00:59:57 lol chatgpt can generate fbsd device drivers now 01:00:23 tho i predict screams and rm -f foo.c 02:12:46 meh, i built a full pkgbase and now i have no src & src-sys packages at all, i recall moaning about it and writing custom configurable exclusion of them 02:12:51 which is not active 02:13:12 so hell knows where they went :p 02:14:17 of 16, not 15, so fuck knows 02:21:33 Haha 02:21:48 Get your s**t together, ketas! :D 02:23:11 what 02:31:15 What!? 02:33:24 we need cpet here 02:46:45 He was here the other day, wasn't he? 02:47:32 he was 06:57:52 I got my backup system built and got freebsd installed! I will wait til the weekend to do system configuration 06:58:09 I have to set up NUT, mainly. 06:58:48 after I get that tested and working I'll move onto how to best backup my zfs datasets. 07:38:33 I re-read the article about Lee Holloway and felt so bad about his life and the ruined marriage. 07:38:49 https://www.wired.com/story/lee-holloway-devastating-decline-brilliant-young-coder/ 07:40:20 I kind of think that we are inevitably delving into this black hole of social isolation simply because we disregard the relationships around us 07:41:11 and we couldn't possibly have been able to do this without heavily indulging ourselves on computers for social activities 07:42:53 I've witnessed people going into episodes of depression like that simply because of the anxiety of losing friends due to change social circles 07:43:04 changing* 07:46:40 Technology is fine. but With great powers comes with great responsibilities. Increasingly I am seeing this trend of "success by tech" by means of mostly the boring "God-playing" upon a massive group of people. 07:50:27 instances include most telecom operations and social media "applications". when exercised upon a massive group of people, eventually this Holloway-type brain rot happens because people don't realize they've been played by this scheme of rounding up users for them to only talk to each other over a restricted media 08:00:39 just started a disk replacement, resilvers gonna take less than a day. thank you mirrors! 10:13:01 I prefer BSD-based system after my over 5+ years with Linux-based systems. 10:13:29 Or Windows XP, 7. 11:05:16 congrats. I hope we treat you well 11:48:15 15 RC3 and 4 were cancelled, just to keep the original release deadline? won't that make 15R more buggy or? 11:49:35 alsoi hope RhodiumToad_ is ok, haven't seen him in forever 11:51:27 kerneldove_: no worries, they are picking all these bugs and fixing them, one by one, so 15.0-RELEASE will be 101% OK 11:51:43 that's great 11:51:51 kerneldove_: are you contributing, by testing these ALPHAs, BETAs, RCs ? 11:52:19 no but only because i never use .0 releases. i will be for .1+ tho 11:53:18 please consider testing it at least, we should not rely only on LLMs with this regard, but on real users 11:53:35 ok 12:21:06 is there a way to have FreeBSD wait for input before displaying a login prompt? 12:21:47 eg so I can run a getty on the default usb-serial interface, but if I plug in a usb gadget such as a raspberry pi it doesn't wind up in a login loop 12:38:37 zip: probably the appropriate solution is using devd(8) to handle it 12:40:26 I had a suspicion 12:40:39 it doesn't look like standard getty is quite so smart, which makes sense, because it's 2025 12:41:57 it's none of getty's business anyway to deal with devices that have nothing to do with it 12:42:42 today's silly project is configuring the pi's getty to know about ppp and working out how to configure pppd to get as far as ipv6 neighbour discovery 12:44:12 I think historically variants of getty could be configured to wait for user input so that you could connect two systems together and not have them go into a loop 12:44:54 and then local getty would also ignore the line if someone opened the /dev/cu side to connect out 12:45:22 but I get the feeling that's more of an mgetty feature 14:16:58 During a shutdown, my desktop hangs for 10 minutes after "All buffers synced." syslogd has already stopped at this point, so there's nothing in the logs. Could this be because a zfs scrub is going on? 14:38:42 cool, I got PPP working. And the pi still just browns out or loses connectivity so I'm pretty sure this is a matter of it just sucking 15:13:45 Handy to sharpen one's old weapons once in a while: I'd entirely forgotten you could build a VPN out of ssh and ppp 15:20:19 xorg is still vulnerable :/ 15:20:34 must be something blocking it :/ 15:23:13 zip: I think you can do it just with ssh 15:28:18 Yeah I think there's a flag now 15:40:16 guys/gals, anyone of you experienced any issues with the official forums? 15:46:04 I've noticed a real uptick in FreeBSD appearing in job descriptions. 15:47:01 Working as expected, probably a glitch on my side. Sorry 15:47:21 For years I've had a job search on LinkedIn for 'freebsd ipv6 python' and almost never seen matches for all three keywords, and yet all the sudden it's seeing new matches almost every day. 15:57:15 ZOMG! Dunno, but if you are the person I think you are, FU! Apologies if you're not. 16:02:41 long silence tends to confirm "things". Time and chat will tell :) 16:04:29 mad at me? 16:08:59 any WINE gamers in the channel? If so, have you ever gotten dxvk compiled for wine-devel (WINE 10.15/10.16)? (This would be the Vulkan layer for WINE) 16:11:51 CrtxReavr: maybe AI started creating these job requirements ? 16:12:22 Indirectly, sure. 16:12:48 Or maybe some of these big players are learning that Linux's IP stacks and other features are steaming piles of shit. 16:18:19 mzar: maybe some humans, exposing some buggers. 16:22:32 nope, fully AI-powered HR operations 16:23:08 be it as you wish 16:23:36 I still have my concerrns 16:24:03 s/concerrns/concerns 16:24:20 *shit happenns :) 16:25:59 only if you don't use FreeBSD 16:26:06 _ 16:26:36 mzar: sorry? 16:36:59 my humble home lab runs on a mixed patform (linux, FreeBSD), routing and firewalling being the task for FreeBSD. Never had any issues with this setup. 16:38:43 I would mention that I never used pfSense (and derivatives), plain pf did the job quite well 16:40:21 Now, if FreeBSD is going to really adopt the "full" pf, yay! 16:40:42 time will tell 16:46:11 flatdog: 'full' pf (from openbsd?) are you hoping or is there word of that? 16:48:06 rtprio: there were some rumours on the forums about OpenBSDs' pf being integrated. I'm ready to stand corrected 16:49:18 Please, allow me a couple of minutes, I will come back with something more conclusive 16:51:06 not integrated in the sense you're alluding to 16:51:23 replaying patches that make sense and don't break compatibility from the point of divergence 16:52:34 pf source forked some decade ago due to kernel differences but thankfully from a user perspective of configuring it things are mostly still compatible between the systems. 16:53:23 CrtxReavr: uptick in job descriptions? Notice any themes among those hiring? 16:53:39 kp@ and ks@ have significantly improved PF, you can test upcoming 15 flatdog 16:55:21 they are doing by picking one by one features from OpenBSD PF that we are/were missing, like new "pass" syntax, "af-to" (aka NAT64 and NAT46), pflow(4) etc 16:55:48 flatdog: a lot of new features to test, please don't hesitate to give it a try 16:55:49 the guys have done a tremendous work, cannot but rise my hat to them. 16:56:08 sure, we all should, good job 16:57:07 https://forums.freebsd.org/whats-new/posts/4772955/ 16:58:43 I am hype for "real" PF in 15 :D :D :D 16:58:44 cannot just jump into 15, its complicated. Will do when the time is right. 16:59:40 a lot of testing is going on in the background 17:00:27 things are looking good. Too good. 17:01:26 forgive my bias :) 17:02:50 flatdog: the time is about right 17:03:06 indeed mzar 17:03:08 I am now 100% on 15 in production 17:03:21 it's working just fine 17:03:43 interesting. You did indeed take some risks 17:04:01 yep, someone has to test it 17:05:14 test and production don't play well together, but hey, you got to make your point 17:05:29 I should learn PF 17:05:32 my respect 17:05:54 ^mzar 17:06:02 is this a matter of buying The Book Of PF or is it more of a tutorials-are-fine kinda thing 17:06:18 recless, or a pro 17:07:21 without the book of pf, you're lost (or dependent on someone's post) 17:07:28 ive ran 15 since it was branched and only had one minor issue in that whole time 17:07:33 hhe.. no worries, I migrate machines one by one, waiting a few day in between, submitting PRs if required and... it's basically a lot of fun 17:08:53 well, my hat's off. I wouldn't go that way, my boss would kill me. Twice. 17:10:12 Lucky rascal :) 17:11:34 I like this new predictable schedule, respect to @cperciva for planning and and his hard work supervising whole process 17:12:55 your boss is not that bad, at least accepts FreeBSD 17:15:55 my boss is a guru, learnt a lot from him (no ass kissing here) 17:20:42 ha.. I like him even more 17:22:22 small company, yet AS 9100 certified, funny contracts(Romania, Eastern Europe), the harshest market one might imagine. Yet we still produce. You don't want to see my logs, I ensure you. 17:25:26 when the boss is good (as in a pro) everything is good. 17:26:00 can i ask what you make? 17:26:31 blades for turbines. 17:26:51 PraTT&Whithey and Siemens 17:27:07 sorry, Pratt 17:27:53 and the final stage (the static one) for the F-35 17:28:13 sold for export :) 17:28:16 neat 17:29:19 yeah, try keeping the Haas machines within 6 microns tolerance (metrichead here) 17:29:56 + or - 3 17:30:12 nightmare 17:30:31 zip: Book of PF (2nd or higher ed) is what I'd recommend. 17:31:33 apologies for derailing the chat 17:31:51 flatdog: Welcome the derailment -- it crashed into another fun thoughtline :D 17:32:22 "Reasonable companies actually support FreeBSD as a runtime OS" 17:32:32 "Even in scary regulatory environments" 17:32:51 thank you, Sir :) 17:35:06 you know, FreeBSD shines where nobody see. Security, data safety... things that nobody care about, unless hurt by the lack thereof. 17:37:31 *apologies, english is my third language 17:38:21 flatdog: English is my first, and for the most part, only, so I appreciate the effort regardless. 17:41:17 I don't know how to type the thumbsup emote, but consider it done :) 17:43:05 Oh, forgot to mention, we also machine the VGT for Cummins :) 17:44:10 In case you're riding a bus, 90% of chances you are riding with a part machined by us :) 17:44:53 I'm so f***ing proud! 17:47:10 In text I usually see :thumbsup: as the plain text representation of the emoji. 17:47:35 👍 17:47:51 I'd tend to go with the slightly more effusive \o/ 17:48:17 It was the idea, not the actual implementation 17:50:34 sorry for the bragish* wording, but I am really happy with the way FreeBSD deliverrs 17:51:08 Simple tasks, well implamented 17:51:36 s/implamented/implemented 18:00:32 so, adopting the entire OpenBSD pf is going to be a major boost for FreeBSD 18:00:46 my two brezeln 18:01:43 $$$ 18:01:58 in time 18:04:48 it is there, but I cannot move to something new, just because its new 18:06:59 Pratt&Whithey, cool, we have also here the factory that was sold to them 18:07:08 still in good shape 18:07:36 I didn't know that they are using FreeBSD 18:09:59 installed a new system yesterday, and of course its FreeBSD 18:10:03 hehe 18:10:14 ill probably do more configuration for it tomorrow 18:10:24 cool, is it your first deployment specialbomb ? 18:10:50 no, just personal stuff unfortunately 18:10:56 I may never be a professional 18:13:19 but now I got two hosts running! 18:35:27 mzar: Pratt&Whitney don't use FreeBSD, we are 18:40:19 Long story short, we have a somewhat freedom to use whatever we want, as long as the +/- 3 micron tolerance is met. We used to use Catia, an expensive piece of software, capable yet way too expensive. 18:41:09 wavefunction, well, the fact that they matched they keywords freebsd, ipv6 and python is very noteworthy, at least to me. 18:41:46 looks like the book of pf 4th edition is nearly out so it may be worth my while waiting for that 18:42:13 for someone who does not need particularly complicated firewalls I sure do know nftables, iptables and mikrotik's weird interface to iptables 18:42:42 Lot with Meta, nVidia, Oracle, Cisco, Et al. 18:42:42 So , we had a look at FreeCad, then LibreCad, both open-source. We-ve settlet on FreeCad, and designed our own post-processor. 18:43:57 Post-processors tent to be an extremely expensive part of designing part of production 18:44:34 Pythonh seemed to fill the bill, we went with it. 18:45:16 interesting story 18:45:38 *think of a post-processor costing you around 20K, in dollars 18:46:28 F*, this, cannot we do our own? And we did. 18:47:27 And our machines are Haas, Okuma, Hermle 18:47:50 It was quite a task, but we're rolling :) 18:50:02 ... and running FreeBSD in the networks stack IIRC ? 18:50:13 All those CNC dialects, match them all together, I'm telling you, it was quite a task 18:51:03 good job 18:51:04 Yep, the entire network is a FreeBSD backed one. 18:51:18 are you using ip6 over there ? 18:51:26 No 18:51:44 as of now, no 18:55:49 We are talking about company 18:56:54 I was just asking out of curiosity, no worries 18:57:11 in Romania, one usually gets an IPv6 address, by default 18:57:19 yep 18:58:34 it's a very nice country and developing very quickly 18:58:44 probably the only thing were good at is connectivity 19:00:25 I have FTTH at 25 miles (roughly 32 kilometres) in the wilderness 19:00:29 what about thier cuisine ? dont you like it ? 19:01:11 you have to try it, decide for yourself 19:01:24 TBH I like it 19:01:35 I'm native, easy for me :) 19:01:58 are you from .ro flatdog ? 19:02:33 yes, I am romanian, born, raised and living 19:03:14 (I thought it was obvious) 19:03:20 great ! 19:03:32 I was't reading the backlog, I am sorry 19:04:01 no worries, we used to be all humans :) 19:04:22 "Romanian. . . it's like Italian with a Russian accent." 19:05:02 may I ask about your nationality? mzar 19:05:11 do you have any BSD user groups over there ? maybe I can attend a meetup 19:05:28 we were neighbours in the past, I am from .pl 19:05:42 true, about 20 % of our words are slavic, as origin 19:06:14 czesc, mzar :) 19:07:12 about 20 years ago I used to talk quite frequently to vermaden 19:07:45 time passed, he got another girlfriend and here we are. 19:07:54 hhe.. Buna flatdog 19:08:37 "i see the beginning of a beautiful friendship" 19:11:00 hhe.. I am quite often there, I have send you a PM flatdog 19:11:13 s/send/sent 19:18:42 zip: I preordered that book! im excited to get it 19:19:05 PF is very cool. 19:32:15 Really it's kind of shame you can't get tiny VMs with like 512mb of RAM and 2GB of storage, lots of stuff barely needs that 19:33:09 Well.... I've shopped around a bit and I can't find one hosted in the EU without something Annoying about it, like pathetic 2FA on an account attached to my credit card 19:34:36 Or they exist if you want Linux 19:35:26 you mean like VPS services? 19:51:28 Maybe you could use AWS EC2 t3.nano instances using AWS Free Tier. 19:53:42 Ah, maybe not: > you are required to provide a valid payment method to sign up for an AWS account, whether you choose a free plan or a paid plan. 19:54:35 I'm not against it. I ddin't know they had a free tier 19:55:10 I suppose I could have a go at OCI free tier too 20:00:45 oracle free needs a credit card too 20:01:41 . o O ( wonders about getting a larger VM and then using it to host more smaller VMs ) 20:03:36 you could do that, depending what your ipv6 conectivity is like, or proxy it 20:04:16 I'm not against putting a credit card in or spending a couple euros a month 20:04:38 main annoyance with OCI is I used to work for them so I gotta read those T&Cs real carefully to make sure I'm allowed to use it 20:07:35 anyway. not against spending money, I'm just side-eyeing the providers who might not do an exemplary job of avoiding making me a free money glitch for some asshole with a crypto miner is all 20:09:02 and I realise I'm being pretty fussy here: looking for something in the £2 range, in Europe, with non-broken 2FA, that I can install BSD on, simply because I feel like everyone's cheapest tier is more computer than I need 20:10:17 zip: Did you look at NetCup? It's more than £2, but not a whole lot more. 20:10:24 possibly people are misreading "on an account attached to my credit card" as "_or_ an account attached to my credit card" 20:10:36 vkarlsen: I have not, I'll take a look 20:16:43 I have an OVH node at their cheapest price level of USD$4.20/month and though they no longer support FreeBSD I installed it using their Debian rescue system in the way that we do these installations and it has been working well for me. 20:19:50 that's not bad 20:19:55 they do seem to have a Freebsd 14.3 option 20:21:39 really I should get on with setting up the pet mini-pc with the services I want 20:21:55 somehow it's easier to sling someone a couple quid for a vps though 20:21:58 quieter, if nothing else 20:22:34 Also has the advantage that if there is a hardware failure that it's not your hardware failure to manage. 20:22:46 To be clear I also have my own bare metal systems too. 20:23:00 I’m currently using a Vultr VPS, but I’m going to be building a FreeBSD-based NAS, that could also host a couple jails and I see that I could maybe use to have these jails be available under a public static IP. 20:23:38 So I’d have a jail connect to that over WireGuard. 20:23:48 I'm contemplating doing a quick reformat and putting 15-BETA5 on it as I figure that'll be the easier upgrade pathway 20:24:10 right now I have a debian VPS running pi-hole, which feels a bit silly 20:49:29 Hello, all. Is there a chance FreeBSD will run on a PC with 256 Mb of RAM, or shall I seek an older and/or lighter OS? 20:50:31 If FreeBSD does not run on it then no other OS will run on it either. Why is there any concern at all? Is something wrong with this hardare? 20:50:46 ant-x: It will likely run, but what do you want it to do? 20:50:50 rwp, the amount of RAM. 20:50:55 Oh! You said MB and I thought you said 256 GB. My bad. 20:51:18 ant-x: I had 512 on a vm running unbound, but I had to increase it to 768 due to large zone files 20:51:28 vkarlsen, some very lightweight web hosting, SSH, very lightweight X (e.g. twm without a desktop environment). 20:51:42 No ZFS, of course. 20:51:44 I was trying to figure out how something couldn't run on a 256 GB RAM system and it befuddled my mind with that concept. 20:51:54 I've tried dialling my VM's RAM to 256mb and FreeBSD 14-3 ran 20:51:55 ^ :-) 20:52:45 I will later probably get more RAM, because the PC itself is circa 2005, and should have more. 20:53:08 ant-x: https://ctrlv.link/shots/2025/11/14/IkJV.png 20:53:09 zip, Good to know. 20:53:24 I am running FreeBSD on a 512MB system for a bastion host and it seems acceptable. I am running it on a 4GB storage and that's my main problem with it. 4GB of storage is the minimum without doing pruning of the system. 20:53:44 ant-x: This one does use zfs, btw 20:54:08 vkarlsen, I heard horror warnings not to use ZFS with less than 4 GB of RAM. 20:54:17 My 512MB one is also running zfs. Probably pkgbase would allow me to trim it down. If I had to partition it again I would give it 6GB instead of 4GB of disk. 20:54:42 Thanks. 20:54:48 People who have horror stories about zfs and ram have de-duplication turned on and there isn't enough memory to do that for anything. 20:55:20 ant-x: I run a web and mail server on zfs with 1 gig of ram, no issues 20:55:40 Most of my on-laptop VMs have only 2GB, and ZFS is content with that. 20:55:50 vkarlsen, running your own mail server -- you are an iron man. 20:55:59 2GB RAM, I mean. 20:56:19 V_PauAmma_V, the official installer itself advices against ZFS for < 4GB RAM. 20:56:24 A lot of us here have always run our own email servers. I have always run my own email server. 20:56:50 This week I got a copy of "postfix: the definitive guide" so we'll see how that works out 20:56:56 rwp, getting any trouble from the big providers not accepting your mail? 20:58:01 ant-x, it does? I must have overlooked it - or maybe it only does on 14.x and 15.0. 20:58:14 My 512MB ssh bastion host is using 25MB of swap. It's not doing anything else though. If running a web server I wouldn't run less than 1GB of RAM. File system buffer cache, ahem I mean ARC, is critically important to performance. 20:59:05 ant-x: Worry less, live more :D 20:59:37 I have no problems with mail delivery to Google, Yahoo, Microsoft, others. But I have somewhat of a special case because I am also hosting friends mailing lists and those conspiracy theorists are active reading and responding to emails from my server. They call that engagement. It is like a vaccine inoculating my server. Victory unintentional. 20:59:40 I will hardly server more than a few requests a day, unless LLM craslwers find it. I am totally new to BSD administration, and got this PC out of the trash can to try. 21:00:15 ant-x: that was more or less my first machine with freebsd too 21:00:46 Since you got your bare metal at a bargain cost of free then you have nothing to lose to try running any experiment upon it. Give it a go! Then you will know. 21:01:19 Do you know of a way to serve a website without a static IP? Or do recommend that I get one? My provider offers a static IP for an extra price... 21:01:36 mine was a p90 running freebsd 3.4 21:01:53 Reminds me of my first laptop. NetBSD was the only thing I could run on it, because everything else I tried used so much memory that I couldn't load the driver for the PCMCIA NIC 21:01:59 ant-x: some dynamic ips stay rather static, like the same ip for months or years 21:02:01 rwp, that's it. It is sitting on my desk all bare, without even a case (but I have ordered an ultra-slim microATX case). 21:02:11 If it is truly just a home experiment you can run a dynamic dns IP address acceptably well. As long as your ISP does not block you for violating their terms and conditions. 21:02:36 if yours is not (and mine now refreshes every couple of weeks) i just update the dns for the zone when it changes 21:02:57 I call those bare cased systems https://en.wikipedia.org/wiki/Lady_Godiva systems. They work great on the home workbench. 21:02:58 Internet is made for hosting things: an network of nodes. 21:03:46 rtprio, you mean you update your domain's settings to point to the new IP? 21:03:54 ant-x: Looks like ovpn.com offers static IPv4 for 4 euros/month 21:04:12 I can't vouch for them, though. I just saw this myself 21:04:46 For 4 euro/month can probably spend a few more pence and get a full VPS system along with it. 21:05:06 vkarlsen, thanks. 21:05:32 ant-x: yes 21:05:45 Can I use L2TP/ipsec -- offered for free here ? Will it work with a FreeBSD server? 21:06:29 Does FreeBSD have its native server software, or does it use httpd/nginx typically? 21:07:18 it does not have it's own, but among nginx there are practically dozens of web servers to choose from, depending on your needs 21:07:39 among nginx? Isn't there only one nginx? 21:08:42 nginx and a fork when a RU-based developer was barred from working on it, IIRC. 21:08:43 yes, and dozens of others 21:08:50 My FreeBSD VPS using VPS and hosting 2 jails, one with Caddy, and another one with cgit, is using 329MiB currently. 21:08:55 using UFS* 21:08:58 There was a falling out in the nginx development and now a main developer has forked off freenginx which is the version I use. 21:09:06 apache, tomcat, lightty minihtpd microhttpd etc etc 21:09:29 rtprio, Those are not actually nginx though! 21:10:16 If you want to get technical, there are nginx-full and nginx-lite in addition to nginx :) 21:11:08 V_PauAmma_V, As I understand it the nginx fork had nothing to do with it being a Russian developer being Russian. It had to do with the commercial corporation of nginx itself being more corporate than community. 21:11:21 i said dozens other ones to choose from 21:12:17 "announcing freenginx.org" https://mailman.nginx.org/pipermail/nginx-devel/2024-February/K5IC6VYO2PB7N4HRP2FUQIBIBCGP4WAU.html 21:14:10 Sounds good. Now -- to install FreeBSD. 21:14:11 I am using this port: https://www.freshports.org/www/freenginx/ 21:14:34 rwp, maybe? I vaguely remember that was (a side-effect of) sanctions against Russia. But I've been known to be wrong. 21:15:02 Is not nginx more difficult than httpd, in that it delegate everything to external async components? 21:15:31 *reads* Ah, yes. That email makes it clearer what caused it and what was unrelated. 21:16:58 I think in this case it is just F5 being a corporation and acting like it. To be clear though I support the sanctions against Russia for starting a war invading Ukraine. 21:17:27 hmmm reading the man pages, pkg-info has -a but thats lists all the installed ports, I want explicitly installed ports, no dependencies included 21:17:36 I dont see anything in the man page, do I need to filter it somehow? 21:17:49 I generally try to avoid politics in IRC channels but I didn't want to appear as an apologizer for them here either. 21:18:31 polarian, As I understand it you need pkg-query and the query language with %this and %that filters. I don't know off the top of my head further. 21:19:10 rwp: ah... I such at pkg-query 21:19:12 :P 21:19:22 possible feature request to pkg-info though 21:19:36 %V in `man pkg-query` 21:20:31 rtprio: that returns an int tho 21:20:47 ant-x, Regarding what you say is a negative that nginx delegates backend processing to fcgiwrap and other backends others such as myself see as a positive that those are separate. It's one of the things that makes nginx so fast at being a frontend to the hostile Internet. Much faster than other all-compiled-into-one servers. 21:20:50 oh wait im stupid 21:21:00 I need to use -e 21:22:13 rtprio: %V is always 0 for some reason :/ 21:23:32 rwp, the negatives are relative: I found it hard to host a PHP page that way -- but I am a nooob. Another negative in nginix is that it has nothing like httpd's local .htaccess files that can give non-privileged users of a pubnix lots of control. With nginx, you have to be root, AFAIK. 21:24:28 I've been wondering if step 1 of setting up a webserver is configuring blocklistd to nuke the subnet of anything that tries to talk to it other than my home network or letsencrypt, then getting the letsencryt certificate, and then letting the firewall tables fill themselves up for a while 21:25:51 step 2 being to add some honeypot endpoints to robots.txt and nuke anything that touches them, or /admin, or a couple other popular ones 21:26:35 robots.txt is a genrlemen't agreeement. It can be enforced by the server. 21:27:11 I see: the scavengers read your robots.txt, and try paths listed in it. 21:27:40 zip, At one time firewalls were open and we tried to block bad actors. Eventually came around to blocking all by default and only allowing known good actors. I think we are heading that way with the web. I think soon most sites will be blocking all by default and only allowing known good clients through after they register. Sigh. 21:27:42 I think that in our moder age, some LLM poison like Iocaine should be in place, too. 21:29:12 Just yesterday, this website blocked me on the ground that I was using a "suspiciosly old browser". He whitelisted my User-Agents (including the old FireFox on Windows XP). 21:29:28 ant-x: what's Iocaine? 21:29:30 ant-x, Use fcgiwrap+spawncgi+multiwatch for a full robust configuration. The Apache .htaccess feature is a good way to slow down the server and so I always avoided using it. With Apache you should be root as well. 21:30:04 Remember that by default apache and nginx and the others all drop priviledges and run as a non-root non-priviledged user account. 21:30:06 honestly for the next year or two you can probably get a pretty low false positive rate by blocking anything over http 1.1 21:31:10 rtprio: the correct one is %a and then check if it =0 21:31:14 sorry for my stupidity 21:31:17 thx for the help 21:31:56 Additionally on FreeBSD if one has security concerns then one should run web servers inside of a jail configuration. And compartmentalize the backend services in jails too. It's straightforward. 21:32:15 Hello everyone. Anyone knows a working way of PXE-booting FreeBSD installer with Grub? 21:32:30 I've also been wondering how effective it'd be against a scanner to basically have ssh set up to port-knock on... port 22. A scan is gonna drive by and think your socket is closed, whereas I know that the second time is the charm 21:32:34 If one is already running a VM VPS as a compartment anyway then that's already a container though so doing so on a dedicated system like that is an optional additional layer. 21:34:40 tavvva, I have not tried that combination. I have configured PXE to boot other installers. Seems reasonable to have it with FreeBSD too. Immediately after you mention it I want to work on setting it up for my own use. 21:35:27 I tried pxeboot chainload and it crashes 21:35:30 tavvva, Is there a reason you want to boot FreeBSD with GRUB? It's a valid combination but not a native combination. 21:36:51 Coincidentally a couple of weeks ago I tried to get PXE booting of a FreeBSD NFS diskless system. It starts the boot but then fails due to being out of space on something along the way. I tabled it for a while until I get back to debugging it. This was on 14.3-RELEASE for me. 21:37:18 rwp: yeah ... The reason is an already functioning broad ecosystem on top of Grub 21:37:44 tavvva: why grub? 21:38:18 oh 21:38:31 i used ipxe.org 21:39:05 tavvva, Apparently no so well functioning since it was failing for you. Just saying! :-) 21:39:07 rtprio: believe it or not, it's the best solution :] it supports architecture based menu selection 21:39:28 hodapp, . 21:39:52 rtprio: it reliably supports fallback to the 1st HDD boot 21:40:11 rwp, I am a member on a pubnix that uses httpd, and .htaccess let's me do a lot without root access. 21:40:14 When last I set up PXE booting from scratch some years ago the best practice was using the syslinux boot loader system. And I found syslinux to be a very good capable system for PXE booting. 21:40:33 ant-x: hmmmm interesting... 21:40:38 rwp: well ...maybe it is not caused by grub :] 21:41:12 ant-x, If the only way to operate is with hands tied behind your back but it works for you then don't let me disparage the method. Just keep doing it and be happy. 21:41:34 rwp: the crash happens in pxeboot and I'd love to overcome it with direct kernel+modules load, if possible 21:41:48 rwp: openbsd and netbsd works 21:41:57 Well, I am going to become king on this ancient computer (which does not seem to boot from USB...) 21:42:43 tavvva, It's sad that FreeBSD is behind NetBSD and OpenBSD on this. But those are also very good operating systems too. 21:42:45 rwp: moreover ... openbsd and netbsd offer ramdisk version of the kernel with builtin installer as one file 21:43:28 rwp: something that you can directly load with knetbsd or kopenbsd command and it just works! 21:43:33 Friendly competition among the family is good for pushing technology forward. 21:43:51 more so someone coding it out of spite 21:44:37 I am not an expert in this area but I recall a FreeBSD something which did load the installer fully into ram... 21:44:56 when chainloading the fbsd version of pxeboot I get BTX halted and a registry dump 21:46:49 My neurons are vaguely remembering discussion about bhyve booting grub and *BSD and thinking there is information in that topic area of bhyve for doing this that would be useful. 21:51:03 ant-x: yeah :) computers not booting from USB are pita .... do you know you can PXE-boot plop boot manager v5 to boot from the USB afterwards? you can boot plop boot v5 also from Floppy or CDROM 21:51:21 tavvva, Ah... https://mfsbsd.vx.sk/ is a fully ram based FreeBSD installer. 21:51:51 rwp: mmmm ... the address looks "official" :D 21:52:15 It's the author's main site. You can also look here: https://people.freebsd.org/~mm/mfsbsd/mfsbsd.pdf 21:52:30 mfsBSD has been around for a long time and is fairly well known. 21:52:36 tavvva, yes: I know plop can sometimes boot what the BIOS won't. 21:57:00 rwp: Martin Matuska seems to be Czech too ... I could at least discuss that with him in my native language :) 21:57:44 There you go! Win-Win! :-) 21:59:53 however ... after a bit of reading it seems it supports a bit different scenario .... it looks like it loads a pre-installed system, not the installer itself and it would have to be hacked more 22:01:59 I have used it to launch bsdinstall on a system before. Probably pretty easy to have it do that automatically. 22:03:32 Grub supports extra options for freebsd .... 1.] modules 2.] hints 22:04:20 any chance using them for starting the installer? 22:05:36 or even better ... any chance you could start releasing a PXE-bootable ramdisk kernel like OpenBSD and NetBSD ? 22:06:01 OK, bootin from a USB-HDD was hidden with other HDDs in BIOS. I have booted from FreeBSD-14.3-RELEASE-i386-mini-memstick.img, but the setup told me that some of the necessaryt files were not found on the boot media, and is asking for an internet connection. Can I skip that? Or is that mimi-memstick version intended for network setup? 22:06:31 I assume that "you" is referring to the general large group here. You might address that to the freebsd-hackers mailing list though. You and I have been chatting and I don't make those releases so no chance for me to do it. 22:07:13 rwp: oh ok ... sorry .... for some reason I thought you're one of the devs :] 22:07:46 My beard is grey and I have been around a long time but I am not one of the committers. 23:32:41 OK, I have installed FreeBSD, and booted into a 640x480 VGA mode, althougth my display is 1600x1200. A vesa.ko driver is loaded, but no specific Radeon drivers are in sight. There should exist radeon and radeonkms driers, but I can't locate them with pkg. Where can they be? 23:36:56 ant-x: https://docs.freebsd.org/en/books/handbook/x11/#x-configuration-amd 23:37:19 The WIKI tells me to install the drm-kmod port. I can see it in freshports: , but ``pkg install drm-kmod'' will not find it. 23:37:29 rtj, it is not about X at all. 23:37:41 (I am configuring the TTY). 23:39:23 ^ The Handbook also mentions ``pkg install drm-kmod''. This command fails for me with "No packages available". 23:41:32 And it is looking in FreeBSD-kmods, as exptected of 14.3 . 23:45:49 I am running 14.3-RELEASE with the radeonkms graphics driver from ports. "pkg install drm-kmod" and "sysrc kld_list+=radeonkms" installs it and configures it okay for me. But it is in ports and that is sometimes out of sync with the base kernel and sometimes failing to build due to other reasons. 23:45:50 i don't think you need any kmods for tty modes 23:46:01 But ``pkg search drm | grep kmod'' finds: gpu-firmware-kmod -- firmware modules for the drm-kmod drivers. Is that it? 23:46:02 What version of FreeBSD have you installed? 23:46:49 rwp, 14.3 here. Just downloaded and installed. I did not not ``pkg install'' could install ports in addition to packages. 23:47:31 rtprio, the vt manpage says I need a KMS driver to set the high framebuffer resolutions for my tty's. 23:47:38 Correct. 23:47:46 Also did you boot Legacy BIOS or UEFI? 23:47:51 Legacy. 23:48:55 Me too booting Legacy BIOS. BIOS has a built in character generator. UEFI does not and requires a graphical boot right from the start. BIOS boots in the default resolution character mode and then loading the driver allows it to change to higher resolutions. 23:49:13 What I don't like, is that ``pkg install drm-kmod'' fails to find that package. 23:49:33 rwp, yes -- as explained in the man pages. 23:50:41 I have a graphical 640x480 mode (not text mode), but I cannot use my display's native resolution. Many Linuxes automatically get it from EDID. 23:51:19 ^ Shall we compare our repository configurations? 23:51:34 I don't know why that (pkg install drm-kmod) is not working for you. It worked for me when I did it previously. Sometimes the pkg repository build fails and packages are not in the repository. 23:52:23 I fear I made a non-standard insrall, via mini-memstick.img . 23:52:54 There has also been a recent change to build kernel modules from ports with newer versions of the kernel. There is an example of that in the man page. That does not work for me though so I can't comment upon it. 23:53:34 ``pkg update'' says all is up-to-date. 23:54:01 Really though "pkg install drm-kmod" is in the handbook and it should be working. That's the documented process. I don't know why it would not be working. 23:57:37 Yes, it is sad. I don't even have the path mentioned in the Handbook: /usr/local/etc/pkg . 23:58:40 If you don't have that path then you have not run pkg yet. pkg creates that path the first time it is run. 23:59:47 No, I have already bootstrapped pkg, and it now fully functional!