Wednesday, June 24, 2015
I come from Cairo, Egypt, and this was my very first BSD conference! Needless to say, it was a blast! It was said many times during the conference, and I believe it to be true, so here it is again. “I’m here because so many people smarter than me are here!”. My flight landed on the 11th, time since I left home was roughly 18 hours, it was a couple of long flights. I seriously should have been tired but the excitement was keeping me awake. I took a walk around the city for a couple of hours to freshen up. Li-Wen Hsu joined me for the walk. We had an interesting discussion about jenkins, documentation, ways to contribute to BSD. We also had an interesting discussion about CJK languages, and their special needs. Most of that was new to me, although arabic script is complex too, and can get quite wild!! Afterwards I went back to the campus, I joined a documentation session. It was a kickoff to how the freebsd handbook and similar documentation were written. I learnt some useful tricks which I know I will probably put to use soon contributing some documentation. At roughly 21:00 my eyes turned red, and body was calling on me to go to sleep. I decided to sleep early and be fresh on day-1 of the conference!
Day one began with excitement .. The plenary was just inspiring! I was made aware of multiple new projects where BSD is helping the world. The idea of building “OS Coursework” for university level studies was quite interesting to me. The opening keynote also included legendary Steven Bourne (of /bin/sh fame!) explaining how it all started. He even showed annotated unix source code printed on paper. His quotes included “Took 2 years to get shell quoting straight, and I'm not sure it's straight now” and about “shell shock” he mentioned he didn’t write that code :) The next session for me was “Embedded FreeBSD Development and Package Building via QEMU”. This is an interesting topic about cross compiling packages for embedded devices using the power of Qemu. Qemu began as a JIT translation engine, later the PC hardware was added and now it can be used to build packages for say ARM platforms. The speaker mentioned the flow should hopefully soon work on Apple hardware.
The next big talk to me, was “A reimplementation of NetBSD using a MicroKernel” by Andrew Tanenbaum. It was quite exciting to watch prof Andrew describe his work on micro-kernels and how he’s rebuilding netbsd-3 through the microkernel approach. The basic idea is to separate IO devices, so that for example a random driver (like an audio driver), is no longer running with unlimited powers on your machine. Such a driver can no longer write to disk as it should(n’t). Also the idea is to Isolate communication, restrict kernel calls on a per kernel component basis. This protection can be enforced by the MMU. Various user-mode servers provide the needed services to applications. This includes VFS, Process manager, Memory manager, .. etc. The Reincarnation server is the parent of all drivers and servers. When a driver or server dies, RS collects it. Checks the kernel config table and restarts it. For improving IPC reliability in the new kernel, fixed length messages are used everywhere to avoid potential buffer overflows. In contrast to modern OSs, “drivers” are basically untrusted code! heavily isolated. Cannot touch kernel data structures. Andy mentioned how Infinite loops are detected, and how the driver is appropriately restarted if hung. Andy later described a fault injection experiment where his team injected 800,000 faults on binary drivers, the sequence was 100 faults injected, wait 1s and the drivers crashed 18,000 times, but never crashed the OS. Kernel reliability “proven” to me! In order to port Minix3 to ARM platform, various things needed to be done like (added uBoot support, rewrote context switching, removed x86 segmentation code, imported netbsd arm headers, ported build.sh for cross toolchain, wrote drivers for sdcard!). Things to do include adding crucial missing system calls, port more pkgs (java, browsers...), get it running on raspi, port rump! Minix-3 is a microkernel reimplementation of netbsd, which was primarily motivated by providing that microkernels can be practical OSs that have lots of applications on top. It has proven that drivers belong in user-mode. Future features Andy’s team is working on include live kernel patching which he described how it should work. Upgrade os and change data structures in a live way, without restarting the running processes! This was one hell of a talk, it was very dense and packed with information
The next talk was “Measure Twice, Code Once. Network Performance Analysis for FreeBSD” by George Neville-Neil. George discussed performance of the network under FreeBSD. This is critical for supporting modern 10G ethernet networks. He introduced the conductor python framework he wrote to perform the testing. He joked about how others always say “Yeah, we have something similar that we’re not yet ready to release”. George showed performance graphs from various systems such as pfsense, freebsd, openbsd pf and Linux’s iptables. Various interesting and yet unanswered questions were revealed such as “Why is pfsense much faster” than FreeBSD on which it is based! What kind of patches went into pfsense to get that effect. Also it was found that iptables offers much better scalability for multi-core performance. Obviously iptables has been tuned for SMP performance, but this necessitates the question of why it is much more scalable. And how the BSDs can improve their packet filters. George mentioned that this is only the beginning. Those questions need a lot of work to be answered.
My next session was “Molecular Evolution, Genomic Analysis and FreeBSD” by Joseph Mingrone. The session was in the sysadmin track, something I can easily relate to. Joseph runs a freebsd based cluster for molecular evolution analysis at his university. Joseph began by giving an introduction to genomics, something way outside my comfort zone. It’s always fun to me whenever I discover new worlds like that :) He moved on to explain the IT infrastructure powering his clusters and how they moved from Solaris to FreeBSD 7.x and now at FreeBSD 10.1. He explained how he had a hard time just installing FreeBSD where sometimes the machines would just “eat” the CDs (yes they’re still in there many years later :) He currently uses Poudriere, enjoys ZFS on the storage server and NFS mounts that on the compute nodes.
The next session was “FreeBSD on ARMv8” by Andrew Turner. It was great see’ing the kind of effort that goes into supporting ARMv8. Everything we sort of take for granted like pagetables, MMU, enabling virtual addressing, calling into C code ...etc was being made to work step by step. Later-on pmap support was added, then it was possible to use a 4MB in kernel filesystem. Afterwards on it was possible to expand this storage area. Now it was time to play with the dynamic linker. After that, it was time to add ThunderX support (bus dma, ITS, …) Future work includes (ACPI, hw-pmc, dtrace, gem5). This was an advanced but certainly fun and educational session.
Day-2 now begins with a very interesting session “CloudABI: Cloud computing meets fine-grained capabilities” by Ed Schouten. The overall goal is to improve Unix security and portability. For example, a web server should only read files and write to network, but in reality it can do a lot more! (run a bitcoin miner, install cronjobs that call binaries in /tmp..etc) .. Problem #2, running a 3rd party application, whether running them directly or thru jails/docker is not really safe, a VM might be acceptable though! Problem 3 is that UNIX programs are hard to reuse and test as a whole. The idea is to extract sockets and file systems from being embedded inside the program to being passed as an argument. This allows better flexibility and testability! Then he discussed capsicum, how an app can call the kernel and tell it to “lock me up”! I no longer need to access new resources. Capsicum is awesome, works well .. however it doesn’t scale! There is no guidance when something doesn’t work. With CloudABI a cloud provider can simply promise to run customers’ applications, pass those applications specific file descriptors and leave the app to do what it wants without touching any other part of the app! Cloudlibc is a C library built on top of the low level API Goal is 90% POSIX compliant! You get compiler errors when using unsupported functions.
After that is a session I was waiting for, “New OpenZFS features supporting remote replication” by Matt Ahrens. I have a soft spot for ZFS :) Matt started by giving an introduction to zfs send and receive and why it rocks! Only parts of the ZFS trees modified “after” the time we are sending from, need to be read! The more interesting part Matt discussed is what are the unique features to OpenZFS. This includes send stream size estimation and monitor its progress! Big receive improvements like receiving file with holes in them. Another cool thing added is bookmarks. This allows free’ing data on the sending side by deleting the relevant snapshot, and really only keep a bookmark to it. Now the really cool part is the new stuff. Resumable send and receive, hell yes! Another cool new feature, is a new checksum has been added per every record. As opposed to the old state of sending one checksum at the end of the stream. If a bad checksum is hit, ZFS receive aborts, and naturally you can resume it later! One last new feature, is receive performance improvements. In a benchmark, Matt said it improved performance by 6x which is great!
The next was “Multipath TCP for FreeBSD” by Nigel Williams. This one got me really excited! Part of that is that I knew very little previously about mptcp before. This got me too excited that I kept googling for more mptcp info all day and after the conference. Nigel explained mptcp design, and how it was done the way it is to work with the how the Internet is, as it is today. That is to work with current middleboxes and NAT functions. MPTCP handshake piggybacks on top of the 3 way regular handshake. The two sides negotiate mptcp then the server informs client of other addresses it is reachable over and new sub connections are started. To me this is sort of the holy grail of WAN networking. A single TCP connection spanning multiple links for performance and redundancy, wow! I guess we’ll all just need to wait some more till the kernel implementations are more mature.
Next was “Packaging FreeBSD base system” by Baptiste Daroussin. He discussed packaging the base through pkgng and the challenges faced. I’m not really much of a packaging person, so it was good to hear many details that need to be take into account. Next up was “An Introduction to the Implementation of ZFS” by Kirk McKusick. If someone could make you appreciate the complexity of ZFS and operating system concepts it’s McKusick! He contrasted various filesystem features as they existed in UFS, and how ZFS is different. There was sort of a fire incident in the middle of the talk, we had to go to the street and then be back to continue. However overall it was an enjoyable session. The closing talk by “Dan Langille” was so much fun. The stats, the growth in the community, and even the goodbye auction were all something I won’t forget. Thanks to everyone who helped make BSDCan 2015 as fun, informative and enjoyable as it was to me.
Posted by Anne Dickison at 11:09 AM