===== 1100 Eirik Øverby: FreeBSD in the land of corporate lemurs (or lemmings?) Why we're using OSS You've all heard this before, about the open source economy, the freedoms, the right and ability to inspect, the communities. Perhaps our perspective can help others understand why we've made the choices we have, and why we thrive as a result. What do we do with FreeBSD, MySQL, nginx and all of their friends? We achieve things with the software we use that others spend a lot of money and need a lot more people to do: We have a MySQL farm in the 100TB+ class, have a lot of traffic on our application servers, we run all our infrastructure ourselves and on FreeBSD, we deal with massive DDoS attacks and we pass security audits that make grown persons cry. How do we do these things? (This is where I need input to decide what to cover) Why we use jails, which problems they solve, and how we do it 100TB+ on MySQL? Are you kidding me? What it takes to handle a bespoke DDoS attack (yes, we have some help) And most importantly: how we work with the community! The big thank you None of this would be possible without the incredible community we have become dependent on - and a proud part of. Oh and then there was this one time .... ...when we discovered a packet-delaying scheduling issue in the kernel (where we would never have connected the dots without community help) ...or this other time when packets disappeared between interfaces and we couldn't find them again (this is an event-in-progress; outcome not yet known) Eirik Øverby: Model '77, Slackware-gone-BSD in the early 00s, escaped the dying world of OS/2 to be doomed to death by Netcraft for another decade. Now managing jailed (but not dead!) systems for a living and as a hobby. Mid-life crisis topic: Retro PCs. ~ love over gold ~ ===== 1100 Alexander Bluhm: OpenBSD Attack Mitigations The environment for userland application in OpenBSD tries to be an unpleasant place for attackers. Most of the binary exploitation mitigation are listed on http://www.openbsd.org/innovations.html . This talk will give a deeper insight in a bunch of them. What kind of attacks should they stop and how do mitigations work together? These OpenBSD features were not written all at once, they evolved during the past 20 years. What was necessary to implement them, and what had to be done that modern POSIX compatible software runs fine on OpenBSD? You have to hit the small line between things that 3rd party software expects, and the ABI allows to do. There was a lot of pain for the ports maintainers to fix the fallout. Alexander Bluhm: Alexander Bluhm is an OpenBSD developer since 2007. His main area of work is the network stack. In the recent years focus was on multi processor performance. He is employed at genua, a German firewall manufacturer, who is using OpenBSD an a secure and stable base for its products. Other areas of interest are the errata process, testing, maintaining Perl ports, and fixing all kinds of bugs. ===== 1100 Vinícius Zavam: (auto)Installing BSD Systems: Cases using pfSense, TrueNAS, and more This is a follow up conversation after we paid a visit to our first chat in EuroBSDCon 2021 [https://youtube.com/watch?v=7F3UwfNB2JA]. The main goal of this work, as the title briefly describes it, is to try showing how we can manage to (auto)install pfSense and TrueNAS. Let's try to get ourselves again out of a comfort zone and open our minds to a wider horizon of ‘BSD Powered’ solutions; of cource that doesn't mean we will be sitting away from cultures/practices/technologies we feel safe relying on. By the end of this talk we shall have a draft to start kicking off the setup for an infrastructure to get things done. Courtesy shots for the table? Quick wrap up with things we mentioned so far to build an "encrypted-cage" environment one could unlock remotely. Vinícius Zavam: FreeBSD ports committer, TorBSD Diversity Project (TDP) proud contributor and Core Team member of the Tor Project. https://keybase.io/egypcio ===== 1200 Christos Margiolis: Arbitrary Instruction Tracing with DTrace "kinst" is a new DTrace provider co-authored by Christos Margiolis and Mark Johnston for the FreeBSD operating system, that allows for arbitrary instruction tracing in the kernel. Inspired by the FBT provider, kinst extends its functionality to be able to trace not just the entry and return points of a function, but any instruction in it. This mechanism is useful for more fine-grained tracing, as well as tracing inline functions, a feature lacking from FBT. The talk will cover the high-level ideas behind kinst's implementation, that is, the mechanisms used to instrument arbitrary kernel instructions, the obstacles of architecture-dependent code parts, and how inline function tracing works. It will also include examples of how kinst is used, as well as when it's useful. Christos Margiolis: Christos is a FreeBSD committer from Athens, Greece. He has been active in The FreeBSD Project since 2021 and has worked twice as a Google Summer of Code student, as well as an independent contractor. His main work so far revolves around DTrace. ===== 1200 Klemens Nanni: The OpenBSD installer The code guiding users through their initial installation of OpenBSD presents itself as a unified interface across all supported platforms and boot methods. Also responsible for upgrades between development snapshots and proper releases, its goal is to provide an as effortless, streamlined and reliable user experience as possible, with sane defaults for the majority of use cases. Tight integration into the build infrastructure, coordination with firmware, bootloaders and kernel features, but also help from a running system are crucial parts in this delecate machinary known as "the installer". To keep up with new hardware, OpenBSD's design and features and common usage patterns, more seemingly innocuous aspects must be considered. This talk shows what "the installer" is made of, explains how it works and demonstrates how recent efforts to improve it can look like. Klemens Nanni: Freelancer OpenBSD user/developer since 2015/2018 ===== 1200 Jeroen Janssen: Defending the democracy using BSD For the past decade, I have been helping organisations to design and implement secure infrastructure using OpenBSD and HardenedBSD. This gave me the unique opportunity to help defend the democracy, as political parties are among those organisations. In this lightweight talk I go over what I have done and the lessons learned. Both the good and the less fortunate ones. Jeroen Janssen: The guy whom wears Puffy on his arm Unix system administrator during the day, hacker by night. Dutch nationality, mid-30s, addicted to coffee and philosophy. I (deeply) value ethics, human rights and respect. ===== 1400 Marshall Kirk McKusick: Gunion: a new GEOM utility in the FreeBSD Kernel This talk describes the gunion(8) utility that was added to the FreeBSD kernel in February 2022. The talk starts with an introduction to the FreeBSD GEOM kernel layer describing its location and function. The talk then describes how gunion(8) tracks changes to a read-only disk using a writable disk. The talk concludes with examples of problems for which gunion(8) can be effectively used. Marshall Kirk McKusick: Dr. Marshall Kirk McKusick's work with Unix and BSD development spans over forty years. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the University of California at Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past forty years. ===== 1400 Joel Carnat: Using OpenBSD relayd(8) as an application layer gateway OpenBSD relayd(8) provides various network relaying features. This talk would concentrate on using relayd(8) as a reverse-proxy for Web applications AKA layer 7 forwarding service. Architecture and configuration examples will address and illustrate use-cases such as: - acting as a TLS end-point. - publishing a simple web server. - providing fail-over and load-balancing. - distribute virtual-host traffic using tags. - filtering access based on HTTP headers and URL pattern. - overwrite / append HTTP headers from / to the back-end server. + remove headers from chatterbox server. + add headers so that back-end server behaves properly. + add headers to improve HTTPS security from the client POV. Configuration examples may be based on proxifying httpd(8), nextcloud, baikal, Synology DSM, GoToSocial and/or Searx. Joel Carnat: I'm a French. I work as an Technical Architect contractor. I've been using OpenBSD for several years ; as a user (I'm not dev). I've send bug reports and patches from time to time to the OpenBSD mailing-lists. I have a blog since early 2000-2010s were I write down things I do with FOSS mostly at home. I self-host as much as possible. ===== 1400 Albert Dengg: Building reproducible system setups with FreeBSD and ansible Ansible is a relatively simple toolkit for system automation and configuration management/provisioning. In combination with FreeBSD it can be used to build a reproducible setup for your systems in line with buzzwords like "Infrastructure as Code". Regardless if you need a large number of systems managed or if you just need to be able to reproduce your setups, ansible can help you and has a compAnsible is a relatively simple toolkit for system automation and configuration management/provisioning. In combination with FreeBSD it can be used to build a reproducible setup for your systems in line with buzzwords like "Infrastructure as Code". Regardless if you need a large number of systems managed or if you just need to be able to reproduce your setups, ansible can help you and has a comparativly low entry hurdle while still allowing more complex actions. This session will show the challenges of writing idempotent, reproducible playbooks that can be used to create systems that behave the same way as well as to check if the system is in the state you expect it to be in a lab environment and will assume at least basic knowledge of ansible. Albert Dengg: I'm currently working mostly as a sysadmin running a variety of systems and infrastructure, both in my professional role as running infrastructure for NGOs in my free time. My first UNIX system was some weird linux distriution when i was still in school back in 1997 and since then have used some free UNIX version almost all the time both privately and when building systems and infrastructure professionally. ===== 1500 Michael Dexter: The FreeBSD Appliance The FreeBSD Operating System has traditionally been viewed as both a complete server and desktop solution, and a collection of core components for commercial appliance development. It has benefited from decades of academic, volunteer, and vendor contribution of core components including its TCP/IP stack, multiple packet filters, Jail containers, the CAM/CTL storage infrastructure, VNET and Netgraph virtual network stacks, the OpenZFS file system and volume manager, and the bhyve hypervisor, all within a unified source tree and build environment. Many of these components have enabled high-profile storage and networking product ecosystems but less-obvious developments are occurring: FreeBSD is experiencing extensive refinement in addition to major feature development, making for an unprecedented "out of the box" user experience. The FreeBSD 14.0 Release will include subtle but powerful features including: nullfs file mounts Jailed NFSd CTL/virtio-scsi support Extensive build option support makefs -t zfs Reproducible Builds Growing nvlist support Emerging Packaged Base This talk will describe the new abilities enabled by these small and seemingly-unrelated features, and their ability to reduce the need for highly-customized FreeBSD appliance distributions. It will also describe strategies for following the "CURRENT" development branch of FreeBSD without becoming a full-time release engineer. Finally, it will outline how contemporary FreeBSD provides a meaningful storage and virtualization platform with minimal supplementary utilities. This talk is be the third installment of several exploring the different aspects of the accompanying research paper. Michael Dexter: Michael has used Unix systems since just prior to the announcement of the Linux kernel and collapse of the Soviet Union. He has helped raise money for various BSD development efforts and usher the bhyve hypervisor into the FreeBSD operating system. Michael lives in Portland, Oregon where he provides commercial OpenZFS and FreeNAS support, hosts the Portland Linux/Unix Group, and lives with his wife and three children. ===== 1500 Ibsen S. Ripsbusker: Infrastructure orchestration for an old crank I want my life to be easy, so I use software that just works, such as BSDs. But I also want to use lots of bad software (software that I write, in particular), and I want to protect myself from accidents in that software, while still making my life easy. I thus have a network of several computers and a system for declaratively installing software in sandboxes and configuring dependencies such as databases. I have about 20 hosts that I mostly treat as special purpose appliances, with about 100 users for privilege separation, and I configure them such that I can pretend that they are one user running on one OpenBSD computer. I can make many cool features by foregoing many boring features. I design specifically for my preferences, so I have special features for configuration of ports dependencies, PostgreSQL databases, Python dependencies, and csh, for example. I don't really support video games, videotelephony, proprietary software, and modern websites, since I don't really care for them. I mostly use real hosts, not virtual machines, so that I can use many quiet, low-power industrial computers and run them in my office; so I don't need to use virtual machines. But I still need bespoke configuration if I want to use other package sources, other databases, other shells, other operating systems, modern websites, and so on. I defer most package management to common package managers, but I add special configuration that ordinarily is not included in ports. A short configuration file is enough to create interfaces from my main user as csh aliases to doas commands, to grant extra network access to a specific program, to configure both sides of encrypted network connections, to write and install crontabs, and so on. I can do this because I am using OpenBSD and related softwares, especially pkg, doas, pf, relayd, rc, sndio, and drist. With a framework of these good softwares I can install all of my bad softwares as Unix users with very restricted network access, such that the bad softwares don't interfere with each other or the base system. Because it is so simple and all on one imaginary computer, it is very easy for me to write new specialized software just for me. I have a specialized metrics system that works better for me than any popular metrics system, a specialized content management system that is faster than any web-based wiki, unusually fast dictionary lookup with a user interface that I like, unusually reliable printers, and many other wonderful utilities. My system is developed by one person, me, and used by one person, also me. My system is so specialized for me that I am confident it will not work for you. But I will show how it is made of simple pieces so that you can adapt the ideas to make something like it that does work specially for you. Ibsen S. Ripsbusker: Ibsen S. Ripsbusker is a berry farmer. He mostly grows currants, but he also grows other berries. He has been developing Unix-like software as a hobby for 20 years. ===== 1500 Yan Ka Chiu: Running native and dockers containers on FreeBSD, and distribute to OCI image registries This talk is a mix of demonstration and overview of xc, a open source implementation of a container runtime on FreeBSD, as well as improvements added to FreeBSD 14 to Jail more useful in the context of container. We can pull and run Linux and FreeBSD containers from any OCI image registries including Amazon ECR, Azure Container Registry and more. In additional to running containers, we can build and upload FreeBSD native images to platforms (ECR, Azure) to make native FreeBSD containers more accessible. Yan Ka Chiu: Michael is a FreeBSD user who is currently developing container runtime for FreeBSD that can leverage existing OCI-based infrastructures. He was a backend software architect for a live streaming e-commerce company which heavily used FreeBSD containers in production. ===== 1600 Mateusz Piotrowski: ZFS Directory Scaling It is not uncommon to store thousands of files in a single directory. Unfortunately, a growing directory size may result in unexpected bottlenecks slowing down the system. The performance hit can be observed even for simple operations like lookup, open, and create. What are the data structures defining the performance of directories? What obscure tunables are worth taking a look at when storing thousands of files in thousands of directories? What are the recent developments in OpenZFS helping to address those performance problems? The presentation walks the audience through the realm of OpenZFS performance engineering. First, it introduces the audience to the essential concepts in ZFS and provides the 101 of file system performance tuning. Afterwards, it takes a deep dive into the implementation of directories in OpenZFS. Finally, the presentation presents ways of improving ZFS directory scaling, discusses relevant tunables and how to use them, and comments on the in-progress work and recent developments in OpenZFS. Mateusz Piotrowski: Mateusz Piotrowski is a FreeBSD ports and documentation committer based in Berlin. He enjoys troubleshooting bugs, scripting automation, and designing robust software systems (always thoroughly documenting everything along the way). Recently, his interests have drifted toward tracing and performance engineering. ===== 1600 Taylor R Campbell: FIDO and Webauthn on BSD: Authentication for the easily distracted Webauthn is taking the world by force. Can BSD keep up? And when did the internet's guard dog trade the terrifying name of Kerberos for a fluffy friendly name like Fido? This talk will present: why you, too, should use FIDO to thwart phishing with the press of a button; what makes FIDO different from the bad old days of unusable, impenetrable hardware crypto tokens; squirrel; recent developments in the webauthn landscape and on the BSDs; and nifty tricks you can teach FIDO to do beyond just logging you into gmai1.com. Taylor R Campbell: Taylor ‘Riastradh’ Campbell has been a NetBSD developer since 2011, working on various areas including device drivers and multiprocessor safety, and is a member of the NetBSD core team and The NetBSD Foundation board. ===== 1600 abed: multipath geom based SDS for fun and profit Presentation is around setting up SDS(software defined storage) based on non-ZFS (non-Ceph) techs stack that basically are part of base system and very low footprint. topic is completely practical. within the presentation we talk about setting up jail-based cloud and resource scaling in so called real time. abed: I’m Sysadmin, Penetration tester and Programmer practically for 2 decades. I’m using FreeBSD for almost everything. =====