Slashdot Mirror
Previewing the Next Solaris OS
Eric Boutilier writes "Amy Rich has written an excellent Solaris Express (Solaris 10) how-to and general overview. It covers how the program works, using the community web site, and what's new in Solaris Express." Among many new features, the TCP/IP stack has been redesigned, IPv6 support improved, and both NFSv4 and USB 2.0 support added.
Good alternative for my boxes, diversity is good, to put along side my FreeBSD, NetBSD and Windows machines.
Now, all I need is a PowerBook and I'll be set.
(In case the first post is modded down to hell, that's what it said :-)
:-)
The market for Solaris is very different from Linux, it's datacentre-land, not home user. I still don't see it lasting too long though... One of the microsoft lines that really is true is that Linux is a larger threat to Unix than to MS, at the moment (MS forgot the 'at the moment' bit
Two wars: The desktop and the datacentre. Despite the cliche of fighting a war on two fronts, Linux is porbably uniquely positioned to fight a war on N fronts (where N is a positive, large integer). The way it's set up is to leverage groups of people whilst folding the advances back into the core.
SGI are turning to Linux, Sun will too. There'll be a few releases of both OS's first, though, IMHO.
Simon.
Physicists get Hadrons!
It covers how the program works
But can you run this program called Solaris 10 on Linux? Or do you need wine for that?
Yeah, apart from the much larger breadth of GNU tools, ssh and much higher performing threading model, 9 really sucked.
Do you hate having a large improvement in threaded performance too?
I know this is a trivial thing, but it's a real pain in the butt to have to use ksh all the time because most Solaris boxen I've worked on don't have Bash installed by default.
The same goes for OpenSSL and a bunch of other tools that would be great to have but that I cannot count on being there.
On the other front, having Gnome as a gui readily available is definitely deserving of kudos. If only I had more than ssh access to most of the boxes I work with, I could actually use it. We have Hummingbird Exceed, but it's such a HUGE pain to set up. Neither myself, a reasonably good programmer, nor any of the sysadmins at the very large bank where I work know how to set it up.
Alas.
-- Kevin J. Rice
Unitarian Church: Freethinkers Congregate!
I'm using Solaris at work, and I'm no fan of Gnome, but compared with CDE I'll pick it any day. ...in reality I'm actually running KDE 3.2, installed in my home directory :)
Don't know if your flaimbait was intentional or not, but you should have at least elaborated on why it's "god-awful". In my opinion, Gnome is far less awful than CDE. And although it is less feature-rich and configurable than KDE, its behaviour seems more consistent. That is what businesses and Solaris' market wants. Assuming that KDE is your awe inspiring desktop of course.
Sun's move from CDE to Gnome is a good move, if not from Solaris to Linux completely.
VIVA1023.com | Political Fashion.
Something like AFS which can scale across an entire enterprise.
Government of the people, by corporate executives, for corporate profits.
Nice, Solaris is getting devfs support . . . just as it is marked deprecated in Linux 2.6
Early in the morning CDE suffered a fatal heart attack and died during the night. It has finally been laid to rest. Nobody turned up to the funeral.
That's CDE on Solaris 8 -> Gnome Solaris 9 and the users love it. Needs a bit of stability tweaking though it isn't bad. Also a current revision would be nice.
Government of the people, by corporate executives, for corporate profits.
DTrace definitely seems to be worth checking out. As the article indicates, more info is available here.
As the article does not indicate -- but it seems to be worth mentioning -- DTrace was introduced in a comp.unix.solaris post here. Seems pretty damn cool...
Any OS that is out there that can take away from the 90%+ market share that Microsoft holds is a good thing.
Of course Microsoft's market share won't go down if this OS just replaces one *nix variant with another, but that's another story.
> By the way, the insides of a low-end-but-still-so-expensive Sun machine are so-o-o cheap, like IDE Seagate drives... why do they charge so much for them?
I agree. Especially if it is something they call a "server".
Although traditionally Sun called everything shipped without a graphics card for server. Back in the Sparc days a sparc4 server was cheaper than a sparc4 workstation. Same box basically, but one of them didnt have the graphics card..
Anyway, I have found that the low end workstations in their product line are really sad. IDE drives and terrible graphic cards. If you want something with the performance of a even semi-modern PC (P4 2.6 GHz) you have to buy a SunBlade 150+, and then shell out for a good enough graphics card just to get deacent 2D. Thats 2-3 times the price of the PC. And it's still not a high performer, just "almost-modern"
In the datacenter for a good while yet. Several years, at least 3 and probably longer. Basically the hardware is better than Intel for the non sparcified PC clones anyway. Bigger caches, more I/O, more memory bandwidth etc. Linux isn't yet trusted on this stuff and it won't kill Solaris off until 3-5 years after it is trusted on the big iron.
I have no problem with Solaris and Linux side by side and neither do the management. We are actively and with prejudice trying to kill off HP-UX as soon as possible though.
Government of the people, by corporate executives, for corporate profits.
> And when they finally got them here, one of
> the V100s did not boot.
> That's it, we almost ended up with a
> network-enabled FORTH compiler that cost us
> $1500.
My friend bought a new car, and the dealership accidentally gave him the wrong set of keys. That was it, he almost ended up with a sealed glass and metal box that cost him $35000.
One little tiny, easily rectified mistake does not mean the product sucks. If someone dismissed linux because they bought a preinstalled box which didn't boot because of a wrong jumper, would that mean linux was crappy? No. Of course not.
> I'm still glad we didn't wait for tech support
> to react (and I'm pretty sure it would take
> them several more weeks)
Have you ever *used* Sun support? To answer your later question, that's one of the reasons Sun are so expensive. They have great support. If you were on a decent support contract there could have been a guy with you inside an hour with a bag full of V100 parts. If you don't need support, go with linux/bsd or buy Sun kit off ebay.
Once more, FUD-ish Sun-bashing gets modded up as interesting/informative. Replies which dare to defend Sun are usually modded down. Flamebait, troll, whatever. (They should have a "-1 heresy" tag.)
All that, and don't forget it runs Solaris, thus making it almost impossible to use.
I've been using Unix-clones (BSD and Linux, now happy with SuSE) here and there for almost seven years now, not counting my first brief encounter with a real UNIX on a mainframe circa 1990. I've also read and highly recommend others to read The Unix Haters Handbook. Reading it in 2004 makes one cry over Windows that repeated the same mistakes all over again (note where the book resides), and, what's more important, it clearly shows that Suns have never become better ever since.
Personally I vote for two x86 servers at the cost of one SPARC.
___
On Slashdot, Russians comment on YOU!
The register has an old story about the new TCP/IP stack in Solaris 10, that is good reading.
A quick summary of the story:
The new stack has:
- Efficient at handling multiple NICs
- Low CPU usage (30% lower than Linux)
- Build for targeting 10/100 Gbps in the future. Has a new construction where it is possible to offload the cpu by routing packet to dedicated packet processing processors.
The last part seems like a preparation for the Sun hardware of tomorrow.
i try with solaris express and I find a cool feature called "ppriv" like this:
/usr/sbin/rpcbind
/etc/shadow /etc/shadow
gta3# ppriv $$
1124: bash
flags = 0x0
E: all
I: basic
P: all
L: all
Ok, so I am root I have all privileges I think
but now look at rpcbind, it is runnign as daemon but has less priviliges even than normal processes
gta3# ppriv 100182
100182:
flags = 0x2
E: net_privaddr,proc_fork,sys_nfs
I: none
P: net_privaddr,proc_fork,sys_nfs
L: all
see, it does not have privilege to do 'exec'... there are 30 or more privileges and it has only 3. So i guess this means some stack attack will not work against it like exec shell
also i can run and see privileges like thids
gta3$ ppriv -D -e cat
cat[100619]: missing privilege "file_dac_read" (euid = 77293, syscall = 225) needed at ufs_iaccess+0xd2
cat: cannot open
not sure what this means?
There is an alternative introduction on the main Solaris 10 page too. Eg:
The containers (previous called Solaris Zones) can also each have their own root password and own IP address, as well as min/max/QoS resource settings.
Dtrace probes was be the most important factor for our decision to upgrade all development servers to Solaris 10. We'll mostly skip Solaris 9, actually.
The fact is that we need as much insight in our processes as we can possibly get, as every little performance increase helps. Plus, we get to inspect possible sources of instability.
Typically our products interact with several third-party products, and the DTrace probes will be very useful in tracking down memory leaks and utilization details in such complex environments.
Sigged!
> Have you ever *used* Sun support?
I have tried to. When I started my first professional C++ project, I bought Sun C++ because at the time it had the reputation for being the best C++ compiler available. Unfortunately, the license key they send me didn't work, so I was unable to actually run the compiler. I spend the first three month of the project simply trying to make Sun send me a working license. And, to be able to do something meanwhile, I downloaded and installed G++ which obviously requires no license to run. After three months I decided g++ was "good enough" and stopped pestering Sun to deliver the goods I had already paid for. In any case g++ was quickly improving, and no new versions of Sun C++ were forthcomming (for years, I later learned).
Morale? Sometimes freedom is more cost efficient than technical quality and professional support. I have certainly since then tried to avoid dependence on single source suppliers of hardware, software or support.
BSD and Linux can use Systrace, which offers some similar process-level controls (can set execution system call profiles per application).
While Solaris has offered file level ACLs forever, they weren't used by default to protect critical system files and very few admins knew to enable them.
One of the things I like about Solaris (I still prefer OpenBSD) is the cool little security and debugging tools that are included in the default install -- when you don't have source, "truss" was a godsend, and "dtrace" takes debugging to a whole new level.
I do not deploy Linux. Ever.
I spent the better part of yesterday installing this thing on an old Ultra2 system. It's obvious why HP and IBM are eating Sun's lunch... you spend the better part of four hours installing the OS from the fancy new installer, cramming 3 CD's worth of stuff onto your system, only to reboot and find nothing was configured right, the drivers you need aren't installed, and none of the sexy stuff, like the Gnome 2.0 desktop, is anywhere to be found.
/etc and /var.
I toss the 10 installer CD, and slap in the "disk one" CD, which brings up the old installer program, an interactive text console straight from the '80s. Configure all my network interfaces, select the packages I want, and boom. An hour later, everything is properly installed and configured.
Also, Sun's GUI administration tool, smc, is broken out of the box. Couldn't get it to run for love or money. Admintool, the old GUI, was simply worthless, and remains so to this very day. As I was indoctrinated on the old SunOS 4.x, and spent many years administrating OpenBSD boxen, I'm used to vi anbd know my way around
Still, it's a long way from HP's SAM. And nothing HP puts in their install is broken. Except patch management, but I'm sure the mad sadists responsible for the system don't consider it broken, per se...
SoupIsGood Food
Seems like most people are missing one of the major points of having a Solaris workstation: development and platform scalability.
You can design, write, compile, and test an application on your little one or two-processor workstation. Once you're satisfied that it'll correctly calculate the national debt to 100 significant figures, you can copy it over *completely unchanged* to a 108-CPU Sun E15K and it will run exactly the same. Exactly. Just a little faster.
Platform scalability of that sort is not available from any other vendor that I know of. It's also darn nice when you've got a 4-CPU server that is swamped and want to upgrade to a 32-CPU box. You don't have to change anything. I know a sys-admin who once upgraded their machine by literally swapping out the boot drive. Not exactly elegant (and he didn't tell his boss how he did it so quickly), but it worked for him.
So, you're right: if you're looking for a desktop machine that'll run web browsers and still give you all the CLI goodness of a UNIX or a work-alike, you can get it cheaper elsewhere, although the difference is less than most people think. Have you priced one out recently? Really? Oh yeah, and the support is simply awesome.
--Mid
As someone sitting in front of a sun with a microsoft mouse (and yes, even the wheel works) i can say that is wrong.
Also, provided the usb device supports the mass storage spec, it will also work on a sun.
man scsa2usb
Did anyone else read this as s-uninstall? I was wondering why it was so important to include an uninstall option right away, and to feature it so prominently in the article. :-)
RTFA
Solaris Express is Sun's program to allow users to preview upcoming versions of Solaris. It IS NOT Solaris 10.
Now you know.
MD5? I prefer the support for BSD style Blowfish password hashes. Just set CRYPT_DEFAULT to '2a' in /etc/security/policy.conf
Q B8SkAr1 xKsUQIJIcK
/etc/shadow was a very nice addition. (Not to mention the extra thread performance, better ldap support (no more nis) and a few dozen other things.
so while the old crypt style sting looks like this:
Ely3JjNj4Vjz6
and the md5 hashes look like this:
$1$2ZIvIsPP$GqZ5GnNFOm1rgklvylPmP0
the new blowfish strings look like this:
$2a$04$TZ3DP5jgu9s7rbXTJ.i5P.lVl5HX1jWx3BR
(now if only i could find a niceacademic paper that discusses the relative advantages of each one)
I'm currently moving all of our systems from Solaris 8 to 9 and the support for md5 and blowfish in
I like the HP Superdome (hardware platform)for this reason: it can concurrently run HP-UX, RHE, and Windows2k3 in separate partitions. Can Sun hardware do that?
Sun hardware can do linux and Solaris, at least. Even midrange Sun hardware (4800-6800, and smaller systems going forward) can be split into virtual independent systems.
I've worked with HP-UX, and the new hardware seems way better than their old crap (though it's hot and power hungry), but I don't like the O/S much. Too geared to their buggy sysadmin gui, and too flaky in the way it stores patches. I have repeatedly seen HP-UX boxes die to the point of tape recovery during patch installs, I've never seen a Sun die on patching, or reach as unrecoverable a software state for any reason.
HP support is really, really, bad compared to Sun, as well. The Sun guys know what they are doing fix hardware, and offer advice on software stuff. The HP guys have trouble with the hardware and flee if you ask about software (and no, I'm not just talking about one or two techs, it's a pattern).
I don't think HP knows where it is going in hardware or O/S, either. They've changed their minds a few times in the last few years. Intel, PA-RISC, HP-UX, Linux...
You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
Better than sunfreeware.com, is blastwave.org
automatic package dependancy handling, bugtracking, and staffed by 30 volunteers instead of just 1 person.
Plus, 64bit versions of libraries, if you ever need that sort of thing.