FreeBSD 14.4-BETA3 release, Q4 2025 updates with kernel/Rust advancements, and NetBSD joins Google Summer of Code 2026 and more.
Releases
FreeBSD 14.4-BETA3 Available: The third BETA build for the FreeBSD 14.4 release cycle is now available. ISO images for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, aarch64, and riscv64 architectures are FreeBSD mirror sites.
FreeBSD 14.4 Beta 3: The third BETA build for the FreeBSD 14.4 release cycle is now available. ISO images for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, aarch64, and riscv64 architectures are available on most of our FreeBSD mirror sites.
BSDSec
No security announcements. As always, it’s worth following BSDSec. RSS feed available.
News
FreeBSD Q4 2025 Status Report: The FreeBSD Q4 2025 Status Report outlines 28 key updates across teams, projects, kernel improvements, and ports. Major changes include stricter deadlines for submissions to ensure timely releases, the completion of the Infrastructure Modernization project, and advancements in security tools like the Open Source Vulnerability (OSV) database and Software Bill of Materials (SBOM). Kernel updates feature suspend/resume improvements for modern laptops, audio stack enhancements, and Rust support for kernel development. Notable projects include the Alpha-Omega Beach Cleaning initiative for third-party software security, QEMU vmm accelerator support, and the Sylve system management platform. Ports updates highlight OpenJDK 25 support, KDE Plasma 6.5.4, and HPC stack modernization with Slurm 25.11 and PMIx/PRRTE. The report also details architectural progress for BananaPi-R64 and documentation efforts like the new Accessibility Handbook.
NetBSD Foundation joins Google Summer of Code 2026: The NetBSD Foundation has been selected as a participating organization in Google Summer of Code 2026, offering opportunities for contributors to work on NetBSD and pkgsrc projects. Interested participants can explore suggested ideas on the dedicated project page or propose their own NetBSD-related initiatives. Communication channels include the #netbsd-code IRC on Libera.Chat and official mailing lists for guidance and collaboration. The program aims to foster open-source contributions, with further details available on the Google Summer of Code homepage. The announcement encourages community engagement and innovation for the upcoming summer term.
Valuable News – 2026/02/23: The Valuable News weekly roundup curates notable updates and articles primarily focused on UNIX/BSD/Linux systems, filtering key developments from the overwhelming flow of online information. This edition highlights GhostBSD’s transition from Xorg to XLibre, the release of KDE Plasma 6.6 with performance improvements, and FreeBSD’s advancements like native Kerberos/LDAP integration with FreeIPA/IDM and HTTP/3 support in Bastille jails.
Back to FreeBSD: Part 1: Article highlights how FreeBSD pioneered lightweight OS-level containers with jails in 2000—long before Linux’s LXC (2008) or Docker (2013)—offering native, efficient process and network isolation. The article contrasts FreeBSD’s cohesive, minimalist design with Linux’s complex, layered container ecosystem, noting how industry trends favored Linux despite FreeBSD’s technical elegance. It sets the stage for exploring FreeBSD’s modern relevance, especially with tools like ZFS and jail managers for scalable infrastructure.
BSD Now 651 explores spatially aware ZFS and GeoIP firewalling: This episode of BSD Now covers GeoIP-based firewalling in FreeBSD using PF to filter traffic by geographic location and examines ZFS deployment patterns in production environments, including common pitfalls. Additional topics include the Linux compatibility layer on FreeBSD (“linuxulator”), a discussion on the lightweight XFCE desktop environment, and an analysis of complex bootloader code for OpenBSD on HP-PA hardware. The episode also highlights OpenBSD’s recent support for running as a guest under Apple’s Hypervisor framework, alongside community feedback on audio quality in interviews.
Tutorials
FreeBSD MIT Kerberos Server Setup Guide: This article provides a step-by-step guide for configuring a MIT Kerberos server on FreeBSD 15.0, which now uses MIT Kerberos instead of Heimdal in its base system. It begins with a basic FreeBSD installation, followed by setting up a DNS server using nsd(8) to handle Kerberos-related SRV records. The guide then covers the configuration of the MIT Kerberos server, including creating the Kerberos database, setting up the krb5.conf file, and enabling the necessary services (kdc and kadmind). The process also includes testing the setup by creating a test principal and verifying its functionality. The article concludes with a summary of the running services and final configuration, emphasizing that this guide focuses on setup rather than comprehensive Kerberos administration.
FreeBSD’s Linuxulator enables seamless Linux software compatibility: FreeBSD’s Linuxulator allows most Linux applications to run natively on FreeBSD with minimal configuration, bridging compatibility gaps between the two systems. The author successfully used it to run VS Code’s Remote SSH extension—officially unsupported on FreeBSD—by leveraging a Linux emulation layer and a custom Linux base environment. This setup resolved productivity bottlenecks caused by slow remote file editing over NFS or SSHFS, particularly for large projects like SvelteKit or OpenWRT development. Performance matched native Linux systems, with only minor adjustments needed for specific tools like Rollup, which lacked FreeBSD binaries but worked via a WASM alternative. The solution highlights the stability of Linux’s ABI and FreeBSD’s robust implementation, offering a near-transparent cross-platform development experience.
Optimizing ARC and L2ARC for Proxmox: ARC and L2ARC configuration in Proxmox requires a capacity-planning approach rather than performance tuning, focusing on deterministic memory allocation for ZFS and guest workloads. The process begins with reserving fixed RAM for guests and Proxmox processes, then allocating the remaining memory to ZFS, with explicit ARC caps set via zfs_arc_max to prevent unintended competition between guest memory and cache. L2ARC deployment is only beneficial when specific conditions are met, including a working set larger than ARC, high ARC hit ratios (over 85%), and sufficient ARC capacity to handle L2ARC index overhead without displacing hot data. Practical sizing guidelines suggest ARC caps of 12–16 GiB for 64 GiB RAM nodes, 24–48 GiB for 128 GiB nodes, and 64–128 GiB for 256+ GiB nodes, always prioritizing guest memory needs. L2ARC is generally unnecessary for smaller nodes but can improve performance in large-scale deployments if ARC is properly sized and workloads demonstrate usable working sets exceeding available RAM. Validation through metrics like ARC hit ratios, I/O latency, and eviction rates ensures optimal configuration, with L2ARC removal recommended if no measurable improvements are observed.
Native FreeBSD Kerberos/LDAP integration with FreeIPA/IDM: This guide details a streamlined method for integrating FreeBSD 15 with FreeIPA/IDM using native MIT Kerberos and the lightweight nslcd(8) daemon, replacing the previously required sssd(8) and custom packages. The process involves configuring Kerberos authentication, LDAP for user/group resolution, and PAM for session management, including automatic home directory creation via pam_mkhomedir. Key steps include generating a host keytab on the FreeIPA server, modifying /etc/nsswitch.conf to prioritize LDAP, and enabling GSSAPI authentication in sshd_config. The approach leverages FreeBSD 15’s switch from Heimdal to MIT Kerberos, simplifying setup while maintaining compatibility with FreeIPA’s LDAP/Kerberos infrastructure. Additional tweaks allow console logins and integrate sudo/doas for privilege escalation, with all configurations tested for both SSH and local access.
OpenBSD’s bsd.rd ramdisk kernel explored: The OpenBSD Jumpstart site provides an analysis of the bsd.rd ramdisk kernel, a critical component used during system installation, upgrades, and recovery processes. The breakdown details its internal structure, including the crunched binary format generated by crunchgen(8), which combines multiple commands into a single executable while dynamically altering behavior based on invocation. The article also references build configurations like /usr/src/distrib/amd64/ramdisk_cd/Makefile to illustrate practical implementation. This examination helps administrators understand how the ramdisk operates and how it can be customized for specific use cases. The discussion further highlights the technical mechanisms that enable bsd.rd to function as a lightweight, self-contained environment.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!