Solaris has been Sun Microsystems's bread-and-butter Unix system since 1992. While Unix platforms such as Solaris now are up against the open source Linux juggernaut, Sun maintains it has the technological advantages and accommodations for open source to keep Solaris in the game. The company also cites important customer wins as evidence of the platform's continued strength. To hash out the state of Solaris in today's marketplace, InfoWorld editor at large Paul Krill recently met with Jim McHugh, vice president of Solaris marketing at Sun, at the company's Menlo Park, Calif., campus.

InfoWorld: Solaris has major users such as Joyent and General Electric. But it does seem like Linux has the momentum, not just when compared with Solaris, but compared with Unix overall. Recent shipment figures I received from IDC show Linux growing and Solaris slipping, with the Solaris volumes being reduced between 2006 and 2007. Does Sun have any new efforts planned to promote Solaris as an alternative to Linux or as a complement to Linux?

[ ManyLinux advocates that Solaris is on its deathbed. Find out why in InfoWorld's analysis. ]

Jim McHugh: I actually think that what we're hearing is Linux has made some momentum and there was some movement toward Linux, but actually we're seeing now a lot of movement back from Linux to Solaris. So basically, you could find an example anywhere that would lay out -- OK, if I moved off this old machine, running this older version of that operating system to a new machine running a newer version of [an] operating system, I will find cost savings. Right? For every example, [people were] saying, "I moved from Solaris to Linux and I saved X amount of dollars," I can give you a couple of examples right back of people who moved from Linux, an older version, to Solaris have saved a lot of money, as well.

InfoWorld: Do you have a couple of examples?

McHugh: Glasses Direct in the U.K. switched to Solaris because they found that they were relying upon Apache and that ran 450 percent faster on Solaris than on Linux. So if you're looking at a Web economy, the ability to run your application faster and faster is driving people to say, "OK, I'm going to look at Solaris for two reasons. One, if Apache runs a lot faster on Solaris, that's a big advantage to my company, but I can also take advantage of key features like DTrace where I actually can optimize the application itself that's running on the Web server, so that plays a good component of it." Others are Sapotek, when they found they had a sixfold performance increase on Solaris 10, and ZhengTu Network, which is in online gaming.

And if you're looking at the trend here of the examples I'm giving you, [for] people that are Web-facing, buying into the Web economy, scale is very important. They probably chose to start out with basic hardware and the OS that they could find. The key thing that you'll see with all these companies, it wasn't the OS that actually they were really thinking about when they were building their application. They wanted to use MySQL, they wanted to use Apache, basically they were looking at the LAMP stack and the most important parts of that were the A, M, and P, right, so they were looking at the Apache, MySQL, PHP, Perl, components.

InfoWorld: What do you see as advantages of Solaris over Windows and over other Unix platforms?

McHugh: Predictive Self-Healing [takes] the standard user messages that would pop up. You know, there's a potential error with the hardware or with a particular application, and what Predictive Self-Healing does is it kicks that back to the software and takes action on it so that it can actually shut down the hardware or restart the application in a way that prevents having failures. So it keeps availability levels up. We've looked at different components that were 30 percent higher availability just because you can actually control the memory cells and know what's going on there and know how to take action before it becomes a problem. So that's one of the key ones.

Solaris security has always been our strength, so if you're looking at what we've been doing as we were working with the government for years and years and having the highest-level security in any OS, that has been a hallmark of Solaris forever, and we keep bringing that forward. You're probably hearing more and more about Solaris ZFS. It's actually a data management system, so we've actually brought it down as the core data management in the file system from that standpoint, and that offers a lot of not only scalability, but also the ability to go backward [to a previous snapshot].

InfoWorld: As you know, I spoke with the executive director of the Linux Foundation [Jim Zemlin]. He basically sees the battle narrowing down as between Linux and Windows. How would you respond to that?

McHugh: I would respond that it seems to me what's going on and what most users see when they look at Linux isn't the Linux kernel. The first thing they see is the Gnome interface and how they back it up. They're looking at some of the other components. And so I would think the user experience that he's really talking about isn't inside the kernel dot-org. I think he's talking about the open source approach [to] doing operating systems. If he's saying it's open source operating systems and open source applications against Windows, sure.

InfoWorld: I don't think he's narrowed it down to one distribution. He's just basically talking about Linux in general.

McHugh: Yes. It's interesting. When he talks about Linux in general, he's talking about this component right down here on the bottom, [the] Linux kernel or Solaris kernel or BSD, for that matter. The BSD guys, if you tell them that all these system libraries etc. are Linux system libraries, I think they would disagree pretty openly. The same thing with the Gnu utilities. Those things are blending and merging, and I think if you look at the Gnome guys, they're a completely separate community that welcomes involvement from the Linux community, but they also welcome involvement from the OpenSolaris community, the BSD communities.

InfoWorld: Do you have any Solaris shipment figures you can offer for the last five years?

McHugh: If you look at the number of licenses of Solaris 10, the latest figure I think we put out was about 13 million, and one thing that is really important to remember, Solaris actually has more deployments than any other Unix or Linux distribution. And we also have more applications running on Solaris than there are on any Linux distribution.

InfoWorld: When you say 13 million licenses, is that cumulative over many years?

McHugh: It's cumulative since the launch of Solaris 10 [three years ago], and that is people who actually have downloaded it. Then we also have ones that we don't necessarily count, because obviously we have very big enterprise customers that have wall-to-wall contracts with.

InfoWorld: The figures I got from IDC talked about 376,000 Solaris shipments in 2006 and 371,000 last year, so that would be sharply different from your figures.

McHugh: Are they counting the number of individual downloads and things that get burned onto a master and then get put onto multiple machines?

InfoWorld: I think they're talking about the shipment totals.

McHugh: They might be counting just our hardware shipment totals. I don't know how they would count OS downloads. If 70 percent of Solaris downloads are going onto other machines -- onto IBM machines, onto Dell machines, onto HP machines -- I don't know how IDC would capture those numbers, and that might account for the delta in itself.

InfoWorld: What's been the progress of the OpenSolaris open source effort?

McHugh: We've had a lot of opportunity to expand the market for OpenSolaris. The number of downloads that are taking place just continues to climb through the roof, the number of active users continues to grow. We're about two months away from the second version of it. We recently put out a CD to students and professors, and we've been receiving a lot of really strong and good feedback on OpenSolaris. It really boils down to the fact that we have the Gnome interface, so it's much easier to use [with] the live CD component. OpenSolaris has been a really big factor in that.

InfoWorld: So basically you have OpenSolaris, which is the open source version, and you still have the commercial version that you license and for which you sell support?

McHugh: Yes. The key thing to remember is we have one Solaris but we have two different use cases. Solaris 10 is what you see inside the enterprise, [for] people who need long-term support. Its release cycle is about three years, and we do updates in between. OpenSolaris we're releasing every six months, constantly adding the latest features, constantly having the latest components from the other open source communities such as Gnome, keeping up to date with the latest features from that standpoint. That gives Web 2.0 companies and people that are building applications the ability to experiment, try out, run the complete latest in operating systems that will give them an advantage as they roll out their Web 2.0 applications. So there are people who are going to be rolling OpenSolaris out in commercial deployments. They just won't be the same people who are running ERP systems with big Oracle databases and SAP.

InfoWorld: Are there any plans to release Solaris or any Solaris technologies like ZFS under the GPL?

McHugh: We chose the licensing for Solaris for a reason, and when you start looking at it, we chose CDDL [Common Development and Distribution License], which is an OSI-approved license. It is very much similar to the Mozilla license, so it has a lot of benefits that people look at. One key one is when you're looking at adding innovation on top of it, doing works on top of it, it works really well. If you're looking at the OEM business and you're looking at other companies that will be adding value on top of OpenSolaris, they really appreciate the CDDL way of doing it because it gives them that flexibility to build on top.

InfoWorld: I've heard that you can't have ZFS or some of the other technologies mixed in with Linux because the license is incompatible because they use the GPL and you don't.

McHugh: Right, so the interesting thing is, if you look at ZFS and DTrace, which are the two key features that I think a lot of people in the Linux community look to and say, "Wow, those are really exciting." Frankly, they're coming and trying OpenSolaris because of it. In one way that's a compliment, and we like when they continue to remind people that [these are] innovations. But the fact is it's not that the OpenSolaris license and the CDDL are not compatible, because you can find DTrace and ZFS in Mac OS and BSD. What we're seeing is, as we're talking about open source communities evolving, open source licenses need to evolve as well. GPL was one of the first ones that were out there. We have products under GPL at Sun, as you know.

InfoWorld: Java.

McHugh: Java, we also do OpenOffice that way. It makes sense for certain communities. We're not so sure just because the decision was made early on that it makes sense right now for us to do that. Also, GPL is evolving, so we have to wait and see how those discussions are going.

InfoWorld: Under what circumstance might you move Solaris to GPL?

McHugh: We are constantly in discussions [and] looking at it. We are a member of the Linux Foundation as well, right at the same level as Red Hat, Adobe, and the other guys. We watch, we learn, we follow it, but things are really driven by two standpoints. First, what are your customers' needs? And again, we have end-user customers in corporations, but we also have OEM customers and partnerships we're building. And we're also looking at what the right way is to get the technology out there and go from there. Clearly, clearly when anyone does that little exercise where they say, "If I could take these key features and build the perfect OS," they reach into Solaris and OpenSolaris and name a few of our features. Predictive self-healing, DTrace, ZFS, and the security components always come to mind.

InfoWorld: You mentioned an upcoming version of OpenSolaris. What are the plans for improvements to Solaris?

McHugh: We are coming out with our update 6 [for Solaris 10] in the end of October, and you'll see OpenSolaris come out in November. OpenSolaris [is] on a faster cadence. We're going to be coming out with six-month revs to OpenSolaris that are really driven at the developer, the Web 2.0 [angle], and going from there. What goes into Solaris 10 has already been in OpenSolaris, if you want to think of it that way. A lot of [the additional features involves] support for some on the Dunnington chip sets from Intel.

InfoWorld: It looks like Sun with Solaris has a strong following and devoted users, perhaps similar to the way Apple devotees stand by their Mac. Would you say that Solaris users tend to be less vocal about their support of their platform than Mac users are about theirs?

McHugh: I think you're comparing an end-user consumer desktop versus administrators or Web guys, so there'll be a different level. There will be a different approach to how they deliver their messaging. If you follow when there are comments online, there is a devoted following of Solaris users who get up there and post things and clarify statements that are made. I don't think they'll be dancing in the streets like you would say [about] Mac OS products.

InfoWorld: Or protesting in the streets.

McHugh: Or protesting in the streets. But I will say when you look at who's the real community that we're looking at, it's the open source operating system community. It's broader than the traditional Solaris users. OpenSolaris has actually taken us into a space where people are saying, and we have people defending and supporting and coming to the aid of Solaris in discussions because they're experiencing OpenSolaris and what it can do and the newness in what's taking place. So I always find it really interesting conversations to watch when you have someone from a certain Linux community who comes after OpenSolaris or Solaris, and they tend to [get] met with someone else who's saying, "Why are you so passionate and strongly feeling against Solaris? What is the issue?" And that's really what comes up. This happens at conferences all the time.

It really boils down to there's a group of people that weren't traditional Solaris admins or Solaris users who are looking at OpenSolaris and saying, "Hey, this is good stuff, take it seriously." Maybe that's why we're seeing more activity where people feel a need to come out really strongly and make strong statements against Solaris, because there's a growing base of supporters of Solaris who are defending it.

InfoWorld: I did have one user at a Solaris-to-Linux site mention there are more people available who can administer Linux than Solaris. Do you see that as a problem? Do you have any plans to remedy that?

McHugh: We definitely have a very strong system admin community. I don't know if you've ever visited our big admin site, but it's a site that exists just for the Solaris administrator and some of the other components at Sun. But you have to keep in mind what we're doing. By adopting the Gnome look and feel and the standard open source user interface, it's just as easy to administer OpenSolaris as it is any Linux distro because you're using the same components. You're using the same user interface. You're using the same packaging system approach for getting software and updating software.

InfoWorld: With Solaris being a 16-year-old platform, has Sun looked at possibilities for a successor platform or are you just going to keep doing Solaris 11, 12, 13, whatever? Any plans for a follow-up?

McHugh: If you look at the innovation that's coming in Solaris, I would say it continues to go really strong. Because of its commitment and its maturity as an operating system, we're able to guarantee things like binary compatibility. It's why you'll find more applications available on Solaris 10 than any other component -- because of the binary compatibility. It's always easy to bring things forward.

That is a challenge in some of the Linux spaces, and I do know that's one of the things that the Linux Foundation is trying to push to is more standardization and helping people through it so that you don't have to worry about -- between Red Hat, Suse, Ubuntu -- being able to run applications. And that is probably the value-add they offer to the broader Linux community. Whereas because of our strength of the maturity, we are able to not put that burden on our customers.

InfoWorld: What's happening with Intel Solaris and desktop Solaris?

McHugh: Solaris x86 continues. So Solaris running on x86 chip set is really what you're asking for. OpenSolaris actually is really strong on the x86. The involvement from Intel is really great; they're one of the big contributors in our OpenSolaris community. Our relationship with AMD continues to be really strong in this space. If you're looking for an OS where a chip manufacturer can get their innovations included really quickly, OpenSolaris is probably the leading OS from that standpoint.

InfoWorld: What about Solaris on the desktop?

McHugh: You can take OpenSolaris and run it on the desktop. As we continue to add these user interfaces, it becomes what people would expect to use in a desktop component from that standpoint. Traditional Solaris on the desktop was really, really strong in the workstation space, but now OpenSolaris is certified on over 3,000 machines. So if you think of it from that standpoint, the availability to be on a desktop is growing faster and faster. We're constantly working with not just only the chip manufacturers, but we're talking to certain computer manufacturers and laptop manufacturers that will be putting out in public soon [systems] that have OpenSolaris.

If you know one thing about Linux users, it's probably this: They enjoy the challenge of installing their operating system of choice on pretty much anything with a transistor in it. It's only a matter of time before they get around to replacing all those electronic singing greeting cards to make the sound of penguin mating calls.

So the news that Linux has been ported to the iPhone and the iPod touch shouldn't exactly come as a shock; please hold your cries of heresy until the end. OpeniBoot, which brings the Linux 2.6 kernel to the iPhone platform was developed by members of the iPhone DevTeam, the same folks who have long been working on cracking the iPhone's firmware every time a new version comes out.

[ Special report: IT's guide to the iPhone ]

The capabilities of OpeniBoot are still incredibly limited--at present, there's no support for writing to the flash memory, using the touch screen, wireless networking, the cell phone, sound, or the accelerometer. So if you thought that you'd be ending up with a fully operational Linux iPhone--or even a partially operational phone--I'm afraid you're going to be disappointed for now.

There's also some talk that this may pave the way for installing Google's Android OS on the iPhone, though as someone who's been using a G1 for a few days now, that seems like overhauling a Porsche to run like a Hyundai. But then again, there's always somebody who wants to prove that it's possible. So knock yourself out, guys.

Macworld is an InfoWorld affiliate

Consumer electronics giants Apple, Dell, Motorola, Microsoft, Nintendo, and Samsung have been slow to get serious about climate change, and are notably lagging behind, according to the latest edition of the Greenpeace Guide to Greener Electronics.

Many companies still show little engagement with the issue, which is a disappointment, according to Greenpeace International Climate & Energy campaigner Mel Francis.

[ For more on technology and the environment, see Ted Samson's Sustainable IT blog | Stay ahead of advances in technology with InfoWorld's Ahead of the Curve blog and newsletter. ]

"They are basically lagging behind on what we need for a good climate package. They haven't demonstrated any real commitment to cutting their own CO2 emissions, or to lobbying politicians to get a good deal post-Kyoto," said Francis.

"They assume that growth in their business also must therefore mean growth in their CO2 emissions. At Greenpeace we think that's not necessarily true," said Francis.

Greenpeace would like to see a lot more action going forward. "We are simply asking them to become climate leaders. They need to put their words into action and follow through on the claims they're making," said Francis.

Still, there are a few exceptions: Fujitsu Siemens Computers, Philips and Sharp support the level of cuts in greenhouse gases that science requires, according to Greenpeace.

In its latest Guide to Greener Electronics, Greenpeace gives Philips marks for committing to making absolute reductions in its own greenhouse gas emissions from the product manufacture and supply chain, which HP has done as well.

Both Philips and HP have also committed to making cuts in greenhouse gas emissions from their own operations. Nokia has done the same, said Francis.

Its overall ranking -- which takes into account company policies on toxic chemicals, recycling and climate change -- is topped by Nokia (Greenpeace likes its take-back program and use of renewable energy), followed by Sony Ericsson and Toshiba.

Philips and HP are in the bottom half of the list: good energy policies aren't enough, and both companies must improve how they handle e-waste, said Greenpeace.

Motorola, Toshiba and Sharp made the biggest moves up the chart, while the companies falling down the ranking are the PC brands Acer, Dell, HP -- and Apple, although it still gets a thumbs-up for improving its score, by better reporting on the carbon footprint of its products.

Apple's new iPods are also are now free of both PVC and brominated flame retardants, according to Greenpeace.

In general, the PC manufacturers need to improve the handling of e-waste.

Dell and Acer also need to reduce their use of toxic chemicals, said Greenpeace. Dell loses points for withdrawing from its commitment to eliminate all PVC plastic and brominated flame retardants by the end of 2009.

The use of toxic chemicals has in the past been a focus area for Greenpeace, but here there has been some positive movement. Consumer electronics companies have been allies to Greenpeace as it has tried to reduce the use of toxic materials and get legislation passed, according to Francis.

Nintendo remains in last place in the ranking, although it is taking small steps to remove or monitor the presence of some potentially toxic additives in the plastics it uses, Greenpeace said.

JetBrains released TeamCity 4.0, a continuous integration server and distributed build management tool featuring enhanced build capabilities, this week.?

Version 4.0 offers build chains support for breaking down a single build procedure into several parts that can be run on different build agents using the same sets of sources.?

Other improvements in version 4.0 include the ability to redo a particular build from a particular control revision, known as a history build, and improved authentication mechanics.

With version 4.0, statistics are offered for an entire project. Extensibility is enabled via a Java API, the company said. A tests reordering capability determines which tests are likely to fail and performs those first during the next project build.

TeamCity 4.0 automates routines and streamlines the software development process. Team communication is improved, and teams can implement agile methodology, JetBrains said. The product integrates with multiple IDEs.

Eclipse integration is highlighted as is integration with ClearCase, with Eclipse backing bringing IntelliJ Idea IDE capabilities to Eclipse users.

"Since its creation, TeamCity has been a key element in our own development process," said JetBrains CEO Sergey Dmitriev, in a statement released by the company. "The production TeamCity server at JetBrains is currently having over 50 build configurations in a build grid with more than 50 build agents, with literally every project and every developer using it on a daily basis

Version 4.0 also has an improved search engine and user interface improvements, JetBrains said. TeamCity automates more than 600 Java code inspections.

TeamCity 4.0 is available free to individual developers and small-to-medium-size teams. The free edition is restricted to 20 build configurations and three build agents.

TV network CBS has become the latest big name to have it Web site used to host malware, a security company has reported.

It appears that Russian malware distributors were able to launch another iFrame attack on a subdomain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs," said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.

"Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.

"It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he said.

Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.

iFrame and SQL injection attacks on big-name Web sites have been one of the fashionable attacks of 2008, embarrassing a string of household names.

Techworld is an InfoWorld affiliate.

As President-elect Barack Obama prepares to take office, the task of upgrading the security of federal computer systems continues to be a work in progress.

Several cybersecurity initiatives launched during the Bush administration are still years away from being completed. Others are closer to completion but don't do enough by themselves to defend networks and systems against increasingly sophisticated attacks, according to IT security analysts.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

And, they said, resolving the security issues will require Obama to focus on more than just finishing the ongoing initiatives.

For starters, he needs to end the policy of tying federal cybersecurity efforts so closely to the post-9/11 war on terror, said Gartner analyst John Pescatore. "The terrorist attacks sent the Bush administration in the wrong direction" on cybersecurity, Pescatore said, adding that more immediate threats to federal systems have been overlooked.

Progress has been made, claimed Karen Evans, administrator of e-government and IT at the White House Office of Management and Budget (OMB). Evans said several security initiatives launched over the past few years are already making, or will soon make, a difference.

At the top of her list is a 2004 mandate by President Bush that required federal agencies to issue new smart-card identity credentials to all employees and contractors. But even that program hasn't been fully implemented. Agencies were supposed to finish issuing the new ID cards in late October, but most will need at least two more years to do so.

Other projects that Evans pointed to include a recent upgrade of federal networks to the more secure IPv6 protocol and the Trusted Internet Connections program, under which agencies are working to reduce their external network connections.

Evans also cited the Federal Desktop Core Configuration (FDCC) project, which is aimed at cutting costs and boosting security by requiring agencies to employ standard security settings on all Windows PCs.

Earlier this year, President Bush also put in motion a highly classified, multiagency program called the Cyber Initiative, with a goal of bolstering the nation's ability to detect and respond to cyberthreats against critical infrastructure targets.

Tom Kellerman, vice president of security awareness at Core Security Technologies in Boston, said the Cyber Initiative marked an "awakening" in Washington about the need for stronger cybersecurity efforts.

But Kellerman, who is a member of a commission that's developing cybersecurity recommendations for Obama, said much remains to be done. "The existing administration has only just begun to pay attention to cybersecurity" as a national security issue, he said.

Many of the ongoing initiatives are helping to improve security in bits and pieces, Pescatore said. But, he added, they were the result of "random edicts" from the OMB, not broad cybersecurity objectives.

Increasingly, new funding has been moving toward surveillance and monitoring initiatives related to fighting terrorism. While such efforts are needed, Pescatore said, they do little to protect federal agencies from cybercriminals.

Franklin Reeder, an independent consultant and former chief of information policy at the OMB, said the most important step for Obama is to use the government's purchasing clout to compel IT vendors to build more security capabilities into products. The FDCC program has shown that such an approach can be successful, Reeder said.

More spending is needed on security training, he added. He also thinks the feds must change how they work with the private sector on security. Existing programs, Reeder contended, "have just been convened by the government for the government."

This version of the story originally appeared in Computerworld's print edition. Computerworld is an InfoWorld affiliate.

Got something to add? Let us know in the article comments.