00:02:44 rtyler: he might be asleep (4am) 00:05:06 * rtyler emails some coffee 00:45:12 rtyler: Oh, interesting. Surprising it's not six. 00:45:26 There's tradition to be observed. Multiples of six are canoniacl. 00:45:29 canonical too 04:19:07 any checklist for hardened freebsd? I want harden my freebsd but still usable for daily. I'm student 04:19:53 al1r4d: https://wiki.freebsd.org/CategorySecurity 04:19:54 Title: CategorySecurity - FreeBSD Wiki 04:20:06 Thank you, mason 04:20:25 The handbook will have stuff too. Looking. 04:20:38 al1r4d: https://docs.freebsd.org/en/books/handbook/security/ 04:20:39 Title: Chapter 15. Security | FreeBSD Documentation Portal 04:21:02 The handbook is generally going to be useful: https://docs.freebsd.org/en/books/handbook/ 04:21:03 Title: FreeBSD Handbook | FreeBSD Documentation Portal 04:21:14 :)) thank you very much 04:21:25 Sure! Enjoy. 04:22:40 mason: did you hardened your freebsd? 04:23:40 al1r4d: Out of the box defaults, and I make sure to install devcpu-data. 04:24:28 I choose a couple security options during install usually, and I use full-disk encryption as well, I guess, so not all completely vanilla, but close. 04:44:51 al1r4d: also check out https://hardenedbsd.org/ - a downstream FreeBSD project paranoidally focused on security 04:44:52 Title: HardenedBSD 04:45:34 al1r4d: start with what you're hardening *against* and what you're trying to protect 04:45:45 it depends mostly on context... 04:45:50 a server in a colo. 04:46:03 laptop at home or traveling across the globe. 04:46:09 dont approach security like a checklist 04:46:19 start wiht threat modeling 04:46:37 and al1r4d aint here! 04:48:26 oh well 04:50:11 checklist approaches to security are a problem.. 04:50:14 oh rip 04:50:25 forgot i turned off join/leave messages lol 04:50:31 gman999: absolutely 04:50:31 and turn into non-technical ppl promoting them as cure-alls 04:50:56 i mean what i do with a tor relay is very different from my laptop 04:51:06 but preaching to the choir prob.. 04:51:46 and i just watched gnn@ at asiabsdon in 2019 who made some related points. 04:53:52 gma999: all true 04:53:59 gman999* 04:54:25 so i did a workshop years ago around privacy tech stuff.. "please stop teaching tools" 04:54:38 it was the ugly example of checklists and workshops 04:55:03 checklists are good to find out where defaults lack. FBSD notably has not the best defaults when it comes to security 04:55:04 ie, stop telling targeted communities what to use without knowing their thread model 04:55:19 well... again it depends 04:55:26 i mean random_ip_id... 04:55:44 yeah, some low-hanging fruit that is a no-brainer really to enable 04:55:48 maybe doesnt play nice wiht nfs but necessary in other contexts 04:56:03 there is usually a reason that knob wasn't turned 04:56:21 i mean, syslogd not listening is low-hanging IMHO 04:56:46 legacy/stuborness/laziness/dogma 04:57:00 hard to say.... specifics matter i think 04:57:05 all the good reasons not to update defaults - some shit app somewhere will break!! omg 04:57:15 so so true 04:57:36 trains will stop running. my fridge will attack the cat. 04:57:38 yes. 04:57:56 ngortheone: god forbid we have to check up on the stuff we skimped on in the beginning 04:58:09 Are there checklists? I figured pointing the fellow to the handbook would give him stuff to think about. 04:58:29 idk.. someone dumped some ^ including from handbook 04:58:31 right? 04:58:42 carets? 04:58:46 a bit opinionated article, but has some good points on defaults 04:58:47 https://vez.mrsk.me/freebsd-defaults.html 04:58:48 Title: FreeBSD - a lesson in poor defaults 04:58:55 Oh, the hardenedbsd thing? I don't know what they offer up. 04:59:21 so again.. it depends. 04:59:46 i hear the various linux arguments on 'normal defaults' then mitigation.. 04:59:53 and i sort of laugh.. 05:00:05 totally diff approach on some level 05:00:23 "running out of X limits? make it unlimited!" 05:00:25 an author is openbsd funboi obviosly, so take it all with a grain of salt, but there are good points on some defaults. 05:01:26 X is really a one big snooping device. if you run a browser that runs javascript from random websites - X is not a good thing. 05:02:09 +1 ngortheone 05:02:39 intersting from that url ^.. blacklistd/blocklistd (now) isn't ported to openbsd. 05:02:40 wayland is much better in that respect - to gman999 's point - security for the modern desktop where 99% of the code we run on our desktops comes from internet written by js monkeys 05:03:19 i haven't tinkered with wayland at all yet 05:03:30 so how to harden in that case? a) run wayland b) if you can'd do a - run browser in a jail with a separate X server 05:03:40 sway runs great on my box since 2018 05:03:54 if you like i3 - it is a painless switch for the most part 05:04:12 well, give me jails over any of the standard virtualization options.. by far. 05:04:31 but the sandbox/jail/qubes approach is often done poorly and worse 05:04:34 IMHO 05:04:54 i ran jails in prod for a long time but dont now 05:05:05 and im a fan of how small and clean they can be. 05:05:21 but thrwoing more code at problems isn't a solution in itslef.. and often a danger 05:05:33 yes, the whole UNIX approach start falling apart when you try to jail GUI apps. Lots of ductape is required to make it work. This is where people who konw things remember that there was Plan9 with much better ideas... 05:05:52 :) 05:06:01 so this is funny from that url ^ 05:06:03 I don't know anything about IPFilter, nor do I know anyone that uses it, so we'll pretend it doesn't exist. 05:06:13 it's been *that* long? 05:06:42 FBSD has 3 firewalls IPFilter being the least popular option, but it is still aroun 05:07:08 yup.. i remember when that whole riot happened at a usenix? 05:07:21 darren reed was the ipf dev? 05:07:23 idr... 05:07:33 and pf was born in response 05:07:43 I run IPFW and I am happy with my life 05:07:51 not looking at other firewalls 05:08:22 there are advantages of running pf or ipfw in contexts.. 05:08:29 i dont run ipfw anywhere any more 05:08:34 barely ever did 05:08:39 i went ipf to pf mostly 05:08:56 lots of people are happy with pf too 05:09:05 there must be something to it 05:09:57 idk anymore.. i used to care to compare, now dont have the time or drive to 05:10:55 yup, both options work for the majority of typical usecases. Just use whatever your fingers remember to type and save time for better things 05:12:53 kde plasma wayland session is being worked on by some desktop folks, so that is coming... all who use KDE will get wayland for free at some point 05:13:25 i.e. kde wayland works on linux already, but not yet on FreeBSD 05:13:59 kde! too heavy! 05:14:08 well, then try sway 05:14:56 oh, i'm happy with xfce or cwm 05:15:02 it is the leanest WM on wayland, maybe except labwc - an openbox inspired wm 05:15:03 https://github.com/labwc/labwc 05:15:04 Title: GitHub - labwc/labwc: A Wayland window-stacking compositor 05:16:14 then wayland is not coming your way soon :P 07:30:06 is there a distinct name to the FreeBSD init system? context: if I want to have folders for multiple init systems to hold example scripts, like "systemd", "openrc", what name should I choose for the FreeBSD init system? 07:34:21 Grabunhold: it's just rc as far as I am aware, perhaps just "bsd-rc" or something like that would be sufficient. 07:36:06 rtyler: okay, thanks! 07:39:49 of course, there are no systemd. and with some effort it maybe possible to use OpenRC 07:42:36 Grabunhold: multiple init systems sounds like a bad headache 07:42:51 just use the one with the system or use a different system 07:47:03 rtyler: angry_vincent: i've written a FreeBSD init script for a package (not owned by me) that already supports systemd, openrc (and solaris SMF for that matter). i just want to upstream my script. 07:47:34 and the way to do that is to create a folder to place the script under, because that's what the other systems have 07:47:40 and that folder needs a name :) 07:47:48 no need for any init system wars 08:27:49 ngortheone: "French words are hard to spell" — 28% of English vocabulary is French 08:28:14 imagine what poudriere would be pronounced today, if it had been imported 1000 years ago 08:29:23 "pudry"? 08:30:40 There was a discussion about this a few years ago, that IIRC ended with "poo dryer" and "powdery air" camps. 08:31:16 lol 08:31:54 i like the former 08:33:08 I would go with: highfalutin jailed port maker 08:34:00 or hfjpm, "hypm" 08:34:13 "f" is silent 09:50:21 do we have anybody using gitea on FreeBSD here? I have Questions 09:50:41 poodryer FTW 09:50:55 probably yak poo 09:59:19 If I'm right lattera is using it 10:08:35 cool 10:08:50 I need a hand to work out what the startup message for forgejo should be, and how to migrate across 10:22:53 dch we do 10:23:50 dch So is Forgejo basically the same as Gitea? 10:24:03 exactly the same only still FLOSS not FLOSS-- 10:24:27 https://www.adamsdesk.com/posts/fork-gitea-to-forgejo/ 10:24:28 Title: Codeberg Forks Gitea to Forgejo | Adamsdesk 10:24:46 gitea surreptitiously registered a trademark, transferred the assets, and became a company 10:29:09 Isn't that a good thing? that means it's becoming... self-sustained? 10:52:35 https://github.com/ergochat/ergo/pull/2056 bsd-rc it is :) 10:52:35 Title: Add bsd-rc init script to distrib by avollmerhaus · Pull Request #2056 · ergochat/ergo · GitHub 10:52:59 antranigv: the key bit was "surreptitious" if this had been discussed up front, maybe 10:53:08 its a FLOSS rug-pull 10:53:24 Grabunhold: ooh yeah hella port when will it land? 10:53:38 ooh its already there 10:53:41 dch: there already is a port, it's just missing the init script 10:54:34 Grabunhold: will you PR the rc.d file too? I'll install it ASAP :D 10:55:00 i'm not the port maintainer, but i was hoping they might pick up on the upstream init script. if not, i might try and add it to the port as well 10:55:18 you can just fwd the PR to yuri I am sure he will grab it willingly 10:56:29 Grabunhold: we just need gamja or kiwi web front ends in ports 10:58:08 i'm in the process of migrating my linux + ngircd based small private irc server to FreeBSD + Jail + Ergo. not all done but close, so far it's been a fun project and i'm very satisfied with the results so far :) 10:58:53 web front end might be in the books later on, i still need to port quassel and my bot and quote db over (and write ansible for all that config) 10:59:33 i'm also porting the virtual machines that run on said server from linux + libvirt/kvm to FreeBSD + bhyve 11:01:07 (eh, quassel as in quassel the irc client) 11:02:32 (and since we're talking server, i'm talking about just the quassel core. fortunately there already is a ready-made pkg just for the core without all the gui deps of the frontend!) 11:10:36 dch: thanks, i'll drop yuri⊙Fo an email :) 12:05:36 hello folks. Thenhandbook is inbelivable… I just read the security page. Whaou… May be read a handbook page every day could make the kenel panic away :-) 12:17:05 sadly, fixing panics is a bit more involved that that :( 12:17:13 than too 12:22:52 yuripv: sure, I was just joking :-) 12:43:36 can DNS just, like, work? 12:43:41 * domlaut sighs 12:45:11 for whatever reason OVH is refusing to add a nameserver saying it's not configured for the domain, `dig domain @nameserver` responds as expected 12:46:25 DigitalOcean lets me add a zone to their nameserver thingy no matter if it's actually the NS server for that zone or not 12:46:37 well, yeah, for a start I'd like OVH not to do any validations 12:46:48 it takes 5+ minutes and then 5 more to roll back if it fails 12:46:54 it's very annoying. 12:48:14 on a positive note, massive shoutout to nsd(8) that is just absolutely fantastic to work with 12:48:15 domlaut: OVH IS annoying. 12:48:50 I don't have a better EU-based alternative :( 12:49:10 i stopped using OVH when i needed their recovery remote KVM thing and had to try and recover a bootloader problem with my physical keyboard in german, the ovh KVM thing set to french layout and the bootloader and BIOS of the remote system using a US layout. that, plus a very hefty delay. in the end, i gave up. 12:49:43 yeah, server-wise I'm with Hetzner 12:49:52 next to useless, and they have the nerve to charge hefty prices for that thing 12:49:54 have been since 2018, rock frickin' solid. 12:50:09 servermania is ok, although they charge you for two months if you cancel within the first month 12:50:15 Lovis_IX: but one can hope, right 12:50:31 i've been lucky with the KVM incident though, a few month after i moved because of that they had their big datacenter fire 12:50:47 but then for domains I figured maybe have that somewhere else, just so it's not all with one provider. and OVH generally has cheaper domains (and does tax correctly for businesses) 12:51:40 maybe using OVH's API can skip NS validation... hm. I'll write an email to support either way to check if it can be disabled, cause otherwise I'm happy with them for domain hosting 12:51:50 and getting audit emails re: changes - I really like that 12:52:11 something Cloudflare and Google Domains don't do, AFAIK 12:54:12 domlaut: there is scaleway (based on France), or hetxner (based on Germany, which I use). For DNS only there is Gandi, BookMyName and sure there is may other. 12:54:50 Lovis_IX: I use Hetzner as well - just not for domains. I thought Scaleway was OVH too, just a subbrand 12:55:14 Gandi looks like a cool service, but they're *always* the most expensive one 12:55:35 difficult to justify for non-profit work which is currently where I'm at 12:55:52 I do know they fund a bunch of OSS so I do use Gandi when I'm working with corp funding :-) 12:57:01 domlaut: no scaleway is not a subbrand of OVH, but a subbrand of online which have Free dans free mobile as other subbrand. 12:57:36 ah, right, online 12:57:50 ok that's something to investigate then 12:57:51 thanks! 12:58:16 domlaut: you're welcome. 13:29:53 anyone here has knowledge about testing? I'm trying to write a tests, but no idea if my methodology is correct :D 13:39:01 antranigv, the best I found is https://www.youtube.com/watch?v=RYtwx7Jj8aE 13:39:02 Title: Automated firewall testing - YouTube 14:05:40 * bsdbandit loves freebsd and unix 14:26:15 any relation to the hamburgler 14:35:15 antranigv, I think it depends on what you're testing. 14:35:50 I've worked for NAS development & testing engineers and saw a lot of their methodologies. 14:36:13 I've also had a job where I wrote automated tests for a suite of RESTful APIs. 14:36:27 Testing those was essentially CRUD routines. 14:51:54 pretty sure this is a quick question ... TIA but /etc/etcupdate.conf are these values boolean ? e.g. FREEBSD_ID=1 or FREEBSD_ID=TRUE, FREEBSD_ID=YES, FREEBSD_ID=ON ? 14:52:54 there seems to be no example conf that i have seen in a search or something with a good description of what each var should be set to 14:53:24 not that ive seen anyway unless someone could point me to it 14:54:22 so I had to add two lines to /etc/rc.conf re: ipv6, then executed /etc/rc.d/netif restart vtnet0 to apply. this causes dhclient to exit with "My address () was deleted, dhclient exiting" and lose ipv4 connectivity. what's the proper way to do this? 15:00:32 domlaut[m], when restarting netif, I generally do it like this: service netif restart && service routing restart & 15:00:43 Well. .. if I'm shelled in and not local. 15:01:37 Host will lose its routes, so generally routing needs to be re-run as well. 15:01:59 The && will normally make sure both commands are run, even if your connection in drops. 15:05:20 command before && executes normally return(0) then second command will execute 15:05:55 ; ensures every command runs 15:09:04 as long as they are typed correctly ;) 15:44:41 antranigv: https://freebsdfoundation.org/wp-content/uploads/2019/05/The-Automated-Testing-Framework.pdf 15:45:09 good article by kp about ATF and kyua, explains in lay terms how to get started with testing 15:45:39 why isnt firefox just working after installing it? 15:46:01 meka: sorry, didn't get the context about french words, sorry. What was it about? 15:46:03 At one point you had to manually enable hald and dbus to get firefox working 15:46:39 check. 15:46:39 firefox works nicely without dbus or anything else on my box, just install and run 15:47:00 run it from the console and see if it complains on something 15:47:12 getting some sort of could not determine network status bs... 15:47:23 well. I continue using chromium then 15:47:37 ngortheone: yea, it complains.... 15:50:06 * ngortheone never encountered that error 15:54:08 ngortheone, french words? 15:54:59 meka: oops, sorry, it was meena, not you. Need to wipe my glasses and get a cup of coffee 15:55:10 hehehe, no worries :o) 16:02:31 CrtxReavr: heh, that keeps dhclient alive, but it looses the route :-) 16:02:51 I'll have to comb through the docs for this one I reckon 16:03:33 although service routing restart did fix my ipv6 connectivity so that's great 16:04:13 script something to re-add the default v4 route? 16:05:17 CmdLnKid, you can always script it if you don't trust your typing., 16:05:26 just a && /etc/rc.d/dhclient restart vtnet0 at the end will do 16:05:34 for the time being 16:06:26 Which shoudl be the same as typing 'service dhclient restart vtnet0' 16:06:33 that or more likely I just disable DHCP given it's a server 16:06:46 if my public IP changes I have bigger issues than having to KVM 16:07:28 I remember when they added that service script and I griped about. . . "What are we, a linux distro now?" 16:07:38 :-) 16:08:08 Though. . . it was written by Doug Barton, whom I knew and really trusted his work. . . eventually embraced it. 16:08:56 dougb@ actaully coached me a lot when I started getting heavy into shell scripting. 16:20:59 ngortheone: re https://vez.mrsk.me/freebsd-defaults.html that sentence is from that article 16:21:00 Title: FreeBSD - a lesson in poor defaults 16:24:41 meena: well, I personally find french words both hard read/write and say, so don't disagree in principle, but it is completely irrelevant to the article, so I think the author overstepped the boundary a bit 16:24:49 how do other BSDs, that auto-encrypt swap, deal with crashdumps? 16:32:36 not to mention that english spelling is so logical and coherent by comparison 16:54:51 there are some valid points in the piece IMHO 16:55:02 but some is not.. 16:55:25 there are dev decisions made that are thought out that the author clearly isnt weighing or even aware of. 16:55:30 more importantly... 16:55:38 the bsds are a small island in a very big sea. 16:55:59 the last thing we should be doing is focus on negative nasty critiques of other bsd projects 16:56:30 basically, a lot of it is: a promise of stable supportedness needs to make some terrible tradeoffs and how dare they choose these ones 16:56:34 the very resistant to change is something i've been discouraged by, even as a committer 16:57:49 oh, i woudn't argue against that vishwin at all 16:57:54 and it applies to all of us 16:58:03 yeah, it's all a dance 16:58:07 "engineering" (quotes required because legal term) is literally tradeoff management 16:58:09 but the pissing game between projects means we all lose 16:58:16 ha.. +1 vishwin 16:58:32 and security is risk management 16:58:41 yes... mitigation only. 16:58:48 same with privacy technologies... etc. 16:59:32 I think the author means well: I used to know him. 16:59:39 maybe. 16:59:42 He actually got me into sending patches to all BSDs 16:59:50 but it came off very wrong. 17:00:14 crtxreavr, np im posix compliant advandced scripter... haws gained me much. 17:00:14 that's cool..... there are some ppl i dearly respect and know persoanlly in bsd land who do things that i'm not fond of 17:00:17 to put it lightly 17:00:56 hasnt 17:01:08 * xtile nods 17:01:44 the very ironic part with each bsd... 17:01:54 if you have to port something, pkg, driver.. 17:02:04 and you have nothing to start with.. . 17:02:08 where do you go? 17:02:15 if another bsd has it.. you start there 17:02:33 we need to focus on the common denominators not to be hippies 17:02:38 but because we dont have a f'g choice 17:04:58 what are you talking about? 17:05:03 there's nothign ironic about that 17:19:21 rtprio... article in backlog. 17:20:48 I wish the BSDs would join forces. . . would only benefit the users. 17:21:30 Net has too many people trying to keep archaic hardware alive that really has no practical use, and use and Open has too much. . . too much Theo. 17:22:29 well, i dont think it's about "join forces" 17:22:36 that horse left the barn a long time ago. 17:22:57 I use different BSDs for different purposes: it'd be a loss if there were fewer. 17:23:35 And my own experiences with Theo were very pleasant as he helped me prepare a patch. 17:23:44 I hear it's different for others, but that's my anecdote. 17:25:31 +1 xtile 17:26:20 man, reading -misc ensured i never wanted to deal with him 17:31:38 what changed my mind about Theo was attending one of his talks. His expertise, energy and passion really came out hearing him speak live (as opposed to what one may encounter on the mailing lists). I would encourage everyone to hear him give a talk, see how he interacts with the audience, responds to questions, etc before passing judgement. Just my two cents 17:34:13 I hear that. . . 17:34:49 . . . but. . . the BSD community, with the exception of one week a year, is a collection of online communities. 17:34:58 and of the BSDs, FreeBSD is small and all the rest put together are minuscule 17:35:04 That's the environment Theo needs to primarily operate in. 17:35:17 That's a fair comment 17:36:31 I mean. . . Linux Torvalds is on record, having said he never would have started hacking a kernel, if BSD wasn't under legal attack by Sun & Bell Labs. 17:36:49 And to everyone's surprise, David won that fight. 17:37:09 Who's David? I could do with learning some more of this history. 17:37:14 I deal primarily in linux, professionally, 'cause these days where I work, I don't have a choice. 17:37:37 I have heard very good things about peoples' interactions with Linus Torvalds 17:37:38 But you'll never convince me that FreeBSD is the more mature, more stable, better documented code base. 17:37:48 er - isn't the more mature. . . 17:38:04 Linux just has the FOSS momentum behind it. 17:38:25 And yet. . . three major BSD platfroms continue to exist. 17:38:48 I think they could take a bigger chunk together, than apart. 17:39:18 There are definitely some "community and interpersonal issues" but we all seem to manage. You can't tell me that Linux doesn't have those too ;) 17:39:31 systemd!!! 17:39:32 Oh, I know they do. 17:39:37 had to say it 17:39:56 Before I discovered FreeBSD, I spent my time "learning to appreciate it more." 17:39:58 CrtxReavr: not four? ;) 17:40:11 xtile, were you thinking Dragonfly? 17:40:25 Admittedly I've only use dfly once 17:40:28 but yeah 17:40:34 (If you say macOS, I'll cut you.) 17:40:41 dragonfly another personality rift based distro 17:40:47 Yeah, they're out there.. .. I've toyed with it a bit in the early days. 17:40:51 I'm in a bad situation where I have Nvidia video card, so I only can use FreeBSD functionally on my desktop 17:41:01 but FreeBSD's probably the best for desktop usage anyway, right now 17:41:08 But I also saw the other side of Dillon's temper trantrums that lead to it. 17:44:52 there are personalities everywhere. 17:44:57 that's part of life. 17:58:52 > that's the environment theo needs to primarily operate in 17:58:54 no. 17:59:16 openbsd has certain opinions and that's fine and ideal. 18:03:39 i wish that freebsd and openbsd pf's didn't diverge as much 18:07:13 well, I read the backlog article and I don't know wantt to think? Is it true? Is it just a troll? Can't make my own oppinion, I too new in FreBSD 18:07:55 Lovis_IX: Pay no heed. All the systems out there to choose from have really nice things about them and are worth using. 18:08:24 And it's only through trying them in depth that you'll develop opinions that might sway you one way or another in the end. 18:10:32 having used openbsd before ages ago, my recent experience moving to freebsd has been much more positive. i feel like it's better integrated, documented, and a better general purpose server 18:13:45 mason: thanks, I did not have much time to test all *BSD. So I will continue to ply=ay with my FreeBSD and lean how to use it. 18:14:14 Lovis_IX: You'll get the most out of any of them the more expert you become with any of them. 18:14:36 i'm moving all my stuff of linux to freebsd atm 18:14:41 loving it 18:17:58 mason: I don't want to be an expert. I'am old, I'm disabled, I did not work for real. All I want it to have fun. 18:18:22 Lovis_IX: It's fun being an expert. 18:21:19 mason: sure… As the president of Exodus Privacy I have a lot of fun and expertise. :-) 18:21:32 so just a cheap plug... but i have my laptop today running freebsd on an x230. i use stumpwm as a unix workstation with virtualbox for ubuntu/windoze. 18:21:33 I think FreeBSD's good for casual fun too 18:21:39 both in terms of games and in terms of programming 18:21:47 StumpWM! \o/ 18:22:11 I appreciate that FreeBSD comes with cc by default, among other things. 18:22:23 i just bought a t480. i booted usb to do a fast install to my t480, then booted usb to remove all the zfs filesystems. i did a zfs send/recv from my old laptop to the new, and after updating the bootfs flag, i rebooted and MY WHOLE SYSTEM MOVED HARDWARE 18:22:59 the t480 has the same OS, same packages, my same data, even the same snapshots from zfs-autosnap 18:23:29 neat 18:23:29 later today i'm going to shutdown my old laptop to single user mode, take a last snapshot, and do an incremental send to the new laptop. only changes will be copied, and it'll be current 18:23:41 hell, even virtualbox worked... out of the box ;] 18:34:01 i should get a new thinkpad, this x1 isn't holding up quite as well as i had hoped 18:34:11 supervisord, daemontools, something else? 18:36:32 (I need automatic restarting when whatever rc.d started with name_enable dies) 18:46:04 domlaut[m]: daemon(8) can do it 18:51:21 and then _user goes into the rc script instead of using daemon(8)'s -u, right? 18:57:37 then the question is what do I do about all the packaged stuff that I want to run and restart itself, but don't use daemon(8) in their rc scripts 19:00:38 mason: i'm stumpy! 19:01:04 I'm thinking if it'd be better to have something working alongside rc to deal with restarts, given that no other package that I have set up to start itself on boot with _enable does auto-restarting 19:30:40 aight, didn't find anything over at langille's, but I did find sysutils/fsc which seems like something I'm looking for 19:31:23 domlaut[m]: daemon(8) 19:31:44 I've moved to that from daemontools. 19:31:57 I also prefer it over superivisord now. 19:33:22 dvl: ok, but the way I understand daemon(8) is that has to be the command in a rc file 19:33:27 command=/usr/sbin/daemon 19:33:39 domlaut[m]: Why might that be an issue? 19:33:46 and then command_args to run the thing you want, -r -P yadda yadda 19:34:06 that doesn't help me with haproxy, for example, that packages it's own /usr/local/etc/rc.d/haproxy 19:35:08 There seems to be a requirement I have not read yet 19:36:07 ah, sorry, I'm on Matrix so I don't see when you joined. it might also be dropping messages? :-) 19:36:16 That's what Matrix does. 19:36:17 anyway, it (maybe) wouldn't be a problem for just my own stuff, but I also want to restart anything else that might happen to fail for whatever reason. my understanding is rc files aren't supposed to take care of restarts, so nobody writes them in that way 19:37:21 I think you're trying to find a way to restart existing applications automatically if they stop 19:37:44 but then if no other rc script takes care of restarting itself, maybe I want my rc scripts to behave the same/follow the same convention, in which case I need a tool that knows how to pick up rc conf, monitor what's enabled, and restart what I want 19:38:09 which seems like fsc is 19:38:55 mason: stop gap until I set up ZNC or whatever superseded it, if anything. been a while since I was active on IRC! 19:41:17 I just log in when I'm awake and /quit when I'm not 19:41:20 IRC is transient 19:43:01 My laptop goes to sleep when I'm away so that's a bit too transient :-) 19:43:35 Otherwise I agree. Missing messages is half the fun :-) 19:44:08 And then Matrix compensates by dropping some of my own! :-))) 19:47:12 it's a kind of jeopardy. Give domlaut[m] an answer but you don't know the question :-) 19:51:08 domlaut[m]: re daemon vs rc: ngortheone and i are trying to work something out: https://github.com/freebsd/meetings/pull/9 19:51:10 Title: supervision: new group by ngortheone · Pull Request #9 · freebsd/meetings · GitHub 19:56:32 heh 19:58:09 How do I determine what PCI device to share with a bhyve instance to make a physical USB device available to the VM? 20:00:02 ghoti: I don't think you can share individual devices. I think you need to share the controller. 20:00:06 That said, I could be confused. 20:00:29 ghoti: When last I'd looked at that, I'd decided to just get a separate USB controller for a guest. 20:00:34 But then I ended up not doing any of it. 20:00:34 mason: I'm basically asking "what do I share" 20:01:03 ghoti: You're talking about sharing a specific USB device, and I believe the answer is, at least with Bhyve, "you can't". 20:01:23 yes, I know that, but I have no other USB devices in this machine at the moment. 20:01:55 Oh! Then you should find your usb controller in pciconf -lv output 20:02:04 I'm trying to make a sonoff zigbee dongle (umodem0) available to HAOS. 20:02:10 ghoti: You're not using USB for a keyboard even? 20:03:07 Hmm, I guess I am, though "ideally" I won't have to. :) If a bhyve instance has access to the controller, does that make the controller inaccessible to the host? 20:03:20 yes 20:03:28 Dang. 20:04:36