 Thank you Yeah, there will be some anecdotes about Thank you very much for having me here Yeah, it's great to be back here because I was the last conference. I was it was in 2004 So that's a bit of a while ago And it was actually Misha who's not in the room. I guess I couldn't make it but he said to me well, there's new USB BSD come coming up Would you care to send in a proposal and I thought I'm I'm just a regular BSD user What should I be talking about and I thought well, I've been using BSD for quite a while and I have some anecdotes So let's talk about that. So I'm a little bit apprehensive because normally I talk about deep technical stuff And now I'm just talking about some fun stuff without a clear Storyline, but I hope you you enjoy So I'm a BSD user as I said I was also a chairman of the Dutch UDX user group the NLUG for a while and In the organizing committee of BSD on Europe as I was called then together with the HIDO and I was also a program chair for that conference. I Actually wanted to wear the 2002 t-shirt, which I have a unworn version of but I decided against it And the people who know the shirt will probably know why And I've been running a lot of different versions. This is what I could find that I have run in my BSD journey So as you can tell from this list, I'm mainly using free BSD and it's been a while since I've updated the Net BSD and openly BSD systems. So I'm lagging a little bit behind there Oh, and in my daily job. I work in security It all started with me when I started at the Eindhoven University of Technology, which HIDO alluded at in 1998 88 sorry 88 It's funny because I the the Eindhoven University was founded in 1956 and I drew this This timeline from zero AD until now So this is TOE and also looked up when the University of Cambridge was founded So yeah, I don't it is a very young university and But still when I went to study there. There was no Free BSD or open BSD or net BSD yet and And no Linux and what we had was SunOS as did any University at that time, but also some altrix and some other stuff and Here I came in contact with Unix and I was I fell in love with it immediately I think it's a great operating system and I learned a lot about it Of course the 386 was also around at that time, but not in use at the University and I learned Unix by just printing out all the manual pages of every thing that was in user bin or bin and Going through all the manual pages and see what everything did to learn about Unix and it worked quite well and This was also the time that I did my first hack. So I I Saw this command STTY. I thought let's ask for the manual page and then one of the Parameters to the STTY command is a zero and it said this means immediate hang up. Hmm wonder what that will do STTY zero enter poof Okay, immediate hang up. I get it and I thought well can't I just redirect this to the terminal of my friend Who's sitting over there? So I typed in the command and then I heard some profanity coming from from there The session had stopped This was on altrix by the way So there was this was a nice feature in this was actually my first hack and I got hooked and and there was a starter also my security career I I suppose So this went on for a couple of years. I had access to the university computers with Sonoma's altwigs ultrax was also always funny to get stuff compiled. It was also always a Matter of changing all the make files to get things running And I walked into Hido and Hido was already active in the 386 bsd scene and And I found us also very interesting and it took a while before I had enough funding to buy my own PC So it was actually already in my last year at university that I had a bit of money to buy an XT PC in the 8086 But that was not good enough to run 386 bsd So what I was running was I had a 20 meg hard disk I had a DOS and for DOS on it and I used the level bbs software And I actually had a UCP link with the beach of enema the writer of these pre-reversal was also an ainthoven So I would call him up and he would answer the phone and I would say I would like to do you speak connection Okay, come here again called again Then he let the modem pick up and I have my own UCP note in the university domain But Hido of course he did have a PC fast enough to run 386 bsd So I guess this was must have been a 386 or something This is not this is an artist representation. I don't know what this PC look like But I just took a picture it was the time when you had these PCs where you could see on the little screen the speed at which the CPU was running right and you had two modes the turbo mode and the normal mode with a little button and This was this was a Hido's attic I came over there and I remember that Hido was very very proud about I guess there were some some changes made in the system making it scroll very very much faster So it was yeah, the speed was great and he was also very proud that the uptime was almost a hundred days Because at that time we didn't care with the security about the uptime I mean now we know that we shouldn't keep systems up for over a hundred days if there are any patches but he said well we're almost at a hundred days and he wanted to press the Turbo switch, but accidentally there was a switch behind it and he and he pressed the reset button and There was the 100 days uptime. Yeah, that was was a sad day for Hido Meanwhile, I had graduated I got into my first job also in security and I had enough money to buy my first real computer of 486 and Over the over the course of the years. I upgraded it to the fastest possible processor 100 megahertz and the maximum number of RAM that fit in there and Yeah, I run free BSD because I came from 386 BSD. I sort of rolled into free BSD started with 1151 and Yeah, this thing was doing everything. I run I still ran the UCP with which I ran sifts and this Well, you can read it all and my wife used to work for Dutch ISP. So we were very early on already capable of getting a huge bandwidth at home and even IP version 6 and Slash 28 at home But compared to today's computers pretty slow make built world 24 hours to do on this machine What's also funny is that I still have the Picture of the actual system. I don't know is that just me or other other people's who have Pictures of old computer junk. I see some people not a good. I'm not the only one. So that's the system I actually do still have that system and But suddenly it became a bit too slow. So I Was also using it to I Turned all my CDs into ampere threes and I'm and I tried to play them The system could not keep up. It could not decode not ankle but decode an mp3 in real time And also when I was doing in a secure copy over the hundred megabit land Because that would use if that would use encryption. Yeah, the CPU was the bottleneck But it also got regular crashes. So the system started crashing at irregular intervals I had no idea what it was and I thought it might be the hardware and since it's too slow anyway Or buy a new system, which was that into Celeron system, but it's still crashed. So this is Yeah, the anecdotes are not just the fun things but also the less fun things such as this one This was my longest running issue with free BSD where I couldn't find Really what the issue was I have pinpointed it to be a combination of using IP version 6 with netting and IPF firewalling and these three combined made the system crash and I actually Worked on it with again. He though we came over and we did some kernel level debugging to see where the issue was But yeah, we we couldn't find the yeah, the exact spot where where something went wrong So in the end I just disabled IP version 6. I said, well, let's Let's not be cutting edge. Well cutting edge in 2007 that was around already for seven years, but And With each new release of free BSD, I tried to turn it on again and finally with free BSD 9 It was we solved. So this issue has been going on since free BSD For ish until free BSD 9 that I had these these things That was my home system But as I said before I my first job was at a company working in security and there I was lucky enough to also be able to run free BSD on my desktop So nowadays it's quite hard and many companies to choose what operating system you have on your desktop and In many cases is going to be something like windows, but here I could run BSD. This was Philip C.P. By the way, and So we had a local network and it was an NIS network information system server that holds the password files and network information and my desktop was on the network and I ran free BSD with FVWM 95 that some of you might also still remember which was a window manager that resampled windows 95 with was then the windows environment and people would not Understand that this was something different than the windows And what I also decided to do was to Have a an empty root password and I tried to think about it. I'm not really sure what made me do this Other than maybe that I understood that in BSD you need to be in wheel to be able to as you to root So if there's nobody in wheel except myself and the root password is empty Then nobody can become rude except me And I thought that was fun. So that's what I did and I set myself kind of a challenge like my system Has no root password try and break into it. So my colleagues were allowed to try and Break into it. I'm not disrupt anything, but maybe leave a message in the MOTD file And of course I needed to make the TTY Secure so you cannot log in as rude on the TTY So that's what I did So the password file might have looked a little bit like this and as you can see I also have my colleagues Being able to log on to my server But their information came from the NIS server And then you learn to hack by trying to hack into your own system before other people do So what would be an issue with this? I'm getting getting HIDO and ION from the NIS server and Everything that I have not filled out there that data is filled in by NIS. So that's the encrypted password but it's It's all the rest as well So the NIS server was not a Server that I managed If my colleagues would have access to the NIS master, which I guess they probably did Well, they can change the NIS table and change the name The shell but also the UID and the group ID Which means that you can Changed the NIS master to make your user in the wheel group look into my system as you to route down Luckily, I found this out before anybody else did and and abused it and the solution was easy I I typed in hard code at user IDs to fix the problem another Thing that you have when you have no root password is that you need to be very careful When walking away from your terminal because I if I walk away from a computer and I have a shell open Logged in as myself. Yeah, it only takes half a second to become rude. You just type in as you and you're there So every time I went away even for a few seconds. I needed to lock my screen Which is actually very good security advice and In those days locking the screen you could do with the tool X lock more I did that and People would go Behind sit behind my terminal and try passwords while I was going grabbing a coffee or in the toilet And they would try different passwords to see if I had secret or Password or whatever and they never found out my password. My password was actually quite good for the time being I mean it was only eight characters, but it was it was actually really random and Nobody found my password and then one day what happened was that I came back from lunch I tried to log in mistype my password set log in failed and instead of Pressing enter and typing it again. I pressed enter twice and what happened was that I Got logged in Yeah, I see amazement Yeah, I was as massive as well. How can this be? So I did a little bit of digging around and then I Saw this in the manual page for the X X lock more her command And it says if you use X lock more then you can Yeah, and the lock Free the terminal by typing the user's password or the root password Actually, I believe that was also in the old Sun Sun the West Times you had the program lock Which would lock just one terminal and then also the root password will be able to lock it So the system administrator could unlock terminals that were locked and nobody was there anymore so of course all Of that time anybody could have just sat behind after behind my screen type enter and become rude And people have been typing there all kinds of stuff And nobody typed enter twice so Very lucky here Yeah, well, I didn't try it. It must have been there for years. I don't know and actually in all those years I think I spent their Six years at the company with my BSD system and it was only one successful Heck where somebody was able to change my MOTD and yeah, it was you know who who did it and Yeah, I was a little bit disappointed. How how did it how why? So I asked and he said I can't I can't tell you what what I did Yeah, so well still it's only it's only one root exploit in six years But still I wanted to know what was going on, but I did know that on BSD or other unixes you can Log stuff you can up your your logging. So what I did was Before this happened. I had already used the acct on utility to up the system logging So this will log every Process being being run on the system. Of course, it will slow your system down a little bit But then you can use the last com command to get an overview of it yeah, precisely what has been run and I did this on gdus account and I saw login login scripts being processed and then I saw a One line for something called set you ID parole and then I saw the logout scripts being Executed so I saw so I went to video. I said, ah There's something with the set you a deep role Oh You should not know this that this is the case and it turned out at that time you know was security officer for free BSD and this was a zero day In the set you a deep role So yeah, it was a good proof of concept. They were they worked on my on my system But it was funny that I was able to figure out what what it was And this is this is a long time ago. I looked it up and this was in free BSD to Oh five that I was running at a time Okay, whoever did an RM dash RF by accident. I guess most people have made some kind of mistake Somewhere yeah, I had the same happen once I don't make mistakes that often of course I also did our men dash RF earlier in my life and now I'm careful enough when you do an RM as a root You read the line again before your presenter But in this case it was not an RM I Wanted to for some reason I wanted to tar some information to my floppy drive so this system had a three and a half inch floppy drive and I was so accustomed to typing WD zero, which was at the time Device name for the Winchester drive the hard drive that I tarred stuff directly to my root partition on my main hard drive Now what will happen if that happens? Well, I noticed fairly early So I pressed controversy right away and the process stopped and the system was still up and running But yeah, I had no clue how how how to fix this so and to Hito because he Knew more about BSD than I did and he came over and together we sat there thinking What will be our plan to get this working again? What can we do and we were sitting behind my screen and we're contemplating this and then we saw panic and the system end up So the problem was solved. Yeah So I spent the next day reinstalled Well, I mean, it's just a matter of reinstalling the standard utilities that you that there are in the root directory and get them back on to the disk It was fairly standard installed. So luckily I was able to fix it, but that was yeah, it was a hairy situation Now this is all it is all very free BSD ish that's also talk a little bit about the other BSD's at Phillips that was an old Sun that they were going to throw away. So I said, well, let's have it some 380 and that was the start of my Computer system collection. So I started collecting all kinds of unique systems at one point in time. I had 15 versions of Unix running on different systems in my attic and Oh, if you ask a chat GPT or an AI for a picture of Sun systems, that's what you get and Yeah, it's got some sort of a hobby to to get all systems and to try and reinstall them with a BSD if possible and see how they work and Yeah, fiddle around with them. So that's where I Started using that BSD open BSD on a lot of these systems And it's very challenging if you have very old hardware. It's very challenging to get them installed with a new OS So once I had a Sun three and I needed to install SunOS from original boot apes and Yeah, what commands do you need to enter? There's hardly any information that you can find on the internet about this and Also the hardware is a challenge like this vex station. I tried to install Oh, it did not have a disk. So I needed to boot over the network. I tried to use open BSD Then this particular Hard disk controller was not supported so I couldn't proceed it did boot and then I tried that BSD and one version it didn't work the second version It's sort of booted found the hard disk, but it couldn't write the data on there And I then had to put another version and manually put the files on there in the end it worked But it's a lot of it can be a lot of work to install UNIX on these very old systems And this was I guess newer than the three sun 350 Which I have so on this I installed that BSD as you can see a kernel compile is 14 hours so this is definitely a lot slower than the 486 I started with and But it gives you a lot of Hobby time. I mean here. I wanted to create a custom kernel and BSD kernel to include IP version 6 and all kinds of other interesting goodies on this very old machine and The kernel compiler took 14 hours or 40 minutes And then I found out it didn't fit because the kernel needs to fit in the first Mac of ram So I made it a little bit shorter try it again again It didn't fit because then I found out now. It's not just one megabyte. That's the limit We also need to reserve a little bit of space for the virtue for the video memory. So the kernel needs to be smaller still So at the third attempt it fit and I got a working system And also weirdness like Sun. They always have SCSI disks with a SCSI ID 3. That is the first disk that you would normally use So the disk with SCSI ID 3 is seen as SD 0 In SunOS except for the Sun 350 because then you need to have the disk at SCSI ID Zero or you can't install anything on it And of course the error messages in that time were not as good as they are now So the arrow would just be a bark and figure it out This is already quite old, but I also have a Sun 250 which is 40 years old and That doesn't have a disk inside it uses and this is so old that Sun had not yet invented the network file server So all the newer systems they use NFS, TFTP, BootParamly Which is really standard and you can still run that easily on any kind of BSD today But this is before that and when I got the system I happily found out that a guy called Matt Fridette who I've never met but he he built a network disk Server and with that I was able to boot it Network disk is just you the client asked the server give me block 25 of your Virtual disk and you get one block and that's the way you work. So it's very low-level And with collecting unit systems I also Got access to a few interesting ones like this one So this well, this is not the actual picture of my actual system but I have a similar one RDI precision book which is a Unix system turned into a laptop and this one is a PA risk one So designed to work with HPRX and this was actually used by the OpenBSD to port their To port OpenBSD to the HPPA PA risk architecture and it was no longer needed and they got in contact with me And I've given it a good new home in my attic This is also a lengthy process to install I installed at that time OpenBSD 6.9 was the newest so I installed it over the network and the thing has a SCSI adapter with a very small SCSI drive which are very hard to get so it now has a SCSI to IDE converter and Then a standard IDE disk which makes it very slow. So it took I see six hours to verify the data sets and then another six hours to put them onto the drive. So just Just doing that was was 12 hours and then I had issues because it needed to do a TFTP and then my I use a free BSD server to be the TFTP server and OpenBSD was using TFTP fragments and the TFTP server in free BSD did not support fragments So I installed another one that also didn't work. So but of course the OpenBSD TFTP server works Fantastic with it. And so I set up an OpenBSD TFTP server And I was able to do this and it now works fine even with graphical environment on a secondary screen talking about OpenBSD Around a bit before this time There was a bit of talk in the scene about Teodorat and I was a bit intrigued about Teodorat I did not know him. There were these stories I thought well, I'd like to meet the guy and have a conversation with him see You know what he's really like because I don't like to Just take it from a worth of mouth on the internet And it was at hackers in hacking in progress a big hacker camp in the Netherlands that takes place every four years Under a different name every four years in 97 and I was being told that Teodorat was there So I thought this is my chance. I can go there and have a chat with the guy So I went to the OpenBSD OpenBSD booth and I said by any chance is Teodorat here can I have a chat with him and they said No, I'm sorry. He's not here and over the rest of the conference. There was no Yeah, I did not get in contact anymore with them. So I never spoke with Teodorat but I did Talk to some people who said I saw you asking at the booth if Teodorat was there and actually Teodorat was there He was almost standing right in front of you But the people said he wasn't there. So probably because of the controversy they Yeah, I don't know. They want they don't want me to talk with him. So I've never talked to him yet All hill my power power point Photoshop skills. Yeah, this is not very good. Anyway So I'd still like to meet him someday, but we'll see at the One of the later hacker conferences what the heck Oh, we don't have sound doesn't matter I did learn to appreciate open base. They much more because of their fantastic hoompa force. I I thought hoompa was was a weird kind of phrase But later I learned that it is finished. It's a it's a real music style And of course they have the hoompa music on the the cd from that time So, uh, Avile Naga what's it called? Yeah, so that was cool. It was a lot of fun doing the doing the hoompa and On the subject of open bsd another interesting anecdote is that open bsd Says only two remote holes in the default install at least a seven point three I think the message now a little bit different and that was really funny because uh After working for phillips. I Co-owned the company also together with here Called medicine gurka. We did all kinds of security work doing penetration tests And we once had a customer and they said could you check our website, please? Our web application So yeah, yeah, we can do a security assessment of your web application We started looking and we immediately saw they were running open bsd as their operating system Which is not really a typical operating system for a regular company to use So we said well, why are you using open bsd open bsd is the most secure operating system there is So we are running open bsd but of course on top of that they built Some kind of monstrous php thing That was as insecure as you can have them So we had a little bit of teaching to do there, but their their os was was good I only have a few minutes left, right? so No, I'm almost through our slides anyway Anybody know pico bsd Ah, if you're not so well, I don't think it exists anymore. There's now something called the mfs bsd Which is a bsd that you run in ram and The new mds bsd I have to check here needs a minimum of 512 megabytes of ram But that's not really a small bsd, right? For people collecting old computers. That's that's a lot of a gigabyte, but this one's already with just Yeah, a tiny little bit of memory and a tiny little bit of space so I think in my life. I only did about Three, this is my third bsd talk. I did some advocacy talks And this was a talk about pico bsd that I did at nl u g At that time free bsd 3 Now I was using 4 I think oh, yeah, it's just there. I used 4.62 which was current at the time And I gave the whole presentation from a System running pico bsd. That was quite fun. So I took with me a 386 computer An sx so there is no floating points in there And it has one floppy drive 1.44 megabyte so the system fit on one single floppy and there was just a tiny bit of space left And then I decided to run the presentation using jpegs So I created the presentation converted to jpeg and then used the jpeg viewer to to show the presentation I used cjpeg which is very small jpeg viewer and Yeah, it barely fitted so I I I had one floppy with Free bsd. I would boot that completely into ram Then I could unmount the floppy mount the second floppy and there was my cjpeg viewer and all the slides And even that didn't fit into 1.44 megabytes So I had to reformat the second floppy to 1.72 megabytes adding a few extra tracks And that worked so that was that was cool Doing that with a very minimal hardware Of course, my talk is called panic for historical reasons. So that was the most Yeah, I was flabbergasted by by that one So let's get back to the time where I was working at phillips with my own desktop in the company And here I was working behind my system And suddenly it just panicked. I was just minding my own business and then poof panic and not just any panic, but a panic for historical reasons Well, if you see that then you think that people are playing some kind of weird joke on you And uh, I believe at the time we we discussed it and we had no idea what this was and um, I just left it at Rebooted it and it's worked fine ever since It did kill my fantastic record of also 100 days uptime or whatever So it was not nice, but specifically for this presentation I did a little bit of digging around in the source repository And I did find out where it came from. So it's apparently written by uh, julian ellisher And I also have no clue how what he looks like or if he's here Okay So this is in the uh, if you have a specific adaptek Issa scuzzy card, then you need this driver Written by julian And in this driver it says I talked to the to the cards send something to the card if the card is not responding in a specific time Then we gave up and we'll say We have a problem with the adaptek card and we do a fatal if no ddb And if you look at that It says well if you have ddb defined then uh, Then fine But else oh no panic for historical reasons So this makes no sense at all. So I asked julian. Do you know anything about this? But the the only thing he says is and I'm quoting here In my imagination, it would mean that in previous situations a panic would have been expected behavior at this point Even though it may not strictly be required. So yeah, that's a perfect explanation Of why it's there But uh, yeah So that actually concludes my talk. I would like to thank you for inviting me and remember if you run bsd You, uh, you will have fun with bsd