So. . . I have apache24 running on 12.4-RELEASE-p4 and it works, but. . .

After the host boots, apache logs just find, but after log rotation, the access logs stop getting logged to.

Restarting apache doesn't help.

Restarting newsyslog doesn't help.

how are you rotating the logs?

newsyslog

/var/log/trioptimum.com-access_log 640 10 200 @0101T JC

that's not going to work well

I'm open to recommendations.

so the best solution is probably to log to a program that does the rotation

Well. . . that's always worked for me before.

otherwise, you have to arrange to do an apachectl graceful after the log rotation and _not_ use any compression options

Is that what the 'C' option is?

J

C is to create the file (which should be ok)

if you want to compress the files, you need to wait a significant time (10+ minutes, depending on how long you allow persistent connections to last) before doing it

(because existing sessions will still be writing to the old log file)

I'll try with compression disabled.

Does apache support loggin to syslogd's localX?

not afaik.

RhodiumToad: You should be able to have apache close/open the file.

but it can log to a program, and that program could be 'logger'

move file, signal apache, it closes/opens, then you compress

skered: pretty sure only apachectl graceful does it

httpd.apache.org/docs/2.4/logs.html <-- see "Log rotation"

Title: Log Files - Apache HTTP Server Version 2.4

Thanks. .. I thnk for now disabling compression fixes the primary issue. . . I'll read & think about a better solution.

RhodiumToad: That's USR1.

So you give newsyslog the location of the PID file and the signal to send to it.

What would that newsyslog config look like?

Look at /etc/newsyslog.conf comments

skered: you still have to disable compression at least for the first file

I think it's what you have plus "... /path/to/pid signal"

sig1?

try /var/log/trioptimum.com-access_log 640 10 200 @0101T CBJp /path/to/pid SIGUSR1

the 'p' flag tells it not to compress the .0 file

USR1. But maybe RhodiumToad is right... How does newsyslog know it's ready to compress

by the time the .0 file gets rotated to .1, it should be safe :-)

Maybe some of that syntax in the "when" column.

wait, 200kbytes? that seems small

Yeah, if it's his a service you care about them someone can DOS the log files.

That does seem small.

obviously it's 200kbytes or 1 hour, assuming you're running newsyslog once per hour as usual

or apparently 1 month from your "when" syntax

owwww yip yip feeling super hyped

i finally got suspend and resume to work on freebsd running on thinkpad x1 extereme gen 3

bsdbandit01_: awesome

that's good to hear, I have an Intel T16 Gen 1

signalblue, you mean Lenovo?

sometimes freebsd slows down with many browser tab and qbittorent running and top shows very low laod avg liek 1 or under

is top not working

qbittorrent sometime fills swap 16g on my z250 8x3ghz cpu i7 8g ram

so i turned off os cache in qbittorrent

seems be working better

mostly things run great

firefox will not save web pages correctly soemtimes

chroem does

load average is about cpu, if you're swapping heavily then the load average will be low

(since everything is waiting for swap)

top has a line about swap usage which includes "In" and "Out" stats, if those show up you know you are actively swapping

ok

can I switch audio in chrome to earphone without restart of chrome?

hw.snd.default_unit: 0 -> 1

I have a little script that changes this setting

but lose all my tabs if I restart chrome

gaa!!

RhodiumToad: are you a big postgresql user?

you handle looks familiar

user, contributor, (occasional) committer

RhodiumToad: ...where's the line between contributor and committer?

pg has a relatively small set of committers

so is it more like "you submit a patch to a mailing list and someone else commits?"

yes, except that there's a review process and a tracking system

I think the review process and specifically the requirement to have someone else commit your changes is something FreeBSD should borrow from Postgres

I think that hurdles like that do more harm than good

swings and roundabouts

as a non-committer to freebsd I find things extremely frustrating; contributions go ignored both before and after review

They discourage code cleaning and refactoring and the end result is code rot and basically an unmaintable mess for a code base

but note, it's normal for postgres committers to commit their own work

which "they"?

intrusive process hurdles

I don't get it why FreeBSD and/or PostgreSQL doesn't have a self-hosted gitlab-like instance, it's so much easier to manage contributions, ci/cd, etc :)

some pg devs aren't big fans of web interfaces and want to do everything by email

mind you I've also worked on (and continue to work on) code that looks like a midden that had almost no barriers on committing changes

RhodiumToad: right, but for the FreeBSD folks I think it would be nice (it could replace Phabricator, Jenkins, maybe Bugzilla, etc )

that reminds me of bde replying to bugzilla comments by email (to the mailing list)

linux glibc gcc etc all seem to like reviewing patches by email

paulf: yeah, I guess through some vimdiff-like $EDITOR

Updating FreshPorts - I noticed some unpatched vulns.Let's be truthful there. Nagios told me. Because vuxml was updated. Thanks #FreeBSD.

no, not sarcasm. It was thanks for giving me the tools so I can automatically monitor the vulns.

Done.

dvl: cool

since i can't figure out how to tell my VMs that they've been woken up from sleep, I'm gonna put service ntpd restart into cron…

meena, why not just disable ntpd and setup ntpdate(1) through cron

that would do the same… hrm…

*/20 * * * * root /sbin/ntpdate -b ...

i do the same in my VB vm's

CmdLnKid: what do i fill into the … ?

time.nist.gov

your ntpserver

incase you are wondering ... ntpdate will not set the time if ntpd is running

i disabled (open)ntpd

wish we had a updated guest additions... this would be so much easier

good morning everyone

team, after a freebsd update, does the update process leave the old fstab someplace I can check?

CmdLnKid: right, i should look into that.

its there its just not quite as easy as one would think.

neuter it, without the fs stuff and i think it'd still be worth while

one could argue we don't need it to report mem and disk usage as well and then it would just be a overhyped time server ;)

heh

CmdLnKid: is this virtualbox guest addtions, or qemu?

vb guest additions

maybe there is a setting to ntpd to just adjust the time no matter how far its off but i never looked into that

There is, IIRC.

CmdLnKid: ntpd itself crashes when the time is too far, but it will happily start up, with the right setting

openntpd, otoh, does… nothing, until you restart it

stable/13 ntpd just sits there for me and refuses to update the current time

always slew time :P

been that way for me since stable/10 ish

-g, in 13.2.

so now not just iburst, but panic sync first up? wow

i get the refusal to update the time considering time attacks are real but see no real way to say do it anyway

i like that there's sanitychecks. manually sync once, and then slew forever.

i wouldn't even know where to begin hacking on that problem. those ntp folks are on a whole other math level than me

itd be great if we had a native module with some sort of standard on what to expect to adjust the time and do basic stats etc.. that additions provide

fs integrations are just not needed in my case at all

CmdLnKid: set the -g like V_PauAmma_V said, and also set slew with -x

on startup it should panic sync, and then maintain

for ntpd

i just hadn't looked into it yet. so really don't know where or what to begin setting it to as i have a local ntp server that excepts queries local net and ntpdate has sufficed through cron

not like they are production anyway

CrtxReavr: I mean Lenovo, yes.

Um. . . you can sync an ntpd with time.nist.gov, but don't point your end-clients at it. . . be a good ntp citizen.

I would just point your ntpd at the 0.CC.pool.ntp.org servers the FreeBSD project maintains. . . they do a very good job.

signalblue, I thought you meant a Thinkpad.

0.freebsd.pool.ntp.org I think? I'm not sure 0.CC.pool.ntp.org is FreeBSD.

point at your closest ntp server.... for me thats the one closest to my edge of operation

I do mean a Thinkpad CrtxReavr

Lenovo is the brand and Thinkpad is the model

V_PauAmma_V, oh - fair enough.

signalblue, I'm very aware.

CrtxReavr: then why get caught up in semantics

I remember when ThinkPads were made in the US by IBM.

And so do I.

They are still designed in the US.

And I remember when IBM started outsourcing manufacturing to Lenovo. . . and when Lenovo purposely started doing shit manufacturing to cheapen the ThinkPad brand. . . and then bought the Thinkpad name at a bargain price.

the one I have is made in Japan

Lenovo purposely started doing shit manufacturing to cheapen the ThinkPad brand?

signalblue, yes. . . about 10 minutes down the road from me.

I think I know what you're talking about, can you elaborate?

Matter of fact, I used to work in building, originally built by IBM which was the warehouse where PC were customized before being shipped.

huh, very interesting.

We turned it into an 800,000 sqft. lab for developing and testing storage products.

(EMC)

Dell?

Still there. . . just says "Dell-EMC" out front.

interesting... good to know

That one building is Duke Power's largest customer.

if not the thinkpad, which modern laptop do you recommend power users purchase for long-term ownership?

ThinkPads are still solid laptops. . .

a macbook

Though. . . I do sorry about chinese chips spying on their users, whether that's a valid worrry or not.

yes, thinkpads are still solild. mine has all of the hallmarks of older designs.

Shit keyboards.

Shit touchpads.

CrtxReavr: I don't believe it to be a valid worry.

Shit UI.

the power you want, the bus speed you need, the memory you want and fluidity

signalblue, it certainly was for SuperMicro.

CmdLnKid: I can't stand using macbooks, i've tried and it's just not for me.

expensive but you have a bsd underpinning

though credit where it's due, apple sillicon is highly rated.

CmdLnKid, not so much anymore.

bsd underpinning is possible on any hardware due to the nature of bsd

as close as you get a as a client

OSX/macOS hasn't had a BSD kernel in a long time.

you are not getting closer

10l2?

my production web server is 13.2 on Hyper-V on a Windows 11 Pro workstation that's 7 years old

everything is stable

er - 10.2

I'm not saying the move to a Mach kernel was a bad done, but it's gotten further and further from its BSD roots.

typical

OS X always had a Mach based kernel with BSD bits. Are you thinking of Mac OS Classic?

Considering that the BSD bits consisted of the VFS, netstack, process model, and command line utilities, it was never really that much BSD either.

It becomes broadly POSIX compatible because it has those bits, and one version was even certified by Open Group for the purposes of marketing (it has to be renewed for every version to count, which Apple didn't do, to the surprise of absolutely nobody), but it's not meaningfully important nowadays since there's nothing that uses any of the BSD syscalls when it runs (at least as far as I've tested).

OS X was built the way it was because of Jobs' time at NeXT, which combined Mach from CMU with bits from BSD.

10:35 < debdrup> OS X always had a Mach based kernel with BSD bits. Are you thinking of Mac OS Classic?

That's insulting nonsense.

The original MacOS, was cooperatively mulit-tasking garbage, that had zero to do with UNIX or BSD.

However, there was A/UX which was BSD based.

OSX (or MacOS v10) was absolutely BSD-based (Darwin?)

There's also a reason why Apple hired jkh.

Schamschula, sure - but that never ran on a "Macintosh" - It ran on the Apple IIgs.

(I had a friend who ran a BBS that offered shell access on it.)

Wrong! It ran on Macintosh II and up.

A family friend worked for the company in Berkeley that developed it. She was given a Mac II for her work.

regardless point being ... if you are confortable with freebsd you will be with macos, therefore making it a pretty great client system whether you are using macports or homebrew

its not the same as it used to be but don't get me wrong

CmdLnKid: that's a fair statement, I think.

I actually used FreeBSD and became comfortable with it first, so moving to MacOS was pretty straightforward.

admittedly, going from a "distribution" to an "operating system" was a shock at first.

Schamschula, okay, it ran on some "Macs," but it absolutely ran on the IIgs.

Yup. I use FreeBSD as a replacement for the long abandoned MacOS X Server and macOS with MacPorts as my client platform.

not trying to promote macos in freebsd but when it comes to interective content and userland it seems the most conformative with the right amount of controls and responsiveness. ya just can get that anywhere else.

No. A/UX never ran on Apple IIs. It had a minimun hardware requirement of a 68020 and an FPU. See en.wikipedia.org/wiki/A/UX

Title: A/UX - Wikipedia

there just isn't a iterm2 in linux/bsd for term interaction

and thats not the showstopper

CrtxReavr: go look at the source of Darwin, which is used to build modern macOS, and see how much (Free)BSD code is in there anymore: github.com/apple-oss-distributions/distribution-macOS (hint, they're in XNU, which itself is a fairly small portion of macOS considering it doesn't include any of the GUI (and everything related to it like Cocoa, Metal, Core(Audio|Video), DriverKit/kext handling,

Title: GitHub - apple-oss-distributions/distribution-macOS

Xcode (which, granted, isn't part of the distribution, but you're not going to get very far in building macOS without it), and many many other things I'm sure I'm forgetting.

Sorry, it's called IOKit.

First step in building anything in Homebrew or MacPorts: install Xcode (often the Command line tools will suffice)

Schamschula: well, that's got more to do with Xcode including LLVM than the IDE itself

Homebrew and MacPorts used to rely on GCC, I think?

Absolutely!

Way back, before Apple defaulted to LLVM/Clang

MacPorts still maintains ports for PPC based machines (10.6.x). They still use gcc.

debdrup: apple does unix certification for every major release of macOS

see opengroup.org/openbrand/register, it's current up to 13.0 "Ventura" even

> not meaningfully important nowadays since there's nothing that uses any of the BSD syscalls when it runs (at least as far as I've tested).

this one's a bit vague to judge, but there's still a bunch of BSD utilities and libc under the hood that drives non-UI stuff

The trick used to be going into /usr/lib or similar and "strings -a * | grep -i rcs" or somesuch to find CVS information.

you don't even necessarily need to go that far to see what's up with how much they publish to github these days

z/OS is POSIX certified?!

e.g., I can see here that they're using bsdgrep: github.com/apple-oss-distributions/text_cmds/tree/main/grep

Title: text_cmds/grep at main · apple-oss-distributions/text_cmds · GitHub

Also, I'm surprised Solaris isn't certified

certification takes both $$$ and time

there's a fairly extensive test suite that you actually have to mostly pass in order to become certified

you can see some details here, though it costs to actually get access to the test suites: opengroup.org/testing/testsuites/unix.html

Title: Test Suites - UNIX Systems

but I mean, just reviewing the descriptions of each of these, you can tell it's pretty extensive

too many standards and too many names for the same standard

but is anything SUSv4 certified?

imo SUS and OpenGroup and IEEE or whatever are all very nice but the 10 billion flies have settled on Linux

kevans: top in macOS includes a column for BSD syscalls, and they're never used by anything I've ever run

this SYSBSD column is off the charts in a lot of processes on this Mac Studio serial console I have here

bluetoothd alone is sitting north of 20230000

oh, I probably haven't had a power outage lately

yeahhh 11:56 up 91 days, 9:03, 1 user, load averages: 0.80 0.78 0.75

Maybe it's also the fact that I don't use my macbook pro anymore since I got a FreeBSD laptop.. :D

It's clamshelled and in standby mode on my nightstand, and usually the TV remote is on top of it

debdrup: oh cool what laptop is the FreeBSD laptop?

T480s

that is a really nice thinkpad

I'm on a T495s now, depends on what you want to do with it ;)

ran freebsd on it for quite some time, just happen to have Garuda linux on it now though

(sorry, I read "that" as "what", I saw a question where there wasn't one, I'll crawl back under my rock)

I'm trying to write an rc.d script that needs to run with a specific group, as it will create a file that needs to be owned by root:mygroup. I set ${name}_group=mygroup but that doesn't work, it's owned by root:wheel. Changing the user works, though, via ${name}_user=. Any idea?

iomartin, you sourced /etc/rc.subr ?

iomartin: _group is respected only if _chroot is in use

Hmm I see. What I'm actually trying to do is create a socket somewhere on /var/run/. I noticed that if I have _chdir as /var/run/foo and change the ownership of /var/run/foo to root:mygroup, then the socket is created with the correct ownership

So now I just need to create that directory with the correct ownership

Is there an option for that I should handle it in my _start? I'm currently only setting _chdir= and command=

right, group ownership of new files comes from the directory, _not_ the user

What source browsing tool is the current place to go these days to dig for a commit?

I'm looking at comment #28 in this bug and trying to figure out what the "fix" was: bugs.freebsd.org/bugzilla/show_bug.cgi?id=221122

Title: 221122 – Attaching interface to a bridge stops all traffic on uplink NIC for few seconds

(the fix seems to have been unfixed at some point, the problem persists)

iomartin: looks like creation of /var/run subdirs is usually done in a _prestart function

some packages create their /var/run/blah subdir on install (as a directory in the plist)

also there's an rc.conf option to save/restore the /var/run directory structure in case you have a tmpfs there

Hmm thanks, let me look at _prestart

It's working now \o/, thanks!

so anyone know easy way to read some text files on a ufs thumb drive on linux? need to get freebsd interop with linux

cat /mnt/myfile.txt

or do you mean 'how do i mount my thumb drive' ?

ya i guess maybe that's it

polyex: some Linux systems have UFS compiled in

do they really?

I haven't compiled a Linux kernel in a long time, but i do remember that und FS section is excessive

pretty sure UFS is among it, but which version that is is hard to tell

and to be fair, ext2 and UFS are close relatives, so it makes sense

If anyone needs to know how to make Blender not lag, let me know. I found the fix.

i'm trying to set up a new home router with freebsd

i'm starting with a very simple pf.conf, just pastebin.com/xxvgkwmp

Title: int_if="{ bridge0 }"ext_if="dpni0"nat on $ext_if inet from !($ext_if) -> ($e - Pastebin.com

thing is, i have the full access to internet from my router and i can ping external hosts from behind the nat

i can also load websites via port 80, but loading anything via 443 just fails

but not when i try to curl something with https from the router itself

is there any sysctl i need to set?

or something in pf?

sounds weird. might need to keep state. not sure. perhaps you'll find something interesting here: docs.freebsd.org/en/books/handbook/firewalls

Title: Chapter 33. Firewalls | FreeBSD Documentation Portal

i added keep state, but doesn't help

pkubaj: did you already add the forwarding sysctl? either with the rc parameter or sysctl.conf

rtprio: indeed, net.inet.ip.forwarding: 1

and i can actually ping external hosts from inside the nat just fine

how are you testing https from the nat'd host?

e.g. curl -L -v freebsd.org

and the error message is?

rtprio: no error, just hangs

oh, it finally timed out

* SSL connection timeout

* Closing connection 1

curl: (28) SSL connection timeout

what about.. maybe something more determinstic

curl -I freebsd.org

Title: The FreeBSD Project

to that end, does it work on the box doing the nat

rtprio: that's the output from my router: pastebin.com/u5SUAm4q

Title: pkubaj@ten64:~ $ doas pfctl -snnat on dpni0 inet from 192.168.1.0/24 to any -> - Pastebin.com