00:47:35 Is there a way to load the igc driver from fbsd 14.3 in opnsense 25.4.1 (fbsd 14.2) ? 01:20:21 the way opnsense and pfsense work you can't really customize it without breaking it 01:20:39 this is mainly why I sold my netgate and just did it all by hand 01:39:51 yeah, that makes sense. 02:50:44 stdout, In any case the kernel module would need to match exactly. Crossing versions is almost a guaranteed kernel panic. 02:50:58 jail question, host-epair-jzeus-(do i need 3 epair?)-(jtom | jharry | jjim) 11:25:50 is vm-bhyve still the preferred way to manage bhyve VMs? 11:26:16 I vaguely remember seeing some discussion in here about it a couple months ago, that mentioned some other alternative, but I can't remember its name 11:28:36 i know these: pot, bastille and vm-bhyve 11:28:45 i had been used pot for a while for dns server jail 11:28:55 which i used it after i can't do what i wanted with bastille 11:29:07 if you gonna use graphics etc. use vm-bhyve imo 11:29:28 oh dang, pot and bastille should be for jails... 11:30:04 yeah I was planning to set up a linux gaming VM 11:30:32 hmm, then you are going to do gpu-passthrough too? these are easier to do with vm-bhyve 11:30:36 as a temporary solution until drm-kmod supports my dGPU 11:30:58 yeah, I'm running FreeBSD on my iGPU at the moment, so I can just passthrough the dGPU to the VM 11:31:05 okay great 11:31:10 i just have iGPU and i don't game 11:31:29 I've got the intel A770 11:32:05 and I predicted potential driver issues on the horizon, so I got the iGPU version of my CPU just to be safe, turned out to be a good choice when I switched to FreeBSD 11:32:48 nice thought 11:32:55 i hope gpu passthrough works for you 11:34:08 I mean it should be fine, linux drivers for intel arc are pretty much on par with the windows drivers 11:34:34 i see 11:35:06 i think freebsd should support some G-PT features to be able to do that, hope it got better 11:35:31 i remember watching a video of Colin(?) to give a presentation about G-PT 11:35:37 it was covering amd and nvidia 11:35:58 well, bhyve supports pci passthrough so it should just work 11:36:13 yes. 11:36:20 I'm assuming it'll just pass it through to VM as a pci device and then the guest OS can deal with the graphics stuff 11:36:36 i think so too 11:37:08 but i wonder what the freebsd host going to do in the background, what happens to it, how the guest take over the screen? 11:37:14 it's interesting 11:37:30 i guess you have to passthrough usb devices too? 11:39:05 nxjoseph: well, right now I have 2 of my 3 screens connected to the video outputs on the motherboard 11:39:21 in theory I should just be able to connect some of the screens to the dGPU outputs 11:39:25 oh right 11:39:26 and then switch inputs 11:39:28 i forgot about it 11:40:26 maybe even use synergy to share peripherals between the systems and magically run multiple OSes on the machine at once 11:41:38 the actual gaming will be with a PS5 controller, so I can pass that through to the VM, not too worried about latency issues with mouse/keyboard if I go for synergy 11:43:01 what is synergy? 11:44:02 it's a neat little piece of software for sharing peripherals between multiple computers as if it's a multi-monitor system 11:44:21 oh nice 11:44:40 so like let's say you had your laptop on the side next to your desktop/workstation, you could set it up so you can just move the cursor over to the laptop 11:44:59 very good 11:45:18 it uses the network to do that, and it's pretty decent in terms of stability and latency 11:45:38 never tried to run it on freebsd though, so that might be interesting 11:46:03 i see 11:46:21 synergy? 11:46:25 that's interesting 11:46:33 is it a FOSS implementation? 11:47:05 scottpedia: yes and no. you can pay for it and get user friendly GUI setup etc 11:47:22 but the backend is open source and you can configure that with a simple enough config file 11:47:22 wdym yes and no? 11:47:32 right 11:47:41 so you only pay for GUI if you want it 11:48:02 yeah 11:48:09 I think they sell it to businesses or something, idk 11:48:12 I never used that part of it 11:48:45 looks like synergy is in ports, so it should just work in freebsd 11:48:53 mtll, good 11:56:40 i see alright 11:56:51 it'd be good to try. 12:11:35 I have a problem: why is my memory usage limits still unlimited, even though I have limited it via rctl? 12:11:54 user:r:memoryuse:deny=500M 12:39:08 85236 12:39:12 sorry 12:39:26 30523 12:39:27 np 12:39:59 hi surrounder , do you know my solution for my problem? 12:40:12 I have a problem: why is my memory usage limits still unlimited, even though I have limited it via rctl 12:40:13 radhitya: no 12:40:18 user:r:memoryuse:deny=500M 12:40:26 surrounder: ah, sad, okay 12:40:33 so sad /o\ 12:41:58 Hello. Any European people who use FreeBSD at work and impacted by the NIS2 directive? 12:43:00 I was wondering if there are some kind of information regarding FreeBSD and NIS2 compliance? 12:52:41 rwp: Actually, I use ZFSBootMenu to boot a native-encrypted-zfs-dataset with console prompt and remote unlocking (and potentially supporting tailscale VPN) in Linux. I think it uses kexec to switch kernel. Unfortunately ZFSBootMenu currently doesn't support booting FreeBSD. Otherwise it would be a good solution. 12:59:09 I'm trying to set up opensmtpd on freebsd and am seeing the following error in the syslog: smtpd[92308]: dispatcher: tls_config_set_ca_file: failed to open CA file '/etc/ssl/cert.pem': No such file or directory 12:59:23 I see no reference to such a file in smtpd.conf so I don't know where this is coming from 13:12:01 Zerock: can you try and generate a cert manually? i assume it's expecting one for tls 13:12:08 maybe try ca_root_nss? 13:15:59 Yup. security/ca_root_nss likely needs to be installed/updated. 13:17:21 is there a way to atomically write a new file but fail if it already exists? making the write atomic is usually done by writing to a temporary file and renaming, but rename() doesn't fail if the target exists, and O_EXCL doesn't help because the temp file won't exist 13:18:13 Zerock: can you show your config? 13:20:15 so I did find an old bug report suggested workaround of just making it as an empty file which worked 13:20:28 I'm not actually using TLS in this setup so a valid CA cert isn't vital 13:21:29 Zerock, if so, i think that that program can be modified to look for /usr/local/etc instead 13:22:06 it seems actually to be a hard-coded path unless you set a flag at compile time 13:22:10 by default opensmtpd doesn't require a cert, only when you configure one 13:22:30 anyway seems to be all good 13:22:33 I'm receiving email now 13:22:41 good 13:23:04 can't be hard-coded paths be changed from code? does it actually have a flag that you can set for that ? 13:23:47 mage: I'm a european and use FreeBSD at work. what is NIS2? 13:24:22 yeah, you can define OPENSMTPD_CA_FILE at build time 13:24:33 Zerock, ok nice 13:41:25 Grabunhold: an european directive on cybersecurity 13:43:02 the problem is that, of course, FreeBSD is not listed in the "supported" OSes 13:44:04 and... we may have to ditch FreeBSD completely because of this "compliance" stuff. This is ridiculous but I'm pretty sure we are not alone in this ship 13:46:50 mage where can that list be found? 13:47:59 I don't know, I haven't read the whole stuff yet (and don't want..). All that I know is that I'll have to "install some frankenstein NIS software" on the servers 13:48:24 NIS2* 13:49:36 Terrifying 13:52:43 yes, and ridiculous. For example I have to "make a report" because some of their "super security scanner" detected a vulnerable SSH server on our infrastructure.. 13:53:28 and their "super security scanner" only uses the version ID of the ssh to said it's vulnerable or not (...) 13:53:48 sounds like an average govt compliance thing. so mostly useless 13:54:06 yes 13:54:28 I have to deal with stuff like that at work. Thankfully it is our own corporate policy and not government mandate. 13:54:49 "your http server is vulnerable. source: self-reported version number" 13:55:12 solution: change config to hide version number 13:55:13 "chatgpt says your ssh version is vulnerable" 13:56:23 I have to explain them that yes the SSHD of 13.4 is still 9.7 _but_ is patched against all CVE and that just using the version string or the protocol is stupid 13:56:40 yep, same scenario with my httpd 13:56:53 dstolfa: upcoming reality 13:57:13 The problem with those types of "scanners" is, in my experience, that they don't include patch numbers in the version check. So, when derp-v13.2 is vulnerable but is patched to v13.2-1 and fixed, it's still reported as vulnerable. 13:57:23 oh yeah, icing on the cake... this particular one was supposed to be a real penetration test from a pen testing company, not just some scanning software 13:57:25 I'm getting more and more tired of IT 13:57:32 so their "penetration test" was checking the version number 13:58:04 my response: okay but did you actually get in? 13:59:01 mccd: not too far off: https://www.gov.uk/government/publications/foi2025-00120-plain-text-copy-of-peter-kyles-chatgpt-history/response-plain-text-copy-of-peter-kyles-chatgpt-history 13:59:47 asking chatgpt why small-to-medium businesses in the uk don't adopt chatgpt and then trying to shape government policy around that is certainly the level of competence i'd expect from an average politician 14:03:42 mage: I'm not the EU, but do work for a very large corp that mandated certain security software be installed on every server (very similar to what you're experiencing.) When it came time to verify our BSD systems, we just filed an exemption request since the software doesn't install on/support BSD. 14:04:17 And were then just limited to external weekly scans. Basically an nmap that checks those stupid version numbers. 14:05:14 ek: yes, unfortunately it's an hard request for all gvt stuff, I don't have choice 14:05:22 no exemption possible 14:06:19 I'll even have to modify stupid 20+years old website to include MFA (although the login is just to hide certain parts of the website) 14:06:26 mage: Well, then they should have chosen a better solution. They're going to serverely limit their reliability and safety over a piece of software that can't be designed for all OSes? 14:08:22 it's funny because they plan to use tons of new Microsoft tools / infrastructure .. and in the meantime you hear all the time that EU should be less dependant of US techologies 14:09:43 we had a fantastic self hosted postfix/dovecot/rspamd/webmail that works very well, with templates (Saltstack) to configure everything in jails etc -> everything has been migrated to O365 14:10:44 Oh, yuck. 14:10:47 anyway; I seriously plan to /quit IT because of all this shit 14:10:55 mage: already did 14:11:02 well, the sysadmin side 14:26:24 dstolfa: Yeah I have to keep doing double takes at work because of ai generated code from colleagues. It really tests your fundamentals 14:27:39 like the other day someone used `dd if=/dev/urandom...` to generate random numbers. 14:38:19 Is it that they used 'dd' that's the issue? X-D 14:43:27 along with piping it through three different steps 14:44:06 and they weren't writing to a file 14:46:29 so it worked but was far more complex than it needed to be 14:48:18 * kevans sources his entropy from /etc/master.passwd 14:51:51 * hodapp replaces mage with an LLM, thus guaranteeing that mage will always have a job fixing shit the LLM does 15:19:09 I have an NFSv4 share that is guaranteed to only have one client. Can I somehow tell that client to aggressively cache files for reading? For a second I was excited because I saw the cachefs manpage, but that one's not available on FreeBSD. NFS itself also does not seem to come with options. 15:26:44 mage: you have my sympathy. I sure hope we will stay small enough of a company not to anger the compliance gods too much so I can get away with my FreeBSD. 15:42:20 you can always get away with FereBSD if the question is compliance. 16:22:30 kevans, why? 16:26:06 https://bpa.st/3X5A 16:27:31 zilti, effective read caching is hard. 16:27:55 Unless maybe you're reading from a tape drive. 16:30:59 CrtxReavr: Hmm, I guess so. But I'd have assumed that there's stuff like a file-based cache for NFS - I just switched over to self-hosted storage and NFS from an s3backer setup. The latter has the option for a file-based read cache, and I actually have slightly worse performance now even... But to be fair, I for now use NFS over a wireguard tunnel and the internet, instead of locally. 16:55:02 CrtxReavr: why not? 16:57:08 kevans, how about the bpaste I provided as evidence against? 16:58:21 5.513632 bits per byte 16:58:25 is pretty solid 16:59:03 And strong encryption would reflect about 5 bits/byte of entropy. 16:59:32 But. . . since the goal is entropy, why not a more random source? 17:02:40 * rwp reads zilti say ...NFS...over Internet not locally...and that's got to be very slow as latency is a huge file system slow down for NFS which is designed for LAN use not high latency WAN 17:04:53 rwp, NFS was also likely designed on ArcNet LANs. 17:07:48 I always associate NFS and Sun together but I worked for HP at the time and being a competitor I don't know the inner details of NFS development. But I didn't think Sun used ArcNet at that time. 17:08:26 NFS was all based upon UDP at the time. It's definitely design for low latency LANs. It definitely suffers serious performance degradation on high latency network such as the Internet WAN. 17:08:38 rwp: NFSv4 delegations significantly improve NFS latency issues. Rick made some improvements to this in -CURRENT recently 17:09:13 zilti: this is basically what you want ^ 17:09:14 I still would not consider using NFS over an Internet connection. 17:09:41 "I'll take where tech companies go to die for $500, Alex." 17:10:11 i've also never heard of Sun using ArcNet... weren't they always Ethernet? 17:10:24 rwp: Yes, it is just a stop gap though. It soon will be on a very local LAN. Still, some client-side caching that takes load off the file server would be good. 17:10:33 Not actually sure. . . didn't touch a Sun box 'til '96. 17:10:35 AFAIK Sun was always ethernet based networking. 17:10:42 ivy: Oh, I'll check that out, thanks 17:10:54 And at that time it means coax cables and lots of T connectors. 17:11:08 zilti: NFS clients can already cache data, the problem is certain operations (mostly GETATTR) can't be cached very long. delegations are supposed to fix this by allowing a client to take a lease on a file and modify it locally, until another client wants to access it 17:11:34 By normal tuning it is a local 120 file attribute cache. 17:11:41 By normal tuning it is a local 120 second file attribute cache. 17:12:36 If you disable that cache then performance is really terrible even on a LAN. And with that cache in place cache coherency between is a problem. Let me just drop there here. "Stale NFS file handle." 17:13:11 rwp: this is what delegations fix 17:13:18 And therefore it requires careful design of inter-operating client systems in that environment to avoid the issue. But if you are heads-up about the client side file cache then you can make really good use of it. 17:13:41 delegations allow local caching without the historical issues this causes with concurrent modifications 17:13:44 Read caching for "random access" filesystems is just hard. 17:13:53 ie., it's hard to know what to cache. 17:16:13 Where do I find more about those delegations? 17:20:22 i don't know if it's documented anywhere, but if you mail fs@ rick might have more info 17:20:26 Hmm wait, according to the nfsv4 manpage I've already fully enabled them 17:21:11 even if you enable them, freebsd didn't have full support until very recently and then only in -CURRENT, and even then i'm not sure everything has been committed yet 17:25:20 Ah well. But good to know for the future. For the next weeks, the slightly worse performance will have to do. 17:26:18 zilti: Stupid question but, if s3backer was "suitable", why not drop minio on the remote end and use that until you can get local NFS? 17:28:25 wavefunction: Because the way it creates the file system is different. So I'd have to create a fresh ZFS again when switching. 17:30:53 This is a new one: GEOM_ELI: Crypto request failed (ENOMEM). gpt/s10-10t-backup.eli[WRITE(offset=2534816686080, length=614400)] 17:34:12 This is with 14.3. That seems like fairly unfortunate memory handling. 17:47:44 i thought minio did some license change recently.. maybe it was removing the GUI from the community edition.. 17:50:41 there are other s3 compatible backends than minio 18:00:41 rclone can be an s3 backend in a pinch 18:25:21 question.. when i use startx i have exec sxhkd & and exec dwm of course not on the same line.. when i use this sometimes my x freezes and i can't do anything.. ctrl alt delete dosen't work.. switching to a tty dosen't work.. i have to ssh in then reboot it.. any ideas why ? when i don't have sxhkd in .xinitrc everything works fine 18:25:47 i was opened a thread about this 18:25:49 no one replied 18:25:51 wait a sec 18:26:20 nxjoseph: i see you on the forums a lot 18:26:28 oxbar, haha nice 18:26:46 https://forums.freebsd.org/threads/super-key-hangs-after-restarting-sxhkd.91173/ 18:26:59 i guess it happens when you reload sxhkd config? 18:27:04 i should have googled or looked first.. watch it be something silly 18:27:10 nxjoseph: probably 18:27:21 i use dwm too, back then i was using bspwm 18:27:30 i just set keybindings in dwm config 18:27:32 does your window manager not have it's own key handling? 18:27:40 rtprio, it does have but in a .c file 18:27:49 not everyone prefer it 18:27:55 no shit 18:28:12 rtprio: yes but i don't like using it.. i just like a straight forward keybinding.. well i could do it but i like sxhkd 18:28:32 yes, i like sxhkd too, it's too easy to set shortcuts 18:29:05 oxbar, what's your name on forums or don't you have an account 18:29:09 maybe i see you too 18:30:00 rtprio, not a .c file but config.def.h 18:30:07 header file i guess 18:30:30 AFAIK there is no solution to that sxhkd problem 18:31:14 i will just use the deraults 18:31:20 Thanks though :D 18:31:25 defaults* 18:31:29 you're welcome. what were the defaults? i don't remember them 18:31:35 maybe dmenu and suckless st 18:31:47 super+shift and enter i think 18:31:55 yes, right 18:31:56 or mod 18:32:03 i use alt key 18:32:06 dunno what's the default 18:32:11 ok late 18:32:40 it seems there are no PRs filed on bugzilla about this problem 18:32:50 maybe sxhkd is just not working on freebsd 18:33:07 IIRC, it was happening to me right after reloading the sxhkd config 20:00:17 For those with ryzen platforms, how does the latest release do? I'm running an older dual-xeon E5-2680v3 box and looking to build a new large-storage box. 20:00:39 im on 14.3 with ryzen 3 4300ge 20:33:02 nxjoseph: Is it "grunty" enough 20:33:51 grunty? idk it 20:33:59 Looking at a ryzen9 9950x just to get the strongest "throughput" for my machine. 20:34:36 iirc, there were someone who use r9 99xx on forums 20:35:57 Thank you! I'll search there. 20:36:16 you are welcome, i might give it a try too after my work ends 22:18:25 geez 14.3-RELEASE is a big one 22:18:39 been too busy to update, taking agesss 22:18:53 has anyone played with the iwlwifi stuff? 23:13:20 polarian: haven't played with wifi -- full release was tough on my machine though. I made several errors during the pkg upgrade and "lost" a couple dozen packages. 23:18:50 Good news is, nothing is Actually broken. 23:19:11 ugh it seems 14.3 has broken iwn for me 23:19:14 wifi borked now 23:19:29 so we get fancy new 802.11ac andddd... 802.11n is now broken? 23:19:32 and I discovered a bug where I wasn't archiving a copy of my pkg-export like I thought, so, win-win 23:19:48 maybe for you I have no wifi 23:20:03 wifi connects to ssid then I get a wpa supplicant error 23:20:15 *sigh* 23:20:20 no dmesg errors tho... good sign I hope! 23:20:40 also I will need to recompile drm-kmod 23:20:59 polarian: You can get a binary from pkg now. 23:21:09 mason: it works now? 23:21:40 so if I pull in pkg updates the drm-kmod pkg will be compiled against 14.3-RELEASE? 23:21:57 polarian: pkg upgrade -r FreeBSD-kmods (per mzar) worked for me 23:22:05 polarian: See /etc/pkg/FreeBSD.conf 23:22:16 hmmm 23:22:31 will investigate... 23:22:37 right now its bedtime though :) 23:22:43 polarian: sleep well 23:22:48 how come every freebsd update goes terribly wrong for me ugh 23:23:00 polarian: Not just you. I've had tons of things explode over the years. 23:23:04 Crazy things. 23:44:37 im kinda pissed at freebsd right now.. nothing the company did but i probably did something wrong.. im on a laptop everything works sound everything.. today i turned it on went to a meeting and my video and audio weren't working.. had to talk on the phone.. i don't know what to say 23:49:51 The "company" ? 23:51:56 nothing personal against freebsd 23:51:59 im just pissed lol 23:53:35 Sure. It's just... managed by a foundation rather than a Corporate structure, IIRC. 23:53:38 :shrug: 23:53:54 polarian: Here's salt in the wound :( https://freebsdfoundation.org/blog/the-road-to-better-wi-fi-on-freebsd/ 23:54:35 Oh, this might actually help. https://freebsdfoundation.org/blog/how-to-unlock-high-speed-wi-fi-on-freebsd-14/