Date: Wed, 22 Mar 00 21:34:44 EST From: Dwight McKay (The Moderator) Reply-To: Suns-at-Home@net-kitchen.com Subject: Suns-at-Home Digest V13 #9 To: Suns-at-Home-List Suns-at-Home Digest Wed, 22 Mar 00 Volume 13 : Issue 9 Today's Topics: Need help choosing 24bit frame buffer. Rescue options for Sun 4/690MP Solaris firewall/pirated sunos4, sendmail, and unix (3 msgs) Suns-at-Home Digest V13 #7 Suns-at-Home Digest V13 #8 (3 msgs) +--------------------------------------------------------------------------+ | Submissions: suns-at-home@net-kitchen.com | | Requests: suns-at-home-request@net-kitchen.com | | WWW Archive access: http://www.net-kitchen.com/~sah | +--------------------------------------------------------------------------+ ---------------------------------------------------------------------- Date: Wed, 15 Mar 2000 15:51:09 +0100 From: "Lyndon Fletcher (UAB)" Subject: Need help choosing 24bit frame buffer. To: "'Suns-at-Home@net-kitchen.com'" Hi, I have a Sun 5 and was considering upgrading the CG6 to a 24 bit frame buffer. I have read the FB FAQ but am still a little confused. I wondered if anyone here would comment? My understanding of all of the available 24 bit FB cards is this. 1) S24 -- designed for the SS5 but fairly rare and not widely supported outside of Solaris (netBSD will probably be my OS of choice.) 2) ZX --- built for the SS10 but can be used in a SS5 (?) More commonly supported. 3) Creator SBUS. It is unclear if this card uses just an SBUS or an SBUS and some other kind of slot. I could use clarification if this works on SS5. 4) Parallax cards -- will work but support is poor as Parallax is no more... I would like some comments as to which of these cards will work with an SS5 and which OS's support these cards. Lyndon - ------------------------------ Date: Sat, 18 Mar 2000 09:01:25 +1100 (EST) From: Craig Dewick Subject: Rescue options for Sun 4/690MP To: Dwight McKay In a recent message, I typed this paragraph: > Since all that's needed is the power supply connector, you can connect > an external SCSI drive, load Solaris and off you go. The caveat is that > since Solaris 2.6, the 4/6x0's have not been supported, but you can hack > the kernel to defeat the 4/6x0 detection loop (I've got a web page about > this at "http://lios.apana.org.au/cdewick/data/sunos_6x0.html". There is > also no VME support in 2.6 and up, but you don't need it if you're > running a single-board system. Unfortunately, I mis-typed the URL for my kernal patching page! The correct URL is: http://lios.apana.org.au/~cdewick/data/sunos_6x0.html Note the addition of the '~' character before my login name... 8-) If you want to see what other information I've collected in the archive, use this URL instead: http://lios.apana.org.au/~cdewick/data and you should get back an index page. Regards, Craig. -- Craig Dewick. Send email to "cdewick@lios.apana.org.au" Point a web browser at 'http://lios.apana.org.au/~cdewick/sun_shack.html' to access my archive of Sun information and links to other places. For info about Sun Ripened Kernels, go to "http://www.sunrk.com.au" - ------------------------------ Date: Tue, 14 Mar 2000 15:52:50 -0600 From: "Salmon,William E.,Wes" Subject: Solaris firewall/pirated To: "'Suns-at-Home@net-kitchen.com'" , First, try this link for an excellent tutorial on firewalling by a published authority. It's based on linux, but all the packages can be had for Solaris or compiled yourself. http://linux-firewall-tools.com/linux/firewall/index.html Second, The recommendation to get a pirated copy of Firewall 1 should be left for the "alt" newsgroups, and definately not for an "at home" list such as this. I'm not saying I am without guilt by any means, just that I would never suggest or recommend piracy for personal (or business, for that matter)use. Especially FW-1, which is next to impossible to crack, and has been reported to report its presence on the internet to prevent piracy. Let's try to keep this list clean in the future, and if you do have a crack for FW-1, I'll look for you in the newsgroups. ;) Wes [Another useful source for information that has yet to be mentioned is the] [SANS Institute book, "Solaris Security, Step by Step". See www.sans.org ] [for details. --ddm ] - ------------------------------ Date: Tue, 14 Mar 2000 16:33:07 -0500 From: adh@an.bradford.ma.us (Sandwich Maker) Subject: sunos4, sendmail, and unix To: Suns-at-Home@net-kitchen.com "From: Peter Koch " ">q: since both sonos4 and netbsd are bsd children, why can't uvm be ">dropped into sunos4? or the improving fs? " "I think this is a classical example of lost knowledge... " "1) SunOS 4 does have UVM, period! In fact, Sun invented it!!! i have a copy of the uvm doctoral thesis by charles cranor of washington university. could he get a phd for reinventing the wheel? "2) SunOS 4 does use the Berkeley Fast Filesystem, period! " The UFS in 4.1.1 is still based on 4.3BSD, but with " 4.1.3 they started to use the newer 4.3reno FFS. This " is exactly what Sun uses in todays Solaris!!! aha! didn't know this... "3) SunOS 4 does come with mature device drivers for all " Sun hardware, period. There are a few drivers in NetBSD " that work fine, but several others (especially VME) are " pre alpha or do not exist at all. " "4) Sun invented/implemented a lot of new technologies in " SunOS that are today considered "state of the art". " In fact, Sun was the tech leader and other vendors and " the free Unix-like-OS developers reimplemented this " in their OSes later (some much later). both granted; sunos4 had its nits but 4.1.4 was pretty good. "SunOS is out of Development for 10 years, out of Support "for 5 years now. And the gap is widening. But SunOS 4 was "years ahead of other OSes and so it can be (and for me it "is!) still very useful. it's not -entirely- out of support; sun -did- release y2k patches... "NetBSD is fine for the mainstream workstatiosn like the "3/60 or 3/80. All devices are (more or less) supported "and the drivers become more and more stable. IMHO you "can now (with 1.4) live with the little problems that "remain. The VME machines are a totally different story. "Since i have a lot of these, i'll continue to run SunOS. all in all i agree. [net,open]bsd are really coming along but they are still struggling to come up to the level sunos4 was at 5+ years ago. __________________________________________________________________________ Andrew Hay I used to be pessimistic but it never works out internet rambler I believe that it's unlucky to be superstitious adh@an.bradford.ma.us DRIVE NOW -- TALK LATER - ------------------------------ Date: Tue, 14 Mar 00 22:08:59 PST From: perryh@pluto.rain.com (Perry Hutchison) Subject: sunos4, sendmail, and unix To: pkoch@k-town.de > I've even thrown together a Y2K-Patch for SunOS 4.1.1 > so i can run these oldtimer in this century. I am writing this on a 3/60 with straight 4.1.1, and also have a 3/50 with 4.1.1_U1, and have not noticed any Year 2000 problems on either of them. What needs to be patched? - ------------------------------ Date: Fri, 17 Mar 2000 10:21:15 +0100 From: Peter Koch Subject: sunos4, sendmail, and unix To: perryh@pluto.rain.com, pkoch@k-town.de Hi! >...and have not noticed any Year 2000 problems on either >of them. What needs to be patched? Not much, fortunately. There are a handful of programs that will show "funny" dates like "w", "bar" and such. There are some programs that won't work properly like "passwd" and "date". There are two functions (strftime and strptime) in the libc that return improper results for 2000. That's it! No crashes will result out of this, but "funny" dates (in the logfiles for example). The kernel itself doesn't have any problems. >I am writing this on a 3/60 with straight 4.1.1... You should apply some patches though. Plain 4.1.1 is buggy. Especially NFS and YP is hurting much. There are Sun-Patches available (on sun3arc). A nice add on are the "Special"-Patches. They're compiled by Heiko Krupp (the maintainer of sun3arc) and me and have been tested in real life for years by several people (including the sun3arc itself and all the 15 Sun3's in my Sun3-Zoo). The y2k-Patch is on our machines since the Sun3-Zoo-Party. I've compiled a revised version of the y2k-Patch in January and it is available on my website: http://home.k-town.de/~pkoch And don't forget to visit the Sun3/3x-Archive: http://sun3arc.krupp.net Tschuess Peter - ------------------------------ Date: Sun, 19 Mar 2000 16:50:01 +0000 From: Bob Hoekstra Subject: Suns-at-Home Digest V13 #7 To: Suns-at-Home@net-kitchen.com, Cory.Bajus@mts.mb.ca Cory.Bajus@mts.mb.ca wrote: > ... > We have some SPARCserver 4/690MP's here that have been decommissioned, and will > probably be heading to the scrap heap soon Obviously, a box of this size isn't > really suitable for a 'Sun-at-Home'... Please, please don't send them to scrap! They were great machines in their day. I would gladly take one (even two) except that I'm in the UK and the shipping charge would be more than the machine is worth. I'm sure there must be someone who would be willing to take them. I seem to remember some scout group having a web site with lots of Sun gear, incl a 4/490. > ... but I am interested in options for > recycling some of this hardware. Some things I am considering are: > ... > - A more interesting possibility is pulling the CPU cards and installing them in > the empty VME chassis of smaller Sun servers. A three slot chassis would be > enough for a CPU w/ onboard memory. A six slot chassis would allow me to > salvage the 501-1767 memory cards. Does anyone have any experience performing > this type of 'brain transplant'? Are there any issues like power, cooling, etc. > that have to be considered when moving to a smaller VME enclosure? Also, what > Suns would be most suitable to serve as a new 'host body'? How big are the six > slot machines, and what are the power requirements? I have done this in the past: a customer was upgrading 490 -> 690, and I managed to get the replaced boards 490 as a swap for my 3/160 boards. It worked fine: the boards are standard 9U VME and the 3/160 power supply (850W I think) more than adequate. There was a hell of a time while I was finding out the correct positions of jumpers on the VME bus though. A 4/670 case may be a better choice, especially if you have a broken one. The processor boards are identical, so no benefit in a straight swap. Was there ever a 4/470? If so, this could be a good choice also. -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GO/! d- s++:+ a+ C++(++++) US+++$ P+ L+ E--- W++ N++ w--- O- V- PS+ PE- Y+ PGP- t+ 5++ X+ R* tv+ b+ DI++ D G e(*) h++/-- r+++ y? ------END GEEK CODE BLOCK------ ----------------------------------------------------- Bob Hoekstra: APL & Unix Consultant Tele: +44 (0)1483 771028 (Home) +44 (0)7710 562345 (Mobile) Web site: http://www.khamsin.demon.co.uk Home email: Bob.Hoekstra@khamsin.demon.co.uk ----------------------------------------------------- - ------------------------------ Date: Wed, 15 Mar 2000 01:03:50 -0500 (EST) From: der Mouse Subject: Suns-at-Home Digest V13 #8 To: Dwight McKay (The Moderator) >> q: since both sonos4 and netbsd are bsd children, why can't uvm be >> dropped into sunos4? or the improving fs? > I think this is a classical example of lost knowledge... (Sheesh, man, is Sun paying you to plug their OS or something?) > 1) SunOS 4 does have UVM, period! In fact, Sun invented it!!! Excuuuuse me? The UVM that's in NetBSD is Chuck Cranors's thesis project. Are you thinking of something else called UVM? Or are you claiming Sun funded Chuck's graduate studies? > 2) SunOS 4 does use the Berkeley Fast Filesystem, period! Yes, but it's a comparatively old incarnation of FFS. > If you want to have the 4.1.3 UFS on your Sun3, go to > the Sun3/3x-archive and download the "special" patch. > 2 GB file system size and a clean flag, what do you > need else?!? Goodness, where do I start. Filesystems larger than 4G? Files larger than 4G? Immutable bits? Fast symlinks[%]? FFS_EI (byte-swapped filesystem support)? 32-bit owners[%]? File types in directory entries? maxcontig>1? Ongoing support? [%] SunOS actually may already have these, for all I know. All the other filesystems that NetBSD supports, like ext2fs, lfs, msdos, NFS (v3 - SunOS does do a decent job of v2), kernfs, procfs, fdesc...? And there are all the non-filesystem reasons, like a single kernel that boots on sun4, sun4c, and sun4m (admittedly not very relevant to the Sun-3s that you appear to be mostly talking about)...IPv6...binary compatability with Linux, SunOS, Solaris, and native NetBSD, all coexisting under the same kernel...the tun, rnd, vnd, ccd, raid pseudo-devices.... And, of course, the biggest one of all: free source code. > 3) SunOS 4 does come with mature device drivers for all Sun hardware, > period. Nonsense. There are whole machine families not supported by SunOS 4. One of my employers has an Ultra-1 that's running Solaris because SunOS doesn't support it. (I keep meaning to try booting NetBSD on it. Perhaps I'll get around to it someday.) And what about non-Sun hardware? There are non-Sun SBus and VME cards and there are *lots* of non-Sun SCSI devices. And SunOS insists on wiring device types to SCSI IDs; you have to rebuild the kernel if you want a disk at an ID that you used to have a tape at, for example. > There are a few drivers in NetBSD that work fine, but several > others (especially VME) are pre alpha or do not exist at all. Very true. I recommend pressuring Sun to release enough hardware docs to cure this situation. I'd especially like docs on the bpp and lpvi hardware for SPARCs and the sc and ALM cards for VME. > 4) Sun invented/implemented a lot of new technologies in SunOS that > are today considered "state of the art". Examples, please? der Mouse mouse@rodents.montreal.qc.ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B - ------------------------------ Date: Wed, 15 Mar 2000 05:24:44 -0500 (EST) From: Curt Sampson Subject: Suns-at-Home Digest V13 #8 To: cdewick@lios.apana.org.au > From: Craig Dewick > Subject: Rescue options for Sun 4/690MP > > A pair of dual-125 MHz Hypersparc modules and 256 meg of RAM would make > very formidable machines even by today's standards if they're used for raw > data processing, and given the ability to use off-the-shelf RAM and SCSI > drives, there's lots of life left in them. While I agree that there may be a lot of life left in these machines, I must respectfully disagree that one could consider a machine like this formidable in any way. 256 MB is a reasonable amount of RAM, but the base amount for any non-cheapo system these days is 128 MB (and that's neeeded), so it's far from a huge amount. But, much more importantly, Sun systems just don't have any CPU any more. A year ago the 166 MHz Ultra 1 under my desk was getting whupped (if you'll excuse the term) by my 233 MHz AMD System which I'd picked up for under $700. These days I'm seeing 500 MHz Pentium III systems (which are about three times as fast) for the same price with 24-bit graphics and all sorts of other happy accessories. If Sun's 466 MHz Ultrasparc offerings can't even hope to compete with a basic PC these days (outside of FP-intensive applications, of which there are few), there's no way a dual 125 MHz Hypersparc system will. Make no mistake, I like Sun machines (except for the crappy physical arrangement of the sbus). I own eight of them (a number which seems ever to be increasing) and use them for important roles. (My main mail server, for example, is an IPX.) But I would never consider them powerful for `raw data processing' in this day and age. One can always find something with significantly more performance at signficantly less cost. Fortunately, there are still plenty of applications out there where you don't need huge amounts of performance, where a Sun becomes a very nice thing to have. cjs -- Curt Sampson 917 532 4208 http://www.netbsd.org «Quand on veut un mouton, c'est la preuve qu'on existe.» - ------------------------------ Date: Wed, 15 Mar 2000 23:16:10 -0600 From: Garry Garrett Subject: Suns-at-Home Digest V13 #8 To: Suns-at-Home@net-kitchen.com "Dwight McKay (The Moderator)" wrote: > > If you want to use the Sun box and Solaris as a firewall, here are > the steps to do so: > > 1. install only core Solaris. > 2. make sure you disable all the ports, except for telnet. > see /etc/inet/inetd.conf Well, there are some others that I might leave open, talk for example (or maybe open it up with TCPwrappers). Only leave "open" those ports for which you have a reason, and protect those that you do leave open with TCPWrappers if you can. > 3. download and install "armor". Apply it and install TCP wrappers. "armor". Please, give more details. TCP Wrappers is it's own package, what else comes with "armor"? > 4. edit the /etc/inet/inetd.conf again and enable the wrappers for > telnet (ftp discretionary). If you are going to enable FTP, use TCP Wrappers. Better yet, get WUftpd. You can setup anonymous FTP if you want (it's chroot'ed) and you can setup "guest" class users, which aren't anonymous (they have real passwords), but are chroot'ed. You can also specify who can FTP in from where. Even if you use WUftpd, still wrap it in TCP Wrappers. Your FTP users that can FTP from the outside world, it's best to have them in a separate filesystem (to prevent someone from a denial of service by filling up your filesystem). > 5. if you want to use ftp, edit /etc/ftpusers. /etc/ftpusers contains > a list of users which are NOT allowed to make an FTP connection. I strongly > recommend not using ftp at all, however. Put in here every single user that came with the O.S. root, uucp, ... Make sure that you have an /etc/shells file and add only those shells you are actually using. > 6. install and configure ssh - Secure Shell suite. In addition to > installing on a default port, install it on a random, secret high port to > serve as a backdoor in case something goes awry. Make sure it's not a > privileged port. "secret"? security through obscurity is no security at all. One port scan and your port is "known". My point is, don't expect the fact that it's "secret" to buy you anything. > 7. obtain and install CheckPoint Firewall-1, V4.1 recommended. Configure > the firewall rules carefully. If configured properly, it can be set to do > IP masquerading and network address translation. > 8. Obtaining and installing the RSA's SecurID is not necessary, but I > recommend it highly. It's a very efficient method of authentication (you > don't have a physical token, you don't get into the system). CheckPoint's > FW-1 makes provisions for it an can be configured to use it. > > This all costs money, but if you have enough for an Ultra-1, then you can > scrap enough for CheckPoint and SecurID. Well, Firewall-1 and RSA's SecurID cost money. Everything else I saw was *free*. > Or even better, get pirated copy > of those, if you can. Oh, yea, rely upon *stolen* software to make sure that no one steals from you. :-) I don't know what religion you are but "thou shalt not steal" carries a pretty big price tag. :-) > I have a Sparc 5 running Solaris 7 (thanks to all who suggested CD mounting > hardware sources to me about a month ago). I'd like to do some > computer-based training on it, but the program I'm trying to run apparently > pre-dates Solaris 7- it tells me it only runs on 2.4 through 2.6. > > I have access to 2.6 and could install it, but I'd like to avoid that. Is > there a way to fool the program into thinking it's running 2.6 when it's > actually running 7? I'm thinking of something along the lines of MS-DOS's > SETVER, with which you can tell DOS to report different version levels to > different executables. Does it say that it *only* runs on 2.4-2.6 or does it say that runs on 2.4-2.6? Sun makes a huge effort for backwards compatiblity (You can run SunOS 4.x code on Solaris if you have installed the "binary compatiblity" stuff). Worse comes to worse, you could make a tape backup of Solaris 7 (do it in single user mode, putting each filesystem on it's own tape can be convient, but if not you can use /dev/rmt/0n to not rewind a tape). If you have more than one hard drive, you could put 2.6 on one hard drive and 7 on the other. /tmp and some other non-O.S. filesystems you could mount on both installs. At boot up time, one of them will be your default boot device, but you could always say "boot disk1" instead of "boot" to boot off of the disk identified as "disk1". At the OK> prompt type "help" and go from there. "printenv" is also useful as is "devalias". I know it's kind of weird, but could you boot single user mode off of the Solaris 2.6 media and run your CBT? If it's X-Windows based, I would guess not. -- Garry Garrett http://monarch.papillion.ne.us/~ggarrett - ------------------------------ End of Suns-at-Home Digest ******************************