specialbomb: nope I removed them all lol

mason, I use mpv for command line everything.

either you love it or you hate it

rwp: Ah, I thought of it as not being console-based. Will try it. Thank you.

oh someone please shoot me I cant take this anymore

polarian: I knew you were gonna say that :/

hah

mason: should be included with multimedia/vlc

rtprio: It's a build option that's off by default. If I build the port I can turn it on.

well, building it by hand is not much effort

but mpg123 is one i used a long time ago

seen this issue before

its definitely state

but whats causing this...

ugh :(

polarian: what's the problem exactly?

rtprio: stateful packets getting dropped

as they arent stateful

packet goes from a vnet jail, to host, where it is NAT, passed out to WAN via wg0, then the reply comes in on wg0 and then is blocked by "block log" within the firewall

stateful packets are passed without firewall

but as the pastebin shows, the state is not being established

did you share your rules too?

what happens when you do bare minimum and just do the nat rule?

also, what do your routes look like?

rtprio: further up yeah

but theres nothing let, I stripped the config right down, I didnt think any of the extras were the problem but had to make sure

its a basic nat, passing on packets from the epair, and then passing them out

ig I remove wg next

oh yeah I remember, it is wg which is causing the issue

but I fixed it somehow ages ago

mtu on the wg?

rtprio: doubt its mtu being a pain but sure

it defaults to a sane value but its certainly not mtu

MTU is 1300

the default doesn't work :)

I have no clue why

no it does not

1420 is the default and it ends up dropping the packets

I found ~1300 doesnt cause issues

this was ages ago, wireguard as a whole on wireguard is duct tape at best

wait, wg on wg?

does your jail also contain a tunnel?

block log all, blocks in AND out

specialbomb: no

only the host

tf: I am aware...

but pf is a stateful firewall

you usually start pf rules with block all, further rules modify whats allowed

so if you block in, but your device connects to say google.com, there is tcp state

the returning packet matches the state, and doesn't go through pf

polarian: you dont state keep state, are you sure it is?

keep state is default

tf: keep state is the default

no offence, but I have used pf for years... I know my way around the firewall :)

this is an edge case im trying to remember how I solved before :P

so remind me, packets are not getting to the wireguard interface, and its not that decaped packets arent getting to the origin?

specialbomb: wireguard is functioning just fine, everything on the host works fine

the issue is specifically the state when it comes to the NAT

I know this because if I drop the firewall block, the packet is still dropped

rtprio: FWIW, rwp sold me on mpv. It seems to do everything I want.

sorry, the state relating to the nat

if you look at the paste I sent

this is produced with wireguard

as you can see the state is never established

the state should look like.. one sec lemme grab log

could I ask what your vpn provider is

specialbomb: my router xD

wait, no that shouldnt matter in this case I think...

no it shouldnt

as the packets pass in and out of the wg interface

theres this weird edge case with OVPN

but thats besides the point

I just for the life of me want to remember how I solved this issue a year ago

so badly

in your state log, what are the addresses? I guess thats whats confusing me. its obvious which is the wg if but its unclear what the rest represent

i think my server issue was bad ram

good time to have ram go bad after its price goes up 400%

I forgot xfce can kinda use wayland

sorry man :(

specialbomb: 192.168.254.1 is jail, 34.160.111.145 is ifconfig.me, 192.168.4.2 is the addr assigned to wg

ty

should make sense now

kerneldove: this is why I keep spares :)

Cursed

ram and disks are useful to have spares

motherboards and cpus sometimes come in use

especially if you have butterfingers like me and drop a disk onto your motherboard and fry it

oh i have lots of spares for my home servers, these are datacenter servers so the hosting company has to eat the cost

polarian: in that case, where is your endpoint wg peer?

im sure they have spares too tho

specialbomb: irrelevant

i have a hoard of sas drives, ram sticks, etc

but 192.168.4.1

on your local network then?

oh I thought you meant the address on the wireguard end

the IP address of the router is 192.168.2.1 :)

because this is local

if I was out of the house it would be the NAT addr of the router

I reserve the other IPv4's I have for statically assigning to servers on separate vlans

something which has been a pain to setup and still not working either :P

so, the encapsulated traffic IS coming back from your router then?

whether encapsulated or not, it passes through the router

yes

just getting blocked?

no

the router has nothing to do with it

as I said, the tcpdump shows the HOST is dropping it

ignore anything else, its exclusively the host

okay good, thats just what I wanted to clarify

no wg, state works fine

with wg, state breaks

im a littlw retarded btw

and I remember having this exact issue, which is why it is pissing me off so much

I literally sloved it

I remember this same suffering before ugh

im trying hard to try and sort out why exactly state isnt being established...

I do know when I was routing traffic between my jails, I had to establish bidirectional rules

theres bidirectional rules dw

but thats in the case of external traffic initiating a connection

"route show" shows all the routes I need

no problem

the host will always know how to get to the jail, but there is a catch which took me ages to figure out, which was if you have a vm within the jail, you need a route for the /29 block to the IP of the epair iface within the jail

this means the host will not know how to reach the vm, but it has a route to pass it back to the jail

and the jail does know

so it routes fine

most people use bridge though, which makes things simpler, but routed is more secure

some people think using cloudflare is secure until it takes down half the internet

cpet: therefore the answer is clear

turn the pc off ?

cpet: lol

and until they realise cloudflare is decrypting (and likely storing) all their encrypted packets :P

sounds like a security vulnerability to me, not a security improvement

cpet: fuck cloudflare!!!

s/improvement/layer/

polarian: most big companies do that

scottpedia: agreed

cpet: which is why you should avoid them :)

google does it, apple does it

cf is basically a protection fee racket

polarian: does it as well

pay or be denied access

scottpedia: pay me then

anyways back to smashing my head against the table

you cant multitask ?

well you ain't Lee Holloway are you? cpet

polarian: this is partially why I also do routing instead of bridges, but for me its mostly that I think routing gives you much greater control and a lot less overhead than having to worry about l2 specifics

scottpedia: i dont like cloudflare so no

specialbomb: which is why I did it too

I wanted control of the packet flow

but on a basic level, its easy

start slapping different virtual interfaces in, and multiple physical

and shit goes bad :/

cool theres a bill that would require cursive learning in schools

heh

cpet: where?

Florida

lol

cpet: they don't teach that by default where I went to school

they did when I was in

40 years ago

why would you want people forced to learn cursive writing

cause its quicker fancier and better

polarian: be sure to let me know your solution if you remember, im pissed I cant figure it out :D

just like your routed approach

that's not a good idea since i can't read a lot of old folks' note

specialbomb: I will prob be braindead by then

if it works leave it alone (TM)

cpet: Florida is a nice place btw

they drive like crap though

drive?

you know large box looking thing with 4 wheels on it that goes zoom zoom ?

as in motoring?

polarian: We are making my kids learn cursive.

hrm

okay hard to figure how "crap" it could be

sometimes cursive should be the first writing to teach a kid mason

look at how things were done a centeury or so ago

i remeber a time when kids went outside and not doing dumb shit on tiktok

and I remeber when I was 9 and some lady called me up telling me she hit my dog and I carried it home and my brother sprayed it with ant spray and it was as stiff as taxodermy

thank god I was the last gen to ever go outside

but now its all social media or tiktok

my cousins and stuff were ph@cked hard by the following wave of crap "apps"

a time when downloading a vidoe took hours

a time when you only had to worry about durnk drivers not drunk, high, texters

heh

Is there a "default/most used" DE/WM in FreeBSD (out of curiosity)

Lumina was the one pcbsd came with

think it died

gnome is popular I hate it

xfce4 and KDE are my personal favs

I heard about something called xenocara

thats openbsd x11 suite

Oh did you see my cursed xfce Wayland pic

nope

mason: why? lol

JetpackJackson: I believe KDE is the most popular

if it snot jennifer connley riding that horse

i dont want to see it

heh

but freebsd is not commonly ran on the desktop

polarian: Why prevent them from being able to read some decent percentage of written communications?

gnome's graphics is over-simplified

cpet: share.katzenmue.de:9270/file_share/…10-683db6e3a88d/20251118_193424.jpg

wifi issues, software issues

shit just segfaults lol

polarian: freebsd runs nice as a desktop you just have to pick your HW right

I get i3 and python (gajim) segfault often

gajim is horrible

true

Gajim is garbage

dino segfaulted in the past too

I say as someone who uses it lmao

Linux software written for LInux

not meant to run on BSD

but then again i never liked jabber

i miss gaim

Can't wait until I'm not behind a cgnat, then I can use websockets and use Cheogram web

God I want a framework laptop lol

jabber as in the chat protocol?

last I remeber XMPP is jabber

JetpackJackson: websockets work with CGNAT Lol

last I used gajim was for that

well depends

do you mean the server side, or client side

now i think its a multi chat thing like pidgin

polarian: im connecting to singpolyma's server to bypass the CGNAT so my DNS is set to his server

JetpackJackson: I dont know what you are saying lol

CGNAT prevents you hosting things

it's too complicated a thing... just use IRC if it's not for some extra-important stuff. cpet

it does not prevent you connecting to websockets

websockets are just sockets but HTTP based

if websockets are blocked by CGNAT so would regular sockets

Hmm

I guess I'll look into it again

oh you mean hosting it yourself?

are you trying to host on a CGNAT

if so then sure, it wont work

but connecting to a websocket via CGNAT works fine

love it when people on residential want to host crap then get fussy when you just need to get a biz line

Yeah im behind a cgnat

That's why I'm sshing into the other server

JetpackJackson: not the answer to my question

still not the answer

the answer is $@

I don't understand then

are you trying to host prosody on your home network

or are you trying to connect to prosody on another network

The first one

why dont you get a VPS for 5/m

and host it on that ?

I _am_ hosting it, I just can't do websockets

cpet: because singpolyma lets me use his server and it's free

And I can run it on my own hardware at home

no you cant

Just have to ssh for connection stuff

according to what youre saying about CGNAT

you can not

if you have to connect to server y to connect to server z through sing whatever server

you can't

I use autossh to connect to him

It works. It's how im talking here cause I'm using a xmpp-irc bridge

Lol

man people like you are the reason why ISP's have to do all this crap in the first place

... what?

not really? IP address exhaustion is why CGNAT exists

What'd I do??

JetpackJackson: I'm not entirely sure that person's game. But yeah you probably do need to get a VPS, since you don't have a public IP. You can use the VPS solely for tunnelling if you want, but it rmains that you need to do it.

cpet: they used to give up full ipv4 address with all non-standard ports open

us*

my ISP still does that

JetpackJackson: so you are forwarding traffic over ssh

through to singpolyma's server

except for port 25

LxGHTNxNG: oh. I guess I'm using the other server as a tunnel

why the fuck is singpolyma letting you relay off his server

pity

probably

and if you have cgnat, then you obviously cant host

polarian: not without help, no

pay for a VPS, setup wireguard on it, and tunnel through it

but again they limit the upstream speed so it isn't that useful anyways

or, just host everythign on the vps

polarian: because he's nice?

JetpackJackson: its not a very good setup im sorry

if you can't afford 5/m

really heh

5 which? galactic credits?

Lol I wish

JetpackJackson: wish what?

are you allergic to the shift key cpet?

I want a lightsaber

Lol

shift keys are bad

cpet: we used to be on 600Mbps-duplex for 15CAD/m with ALL PORTS OPEN for some reason

well, glad I could be of humour at least. stay safe y'all. *dragon flies away*

Lol

I was floodfilling i2p like crazy these days

See ya later LxGHTNxNG

scottpedia: a ISP shouldnt filter anything

most services are behind a nat firewall which is secure enough for most home users

yes that's ideal

and they should give us dynamic addresses too

I should learn how pf works

shoudn't*

i have a dyn IP but it hasnt changed for 3 yrs heh

And try out bhyve

JetpackJackson: vm-bhyve

Yeah

cpet: yeah some lazy employee might forget to turn the rotation up

I don't know how much ram or cpu it needs though

freebsd will run fine on 1gig of ram and 60gb space

wouldnt recomend running it with zfs but it can be tuned to work with 1gig

Im using ufs cause of the ram issue

I think the CPU is a bottleneck

why dont you just run freebsd over hyper-v ?

Celeron

or KVM

JetpackJackson: zfs doesnt have high ram usage

cpet: a VM on a Linux host?

I wanna run bare metal

is dead | cpets is dead

it uses spare ram for ARC cache

ARC: 5964M Total, 2762M MFU, 2102M MRU, 264K Anon, 38M Header, 1059M Other 4248M Compressed, 6966M Uncompressed, 1.64:1 Ratio

zfs isnt a ram hog my ass

hah

polarian: this is the laptop im running FreeBSD on: bsd-hardware.info/?probe=221eed4850

ugh

I cant load the site

its slow

very slow

but it works

Yeah idk why it's so slow

NAT is not a firewall

probably cause they run it off there home DSL service

4GB of memory is more than enough for zfs

;P

like cpet pointed out

1GB is enough

DSL is olde xD

LxGHTNxNG: never said it was

just you wont get a large ARC cache but thats fine

JetpackJackson: celeron which?

which codename/rlease year?

LxGHTNxNG: I have DSL :)

does zfs cost that much ram?

LxGHTNxNG: intel.com/content/www/us/en/product…-cache-1-80-ghz/specifications.html

scottpedia: yeap

you talking about having encryption-enabled

?

scottpedia: its mainly used for arc cache, I dont see a sizable difference in mem use between zfs and ufs

ARC: 13G Total, 9690M MFU, 2023M MRU, 896K Anon, 173M Header, 1544M Other 10G Compressed, 21G Uncompressed, 2.05:1 Ratio

thats the desktop with 64 gigs of ram

LxGHTNxNG: 2x Celeron CPU 4205U @ 1.80GHz

cpet: ARC only uses SPARE memory

ARC shrinks with memory use

cpet: damn 64GB ram????

And here I was thinking 16GB was plenty

they had a special one day for veterans day

so i bought some ram

regardless of how zfs arc works

zfs is a ram hog

unused memory is wasted memory

zfs makes good use of spare memory

Alright

imo functionally zfs is not so different from lvm so it shouldn't be a burden on just the typical HW of laptops and servers

I used to do lvm on a t3.micro

zfs can be tuned nicely on systems with less ram, it is mostly arc. you can change that easily

Hmm as long as I don't touch xwayland niri will work, it's when I try to run xwayland it just does not work

Sorry my brain is all over

Zfs and Wayland and websockets

Sorry

I've found that I do need to limit ARC to be able to deal with non-ARC memory allocations. More so on illumos because its memory allocator is broken

Interesting

scottpedia: lvm and zfs are entirely different

just because zfs can do what lvm does, doesnt mean they are similar

lvm is just volumes, its not a filesystem

"functionally" polarian

scottpedia: functioning how?

say im installing an OS, I am not going to slap LVM on it as the filesystem am I?

but if I was installing BSD I would select zfs..

comparing apples with oranges IMP

IMO*

Apple and orange are both fruit, but that doesnt make them simialr

similar(

I said "functionally" they are not so different

lol well tbh this isnt really worth arguing over xD

nitpicking a little :P

apologies

okay it's alright

but is LVM not a filesystem?

nope

there is a flag for a given partition that says "linux-lvm" as I remember

theres a flag that says freebsd-zfs as well

i would classify LVM like raidframe

scottpedia: it cant store data

I understand that but doesn't lvm dwell under a raw partition and emualates the recognized VGs on loopback?

in my personal use its a buggy pos

but bleh :)

sounds like one-level-above-filesystem things

I am not a Linux developer, I cant say how its implemented

you know wikipedia has a decent article about lvm

yeah lvm doesn't do much to files

lvm bugs me, last time I attempted to use it

haha

the whole linux world bugs me

including lvm

the way lvm does snapshot is mindboggling

I started to feel it, heh

i guess if anything is like zfs, I guess btrfs, but that shits whack

and still very different lol

hammerfs from dragonfly is an interesting beast

I am trying to implement vhd boot environment for fbsd

that might be an evolution even from zfs

alright back to slamming my head on the desk

take some meth so it atleast doesnt hurt

cpet: oh that explains the latest analognowhere comic

Hm, no ungoogled-chromium package, just ports. More reasons to use Poudriere.

polarian: im tempted to recreate your issue at home on my spare laptop to attempt to poke at it myself lol.

I need to set up aliases for the poudriere cmds

From here wiki.freebsd.org/VladimirKrstulja/Guides/Poudriere

JetpackJackson: Oh, nice. I'd used a DigitalOcean guide last time. Nice to see ... I was going to say "something maintained

but that appears to be six years old. :P

Oh

I didn't notice

Lol

I guess the guide I was using is a decade old, so that still wins: digitalocean.com/community/tutorial…e-packages-for-your-freebsd-servers

Well it seems to work, haven't decided what to build yet tho

JetpackJackson: There are some ports where there simply aren't packages ever, for licensing reasons etc. ISTR there was some CUPS-adjacent package that did this for me.

Thinking of making a nerd-fonts symbols-only package and then having yazi depend on it instead of the whole 6GB nerd fonts

Plus, you can tweak options.

specialbomb: I just had a lightbulb moment

I am just gonna check my snapshots

good idea!

mason: yeah I tried options but it won't help cause nerd fonts is in AUXDEPENDS or whatever and I want a smaller nerd font package

make config

remove AUXDEPENDS

make install clean

pkg would complain but then you would add a skip on that package

and problem solved

Doesnt help cause nerd fonts package is droid sans, ioveska, etc. I just want symbols only

no need for a full blown poduriere setup for 1 port

specialbomb: its identical to what it is right now...

back when it worked

I gotta look at how thebnerd fonts pkg unpacks the fonts and unpack the ones I want

Ig

Idk I feel jittery. Need to work on HW but also have to log off in an hour

how old are you heh?

I'm in college lol

ill be damned if any one tells me to log off

im in college too

JetpackJackson: is that US or UK college

very different

lol

But I like to make sure I'm off computers an hour before bed cause then I'm all hyper

definition of college that is

Or at least its harder to sleep

US

ah

so university in the uk then

they have meds for that

we cant afford them but we do have them

:P

Yeah I know I take meds

:p

whatcha going to school for ?

Still have to do things in my life to manage my anxiety and adhd combo

Computer science

Cyber Security

Changed my major from mechanical engineering to electrical engineering to cs

Oooh

Nice

lol

someone couldnt make up their mind

graduated in Augist now im with my bachelors

I def wanna get a cyber security related job

polarian: most people with adhd cant

meanwhile I am losing the will to live

Congrats cpet

I dont wanna give up on this damn networking

I graduate in the spring

cpet: or do what I did, drop out and be useless! :)

polarian: bro take a break and come back in the morning

nope

polarian: im already useless

polarian: now i can be useless with a degree

cpet: dont say that

I will eitherf ix it or pass out

oh my egods

polarian: please go to eep

Fr

you know your network issue will be there when you wake up

your switch isnt going to run away

JetpackJackson: will

but not your switch

LxGHTNxNG: 2am and still going!!!

cpet: yeah but more procratination, and its why nothing gets done

im in the zone rn

polarian: lets just say my VA medical record is 900+ pages long

VA?

veterans affairs

dunno what that means lol

the united states way of giving back to the veterans :p

I literally cant see why the fuck this isn't working

then you probbaly need to sleep

or a smoke

personally when I get frustrated over something freebsd i go take a break come back

99.98% of the time i fix it few mins after

LxGHTNxNG: no, its just a scummy problem

and likely a skill issue

i would ask to see your pf.conf but most people modify it to now show IP's or anything

cpet: they sent it already. bpa.st/AOGQ

could always go the modern way and paste your config to chatgopt and ask it whats wrong with my config

heh

Cheater!

cpet: I would rather die

so you are VPN'ing your jail traffic ?

cpet: its on my laptop, its an always on VPN

theres extra rules there to block traffic going out on wifi/eth and force it through wireguard

but I removed them for debugging

disable wg, state works, enable wg, state breaks

skills work better if you have slept

no state, means pf drops it

as it sees it as a new inbound connection

not a stateful packet

polarian: ever thought about its not your firewall but wg?

cpet: how would it be wireguard?

20:02 < polarian> disable wg, state works, enable wg, state breaks

come on now

you need sleep man hah

cpet: no sleep needed

thats the facts

the only thing in wg which changed was IPv6 connectivity

and I SEVERELY doubt, IPv6 is the issue here

different routing tables

different state tables

like I said, im motivated to try and do this myself

ill probably fool around with that this weekend if im not busy

def not tonight, my brain feels crusted

polarian: As much as I appreciate the real-time IRC feedback, scrolling through these convos to find out what exactly what is going on is heinous sometimes.

ek: im aware its annoying

by now I usually would have fixed whatever I moan about

ek: line breaking is a bad habit obtained by us gen z folk, and for that I apologize

I apologize as well

JetpackJackson: you are in the US?

because your site is .de

so arent you German?

try that

polarian: I am American yes

JetpackJackson: whats up with the .de tld then?

Because I wanted it

cool ig lol

confusing tho

Cause I'm learning german

why/

And its a whole word

katzenmüde

I mean its a play on the phrase "dog tired" but with "cats (plural)"

Cause I like cats

:3

Hm, is there any simple/quick way to get default audio input from one pcm device while the speakers are on another?

Specifically, I want to use a webcam as input and another pcm device as output.

specialbomb: it's older than that

I said obtained, not created!

wheres ivy

There's forums.freebsd.org/threads/audio-pl…from-2-separate-sound-devices.72675 with no answers. :P

ivy is like the saving grace when it comes to networking

I probably need virtual_oss.

cpet: how can I make make install not recompile everything

depends

Like i tried portmaster and it had done it after config with -P I think

Not sure how to have make or poudriere do that

Also what does poudriere mean

Wait I should look at that up instead

I guess I'll use portmaster for this port? Idk I wanna figure out how to not rebuild using poudriere

Idk what are yalls thoughts

JetpackJackson: what are you trying to accomplish, exactly?

build a port, or more than that?

I want to make it either that nerd-fonts only pulls the Symbols TTF files or that yazi does not depend on all of nerd-fonts

Whichever is easier or better

you know, you can just copy the ttf into the fontsdir and not fuck around with all this

i don't see why having a few extra font files is any cause for a bunch of fucking around with ports, espically if you're relatively new to freebsd

I swear I tried that but I don't think it worked. Maybe I skipped a step. I'll try that again tmrw and see

Plus the auxdepends with make config

Or else yazi will pull in the files again

yazi? sysutils/yazi ?

again, what's the problem with having a few more font files that nerdfonts installs?

It's 6gb

It just seems like a lot that I don't/won't use

I guess it's fine though

I don't want to go crazy like I did with gentoo cause then I wanted to "debloat" things and then realized that it would be a waste of computing especially for firefox

Actually I guess it makes sense that it pulls in the other fonts so that you end up with a font installed

Had to install a monospace font before foot terminal would open when I was doing post install stuff

q

well shit, i didn't realize it was that big

typefaces...

wtf did you just call me?

rtprio: yeah

JetpackJackson: pkg's

ports is all compiled

as for rtprio he is right why 6 gb of fonts is such a big deal

chris@beastie:~ % pkg info | grep font|wc -l 62

hodapp: typefaces

JetpackJackson: do you want me to make you a pkg without all that font crap ?

JetpackJackson: im bored and drinking beer so today is your lucky day

i do find it interest how many different building systems there are now compared to when there was one

and what a pain in the ass it was to debug m4

JetpackJackson: on a celeron building rust would probably take a few days

Random update, for some reason after randomly thrashing around Firefox ended up starting to show me pcm devices in the microphone pop-up. I'm unclear why it didn't do it from the start.

JetpackJackson: unix.beer/~chris/yazi-25.5.31_5.pkg

mason: firefox does weird thing as the system gains uptime

cpet: This was through reboots, but I wonder if it was the Firefox build. I switched to "latest" midway as I realized there was no Chromium package in "quarterly".

I bet the new Firefox is the variable that mattered. Guessing anyway.

i run latest

as long as it plays youtubes im happy

Yeah, that works, although I tend to just use yt-dlp.

mason: is it still working?

it's been a while since I looked into that issue

scottpedia: yt-dlp? Yeah.

but last time I tried youtube-dl was kind of blocked

I need to check it out on the new box, but I've been running it straight out of git.

youtube-dl might be abandoned at this point - unsure.

okay so what's with yt-dlp? the successor?

It appears to be the project currently getting attention.

okay alright thx for the ping up mason

sure

deno: A full installation of Xcode.app 15.0 is required to compile

this software. Installing just the Command Line Tools is not sufficient.

Xcode 15.0 cannot be installed on macOS 11.

-------------------------------------------------

another indication that I need to do the migration out of macos

or upgrade HW

already did. just not a mac this time

i sold my mac book and mac mini

given it up already

to get a newer mac book pro

apple is trashing us

big companies are trashing us

it's not worth it bro. eventually it comes a burden to take care of because of the increasingly closed and bloated software

becomes*

scottpedia: its a nice laptop for school

;/

you in college?

yeah

okay well. most of the times I just used the computer at the library

graudated with honors in aug continuing to bachelors

aug?

August

why continuing to bachelors?

Gi Bill

oh you in military?

VA pays me to goto school would be an idiot not to use it

was

right interesting I thought you usually get a bachelor's as a first out of a college education

things might work differently stateside

depends

you start with an associates and work your way up

okay i see

not familiar with the G.I. stuff but I heard it's not easy to get paid to go to college even after being in service

depends on time in

did you spend time overseas?

yeah

then it's navy or marine corps right?

Navy

that experience must be great for a man to have tbh

as long as you dont piss us off yeah

us?

veterans

okay by how?

most people who were in end up either grumpy, easily irriated or violent

sorry idk how this works exactly but you becoming an officer after college right?

i was active duty not an officer

okay

aka enlisted

how was your life btw? were you a pilot?

were you on carriers and stuff?

no I was a mechanic

okay alright

and I was on 2 carriers

wow that sounds great

anything interesting to share?

not really i have a messed up knee, arithtis in my c4 and c5 vert, back pain, head aches and stage 3b chronic kidney disease

damn that's no good.

how did that get those conditions?

fell in a hole during training, and jet fuel fumes

sorry to hear that. but hope you getting better man

im 2.3 point from needing dialysis, and its getting harder to move my neck carpol tunnel is making it hard to type

:P

because of mainly jet fuel fumes?

cant really get into the rest of the reasons

but pretty much

i mean that shouldn't cause that much of damage to the body. we smoke in gas exhausts all the time

but why did you say those in service eventually got grumpy and violent?

lets just say PTSD isn't fun

I heard some very different feedback from a guy stationed in Korea for a while

but i mean were you in active combat? I thought you just do stuff on a carrier.

i was a seabee we are like low level marines

okay

did you ever go ashore every so often?

like when the carrier gets supplies and stuff

not really

okay nice to talk to you man

gotta go so perhaps later cpet

bye

How is it I only just now learned about "service foo enable" and "service foo disable?"

beer is not involved ?

mason, It took me a while to discover that feature too. It's kind's one of those off to the side features.

It goes right along with "onestart" and "onestop".

took me a while to figure out sysrc -x cups_enable="YES"

is a thing

now im not a fan of all the linuxism

but it is easier to do sysrc bleh_enable="YES" && service bleh start than sh /etc/rc.d/bleh start

and yes thats being sarcastic as hell :)

I knew about onestart and onestop, but I love enable now that I know about it.

cpet: service is more an old Unixism than a Linuxism.

i have used freebsd since 2.2.8

i have yet to see service as a command

I hate to be the one to say this but as far as I remember "service" originaled with Red Hat. One of the few good ideas they had.

Wasn't there a service in Solaris? Now I don't remember.

when redhat implemented it it was not based off systemd

when I first started using redhat it came with linuxconf

Predates systemd. Was primarily there to insert "cd / && env -i" into the process start so that a user's environment stopped polluting the daemon environment.

something I do wish freebsd had

bsdconfig is good but

env -i is still something I do on, for instance, Slackware.

it doesnt have a tui for say pkg

Slackware is the onyl linux distro I tolerate

but as pain to instal software on

and compiling virtual box from src is not fun

messing with xsml is not fun either

cpet: slackbuilds.org/repository/15.0/system/virtualbox

been playing with it but

I want to find a Solaris 2.5.1/2.6 manual now.

yeah but still slackpkg works in such a way thats its manual

But I'm off-topic. Sorry.

i really doubt anyone is alive to make that count

heh

so you do you

one thign I always hated about liberchat

is the topic shit

Well. Anyway, there's automation: slackbuilds.org/repository/15.0/system/sbotools

yeah I used that but still its a pain

It could still use something like Poudriere.

you have to ediut each slackbuild to include the latest

as its beyonf the latest

The earliest mention of "service" I can find is from 2002 Red Hat Linux (pre-enterprise): ftp.kh.edu.tw/Linux/Redhat/en_7.3/RELEASE-NOTES.html

now I dont care about running old software but if you are installing it for the first time I expect to install the latest version

And whit that it is time for me to relocate from the coffee shop.

heh

for some reaosn people who spend hours at the coffee shop always irritated me

and made me thing go home and use the laptop there

I have no one waiting for me at home and the house is empty now and it is good for me to interact with people.

i do that at bars not coffee shops

the only issue with slackware is

it releases a release once every 5-6 yrs heh

looking at that slackbuild 6.1.50 is old

current is 7.2

7.2.4

im hoping to get a response form my bhyve PR

would be nicer to run bhyve vs a dedicated HD and linux install

but sometimes "whatever works for your use" applies

and I need windows 11 for school crap

is that bsdcert still a thing ?

i remeber i volunteered and they had me translate like 500 pages

mason: enable and disable are to make it run at startup or not

easy way to create a service that survives reboot

used to do "service" on old ubuntu versions until I learned systemctl

scottpedia: Right, but what's new is that there's a command that simple to obviate editing rc.conf directly, and with a syntax to me nicer than sysrc.

yeah

rc.conf is very difficult to deal with

you don't know when it stops working somehow

the only way it stops working if the daemon has a config issue

other then that its starts me if I have errors refuse to start

otherwise start me

regardless its still a linuxism as it was roginal implemented in redhat

BSD was still into the echo 'cups_enable="YES"' > /etc/rc.conf && sh /usr/local/etc/rc.d/cups start

is 15R being rushed just to keep the schedule? looks like it should be pushed back a week no?

There are goals set for each step of the way. Let me see if I still have that webpage in my browser showing them

zfs corruption bug :/ openzfs/zfs #16626

cpet: oh wow thank you

I'll have to try it out later, I just woke up

is the 'install' binary safe to use to move a new bin file into place of a bin that's already running? when i need to upgrade a running daemon i have to overwrite the current bin file then restart daemon. right now what i use is rm bin && cp newbin bin, but i heard the install program is made for this purpose

i was thinking of running install -S newbin path/to/bin, to make sure the write is finalized

I was partitioning a drive, and found I could not manually duplicate what the installer had created, so I resorted to gpart backup | restore - dan.langille.org/2025/11/19/duplica…tions-to-a-larger-drive-zfs-freebsd

hello I am having trouble upgrading my php it's related to freebsd

httpd: Syntax error on line 189 of /usr/local/etc/apache24/httpd.conf: Cannot load libexec/apache24/libphp.so into server: Cannot open "/usr/local/libexec/apache24/libphp.so"

you can ignore for now I commented it out but I will maybe find out why I need php module later in the httpd conf

good day thank you again

kerneldove: install just copies or moves it and chmod/chown in one go IIRC

install should can also create directories if they are not there...

ah, yah that

so is my install cmd right? install -S newbin path/to/bin

WOOT. So, we had audio working last night with Firefox and we even tested a Jitsi meeting. Power down overnight. Power up, and audio doesn't work any more. I can't use FreeBSD for this role. SIGH.

Are you sure you didn't forget to make something persistent across reboots?

Hi

a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services.”

one of Cloudflare's staff said that

panic!

So as I see all service goes down or hacked in last few months is for the same reason "routine change" or some sort of error

*is saying

Cloudflare attacked and many hosting services (like linode), security companies.. India many datacenters got down between 8Nov and 10 (causing lack of water due to overheating), increasing in traffic of bots trying to hack (I run my website for +4 years, this didn't start to happen like that only from Sep)

+70k request

0day exploits and malicious stuff is mass spared everywhere

And nothing is happening.. Just some routine change XD

wtf are you talking about

?

rtyler: you need to see what happens clear

oh okay, thanks, I see now, it's also very on topic thank you

Ah, sorry

rtyler: I thinked you believe them :P

Oh even Azure people be careful (many Linode servers got owned by same way)

V_PauAmma_V: Not sure what to make persistent, is the thing. sndiod is running, webcamd unchanged, and I never ended up implementing virtual_oss as it wasn't clear how to create something from the resulting device that a browser could see.

I tried having virtual_oss spinning up from boot in case it's spooky action at a distance, but it didn't matter.

Almost makes me wonder if it wasn't PulseAudio dragged in by the temporary introduction of Chromium.

Although I'm 90% sure that I didn't have PulseAudio running for at least one working test.

I guess I can test that.

We want to see if a specific physical address is mapped into the virtual address space of a user space process. We are trying to do this from the kernel, but we are running into issues with trying to use pmap_extract, specifically we get the following kernel panic:

panic: mtx_lock() of spin mutex (invalid)

The pmap pointer comes from:

1. pfind(target_pid) - gets the process structure

2. p->p_vmspace - gets the vmspace from the process

3. vmspace_pmap(p->p_vmspace) - extracts the pmap from vmspace

Then I'm iterating through vm_map entries with VM_MAP_ENTRY_FOREACH() while and calling pmap_extract_and_hold(pmap, va, VM_PROT_READ) for each virtual address.

The crash happens when calling pmap_extract_and_hold(). I suspect it's trying to acquire pmap locks that conflict with something.

I'm trying to find which virtual address maps to a given physical address in a userspace process. I'm doing this from a kernel module via sysctl handler.

friedy10: Might be good to ask that on a mailing list as well. I don't think many kernel developers hang out in here. Or maybe ask on #bsdmips on EFnet, but the mailing lists are the best bet.

friedy10: we need the code

I should check whether any of my WiFi dongles work with FreeBSD.... Then I could resetup my media server to use FreeBSD cause all I need is docker/podman and ssh

That will work right?

depends what media server you're sporting

Jellyfin for movies and TV and navidrome for music

All in docker

Or podman

dont do that over wifi :(

Why

Hi, I've just upgraded to 14.3 and get lots of messages of the form "pkg: Failed to fetch pkg.FreeBSD.org/FreeBSD:14:amd64/kmods_quarterly_0/meta.conf: Not found" with pkg update

poor network performance will cause a lot of issues, I guarantee

What have I done wrong here?

specialbomb: oh

Hmm I'll see if I can't get Ethernet or smth going on idk

huh wait that says 0

The router is not in the same room

if its a server or dedicated box just plop it next to your router

right this is part of a persistent problem I have where OSVERSION isn't set

specialbomb: it's gonna be kinda chonky, lemme see if I can find a pic of the case

freebsd-version -kru shows 14.3-RELEASE-p5 for all 3

Is docker or podman better supported on freebsd

right I found it, there is something setting OSVERSION as given in that msg, but it isn't obvious what the file really is

Oh we have jellyfin and radarr packaged?? Shoot that's awesome

I might use those packages instead then

Any gotchas I should know about when using those packages? (Radarr, jellyfin, etc)

How can I set OSVERSION to match uname -K

I can manually set it in pkg.conf but that doesn't seem systainable to do every single time

JetpackJackson: your best bet for docker or podman is virtualization. neither are natively supported yet, there have been talks about native docker for a bit though.

I virtualize debian and run docker that way

Oh so docker in a VM?

How does that work with accessing files on the host

Also I found native packages for jellyfin and radarr so I wanted to look at those first

You need to pass your storage through via NFS or SMB

Hmm

Would I need to do that if I use the native packages

no, you wouldnt. you could put them in jails if you wanted to get the same kind of process separation you would get from other container solutions as well

I highly suggest this.

but keep in mind, you may not have hardware transcoding support with jellyfin, if that doesnt bother you.

I do Jellyfin in a jail and expose media via nullfs. Works perfectly fine.

specialbomb: im gonna use my old pc as the new media server and its gonna have an i7 in it

I might try jails later

if you run jf bare metal and install the right packages you might be able to use the hardware video encoder on the CPU. I havent fooled around with it before though. What model of CPU is it exactly.

Err I think 7700k?

I don't remember and I can't check right now

you should be able to get hw accel on that, theres video quick sync. it probably wont work with every codec though, probably want to go to the jellyfin support in matrix or discord for help with that.

this is def going out of th scope of freebsd now though, lol.

Oh

Will the nvidia GPU be a problem

I just want to make sure I can set this thing up with no issue basically

This test with file-based devices leads me to believe shrinking a ZFS mirror is possible. The real test is trying it with partition based disk mirrors (e.g. /dev/adap3 instead of /tmp/0.raw). gist.github.com/dlangille/2578c132dc6177e2eb94ac426892da70

Should I do the virtualization route? Is there a writeup on this? I dont want to get bogged down in a complicated setup

Oh nice radarr is supported on FreeBSD and their page has setup instructions

so its just jellyfin that might be problematic

ek: what does your nullfs config look like? I'm still new to all of this

I just found a thing using Bastille to set up jellyfin so now I'm not sure what to use

JetpackJackson: I have multiple (one for each type of media) and I do read-only. But, they basically look like:

//path/to/host/Media/Videos/Movies /path/to/jail/name/root/media/Movies nullfs ro 0 0

Err.. With just one "/" at the beginning.

nullfs is ezpz

Sure is. I love it.

Oh ok

Maybe I'll try that on my VM if I can

I'm looking at the forums for posts about jellyfin and it seems to be working well for some people so I might use the binary package

just read the man page on it if you need more information. what I can also tell you, transcoding with an nvidia gpu will probably not work on freebsd. In order for me to do this, K had to patch bhyve

Oh

*I had to patch bhyve and virtualize linux

That doesnt sound fun

its not the most straightforward thing, no. honestly if I were you, since you want a simple solution, id just run jf on bare metal debian or something. if you're willing to put in the extra work and learning, getting it to work with freebsd as a host is totally possible

Oh

I was using chimera Linux but I havent used the system much cause its flaky cause its 15yr old hardware

I did hear people getting baremetal nvidia HW accel using VAAPI, but its not as good as nvidia's own implementation

you could try that

Alright

Yeah. I use vaapi via CPU. I don't have a GPU in my host for jellyfin.

Would it help if I got the specific GPU name

It should be in dmesg.

Its my windows 10 PC at home so I can't check now but I can when I'm home

I should be looking at my notes but this is more fun

you should really attempt to move this convo to jellyfin support honestly, I dont wanna keep bogging up freebsd with jellyfin specific info

Oh

They don't officially support FreeBSD tho so I dont think they would accept it

And the jail/bhyve stuff is kinda on topic

But I understand

Sorry

mewt, doesn't the repo have ${ABI} in the URL to do that automatically?

let's take a look!

Yes it does

"/etc/pkg/FreeBSD.conf", right?

in my case, i tend to enable latest, so for me /usr/local/etc/pkg/repos/FreeBSD.conf, which has FreeBSD: { url: pkg+http://pkg.FreeBSD.org/${ABI}/latest, enabled: yes }

yeah, I've got quarterly here now but otherwise same

I'll try and chase it down later, I think that somehow it doesn't set $ABI correctly

I suppose I can test out the media setup on the test laptop and See what happens rather than guessing at things.

I haven't messed with podman at all, but apparently we have it linkedin.com/pulse/getting-started-…guide-building-containers-jan-rgehc

scoobybejesus_tl: yes we do and its very awesome

there are a lot more notes here docs.skunkwerks.at/LqHthEkTSeGDwV0PDUQSyg# which will move into the handbook in the next few weeks

dvl: I would be very surprised to learn if you can shrink a zpool

AFAIK, you can't. You need to send | receive, recreate it, then reverse.

dvl: the main thing I don't see, is, what mechanism is there in zfs to migrate the data from mirror-0 to mirror-1.

^ good question for #openzfs channel

your test pool comprises 2 striped, mirrored vdevs. So the question is, how would the data move from one vdev to the other?

damn theres an openzfs channel, im hanging there

dch: I think it's here. "Removing a top-level vdev reduces the total amount of space in the storage pool. " man.freebsd.org/cgi/man.cgi?query=zpool-remove

dvl: aaah this is newly supported via device evacuation....

dch: "The specified device will be evacuated by copying all allocated space from it to the other devices in the pool. "

So yes this process would work then.

dch: So it seems. It seems to be my precise use case.

I vaguely recall it leaves some metadata indirection all over the place. I don't think this is large, but presumably there is a slight penalty for the extra lookup.

you should probably get proper advice from somebody more familiar with it

i look forwards to yet another informative dvl blog port!

dch: I've posted in the #openzfs channel already

dch: I will test it soon, after I add a third drive to the zroot mirror, then remove it for future use as a backup...

dch: I'm assuming I can do that... just boot from a single drive removed from a zpool. If not, it's easy to reinstall.

yes I have done this alot, mostly to hetzner after splitting a mirror and booting in linux rescue mode

just check the removed drive has boot blocks / efi partition

how to ssh into install session of FreeBSD-14.3-RELEASE-amd64-disc1.iso?

Chip1972: I

m not sure that you can without console access.

Chip1972: tried `service sshd start`?

Chip1972: What's your goal? ssh or install?

my goal is test my own install script on virtual machine. since I cant add an script to the iso file itself

how to configure network card on install?

dch: Yes, I did that parition / boot stuff earlier today: dan.langille.org/2025/11/19/duplica…tions-to-a-larger-drive-zfs-freebsd & dan.langille.org/2025/11/19/moving-…-zpool-to-larger-drives-zfs-freebsd for the bootcode.

forgoted FreeBSD-14.3-RELEASE-amd64-memstick.img

Chip1972: you can use unionfs to get mountable bits to run ssh kev009.com/wp/2016/07/freebsd-uefi-root-on-zfs-and-windows-dual-boot

Chip1972: Your goal is a customized and automated install?

Chip1972: but for 1-offs I prefer using mfsBSD mfsbsd.vx.sk

dch: I was considering mentioning that for custom installs

Chip1972: I use mfsBSD on a regular basis, not for installs, but for booting a system using a thumb drive.

dvl: are you building own mfsBSD images ?

I do

mzar: I never have, but I did know it can be done.

I also use poudriere-image a lot

I am testing first link. How to list network cards?

Chip1972: ifconfig -l

cool, TBH I have never tried this poudriere-image, looks nice

mfsBSD works nice in PXE enviroment

mzar: have you UEFI PXE boot ?

not, it was old PXE

Chip1972: you can also insert scripts into the official installer medium, all of these ways are legit

forums.freebsd.org/threads/how-can-i-automate-an-installation.93511 is a nice writeup of that

how to add a nick in the begining is a message?

see man.freebsd.org/bsdinstall for the official doc

Chip1972: sorry I don't follow what you're saying

I forgot how to add a nick to the begining is a message

Chip1972 try with @?

works with my client.

Chip1972: "i wrote ch<tab> and my client did it for me"

Chip1972: i wrote "ch<tab>" and my client did it for me (for better parsing :]

that is initial letters of the key and then tab

what client? tab key on Pidgin fill my screen wirh lot of garbage

i'm using weechat

dch: nedko: worked...

now I have a lot documentation to read

Chip1972: you're welcome back with questions too. I suggest you try using mfsBSD

to start with

just download the img file and write it to a usb stick

boot from it

and then try ssh over the network

then run `bsdinstall`

once you understand that, you can customise mfsbsd itself

add your own ssh keys

and have it run custom installs

poudriere-image allows similar things, but its not as easy to get started

thanks a lot. Now I will get away from linux systemd/wayland/rust crazyness for good

... for maybe like a year

wayland works on freebsd and there are overtures towards rust in base (which I find absurd, but here we are)

rust isnt surprising

Rust is nauseating.

but so are the majority of its opponents.

I use OpenBSD for work, freebsd as server, and linux for console/multimedia, but latest rust crashes make me do the final decision

the language has merits

there are reasons for everything. I wouldnt rewrite things in rust for no reason, but I would expect future software included in freebsd to potentially use rusy

anyone here good with networking, or do I need to annoy ivy :P

Just ask rather than asking to ask. If someone is able to help I'm sure they'll try to.

polarian: What networking?

mason: wireguard, NAT and pf :0

Ah, I don't know wireguard and I use ipfw, so I'm probably not a great resource. Sorry!

I got an idea who to ask

The mailing lists are always good.