Previewing the Next Solaris OS
Eric Boutilier writes "Amy Rich has written an excellent Solaris Express (Solaris 10) how-to and general overview. It covers how the program works, using the community web site, and what's new in Solaris Express." Among many new features, the TCP/IP stack has been redesigned, IPv6 support improved, and both NFSv4 and USB 2.0 support added.
I'm using Solaris at work, and I'm no fan of Gnome, but compared with CDE I'll pick it any day. ...in reality I'm actually running KDE 3.2, installed in my home directory :)
DTrace definitely seems to be worth checking out. As the article indicates, more info is available here.
As the article does not indicate -- but it seems to be worth mentioning -- DTrace was introduced in a comp.unix.solaris post here. Seems pretty damn cool...
There are rumors that Sun might join forces with Fujitsu Siemens, i.e. closer collaboration of the UltraSparc and SPARC64 design teams. This would seem like a pretty smart move - if you make your processor arch publicly available, you might as well try to benefit from it. Two independent groups developing 64bit sparcs for servers is a little wastefull, and maintaining an alternative architecture is hard enough.
Programming can be fun again. Film at 11.
The register has an old story about the new TCP/IP stack in Solaris 10, that is good reading.
A quick summary of the story:
The new stack has:
- Efficient at handling multiple NICs
- Low CPU usage (30% lower than Linux)
- Build for targeting 10/100 Gbps in the future. Has a new construction where it is possible to offload the cpu by routing packet to dedicated packet processing processors.
The last part seems like a preparation for the Sun hardware of tomorrow.
i try with solaris express and I find a cool feature called "ppriv" like this:
/usr/sbin/rpcbind
/etc/shadow /etc/shadow
gta3# ppriv $$
1124: bash
flags = 0x0
E: all
I: basic
P: all
L: all
Ok, so I am root I have all privileges I think
but now look at rpcbind, it is runnign as daemon but has less priviliges even than normal processes
gta3# ppriv 100182
100182:
flags = 0x2
E: net_privaddr,proc_fork,sys_nfs
I: none
P: net_privaddr,proc_fork,sys_nfs
L: all
see, it does not have privilege to do 'exec'... there are 30 or more privileges and it has only 3. So i guess this means some stack attack will not work against it like exec shell
also i can run and see privileges like thids
gta3$ ppriv -D -e cat
cat[100619]: missing privilege "file_dac_read" (euid = 77293, syscall = 225) needed at ufs_iaccess+0xd2
cat: cannot open
not sure what this means?
There is an alternative introduction on the main Solaris 10 page too. Eg:
The containers (previous called Solaris Zones) can also each have their own root password and own IP address, as well as min/max/QoS resource settings.
Dtrace probes was be the most important factor for our decision to upgrade all development servers to Solaris 10. We'll mostly skip Solaris 9, actually.
The fact is that we need as much insight in our processes as we can possibly get, as every little performance increase helps. Plus, we get to inspect possible sources of instability.
Typically our products interact with several third-party products, and the DTrace probes will be very useful in tracking down memory leaks and utilization details in such complex environments.
Sigged!
Anyone needing more than 8 CPU's ? Seriously, go to IBM/HP/Dell and then try to configure a system that has the same capacity as something from Sun. When you reach the same specs, you will most probably have the same price.
The only place where Sun is really threatened is in the real low-end, and for that space they also have now x86 based systems.
Is the Unisys/W2000 a contender with Sun in the 8-32 CPU space ? Not really, because all W2000 processes run in their own small protected space, whereas one application on Sun can take advantage of all CPU's on the system if necessary.
A happy Linux user, which happens to work with Solaris on his job.
Linux is still a long way behind Solaris with things like NFS
Behind yes, but not a long way, and the gap has been closing over the past several years.
I'm really looking forward to performance and security of NFSv4, but am apprehensive that the setup appears to be more complicated than just editing a couple files in /etc.
BTW, given all the recent hoopla over Sun's commitment to free and open source software, they ought to be recognized for sponsoring the CITI group at UMich that had a lot to do with Linux NFSv4, and for sponsoring the Connectathon series of conferences that I'm hoping will make my Linux desktop NFS client interact better with my Sun NFS fileserver.
"Provided by the management for your protection."