Tuesday, June 30, 2015

BSDCan 2015 Trip Report: Zbigniew Bodek

Thanks to the FreeBSD Foundation and Semihalf I was able to attend FreeBSD DevSummit and BSDCan this year (2015).

After a relatively long flight I finally arrived to Ottawa airport. On the spot I started noticing familiar faces and BSD logos here and there (we had plenty of time to stare while waiting in a huge line to immigration). BTW. Don’t ever forget your FreeBSD T-shirt and/or cap when attending BSD conference. They make you glow in the dark for other BSD-geeks so if you don’t have any - buy one.

The Developer Summit started on Wednesday morning with an interesting presentation by Nathan Dautenhahn about the nested kernel - just right to set up the “technical conference” mood. My main goal that day was to attend to a working group related to clocks and power domains in FreeBSD and meet up with guys working on ARMv8 project. And so after months of remote cooperation I was able to talk face to face to Andrew Wafaa (from ARM Ltd.), Ed Maste (from The FreeBSD Foundation) and Andrew Turner (from ABT Systems). Most of us went to ‘Clock and Power Domains’ session where we met with (i.a.) Justin Hibbits and John Baldwin - engineers who really knew what they were talking about. During the discussion I got acquainted with the general demands of the contemporary industry for the energy efficient systems, the ideas that ARM Ltd. recently developed for ARM architecture to prevail in these areas and what could we do to make FreeBSD keep up with the upcoming standards. The brainstorm was quite fruitful and some initial plan and goals for future work were established.

During the dinner on the same day I had a chance to have some less official conversations related to Semihalf’s part of the ARM64 support and an opportunity to perform few test runs of the FreeBSD on Cavium’s Thunder-X that I was supposed to present the following day.

The ARMv8 working group was scheduled for the second day of the DevSummit. That day I met with Larry Wikelius from Cavium from whom I got some feedback of Semihalf’s work so far. He also brought two Thunder-X based boards (or should I say beasts) that served as main attraction and photo/selfie spots. The session was lead by Andrew Wafaa and was one of the most populated working groups this year. We discussed the whole spectrum of topics starting with the current ARMv8 port state through problems that we may encounter when scaling to multiple cores, we talked about packages building, QEMU and future work around the power management, virtualization and etc. Semihalf’s presentation of the FreeBSD on Thunder-X was scheduled for the second part of the working group. The Thunder-X server board was located in Semihalf’s lab in Krakow and I was able to connect to it remotely. Thanks to my colleagues in Poland the board was up and running and all the necessary loader and kernel binaries were in place. It is truly a rare view of so many cores, that they barely fit in top(1) window :).

The main conference was held on Friday and Saturday. The opening lecture was given by famous Steve Bourne, the author of sh (the number of attendees was way above the capacity of the auditorium). Of course there were also some presentations on embedded and hacking tracks that drew my attention. Undoubtedly FreeBSD on ARMv8 (presented by Andrew Turner) was high on my list. The interest in the topic was quite high and after Andrew’s lecture we had some more discussions at which I met (i.a.) Julien Grall from Citrix who works on Xen for ARM and is interested in FreeBSD Xen support for ARMv8.

The DevSummit and conference gave me the opportunity to share Semihalf’s work on ARMv8 with the BSD community, exchange experience and gather other people’s feedback.

Zbigniew Bodek
Software Engineer in Semihalf

BSDCan 2015 Trip Report: Vsevolod Stakhov

During the BSDCan 2015 conference, I have attended the FreeBSD developers summit. I was particularly interested in the track called "Designing Universal Configuration Files for FreeBSD". As I'm the author of the library that was discussed,  I did a talk about library internals and discussed some open questions with Jonathan Anderson, David Chisnall and Allan Jude. We have planned some proposal changes, the interaction with libnv and casper and the following integration of UCL into FreeBSD base system. We have also discussed the desired features and Jonathan suggested a reasonable approach to implement missing ones.

Moreover, during the conference I have finished the feature of flexible dependencies in `pkg'. We have discussed this feature among all pkg developers that were also on BSDCan (namely, bapt@, matthew@ and bdrewery@). I've proposed my view of the future packages dependencies that would resolve the vast majority of the current issues with dependencies and upgrades. I'm going to write a detailed report about this feature to the pkg@ mailing list (I was just too busy with other tasks after the conference).

Another question we've discussed was the problem of digital signatures for packages and distributions. We have concluded that moving from RSA to ed25519 algorithm would simplify pkg architecture by avoiding linking to openssl (which is quite complicated for all openssl versions supported).

Further, after Ted Uagnst presentation I have a conversation with him and John-Mark Gourney (jmg@) about digital signatures formats, compatibility with OpenBSD signify tool and packages signing questions including the ways of how to verify signatures of untrusted sources with potentially malleable signing algorithms.

Afterwards, I've talked with Colin Percival (cpersiva@) asking for his comments about streamlined signatures scheme proposed by D.J. Bernstein. He agreed that this scheme might work securely providing a more convenient users' tool for digital signatures verification and creation.

Among other topics, I have discussed cryptography and security with John-Mark Gourney. We have also talked about '/dev/random' and fortuna upcoming patch. We discussed numerous topics about FreeBSD packages and pkg tool in particular with Baptiste Daroussin, Bryan Drewery and Matthew Seaman.

I have also extracted a lot of valuable information from BSDCan topics, namely from 'CloudABI' given by Ed Schouten and 'Protecting FreeBSD with Secure Virtual Architecture' given by John Criswell.

I'd like to thank the FreeBSD Foundation for giving me the possibility to attend the BSDCan 2015!

Wednesday, June 24, 2015

BSDCan 2015 Trip Report: Ahmed Kamal

I come from Cairo, Egypt, and this was my very first BSD conference! Needless to say, it was a blast! It was said many times during the conference, and I believe it to be true, so here it is again. “I’m here because so many people smarter than me are here!”. My flight landed on the 11th, time since I left home was roughly 18 hours, it was a couple of long flights. I seriously should have been tired but the excitement was keeping me awake. I took a walk around the city for a couple of hours to freshen up. Li-Wen Hsu joined me for the walk. We had an interesting discussion about jenkins, documentation, ways to contribute to BSD. We also had an interesting discussion about CJK languages, and their special needs. Most of that was new to me, although arabic script is complex too, and can get quite wild!! Afterwards I went back to the campus, I joined a documentation session. It was a kickoff to how the freebsd handbook and similar documentation were written. I learnt some useful tricks which I know I will probably put to use soon contributing some documentation. At roughly 21:00 my eyes turned red, and body was calling on me to go to sleep. I decided to sleep early and be fresh on day-1 of the conference!

Day one began with excitement .. The plenary was just inspiring! I was made aware of multiple new projects where BSD is helping the world. The idea of building “OS Coursework” for university level studies was quite interesting to me. The opening keynote also included legendary Steven Bourne (of /bin/sh fame!) explaining how it all started. He even showed annotated unix source code printed on paper. His quotes included “Took 2 years to get shell quoting straight, and I'm not sure it's straight now” and about “shell shock” he mentioned he didn’t write that code :) The next session for me was “Embedded FreeBSD Development and Package Building via QEMU”. This is an interesting topic about cross compiling packages for embedded devices using the power of Qemu. Qemu began as a JIT translation engine, later the PC hardware was added and now it can be used to build packages for say ARM platforms. The speaker mentioned the flow should hopefully soon work on Apple hardware.

The next big talk to me, was “A reimplementation of NetBSD using a MicroKernel” by Andrew Tanenbaum. It was quite exciting to watch prof Andrew describe his work on micro-kernels and how he’s rebuilding netbsd-3 through the microkernel approach. The basic idea is to separate IO devices, so that for example a random driver (like an audio driver), is no longer running with unlimited powers on your machine. Such a driver can no longer write to disk as it should(n’t). Also the idea is to Isolate communication, restrict kernel calls on a per kernel component basis. This protection can be enforced by the MMU. Various user-mode servers provide the needed services to applications. This includes VFS, Process manager, Memory manager, .. etc. The Reincarnation server is the parent of all drivers and servers. When a driver or server dies, RS collects it. Checks the kernel config table and restarts it. For improving IPC reliability in the new kernel, fixed length messages are used everywhere to avoid potential buffer overflows. In contrast to modern OSs, “drivers” are basically untrusted code! heavily isolated. Cannot touch kernel data structures. Andy mentioned how Infinite loops are detected, and how the driver is appropriately restarted if hung. Andy later described a fault injection experiment where his team injected 800,000 faults on binary drivers, the sequence was 100 faults injected, wait 1s and the drivers crashed 18,000 times, but never crashed the OS. Kernel reliability “proven” to me! In order to port Minix3 to ARM platform, various things needed to be done like (added uBoot support, rewrote context switching, removed x86 segmentation code, imported netbsd arm headers, ported build.sh for cross toolchain, wrote drivers for sdcard!). Things to do include adding crucial missing system calls, port more pkgs (java, browsers...), get it running on raspi, port rump! Minix-3 is a microkernel reimplementation of netbsd, which was primarily motivated by providing that microkernels can be practical OSs that have lots of applications on top. It has proven that drivers belong in user-mode. Future features Andy’s team is working on include live kernel patching which he described how it should work. Upgrade os and change data structures in a live way, without restarting the running processes! This was one hell of a talk, it was very dense and packed with information

The next talk was “Measure Twice, Code Once. Network Performance Analysis for FreeBSD” by George Neville-Neil. George discussed performance of the network under FreeBSD. This is critical for supporting modern 10G ethernet networks. He introduced the conductor python framework he wrote to perform the testing. He joked about how others always say “Yeah, we have something similar that we’re not yet ready to release”. George showed performance graphs from various systems such as pfsense, freebsd, openbsd pf and Linux’s iptables. Various interesting and yet unanswered questions were revealed such as “Why is pfsense much faster” than FreeBSD on which it is based! What kind of patches went into pfsense to get that effect. Also it was found that iptables offers much better scalability for multi-core performance. Obviously iptables has been tuned for SMP performance, but this necessitates the question of why it is much more scalable. And how the BSDs can improve their packet filters. George mentioned that this is only the beginning. Those questions need a lot of work to be answered.

My next session was “Molecular Evolution, Genomic Analysis and FreeBSD” by Joseph Mingrone. The session was in the sysadmin track, something I can easily relate to. Joseph runs a freebsd based cluster for molecular evolution analysis at his university. Joseph began by giving an introduction to genomics, something way outside my comfort zone. It’s always fun to me whenever I discover new worlds like that :) He moved on to explain the IT infrastructure powering his clusters and how they moved from Solaris to FreeBSD 7.x and now at FreeBSD 10.1. He explained how he had a hard time just installing FreeBSD where sometimes the machines would just “eat” the CDs (yes they’re still in there many years later :) He currently uses Poudriere, enjoys ZFS on the storage server and NFS mounts that on the compute nodes.

The next session was “FreeBSD on ARMv8” by Andrew Turner. It was great see’ing the kind of effort that goes into supporting ARMv8. Everything we sort of take for granted like pagetables, MMU, enabling virtual addressing, calling into C code ...etc was being made to work step by step. Later-on pmap support was added, then it was possible to use a 4MB in kernel filesystem. Afterwards on it was possible to expand this storage area. Now it was time to play with the dynamic linker. After that, it was time to add ThunderX support (bus dma, ITS, …) Future work includes (ACPI, hw-pmc, dtrace, gem5). This was an advanced but certainly fun and educational session.

Day-2 now begins with a very interesting session “CloudABI: Cloud computing meets fine-grained capabilities” by Ed Schouten. The overall goal is to improve Unix security and portability. For example, a web server should only read files and write to network, but in reality it can do a lot more! (run a bitcoin miner, install cronjobs that call binaries in /tmp..etc) .. Problem #2, running a 3rd party application, whether running them directly or thru jails/docker is not really safe, a VM might be acceptable though! Problem 3 is that UNIX programs are hard to reuse and test as a whole. The idea is to extract sockets and file systems from being embedded inside the program to being passed as an argument. This allows better flexibility and testability! Then he discussed capsicum, how an app can call the kernel and tell it to “lock me up”! I no longer need to access new resources. Capsicum is awesome, works well .. however it doesn’t scale! There is no guidance when something doesn’t work. With CloudABI a cloud provider can simply promise to run customers’ applications, pass those applications specific file descriptors and leave the app to do what it wants without touching any other part of the app! Cloudlibc is a C library built on top of the low level API Goal is 90% POSIX compliant! You get compiler errors when using unsupported functions.

After that is a session I was waiting for, “New OpenZFS features supporting remote replication” by Matt Ahrens. I have a soft spot for ZFS :) Matt started by giving an introduction to zfs send and receive and why it rocks! Only parts of the ZFS trees modified “after” the time we are sending from, need to be read! The more interesting part Matt discussed is what are the unique features to OpenZFS. This includes send stream size estimation and monitor its progress! Big receive improvements like receiving file with holes in them. Another cool thing added is bookmarks. This allows free’ing data on the sending side by deleting the relevant snapshot, and really only keep a bookmark to it. Now the really cool part is the new stuff. Resumable send and receive, hell yes! Another cool new feature, is a new checksum has been added per every record. As opposed to the old state of sending one checksum at the end of the stream. If a bad checksum is hit, ZFS receive aborts, and naturally you can resume it later! One last new feature, is receive performance improvements. In a benchmark, Matt said it improved performance by 6x which is great!

The next was “Multipath TCP for FreeBSD” by Nigel Williams. This one got me really excited! Part of that is that I knew very little previously about mptcp before. This got me too excited that I kept googling for more mptcp info all day and after the conference. Nigel explained mptcp design, and how it was done the way it is to work with the how the Internet is, as it is today. That is to work with  current middleboxes and NAT functions. MPTCP handshake piggybacks on top of the 3 way regular handshake. The two sides negotiate mptcp then the server informs client of other addresses it is reachable over and new sub connections are started. To me this is sort of the holy grail of WAN networking. A single TCP connection spanning multiple links for performance and redundancy, wow! I guess we’ll all just need to wait some more till the kernel implementations are more mature.

Next was “Packaging FreeBSD base system” by Baptiste Daroussin. He discussed packaging the base through pkgng and the challenges faced. I’m not really much of a packaging person, so it was good to hear many details that need to be take into account. Next up was “An Introduction to the Implementation of ZFS” by Kirk McKusick. If someone could make you appreciate the complexity of ZFS and operating system concepts it’s McKusick! He contrasted various filesystem features as they existed in UFS, and how ZFS is different. There was sort of a fire incident in the middle of the talk, we had to go to the street and then be back to continue. However overall it was an enjoyable session. The closing talk by “Dan Langille” was so much fun. The stats, the growth in the community, and even the goodbye auction were all something I won’t forget. Thanks to everyone who helped make BSDCan 2015 as fun, informative and enjoyable as it was to me.

Ahmed Kamal

BSDCan 2015 Trip Report: Steven Douglas

With the Foundation's help, I was able to meet and network with new people. Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people. I made many new contacts, most notably Peter Toth. Peter is working on iocage, which is a modern jail management utility with some very impressive features. In speaking with Peter, I met Sean Chittenden from Groupon. Sean is looking to perhaps implement iocage in conjunction with a new orchestration software that he is testing. Other than the social aspect, I also got some much needed help with my GSOC project.

At the conference, there were opportunities to learn every hour of every day. An expert in a field is never more than arm's reach away. It is very helpful to have questions that can be answered by the people who wrote the code. All of the talks I went to were absolutely fantastic, and I can't wait to watch the ones I missed when they are posted. My favorite talks were Steven Bourne's talk about his past, Matt Ahren's talk about code flow between our community and OpenZFS, and Multipath TCP by Nigel Williams. The speaker's all did fantastic jobs, and I hope that I am able to speak in the future.

This was my first BSDCan, and first BSD conference. I enjoyed every minute of it, and it happened so quickly. I hope to be back to BSDCan next year, and hope to make it VBSDCon and EuroBSDCon. Thank you to the Foundation for the financial assistance to help get me there!

Steven Douglas