The Bridge
A document for BSD people coming to Linux, Linux people discovering ZFS, and everyone who’s tired of paying for things that should be free.
For BSD People
You already know ZFS. You know boot environments, jails, bhyve, pkg, and the beauty of a base system built and maintained as one cohesive unit. You know what real isolation looks like.
You’ve avoided Linux because it’s fragmented. Every distro does things differently. There are dozens of package managers. Getting ZFS on root requires fighting DKMS, initramfs, and a bootloader that doesn’t understand your filesystem.
kldloadOS changes that.
ZFS on root, deterministic dataset layout, ZFSBootMenu — you’ll feel at home immediately. kpkg wraps both apt and dnf into a single command — like pkg but for Linux. Offline darksites baked into the ISO — like building from ports, but pre-resolved. The installer drops you to a shell if you want to build your own pool layout.
What you give up
Real jails (Linux containers share a kernel). bhyve’s hardware-level isolation (KVM is close but not identical). The simplicity of rc.conf.
What you gain
Hardware support for everything. eBPF (the ‘e’ that BSD doesn’t have yet). NVIDIA CUDA. Docker/Kubernetes. Every open source project ships Linux packages first.
For Linux People
You’ve been running Linux for years. You’ve heard of ZFS but never used it. You think containers are isolated (they’re not — they share a kernel). You’ve been paying for tools that are literally one-liners in disguise.
ZFS redefines Linux.
Instant snapshots. Block-level checksums. Transparent compression. Native replication. Boot environments. Instant clones. Once you have ZFS on root, you can’t go back to ext4. It’s like going from manual backups to version control.
What kldloadOS Makes Obsolete
Every item below is something you’ve either paid for, spent hours configuring, or accepted as “just how Linux works”:
| The problem | The native solution |
|---|---|
| Site-to-site VPN | wg-quick up wg0 — 20 lines of config |
| Multi-node mesh network | WireGuard + a for loop |
| Centralized log collection | tar piped over SSH |
| Offsite backup | syncoid -r rpool backup:tank |
| Snapshot management | zfs snapshot -r rpool@today |
| Disk encryption | ZFS native — AES-256-GCM, per-dataset |
| LVM + mdadm + fsck | ZFS — one tool replaces three |
| Boot recovery | kbe activate before-upgrade && reboot |
| Network observability | execsnoop, tcplife — already installed |
| Intrusion detection | XDP + eBPF — line-rate packet filtering |
| Disaster recovery | syncoid -r rpool offsite:tank/dr |
| Load balancing | HAProxy — 50 lines of config |
| Network file sharing | zfs set sharenfs=on rpool/share |
| Replication | zfs send | ssh remote zfs recv |
The Real Examples
Encrypted mesh network — one command
PRIV=$(wg genkey) && printf "[Interface]\nAddress=10.99.0.2/24\nPrivateKey=$PRIV\n\n[Peer]\nPublicKey=HUB_PUBKEY\nEndpoint=HUB_IP:51820\nAllowedIPs=10.99.0.0/24\nPersistentKeepalive=25\n" | ssh root@PEER "cat>/etc/wireguard/wg0.conf && wg-quick up wg0"One command. Encrypted mesh node joined.
Log collection — one line
tar -czf - /var/log/ | curl -sST- -H "X-Token: $TOKEN" https://your-server/ingesttar was created to stream data the way magnetic tapes stored it. You can “stream” data because that’s what tapes used to do. Now move up from tape to ZFS replication — for free.
Linux vs BSD — The Real Question
Every “VS” comparison you’ve ever read is asking the wrong question. It’s not Linux VS BSD. It’s Linux OR BSD. What does each do well?
What Linux is good at
Hardware support — every driver, every chipset
eBPF — kernel tracing BSD can’t match (yet)
NVIDIA / CUDA — full GPU compute
Docker / Kubernetes — the container ecosystem
Package availability — everything ships Linux first
Performance — optimized scheduler, I/O, networking
Community — more users, more answers, more drivers
What BSD is good at
Real isolation — jails, not containers sharing a kernel
bhyve — hardware-level VMs from individual components
Simplicity — one base system, one pkg, one rc.conf
Security — Capsicum, conservative defaults, audited base
ZFS (native) — first-class since 2007, no DKMS
Documentation — the FreeBSD Handbook is the gold standard
Stability — conservative releases, things don’t break
kldloadOS sits in the middle.
ZFS on root — makes Linux feel like BSD to storage people.
WireGuard in the kernel — same simplicity as BSD’s network stack.
eBPF — the one thing BSD genuinely lacks.
kpkg — one package manager, like pkg but for both Debian and CentOS.
Offline darksites — ship artifacts in a bootstrapped ISO, like building from ports.
Boot environments — beadm/bectl equivalent on Linux.
Core profile — just ZFS on root, stock distro, nothing added — the BSD philosophy applied to Linux.
You don’t have to choose one forever. Use Linux where you need hardware support, eBPF, and NVIDIA. Use FreeBSD where you need real isolation, bhyve, and simplicity. Use kldloadOS when you want the best of both.
The Point
Linux and BSD are apples and pitchforks. Don’t expect BSD-level isolation from Linux containers. Don’t expect Linux hardware support from FreeBSD. They’re different tools built on different philosophies — and that’s the point. Learn the limitations of each. Use them together with purpose.
A word about expectations
Don’t expect OpenZFS to magically fix your problems. Every workload is different. The defaults are just that — defaults. If you don’t understand how to tune recordsize for your database, or when to use zstd over lz4, or why your ARC is eating all your RAM — you’re going to have a bad time. Not because ZFS is wrong, but because your expectations are. ZFS gives you the knobs. Learning which ones to turn is on you.
This is precisely why kldloadOS goes far beyond a normal installer. The documentation, the tutorials, the zero-to-hero guides, the appliance recipes — they exist to empower you to understand what you’re building and why. Not to sell you a product, but to give you the knowledge to make informed decisions. Because a tool without understanding is just a liability.
Code is free. Code is what you make of it. If you want to pay for a tool, a service, or a function — that’s your choice, fill your boots! If the product works for you, keep it — kldload won’t get in the way. But you should know what the native tools can do before you decide.
kldloadOS includes everything you need to build secure-by-default environments on hostile hardware in a way that wasn’t previously possible on Linux. Secure networking, eBPF observability, ZFS replication, boot environments — these are core required components, not optional bolt-ons.
“Learn the primitives. Understand the real computer. Because if it leaves the kernel — it’s already dead.”
— Anthony Carpenter
A Few Words from Anthony
I’ve been a staunch supporter of free and open source since before Wikipedia was built. I’ve been deprived of useful tools because of licensing squabbles for years. My answer to that has always been: get better, learn how, and teach others.
Every tutorial, every recipe, every one-liner in this project is the result of that answer. 70,000+ pages of personal notes. Decades of running real infrastructure. Distilled into something you can boot from a USB stick in two minutes.
It’s yours. Do what you want with it.
ZFS on Linux is going to enable awesome things. The tradeoff of a monolithic kernel is real — slower replication, higher overhead than FreeBSD. But the hardware support is unmatched, the ecosystem is massive, and understanding that cost makes you a better engineer.
The shift from “log into every machine and fix things” to “snapshot, replicate, rebuild” changes everything. Cattle, not pets. I’m just happy that anyone can now run OpenZFS on Linux, using only their nose. Getting the most out of nothing. That’s always been the game.
And I can’t wait to see what’s next.
A scene release done right.
Built by someone who’s been assembling disc images since before ISO 9660 had a Wikipedia page. BBS sysop, scene contributor, one of the original Threewave CTF server operators — Vancouver, 604, early ’90s. The darksite concept isn’t new. Self-contained packages with no external dependencies have been the standard in certain communities for thirty years. The tools changed. The philosophy didn’t.
— Anthony
Blackthorn · 604 · kldload.com · 2026