UNIX Administratosphere

The first thing I do when I log into a system, including Solaris, HP-UX, FreeBSD, and Linux is exec ksh. Whatever for?

Consider this fact: the root shell on FreeBSD defaults to C shell; HP-UX defaults to the POSIX shell (without history); Linux almost everywhere defaults to bash. All of these shells are different in various ways. It is possible you might log into three separate machines and get three separate shells with three different ways of handling things.

Using Korn Shell means that all of these systems will be standardized on one shell, and every system will act the same when you interact with it. There will be no surprises – and surprises at the root command line often translate into disastrous errors.

On HP-UX, using ksh has the additional benefit of enabling history for root – although the security risks of this make this a dangerous benefit: best to erase history after you log out and to make sure that history is independent for every root shell.

What makes this possible is that the Korn Shell is available virtually everywhere, including FreeBSD, Linux, Solaris, and HP-UX – whereas other shells are not (which includes C shell, Bourne shell, and bash).

When you choose to work in system administration, generally you have to focus on one operating system or another. The dichotomy comes in choosing a system to focus on for your career.

How do you go about choosing which system you want to administrate as a career? Do you go with a common system like Microsoft Windows or a relative rarity such as OpenVMS?

If you go with Microsoft Windows Server, for example, there will always be jobs available (relatively so, anyway). Every corporation seems to have at least one Microsoft Windows Server, and they all need to be taken care of by someone who knows what to do. However, there will be lots of other people that do the same thing. So even as there are jobs out there, there are lots of applicants and lots of competition. With this abundance of people who know how to administrate Windows servers (or think they do) comes a lower pay, as an employer can be selective in who they choose. This is the basic economic principle of supply and demand at work.

On the other side is administering UNIX servers – or even more so, OpenVMS servers. The number of people who can administrate these servers is less than those who work with Windows, which means their expertise is more expensive. For a variety of reasons, UNIX is present less in the average enterprise, and the number of UNIX servers is very likely dwarfed by the number of Windows servers. This is an advantage as the pay scale will be higher, but the disadvantage is that the jobs will be fewer.

When the market is tight, those with more specialized skills will find themselves having to move where the work is, and will have to search further afield for possible openings. It is a trade-off – and it’s your choice. Just be sure you have the facts first before you choose.

The command line is not immune from user interface design. Especially with the concept of language, one has to choose carefully the options and names and orders of the things in order to make things work just the way the user expects them to.

If the program is too different, people will be tripping over it all the time. The UNIX tar command comes to mind as one that failed here: options (or “actions”) specifically did not start with a dash. Likewise, UNIX find also failed: if you didn’t include the parameter -print at the end, you saw no output: your find command found nothing! (In reality, it just didn’t report it.) Both of these errors have been rectified in the last several decades: UNIX find has an implied -print, and tar often will make the dash optional – which makes it work both the way it always did and the way it should have.

As an example of what seems to be a colossal user interface failure – including poor writing – consider these articles from Scott Remnant which are absolutely a gem (albeit from way back in February 2009). He wrote an article titled Git Sucks – which was then followed by a second and then a third – followed by yet another titled Revision Control Systems Suck.

What Scott is railing about is how hard these systems are to learn (he targets not just git, but also GNU Arch and Bazaar). From his standpoint, he finds these systems to be complicated and hard to understand.

He also points out (rightly) that the most common actions should be the simplest, and finds that with git these common actions are rarely ever simple. He specifically mentions reviewing the changes that someone else has made compared to his own – and says that there’s not a revision control system that makes it easy.

An example of how user interface design can be incorporated into things like the command line and even programming is this quote from an interview with Yukihiro Matsumoto, the developer of the programming language Ruby about his guiding principle in developing Ruby:

[It's] called the “principle of least surprise.” I believe people want to express themselves when they program. They don’t want to fight with the language. Programming languages must feel natural to programmers.

and later in the same interview:

In addition, Ruby is designed to be human-oriented. It reduces the burden of programming. It tries to push jobs back to machines. You can accomplish more tasks with less work, in smaller yet readable code.

Another example: I was just rereading my copy of The Humane Interface written by Jef Raskin. In it, he had a section titled Noun-Verb versus Verb-Noun Constructions (section 3-3, p. 59). This mirrors a problem I have experienced with some command line software in the past: the command wants an action as the first argument, and the object of the action second. I despised it enough that it was the genesis of my writing a wrapper for the command that reversed the order: object first, action second. Imagine my surprise to find my troubles validated right there in Raskin’s book.

There are many examples of command line programs doing wrong things, and of programs doing right things. One of the right things comes from HP-UX and its software management tools such as swinstall: if the program can use an X display for a graphical display, it will: but if not, it goes to a text display instead.

There are many such examples, of programs just doing what you need and leaving you to think about other things. I wonder what would happen if a company like Apple decided to tackle the command line – although, in a way, they did already. In MacOS X, consider the open command for instance… absolutely brilliant, which is in contrast to the open command sometimes found in other UNIXes (never standard).

One very important point to remember: “It’s only hard until you learn it” is not a valid excuse. The learning curve for a program should not be any steeper than it has to be.

Renaming a host is not, in general, a pleasant experience. The general requirement is that you must find everywhere that your hostname is specified and change it.

In OpenVMS, this can be an extensive process, and even require relicensing if you have licenses that depend on your hostname. It can also require rebooting of an entire VMS cluster if you miss changing a parameter. The full details are in the VMS FAQ such as this one (dated from 2001) from faqs.org or this one from HP (undated). Hoffman Labs has a copy from September 2006; there is information on changing a node name in section 5.7.

Not that in changing the OpenVMS hostname in a cluster, you must change the SCSNODE parameter (which changes the cluster node’s nodename). If you change the SCSNODE parameter, you must change the SCSSYSTEMID as well or the entire cluster will refuse to function until it is reconfigured. The cluster tracks the pairing between these two parameters, and if the pair changes, then the cluster stops working normally.

For UNIX in general, one way to do it is to go to the /etc directory as root and run a search:

$ su -
Password:
# cd /etc
# find . -type f -print | xargs grep -i myhost

After running this, change all of the instances of myhost that is found.

This is the way to change hostnames in Solaris, including Solaris 9 and Solaris 10. Debian and derivatives (including Ubuntu and Linux Mint) and HP-UX make it simpler.

In Debian, there is a file called /etc/hostname. This will contain the current setting of the hostname. Change this to your desired new hostname, then run the shell script /etc/init.d/hostname.sh.

In HP-UX, change to root and run the program set_parms with the hostname option:

# set_parms hostname

For all of these possibilities, the best thing to do is to reboot afterwards: this will test the new setup as well as change any in-memory hostname settings.

Changing a hostname is a drastic measure, and will include much in the way of system modification and updates. Changing the actual hostname is very likely only the beginning; there may be clients that are set up to contact the host, and any services that the server provided (e.g., NTP server, FTP server, web server, NIS server, etc.) will require reconfiguration on the clients to use the new hostname.

In summary, the very best thing to do is to get the name right in the first place.

Powered by ScribeFire.

It is possible to get free online access to UNIX or to OpenVMS; these can be useful in building up your experience on a platform when starting from scratch – or when a review is required.

One of the oldest public access systems in the country is the Super Dimension Fortress (or SDF as it is usually called). SDF offers free accounts, but does ask for US$1 to gain standard access. This isn’t because access is expensive, but because too many people have used the facilities for nefarious purposes (the process suggests that the new user is not a person who will strike and leave).

SDF runs NetBSD on DEC Alphas; this was driven mainly by security and stability. Previously, Stephen Jones, the proprietor, ran SDF using Linux on Intel for several years (which he describes as “the dark years”). BSDTalk had an interview with him back in 2006.

You could also try PolarHome – this shell provider provides access to hosts running Linux (Red Hat, Debian, SUSE, Ubuntu, or Mandriva), OpenVMS (Alpha or VAX), OpenBSD, FreeBSD, NetBSD, HPUX, IRIX, QNX, Solaris, Ultrix, AIX, Tru64, and OpenStep. Unfortunately it requires payment for shell accounts – again because of abuse. The payment is 10 units of your local currency or US$2, whichever is more – and this is per host as well. No other site provides this diverse of a selection.

For truly free UNIX shell accounts, one can try Grex, which is a more professionally-run system (Polarhome and SDF are sole proprietorships). Grex offers totally free shell accounts, but also has memberships (for people to help support the site). It is possible that Grex has the most users as well. Like the others, paid membership does have its privileges – but unlike the others, membership is mainly to provide support for Grex, rather as a security feature.

For OpenVMS, there is a very unique online shell provider: Deathrow Cluster. This is a cluster of three machines running OpenVMS 7.3 – one VAX, one Alpha, and one emulated VAX (SIMH) on a dual Xeon machine. This last is a perfect example of what can be done with an emulator, especially with SIMH which can emulate all manner of old Digital and IBM hardware. However, SIMH does not emulate the Digital Alpha, unfortunately. Like Grex, Deathrow provides completely free shell accounts; like SDF and Polarhome, it is (or appears to be) mainly one person’s purpose to keep it running with a lot of volunteer help.

Any of these will be good sources to keep your shell skills sharp – and in some cases, programming as well. They’re also good people to support; why not offer them some donations if you can?

It was August 1969 that the work that would lead to UNIX began. That was the month that Woodstock took place, Mariner 7 flew by Mars, President Nixon visited Romania, Charles Manson and his followers committed numerous heinous murders, and Hurricane Camille struck the U.S.

There have been some nice articles on the history of UNIX; the folks at what was Bell Labs have a nice article, as well as an article by Dennis Ritchie, one of the originators of UNIX with Ken Thompson. The UNIX Heritage Society has a nice bunch of pages, though not very many. The Wikipedia article on UNIX is nice, too.

Perhaps the definitive history can be found in Peter Salus’s book A Quarter Century of UNIX. The BBC news article on 40 Years of UNIX talked to Dr. Salus extensively. ComputerWorld also has a nice article on the past 40 years of UNIX and in addition a nice timeline.

One of things that always struck me is how many things have their roots in UNIX and Bell Labs:

• UNIX (of course)
• C
• RATFOR (who knew?)
• Bourne Shell (and the concept that a shell could run as a user program)
• awk
• Pipes
• Text-based configuration
• Regular Expressions
• The concept that “everything is a file”
• One single hierarchical file system (instead of multiple “drives” as in OpenVMS and CP/M and Windows)

And this doesn’t cover all of the things that descended from UNIX or were designed with UNIX such as Perl,

Powered by ScribeFire.

This computer introduced by Marvell is very tiny, and very interesting.  Despite the fact that Marvell’s wireless chipset has been closed to open source developers, it appears that the Sheeva Plug computer is being released as an open product: running Linux on an ARM processor, it is now available for $99 as a pre-release developer’s edition. There is already a place for developers to congregate and for documentation and so forth.

LinuxDevices had a delightful article on the technical aspects of the SheevaPlug, and it is very enlightening.

What would I use such a computer for?  I would quite possibly make it into a NAS solution with OpenFiler or FreeNAS; make it serve IP addresses via DHCP; make it into a web cache like squid; or make it serve music with subsonic.

This is one beautiful box.  One drawback I see is that with the way it is configured, there is no way to get it off the wall and out of the way.  Too many boxes plug right into the wall, which means there is no place for another box to plug in.

Another deficiency, which is silently ignored in a lot of applications shown: there is only one network connection. For the system to be a router of any type, it needs to have multiple network connections. If a SheevaPlug is to be a wireless router – or a cellular router – or other similar configurations, it needs to have more than one network connection. With the USB connection available, this is possible – but only if the USB isn’t taken with something else.

One nuisance to note, like others of its ilk: it requires added peripherals, so the “tiny” box could expand to include an external hard drive, and external USB hub with its own AC plug, a bluetooth USB plug, a USB cellular modem, a USB network port, and two network cables. This is the curse of tiny electronics today: one day, all of these extras will be included in a box the same size, and the cabling will be history.

One disadvantage that no one seems to have mentioned yet: the box is not grounded.  That’s right: only two prongs – no grounding plug.  This is totally baffling to me: no ground?

Still, these are really minor disadvantages: I want one – or even two!

It would be interesting to consider the use of these in the enterprise (although they are specifically designed for the home). The biggest places I could see these used in the enterprise would be for testing purposes, and for disaster recovery. If you had one of these ready as a DHCP server and DNS server, one as a NIS server – perhaps a medium-sized enterprise could run off of these until the real servers are built and ready to go.

They could also be used to support people in the field: preconfigured, ready to run: demonstration systems, VPN end points, presentation systems, security test launching points… What else can you think of?

Powered by ScribeFire.

This is big news, apparently broken by the Wall Street Journal on Wednesday (18 March). Vivian Yeo had an short article on it in ZDNet, and Stephen Shankland of CNET had an extensive piece on it – suggesting that the sale would have some severe stumbling blocks, including a clash of cultures between Sun and IBM.

The New York Times discussed the possibility at length on 19 March. The piece in the NYT posits that such a merger would invite antitrust scrutiny from the U.S. government – which I believe it would.

According to the NYT, Sun went looking for a buyer and was turned down by Hewlett-Packard among others.

The possibility of a sale of Sun Microsystems is by no means new; in 1996 there was raised (by the Wall Street Journal on 23 January) the possibility of an Apple-Sun merger, which was finally put to rest by a succinct press release from Apple (then under Gil Amelio): Apple is “not currently in merger discussions with any party.” (This was also covered in the February 1996 edition of SunWorld).

In 2006, there was some discussion in the 4 June 2006 San Francisco Chronicle about the possibility that Sun was preparing itself for sale, having just jettisoned its poison pill and laying off 5,000 workers.

In August of that year, the possibility of a Sun-Apple merger was brought up again with the ascent of Eric Schmidt, Google’s CEO, to the board of Apple. John Dvorak suggested on 30 August that Schmidt could be an intermediary to a Sun-Apple deal.

That same day, Dan Farber, senior editor at ZDNet, replied, essentially stating that such a possibility was unthinkable.

So, we will have to wait and see what happens.

There are a number of things within Nagios that I did not know it could do until I had used it for some time.  I thought I would pass these facts on to you.  Once you know them, it seems simple – but only afterwards.

For example, consider the Host and Service Status Totals at the top of the screen.

All text (except the title) is clickable.  If you click on “All Problems” it will show the appropriate problem entries (assuming they can be seen in the current view!).

Another example is the Service Overview: if you click on the extended title for a service group, you’ll see all details for that service group.  However, if you click on the short title for a service group, you’ll be able to take actions on the entire service group as a whole (very nice!).  You can schedule downtime, enable or disable notifications, and enable or disable active checks.

This capability extends to the Host Groups as well: you can (at the appropriate screen) enable downtime for a hostgroup, enable or disable notifications for a hostgroup or for all services in a hostgroup, and enable or disable active checks for all services in a hostgroup.

Don’t forget to look at the inocculous-looking info box at the top left of the main Nagios data window; this window often provides ways to look at details of the current view.  For example, when looking at the Service Details for a particular host group, you can switch to a number of other views relating to the current host group, or for all host groups.

There is also the ability to sort the Status Details report.  This allows you to answer questions like these:

• What is the most recent check completed?  (order by “Last Check”)
• What is the longest status duration? (order by “Duration”)

Any column can be sorted except “Status Information” – click on the arrows at the title.  Normally this report is sorted alphabetically by Host then by Service.

However, suppose you want only one particular service group?  Click on the Service name, then under “Member of” in the next screen click on the group name.  Thus you see the Service Overview for that service group.  From there you can see the Service Details (by clicking the full title) or Actions (by clicking on the short title).

With all of these ways to view problems, you can answer your questions quicker and view the results faster.

Powered by ScribeFire.

I’ve been renewing my interest in virtual desktops – the ability to have multiple “desktops”, switching as you desire from one to the other. For Windows there is a very good implementation (freeware – not open source) called Dexpot. For the Macintosh, there is the program VirtueDesktops. For Linux, there’s the hugely popular Compiz – though I’m no fan of it (it’s purpose is to be pretty and to consume processing time – in my opinion). Default installations of GNOME and KDE both support generic virtual desktops – but Compiz makes them pretty.

With multiple desktops, the theory goes, you can use one desktop for a particular purpose, and another for some different purpose – for example, email on one and the Web on the other. It’s like having multiple monitors without being able to see them.

Note that this capability has existed in UNIX workstations since the 1980s – despite all the excitement over Apple MacOS X Leopard and it’s Spaces capability.

Note, too, that Dexpot handles a workspace with multiple monitors fairly well (no experience on whether Compiz or VirtueDesktops work well – my guess is they probably do).

So with multiple desktops, you can hide your email when you are busy coding (or administering, installing, or debugging…). This can save you from “hovering” over your mailbox instead of getting things done.

Virtual desktops can also provide the capability to separate two different environments – for example, working on a production system and working on a test environment. As administrators, you dare not mix up the test environment with the production environment when you go to shut the system down. Sure, you can color the terminal window – but what if you give your desktop an entirely different backdrop? And you wouldn’t even see the production environment unless you switched to it.

I’m going to try again – I’ve used VirtueDesktop in the past, but it had some annoying bugs – and we’ll see if it can improve productivity. I’ve also put Dexpot on my Windows desktop; we’ll see.