This talk starts by describing the fundamental importance of beer not only to software developers, but also in the development of civilization. It continues by describing the technology of beer brewing and how computers can help produce better beers. In particular, Groggy describes the fermentation temperature program that was discussed in Slashdot last year.

About the author:

Greg Lehey is a senior software developer at MySQL AB. He is also a FreeBSD and NetBSD developer and an ex-member of the FreeBSD core team. He has been in the computer industry for 30 years, most of them spent in Germany, in which time he has performed most jobs, ranging from kernel development to product management, from systems programming to systems administration, from processing satellite data to programming petrol pumps, from the production of CD-ROMs of ported free software to DSP instruction set design. He is the author of "`Porting UNIX Software" (O'Reilly and Associates, 1995) and "The Complete FreeBSD" (O'Reilly and Associates, 2003).

speaker: Greg Lehey

location: SITE A0150

The FreeBSD project has been engaged in ongoing work to provide scalable support for multi-processor computer systems since version 5. Sufficient progress has been made that the C library's malloc(3) memory allocator is now a potential bottleneck for multi-threaded applications running on multi-processor systems. In this paper, I present a new memory allocator that builds on the state of the art to provide scalable concurrent allocation for applications. Benchmarks indicate that with this allocator, memory allocation for multi- threaded applications scales well as the number of processors increases. At the same time, single-threaded allocation performance is on par with the previous allocator implementation.

speaker: Jason Evans

location: SITE A0150

I have been running FreeBSD on a cluster of standard Intel based servers as an economical and functional alternative to "normal" dedicated/expensive (Cisco/Foundry/Juniper) routers on the edge of our campus for the past 2.5 years. Using Zebra/Quagga and ipfw/dummynet we have set up a system which is both flexible in terms of meeting our external routing and packet filtering needs.

We are the largest University in Canada, serving some 70,000 students and 11,000 staff and faculty. There are an estimated 50000 machines which are served by our external routing cluster.

speaker: Russell Sutherland

location: SITE B0138

If the only computer you're responsible for is your desktop or notebook computer it is easy to keep an eye on the health of the system and to get an idea of how well it is running. As soon as a component fails the service relying on that component fails as well. If a disk starts to fail or the CPU gets too hot you get pretty immediate feedback on that issue.

However, in the server space there is a continual push to provide services on redundant hardware. The systems we can put in place these days may sport redundant hardware such as raid controllers and disks, power supplies, cooling elements, memory and CPUs. Some services can even take advantage of using multiple computers to provide fail-over in the event of a whole machine dying. All of this means that if one of these components fails the service will just keep running. The problem with this is that we no longer get the friendly phone call from our users telling us when something isn't working anymore. Instead we need to be able to get the status of the components so that in the event of a failure we can take appropriate action and maintain redundancy.

Fortunately servers these days are built with a variety of sensors onboard so you can monitor their health. In the case of raid, the controller is aware of the health of the disks and is able to report their state. However, like all hardware, unless there is appropriate software you cannot take advantage of all this information simply because you can't get at it. We intend to present the sensors and bio interfaces and several drivers in OpenBSD as examples of how you can take advantage of this hardware to keep an eye on your systems.

speakers: David Gwynne, Marco Peereboom

location: SITE H0104

Scott Ullrich and I attended BSDCan for the first time last year. We were both very happy with the quality of the conference, probably for the quality of conversations with attendees as much as, or more than the quality of the presentations (though that's not to say they were bad, quite the contrary!). Scott ended up presenting part of the FreeSBIE talk, as he's a FreeSBIE committer, and I pitched in a bit there as well. We'll definitely be attending again this year.

This year we would like to give a presentation on firewalling and the BSD's. We're very involved with the two most popular BSD-based firewall packages, m0n0wall and pfSense. I'm very involved with the m0n0wall community, as a committer and most frequent contributor to the mailing lists. Scott and I co-founded pfSense as a fork of m0n0wall, taking a different direction with different and conflicting goals from m0n0wall (hence the reason for the fork). But, with the type of audience at BSDCan, we would not focus heavily on these packages.

This email is basically to get a feel for your interest in this topic. I'll briefly outline what we're thinking about, and if you have any interest in this, I can get you something much more detailed.

Think of this as three distinct areas of focus:

1) Current status of firewalling and the BSD's

An overview of the firewalling options with Free, Net, Open, and DragonFly. What options are available (ipfw, ipfilter, pf, etc.), and their level of stability and maturity on each. Provide several reference links for each, for info on how to implement them on each OS.

2) The BSD-based firewall packages

Introduction and overview of the two major open source firewall packages, m0n0wall and pfSense, that implement BSD firewalling technologies, with a GUI to greatly increase the usability of the underlying system. At least half the user base of these packages does not use BSD in any other regard, and are not familiar much at all with the underlying OS. Thus, they're not really the typical audience member from what we saw at BSDCan last year, so we won't focus very heavily in this area.

3) Firewalling best practices

Very few firewalls are implemented as tightly as they could and should be. This part would be a discussion of firewalling best practices and how they can be implemented using m0n0wall and pfSense (including how to just use the GUI systems for generating rule sets for use on stand alone systems).

speakers: Scott Ullrich, Chris Buechler

location: SITE A0150

It's awfully tempting to nail a FreeBSD computer to the wall to solve some particular problem. NanoBSD is a build framework for FreeBSD which generates read-to-use Flash images for such "appliance" use.

In addition to a tour of NanoBSD, the talk will look at some of the issues one should think about before reaching for the hammer and gives examples of solutions to problems people often don't realize exist until they have manifested themselves as "unforeseen expenses".

speaker: Poul-Henning Kamp

location: SITE B0138

Jails are great, but it's not a great idea for jail users to firewall their virtual interface. Best practices involve firewalling upstream, but this generally means someone has to maintain the firewall rules. We present an automated system that allows Jailed accounts to modify an upstream firewall using a combination of Guardian (http://www.chaotic.org/guardian/) and Snort. The benefit of this system is that Jailed users can now directly control their own firewall rules without adminstrator assistance.

The system comprises of a script that the Jailed user can execute which sends a packet through the upstream firewall. This packet contains a digitally signed set of instructions for modifying the firewall rules. The packet triggers a signature match in Snort, which is then captured by Guardian, which then adjusts the firewall rules accordingly.

speaker: Wes Sonnenreich

location not assigned

FreeBSD, like many open source projects, uses CVS as its main version control system (VCS), which an extended history of all modifications made since the beginning of the project in 1993. CVS is a cornerstone of FreeBSD in two ways: not only does it record the history of the project, but it is a fundamental tool for the FreeBSD core team and developers.

CVS is built around a concept of centralized repository, which has a number of limitations and suffers from many flaws. Although FreeBSD is also using Perforce for specific projects, having two VCS is cumbersome.

Recently, a new type of VCS has arisen: Distributed VCS, one of the first being BK from BitMover, Inc. Better known from the controversy it generated when Linus Torvalds started using it, it has nonetheless changed the way some people develop software.

This paper explores the area of distributed VCS. We analyse two of them Arch (in its Bazaar incarnation) and Mercurial. I'll try to show how such a tool could help further FreeBSD development, both as a tool and as a new development process. Migrating VCS is a tedious task and there are several issues that we must look at before undertaking this project.

speaker: Ollivier Robert

location: SITE B0138

FreeBSD/arm supports a wide array of ARM processors. Unlike Intel x86 systems, ARM processors are aimed at the embedded market and are packaged as a SoC (System on Chip). The integrated peripherals vary widely between the different offerings from different vendors.

This paper will expore the issues encountered in porting FreeBSD/arm to the AT91RM9200 processor. We will talk about the initial bring up of the board, device driver support for the SoC devices, and packaging concerns for an embedded processor. This paper may explore the issues around cross building a release.

speakers: Olivier Houchard, Warner Losh

location: SITE H0104

I have spent quite a bit of effort over the past few months on benchmarking the performance of UFS filesystems on FreeBSD 4.x, 5.x and 6.x, with UP and SMP hardware. The results are quite interesting and reveal both the enormous progress made in SMP performance and scalability with the release of FreeBSD 6.0, and a remaining performance limitation which should direct future work. I am planning to write up these observations, and BSDCan should be a good venue for presenting the results.

Depending on my time and hardware availability, I may also be able to extend the analysis to cover other BSD versions.

speaker: Kris Kennaway

location: SITE A0150

FreeBSD has been ported to run on the Xen hypervisor on x86 and is in the process of being ported to Sun's hypervisor on the sun4v. This commoditization of hypervisors has made the open source community increasingly aware of the benefits that they can bring to the data center and the developer.

Benefits frequently cited are:

• Server Consolidation, increasing server utilization, typical is at 15%
• Business Continuity, live relocation
  • zero downtime maintenance
  • instant-on provisioning
  • optimizing application resource provisioning
• Decoupling the OS from the underlying hardware
  • MMU changes can be made independently of the OS, e.g. Sun's T1 HV
  • live migration
  • virtual devices can map to arbitrary physical devices
  • debugging / fault isolating drivers, running drivers in their own domain

This talk will cover the services provided by hypervisors, the changes that need to be made to FreeBSD to support them as paravirtual guests, the tradeoffs versus emulation (VMWare, QEMU, etc.), and the up and coming support on the next generation of AMD / Intel processors.

As part of the talk will bring up a FreeBSD instance on Xen - time and hardware permitting will do a live migration.

speaker: Kip Macy

location: SITE A0150

The FreeBSD Project is one of the oldest and most successful open source operating system projects, seeing wide deployment across the IT industry. From the root name servers, to top tier ISPs, to core router operating systems, to firewalls, to embedded appliances, you can't use a networked computer for ten minutes without using FreeBSD dozens of times. Part of FreeBSD's reputation for quality and reliability comes from the nature of its development organization--driven by a hundreds of highly skilled volunteers, from high school students to university professors. And unlike most open source projects, the FreeBSD Project has developers who have been working on the same source base for over twenty years. But how does this organization work? Who pays the bandwidth bills, runs the web servers, writes the documentation, writes the code, and calls the shots? And how can developers in a dozen time zones reach agreement on the time of day, let alone a kernel architecture? This presentation will attempt to provide, in 45 minutes, a brief if entertaining snapshot into what makes FreeBSD run.

speaker: Robert Watson

location not assigned

A core part of the Unix system is the drivers that interact with the hardware that we run on. Drivers are needed as new hardware and technology becomes available on the market. FreeBSD has a rich set of constructs that makes writing a device driver easy. This includes making the module loadable and handling configuration via sysctl's and tunables.

The presentation will be on how to write a device driver for FreeBSD. This will cover things like presenting a character device which you can read/write/mmap/select/kqueue upon along with properly using bus_dma for cards that can DMA. It will focus on PCI as the primary attachment, but will cover other device attachments such as I2C.

speaker: John-Mark Gurney

location: SITE B0138

The TCP/IP protocol suite has become the networking standard of the world, carrying nearly all traffic on the Internet, and a large percentage of traffic on LANs as well. All types of data traverse TCP connections, from the unimportant to the highly confidential. While network layer protocols such as IPsec have been created to add encryption to TCP/IP, they require special configuration and are not generally used except in VPN configurations. The SSL protocol, which sits on top of TCP, has become much more widespread. While SSL can ensure data confidentiality and integrity, it can not ensure the availability of service if the TCP layer below it is disrupted. If implemented according to the original standards, TCP connections can be easily disrupted even by an attacker who is not monitoring the actual traffic of the connection. These blind spoofing attacks are mostly a problem for long-lived connections, such as BGP sessions between routers or SSH/SSL sessions used to remotely administer servers. Tweaks to solve these blind spoofing attacks have been implemented in many operating systems, but many fixes have the problem that they reduce interoperability with other operating systems. This paper demonstrates how interoperability has been harmed by certain TCP changes and discusses better solutions to the problems at hand. The topics of TCP initial sequence numbers, TCP timestamps, IP ID values, and ephemeral port randomization are discussed. The majority of the paper is spent discussing TCP initial sequence numbers, as they are the primary point of attack for blind spoofing. Points of interest include a survey of the initial sequence number generation methods of some popular operating systems, an improvement to RFC 1948, and a proposal for how to use TCP timestamps to increase resistance to spoofing attacks.

http://www.silby.com/bsdcan06/

speaker: Mike Silbersack

location: SITE H0104

One of the things UNIX is really good at is interfacing to all sorts of weird hardware. But once the communicatoins part of the task is over, what then to do about the data ? An extensible application for management of weird stuff called "measured" will be presented, the design and implementation will be discussed and examples shown of what it can do.

speaker: Poul-Henning Kamp

location: SITE B0138

Originally part of the KAME code (KAME-Shisa), but not included in the recently announced[1] "final merge", MIPv6 is now taken care of by the (linux centric) WIDE-Nautilus[2] project. I am involved with a research group[3] at our university that is enhancing MIPv6. Our development and testing is completely based on FreeBSD 5.4 + KAME-snap and I am looking at porting the efforts to FreeBSD 6/CURRENT later.

For the talk I'd like to give a short introduction to MIPv6 in general and it's implications. Later on I'd spend some time with explaining our optimizations and how they have been implemented. This would be mainly to foster some interest in MIPv6 in general within the BSD community again. Unfortunately, the linux folks have taken over most of the current developlent (eventhough KAME is a great foundation for IPv6 development).

speaker: Max Laier

location not assigned

speaker: der Mouse

location: SITE H0104

NetBSD LiveCDs have been around for several years, but just like their FreeBSD and OpenBSD counterparts, they have never been integrated into the official releases, and instead are maintained by third parties. To take advantage of the ease with which LiveCDs allow users to try out and install a new operating system, it is important to allow automatic generation of LiveCD images for each release.

This paper presents the framework for building a Live CD to be integrated into NetBSD's release process and building tool (build.sh) to ensure that users can experience a no-hype LiveCD that accurately reflects what a running system looks like. The result will easily provide the basis for third parties to develop specialized products for any given NetBSD release, and will open the door for many more new applications of NetBSD Live CDs.

speaker: Jan Schaumann

location: SITE B0138

In order to develop and debug network protocols it is either necessary to have a large laboratory filled with computers and networking equipment or to have a way to simulate several machines talking on a network. Until recently simulated systems have only partially implemented some part of a protocol so that the protocol code could be tested within a single machine. With the advent of cheap and ubiquitious virtualization technology, as well as cheap, fast computers with large secondary storage it is possible to simulate teams of machines on networks of varying shape and sizes. Unlike the partial simulations of the past virtualized machines have the advantage of being full systems in their own right, able to run just as a "real" machine would and to reproduce the same problems that users in the field would see.

This talk covers setting up and working with multiple systems in a virtual environment, using VMware Workstation as the virtualization technology and FreeBSD as the system being developed and debugged. Network conditions permitting this may include a full demonstration, but the machine in question (chuo.neville-neil.com) is in Tokyo so I don't want to promise this.

speaker: George V. Neville-Neil

location: SITE B0138

The OpenBSD project produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Their efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography.

But what about Wireless LAN support in OpenBSD? A few years ago WLAN support in Open Source operating systems was only an unimportant side-issue. Meanwhile, wireless networks are spread all over the world and the IEEE 802.11 protocol has become the leading approach. During the last years, consumer-grade WLAN products have become available mostly everywhere. OpenBSD is probably the operating system with the best out-of-the-box support for most of the current wireless network devices. And of course, it is free without any non-free code or binary driver blobs.

The WLAN support in OpenBSD provides everything to run host-based Access Points, clients and even proactive wireless monitoring nodes. OpenBSD does not support all of the latest industry standards and IEEE 802.11 subtypes, but it provides support for a powerful basic operation and some bleeding-edge wireless network and security concepts. Some of the advanced proactive wireless networking capabilities, such as roaming and WIDS, are provided by the OpenHostAPD, which first appeared in the OpenBSD 3.8 release. Latest works like the improved and easy IPsec support, authpf and even SSH-VPN are reliable and secure alternatives to existing wireless security standards like WEP and IEEE 802.11i/WPA2.

This talk will address the latest wireless capabilities in the latest release OpenBSD 3.9 with a brief introduction of the concepts and basics. Even for advanced setups, like large and secure distributed wireless networks- Most of the required software is already part of the OpenBSD base system. The talk will illustrate how the pieces belong together, including a live demonstration of selected scenarios.

speaker: Reyk Floeter

location: SITE H0104

This talk is the final result of personal research into the FreeBSD kernel with the goal of building a clever kernel rootkit framework. The main goal was building tools that would be helpful in the development of FreeBSD rookits.

An hypothetical rootkit, written with these tools, might be:

• Flexible
• Simple to trigger
• Simple to apply (not passing from /dev/kmem or kernel .text overwriting)
• Efficient
• Opaque (very difficult to discover)

All these conditions are met by passing through the ABI (kernel binary emulation layer) subsystem.

The talk will show theoretical issues and a practical approach to crafting stealth rootkits with this new technique (in particular the remote usage of rootkits).

speaker: Attilio Rao

location: SITE A0150

Moving FreeBSD from an ithread-centric model to an interrupt-filter model. The ithread model is a cornerstone of the FreeBSD SMPng project, but has a number of flaws relating to latency/performance and incompatibilities with common Intel hardware. The interrupt filter model is inspired from Mac OSX and addresses these problems nicely. The paper will focus on the technology history of both approaches as well as some alternate approaches found in other OS's, performance comparisons, and discussion on what this means to driver authors and how they can easily adapt to the new model.

speaker: Scott Long

location not assigned

Among the least-publicized strengths of the FreeBSD development model are users' access to the CVS source tree and the continual QA work being done via onging build processes. The work described in this talk attempts to leverage these strengths to help ease the process of porting, and maintaining, applications for FreeBSD.

There were several automated processes that already existed to provide Quality Assurance (QA) feedback for the ports tree. Each of these processes produces results that are generally posted in HTML format on a regular basis. In addition, there are other sources of information (in particular, the Problem Report (PR) database), which are also suitable for mining information from.

Until the creation of portsmon there was no way to correlate these sources of information in a way that could be browsed by a human. portsmon grabs the HTML pages, parses them, puts them into a database, and allows interactive queries from HTML forms. In addition, it periodically outputs email with the status of ports that have some kind of error.

speaker: Mark Linimon

location: SITE A0150

• the organizational structure of the BSD Certification Group
• the coordination of hundreds of volunteers scattered throughout the globe
• the importance of psychometric analysis and its impact on the price of certification
• the task analysis, BSD usage, and country-specific surveys
• the current publications, including the roadmap, certification requirements document, and educational guidelines
• the testing methodology and test delivery process
• what remains to be done
• what you can do to help
• how the organization will continue once the exams have gone "live".

speaker: Dru Lavigne

location: SITE A0150

Since the beginning of networks, one of the basic ideas has been sharing of files; even with the Internet as advanced as today, simple platform independent sharing is not common. Why is the closest thing we use WebDAV, a 'neat trick over http', instead of a real protocol?

In this paper the Andrew File System will be described which has been (and is) the file sharing core of many universities and companies world-wide. Also the reason for its relative unawareness in the community will be answered, and its actual features and performance in comparison with alternative filesystems. Finally some information will be given on how to use with our favourite OS: BSD.

speaker: Hugo Meiland

location: SITE H0104

speaker: Colin Percival

location: SITE H0104

I'm pleased to announce the WIP session signup for BSDCan 2006. Last year, the WIP session was very successful, with presentations on topics as diverse as new SSH implementations to BSD-based voicemail systems, and we hope to replicate that success this year. The format remains essentially the same: in a one hour period, audiences are entertained and informed by a rapid fire series of short talks on interesting new or on-going work by individuals or groups. Slides aer permitted, but not obligatory; pictures are highly recommended. Topic areas include new open source software projects, works in progress for future releases of existing projects, student projects, etc. WIP topics this year may make good conference papers next year!

The number of slots is limited, and experience suggests there will be more takers than slots. Sign up well in advance to be assured a spot. Please e-mail <wip@bsdcan.org> to sign up. Send a one or two paragraph summary of the topic to be presented, and the names of the person(s) presenting it. Also, please give a time estimate -- typically times will be one to five minutes. The time limit will be strictly enforced -- you will be cut off if you try to run over! The WIP e-mail registration deadline is May 6, after which remaining slots (if any) may be signed up for in person. Any slides must be received by the WIP session chair by, at latest, May 11 at 11:59pm GMT. The session chair this year is Robert Watson.

speaker: Robert Watson

location: SITE B0138