| HN Mirror

Oh wow, this is a treat. Your post is an impressive attempt to demolish my own. It resembles mine here on certain topics albeit without the linked references I usually have. It certainly earned a reply. Let me do a tad of introspection to see where one or both of us went wrong here.

re CDDL. Not common knowledge for someone that doesn't use illumos. A quick look at the homepage people linked to in the past wasn't very enlightening:

https://www.illumos.org/home https://www.illumos.org/projects

Would you seriously have studied a random project more if you saw that vs what's typical of BSD. Linux, or proprietary pages? That looks like hobbyists throwing stuff together. The few posts here about it on front page are full of buzzwords and zeal common with fads that disappear after a few years. Doesn't prove it is one but I hope you understand the mental filter being applied given I have to look at dozens of pages & claims made online.

"ZFS, kdb, mdb, FireEngine, isaexec, Crossbow, vmadm, imgadm, SMF, and FMA make it a fact, not an opinion." "or someone who bills themselves as a researcher, you did not research anything I wrote about"

This is what started the style of my comments. I thought you were a zealot or trying to troll me with a reply like that. You're right that I didn't Google most of them after recognizing a filesystem and some networking/VM tools. Your post was written as if similar tools, including ZFS itself, weren't available for Linux and/or BSD's. You might be shocked to find what OS's that market leaders in cloud segment and SaaS have been running on. Hint: not Solaris. That you named off those as if nobody could do something similar or good enough on Linux/BSD... on top of their ecosystem benefits... led to the style of my reply.

"you dissed an operating environment which is paranoid about data integrity and correctness of operation"

You read my profile but clearly have no experience in my field where nobody would make that claim about any UNIX, including Solaris. Let's start with Solaris's reliability issues going back to the conception of it. It was much like other UNIX's: focus on features, cost, and performance instead of quality. Lots of lost work and crashes before it (or any UNIX) started being reliable. Even so, all of them in a cloud or business critical deployment are too unreliable to trust by themselves: usually in clustered configurations optionally with clustered filesystems, backups, and standby's that don't even trust ZFS due to single point of failure. Far as uptime, AIX wins over it in proprietary sector per surveys and OpenBSD probably in open sector. That's reliability part.

Now, let's talk my end: security. The strongest version of Solaris, either Trusted Solaris 8 or the 10 variant of it, was designed against B1 standard for Compartmented Mode Workstations plus equivalents under Common Criteria. That means it had features of highly-secure systems but not assurance of correctness or security. They did not have their code pentested or try to meet requirements like covert channel suppression important for shared resources like cloud deployments. Many versions and years where neither Sun nor Oracle would submit for strong pentesting despite smaller companies (eg Secure Computing Corporation, Sentinel) with custom or BSD-like OS's submitting theirs. Sun didn't even volunteer for free ones like SPOCK. Further, the features were even behind those like Argus Pitbull which is why said company is still in business.

Meanwhile, UCLA Secure UNIX and Trusted Xenix did aim for assurance requirements and stronger pentesting requirements. Security assessment showed inherent design weaknesses in UNIX and coding problems in commercial codes. No retrofits possible. So, they clean-slated the kernels and certain software with high privileges. Many improvements but still had lots of critiques in evaluation vs high-assurance stuff. Non-UNIX's with UNIX/Linux app layers like XTS-400's STOP did much better during multiple pentests with source. Over two decades, Solaris codebase produced avoidable vulnerability after vulnerability often with kernel mode takedown while software like Boeing SNS, XTS-400, and OpenBSD just kept going without any major breaches detected. None for SNS & maybe XTS. So, the security of UNIX and Solaris were as shitty as the reliability with vulnerability metrics and lack of pentesting (despite opportunities) to show it.

"I for one do not want any more Linux-caused priority one incidents at 02:03 in the morning"

My company has same perspective. That's why they wouldn't get off their AS/400's at various offices that never crash. OpenVMS is another option. I know they both can crash but have never seen either go down and nobody I know admining them has either. That's despite us using the hell out of them for 5-8 years between upgrades. VMS clusters have gone 17 years with IBM mainframes doing something like 30. I hear UNIX's are catching up slowly.

Now, all that said, a number of people here indicate that Solaris and its cloud technology have gotten a lot better in past 5 years or so. They think it's highly reliable and manageable. I was impressed by ZFS, Dtrace, and some self-healing parts of Solaris 10 that reminded me of NUMA and mainframe advantages. I'll at least give it another shot for non-security applications in the near future since I now know it's unencumbered and people in other threads (plus this one) testified to reliability. Curious, though, do you have some links on OS, installs, and common deployment better than the crap I have above?