00:42:47 just spent a bunch of time trying to get mate installed for a graphical desktop in a VMWare FBSD host. 00:42:49 that did not go well. 00:42:53 I am sure there's a trick to it 00:44:31 was using this for inspiration 00:44:31 https://www.youtube.com/watch?v=94RWnYI0Ul0 00:44:33 Title: FreeBSD as a Desktop? Here's How! - YouTube 01:00:43 I use desktops as such a simple commodity that the difference between Mate and other desktops for me is insignificant. 01:00:48 Therefore if Mate is difficult I would just install one that installs easy like XFCE and use it instead. 01:01:33 Full disclosure though is that I am not running a Desktop Environment at all but just a plain window manager. Running i3. So I am probably already not understanding the attraction of the heavy DEs. 02:30:43 DrKK`: I have never used Mate. Spent most of my time in gnome2 and xfce, though I also tried to use enlightenment and compiz a while back. I would say .. go with a "known" first, then switch when everything is working. 05:28:38 ghoti, isn't Mate the continued development of gnome2? 05:29:29 "The MATE Desktop Environment is the continuation of GNOME 2." 05:29:34 Why yes it is! 05:29:44 https://mate-desktop.org/ 05:29:45 Title: MATE Desktop Environment | MATE 05:30:34 MATE is well done DE. 05:31:13 I figured out today it lacks the ability to reverse the directon of two finger touch pad scrolling. 05:31:25 It defaults to backwards. 08:29:02 is there a easy/auto way to get portmaster to build php80 pkgs from my installed php74 ones? 09:05:32 "vfs.zfs.arc_free_target" takes number of pages. So how do I find how many bytes are in a page? I am amd64 system 10:12:11 "sysctl hw.pagesizes" (not sure which size that is, of the 3 this returns.) 10:16:04 Oh, they left. Never mind. 10:52:58 it only returns 2 on i386 10:54:46 1Gbyte pages in a 4Gbyte memory space would be quite a challenge 11:55:44 * V_PauAmma_V nods at paulf. (Spinning up an i386 VM is too much work, so I'll take your word for it.) 13:17:07 so new server, i want to jail each service i run to keep configs and disk space separate. that's 1 IP on my network per jail for the easy config. 13:40:38 Catching up with BSD Now, also nice to see some FreeBSD people at FOSDEM :) 14:49:11 maybe i should listen to BSD Now while doing dishes… 14:58:46 I'm a few episondes behind 14:59:08 i am 2 episodes behind atm /me is catching up 15:41:47 BSD Now? 15:42:16 bsd now and laters 15:42:34 Oh, not the same thing I was remembering. 15:43:54 There was a BSD podcast years ago. 15:44:48 http://bsdtalk.blogspot.com/ 15:44:50 Title: bsdtalk 15:44:57 I was actually a guest on there once. 15:55:48 Is there a way to prevent a script from running other interpreters when being run under sudo ? 15:57:01 sudo is basically a passthrough, it elevates your permission to run what you allow it to run 15:57:08 if you're allowing it to run, it can run however it wants 15:58:18 * zykotick9 doesn't think most scripts are sentient, thus they run as they are written. Isn't this what the hash/bang is for? 16:01:00 yeah its a pass through, but was curious if anyone is aware of a way to prevent this particular pass through. 16:02:11 mns: what's your rules look like right now? 16:02:12 the best way... allow a specific script only 16:04:44 meena: the rules are controled, only a particular service account can execute a particular script as sudo. the thing is if I have a script and put something like "bash -i" or "tcsh -i" or even "ksh" it would drop into a shell with root access. 16:08:19 mns: but that's always an issue. it seems easier with scripts cuz they are text that someone can trivially edit, but that's literally what a root shell exploit is 16:12:29 hi, is du command broken on bsd ? 16:12:45 dh -B 512 file 16:13:35 sorry, the output of "du -B 512 file" and "du -B 128 file" is the same 16:13:48 and both is wrong 16:13:56 meena: that's what I figured, that this would be an issue from day 1 of sudo's existence. I was getting pushed back from some folks at work that this is new. 16:20:21 nerozero: the man page does say "Unless in -A mode, blocksize is rounded up to the next multiple of 512." which might explain why the value is the same for both... 16:21:27 zykotick9, value is still wrong 16:21:53 nerozero: sorry, I have no further suggestions. Best of luck. 16:25:38 CrtxReavr: well I'll be darned, you're right, Mate IS the continuation of gnome2. You can tell that it's been a while since I've used gnome2. ;-) 16:43:25 hi fellas, any suggestions for connecting to v2ray, shadowsocks, vmess VPNs on FreeBSD 13.1? 16:43:41 none of the clients I know work on FreeBSD nor are ported 16:50:25 "pkg search v2ray" and "pkg search shadowsocks" both return something. Have you look at those? 16:53:15 the v2ray pkg that pkg search returns is for creating v2ray proxies 16:53:59 I need a client like qv2ray or nekoray that supports the aforementioned protocols 16:59:07 I don't know, then. What OS do the clients you know about run under? 17:01:29 they run under all GNU distributions and windows. 17:02:44 Then I'd try one with the Linuxulator. 17:10:03 somehow I completely forgot about that :[ thanks friend 19:12:15 nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: /usr/local/share/lua/5.1/resty/core/base.lua:23: ngx_http_lua_module 0.10.22 required) in /usr/local/etc/nginx/nginx.conf:499 -- 13.1-stable, nginx 1.23.3 19:12:17 Title: OpenResty - Download 20:16:46 mns: you can put checksums in the sudoers file too, so that only the exact version of the executable you aprove to be executed is allowed 20:24:38 that's a new one to me 20:50:49 I've used iocage to create a plex jail. I mounted the media via NFS on the host into the jail's path. Once I start the jail I can see the media just fine. Plex, however, cannot. Am I missing something? I don't feel like I'm missing anything. 21:02:33 nimaje: that's interesting with teh checksums, any pointers would be helpful. 21:03:54 mns: so you're saying you'v got a script, #!/bin/sh something and you're worried that someone who runs it under sudo might change the script and get a shell? 21:09:09 rtprio: yes, if someone adds somethign like "bash -i" or "ksh" or "/usr/bin/python" they end up at a prompt with root access. 21:09:46 mns: why do they have read or write access to the script? 21:10:12 it should be chmod 711 21:10:36 Can anyone confirm NFS server and client is an absolute no-go inside a jail? 21:11:05 Trying to avoid mounting from the host as the jails have to sometimes move between hosts and I'd prefer the jail remain "self contained". 21:11:59 Not tied to NFS as the only option, but also not aware of any other simple file sharing protocols that would fit the bill. 21:12:25 spork_css: it doesn't use raw sockets, i don't see why it wouldn't work; are you running into problems? 21:13:34 rpcbind and mountd start OK, but nfsd just dies on startup: 21:13:36 root@test1:~ # /usr/sbin/nfsd --debug -t -h 10.3.2.188 21:13:36 nfsd 78156 - - Can't read stable storage file: Operation not permitted 21:13:56 "stable storage file" is this stuff in /var/db: 21:14:14 root@test1:~ # ls -l /var/db/nfs-stablerestart* 21:14:14 -rw------- 1 root wheel 0 Feb 10 05:48 /var/db/nfs-stablerestart 21:14:14 -rw------- 1 root wheel 0 Feb 10 05:48 /var/db/nfs-stablerestart.bak 21:14:40 And the nfsd startup script bails because the sysctls it tries to set are not settable inside a jail. 21:15:09 Googling suggests nfs just isn't jail-friendly, but never found anything definitive because so many of the answers are from like 10 years ago. 21:15:29 rtprio: apparently no one bothered with that sort of stuff in this legacy setup. should be chown root; chmod 711 21:16:07 nimaje: I found the documentation for checksums. thanks! that will be another layer of precaution on top of what is there. 21:17:08 mns: a sudoers(5) calls it digest check, but comes with the race conditions warning of course "Warning, if the user has write access to the command itself (directly or via a sudo command), it may be possible for the user to replace the command after the digest check has been performed but before the command is executed." 21:19:03 nimaje: yes I see that. 21:44:56 Very odd situation on my host. I'm getting IPv6 addresses which I'm not assigning, not getting the ones I am assigning, and I'm not using dhcp. https://dan.langille.org/?p=7187&preview=1&_ppp=9ea4108244 21:45:00 Title: Not all aliases are added after reboot – Dan Langille's Other Diary 21:49:56 dvl: it says autoconf, so it's accept_rtadv in your ifconfig line 21:50:07 (a bit different from dhcp :) 21:50:47 yuripv: this line: ifconfig_igb0_ipv6="inet6 2610:1c0:2000:11:c94e:eea5:e1da:c49b prefixlen 64 accept_rtadv" 21:51:46 accept_rtadv says "do the SLAAC", also known as autoconf 21:58:40 dvl, that's conflicting syntax. 21:59:04 In multiple ways. 21:59:09 CrtxReavr: so I am learning. I've removed the accept_rtadv and waiting on the reboot. 21:59:42 with _ipv6, inet6 is inferred. . . so drop it. 22:00:09 Also, you either set a static IP, or you accept_rtadv, not both. 22:00:27 dvl: FreeBSD dhclient doesn't support DHCP6 :( 22:00:56 meena: yeah, on AWS, I was using something named dual_client? 22:01:10 And if you're setting a static IP, then I would set something that's a lot less typing than 2610:1c0:2000:11:c94e:eea5:e1da:c49b, like 2610:1c0:2000:11::2, for instance. 22:01:28 CrtxReavr: I don't need to type it more than once though. ;) 22:01:57 And even then, it's copy/paste. half from my docs, the other half from a random generator 22:02:14 Honestly, I would use SLAAC. . . the IPs are predictable, based on your MAC address. 22:02:48 So long as the infrastructure is there to provide it. 22:03:18 CrtxReavr: I'm in a datacenter. I wasn't told about SLAAAC when they gave the address block and the gateway. 22:03:52 Fair 'nuff. 22:04:42 OK, I removed accept_rtadv from my config. That IP gets assigned, none of the others do. 22:04:48 dvl, this for the pkg cluster, by chance? 22:04:54 dvl: it's awful. it's cperciva's hack to install a current ISC-dhclient, and use that for v6, while using the one in base for v4 22:05:10 CrtxReavr: No, a host acting as a FreshPorts node. 22:05:16 Ahh 22:05:35 i don't understand why we don't burn the one in base and replace it with something from this century (literally. it was forked in 1997) 22:06:14 All my IP4 address have been assigned. But none of the IPv6 aliases 22:07:30 I have this theory about the gateway_enable on this host.. Let me follow that rabbit hole for a bit. 22:08:23 CrtxReavr: I don't have time to contribute to pkg cluster. :) 22:09:50 dvl: any errors on boot? I guess it would/should whine if it can't set the v6 aliases 22:10:05 yuripv: I've been looking in /var/log/console.log 22:14:54 yuripv: Not seeing anything in /var/log/messages either. 22:19:16 I'd try listing v4 aliases first and v6 ones after that 22:20:01 I see I have rtsold_enable="YES" 22:23:44 yuripv: OK, just did that. RIght now, my hopes are on rtsold 22:26:18 Recollection check: packages are only available for -RELEASE (and mayyyybe -STABLE), but never -CURRENT, correct? 22:26:50 rtsold sounds a bit silly. 22:27:09 CAn you ping6 ff02::2%igb0 22:28:27 dvl? 22:28:37 CrtxReavr: Yes, I can ping that, and I've just rebooted without rtsold enabled. 22:29:00 And what IP responded? 22:30:18 fe80::d272:dcff:fec9:75bf%igb0, 22:30:48 so you set ipv6_defaultrouter="fe80::d272:dcff:fec9:75bf%igb0" in rc.conf? 22:31:13 no, it's ipv6_defaultrouter="2610:1c0:2000:11::1" 22:31:21 route -6 add default fe80::d272:dcff:fec9:75bf%igb0 - I THINK to test it without the rc.conf entry 22:31:38 or whatever gateway it is 22:31:59 ping ipv6.google.com ; is the test I use to check it works 22:32:02 ping^ 22:32:05 ping68 22:32:33 Well something's working, 'cause I can ping 2610:1c0:2000:11:c94e:eea5:e1da:c49b, so I guess you're good. 22:32:37 I can ping6 stuff out there. 22:32:54 I just can't assign IPv6 addresses via /etc/rc.conf. 22:33:16 dvl, https://forums.freebsd.org/threads/ipv6-aliases-in-rc-conf.69406/ 22:33:17 Title: Solved - IPV6 aliases in rc.conf | The FreeBSD Forums 22:33:50 boot_verbose="YES" for starters... 22:33:58 dvl: if you have IPMI on that box (in case everything goes down), i'd also try service netif restart igb0 and see if there are any issues 22:34:42 yuripv: I have IPMI but I was having trouble last night getting there. 22:34:52 if not you could always schedule a reboot in an hour; and then do a netif restart &© /var/log/messages to ~/mylog 22:35:05 there's also an rc_debug variable, not sure if it would help to see the commands executed though 22:35:15 I got the ipmi prompt, let's see 22:36:01 dvl, I sometimes find it useful when dealing with likely ancient IPMI interface to use virtualbox to emulate something from the same era to connect to it ... ie6l thank you 3com 22:36:41 I. Got. Root. via IPMI. 22:37:01 daemon: this IPMI is a Dell iDRAC7. 22:37:39 no idea what year that is, but I just find IPMI especially ones based on java or java webstart do better with as VM client to deal with the old :P 22:38:07 java ones usually come (came) from supermicro, idracs are (should be) html5 now, which is a good thing 22:39:45 until we are on html5; it just seems IPMI should be a standard even if its insecure that is locked down from the outer gateways 22:39:59 html6* - my typing is terrible tonight -_- 22:40:27 CrtxReavr: got a warning, inet6 is needed on ipv6 alias. 22:41:03 dvl, yes via rc.conf every line for an alias relating to ipv6 requires its family designation 22:41:17 ifconfig_lo1_alias1="inet 10.0.0.2 netmask 255.255.255.255" 22:41:18 ifconfig_lo1_alias2="inet6 fdxx:xxxx:xxxx::1 prefixlen 64" 22:41:27 aliases do not care what family 22:41:30 but the stack does care 22:42:39 after 'service netif restart igb0', the network didn't come back... now I figure it might been sshd which needed a restart, but a reboot is underway. 22:43:30 I like to put a kicker to a perl script in /etc/rc.local that basically equates to if you cant ping 8.8.8.8 or 1.1.1.1 then dhclient INTERFACE 22:43:55 not really very clean, but its helpful at times 22:45:42 ipmi access > any script hacks :D 22:46:28 same as kvm/ip :D but meh 22:50:00 To recap, IPv6 stack seems fine. The problem is getting rc.d to assign aliases via IPv6. I tried boot_verbose="YES" but that belongs in /boot/loader.conf, not /etc/rc.conf :p 22:54:02 dvl: rc_debug="YES" in rc.conf 22:55:19 https://cgit.freebsd.org/src/commit/?id=0a402ad2e6 nice :) 22:55:21 Title: src - FreeBSD source tree 22:55:54 debdrup: long options for daemon? should be good. 22:56:25 dvl: yep, it's gonna be useful for scripting 22:58:49 * yuripv feels sorry for daemon 22:59:19 yuripv, I really need to patch my irc client to not highlight on m/\Q$nickname\E/ :P 23:01:08 https://dmesgd.nycbug.org/index.cgi?do=view&id=6937 FreeBSD 12.4 booting with 32MB memory. 23:01:09 Title: NYC*BUG dmesgd 23:04:58 daemon, if that's irssi, no need to patch. Just /set hilight_nick_matches OFF 23:05:23 V_PauAmma_V, hexchat :P 23:06:03 maybe change your nick to daemon666 23:06:20 ...or something 23:06:28 la_mettrie, nah if anything I would change to my actual real name 23:16:40 daemon, if you mean hexchat doesn't have an equivalent option, I'm sorry to hear that. 23:17:00 V_PauAmma_V, it really does not somehow -_- 23:17:35 :-( 23:18:21 you would think the default for every irc client would be m/^\Q$me\E[:, ]/ ; but apparently not somehow 23:24:08 yuripv: added that. 23:38:06 I'm not seeing anything, but confirmation that nginx fails to start [because the IP addresses it will listen on are not there]: Feb 10 23:03:52 r720-02 root[4757]: /etc/rc: WARNING: failed to start nginx 23:53:09 dvl, the general best practise is tell it to listen on everything 0.0.0.0 got ipv4 or .... I forget what it is for ipv6 perhaps just the port 23:53:14 then use firewalls to lock down access 23:53:42 daemon: Well, in this case, nginx not starting alerts me to the ip address issue...