English - 2

On January 13th, 2015 (yeah, it's really that late in this year that we are talking about schedules in the next year ... time flies like an arrow, fruit flies like a banana) there will be an Solaris Tech Day in Cologne. A number of colleagues from Solaris Engineering and Solaris Product Management are in Germany and thus the opportunity should be used. Just reserve January 13th at the moment, more information will follow. There is a blog entry with a a few additional information in german language in the Solarium Blog.

Roch Bourbonnais started a series of blog articles about changes to ZFS in oder to improve performance with his article "ZFS Performance boosts since 2010". He published a first article out of this series already, it is about reARC , a major rearchitecture of the subystem that manages ZFS in-memory cache along with its interface to the DMU.

A few days ago, Darren Moffat wrote an interesting article about the inclusion of CVE numbers in the IPS packages. You can read the article here. I just want to give a short example by citing Darren. For more information, just go to his blog post.

If we simply want to know if the fix for a given CVE-ID is installed the using 'pkg search -l' with the CVE-ID is sufficent eg:

# pkg search -l CVE-2014-7187
INDEX ACTION VALUE PACKAGE
info.cve set CVE-2014-7187 pkg:/support/critical-patch-update/solaris-11-cpu@2014.10-1

Leider musste ja das Event am 6. November abgesagt werden, weil ich krank wurde. Jetzt daher der Nachholtermin: Am Donnerstag, den 18. Dezember 2014 findet in der Oracle Geschäftsstelle in Hamburg wieder unser Business Breakfast statt. Diesmal steht die Veranstaltung unter dem Motto: "Erste Praxiserfahrungen mit Solaris 11.2". Die Veranstaltung beginnt um 9:30 Uhr und endet gegen 13:30 Uhr.

Ich werde in diesem Vortrag über folgende Bereiche berichten:

• Kernel Zones - erste Praxiserfahrungen
• Einführung in Puppet
• Optimierungen für den Oracle Stack
• Unified Archive

Anmeldungen laufen diesmal etwas anders. Bitte eine eMail an diese Mailaddresse schicken. Das ist ein Weiterleiter an den organisierenden Kollegen, damit dessen Emailaddresse nicht für Spammer spiderbar hier im Artikel steht.

The event tomorrow is canceled because of the illness of the presentator (me, i got a bad cold in my vacation). I will keep you updated about a new schedule.

I'm doing a business breakfast at beginning of November. As this is an event in german language, i will proceed in german language in this announcement.

Am Donnerstag, den 6. November 2014 findet in der Oracle Geschäftsstelle in Hamburg wieder unser Business Breakfast statt. Diesmal steht die Veranstaltung unter dem Motto: "Erste Praxiserfahrungen mit Solaris 11.2".

Ich werde in diesem Vortrag über folgende Bereiche berichten:

• Kernel Zones - erste Praxiserfahrungen
• Einführung in Puppet
• Optimierungen für den Oracle Stack
• Unified Archive

Anmeldungen laufen diesmal etwas anders. Bitte eine eMail an diese Mailaddresse schicken. Das ist ein Weiterleiter an den organisierenden Kollegen, damit dessen Emailaddresse nicht für Spammer spiderbar hier im Artikel steht.

Next week an interesting event takes place in Vienna on October 16th, 2014: "Solaris Lounge: Why Oracle DB 12c runs best on Oracle Systems". I will have two presentations there. The first one is "Why the Oracle Database runs best on SPARC and Solaris" and "LiveDemo: Solaris 11.2 features: Kernel Zones, Unified Archives, SDN, puppet"

Just to cite from the invitation:

This event follows up on the success of the TechDay Vienna event series, this time with emphasis on Oracle Platform advantages for the Oracle Database. We will focus on the practical implementations of the integration between the Database and the Systems layers, discussing the technical background, providing detailed examples as well as live demonstration of the mentioned technologies.

Learn through what methods the right systems and engineering methods can supercharge your environment, find out what unique Oracle Database 12c technologies are available while running Oracle on Oracle, consider virtualization management tools for your IaaS platform and hear customer case studies!

You can view the agenda and the link to register here.

I got quite a number of questions regarding ShellShock (also known as CVE 2014/7169 and CVE-2014-6271) from readers in the last days and what they could do about it. To answer this i would like to point to the official blog entry "Security Alert CVE-2014-7169 Released", which in turn points to the advisory. To highlight the urgency of this alert i would just cite a single sentence of the advisory:

Due to the severity, public disclosure, and reports of active exploitation of CVE-2014-7169, Oracle strongly recommends that customers apply the fixes provided by this Security Alert as soon as they are released by Oracle.

For any further question please contact Oracle Support.

A really interesting article about SPARC M7: Oracle Cranks Up The Cores To 32 With Sparc M7 Chip

Solaris 11.2 has just been released . No beta, the real thing! You can download it here

Let's assume you want to limit ssh login for user junior to a certain timespan, let's say weekdays between 13:10 and 17:00. With Solaris 11.2 it's really easy to limit access to certain services based on times.

Just as i saw it in a blog on blogs.oracle.com (not link here) and my comment isn't published there: I wouldn't use rdate for syncing time between servers. rdate is largely considered as totally obsolete (installing pkg:/network/legacy-remote-utilities should tell you something just by the red part of the name of the package) and using ntp is really easy and has a much better mechanism to get time synced . I wrote a tutorial about that quite a while ago: "Configuring an NTP client in Solaris 11"

Before i forget someone: A very big "THANK YOU!" for all the nice wishes and congratulation for my birthday yesterday!

As much as there is often a lot discussion about configuration items inside the SMF repository (like the hostname), it brings an important advantage: It introduces the concept of dependencies to configuration changes. What services have be restarted when i change a configuration item. Do you remember all the services that are dependent on the hostname and need a restart after changing it? SMF solves this by putting the information about dependencies into it configuration. You define it with the manifests.

However, as much configuration you may put into SMF, most applications still insists to get it's configuration inside the traditional configuration files, like the resolv.conf for the resolver or the puppet.conf for Puppet. So you need a way to take the information in the SMF repository and generate a traditional config file with it. In the past the way to do so, was some scripting inside the start method that generated the config file before the service started.

Solaris 11.2 offers a new feature in this area. It introduces a generic method to enable you to create config files from SMF properties. It's called SMF stencils.