I was looking at TrueNAS CORE to see if it was a viable way to bsd-jail Linux containers. I'm really only doing this to get some protection from supply chain attacks given I'm fairly promiscuous at git-clone-and-run-a-build. Before that I was aiming for the same with Bastille and had got to the give up stage because it felt too fiddly to set up. This was a year ago. Maybe its better now
zVault is a fork that is effortless to migrate in-place, but pointless because it has had no updates since the fork, it's no different from just continuing to run the derelict final version of truenas core.
That just leaves xigmanas which I have not tried yet, but looks like a simpler more pure nas without the jails or vm manager, which people have told me can be filled by bastille.
Or really, I'm thinking rather than even xigmanas it probably makes more sense to just use plain freebsd and never get stuck like this again.
The host is stuck at 13.3. 13.3 went fully EOL December 2024. The pkg repos don't even supply packages for that any more. I have a bunch of services that run in jails, and currently I can just barely squeak by by "illegally" updating the jails to 13.5. It's not officially supported by upstream freebsd but I seem to be getting away with it for now. But even 13.5 is not going to last much longer. Then what?
So really the FreeNAS ui was nice an all, but not so nice as to be worth being stuck like this now. I probably should have just skipped it and just used plain freebsd which would never have had any such problem.
So maybe assuming zvault continues to not update when I finally need to move some jail past 13.5, maybe the next move is not even to xigmanas but just plain freebsd.
> Scotland has a lot of planted pine forests that have drowned out native species
Team Land management for Grouse hunting enters the chat.
https://www.mossy.earth/rewilding-knowledge/rewilding-scotla... ... "In the 1700s, large scale sport shooting and sheep grazing began to leave its mark on the landscape. Overabundant herbivores and over grazing, alongside regular burning, prevented woodlands from naturally regenerating, causing soil erosion, soil acidification, flooding, biodiversity loss and more"
For a while, I've been thinking that open source package portals will at some point take over making of binaries that get released. Dev teams will run their own CI with whatever automated test pipelines they think is appropriate. For a tests-pass situation and will pass the git hash to the portal system for release, which just runs compile and making the binary. Well, not all CI runs would result in a release, of course. Then the package portal's own software kicks in to calculate an independent since-last-release report that's attached alongside the maintainer release notes.
All such portals upgrade their hash/sig noting of binaries, and keep those in a history retaining merkle tree of sorts. Of nothing, else a git repo. Something like this https://github.com/hboutemy/mcmm-yaml/blob/master/aws/sdk/ko... but with SHA256s, and maybe not the entire world on one repo.
Agree. But the first build you do after that clone/checkout is risky too. Maybe not as wide open, as the build-tool makers are a line of defence if they're acting on classes of vuln.
He he, I might now be retiring my Ubuntu25 passwordless-sudoer NUC that's only for yolo mode projects. Or giving it more duties. Also - hello from Edinburgh!
reply