Day 1: September 17, 2021
Attend the event on Day 1 to socialize and test your system!
Day 2: September 18, 2021
Room 1
Debug Packages in OpenBSD
A year and a half ago, Paul Irofti and I we implemented debug packages in the ports system of OpenBSD. Our goal was to be as unintrusive to the normal ports building process as possible. The basics are rather simple: modern toolchains allow debugging information to be held in separate files in a straightforward manner, but plugging this somewhere in the package system so that porters do not need to be aware of any details was another matter. Through several fast iterations, we quickly made some debug packages available. A year later, we have activated debug packages for most relevant ports, and activating it for new ports is most often trivial.
Marc Espie Researcher/Teacher in development security at Epita Architect of the OpenBSD packages and ports system
Working with *BSD ports Trying to update syslog-ng in FreeBSD, DragonFlyBSD, NetBSD and OpenBSD
BSDs have a clear separation of a base system and external applications. Ports allows to maintain external applications for BSDs. You can install binary packages built from ports with sensible defaults for most applications. Sometimes, more features are available if you compile a port yourself from ports.
Peter has helped with maintaining the syslog-ng port in FreeBSD for the past decade and checked syslog-ng and sudo recently also OpenBSD, NetBSD, and DragonFly BSD. He will discuss similarities and differences between ports systems and his (still ongoing) experiences while trying to update syslog-ng in various ports systems.
Peter Czanik Peter started to use FreeBSD with version 1.X in 1994. He is an engineer working as open source evangelist at Balabit (a One Identity business), the company that developed syslog-ng. He assists FreeBSD and Linux distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly about sudo and syslog-ng at conferences (SCALE, All Things Open, FOSDEM, LOADays, and others). In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machines.
Porting an OpenBSD Daemon and its Security Concepts from C to Rust My experiment to combine strengths of Rust and OpenBSD software
Rust is an increasingly popular language that is praised for its design that makes it easier to write secure, highly-performant, and modern software. There are major initiatives to rewrite relevant projects in the open source ecosystem and even system software in Rust.
Many people in the security-aware BSD community use and follow Rust professionally but most BSD software is still written in C (and Shell and Perl, if that counts). So I started a little experiment for myself: what does it take to rewrite one of the “daemons” that I wrote for OpenBSD in Rust? Will it allow to implement the security innovations and exploit mitigations in a style that is similar to one of OpenBSD’s C programs?
The uniqueness of Rust is based on its design to enforce correctness – strong type-, memory-, and thread safety guarantees – in a system programming language without the need for garbage collection, a complex runtime, or a VM. A well-known feature is its ownership model and the “borrow checker” and a lesser-known key feature is its approach to thread safety that allows to write super scalable, efficient, async, and multi-threaded networking services.
But Rust itself is no guarantee to get secure software. Many programs either ignore the best practices and use “unsafe” Rust code, use generic instead of strict types, sprinkle the code with harmful panics or casts, or follow all the rules but still run a single-process binary with root access to the system or container. Like any other code, Rust programs require diligent code reviews and proper security-oriented designs; this is my first-hand experience from applying those standards in a larger team that uses the language for a demanding and every-growing backend infrastructure.
This talk follows the experiment of implementing all the small and big features of one of my daemons in Rust and ultimately the daemon itself. The goal is to combine the strengths of Rust with the concepts of OpenBSD; using a similar style that supports the same configuration format and feature set. This is a long-term side project and I’m subsequently releasing the work as open source software, such as the privsep-rs framework. I already have the core privilege-separated program that slowly gains features and, if time permits, I will be able to present a working Rust daemon at the conference.
Reyk Floeter Reyk is a former OpenBSD hacker who contributed various improvements, drivers, and networking daemons to the project since 2004. He has worked as a network security consultant, software engineer, and founder of multiple startups such as Esdenera and .vantronix, building enterprise-class products based on OpenBSD. Reyk is now based in Zurich, Switzerland, and works as a lead software engineer for the Kraken digital asset exchange.
On-Demand Package Building in the Cloud
Poudriere makes it easy to have your own package repositories for FreeBSD and DragonFly BSD but building hundreds or thousands of them can take longer than you would like, especially if you don’t have a big server that can be dedicated to the task. Fortunately, we have the cloud.
This talk will explain how to set up a Poudriere workflow in Azure (concepts should be applicable to GCP/AWS) that updates your packages daily on 16-, 32-, or more-core VMs that you only pay for when building; signs them using a hardware security module; and serves them from a CDN. It will also discuss the non-negligible yak shaving required to get to this point.
Brad Ackerman Brad Ackerman is a software engineer on the Azure Edge + Platform team, where he implements security controls and deployment automation for storage systems; previously, he was a signals analyst for the US federal government.
Porting GNOME to NetBSD
For years, GNOME3, arguably the most popular open source desktop environment, was not available on NetBSD. This presentation will describe how recent versions of GNOME arrived in NetBSD/pkgsrc, what functionality is supported and which are the pain points and blockers. The talk will also explain why Wayland is not yet supported for GNOME on NetBSD, what are the proposed replacement for logind interfaces and the state of portable thread-safe locales on POSIX-like systems.
Dan Cirnat Dan Cirnat is a developer with a background in web backends and a passion for operating systems. Dan has experience for Berlin-based startups AUTO1 and FlixBus. Since going independent in 2020, he has used his free time to port GNOME for NetBSD and has joined the NetBSD foundation as a pkgsrc developer.
Porting Chromium to FreeBSD
Chromium is one of the most important browsers for today’s web development. In this talk, I’ll focus on what is necessary to keep an up-to-date version of it in FreeBSD’s ports, and what bits are missing to further improve it.
Matthias Wolf Matthias Wolf has used FreeBSD since 2002 on various systems and maintains a couple of ports nowadays.
Lessons from the CFT Lab A tour of the Hardware, Methodologies, and Results of the Call For Testing lab
The CallForTesting.org web site and accompanying lab are a direct product of EuroBSDcon and will celebrate their 10th anniversary in 2021. The lab has grown from a few second hand ThinkPads to a network of over 25 systems of all sizes that have helped exercise bhyve and various ZFS platforms in preparation for production readiness, tracked down lib.c-level performance issues, proven that binary upgrades are feasible for FreeBSD STABLE and CURRENT via up.bsd.lv, and other explorations big and small. This talk will provide a brief history and tour of the CFT Lab, strategies for building a budget-driven home lab, strategies for quickly running tests for other contributors, and hopefully inspiring you to maintain a home lab of your own, regardless of your physical or budgetary constraints.
Michael Dexter has a vocal fondness for BSD hypervisors and OpenZFS, and has organized the Portland Linux/Unix Group (PLUG) since 2009, among other community activities around the world.
Michael Dexter Michael has used Unix systems since just prior to the announcement of the Linux kernel and collapse of the Soviet Union. He has helped raise money for various BSD development efforts and usher the bhyve hypervisor into the FreeBSD operating system. Michael lives in Portland, Oregon where he provides commercial OpenZFS and FreeNAS support, hosts the Portland Linux/Unix Group, and lives with his wife and three children.
Room 2
GhostBSD as a Game Winner for Daily Use?
This talk will give a brieve overview about GhostBSD itself. The main thesis to be discussed will be: if GhostBSD can be a game winner compared to Linux distros Debian, Fedora, openSUSE, Arch, Gentoo, Windows or macOS.
Compared to FreeBSD this OS provides a live-iso+graphical installer+guidance. Important aspects for new users who want to try out a BSD OS.
Anyhow, after the installation questions are still occuring! – How about hardware support? – terminal commands – availability of pkgs – gaming on GhostBSD? – office work/shool/university?
Founder of GhostBSD is Eric Turgoen. Myself I am part of the GhostBSD team.links: http://ghostbsd.org/
https://wiki.ghostbsd.org/index.php/Main_Page
Andi Artz My name is Andi Artz and I am 31 years old. I live in Germany (Gießen, Hessen). I use Fedora Silverblue and GhostBSD/FreeBSD. Additionally, I am involved in Fedora Project Teams as well in GhostBSD. I like coding and I am a Freelancer (tutor/teacher). My blog which I have started recently: https://twpbl.blogspot.com/
FreeBSD networking in virtualised hosting – 2021 and beyond
This talk will present the current state of networking for FreeBSD based containers (jails) and virtual machines based on our own experience running a private hosting infrastructure.
I will present the challenges we faced and solved, like IPv4 address scarcity or vastly different network architectures across various bare metal providers. And the ones we are still facing like increasingly large broadcast domains in layer 2 networking, and the ideas we (and others) have about possible solutions and the future direction of the virtual network stack.
This is an operator’s point of view that references the kernel and userland implementation but focuses on the use of the various subsystems involved instead of the kernel implementation proper.
Patrick M. Hausen Patrick M. Hausen, born 1968, developed an interest in “all things Unix” and networking in general in the late 80’s. Having worked on various commercial implementations and looking for an operating system that would be more capable than Minix for actual daily use at home he found out about FreeBSD in 1993. He’s been using, hacking, advocating and occasionally cursing FreeBSD ever since.
Using Ceph on FreeBSD
In this talk I will shortly introduce Ceph (on FreeBSD, which is in essence the same as the Linux implementation with the very special Linux only things left out), and then demonstrate some of functionality I have been using. CephFS over Fuse, mounted ceph blosk devices as disk through rbd-ggate, and the presentation should end with a bhyve VM running off a Ceph Rados Block Device natively represented as a regular disk directly connected.
Willem Jan Withagen Willem Jan originally worked at the TU/e and Philips Research on system architectures, but soon started one of the first ISP in the Netherlands (Internet Access Eindhoven) in 1992, using FreeBSD. FreeBSD has stayed with him and his companies ever since. Not a typical expert in anything, but able to find his way is just about any problem, be it networking, assembly language, or business engineering. After over a dozen companies he now runs a data-center and is co-owner of a cloud company (using Linux). Open source is his preferred way of doing things.
Panel: Building and Running a BSD Homelab
A panel discussing the topic of homelabs, including the selection/collection/purchase of equipment, managing the noise and electrical usage, advice about setup & management, etc. Will include a fixed presentation section, as well as an extended Q&A section.
Allan Jude FreeBSD user (2001), doc (2014), and src (2015) committer. FreeBSD Core Team (2016-2020). Co-Author of "FreeBSD Mastery: ZFS" and "FreeBSD Mastery: Advanced ZFS" with Michael W. Lucas. CTO at Klara Inc (FreeBSD development and support services). Panel Members: Michael W. Lucas, Tom Jones, Kyle Kneisl, Allan Jude
SNMP is Still Alive
The Simple Network Management Protocol is so old, a byte isn’t necessarily eight bits. It is baroque and arcane. And it’s everywhere.
SNMP is one of those system management skills that people acquire by experience, stumbling through one horrid implementation after another and counting their knowledge by their scars. It’s highly useful, once you understand it.
This talk provides an overview of modern SNMP, as well as some historical tidbits.
*What makes SNMP simple *When to use SNMP, and when not to *How to use SNMP securely *Objects, MIBs, and OIDs *Using the net-snmp management toolkit *SNMPv3 *efficient queries *debugging *proxies, SMUX, and AgentX *View-based Access Control Model (VACM) *extending the net-snmp agent *logging, traps, and notifications
If time permits, I’ll demonstrate how I maintain my list of books in SNMP.
Michael W Lucas MWL has written a whole stack of books. Many of them are on BSD. He has a web page at https://mwl.io
fwupd Porting Process to the *BSDs
The security of the whole system is not determined only by the software it runs, but also by the firmware. Firmware is a piece of software inseparable from the hardware. It is responsible for proper hardware initialization as well as its security features. That means that the security of the machine strongly depends on the mitigations of vulnerabilities provided by firmware (like microcode updates, bug/exploit fixes). For these particular reasons, the firmware should be kept up-to-date.
Nowadays, one of the most popular firmware update software is fwupd/LVFS. fwupd is a Linux daemon that manages firmware updates of each of your hardware components that have some kind of firmware. What is more fwupd is open source, which makes it more trustworthy than proprietary applications delivered by hardware vendors designed for (only) their devices.
This presentation will describe the process of porting the fwupd project to the BSD distributions (FreeBSD, OpenBSD, NetBSD, DragonFlyBSD). It will explain the challenges that we faced during the development process. The fwupd port extends the functionality of the Linux Vendor Firmware Service (LVFS) to the BSD family of operating systems. It will be a development story that shows the challenges we overcame and the successes we achieved during the implementation. In the end, I will show short demo of the firmware update process. There will also be time for Q&A.
Norbert Kamiński Embedded Systems Engineer at 3mdeb focused on BSD and Linux based solutions. Lately works on secure firmware update methods. A huge fan of virtualization. https://github.com/Asiderr https://twitter.com/asiderr
Social Event
Day 3: September 19, 2021
Room 1
Highly Available WANs With OpenBSD
I would like to share my battle tested (over 2 years in production), highly available WAN setup based exclusively on components of OpenBSD base system. In this setup, ~30 branch office (spoke) firewalls connect to a pair of (hub) CARP firewalls over two Internet links, each in its own separate rdomain. Traffic is tunnelled by GRE, protected by transport mode IPsec. Dynamic routing and failover are provided by OSPF.
I plan to show detailed network diagrams along with addressing schemes, as well as all the configuration file templates needed for such setup.
Components used in this setup are: carp, bgpd, ospfd, pf, pfsync, gre, isakmpd, ipsec, rdomain.
Marko Cupać For last 12 years I have been designing and maintaining networks and essential network services, exclusively with OpenBSD and FreeBSD. Perhaps it would be interesting for you to check my website, particularly its blog section.
portmgr: Behind the Scenes
This talk is about the ports management team of FreeBSD, also known as portmgr. It will cover various aspects of daily operation, both interpersonal and technical, like:
-personnel handling
-deciding on policies
-building packages
-who is who
-history of portmgr
-how things have changed over time (remember GNOME updates?)
-its interaction with other teams
-maybe more.
René Ladan René started to work on FreeBSD in 2004. Meanwhile, he has been awarded both a documentation and a ports commit bit and is now part of the Ports Management Team (aka portmgr@). After visiting too many instances of EuroBSDCon, he was drawn into the accompanying Foundation and now assumes the role of secretary.
A Carrier-Grade L2BSA Gateway with Netgraph
In Germany, broadband access is still based on copper to the house due to
historical, political reasons. In order to increase transfer rates vectoring
became ubiquitous. That’s why all wires between houses and a curb need to be
operated by a single company. Unfortunately, Germany does not distinguish
between layer2 operators and layer3 operators. So either all households have
to buy Internet from a monopolist or a layer2 transmission to a third party
ISP must be regulated. The regulated access to the layer2 bitstream of a
customer is defined by the regulation authority and implemented as a so-
called A10NSP gateway. In principle at this point all layer2 traffic is
encapsulated by an additional VLAN tag for each customer line. The VLAN tag
itself is defined to be fixed as long as the DSL is in sync, but will change
randomly on resync. Existing A10NSP solutions are expensive, closed
appliances which provide only a single type of access: PPPoE. We offer
triple play via DHCP on multiple VLANs to our customers, and we did not want
to pay others for a (limited) solution. So the idea arose to implement this
A10NSP gateway ourselves using FreeBSD and netgraph. At this time several
thousand customers are connected using this cheap and scalable solution.
Let’s have a look into the implementation.
Lutz Donnerhacke Lutz Donnerhacke studied physics and mathematics. During this time he was part of the Internet build-up (Individual Network) in Germany and administrator of the USENET de-hierarchy. Interest focused on cryptography (OpenPGP, X.509, DNSSEC), programming (Ada, Haskell, Piet, C, Perl, PHP), and Internet governance (Fitug, ICANN). He is working for a regional ISP for more than 20 years and currently active in building central infrastructure for a larger ISP.
Use Dummynet to explore space, QUIC!
The Internet has grown vastly in the last 24 years, connection speeds have grown from tens of kilobits a second up to hundreds of gigabits and we have changed our core protocols from plain text to actively protecting privacy.
Our connection technologies have changed wildly too, no longer can we assume that a user connecting is using a dial up modem over wet string, instead links vary from wildly from 3G to gigabit FTTP hookups to geostationary orbits and out to satellite whizzing around just above the ISS.
The software we develop and the network protocols we use need to be designed to take into account this wide of link technologies. To do this we can still use FreeBSD’s old faithfully network emulator, Dummynet. Dummynet has been core to evaluating the satellite performance of the absolute latest Internet protocol, QUIC.
This talk will provide and introduction to Dummynet and how it can be used to emulate satellite links, 4G/5G links and others, and the role it can have in the future evolution of the Internet.
Tom Jones Tom Jones is an Internet Engineer and Researcher from the Shining Granite City of Aberdeen in Scotland. He is a contributor to the IETF and has written RFCs documenting the UDP API, increasing the MTU in the Internet and most recently been exploring the practicalities of using QUIC on satellite links. In the last year he has been tricked into running virtual conferences and hosting the excellent BSDNow news show. For reasons unknown he chooses to run and cycle ultra endurance distances.
Simplify Licensing Code with REUSE
No matter if you create Free Software code or re-use it from third parties, you have to take care of its licensing and copyright. That tends to get complicated the more files, different licenses and copyright holders you have.
REUSE is there to help! It is a set of best practices to mark individual files and complete projects with information about license(s) and copyright. Unlike other standards, it is designed with developers in mind: as simple and pragmatic as possible, accompanied by tools and with low-threshold, yet extensive documentation available.
In this talk, you will not only learn about the theory but also how to use it in practice. In a short demo, we will make a repository fully REUSE compliant and have a look at the API. We will also take a special look at the requirements of large Free Software community projects, kernels and distributions.
Max Mehl Max Mehl is program manager at the Free Software Foundation Europe (FSFE) and coordinates initiatives in the areas of politics, public awareness and licensing. But he is also frequently to be found in the virtual server room of the FSFE. He sees Free Software as an important component to solve urgent technical and social problems. Every day he is fascinated how many advantages software freedom brings for different aspects - from ethics to politics and economy to security technology.
DNS Treasure Hunt
As the title says, this isn’t a talk it’s a hunt, and the topic is DNS (Domain Name System). Carsten and JP will ask questions and you find the answers. There are easy questions, and some which are harder, easy queries and those which will make you scratch your head. Use the DNS query utility of your choice to help yourself.
Will there be a prize to win? You bet, but lower your expectations — we won’t be sending you on an all-you-can-eat to Rio or anything, but you might get a deflated party balloon or a hopefully new T-shirt or something.
Join us for a fun and instructive 45 minutes.
Jan-Piet Mens Jan-Piet Mens is an independent Unix/Linux consultant and sysadmin who's worked with Unix-systems since 1985. JP does odd bits of coding, and works extensively with the Domain Name System and as such, he authored the book Alternative DNS Servers as well as a variety of other technical publications. He's contributed various modules as well as the documentation system to the Ansible project and dreamed up the Open Source OwnTracks project. (http://jpmens.net) Carsten Strotmann Carsten Strotmann works for more than 25 years in the field of DNS and is a user of FreeBSD and OpenBSD since the late 1990ies. He is an author for the German computer magazine c't, trainer for ISC and Men & Mice on "DNS & BIND" and teaches DNS, IPv6, Network- and Server-Security for BSD and Linux at Linuxhotel in Germany.
smart(8) Update – A Permissively-Licensed Alternative to smartctl(8)
The familiar smartctl(8) utility from the SmartMonTools package has helped operators access the S.M.A.R.T. storage device health diagnostics since its introduction in 199*. While smartctl(8) is proven, flexible, and widly-ported, it has long been limited in the machine-readability of its output, burdened by support for long-discontinued devices, and published under a license that precludes its inclusion in permissively-licensed operating systems such as a FreeBSD, NetBSD, and OpenBSD. The smart(8) utility conceived of by Michael Dexter and authored by Chuck Tuffli addresses many shortcomings of smartctl(8) by focusing on machine-readability, contemporary storage devices, and publication under a BSD two-clause license. This talk will provide a history of diskctl(8) come smart(8) and its motivations, an overview of its implementation and porting to additional platforms including Microsoft Windows, and a tour of its latest features including TSV, libxo, and JSON output.
Michael Dexter Michael has used Unix systems since just prior to the announcement of the Linux kernel and collapse of the Soviet Union. He has helped raise money for various BSD development efforts and usher the bhyve hypervisor into the FreeBSD operating system. Michael lives in Portland, Oregon where he provides commercial OpenZFS and FreeNAS support, hosts the Portland Linux/Unix Group, and lives with his wife and three children. Chuck Tuffli Chuck is a FreeBSD committer and has primarily worked as an OS/device driver developer on Unix-like operating systems for a variety of technologies including video, graphics, wireless and storage devices. He has written several FreeBSD CAM device drivers and contributed to the CAM Target Layer (ctl), Linuxulator, NVMe driver and NVMe emulator. Chuck has a degree in Applied Mathematics from the University of California, Los Angeles.
Room 2
logstor: A Log-structured user level GEOM layer
Most file systems today are write-in-place file system. This kind of file system will generate random writes to the underlying storage device and random writes are bad for both hard disk and flash disk. On the other hand, log-structured file system is a copy-on-write file system. The new written data are appended to the end of the log so it writes data sequentially. Logstor is a user level GEOM layer that can be inserted between the file system and the storage device. It uses the same principle of log-structured file system, that is the data are always appended to the end of the log, so it can also transform random writes from file system above to sequential writes to the underlying storage device. Logstor can make any file system a log-structured file system when that file system is created on it. Also if the logstor commands snapshot and commit are implemented, it can make the file system run faster by not having to sync file system’s metadata frequently.
Please check https://github.com/wy-chung/logstor for more detailed information.
Wuyang Chung Wuyang Chung has been working in the IT industry for almost 20 years, currently, working as a freelancer. Previously, Chung worked at Industrial Technology Research Institute as a Windows CE system integrator. After that he worked in ALi as a firmware engineer. His last work was in Hewlett-Packard Taiwan branch as a system software engineer and worked on writing test programs and helping to analyze product issues detected by these test programs.
FreeBSD Aarch64 Virtual Machines are Boring
With FreeBSD 13.0-RELEASE, Aarch64 (64-bit ARM Architecture) is now a Tier-1 supported architecture!
Late in the 13.0 development cycle, VMware released ESXi ARM-Fling, a trial version of their well known vSphere hypervisor, but for 64-bit ARM systems.
All it takes is a Raspberry Pi 4 and the latest FreeBSD Aarch64 ISO to get up and running, but that wasn’t always the case.
This talk is all about the work that was involved to get FreeBSD and ESXi ARM-Fling to play nicely with one another, how boring it is to deploy Aarch64 virtual machines in 2021, and the more exciting future fore ARM virtualization!
Vincent Milum Jr A History of Vince contains over two decades of tech things I've done! Currently playing around with FreeBSD Aarch64 support, specializing in MariaDB Galera clustering and ZeroTier mesh networking.
(auto)Installing BSD Systems
After more than a decade in touch with systems like FreeBSD, not by just consuming them as an end-user but also by working as a sysadmin or by developing ‘BSD Powered’ solutions, you might fall into pitfalls by not easily finding a way to fully automate their installations. The good news: it’s possible and it’s not as complicated as you might think!
Today’s needs regarding automating things like an O.S. installation can save you a lot of time; Kickstart or Preseed files are not the only ways of doing it. One can even combine or expand it all to add patching and updating routines into the game.
Here we are not talking about a one-click solution or something like querying an API endpoint to provide you with a shiny virtual machine; no. The main idea behind this talk is to present you with a tool-set and ways of (auto)installing your machines, let’s say, using a NetBSD operating system; be it virtual, or not.
Inspired by talks like the ones showing how OpenBSD Amsterdam sets its virtual machines up, we get together and share thoughts, ideas and setups to get DHCP, iPXE and diskless systems in our favor to set our infrastructure up and running.
Concerned about the first boot and keeping up with services’ configurations and consistencies, we also talk about getting Puppet to watch it for you. Considering plain text passwords no one wishes to host in a Git repository, EYAML to the rescue!
Vinícius Zavam FreeBSD ports committer, TorBSD Diversity Project (TDP) proud contributor and Core Team member of the Tor Project. https://keybase.io/egypcio
TLS in 2021
Transport Layer Security, or TLS, makes ecommerce and online banking possible. It protects your passwords and your privacy. Let’s Encrypt transformed TLS from an expensive tool to a free one. TLS understanding and debugging is an essential sysadmin skill you must have.
It’s also one of the most misunderstood security protocols.
This talk takes you through:
-How TLS works -What TLS provides, and what it doesn’t -Wrapping unencrypted connections inside TLS -Assessing TLS configurations -The Automated Certificate Management Environment (ACME) protocol -Using Let’s Encrypt to automatically maintain TLS certificates -Online Certificate Status Protocol -Certificate Revocation -CAA, HSTS, and Certificate Transparency -Why you shouldn’t run your own CA, and hints on how to do it anyway.
Maybe you can’t stop doing the old obsolete things immediately, but this talk will make you aware of the modern standards.
Michael W Lucas MWL has written a whole stack of books. Many of them are on BSD. He has a web page at https://mwl.io
Routing Stack Changes in FreeBSD 13
This talk provides an overview of the redesigned routing subsystem in FreeBSD 13. It will cover pluggable fib lookup algorithms, resulting in 10-30x lookup performance improvements. It will touch on scalable multipath routing and control plane performance improvements. Basic building blocks – nexthops and nexhops groups will be covered in detail.
Alexander Chernikov Alexander is a FreeBSD committer since 2011, mostly interested in the networking parts of the stack.
Serving Netflix Video at 400Gb/s on FreeBSD
In this talk, I will discuss the efforts to serve TLS encrypted Netflix video at 400Gb/s from a single server. This will be a follow-on to 2 talks at the 2019 EuroBSDCon: “Numa Optimizations in the FreeBSD Network Stack” and “Kernel TLS and TLS Hardware Offload“. I will provide background on the Netflix video workload, and define key technologies such as NUMA, kernel TLS and hardware kTLS.
I will describe encountering bottlenecks such as:
-Memory bandwidth limits for software kTLS
-PCIe issues with hardware kTLS
-NUMA for software vs hardware kTLS
I will present current and historical performance results from at least:
-AMD “Rome” 2nd generation EPYC systems
-AMD “Milan” 3rd generation EPYC systems
-Ampere Altra arm64 systems
Drew Gallatin Drew started working on FreeBSD at Duke in the 90s, and was one of the people behind the FreeBSD/alpha port. He worked on zero-copy TCP optimizations for FreeBSD and was sending data at over 1Gb/s before gigabit Ethernet was generally available. He spent a decade at Myricom, optimizing their drivers. After a brief hiatus at Google, he landed at Netflix, where he works on optimizing the FreeBSD kernel and network stack for content delivery. He worked on the optimizations to serve unencrypted Netflix traffic at 100Gb/s, and then on more optimizations to send encrypted traffic at ever increasing speeds, from 100Gb/s to 400Gb/s and beyond.
An Overview of Scheduling in the FreeBSD Kernel
This talk describes the schedulers available in the FreeBSD kernel: the current ULE scheduler, the real-time scheduler, and the historic 4BSD scheduler. It focuses on the design and implementation details of the default ULE scheduler. It also describes the recent changes that add support for the non-uniform memory access (NUMA) configurations of high-performance servers.
Marshall Kirk McKusick Dr. Marshall Kirk McKusick's work with Unix and BSD development spans four decades. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the University of California at Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past forty years.
The New NetBSD Entropy Subsystem
This talk will present the new NetBSD kernel entropy subsystem after it was rewritten in 2020. The talk will cover the design and rationale of the new implementation, how it addresses various performance and security concerns, a high-level overview of the underlying cryptography, and issues with userland APIs and the repercussions of blocking.
Taylor R Campbell Taylor ‘Riastradh’ Campbell has been a NetBSD developer since 2011, with work in various areas including cryptography, and is a member of the NetBSD core team and The NetBSD Foundation board.