00:13:52 <kevans> that's weird af
01:37:47 <SarahMalik> Does blocklistd reap its children?
01:40:17 <SarahMalik> update: why is blocklistd having children?
01:49:12 <SarahMalik> update: popenve()
02:01:32 <polarian> I cant for the life of me make release
02:01:35 <polarian> it just refuses to fucking work
02:01:46 <polarian> pkg: Both ABI_FILE and OSVERSION are set, ABI_FILE overrides OSVERSION
02:01:48 <polarian> when make release
02:01:52 <polarian> well wtf am I meant to do about this
02:02:26 <polarian> https://bpa.st/NFEA
02:02:43 <polarian> I have tried my best to follow release(7)
02:11:08 <rtprio> where is your  /usr/ports/ports-mgmt/pkg ?
02:12:56 <rtprio> polarian: ?
02:13:29 <polarian> rtprio: oh fuck sake
02:13:32 <polarian> thanks
02:13:46 <polarian> ive had a really shit day, I cant believe I missed that
02:13:53 <polarian> broken port tree, let me reclone
02:14:12 <rtprio> it looks like that fails, but the following command continues
02:16:19 <SarahMalik> too much computer hacking, sleep is needed
02:42:24 <polarian> SarahMalik: nah too much backstabbing
02:42:36 <polarian> classic coup
02:45:20 <SarahMalik> polarian, eh?
02:48:24 <polarian> SarahMalik: long story, basically I volunteer for a project, and I was just coup'd
02:48:46 <SarahMalik> is that all you are in privilege to talk about here
02:48:54 <polarian> I thought one of the other members of the leadership was busy, turns out they were waiting for the perfect moment to strike to force a resignation
02:49:04 <polarian> so I have been pissed off all night
02:49:06 <SarahMalik> so you were resignationed?
02:49:08 <polarian> unable to concentrated
02:49:12 <polarian> etc etc
02:49:16 <SarahMalik> cripes.
02:49:27 <polarian> so yeah not too much hacking
02:49:29 <polarian> too much conflict
02:49:32 <polarian> cant think
02:49:40 <SarahMalik> ah
02:49:44 <polarian> missing the fucking obvious
02:49:53 <SarahMalik> i suppose the cortisol from that would also result in sleepn't eh
02:52:53 <polarian> SarahMalik: yeah its 3am and I cant sleep
02:53:20 <polarian> the worst part is that the project, one of the other leadership is my closest friend
02:54:20 <black> SarahMalik: why did you become Sarah? Aren't your an Amy?
03:46:01 <werder> hi all, I've got a problem that I hope you can help me with. I did an upgrade from 14.3-RELEASE to 15.0-RELEASE by creating a boot environment and then upgrading using freebsd-update
03:46:37 <SarahMalik> okay... and then what happened?
03:46:42 <werder> but when I boot into the BE, I found that openssl doesn't have the right libssl.so (libssl.so.35) so I can't really do anything
03:46:42 <SarahMalik> (i suppose you are typing)
03:46:47 <SarahMalik> oh
03:49:00 <werder> any ideas on how to fix this? I tried downloading the openssl packages onto another comp, ferrying them over and installing them offline with pkg, but I couldn't install probably because pkg was looking for dependencies and can't coneenect because ssl is borked
03:49:25 <werder> any ideas on how to tackle this?
03:49:50 <rtprio> was that pkgbase or not
03:49:53 <werder> not
03:50:23 <SarahMalik> openssl used by pkg is part of the base system, it would seem freebsd-update isn't behaving properly
03:51:09 <rtprio> werder: there is pkg-static which you can use
03:51:51 <werder> i tried pkg-static but it has the same cert errors trying to connect to the repos
03:52:10 <werder> when I run the openssl command it says it can't find libssl.so.35
03:52:12 <SarahMalik> can you show us the actual errors you're getting then
03:52:28 <rtprio> i've seen this before but i don't recall what the problem was
03:52:30 <SarahMalik> ... ok your new bootenv is fully hosed up
03:52:37 <werder> sure, just a minute while I boot the server back into that BE
03:53:03 <SarahMalik> did you get any errors while doing freebsd-update
03:53:18 <werder> no, I didn't see any
03:53:28 <rtprio> did you run freebsd-update enough times?
03:53:31 <rtprio> like all three?
03:54:34 <werder> on first boot into the 15.0 BE I ran freebsd-update install, but it said there was nothing to do
03:54:40 <werder> perhaps another bad sign?
03:55:02 <rtprio> because one of those times sohuld delete the old version of libssl
03:55:04 <rtprio> IIRC
03:56:11 <werder> oh yeah more weirdness
03:56:38 <werder> the banner says 15.0-RELEASE-p2 but freebsd-verion says 14.3-RELEASE-p8
03:56:45 <rtprio> which freebsd-version
03:56:50 <rtprio> -k, -r or -u
03:57:06 <werder> u
03:57:06 <rtprio> probably -u
03:57:13 <werder> yeah the other 2 are 15.0
03:57:17 <werder> ug
03:57:21 <rtprio> so 15 kernel, 14 userland
03:57:28 <werder> yep
03:57:30 <rtprio> redo the upgrade
03:57:53 <SarahMalik> but like
03:58:11 <SarahMalik> the new version of libssl should be installed one of the times
03:58:20 <SarahMalik> man idk this sunds cursed
03:58:56 <werder> is there a way to upgrade just the userland?
03:59:26 <werder> going through editing all the conf files by hand for the upgrade was really tedious
03:59:57 <werder> I'd like to not do that again if I can avoid it
04:00:17 <werder> @SarahMalik yeah maybe I'll just reinstall
04:00:58 <SarahMalik> was etcupdate impossible to make happen
04:02:06 <werder> forgive me for ignorance, but what's etcupdate?
04:06:52 <mns> I am looking for some math functions:  csinl, ccosl, ctanl.  I have searched in /usr/src/lib /usr/lib /lib but have not found those functions.  they're supposed to be part of base from what I understand from the internet.  Anyone have any idea about where I could find them?
04:12:48 <SarahMalik> werder, to learn more, `man etcupdate`
04:16:45 <werder> @SarahMalik after reading the man page I still am not sure how to use it. Would I run that before trying to upgrade with freebsd-update -r? that's where all the file editing I was complaining about was
04:17:09 <werder> it looks like it would be for upgrading from source?
04:24:06 <mns> never mind, I just came across https://wiki.freebsd.org/Numerics and have my answer.  Those functions aren't implemented yet.  I'll have to find a workaround for compiling GCC Modula-2.
04:29:23 <werder> exciting developments
04:30:11 <werder> I extracted libssl.so.35 and libcrypto.so.35 and copied them over to the freebsd server (in the 15.0 BE)
04:31:16 <werder> then freebsd-update fetch and freebsd-update install was able to complete and now the freebsd-version -u shows the userland is 15.0-RELEASE-p2
04:32:06 <werder> but pkg is still trying to pull from the Freebsd 14 pkg base and gets an SSL peer certificate error
04:35:57 <SarahMalik> ah
04:36:05 <SarahMalik> odd...
04:36:10 <SarahMalik> copy in /etc/pkg as well ?
04:37:07 <werder> sorry what do you mean about /etc/pkg?
04:40:35 <werder> aha, pkg -vv shows it is using openssl-3.0.6 but openssl --version is 3.5.4
04:41:57 <werder> and pkg -vv shows that the ABI is Freebsd:14:amd64
04:42:29 <werder> maybe it is cursed
04:43:31 <SarahMalik> the config files for pkg are in /etc/pkg
04:43:42 <SarahMalik> also try pkg-static bootstrap -f
04:45:11 <werder> pkg: Attempted to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/base_release_0/Latest/pkg.pkg
04:45:12 <werder> pkg: Error: Not Found
04:47:00 <werder> changed pkg config to quarterly and it completely successfully, but said pkg is already installed (2.5.1)
04:47:16 <SarahMalik> oh.
05:32:17 <werder> ok this thing is cursed. thanks for the help SarahMalik
05:32:58 <werder> freebsd-version -u says 15.0-p2 but the ABI is still 14.0
05:33:06 <werder> I think I just need to reinstall
05:35:22 <SarahMalik> perhaps
08:24:30 <phryk> i have a running process using a bunch of cpu shown as "find" in top, `pgrep -laf find` doesn't find anything, the pid shown for that process by top shows this as the command: / /usr /var /var/log /mnt/fastread /mnt/s
08:24:44 <phryk> like, no actual executable, just the rootfs. anyone know what this is?
08:25:59 <phryk> (the command part comes from the output of `ps aux`)
08:31:10 <SarahMalik> phryk, when did `periodic daily` start?
08:34:20 <phryk> SarahMalik: apparently right when cpu went up. care to explain your hunch?^^
08:35:25 <SarahMalik> that's part of some of the tasks that periodic daily runs.
08:36:04 <SarahMalik> specifically permissions check and cleaning (the latter I recommend you turn off if you plan on installing Steel Bank Common Lisp as it removes essential files that are extended .core)
08:36:20 <SarahMalik> you should also check root's mail every week at the least.
08:36:40 <SarahMalik> if you don't have a working mail server, you do need to install one.
08:37:07 <SarahMalik> if you want to disable these tasks (not recommended) check /etc/crontab
08:37:29 <SarahMalik> you can also reschedule them there; I did this on one of my installations for Reasons™
08:37:54 <phryk> yeah, i have a mailserver and once upon a time i had the cron mails forwarded to it, but i think that was before the current deployment.
08:38:05 <phryk> wonder why it's taking so much cpu for so long tho…
08:38:48 <phryk> like one core has been going at it full-tilt for ~5.5h now.
08:43:57 <SarahMalik> yep
08:43:59 <SarahMalik> it'll do that
08:44:29 <SarahMalik> it is, and I shit you not, scanning *the entire filesystem* for negative group permissions or core files last modified too long ago
08:45:16 <Afterglow> That cleaning feature also deletes innodb files from your mysql databases (staring with #). Took a while for me to find out why mysql in a jail got corrupted
08:45:34 <phryk> SarahMalik: like, every single mounted partition, including my big-ass filesystems in /mnt? o_O
08:45:51 <phryk> Afterglow: ouch. i consider myself warned, but glad i chose postgres^^
08:46:00 <Afterglow> I use both
08:46:28 <SarahMalik> phryk, All of them.
08:46:40 <SarahMalik> Afterglow, I'm wondering if I should disable it in my fork.
08:47:06 <phryk> SarahMalik: that's cray cray. and having a bunch of them nullfs mounted into jails where i guess the same is happening definitely explains things…
08:47:49 <SarahMalik> Yeah, you're going to want to turn at least the cleaning part off, and reschedule the jails' scans
08:48:32 <SarahMalik> But yeah. Check root's mail, or figure out how to forward your cron mails to your mailserver again.
09:04:49 <Tykling> I want to build some s3 storage on freebsd/zfs, what alternatives are there to minio?
09:22:54 <Afterglow> I don't know minio, but what's wrong with it?
09:28:03 <nimaje> Afterglow: did you write a problem report for the daily task cortupting innodb?
09:29:24 <Afterglow> nimaje, no I didn't. The fix is easy, by modifying daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*" from defaults
09:29:39 <nimaje> phryk: setting noexec or nosuid reduces some of those scans
09:29:59 <Tykling> Afterglow: https://linuxiac.com/minio-ends-active-development/
09:30:22 <Afterglow> Tykling: okay, that's indeed bummer
09:30:45 <nimaje> Afterglow: but then only you have the fix and whoever encounters that next has really fun debugging that for a while too
09:37:38 <Afterglow> nimaje: makes sense
10:48:29 <cracauer> My -current makeworld bails out with
10:48:29 <cracauer> /usr/src/sys/contrib/openzfs/include/sys/spa.h:1282:26: error: a paramete
10:48:29 <cracauer> r list without types is only allowed in a function definition
10:48:29 <cracauer>  1282 | int param_set_slop_shift(ZFS_MODULE_PARAM_ARGS);
10:49:02 <cracauer> This is on an older 15-current. Refreshening /usr/include did not help.
10:50:38 <seti> I dunno if any of you remember but yesterday I was here going nuts why firefox was taking 30 secs to launch on my freshly installed freebsd
10:51:04 <seti> today I just decided to reinstall freebsd, and welp now it launches in 1 second
10:52:01 <seti> No idea how that happened I think something must have gotten messed up in firefox determining whats supposed to be my home folder because it complained about missing some paths to certain folders there (?)
10:52:50 <seti> I was about to concede that the world had simply gotten so deep in linuxism that not even a FOSS browser could run on freebsd without kicking and screaming about it
10:53:58 * ant-x 's favourite occupation 25 years ago was reinstalling Windows 98SE, because it had eaten itself up :-)
10:54:50 <cracauer> seti: probably a DNS problem.
10:57:30 <SarahMalik> not helpful.
10:57:33 <SarahMalik> funny, but not helpful.
10:57:37 <SarahMalik> ant-x, oh no.
10:58:54 <ant-x> On Windows, one must use as much portable (installer-less) software as possible.
11:01:34 <SarahMalik> Because installation bloats the global database?
11:02:49 <ant-x> SarahMalik, I think so, yes. And deinstallaions leaves a lot of trash in the registry.
11:06:10 <SarahMalik> how does one design an OS and DE that badly? (actually, I can imagine how, I'm probably about to do it in the next few years)
11:08:48 <vortexx> iocage has broken a VM again
11:09:06 <SarahMalik> got logs?
11:12:39 <ant-x> Is anybody using 3proxy <https://3proxy.ru/> ?
11:17:48 <vortexx> SarahMalik: + Starting services OK + Executing exec_poststart FAILED
11:17:48 <vortexx> ERROR:
11:17:49 <vortexx> Script is not executable!
11:18:03 <vortexx> this was a freshly built nextcloud jail
11:18:36 <SarahMalik> ah
11:20:21 <vortexx> it's pretty non-verbose and /var/log/iocage doesn't contain much
11:22:59 <SarahMalik> is there a way you can turn up verbosity to try to figure out what iocage is feeding to the jail command or syscall
11:26:41 <vortexx> that's what I'm trying to find out
11:31:28 <vortexx> iocage -9 increases verbosity moderatly, not to the point of telling me which script failed
11:31:39 <vortexx> s/-9/-9
11:34:30 <SarahMalik> ah
11:37:34 <vortexx> ugh
11:37:42 <vortexx> s/-9/-D
11:37:47 <vortexx> or iocage --debug
11:39:47 <SarahMalik> [noises of dissatisfaction] #iocage is empty
11:46:17 <vortexx> I use a script to nfs mount dirs into the jail after boot, maybe that's the script not working (or rather stopped working)
11:46:40 <vortexx> just tried to move it out of the scripts dir and iocage start nextcloud but same error
11:46:50 <vortexx> need to unset the variable
11:51:10 <vortexx> ok unsetting (which means using: iocage set exec_poststart='' nextcloud) allows the jail to start normally
11:51:25 <vortexx> would love to know what a series of mount commands is causing issues with
11:51:38 <vortexx> thanks for support SarahMalik
11:56:25 <vortexx> mh still getting http 503 errors when trying to back up over webdav
12:02:27 <SarahMalik> oh
12:02:54 <SarahMalik> is nextcloud running?
12:10:56 <vortexx> SarahMalik: it is but there may yet be problems. At least the jail starts cleanly
15:05:42 <polarian> https://bpa.st/6F5Q
15:05:46 <polarian> still having this error when trying to make release
15:05:51 <polarian> wait lemme make clean and make release again
15:17:19 <rtprio> polarian: what does your release.conf look like?
15:19:36 <polarian> rtprio: using the default
15:19:41 <polarian> not specifying a release.conf
15:19:58 <polarian> besides I am not too sure what a release.conf should look like, I just want to build a damn release before tinkering with it
15:23:31 <rtprio> well, i'll give it a try; wonder if i will have the same results
15:24:07 <skered>      
15:51:37 <jfsimon> Good day all, i have a question regarding robustness of the filesystem on power loss, using zfs
15:52:02 <rtprio> ask away
15:52:05 <jfsimon> does next reboot reconstruct or cleanup automatically ?
15:52:11 <jfsimon> I'm not used to zfs
15:52:28 <rtprio> there is no cleanup or reconstruct, writes are atomic
15:52:33 <polarian> rtprio: 15.0-RELEASE-p2
15:52:39 <jfsimon> Ah
15:52:46 <polarian> but it seems to be working fine now
15:52:58 <polarian> after make clean, it seems to be doing its magic
15:53:00 <polarian> will wait and see
15:53:20 <jfsimon> Ty
15:54:47 <jfsimon> So powerless can't really corrupt the filesystem right ?
15:54:57 <jfsimon> powerloss
15:55:54 <polarian> jfsimon: zfs can recover just fine from powerloss
15:55:57 <polarian> although I dont recommend it
15:56:05 <vkarlsen> jfsimon: An interrupted write will not have happened. It will unhappen, in a way.
15:57:23 <rtprio> and because of that there's no fsck
16:06:15 <polarian> meanwhile on OpenBSD...
16:06:17 <polarian> :)
16:15:02 <jfsimon> ; )
16:15:56 <jfsimon> got it
16:44:38 <rrahl0> is there a way to figure out why a pkg didn't update on arm64 in comparison to amd64? (as in build logs or so)
16:45:01 <seti> I noticed now that I dont have the freebsd ports tree downloaded, whats the "canonical" way to download it such that it also tracks various quarterly updates and whatnot
16:50:42 <nimaje> get it from git.freebsd.org/ports
16:51:08 <rtprio> fetch from https://download.freebsd.org/ports/ports/
16:51:12 <rtprio> i don't think there's a canonical way
16:52:46 <seti> but how exactly is the ports tree kept updated when one manually downloads it like this?
16:53:20 <seti> (I assume) that when its opted-into during install then pkg will help track it to keep it up to date?
16:54:39 <rtprio> no, pkg will not track it or keep it up to date
16:55:02 <rtprio> pkg can keep your packages up to date
16:55:07 <rtprio> i would use git
16:55:15 <seti> I see, ok!
16:55:17 <rtprio> but you'd need to manually update it
16:55:17 <seti> thanks
16:56:56 <rtprio> rrahl0: yeah, what's that fallout url. https://portsfallout.com/ ? there might be another one
16:58:23 <rrahl0> rtprio: thanks for the link, but for some reason it doesn't show up, but at the same time the Makefile doesn't exclude arm64. hm
16:58:34 <rrahl0> specifically talking about tailscale
16:59:44 <polarian> alright seems make release finally works
16:59:49 <polarian> make sure your ports tree is not broken
16:59:53 <polarian> I assume its required for git port
16:59:57 <polarian> and can be configured with release.conf
17:00:29 <rtprio> polarian: good to hear
17:00:41 <polarian> yeah sorry about last night
17:00:53 <rtprio> no worries
17:01:19 <rtprio> rrahl0: you could try building it, i guess?
17:02:43 <rrahl0> ill have to look. still very fresh to freebsd. and i am kinda bumped out that you need to build every dependency when you want to build a port
17:03:28 <rrahl0> first I wanted to understand why it didn't show up on arm64, but _shrug_ seems like I can't figure that out
17:10:42 <rtprio> rrahl0: that's true.
17:11:36 <rrahl0> coming from maintaining packages for a linux distro, it's definitely way different ;)
17:13:16 <rtprio> rrahl0: looking at https://pkg-status.freebsd.org/ was the other site that might help you
17:15:13 <rtprio> rrahl0: also it's possible a dependancy failed
17:16:08 <rrahl0> rtprio: could be, at the same time I would be shocked (as it's "just" a go application)
17:16:26 <rrahl0> still trying to figure out what that site actually wants to tell my besides how many packages failed etc...
17:19:35 <rrahl0> hm, seems like it's not in the history anymore, or 143arm64 was never built (for the quarterly)
17:22:48 <rtprio> https://pkg-status.freebsd.org/ampere3/build.html?mastername=150arm64-quarterly&build=9c1a2ce37b90  it's queued but there are no active jobs?
17:23:26 <rtprio> https://pkg-status.freebsd.org/ampere3/data/150arm64-quarterly/9c1a2ce37b90/logs/tailscale-1.90.9.log
17:25:17 <rrahl0> rtprio: yeah found finally a way to see the first link myself. now it's only finding the correct build, as it got updated to 1.94.1
17:26:17 <rrahl0> so latest build says listed for tailscale/1.94.1, whatever that means :)
17:26:27 <rrahl0> in queued
18:38:36 <jmnbtslsQE> jfsimon: i think ZFS is more likely to be corrupted by power loss. it's unlikely, but quite possible if there is a lot of IO load at the moment when the power loss happens
18:39:19 <jmnbtslsQE> it happened to me at least once (actually the instance i'm thinking of, it was a kernel panic that halted the system, but the same effect, it seems)
18:42:29 <regis> > ZFS is more likely to be corrupted by power loss
18:42:31 <regis> over...?
18:43:29 <jmnbtslsQE> i think zfs maintains many structures of data on disk, so those are not always consistent at every instant of time. i think zfs usually recovers from such things without a problem, but it's possible that it doesn't. that could be a bug rather than an intended failure, though
18:44:09 <Afterglow> You think a lot, but do you know for sure? I read two completely different stories about zfs here
18:44:26 <jmnbtslsQE> ot
18:44:42 <jmnbtslsQE> (typo)
18:45:15 <jmnbtslsQE> i'm not an expert on zfs but it surely does maintain quite a bit of on disk state. as a general matter that state can't always be consistent because it's updated with multiple writes
18:46:03 <jmnbtslsQE> my most recent unrecoverable zpool was a single disk drive that was resilvering and then experienced sudden unexpected disconnection which i think would be comprable to power loss. i don't know why it was resilvering - maybe a faulty cable
18:46:08 <Afterglow> Earlier today someone wrote that writes are atomic: either they succeed, or they didn't happen
18:47:00 <jmnbtslsQE> that would be true of a single write on an underlying device
18:47:10 <Afterglow> Ah, okay, so a RAID-1/RAIDz broke, while crashing.
18:47:22 <jmnbtslsQE> i mean, it depends on what we mean by write. zfs will know how to conclude if the write was successful
18:47:35 <rtprio> yeah, i had a onrecoveraeble snafu when i lost n>2 disk on the bus
18:47:41 <jmnbtslsQE> but i'm talking about some zfs-related on-disk metadata and state (which is also something that is written to disk)
18:47:45 <rtprio> but that's not the same thing as
18:48:33 <jmnbtslsQE> Afterglow: actually this was somehow not a raid - i'm not sure why it was resilvering, but it may have been related to previous errors it detected from a bad cable, i think
18:48:59 <jmnbtslsQE> (ZFS can apparently resilver a one-drive non raid vdev pool)
18:49:32 <Afterglow> that's the first time I read this.
18:49:35 * TommyC did not know that
18:50:20 <jmnbtslsQE> i hope i'm not recalling incorrectly. i'm pretty sure that's what it was...
18:51:05 <jmnbtslsQE> it may be that it was previously a mirror, but then the second drive was removed, leaving only one drive remainign in the mirror vdev
18:52:57 <Afterglow> resilvering is restoring the redundancy after replacing a disk. Is it possible to create a mirror on one disk (with two partitions)?
18:53:31 <jmnbtslsQE> if i'm remembering right, it was previously a mirror on two disks, but i removed the second disk, i think, leaving one disk only. then that disk was resilvering, alone
18:55:21 <jmnbtslsQE> i think i concluded that "resilvering" was somehow a result of some errors, not related to the mirror status. not sure
18:56:04 <jmnbtslsQE> i felt it was strange, and i even might have disregarded it, so i think i actually was the one to disconnect it, and that's what made it fail
18:56:22 <jmnbtslsQE> but there was probably a faulty cable involved, so, that was also a contributing factor
18:57:40 <jmnbtslsQE> that said...we all have millions of hours of zpools running fine under all sorts of conditions.. so i think the original user shouldn't be too frightened
19:33:06 <nimaje> jmnbtslsQE: zfs doesn't mutate stuff on writes, it adds more nodes to its DAG datastructures and only when that is finished it atomically changes the root of the datastructure, that makes it more resilient to powerloss than traditional filesystems (even in mirrors, as zfs knows which root node is newer, if for some reason the write only happend to one disk) and additionally makes snapshots cheap,
19:33:08 <nimaje> as it only has to make a root node as needed, so that garbage collection doesn't collect what it references
19:55:08 <jfsimon> jmnbtslsQE problem is i like perfection too much, if i listen to me, i'll setup an automated on/off to gather statics on how much system corruption would occur
19:55:39 <jfsimon> but as you mentionned, the os needs be loaded for any issue to have a chance get made
20:09:57 <eoli3n> rtprio: it crashed again, this is not my syncthing jail
20:10:02 <eoli3n> i think i need to reinstall
20:10:24 <eoli3n> i'm considering replacing my setup with a raspeberri pi 4 or 5
20:10:45 <eoli3n> what's the cheaper solution for a san with 250G nvme ?
20:11:09 <eoli3n> i want something which does not eat power
20:12:42 <rtprio> eoli3n: you said this was arm64 yes?
20:12:54 <eoli3n> yes, but i can reinstall on amd64
20:13:03 <eoli3n> on the new device i mean
20:13:41 <eoli3n> i'm discovering banana pi
20:16:02 <hodapp> 250G nvme?! on a whatever pi?
20:17:46 <eoli3n> hodapp: ?
20:20:36 <regis> I fully understand hodapp's surprised disgust!
20:23:14 <regis> hodapp: Dude, go on though. You're keeping us at https://youtu.be/PfPdYYsEfAE dude
20:41:04 <polarian> ah shit
20:41:10 <polarian> I pissed someone off at FOSDEM
20:41:22 <polarian> I have been told by someone that I pissed off the wrong guy
20:41:31 <polarian> because he runs a successful company and I obviously dont
20:41:43 <polarian> the guy was shilling docker, and saying how secure it is because he has yet to be hacked
20:42:15 <polarian> I countered, complained about the number of vulnerabilities within the daemon itself, but also the images, because images are often left to fester until the next software update, so in the meantime supply chain vulnerabilities become huge
20:43:17 <polarian> meanwhile if you just used freebsd with jails, you would have the dependencies and underlying OS kept secure, and the application can only be updated when required.
20:43:53 <polarian> turns out my security beliefs have caused some... friction and now I have pissed someone "important" off
20:49:35 <jmnbtslsQE> nimaje: good to know. are you talking about application writes, or is this apply for everything? i'm thinking maybe issues can arise when the writes relate to the zpool structure/metadata?
20:57:32 <nimaje> polarian: probably someone really unimportant, if someone felt the need to say that they were important (if they said it about themself I would drop the "probably")
20:58:20 <nimaje> jmnbtslsQE: should apply to about all writes
20:59:25 <polarian> nimaje: no its a mutual friend
20:59:32 <polarian> who basically slapped me on the wrist fo rit
20:59:59 <polarian> pointing out he runs a successful small business, and has a large following, and I argued with them as a first impression
21:00:41 <polarian> lessless: virgin media O.O
21:13:59 <Afterglow> not sure if I really understand this all, but in my experience docker images are updated more frequently than packages in jails in freebsd.
21:15:37 <polarian> Afterglow: but they usually dont update the underlying OS
21:15:44 <polarian> look at say postgresql image
21:15:59 <polarian> security patches debian released over a month ago are still not pulled in
21:17:31 <Afterglow> I move drupal off of FreeBSD to docker because of serious issues, which could only be resolved to making the site unaccassible in FreeBSD
21:19:01 <polarian> Afterglow: ???
21:19:07 <polarian> I dont get what you are saying
21:19:30 <Afterglow> that a serious vulnerability took too long to resolve with packages
21:21:55 <vkarlsen> "The wrong guy" is often the right guy to piss off
21:23:25 <Afterglow> okay, from the start: running a drupal site on FreeBSD (pkg), drupal has serious vulnerability, waiting for new pkg, but if you don't want to get exploited, make site unaccessible (restricting access)
21:24:40 <Afterglow> takes too long, imho. So I moved drupal site to docker, which is updated more frequently
21:25:02 <Afterglow> Don't get me wrong, I love FreeBSD, and certainly jails
21:26:29 <rwp> To me it seems like you should have taken on the updating of the port since you cared about it and then could ensure that it was updated in the manor you wanted it updated.
21:26:43 <lessless> polarian one day I'll setup bouncer behind vpn :)
21:26:59 <polarian> lessless: the number of people who tell me this
21:27:01 <polarian> and never do :p
21:27:16 <polarian> Afterglow: yeah this happens sometimes, but this is a more of a freebsd issue
21:30:54 <vkarlsen> Drupal doesn't sound like something that would be complicated to update. Are there breaking changes?
21:30:56 <Afterglow> Not sure what your argument is here: running FreeBSD is more than just the OS, it's also about the applications running on top of it. imho port maintainers should be more agile. I'm a user, not a maintainer, so I won;t take that kind of action, rwp
21:32:21 <Afterglow> vkarlsen: probably not, but it's just an example. I don't want to install something from source if I don't have to, that's where the whole idea of packages was build around
21:33:20 <rwp> Afterglow, You blocked access forcing use only of the docker container and that sounds like a developer action to me.
21:35:00 <Afterglow> rwp, maybe I didn't explain myself enough: I moved to docker, because it took too long for the pkg maintainer to update drupal to be safe to use again
21:35:56 <Afterglow> and that happened more than once
21:36:00 <rwp> Oh...  You switched /yourself/ to docker.  You didn't make the site inaccessible from FreeBSD.  That was confusing.
21:36:33 <Afterglow> apologies for the confusion
21:37:39 <Afterglow> I had to make the site _on freebsd_ inaccessable for 'the world' (whoever wanted to access my site) because of a non-resolved vulnerability
21:38:12 <rwp> Another thing that is confusing is that my web browser is caching (of course they do) the DNS for something I have overridden in /etc/hosts to force it to one host out of a larger RR-DNS pool and it is refusing to let go of the other system it is hitting.
21:39:05 <rwp> I have been trying to fix one of the hosts and the problem is that host isn't the broken one.
21:39:07 <Afterglow> must be brave... Brave is having issues with split-dns
21:39:28 <rwp> Actually Firefox.  But I am sure Brave/Chromium would behave the same.
21:39:31 <Afterglow> drives me crazy :-)
22:36:12 <nimaje> from the get go DNS should have been a system service to which you speak via some ipc (probably an uds), instead of the mess of libc doing stuff like reading config files and opening udp sockets and some applications implementing that stuff themself
22:38:45 <ant-x> Afterglow, "that's where the whole idea of packages was build around" -- pun detected.
22:41:46 <ant-x> Why would one need a firewall on one's servere? For example, if serving an HTTP-website, and FTP-server, and a SOCKS5 proxy with authentication, what additional security would a firewall provide?
22:50:36 <nimaje> well, it could make sure that only those services are accessable and other services are not (maybe you start something to test it locally, but by accident binding it on all addresses) and you can enable blocklistd to block whoever tries to bruteforce the auth of your SOCKS5 proxy
22:51:09 <ant-x> nimaje, check.
22:54:00 <nimaje> you can also restrict where to your server can initiate connections
22:56:24 <ant-x> Resrict incoming connection by region/ip/&c ?
22:59:33 <nimaje> well, you only have the information of the connction, so region is a bit of a guess, there is a geoip database, but it will be wrong in some cases
22:59:47 <o0x1eef2> Quite often people will implement blocklists with firewalls as well, to block bad actors, spam, etc.
23:02:26 <ant-x> LLM web-crawlers?
23:05:24 <o0x1eef2> Potentially yeah, if you have a reliable IP range for that. You'll find people maintain all sorts of lists online. More so hostnames, but also IPs.
23:06:57 <nimaje> those sadly seem to use residential proxies, to avoid being blocked, so they have a large number of ip addresses coming from anywhere