My South

doukoula console login: pascal
Password:            login account failure: No account present for user
   instance svc:/system/console-login:default exited with status 1

What's the problem?
It is the nscd, the Name Service Cache Daemon.

What did I wrong?

I just read this (in German):

http://heise.de/-1413109
(in short: For ARM devices, Microsoft insists on having UEFI secure boot for their Windows 8 system, and metro apps will only be available on the Microsoft app store with signed code).


My comment:
The game is already at its end, my opinion.

Everybody wants closed platforms, "ecosystems". Nobody wants an open platform, besides us "freaks".

Developers DO want a closed platform, as a radical DRM/Licensing will generate guaranteed revenue and they can bully the user like they want to motivate them to pay more.

When you wonder why your known_hosts file has changed or you don't find your hosts:

|1|AEf8B/QCP+1wRKA761Cq/woad4s=|HVEWXKDdRpZmO3GeQ5T37xCFwgE= ssh-rsa AAAAB3NzaC1
yc2EAAAABIwAAAQEAt20HN/iasjy9KEW/BGjtxlsy8oebyEEnZvKAnjMck0EEVbA5rtE4dzisnbrYwZ4
67JP+p9UGZDQa4jbVo2ZHmz28nQapmw1WpLBD2wSN66PsMk5QCxICxBC6PDCOlwakQvLNES2B9R2cuev
G9Ag2ni+2Qdb17gEkkh2MZ91INylAzM7QWW7soGoSf1TsshSHexfMt12zb6kWxRuRCeT4fOzlJNOmPgr
uE3wTt/kfEbvPBZwDyUbEKApfYIxO8ic+FyO7qFEjHkhqT7px/oJMLS279uUHlhG+KWtPxYPhWaYulPZ
hhdn4D6pR+6shjPsH4VTyAUGwf7usKUvJZP59Ww==

Then your ssh server software is a new version which hashes the known hosts file entries. To remove entries from there because the host key differs (you installed the host completely from scratch), just type:

ssh-keygen -R hostname

or

ssh-keygen -R ipadress

That's it.

If you have a new ssh package, you may hash yourself your known_hosts file by typing:

ssh-keygen -H

Just because it happens again today:

After doing a very minimal Solaris 10 installation without remote services enabled, it is always the same thing to get the SSH server running (Solaris 10 DVD in drive):

# mount -F hsfs /dev/dsk/c2t0d0s0 /mnt
# cd /mnt/Solaris_10/Product
# pkgadd -d . SUNWsshdr SUNWgssc SUNWgss SUNWsshcu SUNWuiu8 SUNWsshdu SUNWsshr SUNWsshu
# cd /etc/ssh
# ssh-keygen -t rsa -b 2048 -f ssh_host_rsa_key
# ssh-keygen -t dsa -b 2048 -f ssh_host_dsa_key
# svcadm enable ssh

Replace device of the DVD drive with your actual configuration.

A real case of RTFM of OpenSSL ...

After un upgrade of OpenSSL to Version 1.0.0 (from 0.9.8) the certificate authority chain of my certificate did not show up any more (was not given by the TLS server). A look in the OpenSSL manual could have helped to save 20 minutes of error searching :)

A

for i in *.pem; do ln -s $i `openssl x509 -noout -subject_hash -in $i`.0; done

was enough to restore the hash index links for my CA certs (the files did not have any whitespace or punctuation marks in their filename so $i was enough).

The manual states:

-subject_hash
outputs the ``hash'' of the certificate subject name. This is used in OpenSSL to form an index to allow certificates in a directory to be lookedup by subject name.

-subject_hash_old
outputs the ``hash'' of the certificate subject name using the olde ralgorithm as used by OpenSSL versions before 1.0.0.

Fascinating.

May many of your wishes may become true in 2012.

Just a note: Ubuntu updater offers 11.10 final:

Just a short note:

It contains important fixes for PKCS11 handling of KMS (Crypto Key Management).

Apparently Android 2.2 is not capable of displaying arabic characters possible.

Has this changed in Android 2.3, 3.0 and 3.1?

As I want to test an IP multipathed iSCSI storage configuration under Solaris 10 and 11 I wanted to set them up in Oracle VirtualBox. It was more or less easy.

Please do not forget to install the VirtualBox guest tools, otherwise the guest will crash as soon as the host system "steals" CPU cycles.

On text-only installs, mount the CD image like this (Solaris 10, CD is IDE master):

# mount -F hsfs /dev/dsk/c0t0d0p0 /mnt

On Solaris 11, the CD was attached to controller "7" target "1" (SATA, Port 1)

# mount -F hsfs /dev/dsk/c7t1d0p0 /mnt

Then:

# pkgadd -d /mnt/VBoxSolarisAdditions.pkg

If you accidentally upgraded your root zfs pool (which is not recommended until it is supposed to be done from Oracle) do not forget to update your boot signature,  your boot archive and your grub installation -

but do not reboot before having done this, otherwise the system won't boot any more.

Don't upgrade the root pool! You won't be able to repair your system when booting from the actual Solaris 10 boot CD (09/10) as the root pool cannot be mounted then. The following steps are to make sure that your system will at least boot when you did the upgrade accidentally.

Example:

Since Kernel patch/update 144501-19, Oracle now puts zpool version 29 and zfs version 5 into production.

One visible change is the more detailed status when doing a scrub or a resilver operation:

# zpool status
  pool: rpool
 state: ONLINE
 scan: scrub in progress since Mon Aug  8 16:18:21 2011
    1.98G scanned out of 3.66G at 50.7M/s, 0h0m to go
    1.98G scanned out of 3.66G at 50.7M/s, 0h0m to go
    0 repaired, 54.13% done
config:

        NAME        STATE     READ WRITE CKSUM
        rpool       ONLINE       0     0     0
          c1t0d0s0  ONLINE       0     0     0

errors: No known data errors

My "day-book" of my Ubuntu experiences as a day-by-day system can be found here:

http://southbrain.com/south/articles/me-and-my-desktop-ubuntu-1104.html

The article will grow and be split in multiple ones.

As you know, kissmetrics' tracking algorithm is based on the ETag resource sent along with every document from http servers. Its normal use is to distinguish cached documents from new versions, if the document to be delivered has altered a new ETag is generated. In web caches every cached resource is stored with its ETag.

For a request on a resource stored in the web cache a http header line like

If-None-Match: "H33jh3gggIU§gug3kjhgHhjbkc3"

will be added to the request which means "please send out the document only if its ETag is no longer H33jh3gggIU§gug3kjhgHhjbkc3".

kissmetrics generates ETags as User-IDs to be tracked and every site which uses kissmetrics to analyze web traffic data will include a small kissmetrics.com-request in their web site. The web browser cache will cache this little resource along with its ETag which is NOT its calculated ETag but the kissmetrics "user id". So on every site with a kissmetrics "bug" the request gets done with the

If-None-Match: "your_kissmetrics_user_id"

And voilà, you're tracked. Deleting cookies does not help. You have to clear your cache in your web browser after every site visited. Not very useful.

A possible solution would be to use a web proxy like squid which can easily filter out the "ETag" headers. So web browsers will use the "If-Modified-Since:"-method to make web servers to deliver documents only if they have changed. This will not work on most dynamic web sites however as web application programmers often forget to set and to honor this request header (using the last changed timestamp of the displayed data for example).

I will try it.

I'll begin on Wednesday. No more Macintosh, no more Windows - I chose Ubuntu 11.04 on a Fujitsu Siemens Esprimo PC with an Intel Core 2 Duo CPU running at 2,1 GHz. 4 GB RAM and a 500 GB Western Digital Enterprise Storage Hard Disk.

Not an expensive choice - I spent 150 Euros for the old PC, the new RAM and the new hard disk.


Will I be able to work day by day with this machine? Doing business? Watching movies? Playing games? Writing letters? Browsing the Internet? We'll see!

Just in case you want to try it.

I don't have any SPARC Solaris 10 (and 11) machine left under my hands.

So I cannot test/evaluate future changes any more. Actual version is 1.3.1 which includes a Solaris 10 SPARC binary/package (pkg).

x86/amd64 binary versions are not affected.

vhci_stat is an utility created by myself to get a simple overview of all multipathed volumes and the appropriate SCSI inquiry result and ZFS pool membership. It works with FiberChannel links as well as with iSCSI connections.

Source is still included but I won't be able to create SPARC binaries any more.

http://southbrain.com/south/software/vhci-stat.html

Just had a problem about a crontab not being executed for a system user. In /var/cron/log the message

! bad user (cyrus) Mon May  9 08:05:00 2011

shows up.

The cure was simple: The system user "cyrus" had a locked password in /etc/shadow:

cyrus:*LK*:::::::

Cron does not like this. Just set a random password for the user and throw it away. Damn. Solaris 10 Cron does not work with "locked password"-Users.