OpenBSD's Propolice stack protector origins

submited 14 December 2025

In a detailed retrospective by longtime OpenBSD developer Miod Vallat, the early development of Propolice—a stack protection mechanism—is explored as a pivotal shift in the project’s security philosophy. The article highlights how OpenBSD transitioned from focusing solely on bug-free code to actively making exploitation more difficult, even when vulnerabilities existed. Vallat explains the technical challenges of implementing Propolice across diverse architectures, including now-obsolete systems like OpenBSD/vax, ensuring broad compatibility. Though the term Propolice has faded from common use, the work laid critical groundwork for modern stack protection techniques in OpenBSD and beyond. The piece serves as both a historical account and a technical deep di…

submited 14 December 2025

DiscoverBSD - The BSD community linklog Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!

** Submit

** 14 December 2025

BoxyBSD talk at credativ’s Virtualization Gathering 2025

The 2025 talk at credativ’s Virtualization Gathering in Mönchengladbach, Germany, detailed the evolution of BoxyBSD, a free VPS platform designed to lower barriers for exploring BSD systems. Initially launched in late 2022 on spare hardware, the project expanded into a globally distributed, automated platform requiring no credit card or prior infrastructure knowledge. The presentation covered its transition from FreeBSD jails and bhyve to KVM and Proxmox VE, addressing scaling challenges and operational realities. It also highlighted related projects like ProxLB and ProxWall, emphasizing automation through Ansible modules and open tooling. The talk underscored BoxyBSD’s role in fostering community-driven learning and contributing to the BSD ecosystem, with slides and recording links provided for further reference.

OpenBSD’s Propolice stack protector origins

** 13 December 2025

Migrating from Azure Functions to FreeBSD

A developer details their transition from Azure Functions to a self-hosted FreeBSD server after encountering service disruptions and deprecation warnings. The migration was prompted by Azure’s planned end-of-life for its Linux Consumption plan, which no longer supported custom Rust handlers. The process involved adapting existing services to run as standalone daemons on FreeBSD, leveraging tools like daemon(8) for process management and newsyslog(8) for log rotation, while offloading TLS termination to Cloudflare Tunnels. The shift resulted in improved performance, cost savings, and greater control over the infrastructure, though it required manual adjustments for log handling, CORS configuration, and PostgreSQL integration. The author highlights the trade-offs, including the loss of automated deployments and staging environments, but emphasizes the long-term stability and simplicity of self-hosting.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.

** 12 December 2025

HardenedBSD 14-STABLE Deprecation Notice: March 2026

Shawn Webb, Cofounder and Security Engineer at HardenedBSD, announced the deprecation of support for the 14-STABLE branch, effective March 31, 2026. This is due to the upcoming release of FreeBSD 15.0 in December 2025. Users are encouraged to start testing HardenedBSD 15-STABLE, although the current package repository for 15-STABLE is not fully compatible with the quarterly release, requiring users to build their own packages for testing.

** 11 December 2025

Unwrapping ZFS: Key 2025 Open Source Contributions

The OpenZFS community delivered several major improvements in 2025, including a unified allocation throttle that optimizes data distribution across mixed-performance vdevs to enhance long-term performance and reduce fragmentation. Special VDEV enhancements now allow ZIL storage on high-performance flash, improving synchronous write IOPS for databases and virtual machines, while relaxed size restrictions for specialsmallblocks increase hybrid pool flexibility. Vectorized AES encryption boosts throughput by 80-100% on AVX-512 CPUs, and the new rewrite command enables in-place defragmentation and property updates without full data replication. JSON output support simplifies programmatic data extraction for monitoring systems. These contributions from over 100 developers including Klara Systems, Lawrence Livermore National Laboratory, and TrueNAS demonstrate the project’s growing collaboration and innovation.

BSD Now 641: Open to Free

This episode covers the release of FreeBSD 15.0, including its key features and improvements as outlined in the official announcement and release notes. It also explores a user’s experience migrating from OpenBSD to FreeBSD for firewall deployments, highlighting practical considerations and motivations behind the switch. Additionally, the episode provides a detailed explanation of ZFS Boot Environments, offering insights into their functionality and benefits for system administration. Other topics include a new configuration management tool called rocinante from the BastilleBSD team and a discussion on a recently discovered ZFS data corruption bug, including its technical implications and mitigation strategies.

FreeBSD may drop PowerPC 64-bit support

FreeBSD developers are considering discontinuing support for the PowerPC 64-bit architecture before the release of version 16, which would make FreeBSD 15 the final stable release supporting it. The proposal initially mentions both big-endian and little-endian variants but later focuses primarily on big-endian, leaving some ambiguity about the scope of the change. The decision appears influenced by the declining availability and higher cost of PowerPC hardware, despite its continued relevance in enterprise environments. Users have expressed concerns about the impact on legacy systems and the broader ecosystem, with some considering alternatives like OpenBSD/powerpc64, which is actively tested on Raptor hardware. The discussion also highlights broader challenges in maintaining support for less common architectures in open-source projects.

FreeBSD Foundation Q3 2025 progress highlights

The FreeBSD Foundation’s Q3 2025 status update outlines key advancements in technical and non-technical support for the FreeBSD Project. Major initiatives included the Laptop Support and Usability project with Quantum Leap Research and an infrastructure modernization effort funded by the Sovereign Tech Agency, resulting in 451 src, 71 ports, and 25 doc commits. Notable improvements covered virtual memory scalability, UFS reliability for large filesystems, support for systems with over 4 TB of RAM, and fixes for race conditions in timeout(1). The Foundation also sponsored 12 successful Google Summer of Code projects and participated in events like EuroBSDcon 2025 and the Open Source Summit Europe. Advocacy efforts included publishing tutorials, organizing the November 2025 FreeBSD Vendor Summit, and releasing newsletters and the FreeBSD Journal. Fundraising and legal support for FreeBSD trademarks and core team inquiries remained ongoing priorities.

** 10 December 2025

Recovering a botched FreeBSD 14 to 15 upgrade

An incorrect use of freebsd-update -r 15.0-STABLE install on a FreeBSD 14 system led to a broken installation due to missing shared libraries like libsys.so.7. The issue was resolved by leveraging a pre-reported bug with a workaround involving statically linked rescue tools to fetch and extract the missing library from a FreeBSD 15.0-BETA2 tarball. Additional steps included remounting the ZFS root filesystem as read-write, reinstalling the package manager, and upgrading packages. Post-recovery, a separate graphics driver issue caused kernel panics, highlighting ongoing challenges with AMD GPU stability in FreeBSD 15 despite its listed improvements. The process underscored the importance of reviewing release notes and updating packages before major system upgrades.

** 09 December 2025

Valuable News – 2025/12/08

The December 8, 2025 edition of Valuable News highlights the release of FreeBSD 15.0, marking a major update with improved package management, reproducible builds, and the end of 32-bit hardware support. Key coverage includes performance benchmarks on AMD EPYC, OCI 1.3 runtime compatibility, and upgrades like OpenZFS/OpenSSL enhancements. The issue also explores alternatives to Plex, OpenBSD tools like PuffyGuard for WireGuard deployments, and ZFS optimizations from Klara Systems.

** 05 December 2025

FreeBSD 15 key features and improvements

FreeBSD 15.0 introduces significant updates, including the long-awaited pkgbase, which allows package-based management of the base system for finer control over installations, smoother upgrades, and easier testing. Desktop and laptop users benefit from enhanced Wi-Fi support (802.11ac for Realtek and native Intel drivers), improved audio device handling, and fixes for AMD GPU stability. New offline help resources, like the networking(7) man page, assist users troubleshooting fresh installations. AWS deployments see faster boot times (up to 76%) and smaller "small" images (~1 GB), while bhyve now supports arm64 and riscv virtualization. Additional features include a built-in privilege escalation tool (mdo(1)) and broader hardware compatibility improvements.

BSD Now 640: Cleaning up Hammer

FreeBSD is an OCI runtime, ZFS Disaster Recovery, Cleaning up Hammer, and some historical information, and more.

Similar Posts