OpenBSD has issued security errata patches for the libexpat library affecting versions 7.7 and 7.8 of the operating system. The updates address vulnerabilities in the XML parsing library, which is widely used for processing XML data. Binary patches are available for amd64, arm64, and i386 architectures through the syspatch utility, while source code fixes can be obtained from the official errata pages for each release. Users are encouraged to apply these updates to mitigate potential risks associated with the identified flaws.
The Valuable News series curates a weekly summary of notable updates, articles, and resources primarily focused on UNIX, BSD, and Linux systems. This edition highlights key developments such as the release of The Book of PF (4th Edition) by Peter N. M. Hansteen, FreeBSD 14.4-BETA1 availability, and NetBSD 11.0-RC1 with enhanced Linux emulation. It also covers practical guides like setting up WireGuard on OpenBSD, implementing Carrier Grade NAT on FreeBSD, and migrating OPNsense DHCP from ISC to Kea.
The NetBSD project has announced the first release candidate for NetBSD 11.0, marking a significant step toward the final version after nearly a year of development on the netbsd-11 branch. The release includes both CD/R-sized and full-featured DVD ISO images, with users encouraged to select the latter for complete functionality unless constrained by media size. Installation notes and download links are provided for various architectures, including ARM-based devices via dedicated bootable images. The project invites feedback through mailing lists or problem reports to address any issues encountered during testing. This release candidate aims to refine stability and functionality before the official launch.
The first BETA build for the FreeBSD 14.4 release cycle is now available. ISO images for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, aarch64, and riscv64 architectures are FreeBSD mirror sites.
A NetBSD developer addresses concerns about Rust adoption in the kernel, contrasting it with FreeBSD's potential move toward memory-safety improvements. The post highlights NetBSD’s prior unconventional choice to embed Lua for driver prototyping while outlining practical barriers to Rust integration, including limited architecture support, compiler maintenance challenges, and incompatible release cycles. The reliance on binary bootstrapping conflicts with NetBSD’s source-based distribution model, and older Rust versions would quickly become obsolete for modern development. Despite these hurdles, the post acknowledges Rust’s technical merits but underscores NetBSD’s cautious, stability-focused approach compared to other Unix-like systems.
Effective OpenZFS deployments require continuous monitoring of pool health, snapshot behavior, and capacity trends to prevent data loss and ensure reliability. Key monitoring practices include manual checks using zpool status and automated scrubs to detect errors in storage devices, as well as tracking snapshot freshness to confirm backup integrity. Tools like Sanoid simplify these tasks by automating health checks, snapshot monitoring, and free space alerts, integrating with systems like Nagios or Healthchecks.io for notifications. Regular monitoring helps identify hardware failures, corrupted data, or misconfigured policies before they escalate into critical issues. For production environments, professional audits and support services can further optimize performance and mitigate risks.
This guide provides a comprehensive overview of audio diagnostics and optimization in FreeBSD, focusing on USB DAC devices and professional audio interfaces operating in bitperfect and real-time modes. It details key diagnostic tools like /dev/sndstat, hw.snd parameters, and sndctl(8), which offer insights into device states, buffer structures, and signal processing chains. The article emphasizes the importance of the xruns parameter as an indicator of audio stability, where non-zero values signal potential artifacts requiring configuration adjustments. It also covers system-level optimizations, including latency settings, USB polling rates, power management, and CPU C-states, all of which impact audio performance. Practical recommendations are provided for tuning these parameters to achieve stable, high-quality audio playback in professional and audiophile applications.
FreeBSD lacks native Docker support, but Podman—a Docker-compatible container engine—can bridge the gap by leveraging Linux binary compatibility. The process involves enabling Linux emulation, configuring ZFS storage for containers, and installing Podman with necessary filesystem mounts (e.g., fdescfs). Testing with a basic "Hello World" container confirms functionality, while deploying Uptime Kuma demonstrates persistent storage via volumes and automatic restarts. Containers under Podman run as FreeBSD jails, allowing manual conversion to traditional jails for production use, including ZFS dataset replication and custom jail configurations. Challenges include rootless mode limitations on FreeBSD and hardcoded ports in some applications, though workarounds like NAT or multiple IPs exist. Complex multi-container apps may require additional tools or VNET jail setups, but single-container deployments integrate smoothly. The approach offers a viable path for running Linux containers on FreeBSD without full virtualization.
The Valuable News weekly roundup curates notable updates, articles, and resources primarily focused on UNIX/BSD/Linux ecosystems. This edition highlights projects like smolBSD for minimal NetBSD Docker images, AutoBSD for automated FreeBSD installations, and Clawdbot for FreeBSD ports. It also covers hardware experiments such as running FreeBSD on LoongArch mini PCs and retro computing with 486 systems. Additional topics include comparisons between ZFS and Btrfs, advancements in FreeType rendering, and the release of OPNsense 26.1 with threat intelligence features. The roundup further explores niche BSD distributions like WiBSD, GNU/Hurd’s progress, and community-driven initiatives such as SonicDE for KDE/X11 preservation. The Usual Suspects section provides links to recurring BSD/UNIX news sources, podcasts, and video channels for ongoing updates.
The January 2026 report highlights HardenedBSD's infrastructure improvements, including migrating package repositories to a local server with greater storage capacity and planning full automation of builds and syncing. Development efforts focused on merging commits from hardened/current to hardened/15-stable, addressing installer crashes in 15-STABLE, and experimenting with mesh networking tools like Meshtastic and Reticulum. Key changes in the source include disabling WITNESS vnode lock checks due to FreeBSD filesystem updates, opting ipfw into automatic variable initialization, and removing an outdated MAC hook for jail destruction. Port updates included bumping ftp/curl to 8.18.0, updating Reticulum, and enabling ZEROREG for OpenSSL 3, which may impact performance. The report also acknowledges ongoing work on filesystem-related kernel panics and community contributions.
