Tenkawa: /38

oops

multitasking :(

Haahaa np..

I'm trying to track down a mystery kerberos library hiccup

hi all i am God Husband and The Eathquake guy Nice to Meet you all ... . your president and prime minister too , How Life been citizen ... .

ai slop in irc now?

How would I use EXTRACT_ONLY (docs.freebsd.org/en/books/porters-h…andbook/book/#makefile-extract_only) for DISTFILES that are autogenerated?

tuaris: That's a fine question. You'll likely get a more informative answer from the #FreeBSD-Ports channel.

Hello. I have a question about setting up X with an Intel 945GM integrated graphics card. In particular, am I correct in the understanding that it requires the "legacy" Intel graphics?

*driver

Attempting to follow the instructions provided in the handbook yields X working with graphical errors upon loading.

Should I use this freshports.org/x11-drivers/xf86-video-intel instead?

I'm getting essentially freebsd.org/security/advisories/FreeBSD-EN-24:09.zfs.asc on 14.3-p1...

0 root -8 - 0B 3056K CPU5 5 87.8H 96.21% kernel{arc_prune}

anyone have a rough idea of how much resource overhead jails add? like i'm wondering if 5k tiny server processes would take much more if each server process was in its own jail with access to its own port of the main system's ip

jails are funky chroots

if you are not doing VNET there's almost no overhead

Also, is MATE (fisrt time using — decided to check out) supposed to take a bit to actually load my background image?

I'd guess that using an almost 20 year old system could be a factor, but it may also be normal. Wouldn't know.

duskgale: with an SSD it *should* be fine? SATA is older than 20 years after all

>With an SSD

No SSD in sight.

how large is the image then

I've an 120GB HDD running amd64-stable.

120 GB is closer to 25 years old than 20

it probably cannot do more than 100-120 MB/s linear

So, it's just my drive being slow?

if your background image is 10 MB+ and fragmented, yeah

you'd hit IOPS

especially as you are starting your DE which means lots of other stuff doing disk reads?

It happens even with default ones. I'll check I/O stats later, but the computer does start lagging tremendously on big amounts of disk writes.

duskgale: remember that with spinning rust and random read/write operations your IOPS drops down to double digits

compared to thousands for SSDs

When I was building large programs from source a few hours in my WM would be barely responsive

also check smartctl output because I would not trust 120 GB spinning rust in 2025

especially if it is Seagate, WD, or Samsung

Hitachi should be fine

though I guess it was still IBM then?

do vnet jails add enough overhead that running a network intensive server (nginx) in a jail is prohibitive?

kerneldove: not in my experience

know how much cpu overhead it would add?

is it like .1% or like 3% or?

kerneldove: for reference I am running Apache in one jail and PHP-FPM in another, and requests go haproxy -> varnish jail -> apache jail -> php jail

I do not really see much overhead but I did not compare it to not running in jails

would be great to find some comparison benchmarks

epair_task stays under 2%

It's the HDD that was presumably originally shipped with the machine. I got it with Windows, and I'm fairly sure I ran CDI to check how it's doing.

Unless I'm misremembering, it came out with good results.

I'll run some tests later. You're probably right, though.

duskgale: does `egrep '^(ad|ada).:' /var/run/dmesg.boot` give you a model?

Hold on.

It's a WD drive.

This one.

is there a command that returns how many subdirs it has in it or 0 if none?

subdirs a dir has

oh no a netsplat

kerneldove: `find <path> -type d | wc -l` is an option

i went with ls -l . | grep ^d | wc -l, is either better than the other?

that's wow

I wouldn't haha

?

using grep for this is weird to me

the one downside of find in my example is it will list the path itself too

i just want the count

not sure what you mean

you said it lists the path itself

yes, the number is +1

so `find /tmp -mindepth 1 -maxdepth 1 -type d | wc -l` would give the number of subdirectories without recursion

and without counting itself

mindepth 1 removes that self entry

ah ok that 1 will work ty

it should also be faster than using grep

ok what about this, how can i count up the number of files in any dir named "foo" under "somepath"?

kerneldove: have you tried using find

i tried 2 times. 1. find . -type d -name foo -exec find {} -type f | wc -l. 2. find . -type d -name foo -exec sh -c 'find "$0" -maxdepth 1 -type f | wc -l' {}. but neither worked

Why do you have "-name foo" there?

i only wanna count files in dirs named foo

Makes sense.

you could chain with xargs probably

you can pass multiple paths to find

duckworld: actually maybe something like... find `find path -type d -name foo` -type f -maxdepth 1

(why use the deprecated barely noticable `…` syntax instead of $(…)?)

i got something working but not sure if it's totally right: find . -path '*/foo/*' -type f | wc -l

find . -path '*/foo/*' -type f -printf . | wc -c works on linux but on freebsd it says find: -printf: unknown primary or operator \n 0

yay! find . -path '*/foo/*' -type f -exec printf %.s. {} + | wc -c works on linux AND freebsd

instead of spawning many printf processes find . -path '*/foo/*' -type f -print0 | tr -dc '\0' | wc -c is probably better (use NUL as terminator, delete anything else and then count the number of NUL bytes

that seems even better nimaje. it works on freebsd and linux too

tyvm

comment from #bash: it won't spawn printf for every single pathname traversed but that method might end up being faster. however, you must specify LC_ALL=C tr -dc '\0', otherwise some implementations of tr(1) will try to decode according to the effective ctype (probably UTF-8) and fail with EILSEQ.

pathname components may contain arbitrary bytes (other than NUL and /), so one must allow for it.

what do you think nimaje?

fwiw it works on freebsd and linux too

yeah, that LC_ALL=C tr … should make it more robust and yes, the -exec printf %.s. {} + will not spawn printf for every path, but it will spawn an unknown number (bounded by the number of paths) of printf processes, so 'many', why the tr way spawns statically knowable exactly three processes (and that was my point)

ok ty!

nimaje: because it is hard to teach new tricks to an old pony

I always go like 'but $() won't work in my IRIX machine's default shell'

anyone have recent benchmarkings/numbers on how much overhead jails add? less than 1% or?

that is a weird question

and any overhead is going to be really specific to operations, it's not just gonna be a flat "< 1%"

does other container implementations add overhead?

e.g. if you're using Docker with a lot of layers, I think that can add overhead

so usual linux being crap stuff

more Docker being crap. if the same concept were implemented anyplace else, it'd be similarly problematic

or the position could be.. is it more efficient "virtualize" an environment or buy a whole new set of equipment?

for the sorts of things containers are used for, it's almost always for where new equipment would just be silly

yes, it is valid question to ask.. what is the "overhead" with a follow-up of.. what are you trying to accomplish? and is the virtualization of your environments warrant going forward with analysis. but to each their own.

kevans: what do you think about an IFF_L2ONLY flag (or maybe a cap makes more sense) that prevents L3 addresses being assigned to an interface? i'd mostly like this for bridge but i wonder if there are other places it's useful

Anyone run into this before?

ld-elf.so.1: Shared object "libprivateheimipcc.so.11" not found, required by "libkrb5.so.11"

I can't find any references to libprivateheimipcc out there..

Tenkawa: are you on main? if you updated past c7da9fb90b0b you must do a clean build (delete objdir)

I "think" I did.. but I'll wipe it and try again

Thanks for the pointer

you also need to rebuild all ports, in case that error came from a port, i'm not sure if the builders have updated yet or not

(well not all ports, all ports that use base kerberos)

It was from a pkg... I have no ports on this boxz

s/boxz/box

well same thing, if you're installing ports from packages the packages need to be rebuilt

I wonder if I might have to switch them to ports due to that

yeah

alternatively you can build src with WITHOUT_MITKRB5, but if you're using pkg.f.o packages, that will break again once the builders update

Honestly I'd prefer not to have KRB at all...

yeah... I was worried about that..

I just found an arm64 board that works great and I'm trying to tune it.... thats when I started discovering these things

ivy: it seems like like a flag would be a better fit, unless you're suggesting an (inverted from your flag sense) L3 capability that you have to add on probably in a few places

?

kevans: an L3 capability might make more sense but also feels more invasive.. the idea was the bridge would set L2ONLY when you add a member interface

right, an L2ONLY capability would be kind of weird since you can traditionally disable caps via ioctl, but you'd want this to be immutable as long as it's still in

you can change flags, too, but we already have the notion of IFF_CANTCHANGE

an alternative would be to have per-AF caps (or some similar system) so an interface has to indicate it supports inet and/or inet6... for example that means you could prevent wg interfaces from having OSI addresses configured on them (not that we support OSI, but...)

i'd bring it up to -network@ folks

sometimes they respond if you write something egregiously bad enough, which may be your indicator

(sometimes they don't respond at all)

er, -net, sorry

Hi. I just had this peculiar error message from pkg: `pkg: An error occurred while fetching package: No error

The easy guess is that time was out of sync, given that it is a VM and it was suspended

so I actually fixed it with `ntpd -qg`

Anyway, the error message is somewhat misleading. Should I flie a bug report?

ivy: interesting.. after rebuilding and still having the problem I ended up verbose truss tracing the problem and curl ended up being being the root issue..

It doesn't hurt ot file a bug. . . though I'm not sure it's right to say the error message was misleading. . .

I mean, did it explicitly tell you your system time was off? No.

No, it did not. I guessed it

Well, not misleading, but incorrect

For all it knew, the server's time was off - point was, there was an unacceptable delta between them.

CrtxReavr: since there was an error, it should obviously not say "No error"... i believe there's already an open bug about this, it seems to happen with any TLS failure

ivy, that I'd agree with.

Something like "SSL kaboom" would have put me in the right direction, let's say

(basically, it's not reporting the error from openssl properly)

Oh, if there's already some error, I guess it's OK :)

s/error/bug report/

dacav, what does this return?: openssl s_client -connect <server>:<port>

Oh, late, sorry

Well. . . now you've corrected your time.

well, I can try to restore the snapshot, and the time will be off again!

Hold on

I used to run labs use to develop and test NAS devices. .

I got a request from the testers for an NTP server that would be very wrong.

It took more effort to setup time I would guessed.

haha, yes, i suppose it would

ah, the existing issue is for pkg-static: bugs.freebsd.org/bugzilla/show_bug.cgi?id=286532

how did you end up doing that

but i've definitely seen it with non-static pkg as well

verify error:num=9:certificate is not yet valid

that's great, ivy. Thanks

interesting libcurl is where my break was with that unrelated other library problem I ws just working on...

i think i saw that 'no error' when dns was working but my default router was not

rtprio, it's been. . . a scary long time ago. . . but I deployed a FreeBSD VM. . . and I think it involved both setting the time arbitrarily wrong, but also setting a runtime option for ntpd to not sanity check itself on launch.

It did work though though. . . the testers could ssh in, set an arbitrary system time and restart ntpd, and it would serve the wrongly set time.

CrtxReavr: i had a system where freebsd picked the wrong timecounter, and ended up gaining a minute for every minute

So they were able to test the ntp client on our NAS devices.

I did a lot of crazy shit with FreeBSD in that job.

One of the cooler things was doing "WAN emuation."

I used a FreeBSD box as a router, and the testers were able to introduce arbitray levels of bandwidthy, latency, and a precentage of packet loss.

So they could test remote filesystem mirroring on a "WAN" connection that was literally in the same cabinet.

Used ipfw & dummynet for that trick.

The "magic sauce" on that config was that that the settings for the ques were applied both inbound and outbound, so you had to actually cut the desired values in half, since they'd be applied twice.

queues

arc_prune eating 100% of a core was unexpected

wish I was on 13.something so it could be fixed with an update but no, 14.3, and the code matches the patch

I encounter enough whacky issues with apps, networks, and my own sketchy code. . . I don't need issues with my OS as well.

It's been so rare that I've been excited about a new OS feature on FreeBSD.

thank you for your input

i wrote a bit about the new bridge stuff in 15.0: people.freebsd.org/~ivy/bridge_vlan_filtering.txt (mostly while we're waiting for the manpage to be updated...)

Is there a good tutorial out there for migrating a zfs os drive to another drive? Now that I am more confident this system is going to run well I want to move it to a better performing drive.

I have a second NVMe drive already connected via PCie if it is possible via oniine mirror/detach method.

Tenkawa: man zpool-add

Thanks

if it's the same size

unfortunately its not.. its a few gb smaller... making this a bit ... problematic

no, don't use zpool add for this! you want zpool *attach*

... ope

That does look more adaptable

(well, i suppose you could zpool add the new device then zpool remove the old one, if you're on a recent enough version, but this leaves a bunch of bookkeeping data around)

llua i didn't ask if jails added overhead, i asked how much. so no it wasn't a weird question you just misconstrued it as weird

and for type of workload, lots of network traffic. so imagine a webserver in a jail

it wasn't miscontrued

i just asked a question in response

anyone here by chance play around with jitsi, that is available in ports?

kerneldove: may i could ask in a different way.. do you have a cohort (user group/count) that is expected to use service? say 100 concurrent users? 1000? 2000?

a couple thousand active udp peers

using nginx or apahce?

ya that's the kinda example i use

voy4g3r2 ^