While ignoring my own advice and reading various Mac rumor sites today, I saw that the next generation Powermacs may ship with DDR2 memory and PCI express video cards. Being the geek I am, I wandered off to see how much throughput could be achieved with each technology.
I started my knowledge quest by reading PCSTATS PCI Express tutorial, and was blown away by the potential of PCI Express. Not only does PCI express move considerably more data than PCI (250MB/s vs. 133 MB/s), it uses serial switched lanes to move data, and allows devices on the same PCI express BUS to communicate directly without involving the chipset.
Now DDR2 doesn’t look as promising as PCI express, and requires the memory to run at a high clock rate to achieve higher throughput than good old DDR memory. I am always curious to see what Apple does, and look forward to reviewing the specifications of the next generation powermacs!
When debugging web applications, most adminstrators will review the HTTP request and response headers for errors. This information can be retrieved with Firefox’s HTTP Live headers plugin, ethereal, or with curl’s “-v” (make the operation more talkative) option:
$ curl -v http://www.google.com
About to connect() to www.google.com port 80
Trying 64.233.187.99... connected
Connected to www.google.com (64.233.187.99) port 80
> GET / HTTP/1.1
User-Agent: curl/7.13.1 (powerpc-apple-darwin8.0) libcurl/7.13.1
OpenSSL/0.9.7g zlib/1.2.3
Host: www.google.com
Pragma: no-cache
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Type: text/html
< Set-Cookie: PREF=ID=12; expires=Sun, 17-Jan-2038 19:14:07 GMT;
path=/; domain=.google.com
< Server: GWS/2.1
< Transfer-Encoding: chunked
< Date: Tue, 18 Oct 2005 03:52:08TGMT:00-04:00
The “>” and “<” characters are used to indicate the direction the requests are sent and received. The curl(1) manual page indicates that the “-i” (Include protocol headers in the output) option should print protocol headers, but for some reason it only prints the HTTP response headers:
$ curl -i http://www.google.com
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Set-Cookie: PREF=ID=3eb84ab15b6724e3:TM=12; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Server: GWS/2.1
Transfer-Encoding: chunked
Date: Tue, 18 Oct 2005 03:54:38TGMT:00-04:00
When I get more time, I will have to go wandering through the curl source code to see why.
While messing around with ppriv(1m) today, I noticed that rpcbind(1m) was modified to run with reduced privileges in Solaris 10:
$ ps -ef | grep rpc
daemon 1678 1 0 16:11:26 ? 0:00 /usr/sbin/rpcbind
root 22884 13928 0 16:28:39 pts/6 0:00 grep rpc
$ ppriv 1678
1678: /usr/sbin/rpcbind
flags = PRIV_AWARE
E: basic,!file_link_any,net_privaddr,!proc_exec,!proc_info,!proc_session,sys_nfs
I: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session
P: basic,!file_link_any,net_privaddr,!proc_exec,!proc_info,!proc_session,sys_nfs
L: basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session
The !proc_exec and !proc_exec privilege settings are super cool (the “!” means a privilege has been revoked). These privilege reductions should reduce the chance of fork()‘ing a process and exec()‘ing shell if a buffer overflow is found in rpcbind (which has historically been a security nightmare).
I modified ssl-cert-check this weekend to print the certificate issuer along with the certificate expiration date:
$ ssl-cert-check -s mail.prefetch.net -p 443 -i
Host Issuer Status Expires Days Left
----------------------------------- ----------------- -------- ----------- ---------
mail.prefetch.net:443 Equifax Secure In Valid Jun 20 2006 247
Hopefully this will make renewals easier for folks using ssl-cert-check.
While reading through the Solaris df_ufs(1m) manual page today, I came across the “-o” option:
$ df -F ufs -o i
Filesystem iused ifree %iused Mounted on
/dev/md/dsk/d0 481649 13399951 3% /
This will print the total number of inodes along with the number of inodes that are currently in use. Nifty!