Author details how to cache Mastodon with nginx on FreeBSD while handling content negotiation correctly, covering cache keys for HTML/ActivityPub/JSON variants, bypass rules for private traffic, and TTL strategies for assets, media, and dynamic pages. The guide includes production-tested configurations for thundering-herd protection, failover, and logging to verify cache behavior.

OpenBSD now randomizes the link order of httpd and smtpd at boot, extending the anti-exploit measure already used by sshd. Theo de Raadt’s commits split smtpd into six privsep binaries for finer-grained relinking and add a generalized RELINK mechanism in bsd.prog.mk to simplify future adoption. The changes are available in snapshots for testing.

fatgid exploit details, why ZFS excels for multi-user media production, and a guide to hosting a private pkg repo behind mutual TLS for secure BSD package distribution.

The FreeBSD community hosted its first regional hackathon in Frankfurt, Germany, from April 24–26, 2026, drawing 25 participants from across Europe, including experienced committers and newcomers. Held at a sponsored Innovation Lab, the event featured intensive hacking sessions and yielded key contributions, such as closing 120 bugs, implementing Software Bill of Materials (SBOM) functionality, and completing a German translation of the Sylve tool. The hackathon also facilitated networking and informal discussions during a sponsored barbecue lunch, with organizers expressing plans to repeat the event in future years due to its success.

The FreeBSD Foundation announced that travel grant applications are now open for EuroBSDCon 2026, taking place September 9–13, 2026, in Brussels, Belgium. Application deadline: July 7, 2026.

The HardenedBSD project detailed its May–June 2026 developments, highlighting the near-complete migration from self-hosted GitLab to Radicle for version control, though some workflow adjustments remain. Key priorities included fixing release image generation—particularly the disc1.iso—integrating Radicle into auto-sync processes, and replicating GitLab’s commit email functionality, with manual syncs performed interim. Recent FreeBSD security advisories prompted new builds for 16-CURRENT and 15-STABLE, though installer image issues persist, limiting testing to roughly two attempts per day. Infrastructure changes involved migrating ISP accounts, temporarily losing IPv6 tunnel support, while source updates addressed LLVM 21 compatibility, Radicle integration for core tools, and hardening improvements like sysctl node logic enhancements. Ports updates included fixes for multimedia/ffmpeg, pkg/2.7.5, and initial Radicle-based distfile downloads, alongside disabling PIE for devel/ccache4 and COMPAT32 for older misc/compat versions.

OpenBSD has issued errata patches addressing vulnerabilities in the X server, smtpd mail server, and vmd virtual machine daemon for versions 7.8 and 7.9. Binary updates are available for amd64, arm64, and i386 architectures through the syspatch utility, while source code patches can be obtained from the official errata pages.

This guide details the step-by-step process of establishing a WireGuard VPN connection where a FreeBSD client initiates a connection to an OpenBSD monitoring server. On the OpenBSD side, the setup involves creating a WireGuard interface, generating keys, and configuring network settings via /etc/hostname.wg0. The FreeBSD configuration requires loading the if_wg kernel module, generating private and preshared keys, and setting up the interface using rc.conf and rc.local for persistence across reboots. The final step involves adding the FreeBSD peer details—including its public key, allowed IPs, and preshared key—to the OpenBSD configuration and restarting the interface. The connection is verified via ping, ensuring secure communication for metrics, logs, and alerts between the servers. The guide assumes OpenBSD 7.9 and FreeBSD 14.4 but notes compatibility with nearby releases.

This episode of BSD Now highlights the release of OpenBSD 7.9, marking its 60th edition, alongside updates on FreeBSD’s critical infrastructure cleanup efforts. The show also features GhostBSD’s January 2026 financial report, Oracle’s reduced update frequency for Solaris 11.4, and a guide for running FreeBSD on a ThinkPad T14 Gen 2. Additional segments include NetBSD’s role in Apple Time Capsule devices, DragonFly BSD’s updated DPorts contribution guide, and a discussion on OpenJDK improvements for FreeBSD.

Database workloads differ significantly from traditional file storage, requiring specialized caching and I/O strategies to maintain performance and data consistency. This article examines how Direct IO functions within OpenZFS, detailing its interaction with the Adaptive Replacement Cache (ARC) and database buffer caches. It explores scenarios where bypassing the filesystem cache can enhance latency, throughput, and NVMe performance for database operations, including considerations for alignment requirements, compression benefits, and trade-offs between filesystem and database-managed caching. The discussion covers use cases where Direct IO improves predictability over raw performance, particularly with high-concurrency NVMe storage, while acknowledging that optimal configurations depend on factors like database type, data compressibility, and hardware capabilities. The piece concludes by emphasizing the importance of workload-specific testing to determine whether leveraging ZFS ARC or Direct IO delivers better results.