Huh.. `block out quick user _user` is blocking icmp traffic for all users. Is there not away to only block outgoing traffic for a specific user?

That's a pf rule.

hi, I want to comission my old dell latitude 5490 as a server, but for some reason, the screen doesn't turn off when I close the lid. is there another way for achieving this? (i am on 13.5)

do you need the screen off, or is brightness minimal an option?

turned off would be best. as the laptop itself would run 24/7

is there anything under hw.acpi.video.lcd0.active, and what happens if you try to set it to zero

Try it and report back.

unknown oid

apparently acpi_video requires that any DRM-related kernel modules be loaded; for that machine you would want to load i915kms, which should be available in the packaging system and/or the ports tree

I already have that installed, as I need the gpu for a workload

(and loaded)

then kldload acpi_video

then retry sysctl hw.acpi.video.lcd0.active=0

when I load acpi_video, the hw.acpi... is set to 0 already

oh blast, that's not so good

yeah did set it to 0 and nothing

try setting the brightness under the same sysctl tree to zero; for me on my thinkpad that results in the backlight being off entirely but the screen remains (invisibly) on and thus still vulnerable to burn-in. it seems to do some arcane resetting when I pull it off charge though

just a question for the hw.acpi.video.lcd0.active. I set it to 1 and then wanted to set it back to 0. but it won't go back to 0

o_O

yeah the output from the command is basically 1 -> 1

cripes

i think i had that happen to me as well

Taht something that needs to be set in /boot/loader.conf ?

AmyMalik: when I set the brightness to anything, nothing changes

crap

you might just have to deal with the screen staying on, unless you have a GUI locally (which I don't recommend on a server)

yeah. not wanting that :S

how I hate that device :( had already some (other) issues with that on linux

have another 2 questions then, as I am still very much new to BSD. will freebsd 15.0 get zfs 2.4.0 release or will it stay on rc4? kinda feels weird with that

and the second one, can I somehow find out why libvirt doesn't build the linux support with it? (I still have some "legacy" things I have to run)

... this'll sound stupid, but `apm -d enable` has a tiny but non-zero chance of doing something. hopefully that something is not bricking the entire device.

nothing...

I wonder if I should just put my thinkpad as a server and use the dell as my desktop

well that's good at least, it didn't break the entire bus. but drats.

if the thinkpad kills the screen on closedown (mine appears to), then maybe

but if you like using it more than using the dell..

not really. bought the thinkpad only because the dell had its issues as a desktop on linux. well the thinkpad has other issues :( (some hw)

well I guess I have to make friends with an ISO keyboard (again). and figure out how to install KDE (wayland) on freebsd

AmyMalik: thanks. will see what I can do

is it possible to use the ports tree as a user?

How do people store service configs in repos and deploy them to FreeBSD systems? I want to mess around with pf as a firewall/router and want to treat it as an appliance. If something gets messed up, just nuke the machine, copy/deploy configs, and restart.

with config management tools, like puppet, ansible, etc.

That's what I was thinking too. I have set up Salt for some other experiments in the past. Salt didn't look like it supported the BSDs well though.

they dropped support for it, yeah

i am stuck with a old setup of it with my homelab

NGL, I wish I could configure jails the same way I can configure podman containers. That would be the ideal thing. It feels like Service Jails and Thin Jails are almost exactly what I would want from an FS side.

you can use podman on freebsd

I missed that. That's neat. I would love the kind of integration with the system management daemon or init that Podman gets with systemd. Ideally, from one machine, I deploy the jail config, and the remote system makes that happen. These jails would run pf, kea-*, NFS, CIFS, etc.

adaptive doesn't seem to be working with my ryzen very well

it hovers at 2.8GHz but mostly sticks at 3.6GHz unless i set powerd to minimum

and it definitely does not throttle per core

seems like powerdxx works though

best hosted email service?

worst internet provider?

the one you have no choice but to use

isn't that always the case

good morning, I tried to get into my tmux sessions today but as root I'm getting this: tmux a

open terminal failed: not a terminal

echo $TERM

xterm-256color

vortexx: it happens after upgrade

vortexx: you got the tmux update and this it has breaking changes

vortexx: the errormessage is a red herring. kill the server and start anew or try with the old version to gracefully shut down

server ?

tmux

the tmux server instance you are trying to resume

will try to downgrade then, thanks

ridcully: ok killing the tmux server fixes the issue

vortexx, Hint: Type in "pkg info -D tmux" and read the message that appears at upgrade time.

tmux _always_ has breaking changes

I armored my tmux.conf with some version checking to be more resilient against the differences. the next tmux minor version upgrade broke the version check syntax itself.

Koston, Oh the irony!

rwp: cheers

must have missed that message as there were a whole bunch of upgrade messages that time

in linux one seem to be able to run the old/still running tmux version via /proc - is there some way to do this on fbsd?

otherwise instead of downgrading, take a look at /var/cache/pkg - maybe the prev package is still there. should be enough to extract and run to close your sessions

ridcully: I didn't downgrade in the end, just killed the tmux-server as suggested and everything was fine after that

Hello, all. Do you know of a SOCKS5 server avaialbe for FreeBSD, which can chain itself to another SOCKS5 proxy? That way, I wantto create a proxy open into the wild (with authentication, of course), operating via a local created via `ssh -D'.

hello

Guten TZAG.

I have a question regarding ZFS, I'm dumping a ZFS dataset with something like $> zfs send zroot_srv/data/jails/builder/jails/foobar | gzip > /tmp/foobar.gz

and I was wondering: could I use this dump with zfs receive on any machine?

are there any imcompatibilities regarding different ZFS versions ?

sure, they are, check zfs -V and zpool status, zpool status, zpool get all yourpoll, and consult zpool-features(7)

so is ti just not possible to have the bridge interface for jails on the same subnet as the jails themselves?

i think that's where i was having the problem

which doesn't make sense because it seems like that is a rather normal thing to do

maybe it was from adding the ip on the bridge interface as an alias?

Mem: 221M Active, 51G Inact, 847M Laundry, 7975M Wired, 1572M Buf, 2335M Free

ARC: 2058M Total, 974M MFU, 639M MRU, 681K Anon, 26M Header, 417M Other

is inactive memory interfering with arc? 🤔

i'm reading this trying to figure out how arc can get priority over inactive cache that's "stuck" in memory

Macer: yes, you can use the ports tree as user, you have to ensure that your user can write to the required directories, so you should set WRKDIRPREFIX and DISTDIR and maybe PORTSDIR (if you want to have it somewhere else than /usr/ports, I guess you do) and PACKAGES (to have one directory of packages). Of course installing packages still needs root privileges as that affects the whole system

(except for INSTALL_AS_USER=yes pkg --rootdir <some directory writeable by your user> install … )

nimaje: ah i meant a user using exports in their shell.rc and building / installing ports into their home dir

i'm more at a loss to why i have 56G of inactive memory and 2G of arc :/

is there some setting to give arc more priority than inactive cache? or maybe force swapping inactive out a bit faster

Macer: do you have a need for different jail subnet? i have always just used the external network for everything. seems like having a additional layer of nat would be just additional layer of headaches

Oks4: the jails are on a vlan .. the host is on an admin subnet

but with the host i was trying to smb share something to the jails since host/jail re on different ADs

so permissions became an issue with nullfs

sysctl: unknown oid 'vm.swap_idle_enabled'

did this get changed?

ahh. I dont know anything about smb or ad :(

hm, I guess you could make a directory prefix in your home, use that as root dir for pkg and set everything up, so that that is used as well (add to PATH, …)

nimaje: yeah. i figured that if you just exported the proper dirs it would be possible for a user to just build things from the ports tree and install it in their home dir as long as they set paths so it all works

i mean i get that's probably going to eat up space but being able to install pkgs as a user without intervention so long as the ports tree is available..

too bad fbsd doesn't have flatpak :)

but no idea if there is a way in the ports tree to make make install work with that pkg root dir

vm.swap_idle_enabled <- weird... i keep seeing this as an option but sysctl seems to think it doesn't exist

hm, I have it here on 14.3

Macer: if it is of any help here is my /etc/rc.conf.d/netif . One physical interface is for admin network (and admin network jails) where another is for all VLANS. I'm not sure if it is optimal but seems to work paste.jan.systems/trewhilyor

sysctl vm.swap_idle_enabled=1

sysctl: unknown oid 'vm.swap_idle_enabled'

Oks4: yeah i was trying somethign similar except in my case i was trying to add an alias ip to the bridge in order to use smb between a jail and host.. not the best way to do things but it was the only option i had at the time

nimaje: maybe that was renamed in 15?

or maybe removed?

i'm trying to find a list of tunables in the handbook

I don't see anything about that in the release notes, but that's why I included the version

`sysctl -ad` to get a list and description

yeah i'm trying ot hunt it down

but i don't see anything that performs the same function

hm, the only reference to it in the current source tree I can find is in tools/tools/sysdoc/tunables.mdoc, even if I search with --ignore-case 'swap.*idle'

yeah. weird.

i mean that kind of seems like what i really need heh

because something is cramming stuff into ram and it's not going away

i wonder if there's a way to flush the inactive memory faster

yeah i'm at a loss here. i'm stuck with a lot of consumed memory and very little arc and can't seem to tune my way out of it

i'll have to look at that when i have more time

has someone get cdk8s to work in freebsd?

Macer: I think arc is dynamic. If you mass access some files it should start to populate.

just had the idea to check releng/14.3 for swap_idle_enabled there I get more hits with --ignore-case 'swap.*idle'

sysctl -a | grep swap

sysctl -d vm.swap_idle_enabled

?

Oks4: I think in this case it is stuck at 2GB because of inactive memory pressure.

Pauli1: it’s not there.

sysctl -d vm.swap_idle_enabled

sysctl: unknown oid 'vm.swap_idle_enabled'

Macer: it's there in 13 and 14. are you on 15 by any chance?

Yes

So I guess removed? I’m still not sure if that would help. Is there an inactive memory max tune?

try skimming sysctl -da|grep -i swap

hmm they do seem to have disappeared

Yeah lol.

Macer what does "top -b | grep Mem:" say?

A good article explaining FreeBSD memory: klarasystems.com/articles/explaining-top1-on-freebsd

Mem: 135M Active, 50G Inact, 764M Laundry, 8039M Wired, 1572M Buf, 3934M Free

ARC: 2069M Total, 1022M MFU, 593M MRU, 873K Anon, 27M Header, 424M Other

That’s what I’m seeing in top.

I’m not seeing this behavior on my nas which is not running jails. I wonder if rclone + jails are to blame.

OK. So it was my jellyfin jail. At least now I know where it is coming from.

Mem: 395M Active, 195M Inact, 436M Laundry, 6460M Wired, 55G Free

I set a cap on its ram.

Jellyfin appears to be like Firefox/Chrome using all available memory unless someone stops them from doing so.

If you have the swap for it then inactive pages would be in the candidate list to be pushed out to swap if the system needed the memory for other purposes. I saw that you had 50G of inactive pages.

I am looking at 17G of inactive pages here on my desktop and it is all Firefox here.

I have an rctl.conf in one of my jail directories for limiting RAM usage. jail:jailname:memoryuse:deny=8g/jail

had to also do: kern.racct.enable=1

blasted .net

i didn't have it capped with rtctl though so hopefully that helps.

I denied memory use to Firefox over like 5G and it broke. Pages started forever loading. It also uses 3GB of RAM idling.

Like if I close all my tabs, it's still huge.

AmyMalik, RIP FireFox. Viva Dillo, Viva Kristall!

Idealism works until you have to actually do things.

Only because you are often forced into the bloated corporate infrastructre.

burn :) youtu.be/hA6ZHh2SReQ?t=106

looks like freebsd has the ladybird browser. neat. I wonder how well that's doing

Chrome is the same as Firefox. Chrome is the engine in something like 85% of all of the other web browser flavors. So you can't even escape Firefox to Chrome on memory piggy-ness use because Chrome is just the same.

I believe this pressure from browses is why we keep increasing out desktop memory. 4G. 8G. 16G. 32G! 64G!! Infinity G!!! It will never be enough. We just keep pushing forward hoping for the best regardless.

IMHO, Chrome is worse: <contrachrome.com> .

Turns out (until recently) getting more resources is cheaper than paying someone to optimize.

Althogh Mozilla are aggressevly pushing AI into FF.

They're ultimately both controlled by Google.

Is FF not a wee-bit more independent?

I may be wrong but I suspect that when I was a kid, you could have a desktop cube, a multi-protocol IM (still necessary today, for your information), email check, and do tasks that are properly a web browser's demesne with something like 1G of RAM. I don't know how much swap one would've had at the time, but I imagine that I'm giving that 1G estimate including all swap space.

ant-x, Would surprise me.

Yep. And when you have webkit (Apple -> Google), it's all the same engine underneath. Ladybird and whatnot will need to be bug-for-bug compatible or you won't be able to submit your taxes online or whatever.

wavefunction, You won't be able to do your taxes online even if it is bug for bug compatible. The CRA won't let you do it.

ant-x: FF is Not independent. Nominally yes, but in reality no.

AmyMalik: CRA?

Hopefully, the dependency on bugs will fade. Even now many corporate websites work in FF OK.

The revenue department in Canada.

AmyMalik: Fair - I was more using that as a stand in for "doing <important task online>"

So, the webkit engine isn't bad. How the engine works is fine, and having Google/Apple/Moz throw money at the engine is also fine. I think the big question is around the UI and user-controls.

If we can say "unload these tabs" and the engine actually releases the memory, $SUCCESS

2.5 G of RAM at idle, I think at that juncture you have to throw the entire bus away.

That much ram at idle, I'd wonder what it's all doing in the background. "Is there an option to unload Pocket?"

etc

I have a few addons in, but even without them it's no better.

(like I created an empty profile and it was still just as bad)

That's what I mean though - what AI crap, or acconut sync, or local-translation module is getting loaded up because Mozilla said so

One dreams of having more RAM to be able to do more with their computer, not to be able to keep doing what they did last year.

^ Check.

and *has* to only dream of it, because of OpenAI's antics in the RAM market driving the prices waaaaaaay up

and then jellyfin won't start with no logs 🤦🏻‍♂️

was toying with mac_do and mdo. seems a good design choice, but wouldn't it make sense to still have the option for the user to enter their password? i.e., while it guards against sophisticated attacks doesn't it open up more the simple "I typed something on your unlocked computer" attack?

hodapp, Even before that, though.

I like the UI of qutebrowser, but yeah qt-webengine is a bit of a memory hog being chromium based

I was basically expanding RAM capacity to keep up. Compilers were getting bigger, web browsers of course, email clients, IMs were moving into the browser, those that didn't work getting bigger