00:46:21 Hi!, I have PostgreSql running on a jail (port 5432), then from another jail I cannot connect, not even telnet ip_of_postgresql_jail 5432. 00:49:51 both are on the same network and postgresql allows connections from * 00:50:37 From the jail I can ping the postgresql IP (the same as the host) 00:50:57 both have allow.raw_sockets and allow.sysvipc=1 01:55:52 i got a rc.d script that uses daemon to keep a bin running. 'service mybin start' works, 'service mybin status' identifies the daemon pid. 'service mybin stop' works. but if i make mybin's config file have an error and it crashes on start, 'service mybin stop' doesn't work. 01:55:54 it keeps waiting on daemon's pid and hangs. meanwhile in mybin's log file i can see it keeps being started (by daemon) and erroring out. any way to improve this? why doesn't daemon see that it's had 'service mybin stop' called and not try to restart mybin? 04:38:04 <_xor> Hmm, ok. So I "seem" to have gotten mozjemalloc compiling on FreeBSD. At the very least, I have mozjemalloc.o. Trying to figure out how best to proceed from here. 04:38:55 <_xor> Doing this because I like Firefox, but my biggest gripe with it is the amount of memory it chews up. Saw in the port message that it doesn't use mozjemalloc, which is supposed to use less memory. 04:39:34 What is mozjemalloc? 04:39:35 <_xor> So I did `make extract patch`, copied out WRKSRC, and started looking through the source. 04:40:52 <_xor> I have it compiling successfully now. Wondering how best to build firefox with it. I guess I could just create the appropriate files/patch-* files for it and build the port, but wondering if anyone else here has any experience or input on the subject. 04:41:08 <_xor> JustBleedFan: Custom memory allocator by Mozilla that is based on jemalloc. 04:41:37 <_xor> You would think that because it's based on jemalloc that it should compile easily on FreeBSD, though a lot of the failures were due to the build system (I think). 04:41:53 I never heard of it. I do love Firefox though. I'm new to BSD anyway. Never compiled anything in my life. 04:42:57 I have about 90 tabs open in Firefox constantly so my computer uses a lot of memory all the time. 04:43:51 <_xor> Firefox on FreeBSD is terrible about memory usage when compared to the Windows build. 04:44:14 <_xor> Auto Tab Discard is a good extension to help mitigate that, but I'd like to see if mozjemalloc makes a big difference. 04:45:08 My experience is Linux mostly after years of Windows use. It's definitely better on Linux than it was on Windows. 04:49:25 firefox/chrome in 4GB ram vm, chrome is the pig 04:49:44 but yeah https://jemalloc.net/ you would think on fbsd 04:49:45 Title: jemalloc 04:56:38 https://imgur.com/QPd1N8e pigs one and all 04:56:39 i've been having an issue with mozjemalloc 04:56:41 too 04:56:46 but with a fork of firefox 04:57:17 i don't think mozjemalloc is anything special but an old version of jemalloc included in firefox source 04:57:25 it's mainly used because gnumalloc is slow 04:57:50 <_xor> It's supposed to be more secure. There's a long discussion about it. 04:57:54 however, i can't compile it on freebsd yet because apparently the source code implements it's own malloc shim for the purposes of telemtry 04:58:22 it does this by overriding c++ std:: which breaks a lot of things 04:58:35 _xor, where? 05:00:22 <_xor> I have to find the link, I'm pretty sure I saved it somewhere. 05:01:02 <_xor> https://lists.torproject.org/pipermail/tor-dev/2019-August/013982.html 05:01:03 Title: [tor-dev] TBB Memory Allocator choice fingerprint implications 05:03:25 heh LD_PRELOAD 05:08:28 heh torproject had wayland binding when mozilla firefox didnt, had to ld_preload those abort () 05:10:43 mozilla firefox no wayland, torproject same mozilla but with wayland foo..this was like 2 years ago i want to say. 05:14:13 https://termbin.com/n163 has to do that for like 2years 05:14:44 just for tor 05:19:20 old xorg well tough, tor browser basically 05:27:53 onion router to nsa exit nodes..thats tor/torbrowser. haha 05:28:57 torbrowser had wayland bindings before mozilla firefox did, for some reason..guess they are cutting edge. 05:38:42 i've had exit nodes try to force down to http on the first request 05:39:07 yeah same.. 05:39:19 tor-new-circuit try again 05:39:34 i got firefox and chrome proxy thru tor if i want 05:39:46 also torbrowser..but meh 05:40:15 just keep in mind that a browser with javascript or cookies enabled completely defeats the purpose of tor, as you'll be very easily tracked 05:41:16 (same goes for normal VPNs, they don't magically "make your data secure") 05:41:16 nah, first launch each time 05:41:24 like user just installed it 05:41:55 screen size, fonts, ram, os ..fingerprinting 05:42:48 immutable ram-os is nice rm -rf stuff..means nothing to me 05:43:26 when i launch firefox/chrome/torbrowser, its first time each time..no saved anything... 05:43:52 i dont have bookmarks.html with timestamps 05:46:00 my vmware vm's same deal rm -rf them..just barebones stupid foo...steal my laptop evil maid 05:46:36 .ca stole my laptop in like 2008 at border crossing..never returned it... encrypted drives 05:46:54 truecrypt/veracrypt been audited twice now 05:47:39 oh canada! 05:48:40 seperate the os from the data 08:15:52 Is there way to view per interface routing tables or do whatever is the equivalent on freebsd of `ip route get someup dev somedev`? or is that not a thing on bsd? 10:14:23 pie_: like netstat -r you mean? 10:15:06 https://docs.freebsd.org/en/books/handbook/advanced-networking/index.html 10:15:07 Title: Chapter 34. Advanced Networking | FreeBSD Documentation Portal 10:15:59 _xor: you think that's bad? my firefox just immediately crashes when I open it 10:16:54 I've lost my profiles as well, switch to chrome, but unfortunately it can't import from the profile itself 10:40:07 pie_: route(8) has "get" command 11:10:16 Hello. I'm currently trying to resurrect supertux's build on freebsd. Unfortunately, we're currently having issues during the linker stage. It can't find -lSDL2_image and -lSDL2. However, we install both packages using `pkg install`. Any idea? 11:15:27 Tobbi: pkg search supertux turns up 2 builds already. perhaps you can look at the ports tree to see what it does? 11:17:12 Oh sure. Any build logs? 11:20:07 Tobbi: ¯\_(ツ)_/¯, you could try to clone the ports tree and build it yourself to see what it does 11:20:19 Ah, I found an online git repo. 11:28:07 I may need to provide the library path on the cmake lists command line 11:48:58 Anyway, the thing is, dstolfa that apparently, freebsd uses a custom makefile which somehow calls cmake. 11:49:01 And IDK how it works. 11:49:09 It has like USES_SDL= 15:44:52 download.freebsd.org directs me to ftp0.sjb.freebsd.org and it's very slow 17:13:25 any way for a bin in a jail to bind to a low port (80) without being superuser? 17:13:37 trying to use the portacl-rc pkg but it's not working 17:13:51 i have mac_portacl kernel mod loaded in jail host 17:21:29 polyex: have you tried forwarding that traffic using 'pf' from the lower port to a higher port that the bin can bind to without superuser access? 17:21:56 no i don't wanna do it like that 17:22:24 why not? 17:22:38 pf isn't as difficult to configure as it might seem on first glance 17:23:02 I find it a lot easier than Linux firewalls (iptables / nftables) 17:23:09 that's a workaround for letting a user bind a bin to a lower port. that's what mac_portacl stuff is for 17:23:28 there is a sysctl setting to allow lower port binding by non-root users (net.inet.ip.portrange.reservedhigh), but it affects the entire jail and could lead to security issues later on if not monitored or changed back when not needed 17:24:20 ya i don't wanna use that either. i wanna use mac_portacl. for that exact reason 17:27:32 have you loaded the mac_portacl module, including loader.conf, and added the necessary format in sysctl using the "idtype:id:protocol:port" format? 17:29:08 i did everything in github.com/Freaky/portacl-rc README 17:29:19 but portacl-rc still can't start in the jail 17:30:23 is the 'uid' correct for the jailed user? 17:37:42 ok got to bottom of it. sadly mac_portacl isn't virtualized per-jail. it can only be set in the jail host and it applies to all jails. really sucks 17:38:00 can't imagine mac_portacl not being per-vimage jail 17:46:38 polyex: I could have sworn I documented that, but maybe it was just in www/caddy 17:46:59 mind putting it on the README somewhere that it's not for jails or smth? 17:47:20 and bigger issue, when and how can we get mac_portacl support per-vimage jail? that would be killer for sec 17:47:54 btw no "jail" in man page too fwiw 17:48:39 the sysctl is virtualized if you use vnet iirc 17:49:04 what? 17:49:24 https://wiki.freebsd.org/ThomasHurst/Caddy ah there 17:49:25 Title: ThomasHurst/Caddy - FreeBSD Wiki 17:50:40 that's convoluted. is that saying to put the mac_portacl rule for the jail, in the host? 17:53:49 how it should work is jail host makes sure mac_portacl is loaded, then in jail set up everything else including running the portacl-rc stuff, so jails have their own security.mac.portacl.* 17:54:01 so they can set and have their own security.mac.portacl.rules 17:58:17 any way we can make that happen Freaky? 18:02:02 polyex: this code is not vnet aware 18:03:08 but instead you can use firewall in the jail 18:18:14 it should be vnet aware tho is what i'm saying 18:18:21 is it like super hard or ? 18:29:34 if you want mac_portacl to become vnet aware, then it needs patch 18:31:49 if i have several packages that are currently installed, but lost the .pkg file (and it's no longer in ports), is it possible to ... rebuild the .pkg from my installation? 18:31:58 (sadly it's not in /var/cache/pkg either) 18:33:56 i suppose a hacky way might just be to tar up the output of pkg info -l.. 18:34:19 mzar know how hard it might be? 18:41:51 wcarson: pkg help create 18:43:16 oh neat 18:43:58 oh man, that's so simple! 18:44:23 polyex: I have no great insight, but I wouldn't have thought it would be that difficult, mostly just changing the globals/sysctl defs to their VNET equivalents 18:59:10 Not sure where/how to submit this, but I have a 14 host running a behyve 15 that runs poudriere. The 14 runs poudriere for everything <= 14, and the 15 runs poudriere for 15 (obvs). 19:02:14 the vm mounts /usr/local/poudriere and friends from the host. This is so the output of poudriere for 15 is put together with 14. 19:03:02 During this, after only a few hours, I get a lock order reversal of nfs vs. bufwait followed immediately by nfsupg and bufwait 19:03:25 ... then I get a pile of "fieid changed" errors from the vm. 19:03:39 ... and then I need to reboot the VM to keep running poudriere. 19:03:42 bug? 19:21:13 IIRC, any lock order reversal is a bug. Dunno about the rest. 19:21:37 well... there are LORs to ignore. This one is a tripple, tho. 19:58:18 which component is supposed to create /dev/bluetooth/ device nodes? 21:57:41 i must be going crazy, once a person does zfs set quota=1024G how do you remove that quota? the zfs-set and zfs man pages only give examples of enabling but i do not see how to unenable this quota 22:11:10 voy4g3r2: can you just set it to 'none'? Thats the default I think.