Nahum Shalman

Private Web based IDE

These notes are a riff on a post by Chris Short. The biggest difference is that I will use the Tailscale TLS support rather than using external DNS access and a custom DNS record. This removes the need for a sensitive DNS API key. Chris's post is definitely worth a

SSH SOCKS proxy but it's Tailscale

Have you ever run ssh -D 9999 somehost? You might find the rest of this interesting. I'm not going to go into detail for the use cases of why you might want to use a SOCKS proxy with e.g. your web browser, but if, like me, you've ever done

Tailscale for illumos

Current status: Up to date with Tailscale 1.24.2. My SMF manifest and build script are checked in to my branch. I've added notes on how to set up an exit node.

A Four Axis Model of Work

Mission, Technology, Culture, Compensation

Silly SmartOS hack: ipf/ipnat in lx zones

Someone on IRC in #smartos was asking [https://freenode.logbot.info/smartos/20210205#c6800202] about how to turn on NAT in lx branded zones. I was pretty sure it should be possible, and found myself nerd-sniped [https://xkcd.com/356/] into figuring out the exact solution. I don't think I

ZFS send/receive

A few weeks back I needed to migrate an entire ZFS pool from one machine to another. I used raw send to keep the stream compressed, and I used mbuffer to smooth out the send/receive (see the reference link at the bottom) First, prepare the receiving end by creating

Migration Notes

Some notes I took down as I stood up my new zone hosted by https://mnx.io.

Upcoming Downtime

Just a heads-up that I have to migrate my domain off of the JPC and there will probably be a downtime of my blog and other services for an unknown duration (though I'll do my best to keep it as short as possible) to complete the migration. It might also

Wireguard - Android Road Warrior

Motivation There are a lot of blog posts and wiki pages about how to set up Wireguard [https://www.wireguard.com/], but I still had to do a bunch of trial and error to come up with a configuration that worked for me. I have two goals: 1. Secure all

Silly tricks with Docker in the JPC

Message from 2018: I was going through my blog post drafts and found this post. I've made few small tweaks to it that seem to be what I was hoping to add before publishing. If you've ever wanted to replace your SSH access to a native branded zone with docker

IPMItool for Termux (Android / Chromebook)

This is a follow up to my previous post outlining my chromebook setup [https://blog.shalman.org/chromebook-adventures/]. I managed to get IPMItool to compile in my Termux [https://termux.com/] environment. Here's how you can too. (So far I've only been able to get this to work on an

Chromebook Adventures

A chromebook you say? I've been in need of a new personal laptop for a while and inspired by this post [https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/] from @kennwhite [https://twitter.com/kennwhite] I decided that I would get a Chromebook. I put a couple of different models on a wishlist

Running OmniOS under KVM on on-prem Triton, Part 1

The first VM I wanted to build was OmniOS 014. While the system was able to see a virtio disk, the installer was not, so I did the initial installation on a virtual IDE drive. JSON spec for the installation VM: { "alias": "omnios", "autoboot": "false", "brand": "kvm", "ram": 2048, "vcpus"

Enabling DTrace on macOS Sierra

I was doing some work [https://github.com/nshalman/python-usdt/pull/6] on my Python bindings for libusdt [https://github.com/nshalman/python-usdt] which reminded me about how annoying it is when DTrace isn't working. The solution (as I noted here [https://github.com/nshalman/python-usdt/issues/4#issuecomment-269641299]) is

Sometimes it's the little things

If you run an illumos distribution that uses beadm (e.g. OmniOS) in production, you may have run into illumos bug #5943 [https://www.illumos.org/issues/5943]. As you might imagine, we at OmniTI run a lot of OmniOS systems. Recently a machine was being upgraded and on reboot

ZFS used space hidden in more than one snapshot

Someone was asking about this on IRC This is mostly for myself for later: hidden_in_snaps(){ bc -l <<<"( $(zfs list -H -p -o usedsnap ${1}) - $(zfs list -H -p -t snapshot -r -d 1 -o used ${1} | awk 'BEGIN{total=0} {total += $1} END{print total}') ) / 1024

PXE Booting NixOS

I've been outed on Twitter: > Thanks to some awesome work from @nahumshalman [https://twitter.com/nahumshalman], we'll soon have a PXE bootable #NixOS [https://twitter.com/hashtag/NixOS?src=hash] installer! https://t.co/WHHwP1Bm5i — Charles Strahan (@charlesstrahan) April 21, 2016 [https://twitter.com/charlesstrahan/status/723247337007505408] I've been working

Mistify is now Cerana

Just a quick note that Mistify is being rebranded as Cerana [http://cerana.org]. I'm busy getting settled into my new team and having a great time. You can be sure I'll either be posting here or at least linking from here over to more information as we achieve interesting

OmniTI

Long time followers are aware of how much time and energy I've poured into SmartOS and the SmartOS community which might make what I'm about to tell you all the more surprising. You may want to sit down. Today was my first day at OmniTI [https://omniti.com/], and while

Running a Tor relay with Docker in the JPC

Jessie Frazelle [https://twitter.com/frazelledazzell] did some really nice work wrapping up Tor into a Docker image [https://blog.jessfraz.com/post/running-a-tor-relay-with-docker/]. I tried running it in the Joyent Public Cloud (JPC) back in January but ran into a bug in the LX implementation [https://github.com/joyent/

Recent smartos-discuss posts Feb 2016 edition

Some of my recent posts to the smartos-discuss mailing list [https://wiki.smartos.org/display/DOC/Mailing+Lists+and+IRC] may be of interest to any readers who for some reason read this blog but aren't on the mailing list: On the subject of cpu_shares, cpu_cap, and vcpus

SmartOS ZFS Boot Media

Someone recently asked about this on the mailing list so I decided to get this out of the drafts folder and published. I used these instructions to create a ZFS formatted USB stick with a pool name of smartos that I use in my server at home. I update it

Running SDC CoaL on SmartOS

Motivation I don't have any machines that run VMware but I do have a nice SmartOS machine. I have some SDC features I want to test. I want to test my own changes to SDC to make sure that they are safe, and I want to play with the latest

SmartOS on SmartOS everywhere for LX brand testing

TLDR? Click here for the quick set of commands to run on your SmartOS machine to try this stuff out. Hot on the heels of my previous blog entry [https://blog.shalman.org/smartos-on-smartos-in-the-jpc/] comes a KVM bootable image containing my latest SmartOS build with some extra tooling to make

SmartOS on SmartOS in the JPC

What now? We begin with Xzibit: Okay, really, what? 1. Log into the JPC portal 2. Provision a CentOS 7 VM * Use any package that gives you more than 1 VCPU (try "High CPU 1.75") * Only give it one VNIC on the public internet (remove the usual private one)