At a news conference Tues, Giovanni Diaz, one of Guevara’s attorneys, said that if his client was taken into #ICE custody he would likely spend some time at the agency’s downtown field office before being transferred to one of 2 South Georgia #immigrant #jails: the Stewart Detention Center or the Folkston ICE Processing Center.
Diaz added that Georgia’s immigrant #detention facilities are “overwhelmed.”
#law #immigration #democracy #FreePress #TargetedArrests #Trump #Gestapo
@kaixin try #poudriere to avoid watching shit scroll by. Or more seriously: building directly from the #ports tree will probably always be possible (if just for historical reasons), but opens up lots of opportunity for breakage. poudriere uses #ZFS and #jails to provide #reproducible builds in clean environments.
If you are looking for a container management workflow that's more production ready, consider #Ansible and #Jails / #Bhyve . Using Ansible for jail building and management is more flexible than Dockerfiles. And you can use it to create and manage BSD containers and Linux guests. This exposes full #Docker functionality inside a managed VM. Bonus is the full BSD networking stack, which is superior to Docker's networking IMO. Stability of a BSD base system, also.
A story from The Marshall Project on the use of light deprivation in jails:
TIL "#Overlord is a fast, distributed orchestrator for #FreeBSD #jails
oriented to GitOps." https://github.com/DtxdF/overlord
We discuss #jails & #prisons in #NYC & #NY State & the end of city control of the infamous #Rikers Island #jail. But first a #Washington #DC activist analyzes how the people have been moved to accept #fascist control over their lives & how they can fight back.
https://on.soundcloud.com/ok8gD09kGI24s8YL7L
#Politics #Democrats #Republicans #Liberals #Conservatives #Election #DemocraticParty #RepublicanParty #DonaldTrump #Trump #JDVance #JoeBiden #KamalaHarris #TimWalz #Democracy #US #USA #Musk #Fascism #Fascist
This morning's soundtrack:
https://www.youtube.com/watch?v=TpMzD8Q1fQg
Sipping coffee from Café du Monde (New Orleans - I have about 5 cans of it!)
Coming Soon: blog post by yours truly on running #Drupal on #FreeBSD on #ZFS with #bastilleBSD for managing the setup and configuration of the #jails
But for now... Work...
Philadelphia Measure Would Bolster Oversight for the City’s Deadly Jails
On May 20, Philadelphia voters will choose whether to create an independent body to investigate dangerous conditions that have plagued the city’s jails for decades.
After some days of troubleshooting FreeBSD networking and pf firewalling (and learning a lot in the process!), I finally made an article about FreeBSD VNet jails behind a dedicated firewall jail, that works with both IPv4 AND IPv6:
Internet <-> firewall-jail <-> application jail
I hope, someone might find that helpful. The detailed article is here in my Codeberg gists:
https://codeberg.org/Larvitz/gists/src/branch/main/2025/20250517-FreeBSDFirewallVnetJail.md
My next step is trying to get IPv6 address support into the marvelous tool jmore from @vermaden and sending him a pull-request for that :)
#bsd #freebsd #jails #networking #ipv6 #container #firewall #devops
It's still on my "to-do" to try/review it, but you might like:
https://github.com/austinhyde/ansible-sshjail
It allows to manage the #FreeBSD #jails through an SSH connection on the Jail host.
You can also use #OCI #Docker style containers on FreeBSD. Even #Linux containers work on FreeBSD.
I don't think there is solution to run FreeBSD containers on #Linux ;-)
After a while of fiddling, I got dual-stack for FreeBSD (IPv4 and IPv6) VNet Jails working properly and reliably 🙂
The important lessons, I've learned:
/etc/sysctl.conf:
+net.link.bridge.inherit_mac=1
/boot/loader.conf:
+if_epair_load="YES"
/etc/rc.conf:
+create_args_bridge0="inet6 auto_linklocal -ifdisabled addm vtnet0"
+ifconfig_vtnet0="up -tso -vlanhwtso"
+rtsold_enable="YES"
+rtsold_flags="-i -m bridge0"
Then, configuring ifconfig_bridge0_ipv6 as well as ipv6_defaultrouter for the host to have IPv6 connectivity as well as the network-configuration in the jail via $jail/etc/rc.conf (The jail of course needs it's own IP on the same subnet as the host)
Screenshots of the fully working configuration with a connectivity test are attached :-)
I use Jails with Ansible to automate their creation, their lifecycle management and automation of the jailed applications and I highly enjoy, how comfortable and easy it is.
No immutable images, no “Dockerfiles”, no weird volume mounts or image registries and no constant re-creation of images and new deployments just to update something. Just some simple, well isolated operating systems to run my applications in 🙂
I don’t say that Linux containers are bad. There’s for sure situations, where they shine. Just for my personal use-case, they are more effort in comparison to BSD jails and I’m a fan of “using the right tool for a task”
And the idempotent nature of Ansible automation makes it easy to describe them in a declarative way and manage them at scale.
Linux containers (OCI Containers) are ephemeral by design, except the volumes, you mount into them. In large scale environments, that can be useful (cattle vs pets argument). But that also introduces new challenges and makes it more complex to manage them.
For my personal environments, I like the approach of FreeBSD jails more. They are just a directory (or ZFS Dataset) with their own, persistent copy of the OS, easy to manage and the networking capabilities are flexible (bridged, vnet, they can be routed, firewalled, etc).
Jails are well aged, are around since FreeBSD 4 back in 2000, the non-ephemeral approach (and the absence of overlay file systems etc) makes them more feel like individual virtual servers than modern Linux containers but with extreme levels of flexibility.
Tools like jmore(8) (by @vermaden) and Bastille (Jails “Templates”) makes them even easier to manage.
I've made some useful updates to my #freebsd #sandbox script. It now uses #jails for isolation. In addition, you can customize the sandbox easily to do things like remove network access or mount directories into the sandbox as read-write or read-only. I plan on using this to easily host services on FreeBSD the same way I currently do on Linux, by running them in sandboxes under #tmux, which easier and more efficient than using #containers.
FreeBSD Sandbox https://fossil.tobykurien.com/freebsd-sandbox
Through the administrations of 2 mayors & several correction commissioners, the #jails continued to devolve, acc/to prisoners’ rights advocates & the monitor’s reports. In November, the judge found #NYC in #contempt for failing to stem #violence & excessive #force at the facility, which is currently run by Correction Commissioner Lynelle Maginley-Liddie.
#NYC has held onto its control of #RikersIsland w/white knuckles — struggling to show progress & reaching the brink of losing #oversight of the #jails as critics of the system called for an outside authority. Conditions have not improved, acc/to lawyers for the plaintiffs & the federal monitor.
NYC has spent >$500k per inmate annually in recent years, acc/to city data, well beyond what other large cities have spent, & yet detainees still sometimes go without food or proper medical care.
The official, called a remediation manager, will work with the #NYC correction commissioner, but be “empowered to take all actions necessary” to turn around the city’s #jails, Judge Swain wrote.
“While the necessary changes will take some time, the court expects to see continual progress toward these goals,” she wrote.
A federal judge overseeing #NYC’s #jails took #RikersIsland out of the city’s control on Tues, ordering that an outside official be appointed to make major decisions regarding the troubled & violent #jail complex.
The judge, Laura Taylor Swain, said in a 77-page ruling that the official would report directly to her & would not be a city employee, turning aside Mayor #EricAdams’ efforts to maintain control of the lockups.
#law #PrisonReform
https://www.nytimes.com/2025/05/13/nyregion/rikers-island-receiver-nyc.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=p&pvid=DCD52F94-91CF-4B52-8FA4-9B150ACB6903
