Solaris vs The World. So everyone seems to be jumping on this whole Open Source bandwagon, or at least trying to take advantage of it. OS X did what few do and completely revamped their entire OS, deciding to go with BSD (my favorite) as the underlying infrastructure. Vista, white they stole a lot of their visual styles and interface widgets from OS X, are making the move to become more like Open Source OS’ by implementing (yes I know, bad) User Access Control, and a new command shell with scripting ability. Microsoft has even bought out Sysinternals and made their OS tools their own, tools which all have a very *nix feel to them.
Sun has been trying to emulate a lot of what BSD has been doing for years, and yes, in some cases they actually do it better. Take BSD jails for instance. They have been around since like 2000? Something like that. Sun eventually came out with their own variant, Solaris Zones. Now I do admit, Zones have much more granular control than jails do.
And now Sun has publicly released their OpenSolaris OS which is still based on the Solaris kernel, but has been a collaborative development project involving many Open Source developers and software platforms. They implement modern *nix desktops such as GNOME and a brand new package managment facility that is supposed to be similar to many linux package managers.
This is great. Sun does do a good job on the underlying OS, where they’ve historically had many problems (and problems that I deal with every day) is in applicaiton development and support. For example I don’t know a Sun admin who actually runs Sun’s IPF module (except us lol) because of all the problems with it. So trashing all that and replacing it with OS software is a good idea.
What I’m interested to see with the new OS, and no one has commented on this yet, is if Sun has implemented a headless install option. If you’ve ever tried to do this with Solaris, you know what I’m talking about. They have so tightly integrated their java desktop and other packages, that the dependancy resolution will take you years to figure out…and there’s no easy way to go about it either. So if you happen to be using a Console connection through a 9600 baud terminal server…it really takes hours to figure out that there is no way in hell it will let you strip off the packages you don’t need. Any literature that I’ve read on this subject recommends just installing everything, and turning down services you don’t need.
From a security perspective, in my eyes, packages you don’t need introduce variables and potential security holes that really have no place on a secure system. Many of my FreeBSD boxes which service only one purpose (such as a db server) have about 5 packages installed on them. Easy to maintain, easy to audit. Look at the process table once and you have it memorized. You will instantly know if something is ‘off’.
Sun, if you are reading this, please please please implement a headless install option.