I guess I don't care about tcsh but I think we should not be changing csh, which I know are the same binary these days, but implement different interfaces. And adding functions seems particularly undesirable. Because it might cause someone to think that they should use them in a tcsh script. When in reality they should never be writing (t)csh scripts at all!

anyone here ever got an old macpro 6,1 running FreeBSD? Just tried current and it gets stuck on the pciE/nvme device I think. system will boot okay into nixos/linux okay.

is there a freebsd equivalent to wipefs? i.e., overwrite all file system and geli signatures on a device?

markmcb: security/wipe or bcwipe; i haven't used either

rwp: I find myself unreasonably annoyed that bash doesn't disable bash-isms when invoked as sh

aquamo4k: during install or some other time?

rtprio: during install

perhaps try booting in verbose mode and see if you get any more info

kevans, In theory bash changes the supported syntax to support POSIX sh but there is nothing that actually checks for that and they do not disable extensions. They don't want to do that in the Postel form of accept more than they need.

yep, I did that; i toggled verbose and safe mode and it still gets into an infinite loop printing out: "pcib8: Power Fault Detected" ; I don't see this error on Linux, MacOS or even Illumos/SmartOS. But the Illmos/SmartOs get hung at the same device (they just don't spew the Power Fault detected msgs)

I might try removing the pcie nvme completely and try some external usb or thunderbolt storage and see if that gets me further

good idea

markmcb, Drives today are quite different from the drives that people think need a secure wipe. Mostly just one overwrite to actually remove the data is the best you can do. I would dd /dev/random over the device. Most drives have a firmware feature to do a smart erase that avoids the need to actually write 20TB of data over them that I would use if it is available to use.

markmcb, Oh! My bad. I read now and understand that you just want to remove the file system signatures. Which is quite different. Sorry. My bad. Last time I needed to do that I booted a live-boot linux image and did use wipefs myself too.

usually dd'ing /dev/zero over the first dozen sectors will suffice

rwp: yes

that is my complaint

Understood. But realistically it won't ever happy. Because they don't have the same vision. :-(

rtprio: thanks, that was my fallback assumption

I can only complain with you in solidarity.

This is weird! On freebsd, a user that is a member of group operator can create and delete partitions using gpart, yet operator has no write access to the devices.

crw-r----- 1 root operator 0x5b Nov 16 11:50 ada1

crw-r----- 1 root operator 0x78 Feb 16 18:44 ada1p1

crw-r----- 1 root operator 0x7b Feb 16 18:44 ada1p2

crw-r----- 1 root operator 0x77 Feb 16 18:44 ada1p3

crw-r----- 1 root operator 0x82 Feb 16 18:44 ada1p4

crw-r----- 1 root operator 0x87 Feb 16 18:44 ada1p5

crw-r----- 1 root operator 0x8b Feb 16 18:44 ada1p6

And gpart has no special permissions such as suid.

-r-xr-xr-x 1 root wheel 34480 May 12 2022 /sbin/gpart

How can that be?

I didn't mean to paste that much at once. It selected the wrong clipboard.

vstemen, That does seem incorrect by permissions. I have never tried that combination myself. But I will agree with you that it seems incorrect at first look.

disk/part permissions wouldn't be checked there at all anyways, we don't get that fine-grained for gpart operations

I just changed the group on the devices to a different group that I am a member of and was still able to edit the partition table. So it is not related only to group operator.

the only thing that affects where you can do gpart operations is permissions on /dev/geom.ctl

To test, I just removed all group permissions. Yet I was still able to edit thepartition table by being a member of the group.

crw------- 1 root operator 0x5b Nov 16 11:50 ada1

crw-r----- 1 root operator 0xa Nov 16 11:50 geom.ctl

kevans, are you talking about the file perms on geom.ctl? because it also has no write access.

normal file perms I mean

write does not matter, just read

not sure what to tell you, revoking the group's read access to disallow works fine here

I still don't understand. Why would read permission give me full write ability to the device for one, and also, as I mentioned, I removed even read permissions for the group and still can edit the partition table.

thn maybe you shouldn't be in th operator group

I tried a completely different group and had the same result. I have never seen a case where belonging to a group gives you full read/write access even when no permissions are granted to the group.

maybe you've found a bug

it doesn't repro on current at least... seems like an odd thing to go wrong

rtprio, It's beginning to look that way, but I have never seen such a blatant security bug in freebsd. I figured I must be overlooking some kind of permission control that I don't know about.

This is on 13.1-RELEASE

ok, let me verify; you're in the operator group, but things in /dev/ in the operator group that are 644 or 640 are still writable by you?

is that right?

Yes, even when the mode on all the devices is 600.

i mean, operator is special and privliged like wheel

why are you in operator in the first place?

vstemen: bsd.to/AJBb/raw

Title: AJBb

rtprio, For other sysadmain tasks. However, As I mentioned, I tried changing the device files to another unprivilages group that I am a membe of and got the same result.

elliot@freebsd-test:/dev$ echo blah > vtbd0p2

-bash: vtbd0p2: Permission denied

are you saying that's not what you're getting

I think there's a fundamental misunderstanding of what permissions map to which action here

the disk/partition device permissions are only for direct operations on them

gpart only uses its own ctl node

rtprio, I cannot delete the device files using rm. But I can use gpart and delete and recreate the partition table.

that sounds like something inside the operators' perview

kevans, So, are you saying that, by just being a member of the group, even with mode 600 on the device files, that it is normal for me to wipe the partition table with gpart?

there's only one device that matters with gpart, and that one does not work at 0600.

kevans, I'm not sure I understand your statement. I set all the devices, ada1,and all it's partitions, to mode 600, and as long as I belong to the group, no mater what group it is, not just operator, I can wipe out the partition table using gpart. Am I understanding correctly that it is the common consesus that that is normal?

yes, because gpart doesn't care about those at all

gpart assumes that if you've been granted its control node that you get full control

jkevans, So you get granted it's control mode by just being a member of the same group? Or is there some other control, such as a sysctl or something?

kevens

like I said above, /dev/geom.ctl

the 'r' bit is honored on that, guaranteed

kevans, Ok. Looks like you are right. I didn't understand what you were indicating to do with geom.ctl earlier. However, I just now removed group read permission from geom.ctl and that did indeed revoke my permission to modify the partition table. So that is progress. Thanks. However, it still seems weird that having the read bit set on it gives me full write access to all the disk devices via gpart. I have never seen this before in a Unix like

environment.

Weird, that extra line break before 'environment' is not in my past buffer.

Hmm.. There is no mention of geom.ctl device in the geom or gpart man page and in initial search I have not found anything that mentions this feature online yet. Maybe this is why even the AI's did know this when I asked.

i would not trust an AI for any portion of BSD administration

It has been pretty useful for me so far. Just like humans, it sometimes makes mistakes. :-)

humans usually say "i dont know", gpt is trying to continue with wrong information

its ok to see basics in most of topics, but for now its not good in infrastructure declarative things

In my experience, I get wrong information from just as many humans rather than 'I don't know' answers' :-). The irony is, the AI's have only JUST BEGUN :-) This is the tip of the iceburg.

Just out of curiosity, does anybody know where this "feature" about the geom.ctl device permissions is documented?

the AI is not AI yet, cause it learns only on things humans created and cannot go out of the sandbox

we should allow it to create and learn on its creation

we can't really explain with words why we want what we want, so it generates "anything" rated good in some db

its like "i'm feeling lucky" in google

ask it to create terraform resource for azure linux vm with several users and the same ssh public key, it will generate you different approaches all the day long

Everything you just said, I can say also about most humans :-)

arino, How many humans can you ask that and get it correct?

I'm on hardenedbsd but the question is probably applicable to FreeBSD as well. The 'fcgiwrap' package installs a binary of the same name to /usr/local/sbin/, and the sbin directory has no permissions set for 'other'. That means I can't execute the fcgiwrap binary as say - the www user, since they fall into 'other'. Is it suppose to be this way? Seems odd.

Fixed it this way: gnosek/fcgiwrap #59#issuecomment-1949677649.

Title: fcgiwrap doesn't start as service on FreeBSD 13 · Issue #59 · gnosek/fcgiwrap · GitHub

59 – Attempting to open a multicast TCP connection loses. bugs.freebsd.org/bugzilla/show_bug.cgi?id=59

Hello , I use lspci in linux , for freebsd what command is ?

same same

dwho: Does pciconf do what you need?

vkarlsen: yes , it's exactely want, thanks

dwho: you might want to look up the unix rosetta stone.

Thanks debdrup

vstemen: i usually prefer documentation from developer, github repos and then reading the code with AI helper, i don't like to test random things thoughtless

vstemen: the developers are those humans i prefer to ask about something using their communication channels

my questings often too complex to ask gpt cause it needs to text so much context without any hope it would understand it right

but i agree its useful to start basics for something

like google+wiki+docs

+stackoverflow

try to solve TX transmission error on rw880 on freebsd 14 with any AI, i think its useless in most cases upper intermediate

i use it, its not so bad and i am not agaist it, but i prefer to get verified information if its possible, and i don't need "man" in the middle between me and developer's docs until its really necessary for me, avoiding that i develop myself cause i still has my own intellect which like a muscle

dwho: no worries

arino: Have you seen arxiv.org/abs/2211.03622 ?

Title: [2211.03622] Do Users Write More Insecure Code with AI Assistants?

All other things being equal, that alone is reason enough to avoid SALAMI code.

debdrup: thanks

I've wondered if you could train an AI on code specfically. is that what the paper is about?

Reading the paper explains the paper.

VimDiesel: Yes.

Hello , for beginner who want to update freebsd , it's recommended use freebsd-update or other ?

lw

dwho: yes, absolutely.

debdrup: Thanks, I look other method and it isn't easy.

48

debdrup, +1 on your AsciiDoc comment (yubikey)

(I am not the author)

Hello , I search dig or nslookup and I search with pkg , all is not found.

dwho try dns/bind-tools port

jbo: hey. yes, i use jellyfin. i didn't get around to looking at wine. sorry

drill is a drop-in replacement for dig, made by the same people who make nsd and unbound

lw, dude, you don't have to apologize - it doesn't matter to me - whenever works for you :)

well you keep telling me off :-P

Text media are notoriously poor at conveying tone.

That's why you should assume good intentions.

vstemen: In order to issue ioctl requests, it's not necessary to open geom.ctl RW. Only read access is required. Sometimes, a driver might require RW (and indeed a lot of example code opens RW) but this is not the case here.

(it's not even FreeBSD specific; examples exist in Linux as well)

lw, ping (C++ question)

icmp echo response

assume struct foo { std::span<const uint8_t> payload() const; };

I need to pass that to a low-level winapi function which accepts { BYTE size, BYTE* data }

the proper way of doing this is std::memcpy(), right?

eg: const auto& p = foo.payload(); std::memcpy(dst.data, p.data(), p.size()); ?

jbo: yes, you can memcpy() a span since it's required to be a trivially copyable type. you could also just pass a pointer to the raw span, but this may be an aliasing violation depending on what BYTE is. better to memcpy, the compiler can optimitise it away if it's not necessary

lw, ack, thanks

oh hang on, you're passing the data inside the span, not the span itself

lw, I'm also correct to assume that I should get foo.payload() first, then use that in std::memcpy() rather than calling foo.payload().data() and foo.payload().size() in the memcpy call due to "atomicity"?

yes

well, still, that's fine. but perhaps consider using data(payload) and size(payload) for readability

I need to copy to a C API

wut?

wtf is data(payload)?

oh, std::data

I had no idea.

Title: std::data - cppreference.com

yeah

I like that - much better

jbo: no you don't need to take a reference to payload() first, this has no effect on atomicity, especially if you take a reference

lw, yeah I dropped the ref in the meantime

std::span is generally not atomic, so if you need to copy it in an MT context, you need to handle that yourself with a mutex

alright, that makes sense

thanks for showing me std::data/std::size. didn't know about those - love it.

jbo: i notice your C API doesn't have 'const', so you'll porbbaly need to use const_cast... good to check that the API doesn't actually modify the data

also if you're storing byte-oriented data in a span, may i suggest std::span<std::byte>?

I was looking at std::byte for that purpose. and was not sure whether I want to bother with that.

std::byte has the property that you can reinterpret_cast between it and other objects in the same way you can with char, which is not true of most ypes in C++

s/ypes/types

so I can still memcpy std::span<std::byte> to BYTE* ?

that may or may not matter to you, but i tend to like std::byte anyway since it avoids accidental conversion to integrals (it's an enum type)

jbo: yes

lw, I used std::byte in another project a few months ago and I ran into hell. However, there I used it to wrap a file API. i.e. I had a low-level API to read/write files which operated on std::span<std::byte> and std::vector<std::byte>. But part of the API was to read text files (i.e. std::string) and that conversion was fuckly.

yeah, that can be awkward, but at least it forces you to acknowledge that std::string has no encoding support... (in 2024... what is up with this)

std::u8string :>

encoding is just a bitch.

std::u8string is a lie, it's just a basic_string<char8_t>, it has no understanding of encoding

i hate that they introduced this type in such a broken way

well, it's semantics

and helps with API crappery

(maybe)

like, try substr() on a std::u8string containing combining characters... it will not work

oh, really?

that makes it pointless

really

yes, it does

std::u8string is not a unicode string, it's a string of bytes whose type is char8_t, which is a subtle but extremely important distinction

ah, I thought they defined it with the idea that lib implementations have to provide the unicode support for the various string ops

we're supposed to get std::text (or something) at some point which handles Unicode properly, but i have no idea what the status of that is

hrm

lw, >

You could use the std library to convert the utf8 string into a wstring. And then use the normal .substr() approach:

lol

yeah, except good luck doing that on Windows where wchat_t is 16-bit and still needs multibyte characters

(that was a quote I wanted to share, sorry)

even std::u32string doesn't handle combining characters in the case of characters that can only be combined

hmpf

lw, I have some other low-level API that I will have to interface which uses uint8_t* for payload data. when I change my library to use std::byte, can I convert to/from std::uint8_t painlessly (without copying crap) ?

hello. is this the right channel to get help with wifi on freebsd?

Tikosh, it's certainly not the wrong channel :)

jbo: std::uint8_t *myints; auto *mybytes = reinterpret_cast<std::byte>(myints); // pretty sure this is allowed since std::byte can alias any type

s/std::byte/std::byte */

oh thank goodness! i get an error saying iwlwifi0: scan failed! ret -5

i just installed freebsd on my laptop and cannot seem to get the iwlwifi driver to work

lw, and then there was this....

error: cannot initialize an array element of type 'std::byte' with an rvalue of type 'int'

12 | std::array<std::byte, 4> data{ 0x11, 0x22, 0x33, 0x44 };

q__q

now all my test cases need to have std::byte{}

_EVERYWHERE_

yeah, there's no good answer to that, std::byte is as enum type so the only way to initialise it is std::byte(N)

i suppose you could define your own byte literal, i don't think std has one

lw, I never defined a custom literal - that sounds interesting

it's handy in situation like this (although i really think std should provide one here)

lw, reading cppref right now to figure out how to do that

with consteval functions you could probably even do something like auto array = "\x11\x22\x33\x44"_bytearrow; although i'm too drunk to think about how to implement that right now

also for some backstory. im a gentoo user and just installed bsd with ports enabled on my thing. the problem is the internet or iwlwifi does not work

s/bytearrow/bytearray

:D

enjoy mate o/

my thing meaning laptop.

thanks for the help!

Tikosh, is your card supported by iwlwifi?

it did work when i went into the installation media

oh, so you already had connection once with your hardware + iwlwifi?

yes

alright

so iwlwifi is under flux. bz@ is working on it. I would recommend mailing the wireless mailing list (wireless⊙Fo)

alright

check bugzilla for open bugs matching your hardware

if you're new to freebsd, note that to use a wireless interface, you have to explicitly create a slave interface off the main interface, which is confusing if you're not expecting it

Tikosh, if it helps: on my laptop I sometimes initially get the connection and after a few seconds it drops out. then I have to reboot and it's solid (intel AX210 (or was it AX201))

lw okay

jbo let me see if it works

is there any documentation of ioctls? in particular the inputs and outputs to the data part

paulf, man.freebsd.org/cgi/man.cgi?query=i…ktion=2&apropos=0&manpath=Red+Hat+9

Title: ioctl_list(2)

hmm, taht defaulted to RedHat 9 :s

ok thanks that's a good start but I still need to look at every structure and perhaps the kernel code to see what is read and what is written

and check that FreeBSD is the same

lw, ping (C++)

x

lw, if I have an std::span<> and it's dynamic extent, does std::copy(std::begin(dst), std::end(dst), std::cbegin(my_span)); still perform as expected (i.e. only copy as many elements as std::span::size() reports)?

jbo: yes. but try this, it looks nicer: std::ranges::copy(dst, std::cbegin(my_span))

span is a container, so size() is its size, std::copy (or any other algorithm) has no idea what data might exist past the beginning or the end

lw, you're right, I should really start using ranges... back in 2020 I really wanted to but compiler support was impractical

i still find it odd we don't have an algorithm that copies between two containers, using an output iterator as output argument in copy() raises some security concerns

i mean, you could implement it yourself fairly easily, but...

lw, is it possible that you got dst and myspan swapped in your std::ranges::copy() example above?

jbo: i used the same order as your example... but it does seem odd you used std::cbegin(my_span) as the destination?

yeah I just noticed a bug in my code :>

topcat001, OK. Thanks. It seems like a bizarre design choice to me. It is very counter intuitive to see devices that have no write access and even no read access, yet be able to do something as critical as delete the entire partition table by just belonging to the group. Even if I don't agree with it, at least I know the reason now and that it is by design.

lw, span and I are not as much friends as I would like it to be yet...

lw, error: no viable conversion from 'std::vector<std::uint8_t>' (aka 'vector<unsigned char>') to 'std::span<std::uint8_t>' (aka 'span<unsigned char>')

lw, how tf can it not create span<type> from vector<type> ?

jbo: what are you trying to do? you may need an explicit ctor call, like f(std::span(my_vec))

lw, I have a foo(uint32_t, std::span<uint8_t>) and I call it like: foo(0x0001, std::vector<std::uint8_t>{ 0xAA });

lw, if I declare the vector outside of the foo() call and pass it in it works ._.

without looking it up, i would guess you can't create a span from an rvalue reference, probably deliberately

lw, interesting - why is that?

it would make it too easy to end up with a dangling reference

/ 19

that's just a guess though

lw, you know what I really LOVE about C++ (and I am not being sarcastic)?

I have been writing C++ for almost 15 years now and I still feel like I know absolutely nothing about it

and I really mean it - I'm not sarcastic about it.

there is just no mastering it.

I adore that.

you can talk to random guy on IRC and still learn the most fundamental stuff

I remember about two years ago I _LEARNED_ that lambdas create an individual type for each lambda, meaning that you cannot have: template<typename F> void foo(F f1, F f2, F f3); and pass in three lambdas _OF_THE_SAME_SIGNATURE_

I felt like an idiot when somebody told me that.

what might be the problem if `curl` on https doesn't work, saying "curl: (35) OpenSSL/3.0.12: error:16000069:STORE routines::unregistered scheme

the web says it must be an error from OpenSSL (obviously), something with CAs maybe? but even google.com won't work, so it's probably not an issue with "self-signed"

Title: Google

albertus, I cross-check the behavior of curl against wget against fetch and since those are three independent implementations they almost always provide independent confirmation of problems and different error messages.

IIRC scheme refers to the protocol (https in that case).

I would also open the URL in a web browser and see what it reports as yet another alternate cross-check.

Lastly if it is a web site then I would use the ssllabs.com/ssltest tool to diagnose site certificate problems. It's the gold standard testing site.

Title: SSL Server Test (Powered by Qualys SSL Labs)

Also I would try the URL from a different system. For me whichever I am using desktop/laptop(s) I would use the opposite ones as alternatives.

jbo, I have pretty much stopped using C++ entirely due to the same reasons you listed that you liked about it. It's not cohesively thought out. It's an endless collection of random features which sometimes conflict with each other. :-(

rwp, I wouldn't call them random nor "conflicting with each other". From what I can tell, the standard pays a lot of attention to prevent exactly that.

I highly recommend reading The Design and Evolution of C++ by Stroustrup. It's excellently written. It grabs you by the nose and leads you through the design decisions that occurred leading to the language as it was up until the book was written.

And then you will understand why the language has ambiguity of parsing problems and other issues. And can imagine how the language progressed from the date of publishing of that book until the current feature set C++ has today.

that is one of the books I have not read yet :)

It's an excellently written book. I highly recommend it.

thank you for the recommendation - I appreciate it!

I wrote a lot of C++ code previously. But that was before the current feature set, which obviously I do not like. C++ really identifies many languages based upon the date of the language one is trying to identify.

Title: Stroustrup: The Design and Evolution of C++

the interesting thing is that I only like C++ since the current/recent feature set .__.

Right. That book won't help you program in the current day version of C++. Don't think it will help you with questions of syntax like the templatized three lambdas foo function you posted. That's not what that book is about. That book is about the development of the *concepts* behind C++.

that sounds very much like something I'm interested in.

so thanks - I appreciate it :)

In order to make any headway in the current C++ you will need a large bookshelf that includes many tomes of wisdom from many authors that are all talking about various parts of the language. And you will need to know ALL of them.

You also need to know C pretty well. And while debugging you will eventually need to learn ASM. And you will need to be pretty up on your OS'es workings too.

my "career" was ASM -> C -> C++

the thing I find interesting whenever I debug C++ on the ASM level is that the ASM I truly learned/studied was for then-embedded-systems. I never truly learned x64 ASM which is more often than not a bit of a mood point

I learned various languages before C. Loved C. Then went to C++ of the form that now would best be described as outdated now. Then became disenchanted with it. Am now back to C for most things I do as a practical matter. I explore new languages such as Go-lang, Rust, others.

The idea that it takes at least a decade to master C++ has been around for ions.

I pretty much describe C++ as a language that makes easy thing easier and hard things harder. But of course the easy things were already easy. And the hard things we did not want to make harder.

what worries me is that $LargeCorps are paying me money to teach them C++ and I still seem to know barely anything after 15 years :D

and at the same time it's what keeps me to absolutely love C++. there is no end to it.

jbo, Look at it this way. You know that no one you will be teaching will be able to know more about it than you. Given the language and all. It's impossible to master.

rwp, but is that a bad thing? I don't think so.

this might be a sad thing to say but there are few things that give me as much joy as C++ in my life - and my girlfriend is fully aware of that.

xD

I don't think non-technical people truly get that.

jbo, I would say it is a bad thing. Because historically a lot of subtle bugs have been because of lack of understanding of the whole system. And if a language makes this understanding not just difficult but actually impossible then it inevitably leads to bugs. And some bugs are security vulnerabilities.

I am also trying to avoid imagining how one says to their gf, "Honey, I love you, but you are only number two in bringing joy to my life." :-) (hahaha)

rwp, are you of the opinion that "modern" languages like Go, python and rust address these issues in a way that results in more advantages than added-disadvantages? I you give an unwilling idiot a tool, you end up with a disastrous situation - no matter what tool it was. It might very well be a hammer or a spoon.

I think that software has not exactly become better over the past 20 years.

accessibility != quality.

Software has many advances! Modern software has been able to completely consume all increases in speed and performance acquired from the hardware in the same time.

really? opening 8 tabs in chromium consumes orders of magnitudes more memory than it did 10 or 20 years ago

(rwp, just to be clear, I am truly enjoying this discussion, I am not trying to be a pain in the ass)

Right. That was sarcasm. Modern hardware has 2 orders of magnitude more memory. Modern software consumes 3 orders more of it. Net effect is negative.