Did you know that all the BSDCan 2025 videos have now been released? There are two complete playlists for each of the distribution channels: Peertube and Youtube. Thank you to the SDF for hosting Toobnix and giving us a good Peertube home to host the BSDCan videos. 

Peertube - Toobnix, by the good people of sdf.org https://toobnix.org/w/p/7xSAyg6QNPPBM38zkmWPLy

Youtube - https://www.youtube.com/playlist?list=PLeF8ZihVdpFe4u2cwVY8GgxjoFICIYyfY

#bsdcan #runbsd

A new BSDCan video has been posted:

Automating My FreeBSD Lab: From Setup to Daily Use with Ansible & Salt by Roller Angel
Automating My FreeBSD Lab: From Setup to Daily Use with Ansible & Salt
Abstract

<>

Managing multiple FreeBSD machines can be time-consuming, but automation makes it effortless. In this talk, I will demonstrate how I use Ansible to set up my FreeBSD lab and Salt to maintain and scale it across multiple machines—including how I configured a second FreeBSD laptop with just SSH access.

Attendees will see how automation enables:

    Seamless FreeBSD system setup using Ansible.

    Automated configuration management with Salt.

    Effortless scaling to new machines, reducing manual setup to a few commands.

By the end of the talk, attendees will understand how to leverage Ansible and Salt to build a reproducible and maintainable FreeBSD infrastructure.
Intended Audience

    FreeBSD users interested in automating system setup and maintenance.

    System administrators managing multiple FreeBSD machines.

    Anyone curious about Ansible and Salt for FreeBSD automation.

Attendees should have basic FreeBSD knowledge, but no prior experience with automation tools is required.
Outline
1. Introduction (5 min)

    Why automate?

    My FreeBSD lab & laptop setup overview.

2. Building My FreeBSD Lab with Ansible (15 min)

    Bootstrapping a new system.

    Automating system installation & package setup.

    Adding a second laptop with just SSH access.

3. Maintaining & Scaling with Salt (15 min)

    Managing configs, packages, and updates.

    Enforcing system state across multiple machines.

    How I maintain consistency between multiple devices.

4. Lessons Learned & Challenges (5 min)

    Why this method works well for FreeBSD.

    Troubleshooting automation quirks.

5. Q&A (5 min)
What Attendees Will Learn

    How to use Ansible to set up FreeBSD machines quickly.

    How Salt makes long-term configuration management effortless.

    How to automate multiple FreeBSD machines with minimal manual work.

For more information, please visit: 
https://www.bsdcan.org/2025/
- and -
https://www.bsdcan.org/2025/timetable/timetable-Automating-My-FreeBSD.html

#runbsd #freebsd #ansible

A new BSDCan video has been posted: ZFS Direct IO Benchmarking Pitfalls by Mateusz Piotrowski

Not too long ago, support for direct IO landed in OpenZFS after years of discussions and reviews. We truly live in the future where we can finally reject complicated caching and fully embrace the unbuffered conversations with our disks. Or can we really?

Those of you who know a bit about ZFS know that the ARC is actually pretty important (without one ZFS would historically stand for zzz 😴 instead of Zetta). How could it be then that skipping the ARC might improve performance?

During the presentation we will discuss what workloads and setups benefit from direct IO, what its limitations are, and what pitfalls to avoid during benchmarking. We will also look at the implementation to understand how all the promises of stability and compatibility were kept.

Direct IO is reported to deliver amazing performance boosts in some deployments. Understanding how not to hold it wrong is a great first step to potentially unlocking that speed-up on your systems too!

For more information, please visit: https://www.bsdcan.org/2025/

• and - https://www.bsdcan.org/2025/timetable/timetable-ZFS-Direct-IO.html

#zfs #benchmarking #freebsd

A new BSDCan video has been posted:
Effective Bug Reports, Code Change Requests, and Conference Proposals by  Michael Dexter\

Open Source is participatory and BSD Unix is no exception, with its own unique development workflows and events. Bug reporting, code proposing, and event participation are fundamental elements of the BSD Unix community and despite appearances, are open to anyone to participate.

This talk will take a pragmatic tour of effective engagement on these topics with real-world examples and tips for:

    Bug reports that are actionable and inspire attention

    Code change requests and reviews that are more likely to review and acceptance

    Conference proposals that stand out, accurately set expectations, and are more likely to be accepted

The secret is that all of that all of these are fundamentally indistinguishable: You are tasked with marketing your idea to others and must show your work, justify your points, demonstrate sincerity, and ultimately convince others of your initiative, regardless of its size.

For more information, please visit: 
https://www.bsdcan.org/2025/
- and -
https://www.bsdcan.org/2025/timetable/timetable-Effective-Bug-Reports,.html

#runbsd #freebsd #opensource #unix

A new BSDCan video has been posted: Enhancing Unix Education through Chaos Engineering and Gamification using FreeBSD by Andreas Kirchner, Benedict Reuschling

The misuse of AI in education for cheating purposes has created challenges in assessing students' authentic contributions in the last couple of years. Another issue we identified is that University labs rarely teach problem-solving skills for a real-world scenario that students have to deal with in their post-academic working life (i.e. fixing production issues). Traditional assignments lacked real-world relevance (and were easily solved with the help of AI), leaving students unprepared for professional challenges in their later jobs. To address this, we developed as part of a master's thesis for University of Applied Sciences, Darmstadt, Germany a new teaching framework leveraging Chaos Engineering and Gamification elements to modernize Unix education on FreeBSD. With our new system, real-world problems can be simulated by instructors and allows students to use system administrator permissions to solve them. We also developed this system to make it difficult for participants to "cheat" using AI and evaluated the system towards that end with a group of students.

This talk will introduce our new "Chaos education system" tested in the "Unix for Software Developers" course at the University. The name stems from the chaos monkey systems that intentionally "wreak havoc" on production systems to improve their resiliency and train the sysadmins managing them to find and fix them. Our approach lets instructors inject intentional faults (error scenarios) into student-managed FreeBSD jails. The students must then identify, resolve, and prevent these issues from occurring again using standard system administration tools, including root permissions. To increase student motivation to solve these scenarios quickly (and to create artificial "production system is at stake" pressure), a global highscore list is used as a gamification element: each time an issue is solved, points are awarded to that team based on the elapsed time and an instructor-defined difficulty bonus. A post-mortem group discussion with the instructor lets students talk through various ways of solving the issue, giving the group deeper insights on possible solutions each group had used. Using the system, the students gain practical skills like troubleshooting, system recovery, and proactive system management with real-world scenarios, something that traditional "one size fits all" assignments lack.

We built the whole system using BSD-licensed open source components: FreeBSD, pf, VNET, bastille jails and templates. Shells scripts act as the glue to tie them together and implement the logic for the rest of the chaos monkey system. The prototype system has been tested with two student groups of 16 students each in January 2025. One group was allowed to use ChatGPT during the scenarios to see how AI-support helps them (if at all). Insights from this testing was used to enhance the system further.

This talk will introduce the chaos education system idea, implementation, demonstrate its functionality, and discuss future work in this area. FreeBSD proved to be an excellent building platform for this system, due to its great modularity, open source, low resource overhead, and available documentation. The system can be enhanced further and used outside of an academic environment, like employee training or workshop-style challenges at events. It is easy for instructors to construct a custom scenario for participants and inject it into the training jails. The system can scale to a number of parallel users due to the lightweight nature that FreeBSD jails provide.

Audience: Educators, trainers, and system administrators interested in modernizing Unix/Linux education through hands-on, interactive methods. Managers may find the system interesting for training their own employees by constructing scenarios mimicking their own environment.

For more information, please visit:  https://www.bsdcan.org/2025/

• and - https://www.bsdcan.org/2025/timetable/timetable-Enhancing-Unix-Education.html

#runbsd #freebsd #pf

A new BSDCan video has been posted: Why (and how) we're migrating many of our servers from Linux to the BSDs by Stefano Marinelli

A few years ago, we decided to migrate many of our servers (and many of those of our clients) from Linux to the BSDs - FreeBSD, OpenBSD, NetBSD - depending on the specific services. In this presentation, I will discuss the reasons behind our decision, the technical and organizational challenges we faced, the tangible benefits we have experienced, and why we believe this migration is successful. I will provide specific examples and real-life case studies. In an increasingly complex world, relying on simple, stable, and secure solutions is becoming more and more important, and the BSDs can make a significant contribution in this direction.

For more information, please visit:  https://www.bsdcan.org/2025/

• and - https://www.bsdcan.org/2025/timetable/timetable-Why-and-how.html

#runbsd

A new BSDCan video has been posted: ELF Nightmares: GOTs, PLTs, and Relocations Oh My by John Baldwin

Mapping abstract symbol names in source code to concrete addresses at runtime requires cooperation between the compiler, static linker, and runtime loader. This talk will talk about some of the practices and data structures used for this task including ELF relocations, Global Offset Tables and Procedure Linkage Tables. Depending on time, it may also cover some more advanced topics such as initialization functions ("ifuncs").

For more information, please visit:  https://www.bsdcan.org/2025/

• and - https://www.bsdcan.org/2025/timetable/timetable-ELF-Nightmares-GOTs,.html

#runbsd #freebsd

A new BSDCan video has been posted: Automated and Distributed Testing Using TTCN-3 by Hiroki Sato

Testing an operating system is not easy. FreeBSD project uses Kyua testing framework and has continuously made efforts to add more test cases. They are mostly written in shell scripts or some lightweight programming languages. Writing and maintaining complex test cases is still challenging.

This talk introduces TTCN-3, Testing and Test Control Notation version 3. This is a domain-specific language designed for automated testing and is widely used in telecommunicating systems as an ETSI industry standard. While the primary target is conformance testing of communication protocols, it is also helpful to write complex test cases for operating system testing that cannot be covered by shell scripting.

Eclipse Titan is a TTCN-3 toolchain that Ericsson internally developed and Eclipse Foundation now maintains under Eclipse Public License 2.0. It translates test cases in TTCN-3 to a C++ program, and it generates a single binary without annoying library dependency to perform testing. The toolchain runs on *BSD or other Unix-like systems with GCC, and includes powerful orchestrating controller and logging capability. This project also maintains production-quality test case implementations for various protocols we can reuse.

The talk will cover how to get started with Eclipse Titan on FreeBSD, and how to write test cases of networking and multiple nodes. It includes examples such as a simple string matching of messages over STDIN/STDOUT, a simple request/response packet exchange over IP, and more complex scenarios that show both the upside and downside of using TTCN-3.

Speaker Biography: Hiroki Sato is an assistant professor at Institute of Science Tokyo. He is one of the FreeBSD core team members and has been a FreeBSD committer since 2001.

For more information, please visit:  https://www.bsdcan.org/2025/

• and - https://www.bsdcan.org/2025/timetable/timetable-Automated-and-Distributed.html

A new BSDCan video has posted:

Improvements to FreeBSD KASAN By Zhuo Ying Jiang Li

KASAN is a kernel sanitizer commonly combined with fuzzing techniques to detect memory corruption bugs, some of which could lead to security compromise. Currently, FreeBSD's KASAN can only detect a subset of temporal safety vulnerabilities due to the lack of a delayed freeing mechanism of freed items. Furthermore, the effectiveness of detecting spatial safety vulnerabilities is also limited because FreeBSD's KASAN does not add redzone padding around UMA allocations.

In this talk, I will present my current work on improving the effectiveness of KASAN by extending it with a quarantining mechanism and injecting redzones around UMA allocations. The development was done on CheriBSD, a fork of FreeBSD with CHERI support, to explore the synergy between CHERI and KASAN. I plan to upstream the relevant improvements to FreeBSD.

#runbsd #freebsd #bsdcan

A new BSDCan video has been posted: 

Sleep on FreeBSD: A bedtime story about S0ix By Aymeric Wibo

One of the main things still missing in FreeBSD for it to be usable on modern laptops is the ability to go to sleep. In the past, this was done using ACPI S3, but newer laptops have removed this in favour of S0ix, leaving FreeBSD without support for suspend on those machines.

This talk aims to get the casual user familiar enough with the terms and concepts behind power management, such that they can understand what's going on, what's already possible, what can be done, and be able to narrow down power management issues they might encounter. Full description

This talk will cover:

    The background and history of power management on FreeBSD, from APM, to ACPI S3, and finally to s2idle/S0ix, and how to know whether or not a given laptop supports S3 or S0ix or both.

    What the full suspend process looks like with modern standby, going into details like ACPI D-states & power resources, SPMC DSMs (acpi_spmc), the AMD SMU (system management unit, amdsmu), etc. and some of the challenges encountered.

    Specifics about sleep on AMD, such as USB4 power management in the HCM (host connection manager) and GPIO controller interrupt servicing.

    Cover debugging with residency counters, with the SMU on AMD, _LPI objects, and LPIT on Intel.

    Niceties and potential future work, such as idleness determination, a powertop equivalent, a built in amd_s2idle.py equivalent (for debugging sleep issues), etc.

#runbsd #freebsd #bsdcan

A new BSDCan Video has been posted: 

porch(1): it's not what you expect(1) By Kyle Evans

In a world ruled by expect(1) and TCL, we discuss an alternative that was developed based on scripting with lua instead. porch(1) was developed with a language already available and used in FreeBSD base in mind, with the aim of TTY testing via pts(4).

The overall aim of this project is to provide a simple subset of expect(1) functionality specifically aimed at developer and sysadmin automation in another popular language with many niceties for scripted interaction.

In this talk, we'll specifically discuss:

    The motivation for writing porch

    The underlying design/philosophy (with diagrams to describe the model)

    Bundled-in functionality beyond script execution

    Practical samples used in FreeBSD today

--

The author has been a FreeBSD src committer since 2017, working on many parts of the tree and gradually introducing lua into the base system. His most recent exploits include improving base system boot environment management with bectl(8) and excursions into the tty layer.

runbsd #freebsd #bsdcan

A new BSDCan video has been posted:

A packet's journey through pf By Kristof Provost

A walkthrough of a packet's journey through (FreeBSD's) pf, concentrating on the big picture and its implications.

We'll cover when packets are inspected, when rules are evaluated and how states are used. Along the way we'll cover what DTrace probes can show us, what some of pfctl's counters mean and just how many times pf can look at a single packet.

This talk is intended for firewall admins looking for a deeper understanding and aspiring pf developers. It is not a "How to use pf" talk.

#pf #runbsd #freebsd

New BSDCan Video Posted:

Hardware-accelerated program tracing on FreeBSD By Bojan Novković

Hardware tracing facilities are designed to capture various metrics and information about software execution with a minimal performance overhead, making them a valuable tool for performance analyses and debugging. FreeBSD recently gained a new in-kernel framework for hardware-accelerated tracing technologies (hwt(8) [1]) with support for ARM64 and Intel CPUs.

This talk will cover the work that went into adding support for Intel's Processor Trace technology in hwt(8). We'll start by covering several key concepts related to hardware-accelerated tracing and use them to explore the architecture of FreeBSD's hwt(8) framework. We'll then move on to a case study of Intel Processor Trace technology, giving a brief overview of its features before diving into key implementation details. The talk will also include a short demo of hwt(8)'s features on the Intel platform.

#runbsd #FreeBSD

A new BSDCan video has been posted:

Sandbox Your Program Using FreeBSD's Capsicum By Jake Freeland

https://youtu.be/Ne4l5U_ETAw

With security vulnerabilities rapidly rising each year, program security is more important than ever. One solution to keeping your program from being the victim of the next big CVE is FreeBSD's Capsicum.

Originally developed at the University of Cambridge Computer Laboratory, Capsicum is a lightweight capability and sandbox framework built into the FreeBSD base system. It is designed around the principle of least privilege - where programs only have access to resources that are required for operation.

This talk will follow my blog post, which outlines the process of Capsicumization, or sandboxing your program using Capsicum. I will cover capability violation detection, restructuring existing programs for Capsicum, and filesystem/networking access inside of the capability sandbox.

Recent Capsicumization efforts in the FreeBSD base system and the future of Capsicum will also be discussed.

#runbsd #freebsd #sandbox

So, I installed OpenBSD on my ThinkPad T400 a few weeks ago. It was going okay, but then a job came up that required Windows.

I do not run Windows on any of my devices due to a galaxy of reasons, but i keep an old hard drive handy with Tiny10 that I can shove into a laptop when needed (a rare occurrence).

Anyway, I noticed that somehow, Tiny10 actually ran considerably better than OpenBSD on this particular machine, despite also using a hard drive rather than an SSD.

My OpenBSD setup uses bspwm, and my RAM usage is normally quite low unless vimb is open.

Is there any way i could increase the performance of OpenBSD on my ThinkPad?

New Video Posted:

ABI stability in FreeBSD By ShengYi Hung

https://youtu.be/vzU6vKd1OFM

The FreeBSD project doesn't guarantee the ABI stability in major version. However, for the minor version, we also not fully guarantee. This cause maintaining a out-of-tree module (at least for Kernel module like VirtualBox) a big problem because module compiles from 14.0 may not able to use at 14.1. This also cause some problem when distributing modules with freshpkg in our base because our pkg system only support build for all major version.

A wiki page distribute the workflow of CTF diff and script:

https://wiki.freebsd.org/ShengYiHong/ABIStability?highlight=%28ABI%29

The outline of my slides will be as following:

What is ABI and why we needs to stablize ABI?

How to maintain ABI stability (a tool to check and ABI tag in binary)?

ABI information (CTF and dwarf) in elf and why we use CTF?

New tools CTFDiff: Why implement new CTFDiff and don't use the illumos one? (we port libctf and other command line tools like ctfdump to FreeBSD from illumos)

CTFDiff script: scripts download tarball from web (kernel tarball) so that we can compare abi between local compile one and web.

Short demo (maybe) for ctfdiff ?

Current status of CTFDiff (needs reviewers, licenses issue (CDDL))

Future works: regulize a stable function/obj ABI/API in kernel.

New @BSDCan video posted:

Controlled credentials transitions without privileges: mac_do(4), mdo(1) and setcred(2) by Olivier Certner

In this talk, we will present a project that aims at allowing controlled process credentials transitions without using setuid executables but instead leveraging FreeBSD's MAC framework.

Traditional credentials-changing programs, such as sudo(8), have a non-negligible attack surface as they often include a lot of infrequently used features and mechanisms that can be dangerous from a security standpoint (e.g., loadable modules). As these programs have to run as 'root', compromising them can have catastrophic consequences.

The mac_do(4) kernel module has been introduced to allow unprivileged processes to change credentials, provided the requested changes are explicitly allowed by rules set by an administrator. It has recently undergone major changes. First, thanks to a redesign of rules, it is now possible to specify full sets of user and group IDs that must be present or absent in the final credentials for a transition to be accepted. Second, each jail can be configured with a different set of rules, allowing different transitions to be allowed as needed, or to inherit from the parent jail.

We will describe how mac_do(4)'s credentials rules work, what the role of the mdo(1) companion program is, and what you can do with them in practice.

We will also touch on some aspects of the implementation, notably why we needed to introduce the new setcred(2) system call, which allows to change all process credentials in a single call, and possibly those that are related to the use of some FreeBSD's kernel sub-systems (notably, sysctl, jails and OSD).

While the current implementation is of production quality and immediately useful, there are lots of possible ways to extend it to cover more scenarios and to progress towards our ideal of having all credentials-changing programs work without the setuid bit. We will present them in the hope to get feedbacks.

A new project desktop-focused called Illumarine based on Illumos is coming, this is what the home page says:

Unix-like power, made simple
Illumarine brings the best of illumos, and other open-source Unix-like technologies to everyone.

The work looks at the early stage, I hope the best for the team.

https://illumarineos.com/ https://github.com/Illumarine

A History of the BSD Daemon by Marshall Kirk McKusick

This talk tells the history of the BSD Daemon. It starts with the first renditions in the 1970s of the daemons that help UNIX systems provide services to users. These early daemons were the inspiration for the well-known daemon created by John Lasseter in the early 1980s that became synonymous with BSD as they adorned the covers of the first three editions of `The Design and Implementation of the BSD Operating System' textbooks. The talk will also highlight many of the shirt designs that featured the BSD Daemon.

For more information about BSDCan , please visit: 
https://www.bsdcan.org/

For more information about the BSD Daemon, please visit:
https://www.mckusick.com/beastie/mainpage/copyright.html
https://www.freebsd.org/copyright/daemon/
https://en.wikipedia.org/wiki/BSD_Daemon

BSDCan 2025 Keynote: Hardware Support for Memory Hungry Applications by Margo Seltzer

For nearly 60 years, we lived in a CPU-centric universe. Today, we are on the brink of a transition -- GPUs are the new golden child and those children demand unprecedented amounts of DRAM to satisfy modern data-hungry applications. I'm going to talk about these hardware trends and what they mean for those of us who build systems.

Speaker bio: Margo Seltzer is Canada 150 Research Chair in Computer Systems and the Cheriton Family chair in Computer Science at the University of British Columbia. Her research interests are in systems, construed quite broadly: systems for capturing and accessing data provenance, file systems, databases, transaction processing systems, storage and analysis of graph-structured data, and systems for constructing optimal and interpretable machine learning models.

She is the author of several widely-used software packages including database and transaction libraries and the 4.4BSD log-structured file system. Dr. Seltzer was a co-founder and CTO of Sleepycat Software, the makers of Berkeley DB, the recipient of the 2021 ACM Software Sytems award and the 2020 ACM SIGMOD Systems Award. She is a past President of the USENIX Assocation and served as the USENIX representative to the Computing Research Association Board of Directors. In 2019 recipient of the USENIX Lifetime Achievement Award.

For more information, please visit:

 https://www.bsdcan.org/2025/

#bsdcan