04:57:39 good morning. i'm reading the 14.0R release notes and see that upgrading a ZFS root pool is "discouraged", but doesn't say why. is there something wrong with upgrading a zfs root pool? (after updating the bootcode, of course) 05:24:22 dk: everything was resolved, no worries 05:38:32 polarian: you should be able to set the audio backend via the media.cubeb.backend config as the install message describes https://www.freshports.org/www/firefox/#message 05:38:33 Title: FreshPorts -- www/firefox: Web browser based on the browser portion of Mozilla 06:14:44 mzar: great to hear, thank you 06:19:22 dk: why do you want to upgrade to 14.0 instead of latest 14.1 ? 06:20:27 mzar: i don't, i intended to go to 14.1. i just wanted to read the .0 notes to learn about the big changes in 14. 06:21:32 btw any worries about going 12.3 -> 14.1? or should i do an intermediate 13.x? 06:46:36 It might just work but stepping it thru 13.2 might be a good idea since 12.3 was EOL before 14.0 06:53:02 I vaguely recall that there was some other reason why you would want to step thru 13.x first, that bug in freebsd-update when some file changes to a directory? 07:23:32 dk: I don't know, 12.3 lost support long time ago 08:14:14 when I installed FreeBSD 14.0 it wouldn't mount zfs root, my install is a BIOS/GPT system with ZFS on top of GELI FDE. I stuck with 13.2 because of that. Today I updated to 14.1 which was uneventful 08:15:23 I also updated the bootcode and upgraded the zpool just now 08:16:19 Did you by any chance upgrade the zpool and not the bootcode last time? 08:17:22 no, I didn't even get to upgrade the zpool last time, the new kernel wouldn't boot at all 08:18:04 lets say i have hundresds of jails for hundreds of users... is there a way to redirect a user that connects to $username@$hostip to his jsil inside $hostip based on his $username ? 08:18:52 connects to what exactly? ssh? 08:19:17 nimaje: ssh yes 08:20:59 I think sshd lets you configure what gets run on connect and that gets passed the username and what else was send (probably a command) 08:22:58 hmmm 08:23:18 nimaje: do you know any page with an example? 08:27:41 ah, it was ForceCommand see the sshd_config man page, but no idea where you can find examples 08:36:00 nimaje: ok thanks 09:38:43 nimaje: so, its possible to add in authorized_keys: command="ssh user@internal_host" ssh-rsa $publickey 09:39:11 and when the ser connects, ssh will make a connection to the internal host (a jail) 09:39:20 does this sound secure ? =p 09:41:41 hm, sounds more like you want a jumphost then, if all the jails should run sshd too 09:53:13 nimaje: oh, that better 14:57:13 hmmm I am getting a little annoyed that wifi is not working in one of the rooms... it seems the antenna on my phone are much stronger than on my laptop... does FreeBSD keep transmission power low by default? 15:03:01 I think it's rather that FreeBSD developers don't care about laptops as much, since they use MacBooks as their daily drivers. 15:04:22 OpenBSD is known for dogfooding their own OS, and they do so on ThinkPads. But even that is far from perfect. Like problems I have on more modern computers, but none on older hardware. 15:05:20 And by "modern" I mean anything from 2015 or newer. 15:05:55 I am running an E6430 15:06:03 so its far from modern :P 15:06:15 I picked it specifically because it wasn't modern 15:06:21 modern laptops are built flimsy 15:06:55 I have a better user experience picking up some "cheap rubbish" people are trying to get rid of on ebay than using a nice shiny new laptop delivered from the OEM spec'd out to the max 15:07:02 Dell, not really known territory to me. 15:07:03 (plus it saves the old laptops from the landfill) 15:07:14 well I went with Dell because thinkpads are overhyped 15:07:22 old thinkpads are therefore... more expensive 15:07:27 the hype drives up the prices 15:07:37 picking up old dell/hp stuff though... that is easy 15:07:52 toshiba I believe have some very good offerings on ebay too, but I haven't specifically looked 15:07:53 Had no problems with prices. 15:08:05 Maybe because they're not that hyped over here. 15:08:13 well to be honest, a friend of mine managed to pick up a T420 for... I think it was £23 15:08:27 so I guess its the luck of the draw 15:08:34 supply and demand, at the time I looked there was no cheap thinkpads 15:09:33 Over here you'd see most people with either a MacBook, or ASUS, or MSI, or Mouse. If you see someone with a ThinkPad, it's either some employee at some company in suite and everything, or some occasional Unix greybeard. 15:09:44 is there any conventions for naming zpools 15:09:54 or is it literally name it anything 15:10:07 You can name zpools however you want. 15:10:25 as for laptops, I mainly see Macbooks 15:10:28 especially at university 15:10:34 its like the go-to laptop 15:10:51 And iPhone like the go-to phone too. 15:10:53 students get their big loan at the beginning of the year, they need a laptop for computer science, they go out and buy the latest M whatever macbook 15:11:25 also me and my friend did do a little experiment... I brought the E6430 and he brought a T420 15:11:31 Yeah, even 4th hand M1 MacBook is way outside my budget. 15:11:34 people always went to him to ask for help 15:11:39 nobody would ask me :P 15:12:04 (not like I would speak to anyone anyways, I am extremely anti-social) 15:12:37 Though might want to get an M1 MacBook and install OpenBSD just so I can compile for ARM64 architectures. 15:12:42 I get the desire for Macbooks... everything just works, and the hardware is meant to be really high quality... it feels premium (I have only used a macbook to help someone else) 15:13:00 Just like how I got a PowerBook G4 for compiling to PPC architectures. 15:13:20 but parts are impossible to get cheaply, its a pain in the arse to fix macbooks... I would need to sell a kidney to buy a macbook... and now they are ARM, they aren't well supported (although Asahi Linux is making progress \o/) 15:14:06 I believe the OpenBSD support for M1 laptops was taken from Asahi reverse engineering? 15:14:16 You tell me? I applied new thermal paste in the PowerBook G4, because it got so hot so fast, you could even barbeque on that thing. 15:14:26 Such a pain in the ass to even get to the processor! 15:14:31 because iirc Asahi (the distro) is simply a playground to reverse engineer the Macbook before it being merged into the big distros 15:14:55 And yes, that's correct. 15:14:59 remiliascarlet: why not have a BBQ on it :P 15:15:32 Because I already have too many cooking stuff. 15:16:11 All I eat is meat, yet I have too many fry pans, cooking pots, grills, and other stuff I really don't need. 15:17:00 lucky there are no vegans here... right? 15:17:06 they would murder you for that :P 15:17:20 Not like they can. 15:18:14 meat is my favourite category of food too 15:18:21 but I do eat other stuff obviously :P 15:18:35 plus it tends to be too expensive to have too often 15:19:00 I can't eat other stuff. Just meat, fish, eggs, salt, butter, water, and occasionally cheese. 15:19:26 But no, it's not expensive. I'd rather say it's a lot cheaper than eating everything. 15:20:12 Because I only need to eat once a day, and I'm fine. Before that I'd eat 4 times a day, snack inbetween, and still be hungry. 15:20:30 These expenses really add up in the long run. 15:20:32 Have you been to *BSDCon? 15:20:40 No. 15:20:53 neither have I, I am curious what the most common laptop is there... 15:21:02 OpenBSD folks definitely would be thinkpad 15:21:06 netBSD? I am not too sure 15:21:11 There was one during the scamdemic, but the rules made me not want to participate in it. 15:21:17 NetBSD runs on (almost) anything... so they could rock up with anything really 15:21:56 That's NetBSD's aim, but it's really hard to actually run on anything. 15:22:54 wait that reminds me 15:23:05 I have NetBSD on one ThinkPad, it's a pretty decent flavor, but I prefer OpenBSD simply for its better consistency. 15:23:21 BSDcan is still running a mask-only policy :/ 15:24:11 I don't see the use of NetBSD other than the last BSD before having to go back to Linux for hardware support 15:24:33 "BSDcan is still running a mask-only policy" Some people will remain hopeless forever, I'm afraid. 15:24:41 FreeBSD has better firmware support, and also has openzfs support... OpenBSD is rigidly focused on small codebases and security... NetBSD is simply hardware support? 15:26:09 There are some benefits actually. You might be aware that the Clang compiler on OpenBSD would let you know when your code sucks, right? NetBSD does that too, but for other sucky parts. OpenBSD doesn't report on things NetBSD does, and vice versa. 15:26:53 So writing in C on OpenBSD, and compiling on both OpenBSD and NetBSD has really improved code quality for me. 15:28:22 But the downside of NetBSD is that it's just riddled with legacy code, as if there's a policy that disallows you to throw away old or unused code no matter what, whereas OpenBSD does this all the time. 15:29:22 OpenBSD proactively strips old code to lower the attack surface area 15:29:28 FreeBSD seems to be a inbetween the two 15:29:49 And Dragonfly BSD seems to be in a development hell forever. 15:30:18 to be honest FreeBSD is the more Linux-like BSD... as a lot of the security offered is similar to how it would be done on Linux, that is MAC and containerisaion (jails) mimic SELinux and LXC 15:31:07 OpenBSD rejects MAC for being too overcomplicated and hard to administrate, due to the entire "security by default", having a system with MAC would not be very "default" as you would need to write policies 15:31:24 (or that is what I took from the mailing list thread on it) 15:31:52 and they also use traditional chroots... 15:32:04 I never cared about containers personally. I find them too complex to even bother with. 15:32:56 So you'll never see me release software with a Dockerfile anytime soon. 15:34:12 I hang around some (extreme) security circles and FreeBSD is no where near up to their standards, secure boot as a requirement, all data must be encrypted at rest using TPM (NOT passphrase), SELinux is mandatory and must be strict, TLS 1.3 ONLY, and proactive removal of C codebases replacing it with rust 15:34:24 oh and also containers within virtual machines 15:34:30 for extra layers of security 15:35:05 (oh and yes they consider OpenBSD a heap of shit if you are wondering "what about OpenBSD meeting their standards") 15:35:37 So FreeBSD has gone ahead with Rust after all? 15:35:41 That's disappointing. 15:35:47 Personally I dislike docker/kubernetes... I think they overcomplicate everything and eat resources with complex heavy daemons 15:35:57 FreeBSD went ahead with rust? 15:36:02 I know nothing about that 15:36:22 my point was Linux is seen as the only secure OS by many security groups 15:36:49 Oh, I thought you meant FreeBSD, since that's what you started your sentence with. 15:37:50 I do find it quite ironic that SELinux policies are mainly taken from RedHat (too much time and effort to write your own) which means trusting IBM, and then they also trusting SELinux simply because the NSA uses it 15:38:06 But yes, there has been a mailing list thread about replacing C with Rust into the FreeBSD source tree, which caused a lot of mixed reactions. 15:38:18 the docs for SELinux are a cure for insomnia by the way... ever struggle sleeping try reading a few paragraphs from it, and you will be asleep in no time 15:38:38 remiliascarlet: which list is it? I would like to read it 15:39:15 I don't remember exactly, so I'll look it up. 15:39:20 I am personally against rust I think what OpenBSD/NetBSD are doing with writing tools to catch more C bugs is better than expecting the entire world to adopt a new programming language... a language which still has no standard! 15:39:26 Rust changes anything when it wants... 15:39:31 case-to-case basis 15:40:01 Already found it: https://lists.freebsd.org/archives/freebsd-hackers/2024-January/002823.html 15:40:02 Title: The Case for Rust (in the base system) 15:44:16 I was told that someone on the Nintendo developer board was suggesting for adopting Rust for Nintendo Switch development. One of the wiser replies was that it's going to be a waste of time, because veterans already had to switch languages twice before (Assembly to C to C++) on 2 different occasions (ASM to C from SFC to N64, and again from GBA to DS, and C to C++ from N64 to GC, and again from DS 15:44:18 to 3DS), so no way they will do this yet again. And younger developers are generally dependent on Unity/Godot/Unreal, none of which use Rust for scripting anyway. 15:44:54 I guess I never really asked this question because I assumed what the answer will be, but heres a very basic question 15:45:07 is freebsd a good choice for setting up a heavy web/light mail serveR? 15:45:44 Depends on your specific needs. 15:46:30 FreeBSD is very performant, so if that's the issue, then yes. But if security is the main focus, then OpenBSD might be a better choice. 15:47:42 FreeBSD also has a huge advantage over OpenBSD in supporting ZFS, which is a really great option for a heavy web server 15:47:57 why is that such an advantage for web? 15:48:19 also i don't know how to quantify my needs. performance is importanta nd security is also important :D 15:48:42 Well, it has more advanced caching than the Berkely Fast Filesystem, it also has built-in file integrity checks and RAID management 15:49:01 (OpenBSD only supports the Berkeley Fast Filesystem afaik, but I might be wrong) 15:49:23 So it's a better choice for a firewall / very light server 15:50:48 i feel like those filesystem features *should* be moot for my needs because apache SHOULD be caching eerything in RAM anyway. The actual file size of all the files on all the websites i host is actually not very big 15:51:01 ZFS has a huge advantage for NAS's, but for just a web server I think this is completely unnecessary. 15:51:57 In fact, I run an OpenBSD-based web server and a FreeBSD-based NAS, and I'd mount a zpool on the OpenBSD server via NFS, and I get the best of both worlds. 15:53:17 But it's true that OpenBSD is quite lame when it comes to file system support. 16:00:01 hello, every so often, usually when the laptop has been on for a while and after a few sleep/wake cycles, my Intel Ivy Bridge GPU hangs; the laptop recovers but no longer has GPU accelleration, i get a black screens for any new windows/dialogs, and i need to reboot. This has started happening with FreeBSD 14 16:00:14 here is what gets logged in messages when this happens: https://dpaste.com/8MFU4ZHBB 16:00:15 Title: dpaste: Freebsd 14.1 GPU hang 16:00:33 is this a driver/kernel error or is it broken hardware? 16:01:30 this laptop is pretty old (over 10 years old, intel Ivy Bridge), so maybe it's finally looking to retire? or does this look like a software bug that might have a fix? 16:09:34 hmm, maybe this might help: drm-515-kmod: 5.15.118_4 -> 5.15.160 [FreeBSD] 16:28:56 FYI, there's torrents now at https://wiki.freebsd.org/Torrents. I'm seeding all of them on a 1G connection, though it's throttled during the day since I need some bandwidth to work. XD 16:30:27 I don't know if John-Mark Gurney is on here, but THANK YOU FOR THE TORRENTS! :D 16:49:03 Hey all, is it me or is the freebsd installer kinda vague. 16:49:20 I am trying to install into a specific partition but honestly I can't figure it out. 16:49:42 anybody care to help? 16:57:21 levitating: it's not supporoted, at least for ZFS, but it's pretty straightforward, you can do it by hand 17:00:11 Yes I think I can figure it out, I now noticed I can define mountpoints and I read up on the wiki 17:07:48 mzar: Hmm so are you saying I shouldn't use bsdinstall if I want to install into a specific partition? 17:09:16 I am trying to use the manual partition editor but it keeps telling me that freebsd-zfs filesystems aren't bootable 17:12:22 I am also not sure if I can share the EFI partition with my linux installation and it forces a mounpoint unto it. 17:12:29 onto( 17:14:43 levitating: it's doable 17:16:50 mzar: what's doable? installing alongside another installation using bsdinstall? 17:17:31 I found a blogpost that seems helpful where they drop into the shell to partition, seems helpful 17:32:27 it's fairly easy to install entirely manually if you're familiar with freebsd, but for a new user there's a couple of fiddly steps (especially editing rc.conf) that might make that difficult 17:33:31 basically create partitions using gpart, format/zpool create, extract the base system, copy loader.efi to the appropriate place in your ESP, reboot, and that should be enough to get a basic single user system - it might not come up multiuser without rc.conf 17:34:40 levitating: good blog post might be useful 17:35:28 this one by Kevin Bowling, though a bit outdated might be useful 17:35:32 http://kev009.com/wp/2016/07/freebsd-uefi-root-on-zfs-and-windows-dual-boot/ 17:35:33 Title: FreeBSD UEFI Root on ZFS and Windows Dual Boot - Kev009.com 17:37:28 https://forums.freebsd.org/threads/uefi-gpt-dual-boot-how-to-install-freebsd-with-zfs-alongside-another-os-sharing-the-same-disk.75734/ 17:37:29 (iirc you can run bsdconfig after booting into the system to configure rc.conf the same way the installer does it) 17:37:29 Title: [UEFI/GPT] [Dual-Boot] How to install FreeBSD (with ZFS) alongside another OS (sharing the same disk) | The FreeBSD Forums 17:37:37 the one I found used thtat blogpost as a reference 17:38:21 the blogpost seems to completely manually install, quite interesting 18:17:44 lw, seems like I still don't understand how to use wine 18:21:45 how do I get my cpu to boost? It's a mobile ryzen 7 18:21:53 I got powerd enabled 18:22:23 How do you know it is not boosting? 18:23:14 I haven't seen it go over 1700Mhz once, and it's not running that hot 18:23:22 during a compilation 18:23:37 AFAIK boost frequencies are not displayed/handled correctly. But I only very recently got an AMD machine. 18:23:45 hmm interesting 18:23:57 should I download some microcode for my cpu somewhere? 18:25:01 that's generally highly recommended, yes. 18:25:29 see sysutils/devcpu-data 18:26:01 err.... sysutils/cpu-microcode 18:27:26 are there any plans for wifi 5ghz on FreeBSD ? 18:28:34 yes 18:29:23 why would plans be needed for something that works already? 18:30:23 last1: isn't 5GHz n already supported? not sure about ac/ax 18:30:35 sorry, I misspoke, I meant the RT 2800 chipset 18:30:52 everywhere I read it said it doesn't work because FBSD doesn't support 5ghz yet 18:31:41 this is a usb wi-fi stick 18:52:32 seems like if_ral supports pci wi-fi adapters with that chipset, no idea what the the diffrence between pci and usb is there 18:55:05 menuentry "FreeBSD" { set root=(hd1,6) chainloader +1 } this is to boot freebsd from mbr 18:55:14 from grub with linux 18:56:02 how can i boot from grub with linux freebsd with SSD nvme1n1p6 e.g. is a boot sector nvme1n1p5 is a slice 18:56:22 again with mbr 18:56:28 no uefi 18:59:05 who knows 19:56:16 hey guys, im giving freebsd a go. the learning curve on PF configuration is proving quite steep for me, is there a simplified front end available like UFW or shorewall? 19:57:17 all i need to begin with is block all incoming except icmp and ssh and im failing miserably 20:11:10 Just `block in` then `pass in proto icmp from any to { $ext_ip }` 20:11:34 getz: why the { } 20:11:36 its a single value 20:11:53 and that is only icmp 20:12:43 dff: "block in" "pass in proto tcp from any to self port ssh" "pass out" 20:12:52 thanks! 20:13:06 dff: pf allows related icmp (in iptables terms, 'related') and established (in iptables terms, 'established') by default 20:13:29 not sure about a ufw-like front end though, tbh i find it simple enough you don't really need that 20:14:11 lw: if you only block in... then you dont need to pass out surely/ 20:14:28 polarian: maybe true, i have it configured to block all by default so pass in / pass out is required 20:14:40 I do the same :) 20:14:40 i think that isn't the default configuration but it doesn't hurt to list it explicitly 20:14:52 I didn't think about blocking only in :P 20:17:34 dff: fwiw this is the actual ruleset i tend to use on non-router systems: https://www.le-fay.org/tmp/30d/pf.txt (except i don't allow ssh from any usually) 20:19:01 (actually you may need 'from any to any' for the icmpv6, freebsd drops NS/NA from non-link-local addresses by default anyway) 21:23:40 is it realistic to compile xorg on 15 current? 21:23:55 yes? 21:24:11 i only phrase that as a question because i'm not sure if you're expecting a particular problem 21:24:41 lots of people use 15.0 on desktop, so a problem building X.org would be caught fairly quickly 21:26:14 when I use pkg xorg-drivers doesn't seem to be available 21:26:36 I tried compiling the whole xorg metaport but it failed on I think llvm, trying to run a non-existing 'lib' command during linking iirc 21:27:15 freshports suggests there might be a problem there: https://www.freshports.org/x11-drivers/xorg-drivers/ - you should mail current@ (maybe cc: ports@) with the error 21:27:16 Title: FreshPorts -- x11-drivers/xorg-drivers: X.org drivers meta-port 21:27:46 in the mean time, try turning off all the drivers you don't actually need 21:29:07 thank you, I think the error is from binutils. "lib -lmsgpack-c ../libsframe/libframe.a -L/usr/local/lib" is run but there's no lib command 21:29:32 i really wish pkg-status.freebsd.org wasn't so useless 21:31:32 I installed the binary package binutils and now it continues 21:34:11 levitating: do mail current@/ports@ even if you fix it, something is wrong there 21:34:19 or file a bug against the port 21:42:36 will do 21:45:25 lw: what mailing list do you mean exactly? I am new to the lists 21:47:02 levitating: the best way is probably to file a bug at https://bugs.freebsd.org/bugzilla/, just select 'defect in a port' and put the port name in the subject (x11/x11-drivers or whatever it is). but the two lists are https://lists.freebsd.org/subscription/freebsd-current and https://lists.freebsd.org/subscription/freebsd-ports - usually this would be a question for ports@, but since it only seems to be a problem on 15.0, copying current@ is also appropriat 21:47:03 Title: FreeBSD Mailing lists: subscription for freebsd-current 21:47:39 i haven't run into this but i don't think i build xorg-drivers since i only use Wayland 21:50:55 does the build log go into the body of the report or to an attachment 21:51:18 either but it's the entire log better to put it as an attachment 21:51:32 you could put the relevant part (probably the end where it reports command not found) in the body of the report 21:54:04 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279615 21:54:06 Title: 279615 – devel/binutils: libtool: link: cannot determine absolute directory name of `lib' 21:54:49 oh Cy maintains that, expect a reply soon, he is fairly good at fixing problems 22:03:02 levitating: also just a tip, if you report bugs with 15.0, it's worth reporting the specific commit you're using (uname -v should give this) 22:06:03 Ah right, thanks for the tip 23:10:29 does cinnamon actually depend on firefox 78?? 23:16:08 huh I guess via spidermonkey 23:54:58 levitating: you might need to deinstall msgpack-c or fix its /usr/local/libdata/msgpack*.pc files manually 23:55:17 I love checking my torrent server and seeing all the FreeBSD isos and images being downloaded. :D