FreeRDP: A Remote Desktop Protocol Implementation

FreeRDP community,

I have an exciting announcement to make, and I’m sure you’ll be excited by it as well. For quite some time already I have been working with Thinstuff on the development of FreeRDP ports to Android and iOS. I have been working and coordinating with Thinstuff employees for both ports, with me in charge of software architecture. This is one of the reasons why I developed libfreerdp-gdi, a highly-portable GDI library which we’re using for the mobile ports, among other things. If you were to start a new port from scratch today you’d notice that the code is already portable, since I’ve been keeping mobile devices in mind all that long.

Thinstuff has a precedent in open source mobile application development: iRdesktop, an iOS port of rdesktop (http://www.irdesktop.com/). When Thinstuff originally found out about FreeRDP, they contacted me to see if we could collaborate on mobile ports. We agreed that the code would eventually be open sourced, but we did not have a precise idea at that time of a possible timeline and licensing. Since I owned an Android phone and had some basic Android development experience, I got started on the Android port, which would be followed by the iOS port. There is almost two years of work that went into those ports, with both me and Thinstuff employees actively working on it. If there’s something I learned from this experience is that mobile application development is really hard to get right and it is also very time consuming. The environment is highly restrictive, and making a usable application is nowhere near trivial. These ports are not simple applications which display a windows desktop, they are full-blown applications that have the potential to compete with current commercial alternatives. If many companies would be tempted to keep those ports proprietary, I am really proud to say that Thinstuff strongly believes in open source and is willing to stick to their principles. I take my hat off to Michael Gibson and Norbert Federa from Thinstuff for their sustained support of FreeRDP.

That being said, the licensing question wasn’t an easy one to figure out, and Thinstuff’s experience with iRdesktop lead to some interesting reflections. The world of application stores is completely different from other environments: users basically browse through a catalog of apps which they barely know and can buy any of them very easily. The problem is that many try to profit from this distribution model by ripping off existing open source software and rebranding it to make it look like a completely different app which is supposedly worth buying, while claiming that the code was all theirs. There is nothing wrong with companies developing commercial derivatives from FreeRDP, especially since we’re using licensing which is friendly to such use, but there is definitely something wrong when people try claiming an application was all written by them and refuse to credit the original authors. This is real, and it unfortunately happened on multiple occasions with iRdesktop.

For many reasons, I have advised Thinstuff to license the ports under the Mozilla Public License (MPL) 2.0. The 2.0 version of the MPL is fairly recent, and addresses many issues which were found in the more commonly known MPL 1.1. It is compatible with most popular licenses like Apache and GPL, yet it is still very commercial-friendly. The MPL is a weak copyleft license, meaning it requires the redistribution of MPL sources, but does not require the distribution of other sources. The conditions which describe which sources should fall under the terms of the MPL are weak: if you modify a file under MPL, it remains MPL. If you use an MPL code snippet within a new file, then that file is also covered under the terms of the license. This also means that you can easily add your own source files under a completely different license if they do not contain MPL code, making commercial derivatives trivial even though it’s copyleft. You can find more information about the Mozilla Public License 2.0 here: http://www.mozilla.org/MPL/

The MPL 2.0 license was chosen for its high compatibility with application stores and existing licenses. The goal is to have legal ground to ask that apps using the MPL code be required to redistribute it, making it much easier for us to get application developers to credit the original authors properly. If the mobile ports were under the Apache license like the rest of FreeRDP, we could not ask that application developers redistribute the sources, making that task harder. Cheap rip-offs are simply impossible to prevent, but we can at least attempt to get the work credited. This is the trade-off that was made in order to reduce the risks associated with distribution in application stores. Please note that the MPL only covers the port-specific code, and that the rest of FreeRDP remains Apache.

As for a timeline, there is still some preparation work to be done. We wish to release initial betas of the ports at about the same time as we open source them. From there, we invite all community members to collaborate on improving the ports. Trust me, you will definitely like what you will see We believe we will be able to release the sources no later than the end of April, so be patient, we’re almost there!

FreeRDP 1.0.1 is a maintenance release to address a certain number of issues found in 1.0.0. This release also brings corrective measures to certificate validation which were required for inclusion in Ubuntu.

• Certificate Validation
• Improved validation logic and robustness
• Added validation of certificate name against hostname
• Token-based Server Redirection
• Fixed redirection logic
• HAProxy load-balancer support
• xfreerdp-server
• better event handling
• capture performance improvements
• wfreerdp
• Fix RemoteFX support
• Fix mingw64 compilation
• libfreerdp-core
• Fix severe TCP sending bug
• Added server-side Standard RDP security

Yes, it is this time of the year again! Following the success of TSoC 2011, Thinstuff is again offering to sponsor FreeRDP development over the summer. This is pretty much like Google Summer of Code with the exception that TSoC is better

Up-to-date information regarding TSoC 2012 will be maintained on the wiki.

Are you a student? Are you a professional consultant? Do you the have the skills required to work on the sponsored tasks? We want to hear from you! If you are a company other than Thinstuff but would like to add tasks which you are willing to sponsor, feel free to join, this is open to everyone. Contact information is provided for each sponsored task, so if you like FreeRDP but you like it even more when you get sponsored to work on it, go ahead and send an email right now. Good luck to all participants!

USB Redirection

We are looking for someone who could implement USB redirection compliant with MS-RDPEUSB as part of the FreeRDP project.

In a second phase of this project we would also need an MS-RDPEUSB compliant server-side component which can interface with QEMU/KVM. This work is similar to what Hans Goede did with usbredir. usbredir currently already works with KVM/Qemu/Spice. Another project which may be relevant is libusb.

Ideally, one would start with usbredir/libusb and work on providing an MS-RDPEUSB compliant interface on top of it.

If you have experience with USB development on Linux (usbredir/libusb) and also with FreeRDP you might be the right one to do it.

If you are interested please contact us at mgibson@thinstuff.com.

Kerberos Authentication

We are looking for someone who could implement Kerberos authentication following MS-KILE.

FreeRDP currently supports NTLMv2 authentication as part of Network Level Authentication. The NTLMv2 authentication is designed as a module usable from an authentication abstraction layer called CredSSP. Your goal is to implement a Kerberos authentication module which can be used by CredSSP as a replacement of the current NTLMv2 authentication module.

Relevant specifications:
[MS-KILE]: Kerberos Protocol Extensions
[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol Specification
[MS-CSSP]: Credential Security Support Provider (CredSSP) Protocol Specification
[MS-SPNG]: Simple and Protected Generic Security Service Application Program Interface Negotiation Mechanism (SPNEGO) Protocol Extensions

If you are interested please contact us at mgibson@thinstuff.com.

Yes, the stable release of FreeRDP 1.0 is finally here!

I have been waiting so long for this day, and I know a lot of people were eagerly waiting for it as well. Our previous stable release, 0.8.2, is more than a year old and lacks an incredible amount of features which can now be found in 1.0. In the meantime, we planned a 0.9 release but then had to cancel it. Instead, we focused on proceeding with a rewrite which took about 6 months of work. If last year was hell at certain points, I am more than ever proud of the strong community that we are, and have faith that we will continue to deliver the best open source RDP implementation around. FreeRDP 1.0 is only the beginning, there are many challenges ahead of us, such as RDP8 or exploring FreeRDP as a server. It is also important to note that FreeRDP 1.0 is our first release officially under the Apache license.

FreeRDP 1.0 can be downloaded here.

New Features:

• RemoteFX
• Both encoder and decoder
• SSE2 and NEON optimization
• NSCodec
• RemoteApp
• Working, minor glitches
• Multimedia Redirection
• ffmpeg support
• Network Level Authentication (NLA)
• NTLMv2
• Certificate validation
• FIPS-compliant RDP security
• new build system (cmake)
• added official logo and icon

New Architecture:

• libfreerdp-core
• core protocol
• highly portable
• both client and server
• libfreerdp-cache
• caching operations
• libfreerdp-codec
• bitmap decompression
• codec encoding/decoding
• libfreerdp-kbd
• keyboard mapping
• libfreerdp-channels
• virtual channel management
• client and server side support
• libfreerdp-gdi
• extensively unit tested
• portable software GDI implementation
• libfreerdp-rail
• RemoteApp library
• libfreerdp-utils
• shared utility library

FreeRDP Clients:

• client/X11 (xfreerdp)
• official client
• RemoteApp support
• X11 GDI implementation
• client/DirectFB (dfreerdp)
• DirectFB support
• software-based GDI (libfreerdp-gdi)
• client/Windows (wfreerdp)
• Native Win32 support

FreeRDP Servers (experimental):

• server/X11 (xfreerdp-server)
• RemoteFX-only
• no authentication
• highly experimental
• keyboard and mouse input supported

Virtual Channels:

• cliprdr (Clipboard Redirection)
• rail (RemoteApp)
• drdynvc (Dynamic Virtual Channels)
• audin (Audio Input Redirection)
• alsa support
• pulse support
• tsmf (Multimedia Redirection)
• alsa support
• pulse support
• ffmpeg support
• rdpdr (Device Redirection)
• disk (Disk Redirection)
• parallel (Parallel Port Redirection)
• serial (Serial Port Redirection)
• printer (Printer Redirection)
• CUPS support
• smartcard (Smartcard Redirection)
• rdpsnd (Sound Redirection)
• alsa support
• pulse support

FreeRDP community,

I have some exciting news for you, which you can easily guess from the title of this announcement. It is a common thing within the industry to use major revision numbers for major releases, and FreeRDP is no exception to that rule. In our case, 1.0 will be a rewrite of FreeRDP using a bottom-up approach, accepting only Apache contributions from day 1. This means that we are rewriting some of the most major FreeRDP components like libfreerdp-core, but it is a good thing: we’re taking this as an opportunity for making all the changes we wanted to do for a while, and using a much better design than the original.

Some of you will read this with one thing in mind: what about FreeRDP 0.9 which you announced a couple of months ago? Yes, this is right, and I know that many of you are eagerly waiting for a release. However, we took the decision not to release FreeRDP 0.9 in order to focus on FreeRDP 1.0 and get it released as soon as possible. We give ourselves an estimate of two months before we can get 1.0 ready. Preparing a release and then maintaining it takes time from our most talented developers, and we need them to be focused on FreeRDP 1.0 instead. Do not worry, 1.0 will be worth the wait, you can be sure of that.

There are some aspects of 1.0 that need to be unambiguous to everyone. First, it is a *rewrite*, meaning it is not a fork of FreeRDP itself, and it is not a fork of rdesktop. If the FreeRDP 0.x series were a fork of rdesktop, it won’t be the case of the FreeRDP 1.x series. License-wise, here is how you can make the distinction:

• FreeRDP 0.x series: GPLv2 (rdesktop fork)
• FreeRDP 1.x series: Apache (pure FreeRDP)

We are inviting everyone interested in helping the FreeRDP 1.0 effort to make themselves known. Work has already been started, we are literally working 24/7 on this. The FreeRDP 1.0 development repository can be found here, but it is not functional yet, even though we are unit testing everything to ensure it is correct as we progress: https://github.com/FreeRDP/FreeRDP

We would like to make this effort as open and transparent as possible, so interested contributors should use the mailing list instead of sending private emails, or alternatively make use of our IRC channel. Since the re-announcement of the IRC channel, people are often in there, including me and the other core developers. As a reminder, our IRC channel is #freerdp @ irc.freenode.net

We do need to apply some strict rules though. All FreeRDP 1.0 contributors will need to accept a contributor agreement in which they state that code they contribute is theirs, and that it is also properly licensed under the Apache license. In addition to this, we are also code reviewing contributions before they are added to the repository.

The FreeRDP 1.0 rewrite will be done under the governance of the Open Thin Client Alliance, who has helped us tremendously throughout the latest challenges we faced. The OTCA is based in Germany, and provided us with an excellent lawyer who reviewed and validated the strategy that was just described. If you are a company with interests in FreeRDP, you are invited to contact the OTCA in order to become a member, or just to get to know more about what it is. Without the support from the OTCA, I doubt we would have been able to get all the resources necessary to undertake such a rewrite.

To conclude, I would like to thank everyone for their well appreciated support. FreeRDP is not a one-man show, it is the result of a community effort, which makes us strong. Thanks to our developers, to the companies backing FreeRDP, and to our user base that keeps sending us words of encouragement.