00:12:54 welp looks like I get to shelve freebsd a nfs server and go back to linux. Shame wanted to show off bectl as well, but can't get nfsv4 freebsd server to talk correctly to a nfsv4 linux client while passing uid's back and forth 00:13:20 manfromafar: Interesting. I use it here and it seems to not have any issues. 00:13:40 NFS 4.2 00:13:57 are you doing sys or krb 00:14:01 manfromafar: sys 00:14:18 manfromafar: Are you running nfsuserd on the FreeBSD side? 00:14:59 yup nfsuserd is setup I even forced the domain to match on linux in idmapd.conf 00:15:05 hoping that would fix it 00:15:30 but no luck freebsd appears to just map it out to nobody even though it passes the id's to the client correctly. 00:15:35 manfromafar: I've got to bail for dinner soon, but I'd be curious knowing what misbehaviour you're seeing out of it. 00:15:41 hrm 00:16:13 ls -l shows the proper uid but the user with that uid can't access the share or anybody for that matter 00:16:16 I'm not doing anything special here, and UIDs are honored. 00:16:24 oh, hm, hm 00:16:54 When fine tuning jails, do we 'sysctl security.jail.allow_raw_sockets = 1" in the host or the guest to allow for the ability to ping 00:17:02 manfromafar: is it catching the wrong line in exports, and being forced read-only because of it? 00:17:29 manfromafar: And do you have your V4 root set in exports? 00:18:11 yup went with only have a v4 line to adding a v3 line as well same behaviour 00:18:18 hrm hrm 00:18:26 linux will mount the share 00:18:35 then give input/output error when trying to access it 00:18:53 I might try with a freebsd client to see if anything changes 00:19:09 it's also a v4 only server 00:19:12 manfromafar: sending a HUP to mountd might be useful. I think I've seen that issue with new shares 00:19:25 oh I've restarted mountd contantly 00:19:26 manfromafar: Yeah, same here. V4 only, and in this case there are only Linux clients. 00:19:43 every change I restart nfs/mountd just to be sure 00:19:54 manfromafar: Maybe worth grabbing a packet capture to make sure it's sending what you expect, in terms of UID. 00:20:17 the annoying thing is that linux to linux works out of the box 00:20:23 I've seen this happen, but it goes away when I force the server to think about what it's done. :P 00:20:48 Linux has exportfs which takes some guesswork out of it. 00:22:10 Anyway, I'll be back. This works here. (I should note, FreeBSD 13.1 on the server side, Debian Bullseye on most of the client sides.) 00:22:23 So you're not trying to do something that's doomed to failure anyway. 00:22:26 bbiab 00:26:42 That sysctl is deprecated, so I'd use a jail.conf parameter instead. 00:26:57 Er, that was for RoyalYork. 00:39:43 are there tools to help resolve deps when trying to build statically? i have a base image for work that needs curl but like nothing else (it doesnt have a pkg manager for "security reaons" (more hype than anything it seems)) 00:47:13 On a host where curl is installed, "pkg info -d curl | grep -v :" will list packages it depends on to run. You then have to apply that recursively. 00:48:16 right thanks i guess i was mostly asking about the recursive part since that can turn a bit hairy 00:56:42 Not that jump out to me. I'd use perl to expand that list, because that's what I know. Not sure offhand whether awk can do it. 00:59:08 Or you could install /usr/ports and use "make -C /usr/ports/ftp/curl run-depends-list". 00:59:58 V_PauAmma_V, thanks for the tidbit about putting it in jail.conf. So then it's obviously on the host side (thumbs up) 02:19:36 any ever use makes? 02:19:53 sorry anyone ever use makefs? 02:28:07 makefs? 02:28:28 oh, good, that's not what i thought it was 02:33:50 i've used it briefly in the past, but mostly just as part of the build system outside of that brief usage 03:48:32 how to set up edit.rc so ctrl+backspace actually erases the previous word? 06:04:20 what is edit.rc 06:45:36 I just installed FreeBSD in a VM (wanted to try it out before committing to putting it on any bare metal), and for the most part I've grokked the basic desktop setup, except for one thing: How the heck do I set up an X display manager? 06:49:49 I've been trying to Google it for a while, but Google pretty consistently has been giving me terrible results for years and I haven't gone search engine shopping since Altavista died. In this case, Google is assuming I already know the basics of configuring a display manager (I do not, at least not within FreeBSD) and is only showing me results comparing display managers to each other. 06:53:31 origintopleft: what is the problem youre having exactly? 06:54:42 i just did (pseudo code) "sudo pkg install xorg i3 nvidia" and made and xinit file, loaded the graphics driver and launched X 06:56:05 cedb: I ended up remembering that post-install, pkg tried to tell me something about my display manager of choice, so I searched for how to get that message to come back instead (`pkg info -D ${DISPLAY_MANAGER}`) 06:56:16 cedb: the solution was to modify /etc/gettytab and /etc/ttys 06:56:19 people are gonna need more info than "google sucks" to help, such as graphics card/driver, hypervisor used 06:57:41 cedb: the original problem was "I wanted a display manager to present a graphical login screen, with pictures and things, and I wasn't sure how to configure that" 06:59:18 configuring X is the same as on linux, the only difference is that its usually mostly done for you automagically there whereas on freebsd you have to write one, maybe two files 07:01:14 i mean all i had to do was a 'Section "Device"\n\t"Driver "nvidia"\n\tIdentifier "Device0"\nEndSection entry in /etc/X11/xorg.conf 07:01:30 Hello 07:01:57 one of my freebsd 13.1 servers had it's zpool filled to 96% CAP to the point it couldn't write files to anymore 07:02:48 i sshed into it and destroyed a zfs dataset recurvisly that had a obcene number of snapshots causing most of the pool usage 07:03:04 now I can no longer SSH into the host 07:04:01 it's been several hours after running the zfs destroy command that the server has been in this state. I tried logging into the serial console instead of ssh and while it accepted my username and password, even printing a lastlogin date and location, it freezes after printing lastlog 07:04:06 over the serial console 07:04:07 cedb: Okay, you're still not quite understanding what I'm trying to say. That's understandable; I think I've developed a neurological condition recently that's causing me to lose my grasp of sensible English sentences. 07:04:18 cedb: it works now, so let me send you a screenshot instead 07:04:42 cedb: https://i.imgur.com/Ca9SyVz.png 07:04:50 should I leave the freebsd 13.1 host to continue trying to destroy the datasets overnight? Or at what point should I give up on that. What else should I try? 07:05:00 sfox, Seems the host is busy deleting old snapshots. 07:05:09 I know ly is a poor example of an X display manager, given that it's TUI based, but that was the idea I meant. 07:06:03 parv, how long should it take to delete only ~400G of zfs datasets on completely 100% intel solid state storage? 07:06:05 sfox, How old, many, big are|were the snapshots? 07:06:13 oh lmao, tui X, hmm okay yeah thats pretty edgy case you got there m8 07:06:30 there's 2 500GB ssds on the server setup in a zfs 2-way mirror 07:06:39 sfox, If there had been lots of snapshots may take a while. Leave it for a day 07:06:46 cedb: The question would likely have been the same if I had chosen sddm, or gdm 07:06:50 origintopleft: oh no sorry thats the display manager thing 07:07:01 cedb: or if you prefer a more cursed option, "if I ported winlogon to BSD somehow" 07:07:01 there's the operating system and the rest of the the zpool is filled with iocage snapshots 07:07:17 origintopleft: now now no need to be crass 07:07:33 cedb: I don't understand how I'm being crass. 07:07:43 id ask why the "graphical" login hassle and not just startx but sure 07:07:50 oh i just meant like mentionning windows :) 07:07:55 I've been streaming the iocage dataset to a hot-standby server in case something were to ever happen to the primary iocage server, and it looks like I forget to implement something to clean out the old snapshots on the standby serever 07:07:57 oh :V 07:08:01 I did say it was a cursed option 07:08:33 cedb: as for why "graphical" login, mostly a preferred creature comfort more than anything else 07:08:41 parv, ok so it's normal for it to take a day to do that. Do you think I've damaged the zpool in any way? when i ran a zpool list it said it had over 90% fragmentation 07:09:00 and if it is damaged any way to recover it without having to reinstall the os 07:09:14 i mean i guess all ports welcome, but if you stop maintaining and theres a mailing list that asks people to recruit theres probably gonna be a bit of head scratching 07:10:33 sfox: im not a zfs pro but cant you just add a device, even with snapshots if you reached this level of cap might be time to upgrade no 07:10:40 sfox, A year or 2 old (2-4) snapshots in 30-100MiB in sizes for ~40 TiB dataset took noticeably long (did not time; perhaps 15-20 minute) on a 13.1-RELEASE host 07:11:29 cedb I don't actually need more space i just forgot to implementent garbage collection in the backup script 07:11:34 that's why it's filled 07:11:38 right 07:12:29 for my own education isnt a big point of zfs/btrfs to have "subvolumes" (recently switched from linux sorry bad terminlogy) to enforce quotas and so forth so this doenst happen 07:12:47 yeah 07:12:56 but i'm not sure quotas work for zfs recv 07:13:14 interesting 07:13:17 * cedb makes note to self 07:13:23 sfox, Earlier you wrote "destroyed a zfs dataset recurvisly" -- does that mean you had started destruction of the dataset itself along with snapshots? 07:13:36 if they do i'll have to learn from my mistake and setup quotas so this can't happen again 07:13:45 parv yes 07:14:27 since this is a hot-staby server and all it normally does is sit there zfs-recving snapshots of the iocage dataset from the primary server and zfs list -t snapshot was taking too long i just zfs destroy -r zroot/iocage 07:14:51 I figured i'd just re-create the data from the primary server when the filesystem isn't full anymore 07:14:52 sfox, So that dataset is expendable. Could have done: zfs list -H -o name -tsnap -r | xargs -n 1 zfs destroy & 07:15:31 doing that wouldn't have frozen the entire OS for a day? 07:16:27 i do wonder why it could possible be taking that long. isn't only 500G of solid state storage 07:16:33 It would take at least just as long as: zfs destroy -r as that still would need to delete the snapshots 07:16:40 one could traverse the entire disk in that time 07:17:22 i'm glad i have a backup server and i'm not having to deal with any downtime because of this 07:18:03 whats even preventing you from logging in, is it that the fs is full or the command is hoarding it? 07:19:40 OTOH, forget about "zfs-destroy(1)"; "zpool-labelclear(8)" to clear ZFS metadata & use "gpart(8)" & "dd(1)" to clear the partition data 07:28:40 cedb, after running zfs destroy -r zroot/iocage the system become unresponsive 07:28:50 like it's partially hung or something 07:29:19 FreeBSD/amd64 (node4) (ttyu0) 07:29:19 login: root 07:29:19 Password: 07:29:19 Last login: Fri Mar 31 12:44:47 from viridi.lan 07:29:47 won't open a shell just hangs 07:32:47 sfox, How often were the snapshots created & when did that start? 07:35:27 every 15 minutes 07:35:33 for the last couple of months 07:37:18 O! 129_600_0! 08:01:22 any of you use multipath drives with ZFS? I've got a bit of surplus gear and have been playing with it. Active/Active is just nuts fast compared to Active/Passive when using bonnie++ ... I'm concerned though... is there a downside to Active/Active? I don't see any glaring warnings 08:40:17 laidback_01, what are you talking about? 08:41:38 I have a server with dual SAS controllers, and they both connect to 24 individual drives. makes it look like I have 48 drives, but it's twin paths to each drive via the backplane 08:41:42 laidback_01: Active/active should be pretty normal, more so than active/passive, so why not? 08:42:34 anyway, using gmultipath I'm getting excellen results with Active/Active vs Active/Passive. I like that, but was concerned about applications like Postgresql, etc. 08:44:31 laidback_01: How would applications know? Maybe I'm completely misunderstanding your setup. 08:46:21 it does mention this in the manpage: "closely following the original write request order if the layer above needs it for data consistency (not waiting for requisite write completion before sending dependent write)" And so I immediately thought of database ACID requirements. 08:46:55 they write that when talking about why you may want Active/Passive instead of Active/Active or Active/Read 08:48:22 but that's not a glarding "Don't do this warning" and my google searches keep bringing me to TrueNAS pages (this is an older FreeNAS certified box with that hardware in it); there's just not as much about it on google as I'd hoped for. What this makes me think: This is such proven tech, that problems rarely come up 08:48:37 at least that's what I hope. So I'm asking here in case that's not a valid hope 08:53:48 Weird, but I've never used multipathing on FreeBSDs. On other OSes, we always set active/active though. 09:00:02 okay, it's nice and fast, but it's just 24 4Tib spinners split into 3 groups of 8drive raidz3 vdevs. I was hoping for earth shattering performance, and it's pretty good, but then I ran the same bonnie++ test on a mirrored pair of crucial consumer SSDs... and got better results. not by much, but... bummer. main difference is 62T vs 400G so I'll stick with the array. lol 09:52:49 Hm… /usr/local/bin is already being used for a lot of stuff on FreeBSD. Is there another directory where I could keep my in-house scripts? 09:53:25 I mean standard directory. 09:53:41 On Linux, I use /usr/local/bin. 09:55:47 ~/bin? 09:56:45 I'd like to have them available system-wide. 09:56:46 The local prefix, according to hier(7), is meant for things that're local to a given installation. 09:57:00 Yeah, just read about it. 09:57:02 I don't see why this means scripts can't be placed there. 09:57:09 Okay, fait point. 09:57:17 s/fait/fair/ 09:57:58 I just thought it would be wise to "managed" software apart from "unmanaged" software. 09:57:58 There's a fair number of scripts in the base system that appear in the non-local usrbin, for example man(1). 09:58:15 (Yes, man(1) on the BSDs is just a script) 09:58:36 msiism: the distinction is between base system and third party 09:59:14 Yeah, for FreeBSD itself. But I'd actually like to distinguish a bit further. 10:00:24 Then I'm not sure I understand the distinction you're making. 10:00:51 On Linux, I put third-party software into /opt/, and my own stuff into /usr/local/bin. 10:01:10 hier(7) isn't perscriptive, it's only descriptive. 10:01:10 managed by pkg and not managed by pkg third-party stuff 10:01:22 Yeah, kind of that. 10:01:33 debdrup: I see. 10:02:03 I'm not sure it's up to FreeBSD to dictate how you do that :) 10:02:24 To me it's never made sense to distinguish between them, but you're welcome to. 10:02:36 Okay, I'll meditate over this for a bit. 10:03:28 I wouldn't necessarily follow what Linux does with /opt, because there's nuances to that in so far as it has to do with ZFS boot environments, if you're making use of those (or planning to, in the future). 10:04:07 /usr/local/mgd/ might be an option, since that inherits the properties of /usr/local/ with respect to ZFS boot environments. 10:05:08 Okay, interesting. I'm using ZFS already. 10:05:29 bectl is the tool for boot environments. 10:05:48 bectl(8) to be specific. 10:42:59 13.2 released? 10:43:01 hmm 10:43:16 must be important 10:48:35 if i have a second disk which i have a ufs partition on which is seperate to my main zfs disks, if i add it to fstab and do a mount -a it all works fine until i reboot and then i end up in single user mode. Do I need a specific module loaded in loader.conf for ada devices? 11:03:05 sfox: https://www.freebsd.org/releases/13.2R/schedule/ 11:03:06 Title: FreeBSD 13.2 Release Process | The FreeBSD Project 11:04:12 sfox: one day left to test RC6 and report release stopping bugs 11:04:58 bugs! 11:05:03 grrrrr 11:05:48 loose_chainsaw: why do you end up in single user mode? usually the boot process should tell you 11:07:16 I cant remember the exact message 11:07:29 Was wondering why it works if I do mount -a 11:07:38 but doesnt work on start up 11:07:57 i have a directory in my home directory which i want it to map a ufs partition to 11:08:24 would i be able to see the error in the logs 11:08:29 if so I can share it 11:21:25 interesting… https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270667 11:21:27 Title: 270667 – zfs: size 0 files in /usr/local/etc after pkg upgrade -f after base 2a58b312b62f 11:22:37 loose_chainsaw: I reckon the problem is the ordering 11:22:50 fstab might be happening before zfs 11:25:31 is there a way to prevent that 11:25:40 I have it as the last entry in the fstab 11:25:40 loose_chainsaw: you could try adding the "late" option and see if that fixes it 11:25:52 cheers 11:25:56 ill investigate that 11:35:48 meena, Thanks for the ZFS bug URL 11:44:29 Say is there some write up about ssh or rsync when 2 computers are connected directly via a patch cable? 11:44:43 s/about/& using/ 11:48:49 do you expect any differences than when those 2 computers were connected via switch(es)? 11:50:43 What do you mean? 11:51:36 I am asking wrt if I would need to set any particular IP addresses or netmask. 11:52:03 ... or fiddle with firewall|routing 11:52:12 ah. no, you don't need. but i'd set an ip from a subnet that is not colliding with the rest of the infrastructure, if any. 11:52:41 Ok, thank you. 11:52:43 if that cable is the only connection those boxes have, then it does not matter 11:53:04 you only need to make sure that the boxes are "network-wise visible" to each other. 11:53:13 Yeah that cable would be the only connection 11:53:18 you can set 192.168.255.1/24 on one, 192.168.255.2/24 on the other 11:53:21 for example. 11:53:41 Right, thanks 11:55:11 Situation is I want to set up a small 'puter as a router. All I have are laptops; do not have space for ~22-24 in monitor to connect that small 'puter to do the set up 11:56:15 Needless to say could not find ~16-19 in monitor locally (shipping is ~US$100) 13:53:33 huh, https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270668 ? 13:53:36 Title: 270668 – ssh logons via public key fail after target upgraded to FreeBSD-12.4-p2 14:15:14 is there a way to flush the ARP cache ? 14:23:36 gzar: arp -d -a ? 14:23:39 gzar: https://man.freebsd.org/arp(8) says it's -da 14:23:40 Title: arp(8) 14:24:51 thanks, sorry im kind of in a hurry and didnt get many search results that just mention this 14:26:42 Will HP Chromebook 11A G6 AMD A4-9120C run with FreeBSD? 14:29:35 hello good folks, I am trying to install/boot freebsd for the first time on my laptop (thinkpad t14s gen3/AMD 6850U), and the boot gets "stuck" at `acpi_acad0 on acpi0`; does that sound familiar with anybody -or should I just give up on installing it-? (I've tried 13.1, 13.2 and 14.0 memstick releases, updated bios to the latest version, tried `hw.pci.mcfg=0` as it was a solution for a "similar" problem being 14:29:36 discussed in the forum a while back) 14:32:45 Unifi v7 software broke after the quarterly (?) patches. Mongodb gets corrupted and I am not able to repair the database. 14:34:26 Not a biggie but the upgrade procedure failed a few weeks ago as well. 14:35:28 sedzcat: have a look if there's admesg for it here: https://dmesgd.nycbug.org/index.cgi 14:37:11 vortexx thanks but didn't find the laptop's dmesg there 14:38:20 sedzcat: that just means no one who uses that db has tried it. Your laptop probably works, just check if the wifi card is supported 14:40:11 oh that's dumb, you can't have only a V4 line in exports 14:42:27 vortexx The wifi card is Qualcomm Wireless-AC 802.11a/b/g/n/ac 14:45:44 yeah that's not precise enough, pciconf -l should give you a better indication if it's been picked up by a driver, it should start with an i 14:54:21 man that is weird and feels very buggy. https://pastestore.tk/raw/lezoxaquko you would assume if your building a v4 only server you'd want v4 only lines but apparently that doens't work 14:58:35 batuhan: there's no panic / back trace / etc on 14? it just gets stuck? 14:59:30 Nothing, just hangs at that stage 15:00:06 and since v4 doesn't take maproot you can't squash root. Very odd 15:03:16 meena: with the verbose boot, the last line before hanging is `AcpiOsExecute: task queue not started` 15:03:54 can you submit that as bug report? 15:08:29 Will do, thank you for your time 15:11:17 $ apropos echo 16:05:07 ooooh thats so dumb, freebsd really should steal the crossmnt option instead of forcing you to export every mountpoint under a export 16:05:26 manfromafar: Did you get things running? 16:06:46 manfromafar: Was it an issue with a nested mount not being explicitly exported? 16:08:24 yes/no, freebsd requires a v3 and v4 line to do the exports, but v4 can't crossmount even though the man page says it can 16:08:57 so freebsd is a non starter as I'm not micro managing the exports file when linux will just let me export the root 16:09:37 From exports(5): All ZFS file systems in the subtree below the NFSv4 tree root must be exported. 16:09:54 I've always made it explicit, so it's just not an issue I've encountered. 16:10:39 NFSv4 does not use the mount protocol and does permit clients to cross server mount point boundarie 16:11:01 manfromafar: how hard is it to generate that exports file? 16:11:09 1+N 16:11:47 aka not worth my time when another OS will do it for me 16:11:59 manfromafar: How about if ZFS does it export itself? I've never let ZFS control exports, but it's a thing. 16:12:11 the only reason I was looking at freebsd for this was some of the differences in how memory is handled in regards to mountpoint management 16:12:20 I know its a thing and its trash 16:13:04 that is unless your on slowlaris 16:13:22 This suggests that it should do what you're asking: All ZFS file systems in the subtree below the NFSv4 tree root must be exported. NFSv4 does not use the mount protocol and does permit clients to cross server mount point boundaries, although not all clients are capable of crossing the mount points. 16:13:53 I'm not sure how the client figures into it there honestly. 16:14:11 ...if NFSv4 is presenting a unified space. 16:14:29 🤷 in theory the client should just see it as another directory in the tree 16:14:40 but that's just the 1000ft glance 16:15:14 and I know it works since if I add the explicit export it works 16:15:56 rtprio: editrc is freebsds readline, apparently if I want ctrl+backspace to delete the previous word, I have to use that instead of inputrc 16:17:00 honestly though, why can't terminals use ctrl to send something else. like ctrl+shift is what is ctrl now, and ctrl sends some other character 16:32:18 we've done a comparison in our hospital. VmWare as the client, TrueNAS Core (FreeBSD) vs TrueNAS Scale (Linux). we are using NFS v4. The array is a striped raidz2 - 12 12T drives per each vdev. Okay, we have one of those servers with two headnoded, but backplane common to both, so for ths test, we used only one headnode, and disabled the failover. 16:35:02 anyway, we were just using bonnie++ back then too, but it was from the VmWare clients - we have 4 VmWare headnodes. Oh, everything is on a 10Gbit network. the storage system has 4 10G nics in a bond that the mikrotik swiches support. I can't recall if this was LACP or what now. the VmWare headnodes each have their own NFS mount "Primarily VmWare1", "Primarily VmWare2" and so on 16:35:49 anyway, the point of this: we would fire up 5 clients on each node, run bonnie++ on everynode via an NTP timed cron, so they hit at the same time. 16:39:03 laidback_01: and what was the result? 16:39:06 Performance was notably different, I don't have the results at hand - I moved on from the job, but we put in the TrueNAS Core - this was a bit ago, 13.1 had just come out, and we upgraded to that several months later. I recall everyone lifting their eyebrows, we all thought the linux based NFS server was going to dominate. the Scale GUI is easier for the windows guys to understand, so they wanted that. but... function over form. Core (FreeBSD) 16:39:06 was faster, and seemed more stable or... less surge prone? something was different for sure. Now, for use not using ZFS was a non-starter, so no, we didn't compare to ext4 or btrs. just straight ZFS (used the same array for both setups), 16:39:19 OH GAWD. I just realized. Since freebsd nfs can't do crossmnts I couldn't even use it if I manually exported everything anyways. We use the .zfs folder to allow users to restore their own backups and with freebsd unable to handle dynamic mounts we could have to constantly do exports for every snapshot 16:40:34 💀 16:43:12 anyway, I didn't mean to write a treatise. if you have time - take a look at how TrueNAS core is handling NFSv4. I think they are doing what you expect. we for a while setup NFS exports per machine (1..5T each VM), but eventually got tired of creating those in the GUI. we then created exports by group or idea - All the Windows 2016 servers in this one, Client machiens in that one, etc. Then we went back to 4 total exports "primarily node 1"... 16:43:13 "primarily node 4" and that worked just fine. I have a feeling I'm not doing things the same as you or not using NFS in the same manner, so I probably never needed the auto exports feature. 16:43:33 would auto exports dynamically create/export an NFS mount as required? 16:46:58 freenas is a nice small nas setup but they mostly just expose the freebsd settings in the gui 16:47:40 does truenas have auto exports haven't heard about that 16:48:16 I assume yours is working as your not creating nested datasets only one parent datasets then just normal folders underneath 16:48:36 that is accurate. no nested datasets 16:49:36 that is the key difference we have tons of nesting to separate out things. The biggest is just home dirs. Each user gets a home dataset which needs to be exported 16:51:23 the hidden joy I receved from this was the windows admin built up one of those Dell C1700 4 node chassis systems. I can't recall how many drives or anything, and they put windows server on it, hyperv and used it for windows machines. they work well enough - a bit slow at tiems. but reboot. wow, reboot that system only at 1am, expect it to be back up by 3am. the VmWare stack, even in sequence HN1..HN4 could be all shutdown in about 15 minutes, 16:51:24 and up in about 20. 16:52:45 I don't envy your posistion there. sounds like a college campus or something. too bad you have to do that kind of nesting. probably the only way to solve your issue. 16:54:02 technically it could all just be folders BUT I like having homedirs as datasets. It gives people access to their own backups instead of having to call us to restore something 16:59:48 oh, yeah. I do that with SMB mounts for my windows client in small buisnesess 17:33:14 I had a weird zfs issue. Maybe someone has some experience and wisdom they might share. 17:33:19 A routine scrub turned up "Permanent errors have been detected in the following files:" with a list of files from binary installed ports in /usr/local listed. 17:33:44 I would have re-installed those binary ports. But instead decided to run another zfs scrub. Did that. 17:34:03 And the errors all disappeared. No problems listed now. Making this odd. 17:34:25 Plus when I scanned the syslog I could not find any storage errors logged. 17:35:19 I think zfs glitched. But it was an odd glitch. First time in the past year for me. Should I be worried? 17:39:06 Oh and this was on a two disk mirror system. So self-healing from a good copy is possible. 17:48:15 rwp: Are you sure it's a mirror? 17:48:34 rwp: More than once I've forgotten to say "mirror" and notice that the pool I just created is twice the size I expected. 17:49:03 I'm surprised it's saying "permanent error" but I'd probably take this to the ZFS folks who can say more. 18:01:01 Is freebsd better than linux for web dev/high level stuff(aka I don't work directly with low level stuff like syscals)? 18:02:03 cristiioan: It works just fine for high level stuff (as does Linux.) 18:03:53 What about emacs support? 18:04:37 Are you asking if emacs works on FreeBSD? 18:06:26 emacs works fine, on a lot of OSes 18:07:00 If it supports all advanced features. Like native compilation 18:08:49 https://discuss.haiku-os.org/t/emacs-graphical-client/11966 18:08:52 Title: Emacs graphical client - Software - Haiku Community 18:08:55 mmmmmmm 18:10:09 cristiioan: https://www.freebsd.org/status/report-2021-04-2021-06/emacs/ 18:10:10 Title: The FreeBSD Project 18:13:41 mason, "zpool history | head -n2": zpool create -o altroot=/mnt -O compress=lz4 -O atime=off -m none -f zroot mirror ada0p3 ada1p3 18:14:56 That was 2022-03-01 on this system. Been solid with no trouble for over a year. Making this an odd glitch. 18:15:22 I expected to see disk errors logged. But nothing that I could find. The next scrub then showed clear. Odd. 18:17:26 cristiioan, I would say that for web development there is no user visible difference between FreeBSD and GNU/Linux. For operating the OS though FreeBSD has many advantages. 18:18:44 As for upstream Emacs adding native compilation... I actually find that rollout to have been quite annoying! But I often complain about new emacs release behavior changes that annoy me. 18:19:10 My only other thing is if minecraft can't be played? Is screen sharing working as expected under wayland(should I have to deal with anything specific)? 18:19:44 Minetest works well on FreeBSD, though it's a different game, I enjoy it. 18:19:45 Also is it more stable? I just had to deal with yet another gnome crash(now I have a missing lock screen) 18:20:17 xtile: I wish to get away from gaming 18:21:32 aha 18:22:00 * meena has no talent for gaming what so ever 18:22:01 However I see that in today's binary ports update that chromium is now dropped? Gone from available ports? Anyone know what's up with that? 18:22:42 There is still ungoogled-chromium but it's really a different browser. 18:23:01 rwp: all electron ports are affected 18:23:12 oh, never mind then 18:24:19 I apply upgrades every day. In today's binary port upgrade it wanted to remove chromium. (Okay with me. I mostly use Firefox.) I allowed it. It's now gone. 18:26:34 why the heck would pkg upgrade remove packages you installed, just because they vanished from the repo? 18:27:01 I imagine there are library conflicts. 18:27:24 ah, that would make sense 18:28:28 Let me gather up and paste the trace of the rather large upgrade today. 18:29:50 Here is the trace of the quite large binary pkg upgrade today. https://bsd.to/oVPO/raw 18:29:51 Title: oVPO 18:32:00 I should also include that freebsd-version -kru says: 13.1-RELEASE-p6 13.1-RELEASE-p6 13.1-RELEASE-p7 18:36:06 will I be able to download release 13.2 tomorrow or do I have to wait until Tuesday? 18:36:22 rwp: is this latest or quarterly? 18:36:38 meena, quarterly. It's a boring stable system. 18:38:00 cristiioan: i reckon you might be able to get them tomorrow night for the Tier 1 platforms — but i don't actually know 18:38:21 I reached into the snapshots and ran "ldd /.zfs/snapshot/zfs-auto-snap_weekly-2023-04-02-00h14/usr/local/share/chromium/chrome" and all of the libraries resolve okay. 18:39:01 so, yeah, that's not it then 18:39:09 I ran the executable from the snapshot on the current system and it seems to run okay. 18:39:13 go ask ports people 18:39:39 You are right. I should ask the ports people. 18:40:38 Also another curisoity. How is the status of risc-v support? 18:41:17 This shows a good reason for zfs as I just upgrade without any fear because I have zfs-auto-snaps running. Making upgrades very safe. 18:48:38 I'll ask the ports people after lunch when I can stay engaged if someone responds. I can't see what triggered it. 18:49:39 It _might_ be accidental in 13.1R because of "Sunset 12.3-RELEASE from ports tree" tagged "12.3-eol". Maybe. Don't know. 18:49:48 https://cgit.freebsd.org/ports/commit/www/chromium?id=56932296b7bc5c29380a4c433c5a9250fb6b4fb5 18:49:49 Title: ports - FreeBSD ports tree 19:39:22 What do `-m` and `-M` do when mounting devices? Seems like you use that to set permissions. However, mount(1) doesn't seem to contain any info on that. 19:40:43 msiism, I think you first need to realize that mount is just a wrapper for mount_. 19:40:58 Oh… 19:41:14 Ideed, I needed to realize that first. 19:42:40 mount(8) has no -m or -M switch but the type you're mounting may support such a switch. 19:43:17 Okay, I've found the appropriate man page already. Says it all… 19:44:39 meena, whatsoever is a single word. 19:57:13 cristiioan, I have never played minecraft, but I think it might be difficult to play it on FreeBSD (at least without emulation), I think our client port is very much out of date: https://www.freshports.org/games/minecraft-client/ 19:57:15 Title: FreshPorts -- games/minecraft-client: Client for the block building game 19:58:24 and updating it requires some work that is not moving at all: https://reviews.freebsd.org/D31119 19:58:25 Title: ⚙ D31119 games/lwjgl3: Lightweight Java Game Library 3 20:01:01 Only ever ran the server port on FreeBSD. 20:02:35 Though, the port-updates never kept stride with the upstream updates, so I mostly just copied over the .jar file and restarted it. 20:16:46 minecraft server port has just been updated: https://cgit.freebsd.org/ports/commit/?id=fdf1dc6decf4dc07fa3ee7428da067d83b2fa409 20:16:48 Title: ports - FreeBSD ports tree 20:27:59 I've put up a Git repo containing my little mount(1) wrapper: https://git.sr.ht/~msi/qmnt. As I'm still new to FreeBSD, feel very free to comment, especially on the "Setting things up" section in the README. 20:30:10 man 1 mount 20:30:11 No manual entry for mount 20:30:29 Interesting. 20:30:37 I have a feeling I know why that is… 20:30:46 (base system utils use manual index 8) 20:31:05 Let me have a little round of s/1/8/ … 20:46:22 aside from nagging developers to add multiple SOCKS proxy settings to their apps, could freebsd provide any way to prevent SSRF across an app's components? c.f. https://github.com/WebAssembly/wasi-sockets/issues/33 20:46:25 Title: Require sockets to have a named "context" · Issue #33 · WebAssembly/wasi-sockets · GitHub 20:46:25 33 – TIOCSTAT doesn't appear to work https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=33 20:46:32 nah, grep is in 1,and so is ps 20:46:50 mount usually needs root 20:47:15 administrative utilities are under 8 20:47:20 * msiism reads `man man`. 20:47:30 * msiism learns. 20:48:29 The embarrassing thing for me is, it's just the same on Linux. ;) 20:54:56 Soni: I don't see how. that's very high level 20:55:22 meena: why can't we have setsockopt(SO_TAG) and filter it in the local firewall? 20:55:41 SO_TAG is ideally a string that gets passed by the app to the firewall 20:56:10 so e.g. it could be tagged "redis" or "postgres" or "git" (this one is dangerous, it is user-controlled) or so on 20:56:16 and then the firewall could filter on it 20:59:23 Soni: most of SSRF happens via https, no? 21:00:18 (yes, shelling out to `git` instead of using `libgit2` also helps to mitigate it - you can then firewall based on the `git` process, which works as a form of tagging - but turning your app into a bunch of shelled out components seems like a pretty crummy way to do this kind of firewalling) 21:00:47 meena: yes, git over https, git over ssh, git over git protocol, whatever happens to work 21:02:22 git protocol is deprecated 21:02:26 most of SSRF happens via user-controlled connections, so simply splitting them into "user" (user input, API-based) and "core" (config-based) would be enough 21:02:54 but even that still requires some way of tagging which connections are which, and letting the OS know about the tagging 21:08:14 meena: git protocol is not deprecated. git protocol over the network is deprecated. git over https, git over ssh, etc are just git protocol over a more appropriate transport. 21:08:33 Don't most developers use git (commands) over ssh? (Though I know those who work behind restrictive corporate firewalls have to work around it.) 21:09:20 The most typical use for git via https (or http or git://) is read-only clones only, right? 21:10:01 or use https for fetch, ssh for push (as committers guide suggests) 21:10:30 rwp: yes, but it's complicated (case in point: restrictive corporate firewalls) 21:10:54 but that's irrelevant for the SSRF issue 21:12:21 Ah, I see, you started with https://github.com/WebAssembly/wasi-sockets/issues/33 as the problem. Gotcha. 21:12:23 Title: Require sockets to have a named "context" · Issue #33 · WebAssembly/wasi-sockets · GitHub 21:12:23 33 – TIOCSTAT doesn't appear to work https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=33 21:30:15 interesting how linux describes v4 handing mounts https://www.apt-browse.org/browse/ubuntu/trusty/main/amd64/nfs-common/1:1.2.8-6ubuntu1/file/usr/share/doc/nfs-common/README.Debian.nfsv4 21:30:16 Title: /usr/share/doc/nfs-common/README.Debian.nfsv4 21:30:31 just mount the volumes and they;ll work 21:34:08 <_xor> "BoringSSL is a slimmed down TLS implementation maintained by Google. Getting TLS right is very, very hard. Envoy has chosen to align with BoringSSL so as to obtain access to the world class experts that Google employs to work on this code base. In short: if BoringSSL is good enough for Google’s production systems it is good enough for Envoy and the project will not offer first class support for 21:34:10 <_xor> any other TLS implementation." 21:34:54 <_xor> Oh good lord. So in turn, that means the port won't build due to ssl=base. 21:36:08 <_xor> Essentially boils down to, "We're not going to use anything else since Google is always righter." (though on the flip side, I can kind of understand it due to the previous code issues with OpenSSL) 21:37:39 when libressl 21:38:02 we've built on OpenSSL for decades and given back exactly squat and when it all blew up, we decided to create our own instead of contributing 21:49:49 the little that I read about Boring, there is a certification element. I remember literature about places that need to pass a government compliance and Boring has to satisfy those requirements. 21:50:44 so, FIPS? 21:51:59 I kind of stumbled into searching it because there was a "suspicious" IF conditional in a Go library call. Something similar to "if boring_enabled, then call boring and skip the rest of this routine". 22:23:50 > we've built on OpenSSL for decades and given back exactly squat and when it all blew up, we decided to create our own instead of contributing 22:23:50 not just openssl, that's true about most bigtech corporation 22:24:16 in california the locals are slashing google bus tires because the public transit is so bad 22:27:57 gotta love homless camps with skyscraper and tech campus skylines 23:01:51 For jail administration, do most people use ezjail-admin or do they administer it manually? 23:02:45 bastille for me 23:03:14 Im just jumping into jails for the first time, seems that something like bastille is the way to go 23:03:22 lots of fiddling around otherwise 23:03:23 ezjail is a bit older, and while it works, it was/is mean for FreeBSD10 and under really. 23:04:21 there's IOCage as well. that's a reasonalbe system. I don't know which is lighter or more FreeBSD-like, but I think it's just a personal preference after a point 23:06:12 Im trying to find a sample of Jail Mastery to see what Lucas's views are 23:13:57 RoyalYork: Base system tools here. They work well. 23:16:57 mason, im trying to find a reference that assists with getting network access to my jail 23:17:12 failing that, I'll have to go with a tool 23:17:17 RoyalYork: The handbook is a good bet. 23:17:25 The FreeBSD handbook? 23:17:39 I found it didn't cover getting network access to jail 23:17:43 RoyalYork: https://docs.freebsd.org/en/books/handbook/jails/ 23:17:45 Title: Chapter 16. Jails | FreeBSD Documentation Portal 23:17:47 Chapter 16, i've been up and down it 23:17:51 having an issue mounting a lacie usbc storage device. when I run mount it says invalid argument: commands I've tried pasted here https://paste.rs/JZm.md 23:17:52 Title: paste.rs - Rocket Powered Pastebin - Markdown 23:18:01 RoyalYork: That shows networking. 23:18:17 not sure what i am doing wrong here 23:18:36 RoyalYork: I have a wiki page showing jails with vnet and epair, if you want an alternative: https://wiki.freebsd.org/MasonLoringBliss/JailsEpair 23:18:37 Title: MasonLoringBliss/JailsEpair - FreeBSD Wiki 23:19:09 I'll have a look at the wiki (thank you), but chapter 16 only talks about network interfaces with ezjail 23:19:39 RoyalYork: I'm looking at it right now and I see it showing an example with networking in jail.conf. 23:20:03 RoyalYork: Search for this text: Jails are often started at boot time and the FreeBSD rc mechanism provides an easy way 23:21:28 I saw that earlier 23:21:34 https://bsd.to/k3aE 23:21:35 Title: dpaste/k3aE (Plain Text) 23:21:42 my jail.conf file looks very similar 23:21:52 Im not able to reach the internet from my jail 23:21:59 maybe thats a feature and not a bug? 23:22:54 Hm, unsure what the rest of your networking looks like. 23:23:31 in the host? 23:24:46 https://bsd.to/zhF8 - this is my rc.conf 23:24:48 Title: dpaste/zhF8 (Plain Text) 23:25:21 And no firewall / pf running 23:28:09 RoyalYork: I don't know if 10.10.10.10 is valid for your network. Maybe do a quick packet capture and see if it's trying to get packets off your box, if the networking is valid. 23:28:37 If you can get to the network from the host, then the jail should be able to do so too. 23:28:50 Ok, you gave me somthing to look at. I'll start with the IP 23:29:14 I am able to ping between the host and jail, but I'll keep digging 23:29:30 RoyalYork: One thing that's critically important to understand is that if a jail tool shields you from understanding what's gone wrong, it's doing you a dis-service. 23:29:52 mason, agreed. im of the same mindset