It seems that by default syslogd is configured to listen globally on UDP port 514. That's fine on a LAN. But on the hostile public Internet seems less than good.

I decided I would add something to my standard configuration. syslogd_flags="-b ::1 -b 127.0.0.1"

That tells syslogd to listen only on the loopback localhost device keeping it inaccessible. That's probably a better default since most people probably don't fling remote logging packets around.

And if someone does want remote logging then that is easy to configure when it is desired.

I know I should always have a firewall up in order to block things like this though. This is just something I found that I think is worthy of a mention because sometimes people don't have firewalls in place.

sockstat -l | grep 514

netstat yes...bsdsockets/tcpip ip:port

how you get owned..open ports

see /etc/services...

ronnie cuber - passion fruit. jamming

i was talking about bsdi sidewinder firewalls other day..

Dizzy Gillespie- Tin Tin Deo (1951) ...rocking

.

_xor: one gotcha with using "openssl s_client -connect IP:PORT" is that more often than not we also need to add "-servername" for SNI.

ibm sni

that like back in token ring days...

hmm sna

my brain fart

sna and sni..trigger

don't get old kids!

haha

... funny, as I went away from the keyboard I thought, "I should have spelt SNI out"

acronym shit is what it is. the industry is full of it

drunk irc doesn't help,

discord/matrix kiddies...

Larry Finger 84 years old still hacking. died

doing realtek junk

madwifi/atheros was better

ndiswrappers vs madwifi

good for him, hacking code @84..the commit logs

pooping in diapers and painting art with it...could always be worse.

Sorry for the many joins, my server was acting up.

do people still not ignore joins and parts?

its life-changing

+1, have joins/part/quits on ignore since forever

The people over in #c apparently don't, because they soft-banned me. But I got unbanned again, since it's just bot-based.

it depends on the rate

you're still receiving the join/part, so someone could flood via that and slow down the network

but that would require A lot of rejoins

remiliascarlet: you can get a free tiny vm from oracle, and irc from that

rtprio: Why should I?

I've been running my own server farm for years with no issues.

Hello, all. While reporting a bug via bugs.freebsd.org, which component should I specify for a bug in the text-mode installer UI?

...I tried filing a bug with the base system, but the installer component is not listed. Should a choose `bin' (All other sources) or `misc', maybe?

haha

yo bonjour

Good morn, VoidKrypt. Glad I gave you a laugh.

you know about antcoin?

A head-up: I have no SSL, and the internet connection is bad here, so I might end up in the overflow channel again and miss all the fun.

|cos|, what is an even beard :->

It's a Swedish expression which apparently doesn't translate, meaning evenly distributed.

(or maybe rather a contest having no clear winner, but same same)

VoidKrypt, Nope, I know several fellow ants, including one The Ant: <zimage.com/~ant/index2.html>.

My uninitiated answer is otherwise the same as on #freebsd-irc; If being able to determine roughly where in the code the bug is the category might become more clear. If not, a wellphrased bug description is likely more important than the classification.

It was probably invennted or inspired by a guy with a beard growing very evently around his chin.

Yeah, OK. I will file under bin, I suppose. No screenshot, unfortunately, because at the installation stage I can hardly make them, and photographing the screen is... infantile?

Thank you for your unitialized anwer, |cos|.

VoidKrypt, can I ask here about the think I just got from you?

* thing

* May (`can' being about ability, rather then permission)

I need help with terminology: what is the term for the text in the installer's keymap-selection window saying: "Press arrows, TAB, or ENTER"?

Hello. I would like to know if there is a way to completely de-blob FreeBSD even if I am running on a machine that uses propietary components.

Does bugs.freebsd.org have a page where I can view all the bugs I reported?

I had hard time finding it: can be achieved via search, where reporter should be specified as e-mail, not full name.

On this page: <bugs.freebsd.org/bugzilla/buglist.c…rch=reporter%3Aant-x&list_id=705307> Bugzilla offers me to save the search under an arbitrary name. But where is the Save button?

Do I need SLAAC (Stateless Address Auto Configuration) on a non-server personal PC?

if your network is managed by slaac you want it enabled and it is the default for ipv6 networks

nimaje, Is this some analog of DHCP?

it does ip address assignment (so the main use of dhcp in personal networks) in a stateless maner (so no need for some server)

I see, thanks.

Upon installation of xfce, I received instruction in stdout about enabling shutdown and reboot. Where are they stored, so I can read perulse them when needed?

I am referring to these insturcitons: <forums.freebsd.org/threads/xfce4-no…tons-only-logout.75197/#post-461351>. But in my case they are not printed by: pkg info xfce4-session

The pgk man-page seems incomplete: <man.freebsd.org/cgi/man.cgi?pkg>. The `info' command is nowhere documented, but mentioned in the Examples section. Am I missing something?

...the commands are listed in pkg.8 . What is the difference from pkg.7 ?

look at the pkg-* man pages

Yes, I did't expect it because pkg did not mention pkg info.

I found the instruction via pkg info -D xfce4-session

What is the vi way of selecing a set of consequtive lines? In Vim, I used the visual mode (V).

selecting for what purpose?

jgh, to delete, or yank.

if you can count them, sit the cursor on the top one and then "5dd" to delete 5 lines, or "5Y" to yank 5 lines (choose number to suit)

if not... put cursor on the first one and place a mark: "ma".

then move to the last one

then "d'a" to delete, or "y'a" to yank

26 marks are available, using letter names

jgh, I know the way of counting, but thanks for the bookmarks reminder. I used them for navigation, but never for manipulating text.

How do I install the `intel' video driver? The manual says it is i915kms, but pciconf does not mentioned anything with `915' in it...

Xorg log says it cannot fails to load the `intel' module.

you want modesetting, not intel, load the i915 kernelmodul before starting Xorg

I was following the manual: 1) pkg install drm-kmod 2) sysrc kld_list+=i915kms . After this, I still get the error that Xorg failed to load the module 'intel'.

Hey, I had to restart the machine for it to work. Didn't know, the manual didn't mention it. Those who know what kms is, would know...

you just needed to load the kernel module, sysrc just adds it to /etc/rc.conf, so it will be loaded at the next load automatically

No the empty X11 starts. How do I make lightdm start? Was the installatio order important? I installed xfce, them lightdm, them X11. Had I better reinstall them in the correct order?

you have to enable lightdm, why would it run, just because you installed it?

I enabled it with sysrc.

Enabling it makes it start at boot

The manual says I have to use a greeter or autologin. I did not install any greeter and am trying to configure it for autologin.

vkarlsen, Yes. It does not start at boot.

ant-x: Have you tried starting it with: service lightdm start?

lighdm start fails to get a list of logind sears. The name org.freedesktop.login1 was not privided by any .service files

vkarlsen, Shall I invoke it from an already running X grahical interface (which I got by startx), or from the textmode terminal?

ant-x: From the terminal while X is not running

OK.

This gives me an error that my .Xauthority does not exist. There indeed is not such file in my home directory.

After reintalling lightdm, `service lightdm start' writes: Starting lightdm, and nothing happens.

lightdm.log contains the same thing that I quoted above: falied to get list of logind seats:... The name org.freedesktop.login1 was not provided by any .service files.

Can this be caused by the absence of a greeter package?

more likely a missing runtime dependency (on something else, not a greeter) or dbus not running

How can I check whether a service (dbus) is running?

`service dbus start' says: dbus already running? (pid=1441)

nimaje, after installing lightdm-gtk-greeter, I got into lightdm, but it asked my login and password.

Asking you to log in sounds like what lightdm with a greeter is supposed to do

vkarlsen, But I did all I could to enable autologin in lightdm.conf.

Funny thing, lightdm shows an unmounted 16 GB volume, which is my swap. Is it right?

I don't know, I've never used lightdm

so for a unix domain (file) socket, the server does socket(); listen(); and when it gets a connection request, accept();? Just like IP sockets?

yup

@circuitbone that's the crappiest looking fluxbox I ever seen work on that ass bitch, transparent terminals, transparent tilda, conky nice wallpaper at very least

I have a number of linux and freebsd machines in my network and I'm trying to mount some common things in all of my homedirs. Once upon a time NFS was the solution for this (small network, GigE). I'm wondering if this is still sufficient for multiple mounts of network shares

followup question, then. I have this EV_SET which I put in my kqueue. I also added an EV_TIMER event, which I am getting, but when the client connects, This EV_READ doesn't fire.

EV_SET(&kev, unix_socket.socket, EVFILT_READ, EV_ADD | EV_CLEAR, 0, 0, NULL);

what makes you to think, it might not be enough?;)

I NFS mount /d/<machine name>/<disk> and then I use symbolic links where I need them.

heh, NFS bit me long ago and I have never recovered :) especially with workloads that generate or touch lots of small files :)

nb: putting the NFS links down a couple makes having an NFS server down less painful.

Well... and locally I'm still using NFSv3 (because I'm too lazy to spin up kerb at home) enabling FreeBSD's NFS extensions makes it pretty painless... dunno about linux.

hey folks

IPv6 gurus, are you around?

I have a FreeBSD host with a /64 assigned to wg0, I also have a wg0 peer with /128 assigned

but the GUA is not reaching the peer because NeiSol is not responded by the host

I assume I need some kind of NDP Proxy, or something similar in base

that's not how you do that. least not with /128

any thoughts?

zBeeble thoughts?

so my home net is 2005:1999:1::/64. router is ::1 and my benchtop is ::9.

so ifconfig on the router would have 2005:1999:1::1/64

aha aha

ifconfig on the benchtop would have 2005:1999:1::9/64.

zBeeble even if it's a WireGuard peer?

The would also have fe80 addresses (link-local).

wireguard?

I assume this is something that _pretends_ to be ethernet? Then you do the ethernet thing.

zBeeble ah no, WireGuard is p2p, so ethernet things would not work

PtP on v6 is odd. I actually run an ISP. AFAICT, I _only_ allocate link-local to the PtP L2TP link ... but it works.

ok. Then you probably don't put a /64 on wg0.

On my PtP links, I have here: fe80::a236:9fff:fe17:ba10%ng0

... assigned. You can ping that across the link but nowhere's else.

I suppose on wireguard you could have a /64, but both ends would still be a /64. You could also technically have a /127 or /126

... or you could just put a /128 on lo0 and route that over the wireguard

zBeeble I'll that that now. thanks!

route -6 add 2009:1999:1:1::1/128 -iface wg0

I'm working with a different PtP with v6, and that has /128 for the global addresses and /64 for the link-locals. Each endpoint has multiple link-locals that don't define the opposite point.

I _think_ on v6, link-locals are also link-discoverable.

at least... the mpd5 config for the LAC is pretty minimal

... almost nothing about v6... the link locals are automatic, and then routes come up --- no link addresses are globally routable.

Yes. This setup has the automatic link-locals, but rather than making any effort to discover the opposite points, they also have static assigned ones: fe80::1/64 and fe80::2/64

I got around that by just using -iface to put in the route.

Since they're /64, they don't specify the PtP destination.

ie: route -n6 add $route -iface $interface

Routes involving the PtP link call the assigned fe80::1 and fe80::2.

where in my case, $interface is set by mpd5 calling the script and $route is set: route=`psql -tA --user mpd5 -c "select value from radreply where username = '$authname' and attribute = 'Framed-IPv6-Route'" radius

tmp_: yeah. as-I-said ... you can just use -iface ...

In this case: ipv6_defaultrouter="fe80::1%ptp0"

I have never done it that way.

... always with route -iface. How do you decide the '1' ?

Hmhm. Is bugs.freebsd.org/bugzilla/show_bug.cgi?id=262770 still a thing? No updates in 2+ years for something somewhat important afaict.

Or, more specifically, will I bump into this too when installing a mirrored 14.1-RELEASE?

easy to check when you do it.

You could be fancy an gmirror the EFI partition ... heh.

(the installer really should, TBH)

OK... Back to my problem. Server started kq, and has a EVFILT_TIMER that works. Then it creates a unix socket -> socket(), bind(), listen(). Then it says: EV_SET(&kev, unix_socket.socket, EVFILT_READ, EV_ADD, 0, 0, NULL);

Easy to check indeed. Fixing it though... funky stuff for my first fbsd install in 15+ years. :°)

Alver: dd if=/dev/ada0p1 of=/dev/ada1p1

or gmirror create /dev/ada0p1 /dev/ada1p1

zBeeble: reading up on it indeed. The syncing is not the issue really, it's telling UEFI that the second disk is also bootable.

(and keeping that nicely up to date automatically, and not rely on my swiss cheese brain to remember to do it manually every time)

... anyways... client also sets up kq, then calls socket() / connect() ... server does not wake up with the associated kevent ... only the timer.

yeah... dd will do that. gmirror is just FreeBSD fancy.

and it does the latter nicely.

urm... so full disclosure, creating the mirror will do things, but you'll need to put geom_mirror_load="YES" in /boot/loader.conf to make it happen again and again.

and that would be gmirror create efi_mirror /dev/ada0p1 /dev/ada1p1 ---> which means you'd mount_msdosfs /dev/mirror/efi_mirror /efi (or somesuch)

(I often leave the EFI partition mounted)

nah, I still see "neighbor solicitation, who has 2001:19f0:5000:11bb:dead:beef:0:32" on my WAN. my host and peer can see each other tho

seriously: does the EVFILT_READ kevent not fire on listen() sockets?

perhaps can-accept != can-read ?

okay, I configured ndproxy, and it worked fine

but I thought that FreeBSD's ndp was supposed to proxy

instead I got that error

wait, lemme find the error

barg. was my own damage.

If I have a zpool where the root ZFS set was named zssd and I made another set called zssd/var, had zssd/var's mountpoint inherit from zssd and had zssd mounted to /mnt/sdd-temp, moved a bunch of stuff from /var to /mnt/ssd-temp/var, then later changed zssd/var's mountpoint to /var (after umounting the old /var), what could cause /var to not contain all the data but if I remount zssd, I can see the data from that mountpoint?

you really gotta just look at df and figure out what's mounted.

NB: if two things are mounted on /var, the lower-down in the list of df is the one you're using.

(that is you can mount a disk over data on another ... and the newly mounted disk takes precidence)

But to approach your question, there's about a half dozen ways to achieve that depending on what other commands you ran or what commands you ran to achived what you did say.

When I was moving stuff, it was going from /var to /mnt/ssd-temp/var, basically doing `mv -v /var/<whatever> /mnt/ssd-temp/var/`, and I saw it moving to the correct directories under /mnt/ssd-temp/var.

And I have a few datasets under zssd/var (like zssd/var/run) and it looks like /var/run has valid data.

I do notice that when zssd is mounted to /mnt/ssd-temp, /mnt/ssd-temp/var/run is empty, while when zssd/var/run is mounted as /var/run via zssd/var's mountpoint being /var, it is populated.

I am pretty sure I had zssd/var set as implictly mounted, but now I am suspecting maybe I did not have it mounted at all.

If you moved files from /var to zssd/var and then mounted zssd/var on /var then all of those files should be there. Any other result does not make sense to me.

But yes layers of mounts have often been a source of confusion. In a stack of mounts the "topmost" mount is the one seen.

But if you moved the files and saw them in the new destination, and then mounted that new destination at /var, then all of those files should be there in /var.

I'm thinking that zssd/var was not mounted, but I am wondering how even the implicit mounting of it would've led to the files only being in the root zssd set and not in the zssd/var set.

It especially confuses me because if zssd/var wasn't mounted properly and all the sets I have under zssd/var are set to implicit mountpoints, why did those ones get their contents mounted properly while zssd/var didn't? I had moved their contents (well /var/run because that was the only one with actual data) over just like all the others.