03:06:07 "pkg-autoremove" is not very helpful in my case for I need Python packages as dependencies for other Python packages (see PyPI) installed in virtual environment(s), along with other build time dependencies needed when I build some ports 03:08:40 That does offer a list to non-auto remove a partial list 05:25:57 hello where I can find pxeboot for freebsd ? I dont see it on mirrors 05:27:26 it's part of the standard install? 05:28:02 this means I need to download an iso and it is inside ? 05:29:06 right it is inside, thanks 07:56:09 hello for booting via pxeboot, how to set console (I use qemu), does touching boot/loader.conf on the root-path is the right way ? 07:58:05 what do you want to set the console to? 08:00:15 baud=115200 console=ttyS0 08:00:37 I have set comconsole_speed="115200" 08:00:47 and boot_serial="YES" 08:01:12 I have logs on server that the NFS is mounted 08:01:17 console="comconsole" 08:01:26 but the console only show last Starting the BTX loader 08:02:16 with console="comconsole", no change 08:02:24 huh 08:03:15 let me check 08:03:24 what freebsd version? 08:03:49 latest 13.2 08:05:04 jump_message: .asciz "Starting the BTX loader\r\n" <-- that's the last message you see? 08:05:45 yes 08:09:54 hmm. looks like pxeboot can be compiled to always use a serial console 08:10:01 but that doesn't seem to be the default 08:10:55 if it's not managing to read loader.conf, then it wouldn't be able to switch to a serial console 08:15:07 I see someone having the same problem, probably i need to enable NFS over UDP 08:15:21 strange that the mount request is logged as succesfull 08:16:51 montjoie: Isn't mount always UDP? It's an RPC call. 08:17:15 yeah, mount is a completely separate option from actual file service, oddly 08:51:07 I tried with another nfs host which has not UDP disabled, no change 08:56:50 I removed the nographic from qemu, but no more success, the boot is stuck 08:58:48 other than compiling pxeboot with the serial console option, not sure what else to suggest 08:58:55 it's been a while since I tried pxe 08:59:21 the problem is not serial anymore, since with normal video output the result is the same 08:59:28 ah 08:59:52 can you tcpdump the nfs traffic to see what's happening if anything? 09:00:07 on qemu windows the last sentence is FreeBSD/x86 bootstrap laoder, Revision 1.1 09:00:19 and the cursor is blinking 09:03:54 hm 09:06:17 so it got most of the way through loader's initial setup, but I think that's about where it would stop if file access is failing 09:07:58 it seems the client try to access UDP port 0... 09:08:02 according to tcpdump 09:08:15 so something is wrong with nfs 09:14:28 it try to open boot, but ask it on port 0, so this is the issue 09:14:35 but why it uses port 0... 09:17:09 check whether it did a portmap call first 09:17:40 I see a call to sunrpc before 09:18:27 that should have returned the port number to use 09:18:56 wireshark help a bit more, the answer is PROGRAM_NOT_AVAILLABLE 09:20:50 does rpcinfo or equivalent on the nfs server show the nfs service as available? 09:22:13 it seem that nfs over udp is not enabled, but the kernel is built with support for it 09:22:38 is the nfs server on freebsd or something else? 09:23:34 nfs on linux 09:23:48 oh. I don't know about linux 09:24:11 on freebsd, -u and -t are separate flags to nfsd to control whether each protocol is enabled 09:24:14 if I don't set default versions of things like python in a make.conf – where does it come from? will one be defined at all? 09:24:41 default default versions are listed in Mk/bsd.default-versions.mk in the ports tree 09:24:43 phryk: from the framework 09:25:01 what RhodiumToad said 09:25:32 ah, neat. i assume those default defaults are what's used for the official pkg repo? 09:25:39 yes 09:25:43 okay it works now 09:26:03 so the problem was nfs-utils disabled udp by default since 2.1.1 09:26:18 thanks for your help 09:26:21 yw 09:26:32 great. thanks for the info. i think i know how my next poudriere setup will look, then. :) 09:26:52 so the UDP could be disabled both in kernel and userspace 09:28:39 phryk: painful without ZFS :P 09:29:15 meena: hell no. the automatically generated zfs datasets are where 80+% of the stupid mount breakages happen. 09:29:35 always have to mount some of the jails, ports trees etc manually after boot because that shit's so broken. 09:30:03 fun fact, I actually disabled zfs on poudriere, because I didn't know how the heck to backup that mess 09:30:22 yeah, no big surprise there.^^ 09:30:40 with plain ufs it'll just be a poudriere dir. simple and easy to manage. 09:31:07 and if i want fancier stuff in there, i still have nullfs to mount around to my hearts content. 09:31:17 I still had it on zfs in the end, because without seventeen layers of datasets it's just one zfs send 09:33:14 I'm too poor for backups. I have everything mirrored because i'm still paranoid about failures tho. that strategy worked fine for over a decade now.^^ 09:33:43 and if i had extra disks/machines to store backups, it'd probably just be rsync in a cronjob. :P 09:34:35 well, by Backup, i meant moving to a new server 09:34:54 that hasn't happened, so my repo was decommissioned with the old server 09:35:03 might be coming back soon 09:36:35 i'll be doing a new setup within the same machine. got myself 2new 4TB drives last month and am going to do a new setup for my homeserver on those manually so i can just reboot into it. will also give me some leeway if i forget stuff because the old system will still be around till i reformat the old 2TB drives. :) 09:38:41 for me, the fact that manually setting up a new system from a running one is so easy is one of the key strengths of freebsd. i don't even remember when i last used the actual installer… must've been around 5 years back when i got the current laptop. 09:42:45 I've used the installer a couple of times over the past few years - in VMs, to try and help out people with installer problems :-) 09:43:51 haven't used it for actual systems in a long time 09:43:51 The one thing I don't know by heart is the security settings the installer lets you enable. But I can look those up on my laptop^^ 09:45:00 Which reminds me, I still need to read up on securelevels and see about secure uefi boot. Tho I think that would require a board that lets me write a pubkey to authenticate the boot partition or somesuch thing… 10:01:25 phryk: i think ASLR defaults to ON now! 10:02:35 lol, wow. wasn't that a downstream contribution from hardenedbsd like… 8 years ago? :'D 10:03:11 also is "now" 13 or 14? 10:06:16 no 10:07:02 hardened BSD uses a different kind of ASLR, it's basically what lead to the split 10:09:12 mhh, i vaguely remember shawn talking about handing it in as contribution when hardenedbsd already was a thing. otoh that was a long time ago so my memory might just be plain wrong.^^ 10:11:38 i thought of switching to hardenedbsd a couple times, but the bus factor seems a bit problematic.^^ 10:11:43 No, ASLR was developed independently. 10:11:49 The one in FreeBSD, I mean. 10:12:42 debdrup: ye, but might be that shawn made a patch that was rejected or something. 10:14:08 I don't think he did, no. 10:14:18 meena: "split"? 10:16:04 debdrup: mhh, yeah, i at least can't find anything on bugs.freebsd.org 10:20:32 As I remember it, HardenedBSD happened because Oliver and Shawn figured that notions of grsecurity (a company responsible for a custom Linux kernel build that cost money, and a set of free out-of-tree patches) were the only right ones, and decided to do a clean-room implementation. 10:20:40 As you can imagine, other people had different ideas. 10:32:05 yeah, i don't think much would speak against these features as optional ones, tho. but for aslr specifically, i'm not sure the current kernel design would allow for that to be a module as it seems to be a quite low-level thing. 10:33:20 It's also just not worth anything nowadays. 10:33:49 Even when HardenedBSD implemented ASLR, it was trivial to defeat, and it's only gotten easier. 10:34:30 ah, okay. my knowledge of that low-level stuff is sadly very limited^^ 10:36:05 It dates back to 2001, for context. 10:38:29 not sure what difference that makes. i mean aes dates back further and is still considered secure. 10:39:11 The point is that it was effective back then, and that like any other security feature, it isn't a panacea that works forever. 10:41:08 https://scholar.google.com/scholar?cluster=9172709712739767577 and https://scholar.google.com/scholar?cluster=15808895045898589987 are the first two bypasses (from 2014 and 2016, respectively), and by 2017 the AnC attack demonstrated that it could be done in JavaScript. 10:41:09 Title: Google Scholar 10:41:40 I'm pretty sure there were ASLR bypasses before then, but there's little acedemic mention of it, so it's much harder to find. 10:42:50 yeah, the question is always: are security researchers going to find it, or somebody else? 10:43:06 https://repo.zenk-security.com/Techniques%20d.attaques%20%20.%20%20Failles/DEP-ASLR%20bypass%20without%20ROP-JIT.pdf here's one from 2013 10:43:14 bookmarked. i'm slowly getting more into low-level stuff (have an ongoing project of doing libdrm stuff with D), but haven't done any security stuff that low yet. breaking ASLR might be a good first thing when I get time. :) 10:43:39 and the answer is usually: if somebody else does, you won't know 10:45:11 the slides from 2013 imply that it was possible to ROP or JIT past ASLR even before then, too 10:49:35 I love how all these security people think of really cool stuff to secure things up and down the stack, and then developers of a language runtime go, we need to disable that for security reasons 10:50:07 uh wat? :D 10:51:47 https://github.com/nodejs/node/issues/40467 10:51:51 Title: 16.11.1 cant build and execute on FreeBSD 13 · Issue #40467 · nodejs/node · GitHub 10:51:51 40467 – Maintainer update port: devel/kprof https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=40467 10:52:04 s/securit/performance/ 10:52:07 sorry 10:56:51 ouch. 11:03:51 but meena, it has to go fast in order for javascript developers to be able to add more code 11:04:11 we can't just have a few hundred megabytes of javascript, we need many hundred megabytes of javascript! 11:04:31 do we have a wasm target for the kernel and base yet? 11:05:58 imagine what we could achieve if you could require freebsd in your JavaScript? people could finally use shellscripts in their Browser! 11:08:21 I think compiling shells to js or wasm is already possible and if not, python is and there is some shell (oil?) written in python 11:17:00 are there any javascript engines ported to wasm... 11:17:07 or browsers, even 11:17:22 imagine the fun 11:25:27 hello how to update automaticly a password on freebsd ? (for doing it when installing) 11:25:46 I want to avoid a sed in passwd file 11:30:36 I'd use "pw usermod" with "-h 0" in a suitable language: sh scripting, perl, python, or whatever. 11:31:06 For more, see pw(8). 11:42:02 V_PauAmma_V: thanks 12:06:10 meena: i think llvm ir lets you do javascript 12:08:55 debdrup: finally a sensible machine to run freebsd on. 12:09:15 a JavaScript virtual machine 12:09:27 or abstract machine? 12:09:35 * debdrup hides 12:09:41 whatever, it'll be good, i promise 12:09:42 meena == scary 12:09:55 and by good, i mean 12:10:24 * meena gestures vaguely at all of JavaScript 12:11:46 but a python virtual machine would be much better, as python exposes much more of the internal interpreter state of the reference implementation 12:15:21 * meena chants Lu-a! Lu-a! Lu-a! 13:25:05 Hi, something is causing my system to freeze when running in X11. How can I detect/diagnose what is causing it? 13:25:31 It's that bad I usually have to just physically reset the laptop 13:26:15 it started happening a few months ago after updating some packages, so I have no idea which package/software is causing it 13:27:04 can you still ssh into it? 13:31:44 I don't run sshd 13:31:51 Im on the laptop now 13:32:22 after sometime x crashes and it becomes responsive again 13:33:17 anyone running nextcloud? does pkg handle updating it from version to version or is that still manual? 13:36:56 for example it just happened about 5 minutes ago was just sitting in x playing music and it became really slow and unresponsive and I tried to switch to a console tty, which eventually it did after a minute or 2, but then I tried to switch back to x and the session has crashed. I see the message "dwm: cannot open display". dwm is the window manager I use. 13:38:14 I've been struggling with this problem for about 2 months now and I'm *this* close to installing Alpine Linux. 13:39:09 if i want to encrypt a zfs dataset, do i need to create it encrypted or can i configure it post-creation? 13:41:19 which I think I will right now 13:42:41 great, i would advise windows 11 though 14:18:55 i see quite a number of people displeased with the system 14:20:17 i was going to ask if he had top open and how his memory was 14:24:10 is freebsd really that hard to use compared to linux? i dont have many problems with it, except my dumb gpu and drivers 14:24:40 some people are dumb. it makes things much harder (: 14:24:50 gzar: i find all software impossible to use. I get near a computer, and things start breaking 14:25:10 See also EUSER (814): User error, replace user. 14:25:53 i dont think its fair to call people dumb like this. especially when its a program crashing when it shouldnt 14:28:17 i get frequent kernel panics due to the nvidia-340 driver on my system. nothing i can do about it. setteled for buying a less old gpu in the near future as i dont expect this bug to be fixed 14:33:04 gzar: i moved to freebsd and it was no more difficult than swapping linux distros 14:33:08 but i'm old school unix 14:33:30 fact is, i think linux wants to be the next windoze. 14:33:38 their desktop push is driving all decision making 14:33:47 i want no part. i want a UNIX box. 14:33:56 freebsd is a better choice for an X11 workstation 14:34:00 and a server 14:34:26 i agree. I'm just saying 14:38:14 hw support isn't as good as linux, but linux for two decades has had limited support. i'm used to that 14:42:21 i'm just so grateful to have decent disk management, zfs, proper updates (bectl+zfs), and strong separation between os and user packages. 15:10:10 yeah same 15:10:27 the /usr/local separation is my favorite way of doing things 15:10:41 jails are also pretty cool 15:16:33 i'm trying to get my new homeserver setup with proper jails 15:16:37 bastille has been useful! 15:20:25 huh never heard of it, looks pretty cool 15:21:03 does anybody happen to know why my linux jails started segfaulting ? i used rsync -av to copy the jails from a different zfs dataset 15:34:31 gzar: logs? 15:35:14 dont know, its just prings a segfault when trying to run some linux binary inside the jail, i restored to re-bootstraping it 15:37:32 do other linux bins work? 15:37:38 and you might check syslog anyway 15:45:26 some work some dont, seems like only really /bin/sh works 15:45:35 find and other utils segfault 15:51:35 bizzare, /var/log/messages shows no extra info either 15:52:25 when i chroot into it i get the same problem 15:52:42 gzar: are you sure your linux compat is setup? 15:52:45 and also in teh jails? 15:52:58 that is what i am figuring out now 15:56:08 some mount chaos going on, i'll have to remount stuff 16:02:29 i recently re-built my kernel with gcc, could it be related ? 16:24:00 gzar, The detail of whether it worked before your kernel rebuild and failed after, or if it worked before the rsync and failed after, is critically important. 16:24:34 It could be related to either. But that a new bootstrap of the system works implies to me that the rsync was not complete. 16:24:57 oh, no not even a new debootstrap works 16:25:25 Then that would imply to me that it is the kernel. Perhaps compiled without a required feature. 16:25:38 You could boot back to the previous kernel and see if it is working. That would test this theory. 16:25:52 i rebuilt my kernel yesterday and booted into it today, yesterday i tested the devuan jail and it worked... so i cant really give the distinction 16:26:09 oh, yeah good idea 16:26:19 the old kernel is usually renamed to kernel.old right? 16:26:21 Also if it were me I would run "ldd -d -r /usr/bin/programthatfails" and see if all of the shared libraries resolve through the loader. 16:26:42 Because if the shared libraries are messed up then that would also explain the problem. 16:27:47 If in the other case that you had two chroots and one worked and the other did not then it would be possible to diff all of the files down both trees and see what is different. 16:28:16 First look for files that are missing or added. Ignore the content differences on the first pass. If all of that made sense then could look a file content differences. 16:29:15 Also if you are using Root on ZFS then you will have Boot Environments active too. Boot Environments ROCK! Run "bectl list" (or beadm list) and see. 16:29:38 Can then easily boot into a previous boot environment and do an A-B test that way, or a system recovery. 16:30:32 https://wiki.freebsd.org/BootEnvironments 16:30:33 Title: BootEnvironments - FreeBSD Wiki 16:31:05 ldd also segfaults 16:31:22 almost everything segfaults in the linux jails 16:31:28 Oh! 16:32:07 I guess I feel a little silly suggesting that now. Since in hindsight that was an obvious situation. Silly me. 16:32:32 sh and its builtins work, some other programs work like cat. some programs manage to print a help message, but most programs just segfault 16:32:34 But if you try that on a working system you will see what I mean about it tracing through the shared libraries and reporting on them all being present or not. 16:32:40 not even bash works, just sh 16:33:03 This _feels_ to me like a missing kernel feature. 16:33:13 ah, none of the libraries were found 16:33:47 but thats me running it outside the chroot 16:34:07 chroot /compat/linux also segfaults 16:34:20 the f did i do 16:34:48 im rebooting into the old kernel and debug some more, thanks for the help 16:35:55 I admit that I subtly included -d -r in the ldd options because those are specific to the Linux version. If it was run in FreeBSD those options would barf. Indicating that it wasn't the linux version. (sly smile) 16:36:39 gotta run, bbiab 16:37:21 As I run let me direct you back to looking at the kernel, since I think the ldd shared library direction is a red herring and the problem is in the kernel feature set. 16:38:05 old kernel work 16:38:07 s 16:38:09 so it was the kernel 16:38:13 again... 16:38:40 maybe i should do a make world instead of just make kernel 16:39:14 seems like some kernel modules were not re-compiled 16:40:51 gzar: nice find. that's the linux compat ;] 16:41:50 i thought make buildkernel automatically rebuilt all modules 16:41:59 is there a command i can make to force it 16:48:11 kind of glad i've yet to find a reason to try and build kernel 16:52:38 i want a kernel built with gcc 16:52:41 not clang 16:56:35 gzar: make buildkernel does rebuild everything using the default kernel config (GENERIC) or whatever kernel config you provide with $KERNCONF. 17:22:44 alright, in that case something doesnt go right when using gcc 17:23:07 gzar: the tree should build with gcc. 17:24:02 it does build, but the linux compat layer wasnt working properly 17:24:42 well, it builds with the -Wno-error option 17:24:56 without it it detects uninitialized variables and aborts 17:38:35 alright, can confirm the problem persists when compiled with amd64-gcc 17:39:33 will have to try a make world with gcc later to see if it solves the problem but i dont want to leave my computer unoperational today so will do it some other time 21:32:38 Does aesni_load=YES in loader.conf actually help improving KTLS, SSL performance of Nginx, under FreeBSD? (My CPU supports Aes-Ni) 21:46:01 aesni is part of the crypto(9) framework, and ktls uses that framework. So it should be used if the actual ssl cipher in use is AES. but that's theory, I've not personally tested it 22:31:06 tercaL: it's specifically used for sendfile_SSL, which if memory serves is part of OpenSSL 3.x 22:32:07 Hmm.. got it. Thank you both, great answers. 22:32:20 See also, ktls(4) 22:34:14 Depending on how you want to define it, it's technically not end-to-end encryption - because that can only happen if it's from application layer to application layer. 22:34:27 It's as close as is practical, though. 23:20:20 seems like tracking latest pkgs isn't any less stable than quarterly because quarterly pkgs sometimes have problems too, and when latest pkgs have problems they get fixed faster. am i wrong? 23:36:53 Hello. The lp (lineprinter) command by default prints 80 columns on a sheet of legal paper. 23:37:15 I have some plaintext unix documents that are designed with an 80 column terminal in mind 23:38:24 however, I need to add § symbols, line number, period, and a space before each 80 column of text 23:38:35 I have already written a program to do this 23:38:58 the problem i'm having is the lineprinter lp command still only prints 80 culoumns 23:40:03 Is there any way to configure it to add just a few more columns to it's printing and possible control the left margin? preferably by decreasing the left margin by 7 or 8 characters 23:40:36 that would allow me to add the § subsection symbols for citation. 23:40:53 I thought UNIX was supposed to be good with plaintext 23:41:54 I am using a Hewlett Packard Deskjet 350 over the parallel port. 23:41:56 Use lpr instead? I think it has a width option. 23:43:08 whenever I try to use lpr it queues the job with no stdout but it doesn't actually print. upon looking further into the issue it's unable to connect to the locally running CUPS daemon. 23:43:21 I don't know why that is 23:44:17 Then I'm out of suggestions. I don't have a printer (or CUPS). 23:44:38 But maybe someone who does will see this and answer. 23:49:11 sfox: are you using CUPS? 23:52:37 (generally, if you have /usr/local/bin/{lp,lpr,lpq} then those are for CUPS, while /usr/bin/{lp,lpr,lpq} are for the BSD lpd 23:55:33 RhodiumToad, That's a good point. Because I am sad that installing any of a few dozen things wants to install cups. I would prefer they did not. 23:56:13 most apps that want to be able to print from within the app will use CUPS to do it, so they'll pull in at least cups-libs 23:57:06 I did a test "pkg remove cups" and there are 45 packages installed which declare they depend upon cups. Sigh. 23:58:40 anything with gtk2/gtk3 will want cups by default 23:58:59 Gratuitous comment on lp versus lpr from the scrollback: As I remember things, lpr has traditionally been the BSD print system and lp has traditionally been the System V print system. 23:59:33 correct, but there's a /usr/bin/lp provided as a frontend to /usr/bin/lpr 23:59:57 Right. Things today are that both systems provide compatibility with the other.