that site is a store ?

cpet it has a store tab

i have prints on canvas for sale

but it mainly is a blog

Oh PCI compliant

Heh

rwp, hernan604: lol

Pretty much how it goes

Kind of like reading Linux hard coded bins in scripts

roflma0 my desktop is blazing fast again l0l0l

cpet: you told me to give up i will never forget that.

It's ok

I don't even remember the issue so heh

i had a some wierd0 sysctl shared memory lines i totally forgot lma0

also aio_load was disabled now its a NASA laptop again

a what?

rtprio: a brand new CCCP approved workstation setup.

IF you say so

feels like g00d s3x, imagine being nearly a complete month with micro/macro freezes/hangs constantly

and then smooth as butter

badkat: how's it failing today?

ketas: its not anymore!

dude im having cybersex with the kernel

it was some clunky sysctl.conf/loader.conf stuff i had changed that actually destroyed the performance, those ipc.shm* made the mess, dont even remember when that happened

those same settings didn't harm anything on 14.1 but made 14.2 crash?

tykling: i had ~120 days of uptime probably those changes were not applied

no crash, but absolutly demential degradation of the desktop usability

so at some point in that 120 day period you added that, didn't test it, and eventually upgraded to 14.2 and rebooted, and then the issues began?

yep, when i came to the channel on friday i was blaming zfs lol

yes we were here :) it happens

:D

made my day... 08:03:09 < badkat> dude im having cybersex with the kernel

what those changes were anyway?

were they limiting up or down

i bet lot of people also do zfs arc limit still, not all of them need this anymorr

e

etc

ketas: arc limiting not needed anymore? since when?

has it been fixed

as i understand

it's not needed now

now that you ask

unsure

0.6* ram?

depends a lot on what the workload of the machine is.. storage box? no limits for arc, database server? maybe 10-20% for arc

back in the day the kernel used to be slow to release the memory used by arc so I got in the habit of limiting it everywhere

tykling: well previously things ran out :p

i wish one could do % limits

yeah I do do % limits but ansible does them for me

ketas: back, those shared memory params were silly high numbers

i just remembered that i had some issueswith SDR hardware that was not having the sampling rate it should and i exagerated the number of ipc.shmall along others a few times

my ZFS ARC limit was always 1G, but in this debugging days i tried increasing to 2G, 0 difference

aio_load=YES seems to be a must for desktops too, i disabled that module the day i did the upgrade for some reason.

29

(woops)

Hello all. Trying to get the radeon driver to work with X11 on a wyse terminal (nice and compact), under fbsd 13.5-RELEASE

It seems to initialize the driver just fine

[drm] Initialized radeon 2.50.0 20080528 for drmn0 on minor 0

[ 79.212] (II) modesetting: Driver for Modesetting Kernel Drivers: kms

[ 81.585] (II) modeset(0): using default device

then X11 exits with

[ 81.586] (EE) Cannot run in framebuffer mode. Please specify busIDs for all framebuffer devices

[ 83.953] (EE) Server terminated with error (1). Closing log file.

I am in group video

any thoughts?

does the radeon modeset driver need linux binaryt compat?

__sbrk: maybe you should specify the busids for all framebuffer devices

At least it's nice about it and says please.

hi folks, i'm a newbie (both in freebsd and C) but i'd like to contribute in a way that would improve my knowledge in both topics; one of the things mentioned in the "Contributing to FreeBSD" article is fixing warnings for ports which do deprecated things, does that mean literally going through the /usr/port, building random stuff and submitting patches?

TIL uname -U

benjamino: sort of, but maybe more going through open ports PRs or looking at ports marked deprecated and see if you can find some worth rescuing

tykling: I see, alright I'll take a look at those, thank you!

kern.securelevel=2 causes xorg to segfault

correction kernel.securelevel above 0 causes xorg to segfault

hmmm

Using a security level when used as a desktop isnt good

^ true

polarian: think that securelevel modes enforce read-only in a lot stuff so if xorg wants to write something in that scope it will be a dead end leading to a crash.

openbsd folks could be more familiar with those kind of setups :P

xenocara works with securelevel=2, you could check the workarounds involved

cpet: old latitudes have a vulnerability which allows the EC write protection to be bypassed, makes flashing coreboot distros easy, but it also means that any attacker can write to /dev/mem if they get root access and infect the bios. secure level protects against this.

also I dont think "dont use secure level on desktop" is the correct approach to the situation, "desktop is not a priority" would be a better approach, but ultimately security features should really support desktop as well...

badkat: I am an idiot when it comes to kernel shit xD

solution? get on my hands and knees and beg :P

Reread what security levels do

They aren't meant to be used as a daily machine but server

They disallow some smithing which x needs

I only technically need to protect against write to /dev/mem (so level 1)

cpet: afaik it works on Linux with their /dev/mem protection...

I have heard it works as a security measure for the old latitudes, I have not verified it (will do shortly)

This isn't Linux

polarian: "privUsername Xorg 29005 10 /dev 16 crw-r----- mem rw"

xorgs needs that permissions over /dev/mem

I know... but my point is, Linux runs xorg, if Linux can restrict writing to /dev/mem for xorg, then freebsd might be able to do that too

ok?

badkat: hmmm

no BSD is a whole different ball game than Linux

im not a kernel dev but iirc /dev/mem is used to directly interface with hardware registers

(and flash)

and you dont think X needs that ?

polarian: can you share that proof that linux xorg doesnt write that?

you need to see if that vulnerability is he same as with BSD

and if its local I would just wait for a fix

well I assume if it works on Linux then xorg on Linux is written to go via the kernel (which would be the more secure way of doing things, like how OpenBSD forces all syscalls to go via libc), I could then assume that FreeBSD doesn't support said features xorg relies on hence its implemented directly

hence the requirement to write to /dev/mem

linux "protections" usually are shit

but then again this all relies on the assumption that /dev/mem READONLY works on Linux, which I am yet to verify

badkat: I dont disagree

like you just change the place of things, doesnt mean that /dev/mem cant be write some other way around..

secueity level 1

Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted file systems, /dev/mem and /dev/kmem may not be opened for writing; /dev/io (if your platform has it) may not be opened at all; kernel modules (see kld(4)) may not be loaded or unloaded. The kernel debugger may not be entered using the debug.kdb.enter sysctl. A panic or trap cannot be forced using the debug.kdb.panic,

debug.kdb.panic_str and other sysctl’s.

but from a security POV is it a good idea to be able to write to /dev/mem anyways? xorg being compromised therefore means that my laptop (an E6430) with a vulnerable flash could be rootkitted from a xorg vuln...

that is a major security consideration

on the other hand dont use EOL devices :P

again reread what secueity levels as they arent what you think they are by the looks of it

I have read security(7)

and dont compare Linux and BSD they are ifferent beasts and may upset some people as well

I am aware, completely different codebases... (although I will poke the bear and say FreeBSD has imported a ton of Linux code soooo... :P)

fuck linuxkpi :)

yes as required

due to the way linux does thing we had to include that to get X working

total wormhole

oh wait...

maybe the issue isn't xorg, but LinuxKPI

look, if you want to do what you want, you need to patch kernel-level stuff

yeah I get it

if you dont want that, go to openbsd desktop that supports your needs

it is unfortunate though...

but the filesystem is a joke

total waste of hardware

but accomplish the paranoid

maybe one day I would be smart enough to fix kernel bugs :P

if you only use X local you really dont need to do that

I wonder if it would work under wayland (I would assume no), although I rather not touch wayland... :P

do I want secueity and a pai to run X

or do i want to limit secueity and have a working X

i chose working X

well lets be real, I think freebsd has bigger security issues rn than some security feature not working with xorg

MIcrosoft had fixed a bug that was 16 yrs old

so nitpicking this one thing is in the grand scheme of things... irrelevant

whats your point ?

cpet: disproving my own moan :P

no better argument than arguing wiht yourself yk? :P

fbsd is server oriented, so the packages that are not involved in providing services from a datacenter have way less relevance in the manteinance cycle

and im agree with that.

badkat: yea I am aware of that, but freebsd foundation is coughing up a lot of cash to get the framework laptop desktop-worthy

and freebsd doesnt really make a good desktop for me atleast

excels as a server though

I have found it to be decent for the last year I have used it full time as my main laptop

cpet: for servers it beats Linux hands down...

i want to play games and Wine sucks at it

so bleh

it is a great desktop, but you have to suffer some times, its pretty much worth in my opinion. Desktops are not only for fun & c00m

you can work too

my main machine is a Mac mini :P

I dont get how Linux sysadmins live without adopting a BSD, weekly kernel updates? a package update can update the base system and require a reboot, but you never know when so you reboot every update even if its userspace... what hell!

i do have a remote X i use to do admin stuff on server

anyways this gives me a reason to patch some docs to stop recommending securelevel on freebsd desktop to protect against vuln flash

which doc is it ?

libreboot :)

fkash is dead and has been for a lng time

freebsd have lots of security issues but the good part is that atleast is not a giga spagetthi laberynth to go through

everything has secueity issues

badkat: Linux went downhill the moment it started to merge usb shit into the kernel iirc

and all we do is put blocks and limitations and dont fix the actual issue

mainly openbsd, but we should not talk about that ^^

why not its a BSD

i mean about the sec issues they have haha

read the man pages you will see a very large set of rivers ported from openbsd

our pf is based on openbsd

badkat: what sec issues

oh

if I hear another person use isopenbsdsecu.re again I will facepalm

that site was written by a Linux security dev, who obviously opposes everything OpenBSD stands for

nothing more than BSD bashing

that webpage is 90% truth 10% intentional beef to upset fanboys

switch the two numbers and I will agree

i use OpenBSD as my server OS ;/

lol, i use a lot of openbsd anyways

as with every OS they have pros and cons same with Free and Net

the whole thing about the spectre vulns taking too long to patch is because intel/amd help with Linux and not BSD

but lets be real, there is a lot of thing that is not warfare level secured

hahah

polarian: this is the same reason why everyone uses Linux and not a BSD

iirc there is a video on youtube about theo de raadt ranting about how its not fair that manufacturers dont share their docs with OpenBSD

polarian: why should they do that? linux devs get NDA for each device they port most of the times

well both the main people behind Open and LInux are tools

but lets not get into that :P

cpet: which proves my point, its not OpenBSD's fault... why should they be blamed for having to use vulnerable microcode because the tech companies disproportionate aid Linux?!!? again its just a BSD bashing website...

at least openbsd can rip off that work, thats how 80% of the network cards are gettin support

polarian: i dont know I didint click on it

i use what I use for my personal reasons

I sys amdin my machines using the same pricinpal

i like to redo my whole log and change all loging to *.log

some people may thing thats stupid

but I do it

:P

badkat: well its difficult because they dont have the whitepapers, and GPL copyright is a big problem

there is a line between selecting your software and acknowledge real things going on. OpenBSD is the most easy to maintean networking OS in the earth

opebsd fixed that by impleenting there own

this is why they have there own version of X and drivers

but that doesnt make the OS rock solid, different things.

and Linux devs love their copyright... moment you infringe it the fsf will have a court case against you within 24 hours!

badkat: i just upgraed to 7.7 with a simple sysupgrade

badkat: :)

do you even read what i said? lmao

badkat: OpenBSD has been long known as the routerOS :P

i use openBSD with my XPON setup, fiber and all the shit

i dont know

iirc the early development of OpenBSD was strongly bolstered by small ISPs across the globe which adopted it for security and because its cheaper than the proprietary alternatives (and more powerful)

but its not so secure :)

badkat: directly or via an ONT?

its securer than most

polarian: directly

badkat: based... I heard its not very well documented, and you need a special SFP connector for it

but the SMP implementation makes a bottleneck on network performance

unfortunate I only have xDSL and that requires a modem, in theory though I could use a openwrt modem/router combo and use it as a modem only... but modulation is L1 so the modem is a non-issue from a security perspective...

2025 and we still have OS wars

yay

so i have to lose 30% of performance just because the openbsd kernel doesnt have a good implementation on the router architechture (Octeum)

iirc the modem I am using Linux build is from 2011

thats secure, right? :P

OpenBSD isnt SMP aware still had Giant locks all over the place

yeah

(its bridged to a OpenBSD router)

if theres no known vulnerabilities

even so some comanies still use Windows 95 software

so bleh

did you both see the ML rant about 4chan, someone using some not so nice language on the ML

polarian: linux kernel 2.6 yay like putting your ass nude in the window heading to the street l0l0l0

they were running EOL FreeBSD and then FreeBSD gets the blame? laughable

polarian: that would be fun if I saw it

polarian: people that blame fbsd 10 on 2025 are just retarded i wont matter much

does anyone care about 4chan anyways?

idk much about 4chan but arent they renown for being scum of the earth?

thats typical really

blaming the OS that is old and not maintained

a pretty famous psyop deployment place, nothing worthy in those places

idk why anyone would want to live in a toxic echo chamber, its why I left Linux :P

most site are hacked due to old software or broken passwords

not really the os itself

ssh was vyuln to some things so if you forgot to update well thats on you

cpet: that site was hacked with a ghostscript (javascript) pdf upload plugin for php

nothing to do with freebsd anyways

a lot of people will install OS, set it up, and never lok at it again

the OS was rocking the show

instead of logging in updating the programs

and restart php-fpm

probably would still be up hah

badkat: they deserved to get pwned for using php

if it works, you dont touch it. "Bankers"

any language can be hacked if not programed correctly

badkat: famous last words!!!

hi deimosBSD

some can fix itself like rust ad others

but a few cant

ciao polarian

deimosBSD: long time no see

and on that note, I must reboot

i should reboot my current install as well

Insert mode in the vi-mode of FreeBSD 14.2's /bin/sh sure doesn't like letting me into command mode much of the time. But sometimes it does. I haven't yet pinned down why it's inconsistent.

See if it happens in vim

Hm, don't have vim installed. But most of the time it works, and nvi has no issues.

It's weirdly erratic.

are you over tmux/screen?

No, just ssh.

same on tty?

crw--w---- 1 root tty 0x2bf Apr 28 22:36 /dev/pts/5

Dunno, it's a jail. There's no local to be had.

But that it works most of the time under ssh suggests that's not inherently a problem.

sending escape code/sequences over ssh sessions is not the same that doing direct input on the tty

The ssh makes it sometimes erratic?

?

im saying the scenario is not exactly the same

try on tty console.

Is jexec going to give me something substantially different from ssh?

ok didnt saw the jail part

I'm stuck on the notion that it works most of the time on the shell, and all of the time (so far) in nvi.

could you provide some way to reproduce the issue?

I need to be able to reproduce it reliably here and I'm struggling to do that. But if I do, I'll certainly share it and probably open a bug.

Why not open the big and share it here

Bug

cpet: It's *so* intermittent... I really need to find a way to elicit it on demand.

So it's still there

I would submit a bug

It's not doing it now, but several times earlier I found myself locked in insert mode.

Alright. I just hate bugs that are so sparse.

cpet: I'm in one now!

Going to see if I can reproduce this.

Arrow keys aren't changing lines, although left and right work. There's no escaping into command mode.

mason: Even when you hit Esc a bunch of times it didn't get out of insert mode?

TommyC: Yeah. I'm going to see if I can get it to leave a core.

Also, I've tried a couple times now... I ssh in and I seem not to be able to escape at first.

mason: Weird ask but, are the keyboard layouts in the machine you're ssh-ing into and the one you're ssh-ing from the same?

I'm sshing into a jail fwiw.

I don't mean physical keyboard layout.

So, this is interesting. Once I "set -o" it seems to start working.

Alright, this is a worthwhile bug report. I can get it EVERY time I ssh in, and it goes away when I "set -o" to look, which shouldn't do anything. Trying nvi to see if going into that has an issue, or resolves the issue.

Interesting. I can go into nvi and it works fine, but going back into the shell, the shell's still broken.

just running "set" doesn't fix anything, but running "set -o" does, so there must be some funny race.

mason: Just to rule it out, does any other text editor cause the same problem?

TommyC: I don't think I have another installed, but let me try emacs mode and see if that has issues.

emacs mode doesn't have issues

This is probably wrong but, perhaps it's some sort of nvi setting?

TommyC: Nothing to do with nvi. nvi works fine.

TommyC: I ssh in, and despite .shrc having vi mode turned on, esc doesn't work until I run "set -o"

stty sane doesn't matter