Month: April 2009

Sun Webstack 1.4 – Packages on Crack

I am a huge fan of Sun Microsystems.
I love Solaris 10.
I love ZFS.
I love RBAC.
I love zones.
I really love T2/T2+ processors.
I especially love the T5140 and X4450 servers.

One thing I cannot figure out though, is why Sun lets obviously delirious cocaine addicts package their software. Maybe I’m exaggerating but I think that many will agree that Sun’s packages leave much to be desired in general. On top of that, Sun seems to have a constant need to move software around and invent new paths- to boldy go where no sysadmin has gone before????

Our journey begins with the mythic /usr/ucb/ directory- a true treasure chest for those making the adjustment from Linux. We’ll continue to /usr/local/ ala sun freeware (actually the most normal place we will visit but not actually supported by sun) and then arrive at the more recent /usr/sfw.

On your right, we’ll be passing the Coolstack project (Not Officially Supported by Sun) located reasonably in /opt/coolstack. Notice the configuration files in /opt/coolstack/etc, apache located comfortably in /opt/coolstack/apache2, mysql located in /opt/coolstack/mysql. Can anyone guess where the SMF manifests are? My first guess would have been /opt/coolstack/var/svc… similar to the native manifests but I would be wrong because that would make too much sense or be too easy. Anyway- they are hiding in /opt/coolstack/lib/svc…

Wait- what’s that ahead? Coolstack is falling into disrepair, no longer to be updated. Instead, there will be a new neighborhood called Webstack and it WILL be officially supported by Sun- Time to get high. Can’t figure out where anything is? I’ll give you some hints:

Looking for configuration files? Don’t try /etc or /opt/webstack/etc. You should be looking in /etc/opt/webstack ??!?! Since when does that directory even exist?

Looking for your MySQL data directory? Don’t try /opt/webstack/mysql/data (similar to the existing structure in coolstack). Bet you wouldn’t have guessed /var/opt/webstack/mysql/5.0/data – /var/opt ??!?! What is that? Maybe for the 1.5 release they could put it in /usr/ucb/opt/usr/local/var/spool/sfw/webstack/mysql/5.0/data?

How about your default DocumentRoot for Apache? You must have guessed it by now: /var/opt/webstack/apache2/2.2/htdocs

Anyone here running webstack on Linux? In that case all the directories are different. I guess Sun wanted to make it difficult to run their stack on heterogenous environments?

Seriously- I really hope Sun wises up and fixes this before they hope for widespread adoption of the 1.5 release.

Internet Rimon – First Impressions

Last night I came home to a house without Internet. It is my fault really- I hadn’t found time to switch to a new provider and my old job finally canceled the account they had given me.
Most of the reason I hadn’t decided on a new provider was because I was debating switching to the new Israeli ISP – Internet Rimon.

On one hand they provide “kosher internet” and it seems the religious thing to do.
On the other hand, I have been responsible for providing filtered internet solutions before and I was worried that the filtering would make it impossible for me to work from home.

Now before I say more, I’m signed up to the most basic package which is only supposed to filter out pornography and violence. It is taking the “blacklist” approach which will always have some cracks. I would assume that the more protected packages work differently and possibly “better”.

As the package is, it looks to me like it will filter out casual contact with unwanted content. It may even stop an undetermined teenager. It has no chance of defeating someone mildly determined. I don’t see much in the way of special technology that was all hyped up in the media.

In short, I bypassed the filtering at least two ways in 20 minutes using nothing but freeware and a browser. If you think Internet Rimon is going to protect you kids from the Internet, don’t rely on the basic package. I’m not sure the stricter packages are better but I can tell you that the basic package will only stop casual browsing from landing on something immodest.

Cisco ASDM unconnected sockets not implemented

Cisco ASDM recently started giving me the following error: unconnected sockets not implemented.

After checking around, it seems that this is a known issue with newer Java releases, specifically the current version seems to require JRE 1.6u7.

Downgrading is an option but it is unnecessary. Instead open the Java control panel (Control Panel -> Java -> Java tab) there is a section “Java Application Runtime Settings”. Click View.

This dialog controls which JVMs will be used when using JNLP (Java Network Launch Protocol). This is the technology behind the Cisco ASDM Java Applet. Uncheck the newer JVM versions and run the ASDM applet from the Cisco ASA web interface… this fix will not work with the ASDM Launcher.

This way you can still use the newer JVM for most applications, even re-enable/disable them for JNLP as needed.