oracle to buy sun microsystems

Today Oracle and sun announced that they will be buying Sun Microsystems. And this is big!

Imagine the biggest non opensource database company not only owning their biggest rival MySQL but also a lot of other key internet technologies such as: java, solaris,  netbeans, virtualbox  (virtilisation software) , openoffice (A microsoft office “clone”). Not to mention the great technologies SUN has turned out in the last years, amongst them ZFS. (A totally new way of implementing an in theory unlimited journaling filesystem with end to end check summing on all data, and for many considered the best thing since sliced bread.) But also their own CPU architecture the SPARC and will be producing their own hardware to run all this software on.

I still haven’t decided if i should be scared or happy for the effects this will have on a lot of open source software. Interesting times we are living in!

And i’m not the only one thinking that and it is worrying that Oracles website could not cope with the load, but SUN’s could.

Content server request failed

But sun's did handle the load.

Some quotes from sun:

Press Release Quotes

“The acquisition of Sun transforms the IT industry, combining best-in-class enterprise software and mission-critical computing systems. Oracle will be the only company that can engineer an integrated system – applications to disk – where all the pieces fit and work together so customers do not have to do it themselves. Our customers benefit as their systems integration costs go down while system performance, reliability and security go up.”

Larry Ellison
CEO
Oracle

“Oracle and Sun have been industry pioneers and close partners for more than 20 years. This combination is a natural evolution of our relationship and will be an industry-defining event.”

Scott McNealy
Chairman of the Board of Directors, Chairman of Sun Federal, Inc.
Sun Microsystems

“This is a fantastic day for Sun’s customers, developers and partners across the globe, joining forces with the global leader in enterprise software to drive innovation and value across every aspect of the technology marketplace. From the Java platform touching nearly every business system on earth, powering billions of consumers on mobile handsets and consumer electronics, to the convergence of storage, networking and computing driven by the Solaris operating system and Sun’s SPARC and x64 systems. Together with Oracle, we’ll drive the innovation pipeline to create compelling value to our customer base and the marketplace.”

Jonathan Schwartz
CEO and President
Sun Microsystems

Even Swedish mainstream media have started to cover the story. For example Svenska Dagbladet and Dagens Nyheter .

the first security related bug in djbdns

As someone put it, hell froze over today.

Daniel Bernstein aka. djb for the first time have paid out the promised 1000$ for the first security related bug in djbdns.

Basically if you have a subdomain (a setup that is discouraged, but supported) in control by a third party that third party can poison your cache to send out wrong answers to dns queries. Details of the bug and how to exploit it can be found here.

But still the first alpha of djbdns was made public 10 years ago and this is the first security bug. (The current version of djbdns was released in February 2001) That is a really good security record, specially considering that a big company like Microsoft can’t even manage 10 months without new security bugs…

So there will be a new version released soon, and djb says there will be a new security guarantee.

Here is the original announcement from Bernstein:

Date: 4 Mar 2009 01:34:21 -0000
From: D. J. Bernstein
To: dns@list.cr.yp.to
Subject: djbdns<=1.05 lets AXFRed subdomains overwrite domains

If the administrator of example.com publishes the example.com DNS data through tinydns and axfrdns, and includes data for sub.example.com transferred from an untrusted third party, then that third party can control cache entries for example.com, not just sub.example.com. This is the result of a bug in djbdns pointed out by Matthew Dempsky. (In short, axfrdns compresses some outgoing DNS packets incorrectly.)

Even though this bug affects very few users, it is a violation of the expected security policy in a reasonable situation, so it is a security hole in djbdns. Third-party DNS service is discouraged in the djbdns documentation but is nevertheless supported. Dempsky is hereby awarded $1000.

The next release of djbdns will be backed by a new security guarantee. In the meantime, if any users are in the situation described above, those users are advised to apply Dempsky’s patch and requested to accept my apologies. The patch is also recommended for other users; it corrects the bug without any side effects. A copy of the patch appears below.

—D. J. Bernstein
Research Professor, Computer Science, University of Illinois at Chicago

— response.c.orig 2009-02-24 21:04:06.000000000 -0800
+++ response.c 2009-02-24 21:04:25.000000000 -0800
@@ -34,7 +34,7 @@
uint16_pack_big(buf,49152 + name_ptr[i]);
return response_addbytes(buf,2);
}
- if (dlen <= 128)
+ if ((dlen <= 128) && (response_len < 16384))
if (name_num < NAMES) {
byte_copy(name[name_num],dlen,d);
name_ptr[name_num] = response_len;

Invalid PHP_SELF Path when upgrading to Cacti 0.8.7b on FreeBSD

When upgrading cacti to the latest version i always get bitten by my browser displaying the error “Invalid PHP_SELF Path” . Recently it happened when upgrading to Cacti 0.8.7b, but it also happened to me when upgrading to cacti-0.8.6j and cacti-0.8.7a. So i thought i better write about it here so you all can find the patch.

The fix is quite simple:

In /usr/local/share/cacti/includes/global.php, comment out (by prepending it with //) line 113 that looks like this:

if (!((is_file($_SERVER["SCRIPT_FILENAME"])) && (substr_count($_SERVER["SCRIPT_FILENAME"], $_SERVER["PHP_SELF"])))) {

And just after that line add this one instead:

if (!((is_file($_SERVER["SCRIPT_FILENAME"])))) {

Thats all you need to do to get your cacti working again.

Debugging mysql on the wire

Earlier today i was struggling with a mysql replication that didn’t work and while banging my head at that problem i realized that maybe i would help to see what the master actually sends to the slave. Well i decided to redo my whole replication setup and see if that would help and it did.

But the idea of actually debugging what was sent on the wire still lurked around in my head so i decided to at least write some thing about it here. just in case someone else would like to do the same thing.

And it’s really easy to do. If you don’t have wireshark, install wireshark like this:

# cd /usr/ports/net/wireshark

# make install

So now when we have the tool here is how to use it for debugging mysql by listening to what actually get transmitted to the server:

# tshark -T text -V -f ‘dst port 3306′ | grep -i Statement: | cut -b25-

Now just lean back and watch the output looking like this:

select address from pools where citypool = ’sth.globalns.openpeers.net’ \n
select address from pools where citypool = ’sth.globalns.openpeers.net’\n
select address from pools where citypool = ‘lon.globalns.openpeers.net’ \n
select address from pools where citypool = ‘lon.globalns.openpeers.net’\n
select address from pools where citypool = ‘none.globalns.openpeers.net’ \n
select enabled from site where name = ‘www’ and site = ‘arnold’ and domain =’globalns.openpeers.net’ and enabled = 1\n
select pool from which where nexthop = ‘83.142.224.2′ and enabled = ‘1′\n

But hey! Whats this it looks like i’m sending identical mysql queries!

Thats right while writing this entry i noticed a flaw in my program! That was very easy to code in a better way. So writing this post  helped me to fix a flaw that i didn’t even no existed.

Btw. by using port replication in your switch you can divert all traffic for the sql server to another box analyzing the traffic. Save load on the client or server, or enables you  to debug a multi client setup.

how to speed up downloading ports

Well i guess you all sometime have noticed that the ports system isn’t so smart about which ftp server to start downloading distributions from. Quite often i have noticed that the multi megabyte file i’m downloading comes from japan. Not optimal at all…

Well today Wesley Shields pointed out  on freebsd-ports  that there is a solution to this problem. There is a port under ports-mgmt called fastest_sites that is neat to have. fastest_sites sorts the MASTER_SITE definitions depending on the round-trip time for the tcp-handshake. (ping isn’t really useful since it could be blocked out by firewall rules)

So lets go ahead and install this nice tool:

# cd /usr/ports/ports-mgmt/fastest_sites

# make install

Now you have installed the fastest_sites program, so run it to generate the sorted list of master sites:

# fastest_sites > /usr/local/etc/ports_sites.conf &

This step will take some time, there is a lot of sites to probe… While waiting add the following line to /etc/make.conf:

.include "/usr/local/etc/ports_sites.conf"

Done!

Now each time you install a port make will choose from the list sorted after temporal proximity instead of just guessing randomly.

Quite often this makes a great difference! Especially if you happen to be close to one of the listed master sites.

Naturally master sites come and go, but also the network load and topology might change so run fastest_ports now and then to keep your own database up to date.

The orginal site for this application can be found here at Jodan Sissel’s site semicomplete.

Supercomputer inflation

Today i read on slashdot and other places that Microsoft and Cray are releasing a $25000 HPC 2008 server ready “supercomputer”. Why someone would like to run windows on a supercomputer i can’t tell. But since Cray tends to do sexy machines i decided to look the CX1 up. Well maybe you could call it a little bit sexy, but when you look at the specification of that machine you realize that its not a supercomputer at all! It’s a 8 slot blade server with each board supporting dual Xeon processors. So the $25000 i would guess is for the system and one blade with one CPU…

Well some teenagers having a LAN party will bring together more CPU power than that nowdays…

Btw. i couldn’t buy one even if i wanted to. Their website didn’t allow me to configure a model since “This section of the Website is compatible with only Microsoft Internet Explorer 6.x and higher.”…

Some more articles about this “supercomputer:”

ZDNet

Windows server division

Howto run chrome on FreeBSD 7.0

So as i promised you in my last post (actually posted from chrome!) here is how i managed to get chrome running on FreeBSD. Actually this time around it was simple… The secret key lies in the new 1.1.4 version of wine released today.

Step by step follows…

First install wine 1.1.4:

% wget http://prdownloads.sourceforge.net/wine/wine-1.1.4.tar.bz2

% tar xfz http://prdownloads.sourceforge.net/wine/wine-1.1.4.tar.bz2

% cd wine-1.1.1

(I had some problems with wineinstall so i did a manual installation)

% ./configure

% gmake depend

% gmake

% gmake install

Now wine is updated, lets do the magic for wine.

(And remember to take a backup of .wine before trying this, or as i do below hide your .wine and install fresh in a new .wine)

% cd ~
% rm winetricks
% wget http://www.kegel.com/wine/winetricks
% mv .wine .wine.old
% sh winetricks msxml3 corefonts firefox flash winxp

So now you can let firefow install chrome for you, just go to chrome.google.com and install it directly from their webpage!

When done quit firefox and run chrome with this command:

wine ".wine/drive_c/windows/profiles/$USER/Local Settings/Application
      Data/Google/Chrome/Application/chrome.exe" --no-sandbox --new-http
Thats all to it now when the wine crew has fixed wine!

Total success in running Chrome on FreeBSD!

No i have secceded in runing chrome on FreeBSD 7.0-STABLE it’s not fast bot it works. I’m even writing this blog entry using chrome!

But i’m not pushing my luck so i will keep this entry short and write the howto in another entry using firefox…

The short story is use wine 1.1.4, but hang on i’ll give you a complete howto in my next entry.

I’m running google chrome on FreeBSD, part 3

Well there have been a lot of work going on in the wine community and version 1.1.4 of wine released today includes some fixes for running chrome under wine emulation.

Right now i’m in the middle of compiling  wine from source and i’ll be back shortly with information about if it was a success or not…

In the mean time i hope the FreeBSD port maintainer is doing the same since i guess there will be a lot of FreeBSD users who would like to give chrome a good test run.

Btw. i guess i should mention that linux users have already have managed to run chrome under linux. But the performance isn’t the best.

I’m running google chrome on FreeBSD, part 2

After some more testing and googling i found some hints in the Wine AppDB. Apparently i needed some DLL’s from microsoft and some extra arguments for wine to get further. To get the DLL’s use winetricks and winetricks need cabextract so install that first.

So this is what got me further down the road to a working chrome on FreeBSD:

% su

#cd /usr/ports/archivers/cabextract

# make install

# exit

% rehash

% wget http://www.kegel.com/wine/winetricks

% sh ./winetricks riched20 riched30

% wine "$HOME/.wine/drive_c/windows/profiles/$USER/Local Settings/Application
        Data/Google/Chrome/Application/chrome.exe" --new-http --in-process-plugins"

Now i managed to go to www.slashdot.org and got past the first redirect (That sends you to slahdot.org) and slashdot started to render before chrome crashed.

chrome running on FreeBSD, crash after starting to render slashdot.org

From the output of wine it seems like there is some issues with locking that isn’t implemented in wine yet, but i’ll start digging into that and see where where i will end up. The next thing to try is to test different FreeBSD threading libraries and see what that can do for us.

I’ll keep you posted when more info is available, so keep an eye on my RSS-feed.