[c2k10] Interview with Marco Peereboom (marco@) Part 8

It has been said that Marco Peereboom (marco@) has been reinventing the Internet since 2000. Indeed, he has done a tremendous amount of work to help improve OpenBSD in various areas besides creating a slew of very useful Open Source applications. He is a fan of Finite-state Machine and has a passion for doing things the OpenBSD way.

Read on to find out more about marco@, softraid(4) and more:

[c2k10] Article Series: 1 2 3 4 5 6 7 8 (more to follow)

In 2000 (2.7 again), Marco Peereboom (marco@) read the same book that got me hooked on OpenBSD. When working with other operating systems, he said that he would get an aneurism when working with Windows and he thought that Linux did things on purpose to annoy people. He further explained that they have a bazaar model. Everyone shows up with their own basket of goods to sell. His frustration with other operating systems is what brought him to OpenBSD and it has been a mutually beneficial relationship ever since.

On March 21, 2004, he made his first commit as an OpenBSD developer. He started working on softraid with encouragement from Theo. Six years later, he is still working on softraid with more encouragement from Theo. In between, he also worked on bioctl(8); rewriting the SCSI subsystems to be simple but done right. Then came another ongoing labour of love helping others with acpi(4). Later he wrote a small nifty program called adsuck to reduce the amount of ads and other annoyances while surfing the Internet. He also created a wonderful tiling window manager called scrotwm that I've switched over to completely. Most recently, he created a no-nonsense minimalist web browser called xxxterm with native vi key bindings and some vimperator functionality. There's a lot more in the pipeline but I don't want to spoil the surprise.

Did you ever wonder why OpenBSD seemed to always work very well on Dell hardware? OpenBSD works so well on Dell hardware that it has been my preferred choice for server hardware for some time now. marco@ worked at Dell for about 13 years as a Senior Storage Architect/Engineer. His OpenBSD work stemmed from his interest in storage systems. Some of the stories that he tells are very interesting and his advice is always highly respected and appreciated by those who know he is an authority on pretty much anything related to storage.

On more than a few occasions, my ears would perk up whenever I heard him talking about hard drives and storage technology. It is a modern day miracle that hard drives do what they do and survive. He gave me an analogy of this found in this presentation. "In 2004, the head flying height was equivalent to a Boeing 747 airliner flying at 0.05 cm above the ground and travelling at 92 Km/h (7200 RPM drive)." That was in 2004. What would that translate into these days? I also remember him giving some advice when using older drives - a sort of drive reconditioning. If you periodically dd them before use, you can reallocate all bad blocks. marco@ said, "dd if=/dev/rsd1c of=/dev/null bs=1m. Do that like 10 times and if you keep producing errors, then get rid of the drive. However, it is generally the most effective way of keeping your drives alive.

Both Joel Sing (joel@) and marco@ have been working together to improve softraid(4). Here are some of the ideas that have been floated around:

• Softraid crypto options: a) A passphrase b) A key disk c) A key disk AND a passphrase d) A key disk OR a passphrase.
• Two factor authentication: need to know password and have the key volume in order to decrypt data.
• Get / or /home or /tmp on crypto softraid and possibly / on a keydisk-only volume and run the rest with a password+keydisk.
• Multiple users/accounts
• Forced password changes after N days
• Password strength enforcement
• Password reuse prevention
• Support password changes against the key disk
• Locking after N days of non-use
• Escrow
• Support for real crypto tokens (USB, smartcards, etc), that would work like the key disk but would be much harder to copy, making it much closer to 'real' two-factor.
• Over-the-network 'keydisk' option over tftp or https for example that would allow decryption (either with or without a password) only when on the right trusted network i.e., tightly controlled local network.
• VMware option to make softraid crypto disks store a zero'd out plain text block as a zero'd out cypher text.

For something that may sound trivial to do like having /home on softraid crypto, there are a 100 things that need to get done before this can be implemented properly. They have been thinking about all the possible use cases and potential problems. However, they have worked out where the disk starts in order to put the metadata i.e., where the gap at the beginning of the disk starts and ends. This is very important as and when the metadata changes. There will be no more cranking or flag days. Well there will be cranking but it will be transparent to the user going forward. Besides crypto, marco@ has been working on scrubing for RAID5 volumes to be more conservative and safer. He is also working on queuing of I/O (at present 20-25% under load) so that eventually they will have no sorting of I/O operations.

Here's what marco@ had to say about c2k10:

For me it was more a yackathon. I spent most of my time talking to various people about new features and how to go about them. These features are:

• softraid(4): We want boot and scrub (mentioned in the CAVEATS section). We also wrote a transparent metadata update so people don't have to suffer through a painful backup and restore on the 4.7 to 4.8 upgrade.
• bioctl(8) and bio(4): We want a tool more like ifconfig(8) like and we want to run all bio commands through the IO path instead of the sideband IOCTL interface.
• acpi: As usual, I debugged a bunch of ACPI thingies and improved our suspend/resume support.

Did some more stuff but this ought to cut it :-)

As you can see, marco@ has done a lot in 10 years since he started reinventing the Internet. He is probably the one person who has made my life working with computers more hassle free, simpler, and efficient. He is a great example of someone (and there are many in the OpenBSD project) who make things better for themselves as the primary reason and we become the fortunate recipients of their effort. His effort over the years is one of the reasons that I try to support his efforts and OpenBSD whenever possible. He is a true Open Source Engineer at heart and follows the "Put up (code) or shut up" mentality that helps to define the OpenBSD way. Thank you for your support!

Mark T. Uemura