BSDCan 2013 sounds to have been a great success again this year, thanks to the organisers, speakers and attendees (e.g. Rick Miller, Warren Block, Renato Botelho and Ivan Voras).

If you were able to attend, it would be nice to hear in the comments below what you enjoyed most and which presentation you particularly enjoyed interested in.

If you were not able to attend, you can now watch the recorded presentations thanks to Scale Engine. (The video descriptions have been taken from the BSDCan 2013 Schedules).

An Overview of Security in the FreeBSD Kernel

The FreeBSD security model has been developed over thirty years of evolving consumer needs. Many of the key developments have come from the contributions of an active security research community.

This talk describes the underlying model and its practical implementation, from its origins in the UNIX process model and file permissions, to more recent additions: the Capsicum capability model, lightweight Jail virtualization, Mandatory Access Control, and security event auditing. These elements combine to meet the requirements of diverse systems ranging across hand-held computing devices, network devices, storage appliances, and Internet service-provider’s large-scale hosting environments.

PDF – Video


Automating the deployment of FreeBSD & PC-BSD systems
System deployment using PXE and pc-sysinstall

In PC-BSD 9.x every installation is fully-scripted, due to the the pc-sysinstall backend.

This backend can also be used to quickly automate the deployment of FreeBSD servers and PC-BSD desktops using a PXE boot environment. In PC-BSD & TrueOS™ 9.1 and higher. This functionality is easy to setup and deploy using the “pc-thinclient” utility. This utility handles the initial setup of PXE on the host system, and provides a framework to manage client installation configurations.

PDF – Video


Multipath TCP for FreeBSD
An overview of the protocol, stack architecture & performance analysis

Come with me on a journey to learn about the Multipath TCP (MPTCP) protocol and the first publicly released FreeBSD implementation. This talk will examine MPTCP’s ‘wire’ characteristics, the architecture of the modified FreeBSD TCP stack, observations from the development process and results of both performance analysis and empirical research conducted using the stack.

PDF – Video


Benchmarking FreeBSD
Benchmarking – what not to do and how to avoid it if possible

System optimization and tuning is tricky business. Benchmarking such systems is even more complicated as the number of things which can go wrong at doubles at the least. FreeBSD is best known for its killer features, but it also includes over 2500 sysctls, most of which can be tuned to do something interesting. This talk aims to give an overview of some of the more interesting things which can be tuned in FreeBSD, and advice on how to avoid the most common errors in benchmarking FreeBSD.

Tuning a system heavily depends on hardware present in the system, so all tuning advice will necessary contain system-specific parts, but overall there is much to discuss when talking about optimizing specific systems: networking, storage, file systems, even the CPU scheduler. Networking is still very much dependant on the quality of the NIC and its driver, but large parts of the systems such as ZFS are pure software and can benefit from tweaks and tuning which slightly alter the behaviour of algorithms. Things get very complicated when comparing different hardware configurations, and even more when comparing different operating systems. Doing a good benchmark of two unrelated operating systems is tricky because it requires similar tune-ups to both systems.

This talk will try to explain where the pitfalls are, and also present some field results.

PDF – Video


FreeBSD, Capsicum, GELI and ZFS as key components of a security appliance

I use to talk at various BSD conferences about projects I was/am working on (GEOM, GELI, ZFS, Capsicum, HAST, auditdistd and others). This time I’d like to talk about the meeting point of reality and some of those technologies: a security appliance I was working on for the last year.

The talk will demonstrate practical use of various technologies available in FreeBSD (Capsicum, GELI, ZFS and others). The appliance needs to process and store very sensitive data at high speeds, so strong sandboxing provided by Capsicum and strong encryption provided by GELI were a must. The talk will also provide practical hints how to build and manage appliance, eg. how to create installation image with all dependencies from source, how to implement secure and reliable upgrades with an option to downgrade, how to monitor health of hardware components and how to cluster multiple nodes together.

PDF – Video


Lightning fast networking in your virtual machine

High speed network communication is challenging on bare metal, and even more so in virtual machines. There we have to deal with expensive I/O instruction emulation, format manipulation, and handing off data through multiple threads, device drivers and virtual switches.

Common solutions to the problem rely on hardware support (such as PCI passthrough) to make portions of the NIC directly accessible to the guest operating system, or specialized drivers (virtio-net, vmxnet, xenfront) built around a device model that is easier to emulate.

These solutions can reach 10 Gbit/s and higher speeds (with suitably large frames), one order of magnitude faster than emulated conventional NICs (e.g. Intel e1000).



Runtime Process Infection

This presentation will instruct participants on how to inject arbitrary code into a process during runtime.

Writing malware on Linux isn’t an easy task. Anonymously injecting shared objects has been a frightful task that no one has publicly implemented. This presentation will show how and why malware authors can inject shared objects anonymously in 32bit and 64bit linux and 64bit FreeBSD. The presenter will be releasing a new version of a tool called libhijack. libhijack aims to make injection of arbitrary code and shared objects extremely easy. There will be a live demo injecting a root shell backdoor into multiple programs during runtime.

Video part 1Part 2


FreeBSD Birth to Death
Managing the Lifecycle of a FreeBSD Server

In todays IT workplace, managing and tracking servers is becoming more and more important. Many Sys Admins are responsible to not only their Boss, but to the users that want the system to run their apps and the CFO who wants to be able to depreciate them properly. We will talk about effective ways to track and manage the servers to keep everyone happy.

Cover best practices with tracking and building the server including – Asset tracking – Scripted Install over PXE – Serial Console for out of band management – Package management/updating with Poudriere and pkgng – Including custom nob tuning – Configuration management using tools like – Puppet – Chef – CFEngine – Server patching with FreeBSD-Update and failover with CARP – Server retirement, i.e. Data destruction and Asset depreciation



Serving data and video solely using BSD

Running an ISP can be a tedious task of putting different pieces of boxed hardware together to make the network work, but can also be a fun and entertaining work of research on the right solution to accommodate your customer’s needs. The market is full of vendors, big and small, ready to sell you a pre-packaged solution for your (supposed) needs, but what if you’d like to use BSD to serve your customers ?

This talk will show how we are running a full ISP on solutions brought out using facilities and software easily built on top of BSD systems, and will delve into the challenges we have faced in the set up of the distributed architecture, with POPs in different european countries. Along with this, we are carrying out an analysis and comparison of costs and features between commercial and open source solutions, characterizing the decisions we made and the results we carried out.

As an ISP, we not only offer access service, but we also deliver streaming services through a distributed CDN, also built on top of BSD. This will be a chance to delve into the different pieces of software used for encoding, distributing and streaming videos over the BSDs, and the technologies we used to interact with the underlying network.

While being a non highly technical talk, the goal is to show the audience that using BSD in an ISP and content distributor environment is perfectly possible and will deliver the same quality of service of the packaged solutions, yet keeping your costs under control and allowing you a high degree of customization. This will be carried on showing – as already stated – a real world example of our project running solely with the power of BSD.



Managing FreeBSD at scale
Reclaiming Control of Large Infrastructure Deployment with Puppet

Detailed discussion of ScaleEngine’s production implementation of puppet on FreeBSD to manage many heterogeneous servers across the globe, with 70+ servers at 26 data centres in 10 countries deployed in a number of different roles (Web Hosting Cluster, HTTP Accelerator, HTTP CDN, Live Video, On-Demand Video, GSLB DNS) our needs cover a large swath of the capabilities of any management system.

PDF – Video


The future of wireless networking – mobile, gigabit and beyond

This presentation will cover the current state of wireless technologies in BSD (at least focusing on 802.11 and Bluetooth) and how well (or not) each is implemented and supported by the various BSDs. This includes the classic operating modes (hostap and station modes) as well as newer developments (TDMA, 802.11s, P2P/TLDS, Bluetooth/802.11 PHY sharing.) It will then cover upcoming technologies – 802.11ac, 802.11ad, hybrid operating modes, aggressive mobile power saving technologies – with the technical, architectural and structural changes required to make these technologies a reality.


The cluster refit

A way to do project infrastructure, and a way not to; or the cluster before and now.

The FreeBSD project is rather old and as such has had the infrastructure for running the project, such as CVS, Mail, and web servers, for a long time. The basic setup had been the same for more or less 10 years with the result that it was very complicated, had many inter-dependencies and of course no documentation on how it was set up. Security wise the old setup was out of date with current practices.

In 2012 we had to move from one datacenter to another, and in the process it was decided to redo the setup more or less from scratch with the goals of making the setup simpler, more robust, segregated, secure and basically something which didn’t cause the administration team to lose sleep over.

The presentation will, for historic reference, present the old setup as an example of how not to have a cluster set up in 2012, and how we decided to set up the new one to meet our goals. The design of the new setup with heavy partitioning of network and hosts, using of FreeBSD for everything where possible including routers running FreeBSD 10-CURRENT.

PDF – Video


Modern package management
Building, deploying, installing, upgrading packages on FreeBSD

State of the different way of managing binaries packages for FreeBSD from building to installing/upgrading your servers/jails

This talk will provide an overview of how to do modern package management with FreeBSD. From building farms, QA Validation, hosting and deployemnt, new features of pkg(8) 1.1. New way of deploying FreeBSD: packaged base bootstrapped via pkg(8). New way of deploying/managing FreeBSD jails: packaged world, bootstrapped/installed via pkg(8)



FreeBSD based Japanese Enterprise System and Tukubai Method
Unicage software development method and scalable FreeBSD based Big data appliance

Unicage software development method “Tukubai” is a comprehensive development framework for the enterprise systems (sales accounting system, payroll accounting system, corporate system, CRM system, merchandising system, enterprise system self-manufacture etc) including from development philosophy to development method, tools, coding, documentation and its business model.

PDF – Video


Hands-on bhyve, the BSD Hypervisor

Now that bhyve, the BSD Hypervisor has been imported into the FreeBSD 10-CURRENT development mainline, users and developers can easily begin testing this exciting technology that promises to have the same impact on FreeBSD that jails made in 2000. This talk will take you through the history, architecture and features of bhyve and demonstrate its capabilities.



Subclassing in Newbus
realizing newbus’ potential

A brief tutorial for the subclassing part of the FreeBSD configuration system (known for years as newbus). The author will present work bringing this power to legacy portions of the system, as well as suggestions for future work in this fruitful area.

This lecture will present a background of the FreeBSD driver system. The subclassing part of this system is radically under-documented. A companion document for this lecture will amplify the current documentation and provide additional examples to illustrate the power of the subclassing system. The lecture will then shift to reviewing the work the author has done to use these techniques to help map items in the kernel device tree to device nodes in the devfs tree.

PDF – Video


Tales from the North
System Administration of a Geographically Disperse Network

Over five years ago I joined a Northern Internet Service Provider (ISP) in Yellowknife, NWT, Canada providing high-speed internet, email, website hosting, and other specialized network services to approximately 50 communities located within the Northwest Territories and Nunavut. Our satellite headend was located in Ottawa.

PDF – Video