FreeBSD: Looking forward to another 10 years |
---|
Jordan Hubbard |
Abstract: The FreeBSD project is now over 20 years old, and the Berkeley Software Distribution from which it originated is almost 40! The last 10 years have seen some fairly radical changes in the mobile and embedded computing markets, with the number of FreeBSD-based appliances also on the rise. What this means for FreeBSD, and what the project can learn from the various members of the Fortune 500 who have put BSD technology to good use, will be the topic of this presentation. |
Speaker biography: Jordan Hubbard is a long-time open source developer, authoring software such as the Ardent Window Manager and various other open source tools and libraries before co-founding the FreeBSD project with Nate Williams and Rodney W. Grimes in 1993, for which he contributed the initial FreeBSD Ports collection, package management system and sysinstall. In July 2001 Hubbard joined Apple Computer in the role of manager of the BSD technology group. On July 15, 2013, he became CTO of iXsystems. |
Submitting documents anonymously |
---|
Atanas Chobanov |
Abstract: Journalism and big data – how open source software helps investigation work |
Speaker biography: From 2004 and presently, Atanas Chobanov is a scientific researcher at CNRS, lab MODYCO, which is located in the University “Paris-West” (Université Paris-Ouest Nanterre La Défense). From 2010 and presently, he is the editor-in-chief of the site for investigative journalism Bivol, official partner of Wikileaks and OCCRP (Organized Crime and Corruption Reporting Project) in Bulgaria |
Snapshots, Replication, and Boot-Environments |
---|
Kris Moore |
Abstract: In early 2013 the PC-BSD project decided to re-focus and fully embrace ZFS as its default and only file-system for both desktop and server deployments. This decision immediately spawned development of a new class of tools and utilities which assist users in unlocking the vast potential that ZFS brings to their system. In this talk we will take a look at ZFS Boot-Environments and the new Life-Preserver utility which assists users in ZFS management, including snapshots, replication, mirroring, bare-metal restores and more. |
Speaker biography: Kris Moore is the founder and lead developer of the PC-BSD project. He is also the co-host of the popular BSDNow video podcast. When not at home programming, he travels around the world giving talks and tutorials on various BSD related topics at Linux and BSD conferences alike. He currently lives in Tennessee (USA) with his wife and five children and enjoys playing bass guitar / video gaming in his (very limited) spare time. |
An Introduction to the Implementation of ZFS |
---|
Kirk McKusick |
Abstract: Much has been documented about how to use ZFS, but little has been written about how it is implemented. This talk pulls back the covers to describe the design and implementation of ZFS. The content of this talk was developed by scouring through blog posts, tracking down unpublished papers, hours of reading through the quarter-million lines of code that implement ZFS, and endless email with the ZFS developers themselves. The result is a concise description of an elegant and powerful system. |
Speaker biography: Dr. Marshall Kirk McKusick’s work with Unix and BSD development spans over four decades. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the UC Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past thirty-five years. |
OpenBGPD turns 10 years |
---|
Henning Brauer |
Abstract: The Border Gateway Protocol, BGP, is used on the internet between ISPs to announce reachability of networks. Routers build their routing tables using this information. The global IPv4 routing table has about 470000 entries today. In 2004, I was upset enough with the imlementation we were using back then, zebra, to start writing an own one. After showing an early prototype other developers jumped in and helped. Quickly thereafter we had a working BGP implentation that not only I have used ever since then. We’ll look at OpenBGPD’s design and how it differs from other implementations, the frameworks established and later used for other purposes, and the lessons we learned over the last 10 years. |
Speaker biography: Henning Brauer is 35 and lives in Hamburg, Germany. He is running the Internet Service Provider “BS Web Services GmbH” there, and has done so for about 15 years. He recently took over net-activities GmbH as well and serves as CEO at both companies. He joined OpenBSD in 2002 and has been working on many things, most network related, since. He started OpenBGPD and OpenNTPD, the framework he has written for bgpd is used by almost all newer daemons in OpenBSD. He has been working on the OpenBSD packet filter, pf, from the beginning and has architected and written a very large fraction of today’s pf. Whe he’s not hacking you can find him mountain biking, traveling and hiking, or in one of the many bars in his neighborhood with his friends, enjoying brewer’s art and often playing tabletop soccer. He’s also involved in local politics as well as the EuroBSDcon foundation. |
FUSE and beyond: bridging filesystems |
---|
Emmanuel Dreyfus |
Abstract: Everything started with the desire to have a distributed filesystem better than NFS, which would be elastic and replicated with no SPOF. glusterFS was among the filesystems that could do that, but it uses The FUSE interface to the kernel, which was not available on NetBSD.We will therefore discuss FUSE implementation and its NetBSD counterpart which is called PUFFS. A first but isufficient bridging attmpt called reFUSE was done, but porting real filesystems required the more complete PERFUSE bridge, which we will present here.In a third part, we will look at the various unexpected roadblocks that had to be handled during PERFUSE implementation, in order to get a fully functionnal glusterFS on NetBSD. |
Speaker biography: Emmanuel Dreyfus works as an IT manager at ESPCI ParisTech in France. He has been contributing for 13 years to NetBSD, in areas such as binary compatibility, and FUSE implementation. More at http://hcpnet.free.fr/pubz/ |
LibreSSL |
---|
Ted Unangst |
Abstract: A walkthrough of the changes the OpenBSD team has made to the OpenSSL (now LibreSSL) codebase in order to conduct an audit. Design flaws in a code base can quickly turn into real flaws. Often, a second design flaw then masks the existence of the first flaw, making it difficult to fix. We’ve tried to reveal, if not correct, many of these flaws by simpliyfing and reducing the code. Along the way, we’ve made some mistakes as well. |
Speaker biography: I have been an OpenBSD developer for 11 years, working in many areas, but have recently been spending a lot of time in the libssl directory. I stumbled into, and possibly initiated, LibreSSL development after trying to determine why OpenBSD’s exploit mitigation tachniques were useless against Heartbleed. |
Developing Software in a Hostile Environment |
---|
Ted Unangst |
Abstract: Previous talks about exploit mitigation have generally focused on changes designed to prevent or resist system compromise by an attacker. However, many of these changes are also useful in the general software development process. I’ll present an overview of features present on OpenBSD and how they can help developers for all platforms. |
Speaker biography: I have been an OpenBSD developer for 11 years. When not hacking and slashing LibreSSL, I’m engaged in an ongoing battle with the ports team to break as many ports as possible. |
JIT Code Generator for NetBSD |
---|
Alexander Nasonov |
Abstract: The next release of NetBSD will have a support for Just-In-Time (JIT) compilation of bpf programs in the kernel; this change will greatly speed-up traffic sniffing on multiple platforms. Unlike similar interface in other operating systems, bpfjit uses a unified programming interface for code generation which is based on Stack Less JIT Compiler library (SLJIT) and which supports x86, mips, arm, sparc and some other platforms.The speaker will give an overview of SLJIT API and discuss some implementation details of the bpfjit code with emphasis on supported optimizations of bpf programs by JIT engine. He will also touch on unit testing of dynamically generated code running inside the kernel and on other areas in the NetBSD project where bpfjit can help in boosting performance. |
Speaker biography: Alex is a software developer working in the financial sector in the City of London. He often amuses fellow tube passengers with C or Lua coding in NetBSD console and sometimes even with the green kernel debugger prompt. |
Running Applications on the NetBSD Rump Kernel |
---|
Justin Cormack |
Abstract: The NetBSD rump kernel has been developed for some years now, allowing NetBSD kernel drivers to be used unmodified in many environments, for example as userspace code. However it is only since last year that it has become possible to easily run unmodified applications on the rump kernel, initially with the rump kernel on Xen port, and then with the rumprun tools to run them in userspace on Linux, FreeBSD and NetBSD. This talk will look at how this is achieved, and look at use cases, including kernel driver development, and lightweight process virtualization. |
Speaker biography: Justin Cormack has been a Unix user, developer and sysadmin since the early 1990s. He is based in London and works on open source cloud applications, Lua, and the NetBSD rump kernel project. He has been a NetBSD developer since early 2014. |
Introducing ASLR In FreeBSD |
---|
Shawn Webb |
Abstract: Address Space Layout Randomization, an exploit mitigation technique which randomizes the in-memory layout of executables, is a feature lacking in FreeBSD that people have been asking for for a number of years. Oliver Pinter and Shawn Webb have come up with an innovative implementation of ASLR for FreeBSD. This presentation gives an introduction and a live demo of our ASLR implementation. |
Speaker biography: Brief CV of Shawn Webb: * Current employee of Cisco Systems, Inc. I work on ClamAV full-time. * I created libhijack, a library to make runtime process infection extremely simple on Linux and FreeBSD. * Maintainer of a number of FreeBSD ports |
Taming OpenBSD Network Stack Dragons |
---|
Martin Pieuchot |
Abstract: After more than 30 years of evolution, the network stack used in OpenBSD still carries a lot from its original architecture.The ongoing work to make it process network packets on multiple cores, led us to reconsider some parts if this architecture after understanding how its data structures and interfaces were really used.This talk describes some of the non obvious internals of OpenBSD’s network stack, the dragons, and the work that has been done in order to tame them. |
Speaker biography: Martin Pieuchot is an OpenBSD developer and a R&D engineer working for Compumatica secure networks, a Dutch/German networking appliance manufacturer. |
Optimizing GELI Performance |
---|
John-Mark Gurney |
Abstract: Features, like encryption, need to have minimal overhead for them to be widely adopted. If the performance is to slow, few people will use it. The first iteration of AES-XTS using AES-NI in FreeBSD was not much faster than the software version of it. The talk will describe why the AES-XTS algorithm was slow and what was done to improve it. It will cover topics from intrinsics, adding them to gcc and advantages of using them over assembly to how to use HWPC that are included in most modern processors to evaluate performance to identify performance bottle necks. |
Speaker biography: John-Mark Gurney has been using FreeBSD since 1994 and a committer since 1997. His last 10 years has been spent working in the security industry, at first, nCircle (now TripWire) and then at Cryptography Research. He is now doing independent consulting, looking to continue to improve FreeBSD. |
parallel make: |
---|
Marc Espie |
Abstract: OpenBSD uses a completely revamped version of the classical BSD bmake. It is much faster, works better, and is now fully parallel, to the extent we now fix bugs in Makefiles instead of work-arounds in make.Now that the work is mostly finished, we have enough experience to talk about what went right (and what went wrong, mostly extra delays that I would know how to avoid now).I will talk a lot about the modifications that went on over the years, in a very challenging environment: staying compatible with the existing Makefiles, in a tool that was at best poorly documented and is full of surprises.This is a prime example of OpenBSD philosophy “evolution, not revolution”: the code in current make is almost entirely new, but it was replaced, one component at a time. Figuring out a battle plan to conquer the old rotting code was a very large part of that fight. |
Speaker biography: Senior developer in the OpenBSD project, teacher of development and security practices at a private graduate school |
Making OpenBSD Useful on the Octeon Network Gear |
---|
Paul Irofti |
Abstract: My work on the Octeon port made possible for OpenBSD to run on the D-Link DSR line of mid-range routers and also improved all supported models through the drivers I wrote. I’m continuing my work on improving the OpenBSD experience on the Octeon products by enhancing network support (including advanced switch support among other things) and adding disk support via USB and CFI. This presentation summarizes the developments I brought and the obstacles I faced./td> |
Speaker biography: Paul is an OpenBSD developer since 2008, involved in ACPI, suspend and resume, power management, mips64, porting and currently with a keen interest in the Loongson and Octeon platforms. Currently he’s a freelancer and also studying for his PhD in Parallel Algorithms for Signal Processing. In the past he worked for a telephony company developing VoIP, Voicemail and related software and after that as an antivirus engine developer and reverse engineer. In his spare time he enjoys a good game of Go, running or hiking. |
OpenStack and OpenContrail for FreeBSD platform |
---|
Michal Dubiel |
Abstract: OpenStack and OpenContrail network virtualization solution form a complete suite able to successfully handle orchestration of resources and services of a contemporary cloud installations. These projects, however, have been only available for Linux hosted platforms by now. This talk is about a work underway that brings them into the FreeBSD world.It explains in greater details an architecture of an OpenStack system and shows how support for the FreeBSD bhyve hypervisor was brought up using the libvirt library. Details of the OpenContrail network virtualization solution is also provided, with special emphasis on the lower level system entities like a vRouter kernel module, which required most of the work while developing the FreeBSD version./td> |
Speaker biography: Michal Dubiel, M.Sc. Eng., born 17th of September 1983 in KrakÛw, Poland. He graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in KrakÛw. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on various software projects ranging from low level kernel development to Software Defined Networking systems. He is mainly interested in the computer science, especially the operating systems, programming languages, networks, and digital signal processing. |
Porting NetBSD to the LatticeMico32 open source CPU |
---|
Yann Sionneau |
Abstract: I will describe the work I did on the open source LatticeMico32 softcore CPU to add a MMU to its pipeline and then how I added support for this enhanced LM32 CPU in the NetBSD <http://netbsd.org> 6 kernel.I will quickly explain what a MMU is and how it works in LM32. I will then show an overview of the steps I followed to add support for this new CPU and this new System-on-Chip to the NetBSD kernel. Afterward I will explain some of the choices made for this port, especially those in relation with the MMU handling : the (machine-dependant) virtual memory system (aka pmap).I will demo the boot of the NetBSD kernel on QEMU emulating LM32 CPU and then on the Milkymist One VJ Station./td> |
Speaker biography: Yann Sionneau is a 26 year-old French embedded software engineer passionate about learning how embedded systems work in general.Yann is part of the M-Labs <http://m-labs.hk> (fka Milkymist) community that is working on developing open source digital designs on FPGAs as well as making it more and more easy to do so by providing a simple but yet powerful framework for System-on-Chip design.Yann contributed the original RTEMS Board Support Package of the Milkymist One video synthesizer, a Memory Management Unit (MMU) for the Open Source soft-core CPU LatticeMico32, and ported NetBSD kernel for the LM32 CPU and the Milkymist System-on-Chip. Yann recently became an EdgeBSD developer and his work on LM32 support is currently upstream in an EdgeBSD branch. |
BSD/ARM Kernel Internals |
---|
Arun Thomas |
Abstract: In this talk, I’ll discuss how BSD kernels interface with the ARM processor. I will cover the kernel internals of the FreeBSD and NetBSD ARM ports, focusing primarily on ARMv7.I will discuss how booting, memory management, exceptions, and interrupts work, using plenty of BSD code. This talk is meant to be a quick start guide for BSD hackers who aren’t familiar with the ARM architecture/td> |
Speaker biography: Arun Thomas is an open-source kernel hacker by trade. He got his first taste of BSD in 2002. Arun is currently an OS researcher/hacker on the DARPA CRASH/SAFE program. He has contributed to several open-source projects over the years, including the MINIX 3 operating system as a core developer, the Gentoo Linux distribution as a Gentoo/Hardened and Gentoo/ARM developer, and the Linux kernel. He has given talks about open-source operating systems at ARM TechCon, BSDCan, EuroBSDCon, and FOSDEM. |
(Tool-)chaining the Hydra The ongoing quest for modern toolchains in NetBSD |
---|
Martin Husemann & Joerg Sonnenberger |
Abstract: The NetBSD auto-build cluster creates binaries for 67 architectures (and misses one, due to toolchain problems). Providing modern toolchains for all these is not a simple task. Some of them lack the resources for a modern compiler. Some CPU models are no longer supported by GCC or never have been by LLVM. In some cases, NetBSD developers are the primary maintainers of the GCC port.In the last year great progress has been made – gcc 4.8 is now the default compiler for several architectures; binutils and gdb have been updated as well. At the same time LLVM/Clang can be used as alternative system compiler to build a full system for some ports. PCC is explored for severely restrainted ports like Sun2. Some architectures are still using GCC 4.1 or 4.5.But this is only one part of the game. The compiler needs access to certain run time functionality, ranging from low-level algorithms like software integer division over stack unwinding and exception support to C++’s Standard Template Library. NetBSD is in the process of moving toward a full set of BSD or MIT licensed libraries, after careful testing on each architecture and with special attention towards binary compatibility. Avoiding regressions is one goal, but a side effect is increased maintainability. NetBSD is the likely the first platform to offer C++11 support on the VAX including shared libraries and working exception handling.The talk will provide an overview of the ongoing work, the status quo, and show some of the road blocks we had to clean, as well as provide a roadmap of planned future work. |
Smartcom’s control plane software, a customized version of FreeBSD |
---|
Boris Astardzhiev |
Abstract: Smartcom Bulgaria’s switching family consists of Ethernet switches targeted at offering access and aggregation layer L2 and L3 switching solutions for FTTX deployments that satisfy today’s requirements for delivering TriplePlay services with appropriate levels of QoS and security. The family offers fixed configuration (for the access layer), as well as modular configuration (for the aggregation layer) devices with up to 24x1GE + 4x10GE Ethernet ports. The switches run Smartcom’s control plane software, a customized version of FreeBSD. The control plane software is modular, ensuring that, even in case of software problems, the switch will continue to operate with minimal or no service disruption. |
Speaker biography: Boris Astardzhiev is a senior developer in the R&D team for Smartcom Bulgaria and, as such, has been involved in the development of Smartcom’s line of CPE, Access and Aggregation Ethernet products since their inception. He comes from networking and software development background and has been in the industry for more than 8 years. *BSD user since 2002. |
NPF scripting with Lua |
---|
Lourival Vieira Neto |
Abstract: NetBSD recently added an experimental support for kernel scripting based on the programming language Lua, which allows privileged users to load and run Lua scripts in kernel. This talk presents a special use case on scripting the NetBSD Packet Filter (NPF). It presents NPFLua, a NPF extension module that allows users to define advanced rules to filter the network traffic using Lua scripts. This talk also presents Luadata, a Lua extension library that allows developers to expose safely system memory for Lua scripts. This library also allows users to describe data layouts declaratively in Lua. Luadata is used in combination with NPFLua to allow users to inspect and modify network packet payload using Lua. |
Speaker biography: Lourival Vieira Neto is developer of NetBSD, working on Lua in kernel. He graduated from PUC-Rio with B.Sc. degree in Computer Engineering and M.Sc. degree in Computer Science (Programming Languages). He is currently project coordinator for embedded systems for digital television at TQTVD/TOTVS, Brazil. |
Porting the drm/kms graphic drivers to DragonFly |
---|
Francois Tigeot |
Abstract: Francois Tigeot has been trying to make DragonFly more useful by improving its performance, making it able to use some common technologies such as PAM/NSS and porting various pieces of software. One of these pieces of software was the new kms infrastructure and its associated drm/i915 driver. This talk is about how it has been ported from FreeBSD, the difficulties encountered when making it first run on DragonFly and its evolution from there |
Speaker biography: Independent consultant, sysadmin, *BSD and PostgreSQL user since 1999, DragonFly developer since 2011 |
Software segmentation offloading for FreeBSD |
---|
Stefano Garzarella |
Abstract: The use of large frames makes network communication much less demanding for the CPU. Yet, backward compatibility and slow links requires the use of 1500 byte or smaller frames. Modern NICs with hardware TCP segmentation offloading (TSO) address this problem. However, a generic software version (GSO) provided by the OS has reason to exist, for use on paths with no suitable hardware, such as between virtual machines or with older or buggy NICs. In this paper we present our work to add GSO to FreeBSD. Our preliminary implementation, depending on CPU speed, shows up to 90% speedup compared to segmentation done in the TCP stack, saturating a 10 Gbit link at 2 GHz with checksum offloading. |
Speaker biography: Stefano Garzarella is a Research Fellow in Luigi Rizzo’s research group at the Dipartimento di Ingegneria dell’Informazione of the University of Pisa, Italy. He received a Master’s Degree (summa cum laude) in Computer Engineering from the University of Pisa in February 2014. He has been a FreeBSD developer since 2013. Now he is working on various kernel and user space projects, particularly in the virtualization and networking fields. |
secure lazy binding |
---|
Philip Guenther |
Abstract: A common security measure is now to reduce or eliminate the presence of process memory that is both writable and executable. However, the dynamic linker needs to make changes to executable pages when binding lazy references. In multi-threaded programs this creates a window of vulnerability. Depending on the system architecture, it may also result in extra cache or TLB flushes to maintain coherency on multi-processor systems. I’ll describe the implementation and use of kbind(), a machine-independent system call for secure and efficient binding of lazy references. |
Speaker biography: Philip was initiated in UNIX system administration in 1992 as a student at Saint Olaf College, where he got involved in Open Source software including procmail and amd. In December 2000 he joined Sendmail Inc and worked on threaded IMAP/POP3/LMTP servers. He started using OpenBSD actively several years later but didn’t join the project until July 2008 after the status of the threads implementation started to annoy him. Philip is currently a Director of Engineering at Proofpoint, Inc. |
Improving DragonFly’s performance with PostgreSQL |
---|
Francois Tigeot |
Abstract: Since its creation, the DragonFly operating system had contained a giant lock in its kernel, preventing more than one thread to use kernel resources at the same time. This big lock was finally removed after the 2.10 release. I then started to look for a good way to test the multi-processor performance and scalability of the operating system. PostgreSQL seemed to fit the bill with its PGbench tool.This talk will focus on how PostgreSQL was used as a benchmarking tool to check and improve DragonFly’s performance and scalability. |
Speaker biography: Independent consultant, sysadmin, *BSD and PostgreSQL user since 1999, DragonFly developer since 2011 |
The LLDB Debugger in FreeBSD |
---|
Ed Maste |
Abstract: LLDB is a modern, high-performance debugger in the LLVM family of projects, and is built as a modular and reusable set of components on top of the Clang/LLVM foundation. It was originally developed for Mac OS X, but now supports FreeBSD and Linux as well, with ongoing work for Windows support.This presentation will provide an overview of the design of LLDB, compare it with the existing GNU debugger in the FreeBSD base system, and present the path to importing LLDB as FreeBSD’s debugger. |
Speaker biography: Ed Maste manages project development for the FreeBSD Foundation and works in an engineering support role with Robert Watson’s research group at the University of Cambridge Computer Laboratory. He has been a FreeBSD committer since 2005. |
Securing sensitive & restricted data |
---|
Dag-Erling Smörgrav |
Abstract: Researchers in many scientific fields routinely work with sensitive or restricted data such as patient records, human genetic sequences, or interviews with dissidents in oppressive regimes. Keeping this data secure while retaining the ability to process and analyse it is a non-trivial problem. The University of Oslo’s TSD service is a “walled garden” environment for storing and processing this type of data. We present the architecture of TSD and describe how FreeBSD is used to control the interface between TSD and the world. |
Speaker biography: Dag-Erling Sm¯rgrav is a senior engineer at the University of Oslo, one of the developers of the TSD service and a member of the University’s CERT and information security team. He has been a FreeBSD committer since 1998 and is currently serving as FreeBSD’s Security Officer. He is also the author of OpenPAM. |
Porting Valgrind to NetBSD and OpenBSD |
---|
Masao Uebayashi |
Abstract: Valgrind is a proven opensource instrumentation framework Mainly known by its memory profilerValgrind executes applications in virtual CPU and memory dynamically disassembling target code into intermediate representation (IR) and converting into native code (JIT). This Dynamic Binary Instrumentation (DBI) is useful for users in that no recompilation of target is needed. However, implementing that idea is difficult and code becomes complex. My talk will examine Valgrind’s internal especially around platform dependent code, like system call wrapper, memory management, and signal handling. We also mention things that are needed to port Valgrind to a new platform/cpu, for example, how to debug and test Valgrind itself, and source code structure, etc. |
Speaker biography: Masao Uebayashi is a the founder of Tombi Inc., a small company based in Yokohama, Japan, where he concentrates on *BSD only development consultation. In the past he worked for Brains Corp., who first ported NetBSD to Renesas SuperH platform, and later IIJ, where he brought up NetBSD on OCTEON MIPS64 processor. After having done PowerPC, SuperH, MIPS, and ARM in the last 15 years, he has finally started learning x86. |
vscsi(4) and iscsid — iSCSI initiator the OpenBSD way |
---|
Claudio Jeker |
Abstract: In the beginning large storage networks had to be built with Fibre Channel. Since Fibre Channel is expensive an alternative way to attach block-level devices to servers was searched. A protocol using Ethernet or TCP/IP would be a good cost-effective alternative since there is already an extensive Ethernet infrastructure available in data centers. iSCSI is a protocol that transport SCSI commands and data over TCP. It combines two very popular protocols — SCSI for block level I/O and TCP/IP for remote communication. While many iSCSI implementations are inside the kernel the one implemented in OpenBSD is written in userland similar to the NetBSD initiator. But unlike NetBSD’s, OpenBSD’s version does not use a userland filesystem to hook the iSCSI disks into the kernel. Instead access is performed via vscsi(4) — a virtual scsibus — which allows userland to talk directly to the kernel SCSI midlayer. Vscsi is implemented in roughly 600 lines of code exporting the scsibus to userland via 6 ioctl(2) plus the possibility to use poll(2) or kqueue(2) to allow simple I/O multiplexing. The vscsi device uses these ioctls to issue commands and send or receive data from the kernel. The use of this interface it is fairly simple and makes it possible to write an iSCSI initiator in userland. The userland process can offload all the complex SCSI protocol handling to vscsi and the kernel and “only” needs to implement the session establishment and error recovery. The presentation will give a quick introduction to the iSCSI protocol, the vscsi(4) interface is explained including sample code and the design and implementation of iscsid is illustrated. It will also cover the chicken and egg issues having to rely on a userland process for accessing disks and their file systems and how OpenBSD solved the startup and shutdown handling. |
Speaker biography: Claudio Jeker is a long time OpenBSD developer doing mostly crazy networking stuff. After writing various privilege separated daemons I was “forced” by David Gwynne to write iscsid. The initial proof of concept was all hacked up during f2k9 — the filesystem hackathon — in Stockholm. |
Bugs Ex Ante |
---|
Kristaps Dzonsons |
Abstract: Application sandboxes allow developers to take an unusual stance: not that our systems will be bug-free, and that bugs should be considered the corner-case; but that in fact there will be bugs, bugs as the rule, bugs that will be exploited in the messiest, ugliest way.(I won’t mention current events. But we’ll know what they are…)For this talk, I propose speaking about the design of a CGI framework that assumes exactly that: that its network-touching components will be exploited.After all, CGI frameworks have a celestially vast attack surface: URL query strings; cookies and HTTP headers; and beneath and beyond it all, form parsing. Combine these attack vectors with validation–at best validation of simple types, and then more terrifyingly (and normally) via external libraries such as libpng.In reviewing CGI frameworks in C for some recent work, I noticed less a lack of security focus than a parade committee for exploits. Even given my own small demands for CGI security, I was led to asked myself: can I do better than this?The topic would necessarily focus on available sandbox techniques (e.g., systrace, Capsicum) and their practical pros and cons (portability, ease of implementation, documentation, etc.). After all, if we make mistakes in deploying our sandbox, it’s just more ticker-tape for the parade.The CGI framework in question, kcgi, is one I use for my own small purposes. Obviously it’s ISC-licensed, well-documented C code, and will be mentioned as little as possible beyond as an exemplar of how easy (or hard!) it can be to write portable sandboxes. In short, this isn’t about kcgi, but about systrace, Capsicum, Darwin’s sandbox, and so on. |
Speaker biography: Most of my open-source work focusses on UNIX documentation, e.g., the mandoc suite (now captained by schwarze@) and its constellation of related tools, such as pod2mdoc, docbook2mdoc, etc. Earlier work focussed more on security, from the experimental mult kernel container on OpenBSD and NetBSD to sysjail. In general, I dislike computers and enjoy the sea. |
The entropic principle: /dev/u?random and NetBSD |
---|
Taylor R Campbell |
Abstract: Programs that talk over the internet today require unpredictable secrets to thwart passive eavesdroppers and active men-in-the-middle.Unix folklore teaches that programs must acquire these secrets from a beast called `entropy’ in the pantheon of information theory, who lives in /dev/random, and that in neighbouring /dev/urandom lives only a false idol. The truth, however, is not so mystical.I will discuss what /dev/random and /dev/urandom actually mean, what applications actually need, and how they should attain it. I will also discuss the implementation of /dev/u?random in NetBSD and the kernel’s cryptographic pseudorandom number generation API. |
Speaker biography: Taylor `Riastradh’ Campbell is not a cryptographer, but has spent enough time scrutinizing crypto in the software he relies on to notice when it’s done wrong. In 2011, Taylor found what may be Colin Percival’s most embarrassing bug when he noticed the two missing characters `++’ to increment the AES-CTR nonce in Tarsnap leading to reused — and thereby decidedly predictable — key streams. Taylor became afflicted with a NetBSD commit bit later in 2011 for unrelated reasons, and has since participated in rototilling the NetBSD kernel entropy subsystem. |
Cross Building the FreeBSD ports tree |
---|
Baptiste Daroussin |
Abstract: Building packages is a resource consuming task and can take very long on embedded devices or low power architectures. Being able to use the power of amd64 servers to build packages for arm or mips allows to make this task faster and less tedious. This talk will cover the following topic:
|
Speaker biography: Baptiste Daroussin is a unix system engineer, FreeBSD committer for both base and ports, a member of the port management team. He is responsible for a couple of the important changes that happened in the ports over the past few years: New options framework, pkgng, Stage support and more. |
A Reimplementation of NetBSD Based on a Microkernel |
---|
Andrew Tanenbaum |
Abstract: The MINIX 3 microkernel has been used as a base to reimplement NetBSD. To application programs, MINIX 3 looks like NetBSD, with the NetBSD headers, libraries, package manager, etc. Thousands of NetBSD packages run on it on the x86 and ARM Cortex V8 (BeagleBones). Inside, however, it is a completely different architecture, with a tiny microkernel and independent servers for memory management, the file system, and each device driver. This architecture has many valuable properties which will be described in the talk, including better security and the ability to recover from many component crashes without running applications even noticing. Updating to a new version of the operating system while it is running and without a reboot is on the roadmap for the future. |
Speaker biography: Born in 1944 in New York, Tanenbaum currently teaches at the Free University of Amsterdam, where since 2008 his research has been under the aegis of a EU grant for design and implementation of particularly stable operating systems. Minix, which he started in the 1980s, is apparently the reference project. Since its third version, the microkernel operating system has been open source under a BSD license. |
Randomness: how arc4random has grown since 1998 |
---|
Theo de Raadt |
Abstract: There are an astounding number of lies suggesting that ‘random is hard’ and ‘random needs extreme contortions’ and ‘operating systems cannot do random well’. It’s a selffulling promise. As a result of what chatter, it is hard, it is rare, and the situation sucks. |
Speaker biography: Theo de Raadt is a software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects. |
BSDA certification exam |
---|
The BSD Certification Group (BSDCG) is pleased to offer the BSDA certification exam to attendees of EuroBSDCon 2014. The exam will be paper based and in English. Exam information is available from the Certification page of the BSDCG website. Exam candidates should be proficient in the BSDA Certification Requirements and the Command Reference, both of which are available for free download from that page of the website. Participants need to register for a BSDCG ID. Once you have an ID, you can choose an exam location and pay for the exam. The examination fee is $75 USD and payable through Paypal or credit card. |