voi kernel: pid 67592 (java), jid 1, uid 965, was killed: failed to reclaim memory

bah

thats's one i haven't see yet

doing a poudriere build and I ran out of memory and swap

unfortunately it killed a production service instead of, say, a compiler I didn't care about

could proctect(1) it, but be kind of nice to be able to invert that and mark processes as being first against the wall when resources are constrained

Freaky: if you don't memory constrain poudriere on a shared environment this is all kind of expected

anyone know any good tools for recovering files from trashed UFS filesystems?

Hi all

Hi.

hello yo9fah. :)

Thanks ... all...

My nvme is writing 7TB to 14TB in 24 hours. Reads are negligible. wriet speed in htop shows 200MiB/s on average. I couldn't have possible written that much TBs as the nvme is itself 1TB. Its 990 pro. Had a firmware problem. 200 -x 60 secs x  60 mins x 24 hrs / 1204 (get gb) = 16,875 GB =  16 Terabytes a day. So it looks like that the writes are

genuine? the OS is writing it. Bu twhere? my /tmp is in tmpfs. How can I be 100% sure and precise?

RhodiumToad: Depends on how trashed, I've recovered overwritten partitions using data I got with scan_ffs and using a lot of praying (read: cursing), smaller non-binary files with just with inspecting filesystem contents with strings utility and dd

RhodiumToad: is it "undelete" you're looking for, or something else?

sysutils/ffs2recover

I would only use it on an image that's been written to a separate disk using recoverdisk(1)

err, it's sysutils/ffs2recov

sysutils/sleuthkit might also be helpful, depending on what went wrong

oh right, there's also sysutils/magicrescue

meena: the issue is largely ALLOW_MAKE_JOBS_PACKAGES whacking up concurrency, do with being able to set those to build on their own

because they're long builds they tend to clump up

Anyone knows how to know "which files by path were most written in the last 10 minutes and how much in size in total per each file path"?

more info: pastebin.mozilla.org/0WCKDQkt

Title: Mozilla Community Pastebin/0WCKDQkt (Plain Code)

Letiute: sounds like something dtrace-toolkit might have a tool for

meena tried a lot but cant get exactly like this

debdrup: not looking for an undelete; I have a filesystem that has been clobbered by some amount of random garbage

the data is of low importance, so I don't want to spend hours pieceing it together, but getting my irc logs back would be nice

already imaged the fs to a file

thanks for the suggestions, I will investigate them as time permits

so anyone have a favorite lightweight acme/letsencrypt program?

certbot's a mess, i've been burned by it before.

i'd almost rather a client that can answer the http query with it's own temp webserver, i don't want unencrypted apache

acme.sh

I use it with dns-based challenge

(no webserver needed, which is good because i don't use it for webserver certs)

i saw one that got absorbed into openbsd. i think it was removed from ports

sounded good

alas

more servers should implement something like mod_md………

oh! oh! they recommend installing by curl | sh on the main page.

sounds like that's not an option

if they're that bone headed about security on their install doc, the innards are likely crap

the openbsd one was acme-client, I think; I used to use that one

who recommends that? acme.sh? there's a port for it

there's a portable listed on the acme implementations page, but i don't see it

the portable version of openbsd acme-client was discontinued

RhodiumToad: github.com/acmesh-official/acme.sh "how to install"

(I believe)

Title: GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol

curl|sh, an immediate red flag

or you can install from security/acme.sh

I think the notion is that the folks putting it together think curl | bash is Just Fine

s/notion/worry/

dvl: freshports.org/backend/news.php?flavor=new seems to give all new commits now, instead of previously giving new ports

Title: FreshPorts newsFreshPorts newssecurity/vuxml - 1.1_6misc/wthrr - 1.0.0security/vuxml - 1.1_6sysutils/javaservicewrapper - 3.5.53devel/maven - 3.8.8games/lander - 0.7.3games/sgt-puzzles - 20230313devel/osc - 1.0.1devel/py-sexpdata - 1.0.0cad/pcb-rnd - 3.0.6cad/librnd - 3.2.2_1devel/py-twilio - 7.17.0games/flightgear - 2020.3.18sysutils/cpu-x - 4.5.2security/tailscale - 1.38.2net/freerdp - 2.10.0devel/aws-c-http - (6 more messages)

is that intended, or shouuld i file a bug report?

Please report it.

mason: oh, I don't disagree, but at the same time, everyone involved in the conversation knows not to do that.

Say saying it for maximum clarity, for the record. :P

s/Say/Just/ because EINSUFFICIENTCOFFEE

Coffee IV?

It's probably the best answer.

The IV part got me thingking of system VI :-)

thorre: that was the joke I was going for :)

debdrup: we are showing our age :-)

When I went to the barber yesterday, I ended up asking to have my beard trimmed a bit because it's getting to the point that there's more white than dark brown.

I can relate to that ;-)

When I worked with SunOS 2.6 (before Solaris was a thing) I was clean shaven.

It was turning from unix beard into hobo beard, and while I'm sure that look can work on some, it's not for me.

It doesn't grow long enough to become a wizard beard, so I'd rather stick with the Richie classic of a unix beard but trimmed to look good.

I visit the barber every 4 - 6 weeks as well. The hobo look is hard to pull off in a professional environment. I worked with a person that had a beard all the way to his belly button for a few years but that is just to much work to maintain

Kernighan has the same trimmed unix beard going.

thorre: that's more of a wizard beard at that point, at least if it's well-kept.

For me, when the beard gets to a certain length it gets in the way of drinking beers and eating soup and at that point it needs to go.

Soup is an issue.

mason: yes, that's true.

thorre: for me that's mostly a case of the mustache needing a trim

I have a short upper mustasche with long "whiskers"

I think maybe the barber trimmed my mustache a bit too much for my liking this time, but it'll grow out so meh.

So Guinness is ok but soup is problematic

debdrup: My barber and I had a conversaiotn about the length of my moustace at one point in time. The conversation ended with the barber saying: "So we do want the upper lip overgrown in order for your mouth not to look like a cats ass".

Sometimes I get the impression that I have been visiting the same barber for a very long time and that our relationship may be a bit to personal.

But in essence the barber was right ;-)

Back OT

Do we know if FreeBSD has any representation or presence at KubeCon in Amstersdam? I would like to meet up if any of us are there.

thorre: well, if you're going then yes? :P

Where are the default make rules stored in freebsd

the manual says /usr/share/make/make.rules

ElectricJozin: it depends, what rules are you looking for

the default o: .c one

/usr/share/mk/ has the entirety of the make infrastructure in it

debdrup: I'll be in Amsterdam from the 16th ot the 22nd of April.

debdrup, Thats also a lot of files, where should I look?

ElectricJozin: you should use grep :3

(I don't remember, sorry)

The problem with grep is that I want to search for: "%.o: %.c" like a normal person

whats the equivalent bsd syntax

Is your favorite flavour of grep not in ports/packages?

I mean grep

I mean make

bruh

I havent used BSD makefiles before

whats the syntax for a rule that compiles c into object code

If I remembered, I'd tell you - which is why I'm telling you to go look for it.

After using neovim and telescope ff for a while if have grown fond of ripgrep

elastic_dog, .c.o: rule, and the magic target .SUFFIXES also plays a role

jilles: they left.

wait, apache with mod_md can renew it's own certs? why use an external tool?

yuppp

you still need to restart tho, but, yeah

AND mod_md is included in the default apache24!

Demosthenex: thanks to me ;)

only took two years or so

you rock

yeah I do. i just wish i was more consistent in my rocking :D

what's not yet in the default set, and what mod_md also supports is mod_tls

which is a TLS module implemented in Rust (and then compiled to C?)

it's implemented in C, but links to rustls: github.com/apache/httpd/tree/trunk/modules/tls

Title: httpd/modules/tls at trunk · apache/httpd · GitHub

freshports.org/search.php?query=rus…t=1&casesensitivity=caseinsensitive :(

Title: FreshPorts -- Search

I wonder how hard it would be to port it

how come executing a sh script with '. script arg1' does not have access to $1 but './script arg1' does?

jarebear6expepjo: you're sourcing it in the current context. arg1 is ignored.

Title: linux - What is the difference between executing a Bash script vs sourcing it? - Super User

ty

sourcing reads the code—it is like coping it into the outher script

the environment is shared this way

when executing it, the environment is not shared

ok in the past i recall executing script with ./script arg1 and within that script passing args to another script with . script arg1

when sourcing you cann call functions defined in the sourced script (like #include in C)

so im assuming it took on the parent env

when soourcing, I think, the environments are even merged

yeah works as expected

neat

hrm. so i may not be able to use mod_md. :P

my criteria are: my real HTTPS server is on a nonstandard port, so certbot and other acme won't use it. i can run a temporary service on 80 or 443, but insist it only be used for renewal and offline after. i don't want those ports open at all.

i know certbot has some temp server option, but i've been burned by it before. i'd prefer a tool that doesn't change daily

Are you able to use dns challenges?

jarebear6expepjo: i don't know why, but i keep trying to read your name as Cyrillic

angry_vincent: unfortunately not that i'm aware.

AndroidToad: sorry ^^

i think i'd rather spin up a temp server and stop it only for auth. i could script one in a jail and pf allow/deny

just added complexity

i just don't want an always on http/https server on the standard port. my nextcloud instance is on nonstandard for all 3 clients ;]

unsuccessfully? meena

Demosthenex: nginx with https-only reverse proxy with basic or digest auth, that way nobody can hammer the login portal

debdrup: is the port open?

Demosthenex: i think that's missing the point of what i wrote

is it? a closed port needs no auth.

a closed port needs you to interact with it some way, and at that point you're basically just reinventing port knocking which has shown to not work without TOTP

so you may as well do port knocking with TOTP

for acme auth?

that's all i want to do

open port, acme auth to get cert, close port

use dns based auth

i can't :P

can't, or wont?

jarebear6expepjo: yeah, very

debdrup: afraid.org dyndns.

to my knowledge, i can't add any record. and let's encrypt is already upset at afraid.org :P

vtfontcvt is the answer to the question I was about to ask that is the X to the Y that I meant to ask

(what format is /usr/share/vt/fonts/*.fnt, how do I convert from a pcf to that (feed the output of pcftobdf into vtfontcvt))

(context: i want to change my FreeBSD `vt` font to Terminus 22px, because 26px is 12pt on my laptop's screen (which is the height of the default VGA font on a 96px/in screen) and I wanted a slightly smaller terminal font)

(well, pcf2bdf, as it happens)

AmyMalik set screen.font on loader prompt

uh

ok

that's to change the loader font?

yes, and it will be passed to the kernel

once happy, you can add screen.font=XxY to loader config.

right

I'll have to copy it to /boot/fonts/ter-u22.fnt, I take it, and set screen.font=ter-u22?

... do I have to gzip it, or will it work fine bare?

no, boot/fonts has terminus already

screen.font will get glyph size (without value, you get the list of values)

ah.

if you want something else than terminus, you need to create fnt file and you can load it with loadfont command

I want terminus, but in sizes not shipped by FreeBSD - which I think counts as "fonts not terminus"

what you have in /boot/font ?

fonts*

oops. lost all my line drawing characters. minor embarrassment

ROTFL

plus, turned out the size i wanted was already in there

This statement sounds awfully british ;-)

yes, I used to be british

serves me right, minor learning experience, everything still works

etc etc etc

You made my day a little bit more joyfull :-)

is there a way to make dpv act just like pv?

I'm not sure what either is good for, so I'm probably not the right person to answer that question :3

debdrup well, I'm doing zxfer, so I'd really like a progress bar :D

How can you get a progress bar on a stdio datastream?

sysutils/pv

Title: FreshPorts -- sysutils/pv: Pipe throughput monitor

That doesn't really answer my question,.

if you e.g. do a `pv file` it tells how many percent have been transphered yet, including a progress bar etc.

ivarch.com/programs/images/pv.png tells me it's nothing like what I was imagining.

It's pretty obviously a lot more complex than `pv file`, so I'm just gonna stick to mbuffer and SIGINFO when I forget about that.

e.g. `pv bsdimage > /dev/da0` or the like to see the progress on writing a boot image to a USB stick

Yes, it's not something you put in the middle of a pipeline, it's scattered all throughout the pipeline.

“progress ON writing” … ist that correct? “progress OF writing“? sounds all strange to me

My instinct would be "progress writing".

Kalten what about dpv? the problem is that it's not sending it to stdout

V_PauAmma_V: hmmm…

Still kinda seems to me that it's solving a problem that doesn't exist when you have SIGINFO integrated into the relevant parts of the base system.

(But I've been known to be wrong.)

antranigv: I have not found this port yet.

Kalten it's not a port, dpv is part of base

V_PauAmma_V: happens to the best of us, and the rest of us.

ah!

antranigv: you mean, dpv does not send the file to stdout?

Kalten not by the looks of it... unless I'm missing something

-o for the target file, according to the manual page. Strange thing

Kalten I'm thinking of doing -o /dev/stdout

to which file handle does it write its output???? redirecting stdout of it as well as redirecting stderr does still let it write to the terminal...

can even send the output to another program by -x so `-x cat` ?

dialog(1) is used, it seems, and that talks about --output-fd  --stderr --stdout and that stderr would be the default for dialogs output

Kalten aaaaaa, -x cat makes sense, but when I have a pipe after dpv, it doesn't do anything

this is making me crazy!

A shell script mybe:

...8<--- bla.sh

#!/bin/sh

cat

--->8...

and -x to that?

also didn't work. now trying with -o /dev/stdout

nope