"Perhaps due to Oracle's practice of putting beta testers under non-disclosure agreements, or possibly because essentially no tech journalists ever read OpenBSD developer-focused mailing lists, Oracle's PF plans have not generated much attention in the press."
Or, perhaps it's because Solaris doesn't matter to anyone anymore.
I just spent a week, or so, updating our installer for Solaris, which is the first time I've spent any time on Solaris in a long while. I was surprised by how far behind everything is, and how difficult it is to find people actually doing things with Solaris, anymore.
The CSW and spec-files-extra, repositories are all but unmaintained and have been for years, and thus includes packages that are insecure by default. Sun Freeware is now a commercial service, that is expensive enough for me to assume they only have a few hundred users (tops). Installing anything beyond a bare bones AMP stack is an exercise in frustration unlike anything I've ever seen (and I've been messing with UNIX and Linux systems for 20+ years).
Solaris 11 currently has outdated everything. The Open Source community that had sprung up around Solaris during the early OpenSolaris years has fled to Illumos-based distributions (or to Linux or the BSDs, I guess; they certainly aren't working on Solaris, anymore), none of which have the resources to even compete with a modern Linux or even the BSDs in terms of number of people working on making it nice, modern, and easy to deploy.
In short, Solaris is a wasteland. Oracle seems to just be milking the remaining corporate users until the cash cow falls over dead.
Cool. I've seen that in the past, but didn't think of it for this situation. Reading the docs for pkgsrc on Solaris does not give me a high level of confidence it'll work on current Solaris systems (it covers Solaris 10 and mentions stuff that I know does not apply to current Solaris).
But, I might actually want to try it on Mac OS X. I've been working on making our installer work on Mac OS X with Mac Ports, but that's been pretty rough (though mostly not due to Mac Ports problems...Mac OS X is simply not an acceptable substitute for UNIX or Linux and the documentation for server-oriented stuff is either non-existent or woefully out of date).
pkgsrc should still work on Solaris 10, and there are a few people in the community continuing to provide patches for it, but obviously a lot of us have moved onto illumos so the support and documentation isn't going to be as good. That said, the aim of pkgsrc is to support every system possible, so we will always welcome contributions.
I guess I wasn't clear...I need it for current Solaris 11.x. Which the pkgsrc docs don't seem to match.
But, I'll have a look at it. pkgsrc does seem promising, and something I've looked into in the past (particularly for systems that have poor package management).
I wrote about this, after spending a few days looking into Homebrew. Homebrew is not just a bad package manager, it is a dangerous package manager. No one should be using it on a server, ever. Server use is all I care about.
I would love to just have one package manager for all these systems. If the adoption of pkgsrc takes off, I'll be very happy to delete my brew install. Every time it updates, I wonder if its such a great idea ..
I imagine illumos might switch to pf too, it is the only OS that people are writing new applications for - Oracle's Solaris is basically there for running Oracle apps on, and no one cares about it for anything else.
Use to be a Systems Librarian in a Academic Library. Libraries throughout the country are still running SPARC servers for applications that are still in production. Linux wasn't an option till just 8 eight years ago and libraries pay tens of thousands of dollars a year (About $.50 a book) for the content management systems.
Nothing in Library Science Technology is new! That is the reason why I am a former :) It was 100% frustration with old technology and no new solutions.
Except the Open Source options which the commercial companies did everything they could to bad mouth Open Source anything. So if I mentioned something the first three questions always included, "Is it Open Sourced." As in scary and I had a great relationship with my boss.
+1. Oracle bought Sun and we (a bunch of experienced Solaris admins running in-house stuff in Java) ran screaming to Linux.
Our remaining Solaris is two Niagara boxes running Oracle dev and live, and those will be moving to Red Hat assuming our project to replace Oracle with Postgres doesn't finish first.
It's a pity, Solaris 10 was really pretty nice for a Solaris.
I remember after the Sun acquisition some suit from Oracle was giving a very cheerful presentation about business transformation and how it's similar to racing sailboats.
One of the points that he seemed particularly proud of was the strategy for migrating Sun business systems: turn them off and see who screamed. I guess one incident derailed all customer deliveries in Europe for a month, but who cares, they met their transformation schedule!
In many cases you kinda have to buy Oracle software. Buying the hardware is pure insanity.
>In many cases you kinda have to buy Oracle software. Buying the hardware is pure insanity.
The one thing nailing us to Oracle is proprietary vendorware we utterly rely upon ... and that's ramping up its Postgres support. Which we will be diving upon with great glee.
It seems extremely fragmented, and far too small of a community to be able to afford to be fragmented.
SmartOS, as noted in another comment, is not a general purpose OS. It seems to have the most convincing story behind it for why you might choose it over Linux (but, it hasn't convinced me to do so). And, it has perhaps the largest organization behind it (Joyent).
Honestly, though, they all seem to be niche products or projects. There just isn't the kind of large community one would need to compete with Linux or even the BSDs. If it were a community that was growing, it would be less of an issue, but everyone involved seems to be old-school Solaris geeks who just want to keep working on what they know. Which is fine, and I hope it goes well for them. But, it doesn't look like the future (once again, I think SmartOS has the most compelling story for IllumOS having some small piece of the future).
> If it were a community that was growing, it would be less of an issue, but everyone involved seems to be old-school Solaris geeks who just want to keep working on what they know.
This is anecdotal data vs. anecdotal data, but I'm pretty sure the Illumos community is growing, and at an appreciable pace.
I hang out in several Illumos related IRC channels, and all of them have been gaining users over the past few years. I personally am a "recent" convert, inasmuch as I had limited exposure to Solaris, and did not make the jump to it (or rather Illumos-based) being a preferred distribution until the days of SmartOS and OmniOS.
Many coworkers of mine that have had little or no exposure to Sun/Oracle Solaris are now converts to SmartOS/OmniOS.
As far as company backing, besides Joyent, they also have Delphix, Nexenta, and Lucera. It's not like Joyent is the sole light in the darkness here.
I also don't really get the feeling that it is fragmented - you have two main distributions used by the largest groups of people in SmartOS and OmniOS, but even within those and the other open source versions/proprietary appliances, there's quite a bit of coordination and work to improve illumos on the whole. I don't think anyone in the community is unaware of the fact that the whole thing is smaller, and that they need to need to work together to keep things healthy.
I've come to the illumos ecosystem about three years ago. First for SmartOS and ZFS. Now i know more about the great tech if offers like zones, dtrace and so on and use it nearly on all our servers.
I know others are joining the community as well as hanging around on irc shows. It definitly is a smaller community than linux or the BSDs but it is growing.
Also a lot of interesting systems development is happening (lx-branded zones, overlay networking, ...) in illumos and it is the upstream of openzfs.
Besides SmartOS a more classical server distribution to consider would be OmniOS [1].
For a storage appliance one might want nexentastor.
Distributions of illumos are more purpose-built than linux distributions. They differentiate more by use-case than by package management. Yet they all consume and contribute to illumos and what might look fragemented is not much of an issue for the community itself.
Can SmartOS itself run as a SmartOS VM with an independent kernel, alongside Linux or FreeBSD VMs, all on top of SmartOS? It's a bit confusing to call something with a VMM an "OS".
SmartOS offers two ways to host VMs: Zones & KVM.
Zones is os-virtualization, so you run SmartOS zones on SmartOS but it uses the same kernel.
KVM is hardware virtualization and allows you to run other operating systems on top. So you can have Linux, FreeBSD, Windows or even nested SmartOS with a different kernel running inside.
So zones make running nested SmartOS with KVM a bit uncommen. While possible there are not that many use cases besides development on the system itself.
> Do you know, what is the state of the illumos ecosystem? What are the major distributions? Is SmartOS on top there?
The only place I've ever seem Illumos mentioned is in the ZFS community as a OS where ZFS is fully supported and fully integrated.
It seems like the majority of the ZFS crowd prefers running FreeNAS, NAS4Free or ZOL instead. So the only place I've ever seen Illumos mentioned, it still seems like a niché product.
It seems your complaint is that it's not Linux or some other OSS project. As far as what I want from a server, Solaris is competitive with everything. When something goes wrong it's very clear about what has happened. Out of the box and with no fiddling required, it supports all the reliability features of the hardware. The ZFS filesystem is state of the art and they've utilized it's features quite ingeniously to provide some of the cleverest OS patching and boot drive administration anywhere. And, in my experience, Oracle support is vastly better than Red Hat support. The pkg system is well thought out.
Sure, it's "different" and not "cool", but it is a good product and has some really solid engineering and design behind it. People just need to understand that it's not a desktop OS.
I perhaps should have wrapped that in some kind of disclaimer about the markets in which I think Solaris doesn't matter anymore. Though I stand by the argument that Oracle doesn't care about Solaris enough to keep it alive as a viable competitor to Linux.
The specific market I care about is web application service and development. And, in that market Solaris is so close to dead that it doesn't even matter if it's still breathing (unless you develop with Java against an Oracle database).
This is relevant because Sun and Solaris backed by Oracle databases owned the first generation of the web. They've lost it, and are exhibiting no effort to regain it, or even hold the last remaining bits of the market they still have.
And, I think it's relevant that so few people know Solaris. I'm reasonably comfortable with it, as I cut my teeth in the sysadmin world when Sun systems still showed up now and then. But, it's been more than a decade since I've seen a Sun in the wild. Lack of new developers and new IT folks working with Solaris systems virtually guarantees it will continue to become less popular. Nobody starting a new web or mobile app thinks, "I know, I'll buy a bunch of Sun servers!"
So, I think you're arguing that Solaris is "good", while I'm arguing that it is irrelevant. We can both be right.
It's my understanding that Oracle's RDBMS is developed on Solaris. Is that still the case? An oracle dba told me (years ago) that if you are going to run Oracle, you should run it on Solaris because any problems are fixed there first.
Oracle launched their own Linux distribution several years ago; basically a from source rebuild of RHEL.
Given how they're treating Solaris, and the lack of resources they are devoting to it, I would wager that it is no longer the case.
Frankly, I'm surprised at the lack of care Oracle seems to exhibit toward Solaris. When the acquisition happened, I assumed the worst for most elements of Sun's business, particularly their Open Source efforts, but I didn't think they'd let Solaris just die, which seems to be what they're doing.
In short, Solaris is a wasteland. Oracle seems to just be
milking the remaining corporate users until the cash cow
falls over dead.
I can't even begin to fathom how you say that given the addition of OpenStack and a large set of other components for it in Solaris 11.2. Or the new virtualization options such as Kernel Zones, etc.
Quite frankly, it's quite the opposite of what you describe. Oracle has been hiring aggressively for Solaris since the acquisition and has been making significant investments in Solaris technology, which shouldn't be surprising given their continued investment in SPARC.
If what you say is true, where has the community gone?
I have been involved UNIX system administration and development for 20+ years. It has never been this lonely in the Solaris community. All of the Open Source packaging projects are effectively dead, due to lack of volunteer. While there used to frequently be Solaris instructions for most Open Source stuff, none of it those docs have been updated in 5-10 years, and nothing new has supported Solaris in a similar time span.
It may just be that Solaris is a wasteland in the space that I care about (web service, primarily). Maybe there are niche markets where Solaris doesn't look like a completely ridiculous choice compared to Linux.
As should be apparent, Oracle is focused on the high-end server market and those that have strict reliability and high scalability requirements; inevitably, that means that much of the community that is focused on commodity hardware is going to be less interested given pricing and focus.
I'm not sure what open source packaging projects you're referring to; the image packaging system itself is still quite alive and still open source and available at https://java.net/projects/ips
If you're referring to the general availability of open source software on Solaris, the reality is that the vast majority of compiles and works on Solaris. A large amount of effort has gone into and continues to go into making it easier to build and use general FOSS on Solaris.
In addition to that, based on customer demand and business requirements, FOSS components are integrated into Solaris and updated.
As for "completely ridiculous choice", I think that's an odd thing to say. Solaris has zones, ZFS, image packaging, openstack, and many other compelling technologies (third party or otherwise) that are still being actively developed and improved. Performance and reliability are pretty important attributes for an operating system.
Used to be that if you wanted a desktop *nix you grabbed a Solaris box. Now i think it is more and more RHEL that is filling that niche (Apple's shenanigans may work in academia and media production, but it will not fly in corporate/government circles).
Don't you mean Ubuntu? Debian based distributions are far and away the most popular desktop *nixes(other than OS X). RHEL is mainly confined to the server AFAIK.
We probably live in different multiverse universes. Where I am, OSX has really become the OS of choice by people doing tech work in industry/enterprise. I see glowing apples everywhere.
The Apple in academia, media meme feels like a Rick Astley video on repeat decade after decade.
I see what you mean, but on the other hand Apple does have a big advantage, because their system is so homogenous. It's every easy for IT to support a fleet of macbooks.
It's really popular with ruby community not only rails, and from there I think it spread somewhat to node but I outside those I think linux is a lot more popular.
The sexy OSX-running hardware can also be set up just fine, and quite comfortably, as a Windows device. The folks I see toting OSX machines are mostly using it as a shell for their Windows VM's.
Myself, I've got a 50/50 split between OSX and Linux. It works okay to switch between the systems, of course KISS principle applies ..
As Linux advocate myself, I was surprised to see Stack overflow's statistics[1] showing Linux being on par with OSX among the SO user-base. That was honestly more than I expected.
Where I live, I mostly see Lenovo's or Dell's running Windows. There has been an increase in Macbooks but it's nowhere near the norm.
Linux of any kind however... I've seen maybe two times in a corporate setting or at the developer conferences I've attended the last two years.
Where I work, I literally feel like the only guy at all running Linux. There's clearly huge geographical variations at play here.
3/4 Cisco, VMWare and other enterprise vendor reps that I've seen in the last year have a MacBook Air or iPad. I've even seen a Mac with an IBM asset tag in public!
"2.2 should prove to be significantly more scalable than OpenBSD, since we have SMP-capable pf now, which isn't doable in OpenBSD (and will likely be a number of years until it is). Plus AES-NI, more coming soon. https://blog.pfsense.org/?p=1473
Bug fixes are brought over into FreeBSD from OpenBSD as needed (sometimes by us, sometimes by others), though FreeBSD pf is essentially a fork at this point since making it SMP-capable changed things significantly. It's mostly separately-maintained at this point."
2.2 should prove to be significantly more scalable than OpenBSD, since we have SMP-capable pf now, which isn't doable in OpenBSD
I don't think Solaris needs very high performance (aka SMP-capable) pf.
People want SMP for pf because they want to push bytes thru a firewall. That sort of application probably isn't important for Solaris anymore. But that's just my conjecture, I don't really follow Solaris much nowadays.
So if ultimate performance isn't absolutely necessary, why not start with the original source, aka OpenBSD?
possibly because essentially no tech journalists
ever read OpenBSD developer-focused mailing lists,
Oracle's PF plans have not generated much
attention in the press
But that glosses over the obscurity of the mailing list post. I skim the OpenBSD tech list, and I also overlooked this post. Why? Here's the title:
pfi_kif leaks for PBR rules
That doesn't scream "read me" to casual observers, does it?
As for support for the "reveal" in the title, the mailing list post goes on to say:
also for your info: IPF in Solaris is on its
death row. PF in 11.3 release will be available
as optional firewall. We hope to make PF default
(and only firewall) in Solaris 12. You've made
excellent job, your PF is crystal-clear design.
The IPF packet filter currently in Solaris was originally also in OpenBSD. It was replaced by pf in 2001 after the IPF author started playing games with the copyright.
IIRC, there's work going on in FreeBSD port its multithreading patches up to the latest version of pf. Hopefully the extra resources brought by Solaris using pf will help make that a reality.
What a ridiculous statement, Jim. FreeBSD PF has to run on multiple cores just to get less performance than OpenBSD PF gets with a single core. On the same machine, same config. TODAY.
In this post, you rightly call out Reyk Floeter for being so butt-hurt about if_trunk. It's not like anyone in OpenBSD sits around crediting Garrett Wollman for writing the if_vlan driver that I ported, or that anyone credits me for various improvements before porting to NetBSD, or that anyone credits Reyk for the if_vxlan driver, and so on. Why? Because NOBODY FUCKING CARES. If someone cares, they'll look at the revision history.
So, you said something that I generally agree with. But then you also say "It clearly shows that OpenBSD’s “pf” isn’t anywhere near as fast (even on a single CPU) as the other popular firewalls." You put quotes around pf, like it's laughable, despite it being the definitive implementation!
What you miss, is that FreeBSD pf (compared to OpenBSD pf) isn't keeping up. It's missing features, and it's slow. Maybe NPF is the true winner here. FreeBSD's pf is not.
I run 10GbE Myricom cards, one of the few OpenBSD NIC drivers that isn't part of the giant lock. I do 10GbE NAT across multiple boxes for my network. Right now, OpenBSD is at a point where I won't need to upgrade hardware for some years, as performance is simply increasing, incrementally, to where I'll be doing NAT and routing across all cores as my traffic load increases. (Now that's Just-In-Time technology :)
Perhaps it's sad to people like you that OpenBSD has lagged so far behind in areas like this. For me, it's not sad at all, it is not only fun, but the overall system is so much better than FreeBSD could ever be, I have no regrets. It's very, very nice. Within two years I think we'll see huge performance gains on OpenBSD's networking code under SMP, and FreeBSD will be left behind because of arrogance like this.
Now, pfSense has a particularly bad and slow web interface. In fact, it has gotten so bad over the years, it can't even run (in any usable sense) on hardware that you used to sell for the better part of a decade. I don't understand why you don't spend your resources to fix your house, instead of criticizing people who are fixing their own.
Well, I guess all that talk on the BSD Now podcast a few weeks ago was nonsense then? I'll go back listen to them again and pick out the episode along with a timestamp, if you'd like.
Anyhow, I'm not referring to the OpenBSD performance improvements being a reason to port it over. You're right: it isn't an issue for FreeBSD. However, it benefits FreeBSD if the version of pf used is simply OpenBSD pf with SMP support and a few other bits because that means that means less stuff to maintain.
If they really have diverged that much, the effort to merge them (if even possible from an architectural point of view) gets you a lot of maintenance on both sides.
(Not to talk of the personal issues that obviously exist)
Peter is not an OpenBSD developer, not that it matters.. you take every opportunity to take a jab at OpenBSD, even though you profit from it in pfsense.
No, he profits from FreeBSD's fork of pf which is faster than OpenBSD's. These pf versions are diverging a lot; they should be considered separate projects much like how OpenBSD and FreeBSD have similar ancestry but aren't the same OS.
Or, perhaps it's because Solaris doesn't matter to anyone anymore.
I just spent a week, or so, updating our installer for Solaris, which is the first time I've spent any time on Solaris in a long while. I was surprised by how far behind everything is, and how difficult it is to find people actually doing things with Solaris, anymore.
The CSW and spec-files-extra, repositories are all but unmaintained and have been for years, and thus includes packages that are insecure by default. Sun Freeware is now a commercial service, that is expensive enough for me to assume they only have a few hundred users (tops). Installing anything beyond a bare bones AMP stack is an exercise in frustration unlike anything I've ever seen (and I've been messing with UNIX and Linux systems for 20+ years).
Solaris 11 currently has outdated everything. The Open Source community that had sprung up around Solaris during the early OpenSolaris years has fled to Illumos-based distributions (or to Linux or the BSDs, I guess; they certainly aren't working on Solaris, anymore), none of which have the resources to even compete with a modern Linux or even the BSDs in terms of number of people working on making it nice, modern, and easy to deploy.
In short, Solaris is a wasteland. Oracle seems to just be milking the remaining corporate users until the cash cow falls over dead.