 Philip adalah konsultor dan kontrakter yang berdasarkan di Belgium. Hei beri perniagaan dan perniagaan yang tidak berat di software dan sistem operasi, terutamanya dalam konteks reka-reka. Ia membuat pembinaan yang baik, perniagaan yang tidak berat, dan perniagaan yang tinggi. Hei dapat diperkenalkan untuk bekerja, bekerja, perniagaan yang tidak berat di perniagaan yang tidak berat di perniagaan. Jadi, Philip adalah komputer FreePSD, memperkenalkan banyak keperluan dan memberi Team Security PSD. Ia adalah salah satu pembinaan yang memperkenalkan mereka, pembinaan yang terbesar dari awal 2000-an sampai 2015. Jadi, dia menggantikan pembinaan dengan radio emersi, atau pembinaan di atas jenis. Philip juga seorang pembinaan FreePSD. Sebelum kita memperkenalkan, memperkenalkan sama ada orang ini memperkenalkan semua pembinaan FreePSD. Mengucapkan. Ada orang yang memperkenalkan pembinaan FreePSD. Jadi bila saya boleh cakap yang pembinaan FreePSD atau tidak? Ia erot. Jadi mungkin pembinaan Terima kasih. Terima kasih kerana menolong. Ada beberapa alasan tentang konferensi ini. Itu sangat bagus. Tapi saya ingin beritahu kamu, kamu tidak perlu tinggal seperti ini. Ada satu cara yang tersebar. Ada satu cara yang tersebar. Yang tersebar adalah sistem distributif yang digunakan untuk mengambil perangkat. You take all sorts of other bits of ops and dusts, you pilot the meter and you call the distribution, you install it and you hope for the best. And there's all this fragmentation going on. So 3D SD does not work this way, we are not on a Linux distribution. For one thing we don't use Linux. But we're also in a different kind of distribution. So I can probably skip this slide since our dear moderator has written this out to us. But as I go through this talk bear in mind that I'm a kernel hacker. I care deeply about my kernel, my operating system. I like it to crash while I'm developing it. And I don't want it to crash after I'm done developing it. And when it crashes I want to know why. I'm also a consultant. My customers give me money by the hour. So they want to... They want me to stop working as soon as possible. So I care about efficiency. I teach things, I care about things being readable and obvious in source code. And I'm giving this talk as the director of the 3D SD Foundation. Which is a charity entity that provides somewhere for the 3D SD Foundation to go. I also am a conference organizer and repeater founder. I have organized many conferences over the years. And I just can't say no to organizing conferences. But that's all very boring. But I'll talk about 3D SD. 3D SD is a complete operating system. So in the Linux world the operating system is defined as the kernel. Which is a whole bunch of source code which you download from kernel.org. Or most people don't download from kernel.org. You put it together with a C library. You put it together with a graphics stack. And all sorts of other stuff. And you call that the distribution. In 3D SD we call this the operating system. We don't distinguish between a kernel and a C library. They're not different projects. They are just part of the operating system. So the same people who write your kernel, your system calls, actually implement the use of the system calls in the C library. We provide tools and source codes. We also have an open source operating system. We provide you the kernel and the tools to use it. So we'll see that later. If you install 3D SD, you get the tools you need to start coding. We also have a package collection which at the presentation written had 24,000 open source packages in it. So you install 3D SD and then for some reason you like a world of pain and you use Emacs. So you feel you need Emacs. So you package install Emacs and you can suffer in pilot. We also provide complete documentation of the system which if you're familiar with Linux, this might seem surprising to you. We document our entire operating system and we consider it to be a bug if something is not documented. Also, we consider documentation to be a first class socialism and we translate it to many countries. We are also a vibrant open source community. I don't remember how many committers we have a couple of hundreds working on different things. We organize conferences in different parts of the world and we like eating tasty things in warm and nice countries. So we are a community producing operating system. So who are we convinced to use this stuff? Well, everyone that turns out this is just a selection of companies which admits to using 3D SD as we'll see later. You don't have to tell us that you're using it because our license appears on software to go and use it. These companies are admitted to using 3D SD. Apple is very well known for using VSD. MacOS X is basically the 3D SD kernel merged with the mock scheduler of Apple Secret Sauce and about 20 years of developer time times ex-developers and it turns into MacOS X. It also runs on the iPhone, of course. WhatsApp is a fairly popular messaging application. They run 3D SD on all of their servers and I've been to doing so. Sony, of course, runs 3D SD on their PlayStation. I think the rumors have been confirmed. Nintendo now runs it on the Switch. And all of us rather call companies just use 3D SD and that day just they are. You used to run the Xbox as well? The Xbox presumably also runs so it's everywhere. Yahoo runs 3D SD on Yahoo Mail. So quite a lot of the spam on the internet is actually going through 3D SD. But why do these people use 3D SD? Well, they use it for a number of reasons because we're nice people and we're fun to hang out with. But they also like the fact that we have a strong culture of innovation in our community. We look at technology out there, we grab the best bits, we learn from other projects and we innovate slowly and we pull things in. We also have great tools. So previously when you install our software you get a whole set of tools that are fun to work with and just work for you. We don't just throw software over the wall when we're done with it. We have a release process, we have branches and we have a to use more particularly a product lifecycle that goes into this. And I can't stress this enough we have expert documentation in many languages including Chinese and other Asian languages. Japanese is a very thorough translation. In the previous handbook this is a Chinese version which I think is one of our most complete translation. We have a very business friendly license. Companies like Apple don't like the... Companies might like it but the legal departments of each companies do not like having a license which is 4,000 pages long and filled with restrictions on what you can and cannot do. The previous project has a much simpler license which is you take our software and you enjoy it. And our community is very open. It's very easy to join the community many companies find it easy to subscribe to our mailing lists and suddenly they have employees fill it in code to the free me as the tree. I mentioned our documentation the free me as the handbook this is the Chinese version and the free me as the handbook and this is actually real we admit to an existing company here The history of Linux I think is widely known The history of VSD is quite a bit longer and I have 3 minutes to talk about this So once in a while in the dark just chaos reigns we have no operating systems we were happy then we lived in caves we made grunting noises we hit each other with gloves and it was so much more fun I think some nice people I think in Stanford perpetrated most of that they came up with we can have these computers and they can talk to each other then Unix came up in Bell Labs the other side of the country and that was fun we can have multiple users we can run software on it wouldn't it be nice if these computers could talk to each other so we had the CSRG Grant write us a network stack and that was all VSD code written so we had Berkeley tapes we came up with VI through using VI we had a Pascal compiler and it just goes on to the history of computing is actually the history of VSD so all of these things from chaos to VSD being free is essentially the history of operating systems of Unix so who was alive when chaos rained, I wasn't who was alive during the VSD and AT&T lawsuits early 90s most people were so we have a long history of writing code throughout this whole Unix process we thought about things and just did things so let's talk about VSD specifically I'm with previous VSD foundation but there are actually other VSD operating systems macOSX is a hybrid sort of operating system but when we think about VSD, we think about four main VSD operating systems VSD was the first VSD operating system they focus on mainly on portability so they want to run on your toaster they want to run on your printer so indeed, I don't know how many printers are out there running NetBSD but many many printers run NetBSD FreeBSD feels very strongly about performance so the original intent of the FreeBSD project was to be the best VSD on i386 we are now the best VSD on many of course the OpenBSD project focuses mostly on security they branched off from NetBSD in 1996 because they felt security was more important than platforms so OpenBSD is very popular in the wonderful world of firewalls and security and then our most recent VSD project is PCBSD, it's now called TRUOS it's actually a fork FreeBSD and not really a fork in the way in the Linux community but it's a derivative so they take FreeBSD and they follow us very closely and they add all of the graphical bits which you want on your laptop so if you want to or in a virtual machine developer you involve PCBSD and you get FreeBSD kernel and all of the tools you need to be productive in addition to just a compiler a shell and VI they also make it very easy to upgrade your machine they use an FS which I'll talk about later and jails to make upgrades very seamless and if they blow up then you can easily revert your snapshot and go back to your known working state and try to grab your backup tapes which you didn't remember so all of our VSD projects believe in producing a whole system so the operating system I mentioned is everything, the kernel plus everything around it it's device drivers, it's compilers and associated tools also debugging tools so the point of this whole VSD thing is you install it and you are ready to code whether you are a user space application developer or a kernel developer you install the operating system and you can type vi mumble.c and you can be productive and then you can CC mumble.c and it will work this is different from the next world where you install your operating system and then you need to download all the packages in the world and then you find someone else's computer and they have different packages so what's in this whole system of ours or what's in the operating system we have some file systems we have the traditional unix file system UFS which is your grandfather's file system it's high performance it supports snapshots so you can go back in time copy on write without too much difficulty and we have journaled soft updates so if your machine crashes in the middle of a write so it's not closed we also support ZFS which is the file system to end all file systems it's also a volume manager and a raid implementation and FreeBSD is probably the reference implementation of ZFS but FreeBSD is certainly the most used implementation of ZFS if you care about your data you really want to build it in ZFS ZFS acknowledges that you are really the enemy and they lie to you and they try to eat your data and ZFS tries to protect you from your disks you store your data in ZFS and you can be confident that you can get it out later check sounds in the background and it's all sorts of goodness so how did the Sun Community License make some VSD it's a different license ZFS is under CDBL you can use it but no no ZFS is CDBL it's the community normal bubble license but it's perfectly compatible with VSD because it's open source anything open source is compatible with VSD license it's very nice so i think ZFS will never make it to the kernel for long technical reason we also have security teachers it's not just because the OpenBSD people focus on security that FreeBSD has no security we do actually care deeply about security as well we came up with a concept of jails roughly at the same time as some people came up with containers our jail framework in FreeBSD is a way to restrict routes to a little bit more than the file system so it allows you to create routes within IP address and lock processes in that it's different from Linux namespaces because it's actually a system call and you create a jail and you're ready to go whereas with Linux you need to add a namespace and then you have a C group and then you have process namespace you have 16 different namespaces and to containerize anything we also have the MAC and audit framework where you need to audit your system and your users who did what to whom and where and you can't answer why but if you want to know who touched the file last we have a distributed audit mechanism which uses the same format as the Solaris so you can audit off-site easily so no one can tamper with your audit records if you're just logging to a file and your audit log is gone our audit framework sends your audit log to another machine which hopefully is secure and that's out of the box on TBS that you don't need to install we also have something called Capsicum which is capability system for Unix where you can declare in your application that it should have minimal privilege on a function level from this point on you will no longer be able to write to any files so you restrict it to your privilege and you can never expand your privileges again once you have entered a capability sandbox so this is used in our TCP dump and our GZ library so once you start TCP dumping on an interface the disector is running their own sandbox and nobody can send nasty packets on the wire which then go and write files to your file system or if you're uncompressing a file if the depressed data happens to be nasty it can't break out so we have this in 3DSD I don't think it exists in any other system yet we also have innovative compiler technology in previous stock we had a brief digression on LLVM 3DSD uses LLVM and Clang as our system compiler on all platforms and supported so you don't have to suffer LLVM LLVM is an accessible compiler with a static analyzer like QB, you can run static analysis on the 3DSD kernel I think you can also run Boxing L on the 3DSD where people probably have done it that LLVM also knows about C and if you've got LLVM, why would you go and use something on top of it we are in the process of replacing our linker. Has anyone in this group ever fought with new LD LLVM? Did you enjoy the experience? No Right, so if you've never touched linkers and you know if you do LD debugging in new LD is a fun process we have LLVM now and it is much better I think LLVM is still no fun but at least a space in the wrong place or linker we also have LLVM now so we still support GNV but LLVM is a much more accessible debugger GNV now supports for Python scripts LLVM has a much more LLVM it also builds on LLVM so it has a lot more context about your code from the beginning so we support LLVM Intel and AMD64 TfLmR but I think I've worked in progress so this moves compilers into the 21st century it's just a much better world than GNV so that's the compile side of things we also support Dtrace as a kernel developer I cannot remember what life was like before Dtrace I have purged the experiences from my life Dtrace has been an entity for me Dtrace provides complete system transparency so what's happening on your system Dtrace can tell you it can show you when you are entering a function when you are leaving a function what this function is doing and until you enable a probe it's not there so it's designed to run in production and it works really well we have Dtrace inside the kernel we also have Dtrace user space Dtrace now it's a little bit hairy Dtrace we also have a network stack BSDs were the reference implementation of the internet and we still are the BBR stack is working in BBSD for people who like Rackstack Cubic and new readers we have any number of firewalls last time we have 2 possibly 3 and we have WNets as a packet shaper we have Netmap for people who like user space network stacks doing things into Qs and doing all sorts of little latency fun things if you are a networking person BSD is not to work on the BSD network stack is also mostly readable and not to hack on i'm always running out of time the virtualization we support virtualization obviously we have a hypervisor it's ready to run any operating system you can think of so if you have a Mac you can use x5 and it supports the same command by options as on 3DSD our release process also gives you in addition to DVDs 4p images for those who want them Netboot images etc we also have Diabler images QAMU images etc we also have amazon images produced by the release engineering team so you can just spin up an amazon box with a 3DSD image 3DSD community our hypervisor of course is BSD licensed so it's important to any platform we have more features we scale to many many cores we have newer supports so non-uniform memory addresses we run on ARM64 i think currently we have a limitation of 96 cores and i think more than that life gets interesting on ARM that should be broken soon enough we have TCP as well for people who like that sort of thing and we this is just the last bit if you are on a modern server which needs UEFI you can boot UEFI environment without too much difficulty it just works i'm almost out so any questions so far do you have 5 more minutes or 3 more minutes 5 more minutes i'm not running at the time so i mentioned all of these technical things everyone is now obviously installing 3DSD on their virtual machine amazon machines but after running 3DSD update life is good let me tell you about how the project works i mentioned the hybrids community conference is everywhere we have a democratically elected 14 we don't have no dictator there is no one in the previous project who says this patch we don't like this patch or we don't like the person who wrote this patch we don't have that in the previous project we are friendly people we have a core team which is elected every few years among the developers south of southern in the back of the room there has been only a core team for a long time i have been a secretary in the google summer of codes project they still like from us so we have mentorship since the early 90s where basically you submit patches to us and then we notice that we are submitting all these patches and we say you are submitting all these patches how would you like to commit your own patches and i don't have to do it so we invite people to join our community based on their track record and do good work and we will venture you through this process until we think you are ready to roam on your own we have lots of hats where if you are doing security work you will wear security hats if you are doing release work you wear release hats but we have no dictator so the hats are more by oh you want to do this and it all works very democratically and in a friendly way so how do you become a committer and if you install 3dsd on your amazon machines you have now found your first bug how do you join our community you complain about this bug where do you complain about the bug you complain about the bug on our mailing list you check out the codes we use subversion because we believe in version control but we also support the git's collaboration system for people who are into that and we have a mirror on github once you have fixed your bug you submit it to our review system and after you submit any number of patches people will get bored of reviewing your patches and someone will offer to mentor you into your process after you will be proposed for a committment to the core team the core team will say oh yes why aren't they committment she's been sending so many patches so you get a committment which allows you to type SVM committs and the patch enters our tree and a script will check that you have a review line so we insist on getting code reviewed before it enters the tree that patches the bug after a while you've not broken the build for a couple of weeks your mentor will say go forth and do more damage at that point you're in the review system and you get bored of someone's patches so you make them a minty and the process just repeats itself so this has happened for hundreds of people so that's our community we also have a license i promise to do that this is the BSD license people can recycle it from memory i'm not going to do that this is our entire license don't blame us if it breaks and it would be nice if you acknowledge that we wrote it this is the GPL 2 of the GPL B3 if the GPL does not fit in slide BSD license is 286 words it is very open very permissive not restrictive and not viral GPL B2 is 2968 words it restricts what you can do with your own code in addition to what other people can do with it and it isn't viral if you would like to learn more about free BSD you should find our website we have a foundation i'm a director of foundation so if you have too much money and you are using free BSD to make this money we will gladly relieve you of this burden and ensure that free BSD is improved in the process we have a github project which we have to mail it to Henry Rook and IRC and i think that puts me officially out of time any question? so how about drivers who writes them for BSD or PSE i don't write all of them but many people write them because in the enterprise world they are usually written by the device manufacturer so many vendors of popular hardware write BSD drivers we have intel device drivers which are maintained by intel employees and blessed i think the network device driver team at intel uses a common source tree for many of their devices so they are maintained by them so they are paid me money to write a device driver for them chelsea so it works much the same way as as it works on the next people write device drivers and people commit them so you're saying enterprise servers the hardware would usually work because may factories commit directly to intel or they hire consultants to write their device drivers but remember our mentorship process what happens is you hire consultants for a couple of weeks or months to write your device driver and usually this person will work with your team and then after you're done paying as expensive consultant you maintain it yourself and as part of our mentorship process you usually just become a committer after a while so that's how we ended up with committers at intel many of the storage companies they just they started with a device driver and then they just assimilated into our community they show up to our conferences not just for the food but also for interesting content so yes, we have device drivers usually our device drivers it takes a bit longer for exotic hardware to become supported in 3DSD but if it's actually viable hardware it does become supported in due course graphics is the one that usually takes very long, nobody needs to write graphics driver we have a very good sound stack i'm just curious about the mailing list i'm not having work at 3DSD so i'm just curious if people are scared of the 3DSD mailing list just like the linux panel not at all actually i was teaching a course a while ago in Chennai for a vendor of lots of hardware and i had a group of people in the group who had written many linux device drivers and they mentioned we subscribe to the 3DSD mailing list and we submit to batches and we were all shouted at and they were very confused about this course you join the 3DSD hackers or the 3DSD current mailing list and nobody shouts at you i reviewed your batch and i was like wow, i wasn't shouted at it's wonderful so if you are familiar with the linux funnel mailing list you can say let's say slightly hostile and violent you will find the 3DSD mailing list a little more friendly we have cranky people as well i'm a cranky person but we usually try to complain about the software rather than the people who write it which i think is a much better strategy for success and even if we complain about the software we try to complain politely i'll email before the second cup of coffee i have any more questions so do you have like maintainer system? yes, we have a file at the top level of the sorcery which is the most maintained file in the sorcery it is called maintainer and it is perpetually out of date but we have basically we operate on a principle that don't pee in someone else's pond if you are going to touch a file we have revision control so it is usually customary that you go and send an email to whoever touch that file or you post the mailing list then you just CC whoever touch the file last some subsystems have a little bit more ownership than others but it usually becomes immediately obvious so if you are going to touch say the PAM stack or you are going to touch the audit framework it is usually immediately obvious clear concepts of ownership but you submit the patch to the mailing list or to a new system it will be immediately picked up i mean if someone like he asked if someone is hired on certain period or they just so if they are not maintaining their private then who is maintaining it? oh, we try to break software that works so we don't we don't so you say like maintaining for the all versions like stable versions so the Linux kernel has a very fast moving target and has a mentality of code first think later well, you know, i've been goodly almost here you develop a framework and then 2 weeks later someone changes their mind and all the device drivers need to be rewritten but fast swaths code need to be rewritten infirmity we don't really have this we try to have mostly stable interfaces and this works for us also if you are going to break an interface it is on you to make sure nothing else breaks so i yeah, nobody touches strut net diff or strut diff net rather because i don't want to touch all the device driver but yeah, so if you are going to just change it into kernel you are expected to make sure that there is no fallout but most parts of graffiti of the kernel are actually reasonably well maintained and we try to mokbol things have no peer use so we are getting rid of one of our ATM stacks who uses ATM anymore so that code is not dying as far as we know it still works but nobody wants it so we can do it any more question please has anyone panicked their fresh graffiti as the amazement alright, so join the community there is a better way of life if you'd like moks you know but i'm sure it works we should chance thank you very much