#illumos #omnios is absolutely incredible. The system is very well designed IMO, I had already experienced the more cohesively designed #BSD but here it feels a bit *more* (although quite similar in some aspects to #freebsd of course).

Linux feels like a duct-taped amalgamation of random ideas, don't get me wrong I love Linux and all it represents, but it's a system that has been grown in any direction.

With Illumos instead it feels like you have orthogonal powerful building blocks you can compose into something greater than the sum of its parts. #zfs #dtrace #zones #crossbow it all works beautifully, both on their own and together.

After seeing how virtualized networking can be done in solaris, the docker networking stack feels so sad in comparison.

So far I'm very impressed.

#illumos #omnios is absolutely incredible. The system is very well designed IMO, I had already experienced the more cohesively designed #BSD but here it feels a bit *more* (although quite similar in some aspects to #freebsd of course).

Linux feels like a duct-taped amalgamation of random ideas, don't get me wrong I love Linux and all it represents, but it's a system that has been grown in any direction.

With Illumos instead it feels like you have orthogonal powerful building blocks you can compose into something greater than the sum of its parts. #zfs #dtrace #zones #crossbow it all works beautifully, both on their own and together.

After seeing how virtualized networking can be done in solaris, the docker networking stack feels so sad in comparison.

So far I'm very impressed.

I know a lot of folks are #Selfhosting big storage here, so this is a question for you!
Also, I follow you @stefano and @gyptazy and know you have hands on experience with this, hence the tagging.

I plan to upgrade my #Proxmox storage with 4 12+TB disk (mostly for expendable data, don't really care if I lost lot data if a disk dies, but they will be in #zfs raidz-1).

So for my current budge I'm thinking about buying WD Red Pro 12TB or I also found Toshiba Enterprise MG Series 20TB (MG10ACA20TE).

Do you recommend any of this, or can you help me find better disks?

Thanks for your help!

#askingforhelp #selfhosting #proxmox #ownyourowndata #sysadin #storage

I know a lot of folks are #Selfhosting big storage here, so this is a question for you!
Also, I follow you @stefano and @gyptazy and know you have hands on experience with this, hence the tagging.

I plan to upgrade my #Proxmox storage with 4 12+TB disk (mostly for expendable data, don't really care if I lost lot data if a disk dies, but they will be in #zfs raidz-1).

So for my current budge I'm thinking about buying WD Red Pro 12TB or I also found Toshiba Enterprise MG Series 20TB (MG10ACA20TE).

Do you recommend any of this, or can you help me find better disks?

Thanks for your help!

#askingforhelp #selfhosting #proxmox #ownyourowndata #sysadin #storage

My friends, I'm so excited and happy to introduce a new project: the illumos Cafe!

The positive and constructive spirit of the BSD Cafe, created and maintained by all the friends who participated from day one in building a strong and friendly community, deserves to spread to other operating systems. Because there are other OSes that deserve attention, certainly more than they're getting right now.

Operating systems based on illumos (like SmartOS, OmniOS, Tribblix, OpenIndiana, etc.) are mature, stable, secure, and perfectly usable for a wide range of tasks. ZFS is native, zones are an excellent method for containerization, and bhyve and kvm coexist beautifully - and so much more, too much to list in a single post.

So from today, the illumos Cafe will stand alongside the BSD Cafe in creating a positive, respectful, and growth-oriented (but also relaxing!) environment, starting right here in the Fediverse with a Mastodon instance and a snac one.

I've written an introductory article about the project, including some technical details. I invite everyone interested to read it: https://it-notes.dragas.net/2025/08/18/introducing-the-illumos-cafe/

Choose your table, take a seat and enjoy your time at the illumos Cafe!

#SysAdmin#IT#BSDCafe #illumosCafe#Community#OpenSource#OSS #illumos#SmartOS#OpenIndiana#ZFS #bhyve #kvm#Fediverse#Mastodon #snac#ITNotes

muppeth
muppeth liked this activity

My friends, I'm so excited and happy to introduce a new project: the illumos Cafe!

The positive and constructive spirit of the BSD Cafe, created and maintained by all the friends who participated from day one in building a strong and friendly community, deserves to spread to other operating systems. Because there are other OSes that deserve attention, certainly more than they're getting right now.

Operating systems based on illumos (like SmartOS, OmniOS, Tribblix, OpenIndiana, etc.) are mature, stable, secure, and perfectly usable for a wide range of tasks. ZFS is native, zones are an excellent method for containerization, and bhyve and kvm coexist beautifully - and so much more, too much to list in a single post.

So from today, the illumos Cafe will stand alongside the BSD Cafe in creating a positive, respectful, and growth-oriented (but also relaxing!) environment, starting right here in the Fediverse with a Mastodon instance and a snac one.

I've written an introductory article about the project, including some technical details. I invite everyone interested to read it: https://it-notes.dragas.net/2025/08/18/introducing-the-illumos-cafe/

Choose your table, take a seat and enjoy your time at the illumos Cafe!

#SysAdmin#IT#BSDCafe #illumosCafe#Community#OpenSource#OSS #illumos#SmartOS#OpenIndiana#ZFS #bhyve #kvm#Fediverse#Mastodon #snac#ITNotes

My friends, I'm so excited and happy to introduce a new project: the illumos Cafe!

The positive and constructive spirit of the BSD Cafe, created and maintained by all the friends who participated from day one in building a strong and friendly community, deserves to spread to other operating systems. Because there are other OSes that deserve attention, certainly more than they're getting right now.

Operating systems based on illumos (like SmartOS, OmniOS, Tribblix, OpenIndiana, etc.) are mature, stable, secure, and perfectly usable for a wide range of tasks. ZFS is native, zones are an excellent method for containerization, and bhyve and kvm coexist beautifully - and so much more, too much to list in a single post.

So from today, the illumos Cafe will stand alongside the BSD Cafe in creating a positive, respectful, and growth-oriented (but also relaxing!) environment, starting right here in the Fediverse with a Mastodon instance and a snac one.

I've written an introductory article about the project, including some technical details. I invite everyone interested to read it: https://it-notes.dragas.net/2025/08/18/introducing-the-illumos-cafe/

Choose your table, take a seat and enjoy your time at the illumos Cafe!

#SysAdmin#IT#BSDCafe #illumosCafe#Community#OpenSource#OSS #illumos#SmartOS#OpenIndiana#ZFS #bhyve #kvm#Fediverse#Mastodon #snac#ITNotes

Started building my entire infrastructure monitoring solution from scratch!

- Powered by FreeBSD! freebsd
- Using Jails and seperation of duty:
- One Jail running Grafana and Prometheus
- One Jail running Netbird Wireguard to connect my infra securely
- One Jail running Nginx and Certbot

All ZFS based for backup / snapshots and rollback options.

Routed and NAT'ed via a seperate dedicated pf jail.

All working fine, I get first metrics and can start slowly improve from here.

Todo:
- Alerts via AlertManager
- Log-Ingestion via promtail
- Log analysis with Grafana Loki
- Adding remaining servers via WireGuard Mesh VPN
- Adding another Jail for Uptime-Kuma

#monitoring #freebsd #grafana #loki #linux #devops #jails #bastille #zfs

Started building my entire infrastructure monitoring solution from scratch!

- Powered by FreeBSD! freebsd
- Using Jails and seperation of duty:
- One Jail running Grafana and Prometheus
- One Jail running Netbird Wireguard to connect my infra securely
- One Jail running Nginx and Certbot

All ZFS based for backup / snapshots and rollback options.

Routed and NAT'ed via a seperate dedicated pf jail.

All working fine, I get first metrics and can start slowly improve from here.

Todo:
- Alerts via AlertManager
- Log-Ingestion via promtail
- Log analysis with Grafana Loki
- Adding remaining servers via WireGuard Mesh VPN
- Adding another Jail for Uptime-Kuma

#monitoring #freebsd #grafana #loki #linux #devops #jails #bastille #zfs

With the recent #OpenZFS import into #FreeBSD main, Solaris-style named attributes are now supported. This means, for #ZFS datasets configured for this new feature, developers would call open(2) to open the named attribute (aka, filesystem extended attribute) as a file descriptor. One can use normal syscalls like read(2), write(2), lseek(2), etc. to interact with the attribute.

This provides a unique venue for stealthy code injection techniques. By combining Solaris-style named attributes with fdlopen(3), attackers can inject shared objects that are difficult to inspect via normal methods.

We have mitigated this kind of technique in #HardenedBSD by hardening the RTLD, teaching it to disallow any attempt to call fdlopen(3) on a named attribute file descriptor: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/4fec880a91e389a5bf6d5849c2b27e0f31a7d3ed

The FreeBSD commit that introduced the plumbing for Solaris-style named attributes: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/2ec2ba7e232dd126df0617194fd07be78c7a2ab9

The FreeBSD commit merging in the latest OpenZFS code with the Solaris-style named attribute feature implemented: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/df58e8b1506f241670be86a560fb6e8432043aee

#infosec

With the recent #OpenZFS import into #FreeBSD main, Solaris-style named attributes are now supported. This means, for #ZFS datasets configured for this new feature, developers would call open(2) to open the named attribute (aka, filesystem extended attribute) as a file descriptor. One can use normal syscalls like read(2), write(2), lseek(2), etc. to interact with the attribute.

This provides a unique venue for stealthy code injection techniques. By combining Solaris-style named attributes with fdlopen(3), attackers can inject shared objects that are difficult to inspect via normal methods.

We have mitigated this kind of technique in #HardenedBSD by hardening the RTLD, teaching it to disallow any attempt to call fdlopen(3) on a named attribute file descriptor: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/4fec880a91e389a5bf6d5849c2b27e0f31a7d3ed

The FreeBSD commit that introduced the plumbing for Solaris-style named attributes: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/2ec2ba7e232dd126df0617194fd07be78c7a2ab9

The FreeBSD commit merging in the latest OpenZFS code with the Solaris-style named attribute feature implemented: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/df58e8b1506f241670be86a560fb6e8432043aee

#infosec