VBSDCON 2019: VBSDCON
PROGRAM FOR FRIDAY, SEPTEMBER 6TH
Days:
previous day
next day
all days

View: session overviewtalk overview

09:00-09:45 Session 1
Location: Main room
09:00
DNS over HTTPS

ABSTRACT. i'd like to keep it somewhat flexible, as i am for the lillehammer meeting. it'll be related to dns and security, likely oriented toward DoH, but with specifics that i either don't know yet or don't want to pre-announce.

10:00-10:45 Session 2A
Location: Main room
10:00
In-Kernel TLS Framing and Encryption for FreeBSD

ABSTRACT. The sendfile(2) system call provides an efficient, zero-copy mechanism for transferring large amounts of static content to remote clients over a network socket. It is particularly well suited to fulfilling replies to FTP and HTTP requests. When encryption is added to HTTP via TLS, this efficiency is lost in current FreeBSD systems. For several years, Netflix has worked on a long-running project to enable the efficiency and performance of sendfile(2) when using TLS for HTTP. This talk will describe the motivation for performing TLS framing and encryption in the kernel and describe the current implementation. It will also provide a brief history of how the implementation has evolved over time to support TLS offload in network interface cards.

10:00-15:00 Session 2B
10:00
Learning to (Open)BSD through its porting system: an attendee-driven educational session

ABSTRACT. This is not an abstract in the traditional sense, so if you end up accepting this, you probably don't want to publish this as-is.

One of the really nice things about vBSDcon since its inception has been its experimental nature. I'm proposing here an educational session of learning to (Open)BSD through its porting system. This would be a combination of the new to BSD session run at BSDCan with some hands-on programming work.

To be clear: I don't want a talk spot. It wouldn't make much sense beyond some really novel new form of performance art to have me up there discussing how to understand OpenBSD from a developer's standpoint and writing some ports for an hour. But neither is this a workshop in the spirit of the workshops at BSDCan. Instead, this is an attendee-driven educational session, running parallel to a morning (or afternoon, your choice) set of talks. This might be particularly beneficial if, for example, one day of talks is particularly FreeBSD heavy and there are a number of OpenBSD-interested attendees. It would also be particularly good for newbies who might be more interested in a "how do I use this thing?" from a higher-level approach rather than the nitty-gritty of any particular subsystem.

Topics likely to be covered: * Learn *BSD lingo * Some history * How to set up a (Open)BSD system from the perspective of an (average) user (think: a nice X desktop) * History of ports and packages (broad-based *BSD survey) * An overview of writing your own (Open)BSD port

What I want is a spare room with a projector. If you think attendance will be sufficient and varied enough, this would be good alternative programming for our programming-minded attendees.

Come chat with me if you have any questions. I know each and every one of you (sans Ryan... sorry! We'll have to meet up at the con and correct that) so don't hesitate to reach out to me if you have any thoughts or questions or concerns.

11:00-11:45 Session 3
Location: Main room
11:00
Transitioning from FreeNAS to FreeBSD

ABSTRACT. The ways many users discover and adopt FreeBSD has seen some changes recently; my story is one of beginning as a novice FreeNAS user, progressing to become a well-known FreeNAS power user, and then ultimately transforming into a FreeBSD user. This highway, however, has a few tolls. In this presentation, we explore some of the social and technical details of my transformation, with particular attention to the interesting challenges and learning opportunities along the way. There will be more coming after me as FreeNAS begins to speak more and more to its functionality as a user appliance, and less as a veneer over FreeBSD. While the subject of the talk is certainly applicable to those many users considering the same transition, perhaps more importantly it demonstrates how our recruitment ecosystem may scarcely resemble its former self.

13:00-13:45 Session 4
Location: Main room
13:00
State of the Hardened Union

ABSTRACT. With FreeBSD renewing its focus on security, NetBSD's enabling of its PaX ASLR and NOEXEC implementations by default, OpenBSD's continued striving for code correctness and strangely attractive APIs, DragonFlyBSD's recent adoption of SMAP and SMEP, HardenedBSD's continued advancements in the adoption of Control-Flow Integrity (CFI) and SafeStack, it has never been a better time to work in information security within the BSDs.

This presentation dives into the intricacies of various exploit mitigations, their use cases, their weaknesses, the status of their adoption within each of the BSDs, and where we need to be in the future.

The goal of security is to raise the economic cost of successful exploitation. We will discuss in detail the different exploit mitigations, how they work, when and where each mitigation succeeds and fails, and the history behind each mitigation. Each mitigation can be implemented differently and care will be taken to discuss each difference within the BSDs, Linux, and Windows.

The BSDs are making great strides implementing innovative and unique solutions that protect us from monocultures. Diversity, even within the BSDs, provides users with different tools for solving difficult problems.

The BSDs, however, are at a point where collaboration regarding security vulnerabilities is critical in order to provide protection to an ever-wider audience. Though individual projects may disagree on the merits of certain technical implementations, diversity of thought throughout the vulnerability reporting lifecycle will ensure that the solutions resolving the vulnerability are robust, scalable, and don't introduce new issues. Increased collaboration, rather than "ad-hominem attacks as keynotes" will guarantee the strongest innovations in security going forward. Let's piss off the bad guys together!

14:00-14:45 Session 5
Location: Main room
14:00
Replacing an Oracle Server with FreeBSD, OpenZFS, and PostgreSQL

ABSTRACT. In this talk, we will present how we replaced a Windows-based Oracle server that has been used in the CS department of the University of Applied Sciences, Darmstadt in the database education of our undergraduate students with FreeBSD 12.0, OpenZFS, and PostgreSQL 10.

We will briefly explain the use of the server in our database labs and what the pain points were (costs, usability, missing features, etc) in the past. We will then outline how we built our new solution, addressing these pain points. FreeBSD plays a central role in this solution not only as the base operating system, but also as the system providing students with a self service to register themselves with the database and create accounts. This avoids creation of a massive number of dummy accounts at the beginning of the semester, which was done with the Oracle server. With the new solution, students can use their own university account provided by LDAP. Everything is nicely hooked together with a couple of scripts and open source software. If we would have built this solution with Oracle, we would have to get additional licenses simply to connect to our LDAP server. With OpenZFS, we have a quick and easy way to reset a working lab configuration after the semester to a clean state. Additionally, we benefit from dataset compression and some specific tuning of the PostgreSQL database for ZFS. This will be outlined in the talk by providing the relevant configuration settings and datasets, as well as some ARC stats. We achieved good compression rates on the database (1/3rd the original size) and logs (nearly 12 times), something we would not have gotten for free from any other filesystem. FreeBSD provided us with the necessary tooling to set up the system fairly easy and cost-effective, which is an important factor in academia in times of short budgets. The open source nature of the operating system and database allows new approaches in our academic education in the field of databases which where not available to us before. For example, DTrace probes can now be used to show the path of a transaction through the database to the disk. The solution we've built has been used for two semesters (one year) now with great success. We will present some future work and learnings from the two semesters at the end of our talk. Sysadmins will get an insight from our talk into how systems in academia are managed. The solution we've built can be adopted in other academic institutions and companies dealing with similar issues.

15:00-15:45 Session 6
Location: Main room
15:00
Twenty Years in Jail: FreeBSD Jails, Then and Now

ABSTRACT. Jails started as a limited virtualization system, but over the decades they've become more and more powerful. This talk takes you through what modern jails can do, discarding the limits of what they were and demonstrating what they can be today.

We'll cover jails using the base system specifically:

jails as VMs configuring the jail host properties and parameters jail management packages and upgrades base jails virtual networking with VNET firewalls in jails jails in jails resource restrictions

You'll leave with an understanding of what modern jails can and cannot do, and hints for future development.

Based on the book "FreeBSD Mastery: Jails"