06:44:15 <kerneldove_> how can i debug why my box is showing 20% packetloss when i have a 1gbit inet connection and sudo iftop only shows 120Mb of combined traffic rate?
06:44:42 <kerneldove_> igb driver fwiw
06:45:12 <kerneldove_> i got a lagg if over igb0 and igb1 fwiw
06:56:26 <divlamir> the problem could be anywhere between you box and the destination, not necessarily your box itself.
06:57:02 <kerneldove_> if the problem is my box, how could i debug it? like if my OS needs tuning
06:57:17 <kerneldove_> or can a default freebsd handle 1gbps of mostly udp just fine?
07:02:20 <divlamir> I'd use iperf on a local network for a bandwith test like that
07:02:22 <kerneldove_> in other words how can i see if my OS is overloaded and needs expansion of tunables
07:02:29 <kerneldove_> can iperf test udp?
07:02:33 <divlamir> yes
07:03:18 <kerneldove_> ok great idea. btw i tested pinging the box from another box in the same DC that ISNT having packetloss issues, and packetloss is showing same 20%
07:32:44 <divlamir> btw, UDP tests with iperf3 default to 1Mbit/s, don't forget to use sth like '--bitrate 1G' on the client side
07:33:46 <kerneldove_> ok ty
07:37:49 <divlamir> and you can reverse the sender with '-R' to see which one chokes
07:48:29 <kerneldove_> do you think my cpu being used 94% would explain the packetloss?
07:55:59 <iRobbery> check your IRQ usage
07:57:13 <kerneldove_> ok i got the numbers with vmstat -i, how do i know if the numbers are too high?
07:58:00 <iRobbery> depends on too many factors to give a number
07:58:12 <kerneldove_> ok so how do i make use of the numbers then?
07:58:52 <iRobbery> top -P -S
07:59:06 <iRobbery> how much percentage irq you see per thread?
07:59:44 <iRobbery> 30 and more packetloss is probable
08:01:08 <kerneldove_> by per thread do you mean the per cpu count at the top?
08:02:02 <kerneldove_> because for all of those cpu lines, the interrupt is 0.0% or so
08:02:09 <kerneldove_> sometimes 1 will be like 0.4%
08:02:23 <kerneldove_> idle is around 60% for each
08:03:41 <kerneldove_> oh sorry wrong box, interrupt is same but idle is like 9% for each
08:04:06 <iRobbery> idle machine interrupt is at 9%?
08:04:51 <kerneldove_> the box with 20% packetloss is showing interrupt at either 0.0% or 0.4% for each cpu core, and idle around 7%
08:04:55 <kerneldove_> for each cpu core
08:05:28 <Alver> Have you replaced the cable?
08:05:44 <kerneldove_> no
08:05:50 <iRobbery> worth a try too
08:05:53 <Alver> 9 out of 10 times when I've seen packet loss it ended up being a stupid hardware issue. Mostly cable.
08:06:20 <kerneldove_> is there anything else i can check to see if it's on the OS level? box is in a DC and i don't wanna bug them unless i kinda need to
08:06:42 <Alver> Hm, DC cables are usually decent enough quality.
08:06:58 <Alver> (the people there know how to make them, and usually do test before use)
08:15:09 <iRobbery> can you check for broadcast traffic, is your network limited to just you, or you share switches with other parties?
08:15:42 <iRobbery> do you have pocketloss locally there too between boxes you run? or is it towards el internetzo?
08:15:43 <kerneldove_> how do i do that? pretty sure we share
08:15:49 <kerneldove_> yep
08:16:06 <kerneldove_> from another box there that has no packetloss, when i ping the lossy 1 i get same 20% rate
08:16:14 <iRobbery> well then you could create a ticket i guess, and some of the dc people can check stats, you would not need to pay for hands on support afaics
08:16:38 <kerneldove_> what do i ask them? what's the point about broadcast traffic?
08:17:40 <iRobbery> You could write that you have packetloss on one of your machines, and if they can verify the switch isnt overloaded or something in that line
08:21:09 <Koston> I have an Atom C3558 mini-PC, with broken uart(4) which tends to freeze the box entirely. this only happens when booted with EFI; legacy bootloader works fine. bug persists through 13.5 to latest CUR snapshot. is this worth reporting or should I just disregard it as a firmware issue?
08:22:14 <Koston> fwiw, Linux w/ EFI works fine, but I quickly tapped out from reading / cross-referencing fbsd and linux serial driver sources on account of time and sanity
08:22:15 <kerneldove_> so as long as the cpu core interrupt % is less than 1, it's not overloaded NIC causing packetloss. is there anything else OS level i could check for causing packetloss? like some kinda network buffers getting overfilled or?
08:22:26 <kerneldove_> i'm not using any firewall like pf atm, fwiw
08:23:06 <Koston> even if cpu core ran >90% interrupt handler it shouldn't cause packet loss
08:23:21 <kerneldove_> dang
08:28:07 <AmyMalik> it should only cause packet loss if the CPU is veritably overloaded
08:29:00 <kerneldove_> what do you consider overloaded? top shows idle around 5%
08:29:34 <AmyMalik> the core is pinned
08:29:41 <AmyMalik> so, 100%
08:29:54 <kerneldove_> ah, damn. any other ideas for what it could be?
08:30:04 <kerneldove_> on OS level. ofc it could be hw
08:31:40 <AmyMalik> try changing the cable
08:32:00 <AmyMalik> your firewall settings could be wonky, but don't assume that if they've not changed since before this started
08:32:26 <kerneldove_> no fw enabled
08:33:58 <AmyMalik> you've eliminated every OS level possibility, I think. try changing the cable. if that fails, press your backup switch (assuming you have one) into service.
08:34:10 <AmyMalik> concretely: power it up, and plug all your cables into it
08:34:15 <AmyMalik> and then power down your main switch
08:34:18 <AmyMalik> then retest
09:24:36 <divlamir> not an easy task in a remote DC..
10:53:02 <kerneldove_> dropped the cpu usage from 95% down to 75% and the packetloss went away. why?
11:23:10 <Onepamopa> Does ifconfig_<iface> / _alias<x> do any ordering? Asking, because I'm configuring the "primary" IP as a first, then adding alias1/2/.... but for some reason the first IP goes last?
11:24:41 <Onepamopa> tried "ordering" them as alias0(the primary IP), 1/2/3 but still.. the 1st goes last ?
11:48:10 <divlamir> ifconfig_iface_alias0 is not the primary IP, it's the first alias
12:38:35 <Onepamopa> divlamir I said I tried... but nomatter what I tried, the 1st IP I set is never actually set as the 1st IP (i.e. the one that is used for outbound traffic by default)
12:39:12 <Onepamopa> had to do some fuckery with defaultrouter and -ifa
13:36:03 <Remilia> Onepamopa: ifconfig iface0 inet A.B.C.D/N alias prefer_source
13:36:26 <Onepamopa> rc.conf equivalent == ?
13:36:29 <ivy> prefer_source is only for IPv6, isn't it?
13:36:53 <Remilia> ivy: oh are we talking aobut v4 hmm
13:37:17 <Remilia> was disconnected from the bouncer, sorry
13:38:02 <Remilia> and brain fried
13:38:41 <Remilia> wonder if you could use pf for this
13:39:43 <ivy> Onepamopa: are the netmasks set correctly?  usually the source address for the route will be whichever IP address can reach the router (/24 or whatever) while the aliases will be /32s.  this doesn't work if your primary address is also a /32, though
13:40:26 <Onepamopa> the netmasks are all /32 (it's a VPS, I don't have much choice), even though I tried setting a /24 mask on the primary IP, it still ended up being last in the "list" ...
13:41:13 <Onepamopa> the 3 aliases are 51.38.xxx.xxx
13:41:14 <Onepamopa> the primary IP is 51.75.xxx.xxx
13:41:16 <ivy> try this: assign the primary address to the external interface, and configure the secondary addresses as aliases on lo0
13:41:34 <Onepamopa> something "orders" them in a way where the "smaller" IPs are at the top
13:42:28 <Onepamopa> and the aliases would be reachable via vtnet0 when they aren't aliases on it?
13:42:47 <ivy> yes.  at least this is how it works in IPv6, i don't use this setup for IPv4 but i think it should also work
13:43:18 <ivy> the main difference is for IPv4 you need at least one IP address on the interface itself, for IPv6 you don't, but in this case you want an address on the interface anyway so that's fine
13:43:24 <Onepamopa> that's so un-intuitive....
13:44:00 <ivy> in Linux, there is a feature called prefsrc that can be used to set the default source IP address for a route.  i'd like to have that in FreeBSD, but currently we don't
13:44:43 <Onepamopa> defaultrouter="51.75.xxx.1 -ifa 51.75.xxx.xxx"
13:45:10 <Onepamopa> that's the fuckery I referred to earlier
13:46:50 <Onepamopa> and my surprise when setting an IP address and then aliases... results in that IP address being sent "downwards" for some reason, who "tells" it to "move" ? :)
14:43:46 <Onepamopa> for some reason... even -ifa doesn't work
14:46:51 <ivy> what are you expecting -ifa to do?  that doesn't affect source address selection as far as i know
14:49:56 <Onepamopa> well... setting the aliases @ lo0 also doesn't work... nginx listens to 1 of them, trying to connect from the "outside" - no packets @ vtnet0, nothing ...
14:50:43 <ivy> no packets at all would mean that IP address isn't routed to your VM at all, you should see incoming traffic regardless of local network configuration
14:51:03 <Onepamopa> it is :) and there are packets when it's alias @ vtnet0
14:51:34 <Onepamopa> so all I changed was ifconfig_vtnet0_aliasX -> lo0
14:52:23 <ivy> do you see ARP requests for the address?  maybe it's done via L2 instead of routed (in which case, ugh)
14:55:17 <Onepamopa> yup.. there's arp for the aliases
14:55:44 <ivy> that is a horrible configuration, i cannot think of a solution off hand
14:55:53 <Onepamopa> that's OVH for you
14:56:01 <Onepamopa> needed a test vps for some fuckeries I'm doing...
14:57:06 <TommyC> Oracle has free ones iirc.
14:57:15 <ivy> Onepamopa: you could try adding a static ARP entry for the address on vtnet0 with the "pub" keyword (see arp(8)), iirc this doesn't actually work though, but i can't remember why
14:57:28 <ivy> i.e., put the address on lo0, but add the arp entry on vtnet0
14:57:29 <Onepamopa> what's horrible IMHO is the fact that previous versions of freebsd weren't doing this fuckery... the 1st IP was 1st IP, all IPs were added in the order they're in as aliasX Y Z ...
14:58:02 <ivy> that basically makes the machine proxy arp for its own address, which is... weird... but this is why i prefer to avoid cheap VPS providers :-)
15:01:29 <Onepamopa> I'll put money where my mouth is and reinstall using 13.5-stable (currently the VPS is 14.3-stable... just want to confirm this F-ing behavior (got servers with 13.3 where this F-ing behavior isn't observed - 51.210 is the "1st" IP, then some 91.xxx aliases, then 51.30 aliases - at the "bottom")
15:21:20 <divlamir> Onepamopa: just tried in a vm, and seems to work here, an old vm running 14.1-RELEASE. will do a freebsd-update to see if it misbehaves
15:21:26 <divlamir> https://bpa.st/PQPQ
15:31:18 <Onepamopa> divlamir here's what I get: https://bpa.st/KYPA
15:31:18 <Onepamopa> 1 alias completely missing, IPs not added in the order of rc.conf ....
15:33:10 <Onepamopa> any..... ideas ?
15:34:20 <Remilia> and that's after a system reboot with that rc.conf?
15:34:30 <Onepamopa> yep, after reboot ..
15:34:40 <divlamir> hrm
15:35:00 <Onepamopa> divlamir my thoughts, exactly ....
15:35:21 <divlamir> still working here after updating to 14.3-RELEASE-p4
15:35:52 <Onepamopa> I'll switch kernel/world to 14.3-release, rebuild and get back to you .... if you think it's a "releae vs stable" issue ..
15:36:02 <Onepamopa> would take a couple of hours tho
15:36:27 <divlamir> it weird, no idea
15:36:47 <Onepamopa> okay, I'll rebuild and see if that'd still be the case
15:36:55 <divlamir> don't have a stable at hand to test it with
15:37:25 <Remilia> I switched to binary updates for base system years ago so no more STABLE for me too
15:37:47 <Remilia> my kernels are custom but not the base system haha
15:37:56 <ivy> Remilia: with the magic of pkgbase, you can now run -STABLE and still get binary updates!
15:38:13 <ivy> although i don't recommend doing this until 15 is out
15:38:20 <Remilia> I'm not really into that
15:38:30 <Remilia> just need to stuff to work and RELEASEs are good
15:39:38 <ivy> yeah, right now i run main everywhere but i think i'm going to switch to 15.0-RELEASE for non-dev systems
15:39:54 <ivy> there's a limit to how much you want to be wasting time on that stuff
15:41:10 <Remilia> Onepamopa: tbh if there are no weird control codes in the rc.conf statement for alias0 and yet the alias is not brought up, it sounds like your rc framework is broken in a weird way
15:41:29 <Onepamopa> question would be... why / how
15:45:21 <Remilia> Onepamopa: 14.3-RELEASE-p3, all aliases are added in order of appearance, none are droped
15:45:32 <Remilia> dropped*
15:45:50 <Remilia> (this is in Hyper-V, I used /32 for all of them)
15:47:04 <Onepamopa> Remilia I'll just backup some stuff from the VPS and reinstall it via the OVH panel. I think it's 14.3 by default, will see if the fuckery with the aliases persists on a "clean" system
15:47:42 <Remilia> btw could you perchance avoid the f-bombs here?
15:48:15 <Onepamopa> sorry about that... it's just frustrating AF :)
15:48:48 <Retrofan> Hi guys
15:51:01 <Retrofan> Could I use ZFS only for my personal partitions not disks, and not system disk
15:51:17 <ivy> yes, there is no requirement to use ZFS for root, UFS remains fully supported
15:52:00 <Retrofan> and will that help in testing the freebsd 14 upgrade?
15:52:15 <Retrofan> without breaking my system
15:52:18 <ivy> help in what way?
15:52:44 <Retrofan> Someone here said that to me few months ago
15:53:04 <ivy> if you don't use ZFS for root you don't get boot environments, which is the usual way to test upgrades and roll back in case of problems, so if that's a concern for you, i would suggest using ZFS root
15:53:22 <Retrofan> How?
15:53:32 <Retrofan> after I installed the system
15:54:02 <Retrofan> and I will it break my whole installation?
15:54:58 <ivy> there is no built-in way to convert an existing system to ZFS root, you need to create the zfs pool and copy the system over by hand, i would not recommend trying that if you aren't already quite comfortable with ZFS and the FreeBSD boot process
15:55:31 <Retrofan> Ivy: yeah I feel it will be danger
15:56:08 <Retrofan> And I just want my system to use UFS for root
15:56:15 <Retrofan> And ZFS for my data
15:56:40 <ivy> that's fine, but then you can't use ZFS-specific features for upgrading, so it's up to you
15:57:37 <Retrofan> Could I use something like external hard drive for that (ZFS-specific features for upgrading)
15:58:30 <ivy> no, because it relies on the root filesystem using ZFS
15:59:08 <Retrofan> Ok, thank you :)
15:59:34 <Retrofan> ivy: This why I want LTS for freebsd
16:00:20 <ivy> i'm not getting into that again
16:00:21 <Retrofan> Like using the same version for +4 years with no concern about upgrading..
16:00:42 <Retrofan> Ah, then it was you heh
16:00:53 <Retrofan> I just forgot
16:09:48 <Onepamopa> Remilia divlamir ivy .. "clean" 14.3-RELEASE-p2 after reinstall via the OVH panel ... still does the exact same ******* ....
16:10:12 <Onepamopa> so, either OVH changed something, or .... no clue
16:10:30 <Onepamopa> (and by changed, I mean - screwed up)
16:11:26 <Remilia> do you get any error messages if you try to add the missing alias manually?
16:12:15 <Remilia> also is it an image provided by OVH because who knows what they add there
16:12:24 <Onepamopa> it's not only the alias that is missing, it's the complete "Misalignment" of the rest ...
16:12:49 <Onepamopa> it's a VPS from OVH installed using their image, so I'd imagine they F-ed up, badly
16:12:52 <Remilia> it does not matter for diagnostics purposes, delete all aliases and add them manually in the order you want them, see what happens
16:13:01 <Onepamopa> okay, moment..
16:14:45 <Remilia> I would not be surprised if OVH has some daemon/startup service of their own that configures stuff itself
16:15:23 <Onepamopa> Removed all aliases, reboot, added manually - no issues - aliases appear normally and in the order I added them in...
16:16:15 <Remilia> that means something weird is going on with your rc subsystem
16:17:34 <Remilia> I'm just going to try your exact configuration with my hyper-v VM as an experiment
16:17:55 <Onepamopa> not mine, their...
16:18:14 <Onepamopa> I'll F-ing destroy them in a ticket .... SHORTLY
16:18:16 <ivy> Remilia: OVH maintains cloud-init in freebsd, so i assume they're using it on their platform
16:18:53 <Remilia> oh
16:19:09 <Onepamopa> the only thing I don't recognize is: 858 u0- I    0:00.00 /bin/sh -o verify /etc/rc autoboot
16:19:10 <Remilia> I think I saw cloud-init on this super cheap VPS I have from alexhost
16:19:27 <Onepamopa> cloud-init.. how to stop this **** ?
16:20:02 <ivy> you can probably turn it off in rc.conf
16:20:12 <ivy> i think the service is called nuageinit, unless they install the ports version
16:20:29 <Remilia> Onepamopa: https://bpa.st/4RCQ as you can see here
16:21:10 <Onepamopa> yeah, obviously they F-ed something up, question is how to find and stop it
16:21:35 <Onepamopa> I was already rebuilt kernel + world ... that didn't help
16:21:56 <Remilia> it wouldn't because cloud-init is not in the base system
16:22:24 <divlamir> i see u have qemu_guest_agent_enable=YES, try disabling that too maybe
16:22:26 <ivy> Remilia: it is: /etc/rc.d/nuageinit.  although i don't know what version this was added in
16:22:45 <Remilia> oh
16:22:52 <ivy> it's not "cloud-init" (the software) but it is an implementation of the cloud-init spec
16:23:00 <Onepamopa> divlamir already tried, it's not it ..
16:23:11 <divlamir> ok
16:23:25 <Onepamopa> nuageinit is also the 1st thing I disabled ...
16:23:34 <divlamir> nuageinit is already disabled in your prevoius rc.conf paste
16:24:08 <Onepamopa> yeah, was enabled by default
16:24:54 <divlamir> didn't know they provided FreeBSD images, I use mfsbsd to install my vps from the qemu shell
16:24:55 <Remilia> tbh I'd check console log
16:25:13 <Remilia> from boot time
16:25:58 <Onepamopa> I think I found the culprit
16:26:02 <Onepamopa> just a sec...
16:26:05 <divlamir> service -e ?
16:29:47 <Onepamopa> In /etc/rc.conf.d/ -- network and routing ... setting the interface to DHCP, some ipv6 and what not
16:30:10 <Onepamopa> commented out everything, reboot, voila - everything - as - expected
16:30:41 <Retrofan> Ah guys did you added the bug warning in HP 6305 SFF bios  to wiki?
16:31:09 <Retrofan> I don't want other users suffer from that..
16:32:43 <divlamir> Onepamopa: nice!
16:33:26 <divlamir> The wiki is not really meant for bug reports, there's bugzilla for that, and you can submit your report there
16:34:33 <divlamir> But iirc it was not a freebsd bug, but hardware issues, wasn't it Retrofan?
16:38:10 <divlamir> I left OVH for Hetzner when my vps in Strasbourg melted in the fire. Looking at the pricing they offer about twice the capacity for the same price, hm. Might switch back
16:38:55 <Onepamopa> divlamir don't get me started on that SBG disaster ... lost a few servers + the backup server which was in a neighboring "room" 1 wall away from the fire
16:38:59 <ivy> divlamir: my one experience with OVH ended when i asked them to replace a failed disk in a dedicated server running NetBSD, and instead they reinstalled the working disk with Linux
16:39:02 <Onepamopa> no backups ... it was FUN
16:39:43 <divlamir> ouch
16:40:31 <divlamir> backup server in the same DC doesn't really count for off-site though
16:40:53 <Onepamopa> well, I had servers in RBX GRA and SBG .. and the backups were in SBG
16:41:06 <divlamir> very bad luck then :-/
16:41:13 <Onepamopa> yep..
16:41:21 <Onepamopa> now I got 2 backups ;)
16:42:03 <Onepamopa> as for hetzner... how are the things in there, anything comparable with ovh's "firewall" / mitigation / etc ?
16:43:00 <Onepamopa> cause... got hit with a few 200-300 Gbps floods, handled perfectly in ovh (drop udp all ;) ), no complaints from them whatsoever.
16:43:08 <divlamir> I found the ovh interface very clunky, hetzner is way better organized
16:43:44 <divlamir> you are talking about ddos mitigations? haven't had any issues
16:44:03 <Onepamopa> so, they have ~same functionality as ovh ?
16:44:04 <divlamir> Though maybe they don't insist on reporting them as ovh
16:44:11 <divlamir> pretty much
16:44:34 <divlamir> and maybe better
16:44:40 <Onepamopa> interesting
16:44:49 <Onepamopa> worth testing at some point
16:44:52 <ivy> re: Hetzner, i remember an issue a while ago where someone reported an abusive customer, and they forwarded the reporter's contact details (real name, etc.) to the customer, which was not a popular move
16:45:17 <Onepamopa> huh
16:45:45 <divlamir> what provider would you recommend in EU?
16:46:08 <divlamir> there's netcup, been looking at their offerings too lately
16:46:22 <divlamir> any comments about them?
16:46:27 <Onepamopa> I wouldn't go with someone smaller than ovh/hetzner to be honest ...
16:46:58 <Onepamopa> seen my share of ddos.. smaller providers just won't handle it properly i.e. your IPs null-routed ...
16:47:13 <ivy> the only EU provider i've tried is Leaseweb and i wasn't super impressed, nothing especially wrong but the service was mediocre.  i guess that's typical for large providers though
16:47:14 <Onepamopa> that just won't do...
16:47:17 <Retrofan> divlamir: yeah but I think it should be mentioned
16:48:03 <Retrofan> Is 6005 bug even mentioned?
16:56:37 <kerneldove_> hetzner sucks. demanded photo of gov ID for a crappy $20/mo ded server
16:56:55 <kerneldove_> didn't buy over vpn, nothing unusual at all
16:57:19 <kerneldove_> EU ded servers are like 50% more than US based
16:57:29 <kerneldove_> same with ovh
17:01:42 <Remilia> I'm using netcup because they offer guaranteed resources
17:02:14 <Remilia> regular VPS stuff scares me
17:02:14 <divlamir> their "root" servers? that is what I am looking at
17:02:19 <Remilia> yes
17:02:43 <Remilia> got one I think 2 years ago?
17:03:02 <Remilia> the 10 vCPU / 32 GB RAM plan
17:04:20 <Remilia> it's a lot faster than my old OneProvider dedicated server (Paris DC) and roughly 40% cheaper
17:04:56 <Remilia> also no iLO3 to deal with and server restart is 1 second instead of 8 minutes of sea of sensors
17:05:39 <divlamir> Yeah, in the end it's has the flexibility of a vps, jsut dedicated ressources
17:05:49 <Remilia> however, unlike OneProvider, their networks keep getting blacklisted by MS
17:05:54 <Remilia> for SMTP that is
17:06:13 <divlamir> ah, but that happens often elsewhere too
17:06:21 <Remilia> never happened with OneProvider for me
17:06:34 <Remilia> I only had to email MS once to whitelist my IP and that was it
17:06:39 <Remilia> with netcup it's like
17:06:57 <Remilia> 'mitigation applied' then a month later relay access denied again
17:07:35 <Remilia> > Diagnostic-Code: smtp; 550 5.7.1 Unfortunately, messages from [94.16.X.X] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150).
17:07:49 <divlamir> hrm, thanks for sharing
17:07:49 <Remilia> and contacting netcup about this is pointless
17:08:53 <ivy> divlamir: i know you asked for EU, but if you can tolerate UK, all my hosting is at https://www.mythic-beasts.com/ now (they do have a presence in .nl, but it's a UK company).  it's not a large company and it's also more expensive than "cloud" providers, so maybe not quite what you're looking for
17:09:16 <ivy> but i've never had issues with SMTP, support is excellent and they're happy to do custom stuff within reason
17:10:29 <divlamir> thank you ivy, will check them out. I prefer EU for geo latency reasons, not anything else
17:12:22 <ivy> the only thing i don't like is their .nl isn't L3 access yet, because they acquired it from another company, but last i heard (from a support ticket answered by head of network engineering) they're working on that
17:12:27 <divlamir> wow, a bit steep their pricing
17:16:38 <divlamir> will stick with hetzner for the moment. I don't need much horsepower, just sth that pushes packets outside of my cgnat contryside hell
17:25:14 <Remilia> ivy: those prices are scary haha
17:26:09 <divlamir> yep
17:27:14 <Remilia> they ask 1000 euro or so for half of what I have with netcup
17:27:24 <Remilia> I pay 330 at the moment
17:27:30 <Remilia> (yearly)
17:28:38 <Remilia> and that's with a bandwidth limit that I would break :\
19:39:35 <polarian> ivy: what happened to using jump networks :P
19:41:25 <s1lversurfer> hi guys, someone here use on freebsd a similar software as Obsidian?
19:44:42 <vkarlsen> I use Obsidian (sometimes)
19:48:01 <s1lversurfer> vkarlsen: nice, but do u emulate it or install using rpm/deb mechanism of linux binaries compatibility of freebsd?
19:48:28 <vkarlsen> s1lversurfer: I install textproc/obsidian from ports
19:48:45 <s1lversurfer> i'll check it :)
19:49:50 <vkarlsen> s1lversurfer: There's some license issue that prevents it from being distributed as a package
19:53:01 <s1lversurfer> vkarlsen: interesting, i haven't checked ports.. i am so dumb and newbie hehe, but it's ok i'am almost drunk, some beers u know... :D
19:53:24 <vkarlsen> s1lversurfer: Take a look at the Makefile, there's a list of instructions there that will make it easy
19:54:57 <s1lversurfer> yesterday i've installed vscode, almost there, compiling Obsidian :) i'm in love with freebsd, i am a linux user since 2004 and i never tested a bsd system, have no explanation for that lol
19:55:38 <s1lversurfer> the openbsd still alive right ? but the freebsd have the biggest community?
19:56:18 <mzar> you missed a lot
19:58:37 <mzar> in 2004 Linux was stable enough that there was no need to seek any alternatives - that might justify it
19:58:39 <s1lversurfer> mzar: ya! empty mind.. i used to work with Red Hat for many years, but u know, they are creating some partnerships with Microsoft... wtff is that ?
20:00:04 <mzar> I have nothing against them and their partnerships, but FreeBSD is just decent OS
20:00:07 <s1lversurfer> and now the linux community stills in war because of pieces of rust code on linux kernel hehe even Linus Torvalds giving his aprovement
20:05:39 <s1lversurfer> freebsd is a boat on the internet titanic, if you have my age will know, the scene are fuc* up by a lot of posers on youtube, hacker is just a guy that watched Mr. Robot and play CTF, programmers walking around with their macbooks and those thousands of frameworks with bulssh*** what a mess... sorry for this, ourburst... :D
20:23:01 <aic> did you install vscode or not?
20:25:11 <s1lversurfer> aic: yeah ! :D
20:25:38 <aic> I use Emacs, not very customized.  but anyway speaking of vscode, here's a very cool emacs setup emulating vscode IDE: https://github.com/doomemacs/doomemacs
20:26:59 <aic> sexy screenshot alone makes me want to try it
20:27:11 <s1lversurfer> aic: i'll check out, i had a problem with electron34, but i solved it, and now i'm having a problem with electron33 :D but i will fix it too hehe
20:27:38 <s1lversurfer> dooom hehe
20:29:13 <aic> this is my obsidian for 20 years now: https://orgmode.org/
20:31:08 <tykling> am I the only one getting some anubis error when accessing bugs.freebsd.org ?
20:31:23 <tykling> is it my browser or is it actually broken
20:31:38 <s1lversurfer> aic: wow! 20 years of material, you are not joking hehe, i only have 2 years note on Obsidian, the rest of my life i'll try to recover on a 1TB Seagate Barracuda that is broken
20:32:46 <s1lversurfer> tykling: working here!
20:33:19 <tykling> thanks
20:33:31 <tykling> god I hate that anubis thing, shame it is needed
20:36:57 <aic> you need to enable javascript (e.g. whitelist the site in NoScript extension in your browser) and you need to accept cookies from that domain
20:37:00 <tykling> anyone recognize this node_exporter build error? https://poudriere.tyknet.dk/data/freebsd_13_4_amd64-default/2025-10-04_00h00m34s/logs/errors/node_exporter-1.9.1_2.log
20:37:19 <aic> that will make anubis happy
20:37:26 <tykling> aic: I accept all cookies and do not have noscript in my browser, and anubis usually works on other sites
20:37:28 <spmzt> @aic ty for introducing the orgmode, I found the vim alternative here: https://github.com/jceb/vim-orgmode . obsidian is good, but you should compile it everytime...
20:39:06 <aic> wow finally one for vim. I gotta share that with all my coworkers (infidels all use vim :)
20:40:06 <tykling> maybe it is because 13.4 is eol and they already depend on something only in 13.5+ in node_exporter
20:41:58 <tykling> it is.
20:44:57 <tykling> https://github.com/prometheus/node_exporter/pull/3177 this change from node_exporter 1.9.0
20:45:02 <tykling> oh well, time to upgrade I guess
20:52:48 <black> guys
20:54:30 <tuaris> NIS/yp seems like a great solution over LDAP in my opinion.  I get that passwords and user info are unencrypted, but nobody uses password based auth anyway, and multi-site connectivity is behind IPsec.  So why do people keep saying not to use NIS?
20:55:59 <tuaris> NIS has some great potentail when used in combonation with SSH CA
21:06:46 <aic> governance risk and compliance departments are probably not going to sign off on it, as it is considered obsolete/insecure
21:07:28 <aic> maybe check Keycloak if it can do what you want, it can use LDAP but it is not mandatory
21:07:42 <uzuri> hi!
21:08:46 <aic> see list of features: https://www.keycloak.org/docs/latest/server_admin/index.html
21:11:21 <uzuri> could a kind soul pinpoint me to the location of the release signing key? i would like to verify my downloaded .img's, and i dont know which key of the 1000s listed here: https://docs.freebsd.org/pgpkeys/pgpkeys.txt is the right one
21:11:26 <uzuri> thanks in advance !!
21:12:56 <aic> it says it's for "web applications" but in a company I worked at we also used it for SSH with hardware tokens rotating one-time passwords
21:22:05 <aic> uzuri: gpg --verbose CHECKSUM.SHA256-FreeBSD-15.0-ALPHA4-riscv-riscv64-vm.asc
21:22:12 <aic> gpg: Signature made Sat Sep 27 19:42:45 2025 CEST
21:22:12 <aic> gpg:                using RSA key 82563B84D0620EDC0DFB86413897F2E22E65AD3F
21:22:32 <aic> search https://docs.freebsd.org/pgpkeys/pgpkeys.txt  for string: 65AD3F
21:22:35 <aic> and there you go....
21:24:48 <aic> uzuri: you got that how I determined the key?
21:25:13 <uzuri> shoot, i disconnected, can you please say it again?
21:25:22 <aic> uzuri: gpg --verbose CHECKSUM.SHA256-FreeBSD-15.0-ALPHA4-riscv-riscv64-vm.asc
21:25:27 <aic> gpg:                using RSA key 82563B84D0620EDC0DFB86413897F2E22E65AD3F
21:25:27 <uzuri> couldnt see a single reply
21:25:33 <aic> search https://docs.freebsd.org/pgpkeys/pgpkeys.txt  for string: 65AD3F   and there you go...
21:25:47 <uzuri> aic: thanks...
21:26:10 <uzuri> there really should be a more direct way to get the link