just spent a bunch of time trying to get mate installed for a graphical desktop in a VMWare FBSD host.

that did not go well.

I am sure there's a trick to it

was using this for inspiration

Title: FreeBSD as a Desktop? Here's How! - YouTube

I use desktops as such a simple commodity that the difference between Mate and other desktops for me is insignificant.

Therefore if Mate is difficult I would just install one that installs easy like XFCE and use it instead.

Full disclosure though is that I am not running a Desktop Environment at all but just a plain window manager. Running i3. So I am probably already not understanding the attraction of the heavy DEs.

DrKK`: I have never used Mate. Spent most of my time in gnome2 and xfce, though I also tried to use enlightenment and compiz a while back. I would say .. go with a "known" first, then switch when everything is working.

ghoti, isn't Mate the continued development of gnome2?

"The MATE Desktop Environment is the continuation of GNOME 2."

Why yes it is!

Title: MATE Desktop Environment | MATE

MATE is well done DE.

I figured out today it lacks the ability to reverse the directon of two finger touch pad scrolling.

It defaults to backwards.

is there a easy/auto way to get portmaster to build php80 pkgs from my installed php74 ones?

"vfs.zfs.arc_free_target" takes number of pages. So how do I find how many bytes are in a page? I am amd64 system

"sysctl hw.pagesizes" (not sure which size that is, of the 3 this returns.)

Oh, they left. Never mind.

it only returns 2 on i386

1Gbyte pages in a 4Gbyte memory space would be quite a challenge

so new server, i want to jail each service i run to keep configs and disk space separate. that's 1 IP on my network per jail for the easy config.

Catching up with BSD Now, also nice to see some FreeBSD people at FOSDEM :)

maybe i should listen to BSD Now while doing dishes…

I'm a few episondes behind

i am 2 episodes behind atm /me is catching up

BSD Now?

bsd now and laters

Oh, not the same thing I was remembering.

There was a BSD podcast years ago.

Title: bsdtalk

I was actually a guest on there once.

Is there a way to prevent a script from running other interpreters when being run under sudo ?

sudo is basically a passthrough, it elevates your permission to run what you allow it to run

if you're allowing it to run, it can run however it wants

yeah its a pass through, but was curious if anyone is aware of a way to prevent this particular pass through.

mns: what's your rules look like right now?

the best way... allow a specific script only

meena: the rules are controled, only a particular service account can execute a particular script as sudo. the thing is if I have a script and put something like "bash -i" or "tcsh -i" or even "ksh" it would drop into a shell with root access.

mns: but that's always an issue. it seems easier with scripts cuz they are text that someone can trivially edit, but that's literally what a root shell exploit is

hi, is du command broken on bsd ?

dh -B 512 file

sorry, the output of "du -B 512 file" and "du -B 128 file" is the same

and both is wrong

meena: that's what I figured, that this would be an issue from day 1 of sudo's existence. I was getting pushed back from some folks at work that this is new.

nerozero: the man page does say "Unless in -A mode, blocksize is rounded up to the next multiple of 512." which might explain why the value is the same for both...

zykotick9, value is still wrong

nerozero: sorry, I have no further suggestions. Best of luck.

CrtxReavr: well I'll be darned, you're right, Mate IS the continuation of gnome2. You can tell that it's been a while since I've used gnome2. ;-)

hi fellas, any suggestions for connecting to v2ray, shadowsocks, vmess VPNs on FreeBSD 13.1?

none of the clients I know work on FreeBSD nor are ported

"pkg search v2ray" and "pkg search shadowsocks" both return something. Have you look at those?

the v2ray pkg that pkg search returns is for creating v2ray proxies

I need a client like qv2ray or nekoray that supports the aforementioned protocols

I don't know, then. What OS do the clients you know about run under?

they run under all GNU distributions and windows.

Then I'd try one with the Linuxulator.

somehow I completely forgot about that :[ thanks friend

nginx: [alert] failed to load the 'resty.core' module (github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from openresty.org/en/download.html (reason: /usr/local/share/lua/5.1/resty/core/base.lua:23: ngx_http_lua_module 0.10.22 required) in /usr/local/etc/nginx/nginx.conf:499 -- 13.1-stable, nginx 1.23.3

Title: OpenResty - Download

mns: you can put checksums in the sudoers file too, so that only the exact version of the executable you aprove to be executed is allowed

that's a new one to me

I've used iocage to create a plex jail. I mounted the media via NFS on the host into the jail's path. Once I start the jail I can see the media just fine. Plex, however, cannot. Am I missing something? I don't feel like I'm missing anything.

nimaje: that's interesting with teh checksums, any pointers would be helpful.

mns: so you're saying you'v got a script, #!/bin/sh something and you're worried that someone who runs it under sudo might change the script and get a shell?

rtprio: yes, if someone adds somethign like "bash -i" or "ksh" or "/usr/bin/python" they end up at a prompt with root access.

mns: why do they have read or write access to the script?

it should be chmod 711

Can anyone confirm NFS server and client is an absolute no-go inside a jail?

Trying to avoid mounting from the host as the jails have to sometimes move between hosts and I'd prefer the jail remain "self contained".

Not tied to NFS as the only option, but also not aware of any other simple file sharing protocols that would fit the bill.

spork_css: it doesn't use raw sockets, i don't see why it wouldn't work; are you running into problems?

rpcbind and mountd start OK, but nfsd just dies on startup:

root@test1:~ # /usr/sbin/nfsd --debug -t -h 10.3.2.188

nfsd 78156 - - Can't read stable storage file: Operation not permitted

"stable storage file" is this stuff in /var/db:

root@test1:~ # ls -l /var/db/nfs-stablerestart*

-rw------- 1 root wheel 0 Feb 10 05:48 /var/db/nfs-stablerestart

-rw------- 1 root wheel 0 Feb 10 05:48 /var/db/nfs-stablerestart.bak

And the nfsd startup script bails because the sysctls it tries to set are not settable inside a jail.

Googling suggests nfs just isn't jail-friendly, but never found anything definitive because so many of the answers are from like 10 years ago.

rtprio: apparently no one bothered with that sort of stuff in this legacy setup. should be chown root; chmod 711

nimaje: I found the documentation for checksums. thanks! that will be another layer of precaution on top of what is there.

mns: a sudoers(5) calls it digest check, but comes with the race conditions warning of course "Warning, if the user has write access to the command itself (directly or via a sudo command), it may be possible for the user to replace the command after the digest check has been performed but before the command is executed."

nimaje: yes I see that.

Very odd situation on my host. I'm getting IPv6 addresses which I'm not assigning, not getting the ones I am assigning, and I'm not using dhcp. dan.langille.org/?p=7187&preview=1&_ppp=9ea4108244

Title: Not all aliases are added after reboot – Dan Langille's Other Diary

dvl: it says autoconf, so it's accept_rtadv in your ifconfig line

(a bit different from dhcp :)

yuripv: this line: ifconfig_igb0_ipv6="inet6 2610:1c0:2000:11:c94e:eea5:e1da:c49b prefixlen 64 accept_rtadv"

accept_rtadv says "do the SLAAC", also known as autoconf

dvl, that's conflicting syntax.

In multiple ways.

CrtxReavr: so I am learning. I've removed the accept_rtadv and waiting on the reboot.

with _ipv6, inet6 is inferred. . . so drop it.

Also, you either set a static IP, or you accept_rtadv, not both.

dvl: FreeBSD dhclient doesn't support DHCP6 :(

meena: yeah, on AWS, I was using something named dual_client?

And if you're setting a static IP, then I would set something that's a lot less typing than 2610:1c0:2000:11:c94e:eea5:e1da:c49b, like 2610:1c0:2000:11::2, for instance.

CrtxReavr: I don't need to type it more than once though. ;)

And even then, it's copy/paste. half from my docs, the other half from a random generator

Honestly, I would use SLAAC. . . the IPs are predictable, based on your MAC address.

So long as the infrastructure is there to provide it.

CrtxReavr: I'm in a datacenter. I wasn't told about SLAAAC when they gave the address block and the gateway.

Fair 'nuff.

OK, I removed accept_rtadv from my config. That IP gets assigned, none of the others do.

dvl, this for the pkg cluster, by chance?

dvl: it's awful. it's cperciva's hack to install a current ISC-dhclient, and use that for v6, while using the one in base for v4

CrtxReavr: No, a host acting as a FreshPorts node.

Ahh

i don't understand why we don't burn the one in base and replace it with something from this century (literally. it was forked in 1997)

All my IP4 address have been assigned. But none of the IPv6 aliases

I have this theory about the gateway_enable on this host.. Let me follow that rabbit hole for a bit.

CrtxReavr: I don't have time to contribute to pkg cluster. :)

dvl: any errors on boot? I guess it would/should whine if it can't set the v6 aliases

yuripv: I've been looking in /var/log/console.log

yuripv: Not seeing anything in /var/log/messages either.

I'd try listing v4 aliases first and v6 ones after that

I see I have rtsold_enable="YES"

yuripv: OK, just did that. RIght now, my hopes are on rtsold

Recollection check: packages are only available for -RELEASE (and mayyyybe -STABLE), but never -CURRENT, correct?

rtsold sounds a bit silly.

CAn you ping6 ff02::2%igb0

dvl?

CrtxReavr: Yes, I can ping that, and I've just rebooted without rtsold enabled.

And what IP responded?

fe80::d272:dcff:fec9:75bf%igb0,

so you set ipv6_defaultrouter="fe80::d272:dcff:fec9:75bf%igb0" in rc.conf?

no, it's ipv6_defaultrouter="2610:1c0:2000:11::1"

route -6 add default fe80::d272:dcff:fec9:75bf%igb0 - I THINK to test it without the rc.conf entry

or whatever gateway it is

ping ipv6.google.com ; is the test I use to check it works

ping^

ping68

Well something's working, 'cause I can ping 2610:1c0:2000:11:c94e:eea5:e1da:c49b, so I guess you're good.

I can ping6 stuff out there.

I just can't assign IPv6 addresses via /etc/rc.conf.

dvl, forums.freebsd.org/threads/ipv6-aliases-in-rc-conf.69406

Title: Solved - IPV6 aliases in rc.conf | The FreeBSD Forums

boot_verbose="YES" for starters...

dvl: if you have IPMI on that box (in case everything goes down), i'd also try service netif restart igb0 and see if there are any issues

yuripv: I have IPMI but I was having trouble last night getting there.

if not you could always schedule a reboot in an hour; and then do a netif restart &&copy /var/log/messages to ~/mylog

there's also an rc_debug variable, not sure if it would help to see the commands executed though

I got the ipmi prompt, let's see

dvl, I sometimes find it useful when dealing with likely ancient IPMI interface to use virtualbox to emulate something from the same era to connect to it ... ie6l thank you 3com

I. Got. Root. via IPMI.

daemon: this IPMI is a Dell iDRAC7.

no idea what year that is, but I just find IPMI especially ones based on java or java webstart do better with as VM client to deal with the old :P

java ones usually come (came) from supermicro, idracs are (should be) html5 now, which is a good thing

until we are on html5; it just seems IPMI should be a standard even if its insecure that is locked down from the outer gateways

html6* - my typing is terrible tonight -_-

CrtxReavr: got a warning, inet6 is needed on ipv6 alias.

dvl, yes via rc.conf every line for an alias relating to ipv6 requires its family designation

ifconfig_lo1_alias1="inet 10.0.0.2 netmask 255.255.255.255"

ifconfig_lo1_alias2="inet6 fdxx:xxxx:xxxx::1 prefixlen 64"

aliases do not care what family

but the stack does care

after 'service netif restart igb0', the network didn't come back... now I figure it might been sshd which needed a restart, but a reboot is underway.

I like to put a kicker to a perl script in /etc/rc.local that basically equates to if you cant ping 8.8.8.8 or 1.1.1.1 then dhclient INTERFACE

not really very clean, but its helpful at times

ipmi access > any script hacks :D

same as kvm/ip :D but meh

To recap, IPv6 stack seems fine. The problem is getting rc.d to assign aliases via IPv6. I tried boot_verbose="YES" but that belongs in /boot/loader.conf, not /etc/rc.conf :p

dvl: rc_debug="YES" in rc.conf

cgit.freebsd.org/src/commit/?id=0a402ad2e6 nice :)

Title: src - FreeBSD source tree

debdrup: long options for daemon? should be good.

dvl: yep, it's gonna be useful for scripting

yuripv, I really need to patch my irc client to not highlight on m/\Q$nickname\E/ :P

dmesgd.nycbug.org/index.cgi?do=view&id=6937 FreeBSD 12.4 booting with 32MB memory.

Title: NYC*BUG dmesgd

daemon, if that's irssi, no need to patch. Just /set hilight_nick_matches OFF

V_PauAmma_V, hexchat :P

maybe change your nick to daemon666

...or something

la_mettrie, nah if anything I would change to my actual real name

daemon, if you mean hexchat doesn't have an equivalent option, I'm sorry to hear that.

V_PauAmma_V, it really does not somehow -_-

:-(

you would think the default for every irc client would be m/^\Q$me\E[:, ]/ ; but apparently not somehow

yuripv: added that.

I'm not seeing anything, but confirmation that nginx fails to start [because the IP addresses it will listen on are not there]: Feb 10 23:03:52 r720-02 root[4757]: /etc/rc: WARNING: failed to start nginx

dvl, the general best practise is tell it to listen on everything 0.0.0.0 got ipv4 or .... I forget what it is for ipv6 perhaps just the port

then use firewalls to lock down access

daemon: Well, in this case, nginx not starting alerts me to the ip address issue...