00:01:36 with `pkg+httpd://pkg.FreeBSD.org/${ABI}/latest` as url? 00:05:23 I think i had it at quarterly 00:05:27 i'll check once it finishes 00:07:53 quarterly vs. latest is a trade-off. Not all port maintainers request merging security fixes into quarterly, thus latest can be safer. But there's a lot of churn in latest. 00:11:09 http://static.jimkeener.com/Screenshot_2023-01-17_19-10-26.png 00:12:00 http://static.jimkeener.com/Screenshot_2023-01-17_19-11-38.png 00:12:42 I'm not sure why there's a mismatch? 00:13:33 or what to do about it? 00:15:06 nvm, i think i forgot the second freebsd-update install after rebooting 00:16:56 sounds like some error there. 00:19:04 :( 00:19:15 so pkg update and pkg upgrade don't have anything to do 00:19:25 the error about the kernel version isn't there anymore 00:19:37 but there's still a whole bunch of things that complain about libraries 00:19:50 vim for instance still says that it can't find libncurses.so.8 00:20:35 pkg show ncurses says it has libncurses.so.6 00:21:44 but pkg install vim installed it and didn't say it was upgrading or anything and it works? 00:22:06 Maybe better:/ get list of installed packages, delete all packages, 00:22:18 install packages from list 00:22:29 let’s see 00:23:12 `pkg query -e '%a = 0' %o > my_installed_packages_not_automatic` 00:25:37 hmmm... I do a `pkg backup -d pkg_db_backup` too. 00:26:07 theoretically no changed configuration files should be deleted. 00:26:34 unknown command backup 00:26:38 theoretically… ;-) 00:26:44 it's running 1.19.0 00:27:18 my pkg is still 1.18.4 00:28:17 I really should have took a snapshot before I embarked on this 00:28:23 than I do backup most in /etc/ /usr/local/etc/ 00:29:14 ah, looks like past me was nice to me and has it automatically snapshotted each week 00:29:22 than I stop sendmail, than fetchmail, then I set set fetchmail_enable to nNO in /etc/rc.conf 00:29:52 than stop imapd apache24 mysql-server all via `service somedaemon stop` 00:30:04 so what should I do with the installed not automatic packages? 00:30:16 than `pkg delete -afy` 00:31:15 than some rm of `/var/db/pkg/local.sqlite*` 00:32:08 and then? 00:33:40 some checks, it seems. But I think more or less `pkg install -y someport` 00:34:00 pkg install -y `cat my_installed_packages_not_automatic` 00:34:15 or maybe the \n are not OK: 00:34:35 pkg install -y `cat my_installed_packages_not_automatic | tr '\n' ' '` 00:34:51 sometimes the pkg names seem not to be ok? 00:34:54 wait 00:34:58 ok, it's doing a thing 00:35:01 there was somethig.... 00:35:04 i removed things like php56 00:35:34 Ah. No: that command did list them including cathegories 00:35:34 I just sent it through xargs 00:36:36 If you invoke a pkg for each package, nothing can be optimised, all checks must reoccur. If you call ONE instance of pkg it will faaaaaaaaaaar faster. 00:36:54 xargs passes all of them at once to pkg 00:37:03 ok 01:06:10 did it work? (or still ongoing?) 01:17:30 Kalten, I think it's back and working 01:17:44 jolly good! :-) 01:17:58 I had a minor detour because I thought a service was on it, but I had moved it off it seems 01:18:00 a while ago 01:18:04 * gp5st faceplams 01:18:20 but yeah, after reïnstalling all the packages it seems to be working 01:18:23 Thank you so much 01:19:22 ;-) 01:27:38 gp5st: just being nosy: from where do you come from? (I am from Austria (in the middle of Europe)) 01:55:19 Is Wireguard really all it's cracked up to be? If I have to choose between gre and wireguard, what's the best choice? I am seeing a lot of fans writing about it, but haven't found anything about it on FreeBSD yet, aside from the ports of course. 02:33:43 ghoti: I think so, but i've only been running it for four years. GRE isnt a real choice since its not encrypted. (If you need to use GRE you would use it and not bother with wireguard, but there are better lan to lan protocols these days) 02:35:10 nacelle: I'm connecting to a third party that has given me the choice of wireguard, gre+ipsec or sit, which I think is an unsupported fortinet thing. I guess .. it's time to try out wireguard. :) 02:35:25 Should I be looking at the kmod? 03:05:23 there should be a metapackage 03:05:57 wireguard-kmod and wiregurad-tools 04:10:46 I dont see why you wouldnt try wireguard first there - presuming you want the highest throughput 04:19:08 nacelle: hence my question -- I haven't used wireguard before, so I want to know if it is stable. :) I have been using OpenVPN for maybe a decade, but that isn't an option.. 05:55:03 stable on other OSes, becoming so on FreeBSD... -shrug- 05:55:11 its not much code 05:55:30 (relatively) 07:17:01 ghoti: ipsec has a bunch of knobs you can turn that may affect your security (including the ability to have an ipsec tunnel with no encryption whatsoever). wireguard has no such knobs, so there's less stuff that you can break as the end-user configuring the tunnel 07:18:58 regarding wireguard on freebsd specifically: there _was_ that snafu a few years where netgate paid someone to implement wireguard for freebsd but the implementation was garbage and it almost made it into freebsd 13 07:19:24 but that didn't happen, and (as far as i know) wireguard's creator actually got involved to write the implementation that _did_ make it into freebsd 07:20:57 so i'd expect it to work fine 09:26:09 ghoti: I use wireguard in production (with heavy traffic) since a year and it works like a charm 09:26:24 (on both 12.x and 13.x) 09:33:44 mage do you know what you get in perf, comparing direct vs wireguard? 09:34:07 I'm getting over zerotier ~ 2/3 of line capacity, which is good enough for my needs 09:58:38 anybody familiar with ssh X11 forwarding? I need to start firefox on my desktop, while seeing it on my laptop. for $REASONs 09:59:08 I'm doing `ssh -A6X dch@wintermute` because its an ipv6 vpn 09:59:54 then `echo $DISPLAY` shows `localhost:10.0` which seems sensible 10:00:56 then running `firefox` just hangs 10:02:28 I can't even ^C or ^Z in the remote ssh 10:03:03 Have you tried it with -Y rather than -X ? That's usually the first thing to try. 10:03:57 I just found that, same non-result 10:04:01 * xtile nods. 10:05:15 interestingly, if I run firefox inside a tmux, I still lose kbd control. maybe time for running ssh with -vv to see whats up 10:09:26 debug1: Requesting X11 forwarding with authentication spoofing. 10:09:26 debug2: X11 forwarding request accepted on channel 1 10:09:33 that seems ok 10:09:39 maybe I should try something simpler 10:11:02 something like xcalc is a simple choice 10:14:25 can i have a user summary like adduser? 10:16:11 `timeout 1s xset q` fails, so we are clearly not finding the local X server 10:16:34 micttyl: can you be a bit more specific? dump out a list of users, in the same format as adduser ? 10:17:55 the /etc/passwd file is world-readable and contains everything except group info, which is /etc/group 10:18:13 human readable summary. 10:19:18 scripting is not the solution i am looking for if you may answer like so 10:20:41 how about `pw usershow $USER -P` ? 10:20:54 I think that's almost exactly what you want 10:22:00 huh, neat, useful 10:23:44 micttyl there's no builtin way to do this for all users, so wrap xargs and sed or awk around /etc/passwd for that 10:24:03 xtile: yeah, I could do with libxo support in pw too and then I'd be a very happy camper 10:24:05 dch: pw user show -Pa 10:24:11 You can do it for all users. 10:24:22 xtile: TIL! awesome 10:26:03 thank you. they are what i was looking for 10:26:12 :D 10:27:46 * dch high-fives xtile 10:28:11 ok xclock doesn't work, and `xset -q` doesn't either 10:28:22 maybe I can ssh to my laptop and test locally 10:29:59 i think it has a bug 10:46:02 some progress, I needed to fiddle with xhost | xauth and now I can (over localhost ssh) launch xclock 10:47:12 ooh and xclock, albeit missing clock hands 10:47:48 missing clock hands? that's amusing, but also an "oh no" moment 10:48:03 I wonder if -render vs -norender has any effect on the hands 10:50:44 maybe its related to `Warning: Missing charsets in String to FontSet conversion` 10:53:11 * dch tries xterm next 11:02:07 ok, I switched to a different server, and this all works, so *something* is not right on 1 server 15:41:54 after restarting x on the desktop, then running on my laptop `xauth extract - $DISPLAY | ssh $desktop xauth merge -` , I can start X programs finally 15:42:23 once I tried this at home, I found that firefox is apparently just too much work to display, which seems a surprise 15:43:10 :D 15:43:18 aha 15:43:55 dch: thin client? 15:44:17 pertho: more shitty laptop and even shittier tethered internet 15:44:29 yikes 15:48:14 mm running firefox on my arm64 server over X11 forwarding is a pretty reliable segfault 15:48:33 all I wanted to do was reset firefox sync so I could send a couple of tabs through 15:48:42 and it turned into a half day yak shave 15:50:15 opensource.txt 15:51:01 ;-) 15:51:07 patches welcome (tm) 15:51:30 although last week, I did get ipv6 working, a very valuable yak shaving that was 15:51:55 Oh, nice. I miss having IPv6. 15:51:58 next step is to figure out how to give an ipv6 to my workstation, and then I can finally remove ssh-over-ipv4 from all servers 15:52:48 with a bit of extra effort I might even remove all non-customer-facing ipv4 sockets entirely 16:05:57 ipfw nat64 \o/ 16:09:46 debdrup: not really sure I want to deal with that atm, I just want to give 3 machines here a proper ipv6 address, and let that get through the routert 16:10:11 dch: then nat64 isn't for you 16:10:20 that is my thinking exactly :-) 16:11:22 what is IPv6? 16:11:28 * pertho grins 16:11:53 all the places I worked, no one used IPv6.. weird, I know 16:14:36 "What is IPv6" "A miserable pile of secrets" 16:15:26 I think around 20% of peak rate traffic is IPv6 nowadays, only a few decades after its introduction. 16:15:46 Most of it's from phones, isn't it 16:15:51 I love IPv6 though 16:24:46 Do the endpoints matter? 16:26:48 I mean, if it's mostly from phones, it means not enough people have IPv6 at home. 16:54:53 I've never had IPv6 at home. 16:55:04 only when connecting to a VPN 16:55:48 I'd had it for years, back in Florida. But my provider here in Washington state doesn't provide it at all ;_; 16:55:55 It's really useful 16:56:07 Means you don't have to deal with portforwarding garbage with your router, when running servers. 16:56:15 NAT sucks 16:58:44 also means all your networking equipment now needs firewalls 16:58:59 That's fine. 16:59:08 (which is should already.. but still) 16:59:14 Exactly! 16:59:40 So there's no difference, since you've already configured your firewall. 16:59:57 most users don't know how to configure a firewall 16:59:58 But now you can run servers freely, since IPv6. ;D 17:00:02 true 17:00:27 block drop all 17:23:09 dch, Across the LAN I can use "ssh -X olddesktop" from new desktop and run Firefox acceptably slow but good enough to log into web sites that I haven't moved cookies to the new desktop yet. 17:24:50 I would not do that across the Internet WAN unless needing something for a paying client on the other coast and a nice cuppa tea with calming music in the background to patiently work through it though. 17:25:13 Latency is everything when throwing an X display across the network. 18:06:32 rwp yeah this is what I learned today. BTW https://www.brow.sh/ | http://freshports.org/www/browsh is in ports. 18:06:33 Title: Browsh 18:06:40 awesome appt 19:32:06 dch, browsh is a new one for me! Thanks much for mentioning it. It handles Javascript?! Excellent! 19:32:09 Up until now I only knew of edbrowse handling Javascript and edbrowse has a certain appeal but it is definitely not mainstream. 19:41:27 https://i.imgur.com/1pcszai.png 19:41:33 Beastie looking devilish :D 19:43:23 ein? 19:53:38 To my eye it looks like a "blobfish". 19:58:08 rwp: No no, this is a blobfish: https://i.imgur.com/enuJpdX.png 19:58:09 lol 19:58:15 (the OpenBSD version) 20:00:27 The face is Meatwad from the cult adult animation series Aqua Teen Hunger Force (https://www.youtube.com/watch?v=BJNGbC8CunU) 20:00:28 Title: Aqua Team Hunger Force season 1 Best Moments - YouTube 20:00:50 Probably getting fairly off-topic here. 20:01:06 Trying to make a new and improved version of freshports.org 20:01:24 Good luck with that then. 20:01:25 Thought I needed some fancy art to go with it but on second thought, maybe not 20:01:27 Thanks 20:02:00 I'd think programming the entire site would be more important, but that's just me. 20:02:02 https://bsdports.org/ not really working right now though 20:02:03 Title: BSDports | OpenBSD, FreeBSD, NetBSD & macOS 20:02:10 (due to those damn websockets) 20:02:21 debdrup: Exactly! 20:07:36 dch, Looking at browsh in more detail it seems less than awesome. It requires Firefox be installed and uses it headless for the work. It requires a terminal with mouse support. Neither of which I normally have over ssh to a remote headless server system. 20:07:42 So... Not so useful after all. I guess edbrowse, odd duck that it is, remains the only available option. 20:08:50 dch: re:browsh thanks... but that "Unsupported Version \ Donate" watermark is lame... 20:25:11 why is it not supported? because it's built by the ports cluster? 22:31:13 What's a ports cluster? 23:17:49 ah 23:18:10 typing this in kiwiirc 23:18:21 in Firefox 23:18:28 and the big bit 23:18:34 undrr Valgrind