The language of the license is for production and production evaluation use only. Check out the real story here:
http://www.ypass.net/blog/2010/04/solaris-licensing-changes-the-real-story/

Excerpt:

The license and accompanying entitlement from the web, without a contract and without hardware, only entitle the downloader to non-commercial, non-production, or personal use in perpetuity. Production use and evaluation for production are good for 90 days.

The whole patch debacle is a tempest in a teacup. If you're a hobbyist or personal user, it's just business as usual: download, install, get your patches on a 6-month schedule, get your zero-day patches as soon as they're available on Sunsolve.

What buttons do I have to click to get my free patches? Oh that's right, they don't supply patches for free anymore.

Wrong again. You get LOTS of free patches with a free install of Solaris. RedHat set the pace for this: if you install RHEL, you have to use up2date which requires a registered system with the RedHat Network (RHN). If you don't want to register and pay for RHN, you wait for the next release and do your upgrade from that. Sun implemented a similar system -- in planning, testing, and preliminary deployment LONG before the acquisition -- requiring registration and a support contract number before allowing entitlement to certain patches in a more timely fashion than the traditional six-month release cycle.

Maybe you just re-install every 6 months when the new media set is released? right!

Actually, you can upgrade off the install CD from the media sets, too, without reinstalling. Always have been able to, and it's a simple, easy way to keep up-to-date, though it requires some downtime to install. Downside: no zero-day exploit fixes. Upside: free patch sets every six months. As long as I've been working with Solaris -- since 1999, and up through right now while I'm downloading the latest kernel exploit & StarOffice 8 security patch on my Solaris box -- the zero-day security exploits are listed in the patch entitlement for ALL Solaris systems, not just those with a support contract.

Upgrade old release (7, 8, 9): http://docs.sun.com/app/docs/doc/817-3799/6mjcan1v6?l=en&a=view
Upgrade newer release (10): http://docs.sun.com/app/docs/doc/817-0544/6mgbagb1c?l=en&a=view (x86 on this page; the SPARC install instructions are also in the documentation)ma

To get your security patches, go to Launch-> Applications -> Utilities -> Update Manager. Go through the registration wizard. Choose "Continue without providing a Service Plan Number". Accept the software license agreement. Finish the registration; if you want to use this as a base image for mass-deployment, click the "enable auto registration" option.

Next select all updates, and install them.

I understand you're concerned with not having the latest-and-greatest usability and functionality updates to your OS on a faster-than-6-month schedule. If it's of sufficient concern to you, register for a cheap Solaris support contract through SDN and be done with it. But for the rest of the world that wants to continue using Solaris for free, CRITICAL SECURITY PATCHES ARE AVAILABLE TO ANYONE WITH A SUN ONLINE ACCOUNT.

Free security updates online as soon as you get around to installing them. Free every-six-month usability and functionality updates. What exactly is the problem with this patch schedule? That those who choose to pay nothing for a great operating system don't get usability and functionality updates on the same schedule as paying customers?

OpenSolaris exists to fill that niche: customers who need bleeding-edge features on a very timely schedule and don't want to spend a lot of money. You can even patch production Solaris boxes from OpenSolaris patches if you wish, though I understand some assembly is required. Never done that myself. Never felt the need.

Overall, I think the Oracle acquisition of Sun has been a good thing for both companies. Sun gets to keep the lights on and payroll flowing, Oracle gets a bunch of hardware & software products in its portfolio.

I do wonder, though, whether they'll stay committed to VirtualBox down the road

I hate to engage in speculation, but Oracle now has two virtualization solutions:

1. Server-side "OVS" or "OVMS": Oracle Virtual Server. This is a Xen-based implementation used widely within Oracle under the framework of their Grid and Elastic Grid products. It's portable, scalable, and is a huge revenue-generator in areas like Oracle Education.

2. VirtualBox, which is more of a client-side, "run it on the desktop" app.

They both have their niches, so I don't see either going away any time soon. OVS is a beast to manage on more than a handful of servers, and paravirtualization (required for good virtualization of Windows) is just now getting rolling onto the "good" side of the usability & performance hump. While Vbox has worked great in that environment.

Speculation: I think we may see some sort of interoperability merge in the future between Vbox & OVS. I am fairly certain there is no development along those lines right now -- Oracle's really busy working on integrating all the web-services & database stuff acquired from Sun, PeopleSoft, and other acquisitions -- but I bet it's on a roadmap somewhere.

Oracle had one plan when they bought Sun. Kill it and pump a few extra rounds into it, just to make sure.

Nope. Oracle had a major goal when they bought Sun: create a vertically-integrated platform where they control everything from the hardware through the OS, applications, and support contracts. IBM has that sort of leverage with DB2 + Web Services on AIX, along with a killer international sales and support force with its fingers everywhere in the Fortune 500. IBM is really Oracle's main competition and has been for several years because they could offer whole-life-cycle, end-to-end support at a fraction of the cost of Oracle's offerings. The acquisition of Sun allowed Oracle to compete where it was getting hammered.

Oracle doesn't care about you unless you're willing to spend a lot of money.

Correction: Oracle wants you to spend a lot of money, but they care about you as a potential paying customer. For instance, you can pick up a two-user license of Oracle Database for free and run a large production web site on it if you want. Think about your typical MySQL deployment: One user for the web site, and maybe a second user for the administrative user (usually "root"). Oracle gives this away for free for unlimited use.

The goal is to eventually rope you into a larger deployment with more capabilities so you become a paying customer. Always has been.

But I can assure you the sales guys "care" to get your money even if you're only spending a little bit of it. And Oracle spends a ton of money on trial programs, free software (Oracle Enterprise Linux, for instance), and other promotions to eventually drive revenue.

Oracle could leverage Open Solaris as the ideal Oracle platform.
They could push for high end web solutions to use Oracle+Solaris+Java.

Actually, Oracle DOES leverage OpenSolaris as an Oracle platform. The 7410 storage platform exclusively runs OpenSolaris under the hood. Bog-standard Solaris wasn't up to the job. We've bought a number of these storage platforms and are testing them out right now; other than annoying production delays due to unavailability of really-honking-big SSDs, they are extremely cool and high-performance storage solutions.

Also the newer T5240 boxes run way better on OpenSolaris than on stock Solaris 10. No ifs, ands, or buts. Better hardware support and faster I/O. You have to be running the 10/09 release of Solaris 10 to even support these boxes at all, and OpenSolaris supported them before they were even released.

Oracle removed the ability to download and use Solaris 10 for free.

Thanks for playing. Please try again.

1. Register at sunsolve.sun.com.
2. Click "Downloads & Trials", and select "Top Downloads".
3. Under "Servers & Storage Systems" select "Solaris".
4. Download the option most suited to your needs. For certain releases, you may be asked some survey questions first. If you're not certain you want Solaris full-time on your workstation, I'd suggest going with the VirtualBox image.

The assertion that Oracle no longer allows you to download and use Solaris 10 for free is completely FALSE. I hate seeing this canard repeatedly trotted out as if it were true. There were a couple of days during the support transition and shutdown of legacy Sun data centers when Solaris downloads were affected, but that's been fixed for quite a while now.

This jives with the experiences of my co-workers who've bought the phone. Overall impression of the iPhone 4 is that it looks and feels great, has an amazing screen, so-so battery life, but reception problems that drive every one of them bonkers.

It's enough to make me want to stick with my iPhone original release -- aluminum case and all -- just a little longer. From where I sit, unless you really want the forward-facing & higher-res camera and higher-resolution screen, stick with the 3GS. It does everything else pretty well. The main things I need from my phone are the same things I needed ten years ago:

* Contact list
* Calendar
* Email
* Light web browsing
* Good phone service

After having Palm devices alongside a mobile phone for years and years to suit, and wading through several years of crap-tastic Windows Mobile phones, the iPhone original release fit the bill perfectly for me. The real compelling thing the 3GS has over the original for me is a real GPS so that I can geocache without using a dedicated GPS unit. And maybe the extra RAM so that I don't have to clear memory to start certain apps.

Nice to see Consumer Reports calling Apple on their crap this time. Just like when they blamed short battery life in the 3GS on over-usage and push settings... what a load of CYA corporate malarkey! They gotta get the lead out on this one, if the several people I know -- admittedly, all tech geeks so it's a very small sample size -- who own the phone are any indicator, they're really unhappy about this.

Sure, on the side of the people doing the security stuff. But audits for compliance with regulations is really the minimal standard applied at my work -- a VERY large software company -- and little else. If there's no financial repercussion for lack of a security implementation, that thing is never, ever put in. Not even if it's "best practice". If we have to have it, good, put it in, but if we don't absolutely have to, the security request rots forever in the hell of a planned upgrade some day.

We recently had a project that was like that. Five planned phases. Phases three and four had a major focus on security implementations. Well, they did Phase 1, the rollout, and Phase 2, the integration with other apps, then the next thing everybody heard we were at Phase 5, showing this off as a showpiece of integration. When I called the vice-president to complain about this, his response was basically "we'll get around to it, it's not a problem."

Welcome to modern large-scale software design. If you aren't legally required to have some certain bit of security in place, with financial repercussions for violation, it isn't happening. And it's not the software company that suffers in the case of a breach; it's the privacy and security of the innocent people USING that service.

I think this is a step in the right direction. In the US, we've long faced problems with trying to figure out how to incentivize good behavior, rather than simply discouraging the bad. Yet one of the largest problems facing down the threat of hacking and corporate espionage is acknowledging when there's been a breach. Nobody wants to admit it!

My dad used to call an approach of rewarding appropriate behavior and non-rewarding inappropriate behavior as the "carrot and stick" approach: dangle the carrot, if they don't go along, whack 'em with the stick!

My thoughts on a few carrots we could use at the federal level:
1. Certification process for government contractors. A security-certified contractor can get preferential placement on government contracts on the point scale already in place.
2. Exploit awareness networking. Implement a real-time scorecard for corporations that report attacks against them, both those foiled and those in which there was a breach. Once again, apply good behavior credits toward the contract bidding process.

Sticks:
A. Mandatory public service for convicted attackers. And I'm not talking about cleaning up the garbage in Central Park. I'm talking about the sentence for hacking a company is mandatory time spent serving that company. I mean, if I hacked the Wendy's network and had to spend a few months dumping out their grease-buckets, I might think twice next time.
B. Incentivize whistleblowing with rewards for people who turn their companies in. Now, this might sound a little bit 1984-esque, but if there were a tangible reward and promised anonymity, I think we'd find employees and competitors working very hard to learn if the target company was hacked or not.

Just a couple of random musings. What other carrots & sticks could we use?

If you, or I, or Joe Sixpack accessed those records, we would be facing a prison sentence. So, what you're asking is, "Had he been properly convicted, and served his time, would he be fit for the job today?"

Clarification: the offense in question is a misdemeanor with a $5,000 fine. It's the equivalent of an expensive traffic ticket, not a mandatory prison sentence.

"sync; sync; halt" works for immediate stoppage at minimal risk to your filesystem compared to many other options.

Or just "stop-A", "sync", and leave it hanging at the OK prompt forever :) This has the benefit of a subsequent tech being able to power up again remotely, which just pulling the power cord wouldn't...

My two cents: It doesn't suck to work at Oracle. Pay is fair and above market, benefits are good, employees are treated fairly, and there are a lot of exciting projects going on to choose from as a techie. If you don't like what you're doing for a living, there are numerous opportunities always available in something more suited to your interest, and telecommuting is encouraged in most "talent" positions, so relocation is largely a non-issue. The employees I work with (admittedly, we're a rack-monkey and operating system nerd crowd) are generally optimistic and excited about the merger.

Yes, as part of the M&A process there have been layoffs from time to time. With the exception of hostile takeovers, they are fairly predictable in advance, severance is decent and fair, the door remains open if you decide to rejoin the company later, and as far as a huge Fortune 500 company goes, it's a really decent place to work. If you work in some of the larger locations there are nice benefits on-site for free or at really reduced prices (gyms, cafeterias, massages, to name a few), and there is a lot of employment flexibility.

Of course there are annoyances like paperwork, lengthy project approval processes, ITIL compliance, SOX compliance, and so forth. Welcome to working for any large company. But to say "People do not want to work for Oracle, fast merge or slow merge" is simply false. By and large, it's a good company to work for, and the low turnover rate and lengthy average employment time amongst extremely talented and well-educated people speaks to overall job satisfaction.

The core of your marriage is the same regardless of whether you're a geek, jock, cheerleader, doctor, unemployed, or whatever. Every person has some core emotional needs; if you meet at least the top three to five of these consistently over the years, you'll be happily married for many years to come. If you don't fill them, someone else will. And it's left to chance whether that person has your marriage's interests at heart or not.

Recommended reading: Anything by Dr. Willard Harley. The keys to affair-proofing your marriage are also the keys to having a happy marriage. Identify your spouse's key emotional needs, fill them consistently, and you're on your way to living a long and happy life together.

It's possible that you may have needs that don't fit into the standard template (Affection, Sexual Fulfillment, Recreational Companionship, Honesty & Openness, Physical Attractiveness, Financial Support, Domestic Support, Family Commitment, Admiration). If you do, identify what those are. Dr. Harley publishes an "Emotional Needs Questionnaire" that's really helpful when doing an inventory of what your principal needs are. You need to have your own met, and meet those of your spouse, to make it successfully.

Qualifications: I'm a geek-guy married to jock-girl, 15 years and counting so far.

--Matt B.

Then add to that the fact that you need to be God to fully understand the ecosystem of the planet and you you can throw out people really believing in AGW.

You're begging the question on two fronts:
1. That such beings as gods exists.
2. That a full understanding of the ecosystem is necessary to make effective, positive changes.

Humans don't have a full understanding of aerodynamics, though our models are getting better. But we know enough to get going with, hurl aircraft skyward, and operate them safely.

Ditto for climate change. We obviously don't know everything, but we know enough to know that what we're doing right now may be the cause of current global warming; if not the cause, it certainly is exacerbating the issue.

--Matt B.