 ac felly ymydd y masygl yn ei gweithio ac yn ymdegwyr o'r ymdegwyr. Felly mae'r gweithio sy'n cyhoedd. Yn ymdegwyr? Yn ymdegwyr? Rwy'n rwy'n dda i. Mae hynny'n rydyn ni adeiladau am gael yma? A'r hystrygu? Ac mae'r problemau ar y byddwch chi'n gweld, mae'r ddweud yn mynd ymdegwyr? A ymdegwyr yma yw ddweud hynny'n gweithio'r problemau? I live and work in the camp bridge in the UK. I've got a PhD in psychoacoustics, which is the psychology of hearing. I have no formal background in computer science at all. I've been a Netvestee user since 1994. One of the obvious questions is why Netvestee is opposed to anything else and I could just answer that by saying well it got there first. I've been a Netvestee developer or committer since the start of the year. I'm the managing director or CEO of my own company, precedence technologies. I'm a Citrix certified administrator and a Citrix certified sales professional. If you don't know what Citrix is, I'll be touching on that later. So what is a thin client? A thin client is a device that's got small physical size but that's not actually a requirement. The thin bit isn't that it is physically small. It's that it's thin software layer. It's no moving parts. It doesn't need them. It doesn't need to have particularly high performance. It's got no local storage, just local software. No applications. Very low power consumption because it doesn't have moving parts, which means that in these days of carbon emissions and things like that it's a good way to go. Start-up time, it's centrally managed from the network, which is the important thing, so you're not having to go and configure things individually on each machine. It tends to contain network client software rather than applications themselves. If you're not going to have open office Microsoft Word running on one of these machines, even if you ask what you're looking at on the screen, you're running client software only. The sort of software we're talking about are things like Citrix ICA, Microsoft IDP, X, normal terminal software, web browser, VNC. Web browsers are quite a large application but it's not inventing data. The stuff you're seeing is coming from somewhere else so it's clearly a network client. My experience is I use MassCom Unix, which nobody's ever heard of, and IRx is part of my PhD. At the time I was an avid Acorn user, which is running a company, nothing to do with Unix, is ARM based. I wanted a Unix I liked to learn on. Acorn had their own operating system, RISCIX, but this was right at the end of the period when Unix was really expensive before the BSD that we know came along. It only ran on old machines, it wasn't going to run on any of the modern stuff. So the RISCIX BSD project was launched in 1994. This was basically a port of NETBSD to Acorn RISCIX PCs. It then became NETBSD ARM32, it was imported in 1996 I believe, and then in 2001 it became Acorn 32 as part of a reordering. I started working at Acorn, so I wasn't just living the dream, I was doing it in my spare time and also doing it during the day. Now in 1996, as soon as I started there, Acorn in some way ceased to exist in terms of its education part. It joined up with Apple UK, the founder of a company called ExactPro Education. It was the second biggest supplier of IT to UK education and I was transferred there full time. Now around that period Acorn launched the network computer reference design, which was all handled by Oracle. It was their idea, but they looked for a company who could do this. Acorn had always had an operating system that was ROM based, it was ideal for building this sort of product around. So low power, 48 megahertz, ARM 7500, what much RAM, custom version of RISCIX, bloody bloody blah. But what it did do is it booted for Manifest, and that was obviously quite good if you wanted to stick a Unix box somewhere in there. In October 1996, example given to of these, one of course went off to sales and marketing and waved it around and said this is the future. But I managed to take one of those and said look we can do something with this. So I booted one of these from RISCIX, wrote a product based on this, web based administration, web mail package. And then an application software framework which actually ran locally on these machines. And from 1997 this was sold to UK schools, that's the UK clearly. There was some talk about selling it in some places in Europe, but never really caught on very much. We called that the NC server at the time. The interesting thing there is it means that Apple was selling a BSD Unix based product back in 1997. A long time before Mac OS, Mac OS X, I saw a pre-release a year after we were already selling it. I'll ignore that by the way. And so 1998 they said well this is actually quite good. We'll take you out of technical support, you can actually develop this full time, fantastic. It then takes off, we start to roll these things out throughout the UK. There's about 1,000 units of the clients being sold, about 60 networks went in. This was all over a two month period. So we were starting to get some driving of this product. This was a new idea remember. Everybody else was, you just got to get your PCs, you got to have loads of them down your desk. It needs loads of space and we're going no what you actually need. You really thin things on your desk. Good service at the back end, we'll manage them for you. You don't need to do that. This is the way forward. But then March 1999, ACON said we don't want any of this market anymore. We'll be doing it for long enough. No one wants to buy our crappy old stuff anyway. Does anyone want to buy it? Apple said yeah we'll have a piece of that, seeing we already own half of it. We'll have the other bit and we'll pay you a nominal sum. Which meant that example is now 100% Apple. But of course they had all these products which were nothing to do with them. Definitely not invented here idea. And also because of the successful summer we just had it meant there was all these customers who signed up for support contracts. We'd never sold support contracts before. This was a new thing but they'd bought these and someone needed to support it. But I was made redundant and I was the person who wrote the software and I was the person who had the bookstops here support. If somebody needed to know the definitive answer they had to come to me but I was there no longer. So April 99 I said right I'm going to set up my own company. I'm going to support all this. You'll contract me to do this but what I'll need is clearly all the source code. Everything I've worked on I don't want to be paying for it. And they said that's fine by us because we could see ourselves being in hot water for Molly's customers if we don't do that. So a new hope. So we set up April 99. We start get rid of these risk pieces which are slow 233 megahertz machines, 600 kilobits a second disk. Terrible for servers. Go for something slightly less terrible. Still arm based. And reposition it as being an internet survey. Do all these things. It isn't just for booting some servers, some some clients. It can do email, it can do all that sort of stuff. We then swapped to Intel stuff because felt we had to. Started to rewrite it completely in 2002. It's still selling well today. But from a client point of view we're still selling the same old things. These are 48 megahertz machines. They'd come out in 1996. The design hadn't changed. People didn't really want them anymore. Very proprietary. Now the problem is I'll just touch on what the Citrix and ICA stuff is. From Unix background, of course we're used to things being multi-user. Just always has been. But Windows isn't. Bill's big idea is you have a box on your desk and you pay him for a copy of Windows to run on that because that's the way he makes his money. Citrix came along and said we don't really need to do that because these things are difficult to manage. So why don't we get Windows, we'll license it off Microsoft, make it multi-user and then we'll invent some way that you can talk to us. We could use X and in fact some of their OEMs did use X. But they invented their own thing called ICA, Independent Client Architecture which is a really optimised protocol designed for use over 28.8 modems. Works really well. But it's closed source. No one knows how this protocol works. ACON had an old version of the source. But of course they'd gone bust or disappeared. No one was working on this. And so we were stuck with this client software which was four versions old. There was nowhere to go. I evaluated, I was thinking, well, you know, these are, these are our base machines. Netbisti will actually boot on these. I did some diskless booting and I thought well what we could do is we could even run these under Linux simulation. There was absolutely no benefit. It was going to be so slow. Plus also the Linux ARM ICA client was equally as old because they've not outdated that either. From an ideological point of view I refused to start anything to do with Windows CE which was a competing product. So I looked around and found some Linux ones. But as I'm saying here, the poor support software was very basic or they'd look pretty but they'd be expensive. Nothing seemed to be ideal. I needed to do something about this. So I had a brainwave. I was driving back in the car. I thought what I'll do is there's all these people with old PCs. We've been telling these people you don't need these anymore. But why don't we take those? They've got horsepower. They would be skipping them. Why don't we just reform other hard disks, turn them into thin clients that you can manage centrally. Call it thin it. Started working when I got back to the office. Three weeks later I did the first release. And soon sold 500 copies of this. We had whole sites that had gone over to this. It was based on a Netbisti 1.6, very basic installation so there's no manual pages. No compilers. Running read-only from the disk. The root file system mounted read-only. Various scripts to read-only manage it. But then had basic clients for Citrix ICA, Microsoft RDP, and we had to use Linux emulation. But that meant we could run the latest ICA client so we could be feature compatible with anyone else out there. It's also designed to be very easy to install. The idea being if this messes up, it doesn't matter, you can reinstall it in two, three minutes. If you had dry fails, it doesn't matter. Just throw the machine away, get another one, reinstall it. You're back where you are. You've got no settings on these machines. The clients are completely commodity products. You don't need to think about having to configure them. Now, the next brainwave is I'm getting sick of these Linux-based clients. They're too expensive. I have to import them from Germany and... Oh, no, it gets Germans. But I was having to deal with these people over the phone and they've strict ways we had to deal with warranties and things. It was really difficult. So I tried to look for alternatives. But then I thought, well, hang on, we've got our own operating system here that pretty much does the job. Why don't we just get some really good hardware, put the two together? So we thought, let's get the fastest hardware we can find that's finalised so it must have no moving parts, needs to be small, and then we'll get our software to run on it. So we found some of those built for us in Taiwan. We released the TCX, which is our first version of this. It was released in 2005 and September. So gigahertz prices are 128 megs of flash. We actually had 64 in the first version and 128 megs of ram. It's now 256 megs of ram. We didn't need that, but they just said, well, it's going to cost you no more with the flash. They said you can have twice as much for about a pound more, but also it's four times as quick. So that was a no brainer. Then we did a TCA, which is basically a laptop, but the same thing. So it has no hard drive in it, just has a flash unit replacing the hard drive in that. And we finally got round to replacing the old version that we've got to convert old PCs. So we now have thinnet version two for PC. Precisely one flash. They basically look just like hard drives. The ones for the laptop, so exactly the same form factor. You just take the hard drive out and stick one of these in. The ones we have in the TCX is just dropping to the ATA on the motherboard. So, yeah, it's all completely managed. We're not having to worry about levelling and things like that. So finally, this month we released the version so you can convert any old PC using the new software. Now the problems we have to address here is it needs to run from flash. It needs to be very easy to build. We need to be able to test it while we're developing it easily enough without having to install it, boot the machine up, see how it works, all that. We also should be able to boot from various sources. So instead of the old version that just run from the hard disk, we should be able to do this from CD-ROMs. We should be able to just pay XE boot it. We should be able to run from flash hard disk, USB pen drives, all those sort of things. The old version had green kernel messages coming up telling all the devices that had found that scare off the customers who were using it. Historically our business has been in schools and so they just think it's broken when it's spewing forth garbage about all sorts of WD-Zero and stuff like that. So we needed to make it slick to use, slick to look at no command line needed, any of that sort of stuff. It needs to be really modular. We need to be able to extend this. If I'm doing all this work to go for a new way of working, we need to make sure that I don't have to completely reinvent it again a year down the line. So we need to have more session types. We're not just basic accessing windows resources using Citrix or Microsoft IDP. And clearly if it's going to run from flash or we want to let it have a network, it's a very small footprint. We also need to make sure that people can't steal it when using these things for commercial products. We don't want people to just steal it and start selling it themselves. It needs to be centrally configured, otherwise it wouldn't really be much of a thin client. It needs to be remotely managed. We don't want to have to go around to each of these machines seeing what they're doing. We need it to run really well on our own hardware because that was the original purpose of it, but also because we're going to provide this as a general purpose for any PC it needs to have really good hardware support. So the way we actually address these problems. Now, the NetBSD installer has a FFS file system which is embedded into the kernel, which means you can have this one file which is the kernel. When it's loaded up it will automatically mount this embedded file system as root, and it's read-write. Which means it's really easy to extend these images. The build infrastructure is very easy for us to just say whatever we want in here. We can use this for any task. There's a few things I had to address. We needed to get it to boot multi-user because this is designed for an installer. It wasn't going to be running anything more than just the installer, so I needed to do tweaks to make it multi-user, but that wasn't a big deal. We need to obviously make it easy to build. We've built SH in NetBSD which allows us to run one command. It'll build everything including all the tools. It'll build us ISO images. It'll do it for any of the supported platforms from many other supported platforms. It also means of course we can use fastest machines to build things for slower machines. A single make can do a lot of work. We want to make it easy to test. Now because of the virtualisation and Zen, we can make it so this will just generate an image which we can then just go straight into Zen. Does it work? It's very easy for us to run this thing through, but it doesn't work in the virtual machine. Does it work? Yeah, it does. Brilliant. We're not having to install this on a hard disk every time. Power off and on and off machines. The good thing about Zen is because you've got a very limited selection of device drivers. The probing phase of the boot is incredibly quick. We're straight into running the software. We don't have to worry about kernel issues. We can also do that using nested X drivers. As far as the virtual client is concerned, it thinks it's got a real display, but actually it's just running in a window. Now to boot from various sources, how do we deal with that? Now because we're running from this embedded file system, it means it's actually quite easy because we've only got a kernel that we need to run and it's just how do we load that. We've got loads of boot loaders. We can already pick PXE boot. We can already boot from all sorts of file systems. We're already pretty much there. New stuff that's just been coming out is CD boot, which means that we don't have to deal with floppy emulation and so we don't have a limit on the image that we're going to be booting, which of course is important as we're adding more and more bits into it and you always get bloat. It also means we can choose different kernels from a CD, which means you can run from a CD and run as a live system, or you can say I'm going to boot into the installer. We can still build floppies. We used to do the old version. We'd need a lot more floppies nowadays, but that's no big deal. We've got a new boot loader which allows us to put this onto a fat formatted USB drive that already has files on it without having to allow extra space at the start of it so you're not going to lose any data. That's a good benefit. Future ways we could possibly boot this, well I'd like to be able to boot this from NTFS, which would then mean you could just drop these files straight onto your Windows machine and boot straight into it. We can't do that at the moment because we don't have a boot XX underscore NTFS, but we could maybe come up with one of those in future. So how do we make this thing to have a slick user interface? As I was saying, all this green text coming up about all the devices it's found in IQs and all that sort of stuff, we need to get rid of that, which is harder than it should be. In the boot loader we can give it a flag to say we want you to boot silently. If you do that, it doesn't boot silently at all. It just gets rid of some of the text and puts some random slashes in the middle of it and it's known better. Now the way this works is we've got some print tests which are printing things to the screen, which is the stuff that's generally in the older device drivers. New stuff we have this whole API which says is this a normal message, is it an error message, and if so we can divert this to various places, we can divert it to a log file or we can actually have it going to the console. But the problem is, is this all needs converting across and someone needs to make a value judgment about is this printf an error message, is it a debug message, is it just informational? So we can't go and do a mechanical thing on this and basically no one's had the time to go and do this yet. So my cheap hack was we just get printf and make it do the same thing as the version which just doesn't write to the kernel. And as soon as you do that, you get a nice message, it just says detecting hardware, a little twiddler goes on and then you're out of it. So that's pretty slick. I lock down the bootloaders because we don't want people trying to boot single user so that's password protected. We hardwire the path to the kernels, we don't want people trying to randomly tftp boot from other things. That's easy enough to do. Pretty much all of the RCC system has been rewritten because we don't want to be doing lots of the stuff that these would do. There's lots of dependencies on other demons which we're never going to use. And so we always need to get rid of all that and we also need to differentiate between what's actually going to the consoles that the user is going to see and what we may need if something goes wrong later. And so that's the difference between the friendly text and the debugging stuff because we need to make sure that the users are happy and they can see that it's doing something but they don't need all sorts of hieroglyphics scrolling up past them. We can also liven this up by doing a bit of colour text and moving the cursor around so we have nice boxes and things like that. And thanks to Jared McNeill's excellent work we now have a visa framework which allows us to run at pretty much any resolution. It means we can have splash screens full colour splash screens, logos, they can be animated. And so this then becomes an attractive thing to look at as it boots. Obviously if you're doing an embedded out and out embedded device like a firewall, you're not worried about any of this. And so the original answer when you'd say to people on the main list well I don't want to see all these messages is to say oh we'll just divert it to a serial console, that'll be fine. But actually it wasn't because you still needed to tell the user what's going on. You may need to do things in future and also they may have things they want to attach to that serial port that they may only use like a digital camera. We don't want all sorts of stuff going down to that. We also want to make it easy to configure. So we've written some GTK configuration things and stuck a few screensavers on, makes it pretty as well. It's all cheap and easy stuff but you get a win with the customers. Slide that looks really bad but this is the splash screen. The idea being that we have animation of the smoke coming up here from this super fast cheetah that's running with a few little thin clients on its back showing how small and light they are. If you don't have a machine that's capable of running this you can't see this at all. This just basically says detecting hardware and there's a little twiddler there. It then goes into this mode which basically says, yeah, I'm booting it. I'm booting from local storage. I'm then going to look for a network connection. Oh look, I found one. Here's my IP address. I'm going to check to see what I need to update. Load on my modules. Hooray, off we go. So when you're actually running it looks something like this. We have a session chooser who says what you want to do. These buttons slab in when you choose them and stay slabbed in while that's running. We can do all sorts of different things. And so the idea that we needed to address was also to make this modular so we could extend things. So we wanted to be able to add buttons and new feature types onto the list previously. Now the good thing about this is because the kernel itself has this embedded file system we can do all sorts of different things. The idea that we needed to address was also to make this modular as this embedded file system as long as we make that clever enough it should be able to repair itself it should be able to know how to get settings it should know how to speak to all sorts of different types of networks it's going to have to deal with so it should know how to bring up network cards and associate itself with wireless networks and how to find various files depending on whatever it's come from and so it deals with all of that. This is a small thing but then it needs to be supported by lots of back-end modules which it can load either into RAM if it's getting over the network or it can run directly from the file system. Now these modules are disk images created with makefs which just creates an FFS image. These are configured as what we in the NetBSD world call VNDs very similar things in Linux freeBSD where you're just using loopback mounts or DMGs. Some of these modules are absolutely required. If you don't have them there's no point going on. So these are things like X and libraries. Some are useful but you could get rid of them like some of the user interface stuff. Do you actually need a window manager if you really wanted to get this small? No, not really. If all you're going to do is launch a web browser. Some are completely optional if we're not bothered about offering users the ability to SSH into something we can just get rid of that module altogether. And some have dependencies on other things and so if we're running software that requires Linux emulation we need to have that Linux emulation there otherwise there's no point in going on with this other module. And so we had to extend our configuration file these things that were fetched essentially from the network in the earlier versions we needed to extend that. But what this means is that adding a new type of session is simply you just add an extra module in there and so instead of just the basic ones that we had we can do things like stream video and DVD playback using VLC from the VideoLun project. We've got an integrated web browser which is Opera with Flash players. We've got conferencing using the M-Bone tools which are pretty dated now but they do the job so we've got Vic Rat and Whiteboarding SSH, VNC and of course the ones we really need to compete anywhere in the marketplace. Citrix ICA, Microsoft IDP this allows us to run windows applications. We've got things like CIP we want to do voice over IP we want to speak to our Astrix servers and things like that. This means you can present this as a complete desktop replacement because you can divert calls through to your thing client while you're working on your word presentation or whatever you're doing if you're just an office worker. We can also add cool things in like data logging because we come from an educational background. This would allow these things to be used in science classes to be able to run logs of specific latent heat capacities all that sort of stuff and this variety of different session types is completely unique in the market as far as we can see because everybody else is just thinking you just need to be able to run windows possibly do a bit of web browsing and when you're running windows in a multi-user thing because every single bit of graphics come across your network and now you've got things like flash movies in your web pages it's never perfect and of course with YouTube and things like that you're not going to get fantastic performance it's pretty good but it's not absolutely fantastic and so if we can offload some of these things back to the client things like the stream video playing DVDs then it means you've got something that we were saying is multi-media enabled we say it, people believe us sometimes but this needs to have a small footprint now the way this works is that in the file system that we're embedding inside the kernel we've actually just got one great big binary here with a whole bunch of hard links to it it then picks the appropriate embedded program within that on the basis of the name that you actually call it ours so it's really memory efficient it's very similar to Busybox or Linux if anyone's looked at that the whole kernel itself is with the ramdisk in there is gzip-9 which means the whole thing is down to less than 2.5 megabytes the tcx being our own client so it doesn't need to have loads and loads of device drivers in there which is why it's quite small but this thing as we saw before can speak to any different network it can repair itself, it knows it can check the software it's got then see whether it needs fixing see whether there's updates it can deal with all of that it can even reinstall itself the disk you've put it on is corrupted there are some magic key presses you can do at the start and actually reformat its disk and reinstall itself now the other thing is that's okay with the kernel but we've also then got these modules what can we do about these now just at the right time we came up with the idea of compressed disk images which were done to be sort of Linux compatible but it meant that these things can be decompressed on the fly so they read only but that's absolutely fine that's exactly what we want if that hadn't come along either I would have had to do it which would have meant quite a big delay or I'd have had to hunt around for other people but that was perfect timing so someone up there is smiling on me we also then in the modules we need to make sure there's loads of stuff in there but if we don't need it we don't want it in there because it needs to be small because we might be loading these over the network every single boot also the new thing that's going to be out in NetBSD4 is a very efficient memory file system which means instead of you saying my RAM disk that I'm going to be putting these modules in is this fixed size it shall not grow this thing will expand and shrink as necessary so this is really useful so here are examples of the components that make up Thinit 205 which is the latest version I've ordered them in size .enz files are the compressed modules cair in files of kernels the names are the different session types we've got IDP and VNC we've got some X drivers here we've got conferencing ICA down to the big fat one which is opera and the number is basically the version number of that release 205 says you've got version 3 of IDP you've got version 4 of VNC 206 may have version 4 of IDP that's the way it deals with all this and when we total all this thing down and I've realised it actually makes it look worse than it is for the TCX so we don't need all these other kernels it comes to 34 megabytes and the reason it looks worse is I've actually included some X drivers in here that wouldn't be used so that's pretty much a whole that's a whole distribution it's got X in there it's got all the fonts, it's got web browsers it's got flash players it's got pretty much all the bits of client stuff where you could think of and the whole thing, 64 megs very easy to fit into flash and remember we've got 128 megs of flash to play with it needs to be difficult to rip off I don't want people stealing this, it's my hard work now we can encrypt these modules it's a good idea but the problem is that you can't compress things very well that are encrypted so if you actually work out the chain of events you need to do we have an encrypting fast system CGD but the problem is that you need to point that at a block device and so I looked at this and I thought that's just too much in a chain why don't I just get VND which supports this supports the compression it's read only so that makes it easy to deal with and also when you look at the way the compression works it just does it in fixed length blocks and so just make this support the encryption, it's much easier so I did that this hasn't been committed back into NetBSD but that's not through my personal choice it's partly because when I suggested this the feeling was yeah well yeah it works but why don't we do it the right way so let's have this multi-purpose thing that's got a general system that we can layer in somewhere that will just do all this which is great but doesn't help me when I'm trying to produce a product here and so but it isn't here at the time and I've got customers that want this so I want to do it the easy way and it works for me well this is an issue and also going well as I go to this the embedded file system if you went in there and you looked around in there you'd probably find the keys that's just the way it is but the keys are encrypted themselves inside the binaries that are using them it is possible for you to come along and use the MD set image is the thing that sets this FFS image into the kernel and you can use it to pull one out of the same kernel so someone knew what they were doing they could take the kernel and they could pull out the file system they could just mount that and have a look through the images it does a few other clever things in there because for instance it knows that it's running from one of these monolithic binaries so it will go through and check the number of links that it's got on the binary it's running from and if you just copied that and want to stick onto my machine and run it you'd have a link count of one whereas if it's in this monolithic thing it's got a link count of 234 or something so it tracks that, it does a few things like that but I'm not an encryption expert there are better ways of doing this but the other thing which I've not said going back to the beginning is Presence is a really small company it's basically three of us and the thinnit thing is solely me other people are supporting it but in terms of the actual engineering on it and releasing it and all of that, it's entirely me and so it's limited by my knowledge and my time I can spend extending my knowledge and so also thinking of doing signing modules and obviously licence management that's pretty important because at the moment you could put this on as many machines as you wanted at a site and if people want to put it on twice as many machines I want to have twice as much money really we have essentially configured it uses a config file which you can fetch with HTTP, FTP or TFTP you can configure the path of that with the custom DHCP option it supports groups and per machine settings it's just a plain text file it's very simple remote management, this is something we've added very recently we've got our own protocol and we have a little binary that you can run on Windows or on Linux it will tell you to do things like shut down, reboot just to see what's on there you can even get to cheesy things like play bits of music through its internal speaker so you could actually start a tune playing across all machines in your room don't know why I don't do that but it was a line of code I thought might as well put it in there you can also shadow the screen with X11VNC so if you've got a VNC viewer you can look at the screen which we find really useful for managing client machines if a customer phone says I can't do so and so we can actually connect in from our offices into their networks, into their servers then from there go out to their clients and we can actually interact with their sessions and say what are you clicking on and we can see what they're doing makes it really easy for us we need excellent performance on known hardware so the way we do that is we're very cut down kernel configurations we know exactly what hardware is going to be in there and so it means you've got great boot times there's no driving, there's no probing for old hardware and timeouts for ISA devices and things like that and we've slightly tweaked some of the X drivers just to remove various bugs and things we've found but we also need wide hardware support and so the way we do that is we've a generic type kernel as every driver we can think of under the sun in there but when you do that we've come up against the NetBSD project at the moment is how many different kernel types do we need to if we want this to run on everything or at least everything that's that same processor type how many different kernel configs do we need and we've got to the point in NetBSD that when you're building up a build of the tree spending half its time just compiling different kernels for the Intel part and there's got to be better ways and recently nothing that Jared did he knocked something up called BootProps which takes a proplib-based XML file and proplib is a thing for passing parameter lists and things like that between various devices and things in the kernel so it's quite a rich way for you to get arbitrary configuration information in and out of the kernel but the problem is that from the user land when it dumps these things out to files it uses XML and there's religious wars to do with that and you know is this bloat we don't use XML in configuration files in Unix we need something that's human editable I'll load this up into my editor edit it out now I don't particularly see the problem with this because you can write XML if you really need but I think this is a great idea and basically what this does is it uses you can use boot minus C as you boot the machine up and it'll take you to an auto comp thing so you can switch off devices and so it just loads these things in but you can also use it to configure the bootloader so it's very similar to FreeBSD's boot.conf and also the stuff that's recently added to OpenBSD's config so you can edit the kernel config but unlike the OpenBSD stuff which is writing back the kernel this is just a separate file and so all we need is one kernel and then there's a whole load of different configuration files for it and this should run on pretty much any bit of hardware but because of this religious war about XML Jared has just said here's the patch, someone wants to use it, brilliant but it's not been committed into the source tree and we haven't used it yet and as far as I can see no one else has and that seems a bit of a shame to me now as we're developing this we hit some big snags as I said one of our products is based on a laptop we just get these things from our OEM supplier and they gave us this machine which had a different wireless chipset and so we said that's fine, no problem we put NetBSD 3.1 on it which is what the product was based on at the time but WEP wasn't supported with Intel wireless chipset that was being used so we needed to switch to 4.0 now this was June, July sort of time so I needed to do a lot of work to actually make this work I knew that people wanted these things installed over the summer now I had fortuitous timing with these compressed VNDs this is where it came back to bite me because just at the time I was trying to switch to NetBSD 4 compressed VNDs broke so I couldn't build up any of these modules so I had so many other things to get on with I thought it'll get fixed and it did but once again it was pretty touch and go so I had to rebuild all my packages rebuild all the software for NetBSD 4.0 which meant I didn't have another round of working out while I could remove from these things to chop them down I thought while I'm doing that I might as well upgrade a few other things and so I had to go to a new version of Susie emulation and I've had to chop bits out of that as well I don't know Linux well enough to work out what I need to pull out so it's all, once again that's all experimentation and then I had to go for a new ICA client they'd just done a new release of that new features we needed to be running the latest version of that and that required extra Linux libraries which in turn needed to be chopped out and so we had a lot of work very stressful time a couple of months ago and then we hit against having that they gave us another laptop and I thought she didn't work on it so I needed to move to modular Xorg and I thought I'd be putting this thing off I really don't want to do this it's just going to get painful I'll put these things on the mailing lists but then I actually had to go at it work like a dream thanks to Yurg it was just so simple and I'd had to spend so much time before trying to chop down X because I needed to work out which particular libraries I wanted I had to write all my own bits of calling very little bits of make files to install these things but because this is completely modular I can just say right I want this driver I want this driver I'm going to have this font it was absolutely fantastic the problem at the moment is it is a moving target so I need to keep on top of this I need to keep rebuilding it it increased the module size slightly but that's mainly because I couldn't be bothered to chop out lots more fonts and work out what I needed so I just stuck them all in there of course we had more flash nowadays but the problem that we have obviously come up against still is problems that we have throughout BSD lack of device drivers do we use binary level binary objects to do these sort of things NetBSD take a very centre line on that OpenBSD say we're never going to use them Linux people say well we'd rather not but hey come on bring them on because we want to be able to run on everything but when you start doing that you then run into licensing things as well is it going to be easy to put this in a product do I want every single teacher that I'm sending out on these machines to to have to go and read through something saying I want to use my wireless network card I don't really want to have to do that I then saw the Linux driver project that Luigi Rizzo did for FreeBSD and I thought that's really good because it was particularly focusing on webcams and webcams support throughout BSD is horrendous everything is just ad hoc patching on some existing systems I thought this looks like it could be a solution so I discussed it with him a little bit and came up with a plan for the Google Summer of Code but no one took me up on that which is a bit of a shame I'd have a go at myself but I really don't have time because I'm the one person who's writing this at the moment and so hopefully I can keep pushing people and maybe we'll get there but on the same time the Linux people are looking at doing useLun drivers which I think could also be really exciting and really helpful in this particular situation and now Antio Parker as he likes to be called has been working on this thing that allows you to run BSD fast systems in user space and so this is going some way towards what we're wanting to achieve here now other problems package source is not designed to be used on embedded systems everything is you've got huge dependency lists one example is GTK2 which just brings in the whole world and so the whole thing is over 33 megs I really don't want that but I've managed to chop that down to about 3.5 megs as a thinnet module though it's not working yet that could be because I've chopped out too much but I think I'm pretty much there question what about using packet binary packages using make package well if you do that the problem is is that they bring in everything and so we're using binary packages here but when you do that they include things like all the header files and all the static libraries you may use to want to link it with later if you're doing it as a developer these things are designed as a general solution I don't need any of that and so what I've done is in our make file I've actually removed all the bits I don't need manual pages they're never going to get read I don't need header files all I need in most of these things is just the .iso file and it does all that we can also say we only want to extract a certain list of files which also works really well which is why we've got a lot of these package sizes way down the other big problem is we have dependence on Linux emulation here and everybody else in the marketplace is either using windows or using Linux for this and you get Linux emulation for free on Linux but precedence is a Citrix Global Alliance partner which means we have directly links into the people who work with OEMs we get SDKs all sorts of things like that we spoke to them about getting source back in the past they wanted $20,000 for it which we said no to at the time we may decide that's actually worth doing and they would be able to get a NetBSD native version and I've had the argument with them that NetBSD builds itself as the most portable operating system and Citrix is also saying you can run windows on any device anywhere why don't we speak to each other because even if it's not really being used on these arbitrary little devices it's still a marketing tick point for you it's saying that you say you can run this anywhere well look, you really can so why don't we just do this for the sake of you giving us a bit of source code and we'll sign as many NDAs as you want we've also been speaking to Opera recently they said they didn't want to pursue a native version at this point in time because they refused to release the source and so their freeBSD version is built in-house on machines that they manage they didn't want to have to manage NetBSD machines at this point in time hopefully we'll be able to carry on speaking to them and maybe get somewhere in the future now, exciting developments I'm not going to spoil the next talk but thanks to Alistair and Aunty we have refuse which will allow us we can have many more file system types and now when you're running a remote windows session from thinnet you can export, when using Citrix you can export arbitrary bits of the file system as drives to the remote windows session and so what this will allow us to do is we can do things like mount cameras that are at mass storage devices we can mount read, write the client PC's own hard drive plus other things that Windows users wouldn't have even considered that you can mount CVS file trees and all sorts of mad things like that the problem is that the API for this isn't fixed and Aunty's found so many bugs in the rest of the stuff that there's virtually no chance of this being back ported to 4.0 which I suppose also goes on to say why is that important and as we heard in the discussion this morning about the metask stuff you have to use supported versions we can't pick a version of a current operating system say we're going to build something about that just don't know what the fallout is going to be you have to work with supported versions we can also use this thing as a replacement for the AMD Auto Mount Demon because people are coming along and they're getting USB pendrive and sticking them in their laptops and they want to be able to see those when they're in their remote windows session and at the moment we're actually doing this with AMD which has also requirements so this builds up the kernel size the other thing is AMD uses SimLinks and the latest version of the ICA client refuses to follow SimLinks outside of its file space which is a very good thing for security reasons the problem is that we now have to say we don't want that security check because it's necessary for AMD other exciting things we're going to have DRM coming real soon now that's going to give us high performance video streaming we've got power management framework coming along which means that when we're running this on people's laptops they'll actually be able to completely suspend on pretty much anything and we can actually monitor all these and see are the batteries going flat all those sort of things that's what we need and we're also talking about fixing my hack for encrypting compressed VNDs we're going to get better support on that so development is within it at the moment this thing assumes you're going to have an ethernet connection but no, I want to be able to use this anyway I want to be able to take my my thing client machine and I want to be able to just bluetooth into my phone and get onto the internet and then I want to VPN over that into my office we want to have some more weird peripherals sufferance in schools this would be a touchscreen and you'd see my pointer moving and I was doing that and I could draw things over it we need to get drivers for those we need to do license control we need to send our management protocol so that when you're in a remote windows session you can launch things back on the client so you can go right, yeah I know I'm running word at the moment I know I want to watch a video but I don't want to have this all chopped up in my windows ICA session or what I want to do is run it locally so that's going to be great and obviously of course there's lots of other net BST developments going on and we need to make sure those are in there so what's the problem with using net BST for all this very slow releases big time between at the moment and the problem is is that four in particular has been really long far too long to arrive so on the basis of that when's five coming along five is going to have these great features like puffs refuse all those sort of things that I really need but when's that going to come there's two new developers working at this cutting edge without doing the back porting and without us actually improving our release process how are we going to do this that's difficult to fund development as I say I'm one person but we're getting money from this and I want to give this back to the net BST foundation but how do I actually say I want these particular things developed we are funding Andrew Dorran to do some SMP development and that's great but there aren't that many other people that are available for hire for arbitrary work once again BST license is clearly better than the GPL ideal for this sort of thing but the advertising clause makes it a bit difficult to support it because you end it with a list of names that's longer on your glossy flyer than actually what you're trying to say about the product you've just got a whole list of names of people who've worked on it over the last 25 years so in conclusion high file in the net BST is brilliant for embedded work it's really clean to develop on it's got very powerful bulk cross building tools BST as a whole is great for product development it's commercially friendly and you have this integrated kernel on your news land meaning now I can just pick this thing make a product out of it I'm not going to glue bits together these familiar problems that we see through our open software everywhere lack of device drivers mainly but also I'd like to say net BST isn't a research OS striving for perfection on every single point can actually slow the progress of this which means that commercial use of it is discouraged commercial use in turn will feed things back both financially and also in terms of code and so you've got this symbiotic relationship the two do really need to work together here and so when people are working when developers are working you just need to think that if we can make it a little bit more friendly for people who are working in the commercial arena that's actually going to come back and benefit us in future and so that's it really that's a picture of one of our clients I could demonstrate it working but I'm out of time any questions have you ever heard of portable think lines before how well do they work because you need some bandwidth but because things like Citrix Citrix in particular is optimized for 28.8 connection and of course with modern developments like lots of animations and sound then you need more so for instance high quality audio under Citrix is 1.1 megs a second but it is entirely usable over 28.8 in Modem and a lot of people would be using this for just things like Microsoft Office so things are pretty static we are in some ways making it more difficult for ourselves by selling to education because they are doing lots more interactive things lots more animations by the way have you thought about the no machine mix which? yeah we have looked at that that's one of our potential supported session types I didn't see the point in it myself it's basically a veneer on top of the RDP stuff which is limited itself within windows I didn't see ICA offers so much much more richer experience then NX really wasn't doing much over and above that any other questions? in which case thank you very much yeah of course it depends on whether it's got a video output but yeah it could do thank you very much thank you