For nearly two decades, Deb Goodkin has served as the Executive Director at the FreeBSD Foundation, which supports the open source FreeBSD operating system used by enterprises like Netflix and NetApp. She is a computer engineer by trade, and began her professional career at IBM. Catch our complete Q&A with Deb:
FreeBSD has been around for over three decades now. What are some of the biggest factors driving the operating system’s growth, and have there been trends in who is using it?
FreeBSD has many features and benefits that set it apart, such as reliability, performance, and security. It has been a staple for many large companies, startups, and innovative research projects that continue to use the operating system today. Also, FreeBSD’s permissive licensing model and community-driven development have enabled organizations to integrate proprietary technologies and easily make contributions to the Project. The operating system’s flexibility makes it well-suited for use cases ranging from embedded systems to large-scale data centers across storage, networking, and edge computing. As organizations continue to prioritize open source solutions and security, FreeBSD’s combination of technical strengths and community-driven innovation positions it well for continued growth and adoption across various industries.
Also Read: Understanding the Role and Mechanism of Encryption in Data Security
What unique value proposition does FreeBSD offer to enterprises that Linux might not?
The use of FreeBSD or Linux is not an either-or. Both have benefits for different use cases and in some situations, FreeBSD is used alongside Linux. That being said, we hear a few reasons why FreeBSD is chosen:
First and foremost, it’s the development model. FreeBSD follows a unified development model where a single entity maintains, tests, and releases all operating system components. This approach results in consistency and predictability, which ensures that software versions and dependencies are easier to manage. This model results in a release engineering process that includes long-term support commitments, which can be crucial for enterprise environments that value stability and extended support cycles for their critical systems. FreeBSD is often easier to customize due to its cohesive development model. Enterprises that need to modify their operating system to fit specific needs usually find FreeBSD more accommodating than dealing with multiple Linux distributions and configurations.
From a technology perspective, two features stand out. Many developers and architects recognize FreeBSD’s advanced networking capabilities and appreciate its performance and scalability. Netflix, for example, uses FreeBSD as the basis for its Open Connect content delivery network. The native integration of the ZFS filesystem in the kernel offers data integrity, efficient data compression, and robust snapshot capabilities, which are crucial for data centers and enterprises handling large volumes of data or requiring high availability. Linux offers this, too, but this is an important feature worth mentioning.
Last, FreeBSD uses the BSD license, which is simpler and less restrictive than the GPL used with Linux. This licensing can be a significant advantage for enterprises that want to integrate their systems with proprietary software or hardware without worrying about license compatibility or the need to disclose proprietary source code.
Also Read: Security Operations Center (SOC) Best Practices and Steps in Building Process
Security is a top priority for CIOs. How does the FreeBSD project approach security, and what measures are in place to ensure the OS remains as secure as possible?
We like to say FreeBSD is “Secure by Design”. FreeBSD is widely known for its commitment to security through its design features and development practices. There is a proactive security team and a well-defined security incident response process. The development culture emphasizes code quality and security reviews, with potential security vulnerabilities taken seriously and patches and security advisories released promptly.
One of the critical security features of FreeBSD is the Capsicum framework, an innovative capability and sandboxing technology. Capsicum allows applications to run with reduced privileges, minimizing the system’s exposure to bugs or exploits in those applications. This capability-based security model provides fine-grained control over system resources. FreeBSD’s Jails technology is also a powerful tool for creating isolated environments, with each jail instance operating independently. This reduces the risk of a breach in one jail affecting the entire system or other jails.
FreeBSD also includes a Mandatory Access Control (MAC) framework, which provides fine-grained access control to various system resources. This is crucial for limiting the potential damage compromised system components can cause. The FreeBSD Cryptographic Framework (FCF) offers a robust set of cryptographic algorithms and tools that the base system can utilize and third-party applications to secure data in transit and at rest.
FreeBSD has a conservative view of default settings. Many services are disabled by default, and those enabled are configured with security in mind, reducing the attack surface right from installation. The system’s source code can be audited or verified to ensure integrity. Efforts towards reproducible builds in FreeBSD mean that binaries can be independently verified to match the source code, enhancing security and trust in the software supply chain.
In 2024, the Linux Foundation’s OpenSSF recognized FreeBSD’s security initiatives with a grant to participate in the Alpha-Omega Project. These measures, combined with a rigorous focus on security throughout the development lifecycle and the system architecture, make FreeBSD a strong candidate for environments where security is critical.
Also Read: Building Security from Scratch: Key Steps in Implementing Zero Trust Architecture
Enterprise applications can have specific hardware requirements—how well does FreeBSD support different hardware architectures, such as ARM and RISC-V, in addition to traditional x86 architecture?
FreeBSD’s multi-architecture support, security features, networking capabilities, and performance optimizations make it a strong choice for many use cases.
FreeBSD supports ARMv6 and ARMv7, commonly found in embedded systems and older consumer electronics. However, FreeBSD has comprehensive support for ARMv8 (AArch64) architecture, which is fully 64-bit and used in newer and more powerful devices like servers and high-end mobile devices. FreeBSD has optimized its support for ARMv8 architecture with enhanced power efficiency and performance scaling. The Arm architecture is in the top 5 list of commits, which validates the importance of this architecture to the Project.
FreeBSD is committed to solidly supporting the RISC-V Architecture, which is gaining popularity in academic, research, and industrial applications. To ensure flexibility in deploying FreeBSD on this architecture, FreeBSD is continuously developing its support for 64-bit and 32-bit variants of RISC-V.
And, of course, FreeBSD has robust support for x86 architecture, including 32-bit and 64-bit systems. The 64-bit AMD64 is well-supported, with optimizations for modern processors, multi-threading, large memory allocations, and specific hardware extensions.
Looking ahead, what are some of the key areas of focus and upcoming developments for the FreeBSD project that enterprise CIOs should be aware of? New features, performance improvements, hardware support, etc?
Looking ahead, the FreeBSD project is focused on security, system performance, and making FreeBSD a reliable and robust platform for enterprise applications.
Our most recent release, FreeBSD 14.0, released in November 2023, added significant security advancements with the integration of OpenSSL version 3.0.12, which includes critical cryptographic improvements. Additionally, it introduced faster reboot capabilities, essential for minimizing downtime during system updates. It also optimizes future serverless computing environments to enhance performance in scalable, distributed applications. Additional updates, including 14.1, offer additional updates and hardware support.
FreeBSD 13.3 is still actively supported and updated. It offers enhanced stability, with expanded hardware and networking support to ensure better system compatibility and reliability. These improvements are essential for enterprises that demand high availability and seamless integration with diverse hardware ecosystems.
Looking further ahead, FreeBSD 15.0 will focus on performance upgrades, improved device driver support, and ongoing security improvements. This year’s Ottawa FreeBSD Developer Summit in May 2024 provided a platform to discuss these upgrades, strategic directions, and technological advancements.
FreeBSD is actively involved in the CheriBSD project, which aims to mitigate common vulnerabilities through hardware-enforced bounds checking. The project will be showcased at the Summit and discuss the integration of memory-safe programming languages like Rust. If you miss the Summit, the presentations will be recorded.
We are excited about FreeBSD’s ZFS File System Initiatives, including the RAID-Z Expansion Project, which expands ZFS RAID-Z storage pools for enterprises needing scalable storage solutions. Additionally, integrating ZStd compression offers superior data compression ratios, improving storage efficiency and performance. The ZFS Hierarchical Rate Limits feature gives administrators the tools to manage and prioritize data traffic within storage pools, improving the overall performance and responsiveness of systems under load.
As we continue to focus on modern enterprises, particularly those looking for a secure, stable, and high-performance operating system, we will see FreeBSD use grow, and it will be an exciting 2024!
The FreeBSD Foundation is a 501(c)(3) non-profit organization dedicated to supporting the FreeBSD Project.
Deb Goodkin is Director of the FreeBSD Foundation
[To participate in our interview series, please write to us on psen@itechseries.com]
