Who Should Take this Course

This course provides a broad overview of how the FreeBSD kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. Individuals involved in technical and sales support can learn the capabilities and limitations of the system; applications developers can learn how to effectively and efficiently interface to the system; systems programmers without direct experience with the FreeBSD kernel can learn how to maintain, tune, and interface to such systems. This course is directed to users who have had at least a year of experience using a UNIX-like system. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays).

The course is divided into two days. Together they cover the entire FreeBSD kernel but subjects have been arranged such that students can also decide to attend only the first or the second day depending on the subjects in which they are interested.

Description

This course will provide a firm background in the FreeBSD kernel. The POSIX kernel interfaces will be used as examples where they are defined. Where they are not defined, the FreeBSD interfaces will be described. The course will cover basic kernel services, process structure, locking, jails, scheduling, signal handling, and virtual and physical memory management. The kernel I/O structure will be described showing disk management, how I/O is multiplexed, and the configuration of special devices. Next the organization of the filesystem will be described showing how its buffer pool is integrated with the virtual memory system. The course then covers the implementation of the fast filesystem and its capabilities including soft updates and snapshots. The filesystem interface will then be generalized to show how to support multiple filesystem types. The course also covers the socket-based network architecture, layering, and implementation. The socket communications primitives and internal layering will be discussed, with emphasis on the interfaces between the layers; the TCP/IP implementation will be used as an example. A discussion of routing issues will be included. The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as the implementation of device drivers.

Day 1 morning - Kernel Overview

• Process structure
• Locking
• Communications
• Process Groups and Sessions
• Jails
• Scheduling
• Signals and timers
• Virtual memory management

Day 1 afternoon - Kernel I/O structure

• I/O data structures
• Disk Management
• Multiplexing I/O
• Autoconfiguration strategy
• Configuration of a device driver

Day 2 morning - Filesystems Overview

• Filesystem organization
• Block I/O system (buffer cache)
• Filesystem implementation
• Soft Updates and Snapshots
• Support for multiple filesystems

Day 2 afternoon - Networking Implementation

• System layers and interfaces
• Internet Protocols
• Mbufs and control blocks
• Routing issues
• TCP algorithms

Course Text

Marshall Kirk McKusick, George Neville-Neil, and Robert N. M. Watson, ``The Design and Implementation of the FreeBSD Operating System'', Second Edition, Pearson Education, Boston, MA September 2014, ISBN-13: 978-0-321-96897-5, ISBN-10: 0-321-96897-2. http://click.linksynergy.com/fs-bin/click?id=NZS3W7D*uS0&offerid=145238.10000444&type=3&subid=0

Dr. Marshall Kirk McKusick writes books and articles, teaches classes on UNIX- and BSD-related subjects, and provides expert-witness testimony on software patent, trade secret, and copyright issues particularly those related to operating systems and filesystems. He has been a developer and commiter to the FreeBSD Project since its founding in 1994. While at the University of California at Berkeley, he implemented the 4.2BSD fast filesystem and was the Research Computer Scientist at the Berkeley Computer Systems Research Group (CSRG) overseeing the development and release of 4.3BSD and 4.4BSD. He earned his undergraduate degree in electrical engineering from Cornell University and did his graduate work at the University of California at Berkeley, where he received master's degrees in computer science and business administration and a doctoral degree in computer science. He has twice been president of the board of the Usenix Association, is currently a member of the FreeBSD Foundation Board of Directors, a member of the editorial board of ACM's Queue magazine, a senior member of the IEEE, and a member of the Usenix Association, ACM, and AAAS.

In his spare time, he enjoys swimming, scuba diving, and wine collecting. The wine is stored in a specially constructed wine cellar (accessible from the Web at http://www.mckusick.com/~mckusick/) in the basement of the house that he shares with Eric Allman, his partner of 37-and-some-odd years and husband since 2013.

The Tracing tutorial is meant for all software practitioners which includes software developers, DevOps, systems administrators and others who ought to understand the inner workings of the operating system in order to build, and maintainany type of computing platform.

With traditional methods it would be impossible to give students anything but a cursory understanding of an operating system in two days. Using DTrace we will be able to cover a wide range of topics, including the scheduler, network stack and filesystem. Using practical examples and publicly available tracing scripts this tutorial will give students a good grounding in DTrace, which is available on FreeBSD, MacOS and Illumos and then cover the listed topics in depth.

This course does NOT require that the students be fluent in C, but some familiarity with programming and scripting will help students to get the most out of the material.

All materials will be available on-line before the course is taught and will remain on-line after the course completes.

Outline

• What is DTrace?
  • Overview
  • Scripting
  • Useful one liners
• • Processes
  • Creation and Destruction
  • Virtual Memory
  • Scheduling
• • Networking
  • IP
  • UDP
  • TCP
  • Performance Analysis
  • Filesystems
  • Naming
  • Storage

George likes to say that he, "Works on networking and operating system code for fun and profit." Writing machine code, building hardware and teaching computing since his teens, his first profit making programming gig was hacking DBase III code for an insurance company while still in High School. He published his first piece of commercial software, an audio digitizer for the then popular Amiga computer, while still in college.

He is the author of two leading books on operating systems, the latest co-authored with Marshall Kirk McKusick and Robert N. M. Watson of The Design and implementation of the FreeBSD Operating System 2nd Ed.

For over ten years he has been the columnist better known as Kode Vicious, producing the most widely read column in both of ACM's premier flagship magazines, "Queue" and "Communications of the ACM". More recently he was tapped to chair the ACM Practitioner Board, which is dedicated to bridging the gap between research and industry, where he helped create the ACM Applicative conference.

George has been a FreeBSD committer for over 10 years, and currently serves on the elected Core team which helps manage the overall project. Since 2012 he has been on the Board of Directors of the FreeBSD Foundation, the US 501c3 organization that helps to support the FreeBSD Project.

He is an avid bicyclist and traveler who speaks several languages and has lived and worked in Amsterdam and Tokyo. He currently lives in Brooklyn, New York.

SSH is a crucial tool for securely managing infrastructure, but many users never look far beyond the basics functionality. In this workshop you will setup remote offices that connect to a central point of management, using reverse tunneling to avoid issues with NAT, firewalls and dynamic IPs. In a series of exercises you will configure a number of jails running sshd so that they will be reachable only from a central host through a reverse TCP tunnel, using public key authentication with agent forwarding.

Familiarity with SSH, networking and the command line is beneficial. The pace will be adjusted to fit all participants. Languages: English or Japanese. Japanese students are welcome. A laptop with an SSH client is required.

Oskar Fagerfjll is a Swedish engineer living in japan, managing desktops and pinters the IT department of a hospital. He began using FreeNAS for his photography hobby; now BSD is a primary hobby in and of itself.

In this tutorial, I'll cover developing and deploying secure web applications (CGI and FastCGI) written in C on OpenBSD and FreeBSD. (Of course, most concepts will be portable to other UNIX systems.) This will be a live tutorial: attendees, if desired, will be able to login to an available system to configure, write, and deploy applications examined during the course. The course goal is to equip attendees with all the tools necessary to go from zero to a running web application: from the application logic to the web server. The tutorial materials (slides, examples, etc.) are available at http://kristaps.bsd.lv/absdcon2016, which may be printed or translated at will.

C programmers, web application (CGI and FastCGI) programmers, "vintage" programmers

I work in computational mathematics and contribute to open source to fill in the holes of missing or broken software.

In this tutorial, participants will learn the tools and methods of contributing to the FreeBSD Documentation Project as well as how to create translations for existing FreeBSD documentation. The goal for this tutorial is to provide each participant with the knowledge and some hands-on experience for submitting patches and translations to the FreeBSD Documentation Project. That way, the whole documentation workflow is understood and participants have everything they need to continue working after the tutorial is over.

This tutorial is for anyone interested in learning about the FreeBSD documentation workflow and those who want to contribute documentation to an open source project. Translators who want to get to know the newly-integrated PO/gettext translation system are also welcome to join. The tutorial session will introduce the layout of the FreeBSD documentation, how to use the documentation tools, how to submit a patch, and how to work with other members of the doc team. By the end of this session, participants will have created at least one patch and will know where to go for further assistance.

Dru Lavigne is the lead technical writer for the PC-BSD and FreeNAS projects and a doc committer for the FreeBSD Project. She is author of BSD Hacks, The Best of FreeBSD Basics, and The Definitive Guide to PC-BSD. She is founder and current Chair of the BSD Certification Group Inc., a non-profit organization with a mission to create the standard for certifying BSD system administrators, and serves on the Board of the FreeBSD Foundation.

Benedict Reuschling has a Master of Science degree in Computer Science from the University of Applied Sciences, Darmstadt, Germany. He is managing the big data cluster at his alma mater for the database research group. He joined the FreeBSD Project as a documentation translator/committer in 2010 and is proctor for the BSD Certification Group. Benedict is also a member of the FreeBSD Foundation Board of Directors since 2015.

CheriBSD is a fork of FreeBSD to support the CHERI research CPU. We have extended the kernel to provide sup- port for CHERI memory capabilities as well as modifying applications and libraries including tcpdump, libmagic, and zlib to take advantage of these capabilities for im- proved memory safety and compartmentalization. We have also developed custom demo applications and deployment infrastructure for our table demo platform. This paper dis- cusses the challenges facing a long running, public fork of FreeBSD.

Brooks Davis is a Senior Software Engineer in the Computer Science Laboratory at SRI International and a Visiting Research Fellow at the University of Cambridge Computer Laboratory. He has been a FreeBSD user since 1994, a FreeBSD committer since 2001, and was a core team member from 2006 to 2012. He earned a Bachelors Degree in Computer Science from Harvey Mudd College in 1998. His computing interests include security, operating systems, networking, high performance computing, and, of course, finding ways to use FreeBSD in all these areas. When not computing, he enjoys cooking, brewing, gardening, woodworking, blacksmithing, and hiking.

The bhyve ATA/ATAPI emulation is part of a larger project that aims to insure backward compatibilty with older versions of FreeBSD guests for FreeBSD Hypervisor (bhyve). Currently the bhyve hypervisor emulates AHCI standard for drive and atapi devices. In order to support guests like FreeBSD 4 that does not have ahci drivers, it is necessary to emulate an ATA/ATAPI controller.

My name is Mihai Carabas and I am a PhD student at University POLITEHNICA of Bucharest in the domain of virtualization. I've contributed over the last four years in FreeBSD and DragonFlyBSD virtualization code.

"FreeBSD Test Cluster Automation" is a Google Summer of Code 2015 project for FreeBSD organization to create an infrastructure for automated tests building, installing and first booting process of FreeBSD. The base of this project is iPXE - Open Source Boot Firmware, which is used for controlling nodes. A small webapplication written in python is a frontend for the database where information about nodes, current states and states of revisions are saved. The project is also using mfsBSD and bsdinstall extension for an automatic and non-interactive installation process, it was done during Google Summer of Code 2014. On the server side the main part of the project is FreeNAS, it is used to provide shared storage and jails for applications. The ZFS filesystem with deduplication enabled on dataset for source code allows to save every tested revision of the source code with space saving. The scope of the project was only infrastructure, without focusing on tests. During the project simple tests of building and installing FreeBSD were made, it's similar to https://jenkins.freebsd.org/ but on the bare metal infrustructure and it's possible to test all commits, not all commits from one period of time like in jenkins. Another interesting application for this project is testing drivers, for example network card drivers. Inside testing cluster it's possible to build a driver after any commit, test it, measure and report.

Kamil Czekirda is a final-year student at Warsaw University of Technology. He successfully completed the Google Summer of Code 2014 and 2015 with the FreeBSD projects. Kamil is interested in diskless workstations and unattended installations of different kinds of systems. He started to work at the website www.ipxe.pl where he provides ipxe scripts for installers and some useful tools. With iPXE boot menu it's possible to start installers without preparing installation media.

FreeBSD includes several programs which create or consume file system hierarchy descriptions in the mtree(5) format. These descriptions, also called specifications, have a broad range of uses, from automatically creating directory structures to security auditing. Each of the programs, namely mtree(8), bsdtar(1), install(1) and makefs(8), has its own implementation of the mtree format. This not only adds maintenance overhead, but also makes interoperability difficult, as each of the implementations only supports a limited subset of the format. In 2015, the libmtree library was created as part of the Google Summer of Code program to replace and unify the existing implementations.

I'm an independent system administrator, aspiring developer and a student at the Palacky University in Czech Republic. I'm a long-term open source enthusiast and a Google Summer of Code student in 2014 and 2015. My main computer-related interests are intelligent systems, networking and operating systems.

OpenBSD 5.9 will include a native implementation of Xen PVHVM drivers. It was written from scratch to facilitate simplicity and maintainability. One of major goals of this effort is to run OpenBSD images in the Amazon cloud.

Mike Belopuhov is a software engineer working for Esdenera Networks GmbH and has been an OpenBSD contributor since late 2007 doing mostly kernel and networking programming. He currently spends his efforts trying to put OpenBSD into Amazon and Microsoft clouds. Before that he was active in the OpenBSD kernel's cryptographic framework (implementing support for AES-NI, AES-GCM, Chacha20-Poly1305), the IPsec networking stack and pf.

Xen is a hypervisor using a microkernel design that allows running multiple concurrent operating systems on the same hardware. One of the key features of Xen is that it is OS agnostic, meaning that any OS (with proper support) can be used as a host. Xen has a long history going back to the 90s when it was designed and the early 2000s when it was released. As a consequence of this, many of the assumptions and virtualization techniques backed into it are now superseeded by new hardware features, that make virtualization more transparent from an OS point of view.

Roger Pau Monné is a Software Engineer at Citrix and a FreeBSD developer. He is currently working on maintaining and improving Xen support in FreeBSD. Apart from contributing to Xen and FreeBSD he also contributes to other related Open Source projects, like the Linux kernel and Qemu.

After many years using a highly customized Nexenta base OS for the filers serving iSCSI and NFS, Gandi has been looking for modernizing them. A study has been made on various candidates, with strong requirements on performances, fast booting, sta- bility, compatibility with Linux clients and hardware. FreeBSD has been chosen as a replacement. This talk will cover the study, the interaction with the community, the contributions: new tools, patches, bug fixing, testing. it will describe the customization made and the future plan.

Unix system Engineer working at Gandi.net. FreeBSD ports committer since 2010, source committer since 2011, member of the portmgr team and the core team.

The BSD operating systems strive to provide a complete, usable system in one coherent place. In theory this works well, but in practice, most people depend on a variety of third party software for their computing needs. This is where ports and packages come in. We will discuss some issues that come up in dealing with packaging third party software on an uncommon operating system (Bitrig) along with how this can help us to improve software portability for all the BSD operating systems (and other UNIX-like systems).

John C. Vernaleo is an astronomer by training who moved from writing code for his own research to writing code for other researchers with NASA's Fermi Gamma Ray Space Telescope to writing code for startups. He is currently a cryptocurrency developer for Company 0. Despite starting out as a Linux (and Solaris) user, John has gradually moved over to the BSDs and has been a member of the Bitrig project since 2013.

Capsicum is a sandbox framework in the FreeBSD operating systems and it's based on the capabilities concept. Programs running in a sandbox don't have access to any global namespaces. For some applications this limitation could be too restraining. So how developers handle those exceptions with Capsicum?

Mariusz Zaborski is a software developer at WHEEL Systems and student at Warsaw University of Technology. Mariusz's main ares of interest are OS security and low-level programming. At Wheel Systems, Mariusz is developing a solution to monitor, record and control traffic in an IT infrastructure. He has been involved in the development of Capsicum and Casper since Google Summer of Code 2013, which he successfully passed under the mentorship of Paweł Jakub Dawidek. Mariusz has been a FreeBSD project commiter since 2015.

Directory services on FreeNAS have been a source of many problems and misunderstandings. Understanding how things work has been somewhat of a black art. There are many moving parts and several places where things have to be done just right or else things can go terribly wrong. This talk will discuss the technical details of what is "under the hood" in FreeNAS that makes directory services work.

John Hixson is a BSD geek that resides in northern California. He has been using open source software since the middle 90's. He has worked as both an engineer and systems administrator during the course of his technical career. His employment with iXsystems keeps him busy with FreeBSD, PC-BSD and FreeNAS. John enjoys working on anything that is challenging and requires learning new things. In his spare time he likes to read, cook, spin records, spend time with his family and play with various electronic gadgets.

The Unix security model has traditionally used a single super user to manage machines. A person who has super-user privileges can do anything on that machine - format disks, bind “reserved” sockets, set the time, view files owned by other users. Setuid root programs are used to elevate the privileges for that program. The single super user controlling everything is also a weakness - once elevated privileges have been achieved, they can be used to do anything on the machine. In 2009, a design for an RBAC-kernel was proposed [Crooks2009]. We describe in this paper a new flattened security model for NetBSD (derived from the existing 4 security models), and, use it as a basis for new security models, including a new RBAC model, and a new model based on PGP and SSH keys for authentication within the kernel.

Alistair first used Unix Version 6 in 1977, 4.1c BSD in 1984, and has been an active member of the NetBSD community since its inception, a developer since 1997, founded pkgsrc in 1997, and still participates in its management and development. He has been a NetBSD core team member for 17 years, and was president of the NetBSD Foundation from 2006 to 2011.

In this work we discuss the limitations of link emulators based on conventional network stacks, and present our alternative architecture called TLEM, which is designed to address current high speed links and be open to future speed improvements. TLEM is structured as a pipeline of stages, implemented with separate threads and with limited interactions with each other, so that high perfor- mance can be achieved. Our emulator can handle bidi- rectional traffic at speeds of over 18 Mpps (64 byte pack- ets) and 30 Gbit/s (1500 byte packets) per direction even with large emulation delays. Even higher performance can be achieved with shorter delays, as the workload fits better into the L3 cache of the system. TLEM runs on any system that supports netmap (this includes FreeBSD, Linux and now even Windows hosts). The code is available as open source under a BSD license at github.com:luigirizzo/tlem .

Luigi Rizzo is an associate professor at the Universita` di Pisa. He has worked on network emulation, high performance networking, packet scheduling, multicast and reliable multicast. He is a long time contributor to FreeBSD, for which he has developed several subsystems including the dummynet network emulator, the ipfw firewall, and the netmap framework. He has been program committe member for for sigcomm, conext, infocom, nsdi, Usenix ATC, ANCS and other conferences, as well as PC chair for Sigcomm 2009 and Conext 2014, ANCS 2016, and general chair for Sigcomm 2006. Luigi has been a frequent visiting researcher at various institutions including ICSI/UC Berkeley, Google Mountain View, Intel Research Cambridge, Intel Research Berkeley.

The Self-Monitoring, Analysis and Reporting Technology or S.M.A.R.T., is an industry-standard interface implemented by manufacturers of hard disk and solid-state drive devices to present device “health” information to the controlling operating system. This information can include device identification and configuration information, service hours, temperature, failed block reallocation counts, Solid State Disk (SSD) endurance remaining, plus vendor-specific attributes. These attributes are commonly accessed from various operating systems using the “smartmontools” project and specifically the smartctl(8) command. While popular, the smartmontools project does not feature a license suited for inclusion in BSD Unix operating systems, does not support NVMe devices, and is limited in its output formatting abilities. The diskctl(8) project aims to provide a framework to address the licensing and output formatting limitations of smartmontools and provide a user-friendly framework for new device types and output formatting syntaxes. Also, diskctl(8) aims to provide an interface to common ATA management commands such as IDENTIFY, plus the acoustic and power management series of commands. Finally, the diskctl(8) project will explore the possibility of supporting VirtIO AHCI S.M.A.R.T. and underlying zpool(8) status pass-through for virtual machine disk devices, and other virtualized storage opportunities.

Michael has used BSD Unix systems since January of 1991 and provides BSD and ZFS technical support at Gainframe. He has supported BSD with download mirrors, events and organizations around the world for over a decade, and has a special interest in virtualization. Michael lives with his wife, daughter and son in Portland, Oregon.

Some hardware platforms that run NetBSD have type-B receptacles and USB client controllers, allowing them to act as USB devices. Currently, the NetBSD kernel doesn’t have generic support for the peripheral side of USB. This paper de- scribes a new framework for NetBSD to help implement functionality as a USB device on those platforms.

Hiroyuki Bessho has been working as a software engineer mainly in embedded system area.

CloudABI is an alternative runtime environment for UNIX-like operating systems that is purely based on the principle of capability-based security. This makes it possible to create applications that are strongly sandboxed, easier to test and easier to maintain. UNIX-like operating systems don't seem to make it easy to sandbox programs to harden them against exploits. They also don't allow you to run untrusted executables directly without compromising security, which is the reason why we require technology like virtual machines and containers to secure our systems. I am going to talk about a system I am developing called CloudABI. CloudABI is a simplified POSIX-like runtime environment that is inspired by FreeBSD's Capsicum. It allows you to create executables that can solely interact with the environment through file descriptors (capabilities). This not only makes CloudABI more secure than the traditional POSIX runtime, it also makes it easier to test programs through dependency injection. This makes CloudABI a perfect environment for developing microservices. In my presentation I am going to focus on what CloudABI is, how you can develop software for it and how it works in practice.

Ed Schouten started contributing to FreeBSD back in 2005, when he helped Rink Springer port FreeBSD to the Microsoft Xbox. After re-implementing the TTY layer (that's part of FreeBSD 8 and later), he worked on various other projects that eventually made their way into FreeBSD. Ed was the author of FreeBSD's "ClangBSD" branch, aimed at importing Clang into FreeBSD's base system. Later on he developed an initial prototype of a new console driver that's now imported into the system, called vt(4). Last year, Ed started his own IT company called Nuxi, based in the Netherlands. He is currently working on developing new infrastructure aimed at making cluster/cloud computing easier, more robust and more secure.

Many userland utilities, such as ipcs and procstat, are used to obtain specific data to fulfil user's inquiry regarding the kernel state. Apart from providing the means of examination for the currently running kernel, these tools support the inspection of kernel core dumps. In an unfortunate case of the core dump and the userland utility not being compiled with the same structures in terms of the type sizes, signedness, endianness and the memory alignment, the utilities fail to provide proper information. To solve this issue, we created a type-aware kernel virtual memory access library libtak. By relaying on the machine-independent type information provided by the Compact C Type Format and the kernel memory interface libkvm, we demonstrate the ability to read kernel core dump data that originated from arbitrary architectures. Furthermore, we describe the design and implementation of the libtak library and exhibit its usage on a selected subset of the essential userland tools.

Daniel Lovasko is a bachelor candidate in the field of Computer Science. His main areas of interest are Unix programming, improving/creating debuggers, experimenting with Haskell and Erlang and DevOps infrastructure. He was previously employed at SUSE Linux, German AI Research Centre and CERN. In the year 2014, Daniel successfully completed the Google Summer of Code with the FreeBSD Project with George Neville-Neil as his mentor.

Translation of FreeBSD's English documentation into other languages is extremely important to users and the FreeBSD project itself. The old methods used to translate FreeBSD documentation are very labor-intensive. Existing translators have difficulty keeping translations up to date, new translators are discouraged by the depth of expertise required to translate, and even writers working on the English original documents must take extra steps to accommodate translations. The gettext PO translation system automates much of the work and provides new abilities to make translation easier and faster, to share the work with other members of a translation team, and to reuse previous work. The PO translation tools have now been implemented for translating FreeBSD books and articles and this new method has begun to revitalize our translation efforts. Here we describe the benefits of translation, the difficulties with the old method, the benefits of the new system, and some potential challenges and possibilities for the future.

Warren Block has been using FreeBSD since 1998 in IT and manufacturing environments. In 2011, he became a documentation committer, and in 2014, joined the Document Engineering team.

The FreeBSD operating system has had at least two software based implementations of the IPsec proto- cols since they were first standardized in the 1990s. The original IPsec code came from the KAME project, along with IPv6, and later, a faster ver- sion of IPsec was added in parallel. The two code bases were merged into what is currently present in FreeBSD to this day. As part of our continu- ing longitudinal study of the performance of the network subsystems we have turned out attention to IPsec, looking at both the performance of the overall framework as well as the performance of more recent encryption and authentication proto- cols such as AES-GCM. Utilizing the native per- formance tool set on FreeBSD, including hwpmc(4) and DTrace we have tracked down various bottle- necks within the system and propose changes to clear them.

George likes to say that he, "Works on networking and operating system code for fun and profit." Writing machine code, building hardware and teaching computing since his teens, his first profit making programming gig was hacking DBase III code for an insurance company while still in High School. He published his first piece of commercial software, an audio digitizer for the then popular Amiga computer, while still in college. He is the author of two leading books on operating systems, the latest co-authored with Marshall Kirk McKusick and Robert N. M. Watson of _The Design and implementation of the FreeBSD Operating System 2nd Ed. For over ten years he has been the columnist better known as Kode Vicious, producing the most widely read column in both of ACM's premier flagship magazines, "Queue" and "Communications of the ACM". More recently he was tapped to chair the ACM Practitioner Board, which is dedicated to bridging the gap between research and industry, where he helped create the ACM Applicative conference. George has been a FreeBSD committer for over 10 years, and currently serves on the elected Core team which helps manage the overall project. Since 2012 he has been on the Board of Directors of the FreeBSD Foundation, the US 501c3 organization that helps to support the FreeBSD Project. He is an avid bicyclist and traveler who speaks several languages and has lived and worked in Amsterdam and Tokyo. He currently lives in Brooklyn, New York.

FreeBSD has supported disk encryption with GBDE and GELI since 2002 and 2005 respectively. However, booting the system required storing the loader and kernel unencrypted so that the requisite GEOM module could be loaded to handle decryption. This became a significantly larger stumbling block with the introduction of ZFS, as having multiple separate partitions detracts from the advantages of ZFS, and also causes headaches when upgrading the operating system. With the growing popularity of ZFS Boot Environments, a solution was needed that allowed the kernel and loader to remain part of the primary file system, even if it was encrypted. This paper provides an overview of the design of the GELI enabled boot code and loader, as well as the numerous challenges encountered during their development.

FreeBSD src/doc committer. VP Operations at ScaleEngine Inc. (video streaming CDN). Co-Author of "FreeBSD Mastery: ZFS"

My company, BS Web Services GmbH (BSWS) is a smaller hosting ISP in Hamburg. It is largely run on OpenBSD, and that in- cludes some uncommon and probably unex- pected uses that I frequently get asked about. I’ll explain why we use OpenBSD, how we do so and how we automate management of a large number of OpenBSD servers. In particular, we’ll cover -Benefits of us- ing OpenBSD for mission critical, public in- ternet services -how we manage a large num- ber of OpenBSD servers in very different roles -automated installation / setup -the expected use: routers, firewalls -managing the layer 2 network components -using OpenBSD compo- nents for the shared webhosting platforms - a clustered mail system on OpenBSD, includ- ing the use of spamd -OpenBSD autoinstal- lation in a fully automated VM deployment scheme -secure the business: automated billing and bookkeeping, including largely automated payment systems and bank interfaces, all on OpenBSD -secure the site: physical access con- trol using OpenBSD and arduinos -manually switching lights on and off is so last century -the environment: monitoring physical doors and temperatures with OpenBSD and arduinos.

Henning is the CEO of BS Web Services and founded it in 1996. He's also an OpenBSD developer since 2002 and mostly works on network re;ated topics, last not least pf.

In our 2015 paper, "Optimizing TLS for High-Bandwidth Applications in FreeBSD", we demonstrated the cost of TLS encryption on high-bandwidth video serving on Netflix's OpenConnect Appliance (OCA) and explored methods for reducing that cost via in-kernel encryption. The results showed that such a concept is feasible, but only a small performance gain was achieved. In this paper we describe the improvements made since then to reduce the cost of encryption. We also compare the performance of several different bulk encryption implementations.

Scott Long has been involved in FreeBSD since 1993 and committer since 2000. He's been with Netflix since 2012; prior to that he was with Yahoo from 2007-2012. He specializes in storage and system architecture.

Diversity and inclusivity initiatives across the technology world have been gaining visibility over the past several years. From huge multinationals to small Open Source projects, the effects of these initiatives are becoming more pronounced. This paper documents where the *BSD community stands in relation to these initiatives and asks us to imagine a brighter future for underserved minority coders within the broader *BSD world. By introducing a Generative Justice framework into an analysis of education initiatives, marketing, Codes of Conduct, educational outreach, and the global *BSD User Group network, we can see how the effort spent on these initiatives contribute to a symbiotic positive recursive loop both on the quality of code produced by the community and on social leadership in the broader tech landscape.

Brian Robert Callahan is a Ph.D. Student in the Department of Science and Technology Studies at Rensselaer Polytechnic Institute in Troy, NY. His research interests focus on diversity initiatives in the Free Software movement with a specific interest in the *BSD community and its user groups.

The way OpenBSD boots hasn't changed much since its inception. It has always used the traditional static BSD initialization script: /etc/rc. While dependable, it did not allow for easy integration with monitoring, configuration management software and/or any kind of tools requiring automated service handling. rc.d(8) was developed to abstract service management while pertaining the existing behavior like predictive and sequential start-up ordering (dependency-less).

Antoine Jacoutot has been an OpenBSD developer since 2006 and is part of the rc.d framework development team. He has been deploying and managing OpenBSD-based infrastructures for over a decade and wrote some its admin tools like the sysmerge configuration files updater and the rc management helper, rcctl. He is also a member of the GNOME Foundation and a committer for the GNOME Desktop which he ported and maintains along with 400 other ports. He is currently working as a cloud and automation consultant at the French company D2SI.

This paper provides a taxonomy of filesystem and storage development from 1979 to the present with the BSD Fast Filesystem as its focus. It describes the early performance work done by increasing the disk block size and by being aware of the disk geometry and using that knowledge to optimize rotational layout. With the abstraction of the geometry in the late 1980's and the ability of the hardware to cache and handle multiple requests, filesystems performance ceased trying to track geometry and instead sought to maximize performance by doing contiguous file layout. Small file performance was optimized through the use of techniques such as journaling and soft updates. By the late 1990's, filesystems had to be redesigned to handle the ever growing disk capacities. The addition of snapshots allowed for faster and more frequent backups. Multi-processing support got added to utilize all the CPUs found in the increasingly ubiquitous multi-core processors. The increasingly harsh environment of the Internet required greater data protection provided by access-control lists and mandatory-access controls. The talk concludes with a discussion of the addition of metadata optimization and possible future directions.

Dr. Marshall Kirk McKusick's work with Unix and BSD development spans over four decades. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the UC Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past forty years.

The author describes recent work on providing FreeBSD support for the Cavium ThunderX System on a Chip. ThunderX is a newly introduced, ARM64 (ARMv8) SoC designed for the high performance and server markets. It is currently the only ARM-based platform in the world to scale up to 48 CPU cores per socket with a possible dual socket configuration.

Zbigniew Bodek is a software engineer in Semihalf. He is involved in BSD and Linux operating systems development for ARM and PowerPC-based computers. Zbigniew graduated from AGH University of Science and Technology in Krakow with a degree in Electronics and Telecommunications. He is mainly interested in computer science, microprocessor technology, embedded systems and kernel development. He has been a FreeBSD committer since 2013.