Talks Speakers

Summary: This talk describes the evolution of the governance of the FreeBSD project from the time of its conception until the present day. It has been presented at the BSDCan conference in June 2018.

Description: All open sources projects develop a culture. Often the culture builds organically, but as a project becomes larger and more successful it is necessary to put more formal governance in place to ensure that the culture is robust and welcoming.

This talk studies the evolution of the culture and governance of the FreeBSD project. It begins by looking at the formation of the FreeBSD project and the organizing principles of its founders.

As the project became more successful, it began being used and depended on by companies which in turn required that the adhoc governance become more structured and documented through the adoption of a set of bylaws.

The talk will cover the governance issues that the project has had to handle in recent years including:

• FreeBSD Source-Code Control
• FreeBSD Workflow
• Guidelines on How to Work and Play Together
• FreeBSD Recruitment
• FreeBSD Development Model
• FreeBSD Core Team Interaction with the FreeBSD Committers
• FreeBSD Security Team

The talk concludes by prognosticating on future governance issues that may have to be handled.

Dr. Marshall Kirk McKusick’s work with Unix and BSD development spans nearly forty years. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the University of California at Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past forty years.

Describe the design of the system of boot environments deployed at ScaleEngine to quickly, atomically, and safely update 100s of remote FreeBSD servers.

Overview: – How the file system hierarchy is modified to allow the systems to be upgraded in-place – How we use ZFS to create and deploy the boot environments – Simplifying the creation of the BEs using poudriere image – Using zfsbootcfg to boot a new BE once – How we determine if the BE “works” and should be promoted to the default

Motivation: – We often have only SSH access to the machines, so we needed something that could self-recover just by power cycling the machine – No longer need to use freebsd-update, mergemaster, or etcupdate

Future Work: – Extending zfsbootcfg to detect repeated failures

• FreeBSD doc (2014), and src (2015) committer. FreeBSD Core Team (2016-2020)
• Co-Author of “FreeBSD Mastery: ZFS” and “FreeBSD Mastery: Advanced ZFS” with Michael W. Lucas
• VP Operations at ScaleEngine (live video streaming using FreeBSD)

Over the last 15 years, the author have introduced successfully FreeBSD in various professional environments. This talk will focus on the reactions discovering FreeBSD, it will cover the good surprises from end users, the bad ones and the really ugly ones.

During the last 15 years, the author has introduced FreeBSD in various companies, for various usage, from remote desktops to database servers, from routers to storage servers. The talk will cover the myth about FreeBSD people often have and how there usually surprised in a positive way by FreeBSD when actually really using it. What are the main blockers? How do people react when having to change some of there linux centric habits?

In some cases FreeBSD has really simplified the workload and maintenance, in other cases it has been a real pain to do things that were actually really simple on linux.

FreeBSD committer since 2010, author and maintainer of pkg(8), author of poudriere. Member of the portmgr team since 2001 Member of the core team from 2014 to 2018

The talk will describe the FreeBSD operating system port for the IBM POWER8 System on a Chip family. POWER8 are massively parallel 64-bit RISC microprocessors designed for the server market and optimized for Cloud and Big Data workloads. A single POWER8 socket contains up to 12 physical CPU cores, each divisible to up to 8 SMT threads.

The main focus is to provide a bottom-up overview of how the FreeBSD platform support for POWER8 was implemented and present the benefits and pitfalls of the PowerPC-64 technology in terms of OS development. I will describe key components of the POWER8 system and explain how they are supported in FreeBSD. Finally, possible fields of further improvement will be pointed out briefly.

Michal Stanek is a software engineer interested in operating systems, hardware and security. He has worked on multiple FreeBSD projects at the company Semihalf in Poland. His contributions to FreeBSD kernel include platform and device driver support for Annapurna Alpine, Cavium ThunderX, Marvell Armada38x and IBM POWER8 SoCs. He has also worked on high-performance networking software using DPDK framework.

What are kernel sanitizers and why are they helpful in development process and in spotting bugs? How do the they compare to userland counterparts and other tools in the kernel.

In this talk we will discuss about the recent development and porting of the kernel sanitizers in the NetBSD Operating System, in particular:

• Kernel Undefined Behavior Sanitizer (KUBSan, unspecified semantics in runtime detector),
• Kernel Address Sanitizer (KASan, memory error detector).

We will discuss how the Kernel Address Sanitizer (KASan) build option was integrated with the kernel configuration and kernel Makefiles.

We will explain what is a shadow buffer, why is it needed in this sanitizer and how is it implemented in the NetBSD kernel. What is using the shadow and how? What are kernel specific interceptors of standard operations like memcpy()?

Detecting bugs can report false negatives and false positives. How do they differ for real bug reports and how to prevent false negatives with quarantine lists.

Building and running NetBSD built with KASan and KUBSan detected several real bugs in the kernel code and we will also look to a selection of the fixed problems.

Siddharth Muralee

Siddharth is a second year UG student from Amrita University, Amritapuri, India.

He is a Google Summer of Code’ 18 student with the NetBSD foundation. He is pretty new to BSD operating systems scene.

He is currently an active member of team bi0s. According to Ctftime.org, Team bi0s – the CTF(Capture the Flag) team affiliated with Amrita University, is currently ranked number one in India. He is a big fan of Kernel exploitation and memory corruption.

Kamil Rytarowski

Kamil Rytarowski has been NetBSD users since 2013 and a NetBSD committer since 2015. He is also a team member of the EdgeBSD project with interest of NetBSD usability on desktop. Author of the .NET port to NetBSD, LLVM committer. In previous life GNU/Linux desktop user, enthusiast and since some point developer.

Livepatching FreeBSD kernel. This year started with security issues that nobody from the industry can pass indifferently, and for a long time will stay in our memory. Today’s most popular OS kernels contain the live-patching feature, which allows the user to take actions faster to mitigate the security issues without the need to restart the machine. This approach can be really beneficial for some user that used to reduce downtime to an absolute minimum. This talk will describe a proposed design of live-patching feature for FreeBSD, comparing to existing solutions in other kernels, and also describe some initial implementation.

Maciej is a Software Engineer at Veritas Technology where working on Veritas Filesystem, maintain and help company customers with the different challenges. He started his career by writing software for embedded devices, but during the time he focused more on UNIX servers. He has experience with Device Drivers and Application stacks on Linux and FreeBSD. Previous working experience includes companies like Intel, NTT or Samsung.

We will explore packet forwarding, routing, filtering, and stateful functionality (e.g. NAT) code paths through the use of DTrace on FreeBSD & DragonflyBSD, and gprof on OpenBSD & NetBSD, highlighting any interesting differences in algorithms and data structures. Then examine the native/base packet filters’ (ipfw2, ipfw3, pf, and npf, respectively) performance handling line rate (64byte packets) and IMIX traffic in a number of common rule sizes & configurations.

Aaron A. Glenn is a internetworking curmudgeon and independent consultant/advisor to telecommunications service providers on IP/Ethernet, and optical network design and operations. He has spent the past fourteen years designing and operating service provider backbone and access networks. If he has any claim to fame, it may be the time he designed the first optical backbone in greater Somalia, connecting Hargeisa to Djibouti, while having organized and led a team continuing to operate it to this day.

Multicast is a routing scheme commonly used in context of multimedia streaming, financial institutions, and data distribution. Multicast heartbeat – mbeat – is a set of tools performing testing of multicast network setups.

Both functional and performance tests are covered by the tooling, enabling the assessment of the network infrastructure prior to, or during to its usage, in various metrics. Orchestration of large tests is covered by separate tooling. The software suite is written in pure C99 with zero dependencies and focus on minimal resource usage, assuring great portability across a complex and varied infrastructure.

Daniel is a reliability engineer in London. His focus lies on infrastructure and systems programming, covering mainly computer networks. Prior to that, Daniel has been part of the scientific information service at CERN in Geneva, participating in development and deployment of software. Daniel’s other interest is his software engineering studies at Oxford, with particular interest in risk and quality trade-offs, software testing, and agile methods.

This talk presents this collection of enhancements required to provide Virtual Private Clouds using FreeBSD. We will walk through some of the problems seen with running FreeBSD as a hypervisor, the kernel modifications required to provide performant bhyve guest networking, and the required userland administrative interfaces required to stitch together a working VPC based on FreeBSD/VPC.

bhyve is a useful compute platform for delivering gusts using FreeBSD as a hypervisor, but limited by the networking virtualization stack in FreeBSD.

FreeBSD/VPC brings cloud networking semantics to FreeBSD administrators. FreeBSD/VPC is a suite of kernel modules that provides performant and highly configurable networking for bhyve guests. With the use of a new kvirtio_net backend for bhyve guests and a new suite of VXLAN-related network interfaces, it is possible to provide >30Gbps of encapsulated network throughput between Linux VMs running on top of FreeBSD.

While the configuration and management of virtual routing tables has been possible, it has been complex and not practical at scale. Along with new kernel interfaces, many enhancements to the usability of FreeBSD’s network virtualization layer have been made to allow for simple administration of VXLAN.

This talk presents this collection of enhancements and walks through some of the problems seen with running FreeBSD as a hypervisor, the kernel modifications required to provide performant bhyve guest network performance, and the userland administrative interfaces required to create a VPC.

• Slides

Sean Chittenden is a pluralist infrastructure engineer. He is a long-time participant of the FreeBSD and PostgreSQL communities with over 15+ years experience at building and managing data center applications. Sean tick-tocks back-and-forth between operations and engineering roles. At Groupon Sean helped design and build Groupon’s internal Database-as-a-Service. More recently Sean worked at HashiCorp and is currently at Joyent where he is working to meet the needs of Samsung-scale computing. Sean’s current project is to build a new dual-stack cloud platform.

In security, the small things can be the most eventful.

Thanks to some sysadmins, we now have a full network of http/https mirrors around the world.

Switching to https was full of surprises. It turned out to not be confidential at all.

Thanks to the predictability of pkg_add, a third party can reconstitute the full set of packages installed or updated by observing the encrypted tcp connection.

Work has been done to make https as fast as http, and also to actually hide that information.

On the ports side, switching to priv-sep’d, chroot builds by default proved to be problematic, maintenance-wise. The challenge is the user: making things as simple to use as possible while not compromising security.

Researcher/Teacher in development security at Epita

Architect of the OpenBSD packages and ports system

During the last three years, lots of further progress has been achieved in many areas of mandoc – even though i already explained at EuroBSDCon 2015 in Stockholm how it managed to become the standard BSD documentation toolkit.

This year’s presentation will focus on two specific points: Display of documentation on the world wide web on the one hand, and lessons from working on LibreSSL documentation on the other hand. Besides, a brief summary will be provided regarding other progress in mandoc – SQLite removal, parser reorganisation and better support for low-level roff(7) abuse in ports manuals, progress in tbl(7) and eqn(7), and more.

During 2016-2018, more than ten different important improvements were implemented for manual page display on websites like man.openbsd.org. Many of these improvements profit from the specific strengths of the mdoc(7) semantic markup language and the systematic way how the mandoc toolkit handles that language. The resulting improvements in hyperlinking, markup, and contextual information would be impossible with weaker markup languages like man(7), markdown, or perlpod(1), or with weaker parsers and formatters like groff.

The progress in WWW display quality is such that the mandoc toolkit now starts to become influential even beyond the BSD world – both Debian and Arch Linux now use the mandoc parser and formatter for their official online manuals, too.

Unfortunately, the github epidemic plague has somewhat popularized the markdown language for documentation. I shall explain why markdown is a textbook example of how a language must not be designed, why you should never write any of your documentation in markdown, and how you can use mandoc when other people force you to provide a markdown version of your documentation in addition to the real thing, which of course you maintain in mdoc(7).

The translation of the LibreSSL manuals to mdoc(7) makes all the nice features mentioned in the first part of the talk available for this vast and confusing library, where good support for searching and linking matters even more than in software that is better designed. I shall briefly explain how the conversion, polishing, and ongoing maintenance has been done, and then focus on lessons about library design in general that were learnt from this work.

The presentation will wrap up with a brief status report on mandoc adoption and a brief overview of open tasks.

Ingo Schwarze has been a programmer since 1976, a UNIX user since 1995, an OpenBSD user since 2001, and an OpenBSD developer since 2009. He maintains the OpenBSD in-tree mandoc since 2009, the portable mandoc distribution since 2013, the OpenBSD textproc/groff port since 2011, and he is a member and committer in the GNU troff project since January 2018. He also contributed to various parts of the OpenBSD userland, for example by the Perl rewrite of the security(8) script in 2011, improved UTF-8 support in many userland tools in 2016, and integration of POSIX xlocale functions into the C library in 2017. Currently, he performs a
security audit of the free kcgi(3) and ksql(3) libraries as an independent contractor on behalf of CAPEM Inc.

This talk covers techniques for monitoring FreeBSD systems.

Monitoring of large numbers of systems is a complex balance between being sensitive to abnormal conditions that indicate problems, and filtering out false positives. Modern operating systems offer a large number of metrics to monitor, but not all are useful, and many of the things that are useful to monitor are not immediately apparent, or are difficult to find for someone new to monitoring large numbers of servers. The same error can have a different meaning or cause depending on other factors on the system, and without proper monitoring, it will be difficult to track down the source.

In the talk we will explore the practicalities of monitoring points such as SNMP, Unix utilities, ICMP, and connectivity tests. We will expand on some of the useful parts of these, as well as ways to tie this data together to give us a useful view of what is happening on our servers. This includes practical examples of derived from an environment of over 100 globally distributed servers.

We will also delve into a couple of weaknesses of existing monitoring points and how we can overcome them.

I am a system administrator working at ScaleEngine in Hamilton, Canada.

I oversee a fleet of over 100 globally distributed servers and perform day to day management of the ScaleEngine video streaming CDN, with extensive experience in monitoring and automation of FreeBSD systems. When I’m not at my desk, I enjoy playing with older computers and networking systems, as well as good beer and coffee.

The DNS protocol is the foundation of communication in the Internet. New developments inside the Internet Engineering Task Force, responsible for the Internet Standards (RFCs), are changing the way how name resolution in the Internet works. This talk will introduce DNS-over-TLS and DNS-over-HTTPS and will discuss the implications of these new protocols to network administration and network security. As a round up, it will present the current state of DNS-over-TLS and DNS-over-HTTPS in the BSD systems (covering Open-, Net-, Free- and DragonFly-BSD).

Carsten Strotmann works for more than 25 years in the field of DNS and is a user of FreeBSD and OpenBSD since the late 1990ies. He is an author for the German computer magazine c’t, trainer for ISC and Men & Mice on “DNS & BIND” and teaches DNS, IPv6, Network- and Server-Security for BSD and Linux at Linuxhotel in Germany.

Building a Boot Environment Manager for DragonFly BSD

As many users may be aware, DragonFly BSD’s recently declared the HAMMER2 filesystem to be stable and suitable for use. Since this is a CoW filesystem, and allows mounting of arbitrary snapshots of any PFS (analagous to ZFS datasets), we can define a custom scheme of creating and managing snapshots of any mounted HAMMER2 PFSes and updating the fstab accordingly.

Turns out beadm(1) is a shell script

While investigating how beadm actually gets ZFS dataset information, I discovered it’s actually a very clever mix of sh and awk, which is not what I expected. Since I’m using C, things are a bit more complex. So I’ve had to get into the VFS layer of DragonFly BSD to query which filesystems are mounted, and then get and manipulate their names internally, which has quickly turned into a much more complex task than initially expected.

My talk would include discovery of interacting with the VFS layer, working with file I/0 as it’s necessary to either modify or re-draft /etc/fstab with this utility, and checking for root privileges where necessary.

https://exile.digital/about/newnix.html

In this talk I will show how to assemble the s8 toolkit into a working init system for FreeBSD and which advantages the resulting system offers over the old startup process.

The ISC licensed s6-rc service manager working on top of the s6 supervision suite is a superior alternative to the current FreeBSD init system. It offers:

• A clean modular design in the tradition of daemon tools
• Mechanism not policy
• Service management
• Clean environments for started daemons and scripts alike
• Automatic service supervision and restarting, reducing the need for manual intervention
• Restart rate limiting, preventing overloading the system
• Readiness notification without polling
• Parallel startup
• A possible replacement for PID 1.

I ported s6-rc and s6 to FreeBSD as replacement for the existing init system by writing the platform-specific early startup code and service definitions to replace the rc.d scripts required to boot a laptop reducing the time from init to xdm login prompt from at least 20 seconds to less than one second.

Return Oriented Programming (ROP) is a common exploitation technique that re-uses existing code fragments (gadgets) to construct shellcode in a compromised program. Recent changes in OpenBSD’s compiler have started to reduce the number of gadgets in 64-bit x86 binaries, with the aim of making ROP exploitation more difficult or impossible. This talk will cover how ROP gadgets emerge from legitimate code, how OpenBSD’s compiler removes these gadgets with RETGUARD and the FixupGadgets pass, the effects of gadget removal on binaries, and what work remains to be done.

Todd Mortimer is a public servant from Ottawa, Canada, where he works in computer network defence. He has a background in penetration testing and Capture the Flag competition, and holds OSCP and OSCE certifications. Todd holds a BSc and MSc in Computing Science from the Universty of Alberta, where he worked on wireless medium access control protocols. He joined the OpenBSD project in 2017 and has been working on compiler-based exploit mitigations.

Not all cloud services respect privacy in the way we might want them to. On the other side, it is quite useful to have the features they provide, like for example – contact synchronization – calendar synchronization – photo sharing – …

Some sysadmin will now say: Just host it yourself! However, if you are not an experienced system administrator, it’s quite easy to get yourself in a situation where you might do more harm then good by running something, if you don’t have the experience. In this talk I will talk about what pitfalls you might get yourself into and how to easily avoid at least some of them.

This talk is mostly target not at the seasoned sysadmin, but more at somebody who does not run systems full time and/or wants to advice others that might fall into that category

I’m currently working mostly as a sysadmin running a variety of systems and infrastructure, both in my professional role as running infrastructure for NGOs in my free time. My first UNIX system was some weird linux distriution when i was still in school back in 1997 and since then have used some free UNIX version almost all the time both privately and when building systems and infrastructure professionally.

In this presentation I will talk about the FreeBSD Graphics effort and the team behind it. I will begin with the kernel drivers and subsystem and work my way through the graphics stack, talking a bit about Mesa, the X server and other software in the ecosystem.

I will also talk about what is going on, and where we are going, as well as challenges working with and porting the graphics software.

This talk is intended to give a broad overview of the FreeBSD Graphics effort and the team. I will not go into too much technical details on each part of the Graphics stack, instead focusing on the big picture.

Niclas has always had an interest for computers and technology.

He has been a FreeBSD contributor for more than ten years, and a committer for six of those, working in the ports tree and sometimes writing documentation. Most notably, he’s involved in the FreeBSD port of the xorg graphics environment and maintain several other ports

When not contributing to FreeBSD, he works as an IT consultant, primarily with IT security and systems administration, or he can be found in the bowling alley, trying to knock pins over.

Yes, his laptop runs FreeBSD.

I will talk about being a BSD user. About how I’ve implemented various technologies on BSD platforms to make my life easier and more secure. I like to find out how things actually work. Knowing how things work requires that you can see how the thing was put together, view the source code, and have constructive conversations with the people who actually make the thing. I’ve learned that teaching people is a powerful learning tool and makes me feel comfortable with the knowledge I have gained using BSD technology. I will talk about how teaching is an outlet for building confidence within oneself. Building confidence is done by doing something scary, or hard like putting yourself out there and teaching someone what you have learned. You never know who will enjoy your teaching style and be able to learn something new thanks to you. I have seen people’s eyes light up when I show them BSD technology in action! They are drawn in and want to learn more. As they learn and grow, the technology grows with them.

I’m an avid BSD User who enjoys learning all the amazing things I can do with BSD to solve issues. I also enjoy learning about and writing Python in my spare time. Python pairs very well with BSD. In my day job I work as a helpdesk technician with The GLOBE Program. www.GLOBE.gov My experience being a helpdesk technician has taught me that I really enjoy helping people learn how to accomplish their goals using technology. I’ve set out to teach what I’ve learned and am spreading the word about Open Source technology wherever I go. My side project for teaching and documenting my experiences is BSD.pw I have big plans for the site and work on it when I can find the time. I’m interested in becoming a doc committer at the FreeBSD Project and am honing my skills with the doc tools so I can learn the ropes.

The compiler-rt LLVM project contains various sanitizers, including AddressSanitizer, MemorySanitizer, LeakSanitizer, ThreadSanitizer, and UndefinedBehaviorSanitizer. Additionally, this LLVM project contains the runtime framework dedicated for catching bugs through the fuzzing technique — libFuzzer.

This talk will be divided into two parts. The first one will cover NetBSD (by a guest speaker Kamil Rytarowski), and the second one will cover OpenBSD & FreeBSD.

Part I Bug detecting software in the NetBSD userland: MKSANITIZER

What are LLVM sanitizers and why are they helpful in development process and in spotting bugs? How do the sanitziers compare to other tools like Valgrind?

In this talk, we will discuss about the recent development and porting effort of LLVM sanitizers in the NetBSD Operating System, in particular:

• Undefined Behavior Sanitizer (unspecified semantics in runtime detector),
• Address Sanitizer (memory error detector),
• Thread Sanitizer (data race detector),
• Memory Sanitizer (uninitialized memory read detector).

We will also look at how the MKSANITIZER option was integrated in the build framework in order to permit building and running of a fully sanitized userland. Kernel and kernel modules that still can be sanitized are handled differently with dedicated config and build flags.

We will present what can be sanitized and what has to be left alone when running the fully sanitized userland.

Building and running NetBSD built with MKSANITIZER option enabled detected several real bugs in applications and libraries. We will also look at a selection of detected bugs.

Part II The status of sanitizers in FreeBSD and OpenBSD

In this part there will be presented the current state of sanitizers in FreeBSD and OpenBSD. I will tell how it started and how I became a LLVM contributor.

In this talk, I will also cover the following topics:

• The fuzzing features using LLVM tools,
• The XRay instrumentation,
• Generic features developed in the context of LLVM toolchain.

The talk will conclude with a discussion of pending work and plans for LLVM 8.0.

David Carlier

French developer living in Ireland since 2012. Get interested, as user, into BSD around 2004 but get involved for various modest contributions, FreeBSD (mainly in professional context), OpenBSD (spare time) and mainly in the userland/packages area. The contributions can go from enterprise libraries/softwares (php/python interpreters), LLVM infrastructure (since 2017 and committer since May 2018 and mainly either static code analysis or sanitizers) to video games (various doom/quake engines, commercial one like barony). Apart of these, write a bit and review articles for BSDMag. Had been interviewed by BSDNow in October 2017.

Kamil Rytarowski

Kamil Rytarowski has been NetBSD users since 2013 and a NetBSD committer since 2015. He is also a team member of the EdgeBSD project with interest of NetBSD usability on desktop. Author of the .NET port to NetBSD, LLVM committer. In previous life GNU/Linux desktop user, enthusiast and since some point developer.

OpenBSD has as much an association with hiking as it does security and stability. But for those of us spending more time below sea-level than above, OpenBSD—and indeed any open source operating system—is a perfect fit in the infrastructure required by diving: photo/video editing and storage, dive planning, and dive computer analysis.

In this image-rich talk, I’ll discuss how OpenBSD (and open source in general) fits into the fields of free and SCUBA diving. My talk will focus on dive planning, which is integral to technical diving; dive computer analysis, integral to free and technical diving; and most of all, underwater photography, which has its place throughout. I’ll pay lip service to videography, but that doesn’t quite intersect with my skills.

All of the images used throughout the talk—from humpback whales in the Pacific to manta rays in the Indian Ocean—were produced on a fully open source chain of components. As were all of the dives themselves, free and SCUBA, backed by an open source toolchain for planning and analysis.

Beyond discussing the tools available, I’ll also discuss how open source is important to the diving ecosystem itself, from hardware to nitty-gritty decompression algorithms.

Open source contributor above and below sea level.

We extend and profile an existing NetBSD kernel module (ext_npf) which adds Lua scripting language support to NPF in the NetBSD v7+ kernel. After tuning this kernel binding for performance, we develop Lua packet filtering scripts designed to mitigate common network security vulnerabilities. We experimentally confirm that scripted packet filtering is viable from the perspectives of performance and flexibility. We find that packet filtering rules implemented in Lua impose a 10-15% performance penalty when compared to equivalent filtering rules expressed using NetBSD’s standard NPF rule language. We confirm these results by profiling performance in several real-world TCP and UDP filtering scenarios. We also implement and experimentally evaluate performance of advanced stateful and deep packet inspection rules which cannot be implemented using standard NPF rules

Andrew von Dollen has over ten years of experience as a Software Engineer, with an emphasis on web / database performance and security. He is currently pursuing an MS in Computer Science and teaches in the area of database systems at Cal Poly San Luis Obispo. His current areas of research interest include database query optimization, operating system scripting, and web/network security.

Following on from Alistair Crooks’ EuroBSDcon 2017 talk, we visit what has gone in to HEAD of the netbsd-src repository over the last year, on the road to NetBSD 9.0. This talk will feature highlights from a diverse range of topic such as security, testing, toolchain, GSoC, platform support and more which will make it into NetBSD 9.0.

Sevan Janiyan is a system administrator from south east England with an interest in a diverse range of operating systems, computers and electronic music. He is a member of the NetBSD foundation focusing on the cross platform packaging system, pkgsrc and the FreeBSD project, as a member of documentation team, maintaining the manuals in the FreeBSD operating system and content on the website.

“To improve is to change; to be perfect is to change often.” – Winston Churchill

There are few subjects which have a greater religious content than version control systems. And yet, at the same time, it is very difficult to track upstream projects changes in a clean and unintrusive manner, especially if local development is also taking place simultaneously, and with non-trivial and intrusive changes and additions to the upstream code base.

I am continually asked how we track upstream changes, when we have multiple upstreams, whether to track HEAD or STABLE, how to best use systems like mercurial or git, how best to manage local changes.

This talk provides some insight into how Netflix’s Open Connect team has managed its tracking and development through different version control software over the years, from subversion, through mercurial, and onto stash and git, including different trees being tracked; and draws some lessons, workflows, branching strategies, and some insights for others who may be going through a similar task.

Minix developer since 1987. 386BSD developer since 1992. NetBSD developer since 1997. pkgsrc founder. NetBSD core team member since 1999. President of NetBSD Foundation 2005 to 2011. Netflix Open Connect repo manager and software release management since 2011.

Fuzzing testing is a more and more popular quality assurance techniques for software. The libFuzzer is a useful fuzzing tool provided by LLVM toolchain. It has the advantages of high performance and good customizability. Thus, integrating the libFuzzer with the NetBSD userland will help to improve the reliability and availability of the operating system. This talk will introduce the detailed libFuzzer integration work of NetBSD userland. It will include but may not be limited to the following points:

• Enabling sanitizers for the userland programs
• Enabling the libFuzzer together with sanitizers for the userland programs
• Providing a set of fuzz-able programs to the users to help find the bugs

This is an ongoing Google Summer of Code project, and here is the introduction of the current progress.

Yang Zheng is a graduate student from Shanghai Jiao Tong University, China. He is interested in the research topics of multicore, operating system, distributed system and so on. In Google Summer of Code 2018, he is contributing to the project of “Integrate libFuzzer With the Basesystem“. And this is one of his publications. LinkedIn. GitHub.

This talk will focus on Pledge and Unveil in OpenBSD. It will discuss Pledge as an attack mitigation mechanism, how it evolved and how it is used in OpenBSD. It will then discuss unveil, it’s relationship to pledge, and how these attack mitigation mechanisms are evolving in OpenBSD

Bob Beck lives in Edmonton, Alberta, Canada

He has been involved in OpenBSD since 1996 and works in various areas in OpenBSD.

Nature is imperfect. We, humans, are products of nature. However, we separate ourselves constantly from it, setting ourselves apart from animals for instance. This distinction is meaningful in the context of technology, the tool at the core of our modern societies, as illustrated by the computer.

For over 50 years now, the computer stems imagination and passion. This relatively young history is littered with abandoned platforms: Digital (Alpha), Silicon Graphics (MIPS), Be (PPC), Sun (SPARC), NeXt (Motorola), to only quote the most famous ones. Nowadays, the most prominent platforms are still based on ancient systems in this context: Intel 8080 (1970) and ARM (1985).

These platforms all require an Operating System, to function as well as to interact with the user. Again, the most popular systems today are ancient, if *BSD (1977) is considered the ancestor to both macOS and Linux, or even Windows (1985). But hardware and software have in common to be designed and implemented by humans, in an analog world, and they are therefore equally imperfect and vulnerable.

Is this imperfection responsible for so many passionate developers to try and write their own Operating Systems, or sometimes even hardware? Or is it simply creativity and imagination that drives entire communities to pursue such massive undertakings? But most importantly, why is it that still today, even though they are part of a world in constant evolution, the current systems still seem to be stuck on arguably archaic cornerstones?

Pierre Pronchery is one of those passionate OSDev hobbyists, through the DeforaOS project and his contributions to NetBSD. Based on his own experience, discoveries and related research, he will explore these questions, and even suggest a new approach for the design and use of computer systems and networks.

Pierre is an independent IT-Security consultant since 2007. He has delivered a number of projects for customers and partners in the financial, telecommunications, and retail industry among others. He is also a systems developer, contributing to Open Source projects, and has organized or participated to international conferences.

Passionate about Operating System development in particular, he is involved with the DeforaOS project since 2004. This work eventually drove him to join the NetBSD Foundation in 2012, where he is currently on the board of directors.

As a new OS hacker, I had to learn a lot to fix some interesting bugs. In this talk I’ll talk about some of my more efficient work setups, pinpointing bugs within the source tree, and how programs are executed.

I’ll mention some real bugs I’ve fixed: – Broken ABI compat for netbsd/mips – Progressing SMP support – Deadlock when allocating memory

NetBSD developer, electrical engineer. Helps maintain NetBSD’s bug database.

One of most praised and enjoyable feature of the BSD systems is the single unified source tree from which the operating system, also known as base, is built. However this advantage has a cost.

Firstly, the cost of porting (or more precisely, rewriting) the build system of third party tools such as compilers collection to the make based BSD build system.

The second source of pain is related to the make program itself. Even though different efforts tried to improve the situation (e.g. the Meta mode), make remains largely inefficient and hard to use correctly.

It turns out that both problems have been quite nicely solved by the Chromium and the ChromeOS projects. Their solution goes by the name of GN. From its README: “GN is a meta-build system that generates NinjaBuild files. It’s meant to be faster and simpler than GYP.”.

This talk will cover my experiment of converting the DragonFlyBSD make-based build system over to GN. After a quick introduction to GN, I will sample some make sources and I will show their GN converted counterparts. The issues which I have identified as road blocks or controversial points will be explained and possible solutions thereof will be called out. A status update will be given and I will attempt to summarize the work remaining to merge this experiment into the DragonFlyBSD operating system.

My name is Benjamin Jacobs and I work in a small linux consulting company in Belgium. I’ve using BSD since OpenBSD 3.0 which at the time served me as an internet gateway and occasionally acting as a dedicated counter-strike server (thanks to the linux emulation).