Thanks koobs

Hi all

\dev\null: o/~

:)

seeing a strange issue trying to configure nat in vnet jail on only certain hosts: ipfw: setsockopt(IP_FW_NAT44_XCONFIG): Invalid argument

looking at the code..is there any guide on how to write data to the console or some other good way to report data from inside the kernel?

want to examine what's happening inside ipfw_nat_cfg in sys/netpfil/ipfw/ip_fw_nat.c

hmm, i guess i can just use printf

man 9 log

printf is my personal favorite

thanks

Back on freebsd koobs w/Current i decided something. i've given almost 3 days trying to fix my internal mic issue. i've reinstalled freebsd 3x ghostbsd 2x and linux 2x lmfao!! i really want freebsd so im going to buy some dongle thing thats a mic that plugs into usb or my headphone jack and call it a day. something small

i've leanred about my system i can tell you that. i can be up on freebsd in 30 mins from a clean install

whats the best practicefor ZFS NFS share to allow write on pool? i could do simple permission change to allow writing from nfs client, but is there a better approach

it is local network, so that i do not mind dumb ways

Hello!

Is FreeBSD vulnerable to the new serious OpenSSL Heartbeat 2.0 bug?

FreeBSD isn't using OpenSSL 3.x, so no.

FreeBSD base has OpenSSL 1.1.1o (in 13.1), not sure offhand about ... what debdrup said.

Well, that's assuming that it doesn't apply to 1.x, which is the version FreeBSD uses.

AFAIK, report was only for 3.x.

The pre-announcement only mentioned 3.x which means people assume it only applies to that.

twitter.com/iamamoose/status/1584908434855628800 says versions < 3. It's from "the Apache Software Foundation (ASF)'s VP of Security", per zdnet.com/article/openssl-warns-of-…y-vulnerability-with-upcoming-patch, linked in Bruce Schneier's blog post about it. Make of it what you will.

Title: Mark J Cox on Twitter: "OpenSSL 3.0.7 update to fix Critical CVE out next Tuesday 1300-1700UTC. Does not affect versions before 3.0. t.co/jIRQhx0nCr" / Twitter

s/< 3§/< 3 not affected/

Man, the code of /src/*/usr.bin/indent is utter lossage.

bakcopy() performs a copy of the origin file, instead of moving it.

a move is just a copy and an rm.

debdrup: yes, when working across filesystems. In the same filesystem, it involves creating a hard link, then deleting the old file.

So, I'm probably going to take usr.bin/indent out of all context, and add this change, and release it. This product contains software developed at the University of California, Berkeley (?)

Remilia: you're right, it's just that I'm so used to creating zfs datasets instead of folders that it works out I basically never get the hardlink+delete old file behaviour. :D

> <debdrup> FreeBSD isn't using OpenSSL 3.x, so no. < Ah, nice

Thankyuwu

ifp

debdrup: wrong highlight there, you meant Reinhilde

meeyow?

I should set up the qmail on my workstation to forward emails to the qmail on my main server.

one must not set up qmail

one must patch qmail

netqmail even?

or schmonz's notqmail?

also accidentally stumbled upon this theregister.com/2022/05/20/freebsd_131

Title: FreeBSD 13.1 released • The Register

and El Reg writers prove they cannot read good documentation

> Even the newest FreeBSD is still a bit more basic than that. You had better be happy at a shell prompt and using vi to create a few config files because even after the installation program has finished, most things are done from the command line. We Googled how to install Xfce,

why not follow the handbook

Remilia: yes, yes I did.

Remilia, snarkiness is their shtick. Praising documentation just wouldn't do.

otis: A fork of Amitai's notqmail, yeah.

yuripv: yes.

Remilia: Too late. ;)

is a compressionratio of 1.25x in ZFS equivalent to a 25% reduction in storage usage ?

I believe so.

Remilia: if you want _really_ bad, <archive.ph/dwxxV#89%> FreeBSD 14.0 introduces a new feature called “Bash”.

Gosh.

Title: archive.ph

last1: It does not mean that.

Got a source on that?

Yes, one of my filesystems has 3.95x compressratio. That means it would compress to less than 0 bytes.

Nonsense.

Got a source on that? :P

Text that takes up 4kB on disk and compresses by 8x compression won't suddenly take up anything other than 512B.

My point is that if 1.25x = 25% reduction then 3.95x would imply a 295% reduction.

That's not exactly a big reduction.

I'd argue that a 295% reduction is quite substantial.

The entire base system, in binary format, compresses at almost 3x with lz4, and 4x with zstd, if memory serves.

Yes, so? Processors are very powerful nowadays, compared to what they were when Lempel and Ziv started working in the field. ;)

V_PauAmma_V: <old.reddit.com/r/freebsd/comments/uxuf92/-> "Ignoring the article's flaws, it's not a _bad_ advertisement for FreeBSD. …"

Title: FreeBSD 13.1 released • The Register : freebsd

It's probably less confusing to say "the uncompressed version takes 3.95x as much as the compressed version".

Sure, but with inline compression and compressed ARC, the uncompressed data doesn't really exist anywhere.

<startpage.com/do/dsearch?query=Xfce+FreeBSD&cat=web&language=english> top hit is an undated page from 2015, no mention of Handbook until page 5 of search results, that's in the context of a 2013 blog post.

maths is good. you should study it.

I think 1.25x means a reduction of .25/1.25, or 20%.

V_PauAmma_V: I agree. 1.25x = 20% reduction. 3.95x ~= 75% reduction.

Ways in which math and English don't mesh #48926489267: in math, "4 times more than 100" is 500. In English, it's increasingly 400.

(see also "inflamable".)

statistics is offtopic

;)

Not when they relate to discussions of FreeBSD features.</literal-minded>

Coldcold

just saw this cgit.freebsd.org/src/commit/?id=744…b213144c63cbaf38d91a1c4f7aebb9b9fbc

Title: src - FreeBSD source tree

that is so cool :)

grattis FreeBSD!

grahamperrin: archive dot ph shows me a captcha page which does not display a captcha ahaha

Remilia: alternatively, <web.archive.org/web/20211024134653/…you-most-looking-forward-to-in-2018> near the foot of the page. It gets better …

Title: Which Linux OS are you most looking forward to in 2018? - Linux Operating System

grahamperrin: oh, ‘It allows users with limited command-line experience to run arbitrary programs with elevated privileges on Linux’

I see

this is where I post that pop team epic panel, right?

i.koumakan.jp/2022-10-29/1667057184.png this

So, I use Bash (a feature of FreeBSD 14.0-CURRENT, not a feature of Linux) in FreeBSD on Linux. Arbitrarily.

I use Git Bash which is a feature? of git? on Windows?

It's the Freebisdulator.

The poor cousin of Linuxulator.

hurray for wg in tree. congrats

I have a really stupid re_format question

I am calling sed with 's/route:[[:space:]]+//' and my goal is to replace 'route:<some whitespace>' with an empty string

what am I doing wrong here

if I remove the + it works (for the first whitespace after 'route:')

oh, * helps, I forgot all about REs

sorry for the noise

I have an issue with a php code that fails with: sem_get(): failed for key 0xe0638b9e: No space left on device

is there a tunable config for number of semaphores ?

Hi folks! I noticed that the "bind" non-root user with uID=53 can open TCP port 53 without being root. Sysctl "security.mac.portacl" is not defined in the system. Where can I trace what allows that user to open the port, and what other rules are allowed?

net.inet.ip.portrange.reservedhigh and -low are also set to the defaults 1023 and 0.

are you sure that it's not starting at root and dropping privs?

duh. You are right. The script uses "envuidgid $USER" which I assumed to drop privileges. But that only sets env vars for the desired user. Thank you rtprio

ya, np

I accidently, because I wasn't paying attention to what I was doing, ended up doing 'sudo zfs destroy -r zroot/bastille' in the wrong tmux window. I quickly did contrl-c several times to cancel the command, but it seems that some parts of zroot/bastille may have gotten deleted anyway. Is there a way to recover from that without having to redo everything that I had ?

Probably not.

mns: from backup, yes. otherwise, most probably no.

snapshots maybe ? not sure how to use them though or if they're enabled.

probably not, a destroy would've yeeted them too.

destroy -r also destroy any snapshots

anyy descendants of zroot/bastille (filesystems, volumes, snapshots, clones...)

otis: ok was not aware of that. dang

I may be able to recover quickly enough. Lets see what happens.

take it positive: you can exercise your disaster recovery scenario(s).

that's, uh

most of us don't have that.

in worst case, you'll only get 50% success rate. disaster: yes, recovery: no.

I think it will be the 50% success rate this time

:-)

What up everyone

Hi folks. Need help in finding a solution to this: dpaste.org/Dn58q#

See "exec.start" on line 6. That passes some arguments taken from some files. That fails because likely the outer shell expands the command in the host, before actually executing the (expanded) command line inside the jail

any idea how to achieve that same effect while taking the configuration only from within the jail?

ok, I was wrong on that. The shell command is actually run within the jail.

morn

Instead of rebooting all the time is there a restart for each pkg I install that rc.conf and loader.conf get updated?

rc.d ?

jb1277976_: yep rc.d (from ports theyre in LOCALBASE/etc/rc.d)

service <servicename> start

if you havnt yet put 'foo_enable=yes' in /etc/rc.conf, then you can use service <servicename> onestart

There is only rarely a need to reboot. Such as when doing a major upgrade which includes the kernel.

only time you need a reboot is for loader.conf stuff

there might be ways to kernel module unload/load (reload) to re-read initialization configurables, but im not sure

Hey koobs

jb1277976_: how are you

fine

koobs: how do i know what service to reboot. do i just get the name of whatever i need and thats what i restart?

s/reboot/restart/

compliing my first every port on freebsd. there is no binary for it freshports.org/print/epson-inkjet-printer-escpr2 im excited

Title: FreshPorts -- print/epson-inkjet-printer-escpr2: Epson Inkjet Printer Driver 2 (ESC/P-R) for Linux

jb1277976_: each rc.d script has a name variable, which shows up in `service list`

yea i was tired of rebooting every time i updated rc.conf lol

but thats for any operating system

kinda sorta, some support some levels of runtime upgrading/reloading kernels

or kernel modules

koobs: did i tell you i gave up on trying to get my internal mic working. i bought a dongle from amazon. will keep an eye on bug 262579

262579 – Framework Laptop: headset/mic input issues bugs.freebsd.org/bugzilla/show_bug.cgi?id=262579

jb1277976_: i found some root causes / same problem in other OS's

ok

the internal array mics via webcams are 'digital mics', which are problematic/special from a config point of view

i have a set of links i identified, that ill doc somewhere at some point

but the feeling i got was, in the absence of an automated system (device id matching/etc) to setup pins properly, its going to need device specific setup

got it

but in this case, too, the setup is very special internally

linux has this: sofproject.org

Title: Home - Sound Open Firmware

and i found issues for your device even as late as 2022

whats interesting about sof is: "BSD/MIT licensed firmware and BSD/GPL licensed drivers"

yea

wondery why it hasn't been ported?

its quite linux specific

im just saying (at least its not only gpl)

whats youre device again ?

let me get it one sec

15-.....

yea something like that

whats the full value?

koobs: support.hp.com/us-en/document/c07914557

Title: HP ENVY x360 Convert 15m-es1013dx Product Specifications | HP® Customer Support

es, right

so

Title: 213953 – HP x360 Spectre speakers not working (Tigerlake, 15-eb1xxx/8811)

thats what linux (realtek driver fixup for your device) did

Title: HP x360 spectre 13-aw2619nz No sound in internal speaker · Issue #3300 · thesofproject/linux · GitHub

3300 – Adaptec 2940U Problems bugs.freebsd.org/bugzilla/show_bug.cgi?id=3300

still issue sin late 2021

and another thesofproject/linux #3195

Title: ASoC: Intel: sof_sdw: fix jack detection on HP Spectre x360 convertible by plbossart · Pull Request #3195 · thesofproject/linux · GitHub

and another: thesofproject/linux #3152

Title: HP Spectre 13-aw2020ca believes headphones are connected · Issue #3152 · thesofproject/linux · GitHub

3152 – FreeBSD 2.2-STABLE: getty does not initialize %m, %s, %r and %v bugs.freebsd.org/bugzilla/show_bug.cgi?id=3152

Title: [BUG] Microphone on HP Spectre x360 13-aw0xxx doesn't work · Issue #3519 · thesofproject/sof · GitHub

3519 – new port: comms/snooper bugs.freebsd.org/bugzilla/show_bug.cgi?id=3519

so, theyre aware of issues, and still have remaining open issues

wow, thanks for doing research

see also: wiki.archlinux.org/title/HP_Spectre_x360_(2020)

Title: HP Spectre x360 (2020) - ArchWiki

many code repos reference that page

now, the 'convertible' (intel) is seprate but also similar

but that page refs "This wiki covers the HP Spectre x360 released in 2020 containing TigerLake CPUs"

but doesnt include your 15-es*

but, same sound/hardware setup

and same problems

" Part of profile(s): HiFi

[In] Mic1: Digital Microphone (type: Mic, priority: 100, latency offset: 0 usec, availability unknown)"

see

yep

I'm using freebsd on raspberry pi and get new updated images weekly. Trying to streamline keeping as much between new images. Homedir is on a USB, and so will /etc/* with a pkg cache. I guess /usr/local/etc/* also worth backing up? Anything else spring to mind?

Is backing up sshd's keys a good idea? possibly better to just remove it from my known_hosts so private key never leaves root filesystem?

/var/db/* certain things (if you care about package db, etc)

/etc if you modify

" so will /etc/* with a pkg cache." ah

localbase/* can contain customised things and configs

so not just /etc

some ports/packages have entire heirarchies in /usr/local/<thing>/*

including data

fragcula: since youre using usb for home, doesnt this cover keys?

Hmmm, installing packages taking an age so far (python taking ~2 hours). So perhaps will just have to be very judicious with what I install

koobs: I mean the server fingerprint, I think the private key is in /etc/ssh

I suppose no real risk as if someone got to the USB it's game over anyways!

fragcula: your user keys are in /etc/ssh ?

not ~/.ssh/id_* ?

my user keys definitely in ~/.ssh

what stage are packages 'slow' in ?

but if I try and connect to the server the fingerprint will have changed

right youre talking about the host fingerpint first gen thing

extracting

some people are pretty clear cut about separate of base/local (for configs too)

and modify as little in /etc as possible

so cache wont save much tbh

for ssh you can use the port/package, which uses LOCALBASE/etc/ssh/*

then youd capture all of that 'custom config'

if you want to keep it

i suppose the question is, having 'backedup' whatever you do, whats the use case for 'restoring' ?

and does that use case have a threat vector/model where not having the old host fingerprint is relevent

mhmmm, yeah, I guess the threat overwhelmingly is me not updating and being at risk through missing a sshd update

in which case I can just do whatevers most convenient with the server keys

fragcula: are you reinstalling with each image or what?

rtprio: yeah, just flash the image to the SD, boot and it does some first boot magic (resizes partitions etc). SSH over and have a script to copy over those files and reboot

there are probably easier ways to update your system. but also, why weekly

i don't expect you're going to be missing much every week

rtprio: it's cause it's running on a raspberry pi 1 so not a top tier supported platform

fragcula: what branch of freebsd are you ?

freebsd-update doesn't work

on*

koobs: 13.1

mmm.

rtprio: no I imagine not, but I don't keep an eye on updates so alternative would be to watch out for security updates I guess

i found pi1 to be unusable on freebsd

rtprio: whats the main issues/gaps ?

because it's _old_ and _slow_ and limited in memory

im not familiar with the arch, but care about developer board usability

armv6 so really old stuff

koobs: one issue was it took 10-20 seconds to negotiate ssh key login

right

i was going to use it as a bastion host, but i determined it was too slow even for that

anything not just a function of constrained resources?

I don't have that problem, I'm using ed25519 dunno if that makes a difference

koobs: i suppose not

koobs: I think it's soft floating point

ah

right now biggest issues for me is filesystem stuff is unbearbaly slow

yep. also that

usb host is managed on same chip as ethernet (dunno if also same as the SD card used as the root file system)

SD card means you pretty much have to turn off logging (or redirect)