BSDCan 2025 highlights, transitioning from Linux to FreeBSD, defending against web scrapers with Anubis on FreeBSD 14 and more.

Releases

No releases.

BSDSec

No security announcements. As always, it’s worth following BSDSec. RSS feed available.

News

Valuable News Summary for 2025/07/14: The Valuable News weekly series provides a summary of news and articles related to UNIX/BSD/Linux systems. Key points include updates on FreeBSD ports, GhostBSD finance reports, and various security and optimization techniques for UNIX systems.

Transitioning from Linux to FreeBSD: The article discusses the transition from desktop Linux to FreeBSD, highlighting the differences and similarities between the two open-source operating systems. FreeBSD, a direct derivative of UNIX, is noted for its comprehensive documentation and singular package manager, which simplifies the user experience. Despite some issues like laptop power management and WiFi compatibility, FreeBSD is praised for its robust ZFS filesystem and the ability to run Linux applications through binary compatibility. The article suggests that with further development, FreeBSD could become a viable desktop alternative to GNU/Linux, potentially appealing even to die-hard Windows users. The summary includes insights from a user’s experience and mentions specific tools like GhostBSD and the bhyve hypervisor.

BSDCan 2025 Trip Report by Chuck Tuffli: The FreeBSD Foundation sponsored Chuck Tuffli’s trip to BSDCan 2025 in Ottawa, which included a developer summit and conference. Key highlights included discussions on improving laptop support for FreeBSD, the Core Team’s long-term efforts, and debates on the project’s AI policy. The event also featured presentations from industry leaders like Verisign and NVIDIA, and a focus on finalizing features for the FreeBSD 15.0 release. Notable talks included Stefano Marinelli’s migration from Linux to BSD, AMD hardware support for Confidential Computing, and Xe Iaso’s AI firewall utility. The conference fostered valuable networking and collaboration opportunities.

Defending Against Web Scrapers with Anubis on FreeBSD 14: The article discusses the author’s experience with aggressive web scraping on their Git server and how they implemented Anubis, an HTTP proxy, to defend against it. The author notes that FreeBSD is reliable for long-term server operation and details the process of setting up Anubis on FreeBSD 14 with Nginx. Key steps include installing Anubis, configuring Nginx to work with it, fine-tuning Anubis policies, and setting up logging and Fail2Ban for enhanced security. The solution effectively filters out abusive traffic and bots, significantly reducing unwanted server load.

BSDCan 2025 Trip Report by Mark Johnston: The FreeBSD Foundation sponsored Mark Johnston’s trip to BSDCan 2025 in Ottawa, which included a developer summit and conference. Key highlights include discussions on the use of LLM-based programming tools in FreeBSD, with a policy draft forbidding LLM-generated code but allowing their use in other development aspects. Verisign’s use of FreeBSD for DNS infrastructure security and the potential of CHERI hardware for improving memory safety were also notable topics. Additionally, the conference featured talks on ELF binaries, ABI stability, and improvements to FreeBSD’s KASAN implementation. The event provided valuable networking and hacking opportunities for attendees.

New watch(1) Utility Introduced in OpenBSD -current: Job Snijders has introduced a new utility called watch(1) in OpenBSD -current, which allows for the periodic execution of a command and displays its output. This utility is based on IIJ’s iwatch, which was initially imported in May and has since undergone significant reworking. The watch(1) utility has been linked to the build, making it available for users. This addition enhances OpenBSD’s toolset by providing a convenient way to monitor command output over time.

BSD Now 619: Essential Tools and Techniques for BSD Users: This episode of BSD Now covers a range of topics essential for BSD users. It includes a practical guide on disaster recovery with ZFS, highlighting key strategies for data protection. The episode also explores the evolution of open source into two distinct worlds and discusses the benefits of choosing tools that enhance productivity and happiness. Additionally, it features an update on TrueNAS CORE transitioning to zVault and encourages listeners to start local computer clubs.

Tutorials

Building a Simple Router with OpenBSD: This guide details creating a home router using OpenBSD, covering hardware setup with a Mac Mini and TP-Link adapters, and software configuration for basic routing, DNS, and ad-blocking. It includes steps for setting up an OpenBSD router to manage IPv4 traffic, configuring DNS with Cloudflare and Quad9, and implementing network-wide ad-blocking using StevenBlack’s host list. Additionally, it provides instructions for enabling port forwarding on an Xbox to avoid Strict NAT for online gaming. The guide is structured to be followed step-by-step, with options to stop after basic setup or continue for advanced configurations.

Guide to Installing Forgejo on FreeBSD: This guide provides a step-by-step process for installing and configuring Forgejo on FreeBSD 14.3 using Bastille 1.0. It covers requirements, installation, securing the instance with generated secrets, and optional configurations like setting the host’s FQDN and forcing HTTPS for git users. The guide also includes instructions for enabling and starting the Forgejo service, as well as logging into the instance. It is recommended to access Forgejo via a reverse proxy with a valid TLS certificate for public availability. The content is inspired by a similar setup for Gitea and is tailored for users with root privileges or sudo/doas access.

Designing a Storage Pool: RAIDZ, Mirrors, and Hybrid Configurations: The article discusses the design of ZFS storage pools, focusing on the trade-offs between different VDEV configurations such as RAIDZ and mirrors. It highlights how mirrors offer better performance in terms of IOPS and read throughput but at a higher cost and reduced capacity. The article provides a comparative analysis of various configurations using 24 theoretical disks of 10 TB each, showing differences in read/write IOPS and usable capacity. It also explores the impact of workload types on VDEV selection, particularly for databases and virtual machines with small block writes. Additionally, the article delves into the use of special VDEVs to optimize metadata storage and improve performance, especially in hybrid storage systems combining HDDs and SSDs. The importance of redundancy and resiliency in special VDEVs is emphasized, along with the potential performance gains from using flash storage for metadata.

Understanding FreeBSD’s Periodic System: The FreeBSD periodic utility is a built-in system for scheduling and running regular maintenance jobs, such as system health checks, security audits, and cleanup tasks. These jobs are executed as shell scripts and can be customized to integrate into the existing framework. The article explains the locations of periodic scripts, which are categorized into daily, weekly, monthly, and security-related directories. It also provides guidance on configuring the periodic system via the /etc/periodic.conf file and demonstrates how to add a custom periodic script for monitoring ZFS pool usage. The article concludes with tips for creating effective periodic scripts and encourages readers to explore existing scripts and contribute their own.

Essential FreeBSD Tools and Commands: The article provides a comprehensive guide to essential FreeBSD tools and commands, offering insights into various functionalities and tips for both beginners and experienced users. Key points include how to scroll the raw FreeBSD console using the Scroll Lock key, managing suspend/resume internals with zzz(8) and related scripts, and network information tools like ifconfig(8) and route(8). The article also covers additional mount points management, disk information and evaluation with diskinfo(8), and the use of the lsblk(8) command for listing block devices. Other notable topics are instant reboot techniques, mounting ISO images, checking free RAM memory, and identifying listening services with sockstat(8). The article further explores advanced usage of the tar(1) command, creating/extending raw volumes, filesystem detection, tracking disk utilization over time, managing ZFS boot environments, and monitoring sensors. Additionally, it discusses the use of the df(8) command with gigabyte output, process tracing with truss(8), setting idle and realtime priority, managing fstab(5) input, and utilizing the systat(8) command for system monitoring. The article concludes with tips on applying devfs(8) ruleset live and encourages sharing of favorite FreeBSD commands.

Did we miss anything?

This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.

Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).

Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.

Thanks for reading and see you next week! Stay safe!