03:57:04 <rtprio> it works on the raspberry pi, that's a sbc
05:47:50 <hernan604> im trying to open pavucontrol as another user under X, but it hangs on while opening with the message "Establishing connection to PulseAudio. Please wait..."
05:48:29 <hernan604> this user is added to pulse-access, pulse and pulse-rt groups
05:49:10 <hernan604> and it was able to open the pavucontrol when the computer is just turned on, and just started X.
05:49:29 <hernan604> however after some hours? or minutes, im not sure, it loses access to pulseaudio
05:50:09 <hernan604> i need access to audio for this other user because i run the browser as another user
05:50:26 <hernan604> Btw, this works fine in another computer
05:50:56 <hernan604> any idea what could be wrong :
05:50:56 <hernan604> ?
05:56:24 <hernan604> and it works fine as my user
05:57:26 <hernan604> so i would guess its permissions... but then why is the second user able to get audio from youtube a minute after X starts.. but not later ?
06:18:16 <hernan604> oh, and this user is able to get audio from lets say mocp... the problem is with firefox
06:19:00 <hernan604> oh i think it needs sndio started
06:19:07 <hernan604> now sound is coming out again
06:19:19 <hernan604> strange
09:14:41 <mzar> firefox outputs sound to pulseaudio, check pulesaudio
11:15:17 <zilti> How do I prevent my resolv.conf from getting overwritten with the nameservers fetched over DHCP?
11:18:39 <zilti> I tried adding resolvconf=NO to /etc/resolvconf.conf, but that does not work
11:19:11 <zilti> That file seems to get ignored in general. I also tried adding name_servers entries there, but they don't get subsequently added to /etc/resolv.conf
11:24:17 <nimaje> hm, I have resolv_conf="/dev/null" and libc="NO" in /etc/resolvconf.conf as I use local_unbound
11:31:13 <zilti> nimaje: Ah, I'll try resolv_conf="/dev/null" then, thanks
11:35:56 <zilti> nimaje: Nope, doesn't work either...
11:36:12 <zilti> I'll just add an "echo 'nameserver 1.1.1.1' > /etc/resolv.conf" to /etc/rc.local, I suppose.
11:39:47 <antranigv> zilti one way would be to use extended attributes, so that even root can't change it :P
11:40:23 <antranigv> I like doing it that way, so instead of "fixing" it on the DHCP level, I just fix it forever, and no one can change the resolver config, ever.
11:40:32 <zilti> Ehh, rc.local will be good enough I hope
11:40:38 <zilti> But thanks!
11:41:27 <tsoome> maybe check https://man.freebsd.org/cgi/man.cgi?query=dhclient.conf&sektion=5&apropos=0&manpath=FreeBSD+14.2-RELEASE+and+Ports
12:20:02 <rtprio> zilti: resolv_enable=NO
12:20:44 <zilti> rtprio: in rc.conf?
12:21:18 <rtprio> yes
12:24:35 <zilti> Okay, I'll try that later, thanks.
13:17:41 <f451> zilti: i use chflags for stuff like that
13:19:26 <rtprio> or just do it the right way so you don't have to do things the har dway
13:20:13 <f451> yeah at the time i couldnt find the right way and had to find any way that worked
14:25:07 <ccx> I'm looking into setting up PF on fbsd. I'm not seeing equivalent to iptables' FORWARD chain so I guess I should make rules based on `in on IFACE to NET` ~= PREROUTING and `out on IFACE from NET` ~= POSTROUTING?
14:27:18 <SKull> ccx: i don't think that trying to translate iptables to pf in  your head is a good idea
14:28:48 <ccx> I want to make routing available between two (VPN) networks but keep regular incoming/outgoing traffic unaffected. It seems to suggest I want to explicitly allow each interface's adresses as well as the specific route.
14:30:30 <ccx> SKull: Well, the IP stack isn't all that different. There are certain points in it where filtering (and mangling/NAT) can happen. The PF documentation doesn't really specify where those are though.
14:31:38 <ccx> So I'm guessing there's ingress one before routing decision and egress one after routing decision, as that's what would make the most sense to me.
14:31:57 <ccx> But feel free to point me to more in-depth documentation that actually details this.
14:32:20 <SKull> ccx: 'man 5 pf.conf' is rather extensive and explicit about what happens when
14:32:45 <mzar> ccx: you can do it with PF, IPFW or IPF, choose one, master your rules and deploy
14:33:09 <mzar> ccx: why do you want to use FreeBSD instead of Linux ?
14:33:53 <SKull> ccx: i'm no network expert. my pf rules just contain a bunch of tables with valid taples. those can communicate whatever, and the rest is blocked by the first rule: block all
14:34:09 <SKull> *with valid ip adresses
14:34:46 <SKull> as well as some port forwardings for services that run in jails and that need to be accessible from outside
14:35:27 <ccx> I'm mostly connecting jails to some VPNs here.
14:36:42 <mzar> OK
14:38:47 <mzar> there are extensible examples in /usr/share/examples/{pf,ipfilter} and there is also /etc/rc.firewall if IPFW is prefered
14:40:59 <ccx> thanks
14:41:36 <ccx> From what I understood allowing regular inbound and outbound traffic would amount to `pass in on $if to $if:network` + `pass out on $if from $if:network` for each configured interface.
14:53:40 <SKull> ccx: pass on $if:network would have the same effect
14:57:46 <ccx> Interesting, `on` is documented to only take `ifspec` which the grammar defines as combination of interface-name and interface-group optionally with `!` for negation.
15:02:21 <ccx> `from` and `to` on the other hand do take interface names. I'm specifying both intefrace and addresses to effectively accomplish what `antispoof` would do with extra rules.
15:07:59 <ccx> The doc says the addresses can be specified as interface names but again doesn't say what precisely that means. I'm going to assume that it maps to list of addresses currently assigned to the interface. Which will be better choice than $if:network here.
17:12:52 <dvl> So, I did the thing: sudo zpool replace data01 gpt/HGST_8CJVT8YE gpt/SEAG_ZJV4HFPE
17:13:48 <mzar> has it worked dvl ?
17:13:52 <dvl> When that's done, I may pull the bad drive and if I'm really energetic, run badblocks on it.
17:14:26 <dvl> mzar: seems fine.   scan: resilver in progress since Mon Apr 14 17:08:39 2025
17:14:47 <mzar> it will take some time
17:15:30 <mzar> dvl: I responded to your question on social media; TL;DR : just enable and run zfsd
17:15:51 <dvl> mzar: I might not yet. ivy convinced me otherwise.
17:16:06 <mzar> ha.. you sparing CPU cycles ?
17:16:15 <dvl> mzar: for badblocks?
17:16:25 <mzar> no, for zfsd
17:16:46 <dvl> mzar: No, just not running it. Lots of spare cycles on these hosts.
17:17:45 <mzar> I am running it everywhere where I have more than 1 drive in the zpool, but I have no hot spares
17:18:12 <dvl> mzar: What benefits do you get?
17:19:02 <dvl> This 12 yo post claims no benefit to badblocks on modern hdd https://forums.freebsd.org/threads/badblocks-check.41584/#post-231309
17:20:23 <mzar> I responded in social media; anyway, it served me good saving maintenance time
17:26:19 <markmcb> anyone know the status of the unavailable go packages for amd64? it's over a week now i think that they're missing.
17:27:11 <kevans_> I think they've found a viable workaround now
17:27:41 <kevans_> there's more context in https://github.com/golang/go/issues/49405
17:33:11 <mzar> Modern HDD drives have SMART and few hundreds of spare sectors, if the sector can't be read, the drive reports error. To fix it you have to write data to this faulty sector, so it will be remapped to one of the remaining spare sectors
17:33:37 <mzar> If you are running out of spare sectors, it's high time to replace the drive
17:34:49 <mzar> writing data to faulty sector can be done precisely with dd, but you have to read SMART and find this sector
17:40:25 <mtll> though be warned in some cases, if bad sectors are cropping up, there could be a mechanical problem that's killing sectors, and swapping them out will only delay things. SMART might reveal such a problem too though
17:58:18 <markmcb> kevans_: thanks
18:07:08 <dvl> mzar: 79.0G resilvered, 0.63% done, 6 days 07:58:40 to go
18:07:43 <dvl> markmcb: progress is being made on go. I think they found the cause and are rolling it out.
18:08:27 <dvl> mzar: that 'done precisely' is the time consuming part....
18:08:46 <dvl> mtll: I've started an RMA.
20:21:00 <thresh> howdy.  I've noticed a couple of pkgs I use are currently not available on quarterly pkg repos for freebsd 14, however they are there for freebsd 13.  the ones that seem to be absent are devel/git-lfs, and sysutils/amazon-ssm-agent.  are there any problems with those for freebsd 14 specifically, and what could be done to get those published?  thanks.
20:24:40 <getz> thresh: could be this https://lists.freebsd.org/archives/freebsd-ports/2025-April/007557.html
20:24:55 <getz> dont know if anyone has tracked down the cause yet
20:29:11 <thresh> uh oh, thanks getz
20:29:53 <getz> i've heard a lot of people complain the last few days, feels like there's a notice that i havent seen
20:33:31 <thresh> yeah, looks like there is a bunch of threads around build issues on freebsd-ports ml, i'll monitor
22:25:13 <polarian> typical freebsd
22:38:58 <ramses> hi, i got wiregurd up at a 10G vps trying speedtest gets me 5Mbits?
22:39:18 <ramses> is there any setting to apply?
22:39:35 <ramses> 5Mbits down, 100 up
23:48:55 <trench> ramses: because you are a n00b ^^
23:52:45 <ramses> trench: not helping at all
23:53:13 <ramses> isp throttling udp?
23:53:34 <ramses> but mullvad.net works fine
23:58:14 <ramses> perhaps the vps too
23:58:18 <ramses> oh well
23:58:57 <trench> ramses: tcpdump?
23:59:05 <trench> if you have access
23:59:11 <ramses> dunno, it uses udp
23:59:15 <trench> so?
23:59:29 <ramses> lets see then
23:59:46 <trench> man tcpdump?
23:59:47 <ramses> connected or aside?
23:59:57 <ramses> meh