Free and Open Source Software
We have received many questions with regards to open source. We use open source technologies within Abacus Semiconductor, and we encourage you to at least try that too. Today, most of the Internet backend runs on Linux with open source applications on top of it (commonly called the Linux — Apache — MySQL — PHP or LAMP Stack), and Netflix uses FreeBSD as an Operating System. Additionally, NetApp uses FreeBSD as the underlying Operating System in their appliances. If it is good enough for Netflix and if it can serve millions of users, and millions of users that use NetApp appliances, it will do so just fine for our internal engineering and other large-scale users of data.
We use open source tools for a variety of reasons. The first reason is that we can review the code and be sure that there is no backdoor or any other nefarious piece of software hidden inside of it. The second reason is that we can recompile it for better performance, with a compiler of our choice. We might even be able to port it to a different platform. The third reason is that we might be able to integrate it better into our IT environment. As an example, combining Redmine and Mattermost into the same MySQL database brings us performance and reliability advantages, and it allows us to use a single script for weekly backups and dumps from the application server to the file server and from there to the backup server. There are many more advantages to open source, not the least of which is that it is freely available, at no cost to us. In return, we contribute back to the community by not only reviewing code (and fixing bugs), but also by adding to the code. We allocate time for our software designers to contribute back if they wish to do so.
We encourage everyone to at least try open source tools. We believe that most users — private and commercial — will see that open source tools are on par with many commercial tools. Be aware of the type of license of the open source tool you use, though. There are very permissive licenses such as BSD and MIT and derived licenses. In contrast, the GPL licenses are extremely restrictive. As an example, if you incorporate a BSD or MIT licensed piece of source into yours, you can keep the resulting software closed source. If you build software for a piece of hardware that you cannot disclose and where its APIs would reveal secrets, then open-sourcing the entire resulting code might not be an option, and as such, you may have to revert to either BSD or MIT licensed source code, or start over with internally developed software that is all yours. A GPL source code license would force you to open-source all of your resulting code if you include even one single piece of GPL-licensed software or source code. If in doubt, always talk to a lawyer first who has experience in open source licenses.
Open source technology (both hardware and software) also helps us keep our infrastructure secure. We have used a hosted web presence and hosted email simply because there is no need for us to host that internally. Our internal IT infrastructure is very isolated from the Internet, through hierarchical firewalls. Our application, design and file servers are not reachable from the Internet unless our employees and contractors use a VPN. While there are downsides to an external email service over an internal email server, we are not yet at a stage where we need that extra level of performance. Once we have reached that threshold, we will need to evaluate if local email servers can work in conjunction with email servers and services that are taking care of any external communication.
Free and Open Source Software (FOSS) Links
Here is a selection of Free and Open Source Software that we use internally. We are working on porting as many of those applications as we can to our processors. Those ports will be made available on code sharing sites and here.
FreeBSD is a true UNIX with its performance and security advantages over other Operating Systems. It is well-supported and available on most platforms. We use FreeBSD on nearly all of our servers. FreeBSD is available for RISC-V, and we are working on a port of it to run on our Server-on-a-Chip natively.
Red Hat Enterprise Linux (RHEL) is by now probably dominating the Internet backend in terms of deployment. It is stable, robust and well-supported. Any application software that requires Linux and cannot run on top of FreeBSD is deployed on RHEL internally. We are working on a port of RHEL onto our Server-on-a-Chip's application processors to take advantage of our hardware acceleration of mass storage and networking with filtering.
MariaDB is a mySQL-compatible RDBMS. We use MariaDB everywhere except for those few applications where performance is crucial. One of the many benefits of MariaDB is that most mySQL tools work for MariaDB. MariaDB runs on RISC-V today and does not need any additional drivers for our Server-on-a-Chip. However, with the additional drivers it will be able to take advantage of our hardware acceleration.
ScyllaDB is a high-performance in-memory database. When we need the ultimate performance that mySQL and MariaDB cannot provide, we deploy ScyllaDB. It does not run on FreeBSD yet, but we are working on porting it to FreeBSD on RISC-V.
The following is a list of backend applications that we use internally, either in a production environment or for development purposes.
FreeBSD is a true UNIX with its performance and security advantages over other Operating Systems. It is well-supported and available on most platforms. Nearly all of our servers run FreeBSD.
FreeRTOS is a free Real-Time Operating System with a surprisingly small memory footprint.
FreeNAS is based on FreeBSD and is optimized for use in a Network Attached Storage device. It is easy and quick to configure, and it is robust at high levels of performance. Our NAS is implemented using FreeNAS.
LLVM and CLANG are the frontend and the backend of a C/C++ compiler. Unlike GCC there is no license issue with the compiled code or the use of libraries. Both runtime and the performance of the compiled code are excellent.
ScyllaDB is a high-performance in-memory database. We use ScyllaDB for our high-frequency transaction needs.
MySQL is the de-facto standard for SQL databases. It is the lingua franca of databases. Considering its maturity, it certainly has the greatest number of support tools, but at this point in time, it is not leading performance-wise, nor is it the most robust or scalable database in existence.
MariaDB is a mySQL-compatible RDBMS. We use MariaDB everywhere except for those few applications where performance is crucial.
Eclipse is a powerful IDE and toolset that allows a wide variety of plugins and add-ons to be integreted to customize it to the developer's needs and the underlying target processors.
Red Hat Enterprise Linux (RHEL) is by now probably dominating the Internet backend in terms of deployment. It is stable, robust and well-supported.
opnSense is a Next Generation Firewall offering Deep Packet Inspection, packet filtering, Virtual Private Networking, Intrusion Detection and Prevention, Web filtering and many other functions. It is extensible, and all of its source code is available on GitHub. Unlike other firewalls, it can be built from its available sources. With its Multi-WAN and hardware failover support it can be used in applications where system uptime is a critical factor. SD-WAN and extensible routing functions as well as 2-factor authentication make it future-proof and secure.
SNORT is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS).
SquidGuard is a URL redirector using blocklists and passlists with the proxy software Squid. SquidGuard is fast and free. It is published under the GPLv3 license.
Redmine is a free and open source, web-based project management and issue tracking tool. It allows users to manage multiple projects and associated subprojects. It features per project wikis and forums, time tracking, and flexible, role-based access control.
Mattermost is an open source, self-hosted alternative to proprietary SaaS messaging. Mattermost brings all team communication into one place, making it searchable and accessible anywhere.
Apache Subversion is used for version control of components of any kind of design, be it a hardware or a software piece.
Bugzilla is probably the most widely used bug tracking system in the industry.
LedgerSMB provides small and mid-size businesses with open source accounting software: integrating invoicing, order processing, quotations and more (ERP). LedgerSMB aims to provide a strong (multi-currency accounting) basis to build a business on, without vendor lock-in.
OpenBMC is a Linux Foundation project. Its goal is to produce an open source implementation of the Baseboard Management Controllers' (BMC) Firmware Stack. OpenBMC is a Linux distribution for BMCs meant to work across heterogeneous systems that include enterprise, high-performance computing (HPC), telecommunications, and cloud-scale data centers. The OpenBMC documentation and an overview can be found on Github. An in-depth discussion is available on Wikipedia. We believe that it is a great starting point, and we fully support openBMC. We plan on porting it to FreeBSD to reduce its memory footprint and its attack surface, along with a few other modifications, but we will make sure to maintain all application layer APIs for compatibility.
If you need an estimation solution before committing to expensive proprietary EDA tools, OpenROAD plus the ASAP7 PDK or a private PDK is a great solution. For chip implementation on designs where you are more interested in time to market vs PPA on nodes down to 12nm OpenROAD has proven itself. You will find all of the necessary tools and libraries at The OpenROAD Project and Precision Innovations.
We use FreeBSD on our servers internally. It is also the target OS for our products and the first OS for which we publish drivers and APIs. We use FreeBSD as the target OS for all of our I/O offload and acceleration processors. FreeBSD runs our RAID and ZFS accelerators as well as all of the filtering NIC functions, similar to opnSense, including SNORT IPS and SQUID/SQUIDGUARD. It is also the foundation for our resilient secure boot processor firmware and all cryptographic, authentication and firmware update facilities. All virtual Trusted Platform Module (vTPM) and virtual Root of Trust (vRoT) run on FreeBSD as well. All of our internal databases are MySQL-based unless we require extremely high performance, in which case we use ScyllaDB. FreeNAS has proven to be excellent in keeping our mass storage infrastructure working properly at the levels of performance and resilience we need.
There is also a good number of open source products available for laptop and desktop use, as alternatives to established products from commercial vendors.
Ubuntu Linux is an easy-to-use, robust and well-supported Operating System. In many case it can replace MS Windows without an impact on user-friendliness and ease of use. It is vastly more secure than any version of Windows.
Firefox is a multi-platform browser that focuses on security and can compete with Edge, Chrome and Safari in all aspects. Its built-in password manager beats the competition. It supports a special mode for Facebook and an incognito mode in case a very high degree of anonymity is needed. It can be configured to automatically update itself, with the download process always running in the background, and the installation and restart triggered by the user.
Thunderbird is a multi-platform email client that in terms of security favorably compares with Outlook. While it lacks certain Office integration features compared to Outlook, it is capable of integrating PGP/GPG for advanced users for encryption based on PKI. The integrated calender works well and imports all relevant events and tasks easily. PGP/GPG can be easily integrated and works with the Thunderbird key manager. It can be configured to automatically update itself, with the download process always running in the background, and the installation and restart triggered by the user.
GnuPG is a complete and free implementation of the OpenPGP standard. You will need to download an Operating-System specific version of PGP and install it. Please check the checksum and make sure that they are the same so that you can be sure that you did not download a corrupted version. If you already have a keypair, great. Upload the public key to a keyserver if you have not done this.
If you need to use a browser that obfuscates all of your web surfing sessions, then your only choice is TOR, or The Onion Router. TOR effectively is a modified enterprise version of Firefox that is uses neighboring TOR instances to create a path that cannot easily be reconstructed, and since it encrypts all traffic (including DNS) from each point to the next, it is hard to not only track, but also decrypt the contents. Even metadata such as your IP address and all DNS traffic are reasonably well protected. If you sign up for TOR and use it, other TOR instances may use your computer as a springboard to protect them the same way that others protect you. TOR offers a pretty good protection against even nation-state spying, but it's not perfect. Theoretically, the Onion Routing could be included in a firewall device, in which case both performance and security increase, but I have not seen any instances of it. On top of it, it provides better plausible deniability as the tool would not have to be installed on your computer or smartphone, but again, I have not seen any of those in the wild. To use TOR, you would need to download and install an Operating-System specific version of the software.
LibreOffice is a free multi-platform Office application consisting of Writer (Word processor), Calc (spreadsheet), Impress (presentation manager), Draw (drafting), Math (Formula editor) and Base (Database) software that is integrated into a single package for download and installation. It has its roots in Star Office and then morphed into LibreOffice after several branches. While it is not as full-featured as Microsoft Office, it has the benefit of being cross-platform, and its file formats are ISO standards. It is available free of cost, and its main benefit is that it runs locally on a laptop, desktop or other computer, meaning that all data stays local and is not susceptible to attack or intercept. The Libre Office Suite comes with all of the features that an average user will need. It reads, stores and understands documents created in MS Office applications, but it is also capable of using standards-based formats, and it directly exports to PDF if the need arises. Because it is a multi-platform application, a heterogeneous work environment does not affect its use across platforms. In other words, if you use a Mac and a PC with Linux or Windows, the file formats and User Interfaces are all the same.
VeraCrypt is a free open source disk encryption software for Microsoft Windows, Apple's OSX, Linux and FreeBSD. It is secure, multi-platform (i.e. you can exchange data across platforms), and it protects the data on any mass storage device against theft and espionage.
Signal is a multi-platform encrypting messenger application for computers and smart phones. Unlike WhatsApp, it uses a true end-to-end encryption.
pfSense and opnSense are Next-Generation Firewalls. Both are capable of protecting networks of individuals, home offices, and even small-to-medium-sized offices with branch offices through true IPSec VPNs. pfSense is more established, but it cannot be built from its sources. opnSense is newer and fully open-sourced, and we prefer it over pfSense for that reason. Both products offer vastly better protection than a software firewall on a PC alone, and as such we recommend deploying either one. We recommend opnSense due to its openness, but if the need to build from sources does not arise, then pfSense is a good pre-built alternative. If you have an extra (i.e. outdated) PC, you can use it as an opnSense firewall if it has at least two network interface ports. Both pfSense and opnSense can be configured to download updates automatically, and the admin can chose a time at which there is very little traffic to apply the update and restart the application. The rule databases can be updated automatically with little to no traffic drop.
DD-WRT is another Open Source Firewall. It runs on many popular and cheap wireless access points and routers. Using DD-WRT will secure your network better than any standalone piece of software on a Windows PC.
GIMP is probably the most widely used image manipulation software. It is ahead of commercial offerings in security and features. It does not require a license, it runs locally on your computer, and it does not have to revert to the cloud for any computationally intensive tasks.
Inkscape is a vector graphics editing program that can be used to create and edit any kind of vector-based images such as logos, icons, drawings that need scalability in size, and even technical drafts. It is not a CAD program, but it can be used to import and modify CAD drawings into documentation.
Filezilla is open-source software to retrofit FTP to operating systems that do not natively support FTP. It supports FTP, SFTP and FTP over TLS.
Most of these applications are as good as any average user needs.