SPARC Live CD?

Paul Lussier p.lussier at comcast.net
Thu Dec 21 09:09:47 EST 2006


Neil Joseph Schelly <neil at jenandneil.com> writes:

> That wasn't a dig on all Solaris boxes everywhere.  On this machine, it's 
> appropriate.  It was setup long ago by people who shouldn't be allowed to 
> touch a computer.  I turned it on and /usr/local couldn't be mounted.  I 
> don't know the root password off the top of my head.  Ask me where sudo was 
> installed next.  

Where was sudo installed :)

If the system is that bad, then it's worth the time and effort to
extract the drive(s) and mount them on a better system and extract the
data that way.

>> Hmmm, I seem to check man pages by instinct and make liberal use of
>> -(-)h(elp).  As far as stuff not being in my $PATH, ahm, that's
>> *almost* not possible :)
>
> And doesn't it take you longer when you have to check the man pages for each 
> common command you run?

It might take me a little longer, but annoyingly so.  If ps -efl
doesn't work, I just quickly switch to using ps -auxw, if I get an
error with that, I remove the -.  sed, awk, find, and tar almost
always take the same basic options, as a matter of fact, I can't think
of a standard/basic option that is different that I use commonly.
Sure, gnu tar can take a -z or a -j option, but those are either
standard or common.  tar everywhere takes (c,x)vf, that's all that's
really necessary.

> Or when `man gzip` doesn't give you anything useful because the man
> pages either aren't to be found or aren't even in one of the
> thousand man paths you already know about?

I can't even remember the last time I looked at man gzip.  It's been
never since I needed something more than the basic options for gzip or
bzip2.  And since both are gnu tools, I wouldn't expect them on a
non-gnu system and therefore wouldn't expect tar to have -z or -j
options to support them.  compress is always there, as is the tar -Z
option to use it (does anyone even remember tar.Z files, or is it just
me? :)

> There's crap all over this machine. I never setup a real home on it
> and any portable home scripts I could use would be out of place
> since this machine is so scattered.

All the more reason to extract this drive and relocate it to someplace
more comfortable.

>> > (though not with locate because that's not there).
>> Locate is too often wrong (i.e. not up-to-date) to be dependable for me.
>
> It's not up to date?  It's as up to date as it was when it last ran.

Right, my point exactly!  When was that?  Is it set to run out of cron
properly?  Is cron running correctly?  Has this system been off for
some amount of time?  Has it had periods of being up, then down?  Has
software been installed since the last time locatedb was updated?
Does locate know about all the paths where something might be
installed? All these questions are rhetorical.  In a forensics
situation they're almost all unknown, and therefore make locate
unreliable.

Most people assume locate just magically "knows" where everything is
and never consider the possibility it could be wrong.  It is often
reconfigured.  I manage an environment with 300+ machines and all them
use a localized locatedb.conf file which actually prunes certain
directory structures from being included.  And many of things which
are pruned do in fact contain stuff someone might expect locate to
know about.  Locate is nothing more than an cron-automated find.

Not to mention that on many systems the locatedb is intentionally
turned off because it gets in the way of other things when it's
running.

> What do you use that's quicker than locate?

which, whence, where, whereis, find, man -k.  I also depend upon my
PATH being mostly all inclusive and my memory for the most likely
places things might be installed so I have a good place to look.  For
those things which I know are there or should be but can't find
quickly, I use find.

>> To me, the amount of time spent looking for, downloading, and
>> burning the appropriate Live CD would have been far greater than a
>> simple perusal of a couple of man pages.
>
> I can download a CD image without looking.  It comes with the opportunity to 
> do my job more quickly.  Browsing around with a man page lookup every few 
> keystrokes is annoying and keeps me from doing other things.

How fast can you download and burn a CD image and then boot the system
with it?  And why are you looking up command options every few key strokes?
If you're merely looking for certain types of data,
  find <some path> <a couple of standard options> | xargs grep <some pattern>

will work on every UNIX out there.  Remove the | xargs and add a >
/tmp/interestingFiles.txt then wrap tar around that to gather what you
need and you're mostly done. If the problem is really just not knowing
which options are the common, standard, portable ones, then again,
removing the drive and attaching it to another system is still alot
faster than downloading, burning, and booting from a live CD.

> I don't have another machine I can put these drives in.

Really? Hmmm, that can be a problem :) Do you not have another
physical piece of hardware?  Are you aware that Linux can mount
Solaris partitions?  Or is it a matter of these drives are SCSI and
you only have IDE-based systems and no access to all the various and
sundry SCSI bits required ?

> I can't imagine what would cause you so much hatred toward LiveCDs.

I have no hatred for them at all.  As I said, I find the option rather
slow if I need to get at something fast.  They're indespensible in a
crisis, or in truly bizarre circumstances like trying to get data off
of of a dying internal laptop drive that no longer boots, etc.

But for merely getting data off a running system that has the basic
standard utilities, I find it a slow choice.  Perhaps time is not of
the essence in your situation.  Typically when I'm faced with
retrieving data from a system, it's in a crisis situation, time
matters a lot, and I need to just be done with it.  Waiting for a CD
to download and burn probably wouldn't be an option (which is why I
keep an iso of Knoppix laying around, then I just have to burn it :)

> I don't have some super custom environment I work in that a LiveCD
> with a modern BASH shell doesn't suffice me fine for.  I consider it
> good to have a collection of them handy for rainy days too, so it
> would have been nice to find a LiveCD I could use on this box in the
> event I needed one down the road.  I learned something as did
> everyone here from the experience of looking.

Fair enough, as I've stated plenty, I don't have anything against
them, and think knowing about a few different one is a good idea too.

> Why do I feel like I'm defending myself for asking a question?

You're not defending yourself for asking a question, you're defending
a statement and a claim that Solaris has inadequate command line
utilities, which it most assuredly does not.  What is inadequate is
your knowledge of the utilities under Solaris and how to use them
effectively.  And *that* is perfectly okay, but does not make Solaris
itself bad, just different.

What you walked into was a room full of people who have vast amounts
of experience on a variety of different OSes, all of which have
idiosyncrasies. We've been doing this stuff for years and years, and
in most cases since long before Linux or GNU was commonplace.  The
result of which is knowledge of how to get at the information we need
with the utilities at hand quickly and efficiently.  What we're trying
to do is convey this information to you and others such that you might
realize that you could approach this problem from a different angle.

And perhaps, we need to realize too, that what we take for granted as
"the one true way" really isn't; that perhaps sometimes there's
something to be said for slowing down, and waiting for the right tool
to download so that the experience of getting the job done isn't so
mind-numbing and tediously filled with frustration at every turn.

Some of us I think are so used to dealing with pain that we don't even
notice it anymore and just assume that when something is going to suck
we're just going to deal with it.  When someone comes up with a
different idea our first reaction is "Whoa, that's got no pain
involved, can't possibly be a good idea!"

Good luck, and let us know how it turns out.

-- 
Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

A: Yes.                                                               
> Q: Are you sure?                                                    
>> A: Because it reverses the logical flow of conversation.           
>>> Q: Why is top posting annoying in email?


More information about the gnhlug-discuss mailing list