Show filters Hide filters

Refine your search

Publication Year
Publisher
1-36 out of 117 results
Change view
  • Sort by:
40:08 Berkeley System Distribution (BSD), Andrea Ross English 2015

a stitch in time: jhbuild

BSD porters have always struggled with portability of software written by Linux users and never tested elsewhere. GNOME has been particularly difficult. New releases would come with new headaches, every six months. By the time the issues were addressed and fixed upstream, a new release would be out with new issues. In 2014, the FreeBSD GNOME Project changed their approach. jhbuild is now building the full GNOME stack on FreeBSD systems, at least twice daily, directly out of upstream git master. When portability issues creep in, they are addressed immediately — often with patches going upstream the same day. When it comes time to build ports from release tarballs, there are no surprises. A direct result of this effort has been two on-time releases of GNOME (3.12 and 3.14) in FreeBSD and GNOME 3 finally landing in the official ports collection. This talk will discuss what was done and how it changed the relationship of the FreeBSD and GNOME projects as well as discussing important issues going forward.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
32:13 Berkeley System Distribution (BSD), Andrea Ross English 2015

Adding AES-ICM and AES-GCM to OpenCrypto

Adding additional cipher modes may seem simple, but there are many things to consider. Implementing the modes and ensuring security requires more than a simply coding it up. It requires understanding of different standards and computer architecture to make sure things like side channel/timing attacks are addressed or properly understood. Some design decisions can be made to help ensure that consumers of the interface are able to properly use it.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
13:08 Berkeley System Distribution (BSD), Andrea Ross English 2015

A reimplementation of NetBSD using a MicroKernel (part 2 of 2)

by Andy Tanenbaum Based on the MINIX 3 microkernel, we have constructed a system that to the user looks a great deal like NetBSD. It uses pkgsrc, NetBSD headers and libraries, and passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running, and without user processes noticing it. The talk will discuss the history, goals, technology, and status of the project. Research at the Vrije Universiteit has resulted in a reimplementation of NetBSD using a microkernel instead of the traditional monolithic kernel. To the user, the system looks a great deal like NetBSD (it passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running. The latest work has been adding live update, making it possible to upgrade to a new version of the operating system WITHOUT a reboot and without running processes even noticing. No other operating system can do this. The system is built on MINIX 3, a derivative of the original MINIX system, which was intended for education. However, after the original author, Andrew Tanenbaum, received a 2 million euro grant from the Royal Netherlands Academy of Arts and Sciences and a 2.5 million euro grant from the European Research Council, the focus changed to building a highly reliable, secure, fault tolerant operating system, with an emphasis on embedded systems. The code is open source and can be downloaded from www.minix3.org. It runs on the x86 and ARM Cortex V8 (e.g., BeagleBones). Since 2007, the Website has been visited over 3 million times and the bootable image file has been downloaded over 600,000 times. The talk will discuss the history, goals, technology, and status of the project.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
57:17 Berkeley System Distribution (BSD), Andrea Ross English 2015

A reimplementation of NetBSD using a MicroKernel (part 1 of 2)

Based on the MINIX 3 microkernel, we have constructed a system that to the user looks a great deal like NetBSD. It uses pkgsrc, NetBSD headers and libraries, and passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running, and without user processes noticing it. The talk will discuss the history, goals, technology, and status of the project. Research at the Vrije Universiteit has resulted in a reimplementation of NetBSD using a microkernel instead of the traditional monolithic kernel. To the user, the system looks a great deal like NetBSD (it passes over 80% of the KYUA tests). However, inside, the system is completely different. At the bottom is a small (about 13,000 lines of code) microkernel that handles interrupts, message passing, low-level scheduling, and hardware related details. Nearly all of the actual operating system, including memory management, the file system(s), paging, and all the device drivers run as user-mode processes protected by the MMU. As a consequence, failures or security issues in one component cannot spread to other ones. In some cases a failed component can be replaced automatically and on the fly, while the system is running. The latest work has been adding live update, making it possible to upgrade to a new version of the operating system WITHOUT a reboot and without running processes even noticing. No other operating system can do this. The system is built on MINIX 3, a derivative of the original MINIX system, which was intended for education. However, after the original author, Andrew Tanenbaum, received a 2 million euro grant from the Royal Netherlands Academy of Arts and Sciences and a 2.5 million euro grant from the European Research Council, the focus changed to building a highly reliable, secure, fault tolerant operating system, with an emphasis on embedded systems. The code is open source and can be downloaded from www.minix3.org. It runs on the x86 and ARM Cortex V8 (e.g., BeagleBones). Since 2007, the Website has been visited over 3 million times and the bootable image file has been downloaded over 600,000 times. The talk will discuss the history, goals, technology, and status of the project.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
54:13 Berkeley System Distribution (BSD), Andrea Ross English 2015

An Introduction to the Implementation of ZFS (part 2 of 2)

Much has been documented about how to use ZFS, but little has been written about how it is implemented. This talk pulls back the covers to describe the design and implementation of ZFS. The content of this talk was developed by scouring through blog posts, tracking down unpublished papers, hours of reading through the quarter-million lines of code that implement ZFS, and endless email with the ZFS developers themselves. The result is a concise description of an elegant and powerful system.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
37:38 Berkeley System Distribution (BSD), Andrea Ross English 2015

Feature-rich and fast SCSI target with CTL and ZFS

Three years ago FreeBSD got new subsystem called CTL (CAM Target Layer), providing SCSI target device emulation at kernel level. It allowed to bring FibreChannel target support in FreeBSD to significantly new level, and later was integrated with the new iSCSI stack. This talk will describe CTL internal organization, improvements done during the last year, results and perspectives. It will include overview of modern SCSI extensions, known as VMWare VAAI and Microsoft ODX, and their CTL implementation.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
1:02:42 Berkeley System Distribution (BSD), Andrea Ross English 2015

Fighting Harassment with Open Source Tools

Have you ever wished you could actually replace a troll with a very small shell script? Maybe you can. It's time to take charge and work on solving these situations from within the open source community. The internet is full of trolls. We know that this always been the case, but in the past year, the harassment coming from some online communities has become international news. There have been death threats, SWAT attacks, threats of sexual violence, hacking attempts, and many other tactics used against those most vocal against the harassment. We're going to talk a little bit about issues regarding diversity. It's no surprise that most of the people being targeted are women, and it can be a difficult thing for many to understand precisely what this harassment looks like. I'm going to show examples of what I personally have dealt with after releasing my open source project to combat harassment. The question is often raised as to why there aren't more women in open source. To answer that, everyone needs to be aware of what a female open source developer can face. Warning: there will be some graphic language. Law enforcement doesn't have an adequate way of handling online harassment. The sites being used as a method of communication don't have an adequate way of handling online harassment. Terms of Service are created not to protect the users, but to protect the interest of the companies that wrote them. However, not all is lost. With open APIs, we can work at creating safer spaces for those being targeted. I'll discuss the initial release of ggautoblocker, the problem it solved, and the roadmap for development going forward. There are many other tools that are needed. There are many ways to contribute to helping mitigate this problem. This is a new approach to an old problem, and a lot of commercial companies are already looking at ways to sell a solution. The ability to be safe should be open to all and not come at a price.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
1:01:58 Berkeley System Distribution (BSD), Andrea Ross English 2015

mandoc: becoming the main BSD manual toolbox - BSDCan 2015 presentation

The original audio stream of my presentation at BSDCan 2015 in Ottawa (except for the first 30 seconds and the last four minutes; those two chunks failed to record in Ottawa, so i had to re-record them). The associated video stream contains the presentation slides captured off the beamer input by the conference organizers, so video and audio are in sync. Topics are the new man(1), man.conf(5), man.cgi(8); eqn(7) HTML5 and MathML output; UTF-8 improvements, afl(1) audit, -Wunsupp, pod2mdoc(1), a status summary in various operating systems, and possible future directions.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
1:06:00 Berkeley System Distribution (BSD), Andrea Ross English 2015

Protecting FreeBSD with Secure Virtual Architecture

In this talk, I will present our research on protecting FreeBSD applications and the FreeBSD kernel from attacks. I will briefly describe the KCoFI system which protects the FreeBSD kernel from control-flow hijack attacks (such as classic buffer overflow attacks) and the Virtual Ghost system which protects applications from a compromised operating system kernel. Both KCoFI and Virtual Ghost are built using the Secure Virtual Architecture (SVA) (an LLVM-based infrastructure for enforcing security policies through compiler instrumentation and hardware techniques). In this talk, I will present our work on using the Secure Virtual Architecture (SVA) to protect FreeBSD applications and the FreeBSD kernel from security attacks. SVA is an LLVM-based infrastructure that permits us to use compiler instrumentation techniques to enforce security policies on both application and kernel code. In this talk, I will briefly describe how we used SVA to implement KCoFI: a system that enforces control-flow integrity and code segment integrity on the FreeBSD kernel to protect it from control-flow hijack attacks. I will then describe how we extended KCoFI to build Virtual Ghost. Virtual Ghost protects applications from a compromised operating system kernel. I will describe how Virtual Ghost uses compiler instrumentation to prevent the FreeBSD kernel from spying on and corrupting private application data and how it prevents the kernel from maliciously modifying application control flow (while still supporting features such as signal handlers and process creation).
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
18:06 Berkeley System Distribution (BSD), Andrea Ross English 2015

Jetpack, a container runtime for FreeBSD (part 1 of 2)

Jetpack brings application containers, popularized by Docker on Linux, to FreeBSD Application containers are a new approach to virtualization, popularized in last two years by Docker - a Linux implementation that all but monopolized the market. Jetpack is an application container runtime for FreeBSD that implements the App Container Specification using jails and ZFS. I will speak about how the container paradigm is different from the existing jail management solutions, how Jetpack fits into the general landscape of container runtimes, and about Jetpack's inner workings and implementation challenges. A quick demo is not unlikely.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
1:03:26 Berkeley System Distribution (BSD), Andrea Ross English 2015

Networking with OpenBSD in a virtualized environment

Virtualized systems running on hypervisors such as bhyve, ESXi, Xen, etc are increasingly important in the datacenter. With a long history of stable regular releases, security, and networking performance OpenBSD is very well suited to take advantage of virtualization and to help improve the state of the art. This presentation will explore why OpenBSD is well suited to deploying as virtual network devices on the various hypervisors and present practical examples of using OpenBSD for production networking in a virtual system. I will discuss what tools are in base, what tools are easily installable from ports/packages, current automation and management tools, and how to use them effectively using specific real world examples from large data center networks. Will present examples and methods for using OpenBSD to build routers, firewalls, and loadbalancers running on the various hypervisors. Will talk about methods for automating deployment, configuration, and integration with existing vendors. Will also address possible future applications in switching. Will discuss how to use the tools in OpenBSD to run a better and faster network with fewer problems and how virtualization can be part of that. In addition to the above I will discuss why the OpenBSD community in particular should care about virtualization and work to improve the state of engineering there.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
1:03:08 Berkeley System Distribution (BSD), Andrea Ross English 2015

Using routing domains / routing tables in a production network

OpenBSD has supported routing domains (aka VRF-lite) since 4.6, released in 2009. In 2014, OpenBSD 5.5 gained support for IPv6 routing domains. At its most basic, routing domains are simply multiple routing tables in the same kernel. While seeming like a simple task, there are many gotchas involved in using routing domains in a production network. This talk will give a brief history, as well as some scenarios for why and how you would use routing domains, while describing several of the issues that came up during the initial deployments. Routing domains allows (for example) an airport to radically simplify their physical network configuration, saving costs and configuration overhead. A small demonstration network will be used to illustrate common and uncommon use cases.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
38:28 Berkeley System Distribution (BSD), Andrea Ross English 2015

FreeBSD for High Density Servers

To promote FreeBSD to High Performance Computing or High Density Servers under such circumstances, it is considered to be very important to share the information about how to install, how to setup, how to manage, how to patch and how to fix to work FreeBSD correctly with those machines. In this session, I am going to talk about how to install FreeBSD to MicroModularServer and how to manage and control those servers. To install FreeBSD to High Density Servers including NEC MicroModularServer or HP Moonshot, you need another skill compared to install to common PCs and rack mount servers. This kind of servers (low energy consumption, low computing power and high space efficient) are good for too many edge servers/web servers at limited rack space, for example, as an alternative system for Blade servers or many cores servers like Sun Fire T1000/T2000.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
31:00 Berkeley System Distribution (BSD), Andrea Ross English 2015

Jetpack, a container runtime for FreeBSD (part 2 of 2)

Jetpack brings application containers, popularized by Docker on Linux, to FreeBSD Application containers are a new approach to virtualization, popularized in last two years by Docker - a Linux implementation that all but monopolized the market. Jetpack is an application container runtime for FreeBSD that implements the App Container Specification using jails and ZFS. I will speak about how the container paradigm is different from the existing jail management solutions, how Jetpack fits into the general landscape of container runtimes, and about Jetpack's inner workings and implementation challenges. A quick demo is not unlikely.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
41:13 Berkeley System Distribution (BSD), Andrea Ross English 2015

Introducing OpenBSD's new httpd (part 1 of 2)

OpenBSD includes a new web server in its base system that is based on relayd and replaced nginx. OpenBSD includes a brand new web server that was started just two weeks before the 5.6 release was finished. Work is in active progress and significant improvements have been done since its initial appearance. But why do we need another web server? This talk is about the history, design and implementation of the new httpd(8). About 17 years ago, OpenBSD first imported the Apache web server into its base system. It got cleaned up and improved and patched to drop privileges and to chroot itself by default. But years of struggle with the growing codebase, upstream, and the inacceptable disaster of Apache 2 left OpenBSD with an unintended fork of the ageing Apache 1.3.29 for many years. When nginx came up, it promised a much better alternative of a popular, modern web server with a suitable BSD license and a superior design. It was patched to drop privileges and to chroot itself by default and eventually replaced Apache as OpenBSD's default web server. But history repeated itself: a growing codebase, struggle with upstream and the direction of its newly formed commercial entity created a discontent among many developers. Until one day at OpenBSD's g2k14 Hackathon in Slovenia, I experimented with relayd and turned it into a simple web server. A chain of events that were supported by Bob Beck and Theo de Raadt turned it into a serious project that eventually replaced nginx as the new default. It was quickly adopted by many users: "OpenBSD httpd" was born, a simple and secure web server for static files, FastCGI and LibreSSL-powered TLS. And, of course, "httpd is web scale".
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
09:07 Berkeley System Distribution (BSD), Andrea Ross English 2015

Introducing OpenBSD's new httpd (part 2 of 2)

OpenBSD includes a new web server in its base system that is based on relayd and replaced nginx. OpenBSD includes a brand new web server that was started just two weeks before the 5.6 release was finished. Work is in active progress and significant improvements have been done since its initial appearance. But why do we need another web server? This talk is about the history, design and implementation of the new httpd(8). About 17 years ago, OpenBSD first imported the Apache web server into its base system. It got cleaned up and improved and patched to drop privileges and to chroot itself by default. But years of struggle with the growing codebase, upstream, and the inacceptable disaster of Apache 2 left OpenBSD with an unintended fork of the ageing Apache 1.3.29 for many years. When nginx came up, it promised a much better alternative of a popular, modern web server with a suitable BSD license and a superior design. It was patched to drop privileges and to chroot itself by default and eventually replaced Apache as OpenBSD's default web server. But history repeated itself: a growing codebase, struggle with upstream and the direction of its newly formed commercial entity created a discontent among many developers. Until one day at OpenBSD's g2k14 Hackathon in Slovenia, I experimented with relayd and turned it into a simple web server. A chain of events that were supported by Bob Beck and Theo de Raadt turned it into a serious project that eventually replaced nginx as the new default. It was quickly adopted by many users: "OpenBSD httpd" was born, a simple and secure web server for static files, FastCGI and LibreSSL-powered TLS. And, of course, "httpd is web scale".
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
14:10 Berkeley System Distribution (BSD), Andrea Ross English 2015

Packaging FreeBSD base system (2 of 2)

Use pkg(8) to distribute, install and upgrade the FreeBSD base system. This talk will describe why packaging the base system, and what is/was need to be done to allow packaging the base system: - Prerequisite changes made in pkg(8) to allow handling the base particularities - Prerequisite changes made or needed in base build system to be able to create sane packages - Granularity of the packaging - Plans to satisfy most of our users: embedded who wants small packages, old timers who wants big fat packages, administrators who wants flexibility, developers who wants to be able to provides custom packages for large testings and all others. - What new possibilities/features will packaging base offer to users.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
54:39 Berkeley System Distribution (BSD), Andrea Ross English 2015

Measure Twice, Code Once

The networking subsystems of any operating system have grown in complexity as the set of protocols and features supported has grown since the birth of the Internet. Firewalls, Virtual Private Networking, and IPv6 are just a few of the features present in the FreeBSD kernel that were not even envisioned when the original BSD releases were developed over 30 years ago. Advances in networking hardware, with 10Gbps NIC cards being available for only a few hundred dollars, have far outstripped the speeds for which the kernel’s network software was originally written. As with the increasing speed of processors over the last 30 years, systems developers and integrators have always depended on the next generation of hardware to solve the current generation’s performance bottlenecks, often without resorting to any coherent form of measurement. Our paper shows developers and systems integrators at all proficiency levels how to benchmark networking systems, with specific examples drawn from our experiences with the FreeBSD kernel. Common pitfalls are called out and addressed and a set of representative tests are given. A secondary outcome of this work is a simple system for network test coordination, Conductor, which is also described.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
57:26 Berkeley System Distribution (BSD), Andrea Ross English 2015

New OpenZFS features supporting remote replication

OpenZFS send and receive forms the core of remote replication products, allowing incremental changes between snapshots to be serialized and transmitted to remote systems. In the past year, we have implemented several new features and performance enhancements to ZFS send/receive, which I will describe in this talk. This talk will cover: - Resumable ZFS send/receive, which allows send/receive to pick up where it left off after a failed receive (e.g. due to network outage or machine reboot). - ZFS receive prefetch, which is especially helpful with objects that are updated by random writes (e.g. databases or zvols/VMDKs). - ZFS send “rebase”, which can send changes between arbitrary snapshots; the incremental source is not restricted to being an ancestor of the snapshot being sent. In this talk, I will cover the impact of these changes to users of ZFS send/receive, including how to integrate them into remote replication products. I will also give an overview of how zfs send/receive works, and how these enhancements fit into the ZFS codebase.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
56:00 Berkeley System Distribution (BSD), Andrea Ross English 2015

What happens when a dwarf and a daemon start dancing by the light of the silvery moon?

The use of DWARF debug information to dynamically project the embedded extension language Lua’s global environment onto the NetBSD kernel’s internal state. Traditionally, an embedded extension language such as Lua is only provided with limited and controlled access to its host environment. That access being defined ahead-of-time by a set of hand-written or generated C bindings. In this presentation we will explore an alternative: the use of DWARF debug information and the in-kernel debugger, ddb, to provide scripts running on a Lua interpreter embedded in the NetBSD kernel with simple and unfetted access to the entire kernel state.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
44:51 Berkeley System Distribution (BSD), Andrea Ross English 2015

Unifying jail and package management for PC-BSD, FreeNAS and FreeBSD.

Historically the PC-BSD project has had easy-to-use, powerful GUI utilities for package and jail management. However, being X11/Qt applications, this made their usefulness limited only to workstations, or other systems running a graphical environment, not particularly well suited for FreeNAS or a traditional FreeBSD server. With the rise of web-browser driven system management, it was also time for PC-BSD to begin converting some of its more popular tools into web-manageable forms. Over the summer of 2014, a new project was started to re-create the AppCafe, a pkgng front-end, and the Warden, a jail manager, into web-accessible utilities for inclusion into both PC-BSD and FreeNAS. This front-end allows remote management of jails and packages on the upcoming FreeNAS 10, as well as system package management on FreeBSD and PC-BSD. This talk will provide a high-level overview of the functionality of the new AppCafe / Warden, along with technical details about the implementation for developers.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
47:40 Berkeley System Distribution (BSD), Andrea Ross English 2015

Multipath TCP for FreeBSD

Multipath TCP (MPTCP) allows multi-homed hosts to make use of multiple addresses over a single TCP connection. This talk will cover the software architecture of a FreeBSD implementation of MPTCP, as well as presenting some case studies and performance results. Multipath TCP (MPTCP) was designed as an extension to TCP, allowing a multi-homed host to utilise multiple network interfaces when transferring data. MPTCP is in the process of being standardised by the IETF as RFC 6824. Supported by funding from Cisco Systems, the Centre for Advanced Internet Architectures released several patches against FreeBSD-10 (from March 2013) to add rudimentary MPTCP capabilities and code paths. More recently, the FreeBSD Foundation provided funding to continue development of the MPTCP stack, building on the existing work. The stack has since then been re-designed and improved beyond the early experimental versions. In this talk I will provide an overview of the Multipath TCP (MPTCP) protocol before discussing the software design, features and performance of our FreeBSD MPTCP implementation. I will also present some basic performance testing, case studies and usage examples (showing how MPTCP reacts to different paths coming and going while connections stay active).
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
47:58 Berkeley System Distribution (BSD), Andrea Ross English 2015

Molecular Evolution, Genomic Analysis and FreeBSD

The Bielawski group at Dalhousie University is focused on molecular evolution, phylogenetics and genomics. At the moment, the research is entirely computational, involving model development, simulation, and analysis of real genetic data. Since 2009 we have used FreeBSD almost exclusively for our work. We use our FreeBSD-based cluster for 1) running computationally demanding models of molecular evolution and genomic analysis and 2) storage of genetic sequence data. In this talk I will introduce you to the type of work we do and describe how FreeBSD meets the challenges.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
54:16 Berkeley System Distribution (BSD), Andrea Ross English 2015

UCL for FreeBSD

Most system administrators no longer edit the majority of configuration files by hand, they use automation and configuration management tools like puppet, saltstack, ansible, and the like. Many utilities and daemons in the FreeBSD base system use their own custom configuration file format. While these various different formats are usually accompanied by man pages, they do not lend themselves to automation or programmatic editing. Space and tab delimited files make it harder to extract a specific value, and difficult to edit that value in place, whereas nested key-value pairs are easier to read, and are easily addressed using libUCLs dotted notation. To solve this, I propose teaching the various utilities and daemons in the FreeBSD base system to speak UCL – the Universal Config Language, as implemented by libucl. In addition, I propose adding two small tools to the base system to make the administration of such config files easier for humans and automated scripts.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
46:32 Berkeley System Distribution (BSD), Andrea Ross English 2015

Large-scale plug&play x86 network appliance deployment over Internet

Presenting a project for large-scale and plug&play network appliance deployment. How a lazy network administration do for building, deploying and manage thousand of network appliances all over the world ? This talk presents an example of solution combining FreeBSD, OpenVPN and Ansible for answering to this question. Starting from the initial needs of providing: multi-role network appliances: VPN Router, Wifi Access Point, Captive Portal, Firewalls, etc
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
43:43 Berkeley System Distribution (BSD), Andrea Ross English 2015

Packaging FreeBSD base system (1 of 2)

Use pkg(8) to distribute, install and upgrade the FreeBSD base system. This talk will describe why packaging the base system, and what is/was need to be done to allow packaging the base system: - Prerequisite changes made in pkg(8) to allow handling the base particularities - Prerequisite changes made or needed in base build system to be able to create sane packages - Granularity of the packaging - Plans to satisfy most of our users: embedded who wants small packages, old timers who wants big fat packages, administrators who wants flexibility, developers who wants to be able to provides custom packages for large testings and all others. - What new possibilities/features will packaging base offer to users.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
52:19 Berkeley System Distribution (BSD), Andrea Ross English 2015

PCI SR-IOV on FreeBSD

PCI Single Root I/O Virtualization (SR-IOV) is an optional part of the PCIe standard that provides hardware acceleration for the virtualization of PCIe devices. When SR-IOV is in use, a function in a PCI device (known as a Physical Function, or PF) will present multiple Virtual PCI Functions (VF) on the PCI bus. These VFs are fully independent PCI devices that can use the functionality of the PF without the overhead of synchronizing with the driver for the PF or other VFs. SR-IOV allows for great improvements in network performance in virtualized environments compared to traditional software-only network virtualization. SR-IOV is an important virtualization technology supported in a number of hypervisors. Although FreeBSD has long had support for acting as a guest OS in an SR-IOV environment, to date it has not been possible to use SR-IOV in combination with native virtualization technologies like vimage jails or bhyve. This talk will cover the new SR-IOV infrastructure added to FreeBSD PCI subsystem, which allows the use of FreeBSD as an SR-IOV host. Discussion will focus on the use of SR-IOV by system administrators, with the balance of the talk devoted to the kernel API provided to PF driver maintainers.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
54:46 Berkeley System Distribution (BSD), Andrea Ross English 2015

CheriBSD: A research fork of FreeBSD

CheriBSD is a fork of FreeBSD to support the CHERI research CPU. We have extended the kernel to provide support for CHERI memory capabilities as well as modifying applications and libraries including tcpdump, libmagic, and libz to take advantage of these capabilities for improved memory safety and compartmentalization. We have also developed custom demo applications and deployment infrastructure for our table demo platform. In this talk I will discuss the challenges facing a long running, public fork of FreeBSD. The challenges I discuss will include keeping up with current, our migration from Perforce to Git and the difficulty--and value--of upstreaming improvements. I will also cover our internal and external release process and the products we produce. CheriBSD targets a research environment, but lessons learned will apply to many environments building products or services on customized versions of FreeBSD.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
17:35 Berkeley System Distribution (BSD), Andrea Ross English 2015

An Introduction to the Implementation of ZFS (part 1 of 2)

Much has been documented about how to use ZFS, but little has been written about how it is implemented. This talk pulls back the covers to describe the design and implementation of ZFS. The content of this talk was developed by scouring through blog posts, tracking down unpublished papers, hours of reading through the quarter-million lines of code that implement ZFS, and endless email with the ZFS developers themselves. The result is a concise description of an elegant and powerful system.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
59:50 Berkeley System Distribution (BSD), Andrea Ross English 2015

CloudABI Cloud computing meets fine-grained capabilities

Cloud computing meets fine-grained capabilities CloudABI is a new runtime environment that attempts to make it easier to use UNIX-like operating systems at the core of a cloud computing platform. Instead of offering full machine virtualization (e.g., bhyve) or requiring the use of intrusive OS-level virtualization techniques (e.g., Jails), end users can simply provide a set of binaries that communicate with the operating system over a secure and compact POSIX-like interface. Advantages include ease of maintenance and increased security. Over the last couple of years, we've seen the use of Capsicum increase. It's already being used to harden services like hastd and sshd, but also in interactive tools like tcpdump. CloudABI attempts to extend the scope of Capsicum by providing a light-weight POSIX-like binary interface that is purely based on the principles of Capsicum. CloudABI can be used at the core of a cloud computing service. Instead of using full machine virtualization (Xen, bhyve, KVM) or techniques that attempt to virtualize namespaces (FreeBSD Jails, Linux cgroups), CloudABI makes it possible to safely run user-provided executables with very low CPU/memory overhead, but also without any complex system configuration. Compared to other UNIX ABIs (Linux, FreeBSD, etc), CloudABI is relatively compact. The number of system calls is low (~60) and all data types and structures have been decoupled from the public C runtime environment, meaning that it is relatively straight-forward to add support for CloudABI to other operating systems. Implementations for FreeBSD and NetBSD already exist. An implementation for the Linux kernel is being worked on. This allows users of such computing platforms to run the same executables without targeting a specific operating system. There is no need to recompile. CloudABI uses Clang as its C/C++ compiler. It ships with a modern C library that is specifically designed to work in a capabilities-centric environment. Interfaces that typically tend to break when using Capsicum on FreeBSD (e.g., locales, timezones, DNS) may still operate correctly in this environment. The C library is almost entirely thread-safe and has high testing coverage. CloudABI attempts to abstract away traditional UNIX concepts that are not applicable to pure cloud computing environments, such as UNIX process credentials management (local users and groups), file system access control management and terminal handling.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
48:44 Berkeley System Distribution (BSD), Andrea Ross English 2015

Even faster VM networking with virtual passthrough

In past years, we have shown how to achieve very high networking speeds in bare metal and VMs using the netmap framework: embarrassingly high packet rates on bare metal, comfortably good on VMs through conventional device emulation techniques. In this talk we show how to fill the speed gap between HW and VMs with a non conventional use of netmap, namely virtual passthrough. In this mode of operation, the guest VM uses directly the host's netmap port (thus saving extra data copies), while notifications are dispatched efficiently between guest and host. Thanks to this technique we can achieve communication speeds between untrusted guests in the order of 20 Mpps, and reach 50 Mpps between trusted guests across netmap pipes.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
38:46 Berkeley System Distribution (BSD), Andrea Ross English 2015

Expanding RDMA (Remote Direct Memory Access) capability over Ethernet in FreeBSD

Introducing a new way to enable high-speed data transfers over an Ethernet network with minimal CPU involvement RDMA (Remote Direct Memory Access) is growing in popularity in Linux and Windows systems as a way to transfer large amounts of data with low latency and minimal involvement from the CPU. However RDMA InfiniBand drivers in FreeBSD were not updated, requiring users to create or port their own implementation of RDMA, and RDMA over Ethernet was not available in FreeBSD. This talk will describe how RDMA works and review the new addition of RoCE (RDMA over Converged Ethernet) network drivers in FreeBSD, allowing easier implementation of rapid data transfers with low CPU utilization over Ethernet and InfiniBand. This also enables the use of iSCSI over RDMA via the iSER (iSCSI Extensions for RDMA) protocol. One of InfiniBand’s valuable capabilities is its support for RDMA (Remote Direct Memory Access) operations across a network, which enable rapid data transfer without involvement of the host CPU in the data path, and data placement to the responder memory without requiring its CPU awareness. RoCE (RDMA over Converged Ethernet) is a standard for RDMA over Ethernet. It provides true RDMA semantics for Ethernet and allows InfiniBand transport applications to work over an Ethernet network. FreeBSD is frequently used for storage purposes and RDMA capability has a high potential of improving performance in such storage applications. A good example for that is iSER (iSCSI Extensions for RDMA), a module being developed nowadays for FreeBSD, which enables the use of iSCSI over RoCE. The main idea of this talk is a short overview of RDMA – Its principles, key components and its main advantages. Additionally, it will cover the use of RoCE - implementation architecture, obstacles we overcame in the development, and a quick browse of RoCE’s different capabilities and milestones.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
43:44 Berkeley System Distribution (BSD), Andrea Ross English 2015

Extensions to FreeBSD Datacenter TCP for Incremental Deployment Support

Datacenter TCP (DCTCP) achieves low latencies for short flows while maintaining high throughputs for concurrent bulk transfers, but requires changes to both endpoints, which presents a deployment challenge. This presentation introduces extensions to DCTCP that enables one-sided deployment when peers implement standard TCP/ECN functionality. This makes DCTCP significantly easier to deploy incrementally. We also improve DCTCP in two-sided deployments by refining ECN processing and the calculation of the congestion estimate. A FreeBSD kernel implementation of these DCTCP improvements demonstrates better performance than the original DCTCP variant, and validates that incremental one-sided deployments see benefits similar to those previously only achievable in two-sided deployments.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
29:00 Berkeley System Distribution (BSD), Andrea Ross English 2015

Adventures in building open source software (part 2 of 2)

A year of tinkering with pkgsrc and others As a pkgsrc developer ensuring a tree of previously added software builds correctly across various systems / architectures and as a "developer?" taking an existing project & applying the methodologies learnt from the *BSD project developers to improve the code base. Covering two angles of one problem (software) embarked on someone who is new to it. Almost a year ago I began to revive Darwin/PowerPC support in pkgsrc to allow up to date packages be build on PowerPC based mac's, at the start it was possible to build less than 8500 packages from the tree on OS X Tiger/PowerPC, sevan.mit.edu is about to exceed 11,427 published 32bit packages for the Darwin/x86 (Figures taken from 2014Q3 bulkbuild by Joyent). This talk will some the issues which needed to be tackled & what's yet to come over the next few months to attempt to build as many of the 15000 possible packages available from pkgsrc on this architecture along with expanding the effort to building to 10 different operating systems across 5 architectures. For the programming angle, discuss my work to clear up the coova-chili code base to use the facilities the operating system provides, introduce functionality from the OpenBSD (e.g. strlcpy) and testing building across the BSD's to improve the codebase.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
34:57 Berkeley System Distribution (BSD), Andrea Ross English 2015

BSDCan 2015 Closing

  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
17:25 Berkeley System Distribution (BSD), Andrea Ross English 2015

Adventures in building open source software (part 1 of 2)

A year of tinkering with pkgsrc and others As a pkgsrc developer ensuring a tree of previously added software builds correctly across various systems / architectures and as a "developer?" taking an existing project & applying the methodologies learnt from the *BSD project developers to improve the code base. Covering two angles of one problem (software) embarked on someone who is new to it. Almost a year ago I began to revive Darwin/PowerPC support in pkgsrc to allow up to date packages be build on PowerPC based mac's, at the start it was possible to build less than 8500 packages from the tree on OS X Tiger/PowerPC, sevan.mit.edu is about to exceed 11,427 published 32bit packages for the Darwin/x86 (Figures taken from 2014Q3 bulkbuild by Joyent). This talk will some the issues which needed to be tackled & what's yet to come over the next few months to attempt to build as many of the 15000 possible packages available from pkgsrc on this architecture along with expanding the effort to building to 10 different operating systems across 5 architectures. For the programming angle, discuss my work to clear up the coova-chili code base to use the facilities the operating system provides, introduce functionality from the OpenBSD (e.g. strlcpy) and testing building across the BSD's to improve the codebase.
  • Published: 2015
  • Publisher: Berkeley System Distribution (BSD), Andrea Ross
  • Language: English
out of 4 pages
Loading...
Feedback

Timings

  253 ms - page object
  177 ms - search
    7 ms - highlighting
    1 ms - highlighting/18649
    4 ms - highlighting/18647
    3 ms - highlighting/18674
    1 ms - highlighting/18673
    1 ms - highlighting/18666
    1 ms - highlighting/18671
    4 ms - highlighting/18657
    2 ms - highlighting/18660
    1 ms - highlighting/18665
    2 ms - highlighting/18648
    5 ms - highlighting/18661
    1 ms - highlighting/18654
    4 ms - highlighting/18680
    3 ms - highlighting/18675
    3 ms - highlighting/18659
    3 ms - highlighting/18655
    3 ms - highlighting/18667
    1 ms - highlighting/18681
    1 ms - highlighting/18646
    1 ms - highlighting/18678
    2 ms - highlighting/18658
    2 ms - highlighting/18663
    4 ms - highlighting/18653
    2 ms - highlighting/18672
    2 ms - highlighting/18652
    2 ms - highlighting/18664
    2 ms - highlighting/18656
    0 ms - highlighting/18684
    3 ms - highlighting/18685
    3 ms - highlighting/18687
    3 ms - highlighting/18676
    3 ms - highlighting/18677
    1 ms - highlighting/18679
    1 ms - highlighting/18686
    1 ms - highlighting/18683
    1 ms - highlighting/18682

Version

AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)