ABSTRACT. I will present a historical review of software side channel attacks, from Paul Kocher’s 1996 timing attacks against asymmetric cryptography to the latest microarchitectural vulnerabilities. While there have been too many attacks discovered to spend time describing every one, I will highlight attacks which were particularly novel or influential, explaining both the history of how attacks build on earlier work and some of the reasons behind the decisions which led to these attacks being possible.
No knowledge of cryptography will be assumed, but the audience may benefit from a basic understanding of CPU architecture (instructions, pipelining, caches, etc).
ABSTRACT. Explain ZFS Caching like I am 5 years old.
An in-depth look at how caching works in ZFS, specifically the Adaptive Replacement Cache (ARC) algorithm. Assumes no prior knowledge of ZFS or operating system internals.
ZFS does not use the standard buffer cache provided by the operating system, but instead uses the more advanced "Adaptive Replacement Cache" (ARC).
- What is a cache
- How most caches work (LRU)
- Pros
- Cons
- What makes the ARC different?
- Recently Used
- Frequently Used
- Ghost Lists
- What makes the ARC Adaptive?
- Access Patterns (How the ARC adjusts over time)
- Compressed ARC
- Advantages over compressed memory or swapcache
- Tuning for...
- File Server
- iSCSI Target
- Database
- Hypervisor
By the numbers: ZFS Performance Results from Six Operating Systems and Their Derivatives
ABSTRACT. The OpenZFS file system provides an unprecedented opportunity in automated testing: A powerful, common storage system available on Illumos, FreeBSD, GNU/Linux, macOS, NetBSD, Microsoft Windows, and their derivatives. This talk will explore the challenges of establishing a POSIX environment across these diverse platforms, and a meaningful and consistent test suite within the confines of that environment. Lessons learned using ten identical hardware machines will include the bootstrapping of a new platform like OpenZFS on Windows, extended performance results of FreeBSD vs. FreeBSD/ZoL, and the need for portable tools across diverse operating systems.
FreeBSD at Work: Building Network and Storage Infrastructure with pfSense and FreeNAS
ABSTRACT. pfSense is the world’s most trusted open source firewalling and routing platform, providing essential features to supply your infrastructure with commercial-grade security and connectivity. Leveraging OpenBSD’s stateful packet filter “pf” (since ported to several other OS’s, including FreeBSD), pf includes the capabilities of Network Address Translation, various traffic shaping methods, and even the ability to differentiate different operating systems. pfSense maintains high flexibility as a platform providing more than just a firewall. It includes the ability to setup captive portals, three methods for VPN connectivity, high-availability and the ability to monitor all these systems in action with a great monitoring and reporting suite right from the web interface. Come learn about this fine platform that has even powered LFNW's WiFi!
FreeNAS is the world’s most popular open source storage operating system. Combining the stability of FreeBSD with the renowned integrity and performance of the OpenZFS filesystem and volume manager, it can offer great functionality and ease of management from its angular-based web UI. Sporting a plethora of different protocols to share data including iSCSI, NFS, and SMB. FreeNAS can even add more functionality using a Plugin system that leverages FreeBSD jails to safely compartmentalize services. It even supports full blown virtual machines with the bhyve hypervisor. You'll be able to run your services in these jails and VM's just like a normal FreeBSD install so you can see for yourself how FreeNAS can be the first step into the BSD ecosystem. We’ll talk about how you can put all these to work sharing data effectively to your users.
ABSTRACT. Everyone thinks the best way to help with OpenBSD ports, is to find
something you use that hasn't been ported and create a port of it. This
talk will discuss this and other misconceptions, how best to actually
help OpenBSD porters with their work, and tips for how to get one's work
noticed on the OpenBSD ports lists. The talk will contain examples of
good submissions and counterexamples likely to get ignored (these will
be made up, I will not be singling out people).
This talk comes from my experience of working in OpenBSD ports for 8
months now. My own conceptions of how to be an OpenBSD porter were the
common conceptions, but I came to realize that I was largely looking at
porting work the wrong way.
Road Warrior Disaster Recovery: Secure, Synchronized, and Backed-up
ABSTRACT. Abstract
Whether at the office or at home, we spend a lot of time ensuring our systems are secure and backed-up, ready to recover in case of disaster. When it comes to our workstations, which are often laptops, we've often done little more than enable full-disk encryption and perhaps the odd occasional rsync for backups.
Full-disk encryption is usually adequate protection against data loss due to opportunistic theft or casual loss. 10 years ago that might have been enough. But the times have changed.
Today our laptops carry more than just our working files. They often include the entire corporate code repository, passwords and authentication keys, as well as personal files and data. Are our portable computers hardened against directed attack? Are we prepared for border-patrol agents or other state officials demanding passwords or unfettered access to our computing systems ... or online accounts?
We're also more mobile. We expect to work when we want and where. How many of us can honestly say we could recover all -- or enough -- of our computing environment from bare metal in a day, half-day, or hour to be productive ... halfway across the globe?
In this talk we'll look at the risks to the vast amounts of data we so casually carry around. We'll review strategies and techniques to reduce or mitigate those risks, as well as prepare our systems for easier recovery, at rest or on the go.