OpenBSD 3.6 Review

Filed under: Archives, Linux News — @ 8:17 pm

The OpenBSD team earlier this month released version 3.6 of the free operating system, with support for more hardware, updated application software, and bug fixes included. This time around OpenBSD has added support for multi-CPU systems, a number of drivers for new peripheral hardware, and about 200 more applications to the Ports tree. I took the new version for a spin, and liked what I found.

Since I’ve previously reviewed OpenBSD 3.5, I won’t repeat everything, but here is a quick list of the general features intrinsic to the operating system:

OpenBSD is secure by default — in other words, the base system that you install will not have any security flaws or enabled services that could compromise the integrity of your system.
OpenBSD is easy to install, set up, and use, but it’s all done from the command line. If you want to learn and use OpenBSD, you’d better be familiar with the man command.
The documentation via the manual pages is superb.
All of the software you’ll need to run a Web, mail, NFS, DHCP, or file server is installed and ready to be configured and enabled.
New programs are easy to install, update, and manage through the Ports system.
OpenBSD includes integrated cryptography, which is used by some parts of the base system to enhance security.

OpenBSD doesn’t necessarily make as complete a desktop system as FreeBSD or one of the desktop GNU/Linux distributions does, but you can certainly use it to get email, chat on IRC, browse the Web, or write a book. There are no hardware accelerated drivers for Nvidia, ATI, or Intel video chips, so 3D games are out of the question, but you can still get good color depth and resolution in X11 for 2D applications. Desktop environments like KDE 3.2.3 and GNOME 2.6.2 are available through the Ports system, as are several window managers and a host of GUI-based programs that run in them. In all there are more than 2,700 programs in the OpenBSD 3.6 Ports tree which, unlike FreeBSD’s Ports tree, remains static for each release. In other words, OpenBSD Ports follows the same release schedule that the base system does, as opposed to the maintainers updating the Ports as they see fit. This means that you’ll be stuck with the same software versions until the next release (six months), but it also means that each OpenBSD installation will have exactly the same software on it, providing a standard, stable environment for sysadmins.

The quickest way to get OpenBSD 3.6 is through an FTP install. You download a small CD ISO or diskette image, boot from it, then download the installation sets from the OpenBSD FTP servers. Every time I try this I have some kind of problem, but the CD set always works perfectly on my systems.

Security: A process, not a problem

Security: A process, not a problem
If all you’re running is a desktop machine or workstation, your only security precautions probably include enabling a firewall and disabling or uninstalling unused server software. But there’s much more to security than an end-user can immediately see. In setting up an operating system for a server — especially a production server — a sysadmin should conduct a full audit of the system before it is brought online. This includes examining every piece of software on the system to ensure that it is configured properly and up to date with all security patches; testing the services and disabling any that are unnecessary; hardening the kernel; monitoring file permissions and logs, looking for suspicious activity; and finding and installing all security updates for both the OS and the installed software. In other words, security on a production machine is not a problem to be solved and then forgotten about; it is a continual process which requires attention and vigilance. Where OpenBSD truly shines is in anticipating these kinds of tasks and helping you accomplish them more quickly and easily. On a GNU/Linux or proprietary Unix system you can create scripts and `cron` jobs to automate much of your security audit, but that takes a lot of knowledge and experience. OpenBSD takes the hassle out of an administrative security audit by checking the logs and file permissions and emailing the root account every day with a security report. It also disables all daemons by default and adds special security-enhancing modifications for Apache, OpenSSL, and other outward-facing programs. In addition to the secure default state, the other facet of OpenBSD’s top-quality security is behind the scenes. The code itself undergoes an ongoing and extensive security review by the OpenBSD security team to ensure that there are no known or potential vulnerabilities waiting to be exploited. Often times a potential problem is fixed in the OpenBSD code long before it is discovered, exploited, and patched in other operating systems. In the end, OpenBSD offers little that any modern Unix operating system plus a good sysadmin doesn’t, but it’s a matter of convenience and preference. The process of maintaining a secure system is still up to the administrator, no matter what operating system you use.

If all you’re running is a desktop machine or workstation, your only security precautions probably include enabling a firewall and disabling or uninstalling unused server software. But there’s much more to security than an end-user can immediately see. In setting up an operating system for a server — especially a production server — a sysadmin should conduct a full audit of the system before it is brought online. This includes examining every piece of software on the system to ensure that it is configured properly and up to date with all security patches; testing the services and disabling any that are unnecessary; hardening the kernel; monitoring file permissions and logs, looking for suspicious activity; and finding and installing all security updates for both the OS and the installed software. In other words, security on a production machine is not a problem to be solved and then forgotten about; it is a continual process which requires attention and vigilance.

Where OpenBSD truly shines is in anticipating these kinds of tasks and helping you accomplish them more quickly and easily. On a GNU/Linux or proprietary Unix system you can create scripts and cron jobs to automate much of your security audit, but that takes a lot of knowledge and experience. OpenBSD takes the hassle out of an administrative security audit by checking the logs and file permissions and emailing the root account every day with a security report. It also disables all daemons by default and adds special security-enhancing modifications for Apache, OpenSSL, and other outward-facing programs.

In addition to the secure default state, the other facet of OpenBSD’s top-quality security is behind the scenes. The code itself undergoes an ongoing and extensive security review by the OpenBSD security team to ensure that there are no known or potential vulnerabilities waiting to be exploited. Often times a potential problem is fixed in the OpenBSD code long before it is discovered, exploited, and patched in other operating systems.

In the end, OpenBSD offers little that any modern Unix operating system plus a good sysadmin doesn’t, but it’s a matter of convenience and preference. The process of maintaining a secure system is still up to the administrator, no matter what operating system you use.

Speaking of which, the OpenBSD 3.6 CD set is an inexpensive $45 (or 45 euros). Anyone seriously considering OpenBSD on the i386, SPARC/SPARC64, AMD64, VAX, or macPPC architectures will find the CD set to be a much more convenient and speedy method of installation.

OpenBSD’s installation routine is spartan, but quick and simple. It’s merely a script that goes through each step of a complete installation or upgrade of the base system. Depending on the speed of your computer and the size of your hard drive, installation can take between 10 and 30 minutes, and upgrades will usually take about half that. The upgrade script unfortunately does not upgrade precompiled application packages or any programs that you’ve installed through Ports, and there is no Portupgrade program to automate this process as there is in FreeBSD. To upgrade your programs, you’ll have to reinstall each one individually — not difficult to do, but certainly tedious if you have a number of programs on your system. Some people prefer to deinstall all packages prior to the upgrade, then reinstall the new versions afterward. Packages are not as easy to get from the FTP repository as Ports are, but are much quicker to install on slower systems and easier to distribute to multiple installations.

If you choose to upgrade your Ports after the upgrade, you can run the /usr/ports/infrastructure/build/out-of-date script to determine which ones need to be upgraded, then locate each one and deinstall and reinstall it.

New in 3.6

Included with the standard installation are OpenSSH 3.9 (OpenSSH is part of the OpenBSD project) and OpenSSL 0.9.7d; GCC 2.95.3 and 3.3.2 with the ProPolice add-on installed and enabled by default; Perl 5.8.5; Apache 1.3.29 with default chrooting, privilege revocation, mod_ssl 2.8.16 and DSO support; Sendmail 8.13.0 with libmilter; BIND 9.2.3; Heimdal 0.6rc1; and a customized fork of XFree86 4.4.0 without the new, more restrictive licensing. Other packages like Lynx and Sudo are also included, and most of the above-listed programs include specialized patches from the OpenBSD team to enhance security and functionality.

Hands on

I tested out OpenBSD 3.6 on my most temperamental system: a Dell Inspiron 3800 laptop. I had no trouble with my PCMCIA Xircom wired or Linksys wireless network cards, nor did I have any trouble switching between the two. I could install and use XFree86 without any trouble, and everything seemed to work just as perfectly as it did in the previous release. I didn’t have any multi-CPU systems running the new SMP support on either the AMD64 or i386 editions.

The OpenBSD project cannot guarantee the security of programs in the Ports tree, but they do make an effort to ensure that obviously insecure programs don’t make it into Ports. If a security bulletin is sent out about programs in either the base system or Ports, OpenBSD provides patches individually or as a separate branch of the entire project. The process for applying a single patch is detailed at the top of each patch file, making installation as easy as following a couple of lines of instructions. As of this writing there are no listed security bulletins, but if there are, they’d appear here.

The PATCH branch of OpenBSD is one of three separate yet related divisions of the project. The first and most obvious is RELEASE, which remains consistent throughout the six-month lifespan of an official OpenBSD release. PATCH is RELEASE plus any security updates, and is updated as patches are released. The third branch is CURRENT, which is the cutting edge of OpenBSD development. Obviously you don’t want to run in-development code on a production machine, so CURRENT is really only useful to people interested in contributing to the project. These branches are not isolated to the base system; they also include the entire Ports tree.

Conclusions

I’m certain the OpenBSD team would think this a trivial matter, but for the next version I would really like to see a Portupgrade-like program to upgrade the compiled Ports to the new version without a great deal of hassle.

Aside from that single gripe, what strikes me most about OpenBSD in general is the professional manner in which it is developed and released. By professional I don’t mean “corporate,” as in meaningless meetings, bad design strategies, incompetent bosses, unreasonable deadlines, etc. I mean it’s released on time with few problems and it does exactly what it claims to do.

Each release is a small step forward; operating system development should be a battle of inches instead of historically disastrous attempts at giant leaps, and OpenBSD 3.6 personifies that philosophy. With the exception of SMP support, every enhancement new to 3.6 is a few inches forward. Some things may seem little but mean a great deal to those who requested and developed them. Others might not be able to notice any difference at all between 3.5 and 3.6.

OpenBSD 3.6 is among the better AMD64 operating systems out there, which may make it a suitable server replacement for FreeBSD, which continues to suffer from a horrible AMD64 SMP implementation. If you want to set up a cheap, secure home server, or if you’d like to get into using the command line interface more proficiently, OpenBSD 3.6 is an excellent operating system to choose.

Discuss this article or get technical support on our forum.

Purpose	Server operating system
Manufacturer	The OpenBSD Project
Architectures	i386, AMD64/EM64T, SPARC, SPARC64Alpha, HP300, HPPA, Mac68k, MacPPC, mvme68k, mvme88k, luna88k, VAX
License	BSD
Market	Servers of all kinds, for home, office, or enterprise; security-minded users and sysadmins
Price (retail)	$45 for a 3-CD set. Click here to buy it directly from the OpenBSD site. Can be installed over FTP for free
Previous version	3.5
Product Web site	Click here

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.

First let’s start with the basics: SUSE of any flavor is easy to install, maintain, and manage, and SLES9 is not a disappointment in that regard. The only trouble SLES9 has is in installing and activating the boot loader when a serial ATA controller is present (and unused) in the system. I never discovered a workaround for this, and the problem was verified by other sources with different machines. If installing to a SATA hard drive there was no problem and, ultimately, this is what I had to do to get the software working. I didn’t spend a lot of time tracking down the problem, but it occurs on other distributions of the same era, and it appears to be a problem with how GRUB guesses and assigns device names.

The installation procedure is as easy as it can be without skipping critical options. Likely you’ll be installing the server the first time from the CD media, but for emergencies or to install on other servers you can use the ZeroConf Service Location Protocol (SLP) to do the world’s simplest remote installation. The target machine automatically finds the installation server, reads its config files, and reinstalls the operating system all by itself. If nothing else, this offers the cheapest and easiest form of redundancy, allowing SUSE Linux Enterprise Server to replace critical yet aging UNIX systems.

ZeroConf SLP can also connect to about two dozen other services such as OpenSSH, NTP, CUPS, and LDAP, just to name a few. SLP is also compatible with Apple’s Rendezvous protocol.

The setup and configuration is as easy as it can get; the YaST management tool can usually detect your hardware and set it up for you, asking you about configuration options along the way. In the rare instance where your hardware is not recognized or supported, you usually have generic driver options that can get you going until you work around the problem or download the proper driver. That scenario is pretty rare; SLES9 has the most incredible hardware support of any commercial distro I’ve seen so far. It could even run some of the most advanced state-of-the-art hardware from Intel — a D915GUX motherboard with integrated PCI Express video and a uniquely modified Intel Pro 1000 LAN chip that even the in-development Fedora Core 3 could not use at the time I tested it. I had some trouble setting the video resolution at first, but it took very little work to get everything to operate properly.

Maintenance is, as always, handled by the YaST Online Update (YOU) utility. YOU can download and install updates automatically without any user intervention, or it can be scheduled to download updates only at certain times. The big difference between SLES9’s YOU utility and the one found in SUSE Linux 9.1 Professional is, Enterprise Server does not access public update servers by default. In order to receive updates from Novell’s update server, you have to have a “support key.” Novell said that they’d send me one of these so I could test out the service, but I never received it. I don’t like the idea of having to rely on a single vendor for support and update services, but fortunately Novell/SUSE has been reliable in the past.

YaST does a bit more than just change system settings: it controls network services such as DNS, Apache, NFS, LDAP, and many others. From YaST you can enable and disable these services as well as do most or all of your server configuration. You can, for instance, add or remove modules from Apache, set up the ZeroConf server, add network users and groups, etc. — all from a quick and easy-to-navigate GUI.

A minimal amount of desktop applications are also included: KDE 3.2.1 and GNOME 2.4.2 and their associated components are included in the full install, along with K3b for writing to optical drives and Mozilla for Web browsing and Web page authoring (the mail, address book, and chat components are not included).

Special features

With the exception of ZeroConf SLP and some unique portions of YaST, so far we’ve covered the features that are unique to SUSE in general; now we’ll outline some of the things new to SLES9 along with features that you won’t find in SUSE’s desktop distributions.

The 2.6.5 kernel that SUSE Linux Enterprise Server 9 uses is enabled for symmetrical multiprocessing (SMP) and employs four separate kernel I/O schedulers (CFQ, Deadline, Anticipatory, No-Op), which greatly improves performance for any disk-intensive applications. SUSE can also access the drive or array through multiple channels at once (multipath I/O), thereby allowing for better load balancing and fault tolerance. Class-based Kernel Resource Management (CKRM) in SLES9 allows the administrator to allocate resources at the user or job levels. This can stop DDoS attacks and increase the accuracy of programs that monitor resources. Lastly, SUSE-specific kernel enhancements allow up to 512 CPUs, 4 billion unique users, 65535 concurrent user-level processes, 4095 major device types and more than a million subdevices per type. The kernel also automatically tunes and adjusts its resource management to accommodate the maximum number of open files.

One of the most interesting new features in SUSE Linux Enterprise Server 9 is its integrated Usermode Linux (UML) capabilities. UML allows the kernel to create a virtual instance of itself as a regular process, enabling the administrator to create multiple virtual servers, all administrated through the same tools and programs as the “real” server. This can be useful for Web hosting providers, who could sell several virtual servers on one machine. You could also use the UML-created virtual instance to work as a firewall or for a Virtual Private Network (VPN). Using UML to create Linux virtual servers, you can also do some nifty load balancing tricks.

These are merely some of the highlights of SUSE Linux Enterprise Server 9’s extensive feature list. SLES9 is armed to the teeth with tools and applications that are easy to access, use, and understand; any but the most old-school, old-fashioned sysadmin will love SUSE Linux Enterprise Server 9.

Architectures

I only tested the AMD64 and x86 editions. Novell says that the AMD64 edition, unlike many so-called 64-bit operating systems that have a 64-bit kernel and a 32-bit userland, is entirely optimized and compiled for the AMD64 architecture. According to previous benchmarking I’ve done with SUSE Linux Professional 9.1, that could yield performance gains of anywhere between 30% and 200% when doing memory and CPU-intensive operations such as encryption, encoding, and compiling.

SLES9 is available for IBM’s POWER architecture as well, but usually you’d buy it with the machine instead of separately from Novell.

Conclusions

In the future I’d like to see Novell do some better testing with a wider variety of x86 and AMD64 hardware. The SATA problem would have been a serious problem if I hadn’t had a SATA drive to use for the review.

Other than that one glitch, SUSE Linux Enterprise Server 9 is easily the most powerful, comprehensive server OS on the market. It spans three major architectures, offers tools to do pretty much anything that can possibly be done with a networked server, and it’s easy to use and install. To top it all off, it’s cheap — U.S. $389 for the 2-CPU edition, and there are no restrictions in licensing. Compare that to Microsoft Windows Server 2003 Standard Edition, which is nearly three times as much and you must pay per-seat licensing for client machines. Even among GNU/Linux distributions, there is no competition for this product as it is out of the box. Sure, you can hack any GNU/Linux distro to do what SLES9 does — sysadmins have been doing it for years. SUSE Linux Enterprise Server 9 reduces the hassle and wasted time that is generally associated with installing, configuring, and then using a server.

Purpose	Operating system
Manufacturer	Novell
Architectures	x86, AMD64, POWER
License	The core distribution is under the GNU GPL, but some ancillary programs included with the distribution are under proprietary licenses
Market	Enterprise corporations
Price (retail)	U.S. $389 for the 2-CPU license, $939 for the 16-CPU license
Previous version	SUSE Linux Enterprise Server 8
Product Web site	Click here

Discuss this article or get technical support on our forum.

Comments (0)

Solaris 10: a collection of great, new, unique features

Filed under: Archives — @ 8:14 pm

Sun has put a tremendous amount of effort into its operating system, with the intention of rebuilding both its Unix market share and its relationship with free software developers. This article looks at the impressive new features that make Solaris 10 an amazing operating system and also some flaws that prevent it from being perfect.

Solaris is both the oldest and most modern extant Unix operating environment, but the previous few releases have been somewhat lacking in innovation. Solaris 10 makes up for that by introducing a wealth of new and innovative features that catapult it out of the traditional proprietary Unix market — where HP, IBM, and SGI live — and into the mainstream server and workstation market — the realm of Microsoft, Novell, and Red Hat.

While I was talking to him about some historical Solaris bugs and if they’ve been fixed in version 10 or before (see below), Bryan Cantrill, one of the engineers responsible for the much acclaimed but seldom properly explained DTrace technology, happened to see a question I had written in my notebook: “Why is Solaris 10 ‘the most advanced operating system ever built’ as claimed by various Sun representatives?”

Upon seeing that, Bryan started talking about DTrace and ZFS, and before he got to Containers, I stopped him. “A couple of good features don’t make a whole OS. What’s the big picture with Solaris 10?” I asked.

“Solaris 10 isn’t just a couple of new things, it’s a collection of great, new, unique features,” he began. Jared Jenson, a consultant who works with Sun products, was also participating in the conversation and took over for Bryan. “For me, as a system administrator, Solaris 10 gives me a lot of what I call ‘quality of life features.’ By that I mean that Solaris makes life a lot better for the guys who have to wear the pagers — you do your work more quickly, more efficiently, you find problems and fix them faster, and then you can go home to your family.”

Here are some of the “quality of life features” in Solaris 10:

Dynamic Tracing (DTrace), a program and framework with an Awk-like command syntax that allows a sysadmin to quickly examine the behavior of the software environment from userland applications down to the most basic level
ZFS (formerly known as the Zettabyte File System; the term “zettabyte” has nothing to do with this file system, so its official yet meaningless name is now simply ZFS), which was written from the ground up to accommodate modern storage devices and redundancy solutions
Solaris Fault Management (also called Predictive Self-Healing), which is an integrated framework and analysis system that monitors data for abnormalities, then can isolate the malfunctioning device that is causing the corrupted data and route around it if possible. Since hardware failures are rarely instantaneous, Solaris Fault Management can detect failing hardware before the results become apparent to users.
Upgraded security: Instead of offering a separate distribution of Solaris for the Trusted Solaris product, Sun has added 80% of the integrated security features of Trusted Solaris to Solaris 10. Trusted Solaris 10 will still be available as a group of add-on packages to the standard Solaris operating environment.
Vendor-neutral support offerings: This means that, on the high end of its service plans, Sun will support Solaris, all software written for Solaris natively, and all LSB-compliant Linux binaries that users might run on Solaris 10 through the Linux Application Environment (formerly known as Project Janus).
Process Rights Management: This is a revised and updated permissions structure that allows specific users to have specific root permissions, so if several admins are controlling individual services on the same server, they can be given complete control over their processes and programs without having full root access to the system.

Let’s look at some of the above features in more detail.

DTrace: More valuable than it may seem

I spoke with the core DTrace developers — Bryan Cantrill, Adam Leventhal, and Mike Shapiro — for about an hour at the Sun launch event, and they gave me a personal demonstration.

Cantrill had given a presentation in which the example situation was a serious network performance problem caused by a couple of users that were running inefficiently written stock ticker programs — which were installed with GNOME by default. While this was an actual real-world example of how DTrace tracked down the problem, a top-notch sysadmin would never allow superfluous and potentially insecure programs in a critical production environment. So how would DTrace help on a more tightly controlled network?

Cantrill opened up his laptop computer, booted a recent development build of the AMD64 edition of Solaris Express, and proceeded with a high-energy demonstration of DTrace. First he showed me some broad DTrace output from the command line; it printed output from the more than 32,000 points of instrumentation (also called probes) that give feedback useful for tracking down problems. A traditional ps -a command would have shown only userland processes, which were related to the terminal.

“D, the language that DTrace uses, is a lot like Awk,” he said as he opened up vi and created a short script to execute more complex DTrace commands. He then started the FVWM window manager and showed me everything the system does to open an instance of Xterm by adding a few lines to the aforementioned shell script to give DTrace the proper parameters and switches related to finding only Xterm-related activities. Cantrill noticed from the list of processes that data was being written to the disk upon starting Xterm. “That’s unusual,” he said, noting that there should be no reason to write to the disk at all. So he opened up the shell script again and modified it to find out why Xterm was behaving that way and what files it was writing to. The list that DTrace produced showed that the Bash history file was being written to upon launching Xterm — so it turned out to be something perfectly normal. There were a few things that could have caused the disk write operation, and I’m sure if we’d had time to think about it we could have investigated it in the traditional way and found the answer, but DTrace produced specific results in seconds. This was a rather innocuous example because there was no problem to solve, but with some kind of mysterious performance-related problem, someone who knows DTrace could walk into a strange Solaris 10-based environment with machines and configurations he had never seen before and use it to track the problem down.

Granted, if you have to stop and read the manual and learn how to use D first, you’re not going to track anything down quickly. If you already know Awk and are familiar with Solaris, DTrace shouldn’t be very difficult to learn. Once you have even a moderate understanding of DTrace, on a large network with a lot of machines filled with various programs for various purposes, even if nothing seems wrong, you can fine-tune your Solaris environment by identifying inefficiencies.

More information about DTrace can be found at these addresses:

Solaris Dynamic Tracing Manual, the official, heavily detailed and easy to follow documentation, written by the people who wrote DTrace
BigAdmin’s DTrace page, a collection of useful DTrace resources
“Baby’s first DTrace”, Adam Leventhal’s quick DTrace introduction for sysadmins
Sun’s DTrace discussion forum

Some visualization tools are also in development that use DTrace as a foundation.

ZFS

Previously, SunOS employed the traditional and reliable but not quite top-performing Unix File System (UFS) as its one and only file system. Every Unix vendor and BSD variant has its own unique implementation of UFS, and few of them are fully compatible with one another. The trouble with UFS is that it is not terribly scalable; you can’t add a hard drive to a RAID array and expect to easily expand your file system’s capacity without losing data.

Rather than attempt to rework UFS to update it (as FreeBSD has, with UFS2), Sun’s engineers designed a completely new file system technology that took into account modern computer hardware.

ZFS combines the functionality of a file system and a volume manager into one package, so it can control multiple disks without any additional software. It can also do more than just read and write blocks, which is the limit of a traditional file system’s control. ZFS creates a “pool” of storage — disks, presumably — and then that storage is used for a dynamic file system when needed. So there is the underlying pool of storage, then on top of that are as many dynamic file systems as you want to create. If you need more space, just add a disk to the pool and you can grow the file system — safely, with only a few commands in the terminal.

ZFS is also 128-bit, which is exponentially more spacious than most modern file systems, which are 64-bit. While it may seem unlikely that your storage needs will exceed the 64-bit limit of 16 exabytes, computer history is replete with examples of people underestimating growth.

The third primary feature of ZFS is its error-correction capabilities. Each write operation writes to a new block before changing the pointers to commit the write, making it possible to “roll back” data to a previous state. ZFS integrates checksums into the file system structure, which means that data corruption is detected immediately. If the file system is mirrored, ZFS can repair the corrupted data by using the mirrored copy without any user intervention.

Solaris Containers

While not specifically mentioned as a “quality of life feature” in Solaris 10, Containers are still an impressive and useful addition. Like ZFS, Solaris Containers have undergone a name revision; previously they were known alternately as “Zones” and “N1 Grid Containers,” but due to changes in marketing strategy, the feature has been renamed Solaris Containers.

Like BSD jails, Solaris Containers isolate applications and processes from the rest of the system. You can do this for a number of reasons, including security, convenience, and server consolidation. Containers also have superior performance and resource efficiency over a more common alternative, virtual machines, which require an entirely separate instance of the operating system for each virtual unit. Containers use the same kernel and memory that the underlying OS does, and do not reserve any part of these resources. This means that every Container on a system has a single point of failure because they are all using the same kernel. Sun claims that a system can have more than 8,000 Containers, but it’s hard to imagine a scenario in which a number that high would be useful, or a system on which they could run without a significant loss in performance.

Realistically, Solaris Containers are most useful for creating virtual hosts and servers that can perform a variety of separate network tasks in one machine instead of several. You could have your DNS, LDAP, and DHCP servers running in separate Containers, all acting as independent systems. Since each Container can have its own IP address, you could also use Containers for separate hosting accounts on a shared Web server.

New and improved?

Prior to the launch event I got some suggestions from Solaris sysadmins who had specific problems with previous versions of Solaris and had switched to other operating systems where they could. I took the issues mentioned in this SysAdmin to SysAdmin column and the comment attached to it, plus some other notes, and compiled the following list of issues, which several Solaris engineers addressed point by point:

Solaris is too complex. This was described by the Solaris hackers as being an engineering problem that has been solved by introducing better technology — namely, DTrace to replace other less specific command-line tools, X.org to replace the aging Xsun server, a more streamlined installation procedure, and better documentation. “Documentation is never an afterthought for us,” Cantrill told me.
If a user belongs to more than 15 groups, the system dies. Cantrill told me that this has long been a tunable parameter in Solaris. “Such that it exists at all, the limitation is due to a protocol restriction in NFS. By default, Solaris is configured to cooperate with other vendors’ NFS implementations — which means setting the number of supplementary groups to 15.”
NIS netgroups have a size limitation; this forces messy netgroups. This is due to an underlying DBM database issue; the database has a size limit of 1,024 bytes. The best solution is to use LDAP instead.
If one machine is in two netgroups and both groups have mount privileges, the NFS server crashes. The Solaris engineers tested this and didn’t find the problem; furthermore they had no record of this ever being a bug or problem with any previous editions of Solaris.
GNOME is poorly implemented. GNOME support has been greatly improved in Solaris 10. The version that ships with the initial release is 2.6.1, and it now uses the Java Desktop System theme by default.
The version of Netscape included with Solaris is old. Sun has abandoned Netscape in favor of Mozilla.
Solaris has a poor LDAP implementation. A great deal of work has gone into improving LDAP in Solaris 10. The new implementation is of a much higher quality and has expanded features over previous Solaris implementations.
If you set up the system to authenticate to NIS, then start LDAP, the system crashes. This bug has been fixed in Solaris 10.
Solaris is slow. Solaris 10 includes an optimized TCP/IP stack, which now scales much better on multi-CPU systems. Additionally, Solaris 10 has specific performance enhancements for UltraSPARC IIIi and IV systems that can increase performance by as much as 20%.

The catches

Solaris 10’s unique features are only useful if the operating system will install and run on your computer. Sun is not known for supporting a lot of x86 hardware, and Solaris 10 does not alter that reputation. You’re pretty much limited to the hardware in the hardware compatibility list; I’ve tried to get several different custom-built systems to work with Solaris Express over the past few months, and none of them has functioned fully, with the usual suspects being ATI video cards and integrated LAN chips. Unlike previous releases, Solaris 10 supports a fairly wide range of UltraSPARC hardware — especially systems that use the newer IIIi and IV processors. The 64-bit AMD64 edition of Solaris 10 will not be available for another few months.

Solaris 10 will not tolerate Linux partitions on the same drive, so if you want to dual boot, you’ll need a separate hard drive. Speaking of hard drives, I was not able to get an SATA hard drive to be recognized by Solaris Express 10/04 on any of my test systems. Sun told me that Solaris 10 would eventually have SATA support, but didn’t have specific dates or details on which SATA controllers would be supported.

While Solaris 10’s official release is January 2005, it will not initially ship with ZFS functionality. ZFS instead will be included in the first update.

Conclusions

If you’re using a previous edition of Solaris — especially if you’re using a SPARC-based infrastructure — it makes a lot of sense to upgrade to Solaris 10 if your hardware supports it. To begin with, it’s free of charge to download and use it, so the initial cost is nothing. Considering the potential performance increase and such advanced features as ZFS and DTrace, your benefits could include better data reliability and storage scalability, and the ability to track down and eliminate software problems immediately.

If you’re considering a new operating system for your business, Solaris is definitely a candidate. I’d recommend sticking to the hardware compatibility list, and specifically buying only systems that have been certified to work with Solaris 10.

Many people will wonder, “Is Solaris 10 better than Red Hat Enterprise Server 3, Windows Server 2003, and SUSE Linux Enterprise Server 9?” Under most conditions the answer is yes, thanks to the above-mentioned features that are unique to Solaris 10. While SLES9 has Usermode Linux to do operating system virtualization, it requires assigned system resources and doesn’t offer optimal performance. Solaris Containers require only storage (hard drive) space to work and don’t suck up as much system resources, making this feature more efficient while providing similar functionality. ReiserFS v4 may be a significant step forward for Linux file systems, but looking through the feature list on its Web site, I don’t see anything like the ability to add storage space dynamically or integrated checksums to protect against data corruption. ReiserFS v4 is also not 128-bit, so its ceiling is much lower than that of ZFS. DTrace has no equivalent anywhere, as far as I can tell.

It seems that Solaris 10 is a superior operating environment for servers and some kinds of workstations, and Sun’s support options for it are quite ambitious. The only things that hold it back are restrictive licensing and horrible hardware support, but the licensing will soon change as Solaris goes open source, and hardware support is bound to increase as time goes on.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.

I decided to use OpenBSD 3.5 on
my Dell Inspiron 3800 latptop for this exercise instead of Debian,
Slackware, or Gentoo Linux because, in addition to knowing that OpenBSD
worked perfectly on the laptop’s hardware, I wanted to use this
opportunity to get to know OpenBSD a little better. Also, OpenBSD has a
feature that I thought would make my week easier: the href="http://www.openbsd.org/ports.html">Ports software database.
Ports makes it easy to find and install programs from the command line
– easier for me than Debian’s APT or Gentoo’s Portage systems. I didn’t
know what programs I’d be using, so it was important to have a decent
selection of mail, IRC, and other programs to choose from. OpenBSD’s
Ports tree, while nowhere near as extensive as FreeBSD’s, was more than
adequate; one could even say that it was designed with CLI use in
mind.

I had the advantage of working with people who primarily use the CLI
for everything they do. I asked them for some recommendations and
occasionally for some help, but I didn’t ask to be walked through the
whole experience — that would invalidate the exercise.

Software

The one program that I needed right off the bat was a competent FTP
client. I was used to using the graphical href="http://gftp.seul.org/">gFTP, which is about as good as they
come in the world of X11, so whatever I ended up with in the CLI had a
lot to live up to. The standard BSD FTP program that’s included in
nearly every operating system is great for transferring single files,
but it’s horrible for uploading or downloading large groups of files.
Brian Jones, author of Linux.com’s SysAdmin to SysAdmin column,
turned me on to NcFTP, which I found
to be an excellent alternative to the old BSD FTP. Configuration was
pretty simple, and I was able to upload and download multiple files in a
queue and save bookmarks to oft-used FTP sites.

Much like the FTP situation, I knew I could use the standard
interface to ircii if
absolutely necessary, but I’d prefer something more like the excellent
XChat2 graphical IRC client. I tried
Epic, but found it to be rather
unremarkable. Digging deeper into Epic’s configuration docs, I
discovered that there are many pre-made configuration scripts for it.
After looking at several of them, I settled on href="http://darkstar.prbh.org/">DarkStar; while it wasn’t
everything that I wanted, it worked better than what I’d had previously.
I used Epic and DarkStar for the first two work days of my week in the
CLI.

The biggest challenge I had was with email. I was used to Evolution,
which runs my personal and business contacts, calendar, and email. I
didn’t mess with calendar or contacts programs because I didn’t think
I’d need them for the week, but I did explore text-based email
programs.

BSD Mail comes standard with OpenBSD, but its operation and
configuration were a mystery. I could read local email, but I ran into
difficulty trying to configure it to receive POP3 mail. Even if I’d
gotten it to work perfectly I’d have to take notes on all of the
shortcut keys because there are no on-screen helper menus; you’re left
at a prompt with a list of messages. I wasn’t against learning how to
use it, but with so many other programs to have to remember key commands
for, it seemed like a better idea to simply try a different email
client.

I set up Mutt to receive POP3
email from one of my accounts; I have eight POP3 email accounts that I
need to collect all in one inbox. The Mutt configuration file is
gigantic; there are so many settings that it took an hour just to read
through each option and its description. The manual page is equally
gargantuan. It’s nice to have a lot of features, but if I have to crawl
through pages and pages of options that I’ll never use just so I can
learn how to do the simplest of tasks, I can safely declare the program
useless to me.

I tried Pine, but that
was just the opposite of Mutt — the interface was so simple that I
couldn’t figure out how to get multiple accounts into it. I could hardly
configure it for one account, even after reading the
instructions.

The trouble with the email programs that I tried is that they are
designed primarily for two kinds of people: those with one email account
who need a bonanza of options that deal with mailing lists, and those
who are concerned only with local system or LAN mail. In other words,
they were made for developers and sysadmins.

I was considering giving up, but a friend suggested that I install href="http://catb.org/~esr/fetchmail/">Fetchmail and use it to send
all of my POP3 email to my local username. That’s exactly what I did,
and it was a lot easier than I thought it would be. Reading the
Fetchmail manual page was less daunting a task than I’d anticipated, and
I had Fetchmail retrieving all of my POP3 mail inside of an hour. I
created a config file that would regularly retrieve mail from all eight
accounts and then pass it all on to my local user account. This cut out
all configuration difficulties that I’d had with my email programs
because all three could receive local mail by default. Mutt didn’t seem
so useless to me after that. My only complaints about Fetchmail are that
I never figured out how to set it to leave all mail on the server unless
it had already been downloaded, and I couldn’t get it to delete mail
from the server that I deleted locally. I like to save all non-spam
email as a reference.

The vi editor comes standard with pretty much every Unix, BSD, and
GNU/Linux operating system. If you know how to use it, it’s a powerful
and convenient editor to have; if you don’t know how to use it, it’s an
archaic, non-intuitive piece of garbage. My previous opinion of vi
tended toward the latter, but I figured that now was the time to learn
how to use it properly. Instead of vi, I installed vim from Ports
because I wanted to take advantage of its syntax highlighting and
automatic indent features, among other various improvements. The first
thing I did was to run the vim tutorial to learn vim’s finer points. I
got most of the way through it before I learned everything I needed to
know to work on HTML documents and configuration files. Since I already
know how to insert, delete, save, and quit, the supplementary commands
that I learned were easy to remember. Of all of the programs I used in
my week in the CLI, I spent the most effort learning to better use vim.
I considered using Emacs — in fact it was my first choice, because I
knew slightly more about it than I did about vi, but I couldn’t get a
non-X version installed through Ports. Emacs is also not quite as
universal as vi is, and I wanted my learning to apply to as many systems
as possible.

I’d heard of GNU
Screen, but I didn’t think I’d ever need to use it. I couldn’t
imagine needing more virtual terminals than what were provided by
default. On the other hand, I didn’t anticipate working from the command
line full-time, and it didn’t take me long to figure out that it was
worth the effort to install and learn Screen. I was amazed at how easy
it was — all I needed to know was how to start Screen, how to open new
terminals within it, and how to switch between them. It took five
minutes to read through the help file, and soon afterward I had my IRC
client and Mutt running in TTY1, two instances of vim open in TTY2, and
four or five instances of Lynx open in TTY3. TTY4 was for other command
line tasks, should they become necessary. This remained my preferred
configuration for the rest of the week.

I used Lynx as my browser; I
don’t really like Lynx, but what else is there? By the time I got to
learning Lynx, I was struggling to remember all of the command keys for
all of the programs I’d installed. I was so disgusted by the fact that
the Web was no longer graphical that I avoided Web activities as much as
possible.

Lastly, I used cplay
to play Ogg and MP3 files while I worked. It’s the one program that I
didn’t need to read the documentation for, and it didn’t need a
mile-long config file either.

Putting it all into production

I spent the weekend setting all of this up, experimenting with
alternative programs, and messing with config files. I didn’t make a
whole lot of progress before Monday, and needless to say I didn’t get
much work done at first. Well, actually, I didn’t get much work done all
week because of the snags I ran into.

The most difficult part about using the CLI for production desktop
work is using the Web. To me, the World Wide Web was made to be
a graphical experience, and it should always be that way. Once you’ve
gotten used to Mozilla, you can’t really switch to Lynx and enjoy it.
Lynx is purely for the retrieval of necessary information — you use it
when you really need to read something (like documentation) on the Web
and you can’t get to X. My colleague href="http://www.railfan.ca/">David “cdlu” Graham tipped me off to a
console graphics display package called href="http://www.svgalib.org/rus/zgv/">zgv which would allow Lynx to
show pictures in Web pages. Unfortunately it doesn’t seem to be in
OpenBSD’s Ports tree, so even if I’d known about it, it would have been
difficult or impossible to install.

One trouble I ran into with IRC was the inability to scroll up
through a conversation, something that I rely on in XChat2 to get me up
to speed. The best I could do is look through the log with the
/lastlog command and hope that my search string didn’t
match more lines than I had screen space. When I mentioned the problem,
David Graham gently chastised me for not increasing my screen size from
the default (VT100 emulation, which also didn’t support color) to
something higher. I hadn’t even thought about changing the resolution;
ever since the dark days before Linux (and Windows) I was used to the
standard DOS 80×24 screen and figured that it was just the way things
were outside of the GUI.

About the only program I never had any problems with was vim. It
always did what I needed it to do, from writing articles (the first half
of this article was written in vim from my OpenBSD machine) to creating
and editing configuration files. It won’t replace Bluefish for my Web
work, but it was certainly one of the most important programs for me to
have. Sure, vi or the BSD ee editor could have done some or all of the
same work, but they wouldn’t have been as nice to use. Syntax
highlighting is practically a necessity once you’re used to using
it.

At some point I switched from DarkStar/Epic to href="http://irssi.org/">irssi, a Perl-based IRC client. while it
didn’t have the nice auto-notification of incoming email that Epic had,
it was easier to use and configure, and it had a number of other
features (such as timestamping by default) that I enjoyed. It’s not that
I couldn’t eventually program Epic to do what I wanted it to do; the
issue was that I couldn’t do it inside of an hour. I don’t want to read
a 50-page manual and Google my questions for hours just to do a few
simple tasks. I’d rather have a program that simply works the way I want
it to.

Of all the things I’ve lost, I miss my mouse the
most

It didn’t occur to me to use the mouse in the CLI — as far as I was
concerned, the mouse was a tool meant for graphical environments. I
didn’t use a mouse until Windows 3.0 (except in some DOS games) and I
didn’t anticipate needing one in a BSD terminal. Since I couldn’t scroll
any windows with it and couldn’t use it to switch between programs, I
didn’t notice its absence at first.

The trouble was, I needed to copy and paste URLs from Lynx to vim,
and there seemed to be no way to do it without highlighting the address
with a mouse and then pasting it into another terminal by clicking both
mouse buttons. A laptop’s built-in touchpad or directional button is not
well-suited to this task. I didn’t realize how often I used the mouse
until it was gone.

Without being able to easily add links to articles, I was unable to
complete any of my work. I did write the text portions, adding in href
tags where the links would need to go. I then emailed the articles to
myself and when I got home, I added the appropriate links in Bluefish. I
guess you could say that I cheated, but I had to get some work done.

Keyboard navigation wasn’t all that difficult to get used to,
especially after I had my GNU Screen setup properly organized. I could
switch back and forth between different terminals rapidly, and scroll up
and down documents in vim without forgetting to leave or enter insert
mode. Although I reached a certain level of proficiency, I don’t think
that any amount of experience in the CLI could have replaced the
convenience of mouse navigation in GNOME.

Home sweet GUI home

While I had fun learning new programs and new tricks, I missed all of
the functionality and finesse of GNOME. I don’t know whether it’s just
that the programs I can use in X are easier to configure, use, and
multitask, or whether I’ve lost my love for the command line.

I started out my computing life in the CP/M and MS-DOS command line
interfaces, and was dragged kicking and screaming into Windows 95 some
years later. At the time I thought of the GUI as a memory-hogging,
inconvenient, impossible to configure, buggy, and in general useless
layer on top of a simple CLI environment that I knew and enjoyed.
Somehow I thought that going back to a more powerful and flexible
command line years later would rekindle my desire for a return to the
DOS days.

My DOS machine did everything I needed it to do. If I had a new
program or game, I knew how to install it and run it, and all
configuration was usually done either from within the program itself, or
from an external configuration program. There were no config files to
hack, and I never once had to read the documentation to figure out how
to use a DOS program. In other words, they were designed sensibly, with
the user in mind.

Many of the BSD and GNU programs that I used during my week in the
CLI, especially all of the mail and IRC programs, almost seemed designed
to be archaic and difficult to use by default. I would have found my
week more enjoyable with programs that were easier to configure, or at
least easier to find relevant information in the manual pages or help
files. I have no problem with reading documentation, except when it’s
dozens of pages long and hides the most critical and basic options and
information amid a big steaming pile of superfluities.

Program design — and of course my own ignorance of such advantages
as Linux terminal emulation, higher terminal resolutions, and the zgv
terminal graphics viewer — aside, there’s also an underlying roadblock
to get past when switching to the CLI: it’s a whole different way of
thinking. Using a GUI makes you think in a broader, more synthetic, and
object-oriented way. It’s not just that the programs look prettier and
have more convenient mouse-driven features — it’s that you
think of your programs and data in terms of how they look on
the screen. In the command line you’re forced to think in a more
analytical way; you have to picture where your data is, where you want
it to go, and how you want to view or manipulate it. The GUI tends to
make you think in terms of programs and what they can enable you to do
with your data; the CLI tends to make you think in terms of data and
what you need to do with it. The GUI causes you to ask yourself how
something looks, whereas you’re using a more kinesthetic sense
when working in the CLI. I’ve come to believe that it is not just a
terminal interface, it’s a whole different kind of user environment, and
it’s not for everyone.

Using the CLI for a week seemed to me like a survival retreat in the
remote wilderness. It was fun and challenging, but I’m glad to be back
home where I can go back to what works best for me. I’ll definitely
revisit the command line as a user environment, but only at my leisure
– not while I’m supposed to be getting work done. I encourage readers
to try this out on their home machine — if not for a week, then at
least for a few days. Hopefully you’ll find my experiences and advice to
be a good starting point in your own CLI adventures.

Discuss this article or get technical support on our forum.

Comments (0)

Linux is Not Red Hat, and Other Sun-isms Debunked

Filed under: News Stories — @ 8:12 pm

Sun Microsystems head honchos Scott McNealy and Jonathan Schwartz often equate Red Hat with all of GNU/Linux. After interviewing both of them on Monday during the day-long Solaris 10 launch event in San Jose, I understood their frame of reference on this matter and many others much more clearly. For the first time in several releases, Solaris is actually a threat to the other players in the operating system market, but Sun’s market outlook and publicity strategy may be working against the merits of Solaris 10.

The day began with a presentation outlining the new features of Solaris 10 and how this latest release of Sun’s flagship operating system stacks up to HP/UX (“a dead operating system” according to Jonathan Schwartz), AIX (“a dying operating system,” Schwartz quipped — I was the only person in the theater who laughed), Windows 2003, and something labeled “Red Hat,” as though Red Hat only offered one product to fit all situations, and all other GNU/Linux distributions were insignificant.

“Red Hat does not have military grade security, or file system innovation, or [Solaris] containers, and it’s also more expensive. Red Hat requires a binary license fee per CPU,” Schwartz said in summary. But Red Hat’s Enterprise Linux products aren’t exactly the optimal basis for comparison with Solaris 10. Other GNU/Linux distros may not have military grade security like Trusted Solaris 8, but Security Enhanced Linux (SELinux) was developed by the National Security Agency — surely that’s good enough for government work. Red Hat may not have the excellent Solaris ZFS file system, but other distributions have Reiser v4, XFS, and JFS support; it’s not exactly right to suggest that GNU/Linux in general does not have any file system innovation, even if ZFS is technologically superior. GNU/Linux may not have Solaris containers (which allow applications to run in virtual instances of Solaris, isolated from the rest of the OS), but it does have Usermode Linux (UML) which provides similar functionality using a different technique. There’s no argument that the now free (as in price) Solaris 10 is cheaper than Red Hat Enterprise Linux 3, but it’s the same price as Fedora Core and White Box Linux, which use a more cutting-edge codebase than RHEL3 and are often used in production environments. And the bit about licensing? I don’t know what Schwartz was thinking, but what he said was patently false. It would violate the GPL for Red Hat to require a binary license fee of end users. Red Hat charges for its products of course, but has neither the right nor the motivation to stop people from using it for free. The Red Hat license is the GPL, but the services connected with that software — Red Hat Network — are only available to paying customers. Solaris 10, on the other hand, has one of the most confusing, extensive, and restrictive licenses in the software industry. It may be free of charge, but Solaris 10 is not anywhere near free as in rights — and that is why people say Sun is proprietary.

McNealy equates “proprietary” with “interoperable only with the same brand.” While that may be true from a narrow frame of reference, the free software world tends to use a different definition; when we say “proprietary,” we mean that all of the rights to that software are locked away from us. The Latin root of proprietary, after all, means “property” — as in my property, not anyone else’s. Furthermore, Sun does charge for software support for Solaris 10 — you have to pay for an update service like Red Hat Network, and the only part of it that is not free of charge is the security updates. So in that sense it is no better than Red Hat Enterprise Linux, except it is cheaper in its initial cost. Schwartz was correct in saying that Solaris was cheaper in a certain sense, but he was less than honest in his presentation of that fact.

“I have been in this business for more than 20 years, and when a company has Wall Street, they have the market. Red Hat has Wall Street as far as Linux is concerned,” McNealy told me when I asked him if he thought that SUSE Linux was a threat.

Red Hat is not the only product out there, though. There is a far superior server operating system called SUSE Linux Enterprise Server 9, and it buries Red Hat Enterprise Server 3 in every way. SUSE also has the corporate backing of industry powerhouses Novell and IBM. While Red Hat may have more market share presently, that very well may change. The irony in McNealy’s argument is that he expects customers to ignore the market and go with the technologically superior Solaris 10, but he doesn’t seem to think that customers would do the same with the equally impressive SUSE Linux. Sun does not have the operating system market on Wall Street — they’re not even close. So by McNealy’s own reasoning, Sun is as insignificant as Novell is.

Your call is important to us

Sun’s attacks on Red Hat amount to straw man tactics. Red Hat Enterprise Server 3 is nowhere near the operating system that Solaris 10 is, but RHES3 is a poor representative of what GNU/Linux can do on a server. I’ve already mentioned SUSE, but what about community-developed OSes? A skilled sysadmin can take a BSD variant like OpenBSD, or a community-developed GNU/Linux distribution such as Debian, Gentoo, or Slackware, and make it into a powerful server that can compete with Solaris 10. McNealy balked at that notion, saying, “And who will support that? Red Hat won’t support Debian,” suggesting that no company would choose to use a production operating system without corporate support from a vendor like Sun. Granted, Sun’s top-tier support contracts offer some of the industry’s finest corporate support. But instead of telling us about how good the company is at supporting stuff, Sun’s representative hit us with more distortions and fabrications about the GNU/Linux industry. Here’s the truth — there are several companies that can and do provide corporate support for community-developed operating systems, including:

Commercial OpenBSD support
UserLinux (Debian) commercial support
Levanta, which I’m not familiar with, but they offer GNU/Linux services and support
Wind River (BSDi) offers all kinds of engineering support services too

Hardware envy

Solaris 10, in the words of one of its top developers, is a collection of great, new, unique features that add up to “the world’s most advanced operating system.” But while it can do a lot once it’s installed and running, it has nowhere near the hardware support that Red Hat Enterprise Server 3 does, let alone the amazingly diverse hardware compatibility list of SUSE Linux Enterprise Server 9. Sun just doesn’t seem to care about supporting an array of different hardware. Even Sun’s Java Desktop System 2, which uses an ancient version of SUSE Desktop as its base operating system, has horrible hardware support. I’ve struggled for months to get each successive monthly release of Solaris Express to work on my test machines; the usual foible is the integrated network chip, which is 3Com (SysKonnect/Yukon) Gigabit Ethernet LAN on one, and for a while I had trouble with an Intel Pro 1000 as well. Not only does SLES9 work famously on even the most state-of-the-art hardware from Intel, but Red Hat Desktop, which uses the same codebase as Red Hat’s other Enterprise Linux solutions, works perfectly on most of my test machines where Solaris did not.

Sun does have a hardware compatibility list that contains many components and complete systems from a variety of vendors, but it pales in comparison to nearly any modern GNU/Linux distribution, commercial or otherwise.

In an interview with Schwartz, I asked him what the advantage to choosing Solaris 10 on a SPARC architecture was. “AMD and Intel aren’t able to give you 16-CPU or 32-CPU systems,” he said. He went on to say that some of Sun’s most important hardware products were high-end enterprise-grade products that never seem to get any press attention.

The man with the golden gun

Scott McNealy mentioned the Kodak patent lawsuit that Sun settled for $92 million recently, painting Sun as a martyr that gave its money to save Java users and developers everywhere. When a journalist asked him how it saved the Java community from Kodak’s wrath, McNealy tried to draw a parallel to the RIAA lawsuits against P2P file sharers. The inference that we were supposed to draw was that Kodak was going to release a salvo of lawsuits against innocent law-abiding people who had the Java virtual machine software on their computer, similar to the RIAA’s notorious John Doe file-swapper lawsuits.

There is a serious flaw in this reasoning; there is no legal basis for Kodak to sue end users over their use of the JRE or JDK. End users did not infringe upon Kodak’s patents — they downloaded the Java software in good faith that it was perfectly legal, and they presumably abided by the license terms. Kodak would have absolutely no right to try to recover any damages from an end user or anyone else who was not a party to adding the allegedly infringing code to the Java source code.

“We took a $92 million bullet for the Java community,” Scott McNealy told us that morning. The only bullet I see from Kodak was aimed at Sun and its billions of dollars in the bank, not innocent Java users and developers. That bullet was intended for Sun, fired at Sun, and it hit Sun in the center of the bullseye; no unintended targets were damaged. The assertion that Sun Microsystems saved anyone from the Eastman Kodak Company but themselves is best described as a highly creative interpretation of the facts.

The point of the “$92 million bullet” was to show that Sun Microsystems will “indemnify” its users against similar copyright, patent, or trade secret claims. Never mind the fact that such indemnification is pointless. Really this was a thinly veiled attack on the Linux kernel and the SCO debacle. In other words, Sun wants you to think you’re safe with Solaris, and unsafe with Red Hat.

When I pressed him a bit further on the Java/Kodak issue, asking him specifically whom he was protecting from the Kodak bullet, McNealy finally gave me a good answer without any fluff, drama, or creative license: “I didn’t want to confuse the Java community with pending IP litigation,” he told me. That makes perfect sense — Sun did not want developers to shy away from Java due to the Kodak lawsuit, so he settled to get it over with. I was left wondering why he didn’t say that in the first place, rather than give us a dog and pony show about Kodak’s legal marksmanship.

Open source: Java and Solaris

The Sun execs said some pretty silly things during the Solaris launch, but not everything was bad. Not only were the technical discussions excellent, but I managed to find out some interesting and never-before-reported details about some of Sun’s licensing plans.

Someone asked Scott McNealy if Java would ever be open sourced. His answer was that he didn’t think so, because he thought that the Java Community Process was a good enough solution as far as community participation and input was concerned. The problem with this answer is that it only responds to the developer end of the equation.

I asked Scott McNealy if he ever considered Java’s closed licensing from a user’s perspective, and I gave him the example of FreeBSD/AMD64, which has no native 64-bit JRE because Sun has not yet provided one. FreeBSD’s AMD64 edition is uniquely limited because 32-bit binary support in the software is not yet fully implemented, so you can’t easily use the 32-bit FreeBSD Java Runtime Environment. You can hack it to use the 32-bit Linux JRE, but that’s not the point — I didn’t build a 64-bit workstation to use a hacked, emulated 32-bit Java virtual machine. Furthermore, FreeBSD users can’t retrieve Java from the Ports system — they have to visit several different sites to download binary files first.

“This is what the end user sees of Java; if it were open sourced, we could have a native 64-bit build on FreeBSD and comfortably use Java programs,” I said. McNealy was silent for a moment, then said that I should talk to Software Group VP John Loiacono, who was in attendance that day but not at that particular interview. Later on I did have the chance to speak with Loiacono; he gave me details on how not-for-profit organizations like the FreeBSD project can get a free license to distribute the JRE, and suggested I read over the Java Runtime License and get back to him with an assessment of what could be changed to be more user friendly. Rest assured, I will do that. But even if FreeBSD can distribute the JRE for free, I still won’t have a native 64-bit edition.

Arguably the most important question I asked Scott McNealy was, “What proprietary code had to be taken out of Solaris in preparation for open sourcing it?” McNealy responded by saying that the process of open sourcing Solaris actually started five years ago. “There were hundreds of encumbrances to open sourcing Solaris. Some of them we had to buy out, others we had to eliminate. We had to pay SCO more money so we could open the code — I couldn’t say anything about that at the time, but now I can tell you that we paid them that license fee to expand our rights to the code,” he said, referring to the February 2003 multi-million-dollar purchase of expanded Unix SVR4 license rights from the SCO Group. That was at the beginning of SCO’s war on Linux, and the timing of Sun’s license purchase was suspicious. At the time it was widely theorized in the online press that Sun had purchased the expanded Unix licenses to help fund SCO’s lawsuit against Sun’s lifelong nemesis IBM and public attacks on Sun’s part-time rival, GNU/Linux; if what McNealy says is true, a lot of pundits owe him an apology.

Staring at the Sun

Sun may be turning over a new leaf by open-sourcing Solaris and adopting a friendlier posture toward open source developers. Oddly enough, the company doesn’t really have a reason to be so evasive; Solaris 10 is an outstanding operating system and it can stand on its own without making misleading claims about the competition.

At the end of the launch event Jonathan Schwartz made an impromptu speech; I didn’t hear most of it, as I was too far away, but he did end his comments with something about Slashdotters. I ambled over to Schwartz and said, “If anyone here is going to get an article onto Slashdot, it’s probably going to be me (since NewsForge and Slashdot are both part of OSTG). Tell me what you’d like Slashdot readers to know.”

“Tell them that we’re returning to our roots,” Schwartz said, referring to the company’s renewed focus on the Solaris operating environment.

“And we want developers back on our side. If there’s more for us to do, we’ll go do it,” McNealy added. It was the first time all day that I felt that the two had broken character and simply told me what was on their minds.

Before I could thank them for their time, I was interrupted by a Sun PR flack, who informed me that I was not supposed to be there and that she was going to escort me to the door. It turns out that the press was supposed to leave a half hour before that, and that the end of the party was for Sun employees only. Somehow my colleague Chris Preimesberger and I were overlooked during the press and analyst roundup. So like the cops arresting the Monty Python cast at the end of “The Holy Grail,” my colleague and I were ever so gently forced to leave the building. If only we’d been developers instead.

Discuss this article or get technical support on our forum.

Comments (0)

What You’re Telling Me By Running Windows

Filed under: Editorials — @ 8:11 pm

There’s a community center in my town where you can do things like take classes for a variety of interesting things, play basketball, run on an indoor track, or exercise in the workout facility. Until recently I bought monthly membership passes to use the exercise rooms — until, that is, someone in management decided to start collecting more information about the members and storing everything on a small, unmonitored, Internet-connected, Windows XP-based network. What were these clowns thinking?

It does not instill confidence in me to see a business I frequent using Windows for production systems; even less so when they are obviously underadministrated. That little four- or five-node network is a time bomb; it is a disaster waiting to happen. I know what a debacle a Windows network is when you depend on it because I’ve experienced it firsthand.

I set up and administered production Windows networks myself, many years ago, before I’d given any serious consideration to the budding GNU/Linux operating system. I worked for an electronics repair business as a technician; specifically I worked on home office equipment, but since I was “the computer guy” I was required to also build and maintain the company network and all of its computers. I also built and installed similar networks for customers of that very repair shop.

I’ll never forget the Microsoft Word virus that infected every computer on our network, how the boss wanted me to illegally install my personal copy of Norton Antivirus to get rid of it, how I had to come in early and stay late to troubleshoot problems with Windows NT4 and, later, 2000 on our server. The word “nightmare” doesn’t quite describe it. I felt like I was piloting a ship that by all rights should not have been afloat, and land was nowhere in sight. Before I left that company, the boss was looking into putting Red Hat on the server — but no one at the company knew anything about GNU/Linux, so it was a big mystery. I’d wager that my personal copy of Windows 2000 Professional is still running — or rather, staggering — the database server there. It doesn’t matter, I guess; I’m not using it.

And then I went to the gym

I quit that job and figured that my days in the Windows trenches were over. As a small business sysadmin, they were, but as a regular consumer my problems had just begun — and now I have even less control over the networks that I have to indirectly deal with.

Last week I went to the aforementioned community center to work out, and found that they had installed a small network with about a half dozen Windows-based machines and a single Web cam. The idea is, instead of handwritten workout passes, people would be issued computer-generated membership passes, complete with their photo and signature. At the time I was in, this facet of the system was not yet operational, and I’m glad — I would have caused a scene if they wanted to create a “file” for me with my photo, home address, phone number, method of payment (credit card number?), and workout habits. The mere existence of such a file owned by someone who is not me or the government is something I have a problem with, but privacy concerns aside, I was appalled at the lack of security precautions taken.

The two systems at the new check-in desk were obviously running Windows XP, and from what I could see on the screen they had been given a default installation. The hardware appeared to be from HP, and I couldn’t tell what software was being used to keep track of the new membership database, but it certainly was colorful. The Webcam sat on the counter facing the waiting line. There was no server in sight, and having been through the offices a couple of times, I know that there is no place for a secured server room. Both staff members at the desk were new hires, and one of them had taken the time to customize her desktop with a picture of her friends at some kind of sports event. At the old check-in desk, which still functioned as a place to sign up for classes and such, two employees were using Outlook Express to read their personal email, and Internet Explorer was running in the background. Based solely on these observations, I drew the following conclusions:

The workstations are not secured against employee tampering
No reasonable precautions have been taken to prevent local intrusion into the network
The membership database was wide open locally and remotely for anyone to steal, delete, or modify
The risk of outside attack through a virus, trojan horse, or phishing scam is extremely high
My personal data is not safe at this facility

I struggled to understand how any (sober) professional sysadmin could have designed and implemented this system. That’s when I remembered my days at the repair shop, with the cheapskate boss who wouldn’t pay for the proper software tools to limit local and remote damage to the production environment. The community center will not cease to operate if the system dies, but far worse things could happen: member credit card numbers and other personal data are at risk.

My next thought was, “What moron used Windows for this network? Why didn’t they use GNU/Linux?” They could have saved money (my tax dollars and membership fees) and gained an enormous amount of security while still allowing the employees to get their email and such. Again I remembered back to my days as a conscript sysadmin, having been forced to use Windows because we didn’t know any other operating systems — and four years ago GNU/Linux wasn’t the OS it is today. But this is 2004 — there is no excuse for not knowing about GNU/Linux if you’re a sysadmin or any other IT manager or decision maker. Furthermore, there is no excuse for not using a GNU/Linux or BSD-based solution for this type of environment, especially when there is no pre-existing data to migrate.

What Windows tells your customers

I’ve seen a few production environments in small businesses that were designed by the owner’s or manager’s brother or teenage son, complete with ridiculously high-performance yet surprisingly low-quality consumer-grade hardware and unlicensed proprietary software. It’s conceivable that the designer is merely a regular employee who “knows about computers” — much like I was at the repair shop — but doesn’t know anything about security policy, server logs, strong passwords, firewalls, proxy servers, audits, backup scripts and all of the other hardware, software, and administrative tools and tricks that an experienced sysadmin has in his or her arsenal. It’s frightening how often these two types of people design small business networks.

A third possibility is that some PHB working for the town has decided that everyone should use Windows because that’s what is on his desktop at home. He may have called in HP to install the hardware and set up the software, or he may have put the job up for bid to local computer shops, who would do the same thing with less regard for quality. In any of the above scenarios, the network is left without a security policy or a competent administrator.

Of course it’s also possible that there is some hidden back room in the dark recesses of the community center where a wizened old sysadmin is carefully monitoring the network for signs of trouble. He’s installed firewall and antivirus software on every node, has a spare machine for testing new software updates and a heavily restricted proxy server to keep out unwanted Web traffic. Every night when the employees leave he applies any necessary, pre-tested security updates, backs up the database to removable media, and ensures that his users haven’t circumvented their restrictions. Then before he goes home he disables the Internet connection to avoid surprises in the morning.

Yeah, maybe — and maybe I’ll be Angelina Jolie’s next husband. Of course if our mythical small business sysadmin were really that savvy, he’d be using GNU/Linux or BSD and he’d have spent a small fraction of the money and do half the work to get the same results as the Windows environment.

The bottom line is, when I see Windows XP in your business running your production machines, I know that you can’t be trusted with my data. I know that it’s likely that your network is about as secure as a liquor store during a street riot. I know that one disgruntled employee can destroy everything. I know that local users are just as likely to unwittingly screw your whole network as an outside attacker is purposefully. But most of all, I know that you didn’t take the time to do things right, to safeguard the data that your customers have trusted you with. Windows has no place in outward-facing production environments; this is 2004 — you should be using GNU/Linux for scenarios like the ones mentioned here.

And me? I’ll work out someplace else.

Discuss this article or get technical support on our forum.

Comments (0)

Review: Gentoo Linux 2004.2

Filed under: Archives, Linux News — @ 8:10 pm

Gentoo Linux is the BSD of GNU/Linux distributions; it’s elegant and customizable and you know exactly what you’re getting when you install it. No mystery programs, no packages that you have to deinstall because you’ll never use, no clutter, and everything is customized to your needs. If you do it right, Gentoo is also faster than your average GNU/Linux distro because everything can be compiled with higher compiler optimizations. The 2004.2 edition of Gentoo Linux lacks the improvements I had hoped to see, but this is still the best community GNU/Linux distribution for desktop tinkerers. Some even say that it makes a good server, too.

If you’re heretofore unfamiliar with Gentoo Linux, it’s a source-based GNU/Linux distribution; that means that you compile some or all of the operating system and the accompanying programs from source code. There are other source-based distributions, such as Source Mage, ROCK Linux, Onebase Linux, Lunar Linux, and Sorcerer, but what makes Gentoo unique among not only GNU/Linux distributions but most operating systems in general is its Portage program management system. Portage is like Debian’s APT tools, except it’s much easier to configure and use, and it generally handles the downloading and compiling of source code packages rather than binary packages.

Portage was originally based on the concept of the FreeBSD Ports system, which was the pioneer in source-based package management utilities. Ports categorizes programs in the /usr/ports directory, where the user must navigate to the proper place and run the make install command, whereupon the program source is downloaded and compiled along with any necessary dependencies.

Gentoo’s Portage system combines those steps automatically; all you do is type emerge followed by the program name and the software automatically finds the program, downloads it, checks its dependencies, compiles, and then installs it. It needs no configuration under most circumstances; only if you want to install one of the few “masked” packages (which are generally deemed unstable for one reason or another) do you need to modify any config files. Searching for packages is as easy as using the -s flag with the emerge command, and updating is just as simple.

The programs in Portage are generally more up-to-date than you’d find in any APT repository, and since you can compile them specifically for your architecture they can operate significantly faster than precompiled binary packages, which on most operating systems are compiled for the least common denominator — i386 or i586. That being said, if you’re on a slow system or need to save some time, Portage also has a number of binary packages available for many of the most popular programs.

What’s new in 2004.2

Earlier this year the Gentoo project team decided to change its version naming convention from small numbers to date-specific identifiers. Gentoo Linux went from version 1.4 last fall to version 2004.0 the following winter. The 2004 is — of course — the year of the release, and the 0 stands for the number of the release. As you may already know, programmers generally like to start numeric lists with zero instead of one, so 0 is the first release of this year. 2004.1 followed in the spring, and now we have 2004.2.

According to the 2004.2 release information page, the primary focus of 2004.2 was to improve the quality of the release media. The main additions to 2004.2 seem to be LiveCD support for SATA hard drives, wireless networking, and SMP. Aside from that I found 2004.2 to be much the same as 2004.1 and 2004.0 before it. It still uses the 2.4 kernel by default, the AMD64 edition is still a nightmare to install, and the installation procedure for all architectures is still tedious and time-consuming.

With a binary Linux distribution the kernel doesn’t matter all that much to most users, but Gentoo Linux becomes a whole different operating system when you use the 2.4 kernel as opposed to the newer 2.6 tree. 2.4 does not have intrinsic support for ALSA or serial ATA hard drives, so not only do you have to install sound drivers through Portage instead of through the kernel configuration file, you also are limited in the hardware that you can use. It’s far more complicated than I can communicate in a review; what you need to know is that the 2.6 kernel should be your first choice when installing Gentoo Linux unless you have a very specific reason to use 2.4.

The Gentoo Handbook has been updated extensively, and the installation instructions have been split from one guide into several architecture-specific guides. I found the x86 installation guide to be accurate and easy to follow, if a bit bloated. My chief complaint about it is that it badly needs a competent editor; the authors get too chatty and go into details that are best left for footnotes or a separate section or sidebar for special-case situations. The installation portion of the document could be cut in half just by taking out such annoying superfluities as the lengthy and wholly unnecessary introductions, facetious comments, and smiley faces. Of course, silly me, I went straight to the handbook first and didn’t see that there were streamlined instructions for more experienced users.

It seems like every new Gentoo release has a fancier graphical splash screen and a more complicated “do it by hand” installation procedure. The procedure has remained mostly the same over the past few releases — a few twists and turns aside — and although the instructions are easy to follow, the entire process takes far too much time. More often than not, it involves typing in commands you will never need to use again. As a veteran of at least a dozen Gentoo installations across several versions, I can’t help but think that the time spent updating the manuals would have been better spent creating a simple shell script to take care of all of the tedious command copying from the installation guide — something along the lines of the OpenBSD installation script, which is simple but effective. Such a script would save a user or admin from having to go back and forth between consulting the documentation and copying complex commands into the terminal. For this reason, I’ve found that an installation through OpenSSH (which is included on the LiveCD) is the best way to do a Gentoo Linux installation quickly — you can copy and paste commands into the SSH terminal directly from a Web browser.

The AMD64 edition of the 2004.2 release is best described as poorly tested — following the installation instructions did not produce a working operating system for me, but I was able to figure out some ways around the mistakes in the documentation thanks to some tips on the Gentoo forums. The LiveCD, as it has done for all previous versions, did not properly detect and install the kernel module for the 3Com Gigabit Ethernet LAN chip integrated into the ASUS K8V Deluxe motherboard (curiously, the x86 edition does not have a problem with this). Fortunately it loads properly via modprobe, and from previous experience I already knew that the module name was sk98lin.

On my first attempt to get the AMD64 edition installed on an Athlon 64 system using the above-mentioned mainboard, I was not successful — I’ll try again when I have some spare time, but for now I can’t recommend the AMD64 edition to any but the most experienced GNU/Linux or FreeBSD veterans who are able to trace and resolve errors in configuration and compiling. You can also scour the forums for help if you have another working machine with a Web browser. You’ll probably find everything you need after an hour or so of searching and reading, but one should not have to read forums, newsgroups, or mailing lists to install an operating system. The documentation should be accurate and the software should be properly tested and fully functional, and in the instance that it is not fully functional, it should at least be predictable.

Gentoo on the desktop

Once it’s installed and you’ve completed the first boot, you’re still a few hours (or days, if you have anything less than an Athlon XP or Pentium 4 processor) away from a usable graphical desktop. The best way to get to X11 is to emerge either KDE or GNOME (or both) and then work from there. If you know how to configure X.org to start your favorite window manager, you can alternatively emerge X.org and then your window manager of choice.

You can emerge several programs at once if you like, but make sure that they don’t have common packages that will try to compile at once — both compiles will fail and you’ll have to restart the emerge process. If you’re smart about emerging, you can have four or five virtual terminals compiling different programs at once without any problems.

Once you’ve installed most or all of the software that you need, Gentoo provides a fast and easily updated desktop operating system that has a gigantic arsenal — to the tune of more than 7,000 packages — of extra programs in the Portage system. Updating is as easy as typing emerge sync and then emerge -u world. Historically this has occasionally resulted in a failed upgrade of some critical package, such as GCC or Perl, but 2004.2 seems to be more stable in that regard, from what I can tell after several days of use. Obviously some problems will be isolated or won’t show up until there is an upgrade to a critical package, but I’ve found that the Gentoo forums are generally responsive to failed ebuilds and you can get assistance with your problem rather quickly (or the problem will simply be addressed and fixed in Portage). The online Gentoo forums are probably the best, most friendly distro-specific community on the Internet, and are a welcome alternative to the mailing lists and newsgroups dominated by curmudgeonly developers that some community distributions rely upon for support.

Gentoo Linux requires some patience and a willingness to learn how to solve problems. If you absolutely hate to tinker with software and demand something that “just works” in whatever definition you deem valid, stay away from Gentoo. Even if Gentoo Linux adopts a sensible installation script or utility someday, or if you use VidaLinux (a graphical and easy-to-install Gentoo-based distribution), you’ll still have to do some configuration work and some occasional maintenance and problem-solving.

Gentoo often has the latest software before any other distribution offers it. That means you’ll get the latest versions of Mozilla, Evolution, GNOME, and other programs long before they’re ncluded in commercial distributions or inserted into the unstable branch of Debian’s package repository.

Gentoo as a server

As a server, Gentoo Linux is a bit different; if you’re only running some services from the command line, Gentoo becomes much simpler to install and maintain. The key to keeping Gentoo stable is to minimize the amount of software that you install on it, so the less there is to update, the less opportunity there is for broken circular dependencies and other Portage-killing debacles. These are problems that can happen on other operating systems as well, but are somewhat more easily found and fixed on Gentoo than on most others.

Portage can create binary packages of programs installed from source code. In other words, you can create a backup of all of your installed software in binary form, compiled to your specifications and for your system. If you ever have to reinstall, you can restore all of your programs through Portage by installing your custom premade binaries. You could also use this capability to deploy the same software over a number of identical systems.

Gentoo will probably never replace Debian, Red Hat, SUSE, or FreeBSD in the Web hosting market, but it adds a kind of variety that is necessary to the survival of the Web. It’s also quite often specifically requested by hosting customers who prefer to work with Gentoo over other operating systems — the OS itself has enough fans to merit a place for it in the server market. In addition to hosting companies, there are also about a half dozen custom hardware companies worldwide that offer Gentoo Linux preinstalled on new computer systems, both for desktop and server use.

Versions

Gentoo Linux is available in two CD images: a 78MB “Minimal” ISO, which has only what is necessary to boot the LiveCD — no packages and no resources for installing Gentoo locally; and the 605MB “Universal” ISO, which includes everything you need to install Gentoo without an Internet connection. There is also a “packages” ISO that contains many binary packages for some commonly installed programs like KDE, GNOME, Mozilla, and OpenOffice.org. Obviously it’s much quicker to install a binary package than it is to compile a package from source, but you tend not to get the same optimizations in a precompiled package that you would from Portage.

Gentoo offers three “stages” tarballs for installation, which can be downloaded individually from a Gentoo mirror or unpacked directly from the Universal CD. You can essentially make your own LiveCD if you like, then download a stage tarball and unpack it to an empty drive. Some people even use Knoppix as a LiveCD to install from, in which case they have a working, graphical, Internet-connected system to use while Gentoo is compiling and installing.

Stage1 bootstraps your system, so you unpack mostly source code and a directory skeleton to your root directory and then build GCC, GlibC, and other necessities. After that you’re basically where stage2 starts off; you build Portage and use it to download your Portage tree, which is then the basis for emerging the rest of the system. At that point you’re where you’d be if you started from stage3, and all that’s left to do is download the kernel source and compile it, then install and configure your boot loader.

On the fastest desktop systems on the market, the entire process will take between three and four hours if you’re vigilant and can wait nearby to watch its progress; stage2 and stage3 installations are incrementally quicker to install but offer less optimization. On slower systems, the sky is the limit for installation times. No matter which stage you choose, you still have to start the process by partitioning and formatting your hard drive using the command line, then setting the root password and the date, and setting up and configuring your network if you have one.

Conclusions

Gentoo Linux development seems to be moving very slowly, which is odd for an operating system that people generally choose for its speed and its arsenal of newer-than-usual programs. The lack of an installation utility greatly hampers a user’s or administrator’s ability to quickly deploy a Gentoo system in any kind of environment. Even doing a stage 3 install takes a little too long — the process could be mostly automated by using the simplest of Bash scripts. In the future it would be nice to see such a script or even a graphical installation program employed to ease the amount of keyboard time required for deployment. Admins have better things to do than babysit an installation for an hour or (much) more.

The 2.4 kernel is a horrible choice for Gentoo because the installation and configuration of sound and video driver modules is not automatic as it is with commercial distros. If you want sound, you have to wrestle with ALSA by installing it through Portage. Having been through that nightmare in the past, this single point alone makes a solid case for dumping 2.4 in favor of the 2.6 kernel for desktop users. For server use, the 2.6 kernel offers better performance for SMP machines and has expanded hardware support, especially for AMD64-based computers and modern x86 servers that use SATA RAID. The Gentoo project should deprecate and/or mask the gentoo-sources package — or perhaps rename it to gentoo-2.4-sources — and make 2.6 the default and recommended kernel for all architectures.

The project team itself appears to be highly organized and well managed, and the forums are an excellent resource for those in need of assistance. I wish the team had done more with this release to advance the state of the operating system, but even as it is it isn’t bad if you know what to expect.

Overall, Gentoo Linux 2004.2 is the same as it’s been since 1.4 — it’s still a pain to install, but once it gets going it can be a real pleasure to use on the desktop or in the server room.

Purpose	Operating system
Manufacturer	The Gentoo Linux project
Architectures	x86, AMD64, PPC, HPPA, SPARC
License	The GNU General Public License, but some programs in Portage are under other non-free licenses
Market	Desktop tinkerers, Web and dedicated game server hosting
Price (retail)	$10 from the Gentoo online store, includes only a single universal LiveCD for SPARC, AMD64, or x86
Product Web site	Click here

Discuss this article or get technical support on our forum.

Comments (0)

| Contact Us | About Us | RSS FAQ |
Copyright 2008. All content items belong to their respective authors.

Review: A4Tech AK-5 Easy Go Optical Mouse

Filed under: Archives, Hardware Reviews — @ 6:08 am

This mouse is portable, compatible with everything, and small but not intolerably uncomfortable. It’s not as innovative, expensive, or convenient as Logitech’s wireless USB laptop mouse, but at least it works with a wide variety of operating systems and won’t hurt your checkbook too much.

Manufacturer	A4Tech
Interface	USB only
Buttons	Two plus the clickable scroll wheel
Price (MSRP)	$11
Product Website	Click here

Design

The Easy Go Optical Mouse is small and lightweight, and the cord is easily wrapped around it so that you can stow it when travelling. The USB connector fits into the bottom of the mouse, leaving the entire device as a tightly wound package that is easily transported. The mouse requires no batteries; it gets its power from the USB port instead.

The Easy Go Optical Mouse is small, but not too terribly uncomfortable. Obviously this is not meant to be used in place of a standard desktop mouse; it’s a laptop mouse meant to be used on occasion. Given that purpose, it fills its niche perfectly.

Installation

I had no trouble using this mouse in Windows, GNU/Linux, or FreeBSD — just plug it in and go.

Packages

The Easy Go mouse only comes in one package, as listed.

Review: A4Tech NB-30 Battery-Free Wireless Optical Mouse

Filed under: Archives, Hardware Reviews — @ 10:56 pm

It seems pretty hard to believe — a wireless optical mouse that doesn’t use batteries. There must be some catch, right? It has to be inaccurate, cheaply made, grossly expensive, or dependent on Windows-only software. In this case, A4Tech’s NB-30 Battery-Free Wireless Optical Mouse has no catch — it works superbly and doesn’t cost all that much.

Manufacturer	A4Tech
Interface	USB only
Buttons	Two plus the clickable scroll wheel
Price (MSRP)	$40
Product Website	Click here

The NB-30 setup consists of a flat plastic mousepad, which has a wire going to a USB port on your computer, and a wireless mouse. Some say that the wire on the mousepad disqualifies the NB-30 from being truly wireless. The primary advantage of a wireless mouse, however, is the fact that the cord doesn’t hinder its movement. Those who value cordless mice for the ability to distance themselves from their computer a bit will feel the NB-30’s cord limitation.

The mouse gets its power from its proximity to the mousepad. While it doesn’t necessarily have to be touching the mousepad to receive a signal, it must be within approximately two inches of it. If you like, you can use teflon tape on the mouse feet, or even set another mousepad on top of the A4Tech pad, and you’ll still be able to get a solid connection. Having said that, there really isn’t much reason to use a different pad — the A4Tech mousepad has an excellent surface that makes for easy sliding. After two weeks of heavy use (including gaming), it doesn’t seem to have worn down at all like some aftermarket “gaming” mousepads do. I don’t know how long the mousepad is expected to last, but at $40, the entire setup is priced to be able to replace it once every year or two if necessary. If you were to use teflon tape on the mouse feet, I’m sure you could get some extra wear out of the mousepad.

The mouse itself is a little too small for my hand, and the scroll wheel is further back than I would prefer it to be. My pinky drags considerably, making it impossible to rest my hand comfortably while using this mouse. The mousepad is also a little too small for my taste. While it’s roughly the same area as a standard mousepad, it’s not exactly ideal for gaming.

The accuracy and responsiveness of the A4Tech NB-30 was perfect — as good as or better than any other wireless optical mouse I’ve tested so far.

A4Tech claims that this mouse will not interfere with other wireless devices. I found this to be true; just the same, the mousepad comes with a “tune” button to re-adjust its frequency in case of RF interference. I never had to use it, and work with a wireless keyboard and two other wireless mice within three feet of my test machine.

The clear plastic parts of the mouse, as well as the translucent scroll wheel, glows red when the mouse is moving. It’s pretty cool, but not exactly one of this product’s make-or-break selling points.

The NB-30 worked perfectly in Windows, GNU/Linux, and FreeBSD. Just plug it in and go — no special configuration or software driver necessary. The only thing that was odd about the operation of the mouse was the fact that clicking both mouse buttons at once did not substitute for the third button. In GNU/Linux, for instance, selecting text and then clicking both buttons simultaneously would copy and paste text. With the NB-30, this doesn’t happen — you have to press on the scroll wheel in order to get third-button functionality.

The NB-30 is a standalone product with no special packages. There is, however, a more advanced model called the NB-50. I didn’t test that one, but it looks like it’s the same mousepad with a slightly different mouse.

A4Tech NB-30 ratings:

Physical Design:	7/10
Electrical Design:	10/10
Gaming Suitability:	8/10
Compatibility:	10/10
Value:	10/10

SCORING: Each category has a maximum of 10 points, so a rating of 10 is perfect and a rating of 1 is abhorrent. It is entirely possible for several mice to have a 10 rating in some categories. There is no “overall” number because it isn’t accurate to judge a product by an overall rating; rather you should evaluate each mouse according to your needs and budget. “Physical Design” refers to the appropriateness of the size and shape of the mouse, ergonomics and comfort. “Electrical Design” is an evaluation of the resolution, accuracy, power consumption (if applicable) and response time. “Gaming Suitability” is a measure of how useful a mouse is for gaming based on its design and features. “Compatibility” refers to how well the mouse works in both its USB and PS/2 modes (if applicable) in Windows, GNU/Linux and FreeBSD. “Value” refers to the quality of the mouse in proportion to what you’re paying for it.

Intel D915GUX review

Filed under: Archives, Hardware Reviews — @ 2:36 pm

Intel’s 915G chipset provides a highly advanced alternative to its equally complex yet higher-performance 64-bit cousin, the 925. If you’re not going to go with an EM64T or Extreme Edition Intel processor, there really isn’t any reason to get the more expensive 925-based motherboards. And if you want a high-performance Intel workstation with a lot of great onboard peripherals, the D915GUX is a choice worth considering.

Intel D915GUX

Manufacturer	Intel
Model	D915GUX
Chipset	Intel 915G
Formfactor	microATX
Market	Desktop/Workstation
CPU support	LGA775 533mhz and 800mhz FSB Pentium4 and Celeron D processors. Does not support the 400FSB.
RAM	PC2-3200 (400mhz) and PC2-4200 (533mhz) DDR2 memory only. This board does not support DDR SDRAM; ECC memory is not supported either. Maximum RAM capacity is 4GB using 1GB DDR2 modules.
Video	PCI Express. AGP is not supported. Onboard video is Intel Graphics Media Accelerator 900 (GMA900)
IDE	One ATA100 interface
Firewire	No
USB	USB 2.0 (4)
LAN	Intel PRO/1000 using the Marvel/Yukon 88E8050 PCI-Express chip
Sound	Realtek ALC860
RAID	SATA (4) using the ICH6R controller, supports mode 0, 1, and a unique 2-disk implementation of 0+1 using Intel’s Matrix Storage Technology
Frontpanel headers	Two USB headers supporting up to four additional ports on the front or on a rear faceplate
Other	N/A
9-pin serial	One
Parallel	One
Game/MIDI	None

The D915GUX has a lot of cutting-edge technology for such a small package. AGP has been replaced by PCI-Express, DDR has been replaced by DDR2, and there is only one ATA connector — presumably for your optical drive. This is a motherboard meant to take full advantage of the market’s latest technology. For an inexpensive motherboard, that’s a rather odd property; you don’t pay a lot for the board, but if you want to take advantage of all of its features, you need to buy a more expensive hard drive, video card, and memory.

In case you don’t want to shell out the big bucks for ATI’s PCI-Express cards, the onboard video is competent on the Intel D915GUX. The Linux and BSD support for Intel’s new graphics chipset is not quite there as of this writing, and the LAN implementation is also unsupported (although I suspect it would take little effort to get the current SK98LIN driver to support Intel’s Marvel/Yukon implementation).

For testing, I tried out Crucial’s PC2-4200 DDR2 memory. At the time I bought it, it was very expensive and I could only get two 256MB modules. You definitely want to install RAM in pairs for best performance, and if you can afford it, I would highly recommend at least two sticks of 512MB for best performance. DDR2 memory is not as fast as it would seem — or at least, it is not significantly faster than cheaper DDR SDRAM. The D915GUX only supports DDR2, but other Intel boards like the D915GAG and the D915GAV do still support the older DDR technology.

One of the lesser-known features of the new Intel motherboards with onboard RAID is their support for Native Command Queuing in newer Seagate and Maxtor SATA hard drives. NCQ has the potential to greatly increase I/O performance (along with the PCI-Express bus), but that’s a review for another day.

I found the onboard video to perform about as well as a low-end ATI or Nvidia card, although I didn’t record any benchmarks to measure the exact difference. Unfortunately, like DDR2, PCI-Express video has not yet reached a point where it offers a significant advantage over AGP8X.

While the D915GUX could be used for practically anything, its feature set suggests that it is best suited for a high-performance Intel-based workstation or desktop machine. Gamers will more than likely find the D925 series a more high-powered choice for 3D rendering, although the D915GUX could serve as a lower-cost alternative to the high-end 925 motherboards. You’ll still have to shell out for a PCI-Express video card and SATA hard drives, but you’ll be able to use a standard LGA775 Pentium4 or Celeron D processor instead of the far more costly EM64T or Extreme Edition processors.

December 27, 2004

Review: A4Tech AK-5 Easy Go Optical Mouse

A4Tech NB-30 ratings:

December 26, 2004

Review: A4Tech NB-30 Battery-Free Wireless Optical Mouse

A4Tech NB-30 ratings:

December 18, 2004

Intel D915GUX review

December 9, 2004

OpenBSD 3.6 Review

Solaris 10: a collection of great, new, unique features

Linux is Not Red Hat, and Other Sun-isms Debunked

What You’re Telling Me By Running Windows

Review: Gentoo Linux 2004.2