03:06:28 Is there an easy way to tell if I have something installed from ports vs pkg? I don't believe there is, but just wanted to check. 03:08:11 mns: may be use `pkg info pkgname` and check annotations, it should show the built by string 03:13:14 yuripv: thanks! I'll try that out 03:15:59 mns: e.g. zsh that I installed using `pkg install` has 'built_by : poudriere-git-3.4.1-30-g79e3edcd' and portconfig that came from ports simply doesn't have the line 03:16:45 as well as repository, repo_type, and other fields 03:22:55 ahhhh so look for missing repository, repo_type and built_by and that should tell me. 08:13:10 well, ports are build into packages and then installed via pkg, but yes if you use the ports tree via make then it won't come from some pkg repo 08:18:26 We're currently trying to understand the impact of FreeBSD-SA-24:14.umtx. To my current understandig, there is a malicious software needed, which has to be run on the host itself (local user). Therefor it would, usually, run in the context of the user and priv escalation would be quite hard i guess? 08:18:34 Any other insights / opinions? 09:07:18 Demosthenex: "poetteringfnurt has moved on to M$" He did confirm that he'll continue working on systemd and all his other Linuxism tools whole he's at Microsoft. 09:07:19 well, find some RCE somewhere and chain it in front, like with most priv escalations 09:08:40 Not like it even makes any difference anyway, because the Linux space is already mostly controlled by Microsoft's billions of dollars anyway. 14:28:52 Greetings 14:29:39 Hello 14:35:39 I am upgrading 13.2 to 14.0 (and then 14.1) -RELEASE VM (proxmox , bios, zroot) and I read for 14.0 that updating bootcode was necessary. I just finished the upgrade without updating the bootcode (I fear to not being able to boot in previous release Boot Environment) , and the 14.0 BE has booted flawessy. 14:35:58 Is it really mandatory to upgrade the bootcode ? 14:36:11 yes 14:37:05 and if I do so , will I be able to boot previous 12.X / 13.X BE ? 14:37:14 maybe less so for BIOS, but UEFI for sure. we're starting to have to annoy people because of old as shit loader.efi 14:37:43 i can't think of any backwards incompatible changes we've made in the bootcode in a while 14:38:17 ok 14:38:54 thanks you kevans 14:56:53 Where are example configs generally stored? Like for prosody for example? 14:58:22 /usr/local/share/examples might have what you want. \ 15:02:23 Ah thank you, looks like the prosody port doesn't provide an example config file though 15:44:49 Can I ask someone to install audio/fooyin and check if it gives them database errors when launching? 16:08:43 example configs are often stored where the real one would be stored, but get a .sample postfix 16:18:15 mikewilzn: pkg list can sometimes show them if they're not stored in /usr/local/share/examples/ (though that is where they're intended to go, so it's a good chance to get your feet wet with a fix) 17:18:42 hello I am having trouble connecting via ssh 17:18:45 this is the client side 17:19:30 https://videotron.eu/pastebin/?e658d35f825d5683#2eysG1J8eeT5FBrF6GkGdVkgqf6hFmUPUuBvVo4AYxye 17:19:47 that's the client side 17:23:23 is PermitRootLogin turned on? 17:23:44 yes 17:24:08 It's failing on receing a reply on a key exchange, so I'm guessing there's some MTU fuckery going on? 17:24:10 'yes' or 'prohibit-password' ? 17:24:16 That's purely speculation at this point. 17:25:26 it was working for years and all of a sudden it stopped the last day with no reason 17:25:54 Alternatively, I suppose, it could be because the machines don't agree on which keys are supported, possibly because the client was updated while the server wasn't (or the other way around, though that's more unusual in my experience). 17:26:21 yeah, perhaps try a different client? 17:26:51 If it's the latter, you need to specify a keyalgorithm with the -o flag that they can both agree upon. 17:27:35 Usually ssh is a bit better about informing about not being able to negotiate an algorithm they both agree upon, but it's possible it can fall through the cracks. 17:29:04 sixpiece: did you bump server side recently? it has a lot newer SSH (9.7 vs. 8.1 on the client) 17:31:30 the only thing I did that could have upset things really was installing opendkim and pkg update 17:33:47 and I rebooted also 17:34:56 Jim and Allan on 2.5Admins have a great point; OpenSSH is one of those things that could benefit from having a version and a protocol version tied to years, because that makes it a lot easier to see when something's old. 17:35:24 OpenSSH 8.1 is approaching 5 years. 17:37:00 so what can I do? 17:37:21 update your ssh client to start with 17:37:34 it's all microsoft clients as far as I know 17:37:53 then go yell at them and stop asking in #freebsd ? 17:38:31 lol I meant I think it's a freebsd server error 17:38:50 that's yet to be determined 17:40:20 anyway, there's much newer versions of openssh for windows out, so update your client first. 17:41:28 the only somewhat relevant errors I can see in that log are for trying to find ssh keys, have you got keys in this path? C:/Users/pkagan/.ssh 17:41:36 no worries I am trying now on a freebsd virtual machine 17:42:02 same issue 17:42:23 OK, your SSH key, is it rsa? 17:42:39 how to find out? 17:42:41 I'm not sure 17:43:11 beginning of your public key will tell you 17:43:30 ssh-rsa, ssh-ed25519 for example 17:43:51 aren't those errors normal when not using ssh keys? 17:44:57 wait, sixpiece you are not using ssh keys? 17:45:06 I am not using keys no 17:45:32 sshing to root usaully means someone isn't using best practices like using ssh keys... 17:46:11 not judging, it just surprised me 17:46:20 question about PermitRootLogin was already asked 17:46:39 can you check what is it set to in sshd config file? 17:46:50 Hi, i downloaded the memstick .img of FreeBSD and im trying to boot it with Ventoy. It starts and says a ton of stuff, but then eventually I'm left at a prompt called mountpoint> 17:46:52 a mechanism like fail2ban is a must when not using keys to log in as root 17:47:00 It wants me to enter the path of the root device 17:47:38 At the freebsd boot menu i typed `lsdev` and it showed the FreeBSD_Install partition was at disk3-2a 17:47:44 DusXMT: fail2ban isn't necessary, support for blocklistd is built-in 17:48:04 it's also a lot more efficient than fail2ban, since it doesn't rely on essentially just grep'ing log files 17:48:14 debdrup: Good to know! I've only ever used fail2ban in this situation, at my previous job 17:48:36 * DusXMT doesn't like not using keys for ssh login 17:48:47 blocklistd is just general good practice, because security isn't just accomplished by doing one thing, it's about defense in depth 17:48:48 The mountpoint> prompt gave some examples like "ufs:/dev/da0s1" and "iso9660:/dev/da0s1" so I tried to convert disk3-2a to this format and I typed "ufs:/dev/da3s2a" to no avail. And there are no cmdline utilities that work on this prompt. 17:48:49 well I require that the ssh user have my ip address 17:50:50 noobaroo: if you're being dropped to a mountroot prompt on the install medium, it sounds like something got messed up (by Ventoy?); can you try booting the image directly? 17:51:53 debdrup: That is true, I'll investigate it when I'll have some free time 17:52:22 debdrup Not anytime soon, its a 64GB USB and it has lots of other ISOs I use for rescuing... I definitely don't overwrite the drive 17:52:48 noobaroo: might be worth trying one of the other images, then? 17:53:20 Also the speeds avg at 7.7 MB/s so it's not easy to swap stuff around 17:53:43 Okay. That sucks because I downloaded this overnight. 17:54:10 Maybe they should put a warning that the images are not compatible with Ventoy? 17:54:24 Well, I don't know that we know that's the case for certain. 17:55:26 If it is an issue, I'm guessing it's with ventoy, rather than FreeBSD. 17:56:45 What version of ventoy are you running? https://github.com/ventoy/Ventoy/commit/4527e1db7923 seems to have made changes fairly recently. 17:59:32 what can i do? 18:01:39 seriously nobody has an answer? I moved the server up to debug3 or something nothing is giving a hint 18:02:59 error : Fssh_kex_exchange_clarification red connection reset by peer 18:03:49 connection reset by peer sounds like a firewall issue 18:04:42 natd not running give a hint? 18:05:16 Im using the latest... i doubt its a ventoy thing. Maybe my img file is corrupted. I extracted the .img.xz and I kept trying to mount the .img, to look at the rootfs layout, but it kept saying "bad superblock". and when I checked with parted /path/to/freebsdimagefile.img , it said it had 2 partitions, the first was fat32, and the second unknown 18:05:40 I figured that maybe its just some freebsd specific filesystem type and thats why it didnt recognize 18:05:48 But maybe its corrupt. 18:06:58 any other ideas 18:06:58 ? 18:08:26 <|cos|> sixpiece: what's your root password, let us try? ;) nah. seriously though, have you tried from different networks? can you login to other servers? from other clients? 18:08:53 yes good question 18:09:21 my root password is 7Gq%9yCztQhOzpRCDj but don't tell anyone 18:09:35 try it only once I guess 18:09:49 ... 18:09:56 at least it includes a non-alphanumeric character? :V 18:10:14 and to answer your question I just signed into a different server in Hamburg so it works with other networks 18:10:31 so, mtu or firewall issue is more likely then 18:10:40 also, natd has nothing to do with firewalling, that's port translation 18:11:20 ok thank you 18:11:24 I reported bug a day ago but for some reason didnot fin (closed) duplicate. thing is, the header file 'setjmp.h' needs deleting (but there are two...?) this also should be in UPDATING. Anyway: "this is because the old copy of /usr/include/c++/v1/setjmp.h must be deleted upon an upgrade" (starting with FBSD 14. 18:11:26 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279692 18:11:33 * |cos| would probably collect some pcaps with wireshark if being stuck, but chances they'll say much is low 18:12:22 if updating to 14 a lot of graphics ports break 18:12:40 (unless you delete the header) 18:17:02 Before I decide to try poudriere may I check - is there an online generic amd64 binary repository which parallels the ports? I'm aware I'd miss the chance of changing options but I'd do that too if I were compiling on this slow laptop. 18:21:26 johnbristol: you mean like pkg.freebsd.org ? 18:24:17 shbrngdo: the bug report (from June?) mentions a lack of running `make delete-old`, so I'm not sure what the issue is? 18:32:31 rtprio: yes, like that. Except that one has the base system and I'd like to use pkg to install binaries of anything from the ports tree. And if there's a bigger repository out there that someone's maintaining that would do it. Otherwise I have a lot of compiling to do. 18:34:35 rtprio: I installed fbsd yesterday, I know I'm uninformed but I'm reading the documentation. 18:40:02 <|cos|> johnbristol: Unless I'm misunderstanding, pkg.freebsd.org does deliver binary distributed builds of the ports tree, not base. 18:41:08 johnbristol: yes, the base system is not (yet) distributed with pkg 18:41:17 what are you trying to do? 18:41:26 <|cos|> johnbristol: try `pkg install hello` and compare it with what you find in /usr/ports/misc/hello on any machine with the ports tree installed. 18:42:01 so I just upgraded the boot zpool on my 14.1 server, now it says I have to upgrade. just to double check: I think I have a GPT scheme, so I'd use this: `gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0` from GPTZFSBOOT(8) 18:42:26 where ada0 is the partition labled freebsd-boot in gpart show? 18:44:06 rtprio,|cos|:I'm trying to install several browsers instead of just firefox, so I tried waterfox. That's not found on pkg but it exists on the ports tree. pkg search browser only shows firefox. I assumed the pkg system had access to significantly fewer packages than the ports tree - I may just have missed something though. 18:44:33 johnbristol: some don't build in the ports cluster for whatever reason 18:44:51 you can also install packages on some of the requirements so you'd have less to build yourself 18:45:46 <|cos|> johnbristol: Are you sure it's in ports? `find /usr/ports -name "*waterfox*"` returns empty for me. It might be versioning at play, perhaps? 18:45:46 cd /usr/ports/*/waterfox; make install-missing-packages; make install; 18:46:38 rtprio: I was trying to stick to "pkg or ports but not mixed except for edge cases" as a philosophy. If pkg really does have several gui browsers I'll stick with that but I couldn't find any other than firefox. 18:47:13 i don't know who started that philosophy but it is wholly unnecessary 18:47:53 rtprio: there are extensive battles when I google around it, that's all I have to go on really. 18:48:18 if it's something you want to limit yourself with, then okay 18:48:37 otherwise, depending on your system speed, prepare to heat up your cpu 18:49:07 rtprio:No, I'm just learning a bit at a time. Are there in fact several browsers available with pkg and I just haven't found them? 18:49:29 * |cos| hadn't heard of waterfox, but commit 8bbfbba7 of the ports tree suggests it is hard to install for a reason. (badly security patched) 18:50:05 If I can acquire perhaps four with pkg I'll be happy. 18:50:45 I'm quite used to compiling, I use Slackware on seval machines 18:50:49 pkg search browser 18:51:09 that's what I did, it shwed me just firefox 18:51:23 surf-browser-2.1_3 Simple Web browser based on WebKit2/GTK 18:51:30 qutebrowser-3.2.1 Keyboard-focused browser with a minimal GUI 18:51:45 otter-browser-1.0.03_2 Browser based on Qt 5 18:52:38 <|cos|> johnbristol: www/chromium, www/firefox-esr www/badwolf www/ladybird 18:52:39 rtprio:and lynx and links, yes. I suspect I was expecting to find gui browsers I'd heard of. 18:53:35 but thank you both, I clearly did something wrong when installing fbsd. I'll do it again and see what changes. Thank you both. 18:53:46 hello I am getting a signal term 15 on my ssh server being sent 18:53:49 any ideas what to do? 18:53:52 what makes you think you did something wrong when installing? 18:53:58 I want to be able to connect to my ssh server 18:54:10 sixpiece: you might need to use the console to see what's up 18:54:22 what do I do? 18:54:36 I'm on the computer nwo 18:54:38 rtprio:because I can't see the browsers you've both displayed when I type pkg search browser 18:54:55 which version did you install? 18:55:07 did you `pkg bootstrap` and `pkg update` ? 18:55:13 <|cos|> johnbristol: i did `pkg search www/ | grep browser` 18:55:36 FreeBSD-14.1-RELEASE-amd64-memstick.img 18:55:37 it's maybe an update that failed 18:56:14 badwolf? is that a bad fork of librewolf? 18:56:18 `pkg bootstrap` no, `pkg update` yes 18:57:10 <|cos|> ZedHedTed: I've honestly never heard of it. As far as I simplify the world there are only two browsers, and the web is dead. 18:57:48 that fixed it 18:58:13 also, it's not like the browser offering are that much different than say linux. there's nothing novel about it. 18:58:19 sixpiece: what fixed it? 18:58:30 freebsd-update install 18:58:39 oh, great 18:59:34 yes was an easy fix 19:00:22 does anyone know why an email sent to me via sendmail used a different ip address from an email sent to someone else? 19:00:43 how many people actually main freebsd on their desktop? 19:00:53 rtprio:I use several browsers to conveniently allow me to log into a forum I admin with several logins active at once. I've looked at bsd installs every couple of years to see where they stand, this is my latest look. I got on quite well up until this. 19:01:09 sorry to get on the less major issue but curious on this 19:01:12 trying to make a contact form 19:01:30 I'm really surprised this channel is the most active channel I'm I'm currently in over the past 1hr, and im in 5-6 19:02:00 noobaroo: i used to, when i had the hardware for it 19:02:31 johnbristol: oh. i use chrome profiles for that sort of thing 19:02:31 <|cos|> johnbristol: While I admire you for running multiple alternatives, your life might become easier if using user profiles. Are you aware of them? Both chrom* and firefox has such stuff. 19:02:48 noobaroo: i'm in 18 channels and some are almost as active as this one rn 19:03:38 |cos|: it's basically mozilla vs screwgle now. mozilla's the winner only bcuz it's not forcing manifest v3, so adblockers will still work. 19:04:51 <|cos|> ZedHedTed: With a bit of luck LadyBird will cut a piece out of webkits market share once it matures. Inshallah. 19:04:51 rtprio,|cos|:It's a habit I fell into. They're useful for testing my web code too, and SeaMonkey is my email client. Having a small battery of them active just grew. 19:04:58 ZedHedTed: wow. so how many people are using on desktops? 19:05:21 do you personally main freebsd for desktop use ZedHedTed ? 19:06:34 Tbh I only downloaded freebsd to format a ZFS partition. On Linux, the whole_disk=1 label is only applied on actual whole disks. On FreeBSD it gets set to 1 even on partitions 19:06:41 noobaroo: i'm actually planning on dualbooting w/ ghostbsd once i buy a supported wifi dongle. 19:07:13 What are the benefits of FreeBSD compared to Linux? 19:09:29 no systemd, and linux is comparatively scattered - the kernel & packages come from 2 different teams for example 19:09:30 <|cos|> noobaroo: Having an understandable and documented environment, possible to debug. As opposed to having systemd and friends which seemingly to 90% is a dice rolling art project of curated bugs. 19:10:21 ah yes, the documentation is for freebsd (and openbsd) is great too. 19:10:36 As far as practical differences, FreeBSD is just much more organized in my experience. Things are where you'd expect them to be, there are clearly defined methods of doing things, and boot environments and jails are awesome 19:10:48 * |cos| abandoned FreeBSD for Debian 2½ decades ago, but came back once systemd destroyed the latter. 19:11:15 I still run Arch on my desktop and laptop and love it 19:11:31 That's the beauty, you don't have to choose one and never falter on that choice 19:12:19 * |cos| runs Haiku on a laptop and loves it, but can't stay productive on that one. 19:13:36 * ZedHedTed runs MX Linux on his desktops and loves it 19:16:17 It'd be nice if we could talk more about FreeBSD, and less about Linux, in #freebsd. 19:16:37 ok how about answering my mail question 19:16:40 :) 19:16:47 or giving me a lead on that at least 19:17:18 I'm trying to send mail and it seems like it sends it from many different ip addresses I don't get it maybe the packet filter off 19:17:21 let me see 19:22:16 hello sorry I was logged out if I missed anything 19:25:37 any word on the use of email ip addresses? 19:43:34 for the `gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0` command, do I just specify the drive, or do I specify the freebsd-boot partition? 19:47:51 freebsd-boot 19:47:58 What networking strategy do you guys generally use for jails? Like do you keep most things internal and only have like your reverse proxy use host networking or what? 19:49:07 yourfate, The -i 1 part is the partition index of the partition. 19:49:47 mikewilzn: you can use variety of srategies, from isolated jails, through jails with shared IPs, running in different FIBs to VNET jails 19:50:07 mikewilzn, I mostly create full VNET jails with their own network stack and a full LAN facing IP address. 19:50:21 Yeah ik and the options are overwhelming me 19:50:42 Start small. Gain experience. Work up to more complicated configurations. 19:51:01 rwp: aaah so ada0 would be the device 19:51:08 makes sense, <3 19:51:33 And -i 1 will be ada0p1 on that device. 19:52:51 rwp, so the whole VNET has a single LAN facing IP? Like not per jail? 19:53:20 btw shoutout to this community here, very helpful and active 19:53:46 Uhm... It's per jail. Each vnet jail is more like a full virtual machine. Each has it's own networking. And IP address. 19:54:21 I have been using virtualization for years on other systems. My initial use for jails was to create an isolated lab environment for devel and testing. This pulled me naturally into using vnet jails with a full network stack. So I could create several systems and test and develop them talking to each other on a truly private LAN that is all virtualized. 19:55:11 So you might conceptually think of a vnet jail as a full virtual machine with regards to networking. But otherwise the jail is lightweight like a chroot. 19:56:28 A non-vnet jail is the original type of jail. It shares the network stack with the host. It's really more like a chroot with regards to networking. The host and the jailed processes all see the same network. 19:57:34 Ohh ok makes sense thanks. So like when I run `bastille create prosody 14.1-RELEASE 10.0.0.9`, that's creating a VNET? 19:58:06 I have not used bastille, though it is very popular, and I don't know what type of jail it creates. 19:59:34 https://bastille.readthedocs.io/en/latest/chapters/networking.html#virtual-network-vnet says "To create a VNET based container use the -V option..." therefore I presume it is not a vnet jail because I do not see a -V option being used. 20:01:00 Reading https://bastille.readthedocs.io/en/latest/chapters/subcommands/create.html that looks to create a standard jail with the shared network stack assigning 10.0.0.9 to it. 20:01:50 Oh ok, I suppose I need to read up more on how the networking stack actually works generally 20:02:21 So... Just because one can assign a private IP address such as a 10.* or a 172.16 or a 192.168 address to a network interface that the address is "routable" on your network. That depends upon what subnet and gateway your network is already using. 20:02:42 *does not mean that the address is "routable" 20:03:54 The jail and the host can always connect. Two jails on the same private subnet can always connect. But they can only connect out to the LAN if they are using a compatible address and gateway assignment with the LAN. 20:04:54 If I am on a LAN using 192.168.7.0/24 and I assign 10.0.0.9 to a jail then that 10.* address won't be routable off the LAN. But if a 192.168.7.9 address were assigned with the appropriate associated gateway then it would. 20:07:44 cos I don't use systemd 20:08:00 err, |cos| 20:08:05 ill brb later 20:15:24 rwp, ohh I see so a VNET is essentially like having another physical device on the network, whereas a standard jail is the same interface but routes traffic for multiple IPs 20:15:43 Exactly! You have it! 20:16:12 At first I thought a VNET was just an internal subnet 20:16:45 It might be an internal device. It depends upon how it is plumbed into things using software bridges and such. 20:16:47 vnet is a facility to have multiple completely isolated netstacks, which is useful when doing containers like jails. 20:18:12 Without vnet, it's conceptually possible to escape a jail through a shared netstack - though so far as I'm aware there's no known exploits, let alone proof-of-concepts. 20:18:31 Similarly, SysV IPC is also possible to completely isolate per-jail. 20:19:07 That's poking at the security of the system looking at it as a fancy high functioning chroot. 20:20:02 chroot wasn't really meant for isolation, though 20:20:07 As far as escaping through the jail networking the usual way is using it as a jumphost from a public network to the private LAN and then probing other hosts on the private LAN which are normally not otherwise on the public host. 20:21:21 What I'm talking about is exploiting the ability of running as root in a jail and using that to (theoretically, so a lot of handwaving is involved) get access to the kernel of the host, thereby escaping the jail isolation. 20:22:35 When learning these concepts it is useful to start small, build some fundamentals, and then build upon them. The chroot is the lowest fundamental concept-thing. It's focus is on exactly one thing. The root directory of the file system. That's all. 20:22:41 In concept, jails have always been about isolating things (hence "confining the omnipotent root" being the title of the paper, as on a traditional unix-like has access to everything). 20:22:42 Then jails come along and namespace everything else. Which is why they are called fancy-chroots. And when learning these things it is useful to layer up from simple to more complicated. 20:25:28 We don't really know why chroot was designed, though - no notes on it survive. 20:25:31 I am not aware of any jail shared network stack direct exploits to escape the jail but I am very much aware of cases where people have done things like put word press web sites in a jail and then wordpress is exploited and then attackers gain ability to probe the LAN from the jail and then used it to compromise other LAN hosts that were not expecting to be attacked from the hostile Internet. 20:26:44 Meanwhile mikewilzn is trying to get an understanding of networking with regards to jails and we are dragging the conversation off to advanced security issues. 20:35:36 😂 so yeah basically I am planning to run nginx, a prosody server, and a few services that will only be accessible to the LAN, so I'm thinking VNETs for all WAN facing jails, and then just have the LAN only services on normal jails in like a 172 subnet 20:39:24 If that makes sense. Eventually I wanna improve with actual VLANs for various stuff but I wanna start out fairly simple haha 20:40:28 Where will this service be hosted? Your basement underground facility? :-) A VPS at a hosting provider? Elsewhere. 20:41:44 Yes my basement underground facility 😂 20:44:00 I can't afford 100 TB in a VPS lol 20:48:39 I know several people who rent a VPS at the least expensive rate and then use it as a caching proxy for their larger storage at their house. Such as for hosting a family photo album and such. It's often done. And it works well that way. 20:49:19 Well I should say I also prefer to truly self host rather than rely on another third party 20:49:54 Because to hosting providers adding cpu and ram is relatively cheap. It's just initial investment and it is done. But adding storage is expensive. Because storage requires ongoing maintenance. It needs RAID for reliability. It needs backup. And therefore hosted storage is always going to be more expensive than self-hosted storage. 20:50:44 The reason for the hosted VPS is to get a public static IP address which is not in a consumer dynamic address block. 20:51:13 I don't technically have a static IP but it hasn't changed in over a year so 20:51:37 For context I'm not new to self hosting. I just run everything on Docker>Alpine>Proxmox right now 20:53:00 Since you are planning on hosting in your own network then in the context of local jails and local VMs then you should be aware of the security ramifications that I mentioned above. If an attacker can wedge into the jail and the jail has access to your network then the attacker can probe your network too. From a direction that is not expected. 20:54:27 It would certainly be worse without a jail. But having it in a jail is not a complete security solution. 20:54:45 Yeah I definitely plan to set up VLANs shortly after this 20:58:01 Personally I just think friends should not let friends run their own Wordpress site. 20:58:45 Don't worry I'd never use wordpress 😂 20:59:14 Planning to build a personal site with zola and host with nginx 20:59:41 I probably run about 4 WP sites on one server right now 20:59:43 It's not great 23:06:25 any emacs users able to test the patch here for erlang mode? https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260041 23:21:07 hi all.. Thinking of giving freebsd another shot. i stopped using it becasue i could never get sound working. hopefully things have changed. 23:38:26 jb1277976: Might try one of the FreeBSD versions that come with a GUI and desktop environment to easily check compatibility with your hardware. I put NomadBSD on a USB drive and then installed on my hard drive and my graphics works, sound works, wired internet works. 23:39:01 Thanks 23:39:20 JustBleedFan: how about wifi ? 23:41:04 Oder Pentium D desktop I installed it on didn't have Wireless card anyway. 23:42:32 Boot NomadBSD from USB is an easy way to check. I have a couple of old Linksys wireless-G USB devices I could use I suppose if I had to. But that old desktop is wired anyway. 23:43:38 Thanks 23:49:04 JustBleedFan: wait, you installed NomadBSD on your hard drive, or FreeBSD? (i didn't think you could install NomadBSD) 23:50:02 I installed NomadBSD on a USB and it can run the OS from the USB. You can also then install it directly on your hard drive if you like. 23:50:37 basically the only thing i need is sound on my chromebook. sound works on all linux distros i know the BSD's aren't linux but it would be nice to have it 23:52:16 Well this is one easy and quick way to check that. NomadBSD is supposedly pretty much FreeBSD but comes with the installer and GUI and a large suite of great software. I consider it like the Linux Mint of FreeBSD. 23:52:56 Don't have to touch the command line or know much of anything to install it in case you are new to BSD. 23:52:59 Got it. Currently backing up this usb stick and will try 23:53:50 Naw i actually have installed freebsd and ran it for about 2 months straight. i had to purcahse a sound/spliter to get sound working for speakers and headphones. just want to come back to see if anything has changed.. was about a year ago 23:56:07 I tried out of of curiosity on my oldest desktop and I was a bit daunted to try the regular FreeBSD install manually. Seemed like a bunhc of esoteric teakingneeded in many cases.