˜/47

hi

hi

hi

sorry my client crashed

made a minimal fetch tool for freebsd: bpa.st/SKAFA

can you install multiple pieces of software at once with pkg? if so, whats the syntax? just sudo pkg install programone programtwo programthree ?

yes it is

good guess! i should update my notes

If only there were some sort of manual pages where such things could be checked :-)

got any manual pages that tell you how to install themes for xfce4? i keep trying to install some but never get anywhere. Like put it into a folder that doesn’t exist or if i make the folder, nothing happens etc

can you not import from xfce settings

hold on let me try

its been many years since i used xfce but you should there should be xfwm4 window decorations, gtk3 themes and qt themes.

well then you probably won’t know the answer to the followup question: “appearance : style “ is that “themes” ? If so, i try to add the theme i just downloaded and it sees it as an empty folder apparently

whats your theme?

so that only does window decorations

github.com/moltensoftware/Mac-OS-9-Classic-XFCEfixes the author published this to do the gtk3 theming

like the buttons and widgets

sorry i cant give more xfce specific help

ok i got it to show up but it looks like garbage, it looks nothing like the screen shots

such a hassle

what's the issue? i just joined

trying to install xfce4 themes and not being successful

but i’m also about to give up and go to bed

Afternoon. I've switched to pkgbase on 15.0-RELEASE; is there an alternative to `freebsd-update IDS`, or is that still a work in progress? If the answer is just to use `mtree` in the meantime, that's also fine.

sounds like something that could be implemented in pkg (compare installed files with checksums inside a package)

that would be a nice starter project I guess

Yeah, it would. It's noted on the wiki page for it as it was brought up when pkgbase was introduced.

I guess I'll just use mtree in the interim. I don't really need aide/tripwire in this instance.

mtree works

Aye, good enough for now.

doesn't "pkg check -s" work with pkgbase packages?

Someone just suggested that in another channel. Going to take a look now.

Seems like it should do, in principle.

Hello. I have a question more regarding learning curves than anything technical about freebsd, it's more of a comparative experience... What would be the learning curve for someone having some experience with the linux kernel to work with the freebsd kernel? I mean, of course both are completely different kernels, of course they are both mostly

POSIX compliant, but neither of that doesn't say much about how long would someone take to become "proficient" on the freebsd kernel, so I would be expecting more of an experience-based answer.

This is off-topic, but someone told me people here are pretty knowledgeable about self-hosting email. If it's okay to do so here, I'd like to ask how people are guaranteeing deliverability. I'm not afraid to set it up, but I understand it can be very difficult to get the big providers to accept your mail, especially if your host's IP is on a blacklist

TheTaoOfSu: you really cannot guarantee devlivery. You can make sure your DMARC,SPF, etc are setup right. You can do your due dilligence, but it does not stop the big providers from marking your mail as spam, etc. You just make it as legitimate as you can. Its a different beast than it was before. It used to be fun.

TheTaoOfSu: There are most definitely a lot of 'rules' these days when it comes to hosting email.

drewland-: Yep. Spammers/Phishers ruined everything.

TheTaoOfSu: Also, don't neglect the importance of DNS pointer records. Without those, it'll almost guarantee non-delivery.

ek, drewland-, thanks for the tips. I'm aware of the DNS stuff I'll need to set up and the keys related to that. Still need to look into it more, but if I deploy, I'm fully intending to do all of that

TheTaoOfSu: if its just a vps you are spinning up as well, I would check the TOS of the provider. If its a small server, they generally don't care even if its against the TOS, as long as you don't cause problems. But,that is also something to consider.

drewland-: that's a good point and one I hadn't considered

It would most likely run off something like a VPS, yeah. I don't have any fancy, more expensive ones that are going to appear more legit just because spammers want cheaper options, nor do I expect to need one any time soon

My understanding is that it's very common for VPS providers to end up on IP blacklists, especially cheaper ones, and my current host's IP is already on one list

that is very true. I have seen someone get a re-used IP that was previously on a blacklist.

then you have to work with each blacklist host (the ones that let you) to get your ip unblocked. its a pain nowadays

I had a friend get a new phone number and then he supposedly had texted and called me but i didn't receive anything, and it turned out i had already blocked the number because it used to be a spam number

TheTaoOfSu: Also, if it's any help at all, you can take a look at my FreeBSD mail server setup guide at purplehat.org

ek: thanks, I'll bookmark that for when I get to actually deploying

Can anyone make any good recommendations for hosting? Or comment on important factors there? I'm fairly confident in my ability to configure it, but if I spend however much on hosting just to already be and stay blacklisted...

Unfortunately, that's going to be pretty hit or miss. Hopefully, there's a small VPS service that allows email and *WILL* provide a non-blacklisted IP (or block).

I've never run any mail servers on VPS before so I can't recommend any particular providers, unfortunately.

I imagine I'd get better results if I was willing to spring for dedicated hardware

Obviously, just run whatever IP(s) they give you through a blacklist checker before even beginning the setup. At least you won't waste too much time.

You'd definitely have better luck with dedicated hosting. But, that could cost a lot more for just a simple email server (if that's all you're going to use it for).

ek, the worse thing is that spammers, as long as they label their spam as "email marketing", often get their e-mails accepted if they adhere to big corp spam system

codegirl: Absolutely.

codegirl, Re kernel development. I am not a kernel developer and don't know but kernel drivers are being ported between systems frequently. That tells me that the basic structure is at least similar. From reading what other people say I think FreeBSD might be easier to understand.

Yeah. I also cannot provide an experience-based answer.

codegirl: However, I'm sure ivy or kevans can chime in once they return.

TheTaoOfSu, I have always run my own mail server. On my own bare metal server. Always on a business class network connection where servers are allowed. There are a lot of rules to be followed from Google-Yahoo for delivery but they mostly behave. Microsoft stands out as the one too-big-to-block that is just a random Joker. But ignoring Microsoft most of them will accept delivery if you follow the rules.

Among rented VPS systems and email systems I have the most experience with email on Linode and Digital Ocean. Linode is pretty good. I know several people operating email servers there. Digital Ocean on the other hand has a very bad reputation for not policing their customers and are most often blocked. I want to like D O but I cannot recommend them for email. I don't know about OVH, Hetzner, and the others.

These days the new VPS standard is that outgoing port 25 SMTP is blocked by default. Don't let that discourage you! That's to keep the spammers who spin and spew in check. Put in a service ticket explaining that you are setting up an email server and to please allow it for you and they happily do it now that they have interacted with you and trust you that you are not a spammer. That control point is a good check to keep things

better on their network.

Things are involved enough these days with email that I don't recommend that everyone run their own mail server. Unless they want to run their own mail server. In which case they definitely should be doing it! Email was designed to be distributed.

rwp: that's helpful, thank you. I'd love to have a business connection, but that sounds expensive and unnecessary for personal use. I might give Linode a shot, although I'd kind of hoped to avoid US-based hosts

TheTaoOfSu, I don't have much information about other hosting companies. I see OVH and Hetzner and Vultr being used by people effectively. I suggest to try one and see how it goes. Low cost to try them out. You learn a lot. Don't get too attached. If you find one unacceptable then switch to another one.

Yeah, I'm not too worried about moving servers once I get it set up. I'm planning to try hard to make it easy to redeploy if I need to. I just don't want to sink the time into it, hop a bunch of servers, and find I should have just not bothered, so I figured I should ask some more knowledgeable people about it first, which lead me here

Linode is decent enough, but yes, US-based

I'm a bit concerned about hosting since I can be kind of picky about where I want things hosted, especially more sensitive things like an email server. For most things I've hosted, that hasn't been the slightest issue, but with email...

what are your concerns?

For the US, that's where all of Big Tech is trying to hoover up as much data as possible, plus the increasing lawlessness of the administration, I find them hard to trust. More generally, I like to have more personal/private services run on servers outside the jurisdiction of whoever is most able to and interested in invading my privacy, which generally means not the same country I'm living in

I run things perfectly legally, but I still find it advantageous to just... Not have to worry about that, especially for something like email that's such a huge view into someone's personal life and is unfortunately basically all plaintext

I'm sure this would've happened anyways, no matter what administration would be at the helm. Self-hosting is an actionable step against Big Tech shenanigans.

This is the inevitable end of the US's trajectory left unchecked, yeah

Remember, you are responsible for your own destiny ;)

Good luck

Well, as much as I appreciate keeping things as private as you can. Email is certainly NOT safe in the slightest no matter where it is hosted.

As you'd mentioned, a lot of it still sends plain-text. But, it also gets passed through at least one (usually more) MTA's as it's transferred. They can collect whatever they want and it doesn't matter how secure or encrypted your mail server is. The data is already in the wild.

Very similar to IRC. You can connect via SSL/TLS all day, but anyone connected via non-encrypted protocols still just pukes out all the data over plain text anyway.

Nothing on IRC is hidden from anyone at all.

ek: what's why I tend to use gpg when sensitive data/discussion takes place

well, you can have channels tls only

Now that's a funny side-effect of asking portfmt to sort variables: paste.karlsen.tech/?452e9fb6851be9e…NSNvAyX1mPnqQDZqDmzRbVMiXMdNxpofcrk

hm, why does it try to reformulate COMMENT? And how does it try? At least some of the rules it has for that are bad

checkpoint: Yeppers!

nimaje: You definitely can. And that's the first step in IRC's battle to be encrypted. You can also not allow non-encrypted connections. But, I think most people really don't care.

ek: yeah, it's not a super meaningful attempt alone, but the more people opt to try to do something about it, the better positioned self hosters will be

Rule #1 of IRC'ing, don't toss out any personal information.

TheTaoOfSu: I agree! I run my own mail servers for that exact reason. Not to mention, internal deliveries are always perfectly fine.

An email sent to Yahoo, Gmail, etc..? Totally open for anyone there to read.

Unless you use encryption for the email itself, obviously.

I found an Indian host I might try... Terms suggest they're okay with email so long as you abide by some guideliness, mostly targeted at commercial users

Sounds right up the alley.

Be aware that some mail providers (fairly rare, but it does happen) use GeoLocation to block connections as well.

So, someone might be blocking India for obvious reasons.

lol of course they do

mandating tls is pretty easy to configure; i know my client also has an OTR feature

but that's not a server-side thing nor probably remotely standard

I'd say they almost seem like they're intentionally trying to ruin the ability to self-host and escape their data collection, but I know enough about big tech to drop the "almost", they're 100% doing it, and the only thing stopping them from sealing the deal is that corporations already bought into the decentralization

Yep. Hence the massive pain the ass to even run your own mail server now. If you don't comply to their rules (especially Microsoft's which is almost impossible), kiss your deliveries goodbye.

That's a big part of how Jabber/XMPP got sidelined. Embraced by corps like Facebook and Google, attract all the users because it's just easier to have a single sign-on, put the walls back up, Jabber/XMPP dies out

Either use their services or you're screwed.

I've been dreading jumping through the hoops to set it all up, but I think I'm just gonna pull the plug and go for it just out of spite

have you looked at migadu? that'd tick your box for non-us-based if you are flexible on self host at all (I understand not being so)

respectable :D

mewt: I had not, but now that I do, I think not for me. I'd much rather host it myself if I'm going to move it off big tech

Either you're big enough that I know you and I don't trust you to not be terrible, or you're small enough that I don't know you and don't entirely trust you to stay up forever

Running a MTA is almost a full-time job.

I've heard that, and I've heard it's nowhere near that involved.

It depends on the number of users, and other factors.

When you make changes and have to support your users, it adds up quickly.

email is definitely not something i am looking to self-host; other things are not so bad

one of the source of issues in such upgrade is openssl lib that made many old ciphers and algoriths obsolite or disabled.

old printers/MFP/scanners stop working right away

So yeah, don't run your own MTA until you can fully commit to it.

also sendmail blocks connections from clients that use old SSL

Not to mention devices that don't support SASL.

Then you have to poke all sorts of holes.

TheTaoOfSu: I've also heard good things about openbsd.amsterdam and arpnetworks.com/vps

I guess sending isn't really so big a deal. I send an email every like... Few months? Although it'd be nice to get service-related emails to deliver properly

Might be worth looking into.

ek: I'll give those a look, thanks

I'm not *too* worried about managing it. I wasn't gonna bring it up since this is #FreeBSD, but I prefer to use Nix, so I'm on NixOS, which means rollbacks are suuuuuper easy if an update borks something

If Nix worked on FreeBSD, I'd probably make the switch. I hear there is/was a project to make it happen, but I dunno how much progress ever got made on that

TheTaoOfSu: What's wrong with ZFS snapshot rollbacks?

Figuring out how to fix it so I can proceed with the update can still be a huge pain, though

ek: I haven't spent much time working with ZFS until pretty recently, so it may be worth considering. My understanding was that snapshots would be more space intensive relative to a NixOS config rollback, but that could very easily be a flawed understanding

ek: I think with ZFS snapshots you can rollback only whole filesystem (dataset), but not a dedicated library

I've never used NixOS, but I use snapshots like crazy (and keep quite a while of them for safety) and I haven't had any major problems.

checkpoint: You can rollback anything you want. Even a single file, lib, binary, etc... Doesn't matter. Or, of course, an entire dataset or pool.

ek: maybe, I'm not an expert. on NixOS rollback is just a matter of re-symlinking, AFAIK.

ek: NixOS installs everything to /nix/store and cobbles it together into a complete system based on your config. This allows it to do things like declaratively configure most of the system, install packages with conflicting dependencies because they're isolated from each other, and retaining some of your old configs and all the software required to use it again

That's pretty cool.

TheTaoOfSu: you mean sysutils/nix ? but I haven't tested it

checkpoint is basically right from my understanding. Everything you need for this config or any older config still retained is kept in /nix/store, and most of your system is basically created with a complex system of symlinks and stuff like that, so rolling back is just a matter of changing how you make all those symlinks

For reference, I did run into an inconvenience with snapshots today. I wanted to `zfs send` only the current state of a filesystem, but it complained about missing a dataset or something. I couldn't promote because an error of a conflict with a parent snapshot or something like that.

nimaje: is that the Nix on FreeBSD project? Sounds like it. I don't remember the details, been a while since I looked into it

Ah! I do remember seeing this a while back (likely from BSD Now or something): github.com/nixos-bsd/nixbsd

ek: I'm a pretty big fan of it. Some people don't like how it breaks conformation with the standard Unix file hierarchy since you don't really use the conventional /etc, /bin, etc. in the "proper" way

But it provides a ton of really useful features if you're willing to climb the learning curve

And I didn't want to zfs send anything above this directory either. So I ended up piping a tarball for now.

Nix reminds me Plan9's namespace

dango: Did you try running a manual snapshot and then sending that or were you just trying to send an older snap?

... I'm just curious. Not sure I'll have any solutions, just want to understand what was being attempted.

I do like Plan9!

zfs snapshots don't cost much, for creating it just adds the current root node as a snapshot, but of course the gc can't remove nodes referenced by any snapshots or the current root, so they will start to cost when you modify stuff, but only about as much as you modify

checkpoint: I've heard a little about Plan 9, just enough for it to sound interesting. I'd like to take a deeper look at it but haven't found much reason to prioritize it

Well thanks a lot to everyone who chimed in on self-hosting email. I have to run for the night, but I'll idle overnight at least in case anyone stumbles by later with a good recommendation, but if not, I think I can take a stab at it starting tomorrow

TheTaoOfSu: the last time I tried Plan9 was somewhere around 2001. I think 9front is modern open source Plan9 impementation.

checkpoint: any good usecases for it that I can play with?

TheTaoOfSu: did you come across lwn.net/Articles/998153 at all?

mfisher: I did not. I'll bookmark that and read it tomorrow, thank you

TheTaoOfSu: not sure :), it's too different from FreeBSD :)

checkpoint: I was under the impression it was some sort of file-related protocol, not an OS, so I would think it'd be able to integrate

TheTaoOfSu: protocol is called 9P

checkpoint: maybe I was confusing the two, then

TheTaoOfSu: well, Plan9 (and its derivatives) is based on 9P protocol, a sort of Remote Procedure Call mechanism that is used to create individual namespaces and syscalls

theoretically, the idea of 9P is pretty neat, but in practice it's hard to find a decent usecase for it, mosty because noone else supports it.

I read some people use Plan9 (9front) on SBCs like RPi or similar for industrial monitoring and control stuff

what prefix do nginx modules have on pkg? i.e. brotli, zstd, fancyindex

swee, Since I don't understand your question I will ask what "pkg search nginx" says for you? If it is not already in ports/pkgs then you will probably need to build it from source yourself.