I’ve been replacing sudo/doas on most of my FreeBSD boxes with something much smaller: mdo(1) + mac_do(4) from base.
No port. No sudoers parser. No setuid helper. Just a kernel MAC policy, a sysctl rule, and an explicit “SSH is the gate” security model.
Wrote up the full walkthrough for FreeBSD 15, including rule syntax, examples, caveats, and my surrounding hardening sysctls:
https://blog.hofstede.it/mdo-on-freebsd-15-base-system-privilege-delegation-with-mac_do/
RE: https://fosstodon.org/@ianthetechie/116581088984501220
@distrowatch quarterly should not be significantly later for security.
The recent example discussed with Ian Wagner was an exception.
The #eurobsdcon 2026 Call for Papers: Submit by June 20th!
https://2026.eurobsdcon.org/cfp/
Submit by June 20th, come to Brussels September 9-13 and mingle with #BSD people!
We also offer pre-submission guidance/mentoring, see within.
Wonder what BSD and the conferences are about? See https://nxdomain.no/~peter/what_is_bsd_come_to_a_conference_to_find_out.html
@EuroBSDCon #freebsd #netbsd #openbsd #freesoftware #libresoftware #brussels #bruxelles
Oh yeah.. I got my nice #cinnamon desktop, #firefox, wifi, sound, brightness control and now #php and #nginx running on this #freebsd machine!
Also have #helixEditor installed.. now lets see if I can get it all configured!
FediMeteo, HAProxy, and the art of not wasting snac threads
I don't use FreeBSD anymore, but something that always bugged me when I did was the issue of having to switch package repos from "quarterly" to "latest" and back again to be able to install certain software. This isn't clearly spelled out for new users, there's no mechanism to choose which repo you want in the installer, and it's assumed that any FreeBSD user just already knows about it and how to deal with it. It's clunky and annoying at the very least, and I feel it should be brought up during installation.
While the Handbook documents *how* to switch from "quarterly" to "latest", it doesn't explain that some packages are not available in one or the other, something that can confuse new users expecting all of their normal FOSS apps to be present in the package repo.
This was brought to mind while reading the Sylvie review by @distrowatch this morning.
FediMeteo, HAProxy, and the art of not wasting snac threads
> and I haven't heard anything about FreeBSD planning them
Whoops, looks like I missed some logical points (as usual 
) in my reply.
I didn't mean that #FreeBSD team planning to make described devastation changes. I keep in mind another scenario: if a lot of folks, disrespectful to ways embraced by existing users, will land to FreeBSD world, then the community will be unable to preserve existing values because it will be impossible to educate newcomers, especially if they wouldn't to listen and learn.
This scenario already happened in the Linux world. First, a lot of folks, who had at least Windows programming experience, landed to Linux — and then we have a Windows-like experience when programming in Linux for GUI desktop. Yes the current situation looks convinient who used to programming in MS-style. But not for Unix nerds.
Little example: cmd.exe in Windows had a shitty UI code, so the terminal was slow. MS mitigated it by writing a GPU-accelerated terminal, which became a really fast.
And now, in my lection about X server I hear questions like "why am I using xterm? It is slow because it isn't GPU-accelerated" 
But xterm didn't have same problems as cmd.exe, the first still instantly spews a lot of lines from dmesg without any GPU-acceleration
@Zenie
Larvitz 
Alexander Deplov 🇩🇪
Graham Perrin
Peter N. M. Hansteen
Mike 
cm0002
Morgan
hucste
Eugene 
