oval Office as the President.

Seen by the humble eyes of a stranger as I am, it seems the last victory, a highly symbolic victory of freedom in a relatively new nation whose history has unfortunately been stained by many racist acts and decades of bloody fights to establish a situation of freedom and justice. For all. For a situation which, at my eyes, should just be called democracy or normality.

Many newspapers are reporting extracts of the speech of Mr. Obama and I opened the blog with one of the phrases I liked most, because it contains and synthesized the hope and the trust in democracy, which was what I had lost after almost a decade with Mr. Bush in the Oval Office.

Congratulations, Mr. Obama, and have luck. You made history and will enter the White House in one of the most difficult periods in the North American history that I can remember since I'm alive. A probably prolonged and very difficult economic recession is waiting for you. People who trust you will be waiting for the change you promised. And the weariness and the disenchantment produced by two wars, left as a heavy legacy by the George Bush administration, will be waiting for you to ease.

You said "That's the genius of America - that it can change." And it's true. So, good luck Mr. Obama, and thank you America: you could and you did the change. I hope that now America will have much more credit, and it deserves it. Reading the international press, I think the mood of the world has already changed. Mine, has. And I really feel confident that this time, the great problems of the world such as economy, environment, the Middle East question, do really have a chance to be solved.

Tuesday, November 4, 2008

A midwinter night's dream

I really wanted to recapture some of the frankincense and myrrh in this music, and the process was a fresh reminder of the diversity of so many traditions when it comes to music of the winter season. The songs are rich with abundant references to the natural world and connections to our spiritual and religious bearings; it's clear that people have always used winter as a time of reflection.

The seasons have always held their mysteries and wonders, and we mere mortals have been fascinated by them and driven to understand our inter-relationship with the natural world,
as we try to discover the spiritual and religious significance of it all. Over the centuries, music has become a conduit for that reflection as it strives to capture the interweave of our existence. This recording is one modest rendering of that fascination, a kind of discovery chest of musical merry making, inspired by some traditions I have encountered along the way. May the spirit of love, joy and renewal be yours.

With these words, Loreena McKennitt introduces us to her new album, A midwinter night's dream. This new seasonal collection (the second with A winter garden: five songs for the season, of which this album contains all 5 tracks) was recorded at Peter Gabriel’s Real World studio in England and contains another 8 brand new songs. The track list is the following>
  1. The holly and the Ivy
  2. Un flambeau, Jeannette, Isabelle
  3. The seven rejoices of Mary
  4. Noël nouvelet
  5. Good king Wenceslas (from A winter garden)
  6. Coventry carol (from A winter garden)
  7. God rest ye merry, gentlemen (Abdelli version) (from A winter garden)
  8. Snow (from A winter garden)
  9. Breton carol
  10. Seeds of love (from A winter garden)
  11. Gloucestershire wassail
  12. Emmanuel
  13. In the bleak midwinter
In this album Loreena show us once more its eclepticism and its wide musical interests, with strong influences ranging from Classical, to Celtic and Middle East. McKennitt herself plays lever harp, piano and accordion and is accompanied by:
  • Brian Hughes - oud, guitar
  • Hugh Marsh - violin
  • Caroline Lavelle - cello
  • Donald Quan - viola, percussion
  • Ben Grossman - hurdy gurdy, percussion
  • Simon Edwards - bass
  • Rick Lazar - percussion
  • Stratis Psaradellis - greek lyra, greek lute
I want to close wondering about Loreena's introductory words: "The songs are rich with abundant references to the natural world and connections to our spiritual and religious bearings; it's clear that people have always used winter as a time of reflection." It's clear that McKennitt herself loves winter so much. You can smell it, you can see it, you can shiver, with her music. Even in traditional songs from cultures so different (such as Good rest ye merry, gentlemen), you still recognize the basic principles about living a feast together: a community gathering around, listening to the same music, dancing together at the very same notes.

It's also worth noting that, amongst the great number of works she produced, winter always had a privileged position: she released 10 albums of which 3 are winter-centric (To drive the cold winter away, A winter garden, A midwinter night's dream).

If you love Loreena, buy it or download it from the official website and enjoy. And if you want to give somebody an original gift, this album is a good option to enrich the atmosphere of the long cold nights that await us until Christmas.

Monday, November 3, 2008

Setting up Blastwave's MySQL 5 on Solaris 10

I had to setup an instance of MySQL 5 on Solaris 10 update 4 and, given that it's not shipped with the OS, I relied on Blastwave's package. The package was really easy to install:

# /opt/csw/bin/pkg-get -i mysql5

Once the package was installed, I was please to see that a SMF manifest was also installed for it:

# svcs -a | grep mysql
offline 21:23:57 svc:/network/cswmysql5:default

An user and a group for the MySQL daemon were created, too:

$ cat /etc/passwd | grep mysql
mysql:x:109:103::/opt/csw/mysql5:/bin/false
$ cat /etc/group | grep mysql
mysql::103:

The first thing I did was examining the SMF methods script, which is declared in the service manifest and is /opt/csw/lib/svc/method/svc-mysql5. Because of Blastwave's packages quality level, I wasn't surprised to discover that the script is very well documented and getting MySQL to work was really straightforward.

First, I run the /opt/csw/mysql5/share/mysql/quick_start-csw script:

# /opt/csw/mysql5/share/mysql/quick_start-csw

This is the blastwave quick start script to setup a MySQL5 database directory.

The base directory is /opt/csw/mysql5.

The default database directory is /opt/csw/mysql5/var.


If you have not setup a partition for the database and

you want one; now is a good time to exit this script and

create and mount the partition.


If you have not setup a my.cnf file and you do not want
one of the sample files; now is a good time to exit and
create the file /opt/csw/mysql5/my.cnf.


Data directory: The default is /opt/csw/mysql5/var.

Accept the default or enter a directory [?,q]

my.cnf pathname: The default is either to use the supplied file in the base directory or to create one in the base directory from the small memory footprint sample. If your enter a pathname, it will be used to create the options file in the base directory.

Accept the default or enter a pathname [?,q]
Using /opt/csw/mysql5/share/mysql/my-small.cnf to create the options file.
data directory is /opt/csw/mysql5/var

Continue with installation or quit [y,n,?,q] y
Setting up the database
Creating MySQL core database in /opt/csw/mysql5/var

### The following messages are from mysql_install_db.
/opt/csw/mysql5/bin/mysql_install_db: !: not found
/opt/csw/mysql5/bin/mysql_install_db: !: not found
Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/opt/csw/mysql5/bin/mysqladmin -u root password 'new-password'
/opt/csw/mysql5/bin/mysqladmin -u root -h moneytrans-devel password 'new-password'

Alternatively you can run:
/opt/csw/mysql5/bin/mysql_secure_installation

which will also give you the option of removing the test databases and anonymous user created by default. This is strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:

cd /opt/csw/mysql5 ; /opt/csw/mysql5/bin/mysqld_safe &


You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /opt/csw/mysql5/bin/mysqlbug script!

The latest information about MySQL is available on the web at http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com

### The following messages are from quick_start-csw.
See /opt/csw/mysql5/share/mysql/doc/README.CSW for packaging changes. Please ignore references to starting mysqld_safe in the messages above. These messages are from mysql_install_db. See the following for starting CSWmysql5. To start mysqld; run `svcadm enable cswmysql5` on Solaris 10 or later

After this, as the script's output informs us, I set up root password for the database and run the /opt/csw/mysql5/bin/mysql_secure_installation script to secure the database instance, the only caveat being setting up the PATH properly because this scripts expects to find the mysql program:

# export PATH=/opt/csw/mysql5/bin:$PATH
# /opt/csw/mysql5/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
... skipping.


By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? [Y/n] Y
... Success!


Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
... skipping.


By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? [Y/n] Y
- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? [Y/n] Y
... Success!


Cleaning up...

All done! If you've completed all of the above steps, your MySQL installation should now be secure.

Thanks for using MySQL!

Really easy! It started up and worked without a glitch. And if you want to customize your installation, as I already stated, I found good documentation right inside the very SMF script used by this service which can be found at /opt/csw/lib/svc/method/svc-mysql5.

Freezing for fun.

Once I thought spas were just a fashion, and they're proving to be a very resilient fashion. Spas, in my head, were just what thermal baths were during the Roman Empire, with additional luxury and entertainment. I was born in a zone which is very rich of volcanic thermal waters, so I was sort of accustomed to thinking about being covered with mud or waiting like a lobster in a tank of boiling water. When I was younger, I associated these customs with "old age". With time, I must confess that I started appreciating this kind of cares and 20 years later, I'm a spa fun, too.

This morning, when I was reading my newspaper, I saw this article (sorry, but it's italian). Maybe I'm no good at foreseeing fashions, but I'm curious to know if this will be as resilient as thermal baths are. Summarizing: Japaneses (who else?) are launching total body cryotherapy.

You just put on your bathing costume, you enter a room at -15 ºC, just "to break the ice"... After some seconds, you enter another one... at -60 ºC. Without stopping (to avoid literally freezing your blood), you enter the last chamber at -110 ºC and remain there 3.5 minutes.

Japaneses assure that when you go out you'll experience a state of euphoria. Good for the body, good for the soul. Euphoria... wouldn't it be some neuron gone nuts?