Valuable News – 2026/03/16

Leave a reply

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

Pwning NetBSD aarch64 (ARM).
https://feyrer.de/NetBSD/bx/blosxom.cgi/nb_20260308_1932.html

Test Driving NetBSD-11.0RC2 on ARM Hardware in VM.
https://feyrer.de/NetBSD/bx/blosxom.cgi/nb_20260308_1626.html

UNIX 2dsh Experimental Shell for Connecting Processes with Multiple Data Streams.
https://tuhs.org/Archive/Documentation/Papers/2dsh.pdf

Linux seccomp Unsafe at Any Speed. [2022]
https://blog.habets.se/2022/03/seccomp-unsafe-at-any-speed.html

FreeBSD Git Weekly: 2026-03-02 to 2026-03-08.
https://freebsd-git-weekly.tarsnap.net/2026-03-02.html

FreeBSD 14.4-RELEASE Now Available.
https://lists.freebsd.org/archives/freebsd-announce/2026-March/000228.html

FreeBSD 14.4-RELEASE Release Notes.
https://freebsd.org/releases/14.4R/relnotes/

FreeBSD 14.4 Review: Most Reliable Unix System Yet.
https://techrefreshing.com/freebsd-14-4-review/

FreeBSD 14.4 Released for Those Not Yet Ready to Move to FreeBSD 15.
https://phoronix.com/news/FreeBSD-14.4-Released

New kjail Release with PKGBASE Support.
https://github.com/Emrion/kjail-pkgbase

Major Update to drm(4) Code in OpenBSD-current.
https://undeadly.org/cgi?action=article;sid=20260310102936

MidnightBSD Bans Users in Brazil and California – Warns More Regions Could Follow.
https://itsfoss.com/news/midnightbsd-age-verification/

OpenBSD-current Moves to 7.9-beta.
https://undeadly.org/cgi?action=article;sid=20260311062921

FreeBSDKit: Swift Package to Write Capability Aware FreeBSD Apps.
https://christiantietze.de/posts/2026/03/freebsdkit-swift-package-write-capability-aware-freebsd-apps/

TinyGate is Lightweight Cross Platform HTTP/HTTPS Reverse Proxy.
https://github.com/sibexico/TinyGate/tree/dev

FreeBSD Jails Orchestrator jrun(8) Now Ready to Use.
https://reddit.com/r/freebsd/comments/1rq6lqm/jrun_the_jail_orchestrator_now_ready_to_use/

AMDGPU Crash with FreeBSD 15.0 on My Laptop – Why and What are Possible Solutions.
https://vincentdelft.be/post/post_20260311

Arkime 6 Open Source Network Analysis/Packet Capture Tool with FreeBSD Support.
https://arkime.com/release-v6

OPNsense 26.1.4 Released.
https://forum.opnsense.org/index.php?topic=51239.0

Wlasny Serwer FreeBSD – Czesc 4 – Certyfikat TSL/SSL. [Polish]
https://linuxiarze.pl/wlasny-serwer-freebsd-cz-4-certyfikat-tsl-ssl/

Wlasny Serwer FreeBSD – Czesc 5 – Serwer FTP. [Polish]
https://linuxiarze.pl/wlasny-serwer-freebsd-cz-5-serwer-ftp/

BSD Router Project 2.1. [Polish]
https://linuxiarze.pl/bsdrp-2-1/

UNIX System – Sun Technical Report. [1985]
https://drive.google.com/file/d/1dW6l6cFAiqTKj3bmTulynKQuOHeHMx0u/view

Delayed Hibernation Comes to OpenBSD/amd64 Laptops.
https://undeadly.org/cgi?action=article;sid=20260312185620

TrueNAS Reboot Loop – VM Load and NVMe That Would Not Stay Seated.
https://blog.cabroneria.com/post/0007_truenas_nvme_reseat_reboot_loop/

FreeBSD Foundationals – ZFS – Last Filesystem You Will Ever Need.
https://blog.hofstede.it/freebsd-foundationals-zfs-the-last-filesystem-youll-ever-need/

Sylve: Bhyve Virtualization and Clustering on FreeBSD.
https://gyptazy.com/blog/sylve-a-proxmox-alike-webui-for-bhyve-on-freebsd/

SpamAssassin for Sendmail on FreeBSD.
https://micski.dk/2026/03/11/spamassassin-for-sendmail-on-freebsd/

How to Install Mullvad VPN with WireGuard on FreeBSD. [2025]
https://micski.dk/2025/10/23/how-to-install-mullvad-vpn-with-wireguard-on-freebsd/

Changing GELI Passphrase/Password on Multiple Disks. [2025]
https://micski.dk/2025/09/02/changing-geli-password-on-multiple-disks/

Fast and Smart fastfind/ff File Search with Fuzzy Matching and Natural Language Queries.
https://github.com/RobertFlexx/fastfind

FreeBSD Home NAS – Part 11 – Extended Monitoring with Additional Exporters.
https://rtfm.co.ua/en/freebsd-home-nas-part-11-extended-monitoring-with-additional-exporters/

FreeBSD Home NAS – Part 12 – Synchronizing Data with Syncthing.
https://rtfm.co.ua/en/freebsd-home-nas-part-12-synchronizing-data-with-syncthing/

FreeBSD Home NAS – Part 13 – Planning Data Storage and Backups.
https://rtfm.co.ua/en/freebsd-home-nas-part-13-planning-data-storage-and-backups/

FreeBSD_Home NAS – Part 14 – Logs with VictoriaLogs and Alerts with VMAlert.
https://rtfm.co.ua/en/freebsd-home-nas-part-14-logs-with-victorialogs-and-alerts-with-vmalert/

FreeBSD 14.4 Released with Better Security/Storage/Cloud Support.
https://ostechnix.com/freebsd-14-4-released/

Switching from Void Linux to FreeBSD.
https://leanghok.bearblog.dev/switching-from-void-linux-to-freebsd/

Tutorial: Write Your Own X11 Bar.
https://leanghok.bearblog.dev/write-your-own-bar/

MidnightBSD Excludes California from Desktop Use Due to Digital Age Assurance Act.
https://ostechnix.com/midnightbsd-excludes-california-digital-age-assurance-act/

GotHub All the Things.
https://x61.sh/log/2026/03/14032026191148-gothub.html

5BSD Forked from FreeBSD.
https://github.com/5BSD

FreeBSD mac_abac(4) Label Based MAC Using Extended Attributes.
https://github.com/5BSD/mac_abac

Keyvault – FreeBSD Kernel Resident Encryption Keys and Capabilites.
https://github.com/5BSD/Keyvault

Convert FreeBSD PKGBASE Installation into Distribution Sets.
https://lists.freebsd.org/archives/freebsd-current/2025-December/009572.html

Linux Firewalls: How to Actually Secure Cloud Server with iptables/nftables/firewalld/ufw.
https://blog.hofstede.it/linux-firewalls-how-to-actually-secure-a-cloud-server-iptables-nftables-firewalld-ufw/

Unlocking Secondary Disks on OpenBSD.
https://blog.thechases.com/posts/bsd/unlocking-secondary-disks/

BSD Now 654: Plasma Rage.
https://www.bsdnow.tv/654

Is OpenBSD… Exotic? Community Member Perspective.
https://pvs-studio.com/en/blog/posts/cpp/1353/

FreeBSD Users: We Need to Talk About Claude Code.
https://stevengharms.com/posts/2026-03-04-freebsd-users-we-need-to-talk-about-claude-code/

Podman is Home Lab Ready on FreeBSD.
https://aumont.fr/posts/podman-freebsd/

Maolan is Open Source Digital Audio Workstation for Linux/FreeBSD.
https://maolan.github.io/

Developers Guide to Generative AI in FreeBSD.
https://delphij.net/temp/ai-guide.html

UNIX/Audio/Video

How to Setup and Configure Bhyve in FreeBSD.
https://youtube.com/watch?v=E47Pd0P58Co

Running AI on FreeBSD (CUDA Problem).
https://youtube.com/watch?v=SXevnsbSAAk

2026-03-11 OpenZFS Production User Call.
https://youtube.com/watch?v=DirKkjgtg4s

2026-03-12 Bhyve Production User Call.
https://youtube.com/watch?v=RILtMsciJfk

FreeBSD as Desktop in 2026 – Surprisingly Good.
https://youtube.com/watch?v=2EFG3BO6oVY

Hardware

AMD Launches Ryzen AI Embedded P100 Series 4/6/8/10/12 Core Models.
https://phoronix.com/news/AMD-Ryzen-Embedded-P100-Series

RISC-V is Slow.
https://marcin.juszkiewicz.com.pl/2026/03/10/risc-v-is-sloooow/

Hisense VIDAA TVs Reportedly Add Unskippable Startup Ads Before Live TV.
https://guru3d.com/story/hisense-vidaa-tvs-reportedly-add-unskippable-startup-ads-before-live-tv/

Life

US/Illinois Joins Age Verification for Operating Systems Bandwagon.
https://youtube.com/watch?v=1MJXRRRyMSU

Valve Just Rejected Government Demands.
https://youtube.com/watch?v=-h2q-3NCbYk

Talent Pipeline is Collapsing. Your Team Will Feel It Next.
https://newsletter.thelongcommit.com/p/the-talent-pipeline-is-collapsing

EU Regulation Review – Entire Corpus of EU Regulation Reviewed by Grok.
https://bettereu.com/

Computer Scientists Caution Against Internet Age Verification Mandates.
https://reason.com/2026/03/04/computer-scientists-caution-against-internet-age-verification-mandates/

I Traced $2B in Nonprofit Grants and 45 States of Lobbying Records Who is Behind Age Berification.
https://reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/

Other

LibreOffice Criticizes EU Commission over Proprietary XLSX Formats.
https://heise.de/en/news/LibreOffice-criticizes-EU-Commission-over-proprietary-XLSX-formats-11202165.html

LibreOffice 26.2 is Here – Faster and More Polished Office Suite that You Control.
https://blog.documentfoundation.org/blog/2026/02/04/libreoffice-26-2-is-here/

You Are Dumb Security Leader if You Mandate Password Rotation.
https://georgeguimaraes.com/youre-dumb-security-leader-if-you-mandate-password-rotation/

Myrient Archive Tracker.
https://myrient.org/

RSS Still Wins in 2025.
https://jeffmackinnon.com/RSS.html

Expanding (and Sharing) List of Blogs I Follow via RSS.
https://neilzone.co.uk/2024/05/expanding-and-sharing-the-list-of-blogs-i-follow-via-rss/

You Deleted Everything and AWS is Still Charging You.
https://jvogel.me/posts/2026/aws-still-charging-you/

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF

Valuable News – 2026/03/09

Leave a reply

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

Fastest macOS nanobrew Package Manager.
https://nanobrew.trilok.ai/

FreeBSD Git Weekly: 2026-02-23 to 2026-03-01.
https://freebsd-git-weekly.tarsnap.net/2026-02-23.html

DIY Home Network with OpenBSD/OpenWrt/Pi-Hole.
https://btxx.org/posts/diy-home-network/

Announcing New Version of Oracle Solaris Environment for Developers.
https://blogs.oracle.com/solaris/announcing-a-new-version-of-our-oracle-solaris-environment-for-developers

Run Fully Isolated Environments on macOS with Powered by FreeBSD.
https://github.com/hyphatech/jailrun/

OpenBSD on SGI: Rollercoaster Story.
http://miod.online.fr/software/openbsd/stories/sgiall.html

Benchmark of ImpossibleCloud S3 Object Storage.
https://freebsd.uw.cz/2026/03/benchmark-of-impossiblecloud-s3-object.html

NFS on FreeBSD with ZFS.
https://freebsd.uw.cz/2026/03/nfs-on-freebsd-with-zfs.html

Flight Record About MinIO.
https://tara.sh/posts/2026/2026-03-02_minio/

NetBSD 11.0 RC2 Available.
https://blog.netbsd.org/tnf/entry/netbsd_11_0_rc2_available

NetBSD 11.0 RC2 Released for Testing.
https://phoronix.com/news/NetBSD-11.0-RC2-Released

Oracle Updates Free Solaris CBE to 11.4.190 for Open Source Developers.
https://phoronix.com/news/Oracle-Solaris-CBE-2026

Latest GhostBSD 26.1-R15.0p2-03-06-09 Test ISO.
https://ci.ghostbsd.org/jenkins/job/stable-15/job/Build%20ISO%20For%20Testing%20Packages/6/

FreeBSD Capsicum vs Linux seccomp Process Sandboxing.
https://vivianvoss.net/blog/capsicum-vs-seccomp

Service Management: FreeBSD init(1) vs Linux systemd(1).
https://vivianvoss.net/blog/init-vs-systemd

ZFS Snapshots and Boot Environments: FreeBSD Safety Net.
https://vivianvoss.net/blog/zfs-the-safety-net

Technical Beauty: FreeBSD Jails.
https://vivianvoss.net/blog/technical-beauty-jails

Technical Beauty: ZFS.
https://vivianvoss.net/blog/technical-beauty-zfs

Technical Beauty: OpenSSH.
https://vivianvoss.net/blog/technical-beauty-openssh

Technical Beauty: sed(1).
https://vivianvoss.net/blog/technical-beauty-sed

Technical Beauty: rsync(1).
https://vivianvoss.net/blog/technical-beauty-rsync

Technical Beauty: ffmpeg(1).
https://vivianvoss.net/blog/technical-beauty-ffmpeg

Book of PF (4th Edition) is Here and Its Real.
https://medium.com/@peter.hansteen/the-book-of-pf-4th-edition-its-here-it-s-real-8c14e4dbd0bd

FreeBSD 15.1 on Track with Better Realtek WiFi and KDE Desktop Install Option.
https://phoronix.com/news/FreeBSD-15.1-Realtek-KDE-Wins

Introducing ACPI Driver for System76 on FreeBSD.
https://reddit.com/r/freebsd/comments/1rndi1y/introducing_acpi_driver_for_system76_on_freebsd/

FreeBSD and dwl on 2010 ThinkPad.
https://awklab.com/freebsd-dwl

AWK: Syntax Essentials.
https://awklab.com/awk-syntax-essentials

AWK: Zero Setup Pre Processor.
https://awklab.com/awk-the-zero-setup-pre-processor

AWK: Practical Benchmarking.
https://awklab.com/practical-awk-benchmarking

Wine 11.4 Released with More Improvements.
https://phoronix.com/news/Wine-11.4-Released

Setting Up Better Git Config.
https://micahkepe.com/blog/gitconfig/

Setting Up Supercharged Neovim Configuration.
https://micahkepe.com/blog/neovim-setup/

Setting Up Better tmux(1) Configuration.
https://micahkepe.com/blog/tmux-config/

HardenedBSD 2026/02 Status Report.
https://hardenedbsd.org/article/shawn-webb/2026-03-01/hardenedbsd-february-2026-status-report

Add FreeBSD Support for Ollama.
https://github.com/ollama/ollama/pull/14697

Backrest is Web UI and Orchestrator for Restic Backup with FreeBSD Support.
https://github.com/garethgeorge/backrest

My TrueNAS CORE (FreeBSD) Homelab.
https://blog.gpkb.org/posts/homelab-2025/

FreeBSD Phabricator Contributor Growth Statistics – R Data Package.
https://github.com/chrislongros/freebsdcontribs

UNIX/Audio/Video

7 Alternative GhostBSD Browsers.
https://youtube.com/watch?v=v9PV84Ws4gY

2026-03-03 Jail/Zones Production User Call.
https://youtube.com/watch?v=3yHGSoaWIZ0

2026-03-05 Bhyve Production User Call.
https://youtube.com/watch?v=V_JRetnTYGY

BSD Now 653: Butter Makes Everything Better.
https://www.bsdnow.tv/653

Hardware

AMIGA Statistics 2026: Users/Demographics/Hardware and Modern AMIGA Ecosystem
https://generationamiga.com/2026/03/06/amiga-statistics-2026-users-demographics-hardware-and-the-modern-amiga-ecosystem/

ANE Training – Backpropagation on Apple Neural Engine.
https://github.com/maderix/ANE

AMD EPYC Turin 128 Core Comparison: 9745 (ZEN5C) vs. 9755 (ZEN5).
https://www.phoronix.com/review/amd-epyc-9745-9755

Using Mac from 2011.
https://basic.bearblog.dev/using-a-mac-from-2011/

CPU That Runs Entirely on GPU – Registers/Memory/Flags.
https://github.com/robertcprice/nCPU

Sony NEWS (NWS-831) 4.2BSD UNIX Workstation.
https://retropcnews.com/archives/1889

Your Phone is Now Required to Spy on You.
https://youtube.com/watch?v=hI9oy0t4JUU

Life

Fork Off: Surveillance States Need to Fork Linux Themselves.
https://blog.devrupt.io/posts/fork-off-california-linux/

Computer Scientists Caution Against Internet Age Verification Mandates.
https://reason.com/2026/03/04/computer-scientists-caution-against-internet-age-verification-mandates/

Brazil Law: All OSes Have 13 Days to Add Age Verification.
https://youtube.com/watch?v=WlH2yS5IKg0

The Protect the Kids Scam That Builds Permanent Surveillance Grid.
https://x.com/rob_braxman/status/2029240453606908134

System76 on Age Verification Laws.
https://blog.system76.com/post/system76-on-age-verification

70k Books Found in Hidden Library in This Germany Home.
https://bookstr.com/article/70k-books-found-in-hidden-library-in-this-germany-home/

Other

Anthropic Partnering with Mozilla to Improve Firefox Security.
https://anthropic.com/news/mozilla-firefox-security

Hardening Firefox with Anthropic Red Team.
https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/

Why Theme Park is Peak of Classic AMIGA Simulator Games.
https://generationamiga.com/2026/03/07/why-theme-park-is-the-peak-of-classic-amiga-simulator-games/

WarGames Movie Terminal Fonts.
https://mw.rat.bz/wgterm/

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF

Valuable News – 2026/03/02

3 Replies

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

FreeBSD 2025 Q4 Status Report.
https://freebsd.org/status/report-2025-10-2025-12/

FreeBSD Does Not Have WiFi Driver for My Old MacBook. AI Build One for Me.
https://vladimir.varank.in/notes/2026/02/freebsd-brcmfmac/

FreeBSD Parthenope Multi Installer in Lua.
https://gitlab.com/alfix/parthenope

FreeBSD Git Weekly: 2026-02-16 to 2026-02-22.
https://freebsd-git-weekly.tarsnap.net/2026-02-16.html

GhostBSD Plan to Ditch Xorg for XLibre.
https://theregister.com/2026/02/24/ghostbsd_plans_to_adopt_xlibre/

KDE Plasma 6.6 is Not Forcing systemd(1) but Arguments Rage On.
https://theregister.com/2026/02/24/kde_plasma_66/

Red Hat Learning Community Will Decommission on 2026/03/31.
https://learn.redhat.com/t5/Red-Hat-Learning-Community-News/Evolving-how-we-learn-together/ba-p/57899

SonicDE (KDE/Plasma 6.x Fork with X11 Support) on FreeBSD.
https://github.com/sonicde-freebsd

OpenZFS 2.4.1 Released.
https://github.com/openzfs/zfs/releases/tag/zfs-2.4.1

FreeBSDKit is Framework for Building Secure and Capability Aware Applications on FreeBSD.
https://github.com/SwiftBSD/FreeBSDKit

FreeBSD 15 Bridges/VLANs/Jails – Nice!
https://reddit.com/r/freebsd/comments/1r704e0/freebsd_15_bridges_vlans_and_jails_nice/
https://gist.github.com/codeedog/99f69ed1909fe633f6ab7b2d467de0f4

On Jails/VLANS/Trunking – Hurray for if_bridge New vlanfilter Feature.
https://reddit.com/r/freebsd/comments/1pytvnr/on_jails_vlans_and_trunking_hurray_for_if_bridge/

Virtualization Basics.
https://dumrich.github.io/GSoC25-Blog/posts/virtualization-fundamentals/

How QEMU Accelerator Works.
https://dumrich.github.io/GSoC25-Blog/posts/qemu-accel/

Adding Bhyve vmm(4) as Accelerator to QEMU.
https://dumrich.github.io/GSoC25-Blog/posts/qemu-bhyve/

Bhyve Part 1.
https://dumrich.github.io/GSoC25-Blog/posts/bhyve-part-1/

Bhyve Part 2.
https://dumrich.github.io/GSoC25-Blog/posts/bhyve-part-2/

Bhyve Part 3.
https://dumrich.github.io/GSoC25-Blog/posts/bhyve-part-3/

Git Fundamentals.
https://dumrich.github.io/GSoC25-Blog/posts/git-fundamentals/

Latest GhostBSD 26.1-R15.0p2-02-25-11 ISO Available.
https://ci.ghostbsd.org/jenkins/job/stable-15/job/Build%20ISO%20For%20Testing%20Packages/2/

Solaris 11.4 SRU90 – Preserve Boot Environments.
https://c0t0d0s0.org/blog/solaris114preservebootenvironments.html

Solaris 11.4 SRU90 – Limiting Signaling to All.
https://c0t0d0s0.org/blog/limitedsignaling.html

Supplemental Document for AWK.
https://github.com/arnoldrobbins/awksupp

You Just Need Postgres – Stop Managing 7 Databases.
https://youjustneedpostgres.com/

FreeBSD 14.4-RC1 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2026-February/003883.html

FreeBSD 14.4-RC1 Adds Emacs/Vim and More to DVD Images.
https://phoronix.com/news/FreeBSD-14.4-RC1-Released

ZFS Fast Dedup for Proxmox VE 9.x.
https://klarasystems.com/articles/zfs-fast-dedup-for-proxmox-ve-9x/

FreeBSD pkg autoremove.
https://rubenerd.com/freebsd-pkg-autoremove/

Uplift Privileges on FreeBSD.
https://vermaden.wordpress.com/2026/03/01/uplift-privileges-on-freebsd/

Jails for NetBSD – Kernel Enforced Isolation and Native Resource Control.
https://netbsd-jails.petermann-digital.de/

Running Your Own AS: Going Multi Homed with iBGP and Three Transits.
https://blog.hofstede.it/running-your-own-as-going-multi-homed-with-ibgp-and-three-transits/

How I Used SIGUSR1 to Avoid Python Process Conflicts.
https://ericbsd.com/how-i-used-sigusr1-to-avoid-python-process-conflicts.html

UNIX System V Release 2.0 Programmer Reference Manual BTL Edition. [1983]
https://archive.org/details/unix-system-v-release-2-programmer-reference-manual-btl-edition/

MinIO os Dead. Long Live MinIO.
https://blog.vonng.com/en/db/minio-resurrect/

64bit GNU Hurd is Here.
https://guix.gnu.org/blog/2026/the-64-bit-hurd//

Phoenix and Tailwind on FreeBSD.
https://blog.feld.me/posts/2026/02/phoenix-tailwind-freebsd/

Solaris 2.6 (x86) on 86Box with Socket 7. [1996]
https://officialaptivi.wordpress.com/2026/02/28/solaris-2-6-x86-on-86box-with-socket-7-1996/

Multiple Keyboard Layouts on OpenBSD.
https://tumfatig.net/2026/multiple-keyboard-layouts-on-openbsd/

Another Subprocess for vmd(8) on OpenBSD
https://undeadly.org/cgi?action=article;sid=20260226110600

Day #15 of Rediscovering FreeBSD.
https://tnorlin.se/posts/2026-03-01-day15-of-rediscovering-freebsd/

FreeBSDKit is Framework for Building Secure Capability Aware Applications on FreeBSD.
https://github.com/vIsNotUNIX/FreeBSDKit

Rockhopper Generates Installer Packages for Wide Variety of Platforms.
https://github.com/mcandre/rockhopper

UNIX/Audio/Video

Why Rust is Causing Tension in Linux Kernel.
https://youtube.com/watch?v=-XLuGB0wZ1M

2026-02-26 Bhyve Production User Call.
https://youtube.com/watch?v=jGhKX8kjQKg

2026-02-25 OpenZFS Production User Call.
https://youtube.com/watch?v=aYJ4sWotYho

ReactOS Future is Brighter Than Ever.
https://youtube.com/watch?v=VnLQvqoxXjA

MidnightBSD Responds to California Age Verification Law by Excluding California.
https://youtube.com/live/4qu5-tXVSGw

Sprinkling Little Cinnamon on GhostBSD.
https://youtube.com/watch?v=kaQ7MrB28yQ

BSD Now 652: Ghostly Graphics.
https://www.bsdnow.tv/652

Hardware

Intel ME: Anatomy of Ring -3 Backdoor – Part 1.
https://sbytec.com/vulnerabilities/intel_me/

PDP-11 Replica Kit – Build Your Own DEC PDP-11/70 Computer.
https://obsolescence.dev/pdp11.html

Intel Plans Return to Unified Core Design w/o Performance and Efficiency Cores.
https://techpowerup.com/346645/intel-plans-return-to-unified-core-design-no-more-performance-and-efficiency-core-split

CAN Bootloader.
https://runtimenotes.hashnode.dev/8bytes-is-not-too-bad

Build a Boy – Bricks Gaming Handheld You Build from Scratch.
https://crowdsupply.com/natalie-the-nerd/build-a-boy

Benchmarking 18 Years of Intel Laptop CPUs.
https://phoronix.com/review/intel-penryn-to-panther-lake/

Upgrading My Open Source Pi Surveillance Server with Frigate.
https://jeffgeerling.com/blog/2026/upgrading-my-open-source-pi-surveillance-server-frigate/

Lenovo Made Framework Like Laptop with Modular Ports.
https://theverge.com/tech/886814/lenovo-thinkbook-modular-ai-pc-concept-mwc-2026-specs

Life

179 Euros.
https://my-notes.dragas.net/2026/02/22/179-euros/

Pegasus Spyware – Part 1 – Zero Click Exploitation and Forensic Analysis.
https://sbytec.com/vulnerabilities/pegasus_analysis/

Pegasus Spyware – Part 2 – Forensic Detection and Mitigation Strategies.
https://sbytec.com/vulnerabilities/pegasus_detection/

Swedish Study: Hiring Discrimination is Problem for Men in Female Dominated Occupations.
https://psypost.org/swedish-study-suggests-hiring-discrimination-is-primarily-a-problem-for-men-in-female-dominated-occupations/

New California Law Says All OSes Including Linux Need to Have Some Form of Age Verification at Account Setup.
https://pcgamer.com/software/operating-systems/a-new-california-law-says-all-operating-systems-including-linux-need-to-have-some-form-of-age-verification-at-account-setup/

Other

Firefox 148.0 Now Available with New AI Controls/Kill Switches.
https://phoronix.com/news/Firefox-148

LibreWolf 148.0 Released.
https://codeberg.org/librewolf/bsys6/releases/tag/148.0-1

X86 CPU Made in CSS.
https://lyra.horse/x86css/

SvarDOS Open Source DOS Distribution.
http://svardos.org/

LibreOffice Accuses OnlyOffice of Being Fake Open Source.
https://tech2geek.net/libreoffice-vs-onlyoffice-the-document-foundation-accuses-its-rival-of-being-fake-open-source/

Diablo II LoD: vermaden Necromancer Guide. [2005]
http://strony.toya.net.pl/~vermaden/necromancer.htm

Firefox 149.0 Beta Released with Convenient Split View Mode.
https://phoronix.com/news/Firefox-149-Beta

Pierdology – Explore One of the Most Versatile Polish Swear Words.
https://pierdology.webflow.io/

Servo Browser Engine Starts 2026 with Many Notable Improvements.
https://phoronix.com/news/Servo-January-2026

Myrient that Hosts 390TB Classic Game Archive Shuts Down on 2026/03/01.
https://pbxscience.com/myrient-to-shut-down-march-31-390tb-classic-game-archive-faces-permanent-closure/

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF

Uplift Privileges on FreeBSD

5 Replies

There are many tools to uplift privileges for a regular user on FreeBSD to either different account or to the root rights with all possible power. For a start on any FreeBSD system any admin user needs to be in the wheel group to be even able to switch to root with su(1) command.

From su(1) man page:

PAM is used to set the policy su(1) will use. In particular, by default only users in the “wheel” group can switch to UID 0 (“root“). This group requirement may be changed by modifying the “pam_group” section of /etc/pam.d/su. See pam_group(8) for details on how to modify this setting.

One can use other groups for other limited privileges. For example I use group network to provide access to manipulate network connections on FreeBSD with mine network.sh script. More about that – FreeBSD Network Management with network.sh Script – here.

The Table of Contents below.

  • mdo(1)
  • doas(1)
  • sudo(8)
  • sudo-rs(8)
  • doso(1)
  • pfexec(8)
  • run0(1)
  • Summary

Most sysadmins usually turn to sudo(8) or doas(1) tools – but these are also other and native tools for that on FreeBSD.

 

mdo(1)

No need to install anything – its all provided by the Mandatory Access Control that part of FreeBSD.

After configured it behaves like sudo(8) or doas(1) tools. You can add -i argument to switch to root user or use -u USER to switch to another user.

Here is how it works. First you need to load mac_do(4) kernel module. Make sure its also loaded at boot in the /etc/rc.conf file or in the /boot/loader.conf file. To be honest the mac_do(4) man page suggests adding mac_do_load="YES" to theΒ /boot/loader.conf file but I tested loading/unloading theΒ mac_do(4) module multiple times during runtime both on FreeBSD 14.3-RELEASE and 15.0-RELEASE and it worked without any problem.

# kldload mac_do

# grep mac_do /etc/rc.conf
  kld_list="${kld_list} mac_do"

Next you need to make sure its enable and define the rules. Keep the rules in /etc/sysctl.conf for next reboots.

# sysctl security.mac.do.enabled
security.mac.do.enabled: 1

# sysctl security.mac.do.rules='gid=0>uid=0;uid=1000>uid=80,gid=80'
security.mac.do.rules:  -> gid=0>uid=0;uid=1000>uid=80,gid=80

# grep mac.do /etc/sysctl.conf
# SETTINGS FOR mac_do(4) MODULE
  security.mac.do.rules='gid=0>uid=0'

Now the setup is done and you can use mdo tool to switch to root super user.

% mdo -i

# whoami
root

… or to switch to other user … but only to the one that is configured. You can switch to www user but You can not switch to hast user for example.

% whoami
vermaden

% mdo -u hast
mdo: calling setcred() failed: Operation not permitted

% mdo -u www

% id
uid=80(www) gid=80(www) groups=80(www)

The syntax of security.mac.do.rules is quite simple – its RULE;RULE;RULE and have two rules defines. One allows us to become root super user – gid=0>uid=0 – and the other one grands us the permission to switch to www user – uid=1000>uid=80,gid=80 – as simple as that.

The mac_do(4) is a lot more – it also has a solutions for FreeBSD Jails – but that one already been covered by Olivier Certner in his recent Credentials Transitions with mdo(1) and mac_do(4) [PDF] that was also published in FreeBSD Journal recently.

One more thing – this is how you can use mdo(1) in scripts.

% cat /var/log/auth.log
cat: /var/log/auth.log: Permission denied

% mdo -i cat /var/log/auth.log | tail -3
Mar  4 16:04:00 f25 doas[23632]: vermaden ran command sysctl dev.acpi_ibm.0.fan_level=2 as root from /home/vermaden
Mar  4 16:05:00 f25 doas[57707]: vermaden ran command sysctl dev.acpi_ibm.0.fan=0 as root from /home/vermaden
Mar  4 16:05:00 f25 doas[64090]: vermaden ran command sysctl dev.acpi_ibm.0.fan_level=0 as root from /home/vermaden

The 14.4-RELEASE of FreeBSD comes with improved mdo(1) with following features.

Details in the commit message available here.

 

doas(1)

This is what I really like about OpenBSD team – they see the problem – they come with BSD licensed more open solution – they even have entire page of all their stuff – OpenBSD Innovations – available here. Things like tmux(1)/openntpd(8)/carp(4)/pf(4)/ssh(1)/doas(1)/openrsync(1)/… and many more. I am glad that most of them eventfully land in FreeBSD.

Install and setup of doas(1) requires adding doas package and configuring /usr/local/etc/doas.conf config.

# pkg install -y doas

# cat /usr/local/etc/doas.conf
# CORE
  permit nopass keepenv root   as root
  permit nopass keepenv :wheel as root

# THE network.sh SCRIPT
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /etc/rc.d/routing args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd vm args switch address
  permit nopass :network as root cmd wpa_supplicant

The # CORE part is one can say pretty default for all doas configurations. The # THE network.sh SCRIPT section is for my network.sh script to manage networking – it will even print all needed doas(1) configuration needed.

% network.sh doas
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /etc/rc.d/routing args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd vm args switch address
  permit nopass :network as root cmd wpa_supplicant

The doas(1) command does not have -i argument but one can overcome that with starting new shell with uplifted rights.

% whoami
vermaden

% doas -i
doas: illegal option -- i
usage: doas [-nSs] [-a style] [-C config] [-u user] command [args]

% doas zsh

# whoami
root

Same as sudo(8) the doas(1) provides vidoas(1) to safely edit the config – it also respects the EDITOR variable so you may overwrite your default editor on the fly.

# env EDITOR=ee vidoas

One needs to remember that doas(1) is a really tiny and very secure solution with less then 5000 lines of code. Compare that with little less then 640000 for sudo(8) command.

 

sudo(8)

One of the most popular ones is still Linux originated sudo(8) command. It way more complicated and but also has more features … and less good security history πŸ™‚

If you do not need those additional features – use mdo(1) or doas(1) instead.

Install and setup of sudo(8) requires adding sudo package and configuring /usr/local/etc/sudoers config.

# pkg install -y sudo

# grep '^[^#]' /usr/local/etc/sudoers
  root ALL=(ALL) ALL
  %wheel ALL=(ALL) NOPASSWD: ALL
  %network ALL = NOPASSWD: /etc/rc.d/netif onerestart
  %network ALL = NOPASSWD: /etc/rc.d/routing onerestart
  %network ALL = NOPASSWD: /sbin/dhclient *
  %network ALL = NOPASSWD: /sbin/ifconfig *
  %network ALL = NOPASSWD: /sbin/ifconfig * up
  %network ALL = NOPASSWD: /sbin/route *
  %network ALL = NOPASSWD: /sbin/umount -f *
  %network ALL = NOPASSWD: /usr/bin/killall -9 dhclient
  %network ALL = NOPASSWD: /usr/bin/killall -9 ppp
  %network ALL = NOPASSWD: /usr/bin/killall -9 wpa_supplicant
  %network ALL = NOPASSWD: /usr/bin/killall *
  %network ALL = NOPASSWD: /usr/bin/tee -a /etc/resolv.conf
  %network ALL = NOPASSWD: /usr/bin/tee /etc/resolv.conf
  %network ALL = NOPASSWD: /usr/local/sbin/vm switch address *
  %network ALL = NOPASSWD: /usr/sbin/ppp *
  %network ALL = NOPASSWD: /usr/sbin/service squid onerestart
  %network ALL = NOPASSWD: /usr/sbin/wpa_supplicant *

I intentionally omitted all comment lines from /usr/local/etc/sudoers as its not needed here.

Besides that – its really similar to doas(1) config – just different syntax.

You can use visudo(1) to safely edit the config – it respects the EDITOR variable.

# env EDITOR=ee visudo

 

sudo-rs(8)

If Rust is your poison then you will like that sudo(8) has been rewritten into sudo-rs(8). It is also almost 4 times smaller then the original sudo(8) code base.

Install and setup of sudo(8) requires adding sudo-rs package and configuring /usr/local/etc/sudoers config.

# pkg install -y sudo-rs

Keep in mind that sudo-rs(8) is a drop in replacement for sudo(8) so you will have to choose which one to use because they both install files in conflicting locations.

I will not paste here again a /usr/local/etc/sudoers example as its available section above.

 

doso(1)

I bet you never heard about doso(1) … probably because I wrote it myself and did not shared it yet πŸ™‚

From the good news – its the smallest solution of them all with less then 40 lines of C code.

From the bad news – I am not a professional programmer – I am sysadmin – so I am not best at writing C code – so be warned about this theoretical solution and do not try it at home :p

Now … once in a day I was thinking – knowing how many times doas(1) is smaller then sudo(8) I was wondering – how small can you go – and doso(1) is the answer to that question.

In the code above user with UID of 1000 will be able to switch to root user. One can also modify it to ‘pickup’ the wheel group membership instead.

I should do a Makefile but for such a small tiny thing I ended up with just commands gathered in a shell script.

% cat ./doso.sh
rm -f          ./doso.static
cc -O2 -o      ./doso.static -static ./doso.c
doas chmod +x  ./doso.static
doas chmod u+s ./doso.static
doas chown 0:0 ./doso.static

rm -f          ./doso
cc -O2 -o      ./doso ./doso.c
doas chmod +x  ./doso
doas chmod u+s ./doso
doas chown 0:0 ./doso

% ./doso.sh

% ls -l doso doso.static
-rwsr-xr-x  1 root wheel   11744 Mar  1 02:41 doso
-rwsr-xr-x  1 root wheel 3579320 Mar  1 02:41 doso.static

I build both dynamic and static versions as You see.

… and it works as desired.

% ./doso zsh

# whoami
root

Of course I tried to make sure to make it as secure as possible – but anyone with bigger C coding experience – please come up with fixes and upgrades πŸ™‚

 

pfexec(8)

Not a FreeBSD solution – a brother from Illumos/Solaris land – adding here as honorable mention to make article more complete.

 

run0(1)

… and run0(1) from the (un)famous systemd(1) solution on Linux systems.

 

Summary

I think this will conclude this article – feel free to share your thoughts.

EOF

Valuable News – 2026/02/23

Leave a reply

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

GhostBSD Switches to XLibre Over Wayland.
https://ostechnix.com/ghostbsd-switches-to-xlibre-over-wayland/

Call for Testing KDE Installer Dialogs.
https://lists.freebsd.org/archives/freebsd-desktop/2026-January/007438.html

FreeBSD Git Weekly: 2026-02-09 to 2026-02-15.
https://freebsd-git-weekly.tarsnap.net/2026-02-09.html

Potabi: Technical Analysis of FreeBSD Based Desktop OS.
https://privacylife.info/potabi-technical-analysis-of-the-freebsd-based-desktop-os/

KDE Plasma 6.6 Released.
https://kde.org/announcements/plasma/6/6.6.0/

KDE Plasma 6.6 Released with Many Excellent Improvements.
https://phoronix.com/news/KDE-Plasma-6.6

Howto for FreeBSD 15.0 on Raspberry Pi 5 with NVMe.
https://lists.freebsd.org/archives/freebsd-arm/2026-February/005683.html

GhostBSD to Use XLibre Server and MATE vs. Gershwin Desktop Decision in Future.
https://phoronix.com/news/GhostBSD-Eyes-XLibre

OpenBSD Jumpstart – Anatomy of bsd.rd – No Reboot Required.
https://openbsdjumpstart.org/bsd.rd/

Facilitate Screencasting/Recording with ffmpeg(1) Wrapper fauxstream on OpenBSD.
https://github.com/rfht/fauxstream

Native FreeBSD Kerberos/LDAP with FreeIPA/IDM.
https://vermaden.wordpress.com/2026/02/18/native-freebsd-kerberos-ldap-with-freeipa-idm/

Terminals Should Generate 256 Color Palette.
https://gist.github.com/jake-stewart/0a8ea46159a7da2c808e5be2177e1783

GitLab on FreeBSD Using BastilleBSD Jail. [2023]
https://alfaexploit.com/en/posts/gitlab_on_freebsd/

Undeleted XAA Making X Up to 200x Faster Accelerated Again.
https://patreon.com/posts/undeleted-xaa-x-151028801

FreeBSD 15.0 Linuxulator with CUDA Setup.
https://github.com/isaponsoft/freebsd-ai-notes/blob/main/CUAD_and_llama-server.md

Gentoo on Codeberg.
https://gentoo.org/news/2026/02/16/codeberg.html

FreeBSD AMI ID Pages.
https://daemonology.net/blog/2026-02-19-FreeBSD-AMI-ID-pages.html

New Toy in House for AI/Gaming/Linux/Windows/FreeBSD.
https://peter.czanik.hu/posts/new-toy-in-the-house-for-ai-gaming-linux-windows-freebsd/

Farewell Rust.
https://yieldcode.blog/post/farewell-rust/

Small dbase(1) FreeBSD/Linux Tool to Create/Manage Databases via Command Line.
https://github.com/Pitbasis/dbase

OpenClaw Installation in FreeBSD Jail.
https://github.com/isaponsoft/freebsd-ai-notes/blob/main/openclaw-on-jail.md

Comparison of Cloud Storage Encryption Software.
https://dataswamp.org/~solene/2026-02-19-local-encrypted-volume-comparison.html

Bidirectional OPNsense/pfSense Firewall Configuration Migration/Conversion CLI.
https://github.com/sheridans/pfopn-convert

FreeBSD KDE Desktop Installer Script is Ready for Testing.
https://ostechnix.com/freebsd-kde-installer-call-for-testing-15-1/

HTTP/3 on FreeBSD: Getting QUIC Working with Nginx in Bastille Jail.
https://blog.hofstede.it/http3-on-freebsd-getting-quic-working-with-nginx-in-a-bastille-jail/

Building Hierarchical Jails (Podman x Native Jail) on FreeBSD 15.
https://github.com/isaponsoft/freebsd-ai-notes/blob/main/FreeBSD_jail_on_jail-en.md

FreeBSD 14.4-BETA3 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2026-February/003866.html

Back to FreeBSD: Part 1.
https://hypha.pub/back-to-freebsd-part-1

Postgres is Your Friend. ORM is Not.
https://hypha.pub/postgres-is-your-friend-orm-is-not

FreeBSD MIT Kerberos Server.
https://vermaden.wordpress.com/2026/02/22/freebsd-mit-kerberos-server/

IPv6 Addresses for OpenBSD vmm(4) Virtual Machines.
https://xosc.org/vmm-ipv6.html

Netbase is Port of NetBSD Utilities to Another UNIX Like Operating Systems.
https://github.com/littlefly365/Netbase

Process Isolation with chroot(2) on NetBSD.
https://overeducated-redneck.net/blurgh/netbsd-chroot-isolation.html

BSD Weekly – Issue 267.
https://bsdweekly.com/issues/267

Using New Bridges of FreeBSD 15.
https://blog.feld.me/posts/2026/02/using-new-bridges-freebsd-15/

Using nsnotifyd(1) with PowerDNS Secondary.
https://blog.feld.me/posts/2026/02/nsnotifyd-with-powerdns-secondary/

Linuxulator on FreeBSD Feels Like Magic.
https://hayzam.com/blog/02-linuxulator-is-awesome/

We Built Our Entire Startup Infra on FreeBSD in 2026. Now We Need to Talk.
https://reddit.com/r/freebsd/comments/1r7mp9n/we_built_our_entire_startup_infra_on_freebsd_in/

UNIX/Audio/Video

OpenBSD Test Livestream: VAAPI on AMD Radeon RX 6700 XT Playing Northgard.
https://spectra.video/w/1smqEby9CkshEQWAthSty9

2026-02-19 Bhyve Production User Call.
https://yout-ube.com/watch?v=8ByyJ8nTtQU

2026-02-18 OpenZFS Production User Call.
https://yout-ube.com/watch?v=z7QKVFs6G3k

GhostBSD Drops Xorg for XLibre.
https://yout-ube.com/watch?v=RdJ2udBG-Og

Xorg Officially Abandons master Branch for main and Throws Away 2 Years of Code.
https://yout-ube.com/watch?v=xjwQXiNhW0E

FreeBSD as Domain Controller – Microsoft Will Not Like This.
https://yout-ube.com/watch?v=GrVDAu-Mcp0

Exploring/Hacking 386BSD – Dad of FreeBSD.
https://yout-ube.com/watch?v=6jfNvIxYyhU

BSD Now 651: Spatially Aware ZFS.
https://www.bsdnow.tv/651

Hardware

WD and Seagate Confirm: Hard Drives for 2026 Sold Out.
https://heise.de/en/news/WD-and-Seagate-confirm-Hard-drives-for-2026-sold-out-11178917.html

ARM Homelab Server – Minisforum MS-R1 Review.
https://sour.coffee/2026/02/20/an-arm-homelab-server-or-a-minisforum-ms-r1-review/

Minisforum Stuffs Entire ARM Homelab in MS-R1. [2025]
https://jeffgeerling.com/blog/2025/minisforum-stuffs-entire-arm-homelab-ms-r1/

This Engine Swapped Six Speed Sedan is M7 That BMW Never Built.
https://petrolicious.com/blogs/articles/this-engine-swapped-six-speed-sedan-is-the-m7-that-bmw-never-built

Your MacBook Has Accelerometer and You Can Read It in Real Time in Python.
https://medium.com/@oli.bourbonnais/your-macbook-has-an-accelerometer-and-you-can-read-it-in-real-time-in-python-28d9395fb180

Rumours Say AMD ZEN6 Ryzen CPU Packs 12 Cores per CCD w/o Requiring Much More Area.
https://club386.com/rumours-say-amd-zen-6-ryzen-cpu-packs-12-cores-per-ccd-without-requiring-much-more-silicon-area/

Life

Use Protocols – Not Services.
https://notnotp.com/notes/use-protocols-not-services/

I Verified My LinkedIn Identity. Here is What I Actually Handed Over.
https://thelocalstack.eu/posts/linkedin-identity-verification-privacy/

I Miss Thinking Hard.
https://jernesto.com/articles/thinking_hard

Other

AI Found 12 New Vulnerabilities in OpenSSL.
https://schneier.com/blog/archives/2026/02/ai-found-twelve-new-vulnerabilities-in-openssl.html

Paged Out #8 Issue from 2026/02.
https://pagedout.institute/download/PagedOut_008.pdf

Mike Brewers Gets Porsche Restored in Poland.
https://yout-ube.com/watch?v=9Xcno1cfNlg

Keep Android Open.
https://keepandroidopen.org/

Keep Android Open.
https://f-droid.org/2026/02/20/twif.html

ISOCD-Win is Replacement for Native Amiga ISOCD App.
https://github.com/fuseoppl/isocd-win

Wikipedia Blacklists archive.today Starts Removing 695,000 Archive Links.
https://arstechnica.com/tech-policy/2026/02/wikipedia-bans-archive-today-after-site-executed-ddos-and-altered-web-captures/

EDuke32 – Duke3D for Windows/Linux/macOS.
https://eduke32.com/

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF

FreeBSD MIT Kerberos Server

3 Replies

It often starts with a comment – your comment – and it is not different this time.

In the comments section below Native FreeBSD Kerberos/LDAP with FreeIPA/IDM article in one of the places it was shared someone asked why FreeBSD Handbook – Security – Kerberos section does not cover setting up MIT Kerberos … as FreeBSD since FreeBSD 15.0-RELEASE uses MIT Kerberos in its Base System instead of Heimdal implementation … and that is very good question.

MIT KRB5 1.22.1 Kerberos replaces Heimdal 1.5.2 by default. (Sponsored by The FreeBSD Foundation)

I even created a PR:289117 about it some time ago … but nothing changed since.

Encouraged that in the past the FreeBSD Handbook – Jails chapter was reworked also using information from my FreeBSD Jails Containers article – I though that maybe it will also happen this time … and even if not – this article will serve its role before anything related MIT Kerberos server will appear in official FreeBSD Handbook.

 

The Table of Contents will look like that this time.

  • FreeBSD Installation
  • It Was DNS
  • MIT Kerberos Server
  • Summary

Now …

FreeBSD Installation

The install I did was pretty generic and just NextNextNext … in the FreeBSD bsdinstall(8) installer. I have chosen Auto (ZFS) way (but it would work the same on UFS) and then setup static 10.1.1.123/24 IP and kerberos.example.org hostname. I also used PKGBASE but older Distribution Sets setup will also work the same.

It will also work in a Jail (VNET or not) if needed.

This is how /etc/rc.conf file looked like after install.

kerberos # cat /etc/rc.conf
# NETWORK
hostname="kerberos.example.org"
ifconfig_vtnet0="inet 10.1.1.123/24"
defaultrouter="10.1.1.1"

# SERVICES
sshd_enable="YES"
zfs_enable="YES"
syslogd_flags="-ss"

It Was DNS

Before we start setting up Kerberos we need DNS server.

You can use other other that you already have working – but if not – we will install and setup some basic nsd(8) DNS server first.

kerberos # hostname
kerberos.example.org

kerberos # netstat -Win -f inet
Name     Mtu Network      Address       Ipkts Ierrs Idrop    Opkts Oerrs  Coll
vtnet0     - 10.1.1.0/24  10.1.1.123        0     -     -        0     -     -
lo0        - 127.0.0.0/8  127.0.0.1         0     -     -        0     -     -

kerberos # echo nameserver 1.1.1.1 > /etc/resolv.conf

kerberos # mkdir -pv /usr/local/etc/pkg/repos

kerberos # sed s/quarterly/latest/g /etc/pkg/FreeBSD.conf > /usr/local/etc/pkg/repos/FreeBSD.conf

kerberos # pkg install -y nsd

This is what we got.

Now we will create simple DNS config.

kerberos # cat /usr/local/etc/nsd/nsd.conf
server:
  ip-address: 0.0.0.0
  port: 53
  logfile: /var/log/nsd.log

zone:
  name: example.org
  zonefile: example.org.zone

kerberos # cat /usr/local/etc/nsd/example.org.zone
$ORIGIN example.org.
$TTL 86400
@                   IN  SOA kerberos.example.org. admin.example.org. (
                        2026022101 ; serial
                        3600       ; refresh
                        600        ; retry
                        864000     ; expire
                        86400      ; minimum
                        )

                    IN  NS   kerberos.example.org.
kerberos            IN  A    10.1.1.123
*                   IN  A    10.1.1.123
@                   IN  A    10.1.1.123

_kerberos._udp      IN  SRV  01 00 88 kerberos.example.org.
_kerberos._tcp      IN  SRV  01 00 88 kerberos.example.org.
_kpasswd._udp       IN  SRV  01 00 464 kerberos.example.org.
_kerberos-adm._tcp  IN  SRV  01 00 749 kerberos.example.org.
_kerberos           IN  TXT  EXAMPLE.ORG

We can now enable and start our nsd(8) DNS server.

kerberos # service nsd enable
nsd enabled in /etc/rc.conf

kerberos # service nsd start
Starting nsd.

kerberos # nc -w 1 -v -u localhost 53
Connection to localhost 53 port [udp/domain] succeeded!

kerberos # nc -w 1 -v localhost 53
Connection to localhost 53 port [tcp/domain] succeeded!

kerberos # drill @10.1.1.123 kerberos.example.org
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 34997
;; flags: qr aa rd ; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 
;; QUESTION SECTION:
;; kerberos.example.org.        IN      A

;; ANSWER SECTION:
kerberos.example.org.   86400   IN      A       10.1.1.123

;; AUTHORITY SECTION:
example.org.    86400   IN      NS      kerberos.example.org.

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 10.1.1.123
;; WHEN: Sun Feb 22 12:44:15 2026
;; MSG SIZE  rcvd: 68

Now the KDC.

MIT Kerberos Server

Available Kerberos related settings in /etc/defaults/rc.conf file.

kerberos # awk '/kadmin|kdc/ {print $1}' /etc/defaults/rc.conf
kdc_enable="NO"
kdc_program=""
kdc_flags=""
kdc_restart="NO"
kdc_restart_delay=""
kadmind_enable="NO"
kadmind_program="/usr/libexec/kadmind"

Now we will prepare simple configuration for our MIT Kerberos server.

kerberos # cat /etc/krb5.conf 
[libdefaults]
  default_realm = EXAMPLE.ORG
[realms]
  EXAMPLE.ORG = {
    kdc = kerberos.example.org
    admin_server = kerberos.example.org
  }
[domain_realm]
  .example.org = EXAMPLE.ORG

Next we will enable and start Kerberos services.

kerberos # service kdc enable
kdc enabled in /etc/rc.conf

kerberos # service kadmind enable
kadmind enabled in /etc/rc.conf

kerberos # kdb5_util create -r EXAMPLE.ORG -s
Initializing database '/var/db/krb5kdc/principal' for realm 'EXAMPLE.ORG',
master key name 'K/[email protected]'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: 
Re-enter KDC database master key to verify: 

kerberos # kadmin.local
Authenticating as principal root/[email protected] with password.
kadmin.local:  add_principal root/[email protected]
No policy specified for root/[email protected]; defaulting to no policy
Enter password for principal "root/[email protected]": 
Re-enter password for principal "root/[email protected]": 
Principal "root/[email protected]" created.
kadmin.lexitocal:  listprincs
K/[email protected]
kadmin/[email protected]
kadmin/[email protected]
krbtgt/[email protected]
root/[email protected]
kadmin.local:  exit

kerberos # cat /var/db/krb5kdc/kadm5.acl
*/[email protected]  *

kerberos # service kdc start
Starting kdc.

kerberos # service kadmind start
Starting kadmind.

kerberos # kinit root/admin
kinit: Cannot contact any KDC for realm 'EXAMPLE.ORG' while getting initial credentials

Above error appeared because we still use the 1.1.1.1 DNS server – it was needed only for packages installation – we will now switch to our own 10.1.1.123 DNS server.

kerberos # echo nameserver 10.1.1.123 > /etc/resolv.conf

kerberos # kinit root/admin
Password for root/[email protected]: 

kerberos # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root/[email protected]

Valid starting     Expires            Service principal
02/22/26 05:38:37  02/23/26 05:38:37  krbtgt/[email protected]

kerberos # kadmin.local 
Authenticating as principal root/[email protected] with password.
kadmin.local:  exit

kerberos # kadmin
Authenticating as principal root/[email protected] with password.
Password for root/[email protected]: 
kadmin:  exit

Seems to work properly.

We can add some principal or host for a short test.

kerberos # kadmin.local 
Authenticating as principal root/[email protected] with password.
kadmin.local:  add_principal vermaden
No policy specified for [email protected]; defaulting to no policy
Enter password for principal "[email protected]": 
Re-enter password for principal "[email protected]": 
Principal "[email protected]" created.
kadmin.local:  get_principal vermaden
Principal: [email protected]
Expiration date: [never]
Last password change: Sun Feb 22 05:42:22 UTC 2026
Password expiration date: [never]
Maximum ticket life: 1 day 00:00:00
Maximum renewable life: 0 days 00:00:00
Last modified: Sun Feb 22 05:42:23 UTC 2026 (root/[email protected])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 1, aes256-cts-hmac-sha1-96
Key: vno 1, aes128-cts-hmac-sha1-96
MKey: vno 1
Attributes:
Policy: [none]
kadmin.local:  exit

kerberos # kdestroy -A

kerberos # kinit vermaden
Password for [email protected]: 

kerberos # klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting     Expires            Service principal
02/22/26 05:45:52  02/23/26 05:45:52  krbtgt/[email protected]

… and now host for a test.

kerberos # kadmin.local
Authenticating as principal root/[email protected] with password.
kadmin.local:  add_principal host/myserver.example.org
No policy specified for host/[email protected]; defaulting to no policy
Enter password for principal "host/[email protected]": 
Re-enter password for principal "host/[email protected]": 
Principal "host/[email protected]" created.
kadmin.local:  ktadd -k /root/myserver.example.org host/myserver.example.org
Entry for principal host/myserver.example.org with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/myserver.example.org.
Entry for principal host/myserver.example.org with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/myserver.example.org.
kadmin.local:  exit

kerberos # strings -t d -n 5 /root/myserver.example.org
     10 EXAMPLE.ORG
     29 myserver.example.org
    106 EXAMPLE.ORG
    125 myserver.example.org

kerberos # k5srvutil -f /root/myserver.example.org list
Keytab name: FILE:/root/myserver.example.org
KVNO Principal
---- --------------------------------------------------------------------------
2 host/[email protected]
2 host/[email protected]

Seems to work as desired.

Summary

These are all the services running and listening.

kerberos # ps aux | grep -e kdc -e kadmind -e nsd -e RSS
USER   PID  %CPU %MEM   VSZ   RSS TT  STAT STARTED      TIME COMMAND
nsd  75620   0.0  0.6 74108 13040  -  Ss   05:34     0:00.06 nsd: xfrd (nsd)
nsd  75737   0.0  2.0 55312 42088  -  S    05:34     0:00.07 nsd: main (nsd)
nsd  75868   0.0  2.1 79888 42488  -  I    05:34     0:00.00 nsd: server 1 (nsd)
root 82997   0.0  0.5 22972 10636  -  Ss   05:35     0:00.01 /usr/libexec/krb5kdc
root 90942   0.0  0.5 22936 10620  -  Ss   05:35     0:00.01 /usr/libexec/kadmind
root  1468   0.0  0.1 14164  2680  0  S+   05:44     0:00.00 grep -e kdc -e kadmind -e nsd -e RSS

kerberos # sockstat -l4
USER COMMAND      PID FD PROTO LOCAL ADDRESS         FOREIGN ADDRESS      
root kadmind    90942  9 udp4  *:464                 *:*                  
root kadmind    90942 11 tcp4  *:464                 *:*                  
root kadmind    90942 13 tcp4  *:749                 *:*                  
root krb5kdc    82997  9 udp4  *:88                  *:*                  
root krb5kdc    82997 11 tcp4  *:88                  *:*                  
nsd  nsd        75868  4 udp4  *:53                  *:*                  
nsd  nsd        75868  5 tcp4  *:53                  *:*                  
nsd  nsd        75737  4 udp4  *:53                  *:*                  
nsd  nsd        75737  5 tcp4  *:53                  *:*                  
nsd  nsd        75620  4 udp4  *:53                  *:*                  
nsd  nsd        75620  5 tcp4  *:53                  *:*                  
root sshd       50118  7 tcp4  *:22                  *:*

After all the changes this is how final /etc/rc.conf file looks like.

kerberos # cat /etc/rc.conf
# NETWORK
hostname="kerberos.example.org"
ifconfig_vtnet0="inet 10.1.1.123/24"
defaultrouter="10.1.1.1"

# SERVICES
sshd_enable="YES"
zfs_enable="YES"
syslogd_flags="-ss"
kdc_enable="YES"
kadmind_enable="YES"
nsd_enable="YES"

Now – this article was about how to setup a basic MIT Kerberos server on FreeBSD – not a complete guide on how to configure and use a Kerberos server – for that I send you to the official MIT Kerberos Documentation available here.

EOF

Native FreeBSD Kerberos/LDAP with FreeIPA/IDM

6 Replies

I want to make this clear in the first sentence because its biggest chance that people will read it – this article is entirely based on work done by Christian Hofstede-Kuhn (Larvitz) that wrote Integrating FreeBSD 15 with FreeIPA: Native Kerberos and LDAP Authentication recently. Credit goes to him. Besides that I like to share everything that could be useful – I also treat my blog as a place where I keep and maintain my FreeBSD documentation … and I have seen many blogs and sources of knowledge disappear from the Internet over time … and as I use free WordPress tear I am sure this blog (and knowledge) should be here long after I am gone.

So as You see there are several motivations for this:

  • Keep and maintain personal version with more code snippets that I can copy/paste fast.
  • More detailed commands and outputs.
  • Some additional improvements that may be useful – like local console login.

I just hope Christian will not be mad at me for this πŸ™‚

… and I will directly notify him about this article.

Alternatively – if You need to setup MIT Kerberos server on FreeBSD then use this FreeBSD MIT Kerberos Server article instead.

First of all – this new method is possible to work because FreeBSD switched from Heimdal Kerberos implementation to MIT Kerberos in FreeBSD 15.0-RELEASE … and I am really glad that FreeBSD finally did it.

As You know I already messed with that topic several times in the past:

All of these previous attempts had many downsides:

  • You needed to (re)compile multiple custom packages from FreeBSD Ports.
  • Sometimes it was needed to use custom code by Mariusz Zaborski (oshogbo) for example.
  • Complex sssd(8) daemon with many deps/reqs including D-Bus or Python and more.
  • Setup was complicated/fragile and prune to errors – especially during upgrades.

This new way is using MIT Kerberos from FreeBSD 15.0-RELEASE and small lightweight nslcd(8) daemon from net/nss-pam-ldapd package. The only (non technical) downside is that it uses LGPL21/LGPL3 license … but as we connect to entire Linux domain with FreeIPA/IDM it does not matter much, does it? :)Now – we first need FreeIPA/IDM server … use instructions from older Connect FreeBSD 14.0-STABLE to FreeIPA/IDM article.Now for the new way … lets start by switching the pkg(8) repository from quarterly to latest.

FreeBSD # mkdir -p /usr/local/etc/pkg/repos

FreeBSD # sed s/quarterly/latest/g /etc/pkg/FreeBSD.conf > /usr/local/etc/pkg/repos/FreeBSD.conf

Next we will install needed packages.

FreeBSD # pkg install -y nss-pam-ldapd pam_mkhomedir sudo doas

If your DNS configured at /etc/resolv.conf does not resolve FreeIPA/IDM use /etc/hosts instead.

FreeBSD # cat << __EOF >> /etc/hosts
172.27.33.200  rhidm.lab.org   rhidm
172.27.33.215  fbsd15.lab.org  fbsd15
__EOF

Add our new FreeBSD host and its IP on FreeIPA/IDM server.

[root@idm ~]# kinit admin
Password for [email protected]: 

[root@idm ~]# ipa dnsrecord-add lab.org fbsd15 --a-rec=172.27.33.215 --a-create-reverse
  Record name: fbsd15
  A record: 172.27.33.215

[root@idm ~]# ipa host-add fbsd15.lab.org
---------------------------
Added host "fbsd15.lab.org"
---------------------------
  Host name: fbsd15.lab.org
  Principal name: host/[email protected]
  Principal alias: host/[email protected]
  Password: False
  Keytab: False
  Managed by: fbsd15.lab.org

[root@idm ~]# ipa-getkeytab -s rhidm.lab.org -p host/[email protected] -k /root/fbsd15.keytab
Keytab successfully retrieved and stored in: /root/fbsd15.keytab

[root@idm ~]# scp /root/fbsd15.keytab fbsd15:

On FreeBSD host copy the keytab from FreeIPA/IDM server and put it into right place with proper permissions.

FreeBSD # cp /root/fbsd15.keytab /etc/krb5.keytab

FreeBSD # chmod 640 /etc/krb5.keytab

Verify FreeBSD keytab.

FreeBSD # klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 host/[email protected]
   1 host/[email protected]
   1 host/[email protected]
   1 host/[email protected]

The nslcd(8) daemon will need /etc/krb5.keytab keytab read access to work – to achieve that we will add sshd user to its nslcd group.

FreeBSD # groups sshd
sshd

FreeBSD # pw groupmod nslcd -m sshd

FreeBSD # groups sshd
sshd nslcd

Prepare /etc/krb5.conf config.

FreeBSD # cat << __EOF > /etc/krb5.conf
[libdefaults]
  default_realm    = LAB.ORG
  dns_lookup_kdc   = false
  dns_lookup_realm = false

[realms]
  LAB.ORG = {
    kdc          = rhidm.lab.org
    admin_server = rhidm.lab.org
  }

[domain_realm]
  .lab.org = LAB.ORG
   lab.org = LAB.ORG
__EOF

Create /usr/local/etc/nslcd.conf config for nslcd(8) daemon.

FreeBSD # cat << __EOF > /usr/local/etc/nslcd.conf
# RUN AS nslcd USER 
uid nslcd
gid nslcd

# LDAP CONNECTION DETAILS
uri  ldap://rhidm.lab.org
base dc=lab,dc=org

# USE SYSTEM KEYTAB FOR AUTH
sasl_mech  GSSAPI
sasl_realm LAB.ORG

# FORCE /bin/sh SHELL
map passwd loginShell "/bin/sh"
__EOF

Enable and start the nslcd(8) daemon.

FreeBSD # service nslcd enable
nslcd enabled in /etc/rc.conf

FreeBSD # service nslcd start
Starting nslcd.

Modify /etc/nsswitch.conf config the following way with simple sed(1) one liner.

FreeBSD # sed -i '.OLD' -E \
              -e 's/^group:.*/group: files ldap/g'   \
              -e 's/^passwd:.*/passwd: files ldap/g' \
              /etc/nsswitch.conf

This is what we changed.

FreeBSD # diff -u /etc/nsswitch.conf.OLD /etc/nsswitch.conf
--- /etc/nsswitch.conf.OLD 2026-02-18 04:54:41.487608000 +0000
+++ /etc/nsswitch.conf     2026-02-18 04:59:00.234662000 +0000
@@ -1,9 +1,9 @@
-group: compat
+group: files ldap
 group_compat: nis
 hosts: files dns
 netgroup: compat
 networks: files
-passwd: compat
+passwd: files ldap
 passwd_compat: nis
 shells: files
 services: compat

One can use even more compact /etc/nsswitch.conf as shown by Christian Hofstede-Kuhn (Larvitz) below.

FreeBSD # cat << __EOF > /etc/nsswitch.conf
group: files ldap
passwd: files ldap
hosts: files dns
networks: files
shells: files
services: compat
protocols: files
rpc: files
__EOF

Now lets test how it works.

FreeBSD # id vermaden
uid=854800003(vermaden) gid=854800003(vermaden) groups=854800003(vermaden)

Now the sshd(8) part.

FreeBSD # cat << __EOF >> /etc/ssh/sshd_config
# KRB5/GSSAPI AUTH
GSSAPIAuthentication      yes
GSSAPICleanupCredentials  yes
GSSAPIStrictAcceptorCheck no
__EOF

Time to restart sshd(8) daemon.

FreeBSD # service sshd restart
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: 1089.
Performing sanity check on sshd configuration.
Starting sshd.

Now lets test how it works over SSH.

[root@rhidm ~]# kinit vermaden
Password for [email protected]: 

[root@rhidm ~]# ssh fbsd15 -l vermaden
FreeBSD 15.0-RELEASE-p2 (GENERIC) releng/15.0-n281005-5fb0f8e9e61d

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List:        https://www.FreeBSD.org/lists/questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

To change this login announcement, see motd(5).

Could not chdir to home directory /home/vermaden: No such file or directory

vermaden@fbsd15:/ $ id admin
uid=854800000(admin) gid=854800000(admins) groups=854800000(admins)

vermaden@fbsd15:/ $ id
uid=854800003(vermaden) gid=854800003(vermaden) groups=0(wheel),854800003(vermaden)

Works but … the ${HOME} directory is not automatically created because we did not configured it yet.

Lets use sed(1) again … and yes it has to be spread over two lines.

FreeBSD # sed -i '.OLD' '/^session.*/i\
session optional pam_mkhomedir.so mode=0700' /etc/pam.d/sshd

FreeBSD # ls -l /etc/pam.d/sshd*
-rw-r--r--  1 root wheel 608 Feb 18 05:18 /etc/pam.d/sshd
-rw-r--r--  1 root wheel 564 Feb 18 05:18 /etc/pam.d/sshd.OLD

FreeBSD # diff -u /etc/pam.d/sshd.OLD /etc/pam.d/sshd
--- /etc/pam.d/sshd.OLD 2026-02-18 05:20:50.344139000 +0000
+++ /etc/pam.d/sshd     2026-02-18 05:20:53.552277000 +0000
@@ -16,6 +16,7 @@
 
 # session
 #session       optional        pam_ssh.so              want_agent
+session        optional        pam_mkhomedir.so        mode=0700
 session        required        pam_permit.so
 
 # password

We use optional instead of required if for some reason pam_mkhomedir.so fails or is not available.

For the record the entire /etc/pam.d/sshd PAM config looks like that.

FreeBSD # cat /etc/pam.d/sshd
# auth
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_nologin.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         optional        pam_mkhomedir.so        mode=0700
session         required        pam_permit.so

# password
password        required        pam_unix.so             no_warn try_first_pass

We will now configure sudo(8) for more permissions.

FreeBSD # pw groupmod wheel -m vermaden

FreeBSD # cat << __EOF >> /usr/local/etc/sudoers
%wheel ALL=(ALL:ALL) NOPASSWD: ALL
__EOF

We will also do doas(1) here as its simpler and more secure.

FreeBSD # cat << __EOF > /usr/local/etc/doas.conf
permit nopass keepenv root   as root
permit nopass keepenv :wheel as root
__EOF

Now lets try to login again.

[root@rhidm ~]# kinit vermaden
Password for [email protected]: 

[root@rhidm ~]# ssh fbsd15 -l vermaden

vermaden@fbsd15:~ $ pwd
/home/vermaden

vermaden@fbsd15:~ $ sudo -i
root@fbsd15:~ #

Better.

I also ‘silenced’ the login a little by creating empty ~/.hushlogin file and by removing /usr/bin/fortune from the ~/.profile file.

vermaden@fbsd15~/ $ :> ~/.hushlogin

vermaden@fbsd15:~ $ sed -i '.OLD' '/fortune/d' ~/.profile

… and this is the part I added – using FreeIPA/IDM user for console access – because right now – it does not work.

FreeBSD/amd64 (fbsd15.lab.org) (ttyu0)

login: vermaden
Password:
Login incorrect

To allow that we will uncomment all lines matching the pam_krb5.so module within /etc/pam.d/system config.

FreeBSD # sed -i '.OLD' '/pam_krb5.so/s/^#//g' /etc/pam.d/system

FreeBSD # ls -l /etc/pam.d/system*
-rw-r--r--  1 root wheel 568 Feb 18 05:34 /etc/pam.d/system
-rw-r--r--  1 root wheel 571 Feb 18 05:33 /etc/pam.d/system.OLD

FreeBSD # diff -u /etc/pam.d/system.OLD /etc/pam.d/system
--- /etc/pam.d/system.OLD 2026-02-18 05:33:48.171585000 +0000
+++ /etc/pam.d/system     2026-02-18 05:34:24.444767000 +0000
@@ -4,12 +4,12 @@
 #
 
 # auth
-#auth          sufficient      pam_krb5.so             no_warn try_first_pass
+auth           sufficient      pam_krb5.so             no_warn try_first_pass
 #auth          sufficient      pam_ssh.so              no_warn try_first_pass
 auth           required        pam_unix.so             no_warn try_first_pass nullok
 
 # account
-#account       required        pam_krb5.so
+account        required        pam_krb5.so
 account                required        pam_login_access.so
 account                required        pam_unix.so
 
@@ -19,5 +19,5 @@
 session         required        pam_xdg.so
 
 # password
-#password      sufficient      pam_krb5.so             no_warn try_first_pass
+password       sufficient      pam_krb5.so             no_warn try_first_pass
 password       required        pam_unix.so             no_warn try_first_pass

Lets try again.

FreeBSD/amd64 (fbsd15.lab.org) (ttyu0)

login: vermaden
Password: 

vermaden@fbsd15:~ $ klist
klist: No credentials cache found (filename: /tmp/krb5cc_854800003_AeF9er)

vermaden@fbsd15:~ $ kinit 
Password for [email protected]: 

vermaden@fbsd15:~ $ klist
Ticket cache: FILE:/tmp/krb5cc_854800003_AeF9er
Default principal: [email protected]

Valid starting     Expires            Service principal
02/18/26 05:27:47  02/19/26 05:07:21  krbtgt/[email protected]

You have reached the end of this article – see you in the next one πŸ™‚

EOF

Valuable News – 2026/02/16

2 Replies

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

Addressing XLibre Change and GhostBSD Future.
https://ericbsd.com/addressing-xlibre-change-and-ghostbsd-future.html

My GUI Toolkit and Desktop Environment – Built from Scratch for FreeBSD.
https://forums.freebsd.org/threads/gui-desktop-built-for-freebsd.101567/

FreeBSD Git Weekly: 2026-02-02 to 2026-02-08.
https://freebsd-git-weekly.tarsnap.net/2026-02-02.html

OpenClaw with smolBSD with Dockerfile.
https://github.com/NetBSDfr/smolBSD/blob/main/dockerfiles/Dockerfile.clawd

Rustless WD-40 Git Fork.
https://github.com/Libre-WD-40/git

Adding Fediverse Comments to Pelican Blog.
https://blog.hofstede.it/adding-fediverse-comments-to-a-pelican-blog/

FreeBSD Home NAS – Part 10 – Monitoring with Victoria Metrics and Grafana.
https://rtfm.co.ua/en/freebsd-home-nas-part-10-monitoring-with-victoriametrics-and-grafana/

FreeBSD Home NAS – Part 11 – Extended Monitoring with Additional Exporters.
https://rtfm.co.ua/en/freebsd-home-nas-part-11-extended-monitoring-with-additional-exporters/

LLDB Improvements on FreeBSD.
https://lists.freebsd.org/archives/freebsd-hackers/2026-February/005757.html

UFS2Tool FreeBSD UFS1/2 Filesystem Manager for Windows.
https://github.com/SvenGDK/UFS2Tool

Production Ready OpenClaw Deployment Using FreeBSD VNET Jails and socat(1) Forwarding and ZFS Storage.
https://github.com/KLD997/FreeClaw

AMD CPPC cpufreq(4) Driver for Zen 2+ CPUs.
https://lists.freebsd.org/archives/freebsd-hackers/2026-February/005764.html

FreeBSD wolfCrypt Kernel Module Support.
https://wolfssl.com/wolfcrypt-freebsd-kernel-module-support/

FreeBSD Jail Memory Metrics.
https://blog.cabroneria.com/bits/0010_freebsd_per_jail_memory_metrics/

WolfSSL Sucks Too – So Now What?
https://blog.feld.me/posts/2026/02/wolfssl-sucks-too/

C64UX is Unix Inspired Shell and RAM Filesystem for Commodore 64.
https://github.com/ascarola/c64ux

Update and Cleanup Packages with Ansible on OpenBSD.
https://x61.sh/log/2026/02/12022026185942-update_all_ansible.html

Latest GhostBSD-26.1-R15.0p2 ISO Artifact.
https://ci.ghostbsd.org/jenkins/job/unstable/job/Verify%20The%20ISO%20Build%20With%20Unstable%20Packages/164/

RHEL on ZFS Root: Unholy Experiment.
https://blog.hofstede.it/rhel-on-zfs-root-an-unholy-experiment/

FreeBSD 14.4-BETA2 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2026-February/003848.html

NomadBSD: Persistent FreeBSD Live System.
https://privacylife.info/nomadbsd-persistent-freebsd-live-system/

Tailscale Exit Node on FreeBSD.
https://conradresearch.com/articles/tailscale-exit-node-on-freebsd

One Too Many Words on AT&T $2000 Korn Shell and Other Usenet Topics. [2025]
https://blog.gabornyeki.com/2025-12-usenet/

FFS Backup.
https://eradman.com/posts/ffs-backup.html

WireGuard and NFS. [2025]
https://eradman.com/posts/wireguard-nfs.html

AWK Programming. [2025]
https://eradman.com/posts/awk-programming.html

ZFS Quickstart. [2025]
https://eradman.com/posts/zfs-quickstart.html

Bhyve and iPXE. [2025]
https://eradman.com/posts/bhyve-ipxe.html

OpenBSD Workstation Notes. [2025]
https://eradman.com/posts/openbsd-workstation.html

OpenBSD VPS Installation. [2025]
https://eradman.com/posts/openbsd-vps-installation.html

Automated FreeBSD Install.
https://eradman.com/posts/automated-freebsd-install.html

Loadbars Resurrected: From Perl to Go After 15 Years.
https://foo.zone/gemfeed/2026-02-15-loadbars-resurrected-from-perl-to-go.html

Undo in vi(1) and Its Successors and My Views on Mess.
https://utcc.utoronto.ca/~cks/space/blog/unix/ViUndoMyViews

Intel SST Audio Driver for FreeBSD.
https://github.com/spagu/acpi_intel_sst

UNIX/Audio/Video

FreeBSD in 2026: Thriving or Dying?
https://yout-ube.com/watch?v=JRJBsb1mtIs

Little FreeBSD Stress is Good for You.
https://yout-ube.com/watch?v=kcO9naDQPrI

Jails on FreeBSD.
https://yout-ube.com/watch?v=nsgIJl5VKpg

2026-02-10 Jail/Zones Production User Call.
https://yout-ube.com/watch?v=Cg3Tr4wOTKo

2026-02-12 Bhyve Production User Call.
https://yout-ube.com/watch?v=hf4tNsDoLas

BSD Now 650: Korn Chips.
https://www.bsdnow.tv/650

Hardware

Backblaze Drive Stats for 2025.
https://backblaze.com/blog/backblaze-drive-stats-for-2025/

TechPaula/LT6502: 6502 Based Laptop Design.
https://github.com/TechPaula/LT6502

Acer and ASUS Banned from Selling PCs/Laptops in Germany Following Nokia HEVC/H.265 Codec Patent Ruling Bullshit.
https://videocardz.com/newz/acer-and-asus-are-now-banned-from-selling-pcs-and-laptops-in-germany-following-nokia-hevc-patent-ruling

How is Data Stored?
https://makingsoftware.com/chapters/how-is-data-stored

Removing BIOS Administrator Password on ThinkPad Takes Timing.
https://hackaday.com/2026/02/15/removing-the-bios-administrator-password-on-a-thinkpad-takes-timing/

Life

Audiophiles Can Not Differentiate Audio Signals Sent Through Copper/Banana/Mud in Blind Test.
https://headphonesty.com/2026/01/audiophiles-fail-copper-banana-mud-blind-test/

Other

SteamOS on ThinkPad P14s Gen 4 (AMD) is Quite Nice.
https://ounapuu.ee/posts/2026/02/09/year-of-the-linux-desktop/

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF

Valuable News – 2026/02/09

Leave a reply

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

How to Make FreeBSD Live CD and Live USB.
https://betounix.substack.com/p/how-to-make-a-freebsd-livecd-live

FreeBSD Port of OpenClaw – Runs in Jail Using Subnet with socat(1) for localhost Binding.
https://github.com/KLD997/FreeClaw

FreeBSD Outer Base.
https://github.com/emtiu/freebsd-outerbase

OpenIndiana Ports Solaris IPS Package Management to Rust.
https://phoronix.com/news/OpenIndiana-Next-Gen-IPS

FreeBSD Git Weekly: 2026-01-26 to 2026-02-01.
https://freebsd-git-weekly.tarsnap.net/2026-01-26.html

Setup Environment to Make FreeBSD UFS Image Mountable by PS5/PS4.
https://github.com/earthonion/mkufs2

The Book of PF (4th Edition) by Peter N. M. Hansteen is Released.
https://nostarch.com/book-of-pf-4th-edition

LibreOffice 26.2 Release Notes.
https://wiki.documentfoundation.org/ReleaseNotes/26.2

Inside PlayStation OS: How BSD Changed Sony Consoles Forever.
https://generationamiga.com/2026/02/04/inside-the-playstation-os-how-bsd-changed-sonys-consoles-forever/

GhostBSD 2025/12 Finance Report.
https://ghostbsd.org/news/December_2025_Finance_Report

Rust in NetBSD Kernel and Other Odd Decisions.
https://bentsukun.ch/posts/netbsd-rust-kernel/

NetBSD Kernel Supports Lua Scripting But Do Not Look for Rust in There Anytime Soon.
https://phoronix.com/news/No-Rust-In-NetBSD-Kernel

OPNsense ISC DHCP to Kea/dnsmasq Migration Tool for DHCPv4/DHCPv6 from Sam Sheridan.
https://github.com/sheridans/isc2kea

FreeBSD Audio Diagnostics and Optimization.
https://m4c.pl/blog/freebsd-audio-diagnostics-and-optimization/

My FreeBSD Experience on My ThinkPad X1 Carbon Gen 8.
https://dkolak0.wordpress.com/2026/02/06/my-freebsd-experience-on-my-thinkpad-x1-carbon-gen-8/

Build System for CoreBSD.
https://github.com/h4ckee/CoreBSD

Things UNIX Can Do Atomically. [2010]
https://rcrowley.org/2010/01/06/things-unix-can-do-atomically.html

After Decades on Linux – FreeBSD Finally Gave Me Reason to Switch Operating Systems.
https://zdnet.com/article/freebsd-linux-review/

How to Setup WireGuard on OpenBSD: Ultimate Self Hosted 2026 VPN Guide.
https://thelonestack.com/openbsd-wireguard-vpn-setup/

Scraping FreeBSD mpd5 Daemon to Obtain L2TP VPN Usage Data.
https://utcc.utoronto.ca/~cks/space/blog/unix/FreeBSDScrapingMpd5ForL2TP

Making FreeBSD System Have Serial Console on Cecond Serial Port.
https://utcc.utoronto.ca/~cks/space/blog/unix/FreeBSDSerialConsoleSecondPort

BSD PF versus Linux nftables for Firewalls for Us,
https://utcc.utoronto.ca/%7Ecks/space/blog/sysadmin/PFvsNftablesForUs

Creating Samba AD Domain Controller on FreeBSD.
https://sour.coffee/2026/02/04/creating-a-samba-active-directory-domain-controller-on-freebsd/

Implementing Carrier Grade NAT and Port Block Allocation on FreeBSD and PF.
https://sour.coffee/2026/01/30/implementing-carrier-grade-nat-and-port-block-allocation-on-freebsd-and-pf/

My Homelab and Home Network.
https://sour.coffee/2026/01/15/my-homelab-and-home-network-january-2026-edition/

Exploring Docker Containers on FreeBSD.
https://tumfatig.net/2026/exploring-docker-containers-on-freebsd/

S3 Storage at Home with Garage – Part 3 – In Practice.
https://jan.wildeboer.net/2026/01/3-Using-Garage-S3/

The tmux(1) Popup Editor for Cursor Agent CLI Prompts.
https://foo.zone/gemfeed/2026-02-02-tmux-popup-editor-for-cursor-agent-prompts.html

What Does This Disk Do?
https://euroquis.nl/freebsd/2026/01/29/disk.html

Adventures in Datacenter Networking.
https://conradresearch.com/articles/adventures-in-datacenter-networking

BSD Weekly – Issue 265.
https://bsdweekly.com/issues/265

Wine 11.2 Released with More Improvements and 32 Bug Fixes.
https://phoronix.com/news/Wine-11.2-Released

NetBSD 11.0 Release Process Underway.
https://blog.netbsd.org/tnf/entry/netbsd_11_0_release_process

NetBSD 11.0-RC1 Available for Testing with Enhanced Linux Emulation.
https://phoronix.com/news/NetBSD-11.0-RC1

PF Firewall on FreeBSD: Practical Guide.
https://blog.hofstede.it/pf-firewall-on-freebsd-a-practical-guide/

FreeBSD: Configuring DragonFly Mail Agent for root User Mail.
https://rtfm.co.ua/en/freebsd-configuring-dragonfly-mail-agent-for-the-root-user-mail/

Get WiFi on FreeBSD on Every MacBook/Mac or Any Other Laptop/PCs that FreeBSD Does Not Supports.
https://dkolak0.wordpress.com/2026/02/07/get-wi-fi-on-freebsd-on-every-macbook-mac-or-any-other-laptop-pcs-that-freebsd-doesnt-supports/

Running Your Own AS: BGP on FreeBSD with FRR/GRE Tunnels and Policy Routing.
https://blog.hofstede.it/running-your-own-as-bgp-on-freebsd-with-frr-gre-tunnels-and-policy-routing/

FreeBSD 14.4-BETA1 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2026-February/003844.html

NetBSD 11.0 RC1 Available.
https://blog.netbsd.org/tnf/entry/netbsd_11_0_rc1_available

CS615 – System Administration – Using NetBSD.
https://stevens.netmeister.org/615/

Use rdist(1) When Ansible is Too Much. [2024]
https://openbsd.amsterdam/blog/rdist-1-when-ansible-is-too-much.html

Emulating *BSD on ARM – Part 1 – Introduction. [2024]
https://bentsukun.ch/posts/bsd-arm-qemu/

Emulating *BSD on ARM – Part 2 – FreeBSD. [2024]
https://bentsukun.ch/posts/freebsd-arm-qemu/

Emulating *BSD on ARM – Part 3 – OpenBSD [2024]
https://bentsukun.ch/posts/openbsd-arm-qemu/

Booting NetBSD from Wedge – the Hard Way. [2025]
https://bentsukun.ch/posts/netbsd-wedge-boot/

Intel Recently Shelved Numerous Open Source Projects.
https://phoronix.com/news/Intel-OSS-Projects-Ended-2025

UNIX/Audio/Video

CS615 – System Administration – Using NetBSD – Videos.
https://youtube.com/c/cs615asa/videos

Redirecting USB Devices over TCP/IP on FreeBSD.
https://youtube.com/watch?v=Rbl_IlVIzVc

This Web Tool Makes ZFS on FreeBSD Stupidly Easy.
https://youtube.com/watch?v=S0ePkpVMHu8

FreeBSD Live – Updating Ports.
https://youtube.com/watch?v=a9A-fnYyUk0

2026-02-04 OpenZFS Production User Call.
https://youtube.com/watch?v=sllSjE1SvyE

2026-02-03 Jail/Zones Production User Call.
https://youtube.com/watch?v=WJopEuJlLXo

How to Do Xorg Graphics for FreeBSD on UTM on MacOS/arm64.
https://youtube.com/watch?v=__TrwS4u52I

BSD Now 648: Greytrapping for Years.
https://www.bsdnow.tv/648

BSD Now 649: Desk Review.
https://www.bsdnow.tv/649

Hardware

Laptop Retrospective – TPM021 – ThinkPad X300.
https://thinkpad-museum.de/episode/tpm021-x300/

Loongson 3B6000 Benchmarks: China LoongArch CPU Versus AMD ZEN5/Intel Arrow Lake/Raspberry Pi 5.
https://phoronix.com/review/loongson-3b6000-loongarch/7

Pin Fin Heat Sinks.
https://fanlesstech.com/2026/02/pin-fin-heat-sinks.html

WD Reinvents Hard Drive: 100TB Roadmap and AI Era Performance Breakthroughs.
https://pbxscience.com/wd-reinvents-the-hard-drive-100tb-roadmap-and-ai-era-performance-breakthroughs/

Meet Garbage PC.
https://ounapuu.ee/posts/2026/02/02/garbage-time/

Ode to AA Battery.
https://jeffgeerling.com/blog/2026/ode-to-the-aa-battery/

First Good Raspberry Pi Laptop.
https://jeffgeerling.com/blog/2026/the-first-good-raspberry-pi-laptop/

Life

Weight of Millimeter.
https://my-notes.dragas.net/2026/02/02/the-weight-of-a-millimeter/

Other

AntiRender – See Through Architectural Bullshit.
https://antirender.com/

Minimalistic City Map Posters.
https://kottke.org/26/02/minimalistic-city-map-posters

Small Games – Big Impact – 40 Year Legacy of Sensible Software.
https://generationamiga.com/2026/02/03/small-games-big-impact-the-40-year-legacy-of-sensible-software/

Firefox AI Killswitch Coming with 148.0 Version.
https://privacyguides.org/news/2026/02/06/firefoxs-ai-killswitch-coming-february-24/

Little History of DOS Games Cracks.
https://dosdays.co.uk/topics/game_cracks.php

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF

Valuable News – 2026/02/02

Leave a reply

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX/BSD/Linux systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

The Usual Suspects section at the end is permanent and have links to other sites with interesting UNIX/BSD/Linux news.

Past releases are available at the dedicated NEWS page.

UNIX

Create smolBSD Image Using Dockerfile.
https://github.com/NetBSDfr/smolBSD/tree/main?tab=readme-ov-file#create-a-smolbsd-image-using-a-dockerfile

Building Minimal NetBSD Bootable USB Stick Using smolBSD Dockerfile.
https://indymotion.fr/w/7e2rQwCbb3X74nGWvYgkdi

Fastest Way to Copy Ext4 Formatted Data to FreeBSD Using WSL2 as Intermediary.
https://sanjayregmi.com/posts/fastest-way-to-copy-ext4-formatted-data-to-freebsd-using-wsl2-as-an-intermediary/

FreeBSD Git Weekly: 2026-01-19 to 2026-01-25.
https://freebsd-git-weekly.tarsnap.net/2026-01-19.html

SonicDE Looks to Preserve and Improve X11 Specific KDE Code.
https://phoronix.com/news/SonicDE-Improving-KDE-X11-Code

FreeType Makes ClearType Like LCD Filter Rendering 40% Faster.
https://phoronix.com/news/FreeType-Faster-ClearType-Like

Running XLibre on OpenBSD Manually.
https://github.com/X11Libre/packaging/discussions/24

OPNsense 26.1 Open Source Firewall Released with Threat Intelligence Feeds.
https://vmorecloud.com/opnsense-26-1-open-source-firewall-released/

ZFS vs Btrfs: Architecture/Features/Stability.
https://klarasystems.com/articles/zfs-vs-btrfs-architects-features-and-stability-2/

BSD Now 648: Greytrapping for Years.
https://www.bsdnow.tv/648

Clawdbot FreeBSD Port with Install and rc(8) Service Scripts.
https://github.com/FreeDal/moltbot-freebsd

Use linuxulator-steam-utils to Play Steam Games on FreeBSD.
https://phoronix.com/news/FreeBSD-Gaming-2026

HardenedBSD: Security Enhanced Fork of FreeBSD.
https://privacylife.info/2026/01/hardenedbsd-the-security-enhanced-fork-of-freebsd

AutoBSD is FreeBSD Auto Installer Builder Utilizing bsdinstall(8) and mfsBSD.
https://gitlab.com/btrgk-lab/freebsd/autobsd

150 MB Minimal FreeBSD Installation.
https://vermaden.wordpress.com/2026/02/01/150-mb-minimal-freebsd-installation/

[Call for Test] Single USB Device Passthrough for Bhyve.
https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004977.html

Lazy Reading for 2026/02/01.
https://dragonflydigest.com/2026/02/01/lazy-reading-for-2026-02-01/

Lazy Reading for 2026/01/25.
https://dragonflydigest.com/2026/01/25/lazy-reading-for-2026-01-25/

Lazy Reading for 2026/01/18.
https://dragonflydigest.com/2026/01/18/lazy-reading-for-2026-01-18/

Latest GhostBSD 26.1-R15.0p2 Development ISO Images.
https://ci.ghostbsd.org/jenkins/job/unstable/job/Verify%20The%20ISO%20Build%20With%20Unstable%20Packages/164/

Writing EEPROMs on FreeBSD with minipro.
https://rubenerd.com/writing-eeproms-on-freebsd-with-minipro/

GNU/Hurd is Almost There with x86_64 and SMP and 75% of Debian Packages Building.
https://phoronix.com/news/GNU-Hurd-In-2026

Kindler is Purely Declarative Build System with Experimental FreeBSD Support.
https://setsunasoftware.com/kindler/

Book Design and Implementation of FreeBSD Operating System – 3rd Edition In the Works.
https://news.ycombinator.com/item?id=46844919

WiBSD: Forgotten BSD Distribution for Wireless and Embedded Systems.
https://itc-bohemians.blogspot.com/2026/01/wibsd-forgotten-bsd-distribution-for.html

Linux From Scratch Now Requires systemd(1) and Drops System V Init Support.
https://www.phoronix.com/news/LFS-Dropping-SysVinit

UNIX/Videos

GhostBSD 25.02-R14.3p2.
https://youtube.com/watch?v=rWKXqOsQH9s

How to Add Ports and ffplay(1) to GhostBSD.
https://youtube.com/watch?v=njYp2q94QKU

I Turned FreeBSD Into My Own Zoom (Galene) Server.
https://youtube.com/watch?v=0BjwNCalzBs

2026-01-27 Jail/Zones Production User Call.
https://youtube.com/watch?v=48Z5QFpwktg

OPNsense 26.1: What You Need to Know Before You Upgrade.
https://youtube.com/watch?v=cVryJ8enTBI

I am Gonna Get Rekt Attempting to Install and Configure FreeBSD.
https://youtube.com/live/S4hbR4_o4ec

FreeBSD: Video Graphics on Xorg Running Under UTM.
https://youtube.com/watch?v=8ODBeiRGI7A

Hardware

Maniek86 M8SBC-486 Homebrew 486 Computer.
https://maniek86.xyz/projects/m8sbc_486.php

Modify Celeron 300A for Slot I to Work in SMP System. [Polish]
https://maniek86.xyz/pl/blog.php?p=26

Exploring Linux on LoongArch Mini PC with 4C/8T Loongson 3A6000 CPU.
https://wezm.net/v2/posts/2026/loongarch-mini-pc-m700s/

AI Boom Triggers Storage Crisis: HDD Prices Set to Climb Through 2026 as Capacity Sells Out.
https://pbxscience.com/ai-boom-triggers-storage-crisis-hdd-prices-set-to-climb-through-2026-as-capacity-sells-out/

Life

Dependency Layer in Digital Sovereignty.
https://nesbitt.io/2026/01/28/the-dependency-layer-in-digital-sovereignty.html

Vitamin D and Omega-3 Have Larger Effect on Depression than Antidepressants.
https://blog.ncase.me/on-depression/

Advice from Jocko Has Saved My Life More Times Than I Can Count.
https://youtube.com/watch?v=3DR_8DSDjEw

Why Owning Nothing is So Expensive.
https://youtube.com/watch?v=8AKn-zJMIwY

Other

Firefox Nightly Enables Split View Mode Option by Default.
https://phoronix.com/news/Firefox-Nightly-Split-View

Clawdbot/Moltbook Just Got Scary.
https://youtube.com/watch?v=-fmNzXCp7zA

Usual Suspects

BSD Weekly.
https://bsdweekly.com/

DiscoverBSD.
https://discoverbsd.com/

BSDSec.
https://bsdsec.net/

DragonFly BSD Digest.
https://dragonflydigest.com/

FreeBSD Patch Level Table.
https://bokut.in/freebsd-patch-level-table/

FreeBSD End of Life Date.
https://endoflife.date/freebsd

Phoronix BSD News Archives.
https://phoronix.com/linux/BSD

OpenBSD Journal.
https://undeadly.org/

Call for Testing.
https://callfortesting.org/

Call for Testing – Production Users Call.
https://youtube.com/@callfortesting/videos

BSD Now Weekly Podcast.
https://www.bsdnow.tv/

Nixers Newsletter.
https://newsletter.nixers.net/entries.php

BSD Cafe Journal.
https://journal.bsd.cafe/

DragonFly BSD Digest – Lazy Reading – In Other BSDs.
https://dragonflydigest.com

BSDTV.
https://bsky.app/profile/bsdtv.bsky.social

FreeBSD Git Weekly.
https://freebsd-git-weekly.tarsnap.net/

FreeBSD Meetings.
https://youtube.com/@freebsdmeetings

BSDJedi.
https://youtube.com/@BSDJedi/videos

RoboNuggie.
https://youtube.com/@RoboNuggie/videos

GaryHTech.
https://youtube.com/@GaryHTech/videos

Sheridan Computers.
https://youtube.com/@sheridans/videos

82MHz.
https://82mhz.net/

EOF