01:06:42 cracauer, "trackpad does not work, but the trackpoint does" Sounds like everything is good then! :-) 01:07:14 I am one of those that actively disable the touchpad because I drag my palm on it and it has phantom taps. Just can't take it. 01:07:51 I use the trackpoint and also the "keynav" package is another good keyboard mouse tool. 01:08:56 cracauer, Since I was snarky I will also try to help. I assume you have xf86-input-synaptics installed? 01:40:53 rwp: yes it is installed. 07:31:01 * |cos| is standing on the cliff of what appears to be a rabbit-hole, looking down into the abyss and considering whether to jump in... 07:32:18 <|cos|> 3, 2, 1. here it goes! i've isolated that suspend-resume (or rather resume) fails with "options SMP" but works without on my macbook 07:33:12 <|cos|> where do i go from here? should i prepare for a summer in a basement going from zero to here as a kernel hacker, or is there an easier first step? 07:35:46 <|cos|> i might add that no search result for "smp" on bugs.freebsd.org appears to be relevant, but that's how far i got. 07:37:39 <|cos|> (obviously; filing such a ticket could be my next step, but i'm uncertain of how to phrase it in the best possible actionable manner.) 07:40:48 how long did it take you to determine smp made a difference? 07:41:58 <|cos|> twentyone kernel builds... 07:42:03 oof 07:44:45 the wiki for that seems not to have been updated in quite a while 09:03:08 I have not heard about SMP causing it, but I have had suspend fail if I had intel-vt enabled. 09:09:30 <|cos|> I'm very confident it is SMP. Just tried a kernel based on GENERIC only excluding SMP, and it resumes. 09:58:39 welcome to smp wait till you get the smt2 smt4 smt8 threading foo... 09:59:20 https://imgur.com/a/13fmOeN 20years ago smp athlon mp / tyan tiger 09:59:31 2 x 2GHz 09:59:56 vlc 0.8.0 haha 10:00:43 2 cores / 2 threads. 10:03:42 intel-vt and amd svm is ring -1, vmm foobar for xen,vmware esxi, linux kvm/qemu 10:03:54 virtual machines 10:04:38 vt-d and iommu is the for devices ...pciE 10:04:51 mmu for io devices 10:05:04 dgpu passthrough 10:08:00 m.2 pciE,usb,ahci even better..i passthrough those devices now in vmware-vmx.. 10:15:05 close my lid and suspend-to-ram https://www.kernel.org/doc/html/v4.18/admin-guide/pm/sleep-states.html#s2ram s3 defined by ACPI. 10:15:06 Title: System Sleep States — The Linux Kernel documentation 10:15:52 vmware vm's and host os, wifi, usb mouse,joystick all come back. 10:16:24 tcp/http keepalive is another matter 10:19:08 s4 to disk/hibernate bah. dont want to waste the space on un-encrypted partition. 11:28:04 What macbook is it? 11:28:34 The thing that's most likely to break suspend/resume, in my experience, is if the TPM is activated. 12:04:38 <|cos|> debdrup: MacBookPro11,1; A1502 EMC 2678, or late-2013 as the apple heads tend to call it. 12:08:21 <|cos|> TPM chips are only in those new arm-based macbooks? 13:21:42 What would you guys recommend for wiping a disk securely, wipe(1) I have seen recommended, but I assume you can just dd /dev/urandom over the disk... also how many times would you recommend to run wipe/dd? 13:22:16 polarian: What kind of disk is that? 13:22:23 HDD 13:22:40 SSDs aren't as easy I know... and normally you got to rely on secure erase features 13:23:28 Such tools would kill or degrade health of SSDs, afaik, anyway. 13:23:41 using a tool already made, like wipe if you don't know how to use dd correctly 13:24:47 tercaL: yes... and it isn't effective either due to cells being taken in/out of use... and the load balancing between them... 13:25:07 llua: "use dd correcty?" 13:25:19 I don't see what is so advanced about writing random bits to a disk... 13:34:22 polarian: Filling the disk with random bytes/data, so that the data recovery would get harder 13:35:23 tercaL: yes... but my point here is... llua implied doing this with dd if hard 13:36:03 although I have read using /dev/zero can be done too... 13:36:15 its faster, but I assume not as secure, as zeros can be data 13:39:00 ? With HDD, once upon a time at least, there were some tricks you could use to try and recover data that was written over (shave a micron or so off the top of the disc platter and play games with lab equipment, with no guarantee of success). With SSD there's nothing like residual magnetic layer from previous to exploit. Once a sector is written over, that's it, it's done. Again, difficulty being that internal to the SSD's 13:39:01 controller it may be dynamically remapping sectors so if someone's willing to play games there, something may be recoverable ... if the machine in question has secure erase in BIOS setup just use that for SSD. 13:40:07 and also TRIM, I guess 13:40:17 makes it almost impossible to recover - afaik 13:40:24 As I ubnderstand it, TRIM uses same mechanism. 13:47:32 gnisho: I can't actually find an explanation on how secure erase works on NAND? 13:47:38 you got any links I can read up on it? 13:47:42 I am curious 13:48:16 also gnisho nothing is perfect, but if you are reselling a disk then it is not a big deal 13:48:22 polarian: a naive assumption would be, that a dedicated tool (wipe, shred, ...) might be better at the job than the generic one (dd) or at least more convenient. if this is for regulatory reasons, check them. otherwise most of them say something like: all X, then ~X, then random. if the disk was already encrypted, maybe you leave of the random run 13:48:36 last time I checked, most people dont have a clean environment at home 13:48:48 and if you are getting rid of a disk, you can always give it a smash... 13:49:19 ridcully_: I am doing a prewipe before FDE 13:49:23 FDE will not wipe the disk 13:49:51 Digging on documentation. And, yes, the regulatory requirements for multipass secure erase are because of possibility to recover data from HDD. Multipass wipe on SSD doesn't actually accomplish anything. 13:50:02 although I heard someone talking about how they FDE a disk, then write /dev/zero to the FDE'd disk (which would encrypt 0s, so randomise it) and it is like 2 minutes faster 13:50:11 idk how effective it is 13:50:19 and it was using Linux, not BSD 13:50:42 gnisho: multi-pass is 7 passes to be sufficiently destroyed, correct 13:50:46 7 rings a bell 13:51:19 I seem to remember three passes with /dev/urandom being the standard. 13:51:19 i'd not FDE for a wipe. but if the disk already had encrypted data on it, i'd not waste my time with say 7 random runs over it 13:51:54 ? Data is data is data. So long as the tool in question works properly, doesn't matter what the OS is, if a tool dumps zeros over the device, it dumps zeros over the device. 13:52:14 @polarian 7-pass is actually more than, say, the DoD asks for generally. 13:52:31 gnisho: what is the standard? 13:52:44 (with citation for further reading if possible?) 13:52:52 'Course, as places like the NSA, you'd have to do three passes, then toss the device in a shredder anyways. 13:52:55 varies, not entirely sure on criteria, but 3 or 5 is usually sufficient as of last I knew. 13:53:14 CrtxReavr: lol, they could just skip the passes and go straight to shreadding? 13:53:22 or you know... they could just stick a foundry at the datacentre 13:53:24 lob the disk in 13:53:29 That would not be protocol. 13:53:31 complete demagnatisation 13:53:33 polarian: https://en.wikipedia.org/wiki/Data_erasure - Standards section 13:53:34 Title: Data erasure - Wikipedia 13:53:39 ridcully_: thanks 13:53:45 e.g. Schneier says, 0, 1, 5x random 13:54:19 Military had procedures for destroying paper documents that involved, shredding, burning, then physicaly stirring the ashes. 13:54:24 https://guardiandatadestruction.com/resource-center/dod-5220-m-vs-nist-800/ Hunh, new standard since last I looked. anywhere from 1 to 7 passes required. 13:54:26 https://csrc.nist.gov/pubs/sp/800/88/r1/final 13:54:27 Title: Erasing data? DoD 5220.22 has been replaced with NIST 800-88 Clear and Purge - Guardian Data Destruction 13:54:28 Title: SP 800-88 Rev. 1, Guidelines for Media Sanitization | CSRC 13:54:31 NIST only does 1 round of zeros?!!? 13:54:49 Anywhere from 1 to 7, depending on circumstances 13:55:00 why zeros? 13:55:15 'Cause they're wider than ones. 13:55:52 ah... 13:56:08 so the magnetic fingerprint is bigger? therefore bigger chance to overwrite residual data? 13:56:14 Again, for SSD it doesn't matter. Also take note that for modern HDD, data encoding is much more complex than it used to be, even a run of zeros is still a complex waveform to the surface. 13:56:20 in the end of course there is also just the drill bit or the shredder 13:59:09 gnisho: only talking about HDDs here! 13:59:19 Okay! 13:59:27 https://www.techspot.com/article/2600-ssd-trimming-explained/ interdasting article, some of this is new to me... 13:59:28 Title: Explainer: What is SSD Trimming? | TechSpot 13:59:35 ridcully_: or melting it 13:59:44 I so want to chuck some platters into a plant pot and thermite it 14:00:22 if anyone can recover data from a resolidfied clump of metal, I would be surprised 14:06:25 as for securely erasing an SSD... I assume the only way is to trust that the vendor has decent firmware so that when nvme/ATA secure erase issued, it securely destroys the data... 14:06:36 because the drive controller prevents effective data destruction 14:07:03 or the better way... take the PCB out... rip of the NAND chips, and recycle the PCB 14:07:13 and smash the NAND into powder 14:07:25 I have heard some people even burning the NAND too 14:16:56 I have an old linux compat layer installed with debootstrap 14:17:12 I ran it again with a newer ubuntu release, but /etc/lsb-release in the compat layer dirs stays the same 14:17:25 can I just rm it all and debootstrap it fresh? 15:43:47 hi! 15:44:19 I don't have network connection inside VirtualBox running freebsd, any instructions to configure it? 15:48:57 Iarfen: You can edit /etc/rc.conf to configure the network in the VM. 15:49:49 ... or use "ifconfig" if you'd like. 16:05:40 |cos|: TPM chips are present for anything with EFI or UEFI, as it's part of the specification for if you're doing secure boot. 16:05:55 I don't think you can disable it on Macbooks though. 17:21:21 [00:02:04] [01] [00:00:00] Building lang/rust | rust-1.78.0 17:21:23 [00:02:04] [02] [00:00:00] Building devel/llvm15@default | llvm15-15.0.7_10 17:21:25 here we go again 18:37:11 I assume TPM is not supported by geli? 18:37:20 can only find one whitepaper on it 18:37:22 and nothing else 18:47:22 my issue currently is that if I am to FDE my server... I would need to type in a passphrase 18:47:50 cant do that remotely, and having to plug in directly to the server every time I want to reboot it would be a hassle 18:48:00 then again you rarely need to reboot a server... 19:23:33 hello I need assistance with my freebsd https://videotron.eu/pastebin/?70ebfcda8cc39b0d#EFx51HifVGQaAMjbhVhoNsP3MY85D2UNaLwY49MJ3qya 19:23:34 Title: PrivateBin 19:26:45 anyone can help? 19:31:40 sixpiece, I don't know but it looks like there is a DNS problem on your system. It says "pkg: No SRV record found for the repo 'FreeBSD' 19:31:47 Is the error persistent? 19:31:58 it's new 19:32:11 Can you resolve the hostname from the command line: host pkg.freebsd.org 19:33:00 "host" is a bind-tools command. You might only have base: getent hosts pkg.freebsd.org 19:33:15 no cannot rwp 19:33:35 "ping" is rather a crass tool for looking at DNS problems but lots of people use "ping" too. 19:33:45 You can't? Oh good! Then we have the problem. 19:33:58 What is in your /etc/resolv.conf file? That's what instructs where to look for DNS nameservers. 19:36:10 interesting maybe it was installing bind 918 the issue? 19:36:31 https://videotron.eu/pastebin/?44da8e94a0037e6d#4ZzvJm7wouTToSuES7AXxatjytAFraRJHtu1ifergWrk 19:36:32 Title: PrivateBin 19:41:19 it looks like local addresses 19:41:24 can these things work together? 19:42:42 I renewed dhcp and no luck 19:44:21 sixpiece, Yes. 127.0.0.1 is looking for a locally running nameserver. Do you have one running? Alternatively DHCP should be assigning a nameserver. That would be the normal thing with DHCP. 19:44:53 You can override DHCP and provide a nameserver, such as Google's well known 8.8.8.8, and that would work. But using the DHCP provided nameserver is the most normal thing. 19:45:01 polarian: I haven't seen a write-up anywhere, though maybe klara systems has one, for where you boot into an unencrypted root, then you can ssh in with the key, and re-root into an FDE root 19:46:14 scoobybejesus: meh 19:46:30 I might just do it manually 19:46:55 better than putting a head and keyboard on it every time you need to reboot 19:47:38 so what should do to fix this? 19:48:23 all the local unbound 19:48:28 I tried to create a name server 19:48:39 scoobybejesus: have you got any guides on re-rooting 19:48:40 in resolv.conf 19:49:12 like, booting to unencrypted 19:49:19 decrypting the volume, and then rooting into it 19:49:26 so it's only one or the other? 19:49:28 I am looking. this is something Allan Jude has spoken about several times and apparently wrote a paper on, but it was early times 19:51:02 seems old... https://www.bsdcan.org/2016/schedule/events/674.en.html 19:51:05 Title: BSDCan2016: Booting from Encrypted Disks on FreeBSD 19:53:33 partway there: https://people.freebsd.org/~lidl/blog/re-root.html 19:53:34 Title: Using FreeBSD's re-root capability 19:56:29 sixpiece, How did /etc/resolv.conf get to be edited as it is in your paste where the resolvconf nameservers were commented out and the 127.0.0.1 line added? That's okay if it was accompanied by installing a local caching nameserver. Which is apparently the problem. So... Whatever did that action, undo that action. Don't override it. Let DHCP set it. 19:57:08 sixpiece, As a short term workaround (that can last a long time) edit the file again and change 127.0.0.1 to Google's 8.8.8.8 nameserver address. That's a public nameserver okay for you to use. Then things should be working. 19:58:24 But longer term it is better to understand what's happening with DHCP and why that file is not set properly after DHCP'ing an address. That will be important on laptops for example which are mobile and may be connecting on a captured portal system at a hotel, coffee shop, airport, library, city wifi, or something and need to use the DHCP nameserver or be unable to accept the EULA. 20:05:25 scoobybejesus: could just output over serial... plug the serial cable into a rpi for example and use for aggregation, then run a sshd and ssh into it to attach to serial 20:05:30 which then I can manage it all no problem 20:05:35 rwp: around? 20:05:48 issue is the mobo doesn't support serial... therefore I would need a uart card 20:07:20 although 20:07:23 Hi cracauer. Did you get your touchpad problems figured out? 20:07:30 usb is a serial bus... 20:07:46 No. I played with libinput config, but it changes nothing. 20:08:00 Wondering whether you have additional thoughts. 20:08:07 What model of laptop is this? 20:08:28 Stinkpad T14 gen1 amd 20:09:15 I have always had Thinkpads and I have never had any trouble with them. Which is one of the reasons I keep using them. Because most of the time more things work with them than with other random vendors. 20:09:54 I have had to fix up the multimedia keys on the last series as builtin support seems to have been lost. But those generate ACPI events and I fix them up in the ACPI system. 20:09:56 Yeah, this is my best-working under FreeBSD laptop. Except for this and no microphone. 20:10:21 But I haven't had a problem with my touchpad. But as you saw I disable the touchpad and use the trackpoint, keynav, and an actual mouse on my desktop. 20:10:58 this seems dang close. not many mods needed to adapt. just have the ssh user run the script on login https://forums.freebsd.org/threads/the-quest-for-unencrypted-boot-and-zfs-native-encrypted.91940/ 20:10:59 Title: Solved - The quest for unencrypted /boot and ZFS native encrypted / | The FreeBSD Forums 20:11:02 polarian, With GRUB there is a "mandos" package which people use to automate supplying decryption keys. I remember looking to see if there was something similar on FreeBSD and was disappointed that nothing out of the box seems to exist. I think it must be possible to create one. 20:11:06 I'll pack a trackball. 20:11:40 The trackball and the touchpad seem like very similar brain-hand functionality. People would like both of them together. Or dislike both of them together. 20:11:47 rwp: but that requires using grub :/ 20:12:10 polarian, Right. And hence our disappointment. 20:13:48 Native ZFS encryption in the newer OpenZFS releases available on 14 give us a few options which would work great for me. But ZFS native encryption is also the new code and has had a number of bugs found and reported there. More in the area of send|recv as one might expect. It's a complicated bit adding encryption and compression and handling send|recv too. I am waiting a while longer. 20:13:59 I still can't see in my Xorg.0.log where it throughs away my trackpad. 20:14:28 Running GELI is the mature rock solid way that we feel can't be problematic. Except there seems no way to supply the key in any automated way at boot time. I feel certain there must be a way however. It just hasn't appeared to us yet. 20:16:57 cracauer, Me brainstorming... I would boot a live-boot image to verify that it isn't just something about the current installation. I would boot a Refracta Linux because I like that one the best. That would verify that your hardware is okay. And then boot a live FreeBSD and see if it works with the touchpad. That would verify if it is a FreeBSD problem or a currently installed problem. 20:17:56 Yeah. I *think* the pad worked with the windows that came with the laptop, but I'm not sure and the install isn't installed anymore. 20:19:43 cracauer, https://www.refracta.org/ is my current favorite live boot image. The maintainer is also very active and extremely helpful if needed. I would boot it and see if it handles things okay. It's a good hardware verification step. 20:19:45 Title: Refracta home 20:23:11 Oh. Under Linux Mint the trackpad doesn't work either... 20:24:40 Not working under Linux Mint would be a flag that we have either a broken touchpad or some type incompatible touchpad. And as far as I know the T14 is compatible. It's newer than anything I personally have and can't vouch for it though. 20:26:12 Because that's two different systems, FreeBSD and Mint, that both say there is no touchpad there. That's pointing the finger of blame at the touchpad not working. 20:27:08 Have you had the touchpad disconnected at some point? Such as to add RAM or whatever that required removing the palmrest? Perhaps the connector did not get connected back up properly. That would be a likely situation and an easy fix. 20:27:41 Hmmm. I changed the NVMe. 20:28:27 But the trackpad buttons do work. 20:28:27 Maybe it is time to do a little inspection review of it. And I will cross my fingers and hope for the best. Good luck! :-) 20:28:51 The buttons below the touchpad? Or the buttons below the trackpoint and keyboard? Those are different. Different connectors. 20:29:51 Ah. Now it works. Guess what I did. Helps to by cynical. 20:29:53 The keyboard, trackpoint, and trackpoint buttons are all part of the keyboard assembly (at least on thinkpads up through the T400 series I am familar with). The touchpad and touchpad buttons are part of the palmrest. And also fingerprint reader if there too. 20:30:16 What did you do? What did you do? Don't keep us in suspense! 20:30:32 I *dis*abled the trackpad in the bios 20:30:45 Now it works. But the buttons stopped working. 20:30:45 Ha! 20:34:50 Now if I turn the trackpoint back on then the trackpad buttons work again. 20:35:06 I guess I'm all set except for microphone in. 20:36:08 thanks for your help 20:36:28 I know nothing about it other than that I needed webcamd_enable="YES" in /etc/rc.conf to enable webcamd. 20:36:46 webcam works in chromium. 20:37:24 Truly I am just one of the blind people feeling part of an elephant and trying to describe it. I know parts of the system pretty well. I know nothing at all about other parts of the system. 20:37:44 So say we all. 20:38:39 I have been using FreeBSD long enough now that I realize I am getting the same daily experience again and again. I need to branch out and spend time working with other parts of the system to try to round out my understanding of those other parts. 20:39:44 I do not recommend Xorg input. 20:40:45 * rwp laughs 20:42:29 cracauer, I am re-reading and looking for clarification. In the BIOS as things are working is the touchpad enabled or disabled. Did you say that disabling the touchpad caused it to work? 21:14:07 Yes. 21:14:41 I had to set trackpoint to enabled and trackpad to disabled so that both work, along with the buttons. 21:18:58 cracauer, Originally when I read that I thought it was simply a typo. But I saw that you emphasized it. That's really a crazy thing! I would never have thought it. Thanks for clarifying it. 21:19:23 thank you rwp going to check now fell asleep earlier 21:20:28 Good luck! 21:26:39 thank yoyu 21:41:28 https://docs.vultr.com/vultr-dns-servers 21:41:29 Title: Vultr DNS Servers | Vultr Docs 21:41:54 it's strange cause I use Vultr's DNS resolvers and it doesn't work but then I add nameserver 8.8.8.8 and it works even for ipv6 21:44:49 but whatever it's working now with its default dns servers 21:45:02 then local unbound is for local only while unbound is for outside of this area