Technology Events

vBSDcon 2015: September 11-13

Thanks for joining us and to all of our sponsors for #vBSDcon 2015! We hope it was an informative and engaging event. Videos of plenary sessions are posted by topic. Watch and share! We look forward to seeing you in 2017.

Abstracts for the 2015 Conference:

To view recorded vBSDcon presentations, click the video link below the topic.

Supporting a BSD Project

presented by the FreeBSD Foundation

Ed Maste and George Neville-Neil will give a joint presentation on the Foundation and how it supports the Project, and the FreeBSD Journal and how it advocates for FreeBSD and how people can contribute to the magazine.

FreeBSD Virtualization Options

presented by Michael Dexter

FreeBSD invented the modern Unix container with jail(8) in the year 2000 and today supports Docker, Hyper-V, Xen Dom0 and DomU and now includes bhyve, the native FreeBSD Hypervisor. Michael wrote his first jail(8) management system in 2005 and has since operated NetBSD/Xen in production and was the first community user of bhyve, the FreeBSD hypervisor introduced with FreeBSD 10.0. bhyve is a modern, emulation-free hypervisor that relies on the Extended Page Table feature found in modern Intel and AMD CPUs. bhyve provides bare-metal performance for Unix virtual machines and an in some cases will in fact provide better than bare-metal performance. This talk will orient you with all of these technologies.

Made to Measure: Network Performance Analysis in FreeBSD

presented by George Nevill-Neil & Jim Thompson

The networking sub-systems of any operating system have grown in complexity as the set of protocols and features supported has grown since the birth of the Internet. Firewalls, Virtual Private Networking, and IPv6 are just a few of the features present in the FreeBSD kernel that were not even envisioned when the original BSD releases were developed at U.C. Berkeley over 30 years ago. Advances in networking hardware, with 10Gbps NIC Cards being available for only a few hundred dollars, have far outstripped the speeds for which the kernel's network software was originally written. As with the increasing speed of processors over the last 30 years, systems developers and integrators have always depended on the next generation of hardware to solve the current generation's performance bottlenecks, often without resorting to any coherent form of measurement. Our paper shows developers and systems integrators at all proficiency levels how to benchmark networking systems, with specific examples drawn from our experiences with the FreeBSD kernel. Common pitfalls are called out and addresses and a set of representative tests are given. A secondary outcome of this work is a simple system for network test coordination, Conductor, which is also described. The Conductor system, as well as all the tests and results are published, in parallel, in two open source projects…Conductor ( and netperf (

What is EdgeBSD?

presented by Pierre Pronchery

This talk will focus on the challenges of offering EdgeBSD, a binary BSD distribution based on NetBSD. This talk will also describe the necessary security requirements and work necessary to build EdgeBSD.

blacklist'd: A NetBSD Project

presented by Christos Zoulas

Every host today that is connected to the internet and runs network daemons is constantly under attack by fleets of zombie bots or determined attackers trying to brute force their way in. Blacklist is a daemon and a library interface that provides a way for the network daemons to communicate with the host's packet filter and block those attacks.

getdns, A New Stub Resolver

presented by Willem Toorop

getdns is a modern asynchronous DNS API. It implements DNS entry points from a design developed and vetted by application developers, in an API specification originally edited by Paul Hoffman. The open source C implementation of getdns is developed and maintained in collaboration by NLnet Labs, Verisign Labs, Sinodun and No Mountain Software. The presentation will demonstrate how the library gives fine grained access to DNS and DNSSEC, how this is an enabler for securely bootstrapping encrypted channels, and how this is especially applicable for system software. The library's stub resolution will be compared with the standard system stub, highlighting the improved control over underlying transport mechanisms. getdns library does its utmost best to get out of the way of applications by not imposing a modus operandi, but hooking into the applications way of handling I/O and memory management. This is illustrated by showing how getdns can hook into existing asynchronous event bases.

Interesting things you didn't know you could do with ZFS

presented by Allan Jude

ZFS is well known for being a rock solid storage system with a plethora of features. Yet, most users are unaware of just how powerful ZFS is. ZFS is so fundamentally different from other file systems that new and interesting things are possible. This presentation will demonstrate a number of very interesting configurations that sysadmins, developers, and others may find very useful. Topics will include interesting subcommands, delegation hacks, mount point trickery, and jail shenanigans.

HardenedBSD Internals

presented by Shawn Webb

HardenedBSD, which is based on FreeBSD, officially launched in August 2014. The HardenedBSD developers have been working hard to write expert security and exploit mitigation features. This presentation dives into each feature, showing how each is designed and written. We will dive into ASLR; mprotect restrictions; [lin]procfs restrictions; a new feature we call Integriforce, which is inspired by NetBSD's Veriexec; and other exploit mitigation features.

Improving MemGuard Support for UMA on FreeBSD

presented by Chang-Hsien Tsai

MemGuard can detect use-after-free kernel memory bugs on FreeBSD. It was originally designed to protect the memory allocated by malloc(9). Later, the support for UMA was added. However, some UMA zones are not compatible with MemGuard. For example, some UMA zone use the conflict field in the vm_page structure. Some zones have init and fini functions that need to be called. This results in panic when MemGuard tries to guard these zones. This work identifies and fixes these issues., the Free OpenBSD Shell Provider and Online *BSD User Group: Technical and Social Lessons Learned from Half a Decade of Service

presented by Bryce Chidester & Brian Callahan

In early 2010, a small team of OpenBSD aficionados came together to found, a free OpenBSD shell provider. Over time, administrators have come and gone but Devio.ushas remained in continuous operation and has remained true to its original goal: to create a technical community of friends and colleagues around OpenBSD. This community is often the entry point for new *BSD users into OpenBSD and has produced several OpenBSD developers. Commitment to community has recently been celebrated through a rebranding of the service as “the free OpenBSD shell provider and online *BSD User Group.”

This talk, by two of the current administrators, covers the technical and social aspects of the service. Discussion will focus on what it takes, from a technical perspective, to run a shell provider—from mail servers to custom daemons for policy enforcement. In highlighting the challenges of running a machine with over 5000 user accounts, we will demonstrate the importance of the interplay between the technical and the social. Finally, we will point to the unique social dynamics that have made an OpenBSD and, more broadly, a *BSD success story, with the goal of aiding others thinking of starting shell providers and other *BSD-based services of their own.

Speakers for the 2015 Conference:

Brian Callahan

Brian Callahan is a Ph.D. student in the Science and Technology Studies department at Rensselaer Polytechnic Institute. His research interests include community development in the Free Software movement with a specific interest in the *BSD community and its user groups. Brian is an OpenBSD developer and admin of the New York City *BSD User Group and Capital District *BSD User Group. He joined as a user in 2011 and has been an administrator since 2013, focusing on the social aspects of the service and using his OpenBSD porting skills to keep software up to date.

Bryce Chidester

Bryce Chidester is Director of Systems Engineering at Calyptix Security where he oversees an extensive OpenBSD infrastructure in addition to contributing to the underlying OpenBSD stack used in the AccessEnforcer line of UTM devices. He joined in 2010 as a user, and in 2011 was invited to become an administrator. Since then, Bryce has become the primary administrator behind, overseeing upgrades, policing users, and generally keeping it all running. is a labor of love.

Michael Dexter

Michael has used BSD Unix systems since January of 1991 and provides BSD and ZFS support at Gainframe. He has supported BSD Unix with download mirrors, events and organizations for over a decade and in his spare time edits Call For Testing, a BSD technical journal. Michael lives with his wife, daughter and son in Portland, Oregon.

Allan Jude

Allan Jude is VP of operations at ScaleEngine Inc., a global Video Streaming CDN, where he makes extensive use of ZFS on FreeBSD. Co-Author of "FreeBSD Mastery: ZFS" and the forthcoming "FreeBSD Mastery: Advanced ZFS" with Michael W Lucas. He is also the host of the weekly video podcasts BSD Now (with Kris Moore) and TechSNAP on Allan is a FreeBSD doc committer, focused on improving the documenting ZFS and implementing libucl and libxo throughout the base system.

George Neville-Neil

George V. Neville-Neil, works on networking and operating system code for fun and profit. He also teaches courses on various subjects related to programming. His areas of interest are code spelunking, operating systems, networking and time protocols. He is the co-author with Marshall Kirk McKusick and Robert N. M. Watson of “The Design and Implementation of the FreeBSD Operating System”. For over ten years he has been the columnist better known as Kode Vicious. He earned his bachelor’s degree in computer science at Northeastern University in Boston, Massachusetts, and is a member of ACM, the Usenix Association, and IEEE. He is an avid bicyclist and traveler who currently lives in New York City.

Pierre Pronchery

Pierre Pronchery (khorben@) joined the NetBSD Foundation in May 2012, where he focuses on desktop and mobile integration. Freelancing as an IT-Security consultant, he can also be found promoting Open Source hardware or researching on Clean-Slate Internet and the Internet of Things. The outcome of this work is eventually gathered within the DeforaOS project, an experimental Operating System project. More recently, he has also founded the EdgeBSD Project, as an alternative way to work with and contribute to the NetBSD Project.

Jim Thompson

Jim Thompson has been noodling around the UNIX world for far too long a time. He knows he started with BSD Unix Release 4.0c on a Vax 11/780 in 1980. He still thinks "echo 'This is not a pipe." | cat - > /dev/tty' is funny. He submitted his first patch to a Free Software project in 1987 for a port of GNU Emacs to a Convex vector supercomputer. Patches for gcc, gas and gdb followed.

Netgate was originally the name for a statefull packet filtering firewall he wrote in 1992. The manual is on-line, should you be curious:

Jim refuses to divulge his qualifications and may, in fact, have none at all. He lives in a fortified compound near Austin with his wife Jamie and son, Hunter Speed.

Willem Toorop

Willem is a developer at NLnet Labs, a not-for-profit foundation dedicated to the development of open-source implementations of open standards. At NLnet Labs Willem is the lead developer of the C DNS utility library: ldns. Willem has implemented leading edge DNS functionality for ldns based on new open standards such as DNSSEC and DANE. Initially our getdns API implementation used ldns for processing elements of the DNS, but more and more is handled independently from ldns now; ldns is now even borrowing from the getdns code-base! Another of NLnet Labs C-libraries, libunbound, is used for recursive resolving by getdns. Besides working on ldns and getdns, Willem also maintains and develops on the perl Net::DNS and Net::DNS::SEC modules and actively researches peculiarities that hamper DNSSEC deployment such as Path MTU black-holes and dysfunctional Customer-premises equipment.

Chang-Hsien Tsai

Chang-Hsien Tsai received a masters of computer science from Nation Chiao Tung University, Taiwan. He has been a FreeBSD developer since 2012. At work, he develops new features and improves ZFS performance. His spare time is used to submit patches to the FreeBSD project, particularly in the areas of Dtrace and security.

Shawn Webb

Shawn Webb is the cofounder of the HardenedBSD project. He fell in love with FreeBSD as a teenager when he was introduced to it by some hackers on an IRC network. He has worked in the InfoSec industry for the past 8 years.

Christos Zoulas

Christos' first experience with Unix was in 1983 while studying at Cornell. Since he graduated with a PhD in Electrical Engineering, he's been tinkering with Unix, specially NetBSD. He currently maintains a few unix programs (file, tcsh, libedit, rdist6) and he contributes to many others. He is a board member of the NetBSD Foundation and a recipient of the Usenix Lifetime Achievement Award for contributions to the Unix operating system. His day job is in Finance.

2015 vBSDcon Sponsors

We’d like to thank all of our sponsors for 2015! The community appreciates your support and hope to see you again in 2017.

Platinum Level

Developer’s Summit

Gold Level

Mid-Conference Social

Tote Bag

Silver Level

Silver Level

Silver Level

Breakfast Sponsor

Bronze Level

Bronze Level


  • 9:00AM - 5:00PM: FreeBSD Developer's Summit
  • 1:00PM - 5:00PM: Beta Test -BSDP Exam by BSD
  • 6:00PM - 8:00PM: Welcome reception – Open to all attendees
  • 8:00PM - TBD Hacker Lounge
  • 8:00PM - TBD Doc sprint


  • 8:30AM - 9:00AM: Registration/Breakfast
  • 9:00AM - 9:15AM: Welcome: Scott Courtney, Vice President Product Engineering
  • 9:15AM - 10:15AM: Supporting a BSD Project by The FreeBSD Foundation
  • 10:30AM - 11:30AM: FreeBSD Virtualization Options by Michael Dexter
  • 11:30AM - 12:30PM: Lunch
  • 12:45PM - 1:45PM: What is EdgeBSD? by Pierre Pronchery
  • 2:00PM - 3:00PM: Improving MemGuard Support for UMA on FreeBSD by Chang-Hsien Tsai
  • 3:15PM - 4:15PM: Lightning Talks
  • 4:30PM - 5:30PM: Blacklistd by Christos Zoulas
  • 6:00PM - 8:00PM: BSD Certification Exams administered by BSD
  • 8:00PM - 12:00AM: Mid-conference Social sponsored by iXsystems
  • 9:00PM - TBD: Hacker Lounge
  • 9:00PM - TBD: Doc sprint


  • 8:30AM - 9:00AM: Registration/Breakfast
  • 9:00AM - 10:00AM: getdns, A New Stub Resolver by Willem Toorop
  • 10:15AM - 11:15AM:, the Free OpenBSD Shell Provider and Online *BSD User Group: Technical and Social Lessons Learned from Half a Decade of Service by Bryce Chidester and Brian Callahan
  • 11:30AM - 12:30PM: Interesting things you didn't know you could do with ZFS by Allan Jude
  • 12:30PM - 1:30PM: Lunch
  • 1:30PM - 2:30PM: HardenedBSD Internals by Shawn Webb
  • 2:45PM - 3:45PM: BOFs
  • 4:00PM - 5:00PM: Made to Measure: Network Performance Analysis in FreeBSD
  • 5:00PM – 5:15PM: Closing remarks by Verisign


Sheraton Reston
11810 Sunrise Valley Drive
Reston, VA 20191
(703) 620-9000


vBSDcon 2017
vBSDcon 2017 will be held on 8-9 September 2017 in Reston, Virginia.

See details