There is still life in these texts
Less known Solaris Features integrated to the website
Lessons from the past
Less known Solaris Features eBook back online
Nudging machines
Optimising a Jekyll blog with an LLM, and the parallels to a team exercise from the 1990s
Solaris 11.4 SRU 90: devnm -s
Which disk do you live on?
30 years ... still learning
Using RewriteCond with -f
Back Burner
Implementing clean RSS, an archive page and fulltext search for c0t0d0s0.org
Solaris 11.4 SRU 90: ls -sh
Closer to GNU
Search
Fulltext search for the blog
Archive
Archive page added to the blog
New RSS feed templates
Cleaning up the mess in the RSS feed templates
Solaris 11.4 SRU 90: Checking your nameservice configuration
Helping you to find name service config errors quickly
The internet is made for p...bots
Eine Woche c0t0d0s0.org
Solaris 11.4 SRU 90: Scan with pending free
Resilvering while freeing space
Spring Cleaning 2026
Spring Cleaning
New Solaris 11.4 CBE released
New Common Build Environment(CBE) based on SRU 90
Brazilian waxing for yaks
My insights to an attempt at vibe coding
Solaris 11.4 SRU 90: Losing your retention
How to create a copy of a ZFS filesystem with a different retention configuration
Solaris 11.4 SRU90: Limiting signaling to all
Protecting you from sending signals to all processes
Solaris 11.4 SRU90: Preserve Boot Environments
Protecting boot environments from accidental deletion
fsstat -l
Measuring filesystem latencies
Reboots
Different kinds of reboots
tar -x over nfs
tar -x pathology revisited
Separate feeds with Jekyll
A simple way to create separate feeds in Jekyll
Restructuring the blog
Splitting the feeds
Solaris 11.4 SRU 87: Directly creating users with NP set
Why newly created Solaris accounts cannot be accessed via SSH public key authentication and how SRU 87 improves the situation
Schwellenwertfeld
Gedanken zum Monitoring der NormalitΓ€t
TouchID teilen β so irgendwie β
TouchID an mehreren Rechnern
Only one time
Configuring one time passwords for SSH with Solaris 11.4
Uuuuuuultrawide
Erste Erfahrungen mit 57 Zoll
Solaris 11.4 SRU 81: Virtual PID for init and zsched
New PIDs for init and zsched in the NGZ
Solaris 11.4 SRU 81: Transceiver information
Thank you! THANK YOU! Really thank you!
pstop and prun
Stopping and starting a process or thread
svccfg editprop
Remembering svc properties β made easy
Getting the command line and environment of running processes
Rescuing the environment.
useradd defaults
Changing useradd defaults
Using BART
Basic audit reporting tool
Setting up NTP in Solaris 11
A question of time
Optimierende Prokrastination
Prokrastination mal anders β
Time-based limits to SSH
Lockout after midnight
ZFS file retention: No way back β and other topics
Things you should know about ZFS file retention
ZFS file retention: No way back β and other topics
Things you should know about ZFS file retention
Prevent the destruction of a ZFS filesystem dataset
Limit your appetite for destruction
ZFS file retention
Configuring file retention in ZFS
File auditing
Activate auditing for select files
Hashed
Directly setting a hashed password
System Attributes in your filesystem
More fun with attributes
Protecting files from accidental deletion
Additional protection against rm -rf *
pfedit for sensitive files
Keeping diffs out of the audit log
Auditing pfedit
Recording the change
Basics of pfedit
Delegate the edit
Filesystem latencies
From the perspective of the filesystem
ptime
What have you done β in the past?
Session annotations
Give me a reason
Signed binaries
Sign the name across the binary β
Disk latencies with iostat
Look, no DTrace script β
Scheduled scrubs
Automatic scrubs in ZFS
pam_fm_notify
Notification about faults at login.
Named routes
Where the streets have no^H^Ha name.
Post-mortem pfiles
Finding open files in a core dump
reflink
Faster copies through technology
useradm
New tool to manage users in Solaris 11.4
Solaris 11.4 SRU 72: Core OS user integrity check
Checking for changes of core OS users.
ZFS read and write bandwidth limits
Smothering noisy neighbours.
fileops DTrace provider
DTracing file operations.
Creating your own goal service in Solaris 11.4
More goals.
Using the goal service in Solaris 11.4
Tell me about your goals.
Sandbox without networking
Network is a privilege.
Solaris 11.4 SRU 75: Creating a clone in .clone
Send in the clones with mkdir
Solaris 11.4 SRU 75: Recursive mount/umount
(Un-)mounting (almost) everything - with a little bit more control
Solaris 11.4 SRU 75: Recursive mount/umount
(Un-)mounting (almost) everything - with a little bit more control
My content deployment process with Gitea
How I automated my multi-stage publication workflow with Gitea and Jekyll.
Solaris 11.4 SRU 78: Wildcards for iostat
Filtering down the output of iostat
Double negative
Who keeps my disk up? Who? Who? Who?
Solaris 11.4 SRU 75: NFSv3 support in helper tools
A few NFS tools in Solaris 11 still used NFSv1. This has been changed.
Spring cleaning 2025
Spring is coming and my blog needed a cleanup
Solaris 11 SRU 75: New options for pgrep/pkill
Two small additions to the pgrep/pkill commands to limit the scope of both commands.
Almost RAIDless
My personal approach of protecting the data on my home NAS with replicas instead of RAID.
Backup
About the first thoughts and first steps to back up my new fileserver.
Backup
About the first thoughts and first steps to back up my new fileserver.
Jekyll and Gitea
How I automated the publication workflow of my Jekyll-based blog with Gitea.
New fileserver
A warm welcome to tachikoma. Using a UGREEN NASync 2800 with TrueNAS Scale and tips to get started with it.
Renewing certificates - a horrible hack
Automatic renewal of Letβs Encrypt certificates without a public webserver
Solaris 11: Network Condition Simulator
How to simulate bad network conditions β up to TCP/IP over avian carriers
Solaris 10/11: Account locking and passwordless SSH
How to prevent locking for accounts used for passwordless authentication
A WLAN tunnelled
From time to time it's quite useful to appear to be an internet user for example from the US instead of Germany. Or in the UK. Of course there are services for...
Migrating from Ubiquiti USG to UCG
I gave myself a Christmas present this year. I'm using a Ubiquiti Unifi Security Gateway (short USG ) for quite some time now and I thought it would be a good...
Solaris 11.4 SRU 60: Sample separation in iostat
As I had quite a fight with a larger IKEA PAX closet for my bedroom, I hadn't quite the time to complete the ZFS retention article so far. Thus today a smaller...
Solaris 11.4 SRU 66: Precision of logfile timestamps
Another rather small change that was introduced to Solaris 11 in SRU 66. Up to SRU 65 the precision of the timestamps in the logfile was seconds. ``` Jul 5...
Solaris 11.4 SRU 57: Why did you reboot the system?
Yet another small addition to Solaris 11.4. This one was released with SRU 57. `reboot`, `shutdown` and `poweroff` got a new option. With `-c` you can now...
Solaris 11.4 SRU 60: admhist shows SMF audit records
Yet another small feature. I'm working on a blog entry about ZFS retention in the evenings, but it will take some time to complete it. So a blog entry about...
Solaris 11.4 SRU 63: Disabling reboots (temporarily)
I'm not allowed to watch games of the national team of Germany. Currently Germany is playing against Spain. Friends and family have forbidden me to watch the...
Solaris 11.4 SRU 69: Including file fragments in SSH configuration
While the last blog entries were about cycling, I would like to start with Solaris-centric blog entries as well. My plan is to write without a planned schedule...
Umbau
At first a note to my readers in English language: In the future, only blog entries about Solaris and IT in general will be in English language. Everything...
Solaris 11.4 support available until at least 2037
There is an important note in footnote 7 on page 40 of the ["Oracle and Sun System Software and Operating Systems - Oracle Lifetime Support...
Beware of assumed simplicity
I'm currently sitting at my desk looking at a heap of cables. Display cables. You don't think too much about display cables. At least I did not think too much...
Probably just an overengineered small keyboard
*(This is a test blog entry (based on a text I started a while ago) for the new Jekyll workflow)* Sometimes you see a device which results in a "Must-have"...
From cycling to computer systems performance β Part 1
This is my first longer blog entry after getting back to a more frequent blogging schedule. It will be a two part blog entry. It may start with cycling,...
Thoughts about PoE security cameras (and outdoor Ethernet cables in general)
I'm currently trying to buy a security camera, because I have the suspicion that people are using my property as a shortcut. I had just one thought: There are...
Changing Unifi inform URL via SSH
My house has four Ubiquiti Unifi AP-AC-LR access points. For whatever reason, the construction of the house seems to attenuate WiFi signals significantly from...
Cable management
Today I was quite occupied by a search mission: As absence of proof is not proof of absence, I was searching for things and I had no proof to myself that those...
Suspiciously new
I wrote this morning that my house has currently no VDSL internet, just cable internet. I'm just back from the street in front of my home. Roughly 50 m away...
Redundant
The street in front of my house gets a new cycleway on the inbound side of the street. While this is a really great idea because the old one was in an abysmal...
Docking
I wanted to get rid of a significant set of cables when I set up my new desk, there were a gazillion cables flying around on my desk and I wanted to bring that...
Workarounds - revisited
The example with the heating system is a better example than I thought. I learned some additional things over the course of the day. There are workarounds that...
Workarounds
Sometimes you may think that IT is the only business where workarounds are used. Today I was reminded that other businesses do the same and some even make...
Γ skvΓ€der
A few days ago, I needed some distraction and thus I drove one of my sisters to IKEA. I needed a desk lamp[^1] anyway and thus this looked like a good idea. At...
Xodus
A while ago I left X as a user (the website formerly known as Twitter). I assume out of the same set of reasons why most people I know left Twitter. I really...
The joy of solving performance problems - Part 1
It took me some more time to have this first part ready, because I revised it quite a lot and in the recent evenings I didn't want to spend the necessary time...
The joy of finding performance problems - A foreword
# A journey Many interesting journeys start with a first step. There are lessons in them and no matter how much you have seen in the past, you always learn new...
Visualize
"The Matrix" ruined it a little bit for all of us. Outsiders have sometimes the impression that admins can find errors on their servers just by staring at the...
Zebras, anchors, bottlenecks and link aggregation
Diagnosing problems with computers has a lot to do with diagnosing illnesses (that's the reason why I'm working on an article about patching and vaccination...
Rest in peace, Joerg Schilling
Just saw the notification that Joerg Schilling, the creator of the cdrtools and Schillix (and many other tools), passed away this Sunday. He was one of the...
Changing passwords as a role
Of course the privilege to change other people's passwords can be encapsulated into a role, so you have an additional authentication by using the role password...
Additional information for your zone configuration
Sometimes it's useful to enrich your zone configuration with some additional data, so someone can look into the zone config and know for example who is...
Changing passwords - re-revisited
There was an interesting question on Twitter after I published my blog entry about assigning the authorization to change passwords to regular users: "Can you...
Changing passwords - revisited
You are a quite busy admin. The systems are well kept. Everything is working fine. However many people work on your system and inevitably some people forget...
Changing passwords
This is a blog entry from the category "Just because you can do it this way, you should not necessarily do it this way" albeit the biggest problem with using...
Tiered storage with ZFS
This is another blog entry in regard to ZFS and about what you have to keep in mind about it when working with ZFS . It's nothing really astonishing, you just...
vmstat without history
Historic values are sometimes quite useful to have an overview of what's happened in the past on your system, but quite often it's only something you have to...
Authorizations for Zone Console access - Part 3
Okay, there is one remaining obvious question. What if you have an admin that is responsible for all the systems and you want to give her access to all the...
Authorizations for Zone Console access - Part 2
As I wrote yesterday, there is an alternate way to configure zone console access. Let's assume we want to give the user junior the authorization to access the...
Authorizations for Zone Console access - Part 1
When you wanted to access the zone console on a Solaris system as a normal user in the past, you needed an authorization. You may remember from a very old...
Increasing ZFS pool sizes
I had this discussion with a number of customers in the past, because it's one of the not so obvious consequences of the inner workings of ZFS , of how ZFS...
ptree with service names
A nice tool to get some understanding of the dependencies of processes is the ptree tool. With the -c option it shows the contract id (the contract filesystem...
newtask easier to use in scripts
newtask is an important tool when you start applications in a different project context, for example for resource control purposes. Maybe you remember my...
Enterprise Health Check
*(This blog entry was in the publication queue for a while, so Chris Beal overtook me with his great blog entry )* For a very long time there are some security...
More precise timestamps for DTrace
Sometimes the timestamps delivered by %Y are not precise enough for debugging purposes. ``` # dtrace \ -n 'syscall::read:entry {printf("%Y", walltimestamp);}'...
How you have grown ... sxadm
I remember I first talked at a Solaris day in the Vienna Urania about sxadm for security extension administration. At that time we had one security extension...
Improved debugging in LDAP tools and nscd
Some of these improvements are not really new. They were in Solaris for years, however they were not really documented and while many people knew about them...
Lock it up
This is a quite useful tool. Let's assume you are working with colleagues on a system on their desktop. They are working on their shells as unprivileged users,...
Just the processing please
One of the many enhancements to well-known tools like truss was the introduction of the option -G to said command. When you truss a command with -E it shows...
truss - just the interesting part ...
Most of the time when trussing a process you are not interested in all the system calls that are working perfectly and which are scrolling by at high speed....
Servicename in ps
Yesterday I wrote in "prstat -x" about the addition of a feature to show the FMRI of the service which the process is part of. ps got a similar enhancement....
prstat -x
When looking at processes on your system, sometimes you ask yourself "Who the heck started this process?" Often it's a process started by SMF as part of a...
Oracle Solaris 11.4 SRU 31
SRU 31 of Oracle Solaris 11.4 has been published today. You will find more information about the changes here .
fsstat
The command fsstat (somehow a command relatively unknown when talking with customers) got a slight enhancement in a Solaris 11.4 SRU . Before this enhancement...
Clean up after yourself
This is a rather small change in one of the Solaris 11.4 SRUs. SMF had so far three methods. You could have a start method, which is as the name says meant to...
Even more new options for svcbundle
Another addition to svcbundle was the ability to set * user * group * privileges to directly create manifests for SMF that didn't need manual editing to adhere...
Homedirectories
Even such venerable tools like useradd could use some extra features. In a recent SRU an option was added to set a default for how the home directory is...
iostat and microseconds
Solaris 11.4 got a small extension to the iostat command. In a time when storage gets faster and faster, you may end up in a situation where the wsvc_t and...
gcore with less impact
This isn't an everyday tool, however for diagnosing problems gcore is one of the important tools in your toolbox. With gcore you can create a core image of...
ps
Today I won't write a blog entry explaining a feature. I would just like to guide your attention to an article at "Teaching an old ps command new tricks"...
Jitter and delay for svcbundle generated SMF manifests
Another extension to the svcbundle tool is the introduction of -s delay= and -s jitter= for periodic SMF services. If you have something to start in a periodic...
svcbundle extended
svcbundle is a really useful tool to create SMF manifests without having to hassle too much with XML. Most often you don't have to work with XML at all, but...
Which SRU to get those new features?
Short answer: The newest one you can get on the day you are reading this. The long answer: All the features I'm writing about in the last few days didn't...
New -s option for zpool status
With SRU 30 of Solaris 11.4, the zpool command got a new option for the status command. You can now get some additional information about the devices. This...
ZFS allocation units
This feature introduced in Solaris 11 SRU 30 is really an interesting one. It's nothing you should really need often because usually ZFS will do the right...
You have been warned: Upgrading rpool
In the past customers painted themselves into a corner when they did a rather large jump with their OS versions, upgraded their app as well, upgraded the zpool...
Solaris scales
This is a nifty small feature. Tools like ps , df , du , ls , ps , size , prstat and swap now have the option --scale . This makes the output of those tools...
Limits revisited
There were more limits changed in regard to open files as well. The change took place in SRU27. * rlim_fd_cur has been increased from 256 pre-SRU27 to 4095...
Small changes: New open files default.
In a relatively recent Solaris 11.4 SRU a limit was increased in its default setting. In 11.4 (no SRU ) the limit of open files for a user was 256. ```...
Solaris 11.4 and user_reserve_hint_pct
A long time ago, I wrote about the /etc/system parameter user_reserve_hint_pct . It limits the size of the ZFS ARC cache by proxy by essentially limiting the...
Homebridge and Tasmota at my cellar
And Darmok and Jalad at Tanagra. As I integrated them into HomeKit via Homebridge, I had the problem with the Delock sockets with their custom firmware that I...
vHBA and AIO
In Oracle Solaris 11.4 SRU30 there was an important change with LDOMS you should be aware of as you probably have to do an administrative step to get best...
Piped sandboxes
I got one question via Twitter: "What if there were a convenient way to run typical Unix commands in a sandbox? E.g. grep, awk, sed, etc. Could they work as...
Monitoring the sky - dump1090 to InfluxDB
You may know that I'm very interested in aviation, despite the fact that I had a quite severe case of "being totally afraid of flying" in the past . Or perhaps...
Nested netgroups for fun and profit
Imagine you have several hundred systems to manage. The systems are for separate projects and each project has different teams of admins and only assigned...
Setting up LDAP for Solaris 11
Some time ago I was asked to provide a walkthrough for the configuration of LDAP in Solaris 11. It's a walkthrough on how to set up LDAP name services for...
Telegrafing data to MQTT
On Friday I wrote an article describing how I configured Telegraf to gather monitoring data from my Technische Alternative CMI . In this article I wrote that...
Out of ID
Recently a customer observed on one of their systems that the first n databases started quite nicely on a system. However when they tried to start database n+1...
Virtualbox via IPS .p5p
Darren Moffat just pointed to this in his Twitter feed about a package for Solaris that would make installation of this great tool really comfortable....
Using the Technische Alternative CMI with Telegraf
My heating system is controlled by a UVR1611 from Technische Alternative as I have to control a wood pellets heater and solar thermal collectors on the roof in...
IPMP and additional IP addresses
Recently I had a customer with a problem: The customer configured an IPMP group with a number of additional IPs. They had a number of application servers...
Common Criteria certification for Oracle Solaris 11.4
Darren Moffat just wrote in the Solaris blog on blog.oracle.com about important news for Oracle Solaris 11.4: Solaris just got its Common Criteria...
Integrating Youless energy monitoring devices into Telegraf
I'm playing a lot with Telegraf recently in order to get a handle on monitoring an Exadata or the Oracle DB with it. As I don't have an Exadata at home, my...
Channel 26
The house I'm living in is quite strange in regard to WLAN reception. It's a house for four families that I own. It has four floors (including cellar and roof)...
Migration completed
This weekend I converted my old blog c0t0d0s0.org and blog.moellenkamp.org into a Jekyll-based version. The nice thing about Jekyll is that you create a fully...
A new foundation
I've decided to bring something back. 10 years ago I stopped blogging at a frequent schedule for various reasons. But still the content of that period is...
Some insight into the read cache of ZFS - or: The ARC
ZFS ARC Internals
Ein erster Test
So ... das ist dann nun die erste Nachricht in meinem Weblog ... sollen die Dinge kommen, die da sollen ... 