Nahum Shalman

Nahum Shalman

Triton on SmartOS bhyve

Under Development There is an open bug in SmartOS that needs to be fixed for this all to work. These are development notes until this header is removed. Motivation I (still) don't run VMware but I do have a SmartOS machine (it's a little nicer than the one from a

Tailscale for SunOS in 2025

Happy New Year! The wireguard-go port is still sitting around in my fork. I don't know when I will have the energy for the next attempt to get it upstream. In the meantime, I've made some fun progress on the Tailscale side. Taildrive The Tailscale folks have shipped Taildrive (currently

OpenTelemetry Tracing for Dropshot

I spoke at Oxide's dtrace.conf(24) about a project I've been hacking on for the past couple weeks: Slides: OpenTelemetry Tracing for DropshotOpenTelemetry Tracing for Dropshot Nahum Shalman The QR code links to this presentation for anyone who wants to read the speaker notes or reread them later. 1

Tragedy Older Than Me

In July of 2021, in anticipation of the upcoming High Holy Days I purchased a copy of This Is Real and You Are Completely Unprepared: The Days of Awe as a Journey of Transformation by Rabbi Alan Lew, published in 2003. I was in fact completely unprepared to even read

Difficult Hardware

This content can also be found as part of https://github.com/tinkerbell/ipxedust/pull/88 in DifficultHardware.md. Most modern hardware is capable of PXE booting just fine. Sometimes strange combinations of different NIC hardware / firmware connected to specific switches can misbehave. In those situations you might want to

Private Web based IDE

These notes are a riff on a post by Chris Short. The biggest difference is that I will use the Tailscale TLS support rather than using external DNS access and a custom DNS record. This removes the need for a sensitive DNS API key. Chris's post is definitely worth a

SSH SOCKS proxy but it's Tailscale

Have you ever run ssh -D 9999 somehost? You might find the rest of this interesting. I'm not going to go into detail for the use cases of why you might want to use a SOCKS proxy with e.g. your web browser, but if, like me, you've ever done

Tailscale for illumos

Current status: Up to date with Tailscale 1.24.2. My SMF manifest and build script are checked in to my branch. I've added notes on how to set up an exit node.

A Four Axis Model of Work

Mission, Technology, Culture, Compensation

Silly SmartOS hack: ipf/ipnat in lx zones

Someone on IRC in #smartos was asking [https://freenode.logbot.info/smartos/20210205#c6800202] about how to turn on NAT in lx branded zones. I was pretty sure it should be possible, and found myself nerd-sniped [https://xkcd.com/356/] into figuring out the exact solution. I don't think I

ZFS send/receive

A few weeks back I needed to migrate an entire ZFS pool from one machine to another. I used raw send to keep the stream compressed, and I used mbuffer to smooth out the send/receive (see the reference link at the bottom) First, prepare the receiving end by creating

Migration Notes

Some notes I took down as I stood up my new zone hosted by https://mnx.io.

Upcoming Downtime

Just a heads-up that I have to migrate my domain off of the JPC and there will probably be a downtime of my blog and other services for an unknown duration (though I'll do my best to keep it as short as possible) to complete the migration. It might also

Wireguard - Android Road Warrior

Motivation There are a lot of blog posts and wiki pages about how to set up Wireguard [https://www.wireguard.com/], but I still had to do a bunch of trial and error to come up with a configuration that worked for me. I have two goals: 1. Secure all

Silly tricks with Docker in the JPC

Message from 2018: I was going through my blog post drafts and found this post. I've made few small tweaks to it that seem to be what I was hoping to add before publishing. If you've ever wanted to replace your SSH access to a native branded zone with docker

IPMItool for Termux (Android / Chromebook)

This is a follow up to my previous post outlining my chromebook setup [https://blog.shalman.org/chromebook-adventures/]. I managed to get IPMItool to compile in my Termux [https://termux.com/] environment. Here's how you can too. (So far I've only been able to get this to work on an

Chromebook Adventures

A chromebook you say? I've been in need of a new personal laptop for a while and inspired by this post [https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/] from @kennwhite [https://twitter.com/kennwhite] I decided that I would get a Chromebook. I put a couple of different models on a wishlist

Running OmniOS under KVM on on-prem Triton, Part 1

The first VM I wanted to build was OmniOS 014. While the system was able to see a virtio disk, the installer was not, so I did the initial installation on a virtual IDE drive. JSON spec for the installation VM: { "alias": "omnios", "autoboot": "false", "brand": "kvm", "ram": 2048, "vcpus"

Enabling DTrace on macOS Sierra

I was doing some work [https://github.com/nshalman/python-usdt/pull/6] on my Python bindings for libusdt [https://github.com/nshalman/python-usdt] which reminded me about how annoying it is when DTrace isn't working. The solution (as I noted here [https://github.com/nshalman/python-usdt/issues/4#issuecomment-269641299]) is

Sometimes it's the little things

If you run an illumos distribution that uses beadm (e.g. OmniOS) in production, you may have run into illumos bug #5943 [https://www.illumos.org/issues/5943]. As you might imagine, we at OmniTI run a lot of OmniOS systems. Recently a machine was being upgraded and on reboot

ZFS used space hidden in more than one snapshot

Someone was asking about this on IRC This is mostly for myself for later: hidden_in_snaps(){ bc -l <<<"( $(zfs list -H -p -o usedsnap ${1}) - $(zfs list -H -p -t snapshot -r -d 1 -o used ${1} | awk 'BEGIN{total=0} {total += $1} END{print total}') ) / 1024

PXE Booting NixOS

I've been outed on Twitter: > Thanks to some awesome work from @nahumshalman [https://twitter.com/nahumshalman], we'll soon have a PXE bootable #NixOS [https://twitter.com/hashtag/NixOS?src=hash] installer! https://t.co/WHHwP1Bm5i — Charles Strahan (@charlesstrahan) April 21, 2016 [https://twitter.com/charlesstrahan/status/723247337007505408] I've been working

Mistify is now Cerana

Just a quick note that Mistify is being rebranded as Cerana [http://cerana.org]. I'm busy getting settled into my new team and having a great time. You can be sure I'll either be posting here or at least linking from here over to more information as we achieve interesting

OmniTI

Long time followers are aware of how much time and energy I've poured into SmartOS and the SmartOS community which might make what I'm about to tell you all the more surprising. You may want to sit down. Today was my first day at OmniTI [https://omniti.com/], and while

Running a Tor relay with Docker in the JPC

Jessie Frazelle [https://twitter.com/frazelledazzell] did some really nice work wrapping up Tor into a Docker image [https://blog.jessfraz.com/post/running-a-tor-relay-with-docker/]. I tried running it in the Joyent Public Cloud (JPC) back in January but ran into a bug in the LX implementation [https://github.com/joyent/