Notes on upgrading to Solaris 11

This is just a posting about the snags I encountered while upgrading from Solaris 11 Express to Solaris 11 11/11. The biggest problem that I encountered is that I simply could not upgrade using the package upgrade utility. It would install everything fine, but once rebooted grub would complain about a missing kernel (which has a Xen label buried in it). So I decided to try to use Oracle Solaris 11 11/11 Automated Installer. That would be mistake number 2.

The automated installer not only blew away all my partitions, but, I discovered painfully, is missing more than half the packages needed to get X running (note to Oracle: I hate you). My first thought was to download the repo images on the download page and the missing binaries would be on there. No go.

The solution to getting X working on Solaris is making sure your network connection works (at least the automated installer got the config files right - mostly) and using pkg list -a. You will need to install practically everything remotely related to X including the themes and the display drivers (why does an over the wire automated installer NOT do this for me?) before you can get X working. Once you've got the X working you can then leisurely install any and all remaining packages using the graphical installer.

HOWTO install Oracle Studio 12.3Beta on Solaris 11 using pkg (NOT tgz)

The normal installer is broken so installing via GUI is not possible. However, I did some digging and a bit of guesswork which resulted in me finding the solution. The first part of the solution is to extract the installer files from the shar that you downloaded from Oracle (SolarisStudio12.3-beta-solaris-x86.sh in my case) which is accomplished by running: sh ./SolarisStudio12.3-beta-solaris-x86.sh --extract-installation-data .

This will result in 20 different files being unpacked in to the current directory. To install them you need to call them using: pkgadd -d filename. Filename is replace by each of the 20 files such as cc, c++, etc.

Kudos to Tech-Recipes for the pkgadd command. http://www.tech-recipes.com/rx/350/install-a-solaris-datastream-package/

HOWTO get Drivel working with Blogger/Blogspot

I was tearing my hair out trying to find the answer to this one because I want/need to use Drivel for posting unless I want to logout of my Google apps account. I couldn't get it going until I found this on the Drivel mailing list (http://mail.gnome.org/archives/drivel-list/2010-July/msg00002.html):
===================
blogger.com does not work as Blogger 2.0, only as blogger 1.0. I've just tested this: http://drivel-dev.blogspot.com/2010/07/another-test-for-blogger-10.html Change to Blogger 1.0, drivel will then select: http://www.blogger.com/api/RPC2 for the server address.
===================
Major kudos to Neil Williams.

The proper way of having the Broadcom driver load at boot using modprobe

In the Broadcom documentation it mentions to put "modprobe wl" in /etc/rc.local. This strikes me as bad form since hardware detection is done every time you boot. Putting the driver loading in rc.local instead of adding it to modprobe makes it so that any service relying on an active connection won't have one during initial boot, but will after rc.local is run thereby having start up drag on even longer (since all those services will now see an active connection and come alive). A better way is to add the following entry to /etc/modprobe.d/network.conf: install wl0 /sbin/modprobe wl Important note: make sure the wl driver loads cleanly when you manually run modprobe wl. If the wl driver stops working chances are that you updated your kernel which means you'll need to "make clean ; make ; make install" the driver followed by insmod'ing it followed by a depmod.

A quick and dirty HOWTO for getting Broadcom wifi drivers running on Fedora

This is mainly so I remember exactly how to do it since it is a headache :)  Most of this information comes from http://www.broadcom.com/docs/linux_sta/README.txt which has a different procedure that didn't work for me.
NOTE: I would strongly suggest keeping the source directory after you have finished the steps below because you will need to recompile and re-install the module every time the kernel is updated.

1. Download the source for the driver from: http://www.broadcom.com/support/802.11/linux_sta.php
NOTE: There is also a Patch for compilation problem with kernel versions > 2.6.37
NOTE 2: The patch doesn't seem to want to apply cleanly, but since it's only one line that needs to be changed it's not a headache to make the change manually.

2. After extracting the .tgz, but before compiling the source, the include/linuxver.h file needs to be modified.
Add a new line at the end of the file: MODULE_LICENSE("GPL");
Reason: At least with Fedora Core 15 (what I'm using) the kernel will not load tainted modules and this fixes that problem by making the kernel think that this module uses GPL licensed source code.  The code isn't really GPL licensed, but it's not a problem as long as you're not distributing it.

2a. Compile and install the module: make ; make install

3. For all Linux distros it is necessary blacklist Broadcom modules that may be present in your distribution so they will not be loaded when Linux is starting up.  Depending on your distro the exact method may vary, but for FC15 I created /etc/modprobe.d/broadcom-wl-blacklist.conf of which the contents are:

# modules blacklisted for broadcom-wl
blacklist bcm43xx
blacklist ssb
blacklist b43
blacklist ndiswrapper

4. At this point I suggest rebooting (or you could take the long road and unload all the above modules manually).

5. Run: depmod ; modprobe wl

You should now see your wifi card listed when you do ifconfig -a

The Solaris package for the mysterious "libgnomebreakpad.so"

Looking through a ton of postings I could only find people complaining about this library with the only solution being given was to copy it manually, but I finally found an obscure posting that pointed out the package: gnome/crash-report/bug-buddy

More memories from the distant past: a 1995 nodelist for BBS's on the Paul Revere Network (used FIDONet software)

õýýýýýýýýýýÀ õýýýýýýýýýýÀ  õýýýýÀ   õýýýýÀ
                  ÁÀ  õýýýÀ  þ ÁÀ  õýýýÀ  þ  þ    ÁÀ  ÁÀ  õã
                   þ  þ   þ  þ  þ  þ   þ  þ  þ  ÈÀ ÁÀ  þ  þ
                   þ  Áýýýã  þ  þ  Áýýýã  þ  þ  þÁÀ ÁÀ þ  þ
                   þ  õýýýýýýã  þ  õÀ  õýýã  þ  þ ÁÀ ÁÀþ  þ
                   þ  þ         þ  þÁÀ ÁÀ    þ  þ  ÁÀ Á³  þ
                  õã  ÁÀ       õã  ÁÀÁÀ ÁýÀ õã  ÁÀ  ÁÀ    þ
                  Áýýýýã       Áýýýýã Áýýýã Áýýýýã   Áýýýýã
              The PAUL REVERE NET a listing of the systems within              
                           The PAUL REVERE NETWORK.                            

ýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýý
     The Paul Revere Network/HQ Chicago BBS (312)482-9940 (V)(312)482-9910     
     Visit the PRNet Web Page at:   http://www.mcs.net/~lpyleprn/home.html     
     Gun Owners of America +DUAL MEMBERSHIP OFFER+ The Paul Revere Network     
     Two Newsletters/Alerts $ 28 -=*=- Support the Second Amendment Effort     
ýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýý

                            (As of 2 December 1995)                            



ST BBS Name                  BBS Phone#   City            Sysop Name
ýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýý

AB The WAR Room BBS          403-275-5690 Calgary         Martin Riley         
AK Terminal Velocity (PRNet  907-247-1078 Ward Cove       Ken Rowan            
AL Adventure Sports BBs      205-477-9902 McCalla         Greg Pack            
AL King James Bible BBS      205-285-5948 Millbrook       Ralph Stokes         
AL THE FAMILY SMORGASBOARD<t 205-744-0943 Pleasant Grove  Randall Dickerson    
AL The Chuckle Box           334-653-1776 Mobile          Robert Nykvist       
AL The Confederates BBS      205-967-6176 Vestavia Hills  John Gentle          
AN Rational Anarchist BBS    905-646-8229 St Catherines O Keith Weaver         
AR Conway PC Users Group BBS 501-329-7227 Conway          Tim Stone            
AS PRN TEXAS                 409-447-2069 Montgomery Co T Jonathan Gauntt      
AZ A-2-Z Enterprises         602-721-7824 Tucson          William Arnold       
AZ Cross Roads               602-482-8577 Phoenix         Tony Ellis           
AZ CyberSupport Hq/Co.A      602-231-9377 Phoenix         Phil Runyan          
AZ Dennis' Emporium          602-645-8167 Page            Dennis Crane         
AZ Hawks Aerie!              602-873-2755 Phoenix         Patrick Spence       
AZ Inn on The Park PCBoard   602-350-0890 Scottsdale      Jim Jusko            
AZ L&M Information Systems   602-730-0116 Chandler        Martin Maxwell       
AZ My Blue Heaven BBS        602-750-0716 Tucson          Scott Wood           
AZ PIONEER INTERNATIONAL BBS 602-649-2647 Mesa            Bernie Wilt          
AZ Run-Time BBS              602-525-3711 Flagstaff       Dan Shearer          
AZ Telegraph Station BBS     602-844-9740 Mesa            David French         
AZ The Arizona Sentinel      602-412-8978 Phoenix         Don Scotten Jr.      
AZ The Desert Reef           520-624-6386 Tucson          Eric Gray            
AZ The Desert Reef           602-624-6386 Tucson          Eric Gray            
AZ The Ghostrider BBS        602-439-2226 Glendale        John Kuhns           
AZ The Light Post            602-890-1588 Tempe           Don Wheeler          
AZ The Rock Beyond the Billo 602-482-1851 Phoenix         Wesley Arnold        
BS PRN/REPUBLIC OF TEXAS HUB 214-495-6699 Sachse TX       Ric Duncan           
CA A&B Express               619-447-2792 El Cajon        Bryan Gardner        
CA Aaron Construction Cmpy B 510-521-0281 Alameda         Rick Hunter          
CA Eagle's Nest              818-989-7845 Van Nuys        William Kirk         
CA Excelion BBS              818-892-4182 North Hills     Robert Worne         
CA FREEDOM USA BBS           916-423-2565 Sacramento      Greg Waggy           
CA Hunter's Den              209-437-9903 Clovis          Rick Hunter          
CA In Heaven There Is No Bee 619-667-0159 Lemon Grove     Tony Quinn           
CA LadyColt Women's Form/PRN 408-246-2837 San Jose        Masako Young         
CA Laissez Faire Communicati 916-676-8447 Cameron Park    Joseph Slump         
CA Lake Co. Amateur Radio BB 707-987-3022 Middletown      Bruce LeGrande       
CA Lakeside Wildcat! BBS     619-390-7328 Lakeside        Roger Peck           
CA Nautilus II BBS           909-880-3229 San Bernardino  Dave Niemeyer        
CA NiteLite                  415-965-4097 Mountain View   Byron McKay          
CA Nodelist Coordinator      510-713-7336 Newark          Mike Burgett         
CA North West Region         408-229-9753 San Jose        Dennis Blair         
CA PRN Los Angeles           310-837-7818 Los Angeles     Mike Loving          
CA PRN/GOAC Orange County    714-969-6338 Huntington Beac Manny Rothstein      
CA Paradigm Shift Line 1     310-902-0252 Whittier        Michael McBroom      
CA Paradigm Shift Line 2     310-943-2499 Whittier        Michael McBroom      
CA Paul Revere Network GOLD  209-795-0848 Arnold          Mike Pyle            
CA Planet Mirth              510-786-6560 Hayward         Gene Hahn            
CA South West Region         310-676-0492 El Segundo      Dennis Santiago      
CA THE BAD BOY BBS!          310-378-3081 Torrance        Carl Tice            
CA THE BULLET BOX            818-403-0399 So. Pasadena    Dan Feely            
CA The ACCESS Network        619-247-1816 Apple Valley    Robert Parsons       
CA The Airtight Garage       415-641-0348 San Francisco   Carlos Benitz        
CA The Digital Forest Inform 714-586-6142 Mission Viejo   Tobin Fricke         
CA The Free Zone             619-582-2402 San Diego       Paul Cavnar          
CA The Great AbysS           510-482-5813 Oakland         Gary Stewart         
CA The MARINES KEEP BBS      916-268-3129 Auburn          Alan J Squire        
CA The Ride                  209-642-6126 Oakhurst        Brad Bopp            
CA The Shooter's BBS         619-691-0233 Chula Vista     Mike Bergan          
CA The Wastelands            209-438-7621 Fresno          Donald Price         
CA The ZEANAH Machine        805-446-9203 Thousand Oaks   Derek Zeanah         
CA WEST LOS ANGELES BBS      310-559-5334 Los Angeles     Gary Inman           
CA net600 Hub 300            916-992-1781 Rio Linda       Tim Baltad           
CO Runestone BBS             303-338-1055 Denver          Kevin McNeece        
CO The OK Corral BBS         303-832-4197 Denver          Dave Wilson          
CO Welcome Home BBS          303-839-8665 Denver          Dave Wilson          
DC Powderhorn BBS            202-562-8239 Bolling AFB     Brian Sorensen       
DE The Nuclear Amoeba        302-653-7685 Smyrna          Andrew Brown         
FL John's Barn               904-785-1280 Panama City     Lee Rich             
FL Sawhorse BBS              305-435-1972 Pembroke Pines  John Sawyer          
FL Shooter Ready BBS         305-567-0114 Miami           Marc Fisher          
FL TRUST NO ONE BBS          904-589-2532 Grand Island    Brian Cash           
FL The Haven of Rest         904-474-0992 Pensacola       John Calvin Hall     
FL The Perfect Trinity       904-995-0255 Pace            Tim Hudson           
GA Acorn Systems BBS         912-882-0540 St. Mary's      Walt Thomas          
GA Digital Frontier          404-984-2543 Atlanta         Cott Lang            
GA Malfunction Junction      912-261-8332 Brunswick       David Little         
GA Rsbbs                     404-879-1600 Pine Lake       Robert Seely         
GA Southside Bbs             912-757-0576 Macon           Chuck Lackey         
GA The Kountry Kitchen BBS   912-673-6564 St. Marys       Vicki Phillips       
HI UNHINGED!                 808-263-4742 Kailua          Bruce Nolting        
ID Orwell's Vision BBS       208-832-2572 Mountain Home   Chris Mangus         
ID THe PHaNToM LiMB          208-664-3655 Coeur d'Alene   Todd Riggz           
IL Bold Truth BBS            618-937-3962 West Frankfort  John Zortz           
IL ICM BBS                   217-422-5872 Decatur         Rick McNeely         
IL North Central Region      312-482-9940 Chicago         Leroy Pyle           
IL The King James BBS        312-723-8434 Chicago         James Walker         
IL The Rift BBS              217-522-1937 Springfield     John Hull            
IL Windstar Network          312-986-0974 Chicago         Steve Schmidt        
IN Electronic Warfare BBS    812-882-0644 Vincennes       Nicholas Loch        
IN Hilltop/2                 219-488-3812 Hamilton        Mark Taylor          
IN MegaCity One BBS          219-426-7015 Fort Wayne      Derek Balling        
KS Midwest Tech BBS          913-432-6490 Kansas City     Ted Burris           
KS The American Patriot BBS  913-438-1776 Overland Park   Kevin Johnson        
LA Duffey's Tavern           318-436-2992 Lake Charles    Gordon K             
LA Holodeck                  504-392-9847 New Orleans     Steve Fatland        
LA The Eagle's Nest          504-764-0449 Norco           John Perilloux       
MD Silver Bullet             301-622-2247 Silver Spring   Frank Mallory        
MD The Christian Connection  301-470-2354 Laurel          Robert Middleswarth  
MI Aquila Systems BBS        313-533-6068 Redford         Greg Plyler          
MI Marriage Bed BBS          616-467-4550 Centreville     John Van Hare        
MI Woody's Nest              810-628-4523 Oxford          Cletus Cryderman     
MN Erebus                    612-439-7808 Stillwater      David Pinch          
MN Minnesota Libertarian     612-938-3702 Hopkins         Michael Lomker       
MN MinuteMan                 612-933-5409 Minneapolis     Dale Ubelhoer        
MN Shade's Landing           612-431-6733 Apple Valley    Gary Shade           
MO Big Al's Place            417-881-8653 Springfield     Al Turner            
MO DOC in the BOX CBIS       314-893-6099 Jefferson City  Mark D Winton        
MO Party Line BBS            314-845-7127 St. Louis       Jerry Olney          
MO South Central Region      816-597-3950 Kansas City     Brad Alpert          
MO StarCastle BBS            816-524-4312 Lees Summit     Mark Stilwell        
MO The Gore Zone             816-363-4673 Kansas City     David Gore           
MO The IWLA 2X4 BBS          314-443-1874 Columbia        Kim Palmer           
MO The Second City           417-623-3187 Joplin          Mike Brandon         
MS Chip's Toy Box BBS        601-436-6412 Biloxi          Chip Lechner         
MS Crest Mark BBS            601-829-2161 Jackson         Andy Templeton       
MS Gulf Coast Adult Lifestyl 601-392-6114 Biloxi          James Young          
MS TechLink BBS              601-878-5943 Terry           Wayne Fugitt         
MS The City of Tanelorn      601-374-0934 Biloxi          Ray E Coffey         
MT The Night Lights          406-259-6771 Billings        John Hank            
N- PRN WESTERN PA            412-271-0980 -Unkno          Brian Sawyers        
NC Promenade/2               704-393-1093 charlotte       Andy Ruth            
NC South East Region         919-752-5738 Greenville      Vince Worthington    
NC The Jungle                910-488-1954 Fayetteville    Charles Bowman       
NC Thor's Retreat/2 BBS      910-424-0956 Fayetteville    Don Cranford         
NH CHECKMATE BBS             603-624-7123 Manchester      Henry France         
NH PRN NEW HAMPSHIRE         603-753-9716 Penacook        Allan Hitchmoth      
NJ Geoff Gowey BBS           908-813-2584 Port Murray     Geoff Gowey          
NJ Luftwaffe                 609-859-1234 Southampton     Ed Rossell           
NJ Paul Revere Net New Jerse 609-723-8436 McGuire AFB     Jim Faulkner         
NJ The Armory BBS            908-859-0162 Phillipsburg    Bob Goeller          
NJ The Computerist's Friend  908-563-6976 Somerset        William W Reed       
NJ The Vector BBS            908-276-4405 Cranford        Joseph Delvecchio    
NJ The Wrong Number BBS      201-656-6576 Jersey City     Clark Matthews       
NM Galt's Junkyard           505-344-7645 Albuquerque     Steve Davis          
NM Route 66 Solutions        505-294-4543 Albuquerque     Jon Jacob            
NV Moroni's Call             702-871-6827 Las Vegas       Ken Thompson         
NV Sierra Sage North         702-887-0408 Carson City     Wil Schuemann        
NY AccessTV BBS              914-774-8947 Monroe          Bruce Greenberg      
NY MHS:BBS                   914-794-8904 Monticello      Scott Waschitz       
NY Telesphere BBS            518-459-0270 Albany          Andrew Badi          
NY The Peacock BBS           516-884-1328 Lindenhurst     James Combs          
NY The Volitan BBS           516-874-4615 East Moriches   David Wilson         
OH Battle Cry BBS            513-252-0220 Kettering       Jerry Hail           
OH Hank's Corner BBS         513-274-8118 Dayton          Norm Smith           
OH The Firehouse BBS         513-258-0215 Dayton          Dean Tarter          
OH Warrior BBS               513-271-0779 Cincinnati      Barry Riddell        
OK <CyBorg ConTrol>          918-252-9528 Tulsa           Jim Watson           
OK Bedrock BBS               918-835-6836 Tulsa           Monte James          
OK GhostWorks                405-720-2342 Oklahoma City   Justin Smith         
OK Magna Carta News Service  405-631-1664 OKC             Bill Bauer           
OK The Dugout                918-357-1765 Tulsa           The Coach            
OK The GUNNER'S MATE/PRN     918-665-6841 Tulsa           Ed Shirley           
OK The People's Advocate & P 405-391-6604 Newalla         David Elston         
OK The Right Wing Observer   918-835-8026 Tulsa           Jim Brown            
OK Uniblab                   918-341-4450 Claremore       Ray Shank            
ON Another World Bbs         905-871-9502 Fort Erie       Henry Edginton       
ON Radio Free Canada         613-820-0606 Ottawa          Leonard Knoll        
ON The Hunting Field         905-735-9081 Welland         Larry Poirier        
ON The Hunting Field         905-735-8683 Welland         Larry Poirier        
ON The Rippler's Crypt#1     905-834-1923 Port Colborne   Paul Lee             
ON The Rippler's Crypt#2     905-834-1924 Port Colborne   Paul Lee             
OR Integrated Media Services 503-254-2817 Portland        Bill Taylor          
OR NWCS Online "A CyberPlace 503-655-8114 Portland        Skip Guyer           
PA Gizmonic Institute        412-771-2804 Pittsburgh      Joel Robinson        
PA North East Region         610-259-2198 Lansdowne       Jim Henry            
PA Second Amendment BBS      814-898-1732 Erie            Frank Huff           
PA TANSTAAFL BBS             717-432-0764 Dillsburg       Roy Tellason         
PA THE BRATS HOME BBS        412-942-3957 MCMURRAY        JON CHRYK            
PA The Genealogist BBS       412-681-5688 Pittsburgh      Bill Thoma           
SC Shroedinger's CatBox      803-652-3759 New Ellenton    Terry Buyers         
SC The Second Amendment BBS  803-794-2822 West Columbia   Larry Coble          
TN Freedom's Voice BBS       423-288-5877 Kingsport       Kevin Qualls         
TN Realty Relief Fido        423-690-2227 Knoxville       Pat Carter           
TN River Canyon Rd. BBS      423-886-2521 Chattanooga     Ron Mitchell         
TN Southern Cross            423-349-5473 Kingsport       Bob Burns            
TN Storm Warning BBS         423-877-2304 Chattanooga     Brent Daniel         
TN The Dagobah System BBS    423-894-0430 Chattanooga     Michael Hampton      
TN The Final Word            423-877-0682 Chatanooga      Rocky                
TN The TutorBoard            423-744-0024 Decatur         A.D. Wade            
TN The Virtual Dimension     901-935-2192 Jackson         David Fesmire        
TN Thunder Bolt BBS          423-357-8769 Church Hill     Dusty Evans          
TN Vision Quest BBS!         423-272-2331 Rogersville     Tommy Shaw           
TX Alcatraz RBBS-PC          713-450-3870 Houston         Matt Bedynek         
TX BackStage                 409-721-9606 Nederland       Jeff Lanes           
TX Brigadoon                 409-321-4637 Conroe          Gary Black           
TX Confusion Central         713-367-7391 Conroe          Steve McDonald       
TX Coyote's Den              409-447-3198 Montgomery      Russell Steffee      
TX FAIRLANE BBS              713-489-4580 Manvel          Mike Campbell        
TX FLOTOM Information Servic 512-282-3941 Austin          Tom Lane             
TX Galt's Gulch Texas        214-294-4215 Frisco          Alan Andrews         
TX Guns BBS                  214-357-8770 Dallas          Jason Hughes         
TX Houston Libertarian       713-728-2199 Houston         Mike Lenker          
TX JACK'S RANGE              915-757-9311 El Paso         Jack McGuire         
TX Sub-Rosa                  915-598-2042 El Paso         David Butler         
TX THE BEACON                214-881-7585 PLANO           STEVE WOLFF          
TX THOrne...'s Castle BBS    214-422-1589 Plano           David Smith          
TX The Arena                 713-362-9772 Spring          Bob Sturgeon         
TX The Dragon's Lair         409-539-9082 Conroe          Marius Strom         
TX The Firing Line           214-490-3491 Dallas          Andy Mans            
TX The Justice Advocate      409-856-5808 Willis          Joe Sager            
TX The Minuteman             806-355-8564 Amarillo        Larry Wyble          
TX The Paper Man             713-869-5310 Houston         John Westerlage      
TX The Pit Viper             214-454-4606 Richardson      Mike Phillips        
TX The Roost BBS             713-482-7080 Friendswood     Robert VanBurkleo    
TX The SysOp's HangOut       409-945-5909 Texas City      Mervin Cockerham aka 
VA Brokedown Palace          804-591-8537 Newport News    Dennis Ricketts      
VA Gun Owners of America BBS 703-321-7401 Springfield     Larry Pratt          
VA PRN LGC Newport News      804-877-8320 Newport News    Dick Adams           
VA Sparkies Machine BBS      703-362-7647 Roanoke         John Campbell        
VA THE WALL                  804-595-4017 Newport News    Tommy Caylor         
VA THE WALL Node 2           804-595-3572 Newport News    Tommy Caylor         
VA TIDMADT                   703-765-0822 Alexandria      Dave Aronson         
WA GunServe                  509-582-9627 Kennewick       Kevin Crosby         
WA Invincible Software       206-277-4059 Renton          Jeff Murphy          
WA Washington Arms BBS       206-255-8371 Issaquah        Roger Brown          
WY The Byte Me BBS           307-382-6127 Rock Springs    Gerald Shurtleff     

                               Total Sites: 218                                

ýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýý
              If you would like more information on how your BBS               
              can become a  Paul Revere Network member, download               
              PRNKIT.ZIP from any of the listed bulletin boards.               
ýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýýý

A post for posterities sake: My 1998 mailing list debate over secure network design

When reading this please bear in mind this was '98 during original .com boom when it looked like money would be abundant to anyone with a modicum of computer knowledge and I was still in college.  I actually received a job offer from the State Department as a result of this posting, but, stupidly, turned it down.  C'est la vie.
==============

Some new ideas came to mind and I added them to my proposal.  As usual any
comments are appreciated.  Here's the latest proposal:

Secure Network Initiative for Small Networks
Revision 1.0
January 15, 1998
by Geoffrey J. Gowey

PURPOSE:
This is a proposed setup for a securing a network for administrators on a
low budget (those that don't want to by a firewall and other security
devices) and that want one up fast.  The strength of this setup relies on 
two filters and the rules used for filtering (it's not perfect, but it's 
better than nothing).  The other advantage is that it puts some of the old 
junkboxes that many instutions have to use. 

IMPORTANT: This setup is aimed for small setups (100-150 nodes) using a
single T-1.

OVERALL DESIGN:

         Internet Connection
    |
    |
    External Filter
    | DMZ
   ---------------------------------
   | Web Server   |
   | SMTP/POP server  |
   | Primary external DNS server |
   | Secondary external DNS server |
   | Anonymous FTP server (optional)|
   ---------------------------------
    |
   Internal Filter
    |
     Log host (optional)
    |
   Internal Network
    |
      Primary internal DNS server
    |
     everything else

SYSTEM SPECIFICATIONS:
 External Filter:
  Either a filter router (CISCO, HP, etc.) or a system with
  the following specs:
  P-75 64MB RAM (maybe more RAM and a faster CPU
   depending on the network load)
  Any filtering setup (NetBSD w/ ipf rules, FreeBSD,
   Karlbridge/Karlbrouter, etc.)
  Two ethernet cards that work with the filtering software.
  A printer to log rejected packets (preferably dot matrix or 
   daisy wheel) and A LOT of paper.
 Internal Filter:
  same setup.
 Web server:
  Get a package and meet the requirements.
  My preference is NetBSD w/ Apache.
  With NetBSD a 486 with 8 or 16 MB RAM should be adequate.
 SMTP/POP server:
  Get an 486 that meets NetBSD's or FreeBSD's installation
  requirements, and a POP server.
 The DNS servers:
  Nearly same config as the SMTP/POP server, but a 386 can be 
  used instead of a 486, and a POP server is not needed.
 FTP server:
  Same config as the SMTP/POP server, but no POP needed.
 Log host:
  Old 386 running NetBSD, FreeBSD, etc. (just about anything
  that can catch syslog UDP packets).  Although a 486 might be 
  better since a large HDD will be needed.  

FILTER RULES:
 External Filter:
  From Practical UNIX & Internet Security[Garfinkel&Spafford]:
  Block packets for services that you do not wish to cross
your firewall.
  Block packets that have IP source routing or that have
other "unusual" options set.
  (my idea on this) Just about all TCP services except WWW
and FTP.  Just about all UDP services except DNS.
  (modified) Block inbound packets with a source address of 
any systems in the DMZ, internal network, or routers (anti-spoofing).
  (my idea) Block inbound packets with a destination of the
internal DNS server.

 Internal Filter:
   From Practical UNIX & Internet Security[Garfinkel&Spafford]:
   Block packets for services that you do not wish to cross
your firewall.
   (my idea) almost the same rules as above, except allow UDP
for syslog (port 514) destined for the loghost (and only for the loghost) in
   and ONLY from systems in the DMZ. 
   Block packets that have IP source routing or that have
other "unusual" options set.
   (modified) Block packets addressed to your filters.
   (my idea) block outbound DNS packets destined for the
external dns primary/secondary servers from everything except the internal
primary DNS server.
   (my idea) block inbound packets lower than port 1023
without the ACK bit set (this will cause the remaining packets to be
ignored).  Thanks to Chapman and Zwicky for this idea.  Reason: doesn't
allow people on the outside to access FTP, HTTP, and anything else using TCP
on the inside using ports less than 1023.  Only problem: X-Windows Servers, 
and any server sitting higher than port 1023 (such as IRC, DOOM Servers, 
QUAKE Servers, Netscape's Admin for its web server (I believe, could be wrong),
and some other things).  However, with things like DOOM and QUAKE I think
the majority of the traffic is UDP so they should be blocked by virtue of
the UDP filtering rules (but I'm not sure).

REASON FOR AN EXTERNAL/INTERNAL DNS SERVERS:
 My reason for such separation is that it only allows people have
immediate access to systems in the DMZ (hackers would have to sniff packets
to figure out the remainder of the setup).  The external/internal setup also
allows some added flexibility and security.

DRAWBACKS OF THIS SETUP:
 If a proxy server was used the filtering would be even easier, and
more secure.  Securing against servers runing on ports above 1023 is
difficult.  

NOTE ON THE DNS SETUP:
 The way to have the DNS working is to have internal traffic ask the
internal DNS server and if the internal DNS server doesn't know the (the
internal DNS server) should ask the external primary DNS server.

NOTES ON THE SMTP/POP SERVER:
 For security reasons I think it might be a good idea to have e-mail
addresses and passwords different than the login name and login passwords
(this'll leave a cracker out of luck if the server is sniffed or cracked). 
Also, if possible, use APOP (authenticated POP) since normal POP transmits
passwords in the clear (APOP sends them encrypted).

ANOTHER IDEA:
 If the systems in the DMZ have packet filtering support native to
them (e.g. NetBSD, FreeBSD, Linux, whatever) or if it's availiable then set
it so it can't accept inbound packets with a source of address of its own.
If one of the systems is cracked (e.g. the webserver) it'll prevent that
system from being used to easially hijack another.

SOME LAST NOTES:
 As is noted in many books all of these systems should be in a
secured area.  PHYSICAL SECURITY IS VERY IMPORTANT!  Using programs like
COPS or Tripwire is advise for the Web and SMTP/POP servers (and check
regularly).  This will assist in making sure that your system has not been
tampered with.

INFOSEC that everyone working in IT should know

Note: this is a post I originally put on my FaceBook page in 2009, but I'm slowly migrating away from FB so I'm reposting it here since it's still relevant.
-----------
Seeing as how I'm now moving on again I think I'll offer some basic information security procedures that everyone should know. It's an inevitability that you will eventually have to turn in your work equipment with little to no notice and making sure you don't have personal information on it should be a concern from day one. Yes, storing your gmail, facebook, Twitter, etc passwords in FireFox is convenient, but that's definitely not something that you want left for a stranger to compromise. Here is a setup that I have determined to be best:

1. Load vmware on your system
2. Install a Linux distribution (I prefer CentOS) and make sure to select use an encrypted partition (use a good password too not 1234 or some other password that takes 2 seconds to crack).
NOTE: make sure VMWare is setup to keep the guest in RAM (so it doesn't use the swap).
If the host OS is windows do the following:
1. Install CCleaner and configure it as follows:
a) start at startup
b) secure deletion - DoD standard is more than enough
c) wipe free space
2. Have windows clear delete the swap file at shutdown.
3. Configure disk defragmentation to happen every night at midnight.

Now use the Linux guest to browse gmail, facebook, whatever personal stuff you want/need to do.

The host os (windows) will be you do all your completely business related activities (intranet, code development, etc). As long as a key logger isn't installed the guest os will be secure for using for your personal tasks. When it's time for equipment turn in all that then needs to be done is a quick delete on the VHD for the guest (one file). However, if you're not provided any time you'll at least know that no one will access your personal data unless they have obtained the key for your encrypted filesystem (by key logger or watching you enter it).

How to setup the updater for Solaris 11

A brief overview is located at:
Support Repositories Explained [ID 1021281.1]
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1021281.1

Get your x.509 certificate for accessing the repository at:
https://pkg-register.oracle.com/register/status/

There's a HOWTO section link located on the bottom, but I'll reprint the instructions in case things change.
------
How to Install this Oracle Solaris 11 Express Support Certificate

   1. Download the provided key and certificate files, called Oracle_Solaris_11_Express_Support.key.pem and Oracle_Solaris_11_Express_Support.certificate.pem using the buttons above. Don't worry if you get logged out, or lose the files. You can come back to this site later and re-download them. We'll assume that you downloaded these files into your Desktop folder, ~/Desktop/.
   2. Use the following comands to make a directory inside of /var/pkg to store the key and certificate, and copy the key and certificate into this directory. The key files are kept by reference, so if the files become inaccessible to the packaging system, you will encounter errors. Here is how to do it:

          $ sudo mkdir -m 0755 -p /var/pkg/ssl
          $ sudo cp -i ~/Desktop/Oracle_Solaris_11_Express_Support.key.pem /var/pkg/ssl

          $ sudo cp -i ~/Desktop/Oracle_Solaris_11_Express_Support.certificate.pem /var/pkg/ssl
        

   3. Add the publisher:

          $ sudo pkg set-publisher \
                     -k /var/pkg/ssl/Oracle_Solaris_11_Express_Support.key.pem \
                     -c /var/pkg/ssl/Oracle_Solaris_11_Express_Support.certificate.pem \
                     -O https://pkg.oracle.com/solaris/support/ solaris
        

   4. Check your publisher settings, there should be no unrelated mirrors set up. To check for any set up mirrors invoke the following command:

          $ pkg publisher solaris | grep Mirror
        
        

      If the output is empty you are all set. If not remove unrelated mirrors by running:

          $ sudo pkg set-publisher -M http://mirror1.x.com -M http://mirror2.y.com ... solaris
        
        

   5. To see the packages supplied by this publisher, try:

          $ pkg list -a 'pkg://solaris/*'

        

      If you use the Package Manager graphical application, you will be able to locate the newly discovered packages when you restart Package Manager.

Theodore Roosevelt on courage

“It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood, who strives valiantly; who errs and comes short again and again; because there is not effort without error and shortcomings; but who does actually strive to do the deed; who knows the great enthusiasm, the great devotion, who spends himself in a worthy cause, who at the best knows in the end the triumph of high achievement and who at the worst, if he fails, at least he fails while daring greatly. So that his place shall never be with those cold and timid souls who know neither victory nor defeat.”

Theodore Roosevelt quotes (American 26th US President (1901-09), 1858-1919)

FYI- Don't forget my publicly accessible files library

VirtualBox SMF

/lib/svc/method/vboxheadless:

#!/bin/sh
# Customise this file to start and stop your application as necessary.

. /lib/svc/share/smf_include.sh


    getproparg() {

            val=`svcprop -p $1 $SMF_FMRI`

            [ -n "$val" ] && echo $val

    }

VM=`getproparg vbox/VM`

    if [ -z $SMF_FMRI ]; then

            echo "Error: SMF framework variables are not initialized"

            exit $SMF_EXIT_ERR

    fi


case "$1" in
  'start') /opt/VirtualBox/VBoxHeadless -s $VM  &
  ;;
  'stop') /opt/VirtualBox/VBoxManage controlvm $VM savestate
  ;;
  'refresh') /opt/VirtualBox/VBoxManage controlvm $VM reset
  ;;
  *) echo "Usage: $0 { start | stop | refresh }"
  exit 1
  ;;
esac

exit $SMF_EXIT_OK

/var/svc/manifest/application/vboxheadless.xml:

<?xml version="1.0"?>

<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='vboxheadless'>

<service name='application/vboxheadless' type='service' version='1'>

<method_context>

  <method_credential user='root' group='root' />

</method_context>

<exec_method type='method' name='start'

     exec='/lib/svc/method/vboxheadless start'

     timeout_seconds="60" />

<exec_method type='method' name='stop'

     exec='/lib/svc/method/vboxheadless stop'

     timeout_seconds="60" />

<exec_method type='method' name='refresh'

     exec='/lib/svc/method/vboxheadless refresh'

     timeout_seconds="60" />

<property_group name="startd" type="framework">

<propval name="duration" type="astring" value="transient"/>

</property_group>

<instance name='w7' enabled='true'>

<property_group name='vbox' type='application'>

<propval name='VM' type='astring'

                        value='w7' />

</property_group>

</instance>

<stability value='Unstable' />

<template>

   <common_name>

      <loctext xml:lang='C'>VirtualBox Headless</loctext>

  </common_name>

  <documentation>

      <manpage title='VBoxManage' section='1m' manpath='/usr/share/man' />

      <doc_link name='homepage' uri='http://sgpit.com/smf' />

  </documentation>

</template>

</service>

</service_bundle>

Running VirtualBox in a zone under Solaris 11

When trying to run VirtualBox in a zone under Solaris 11 make sure fonts are installed in the zone or else VirtualBox will core dump.  Package list:

FSWfontconfig-devel-docs                      0.5.11-0.130    known      --o--
print/filter/ghostscript/fonts/gnu-gs-fonts-other 6.0-0.151.0.1   known      -----
print/filter/ghostscript/fonts/gnu-gs-fonts-std 6.0-0.151.0.1   known      -----
system/font/daewoo-misc                       1.0.1-0.151     known      -----
system/font/gnome-fonts                       0.5.11-0.151.0.1 installed  -----
system/font/isas-misc                         1.0.1-0.151     known      -----
system/font/jis-misc                          1.0.1-0.151     known      -----
system/font/misc-ethiopic                     1.0.1-0.151     known      -----
system/font/misc-meltho                       1.0.1-0.151     known      -----
system/font/truetype/arabeyes                 0.5.11-0.151.0.1 known      -----
system/font/truetype/arphic-ukai              0.5.11-0.151.0.1 known      -----
system/font/truetype/arphic-uming             0.5.11-0.151.0.1 known      -----
system/font/truetype/bh-luxi                  1.0.1-0.151     known      -----
system/font/truetype/bitstream-vera           1.10-0.151      known      -----
system/font/truetype/bpg-georgian             0.5.11-0.151.0.1 known      -----
system/font/truetype/dejavu                   2.31-0.151      known      -----
system/font/truetype/fonts-core               1.1-0.151.0.1   installed  -----
system/font/truetype/gentium                  0.5.11-0.151.0.1 known      -----
system/font/truetype/google-droid             0.2010.2.24-0.151 known      -----
system/font/truetype/hanyang-ko               0.5.11-0.151.0.1 known      -----
system/font/truetype/hanyang-ko-core          0.5.11-0.151.0.1 known      -----
system/font/truetype/indic-fonts-core         0.5.11-0.151.0.1 known      -----
system/font/truetype/ipafont                  0.5.11-0.151.0.1 known      -----
system/font/truetype/ipafont-mincho           0.5.11-0.151.0.1 known      -----
system/font/truetype/kacst                    0.5.11-0.151.0.1 known      -----
system/font/truetype/liberation               1.4-0.151       known      -----
system/font/truetype/lohit                    0.5.11-0.151.0.1 known      -----
system/font/truetype/mgopen                   0.5.11-0.151.0.1 known      -----
system/font/truetype/sil                      0.5.11-0.151.0.1 known      -----
system/font/truetype/thai-scalable            0.5.11-0.151.0.1 known      -----
system/font/truetype/ttf-fonts-core           1.1-1           known      --r--
system/font/truetype/unfonts-ko-core          0.5.11-0.151.0.1 known      -----
system/font/truetype/unfonts-ko-extra         0.5.11-0.151.0.1 known      -----
system/font/truetype/unifont                  0.5.11-0.151.0.1 known      -----
system/font/truetype/wqy-zenhei               0.5.11-0.151.0.1 known      -----
system/font/xorg/cyrillic                     1.0.2-0.151     known      -----
system/font/xorg/iso8859-1                    7.5-0.151       installed  -----
system/font/xorg/iso8859-10                   7.5-0.151       known      -----
system/font/xorg/iso8859-11                   7.5-0.151       known      -----
system/font/xorg/iso8859-13                   7.5-0.151       known      -----
system/font/xorg/iso8859-14                   7.5-0.151       known      -----
system/font/xorg/iso8859-15                   7.5-0.151       known      -----
system/font/xorg/iso8859-16                   7.5-0.151       known      -----
system/font/xorg/iso8859-2                    7.5-0.151       known      -----
system/font/xorg/iso8859-3                    7.5-0.151       known      -----
system/font/xorg/iso8859-4                    7.5-0.151       known      -----
system/font/xorg/iso8859-5                    7.5-0.151       known      -----
system/font/xorg/iso8859-7                    7.5-0.151       known      -----
system/font/xorg/iso8859-8                    7.5-0.151       known      -----
system/font/xorg/iso8859-9                    7.5-0.151       known      -----
system/font/xorg/xorg-core                    7.5-0.151       known      -----
system/library/fontconfig                     2.8.0-0.151     installed  -----
system/library/fontconfig/documentation       2.8.0-0.144     known      --r--
x11/font-utilities                            7.5-0.151       installed  -----
x11/library/libfontenc                        1.0.5-0.151     installed  -----
x11/library/libxfont                          1.4.1-0.151     installed  -----
x11/xfontsel                                  1.0.2-0.151     installed  -----