01:09:57 Oleg: the insecurity of using an alt ssh port > 1024 is very common 01:11:19 doesn't everyone just firewall SSH and use Wireguard nowadays? 01:11:31 i can't imagine exposing SSH to the Internet, especially after the recent RCE in OpenSSH 01:11:57 well that was external linkage no? 01:14:23 ? 01:14:44 if you mean the xz backdoor, no, the recent RCE is unrelated, it was a signal handling bug 01:14:51 oic 01:15:05 https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc 01:15:35 thanks 01:18:27 The signal handler issue was a portable openssh bug not present on the upstream OpenBSD system. But exploiting it in the wild would require probably more than 10 days of 24x7 login attempts running at full speed. For most of us that would be rate limited such that success is not possible. 01:19:04 rwp: sure but OpenSSH has had RCEs in the past and will probably have more in the future 01:19:09 wireguard is a much simpler protocol 01:19:11 I say for most of us because we would notice. But yes there will be people who set up a bare system and then don't keep any eyes on it and they would allow an attacker to attempt to log into it 24x7 at full speed for weeks. 01:19:43 If you want something super simple then https://www.tarsnap.com/spiped.html is another way to put a gate on the front. 01:20:27 Note that I run my sshd's with port 22 facing into the teeth of the storm. But I also keep close eye on my systems and keep them upgraded too. Usually always upgraded for security issues with 24 hours of them becoming known. 01:21:41 martinrame has left already but I must believe there was caching such as ncsd there. That's the only explanation. 01:23:15 i suspected nscd as well, but sie did not mention if nscd was being used 01:23:39 it is not enabled by default, as far as i know 01:23:46 (maybe there's a checkbox in the installer for it?) 01:24:04 I'll also just note that the default blacklistd bantime is 24 hours after 3 failures. It's pretty easy to lock oneself out for a full day when setting it up. I recommend using a shorter bantime at least during the initial turn-on phase of gaining experience with it! 01:25:06 ncsd is not installed and not enabled by default. Is there a port of it? But it must have been something like that given the behavior. 01:25:51 it is installed by default, it's part of the base system 01:25:54 I use bash here too (me looks around shyly) and I have no trouble changing shell to it. It's all perfectly well behaved. 01:25:55 but it's not enabled 01:27:25 I am not seeing it on my 14.1R system. I don't find any mention of enable variables in "man rc.conf" for it. 01:28:32 Oh! It helps if I spell it nscd not ncsd. D'Oh! 01:29:07 So then it would be easy to have enabled it with nscd_enable set and then it would be active. That was almost certainly it then. 01:29:38 my thoughts also 01:29:45 at least i cannot see any other explanation 01:30:08 I don't like the behavior of nscd because it hashes entries meaning that IF one counts on ordering with duplicated uids then nscd scrambles ordering breaking that time honored paradigm. 01:30:48 Plus I don't really see any performance advantages. *BSD already builds the linear text files into a .db file for fast access. 01:31:03 it's a significant performance benefit for LDAP or YP environments 01:31:14 looking up a user via LDAP requires a TCP connection 01:32:35 I have used NIS/yp quite a bit but have not myself ever used LDAP. Is the LDAP TCP connection persistent? Seems like it would need to be. 01:32:43 depends 01:32:54 if you use nss_ldap, no, but nss_ldap is terrible and no one uses that anymore 01:33:17 if you use nslcd or sssd, the connection is persistent, but it still has to do a lookup to the server on every request to fetch a user by username or uid 01:33:21 so nscd is still a win there 01:34:37 Hi, I have moved my hard drives from a Dell R320 into a Dell R720. Everything works fine except the network, it consistently shows Status: no carrier. When I plug the ethernet cable in dmesg I see "link DOWN", the green light of the actual port is green, showing that there is 1Gbps connectivity 01:34:52 I ran out of ideas, it would be really helpful if anyone experienced anything similar. thanks 01:35:24 uskerine: what network driver is it? e.g. re, igc, ix, etc 01:36:48 bge 01:37:28 hmm 01:37:50 uskerine: can you show output of 'ifconfig bge0' (or whatever the interface is)? 01:38:08 I can not copy because the computer has no network but I can type the relevant stuff in here 01:38:11 ifconfig bge0 01:38:21 ah well i wondering specifically about UP and LOWER_UP in flags 01:38:26 UP, BROADCAST, RUNNING, SIMOPLEX, MULTICAST 01:38:29 as in: ix1: flags=1008943 metric 0 mtu 9000 01:38:32 it has fixed IP assigned 01:38:39 media: Ethernet autoselect (none) 01:38:43 status: no carrier 01:38:49 status: no carrier shall not be the case, right? 01:38:58 yeah, that is no doubt the problem 01:39:08 that means Ethernet link did not come up, so strange it shows that while LED is green 01:39:14 the link is solid green, I have tried three cables 01:39:48 flags=... in ifconfig definitely has 'UP', right? 01:39:57 it is connected to a small managed switch, untagged for VLAN 10, PVID assigned to VLAN 10 01:40:02 but that shall not be the issue 01:40:08 it does, UPO 01:40:09 UP 01:40:51 what type of Ethernet is the link, 1000BASE-T? or 10GBASE-T or something else? 01:41:00 options= 01:41:06 1000BaseT 01:41:11 regular Ethernet 1Gbps 01:41:15 copper 01:41:20 can you plug it into some other device, like a laptop or whatever, just to see if link comes up? 01:41:30 I tried to plug it directly into a laptop 01:41:31 did not work 01:41:43 I can try a non-managed non-vlan aware switch 01:41:44 same problem, ifconfig showed 'status: no carrier'? 01:41:51 right, status: no carreir 01:42:31 i fear this may be either bad hardware or a driver bug 01:42:49 does the server have a different ethernet port you can try? 01:43:24 also is this FreeBSD 14.1 or other release? 01:43:53 I bought the server used, it was before assigned to a virtualised environemnt XCP-ng 01:43:56 it is FreeBSD14.1 01:44:26 no, it does not have any other port, I think unfortunatelly I have no ethernet card to plug in it and test 01:44:50 but the server is in very good condition and I doubt it was sold defective 01:45:15 jauntyd: hello! :D 01:45:35 I was thinking maybe there was something in the BIOS for the configuration of the virtualised environment that it is meddling out but I removed everything that could affect (power saving, iSCSI, PXE)_ 01:45:45 I also disabled the network for iDRAC 01:46:17 kerneltrap: HEY! lol we should talk in #freebsd-social for erm...casual chats 01:46:59 uskerine: i wonder if you could boot a Linux ISO or USB image and see if the network port comes up under Linux 01:47:06 that would at least confirm the hardware works 01:48:24 I can try that 01:49:16 i am not really familiar with bge(4), i don't own any hardware using this driver so i don't know if it works well or not 01:49:41 did use it a lot under Solaris though, but that's not very relevant here :-) 01:50:08 I think it works, since I have another r720 and I had the r320 and they all have this broadcom nic 01:50:28 I think there is a switch somewhere due to its previous life as XCP-ng node 01:52:52 uskerine: is there anything in dmesg about bge0? 01:53:09 nothing that brings my attention 01:53:33 hmm well 01:53:36 I think I still have the installation usb drive for FreeBSD13 01:53:37 14 01:53:39 I am trying that 01:53:51 i would suggest testing it under Linux, if it works there i suggest mailing net⊙fo 01:57:01 I can do that but it might be worth a shot with the FreeBSD USB drive? which is what I have in handy. Does it test the network before actually trying anything? 01:57:08 I see yuou can also boot single user 01:58:54 i don't think the installer does any sort of network test, but you could boot the installer, go to a shell, and bring the network interface up and see if it works 01:59:18 I cn also try to boot it with ACPI Off or Safe Mode on 02:29:48 https://forums.freebsd.org/threads/bcm5720-status.31769/ 02:29:57 it seems there was a shitshow with my driver back in the day 02:37:57 woof: "I request you to help us with the driver and speed up your testing [...]" 02:38:12 yeah I read that 02:38:20 how unfortunate was that message 02:38:37 I hope it was just that he was not good at English 02:38:56 I suspect it is the iDRAC messing around 02:39:15 because the iDRAC in this server is embedded, in the other ones there is no dedicated port 02:42:33 oh hi kevin 02:42:37 kyle 02:42:38 damnit 02:42:45 O_O 02:52:22 sorry i always make that mistake 03:07:23 If I buy an inexpensive tplink network card, would that work? 03:07:59 i would never recommend buying a tp-link network card 03:08:20 if this is a rack server with half-height PCIe slots, i'd recommend buying an Intel NIC from ebay 03:08:36 (these are easily available from brands like Dell, HP, etc.) 03:09:31 it is a test/homelab server 03:09:40 still, do not buy tp-link 03:09:46 they are terrible even for home products 03:10:05 Can you help me to pin point which specific intel nic shall I go for? 03:10:25 freebsd supports basically all of them, but e.g. X510, X710 03:10:52 those are 10Gbps card, but they work fine at 1Gbps 03:11:47 you could also look at Chelsio or Mellanox but ime Intel is the most easily available on eBay 03:14:13 https://shorturl.at/ZtLur 03:15:11 X540, yes buy this, it will work fine 03:15:12 would that work? 03:15:20 there are no 510 03:15:27 I am stuck to ebay, it is the simplest option to me 03:15:30 but if this is a rack server, make sure it has a half height bracket, otherwise it will not fit 03:15:42 I will double check but I think that is the case 03:16:16 the pictures show a full height bracket 03:16:28 one question, since the server was installed with the broadcom, and it has no network, what will happen when I plug in and boot FreeBSD 14? will it just be happy and use the driver? 03:16:48 thanks ivy, I will pay attention to full height/half height and purchase accoridngly 03:17:03 when you boot it, you will find ix0 interface (and ix1 since this is a dual-port card) and you need to adjust your rc.conf for that 03:17:50 but the kernel module for ix0 is already there? 03:18:11 yes, the module is "if_ix.ko" but it's built into the GENERIC kernel just like "if_bge.ko" is 03:18:20 understood 03:18:35 I think that is the simplest option there, and honestly the board is pretty inexpesnive in ebay 03:19:44 that would certainly be my choice 03:20:04 thanks for the advice/help 03:20:19 if you care, be aware that Intel considers X5xx cards obsolete and does not provide a Windows driver 03:20:27 but that's not an issue if you're running FreeBSD, ofc 03:21:23 I could not care less about Windows driver 03:22:06 I feel much more comfortable with FreeBSD, I will install one server with Linux though because I want to try CUDA (and have a Mathematica installation) 03:22:13 CUDA is the elephant in the room in FreeBSD 03:24:03 freebsd should support ROCm, and AI stuff will support ROCm via Vulkan as it's just OpenCL 03:24:17 it just doesn't right now, but maybe in the future 03:24:34 ROCm is not supported either 03:24:50 the closest thing I saw was OpenCL, but it was buggy and only worked for old boards 03:24:53 well, no, as i say 03:25:04 but it will do if anyone cares enough to support it 03:25:29 it is out of my league, but I suspect it is a huge rock ahead in the road of FreeBSD 03:25:55 tbh i doubt most people using freebsd today are concerned about this 03:26:04 hype or not hype, AI is here to stay 03:26:06 I guess so 03:27:11 let us hope that it does not lead to the gpu scarcity that cryptocurrency and nft's brought. 03:27:22 still I fear that issue will make the OS fade. As it is now it is a total no go if you ever want to try anything that requires a GPU 03:27:49 well certainly not "anything", freebsd desktop works fine with 3D acceleration under wine etc. 03:28:12 agreed, I was talking about the computational part of it 03:28:14 it's not the platform i'd choose if my job involved GPGPU but eh 03:29:16 not every workload needs a gpu though. 03:30:14 No it does not, but for anything related to LLMs not having that (or the equivalent accelerator) seems to be a huge performance impact 03:36:26 soemthing like this with an MIT license might help bootstrap that. https://github.com/mikex86/LibreCuda 03:36:40 sounds like a job for ports. 03:42:26 that seems a prototype (as per the description). And a project doomed to fail as new cards will need to be reverse engineered? 03:42:55 I hope either AMD (via ROCm) or Intel get something usable 03:45:49 can start X, but keyboard and mouse don't work. open to any suggestions 04:37:40 ivy the other r720 had an intel card, this is a no brainer 04:37:54 I thought it was broadcom too but I was mistaken 04:38:31 ober /var/log/Xorg.0.log would give you the log of the X server 05:28:39 reinstall fixed it 11:45:55 [p 11:46:07 p] 11:47:01 sorry, cat. 13:07:45 Hi. So apparently a change went in to set the minio "root" credentials in clear in the rc.d file. 13:08:04 Which was an improvement since before that, these credentials were install-defaults, and non changeable. But the rc.d file is world readable - am I missing something here? 14:47:48 Alver: Like most defaults it normal to install then change? 15:40:33 So, I'm trying to use fuse to mount an exfat filesystem from a USB stick, but I get "ERROR: unsupported FAT count: 2." Anything I can do with this? Is this volume unreadable by fuse-exfat? Do I find a Windows or Mac machine, back-up and reformat with fewer FATs? 15:50:37 Is it just me or is the freebsd mailing list just dead... is it best to just report issues to bugzilla? 15:52:07 polarian: not really.. probably deoends on what list your looking at. freebsd questions list is ok 15:54:33 jb1277976: maybe people just hate my questions then :P 15:56:10 One thing i notice about irc lists etc.. is you gotta wait.. put it in tmux and forget about it.. do somethinf else to distract yourself 15:56:26 =) 15:56:35 I do wait lol, I am not new to ml/irc 15:59:14 jb1277976: https://lists.freebsd.org/archives/freebsd-questions/2024-September/005701.html for example :) 16:09:20 polarian: the forums are fast.. i would try there also 16:14:35 polarian: are you running `adb devices` as root, or your own user? 16:15:05 it Just Worked(TM) for me when I used it a week ago or so, just had to enable USB debugging in developer options 16:16:58 jb1277976: forums have never really been my thing ngl, I have never really used one :P 16:17:05 kevans: as my own user 16:17:09 adb shouldn't be run as root 16:17:14 afaik 16:17:21 does your user actually have access to the device node? 16:17:33 hm I just thought about that 16:18:08 Well I will need to flash a phone again in a week, I will test that thanks :) 16:18:21 pretty common sense of "check the user has permissions to access the device" 16:19:38 *nod* 16:19:50 er, to testing that- not to the "pretty common sense" bit 16:20:45 I file things like this in the "shit happens" bin over there *gestures to the corner of the nearest closet* 18:47:10 has anyone here setup https://www.netauth.org/ for freebsd? I'm curious about it instead of nis or ldap+kerberos 19:39:26 ordered 2 different "atheros" chipset laptop wifi cards, and their both broadcom.. /me hunts for a better place than amazon for network stuff 19:44:41 intel wifi typically supported? 19:53:58 man iwn 19:54:15 has the list of some intel cards 19:54:27 `man wifi` for the list of drivers, i think intel has a few different drivers 19:56:08 oh right. derp. /me ported that from obsd to nbsd 20:07:02 Hiii! 20:13:16 greetings