Berkeley Software Distribution

A new BSDCan video has been posted:

A packet's journey through pf By Kristof Provost

A walkthrough of a packet's journey through (FreeBSD's) pf, concentrating on the big picture and its implications.

We'll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we'll cover what DTrace probes can show us, what some of pfctl's counters mean and just how many times pf can look at a single packet.

This talk is intended for firewall admins looking for a deeper understanding and aspiring pf developers. It is not a "How to use pf" talk.

#pf #runbsd #freebsd

New BSDCan Video Posted:

Hardware-accelerated program tracing on FreeBSD By Bojan Novković

Hardware tracing facilities are designed to capture various metrics and information about software execution with a minimal performance overhead, making them a valuable tool for performance analyses and debugging. FreeBSD recently gained a new in-kernel framework for hardware-accelerated tracing technologies (hwt(8) [1]) with support for ARM64 and Intel CPUs.

This talk will cover the work that went into adding support for Intel's Processor Trace technology in hwt(8). We'll start by covering several key concepts related to hardware-accelerated tracing and use them to explore the architecture of FreeBSD's hwt(8) framework. We'll then move on to a case study of Intel Processor Trace technology, giving a brief overview of its features before diving into key implementation details. The talk will also include a short demo of hwt(8)'s features on the Intel platform.

#runbsd #FreeBSD

So, I installed OpenBSD on my ThinkPad T400 a few weeks ago. It was going okay, but then a job came up that required Windows.

I do not run Windows on any of my devices due to a galaxy of reasons, but i keep an old hard drive handy with Tiny10 that I can shove into a laptop when needed (a rare occurrence).

Anyway, I noticed that somehow, Tiny10 actually ran considerably better than OpenBSD on this particular machine, despite also using a hard drive rather than an SSD.

My OpenBSD setup uses bspwm, and my RAM usage is normally quite low unless vimb is open.

Is there any way i could increase the performance of OpenBSD on my ThinkPad?

A new BSDCan video has been posted:

Sandbox Your Program Using FreeBSD's Capsicum By Jake Freeland

https://youtu.be/Ne4l5U_ETAw

With security vulnerabilities rapidly rising each year, program security is more important than ever. One solution to keeping your program from being the victim of the next big CVE is FreeBSD's Capsicum.

Originally developed at the University of Cambridge Computer Laboratory, Capsicum is a lightweight capability and sandbox framework built into the FreeBSD base system. It is designed around the principle of least privilege - where programs only have access to resources that are required for operation.

This talk will follow my blog post, which outlines the process of Capsicumization, or sandboxing your program using Capsicum. I will cover capability violation detection, restructuring existing programs for Capsicum, and filesystem/networking access inside of the capability sandbox.

Recent Capsicumization efforts in the FreeBSD base system and the future of Capsicum will also be discussed.

#runbsd #freebsd #sandbox

New Video Posted:

ABI stability in FreeBSD By ShengYi Hung

https://youtu.be/vzU6vKd1OFM

The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our pkg system only support build for all major version.

A wiki page distribute the workflow of CTF diff and script:

https://wiki.freebsd.org/ShengYiHong/ABIStability?highlight=%28ABI%29

The outline of my slides will be as following:

What is ABI and why we needs to stablize ABI?

How to maintain ABI stability (a tool to check and ABI tag in binary)?

ABI information (CTF and dwarf) in elf and why we use CTF?

New tools CTFDiff: Why implement new CTFDiff and don't use the illumos one? (we port libctf and other command line tools like ctfdump to FreeBSD from illumos)

CTFDiff script: scripts download tarball from web (kernel tarball) so that we can compare abi between local compile one and web.

Short demo (maybe) for ctfdiff ?

Current status of CTFDiff (needs reviewers, licenses issue (CDDL))

Future works: regulize a stable function/obj ABI/API in kernel.

New @BSDCan video posted:

Controlled credentials transitions without privileges: mac_do(4), mdo(1) and setcred(2) by Olivier Certner

In this talk, we will present a project that aims at allowing controlled process credentials transitions without using setuid executables but instead leveraging FreeBSD's MAC framework.

Traditional credentials-changing programs, such as sudo(8), have a non-negligible attack surface as they often include a lot of infrequently used features and mechanisms that can be dangerous from a security standpoint (e.g., loadable modules). As these programs have to run as 'root', compromising them can have catastrophic consequences.

The mac_do(4) kernel module has been introduced to allow unprivileged processes to change credentials, provided the requested changes are explicitly allowed by rules set by an administrator. It has recently undergone major changes. First, thanks to a redesign of rules, it is now possible to specify full sets of user and group IDs that must be present or absent in the final credentials for a transition to be accepted. Second, each jail can be configured with a different set of rules, allowing different transitions to be allowed as needed, or to inherit from the parent jail.

We will describe how mac_do(4)'s credentials rules work, what the role of the mdo(1) companion program is, and what you can do with them in practice.

We will also touch on some aspects of the implementation, notably why we needed to introduce the new setcred(2) system call, which allows to change all process credentials in a single call, and possibly those that are related to the use of some FreeBSD's kernel sub-systems (notably, sysctl, jails and OSD).

While the current implementation is of production quality and immediately useful, there are lots of possible ways to extend it to cover more scenarios and to progress towards our ideal of having all credentials-changing programs work without the setuid bit. We will present them in the hope to get feedbacks.

A new project desktop-focused called Illumarine based on Illumos is coming, this is what the home page says:

Unix-like power, made simple
Illumarine brings the best of illumos, and other open-source Unix-like technologies to everyone.

The work looks at the early stage, I hope the best for the team.

https://illumarineos.com/ https://github.com/Illumarine

A History of the BSD Daemon by Marshall Kirk McKusick

This talk tells the history of the BSD Daemon. It starts with the first renditions in the 1970s of the daemons that help UNIX systems provide services to users. These early daemons were the inspiration for the well-known daemon created by John Lasseter in the early 1980s that became synonymous with BSD as they adorned the covers of the first three editions of `The Design and Implementation of the BSD Operating System' textbooks. The talk will also highlight many of the shirt designs that featured the BSD Daemon.

For more information about BSDCan , please visit: 
https://www.bsdcan.org/

For more information about the BSD Daemon, please visit:
https://www.mckusick.com/beastie/mainpage/copyright.html
https://www.freebsd.org/copyright/daemon/
https://en.wikipedia.org/wiki/BSD_Daemon

BSDCan 2025 Keynote: Hardware Support for Memory Hungry Applications by Margo Seltzer

For nearly 60 years, we lived in a CPU-centric universe. Today, we are on the brink of a transition -- GPUs are the new golden child and those children demand unprecedented amounts of DRAM to satisfy modern data-hungry applications. I'm going to talk about these hardware trends and what they mean for those of us who build systems.

Speaker bio: Margo Seltzer is Canada 150 Research Chair in Computer Systems and the Cheriton Family chair in Computer Science at the University of British Columbia. Her research interests are in systems, construed quite broadly: systems for capturing and accessing data provenance, file systems, databases, transaction processing systems, storage and analysis of graph-structured data, and systems for constructing optimal and interpretable machine learning models.

She is the author of several widely-used software packages including database and transaction libraries and the 4.4BSD log-structured file system. Dr. Seltzer was a co-founder and CTO of Sleepycat Software, the makers of Berkeley DB, the recipient of the 2021 ACM Software Sytems award and the 2020 ACM SIGMOD Systems Award. She is a past President of the USENIX Assocation and served as the USENIX representative to the Computing Research Association Board of Directors. In 2019 recipient of the USENIX Lifetime Achievement Award.

For more information, please visit:

 https://www.bsdcan.org/2025/

#bsdcan

@bsdcan 2025 Info:

• Tutorials: June 11-12, 2025
• Conference: June 13-14, 2025

full list of talks here:

https://indico.bsdcan.org/event/5/contributions/

North Americas biggest *BSD Event. 3 rooms, 2 days, Zero filler. Plus we have tutorials, Shawarma, and a fun auction at the end.

#bsdcan

AsiaBSDCon:
https://2025.asiabsdcon.org/
Tokyo, Japan 20-23 March, 2025

BSDCan
https://www.bsdcan.org/2025/
Ottawa, Canada
Tutorials: June 11-12, 2025
Conference: June 13-14, 2025

EuroBSDCon
https://2025.eurobsdcon.org/
Zagreb, Croatia; September 25-28, 2025

#runbsd

Next NYC*BUG Reminder: 2025-01-08 @ 18:45 EST (22:45 UTC) QEMU Virtualization on BSDs, Jim Brown This meeting will be recorded & streamed.

More Info: https://www.nycbug.org/index?action=view&id=10704

Be sure and follow rsvp@ instructions on NYC*BUG website if you plan to attend in person.

#runbsd

We're hoping YOU will come speak at our conference at the University of Ottawa!

Tutorials: June 11-12, 2025 Conference: June 13-14, 2025

Instructions for submitting your abstract and lots more info are here: https://bsdcan.org/2025/papers.php

#BSDCan #netBSD #openBSD #freeBSD #BSD

We invite talks by and for users, sysadmins, researchers, developers, enthusiastic hobbyists, students, retirees, social scientists...if you can talk for 50 minutes about a topic directly related to the BSD derivative projects or community or can deliver a technical tutorial for BSD users, we want to hear about it!

The website has a big page of hints for your first proposal and what we're looking for in a talk, and a large archive of past topics is available. (But don't let that limit you...maybe we just haven't heard YOUR talk yet!)

We think everyone should be able to participate in community events and though we have a small budget, we hope to accommodate as much of our community as we can.

• We have a mask policy (your audience will be wearing N95s)
• We stream talks online and with live chat
• Can't attend in person? We can host your talk remotely
• We reimburse speakers for their travel and hotel fees. (If fronting these fees would be a hardship, apply anyway and we'll talk!)

Apply today!

(Interested in sponsoring? Check out our sponsorship opportunities at https://bsdcan.org/2025/sponsorship.php or contact funding@bsdcan.org!)

I am a long time Linux User, KDE user. I want to try out BSD, but I am having a hard time getting it installed.

I tried the latest version of FreeBSD but it seems to come without X or Wayland (Or any of the other graphical bits) and I can't seem to get the graphical part working.

Nothing yet has been done with the machine, so, if anyone can recommend an easy-to-install - that works out of the box in full graphics where I don't have to mess with modelines like 2001. I would love to try an OS where there are not too many cooks in the kitchen.

I will be installing it on a Lenovo Ideapad.

The initial list of 21 'low hanging fruit' videos from EuroBSDcon 2024 has been released with more to follow: https://youtube.com/playlist?list=PLskKNopggjc4UnB5xEDH9Aup_oOb9Lo7G