comp.os.aixcrowd. For general questions about the ANS, see the separate ANS FAQ.
Working knowledge of Unix is assumed!
Pretty much like AIX 4 on anything else, except for the low-level system changes I talk about below. You can see some screenshots of AIX CDE grabbed directly on an ANS 500.
Only 4.1.4 (220.127.116.11 and 18.104.22.168) and 4.1.5, and then only Apple-branded versions at that (so-called "Harpoon" AIX, after the operating system software's codename). If you have an IBM CD, it will not boot from it, and you probably should not try to install smit packages off it either. (If you don't know what smit is, read on.)
IBM support for Apple ANS AIX is non-existent, and many BOS patches may kill! your installation. The only OS upgrade you can do is the Apple-branded CD to 4.1.5. At that point, there are only a few IBM-distributed OS patches you can safely apply -- though some userland hotfixes may still work, anything modifying the Base runtime is cruising for trouble. You're better off patching the operating system manually, which we will explain presently.
At least one site (and our MacUser Review) makes reference to an AIX 4.1.2, but this appears to have only been used with pre-release models. I have also encountered an alleged copy of AIX 4.1.6 for the ANS, but sadly it is actually just a mislabeled 4.1.5.
The differences are primarily at the low hardware-access level for handling OpenFirmware and dealing with the hardware differences in the Shiner architecture, along with some software emulation code for imitating different CPUs. However, at the higher levels, like libraries, programming and so on, ANS AIX is merely a highly compatible superset of standard IBM AIX, virtually identical but with value-added support for Macintosh clients and AppleTalk, and various ANS-specific utilities.
So, this leads to the next question ...
ANS AIX is binary-compatible with most 4.1.x RS/6000 AIX applications, and most applications before that (including 3.2.5). In fact, so far I've yet to find one that isn't.
The situations that will get you in trouble are applications that use the POWER chipset or POWER2 architecture, which are not fully supported by the ANS (some instructions are emulated in software, but not all); and any IBM applications that depend on the presence of MicroChannel bus architecture, since the ANS is 100% PCI. Frankly, these situations are exceedingly uncommon. However, the thing that could likely burn people is drivers that do not cooperate with OpenFirmware -- this is something to watch out for when installing new hardware. See the main ANS FAQ.
Versions prior to 4.1.5 were affected by a nasty bug that caused a memory leak in the TCP sockets library. On very busy systems (such as my production ANS), this could cause you to insidiously run out of memory and ultimately out of swap -- AIX would try to save itself by killing off idle processes, but eventually would kernel panic. 4.1.5 does not have this problem.
In addition, 4.1.5 is also a prerequisite for some software packages (in particular Ultimedia and some pre-compiled offerings), and also has several security upgrades including fixes for ping of death and SYN flood DoS. There are still some important security holes in 4.1.5 -- if you're in a hostile network environment, read the pertinent questions to securing your AIX ANS before putting one outside unprotected.
Remember, you can only install Apple-branded AIX 4.1.5. IBM-branded 4.1.5 won't work, and may ruin your installation! The update was distributed as both a non-bootable upgrade CD and a bootable full system install; the latter is strongly preferred.
You can read the complete 4.1.5 readme.
There were (on ftp.fixdist.apple.com), but that server doesn't exist anymore, and IBM's support of 4.1.x is now very sparse also for the few APARs that could work on the ANS. In short, you'll be rolling your own.
AIX 4.1 is technically not, but it only affects a few obscure utilities. I have not personally experienced any difficulty with my unit, and it has run flawlessly before and after. Despite any temptations you may have, DO NOT attempt to install the IBM AIX Y2K patches; you will corrupt your boot image and AIX will not start! (Don't ask me how I know this!)
Of course, since the date on AIX is a 32-bit integer, there is a Y2038 problem. Such is life.
You can thank IBM for their bone-headed licensing that gives you only cpp out of the box. Fortunately, for some period of time kind folks made AIX-installable binary packages of popular open-source utilities, and many of these would run on the Network Server. The biggest of these was AIXPDSLIB (r.i.p.), now decommissioned, formerly at the University of California Los Angeles. We host a limited mirror of some of these packages (see the Software page), including gcc so you can roll your own stuff. Note that the last version of gcc they had available for 4.1.x is 2.95.2.
Most of the software I ran on this box was from AIXPDSLIB. You can use any of the executables offered for 3.2.5 and 4.1. Typically, to install one of these binary packages, you need to do the following steps:
Calm down; it's really easy. Make sure the AIX CD is in the CD-ROM drive, shut down as gracefully as you can, turn the front key switch to the leftmost position, and turn the server back on. The ANS will seek out the CD, and start AIX from there. Follow the prompts.
Besides being the hardware bootstrap monitor, the LCD also acts as a window onto the AIX bootloader, displaying mysterious three-digit code numbers as the loader configures hardware and filesystems. These numbers are codes representing the stage the bootloader is at, and can be found in any AIX reference manual, or see Apple tech note #24450 (a/k/a TA37399). You need only panic about these numbers if one starts flashing or halting (although some may hang around for some minutes, like 868, so have a little patience). You can write your own messages to the LCD; scroll down to the very end for how.
Boot from the AIX CD as above. Once you have defined the local console
(almost always the monitor and ADB keyboard), from the Installation and
Maintenance menu choose Start maintenance mode for system recovery,
Access a Root Volume Group, choose your
rootvg (on this
system there's only one), choose your file system (probably
and then Mount File System and Start Shell. You will have a root
shell available to enter commands.
You don't need to be in maintenance mode for most tasks, however, as
smit will run just fine with the system up in normal operation.
smit is the System Management Interface Tool, a very helpful
and effective way of doing system tasks. It works at both command line and
X11, and delivers easy-to-follow and friendly (well, as friendly as
system maintenance gets) methods of getting what you want done, done. Use it.
As we say in the biztm, "smit happens."
Most of this FAQ deals with talking to
smit in some form
or another. Modifying system files directly can be injurious to AIX's
health, since it keeps an object database on hand as well for some items.
smit keeps these in sync, better safe than sorry.
smit, simply type
smit. You will have
root for most, if not all, operations. If you're in
CDE, you get a nice GUI,
but even at the TTY it's very user-friendly.
Getting around in smit:
You will need the AIX CD for this. A very lucky few of you might already have the images on the HD. I don't. Insert the CD; you don't have to have it mounted.
smitas root and go to Software Installation and Maintenance, Install and Update Software, Install/Update Selectable Software (Custom Install), Install Software Products at Latest Level, Install New Software Products at Latest Level. (Whew!)
/dev/cd0. Press ENTER.
@(at) sign.) Press ENTER when done.
smitor F3 to back up a level or two.
This is an AIX-general question, but here's a short answer for enlarging a JFS logical volume (LV) on the default ANS hard disk. One of JFS' cool tricks is that it has soft partitions, allowing you to enlarge them without repartitioning or losing data. (You can also use the Mac OS Disk Administration utility, which may be easier. I'm not going to demonstrate that here.) Please note, if you are an AIX god, that later AIX versions may streamline this process considerably over AIX 4.1.
smitas root and go to System Storage Management, Logical Volume Manager.
PHYSICAL VOLUME: hdisk0 VOLUME GROUP: rootvg PV IDENTIFIER: 003acfa285a5f96b VG IDENTIFIER 003acfa2a1176b86 PV STATE: active STALE PARTITIONS: 0 ALLOCATABLE: yes PP SIZE: 32 megabyte(s) LOGICAL VOLUMES: 9 TOTAL PPs: 544 (17408 megabytes) VG DESCRIPTORS: 2 FREE PPs: 74 (2368 megabytes) USED PPs: 470 (15040 megabytes) FREE DISTRIBUTION: 01..73..00..00..00 USED DISTRIBUTION: 108..36..108..109..109This particular physical volume thus has a 32MB PP size and has 74 PPs free. The PP size varies based on the total size of your physical SCSI disk. Write these numbers down!
Particularly if you are on AIX 4.1.4, you should have ample swap (at least three times physical RAM) because of the TCP memory leak, and you should always have at least twice physical RAM on any Network Server running any version of AIX. You can see the space available with lsps -a; there should be a single logical volume, usually hd6.
You can add additional paging spaces, but the easiest way is simply to enlarge the existing paging LV. smit has a special dedicated means of doing so: System Storage Management, Logical Volume Manager, Paging Space, Change / Show Characteristics of a Paging Space, pick the paging space (usually hd6), and then enter the additional number of logical partitions to add. Alternatively, since the paging space is just a logical volume, you can use the same steps above but skipping the step for enlarging the filesystem, since there isn't one.
If you are in the United States, AIX 4 predates the 2007 daylight savings change and will get the time incorrect at certain parts of the year in some timezones. Fortunately you can hint the operating system with the TZ environment variable and an extra string. For Pacific timezone, which is where I am, I use PST8PDT,M3.2.0,M11.1.0 to tell it I'm on Pacific time, I use daylight savings, and I go off it on the second week of March and on it the first week of November. Adjust this for your own locale or timezone and put it into /etc/environment like so: TZ=PST8PDT,M3.2.0,M11.1.0
This is an AIX-general question, but here's a short answer for a single network interface.
No. AIX did not support IPv6 until AIX 5L.
ANS AIX includes an AppleTalk stack, but it's not too useful out of the box as it does not include AFP support for file sharing. (We'll get to "AFP over TCP" in a moment.) The CD bundle that came with the ANS included a miniature version of the uShare AFP server, but speaking from personal experience it was clunky and an absolute pain to administer. ANS AppleTalk can also be used for printer sharing and AppleTalk routing, but these tasks are usually better handled by any number of hardware routers, most of which can be found very easily on the used market. Furthermore, in this age of OS 9 and now X, old-style non-TCP EtherTalk is just about non-existent.
Nevertheless, if you want to explore its functions, you can access the AppleTalk smit menu under Communications Applications and Services, AppleTalk.
The AppleTalk stack can also be used to remotely administer the ANS and use its resources for applications; see the Mac OS Services page for information. However, there is no administrative task it does that cannot be accomplished at the command line, and in my estimation it merely represents one more potential point of remote entry (albeit one requiring some skill to successfully manipulate, but possible). Your risk declines if you bind it to a trusted interface only, but weigh that risk carefully. In this day and age it is best considered a curiosity.
ANS AIX 4.1.5 does include AFP over TCP support, but you must still run the main stack for it to be active, and it has limited configuration ability as far as ports it will bind, or permissions any more granular than what AIX already offers. Again, you should also be very careful that it does not bind an interface connected to a WAN, since it could easily route into the hands of naughty folks. Its configuration panel is located under ... AppleTalk, AppleTalk Advanced Features, Configure AFP over TCP.
A better way to share files from your ANS might be to ditch AppleTalk altogether, especially if you are running Mac OS X where there are plenty of alternative file sharing methods, or (sigh) Windows. In particular, samba should be compatible with both, and is well-known, fairly well documented and still supported. AIXPDSLIB offers an older version for download, but newer versions should still compile without much work. As with AFP over TCP support, you would be well advised to make sure it doesn't bind a WAN interface either.
Although it only supports X11R5, ANS AIX's AIXwindows implementation comes with Common Desktop Enviroment, which IMHO is much more congenial than GNOME or KDE. It's also trés slicko. It's also trés insecure and has several known exploits. Run only in a test network or a 100% trusted and completely secured environment.
smit, go to System Environments, Select System User Interface. Press F4 for the list and select AIXwindows Desktop Environment.
smitmenu with F3, and select Devices, Graphic Displays, Select the Display Resolution and Refresh Rate. Select
gda0from the list.
smitwith F10 and reboot the system with
reboot. On startup, you will receive a CDE login screen instead.
Use the left and right arrow keys while simultaneously clicking the mouse button.
AIX 4 comes with xwd. Most of the time you will want to do something like xwd -screen -root -out out.xwd, which will dump the entire screen to out.xwd (use xwd -icmap ... if you're trying to capture a game screen that is using a different X colourmap). A tool like GIMP or xv can open the resulting image, or you can use ImageMagick or Netpbm to convert it.
You can see some examples of the results in our CDE screenshots.
It's certainly possible to compile new X11 libraries, but there's no easy install that I know of. I never bothered to do this since my machine does not usually run CDE.
Yes! ANS AIX 4.1.5 is more-or-less compatible with Ultimedia, IBM's relatively short-lived AIX multimedia platform. The smit packages from LCD4-0254-02 are known to be compatible (software product identifiers 5765-634 or 5765-393). This CD is labeled "Value Option for AIX 4.1.5" and is an IBM product. It may be the same as Ultimedia Services/6000 for AIX. Note that some of the utilities such as the video capture require hardware that was never available for the ANS, but the game updates should work with the exception of audio. Install them as you would any other smit package.
Once Ultimedia is installed, you can then download the games from our Gopher server. IBM only ported two to AIX 4.1, namely id Software's Quake and Crack dot Com's Abuse. The versions offered are just the demo versions; you will still need full game files to play the full game (I used the Mac Quake retail package). Again, there is no sound. Because they require 256 colours, they will mess up the colours of other running CDE applications until you quit. I do not recommend full-screen or high resolutions as even a 200MHz ANS will not handle that well.
Quake does allegedly have a non-Ultimedia build; see the documentation. Since I have an Ultimedia disc, I have never tried it. It may not run as well.
CDE is definitely required, so you must have that installed and running. I don't know if Ultimedia works with AIX 22.214.171.124 and installing it may mess up your operating system; you really should upgrade to 4.1.5 first.
The third and final game IBM ported was Quake 2, but it requires AIX 4.3 and won't run on the ANS. Ultimedia was ultimately (ahem) cancelled with the arrival of AIX 5L.
No system is secure, and old code doubly so. Nevertheless, with a little work, you can get your AIX ANS system to production security standards. Based on my experiences since 1998 with my stable of Network Servers, I've compiled a fairly rigourous pathway for doing just that -- note most of these apply to securing any system, of course.
Please note that even with this insurance, your system may still have theoretical vulnerabilities or vulnerabilities that are lurking but not yet apparent. While PPC AIX is not a big target, there are exploits in the wild for it, and I've had (alarmingly good) success with rootkits before. This seals most of the exploits I'm aware of and have personally managed to crack open, but any system you put out on an open network has the possibility of being 0wn3d, and if you choose to follow my guidelines, you do so at your own risk.
Also, while we're on the subject, consider /etc/no -o clean_partial_conns=1 to help further protect against SYN attacks.
Why, quite a few!