Sun has followed through on its promises, and placed the bulk of its
Solaris source on OpenSolaris.org
. Regardless of
whether you intend to do anything with this code, or with Solaris in
general, this release is a significant event. Observers have noted for
years that Linux was likely to bring about the end of proprietary Unix
systems. With the opening of Solaris, that prediction has come to pass.
While some proprietary Unix offerings still exist, Solaris was the largest
and most significant of them. With Solaris in the open, the proprietary
Unix era is done.
OpenSolaris is not a small download. Anybody not already running Solaris
will have to bootstrap themselves with a binary distribution. Then there's
the core source tarball, compiler, and "closed binaries" packages. Throw
in the BFU package to get the latest stuff: "BFU" is said to stand for
"blindingly fast upgrade," but other interpretations of the acronym are
certainly possible. Sun's site requires registration before it will allow
you to download files; interestingly, however, it also makes torrents
and a (no-registration) third-party site available.
Note that, if you simply want to wander around in the source code, it is
not necessary to download the whole thing. Sun has provided a web-based source browser
which makes digging through the code easy.
The "closed binary" package is said to be a temporary thing. It comes with
a relatively reasonable "free beer" license, though it does require that
you only run the binaries on an OpenSolaris system. The list of
binary-only programs is somewhat strange: it includes od,
patch, rdist, sed, ssh,
telnet, and kernel drivers for hardware like the Intel e1000
network adaptor - stuff which, seemingly, should be free. The Sun compilers come with a
rather more restrictive license; users are required to be "a
participant of the OpenSolaris community," may not publish benchmark
results, and cannot modify the "java technology" included with the
Software may contain programs that perform automated collection of
system data and/or automated software updating services. System
data collected through such programs may be used by Sun, its
subcontractors, and its service delivery partners for the purpose
of providing you with remote system services and/or improving Sun's
software and systems
So it is, perhaps, not surprising that even developers within Sun are
interested in using free compilers with OpenSolaris. An effort to
Build OpenSolaris with GCC is apparently well advanced,
so the need for the
proprietary Sun compilers should go away soon. Interesting, according
to one developer, much of the pain of porting to gcc was caused by
gcc's insistence on putting constant data into read-only memory.
OpenSolaris, it seems, did a lot of writing to "constant" strings.
One of the more significant omissions from OpenSolaris currently is an X
server. Two servers actually run on Solaris: X.org and the venerable Xsun
server. The plan is, apparently, to move toward releasing a version of the
X.org server, but that has not happened yet.
Much has been said about Sun's choice of the CDDL as the license for the
Solaris source code; there is not much to add at this time. It is worth
noting, though, that if you choose to contribute code to OpenSolaris, you
not only have to contribute it under the CDDL, but you must sign Sun's
contributor agreement [PDF] as well. That agreement has some obvious
things, like patent licensing. It also, however, requires you to give Sun
an ownership stake in your code:
You hereby assign to Sun joint ownership in all worldwide common
law and statutory rights associated with the copyrights, copyright
applications and copyright registrations in Your Contribution, to
the extent allowable under applicable local laws and copyright
conventions, and agree never to assert against Sun any "moral
rights" therein. You understand that (i) this Agreement may be
submitted by Sun to register a copyright in Your Contribution, and
(ii) Sun may exercise all rights as a copyright owner of Your
Sun, in other words, can take your code and make it into a proprietary
product, or release it under any other license that it sees fit. It
doesn't seem to have occurred to Sun that terms like this might reduce the
size of the "vibrant developer community" that it wishes to create.
The CDDL license will prevent any code in the Solaris kernel from finding
its way into Linux - we can only hope that nobody tries to sneak some in
anyway. It is amusing to note, however, that the first OpenSolaris-inspired kernel patch
has already been posted; it is a small optimization to how SYSV semaphores
work. With luck, good ideas will flow from the OpenSolaris kernel
to Linux (and vice versa), even if the code itself cannot.
Large dumps of corporate code are always a little hard for the community to
digest. So it may be some time before OpenSolaris grows into a true free
software project with active user and developer communities. It will
probably get there: the code is good enough, and there are enough
established Solaris users now, to give OpenSolaris some momentum. Whether
OpenSolaris can develop into a truly successful project over the long term
remains to be seen, however. There is some good stuff there, but it may
turn out to be too little, too late from a company which is still
struggling to understand what free software is about.
Comments (10 posted)
One reason many of us insist on using free software is its relative lack of
surprises. Free programs rarely contain features which cause them to
behave in a way which is contrary to the interests of their users. Unlike
many proprietary programs, free applications tend not to phone home without
permission, unnecessarily restrict what their users can do, or perform
unexpected operations behind users' backs. As Lauren Weinstein recently
, however, the Firefox browser
can be made to behave in a way which is surprising indeed - and Google, in
the name of faster browsing, is taking advantage of that behavior.
In particular, Firefox will, at times, "prefetch" the contents of a web
page which it thinks you might want to see soon. If a page is marked as
being the "next" page in a series, Firefox, by default, will prefetch that
page's contents. (And, yes, for those who have asked for "next" tags for
the LWN Weekly Edition, it will happen when we get a chance). When the
user hits the link for the next page, it will already be resident in the
Firefox cache, and will display more quickly.
The interesting thing is that Firefox can be told explicitly to prefetch
pages; all it takes is a tag like:
<link rel="prefetch" href="URL">
Google will, if it decides that you should be feeling lucky, add such a tag
to the first in a series of search results, causing that first result to be
in the browser even though the person ostensibly in control of the browser
never decides to visit the site. An easy experiment will verify this
behavior: turn on cookie notifications, then search for a term with a
relatively obvious top result - Lauren used "soundbite." The result will
be a screen somewhat like that shown on the right: the soundbite.com web
server is attempting to set cookies, even though your editor never clicked on a link
which would lead to that site.
Prefetching in this way can lead to a number of undesirable consequences:
unwanted cookies, bandwidth use, etc. More seriously, it could lead to
accesses to truly unwanted sites: stumbling into non-work-safe sites is
already too easy, without one's browser deciding to fetch additional pages
from arbitrary servers with no user participation. Should an unpleasant
Firefox security hole be discovered, prefetching could, for the right sort
of vulnerability, be exploited to compromise systems. That would be
an unwelcome sort of surprise.
Google's use of prefetching in this way is unfortunate; it seems certain to
lead to trouble for somebody, somewhere down the line. The real problem,
however, is with Firefox, which is shipped with prefetching turned on.
There is no indication, anywhere in the preference screens, that an option
controlling prefetching even exists. Anybody wanting to disable
prefetching will have to edit their prefs.js file, or tweak the
network.prefetch-next option on the about:config screen.
Turning off prefetch in this way will slow down some page loads, but, for
many users, the extra delay will be worth it.
[As a postscript, your editor can't help but poke at a bit of poor user
interface design in Firefox. An attempt to pull up a long page yielded this dialog, asking: "A script on this page is
causing mozilla to run slowly... Do you want to abort the script?" The two
buttons are marked "Cancel" and "OK". It is nice that Firefox does not
entirely lose control in such situations. But does "Cancel" kill the
script, or let it run?]
Comments (13 posted)
Back in 1998, LWN got one of its first scoops by reporting
that a company called Digital
Creations was planning to release its well-respected Principia product
under an open source license. Even more interestingly, this release had
been advocated by the company's venture capital backers. Over the years,
both the software and the company were renamed "Zope," and the Zope
platform has been used for many applications, including the popular Plone
Zope Corporation has, throughout, retained copyrights for - and control
over - the Zope platform. Recently, however, the company announced that a foundation would be created
for Zope. This foundation will be given the copyrights to the code and the
right to the Zope trademark; its task will be to ensure the future success
of Zope independently from Zope Corporation. We talked briefly with Zope
Corp. head Rob Page about this change.
Why have you decided to make this move at this time?
The global potential for Zope 3 is huge. The design
principles in Zope 3 make it the perfect platform for
"Web 3.0" development. By way of example, we (Zope
Corporation) are developing a large document management
project for the US Department of Defense on Zope 3, and
Mark Shuttleworth is working to bring
SchoolTool/SchoolBell to the world -- all on top of
Everyone with a vested interest in Zope benefits from
its widespread adoption and deployment. Users benefit
from the support network and commercial organizations
benefit from more platform-based opportunity. We
believe the explicit vendor neutrality of a Foundation
will accelerate the adoption of Zope (version 2 *and*
Bottom line: We want to remove any objections to
adopting Zope, and we see the Zope Foundation as the
Were there any particular problems or pressures
which led to the creation of the foundation?
How many engineers do you have working on Zope now?
Do you expect that to change as Zope moves over to
No. A confluence of events -- the availability of Zope
3.1 (whose release is imminent), the release of
SchoolTool, our imminent completion of our large DoD
project and the community's launch of a Zope 3 ECM
(Enterprise Content Management) project made this an
excellent time to launch the Foundation.
That said, members in the Zope community have been
discussing a Foundation for more than a year and we
take it at face value that a Foundation would help them
sell more Zope-based products and services to their
prospective and current customers.
From November 2001 through November 2004 our Chief
Technology Officer, Jim Fulton worked on little other
than Zope 3. Typically, at least 2 additional Zope
Corporation engineers spent 80% of their time
throughout that period working on Zope 3 work as well.
He was assisted by the incredible efforts of some
really smart people. At the risk of insult by
omission, it's appropriate to specifically mention and
appreciate the efforts of Steven Alexander, Stephan
Richter, and Philipp von Weitershausen.
Since October of 2004 we have had more than 4 full-time
engineers working on the above-mentioned Zope 3 based
Document Management project. We have already
contributed large amounts of code into Zope 3 (XPDL
support is one specific example). We intend to release
additional significant contributions into both Zope 3
and the upcoming Zope 3 Enterprise Content Management
Of course, everyone here works on Zope. :^) Most
developers are working on the delivery of our products
into specific customer environments. This involves
installation, custom development, configuration and
transition to internal operations. We don't expect
that to change.
What sort of governance structure do you see for
The governance structure of the foundation will be developed
by taking the best ideas from the likes of the Apache
Software Foundation, Eclipse Foundation and others. Since
it's early we haven't drawn any specific conclusions. We
intend to work these issues out during the summer and launch
the foundation by October 2005.
Will Zope Corp. retain any sort of veto power over
changes it doesn't like?
Zope Corporation won't have a veto per se. Some changes
(e.g., changing Zope's license) will require a unanimous
vote of the Board of Directors.
How will you ensure that the development of Zope
continues to meet your business needs?
How will the foundation be funded?
In an open source world we can't ensure
_ anything. :^)
What we can do is continue to demonstrate productive
leadership and contribute great software and ideas. The
Zope community is distinguished by having gathered some
really smart people so we're extremely optimistic about
the Foundation's success.
What's the status of Zope 3? There does not appear
to have been a Zope X3 release since last November;
has development stalled?
We will be recruiting a few start-up partners to fund the
initial formation and operation of the Foundation.
The Foundation will have a dues structure that will support
There hasn't been a tagged release of Zope 3 since last
November, though by the time I send this (or the time it's
published) Zope 3.1 will be out.
Development has done anything but stall. The last
seven months have been spent fixing bugs, refactoring
implementations and polishing interfaces. We have a
large customer to thank for providing the real-world
application to thoroughly exercise Zope 3.
A lot of community work has gone into Zope 2.8 and a
project called "Five" (Zope 2 + Zope 3 = Five ;-) -
these are Zope 2 focused projects which aim to bridge
the gap between Zope 2 and Zope 3 architectures. Zope
2.8, which now includes Five in the distribution, was
released officially on June 11th, 2005.
How's business? Is the services model working for
Depends on what you mean by services.. :^)
Since 2001 we have been de-emphasizing our professional
services capacity in favor of a more productized
Our product business -- specifically the delivery of
our products through managed hosting (aka ASP/Software
as a Service) has been extremely successful. We
recently announced the addition of CNHI as a managed
hosting customer. CNHI will be launching 133
newspapers on our Zope4Media product.
Our managed hosting offering provides our customers
with a managed/guaranteed environment in which they can
assemble composite applications (i.e., applications
built from Zope, Squid, LAMP, etc.), without assuming
the operational responsibilities.
We thank Mr. Page for taking the time to answer our questions.
Comments (3 posted)
Page editor: Jonathan Corbet
Inside this week's LWN.net Weekly Edition
- Security: MD5 collisions; New vulnerabilities in gaim (twice), gedit, firefox, wget, ...
- Kernel: DCO v1.1; The end of the devfs story; Realtime and interrupt latency; NAPI performance.
- Distributions: Debian Sarge Declared Stable; Fedora Core 4; Debian Sarge for AMD64; the security state of Fedora Core 4; Slamd64 10.1
- Development: Bazaar-NG: a distributed version control system,
new versions of Speex, MaxDB, ZODB, EVMS, OpenBGPD, OpenNTPD, BASE,
pam-mysql, PassReminder, Caravel CMS, mnoGoSearch, SchoolBell,
SchoolTool Calendar, QjackCtl, XCircuit, Open Clip Art, FOX, Qt,
GIMP, Gaim, OO.o, Drivel, GDC, Bluefish.
- Press: Thoughts on Debian's future, Power.org for Open Hardware, Linux and BSD
comparisons, open-source Geospatial tools, grid computing for finance,
Linux saves a corrupted USB drive, EMR consolidation.
- Announcements: Intel's Compiler 9.0, Mandriva acquires Lycoris, VariCAD 2005, REALbasic 2005,
Zope Foundation, GNOME Women, GPL V3, EFF legal guide for bloggers,
FUDCon2, OOoCon CFP.