A brief look at FreeBSD

Posted by todsacerdoti 11/12/2025

A brief look at FreeBSD(yorickpeterse.com)

164 points | 107 commentspage 2

Klonoar 11/12/2025|

> For a server there's no reason for user A to be able to see processes of user B.

I'm not sure about that. This isn't FreeBSD specific so it's a bit tangential, but I've certainly debugged systems where someone thought it appropriate to run their intensive job on a live box (mind boggling, yes). Seeing it smack dab under their name is kind of important.

Am I missing something?

bartekrutkowski 11/12/2025|

This is about unprivileged users - privileged ones can see everything. The idea is to make figuring out what's the surface of the attack harder (for those attackers who are less than skilled) by making it less obvious that 10 years old game server process is running on this OS.

toast0 11/12/2025||

The sysctls affect all non-root users. If you have them set, you have to do all the admin work as root.

If you have them unset, you can login to the server as you, see what your service user is up to, and only have to do interventions as the service user or root depending.

If you don't want your service to see what else is going on on the server, you can put it in a jail and not allow jailed processes to see out; not a bad idea to do that anyway, although it does mean starting the service needs root when it likely wouldn't otherwise (you can drop the high priviledged port to 79 and then your service can listen on port 80 without root)

runjake 11/12/2025||

It looks like current versions of FreeBSD support Linux containers and podman. Can anyone speak to the experience and performance there?

sunshine-o 11/12/2025||

Depending on what you are doing and what you wanna run you don't really need it. For most use cases, just `pkg install -j` (-j is for jail) what you want. Or just put the Linux binary (prefereably the musl/alpine one) in a thin jail it usually works.

I haven't tried podman in FreeBSD yet because from what I understand you can only run it as root right now, so it kind of defeat the purpose.

hexagonwin 11/13/2025||

I run archiveteam warrior docker containers on freebsd using podman, it just works as well as it does on linux

tsoukase 11/12/2025||

I think the closest cousin to FreeBSD is Arch Linux. Superb, in-house maintained documentation, light, elegant out-of-the-box options and solutions and the ports/AUR power. Only, FreeBSD includes the whole 1.2GB ports' tree of 24k or so packages in the initial install. Of course, an rm -rf /use/ports is possible.

Gud 11/13/2025||

You don’t need to install ports when you are installing FreeBSD.

sharts 11/12/2025||

And void linux

sivers 11/13/2025|||

Yes HUGE props to Void Linux. https://voidlinux.org/

Wonderfully under-rated. Robust as anything and SO FAST. It was my sole desktop OS for years, and while I’m dabbling with Debian right now, I miss Void the most. So lean and snappy.

Coming from OpenBSD and FreeBSD, Void Linux feels almost the same. Same rc init scripts and such.

binkHN 11/15/2025|||

What made you leave Void? I tried Debian, but I just couldn't do it; too dated and too many workarounds for the dated bugs. I tried Testing and Sid as well, but the only taste that I was left with was that these, somewhat obviously, are not meant to be production distributions and, while they get newer stuff, they're simply too buggy for daily use.

tcmart14 11/13/2025|||

In case you were not aware, there is a large overlap between people who work/worked on NetBSD and OpenBSD that also work on Void Linux, which is why Void feels like that. Juan Pardines being an example of one individual.

aap_ 11/13/2025|||

Yup! I used to use FreeBSD on my thinkpad but as time went on that became less practical and I've been on Linux ever since. First arch and then void kinda filled the spot. void feels a bit like home.

zeroq 11/13/2025||

I'll probably make fool of myself but could someone ELI5 what's the deal with BSD and why it matters?
I grew up in times when people were using stuff like Solaris, Novel and my older friends would occasionally gift me a whooping set of 7CDs with something like SUSE or RedHat so I could join the cool kids club.
While former - in my headspace - were like Oracle - specialized, enterprise solutions, the latter were just different breeds of Linux trying to compete with Windows. Nowadays, for an ordinary dude like myself, we pretty much settled on Ubuntu with plethora of different distributions for hackers and tinkers, but, at least for me, there's not much difference between Mint or Arch. It's like sports team, everyone has their own favorite team, but at the end of the day the all play football. Or fashion.
It's like if you'd ask me about a bike I could go for an hour long tangent about different breeds and brands, but at the end of the day if you just want to cycle around the neighborhood just pick any bike you can that more or less fits your size and you're set.

But for whatever reason BSD seems to occupy different space, why?

le-mark 11/13/2025|

The original BSD advanced quite rapidly independent of AT&T Unix and became the basis of many commercial unices. There was a 386 port that lived on as free/open/net bsd and others.

https://en.wikipedia.org/wiki/Berkeley_Software_Distribution

zeroq 11/13/2025||

Yes, I get that, wiki has a nice lineage graph, but again, if I don't care about all flavors of Linux distributions, why should I care about BSD? How are they different? And how does it really matter in the grand scheme of things?

I mean, if I want to deploy a service on the internet and I need a server, or I want a computer that would work as a weather station around my house, or simply a NAS - I need to pick an OS. At this point I may come to realization that there might be better solutions that my usual desktop system (ie Windows/Mac) and opt for more streamlined solution. But then I have all flavors of Linux. Why is BSD relevant?

Sorry if this sounds stupid, but this questions pops in my head every few years and every time I fail to find the right answer.

oofabz 11/13/2025|||

One of the main differences from Linux is BSD's separation between the base system and installed applications.

On Ubuntu, Arch, Mint, etc. there is no such distinction. Everything is made of packages, including the base system. You have packages for the kernel, the init system, logging, networking, firmware, etc. These are all versioned independently and whether or not they are considered "essential" is up to the user to decide.

On BSD, the base system is not composed of packages. It is a separate thing, with the kernel, libc, command line utilities all tightly coupled and versioned together. This allows the components to evolve together, with breaking ABI changes that would not be practical in Linux. This makes BSD better for research, which is why things like IPv6, address space randomization, SSH, jails, capabilities were developed there.

Packages are used for applications and are isolated to /usr/local. Dependency and compatibility problems only exist for packages. The base system is always there, always bootable, and you can count on being able to log in to a command line session and use the standard suite of tools. It is sort of like a Linux rescue image, except you boot off it every time.

mikem170 11/13/2025||||

I ended up on OpenBSD, having gotten frustrated with Windows, Suse, Fedora, FreeBSD and a Chromebook.

I grew to appreciate stability, over time - I don't want to have to fix things after updates, including my tweaks and customizations. I want complete control of my computers. I appreciate a cohesive and well documented system. I want simple and consistent and secure. I don't want the OS to take up more of my time than it needs to.

Perhaps you should consider the BSDs to be like different linux distributions, having their own priorities, pros and cons. Some people don't care. Some do. It's all good, having more options.

jackhalford 11/13/2025|||

I think it has a lot to do with licensing. Companies feel safer using BSDs because there’s no fear of being sued under the MIT license, I suspect this is the reason sony chose FreeBSD for the playstations. A second reason would be quality vs linux, netflix has been line rate encrypted traffic with FreeBSD just because the network stack is (was?) more mature than linux. We used it at $job for zfs file servers because it’s native and much more mature than linux alternatives.

georgehaake 11/12/2025||

Nicely done. Curious which VM host you used on the Mac?

YorickPeterse 11/12/2025||

I'm using UTM (https://mac.getutm.app/), mostly because it seemed like the easiest thing to set up.

pss314 11/12/2025||

FreeBSD has published a youtube video along with a blog post to run FreeBSD VM on Apple Silicon.

- https://www.youtube.com/watch?v=CWuZLJkUBfw

- https://freebsdfoundation.org/blog/three-ways-to-try-freebsd...

unacorner 11/12/2025||

It took FreeBSD almost 20 years to implement ASLR:

https://svnweb.freebsd.org/base?view=revision&revision=34396...

Is security not a priority for their developers?

laxd 11/12/2025||

My impression is that ASLR just hasn't been well regarded and prioritized. See for example this tweet by cperciva: https://x.com/cperciva/status/1528971801983823872

avadodin 11/12/2025||

ASLR implemented at the mmap level in 32 bits(which was 100% of FreeBSD usage in 2005) is less than 20bits of randomness try 1M times and you've broken it add to that limitations in early implementations where large swaths of the address space were reserved for kernel and shared libraries and you're in a scenario where many of your exploits maybe fail to run the first couple of times and that's ignoring side channels or kernels such as Linux degrading back due to difficulty adapting some other feature to use ASLR.

Lammy 11/12/2025|

> For example, ZFS seems interesting but Btrfs is probably close enough for most people.

They are not directly comparable since ZFS is also the volume manager for your ZFS filesystems, enabling features like `zfs send` of snapshots or entire filesystems for easy backups.

> Let's start with the first and probably most important step: setting up the network. […] I don't fully remember how I actually set up the network as it's been a while, but it involved adding the following to `/etc/rc.conf`

This would be a great time to show off FreeBSD's documentation. A great “Step 1” would be https://man.freebsd.org/cgi/man.cgi?networking(7)

And then later on when people reasonably wonder what the heck else is going on in `rc.conf`: https://man.freebsd.org/cgi/man.cgi?query=rc.conf

All of the modern `rc.conf` examples will also be using `sysrc` instead of telling you to edit the file directly, at first as a first line of defense against fatfingering the file formatting, and later when you get more advanced as a way to transparently descend into Jails' `rc.conf`s without having to think about it: https://man.freebsd.org/cgi/man.cgi?query=sysrc

One thing FreeBSD's installer does not do a good job with that's very relevant for laptop usage is any automatic setup of hardware-specific kernel modules. You will want to enable either `coretemp` or `amdtemp` (depending on your particular Framework model) which will automatically populate all the sensor data, easily queried via `sysctl`:

- https://man.freebsd.org/cgi/man.cgi?coretemp

- https://man.freebsd.org/cgi/man.cgi?amdtemp

  [Lammy@Emi] sysctl dev.cpu.{0..7}.temperature
  dev.cpu.0.temperature: 40.0C
  dev.cpu.1.temperature: 43.0C
  dev.cpu.2.temperature: 41.0C
  dev.cpu.3.temperature: 42.0C
  dev.cpu.4.temperature: 40.0C
  dev.cpu.5.temperature: 40.0C
  dev.cpu.6.temperature: 42.0C
  dev.cpu.7.temperature: 43.0C

e: and see my comment here about the quickstart firewall class options that let you avoid writing any of your own rules until you really want to! A laptop would do well with `firewall_type=client`: https://news.ycombinator.com/item?id=45794391

YorickPeterse 11/12/2025||

> They are not directly comparable since ZFS is also the volume manager for your ZFS filesystems, enabling features like `zfs send` of snapshots or entire filesystems for easy backups.

Btrfs supports both snapshots and sending/receiving them between different hosts. You can also create additional Btrfs subvolumes.

This is mostly what I meant with the differences between zfs and btrfs not being that significant for most: they largely seem to give you the same end result, instead taking a different path to get there. I do know that zfs is better in terms of reliability (or at least people love to bring that up), but it's something I don't have any experience with myself and thus can't comment on.

ssl-3 11/12/2025||

> https://man.freebsd.org/cgi/man.cgi?networking(7)

That document is a stunning illustration of beautiful simplicity.

buildbot 11/12/2025||

Meanwhile on linux, do I use netplan or NetworkManager or Systemd, maybe /etc/network/interfaces?

On the other hand, the lack of broad HW support means that my FreeBSD server burned 2x more power at low to mid usage levels than the same HW running Proxmox.

Gud 11/13/2025||

Why would your server ever run at low to mid usage levels ;-)