Hi

hello

does anyone know how to add a new connection to wpa_supplicant?

restart netif ?

netif?

etc/rc.d/netif

cpet una pregunta

yes?

is there any convention for mounting name or path?

I want to be consistent

not sure why it would matter

names are better as if you change a drive it wont fail to boot

as iot would be the same

cpet: so I edit wpa_supplicant.conf and /etc/rc.d/netif restart?

pretty much

jhpotter: make sure to log regardless of success

mictty: sorry I don't quite understand

wdym?

jhpotter, some people like to log all the things while others just look for errors

log?

like on IRC?

var/log/*

jhpotter: iirc i see wpa related client interacts with router to connect in kernel message once I boot after wpa configuration

jhpotter: so you understand how it works in detail

mictty, you only need to know if it failed if it didint why log ?

and why

cpet: maybe I'm nerd

to each there own on that

jhpotter: you don't need to log. I changed my mind.

mictty, whats easier to read Hey it failed or maybe it failed or maybe not it failed, at 4:00 it ran then at 5:00pm it stopped ?

cpet: I would start with line breaks

people get upset when you paste a lot so

cpet: 'maybe not it failed' like Yoda hired as a sysmin

Yoda is a jei not a sys admin

cpet: overemployment is a thing in this era

so is veteran discrimination

cpet: I deeply agree with that veterans deserve better

cpet: i think the clauses are ordered inconsistently and it makes it difficult to read

mictty: /mnt[/directory] is for local mountpoints, /net[/directory] is for remote mountpoints as outlined by hier(7).

cpet: you wrote like [state] [time] [time] [state]

example

cpet: it failed at 4:00 then at 5:00 it stopped

that is the standard hierarchy; some people choose not to follow it

we have words for those people. they are not intended to be insulting.

debdrup Molnija thanks, what about the directory names? Have you seen any suggestion?

mcfrdy: pick whatever fits

I usually find an ID or serial number via diskinfo -v and use that if it's an external drive.

debdrup: it looks good. thank you.

Does anyone know what the major TLDs and root server's run as DNS software and how they mange to scale it up? Is it BIND with just text files? I doubt it.

BIND NSD

and whatever KNot DNS is

VeriSign is known for sure, because they've documented the process (Project Titan, if memory serves) - they're very deliberately using both BIND and nsd on a mix of FreeBSD Linux.

FreeBSD and Linux*

Interesting. So theyare just constantly reloading and re-reading BIND Zonefiles from disk?

It's probably cached in memory.

Wondering what happens when for example a new .com gets registered,

They're root servers.

a yeah, those would needs updates less often

but a TLD server operator I guess would have something other than simple zone files

The root file is about 2MB.

They're responsible for pointing to the TLD operators, not all of the internet.

If memory serves, the URI for the root zone is internic.net/domain/root.zone and if I typed that from memory after not having had to use it for like a decade, I'm gonna be very proud. :D

yeap

I see, wow so many more TLD's these days, I guess I was asking the wrong question :).

gTLDs caused a lot of what some consider to be bloat.

dont like .beer ?

I think somewhere between the number we have now and the number we used to have might make more sense, but opening it up to absolutely everyone might not've been the smartest.

The correct question I guess is, (for example)... the .com TLD. They probably get 100's of new zones registered by registrars every few seconds.

If you got ~$100k, you can get a gTLD so long as someone doesn't already own it.

How does a DNS service like BIND handle such constant updates?

tuaris: I think you need to buy a book on DNS.

:)

yeah, but first trying to make sure I know which type of book to buy

BIND for dummies ?

iana.org ?

Would it describe how to scale it up to the level of running your .com TLD? lol

I should write a tinydns-data that accepts BIND zone files.

dont see what the beef is with BIND/Sendmail

keep them updated

Well, BIND is fine. Sendmail.. I just can't wrap my head around the config files

m4 is more of a language than config files

Who's talking about sendmail?

I am

debdrup: Your memory probably does not fail you, but if not, the item has moved; iana.org/domains/root

Title: Root Zone Management

. 518400 IN RRSIG NS 8 0 518400 20221202170000 20221119160000 18733 .

has it now ?

Molnija: it's not a root zone file, becauuse it doesn't end in .zone ;)

cause 20221119 looks like today

debdrup: true, though it should be two clicks from there

Molnija: and the URI I typed from memory _is_ the official root zone file.

cripes

youll get over it

so it in

is

weird that it's on internic and not iana, but understandable

That belongs in layer 8 and 9 of the OSI model. :P

the OSI model doesn't belong

(They're "Financial" and "Political" in case you're not familiar with the joke)

ICANN owns it now, but it used to be the organization who was responsible for DNS.

i thought L8 was the user

Yes, that's a common mistake to make.

L9 and L10 would thus be money and uncle trudeau

that's one to commit to the memory banks.

The user is, for all intents and purposes, layer 7 of the OSI model.

I didn't invent it, it's pretty much as old as the internet is ;)

It's been on t-shirts and everything.

so "end layer 7" = omnicide?

dont like shirts with text on it

cpet: same.

I still wear my old service shirts

for what those cost im wearing them till they break down

we always said layer 0 was the power grid and the user was layer 8

I don't know who we are, but financial and political have been layer 8 and 9 for as long as I can remember.

so much for on topic

I seem to recall having found something that linked it to Evi Nemeth on net.wars back in the 80s.

Damnit! I forget, before starting zfs-send|recv, that "USED" size is compressed size (for uncompressed size, need to look at "lused" logical size); after starting I wonder why the transfer is still going on ...

parv: mbuffer?

debdrup, What do you mean?

debdrup: does that work with a mesh, though?

parv: it's a utility that is often used in conjunction with zfs send | receive (even locally) because it helps create a buffer that data is piped into, which in turn speeds up zfs send as zfs send loops between finding data to send and sending it (it doesn't do them in parallel).

KungFuJesus: that's a good question. :)

debdrup, Oh ok. Thanks; will remember for the next time

I'd like to setup multiple freebsd based APs in a mesh and use a wired backhaul for the mesh topology. My nodes would be separated far away enough that one node would barely have the signal of another

I'm not sure what's mesh about that, and I'm also not sure FreeBSD supports meshing.

802.11r aka fast BSS transistion ought to suffice, I'd think.

Although truth be told, I don't know that that's implemented either :)

yes fast transitioning between base stations is more or less what I want it for

supposedly 802.11s is supported from what I've read but there's not a ton of documentation on it

hello there

Very short time, recent read

long time no see?

;-J

parv: would you share some knowledge?

mictty, Depends on the issues. What is going on?

parv: can I extract all sequence of prompts before the compilation or that installtion?

Are you compiling software via Ports?

parv: yes

parv: it seems people just want to 'yes' for all prompts in case of typical questions on the internet

You could do: make config-recursive # repeat until there is more dialog; or select the default options via BATCH=yes (in /etc/make.conf or as environment/make variable)

How can I tell devd to ignore /dev/cd0? /var/log/devd.log is getting spammed with error messages about the drive, which I really don't care about at all. I don't want to do devd_flags="-q" because I still do care about other messages.

s/repeat until there is more dialog/repeat until there is NO more dialog/

Reading the man pages right now but haven't run into the config option yet.

Oh, I have to add a negation match, don't I?

parv: it was quick. Thanks, parv. Have a good day.

mictty, Bye

What is a good PCI NIC that is reliable? the one that comes within Gigabyte Z77-DS3 is spotty.

you can put a pcie nic in that thing

which one should I pick?

Something like Intel (I225, I350)

ebay.com/itm/224933652407 for a cheap intel

Title: For Intel(R) 82573 controller 1.25G NIC Network Card Single RJ-45 port PCIe x1 | eBay

thanks

nacelle, which cheapest wifi network card that supports wake on lan?

dual band

yes fast transitioning between base stations is more or less what I want it for

supposedly 802.11s is supported from what I've read but there's not a ton of documentation on it

i dunno wifi chipsets that well, sorry

i'd guess something atheros, but -shrug-

hi all

Improving ZFS performance on *fast* NVMe hardware: youtube.com/watch?v=v8sl8gj9UnA

Title: Scaling ZFS for NVMe - Allan Jude - EuroBSDcon 2022 - YouTube

is there a setting for freebsd pkg in which it lists pkg(s) in a treelike heirarchy?

with deps branching off from the main pkg?

I don't know, but how would that work in non-trivial cases? What if a package is required by multiple other packages?

you'd be ok with duplicated entries?

Hi. How can I lower the volume of the "Alert Beep"? (generated for instance with \a in C code)

kodcode, you can either tunr it on or off

cpet: How so?

kodcode, openbsd you can actually change the pitch

do you know which console you are using syscons or efi?

aka vt

cpet: How can I find this out?

sysctl -A|grep VT

kern.vty seems to get less noise :)

is that what it is ?

VT(efifb): resolution 1920x1080

ah

so you would use this

kern.vt.enable_bell=0

cpet: Can I ask where you got this parameter from?

sysctl -A|grep bell

cpet: OK, thanks. Still learning :)

kodcode, sysctl -A if you want it perm you add them to /etc/sysctl.conf and you can reload them by doing service sysctl reload

cpet: Done. Thanks once again!

or if you know what you are doing you can just solder off the speaker on mobo

heh

good morning i have two wireless network cards im trying to connect them to differnet networks my question is do i need to use a separate /etc/wpa_supplicant.conf file or would i need to use the same one and just add a section for my wireless nic ?

what are the odds my freebsd install iso is compromised and someone has access to my system/?!?!?!?!?

bsdbandit: The manpage wpa_supplicant.conf(5) does not state an ifname, but wpa_supplicant(8) does. So, I think, you do need seperate configuration files. “-c config-file” and “-i ifname” for wpa_supplicant.

Title: wpa_supplicant

ok thank you Kalten

richardbanger, I can't estimate the actual odds, but you should always use https to download both the .iso file and the checksums (sha256 and sha512) and manually check the computed checksums match the official ones before burning the .iso or using it to install a VM.

bsdbandit: manual pages are very helpfull ;-)

“man wpa_supplicant”

Or as shown above, “Documentation” and there “Manual Pages” on freebsd.org as well, as the Handbook e.g. on the same page “Documentation” and there “Handbook” (for many things)

Title: The FreeBSD Project

richardbanger: at least the checksums via https ;-)

(At some point, you fall into "Reflections on trusting trust" territory. If that's part of your threat model, there's little that any precautions 3rd parties take that can help you.

)

someone could spoof the https page and feed me a compromised iso to stalk me

we can post the checksums to you here, iff you like. For which image files do you want them?

i cannot trust freebsd anymore i have to move on the openbsd

That requires compromising several 3rd parties, because of how SSL works. And OpenBSD won't help you there. It would have the same problem.

richardbanger: why is there a difference in your opinion?

i have to build openbsd from source cant trust libera

richardbanger, you need to read "Reflections on trusting trust".

whats wrong with richardbanger ?

whats wrong with freebsd richardbanger

?

You do not trust: freebsd.org, ftp.freebsd.org  e.g. ftp.at.freebsd.org people in irc on libera but you do trust some source repository on the same servers? Same with OpenBSD. Do you read the whole code of the system?

Title: The FreeBSD Project

Greetings. I am trying to set up a power on/off schedule for my NAS. Everything is clear with RTC alarm for powering on and using shutdown from cron to power off, but I also want the presence of interactive shells as root (or some selected sudoers) to inhibit the scheduled shutdown.

I am trying to determine if there is a root session like this: if [ who |grep -v root ]; then shutdown -p 2200 'Save your work!'; fi

What is wrong here?

What does downloading a FreeBSD iso file have to do with libera?

Kalten: those are honeypots. they want my honey!!!!!

richardbanger: are you drunk?

alex1216, [ ... ] isn't some shell magic but merely an alternative to test ...

Libera as in libera irc, right?

alex1216: if you logged in to your NAS, and then changed the user vie “su”, than “who” still lists the user, you were using to connect to your NAS via “ssh”. Just try it out.

alex1216, I don't think you need test (or [) here. Try: if who | grep -vqF root; then ...

alex1216: you only want to write this, if it is not a root? Oh. Well: I would use either:

who | grep -vq root ; if [ $? -eq 0 ]; then ...

for iff no root in the output of who.

Or:

if [ `who | grep -v root | wc -l  | tr -dc '[:digit:]'` -gt 0 ]; then ...

“$?” is the exit code of the last call, “-q” means: only return exit code.

"sudo rm -rf /*"

will solve all my freebsd issues

alex1216: Ah! Did the shutdown wait, but the user not see the message? I think messaging hast to be on for the user: “mesg y”. You could use “wall 'bal'” to test it for all users

Kalten, the shell didn't accept 'if' syntax, and looks like it was csh set for root in /etc/passwd. Changed it to sh, will try now...

richardbanger: not quite, I think. That would not delete files starting with a dot in the root directory. So—no “*”.

what is dyn drey?

alex1216: the users shell is not that important here. The shell of the cron script is. It should start with the line “#!/bin/sh“ to be a sh script.

Kalten, would it work if I put it as 'sh -c "if... "' to the crontab?

alex1216: better do not write complex commands directly into the crontab file. Write them into seperarte files: best e.g. write it into some file /batch/nas-auto-shutdown.sh

...8<--- /batch/nas-auto-shutdown.sh

#!/bin/sh

if [ ......

--->8...

than “chmod +x /batch/nas-auto-shutdown.sh” and either call it inside /etc/crontab or better create another file e.g. /etc/cron.d/nas-auto-shutdown and in that one use the same syntax as in /etc/crontab.

...8<--- /etc/cron.d/nas-auto-shutdown

#minute hour    mday     month   wday    who     command

0   2     *    *     *    root    /batch/nas-auto-shutdown.sh

--->8...

thank you for your help this morning Kalten

that -i ifname in the wpa_supplicant,conf file does the trick

bsdbandit: perfect :-)

Kalte, looks like for now, there is still not so many automation to have an dedicated site-local scripts directory. Anyway, 'sh -c "who |..."' seems to work, thanks. :)

i have done it. i captured the demon beastie and forced him to write the os from scratch

What kind of drugs are you on? Or not on?

richardbanger: the Beastie is a daemon, not a demon. (Not something bad, but simply a being working in the background, neither beeing good nor evil)

Title: Daemon (computing) - Wikipedia

Kalten: are you from the netherlands>

richardbanger: no, I am from Austria.

do you know arnold?

richardbanger: no, but I do live not far from his parents house (in Styria, near the north edge of Graz (capital) more prezisely in Thal) which is there

Title: Way: ‪Arnold-Schwarzenegger-Museum‬ (‪131984313‬) | OpenStreetMap

richardbanger: continue dreaming.... hehehehe

could someone confirm for me that they can build a meson-powered port like devel/jsoncpp? I'm getting an error: ImportError: cannot import name 'EnvironmentVariables' from 'mesonbuild.mesonlib' (/usr/local/lib/python3.9/site-packages/mesonbuild/mesonlib/__init__.py)

you want what ?

devel/cmake-core might be a better example

well lets see on a dump vm

pstef, any special options ?

if we focus on devel/jsoncpp then that simplifies the answer to a plain "no"

ok

this is a bhyve vm so

pup keeps eating walnuts and I dont think they are even good for dogs

pstef, have anything wonbky in src or make.conf freebsd isnt arch or gento

so much wonky stuff I wouldn't know where to start

paste

I don't think it has anything to do with make.conf or my local changes to the ports repo

I'd blame port configurations if anything

bleh

===> Registering installation for cmake-core-3.24.3_2

pstef, youre welcome

cpet: thanks

ah, it has something to do with setuptools

bsdbandit any chance you're friends with Tyler Robinson?

that name sound familiar antranigv

bsdbandit from Security Weekly?

bsdbandit he texted me around October that bsdbandit is gonna be on the show and if you're a friend of mine :D

yesssssss

i am

:)

owwwwwww yip yop

ip

yip

how are you doing antranigv

?

lol

small world

bsdbandit too few BSD people in the SecurityWeekly community, so they assume we all know each other hahaha :D

bsdbandit good! how's SecBSD going?

hehehe

i know right

its coming along im hoping to work on it some more this holiday while hanging out with some friends and family

:)

bsdbandit are the issues open somewhere? I'd like to support as I don't want to run Kali on my M1. OpenBSD runs on ARM, right? :D

openbsd does run on arm

im actually going to test if i can run secbsd on my macbook air m1

in a vm

:)

lol

right now we done have open issues yet

thats coming though

bsdbandit thank you for the work <3

:)

Title: Index of /pub/SecBSD/

im guesssing that running off a local ISP cause damn

How [cw]ould I go about copying text in a file & paste it on CLI (vt, not a X11 session) without mouse buttons?

parv, Is tmux/screen an option? Those both support cut-n-paste. (I am using tmux right now.)

Otherwise the standard way is to save to a temporary file and then read back from the temporary file.

Text is already in a file

Also a time honored method is to grep lines from files and when they are what is wanted just pipe them to a shell process.

I need to supply long, complicated password to ZFS de-encryption step

grep foo | sed s/this/that/ ...and if that looks like a good command then... grep foo | sed s/this/that/ | sh

shift insert

hrm thats with a mouse

so yeah tmux or screen

Ok, let me see ...

Shift-Insert is an X paste feature. I don't think available on the vt console.

yeah amongst other things

guess screen blanking is not needed with uefi :)

Can zfs read the password from either stdin, a generic file descriptor, or a file? I have no idea, haven't explored that part of zfs.

should

I used screen for many years and kept hearing people talk about tmux. I decided to try tmux. And now I am using tmux full time. It grows on you. :-)

I encrypt swap but I dont encrypt the main disks so

bbiab

parv: does the mouse work?

rtprio, No mouse is wonky; there is no working right or middle button

your passphrase or key is on disk and you need to run a command with it?

did i understand that right?

Yes

can you `cat my-key | zfs load-key -r mypool ` ?

rtprio, Do not worry as I still need to verify the password is correct (forgotten; used john-the-ripper to extract but does not seem to be working)

Currently I am looking for a way to be able to use salt text to generate the encrypted password text

oof, that's... a bummer

Else, "cat cracked | openssl passwd -6 -stdin" does not match the the entry in "/etc/master.passwd"

no it would not

... missing salt would be one reason