I use ULAs since my ISP changed my ipv6 prefix twice a month. What I learned is that ipv6 configuration usually requires a more 'comerical grade' router. In the end it works well for me but getting it setup initially took a lot of effort. Easy to do the second time though.

I later moved and my current ISP does not have ipv6 support but my ULA setup kept working fine with some minor tweaks.

Can't tow and can't carry anything, "get a van". Yeah, vans are known for their amazing tow capacity.

It's what all the builders round here use. Full-size Ford Transit and if they need to carry more than about three tonnes, a trailer on the back.

One of the downsides to using a van for these heavy duty use cases (speaking from experience) is that they're typically not equipped with powerful enough engines. So you end up straining the engine when towing heavy loads, which reduces the life of it considerably.

Also for a lot of vehicles, a GVM/GCM upgrade is needed to be able to tow certain loads.

Not defending these large american trucks. I think there are valid use cases for them (in smaller bodies), but the majority of the ones I see driving around are just for peoples pleasure and not utility.

Not only the engine, but also the transmissions and suspensions on commercial vans in the US aren't rated for duty past a certain gross weight.

The place you buy the thumb drive is also a stranger that can't be trusted.

This kind of paranoia isn't productive.

It was productive enough for the NSA and FBI when they were intercepting equipment deliveries and installing backdoors in them.

A USB stick that can secretly remember any file that looks like a key file or certificate would be very easy.

Windows 11 on 4gb of ram? I doubt it unless they are in hell and that is their eternal torture.

I like matrix and use it but it is no where near a Discord replacement. Setting up the modern Matrix auth and call are not easy and its just not as good or easy as Discord.

Yeah, the primary selection 'bug' is incredibly annoying, drives me nuts.

It already is, if you use most jail managers, this post is a manual approach.

I really don’t like jail managers because I need to learn a non-standard way to operate jails when I already know the manual approach. I just wouldn’t miss the boilerplate. Also, OCI containers > jail managers.

This is more like making an immutable linux container using only OS base tools. Docker is a whole stack doing the work for you.

I have to imagine systemd’s nspawn with btrfs integration took much inspiration. Combined with systemd’s service configuration it really makes a wonderful way of running distroless, immutable containers.

I second systemd-nspawn being a hidden gem for this usecase. I use git post-recieve hooks that target it for much of my ci/cd pipelines.

I also find myself using nspawn just to isolate apps like firefox, etc.

For those unfamiliar with FreeBSD, this is using base OS tools to manually create this type of immutable jail/container. This can be done with 'less effort' by using a jail manager.

Jail managers come and go. Base OS tools stay and are getting better and better. I would definitely stay away from ezjail as it us quite old, active development or even maintenance has stopped long time ago.

Author of the article seem to know what they are doing so I'm puzzled why they don't use `bsdinstall jail /path/to/jail` to implement basejail instead of manually unpacking archives.

No need for separate custom rc script to start `lo1`, it can be done with `cloned_interfaces` directive in rc.conf.

Updating and upgrading jails by passing `-b /path/to/jail` to `freebsd-update` works, but new recommended way has lately been `-j <jailname>`.

Cool article overall, the beauty of FreeBSD is also in possibility to do things in many different ways.

This is a very cool project! I had never heard of SystemVerilog until today.