Hello.

rwp: I hear ya, but the old-school traditionalist in *me* would have used nslookup and awk, none of this newfangled `dig` stuff. ;) Why would you pick `host` over `dig` at this point, btw?

I just like the simpler format of the bind9 host format as being easier to work with generally.

Unfortunately there is a util-linux host (or something elsewhere) that has a somewhat different host command. Gack.

I have never really liked nslookup's format which I find rather more difficult to work with and so am personally definitely not attached to nsslookup.

But in FreeBSD I thought instead of dig it was "drill baby drill" and I haven't ever yet used drill myself yet. :-)

As long as we are talking about this topic I'll mention "getent" which looks things up like gethostbyname(3) does using nsswitch.conf and all.

Try "getent hosts example.com" for example.

That's not apropos for your task of looking up pure DNS TXT records. But for gethostbyname(3) for host addresses it does lookup through /etc/nsswitch.conf so that is useful for that reason.

check local /etc/, then check nis+ tables on network, then check dns, nsswitch.conf had purpose back in day anyway... files nis+ dns was sweet...

resolv.conf nsswitch.conf combo

i had sweet 500 sun boxes spread over 9 floors 3 buildings, you could log in anywhere get unique desktop..and this was before winnt3.51

nis+ nfs made it all possibe

before freebsd or netbsd or openbsd..old ass tech....solaris 2.x tech..1991 and such

moving /etc onto the network yp/nis nis+

the network is the computer mantra

rwp: I always like to make things portable if I can, and I believe nslookup is more universally consistent than host. I like FreeBSD's host better too, but I started with nslookup, so it's not uncomfortable.

And yes, getent is great, just not for this task. :)

ghoti, Since I install bind-tools that's the same host command as with bind9-host that I install on Debian/Ubuntu/etc systems. So for me it is actually extremely portable.

And I just went looking and it looks like the other one I mentioned that was different has now departed the scene on Debian. So I guess I don't need to worry about it anymore.

When I worked on legacy Unix systems such as HP-UX they never had dig natively installed. It was only installed if I had installed it myself.

And so I fell into the routine of having host on those systems but no dig.

With nslookup example.com | awk '/^Address:/{print$NF}' one has to strip out the first address line which is the nameserver address line. Annoying!

I know I can | awk '/^Address/ && NR != 2 {print$NF}' to avoid it but I still find it an annoying format.

But I can see the argument that nslookup is pretty much always available.

nslookup isnt a thinkg its either drill or host

or you have bind-tools installed

Only getent and drill are in core. The others are all in ports.

do a which host

and rephrase

Let me phrase it like this bsd.to/4ZTS/raw

Title: 4ZTS

drill?

didnt know of that one

rtprio: we've had it since switching to unbound in base

i just wish freebsd had iproute2

its the one thing i think linux got right

what's wrong with ifconfig?

its a very weird interface by comparison. soon as i knew about `ip` i switched and havent regretted it, but now on bsd it feels like going back to the dark ages

i havent tried firewalling on freebsd yet so cant speak for how that compares to nftables, but lartc.vger.kernel.narkive.com/IdY05qwn/iproute2-in-freebsd

Title: Iproute2 in FreebSD

"21 years ago"

ah, no wonder it references iptables :D

"Ipfw has less bugs and more documentation as IPROUTE2." I think by now, iproute2 is well documented, and I'm sure it didn't take 21 years

ixmpp: a BSD ifconfig can do everything that ip addr, and ip link can do. it also can be used to configure WiFi. and it can be used to read almost the entire state of a network device. something that on Linux people read Kernel virtual files in /sys/class/net/<dev>/*

it can, but ifconfig (while still being around on linux) is just not used on linux, because `ip` is just unarguably a better interface

not saying it's got more features, i just wish freebsd would adopt the interface

yes, but: Linux ifconfig and BSD's ifconfig are just named the same. they're not even close in category of tool

BSD's ifconfig is much closer in interface to Linux ip link and ip addr. the only difference is that ip route is a separate beast

huh, it has been a while but it seems to behave similar, at least

but yeah i noted having to go back to `arp` and friends, too

first off: the output is completely different, and always has been

undoubtedly, but when i run ifconfig in both, looks pretty similar to me, and pretty different to the `ip a` output

ifconfig, by default, is ip a + ip link

the manpages do reveal more of the differences though

i wonder if i'll ever like this over iproute2...

🤷🏻‍♀️

it's a solid interface that's been kept backwards compatible for decades.

that emoji is "decomposed" for me :)

It'd be pretty difficult port iproute2, because it's bound to be highly Linux specific. And while we have a lot of APIs (or KPIs) implemented from Linux, i don't if it's the right ones to just port iproute2

and regarding nftables.. what's the status? last time I checked it it was still in development

otoh, it would make more sense to do a clean room reimplementation for FreeBSD's native APIs, since the code is probably GPL, so we couldn't bundle it in base

yuripv: emojipedia.org/woman-shrugging-light-skin-tone

Title: 🤷🏻‍♀️ Woman Shrugging: Light Skin Tone Emoji

and regarding firewalls pf on FreeBSD is vastly superior to iptables

mage: should be fairly usable

mage: well… except for: bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717

Title: 268717 – [pf] rdr rules don't work for traffic originating at localhost

Yay for peepee games

mage: nftables is "done" :) been using it some tim now, it's such a breath of fresh air over iptables, and there are compatibility layers, for stubborn programs

mage: what about ipfw?

I haven't used ipfw so can't comment

and pf on openbsd is vasely better than the one in FreeBSD

who cares just use the one thats suites you

true

hard to judge without having used both for a while

but i assume pf is closer to nft

meena: yeah, I see a "man-shrugging", light rectangle, and "woman" sign; wonder if it's irssi not built with utf8proc

except when you need it to use more than one CPU: openbsd.org/faq/pf/perf.html

Title: OpenBSD PF: Performance

yuripv: I thought it's person-shrugging

openbsd isnt meant for speed

should of been your first read rather that one

meena: ipfw fan i take it

yuripv: which terminal are you using it in?

windows terminal

😱

ixmpp: on the contrary :D

jesus christ these OS wars are stupid

ixmpp: it seems whichever thing you start with in FreeBSD, you just stick with, forever. I started with pf

huh

ok

i like how you can have a relatively decetn fw using 6 options in rc.conf

yuripv: weird, but might be because of mismatch between UTF-8 and Windows UTF-16

I wonder if you can tell Windows terminal to expect UTF-8, or irssi to translate to UTF-16

and then, it might just be that you need fonts which can display the full range

meena: nah, i'm using ssh to freebsd box from windows terminal, so essentially it should be "xterm-256color", and likely has to do with FreeBSD's ctype data

so, does anyone know if IPFW can do this: bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717 ?

Title: 268717 – [pf] rdr rules don't work for traffic originating at localhost

so this is something that iptables and nftables can do, and is frequently used in container setups

(just from the name, i would expect: no)

(speaking of names: NFTables has to be retroactively the worst name ever)

hindsight 20/20

why?

NFTs

ok, so every few days when my laptop is idle (screensaver + monitors on standby), xorg will delete all the input devices. i can't recover w/o restarting xdm/X11. termbin.com/fh1k any ideas?

meena: even with a single core, openbsd's pf out performs freebsd's.

so why r ppl still using fbsd?

because they can and want?

R cause are is too hard

Always thought evinput adds and removes on the fly

imhaveto get go gone now

dont forget!

www.freebsddiary.org

...

Old as hell haven’t heard that site in a long time it’s just like defcon1

zfs question: is there any benefit in scrubbing SSDs?

<insert_religious_arguments>

4 4 2 1 1 1 0

No ssd don’t need that

alright, thanks

I was thinking... is there any chance of 802.11ax working on freebsd?

Someone is working on adding WiFi features, but I don't know the specifics or the timeline.

Adrian as far as I know is our only Wi-Fi guy so

freebsd.org/status/report-2022-10-2022-12/#_wireless_updates says 11ac.

Title: FreeBSD Status Report Fourth Quarter 2022 | The FreeBSD Project

yeah... i need 11ax

i think im gonna wait some time haha

In the bsd world good luck with wanting what you want without taking the initiative to help out

So factors will make wifi degrade regard

Less

Since the FreeBSD Foundation is sponsoring work in a related area, maybe get in touch with them and ask whether/how you can help make 11ax happen?

V_PauAmma_V: yeah, ill do that

jbo: scrubbing is the only way to check every single block (mirror, stripes with distributed parity, or ditto).

debdrup, sounds like scrubbing an ssd pool makes sense then

jbo: all pools should be scrubbed.

debdrup, I know this is an open question but to get a bit of a reference/feeling: how often would one want to scrup a pool?

like once per day? once per week? once per month? ...?

jbo: the default in FreeBSD is a threshold of 30 days; meaning once 30 days has passed since the last scrub, another will be triggered automatically. This is handled by periodic(8).

llua: I'm gonna ask you to prove that.

debdrup, thank you

Question for anyone here: Have you ever deployed Web servers (with PHP) on FreeBSD and if so, do you find they perform any better or worse than Linux? The security benefits from jails are good to consider, but in terms of performance, has anyone done something like this?

I'm sure you can find benchmarks that're immediately invalidated by having no mean, median and average values, along with data confidence intervals and student t's.

pertho: why php tho

why python tho

why all that shit yo

myappie: because some people run PHP web apps (not my personal choice, but required by $DAY_JOB)

FreeBSD is said to have better latency, which can result in better performance, depending on usage of the webserver, how many php script are run and such

for sho

pertho: what issue are you trying to solve?

but you could still put in some effort to convincing your boss to rewrite from scratch

if u want, i can help u do it in ruby on rails right now

it's fucking *perfect*

*kiss kiss*

myappie: XY problem.

debdrup: PHP under heavy load/contention.. if you have multiple forked php-fpm children contending for resource.. does FreeBSD do better in that aspect?

shit im late for an appointment

brb

pertho: I don't imagine the difference is big enough to matter.

Linux is horrible under heavy load.. almost unresponsive

FWIW, I've never had a FreeBSD system buckle under load, despite having load averages of +500 on occation when I've done something incredibly ill-advised.

just wondering if anyone else has had experience setting up "FAMP" stacks (instead of "LAMP") and if they've done lots of sysctl tweaking, etc

pertho: I'd suggest setting it up, and if you run into issues, rootcause and address them one by one, instead of trying to out-guess it.

If the website contains a lot of dynamic elements, you can always put varnish in front of it.

yeah varnish does save a lot of messing around

It depends on the site.

If you've got an entirely static site, varnish won't do anything for you.

Well, no more than a regular http cache will.

yeah I know that

the best sites are those done without any PHP or Database.. static site generation for the win :D

Somme of the biggest sites in the world are built on php with varnish in front of them, though.

but, apparently people are stuck in a 10 years ago paradigm

I don’t scrub my zfs pools I do scrub the pool that’s backed by old school drives though

Pretty much causing premature ware when the sad is more than capable of doing that with its firmware

Read endurance isn't really a thing on modern SSDs, though.

Write endurance is, but scrubs don't involve writing.

And if you want good write endurance, you're already paying for drives with DWPD ratings - which most consummer disks don't have.

plasma: that oft-repeated claim doesn't really mean anything - because it never mentions what latency is being measured. It can be disk latency, network latency, application latency - and all of those are affected more by delta and in particular long tail latency than people often think, especially if you're dealing with something that ends up being transported over TCP.

scrub is write op?

It's conceivable that disk latency might be lower because FreeBSD doesn't have block devices - but that's a dubious distinction, because block device are fundementally the wrong way to go about disk I/O.

ketas: what about what I said gave you that idea?

cpet had it

Well, it isn't.

i've always assumed zfs scrub is read

Thought I had this fool on ignore

There we go

Scrub checks the drives for issues

Which in theory is not good for ssd

reading from ssd causes slight loss of cell charge iirc

but that's all

Well it’s my opinion and it’s what I do so bleh

yo what is varnish yo?

ketas: can I had some of that 181GB ?

i would still scrub the ssd

i know setupz like openbsd's relayd

and like this new thing, falcon

instant http/2

Wrong channel then

is varnish something like that?

But varnish is a cache system

cpet: oh no we all one fam, fam

and write is kind of...

aaaah i see

that makes sense

Varnish isn’t a proxy it’s more of a cache

But you can set it to use back ups and fed to x if y is down

i don't have myself

So yeah I guess it’s a proxy as well

so i can't give it to you

Ok

SCSI?

Varnish is a dynamic HTTP accelerator, meaning it helps speed up elements of a webpage that change often.

It won't do anything for static elements that a normal HTTP cache doesn't do.

pertho: you can tweak zfs to run on a gig of ram

Nice! reviews.freebsd.org/D38193

Title: ⚙ D38193 rescue: Add fetch(1)

Despite my system having 32 gigs of ram I still teak it

meena: ooo.

And I blame ketas for that

kewl

well

socketry.github.io/falcon is a little bit ahead of its time

Title: Falcon

giving up trying to make it work on my setup

prolly have to wait 1-2 years for things to mature

its concurrency model is supposedly radically different from anything else such as www.puma.io or unicorn or whatnot

Doesn't really have anything to do with FreeBSD.

fuck yeah

its for freebsd servers mayne!

any kinda server really

but

runs best on freebsd and we all know it :)

falcon is a lil bitspecial tho from what i gather, its the kinda tech we'll be seeing in a couple of years from now

that will be commonplace

like bye bye gz compression

hello broccoli!

i mean brotli

freebsd.org/status/report-2022-10-2…onsole_screen_reader_infrastructure This is the first I'm hearing of this, and it seems super neat.

Title: FreeBSD Status Report Fourth Quarter 2022 | The FreeBSD Project

It definitely is. Earwitness here. :-)

:)

VimDiesel: yo whens the next vin dieselmovie

riddick in particular, man that first riddick movie was like the first alienmovie-- timeless!

cpet tweaks because me

Hi, is there an official freebsd image for docker? I want to run an freebsd container on top of Linux

No

wiki.freebsd.org/Docker#:~:text=Doc…20official%20docker.io%20repository.

Title: Docker - FreeBSD Wiki

Ugly but enjoy

cpet: seems like trouble

docker? install freebsd, set up a jail instead

done

drg99: Running it in a virtual machine is pretty viable.

any guess as to why my system inits a shutdown when i remove ac power? i've disabled any and all suspend crap that i can find

idwer: I already have a Linux machine

reppard: That's a puzzling notion. You pull the power cord and it stays up long enough for a graceful shutdown, or the start of one?

it looks like its a graceful shut down as far as i can tell

reppard: sounds like an ACPI trigger

this is on a laptop-style machine, I presume

idwer: it is

i was fishing through sysctl -A | grep acpi but nothing stood out

reppard: docs.freebsd.org/doc/6.2-RELEASE/us…/share/doc/handbook/acpi-debug.html

Title: Using and Debugging FreeBSD ACPI

ASL afaik has fallthrough cases in its switch construction, so when an OS is advertised as non-windows (or non-linux) firmware can't instruct the OS to switch to battery mode

(something like that)

ty i'll give that a read

it almost seems like removing AC triggers an S5 suspend state event

... what does "ASL" mean in that context?

ACPI Source Language

Thanks.

it just made me think of irc circa 1994 (a/s/l)

ah there, docs.freebsd.org/en/books/handbook/config/#acpi-overview

Title: Chapter 13. Configuration and Tuning | FreeBSD Documentation Portal

"Old enough to know better/Not lately/At my computer" :-)

drg99: FreeBSD has its own kernel and userland, it's not meant to be peacemeal on top of another kernel.

Oh, and its own libraries.

cccccbedrknjveneiiklbgdvkelfcnjitbdtickjttcb

excellent

Hi, kitty!

Hello, cat.

that cat looks suspiciously like a Yubi key

Yubi cat?

What a maroon pastes his key on irc

Baha

Must be coconuts to do that.

cpet: it's a one time key that's valid for 90 seconds, and gets triggered if you touch it, whether you mean it or not

meena, I have no idea what you're talking about ;-)

meena, trying to setup a yubikey under FreeBSD for the first time. the CLI seems to work but the GUI seems to have some problems. does anybody use the yubikey-manager-qt package successfully?

cpet, I'd be that moron. I do feel like the stupid touch interface shares some blame tho :p

I think i did, but it's been a while, and I've bricked that laptop since

lol

well, not really bricked, just completely busted with an upgrade

although I would blame PkgBase

just boot from your previous BE ;-)

bectl <3

yes, see, that's exactly how i busted it, by not creating one, before running the upgrade

well, then I don't know what to say anymore (at least nothing that wouldn't sound like a snarky sarcastic comment)

afaik -RELEASE automatically creates a BE on freebsd-update tho.

nope, you need to uncomment the last line

also, PkgBase doesn't incorporate bectl yet, which, honestly, it should, but i don't know how to make it do that

hmm, I could swear that I have some hosts running 13.1-RELEASE which do create the BE automatically (these have been freshly installed from the 13.1-RELEASE image tho, not upgraded from previous major versions)

not sure what PkgBase is, need to read up on it.

Title: Unofficial FreeBSD pkgbase repository

uhm... so it's just another binary repo?

One that unifies base updates and packages.

(And maybe base initial installs in the future, if I read it right.)

bsdinstall needs to be extended to support it

hi, I need to connect to a RealVNC server (running on Windows), from a FreeBSD 13.1 workstation

I

I'm using tigervnc viewer and get "CConnection: No matching security types"

Does anyone know a VNC viewer capable of connecting to RealVNC?, from freebsd?

Tiger should

cpet: I've been reading about this and it looks like RealVNC uses "VINO" encryption, that's not supported by tigervnc.

Realvnc should be in ports

I just run my vnc with no security

are you sure?, I couldn't find it

cpet: yes, I also run VNC without security, but this time I don't control the server.

Oh that’s the legit one not the open source one

Run it through wine should be simple enough to run fine

cpet: I did try, but doesn't work

Tried what ?

cpet: realvnc client through wine

cpet: it opens, but when I double click on the connection it does nothing.

Get a azure free client install real and have fun

Cancel when done

This is when I laugh when I see ms haters

cpet: yes a could do that.

They offer free accounts to try but only the cheapest tier but you don’t need a main frame to run realvnc client

Or you can tell the dewd to run tiger

Hello sir can you run this program for me

i thought realvnc was in ports

but you can back off the security of the vnc server

you can download the linux realvnc and try that

i guess they don't have the java viewer anymore

I'm doing some searching right now and coming up with ipfw only options, is there a pf-based approach which would allow for bandwidth limiting on a particular port or interview?

er, interface*

man pf.conf and read the part about queueing.

(If you haven't already.)

rtyler: dummynet works with both ipfw and pf in -CURRENT

debdrup: how's bout 13.1-RELEASE

V_PauAmma_V: I sees it, thanks

rtyler: see previous message for answer.

Package queueing is more for ensuring a specific type of traffic is always guarented to have the bandwidth it needs (the best example is as VoIP, which uses small packets and doesn't generate a lot of bandwidth, but needs it to always be available).