aaaaand, to be fair, having worked in many companies that took the idea of gold servers to extents that made them silver at best, and radioactive waste in your data centre at… as standard, i can see why people frown at Docker images

it's that same concept, multiplied by a thousand

Since this is probably a 14-CURRENT issue: forum.netgate.com/topic/178114/23-01-upgrade-no-longer-sees-ada1

Title: 23.01 upgrade no longer sees ada1 | Netgate Forum

is there analog of this one lore.kernel.org/lkml/20171211165216.5604-1-hdegoede⊙rc

Title: [PATCH v2] ahci: Allow setting a default LPM policy for mobile chipsets - Hans de Goede

maybe in hints.ahcich ?

There are "power_profile" & "power_profile_cx_lowest" variables for "/etc/rc.conf"; besides that there are CPU specific MIBs.

reference: /etc/rc.d/power_profile

s/performance_cx_lowest/{economy,performance}_cx_lowest/

i know this

🤷‍♂️

angry_vincent: what happens when you try?

What does "host is passive" mean in state "1: device is allowed to initiate PM state change, host is passive;" (in "achi(4)" manual page)?

... that was for "hint.ahcich.X.pm_level"

State 5 "driver initiates SLUMBER PM state transition 125ms after port becomes idle" of "hint.ahcich.X.pm_level" seems to be the most workable on low use ZFS system

While Firefox is open (& not suspended via SIGSTOP; 2-SSD ZFS mirror system), I see disk activity light turn on periodically; could also be due to other periodic jobs

parv: you could start Firefox via `truss firefox` and have a look, whether there is some correlation.

Kalten6897, I could but am not concerned really, mainly for I am not using "hint.ahcich.X.pm_level" to put SSDs in lower power state which in turn would affect ZFS

Kalten6897: dtruss.

meena: what is `dtruss`?

I am content to send SIGSTOP to firefox process before leaving the 'puter for extended period

It does tend to calm the mashine down quite a bit ;-)

Kalten: it's truss built with dtrace, so it won't trash the proces it's tracing

it's in dtrace-toolkit

Ah, from "sysutils/dtrace-toolkit" port

yes

meena: ah! Thank you.

meena, How does "truss" trash a process?

ptrace is userland tracing, so it's quite slow, as in, it slows the process down a lot. dtrace is kernel level tracing, and doesn't do that (not significantly, anyway)

some processes don't like to be slowed down this much, and exhibit pathological behaviour that you're not even looking for

meena, (hmm) Thanks

speaking of all above, what i investigating is what triggering GPU hangs and freezes. it might be SATA power settings and also GPU power settings

Hi, I am moving from linux to freebsd. I have a single laptop and no other machine and this is what i use for my daily stuffs and work as well. I am a freelancer. Is it safe to use freebsd 14.0-current? how often do i face crashes? your opinion and suggesiton would be very helpful

also, freebsd.org/security/#sup doesn't show the EOL for 14.0?

Title: FreeBSD Security Information | The FreeBSD Project

For -current any crash should not be a surprise; do read about the expectations docs.freebsd.org/en/books/handbook/cutting-edge/#current-stable . Else 13-stable or 13.x-release otherwise. See also klarasystems.com/articles/evaluatin…-freebsd-current-for-production-use

Title: Chapter 25. Updating and Upgrading FreeBSD | FreeBSD Documentation Portal

I am using 14-current on a desktop & a Framework laptop

... and have not had any things unexpected happen yet

parv: how is experience?

parv, thanks for the link and the advice will go through them. How long have you been on 14-current? what's your experience?

wonder, when they provide ryzen builds

angry_vincent, Fine, nothing different than from 13/stable

On Framework laptop -current has been c 202202; on desktop probably mid/late 2022

would you say you've faced crash/stability issue atleast once or twice during this entire time?

For Framework, make that c 202203

Nope

so you've not faced stability issues yet?

I am not the one to repeat my answer in a short period of time

sozuba: most people who run CURRENT, also subscribe to the mailing list, and some even follow commits to ensure they're not building something broken

parv, sorry. Nope could mean no not once or twice may be more, or no none. So i wanted clarification. But I understand and appricate your time and suggesitons. Thank you

sozuba: for example: right now i would not run an NFS server on current, unless you're a developer interested in contributing experience testing, but reports or patches

meena, ah that's a valid point for me to ponder into. Reading links shared by parv and what you've shared now, makes me look at using stable.

meena,got it :)

thank you

10 minutes ago, I wrote: ... and have not had any things unexpected happen yet

parv, ah okay. I see that now. I missed it, my mistake and I apologise.

unexpected can look very different if you're not following the freebsd-current@ mailing list / commits

Yeah, like to need to build drm-510-kmod from the ports at one point

meena, i think i will start with stable for now and may be move to current after I am cofortable enough. The thing is, i am used to used to being on bleeding edge and so was thinking may be i could survive that way here too.

i would worry about build erros that happen, that i can report and may be see what the error is about, but if for example wifi and other essential things malfunction, then that would be really bad, considdering i move around a lot.

sozuba: I would still recommend you subscribe to the FreeBSD-stable@ mailing list

meena, yup definitely doing that now

:)

Subscribe to the mailing list; do not install from the latest source commit if need to have a working machine in order to run -current

there's far less surprises on STABLE, but better to have a channel

parv: unless you just saw a fix for your current problem ;)

parv, got it. Will heed to that

meena, Now ... right

I stick to release for desktop, everything else in VirtualBox VMs

sozuba: I also have PkgBase builds for CURRENT and STABLE, and Michael Dexter has a freebsd-update server for those

Speaking of releases, a 12.x (before 12.4) NFSv3 server was timing out for CentOS [78] NFS client; issue was gon after swicting to 13.0

alpha.pkgbase.live and

Title: Unofficial FreeBSD pkgbase repository

meena, what are pkgbase builds?

up.bsd.lv respectively

Title: FreeBSD CURRENT and STABLE Binary Upgrades

sozuba: PkgBase is a way to install and upgrade base as packages

i guess i have to read a lot more to understannd the freebsd/bsd ecosystem

meena, ah, i was wondering, that's awesome. :)

FreeBSD is the only BSD that has that, but it's not yet officially supported by the release team

meena, okay. I saw that unoffical line in the title.

so i can install stable but still have the base packages updated to latest. That's cool :)

🤞might get a beta with the 14.0 release 🤞

the first ride will be messy, so i recommend using boot environments if you wanna go down that route

meena, will be able to roll back a package or multple packages if i face any issues?

up.bsd.lv might be easier to get started with

Title: FreeBSD CURRENT and STABLE Binary Upgrades

especially from caches, if i lose network

with boot environments, yes

meena, reading it :)

but i also have a few months off builds

you can enable the automatic creation of boot environments in freebsd-update, something PkgBase doesn't do yet

I should put thatoon the todo list

doon't understand what boot-environemnts are and how its related, but i will read abou them, now that you've given me an idea

meena, that would need pkg to support automatic be creation.

Ellenor: maybe. maybe it could just be done with pre/post scripts

sozuba: man.freebsd.org/bectl(8)

Title: bectl(8)

maybe.

but then wouldn't BE critical packages all create their own BE?

or are pre and post scripts done after all packages, am I misunderstanding something

meena, thanks :)

Ellenor: yeah, true. needs to be worked out

likely, we'd need a wrapper, like how Debian has do-dist-upgrade

I think BE-criticality needs to be made a feature of the package manager itself, which packages can set and are expected to not use maliciously.

but then again, what know I? I'm just a dog on the internet that didn't finish high school.

I didn't finish high-school either, and I'm currently walking a dog, in real life

Ellenor, meena i hold a master's by research, but has been useless due to the fact i work in a completely different field just to make some money. I beieleve experiences matter, and i don't even have that.

sozuba: Hillel Wayne has very good essays on how "crossovers" succeed

thanks meena ill search. But i am not even sure what i am crossing over to. I've been in and about everything and constantly changing environment just to work things out

but will defintely read.

why does resilvering take so much CPU? i've been resilvering for the last 5 days after replacing a drive, so far 3.4 TB resilvered, and the CPU usage the whole time has been like 90% on all cores (4 core 1ghz).

i thought the process was being bottlenecked by my drive case / USB connection, but the high CPU usage indicates its probably a CPU bottleneck

SymbioticFemale, it likely has to perform a ton of XORs, and there's probably a few iowaits too.

and checksums

or it could be indeed bottlenecked by usb connection, and high cpu usage being result of freebsd not implementing that new way of accessing the usb mass storage (don't remember what it's called)

right, somebody should sit down and implement that…

There's BOT and UASP, with the latter being the one that isn't supported yet.

Bulk-only transfer doesn't really take up that much CPU, but it all adds up.

SymbioticFemale: have you launched top with -S to see the system processes (ie. kernel threads) that's responsible for taking up the CPUtime?

i'll do that

ah, its geli

my drive is encrypted

If you don't have AES-NI, that'll definitely do it.

SymbioticFemale: you sure the drive isnt one of those snuck in smr drives?

afaik resilvering on smr takes like 20x the normal time

100% sure. also i'm narrowing down the problem here because i have AES-NI support but for some reason its geli is defaulting to software instead of hardware

oh.. well thats not good heh

if fbsd that should just.... work

Macer: are you sure about that?

err, wrong hilight.

debdrup: no.. not sure if it can or cant

oh heh

no io tomfoolery in the kernel logs?

i was also wondering about whether i may have disabled it in BIOS, but i note that one of my drives is indeed listed as "Crypto: accelerated software" and the other two are "Crypto: software", despite all three being AES-XTS

i didnt think the thpe of drive mattered

SymbioticFemale: please do `grep -i aes /var/run/dmesg.boot | nc termbin.com 9999`

Where are youu seeing that two of the drives are using software?

i think the message is simply misleading, it says software, but hardware is being used

angry_vincent: thats my understanding of the meaning "accelerated software" but "software" means software, i think

It depends on the version.

aes-ni will appear as software encryption on 12 and as accelerated software on 13 (or 14?)

I'm still curious where you're seeing that one drive is using accelerated software while the others are using hardware

plaintext paste of "geli list" and the requested grep of dmesg.boot paste.debian.net/plainh/3fc4bfab

perhaps the "AuthenticationAlgorithm: HMAC/SHA256" ?

hello, I'am lurking but I have a question. How did you see the drive use software of hardware encryption acceleration?

SymbioticFemale: have they been initialized the same way?

Lovis_IX: rubenerd.com/checking-if-freebsd-geli-is-using-aes-ni

Title: Rubenerd: Checking if FreeBSD geli is using AES-NI

Lovis_IX: `geli list` will show it

debdrup: unknown. has been a number of years since the drive with 'accelerated software' was initialized

debdrup: thanks

SymbioticFemale: Ah, I think I see what's going on; you're right that it's linked with the HMAC, because I think that's what's causing it to fall back to software as AES-NI can't handle SHA256

alright. mystery solved.

The newest Xeon scalable CPUs are purported to have SHA256 accelerated, and AMD has had it for a while - but nothing else to my knowledge can do it.

It's a bit ironic that AES-NI can't handle SHA256, because part of AES-GCM involves a HMAC in the form of a SHA2 checksum - so they had to implement most of it already.

Also, there's one other way to get SHA2 checksums accelerated - via qat(4).

Although I'll also note that adding a HMAC to AES-XTS when what you're encrypting is a ZFS pool isn't really going to do anything for you.

i'll just rebuild it without it

much thanks for your help debdrup :)

The reason a HMAC for integrity doesn't do anything for a ZFS pool is that while the checksum used in ZFS might not be cryptographically secure (fletcher4 isn't), that doesn't mean anything because it's impossible to modify that AES-XTS data that makes up the ZFS record and still have the record match the checksum.

yeah

It might be possible to make GELI use AES-GCM which would get you the HMAC, but I can't see that adding anything.

I just read the handbook and wiki to try and understand the different releases and their support cycle. Please correct me if i've understood it wrong and forgive me if i've failed to find information that i could have easily found.

Talking only about stable and their derivative releases, if Stable 13.0 is the long term support release, with a minimum 5 year cycle. Then, when a 13.1 release happens, does it superseed the 13.0 stable release? and so on, with 13.2 which has a eol of 13.1+3 months. If so what happens to 13.0 after 13.2 comes out and considering 13.2 is the last release in that number, will it be supoorted

through the original five years of the original stable release for that number?

sozuba: STABLE isn't a release

the STABLE branches are the ones from which releases are cut

well, after branching off…

yeah sorry about the terminalogy. so 13.0 is stable, 13.1, 13.2 and so on are the cut release ?

right now, you can see this on action on releng/13.2. 13.2 is in beta, branched off from stable/13 about a week ago

yeah noticed that

13, without the dot. 13.0 was the first release in the 13 series

13.2 is supossed to be out by march end?

ah okay, now i undertsand

so let's say 13.2 is the last release in this series, will its end of life suport be till 2026 as well?

12.4 is still supported

you can go from there: when was 12.0 released? etc

ah okay got it :)

now i have a good picture. Thank you very much for your help

meena, ^^

in general, we have about three years of support for each series, but some vendors might support their cut a little longer

PS3 is based on FreeBSD 9, and I still get updates ;)

(tho i have no idea what kind of updates)

Perhaps Sony backports bug and security fixes and adds their own features?

yeah that's what i think too. I've never owned a concole, so i've no idea.

console*

vdamewood: I have done release management on server software written in C++ for a while, and I can tell you, it was no fun backporting fixes to older branches, while making sure you're not breaking ABI, i can't imagine how much fun that would be for kernel and drivers

but then, they have people who do this as their job, not their terrifying hobby.

Yeah, it's also probably better than the alternative.

like, most consoles since… who knows when, are internet connected, so, yeah, keeping them up-to-date would be good.

hi there, is there a way to tell "freebsd-update" to not end up in a pager i need to quit with pressing "q", but simply dropping stuff on STDOUT and then actually exiting?

not that i know of

freebsd-update(8) even says how to do it (see PAGER)

What's a reasonable screen locker for FreeBSD that can lock X and all the VTs, either from within X or from a VT?

I've tried vlock, but it didn't accept my password for whatever reason.

msiism, I had the same issue with xscreensaver, decided to switch it off for now and look for the solutions later on.

There's nothing that can affect both ttys and a graphical UI.

lock(1) (which can also be invoked from tmux, which is rather handy if you've got it on a console window) works on ttys, but the only one I know of that works (correctly) for Xorg is Xscreensaver.

Well, vlock can actually do what I'm looking for, it seems.

Maybe it just doesn't respect locale settings.

lock(1) can lock ttys too, and is in the base system.

It is one of the few things that survive to this day, from all the way back in 3.0BSD

Its so old, it still has the 1980 RUC Copyright :3

I also wonder why `startx` puts my X session on some other TTY instaed of the very TTY I'm working on.

That would be what I want.

You're not supposed to use starts, you're supposed to use a display manager which starts on ttyv8 as defined in /etc/ttys, and which is then responsible for handling logging in and executing your graphical UI.

Using startx means that anyone who can cause your session to crash will have local access privileges to whatever user you're logged in as.

I only use startx, since I want to be at regular tty when I boot my system.

debdrup: Terrific.

(it also used to be possible to simply zap the Xserver by doing ctrl+alt+backspace, but fortunately that default-on was instead turned default-off)

xtile: what stops you from simply switching to a tty from your display manager?

I unfortunately have an Nvidia video card, so I need to not have graphics automatically start when the system boots, especially after upgrades.

that's my reasoning

I can sort of see your point, but aren't you better off using kld_list to load nvidia-modeset then?

rebuild the module before booting the new kernel? also load the module in rc.conf, so you can always fix by booting single user

I wouldn't be against manually starting a display manager from a tty

xtile: I don't think that's really doable

aha

right now i use the nvidia-driver-470 pkg but I used to be manually compiling the driver

i switched over to the package once linux packages were no longer dependencies

but it's still fussy in terms of needing to do nvidia-xconfig at certain times

as for upgrades

why do you need the nvidia-xconfig at all?

graphics don't work without it

Maybe it's changed more than I thought since used a machine with a nvidia card in it, but it didn't used to be this complicated.

I'm running some Nvidia legacy driver that I think I just installed as a package.

Had to switch off some binary compatibility check, though.

I was warned graphics might behave strangely when doing that. But I had no choice.

It's working pretty well so far.

is there a flag for pkg install that'll install only the *dependencies* of a specified package, but not that package itself?

freebsd is nice

indeed.

concrete houses are nice too.

I don't think brutalism is inherently depressing.

Futuristic and spartan, maybe.

'Course. . . if you grew-up in a Soviet or North Korean apartment block, you might think it's pretty depressing.

from what I've heard all these concrete block buildings have chronic leaky roofs

Anything with a flat roof would, yes.

trying to install proper FreeBSD for the first time

is there any way to watch progress in dd?

luna: use argument status=progress

la_mettrie: ah if its already started i have to redo it right?

yes

la_mettrie: you can also whack control-t and it'll give you status

luna: ^ without restarting

mason: ah that what i was looking for thanks :)

That said, I like setting up status=progress at the start most of the time.

forgot about it this time and already written 600mb of a gig

sure

Nice that there are options. :)

yeah thanks

gonna figure out if proper FreeBSD works better then GhostBSD on my Core2Duo laptop

Shouldn't probably be a ton of difference.

sha-1 is git's default file hashing algo?

yes

good evening

bsdbandit: o/

hm. speaking of the earlier discussion about aesni and geli. doesn't newer openzfs support dataset encryption?

Macer: Yes, but it's problematic beyond not encrypting metadata.

oh. ouch? heh

ah seems like klara has an article about that

baby steps,…

Title: OpenZFS Native Encryption | Klara Inc

let me give that a read

It is possible to replicate snapshots of unencrypted datasets to encrypted datasets by including the -x encryption option in the zfs recv command. <- wow that seems pretty handy

the metadata doesn't seem to be a big issue. that is just the name of the dataset it is talking about correct?

Macer: The bugs in implementation and the limitation of having just one key are probably bigger issues.

Presumably the former will be fixed with time.

FreeBSD 13.1 uses OpenZFS 2.1, right?

V_PauAmma_V: freebsd.org/releases/13.1R/announce

Title: FreeBSD 13.1-RELEASE Announcement | The FreeBSD Project

V_PauAmma_V: ZFS has been upgraded to OpenZFS release 2.1.4.

Thanks for confirming my recollection.