01:23:11 <polyex> where can we watch the asiabsdcon 2023 and 2024 vids?
01:31:13 <mns> rwp: thanks for that info,  that fixed it.
01:39:34 <rwp> :-)
02:58:18 <BillyJoeBob> So, why powerdxx over powerd on my Lenovo T590?
03:12:29 <rwp> And then BillyJoeBob left just as I was going to talk about powerdxx working for me when powerd does not.
06:58:05 <rennj> https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/ nice supply chain attack
06:58:14 <rennj> The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub.
06:58:35 <rennj> the suck!
07:03:50 <erk> oops
07:04:23 <rennj> Docker Hub that planted millions of malicious repositories  nearly 20% of these public repositories (almost three million repositories!) actually hosted malicious content.
07:04:32 <rennj> haha
07:04:37 <rennj> CI/CD
07:04:48 <rennj> who was it in this channel talking that crap
07:05:46 <rennj> pisses me off..like google or m$ is secure or valid place for info. idiots. kubernetes/ssh and python w00t...
07:06:48 <erk> I am actually a bit surprised that it took more than a year to find.
07:06:52 <rennj> m$ solarwinds backdoored everyone..and they probably sat on that shit for 3 letter agencys
07:21:23 <rennj> when disk space was small, you did not include compilers or interpreters on the box..perl/python/cc on the server..nah, hacker needs to bring their own env, not going to provide it.
07:23:01 <rtprio> ok, grandpa, you tell 'em
07:23:05 <rtprio> but now it's time for bed
07:26:04 <rennj> how about removing the shells
07:26:25 <rennj> or even better in-memory /ram os..
07:26:40 <rennj> oxide computer /smart os went that route
07:26:48 <rtprio> how about unplugging it from the switch
07:27:06 <rennj> static os, always loaded from good image.
07:27:20 <rennj> disk drive well anyone can change the os
07:27:32 <rennj> not .iso that fixed in time
07:27:52 <rennj> boot cdrom
07:28:10 <rennj> if you need a chain of trust..
07:28:56 <rennj> nah shove 15GB of shit on disk and hope it doesn't get backdoored
07:29:09 <rennj> tripwire/aide it perhaps you get lucky
07:35:21 <rennj> https://en.wikipedia.org/wiki/Soft_error cosmic rays..
07:36:24 <rennj> https://en.wikipedia.org/wiki/Data_corruption
07:38:24 <rennj> am i going to get a bit flip on CRC check-summed .iso file ? written in time, like i said. i know it loads into ram, and i can verify the checksums.
07:39:12 <rennj> https://github.com/mmatuska/mfsbsd
07:40:24 <rennj> a hd,ssd,usb,sd card is read/writeable..but .iso is closed session, write once, read many ...w0rm drive
08:07:41 <rennj> During the first 2.5 years of flight, the spacecraft reported a nearly constant single-bit error rate of about 280 errors per day.
08:07:48 <rennj> https://en.wikipedia.org/wiki/ECC_memory
08:08:09 <clapont> hi, everyone!
08:15:41 <clapont> rennj: recently I found some FDDs that I used in 1998, they still work but they are 1.44MBs only... the best archival storage (that I know) seems to be the tapes; LTO-5 or LTO-6, after them the density becomes too high imho, the time would ack if they succeed to keep the data for very long time
08:15:58 <rennj> par-2
08:16:10 <rennj> par backups
08:16:20 <rennj> zfs needs the 2 value
08:17:11 <rennj> https://en.wikipedia.org/wiki/Chipkill IBM
08:17:20 <rennj> sun,hp also had foo like it
08:17:32 <clapont> zfs needs two storage medium at the same time, for mirroring; I doubt that two simetrical LTO drives could ensure this requirement
08:18:20 <rennj> https://en.wikipedia.org/wiki/Parchive
08:18:41 <rennj> yeah zfs needs the 2
08:20:41 <rennj> not up to date on btrfs foobar..perhaps they copied
08:20:50 <clapont> for decades long archival storage one should weight a lot if he goes for a LTO tape or a zfs mirror; I saw LTO tapes failing
08:21:06 <rennj> lto is only option anyway..dlt lost
08:22:00 <rennj> can go wrong with Verbatim, i know sony is killing off blueray/dvd
08:22:23 <rennj> cant go wrong // correction
08:23:03 <rennj> i had robot dvd burning machines...
08:23:11 <clapont> btrfs? I think btrfs kind of went away since RedHat switched to xfs root some years ago; I liked and used btrfs on my laptop maybe 7 years ago
08:23:13 <rennj> young minds dvd-studio
08:24:12 <rennj> https://www.cdrinfo.com/d7/content/young-minds-introduces-dvd-studio-dvd-recording-under-unix-linux-and-windows-nt-operating
08:24:37 <rennj> Solaris, HP-UX, AIX, Tru64, as well as Linux and Microsoft Windows NT. Key applications for DVD Studio include archival and distribution of large multimedia files, document imaging, GIS, and similar industries
08:25:00 <clapont> I remember there was some kind of dvd, 100gbs capable, promising archival capabilities but I did not succeed to buy the tape+medium somewhere in 2020 then I lost the track of it
08:25:31 <rennj> that was 24 years ago !!!
08:25:35 <rennj> i feel old
08:26:35 <rennj> i figure btrfs probably copied all the good features of other systems, is what im saying
08:27:01 <rennj> no clue on it, i dont use it, i think ibm/redhat may push it..if i recall
08:27:12 <rennj> unlike ubuntu which has openzfs
08:28:58 <clapont> 1-2 years ago, ubuntu had zfs as option for / ; you needed internet connection at the install time and it would be done; otherwise, ext4 for root
08:30:13 <clapont> I mean, zfs on linux is still behind of zfs on bsd; I think I had zfs on / with FreeBSD 9
08:30:26 <rennj> i think its all openzfs now
08:30:56 <rennj> fbsd.linux,openindiana,winblows
08:31:08 <rennj> everybody is on same page now
08:32:01 <rennj> crapple even
08:32:28 <rennj> 2020: ZFS on Linux was renamed to OpenZFS and added FreeBSD support, unifying the codebase for both platforms.[\
08:32:33 <rennj> https://en.wikipedia.org/wiki/OpenZFS\
08:32:36 <rennj> https://en.wikipedia.org/wiki/OpenZFS
08:36:05 <clapont> oh, funny: https://github.com/openzfsonwindows/ZFSin; I did not know that does exist, even. I kind of forgot about Windows :-)
08:38:35 <rennj> yeah the grind of tiring to keep up with technology changes
08:38:45 <rennj> yeah the grind of trying to keep up with technology changes
08:41:09 <clapont> Windows Update was fixing some bugs and restart to find new bugs introduced and so on.. I quit that path in 2004
08:41:52 <rennj> https://www.theregister.com/2024/06/28/windows_insecure_by_design/
08:42:24 <rennj> solarwinds or https://en.wikipedia.org/wiki/Stuxnet
08:42:28 <rennj> just 2 examples
08:43:11 <rennj> https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach
08:43:14 <rennj> https://en.wikipedia.org/wiki/SolarWinds
08:45:56 <clapont> and yet Lo Jack - https://www.tomshardware.com/news/lojack-firmwre-enables-first-uefi-rootkit,37867.html ; check mate :-(
08:46:26 <clapont> https://www.absolutelojack.com/
08:46:41 <rennj> ACPI tables in uefi is crazy stupid.
08:47:03 <rennj> let alone intel me/amd psp..ring -3 foo BMC
08:47:24 <rennj> lenovo did m-i-t-m attack just with acpi table
08:48:19 <rennj> ring -3 is BMC, ring -2 smm, ring -1 is vmm...before you even get to ring 0
08:49:58 <rennj> one laptop per child closest x86 got to open source
08:50:36 <rennj> forth boot prom/openfirmware and national semi/amd geode cpu..all open source except for broadcom 802.11s wifi mesh
08:50:58 <rennj> the wifi drive was binary blob
08:51:08 <rennj> but the rest of laptop was open
08:51:49 <clapont> olpc, thank you for reminding of it! olpc had drivers in 2.2.x kernels; I forgot about that nice idea, I'll check how it progresses
08:52:00 <rennj> uefi is huge cluster fuck..
08:52:16 <rennj> olpc is dead
08:52:22 <rennj> long dead...
08:52:34 <rennj> cell phones in kids pockets now
08:52:37 <clapont> but hey, Uefi laptops have Safe Boot :-)
08:55:12 <rennj> https://en.wikipedia.org/wiki/Superfish
08:55:41 <rennj> https://www.networkworld.com/article/3091122/lenovo-thinkpwn-uefi-exploit-also-a
08:55:41 <rennj> ffects-products-from-other-vendors.html
08:55:54 <rennj> https://www.networkworld.com/article/3091122/lenovo-thinkpwn-uefi-exploit-also-affects-products-from-other-vendors.html
08:56:16 <rennj> SMM (System Management Mode). ring -2
08:57:35 <rennj> https://support.lenovo.com/us/en/product_security/ps500035-superfish-vulnerability
08:57:41 <rennj> their own site
08:58:01 <rennj>  Potential Impact: Man-in-the-Middle Attack
08:58:04 <clapont> I was looking to https://pine64.org/devices/pinebook_pro/
08:58:23 <clapont> but has too low specs
08:58:49 <rennj> yeah i want amd ryzen power!
08:59:05 <rennj> risc-v someday perhaps
08:59:37 <rennj> Thunderbird RISC-V CPU
09:00:12 <rennj> Thunderbird "supercomputer-on-a-chip"
09:00:38 <rennj> 1,536 64-bit superscalar RISC-V CPU cores. Four chips can be installed on a single accelerator card, in a form factor similar to a GPU.
09:01:02 <rennj> https://www.techspot.com/news/103607-move-over-gpus-1536-cores-thunderbird-risc-v.html
09:01:17 <rennj> Move over GPUs, with 1,536 cores the Thunderbird RISC-V CPU is ready to eat your lunch
09:02:17 <rennj> could be vaporware..will see, earlier adopters get burned
09:04:03 <clapont> wow! with chips like that, one needs the interfaces for usb/video/keyb/etc and the laptop is complete
09:04:43 <rennj> https://www.tomshardware.com/tech-industry/supercomputers/thunderbird-packs-up-to-6144-cpu-cores-into-a-single-ai-accelerator-and-scales-up-to-360000-cores-inspiresemis-risc-v-supercomputer-cluster-on-a-chip-touts-higher-performance-than-nvidia-gpus
09:04:56 <rennj> tomshardware probably way more details
09:11:40 <nimaje> hm "InspireSemi claims a 30-60% power efficiency compared to similarly capable solutions." bad journalism or bad announcment or just bad hardware? if it is only 1/3-2/3 as efficient as compareable products, then why should I choose that one?
09:14:38 <nimaje> and it seems like it is just an accelerator board, not a CPU
09:16:39 <rennj> yeah a pciE card
09:16:44 <rennj> like a gpu card
09:17:44 <rennj> buy a nvidia rtx4090 or Thunderbird
09:18:10 <rennj> cuda / rocm or general purpose
09:18:35 <rennj> no need for fancy libs
09:26:37 <Dooshki> Ah, finally, a PCIe card to take care of my email!
09:27:37 <rennj> heh, with the right libs to abstract the hardware away.
09:28:03 <rennj> cuda/rocm/foobar..still need software abstraction for hardware
09:31:08 * Dooshki was poking fun at the name
09:38:20 <rennj> vmebus < isa < sbus < pci < pciE...busses
09:40:27 <clapont> > vlbus! :-)
09:44:46 <Dooshki> Ah yes, finally I'll be able to play SimCity 2000 (re: vlbus)
09:44:56 <Dooshki> but perhaps this discussion should be moved to #freebsd-social
12:14:48 <polyduekes> if the repo https://github.com/freebsd/freebsd-ports is read only mirror then what's with all those commits in there, shouldn't they be in bugzilla instead?
12:18:03 <vkarlsen> The commits are mirrored from the official git repo
12:19:00 <polyduekes> then instead of github usernames, shouldn't a bot be a author of those commits?
12:24:12 <polyduekes> or are they not auto mirrored ? :/
13:33:59 <nimaje> why would you rewrite commits for a mirror? the author should be the original email that is in the commit, why do you think it is a github username?
13:38:58 <dch> any recommendations for a desktop pdf viewer that can do 2-up (screen shows 2 pages, left and right )
13:40:04 <dkeav> evince?
13:42:58 <vkarlsen> dch: okular can do that
13:43:40 <dch> thanks dkeav , vkarlsen
13:45:31 <dch> welp both want a lot of downloads
14:12:41 <Ltning> If a freebsd-update fetch or cron has been run overnight, after I upgraded from 13 to 14 but before I ran the third "install" step (to get rid of old libs) - how can I get rid of the old libs?
14:13:11 <Ltning> The state that freebsd-update kept after the upgrade/install steps is now lost, because of the automated overnight run which I forgot to prevent from happening
14:18:54 <polyduekes> nimaje: what do you mean? for example the author of commit https://github.com/freebsd/freebsd-ports/commit/851ec025a5bb3b43b80a0d05c6dfc642815e2706 is https://github.com/nunotexbsd which is cpearly a github username
14:19:06 <polyduekes> *clearly
14:19:56 <vkarlsen> polyduekes: GitHub maps it to existing GH users where they do exist
14:20:29 <polyduekes> vkarlsen: oh that explains, thanks
14:23:10 <Dooshki> I think the mappings are done based on the email addresses listed under the github account
14:24:01 <nimaje> the author is  Nuno Teixeira <eduardo⊙Fo>  as can be seen via  git show 851ec025a5bb3b43b80a0d05c6dfc642815e2706  in the ports repo
14:24:03 <dch> wow, it turns out firefox is a perfectly suitable command-line pdf reader in 2-up mode. And I need no more dependencies.
14:26:24 <polyduekes> Dooshki: i don't think so since in some cases like in https://github.com/freebsd/freebsd-ports/commit/8adfe16381a911e9924583b41f009de4e58f9232 the email isn't listed under the github account
14:31:29 <vkarlsen> They're not always publicly listed :)
14:32:41 <nimaje> so, github leaks that information via their website?
14:40:20 <polyduekes> vkarlsen: lol, today i learnt also btw if you got any reference to how the whole mapping and mirroring works, i would be glad to read it :)
14:47:43 <vkarlsen> polyduekes: I don't know exactly how it's done, but the man page for git-push talks about a --mirror option. I'd start there.
14:48:27 <polyduekes> vkarlsen: oh thanks, i will look at that
15:17:33 <jbo> cracauer still going strong
20:30:37 <BarnabasDK> any particular reason zfs set sharenfs informs you every use that "No SMB support in FreeBSD yet."
20:30:48 <BarnabasDK> I am not trying to use SMB
20:34:29 <rtprio> then why are you setting it?
20:34:33 <rtprio> if you're not trying to use it?
20:34:49 <BarnabasDK> "sharenfs"
20:35:00 <BarnabasDK> nfs not smb
20:35:48 <BarnabasDK> I haven't checked the source, but I think this is just a log info to the console in either case
20:35:58 <BarnabasDK> since it does what it is supposed to do nfs wise
20:36:06 <BarnabasDK> .. I think
20:46:27 <rtprio> uh i use sharenfs and don't think i've ever seen that
20:50:12 <BarnabasDK> strange
20:50:34 <BarnabasDK> https://paste.ubuntu.com/p/KfbqjVXppY/ maybe my config desc helps
20:52:59 <BarnabasDK> well for some strange reason it also shares to smb, which explains the error, but not why it tries to do so
21:06:26 <BarnabasDK> after having manually turned of the smb sharing for all pools on the NAS the error is no more. I must have turned on smb sharing, but don't remember doing so
21:07:02 <BarnabasDK> am still getting a client timeout however
21:07:47 <rtprio> i've not used nfsv4 but connection refused makes me think that nfsd v4 isn't running on the freebsd system
21:08:21 <BarnabasDK> it isn't see the rc.conf
21:08:45 <BarnabasDK> I find it very confusing what is provided by zfs and what is not
21:09:03 <rtprio> all 'zfs set sharenfs' does is add a line to /etc/zfs/exports
21:09:15 <rtprio> but it's the right way™
21:09:20 <BarnabasDK> sure
21:09:36 <rtprio> what is provided by zfs? it's the filesystem. what do filesystems pfovide? files.
21:09:42 <rtprio> not sure i understand what you're asking
21:10:08 <BarnabasDK> zfs is not really a file system :-)
21:10:22 <BarnabasDK> disk pool manager
21:11:15 <BarnabasDK> please look at my pastebin
21:12:24 <BarnabasDK> what exactly is provided by zfs and what is not?
22:56:37 <polyex> does ports just have the current version or all versions?
22:56:43 <polyex> of each port
23:00:00 <BarnabasDK> depends on how you use ports I think
23:00:32 <polyex> like i wonder if i can use ports to retrieve all the past port versions of nginx so i can build and use the exact version i want
23:00:33 <BarnabasDK> if you use them via GIT / SVN then naturally you have history
23:01:08 <BarnabasDK> if you have a FreeBSD ISO - then its probably a snapshot?
23:01:25 <polyex> not what im asking. im asking about the ports system itself
23:02:27 <polyex> im looking at cgit and it shows me a port's history going back basically forever so that's promising
23:02:37 <polyex> but i wonder where it's getting that source from
23:02:55 <BarnabasDK> VCS?
23:03:00 <BarnabasDK> as I said above
23:03:19 <polyex> ports doesn't store the source of the port does it?
23:03:23 <polyex> just where to get the source from
23:03:28 <BarnabasDK> at some point CVS was moved to SVN that then again was moved to GIT
23:04:26 <BarnabasDK> are you confusing the pkg package manager and ports?
23:06:28 <BarnabasDK> pkg distributes packages binary - a parallel to apt in the linux world
23:06:41 <polyex> ya im asking about ports not packages
23:06:56 <BarnabasDK> ok - I don't understand your question then
23:07:14 <BarnabasDK> ports are source
23:07:31 <polyex> ports is how to build the port AND the source code?
23:07:38 <BarnabasDK> if you install something that way - it requires you to compile it
23:08:04 <BarnabasDK> It was the last time I checked
23:08:50 <BarnabasDK> but - I haven't used ports in quite a while after pkg was introduced - in the "old days" before pkg you always had to compile before installing
23:10:46 <BarnabasDK> how to build a port would also not be a part of the ports system (make, gmake, cmake etc) - its a part of whatever gizmo you want to build
23:11:08 <BarnabasDK> I don't think two ports do it the same way
23:11:39 <polyex> well first i need to find out if a port contains the source code for the port, or info on where to fetch the source from
23:15:49 <BarnabasDK> https://cgit.freebsd.org/ports/tree/www/nginx/files
23:16:50 <BarnabasDK> seems it is the standard dist + freebsd patches - but once you build it - you should have the entire source set in the ports folder - else I don't see how it can build it
23:17:42 <polyex> well it could in theory download the source from wherever the port says it lives, but it looks like a port's source is stored in the ports db
23:18:00 <polyex> that has to be a huge repo. all source for all software that can be built on freebsd through ports system. wow i wonder how big it is
23:18:05 <BarnabasDK> well - I only see patch files
23:18:30 <polyex> is that like a diff?
23:19:15 <BarnabasDK> a patch file is a format of a file you can apply to a source set to change the code
23:19:54 <polyex> ok so ports stores, for every port, the port's entire source code, from start to present, in the form of original checkin + patchset for each version
23:20:04 <BarnabasDK> in either case - you need to have the source on disk to apply those
23:20:46 <BarnabasDK> where do you see the entire source set?
23:21:14 <polyex> in the files dir
23:22:15 <BarnabasDK> I only see patch files in the ones I have checked
23:22:59 <polyex> ok so if the port doesn't contain the source code for the port, then point to where a port refers to the source externally
23:23:04 <BarnabasDK> here is patch for hurl
23:23:10 <BarnabasDK> https://cgit.freebsd.org/ports/tree/www/hurl/files/patch-1.79.0
23:24:54 <polyex> maybe it's the master_sites key in Makefile
23:25:23 <polyex> so if a port's code isn't stored in the port, why bring in code patches? just get the code and build it
23:26:20 <BarnabasDK> because if something is written for linux / gcc it may not compile on freebsd with llvm/clang
23:26:46 <polyex> so patches are changes to a port's source code in order to get it working on freebsd?
23:26:49 <BarnabasDK> so in order to build it on freebsd - you may need patches
23:26:55 <polyex> ah
23:27:18 <BarnabasDK> different locations for libs etc etc etc
23:41:59 <jbo> why is everything pain
23:42:07 <polyex> ?
23:42:13 <jbo> just pain
23:44:44 <BillyJoeBob> Anyone use swayidle?
23:46:03 <BillyJoeBob> I'm having issues where my laptop doesn't lock when it goes to sleep. When I try to run the command for swayidle I get: https://paste.debian.net/1323111/
23:46:37 <BillyJoeBob> I thought maybe it's because I don't allow processes to see other user's/group's processes so I changed that and still the same error.