features.xml

Eitan Adler lists at eitanadler.com
Sat Jan 26 23:29:57 UTC 2013


On 26 January 2013 16:57, Isaac (.ike) Levy <ike at blackskyresearch.net> wrote:
> Eitan, did the patch work OK for you?

I was traveling/packing for the last two days ;)

Here is the new version of the diff.  Igor warnings were fixed.
Grammar was changed.
Marketing fluff was removed.

commit 2ab1aa1f95482c876bf4323267bc678cf02057c7
Author: Eitan Adler <lists at eitanadler.com>
Date:   Sat Jan 26 18:25:46 2013 -0500

    Update and modernize the features.xml page

    Translators take note: this is a full rewrite.  Starting with old
    content will likely not be helpful.

    Submitted by:	Chris Petrik <c.petrik.sosa at gmail.com>
    Submitted by:	Isaac (.ike) Levy <ike at blackskyresearch.net>
    Reviewed by:	-doc
    Approved by:	??? (mentor)

diff --git a/en_US.ISO8859-1/htdocs/features.xml
b/en_US.ISO8859-1/htdocs/features.xml
index 919195c..c7423ca 100644
--- a/en_US.ISO8859-1/htdocs/features.xml
+++ b/en_US.ISO8859-1/htdocs/features.xml
@@ -5,7 +5,7 @@
 ]>

 <html xmlns="http://www.w3.org/1999/xhtml">
-    <head>
+  <head>
       <title>&title;</title>

       <cvs:keyword
xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
@@ -13,222 +13,120 @@

     <body class="navinclude.about">

-    <h1>FreeBSD offers many advanced features.</h1>
+    <h1>&os; offers many unique features.</h1>

-      <p>No matter what the application, you want your system's resources
-	performing at their full potential.  FreeBSD's focus on
-	performance, networking, and storage combine with easy system
-	administration and excellent documentation to allow you to do just
-	that.</p>
+      <p>No matter what the application, you want your system's
+	resources performing at their full potential.  &os;'s focus
+	on performance, networking, and storage, combined with easy
+	system administration and excellent documentation to allow
+	you to do what you want.</p>

     <h2>A complete operating system based on 4.4BSD.</h2>

-      <p>FreeBSD's distinguished roots derive from the <b>BSD</b>
-	software releases from the Computer Systems Research Group at the
-	University of California, Berkeley.  Over ten years of work have been
-	put into enhancing BSD, adding industry-leading SMP, multithreading,
-	and network performance, as well as new management tools, file
-	systems, and security features.  As a result, FreeBSD may be found
-	across the Internet, in the operating system of core router products,
-	running root name servers, hosting major web sites, and as the
-	foundation for widely used desktop operating systems.  This is only
-	possible because of the diverse and world-wide membership of the
-	volunteer FreeBSD Project.</p>
-
-    <h2>FreeBSD provides advanced operating system features, making it ideal
-	across a range of systems, from embedded environments to high-end
-	multiprocessor servers.</h2>
-
-      <p><b>FreeBSD 7.0</b>, released February 2008, brings many new features
-	and performance enhancements.  With a special focus on storage
-	and multiprocessing performance, FreeBSD 7.0 shipped with support
-	for Sun's <b>ZFS file system</b> and <b>highly scalable
-	multiprocessing performance</b>.  Benchmarks have shown that FreeBSD
-	provides twice the MySQL and PostgreSQL performance as current Linux
-	systems on 8-core servers.</p>
+      <p>&os;'s distinguished roots derive from the <b>BSD</b>
+	software releases from the Computer Systems Research Group at
+	the University of California, Berkeley.  Over fifteen years of
+	work have been put into enhancing &os;, adding
+	industry-leading scalability, network performance, management
+	tools, file systems, and security features.  As a result,
+	&os; may be found across the Internet, in the operating system
+	of core router products, running root name servers, hosting
+	major web sites, and as the foundation for widely used desktop
+	operating systems.  This is only possible because of the
+	diverse and world-wide membership of the
+	volunteer &os; Project.</p>
+
+      <p><b>&os; 9.0</b>, brings many new features
+	and performance enhancements with a special focus on desktop
+	support and security features.</p>

       <ul>
-	<li><b>SMPng</b>: After seven years of development on advanced SMP
-	  support, FreeBSD 7.0 realizes the goals of a fine-grained kernel
-	  allowing linear scalability to over 8 CPU cores for many workloads.
-	  FreeBSD 7.0 sees an almost complete elimination of the Giant Lock,
-	  removing it from the CAM storage layer and NFS client, and moving
-	  towards more fine-grained locking in the network subsystem.
-	  Significant work has also been performed to optimize kernel
-	  scheduling and locking primitives, and the optional ULE scheduler
-	  allows thread CPU affinity and per-CPU run queues to reduce
-	  overhead and increase cache-friendliness.  The libthr threading
-	  package, providing 1:1 threading, is now the default.  Benchmarks
-	  reveal a dramatic performance advantage over other &unix; operating
-	  systems on identical multicore hardware, and reflect a long
-	  investment in SMP technology for the FreeBSD kernel.</li>
-
-	<li><b>ZFS filesystem</b>: Sun's ZFS is a state-of-the-art file
-	  system offering simple administration, transactional semantics,
-	  end-to-end data integrity, and immense scalability.  From
-	  self-healing to built-in compression, RAID, snapshots, and volume
-	  management, ZFS will allow FreeBSD system administrators to easily
-	  manage large storage arrays.</li>
-
-	<li><b>10Gbps network optimization</b>: With optimized device drivers
-	  from all major 10gbps network vendors, FreeBSD 7.0 has seen
-	  extensive optimization of the network stack for high performance
-	  workloads, including auto-scaling socket buffers, TCP Segment
-	  Offload (TSO), Large Receive Offload (LRO), direct network stack
-	  dispatch, and load balancing of TCP/IP workloads over multiple CPUs
-	  on supporting 10gbps cards or when multiple network interfaces are
-	  in use simultaneously.  Full vendor support is available from
-	  Chelsio, Intel, Myricom, and Neterion.</li>
-
-	<li><b>SCTP</b>: FreeBSD 7.0 is the reference implementation for the
-	  new IETF Stream Control Transmission Protocol (SCTP) protocol,
-	  intended to support VoIP, telecommunications, and other
-	  applications with strong reliability and variable quality
-	  transmission through features such as multi-path delivery,
-	  fail-over, and multi-streaming.</li>
-
-	<li><b>Wireless</b>: FreeBSD 7.0 ships with significantly enhanced
-	  wireless support, including high-power Atheros-based cards, new
-	  drivers for Ralink, Intel, and ZyDAS cards, WPA, background
-	  scanning and roaming, and 802.11n.</li>
-
-	<li><b>New hardware architectures</b>: FreeBSD 7.0 includes
-	  significantly improved  support for the embedded ARM architecture,
-	  as well as preliminary support for the Sun Ultrasparc T1
-	  platform.</li>
+	<li><b>Capsicum Capability Mode</b>:
+	  Capsicum is a set of features for sandboxing support, using
+	  a capability model in which the capabilities are file
+	  descriptors.  Two new kernel options CAPABILITIES and
+	  CAPABILITY_MODE have been added to the GENERIC kernel.</li>
+
+	<li><b>Hhook</b>:  (Helper Hook) and khelp(9) (Kernel Helpers)
+	  KPIs have been implemented.  These are a kind of superset of
+	  pfil(9) framework for more general use in the kernel.  The
+	  hhook(9) KPI provides a way for kernel subsystems to export
+	  hook points that khelp(9) modules can hook to provide
+	  enhanced or new functionality to the kernel.  The khelp(9)
+	  KPI provides a framework for managing khelp(9) modules,
+	  which indirectly use the hhook(9) KPI to register their hook
+	  functions with hook points of interest within the kernel.
+	  These allow a structured way to dynamically extend the
+	  kernel at runtime in an ABI preserving manner.</li>
+	<li><b>Accounting API:</b> has been implemented.  It can keep
+	  per-process, per-jail, and per-loginclass resource
+	  accounting information.  Note that this is not built nor
+	  installed by default.  To build and install them, specify
+	  options RACCT in the kernel configuration file and rebuild
+	  the base system as described in the FreeBSD Handbook</li>
+
+	<li><b>Resource-limiting API:</b> has been implemented.
+	  It works in conjunction with the RACCT resource accounting
+	  implementation and takes user-configurable actions based on
+	  the set of rules it maintains and the current resource
+	  usage.  The rctl(8) utility has been added to manage the
+	  rules in userland.  Note that this is not built nor
+	  installed by default.</li>
+
+	<li><b>Usb:</b> subsystem now supports USB packet filter.
+	  This allows to capture packets which go through each USB
+	  host controller.  The implementation is almost based on
+	  bpf(4) code.  The userland program usbdump(8) has been
+	  added.</li>
+
+	<li><b>Infiniband support:</b>, OFED (OpenFabrics Enterprise
+	  Distribution) version 1.5.3 has been imported into the
+	  base system.</li>
+
+	<li><b>TCP/IP network:</b> stack now supports the mod_cc(9)
+	  pluggable congestion control framework.  This allows TCP
+	  congestion control algorithms to be implemented as
+	  dynamically loadable kernel modules.  The following kernel
+	  modules are available cc_chd(4) for the CAIA-Hamilton-Delay
+	  algorithm, cc_cubic(4) for the CUBIC algorithm, cc_hd(4)
+	  for the Hamilton-Delay algorithm, cc_htcp(4) for the H-TCP
+	  algorithm, cc_newreno(4) for the NewReno algorithm, and
+	  cc_vegas(4) for the Vegas algorithm.  The default algorithm
+	  can be set by a new sysctl(8) variable
+	  net.  inet.  tcp.  cc.  algorithm.</li>
+
+	<li><b>SU+J:</b> &os; Fast File System now supports soft
+	updates with journaling.  It introduces an intent log into a
+	softupdates-enabled file system which eliminates the need for
+	background fsck(8) even on unclean shutdowns.</li>
       </ul>

-      <p>FreeBSD has a long history of advanced operating system feature
-	development; you can read about some of these features below:</p>
+      <p><b>&os; 8.x</b> brings many new
+	features and performance enhancements.  With special focus on
+	a new USB stack, &os;-8.x shipped with experimental support
+	for NFSv4.  As well as a new TTY layer.  Which improves
+	scalability and resources handling in SMP enabled systems.</p>

       <ul>
-	<li><b>A merged virtual memory and filesystem buffer cache</b>
-	  continuously tunes the amount of memory used for programs and the
-	  disk cache.  As a result, programs receive both excellent memory
-	    management and high performance disk access, and the system
-	    administrator is freed from the task of tuning cache sizes.</li>
-
-	<li><b>Compatibility modules</b> enable programs for other operating
-	  systems to run on FreeBSD, including programs for Linux, SCO UNIX,
-	  and System V Release 4.</li>
-
-	<li><b>Soft Updates</b> allows improved filesystem
-	  performance without sacrificing safety and reliability.
-	  It analyzes meta-data filesystem operations to avoid having
-	  to perform all of those operations synchronously.
-	  Instead, it maintains internal state about pending meta-data
-	  operations and uses this information to cache meta-data,
-	  rewrite meta-data operations to combine subsequent
-	  operations on the same files, and reorder meta-data
-	  operations so that they may be processed more efficiently.
-	  Features such as background filesystem checking and
-	  file system snapshots are built on the consistency
-	  and performance foundations of soft updates.</li>
-
-	<li><b>File system snapshots</b>, permitting administrators to take
-	  atomic file system snapshots for backup purposes using the free
-	  space in the file system, as well as facilitating <b>background
-	  fsck</b>, which allows the system to reach multiuser mode without
-	  waiting on file system cleanup operations following power outages.
-	  </li>
-
-	<li>Support for <b>IP Security (IPsec)</b> allows improved security in
-	  networks, and support for the next-generation Internet Protocol,
-	  IPv6.  The FreeBSD IPsec implementation includes support for a
-	  broad range of <b>accelerated crypto hardware</b>.</li>
-
-	<li><b>Out of the box support for IPv6</b> via the KAME IPv6 stack
-	  allows FreeBSD to be seamlessly integrated into next generation
-	  networking environments.  FreeBSD even ships with many applications
-	  extended to support IPv6!</li>
-
-	<li><b>Multi-threaded SMP architecture</b> capable of executing the
-	  kernel in parallel on multiple processors, and with <b>kernel
-	  preemption</b>, allowing high priority kernel tasks to preempt
-	  other kernel activity, reducing latency.  This includes a
-	  <b>multi-threaded network stack</b> and a <b>multi-threaded
-	  virtual memory subsystem</b>.  Beginning with FreeBSD 6.x, support
-	  for a fully parallel VFS allows the UFS file system to run on multiple
-	  processors simultaneously, permitting load sharing of
-	  CPU-intensive I/O optimization.</li>
-
-	<li><b>M:N application threading via pthreads</b> permitting threads
-	  to execute on multiple CPUs in a scalable manner, mapping many user
-	  threads onto a small number of <b>Kernel Schedulable Entities</b>.
-	  By adopting the <b>Scheduler Activation</b> model, the threading
-	  approach can be adapted to the specific requirements of a broad
-	  range of applications.</li>
-
-	<li><b>Netgraph pluggable network stack</b> allows developers to
-	  dynamically and easily extend the network stack through clean
-	  layered network abstractions.  Netgraph nodes can implement a broad
-	  range of new network services, including encapsulation, tunneling,
-	  encryption, and performance adaptation.  As a result, rapid
-	  prototyping and production deployment of enhanced network services
-	  can be performed far more easily and with fewer bugs.</li>
-
-	<li><b>TrustedBSD MAC Framework extensible kernel security</b>,
-	  which allows developers to customize the operating system security
-	  model for specific environments, from creating hardening policies
-	  to deploying mandatory labeled confidentiality of integrity
-	  policies.  Sample security policies include <b>Multi-Level
-	  Security (MLS)</b>, and <b>Biba Integrity Protection</b>.  Third
-	  party modules include <b>SEBSD</b>, a FLASK-based implementation
-	  of <b>Type Enforcement</b>.</li>
-
-	<li><b>TrustedBSD Audit</b> is a security event logging service,
-	  providing fine-grained, secure, reliable logging of system events
-	  via the audit service.  Administrators can configure the nature and
-	  granularity of logging by user, tracking file accesses, commands
-	  executed, network activity, system logins, and a range of other
-	  system behavior.  Audit pipes allow IDS tools to attach to the
-	  kernel audit service and subscribe to events they require for
-	  security monitoring.  FreeBSD supports the industry-standard BSM
-	  audit trail file format and API, allowing existing BSM tools to
-	  run with little or no modification.  This file format is used on
-	  Solaris and Mac OS X, allowing instant interoperability and unified
-	  analysis.</li>
-
-	<li><b>GEOM pluggable storage layer</b>, which permits new storage
-	  services to be quickly developed and cleanly integrated into the
-	  FreeBSD storage subsystem.  GEOM provides a consistent and
-	  coherent model for discovering and layering storage services,
-	  making it possible to layer services such as RAID and volume
-	  management easily.</li>
-
-	<li>FreeBSD's <b>GEOM-Based Disk Encryption (GBDE)</b>, provides
-	  strong cryptographic protection using the GEOM Framework, and can
-	  protect file systems, swap devices, and other use of storage
-	  media.</li>
-
-	<li><b>Kernel Queues</b> allow programs to respond more efficiently
-	  to a variety of asynchronous events including file and socket IO,
-	  improving application and system performance.</li>
-
-	<li><b>Accept Filters</b> allow connection-intensive applications,
-	  such as web servers, to cleanly push part of their functionality into
-	  the operating system kernel, improving performance.</li>
+	<li><b>Netisr framework:</b> has been reimplemented for
+	  parallel threading support.  This is a kernel network
+	  dispatch interface which allows device drivers (and other
+	  packet sources) to direct packets to protocols for directly
+	  dispatched or deferred processing.  The new implementation
+	  supports up to one netisr thread per CPU, and several
+	  benchmarks on SMP machines show substantial performance
+	  improvement over the previous version.</li>
+
+	<li><b>Linux emulation:</b> layer has been updated to version
+	  2.  6.  16 and the default Linux infrastructure port is now
+	  emulators/linux_base-f10 (Fedora 10)</li>
+
+	<li><b>Network Virtualization:</b> Container named vimage has
+	  been implemented, extending the FreeBSD kernel to maintain
+	  multiple independent instances of networking state.
+	  vimage facilities can be used independently to create fully
+	  virtualized network topologies, and jail(8) can directly
+	  take advantage of a fully virtualized network stack.</li>
       </ul>
-
-    <h2>FreeBSD provides many security features
-      to protect networks and servers.</h2>
-
-      <p>The FreeBSD developers are as concerned about security as they are
-	about performance and stability.  FreeBSD includes kernel support for
-	<b>stateful IP firewalling</b>, as well as other services, such as
-	<b>IP proxy gateways</b>, <b>access control lists</b>, <b>mandatory
-	access control</b>, <b>jail-based virtual hosting</b>, and
-	<b>cryptographically protected storage</b>.  These features can be
-	used to support highly secure hosting of mutually untrusting
-	customers or consumers, the strong partitioning of network segments,
-	and the construction of secure pipelines for information scrubbing
-	and information flow control.</p>
-
-      <p>FreeBSD also includes support for encryption software, secure
-	shells, Kerberos authentication, "virtual servers" created using
-	jails, chroot-ing services to restrict application access to the
-	file system, Secure RPC facilities, and access lists for services
-	that support TCP wrappers.</p>
-
   </body>
 </html>



-- 
Eitan Adler


More information about the freebsd-doc mailing list