00:37:30 can i ask dumb/beginner questions about freebsd in here? i want to get a qualitative feel for managing a production service running on freebsd 00:40:10 sure 00:42:37 i have a web application,... i am writing a rust binary with a postgres database, probably will continue to run on ec2. i've been using ubuntu for this for a while but am contemplating switching to freebsd 00:43:59 great 00:44:12 so spin one up and see how it feels 00:44:37 i actually used to use freebsd when i was a kid and i have used it for some unimportant hobby projects, but never in production 00:44:57 ubuntu has this phenomenon of "unattended upgrades",... but i am reading some forum posts--i guess freebsd doesn't have this? 00:45:26 i would really like to just write my application code and not need to worry about "having a pager" and deal with emergencies where everything suddenly stops working 00:45:43 you could script the system to upgrade itself automatically if you wanted, but there's no facility for that in base system (as far as i know) 00:47:19 sounded like they didn't want automatic updates. 00:47:27 and what about keeping exactly one copy of my web application binary running at all times, even if it crashes/panics etc 00:47:51 oh, no i do want automatic updates as long as they don't break my system... 00:48:54 if you don't test the updates, its only a matter of time that one does something you don't expect. 00:49:00 segfaultfizzbuzz: you can do that with daemon(8) 00:50:20 llua: so the only way to really know if your application breaks after an os update is to run it? that's pretty wild 00:51:32 how else would you know if it breaks other than testing it? this is why people have test environments, there's always a chance an OS update will break something, on any platform 00:52:04 yeah, unattended upgrades are kind of annoying for exactly that reason 00:52:09 lw: the other possibility is that interfaces are held rock solid ... 00:52:09 software made by humans aren't infallible 00:53:25 segfaultfizzbuzz: by interfaces do you mean the OS API/ABI? that is guaranteed to be stable within a release, the issue is that any code change can introduce bugs that might break something 00:54:03 if you have a pager that's up to you and your operations procedure 00:54:38 heh https://newsletter.pragmaticengineer.com/p/inside-the-datadog-outage 00:54:39 Title: Inside DataDog’s $5M Outage (Real-World Engineering Challenges #8) 00:55:13 yeah you would think that the OS API/ABI was stable... 00:55:31 on some days i want to just get rid of the operating system 00:57:12 segfaultfizzbuzz: freebsd-update can be run on a crontab daily for unattended installs 00:57:18 unattended updates* 00:57:44 ah yes, just run as close to the metal as you possibly can, that'll solve some problems :-) 00:57:53 if you turn your binary into a rc.d service, it's easy to make the daemon binary keep exactly 1 of your binaries running at a time, and start on OS start up 00:58:36 i have been looking at aws lambda to solve some of these problems but i am intimidated by the difficulty of planning costs / likely costs (especially api gateway costs) 00:58:47 alepzi: care to provide some details on how to do that? 00:59:24 which 01:00:11 exactly one copy triggered at os startup 01:01:00 pkg install nginx, then look at its contents at /usr/local/etc/rc.d/nginx and see how it handles getting automatically started by the OS. that's prolly more complex than it needs to be 01:01:14 then when you're running your binary in YOUR rc.d file, you just put daemon in front of it 01:01:25 read man daemon 01:02:51 why do i see this "pause for one second on restart" phenomenon 01:02:57 segfaultfizzbuzz, A super big advantage for FreeBSD on ZFS is Boot Environments. If something does break with an upgrade it is easy to boot the previous Boot Environment clone and have things running. Then investigate the breakage the upgrade caused leisurely. 01:03:31 "Supervise and restart the program after a one-second delay if it has been terminated." 01:04:09 On EC2 I don't know exactly the procedure to rescue something if it has gone astray. I have in the past there mounted the block storage on a second system and then hacked on it and then booted it. So that is always possible. 01:04:10 that controls how long you want daemon to wait before it restarts the binary 01:04:37 can i also have my process killed if it uses more than X GB RAM (in the event i have a memory leak, or a dependency has one)? 01:05:05 resource limits 01:05:18 rwp: uh it sounds like you have physical access to your machines? 01:05:32 wouldn't killing your process due to a memory leak be a pager event on its own? 01:05:46 segfaultfizzbuzz, I have console access to my machines. I know AWS EC2 has traditionally not provided a console. Do they now? 01:05:50 kevans: if it is restarted by the operating system, in many/most cases no 01:06:20 On EC2 I have had to mount the block storage on another running system, then debug things, look at logs, hack files, then unmount the block storage and boot the EC2 node up after rescuing it. 01:06:28 ah, so assuming you're running it under dameon, killing it (so it can be restarted) 01:06:53 rwp: you can ssh to your instance if that is what you mean by console. ec2 has had that for a very long time,... or do you mean something lower level...? 01:07:11 yeah i want daemon to watch the RAM usage and kill it above 4GB or so 01:07:19 The system console is where the machine boots from. If the machine can't boot then no I can't ssh into it. 01:07:47 But at AWS I can ssh into a different system that is next to it and then mount the block storage of the non-booting system onto the booting one. Then look at log files and fix things. 01:07:54 rwp: uh, does freebsd sometimes have an update which causes it to fail to boot? that could be a dealbreaker 01:08:07 I have never had a FreeBSD update fail to boot. 01:08:18 But I did lock myself out of my own machine through stupidity on my part once. 01:08:31 haha howd you do that 01:08:47 another question would be how to lock down a freebsd machine for exposure on the public interwebs 01:08:48 freebsd is no more buggy than linux debian 01:09:12 you said interweb so i'm not going to help anymore 01:09:23 I changed all of my login shells to /usr/local/bin/bash, performed a major upgrade from 12 to 13 of the base system, did not upgrade the packages, rebooted, and could not log in because I had no functioning shells. D'Oh! I had not followed the release notes and had not upgraded my pkgs yet. 01:09:25 no i used plural 01:09:38 all of the series of tubes 01:10:10 rwp: uh,... yeah i theoretically could have done something like that,... 01:10:12 Hardening would generally be using one of the several available firewalls of which there are three that are popular. 01:10:14 ya like tubes with rifling huh 01:10:21 i don't have time to read release notes, i just want my process to run 01:10:47 * kevans facepalms 01:10:51 If you don't have time to read the release notes then you will have time later to fix the broken system. 01:11:21 this has gotten too painful to watch... see ya 01:11:35 In any case I find FreeBSD to be more reliable and more stable than my Debian and Ubuntu systems and I am slowly migrating my machines from those to FreeBSD. 01:12:07 yes. And I must relocate myself as well. So now seems like a good time for it. 01:13:29 i guess i shouldn't say interwebs in #freebsd 01:14:39 i don't speak for #freebsd 01:15:14 i have that opinion of ppl that use that word because it's from an era when lazy normie dummies came online and made it even worse. like eternal september got aids 01:15:22 the reddit era 01:15:46 yes but i am using it sardonically 01:16:31 >yes 01:17:20 the same hype beasts that watched Silicon Valley 01:18:07 * segfaultfizzbuzz pretends to have not seen most of silicon valley 01:20:18 so i would create a user for the process in order to impose a resource limit? 01:44:23 man, our poor mail driver substitute. twice now she's been out to our house, both times she's gotten stuck on ice 01:44:29 shit, this is not the right channel 01:46:04 segfaultfizzbuzz: easiest way to set resource limits, if your program is being run using an rc.d script, is to set yourprogramname_limits="whatever" in /etc/rc.conf 01:46:40 you can put limits on a binary ran by any user just by binary_limits=""? 01:46:44 "..." 01:46:59 kevans; i was impressed with the package deliveries i got, despite the weather... physical delivery is relevant to #freebsd as a motive for computer networking 01:47:25 true enough 01:47:51 our mail has been effectively suspended for the last week, kansas (middle of nowhere, US) has been getting somewhat destroyed 01:48:48 alepzi: I thought it only worked for things run by run_rc_command? 01:48:50 we should have a law mandating triply reundant fiber and a switch in every household 01:49:04 i just didn't know about _limits at all 01:49:33 ${[service}_limits 01:49:41 I learned about it last week reading the rc.conf man page :) 01:49:42 awesome 01:50:19 segfaultfizzbuzz: fwiw, my problem wasn't with "interwebs" but with "i don't have time to read release notes" 01:50:19 you can also set a login class for any service (useful if you have a common set of limits for multiple daemons, I guess) 01:50:30 or even a fib (much more useful in my particular case) 01:50:36 might have been a joke, but it hurts. we write those things for a reason 01:50:44 too many people don't bother 01:51:29 yeah, the freebsd release notes are not _that_ long, and usually very informative 01:52:04 i'm on macOS for my dev machine,... i just ran man limits and got nothing--i thought macOS was roughly a (free)BSD of some kind, is that no longer true? 01:52:29 there are a lot of utilities from freebsd, but the ones that make sense 01:52:36 macOS has a bunch of FreeBSD userland still kicking around, but it's not really FreeBSD per se, and never has been 01:52:47 segfaultfizzbuzz you run production shit on ubuntuh but don't read their release notes? 01:53:14 alepzi: if i read everything i was "supposed" to read i would get nothing done 01:53:23 segfaultfizzbuzz you run production shit on ubuntuh but don't read their release notes? 01:53:46 at some point that's borderline irresponsible, especially for something you rely upon just working 01:54:22 segfaultfizzbuzz: you can read freebsd man pages online - https://man.freebsd.org/cgi/man.cgi?limits 01:54:23 Title: limits 01:54:26 i am looking at https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668 right now 01:54:27 Title: Jammy Jellyfish Release Notes - Release - Ubuntu Community Hub 01:54:41 so you do read release notes for ubuntuh, but don't wanna for freebsd? 01:54:50 oddline: oh i know i was just hoping to be able to fiddle with some freebsd stuff directly on my macOS dev machine, looks like i can't 01:55:11 you might be able to run freebsd as a guest in macos hypervisor? 01:55:24 alepzi: i mean if you look there it's stuff like " UDP disabled for NFS mounts" and a bunch of version numbers,... it's all line noise to me 01:55:41 i'm not going to say "stop the presses, i don't want glibc 2.35!" 01:56:16 segfaultfizzbuzz: k what i'm trying to get to but you won't directly answer shit is, sounds like you don't actually wanna work at the abstraction level of OS and programs. you maybe want container hosting or functions as a service? 01:56:21 then you have NO OS duties 01:56:32 they did mention lambda, to be fair 01:56:52 ya, and i'm saying that sounds more approp 01:57:02 yeah see above for lambdda/api gateway considerations 01:57:19 segfaultfizzbuzz: if you scroll down a little, there's stuff in those Ubuntu notes that I'd certainly want to know - like moving from xtables to nftables as a firewall backend, which might break docker, for example 01:57:51 i don't use docker, just a binary 01:58:08 ya well "every option requires work and i don't like that" doesn't leave you many options now does it 01:58:51 ...i suppose what might be lost in coversation here is that i am looking at the "operating system" abstraction level to *decrease* how much stuff i need to manage/*decrease* surface area 01:58:53 so think about it, which is really the right level for you? 01:59:28 then that means shit like reading release notes, or having downtime/security holes 02:00:12 and if there's some way easier way that none of us are seeing except you, i'm all ears. innovation happens 02:00:27 like in a perfect world, how would all this shit work perfectly for you? 02:01:04 perfect world would be a rock solid and minimalist API/ABI probably and as close to bare metal as possible 02:01:25 that does what? 02:01:33 as close to nothing as possible 02:02:11 keep my process running and provide network io probably? and then i would need a second one of these to run postgres and keep it running/provide network io 02:02:19 the more stuff you take out of the OS, the more has to be reimplemented by the application. in most cases, this would probably just move your problems... 02:02:24 but then you start building the basics, and you add some design holes, and discover why OSs have some complexity 02:02:50 like authentication, user management 02:02:56 resources, permissions 02:02:56 i need the OS for threads? 02:03:08 logging, alerting 02:03:20 there is only one process on the machine, and it shouldn't be allowed to modify any aspect of the system 02:03:21 maybe intrusion detection and cron jobs 02:03:57 ah yes i need a third one for running cron but i might be able to make my own cron... 02:04:01 "run a network server and postgres" already requires your OS to provide: disk and network card drivers, a TCP/IP stack, multitasking, a file system, probably privilege separation in some fashion, probably a firewall... 02:04:34 i am indeed dependent on the aws firewall being good 02:05:03 but only a single port would be open publicly, 443 02:05:21 actually, it sounds like what you're describing is a unikernel 02:05:53 i briefly looked at trying to run sel4 on ec2 but didn't get anywhere 02:06:11 seL4 is very cool, but trying to run it in a public cloud sounds like a nightmare 02:06:32 in looking at the ubuntu release notes, i am directed to yet more release notes for systemd 02:07:01 the thing about release notes, especially worth noting if you were never in the habit of reading them before: 02:07:06 you don't have to pore over them in fine detail, just scroll through - "upgraded thing I don't use, deprecated thing I don't use - oh hey, this is a piece of software that's important, I'll read that paragraph - oh hey, this says "important", I'll read that" 02:08:01 hopefully you'll pick out anything obviously important; plus, if something breaks, you might remember "oh, I skipped a paragraph in the release notes that sounds relevant, I'll go back and check that" 02:08:25 can you give me an example of a release note item that i would actually realistically need to respond to (and could understaand), given the system i am describing? 02:09:37 how about "we've upgraded to a new version if postgres; this means any new accounts will use a new authentication scheme by default" 02:09:59 breaking changes 02:10:06 which could make it hard for you to make a new db user for your app, if your app was, idk, using an older version of a library or behind on feature support 02:10:21 that's just the first plausible example that comes to mind 02:11:26 the question of updating postgres is another topic i am interested in but did not want to derail the more OS focused discussion here,... 02:12:06 the database users for postgres i think are stored within the postgres database itself and is independent of the OS ... ? 02:12:09 what I mean is that that is something that could appear in an OSes release notes 02:12:29 my server is not a timeshare system, i am not allowing university students to use it or anything like that 02:13:02 most users will be installing software like a database from OS packages, right? so if the new version of the OS packages a new version of the database, and the new database behaves differently to the old version, that might get mentioned in release notes 02:13:35 sure but i seriously doubt that i would be able to login to the database entirely... 02:13:36 not every single piece of software will rate a mention of course, but important things like network servers, databases, widely used libraries, and language runtimes often will 02:14:06 i have no language runtime, i would like to ditch openSSL for rustls and eliminate that dependency although i admit that is one 02:14:14 segfaultfizzbuzz: in your perfect world, how do logs work? 02:14:49 i would have to recompile my binary with logs added and probably trigger network events to transmit the logs 02:14:50 segfaultfizzbuzz: well, you never know, right? I based this example on a real thing that happened with MySQL / MariaDB, where they changed the default authentication scheme, breaking compatibility with any app that didn't have a relatively modern mysql library 02:15:30 heh that's a bummer. i do have unfortunately a binary dependence on libpq and am realizing that might be a good thing to get rid of 02:15:58 ...that being said it's unclear to me why i would want to update postgresql at all 02:16:23 segfaultfizzbuzz: anyway, as I mentioned before, the philosophy you're describing - where an app is entirely self-contained, running either on bare metal or (more commonly) on a hypervisor / in the cloud, with no traditional OS, is called a unikernel. they have their own upsides and downsides, but if you're interested, have a look at https://github.com/rumpkernel/rumprun/ and https://mirageos.org/ 02:16:24 Title: GitHub - rumpkernel/rumprun: The Rumprun unikernel and toolchain for various platforms 02:16:44 my database queries all run through an ORM and everything is typesafe,... 02:17:06 they usually work by borrowing drivers from an existing OS - commonly from NetBSD, actually 02:17:48 segfaultfizzbuzz: does your binary need a reverse proxy or does it handle https requests directly? does it auto renew its tls cert? 02:17:49 do these unikernels work on ec2? do they have enough users that i'm not going to hit some awful defect? 02:17:59 direct https 02:18:19 direct to axum or? what's your server stack? 02:18:38 the tls cert can be autorenewed by amazon route53 actually, you can configure a custom cert behind elb 02:18:47 alepzi: yeah something like that 02:18:49 work on ec2? I don't know, I think there was some way to run them on AWS though... have enough users? depends what you mean by "enough"... they're not super popular anymore, no 02:19:03 actually, as it sounds like you're a rust developer, check out https://github.com/hermit-os/hermit-rs 02:19:04 Title: GitHub - hermit-os/hermit-rs: Hermit for Rust. 02:19:15 yeah this is where "i think there was some way to run on AWS" is probably not wise as much as i would like to try this ;-) 02:20:15 probably most ideally i would compile my binary in my machine, have some way of inserting it into a VM image, and then upload the VM image to EC2 02:20:30 I only say that because I've never tried to use these frameworks in anger 02:20:35 for all i know it's very easy 02:21:45 but anyway, this _is_ the cutting edge in the sort of deployment philosophy you're describing. it's an off-the-beaten-path approach; you'll be using off-the-beaten-path tools. otherwise, you're stuck dealing with normal OSes like the rest of us :-P 02:21:57 is there a "alpine freebsd" project? 02:22:13 depends what you mean by that 02:22:31 there's ChimeraOS, which is a Linux distro that resembles Alpine in many ways, but uses a bunch of FreeBSD userland tools? 02:22:33 i'm not sure it's a smart idea to not have users for security purposes, but i mean cut out as much stuff as possible 02:22:54 there are ways to build a more minimal FreeBSD system, yes; some more intense than others 02:23:01 none of which I'd really recommend to a beginner 02:23:27 so i don't have to read release notes about printer driver spool queue deadlocking when nearby bluetooth devices are paired with electric toothbrushes manufactured in latvia in the third quarter of 2021 02:23:59 well, you still have to read those - the tools to build a minimal distro don't also build a minimal release notes to match :-P 02:24:20 I mean, or you could not read them. that's an option too. we just think it's a good idea, just like it is for Linux distros. 02:25:14 well that is nice in theory, like eating brussels sprouts. but the signal to noise ratio is absolutely awful. maybe there needs to be a "critical release notes" or something 02:25:40 if my dependency surface area decreases then those notes become less relevant right? 02:25:54 some of them, sure 02:26:43 the most intense way to get a tiny BSD system is NanoBSD, which was originally designed for embedded systems; I wouldn't recommend it to get started with production freebsd 02:27:06 your two other options are PkgBase, which will let you uninstall some packages (though not as many as you might like) 02:27:54 furthermore i may well assume that the release notes are *unimportant* to my application unless they impact very specific packages/software which my application depends on: postgres, openssl, ssh, rust,... 02:27:55 or just rebuilding world with a bunch of `WITHOUT_` in /etc/src.conf 02:28:31 sure; a bit of experience will tell you which parts you need to care about 02:29:02 but it is unthinkable that SSH itself would no longer work/be supported on freebsd, or postgres, etc 02:29:28 why do you care about ssh if you just wanna run a binary? 02:29:29 or i would *definitely* hear about it because the nerdosphere would be shouting "wtf freebsd stopped support for ssh while everyone else is using it" 02:30:03 alepzi: vestigial practical methodology, as much as i would like to use a unikernel or other academically interesting thing 02:30:32 ya but what do you use it for? you have a binary running and it's automatically restarted if it crashes. so what? 02:30:48 so the macro NL_ITEM_NEXT in uses typeof() (not __typeof()), but this doesn't seem to be defined anywhere outside of _KERNEL? 02:30:51 one other thing worth noting if you pursue a minimal freebsd system - you'll usually also have to either build software from ports, or build your own packages with poudriere or synth 02:30:51 because the prebuilt packages will be linked against libraries that don't exist in your minimal system 02:30:51 (the main culprit is kerberos libs) 02:31:04 or I guess you could leave kerberos in, so you don't have that problem 02:32:16 alepzi: well if we are not talking about the academic exercise, i will need to configure the system, send commands to the database now and then, etc 02:33:55 oddline: interesting,... i think such a project would be above my head,... but let it be known that there are nerds who want an alpine freebsd distro ;-) 02:34:24 not me. i've pretty much given up on the notion of "minimal surface area" being a generally good thing. 02:35:07 and now tend to build the production artifact with a full-blown userspace with sshd and a zillion useful tools available. 02:35:39 how do you deploy? 02:35:53 doug: ok, how did you come to that conclusion? 02:36:46 fixing things in response to user/management freakouts trumps theoretical security gains 02:38:02 lol, can you provide some examples? did you need some utility for some purpose? 02:38:13 at least twice in the last week i've done live patching of a deployed system to figure out some problem or another 02:38:23 kernel patching...? 02:38:38 nah, source code patching & live reload (as i deploy with a reloader) 02:39:12 nothing like being able to hop on a system and tcpdump/ktrace to figure out what's actually happening in production 02:39:19 oh... why can that not be done with an alpine-y distribution? 02:40:00 alpine itself doesn't come with any of the userland utilities to provide that functionality out of the box 02:40:02 https://pkgs.alpinelinux.org/package/edge/main/x86/tcpdump ... i don't see ktrace for alpine 02:40:03 Title: Alpine Linux packages 02:40:12 ok so strace for linux 02:40:37 and then why not temporarily make those applications available during debugging and then remove them from the system ? https://pkgs.alpinelinux.org/package/edge/main/x86/strace 02:40:38 Title: Alpine Linux packages 02:41:01 segfaultfizzbuzz: do you wanna be able to step away for weeks or months and have your binary just running? 02:41:17 alepzi: yep 02:41:34 ya they seem to decay over time and need constant maintenance 02:41:51 used to do that then decided it's not really worth it to have to mess with setting the package source each time & do the updates (and/or opening the network to allow that) 02:42:00 alepzi: what do? 02:42:01 even if you use docker and don't change anything, in enough time it might not even be supported by the newer container runners 02:42:14 I don't speak python. I'm trying to use a script that was written for python 2 that requires pyserial. Will it be easier to upgrade the script, or find an old pt27 pyserial? Or should I just give up? 02:42:16 alepzi: as mentioned, i dont use docker 02:42:23 as an attacker could certainly do that themselves (and typically do transport their own script/binary to the target system for functionality like that) 02:42:31 ya i know, i'm saying even containers aren't a solution 02:43:34 * segfaultfizzbuzz in obi-wan voice: Python2. Now that's a name I've not heard in a long time. 02:45:49 old hardware is supported by old software... 02:46:36 there is a curve, if your hardware/software is too old or too new, it gets more expensive 02:54:49 segfaultfizzbuzz: ooh, just discovered 2to3. Looks like it may fix enough that I can handle the rest. :) 02:56:16 doug: i think also it would almost certainly be way beyond my ability to troubleshoot issues requiring tcpdump or at the kernel/software interface,... 02:58:57 dunno, i find those tools help with "normal" problems. like, seriously cut down the time involved in diagnosis. 02:59:14 i mean, you probably know better than i do ;-) 03:02:47 those things are good at laying bare what's ACTUALLY going on with that fancy schmancy 12-factor OOP dependency-injected microservice monstrosity that some low-level SWE fresh out of java school thought was a good idea to push to production 03:03:03 lol yeah i uh dont use that stuff 03:08:25 Java devs. . . 03:08:55 so i think i found a netlink bug... if you create an interface, you get RTM_NEWLINK, okay. if you destroy the interface, you get two RTM_NEWLINKs for it followed by one RTM_DELLINK. this does not seem like expected behaviour? 03:09:02 When I was working at Cisco Cloud Services, we had this batch of CS interns from Georgia Tech. 03:09:11 i thought it was my code, but 'route monitor' (which uses netlink) does the same thing 03:09:17 The *ONLY* thing they knew was java. 03:09:41 So you'd give them a task that should have been a five line shell script, and. . . out came the JVM. 03:10:06 Was so tedious. 03:10:17 And that wasn't even the most annoying thing about them. 03:18:48 i mean i write rust cli apps instead of shell scripts these days and it takes twice as long and works 100x better 03:19:12 so i would say they got it half right 03:34:07 anyway thanks folks cyall 03:42:39 fuckin hate java 03:43:19 i was lucky to be in the graduating class that was taught python in CS151 and C++ in CS152 03:44:33 the prof who taught computer networking didn't get the memo i guess, cuz all of his network programming assignments were in java. that class provided no hands-on experience w/ the networking equipment (i.e. switches, routers) it discussed either 03:45:16 bed time... 03:45:18 lw: yeah, that looks bogus. even weirder, `route monitor` is showing three ADD events for a delete for a total of four ADD events in the lifetime of this one interface 03:45:27 on this laptop 03:46:58 i get different results between wg and bridge, curiously. destroying bridge seems to generate a message which is somehow unparseable (although i need to investigate that more). anyway, i will file a PR 03:46:59 * kevans reads up on netlink 03:47:22 drop the PR# here if you wouldn't mind, please 03:47:59 (by unparseable i mean i get enough bytes from recvmsg() to contain two messages, but NLMSG_NEXT doesn't find the second one) 03:52:27 kevans: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276414 03:52:29 Title: 276414 – rtnetlink: destroying an interface generates spurious RTM_NEWLINKs 03:53:53 thanks 03:55:40 i also found an unrelated bug in netlink where you can't use it in -std=c99 (or later) mode which makes me think this interface isn't very often used on freebsd 03:55:48 my gut tells me if /usr/lib/pam_unix.so.6 has a changed permission and ssh does not allow me to connect.. is this something that a package could update? 03:56:12 maybe we're meant to use genetlink(4) instead of rtnetlink 03:56:22 to be fair netlink is actually quite new 03:56:29 here, at least; committed early 2022 03:56:40 oh is it? i thought it had been around for ages, but i'm probably thinking of linux 03:56:43 that would explain it 03:57:13 oh wait, no, October 2022; not early, sorry. Yeah, it's been around on Linux for a long, long time 03:58:37 is there another API for this? the application i'm writing only targets freebsd so i don't mind if it's non-portable 03:58:57 ('this' = get notifications about network configuration changes) 03:59:53 the traditional way would be with devd, but it's a little hinky depending on what you're doing considering the architecture 04:00:18 ick. no, i'll stay with netlink :-) i don't mind working out a few bugs 04:00:21 (you'd set up a trigger in devd.conf, so you can run... some script or program, no configuration changes, and maybe that one does the action or maybe it writets over a pipe, depending on what you're doing) 04:00:46 s/pipe/socket/ 04:02:03 whatever you do, be careful when you use chown.. some how i got my whole /usr/lib as non-root 04:02:26 I know close to nothing about development in Java. . . 04:02:29 heh 04:02:37 I just hate it from a sysadmin perspective. 04:02:53 I hate how it uses its own timekeeping and name resolution. 04:03:03 I did something with a makefile yesterday and ended up screwing up my /tmp permissions, but didn't catch it at first... talk about a little annoying to debug based on observing random failures all over the system 04:03:05 Sun rewrote all the Solaris admin tools in Java and it meant every command took 30 seconds to start, it was awful 04:03:25 I hate the memory footpring java apps park their fat ass on for shell script sized functionality. 04:03:26 (i mean the *command line* admin tools, not just the GUIs) 04:03:28 I didnt expect what I was doing to touch /tmp at all 04:03:43 ew 04:03:50 kevans: same.. i have no idea how they became a non-root user.. it is like.. wtf was i doing 04:04:02 as a result ssh was not working because of an openPAM module having wrong permissions 04:04:14 If you're not an oldster like me, you may not remember this, but ther was a time when APC UPSes didn't suck. .. 04:04:43 And the harbinger of that transition into shitdom was when they shifted Powerchute dev from C to Java. . . 04:05:09 And then the hardware went to shit. . . 04:05:32 CrtxReavr: i also remember when they weighed a crap ton and you people would save wear special gloves.. just incase the battery leaked 04:05:50 o_O 04:06:05 you were considered a balla if you could afford one too 04:06:15 I'm thinking that'd be more just about sketchy, 3rd party replacement batteries. 04:07:11 probably, i worked in my high school computer lab.. so I went down the line, it is a liability if a teenager gets hurt 04:07:39 but i did get to play with novell netware and network the 15 computers we had for our compsci class, then busting out the borland ide for C programming 04:08:17 Netware on the server I always found very un-inspiring. . . 04:08:50 i was mostly on client side, we were not allowed to touch server 04:09:04 so we learned how to make ghost disks, "build the computers" and install the OS 04:09:05 But the netware DOS client software had a lot of really cool features for booting from a floppy, getting on the network, and installing OSes, etc. 04:09:49 we eventually got to that level, we started with a ghost server freshmen year and by senior year we were installing with novell and the good ole ipx/spx 04:09:52 good times 04:10:21 Know how IPX/SPX addresses were nnn:macaddress? 04:10:43 Did you realize that nnn part supported 32-bit addressing. 04:10:59 no, i did not 04:11:16 Some theorized the Internet could have been build on IPX/SPX. . . 04:11:25 Which by the numbers, easily. . . but. . . 04:11:27 oh god 04:11:40 The routing tables would have been. . . unwieldy, so say the least. 04:11:51 i bet, i never got to that area of novell 04:12:09 for my internship, i converted a hospital laboratory from Novell to tcp/ip stack 04:12:39 lw: re Java 30 second boot, good thing CPython generates and runs the bytecode in realtime ;) 04:12:40 35 machines ordered, built, ghost, setup in lab and install software to interface with the different lab equipment 04:12:42 Early in my career, I dealt with a lot of IPX/SPX to IP gateways. 04:12:55 Which worked surpisingly well. 04:13:11 now i don't do ANY of that for my career 04:13:32 but funny enough i am in working on technology strategies for laboratory, just a different industry 04:13:54 i get to "work" with agile (what horse s***), regulations and herding cats 04:14:13 i spend 99% of my day in office apps :( 04:15:00 oh sometimes i get to do SQL, i have looked at smalltalk code a few times.. 04:15:31 now in my spare time i horribly break this bastille jail 04:15:47 for some reason chown is messing up this container and acting "funny" but do not understand why 04:18:42 corporate legacy codebases ftw /s 04:19:25 I was in college between '90 and '94. . . 04:19:31 yeah, the application was started as a smalltalk application and has evolved into having their own BASIC implementation 04:20:13 I had a friend who got a job in the Chemistry department, running a lab full off SGI IRIX servers, that were primarily used for doing 3D modeling of molecules. 04:20:26 But this lab had to be Internet-connected. 04:20:48 3d modeling of molecules is fascinating 04:20:52 And even back then, IRIX was infamouse for horrible zero-days, every other day. 04:21:34 i find working with chromatography machines awesome 04:21:42 I got this job, right as the normal school year ended, and spent the summer working damned close to 24x7. 04:21:55 er - He got this job. 04:21:56 and talking to the scientists setting up methods/experiments to test out the stability of a drug 04:22:15 right out of university i worked like that 04:22:20 CrtxReavr: how long did you get the sleep? 04:22:22 also the company i worked for had a consent decree 04:22:26 *get to sleep 04:22:44 My brother-in-law was a PhD Medicinal Chemist. 04:22:45 want to talk about stress... when i read stories about at&t and theirs, i go.. i get it 04:22:56 Now he's just a director. . . 04:23:25 does he say things like "you can take the lab from a scientists but you can't take the lab out of them?" 04:23:48 something along those lines, a few of my friends and coworkers say that a lot 04:23:49 He works for Seagen. . . which. . . was just acquired by Phizer. . . so they're filthy-stinking. 04:23:52 they miss the lab 04:24:06 good ole Phizer 04:24:11 Pfizer I guess they spell it. 04:24:13 they like that model 04:24:18 it is okay.. 04:24:23 i worked for them a few years 04:24:31 they just buy companies, they are that large 04:25:04 They also develop a lot in-house. 04:25:05 oh oncology 04:25:49 Yeah. . . Seagen was supposed to be short for Seattle Genetics, but my brother-in-law was hired for his post-doc work on cancer drugs. . . 04:26:23 Which is why Pfizer acquired them. . . wanted to build their cancer drug business. 04:26:26 yup 04:26:54 i always get a kick out of the viagra story 04:26:55 I was giving my sister shit: "Where was my insider tip to buy-up all the Seagen I could?!?!?!?" 04:27:13 viagra is a failed heart drug :) 04:27:16 She was like, "Bob didn't want to go to jail!" 04:27:22 yeah, pretty much 04:27:48 I know way too many people who got rich off insider trading and never had a problem. 04:27:55 he is probably sitting on a ton of options, that converted from seagan -> pfizer and now he is probably beholden to stay their a few years before they vest 04:28:16 Those who get busted for it are either already filthy, sinking rich, or famous. 04:28:42 the amount of training.. every 6-8 months we go through for that stuff, it is annoying 04:29:36 And the sexual harrassment training, security training, intellectual property training, ad nausium. . 04:29:38 this was a fascinating program i worked with: https://ohdsi.org/ it was how i was introduced to "big data" 04:29:39 Title: OHDSI – Observational Health Data Sciences and Informatics 04:29:40 Corporate America. 04:29:58 in 2014/2015 before it was "cool" 04:30:12 Big data. . . filenames in ALLCAPS. 04:30:16 hahah 04:30:19 this is true! 04:30:35 i could never get the data architect to just make the damn filenames lowercase() 04:30:59 he was like, why does it matter.. "because it looks ugly and i am an apple fanboy.. i buy machines that 'look pretty'" 04:31:12 he never did get my horribly dry humor 04:31:30 Actully, someone was telling me the most intensive big data crunching is less about megabytes, and more about the structure of the data taking so damned long to iterate over all the permutations of. 04:31:46 but the concept of "making" a virtual patient based on hospital information, insurance claims, adverse events, internal data repositories.. then build a statiscal model 04:31:49 fascinating 04:31:57 yup 04:32:27 loading took a few days and we would do sanity checks but once you introduced controlled vocabulary and an ontology to link between disparate sources 04:33:05 * lw wonders if there's a hash table in libc 04:33:16 and understanding how a hospital codes their diagnosis vs procedures and then how a financial claim is coded based on that diagnosis but not necessarily a 1 to 1 machine.. then try to find indications for a drug that most likely DOES NOT link tot he medical or the financial information 04:33:23 aside from hcreate() which is awful 04:34:02 on top of that you can not know anything about the patient and those.. it is anomized 04:34:31 but i am in office apps all day.. documenting and figuring out how to do this stuff 04:35:49 lw: looks like hcreate_r() is just a different version of hcreate() 04:35:58 which my scan through.. looks like "fun" 04:39:25 voy4g3r2: at least hcreate_r lets you create more than one hash table in the entire program (!) but it's still only using strings as keys 04:40:30 true, i am not liking the whole 80% capacity and good luck trying to make it bigger 04:40:36 you are going to need to destroy it and make a new one 04:41:27 the best is: if it returns 0 (hcreate) it could be one already exists or you ran out of memory 04:41:31 good luck figuring out which one 04:42:42 actually, didn't someone say there's a drev for putting nv(9) in userland? that might work for this 04:48:04 that would be outside of my wheelhouse 04:48:17 has anyone ever seen a jail go "wonky" with errors like this: https://bsd.to/Aebf 04:48:18 Title: dpaste/Aebf (Plain Text) 04:48:34 i tried removing the git and tmux package and reloading (hopefully the files would appear) but nope 04:57:21 voy4g3r2, How did you lose /usr/local/lib/libpcre2-8.so.0 and /usr/local/lib/libevent_core-2.1.so.7? /usr/local/lib/libpcre2-8.so.0 was installed by package pcre2-10.42 and /usr/local/lib/libevent_core-2.1.so.7 was installed by package libevent-2.1.12 04:58:11 rwp: i have NO clue 04:58:21 You can use ldd to list the dynamic library dependencies. ldd /usr/local/bin/git 04:58:56 Here is what I see here: https://bsd.to/rzxN/raw 04:58:57 Title: rzxN 04:59:51 If pkg itself is busted then pkg-static exists specifically as a rescue option. I would be inclined to "pkg install -f" and force re-installation of *everything*. Which usually happens pretty quick, actually. 04:59:52 2 04:59:55 yeah not me 05:00:05 https://bsd.to/R2Z3 05:00:06 Title: dpaste/R2Z3 (Plain Text) 05:00:31 Those "not found" lines are illustrative of the problem. 05:00:37 yeah 05:00:44 now it makes me wonder what else is broken 05:00:50 but first lets see if that -f options works on these two 05:01:23 well that fixed that 05:01:28 thank you! 05:01:52 thankfully this was in a jail and NOT the main system 05:02:01 It's a routine operation to reinstall everything after a major upgrade. So we routinely do it. It's not unusual. And it works very fast. Not a burden at all. 05:03:02 pkg upgrade -f it is 05:03:10 as i read pkg install -f only does one package 05:03:29 Did I say "pkg install -f" before? I did. Oops. Yes. It should be "pkg upgrade -f". 05:03:50 its all good 05:03:57 Anyway, glad that you have things back working again. 05:04:11 me too, iw as hoping to update man pages, but learned something 05:04:30 and found out RoboNuffie did a new video on smart tools 05:04:42 but must feed the woodstove (10F) sucks.. 05:04:49 just keeps eating wood 05:05:05 well.. it's winter. at least it's not -30F 05:05:35 yes, that is a blessing.. i can handle teens, below that i just hate the whole, it hurts to breathe outside because of the cold air 05:05:47 it's 8F here, but about a week ago we hit -49F... happens in January just about every year. 05:09:49 a week ago it was in the 50s 05:12:44 lw: it's already there, libnv 05:13:05 (not to be confused with zfs's libnvpair) 05:13:50 we've used it heavily for a couple releases now, at least in casper services 05:16:07 oh, the manpage is nv(9) but there's a library too, ic. thanks 08:17:00 Good morning. After a "pkg upgrade", I got this message; 08:17:11 "Installed packages to be REMOVED: php80-composer2: 2.5.8 - php80-intl: 8.0.30." I have PHP 8.0.x and I usually use/need both modules. Are they removed? Any clue what happened to both packages? 08:17:25 pkg search doesn't find none of them, neither. 08:19:29 tercaL: php 8.0 was removed because it no longer has upstream security support, you should move to php 8.1 or later 08:37:27 freebsd | I think portsnap is no longer used. Is there a command you recommend I use instead? Or is this feature no longer needed? 08:41:04 vxwarlock: use git https://docs.freebsd.org/en/books/handbook/ports/#ports-using-installation-methods 08:41:05 Title: Chapter 4. Installing Applications: Packages and Ports | FreeBSD Documentation Portal 08:47:17 no portsnap? cvsup? 08:51:59 what's the right way to build a PIE executable? -fPIE when compiling objects, then -pie when linking? 08:52:42 AumShivaya, Equivalent would be "gitup" 09:17:03 lw, never even heard about that type of executable, but found this https://www.redhat.com/en/blog/position-independent-executables-pie 09:17:04 Title: Position Independent Executables (PIE) 09:17:26 so wikipedia says you can do ((previous-average * nitems) + new-value) / (nitems + ) ... which is what i thought about doing but i wasn't sure it would give a meaningful value 09:17:32 AumShivaya, I suggest you looking towards poudriere 09:17:33 er, nitems + 1 09:17:45 er, wrong window 09:48:21 Hi, is it normal for freebsd-update install to last many hours (updating system installed in USB flash drive, kernel was already updated, thus I was running the command the second time after reboot). Got few warnings that certain files are not a directory, top doesn't show much activity but I can see few update related processes (mainly idle). 09:54:23 vezhlys, whats actual freebsd version you're upgrading from? 09:55:44 vezhlys, and patch level. That's what actual 'freebsd-version' says 10:01:33 Currently 14.0-RELEASE-p3. What was the previous one exactly, I don't remember, some 13 release. Potentially, it is USB related, system is a bit sluggish. Guess, I should reboot. 10:03:02 vezhlys, you probably got stuck with '///usr/include/c++/v1/__string exists but is not a directory' errors 10:03:48 Yeah, saw few like this. 10:03:59 vezhlys, I mean, this is a know issue when updating from 13.2, with earlier patch 10:04:49 vezhlys, happened to me. I was able to upgrade without errors after freebsd-update fetch/install to 13.2-RELEASE-p9 prior to upgrade to 14.0 10:05:30 Is there a way to resolve if I skipped that? 10:06:48 vezhlys, Im not sure. Can you rollback (with bectl) and do it again? Or I think there are clues here -> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273661 if you want to check manually conditions of affected files 10:06:50 Title: 273661 – freebsd-update install: ///usr/include/c++/v1/__string exists but is not a directory 10:07:41 vezhlys, if you're already upgraded (to 14.0) chances are it's just ok now? I don't know. 10:11:01 OK, thasnks. Will try to re-run first and check bug report comments. System works, thus not leaning to downgrade, but will see 10:11:29 Nice :) 10:21:16 vezhlys: you need to delete /usr/include/c++/v1/__string and extract the correct version from the base.txz set 10:21:42 but this only breaks the C++ compiler, it wouldn't cause your other issue 10:46:32 * lw wonders if there's a binary tree in libc 10:46:39 i always miss stuff like this when i'm doing C instead of C++ 10:49:37 tsearch(3) 11:09:44 Hi 11:10:27 What would you use for a small VPN deployment to allow Windows machine to reach internal network through a FreeBSD machine? ? 11:11:01 I'm not confident to use WireGuard for example, it has wg(4) but isn't in the handbook 11:12:09 I wish to have something as simple as Windows workstation --- 172.x.y.0/23 traffic --> FreeBSD server -- routing already works to send traffic further --> final destination 11:12:17 so just one route to push 11:16:56 so the windows and freebsd machine are on a shared subnet and you want to use the freebsd machine as a router for the windows one? 11:18:51 is net.inet.ip.forwarding enabled? (sysctl) 11:19:29 yes, as it's already a router machine to provide routing for all the subnet 11:20:10 The Windows workstation is a remote VM not on the main private network, and I want to make it able to reach machines on that 172.x.y.0/23 subnet (but yes it makes sense to assign an IP on that subnet too to that machine)) 11:24:50 lw thanks for answering 11:43:36 ok, so you need a vpn, none of them are described in the handbook (ipsec was, but that got moved into an seperate article instead), wg is probably the simplest, but the normal tooling to connect your clients, wg-quick, assumes you want to tunnel all traffic via that vpn 11:47:31 nimaje: wg-quick doesn't require you to tunnel more than you want through the vpn 11:48:15 (it works too, if you do not, but you have to be a little be careful when configuring, like not using the DNS key in the config, but use PostUp and PreDown to setup dns correctly) 11:48:22 it just adds interface routes to all peer addresses to the managed wireguard interfaces with special handling for the default route 11:49:17 this special handling is a nasty hack in a flawed attempt to keep overlapping routes between the overlay and underlay in the same routing table 11:50:01 freebsd supports cleaner configurations by using different FIBs (or even vnets) 11:51:25 by doing this the conflict disappears since the route to the peer isn't looked up in the same routing table as the one used for traffic through the VPN 11:52:16 it's a lot cleaner, requires no best effort userspace daemon to remove routing loops as they happen etc. 11:52:36 the problem is that there is no standard way to do this across platforms 11:53:24 well, my issue was DNS not working when using DNS in the config file, it needed a bit of digging until I saw that they call resolvconf with -x, which breaks name resolution if the dns server is just responsible for that subnet 11:53:25 and most platforms have at least two different ways to do it (VRF vs VRF-lite) 11:53:37 and the choice is visible to the user 11:54:10 well, they have diffrent scripts for diffrent platforms 11:54:38 you either have to expose the user to this complexity or go full NetworkManager and take over all network configuration 11:55:04 lets take wireguard on freebsd as an example 11:56:20 how do you want to use it? do you want to encapsulate all your non-wireguard traffic and tunnel it somewhere else? 11:56:57 do you want to just connect back to your home/work/school network if you're not on site? 11:57:55 do you want to provide a wide area point to multipoint overlay per tenant for their jails? 12:00:07 all of this can be done with wireguard in freebsd 13.2 and 14.0 right now with just the base system and a few lines of shell if you know freebsd and usecase 12:00:24 *and your usecase 12:20:25 hm, what are the restrictions on an interface name, ifconfig(8) says 'This parameter is a string of the form “name unit”, for example, “em0”.', but it doesn't say where the restrictions for that "name unit" are 12:24:22 curiously, according to net/if.c:if_rename() there don't appear to be any 12:24:37 # ifconfig '$#\%!0' 12:24:38 $#\%!0: flags=8802 metric 0 mtu 1500 12:25:06 well, there is a restriction that the name has to be at least one character long 12:25:08 well, probably NUL and empty string are disallowed (?) 12:26:31 i suppose only root can rename interfaces, but that seems weird. wonder how many things a name like that would break 12:29:08 ah, well, filenames can't contain NUL, so it wouldn't matter for me, as the interface name would come from a filename, hm lists in rc have to be emulated by strings and field-splitting? how annoying is it to use NUL as field seperator there? 12:39:54 seems like it does not :( embeding seems to work via $'abc\000def' but sh seems to handle it like the string ends at the NUL :( 12:41:24 jails could use this to inject terminal escapes into dmesg, that might be fun 12:41:30 or can you not rename ifs in a jail? 12:54:52 wow lw, that is some intrface 12:59:26 <_xor> kevans: Just noticed sysutils/orch :( 12:59:31 <_xor> er, I mean :) 13:00:55 * _xor is looking at the examples 13:01:33 <_xor> Shebang reminds me that FreeBSD only accepts the a single argument for it IIRC :/ 13:02:36 <_xor> Is match just basic string matching you added to lua or is it more complicated pattern matching or something? Looks interesting. 13:07:09 well, posix requires just one argument and how would you pass an argument containing a space if you did splitting there? well, or whatever seperator you decide for 13:40:52 do we not have clang-analyzer in base? 13:42:33 probably not, we have llvm and clang in base to have a compiler in base, not to have the full toolchain in base 14:31:45 nimaje: the restrictions too lax. the kernel allocates 16 bytes for interface names. the name has to fit -> 15 bytes (+ 1 for zero termination) and be unique 14:33:18 you can name your interface $' \t\n\b\b\bem0' if you want to see the world^Wrc.d script burn 14:34:25 or maybe name it $'`rm -rf /*`' if you're "brave" enough to trust the scripts to have perfect quoting for all eval calls ;-) 14:37:35 as long as it fits into 15 bytes you can even use unicode pile of poo if you want to express how shitty your uplink is 14:38:22 why would you call eval in a shell script? (well, ok except when you have some command as user input, but an interface name isn't a command 14:38:22 the less obvious problem is that space, tab and newline are used by various networking commands as field separator 14:38:38 nimaje: e.g. /etc/rc/rc.d/netif does it 14:38:49 because it has to read a variable by name 14:39:32 and /bin/sh offers no other way to read a variable with a dynamic name 14:40:16 lets say you want to configure interface em0 14:40:42 you need to read the configuration from ifconfig_em0 but the shell script has to work for other names too 14:41:00 if the name of the interface is in $ifn 14:41:18 it has to read the variable ifconfig_${ifn} 14:41:47 meena: how long do you need to get jrc production ready? 14:42:13 java rc? 14:42:30 https://scratchpad.pkgbase.live/Tn-dtb8OT--CttN1Djn8lw#freebsd-lua 14:42:31 Title: jrc: Principles - HedgeDoc 14:42:32 since the sh shell has only scalar/strings variables and the argument list 14:43:17 "For jrc we chose UCL, which is almost ubiquitous in FreeBSD these days" .oO( if only that was true *sigh* ) 14:44:26 an other low hanging fruit to make the rc.d implementation vastly less error prone would be to extend the base system commands 14:45:19 with arguments that allow them to be chained without quoting by appending and prepending to $@ 14:46:31 so that the result becomes a single long argument list to be consumed by multiple tools as they process them and exec into the rest 14:47:09 the most common offender against in rc.subr is probably su 14:53:44 meena: did you write down a schema for UCL service files? 14:54:53 that could capture used/useful parts of rc.subr? 14:55:41 and did you discover patterns in existing rc.d scripts that should be expressed as data instead of code? 14:59:33 nimaje: it needs an API that doesn't exist rn: https://github.com/freebsd/meetings/tree/master/supervision#existing-supervision-related-tools 14:59:34 Title: meetings/supervision at master · freebsd/meetings · GitHub 15:01:47 meena, nimaje: do you follow the notes from the weekly production user + developer calls on jails and bhyve started by michael dexter? 15:04:55 imo the best way to add reliable supervision would be make it possible to allow completely **insecure** jails which place no limitations on the jailed processes 15:06:08 these would only be use for tracking the contained processes 15:06:48 resource limits already work with jails 15:07:19 so do other kernel subsystems like mandatory access control, etc. 15:08:15 yeah, that's the concept of nulljails that's been discussed a couple of times. however, it might be better to have an API orthogonal to jails 15:09:07 it would probably add little and would make the implementation a lot more work 15:11:24 i'm fine with only showing them if you ask explicitly and starting their jid allocation in the upper half of the jid range 15:11:48 this way users wouldn't complain about cluttered jls output etc. 15:12:08 *nod* 15:12:25 which is a valid concern. the default output should stay meaningful to human users 15:34:49 oh, nulljails was only an idea/discussion and doesn't work currently? 15:48:06 _xor: match uses Lua patterns by default, but not demonstrated there is that you can switch to POSIX EREs or plain flavored matching 15:49:37 it was just lua patterns in the beginning, but se@ noted that they may be pretty suprising to folks not otherwise engulfed in the lua world and that an option would be good 15:49:51 which... yeah, I could see that 16:05:43 there's no way to get a seqpacket socket over TCP, right? i guess you need SCTP for that 16:10:09 nimaje: right. no one has come forward with an actual design, let alone an implementation. 16:54:20 Dereckson: i would recommend StrongSwan 16:57:16 meena: https://github.com/llfw/netd 16:57:17 Title: GitHub - llfw/netd 17:09:30 * meena subscribes 17:11:22 lw: we're aiming to move to -std=gnu17, so you can use that too 17:12:16 and add -pedantic, to actually get errors about standards conformance 17:13:09 oh, resolvconf disallows / \ ' ' and * and additionaly names starting with . - and ~ there should be one place that defines what a valid interface name is, programs shouldn't just add some restrictions because it is annoying to handle for them 17:13:42 meena: but then i can't use [[noreturn]] :-/ maybe i should use -std=c2x, but i usually prefer to avoid the ones that aren't fully implemented 17:14:23 patience, it's just gonna be a year or five or so until we're there 17:14:46 shouldn't gnu17 be a superset of c17 ? 17:15:31 it's also a subset of c23 17:16:04 i don't like the gnu extensions, i just s/[[noreturn]]/_Noreturn/ for now 17:17:50 https://github.com/llfw/netd/blob/main/netctl/netctl.c#L2 this is unfortunately somewhat problematic… in some countries that don't have that concept 17:17:50 Title: netd/netctl/netctl.c at main · llfw/netd · GitHub 17:18:10 yeah, i know. i'll probably add something to license it under CC0 as well 17:20:10 lw: that is what CC0 is, mostly: this software is public domain where such a thing exists, otherwise it's licensed under this extremely lax MIT/BSD license 17:25:35 lw: this https://github.com/llfw/netd/blob/main/netctl/netctl.c#L145 looks confusing. i would call that label cleanup, and have a variable for return value 17:25:36 Title: netd/netctl/netctl.c at main · llfw/netd · GitHub 17:26:23 i've seen that pattern elsewhere but it always looked a bit odd to me 17:28:49 maybe it would be neater than calling nvlist_destroy() 3 times though 17:31:04 lw: another thing that might be worth thinking about now, before it feels insurmountable: libxo for netctl 17:31:42 i was thinking about libxo, but i need to do some rtfm and see if it can support the sort of output i want (which is zfs-like, so you can do netctl list-interfaces -Honame, or whatever) 17:32:26 ps supports that 17:35:20 is it possible to do custom text-based output in libxo and also output the programmatic formats if requested? i really don't like the way things like nfsstat display output and i'd rather have a more natural human readable format (a bit closer to what ifconfig does) 17:35:51 not so much for something like list-interfaces, because it's just going to be a basic table, but for 'show-interface' or whatever 17:38:30 ps? 17:38:47 ps doesn't really do anything like i mean, let me write up an example 17:39:18 ps can display trees, and you can rename headers 17:42:51 meena: this is roughly the sort of text output i want: https://www.le-fay.org/tmp/30d/show-interface.txt (... i just wrote made this up now, so it's not final, but the idea is it should be easily readable for a human) 17:43:47 yeah, that's just the standard output part 17:46:31 on a different note, i wonder why my bridge interfaces have different costs when they're both 1Gbps (not that tap really has a speed, but it reports 1Gbps) 17:47:25 hm, why does local-unbound-setup generate a resolvconf.conf that says "Modifications will be overwritten."? shouldn't that file just stay the same? 17:49:15 I dug out a patch for tap to report full-duplex: https://github.com/freebsd/freebsd-src/pull/745 17:49:17 Title: tap(4): allow full-duplex and non-zero speed by igalic · Pull Request #745 · freebsd/freebsd-src · GitHub 17:50:43 my tap says full-duplex so i guess i already have that 17:55:13 is there a way to use the old ascii boot loader logo? 17:56:35 i've tweaked loader_logo= with every example I could find. in the ascii days my loader was centered in the screen and it was a bit nicer 18:01:24 tsoome: can you answer concussious' question? ⬆️ 18:01:59 lw: given its vintage, that would make sense 18:03:22 to answer my own question, it seems https://cgit.freebsd.org/src/commit/usr.sbin/unbound/local-setup/local-unbound-setup.sh?id=f1b3840c9a9ccc46480c36781e2205ec9565be45 added the warning in at least one place to much, just because it was generated doesn't mean the generator will run again 18:03:24 Title: src - FreeBSD source tree 18:07:21 the screen "location" is different kind of problem - atm we configure terminal screen to use as much of space as possible, but the issue about it is that the loader screen layout is built assuming 24,80 terminal. 18:07:49 meena: i'm still confused about the cost though... https://www.le-fay.org/tmp/30d/1UoF1O.txt if they're both 1Gbps shouldn't they have the same cost? 18:08:51 * lw adds this to list of things to investigate 18:09:14 i wonder if the bridge comes up before ix0 realises it only has a 1Gbps link and not 10Gbps 18:10:55 tsoome: even still, is it possible to use one of the classic ascii logos? 18:13:06 lw: if I think about the way netif is structured, i would say: probably not 18:13:28 if i can resolve this i will absolutely issue pr to the manual 18:13:30 BTW, is anyone looking for a bsky.app invite? I have some available. 18:25:04 meena: if i'm understanding xo_emit(3) right (it's a bit terse) i just wrap the meaningful parts of my text output in the {} tags and it'll extract them magically for json/whatever output? 18:25:26 👍 18:26:09 lw: i'd suggest you look at some of the existing stuff that uses it and work from there. it's very easy to generate invalid json or misformat the string with xo_emit 18:26:32 i was about to look at nfsstat since i was hacking on that recently and i remember it uses xo 18:26:58 Also, careful about floating point numbers, they come out locale dependent in json, which is… wrong, because json only knows English 18:27:58 concussious yes, the easiest way is to have bios boot - it defaults to have vga text mode. 18:28:51 just once every other decade i would like some monolingual anglophone to produce a piece of technology that doesn't fall apart of you expose it to a different encoding, locale or writing direction 18:33:28 to be fair json is terrible in english too 18:34:57 somebody named Jason should invent a new, better format and call it DOUG 18:35:53 that reminds me, I really need to look into Dhall 18:39:21 well, that'll do: https://www.le-fay.org/tmp/30d/wEJqoM.txt - it's a bit odd to include the name twice but it seems like xo_emit doesn't parse format strings outside of a field (maybe i need to read xo_format(5) more) 18:41:00 that reminds me https://freshbsd.org/freebsd/src/commit/cd201c090858e5cfae3be005453ec634c1fca36a 18:41:01 Title: FreeBSD / src / cd201c0 / ifconfig: add -D option to print driver name for interface - FreshBSD 18:41:27 lw: i'd probably want interfaces to be an array of objects rather than contain the objects because then it's way easier to express for iface in interfaces ... 18:41:32 the discussion https://reviews.freebsd.org/D42721 18:41:33 Title: ⚙ D42721 ifconfig: add -D option to print driver name for interface 18:41:41 also, do make sure that the XML and HTML you generate are also valid 18:44:37 hmm, i feel like because it's a list of things and the properties of the thing, a dict seems more appropriate. can't you iterate that fairly easily in most languages? 'for ifname, iface in interfaces.items()' in python 18:44:47 (i fixed the duplicate name by making it a 'title' field) 18:53:25 lw: the main reason i say that is because of the reduntant "name" field 18:53:31 okay, this will do for now: https://www.le-fay.org/tmp/30d/5AzVrv.txt - the JSON is a bit odd but the example i found (https://juniper.github.io/libxo/libxo-manual.html) also has slightly odd json 18:53:41 other than that, i don't really have an opinion on it as long as it's valid json/xml/etc :D 18:54:35 dstolfa: i fixed the duplicate name field but it made the xml terrible so ^ seems like the compromise :-) 19:01:51 tsoome: thank you, is there a setting we can mention in the manual 19:03:06 this is a nice encouragement to switch to seabios 19:03:25 (https://github.com/llfw/netd/blob/main/netctl/netctl.c#L106 - anyone who knows more about libxo than me feel free to suggest any improvements :-) 19:03:26 Title: netd/netctl/netctl.c at main · llfw/netd · GitHub 19:11:41 lw: the xml seems fine, but why is interfaces an object and interface a list in the json? 19:12:00 nimaje: i don't know. i can't find a way to make it not do this without making the XML wrong 19:13:24 fwiw ps(1) seems to do this too: {"process-information": {"process": [{"pid":"12889","terminal-name":"v0 ",... 19:14:42 (... why does terminal-name have a trailing space there? that seems like a bug) 19:17:18 oh, because it's allowed to have a trailing '-' 19:32:15 hmm, sending a netlink message with type=RTM_GETADDR, flags=NLM_F_DUMP doesn't seem to do anything 19:33:53 oh, you can't send two requests at once, you have to wait for the first to finish 19:35:39 lw: good thing you have a daemon which can serialize those things 19:36:33 alternative interpretation: Congratulations you're now building a system that needs to guarantee serializability; let's hope nobody plans to make it distributed. 19:37:16 uh oh 19:37:42 meena: i don't wanna implement things properly why can't it just work whaa whaa whaa 19:58:45 oh that's so sad, bzero is deprecated in posix? 19:58:58 why do all the good things have to die. like K&R function definitions 20:01:44 deprecated in 2001, removed in 2008 20:07:25 well, there is memset and calloc, which would still be wrong with pointers, but the man page doesn't read like bzero is deprecated in freebsd 20:11:43 wrong with pointers? 20:14:42 https://cgit.freebsd.org/src/tree/include/strings.h#n41 20:14:43 Title: strings.h « include - src - FreeBSD source tree 20:20:07 if you have a struct { int* a } and calloc that struct, then a will have the value 0, that doesn't have to be a NULL pointer https://c-faq.com/null/runtime0.html https://c-faq.com/malloc/calloc.html 20:20:08 Title: Question 5.18 20:23:51 "a will have the value 0, that doesn't have to be a NULL pointer" 20:23:55 what ? 20:25:20 i believe this is about the standard allowing that the NULL value of a pointer doesn't have to be the zero value, so bzero of a struct might not set a member pointer to NULL. (ofc, this is not on an issue on any platform freebsd runs on) 20:30:23 I liked K&R signatures. 20:31:48 mason: hisss 20:36:03 hisss is not enough, bite them! 20:40:05 6.3.2.3 Pointers: 20:40:05 "An integer constant expression with the value 0, or such an expression cast to type void *, is called a null pointer constant" 20:40:05 "If a null pointer constant is converted to a pointer type, the resulting pointer, called a null pointer, is guaranteed to compare unequal to a pointer to any object or function" 20:40:05 7.17 Common definitions 20:40:05 "The macros [...] NULL which expands to an implementation-defined null pointer constant" 20:40:29 from at least ISO C 1990 20:40:45 i fail to see the problem 20:43:14 babz: the issue is that the actual value of a null pointer might not be 0. "char *s = NULL;" creates a null pointer, and so does "char *s = 0;", because 0 is magical when you assign it to a pointer, but "char *s; memset(&s, 0, sizeof(s));" might not, if the null pointer constant is not zero 20:45:37 babz: the important part *integer constant expression* 20:45:49 for example, imagine an implementation where 0x0 is a perfectly valid address, so it uses 0xffffffff to designate a NULL pointer. "char *s = 0" will emit instructions to load 0xffffffff into 's', not 0x0. 20:46:01 and then if you did if (s == 0) it would compare the value of s to 0xffffffff 20:46:47 i have never actually seen any implementation where the machine value of a null pointer is not zero, but the standard does allow it, so presumably at least one such system exists 20:46:51 C is such a beautiful language 20:48:00 and stood the test of time too 20:48:05 https://c-faq.com/null/machexamp.html 20:48:05 Title: Question 5.17 20:49:05 nimaje: oh please, poorly written C code on PRIME? PRIME went out of business before ANSI C even existed 20:49:18 i mean, useful example, but that faq is bit over judgemental :-) 21:18:31 https://thephd.dev/c23-is-coming-here-is-what-is-on-the-menu#n3042---introduce-the-nullptr-constant 21:18:32 Title: C23 is Finished: Here is What is on the Menu | The Pasture 21:19:07 Thankfully all of those old really weird systems are so rare now that if one simply powers on to the system loader prompt then we count that as good and move on. 21:38:21 hi. Is it possible to get a dynamic IP when bpf disabled? (custom kernel) dhclient tool require bpf in kernel to get an IP from DHCP server. 21:42:31 I installed dhcpcd as alternative to test it. But it failed to get an IP from DHCP server too. 21:43:10 pretty sure it should be possible to implement DHCP without requiring bpf, no idea why dhclient hard requires it 21:43:24 https://forums.freebsd.org/threads/why-does-dhclient-require-bpf.87308/ 21:43:26 Title: Why does dhclient require bpf? | The FreeBSD Forums 21:43:57 have a look at. thx 21:45:24 https://man.freebsd.org/cgi/man.cgi?query=dhclient&apropos=0&sektion=0&manpath=FreeBSD+14.0-RELEASE+and+Ports&arch=default&format=html#end says "You must have the Berkeley Packet Filter (BPF) configured in your ker- nel. The dhclient utility requires at least one /dev/bpf* device for each broadcast network interface that is attached to your system. 21:45:25 Title: dhclient 21:45:50 dhcpcd also require bpf. So i think all tools for get dynamic IP adress from DHCP server require bpf in FreeBSD. is it true? 21:46:29 Probably more generally all tools that require general raw network socket access need bpf. I think. 21:53:15 it's not necessarily about raw socket access but about needing to sniff out packets that aren't really directed that precisely 21:59:09 So trying to port busybox-udhcpc to freebsd to work around bpf dependency. hoping it works. 22:09:09 fatal: detected dubious ownership in repository at '/usr/src' 22:09:10 uhh 22:10:49 what is producing this output ? 22:11:08 git status 22:11:26 i can add an exception but what the heck, how did that even happen 22:11:39 'dubious' means it's not the same user 22:11:44 oh yes 22:11:52 we don't have enough information to know that this is unreasonable 22:12:12 ah 22:12:12 that's the default behavior if you run that as a user 22:12:29 if you're root and the repo is owned by a user it'll produce the same message 22:12:32 it doesn't discriminate 22:12:33 i am still "cleaning" up some chown command (not sure how) that messed up things 22:12:52 yeah i was not getting at root but i do not want to be editing the /usr/src stuff as root 22:15:53 hm, "#include " I guess zagorkarabela is out of luck with that busybox one 22:16:49 instead of editing /usr/src clone the src repo inside your ~ 22:21:03 I'm curious 22:21:03 how do you push back to /usr/src ? 22:21:43 I mean, one could run (git push) as root 22:22:20 but that would produce the same warning/error 22:46:32 babz: what… are you trying to accomplish? 22:46:53 nothing 23:10:53 What I wanted to know was: how do you folks keep a dev environment in sync with the actual base system ? 23:40:21 babz: PkgBase. 23:52:47 I should really take a look at this...