00:44:36 <debdrup> Demosthenex: i bought mine from freebsdmall, but i wanted the old-school ones
01:21:55 <crb> I've been LOVING running a linux VM under bhyve but one thing I like about VMWare is the ability to cut and paste between host and guest vm, is there a way to do this in bhyve?
01:53:39 <rtyler> Do any of you folks happen to know if you can convince Python to run Linux wheels using the Linux compat layer?
01:59:52 <edenist> probably could. sounds painful though, lol. would probably spend more time getting it running than you'd save by just using a source distribution no?
02:00:28 <edenist> is there something which doesn't build well on freebsd?
02:05:07 <rtyler> well, the upstream does not provide wheels at all for FreeBSD, but they have some manywheels
02:05:17 <rtyler> and their modules don't pip install
02:21:35 <vishwin> rtyler: what's wrong with just installing the source?
02:21:40 <vishwin> also what's the package in question lol
02:24:17 <rtyler> vishwin: give stt a try ;)
02:26:53 <vishwin> this one? https://pypi.org/project/stt/
02:26:54 <VimDiesel> Title: stt · PyPI
02:27:54 <rtyler> aye
02:30:09 <vishwin> yeah you're either better off creating a port for it or setting up a full linux python distribution
02:30:34 <vishwin> there is no FreeBSD bdist wheel dealer, we (ports) are :-)
03:32:11 <Demosthenex> debdrup: i guess they do have one sheet of stickers
04:09:02 <sixpiece> is it possible to get laravel to work on freebsd?
05:39:00 <CrtxReavr> Anything is possible.
08:27:11 <Demosthenex> llua: Hezestraat 110
08:27:11 <Demosthenex> 3290 Diest
08:27:15 <Demosthenex> pfft
08:27:27 <Demosthenex> llua: https://dpaste.org/zBtYR
08:27:28 <VimDiesel> Title: dpaste/zBtYR (Python)
08:27:28 <Demosthenex> there :P
10:16:05 <angry_vincent> anyone running system with custom set of modules, for example with MODULES_OVERRIDE?
14:22:10 <CrtxReavr> What does 'CLOSED' mean in 'netstat -a' output?
14:38:00 <Midjak> Hi, I have a conflist in port with at-spi2-core needed by adwaita-icon-theme needed by gtk3 and gtk4. Both are installed on my system. What is the proper way to deal with this conflict ?
14:45:59 <debdrup> CrtxReavr: it means that an existing connection was closed and an TCP RST was sent to the remote host, if memory serves.
14:47:37 <debdrup> You probably want to have a look at sockstat(1)
14:49:00 <Midjak> my conflict is related to this port https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269704  but I don't understand what al I supposed to do with that ?
14:49:03 <VimDiesel> Title: 269704 – (at-spi2-core-2.46.0) [exp-run] accessibility/at-spi2-core: update to 2.46.0
14:49:28 <Midjak> is there a way to remove it ?
14:49:38 <CrtxReavr> debdrup, so like a FIN was sent, but not FINACK was received?
14:49:44 <Midjak> I tried pkg delete . it doesn't work
14:52:36 <CrtxReavr> pkg works with package names, not directory names.
14:58:46 <Midjak> Do you answer le CrtxReavr ?
14:58:51 <Midjak> me*
14:59:36 <Midjak> I tried with package name, it didn't find it
15:01:41 <CrtxReavr> For deleting it works with package version names.
15:02:10 <Midjak> I tried to remove /usr/local/include/at-spi2-atk (it was the emplacement of the conflict) but I still get the message despite of it doesn't exist
15:02:33 <Midjak> ok with the full name with the version thanks
15:02:36 <debdrup> The conflict is from the ports Makefile.
15:03:43 <CrtxReavr> Midjak, don't manually mess with files in your ports/package managed prefix. . . which is /usr/local/ by default.
15:04:04 <Schamschula> Midjak: I ran into that yesterday. it tells you  which package is in conflict. Do pkg delete for that package. Actually there are two packages that you'll have to delete.
15:04:09 <CrtxReavr> Learn to make use of the tools to manage them.
15:05:54 <Midjak> CrtxReavr, I am learning...
15:06:33 <CrtxReavr> I get it. . .  we've all been there.
15:07:04 <CrtxReavr> No one knows everything - we're all still learning.
15:08:07 <Midjak> Schamschula, thanks Schamschula  I have removed accessibility/atk and accessibility/at-spi2-atk
15:09:04 <Midjak> but as the pkg delete  on the package name didn't work I have tried manually. I didn't know I have to specifiy the version. Now I know.
15:09:06 * debdrup mostly remembers where to find things.
15:09:29 <debdrup> Midjak: normally you don't have to specify the version, just the exact package name
15:09:59 <debdrup> You can use -x to have regex matching on most pkg subcommands, including pkg-remove.
15:10:08 <Midjak> ah I get it
15:10:25 <debdrup> The format is explained in re_format(7)
15:10:38 <Midjak> I tried onaccessibility/at-spi2-core  and not on  accessibility/at-spi2-atk
15:10:48 * debdrup nods
15:10:52 <debdrup> Yeah that'll do it.
15:11:19 <debdrup> Eventually you'll learn to spot those things from the output of pkg, but it takes a little while to get used to it
15:11:28 <Midjak> now it works...
15:12:06 <debdrup> If you want to make things easier on yourself in case it happens again, make a note about it in a file. :)
15:12:32 <Midjak> in this case the names were very similar, and I tend to read too fast...
15:16:11 <Midjak> yes I hesitate to do it.   But you still have to identify a problem that you have already had
15:17:04 <Midjak> (in order to find the note)
15:22:43 <Midjak> I am working on something I could use to maintains documentation I have taken . I have a bunch spread out several machine and applications. I tried a lot of thing. Zim is the best but I think develpping something which fits better with my expectations
15:25:59 <Midjak> a weird thing: firefox stopped working after the conflict, but its update had not yet taken place.
15:28:29 <Midjak> opening a new tab. reading what at-spi2 is, it. make sense
15:29:09 <Midjak> it makes sense
16:11:07 <angry_vincent> dumbbell: what is driving me mad is sporadic hangs with i915. i thas not been resolved/identified. on CURRENT it is little bit better, but they happen till out of nowhere. what i have been told i sthat my chip is old, so deal with it. this is massively pissing off. in reality, it is quite hard to debug, due to fact, no logs, dumps are saved. i believe such issue reported many times
19:05:37 <antranigv> Say I have a range of IPs `127.0.0.1, 127.0.0.2, ....., 127.0.0.100`. How would you find an available IP address in that range?
19:06:49 <otis> ping in a loop? nmap -sP ?
19:08:58 <nimaje> what means 'available' here? what do you "know" beside that range and what can you do? are you writing a dhcp server?
19:11:04 <debdrup> antranigv: you're not supposed to use localhost that way
19:11:20 <antranigv> debdrup I mean... unless nonVNET jails :))
19:11:27 <debdrup> dedicating an entire /8 to localhost was the worst mistake in all address allocations
19:11:28 <antranigv> otis oh no, this is just a string
19:11:36 <debdrup> ipv6 fixed it by doing only a single loopback address
19:11:42 <debdrup> antranigv: make them vnet jails
19:12:17 <antranigv> debdrup should I default to VNET jails?
19:12:20 <debdrup> yes
19:12:28 <debdrup> there's no reason to use non-vnet jails
19:12:30 <antranigv> hmm, sounds promising. okaaaay
19:12:47 <antranigv> debdrup well, the ONLY reason I found is stupid cloud providers who have network limitations
19:13:02 <debdrup> antranigv: put ipfw or pf on the jail host and have it do NAT
19:13:22 <debdrup> with the right OIDs in sysctl(8) you can even make it so the NAT doesn't decrement TTLs
19:13:30 <nimaje> wait, those 127.* ips weren't just weirdly choosen examples?
19:14:28 <antranigv> nimaje nope, not at all :D
19:14:36 <debdrup> nimaje: there's a long-standing (and bad!) practice of using loopback addresses for interface aliased jail addressed.
19:14:47 <antranigv> debdrup well, I will default to VNET :)
19:16:35 <debdrup> Blah, I can't remember the OID to prevent TTL decremation :
19:16:37 <debdrup> :/
19:22:35 <debdrup> antranigv: I don't accept PMs from random people, so I can't see what you wrote.
19:23:17 <antranigv> debdrup no worries <3 I was gonna ask you to test my jail orchestrator, specifically to check the defaults. I used to default to VNET, I changed to none, but I think VNET would be better indeed
19:23:43 <debdrup> I can't promise I have the energy for it :/
19:23:54 <antranigv> debdrup also, I default to ZFS and we don't support UFS at all. I was gonna ask you if you see any reason to support UFS.
19:24:00 <antranigv> debdrup understandable <3
19:24:40 <debdrup> antranigv: supporting UFS would be desirable since UFS is still being actively developed on FreeBSD, but if you're making use of ZFS-exclusive features, it's harder.
19:25:06 <debdrup> Newest thing in UFS is reworking it so that soft-updates and journaled filesystems can use UFS snapshots.
19:25:17 <debdrup> That's.. a few months old?
19:26:22 <antranigv> debdrup yeah, we use snapshots a lot, for clones and send/recv
19:26:39 <antranigv> I would love to support UFS too, but that changes Jailer's whole... I wanna say architecture?
19:27:29 <debdrup> You'd need to abstract the snapshotting part so that it can work with either UFS or ZFS, and you'd need the newest change to UFS (that I mentioned above) for it to work.
19:27:51 <debdrup> And UFS snapshots aren't atomic or quick.
19:28:01 <debdrup> So I'd say that's a reasonable argument for not supporting UFS.
19:28:30 <debdrup> I can see it being added in a later version, if your tool gets a lot of use from people who want it on UFS too.
19:29:21 <otis> antranigv: ah, that's what you meant. so yes, then switch to VNET jails.
19:42:57 <mason> antranigv: Reason to support ZFS: It's probably fairly common to see FreeBSD jail hosts as VMs, in which case UFS makes a lot of sense there. They'll have the ZFS on the outside, not inside, in that case.
19:51:48 <antranigv> mason my philosophy is: DIE VMs DIE
19:57:08 <mason> antranigv: I'm wholly behind that stance.
20:04:42 <debdrup> And if I have to have a VM, it goes in a jail. :P
20:11:41 <ngortheone> what if VM is not guilty? :)
20:15:55 <mason> ngortheone: https://invidious.snopyta.org/watch?v=cBc3kAWlfOQ
20:15:56 <VimDiesel> Title: TNG Kill all the Lawyers - Invidious
20:16:57 <ngortheone> lol :)
20:17:16 <ngortheone> guilty until proven otherwise is true about most software
20:23:07 <antranigv> Okay, but I still need a script to get an empty IP in a list :D maybe I should just write an AWK
20:23:53 <debdrup> an awk seems like an excellent solution to that problem, as long as it doesn't involve parrot-bothering
20:24:03 <antranigv> fingers crossed
20:32:50 <nimaje> so you have a set of valid identifiers and a set of used identifiers and have to choose one element from the diffrence?
21:16:30 <antranigv> seq 1 255 | grep -Ev '42' | awk '{getline nx} {if ($0+1 != nx) {print $0+1; exit}}'
21:40:54 <rtyler> I'm hoping for some pf advice on how to NAT into some jails on a network (bridge0-based vnet jails) and structure the host pf such that those hoses can route to the default route and the public internet, but nothing else on the host's LAN
22:05:57 <antranigv> rtyler I got lost :( where you wanna do what?
22:08:59 <rtyler> HostA does NAT into JailZ, I want to prevent JailZ from accessing anything on the LAN that HostA sits on
22:09:58 <antranigv> rtyler JailZ is on HostA?
22:10:03 <rtyler> correct
22:10:43 <antranigv> rtyler only the LAN of HostA, or the rest as well?
22:11:17 <rtyler> I'm hoping to restrict just access to tthe LAN HostA is on, but still allow routing out to the public internet
22:13:59 <antranigv> rtyler nat on $ext_if inet from $jailZ_addr to ! $ext_if:network -> ($ext_if)
22:14:13 <antranigv> that SHOULD do it
22:14:19 <antranigv> lemme test
22:14:31 * rtyler tries it out too
22:16:42 <rtyler> that does look like it works, let me do some more testing
22:21:33 <antranigv> rtyler yup, all works fine
22:21:45 <antranigv> rtyler trying pinging hostA's gateway
22:21:52 <rtyler> antranigv: thanks for the help! that works quite well
22:22:20 <rtyler> from within JailZ I can ping the bridge network, which is what I Would expect
22:22:21 <antranigv> rtyler anytime :) and how do you manage jails? plain jail.conf or any specific tool?
22:22:59 <antranigv> rtyler yes, that has nothing to do with NAT, if you want to restrict that too, that's also very easy
22:23:24 <rtyler> vanilla vnet jails in jail.conf inspired by meena's doc: nat on $ext_if inet from $jailZ_addr to ! $ext_if:network -> ($ext_if)
22:23:46 <rtyler> antranigv: how would you restrict JailZ from hitting other specific hosts? I'm asking mostly so I can include that in the blog post I should write now that I'm making progress here :P
22:24:05 <antranigv> rtyler hey meena 's doc is a copy if mine! yey!
22:24:16 <rtyler> hah
22:24:48 <antranigv> rtyler it would be easer to do the opposite. block everything by default, except hostB..C
22:25:24 <antranigv> rtyler do you want JailZ to reach JailX that is also attached to bridge0?
22:25:59 <antranigv> rtyler would you be open in testing my Jail orchestrator? it's basically a jail.conf.d wrapper.
22:26:05 <rtyler> only in a few cases where I have an application that needs to reach the postgresql jail (for example), otherwise I am intending to have each vnet jail effectively isolated
22:26:21 <antranigv> rtyler oh I have code for that. one sec
22:27:03 <rtyler> antranigv: something that's not ezjail, pot, or other? :D
22:27:19 <antranigv> rtyler none of the above. yes.
22:28:05 <rtyler> heh, hit me with a link, I've got a secondary machine here where I might be able to test it, this NAS/primary machine I don't want to fiddle with too much
22:28:06 <meena> rtyler: my secret is that i let other people do the work, and just make small strings between many big dots
22:28:29 <meena> for example: someone wrote a patch for me: https://reviews.freebsd.org/D38898
22:28:30 <VimDiesel> Title: ⚙ D38898 virtio_random: pipeline fetching the data... This hides latencies that reach 500us, where otherwise we are busy looping...
22:28:55 <antranigv> rtyler yeah indeed, my software is still beta.
22:28:57 <meena> for a debugging job that took only 2 - 5 days :P
22:29:04 <antranigv> lemme get this firewall first
22:40:54 * rtyler departs for the afternoon o/.
22:43:59 <f451> if a port needs kern.elf64.allow_wx=1 to function, would it be considered a "bug" with the port?
22:55:48 <antranigv> hey rtyler , you need these lines
22:56:56 <meena> f451: yes
22:57:24 <meena> f451: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268363
22:57:26 <VimDiesel> Title: 268363 – www/node16+: needs wxneeded
22:59:11 <f451> meena: ty
22:59:34 <f451> i had half a day going mad getting it to work lol
23:00:25 <antranigv> rtyler I'll do line by line (except the nat thing). 1: block in all ; this will block everything; 2: pass  in on bridge0 from any to bridge0:0 keep state ; this will allows the jails to reach bridge0 itself; 3: pass  in on bridge0 from any to ! bridge0:network ; this will allow the jails to reach everything EXCEPT the bridge0 network ; 4: pass out on bridge0 from $j0 to $j1 keep state ; this will allow j0 to reaching j1
23:00:53 <antranigv> rtyler btw, j1 can't reach j0 by itself. j0 has to initiate the connection :) so your j1 is the DB in this story.
23:08:28 <f451> meena: this would also cause devel/electron22 build to fail, i guess
23:08:57 <meena> f451: same reason: blame electron
23:09:01 <meena> v8
23:09:04 <meena> i mean, v8
23:09:21 <f451> ok ty
23:14:20 <dch> nfs giving me grief
23:20:13 <dch> https://gist.github.com/dch/72875fa31e57e31f0eaa6b59137f5088#file-exports-md
23:20:14 <VimDiesel> Title: exports.md · GitHub
23:20:46 <dch> can I do nfsv4 exports with different roots? i.e. both /usr/* and /var/www/freeside there?
23:21:24 <debdrup> dch: I think youu need to do "V4: /" on the first line
23:21:50 <antranigv> how does -sec=sys work btw?
23:22:00 <debdrup> but if they're zfs datasets, you can use the sharenfs property mentioned in zfsprops(7)
23:22:24 <dch> debdrup: its is zfs but I struggled with that in the past, so this was keeping things simple
23:22:33 <debdrup> fair
23:22:47 <dch> does having `V4: /` expose the other filesystems somehow?
23:22:48 <debdrup> i didn't have problems with it for what little that's worth
23:23:01 <debdrup> dch: no, it just tells nfsd which paths should be exposed as v4
23:23:08 <debdrup> err, not exposed
23:23:12 <debdrup> should be mountable as v4
23:24:00 <debdrup> try (d)truss'ing a manual mount of a share that works as opposed to one that doesn't
23:24:20 <debdrup> see where it fails
23:25:09 <debdrup> also, is it intentional that in the manual mount(8) command you're using the wintermule hostname, but in your fstab you're using straylight?
23:27:14 <dch> i should fix the gist
23:27:20 <dch> too much copy pasta
23:27:34 <debdrup> meena: i'm not sure something needing to do write AND execute as opposed to the default write XOR execute counts as a code
23:27:40 <debdrup> s/code$/bug/
23:28:06 <dch> I have both straylight and wintermute doing exports
23:28:12 <meena> debdrup: yeah, but it's called bugzilla, so,
23:28:13 <dch> but wintermute has the phat www dir
23:28:47 <dch> and straylight has the arm64 src & obj
23:29:38 <debdrup> dch: like i said, (d)truss
23:44:30 <dch> debdrup: oh there are 2 issues
23:44:43 <dch> 1. the exports, I think your suggestion to change the V4 / will fix that
23:44:45 <dch> and 2
23:45:13 <dch> 2. the manual mount works, but the same syntax in /etc/fstab fails