00:00:17 Right after install, pkg was just a bootstrap script. 00:00:28 Correct. pkg in base is just a bootstrap script. 00:00:58 Base resides in the main root tree. Ports all reside in under the /usr/local tree. 00:02:22 Strage, but this is a freshly installed 14.3-RELEASE, and all my repositories and configured in /etc/pkg/FreeBSD.conf . 00:02:50 Is the mini-memstick distro broken? 00:03:45 Or do I simply need to add a ports setup in addition to packages? 00:03:46 The default two repositories FreeBSD and FreeBSD-kmods are configured in that file from base. That's part of the initial files needed to bootstrap pkg. 00:04:23 OK, how do I get the ports, then? And shall I ignore the Handbook recommendation not to mix packages and ports? 00:04:25 Maybe I created the /usr/local/etc/pkg.conf file but I would have sworn that it was created automatically when pkg was bootstrapped. 00:05:21 ``find'' revels but one pkg.conf on my entire system. 00:05:47 Shall I perhaps ``pkg install '' ? 00:06:15 I would perhaps run "pkg-static bootstrap -f" to force it to bootstrap itself again and download whatever files it requires all over again. 00:07:20 I do not see anythng in the Handbook indicating that pkg can work with ports and sotred them under /usr/local/ . Ports are sources, unrelated to pkg (which is for binaries). 00:07:26 I will re-bootstrap now. 00:08:57 It reinstalled pkg 2.4.2, but pkg install drm-kmod still cannot find drm-kmod. 00:08:58 Ports are used to build the precompiled binary pkgs. We call them all ports. Because that's where the source to them reside. Most people these days are installing compiled binary pkgs. 00:09:35 OK. I think that's a terminology different form that of the Handbook. 00:09:38 I don't know why pkg install drm-kmod is failing for you. Hang around and ask your question again. Someone else with more knowledge of this area will jump in and help. 00:11:27 Also, I do not see anywhere (except in the Handbook) a specification that pkg uses /usr/local/etc/pkg/*.conf . 00:12:08 Thank you, rwp. I'll hang around (but in away status, because I must sleep...) 00:14:08 Funny, pkg.conf(5) says that /usr/local/etc/pkg.conf is the default location of the config file. 00:14:20 Correct. 00:15:28 ^ But in mine, REPOS_DIR is commented out. 00:16:18 If I understand things correctly the commented out items are the internal compiled in defaults and therefore don't need to be explicitly configured. Only if the values need to be changed. 00:16:40 ...and in that case the two default locations are used: /etc/pkg and /usr/local/etc/pkg/repos 00:17:23 Can you please share your drm-kmods config from the latter directory? 00:17:42 ?? I don't have such a thing. 00:18:21 I mean the file where your kmods repo is configured that contains the drm-kmods package. 00:19:10 The Handbook says, it should be: /usr/local/etc/pkg/repos/kmods.conf 00:21:47 This is the contents of my /etc/pkg/FreeBSD.conf file: https://cgit.freebsd.org/src/tree/usr.sbin/pkg/FreeBSD.conf.quarterly-release?h=stable/14 00:24:11 This one is the same on my machine. 00:24:54 Although for me, ${ABI} probably expands unlike yours... 00:27:18 How can I look for drm_kmod in ? 00:30:03 (too see whether the package is there or not) 00:38:49 So... i386 huh? My system is amd64. I'll bet the module hasn't built for i386 but is available for amd64. 00:39:55 That's the problem: https://www.freshports.org/graphics/drm-kmod/ 00:40:14 ant-x: drm-kmod isn't an available pkg iirc 00:40:22 i thought you had to build it 00:41:02 It's available pre-built for amd64. But looks like it is not built for i386. Check out the build table on freshports. 00:41:49 I don't know but probably because drivers are often leveraged from Linux and Linux has been dropping support for anything not amd64. Just a guess. 00:46:49 rwp, that videocard is cira 2005 -- it did not exist for amd64. 00:49:02 But it is a metaport. The actual gpu-firmware-kmod package is available to me! 00:49:34 I will install it, but after I get a nap. 00:49:44 A good night's nap, that is. 00:50:36 Right now I am stuck having my ~/.inputrc read. Does FreeBSD read it by default, or shall I do so explicitly e.g. in .profile ? 01:03:59 Good night to all. 01:08:20 I was going to say that I am using amd64 with a radeon card okay. 01:09:41 ant-x, As for the ~/.inputrc file that is a bash syntax file and is read by bash via libinput and has nothing to do with anything else in BSD land. Also bash is a port. I use bash and I have a .inputrc file for it. It seems concerning that you say it is stuck there. 01:10:13 There is no need to do anything explicit about getting bash to read the .inputrc file. 01:11:43 ant-x, Hmm... Maybe by stuck you mean that you are not seeing the configuration from the .inputrc file? Maybe that is what you mean. In which case maybe you are not running bash? Remember that bash is a port and needs to be installed. And then you need to change your shell to it, or exec bash it, or something, to run it. "chsh -s /usr/local/bin/bash" will do it. 01:13:04 Caution though. I once set the default root account to use bash and then I screwed up an upgrade and the shared libraries needed to run bash were changed out from under it and that prevented me from logging into the system! D'oh! I rescued it with a Boot Environment. But now I always keep root's shell in base only and use toor with bash just for safety. 01:13:58 Also regarding bash I add a symlink from /bin/bash to ../usr/local/bin/bash (and same for perl) such that scripts continue to work portably across systems. 01:14:26 rwp: Scripts that don't point to (and work with) /bin/sh are a bit problematic IMHO. 01:14:38 Why do I put ../ in the symlink? So that if I mount the root of the file system over any of nfs, jails, container, whatever then everything points to the correct files. 01:15:19 Also, Perl scripts that don't say #!/usr/bin/env perl are also a bit problematic. 01:15:26 To be clear *I* never write a #!/bin/bash script. But lots of other people do. I give up on fighting all of those battles. 01:15:33 Fair enough. 01:15:55 I do write #!/usr/bin/perl scripts because, well, because, and I also want those to work. I admit to contributing to that cause. 01:16:00 I train my mentees away from bashisms at work. And it's a valid thing to do, given how many customers use ksh. 01:16:39 And now that UsrMerge is taking the gnu/linux world over I am seeing a lot of #!/usr/bin/sh atrocities. So... #!/usr/bin/env sh is now being seen. It's odd. It should not be seen. But... It does work. 01:17:39 That's kind of funny, given that /bin/sh should always work, everywhere. 01:18:22 AGREED! But now with UsrMerge and PATH newcomers don't have anything that is helping them get to the right answer there. AARRGH! 01:36:46 any ideas how to learn current RSSI on wlan0 iface ? I always thought ifconfig can disaplay it, but no. 01:42:19 checkpoint, I don't know as I don't have wifi handy but please try this from the ifconfig man page and say if it reports this information: ifconfig $interface list sta 01:43:03 mason: /usr/bin/env is not the most standard way to point a script to its environment 01:43:40 a lot of stuff don't use that actually, likeing pointing directly to the binary 01:47:20 It's the standard way for #!/usr/bin/env to search PATH for a program. 01:47:41 yes I believe that's right 01:48:13 It's not used for execv(2) or anything. Just for #! which requires an interpreter and one argument. 01:48:26 some people choose to specify the program path manually in case that is not found by env 01:50:50 I feel that just creates another hard coded path problem. 01:51:44 black2: we have a lot of people at work that write scripts using explicit paths, which have explicit version numbers in the path, and there's always a big issue when the version number gets changed. #!/usr/bin/env is the best way to do things. 01:52:10 rwp: yeah, there's RSSI value per station, exactly what I need. thanks. 01:52:32 yes. it's important to do it manually if there are multiple versions of an interpreter on disk 01:53:09 because the version number doesn't always get to become part of the binary's filename 01:54:13 now that python2 is done so this problem becomes less common 01:57:12 but anyways this is a minor issue 01:57:13 PATH should be used to sort that out correctly. 01:57:49 easily fixed if the host platform is changed 01:58:44 Is there such thing as a mentoring program in place for kernel dev? 01:59:22 env is like a shortcut but to get things solid I sometimes prefer the conventional method 01:59:24 Not even in a formal sense, just want to start learning specificaly about kernel dev and be able to talk to someone with experience 01:59:47 thermos: you can do google summer of code 02:00:23 and there is a to-do(s) page on fbsd's website 02:00:50 is the google summer of code just like a more structured way of getting exposed to open-source development/projects? 02:01:50 well. I've seen plenty of things done by that. it's like a sponsored kind of way to make contributions to certain open source projects. 02:02:35 they have a mentor system I believe 02:03:09 is the to-do(s) page you mention different then the "Project Ideas" page? 02:03:36 no. I was talking about the project ideas page. 02:03:39 oh yes i see freebsd has a page about gsoc on their website - thanks i'm gonna look into this 02:03:52 ok np man 02:03:53 right on 02:04:08 gl to you 02:06:31 ya thanks 02:11:11 ˜/1 04:36:43 I would like to set up the mailer and periodic to send mail to an outside email server. I honestly don't know how I would comfortable go about doing this, anyone have any ideas? I am also aware of the potential security concerns of sending system information to an external source. 04:39:02 but generally, I would like a way to see my periodic messages away from my system. I especially would like to get alerted on disk failures! 04:55:54 i'm tailing pflog and seeing a bunch of pass out messages, but why? i only have 'log' on 1 rule and it's not the rule matching these messages 04:57:48 my pflog tail cmd is tcpdump -e -i pflog0 -l -n -t 04:58:51 specialbomb: I haven't configured mailers on fbsd yet, just started messing around 2 weeks ago compared to linux servers. for all of my homelab services that have mail options, i use sendgrid's relay server that is pretty painless to setup; has a limit of 100 messages/day which is plenty for my homelab 05:00:06 so when i get around to figuring out mail on fbsd my plan was to just use sendgrid as the smtp relay 05:50:34 thermos: thanks for the advice. I am also currently writing a script that flashes a fancy light when things go wrong :p 05:51:16 so I can at least physically be able to notice when something goes awry. at least the stuff I can easily programmatically detect. starting with ZFS pool status and probably working my way towards other things like network interfaces and such 05:54:28 i've been deep diving into grafana with prometheus this past week. put the node_exoporter for system monitoring on all my machines and spending time making my dashboards. haven't set up alerts yet but i think i should be able to set thresholds and have it email me when hitting certain thresholds. 05:54:30 specialbomb, If you set up local mail then you can always log in to read the mail that occurs there from the system. Then since you don't normally read mail there you just need to be notified that there is mail in the local mailbox. I suggest Postfix. 05:55:29 but i won't lie, its been time consuming and definitely not a minimal/simple solution for simply recieving mail notifs for system alerts 06:02:30 I install, configure, use, the logcheck utility. And must AGRESSIVELY filter the noise from it. I would not be without it but it requires aggressive filtering of the noise in order to see the signal that is hidden within. logcheck emails not-filtered lines that are logged to logfiles which effects the notification of what's logged. 06:15:29 specialbomb: as far as the security goes, if you just use an smtp relay server (for which you authenticate to) it shouldn't be a big deal. I think the concern is mainly when you are running an actual mail server. 06:16:31 Also if you only /send/ mail and not receive it then there is little security issue. Nothing can poke in if nothing is listening to the mail ports 06:20:28 rwp, do you use Postfix or DMA? 06:23:06 I use Postfix. But I have been running it for years. But I don't have any problems with DMA. DMA is fine as a simple relay. 06:24:41 I also have always run my own mail server. But having always done it the learning of things was in small increments over years. I don't necessarily recommend that everyone run their own mail server. Unless you want to do so. In which case you should. 06:26:18 But it is a little bit like people who don't want to learn to drive a car. Or ride a horse. Or whatever. It's always going to be hard to get going at the start of the learning. Because there is a lot to know. But it will never be learned unless it is attempted. 06:28:56 this is true, do you run a mail server at home -- and if so does your isp not block port 25? 06:31:00 i've thought about setting one up at home but am mostly discouraged by the blacklisting of IPs or labeled as spam. Did you have to work around this at first? 06:33:16 Email as originally designed would work fine from home to other places. But... Spam! Virus infected Windows systems. So now we block any mail coming from residential address blocks. Using the DUL (originally dial up list) check. So any email from your home address will be blocked. 06:34:08 You will need to have access to a static address such as from an Linode or OVH or somewhere. They will list those addresses as being a static address block for servers. 06:34:46 It's possible to run a web server on a home system because users connect into there. But mail connects out from there and will be refused. Due to Spam! 06:35:04 So that is your first problem to overcome before running your own mail server. 06:37:52 But not all cloud hosting providers are equivalent. Digital Ocean for example is a fine hosting service for web servers and random things but NOT for email. Because they have been very poor about policing their own networks keeping spammers out. Most sites that I know block all of Digital Ocean email due to rampant abuse from there. Not a viable choice for an email server. 06:39:43 Let's say everything is set up with a static address that is clean and not listed as previously being a spammer and not in a bad neighborhood blocked for spam and so now you can send email. Then you still need to be able to receive email. That opens things up to receive Spam! 06:40:50 Which means now you will need to block incoming mail from spammers using a variety of techniques. DNSBLs are the first line of defense, blocking spam from residential blocks for example. But then also Bayesian learning engines and other things. 06:41:46 That's a basic summary without going into all of the details. 06:42:15 * rwp is dropping afk to relocate... Probably offline for the night. Good night all! 07:00:37 I've heard greylisting is surprisingly effective 07:10:32 clear 07:10:40 whoops 07:10:53 thank you all for the advice, however 08:18:10 i looked code again and now i know where my src pkgs went 08:18:14 .if !empty(GIT_CMD) && exists(${GIT_CMD}) && exists(${SRCDIR}/.git) 08:18:30 poudriere excludes .git ... 08:20:47 how is the laptop effort going? 08:20:59 unsure 08:21:09 try it out 08:21:21 i've been trying since 4.6 08:21:37 the 14.x gave me a gnome keyring crash after sleep 08:21:46 bleh 08:21:58 plasma looks fine, some quirks with sound 08:22:35 i was wondering if there is 2d video hw acceleration in chromium by default, alot of stuff to set up otherwise 08:22:45 damn suspend ram/disk is actually horrible thing if you think of it 08:22:58 have to stop but not quite 08:23:12 yeah the devs who work on those things have signed deals with the devil 08:23:18 but when you think of it 08:23:27 then you have to start again but not fresh 08:23:47 then we have rebootless kernel upgrade now 08:23:52 look at linux, they are now mainly working on low power modes in the kernel 08:24:00 which also feels horrible 08:24:13 so yeah, can't login after sleep 08:24:41 and now we start to have hw which have different freq cores 08:24:53 some even have mix arch 08:25:04 what could possibly go wrong 08:25:42 but still to report bugs from a fbsd vm makes not a lot of sense, i need a usable laptop setup somehow 08:27:07 edging a hardware apparently makes it pissed 08:27:13 :p 08:27:58 i'm currently trying to figure out how to sleep below 1us in kernel 08:30:09 got pissed and even told chatgpt hah 08:30:21 that thing actually made whole driver 08:30:50 gpu pipe dream eh 08:31:31 yeah had idea, maybe it will not work 09:23:04 ly2en> plasma looks fine 09:23:07 thanks :) 10:08:14 rwp, re: .inputrc> I think it is not bash-specific, but readline-specific. I didn't know sh did not use readline. (I am using sh, not bash). 10:10:01 mason, re: #!/bin/sh -- absolutely. But I don't mind #!/bin/awk or #!/bin/sed , either. 10:15:30 ...Indeed, sh does not use readline, and I didn't realise that. 10:40:03 plasma: most welcome 10:40:12 is it possible to run freebsd… with a linux kernel? 10:40:40 what benefits that would bring, phryk? use the linux subsystem in bsd 10:40:43 i really don't want to miss freebsds engineering, but gpu support is kind of abysmal. 10:41:02 ly2en: drm that actually supports the gpu i want to buy before 2028. 10:41:37 phryk: how advanced you want to go? just run it in gnome boxes or something 10:41:59 phryk: there were projects with solaris and linux kernel, but havent heared about FreeBSD yet 10:42:36 plasma: yeah, i only heard about the reverse of what i want… debian kfreebsd :/ 10:43:24 ly2en: that entirely misses the point. 10:46:34 the reverse also is podman with linux containers, maybe the "toolbx" too 10:47:34 a vm or container with raw hardware access is not a replacement for driver support on the host os, not by a long shot… 10:47:41 what entirely misses the point is lack of desktop/gpu support and as an OSS developer you are contributing way less than you would if your desktop is not freebsd 10:47:57 but what do I know, I work for a Linux company 10:48:41 alright, imma ignore you now. 11:07:44 OK, no luck with installing drivers for my Radeon 9200 aka RV280, but promises support `radeonkms' in drm-kmod, which is not available for i386. Is there a change I can extract this driver from an ealier version of FreeBSD (while it was still suppoted on i386) and have it working on 14.3? 11:11:50 ant-x: why are you not runnung amd64 code but insist on old i386 ? 11:17:46 mzar, because this PC I am experimenting on is circa 2005. 11:18:16 Perhaps I'll give the idea and use this PC in headless mode. 11:18:22 * give up 12:22:44 i'm tailing pflog and seeing a bunch of pass out messages, but why? i only have 'log' on 1 rule and it's not the rule matching these messages. my pflog tail cmd is tcpdump -e -i pflog0 -l -n -t fwiw 13:27:15 so just to be clear.. if i use freebsd-update to STABLE / beta / RC i should be able to then upgrade to RELEASE right? 13:39:48 is there a way to show available updates/upgrades with freebsd-update? 13:41:16 i was going to upgrade to 15.0 then move to RELEASE later but -r 15.0-STABLE and RELEASE don't work... is it 15.0-BETA? 13:42:25 i figured RC1 would be considered RELEASE 13:46:13 oh. it's actually broken down into BETA1 BETA2...etc 13:49:13 ant-x: move kernel modudles between architectures will not work.. they are compiled against kernel versions and architectures.. swapping out to i386/ to x86/ will not work 13:51:14 voy4g3r2, thanks. 14:40:38 any pf experts? 14:42:22 There are some people knowledgeable with pf here. Ask your question and see whether one answers. 14:43:51 i'm tailing pflog and seeing a bunch of pass out messages, but why? i only have 'log' on 1 rule and it's not the rule matching these messages. my pflog tail cmd is tcpdump -e -i pflog0 -l -n -t fwiw 14:45:37 Hello, all. How can a measure the temperatoure of an Intel Pentium 4 CPU in FreeBSD? I see no `temperature' values in sysclt, and the coretemp module does not help (probably because it does not support so old a processor). 15:08:44 ^ mbmon seems to read at least on of the three sensors -- the one that is otherwise available as hw.acipi.thermal.tz0.temperature -- the temperature of some heatsync, not of the chip. 15:42:07 odd. i know i typed ACCEPT for pkg FreeBSD.conf and when i got to the part where i had to re-install using pkg-static the FreeBSD.conf was in a state that shows the edits provided by freebsd-update 15:44:54 It's better to use /usr/local/etc/pkg/repos/*.conf to override defaults 15:46:10 vkarlsen: ah. in my case i just reviewed it and exited and typed ACCEPT and when i got to the pkg-static portion of updating to 15.0-BETA5 it gave an error because >>>> original ... was in there 15:46:44 and i looked at FreeBSD.conf and it had the displayed edits but didn't apply them 15:47:00 i mean it was a quick fix but i'm wondering if that's an issue during the update with freebsd-update 15:50:50 If it tells you to merge manually, you have to edit it into what you want it to be before proceeding. This can be a hassle :) 15:51:26 yeah.. i probably shouldn't have done that 15:51:43 so i'm sure it was from me going into vi and just :q without the edit thinking it would just revert back to doing it automatically 15:52:01 It's easy to fix it later with that file, though. It's less fun when it happens to something like /etc/passwd 15:52:08 yeah lol 15:52:11 thankfully 15:52:32 but there's always auto created boot environments to save you 15:52:51 Yeah, we have seatbelts nowadays 15:55:07 boot environments are the best.. should definitely be a standard across the board 15:57:21 i'm tailing pflog and seeing a bunch of pass out messages, but why? i only have 'log' on 1 rule and it's not the rule matching these messages. my pflog tail cmd is tcpdump -e -i pflog0 -l -n -t fwiw 17:56:21 ant-x, .inputrc is GNU libreadline specific, a sub project of GNU bash, both GPL and available in ports. Ports install in /usr/local. /bin/sh is in FreeBSD base which must be self-contained and self-supporting and cannot use anything from /usr/local or ports. Also many people resist the GNU GPL being in base and push those into ports for the license reason too. 17:57:52 The only other program I know that uses libreadline is rlwrap which somewhat generically wraps any program that does not natively implement command line editing with a wrapper using libreadline's command line editing. It's clever! But it is not perfect, such as regarding handling of Control-C. 17:58:21 rwp, Yes, I already understood that. Readline is a ... Linuxism, or GNUism. 17:59:20 rwp, lots of programs use readline, even the basic sql clients, such a psql for Postgres. 18:03:47 zfs-kmod-2.4.0-rc3-FreeBSD_g814f9afba 18:04:01 now i have temptations to toss another 8TB drive into the nas to try raidz expansion 18:04:28 but once i upgrade the pool i don't think there's any going back is there? 18:05:42 is it safe to say if i wanted to use latest for pkg i'd have to change kmods_quarterly_${VERSION_MINOR}" to kmods_latest as well? 18:25:41 ant-x, Trying not to sound antagonistic I recall you saying you were stuck trying to get sh to read .inputrc which indicates that there was a misunderstanding of it. I was just trying to explain the situation. 18:26:08 Also as far as I know those other programs that implement command line editing are mostly using libedit from https://thrysoee.dk/editline/ which is a different implementation originating in NetBSD IIRC. 18:27:22 rwp, I had understood that after your earlier comment, and wrote: " ...Indeed, sh does not use readline, and I didn't realise that." 18:28:32 rwp, lots of programs are actually linked atainst readline, and Postgres psql is one of them: I know it firsthand. 18:29:13 (I mean psql for Linux) 18:29:14 When you say "linked against readline" to which library are you referring? Since there are multiple I don't know how to understand that statement. 18:29:43 GNU Readline 18:30:37 this really reads my lines 18:30:54 How idecent :-) 18:32:11 Now for sh, I am simply doing: ``set -o vi'' without all the goodies: . 18:36:02 As you say postgresql does link against the ports GNU libreadline. I'll add that to my in-head list of programs on FreeBSD that use GNU libreadline. 18:36:13 rwp, thanks for the explanation. I did not make myself clear that I understood you the first time, when you indicated that .inputrc was unrelated to sh. 18:36:48 rwp, but I meant the Linux builds of psql. I am not sure about the FreeBSD build. 18:37:48 The FreeBSD build too. I didn't install it but looked this way: pkg search -f postgresql18-client | less +/libreadline 18:37:56 On the contrary, SAP HANA's sql client is not linked against any line-editing library, provides no editing of its of its own, and is very hard to use interactively. 18:38:20 pkg -f shows dependencies? 18:38:26 * pkg search -f 18:38:36 The -f shows details from the net for things that are not installed. 18:38:46 Ah... You searched for it with less. OK. 18:38:46 If it is installed then pkg info will show it from the install data. 18:39:12 + is the very old commnad prefix, from the times of ex/vi, if not earlier. 18:39:13 The -f means "full" data in this context. 18:40:20 You might install rlwrap and then try it with the other sql client that you mentioned. It's a generic wrapper that can be used around other things. 18:40:59 Before ftp gained line editing capabilities I would often use it "rlwrap ftp example.com" to give ftp line editing. 18:41:04 Perhaps I will. There is rlwrap and and also at least one analog which I forget: two generic wrappers for line editing. 18:41:22 So if rlwrap is that old, there other one is relatively new. 18:41:26 (ftp in base uses the netbsd libedit library) 18:41:39 Does it have a vi interface? 18:42:32 Yes. Uses the EDITOR variable setting to select which editor mode to use. 18:43:02 Pretty sure most things use editor. I am an emacs user myself so I don't exercise that path but sure for the people that use it. 18:43:03 I mean the vi-like interface for direct line editing, rather than integration with an external editor. 18:43:50 I hear emacs users tend to do 90% of their daily work inside emacs. 18:44:33 Yes. Emacs is a pretty good operating system. And it's a fairly good text editor too! :-) 18:44:44 I am trying to trigger rlwrap into vi mode and not having success. Hmm... 18:46:36 rwp, how is the activation of vi mode documented? 18:47:49 Ah, it is via .inputrc: "set editing-mode vi" 18:47:59 man page says: RLWRAP_EDITOR (or else EDITOR, or else VISUAL): editor to use for multi-line input (and rlwrap-edit-history). And then an example: export RLWRAP_EDITOR="vi +%L" 18:48:29 rwp, no, that's is not it. It simply tells rlwrap to lanch vi when you need to edit a large command. 18:48:36 Ah... 18:48:54 I was trying to avoid editing my .inputrc file. But I will try it since that is the mode you would always want. 18:49:34 not sure if this is a bug in documentation, but I added a job to /etc/crontab last night and it didn't run until I restarted the cron service. according to the cron manual page, you shouldnt have to reload the service. am I nuts? 18:49:36 Thanks. You can avoid editing .input rc if you temporary configure rlwrap to use an alternative config file. 18:49:41 Editing .inputrc and adding "set editing-mode vi" does of course turn on vi mode in rlwrap. 18:49:55 OK, thanks! 18:49:57 I just made a temporary editing of it and then removed it. 18:50:22 specialbomb, the right way to edit a crontab is via ``crontab -e''. 18:50:53 Many thanks for testing, rwp. No I will know I can use rlwrap. 18:51:34 specialbomb, I believe the `crontab' command does something to cause cron to reload its config. 18:51:40 Test what happens with Control-C which I recall as being the problem case with it. Because it exits when using rlwrap for things that don't normally exit with Control-C. 18:52:44 `crontab -e' would not work as root, error message said something about needing to edit /etc/crontab manually. so I did :p 18:52:45 specialbomb, I suggest and advise not editing /etc/crontab at all. Because then you will need to merge that file always in the future upon every upgrade. Instead create a file just for your stuff in /etc/cron.d/somethinglocallynamed and it is yours forever. 18:53:07 As I recall if you look in /var/log/messages cron logs when it detects file changes and re-reading of the changed files. 18:53:08 rwp, re: Ctrl+C indeed, mentioned in the man page. 18:53:09 ahhh, thats a good point rwp, ill undo my changes tonight 18:54:07 Interesting, why cront -e does not work as root? 18:54:24 The crontab command loads user crontab files into /var/cron/tabs/ directory for user crontabs. That's also possible for root to use but again I advise against it since root has the more powerful and general purpose /etc/cron.d/ directory to use and it is more obvious what's there. 18:54:57 What is "cront -e"? confused here... 18:55:16 ^ bad typing. I meant `crontab -e' . 18:55:30 it might have been something else. away from system right now 18:55:44 Ah. Okay. Gotcha. That works okay for root. But I advise against it. 18:56:01 ^ I have read your reason, and agree 18:56:26 crontab -e is for personal files, and root is impersonal. 18:56:39 rwp: I suppose I could set up a service user specifically for the job. I dont see much harm in it for the particular script I wrote 18:56:48 specialbomb, welcome back! 18:57:20 According to my fading memory: In the early days of AT&T Unix was the crontab command for individual user crontab files. BSD's version of cron rewritten didn't support that at all and used only the /etc/crontab file. Paul Vixie's version of cron, another rewrite, supported both and also added /etc/cron.d/* capability. 18:59:31 Thanks for the recap: the current man page says it Paul Vixie still. 18:59:49 specialbomb, The difference between the /etc/ crontab syntax and the /var/cron/tabs/ user crontab syntax is that the /etc/ root level has a field to specify the user. Often "root" but also often "non-root-user". 18:59:56 That's the feature that is most often used. Then packages and ansible like tools can simply copy a file into place and it will work immediately. If a user crontab is used then there is no automatic detection and really one would need to use the crontab command to install the file. 19:00:55 What is needed for such automatic detection: regular polling of file timestamps? 19:01:18 what I was working on was a script that would send color commands to an LED indicator in a USB port. its simple right now and pretty much just checks `zpool status -x'. 19:01:42 ant-x, Probably, yes, but I would need to review the source to know for sure what it is actually doing. 19:02:09 but I want to expand it later to check stuff like interface status and other critical things 19:02:59 specialbomb, Sounds fun! 19:03:16 rwp, by this time there ought to be some statndard practice for it, because lots of tools detect updates in their files, e.g. httpd... 19:05:04 I can now SSH into my revenant computr from within my local network, but I can't reach it from the wild. It is behind NAT, but I have made this machine a DMZ in my router. By what IP should it be accessible -- the router's WAN address? 19:06:21 ant-x yes, the public one, but configure port forwarding from the router 19:06:41 rwp: it will prove to be useful. might publish them in a package if I can make it smarter. the big thing I need to sort out is determining if the device exists, right now it assumes the device is `/dev/cua0U'. probably need to learn more about how how to get info about USB devices in freebsd and parsing the KMB 19:07:05 er, cuaU0 19:07:08 rfmoz, with DMZ, I think no inidvidual port forwarding is requird: the router should forward everthing to the DMZ machine. 19:07:48 specialbomb, or you can let the user specify the required device manually. 19:08:18 rfmoz, I have also tried to forward external port 22222 to internal port 22 (no DMZ), but failed as well. 19:08:29 DMZ is the global port forward. All ports are forwarded with the DMZ setting. 19:09:08 ant-x: that would be the current solution im using :p 19:09:09 rwp, Yes, I thought to make it work in this crude manner, for a start. 19:09:16 I suggest running a tcpdump and looking for packets incoming. If they are appearing there then there is yet another firewall blocking it. 19:09:44 rwp, tcpdump on the DMZ machine? 19:10:03 Yes. On the DMZ machine. 19:10:33 It's very common to set up a system as a DMZ host behind NAT and then route things further from there. Doesn't everyone do it? I do it. Everyone I know, who hasn't set the ISP modem into bridge mode, does it. 19:11:22 In other words, it is a well tested and well traveled path. 19:12:17 I'll just remind about the dual stack nature of IPv4/IPv6 and say that both paths should be tested individually. 19:12:17 the reason why I opt to change that is the fit-statusb device im using is intended to be individually addressable by unique serial numbers. I would ideally want to allow the use to specify the serial number for a particular light for a set of certain tests for granularity. Pehaps it would be smarter to create a command purely for managing fitstat-usb devices and then build scripts around that. 19:27:55 rwp, I am trying ipv4 now. tcpdump shows lots of packets even when I am not doing anything. I am trying to save them to a file... 19:28:44 i'm tailing pflog and seeing a bunch of pass out messages, but why? i only have 'log' on 1 rule and it's not the rule matching these messages. my pflog tail cmd is tcpdump -e -i pflog0 -l -n -t fwiw 19:29:26 whats the rule 19:30:05 Idk how you somehow find all sorts of shit every day haha 19:31:04 ant-x narrow it to the ports that you're focused 19:31:27 pass out quick inet proto udp from (myifgroup) to any port 1000:12000 keep state 19:32:38 and what is it matching thats not applicable 19:33:42 ant-x, I use something like "tcpdump -lni em0 port 22 host $remotehost" (on linux I can say -lni any which does not work on bsd) to limit the capture to just what I am testing. 19:34:09 rfmoz, OK. A little side problem: ``doas tcpdump | tee tcpdump.txt" keeps producing an empty tctdump.txt file. Am I using tee wrong? 19:34:11 Sorry that probably needs an "and" in there joining that clause. 19:34:29 pass out on lagg0: ip.x > ip.x: UDP 19:34:53 Probably "tcpdump" needs options -lni em0 in there, is erroring, and so the stdout is empty. 19:35:27 No, tcpdump shows lots of output without options, but I can't fork it with tee :-( 19:35:50 kerneldove: so, whats myifgroup then? 19:36:09 Not sure what -lni is, I can specify my interface as: -i sis0 19:36:55 it's a group myifgroup on a ifconfig_lagg0=... in rc.conf 19:38:22 I mean, it sounds like its doing exactly what you asked it to. not sure what the problem is. what traffic is getting matched that is *not* applicable to your rule 19:38:54 there is no "log" in the pf rule 19:39:05 so why am i seeing a matching fw event in pflog 19:41:39 ah I didnt catch that. I could suggest checking the pf.rc file to see if its doing any logging by default 19:41:44 I believe it does 19:42:25 hmm but i don't see any of the block messages. if logging was on by default wouldn't it be showing everything? 19:42:29 will check tho 19:43:00 maybe its a bug. 19:43:09 I dont see it as critical though 19:43:31 ant-x, tcpdump -l makes the stdout line buffered. Otherwise output is buffered. Meaning that when piped to something it will need to produce a full buffer before it is written. 19:43:57 rwp, tcpdump shows nothing for port 22 when I am trying to ssh via my WAN IP. 19:44:12 The -n avoids DNS name lookups, which just add another layer of network noise and is not desired here anyway. The -i specifies the interface to listen on. 19:44:47 If tcpdump is not seeing the packets then they are not arriving and therefore blocked further upstream. 19:45:06 rwp, how can I make sure I am specifying the correct IP? 19:45:07 Perhaps there is also a firewall setting enabled on the router? 19:45:23 Can you hit a web site such as whatsmyip? 19:46:45 Yes, there was a firewall enabled, but disabling it did not help. 19:47:07 rwp, yes, by all means. I have been trying the IP returned by that side as well. 19:49:33 Well... The problem is one that only you have access to debug. Packets are not arriving. Which means the DMZ setting is not working. Or maybe it is further blocked yet elsewhere. 19:49:42 it really seems like a pf/pflog bug in 14.3 19:49:47 ivy can you confirm? 19:51:01 heh, weird. 19:51:42 rwp, indeed -- no idea. 19:52:13 kerneldove_: what happens when you do use the log keyword on another rule, like one of your blocks. do the messages stop? 19:52:43 of course unless you send something that would be blocked 19:53:03 the only "log" i have is ssh connections to the server, those show up too 19:53:07 rwp, perhaps I need to test it from another independent machine, rather than from another machine within my own local network behind the same router? 19:53:17 but then these other events that don't have "log" do as well but shouldn't 19:54:52 ant-x, So... hold-up, from the local lan it was going out to the public ip and then needing the router to turn it around and send it back? Oh, that /should/ work but rarely does! That's almost never worked for me for most ISP routers. 19:55:21 So yes, you must test DNZ functionality from outside. 19:55:39 * rwp is afk for a while, good luck! 19:56:10 Yikes. I have no "outside" for now. I tried to emulate "outside" by SSH-int into a different machine, and trying to connect back to my own. 19:56:26 Thanks you, and good bye. 20:24:36 ant-x: what are you trying to port forward? 20:27:20 rtprio, Right now I am not port-forwarding anything, but has declared my FreeBSD machine as DMZ in the router. The router then should port-forward everything to this machine. 20:28:12 (and I cannot make sure it does). 20:28:45 Particularly, I have sshd up, and wanted to access this FreeBSD machine from the wild. 20:42:51 ant-x: use your mobile to confirm 20:43:11 or carefully share your ip address 20:44:05 there are also services like https://portchecker.co/ which will see if a port is open 20:46:37 rtprio, I have no smartphone. 20:46:49 I can share my address, e.g. with you. 20:47:46 How come you can't test this from the outside at the moment? 20:48:49 TommyC, what would be the outside? Both of my computers are connected to the internet via the same router. 20:49:09 ant-x: Do you have a smartphone that can ssh? 20:49:22 TommyC, I have no smartphone at all. 20:50:03 Is one of the computers mobile, like a laptop or something? 20:50:12 portchecker works, but often hangs for ten or so minutes on TLS handshake with pagead2.googlesyndication.com . 20:50:30 TommyC, both stationary PCs, why? 20:50:59 So you have no mobile device (laptop, phone, etc.) but you want to ssh into this box from the outside? 20:51:06 I do have laptop around, by the way... 20:51:36 TommyC, I want to set it up here, so that I can SSH to it from work and from other places, and to host a test website on it. 20:52:17 Ok, so if you don't trust another individual, you can always try t o ssh into it from work or other places. 20:52:40 I didn't say I didn't trust another. I can share my IP, no problem! 20:52:49 Well don't do that publicly. :3 20:52:55 Sure. 20:53:26 And we don't need ssh credentials either. nmap should pick it up. 20:53:51 But I have at least two suspect IPs. 1) the one that my router displays as WAN IP, and 2) the one that whatismyip displaces. 20:54:24 I have tested with tcpdump, that even an attempt to connect to ssh is logged. 20:54:45 TommyC, may I PM you both the IPs? 20:55:00 What do you mean by "suspect IPs"? 20:55:19 IP that I suspect may be the public IP at which my DMZ machine can be accessed. 20:55:59 Why do you have 2? 20:56:51 I don't know: the router shows one IP, and the a server (when I connect to it, as well as whatismyip.com ) shows another. 20:57:12 (a third-party server, I mean) 20:57:20 (in httpd access log) 20:57:33 Weird, I would use the one listed by whatismyip 20:57:48 I have tried both, and case share both with you. 20:58:28 Is this an immediate necessity? 20:59:05 Not at all. 20:59:27 Then I would just wait until you go to work or somewhere else to try from. 20:59:28 I am just asking for help with exposing my FreeBSD machine to the internet. 20:59:33 OK. 21:01:00 Based on what you've said, it sounds like the setup is right. 21:01:34 The problem with these things is that usually it's not the conceptual setup people get wrong, it's the implementation of the details. 21:05:05 OK, I'll be re-checking and re-testing it, after a pause to get my head straight. 21:16:42 Since my router reports: "WAN IP address: 100.xxx.xxx.xxx" (the xxx-es are mine) it means that I am behing CGNAT hell, and may need assistance of the ISP to make my machine accessible... 21:31:00 ant-x: well. doesn't have to be "hell", but certainly rather a "jail" 21:31:22 CGNAT jail it is 21:31:59 OK. What optons are there short of buying a static IP from the ISP (which will take me time)? 21:32:47 The Internet was invented as a network of equal nodes, so that hosting stuff was an inalienable right. 21:33:01 you can use EC2 elastic IPs on demand through forwarding or a proxy server ant-x 21:33:42 I perfectly understand what you are saying and I agree they've made things a lot less free with CGNAT and private addressing... 21:35:53 AWS does offer a certain VPN service but you can't attach elastic IPs on top of outbound interfaces so... 21:37:08 scottpedia, I have a pubnix server where I can host lots of stuff in containers. Can it help? 21:37:42 help with what? 21:38:28 With exposing my FreeBSD machine. 21:39:26 ohh yes sure as long as you have a public IP somewhere you can always do forwarding or proxying to expose your machine at home, however at the cost of connecting through a relay basically. 21:40:07 I do have a public IP on a pubnix, yes. 21:40:24 But there I am not a privileged user, so my options are limited. 21:40:55 the ideal scenario is to do IPsec over L2TP with certain dangerous and unorthodoxy network configurations if you want your thing truly exposed 21:41:31 I will be happy with exposing SSH, and HTTP. 21:41:56 yeah that's no big deal. all you need is a proxy/VPN 21:42:09 plenty of guides on how to set up something like that 21:43:23 wireguard, IPsec, OpenVPN, AnyConnect... you name it 21:45:07 OK, thanks. Not sure that pubnix allows hosing such "dangerous" stuff, though... 21:46:06 no... you didn't get what I meant. it's not dangerous at all and I believe countless people already use that the way you want to. 21:46:31 they don't have business if people don't do that 21:46:32 Recently got my hands on an old copy of the design and implementation of the 4.4BSD OS 21:46:49 "dangerous" in the sence the pubnix ownder may be help responsible for my abuse of such a VPN. 21:47:25 whatever you do with your VPS is not abuse unless there is a complaint by somebody else 21:47:31 Has there been something similar published recently for FreeBSD say? 21:47:39 grimpeux, lots of 4.4BSD info in ancient Unix archive: . 21:47:55 so good luck to you regardless ant-x 21:48:07 scottpedia, thank you! 21:49:37 @ant-x Yeah, this site rocks. 21:51:58 Will there ever be a 3rd edition of Design and Implementation of the FreeBSD Operating System? 21:52:11 i thought this was in the works a few years bacj 22:19:12 hmm I guess I still don't really understand why a 'thin' jail is thin, compared to https://docs.freebsd.org/en/books/handbook/jails/#classic-jail 22:19:36 in both cases you're starting from 14.4-RELEASE base tarball 22:22:07 ant-x, You can make an easy quick test by using ssh from your system to your pubnix and then using it to tunnel back in to your system from the outside. Something like "ssh -oExitOnForwardFailure=yes -oServerAliveInterval=200 -oSetupTimeOut=120 -R 2201:127.0.0.1:22 $username⊙ec" Which might need GatewayPorts=clientspecified on the server side though. 22:22:49 If GatewayPorts=clientspecified is needed but you can't set it up then you can use a second program such as socat or nc to stitch yet another software layer into the pipeline of communication tunnel. 22:23:09 There is nothing in software that can't be solved by adding another software layer. Except for the problem of having too many software layers! :-) 22:23:50 LOL! Thanks, rwp. "We have a problem" -- "We can solve it with a regex" -- "Now we have two problems" . 22:24:03 * hodapp grumbles something about Docker 22:24:36 People try to use regular expressions to *parse* data and that's impossible, which leads to that saying. But regular expressions are very useful and powerful and I disagree completely with the saying. 22:25:02 The first two weeks of my CS200 class at uni concentrated on learning regular expressions and it has served me well since then. 22:25:09 hodapp, "Thin" jails share data among multiple jails. Thick jails do not share data. 22:25:25 rwp: oh, hence working from snapshots/clones? 22:25:34 hodapp, SSH tullens are /much/ easier than deploying a docker VPN... 22:26:00 Yes. In a thin jail you can in a powerful way upgrade a jail by upgrading the underlying source of the data. Or accidentally break and mangle a jail by upgrading the underlying source of the data. 22:26:19 It's something so powerful that it can only be used for ultimate good or ultimate evil. 22:26:26 rwp, IMHO -- RegExes are good as an end-user tool, e.g. for sed, AWK, or a compiler compiler, but they are bad as a replacement for a proper parser. 22:26:53 Thick jails are plain. Nothing confusing about them. Simple. KISS says to keep it simple. It's always good to work with thick jails. Can't get in trouble then. 22:27:46 Thin jails become attractive when you don't have enough disk space to implement 10,000 jails with all of the plain files as plain data. But if those jails shared file systems then they don't take up any space, or not much space, and thin jails become attractive and worth the confusions of them. 22:28:40 Thin jails are also useful when programmatically spinning up jail containers with a program. Because then you have a program that is creating programs, basically, and can create a large number of them automatically and those might be thin because they are disposable. 22:29:16 Thin jails are best (just my opinion) when they are automatically created things and disposable. 22:30:43 ant-x: tullens = tunnels? 22:31:15 Yes, tunnels. I have not tried SSH tullens yet. 22:33:46 rwp, what is -oSetupTimeOut ? 22:34:29 (it is not listed in ssh(1) ) 22:35:05 Oh my bad! That's a Debian specific option. Which then became ConnectTimeout in the upstream. Use ConnectTimeout. (I copied that from one of my Debian systems.) 22:35:16 OK. 22:36:07 That was an idea that was implemented as a patch downstream, was a good idea, got implemented upstream, but for whatever reason got renamed along the way. 22:37:54 I am trying to understand that tunnel. I connect from my test machine to a pubnix, and create that tunnel on the pubnix. How do I connect to my test machine, after that -- by connecting to pubnix:2201 ? 22:38:19 (I just updated my older systems to use the newer name so that I won't fall into that trap again.) 22:38:52 ^ preventive refactoring! 22:39:02 Yes. Connecting to your pubnix:2201 which then will tunnel back to your local system's port 22. 22:39:40 What OS is on pubnix? Is that GNU/Linux or FreeBSD? 22:40:49 rwp, the pubnix is Debian 12. But what in the tunnel indicates that the connection should be forwarded back to my own computer? 22:41:50 Ah, that tunnel is to be created on my home FreeBSD machine? Now I understand. 22:42:36 On linux use "ss -na | grep :2201" and see what address is used in the binding. If it says something like 127.0.0.1:2201 then that is bound to the loopback device only and not yet useful alone for you. If it is bound to the public IP such as 23.220.75.232:2201 then that's the public IP and you might be able to connect to it. Maybe. It might still be firewalled off. But wait there's more... 22:43:23 On that pubnix, we mortal users can use ports from 5000..5500 22:44:19 Use one of those ports then. That's fine. As long as you know what it is. 22:45:08 I am hosting my Subversion on a certain port, and it ss -na lists it as 0.0.0.0:5120 . 22:45:21 Then use the new-ish -J jumphost option. "ssh -J pubnix:5027 homemachine" Though I admit that short syntax is a little fiddly. I like to work up to it in parts. 22:47:14 If "ssh -W 127.0.0.1:5027 pubnix" shows you the ssh banner from your home machine then you know you have something you can work with. 22:48:56 If that works then something like "ssh -oProxyCommand='ssh -W 127.0.0.1:2201 havoc' homemachine" will use it to tunnel through. Which can be shortened using the -J jumphost option. Which can be shortened by putting the configuration in the ssh config file. 22:49:12 Sorry, s/havoc/pubnix/ there. 22:49:33 pubnix is havoc, of course. 22:49:51 havoc is the name of one of my machines. I like fun names. 22:50:14 I was testing that off to the side to make sure I had the syntax correct. 22:50:47 I am too tired to do it now, will try later. It is my bed time. Good night, rwp and all! 22:50:51 So with the above, forget I mentioned GatewayPorts or firewalls because it avoids both of those things entirely. 22:50:57 Good night! 22:51:02 forget? 22:51:08 Good job! 22:51:20 You have already forgotten that I have mentioned it. That's perfect! 22:51:49 No, I remember about the GatewayPorts option. Now I will erase it from my memory. 22:53:09 What exactly "avoids both of those things"? 22:56:31 * ant-x is going bedwards, sleepwards, dreamwards... 22:58:53 Avoids by using ssh to log into the system and connecting to the loopback device directly. The call then comes from inside the house. 23:01:03 pick it up 23:17:49 hmm, bought a new disk, a 10k rpm oldie because why not (and it was dirt cheap). Still panics on a fresh install because init isn't found :/ 23:19:58 wipt: you using the official image? 23:33:31 scottpedia: Yes, I didn't know there was an unofficial image 23:33:50 okay alright 23:34:17 official images are supposed to have no issues... 23:34:42 not "unofficial" but rather home-built or nighly images that are not part of a major release 23:36:06 I stay away from bleeding edge. I ran the RCs for 7, never again. 23:37:29 10k rpm? 23:37:43 is it a SAS drive? 23:39:08 idk, shows up fine on sata. I had the same issue with the SSD that this is replacing 23:40:20 okay that's interesting