This talk tells the history of the BSD Daemon. It starts with the first renditions in the 1970s of the daemons that help UNIX systems provide services to users. These early daemons were the inspiration for the well-known daemon created by John Lasseter in the early 1980s that became synonymous with BSD as they adorned the covers of the first three editions of `The Design and Implementation of...
A walkthrough of a packet's journey through (FreeBSD's) pf, concentrating on the big picture and its implications.
We'll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we'll cover what DTrace probes can show us, what some of pfctl's counters mean and just how many times pf can look at a single packet.
This talk is intended for firewall...
The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our...
The awk processing language has been around for almost 50 years in the Unix space. All major BSDs include awk in the base system. It allows powerful and flexible processing of text inputs. However, users find it difficult to understand and awk-ward to use, even shying away from using it in the first place.
In this beginner-focused tutorial, we'll get to know the features of awk step by...
Testing an operating system is not easy. FreeBSD project uses Kyua testing framework and has continuously made efforts to add more test cases. They are mostly written in shell scripts or some lightweight programming languages. Writing and maintaining complex test cases is still challenging.
This talk introduces TTCN-3, Testing and Test Control Notation version 3. This is a...
Confidential computing is a family of techniques to enhance security
and confidentiality for data in use. One technical approach is strong
isolation for virtual machines.
AMDs Secure Encrypted Virtualization (SEV) offers several feature sets
for isolation of guest virtual machines from an non-trusted host hypervisor
and operating system. These feature sets include memory...
In this talk, we will present a project that aims at allowing controlled process
credentials transitions without using setuid executables but instead leveraging
FreeBSD's MAC framework.
Traditional credentials-changing programs, such as sudo(8), have
a non-negligible attack surface as they often include a lot of infrequently used
features and mechanisms that can be dangerous from a...
Open Source is participatory and BSD Unix is no exception, with its own unique development workflows and events. Bug reporting, code proposing, and event participation are fundamental elements of the BSD Unix community and despite appearances, are open to anyone to participate.
This talk will take a pragmatic tour of effective engagement on these topics with real-world examples and tips...
Mapping abstract symbol names in source code to concrete addresses at
runtime requires cooperation between the compiler, static linker, and
runtime loader. This talk will talk about some of the practices and
data structures used for this task including ELF relocations, Global
Offset Tables and Procedure Linkage Tables. Depending on time, it may
also cover some more advanced topics such...
Much has changed since Feynman complained that "Social science is an example of a science which is not a science... They follow the forms... but they don't get any laws." The social sciences, particularly economics, have made huge strides in being able to provide both the data and analytic tools that can help people make sound, evidence-based decisions about their lives. But not all analysis...
The misuse of AI in education for cheating purposes has created challenges in assessing students' authentic contributions in the last couple of years. Another issue we identified is that University labs rarely teach problem-solving skills for a real-world scenario that students have to deal with in their post-academic working life (i.e. fixing production issues). Traditional assignments lacked...
We've all heard stories of the dreaded cosmic ray angrily flipping bits in your RAM. But how much does it matter, really? And, more importantly, how do you tell?
This talk will cover an overview of hardware architecture around detecting and correcting memory errors, software support for handling them and other types of hardware errors, and stories of memory errors in the real...
Are you new to the BSD community, or just looking to meet some new people? At this BoF we'll just try to introduce everyone and talk (briefly!) about what they are interested in.
Kind of a human search engine for topics of shared interest.
Come find other people interested in the same thing as you, or new things to be interested in!
Hardware-accelerated program tracing on FreeBSD
Hardware tracing facilities are designed to capture various metrics and
information about software execution with a minimal performance overhead,
making them a valuable tool for performance analyses and debugging. FreeBSD
recently gained a new in-kernel framework for hardware-accelerated tracing
technologies (hwt(8) [1]) with support for...
I manage the network engineering team for a Datacenter company to include the Managed Service Provider( MSP ) services. Ideally this would literally be an AMA as I am sure there are many questions the community would like to ask somebody in my position about exactly what we do, why some things are the way they are, and how to work with a MSP network team best.
1) What is an MSP and what...
KASAN is a kernel sanitizer commonly combined with fuzzing techniques to detect memory corruption bugs, some of which could lead to security compromise. Currently, FreeBSD's KASAN can only detect a subset of temporal safety vulnerabilities due to the lack of a delayed freeing mechanism of freed items. Furthermore, the effectiveness of detecting spatial safety vulnerabilities is also limited...
This tutorial is for those who have not yet jumped on the IPv6 bandwagon.
The goal is for participants to be able to understand how IPv6 works, how an addressing plan could be built for an enterprise network, and how this can be configured on FreeBSD and OpenBSD.
We will also configure services to work on IPv6 and discuss the implications of configuring PF rules for them.
To complete...
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will both teach principles and provide opportunity for hands-on operation of the extensive network tools...
A wide ranging conversation about all things network related and the BSDs.
Topics typically include the state of various network stacks, kvetching about the network, switches, routers, and how we are using the BSDs to solve network problems.
In a world ruled by expect(1) and TCL, we discuss an alternative that was developed based on scripting with lua instead. porch(1) was developed with a language already available and used in FreeBSD base in mind, with the aim of TTY testing via pts(4).
The overall aim of this project is to provide a simple subset of expect(1) functionality specifically aimed at developer and sysadmin...
ISC has been proudly using FreeBSD in production for a long time, including to serve critical internet infrastructure with a global user base (including you!), from the DEC Alpha days up till now, mostly on bare-metal.
In this talk I'll go over some of how we (and I) got here, how we've managed far-away installs and upgrades without remote hands during a global pandemic, and how we...
One of NetBSD's goal with network security is to upgrade NPF with lots of useful features and then be used as the primary packet filter. In this talk, As NetBSD's current primary maintainer of NPF, I will reveal the improvements I have added to NetBSD's NPF packet filter. I will also reveal Further improvements in relation to performance and the direction of the project to reaching completion.
It's possible to do some 3d printing related things on an OpenBSD machine, but there are a bunch of popular tools that aren't available in the ports tree. We will talk about some of the different classes of software and what things are popular and whether they are currently available on OpenBSD and what the blockers are from getting those into the ports tree.
Configuration management and automation tools, like ansible, can make the life of a system administrator easier both by being able to scale operations as well as help in reproducible create new deployments.
An additional advantage is that the automation will, if done consistently will also document all steps done to create the systems.
In this tutorial attendees will learn how to use...
FreeBSD's audio subsystem, sound(4), is one of the fastest out there, but is rather unknown and until recently was largely unmaintained. This talk will go through the various components of sound(4) that make sound possible on FreeBSD, that is:
- The generic driver's structure, control flow and interaction with the device drivers.
- The audio processing chain.
- The user-facing interfaces...
A few years ago, we decided to migrate many of our servers (and many of those of our clients) from Linux to the BSDs - FreeBSD, OpenBSD, NetBSD - depending on the specific services. In this presentation, I will discuss the reasons behind our decision, the technical and organizational challenges we faced, the tangible benefits we have experienced, and why we believe this migration is...
Join our panel of ZFS experts over lunch as they field questions from the audience about ZFS, new features, best practices, and everything else related to storage.
If you deploy ZFS, or are considering doing so, you should join us.
