Loading...
Loading...
A trend of migrating workloads from aging Linux VPSes to FreeBSD on cost-effective Hetzner VMs is emerging as users seek better performance, lower prices, and experimentation with FreeBSD features like jails. One blogger described moving a decade-old Hugo/nginx site off Ubuntu 16.04 to a beefier Hetzner instance running FreeBSD, citing security and maintenance benefits. That optimism is tempered by a critical FreeBSD kernel flaw (CVE-2026-45250) — a setcred(2) stack overflow enabling potential kernel code execution — which forced rapid rebuilds and reignited debate over using memory-unsafe languages like C++ in core OS components. The two stories together highlight the balance operators must strike between platform advantages and urgent patching strategies for kernel-level risks.
Operators are increasingly choosing FreeBSD on budget VMs for cost, performance, and feature benefits, but kernel-level vulnerabilities can force urgent mitigations and service churn. Tech teams must weigh platform advantages against patching, rebuild, and incident response overhead for kernel exploits.
Dossier last updated: 2026-05-22 11:27:05
This blog ran on Ubuntu 16.04 for 10 years. I migrated it to FreeBSD
The author migrated a decade-old blog from an Ubuntu 16.04 droplet on DigitalOcean to a cheaper, better Hetzner VM and switched the server OS from Ubuntu to FreeBSD. The old setup ran nginx serving mostly static sites generated by Hugo, with a long uptime but unsupported packages due to Ubuntu 16.04 being end-of-life. The move to Hetzner reduced costs while improving CPU, memory and bandwidth; the author also used the migration to learn FreeBSD, explore FreeBSD Jails with Bastille, and benchmark site load performance. This matters because running EOL OS images poses security and maintenance risks, and the piece highlights cost, performance, and operational trade-offs when choosing hosting providers and OS stacks for small web sites.
The author migrated a decade-old blog from an Ubuntu 16.04 DigitalOcean VPS to a cheaper, more powerful Hetzner VM and switched the OS to FreeBSD. The old server ran static sites under nginx on a bloated, end-of-life Ubuntu with 1491 days uptime; the new Hetzner instance offers better CPU, RAM and bandwidth for a lower cost. The migration was motivated by security risks from unsupported Ubuntu packages and curiosity to experiment with FreeBSD, including using FreeBSD Jails with Bastille and benchmarking site load performance. The post walks through the prior stack (Hugo, nginx, apt/snap installs), hosting cost comparisons, and practical lessons from moving static site workflows to a FreeBSD environment.
A critical FreeBSD kernel vulnerability, CVE-2026-45250, was disclosed after a stack overflow in setcred(2) permission validation allowed potential arbitrary code execution in kernel context. Site reliability engineers and sysadmins raced to rebuild and patch affected systems; the bug was attributed to components implemented in C++, with commentary in the article arguing that the language is uniquely prone to recurring memory-safety issues. The story highlights ongoing trade-offs between systems programming in C++ and safety, and renews debate over memory-safe alternatives and tooling to prevent kernel-level exploits. It matters because kernel vulnerabilities enable privileged compromise of infrastructure and prompt urgent operational response across affected deployments.