BSDCan 2016The Technical BSD ConferenceUniversity of OttawaOttawa2016-06-072016-06-126v1.1.24a09:0000:1516:0006:00Royal OakgoatGoat BOFotherenThis is a BOF.About goats.Allan JudeDan LangilleMichael W. Lucas
Twitter announcement
Google Map to Royal Oak on Laurier St
What's a BoF?
18:0004:00DMS 1160Doc SprintsDoc SprintsmeetingenThis doc sprint is open to both committers and anyone interested in helping to improve the documentation set (handbook, guides, man pages, website) for any of the BSD projects.This doc sprint is open to both committers and anyone interested in helping to improve the documentation set (handbook, guides, man pages, website) for any of the BSD projects.
FreeBSD committers will be available to assist non-committers in getting started with the FreeBSD documentation set, learning the workflow and how to make changes, and to approve and commit patches. Committers will also work on closing doc PRs and discuss proposed changes to the documentation.
The current mandoc maintainer (Ingo Schwarze) will participate and can help with mandoc integration or any other aspects of mandoc you are interested in. He can also review and commit OpenBSD patches and help participants to get started with contributing to OpenBSD.
If there is interest, we can have a few ad-hoc mini-presentations. If you have anything in mind that you would like to hear about (or show), send an email to dru@freebsd.org.
Feel free to drop by and help out!Dru Lavigne09:0003:00DMS 1110A Look Inside FreeBSD with DTracemorningenOne of the largest challenges to understanding complex software is a lack of run time visibility into what the system is doing at any particular time. DTrace is a modern tool that gives the user, whether they are a student, system admin, or software developer the ability to look insidea running system to understand how the system works and identify logical and performanc problems.
In this tutorial we will cover the basics of DTrace on FreeBSD, including basic and advanced uses, and then work through several of the major subsystems, including processes, memory, I/O and networking to achieve a better overall understanding of how the system operates. The tutorial includes a set of short labs, carried out on virtual machines, that give the students hands on experience working with DTrace.The two day tutorial covers the use of DTrace and its application to understanding, debugging and measuring various aspects of the operating system. Student goals for the tutorial are
* Use the dtrace program.
* Write simple, one line, DTrace scripts
* Know the terms in the DTrace glossary (provider, probe, etc.)
* Extend scripts in the DTraceToolkit
* Work with the profile, proc, sched, and networking providers
Each section contains a set of lab exercises. Each lab is intended to last 30 minutes, with 20 minutes of work time and 10 minutes of followup discussion.
Course Outline
Introduction Goals, tracing over view, and history
DTrace Command, Glossary, One Liners
Processes
Process Model, Process Lifecycle, fork, exec, exit, signals
Scheduler
Process States, Sched Provider, Running Threads
Locking
Lock Types, Lock Provider, Lock Stat Collection
Networking
Sockets,
UDP
TCP,
TCP States
Packet Forwarding
Filesystem
Naming
Name Cache
VNODEs
VFSGeorge Neville-Neil
Course material
13:0003:00DMS 1110A Look Inside FreeBSD with DTraceafternoonenOne of the largest challenges to understanding complex software is a lack of run time visibility into what the system is doing at any particular time. DTrace is a modern tool that gives the user, whether they are a student, system admin, or software developer the ability to look insidea running system to understand how the system works and identify logical and performanc problems.
In this tutorial we will cover the basics of DTrace on FreeBSD, including basic and advanced uses, and then work through several of the major subsystems, including processes, memory, I/O and networking to achieve a better overall understanding of how the system operates. The tutorial includes a set of short labs, carried out on virtual machines, that give the students hands on experience working with DTrace.The two day tutorial covers the use of DTrace and its application to understanding, debugging and measuring various aspects of the operating system. Student goals for the tutorial are
• Use the dtrace program.
• Write simple, one line, DTrace scripts
• Know the terms in the DTrace glossary (provider, probe, etc.) • Extend scripts in the DTraceToolkit
• Work with the profile, proc, sched, and networking providers
Each section contains a set of lab exercises. Each lab is intended to last 30 minutes, with 20 minutes of work time and 10 minutes of followup discussion.
Course Outline
Introduction Goals, tracing over view, and history
DTrace Command, Glossary, One Liners
Processes
Process Model, Process Lifecycle, fork, exec, exit, signals
Scheduler
Process States, Sched Provider, Running Threads
Locking
Lock Types, Lock Provider, Lock Stat Collection
Networking
Sockets,
UDP
TCP,
TCP States
Packet Forwarding
Filesystem
Naming
Name Cache
VNODEs
VFSGeorge Neville-Neil
Course material
09:0003:00DMS 1120DNSSEC TutorialworkshopenSecurity is becoming a more important topic, as our lives become more and more digital, and the press puts continuous emphasis on personal data being stolen. DNSSEC is a step towards a more secure experience on the internet, giving us a certain safety that the website we're browsing is the correct one. It requires, though, an added level of configuration from system and network administrators. This tutorial aims at making IT professionals comfortable with the technology and with its implementations.After this tutorial you will:
Understand the basic concepts of DNS Security;
Know how to configure a DNSSEC-enabled resolver for your network;
Know how to configure basic DNSSEC for your domains;
Know how to configure reverse DNSSEC records for your networks;
Be familiar with DNSSEC-related tools and procedures;
Know how to troubleshoot basic DNSSEC problems.
Tutorial contents:
Introduction to DNS Introduction to cryptography Introduction to DNSSEC Configuring a DNSSEC resolver DNSSEC zone records Key management and rollover Securing zone transfers Reverse Delegations Distributing secure data with DNSSEC DNSSEC troubleshooting Tools
This tutorial doesn’t cover:
The basics of routing, or any technical routing topics How to receive IP addresses from the RIPE NCC How to operate a Local Internet Registry (LIR) The methodology:
The DNSSEC tutorial is based on hands-on practical exercises and demonstrations. Throughout the day, various exercises and demonstrations will get you familiar with DNSSEC and allow you to practice your newly learned skills. You will receive a USB stick containing the course material and a printed version of the slides. Prerequisites:
Basic knowledge of the Domain Name System
Basic experience in managing BIND configuration and zone files
The material you need to bring:
Please bring your laptop. This tutorial is based on interactive exercises via a web browser. Your laptop should:
Be able to connect to a wireless network
Have a web browser installed
Have the chance to run a terminal software to remotely connect via SSH to a server
Massimiliano Stucchi13:0003:00DMS 1120Building The Network You Need With PF, The OpenBSD Packet FilterworkshopenThis session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. We expect to cover PF basics, a variety of avanced topics and recent developments.This session is aimed at experienced or aspiring network administrators who want to expand their knowledge of PF, the OpenBSD packet filter, and related tools. A basic knowledge of Unix and TCP/IP network configuration is expected and required. The session content will be largely determined by your questions (if possible sent to tutorial@bsdly.net in advance), topics potentially covered include
* Configuration on OpenBSD, FreeBSD and NetBSD (and possibly Solaris)
* PF ruleset basics and rule interactions: block, pass, match
* Writing maintainable rulesets
* Address families: IPv4 NAT vs IPv6
* Redirection, divert and services with odd dependencies (ftp-proxy, spamd)
* Adaptive rulesets (state tracking tricks)
* Traffic shaping with priorities and 'newqueue', OpenBSD 5.5 style
* Legacy ALTQ traffic shaping
* Per user filtering with authpf
* High availability with CARP, relayd
* Wireless vs wired networks
* Filtering bridges
* Logging and monitoring - pflog, pflow and others
* Testing, debugging, and optimizing your configuration
* Updates on recent developments and what to expect in upcoming releases
Where appropriate, samples will be presented in both the legacy syntax and the new PF syntax introduced in OpenBSD 4.7, otherwise the likely focus of the session will be the world as seen from the recent OpenBSD 5.9 release (release date May 1st, 2016).
The available material (notes and slides I've accumulated over the years) covers significantly more than the schedule allows for. To help make the session more targeted to your needs, I would appreciate if you, when you sign up for the session or soon after, send me an email to tutorial@bsdly.net with description of what you would like to learn in this session, and to the extent you are allowed and feel it is appropriate, what your near or longer term future project is.
Slides matching the latest version of the tutorial can be found at http://home.nuug.no/~peter/pf/newest/; updated slides will be made available to the general public after the present session has concluded.
Timing and logistics allowing, copies of the third edition of Hansteen's The Book of PF will be available to purchase at the session. (Also see <a href="http://nostarch.com/pf3">The Book of PF, 3rd edition</a>, No Starch Press 2014).
Peter Hansteen
Most recent slides
The Book of PF
Peter Hansteen's blog (That Grumpy BSD Guy)
20:0004:00L140Hacker Loungemeet, greet, hackotherenThe hacker lounge is on the ground floor of residence. Bring your laptop, enjoy.
This room is located just past the lobby. You may need to ask for the key at the desk. Proper behaviour is expected, or you'll be asked to leave. :) If you must ask what proper behaviour is, well, it sounds like you shouldn't be there.
The starting time is flexible, so is the ending time. Just show up. wifi will be available.
In order to play nicely with others, please bring an extension cord / power strip.
Please keep this room tidy and clean.Dan Langille18:0003:00DMS 1160introductionNewcomers orientation and mentorshipFor first time BSDCan attendeesotherenIf you have never been to BSDCan before, this is the first session you should attend.At this session, you can receive advice from experienced BSDCan attendees to help you get the most out of your BSDCan experience.
The venue is to be confirmed. All projects invited to participate & help first-time attendees feel welcome.
This is the first time we've done this, and plans are still in early stages, but please consider mentoring some first-timers and help out.
More detail later.Dan LangilleMichael W. Lucas
The map is linked to from the home page.
09:0003:00DMS 1120OpenSMTPD for the Real WorldMail Server TutorialworkshopenThis session is aimed at administrators who can't or won't use 3rd-party mail hosting (and who would?) but still need a reliable, spam- and virus-resistant mail server. A basic knowledge of BSD, smtp and dns is expected and required.The session is a hands-on tutorial covering configuration and use of OpenSMTPD as the core of a spam- and virus-resistant mail server.
After this tutorial you will know how:
* Configure smtpd as a Mail Transfer Agent (MTA) for single and multi-domain use;
* Install a certificate and configure smtpd to provide or require TLS;
* How to accept or reject mail based on criteria like recipient, source, sender and domain;
* How to tag mail;
* How to configure Spam Assassin;
* How to configure ClamAV;
* How to configure smtpd to work with Spam Assassin, ClamAV and Local-Mail-Transfer-Protocol (LMTP) services (in series or individually);
* How to configure smtpd to deliver mail to Dovecot;
* Know how to troubleshoot smtpd issues using smtpd's syntax checker, logs and by sending mail manually via telnet.
We'll also look at integration of OpenSMTPD with other spam-fighting services:
* Simple pf configuration for spamd;
* Adding blacklist sources to spamd.conf;
* Updating spamd with OpenBGPD.
If there's time we'll also cover:
* Configuring smtpd as a store-and-forward mail server;
* Configuring smtpd as a backup mail server;
* Using other features of smtpd to fold, spindle and mutilate unwanted mail.
Though they will be mentioned, DomainKeys and Sender Policy Framework (SPF) configuration will not be discussed in detail.
The instructor will conduct the tutorial on OpenBSD and will attempt to help students who want to use another BSD platform supported by OpenSMTPD.
The session is aimed primarily at single or low-mail-server-count environments but is open to anyone who wants to learn more about running OpenSMTPD for production mail services.
The session is meant to be hands on. To get the most out of it, please bring a laptop with OpenSMTPD, Spam Assassin and ClamAV installed.Aaron Poffenberger13:0003:00DMS 1120Creating a nice IPv6 addressing planor, how do I use all that address space ?workshopenARIN, the internet registry for north America, recently ran out of IPv4 addresses. This means that if an organisation needs IPv4, they have to get on a waiting list and hope for address space to be returned by some other organisations going bankrupt. This means that the rate of IPv6 adoption is going up in the region, and this also means that system administrators need to get up to speed with it. A /48 is common as address space assigned to a business customer from an ISP, and that involves 65536 networks. This means a lot of address space to use, but not to waste. This tutorial is simply about this.Preparing an addressing plan that takes the organisation's needs into account can be challenging, especially if done with an IPv4 mindset. The goal of this tutorial is to make sure that the participants understand the requirements for running IPv6 in an enterprise environment, and learn how to "colour" the addresses to give them a meaning.
The tutorial starts with a theoretical part, and then delves into an exercise with different possible scenarios that puts the participants into the shoes of somebody that has to implement IPv6 in a mid-sized organisation. Preparing an addressing plan for it, with the requirements from different departments and facing logistical and technical challenges is the heart of this tutorial. It will prepare the participants to face the IPv6 challenge with the ability to prepare clean, scalable and easy-to-use addressing plans for their own infrastructure or for their customers. At the end, if time permits, there is also the possibility of enriching the addressing plan experience with an exercise about security policies regarding the addressing plan we just worked on. Massimiliano Stucchi19:0004:00DMS 1120Doc SprintsDoc SprintsmeetingenThis doc sprint is open to both committers and anyone interested in helping to improve the documentation set (handbook, guides, man pages, website) for any of the BSD projects.This doc sprint is open to both committers and anyone interested in helping to improve the documentation set (handbook, guides, man pages, website) for any of the BSD projects.
FreeBSD committers will be available to assist non-committers in getting started with the FreeBSD documentation set, learning the workflow and how to make changes, and to approve and commit patches. Committers will also work on closing doc PRs and discuss proposed changes to the documentation.
The current mandoc maintainer (Ingo Schwarze) will participate and can help with mandoc integration or any other aspects of mandoc you are interested in. He can also review and commit OpenBSD patches and help participants to get started with contributing to OpenBSD.
If there is interest, we can have a few ad-hoc mini-presentations. If you have anything in mind that you would like to hear about (or show), send an email to dru@freebsd.org.
Feel free to drop by and help out!Dru Lavigne15:0004:00Royal OakregisterRegistration - pubPick up your registration pack, have a beer!otherenRegistration pick upAvoid the line ups of the first day! Pick up your registration pack early, at the pub. Sit back. Have a drink, some food. Enjoy the company.
A BSDCan tradition. :)Dan LangilleDru Lavigne
The map is linked to from the home page.
18:3006:15L140Hacker LoungeWant to try FreeBSD 10.3 on Azure? Tonight, Microsoft will be handing out free pass-codes. #FreeBSD #azureotherenThe hacker lounge is on the ground floor of residence. Bring your laptop, enjoy.
This room is located just past the lobby. You may need to ask for the key at the desk. Proper behaviour is expected, or you'll be asked to leave. :) If you must ask what proper behaviour is, well, it sounds like you shouldn't be there.
The starting time is flexible, so is the ending time. Just show up. wifi will be available.
In order to play nicely with others, please bring an extension cord / power strip.
Please keep this room tidy and clean.Dan Langille13:1502:00DMS 4165Registration pack assemblyassembly, deliver, drinkotherenBe first to see the swag!Help us to stuff the registration packs. No assembly required. Have wonderful conversations with your co-volunteers!
Get rewarded with food & drink.Dan Langille09:0001:00DMS 1160The opening sessionlectureenThere will be a few short announcements before and after the keynote.The opening session with have some magic giveaways of hardware. Please be there to win.Dan Langille
video
10:0001:00DMS 1160A Brief History of the BSD Fast FilesystemlectureenThis talk provides a taxonomy of filesystem and storage development from 1979 to the present with the BSD Fast Filesystem as its focus.This talk provides a taxonomy of filesystem and storage development from 1979 to the present with the BSD Fast Filesystem as its focus. It describes the early performance work done by increasing the disk block size and by being aware of the disk geometry and using that knowledge to optimize rotational layout. With the abstraction of the geometry in the late 1980's and the ability of the hardware to cache and handle multiple requests, filesystems performance ceased trying to track geometry and instead sought to maximize performance by doing contiguous file layout. Small file performance was optimized through the use of techniques such as journaling and soft updates. By the late 1990's, filesystems had to be redesigned to handle the ever growing disk capacities. The addition of snapshots allowed for faster and more frequent backups. Multi-processing support got added to utilize all the CPUs found in the increasingly ubiquitous multi-core processors. The increasingly harsh environment of the Internet required greater data protection provided by access-control lists and mandatory-access controls. The talk concludes with a discussion of the addition of metadata optimization.Kirk McKusick
video
11:1501:00DMS 1160diskctl: A permissively-licensed S.M.A.R.T. and raw disk command frameworklectureenThe Self-Monitoring, Analysis and Reporting Technology or S.M.A.R.T. is a interface implemented by manufacturers of storage devices to present device “health” information to the OS. This information can include device identification and configuration information, service hours, temperature, bad block reallocation counts, SSD endurance remaining, plus vendor-specific attributes. These attributes are commonly accessed from various operating systems using the “smartmontools” project and specifically the smartctl(8) command. While widespread in its use, the smartmontools project suffers from a number of limitations, the greatest of which is a license that prevents its inclusion in BSD operating systems. The diskctl(8) project aims to address the licensing and output formatting limitations of “smartmontools” and provide a user-friendly framework for new output formatting syntaxes. In addition, diskctl(8) aims to provide device-level command communication and address issues unique to virtualized environments.The Self-Monitoring, Analysis and Reporting Technology or S.M.A.R.T. is an industry-standard interface implemented by manufacturers of hard disk, solid state drive or SSD, and similar storage devices to present device “health” information to the controlling operating system. This information can include device identification and configuration information, service hours, temperature, bad block reallocation counts, SSD endurance remaining, plus vendor-specific attributes. These attributes are commonly accessed from various operating systems using the “smartmontools” project and specifically the smartctl(8) command. While widespread in its use, the smartmontools project does not feature a license that is suitable for inclusion in BSD Unix operating systems, does not support nVME devices, and is limited in its output formatting abilities. The diskctl(8) project aims to address the licensing and output formatting limitations of “smartmontools” and provide a user-friendly framework for new output formatting syntaxes. In addition, diskctl(8) aims to provide an interface to common ATA management commands such as IDENTIFY, plus the acoustic and power management series of commands. Finally, the diskctl(8) project project will explore the possibility of VirtIO AHCI S.M.A.R.T. and underlying zpool status pass-through for virtual machine disk devices and other opportunities relating to virtualized storage.
The Request For Comments or RFC strategy of the diskctl(8) will allow a team of subject matter experts including David Gwynne of OpenBSD and Allan Jude of FreeBSD to define the problem that diskctl(8) aims to address and reach out to their respective communities for input and collaboration on its scope, features and implementation.
The diskctl(8) project will also employ a documentation-driven strategy that will define the diskctl(8) manual page as its first deliverable, prior to any accompanying source code.Rodney W. Grimes
video
12:4500:45DMS 1160ZFS BoFZFS User MeetupmeetingenZFS Birds of a Feather sessionCome meet other ZFS users, ask questions, share your experiences, and learn new things.Allan Jude
What's a BoF?
13:3001:00DMS 1160Beyond MonoculturesThe Tor BSD Diversity ProjectlectureenLaunched with the aim of disrupting the Linux monoculture in the Tor anonymity network, The Tor BSD Diversity Project (TDP) continues the quest to extend a little bit of *BSD sanity into the privacy-enhancing technologies (PETs) scene.The Tor BSD Diversity Project (TDP) formally began in the early spring of 2015.
This presentation will start with the larger context of the PETs scene, making the case for TDP's relevance, while illustrating our approach and contributions.
Developing Tor Browser for OpenBSD remains TDP's flagship project, with seven releases to date. TDP also expanded its focus, with smaller projects such as "Porting PETs" and "Quick-and-Dirty Statistics" to illustrate the lack of Tor network diversity not to mention a number of other efforts such as recruiting New York Internet to contribute two high-bandwidth Tor relays on BSDs.
While it's hard to directly attribute to TDP, the chatter around PETs in the BSDs increased significantly. From the porting of PETs like the Tor XMPP client Ricochet for FreeBSD and attempts to implement OpenBSD's pledge(2) to the Tor daemon, to a significant increase in the number of relays running a BSD on the Tor network, TDP imagines that somehow its presence began to fulfill its goals.George Rosamond
TDP WWW Site
TDP GitHub Repositories
slides
video
video
14:4501:00DMS 1160Implementation of Xen PVHVM drivers in OpenBSDlectureenOpenBSD 5.9 will include a native implementation of Xen PVHVM drivers. It was written from scratch to facilitate simplicity and maintainability. One of major goals of this effort is to run OpenBSD images in the Amazon
cloud.Xen virtual machine monitor provides two types of guest hosting depending on the underlying hardware: paravirtualized and hardware assisted virtualization mode when a CPU with virtualization extensions (AMD-V or Intel VT-x) is used.
At the same time guests running in the hardware assisted virtualization mode are not restricted access to the paravirtualized facilities via the hypercall interface normally used by the paravirtualized instances.
We will explore what facilities are provided and how an HVM guest can combine emulated PCI device tree and interfaces provided via paravirtualization on the example of an OpenBSD PVHVM driver implementation.
Mike Belopuhov
video
16:0001:00DMS 1160OpenZFS space allocationdoubling performance on large and fragmented poolslectureenAllocating space for new blocks is at the heart of every filesystem, but this is especially true for OpenZFS, because it allocates new blocks for every write, and because blocks are arbitrarily sized. This talk is an overview of how OpenZFS allocates space, including the on-disk data structures used to keep track of where the free space is, and the algorithms used to select the “best” free space to use for a write.The talk also covers recent improvements to space allocation algorithms, including:
- Big wins on pools with “unbalanced” vdevs which have different amounts of free space
- A new on-disk data structure which vastly reduces the I/O overhead of tracking free space
- Improved diagnosability of the space allocation processMatt Ahrens
video
10:0001:00DMS 1110Using VXLAN to network virtual machines, jails, and other fun things on FreeBSDlectureenVXLAN is a relatively new protocol for transporting a large number of virtual Ethernets over any IP network. It draws from and improves upon both VLANs and point-to-point network tunnels. Once a "virtual tunnel end point" is configured for one or more VXLANs it discovers the other end points and hosts within each network automatically. This presentation will introduce VXLAN in greater detail, compare it to VLANs and traditional L2-over-L3 tunnels, and describe and demonstrate several use cases for VXLAN on FreeBSD including vnet jails, bhyve VMs, and wireless bridging.VXLAN allows an administrator to create many (up to 16 million) distinct virtual Ethernets over any UDP/IP transport which supports multicast. It combines features of both traditional VLANs and traditional point-to-point network tunnels (such as gif/EtherIP) while providing additional features found in neither. The underlying transport network can be Ethernet, InfiniBand, 802.11 wireless, or just about anything else. Hosts participating in one or more VXLAN networks do not need to be configured with any information about the other host(s) carrying the same network(s). Rather, they become virtual tunnel endpoints (VTEPs) and dynamically learn which (inner) network nodes are reached via which (outer) VTEPs, much like a switch associates MAC addresses with specific ports. Packets whose (inner) destination is broadcast, unknown or multicast are delivered via multicast on the outer network to all participating VTEPs.
It is perhaps most commonly used in large and/or multi-tenant virtualization projects, but VXLAN has many potential applications. Want to bridge your Ethernet across a wireless link? VXLAN has you covered. Can't get enough VLANs on your switch? VXLAN to the rescue. And of course it's a great way to have lots of networks for jails and virtual machines and keep them all distinct from each other and from the host machine's network(s).
FreeBSD, OpenBSD and Linux have all had VXLAN support for some time. Some switch vendors are starting to add it to their products as well (though one of the benefits of VXLAN is that it does not require switch support). This presentation will introduce VXLAN in greater detail, compare it to VLANs and traditional L2-over-L3 tunnels, and describe and demonstrate several use cases for VXLAN on FreeBSD including vnet jails, bhyve VMs, and wireless bridging.
John Nielsen
video
11:1501:00DMS 1110Running an ISP on OpenBSDWhy OpenBSD and several uncommon uses of itlectureenMy company, BS Web Services GmbH (BSWS) is a smaller hosting ISP in Hamburg. It is largely run on OpenBSD, and that includes some uncommon and probably unexpected uses that I frequently get asked about. I'll explain why we use OpenBSD, how we do so and how we automate management of a large number of OpenBSD servers.In particular, we'll cover
-Benefits of using OpenBSD for mission critical, public internet services
-how we manage a large number of OpenBSD servers in very different roles
-automated installation / setup
-the expected use: routers, firewalls
-managing the layer 2 network components
-using OpenBSD components for the shared webhosting platforms
-a clustered mail system on OpenBSD, including the use of spamd
-OpenBSD autoinstallation in a fully automated VM deployment scheme
-secure the business: automated billing and bookkeeping, including largely automated payment systems and bank interfaces, all on OpenBSD
-secure the site: physical access control using OpenBSD and arduinos
-manually switching lights on and off is so last century
-the environment: monitoring physical doors and temperatures with OpenBSD and arduinos
I will focus on the technical side; it will NOT be a sales pitch or advertising session.Henning Brauer
video
13:3001:00DMS 1110Packet Pacing – Rate Limit per flow (TCP \ UDP)lectureenThere is a growing need recently in the networking world for flow based rate limiting. Different use cases (such as video streaming) are implementing Software based rate limiting in order to maintain many connections at the same time. The rate limiting capability prevents bursts or micro bursts and ensures each streams is served with the required bandwidth. Offloading the rate limiting capability to the HW holds a big potential in the form of improved performance saving precious cpu cycles.
During this talk I plan to go over the current solution that Mellanox has to offer. The different flows will be described in details; the control flow which starts from the socket and ends in the driver and NIC, and the transmit flow. The architecture includes changes in sensitive networking areas in the FreeBSD kernel such as the IP stack fast path, so critical decisions and open issues will be reviewed as well.
The Packet Pacing feature traverse through different layers in the kernel and logically binds the upper areas in the network stack (i.e. socket, pcb) to a HW queue. Additionally we need to consider the potential of this feature when looking at basing its 'engine' in the TCP stack and allowing rate limiting to specific connections based on the window size and congestion calculations. As a result of these characteristics the purpose of this talk is both to present the solution and discuss its future.Oded Shanoon
video
14:4501:00DMS 1110OpenPAM and BSDlectureenPluggable Authentication Modules, or PAM, are the closest thing sysadmins have to black magic. The configuration language is baffling, the rules perplexing, and the end result is people not understand how their authentication works.Pluggable Authentication Modules, or PAM, are the closest thing sysadmins have to black magic. The configuration language is baffling, the rules perplexing, and the end result is people not understand how their authentication works.
This talk is a crash course in the OpenPAM implementation used by most BSD variants. We'll cover how PAM works and implementing common scenarios like two-factor authentication and optional authentication methods. We'll then discuss useful PAM modules, both common ones that ship with OpenPAM and add-on packages. You'll learn how to use your SSH agent for more than SSH, implement hardware token authentication, Google Authenticator, lock accounts that fail to authenticate, authenticate any application against a list of permitted users, and more.
We'll also go through debugging PAM problems and ensuring that your PAM setup not only does what you want it to do, but doesn't allow access you didn't intend.
Michael W. Lucas
video
16:0001:00DMS 1110Network Performance Improvement for FreeBSD Guest on Hyper-VIntroducing features and tuning practices to improve FreeBSD guest network performance in virtualization environmentlectureenFreeBSD is used in virtualization environment widely as OS for web servers, virtual appliances, etc. The network performance for such workloads is critical. This talk will introduce how to achieve network performance improvement through collaboration between the host and the guest and the implementation of TSO (TCP Segmentation Offload) and vRSS (virtual Receive Side Scaling).
TSO is used to reduce the CPU overhead of TCP/IP on fast networks. By offloading the TCP segmentation to the NIC which would split large (up to 64K) TCP segments into small frames honoring the MTU size, CPU cycles can be saved to handle more workloads.
In multi-core virtual machines, the single virtual processor which handles all the interrupts from the virtual network adapter typically becomes the bottleneck for receive-side network processing. vRSS removes this bottleneck by enabling a network adapter to distribute its network processing load across multiple virtual processors. With vRSS support in FreeBSD guest, the network performance is improved dramatically.
Lastly we will also share the tuning practices of optimizing host/guest signaling and implementing scalable interrupt delivery architecture in the FreeBSD guest.
Dexuan Cui
FreeBSD Virtual Machines on Microsoft Hyper-V
Linux and FreeBSD Virtual Machines on Hyper-V
video
10:0001:00DMS 1120A Walkthrough of CAMUnderstanding NVMe CAM front endlectureenA walk through of CAM, its data flows, code flows and how to write drivers for it will be presented.
CAM has been in the FreeBSD system for 17 years, yet it remains one of the more difficult subsystems to approach. It started out in a parallel SCSI world on systems with 16MB doing maybe 20 I/Os per second (iops) and a few disks. It has evolve to cope with systems with dozens of solid state drives that push tens of thousands of iops poised to move to hundreds of thousand.
Towards that end, the author has written a CAM front end to the NVMe driver.
This talk will walk through the new nvme front end. To understand the work, however, you need to understand CAM and how it fits together. The talk will focus on providing a tutorial for CAM. Starting with a brief overview of the FreeBSD I/O stack, the tutorial will focus on how CAM's connections to the system. I/O will be traced trough CAM, from its "periph" drivers that connect to the GEOM system to consume I/O from the upper layers, down through the transport (XPT) layer to the host interface modules (SIMs) which send the I/O requests to the drives. In addition to the simple data flows through CAM, various auxiliary details of CAM will be discussed. From a walk through of how CAM enumerates devices and how it divides those roles, to how the SIM drivers are created by the "new bus" drivers and how they interact with the BUS DMA system, these little discussed auxiliary details will be presented. Details of the new NVMe CAM front end will also be presented along side the more general details of CAM.
Accompanying the talk will be a paper documenting the connections within CAM in more detail than the one hour format of the talk will allow. The author hopes to also complete man pages for all the CAM APIs before BSDcan, which this paper will cross reference.Warner Losh
video
11:1501:00DMS 1120Everything You Always Wanted to Know About "Hello, World"*(*But Were Afraid To Ask)I've been working on a new system call ABI and the required runtime support for a C variant with spacial memory safety. Along the way I've encountered lots of interesting bits and pieces required to implement a simple C "Hello, World" program. I found the process fascinating so and this talk brings all that knowledge together in one place.The first example in the classic "The C Programming Language" by Kernighan and Ritchie is in fact a remarkably complete test of the C programming language. This talk provides a guided tour a slightly more complex program where printf() is called with multiple arguments. Along the way from the initial processes' call to exec() to the final _exit(), we'll tour the program loading code in the kernel and the dynamic linker, the basics of system call implementation, the implementation of the memory allocator, and of course printf(). We'll also touch on localization and a little on threading support. Where appropriate, I'll discuss portions of the system that need changing to accommodate memory safe versions of C like the version we are developing for our CHERI CPU.
This talk will assume some knowledge of a language with C-like syntax (C, C++, Java, and PHP should all be fine).Brooks Davis
video
12:4500:45DMS 1120Haskell/FPBoFmeetingenHaskell and other functional-language developers and those curious about FP meet to discuss functional programming on BSD.Come talk all things Hakell and FP!Aaron Poffenberger
What's a BoF?
13:3001:00DMS 1120Bidirectional Forwarding Detection (BFD) implementation and support in OpenBSDOr: A new protocol actually /did/ improve our routing.lectureenBidirectional Forwarding Detection (BFD) is a protocol that allows detecting faults in links or routes. This is similar to GRE keep-alives, but is actually supported on real routers. Contrary to traditional link-state detection, BFD works on the next-hop IP address; so one can detect failures of some peers that do not affect the link state.Internet links fail. This is a truism as old as Internet links. When a link fails, traffic gets dropped until the failure is detected and traffic can be re-routed. Detection of failures can be quite tricky however, since they are not always directly visible. Most systems use link state or a form of keep-alives for detection of failures. Link state detection does not help when there are active devices between a router and the other system, such as a switch or long distance links which use MPLS. The in-protocol BGP timers can also be quite long (a common default is 90 seconds) which is a lot of traffic when one are sending 10Gbps or even faster rates.
BFD is a new protocol that exists outside of existing routing protocols, but can communicate the status to all protocols. This allows for a single keep-alive to detect the health of a single link, without having to depend on a keep-alive in each and every protocol being used. As this is part of the "parent" interface, this does not introduce another layer in the network configuration. And since the link-state is only per next-hop IP, one can mix and match BFD and non-BFD neighbours on the same interface. This is extremely useful for routers connected to an Internet Exchange Point, which can have hundreds of peers spread over 10 or more physical locations.
A clever description of this is described in a draft RFC, which introduces automagic configuration of BFD between parties allowing for stronger resilience when there are many potential neighbouring networks without the overhead of manual configuration.
I will be discussing of the implementation of the BFD protocol for OpenBSD, problems discovered in both the protocol and network stack, use cases and production experience.Peter Hessler
video
14:4501:00DMS 1120FreeBSD, BeagleBone Black and RoboticsAuthorities empowered to control, support and guide endeavours the academic research behind the modeling of Aduka-II, a hexapod robot with 12 degrees of freedomlectureenAduka-II is a remotely operated hexapod robot powered by BeagleBone black and FreeBSD that offers server/client connection over WiFi to control its directions to be used as a supervisory system. Hexapod robots are terrestrial mobile robots that have six legs for locomotion; they are morphologically resembling insects, arthropods with three pairs of legs. Building a mobile robot involves a number of peculiarities, it is necessary to deal with guidance position errors, problems with the batteries, programming errors, choice of engines and materials for frame. Therefore the right choice of an operational system can make the difference during the project.
This talk is about a remotely operated hexapod robot powered by BeagleBone black and FreeBSD that offers server/client connection over WiFi to control its directions to be used as a supervisory system. The hardware platform is composed by a Beaglebone Black (BBB) and a dedicated Pulse Width Modulation (PWM) demultiplexer board. Most of the work behind controlling the pod and its sensors also contributed to new code added to the FreeBSD's base system to ARMv6 with the benefits granted by Flattened Device Trees (FDT).
The main idea of this talk is to show the possibilities of developing a remotely operated hexapod robot (Aduka-II) and its control system out of many researchers' comfort zone.Edicarla AndradeVinícius Zavam
Aduka-I : A remotely operated hexapod robot powered by FreeBSD and BeagleBone Black
Aduka-I: Developing and modeling a hexapod robot with 12 degrees of freedom for academic use
video
16:0001:00DMS 1120Improving PF's performance and reliability.Lessons learned from bashing pf with DDoS attacks and other malicious traffic.lectureenThere is recently a lot of work going on on FreeBSD's version of PF. Does it perform better? Does it contain bugs? How does it compare to other implementations of PF?At my $WORK I was given a wonderful opportunity to use FreeBSD as pf-based loadbalancer. Reality was not matching the expectations especially when faced with what the Internet is throwing at us. We have 38 LoadBalancers running FreeBSD, each handles up to 600k states under normal conditions with a few thousand rules. DDoS attacks forced me to review not only the ruleset, but also the code. There was much place for improvement of both. Also the latest development of multithreaded pf in FreeBSD brought light and hope for better performance under harsh conditions. But how does it really perform?
Topics covered:
- How my $WORK uses PF and FreeBSD as its choice for LoadBalancing.
- Short introduction on what a DoS and DDoS attacks are.
- How PF fails (or rather failed before patching) to handle them.
- What can be improved, what was already improved. Both in ruleset and in code.
- How FreeBSD's 10 "multithreaded" PF is better in handling such attacks.
- Comparison of performance and bugs/features between implementations of PF in different *BSD operating systems, especially under attacks.
Kajetan Staszkiewicz
video
18:0004:00DMS 1120Doc SprintsDoc SprintsmeetingenThis doc sprint is open to both committers and anyone interested in helping to improve the documentation set (handbook, guides, man pages, website) for any of the BSD projects.This doc sprint is open to both committers and anyone interested in helping to improve the documentation set (handbook, guides, man pages, website) for any of the BSD projects.
FreeBSD committers will be available to assist non-committers in getting started with the FreeBSD documentation set, learning the workflow and how to make changes, and to approve and commit patches. Committers will also work on closing doc PRs and discuss proposed changes to the documentation.
The current mandoc maintainer (Ingo Schwarze) will participate and can help with mandoc integration or any other aspects of mandoc you are interested in. He can also review and commit OpenBSD patches and help participants to get started with contributing to OpenBSD.
If there is interest, we can have a few ad-hoc mini-presentations. If you have anything in mind that you would like to hear about (or show), send an email to dru@freebsd.org.
Feel free to drop by and help out!Dru Lavigne10:0001:00DMS 1140An OpenFlow implementation for OpenBSDIntroducing switchd(8) and more about SDNpodiumenThis talk introduces an implementation of the OpenFlow protocol for OpenBSD – a protocol from the SDN world that allows to control data planes of switches or routers remotely. switchd(8) uniquely combines a simple controller and a virtual switch in a simple, secure, and privilege-separated daemon. OpenBSD's in-kernel bridge(4) driver has been extended to support the OpenFlow protocol natively, so switchd(8) implements a virtual switch by running as a controller on the local system.With the MP network stack overhaul it became obvious that OpenBSD's bridge(4) needs some updates. It wasn’t built for a MP networking stack and before anyone talked about “virtual switches”, flow tables, or split data and control planes for such things. People were looking into supporting “Open vSwitch” (OVS), but the costs of adding the complex kernel layer of OVS to OpenBSD was just too high and with questionable licensing. So we were reconsidering further modernizing bridge(4). I came up with a simple idea: we don’t need it or another virtual switch, we just need a controller to offload the “control plane”. OpenBSD is already doing bridging, VXLANs, VLANs, STP, routing domains and many other things in the kernel, so why should we move it to yet another complex daemon? All we need is a controller daemon and a well-defined, pluggable interface to handle the forwarding decisions from bridge(4) in the daemon and the Cloud: OpenFlow.
Fortunately, I had started such a simple, privilege separated OpenFlow controller some time ago, but I have never released it because it wasn’t complete, not comparable to any of the “big” controllers, and I didn’t have an actual use case in OpenBSD for it. It only provided a simple learning switch that works with Open vSwitch or OpenFlow-enabled HP (HPE) switches. I also didn’t find a satisfying name for it, as “OpenFlow™” is an open protocol but also a very strict trademark and calling it openflowd would violate their trademark policy. I don’t use funny or pet names for software, and OpenWolf or sdnflowd simply didn’t work, but now I could simply rename it to “switchd(8)”. Following the idea of using the OpenFlow protocol itself as our new kernel interface, Yasuoka@ and Goda@ worked on “bridgeofp” and managed to get it working as a simple layer 2 switch. We’ll need it for many things, including the distributed virtual switching for vmd(8) and to facilitate OpenBSD in the SDN.Reyk Floeter
n2k15: reyk@ on hosting a hackathon, vmd, and the switch
video
11:1501:00DMS 1140Capsicum and Casperfairy tale about solving security problemslectureenCapsicum is a sandbox framework in the FreeBSD operating systems and it's based on the capabilities concept. Programs running in a sandbox don't have access to any global namespaces. For some applications this limitation could be too restraining. So how developers handle those exceptions with Capsicum?Capsicum is a lightweight OS capability and sandbox framework implementing a hybrid capability system model.
As mentioned before after entering the sandbox we don’t have access to any global namespaces (such as path names, so we can’t open files in a sandbox).
The main idea behind Casper is to replace standard libc functions (those which are using global namespaces) with wrappers which allow for using those functions in sandboxed programs in secure and controlled way. When Casper was first implemented it was a daemon in operating system (called casperd(8)). But this implementation created a lot of problems because zygotes inherits all capabilities from the daemon not from the process which will use it. Author recent work was to change Casper architecture. The best way will be forking zygotes from the original process which run it. This is how libcasper was created. The implementation was possible thanks to mechanism like pdfork(2), which allows us to fork inside the other process but without being afraid that it will react with standard wait(2) functions.
The talk will cover Capsicum architecture basics and compare it to well known security frameworks such as seccomp and to new models like pledge. The main part of the talk will be presentation of Casper and its architecture. Old one in which Casper is a demon and new one in which we transformed it into a library.Mariusz Zaborski
video
13:3001:00DMS 1140FreeBSD on Cavium ThunderX System on a ChiplectureenThe lecture describes the FreeBSD operating system port for the Cavium ThunderX CN88XX System on a Chip. ThunderX is a newly introduced, ARM64 (ARMv8) SoC designed for the high performance and server markets. It is currently the only one in the ARM world to incorporate up to 96 CPU cores in the system along with the whole technology to make it possible. ThunderX is up to date with the latest trends in the computer architecture industry, including those that are relatively new to FreeBSD like SR-IOV (Single Root I/O Virtualization) or completely unique, such as ARM GICv3 and ITS). The main focus of this article is to provide a bottom-up overview of how the FreeBSD platform support for ThunderX was implemented and what are the benefits and pitfalls of the newly introduced ARMv8 technology in terms of the OS development. The paper also describes the key components of the ThunderX system and explains, how they were supported in FreeBSD. Finally, possible fields of further improvements are pointed out briefly.Wojciech Macek
video
14:4501:00DMS 1140Dodging Raindrops: Escaping the Public CloudA User Story of De-Google-ication Using FreeBSD and Other Open Source SoftwarelectureenA retrospective look at the author's efforts to De-Google-ify and remove dependence on third parties to host personal data. How the author runs a personal infrastructure that handles everything including email out of a home server on consumer hardware will be discussed. Rationale for the move, what technologies were deployed, and how they were employed will be discussed.Privacy. It is hard to achieve a measure of privacy today. The rise of the smartphone and multiple device usage have made the 'cloud' or simply server-side storage more appealing than ever before. Yet most people don't have a home server, they use a third party like Google or Dropbox to store critical and often private data. And while the economics of using third party services are very compelling, there is a hidden cost, privacy.
In the wake of the Snowdon revelations, and given the current state of law and politics, the wisdom of using third party providers is in doubt. And it is not just privacy that make their use concerning. EULAs typically indemnify providers against almost everything that can go wrong and give providers unreasonable rights to use the data they store. And what if the provider decides to discontinue a service, or goes bankrupt, what happens to your data then?
This talk describes how a user with limited resources was able to nearly entirely replace his usage of Google and Dropbox with self-hosted open source solutions. The key to making it work, FreeBSD. The setup of a home server on a consumer PC to provide personal website hosting, file serving, email, and several other services is described. There will be a discussion of what was hard to do, what was easy, and where things can be improved.Ike Eichorn
Related Ohio LinuxFest 2015 Talk
video
16:0001:00DMS 1140Improving the FreeBSD BuildMaking it faster, more parallelized, smarter, cross-compilable, and more easily maintainedlectureenThe FreeBSD build has largely gone unchanged in the past 20 years. There is a 'buildworld' with multiple redundant phases that bootstrap their way to building everything. This presentation will go over recent improvements and planned work.The FreeBSD build has mostly seen small incremental improvements over the years and a lot of bitrot. Not many people are active today that understand all of the pieces involved in the build. While some recent work is moving towards a drastically new build, much of the work is also benefiting the historical buildworld which most people are used to and is likely to prevail. The ability to build a subset of the tree is a large goal of this effort since it is a big productivity loss for developers. Improving the speed of buildworld is being done while working towards the new build goals.
Recent improvements to be covered:
* External toolchains.
* More parallelization of buildworld and bsd.subdir.mk.
* FAST_DEPEND: Generating dependencies at compile time with GCC 3.0 flags rather than pre-processing files before compiling them and then pre-processing them again. This brings a 16% buildworld improvement and 35% to buildkernel.
* Removing the need for 'make depend'.
* CCACHE_BUILD: Built-in ccache support. This brings up to 65% incremental build time improvement when combined with FAST_DEPEND.
* LIBADD and its improvements.
* DIRDEPS_BUILD (Presented by Simon Gerraty in 2014 as "meta mode") improvements, which bring reliable sub-directory builds.
* Incremental build fixes for stealth dependencies.
* WITH_SYSTEM_COMPILER: Skipping building clang sometimes
* WITH_META_MODE: reliable incremental buildworld
Planned work to be covered:
* Adding more build-time assertions to ensure the framework is used properly, such as was done with great success in Ports.
* Library over/under-link testing.
* Building clang once for make universe
* Reducing duplicated dependency logic and redundant phases in buildworld.
* Foreign building, such as from OSX or Linux.
* Ports cross-building without QEMU, as it is not always feasible to use it.
Bryan Drewery
Nov 2015 FreeBSD-arch post about recent work and plans.
video
10:0005:45DMS 1130 - FreeBSD Dev TrackFreeBSD Dev Summitpublic tracklectureenThis is a place holder.Individual talks will be added to the schedule closer to the conference dates.Dan Langille
List of talks and times
09:0001:00DMS LobbyTea, coffee, snacks from 8:30nom nom nomotherenGet your lunch and head into your favourite BoF session.Lots of BoFs, get in early.Dan Langille12:1501:15DMS LobbyLunchnom nom nomotherenGet your lunch and head into your favourite BoF session.Lots of BoFs, get in early.Dan Langille14:3000:15DMS LobbyTea, coffee, snacksnom nom nomotherenGet your lunch and head into your favourite BoF session.Lots of BoFs, get in early.Dan Langille19:0006:15L140Hacker Loungemeet, greet, hackotherenThe hacker lounge is on the ground floor of residence. Bring your laptop, enjoy.
This room is located just past the lobby. You may need to ask for the key at the desk. Proper behaviour is expected, or you'll be asked to leave. :) If you must ask what proper behaviour is, well, it sounds like you shouldn't be there.
The starting time is flexible, so is the ending time. Just show up. wifi will be available.
In order to play nicely with others, please bring an extension cord / power strip.
Please keep this room tidy and clean.Dan Langille12:3002:00DMS 1150bsda1BSDABSD CertificationotherenTake the BSDA certification.The BSD Certification Group Inc. is a non-profit organization committed to creating and maintaining a global certification standard for system administration on BSD based operating systems.
YOU MUST register and pay for this event. See the link for details.Dru Lavigne
Register here
10:0001:00DMS 1160JSON-based configuration of kernel subsystemslectureenWe propose a JSON-based protocol for kernel subsystems configuration that overcomes some limitations of existing configuration methods, such as their ad-hoc-ness, or their lack of atomicity. We illustrate the current preliminary implementation of this configuration mechanism in the netmap subsystem and discuss some possible extensions.The kernel contains a lot of subsystems that need to be con*gured, typically by setting key/value pairs. Moreover, sometimes the user may dynamically create new kernel entities (such as tap devices, bridges, virtual machines, . . . ) each requiring its own set of parameters, both at creation time and during its lifetime. These new entities also need unique names, so that they may be referenced afterwards and maybe connected together (e.g., a tap to a bridge).
In the netmap subsystem, for example, we need a way to create memory areas containing preallocated bu*ers, and we want to specify the number and size of such buff*ers, and possibly other options such as the use of huge pages, or the selection of a NUMA node. Once a memory area has been created, we want to bind selected netmap ports to it, e.g., to isolate ports passed through to virtual machines, or ports used by independent applications or users. To do this comfortably and reliably, we would like to specify all the parameters atomically at creation and bind time.
Current solutions to these kind of problems either involve ad-hoc primitives (e.g., ioctl()) and tools to call them, or try to use more general mechanisms such as the sysctl interface or a pseudo-*lesystem. We think that general mechanisms are preferable, since the in-kernel code may be reused and the user does not need to learn new tools. Unfortunately, neither sysctls, nor pseudo-*lesystems have a natural way to express atomicity: each sysctl entry or pseudo-*le write and read operation is independent from all others. Several concurrent scripts that need to create and manipulate similar entities may interfere with each other, unless particular care is taken.
We propose to use an (extended) JSON-based protocol for kernel subsystems con*guration. Users may write a JSON speci*cation to a special device; if the
device is kept open, they may also read a JSON reply from the kernel. All actions specifyied between the initial open() and a following read() (or close()) are
executed atomically by the kernel. The JSON input refers to kernel "objects", organized in a hierarchy, and their properties. E.g.,
<pre><code>{ "netmap": { "mem": { "1": { "buffers": 100000, "size": 2048 }}}}</code></pre>
may be used to (atomically) set the number of bu*ers and their size in the already existing netmap memory area with ID 1. Extended syntax is used to inspect, rather than set, values:
<pre><code>{ "netmap": { "mem": { "1": { "free-buffers": ? }}}}</code></pre>
By writing this request to the special device, and then reading from it, one would obtain something like:
<pre><code>{ "netmap": { "mem": { "1": { "free-buffers": 531 }}}}</code></pre>
Another extension to the syntax allows for the creation of new objects and symbolic manipulation of their automatically assigned unique identi*ers:
<pre><code>
{
"netmap": {
"mem": { &X: { "buffers": 100000, "size": 2048 }}}
"port": { "em0" : { "mem": X } }
}
}
</code></pre>
This will atomically create a new memory area with 100000 bu*ers of 2048 bytes, and bind port em0 to it.
We have implemented a tiny JSON parser and most of the above features for the con*guration of the netmap subsystem. The JSON parser is about 700 lines of code (including comments) and uses a compact representation for the parsed objects. We have chosen JSON because its object syntax naturally relates to the in-kernel objects, and because of the extensive availability of userspace libraries and tools that parse and output JSON. We are nonetheless aware that JSON, while certainly more human-friendly than XML, is still a terribly annoying syntax for interactive command line usage. For this reason, our parser accepts some syntax extensions that allow, in most cases, avoid unnecessary quotes and curly braces. E.g., the *first example above may also be written as
<pre><code>netmap.mem.1: { buffers: 100000, size: 2048 }</code></pre>
Note, fi*nally, that the hierarchical nature of the parsing allows for incremental development: subsystems may adopt our proposal one
at a time, without interference with other subsystems.Giuseppe Lettieri
video
11:1501:00DMS 1160Making the internet more secureHow can we do it ?lectureenThe internet has always been facing threats, and so its users. But recently, the level of attention that security is gathering is going up, given the events in the news, and the new threats we hear about every day.In a World where the "Internet of Things" is becoming a reality, the internet is still not a safe place to be, and the number, level and intensity of threats is constantly going up. This talk discusses the threats, with examples of attacks carried on in the recent past, together with the solutions being worked on to avoid them from being effective again, and also guides the audience in understanding the actions being taken at the IETF in order to make the internet safer and more robust. From discussing letsencrypt, to TLSA, RPKI and BGPSEC, this talk covers a wide range of topics and technologies.
Massimiliano Stucchi
video
12:4500:45DMS 1160MetaBoFBUG BoFmeetingenMetaBUG (http://www.metabug.org/about-metabug) is a Global BSD User Group that provides a place for BSD enthusiasts to come together when they themselves do not have a local BUG.The goal of this BoF is to bring together people who make up the MetaBUG to discuss BSD User Groups and how to promote the use of the various BSD projects.Michael Shirk
What's a BoF?
13:3001:00DMS 1160Open/LibreSSL in FreeBSDState of OpenSSL and LibreSSL in ports and baselectureenThis talk will address the changes required to ports to deal with the changes that LibreSSL introduced (and keeps introducing). Additionally I will talk about the support-lifecycle of both the LibreSSL and OpenSSL projects and the impact on operating systems and other software projects. Lastly I will address making OpenSSL in base private and/or replacing FreeBSD's base OpenSSL with LibreSSL.Following the Heartbleed vulnerability OpenBSD forked OpenSSL into LibreSSL. The portable version of LibreSSL was ported to FreeBSD a day after it was released causing a large number of problems with ports. Meanwhile OpenSSL changed its support-lifecycle and will stop supporting current versions very soon. LibreSSL is being actively developed which induces more changes to ports.
The PC-BSD project ran an 'EDGE' build of their packages with LibreSSL which surfaced a number of problems with major ports like Python, OpenLDAP and Apache. After the first major ports were fixed the build surfaced ca 100 packages failing to build for various reasons. I will show some examples of these problems and fixes for them.
With the release of LibreSSL 2.3 came the removal of SSLv3. This caused another ca 100 ports to fail due to hard dependencies on SSLv3 methods in the libraries. Again some major ports where affected. I will show an example of this issue and the proper solution to it.
Additionally, there are ports that are not linking the desired OpenSSL libraries. Even when WITH_OPENSSL_PORTS is defined they link to the libraries in /usr/lib. Work is underway trying to make the OpenSSL libraries in base 'private' libraries. I will show the work performed and the effects on a system.
Bernard Spil
FreeBSD LibreSSL wiki page
FreeBSD OpenSSL wiki page
FreeBSD Base Openssl wiki page
LibreSSL project page
SSL in the Wild | BSD Now 82
video
14:4501:00DMS 1160Opensource RoutingRunning an enterprise network on OpenBSDlectureenThis talk will provide insight into the network components of a hosting business and the role OpenBSD software can serve there. I will show examples of what works, what pitfalls are to be reckoned with and how to avoid them, with emphasis on the network (and system-)administrators point of view.My talk will describe the components of a enterprise network, based on real world examples (a hosting company network, and a eyeball/access network). The description will focus on IP routing inside the network and connectivity to the internet, and describe how far open source software on modern hardware can push the performance envelope compared to hardware based routers in the core. I will show what one can gain from using OpenBSD in this role and were the current limits are.
Further areas i will touch (time permitting) are the capabilities of OpenBSD software for
* monitoring
* loadbalancers/firewalls
* traffic analysis
* running Virtual Private Networks
and
* how to design the network for resilience and safe operation
I also want to cover the aspect of maintenance and upgrades and how to handle changes to the network and changes in the software while keeping the network running.
I will try to present the topic in a way that is helpful to admins who need to start or expand a network and need additional tools at hand.
Sebastian Benoit
video
16:0001:00DMS 1160Reproducible Builds in FreeBSDlectureenThe goal of reproducible builds is to allow anyone to build a byte-for-byte identical copy of a software package from given source code, to verify that no flaws have been introduced in the compilation process. This talk will present an introduction to reproducible builds, explain why build reproducibility is desirable, discuss the current state of build reproducibility in FreeBSD, and examine some of the techniques used to obtain reproducible builds.Reproducible builds are a set of software development practices which create a verifiable path from human readable source code to the binary code and software packages distributed by an operating system vendor. This allows others to rebuild the same source code and produce an identical binary, package or other artifact, to verify that no flaws have been introduced in the compilation process either by the compiler or by those managing the build and release of the software.
Reproducible build efforts have been ongoing for a number of years in a number of projects, FreeBSD included. Reproducible builds provide both security and assurance benefits, and operational benefits unrelated to security or detection of malfeasance. For example, reproducible builds reduce package mirror traffic by avoiding the creation of new/changed packages without a source code change.
Reproducibility efforts in FreeBSD started several years ago on a somewhat ad-hoc basis, but over the last year build reproducibility has become a topic of greatly increasing interest, with a combination of efforts from upstream software developers and open source operating system developers and packagers. There are many reasons software does not build reproducibly, including timestamps embedded in object files, timezone and locale settings affecting the build, output that depends on the order in which files are returned by the file system, and metadata stored in archive files.
This talk will:
- present an introduction to reproducible builds
- explain why build reproducibility is desired
- discuss the current state of build reproducibility on FreeBSD and explore reasons builds are not reproducible today
- examine techniques used to obtain reproducible builds
PLEASE NOTE: the original video is not available. In its place, we have the audio track.Ed Maste
video
17:1501:00DMS 1160closeClosing sessionThe wrap uplectureenThe closingFun. Games. Awards.
PLEASE NOTE: the original video is not available. In its place, we have the audio track.Dan Langille
video
10:0001:00DMS 1110Using competitive analysis to increase the effectiveness of operating system fuzz testingHow to reproduce a kernel crash in 10 seconds or lesslectureenFuzz testing has been used to evaluate the robustness of operating system distributions for over twenty years. Eventually, a fuzz test suite will suffer from reduced effectiveness.The first obstacle is the pesticide paradox: as you fix the easy defects, it gets difficult to find the remaining obscure defects. Also, the test execution time and the debug/fix cycle tends to be manual work that can take hours or even days of effort. During the presentation, a structured framework for creating new fuzz tests will be introduced, along with a competitive analysis approach used to minimize defect reproduction complexity.Kirk Russell
github repo
example using FreeBSD
fuzz testing analysis
crashme reference
video
alternate video
11:1501:00DMS 1110FreeBSDA brief history of the early dayslectureenRod Grimes, involved with early FreeBSD, will give a brief history of the early days.Rod will talk about the time from the pre-patch-kit days up to the 2.x releases, with some mysterious history gleaned from the repo logs.Rodney W. Grimes
video
12:4500:45DMS 1110backupBacula for backupsbackups are useless, restores are pricelessmeetingenBacula Birds of a Feather sessionIf you are interested in Bacula, come along and talk about Bacula.
Dan Langille, the moderator of this event, first contributed to the Bacula project in 2004. He likes backing up to disk, then copying to tape.
He also likes using ZFS, taking a snapshot, and backing that up to disk. This is especially useful with FreeBSD jails.Dan Langille
What's a BoF?
13:3001:00DMS 1110Through the WireMeasurement and Improvement of a software based IPsec implementationlectureenThe FreeBSD operating system has had at least two software based implementations of the IPsec protocols since they were first standardized in the 1990s. The original IPsec code came from the KAME project, along with IPv6, and later, a faster version of IPsec was added in parallel. The two code bases were merged into what is currently present in FreeBSD to this day. As part of our continuing longitudinal study of the performance of the network subsystems we have turned out attention to IPsec, looking at both the performance of the overall framework as well as the performance of more recent encryption and authentication protocols such as AES-GCM. Utilizing the native performance tool set on FreeBSD, including hwpmc(4) and DTrace we have tracked down various bottlenecks within the system and propose changes to clear them.For this talk we will cover a baseline and two cryptographic implementations of the Advanced Encryption Standard (AES) Galois Counter Mode (GCM) that are a part of the IPsec subsystem in FreeBSD. We show the base performance of the system, the overhead induced by software crypto and the performance gain from hardware assisting instructions. Along the way we demonstrate how we do the measurements and what they mean for the system overall.
For the current study we looked at the performance of the IPsec framework with three different configurations, while using the same network topology. In each test we ran multiple trials using the iperf3 program to generate single as well as parallel streams of packets between a source and a sink across a VPN tunnel. Our variables were the encryption and authentication algorithms used as well as whether or not specialized cryptographic instructions were enabled on the CPU.
George Neville-NeilJim Thompson
video
14:4501:00DMS 1110RISC-V: Berkeley Hardware for Your Berkeley Software (Distribution)lectureenRISC-V is a new, completely open instruction set architecture from UC Berkeley, the birthplace of BSD. Berkeley has released a BSD-licensed processor implementation (Rocket), and they are building up a full software ecosystem for RISC-V. In this talk, I will describe the current status of FreeBSD and NetBSD on RISC-V. My hope is that we will eventually have RISC-V support for *all* the BSDs. After all, BSD software deserves BSD hardware.I will provide an introduction to the RISC-V architecture as well as a discussion of the various RISC-V SoC options. I will also show how BSD kernels interface with the RISC-V architecture. This talk is meant to be a quick start guide for BSD hackers who are not familiar with the RISC-V architecture.
Arun Thomas
video
16:0001:00DMS 1110Porting bhyve on ARM-based platformsCurrent status of bhyve-on-armlectureenIn the last years ARM has developed hardware assisted virtualization in its processors too, thus enabling them to run performant virtual machines. bhyve is the current FreeBSD hypervisor, but unfortunatelly only runs on x86-based platforms. The aim of this project is to port bhyve on ARM-based platforms.bhyve was originally developed for x86-based platforms, the kernel code being written in the machine dependant part of the kernel (amd64/vmm). The exposed interface was made to be as generic as posible in order to be usable in the future by other platforms. As a first step I duplicated in arm/vmm the interface exposed in amd64/vmm, eliminating the x86 dependant variables. Than I've implemented the low-level context switch code that saves and restores the state of a virtual machine (arm/vmm/*.S files). ARM offers support only for a Type-1 hypervisor (running without the support of a HostOS). The HostOS doesn't run in the highest priviledge level. At this step we created the concept of "microvisor" which runs in the highest priviledge level (HYP-Mode) and context switches from the Host-OS to the Guest-OS whenever is needed (basically is a bridge between the VMs and the HostOS).
Any virtualization solution needs userspace utilities to control the state of a VM. We have rewritten the bhyve* utilities for ARM (bhyveloadarm and bhyvearm). Until this moment we are able to boot a virtual machine on an ARM platform that supports virtualization extensions (ARMv7e - CortexA15 on FastModels) until the interrupt controller gets initilized. The virtualization of interrupt controller and the timer are work-in-progress at this moment. In the next month we want to finish-up the current work-in-progress to have a fully functional virtual machine running on top of FreeBSD using an ARM processor.
Also in parallel there is a project trying to run bhyvearm on a real hardware platform from ARM: Exynos5250.
The goal of this talk is to give a status report of the whole project (porting bhyve on ARM) and may be a little demo.Mihai Carabas
Resume of the current bhyve-arm work
SVN repo with the written code
video
10:0001:00DMS 1120netmap-fwdAn IP router over netmap for FreeBSDlectureennetmap-fwd is an userland router application over netmap for FreeBSD, easy to use, tightly coupled with the O.S. and aimed at 10G networks.
netmap-fwd closes the gap between the netmap framework (and current applications - VALE switch, bridges, ipfw) and the well known FreeBSD network stack.
You can now route your packets as you always did with all the benefits of netmap performance and features.This talk presents the current state, implementation details, performance data, usage and gives an idea of what is in our roadmap.
netmap-fwd was first presented in Brazilian BSDCon.Luiz Otavio O Souza
netmap-fwd github repository
video
11:1501:00DMS 1120Booting from Encrypted Disks on FreeBSDGELI in the boot codelectureenFreeBSD has supported disk encryption with GBDE and GELI since 2002 and 2005 respectively. However, booting the system required storing the loader and kernel unencrypted so that the requisite GEOM module could be loaded to handle decryption. This became a significantly larger stumbling block with the introduction of ZFS, as having multiple separate partitions detracts from the advantages of ZFS, and also causes headaches when upgrading the operating system. With the growing popularity of ZFS Boot Environments, a solution was needed that allowed the kernel and loader to remain part of the primary file system, even if it was encrypted. This paper provides an overview of the design of the GELI enabled boot code and loader, as well as the numerous challenges encountered during their development.A walk through the tale of woe that was implementing support for GELI in the FreeBSD bootcode and loader. Hear the story of a very junior developer persisting through countless complications and roadblocks to finally arrive at working code. Learn just how complicated it is to boot a computer, and how much worse it can get. In the end, we are left with working ZFS Boot Environments, even with fully encrypted pools.
Overview:
* The x86 boot process
* MBR
* GPT
* Investigation Stage
* Initial Implementation
* Roadblocks
* Dealing with UFS
* Overcoming Limits
* Adding More Encryption
* Password Caching
Allan Jude
video
12:4500:45DMS 1120pgpBSDCan PGP Key Signing PartymeetingenWe will be having a PGP Key Signing Party at BSDCan 2016.
A GPG keyring with all the public keys on the key list will be posted at https://github.com/njthomas/bsdcan-keysigning-party once keys are collected.
More information on what a keysigning party is:
http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html
https://www.socallinuxexpo.org/scale/14x/pgp-key-signing-party
https://wiki.apache.org/apachecon/PgpKeySigning
Should you wish to participate, here are the instructions:
Preparation
-----------
Email your key to njt@ayvali.org, preferably well before the session starts. To get your key in emailable form use this command:
$ gpg --armor --export KEY_ID > mykey-$USER.asc
Then copy and paste the contents of this file in an email. The key list, and a GnuPG keyring export will be available for your convenience at the following URL:
https://github.com/njthomas/bsdcan-keysigning-party
Things to Bring
---------------
* Physical attendance
* Positive picture ID (two piece of ID are recommended at least one should be government issued)
* pen/pencil, something to write with
* no computer
During the Event
----------------
We will distribute printed copies of the key list to everyone participating. Everyone will verify the fingerprint of their keys. Everyone will identify every other participant.
Afterwards
----------
Go home with the list of keys you have verified and sign the key.
Need more info? Email njt@ayvali.org
N.J. Thomas
What's a BoF?
video
13:3001:00DMS 1120FreeBSD and GDBlectureenThis talk will focus on FreeBSD-specific details the gdb debugger in the devel/gdb port.In the past year, several changes have been added to devel/gdb (many of them upstreamed) including support for fork following and a new thread target. In addition, the kgdb kernel debugger has been ported to GDB 7.x including support for cross-debugging crashdumps. The talk will cover both the use of these recent changes as well as how they were implemented.
John Baldwin
video
github
14:4501:00DMS 1120Modern tooling to assist with developing applications on FreeBSDFaster tooling to reduce friction with release engineering for applications running on FreeBSDlectureDiscuss a workflow and the tooling for FreeBSD engineers to develop locally on their laptop (OS-X, Windows, or FreeBSD), and push applications to bare metal or the cloud. The tooling required to provide good automation from a developer laptop to production takes time to evolve, however this lecture will jumpstart a series of best practices for FreeBSD engineers who want to see their business applications run on FreeBSD.Developers are increasingly iterating and collaborating on golden images that are pushed to production at scale. This lecture will showcase:
*) How to create a "golden image" or "stem cell image" using Vagrant, Packer, and custom FreeBSD kernels
*) Perform development on a local host
*) Create a golden image using Packer that a release engineering team can deploy
*) How to customize the image using configuration management tools such as Ansible, Chef, Puppet, or Salt
*) Deploy the image to various cloud providers such as Digital Ocean and AWS
This talk will provide necessary bootstrap configuration snippets and commands required to let a developer begin using best practice development strategies. The world has evolved from administrators and developers tending to named servers and treating them as pets. Instead, we increasingly live in a world where applications and their servers are cattle and they need to be managed using abstract, automated and trusted strategies.Sean Chittenden
Packer homepage
Vagrant homepage
video
slides
16:0001:00DMS 1120LLD: A new linker for FreeBSDlectureenThe default linker shipped with FreeBSD base system (the last GPLv2 version of GNU ld) is showing its age. Lack of LTO, missing support for newer architectures (e.g. AArch64) and poor performances are increasing problems over time. As a supporting evidence of this thesis, DragonflyBSD recently switched from GNU ld 2.7 to gold (http://www.dragonflybsd.org/release44/).
FreeBSD ships with external toolchain support for those architectures which support is missing but this has maintainability problems. This talk explores LLD, a new BSD-licensed linker developed as part of the LLVM project. LLD is thought to be fast (early test show it being at least on par with gold while linking LLVM itself) and quasi-compatible with GNU ld. We take a look at the history and overall design of LLD and propose a path to integrate it in FreeBSD-11.Davide ItalianoRafael Ávila de Espíndola
video
10:0001:00DMS 1140OpenBSD rc.d(8)lectureenOpenBSD has always used the traditional static BSD initialization script: /etc/rc.
While dependable, it did not allow for easy integration with monitoring, configuration management software and/or any kind of tools requiring automated service handling.
rc.d(8) was developed to abstract service management while pertaining the existing behavior like predictive and sequential start-up ordering (dependency-less).The way OpenBSD boots hasn't changed much since its inception.
This presentation will describe the OpenBSD rc.d(8) framework and rc.subr(8) daemon control routines.
While it resembles other implementations, it was written from scratch to match the project objectives (simple, ordered, non-intrusive).
I will describe the internals of rc.subr and talk about the implications that it had on the traditional BSD start-up sequence.
I will detail our requirements as well as the existing implementations and alternatives and explain why it was decided to write one from scratch. I will show how we managed to plug ourselves into the existent without having to transform it. I will describe how to use the rc.d control scripts and how start-up scripts look like. I will then introduce rcctl(8): an all-in-one utility for managing rc(8) daemons and services and look at how it helped orchestration and configuration management tools to work on OpenBSD (feature wise it is kind of a merge between the service(8) and chkconfig(8) utilities and a sysconfig editor as found in Red Hat).Antoine Jacoutot
video
11:1501:00DMS 1140Improving the FreeBSD Translation ToolslectureenTranslation of FreeBSD’s English documentation into other languages is extremely important to users and the FreeBSD project itself.
The old methods used to translate FreeBSD documentation are very labor-intensive. Existing translators have difficulty keeping translations up to date, new translators are discouraged by the depth of expertise required to translate, and even writers working on the English original documents must take extra steps to accommodate translations.
The gettext PO translation system automates much of the work and provides new abilities to make translation easier and faster, to share the work with other members of a translation team, and to reuse previous work. The PO translation tools have now been implemented for translating FreeBSD books and articles and this new method has begun to revitalize our translation efforts.
Here we describe the benefits of translation, the difficulties with the old method, the benefits of the new system, and some potential challenges and possibilities for the future.Warren Block
video
12:4500:45DMS 1140Amateur Radio and SDRBoFmeetingenAmateur radio users and those curious about radio and SDR meet and discuss hardware, software, triumphs and challenges with pursuing the hobby on BSD.Come talk all things radio!Aaron Poffenberger
What's a BoF?
video
13:3001:00DMS 1140Limits and the practical usability of BSDs, a big data prospectiveotherenThe Auton Lab, part of Carnegie Mellon University's School of Computer Science, is a premier Statistical Data Mining group. We are interested in the underlying CS, Mathematics, Statistics and A.I. of detection and exploitation of patterns in data. We build practical large-scale deployments of very highly autonomous self-improving systems.The Auton Lab computing infrastructure consists of about 40 large servers, 20 desktops and over 20 virtual instances, independently maintained from the scientific computing grid of the School of Computer Science. Three years ago I almost accidentally put on a system admin hat. Being a life long UNIX user and BSD hobbyist for the past 10 years I naturally tried to use BSDs whenever possible while rebuilding our internal network formerly ruled by penguins.
In this short talk I discuss limits and the practical usability of BSDs (Open, Free, and DF) and the obstacles of completely getting rid of penguins. Why is utilizing AWS further complicating my calculus?
Predrag Punosevac
video
14:4501:00DMS 1140FreeBSD based high density filersStudy and design of the storage backing the Gandi hosting serviceslectureGandi has been replacing its old Nexenta filers with new one FreeBSD based. This talk will expose the reason of this choice, the policy regarding patches and contributions, the design of the new filers and the setup of a regression test lab.For many years, all storage backing Gandi services has been provided by customized Nexenta based filers. For various reasons that will be exposed it has been decided to replace them with new ones.
A study was made comparing the different possible candidates: Illumos based OS, FreeBSD, ZoL, resulting in the choice of FreeBSD.
The talk will cover the design of the new filers, the migration process, the patches and contributions that where made to FreeBSD.
PLEASE NOTE: the original video is not available. In its place, we have the audio track.Baptiste Daroussin
video
16:0001:00DMS 1140FreeBSD 8 to 10One ISP's journey forward and backward in timelectureenThis talk will discuss OARnet's (regional nonprofit ISP) ongoing transition of 100+ servers providing network services and management infrastructure from FreeBSD 8 to 10 and the work done to make this possible. The transition had two major goals: Integration of modern changes and updates with legacy modifications focused on minimizing custom work; and raising the already high standards for uptime and reliability of services our customers have come to expect. It was very important for this transition to find the right balance between progress and tried and tested designs.This transition had to find solutions for limited physical access limiting install/provisioning options, limited personnel(1 person), all software being compiled from source by hand for legacy reasons and more. All of these were overcome with careful engineering and integration of parts of FreeBSD, PC-SysInstall for installs with modifications for provisioning, Life-Preserver for backups, ZFS filesystems, and many more technologies.
I will be discussing how we (OARnet a regional nonprofit ISP) made the transition from FreeBSD 8 to FreeBSD 10 which involved touching many systems including the install process(PC-SysInstall), system provisioning(custom), backups(Life-Preserver),and others.
The transition FreeBSD 8 to FreeBSD 10 was accomplished by first identifying a mix of past decisions that had been made starting in the freebsd 4 era and making stops at 6 and 8. Then sorting the decisions made and carried forward into their underpinnings which mostly fell into 4 categories:
- inspired designs
- obsoleted technical issues
- personal preferences
- coin flips
These decisions were combined with our use case for servers and restrictions from various sources especially time to come up with a FreeBSD 10 infrastructure that was easily maintainable and superbly stable.
This is really in the end about my discovery of the lesson that many are already aware of which is "your problems are not just your own when it comes to system administration". Simply said most problems a sysadmin face have solutions that are already out there and that there are usually many interested parties if there isn't a shared solution . I believe this is one of the great strength of open source software. This talk is also my attempt to share some of my own/OARnet's solutions in return and as thanks for all the great ones I’ve gotten from the community. Nick Wolff
video
09:3000:30DMS LobbyTea, coffee, snacks nom nom nomotherenGet your lunch and head into your favourite BoF session.Lots of BoFs, get in early.Dan Langille12:1501:15DMS LobbyLunchnom nom nomotherenGet your lunch and head into your favourite BoF session.Lots of BoFs, get in early.Dan Langille14:3000:15DMS LobbyTea, coffee, snacksnom nom nomotherenGet your lunch and head into your favourite BoF session.Lots of BoFs, get in early.Dan Langille18:3004:00Lowertown BrewerygatheringLowertown BreweryClosing Social EventotherenWe have a major social gathering schedule for Saturday night after the talks. You *should* pay for this event during your registration. Cost $30.
If you forget to register, email us ASAP so we can get the numbers right. Also, email us if you want to bring someone. You'll be able to pay when you pick up your registration pack.
Lowertown Brewery is in the Market area of Ottawa, about a 15 minute walk from the conference venue. We will have exclusive use of the venue.
There will be a cash bar. Local beer brewed by the venue is available.
Everything starts at 6:30pm with the main meal at 7:45pm. There will be lots of food available before the meal. You won't go hungry.The evening will start with snacks & mini-sandwiches circulated by wandering staff, while you mingle. But don't fill up on that! There is lots of food to follow.
Snacks:
* Maple Candied Bacon with Peanuts
* Smoked Chicken Wings
* Smoked-Butter Popcorn
* Spiced Beer Nuts
* Pickled-Deviled Eggs
Mini-sandwiches:
* Greenbelt, smoked tomatoes, white bean hummus, cucumber, pickled onion
* Shaved Roast Beef, roasted red peppers, horseradish aioli
* Pulled Chicken club, maple bacon, cranberry jam, smoked tomato
* Pulled chicken, dried cranberries, toasted almonds, scallions, mayo
* Hot-Smoked salmon, dill cream, fried capers, pickled onion
Also available at various stations will be:
* Veggie Platter, dill cream cheese
* Domestic Cheese Platter with Crostini
* Sliced Fruit Platter
The main meal will be family-style. The following dishes will be at each table:
* Kale Salad, lemon shallot, tomatoes, seeds
* Creamy Coleslaw
* Smoked Meat Platters: brisket, smoked meat, porchetta
* Hot-smoked Cauliflower, navy bean hummus, smoked pumpkin seeds, roasted kale
* Seasonal Local Vegetables
* Roasted New Potatoes, Rosemary, Garlic
* Warmed Artisan Bread and Whipped Garlic Butter
Desserts:
* nanaimo (if you have never had nanaimo, you really must try it!
* maple butter tarts
* assorted cookiesDan Langille
Lowetown Brewery website
Official Conference Map (includes Lowertown Brewery location)
12:3002:00DMS 1150bsda2BSDABSD CertificationotherenTake the BSDA certification.The BSD Certification Group Inc. is a non-profit organization committed to creating and maintaining a global certification standard for system administration on BSD based operating systems.
YOU MUST register and pay for this event. See the link for details.Dru Lavigne
Register here