hrm. so i'm using virtual_oss and the software dsp is my default sound device. it works for mpd and virtualbox, but firefox still insists on going to my laptop speaker. i've already set the cubeb to oss. any ideas?

Demosthenex: I think you need to select a sound back-end in Firefox's config.

mason: i have, the media cubed oss thing

Demosthenex: in the context of about:config?

about:config, media.cubeb.backend = oss

kk

That's the only thing that comes to mind then. Hopefully someone else will have an idea. As usual, the devout X folks are in efnet:#freebsd-xorg

Demosthenex, 'media.cubeb.backend "OSS"' in about:config for FF

Case matters?

i have never tried any other way ;-;

would be interested to know as well

nope, still laptop speakers

oss and OSS

and restarted ff

oh hmm

what is the output of "cat /dev/sndstat"

stable/14 branched: lists.freebsd.org/archives/freebsd-current/2023-August/004425.html

Title: HEADS-UP: stable/14 branched

Can I run an LLM on an Nvidia 3090 on FreeBSD?

RhodiumToad: on a related note from our discussion about usb3, I'm using sata-to-usb adapters for SSDs that I use as external storage and the chipset of those adapters allow me to pass TRIM to them. Recently I decided to reformat one of my drives to using UFS+SU but I couldn't use trim with it, despite having done so with them formatted with ntfs.

Would you know what's going on there?

what does sysctl kern.cam.da.N.delete_method show?

Ah: kern.cam.da.0.delete_method: NONE

Okay, so I need to assign it with ATA_TRIM

I suppose that's a thing that should have been detected already and not a tunable.

it looks like you can only set it to values that were detected as supported, except for DISABLE and ZERO

Gotcha

I might want to make a report for this for the adapter chipset.

just found btop - mind blown....

nerozero: yeah, btop rocks

but the zfs stats dont work

regarding sndstat, termbin.com/9dsl pcm0 is the laptop speaker, and dsp (no number) is virtual_oss

Question: If i put one database or one part of table (a partition) on another disk via tablespace, the system shuts down, at reboot freebsd tries to recover db data but finds that one of the disks are unavailable as those were encrypted disks (not yet decrypted). They are manually decrypted after the system starts. Any ideas how safe and sane is

it?

Beladona: just means you'll have to enter a password

and maybe not autostart your db

no, those are geli disks with pools, i decrypt manually

so i set the ifconfig debug flag on my wlan0 using iwm, and i'm only seeing wpa_supplicant messages, any way to see additional data? i'm curious about abnormal retries or state changes

Beladona: ok, so it just means you have no automatic startup

dont' start the DB at boot, or it'll complain it's missing the FS

ok, how can I disable autostartup of postgres? Demosthenex

Beladona: disable it in sysrc

maybe sysrc postgres_enable=NO

ok

then service start postgresql manuall?

Demosthenex where is sysrc?

edit /etc/rc.conf by hand, or use the sysrc command

/usr/sbin/sysrc postgres_enable=NO

and i'm only guessing at the service name

check what's in the /etc/rc.conf first

later you can do service postgres onestart

later you can do "service postgres onestart"

Beladona: my recommendation is to use service <service_name> enable

it uses sysrc underneath, but it also makes sure the service you're trying to enable actually exists

Neat!

That needs to be documented in the help usage and man pages

meena: but it shouldn't autostart, does enable set that or just start it?

man service

enable enables it for autostart

then that's wrong. needed to disable it

Demosthenex: service <service_name> disable

try onestart

i misread.

Demosthenex: in that case onestart is what you want, but you'll have to do it every time

(obviously)

seems all those descriptions are missing from the man page for service

Yep

someone didn't have the time for the BSD way

bet its mentioned in the handbook though

only mentioned once from a brief cursory

service nginx onestart

thx meena

🍺

I appreciate it as well

all I've done for the past week or so was write man pages freebsd/freebsd-src #827

Title: document pmap_kextract/vtophys and optionally improve the code by igalic · Pull Request #827 · freebsd/freebsd-src · GitHub

high respect

but low income

see something commit something

meena: write the software: 2 days. write the man page: 1 month. at least that's how it goes for me usually

service has been around since how long tho

one month turns into a decade

meena so I disable it? I mean how to disable it at boot

you know how rc.conf(5) works ?

$EDITOR /etc/rc.conf

you can use (service disable) but its important that you know where that comes from

and that you can verify that

a front loader doesn't ask if the shovel is attached

only said it that way cause there is one driving down the street right now an im annoyyed

CmdLnKid so I put postgresql_enable=no" in /etc/rc.conf and it will not run it at boot time. Thats all? I can then run manually by `service start postgresql` later?

just make sure that var doesn't appear and youll be in the right place

ok.

CmdLnKid so I delete postgresql_enable=yes" in /etc/rc.conf and it will not run it at boot time. Thats all? I can then run manually by `service start postgresql` later?

but in the least if set no then yes the service will not start

correct

thanks

whatever appears last in rc.conf will be the last evauluated statement

*onestart, rather than start, but yes

if you have more than one then the whats above will take effect

grep 'postgresql_enable' /etc/rc.conf will show

Hello, I'm creating a new port to FreeBSD and I want to split it into multiplace packages (one package with main program and shared libraries, another with development headers, another pkg with optional features, etc.). I'm thinking about using slave ports, is this the right way to go?

Title: Chapter 5. Configuring the Makefile | FreeBSD Documentation Portal

Essentially I want to build it once, but have a different pkg-plist for each subpackage

iomartin: there's a #freebsd-ports channel; but the short answer is that currently, one build can only produce one package

slave ports or flavors can produce separate packages from a single distribution, but each is built separately

RhodiumToad: I see, thanks for the explanation. That's unfortunate, but I think I can live with it it, my port doesn't take too long to compile

it's not conventional in freebsd to split out development headers/libs into separate packages from the runtime

splitting out optional features is good especially if it reduces the number of dependencies on the main package

Yeah, this is what I'm trying to achieve. I'm porting something that on Debian/Red Hat is split into 6 packages so I was thinking I'd replicate it on FreeBSD. Some features are useful just for a handful of users

But some have distinct "make" targets so I can avoid compiling everything for all of them

you can use options in ports

options are... often problematic

firstly, the package builders build only with default options

secondly, packages depending on it can't specify which options they need

maybe I missed it, but what package does iomartin want to port?

they didn't say

I'm pretty sure that the ability to produce multiple packages from one build is a feature that people want, but I don't think anyone's done the work to see what kind of modifications to the framework would be needed

flavors have existed for a long time and there is still a _ton_ of framework stuff that doesn't handle them properly

costly: can you elaborate on how I could use options?

iomartin: have you seen the porter's handbook? docs.freebsd.org/en/books/porters-h…andbook/makefiles/#makefile-options

Title: Chapter 5. Configuring the Makefile | FreeBSD Documentation Portal

iomartin: it really depends on what you are porting, for "normal" applications, I suggest you use Options, for more complex libraries or apps which become dependencies see RhodiumToad's comment, they may not be suitable

costly: I had somehow missed that section, let me take a look

costly: but it is an application to interact with the hardware my company makes. It is not particular large but logically the packages are different parts. For example, there is a documentation package that is large-ish. Or a prometheus-exporter package. So stuff that not everyone will need

costly: I'm getting the impression that options is better suited to allow an user to configure their build once and then they'll always get the same "parts" when they recompile. Is this right? That's not quite what I'm looking for though. The packages will be distributed only on binary form, so there will be no configuring done by the user

oh, this is a private port?

Yes

in that case options are of no use

iomartin: agreed with RhodiumToad

"Or a prometheus-exporter package. So stuff that not everyone will need"

this is very exciting: freshbsd.org/freebsd/src/commit/155…a03b651319ab0e1cde8492ea4516afc648b

Title: FreeBSD / src / 1554ba0 / Add mac_grantbylabel - FreshBSD

hey folks, good evening

\o

meena: that looks cool

is there any chance that FreeBSD get something like OpenBSD's pledge(2) and unveil(2) ?

i guess it's better to describe the functionality you need instead of saying names not everyone is familar with :)

Oh ok, I'm sorry

basically, pledge is a system call which allows a program to limit it's access to system calls

the basic observation was that most programs (ok, especially daemons, but also things like tcpdump) need high privileges only during initialization phase

so the OpenBSD guys grouped system calls in groups (stdio, inet, wpath, rapth ...)

freebsd has capability mode, which has some similarities but is probably somewhat harder to use

capsicum is difficult

and it it not used ... well, obvious there were some tries with some simple programs

capsicum is too difficult

it was an academical exercise as far as I can see

though it would defintely serve FreeBSD's security, if applied to the base system consequently

I would volunteer, if this is the strategy

unveil(2) is a way to limit file system access (it is strongly interwined with the FS with OpenBSD) ... it might be hard

you can say: unveil("/home/user/", NULL)

This will limit the file system name space

some people are trying to make capsicum easier to use. but making it possible to kind of capsicumize a program blindly

Title: Oblivious Sandboxing with Capsicum and EBPF :: FreeBSD Presentations and Papers

The error messages will be the normal ones: ENOENT

take a look at, for example, commit b4d2c3385c (which adds capsicum to tail(1))

that's cool

are there any priorities I can have a look at or help ?

eBPF makes my stomach hurt ...

"How can we run 3rd party software within a capsicum sandbox without modifying their source code ?" (from the presentation)

wrong approach, imho

firefox and chrome run with pledge and unveil on OpenBSD ... upstream

sorry, I'm not good at intercting with people

I love FreeBSD ... but I love some features of OpenBSD, too

and I would love to have them in FreeBSD, too

again, I would like to help, if I can

creith: can you please name a few feature ?

well, pledge and unveil

unveil will not be possible

but maybe pledge would be feasible

capsicum is not the solution, it's too complicated imho

otherwise FreeBSD should probably have a more restrictive way to let new features in

don't get me wrong, I try to be nice

I think to look at Linux is not the BSD way, Linux has become a "Windows badly reinvented"

not sure why you think unveil wouldn't be possible

unveil needs a very deep implementation in the file system

that's easy when you just support one file system

I don't think it will be easy with ZFS

The use case is simple, chromium on OpenBSD (well the appropriate process to be precise) is only allowed to read or write in ~/Downloads

no more unvoluntary backups of your .ssh/<name your key>

if you have a good idea, great !

creith: how is it any better than chroot ?

there are some differences, you can gradually unveil

the error messages you get are normal, which is not the case in a chroot all the times (it is such no file or directory)

are you interested in this ? I can have a look for a presentation of Theo, but it was in 2015 or 2016 ... I am not so much organized with my backups :-=

the problem is that it takes quite some effort from application developers and quite a lot of it for things like Chromium

chromium was pledged in less than 7 days ...

pledge is for system calls, not for file system access, right ?

do you know how many SELinux projects I have been through which failed ?

@checkpoint: yes

it must be in the source code

so, yes pledge is way easier to integrate

if you try it from the outside, you'll always miss one path of execution

and it is the one your manager wants definitely to have

@checkpoint: yes, unveil is pretty difficult

I read that unvail makes app just to segfault if it tries to access restricted path. Now imagine how many surprizes one can get using poorly unvailed Chromium. It will take ages to fix all the possible crashes unvail causes till the app can be usable again.

no, unveil will not segfault ... if a process tries to access a file or directory outside of which is unveiled, he will get a ENOEN

T

sorry

No such file or directory

if you want to play with it, I have an OpenBSD server ...

in practice, if you want to download a file, you can download it to ~/Downloads

The file selection dialog will not show you anything else

you can configure it, if you feel like