BastilleBSD 1.0 is Here!
Big news from the BastilleBSD team! My favorite FreeBSD jail management system has just hit a major milestone with its 1.0 release.
https://journal.bsd.cafe/2025/07/15/bastillebsd-1-0-is-here/
BastilleBSD 1.0 is Here!
Big news from the BastilleBSD team! My favorite FreeBSD jail management system has just hit a major milestone with its 1.0 release.
https://journal.bsd.cafe/2025/07/15/bastillebsd-1-0-is-here/
New 𝗖𝗿𝘂𝗰𝗶𝗮𝗹 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗧𝗼𝗼𝗹𝗸𝗶𝘁 [Crucial FreeBSD Toolkit] article on the blog.
https://vermaden.wordpress.com/2025/07/08/crucial-freebsd-toolkit/
New 𝗣𝗼𝘂𝗱𝗿𝗶𝗲𝗿𝗲 𝗜𝗻𝘀𝗶𝗱𝗲 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗩𝗡𝗘𝗧 𝗝𝗮𝗶𝗹 [Poudriere Inside FreeBSD VNET Jail] article available.
https://vermaden.wordpress.com/2025/07/03/poudriere-inside-freebsd-vnet-jail/
At a news conference Tues, Giovanni Diaz, one of Guevara’s attorneys, said that if his client was taken into #ICE custody he would likely spend some time at the agency’s downtown field office before being transferred to one of 2 South Georgia #immigrant #jails: the Stewart Detention Center or the Folkston ICE Processing Center.
Diaz added that Georgia’s immigrant #detention facilities are “overwhelmed.”
This morning's soundtrack:
https://www.youtube.com/watch?v=TpMzD8Q1fQg
Sipping coffee from Café du Monde (New Orleans - I have about 5 cans of it!)
Coming Soon: blog post by yours truly on running #Drupal on #FreeBSD on #ZFS with #bastilleBSD for managing the setup and configuration of the #jails
But for now... Work...
I use Jails with Ansible to automate their creation, their lifecycle management and automation of the jailed applications and I highly enjoy, how comfortable and easy it is.
No immutable images, no “Dockerfiles”, no weird volume mounts or image registries and no constant re-creation of images and new deployments just to update something. Just some simple, well isolated operating systems to run my applications in
I don’t say that Linux containers are bad. There’s for sure situations, where they shine. Just for my personal use-case, they are more effort in comparison to BSD jails and I’m a fan of “using the right tool for a task”
And the idempotent nature of Ansible automation makes it easy to describe them in a declarative way and manage them at scale.
Linux containers (OCI Containers) are ephemeral by design, except the volumes, you mount into them. In large scale environments, that can be useful (cattle vs pets argument). But that also introduces new challenges and makes it more complex to manage them.
For my personal environments, I like the approach of FreeBSD jails more. They are just a directory (or ZFS Dataset) with their own, persistent copy of the OS, easy to manage and the networking capabilities are flexible (bridged, vnet, they can be routed, firewalled, etc).
Jails are well aged, are around since FreeBSD 4 back in 2000, the non-ephemeral approach (and the absence of overlay file systems etc) makes them more feel like individual virtual servers than modern Linux containers but with extreme levels of flexibility.
Tools like jmore(8) (by @vermaden) and Bastille (Jails “Templates”) makes them even easier to manage.
I've made some useful updates to my #freebsd #sandbox script. It now uses #jails for isolation. In addition, you can customize the sandbox easily to do things like remove network access or mount directories into the sandbox as read-write or read-only. I plan on using this to easily host services on FreeBSD the same way I currently do on Linux, by running them in sandboxes under #tmux, which easier and more efficient than using #containers.
FreeBSD Sandbox https://fossil.tobykurien.com/freebsd-sandbox
Through the administrations of 2 mayors & several correction commissioners, the #jails continued to devolve, acc/to prisoners’ rights advocates & the monitor’s reports. In November, the judge found #NYC in #contempt for failing to stem #violence & excessive #force at the facility, which is currently run by Correction Commissioner Lynelle Maginley-Liddie.
#NYC has held onto its control of #RikersIsland w/white knuckles — struggling to show progress & reaching the brink of losing #oversight of the #jails as critics of the system called for an outside authority. Conditions have not improved, acc/to lawyers for the plaintiffs & the federal monitor.
NYC has spent >$500k per inmate annually in recent years, acc/to city data, well beyond what other large cities have spent, & yet detainees still sometimes go without food or proper medical care.
The official, called a remediation manager, will work with the #NYC correction commissioner, but be “empowered to take all actions necessary” to turn around the city’s #jails, Judge Swain wrote.
“While the necessary changes will take some time, the court expects to see continual progress toward these goals,” she wrote.
A federal judge overseeing #NYC’s #jails took #RikersIsland out of the city’s control on Tues, ordering that an outside official be appointed to make major decisions regarding the troubled & violent #jail complex.
The judge, Laura Taylor Swain, said in a 77-page ruling that the official would report directly to her & would not be a city employee, turning aside Mayor #EricAdams’ efforts to maintain control of the lockups.
#law #PrisonReform
https://www.nytimes.com/2025/05/13/nyregion/rikers-island-receiver-nyc.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=p&pvid=DCD52F94-91CF-4B52-8FA4-9B150ACB6903
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗧𝗵𝗼𝘂𝗴𝗵𝘁𝘀 𝗔𝗳𝘁𝗲𝗿 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝘀 to the 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 article.
https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/
"Letter after letter showed me a refreshing disregard for that invisible tyranny of taste determining what we 'should'—even 'must'—read."
Jackie Snow for The Los Angeles Review of Books: https://lareviewofbooks.org/article/reading-behind-bars-and-beyond-barriers
Footguns
Casey Liss:However, a few years back, Eero fell victim to every corporation’s favorite thing: recurring revenue. Eero started quietly pushing Eero Plus, a subscription service that I was largely [...]