previous day
all days

View: session overviewtalk overview

08:00-08:45 Breakfast
Location: Grand Ballroom E-G
09:00-09:45 Session 7
Location: Main room
23 years of software side channel attacks

ABSTRACT. I will present a historical review of software side channel attacks, from Paul Kocher’s 1996 timing attacks against asymmetric cryptography to the latest microarchitectural vulnerabilities. While there have been too many attacks discovered to spend time describing every one, I will highlight attacks which were particularly novel or influential, explaining both the history of how attacks build on earlier work and some of the reasons behind the decisions which led to these attacks being possible.

No knowledge of cryptography will be assumed, but the audience may benefit from a basic understanding of CPU architecture (instructions, pipelining, caches, etc).

10:00-10:45 Session 8
Location: Main room
ELI5: ZFS Caching

ABSTRACT. Explain ZFS Caching like I am 5 years old.

An in-depth look at how caching works in ZFS, specifically the Adaptive Replacement Cache (ARC) algorithm. Assumes no prior knowledge of ZFS or operating system internals.

ZFS does not use the standard buffer cache provided by the operating system, but instead uses the more advanced "Adaptive Replacement Cache" (ARC).

- What is a cache - How most caches work (LRU) - Pros - Cons - What makes the ARC different? - Recently Used - Frequently Used - Ghost Lists - What makes the ARC Adaptive? - Access Patterns (How the ARC adjusts over time) - Compressed ARC - Advantages over compressed memory or swapcache - Tuning for... - File Server - iSCSI Target - Database - Hypervisor

11:00-11:45 Session 9
Location: Main room
By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives

ABSTRACT. The OpenZFS file system provides an unprecedented opportunity in automated testing: A powerful, common storage system available on Illumos, FreeBSD, GNU/Linux, macOS, NetBSD, Microsoft Windows, and their derivatives. This talk will explore the challenges of establishing a POSIX environment across these diverse platforms, and a meaningful and consistent test suite within the confines of that environment. Lessons learned using ten identical hardware machines will include the bootstrapping of a new platform like OpenZFS on Windows, extended performance results of FreeBSD vs. FreeBSD/ZoL, and the need for portable tools across diverse operating systems.

13:00-13:45 Session 10
Location: Main room
FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS

ABSTRACT. pfSense is the world’s most trusted open source firewalling and routing platform, providing essential features to supply your infrastructure with commercial-grade security and connectivity. Leveraging OpenBSD’s stateful packet filter “pf” (since ported to several other OS’s, including FreeBSD), pf includes the capabilities of Network Address Translation, various traffic shaping methods, and even the ability to differentiate different operating systems. pfSense maintains high flexibility as a platform providing more than just a firewall. It includes the ability to setup captive portals, three methods for VPN connectivity, high-availability and the ability to monitor all these systems in action with a great monitoring and reporting suite right from the web interface. Come learn about this fine platform that has even powered LFNW's WiFi!

FreeNAS is the world’s most popular open source storage operating system. Combining the stability of FreeBSD with the renowned integrity and performance of the OpenZFS filesystem and volume manager, it can offer great functionality and ease of management from its angular-based web UI. Sporting a plethora of different protocols to share data including iSCSI, NFS, and SMB. FreeNAS can even add more functionality using a Plugin system that leverages FreeBSD jails to safely compartmentalize services. It even supports full blown virtual machines with the bhyve hypervisor. You'll be able to run your services in these jails and VM's just like a normal FreeBSD install so you can see for yourself how FreeNAS can be the first step into the BSD ecosystem. We’ll talk about how you can put all these to work sharing data effectively to your users.

14:00-14:45 Session 11
Location: Main room
Care and Feeding of OpenBSD Porters

ABSTRACT. Everyone thinks the best way to help with OpenBSD ports, is to find something you use that hasn't been ported and create a port of it. This talk will discuss this and other misconceptions, how best to actually help OpenBSD porters with their work, and tips for how to get one's work noticed on the OpenBSD ports lists. The talk will contain examples of good submissions and counterexamples likely to get ignored (these will be made up, I will not be singling out people).

This talk comes from my experience of working in OpenBSD ports for 8 months now. My own conceptions of how to be an OpenBSD porter were the common conceptions, but I came to realize that I was largely looking at porting work the wrong way.

15:00-15:45 Session 12
Location: Main room
Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up

Whether at the office or at home, we spend a lot of time ensuring our systems are secure and backed-up, ready to recover in case of disaster. When it comes to our workstations, which are often laptops, we've often done little more than enable full-disk encryption and perhaps the odd occasional rsync for backups.

Full-disk encryption is usually adequate protection against data loss due to opportunistic theft or casual loss. 10 years ago that might have been enough. But the times have changed.

Today our laptops carry more than just our working files. They often include the entire corporate code repository, passwords and authentication keys, as well as personal files and data. Are our portable computers hardened against directed attack? Are we prepared for border-patrol agents or other state officials demanding passwords or unfettered access to our computing systems ... or online accounts?

We're also more mobile. We expect to work when we want and where. How many of us can honestly say we could recover all -- or enough -- of our computing environment from bare metal in a day, half-day, or hour to be productive ... halfway across the globe?

In this talk we'll look at the risks to the vast amounts of data we so casually carry around. We'll review strategies and techniques to reduce or mitigate those risks, as well as prepare our systems for easier recovery, at rest or on the go.

Specifically, we'll look at:

  • Risks
  • Encryption
  • Machine physical security
  • Data synchronization options
  • On-the-go backup solutions
  • On-the-go recovery
  • Preparing to cross international borders
18:00-21:00 Evening Social event
Location: Grand Ballroom E-G

Join us in the man ballroom for an evening of food and drink.