00:34:27 ExclamationPoint: double nat works most of the time, but is there not a better way to layout your network? 00:35:40 why would you need double-nat rather than plain forwarding? 00:43:38 right; either flatten the network, or add an interface on 172.16 on `C' 00:54:11 <_xor> What's are the biggest benefits that ipfw has over pf again? 00:54:54 * _xor is looking over his notes and trying to prioritize tasks and needs to weigh how much potential time ipfw might save or add additional value over pf 00:56:38 'C' doesn't even need an interface; if forwarding is enabled on B, then C just needs a route to 172.16 pointing at B 01:06:45 _xor: that's a tough question. 01:07:05 While this does not answer your question, I like pf for its simpler rule writing. 01:07:26 At the end of the day ipfw and pf can get you the same result. 01:08:09 <_xor> I've heard both sides of that, where some people prefer pf-style and others prefer ipfw-style. I use jails a lot, along with netgraph, and from what I understand ipfw has better jail support (with regards to commands in base). 01:08:42 <_xor> Yeah it's not a super high priority, but I can't really decide that without knowing how much time I'd have to put into ipfw to weigh it's trade-off against pf. 01:09:25 <_xor> pf is generally fine, though I'm not a huge fan of how it handles dynamic rules via anchors. It feels a bit hacky. 01:10:01 Can't say I ever had a need to use anchor rules in pf. 01:10:23 That's just me: I like simplicity. 01:11:06 <_xor> I do, when needing to deploy services on a host that requires privileged ports. I usually bind the service to a non-privileged port and rdr from the privileged port to the higher-value port. 01:16:17 I'm guessing that's the case when redirecting ports to services running inside jails. 02:11:53 hello, has anyone here run into clock drift on a Digital Ocean Drooplet? (ntp looses sync after a few hours) 02:22:08 A droplet using FreeBSD, you mean? 02:25:57 yes, originally DO had FreeBSD 12.1 images and I have continually upgraded them to 13.2-p2 all are fine, but one drifts 02:26:48 I see ntpctl showing: clock unsynced, clock offset is -921.282ms 02:27:46 i've used the heck out of tables in pf; i don't recall similar functionality in ipfw 02:28:22 but i've found the fewer the letters in the firewall, the better. iptables = bad, ipfw = ok, ipf = better, pf = best 02:28:41 it's a lot of pressure on anyone who writes a firewall named 'p' or 'f' 02:32:14 OK. One possibility (which may not be applicable to DO) is that the host pauses that droplet, which puts its ntpd out of whack. 02:33:53 Is ntpd (or whatever you're using, but you mentioned ntpctl) that droplet and the ones that don't drift configured the same? 02:34:23 s/that/for that/ 02:36:37 rtprio: ipfw has _extensive_ table functionality 02:37:54 they all run openntpd and just have the default config 02:38:59 The default config for... openntpd? 02:39:35 yes the default that pkg install openntpd sets up 02:40:23 OK. Now the other question is whether they all have the same DO config. 02:42:37 the one that is failing is different in that I changed its CPU to DO-Premium-AMD from DO-Regular to see if that would help, but still drifts 02:43:04 the one I compare it against in the same datacentre is still on DO-Regular 02:43:14 disk/ram are same 02:44:24 And both/all are running the same openntpd version? 02:46:53 yes, I checked sha256 of ntpd executable and /boot/kernel/* to make sure no differences 02:46:57 are there any logs about it? 03:12:03 what if freebsd and openbsd became one OS, each variant its own branch which in time will merge as one 03:15:18 this a meta-question that has no answer 03:16:17 we could buy back the BSD trademark. get rid of those meaningless mascots. to new users, it would just be a backend option, in the frontend we'd make something like the world's greatest widow manageror or something (i actually have some ideas for that) 03:16:30 angry_vincent: that it is... 03:18:45 good luck with your ideas 03:19:20 thanks (the window manager) 03:19:41 freebsd + openbsd would be a warzone for years 03:21:38 did it always? 03:21:47 huh. 03:24:20 i think the windowmanager would make a lot of sense forsomething that wereto apppear in 10 years time. 03:26:39 rtprio: the table functionality? I don't know about "always", but certainly for a long time 03:29:46 you'd navigate around a 3d-looking hierarchy made up paraeters as in parametric architecture, depending on your current emotions, your todo list for the day, your physccal surroudings. it wouldnt really be 3d, but rather aa bunch of 2d particles giving the illusion of 3d. todays WMs are inspired by office space, destops,papers,pens. thisnewWM would be inspired by theinfinite spacethat surrounds us. your 03:29:52 personal files, the oes that are smilar, would rotate around each other. 03:30:21 warzone is a bit... dramatic 03:30:21 it wouldnt look like this: https://i.imgur.com/T0VYOAs.png although it would feel equally alien to us at first 03:30:38 i do wish that freebsd's pf didn't diverge so much, but not a lot to be done about that now 03:30:52 (stupid pic is just an AI gen, notmeant to represent the future WM) 03:31:04 rtprio: sorry to hear that :/ 03:31:25 i hope you can run pf-badhost? 03:38:01 in my present situation, firewalls are not my problem 03:39:48 not sure where to report this, but `fossil` seems to be broken on ppc64le, i'm presuming due to sqlite (which fossil uses) also being broken on ppc64le 03:40:30 ironically i ran into this while trying to do testing to get upstream sqlite to fix this exact issue 03:50:26 the issue is the same as with some other packages, such as firefox, where sqlite's endian detection incorrectly assumes the endianness based on a compiler define 03:54:11 <_xor> Fossil was built for SQLite development, and it's built on top of SQLite too hhe. 03:54:57 <_xor> I'm not quite sure I understand what you mean though by detecting architecture endianess; meaning, detecting it compile-time vs. run-time? 03:55:19 <_xor> Wait, would that even work? 03:56:15 certainly should 03:56:35 compiler needs to know what endianness of binary it is writing, after all 04:02:53 apparently sqlite assumes powerpc* is all big-endian, which is weird. my understanding was that ppc64le was way more popular than be in linux land 04:04:55 these days, yes, it absolutely is 04:05:27 before POWER8 it wasn't, since most (all?) ppc64 chips did not support the little endian modes and instructions 04:05:58 ppc32 ones did, weirdly enough, and yet nobody really ever did ppc32le. though it's possible to build a rootfs for that and i've heard two independent reports of someone getting it to boot 04:06:03 yeah, I suppose the defaults for something like this don't really adjust to the times very often 04:21:23 * RhodiumToad is a bit peeved at the fact that little-endian seems to have mostly won the endianness wars 04:22:14 yeah 04:22:36 at least one of our primary ppc folks is die-hard BE all the way, really admire his dedication 04:24:40 I've mostly been forced by circumstances (and lack of ppc hardware) to work on little-endian systems 04:24:52 my other pet peeve is signed chars 04:25:29 that one's bitten me recently, even 04:26:06 having to cast to unsigned char to do something as trivial as isspace() is a pain 04:49:20 hey say i run some freebsd website, am i allowed to play with alternative logos as long as i mention it in the footer? .png 04:49:56 heres a blockchain logo, is there ay way to use a similar approach for a new freebsd logo? what could it be made of? 04:52:17 the blockhain was made in blender, freebsd's coud use https://github.com/danini-the-panini/mittsu instead 04:52:19 Title: GitHub - danini-the-panini/mittsu: 3D Graphics Library for Ruby. 04:52:26 i guess i could turn the rectanges into spears 04:52:43 * gles 07:30:46 what do you do when you make a typographical error (typo) and kill the wrong process... any way to find out what it was, or might you just have to reboot? 11:22:56 <_xor> RhodiumToad: I meant determining it at run-time. 11:23:24 <_xor> Though I guess that would be up to the OS & run-time loader. 11:24:26 <_xor> iOS and Android can bundle up multiple architectures into a single executable. I think that includes architectures with different endianess. 11:25:43 <_xor> er, I mean the on-disk file of what they expect to load and launch can contain executables for different architectures. 11:27:32 * _xor just Googled for more info 11:27:39 <_xor> https://stackoverflow.com/questions/38727993/multiple-isa-in-same-elf-file 11:27:40 Title: linux - Multiple ISA in same ELF file - Stack Overflow 11:28:00 <_xor> Not sure how true that is today, but the answer was edited in May of this year, and it seems logical. 11:30:57 <_xor> "having to cast to unsigned char to do something as trivial as isspace() is a pain", lol that would be super annoying 11:33:08 <_xor> "apparently sqlite assumes powerpc* is all big-endian, which is weird. my understanding was that ppc64le was way more popular than be in linux land" 11:33:32 <_xor> kevans: It makes me wonder what actually led up to their decision to make that assumption. I mean knowing that project, I'd guess it was a good/necessary assumption to make, but I'm curious as to the logic behind it. 11:34:20 <_xor> I know that their test suite is required for a bunch of private/government-related work, so I'm guessing both compliance and being able to meet strict requirements. 11:35:10 <_xor> Last I saw, their test suite was 8x the size of the main codebase. From what I remember, ~60%-70% of that is fuzzer-generated. 11:36:43 <_xor> I guess they had to say PPC=BE to make it work and also be able to stand behind expected behavior. 11:49:39 I noticed that my recent FreeBSD kernel says 15.0 but we haven't branched 14.0 yet have we? 11:50:14 crb: 14-STABLE is branched: https://cgit.freebsd.org/src/log/?h=stable/14 11:50:18 Title: src - FreeBSD source tree 11:50:33 perfect, thank you 13:13:45 Well that was a pain. Scored a bunch of 10T SAS drives super cheap... tried building a new zfs pool with them.. discovered they're all formatted for 520 byte sectors. 13:14:08 At least i was aware how to fix that just never have had to - at the rate theyre going i think its going to be tuesday when i can build the pool. At 11% after a couple hours 13:53:40 520 byte sectors ? 13:54:08 logical or physical ? 13:55:19 https://forums.freebsd.org/threads/deciding-what-to-do-with-520byte-sector-size-ssd.79361/ TIL :) 13:55:20 Title: Other - Deciding what to do with 520byte sector size SSD | The FreeBSD Forums 14:02:07 520b wtf 14:08:18 apparently it has reasons..- 14:09:38 real fun 14:59:03 Formatted 520b physical. 15:00:27 Fixing it for normal systems requires letting it do a low level format. Gives write errors if you go to use it otherwise. sg_format utility handles it. sg3_utilities pkg/port. 15:05:18 Believe the origin of such drive formatting is in certsin fiber channel arrays. 15:05:25 Certain 15:21:29 Seems worth the pain in the ass for $2.50 a gigabyte. I wish i'd been able to buy a lot more than i did. 😀 15:49:11 Hello everyone. I love playing with Jails, they're pretty useful and fast.. Have been reading too many documentations and tutorials about it, got a question, I've seen too many rc.conf suggestions like: cron_flags="$cron_flags -J 15" for Jails. What does -J 15 actually do? Anyone care to explain? Thanks! 15:51:49 use ´man command_name´ if you need a reference for cli options 15:52:36 cron(8) says -J is for setting time jitter 15:53:34 nero: Thanks. I've been reading that, but didn't really understand what it actually means.. time jitter.. and why it'd be better for Jails that way. 15:55:21 see also the -j option, which explains the rationale 17:04:43 how does freebsd allocate argv? 17:07:48 argv? I know that in C, it's allocated when you execute the main function: int main(int argc, char** argv). 17:08:33 how is it stored in memory? 17:09:09 maybe memory allocates it on the stack? 17:09:41 Soni: https://github.com/freebsd/freebsd-src/blob/main/sys/kern/kern_exec.c#L1416-L1435 freebsd does it right here 17:09:42 Title: freebsd-src/sys/kern/kern_exec.c at main · freebsd/freebsd-src · GitHub 17:10:06 this isn't just argv, it's other things too 17:10:46 see also sys_exec, exec_copyin_args 17:10:55 sys_execve rather 17:11:53 how is it laid out? 17:12:48 https://github.com/freebsd/freebsd-src/blob/main/sys/kern/kern_exec.c#L1387-L1393 17:12:49 Title: freebsd-src/sys/kern/kern_exec.c at main · freebsd/freebsd-src · GitHub 17:12:56 dstolfa: where is the main function in that code? I don't know much about coding, but I know that in C, argv is present in int main(int argc, char** argv){} 17:13:44 Oleg: this is kernel code responsible for performing the execve(2) syscall. there is no main function in this context other than the fact that it's the function that will be jumped to eventually after all the initialization is done 17:14:00 but not in kernel context 17:14:24 it looks like it's all shoved into a buffer, in order? 17:14:40 Soni: BTW, if dpcpu stuff is confusing you, see dpcpu(9) 17:14:48 it's basically just a way to have per-CPU data 17:16:17 so basically shoving protobufs into argv is generally portable across POSIX implementations? 17:20:05 cannot carry NUL chars that way, if you thought a protobuf could 17:20:08 not quite sure as i don't really know what the code does, but you should be able to at least get the upper bound from limits.h in a portable-ish way 17:20:38 "The arguments represented by arg0,... are pointers to null-terminated character strings" 18:27:45 doesn't matter, if they're shoved into a buffer in order 18:28:14 because foo\0bar\0 is still foo\0bar\0 even if you're only "supposed" to see it as foo and bar 22:18:43 Just started playing around with freebsd yesterday for the first time and I have a bit of a random question. Is there any technical reason why in freebsd you must mount procfs while in linux /proc always has the process pseudo-fs? 22:20:37 newchair: We don't believe in procfs 22:21:15 even though our procfs is way less powerful than Linux', we still disable it by default 22:21:49 it's just too much information exposed, and we're afraid of more leaking out 22:23:16 Ok i see. I'm also noticing on my linux machine /tmp is tmpfs in /etc/fstab but not on freebsd 22:24:30 yeah, you can do the same, but by default is just a regular Filesystem 22:29:14 basically, Linux does a lot of things through Filesystems, and… We don't 22:30:56 * meena has been in great pain at times trying to find alternatives for /proc or /sys stuff when porting Linux systems Software for FreeBSD 22:31:25 lol 22:31:28 * meena shakes fist at her arch nemesis infiniband 22:33:19 the biggest problem, if we ignore infiniband for a second, isn't even finding sensible alternatives. it's trying to find out what the heck those magic files in Linux even mean 22:35:16 Yes freebsd seems a lot more sensible and easier to grasp than linux in general so far. Like how linux just has a million different kill signals for some reason 22:35:40 every Unix does 22:36:36 oh nvm maybe kill -l is just different on bsd lol 22:37:19 https://man.freebsd.org/signal(3) 22:37:22 Title: signal(3) 22:39:01 meena: cool thx 22:39:07 back to the handbook! 22:39:47 https://www.illumos.org/man/3HEAD/signal.h same here 22:39:48 Title: illumos: manual page: signal.h.3head 22:40:14 check signal(7) on Linux 22:40:58 thats exactly what i did after skimming the freebsd one 22:41:08 no idea which ones POSIX defines 22:41:29 meena: parsing procfs is also very fun, so you end up with gems like this if (!file.is_directory() || !std::filesystem::exists(full_path)) 22:42:41 https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/signal.h.html 22:42:42 Title: 22:43:45 dstolfa: i refuse to parse procfs 22:47:15 here's a cool but report, by me, about /proc, which came to a happy ending: https://github.com/canonical/cloud-init/issues/4332 22:47:17 Title: util.py: get_proc_env() doesn't work on FreeBSD · Issue #4332 · canonical/cloud-init · GitHub 22:47:17 4332 – System crash after SCSI DAT tape access. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=4332 22:53:38 but report. butt report… 22:53:40 I was using "psutil" (Python module) to get proc(ess)stat(istics) on Rocky Linux 8; more than not, it was slower than just coping with custom "ps" output. 22:54:14 Have not tried on FreeBSD 22:54:48 a lot of the low level Unix stuff goes thru lots of code. like, lots and lots of code 22:55:40 everything is highly abstracted before dispatched to the actual functions 23:13:48 I just noticed the "emulation" stanza in procstat. hmmm… 23:53:41 So I have the Ubuntu OS installed for my Linux jail. I have it all updated and can chroot into it just fine. I can even run the Linux version of Wesnoth (installed from the Ubuntu system) perfectly. I'm trying to run an AppImage from my Downloads folder and it's throwing this: ELF interpreter /lib64/ld-linux-x86-64.so.2 not found, error 2 23:53:59 I tried running it in the Linux jail and that was complaining about a fusefs problem. 23:54:21 I'm on 13.2 and I'm running Ubuntu 22.04 LTS. 23:56:00 It seems anything I run outside the jail I get that error when it's a Linux ELF. I was reading that it should be smart enough to know the chroot, etc...or I thought I read that somewhere. 23:56:27 Because if I run /compat/ubuntu/usr/games/wesnoth-1.16, I get the same ELF error.