It was already strange on m68k, but manageable (A-traps come to mind); powerpc was a little weird (MCEs on address misalignment, anyone?); I've not read the m88k docs enough to know how bad it was for that one though

seems to be Motorola's signature to have strange, unconventional exception mechanisms

dammit, I hate when the documentation lies

Careful reading medical journals, you may die of a misprint. (I think that's Mark Twain)

and now I need to write a test program to see whether I'm right or whether the documentation is

What is the test?

and how do you think they are wrong?

the docs for the login class functions, login_get* etc., say that returned pointers are not to be freed, that memory will be reused or freed by login_close

but the code doesn't look like it does that

credentials?

cause thatd be kind of bad

actually memory leaks from the login class stuff would almost never matter. the code that uses them is almost always about to do an exec()

and there's nothing sensitive in the data, it's just from /etc/login.conf which is publicly readable

what if their avatar is questionable?

:D

looks like I'm right.

get a bug bounty

buy a steamdeck

terraria for the win!

oh look, it's an already-reported bug

nearly 10 years old

RhodiumToad: link it

RhodiumToad: That bug can't even drink or vote yet. Hardly counts.

I think it should probably not be fixed. I think the right thing would be to fix the manpage, and possibly the callers.

Just out of curiosity, is anyone else having issues doing DNS lookups/digs/drills for freebsd.org or forums.freebsd.org? I keep getting SERVFAIL's and BAD REFERRAL errors.

Doesn't seem like it's directly related to only *.freebsd.org, rhough.

Not seeing anything here from a quick check.

looks ok to me too.

Hrm. Something is definitely screwy over here. Thanks!

Of course, it's only screwy if I do caching-only and don't use any forwarders.

I thought it was a DNSSEC issue but I disabled that, too.

Failing somewhere on ROOT server lookup.

make sure that either you have working ipv6 or that your nameserver knows not to use ipv6

I do have working IPv6 but I also set it to IPv4 only to test that as well.

what kind of output are you getting from drill?

It depends on what I try, I suppose.

that's an invitation for you to show an error

Okay.

I get this when I just try a simple "drill forums.freebsd.org": paste.purplehat.org/view/765e80be

Title: DNS derps - PHO Paste

2603:300b:3ba5:6101::108 is your local resolver?

Yeah. It's a local v6 IP on the server. Just connecting to itself.

Slightly tweaked to mask the real IP. Not sure why. It's easily looked up. *shrugs*

can you tcpdump the actual queries being sent by your nameserver and the responses?

RhodiumToad: I believe so.

Title: DNS derps two - PHO Paste

I'd imagine that's not a deep enough dive into the packets to get much info. I'd likely need to grab a pcap or something.

Title: DNS derps 3 - PHO Paste

That's more verbose. I do see some bad UDP checksums in there.

I should actually be asking/sharing this in #dns or #bind or something. I appreciate the help, though!

oh, I bet I know what this is

RhodiumToad: Do tell!

hm, no, I can't replicate it

It's super strange. Especially since I've touched nothing. It was working this morning and this afternoon, everything went kaput.

On not one, but three BIND9 non-forwarding servers.

Maybe it's an ISP issue?

could be.

here's something to test: drill whoami.ultradns.net

if the result you get isn't the address of your nameserver, then someone (e.g. your ISP) is intercepting queries

Returns nothing.

No A record.

try for an aaaa record

Okie dokie.

Same result. And here's what I see in the log: paste.purplehat.org/view/1811d13e

Title: whoami aaaa log - PHO Paste

So, it's trying to do the lookup but just gets bad results.

can you resolve anything at all?

what if you do drill @156.154.69.196 whoami.ultradns.net ?

RhodiumToad: Looks like it resolves? paste.purplehat.org/view/d6720d2b

Title: whoami rDNS - PHO Paste

NOERROR

shouldn't give 255.255.255.255 tho

Interesting.

try drill @2001:502:f3ff::e8 whoami.ultradns.net aaaa

RhodiumToad: Ah, "drill a @156.154.69.196 whoami.ultradns.net" returns "104.225.12.106".

is that your IP?

RhodiumToad: The AAAA record attempt returns nothing.

And, no, that is not my IP.

is it an IP belonging to your ISP?

Not that I can see trying a rDNS lookup.

whois says NetActuate, Inc

dns05-ndfw2-c2szps.001.prd.c2szps.spscld.net is what it resolves to.

Never heard of NetActuate, Inc. *shrugs*

are you using any kind of vpn or tunnel service?

Nope. Directly routing through ISP.

Haha. I'm so insanely stumped.

It is actually starting to cause issues with one of my mail servers, though. So, I'm getting a bit peeved.

And, to reiterate, this is only happening when I'm not using forwarders (which also breaks RBL's so it's not an option).

Why would it only fail for lookups from DNS root servers?

I'll be missing some hair before this is resolved.

what ISP are you using?

Crappy-ass Comcast Business.

bingo.

Thing is, they did a "service upgrade" today (which was only a router battery backup) but I noticed the issues pretty quickly afterwards.

those spscld.net addresses are Comcase Edge Security

*Comcast

Oh, FFS.

they are definitely intercepting your DNS

Alright. I'll give them a call then. Morons.

Thanks!

google turned up various past reports of people having weird DNS issues caused by exactly this

What was the resolution?

turning it off, apparently.

Nice. At least there's an option.

Calling them now.

possibly you had it turned off before and the "upgrade" turned it on?

That's very possible. I'm not sure what they did. I'll make sure they just disable everything. I don't need any of their security warez anyway.

and possibly there's a way to do it via the website?

Perhaps. I'll check that out, too. Thanks again!

this might be relevant: reddit.com/r/sysadmin/comments/s3cg…ce=share&utm_medium=web2x&context=3

Title: falling_away_again comments on Barracuda SafeLinks Certificate Error

anyway, it's clear that this is the problem, rather than anything on your end or on freebsd's end

(that ultradns tool can be _really_ useful sometimes)

Well, I figured it wasn't an issue with my stuff since it was working flawlessly and stopped without changes. I just wanted to make sure it was only me before I started contacting any kind of support.

Wouldn't taken even longer. Figured someone might be able to point me in the right direction. I really appreciate it!

yw

I'll keep that ultradns tool under the belt for future testing, for sure.

DNS is so bad, I can barely use their website. That's a nice touch.

Yep. Disabled that stupid "Security Edge" and everything appears to be working now. Thanks again, RhodiumToad!

is forums.freebsd.org down for you too?

Title: The FreeBSD Forums

stipa: Seems to work for me

Same.

works for me too

dead for me

everything else works

freebsd.org is fine

Title: The FreeBSD Project

stipa: DNS resolution issue, maybe?

is anyone here running a prosody server on FreeBSD?

ek: yeah, something on that note

i'm not sure why some sites work and some don't

could be on the ISP side

now i get the response with 'nslookup' but still no forum

i changed nothing, must be ISP or something else

i accessed the forum for a moment and lost it again after a page refresh

stipa: What ISP? I just dealt with something very similar with Comcast intercepting/blocking a ton of DNS requests with their "Security Edge" proxy/sniffer/filter/whatever... It's awful.

any idea why AT refuses to work for a user? atq: you do not have permission to use this program

ppl should run their own dns resolver

and dont forget about DNSSEC some ppl do not know how to implement it properly and that causes DNS to sometimes resolve and sometimes not

have you read the man page ... /var/at/at.allow

gustik: I do run my own resolvers. Doesn't stop the ISP from sniffing/filtering plaintext record lookups from root servers, though. It's a bummer DoT/DoH isn't supported by root servers (yet).

you do not need that

DNSSEC should check for it

there are checksums for DNS replies so that when some ISP changes the answer it gets thrown out

DNSSEC won't help with ISP DNS query interception.

Exactly. And you get no or bad results which breaks DNS.

Encrypted queries to root DNS servers would prevent interception and MITM replies.

Well, one would hope.

so they are censoring the internet or what

because why otherwise would someone filter the root dns replies

if it is only affecting root dns stuff

they arent sensoring it, they are collecting and selling your queries

one would need a dns resolver that's resolving properly and then connect to it using VPN or DoH

so they try to inhibit you from running your own resolver in order to sell your data?

gustik: That seems to be the case. They claim it's for "safety" but the replies they were returning were WILD.

Title: PSA: Comcast is breaking/hijacking DNS with their "Security Edge" product : sysadmin

everything is on reddit now

moot

ek: A1, mobile 4G internet

austrian owned

ek: could be something similar, i mean, everything i usually do works

in meantime i've sent some email, watching YT.., still can't access forum.freebsd.org

forums*

i think, hmmm, that my local dns server works with 1.1.1.1

could be the cloudflare that is an issue

i'll try to change it to google server

stipa: try the same test I suggested to ek: drill whoami.ultradns.net and see what the IP is (make sure your local resolver isn't forwarding to 1.1.1.1 or other public service first)

what error do you get with forum.freebsd.org?

RhodiumToad: ibb.co/V30FSRm

Title: freebsd-forum-error hosted at ImgBB — ImgBB

RhodiumToad: (make sure your local resolver isn't forwarding to 1.1.1.1 or other public service first), what does that mean? i have to have a DNS server, which one if not google or cluflare one?

stipa: I think we were assuming you were running your own caching or forwarding DNS server locally.

i do run a server locally

If you're just using any random public DNS server, it could be a problem on their end. You could try 1.1.1.1, 8.8.8.8, or 9.9.9.9 to see if the results change. If they don't, the problem is likely not a DNS issue.

stipa: Ah. If that's the case, just remove the forwarders. This will query root DNS servers only and not use things like Cloudflare or Google.

Then run the ultradns test that RhodiumToad suggested.

wait, i'll check what ISP router has set

i turned its DNS server off the moment i got it

you can also do e.g. drill @156.154.66.196 whoami.ultradns.net

the result should have whoami.ultradns.net. 0 IN A your.ip.here

if it has an IP that's not yours, that's when you know that someone is intercepting your DNS queries

hmm, yea there's an ip

is it your public IP, or something else?

it's the same as at myip.com

Title: Check your IP address | MyIP.com

ok

wait

it's not

there's a difference in third column of the ip adress

three other columns are the same as my iš

ip

so, what? that's the DNS server on the ISP side?

it might be. try a reverse lookup on the IP

if this is a mobile provider it's quite possible that you're behind multiple layers of NAT

what should i type for reverse lookup?

dig -x [address]

which adress?

drill -x IP using the address you got back from whoami.ultradns.net

ok

i've got something,

what am i looking at?

i guess the idea is to map all the DNS servers that intercept my queries to a main one?

no

what did you get?

RhodiumToad: pastebin.com/mfzRLVCc

Title: asus@asus:~$ drill -x 95.168.121.39;; ->>HEADER<<- opcode: QUERY, rcode: NOERR - Pastebin.com

ok, those dns names aren't informative, all we can tell is that they're from your ISP

yes

why would they intercept queries?

subnetting?

security, censorship, cacheing for efficiency, monitoring user behavior, gathering marketing data, who knows

i would guess DNS repeaters that send queries through subnets

but, hmm

why would the forums.freebsd.org be blocked in such things?

no matter which global DNS server i use it'll my queries will always be filtered

what does drill @163.237.210.11 forums.freebsd.org return?

nothing

empty

Title: asus@asus:~$ drill @163.237.210.11;; ->>HEADER<<- opcode: QUERY, rcode: REFUSE - Pastebin.com

you didn't type the command correctly

drill @163.237.210.11 forums.freebsd.org

right

Title: sus@asus:~$ drill @163.237.210.11 forums.freebsd.org;; ->>HEADER<<- opcode: QU - Pastebin.com

that looks correct. so DNS probably isn't the issue here

does drill -T forums.freebsd.org work?

seems so pastebin.com/jsxQJRSJ

Title: asus@asus:~$ drill -T forums.freebsd.org. 518400 IN NS m.root - Pastebin.com

ok. so your DNS is fine.

it's 8.8.4.4. now but still no forum

same as with the 1.1.1.1

you may have been blocked from the forum because of misbehavior from other users of your ISP, or there may be some unrelated problem somewhere

who knows

yeah, works with opera and it's VPN feature

proxy is 77.111.247.69

stipa: Reach out the forum admins and ask about it. They'll probably be able to help you out.

ek i'm not a member of the community really, and i guess the conclusion would be the same as you suggested

thanks for the proposal

actually, what RhodiumToad suggested

i've got freebsd in a VM and that's about it

if i want to set something or change i sometimes end up on the forum

is there a way to output a horizontal line in the terminal, without putting echo "=============================================================" in your script?

printf %"$COLUMNS"s | tr " " "-" # apparently, this works in bash

wonder if it works in ((t)c)sh

works in fish, but not in tcsh

doesn't work in sh, either

I have been using fish recently but I uninstalled it, it is too heavyweight

I like lightweight shells like ksh, but even there I noticed that new ksh is consuming more RAM than old bash, even though bash can do more...

I would do printf with - and skip that tr pipe, also ${COLUMNS}

gustik: bash has probably seen a lot more work, because it's a default she'll in many environments, and as such used for scripting, so it's important to be very performant

I could set a default, if COLUMNS isn't set

hi gustik

I'm rebuilding alpha.pkgbase.live! cast your wishes for which architectures you want to see (and use)

meena0: does it have to be full width? printf "%80s" | tr " " "-"

rtprio: having a sensible default, would be good in case COLUMN isn't set

or `tput cols`

which should work regardless of shells

rtprio: thank you, that's exactly what I've been looking for

meena0 paste.ec/paste/Ua2uETzN#6vkt5nIMRpivfHXy2tQK5+D7vWJlBADKhHd+D7cDns3

Title: 0bin - encrypted pastebin

tsoome: did you change anything to get that?

I did allow BLT only pixel mode. ofc the kernel console is not shown because fb address is 0.

what's BLT? and why is the fb address at 0?

fb address is 0 because there is only virtual framebuffer

BLT "block transfer" primitive to draw the screen

that is, function from GOP protocol of UEFI.

and can a virtual framebuffer be used?

the text is on screen, therefore yes. but I do not have that kernel driver code integrated, so I have no idea how good it is:)

So you mean, once past loader, there won't be any displaying until virtio_gpu is loaded?

or do i misunderstood?

yes

thats because efifb is built assuming we have framebuffer where we can write pixels (store 32-bit data)

tsoome: and why can't we write to a virtual fb? because it needs more bootstrapping? something a driver would do?

virtual fb does not provide video memory to write to

hm, the vm actually does also provide serial console (port).

So if virtual fb can't be written to, what is it good for? and if virtual fb can't be used, but serial console exists, why aren't we using that?

meena0 paste.ec/paste/ue0NqPW1#IgfOGNHCFUBmCjTpJEk9BbeXrJTeQ0+iiVL5sUJ-OSL

Title: 0bin - encrypted pastebin

virtual console does provide functions to write to console, just as does virtual block device and virtual network device. So you would need driver for it.

hetzner actually has serial port feature, but it seems they do not provide interface to access it. or at least it is not easy to find.

tsoome: try a support ticket. tho i wouldn't expect any answers any more

if I'm setting up alpine linux in a freebsd jail do I need to exec alpine's rc

hyvoid: Only if you want it. That's the difference between a system container and an application container.

hi

thanks mason