00:40:32 <_zip100> Zyxer: recently cryptography package in Python has been moved to Rust backend 00:40:49 <_zip100> because it's "safe" and whatever 00:41:03 <_zip100> but yeah now it's a rust dependency if you're installing from source 00:46:09 lately I got a Belkin OmniView Pro2 KVM switch that has PS/2 & USB... but unfortunately it takes to do something with it (I don't use) so is there any way I can get shell history back? The only other PS/2 & USB ones I saw by a company are out of production and cost several/many thousands dollars for eight-port ones 00:46:26 that mean every time you install that pkg you gotta install the huge rust toolchain? 00:46:35 _zip100 00:48:24 <_zip100> it probably has rust version pinned at some reasonable defaults, I highly doubt they're using nightly 00:48:57 <_zip100> also I believe you can cheat and install binary toolchain 00:49:02 how can we install a pkg that's made in rust without having to install the giant toolchain to build it? 00:49:12 that's all still huge no? 00:49:22 <_zip100> they should have binary builds 00:49:27 <_zip100> at least they do for Linux 00:49:57 <_zip100> probably someone is doing them for BSD, you just have to find the right package registry (and trust their authors :) ) 00:50:11 <_zip100> or you can install pre-rust versions, but that's insecure in itself 00:50:18 I found binary build for FreeBSD 00:51:01 Also, why are they moving to rust? This angers me. If done properly C is better. Rust eats like 5MB for a hello world 00:51:25 And every dev things already needs C 00:53:04 Bah, I am trying to run etherpad on server but it gave me brain damage. Nodejs is 5 nightmares distillied into one dose 00:53:48 <_zip100> rust is like node.js applied to C 00:54:09 <_zip100> I don't know why. because it's next best thing? 00:54:57 <_zip100> I guess people get really hooked on "secure" motto, no matter what costs 00:57:37 npm uninstall * 00:58:09 How can I remove a package and all dependencies (that nothing else needs)= 00:58:12 ? 00:58:23 Wrong chat 00:58:52 pkg remove && pkg autoremove 00:59:30 Uh... Thanks. oh, the autoremove is for that. Good to know 01:01:21 Caveat: "pkg autoremove" will remove all dependencies no longer needed, not just the ones for . 01:02:55 :) 01:03:28 polyex: no, you only need rust if you want to build it yourself, it isn't a runtime dependency 01:51:39 darwin: according to vt(4), it looks like that should be possible using a custom keymap file (/usr/share/vt/keymaps) 02:00:48 great! 02:02:20 my first thought was change it to like GNU/Linux but I'd rather also hear alternative KVM switch options 02:02:29 is quicker of course 02:26:35 is it possible for traffic to leak while pf is reloading? like service pf reload 02:54:00 polyex Can you paste link to the rules? 03:24:14 Anyone get there function keys working with there laptop or desktop ? Looking for a guide 03:31:48 jb1277976: what laptop, and does it provide an option in the bios to enable/disable those keys? 03:31:49 Define "function keys working"? I can use mine to switch between VTYs using alt-Fn (or ctrl-alt-Fn from the X session). 03:59:38 polyex, IIRC I remember the pf documentation saying that "pfctl -ef /etc/pf.conf" is an automic update switching from the old rules to the new rules. There should not be leakage. 04:04:50 tyvm rwo 04:04:52 rwp 05:00:10 <_0pr__> speaking of keyboard, I think the best and most reliable way to get all things working is to find a keyboard that the system supports... For desktop computers running freebsd, UHK is the best to my opinion... with it, I don't even need a mouse, execpt when gaming :P 05:21:00 Jelly Comb worked well for me. Inexpensive to boot 05:26:05 jb1277976, I didn't need to do anything. My keyboard function keys Just Work. But if you are asking about multimedia keys on a laptop keyboard then those usually need help to work on my linux systems and I haven't figured them out on FreeBSD myself yet. 05:29:01 ( hunh. Jelly Comb is closing: https://www.jellycomb.com/pages/protoarc ) 05:29:02 Title: Introducing ProtoArc – Jelly Comb 05:30:08 ( ... "Under ProtoArc's innovative and agile structure" does not exactly inspire confidence, especially if I were a past customer ) 05:34:44 Past experience of mergers and acquisitions does not inspire future confidence. :-( 05:36:41 yup 08:09:39 Hm, the discord invite link on https://wiki.freebsd.org/Discord is invalid or has expired. 08:09:40 Title: Discord - FreeBSD Wiki 08:10:10 Ah, stupid me. 08:10:22 There is a second link that works... 08:18:41 debdrup: thx for the reply 09:28:08 <_0pr_> Hi, anyone know how to register xfe as default file manager? Such that I click on the open in folder in download of chromium of firefox, it will open the location in xfe... Didn't find anything online... any tips where to look? 09:29:51 <_0pr_> or firefox... typo there~ 09:38:29 _0pr_: xfce4-mime-settings when you are running the xfce4 desktop? 09:39:23 <_0pr_> running dwm... I don't know if xdg-mime is the right way to do it... 09:40:11 ah wait, xfe is not part of xfce4… but browsers should respect mime settings, at least firefox does, i think 09:41:58 <_0pr_> Not something I must have but... since long I want to have it right~ So... When click on the Show in Folder icon in firefox, nothing happened, click it in chromium, it opens firefox... hahahaha weirdo 09:43:58 <_0pr_> why the heck are all the files in .local/share/applications prefixed with wine... 09:45:28 <_0pr_> I think I'm in the right place, have to play with it a little. 10:20:03 <_0pr_> Done it, just create a destop entry answering to mime type inode/direcotry in .local/share/applications folder, and chromium works just fine, firefox still has no reaction to this. 10:33:03 <_0pr_> Done it in firefox too. follow https://forum.manjaro.org/t/browsers-like-firefox-require-xdg-desktop-portal-package-to-use-os-default-file-manager/106933 and firefox is good to go. 10:33:05 Title: Browsers like Firefox require xdg-desktop-portal package to use OS default file manager - Software & Applications - Manjaro Linux Forum 10:33:10 <_0pr_> Parfait~ 11:39:29 hello hello g'mrning :) 11:43:26 hi 11:44:03 \o 12:16:51 \o/ 12:46:32 am I the only one to have issues with Xorg and FreeBSD 14? (cmus colors disapeard, libreoffice doesn't show, etc) 12:46:54 this is with Enlightenment and i915kms.ko loaded 12:47:49 also keys to raise/lower brightness don't work (despite acpi_video being loaded) 12:48:58 now theres a wm I haven't heard in a while. Nice 12:49:07 i liked that gui platform 13:18:56 Good day 13:31:21 Zyxer: \o 14:02:48 running 13.2 on host and guest vm. just ran freebsd-update fetch and install, and pkg upgrade, rebooted. now on the host system i can press command + enter to open a terminal like normal, but in the vm that key combo doesn't do anything anymore 14:02:52 anyone else run into that? 14:15:46 are you sure the keys get passed to the vm correctly? 14:16:45 it was all working perfectly until i did these updates 14:16:57 i'd think so because meta + d brings up rofi 14:17:07 but meta + enter doesn't do anything 15:06:06 Is there a favorite howto for IPFW's in-kernel NAT? 15:06:44 I've been looking at this section of the handbook: https://docs.freebsd.org/en/books/handbook/firewalls/#in-kernel-nat 15:06:46 Title: Chapter 33. Firewalls | FreeBSD Documentation Portal 15:06:55 But it seems a little spotty on information. . . 15:08:07 Like right near the top, they talk about this shell script with an ipfw command and some variables being set but there's not mention of what the filename should be. 15:22:10 "The example below builds upon the firewall ruleset shown in the previous section. It adds some additional entries and modifies some existing rules in order to configure the firewall for in-kernel NAT." so it should have a description in a previous section that explains how to use ipfw via the rc script in general? 15:22:11 Maybe I should just stick to natd. 15:22:37 It's served me well and and I actually wrote a howto for it that used to get a lot of downloads. 15:23:17 hm, I expect it to be /etc/ipfw.rules "This section demonstrates how to create an example stateful firewall ruleset script named /etc/ipfw.rules" 19:27:16 enh 19:27:36 I have a bunch of pf rules, where I need the rdr to happen before the NAT 19:27:49 the rdr is more specific, but the nat seems to grab it too early 19:35:46 dch: is that the thing that dfr fixed recently, or unrelated? 19:36:09 meena: unrelated, this is just me not good enough at pf 19:45:19 i wonder why /usr/local/bin/ping_exporter is setuid. it presumably needs to run as root to use raw sockets, but it should be started by root... except the rc.d script starts it as nobody, but then it becomes root because it's setuid? 19:46:53 Not familiar with ping exporter, but that seems like a feasible theory. 19:47:14 That some component of Ping(tm) Authentication? 19:48:03 unixwitch: that seems silly altogether. especially because nobody is not a user that should actually be used 19:48:58 Says who? 19:49:01 nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin 19:50:23 nobody is the NFS fallback user. if you somehow gain control over that user on a server with (badly) mounted NFS, you can read all of it 19:50:39 meena: yes, it seems like a very convoluted way to just run something as root... maybe i should file a bug because having it setuid at all seems like an unnecessary security risk 19:51:18 ls -l /usr/local/bin/ping_exporter 19:51:53 -rwsr-xr-x 1 root wheel 10107456 Dec 8 19:40 /usr/local/bin/ping_exporter* 19:52:13 unixwitch: please do 19:53:14 dch, i'm curious what you're trying to do. nat is generally for egress, whereas rdr is generally for ingress. but maybe you have a jail that you want to be rdr'd to another jail? 19:53:34 scoobybejesus: aah maybe thats what I'm doing wrong 19:53:55 PC <> firewall running a custom proxy <> proxy talks to internet 19:54:29 traffic coming from internal network port 443 -> rdr to the custom proxy running on the firewall 19:56:52 i see what you mean. i'm no whiz. was hoping the rubberducking would help. but i'm thinking. seems like you still need nat, but the proxy should do it, or it should come after the proxy. ummm 19:59:05 meena: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275705 19:59:06 Title: 275705 – net-mgmt/ping_exporter: should not install setuid root 19:59:16 it should work like squid does, https://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf 19:59:17 Title: Intercepting traffic with PF on FreeBSD | Squid Web Cache wiki 19:59:27 my local conf must be too special by now 20:10:21 (incidentally, this is the first time in years i've ever had a useful outcome from the daily setuid check... so i'm glad i didn't just get annoyed and disable it) 20:12:31 unixwitch, what port is that from? 20:12:46 net-mgmt/ping_exporter 20:13:17 it's an agent for the Prometheus monitoring system that sends ICMP pings to various configured hosts and reports statistics over HTTP 20:14:04 Germans. . . 20:15:39 it would actually be a perfect example of something that should be rewritten to use capsicum... kind of a shame that seems to have no traction on platforms other than FreeBSD 20:17:53 also mildly surprised we have no port for postgres_exporter? maybe i should look up how to become a ports committer 20:18:38 dch, it looks like rdr rules can be listed prior to nat, since they are both translation rules. it also seems like the nat rule could have `! port http` to ignore 443/80. also i didn't know about bridge-to, but maybe it could be used if the proxy has it's own interface 20:19:25 i hope you figure it out. i have had similar things that I failed to get to work. nothing mission critical for me, though. i just love to tinker 20:20:12 scoobybejesus: when the rules are loaded, all NAT come before RDR (see `pfctl -nvf /etc/pf.conf` and watch the rule ordering 20:20:43 you could just become a port maintainer by creating the port and submitting it via bugzilla 20:21:27 interesting. gotcha. if pfctl re-orders things, there goes that idea. but excluding port 443 from the nat rule should still work, i would think 20:38:09 mmmm its definitely the nat rule screwing things up, but despite that the rdr rule doesn't work 20:40:09 rule 0/0(match): nat out on ng0: 172.16.1.4.18934 > 199.232.168.81.443 20:40:18 thats me going out to bbc.co.uk 20:48:27 it could be worth putting pfsense in a vm, installing some other proxy, and spitting out its rules 21:29:05 TIL, for NAT & RDR changes I need to flush the rules. easiest via `service pf restart` 21:29:20 its still not working but at least it makes more sense now 21:32:12 heh 21:44:07 * CrtxReavr hates syntaxes that separate IPs from port numbers with periods. 21:45:50 Agreed. I don't like them either. 21:46:27 tcpdump is another offender. 21:47:10 'Couse I also remember when bind wouldn't allow an @ sign in SOA records, and the part of my work E-mail address on the left side of the @ had a period in it. 21:48:06 CrtxReavr: i sort of like that with IPv6 though. because there's no need to quote anything. but usage of : is probably so ingrained that it's not worth the effort of being different... 21:48:34 Proto Recv-Q Send-Q Local Address Foreign Address (state) 21:48:34 tcp6 0 0 2001:8b0:aab5:10.45199 2001:8b0:aab5:10.5432 ESTABLISHED 21:48:44 I thought the @ sign in SOA was still reserved for the domain part. No? One can put an at in the rhs fields now? Well will wonders never cease. 21:49:34 i'm also really curious about an email address with @ in the user part, i didn't think that was legal. aren't you supposed to rewrite it as %, like internal.gateway%user⊙ih? 21:50:08 oh, nvm... you mean the email address had a '.' in and that doesn't work in SOA records, right. 21:50:23 unixwitch: According to the RFC, any character is valid for the local part, even an @ 21:50:46 bahamat: does that required quoting? "a@b"@c? 21:51:12 unixwitch: No, the right most @ delimits the domain, since we know that domain names can't have @ in them. 21:51:24 "@ IN SOA doom.proulx.com. hostmaster.proulx.com. (" I am still doing it this way. But you say I can have it hostmaster⊙pc now? 21:51:32 so a@b@c, we know that the local part is a@b and the domain part is c. 21:51:50 bahamat: TIL. thanks 21:52:14 Yeah, it's weird.And it makes it really fucked up writing a *valid* email address parser. 21:52:37 For that matter, spaces and quote marks are also valid. 21:55:02 i wondered if this was changed recently but i checked RFC822 and according to the grammar it seems like it's always been valid 21:55:42 The RFC was written when you didn't know if you were delivering to UNIX, a mainframe, or Windows for Workgroups. 21:55:51 It used to be when email routing was allowed that only one @ was allowed at a time and left @ were converted to % like joe%lab42⊙ec where upon delivery the right most @ was removed and the next % was promoted to an @. 21:56:05 But email routing has been forbidden as an anti-spam strategy for years and years now. 21:56:17 So they were just like the local part will be: ¯\_(ツ)_/¯ 21:56:35 if i'm reading it correctly unquoted space aren't allowed though, you still haven to write "/CN=John Doe/OU=People"@x500domain.com 21:57:26 rwp: that's what i thought but as bahamat says that's not true. @ is permitted in the local part 21:58:02 Yeah, but there's also like "Miles O'Brien"@foo, which was considered extremely common. 21:58:09 user⊙a@b.com might not routed correctly but it is syntactically valid 21:59:02 Back in the Sendmail days I am pretty sure that would have been kicked out as invalid. It would have needed user%a.com⊙b to route. 21:59:23 yeah, if you want to do source routing you need to use %, but you *could* have a local user called foo@bar and their mail would be accepted 21:59:28 Yeah, lots of address validators aren't compliant with the RFC, and not even all MTAs are. So YMMV if that's really your email address. But according to the RFC, it's required to be accepted. 21:59:35 ... that would probably be a terrible idea though, i have enough issues with a '+' in my email address 21:59:54 The local delivery agent can impose any restrictions it wants to. But MTAs need to deal. 22:00:46 MTAs have always been operated as a "my server, my rules" thing which means they do what they want and there isn't anything you can say about the remote end. 22:01:19 That's why Google and the other too big to block folks do what they want and we all must react. 22:02:43 obligatory: https://www.youtube.com/watch?v=nq-dchJPXGA&t=1s 22:02:44 Title: Your Name? | A Bit Of Fry And Laurie | BBC Comedy Greats - YouTube 22:04:26 ooi is there a solution to the problem that started this discussion, of putting an email address where the local part contains '.' in a DNS SOA? i guess everyone just uses hostmaster@ so this doesn't really come up very much 22:08:01 or for about month, many years ago, "hoistmaster" 22:11:29 unixwitch: It's probably best not to make it a real human's address anyway. You don't want to have to go changing your domains if that person leaves the org. 22:11:51 yeah, i agree 22:12:05 Even if it's a purely personal domain, that email address is likely going to end up with a lot of spam, so I wouldn't want my real address in there. 22:12:34 i could use myname.hostmaster⊙mc but ironically i can't because it contains '.'... wonder if '+' is allowed in SOA 22:17:46 I think it's limited to what's valid for domain hostnames, so I don't think either + or _ will work. 22:18:05 bahamat, CrtxReavr: i asked #dns and got a surprising answer: john\.doe.domain.com 22:18:19 Interesting. Worth a try. 22:19:31 real life example: powerdns.com. 3600 IN SOA pdns-public-ns1.powerdns.com. peter\.van\.dijk.powerdns.com. 2023120701 10800 3600 604800 3600 22:19:45 Although, tbf, I don't know anyone or anything (other than spammers) that actually use that for sending an email to. 22:22:18 I think that you can safely assume that any human who saw peter.van.dijk.powerdns.com would assume peter.van.dijk⊙pc and not peter⊙vdpc 22:22:24 hostmaster@ just forwards to me@ anyway so might try changing it just to see how it goes. it feels more friendly to have a real name there 22:22:43 The domain part of the RHS does not need to match the domain of the dns zone. 22:57:27 I always thought it was documented as a hint field for humans and was not intended to be machine parsed. Any human who sees it is expected to be able to figure it out. The backslashed dots feels like an afterthought on an afterthought to me. 22:58:04 I suggest using an alias of hostmaster (or hoistmaster if you like, knock yourself out!) and not put an actual person in there. 22:58:06 rwp: i imagine it would matter if, for example, you have some sort web-based "domain report" tool and it wants to format the contact address as a mailto: link so you can click on it 22:59:36 I would always get that data from the whois database records. 23:00:48 that's not very useful nowadays as nearly all registrars hide registrant info by default. Registrant Email: https://tieredaccess.com/contact/acf0dd48-ac1f-488e-ba9e-4d4ac7f26db2 23:00:49 Title: Tiered Access 23:02:22 If one is going to hide their whois data (which are most) then why would they not hide their SOA address behind an alias or other too? 23:03:07 because it's not about people who specifically make the effort to hide their whois data, it's that it happens for *everyone* by default even if they don't care either way 23:03:24 like my domains have valid SOA email addresses but hidden registrant data because i don't care enough to change the default 23:03:38 also, i care less about my email address being public than my home address, which is in whois but not in SOA 23:04:11 That last about home address is definitely true. It's a thing to watch for certainly. 23:05:49 It is interesting that "whois powerdns.com -h whois.ripe.net | less" shows very little but "host -t soa powerdns.com" lists Peter's name out right there. Wonder if Peter is an NPC role name there. 23:07:53 i'm pretty sure that is his real name, /whois habbie 23:40:37 i just experienced linux users callinig unix "sh*t" 23:40:38 XD 23:41:15 <_0pr__> It happens. Keep cool and smile. 23:41:34 that what i though to do :DD 23:42:12 i got mocked for liking bsd 23:42:55 even tho the distro they use would not exist without ports and they even had a fbsd kernel branch 23:42:58 no one cares 23:43:52 <_0pr__> :D Most of the time we know better than they are. 23:46:56 "i got mocked for liking BSD" sounds like something that would happen at a high school, not somewhere you'd actually choose to be... 23:47:20 well that just happened on libera ^^" 23:48:07 but i guess it was just something they can pick on me for :D 23:48:09 XD 23:48:55 if i wes eating an orange they would pick on me for eating an orange 23:56:12 mane: i highly recommend listening to unixwitch, and not hang out in places where people are mean to you 23:56:52 yeah that's just a brit and his buttpals 23:56:58 but many people over therte are legit 23:57:16 it's just the the chat is taken by a small troll group 23:58:48 yesterday it was all ok but today they decided it's over 23:58:58 XD