VBSDCON 2019: VBSDCON
PROGRAM FOR SATURDAY, SEPTEMBER 7TH
Days:
previous day
all days

View: session overviewtalk overview

09:00-09:45 Session 7
Location: Main room
09:00
23 years of software side channel attacks

ABSTRACT. I will present a historical review of software side channel attacks, from Paul Kocher’s 1996 timing attacks against asymmetric cryptography to the latest microarchitectural vulnerabilities. While there have been too many attacks discovered to spend time describing every one, I will highlight attacks which were particularly novel or influential, explaining both the history of how attacks build on earlier work and some of the reasons behind the decisions which led to these attacks being possible.

No knowledge of cryptography will be assumed, but the audience may benefit from a basic understanding of CPU architecture (instructions, pipelining, caches, etc).

10:00-10:45 Session 8
Location: Main room
10:00
ELI5: ZFS Caching

ABSTRACT. Explain ZFS Caching like I am 5 years old.

An in-depth look at how caching works in ZFS, specifically the Adaptive Replacement Cache (ARC) algorithm. Assumes no prior knowledge of ZFS or operating system internals.

ZFS does not use the standard buffer cache provided by the operating system, but instead uses the more advanced "Adaptive Replacement Cache" (ARC).

- What is a cache - How most caches work (LRU) - Pros - Cons - What makes the ARC different? - Recently Used - Frequently Used - Ghost Lists - What makes the ARC Adaptive? - Access Patterns (How the ARC adjusts over time) - Compressed ARC - Advantages over compressed memory or swapcache - Tuning for... - File Server - iSCSI Target - Database - Hypervisor

11:00-11:45 Session 9
Location: Main room
11:00
By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives

ABSTRACT. The OpenZFS file system provides an unprecedented opportunity in automated testing: A powerful, common storage system available on Illumos, FreeBSD, GNU/Linux, macOS, NetBSD, Microsoft Windows, and their derivatives. This talk will explore the challenges of establishing a POSIX environment across these diverse platforms, and a meaningful and consistent test suite within the confines of that environment. Lessons learned using ten identical hardware machines will include the bootstrapping of a new platform like OpenZFS on Windows, extended performance results of FreeBSD vs. FreeBSD/ZoL, and the need for portable tools across diverse operating systems.

13:00-13:45 Session 10
Location: Main room
13:00
FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS

ABSTRACT. pfSense is the world’s most trusted open source firewalling and routing platform, providing essential features to supply your infrastructure with commercial-grade security and connectivity. Leveraging OpenBSD’s stateful packet filter “pf” (since ported to several other OS’s, including FreeBSD), pf includes the capabilities of Network Address Translation, various traffic shaping methods, and even the ability to differentiate different operating systems. pfSense maintains high flexibility as a platform providing more than just a firewall. It includes the ability to setup captive portals, three methods for VPN connectivity, high-availability and the ability to monitor all these systems in action with a great monitoring and reporting suite right from the web interface. Come learn about this fine platform that has even powered LFNW's WiFi!

FreeNAS is the world’s most popular open source storage operating system. Combining the stability of FreeBSD with the renowned integrity and performance of the OpenZFS filesystem and volume manager, it can offer great functionality and ease of management from its angular-based web UI. Sporting a plethora of different protocols to share data including iSCSI, NFS, and SMB. FreeNAS can even add more functionality using a Plugin system that leverages FreeBSD jails to safely compartmentalize services. It even supports full blown virtual machines with the bhyve hypervisor. You'll be able to run your services in these jails and VM's just like a normal FreeBSD install so you can see for yourself how FreeNAS can be the first step into the BSD ecosystem. We’ll talk about how you can put all these to work sharing data effectively to your users.

14:00-14:45 Session 11
Location: Main room
14:00
Care and Feeding of OpenBSD Porters

ABSTRACT. Everyone thinks the best way to help with OpenBSD ports, is to find something you use that hasn't been ported and create a port of it. This talk will discuss this and other misconceptions, how best to actually help OpenBSD porters with their work, and tips for how to get one's work noticed on the OpenBSD ports lists. The talk will contain examples of good submissions and counterexamples likely to get ignored (these will be made up, I will not be singling out people).

This talk comes from my experience of working in OpenBSD ports for 8 months now. My own conceptions of how to be an OpenBSD porter were the common conceptions, but I came to realize that I was largely looking at porting work the wrong way.

15:00-15:45 Session 12
Location: Main room
15:00
Road Warrior Disater Recovery: Secure, Synchronized, and Backed-up

ABSTRACT. About Me --------

I've been using OpenBSD since I first installed 3.3 and discovered how simple installation should be. I've spent most of the past 20+ years developing commercial security software. From time-to-time, however, I step out of the commercial-software space to do consulting, security auditing and building the odd (legitimate) streaming media site (http://www.theanimenetwork.com/). I specializes in secure-API design and implementation. I also have a long-running interest in systems administration, building and running mail servers, and fighting spam.

Audience --------

Any user who travels with a laptop.

Talk Background ---------------

I spent the early part of my career as a software developer writing security auditing products to help large corporation identify risks and mitigate them. This talk is a distillation of years of work encoding security practices in software. All the recommended techniques I discuss I currently use on my own systems at home and when I travel.

Talk History ------------

Revision of my BSDCan 2019 talk.

Talk Description ----------------

Whether at the office or at home, we spend a lot of time ensuring our systems are secure and backed-up, ready to recover in case of disaster. When it comes to our workstations, which are often laptops, we've often done little more than enable full-disk encryption and perhaps the odd occasional rsync for backups.

Full-disk encryption is usually adequate protection against data loss due to opportunistic theft or casual loss. 10 years ago that might have been enough. But the times have changed.

Today our laptops carry more than just our working files. They often include the entire corporate code repository, passwords and authentication keys, as well as personal files and data. Are our portable computers hardened against directed attack? Are we prepared for border-patrol agents or other state officials demanding passwords or unfettered access to our computing systems ... or online accounts?

We're also more mobile. We expect to work when we want and where. How many of us can honestly say we could recover all -- or enough -- of our computing environment from bare metal in a day, half-day, or hour to be productive ... halfway across the globe?

In this talk we'll look at the risks to the vast amounts of data we so casually carry around. We'll review strategies and techniques to reduce or mitigate those risks, as well as prepare our systems for easier recovery, at rest or on the go.

Specifically, we'll look at:

- Risks - Encryption - Machine physical security - Data synchronization options - On-the-go backup solutions - On-the-go recovery - Preparing to cross international borders