All videos

  • EuroBSDCon 2019, Lillehammer: Advanced ports toolkit: near-perfect packing-list generation - Marc Espie (0:40:42)
  • NUUG
  • The OpenBSD ports tree uses an unique approach. Instead of ad-hoc scripts that manipulate textual information, we do have a semantic parser that creates objects for each element in the plist. The last year saw a complete rewrite of the most complicated piece of machinery, namely update-plist. There are lots of interesting challenges, specifically how to write a generic tool that will handle all the semantic annotations that currently figure in packing-lists with minimal special-casing: variables that expand to nothing for some flavors, ambiguous variable expansions, directories that may not exist for python2 ports, automatic dispatching to the right subpackage and fragment, shared libraries, smart file type handling for libraries, icon themes, etc Before and after comparison shows a new tool that requires minimal human intervention (perfect packing-list re-generation in over 95% of the cases), where the old update-plist required hand-holding over half the time. Marc Espie Researcher/Teacher in development security at Epita. Architect of the OpenBSD packages and ports system.
  • EuroBSDCon 2019, Lillehammer: NUMA Optimizations in the FreeBSD Network Stack - Drew Gallatin (0:40:30)
  • NUUG
  • will discuss optimizations to keep network connections and their resources local to NUMA domains. These changes include: Allocating NUMA local memory to back files sent via sendfile(9). Allocating NUMA local memory for Kernel TLS crypto buffers. Directing connections to TCP Pacers and kTLS workers bound to the local domain. Directing incoming connections to Nginx workers bound to the local domain via modifications to SO_REUSEPORT_LB listen sockets. I will present data from real Netflix servers showing an improvement of almost 2x on AMD EPYC (85Gbs - 165Gbs), and 1.3x on Intel Xeon (140Gb/s - 180Gbs). I will present data from the Xeon system showing a 50% reduction in cross-domain traffic. Drew Gallatin Drew started working on FreeBSD at Duke in the 90s, and was one of the people behind the FreeBSD/alpha port. He worked on zero-copy TCP optimizations for FreeBSD and was sending data at over 1Gb/s before gigabit Ethernet was generally available. He spent a decade at Myricom, optimizing their drivers. After a brief hiatus at Google, he landed at Netflix, where he works on optimizing the FreeBSD kernel and network stack for content delivery. He worked on the optimizations to serve unencrypted Netflix traffic at 100Gb/s, and then on more optimizations to send encrypted traffic at 100Gb/s.
  • EuroBSDCon 2019, Lillehammer: Wireless Fidelity with bwfm(4) - Patrick Wildt (0:41:50)
  • NUUG
  • The Broadcom Wireless FullMAC chip has been one of the biggest hurdles in properly supporting Apple MacBooks in the recent years. But that has not been the only place where this chip has popped up. bwfm(4) is a new OpenBSD driver that supports these chips and was also ported to NetBSD. This talks gives an overview of the chip, an in-depth view into how one communicates with the chip on the three different supported busses, and the higher layer protocol that’s being run on top. It also shows issues properly combining the driver with the OpenBSD net80211 stack, which isn’t written to handle FullMACs. The talk also shows the Firmware and NVRAM distribution issues.
  • EuroBSDCon 2019, Lillehammer: KernelTLS - Hans Petter Selasky, Drew Gallatin (0:43:16)
  • NUUG
  • Kernel TLS and TLS hardware offload TLS (Transport Layer Security) is a widely-deployed network protocol used for providing cryptographically proven security and authentication of TCP sessions. A kernel implementation of TLS will provide access to TLS hardware offload, ability to access unencrypted bytes of data in the kernel, and a reduction in copies to and from userspace by allowing the use of the sendfile(9) system call for TLS encrypted data. This talk will start from explaining the basics of TLS protocol, using OpenSSL as an example, cover the advantages and motivation for kernel TLS (KTLS) and later will dive in to the implementation. One of the major advantages of KTLS is the ability to offload TLS symmetric crypto processing to the network device. This talk will cover TLS hardware offload approaches, like TOE and inline TLS acceleration. We will close with some performance numbers comparing OpenSSL, KTLS and hardware offloaded TLS with data taken from Netflix servers. Drew Gallatin Drew started working on FreeBSD at Duke in the 90s, and was one of the people behind the FreeBSD/alpha port. He worked on zero-copy TCP optimizations for FreeBSD and was sending data at over 1Gb/s before gigabit Ethernet was generally available. He spent a decade at Myricom, optimizing their drivers. After a brief hiatus at Google, he landed at Netflix, where he works on optimizing the FreeBSD kernel and network stack for content delivery. He worked on the optimizations to serve unencrypted Netflix traffic at 100Gb/s, and then on more optimizations to send encrypted traffic at 100Gb/s.
  • EuroBSDCon 2019, Lillehammer: Rust: Systems Programmers Can Have Nice Things - Arun Thomas (0:39:02)
  • NUUG
  • Arun Thomas presents. Rust is a new programming language, originally from Mozilla, that combines the safety and productivity of a high-level language with the performance and low-level control of a traditional systems language. Rust achieves this combination through clever and pragmatic programming language design — along with awesome tooling and libraries. In this talk, I will dive into the features that make Rust the right choice for 21st-century systems programming. I will give a general introduction to the language and an overview of the Rust ecosystem. I will also walk through the process of developing Rust on BSD. Arun Thomas Arun Thomas is an operating systems researcher and an open source developer. He got his first taste of BSD in 2002. Arun is a Principal Scientist at Draper Laboratory. At Draper, Arun leads the DARPA-funded SSITH/HOPE project, a research collaboration with the University of Pennsylvania, MIT, PSU, INRIA, Dover Microsystems, and Dornerworks to develop a hardware security architecture that enables flexible, verified policy enforcement on RISC-V. Recently, he has been exploring the use of Rust as a foundational technology for building secure systems. Arun has spoken about systems programming topics at ARM TechCon, the Embedded Systems Conference (ESC), BSDCan, EuroBSDcon, BSDTW, FOSDEM, Systems We Love, the RISC-V Workshop, and the Oxidize Embedded Rust Conference.
  • EuroBSDCon 2019, Lillehammer: OpenBSD: Add VMM to Packer - Phillip Buehler (0:43:23)
  • NUUG
  • OpenBSD: add VMM to ‘packer’ The sysadmin view of virtualization usually starts at a hypervisor running some kind of “image”. Packer is a framework to create such an image using various host and virtualized operating systems and adding some more bolts. This talk shows the efforts and pitfalls of building a plugin for packer using the VMM framework on OpenBSD. Some details go down the rabbit hole (or reducing it) to provide a Go binary runnable as a plugin. For ease of installation, the ways how to package this as an OpenBSD ‘port’ are shown. On top a bigger picture is provided on how to provide configurable OpenBSD images “at scale” by using the above accomplishments. Philipp Buehler Philipp uses Unix since mid 1990s and OpenBSD since 2000. Born and working in Germany mainly in Unix/Linux/BSD areas including ISP services and networking. Been an OpenBSD developer from 2002 to 2005, trying to cleanup and test pf(4). Co-founder of sysfive.com GmbH having the technical lead in designing and operating FOSS-based business plattforms.
  • EuroBSDCon 2019, Lillehammer: Paul Vixie talks about DNS over HTTPS (0:54:11)
  • NUUG
  • Paul Vixie was responsible for BIND from 1989 to 1999, and is the author of a dozen or so IETF RFC documents about DNS. He also started the first anti-spam company (MAPS) where he co-invented the DNS RBL (Realtime Blackhole List), and was the founder and later president of the first U.S.-based commercial Internet Exchange (PAIX). Today he serves as CEO of Farsight Security, home of the Security Information Exchange (SIE) and the world’s leading Passive DNS database (DNSDB). He wrote the Cron software used on all UNIX-type computers today. He is also co-inventor of the DNS Response Rate Limiting (RRL) and Response Policy Zone (RPZ) feature-sets now in wide use to protect the operational Internet Domain Name System against online attacks. He received his Ph.D. from Keio University in 2011, and was inducted into the Internet Hall of Fame in 2014.
  • EuroBSDCon 2019, Lillehammer: Embedded Ethics - Patricia Aas (0:46:41)
  • NUUG
  • Patricia is a programmer who has worked mostly in C++ and Java. She has spent her career continuously delivering from the same code-base to a large user base, from working on two browsers (Opera and Vivaldi), to working on embedded telepresence endpoints for Cisco. She is focused on the maintainability and flexibility of software architecture, and how to extend it to provide cutting edge user experiences. Her focus on the end users has led her work more and more toward privacy and security, and she has recently started her own company, TurtleSec, hoping to contribute positively to the infosec and C++ communities. She is also involved in the #includeC++ organization hoping to improve diversity and inclusion in the C++ community
  • My personal fight against the modern laptop - Hamish Coleman (0:50:41)
  • NUUG
  • Hamish Coleman presents. This talk will take you through some tools and techniques I used to reverse engineer the keyboard controller in my Thinkpad x230 laptop. I was driven to start this project when the laptops currently on sale just did not meet my requirements. Even the durable Thinkpad laptops I preferred in the past are being dumbed down. Eventually, I will need a new laptop - and with the available offerings, I just do not want anything that currently can be purchased off the shelf. To keep the project achievable, I reduced my gripes to just the keyboard - asking the question: "Can I shoehorn an older keyboard in a modern laptop?" Taking you through UEFI, ARCompact CPUs, Firmware Reversing, big structure dumping, SMM and custom virtual machines to answer that with "maybe." I hope to inspire others to address their hardware gripes too - and offer some tools and the confidence that they can.