01:23:11 hi, guys, how long can an image be written using dd? Because my writing takes a long time compared to linux. 01:25:48 oops, or should I have asked that in #freebsd-ops? Sorry 01:27:45 No, that channel is for requesting channel operatoes/moderators attention. 01:28:22 s/operatoes/operators/ 01:29:23 What dd options did you use? Specifically, what blocl size? 01:30:14 s/blocl/block/ 01:33:04 I used exactly: dd if=FreeBSD-13.1-RELEASE-amd64-memstick.img of=/dev/da0 bs=1M conv=sync 02:07:00 osin, that command looks OK to me. If that's a USB stick, your USB port and the stick itself may be limiting factors, unless the speed you're getting with Linux is on the same computer and USB port. 02:08:02 (Note, however, that 13.1 no longer gets security updates. If that matters to you, use either 13.5 or 14.3.) 02:10:08 yes opera toes! 02:11:43 i wonder what errors it reports in syslog 02:11:44 maybe 02:12:14 and you can add speed stats with status=progress 02:13:09 maybe write it full of zeros first 02:13:37 then comes the question what is it, how old, what port 02:13:57 what is the actual question? "how long can an image be written?" doesn't seem to make sense 02:14:02 hopefully that won't happen 02:14:39 over usb2 it goes like 20m/s 02:14:48 I took it to mean "how long can writing an image take?" 02:15:13 V_PauAmma_V: yeah, but that's unanswerable 02:15:22 it depends entirely on the size of the image and the speed of the storage device 02:16:19 See also, "Because my writing takes a long time compared to linux." 02:16:40 so 37-40s 02:16:48 okay, but unless OP just wants to have a rant about this, there is no actual question there 02:17:20 maybe it has weird speeds 02:18:23 I think there is one implied, in addition to the semi-explicit one. Namely, "is this normal, or am I making a mistake somewhere?" 02:18:41 * V_PauAmma_V <--- former tech support. 02:22:37 takes as long as it takes, if its a rare task so probably not worth wasting much time on it 02:37:21 I find the quality of the storage device is also critical to the time it takes to write it. 03:14:41 dmesg can be your friend for things that are inexplicably hanging 03:14:49 osin: ^ 03:57:12 i bet that usb flash just shat itself 04:07:32 even finding the usb 1.1 hub won't do this 04:50:18 what's the most efficient way to output the last 10 lines from /var/log/messages? 04:50:51 oh tail duh 09:16:37 ivy: sorry, I needed to be more clear. 09:46:12 how well will FreeBSD work with ThinkPad X1 Carbon G12/G13 I wondering if I should buy a new laptop and run FreeBSD to replace my macbook. 09:50:19 nwe: actualy, my Thinkpad is a X270 i7 16Gb ram 1Tb SSD, 100% FreeBSD 14.3 and 15 Friendly, but my next will be a X1 Carbon G13 32Gb ram + 1Tb to replace my M1PRO 09:51:35 hugohagogo: =) 09:53:26 <[tj]> nwe: probably be ok, it is quite new so some stuff might be on the bleeding edge 09:53:36 <[tj]> hitch would be if the intel wifi is a be model 09:54:56 but I will ensure everything is working with it like,wifi,sound,webcam,suspend/resume etc :) so I dont throw 2328 usd, and the computer will be laying on the shelf. 09:56:29 <[tj]> assuming the webcam is uvc it should be fine, if it is that new thing then there is no support I'm aware of 09:56:53 <[tj]> everything else should be supported or close to it 10:17:20 [tj]: oki! 10:17:36 thanks for answering :) 10:20:16 <[tj]> good luck, please let us know how support actually is 10:21:20 nwe: Intel WIFI AX210, here, with new drivers (iwx and iwlwifi), fully functional with VHT access points 11:23:03 nwe: ThinkPads in general are very BSD friendly, except of rthose that use an Nvidia GPU, but that has more to do with the GPU than with the laptop. 13:53:41 i'm on x1 carbon g7? maybe? it's working pretty well except the fn keys 14:31:22 rtprio: doesnt fn keys working for you on your x1 carbon? 15:04:46 Fn keys are a hardware level thing. 15:05:01 f'n keys indeed 15:05:15 I see what you did there. 15:08:54 yeah the f'n keys don't work 15:09:47 btw, anyone who uses 1-wire or dht sensors, what's the expected way configure gpios for them? 15:10:54 because right now it's about as hard as it could get 15:11:30 phrasing! 15:11:38 merry halloween 15:12:37 it goes through device tree onto which one should apply an overlay 15:12:51 that thing is not clear or easy either 15:15:55 the gpio pins are even fine, at least for this, have labels, etc 15:18:08 ended up making http://ketas.si.pri.ee/misc/gen-h3-gpio-fdt-overlay.1761919232.sh 15:18:17 that's not good 15:18:33 but that way i could almost understand it 15:18:51 got it working without full understanding eh 15:21:34 happy accident 15:22:37 unsure how many days i spent in src, manpages, in google... and funnily i found all the others trying the same thing 15:23:52 <[tj]> https://vzaigrin.wordpress.com/2016/01/12/one-wire-on-raspberry-pi-with-freebsd-11/comment-page-1/ 15:24:03 someone was even bruteforcing bitmask for hint.gpioths.pins 15:37:26 [tj]: but that's the same? 15:37:39 <[tj]> yeah, but isn't it the answer? 15:38:52 no 15:39:43 <[tj]> my bad 15:41:38 right way of creating overlays is somewhere via fdt in src 15:42:04 imagine if changing ip or interface would be that hard 15:47:25 hi there 15:48:26 meow 15:48:43 I have a question regarding multiple gateway on freebsd, setfib and redirect response packets came from certain interface towards proper gate 15:49:11 without running multiple instances with setfib xxx service .... 15:49:35 is it possible to accomplish something like that ? 15:49:45 someone was asking for that just short time ago :p 15:50:16 can I find logs ? 15:50:34 was there any solution? 15:51:04 i guess setfib and pf routing options were they key 15:51:25 I have logs starting from 8am 15:51:33 nothing is there there 15:51:36 it was days ago :) 15:52:07 false 15:52:26 so in order to send packet out somewhere you need to know where 15:52:31 so yeah 15:53:31 i recall sorts of hacks i did 15:53:51 if dest is fixed, you can add routes 15:54:15 back in bsd ~6 I can recall I did it via ipfw forwards things 15:54:29 ipfw still exists 15:54:44 but firewall was modified and in BSD 8 this method stops working 15:54:51 hmm 15:54:58 ipfw2 ... 15:55:41 so you have service that youn need to access from both networks? 15:55:49 common methodology I found is that to run services at different port and then use a port forwarding mambojambo 15:55:55 and reply goes to src? 15:55:57 which I kinda dont like 15:56:26 I would love to ... 15:56:41 i had to battle with it in openvpn 15:56:48 I see a bad strategu to accomplish that but ... 15:56:49 still sucks i think 15:57:30 so, pf reply-to? 15:57:39 even that had issues 15:58:20 I kinda IPFW guy, once I migrated to pf, but had a bad experience with GRE protocol ... back in that time pf doesn't seems to support it ... 15:58:27 so I dropped it ,, 15:59:50 i mean lets says ip 1.2.3.4 comes from em1, but machine has fib 0 default route to 9.9.9.9 via em0 15:59:53 meh 15:59:58 i hate routings 16:00:07 yeah ... 16:00:25 BSD and routing and advanced firewall thing is hell to me as well 16:00:44 so how does the reply packet to dst 1.2.3.4 get out via correct if? 16:00:54 complex routing is cancer 16:01:08 isn't so complex even 16:01:19 it's like C++ namespaces, "we kinda fucked things up so we're gonna wrap the different shits and make one multi-shit" 16:01:23 just two nets 16:02:14 nwe: that's correct. so no vol/brightness/etc 16:02:39 https://superuser.com/questions/1405174/how-do-i-forward-traffic-using-alternate-routing-table-with-ipfw 16:03:56 * nerozero rubberduck effect - was looking for something similar for entire day... 16:04:24 * ketas makes rubber duck noises 16:04:34 but yeah that sucks 16:05:21 hmm what my current openvpn used hmm 16:06:05 unfortunately I cannot afford deep dive into freebsd routing and firewall staff reading ... It will be nice to have similar config samples on BSD manpages 16:06:24 nothing even remotely advanced is there ... 16:06:54 fun actually 16:07:09 as two uplinks is totally unknown 16:07:13 as if 16:10:57 pf rdr works i think 16:11:10 works excelletn 16:11:11 i could try it more 16:11:35 please don't hesitate to try PF 16:11:53 maybe nerozero is ipfw dude 16:12:04 i have used ipf before pf 16:12:11 and ipfw where ipf failed 16:12:14 damn, eh 16:12:29 yep, we all have this background 16:12:44 like how many firewalls you need in one machine :) 16:12:52 one 16:12:54 ipfw is closest to fbsd 16:13:04 it's a tight hug 16:13:10 as i get it 16:13:27 but with a hell of a syntax 16:13:51 ipf is somewhere in middle and then there's pf 16:14:05 clearer syntax less features 16:14:22 or different features 16:14:46 obsd examples won't work either :å 16:14:48 :p 16:15:58 Darren's work was removed from OpenBSD long time ago 16:16:00 i think some people told they use obsd for pf only but couldn't use it for anything else 16:16:07 darren? 16:16:08 so they won't help you 16:16:13 yep 16:16:46 weren't you following mailing lists and usenet back then ? 16:17:11 i can't find who he is, found two guys 16:17:15 well no 16:17:19 when, even? 16:17:37 and i don't think it's humanly possible to follow all 16:18:27 i think proper and easy multihome routing methods should be added somewhere 16:19:00 and also what about that ow/ths thing 16:19:16 i get reasons for why fdt is a thing 16:19:27 I used to read majority of fbsd mailing lists a few decades ago 16:20:04 and yes, IPFilter was removed from OpenBSD like 25 years ago now 16:20:25 but using fdt or it's overlays to tell volatile configuration data to driver is hard 16:20:56 I remember it very well since my back-then cow-orker was maintaining IPFilter for OpenBSD and he was rather peeved that it was just kicked out of OpenBSD without any warning 16:21:18 cow orker :p 16:25:03 I like FDT very much. makes things much simpler than some unholy complex mess of dynamic resource allocation gizmo designed and implemented by drunken lemurs at microsoft 16:25:26 did he have special pin needle for theo's ass? 16:25:28 the classic "plug 'n pray" 16:25:31 or how why 16:25:37 meh 16:26:34 embedded platforms have different issues though; namely, no standards and often poor or nonexistent documentation 16:27:00 oh the no std is fun indeed 16:29:49 nerozero: /usr/share/examples/pf 16:30:00 fishing out correct gpio was somehow easier than finding way to put it somewhere 16:30:11 rtprio, will look into it 16:30:16 thanks a lot 16:33:09 nothing special in there what I cannot implement in IPFW 16:34:28 nerozero: if you know IPFW syntax, you are used to it, not missing any feature, why would you switch to PF ? 16:35:18 I dont, I thought there was an opportunity to implement multi-gateway things easier ... 16:35:57 but imagine if each time you need for change ip you need to get the machine readable address of nic you want based on human readable one, then translate your ip into special format it eats, the put the magical key and magical val into file, compile it into binary, then put it into said machine... i can imagine air would be thick of profanities 16:36:09 TBH I don't know how to do it in IPFW, but it's most likely doable 16:37:03 I'm tooling around with putting copyparty in a jail... question is, where on the filesystem should I dump the contents of the tarball? /usr/local/share/copyparty? Should I build a package? Contribute a port? 16:37:28 I see only one path - kinda DMZ on and natting into services listening on say 127.0.0.1 interface 16:37:55 port forwarding with respect to fibs ... 16:38:07 zip: i put unknowns into subdirs under /root 16:38:09 but IT IS TOO DAMN UGLY ! 16:39:00 but that could be a port 16:40:08 nerozero: there are fib and setfib arguments for ipfw, this approach is probaly seamless when you seek for multi-gateway support scenario 16:40:20 ketas: fair enough 16:40:39 yes, you can use fibs in IPFW rules ... 16:40:46 with nat things ... 16:42:08 AFAIR IPFW was always faster than PF, but haven't seen any recent benchmarks 16:42:26 way faster 16:42:37 especially natting things 16:42:57 almost no implact on CPU for high loads 16:43:23 now, when we have content avaliable over ip6, nat is no longer bottlenek 16:43:28 bottleneck 16:43:51 it's fun how v6 has stalled 16:43:57 kind of 16:44:24 my lame ISP doesn't support ipv6 16:44:44 everyone hates it ( everyone around me ) 16:44:53 i have native for >10y 16:45:03 but mobile don't do that yet 16:46:18 funnily it has hidden ip what runs volte iirc, that's v6 16:46:22 damnit 16:46:23 ipv4 - 4 bytes - 32 bits, easy to see each byte... subnets .... 16:46:59 so i have used v6 since ~2004 and adoption rate is lower than v4 16:47:03 :) 16:49:03 so v4 went live 1983 and in 10 years it was like full swing already 16:51:30 and in 20y nobody even talked about migrating to v4 16:52:51 ipv6 went live, let's say 30y ago 16:53:47 On servers I never have any problems with IPv6. Cloud hosting rentals always work perfectly. (Mostly. Why do some vendors split IPv4 on one virtual interface and IPv6 on a separate virtual interface? No idea!) 16:54:53 maybe they have separate networks 16:54:58 which is fun 16:55:05 On all other systems though I continuously have problems with IPv6! My Nokia fiber modem at the house is quite buggy for IPv6 using SLAAC to assign addresses. It assigns multiple IPv6 addresses! And only one of them works. The others are off prefix and do not function. Impossible to just plug in a client and have working IPv6 networking with it. Buggy! 16:55:36 since when v6 was already swinging around pretty well, all clouds just started 16:55:50 If I manually assign IPv6 addresses to client devices behind the Nokia then they will work. But I have to make manual assignments to have them work. 16:56:44 This is just an example of why IPv6 is /still/ having problems becoming pervasive. 16:57:42 multi slaac eh? 16:57:52 it's device thing maybe 16:58:21 my phone took 3 16:58:42 unsure what google smoked 16:59:08 i didn't check if they privacy change too 16:59:33 rwp: any chance you could tell me which Nokia modem that is? (model or ISP..) 17:00:55 wait, it announces wrong prefixes? 17:01:11 funnily it all could happen if... 17:01:17 as if nobody uses v6 17:01:36 with god awful CGNAT people may started demanding ipv6 more 17:01:37 stl, It's a Nokia WiFi Gateway 3. 17:01:44 may start* 17:01:54 stl, https://www.nokia.com/sites/default/files/2019-07/wifi-user-guide.pdf 17:02:00 no cgnat here yet 17:02:14 in mobile, yes 17:02:33 but yeah, no servers, no clients 17:03:55 offical introduction years of 4 and 6 are 1980 and 1995 actually 17:04:07 I don't really have a good way to debug at the protocol level to determine exactly where things go wrong but setting ifconfig_em0_ipv6="inet6 accept_rtadv" for example results in multiple inet6 addresses with the default one being out of prefix and not routing. But if I ping -S pick the other source addresses in prefix then they work. If I assign a working address statically then it works. 17:04:38 but at this pace last machines get v6 in >2100 17:06:26 Setting ifconfig_em0_ipv6="DHCP" results in a slightly better result in that it seems to randomly default to one of the working addresses in that case. But it all depends. And over time as the inet6 addresses change things phase from working to not working depending upon which default inet6 address is used for the outgoing source address. 17:07:35 That's why I blame the Nokia firmware as being buggy and the problem. That seems the most likely place for the problem to be existing. It does route if I set static IPv6 addresses and router. 17:09:35 can you get rid of it 17:10:12 but i'm more like how can v6 be still the nonserious plaything 17:11:47 unsure how accurate https://www.google.com/intl/en/ipv6/statistics.html is 17:11:51 Time has passed and our city's municipal fiber has switched to the next newer model of that fiber modem. If I complained I am sure they would start the debug by swapping me to the next version of the modem. Which I will probably do soon. I have simply been too busy to deal with it. And if I assign a static address then it works. 17:12:47 i have fiber bridge here 17:13:02 they supply a separate router which you can decline 17:13:03 I /feel/ that most of those IPv6 users in that graph are mobile phone users. Because mobile networks are running out and it is either CG-NAT or IPv6 and they control both ends so IPv6 is very common here. 17:13:16 next fiber also follows same path 17:13:21 rwp, when you say "out of prefix and not routing," what is the address in question? Does it start with a 2 or a 3? 17:13:50 if you order 2.5/2.5g they replace huawei with adtran 17:18:08 i recall when first ever actual routers went live in this isp, all sorts of problems appeared 17:18:09 CrtxReavr, For example using RA or DHCPv6 it will assign multiple IPv6 addresses 2605:b40:13a3:8c00:2e0:4cff:fe14:5d27/64 2605:b40:1516:a200:2e0:4cff:fe14:5d27/64 with the first one 2605:b40:13a3:8c00 being the default that will be selected for the outbound source address. But it will not route out. If I select the second address, and it is never the default one, then it will work. 17:18:58 tcpdump time 17:19:06 2605:b40:1516:a200:2e0:4cff:fe14:5d27/64 17:19:18 That one is your MAC-based EUI-64 address. 17:19:21 I have been there with tcpdump but I can't tcpdump the WAN side of the fiber modem. 17:19:33 IT's beeing assigned by stateless autoconfig. 17:20:27 The others are temporary IPs to be used as source addresses to obfucate your MAC address. . . at least across the router. 17:20:46 Yes. Agreed. 17:22:18 Um, actually. .I was looking a bit too fast. 17:22:29 Notice that 3rd and 4th quads differ. 17:26:06 and what isp thinks of this? 17:27:23 I haven't opened a support ticket. But have discussed this with other friends on the same municipal fiber. All of us have the same result. Which results in only IPv4 working for us. But I am the only one talking about trying to make IPv6 work. No one else cares. 17:27:41 so yeah, after all sorts of problems appeared with first gen router, isp was confused and one of their guys told but we like tested it in lab, we bittorrented using two machines 17:27:56 seems like production is hard 17:28:11 Thsoe are all SLAAC addresss, for for different prefixes. . . it's like your ISP is changing them too fast on you. 17:28:21 rwp: that's really sad story.... "No one else cares." 17:28:29 and they all run like absolute lowest bidder hw and sw 17:29:35 if they actually provide v6 too they should fix it :p 17:29:46 They have not run into something they can't do using only IPv4, they can stream Netflix, so they don't have any itch to scratch. 17:29:49 I think what I've learned is I don't want to use copyparty 17:30:06 copyparty seems funthing 17:30:43 but what you actually want? 17:31:07 CrtxReavr, Yes. It does seem like that. Through the course of a day there might be 15+ inet6 addresses pass through a Debian/Devuan system I have sitting there for debugging. My house FreeBSD system I need to work and I have it configured with the static IPv6 address so that I can rely upon it working. 17:32:10 I haven't had time to put into debugging this further but I hope to have some time in the next couple of months. I will open a support ticket. They will swap my modem for the newer model. And likely nothing will change. I have been hesitant to do this because I have been traveling away from home and what I have is working and it is the devil you know versus new devils that I will need to get to know. 17:32:33 hopefully it's your allocated /64 or more 17:33:29 Another bug in that Nokia firmware is that if I let it run without a reboot for "a while" like maybe two months then the IPv4 DHCP server will stop working at some point. Probably a memory leak or something. It will keep routing okay. But if you reboot the client such that the ethernet link drops then it will never give out another DHCP address and the client can't get back online. 17:34:07 My workaround is that whenever I depart from the house I always power cycle the Nokia before leaving. That resets the resource leak or whatever and then it is good for at least another month and will survive until I return home again. 17:34:44 It takes a while to debug something that must run for 2-3 months before exhibiting the problem! 17:36:06 that's a hell 17:36:29 so no way go get rid of it or hack or? 17:37:27 rwp: perhaps they have just buggy and not fully ip6 capable equipment ? 17:37:30 What do you suggest? Open up the ISP modem, solder an ICE fixture onto the circuit board and start reverse engineering it? 17:37:39 burn the modem 17:37:44 i would be very pissed if it were main required device 17:37:56 and wouldn't even work 17:38:33 I think mzar's assessment matches mine. It's just buggy and not yet working. It is likely the configuration on the ISP side of things. I keep hoping that it will get fixed and then updated and then magically start working. 17:38:53 you can't access it otherwise0 17:38:57 ? 17:39:01 like via ip 17:39:37 Burning the modem is not really an option because I really like having the GigE fiber connection. I am NOT going back to Comcast's 30MbpsDn/4MbpsUp cable modem. 17:40:07 what they do there anyway 17:40:09 gpon? 17:40:12 PON? 17:40:43 ketas, I don't understand your question. Of course we access the Nokia web admin interface by IP. But that only exposes the web interface. It does not have any capability to debug the internal workings of the firmware. 17:41:27 no telnet there eh? :p 17:41:30 but yeah 17:41:49 well most likely your fiber comes in either as P2P or *PON, and only latter requires special equipment. former you can just hook up to any fiber module you have and rock on 17:42:08 i have high bets it won't work better later either 17:42:14 ^^ 17:42:25 like dhcp dying 17:42:34 classic shit isp cpe 17:42:58 failure is sad, but it won't even recover 17:43:23 it's absolutely not beyond nokia to just consider it normal for customer to powercycle a device periodically to keep it running 17:43:47 Nokia should have stuck to cellphones - they had a good run with those. 17:43:53 except they didn't 17:44:12 nokia does still make networking gear but 17:44:22 yeah who knows 17:44:28 I am also in a squeeze between having time to work on things I need to work on and having this be the devil I know how to workaround already. Once you get something working and known it is hard to break it just because. 17:44:34 Speaking of which I must focus on work until the top of the hour and then I must afk. Later! 17:45:07 i currently run Huawei EchoLife HG8010H 17:45:18 it seems factory def cfg 17:45:33 I use a FreeBSD box full of NICs. 17:45:33 it's not meant to be accessed on l3 17:45:39 No one to blame but myself. 17:45:51 ketas: basically some encrypted storage for personal shit and some less-encrypted storage for media 17:46:09 CrtxReavr: nokia basically just got lucky with their early cellphones - the company far exceeded itself and was in no way prepared to actually perform well consistently, or as it turns out, almost ever. 17:46:23 so, probably, a machine running samba, some kinda DLNA (probably rclone serve?) and then sshfs 17:46:33 currently they only rent cpes or stbs, don't sell them anymore 17:46:37 the main problem to solve is that of how to secure data 17:47:03 otherwise they have modified openwrt shitshow genexis 17:47:10 I expect there's a way to zfs-encrypt mountpoints and unlock them with user passwords, though that'd be annoying if it breaks ssh 17:47:12 i didn't take it 17:47:43 it's as if it's normal for customers to keep rebooting their routers like windows machines 17:48:16 it sw as well as hw problem actually 17:48:16 I guess freebsd doesn't really have a nice way to encrypt filesystems using TPM storage, so no shenanigans with that. I suppose the best option there is perhaps to deploy the spare raspberry pi or something and do some kind of juxtaposed auto-decryption 17:48:51 or to treat it as insecure storage and make sure whatever I've got running backups acts accordingly 17:51:28 Huawei is a good example of how stewed western networking companies are. EU had to come up with a bunch of FUD propaganda to block them from market (and Intel stopped selling the x86 chips entirely too) just because their gear is far too good and cheap 17:52:08 cisco, nokia, netapp etc have all grown fat and lazy, banking on continued profits based on past merits and brand name alone 17:52:40 btw from isp internal semipublic data i got that this is the best hw available on market that worked... but if i look inside on what the top quality is it looks like something where if rip one piece of ductape off, whole contraption comes tumbling down 17:52:44 so sad 17:53:14 so it goes 17:55:24 encrypted is hassle 17:55:56 i looked into openzfs implemented encryption and it looks weird 17:56:03 oracle one is as bad too? 17:56:23 for good encryption we have a geli 17:56:59 but i have no idea how well it runs over or under zfs 17:57:04 or ufs even 17:58:07 Stefano talks about it in his blog: https://it-notes.dragas.net/2025/07/29/make-your-own-backup-system-part-2-forging-the-freebsd-backup-stronghold/ 17:58:16 Koston: i laughed at attempts to use lawyers to make gpon devices interoperate 17:58:26 lawyers failed 17:58:29 :p 17:58:40 unsurprising 17:58:47 but amusing, hehe 17:59:28 imagine if you try to be isp and you step into cowshed and you have to choose where you step 17:59:36 where's the less damage 17:59:37 :p 17:59:38 capitalism basics dictates companies only produce interoperable standards when it benefits them, and making gpon ones interoperable would benefit none of them 18:00:13 ericsson and what else was tested 18:00:45 huawei specific downstream ecryption 18:01:01 what the hell 18:02:01 I suppose the other thing I should do is get on with working out disk layout for my local, blu-ray backups. You simply cannot beat a readonly offline backup. 18:02:06 that was probably blurted out because ton of people asked how come you selected like last possible manuf 18:02:19 hehe, they're certainly shameless in cracking competitor products, modifying and then reselling them with their own heavy tamper proofing 18:02:39 but of course it's a pain, ideally I'd want to make sure each disc is independent but it'd also be helpful if I wasn't manually shuffling files around to put on them 18:03:28 hmm are blus good for bak0 18:03:29 ? 18:04:10 depends how much data and how often you want to backup, I think 18:04:32 should backup more 18:05:16 mm. mostly stuff like photos and music 18:05:44 I learned this lesson the gentle way when it turned out a file was missing and none of my backups had it because they all just cycled out old shit and it had been too long 18:06:00 however, in 2008 I'd backed up my music onto DVD, and that DVD? Still perfectly readable, still had the file I wanted 18:07:10 * Koston still has some porn on 20+ year old DVD-Rs 18:07:16 no idea if they work though lol 18:07:16 thanks for sharing 18:08:00 how long is the average optical media lifetime? at least things like original playstation 2 games are now suffering major disc rot 18:08:06 also if I ever got some ransomware on my system I'd really, really be wanting backups that can't be fucked with using credentials on my system 18:08:12 isn't cost effective way just to rotate disks around 18:08:57 I'd be tempted to get tape drives but I reckon blu-ray and maybe making new backups of the old stuff every few years will do 18:09:32 tapes have crazy price 18:10:05 yeh, I think tapes are more industrial strength solution, when you also have a big tape robot for automated rotation etc.. 18:10:11 unsure what their lifetime is 18:10:50 tape wasn't so shove and forget too 18:11:11 can't beat read only media like optical tho 18:11:51 i only have had cd burner and i have unchecked cd backups 18:12:05 one (rather gung-ho) backup method is just uploading heavily encrypted archives onto multiple public services, counting on that at least one of them will still be up if/when you need it 18:12:21 disk space in general isn't very expensive 18:12:55 unsure how real complete compromise risk is 18:13:19 what's bluray prices btw 18:15:41 risk of something getting compromised is roughly [interest * difficulty] of the hacking, so unless your backup becomes a very interesting target to someone, the risk should be very low for a long, long time 18:17:22 and 18:17:32 tpm isn't support but 18:17:37 i wonder 18:17:41 actually 18:17:46 I still wouldn't use such a method for anything beyond something like, my illegally obtained .mkv movies collection or such.. 18:17:51 wtf everyone uses? 18:18:12 I'm using just full disc zfs encryption 18:18:49 i don't believe every company uses some closed hsm's and stuff they click click click install pray and sue 18:19:05 trade secret for sure but 18:19:14 wtf do they use :) 18:19:40 uh.. ones I've been at, the most they've done is ask me "pls setup your desktop/laptop with disk encryption" 18:19:59 with no further instructions or guidelines or requirements whatsoever 18:20:19 i mean more like inside 18:20:35 i bet they could blame you for leaks 18:20:39 :) 18:21:04 I'm not legally bound by any NDA anymore 18:21:31 funnily companies have been hit by windows ransomware 18:21:36 and havr lost data 18:21:37 so 18:21:42 hell knows 18:21:59 oh security is fun 18:22:22 not so long ago, one cloud provider imploded entirely after being hit by hackers. their entire infra got owned and utterly destroyed. 18:22:40 whooops 18:22:49 all hw, keys, backups? 18:23:02 like wipe zero and retry? 18:23:04 :/ 18:23:08 the name is forgotten at this location 18:23:24 https://techcrunch.com/2023/08/23/cloudnordic-azero-cloud-host-ransomware/ 18:23:58 The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data. 18:24:36 yikes 18:24:39 that's a bad day 18:25:08 i mean i'm not sure if large data provider can do offlines but 18:25:59 definitely a good "on today's episode of how fucked up is fucked up" 18:26:29 apart from hacker you could also get this from fired worker, etc 18:26:42 must have some segmentation here 18:31:31 CloudNordic could not be reached for comment. Its website notice said that the company had difficulty in communicating. An email with questions about the incident bounced back with an error message saying the message could not be delivered. 18:31:36 lol 18:31:38 but yeah 18:31:47 how to not do exactly this 18:34:18 almost like fb crashed and couldn't get into office even as door entry is also ip 18:34:53 and that's the company that can build whole large dc 18:36:02 Hey there! I set up a backup server a few years back with GELI encryption. I've been able to get the password correct a few times, but seemingly only when the installer USB stick is in. I've sorta given up and just want to wipe the system at this point, but I seemingly can't boot the USB image, even when trying to bypass it in the bios, it just goes to this disk. IDK if this is a EFI thing? 18:37:53 I wish I could have it display what I'm typing into GELI. I have to be hitting something wrong. It really dosn't help that I use dvorak, and it's in qwerty until I get the system up. 18:38:15 how can passphrase be correct if installer is there? 18:39:39 and then installer won't work 18:40:00 That's the odd thing, with the USB installer inserted, it goes to the GELI prompt, and if I get it correct, it starts the installer rather than the image that GELI is on. I have the something like this going on with another image, 18:40:08 unsure where and when those ade enteted but 18:40:12 it's an EFI thing yes 18:40:18 can't you test keyboard 18:40:39 hmm 18:41:09 if you can switch to legacy bios boot only, then use that to bootup from usb stick and wipe the hdd 18:41:54 never used geli eh :/ 18:43:27 I dunno exactly what the loader is doing; automatically searching all connected disks if they're encrypted and then requiring password to continue 18:44:11 decryption works? 18:44:21 then it boots wrong thing? 18:44:54 nah if you input correct password then you can continue booting up from the usb stick 18:45:21 with geli? 18:45:39 anyway if pass is still known why wipe it 18:45:41 It's almost like there's a bug in it. I'm entering the same thing everytime, but seemingly only on the third try will it go through. Got the installer up, just going to nuke this. 18:46:12 3rd boot? 18:46:17 i wonder why 18:46:48 well you can wipe whatever you wish 18:46:52 if you want 18:47:04 just curious about random faults 18:47:29 what's the hw and sw config of this? 18:47:31 I assume 1st stage bootloader wants to be accommodating for situations where full disk encryption setup changes and disk names change 18:47:53 as a side effect, well, you can have trouble when trying to bootup from usb stick 18:48:03 with efi, there's just one loader anyway? 18:48:33 i should try geli sometimes 18:49:30 there's also no efi hw at hand :p 18:49:44 ketas: third time I try entering the password. It prompts 3 times, if you don't get it, it fails. 18:50:33 hmm 18:50:41 It's an old Xeon low power system, I think this is something like a 1220-Lv3, ECC RAM, all ZFS 18:51:05 18 watt processor, my main is a 13 watt processor with ECC 18:51:22 unless things are really wrong keyboard can't emit password right 33% of time 18:51:32 ketas: loader.efi is now combined stage 1-3 bootloader when booting under UEFI, but full disk encryption with GELI works equally well under MBR and I assume that extremely constrained amount of loader code is shared between both 18:53:21 I really need sleep now though, but what wipt describes sounds like a bug 18:53:50 Or I just am really bad with a keyboard :/ 18:53:54 wipe would wipe the bug away too 18:54:00 so 18:54:04 again 18:54:17 without installer, it won't boot? 18:54:25 at all? 18:54:36 that would be fun 18:55:08 that would mean you managed to put installer as part of your boot 18:55:15 eg loader 18:55:49 actually how did geli even work 18:56:01 have to have something outside of disk 18:56:14 My other system, I forgot to update gpt when updating ZFS, tried installing another system, did the GPT update, but now I have the new system boot, but it boots into the old system. I can NOT remove the new system and have the old system boot. Absolute kludge. 18:56:36 meh 18:56:38 gpt? 18:56:43 loader? 18:56:47 ketas: idk, again, this system was set up like three years ago. 18:57:10 ketas: the new disk descriptors, what replaced MBR 18:57:49 but this was gpt? 18:57:52 GUID Partition Table 18:58:34 corrupting a gpt has recover method 18:58:38 if it's that 18:58:49 wipt: it looks like you have messed with the loaders, you have to fix it 18:59:59 where are the old and new systems anyway 19:00:17 I dug around in the forums and elsewhere, tried a bunch of things, didn't have any luck. I'll have to wipe that system too. It's an old install from like 2014, so it's probably due for that anyways. 19:00:26 under my desk 19:01:04 anyway if bug or misconfig, wipe clears it all and you won't even know what was wrong 19:02:22 i still have my first install from 2002 :p 19:02:32 you can transfer data to new disk instead of wiping it, good, old FreeBSD deserves to be cherished 19:02:58 If I was younger and had more free time I might dig into it, just brought home my third child last week, sorta not a priority anymore. Have to be much more pragmatic with things. My work is more centered around manufacturing CAD now a days. 19:03:13 managed to nuke the /bin once but i restored it from that tape drive i had in that old server and i had gotten tape for 19:03:38 mzar: all of the data is a backup of my main server, maybe I can get to the zpool. 19:03:47 in fact i was removing / but i ^c 19:03:49 :p 19:04:06 ketas: old 4.x? 19:04:19 I only started using FBSD in 5.x days 19:04:29 yea i installes 4.6 19:04:30 d 19:04:33 -rw-r--r-- 1 root wheel 302 22 maj 2004 adduser.conf < I can't find older files in /etc ATM 19:04:47 maj 19:04:54 :p 19:05:05 guess what does it mean 19:05:59 drwxr-xr-x 5 root wheel 39B Sep 13 2002 stand 19:06:07 OK 19:06:47 so that's likely the date 19:07:00 you beat me, I wiped all these 4.11 - it wasn't possible to upgrade them directly to 6.0 19:07:41 6 was the one that could/would kill your install if you didn't do a magic dance before hand 19:07:50 4.6 (June 15, 2002) 19:08:45 why wipe *tho*? 19:08:49 *wipe* 19:08:59 they got vanished 19:09:15 even if you can't selfhost upgrade a system 19:09:38 you can still take it's files at minimum and usually access the disk 19:09:49 from other system 19:10:07 the most challenging AFAIR was the transiotion from i386 to amd64 in-place 19:10:29 i should try some of that for fun 19:11:26 i recall i installed 4.6.2 over 4.6 19:12:13 after that i learned installworld 19:14:05 yep, we learn from mistakes ;-p 19:14:39 so funnily within a few months of installing fbsd i was already able to dev on it 19:14:47 how nice 19:14:49 708 nicks here and noone seeking real support - LLMs took it ober 19:14:51 over 19:15:50 -r-xr-xr-x 1 root wheel 7.0K Jun 11 2002 dhclient-script 19:16:16 looks like that's the release time date 19:16:38 digging in backups doesn't count, so I won't ;-p 19:17:24 well if you have backup of earlier install 19:17:30 why not :p 19:21:38 unsure where's the old ts 19:21:51 used to be /dist now /media ? 19:22:10 it won't get touched 19:22:22 # tail -1 dumpdates 19:22:22 /dev/mirror/gm1s1a 6 Mon Dec 14 03:14:15 2009 19:22:45 not that odl 19:22:45 2009 eh? 19:22:50 hmm 19:23:19 even with pkgbase managed system iirc if mtree runs 19:23:26 some dirs stay 19:25:17 and that should be in ls -lhatoi / | tail -1 19:29:33 https://cdn.hejto.pl/uploads/posts/images/1200x900/99304b419ae9bb37d52256a2c1388032.png 19:29:43 look what i found 19:30:49 anyway 23:04:23 okay is it just my imagination or is it a little goofy that bhyve has options like -H 23:04:58 or is there a good reason for ever not setting it that I'm missing 23:08:17 dedicated VM host vs a scenario where you're sharing resources between the host and guests 23:10:56 hm 23:11:09 so it kinda lets you overcommit CPU 23:14:54 Fresh install, and init is missing? 23:19:51 Reinstalled and got it again, it's causing it to panic on boot