BSDCan 2012The Technical BSD ConferenceUniversity of OttawaOttawa2012-05-092012-05-135Slide Update J09:0000:1509:0003:00DMS 1150IPv6 TutorialHow to get rid of legacyworkshopenWith the IPv4 depletion closer and closer, there is a rising need to be able to work with IPv6 in our everyday life. This tutorial aims at putting the audience with their hands on the new protocol, creating a test network and managing applications running on top of it. The tutorial is divided in small theory sessions, and a series of hands-on sessions right after them, where lessons learned will be applied in a real life environment.
We all know that IPv4 is running out faster than we could ever predict, and everybody should start getting acquainted with IPv6, a protocol - or better a suite of protocols - that has been available and usable for more than ten years but never got the right level of audience. Being ahead of the majority of the people will give those who were smart enough a lead over those that underestimated the 'threat'.This tutorial is intended for people wanting to get a greater grasp on the technology and implications of running IPv6, and will be presented along with a series of lab session to get running in this somewhat new world. There will be an introduction sheding light on key concepts and features, preparing the attendees for the rest of the session, focusing on putting hands on an IPv6-only network and connecting it to the world at large.
Focus will be on a hands-on approach, where the participant is requested to act and work on configuring services over a real network after a brief theoretical introduction to highlight key concepts. Topics of the tutorial include IPv6 subnetting, protocol implementation for different common internet services like www, mail, dns, along with digressions over routing protocols and implementations such as DS-LITE and NATx4
At the end of the session, participants should be able to set up an IPv6-enabled network with no hassle, and with the required know-how to migrate services to the new protocol, transition mechanisms and procedures, and everything else needed.
The tutorial is supported by a remote lab where every participant will be given a series of virtual machines to configure following the topics presented in the theory sessions, and will also have to relate to others to complete the required exercises, like setting up web services and interacting with other groups to test their communication on the live internet. Every participant will also be given a three week period over which the virtual machines will still work, so that he can keep on trying out IPv6 to strengthen key concepts outside of the class.
Massimiliano StucchiPhilip Paeps13:0003:00DMS 1150IPv6 Tutorial (afternoon)How to get rid of legacyworkshopenWith the IPv4 depletion closer and closer, there is a rising need to be able to work with IPv6 in our everyday life. This tutorial aims at putting the audience with their hands on the new protocol, creating a test network and managing applications running on top of it. The tutorial is divided in small theory sessions, and a series of hands-on sessions right after them, where lessons learned will be applied in a real life environment.
We all know that IPv4 is running out faster than we could ever predict, and everybody should start getting acquainted with IPv6, a protocol - or better a suite of protocols - that has been available and usable for more than ten years but never got the right level of audience. Being ahead of the majority of the people will give those who were smart enough a lead over those that underestimated the 'threat'.This tutorial is intended for people wanting to get a greater grasp on the technology and implications of running IPv6, and will be presented along with a series of lab session to get running in this somewhat new world. There will be an introduction sheding light on key concepts and features, preparing the attendees for the rest of the session, focusing on putting hands on an IPv6-only network and connecting it to the world at large.
Focus will be on a hands-on approach, where the participant is requested to act and work on configuring services over a real network after a brief theoretical introduction to highlight key concepts. Topics of the tutorial include IPv6 subnetting, protocol implementation for different common internet services like www, mail, dns, along with digressions over routing protocols and implementations such as DS-LITE and NATx4
At the end of the session, participants should be able to set up an IPv6-enabled network with no hassle, and with the required know-how to migrate services to the new protocol, transition mechanisms and procedures, and everything else needed.
The tutorial is supported by a remote lab where every participant will be given a series of virtual machines to configure following the topics presented in the theory sessions, and will also have to relate to others to complete the required exercises, like setting up web services and interacting with other groups to test their communication on the live internet. Every participant will also be given a three week period over which the virtual machines will still work, so that he can keep on trying out IPv6 to strengthen key concepts outside of the class.
Massimiliano Stucchi09:0003:00DMS 3105Maintaining your own PBI package repositoryPBI RepositoryenThis tutorial would cover all the major aspects of using the new PBI build and distribution system. We will take a look at how to create and maintain a repository of software for either public or private use. In addition we will dig deeper into how to run a build system, building PBIs from FreeBSD ports, either manually or in a fully-automated manner. Advanced topics such as custom build options, installation scripts and more will also be presented.
Outline
Introduction
The philosophy of the PBI format
Use cases
Improvements in the format for 9.0
Building
Creating PBIs from the FreeBSD ports tree
Building from static content
Distributing
Creating a new repository (rpo)
Setting up public / private repository
Distributing packages to clients
Maintaining
Running an automated build server
Adding PBIs to repository indexes
Add / Remove / Translating meta-data
Dealing with binary diff updates
Advanced Topics
Customizing your makes
Using pbi modules to customize ports / PBIs
Time Frame
A half-day tutorial would suffice, between 2 and 2.5 hours.
Target Audience
System Administrators for medium / large businesses, ports maintainers, users of FreeBSD or PC-BSD who run packages on servers or desktops. Kris Moore13:0003:00DMS 3105Building the network you need with PF, the OpenBSD packet filterworkshopenThis session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. A no nonsense session to get you started with PF or refresh your knowledge with the latest updates.This (one day or half day) session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. Topics covered include
* Configuration on OpenBSD, FreeBSD and NetBSD
* PF ruleset basics and rule interactions: block, pass, match
* Writing maintainable rulesets
* Address families: IPv4 NAT vs IPv6
* Redirections and services with odd dependencies (ftp-proxy, spamd)
* Adaptive rulesets (state tracking tricks)
* ALTQ traffic shaping
* Per user filtering with authpf
* High availability with CARP, relayd
* Wireless vs wired networks
* Filtering bridges
* Logging and monitoring - pflog, pflow and others
* Testing, debugging, and optimizing your configuration
The session will provide updates on the new PF syntax and features introduced in OpenBSD 4.7 (with samples presented in the old and new syntax where appropriate), with newer updates and previews of relevant new features in the just-released OpenBSD 5.1 version (release date May 1st, 2012).
The tutorial is loosely based on Hansteen's book, <a href="http://nostarch.com/pf2.htm">The Book of PF</a> (No Starch Press, second edition November 2010).
Slides matching the EuroBSDCon 2011 version of the tutorial can be found at <a href="http://home.nuug.no/~peter/pf/eurobsdcon2011/">http://home.nuug.no/~peter/pf/eurobsdcon2011/</a>;
updated slides will be made available to the general public after the present session has concluded.
Peter Hansteen
The Book of PF
That Grumpy BSD Guy - Peter Hansteen's blog
The PF tutorial Home Page
Slides for the BSDCan 2012 version of the tutorial
09:0003:00MRT 251Introduction to OpenVPNPractical use of OpenVPN to secure remote networks.workshopenThe tutorial will cover the basic installation and configuration for OpenVPN. We will touch on bridged VPNs, and demonstrate routed VPNs with hands-on activity. Attendees will build a VPN with multiple clients and expand on that through the day by connecting VPNs to other networks and passing traffic across multiple legs and VPNs.This is a hands-on lab with the expectation that attendees will have a laptop. The installation of OpenVPN should be anticipated for attendees on their machines. Attendees are welcome to pre-install OpenVPN, or the presenters will have installation media available during the class.
Introduction to OpenVPN
• Overview
⁃ Introduction of speakers.
⁃ What OpenVPN is.
⁃ What OpenVPN is not.
⁃ General VPN theory and usage.
⁃ The OpenVPN community and available resources.
• Demonstration
⁃ Basic Bridged VPN
⁃ Basic Routed VPN
• LAB
⁃ Initial server setup.
⁃ Generating certificates using ssl-admin.
⁃ Server configuration and startup.
⁃ Client configuration
⁃ Installation of OpenVPN on various operating systems.
⁃ Connecting clients to an OpenVPN Server
⁃ Multiple OpenVPN networks
⁃ Connecting multiple networks through OpenVPN
⁃ Passing client traffic between multiple VPNs
⁃ Routing and more.
⁃ Using OpenVPN as default gateway.
⁃ Pushing multiple networks over OpenVPN
⁃ Revoking certifcates.
⁃ Additional authentication methods.
• Final Thoughts
⁃ Logging and trouble-shooting.
⁃ Management Interface
⁃ Starting/Stopping OpenVPN on FreeBSD
⁃ Multiple client/server processes on FreeBSD
Eric F CristThomas Johnson
OpenVPN Home Page
OpenVPN Forums
OpenVPN Community Home
13:0003:00MRT 251SSHKeys, Tunnels, VPN, and AutomationworkshopenUse of OpenSSH and PuTTY clients with the OpenSSH server for authentication, tunnels, VPNs, and automation.A surprising number of systems administrators use SSH as a replacement for telnet: run the client, type in a username and password, and they're in. While you can find all kinds of tutorials on more advanced features, many of them are obsolete or inapplicable to modern SSH. This tutorial takes junior system administrators through more advanced SSH features, including: use of keys for authentication, port forwarding, creating VPNs, and using SSH for automation, using both OpenSSH and PuTTY clients.
Attendees who bring their preferred SSH client and have access to a recent OpenSSH server will leave with working public-key authentication.
Based on my book "SSH Mastery"Michael W. Lucas15:0006:00Royal Oak PubregisterRegistration - pubPick up your registration pack, have a beer!otherenRegistration pick upAvoid the line ups of the first day! Pick up your registration pack early, at the pub. Sit back. Have a drink, some food. Enjoy the company.
A BSDCan tradition. :)Dan LangilleDru Lavigne
The map is linked to from the home page.
10:0001:00MRT 205An Introduction to Verifiedexec in NetBSDenThe verifiedexec feature has been part of NetBSD for some years now. It seems that a lot of people are unaware of the feature or do not know the full capabilities of verifiedexec. This talk will introduce the feature, what it can do and also what it could be capable of with some kernel changes.The verified execuction feature is a unique extension to the NetBSD kernel that allows an administrator to ensure the binaries and files that are being accessed have not been modified by comparing the fingerprint of the on-disk file with a "known good" copy of the fingerprint kept in kernel memory. This allows very fine grain control over what will be executed on the machine, even by root, and can provide assurance that files have not been modified. In this talk I will go over some of the history of verified execution, how it works and what it can do, then finally move on to what the next steps I want to take in the development of veriexec. Verified execution has been in NetBSD for a long time but it seems to be a feature that that is not widely known about, hopefully this talk can raise its profile somewhat.
Brett Lymn11:3001:00MRT 205auditdistd - Secure and reliable distribution of audit trail filesenSecurity Event Audit is a facility to provide fine-grained, configurable logging of security-relevant events.
Audit events are stored in trail files that can be used for postmortem analysis in case of system compromise.
Once the system is compromised, an attacker has access to audit trail files and can modify or delete them.
The auditdistd daemon's role is to distribute audit trail files to a remote system in a secure and reliable way.
The talk will provide background to the Security Event Audit facility in FreeBSD and will describe auditdistd daemon in detail.
The auditdistd daemon is a good example of using modern sandboxing mechanisms, like capsicum.
During the talk audit subsystem and auditdistd daemon will be presented live.Pawel Jakub Dawidek13:3001:00MRT 205Crowdsourcing securityLessons in open code and bug bounties lectureenAdvocates of open source software often claim that the public availability
of source code gives them a security advantage: Given enough eyeballs, all
bugs are shallow, according to Eric S. Raymond. While it is clear that
the world has no shortage of eyeballs, it is far from clear that they are
being usefully employed; and the putative security benefits of open source
code evaporates if nobody takes advantage of the opportunity to read the
source code with which they are provided.
In this talk I will draw upon my experiences with a large open source project
(FreeBSD) and running a bug bounty program at a small commercial project
(Tarsnap) to offer advice on how to maximize the likelihood that security
vulnerabilities are found and reported.
Advocates of open source software often claim that the public availability
of source code gives them a security advantage: Given enough eyeballs, all
bugs are shallow, according to Eric S. Raymond. While it is clear that
the world has no shortage of eyeballs, it is far from clear that they are
being usefully employed; and the putative security benefits of open source
code evaporates if nobody takes advantage of the opportunity to read the
source code with which they are provided.
In this talk I will draw upon my experiences with a large open source project
(FreeBSD) and running a bug bounty program at a small commercial project
(Tarsnap) to offer advice on how to maximize the likelihood that security
vulnerabilities are found and reported.
Colin Percival15:0001:00MRT 205pfSense 2.1: IPv6 and morelectureenpfSense is a BSD licensed customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. This session is being presented by the founders of the pfSense project, Chris Buechler and Scott Ullrich.At the time of BSDCan 2012, pfSense 2.1 will be newly released. This release adds IPv6 support to nearly every portion of the system, as well as some other smaller changes. This session will cover all of the changes in the 2.1 release, primarily focusing on adding IPv6 support to your existing deployments. With IPv4 address space dwindling and World IPv6 Launch coming up in June, now is the time to bring up IPv6 on your networks. While IPv6 brings new benefits, it also poses new security and connectivity considerations, which will be covered. Attendees will come away with all the latest on the project, as well as knowledge to securely bring their networks onto the 21st century Internet with IPv6. Chris BuechlerScott Ullrich16:3001:00MRT 205NetBSD/mipslectureenSince NetBSD 5 was released, the support for MIPS on NetBSD has been completely revamped. It is now one of the more advanced ports of NetBSD. This talk is an overview on what has changed and what the current state of MIPS support and a brief look forward to what else is coming.Subjects to be covered:
Why? (Big Embedded space, large amounts of memory, etc).
Quick Introduction to the MIPS architecture
Overview of XLR/XLS/XLP
Overview of what changed (toolchain, SMP, pmap, PCU, compat32, new cpu support, use of MIPS features, fast softint)
Design decisions
why N32 by default?
why no separate mips64?
Major features
64-bit address space
cpu abstraction
dynamic fixups (changing indirect calls to direct calls)
splsw
UVM changes
Fast software interrupts
SMP (for NetLogic XLR/XLS/XLP)
mostly lockless pmap
Choosing a new page size
COMPAT_NETBSD32
networking
filesystem mounting
32-bit systems
N32 Kernels
Effects on the NetBSD in general
PCU
direct-mapped UAREAs
COMPAT_NETBSD32
common pmap for TLB based MMUs
What coming?
MIPS MTE support (MultiThread Extension)
Support for other MP MIPS chips (maybe)Matt Thomas
Slides
http://
09:3000:30MRT 218openingOpening sessionWelcome to BSDCan 2011lectureenTraditional greetingsWild applause. Don't be late, there will be a giveway in the first five minutes.Dan Langille10:0001:00MRT 218BSD MultiplicityAn applied survey of BSD multiplicity and virtualization strategies from chroot to BHyVe lectureenEver since the University of California, Berkeley CSRG implemented the chroot(8) command and system call in its BSD operating system in 1982, the community-developed BSD Unix derivatives have set the standard for the introduction of plurality to the conventionally-singular Unix computing model. Today's system operators and developers have an array of BSD-licensed multiplicity strategies at their disposal that offer various degrees of both isolation and virtualization when introducing plurality. This paper will survey current and experimental BSD multiplicity strategies including chroot, FreeBSD jail, NetBSD/Xen, Amazon EC2, compat_linux, GXemul and SIMH, plus experimental strategies such as FreeBSD BHyVe, compat_mach, Usermode NetBSD, Dragonfly BSD vkernel, OpenBSD sysjail and NetBSD mult. As an applied survey, this paper will both categorize each multiplicity strategy by the Unix environment to which it introduces plurality and demonstrate the usage of the utilities relating to each solution.The survey criteria consist of five distinct Unix environments to which plurality is introduced:
• Machine Multiplicity, as distinguished by the introduction of native and foreign hardware system and their distinct Instruction Set Architectures defined by distinct physical hardware systems, virtualized instances of them, or software emulattions of them (NetBSD-Xen/EC2, GXemul, SIMH and BHyVe)
• Kernel Multiplicity, as distinguished by a plurality of executing kernels (Usermode NetBSD, Dragonfly BSD vkernel)
• Init Multiplicity, as distinguished by distinct kernel-spawned init processes and their descendant processes (mult)
• Userland Multiplicity, as distinguished by distinct userlands with optional process tables and their descendant processes (chroot, FreeBSD jail and sysjail)
• API Multiplicity, as distinguished by distinct foreign Application Programming Interface compatibility layers (compat_linux, compat_mach)
The reader will thus come away with a set of working examples for each solution that they can implement on their own.
In addition, this survey addresses key host and guest administrative considerations applicable to each multiplicity solution:
• Storage Device considerations: Are they hardware or software-based? What image and file system formats are supported?
• Network Device considerations: Are they configured by the host? From within the guest?
• Console Device considerations: Does the guest appear on the host console? Is it redirected to a network-aware solution such as VNC or X11 over SSH?
• Kernel considerations: Is the native or foreign guest kernel modified? Does it reside within or outside the guest userland?
• Userland considerations: Is the guest userland modified? Does it lend itself to customization through additive or subtractive techniques?
Michael Dexter11:3001:00MRT 218FreeBSD on Microsoft Hyper-vA collaborative effort between Microsoft, NetApp, and CitrixlectureenMicrosoft and NetApp will be presenting their initiative to bring native support for FreeBSD on the Microsoft Hyper-v hypervisor.This presentation will cover the collaboration effort between Microsoft, NetApp and Citrix. Motivations will be revealed, along with an overview of the Hyper-v architecture, how FreeBSD fits into it, and the changes being made to the operating system. Lastly the status of the program will be shared to give you an idea when you will be able to run FreeBSD on Hyper-v. Jason GoldschmidtK.Y. SRINIVASAN13:3001:00MRT 218IPv6Faster, Further, FreeBSDlectureenThis talk will present an update on the ongoing IPv6 work in FreeBSD.340 trillion, trillion, trillion addresses is something your news paper might have written about lately. But the Internet Protocol version 6 (IPv6) is a lot more than just 128bit addresses. "Faster, Further, FreeBSD" is your news update on the latest or ongoing IPv6 improvements and development work by the FreeBSD community.Bjoern A. Zeeb15:0001:00MRT 218Intro to DNSSEClectureenThis presentation will introduce the DNS Security Extensions which extend standard DNS to add resource records and algorithms to provide source authentication.We will cover the need, signing, validating, and troubleshooting DNSSEC signed zones. The presentation will also introduce EDNS0, new resource records, and DNSSEC related tools. Some examples will be shown using ISC BIND.
Jeremy C. Reed16:3001:00MRT 218FreeBSD Unified Deployment and Configuration ManagementA practical approach to managing highly heterogeneous installationslectureenWhen we needed dozens of storage, processing and front-end machines for a prototype of a new cloud media service, we developed a cost-effective, but technically challenging hybrid strategy of purchased, rented dedicated and rented virtual servers. FreeBSD was an easy choice thanks to its performance, reliability, and unparalleled ease of management on a per–node level. However, while the number of infrastructure–level tasks kept growing and we needed to scale through beta and release stages, there was an obvious need to reduce complexity.
After a year of tentative design and experimenting with partial solutions, we started implementing in November 2011, the result-in-progress being something we call unified configuration management (and deployment), bringing immediate returns on time invested.The talk focuses on a new unified approach to deploying and managing modern versions of FreeBSD across a wide variety of technical and administrative circumstances: different countries, data centers, hardware, access policies, boot methods, networking, support contracts, machine roles, etc.
While avoiding any popular Linux-centric CM systems, such as Puppet, Chef, and CFEngine, we achieve very low complexity by leveraging rc(8), loader(8), glabel(8) and other existing instruments, such as pkgng, to their potential as necessary. The cornerstone is keeping configuration and deployment versioned and unified — same across all cases, with no duplication of common parts and very simple specification of per-role/per-case peculiarities. The approach spans everything from installation and booting to managing third-party and custom site-specific software. The method is being actively developed and applied in production environment of a popular online music service.Andrew Pantyukhin
The company behind the project
10:0001:00MRT 250An Overview of Locking in the FreeBSD KernellectureenThe FreeBSD kernel uses seven different types of locks to
ensure proper access to the resources that it manages. This
talk describes the hierarchy of these locks from the low-level
and simple to the high-level and full-featured.The functionality
of each type of lock is described along with the problem domain
for which it is intended. The talk concludes by describing the
witness system within the FreeBSD kernel that tracks the usage
of all the locks in the system and reports any possible deadlocks
that might occur because of improper acquisition ordering of locks.Kirk McKusick11:3001:00MRT 250Automated testing of libcurses in NetBSDlectureenThis talk will describe how the curses library was added to the standard tests performed by the Automated Test Framework in NetBSD. It will discuss how the approach used was chosen and the pitfalls encountered during the implementation.The curses library is a reasonably large and complex library of
functions. Making changes to the library functions can be fraught with
danger because subtle bugs can be introduced into the code that cannot
be detected merely by observing the output in a terminal only to emerge
in some combination of events that are difficult to determine which
makes debugging extremely difficult.
A project during the 2007 Google Summer of Code saw the introduction of
an automated test framework (atf) that gave developers the framework in
which to write test code to validate that their code is working as
expected and that subsequent changes do not break functionality. By
using ATF libcurses could be tested automatically to validate changes
made to the library have not had an impact on the curses output, or, if
there are changes, that these changes are expected and desired.
The challenge in bringing libcurses under ATF testing lay in how a
library that expects to read and write from a terminal may be
automatically tested. Not only from the point of view of handling the
input and output but also trying to avoid a huge amount of very
repetitive code. I have developed a unique solution for these problems
that provides the curses library with the terminal interface it needs
but allows ATF to manage a series of tests. This curses test framework
is currently in the NetBSD-current tree and I am slowly working through
adding tests for functions in the curses library. In this talk I will
share the solution I have devised and discuss some of the challenges
involved in testing an interactive library such as libcurses.
Brett Lymn13:3001:00MRT 250Bullet CacheBalancing speed and usability in a cache serverlectureenBullet Cache is an in-memory cache server inspired by memcached, but with a twist: a powerful record tagging and bulk query facility, configurable multithreading models and a dump / cache prewarm option. This talk will have two parts: a technical description of Bullet Cache's implementation with focus on programming techniques and optimizations, and a description of usage scenarios with the focus on how it can help real-world applications (not limited to Web applications). Bullet cache is an new solution to Web application cache problems. Where other cache servers fail by not providing the application enough control over its data, Bullet cache offers a unique interface which enables complex interactions between the application and its cached data. Bullet cache is highly optimized for the mode of operation where there are hundreds of thousands of concurrent requests for small objects, supporting key-value records, but with a twist! In addition to being highly optimized for speed, Bullet cache implements an innovative solution which enables cache records to carry certain metadata which can be used to further optimize common operations used by the applications. Using very simple and basic operations, records can be precisely queried or deleted in massive numbers, without the need to explicitly specify all record keys.
The project is written mostly in C++, with some parts in pure C, and was developed on and optimized for FreeBSD, and is released under the BSD license.Ivan Voras
SourceForge project page
Project's web site
15:0001:00MRT 250Fast reboots with kloadlectureenLinux has has the ability to quickly reboot a system by loading a new kernel image into memory while they system is running and then restart into the new kernel bypassing the reset bios post process.
By utilizing the excellent work already done in the loader userboot.so project kload (kernel loader) provides must of the same functionality as kexec. Kload load a new kernel image into temporary kernel space prior to shutdown / reboot. The final step of reboot it then changed to overwrite the existing kernel image with the new image currently in temporary space, and jump to the new start address.
This process bypasses the entire bios cycle and slow bios disk reads.
Overall time saving varies based each bios cycle time.Russell Cattelan16:3001:00MRT 250Virtually-Networked FreeBSD JailslectureenFreeBSD includes a powerful OS-based virtualization stack known as jails. Combined with a virtual network stack and ZFS, jails become an instant and efficient cloud-like infrastructure. This talk shows how to set up FreeBSD to use the virtualized network stack and ZFS with jails. The presenter of the talk will release a tool to make administration of FreeBSD jails extremely easy.Shawn Webb10:0000:30MRT 256Progress in FreeBSD PortslectureenMark Linimon10:3000:30MRT 256Ports Testing Project lectureenSteve Wills11:3000:30MRT 256Automated Documentation Proofreadingigor: Making Documentation EasierlectureenAutomated Documentation Proofreading
Making documentation easier and better by automating tests for errors in language, formatting, and usage.
Few people like to work on documentation. There are numerous rules for wildly-varying documentation formats, many rarely used and
hard to remember. An automatic proofreader to check for errors ranging from spelling to meeting all the arcane formatting rules of
the different toolchains would relieve much of the stress. Not only will this encourage improving the documentation, it helps to
prevent errors in the first place, and detect those that have slipped through already. Clean, consistent files are easier to maintain,
expand, and convert to new formats. The automated proofreader, named "igor" after a famous lab assistant, helps the writer focus on
improving the content of their document.Warren Block12:0000:30MRT 256Kernel Debugging TrickslectureenBjoern A. Zeeb13:3000:30MRT 256Google Code-In and FreeBSDlectureenBenedict Reuschling14:0000:30MRT 256CAM Target LayerlectureenKen Merry15:0000:30MRT 256State of 802.11 in FreeBSDlectureenAdrian Chadd15:3000:30MRT 256CapsicumlectureenRobert Watson16:3000:30MRT 256FusionIO and FreeBSDlectureenJulian Elischer17:0000:30MRT 256Work on callout(9)lectureenDavide Italiano19:0005:00L152Hacker Loungemeet, greet, hackotherenThe hacker lounge is on the ground floor of residence. Bring your laptop, enjoy. THIS IS NOT THE SAME ROOM AS in 2011. Is is to the left as you walk past the residence registration desk.Proper behaviour is expected, or you'll be asked to leave. :) If you must ask what proper behaviour is, well, it sounds like you shouldn't be there.
The starting time is flexible, so is the ending time. Just show up. wifi will be available.
In order to play nicely with others, please bring an extension cord / power strip.
Please keep this room tidy and clean.Dan Langille12:0001:30POR 106bsda2BSDABSD CertificationotherenTake the BSDA certification.The BSD Certification Group Inc. is a non-profit organization committed to creating and maintaining a global certification standard for system administration on BSD based operating systems.
YOU MUST register and pay for this event. See the link for details.Dru Lavigne
Register here
10:0001:00MRT 205Building a FreeBSD based Virtual ApplianceHow we built the Razorback appliancelectureenRazorback is a framework for an intelligence driven security solution. It consists of a large number of components and dependencies that make the barrier to deployment quiet large for the uninitiated. This talk aims to shed some light on the process of creating a virtual appliance that enabled us to reduce the barrier for people that want to test the system.Lowering the barrier to entry for a complex project is key for improving deployment of your project, by building a virtual appliance you can cut the setup time from over a day to just a few minutes.
This tutorial aims to cover setting up a VM build environment that will allow you to create custom virtual appliances for you projects that are easy for people to deploy.
We will cover:
* Setting up the build host for PXE based installation of the appliance.
* Tuning the installer to install only the components that we need to the vm to function.
* Deploying tinderbox to build the systems dependencies.
* Installing the dependencies via the installer
* Deploying freebsdadmin on the VM to provide a management interface.
* Customizing the base freebsdadmin package.
* Adding custom applications to freebsdadmin to manage your application.
The aim is provide a hands on experience so attendees should bring a laptop capable of running 2 small FreeBSD virtual machines. Attendees should also have some basic FreeBSD systems administration experience.
By the end of the session attendees should have a firm grasp on the process of creating a virtual appliance using the freebsdadmin project as the management interface.Tom Judge
Razorback
FreeBSD Admin Project
11:3001:00MRT 205FreeBSD on Freescale QorIQ Data Path Acceleration Architecture DeviceslectureenThis paper describes the design and implementation of the FreeBSD operating
system port for the QorIQ Data Path Acceleration Architecture, a family of
communications microprocessors from Freescale.These chips are a modern,
multi-core, PowerPC based SoCs, which feature a number of specifically
designed peripherals, addressed for the high performance networking devices,
which are increasingly common in modern communication infrastructure.
The primary focus is the Data Path Acceleration Architecture (DPAA)
with the new approach to network interface architecture. It has significant
influence on the FreeBSD device drivers design and implementation. The paper
describes how the full network functionality was brought forward, and also
covers other major development tasks like the e500mc quad-core SMP bring-up
and support for other integrated devices.Piotr Zięcik13:3001:00MRT 205Ethernet Switch FrameworkFully utilize your WLAN routerlectureenDesigning and developing the Ethernet Switch Framework for FreeBSD.FreeBSD is making great strides to be fully functional on many typical WLAN routers. Furthest along is support for devices based on the Atheros series of System-on-a-Chip products. Thanks to Adrian Chadds relentless work, many devices can be used with FreeBSD-current for routing between LAN and WLAN interface. The Ethernet Switch Framework closes one of the last remaining driver gaps to fully enable build an embedded FreeBSD version for such devices.
Currently under development, the Ethernet Switch framework enables configuration of built-in ethernet switch controllers. This allows users to create powerful networking setups without any additional hardware. Even though these routers are typically not very expensive, the switch controllers offer a number of features typically only found in more expensive enterprise equipment. This allows users to create interesting and powerful network setups at home or in small offices.
This talk will present the current state of development, the architecture of the driver framework and will detail the implementation of a typical switch driver. It will also go into some of the architectural challenges that needed to be solved to deal with hardware configurations typical for embedded systems that are uncommon in the world of regular desktop and server systems.
Stefan Bethke
http://wiki.freebsd.org/StefanBethke/EtherSwitch
http://zrouter.org/
Recording of the slides and audio of the talk
15:0001:00MRT 205Recent Advances in IPv6 SecuritylectureenDuring the last few years, the UK CPNI (Centre for the Protection of National Infrastructure) carried out the first comprehensive security assessment of the Internet Protocol version 6 (IPv6) and related technologies (such as transition/co-existence mechanisms). The result of the aforementioned project is a series of documents that provide advice both to programmers implementing the IPv6 protocol suite and to network engineers and security administrators deploying or operating the protocols. Part of the results of the aforementioned project have been recently published, leading to a number of improvements in many IPv6 implementations.
Fernando Gont will discuss the results of the aforementioned project, introducing the attendees to the “state of the art” in IPv6 security, and providing advice on how to deploy the IPv6 protocols securely. Gont will also discusss recent advances in IPv6 security areas such as Denial of Service attacks, firewall circumvention, and Network Reconnaissance, and will describe other IPv6 security areas in which further work is needed. Additionally, he will demonstrate the use of some attack/assessment tools that implement new network reconnaissance techniques or that exploit a number of vulnerabilities found in popular IPv6 implementations.The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years. Additionally, a number of activities such as the World IPv6 Day in 2011 and the upcoming World IPv6 Launch Day (scheduled for June 2012) have led to an improvement in IPv6 awareness and an increase in the number of IPv6 deployments.
There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterpart, and thus it is more likely that the security implications of the protocols be overlooked when the protocols are deployed. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS’s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts, either in terms of features or in terms of performance. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security measures in unexpected ways.
During the last few years, the UK CPNI (Centre for the Protection of National Infrastructure) carried out the first comprehensive security assessment of the Internet Protocol version 6 (IPv6) and related technologies (such as transition/co-existence mechanisms). The result of the aforementioned project is a series of documents that provide advice both to programmers implementing the IPv6 protocol suite and to network engineers and security administrators deploying or operating the protocols. Part of the results of the aforementioned project have been recently published, leading to a number of improvements in many IPv6 implementations.
Fernando Gont will discuss the results of the aforementioned project, introducing the attendees to the “state of the art” in IPv6 security, and providing advice on how to deploy the IPv6 protocols securely. Gont will also discusss recent advances in IPv6 security areas such as Denial of Service attacks, firewall circumvention, and Network Reconnaissance, and will describe other IPv6 security areas in which further work is needed. Additionally, he will demonstrate the use of some attack/assessment tools that implement new network reconnaissance techniques or that exploit a number of vulnerabilities found in popular IPv6 implementations.
Fernando Gont10:0001:00MRT 212High speed packet I/O: challenges and solutions.The netmap framework for fast packet I/OlectureenDealing with millions of packets per second, as it can happen
on 10 Gbit interfaces, puts under stress both hardware and
software. Most OSes (*BSD, Linux, Windows) are unable to handle
more than 1Mpps per core, barely enough for MSS-sized
traffic at 10 Gbit/s.
After years of incremental improvements
(interrupt mitigation, polling, multiqueue NICs, nic offloading)
we recently took a very radical approach with the netmap
framework, which completely redefines the device driver API and
the interface with applications. Netmap provides 10-20x speedups
for certain tasks (generators, traffic monitors, packet forwarding),
and its use can help improving more common tasks (TCP) and point
out other performance bottlenecks that are usually hidden
by the current low speed I/O subsystems.
This talk will discuss challenges existing in the current
packet I/O frameworks, describe the key ideas used by Netmap,
and present the current status and future goals.Luigi Rizzo
Netmap home page
11:3001:00MRT 212OpenBSD network stack evolutioncksums and a new queueing subsystemlectureenDealing with the IP checksum and the protocol checksums (foremost TCP and UDP) in the network stack is surprisingly complex. Having stumbled over an unexpected performance penalty from the IP checksum, I always had this area on my mental todo - and when we stumbled over a really nasty piece of code in pf dealing with these checksums, I re-evaluated and changed the IP checksumming in our stack, for performance and to make better use of checksum offloading to network cards. Changing the protocol checksums in the same way is harder and in the works.
ALTQ has been with us for more than a decade - last not least Kenjiro Cho and myself merged it with pf in 2003. ALTQ has always been a research project, and tought us and the entire community a lot of important lessons. Now it is time to re-evaluate - the entire "glue" between the actual queueing disciplines (of which just two remain, prio and bandwidth shaping) gets redesigned and -implemented.Henning Brauer13:3001:00MRT 212Go SCTP!SCTP implemented in the language GolectureenTwo technologies; both new, exciting, with lots of new features, so why not put them together and have even more fun?
This talk is about my effort to combine two (relatively) new technologies; Stream Control Transmission Protocol (SCTP) and the computer language Go, by
implementing the functionality of SCTP as a library in Go. SCTP is a reliable message oriented transport protocol, has resistance against flooding and
masquerade attacks and includes congestion avoidance procedures. First standerdized in October 2000 by the Internet Engineering Task Force (IETF) in
RFC 2960 and later updated by RFC 4960. Go is a concurrent, statically typed compiled and garbage collected language with a syntax broadly similar to C.
The initial design of the programming language Go started as an internal Google Inc. project in 2007 and was officially announced and open sourced in
2009.
FreeBSD has the reference implementation for SCTP and Go is also available on this platform, so it made sense to do the first implementation on this OS.
I'm currently finishing my Masters in Computer Science (part time) and my dissertation subject is the implementing of SCTP in Go. I've already started to implement
the library and hope to finish my dissertation in about 2/3 months time. The talk will be based on this work.
Outline of the talk (this roughly follows the outline of my dissertation):
- Give some extra background information about Go and SCTP, describe characteristics etc.
- Explain my approach on how to implement a new network library in the Language Go.
- Do a comparison on how network programming is done (first TCP) in C and Go.
- Show how TCP is implemented in Go.
- Show how I implemented SCTP in Go.
- Do a comparison on how network programming is done with SCTP in C and Go.
- Demonstrate the performance differences between similar data transfer techniques of TCP, UDP and SCTP
- Demonstrate the performance differences between the same data transfer techniques implemented in C and Go.
- Question time
Olivier Van Acker10:0001:00MRT 218Optimizing ZFS for Block StoragelectureenThe ZFS file system has been heavily tuned for workloads where file rewrite activity is minimal or is aligned and sized to match ZFS's native record size. Exporting ZFS storage to block consumers, however, presents a situation where every write is rewriting an existing block, and unaligned writes incur a performance killing synchronous read.This paper and talk presents Spectra Logic's optimizations to ZFS's data management layer (DMU) to convert the majority of these synchronous reads to be asynchronous and, for sequential access patterns, to avoid them entirely. We also describe a new scheme that allows concurrent reads to be issued through the DMU without the need to allocate a thread context for each I/O. The result, as implemented and tested using the FreeBSD operating system, is up to a five fold performance increase for unaligned write workloads and a three fold improvement for random read workloads. Justin T. GibbsWill Andrews11:3001:00MRT 218Overview of Amazon Web ServiceslectureenAmazon Web Services provides a highly reliable and scalable cloud computing infrastructure for deploying web-scale solutions, with minimal support and administration costs, and more flexibility than the traditional data center. In the recent months, AWS have launched a lot of new services and features that makes it an ideal platform for Open Source Solutions. In this talk, Randi Harper will share some of the recent developments of Amazon Elastic Compute Cloud (Amazon EC2) and demonstrate how to use various features so that you can manage your Open Source projects effectively. Randi will not only discuss how to get started using the command line tools and web console but also share some of the real-world customer stories and case-studies around Linux and FreeBSD. Randi Harper13:3001:00MRT 218pkgngModernising FreeBSD package managementlectureenpkgng is a new package manager for FreeBSD, it aims at bringing modern package management features for FreeBSDPkgng is a completely new package manager rewritten from scratch. It aims at replacing the old pkg_install. It is developed on top of new libpkg which is the high level library that does all the package management, it brings new features such as safe upgrade, (multi) repository support, integrity checking and more. It has been designed to be extensible while remaining fully compatible with the current FreeBSD ports tree.Baptiste Daroussin
http://github.com/pkgng/pkgng
http://wiki.freebsd.org/pkgng
15:0001:00MRT 218Solaris Boot Environments for FreeBSDreboot into different kernels and worldslectureenSolaris boot environments are a painless way for sysadmins to revert changes and upgrades.
Solaris boot environments are a painless way for developers to test multiple kernels and worlds.
FreeBSD does not offer this functionality natively.
I will describe the procedure of using boot environments on FreeBSD in detail and the due considerations. See the general idea at the link provided.
Nikolai Lifanov
solaris be for freebsd
16:0001:00MRT 218wipoWorks in Progress SessionsShort stories from projects around the worldlectureenFor the sixtth year running, BSDCan will have a WIP (Works In Progress) session, with presentations on diverse topics.The format remains essentially the same: in a one hour period, audiences are entertained and informed by a rapid fire series of short talks on interesting new or on-going work by individuals or groups. Slides aer permitted, but not obligatory; pictures are highly recommended. Topic areas include new open source software projects, works in progress for future releases of existing projects, student projects, etc. WIP topics this year may make good conference papers next year!
The number of slots is limited, and experience suggests there will be more takers than slots. Sign up well in advance to be assured a spot. Please e-mail <wip@bsdcan.org> to sign up. Send a one or two paragraph summary of the topic to be presented, and the names of the person(s) presenting it. Also, please give a time estimate -- typically times will be one to five minutes. The time limit will be strictly enforced -- you will be cut off if you try to run over! The WIP e-mail registration deadline is May 9, after which remaining slots (if any) may be signed up for in person. Any slides must be received by the WIP session chair by, at latest, May 12 at 11:59pm GMT. The session chair this year is George Neville-Neil.Dan Langille17:0001:00MRT 218closeClosing sessionThe wrap uplectureenThe closingFun. Games. Awards.Dan Langille12:0001:30MRT 256bsda1BSDABSD CertificationotherenTake the BSDA certification.The BSD Certification Group Inc. is a non-profit organization committed to creating and maintaining a global certification standard for system administration on BSD based operating systems.
YOU MUST register and pay for this event. See the link for details.Dru Lavigne
Register here
19:0005:00L152Hacker Loungemeet, greet, hackotherenThe hacker lounge is on the ground floor of residence. Bring your laptop, enjoy. THIS IS NOT THE SAME ROOM AS in 2011. Is is to the left as you walk past the residence registration desk.Proper behaviour is expected, or you'll be asked to leave. :) If you must ask what proper behaviour is, well, it sounds like you shouldn't be there.
The starting time is flexible, so is the ending time. Just show up. wifi will be available.
In order to play nicely with others, please bring an extension cord / power strip.
Please keep this room tidy and clean.Dan Langille09:0006:00Out and AbouttouristTourist stuffSpend some time exploringotherenExplore OttawaOttawa has a large number of great attractions. Spend some time looking around and explore. Spend as much time as you want with us, or leave early. We will walk everywhere we go. Wear sensible shoes. Bring your camera. We'll probably have lunch somewhere along the way. Consider the weather (sun block, rain coat, umbrella, swim suit).
We will depart from the National Memorial at 9:30 AM *if the weather is good*.
If it's raining, we'll assemble in the lobby of Residence instead (same time).
If you have ideas/suggestions/plans, please let others know via the forum. From that list, we'll decide what to do on the day.Dan Langille
National Memorial
Residence
Forum
09:0008:00BRS 314docsummitCollaborative Docsummitbetween BSDCan & PGConworkshopenYou do not need to be a doc committer in order to attend the Joint Documentation Summit as it is open to anyone within a BSD or the PostgreSQL community who is interested in documentation (including man pages, Guides/Handbooks, FAQs, publications, website material, press releases, and other marketing material) or translations. The goal of the Joint Documentation Summit is to provide an opportunity for the BSD and PostgreSQL communities to discuss their documentation successes and weaknesses, the tools they use or are planning to use, how to attract new people to documentation, the types of documentation that are most useful to a project's users, and other topics of interest to doc, www, and marketing teams.
To register for this summit, contact dru@freebsd.org or bcr@freebsd.org. Please include your email address, project affiliation, and doc interests in your registration request. Further information is available at http://wiki.freebsd.org/BSDPGDocSummit.Dru Lavigne