00:12:30 ˜/47 09:19:56 hi 09:23:55 hi 09:24:13 hi 09:26:18 sorry my client crashed 09:26:28 made a minimal fetch tool for freebsd: https://bpa.st/SKAFA 09:27:30 can you install multiple pieces of software at once with pkg? if so, whats the syntax? just sudo pkg install programone programtwo programthree ? 09:27:57 yes it is 09:28:12 good guess! i should update my notes 10:15:36 If only there were some sort of manual pages where such things could be checked :-) 10:16:41 got any manual pages that tell you how to install themes for xfce4? i keep trying to install some but never get anywhere. Like put it into a folder that doesn’t exist or if i make the folder, nothing happens etc 10:19:23 can you not import from xfce settings 10:19:50 hold on let me try 10:20:47 its been many years since i used xfce but you should there should be xfwm4 window decorations, gtk3 themes and qt themes. 10:22:30 well then you probably won’t know the answer to the followup question: “appearance : style “ is that “themes” ? If so, i try to add the theme i just downloaded and it sees it as an empty folder apparently 10:22:53 whats your theme? 10:23:16 https://www.xfce-look.org/p/1016508 10:23:56 so that only does window decorations 10:24:56 https://github.com/moltensoftware/Mac-OS-9-Classic-XFCEfixes the author published this to do the gtk3 theming 10:25:07 like the buttons and widgets 10:25:44 sorry i cant give more xfce specific help 10:30:03 ok i got it to show up but it looks like garbage, it looks nothing like the screen shots 10:30:32 such a hassle 10:30:35 what's the issue? i just joined 10:31:00 trying to install xfce4 themes and not being successful 10:31:04 but i’m also about to give up and go to bed 13:56:54 Afternoon. I've switched to pkgbase on 15.0-RELEASE; is there an alternative to `freebsd-update IDS`, or is that still a work in progress? If the answer is just to use `mtree` in the meantime, that's also fine. 14:21:48 sounds like something that could be implemented in pkg (compare installed files with checksums inside a package) 14:22:31 that would be a nice starter project I guess 14:25:10 Yeah, it would. It's noted on the wiki page for it as it was brought up when pkgbase was introduced. 14:25:46 I guess I'll just use mtree in the interim. I don't really need aide/tripwire in this instance. 14:25:59 mtree works 14:26:07 Aye, good enough for now. 14:41:04 doesn't "pkg check -s" work with pkgbase packages? 14:41:56 Someone just suggested that in another channel. Going to take a look now. 14:44:07 Seems like it should do, in principle. 17:58:05 Hello. I have a question more regarding learning curves than anything technical about freebsd, it's more of a comparative experience... What would be the learning curve for someone having some experience with the linux kernel to work with the freebsd kernel? I mean, of course both are completely different kernels, of course they are both mostly 17:58:05 POSIX compliant, but neither of that doesn't say much about how long would someone take to become "proficient" on the freebsd kernel, so I would be expecting more of an experience-based answer. 18:35:41 This is off-topic, but someone told me people here are pretty knowledgeable about self-hosting email. If it's okay to do so here, I'd like to ask how people are guaranteeing deliverability. I'm not afraid to set it up, but I understand it can be very difficult to get the big providers to accept your mail, especially if your host's IP is on a blacklist 18:42:00 TheTaoOfSu: you really cannot guarantee devlivery. You can make sure your DMARC,SPF, etc are setup right. You can do your due dilligence, but it does not stop the big providers from marking your mail as spam, etc. You just make it as legitimate as you can. Its a different beast than it was before. It used to be fun. 18:42:17 TheTaoOfSu: There are most definitely a lot of 'rules' these days when it comes to hosting email. 18:42:53 drewland-: Yep. Spammers/Phishers ruined everything. 18:43:38 TheTaoOfSu: Also, don't neglect the importance of DNS pointer records. Without those, it'll almost guarantee non-delivery. 18:44:55 ek, drewland-, thanks for the tips. I'm aware of the DNS stuff I'll need to set up and the keys related to that. Still need to look into it more, but if I deploy, I'm fully intending to do all of that 18:46:06 TheTaoOfSu: if its just a vps you are spinning up as well, I would check the TOS of the provider. If its a small server, they generally don't care even if its against the TOS, as long as you don't cause problems. But,that is also something to consider. 18:46:21 drewland-: that's a good point and one I hadn't considered 18:47:09 It would most likely run off something like a VPS, yeah. I don't have any fancy, more expensive ones that are going to appear more legit just because spammers want cheaper options, nor do I expect to need one any time soon 18:48:04 My understanding is that it's very common for VPS providers to end up on IP blacklists, especially cheaper ones, and my current host's IP is already on one list 18:49:56 that is very true. I have seen someone get a re-used IP that was previously on a blacklist. 18:50:19 then you have to work with each blacklist host (the ones that let you) to get your ip unblocked. its a pain nowadays 18:51:28 I had a friend get a new phone number and then he supposedly had texted and called me but i didn't receive anything, and it turned out i had already blocked the number because it used to be a spam number 18:52:10 * ek shakes fist at spammers 18:52:41 TheTaoOfSu: Also, if it's any help at all, you can take a look at my FreeBSD mail server setup guide at https://www.purplehat.org/ 18:58:30 ek: thanks, I'll bookmark that for when I get to actually deploying 18:59:22 Can anyone make any good recommendations for hosting? Or comment on important factors there? I'm fairly confident in my ability to configure it, but if I spend however much on hosting just to already be and stay blacklisted... 19:01:24 Unfortunately, that's going to be pretty hit or miss. Hopefully, there's a small VPS service that allows email and *WILL* provide a non-blacklisted IP (or block). 19:01:52 I've never run any mail servers on VPS before so I can't recommend any particular providers, unfortunately. 19:02:22 I imagine I'd get better results if I was willing to spring for dedicated hardware 19:02:35 Obviously, just run whatever IP(s) they give you through a blacklist checker before even beginning the setup. At least you won't waste too much time. 19:03:42 You'd definitely have better luck with dedicated hosting. But, that could cost a lot more for just a simple email server (if that's all you're going to use it for). 19:20:38 ek, the worse thing is that spammers, as long as they label their spam as "email marketing", often get their e-mails accepted if they adhere to big corp spam system 19:22:28 codegirl: Absolutely. 19:24:03 codegirl, Re kernel development. I am not a kernel developer and don't know but kernel drivers are being ported between systems frequently. That tells me that the basic structure is at least similar. From reading what other people say I think FreeBSD might be easier to understand. 19:25:42 Yeah. I also cannot provide an experience-based answer. 19:26:01 codegirl: However, I'm sure ivy or kevans can chime in once they return. 19:29:22 TheTaoOfSu, I have always run my own mail server. On my own bare metal server. Always on a business class network connection where servers are allowed. There are a lot of rules to be followed from Google-Yahoo for delivery but they mostly behave. Microsoft stands out as the one too-big-to-block that is just a random Joker. But ignoring Microsoft most of them will accept delivery if you follow the rules. 19:31:08 Among rented VPS systems and email systems I have the most experience with email on Linode and Digital Ocean. Linode is pretty good. I know several people operating email servers there. Digital Ocean on the other hand has a very bad reputation for not policing their customers and are most often blocked. I want to like D O but I cannot recommend them for email. I don't know about OVH, Hetzner, and the others. 19:32:51 These days the new VPS standard is that outgoing port 25 SMTP is blocked by default. Don't let that discourage you! That's to keep the spammers who spin and spew in check. Put in a service ticket explaining that you are setting up an email server and to please allow it for you and they happily do it now that they have interacted with you and trust you that you are not a spammer. That control point is a good check to keep things 19:33:00 better on their network. 19:34:07 Things are involved enough these days with email that I don't recommend that everyone run their own mail server. Unless they want to run their own mail server. In which case they definitely should be doing it! Email was designed to be distributed. 19:45:00 rwp: that's helpful, thank you. I'd love to have a business connection, but that sounds expensive and unnecessary for personal use. I might give Linode a shot, although I'd kind of hoped to avoid US-based hosts 19:54:34 TheTaoOfSu, I don't have much information about other hosting companies. I see OVH and Hetzner and Vultr being used by people effectively. I suggest to try one and see how it goes. Low cost to try them out. You learn a lot. Don't get too attached. If you find one unacceptable then switch to another one. 19:56:00 Yeah, I'm not too worried about moving servers once I get it set up. I'm planning to try hard to make it easy to redeploy if I need to. I just don't want to sink the time into it, hop a bunch of servers, and find I should have just not bothered, so I figured I should ask some more knowledgeable people about it first, which lead me here 19:56:02 Linode is decent enough, but yes, US-based 19:57:37 I'm a bit concerned about hosting since I can be kind of picky about where I want things hosted, especially more sensitive things like an email server. For most things I've hosted, that hasn't been the slightest issue, but with email... 20:00:25 what are your concerns? 20:03:48 For the US, that's where all of Big Tech is trying to hoover up as much data as possible, plus the increasing lawlessness of the administration, I find them hard to trust. More generally, I like to have more personal/private services run on servers outside the jurisdiction of whoever is most able to and interested in invading my privacy, which generally means not the same country I'm living in 20:05:04 I run things perfectly legally, but I still find it advantageous to just... Not have to worry about that, especially for something like email that's such a huge view into someone's personal life and is unfortunately basically all plaintext 20:05:31 I'm sure this would've happened anyways, no matter what administration would be at the helm. Self-hosting is an actionable step against Big Tech shenanigans. 20:06:35 This is the inevitable end of the US's trajectory left unchecked, yeah 20:07:15 Remember, you are responsible for your own destiny ;) 20:07:46 Good luck 20:13:08 Well, as much as I appreciate keeping things as private as you can. Email is certainly NOT safe in the slightest no matter where it is hosted. 20:14:20 As you'd mentioned, a lot of it still sends plain-text. But, it also gets passed through at least one (usually more) MTA's as it's transferred. They can collect whatever they want and it doesn't matter how secure or encrypted your mail server is. The data is already in the wild. 20:15:06 Very similar to IRC. You can connect via SSL/TLS all day, but anyone connected via non-encrypted protocols still just pukes out all the data over plain text anyway. 20:15:21 Nothing on IRC is hidden from anyone at all. 20:17:27 ek: what's why I tend to use gpg when sensitive data/discussion takes place 20:17:29 well, you can have channels tls only 20:20:16 Now that's a funny side-effect of asking portfmt to sort variables: https://paste.karlsen.tech/?452e9fb6851be9e7#6Gif7LZAHNSNvAyX1mPnqQDZqDmzRbVMiXMdNxpofcrk 20:24:15 hm, why does it try to reformulate COMMENT? And how does it try? At least some of the rules it has for that are bad 20:26:07 checkpoint: Yeppers! 20:27:02 nimaje: You definitely can. And that's the first step in IRC's battle to be encrypted. You can also not allow non-encrypted connections. But, I think most people really don't care. 20:27:04 ek: yeah, it's not a super meaningful attempt alone, but the more people opt to try to do something about it, the better positioned self hosters will be 20:27:19 Rule #1 of IRC'ing, don't toss out any personal information. 20:27:54 TheTaoOfSu: I agree! I run my own mail servers for that exact reason. Not to mention, internal deliveries are always perfectly fine. 20:28:25 An email sent to Yahoo, Gmail, etc..? Totally open for anyone there to read. 20:28:46 Unless you use encryption for the email itself, obviously. 20:29:36 I found an Indian host I might try... Terms suggest they're okay with email so long as you abide by some guideliness, mostly targeted at commercial users 20:29:57 Sounds right up the alley. 20:30:32 Be aware that some mail providers (fairly rare, but it does happen) use GeoLocation to block connections as well. 20:30:46 So, someone might be blocking India for obvious reasons. 20:30:52 lol of course they do 20:30:54 mandating tls is pretty easy to configure; i know my client also has an OTR feature 20:31:07 but that's not a server-side thing nor probably remotely standard 20:32:25 I'd say they almost seem like they're intentionally trying to ruin the ability to self-host and escape their data collection, but I know enough about big tech to drop the "almost", they're 100% doing it, and the only thing stopping them from sealing the deal is that corporations already bought into the decentralization 20:33:40 Yep. Hence the massive pain the ass to even run your own mail server now. If you don't comply to their rules (especially Microsoft's which is almost impossible), kiss your deliveries goodbye. 20:33:41 That's a big part of how Jabber/XMPP got sidelined. Embraced by corps like Facebook and Google, attract all the users because it's just easier to have a single sign-on, put the walls back up, Jabber/XMPP dies out 20:33:55 Either use their services or you're screwed. 20:34:09 I've been dreading jumping through the hoops to set it all up, but I think I'm just gonna pull the plug and go for it just out of spite 20:34:10 have you looked at migadu? that'd tick your box for non-us-based if you are flexible on self host at all (I understand not being so) 20:34:16 respectable :D 20:35:02 mewt: I had not, but now that I do, I think not for me. I'd much rather host it myself if I'm going to move it off big tech 20:35:44 Either you're big enough that I know you and I don't trust you to not be terrible, or you're small enough that I don't know you and don't entirely trust you to stay up forever 20:37:32 * checkpoint admits that self-hosting is not easy, it takes quite a lot of your attention regularily. 20:38:06 Running a MTA is almost a full-time job. 20:38:25 I've heard that, and I've heard it's nowhere near that involved. 20:38:57 * checkpoint has just completed upgrade of one of his servers from 9.4 to 14.3, it took nearly a week to fix broken things 20:39:16 It depends on the number of users, and other factors. 20:39:36 When you make changes and have to support your users, it adds up quickly. 20:40:42 email is definitely not something i am looking to self-host; other things are not so bad 20:40:51 one of the source of issues in such upgrade is openssl lib that made many old ciphers and algoriths obsolite or disabled. 20:41:27 old printers/MFP/scanners stop working right away 20:42:24 So yeah, don't run your own MTA until you can fully commit to it. 20:42:31 also sendmail blocks connections from clients that use old SSL 20:42:40 Not to mention devices that don't support SASL. 20:43:14 Then you have to poke all sorts of holes. 20:43:29 TheTaoOfSu: I've also heard good things about https://openbsd.amsterdam and https://arpnetworks.com/vps 20:43:30 I guess sending isn't really so big a deal. I send an email every like... Few months? Although it'd be nice to get service-related emails to deliver properly 20:43:34 Might be worth looking into. 20:43:46 * checkpoint still in process of debugging one such issue: my sendmail cannot verify TLS when talking to my friend's MTA. 20:43:47 ek: I'll give those a look, thanks 20:44:29 I'm not *too* worried about managing it. I wasn't gonna bring it up since this is #FreeBSD, but I prefer to use Nix, so I'm on NixOS, which means rollbacks are suuuuuper easy if an update borks something 20:44:59 If Nix worked on FreeBSD, I'd probably make the switch. I hear there is/was a project to make it happen, but I dunno how much progress ever got made on that 20:45:34 TheTaoOfSu: What's wrong with ZFS snapshot rollbacks? 20:45:47 Figuring out how to fix it so I can proceed with the update can still be a huge pain, though 20:45:57 * checkpoint considers NixOS a very interesting idea, yeah Nix on FreeBSD would be nice to have. 20:46:37 ek: I haven't spent much time working with ZFS until pretty recently, so it may be worth considering. My understanding was that snapshots would be more space intensive relative to a NixOS config rollback, but that could very easily be a flawed understanding 20:47:12 ek: I think with ZFS snapshots you can rollback only whole filesystem (dataset), but not a dedicated library 20:47:25 I've never used NixOS, but I use snapshots like crazy (and keep quite a while of them for safety) and I haven't had any major problems. 20:48:17 checkpoint: You can rollback anything you want. Even a single file, lib, binary, etc... Doesn't matter. Or, of course, an entire dataset or pool. 20:48:24 * checkpoint uses ZFS (with spanshots) only on back server 20:49:45 ek: maybe, I'm not an expert. on NixOS rollback is just a matter of re-symlinking, AFAIK. 20:49:52 ek: NixOS installs everything to /nix/store and cobbles it together into a complete system based on your config. This allows it to do things like declaratively configure most of the system, install packages with conflicting dependencies because they're isolated from each other, and retaining some of your old configs and all the software required to use it again 20:50:46 That's pretty cool. 20:51:02 TheTaoOfSu: you mean sysutils/nix ? but I haven't tested it 20:51:02 checkpoint is basically right from my understanding. Everything you need for this config or any older config still retained is kept in /nix/store, and most of your system is basically created with a complex system of symlinks and stuff like that, so rolling back is just a matter of changing how you make all those symlinks 20:51:31 For reference, I did run into an inconvenience with snapshots today. I wanted to `zfs send` only the current state of a filesystem, but it complained about missing a dataset or something. I couldn't promote because an error of a conflict with a parent snapshot or something like that. 20:51:32 nimaje: is that the Nix on FreeBSD project? Sounds like it. I don't remember the details, been a while since I looked into it 20:52:04 Ah! I do remember seeing this a while back (likely from BSD Now or something): https://github.com/nixos-bsd/nixbsd 20:52:34 ek: I'm a pretty big fan of it. Some people don't like how it breaks conformation with the standard Unix file hierarchy since you don't really use the conventional /etc, /bin, etc. in the "proper" way 20:52:48 But it provides a ton of really useful features if you're willing to climb the learning curve 20:53:42 And I didn't want to zfs send anything above this directory either. So I ended up piping a tarball for now. 20:55:19 Nix reminds me Plan9's namespace 20:56:04 dango: Did you try running a manual snapshot and then sending that or were you just trying to send an older snap? 20:56:26 ... I'm just curious. Not sure I'll have any solutions, just want to understand what was being attempted. 20:56:40 I do like Plan9! 20:56:42 zfs snapshots don't cost much, for creating it just adds the current root node as a snapshot, but of course the gc can't remove nodes referenced by any snapshots or the current root, so they will start to cost when you modify stuff, but only about as much as you modify 21:00:55 checkpoint: I've heard a little about Plan 9, just enough for it to sound interesting. I'd like to take a deeper look at it but haven't found much reason to prioritize it 21:03:35 Well thanks a lot to everyone who chimed in on self-hosting email. I have to run for the night, but I'll idle overnight at least in case anyone stumbles by later with a good recommendation, but if not, I think I can take a stab at it starting tomorrow 21:04:09 TheTaoOfSu: the last time I tried Plan9 was somewhere around 2001. I think 9front is modern open source Plan9 impementation. 21:04:43 checkpoint: any good usecases for it that I can play with? 21:04:56 TheTaoOfSu: did you come across https://lwn.net/Articles/998153/ at all? 21:05:14 mfisher: I did not. I'll bookmark that and read it tomorrow, thank you 21:05:29 TheTaoOfSu: not sure :), it's too different from FreeBSD :) 21:05:58 checkpoint: I was under the impression it was some sort of file-related protocol, not an OS, so I would think it'd be able to integrate 21:06:38 TheTaoOfSu: protocol is called 9P 21:07:22 checkpoint: maybe I was confusing the two, then 21:09:03 TheTaoOfSu: well, Plan9 (and its derivatives) is based on 9P protocol, a sort of Remote Procedure Call mechanism that is used to create individual namespaces and syscalls 21:11:54 theoretically, the idea of 9P is pretty neat, but in practice it's hard to find a decent usecase for it, mosty because noone else supports it. 21:13:45 I read some people use Plan9 (9front) on SBCs like RPi or similar for industrial monitoring and control stuff 23:06:53 what prefix do nginx modules have on pkg? i.e. brotli, zstd, fancyindex 23:17:18 swee, Since I don't understand your question I will ask what "pkg search nginx" says for you? If it is not already in ports/pkgs then you will probably need to build it from source yourself.