Previewing the Next Solaris OS

Eric Boutilier writes "Amy Rich has written an excellent Solaris Express (Solaris 10) how-to and general overview. It covers how the program works, using the community web site, and what's new in Solaris Express." Among many new features, the TCP/IP stack has been redesigned, IPv6 support improved, and both NFSv4 and USB 2.0 support added.

Nice

[Anonymous Coward]

Good alternative for my boxes, diversity is good, to put along side my FreeBSD, NetBSD and Windows machines.

Now, all I need is a PowerBook and I'll be set.

Re:Gnome ?

[zz99]

I'm using Solaris at work, and I'm no fan of Gnome, but compared with CDE I'll pick it any day. ...in reality I'm actually running KDE 3.2, installed in my home directory :)

Re:Nice

[Anonymous Coward]

I did run Plan9 for a while, a REALLY REALLY technically cool system. However, the administration ellegance of the BSD's are unmatched, and I have used BSD for 10+ years so the things like remote TCP stacks and such never got used as I'm stuck in the old ways of thinking. :)

Darwin, isn't my thing, I'll wait for my PowerBook and run the real thing on it.

Linux, well, nothing against it. However, I'm not fond of the GNU GPL and LGPL so removed it from my list, though Debian looks like it is similar to the BSDs in regards to technical philosophy; but then there is the license philosophy, which doesn't fit my thinking.

SunOS, anyone?

[oujirou]

That reminds me how we tried to get ourselves a couple of V100s and got one V250 instead while our distributor was shipping our lil' V100s here.

And when they finally got them here, one of the V100s did not boot. It did all the nifty console bootstrapping and stuff, but didn't want to boot from the supposedly preinstalled SunOS on HDD or even from the installation CD.

But it had a built-in FORTH interpreter! It could download a program off the local network and run it!

That's it, we almost ended up with a network-enabled FORTH compiler that cost us $1500.

I'm still glad we didn't wait for tech support to react (and I'm pretty sure it would take them several more weeks) to this and just pulled the cover off the V100 and found out there was something wrong with jumpers on the HDD.

By the way, the insides of a low-end-but-still-so-expensive Sun machine are so-o-o cheap, like IDE Seagate drives... why do they charge so much for them?

Re:Solaris doesn't suck...

[zz99]

> SGI are turning to Linux, Sun will too. There'll be a few releases of both OS's first, though, IMHO.

There is the same story with the Sun hardware... the Ultrasparc architecture. It is hard for one company to keep up with development of their own CPU's for long. The latest word has been that they have put new core's on the ice, and instead try to spinn on the ones they already have.

It is hard to compete with the main stream hardware, and at the desktop it's definitely impossible to beat x86 at best bang for the buck. Soon it will be hard for Sun to beat them at best performance at all (performance regardess of price).

DTrace

[Anonymous Coward]

DTrace definitely seems to be worth checking out. As the article indicates, more info is available here [sun.com].
As the article does not indicate -- but it seems to be worth mentioning -- DTrace was introduced in a comp.unix.solaris post here [google.com]. Seems pretty damn cool...

Re:Solaris doesn't suck...

[dbIII]

The market for Solaris is very different from Linux, it's datacentre-land, not home user.

Linux is still a long way behind Solaris with things like NFS - massive speed differences. A home user isn't going to care much about NFS, which is probably the main reason why NFS still sucks under linux (though not so much in 2.6). I'm sure there's other things as well.

One of the microsoft lines that really is true is that Linux is a larger threat to Unix than to MS

I disagree. Linux is a bigger threat in server space, you have to remember that even after a decade NT et al are the upstart operating systems that have steadily been getting commodity PC hardware into server space - linux challenges that head on by providing a solid multiuser OS that runs on PC hardware, and does it much better than the steadily improving NT operating systems. You only run a Microsoft operating system if you want to run the programs that come with that platform or if you want to use cheap PC hardware as a server. Linux does threaten Microsoft in that way, and I suspect that has contibuted to them improving their software (security patches when they didn't care about them before, and the numerous new features in longhorn).

Re:SunOS, anyone?

[zz99]

> By the way, the insides of a low-end-but-still-so-expensive Sun machine are so-o-o cheap, like IDE Seagate drives... why do they charge so much for them?

I agree. Especially if it is something they call a "server".

Although traditionally Sun called everything shipped without a graphics card for server. Back in the Sparc days a sparc4 server was cheaper than a sparc4 workstation. Same box basically, but one of them didnt have the graphics card..

Anyway, I have found that the low end workstations in their product line are really sad. IDE drives and terrible graphic cards. If you want something with the performance of a even semi-modern PC (P4 2.6 GHz) you have to buy a SunBlade 150+, and then shell out for a good enough graphics card just to get deacent 2D. Thats 2-3 times the price of the PC. And it's still not a high performer, just "almost-modern"

Re:Solaris doesn't suck...

[__past__]

There are rumors that Sun might join forces with Fujitsu Siemens, i.e. closer collaboration of the UltraSparc and SPARC64 design teams. This would seem like a pretty smart move - if you make your processor arch publicly available, you might as well try to benefit from it. Two independent groups developing 64bit sparcs for servers is a little wastefull, and maintaining an alternative architecture is hard enough.

Re:SunOS, anyone?

[oujirou]

All that, and don't forget it runs Solaris, thus making it almost impossible to use.

I've been using Unix-clones (BSD and Linux, now happy with SuSE) here and there for almost seven years now, not counting my first brief encounter with a real UNIX on a mainframe circa 1990. I've also read and highly recommend others to read The Unix Haters Handbook [microsoft.com]. Reading it in 2004 makes one cry over Windows that repeated the same mistakes all over again (note where the book resides), and, what's more important, it clearly shows that Suns have never become better ever since.

Personally I vote for two x86 servers at the cost of one SPARC.

Fire Engine

[zz99]

The register has an old story [theregister.co.uk] about the new TCP/IP stack in Solaris 10, that is good reading.

A quick summary of the story:

The new stack has:
- Efficient at handling multiple NICs
- Low CPU usage (30% lower than Linux)
- Build for targeting 10/100 Gbps in the future. Has a new construction where it is possible to offload the cpu by routing packet to dedicated packet processing processors.

The last part seems like a preparation for the Sun hardware of tomorrow.

cool feature i am using

[Anonymous Coward]

i try with solaris express and I find a cool feature called "ppriv" like this:

gta3# ppriv $$
1124: bash
flags = 0x0
E: all
I: basic
P: all
L: all

Ok, so I am root I have all privileges I think

but now look at rpcbind, it is runnign as daemon but has less priviliges even than normal processes

gta3# ppriv 100182
100182: /usr/sbin/rpcbind
flags = 0x2
E: net_privaddr,proc_fork,sys_nfs
I: none
P: net_privaddr,proc_fork,sys_nfs
L: all

see, it does not have privilege to do 'exec'... there are 30 or more privileges and it has only 3. So i guess this means some stack attack will not work against it like exec shell

also i can run and see privileges like thids

gta3$ ppriv -D -e cat /etc/shadow
cat[100619]: missing privilege "file_dac_read" (euid = 77293, syscall = 225) needed at ufs_iaccess+0xd2
cat: cannot open /etc/shadow

not sure what this means?

Another intro to Solaris 10

[ChrisRijk]

Ace's Hardware had a post about Solaris 10 [aceshardware.com] back in November.

There is an alternative introduction on the main Solaris 10 page [sun.com] too. Eg:

N1 Grid Containers is a breakthrough approach to virtualization with multiple software partitions per single instance of the OS. N1 Grid Containers make consolidation simple, safe and secure.

* Superior Resource Utilization. N1 Grid Containers dynamically adjust resources to business goals within and across the container. With little management overhead (less than 1%), it offers over 4,000 containers per system.
* Increased Uptime. With N1 Grid Containers, applications are isolated from each other and from system faults. Using Instant Restart, each Container can be restarted in just seconds. Boot time in large systems can be reduced by as much as 70%.
* Reduced Costs. N1 Grid Containers simplifies and accelerates consolidation. It also significantly reduces system, admin and maintenance overhead.

The containers (previous called Solaris Zones) can also each have their own root password and own IP address, as well as min/max/QoS resource settings.

DTrace probes

[haggar]

Dtrace probes was be the most important factor for our decision to upgrade all development servers to Solaris 10. We'll mostly skip Solaris 9, actually.

The fact is that we need as much insight in our processes as we can possibly get, as every little performance increase helps. Plus, we get to inspect possible sources of instability.

Typically our products interact with several third-party products, and the DTrace probes will be very useful in tracking down memory leaks and utilization details in such complex environments.

Re:Nice

[Anonymous Coward]

You can use the TCP stack of a remote system, very neat, in fact, Plan9 is almost completeley distributable so you can use almost anything remotly.

This concept of remote TCP stacks is very useful for firewall policy etc.

Re:cool feature i am using

[Anonymous Coward]

Does Linux or BSD have ppriv? Or is this something new?

Re:Nice

[Anonymous Coward]

Yes, becuase I want the freedom to do so. While the GPL and LGPL is designed to remove my freedom to have those systems.

For example, as a kernel and driver developer these are very important issues, it might not matter to you, but it does to me. You might not agree to this, but that doesn't really mean I'm wrong, only that we have different views on freedom.

Think of it this way: The freedom of speech. The GNU GPL and LGPL is forcing you to speek even if you don't want to. You might think it's good, and that's you option, while Me, Myself & Irene want the liberity speek only when we want to.

I'm not saying you're all wrong, but Windows really does makes sense when you have to eat, or even just want to have fun.

The GPL is light being enlisted in the Vietnam war, or even the war agaist Iraq; you have to fight, even if it's a war you don't want. Maybe because I think there are other options, and that none are them are optimal. What looks good today might be the plague of tomorrow.

Just think about it.

Re:Solaris doesn't suck...

[chthon]

Anyone needing more than 8 CPU's ? Seriously, go to IBM/HP/Dell and then try to configure a system that has the same capacity as something from Sun. When you reach the same specs, you will most probably have the same price.

The only place where Sun is really threatened is in the real low-end, and for that space they also have now x86 based systems.

Is the Unisys/W2000 a contender with Sun in the 8-32 CPU space ? Not really, because all W2000 processes run in their own small protected space, whereas one application on Sun can take advantage of all CPU's on the system if necessary.

A happy Linux user, which happens to work with Solaris on his job.

Re:Solaris doesn't suck...

[4of12]

Linux is still a long way behind Solaris with things like NFS

Behind yes, but not a long way, and the gap has been closing over the past several years.

I'm really looking forward to performance and security of NFSv4, but am apprehensive that the setup [lwn.net] appears to be more complicated than just editing a couple files in /etc.

BTW, given all the recent hoopla over Sun's commitment to free and open source software, they ought to be recognized for sponsoring the CITI group at UMich [umich.edu] that had a lot to do with Linux NFSv4, and for sponsoring the Connectathon [connectathon.org] series of conferences that I'm hoping will make my Linux desktop NFS client interact better with my Sun NFS fileserver.

Privileges (was Re:cool feature i am using)

[Nonesuch]

Does Linux or BSD have ppriv? Or is this something new?

The closest thing to this that I have encountered is the kernel-level "Type Enforcement" in SecurOS, a BSD variant used for Secure Computing firewalls.

BSD and Linux can use Systrace, which offers some similar process-level controls (can set execution system call profiles per application).

While Solaris has offered file level ACLs forever, they weren't used by default to protect critical system files and very few admins knew to enable them.

One of the things I like about Solaris (I still prefer OpenBSD) is the cool little security and debugging tools that are included in the default install -- when you don't have source, "truss" was a godsend, and "dtrace" takes debugging to a whole new level.

Just installed 10 on Sparc yesterday.

[SoupIsGood Food]

I spent the better part of yesterday installing this thing on an old Ultra2 system. It's obvious why HP and IBM are eating Sun's lunch... you spend the better part of four hours installing the OS from the fancy new installer, cramming 3 CD's worth of stuff onto your system, only to reboot and find nothing was configured right, the drivers you need aren't installed, and none of the sexy stuff, like the Gnome 2.0 desktop, is anywhere to be found.

I toss the 10 installer CD, and slap in the "disk one" CD, which brings up the old installer program, an interactive text console straight from the '80s. Configure all my network interfaces, select the packages I want, and boom. An hour later, everything is properly installed and configured.

Also, Sun's GUI administration tool, smc, is broken out of the box. Couldn't get it to run for love or money. Admintool, the old GUI, was simply worthless, and remains so to this very day. As I was indoctrinated on the old SunOS 4.x, and spent many years administrating OpenBSD boxen, I'm used to vi anbd know my way around /etc and /var.

Still, it's a long way from HP's SAM. And nothing HP puts in their install is broken. Except patch management, but I'm sure the mad sadists responsible for the system don't consider it broken, per se...

SoupIsGood Food

Re:Solaris doesn't suck...

[Pengo]

Tell me the application that needs more than 8 CPU's that doesn't cluster? I won't go far on a limb to say -most-, but a LOT of new applications that are being developed on the enterprise are web based, or using web services. These applications are a natural fit for clustering.

Database you say? Take a look at 10g from oracle, it's built from the ground to cluster. DB2 does the same AFAIK.

If your stuck running SQL Server, your definately going to have a problem... but , I have little need to run our database systems on big iron. (We are right now testing our billing systems on oracle 10g running on Linux, thus far we are extremely impressed...)

I believe that a smart design can compensate for need for pig iron, most implimentations that require it either have way to big of a budget or lazy design which requires single image to scale.

Question on pricing

[Anonymous Coward]

Will Sun make solaris available for download, or will homeusers/students need to purchase the OS. I am talking for home use, not corporate. And I am talking about Intel, not Sparc.

Re:Solaris doesn't suck...

[bwy]

True, it is pretty obvious most folks here have never actually been in a corporate data center for a medium to large sized company.

When you see what these guys are doing with big boxes (Sun 6500's up to the 15K) you realize how much of apples and oranges this dicussion really is. Anyobody who thinks that Linux on Intel is a threat to this type of a market is crazy.

That being said, Linux is making a little ground on other architectures, but to be honest I haven't seen a single customer yet who is actually doing it in production- to spite all the IBM commercials on TV. I was working at a client site this week where they are trying to get Linux set up under Z OS on the 390 (runs under Z OS similar to how Unix System Services runs, I believe.) I don't think they'll go with this solution though since Websphere comes well integrated into Unix System Services and is a well maintained and supported platform-stable as hell and not a change management nightmare. The only advantage to running Linux up there is the fact that it apparently uses ASCII encoding instead of EBCDIC- which can cause a nightmare porting Unix apps to Unix System Services.

bleahh

[junkgoof]

Sun hardware can do linux and Solaris, at least. Even midrange Sun hardware (4800-6800, and smaller systems going forward) can be split into virtual independent systems.

I've worked with HP-UX, and the new hardware seems way better than their old crap (though it's hot and power hungry), but I don't like the O/S much. Too geared to their buggy sysadmin gui, and too flaky in the way it stores patches. I have repeatedly seen HP-UX boxes die to the point of tape recovery during patch installs, I've never seen a Sun die on patching, or reach as unrecoverable a software state for any reason.

HP support is really, really, bad compared to Sun, as well. The Sun guys know what they are doing fix hardware, and offer advice on software stuff. The HP guys have trouble with the hardware and flee if you ask about software (and no, I'm not just talking about one or two techs, it's a pattern).

I don't think HP knows where it is going in hardware or O/S, either. They've changed their minds a few times in the last few years. Intel, PA-RISC, HP-UX, Linux...

Re:aargh!

[Anonymous Coward]

I'm not sure this is a really pressing issue,
is it? I mean, this would only seem to be an
issue for people who are mobile *and* are
crossing timezones *while* they are using their
system. That's a pretty small group of people.
Then again, maybe I'm just not seeing something
here.