00:29:05 Huh.. `block out quick user _user` is blocking icmp traffic for all users. Is there not away to only block outgoing traffic for a specific user? 00:29:14 That's a pf rule. 01:10:32 hi, I want to comission my old dell latitude 5490 as a server, but for some reason, the screen doesn't turn off when I close the lid. is there another way for achieving this? (i am on 13.5) 01:23:45 do you need the screen off, or is brightness minimal an option? 01:24:31 turned off would be best. as the laptop itself would run 24/7 01:28:15 is there anything under hw.acpi.video.lcd0.active, and what happens if you try to set it to zero 01:29:58 Try it and report back. 01:30:56 unknown oid 01:31:01 apparently acpi_video requires that any DRM-related kernel modules be loaded; for that machine you would want to load i915kms, which should be available in the packaging system and/or the ports tree 01:31:30 I already have that installed, as I need the gpu for a workload 01:31:35 (and loaded) 01:31:40 then kldload acpi_video 01:32:07 then retry sysctl hw.acpi.video.lcd0.active=0 01:32:12 when I load acpi_video, the hw.acpi... is set to 0 already 01:32:20 oh blast, that's not so good 01:32:35 yeah did set it to 0 and nothing 01:33:16 try setting the brightness under the same sysctl tree to zero; for me on my thinkpad that results in the backlight being off entirely but the screen remains (invisibly) on and thus still vulnerable to burn-in. it seems to do some arcane resetting when I pull it off charge though 01:34:21 just a question for the hw.acpi.video.lcd0.active. I set it to 1 and then wanted to set it back to 0. but it won't go back to 0 01:34:35 o_O 01:35:08 yeah the output from the command is basically 1 -> 1 01:35:14 cripes 01:35:21 i think i had that happen to me as well 01:37:22 Taht something that needs to be set in /boot/loader.conf ? 01:40:12 AmyMalik: when I set the brightness to anything, nothing changes 01:43:59 crap 01:44:30 you might just have to deal with the screen staying on, unless you have a GUI locally (which I don't recommend on a server) 01:44:51 yeah. not wanting that :S 01:45:20 how I hate that device :( had already some (other) issues with that on linux 01:46:14 have another 2 questions then, as I am still very much new to BSD. will freebsd 15.0 get zfs 2.4.0 release or will it stay on rc4? kinda feels weird with that 01:47:06 and the second one, can I somehow find out why libvirt doesn't build the linux support with it? (I still have some "legacy" things I have to run) 01:49:09 ... this'll sound stupid, but `apm -d enable` has a tiny but non-zero chance of doing something. hopefully that something is not bricking the entire device. 01:50:03 nothing... 01:50:27 I wonder if I should just put my thinkpad as a server and use the dell as my desktop 01:50:29 well that's good at least, it didn't break the entire bus. but drats. 01:51:07 if the thinkpad kills the screen on closedown (mine appears to), then maybe 01:51:21 but if you like using it more than using the dell.. 01:52:06 not really. bought the thinkpad only because the dell had its issues as a desktop on linux. well the thinkpad has other issues :( (some hw) 01:53:48 well I guess I have to make friends with an ISO keyboard (again). and figure out how to install KDE (wayland) on freebsd 02:02:14 AmyMalik: thanks. will see what I can do 02:21:32 is it possible to use the ports tree as a user? 04:02:07 How do people store service configs in repos and deploy them to FreeBSD systems? I want to mess around with pf as a firewall/router and want to treat it as an appliance. If something gets messed up, just nuke the machine, copy/deploy configs, and restart. 04:05:24 with config management tools, like puppet, ansible, etc. 04:06:38 That's what I was thinking too. I have set up Salt for some other experiments in the past. Salt didn't look like it supported the BSDs well though. 04:07:30 they dropped support for it, yeah 04:07:46 i am stuck with a old setup of it with my homelab 04:10:03 NGL, I wish I could configure jails the same way I can configure podman containers. That would be the ideal thing. It feels like Service Jails and Thin Jails are almost exactly what I would want from an FS side. 04:10:57 you can use podman on freebsd 04:14:09 I missed that. That's neat. I would love the kind of integration with the system management daemon or init that Podman gets with systemd. Ideally, from one machine, I deploy the jail config, and the remote system makes that happen. These jails would run pf, kea-*, NFS, CIFS, etc. 04:37:00 adaptive doesn't seem to be working with my ryzen very well 04:37:14 it hovers at 2.8GHz but mostly sticks at 3.6GHz unless i set powerd to minimum 04:38:13 and it definitely does not throttle per core 04:46:44 seems like powerdxx works though 05:33:47 best hosted email service? 05:52:08 worst internet provider? 05:54:04 the one you have no choice but to use 05:54:14 isn't that always the case 06:10:23 good morning, I tried to get into my tmux sessions today but as root I'm getting this: tmux a 06:10:27 open terminal failed: not a terminal 06:10:40 echo $TERM 06:10:40 xterm-256color 06:18:11 vortexx: it happens after upgrade 06:18:14 vortexx: you got the tmux update and this it has breaking changes 06:19:22 vortexx: the errormessage is a red herring. kill the server and start anew or try with the old version to gracefully shut down 06:19:39 server ? 06:19:43 tmux 06:20:02 the tmux server instance you are trying to resume 06:49:47 will try to downgrade then, thanks 06:50:34 ridcully: ok killing the tmux server fixes the issue 07:57:49 vortexx, Hint: Type in "pkg info -D tmux" and read the message that appears at upgrade time. 07:59:11 tmux _always_ has breaking changes 08:00:38 I armored my tmux.conf with some version checking to be more resilient against the differences. the next tmux minor version upgrade broke the version check syntax itself. 08:04:38 Koston, Oh the irony! 08:15:22 rwp: cheers 08:15:41 must have missed that message as there were a whole bunch of upgrade messages that time 08:40:58 in linux one seem to be able to run the old/still running tmux version via /proc - is there some way to do this on fbsd? 08:41:45 otherwise instead of downgrading, take a look at /var/cache/pkg - maybe the prev package is still there. should be enough to extract and run to close your sessions 09:57:37 ridcully: I didn't downgrade in the end, just killed the tmux-server as suggested and everything was fine after that 10:13:51 Hello, all. Do you know of a SOCKS5 server avaialbe for FreeBSD, which can chain itself to another SOCKS5 proxy? That way, I wantto create a proxy open into the wild (with authentication, of course), operating via a local created via `ssh -D'. 10:35:36 hello 10:36:29 Guten TZAG. 10:37:06 I have a question regarding ZFS, I'm dumping a ZFS dataset with something like $> zfs send zroot_srv/data/jails/builder/jails/foobar | gzip > /tmp/foobar.gz 10:37:49 and I was wondering: could I use this dump with zfs receive on any machine? 10:38:47 are there any imcompatibilities regarding different ZFS versions ? 11:48:04 sure, they are, check zfs -V and zpool status, zpool status, zpool get all yourpoll, and consult zpool-features(7) 11:56:30 so is ti just not possible to have the bridge interface for jails on the same subnet as the jails themselves? 11:56:37 i think that's where i was having the problem 11:56:53 which doesn't make sense because it seems like that is a rather normal thing to do 11:57:17 maybe it was from adding the ip on the bridge interface as an alias? 12:12:05 Mem: 221M Active, 51G Inact, 847M Laundry, 7975M Wired, 1572M Buf, 2335M Free 12:12:07 ARC: 2058M Total, 974M MFU, 639M MRU, 681K Anon, 26M Header, 417M Other 12:12:19 is inactive memory interfering with arc? 🤔 12:26:00 https://forums.freebsd.org/threads/freebsd-inactive-memory.50262/page-2 12:26:19 i'm reading this trying to figure out how arc can get priority over inactive cache that's "stuck" in memory 12:33:47 Macer: yes, you can use the ports tree as user, you have to ensure that your user can write to the required directories, so you should set WRKDIRPREFIX and DISTDIR and maybe PORTSDIR (if you want to have it somewhere else than /usr/ports, I guess you do) and PACKAGES (to have one directory of packages). Of course installing packages still needs root privileges as that affects the whole system 12:33:49 (except for INSTALL_AS_USER=yes pkg --rootdir install … ) 12:34:55 nimaje: ah i meant a user using exports in their shell.rc and building / installing ports into their home dir 12:38:38 i'm more at a loss to why i have 56G of inactive memory and 2G of arc :/ 12:39:14 is there some setting to give arc more priority than inactive cache? or maybe force swapping inactive out a bit faster 12:39:22 Macer: do you have a need for different jail subnet? i have always just used the external network for everything. seems like having a additional layer of nat would be just additional layer of headaches 12:39:51 Oks4: the jails are on a vlan .. the host is on an admin subnet 12:40:10 but with the host i was trying to smb share something to the jails since host/jail re on different ADs 12:40:15 so permissions became an issue with nullfs 12:41:36 sysctl: unknown oid 'vm.swap_idle_enabled' 12:41:39 did this get changed? 12:41:49 ahh. I dont know anything about smb or ad :( 12:41:50 hm, I guess you could make a directory prefix in your home, use that as root dir for pkg and set everything up, so that that is used as well (add to PATH, …) 12:42:35 nimaje: yeah. i figured that if you just exported the proper dirs it would be possible for a user to just build things from the ports tree and install it in their home dir as long as they set paths so it all works 12:43:00 i mean i get that's probably going to eat up space but being able to install pkgs as a user without intervention so long as the ports tree is available.. 12:43:08 too bad fbsd doesn't have flatpak :) 12:44:24 but no idea if there is a way in the ports tree to make make install work with that pkg root dir 12:45:14 vm.swap_idle_enabled <- weird... i keep seeing this as an option but sysctl seems to think it doesn't exist 12:47:51 https://wiki.freebsd.org/SystemTuning 12:49:33 hm, I have it here on 14.3 12:49:46 Macer: if it is of any help here is my /etc/rc.conf.d/netif . One physical interface is for admin network (and admin network jails) where another is for all VLANS. I'm not sure if it is optimal but seems to work https://paste.jan.systems/trewhilyor 12:50:11 sysctl vm.swap_idle_enabled=1 12:50:12 sysctl: unknown oid 'vm.swap_idle_enabled' 12:50:49 Oks4: yeah i was trying somethign similar except in my case i was trying to add an alias ip to the bridge in order to use smb between a jail and host.. not the best way to do things but it was the only option i had at the time 12:51:02 nimaje: maybe that was renamed in 15? 12:51:11 or maybe removed? 12:51:30 i'm trying to find a list of tunables in the handbook 12:52:10 I don't see anything about that in the release notes, but that's why I included the version 12:54:00 `sysctl -ad` to get a list and description 12:55:26 yeah i'm trying ot hunt it down 12:55:32 but i don't see anything that performs the same function 12:57:25 hm, the only reference to it in the current source tree I can find is in tools/tools/sysdoc/tunables.mdoc, even if I search with --ignore-case 'swap.*idle' 12:57:57 yeah. weird. 12:58:09 i mean that kind of seems like what i really need heh 12:58:28 because something is cramming stuff into ram and it's not going away 12:58:36 i wonder if there's a way to flush the inactive memory faster 13:04:05 yeah i'm at a loss here. i'm stuck with a lot of consumed memory and very little arc and can't seem to tune my way out of it 13:04:14 i'll have to look at that when i have more time 13:29:42 has someone get cdk8s to work in freebsd? 13:43:37 Macer: I think arc is dynamic. If you mass access some files it should start to populate. 14:35:22 just had the idea to check releng/14.3 for swap_idle_enabled there I get more hits with --ignore-case 'swap.*idle' 15:11:17 sysctl -a | grep swap 15:11:19 sysctl -d vm.swap_idle_enabled 15:11:22 ? 15:55:14 Oks4: I think in this case it is stuck at 2GB because of inactive memory pressure. 15:55:25 Pauli1: it’s not there. 15:57:18 sysctl -d vm.swap_idle_enabled 15:57:18 sysctl: unknown oid 'vm.swap_idle_enabled' 16:00:44 Macer: it's there in 13 and 14. are you on 15 by any chance? 16:01:07 Yes 16:01:37 So I guess removed? I’m still not sure if that would help. Is there an inactive memory max tune? 16:01:51 try skimming sysctl -da|grep -i swap 16:03:19 hmm they do seem to have disappeared 16:11:15 Yeah lol. 16:17:12 Macer what does "top -b | grep Mem:" say? 16:17:27 A good article explaining FreeBSD memory: https://klarasystems.com/articles/explaining-top1-on-freebsd/ 16:18:50 Mem: 135M Active, 50G Inact, 764M Laundry, 8039M Wired, 1572M Buf, 3934M Free 16:18:51 ARC: 2069M Total, 1022M MFU, 593M MRU, 873K Anon, 27M Header, 424M Other 16:18:59 That’s what I’m seeing in top. 16:20:42 I’m not seeing this behavior on my nas which is not running jails. I wonder if rclone + jails are to blame. 16:22:39 OK. So it was my jellyfin jail. At least now I know where it is coming from. 16:23:19 Mem: 395M Active, 195M Inact, 436M Laundry, 6460M Wired, 55G Free 16:23:54 I set a cap on its ram. 16:24:38 Jellyfin appears to be like Firefox/Chrome using all available memory unless someone stops them from doing so. 16:26:23 If you have the swap for it then inactive pages would be in the candidate list to be pushed out to swap if the system needed the memory for other purposes. I saw that you had 50G of inactive pages. 16:27:35 I am looking at 17G of inactive pages here on my desktop and it is all Firefox here. 16:29:54 I have an rctl.conf in one of my jail directories for limiting RAM usage. jail:jailname:memoryuse:deny=8g/jail 16:30:53 had to also do: kern.racct.enable=1 17:03:34 https://gyptazy.com/blog/bhyve-sylve-freebsd-prometheus-metric-exporter/ 17:23:30 blasted .net 17:24:48 i didn't have it capped with rtctl though so hopefully that helps. 18:32:26 I denied memory use to Firefox over like 5G and it broke. Pages started forever loading. It also uses 3GB of RAM idling. 18:33:07 Like if I close all my tabs, it's still huge. 20:24:32 AmyMalik, RIP FireFox. Viva Dillo, Viva Kristall! 20:25:33 Idealism works until you have to actually do things. 20:28:07 Only because you are often forced into the bloated corporate infrastructre. 20:28:44 burn :) https://youtu.be/hA6ZHh2SReQ?t=106 20:42:51 looks like freebsd has the ladybird browser. neat. I wonder how well that's doing 21:15:05 Chrome is the same as Firefox. Chrome is the engine in something like 85% of all of the other web browser flavors. So you can't even escape Firefox to Chrome on memory piggy-ness use because Chrome is just the same. 21:16:05 I believe this pressure from browses is why we keep increasing out desktop memory. 4G. 8G. 16G. 32G! 64G!! Infinity G!!! It will never be enough. We just keep pushing forward hoping for the best regardless. 21:20:49 IMHO, Chrome is worse: . 21:21:22 Turns out (until recently) getting more resources is cheaper than paying someone to optimize. 21:21:27 Althogh Mozilla are aggressevly pushing AI into FF. 21:24:32 They're ultimately both controlled by Google. 21:25:01 Is FF not a wee-bit more independent? 21:25:04 I may be wrong but I suspect that when I was a kid, you could have a desktop cube, a multi-protocol IM (still necessary today, for your information), email check, and do tasks that are properly a web browser's demesne with something like 1G of RAM. I don't know how much swap one would've had at the time, but I imagine that I'm giving that 1G estimate including all swap space. 21:25:24 ant-x, Would surprise me. 21:25:33 Yep. And when you have webkit (Apple -> Google), it's all the same engine underneath. Ladybird and whatnot will need to be bug-for-bug compatible or you won't be able to submit your taxes online or whatever. 21:25:53 wavefunction, You won't be able to do your taxes online even if it is bug for bug compatible. The CRA won't let you do it. 21:25:56 ant-x: FF is Not independent. Nominally yes, but in reality no. 21:26:04 AmyMalik: CRA? 21:26:15 Hopefully, the dependency on bugs will fade. Even now many corporate websites work in FF OK. 21:26:16 The revenue department in Canada. 21:26:50 AmyMalik: Fair - I was more using that as a stand in for "doing " 21:28:45 So, the webkit engine isn't bad. How the engine works is fine, and having Google/Apple/Moz throw money at the engine is also fine. I think the big question is around the UI and user-controls. 21:29:19 If we can say "unload these tabs" and the engine actually releases the memory, $SUCCESS 21:29:57 2.5 G of RAM at idle, I think at that juncture you have to throw the entire bus away. 21:34:56 That much ram at idle, I'd wonder what it's all doing in the background. "Is there an option to unload Pocket?" 21:34:58 etc 21:35:47 I have a few addons in, but even without them it's no better. 21:36:29 (like I created an empty profile and it was still just as bad) 21:37:46 That's what I mean though - what AI crap, or acconut sync, or local-translation module is getting loaded up because Mozilla said so 21:40:13 One dreams of having more RAM to be able to do more with their computer, not to be able to keep doing what they did last year. 21:41:02 ^ Check. 22:00:12 and *has* to only dream of it, because of OpenAI's antics in the RAM market driving the prices waaaaaaay up 22:21:58 and then jellyfin won't start with no logs 🤦🏻‍♂️ 22:40:35 was toying with mac_do and mdo. seems a good design choice, but wouldn't it make sense to still have the option for the user to enter their password? i.e., while it guards against sophisticated attacks doesn't it open up more the simple "I typed something on your unlocked computer" attack? 22:51:36 hodapp, Even before that, though. 22:52:07 I like the UI of qutebrowser, but yeah qt-webengine is a bit of a memory hog being chromium based 22:52:07 I was basically expanding RAM capacity to keep up. Compilers were getting bigger, web browsers of course, email clients, IMs were moving into the browser, those that didn't work getting bigger