with `pkg+httpd://pkg.FreeBSD.org/${ABI}/latest` as url?

I think i had it at quarterly

i'll check once it finishes

quarterly vs. latest is a trade-off. Not all port maintainers request merging security fixes into quarterly, thus latest can be safer. But there's a lot of churn in latest.

I'm not sure why there's a mismatch?

or what to do about it?

nvm, i think i forgot the second freebsd-update install after rebooting

sounds like some error there.

:(

so pkg update and pkg upgrade don't have anything to do

the error about the kernel version isn't there anymore

but there's still a whole bunch of things that complain about libraries

vim for instance still says that it can't find libncurses.so.8

pkg show ncurses says it has libncurses.so.6

but pkg install vim installed it and didn't say it was upgrading or anything and it works?

Maybe better:/ get list of installed packages, delete all packages,

install packages from list

let’s see

`pkg query -e '%a = 0' %o > my_installed_packages_not_automatic`

hmmm... I do a `pkg backup -d pkg_db_backup` too.

theoretically no changed configuration files should be deleted.

unknown command backup

theoretically… ;-)

it's running 1.19.0

my pkg is still 1.18.4

I really should have took a snapshot before I embarked on this

than I do backup most in /etc/ /usr/local/etc/

ah, looks like past me was nice to me and has it automatically snapshotted each week

than I stop sendmail, than fetchmail, then I set set fetchmail_enable to nNO in /etc/rc.conf

than stop imapd apache24 mysql-server all via `service somedaemon stop`

so what should I do with the installed not automatic packages?

than `pkg delete -afy`

than some rm of `/var/db/pkg/local.sqlite*`

and then?

some checks, it seems. But I think more or less `pkg install -y someport`

pkg install -y `cat my_installed_packages_not_automatic`

or maybe the \n are not OK:

pkg install -y `cat my_installed_packages_not_automatic | tr '\n' ' '`

sometimes the pkg names seem not to be ok?

wait

ok, it's doing a thing

there was somethig....

i removed things like php56

Ah. No: that command did list them including cathegories

I just sent it through xargs

If you invoke a pkg for each package, nothing can be optimised, all checks must reoccur. If you call ONE instance of pkg it will faaaaaaaaaaar faster.

xargs passes all of them at once to pkg

ok

did it work? (or still ongoing?)

Kalten, I think it's back and working

jolly good! :-)

I had a minor detour because I thought a service was on it, but I had moved it off it seems

a while ago

but yeah, after reïnstalling all the packages it seems to be working

Thank you so much

;-)

gp5st: just being nosy: from where do you come from? (I am from Austria (in the middle of Europe))

Is Wireguard really all it's cracked up to be? If I have to choose between gre and wireguard, what's the best choice? I am seeing a lot of fans writing about it, but haven't found anything about it on FreeBSD yet, aside from the ports of course.

ghoti: I think so, but i've only been running it for four years. GRE isnt a real choice since its not encrypted. (If you need to use GRE you would use it and not bother with wireguard, but there are better lan to lan protocols these days)

nacelle: I'm connecting to a third party that has given me the choice of wireguard, gre+ipsec or sit, which I think is an unsupported fortinet thing. I guess .. it's time to try out wireguard. :)

Should I be looking at the kmod?

there should be a metapackage

wireguard-kmod and wiregurad-tools

I dont see why you wouldnt try wireguard first there - presuming you want the highest throughput

nacelle: hence my question -- I haven't used wireguard before, so I want to know if it is stable. :) I have been using OpenVPN for maybe a decade, but that isn't an option..

stable on other OSes, becoming so on FreeBSD... -shrug-

its not much code

(relatively)

ghoti: ipsec has a bunch of knobs you can turn that may affect your security (including the ability to have an ipsec tunnel with no encryption whatsoever). wireguard has no such knobs, so there's less stuff that you can break as the end-user configuring the tunnel

regarding wireguard on freebsd specifically: there _was_ that snafu a few years where netgate paid someone to implement wireguard for freebsd but the implementation was garbage and it almost made it into freebsd 13

but that didn't happen, and (as far as i know) wireguard's creator actually got involved to write the implementation that _did_ make it into freebsd

so i'd expect it to work fine

ghoti: I use wireguard in production (with heavy traffic) since a year and it works like a charm

(on both 12.x and 13.x)

mage do you know what you get in perf, comparing direct vs wireguard?

I'm getting over zerotier ~ 2/3 of line capacity, which is good enough for my needs

anybody familiar with ssh X11 forwarding? I need to start firefox on my desktop, while seeing it on my laptop. for $REASONs

I'm doing `ssh -A6X dch@wintermute` because its an ipv6 vpn

then `echo $DISPLAY` shows `localhost:10.0` which seems sensible

then running `firefox` just hangs

I can't even ^C or ^Z in the remote ssh

Have you tried it with -Y rather than -X ? That's usually the first thing to try.

I just found that, same non-result

interestingly, if I run firefox inside a tmux, I still lose kbd control. maybe time for running ssh with -vv to see whats up

debug1: Requesting X11 forwarding with authentication spoofing.

debug2: X11 forwarding request accepted on channel 1

that seems ok

maybe I should try something simpler

something like xcalc is a simple choice

can i have a user summary like adduser?

`timeout 1s xset q` fails, so we are clearly not finding the local X server

micttyl: can you be a bit more specific? dump out a list of users, in the same format as adduser ?

the /etc/passwd file is world-readable and contains everything except group info, which is /etc/group

human readable summary.

scripting is not the solution i am looking for if you may answer like so

how about `pw usershow $USER -P` ?

I think that's almost exactly what you want

huh, neat, useful

micttyl there's no builtin way to do this for all users, so wrap xargs and sed or awk around /etc/passwd for that

xtile: yeah, I could do with libxo support in pw too and then I'd be a very happy camper

dch: pw user show -Pa

You can do it for all users.

xtile: TIL! awesome

thank you. they are what i was looking for

:D

ok xclock doesn't work, and `xset -q` doesn't either

maybe I can ssh to my laptop and test locally

i think it has a bug

some progress, I needed to fiddle with xhost | xauth and now I can (over localhost ssh) launch xclock

ooh and xclock, albeit missing clock hands

missing clock hands? that's amusing, but also an "oh no" moment

I wonder if -render vs -norender has any effect on the hands

maybe its related to `Warning: Missing charsets in String to FontSet conversion`

ok, I switched to a different server, and this all works, so *something* is not right on 1 server

after restarting x on the desktop, then running on my laptop `xauth extract - $DISPLAY | ssh $desktop xauth merge -` , I can start X programs finally

once I tried this at home, I found that firefox is apparently just too much work to display, which seems a surprise

:D

aha

dch: thin client?

pertho: more shitty laptop and even shittier tethered internet

yikes

mm running firefox on my arm64 server over X11 forwarding is a pretty reliable segfault

all I wanted to do was reset firefox sync so I could send a couple of tabs through

and it turned into a half day yak shave

opensource.txt

;-)

patches welcome (tm)

although last week, I did get ipv6 working, a very valuable yak shaving that was

Oh, nice. I miss having IPv6.

next step is to figure out how to give an ipv6 to my workstation, and then I can finally remove ssh-over-ipv4 from all servers

with a bit of extra effort I might even remove all non-customer-facing ipv4 sockets entirely

ipfw nat64 \o/

debdrup: not really sure I want to deal with that atm, I just want to give 3 machines here a proper ipv6 address, and let that get through the routert

dch: then nat64 isn't for you

that is my thinking exactly :-)

what is IPv6?

all the places I worked, no one used IPv6.. weird, I know

"What is IPv6" "A miserable pile of secrets"

I think around 20% of peak rate traffic is IPv6 nowadays, only a few decades after its introduction.

Most of it's from phones, isn't it

I love IPv6 though

Do the endpoints matter?

I mean, if it's mostly from phones, it means not enough people have IPv6 at home.

I've never had IPv6 at home.

only when connecting to a VPN

I'd had it for years, back in Florida. But my provider here in Washington state doesn't provide it at all ;_;

It's really useful

Means you don't have to deal with portforwarding garbage with your router, when running servers.

NAT sucks

also means all your networking equipment now needs firewalls

That's fine.

(which is should already.. but still)

Exactly!

So there's no difference, since you've already configured your firewall.

most users don't know how to configure a firewall

But now you can run servers freely, since IPv6. ;D

true

block drop all

dch, Across the LAN I can use "ssh -X olddesktop" from new desktop and run Firefox acceptably slow but good enough to log into web sites that I haven't moved cookies to the new desktop yet.

I would not do that across the Internet WAN unless needing something for a paying client on the other coast and a nice cuppa tea with calming music in the background to patiently work through it though.

Latency is everything when throwing an X display across the network.

rwp yeah this is what I learned today. BTW brow.sh | freshports.org/www/browsh is in ports.

Title: Browsh

awesome appt

dch, browsh is a new one for me! Thanks much for mentioning it. It handles Javascript?! Excellent!

Up until now I only knew of edbrowse handling Javascript and edbrowse has a certain appeal but it is definitely not mainstream.

Beastie looking devilish :D

ein?

To my eye it looks like a "blobfish".

rwp: No no, this is a blobfish: i.imgur.com/enuJpdX.png

lol

(the OpenBSD version)

The face is Meatwad from the cult adult animation series Aqua Teen Hunger Force (youtube.com/watch?v=BJNGbC8CunU)

Title: Aqua Team Hunger Force season 1 Best Moments - YouTube

Probably getting fairly off-topic here.

Trying to make a new and improved version of freshports.org

Good luck with that then.

Thought I needed some fancy art to go with it but on second thought, maybe not

Thanks

I'd think programming the entire site would be more important, but that's just me.

bsdports.org not really working right now though

Title: BSDports | OpenBSD, FreeBSD, NetBSD & macOS

(due to those damn websockets)

debdrup: Exactly!

dch, Looking at browsh in more detail it seems less than awesome. It requires Firefox be installed and uses it headless for the work. It requires a terminal with mouse support. Neither of which I normally have over ssh to a remote headless server system.

So... Not so useful after all. I guess edbrowse, odd duck that it is, remains the only available option.

dch: re:browsh thanks... but that "Unsupported Version \ Donate" watermark is lame...

why is it not supported? because it's built by the ports cluster?

What's a ports cluster?

ah

typing this in kiwiirc

in Firefox

and the big bit

undrr Valgrind