Dru Lavigne talks about FreeBSD | Interview
After the positive feedback that we got for our interview with Martin Hussemann of NetBSD, we decided to reach out and meet people from all the major BSD projects this summer. We continue on that context with Dru Lavigne of the most popular BSD system. Enjoy…
Tell us a few things about your background, how you got involved in FreeBSD and what exactly is your role in the project?
IT happens to be my third career. I started out as an entrepreneur (co-owner of an independent moving company). Once the company was established, I took a second job as a municipal government worker. After a few years it became obvious that the glass ceiling at that agency was far too short for my liking, so I went back to school to learn telecommunications, networking, and system administration.
As graduation neared and the job search intensified, I noticed a pattern: all the interesting jobs were asking for Unix skills. Being a poor student who didn’t know much about Unix, I did an internet search for “free Unix”. The first hit was freebsd.org—I went to the website and started reading as I downloaded the 14 installation floppy files over a 14.4k modem. I then went “cold turkey” and installed FreeBSD as the only operating system on my only computer. It took about a week to figure out how to login, install stuff, and get PPP, email, and the other stuff I needed working. Once connected, I joined the questions mailing list—as a question was answered, I took notes and tried it out on my system. Over time, my “things I now know how to do” list grew.
A few years later, Chris Coleman asked on the mailing list if anyone was interested in writing up some FreeBSD tips for O’Reilly. Since I had notebooks full of tips, I offered to write up a few. O’Reilly liked the tips and launched the FreeBSD Basics column which ran from 2000-2006. In 2004, O’Reilly published BSD Hacks and in 2007 I updated all of the articles and published them as The Best of FreeBSD Basics.
While writing The Definitive Guide to PC-BSD (the desktop version of FreeBSD), I ended up submitting quite a few bug reports and doing general QA as I put the OS through its paces. I was finishing my contract as the managing editor for an open source magazine, so when iXsystems (the corporate sponsor of the PC-BSD project) asked me to work for them, I said yes.
At the moment, I’m responsible for the documentation for the PC-BSD and the FreeNAS (a NAS based on FreeBSD) projects, making sure that their respective Guides are kept up-to-date and that a version of the documentation is published with each software version. In addition, I joined the board of the FreeBSD Foundation in 2009 and have served as the chair of the board of the BSD Certification Group since 2005.
FreeBSD is maybe the most popular BSD system out there for quite some time now. What do you think are the main factors that lead the project to this success?
While I won’t speculate on the reasons for differences in popularity, I do see several factors that help to keep the FreeBSD project technically relevant and which support the growth of the community. These include:
FreeBSD Foundation: the Foundation has a large annual budget which is used to sponsor BSD conferences, provide travel support for committers to participate in BSD conferences and summits, purchase infrastructure hardware for the project, and fund the development of leading-edge features. For example, 7 of the major new features in FreeBSD 9.0 were the result of Foundation sponsored development.
Summits: several Summits are held annually in North America, Europe, and Asia. The Summits allow committers to meet face-to-face, discuss current work, and plan for future enhancements. Summits provide an excellent opportunity to put faces to people you work with online. There’s also nothing like face-to-face contact to quickly solve issues: many of the bugs or features discussed in the Summit end up being committed before the Summit is over. Summits are not just for source and port developers as they also provide a venue for the infrastructure and documentation teams to meet and work together.
Mentors: long before Google Summer of Code was launched, FreeBSD used mentor/mentee relationships to turn casual contributors into committers. Contributors who submit good patches tend to get noticed and subsequently picked up by a mentor who assists them in becoming familiar with the FreeBSD development (or documentation) process, in making sure that they adhere to the style guidelines, and to review their submissions in order to suggest improvements and to make sure that the submission won’t break existing code. Having a mentor is a great learning experience as it provides direct access to someone with a similar skillset and more experience.
Well documented processes: each of the three main forms of contribution has well documented processes:
- For those interested in source development, there is the FreeBSD Developers Handbook and the Committers Guide.
- For those interested in ports, there is the Porter’s Handbook.
- And for those interested in documentation, there is the FreeBSD Documentation Primer.
Could you give us some details about the development teams and the community around the project to get an idea of how big FreeBSD is?
The FreeBSD project has three repositories that contributors can earn commit access to:
src: contains the FreeBSD source code
ports: contains the instructions for compiling applications on FreeBSD; there are currently over 23,743 ports (software that has been ported to FreeBSD)
doc: includes the FreeBSD documentation set, translations, and web content
A commit bit indicates that a person has permission to add content to that repository. The current number of commit bits are as follows:
total committers: 330 (as some contributors have multiple commit bits)
The project is guided by the following teams:
- - 9 member core team which is elected by active commiters. This team sets the project’s overall goals and direction.
- - 10 member port management team ensures that the FreeBSD ports collection is functional, stable, up-to-date, and full-featured.
- - 4 member doceng team which defines and follows up on the documentation goals of the project.
- - 7 member release engineering team which sets and publishes schedules for releases of FreeBSD and maintains supported branches until they are EOL’d
- - 2 member build release team responsible for building and packaging FreeBSD releases on the various supported platforms.
- - 11 member security team which includes the official security officer. In addition to releasing security advisories, this team is responsible for keeping the community aware of bugs, exploits, and security risks affecting the FreeBSD src and ports trees, and to promote and distribute information needed to safely run FreeBSD systems.
There are several more administrative teams which are listed and described at this website
The size of the user community is harder to pin down as the project currently does not consolidate the number of downloads from each mirror or track website visitors. However, the size of the infrastructure does hint at the size of the community:
- 161 official download mirrors hosted in 45 countries
- 104 website mirrors
- website content is available in 11 languages
- documentation set is available in 20 languages
- the English FreeBSD forums are very active with over 33,000 registered users (this does not include the language-specific FreeBSD forums)
the list of companies and individuals who have donated financially can be found at the Foundation website
On a previous interview with NetBSD’s Martin Husemann here on unixmen.com, I asked him what is the technical uniqueness and the reason to choose NetBSD over the other BSD systems and he stated that is the number of architectures it supports combined with how well the system is tested. How would you answer to this question from your side?
Some of the notable features which are built into FreeBSD and which aren’t in the other BSDs include:
- jails and some of the newer improvements such as per-jail resource control
- IPv6-only snapshots
- Capsicum: a framework for security capabilities and a userland sandbox API
- LLVM and clang in the base system as an alternative to gcc
- HAST: provides highly available storage for synchronous, block level storage replication over a network
- SU+J: this implementation of UFS combines a journal with softupdates, nearly eliminating the need for fsck
modular TCP compression control allows for the addition of new algorithms
- OFED: provides support for low-latency, high bandwidth clusters for high-performance computing
FreeBSD not only offers over 20000 packages at its repositories, but there is also a Linux compatibility layer. Does this mean that everything that is available for the Linux platform can run on FreeBSD too?
Almost, but not quite. According to the FreeBSD Handbook:
In a nutshell, the compatibility allows FreeBSD users to run about 90% of all Linux applications without modification. This includes applications such as StarOffice™, the Linux version of Netscape®, Adobe®Acrobat®, RealPlayer®, Oracle®, WordPerfect®, Doom, Quake, and more. It is also reported that in some situations, Linux binaries perform better on FreeBSD than they do under Linux.
There are, however, some Linux-specific operating system features that are not supported under FreeBSD. Linux binaries will not work on FreeBSD if they overly use i386™ specific calls, such as enabling virtual 8086 mode.
Of course, in this age of virtualization, it is also possible to run Linux (and its applications) on a FreeBSD system. You can even install Linux into a FreeBSD jail.
FreeBSD incorporates advanced security technologies, many of which are born inside the project. Can you give us more details about the attention paid on this sector by your developers, and give us some examples of your technologies being adopted by other free, or commercial operating systems?
The FreeBSD project has been very fortunate in its ability to attract both funding for security research and for collaboration with academia in the field of security.
As an example, the TrustedBSD project received sponsorship from DARPA, NSA, Network Associates Laboratories, the University of Pennsylvania, Yahoo!, McAfee Research, Apple, nCirce, Google, the University of Cambridge Computer Laboratory, and others. This project resulted in the following features being integrated into FreeBSD: ACLs, Mandatory Access Control, the OpenBSM auditing framework, OpenPAM, FLASK/TE, extended attributes, GBDE encrypted storage, and POSIX.1e privileges.
The new Capsicum framework is the result of a collaboration with Google and the University of Cambridge Computer Laboratory. FreeBSD is also being used as the reference operating system for other research work at Cambridge, including:
CTSRD: a joint research project between SRI International’s Computer Science Laboratory and the University of Cambridge Computer Laboratory, supported by DARPA and Google. The project is rethinking the hardware-software security interface for general-purpose CPUs to fundamentally improve security.
CHERI: a hardware-software interface research project seeking to revise ISA design in order to better support software compartmentalisation. CHERI transposes the Capsicum hybrid capability model into the CPU architecture space, allowing fine-grained compartmentalisation within process address spaces — while continuing to support current software designs.
TESLA: builds on the experience of the TrustedBSD MAC Framework and Capsicum projects. This project borrows ideas from model checking, applying them in a dynamic context using compiler-assisted instrumentation to continuously validate temporal security assertions during software execution.
There are numerous free and commercial derivatives of FreeBSD. Many appliances are based on FreBSD due to its security capabilities, networking stack, and the BSD license. Some of the commonly known ones are:
- - pfSense, m0n0wall, and FreeNAS open source projects
- - Juniper JunOS
- - Nokia CheckPoint IPSO
- - NetApp ONTAP
- - Citrix NetScaler
- Ironport AsyncOS
- KACE Kbox
- Sandvine SVOS
- Netflix Open Connect
- EdgeWave iPrism
- Panasonic VIERA G20 , G25 and VT plasma TVs
- Blue Coat ProxySG
- Coyote Point Equalizer GX
- iXsystems TrueNAS
For an OS to be popular, it needs to be user friendly. How well are you doing in being such?
It depends upon who the user is. If I’m approaching an OS as a system administrator, I like the minimalist approach used by any of the BSD installations. Core services and drivers are built into the OS, meaning that I don’t have to hunt down drivers and install them or recompile a kernel to get commonly needed features. While the OS itself is feature-rich, a minimalist set of applications means that it is easy to setup a secure system (I don’t have to strip out extra crud) and I’m in control of which applications get installed, configured, and enabled on the network. The BSDs also provide a consistent directory layout that provides a distinction between what came with the OS and what was installed as a third-party application.
If I’m approaching FreeBSD as a desktop user, I’m using the version of FreeBSD that is pre-configured as a desktop: PC-BSD. It’s still FreeBSD, but why spend several hours installing and configuring desktop apps when PC-BSD does this for me, while still allowing me to customize the desktop during and after installation? As a desktop user, PC-BSD provides a choice of window managers, graphical front-ends to common administrative and customization tasks, as well as some cool applications like the AppCafe® for managing software, an Update Manager for managing security advisories and upgrades, Warden® for managing jails, and Life Preserver for automating backups.
In my experience, FreeBSD is a user-friendly server and PC-BSD is a user-friendly desktop.
A few months ago you announced the availability of version 9.0. Are we going to see a minor 9.1 release soon? What new fixes, or even additions will this update bring?
Yes, FreeBSD 9.1 is slated for release around the end of August, with code freeze for this release expected on July 2.
Being a point release (rather than a dot zero release), it is mostly code and doc bug fixes and improvements as well as updated versions to base utilities such as BIND, gcc, and clang. Some new disk and network drivers have been added, as well as the GEM/KMS code for the Intel GPU driver, and support for IronLake and SandyBridge.
There have been improvements to growfs, DTrace, multipath, SCTP, ipfw, and ZFS.
Some new stuff that may be of interest:
- low-level support for SATA Enclosure Management Bridge (SEMB) devices
- software PMC support to allow system profiling, regardless of the processor, with known tools like pmcstat(8)
- GEOM_PART_LDM module to support Windows dynamic volumes
- multi-routing table support for IPv6
- a BSD-licensed CAM Target Layer (CTL)
Any amazing future plans for the FreeBSD project that you can share with us?
Some of the technical highlights expected for 10.0 are:
- BHyVe: BSD-licensed, light-weight low-level HVM virtualization which supports virtio for IO paravirtualization.
- Virtio: BSD-licensed clean-room implementation of the virtio kernel drivers for disk I/O, network I/O, and PCI and memory ballooning.
- Variable symlinks: automatic expansion of per-process, per-jail or system-wide variables in symbolic file links.
- Netmap: high-performance direct-to-hardware packet I/O offering low latency and high PPS rates to userland applications while bypassing kernel-side packet processing.
- LLVM may replace gcc as the default compiler for base.
- ZFSd: ZFS fault monitoring and management daemon.
- RADclock: NTP replacement which provides both an absolute and a difference clock. The absolute clock provides the current time while the difference clock is designed to measure accurately the time between two events.
The ports team is working on upgrading the package building infrastructure to prepare for pkg-ng package sets. Getting all ports to build using clang instead of gcc is an ongoing process. Discussion is ongoing regarding the switch from ftp sites to a CDN infrastructure. Migrating from cvs to svn is another ongoing process.
The doc team has completed their migration from cvs to svn. Work is ongoing to update out-of-date articles, FAQs, and Handbook information. The migration from docbook SGML to XML is ongoing. There are plans to provide an updated version of the Handbook in digital and print formats.
Is there a sector that needs the help of new contributors? In what way could our readers get involved with the development of the FreeBSD project?
There is always lots to do! Some areas which would benefit from more contributors are:
Device drivers, especially network and wireless drivers.
Documentation reviewers and translators.
People to take over ports which no longer have an active maintainer.
People to assist in closing outstanding documentation and ports problem reports (PRs).
The FreeBSD website has several getting-started articles for various types of contributions:
You don’t have to be a developer or a writer to contribute to FreeBSD. Here are some non-code suggestions:
If your company’s product or infrastructure uses FreeBSD, let us know! Even better, see if you can get a company official to write a testimonial on why they use FreeBSD.
If you are attending a technical conference that provides an expo, see if you can obtain a FreeBSD booth. Let us know about it so it can be announced at bsdevents.org. Swag, DVDs, and brochures are also available for booths upon request (please give at least 6 weeks notice).
Give a presentation at a local user group, college, or event. Again, let us know about it and we’ll help to spread the word.
If a user group doesn’t exist in your area, see if there is interest in starting one. If there is a local LUG or UUG, attend a few meetings as most likely there will be other FreeBSD users there.
If you have a testimonial, event, need swag, or have questions on how to get started, drop me a line at dru at freebsd dot org.
Thanks Dru! That was really interesting! I wish all the best to you, and the rest of the FreeBSD developers and contributors of the most carefully tailored BSD system out there.