Snowsuit Zine // issue 09

Table of Contents

FreeBSD

Unix is an old thing. It comes to us from the 70's from some familiar names, like Ken Thompson, Brian Kernighan, and Dennis Ritchie. It was originally designed to be used inside AT&T but AT&T later licensed it to external places.

The first legal battles about open source from BSD's history and the BSD license captures the community's opinion on what "free" means when talking about "free software".

FreeBSD descends all the way from the first Unix and is still an important part of the computing world today, powering servers, gaming consoles, laptops, and mobile devices.

The Development and Legalization of BSD

The first system at the University of California, Berkeley was Unix Version 4 in 1974, running on a PDP-11. It was customary back then to include the source code. It's not until the late 80's when the GPL appears, but AT&T wanted to encourage people to build on the system.

In 1975, Ken Thompson took a sabbatical from AT&T and went to Berkeley, where he had been a student, and installed Unix Version 6. Other universities became interested in this work and so the first Berkeley Software Distribution, named 1BSD, was born.

1BSD had ex, an editor written by Bill Joy, but 2BSD added vi, a visual version of ex, also by Bill Joy. 3BSD was the first to take advantage of virtual memory. The success of 3BSD lead to funding from DARPA. 4BSD adds delivermail, an ancestor of today's sendmail, the curses library, and job control from a user's shell. 4.1BSD brings us to 1981 now, and was released to address performance issues.

The numbering scheme changed with 4.1BSD. AT&T had given Berkeley a copy of their software but was simulatenously licensing it out as UNIX System I,II, III, VI, and they had recently released System V. AT&T objected to the name 5BSD, for fear of it being confused with their proprietary UNIX System V.

BSD faced its first legal battles. The community responded by replacing all of AT&T's proprietary code and the result was 4.4BSD-Lite and 4.4BSD-Encumbered, available with a license from AT&T.

What is FreeBSD

There are, and have been, numerous descendants of 4.4BSD-lite. FreeBSD, OpenBSD, OSX and iOS are probably the most well known.

FreeBSD is a complete OS. It is the kernel, device drivers, user utilities, and documentation. Contrast this with Linux being just a kernel and drivers, leaving the rest up to third parties, eg. Red Hat, Ubuntu, CentOS. FreeBSD accounts for 3/4's of open source BSD's installed base. FreeBSD is Unix. It descends directly from the work at Berkeley.

Above all, FreeBSD values stability and performance. It rarely crashes while often outperforming its peers, including the many Linux variations. Netflix uses FreeBSD to power their CDN, where it powers roughly 1/3 of all Internet traffic in the US. Sony used FreeBSD for the OS on both the Playstation 3 and 4. FreeBSD and Erlang together helped WhatsApp handle two million concurrent connections per server. VeriSign trusts it to run several of the Internet's root nameservers. And finally, FreeBSD was the basis for Apple's OSX and iOS, causing some controversy when Apple hired about half of FreeBSD's core team back in 2001.

FreeBSD holds simplicity as a goal.

For example, the init system. To enable ssh, add sshd_enable="YES"~ to ~/etc/rc.conf. Done. The init system also understands dependencies between services and can launch them in parallel or sequentially as necessary to get the system ready for the service you specifically enabled.

The FreeBSD team keeps the system feeling consistent by modifying the packages it installs to put files in locations where FreeBSD users would expect to find them. It values the principle of least surprise.

Would you like to know more?

FreeBSD cares about security.

They offer tools like jails, a great packet filter, mandatory access control, privilege separation, and a great packet filter.

Jails allow systems to be run inside a sandbox that can't access the rest of the system. They are isolated virtual instances of FreeBSD that run off the same kernel. Linux users are currently using containers to get to a similar place. There is no performance hit in using jails at all. From the host's point-of-view, the jail is just files which can be observed the same as any other files on the system. If someone breaks into the jail and gains root privileges, they are still locked in the jail, unable to escape, safely quarantined from the rest of the system.

FreeBSD's packet filter pf comes from the OpenBSD project. OpenBSD is also a descendent of the original BSD but it makes system security one of its primary focuses. The project gave us OpenSSH, LibreSSL, the CARP protocol, and PF. Add pf_enable="YES"~ to ~/etc/rc.conf and add your firewall rules to /etc/pf.conf.

FreeBSD also ported OpenBSD's CARP protocol. CARP gives FreeBSD users the ability for hosts to share IP addresses and Virtual Host ID's to provide high availability. One or more hosts can go down and the other hosts will transparently take over. CARP & PF are a powerful combination for keeping networks running and also secure.

Mandatory access controls configure access policies for different OS resources, ie. syscalls.

Privilege separation allows a system to be started as root, grab a resource that requires root access, and then drop from root down to a different user for the rest of the processes execution.

FreeBSD finds great solutions to security problems by merging simple concepts with the Unix tradition. Jails, access controls, packet filtering, and privilege separation are all easy to setup and configure and go a long way in reducing the blast radius of a successful attack against the host.

Would you like to know more?

FreeBSD supports the ZFS filesystem.

ZFS was one of the last great efforts from Sun Microsystems. It can handle up to 256 zebibytes, which means 278 bytes. It was designed with a focus on data integrity and makes trade-offs that steer it towards never losing data. An example is the end-to-end checksum system that lets ZFS notice when data is corrupt, and then repair it.

ZFS obsoletes the concept of partitions by treating all available storage as a pool. This maps well to RAID setups and helps explain why FreeBSD is popular for building NAS appliances.

With ZFS you also get cheap snapshots, deduplication, and built-in compression, and if you use both ZFS and jails, a new jail can be created quickly regardless of how big the jail itself is.

Would you like to know more?

Everything already works on FreeBSD.

FreeBSD maintains a system called ports which can compile over 25,000 different software packages. The purpose of ports is to maintain a clean system for building software on FreeBSD, which sometimes includes patching the original code. Each Makefile knows how to fetch source code, compile it, and install it.

FreeBSD maintains binaries built using ports that can be installed using the pkg command.

Compiling tools is time consuming and tedious. In the event a binary package isn't available, it is very likely the package can be built using ports.

Would you like to know more?

Important companies already choose FreeBSD.

The license differs from the GPL in that users can modify the OS without being forced to expose any work done. This difference is what allows FreeBSD to be used as the foundation for work done by Apple, Netflix, and Sony. There is enormous social proof among its cohort of users, yet it is not too well known.

From the point of view of a company, using FreeBSD represents the possibility to use the same stack with a new OS and gain significant performance improvements immediately.

You should Try It

Trying FreeBSD is easy.

The FreeBSD project uploads VM images to Atlas for use with virtualbox or vmware. Amazon Web Services, Digital Ocean, and Linode support FreeBSD.

Turn on your Playstation 4. Watch something on Netflix. Txt someone what you watched. You're already using FreeBSD.

Would you like to know more?

Articulations

Oversharing

It is often said that sharing is caring, but there is also such a thing as oversharing. A constant drum beat in most organizations is that individuals, teams, departments, managers, just about everyone, should share more. Unfortunately, sharing information has diminishing returns and can even be a net negative if it gets out of hand.

The desire for sharing more at an organizational level is righteous. Even in the most well run company, information will fall between the chairs every now and then. The person with less information is almost always the one that pays for it by having to work harder. These slips can cascade through a group, effecting multiple teams because one person or team has to miss a deliverable to hit another one. That is the sort of injustice that cries out to be fixed.

On the other hand, it's unclear exactly how to fix it. People want information sooner, they want more of it, and they want it in a place they can find it. In many organizations this will turn into an initiative to setup Confluence and teams will be pushed to add more documentation to their backlog. However, that Confluence setup is probably replacing a MediaWiki setup from a previous initiative along the same lines and that backlog will probably be about updating documentation that has gone stale. In other words, the initiative is unlikely to have a lasting change.

Before kicking off an attempt to fix communication, it is worth evaluating the value of such an initiative by asking a few questions:

  1. Is the cause of the initiative a pattern or an accident?

    It's nigh-impossible for any company to run without communication mistakes. Sometimes accidents happen in a busy place. Not every mistake is a systemic dysfunction.

  2. How expensive will it be to communicate more?

    As Brooks pointed out long ago, communication is not cheap. It takes time to produce information and it takes time to consume it. If every team increased their more information output, in a reasonably sized company the amount produced quickly approaches as Russian novel. Consuming all of that information is time consuming and it is likely that most of it will be irrelevant to other teams. All of that effort can easily distract from increasing shareholder value.

  3. How will people find relevant information?

    More knowledge sharing also comes at the cost of finding that information. Many tools, such as Confluence, do not have advanced search features but rely on the data being put into it in an organized way. One person's organization is another person's confusion, however, and finding information can be time consuming and frustrating.

By no means should an organization give up on sharing knowledge. However, one needs to take the time to balance the cost versus benefit. In too many cases it is assumed that sharing more information is always better. With all things complicated, it depends. Before going hog-wild with such an initiative, one should be sure that the organization is actually dysfunctional enough to require one.

Monthly Consumption

Books

  • The Martian by Andy Weir (link)
  • A Guide to the Good Life: The Ancient Art of Stoic Joy by William B. Irvine (link)
  • Charlie Munger: The Complete Investor by Tren Griffin (link)
  • Ready Player One by Ernest Cline (link)

Papers

  • A Delay-Tolerant Network Architecture for Challenged Internets by Kevin Hall (2003) (link)
  • A Bundle of Problems by Lloyd Wood et al (2009) (link)
  • Use of the Delay-Tolerant Networking Bundle Protocol From Space by Lloyd Wood et al (2008) (link)
  • Sharing the dream: The consensual networking hallucination offered by the Bundle Protocol by Lloyd Wood et al (2009) (link)
RSS