good morning. i'm reading the 14.0R release notes and see that upgrading a ZFS root pool is "discouraged", but doesn't say why. is there something wrong with upgrading a zfs root pool? (after updating the bootcode, of course)

dk: everything was resolved, no worries

polarian: you should be able to set the audio backend via the media.cubeb.backend config as the install message describes freshports.org/www/firefox/#message

Title: FreshPorts -- www/firefox: Web browser based on the browser portion of Mozilla

mzar: great to hear, thank you

dk: why do you want to upgrade to 14.0 instead of latest 14.1 ?

mzar: i don't, i intended to go to 14.1. i just wanted to read the .0 notes to learn about the big changes in 14.

btw any worries about going 12.3 -> 14.1? or should i do an intermediate 13.x?

It might just work but stepping it thru 13.2 might be a good idea since 12.3 was EOL before 14.0

I vaguely recall that there was some other reason why you would want to step thru 13.x first, that bug in freebsd-update when some file changes to a directory?

dk: I don't know, 12.3 lost support long time ago

when I installed FreeBSD 14.0 it wouldn't mount zfs root, my install is a BIOS/GPT system with ZFS on top of GELI FDE. I stuck with 13.2 because of that. Today I updated to 14.1 which was uneventful

I also updated the bootcode and upgraded the zpool just now

Did you by any chance upgrade the zpool and not the bootcode last time?

no, I didn't even get to upgrade the zpool last time, the new kernel wouldn't boot at all

lets say i have hundresds of jails for hundreds of users... is there a way to redirect a user that connects to $username@$hostip to his jsil inside $hostip based on his $username ?

connects to what exactly? ssh?

nimaje: ssh yes

I think sshd lets you configure what gets run on connect and that gets passed the username and what else was send (probably a command)

hmmm

nimaje: do you know any page with an example?

ah, it was ForceCommand see the sshd_config man page, but no idea where you can find examples

nimaje: ok thanks

nimaje: so, its possible to add in authorized_keys: command="ssh user@internal_host" ssh-rsa $publickey

and when the ser connects, ssh will make a connection to the internal host (a jail)

does this sound secure ? =p

hm, sounds more like you want a jumphost then, if all the jails should run sshd too

nimaje: oh, that better

hmmm I am getting a little annoyed that wifi is not working in one of the rooms... it seems the antenna on my phone are much stronger than on my laptop... does FreeBSD keep transmission power low by default?

I think it's rather that FreeBSD developers don't care about laptops as much, since they use MacBooks as their daily drivers.

OpenBSD is known for dogfooding their own OS, and they do so on ThinkPads. But even that is far from perfect. Like problems I have on more modern computers, but none on older hardware.

And by "modern" I mean anything from 2015 or newer.

I am running an E6430

so its far from modern :P

I picked it specifically because it wasn't modern

modern laptops are built flimsy

I have a better user experience picking up some "cheap rubbish" people are trying to get rid of on ebay than using a nice shiny new laptop delivered from the OEM spec'd out to the max

Dell, not really known territory to me.

(plus it saves the old laptops from the landfill)

well I went with Dell because thinkpads are overhyped

old thinkpads are therefore... more expensive

the hype drives up the prices

picking up old dell/hp stuff though... that is easy

toshiba I believe have some very good offerings on ebay too, but I haven't specifically looked

Had no problems with prices.

Maybe because they're not that hyped over here.

well to be honest, a friend of mine managed to pick up a T420 for... I think it was £23

so I guess its the luck of the draw

supply and demand, at the time I looked there was no cheap thinkpads

Over here you'd see most people with either a MacBook, or ASUS, or MSI, or Mouse. If you see someone with a ThinkPad, it's either some employee at some company in suite and everything, or some occasional Unix greybeard.

is there any conventions for naming zpools

or is it literally name it anything

You can name zpools however you want.

as for laptops, I mainly see Macbooks

especially at university

its like the go-to laptop

And iPhone like the go-to phone too.

students get their big loan at the beginning of the year, they need a laptop for computer science, they go out and buy the latest M whatever macbook

also me and my friend did do a little experiment... I brought the E6430 and he brought a T420

Yeah, even 4th hand M1 MacBook is way outside my budget.

people always went to him to ask for help

nobody would ask me :P

(not like I would speak to anyone anyways, I am extremely anti-social)

Though might want to get an M1 MacBook and install OpenBSD just so I can compile for ARM64 architectures.

I get the desire for Macbooks... everything just works, and the hardware is meant to be really high quality... it feels premium (I have only used a macbook to help someone else)

Just like how I got a PowerBook G4 for compiling to PPC architectures.

but parts are impossible to get cheaply, its a pain in the arse to fix macbooks... I would need to sell a kidney to buy a macbook... and now they are ARM, they aren't well supported (although Asahi Linux is making progress \o/)

I believe the OpenBSD support for M1 laptops was taken from Asahi reverse engineering?

You tell me? I applied new thermal paste in the PowerBook G4, because it got so hot so fast, you could even barbeque on that thing.

Such a pain in the ass to even get to the processor!

because iirc Asahi (the distro) is simply a playground to reverse engineer the Macbook before it being merged into the big distros

And yes, that's correct.

remiliascarlet: why not have a BBQ on it :P

Because I already have too many cooking stuff.

All I eat is meat, yet I have too many fry pans, cooking pots, grills, and other stuff I really don't need.

lucky there are no vegans here... right?

they would murder you for that :P

Not like they can.

meat is my favourite category of food too

but I do eat other stuff obviously :P

plus it tends to be too expensive to have too often

I can't eat other stuff. Just meat, fish, eggs, salt, butter, water, and occasionally cheese.

But no, it's not expensive. I'd rather say it's a lot cheaper than eating everything.

Because I only need to eat once a day, and I'm fine. Before that I'd eat 4 times a day, snack inbetween, and still be hungry.

These expenses really add up in the long run.

Have you been to *BSDCon?

No.

neither have I, I am curious what the most common laptop is there...

OpenBSD folks definitely would be thinkpad

netBSD? I am not too sure

There was one during the scamdemic, but the rules made me not want to participate in it.

NetBSD runs on (almost) anything... so they could rock up with anything really

That's NetBSD's aim, but it's really hard to actually run on anything.

wait that reminds me

I have NetBSD on one ThinkPad, it's a pretty decent flavor, but I prefer OpenBSD simply for its better consistency.

BSDcan is still running a mask-only policy :/

I don't see the use of NetBSD other than the last BSD before having to go back to Linux for hardware support

"BSDcan is still running a mask-only policy" Some people will remain hopeless forever, I'm afraid.

FreeBSD has better firmware support, and also has openzfs support... OpenBSD is rigidly focused on small codebases and security... NetBSD is simply hardware support?

There are some benefits actually. You might be aware that the Clang compiler on OpenBSD would let you know when your code sucks, right? NetBSD does that too, but for other sucky parts. OpenBSD doesn't report on things NetBSD does, and vice versa.

So writing in C on OpenBSD, and compiling on both OpenBSD and NetBSD has really improved code quality for me.

But the downside of NetBSD is that it's just riddled with legacy code, as if there's a policy that disallows you to throw away old or unused code no matter what, whereas OpenBSD does this all the time.

OpenBSD proactively strips old code to lower the attack surface area

FreeBSD seems to be a inbetween the two

And Dragonfly BSD seems to be in a development hell forever.

to be honest FreeBSD is the more Linux-like BSD... as a lot of the security offered is similar to how it would be done on Linux, that is MAC and containerisaion (jails) mimic SELinux and LXC

OpenBSD rejects MAC for being too overcomplicated and hard to administrate, due to the entire "security by default", having a system with MAC would not be very "default" as you would need to write policies

(or that is what I took from the mailing list thread on it)

and they also use traditional chroots...

I never cared about containers personally. I find them too complex to even bother with.

So you'll never see me release software with a Dockerfile anytime soon.

I hang around some (extreme) security circles and FreeBSD is no where near up to their standards, secure boot as a requirement, all data must be encrypted at rest using TPM (NOT passphrase), SELinux is mandatory and must be strict, TLS 1.3 ONLY, and proactive removal of C codebases replacing it with rust

oh and also containers within virtual machines

for extra layers of security

(oh and yes they consider OpenBSD a heap of shit if you are wondering "what about OpenBSD meeting their standards")

So FreeBSD has gone ahead with Rust after all?

That's disappointing.

Personally I dislike docker/kubernetes... I think they overcomplicate everything and eat resources with complex heavy daemons

FreeBSD went ahead with rust?

I know nothing about that

my point was Linux is seen as the only secure OS by many security groups

Oh, I thought you meant FreeBSD, since that's what you started your sentence with.

I do find it quite ironic that SELinux policies are mainly taken from RedHat (too much time and effort to write your own) which means trusting IBM, and then they also trusting SELinux simply because the NSA uses it

But yes, there has been a mailing list thread about replacing C with Rust into the FreeBSD source tree, which caused a lot of mixed reactions.

the docs for SELinux are a cure for insomnia by the way... ever struggle sleeping try reading a few paragraphs from it, and you will be asleep in no time

remiliascarlet: which list is it? I would like to read it

I don't remember exactly, so I'll look it up.

I am personally against rust I think what OpenBSD/NetBSD are doing with writing tools to catch more C bugs is better than expecting the entire world to adopt a new programming language... a language which still has no standard!

Rust changes anything when it wants...

case-to-case basis

Already found it: lists.freebsd.org/archives/freebsd-hackers/2024-January/002823.html

Title: The Case for Rust (in the base system)

I was told that someone on the Nintendo developer board was suggesting for adopting Rust for Nintendo Switch development. One of the wiser replies was that it's going to be a waste of time, because veterans already had to switch languages twice before (Assembly to C to C++) on 2 different occasions (ASM to C from SFC to N64, and again from GBA to DS, and C to C++ from N64 to GC, and again from DS

to 3DS), so no way they will do this yet again. And younger developers are generally dependent on Unity/Godot/Unreal, none of which use Rust for scripting anyway.

I guess I never really asked this question because I assumed what the answer will be, but heres a very basic question

is freebsd a good choice for setting up a heavy web/light mail serveR?

Depends on your specific needs.

FreeBSD is very performant, so if that's the issue, then yes. But if security is the main focus, then OpenBSD might be a better choice.

FreeBSD also has a huge advantage over OpenBSD in supporting ZFS, which is a really great option for a heavy web server

why is that such an advantage for web?

also i don't know how to quantify my needs. performance is importanta nd security is also important :D

Well, it has more advanced caching than the Berkely Fast Filesystem, it also has built-in file integrity checks and RAID management

(OpenBSD only supports the Berkeley Fast Filesystem afaik, but I might be wrong)

So it's a better choice for a firewall / very light server

i feel like those filesystem features *should* be moot for my needs because apache SHOULD be caching eerything in RAM anyway. The actual file size of all the files on all the websites i host is actually not very big

ZFS has a huge advantage for NAS's, but for just a web server I think this is completely unnecessary.

In fact, I run an OpenBSD-based web server and a FreeBSD-based NAS, and I'd mount a zpool on the OpenBSD server via NFS, and I get the best of both worlds.

But it's true that OpenBSD is quite lame when it comes to file system support.

hello, every so often, usually when the laptop has been on for a while and after a few sleep/wake cycles, my Intel Ivy Bridge GPU hangs; the laptop recovers but no longer has GPU accelleration, i get a black screens for any new windows/dialogs, and i need to reboot. This has started happening with FreeBSD 14

here is what gets logged in messages when this happens: dpaste.com/8MFU4ZHBB

Title: dpaste: Freebsd 14.1 GPU hang

is this a driver/kernel error or is it broken hardware?

this laptop is pretty old (over 10 years old, intel Ivy Bridge), so maybe it's finally looking to retire? or does this look like a software bug that might have a fix?

hmm, maybe this might help: drm-515-kmod: 5.15.118_4 -> 5.15.160 [FreeBSD]

FYI, there's torrents now at wiki.freebsd.org/Torrents. I'm seeding all of them on a 1G connection, though it's throttled during the day since I need some bandwidth to work. XD

I don't know if John-Mark Gurney is on here, but THANK YOU FOR THE TORRENTS! :D

Hey all, is it me or is the freebsd installer kinda vague.

I am trying to install into a specific partition but honestly I can't figure it out.

anybody care to help?

levitating: it's not supporoted, at least for ZFS, but it's pretty straightforward, you can do it by hand

Yes I think I can figure it out, I now noticed I can define mountpoints and I read up on the wiki

mzar: Hmm so are you saying I shouldn't use bsdinstall if I want to install into a specific partition?

I am trying to use the manual partition editor but it keeps telling me that freebsd-zfs filesystems aren't bootable

I am also not sure if I can share the EFI partition with my linux installation and it forces a mounpoint unto it.

onto(

levitating: it's doable

mzar: what's doable? installing alongside another installation using bsdinstall?

I found a blogpost that seems helpful where they drop into the shell to partition, seems helpful

it's fairly easy to install entirely manually if you're familiar with freebsd, but for a new user there's a couple of fiddly steps (especially editing rc.conf) that might make that difficult

basically create partitions using gpart, format/zpool create, extract the base system, copy loader.efi to the appropriate place in your ESP, reboot, and that should be enough to get a basic single user system - it might not come up multiuser without rc.conf

levitating: good blog post might be useful

this one by Kevin Bowling, though a bit outdated might be useful

Title: FreeBSD UEFI Root on ZFS and Windows Dual Boot - Kev009.com

(iirc you can run bsdconfig after booting into the system to configure rc.conf the same way the installer does it)

Title: [UEFI/GPT] [Dual-Boot] How to install FreeBSD (with ZFS) alongside another OS (sharing the same disk) | The FreeBSD Forums

the one I found used thtat blogpost as a reference

the blogpost seems to completely manually install, quite interesting

lw, seems like I still don't understand how to use wine

how do I get my cpu to boost? It's a mobile ryzen 7

I got powerd enabled

How do you know it is not boosting?

I haven't seen it go over 1700Mhz once, and it's not running that hot

during a compilation

AFAIK boost frequencies are not displayed/handled correctly. But I only very recently got an AMD machine.

hmm interesting

should I download some microcode for my cpu somewhere?

that's generally highly recommended, yes.

see sysutils/devcpu-data

err.... sysutils/cpu-microcode

are there any plans for wifi 5ghz on FreeBSD ?

yes

why would plans be needed for something that works already?

last1: isn't 5GHz n already supported? not sure about ac/ax

sorry, I misspoke, I meant the RT 2800 chipset

everywhere I read it said it doesn't work because FBSD doesn't support 5ghz yet

this is a usb wi-fi stick

seems like if_ral supports pci wi-fi adapters with that chipset, no idea what the the diffrence between pci and usb is there

menuentry "FreeBSD" { set root=(hd1,6) chainloader +1 } this is to boot freebsd from mbr

from grub with linux

how can i boot from grub with linux freebsd with SSD nvme1n1p6 e.g. is a boot sector nvme1n1p5 is a slice

again with mbr

no uefi

who knows

hey guys, im giving freebsd a go. the learning curve on PF configuration is proving quite steep for me, is there a simplified front end available like UFW or shorewall?

all i need to begin with is block all incoming except icmp and ssh and im failing miserably

Just `block in` then `pass in proto icmp from any to { $ext_ip }`

getz: why the { }

its a single value

and that is only icmp

dff: "block in" "pass in proto tcp from any to self port ssh" "pass out"

thanks!

dff: pf allows related icmp (in iptables terms, 'related') and established (in iptables terms, 'established') by default

not sure about a ufw-like front end though, tbh i find it simple enough you don't really need that

lw: if you only block in... then you dont need to pass out surely/

polarian: maybe true, i have it configured to block all by default so pass in / pass out is required

I do the same :)

i think that isn't the default configuration but it doesn't hurt to list it explicitly

I didn't think about blocking only in :P

dff: fwiw this is the actual ruleset i tend to use on non-router systems: le-fay.org/tmp/30d/pf.txt (except i don't allow ssh from any usually)

(actually you may need 'from any to any' for the icmpv6, freebsd drops NS/NA from non-link-local addresses by default anyway)

is it realistic to compile xorg on 15 current?

yes?

i only phrase that as a question because i'm not sure if you're expecting a particular problem

lots of people use 15.0 on desktop, so a problem building X.org would be caught fairly quickly

when I use pkg xorg-drivers doesn't seem to be available

I tried compiling the whole xorg metaport but it failed on I think llvm, trying to run a non-existing 'lib' command during linking iirc

freshports suggests there might be a problem there: freshports.org/x11-drivers/xorg-drivers - you should mail current@ (maybe cc: ports@) with the error

Title: FreshPorts -- x11-drivers/xorg-drivers: X.org drivers meta-port

in the mean time, try turning off all the drivers you don't actually need

thank you, I think the error is from binutils. "lib -lmsgpack-c ../libsframe/libframe.a -L/usr/local/lib" is run but there's no lib command

i really wish pkg-status.freebsd.org wasn't so useless

I installed the binary package binutils and now it continues

levitating: do mail current@/ports@ even if you fix it, something is wrong there

or file a bug against the port

will do

lw: what mailing list do you mean exactly? I am new to the lists

levitating: the best way is probably to file a bug at bugs.freebsd.org/bugzilla, just select 'defect in a port' and put the port name in the subject (x11/x11-drivers or whatever it is). but the two lists are lists.freebsd.org/subscription/freebsd-current and lists.freebsd.org/subscription/freebsd-ports - usually this would be a question for ports@, but since it only seems to be a problem on 15.0, copying current@ is also appropriat

Title: FreeBSD Mailing lists: subscription for freebsd-current

i haven't run into this but i don't think i build xorg-drivers since i only use Wayland

does the build log go into the body of the report or to an attachment

either but it's the entire log better to put it as an attachment

you could put the relevant part (probably the end where it reports command not found) in the body of the report

Title: 279615 – devel/binutils: libtool: link: cannot determine absolute directory name of `lib'

oh Cy maintains that, expect a reply soon, he is fairly good at fixing problems

levitating: also just a tip, if you report bugs with 15.0, it's worth reporting the specific commit you're using (uname -v should give this)

Ah right, thanks for the tip

does cinnamon actually depend on firefox 78??

huh I guess via spidermonkey

levitating: you might need to deinstall msgpack-c or fix its /usr/local/libdata/msgpack*.pc files manually

I love checking my torrent server and seeing all the FreeBSD isos and images being downloaded. :D