FOSSLC is a non-profit organization that specializes in technology and know-how to record conferences with excellent quality. Click on the icons below to view great videos from communities we are actively involved with:

 

BSD

Articles related to the BSD family of licenses.

Everything you need to know about cryptography in 1 hour

in BSDCan, BSDCan2010, Networking, Programming, Security, BSD, Programming

Location

Ottawa, ON
Canada
45° 24' 41.6592" N, 75° 41' 53.4984" W

Cryptography is hard. It usually takes many years of study before it is possible to make any serious contribution to the field; and even expert cryptographers often have flaws discovered in their work.

However, merely using cryptography requires far less expertise. In this talk, I will cover everything most software developers will ever need to know about cryptography -- starting from the very beginning -- along with (time allowing) some of the reasons behind the recommendations I provide.

Specific topics covered will include symmetric vs. asymmetric encryption; symmetric vs. asymmetric signatures; block ciphers; block cipher modes; key lengths; message authentication codes; hash algorithms; password handling; padding for asymmetric encryption; padding for asymmetric signing; Diffie-Hellman groups; and side channel attacks. Specific attacks will be discussed only to the extent of mentioning that they exist and explaining how cryptography-using systems should be designed to thwart them.

Event: 
Summercamp2010
Speaker: 
Colin Percival

PC-SYSINSTALL

in BSDCan, BSDCan2010, Programming, PCBSD, BSD
PCBSD

Location

Ottawa, ON
Canada
45° 24' 41.6592" N, 75° 41' 53.4984" W

This talk will cover many of the ways in which the new system installation backend for PC-BSD 8.0 fixes many common issues, and adds a host of new features, such as choosing between PC-BSD or FreeBSD installations, support for ZFS, gmirror, geli and more. We will also discuss some of the design choices made for the new backend, along with details on usage when installing with some of the new features.

Since its very first beta many years ago, PC-BSD has been using a custom-built installer routine, which consisted of a graphical user interface, tied into some scripts which performed the actual installation process of the system. While the process worked reasonably well, it lacked many important features which would become desired and critical down the road. Features such as automated installation, an independent installer backend with interchangeable front-ends, support for advanced custom partitioning, and full error logging. In addition to these features, many times the idea had been brought up about enabling the new installer to also support traditional FreeBSD installations. This could be used as a way for users to bypass regular “sysinstall” and install using some new features such as ZFS, Encryption, and Mirroring.

Over the course of 2009 this new installer (pc-sysinstall) has been in development and is now in production in the latest version of PC-BSD, 8.0. This talk will cover some of the new features and direct usage of the backend, including support for advanced partitioning, choosing between installing FreeBSD or PC-BSD, ZFS root support, disk encryption and more.

Event: 
BSDCan2010
Speaker: 
Kris Moore

Security Implications of IPv6

in BSDCan, BSDCan2010, Networking, Programming, Security, BSD

Location

Ottawa, ON
Canada
45° 24' 41.6592" N, 75° 41' 53.4984" W

Fernando Gont will discuss some of the results of a Security Assessment of the Internet Protocol version 6 (IPv6) carried out on behalf of the UK CPNI (United Kingdom's Centre for the Protection of National Infrastructure). He will explain some of the security implications arising from the protocol specifications themselves, and from a number of implementation strategies followed by some of the most popular IPv6 implementations (including KAME). He will describe ongoing efforts to mitigate the aforementioned issues, and will explain the different system knobs that are available in the different BSD-flavours to control different aspects of the IPv6 stack.

The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years.

There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterpart, and thus it is more likely that the security implications of the protocols be overlooked when they are deployed. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness can be compared to that of the existing IPv4 implementations. Thirdly, there is much less implementation experience with the IPv6 protocols than with their IPv4 counterpart, and “best current practices” for their implementation are not available. Fourthly, security products such as firewalls and NIDS’s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts.

While a number of papers have been published on the security aspects of the IPv6 protocol suite, they usually provide general discussion on the security implications of IPv6, but do not delve into much detail regarding the security implications of each of the mechanisms, header fields, and options of all the involved protocols.

There is a clear need to raise awareness about the security aspects and implications of the IPv6 protocol suite, to improve the confidence of both IPv6 implementers and the personnel working on the deployment of IPv6 in production environments.

Event: 
BSDCan2010
Speaker: 
Fernando Gont

Porting hwpmc to non x86 platforms

in BSDCan, BSDCan2010, Programming, BSD

Location

Ottawa, ON
Canada
45° 24' 41.6592" N, 75° 41' 53.4984" W

Hardware Performance Monitoring Counters provide programmers and systems integrators with the ability to gather accurate, low level, information about the performance of their code, both at the user and kernel levels. Until recently these counters were only available on Intel and AMD chips but they have now been made available on alternate, embedded, architectures such as MIPS and XScale. This talk will cover porting support for the hwpmc(4) driver and associated libraries to non-x86 architectures as well as give details about how the counters provided on these new architectures differ from those available on the x86.

Hardware Performance Monitoring Counters provide programmers and systems integrators with the ability to gather accurate, low level, information about the performance of their code, both at the user and kernel levels. Until recently these counters were only available on Intel and AMD chips but they have now been made available on alternate, embedded, architectures such as MIPS and XScale. This talk will cover porting support for the hwpmc(4) driver and associated libraries to non-x86 architectures as well as give details about how the counters provided on these new architectures differ from those available on the x86.

A brief outline:

*) History

The history of support for performance monitoring counters will be described, from the early, limited sets on Pentium processors to the much more rich set of counters on modern hardware.

*) Motivation

Why these counters are important and how they are used in the real world to help to improve the performance of running software.

*) Driver and Library API and Architecture

A high level overview of how the driver and user level API interact giving details on where changes need to be made to port the driver to newer hardware and to make sure that it is up to date.

*) MIPS Counters

Specific examples from the new MIPS driver which is being developed for FreeBSD.

*) Conclusions and Questions

Event: 
BSDCan2010
Speaker: 
George Neville-Neil