00:00:06 rennj: features like OpenBSM auditing which is in FreeBSD? 00:00:48 not in the 1990's? 00:01:29 walnut creek cdrom came with fbsd/linux and sunsite.edu and maybe drivers supported your 386sx/dx or pentium. 00:02:08 im talking $10K per workstation sparc5 had 24bit graphics, sound, scsi drive..ran WABI also...wine came from wabi... 00:02:20 win3.11 on sparc 00:02:26 like wine on linux 00:02:34 same people...WABI window ABI 00:03:09 the auditing on solaris and hp-ux was for DoD foobar 00:03:21 DISA STIG 00:07:14 opensauce/freesoftware came into it own in 2000's...the 1990's was joke compared to hp,sun,ibm,sgi,dec 00:07:45 xfs,lvm give away...ibm dumped 1billion into linux to fight m$ 00:07:58 now they own REL 00:17:05 almost like that was the plan all along 01:26:52 plan9, bell labs/lucent fucked up that.. 01:27:16 plan9/inferno sad... 01:37:12 help 01:39:59 Hi 01:46:21 who was the other person here that owns a banana pi? 02:05:40 I am on 14.0-RELEASE-p6, as far as I can tell, the ungoogled-chromium package should be there, as well as chromium right? I ask because when I do a "pkg search chromium", I only get the chromium-bsu package displayed. 02:06:28 Oh, it's not in latest, only in quarterly! Why the flip? 02:29:37 If iio7 comes back, http://beefy12.nyi.freebsd.org/build.html?mastername=140amd64-default&build=aeab170c7654 indicates that both chromium and ungoogled-chromium ran out of time on latest. 02:39:13 rwp: did u get your banana pi running? 02:59:28 is there some command to run for setting up compilers etc 02:59:38 like apt-get install build-essential 03:02:38 libtool: warning: remember to run 'libtool --finish /usr/local/lib' 03:21:40 env: /usr/local/bin/perl5.36.1: No such file or directory 03:22:18 i only can find 5.36.3_1 in pkg search perl 03:37:02 sometimes jails not stopping is frustrating 03:44:29 voy4g3r2: Likely some process or resource hung up inside it. Debugging that would probably help. 04:37:41 nomia, Banana Pi? I have a couple running but they are running, ahem, Devuan. Using one for a hostapd software WiFi Access Point. 04:39:13 I used to have the house WiFi running on an Intel Atom box for years and years but then the box up and failed completely on me. I also got hooked to a fiber connection. So in the disruption I changed my access point out for a Banana Pi instead. I wish I could say it is running great but honestly I think my USB WiFi adaptor, an alfa, is freaking out every so often and needs to be power cycled. 05:12:44 rwp: i couldn't get devuan to run on mine 05:13:08 how did u do it? 05:15:29 hello 05:15:53 how can i rollback my graphics driver so i'm not affected by this bug? https://forums.freebsd.org/threads/intermittant-bug-in-14-0-release-dri-crocus-driver.91824/page-2 05:15:54 Title: Intermittant bug in 14.0-RELEASE DRI/crocus driver? | Page 2 | The FreeBSD Forums 05:16:22 the developer is being an asshole and saying it works on my machine because he doesn't use X11 and uses wayland and never switches Vts 05:16:35 and refusing to fix or rollback a bug they introduced 05:17:19 I can't just "Switch to wayland" because none of my software works with that nor do I want to run alpha quality redhat software. That's the whole reason I got away from Linux is having that stuff forced down my throat 05:17:32 and even if I did, I still need VTs 05:18:19 Well that is totally annoying. 05:18:51 I think their saying the bug was introduced in version 22 of xf86-video-amdgpu, but it actually effects all non-proprietary video drives including i915kms 05:18:57 crochet is broken or out of date 05:18:59 thankyou for understanding rwp 05:19:28 nomia, can you elaborate? 05:19:49 env: /usr/local/bin/perl5.36.1: No such file or directory 05:20:03 i get that error when building 05:20:16 that is the wrong version 05:20:41 only perl 5.36.3_1 is in pkg search perl 05:20:58 your not talking about the gpu issue are you? 05:21:03 also idk why libtool gives warnings 05:21:20 no sfox sorry 05:21:25 oh 05:21:26 sfox, You said rollback and graphics driver, is this a binary pkg install? 05:21:30 yes 05:21:45 So I don't clean out /var/cache/pkg/ really ever at all so that if I need to I can return to a previous package. Look through there and see if you have your previous package still available. 05:22:01 this is a relatively new install 05:22:11 Was it ever working? 05:22:13 and this issue has been going on since 2022 at least 05:22:57 i don't know which version of i915 i'd need to rollback to or if it's an issue with a 'FreeBSD vty rewrite' 05:23:04 Do you possibly have a snapshot that includes a working configuration and then you could return to that previous snapshot? 05:26:24 I do not. 05:41:17 % xdriinfo 05:41:18 failed to authenticate magic 1 05:41:18 failed to load driver: crocus 05:41:18 Screen 0: swrast 05:41:35 i think this can be used to tell wether the bug is in effect or not 05:41:47 what was that freebsd graphics support chat? 05:59:12 i'm confused does this mean i need to compile libmesa with i915g instead of i915c? https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269006 05:59:14 Title: 269006 – graphics/mesa-dri enable i915(i915g) 06:18:53 i think i found it 06:18:54 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267915 06:18:57 Title: 267915 – x11-wm/mutter: after graphics/mesa-* 21.3.8 -> 22.2.3 update OpenGL compositing fails on Intel Iris Pro 06:20:38 it says Downgrading to drm-54-kmod can fix the problem. 06:20:53 54 is really old, is it even compatible with freebsd 14? 06:21:15 currently only 510 and 515 are available from packages 06:46:21 does freebsd have cpu metigations that can be disabled for a performance boost? 06:50:54 sfox: you can search the pretty cool manual on that by typing "apropos mitigations" :) 06:51:17 oh thanks 06:51:58 how come when I search for what sysctls do with arpopos nothing comes up? 06:52:06 % apropos hw.acpi.lid_switch_state 06:52:07 apropos: nothing appropriate 06:52:10 am I using it wrong? 06:54:14 yes, try apropos Va=hw.acpi.lid_switch_state 06:57:47 this is an incredibly good man page 06:58:02 this is so much better then having to grep through linux's source tree 06:58:34 concussious, thank you. What does the Va= part mean? 06:58:48 oh nvm 06:59:04 i see it in apropos's man page. I wasn't aware of that functionality 06:59:50 it doesn't work with everything, but sysctls are required to use Va in freebsd manuals for this purpose. 07:01:28 is there a way to fix that sysctl so that it actually suspends when I close my laptop instead of when i open it? 07:28:51 I saw that openbsd is adding a tuneable to turn off Nagle's algorithm (essentially setting TCP_NODELAY on all tcp sockets) and went looking to see if freebsd had such a thing and I could only find tcp.delayed_ack which does not disable nagle's, but does disable delayed acks which does not work great together with nagle's (which I think is the same as setting TCP_QUICKACK more or less) so my question is if I have missed anything and if it is something that FreeBSD 07:28:51 maybe should have as well? 07:50:30 is it normal for most of the software in freebsd to be several years out of date of upstream and tons of bugs open in the bugtracker? 07:51:19 or for someware packaged to come so broken that a network daemon can't even accept incoming connections? 07:51:43 I don't think these are super niche softwares eithers 07:53:48 there now seems to be duplicates of the same package under different names 07:54:02 murmur and mumble-server? 07:54:05 what's the difference? 07:54:08 tldr: yes. long answer: there are so many different computer usage models 07:54:57 further, you can switch quarterly to latest and for my usage model, freebsd is up-to-date faster than other things ive used 08:22:13 i've already done that 08:22:37 the problem is that the software in the ports tree despite having maintainers doesn't look like it's actually being maintained 08:22:53 something especially weird is going on with murmurd/mumble-server 08:23:09 two ports of the same software by the same maintainer 08:23:29 programs like gajim looked abanonded 08:24:13 then there's this https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274504 08:24:15 Title: 274504 – mail/opensmtpd tls fails with FreeBSD 14.0-RC1 08:24:28 eported: 2023-10-15 20:22 UTC b 08:24:47 it's like, there you go just update to the latest source version 08:25:00 here's a patch to do it one way, here's another patch to do it differently 08:25:03 *crickets* 08:26:36 I don't know. 08:26:59 I want FreeBSD to work I really do, but it seems like i'm just having so many issues with it I would have on any other OS. 08:28:20 It's really discouraging when you see an issue that's a known issue for 2+ years with a bug tracked and everything but won't get fixed because 'just install wayland LOL' or already HAS several patches just waiting to be upstreamed but just sits there in silence 08:31:10 sfox the answer to the mumble mystery is answered in the commit messages https://www.freshports.org/audio/mumble-server/ 08:31:11 Title: FreshPorts -- audio/mumble-server: Server component of Mumble 08:31:33 Seems that in janurary upstream renamed murmur to mumble-server 08:32:23 So murmur should probably be deprecated at some point. 08:49:34 oh wel lthankyou 09:01:29 how do I do a lockscreen with xdm? 09:01:55 I normally use slimlock with slim but a freebsd dev said slim isn't maintained anymore and I should switch to xdm 09:02:04 Smack it with a hammer. 09:02:40 Serious answer: dunno. I just use Suckless slock, because it just works. 09:13:08 remiliascarlet, i tried that and now the battery won't stay in reliably anymore 09:13:13 jk 09:29:09 i seemed to settle on metalock. based in slock remiliascarlet but less primitive and with background support 09:29:19 looking through ports I found this crazy thing https://www.freshports.org/x11/hyprlock/ 09:29:20 Title: FreshPorts -- x11/hyprlock: Hyprland's GPU-accelerated screen locking utility 09:29:23 talk about overkill 09:41:39 i'm thinking about moving poudriere to a jail 09:41:53 that does look a bit overkill 09:50:42 wow 09:50:51 i guess mumble did get updated in freebsd 09:50:55 this works so much better now 10:19:57 hi all 10:25:05 jauntyd, poudriere works fine in a jail 10:25:14 but it needs jails to work 10:53:52 sfox: "'just install wayland LOL'" Just imagine recommending something that doesn't even work. 10:56:17 Also, why the fuck would you need GPU acceleration in a screen locking utility? 10:57:44 You're a screenlocker, not a video game! 10:59:28 it's to render a static image with fonts to the screen 11:49:20 mason: that was it.. process taht was not "dying" in jail not allowing it to stop 14:37:57 gpioctl question. I have a DS18B20 connected I'm pretty sure correctly to my raspberry pi, I've added "dtoverlay=w1-gpio" to config.txt. The sensor is on pin 7. How do I access its value? 14:41:01 Incidentally, `sysctl dev.ow` says "sysctl: unknown oid 'dev.ow'" 14:42:20 And `ow.ko` and `ow_temp.ko` are kldloaded. 14:43:13 Do I need to do something in gpioctl to activate the 1wire bus? 16:06:37 does https://www.freebsd.org/releases/13.2R/signatures/ have a copy somewhere else that isn't cloudflare? cloudflare is currently not letting me access that page 16:06:38 Title: FreeBSD 13.2 Release Checksum Signatures | The FreeBSD Project 16:34:40 xx: are you gaetting an error? 16:35:09 Hello, I am seeing bsd.to timeout. It's a cloudflare page that I'm seeing 16:35:28 (I just got here so I'm not sure if someone has already brought it up) 16:35:59 maybe it's not just me then, cloudflare seems to be having issues 16:36:35 i am able to get to the above page xx 16:36:37 try again 16:36:38 xx: you're experiencing the same? 16:36:44 and i am also able to download an iso file troo 16:37:08 This might help (cf status page): https://www.cloudflarestatus.com/ 16:37:09 Title: Cloudflare Status 16:38:04 oh, cloudflare is saying that it's the host's error. As in it's bsd.to 16:59:37 Cloudflare is full of shit. 17:02:28 i know that cloudflare can hiddenly block clients 17:02:38 so you keep fucking wondering 17:02:42 wtf 17:02:52 or should i saw waf 17:13:46 few elements didn't load on this site and some elements didn't load on that site and then some transaction didn't go through on some e-shop thay processes payments with xyz... the conclusion was that all those used cloudflare, that cloudflare tracked my browser throughout several uplinks and noone else had any issues despite coming from same ranges 17:21:15 My $40, half TB USB stick with 400 MB/s reads just arrived. 17:25:18 it's fun to think that this didn't exist 20y ago 17:25:40 Hi! I have a FreeBSD machine with some jails and bhyve vms. However, I really need to redirect an IP like this: a connection arrive at the external IP XXX.XXX.XXX.XXX and port YYYY. I need to forward it to the IP ZZZ.ZZZ.ZZZ.ZZZ port YYYY. Something like creating a wire between the two IPs. I could do this using Linux but pf does not allow this kind of routing. 17:25:54 is there anything I can do? Should I spin a Linux VM just to make this routing? 17:27:02 There's a few different NAT options. . . can prolly also do it with ncat. 17:27:37 it works if you have different networks 17:27:53 but that was the issue, right? 17:33:15 instance9, bsd.to upstream has been down for a couple of weeks now. It's fronted by CloudFlare but the upstream behind it is down. Nothing CloudFlare can do about that until the backend comes back online again. 17:35:03 oh, it was pastebin there? 17:35:33 ketas: yes, only one network 17:35:35 Yes. See the /topic for it. It has been offline long enough that I would like to see the topic updated to reflect a different pastebin recommendation. 17:35:47 ketas: that's why I cannot use pf to redirect 17:36:15 Ronis_BR, Are you trying to connect into one of the VMs/Jails and it is using pf based NAT there? What's the topology? 17:36:26 oh right, it's indeed in topic 17:36:42 Ronis_BR: isn't `rdr` in pf not good enough for your problem? 17:37:26 And it is the same problem for https://pad.bsd.to as well. Pretty sure they were the same backend system. Both down for weeks. 17:38:04 ridcully: No, I am not trying to use NAT in jails. I just need that this FreeBSD machine (which uses pf), redirect all the packages it gets in a port to another IP (external to the FreeBSD machine). 17:38:14 and obviously to send the replies back 17:38:56 ridcully: rdr did not work because pf cannot send the packages to another external ip in the same interface 17:39:19 it would mean spoofing src too 17:39:34 ridcully: it is something like this: https://forums.freebsd.org/threads/redirect-all-traffic-from-ip-to-another.59364/ 17:39:35 Title: PF - Redirect all traffic from ip to another | The FreeBSD Forums 17:39:51 but there is not an answer :( 17:42:13 I don't know enough about pf to answer so I should keep quiet. But I also feel that the problem statement is ambiguous because the network topography hasn't been clearly stated making any answer impossible anyway. If the network topography was better understood then more help might be provided. 17:42:16 socat will work if rdr won't 17:42:22 I was just about to suggest socat! 17:43:00 If you ever thought... Maybe I should write a program to proxy between here and there... Then socat can already do it for you. 17:43:35 socat, or net network 17:43:41 new 17:43:48 rwp: hum, let me try to address that. I have two machines (A and B). I want to create this connection INTERNET <=> A <=> B. "A" connects to internet. I need that all packages that arrive at A in a specific port to be redirect to B in the same port. 17:43:59 The problem is that A only has one network 17:44:42 vlans? 17:44:53 that's not l2 there? 17:45:05 ketas: sorry, I did not understant 17:45:07 So A has both a public IP address and a private RFC1918 LAN address. And B has only a private RFC1918 LAN address. Gotcha. 17:45:08 understand* 17:45:39 rwp: Actually A has the same IP, only that the firewall allows outside internet connection to it 17:45:57 rwp: A and B are in the same network, but only A can receive outside connections 17:46:12 and I want to access a service in B by connection through A 17:46:28 but can't, why...? 17:46:39 isn't that the fw/gw there 17:46:56 So for example (using example.com) A might have 93.184.215.14/24 and B might have 93.184.215.15/24 but the firewall only allows traffic to 93.184.215.14? 17:47:06 ketas: for some reason pf does not allow this kind of redirect using the same LAN 17:47:16 rwp: yes! 17:47:48 Linux netfilter also complains about that case too. It will send an ICMP redirect and of course that's where things break down on the Linux kernel side too. 17:48:14 can't add more ips? 17:48:23 ketas: no :( 17:48:59 then socat0 17:49:00 ? 17:49:05 In linux, I did something like this: iptables -t nat -A OUTPUT -d old-ip -p tcp --dport some-port -j DNAT --to-destination new-ip 17:49:09 if you can't modify network 17:49:18 ketas: I will search about! thanks! 17:49:51 Is this for a service other than SSH? Or are we talking SSH here? 17:50:08 rwp: no, it is not ssh, it is a connection to a database 17:50:13 hmm 17:50:33 I don't see how that iptables -t nat rule would apply, even if we were on a linux system. I have been there before. 17:50:55 socat seems promising. Can I use it inside a jail? 17:51:01 yes 17:51:05 There is also stunnel which I have used before for such things too. 17:51:12 thanks! 17:51:17 rwp: I will search about it 17:51:19 thanks! 17:52:24 The advantage of stunnel is really only that it can be used to terminate TLS connections and has an infrastructure for starting a persistently running daemon. For all other reasons socat is the swiss army chainsaw for network plumbing. But you will need to set it up persistently yourself as a DIY thing. 17:53:51 all those issues vanish if only you could have different networks 17:54:00 rwp: perfect! Thanks! 17:54:03 An issue that you will run into is that your database on B will look at the peer address and the peer address will always be the proxy machine A and never the remote system. That's probably not a showstopper for you but databases using IP addresses as part of the security can't do it then. 17:54:05 ketas: fully agree 17:54:25 vlans or vpns or vxlans or whatever 17:55:51 I like the idea of a VLAN here. But the default route would need to be out through the VLAN routing all traffic through A. Not sure if that is acceptable or not. 17:57:34 I am not sure 17:57:54 rwp: depends... 17:57:54 I recently put a WiFi Access Point on the end of a VLAN so I could overlay it on the existing LAN. And thought it would also work to have it directly connect through the LAN to other systems. Nope! That created problems due to the asymmetrical paths of packets heading in the different directions. In the end I removed the LAN address and connected through a separate VLAN subnet on the same wire. 17:58:09 you could add a fib 17:58:17 make it super complex 17:58:41 I am not really a network engineer. I just play one sometimes on my LAN. 17:59:51 machines with more than one network regularly appear on internet... in fact it's built with those 18:00:04 just need correct config :p 18:00:34 Ronis_BR, You asked if this could be in a jail and yes of course it can but... What networking is the jail using? Is it piggybacking on the host network? That's the easy case and it should just work. Is it a VNET jail using NAT? Is it DHCP'ing an address? Those other two cases create complications. 18:00:53 rwp: it was using ANT 18:00:55 NAT* 18:01:09 but I just realized I can install in the host 18:01:23 Then you would need to route the inbound through your NAT. 18:01:38 rwp: yes, the complication is not necessary 18:01:39 ketas, Certainly my connection is on a machine with three networks right now. 18:02:09 Four actually if I count the VLAN too and I think that should count. 18:02:25 wifi ap eh 18:02:41 why did you need this 18:03:37 you could bridge vlan into untagged lan 18:03:46 just switch craps out here often 18:05:01 My fiber enters my house on the far south side and I located the fiber modem and house router there due to wanting it online quickly and not wanting to pull the fiber through to another place. So it's there. But a WiFi AP there cannot cover the entire house and not up into the bedrooms. So I put a Banana Pi online centrally located but on the house LAN to be the WiFi AP and connected it over a VLAN to the house router. Works great! 18:06:00 Note that my WiFi AP connects to the Internet just fine for anyone using it but is firewall off from the house LAN systems. Hence why I put it on a VLAN. 18:06:29 but why did something fail here 18:06:33 i also do it here 18:07:02 wifi ap has vlan for traffic and untagged for management 18:07:08 You said your network switch fails out every so often? Then do you power cycle it or something to get it back online? Might be time to find a replacement switch. 18:07:12 rwp, ketas: socat worked perfectly! :) 18:07:14 thanks 18:07:20 socat FTW! :-) 18:07:44 i mean if you want to connect vlan to another vlan, switch won't generally do this 18:07:52 but a router can 18:08:05 hell router is what one should use here anyway 18:08:16 I must run. Real life is calling! TTYL 18:11:23 question: what is the best practice to start socat at boot? 18:11:56 oh, it seems there is already a service 18:12:23 @reboot daemon -f ... crontab is one quick hack 18:12:52 just don't "reboot" the crond 18:14:09 ketas: there is a file to configure instances and the service socat 18:15:23 which does also use daemon :p 18:15:38 in more proper way 18:16:02 man... I cannot believe that the solution was SO simple. I was about installing a linux VM (bhyve) just to make this routing. 18:16:08 thanks you very much rwp and ketas ! 18:16:19 but now src ip is all wrong 18:16:24 ? 18:16:53 ketas: yes, probably the connection in the B machine comes with the IP of A, but there is no problem at all 18:17:20 you didn't know you can proxy? 18:17:29 one can always proxy 18:17:50 ketas: no! I am not network expert, I was just trying to solve connection problem here :) 18:17:55 :p 18:18:02 thanks! 18:21:40 how good 19:57:16 SH3LLC0D3R, hack the Gibson. 21:06:44 cyberdelia is in 2 more days CrtxReavr 21:44:37 Ronis_BR, I am very glad to hear that you got everything figured out! As with most things, "Knowing is half the battle." :-) 21:45:30 There are many things that I am completely stumped by. Just completely stuck. But then someone will help me out and get me unstuck! It's the community which makes it all work. 21:55:34 i agree. the community here is second to none 22:16:38 gpioctl question. I have a DS18B20 connected I'm pretty sure correctly to my raspberry pi, I've added "dtoverlay=w1-gpio" to config.txt. The sensor is on pin 7. How do I access its value? 22:16:43 Incidentally, `sysctl dev.ow` says "sysctl: unknown oid 'dev.ow'". And `ow.ko` and `ow_temp.ko` are kldloaded. Do I need to do something in gpioctl to activate the 1wire bus? 22:22:19 Nobody plays with BSD on rpis? 22:44:42 Which file would I add commands to so they get executed and piped to the daily 3 am emails? It'd be /etc/daily.local on OpenBSD 23:14:48 i got a rc.d script that uses daemon to keep a bin running. child and supervisor pidfiles exist. service mybin start works, service mybin status identifies the daemon pid. service mybin stop works. but if i make bin's config file have an error and it crashes on start, service mybin stop doesn't work. keeps waiting on daemon's pid. in mybin's log 23:14:49 file i can see it keeps being started (by daemon) and erroring with config file. any way to improve this? 23:18:38 vortexx, Try /etc/periodic/daily/ 23:19:19 gh00p, Not yet. 23:27:59 rwp: thanks