NetBSD 11.0 RC3 final testing, OpenBSD 7.9 transition, and AI-driven OpenBSD pfsync field rename and more.
Releases
NetBSD 11.0 RC3 released for final testing: The NetBSD project has announced the third and likely final release candidate for NetBSD 11.0, marking nearly a year since the netbsd-11 branch was created. This version addresses several issues from the first candidate, including performance improvements for the ftp client during large file downloads, updates to tmux, reliability fixes for blocklistd, and corrections in the Mesa library. The release provides both CD-sized and full-featured DVD ISO images, with the latter recommended for most users unless constrained by media size limits. Installation files are available via the project’s CDN for standard architectures, while ARM-based systems can use builds from the dedicated ARM images page. Users encountering issues are encouraged to report them through the project’s mailing lists or bug-tracking system.
BSDSec
No security announcements. As always, it’s worth following BSDSec. RSS feed available.
News
OpenBSD -current transitions to version 7.9: OpenBSD’s development branch, -current, has officially shifted from the 7.9-beta phase to version 7.9 as part of its standard pre-release process. The change, marked by a commit from project leader Theo de Raadt, signals the final stages of testing before the stable 7.9 release, though this update itself is not the official release. Users running -current are advised to use the -D snap flag with package management tools like pkg_add and pkg_info to ensure compatibility with the evolving snapshot builds. The transition also serves as a reminder for the community to frequently update snapshots, test both the base system and ports, and submit bug reports to refine the upcoming release. This phase is a routine part of OpenBSD’s development cycle.
Valuable News – 2026/04/13: The Valuable News weekly roundup curates notable updates, articles, and resources primarily focused on UNIX/BSD/Linux ecosystems. This edition highlights FreeBSD’s Laptop Integration Testing Project, aiming to improve hardware compatibility, alongside developments like Podman on FreeBSD (OCI containers without systemd), CUDA support, and .NET 10.0 compatibility fixes. OpenBSD advancements include ext4 filesystem support and Pomera DM250 installation guides, while NetBSD released 11.0 RC3.
OpenBSD renames pfsync field to reduce AI-generated bug report noise: A long-unused field in the pfsync(4) packet header, originally intended for ruleset hashing but never implemented, was renamed from pfcksum[] to spare[] to prevent misinterpretation by AI tools generating false security bug reports. The change follows an incident where an AI-assisted report incorrectly claimed the field was a security-critical checksum, despite no code ever writing or verifying its contents. Theo de Raadt’s commit also updated the man page to clarify the protocol’s lack of security guarantees, emphasizing its use on dedicated firewall links. The modification will appear in OpenBSD 7.9, addressing recurring AI-driven misclassifications that waste developer time. The field’s historical context dates to early development but was retained for compatibility despite being functionally obsolete.
A sysadmin’s decades-long path from early computing to BSD: The author traces their technological journey from childhood fascination with early systems like the TRS-80 and Apple II through professional experiences with Windows, UNIX, and Linux administration. Early exposure to BBS culture and system multitasking via OS/2 shaped their perspective, while frustration with Windows instability and Linux’s growing complexity in the 2000s led to exploration of BSD alternatives. The 2003 adoption of NetBSD on legacy Sparc hardware marked a turning point, with OpenBSD’s design philosophy—emphasizing simplicity, security, and cohesive system integration—ultimately resonating most strongly. By 2026, the author uses a mix of OpenBSD, FreeBSD, and Linux for different roles, viewing BSD as a stable “home” despite acknowledging no operating system is perfect for every use case. The narrative highlights how evolving professional needs and philosophical alignment with BSD’s development principles drove the gradual migration away from other systems.
BSD Now 658: This episode of BSD Now covers FreeBSD and OpenZFS as tools for achieving technical independence, examining their role in storage architecture and autonomy from proprietary systems. It also discusses the performance impact of code review processes, claiming excessive layers can slow development by an order of magnitude. Additional topics include the history of OpenBSD on Motorola 88000 processors, the Jailrun utility for managing FreeBSD jails, and a critique of AI-generated code in FreeBSD ecosystems. The episode rounds out with a look at “vibe-coded” ext4 filesystem support in OpenBSD, blending technical depth with community-driven insights.
OpenSSH 10.3/10.3p1 released with security fixes and new features: OpenSSH 10.3 and 10.3p1 were released on April 2, 2026, introducing security fixes, feature improvements, and bug corrections. Key security updates include fixes for shell metacharacter validation in usernames, certificate principal matching, and scp handling of setuid/setgid bits. The release also removes compatibility for implementations lacking rekeying support and tightens handling of empty certificate principals. New features include support for IANA-assigned SSH agent forwarding codepoints, improved multiplexing commands, and floating-point time precision for PerSourcePenalties. Additionally, the release enhances FIDO/webauthn support, adds ED25519 PKCS8 key writing, and improves performance for the sntrup761 key agreement algorithm. A future deprecation of SHA1 SSHFP records was also announced due to security weaknesses.
BSD performance and compatibility on PINE64 ROCKPro64: A detailed evaluation of the PINE64 ROCKPro64 single-board computer running NetBSD, OpenBSD, and FreeBSD highlights its capabilities for lightweight NAS and general-purpose use. The article emphasizes the importance of updating U-Boot to version 2022.01 for improved hardware support, including PCI-e expansion cards and NVMe/SATA storage, which were poorly recognized under the default 2017.09 firmware. Performance metrics show idle power consumption around 3.2–3.5W across all three OSes, with temperatures hovering near 46–48°C, while CPU load tests (via ubench) push power usage to 6.7–7.5W and temperatures to 70–78°C. NetBSD and OpenBSD fully utilize the Cortex-A72’s 1.8GHz max frequency, whereas FreeBSD caps at 1.4GHz, possibly due to configuration limits. All systems support dynamic CPU frequency scaling (via estd, apmd, or powerd) and recognize USB storage, though the USB-C port remains non-functional. The ROCKPro64’s 4GB RAM model proves viable for ZFS-based NAS setups, with each BSD variant offering stable performance, leaving the choice to administrative preference or specific features like FreeBSD’s pkg ecosystem or OpenBSD’s conservative thermal throttling.
Valuable News – 2026/04/06: The Valuable News weekly roundup curates notable updates, articles, and resources primarily focused on UNIX, BSD, and Linux systems. This edition highlights Sylve 0.2.1’s release and its inclusion in FreeBSD ports, a humorous April Fools’ prank by GhostBSD introducing an AI assistant named Casper, and advancements like FreeBSD’s planned adoption of newer Linux graphics drivers. It also covers security topics such as SSH certificates for improved authentication and a FreeBSD kernel remote code execution vulnerability (CVE-2026-4747) demonstrated by an AI. Additional content includes NetBSD’s Cells for kernel-enforced isolation, OpenBSD 7.8 on Raspberry Pi Zero 2W, and community discussions on tools like less(1) and pkg(8).
Tutorials
Defending against web scrapers with Anubis on FreeBSD: A detailed guide explains how to deploy Anubis—a lightweight HTTP proxy—to mitigate aggressive web scraping on FreeBSD with Nginx.
Installing Crowdsec on FreeBSD with PF firewall integration: This guide outlines the process of installing Crowdsec on FreeBSD, assuming an existing PF firewall with configured rules.
FreeBSD 16 System Calls Table: Blog post providing a partially auto-generated and curated table of FreeBSD system calls, including links to manual pages and implementation entry points. Originally created as a personal study resource, it may also be useful for developers and anyone interested in FreeBSD internals and system-level programming.
FreeBSD 14.4 on Raspberry Pi Zero 2W: This article details the installation and configuration of FreeBSD 14.4 on a Raspberry Pi Zero 2 W, including hardware setup with a WaveShare ETH/USB HUB HAT and PoE power. The process involves downloading the FreeBSD RPI image, writing it to an SD card, and booting the system, which automatically resizes storage on first launch. While the onboard wireless card (BCM43438) is unsupported, Ethernet connectivity is achieved via the USB HAT, and basic configurations like timezone, NTP synchronization, and static IP assignment are covered. The system demonstrates stability with CPU frequency scaling between 600 MHz and 1 GHz, and the author plans to use it as a DNS resolver and DHCP server. Documentation links and troubleshooting steps are provided for reference.
Did we miss anything?
This newsletter is made from your content on DiscoverBSD and BSDSec. Submit the stuff we missed so it can appear next time.
Do you have an OSS BSD-related project that you would like to showcase in BSD Weekly? Reply to sender and we can showcase you as a sponsor of an issue (for free).
Do you know anyone who would like this newsletter? Consider forwarding and tell them to subscribe.
Thanks for reading and see you next week! Stay safe!