CrtxReavr: running for the rest of the day, had no issue

was likely a one off

polarian: CrtxReavr is alive ?

cpet: ??/

cpet: I appreciate you taking the time to try and build orca slicer BTW

Looking at prusa, and holy cow so many patches. In retrospect if im needing orca I could just put it on my Linux PC since the printer would presumably be at my house lol

JetpackJackson: okie dokie

cpet: upgraded 2 days ago with 15-RELEASE

hernan604: how does it feel man ?

cpet: like something from another world

from another galaxy

you must upgrade too so you can understand

cpet, nope.

i've been really happy with freebsd-update for a while now, i haven't tried the new pkgbase stuff yet

"new"

Demosthenex: pkgbase is still experimental (and I triggered a still existing bug with it), so ymmv

I would hold off a bit longer.

yeah. thing is i'm quite confident about updates with boot environments ;]

it'll get there eventually

q

My apologies, I thought I was on a different program

kenrap: i also triggered a bug with it

Does anyone have an opinion on refurbished HDDs for a NAS? I'm gonna need to upgrade space in it.

rtprio: this one? freebsd/pkg #2517

To be clear, I'm running a 3× mirror zpool, which does give me more redundancy / failure-safety than usual.

rtprio: Not with regards to sendmail but getting that SAT Solver error message.

(also, my plan is to buy 3 different brands, e.g. Seagate + Toshiba + HGST/Hitachi/WD)

Last I checked, I'd save about 100 EUR per disk, or 300 EUR total.

(for ~16-18TB / disk)

DarkUranium: probably depends on how much you are willing to spend, what your backup strategy looks like, what your tolerace for potential disruptions is, etc.

Yeah. It's for personal stuff mostly, so there isn't much of a backup strategy (the server *is* primarily a backup server itself, so). Also means the budget is lower than usual, heh.

i usually aim at the enterprise disks for the hope of higher reliability, but there's def a cost hit for that

I think my current ones are low-RPM (so not enterprise in that sense), but high-reliability ones. They're sold as enterprise, but I think they're aimed specifically at backup servers and such, not so much "live" data (which nowadays is mostly the domain of SSDs anyhow)

Buuuut it's been ... probably almost a decade since I bought them, so I don't recall the details anymore.

DarkUranium: as long as you are using zraid or mirroring, sure. at home, it's easy to rebuild and replace one

Yeah, I even got a (Supermicro) motherboard with hot-plug support, and one of those rack cases with hot-swappable disk mounts.

So I can literally just pull it, replace the disk in the unit, and put it back.

(and tell zfs to add it)

yep. i would suggest putting your OS on a simple pair, and data on a zraid

Demosthenex: but yeah, I'm using a 3× zfs mirror.

My OS is not on a pair ATM, but then again, there's nothing of relevance *in* it.

(it's on its own 128GB SSD)

yeah, i'd get a pair of cheap used 128G ssds and do mirrored root

Maybe, though 128GB SSDs are so cheap nowadays that "used" is a bit moot ^^

with ZFS you can have some extra confidence if a disk fails, you can replace it.

yeah, they are like 20 eur :P

no point in buying new

You mean *not* buying new?

But yes, I've always used zfs for this, it's why I went with FreeNAS (at the time, then TrueNAS, then TrueNAS Core, and now abandoned ... I'll need to fix that at some point, but it's not a huge priority for me, because "if it works, don't fix it")

i wouldn't buy any storage for homelab new

Fair.

(to be clear, I've plenty of experience managing FreeBSD servers, but a web UI is handy, mostly for the overview of system health and such)

CrtxReavr: ok

DarkUranium: install netcd from pkg

What *would* you recommend for a NAS nowadays, anyway? OS / software-wise? Ideally BSD-based (not necessarily FreeBSD, though I'd prefer that because it has the best ZFS support among the BSDs)

freebsd 14 latest patch, 2 OS used/refurb SSDs (geom mirror swap, zfs root), and 4 x used HDD for zraid for data

monitoring web frontend, netcd.

4× for 4-way mirror, or do you mean parity-style (Z1 / RAID5-style)?

true nas even if it's linux now

(well, Z2 I guess?)

if its 4 x chances are you made a z2

you can check it by doing zppol status

I'm asking what Demosthenex is proposing.

*I* am extra paranoid, so I went with a 3-way mirror ^^

raidz2-0 ONLINE

3 way mnirror ?

Demosthenex: Hm, I can't find netcd in pkg/ports. The only netcd I found is IBM's netcd daemon (network caching daemon)

cpet: yes.

normally mirrors are 2 drives

3 disks with same data. Means it tolerates 2 drives failing with no dataloss.

DarkUranium: i think zraid (3+1) is fine for a homelab. y

you'll setup backups right?

(I was worried about the somewhat-common issue of the remaining disk failing during intense reads because of resilvering)

if you have no other backups, then mirror 2+2

zfs doesn't do that

Demosthenex: well, no, since it's a backup server itself, really.

zfs only resilvers the blocks in active files

Plus there's kind of too much data at this point to back it up -_-

not every empty byte of disk space

you still need backups of those backups

so if you have 50% usage, you may read 50% off a disk

Sure, but the storage is mostly full.

ah well that's different.

cpet: technically, these *are* the backups of some other backups, so.

i use zraid and i have zfs snapshots via zrepl, but i take a backup offsite of critical items with borg

Anyway, to be honest, it's mostly budgetary. The lack of even more backups.

you need more backups

Personal stuff server, after all.

you described a cheap homelab

Yeah.

Demosthenex: anyway, uh, I cannot find this netcd =\

sorry, its netdata

its a python thing, with it's own webserver and graph collection. nearly zero config

There are plenty of monitoring frontends I'm aware of (e.g. Prometheus), but.

just install and open a browser to the port

i like nagios and munin, but this is live and mostly all in one

I use Prometheus to some extent for my servers, but since the home NAS is partially airgapped (behind NAT, firewalled, etc), I'd rather keep it isolated.

netdata is pretty small, one port, runs on the box not a chain of agents

Nice. I'll check it out, thanks.

you can run prometheus locally on the NAS and have it remotewrite to your real prom, so you don't have to open any ports frm outside

but anyway. 2x used ssds for OS (geli swap, zfs for OS), and 4 x used HDD for data (3+1 zraid or 2+2 mirror)

freebsd 14 latest patchlevel ought to be fine

all the cool people run 15.0

Tykling: I know, yeah.

cpet: i'm boring, not cool.

low maint, this isn't gentoo

FWIW, I *have* considered getting an extra backup box that's even more gapped from this one. Something that (ideally) wouldn't even have internet access, just the ability to connect to this NAS to sync changes (via Syncoid, rdiff-backup, or whatever). Doesn't even need disk redundancy (the NAS has that).

so, if i may.

And I'd only backup the most important data; I've a ton that's less important (can technically be redownloaded, assuming upstream doesn't disappear).

(which means less disk space needed)

consider having one larger disk (no raid), and use it locally for borgbackup

borg does compression and deduplication

i have a 800GB pool I will never use it but I had drives laying around so I used them

The reason I was thinking of a separate system is my concern with power surges.

A lightning strike could in theory fry all the disks.

that's more DR, not local recovery.

(my neighbour had a wall socket fly out of their wall, across the room ... the same lightning bolt gave me tinnitus for 1.5 days, as it struck ~25m from me while I was staring out the window)

borgbase has a 4TB plan for like 200€/yr

Aaah.

thats why UPS's are for

Yeah, I just don't trust them 100%, is all.

Maybe I'm too paranoid.

Demosthenex: Actually, I did buy a server for that, but never got storage.

just saying, i'd be more worried about fire from lightning

(didn't get around to it yet)

offsite backups.

hrm youre one of those heh

If you're looking for secure, remote back-up, that's also low cost: tarsnap.com

lol

tarsnap is good too

borgbase has been good to me

the fact of having my data being responsible of a 3rd party

make a deal with a friend to exchange space :P

doesnt appeal to me

That's actually a side biz of Colin Percival, FreeBSD's Security Engineer Emeritus

CrtxReavr: you for a role

er you forgot a role

Demosthenex: that too. Though I don't know of any friends with such amounts of space :(

cpet: borg is fully encrypted. you don't have to trust the remote storage

FWIW, I've been thinking of buyvm.net for my backups.

make friends on irc.

what are friends ?

I already got a slice-512 in preparation for it.

cpet: exactly.

DarkUranium: anyway point is, nothing wrong with most refurb HW for home projects. ZFS is better than raid with it's built in checksums, so even if you replace a disk you should be ok

Demosthenex: to be clear, do you mean borgbackup.org the software, or borgbase.com the provider?

i used to buy refurbished drives

cheaper and had the same waranty as retail drives

I mean, 100% ZFS. Also, never HW raid (because if the controller fails ...)

borg is the software. borgmatic is a cron wrapper. borgbase is a offsite borg provider.

Demosthenex: I know, my question is, which one are you recommending here.

Not sure if you just mean the SW, or the provider.

all 3

Demosthenex: is full of borg

heh

Fair.

DarkUranium: HW raid is a scam

HW is perfectly fine

inflexibility, often low performance...

scottpedia: HW raid is **great**, except in the low-mid market.

expensive but

i luv petabyte of ferrari speed flash fiber channel arrays.

i don't trust the whatever controller doing that job

TBH, in my case, it's mostly a combination of HW controller failure concerns, as well as more flexibility by using a zraid (I can then make the NAS work with literally any machine)

but that's not "make ddue from home"

(just move the disks over)

yes, on the low end do not use HW raid.

don't trust iscsi raid appliances

fiber channel, real data center quality raid appliances, are amazing.

scottpedia: so you trust software instead of a piece of HW specifically designed to do it ?

Demosthenex: FWIW, I do get a cheaper price at buyvm with the ability to run whatever (it's literally just a server + storage slabs) ... no redundancy for the attached block storage though, I *think*.

i had a 3ware card for about 8 years and it never failed once

cpet: yes. cause if it fails it means down time for replacements or fixes.

But since it's a backup of a backup, I think "no redundancy" should be fine.

a lot of people do, and have mostly good reasons to

scottpedia: if you have one machine doing whatever it is your doing you failed already

Well. Not everything needs a redundant server.

if not for saving money on the scale of things, i'd never choose HW raid.

yeap lets move it all to the cloud

DarkUranium: yeah, borgbase was for borg. they have EU datacenters, so i was satisfied

Yeah, very fair.

I do like the idea of *not* using borgbase just because I like the flexibility of being able to switch target servers.

(or even SW)

my data compresses and dedups well. so i have 4TB and get all my NAS homedirs. things i can download again are exbluded.

Mine doesn't, I think I did a test once.

with borg, anything you can access over ssh works.

It was something like 1.04 ratio or thereabouts.

yep, some data does that.

(a lot of it is already compressed, hence)

(stuff like video archives or my photos --- many of which aren't compressed [I shoot RAW/DNG], but are still not easily losslessly compressed by non-dedicated algos, and deduplication is out of the question for those)

s/DNG/NEF/ (brain fart)

I just did a quick test on some random photos, I got compression ratios between 1.03 and 1.06 with bzip2 (I just had bzip2 on hand, gzip or lz4 is likely to be worse --- though maybe zstd would do a bit better)

zstd seems like magic

And video is already compressed anyway (typically h264 or h265)

yeah, all of those compress poorly

dedup can still help when you have multiple copies

The "less important stuff" is stuff like my backup of all the GoG games I bought (juuuuust in case GoG goes belly-up) ... which is less important because I can redownload them at any time if the NAS fails.

But those are also compressed in one manner or another.

As in, already-compressed; the installer & their files.

if you can redownload it it's not important (TM)

Yeah, it's just convenient to have it on the same disks, TBH.

And no chance of error in where I put the stuff.

yep. i would suggest when you make your zraid, you create a few first level data types

zraid/STATIC and zraid/DATA making it easy to filter what to backup

<Demosthenex> dedup can still help when you have multiple copies

I don't, I did a comprehensive check a while back ^^

(ran a script that did sha256 of everything)

lucky you ;]

Granted, it wasn't per-block, but photos et al are unlikely to have same blocks anyway.

anything that can be replaced is not important in my book even my dd214 can be either downloaded form the VA or fetched from other parties

photos is a hit and miss

My *really* important stuff, I have on Seafile, and it's auto-synced with every single computer (albeit not server, except its host) that I have.

And I keep at least, uh. 3-5 computers constantly online. Not counting ones that come online at least once a week or so, and sync then.

Well, "constantly" being at least daily.

i trust a USB thumb drive more than most 3rd party backup services encrypted or not

(if I'm not awake, I won't be creating new files anyhow)

(unless I'm sleep-walk-programming?)

usb thumb drives have died on me so many times.

Demosthenex: I actually have that already. I didn't mention it because it was irrelevant, but I also have some much-less-important stuff on --- currently --- a non-reduncant storage.

as much as I like my pictures of my dogs they arent life threatning if I lose them

TL;DR my old mirror was only 2× (2×2), and I migrated it to this 3×.

After I was happy that 3× was fine (after about 6 months), I reused the old HDDs for the extra less-important storage.

One of those 4 failed since, so that pool is degraded.

Buuuut the data really isn't that important (TBH, I might have moved the GoG stuff to it, I know I was planning to)

cpet: well, definitely true.

no data is really just inconvient if it happens

Now I'm curious how much storage all my photos take, but I can't access my NAS right now, ironically.

(the server is at my parents' place, and their ISP fucked up and *then* my dad fucked up with some router config, so now I'm temporarily locked out of it until I get home and sort it out xD)

kinda curous wqhen bold text was a thing

I mean, it's still a thing, I'm just kinda lazy to use it.

Bold is toggled via \x02 in IRC. Similar to how \x01 is used for CTCP ACTION and such.

*slappy*

yay

*slappy jippy jappy*

For my client, it's ctrl+B.

With your thingie, I just see asterisks.

Demosthenex: just tried netdata, is there a way to get the full metrics without the use of their cloud?

someone used to use .oO for everything

that was annoying as well

DarkUranium: i ignore all the cloud crap. just use the local stuff

it's a decent all in one zero config local webui for monitoring.

but i use nagios and munin

Yeah, thing is, I get stuff like "Sign in to Netdata to use this function"

then don't use that function

you should have graphs for all major system items over time, and javascript navigation of them

Yeah, Top and Logs aren't accessible. Just irks me, I guess.

yeah, webuis irk me too.

i kind of like tui's and would be cool if they did something like that

.... to be honest, that's not a bad idea. I might do that.

i mean all you really need to know if if your system is OK, your FS arent full and temps are in normal levels

cpet: i would LOVE to see more tools usable over SSH. where did all the TUI CRUD forms builders for SQL go :P

you dont or i dont need a full blown webui for that

yeah, thus nagios. it alerts me over xmpp

i don't even open the ui

but then again I really dont need to monitor my system

i think the monitoring thing if its not enterprise its an attitude

either you like those conky stats or you dont

i luv my little conky bar on my laptop!'

back when I used to run FreeBSD on a cyrix CPU with limited space, ram, and CPU i ran nagios

but now that most systems are i7 or above

i dont bother any more

some people tend to go ape when there CPU goes above 40C

with my liquid cooling setup I can buildworld with -j30 and it doesnt even move

100% cpu usage is just good efficiency ;]

i dont need a graph showing it

oh look im running youtube my CPU is actually doing something

so many idle cpus in the world

but like I said some people like them others dont

same with LEDs

i hate LEDs

electape and wire cutters.

i hate them so much I take the fans apart remove the LEDs and put them back together

cause now you cant even fine normal fans

cause normally when you need a fan you need it now not in 1-3 business days

however ive seen that sometimes removing the LEDs causing issues with the PWM function of the fan

From the release notes: "The FreeBSD and FreeBSD-kmods repositories defined in /etc/pkg/FreeBSD.conf have been renamed to FreeBSD-ports and FreeBSD-ports-kmods respectively. Users who override these in /usr/local/etc/pkg/repos will need to adjust their configuration to match the new names." Gonna have to remember that, though not sure I will jump

on 15.0-R right away

scoobybejesus_tl: makes sense to change the names as FreeBSD for ports didint make sense when pkgbase is the new norm

i dont think thats a reason to bypass a update

Yeah I'm going to wait until .1

FreeBSD drink.unix.beer 15.0-RELEASE FreeBSD 15.0-RELEASE releng/15.0-7aedc8de6446 GENERIC amd64

works fine here

is someone familiar with x86 intel pmc? i'd like to support another cpu

I updated to 15.0-R over the weekend on most of my stuff too.

leah2: more testing ?

well the counter i want seems to work, but i'm not sure if i broke something else :)

ok let me use some telekinesis and guess the optiosn you used, program, port options kernel version OS installed

hardware information

IP address and shell acount info

and my donation for a free coffee

i can provide many details, if you're interested

that's the patch i wrote l2.re/JU7dj2 to run on intel N100

so you wrote that patch ?

i do not have a alderlake I have a Raptopr Lake

however if it compiles and works

i dont see why It wouldnt wokr for someone else which that rev

well you need a N100 or N150 to test it

i adjusted the libpmc now with new json files, i think it fits better now

So, I've noticed some behaviour with daemon(8) that I'm not sure is intentional.

Namely, if one uses -u / --user, it'll try to open the program *as* that user. So if I run daemon as root, root has access to /usr/local/sbin/foo but other users don't (as it typical), then `daemon -u foo_user /usr/local/sbin/foo` will fail.

I have come across that and can't remember what i did to deal with it, or even which program I had the issue with

I'm guessing it (`daemon(8)`) basically does `setuid() -> exec()`, and that open() fails.

(the implied/specified-by-standard one in `exec()` family)

I can't help but wonder if a `fd = open(...); setuid(); fexecve(fd, ...)` would work. But it does check for exec permission, so I'm not sure.

scoobybejesus_tl: FWIW, I made a small program that does exactly that (yes, it seems to work)

`int fd = open("/path/to/program", O_EXEC | O_CLEXEC); setgid(...); setuid(...); fexecve(fd, ...);`

why pput code in ``

cpet: clarity

I normally put extra spaces around code, to seperate it from the surrounding text on irc

It's common in markdown and modern chats like discord but for IRC it's usually not used

I'm pretty sure markdown has it from irc and email, as when inline with other text, it is sometimes not clear where the surrounding text and the code starts/stops

I am trying to switch from ezjails to jails on a bunch of services . one of them is a squeezebox server for what is now lyrion server. with spotty as as the connecting daemon to spotify. Seems the shift from ezjails to vanilla jails have changed somewhat what I need to do?

the spotty daemon process needs avahi/bonjour facilities in order to work properly

this seems to have been a part of my old jails config, not a part of my new

have anyone got exp in this broadcast I/O from whithin a jail?

what am I not seeing?

it is mainly the authentication process that fails due to the difference between what ezjails did and vanilla jails

maybe the correct question is - how to make avahi / bonjour work in a vanilla jail

Are you sure you want to move to vanilla jails, they are kind of a burden to maintain, especially if a thick jail. I recently migrated from vanilla jails to bastille. Much better experience.

they are thin jails, but in effect this should be be a vnnet issue? .. maybe

Yes, sounds like it

yes

I think ez jail configured more than vanilla jails does towards this

I am unsure really how far to go in the network setup to replicate ezjails with vanilla jails

currently the diagnosis is just a timeout in the dependent services

All my jails have their own net stack, let me check

the rest of the stack works, eg gui and etc. but the avahi / other broadcast stuff - not so much

they used to in ezjail

I can provide configs

This is my relevant jail.conf gist.github.com/0x1eef/803a5e32315e3fc8c8eb96cec6bd7733

bastille manages most of that for me

more info

Basically it works - except for spotty login / since it uses avahi / bonjour - so other music sources are ok

You are missing the vnet configuration

I keep seeing 15.0-RELEASE in rss feeds yet is still upcoming. Is 15 is the end of post rc but pre release state? Just waiting for mirror updates?

At least you want 'vnet;' but really there's more config to port, including with ifconfig

yes I realise that now

I do not know how

My gist would be a good start, probably. Do you have a bridge?

no bridge config - is that implicit in using the old ezjail system?

maybe I did not realize that happened

I'm not sure how ezjail does it, but in my setup, I have bridge0 and each jail has its own interfaces (eg e0a, e0b, etc) that are added to the bridge for internet access.

I just want local net access behind the fw

like from the browser I seek to login with to the endpoint the oauth2 process forwards me to

does that make sense?

Yeah. This is on your LAN, right? So maybe you want dhcpd to assign an IP for you?

this is fixed IP

Okay, that's easier.

never assign ips to servers via dhcp

not even ipv6

I think what happened with ezjails was a true vnet jail assignment. with broadcast and all

My LAN assigns IPs based on the ether/mac address. Your setup sounds simpler.

and now with vanilla jails I need to somehow specify it

yes mac addr is not considered

I have a hw police guard on my net looking for intruders

aka unknown macs

they will never get an ip

and the alert will sound

To start, you should add vnet; to your jail's config, and then start the jail, see what interfaces are available, iterate until you can assign an IP to the interface and reach other computers

ok

I have, unfortunately, grown accustomed to ezjails

but given the state - I am trying to move on

I like bastille for this. Very good abstraction.

I think I have to go bare bones - or I will just replace one problem with another?

aka understand the core tools in FreeBSD

I started with vanilla jails, and while it was good to learn things the hard way, it's not really sustainable unless you write your own scripts to automate the process, and bastille does a better job of that than me

BarnabasDK: here is an example of vnet jails pastebin.com/sLwNBzMW

ok

voy4g3r2, reading

follows the handbook and added some specific things, in particular the $id

brings up epairs and adds to my bridge..

this is not (yet) on zfs though

it might be very quickly

that is possible, you were asking about ip address and not using ezjails.. to have vnet

you may need to tweak to your environment but the stuff at the bottom is the key

yes this is not really about zfs

just why I see a difference between what I did with ezjails and now vanilla jails

i would focus on line 28 - 41

voy4g3r2, check

and the service does work, and start, it is the authentication part that fails

(eg, I ran the daemons with the corect switches ouside of the jail to find out)

so ezjail implicitly configured a bridge?

If you still have the config try start the jail and then run 'ifconfig'

I am just trying to understand the differences

yes but before that - I would like to learn what I am changing

so I can verify

I mean, if you still have the ezjail config, you can start the jail the old way and then run ifconfig, you might see bridge0 and a couple of epair interfaces

hmm

I do not recall ever seing that on the jail, but also cannot say I ever looked for it

It's also visible on the host

yes it should be

I do not recall ever having setup a full bridge in order to run this in ezjails

It might be done behind the scenes. I have no experience with ezjail though.

I have another jail host on my network running a mdns server, seems to work just fine - I do not understand why - also migrated from ezjails to just jails

if this is aproblem

a normal dns/mdns host

this is a mystery to me

it answers broadcast on 5353 like it is supposed to

new paste paste.ubuntu.com/p/KzMF45ZzMD

oauth would be fine

I will try your suggestions and see

The configuration you shared still does not isolate the network stack, and regardless of the other details, that's an isolation probably worth having

I think it may be necessary

maybe an isolated stack is necessary for multicast?

I am not that network savy

It is neccessary unless you want the host and jail to share the same IP

which they do not - I think you just answered my q

this may be the difference to ezjails where jails always have a unique IP?

I don't know - it is sort of legacy anyways

and I really do not want to use any more "wrappers"

It's controlled by: export jail_squeezebox_barnabas_dk_vnet_enable="YES"

ah so it is a rc.conf thing?

let me look

Nope it's a jail.conf(8) thing but ezjail exposes it like that

jail.conf(5) *

ezjail only exists now in the form of its config files

otherwise deinstalled

for this purpose

BarnabasDK: If it's any use, I documented some of what I do for jails. It might be a bit out of date: wiki.freebsd.org/MasonLoringBliss/JailsEpair

will read

I'm moving towards traditional jails hanging off of a localhost lately.

also I am trying to move to a lagg interface / vnet

but that is more externally

I saw a nifty article showcasing Caddy fronting for various services that seemed neat.

BarnabasDK: vnet is wicked cool and I use it in-house so I can treat my jails the same way I do VMs - they're all using epairs on a bridge, and they pull from the generally-available dhcpd.

So the localhost stuff will be for servers out in the world.

yeah it is the actual parallel to docker

Yep!

I work with sw dev on docker / kubernetes

mason: there are things i like about caddy, yet some things i do not

so I am not so confused about what I need, more how to achieve it

(what she said ..)

rtprio: What are the downsides? I haven't deployed it yet. Just seems interesting. NAT in FreeBSD isn't as straightforward as NAT on Linux, and this would let me avoid it, but I'm still wide open to ideas.

BarnabasDK: what i shared with you earlier.. is based off of mason's article

but I am seeing that I have to understand bridge setups internally in order to switch

yep, I will take a read

thanks

^

well this is just a home media setup thing, there is nothing important at stake here

exactly

the network config being just as complicated

i should definitely put on my list.. to update the static ip routing table of my mikrotik to the list

Hey, third quarter status report is out.

i have forgotten that a few times.. trying to ssh into the vnet jail and it goes unresolved host

ohh time to go read.. because watching neo4j database load is like watching paint dry

good luck BarnabasDK

Oh, weird, the report came out yesterday. Wonder where it hung up.

Oh, it didn't hang up. It just got buried in other stuff in my in-box. Never mind.

except for the fact I would like to know how broadcasts work into jails in freebsd

with avahi/mdns

but you game me a lot of hints to try

my smr resilver has 1 day and 16 hours to go :) i guess i should be thankful it hasn't removed it yet.

I wish my irc client would render text inside backticks as a slightly differently formatted mono font. would be rather helpful

adding support to bastille, specifically because I was in the same boat, and i didn't want to figure out what clever python was doing to manage the jail. w/ bastille, it's all shell scripts, meaning it is already doing what you'd be doing anyway, aside from certain opinionated things that usually don't matter and will already fit your usecase

also, I am someone who puts caddy in a jail (a thin loopback jail), and i have it proxy to other jails. pf redirects all incoming-to-host http/s traffic to the caddy jail (though the rdr rule has `to !<this_host>` which is a table from a macro of my host IPs and VNET jail IPs so their traffic doesn't get redirected too)