I think a lot of people would be very happy if an NLA supported version is released ASAP.
So I really hope this one comes out in a stable version soon, because I see it's quite some time a new version is released.
What are the actual plans for a new version to come out anyway ? :)
On Feb 8, 2011, [email protected] wrote:
Send Freerdp-devel mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freerdp-devel digest..."
Today's Topics:
1. Re: License Change (Marc-Andr? Moreau)
2. Re: High CPU usage with flaky network (Mike Gilbert)
3. Re: FreeRDP in Ubuntu 11.04 (Robert Ancell)
4. Re: New capabilities (Jay Sorg)
----------------------------------------------------------------------
Message: 1
Date: Mon, 7 Feb 2011 17:05:08 -0500
From: Marc-Andr? Moreau <[email protected]>
Subject: Re: [Freerdp-devel] License Change
To: Otavio Salvador <[email protected]>
Cc: freerdp-devel <[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
Hi Otavio,
On Mon, Feb 7, 2011 at 4:02 PM, Otavio Salvador <[email protected]>wrote:
> On Mon, Feb 7, 2011 at 19:37, Marc-Andr? Moreau
> <[email protected]> wrote:
> > Hi Otavio,
> > I can't force your hand, if there is too much opposition to a license
> more
> > permissive than LGPL then I will have no choice but to comply. Maybe the
> > timing isn't right, it might be a little too early to switch to something
> as
> > permissive as ASL. However, if we switch to LGPL now, would you be open
> in
> > the future to switch to another license such as ASL, if we grow into a
> > larger project that is more feature-complete?
>
> Maybe. Personally I think we should focus on make FreeRDP LGPL and GUI
> GPL and make it rock!. The future of project is still a black box.
>
Yes, I agree that we should focus on making the project rock. However, I
disagree that we should see the future of this project as a black box. We
need to think ahead of time and stay up to date with the latest trends. This
is why I am talking of the "long term growth" of the project.
On the long term, I would like RDP to offer strong competition to VNC in
terms of popularity. VNC is mature and is supported on a wide range of
platforms, and has implementations in various languages and under various
licenses.
One recent example I can give of a missed opportunity is the recent choice
of Google to integrate VNC inside ChromeOS, hiring RealVNC employees:
http://www.realvnc.com/company/press/news/realvnc-collaborates-with-google.html
http://www.thechromesource.com/google-and-realvnc-partnership-will-aid-in-chrome-remote-access/#more-6696
Google is known for making extensive use of permissive licenses such as
Apache License 2.0. If you look at the licensing of Android, pretty much
only the kernel is under GPL, the rest being under permissive licenses. This
is a political decision: it's not the first time a company tries to bring
Linux to smartphones, but it is the first time it has such a success. This
is because Android, unlike the other failed attempts, does not suffer from
the GPL chilling effect. Yes, some smartphone manufacturers lock down their
Android phones, but that was a necessary license choice in order to make
Android get popular in the first place.
If we stick to LGPL/GPL, we can forget such opportunities for the future of
FreeRDP. If we switch to a more permissive license such as Apache, we open
the door wide open to more opportunities.
P.S.: Chrome 9 just came out with WebGL support, Chrome 10 will have support
for NativeClient (NaCL) which will allow native extensions with
cross-platform access to 3D acceleration. If you can't figure out yet what
I'm dreaming of, you need to replace that "black box" you see for the
FreeRDP future and replace it with nice ideas.
> Cheers,
>
> --
> Otavio Salvador O.S. Systems
> E-mail: [email protected] http://www.ossystems.com.br
> Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br
>
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
Message: 2
Date: Mon, 7 Feb 2011 18:00:39 -0500
From: Mike Gilbert <[email protected]>
Subject: Re: [Freerdp-devel] High CPU usage with flaky network
To: Mads Kiilerich <[email protected]>
Cc: [email protected]
Message-ID:
<[email protected]>
Content-Type: text/plain; charset=UTF-8
On Mon, Feb 7, 2011 at 12:03 PM, Mads Kiilerich <[email protected]> wrote:
> On 02/07/2011 04:55 PM, Mike Gilbert wrote:
>>
>> As indicated in the subject, I'm seeing very high CPU usage (100%)
>> when I run an xfreerdp session over a network connection with high
>> packet loss. Specifically, I have an openvpn session to my office that
>> sometimes flakes out on me.
>>
>> My guess is that the software is doing a busy-wait loop somewhere. Any
>> pointers on how I can debug such a thing? Does this ring any bells?
>
> FreeRDP is select-based but doesn't strictly follow a "do one read after
> being selected for reading" pattern.
>
> The simplest way to find out what is going on would be to build with debug
> symbols and attach a debugger when it is spinning and find out where it is
> and what is going on.
>
> What is the client platform?
>
> /Mads
>
I'm building (and running) from a git on Gentoo Linux. I usually
connect to a Windows 7 desktop.
I'll break out the gdb manual. Thanks.
------------------------------
Message: 3
Date: Tue, 08 Feb 2011 17:01:21 +1100
From: Robert Ancell <[email protected]>
Subject: Re: [Freerdp-devel] FreeRDP in Ubuntu 11.04
To: Mads Kiilerich <[email protected]>
Cc: [email protected]
Message-ID: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 27/01/11 23:42, Mads Kiilerich wrote:
> On 01/27/2011 04:51 AM, Robert Ancell wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> Hi FreeRDPers!
>>
>> I'm currently trying to get Remmina/FreeRDP as the default on
>> the Ubuntu 11.04 CD, but our pesky security team wants the
>> certificate checking to work:
>>
>> RD_BOOL crypto_cert_verify(CryptoCert server_cert, CryptoCert
>> cacert) { /* FIXME: do the actual verification */ return True; }
>
> I assume this is from crypto_openssl.c and that you don't care
> about other crypto backends. Ok.
>
> This function is only used to verify the individual links in the
> x509 certificate chain is correct. That alone is far from enough.
> Note however that this part works with the gnutls backend.
>
> Finally (so far) there is the tls option. libfreerdp/tls.c (which
> so far only works with openssl) is far more complete but still not
> completely finished.
>
>> So the question is: - - Any chance of this working by the end of
>> February? - - Any plans for this? - - If you guys haven't got
>> plans, I'll work on a patch. I'm not an expert at certificate,
>> do I just need to pass the information to the GUI and let the
>> user ACK/NACK it?
>
> AFAIK there are no specific plans and no chance unless somebody do
> something.
>
> I think FreeRDP is quite stable and reliable on local trusted
> networks, but I wouldn't recommend using it on untrusted networks
> or when connecting to untrusted servers. FreeRDP security in these
> (and other) areas is definitely not worse than rdesktop (which I
> assume is the only alternative).
>
> It would be great if you could work on improvements in this area.
>
> A brief description of some aspects of a good solution could be: *
> options for warning/accepting/failing on "Proprietary Certificate"
> * more common handling of certificates for tls and non-tls *
> support more crypto backends for tls (and nla) (but focusing on
> openssl first is fine) * checking that the server certificate
> matches the request hostname * functionality for checking that the
> x509 chain can be validated with the systems CA certificates
> (probably only useful in very few setups) * functionality for using
> other CA certificates (so you can add your local AD CA and
> automatically trust all servers on the domain regarding rdp without
> adding it to the global configuration) * ssh-like "known host"
> functionality, asking "unknown host X shows certificate Y - trust
> it and store it to next time?", adding it to some "known_hosts"
> file and using it next time and failing/prompting if it doesn't
> match next time
>
> It will require changes to both libfreerdp and xfreerdp and will
> thus also require a so version bump.
>
> Not a trivial task ... It might make sense to focus on "known
> host" and ignore the PKI mess. That might bring you most of the way
> to what you want.
>
> /Mads
Hi Mads,
Thanks for the information. Yes, we would be switching from rdesktop
(which is a support problem).
I've had a first attempt at getting something working.
Firstly, I'm using the rdp_mitm server to connect to. I couldn't work
out how to get a secure RDP server to work in Linux. Attached patch
fixes the build system for this.
The second patch is to add a callback in the freerdp API so that RDP
clients can prompt the user.
Some questions:
- - I figure the API needs to provide the security state of the
connection (unsecured, secured with unknown/invalid certificate,
secured with valid certificate). Please let me know if this is
heading in the direction you expect.
- - There are two encryption schemes here right? One for the whole
channel (TLS) and one inside the RDP protocol (MCS?). Is TLS the
newer method and MCS? the legacy method?
- - Any thoughts on how to provide certificate contents to the user for
them to decide if a certificate is valid / should be added to the list
of accepted certificates? This seems difficult to provide due to the
number of different crypto backends (i.e. no shared certificate class).
Thanks,
- --Robert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1Q3DAACgkQGOqhiQ98iC4hFgCdFPE8E9uqwMUu4uusxRxs08+Q
7D8AoKxs+aMrfky4XLmjkjwJttJbL2ag
=RH45
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-rdp_mitm-compile.patch
Type: text/x-patch
Size: 1161 bytes
Desc: not available
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Pass-certificate-check-up-to-UI-layer.patch
Type: text/x-patch
Size: 5018 bytes
Desc: not available
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-rdp_mitm-compile.patch.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Pass-certificate-check-up-to-UI-layer.patch.sig
Type: application/pgp-signature
Size: 72 bytes
Desc: not available
------------------------------
Message: 4
Date: Tue, 8 Feb 2011 00:48:10 -0800
From: Jay Sorg <[email protected]>
Subject: Re: [Freerdp-devel] New capabilities
To: eduardo fiss beloni <[email protected]>
Cc: freerdp <[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
> Now FastIndex capability is pushed, I turned my efforts to the FastGlyph (see attached patch).
>
> However I don't know what to do with the case where the doc says: "glyph data MUST be retrieved". I think someone with more experience than me could give some help with that.
>
> Thanks for the attention,
Eduardo,
Try this patch.
This one was more difficult :)
Jay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fast_glyph_jay.patch
Type: text/x-diff
Size: 7356 bytes
Desc: not available
------------------------------
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
------------------------------
_______________________________________________
Freerdp-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
End of Freerdp-devel Digest, Vol 20, Issue 11
*********************************************
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Freerdp-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/freerdp-devel
