can i ask dumb/beginner questions about freebsd in here? i want to get a qualitative feel for managing a production service running on freebsd

sure

i have a web application,... i am writing a rust binary with a postgres database, probably will continue to run on ec2. i've been using ubuntu for this for a while but am contemplating switching to freebsd

great

so spin one up and see how it feels

i actually used to use freebsd when i was a kid and i have used it for some unimportant hobby projects, but never in production

ubuntu has this phenomenon of "unattended upgrades",... but i am reading some forum posts--i guess freebsd doesn't have this?

i would really like to just write my application code and not need to worry about "having a pager" and deal with emergencies where everything suddenly stops working

you could script the system to upgrade itself automatically if you wanted, but there's no facility for that in base system (as far as i know)

sounded like they didn't want automatic updates.

and what about keeping exactly one copy of my web application binary running at all times, even if it crashes/panics etc

oh, no i do want automatic updates as long as they don't break my system...

if you don't test the updates, its only a matter of time that one does something you don't expect.

segfaultfizzbuzz: you can do that with daemon(8)

llua: so the only way to really know if your application breaks after an os update is to run it? that's pretty wild

how else would you know if it breaks other than testing it? this is why people have test environments, there's always a chance an OS update will break something, on any platform

yeah, unattended upgrades are kind of annoying for exactly that reason

lw: the other possibility is that interfaces are held rock solid ...

software made by humans aren't infallible

segfaultfizzbuzz: by interfaces do you mean the OS API/ABI? that is guaranteed to be stable within a release, the issue is that any code change can introduce bugs that might break something

if you have a pager that's up to you and your operations procedure

heh newsletter.pragmaticengineer.com/p/inside-the-datadog-outage

Title: Inside DataDog’s $5M Outage (Real-World Engineering Challenges #8)

yeah you would think that the OS API/ABI was stable...

on some days i want to just get rid of the operating system

segfaultfizzbuzz: freebsd-update can be run on a crontab daily for unattended installs

unattended updates*

ah yes, just run as close to the metal as you possibly can, that'll solve some problems :-)

if you turn your binary into a rc.d service, it's easy to make the daemon binary keep exactly 1 of your binaries running at a time, and start on OS start up

i have been looking at aws lambda to solve some of these problems but i am intimidated by the difficulty of planning costs / likely costs (especially api gateway costs)

alepzi: care to provide some details on how to do that?

which

exactly one copy triggered at os startup

pkg install nginx, then look at its contents at /usr/local/etc/rc.d/nginx and see how it handles getting automatically started by the OS. that's prolly more complex than it needs to be

then when you're running your binary in YOUR rc.d file, you just put daemon in front of it

read man daemon

why do i see this "pause for one second on restart" phenomenon

segfaultfizzbuzz, A super big advantage for FreeBSD on ZFS is Boot Environments. If something does break with an upgrade it is easy to boot the previous Boot Environment clone and have things running. Then investigate the breakage the upgrade caused leisurely.

"Supervise and restart the program after a one-second delay if it has been terminated."

On EC2 I don't know exactly the procedure to rescue something if it has gone astray. I have in the past there mounted the block storage on a second system and then hacked on it and then booted it. So that is always possible.

that controls how long you want daemon to wait before it restarts the binary

can i also have my process killed if it uses more than X GB RAM (in the event i have a memory leak, or a dependency has one)?

resource limits

rwp: uh it sounds like you have physical access to your machines?

wouldn't killing your process due to a memory leak be a pager event on its own?

segfaultfizzbuzz, I have console access to my machines. I know AWS EC2 has traditionally not provided a console. Do they now?

kevans: if it is restarted by the operating system, in many/most cases no

On EC2 I have had to mount the block storage on another running system, then debug things, look at logs, hack files, then unmount the block storage and boot the EC2 node up after rescuing it.

ah, so assuming you're running it under dameon, killing it (so it can be restarted)

rwp: you can ssh to your instance if that is what you mean by console. ec2 has had that for a very long time,... or do you mean something lower level...?

yeah i want daemon to watch the RAM usage and kill it above 4GB or so

The system console is where the machine boots from. If the machine can't boot then no I can't ssh into it.

But at AWS I can ssh into a different system that is next to it and then mount the block storage of the non-booting system onto the booting one. Then look at log files and fix things.

rwp: uh, does freebsd sometimes have an update which causes it to fail to boot? that could be a dealbreaker

I have never had a FreeBSD update fail to boot.

But I did lock myself out of my own machine through stupidity on my part once.

haha howd you do that

another question would be how to lock down a freebsd machine for exposure on the public interwebs

freebsd is no more buggy than linux debian

you said interweb so i'm not going to help anymore

I changed all of my login shells to /usr/local/bin/bash, performed a major upgrade from 12 to 13 of the base system, did not upgrade the packages, rebooted, and could not log in because I had no functioning shells. D'Oh! I had not followed the release notes and had not upgraded my pkgs yet.

no i used plural

all of the series of tubes

rwp: uh,... yeah i theoretically could have done something like that,...

Hardening would generally be using one of the several available firewalls of which there are three that are popular.

ya like tubes with rifling huh

i don't have time to read release notes, i just want my process to run

If you don't have time to read the release notes then you will have time later to fix the broken system.

this has gotten too painful to watch... see ya

In any case I find FreeBSD to be more reliable and more stable than my Debian and Ubuntu systems and I am slowly migrating my machines from those to FreeBSD.

yes. And I must relocate myself as well. So now seems like a good time for it.

i guess i shouldn't say interwebs in #freebsd

i don't speak for #freebsd

i have that opinion of ppl that use that word because it's from an era when lazy normie dummies came online and made it even worse. like eternal september got aids

the reddit era

yes but i am using it sardonically

>yes

the same hype beasts that watched Silicon Valley

so i would create a user for the process in order to impose a resource limit?

man, our poor mail driver substitute. twice now she's been out to our house, both times she's gotten stuck on ice

shit, this is not the right channel

segfaultfizzbuzz: easiest way to set resource limits, if your program is being run using an rc.d script, is to set yourprogramname_limits="whatever" in /etc/rc.conf

you can put limits on a binary ran by any user just by binary_limits=""?

"..."

kevans; i was impressed with the package deliveries i got, despite the weather... physical delivery is relevant to #freebsd as a motive for computer networking

true enough

our mail has been effectively suspended for the last week, kansas (middle of nowhere, US) has been getting somewhat destroyed

alepzi: I thought it only worked for things run by run_rc_command?

we should have a law mandating triply reundant fiber and a switch in every household

i just didn't know about _limits at all

${[service}_limits

I learned about it last week reading the rc.conf man page :)

awesome

segfaultfizzbuzz: fwiw, my problem wasn't with "interwebs" but with "i don't have time to read release notes"

you can also set a login class for any service (useful if you have a common set of limits for multiple daemons, I guess)

or even a fib (much more useful in my particular case)

might have been a joke, but it hurts. we write those things for a reason

too many people don't bother

yeah, the freebsd release notes are not _that_ long, and usually very informative

i'm on macOS for my dev machine,... i just ran man limits and got nothing--i thought macOS was roughly a (free)BSD of some kind, is that no longer true?

there are a lot of utilities from freebsd, but the ones that make sense

macOS has a bunch of FreeBSD userland still kicking around, but it's not really FreeBSD per se, and never has been

segfaultfizzbuzz you run production shit on ubuntuh but don't read their release notes?

alepzi: if i read everything i was "supposed" to read i would get nothing done

segfaultfizzbuzz you run production shit on ubuntuh but don't read their release notes?

at some point that's borderline irresponsible, especially for something you rely upon just working

segfaultfizzbuzz: you can read freebsd man pages online - man.freebsd.org/cgi/man.cgi?limits

Title: limits

i am looking at discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668 right now

Title: Jammy Jellyfish Release Notes - Release - Ubuntu Community Hub

so you do read release notes for ubuntuh, but don't wanna for freebsd?

oddline: oh i know i was just hoping to be able to fiddle with some freebsd stuff directly on my macOS dev machine, looks like i can't

you might be able to run freebsd as a guest in macos hypervisor?

alepzi: i mean if you look there it's stuff like " UDP disabled for NFS mounts" and a bunch of version numbers,... it's all line noise to me

i'm not going to say "stop the presses, i don't want glibc 2.35!"

segfaultfizzbuzz: k what i'm trying to get to but you won't directly answer shit is, sounds like you don't actually wanna work at the abstraction level of OS and programs. you maybe want container hosting or functions as a service?

then you have NO OS duties

they did mention lambda, to be fair

ya, and i'm saying that sounds more approp

yeah see above for lambdda/api gateway considerations

segfaultfizzbuzz: if you scroll down a little, there's stuff in those Ubuntu notes that I'd certainly want to know - like moving from xtables to nftables as a firewall backend, which might break docker, for example

i don't use docker, just a binary

ya well "every option requires work and i don't like that" doesn't leave you many options now does it

...i suppose what might be lost in coversation here is that i am looking at the "operating system" abstraction level to *decrease* how much stuff i need to manage/*decrease* surface area

so think about it, which is really the right level for you?

then that means shit like reading release notes, or having downtime/security holes

and if there's some way easier way that none of us are seeing except you, i'm all ears. innovation happens

like in a perfect world, how would all this shit work perfectly for you?

perfect world would be a rock solid and minimalist API/ABI probably and as close to bare metal as possible

that does what?

as close to nothing as possible

keep my process running and provide network io probably? and then i would need a second one of these to run postgres and keep it running/provide network io

the more stuff you take out of the OS, the more has to be reimplemented by the application. in most cases, this would probably just move your problems...

but then you start building the basics, and you add some design holes, and discover why OSs have some complexity

like authentication, user management

resources, permissions

i need the OS for threads?

logging, alerting

there is only one process on the machine, and it shouldn't be allowed to modify any aspect of the system

maybe intrusion detection and cron jobs

ah yes i need a third one for running cron but i might be able to make my own cron...

"run a network server and postgres" already requires your OS to provide: disk and network card drivers, a TCP/IP stack, multitasking, a file system, probably privilege separation in some fashion, probably a firewall...

i am indeed dependent on the aws firewall being good

but only a single port would be open publicly, 443

actually, it sounds like what you're describing is a unikernel

i briefly looked at trying to run sel4 on ec2 but didn't get anywhere

seL4 is very cool, but trying to run it in a public cloud sounds like a nightmare

in looking at the ubuntu release notes, i am directed to yet more release notes for systemd

the thing about release notes, especially worth noting if you were never in the habit of reading them before:

you don't have to pore over them in fine detail, just scroll through - "upgraded thing I don't use, deprecated thing I don't use - oh hey, this is a piece of software that's important, I'll read that paragraph - oh hey, this says "important", I'll read that"

hopefully you'll pick out anything obviously important; plus, if something breaks, you might remember "oh, I skipped a paragraph in the release notes that sounds relevant, I'll go back and check that"

can you give me an example of a release note item that i would actually realistically need to respond to (and could understaand), given the system i am describing?

how about "we've upgraded to a new version if postgres; this means any new accounts will use a new authentication scheme by default"

breaking changes

which could make it hard for you to make a new db user for your app, if your app was, idk, using an older version of a library or behind on feature support

that's just the first plausible example that comes to mind

the question of updating postgres is another topic i am interested in but did not want to derail the more OS focused discussion here,...

the database users for postgres i think are stored within the postgres database itself and is independent of the OS ... ?

what I mean is that that is something that could appear in an OSes release notes

my server is not a timeshare system, i am not allowing university students to use it or anything like that

most users will be installing software like a database from OS packages, right? so if the new version of the OS packages a new version of the database, and the new database behaves differently to the old version, that might get mentioned in release notes

sure but i seriously doubt that i would be able to login to the database entirely...

not every single piece of software will rate a mention of course, but important things like network servers, databases, widely used libraries, and language runtimes often will

i have no language runtime, i would like to ditch openSSL for rustls and eliminate that dependency although i admit that is one

segfaultfizzbuzz: in your perfect world, how do logs work?

i would have to recompile my binary with logs added and probably trigger network events to transmit the logs

segfaultfizzbuzz: well, you never know, right? I based this example on a real thing that happened with MySQL / MariaDB, where they changed the default authentication scheme, breaking compatibility with any app that didn't have a relatively modern mysql library

heh that's a bummer. i do have unfortunately a binary dependence on libpq and am realizing that might be a good thing to get rid of

...that being said it's unclear to me why i would want to update postgresql at all

segfaultfizzbuzz: anyway, as I mentioned before, the philosophy you're describing - where an app is entirely self-contained, running either on bare metal or (more commonly) on a hypervisor / in the cloud, with no traditional OS, is called a unikernel. they have their own upsides and downsides, but if you're interested, have a look at github.com/rumpkernel/rumprun and mirageos.org

Title: GitHub - rumpkernel/rumprun: The Rumprun unikernel and toolchain for various platforms

my database queries all run through an ORM and everything is typesafe,...

they usually work by borrowing drivers from an existing OS - commonly from NetBSD, actually

segfaultfizzbuzz: does your binary need a reverse proxy or does it handle https requests directly? does it auto renew its tls cert?

do these unikernels work on ec2? do they have enough users that i'm not going to hit some awful defect?

direct https

direct to axum or? what's your server stack?

the tls cert can be autorenewed by amazon route53 actually, you can configure a custom cert behind elb

alepzi: yeah something like that

work on ec2? I don't know, I think there was some way to run them on AWS though... have enough users? depends what you mean by "enough"... they're not super popular anymore, no

actually, as it sounds like you're a rust developer, check out github.com/hermit-os/hermit-rs

Title: GitHub - hermit-os/hermit-rs: Hermit for Rust.

yeah this is where "i think there was some way to run on AWS" is probably not wise as much as i would like to try this ;-)

probably most ideally i would compile my binary in my machine, have some way of inserting it into a VM image, and then upload the VM image to EC2

I only say that because I've never tried to use these frameworks in anger

for all i know it's very easy

but anyway, this _is_ the cutting edge in the sort of deployment philosophy you're describing. it's an off-the-beaten-path approach; you'll be using off-the-beaten-path tools. otherwise, you're stuck dealing with normal OSes like the rest of us :-P

is there a "alpine freebsd" project?

depends what you mean by that

there's ChimeraOS, which is a Linux distro that resembles Alpine in many ways, but uses a bunch of FreeBSD userland tools?

i'm not sure it's a smart idea to not have users for security purposes, but i mean cut out as much stuff as possible

there are ways to build a more minimal FreeBSD system, yes; some more intense than others

none of which I'd really recommend to a beginner

so i don't have to read release notes about printer driver spool queue deadlocking when nearby bluetooth devices are paired with electric toothbrushes manufactured in latvia in the third quarter of 2021

well, you still have to read those - the tools to build a minimal distro don't also build a minimal release notes to match :-P

I mean, or you could not read them. that's an option too. we just think it's a good idea, just like it is for Linux distros.

well that is nice in theory, like eating brussels sprouts. but the signal to noise ratio is absolutely awful. maybe there needs to be a "critical release notes" or something

if my dependency surface area decreases then those notes become less relevant right?

some of them, sure

the most intense way to get a tiny BSD system is NanoBSD, which was originally designed for embedded systems; I wouldn't recommend it to get started with production freebsd

your two other options are PkgBase, which will let you uninstall some packages (though not as many as you might like)

furthermore i may well assume that the release notes are *unimportant* to my application unless they impact very specific packages/software which my application depends on: postgres, openssl, ssh, rust,...

or just rebuilding world with a bunch of `WITHOUT_<whatever>` in /etc/src.conf

sure; a bit of experience will tell you which parts you need to care about

but it is unthinkable that SSH itself would no longer work/be supported on freebsd, or postgres, etc

why do you care about ssh if you just wanna run a binary?

or i would *definitely* hear about it because the nerdosphere would be shouting "wtf freebsd stopped support for ssh while everyone else is using it"

alepzi: vestigial practical methodology, as much as i would like to use a unikernel or other academically interesting thing

ya but what do you use it for? you have a binary running and it's automatically restarted if it crashes. so what?

so the macro NL_ITEM_NEXT in <netlink/netlink.h> uses typeof() (not __typeof()), but this doesn't seem to be defined anywhere outside of _KERNEL?

one other thing worth noting if you pursue a minimal freebsd system - you'll usually also have to either build software from ports, or build your own packages with poudriere or synth

because the prebuilt packages will be linked against libraries that don't exist in your minimal system

(the main culprit is kerberos libs)

or I guess you could leave kerberos in, so you don't have that problem

alepzi: well if we are not talking about the academic exercise, i will need to configure the system, send commands to the database now and then, etc

oddline: interesting,... i think such a project would be above my head,... but let it be known that there are nerds who want an alpine freebsd distro ;-)

not me. i've pretty much given up on the notion of "minimal surface area" being a generally good thing.

and now tend to build the production artifact with a full-blown userspace with sshd and a zillion useful tools available.

how do you deploy?

doug: ok, how did you come to that conclusion?

fixing things in response to user/management freakouts trumps theoretical security gains

lol, can you provide some examples? did you need some utility for some purpose?

at least twice in the last week i've done live patching of a deployed system to figure out some problem or another

kernel patching...?

nah, source code patching & live reload (as i deploy with a reloader)

nothing like being able to hop on a system and tcpdump/ktrace to figure out what's actually happening in production

oh... why can that not be done with an alpine-y distribution?

alpine itself doesn't come with any of the userland utilities to provide that functionality out of the box

pkgs.alpinelinux.org/package/edge/main/x86/tcpdump ... i don't see ktrace for alpine

Title: Alpine Linux packages

ok so strace for linux

and then why not temporarily make those applications available during debugging and then remove them from the system ? pkgs.alpinelinux.org/package/edge/main/x86/strace

Title: Alpine Linux packages

segfaultfizzbuzz: do you wanna be able to step away for weeks or months and have your binary just running?

alepzi: yep

ya they seem to decay over time and need constant maintenance

used to do that then decided it's not really worth it to have to mess with setting the package source each time & do the updates (and/or opening the network to allow that)

alepzi: what do?

even if you use docker and don't change anything, in enough time it might not even be supported by the newer container runners

I don't speak python. I'm trying to use a script that was written for python 2 that requires pyserial. Will it be easier to upgrade the script, or find an old pt27 pyserial? Or should I just give up?

alepzi: as mentioned, i dont use docker

as an attacker could certainly do that themselves (and typically do transport their own script/binary to the target system for functionality like that)

ya i know, i'm saying even containers aren't a solution

old hardware is supported by old software...

there is a curve, if your hardware/software is too old or too new, it gets more expensive

segfaultfizzbuzz: ooh, just discovered 2to3. Looks like it may fix enough that I can handle the rest. :)

doug: i think also it would almost certainly be way beyond my ability to troubleshoot issues requiring tcpdump or at the kernel/software interface,...

dunno, i find those tools help with "normal" problems. like, seriously cut down the time involved in diagnosis.

i mean, you probably know better than i do ;-)

those things are good at laying bare what's ACTUALLY going on with that fancy schmancy 12-factor OOP dependency-injected microservice monstrosity that some low-level SWE fresh out of java school thought was a good idea to push to production

lol yeah i uh dont use that stuff

Java devs. . .

so i think i found a netlink bug... if you create an interface, you get RTM_NEWLINK, okay. if you destroy the interface, you get two RTM_NEWLINKs for it followed by one RTM_DELLINK. this does not seem like expected behaviour?

When I was working at Cisco Cloud Services, we had this batch of CS interns from Georgia Tech.

i thought it was my code, but 'route monitor' (which uses netlink) does the same thing

The *ONLY* thing they knew was java.

So you'd give them a task that should have been a five line shell script, and. . . out came the JVM.

Was so tedious.

And that wasn't even the most annoying thing about them.

i mean i write rust cli apps instead of shell scripts these days and it takes twice as long and works 100x better

so i would say they got it half right

anyway thanks folks cyall

fuckin hate java

i was lucky to be in the graduating class that was taught python in CS151 and C++ in CS152

the prof who taught computer networking didn't get the memo i guess, cuz all of his network programming assignments were in java. that class provided no hands-on experience w/ the networking equipment (i.e. switches, routers) it discussed either

bed time...

lw: yeah, that looks bogus. even weirder, `route monitor` is showing three ADD events for a delete for a total of four ADD events in the lifetime of this one interface

on this laptop

i get different results between wg and bridge, curiously. destroying bridge seems to generate a message which is somehow unparseable (although i need to investigate that more). anyway, i will file a PR

drop the PR# here if you wouldn't mind, please

(by unparseable i mean i get enough bytes from recvmsg() to contain two messages, but NLMSG_NEXT doesn't find the second one)

kevans: bugs.freebsd.org/bugzilla/show_bug.cgi?id=276414

Title: 276414 – rtnetlink: destroying an interface generates spurious RTM_NEWLINKs

thanks

i also found an unrelated bug in netlink where you can't use it in -std=c99 (or later) mode which makes me think this interface isn't very often used on freebsd

my gut tells me if /usr/lib/pam_unix.so.6 has a changed permission and ssh does not allow me to connect.. is this something that a package could update?

maybe we're meant to use genetlink(4) instead of rtnetlink

to be fair netlink is actually quite new

here, at least; committed early 2022

oh is it? i thought it had been around for ages, but i'm probably thinking of linux

that would explain it

oh wait, no, October 2022; not early, sorry. Yeah, it's been around on Linux for a long, long time

is there another API for this? the application i'm writing only targets freebsd so i don't mind if it's non-portable

('this' = get notifications about network configuration changes)

the traditional way would be with devd, but it's a little hinky depending on what you're doing considering the architecture

ick. no, i'll stay with netlink :-) i don't mind working out a few bugs

(you'd set up a trigger in devd.conf, so you can run... some script or program, no configuration changes, and maybe that one does the action or maybe it writets over a pipe, depending on what you're doing)

s/pipe/socket/

whatever you do, be careful when you use chown.. some how i got my whole /usr/lib as non-root

I know close to nothing about development in Java. . .

heh

I just hate it from a sysadmin perspective.

I hate how it uses its own timekeeping and name resolution.

I did something with a makefile yesterday and ended up screwing up my /tmp permissions, but didn't catch it at first... talk about a little annoying to debug based on observing random failures all over the system

Sun rewrote all the Solaris admin tools in Java and it meant every command took 30 seconds to start, it was awful

I hate the memory footpring java apps park their fat ass on for shell script sized functionality.

(i mean the *command line* admin tools, not just the GUIs)

I didnt expect what I was doing to touch /tmp at all

ew

kevans: same.. i have no idea how they became a non-root user.. it is like.. wtf was i doing

as a result ssh was not working because of an openPAM module having wrong permissions

If you're not an oldster like me, you may not remember this, but ther was a time when APC UPSes didn't suck. ..

And the harbinger of that transition into shitdom was when they shifted Powerchute dev from C to Java. . .

And then the hardware went to shit. . .

CrtxReavr: i also remember when they weighed a crap ton and you people would save wear special gloves.. just incase the battery leaked

o_O

you were considered a balla if you could afford one too

I'm thinking that'd be more just about sketchy, 3rd party replacement batteries.

probably, i worked in my high school computer lab.. so I went down the line, it is a liability if a teenager gets hurt

but i did get to play with novell netware and network the 15 computers we had for our compsci class, then busting out the borland ide for C programming

Netware on the server I always found very un-inspiring. . .

i was mostly on client side, we were not allowed to touch server

so we learned how to make ghost disks, "build the computers" and install the OS

But the netware DOS client software had a lot of really cool features for booting from a floppy, getting on the network, and installing OSes, etc.

we eventually got to that level, we started with a ghost server freshmen year and by senior year we were installing with novell and the good ole ipx/spx

good times

Know how IPX/SPX addresses were nnn:macaddress?

Did you realize that nnn part supported 32-bit addressing.

no, i did not

Some theorized the Internet could have been build on IPX/SPX. . .

Which by the numbers, easily. . . but. . .

oh god

The routing tables would have been. . . unwieldy, so say the least.

i bet, i never got to that area of novell

for my internship, i converted a hospital laboratory from Novell to tcp/ip stack

lw: re Java 30 second boot, good thing CPython generates and runs the bytecode in realtime ;)

35 machines ordered, built, ghost, setup in lab and install software to interface with the different lab equipment

Early in my career, I dealt with a lot of IPX/SPX to IP gateways.

Which worked surpisingly well.

now i don't do ANY of that for my career

but funny enough i am in working on technology strategies for laboratory, just a different industry

i get to "work" with agile (what horse s***), regulations and herding cats

i spend 99% of my day in office apps :(

oh sometimes i get to do SQL, i have looked at smalltalk code a few times..

now in my spare time i horribly break this bastille jail

for some reason chown is messing up this container and acting "funny" but do not understand why

corporate legacy codebases ftw /s

I was in college between '90 and '94. . .

yeah, the application was started as a smalltalk application and has evolved into having their own BASIC implementation

I had a friend who got a job in the Chemistry department, running a lab full off SGI IRIX servers, that were primarily used for doing 3D modeling of molecules.

But this lab had to be Internet-connected.

3d modeling of molecules is fascinating

And even back then, IRIX was infamouse for horrible zero-days, every other day.

i find working with chromatography machines awesome

I got this job, right as the normal school year ended, and spent the summer working damned close to 24x7.

er - He got this job.

and talking to the scientists setting up methods/experiments to test out the stability of a drug

right out of university i worked like that

CrtxReavr: how long did you get the sleep?

also the company i worked for had a consent decree

*get to sleep

My brother-in-law was a PhD Medicinal Chemist.

want to talk about stress... when i read stories about at&t and theirs, i go.. i get it

Now he's just a director. . .

does he say things like "you can take the lab from a scientists but you can't take the lab out of them?"

something along those lines, a few of my friends and coworkers say that a lot

He works for Seagen. . . which. . . was just acquired by Phizer. . . so they're filthy-stinking.

they miss the lab

good ole Phizer

Pfizer I guess they spell it.

they like that model

it is okay..

i worked for them a few years

they just buy companies, they are that large

They also develop a lot in-house.

oh oncology

Yeah. . . Seagen was supposed to be short for Seattle Genetics, but my brother-in-law was hired for his post-doc work on cancer drugs. . .

Which is why Pfizer acquired them. . . wanted to build their cancer drug business.

yup

i always get a kick out of the viagra story

I was giving my sister shit: "Where was my insider tip to buy-up all the Seagen I could?!?!?!?"

viagra is a failed heart drug :)

She was like, "Bob didn't want to go to jail!"

yeah, pretty much

I know way too many people who got rich off insider trading and never had a problem.

he is probably sitting on a ton of options, that converted from seagan -> pfizer and now he is probably beholden to stay their a few years before they vest

Those who get busted for it are either already filthy, sinking rich, or famous.

the amount of training.. every 6-8 months we go through for that stuff, it is annoying

And the sexual harrassment training, security training, intellectual property training, ad nausium. .

this was a fascinating program i worked with: ohdsi.org it was how i was introduced to "big data"

Title: OHDSI – Observational Health Data Sciences and Informatics

Corporate America.

in 2014/2015 before it was "cool"

Big data. . . filenames in ALLCAPS.

hahah

this is true!

i could never get the data architect to just make the damn filenames lowercase()

he was like, why does it matter.. "because it looks ugly and i am an apple fanboy.. i buy machines that 'look pretty'"

he never did get my horribly dry humor

Actully, someone was telling me the most intensive big data crunching is less about megabytes, and more about the structure of the data taking so damned long to iterate over all the permutations of.

but the concept of "making" a virtual patient based on hospital information, insurance claims, adverse events, internal data repositories.. then build a statiscal model

fascinating

yup

loading took a few days and we would do sanity checks but once you introduced controlled vocabulary and an ontology to link between disparate sources

and understanding how a hospital codes their diagnosis vs procedures and then how a financial claim is coded based on that diagnosis but not necessarily a 1 to 1 machine.. then try to find indications for a drug that most likely DOES NOT link tot he medical or the financial information

aside from hcreate() which is awful

on top of that you can not know anything about the patient and those.. it is anomized

but i am in office apps all day.. documenting and figuring out how to do this stuff

lw: looks like hcreate_r() is just a different version of hcreate()

which my scan through.. looks like "fun"

voy4g3r2: at least hcreate_r lets you create more than one hash table in the entire program (!) but it's still only using strings as keys

true, i am not liking the whole 80% capacity and good luck trying to make it bigger

you are going to need to destroy it and make a new one

the best is: if it returns 0 (hcreate) it could be one already exists or you ran out of memory

good luck figuring out which one

actually, didn't someone say there's a drev for putting nv(9) in userland? that might work for this

that would be outside of my wheelhouse

has anyone ever seen a jail go "wonky" with errors like this: bsd.to/Aebf

Title: dpaste/Aebf (Plain Text)

i tried removing the git and tmux package and reloading (hopefully the files would appear) but nope

voy4g3r2, How did you lose /usr/local/lib/libpcre2-8.so.0 and /usr/local/lib/libevent_core-2.1.so.7? /usr/local/lib/libpcre2-8.so.0 was installed by package pcre2-10.42 and /usr/local/lib/libevent_core-2.1.so.7 was installed by package libevent-2.1.12

rwp: i have NO clue

You can use ldd to list the dynamic library dependencies. ldd /usr/local/bin/git

Here is what I see here: bsd.to/rzxN/raw

Title: rzxN

If pkg itself is busted then pkg-static exists specifically as a rescue option. I would be inclined to "pkg install -f" and force re-installation of *everything*. Which usually happens pretty quick, actually.

2

yeah not me

Title: dpaste/R2Z3 (Plain Text)

Those "not found" lines are illustrative of the problem.

yeah

now it makes me wonder what else is broken

but first lets see if that -f options works on these two

well that fixed that

thank you!

thankfully this was in a jail and NOT the main system

It's a routine operation to reinstall everything after a major upgrade. So we routinely do it. It's not unusual. And it works very fast. Not a burden at all.

pkg upgrade -f it is

as i read pkg install -f only does one package

Did I say "pkg install -f" before? I did. Oops. Yes. It should be "pkg upgrade -f".

its all good

Anyway, glad that you have things back working again.

me too, iw as hoping to update man pages, but learned something

and found out RoboNuffie did a new video on smart tools

but must feed the woodstove (10F) sucks..

just keeps eating wood

well.. it's winter. at least it's not -30F

yes, that is a blessing.. i can handle teens, below that i just hate the whole, it hurts to breathe outside because of the cold air

it's 8F here, but about a week ago we hit -49F... happens in January just about every year.

a week ago it was in the 50s

lw: it's already there, libnv

(not to be confused with zfs's libnvpair)

we've used it heavily for a couple releases now, at least in casper services

oh, the manpage is nv(9) but there's a library too, ic. thanks

Good morning. After a "pkg upgrade", I got this message;

"Installed packages to be REMOVED: php80-composer2: 2.5.8 - php80-intl: 8.0.30." I have PHP 8.0.x and I usually use/need both modules. Are they removed? Any clue what happened to both packages?

pkg search doesn't find none of them, neither.

tercaL: php 8.0 was removed because it no longer has upstream security support, you should move to php 8.1 or later

freebsd | I think portsnap is no longer used. Is there a command you recommend I use instead? Or is this feature no longer needed?

vxwarlock: use git docs.freebsd.org/en/books/handbook/…s/#ports-using-installation-methods

Title: Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal

no portsnap? cvsup?

what's the right way to build a PIE executable? -fPIE when compiling objects, then -pie when linking?

AumShivaya, Equivalent would be "gitup"

lw, never even heard about that type of executable, but found this redhat.com/en/blog/position-independent-executables-pie

Title: Position Independent Executables (PIE)

so wikipedia says you can do ((previous-average * nitems) + new-value) / (nitems + ) ... which is what i thought about doing but i wasn't sure it would give a meaningful value

AumShivaya, I suggest you looking towards poudriere

er, nitems + 1

er, wrong window

Hi, is it normal for freebsd-update install to last many hours (updating system installed in USB flash drive, kernel was already updated, thus I was running the command the second time after reboot). Got few warnings that certain files are not a directory, top doesn't show much activity but I can see few update related processes (mainly idle).

vezhlys, whats actual freebsd version you're upgrading from?

vezhlys, and patch level. That's what actual 'freebsd-version' says

Currently 14.0-RELEASE-p3. What was the previous one exactly, I don't remember, some 13 release. Potentially, it is USB related, system is a bit sluggish. Guess, I should reboot.

vezhlys, you probably got stuck with '///usr/include/c++/v1/__string exists but is not a directory' errors

Yeah, saw few like this.

vezhlys, I mean, this is a know issue when updating from 13.2, with earlier patch

vezhlys, happened to me. I was able to upgrade without errors after freebsd-update fetch/install to 13.2-RELEASE-p9 prior to upgrade to 14.0

Is there a way to resolve if I skipped that?

vezhlys, Im not sure. Can you rollback (with bectl) and do it again? Or I think there are clues here -> bugs.freebsd.org/bugzilla/show_bug.cgi?id=273661 if you want to check manually conditions of affected files

Title: 273661 – freebsd-update install: ///usr/include/c++/v1/__string exists but is not a directory

vezhlys, if you're already upgraded (to 14.0) chances are it's just ok now? I don't know.

OK, thasnks. Will try to re-run first and check bug report comments. System works, thus not leaning to downgrade, but will see

Nice :)

vezhlys: you need to delete /usr/include/c++/v1/__string and extract the correct version from the base.txz set

but this only breaks the C++ compiler, it wouldn't cause your other issue

i always miss stuff like this when i'm doing C instead of C++

tsearch(3)

Hi

What would you use for a small VPN deployment to allow Windows machine to reach internal network through a FreeBSD machine? ?

I'm not confident to use WireGuard for example, it has wg(4) but isn't in the handbook

I wish to have something as simple as Windows workstation --- 172.x.y.0/23 traffic --> FreeBSD server -- routing already works to send traffic further --> final destination

so just one route to push

so the windows and freebsd machine are on a shared subnet and you want to use the freebsd machine as a router for the windows one?

is net.inet.ip.forwarding enabled? (sysctl)

yes, as it's already a router machine to provide routing for all the subnet

The Windows workstation is a remote VM not on the main private network, and I want to make it able to reach machines on that 172.x.y.0/23 subnet (but yes it makes sense to assign an IP on that subnet too to that machine))

lw thanks for answering

ok, so you need a vpn, none of them are described in the handbook (ipsec was, but that got moved into an seperate article instead), wg is probably the simplest, but the normal tooling to connect your clients, wg-quick, assumes you want to tunnel all traffic via that vpn

nimaje: wg-quick doesn't require you to tunnel more than you want through the vpn

(it works too, if you do not, but you have to be a little be careful when configuring, like not using the DNS key in the config, but use PostUp and PreDown to setup dns correctly)

it just adds interface routes to all peer addresses to the managed wireguard interfaces with special handling for the default route

this special handling is a nasty hack in a flawed attempt to keep overlapping routes between the overlay and underlay in the same routing table

freebsd supports cleaner configurations by using different FIBs (or even vnets)

by doing this the conflict disappears since the route to the peer isn't looked up in the same routing table as the one used for traffic through the VPN

it's a lot cleaner, requires no best effort userspace daemon to remove routing loops as they happen etc.

the problem is that there is no standard way to do this across platforms

well, my issue was DNS not working when using DNS in the config file, it needed a bit of digging until I saw that they call resolvconf with -x, which breaks name resolution if the dns server is just responsible for that subnet

and most platforms have at least two different ways to do it (VRF vs VRF-lite)

and the choice is visible to the user

well, they have diffrent scripts for diffrent platforms

you either have to expose the user to this complexity or go full NetworkManager and take over all network configuration

lets take wireguard on freebsd as an example

how do you want to use it? do you want to encapsulate all your non-wireguard traffic and tunnel it somewhere else?

do you want to just connect back to your home/work/school network if you're not on site?

do you want to provide a wide area point to multipoint overlay per tenant for their jails?

all of this can be done with wireguard in freebsd 13.2 and 14.0 right now with just the base system and a few lines of shell if you know freebsd and usecase

*and your usecase

hm, what are the restrictions on an interface name, ifconfig(8) says 'This parameter is a string of the form “name unit”, for example, “em0”.', but it doesn't say where the restrictions for that "name unit" are

curiously, according to net/if.c:if_rename() there don't appear to be any

# ifconfig '$#\%!0'

$#\%!0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500

well, there is a restriction that the name has to be at least one character long

well, probably NUL and empty string are disallowed (?)

i suppose only root can rename interfaces, but that seems weird. wonder how many things a name like that would break

ah, well, filenames can't contain NUL, so it wouldn't matter for me, as the interface name would come from a filename, hm lists in rc have to be emulated by strings and field-splitting? how annoying is it to use NUL as field seperator there?

seems like it does not :( embeding seems to work via $'abc\000def' but sh seems to handle it like the string ends at the NUL :(

jails could use this to inject terminal escapes into dmesg, that might be fun

or can you not rename ifs in a jail?

wow lw, that is some intrface

kevans: Just noticed sysutils/orch :(

er, I mean :)

Shebang reminds me that FreeBSD only accepts the a single argument for it IIRC :/

Is match just basic string matching you added to lua or is it more complicated pattern matching or something? Looks interesting.

well, posix requires just one argument and how would you pass an argument containing a space if you did splitting there? well, or whatever seperator you decide for

do we not have clang-analyzer in base?

probably not, we have llvm and clang in base to have a compiler in base, not to have the full toolchain in base

nimaje: the restrictions too lax. the kernel allocates 16 bytes for interface names. the name has to fit -> 15 bytes (+ 1 for zero termination) and be unique

you can name your interface $' \t\n\b\b\bem0' if you want to see the world^Wrc.d script burn

or maybe name it $'`rm -rf /*`' if you're "brave" enough to trust the scripts to have perfect quoting for all eval calls ;-)

as long as it fits into 15 bytes you can even use unicode pile of poo if you want to express how shitty your uplink is

why would you call eval in a shell script? (well, ok except when you have some command as user input, but an interface name isn't a command

the less obvious problem is that space, tab and newline are used by various networking commands as field separator

nimaje: e.g. /etc/rc/rc.d/netif does it

because it has to read a variable by name

and /bin/sh offers no other way to read a variable with a dynamic name

lets say you want to configure interface em0

you need to read the configuration from ifconfig_em0 but the shell script has to work for other names too

if the name of the interface is in $ifn

it has to read the variable ifconfig_${ifn}

meena: how long do you need to get jrc production ready?

java rc?

Title: jrc: Principles - HedgeDoc

since the sh shell has only scalar/strings variables and the argument list

"For jrc we chose UCL, which is almost ubiquitous in FreeBSD these days" .oO( if only that was true *sigh* )

an other low hanging fruit to make the rc.d implementation vastly less error prone would be to extend the base system commands

with arguments that allow them to be chained without quoting by appending and prepending to $@

so that the result becomes a single long argument list to be consumed by multiple tools as they process them and exec into the rest

the most common offender against in rc.subr is probably su

meena: did you write down a schema for UCL service files?

that could capture used/useful parts of rc.subr?

and did you discover patterns in existing rc.d scripts that should be expressed as data instead of code?

nimaje: it needs an API that doesn't exist rn: github.com/freebsd/meetings/tree/ma…#existing-supervision-related-tools

Title: meetings/supervision at master · freebsd/meetings · GitHub

meena, nimaje: do you follow the notes from the weekly production user + developer calls on jails and bhyve started by michael dexter?

imo the best way to add reliable supervision would be make it possible to allow completely **insecure** jails which place no limitations on the jailed processes

these would only be use for tracking the contained processes

resource limits already work with jails

so do other kernel subsystems like mandatory access control, etc.

yeah, that's the concept of nulljails that's been discussed a couple of times. however, it might be better to have an API orthogonal to jails

it would probably add little and would make the implementation a lot more work

i'm fine with only showing them if you ask explicitly and starting their jid allocation in the upper half of the jid range

this way users wouldn't complain about cluttered jls output etc.

*nod*

which is a valid concern. the default output should stay meaningful to human users

oh, nulljails was only an idea/discussion and doesn't work currently?

_xor: match uses Lua patterns by default, but not demonstrated there is that you can switch to POSIX EREs or plain flavored matching

it was just lua patterns in the beginning, but se@ noted that they may be pretty suprising to folks not otherwise engulfed in the lua world and that an option would be good

which... yeah, I could see that

there's no way to get a seqpacket socket over TCP, right? i guess you need SCTP for that

nimaje: right. no one has come forward with an actual design, let alone an implementation.

Dereckson: i would recommend StrongSwan

meena: github.com/llfw/netd

Title: GitHub - llfw/netd

lw: we're aiming to move to -std=gnu17, so you can use that too

and add -pedantic, to actually get errors about standards conformance

oh, resolvconf disallows / \ ' ' and * and additionaly names starting with . - and ~ there should be one place that defines what a valid interface name is, programs shouldn't just add some restrictions because it is annoying to handle for them

meena: but then i can't use [[noreturn]] :-/ maybe i should use -std=c2x, but i usually prefer to avoid the ones that aren't fully implemented

patience, it's just gonna be a year or five or so until we're there

shouldn't gnu17 be a superset of c17 ?

it's also a subset of c23

i don't like the gnu extensions, i just s/[[noreturn]]/_Noreturn/ for now

github.com/llfw/netd/blob/main/netctl/netctl.c#L2 this is unfortunately somewhat problematic… in some countries that don't have that concept

Title: netd/netctl/netctl.c at main · llfw/netd · GitHub

yeah, i know. i'll probably add something to license it under CC0 as well

lw: that is what CC0 is, mostly: this software is public domain where such a thing exists, otherwise it's licensed under this extremely lax MIT/BSD license

lw: this github.com/llfw/netd/blob/main/netctl/netctl.c#L145 looks confusing. i would call that label cleanup, and have a variable for return value

Title: netd/netctl/netctl.c at main · llfw/netd · GitHub

i've seen that pattern elsewhere but it always looked a bit odd to me

maybe it would be neater than calling nvlist_destroy() 3 times though

lw: another thing that might be worth thinking about now, before it feels insurmountable: libxo for netctl

i was thinking about libxo, but i need to do some rtfm and see if it can support the sort of output i want (which is zfs-like, so you can do netctl list-interfaces -Honame, or whatever)

ps supports that

is it possible to do custom text-based output in libxo and also output the programmatic formats if requested? i really don't like the way things like nfsstat display output and i'd rather have a more natural human readable format (a bit closer to what ifconfig does)

not so much for something like list-interfaces, because it's just going to be a basic table, but for 'show-interface' or whatever

ps?

ps doesn't really do anything like i mean, let me write up an example

ps can display trees, and you can rename headers

meena: this is roughly the sort of text output i want: le-fay.org/tmp/30d/show-interface.txt (... i just wrote made this up now, so it's not final, but the idea is it should be easily readable for a human)

yeah, that's just the standard output part

on a different note, i wonder why my bridge interfaces have different costs when they're both 1Gbps (not that tap really has a speed, but it reports 1Gbps)

hm, why does local-unbound-setup generate a resolvconf.conf that says "Modifications will be overwritten."? shouldn't that file just stay the same?

I dug out a patch for tap to report full-duplex: freebsd/freebsd-src #745

Title: tap(4): allow full-duplex and non-zero speed by igalic · Pull Request #745 · freebsd/freebsd-src · GitHub

my tap says full-duplex so i guess i already have that

is there a way to use the old ascii boot loader logo?

i've tweaked loader_logo= with every example I could find. in the ascii days my loader was centered in the screen and it was a bit nicer

tsoome: can you answer concussious' question? ⬆️

lw: given its vintage, that would make sense

to answer my own question, it seems cgit.freebsd.org/src/commit/usr.sbi…40c9a9ccc46480c36781e2205ec9565be45 added the warning in at least one place to much, just because it was generated doesn't mean the generator will run again

Title: src - FreeBSD source tree

the screen "location" is different kind of problem - atm we configure terminal screen to use as much of space as possible, but the issue about it is that the loader screen layout is built assuming 24,80 terminal.

meena: i'm still confused about the cost though... le-fay.org/tmp/30d/1UoF1O.txt if they're both 1Gbps shouldn't they have the same cost?

i wonder if the bridge comes up before ix0 realises it only has a 1Gbps link and not 10Gbps

tsoome: even still, is it possible to use one of the classic ascii logos?

lw: if I think about the way netif is structured, i would say: probably not

if i can resolve this i will absolutely issue pr to the manual

BTW, is anyone looking for a bsky.app invite? I have some available.

meena: if i'm understanding xo_emit(3) right (it's a bit terse) i just wrap the meaningful parts of my text output in the {} tags and it'll extract them magically for json/whatever output?

👍

lw: i'd suggest you look at some of the existing stuff that uses it and work from there. it's very easy to generate invalid json or misformat the string with xo_emit

i was about to look at nfsstat since i was hacking on that recently and i remember it uses xo

Also, careful about floating point numbers, they come out locale dependent in json, which is… wrong, because json only knows English

concussious yes, the easiest way is to have bios boot - it defaults to have vga text mode.

just once every other decade i would like some monolingual anglophone to produce a piece of technology that doesn't fall apart of you expose it to a different encoding, locale or writing direction

to be fair json is terrible in english too

somebody named Jason should invent a new, better format and call it DOUG

that reminds me, I really need to look into Dhall

well, that'll do: le-fay.org/tmp/30d/wEJqoM.txt - it's a bit odd to include the name twice but it seems like xo_emit doesn't parse format strings outside of a field (maybe i need to read xo_format(5) more)

that reminds me freshbsd.org/freebsd/src/commit/cd2…c090858e5cfae3be005453ec634c1fca36a

Title: FreeBSD / src / cd201c0 / ifconfig: add -D option to print driver name for interface - FreshBSD

lw: i'd probably want interfaces to be an array of objects rather than contain the objects because then it's way easier to express for iface in interfaces ...

the discussion reviews.freebsd.org/D42721

Title: ⚙ D42721 ifconfig: add -D option to print driver name for interface

also, do make sure that the XML and HTML you generate are also valid

hmm, i feel like because it's a list of things and the properties of the thing, a dict seems more appropriate. can't you iterate that fairly easily in most languages? 'for ifname, iface in interfaces.items()' in python

(i fixed the duplicate name by making it a 'title' field)

lw: the main reason i say that is because of the reduntant "name" field

okay, this will do for now: le-fay.org/tmp/30d/5AzVrv.txt - the JSON is a bit odd but the example i found (juniper.github.io/libxo/libxo-manual.html) also has slightly odd json

other than that, i don't really have an opinion on it as long as it's valid json/xml/etc :D

dstolfa: i fixed the duplicate name field but it made the xml terrible so ^ seems like the compromise :-)

tsoome: thank you, is there a setting we can mention in the manual

this is a nice encouragement to switch to seabios

(github.com/llfw/netd/blob/main/netctl/netctl.c#L106 - anyone who knows more about libxo than me feel free to suggest any improvements :-)

Title: netd/netctl/netctl.c at main · llfw/netd · GitHub

lw: the xml seems fine, but why is interfaces an object and interface a list in the json?

nimaje: i don't know. i can't find a way to make it not do this without making the XML wrong

fwiw ps(1) seems to do this too: {"process-information": {"process": [{"pid":"12889","terminal-name":"v0 ",...

(... why does terminal-name have a trailing space there? that seems like a bug)

oh, because it's allowed to have a trailing '-'

hmm, sending a netlink message with type=RTM_GETADDR, flags=NLM_F_DUMP doesn't seem to do anything

oh, you can't send two requests at once, you have to wait for the first to finish

lw: good thing you have a daemon which can serialize those things

alternative interpretation: Congratulations you're now building a system that needs to guarantee serializability; let's hope nobody plans to make it distributed.

uh oh

meena: i don't wanna implement things properly why can't it just work whaa whaa whaa

oh that's so sad, bzero is deprecated in posix?

why do all the good things have to die. like K&R function definitions

deprecated in 2001, removed in 2008

well, there is memset and calloc, which would still be wrong with pointers, but the man page doesn't read like bzero is deprecated in freebsd

wrong with pointers?

Title: strings.h « include - src - FreeBSD source tree

if you have a struct { int* a } and calloc that struct, then a will have the value 0, that doesn't have to be a NULL pointer c-faq.com/null/runtime0.html c-faq.com/malloc/calloc.html

Title: Question 5.18

"a will have the value 0, that doesn't have to be a NULL pointer"

what ?

i believe this is about the standard allowing that the NULL value of a pointer doesn't have to be the zero value, so bzero of a struct might not set a member pointer to NULL. (ofc, this is not on an issue on any platform freebsd runs on)

I liked K&R signatures.

mason: hisss

hisss is not enough, bite them!

6.3.2.3 Pointers:

"An integer constant expression with the value 0, or such an expression cast to type void *, is called a null pointer constant"

"If a null pointer constant is converted to a pointer type, the resulting pointer, called a null pointer, is guaranteed to compare unequal to a pointer to any object or function"

7.17 Common definitions <stddef.h>

"The macros [...] NULL which expands to an implementation-defined null pointer constant"

from at least ISO C 1990

i fail to see the problem

babz: the issue is that the actual value of a null pointer might not be 0. "char *s = NULL;" creates a null pointer, and so does "char *s = 0;", because 0 is magical when you assign it to a pointer, but "char *s; memset(&s, 0, sizeof(s));" might not, if the null pointer constant is not zero

babz: the important part *integer constant expression*

for example, imagine an implementation where 0x0 is a perfectly valid address, so it uses 0xffffffff to designate a NULL pointer. "char *s = 0" will emit instructions to load 0xffffffff into 's', not 0x0.

and then if you did if (s == 0) it would compare the value of s to 0xffffffff

i have never actually seen any implementation where the machine value of a null pointer is not zero, but the standard does allow it, so presumably at least one such system exists

C is such a beautiful language

and stood the test of time too

Title: Question 5.17

nimaje: oh please, poorly written C code on PRIME? PRIME went out of business before ANSI C even existed

i mean, useful example, but that faq is bit over judgemental :-)

Title: C23 is Finished: Here is What is on the Menu | The Pasture

Thankfully all of those old really weird systems are so rare now that if one simply powers on to the system loader prompt then we count that as good and move on.

hi. Is it possible to get a dynamic IP when bpf disabled? (custom kernel) dhclient tool require bpf in kernel to get an IP from DHCP server.

I installed dhcpcd as alternative to test it. But it failed to get an IP from DHCP server too.

pretty sure it should be possible to implement DHCP without requiring bpf, no idea why dhclient hard requires it

Title: Why does dhclient require bpf? | The FreeBSD Forums

have a look at. thx

man.freebsd.org/cgi/man.cgi?query=d…+Ports&arch=default&format=html#end says "You must have the Berkeley Packet Filter (BPF) configured in your ker- nel. The dhclient utility requires at least one /dev/bpf* device for each broadcast network interface that is attached to your system.

Title: dhclient

dhcpcd also require bpf. So i think all tools for get dynamic IP adress from DHCP server require bpf in FreeBSD. is it true?

Probably more generally all tools that require general raw network socket access need bpf. I think.

it's not necessarily about raw socket access but about needing to sniff out packets that aren't really directed that precisely

So trying to port busybox-udhcpc to freebsd to work around bpf dependency. hoping it works.

fatal: detected dubious ownership in repository at '/usr/src'

uhh

what is producing this output ?

git status

i can add an exception but what the heck, how did that even happen

'dubious' means it's not the same user

oh yes

we don't have enough information to know that this is unreasonable

ah

that's the default behavior if you run that as a user

if you're root and the repo is owned by a user it'll produce the same message

it doesn't discriminate

i am still "cleaning" up some chown command (not sure how) that messed up things

yeah i was not getting at root but i do not want to be editing the /usr/src stuff as root

hm, "#include <linux/filter.h>" I guess zagorkarabela is out of luck with that busybox one

instead of editing /usr/src clone the src repo inside your ~

I'm curious

how do you push back to /usr/src ?

I mean, one could run (git push) as root

but that would produce the same warning/error

babz: what… are you trying to accomplish?

nothing

What I wanted to know was: how do you folks keep a dev environment in sync with the actual base system ?

babz: PkgBase.

I should really take a look at this...