Oleg: the insecurity of using an alt ssh port > 1024 is very common

doesn't everyone just firewall SSH and use Wireguard nowadays?

i can't imagine exposing SSH to the Internet, especially after the recent RCE in OpenSSH

well that was external linkage no?

?

if you mean the xz backdoor, no, the recent RCE is unrelated, it was a signal handling bug

oic

thanks

The signal handler issue was a portable openssh bug not present on the upstream OpenBSD system. But exploiting it in the wild would require probably more than 10 days of 24x7 login attempts running at full speed. For most of us that would be rate limited such that success is not possible.

rwp: sure but OpenSSH has had RCEs in the past and will probably have more in the future

wireguard is a much simpler protocol

I say for most of us because we would notice. But yes there will be people who set up a bare system and then don't keep any eyes on it and they would allow an attacker to attempt to log into it 24x7 at full speed for weeks.

If you want something super simple then tarsnap.com/spiped.html is another way to put a gate on the front.

Note that I run my sshd's with port 22 facing into the teeth of the storm. But I also keep close eye on my systems and keep them upgraded too. Usually always upgraded for security issues with 24 hours of them becoming known.

martinrame has left already but I must believe there was caching such as ncsd there. That's the only explanation.

i suspected nscd as well, but sie did not mention if nscd was being used

it is not enabled by default, as far as i know

(maybe there's a checkbox in the installer for it?)

I'll also just note that the default blacklistd bantime is 24 hours after 3 failures. It's pretty easy to lock oneself out for a full day when setting it up. I recommend using a shorter bantime at least during the initial turn-on phase of gaining experience with it!

ncsd is not installed and not enabled by default. Is there a port of it? But it must have been something like that given the behavior.

it is installed by default, it's part of the base system

I use bash here too (me looks around shyly) and I have no trouble changing shell to it. It's all perfectly well behaved.

but it's not enabled

I am not seeing it on my 14.1R system. I don't find any mention of enable variables in "man rc.conf" for it.

Oh! It helps if I spell it nscd not ncsd. D'Oh!

So then it would be easy to have enabled it with nscd_enable set and then it would be active. That was almost certainly it then.

my thoughts also

at least i cannot see any other explanation

I don't like the behavior of nscd because it hashes entries meaning that IF one counts on ordering with duplicated uids then nscd scrambles ordering breaking that time honored paradigm.

Plus I don't really see any performance advantages. *BSD already builds the linear text files into a .db file for fast access.

it's a significant performance benefit for LDAP or YP environments

looking up a user via LDAP requires a TCP connection

I have used NIS/yp quite a bit but have not myself ever used LDAP. Is the LDAP TCP connection persistent? Seems like it would need to be.

depends

if you use nss_ldap, no, but nss_ldap is terrible and no one uses that anymore

if you use nslcd or sssd, the connection is persistent, but it still has to do a lookup to the server on every request to fetch a user by username or uid

so nscd is still a win there

Hi, I have moved my hard drives from a Dell R320 into a Dell R720. Everything works fine except the network, it consistently shows Status: no carrier. When I plug the ethernet cable in dmesg I see "link DOWN", the green light of the actual port is green, showing that there is 1Gbps connectivity

I ran out of ideas, it would be really helpful if anyone experienced anything similar. thanks

uskerine: what network driver is it? e.g. re, igc, ix, etc

bge

hmm

uskerine: can you show output of 'ifconfig bge0' (or whatever the interface is)?

I can not copy because the computer has no network but I can type the relevant stuff in here

ifconfig bge0

ah well i wondering specifically about UP and LOWER_UP in flags

UP, BROADCAST, RUNNING, SIMOPLEX, MULTICAST

as in: ix1: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 9000

it has fixed IP assigned

media: Ethernet autoselect (none)

status: no carrier

status: no carrier shall not be the case, right?

yeah, that is no doubt the problem

that means Ethernet link did not come up, so strange it shows that while LED is green

the link is solid green, I have tried three cables

flags=... in ifconfig definitely has 'UP', right?

it is connected to a small managed switch, untagged for VLAN 10, PVID assigned to VLAN 10

but that shall not be the issue

it does, UPO

UP

what type of Ethernet is the link, 1000BASE-T? or 10GBASE-T or something else?

options=<RXCSUM. TXCSUM, VLAN_MTU, VLAN_HWTAGGING. V:AN_HWCSUM, TSO4, VLAN_HWTSO, VAN_HWSO, LINNKSTATE>

1000BaseT

regular Ethernet 1Gbps

copper

can you plug it into some other device, like a laptop or whatever, just to see if link comes up?

I tried to plug it directly into a laptop

did not work

I can try a non-managed non-vlan aware switch

same problem, ifconfig showed 'status: no carrier'?

right, status: no carreir

i fear this may be either bad hardware or a driver bug

does the server have a different ethernet port you can try?

also is this FreeBSD 14.1 or other release?

I bought the server used, it was before assigned to a virtualised environemnt XCP-ng

it is FreeBSD14.1

no, it does not have any other port, I think unfortunatelly I have no ethernet card to plug in it and test

but the server is in very good condition and I doubt it was sold defective

jauntyd: hello! :D

I was thinking maybe there was something in the BIOS for the configuration of the virtualised environment that it is meddling out but I removed everything that could affect (power saving, iSCSI, PXE)_

I also disabled the network for iDRAC

kerneltrap: HEY! lol we should talk in #freebsd-social for erm...casual chats

uskerine: i wonder if you could boot a Linux ISO or USB image and see if the network port comes up under Linux

that would at least confirm the hardware works

I can try that

i am not really familiar with bge(4), i don't own any hardware using this driver so i don't know if it works well or not

did use it a lot under Solaris though, but that's not very relevant here :-)

I think it works, since I have another r720 and I had the r320 and they all have this broadcom nic

I think there is a switch somewhere due to its previous life as XCP-ng node

uskerine: is there anything in dmesg about bge0?

nothing that brings my attention

hmm well

I think I still have the installation usb drive for FreeBSD13

14

I am trying that

i would suggest testing it under Linux, if it works there i suggest mailing net⊙fo

I can do that but it might be worth a shot with the FreeBSD USB drive? which is what I have in handy. Does it test the network before actually trying anything?

I see yuou can also boot single user

i don't think the installer does any sort of network test, but you could boot the installer, go to a shell, and bring the network interface up and see if it works

I cn also try to boot it with ACPI Off or Safe Mode on

it seems there was a shitshow with my driver back in the day

woof: "I request you to help us with the driver and speed up your testing [...]"

yeah I read that

how unfortunate was that message

I hope it was just that he was not good at English

I suspect it is the iDRAC messing around

because the iDRAC in this server is embedded, in the other ones there is no dedicated port

oh hi kevin

kyle

damnit

O_O

sorry i always make that mistake

If I buy an inexpensive tplink network card, would that work?

i would never recommend buying a tp-link network card

if this is a rack server with half-height PCIe slots, i'd recommend buying an Intel NIC from ebay

(these are easily available from brands like Dell, HP, etc.)

it is a test/homelab server

still, do not buy tp-link

they are terrible even for home products

Can you help me to pin point which specific intel nic shall I go for?

freebsd supports basically all of them, but e.g. X510, X710

those are 10Gbps card, but they work fine at 1Gbps

you could also look at Chelsio or Mellanox but ime Intel is the most easily available on eBay

X540, yes buy this, it will work fine

would that work?

there are no 510

I am stuck to ebay, it is the simplest option to me

but if this is a rack server, make sure it has a half height bracket, otherwise it will not fit

I will double check but I think that is the case

the pictures show a full height bracket

one question, since the server was installed with the broadcom, and it has no network, what will happen when I plug in and boot FreeBSD 14? will it just be happy and use the driver?

thanks ivy, I will pay attention to full height/half height and purchase accoridngly

when you boot it, you will find ix0 interface (and ix1 since this is a dual-port card) and you need to adjust your rc.conf for that

but the kernel module for ix0 is already there?

yes, the module is "if_ix.ko" but it's built into the GENERIC kernel just like "if_bge.ko" is

understood

I think that is the simplest option there, and honestly the board is pretty inexpesnive in ebay

that would certainly be my choice

thanks for the advice/help

if you care, be aware that Intel considers X5xx cards obsolete and does not provide a Windows driver

but that's not an issue if you're running FreeBSD, ofc

I could not care less about Windows driver

I feel much more comfortable with FreeBSD, I will install one server with Linux though because I want to try CUDA (and have a Mathematica installation)

CUDA is the elephant in the room in FreeBSD

freebsd should support ROCm, and AI stuff will support ROCm via Vulkan as it's just OpenCL

it just doesn't right now, but maybe in the future

ROCm is not supported either

the closest thing I saw was OpenCL, but it was buggy and only worked for old boards

well, no, as i say

but it will do if anyone cares enough to support it

it is out of my league, but I suspect it is a huge rock ahead in the road of FreeBSD

tbh i doubt most people using freebsd today are concerned about this

hype or not hype, AI is here to stay

I guess so

let us hope that it does not lead to the gpu scarcity that cryptocurrency and nft's brought.

still I fear that issue will make the OS fade. As it is now it is a total no go if you ever want to try anything that requires a GPU

well certainly not "anything", freebsd desktop works fine with 3D acceleration under wine etc.

agreed, I was talking about the computational part of it

it's not the platform i'd choose if my job involved GPGPU but eh

not every workload needs a gpu though.

No it does not, but for anything related to LLMs not having that (or the equivalent accelerator) seems to be a huge performance impact

soemthing like this with an MIT license might help bootstrap that. github.com/mikex86/LibreCuda

sounds like a job for ports.

that seems a prototype (as per the description). And a project doomed to fail as new cards will need to be reverse engineered?

I hope either AMD (via ROCm) or Intel get something usable

can start X, but keyboard and mouse don't work. open to any suggestions

ivy the other r720 had an intel card, this is a no brainer

I thought it was broadcom too but I was mistaken

ober /var/log/Xorg.0.log would give you the log of the X server

reinstall fixed it

[p

p]

sorry, cat.

Hi. So apparently a change went in to set the minio "root" credentials in clear in the rc.d file.

Which was an improvement since before that, these credentials were install-defaults, and non changeable. But the rc.d file is world readable - am I missing something here?

Alver: Like most defaults it normal to install then change?

So, I'm trying to use fuse to mount an exfat filesystem from a USB stick, but I get "ERROR: unsupported FAT count: 2." Anything I can do with this? Is this volume unreadable by fuse-exfat? Do I find a Windows or Mac machine, back-up and reformat with fewer FATs?

Is it just me or is the freebsd mailing list just dead... is it best to just report issues to bugzilla?

polarian: not really.. probably deoends on what list your looking at. freebsd questions list is ok

jb1277976: maybe people just hate my questions then :P

One thing i notice about irc lists etc.. is you gotta wait.. put it in tmux and forget about it.. do somethinf else to distract yourself

=)

I do wait lol, I am not new to ml/irc

jb1277976: lists.freebsd.org/archives/freebsd-…uestions/2024-September/005701.html for example :)

polarian: the forums are fast.. i would try there also

polarian: are you running `adb devices` as root, or your own user?

it Just Worked(TM) for me when I used it a week ago or so, just had to enable USB debugging in developer options

jb1277976: forums have never really been my thing ngl, I have never really used one :P

kevans: as my own user

adb shouldn't be run as root

afaik

does your user actually have access to the device node?

hm I just thought about that

Well I will need to flash a phone again in a week, I will test that thanks :)

pretty common sense of "check the user has permissions to access the device"

*nod*

er, to testing that- not to the "pretty common sense" bit

I file things like this in the "shit happens" bin over there *gestures to the corner of the nearest closet*

has anyone here setup netauth.org for freebsd? I'm curious about it instead of nis or ldap+kerberos

ordered 2 different "atheros" chipset laptop wifi cards, and their both broadcom.. /me hunts for a better place than amazon for network stuff

intel wifi typically supported?

man iwn

has the list of some intel cards

`man wifi` for the list of drivers, i think intel has a few different drivers

oh right. derp. /me ported that from obsd to nbsd

Hiii!

greetings