it works on the raspberry pi, that's a sbc

im trying to open pavucontrol as another user under X, but it hangs on while opening with the message "Establishing connection to PulseAudio. Please wait..."

this user is added to pulse-access, pulse and pulse-rt groups

and it was able to open the pavucontrol when the computer is just turned on, and just started X.

however after some hours? or minutes, im not sure, it loses access to pulseaudio

i need access to audio for this other user because i run the browser as another user

Btw, this works fine in another computer

any idea what could be wrong :

?

and it works fine as my user

so i would guess its permissions... but then why is the second user able to get audio from youtube a minute after X starts.. but not later ?

oh, and this user is able to get audio from lets say mocp... the problem is with firefox

oh i think it needs sndio started

now sound is coming out again

strange

firefox outputs sound to pulseaudio, check pulesaudio

How do I prevent my resolv.conf from getting overwritten with the nameservers fetched over DHCP?

I tried adding resolvconf=NO to /etc/resolvconf.conf, but that does not work

That file seems to get ignored in general. I also tried adding name_servers entries there, but they don't get subsequently added to /etc/resolv.conf

hm, I have resolv_conf="/dev/null" and libc="NO" in /etc/resolvconf.conf as I use local_unbound

nimaje: Ah, I'll try resolv_conf="/dev/null" then, thanks

nimaje: Nope, doesn't work either...

I'll just add an "echo 'nameserver 1.1.1.1' > /etc/resolv.conf" to /etc/rc.local, I suppose.

zilti one way would be to use extended attributes, so that even root can't change it :P

I like doing it that way, so instead of "fixing" it on the DHCP level, I just fix it forever, and no one can change the resolver config, ever.

Ehh, rc.local will be good enough I hope

But thanks!

maybe check man.freebsd.org/cgi/man.cgi?query=d…path=FreeBSD+14.2-RELEASE+and+Ports

zilti: resolv_enable=NO

rtprio: in rc.conf?

yes

Okay, I'll try that later, thanks.

zilti: i use chflags for stuff like that

or just do it the right way so you don't have to do things the har dway

yeah at the time i couldnt find the right way and had to find any way that worked

I'm looking into setting up PF on fbsd. I'm not seeing equivalent to iptables' FORWARD chain so I guess I should make rules based on `in on IFACE to NET` ~= PREROUTING and `out on IFACE from NET` ~= POSTROUTING?

ccx: i don't think that trying to translate iptables to pf in your head is a good idea

I want to make routing available between two (VPN) networks but keep regular incoming/outgoing traffic unaffected. It seems to suggest I want to explicitly allow each interface's adresses as well as the specific route.

SKull: Well, the IP stack isn't all that different. There are certain points in it where filtering (and mangling/NAT) can happen. The PF documentation doesn't really specify where those are though.

So I'm guessing there's ingress one before routing decision and egress one after routing decision, as that's what would make the most sense to me.

But feel free to point me to more in-depth documentation that actually details this.

ccx: 'man 5 pf.conf' is rather extensive and explicit about what happens when

ccx: you can do it with PF, IPFW or IPF, choose one, master your rules and deploy

ccx: why do you want to use FreeBSD instead of Linux ?

ccx: i'm no network expert. my pf rules just contain a bunch of tables with valid taples. those can communicate whatever, and the rest is blocked by the first rule: block all

*with valid ip adresses

as well as some port forwardings for services that run in jails and that need to be accessible from outside

I'm mostly connecting jails to some VPNs here.

OK

there are extensible examples in /usr/share/examples/{pf,ipfilter} and there is also /etc/rc.firewall if IPFW is prefered

thanks

From what I understood allowing regular inbound and outbound traffic would amount to `pass in on $if to $if:network` + `pass out on $if from $if:network` for each configured interface.

ccx: pass on $if:network would have the same effect

Interesting, `on` is documented to only take `ifspec` which the grammar defines as combination of interface-name and interface-group optionally with `!` for negation.

`from` and `to` on the other hand do take interface names. I'm specifying both intefrace and addresses to effectively accomplish what `antispoof` would do with extra rules.

The doc says the addresses can be specified as interface names but again doesn't say what precisely that means. I'm going to assume that it maps to list of addresses currently assigned to the interface. Which will be better choice than $if:network here.

So, I did the thing: sudo zpool replace data01 gpt/HGST_8CJVT8YE gpt/SEAG_ZJV4HFPE

has it worked dvl ?

When that's done, I may pull the bad drive and if I'm really energetic, run badblocks on it.

mzar: seems fine. scan: resilver in progress since Mon Apr 14 17:08:39 2025

it will take some time

dvl: I responded to your question on social media; TL;DR : just enable and run zfsd

mzar: I might not yet. ivy convinced me otherwise.

ha.. you sparing CPU cycles ?

mzar: for badblocks?

no, for zfsd

mzar: No, just not running it. Lots of spare cycles on these hosts.

I am running it everywhere where I have more than 1 drive in the zpool, but I have no hot spares

mzar: What benefits do you get?

This 12 yo post claims no benefit to badblocks on modern hdd forums.freebsd.org/threads/badblocks-check.41584/#post-231309

I responded in social media; anyway, it served me good saving maintenance time

anyone know the status of the unavailable go packages for amd64? it's over a week now i think that they're missing.

I think they've found a viable workaround now

there's more context in golang/go #49405

Modern HDD drives have SMART and few hundreds of spare sectors, if the sector can't be read, the drive reports error. To fix it you have to write data to this faulty sector, so it will be remapped to one of the remaining spare sectors

If you are running out of spare sectors, it's high time to replace the drive

writing data to faulty sector can be done precisely with dd, but you have to read SMART and find this sector

though be warned in some cases, if bad sectors are cropping up, there could be a mechanical problem that's killing sectors, and swapping them out will only delay things. SMART might reveal such a problem too though

kevans_: thanks

mzar: 79.0G resilvered, 0.63% done, 6 days 07:58:40 to go

markmcb: progress is being made on go. I think they found the cause and are rolling it out.

mzar: that 'done precisely' is the time consuming part....

mtll: I've started an RMA.

howdy. I've noticed a couple of pkgs I use are currently not available on quarterly pkg repos for freebsd 14, however they are there for freebsd 13. the ones that seem to be absent are devel/git-lfs, and sysutils/amazon-ssm-agent. are there any problems with those for freebsd 14 specifically, and what could be done to get those published? thanks.

thresh: could be this lists.freebsd.org/archives/freebsd-ports/2025-April/007557.html

dont know if anyone has tracked down the cause yet

uh oh, thanks getz

i've heard a lot of people complain the last few days, feels like there's a notice that i havent seen

yeah, looks like there is a bunch of threads around build issues on freebsd-ports ml, i'll monitor

typical freebsd

hi, i got wiregurd up at a 10G vps trying speedtest gets me 5Mbits?

is there any setting to apply?

5Mbits down, 100 up

ramses: because you are a n00b ^^

trench: not helping at all

isp throttling udp?

but mullvad.net works fine

perhaps the vps too

oh well

ramses: tcpdump?

if you have access

dunno, it uses udp

so?

lets see then

man tcpdump?

connected or aside?

meh