On Sun, 2010-02-14 at 13:27 -0500, Dennis Clarke wrote: > > [Note: I have no particular extra "inside" information about this topic > > - this is solely my opinion as a sysadmin, and I speak for no one but > > myself] > > > > > > In all honestly, if an entity makes an Operating System available for > > free, then security fixes should be provided as Good Citizenship. > > Naturally, I'm assuming that the entity has a development organization > > behind that OS, and that it is actively working on all sorts of patches, > > for both paying and non-paying customers. But to offer an insecure > > product (or one which rapidly becomes insecure, which, let's face it, is > > /all/ software) and fail to provide basic security patches is Bad Faith, > > in my opinion. > > I agree with this completely. I had to stop and think about the rather > ugly retrograde hole in telnet that shipping on the actual hard media for > Solaris 10 at some point. To not offer security patches, freely, is a > major weakness. > > However there must be a sustaining revenue base for engineers to work. > > > Preferentially, I think a reasonable thing for Oracle to do with Solaris > > is the following: > > > > (1) Quit giving away Solaris 10. Instead, provide several different > > Support Contract levels for Solaris 10, with a very basic one providing > > /solely/ security patches for some nominal fee (<$100/yr/server). Other > > gradiations as desired, of course.
Sun.COM types just don't get it - Sun _had_ to start giving away Solaris 10 because outside of Suna and old silver back Unix geeks in the financial service sector datacenters Solaris was becoming increasingly irrelevant. Those who didn't grow up on Unix in the 80's grew up on MS in the 90's and they're the ones running the show in much of the business world now. Some of this latter group discovered Linux and the *BSD's when they were in college. A subset of those started up what became the largest sites on the Internet; Yahoo (FreeBSD) and Google (Linux) using stacks of white box pc grade hardware. Later some big iron did find it's way into those shops but those aren't the stories you hear about. In order to regain much lost traction Solaris NEEDS mindshare. Where there are LOTS of other *nices available for free you'd better make your's away for free as well if you want to have a chance in hell in the competition for that mind share. It's like when Bill Gates tried to ignore the reality of the Internet and write it off as a "passing fad" because it was competing with internal proprietary network protocols that he was hoping would sway the day. Well.. that didn't work so he was smart enough to read the hand writing on the wall. > Here I agree. The Sparc systems can have an RTU on the hostid again. Just > like the old days. I have no idea how you would track x86 systems given > that the iso images are in the wild and you just can not stop people from > passing torrents. The old days are gone. We can't return. Solaris needs to move forward or die. x86 is here to stay. Embrace that and use it as a pathway to big iron SPARC machines for businesses that grow to need them. > > (2) Continue to do (most) development work out in the open in > > OpenSolaris, and provide FREE access to everything in the OpenSolaris > > repos. Use this as the "first-one's-free" hook to get people > > introduced to Solaris as an OS. And, of course, get all of us to do > > beta-testing for it. :-) Honestly, I think it's entirely reasonable > > for Oracle to declare that There Shall Be No Support Contract for > > OpenSolaris - it's a development platform, and I think efforts are > > better spent in moving along the development effort as a whole than > > having to dedicate some folks to support services. > > I have a problem with software where there is no support contract of any > kind. There are too many IT environments that will simply not accept > software which does not have a paper trial and a support contract. That is > still firm policy in some places regardless of the noises made by the > masses with their hands out. Uhm... apparently big corporate marketing types didn't notice but we're in the midst of the worst depression we've seen since the BIG Depression? Moreover, I don't see it as a matter of standing with my hand out. I see it as objectively evaluating the options. On one side we have a LOT of freely available *nix like offerings, a subset of which offers commercial support. So I can hone expertise in one such OS and opt for commercial support as suits individual client needs. In my opinion Sun was on the right path towards regaining lost mindshare with 1) porting Solaris to x86, 2) making it free to use, and 3) providing security patches. If they'd only done it 5 years sooner then I suspect they'd still be Sun and not Oracle. Give Solaris 10, 11, etc. away for free. Provide free security patches. The important thing is to get Solaris back out there. Make your money elsewhere. > We really do need to realize that this is 2010. Not 1994. There are vast > talented organizations that have a business objective to crack and hack > and attack networks and information access points. Internally also. All > operating systems today and forever in the future must give serious > thought to security and quality engineering. That can not be done without > an established revenue stream. Simply put, any business minded individual > in a customer IT division would ( and should ) look away from software > which does not have a support contract. The absence of that support and > revenue stream is a clear indication of lack of quality. Right or wrong, > true or false, people make decisions on purchases and IT policy with > arguments like this. I am sure you have experienced the "real world" and > it is very far from the ivory tower. It it simply full of politics, > baseless opinion and fighting middle management attempting to establish > their own world view within some corporation somewhere. Its amazing to me > that some places ( half of Fortune 100 and ALL of government agencies ) > create a product or service and can function at all. +100! (Had to clone a bunch of me years ago to keep up with the ever increasing work load...;) > Sorry for the digression but the point I am trying to make is that > software without a support contract is simply unacceptable and the RFP > gets pushed onto the floor before you get past the table of contents. > That is the "real world". Want a good product with a future? Ensure it > makes money as its first feature and everything else is secondary. lol... Dennis, if I didn't know better I'd think you'd just made the case for switching to a Microsoft platform. MS makes a hell of a lot of money but not a particularly quality product. So, no, quality does not necessarily follow profit. In fact, there is to some degree a tug of war 'twixt the two... But I digress and need to get back to porting the servers to OpenBSD. Sun might have had chance to capitalize on down the road but not now. Multiply that by tons of SMB's and SME's. So much for regaining mind share. Peace-- -- Ken Gunderson <[email protected]> _______________________________________________ opensolaris-discuss mailing list [email protected]
