00:02:41 Very strange. I guess I'm just going to have to disable docs for eveything 00:11:00 so even with the latest 14-stable snapshot (through pkgbase), VT doesn't work with drm-61-kmod, still the "another device has precedence" error 00:47:21 I guess I just need to give 515 another shot and see if it still gives these linux_rcu_cleaner_func kernel panics after a few hours of using the system 00:47:32 and report the issue with 61 00:48:09 also reporting the issue with 515 if it persists 00:49:35 seems like at least for now I can still fall back to 510, presumably up until the build infra uses 14.2 where it won't build anymore? 00:51:25 might be a good time to learn poudriere 00:51:53 maybe also a hassle, but at least if you find something that runs for you, you can just build that 00:53:00 well my understanding is that at this point, 510 will just not build on 14-STABLE due to LinuxKPI header changes 00:53:22 ah, i see what you mean. hm 00:53:41 so I'm guessing the binary package that still exists is built on 14.1 00:59:27 anyway, back over to 515 I suppose 01:37:39 Here's the backtrace for the SSL failuire: http://bin.morante.net/?74706b7f7d16f1d0#3f2wHRfgfrH2uniJA2CVAWL4ZN1Q1QyzpJ4f5Ew8eoC8 01:47:11 This seems to be the line of code it's failing on: https://github.com/psf/requests/blob/main/src/requests/adapters.py#L81 01:54:25 bummer, so this 8bitdo controller doesn't seem to work on FreeBSD. xb360gp binds to it, but none of the buttons or axes work at all 01:58:07 is there a way to kldunload a driver that's part of the kernel? for example, i'd like to kldunlod the if_em driver 01:58:23 the driver is currently reporting: em0: TX(0) desc avail = 1024, pidx = 0 01:58:34 it's a bug in the driver, but instead of restarting the system, i just wanted to unload and load the module 02:17:27 Hiya. If both an entry in /etc/jail.conf and a file in /etc/jail.conf.d/ exist, which one is used? 02:17:56 hey, having trouble getting sound from hdmi on 14.1 02:18:03 /dev/sndstat includes pcm2: (play) default 02:19:06 It looks like this might be a pretty common problem, but I can't turn up any solutions 02:23:44 jfloren_: let me guess, you're a linux user? 02:28:13 this is progress, got the 8bitdo controller working with hgame. even wireless works 02:29:29 I probably should have read the instruction manual that came with the controller because it mentions holding B while connecting to "Android & Raspberry Pi" (i.e. Linux) 02:29:43 and it seems like that initialized the controller into a mode that FreeBSD works with as well 02:30:16 CCFL_Man: I've got more Linux experience, yes 02:30:22 I still gotta write the devfs rules to have these nodes readable by default for my user though. unless there's a group I can put my user in to automatically read input devices? 02:56:52 jfloren_: it shows. 03:06:48 you know enough to call out a linux user but don't know enough to provide any help? 03:07:22 yeah that felt pretty unnecessary 03:08:30 jfloren_: i don't really do anything complicated with audio, but this might be a hw.snd.default_unit sysctl thing 03:10:14 i believe the manual covers sound fairly well: https://docs.freebsd.org/en/books/handbook/multimedia/ 03:10:49 as a long time freebsd user, i wouldnt use it on desktop today 03:12:02 kevans: I've got default_unit set to 2 already. I can play a test file just fine from the onboard speakers but it doesn't come through the TV via HDMI 03:13:16 mjp: yeah I haven't run freebsd on a laptop since ~2008, but I wanted to give it another shake. I'd initially planned to just use this laptop (spare from work) as a jukebox plugged into my stereo but I thought I'd try Kodi too for the hell of it, hence the HDMI thing 03:16:27 if I don't figure anything out I'll throw Debian on it and roll, it's not a big deal, I only installed yesterday and haven't really done much besides installing my ssh keys and a couple packages 03:17:54 hmm 03:18:24 ˜/1 03:18:59 jfloren_: did you restart applications after setting the default_unit, or did you set it in, e.g., sysctl.conf? 03:20:10 set it in sysctl.conf and rebooted for good measure (I had also installed libva-intel-driver per the handbook and wasn't sure if that needed a reboot) 03:20:43 funky =\ 03:29:03 Can you have jail names of the form: foo/bar ? According to the man page, the only character you can't use is a '.' 03:29:54 yes 03:31:33 there's virtually no constraints on jail names besides '.', and that only exists because '.' is the jail hierarchy separator 03:31:54 I'm guessing the the path would then end up being /jails/foo/bar ? 03:32:36 the jail name doesn't affect the path unless whatever you're using to manage jails makes it so 03:36:29 ahh yes, good point. I don't *have* to set the path to use ${name} if I don't want it. That slipped my mind as I was working off a template, thought it had to be done that way. 03:39:06 But if I want to key off of ${name} for things like path and host.hostname, than I guess I should refrain from using "/". 03:41:57 what to people use to manage jails these days? 03:42:28 i've gone from ezjail to iocage which is now abandoned but still working 03:47:08 I've been using bastille, but there is also cbsd and there is appjail as well 03:48:42 my needs are simple, so I'm switching to maing jails without a jail management program. With variables and ability include files in /etc/jail.conf, the configuration can be templatised and you can script it on your own to your liking and taste. 03:51:09 ah nice quite a few there, bastille looks good 03:51:54 would like to move to native config as well, need to look into how hard/fiddly it would be to manage 03:52:09 a project for another day (whenever the iocage rug gets pulled) 03:54:02 i use iocage as well, but I'd like to sucker someone into writing a lua-based jail manager 03:54:47 whats so good about lua? 03:56:47 we have it in base 03:57:18 i would love nothing more than a low-dependency get-shit-done jail manager 03:58:12 that used to be ezjail.. which was written in sh i believe 03:58:26 i would love nothing more than a low-dependency get-shit-done jail manager that isn't a shitshow of sh :-) 03:58:31 haha 03:59:51 i like sh and i can competently write sh scripts, but it's just not a good fit for the task. i also like lua and i can competently write lua, and it's just as light 04:00:03 is the native tooling considered done/enough? people are using the 3rd party utils for a reason 04:00:39 That's interesting to know about Lua. I didn't realize it was in base 04:01:17 o0x1eef: i have some short writing on the matter here: https://kevans.dev/flua/ 04:02:13 mjp: I think it's largely considered good enough, it does meet the needs of many 04:08:11 kevans Lua was developed on our university (brazil \o/ ) 04:08:30 kevans: where in base is f/lua ? I looked in /usr/bin, /usr/sbin, /sbin, and /bin and did not find it. 04:08:55 libexec/ 04:09:41 duh! 04:10:58 mns: yeah. we hide it a bit to avoid people depending on it too much 04:11:45 devnull: PUC-Rio :) 04:11:58 ahhh ok. 04:12:59 o0x1eef Yeahl!! 04:21:23 what other languages are there in base, besides lua, c/sh, c, c++ ? 04:23:25 there's still some forth 04:23:44 awk :) 04:23:59 M4 i hear can be quite tricky at times https://en.wikipedia.org/wiki/XZ_Utils_backdoor 04:24:04 awk is pretty good. 04:25:11 the less in base the better imo, i like perl and use it a bit at work but glad the OS does not need to depend on it anymore 04:25:16 alright I have a vanilla thick jail with lighttpd installed. Now to get the config visible from the host inside the jail? use nullfs? 04:25:55 I always keep forgetting about awk and m4 04:28:37 nullfs works, have used it for a number of years to mount filesystems within jails 04:32:32 I actually just need one file, /usr/local/etc/lighttpd/lighttpd.conf to be available inside the jail. I'll have to get rid of the /usr/local/etc/lighttpd that is inside the jail, then mount via nullfs and see what happens when pkg runs. I don't think it would overwrite what's there 04:35:19 sounds like you're doing something a bit wacky, just copy the file in? 04:35:30 Nice (free) book that covers Lua: https://www.lua.org/pil/contents.html 04:35:41 why would you want the jail to depend on a file located on the host? 04:46:31 so that I can edit the file on the host and have the changes show up in the jail, or would that not be a correct/good workflow? 04:48:22 just edit the file within the jail? 04:49:12 unless you have a special need for lighttpd i would be looking at nginx too 04:49:39 I like lighttpd, simple for my needs and been using it for years now. 04:49:41 as you've got a thick jail its basically a self-contained OS anyway 04:49:53 fair enough 04:51:17 don't want extra copies of emacs being installed in the jails, so trying to keep the editing process outside of the jail. 04:52:19 hmmm outside of the certs I don't need to mount the lighttpd.conf, I still have access to edit them from outside of the jail as it is, no need to copy it. 04:56:04 emacs and lighttpd, i'm afriad you're too far gone to help hehe :) 05:01:30 haha 05:01:45 I can't live without emacs, I've been using it since 1988 or so 05:02:15 In my experience 'mg' can be a nicer match for servers, and leave emacs for development computers 05:02:49 I tried mg, but for some reason didn't work for me 05:03:00 mg microemacs was the gateway drug that got me hooked on the full size emacs. :-) 05:03:10 "didn't work for me" in the sense that I couldn't get used to it. 05:04:00 and now my native, thick-jail+vnet combo is up and running with lighttpd working as well 05:04:12 Congrats =] 05:05:58 thanks 05:06:14 hmm I'll have to see where my logs are going though, but that's for tomorrow lol 05:06:38 bastille is out, native jails are in. 05:06:52 native jails? 05:07:09 mns what's that? 05:07:52 native jails, vanilla jails, whatever the term is. no jail manager used basically 06:05:37 hi, I'm looking into a threaded apache/mod_php inifite loop hang in libc's jemalloc extent_heap_remove - https://pastebin.com/raw/jSLWLLKW 06:06:17 isn't bastille a jail manager? 06:07:19 my guess is that bad thread safety caused a loop to form in the heap tree (can't tell though), any idea how this could happen since presumably libc is meant to be thread safe (isn't it?) 08:33:03 Podman... on BSD? 08:33:15 * Alver tries to wrap his head around that 08:35:00 Alver: https://gyptazy.com/run-linux-containers-on-freebsd-14-with-podman/ 08:40:43 oh, nice 08:40:48 deferred: thx for pointing out 08:41:41 :) no problem! 09:09:57 well that was fun just nmap'd a device on my lan to try figure out what it was and got a kernel panic 09:11:39 daemon: is this a device you can physically find at your house or is this at work with a large network of some sort? 09:12:10 oh its somewhere in my house its probably some random pi or beaglebone 09:12:18 deferred: huh. That is... creepy, and yet so handy 09:12:21 or an admin interface I accdentally left open for one of alot of switches 09:12:30 just install gdb to find out what caused it 09:12:37 I've spent way too many hours fighting shitty Linux code 09:12:38 +ing 09:14:13 deferred: wondering if that could run inside a jail. I suppose there's no reason why it couldn't 09:14:22 nmap'd it from a different box, android 6.0 - 7.1.2 09:14:33 so likely one of the kindles or tables 09:14:40 tablets 09:29:15 daemon: don't mind me, just stealing your wifi :3 10:08:12 TommyC, ;) 10:08:27 TommyC, go ahead but you can help with the firewall too! 11:41:32 hey all, having an issue with fail2ban and pf I left it setup mostly default accept adding a sshd service in jail.local all of which seems to have worked, I badly logged in 3 times from a system and its ip was added to its banned list. However what never happened was the actual ban, it never seems to have been added to pf, log and pf.conf is here: https://dpaste.org/EnSkN 11:41:41 not 100% sure what else I need to be doing 11:41:54 there appears to be no way in the fail2ban.conf to say pf, ipfw or well anything 11:49:15 all I remember is that there's supposed to be an anchor point in the config where new rules will be added, and fail2ban will probably call pfctl to add those. 11:50:38 from some guides, what you're supposed to do is to configure 'banaction' to the name of a conf file, and then put the conf file under action.d/, and inside you have [Definition] section with actionban = and actionunban = 11:51:54 basically you should check a guide for the specific firewall. I wouldn't be surprised if fail2ban's guides section has prepared instructions for the most popular solutions. 12:04:05 ultramage, thank you yes that is what I seen 12:04:11 well no I didnt 12:04:15 I seen some using anchors and some using tables 12:05:07 and it seems all their official docs are for linux 12:06:23 daemon: shot in the dark: fail2ban vs f2b with the naming of the tables? 12:06:34 will give it a shot 12:14:19 oh yea true, a table would work as well. I already have a table for ipbans but I only fill it at startup. Could easily add new entries I guess. Or have a second table. 12:15:20 they don't have sample configs / instructions for pf? not even the freebsd package provides one? 12:32:55 well that was fun 12:33:03 I found out that sshd is not reachable on any of my ips at all 12:33:28 just to make sure im not insane, can anyone see port 22 on these: 148.252.128.228 87.74.154.205 84.9.78.239 12:35:06 none of those 12:36:02 I have no block rules, hmmm 12:36:34 anyone have any clue why this would break inbound connections to ssh: https://dpaste.org/FmQP7 12:36:37 it does work on the lan side 12:37:22 Not sure how fail2ban does it but that's a relatively simple problem in plain pf: pf.conf: block in from to self; sh: pfctl -t blocked -T add 12:37:51 fail2ban is just a log gobbler, follows auth.log and a few others apache nginx etc. 12:37:59 then does effectively what you just said 12:38:05 Roger that 12:40:53 ok I removed all blocks and still no connection to ssh 12:40:54 I wonder 12:41:17 # nc -vlk 9090 12:41:25 can someone throw a connect at that on 148.252.128.228 12:42:04 oh wait inbound connections will not be getting told what rtable to use 12:42:10 hmm 12:45:55 yikes I got it to work 12:45:57 that was unexpected 12:46:28 grats on accidentally fixing your networking 12:46:51 oh no I meant to fix it, I just did not expect it to be successful, I have been struggling with fibs for a week 12:47:09 I really wanted it working with IPFW but I just gave up yesterday and tried pf where it was much easier 12:47:46 afaik ipfw was replaced with pf as the preferred solution some 10 years ago (might be wrong though, but it's why I switched) 12:48:06 ipfw still gets updates the most recent was the inkernel nat thing 12:48:14 and I do believe it is a bit more performant than pf 12:48:33 but it really needs a cookbook, just 10-20 pages of common usages 12:48:45 cookbook.freebsd.org 12:48:50 would be quite a wonderful thing 12:48:54 ah, I dunno then. ruleset-wise things weren't that hard to flip over 12:49:26 ah few years ago I used it with DUMMYNET to create a fakr emulated 56k conection for instance 12:49:33 specify missing packets variable latency etc 12:49:49 it has lots of stuff, its just all so hard to understand and figure out at times 12:53:15 yay fail2ban is now working too, little bit vicious, one failed login it banned my server from talking to it at all 12:54:06 whom ever suggest the anchor over the block line, you was correct thank ou 12:54:08 you* 12:55:24 infact it does not even need the table 12:58:30 the result is probably the same, you just need to write the action commandline differently (creating a rule at anchor instead of adding ip to table) 12:59:13 daemon: my guess here is, that unknown tables materialize (hence no error with the previous f2b) - so it does not need the table line to get a working table. but the table line makes in your config makes it read the file, which most likely is also filled by fail2ban so this will survive restarts, pf-flushes, etc 13:00:16 I haven't used it yet but I assume f2b keeps its own state file and just re-populates the firewall at startup 13:01:38 table persist file "/etc/pf.table.allow" (persist means it doesn't get auto destroyed when empty) 13:03:02 I don't think pf saves table changes back to the source file. there might be a command for that. if f2b manipulated table files, it would have to issue a table reload. 13:04:43 can I use zfs snasphots + send/recv from a 14.1 client to a 13.3 server? 13:07:52 ridcully, I added the file thinking it would get entries added to it, so if the box was rebooted or something it would have a save state in effect, but nope 13:08:26 if the newer FBSD doesn't use any ZFS features not present in the older FBSD, ZFS is backwards compatible, sure 13:08:26 mage, I would assume so, but create a little 1M snapshot or something and give it a try 13:20:11 I'd check if/how f2b saves its state. It would be most obvious if it kept its own stuff and just reapplied it at startup. That way it could stick to the simple ban/unban commandlines as the only needed interface 13:27:23 it does write to a sqlite3 table in /var/db 14:56:29 sfox: yes bastille is a jail manager. 16:23:25 kevans Do you have news about koobs? 16:36:03 devnull: I do not 16:37:10 kevans thanks, I hope he is good. 16:42:57 devnull: what happened? 16:49:17 ober I hope nothing. He is a friend that helped me so much in FreeBSD. I didn't saw him since 2022. 16:55:27 devnull: heh... You could be walking in a stadium like I was last weekend and be stopped by someone who you haven't seen since 1999... How he still remembered what I looked like utterly shocked me (I was 100 lbs heavier then) 17:04:19 Tenkawa haha yeah, some people remember us, and mark us in a way that we do not forget. 17:04:50 Yeah it happened 2 weeks in a row at the soccer matches here with me 17:05:08 the other one was only since abour 2010 but still.... 17:05:22 s/abour/about 17:54:14 ˜/6 17:56:44 anybody here have experience with pcie sata controllers? are those the kind of device that just works out of the box regardless of brand/make? 17:57:27 phryk: i strongly suggest buying a PCIe SAS controller instead, e.g. an LSI card (make sure it has the 'IT' firmware). you can plug SATA disks into that, the cabling is neater, the hardware is better and they're supported by every OS (including freebsd) 18:01:17 ivy: i have 0 SAS experience, but the cheapest i find is over 10x the price of what i would otherwise get. 18:01:50 compare: https://mylemon.at/artikel/axagon/pces_sj2/pces-sj2-pcie-controller-2x.html (cheapo) vs https://mylemon.at/artikel/fujitsu/s26361_f3554_l512/host-adapter-raid-controller-sas.html 18:02:26 phryk: It also depends on the environment/workload/number of drives 18:02:37 true, i usually visit ebay for this but that might not be a good idea if you're buying for work 18:02:40 There's several factors that will factor in. 18:02:48 i'm buying for my home setup. 18:04:27 SAS for a home setup is a bit complex on the hardware however I extensively use lower capacity NVMe drives.. I need speed more than storage. 18:04:30 current hardware of my homeserver has enough sata ports to plug in the two extra drives i'm about to order, but i already got a new board and (broken) cpu lying around that i'll upgrade the system to when i get around to rma the broken cpu. the new board only has 4 SATA ports, so I'll need at least 2 more for the new disks. 18:05:20 Tenkawa: fwiw, i find it preferable (talking about home here also) because the SFF-8087 to 4x SATA cables are nicer to run than normal SATA cables. ymmv, ofc 18:05:40 heh, meanwhile i'm starting to think about looking for a 19" case with more places to put disks. currently have 4 in there, soon 6, in a couple years, who knows?^^ 18:06:09 ivy: indeed cabling becomes a consideration that I don't have to worry about much. 18:06:38 for now, i'm just looking for a cheap solution that's as plug-and-play as possible. since i don't want to connect any SSDs to the controller, speed/bandwidth shouldn't be too much of an issue. 18:07:09 hence me wondering if those pcie sata controllers work out of the box or if i have to take more care in picking one. 18:07:48 you do need to take care and it's more complicated than you might think as sometimes they have multiple different ICs on - i have an 8 port PCIe SATA card somewhere where 4 ports are on one IC and the other 4 ports are on a completely different IC and FreeBSD only supports one of them 18:08:35 is there a list of well-supported chipsets or something i can confer to? 18:08:43 at least some Marvell ICs are supported by mvs(4) and these are quite common on those cards 18:09:01 ahci(4) is also well supported but for some reason that seems uncommon on plug-in PCIe cards 18:09:37 isn't ahci what the on-board controller speaks? 18:09:48 yes, basically all onboard SATA is AHCI nowadays 18:09:55 hence being well supported :-) 18:14:56 alrighty, the cheap one i linked lists on the manufacturer page "Compliant with Serial ATA AHCI (Advanced Host Controller Interface) specification." under features. unless they're trying to bamboozle me, that should mean that this card will work with the basic ahci driver, right? 18:15:17 i would expect so, yes 18:15:45 great, thanks. 18:21:57 soon, i shall have fully mirrored 10TB storage :3 18:40:38 phryk: what are you going to store ? 18:40:55 mzar: things. O:) 18:45:54 phryk what kind of "things"? :P 18:46:34 8TB of assorted obscure erotica plus some squish space for non-essentials like the OS. (: 18:46:45 of course 19:18:24 I learned a long time ago that if I don't want to hear the answer then it is better not to ask the question. 19:20:16 rwp I agree, this is wise advice. 19:42:04 In this context, for sure. At other times, it can be an important part of challenging your own beliefs / understanding. 20:09:01 wondering again... I ran into an infinite loop in libc's jemalloc, presumably due to bad threading, but isn't it supposed to be thread-safe? I'm not sure how to investigate this further. https://pastebin.com/raw/jSLWLLKW 21:22:43 ˜/42 21:31:09 The answer to all questions. 22:11:39 hmmm... is anyone running 14.1-RELEASE and having issues with pulseaudio 22:11:53 when I try to play audio nothing happens, I check it all and it shows up just fine 22:12:05 go to play audio, pulseaudio hogs an entire thread, until I send SIGKILL 22:15:32 pacmd exit (restarting pulseaudio) works for about 2 seconds before it hogs a thread again... 22:16:14 ooo correction, it hogs a thread when pavucontrol is open 22:17:00 so its pulseaudio causing it to hog a thread... 22:17:07 either way, audio doesn't work 22:19:33 https://dpaste.org/zOoxQ the devices are being picked up, and the kernel modules are being loaded... 22:45:20 rwp: only one question 22:46:13 Here's an example of per-jail metrics graphed, cpu usage, etc, per jails. https://bsd.network/web/@dvl/113319419745608966