A recent InfoWorld article asks whether Solaris is going to be able to continue to compete with Linux. Apparently someone from the Linux community pointed Paul Krill, the author, to my earlier blog article about the earlier issue that I wrote about with OpenDS and he asked me about it. While I didn’t really want to bring that up again, I did tell him that I felt Solaris is a better OS than Linux. I was briefly quoted in the article, but I would like to expand on that a bit.
First, let me say that I’ve got a pretty decent amount of experience with both Solaris and Linux. I started using Linux in 1995 and Solaris around 1998. Linux was my primary desktop operating system from probably around 1997 through about 2004, when I switched to Solaris. I still run Linux quite a bit, including on my laptop out of necessity (primarily because Solaris doesn’t support the Broadcom Ethernet interface), but for the work that I do, which is primarily development, I find that Solaris is just more convenient. On servers, there is no question that I prefer Solaris over Linux.
My fondness for Solaris definitely did not come easy, nor was it always warranted. My first experiences were pretty unpleasant compared with Linux. For many years, Solaris was anything but user friendly, providing only relatively antiquated shells and shipping without critical utilities like gzip or a C compiler. CDE remained the default desktop environment for far too long, and it wasn’t easy to come by a lot of software that was commonly included with Linux distributions. And of course, I’m sure that Sun’s decision to stop shipping Solaris for x86 systems for a period of time seriously hindered its usability and probably steered a number of potential customers away.
However, my opinion started to sway as Solaris 10 started to materialize. Being a Sun employee, I had access to internal builds and I started to check them out. Months before it was released to the public, I had changed my tune. It was a serious leap forward in usability and convenience, and the new features were very compelling. Since then, I’ve followed the development of Solaris 10, Nevada (the code name for what may become Solaris 11), and OpenSolaris.
It’s a lot easier to see why Linux may be more appealing than Solaris on the desktop. Linux has better hardware support, so it will run on a lot more systems than Solaris. Availability of applications can also be an issue, but I think in many cases that’s somewhat due to lack of publicity. Many people haven’t heard about Nexenta (which is very much like Ubuntu Linux but with a Solaris kernel) or Blastwave (a site providing a large amount of Solaris software using a relatively simple interface that behaves like apt-get), and if you’re running Sun’s OpenSolaris distribution then you can use IPS to get access to a number of applications in a similar method. But even so, there is just more software that works on Linux (or works more easily on Linux) than on Solaris.
However, there are a lot of reasons that I prefer Solaris and am willing to overlook some of its shortcomings. I’ve listed some of them below. Note that I’m not trying to slam Linux. I do like it and hope that it continues to improve. Consider this a wish list.
Overall Feel and Consistency
Linux feels like it was written. Solaris feels like it was designed. While I think that Sun’s development processes can sometimes be a little heavyweight, and I think that Sun is trying to retain too much control over OpenSolaris, there is a lot to be said for having processes in place to guide development.
Unfortunately, this isn’t something that Linux can simply adopt. Linux isn’t one thing and there isn’t any one organization controlling any significant part of it. As Solaris integrates an increasing amount of third-party software, it will likely also begin to suffer from this somewhat although perhaps to a lesser extent because there are still some things that can be made a bit more common.
This is an area where Solaris shines and Linux is just plain abysmal. If an application runs on Solaris version X, then there’s an excellent chance it will work on version X+1. This is far from true on Linux. I’ve had countless experiences where an application that worked on one release of Red Hat or Ubuntu didn’t work on the next. In some of those cases, recompiling the application was sufficient to get it running, but there are still a lot of cases where that’s not enough, and sometimes the source isn’t available to even try.
Seamless 32-bit and 64-bit Integration
Solaris has had 64-bit support since Solaris 7, and I know that I was testing 64-bit Solaris on x86-64 systems before the Linux kernel had 64-bit support for those systems. Of course, Linux has included support for x86-64 systems for a while now, but the bigger issue with 32-bit versus 64-bit support in Linux is that it’s generally one or the other. If you install a 64-bit Linux distribution, then it’s generally entirely 64-bit and may not even include the ability to run 32-bit applications at all, at least not without installing additional packages.
This leads to silliness like 64-bit web browsers and complaints about lack of 64-bit plugins. I don’t see much need for a browser to support over 4GB of memory, which is the primary benefit for 64-bit applications. There are a few other cases where 64-bit support may be beneficial (e.g., having access to more CPU registers), but they are primarily beneficial for applications that need to do a lot of calculation or cryptography.
It’s true that Sun should have provided a 64-bit Java plugin, and plugin providers are equally to blame for the same infraction. However, if 32-bit and 64-bit support had been better integrated then only applications which truly benefit from 64-bit support would really need to be provided as such.
Process Rights Management
In both Linux and Solaris, root is an all-powerful user that can do pretty much anything. Historically, there are a lot of things that only root can do. Both Linux and Solaris provide mechanisms for granting a specified set of normal users the ability to run certain commands with root authority, but in such cases those applications have full root access and it is necessary to trust that they will behave properly and don’t have any security holes that could lead to unintended consequences.
Solaris improves upon this with process rights management, also known as least privilege. Rather than granting an application full root access, it is possible to grant only those portions of root access that the application needs. For example, a web server may need to listen on port 80, but there is no need to let it read or write any file on the system, load kernel modules, or halt or reboot the system. Instead of granting it full root access (even if it gives it up later via setuid), you can just grant it the net_privaddr privilege so that can listen on ports below 1024 without having access to any of the other things that might be possible if it were truly running as root.
ZFS is a phenomenal filesystem + volume manager. Linux has good filesystems and a volume manager, but none of them have the combination of power, flexibility, and ease of use that ZFS offers. It works well on a fraction of a drive, and it works well on a system like the Sun Fire x4500 with 48 drives. It’s got good performance. It’s got great data integrity features through redundancy, checksums, and multiple copies of data and metadata. It’s got instantaneous atomic snapshots. It never needs to be defragmented. It never needs fsck. The implementation of cryptographic support for encrypted filesystems is going to be integrated in the near future.
ZFS is great for servers, but it’s also very useful on desktop systems. As a developer, I find the instant snapshot and rollback capability to be extremely useful for resetting an application to a known clean state when running tests. Compression increases the amount of data that you can store and in many cases actualliy helps performance. The ability to keep multiple copies can help prevent you from losing information even if you’ve only got a single disk.
Virtualization is a pretty hot topic right now, and there isn’t really a shortage of options. VMware, VirtualBox, Xen, QEMU, and other solutions make it easy to run one operating system on top of another, or another operating system on top of itself. They provide excellent separation of environments, but they are all pretty heavyweight because they require a significant amount of memory and disk space for the virtualized environment.
In some cases, e.g., for security or application testing, you want something that looks like a separate system but you don’t need a different operating system. For those cases, Solaris offers an excellent alternative in the form of zones. A zone provides excellent separation and for the most part looks like a completely separate system, but requires virtually no memory and in many cases a relatively small amount of disk space because it’s able to share a large amount of the filesystem from the host system (also called the global zone). Zones are trivial to configure, and when used in conjunction with ZFS snapshotting and cloning it can be possible to create new zones nearly instantly.
In the default case, a Solaris Zone runs exactly the same OS and kernel version as the host system, which makes it extremely cheap. However, because of the strong compatibility that Solaris provides between versions, alternative implementations have been added which make it possible to create zones which appear to be running Solaris 8 or 9 on Solaris 10.
It’s also possible to run a Linux emulation layer in a zone, which is pretty impressive but unfortunately the support is pretty limited and it doesn’t really look like there’s much active development going on to improve it. However, while I did make use of this capability when it was first released for a few specialty purposes (e.g., running Acrobat Reader), I haven’t used it in quite a while because I can run pretty much everything I need to natively in Solaris, and I do have Ubuntu installed in VirtualBox which provides a much better way to run Linux on Solaris.
Both Linux and Solaris provide pretty good ways of identifying what’s happening on the system, but Solaris tends to do a better job. At a very high level, I’ve noticed that most Linux systems don’t ship with utilities like iostat and mpstat and require the installation of additional packages, whereas they are included by default on Solaris.
When looking into what a particular process is doing, both the Solaris truss and Linux strace are pretty similar, and they allow you to see the system calls that the process is making. It does appear that at leasat some Linux distributions (like Ubuntu) don’t seem to provide pstack or an equivalent command for getting a stack trace of all threads in the process.
Of course, the big feature that Solaris has in this arena is DTrace. Linux does have SystemTap, but it appears to be sat the present time it’s limited to only examining the kernel and doesn’t have any support for tracing user-space applications. DTrace provides full support for debugging user-space applications, and there is also special support for tracing Java, Ruby, Perl, shell scripts, and other scripting languages. And because Solaris provides stable interfaces, there’s a much better guarantee that DTrace scripts which use stable interfaces will continue to work in the future.
10 thoughts on “Why I like Solaris”
This is a great piece of writing, Neil. Respect.
Great write up!I believe that opensolaris 2008.11 will be a great leap forward for solaris on the desktop. Some of the features such as ZFS snapshot integration with nautilus will do things that Linux based offerings can’t even hope to do in the medium term…
Lets be thankful that not more ppl knows about blastwave or nexenta. Then you would have even more confusion what you have already when we explain the difference between OpenSolaris and Solaris 11. It is good that Sun contribute to a healthy ecosystem. But Sun should be the leader of that eco system, not the victim. :)When it comes to ease of development…. Improve on GNU. Make gcc produce as good binaries as SunStudio on OpenSolaris. In fact.. Embrace and extend the GNU toolchain and make IBM use “Sun gcc” to build their tools. :^)Also, fix ps and top.. it is plain annoying. 🙂
@Kristofer: Did you try prstat and /usr/ucb/ps ?
exactly what we see in the IT-world today. More and more companies are switching from Linux to Solaris, which is an intellligent move.Rgds,Frank
Neil,Great write-up. Like you, I’m a converted ex-Linux enthusiast. I still run Linux on some systems but my main go-to OS is now solaris!
1.>I’ve had countless experiences where an application that worked on one release of Red Hat or Ubuntu didn’t work on the next. API of kernel and base libraries is more or less stable in Linux. RHEL is very compatible with itself distro, while Ubuntu is bleeding-edge and low-quality, so there are many troubles, sometimes linked with compatiblity. But Solaris uses the same GNOME (api of GNOME isn`t stable sometimes) and X.org releases, that Linux has.2.>This leads to silliness like 64-bit web browsers and complaints about lack of 64-bit plugins.NSPluginwrapper? Additionally, 64bit apps usually perform faster (especiay with specific multimedia optimizations).3.>Process Rights ManagementAppArmor, SELinux – you can grant only some rights via AppArmor, if you want.4.>ZFSTbrfs? Yes it is quietly unstable (nobody woun`t use it in production now, I know), but link of XFS and LVM, for example, is enough sometimes.
It is good that Sun contribute to a healthy ecosystem. But Sun should be the leader of that eco system, not the victim. 🙂 I am an active memeber here http://www.unixadmintalk.com/opensolaris/
I agree with the article, but in full disclosure, I’ve been using Solaris since the 1.x days, and I’m a *BSD developer. I expecially like the integration that Solaris and the *BSDs have over Linux, but that does not stop me from using Linux (even as my workstation).One thing I would like to see Sun do is with net_privaddr, limit the privilege to a specific port or range of port numbers, not all 1-1024. Then you could assign port 80 and 443 to the web processes, 25 and 587 to the mail process, etc. This then would mean if the web process did get compromised, it could not startup a ‘special’ process on a different privileged port number.selinux can’t do this. you’d have to use authbind under linux to get somewhat similar functionality.
Jim,You can have a process run on a privileged port in Solaris using a non-root account.Here is an example of <a href="http://www.c0t0d0s0.org/archives/4075-Less-known-Solaris-features-RBAC-and-Privileges-Part-3-Privileges.html“ rel=”nofollow”>how to run Apache as a regular user account using RBAC.
Comments are closed.