Sunday, May 31, 2009

Japan OpenSolaris User Group



Just return from Japan OpenSolaris user group. Excellent photos are on Jim's blog. I regret that I did not take my camera and did not make any photos, except of a few artifacts that I've got there: a bunch of very cute metallic stickers "Powered by OpenSolaris" to replace "Powered by Windows Vista" with "Powered by OpenSolaris". :-(

Very nice people, doing good stuff and, in fact, are not using Linux or Windows on their desktops presenting OpenSolaris, unlike FreeBSD guys that happens very typically to them. :-) There was few Macs and one M$ Windows, but still all the stuff was shown from VirtualBox (even Mac guys use VirtualBox, instead of Parallels or VmWare).

Next month Mike Sullivan will probably talk about ZFS and NAS.

Monday, May 25, 2009

Getting User Credentials in GlassFish

Well, LDAP is great, we all know that. Others might consider other realms to authenticate-and-then-authorize. But one thing really bothered me when it is not very great in case I still need user's credentials to pass them elsewhere after realm has been passed. E.g. I want to execute some business objects for that specific user etc. More over, there is no standard JSR for it (and this just pisses me off). Of course, these credentials are unable to find in a regular servlet HTTP request, because we are not using basic authentication, like a putting credentials into an URL. So, here is a deal: an user logs into your system and after that your code wants to use the same credentials to get things from elsewhere, but you do not want (or can not) run SSO for some reasons — hence you have no service ticket to some certain enterprise segment.

How to get user's credentials then, without messing around with custom realms? In a GlassFish, the recipe is as follows:
  1. From GlassFish lib/ directory add appserv-rt.jar library to your class path in order to get all com.sun.enterprise.* become available in your application.

  2. Get a subject:
    import com.sun.enterprise.security.auth.login.PasswordCredential;
    import javax.security.auth.Subject;
    import javax.security.jacc.PolicyContext;
    import javax.security.jacc.PolicyContextException;

    ...

    Subject subject = null;
    try {
    subject = (Subject) PolicyContext
    .getContext("javax.security.auth.Subject.container");
    } catch (PolicyContextException ex) {
    ...
    }
  3. From the subject, get an iterator from private credentials object:
    Iterator iter = subject.getPrivateCredentials().iterator();
    while (iter.hasNext()) {
    PasswordCredential credential = (PasswordCredential) iter.next();
    ...
    }
  4. Now you can get PasswordCredential object that contains: a) realm name as getRealm(), b) user ID as getUser(), c) password as getPassword().
That's it.

Monday, May 18, 2009

Sun Studio


20090515046, originally uploaded by trochej.

Here how Sun Studio looks like... :-)

Saturday, May 09, 2009

Cheap, Fast, Right: everything at once.

Recently I thought where/how to get a file-server, other services possible and a backup solution for my home that:
  • Is low voltage. So I don't need to pay 24" LED monitor price per a week year.
  • Is silent. So I will not get sick of the regular noise and won't suffer from sea sickness. :)
  • Is scalable. I want to add more disks in a future and/or replace them.
  • Is cheap. Thus I can afford more, once I need.
On the market there is available quite interesting piece of hardware: Asus EeePC Box. Engadget.com tagged it and you can find lots of explanation about the hardware itself. Shortly, it is Intel Atom N270 (1.6 GHz, FSB 533) processor, has DDRII 1 GB RAM (upgradable up to 2 GB), 2.5" size hard drive 80 GB capacity, 945GSE + ICH7M Chipset, on-board Intel GMA 950, 1600 x 1200 maximum graphic resolution. For network it has built-in 10/100/1000 Mbps LAN and 802.11n WLAN. It has 4 USB slots, one Mini SD slot and for sound Azalia ALC888 Audio Chip is used.

Installing an Operating System
Here in Tokyo, it comes with a Splashtop Linux which is kind of cool: you can use Skype and a Web right after two seconds later power has been turned on. And also an instance of a Japanese Windows XP with a worm inside right out of the box. :-)

In my case, as an OS I want to use OpenSolaris. Since machine has none of CD/DVD drive and I have none of USB one, installation was a bit tricky. Here is a sequence:
  1. Get at least OpenSolaris 111a build as USB image and make a bootable USB memory stick. If you are Solaris user, install SUNWdistro-const package and use usbcopy command to let it take your USB image and put into USB memory stick with a GRUB. Please note that filesystem should be ZFS. Due to a bug, UFS won't boot with memory sticks and you will get only a GRUB prompt.
  2. In BIOS, find your USB storage (appears as a hard drive) and select it as a primary drive, so in this way it will appear in a boot sequence menu. Select it and boot Solaris from USB drive, choosing VESA driver, otherwise monitor will be black due to frame buffer compression won't work with Intel card this time.
  3. In BIOS also turn off Splashtop Linux thingy, remove boot pause, remove logo on boot, enable quick boot, select appropriate bus speed etc. IOW, turn the machine to a regular PC without these bells and whistles.
  4. Process installation, blowing away everything on a disk (it is NTFS with Windows XP, originally).
  5. Remove USB memory stick, change boot sequence back to HDD and start your newly installed OpenSolaris.
That's basically it. Everything should work fine, including sound card.

Using static IP
OK, reader might be a n00b. :-) Here I shortly describe how it is done:
  1. Add a nameserver(s) to /etc/resolv.conf.
  2. Switch system to use DNS instead by renaming /etc/nsswitch.dns as /etc/nsswitch.conf.
  3. Restart DNS service:
    svcadm restart svc:/network/dns/client:default
  4. Use static IP by editing /etc/nwam/llp. For example, in my case, a physical device is "rge0" and was configured as "rge0 dhcp". I wanted internal IP to be 192.168.1.2, so I changed this to: "rge0 static 192.168.1.2/24".
  5. Restart network service:
    svcadm restart svc:/network/physical:nwam
  6. pfexec svcadm enable svc:/network/physical:default
  7. Add default router:
    pfexec vi /etc/defaultrouter
  8. ...and use it:
    pfexec svcadm restart network/routing-setup
List of all your network devices: ifconfig -a.

Compile MPlayer (for fun) :-)
I mean, why not? The thing has excellent sound card, why not use it? This one bit tricky (hello to Linux community), but nothing really special. Shortly:
  1. Install the following packages: SUNWgcc, SUNWgmake, IPSgawk (from a Blastwave) and SUNWxorg-headers.
  2. export PATH=/usr/gnu/bin:/opt/csw/gnu:/usr/bin:/usr/X11/bin:/usr/sbin:/sbin
  3. Get an MPlayer source: http://www8.mplayerhq.hu/MPlayer/releases/MPlayer-1.0rc2.tar.bz2
  4. Extract, configure, compile and install (use gmake instead of make):
    tar jxf MPlayer-1.0rc2.tar.bz2
    cd MPlayer-1.0rc2
    ./configure --prefix=/opt/mplayer/
    gmake
    gmake install
...and of course, you will miserably fail on first time gmake run, because Solaris's linker won't peacefully eat -rdynamic parameter, that is used to resolve symbols in the executable itself, when using dynamic loading. Well, simply delete this parameter from configure.mak file and link it successfully.

Yeeeah! :-)
P.S. Do not bother me and yourself why there is no decent package for MPlayer. I don't know, maybe a licence issues. If you cry about a package, then provide one.

Add Blastwave package repository (optionally)
I've added it, but don't use that much, since it blows my hard drive with duplicate packages. Just some packages only:
pfexec pkg set-authority -O http://blastwave.network.com:10000/ Blastwave
Some packages are good and MPlayer is also there. But if you willing installing from the packages, you will end up with a quite a big amount of duplicate software that you're already have on a disk.

Ready to go!
Now use your imagination. For example, I have few zones created on it for various services, like file server, backup, monitoring my home network that has more than 10 assets online and a jukebox.
Surprisingly, OpenSolaris on Atom CPU 1.6GHz with only 1GB RAM does all these tasks very well. And not just that: during these operations, it also happily plays a movie full-screen without any troubles.

Friday, May 08, 2009

Asus Eee PC Box B202

I've got my Asus Eee PC Box B202 for my mini project at home. Price here in Japan cost for me ¥39,800 + Bluetooth keyboard and a mouse. There are many reviews about the box, so I just wanted to share things that nobody usually talking. :-)

Packaging entirely sucks. It is ripped off from Apple packaging, but as usually it happens, copied wrong. They copied even matt paper and tried to put as minimum as possible graphics on it. Still, they screw it up, having lack of feeling of any kind of style, poor cutting quality etc. However, the price tells everything: they're done it by an axe, I understand... that's fine. But the most funny is a size. I took photos of the thing, so everybody can consider it themselves how "green" it is and how "well" it fits to the whole global warming question, wasting space of transportation, fuel for airplanes etc. Also it is damn heavy, in compare to MacBook package. I have no idea how it rendered to be that heavy, but I was quite surprised, dragging the thing to the home.

The Eee PC Box is a small Intel Atom-based machine with 1GB of RAM, 80GB 2.5" hard drive disk (16GB SSD would be much better here, by the way) and 1.6GHz CPU Intel Atom processor. CPU itself is not any fast. The beauty of the machine is a size and low voltage. It is very quiet (I mean silent), great for all this file-server thing in the small office or home. This machine is also really great for a disk-less thin client terminal. The size is like a regular O'Reilly book:


It is even smaller than my aluminum MacBook:


Now funny things begin. I still have a package box from my MacBook. I've got this in a shop exactly like this, as you might see in a photo (left). And that's how internal package of the Eee Box looks like (it is also thicker):


You think it is finished? No way. They put this box in another, external box that looks like this (why?? why??). The box is so big that you additionally can put a bottle of wine, pack of donuts and a small color printer:


And I also got a set of input devices: a Bluetooth keyboard and a mouse. Both are... well... cheap, you know... and I am not gonna use it anyway, since I have lots of keyboards at home. But... but... look at that size of package!! It is literally twice wider than the machine itself ("We don't know about Times New Loman existence for Engrish part for mice combos"):


...and, surprisingly, thrice thicker than the machine itself! Would I expect there five keyboards and a dozen of mouses?


Of course, by an old-good tradition, I took these stickers on a flush cistern of my toilet and now the natural excrement disposal place is labeled to be designed for a Windows XP. :-)


No way, the Eee PC box is gonna run OpenSolaris instead.

Tuesday, May 05, 2009

OpenSolaris zone: "One more thing..."

Here with OpenSolaris you do not want to create native zone, but ipkg one, using a standard /zones/foobar dataset. And, of course, it will not work for you, complaining about zone path dataset:
ERROR: Error: no zonepath dataset.
That's because /zones must be a ZFS. To fix a bones, remove and add it to the ZFS pool instead:
rmdir /zones
zfs create -o mountpoint=/zones rpool/zones
Then proceed with a regular zone setup, using zonecfg. Zones also works now perfectly with VirtualBox, version 2.2.2.