New 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗮𝗻𝗱 𝗣𝗼𝘂𝗱𝗿𝗶𝗲𝗿𝗲 𝗶𝗻 𝗛𝗶𝗴𝗵 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗘𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁𝘀 [FreeBSD and Poudriere in High Security Environments] article on vermaden.wordpress.com blog.

https://vermaden.wordpress.com/2026/01/07/freebsd-and-poudriere-in-high-security-environments/

#verblog #freebsd #harvester #pkg #poudriere #server

building FreeBSD release media (the installer) with pkgbase instead of installworld: https://reviews.freebsd.org/D54542

this is much faster, and also means you could build media from pkg.f.o without having to build src first, which is handy for building custom media.

and a few more changes in that stack to try to make this a bit more configurable and less finicky and error prone, since building the media has always been a bit of a hassle, especially if something goes wrong.

hopefully we can get all the release improvements for 16 in early enough that we're not left rushing to fix everything before release like we were with 15.

next: allowing the pkgbase installer to handle multiple kernel options, so we can provide both debug and non-debug GENERIC on the media…

#freebsd

We've got some cool stuff in the works for you!

Internal testing is in progress on a Bastille webUI and API. Not yet ready for release, but things are coming along nicely right now. We decided to build this project in Go.

Also, still working on the BastilleBSD ISO updates for 15.0-RELEASE. At this rate it may be 15.1-RELEASE before it's ready.

#BastilleBSD #FreeBSD #API #Go

3. Tag nach dem #stromausfall in Berlin. Das Notstrom Aggregat läuft - zickt/bockt aber manchmal rum...
#Windows Server: "Mimimimi... ich wurde nicht richtig runtergefahren und bin jetzt beleidigt."

#FreeBSD und #ZFS: Chill Brudi... hab alles gecheckt - läuft wieder.

#OpenBSD : War was?

Seems like pkg is broken not only for me

https://github.com/freebsd/pkg/issues/2575

#freebsd

security/gnupg updated to 2.4.9 in #FreeBSD ports. This is stopgap, something I can cherry-pick to quarterly.

The update to 2.5.16 (the now-it-means-the-stable branch) is more ports-fuckery than I can handle this evening. Basically because the -is-gpg2 flag went away, so POLA means that I need to wrangle that myself, along with dealing with gnupg1 and gnupg24.

@daltux Don't know about the Linux, but on #FreeBSD , if you have enabled mouse in tty console (moused daemon was started) — the middle-click copy-paste working as intended :-)

CC @phoronix @librewolf

Last week I had a chat with a colleague who is highly specialized in Microsoft solutions. Young but not too young, smart, not very up to date simply because he has little time for anything else. His specialization depends entirely on where he works, not on personal interest. Lately he seemed a bit disillusioned with some choices made by "other operating systems", and he was starting to consider moving his personal projects toward Microsoft as well, since he already had the experience. Still, he said it with boredom. With the attitude of someone who is tired of wasting time.

He had heard of the BSDs but had never tried installing them. He was convinced that there were no decent hypervisors outside the Linux world and that KVM belonged to Linux alone. I had the terrible idea of showing him the BSDs, how great bhyve is, and how nvmm on NetBSD uses qemu underneath, making it almost a replacement for KVM in many setups. He lit up with the look of someone waking up from a long sleep. I also had the terrible idea of showing him illumos and its distributions. He had no clue it existed and thought old, great Solaris had been dead for years thanks to Oracle.

He called me a little while ago. He was furious. He spent the whole weekend doing tests and now he has no idea what to use among FreeBSD with bhyve, NetBSD with nvmm, and illumos with bhyve or kvm. He is slowly starting to explore jails and illumos zones. He was annoyed (in a positive way) because now he does not know what to pick since everything feels so different from what he was used to, and he found advantages in each option.

I am obviously happy about it, but I also wonder: instead of reinventing the wheel every time, would it not sometimes be better to simply broaden our horizons?

#IT #SysAdmin #OperatingSystems #FreeBSD #Linux #NetBSD #OpenBSD #DragonflyBSD #illumos #SmartOS #OmniOS #OpenIndiana #Tribblix

Great, with Version 1.3.0, Ly display manager introduced a brightness feature, where you can increase or decrease brightness. I never felt the urge to change the brightness of my black login screen with green text, but now it's there.... Pressed F5, nothing happened but a message appeared "failed to change brightness".

It seems that Ly tries to use brightnessctl to adjust display brightness, which is not available on FreeBSD.

I really liked Ly because it's a simple and easy to use display manager with a minimalistic approach, but I have the feeling that more and more open source software is being developed with a focus on Linux, leaving other systems out in the cold.

#Ly #FreeBSD

@Tionisla me and friends are trying to port NeXT to #freebsd Maybe the next DE is the NeXT de ;)

https://github.com/trunkmaster/nextspace/tree/freebsd

@Larvitz @tux #FreeBSD and #ZFS in its glory! :D Nice!

It's Tuesday so you know what that means.

Each week we're showcasing some of the many automated jail templates available in BastilleBSD.

This week we're building with:

Caddy - The ultimate server with automatic HTTPS
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go.

https://github.com/BastilleBSD/templates/blob/main/www/caddy/Bastillefile

#FreeBSD #BastilleBSD #Rocinante #Caddy #TemplateTuesday

We take data-safety of our Mastodon user data serious and have implemented multiple levels of backups with rigorous bi-yearly restore tests and documentation.

We do:
- Periodic local file system snapshots (Every 15 minutes).

- Filesystem replication to backup-server in Germany (Hetzner, Falkenstein).

- Filesystem replication to second backup-server in Switzerland (Equinix ZH4, Zürich).

- GPG Encrypted Application-layer backup (PostgreSQL, Mastodon configuration) to server from @tux in Germany.

Every single of those backup-layers is monitored, tested (and recover-tested) bi-yearly at least.

Our infrastructure runs on FreeBSD/ZFS with one backup-layer using "zfs send/recv" plus an addition application backup layer that's using pg_dump+gpg. Just to be on the safe side.

All backup-jobs are monitored and the status (success/fail) is transperently visible on https://status.burningboard.net/

#mastodon #mastoadmin #freebsd #zfs #backups #digitalindipendence

@charlesrocket in Reddit, I added a comment with a quote from (and link to) GitHub, because Readers Are Lazy™.

If you use new Reddit on desktop, you might be able to edit the same (or similar) into your opening post.

<https://www.reddit.com/r/freebsd/comments/1q4vbl6/ghostty_port_has_arrived/> | <https://redd.it/1q4vbl6> – I'll make the post a community highlight (pinned) for, maybe, a few days.

Last but not least: thank you. You're always so generous, and positive.

#FreeBSD

Does anyone know if FreeBSD client access compatibility with smbv3 shares is being worked on?

mount_smbfs

#FreeBSD #RunBSD #samba #smb

Is there any rhyme or reason to your host naming scheme?

Planets? Heroes of myth and legend? Periodic elements?

Mine are all over the place.

#FreeBSD #BastilleBSD

@BastilleBSD

I often name or rename a host to signify its origin, or the issue with which a VirtualBox guest (or snapshot thereof) is associated.

The screenshot here does not show any host name, but does show some of the variety in guest and snapshot naming.

I have a fairly large number of hosts that are named 'blah', because the name will be insignificant for test purposes.

#FreeBSD #Oracle #VirtualBox #host #guest

Alt...

Screenshot: various guest names and snapshot names in Oracle VirtualBox.

Goodbye Linux & Podman, hello FreeBSD & Jails!

Just migrated my blog (https://blog.hofstede.it) to a fully native BSD stack (where my Gemini Capsule was already living).

Stack (using Bastille VNET Jails):
- Caddy (Ingress, TLS, Reverse-Proxy)
- Nginx Jail (Internal. Static file serving)
- PF

The Cool Part: A Zero-Trust CI/CD pipeline.

My Forgejo runner deploys via restricted rrsync into an air-gapped "transporter" jail, which nullfs mounts the web root.

Security: Source-IP restricted, no interactive shells, no PTY.

The simplicity of files-on-disk beats container abstraction every time.

#BastilleBSD #SelfHosted #SysAdmin #IPv6 #ZFS #FreeBSD #RunBSD

after months of work, my #ghostty port is ready https://www.freshports.org/x11/ghostty/

#freebsd #terminal

Reminder to periodically go compare your bastille.conf with the upstream sample for new entries and updates.

I'm willing to bet more than one of you are missing updates in the bastille.conf.

> cd /usr/local/etc/bastille
> diff -u bastille.conf bastille.conf.sample

Merge new entries into your config to make use of the latest fixes and features (including the new `monitor` command).

#FreeBSD #BastilleBSD

Over the next month going to decide whether I will "upgrade" my TrueNAS to https://zvault.io, vanilla FreeBSD with undetermined VM and jail managers.

The hypervisor really just runs zelta to push backups out.

Somewhat depends on what replaces the bhyve manager and iocage on stock FreeBSD, so if you have suggestions. Also maybe the "system health" reporting and other things like scheduled scrubs.

#FreeBSD #zVault

In the light of me looking for an alternative to plasma6 some more tweaking of lxqt. It's slowly getting there... Panel on the left, some pinned apps, icon only taskmanager, systray, using Qogir icons and XFWM4 for windowmanaging and with elementary theme for xfwm4, gtk and gtk-qt5/6, (forgot how cool it looked)

Will see if I can get DockbarX lxqt plugin to work on FreeBSD for a real dockapp handling. It doesn't seem to be in pkgs.

Now, I just have to remember what I did on this spare machine to transfer it on to my other machines...🤷‍♀️

#FreeBSD #RunBSD #lxqt #plasma6 #workflow

Alt...

LXQT Desktop on FreeBSD. There's a panel on the left side showing pinned and running applications. On the desktop there is the lxqt-about program showing some stats about the lxqt, qt version etc. wallpaper showing a fractalised Bird in a snowy wood and is called "Oiseau d'hiver" by @orbite

Alt...

LXQT Desktop on FreeBSD. There's a panel on the left side showing pinned and running applications. On the desktop the pcmanFM filemanager and the audacious mediaplayer are left tiled. A image preview is tiled on the right side wallpaper showing a fractalised Bird in a snowy wood and is called "Oiseau d'hiver" by @orbite

Another migration complete. Our Mastodon instance burningboard.net now has a working full-text search again!

Before:
Elasticsearch 7.x on Debian Linux

Now:
Opensearch 3.2.0 on FreeBSD 15.0-RELEASE

Importing 2 billion(!) docs into the search index took a couple of hours, but now that piece of infrastructure is also modernized and fully operational.

For performance reasons, opensearch runs on a seperate physical server than the rest of the Mastodon instance itself.

#elasticsearch #opensearch #linux #freebsd #mastodon #mastoadmin /cc @tux

Latest 𝗩𝗮𝗹𝘂𝗮𝗯𝗹𝗲 𝗡𝗲𝘄𝘀 - 𝟮𝟬𝟮𝟲/𝟬𝟭/𝟬𝟱 (Valuable News - 2026/01/05) available.

https://vermaden.wordpress.com/2026/01/05/valuable-news-2026-01-05/

Past releases: https://vermaden.wordpress.com/news/

#verblog #vernews #news #bsd #freebsd #openbsd #netbsd #linux #unix #zfs #opnsense #ghostbsd #solaris #vermadenday

@xogium Thank you and congratulations for this analysis. The #FreeBSD operating system provides a powerful command-line interface for configuring and using the system. Some utilities have a TUI and therefore have screen reader accessibility issues, exactly as described above. I am aware of this problem and described it to other FreeBSD programmers last year at the Dev Summit. We are currently designing and developing one-dimensional CLIs specifically for screen readers that will provide alternatives to the TUIs. Accessible CLIs will be available in the operating system installer; I previewed and demoed them at the 2025 European BSD Conference. The project is sponsored by the @FreeBSDFoundation I am currently in contact with blind and visually impaired associations for testing and feedback, and of course with the FreeBSD accessibility mailing list. I hope to complete the project as soon as possible.

It is #ManpageMonday so we're sharing snippets from man pages. To dig deeper, see `man bastille-bootstrap`.

EXAMPLES
Bootstrap 15.0-RELEASE:
> bastille bootstrap 15.0-RELEASE

Bootstrap official BastilleBSD templates:
> bastille bootstrap https://github.com/BastilleBSD/templates

Bootstrap 15.0-RELEASE using PkgBase:
> bastille bootstrap -p 15.0-RELEASE

Bootstrap 15.0-RELEASE using i386 as the arch:
> bastille bootstrap 15.0-RELEASE --i386

#FreeBSD #BastilleBSD

https://www.tara.sh/posts/2024/2024-04-18_hermit_summary/

#BSD #RunBSD #FOSS #Unix #minimalism

As for #FreeBSD #jails security. The post at https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/ from earlier 2025 is a nice though somewhat opinionated summary, but in hindsight of end-of-2025 research (https://github.com/iljavs/FreeBSD-Jail-Security-Research-Mirror), might be nice to get some updates.

If you uninstall all the GPU firmware packages (my bad), then `kldload amdgpu` will panic in a way that is very similar to the panic described in drm-kmod issues. This makes me doubt the accuracy of my revious #FreeBSD kernel-patch-testing atttempts.

(Regardless, installing the AMD firmware gets me back up-and-running)

@daftaupe the choice is not at all weird, it's explained in the information that the FreeBSD Foundation has made available.

#FreeBSD #KDE #Plasma

Hello, happy new year! I mostly didn't go on the computer in the last couple of weeks, very nice and chill time!

When I did go on the computer, I made a more serious start on figuring out how my #quiz kernel dev system might go at hosting #FreeBSD. Still just experimental, but it looks like making small adjustments to the release ISO images might be the way to approach it.

As always, a long way to go, but hopefully I'll have a little more time to play with it this year!

https://despairlabs.com/presentations/quiz/
https://asciinema.org/a/sOiNIE2XnkGT52Etwg0uyRSZq

@ly2en try SDDM instead of GDM.

SDDM was fine with GNOME when I tested a few days ago.

#FreeBSD #SDDM #GNOME

signify-rs 0.3.0 is released! The main code now runs sandboxed with #capsicum on #FreeBSD, #pledge/#unveil on #OpenBSD, and #landlock on #Linux. File opens are hardened with openat2 on Linux and O_NOFOLLOW on #unix. Resource limits are set for further hardening. Code fixed to create deterministic signatures, bit-exact with the reference implementation. Refer to the ChangeLog for more information: https://git.sr.ht/~alip/signify/tree/main/item/ChangeLog.md #rustlang #security

Yesterday I've tried #FreeBSD on a decent laptop again.

I prefer Gnome/GDM over Plasma so just went by the handbook tutorial. Based on my findings, GDM is broken for 6 months on #FreeBSD and nobody cares, despite the budget of $750,000 allocated in Q4 2025 to the "Laptop Support and Usability Improvements Project".

I will try to find a fix for this next week for free. This post is not quite a rant but more like a bookmark:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287955

@Tionisla It's hard to read the future.

I really like sddm, it is Wayland compatible, works nicely, looks nice and is customizable.

I get why a desktop environment may want to have its own session manager.

I guess Xfce is the way forward? It may be time for the FreeBSD community to engage the developers of other DE's to understand intentions re: systemd.

As far as I know the only DE's that have Wayland momentum are Budgie, MATE, LXQt, Cinnamon. Are Budgie or Cinnamon available in FreeBSD? Pantheon (elementary) is Wayland but I suspect it is closely tied to systemd .

GhostBSD's Gershwin is intriguing but sounds like it's early days for Wayland support.

DE's are an easy button that I appreciate but I guess going back to old skool methods like rolling yer own desktop using something like Wayfire, labwc, hikari, etc, with ly, lightdm, sddm is future proof(ish).

With KDE abandoning sddm will it be maintained? That's another question.

#FreeBSD #RunBSD #Xfce #sddm #GhostBSD #MATE #LXQt #Budgie