Susan Hall spoke with Sun Microsystems' Ian Murdock, chief operating platforms officer, and Simon Phipps, chief open source officer.

Hall: Since Solaris was once proprietary, why did Sun make it open?
Phipps: I would argue with the word “proprietary,” because it started out by being BSD UNIX, which is a free operating system. Then Sun did work on it to turn it into a product that was only available from Sun, and what’s happened now is that we’ve very much gone back to our roots with Solaris. It’s become very obvious to Sun that developing free software is going to be the dominant way of developing software for the 21st century’s computer market. We’ve noted since the introduction of the Internet that the ability of developers to collaborate over the Internet has led to the development of extremely high-quality, high-value software by collaborative, self-organizing communities. And so my job at Sun is to steer our entire software portfolio over to that model. And taking Solaris is one of the very obvious things to do because it came from the roots of free software.

Sun acquired comprehensive rights to the copyrights of UNIX back in 1994 so we were in a position to make it open source. The combination of those factors – having the freedom to do it and having the history where we understood the value of free software — led us to a fairly easy conclusion that we needed to take Solaris and give it to the open source community.

Hall: What improvements have been made since Solaris has been open sourced?
Phipps: This actually isn’t about improving the software as a result of being open sourced. This is about the way Solaris is developed in order to do business with it. Solaris was already fantastic when we took it open source and we took it with the brilliant improvements to UNIX we’d made intact. So Solaris 10 has ZFS, a radical new departure in file systems; it has DTrace, which is a way to allow the operators of computers rather than the developers of the system to look into the soul of the running system and understand what it’s doing. Solaris 10 has Containers, which, for example, lets you run GNU Linux inside Solaris so you can have the best of both worlds. It has a whole range of features like that that were given to the OpenSolaris community. What OpenSolaris is about is allowing the community of developers to operate freely and transparently out in the outside world.

The main benefit to Sun in taking it open source isn’t to do with the code — the code was already great – it has to do with removing a barrier for entry for our customers. And since we took Solaris open source, that means we no longer have to charge for a license for the software when people acquire it and that has meant over 7 million new customers have discovered Solaris for the first time and that has meant that our revenues have also gone up as those customers have voluntarily taken up service contracts to support their use of Solaris.

Murdock: Just to add to that, the myth about open source is that you put your code out to open source and a whole bunch of people are going to show up and make it better. And that’s not really how it works. It does eventually get better, but as Simon was saying, it’s more a side effect of orders of magnitude more people participating. And participating is probably simply being Solaris users, having a much broader group of people understanding how Solaris operates and providing feedback on how Solaris is working on their unique combination of hardware and software.

It’s simply growing the community and having the side effect of improvement. It’s all about the quality assurance, the testing, the network effects, and how those features of open sourcing actually come back and benefit the company that is open sourcing the technology.

Hall: How is OpenSolaris better than a proprietary operating system for the user?
Murdock: For the user, the barriers to adoption have been removed. You don’t have to pay a licensing fee. You don’t even have to tell us that you’re using it. You can just go get it and engage with Sun based on when you actually need value from Sun. So you’re engaging based on your timeline and not ours. That just tends to be a more attractive model from the user’s point of view.

Hall: So how secure is it?
Murdock: I believe it’s pretty widely known to be one of the most secure operating systems on the planet. It has adopted secure-by-default features so that when you install it, you don’t have to go through and turn off all unnecessary services; instead, you’re turning on the ones you need. That by itself improves security quite a bit. There’s also a deep history of Trusted Solaris, which used to be a separate product and those features have been integrated into Solaris proper, OpenSolaris, so you’re going to be getting these features by default.

Phipps: The quick answer is that it’s just as secure as it’s always been. It’s got the added benefit of millions of eyes that are able to look at the code and work out if there are problems. Previously, the only people who could do that were Sun employees or bad guys. There are over 40,000 people in the OpenSolaris community who are able to solve problems. To give you a practical example of that — I put a podcast on my blog — there was a bug found – it is software, so it has bugs, after all. This particular bug was found and a guy in Australia started working on how to solve it. The bug was solved with a patch contributed by the OpenSolaris community and the resolution was included in the Sun update Web site within a day of the problem being reported. When you have an open source community behind you, you’re no longer working alone. What we discovered in this is that in closed source, the code is less secure because the only people who can look at it are a limited number of trusted parties and an unlimited number of untrusted parties. When you have open source, you get fixes faster because the same people as before could see it, but you also get a whole load of new people, whom you do trust, who can see it as well. My assertion to you would be that taking software open source is, at worst, neutral to its security and, at best, means many more eyes are there to solve problems.

Hall: What is the biggest obstacle you face in increasing your user base?
Murdock: The biggest obstacle would be that in the last five or 10 years, Linux has emerged and a whole lot more people in the world today know Linux and know Solaris. To be honest, it took Sun a little bit longer to get back to its roots, as Simon said, and at some point we realized that we could deliver everything we had been delivering in Solaris in the same form that people in the Linux and the larger open source community expected. The biggest barrier is bridging that gap, making the Solaris platform more familiar to these users who have come out of colleges and universities in the last five or 10 years knowing Linux.

The good news is that if you actually look at what these people know, it’s not the Linux kernel, it’s the larger system that vendors such as Red Hat and Debian have built up around the Linux kernel. And a good bit of that is equally applicable to Solaris as it is to the Linux kernel. When people say they know Linux, they’re talking about the Linux foundation which, of course, Linux borrowed from Solaris and other UNIXes in the first place, we’re talking about the GNOME desktop environment, which ships with Solaris, we’re talking about the broader development environment, which is very similar across Linux and Solaris.

We’re already a good bit of the way there, so a lot of the initiatives we have today with the OpenSolaris community have to do with bridging the familiarity gap and making Solaris more accessible to these Linux users.