![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/740/169/477/916/693/original/dfa8f1b9beefa405.png)
I decided to try Ubuntu 24.04 with root on ZFS - supported by the installer.
It installed and ran fine.
I decided to upgrade ro 24.10 - it worked, but lost my display settings as it switched from XOrg to Wayland. But it was ok.
I decided to upgrade to 25.04 - I don't know what happened, but a white screen with an alarming text appeared. It says the system is broken and should be restarted.
As soon as I restart it, it reappears.
zfs rollback could help - but I gave up.
Luckily, my daily driver on that PC is openSUSE Tumbleweed
...
Older...
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/031/894/086/553/509/original/631d588632d0d743.png)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/896/104/742/825/185/original/3ea0586dd0f0f5b9.png)
@stefano I had no problem with 24.10 as a starting point. Switched to Kubuntu and upgraded to 25.04. Repeatedly (using VirtualBox for most tests).
I recently tested, repeatedly, the ability to recover after aggressively resetting the VM during an offline system update. A simple command successfully repaired things (online).
What's pictured is recommended on Linux, should not be set on FreeBSD.
#Linux #Ubuntu #Kubuntu #FreeBSD #updates #upgrades
Alt...
KDE settings for software update, recommending application of system updates after rebooting – to maximise stability.
...
![[?]](https://social-cdn.vivaldi.net/system/accounts/avatars/109/398/220/421/270/668/original/11968bd0de111dfb.jpeg)
I noticed that possibility of using zfs and wondered about trying it out. I saw it is used on BSD. I'm using Mint which is an Ubuntu derivitive and ultimately Debian mostly. You chose it only for root. Not for any other partitions? Why is that?
...
@ajlewis2 I use ZFS for all my partitions. With ZFS, you can create datasets, which means you don't need separate partitions. So, when I say "for root", I'm referring to the entire system.
The challenge with this setup is that ZFS is a "second-class citizen" on most Linux distributions. This makes it tricky to run everything smoothly and ensure things don't break after an update. In contrast, ZFS is native to FreeBSD, which is much more robust. Unfortunately, I can't currently use FreeBSD on my MiniPC desktop because of compatibility issues with certain features, like sleep. However, it all works perfectly on my old desktop.
...
Thanks for the information, Stefano.
What pops immediately into mind, though probably not the last word, is "Am I too old to be messing with this stuff now?" I guess I want to do it as much as anything else I'm spending time doing. I have an older laptop to play with. So then do I try installing BSD again or try Linux with ZFS? Or forget about it? Might be a good first step for me to try a linux install using zfs on an old laptop. If that works I can maybe get acquainted with the filesystem.
Probably best to just put it in the back of my mind for now, do other things, and then see what pops up. I tend to be impulsive and eager to tinker and solve the puzzles.
...
@ajlewis2 you're not too old for this, and I'm sure of it.
Maybe you could try with Ubuntu (its installer supports zfs) and, when you're confident with zfs, try with FreeBSD.
I'm sure it will be fun
...
I decided to install FreeBSD. The install seemed smooth (after getting an image with a valid checksum). I chose an partition with an old linux install and reformatted it zfs. I did not choose crypto. It installed quickly and indicated "reboot" which I did, but it goes to Grub and my attempts at using various menuentry found on FreeBSD forum have failed. I tried from grub commandline, too, but "unknown filesystem" is the error.
Does this line mean anything to you?
'/ROOT/mybootenv@/boot/loader'
which would go in the line in the menuentry that is currently.
'kfreebsd /boot/loader'
I'm not quite ready to just give the machine completely over to this project, but I'd like to boot the system. Maybe I missed something on the install. A reinstall is easy enough.
Meanwhile I'm taking today off from this thing.
![[?]](https://media.witter.cz/accounts/avatars/109/365/852/327/923/849/original/29baa5c9bad0c2e9.png)
@stefano Hmmm... One question: Do you understand the concept of LTS?😏
...
@theron29 I think I do 😉
...
@stefano Just wanted to make sure... 😇
(Since installing a stable-devel version over another stable-devel version over the LTS version - and then be surprised that some things might not work 100% stable - looks like a bit of a... well... uninformed experience... 😅 )
...
@theron29 Perhaps I'm wrong, but I've always considered LTS releases to be those supported for a long time (I currently have several hundred Ubuntu LTS servers in production), while non-LTS releases have reduced support over time, but are still full releases - not development snapshots. What surprised me, however, is that the transition from an LTS to a non-LTS version didn't show any problems, whereas the issue appeared when going from 24.10 to 25.04, which are two consecutive non-LTS releases. I'll still be curious to try again and understand what went wrong.
...
@stefano Well, the purpose of those stable-devel versions (being released in between those LTS versions) is actually to prepare for the next LTS; they contain new things, updates and technologies for the next LTS. So although they work usually without issues on their own, to migrate from LTS to these stable-devel versions might be bumpy.
The only migration where I expect not to see any issues is from older LTS to newer LTS.
So if you need more up-to-date os, LTS distro might not be for you.
![[?]](https://static.mamot.fr/accounts/avatars/000/000/868/original/fad3b11299ce96d8.png)
@stefano On #ubuntu, I never upgrade from anything else than #LTS to anything else than LTS (20.04 > 22.04 > 24.04). When the first #minor_release_point is out (22.04.1, for example) you can use the do-release-upgrade tool (WITHOUT -d option !). Incidentally, I always switch to a virtual terminal (CTRL + ALT + F[3-9]) to do that, top avoid graphical environment problems during the procedure.
Provided those conditions are fulfilled, it's never failed me.
...
@nore715 thanks for the hints. I used to do this 15 years ago. But the strange thing is that from LTS to non LTS was fine, the problem arose from 24.10 to 25.04 (so between two non LTS releases). I'll retry the same route just to try to understand what's happening.
...
![[?]](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAEAAAABAAQAAAACCEkxzAAAAUUlEQVQoz43R0QkAMQwCUDdw/y3dwEvsvzlL4X1IoQkAisKmwfAFT3RgJHbQezpSRoXEqeqCL9BJBf7h3QbOCCxV5EVWMEMwG7K1/WODtlvxAYTtEsDU9F34AAAAAElFTkSuQmCC)
@stefano @nore715 I do not want to use Linux, but I need to in some circumstances. I have left Ubuntu for many reasons, but chief among them is the update procedure when using ZFS. I have switched to Debian bookworm. The main difference is that the Debian ZFS kernel modules are *compiled* during an "apt update". So far, no problems. Yes, the separation between boot pool and root pool is annoying, but not really a showstopper.
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/508/940/914/201/063/original/94cf855aa8db9c98.webp)
@stefano Tumbleweed??? Not FreeBSD? I guess for a workstation it’s sometimes more convenient to use something that comes ready to use out of the box, isn’t it? But I’m trying to avoid systemd and Pulseaudio, so options are limited.
...
@NebulaTide I know, but I need suspension support and FreeBSD isn't there, yet.
On the older workstation, I've always used FreeBSD and it's always been great.
...
boosted@stefano @NebulaTide
What most surprized me recently:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285741
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285803
What?! Suspend/resume "WAS" working?!
These PRs are resolved by disabling GSP firmware, and it's now the default on #FreeBSD #ports side.
After that, cutting edge GPUs like RTX 5070 doesn't work for X11/Wayland without GSP firmware loaded, so we need to modify too aggressive way for disabling GSP firmware to be more gentle way that allows forcible enabling via tunable.
Note that suspend/resume never worked for me after switching from APM (PAO based) to ACPI. All were several models / generations of ThinkPads, IBM and Lenovo. So never thought such PRs are arose.
...
![[?]](https://media.bsd.network/accounts/avatars/000/026/574/original/5af518149372faf1.jpeg)
@TomAoki I’d love to see NVIDIA suspend resume working for my Ryzen desktop @stefano @NebulaTide
...
@TomAoki @stefano @NebulaTide after reading those PRs, I re-tested, and suspend & resume works as of today on my Ryzen Desktop. Fantastic!
With my "cutting edge" low power fanless GPU , an RTX 3050 https://www.palit.com/palit/vgapro.php?id=5147&lang=en
**now I need to go upstairs to wake it up again..
...
![[?]](https://snac.void.my/madamada/s/avatar-db29b53530cce56ebd89a06f3456f9e4.png){kind=avatar}
CC: @TomAoki@bsd.cafe @stefano@bsd.cafe @NebulaTide@bsd.cafe
@stefano Suspension on a workstation? I would only consider that for a notebook. I can’t see huge benefits from using suspension on a stationary computer. Is there any specific reason why you need this?
...
@NebulaTide Yes, I'm a strong supporter of suspension, even for a workstation.The reason is that I open my apps and start my workflow. Sometimes I leave my desk, go out, go to a client, go to sleep, etc. and when I'm back, I want to resume my work without having to reboot, reopen the ssh sessions, logins, etc. Especially when something bad happens at night, I reach my desk, push a key and I can immediately start recovering the unresponsive server. No boot, etc.
It works, and my uptimes are usually quite long. Especially with the Macs, it can reach months.
...
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/114/015/825/842/461/035/original/371c29e9c43d5f5c.png)
not again, @stefano :)
You should stay on LTS and never upgrade straight to "unstable" back n forth.
It's like moving from -release to -current and expecting that it will work... and I stop you right now :), you don't run FreeBSD on desktop with the graphic stack (server+DE) which are often the culprit - to pretend it would work.
in the meanwhile, encrypted ZFS on root work fine on Ubuntu 24.04 AND i'm not fond of Ubuntu and their freaking snap
by the way, what do you mean by "i lost my display settings" ?
...
@omar Maybe I was wrong, but I expected a *release* to be a *release*, not an "unstable branch". Supported for less time, but still stable. I was clearly wrong. And this proves to me that the concept of release, nowadays, is quite different (at least on Ubuntu) than it used to be years ago. But it's ok, it's not a criticism. I wasn't expecting to break a (freshly installed) system just upgrading it from one release to the next one. And, please note, it broke from a non-LTS to the next non-LTS. From LTS to non-LTS was ok.
With "lost my display settings" I mean I had set the scale (using a 4k monitor, I keep it at 175%) and the refresh speed (set to 120hz). It was back to the default (1x scaling, 60hz)
...
@stefano For rolling we should definitely not use ubuntu and I would say any full blown DE. I dualboot an ubuntu LTS as it is a baseline for most "proprietary" stuff and infinitely better than windows (which is good for nothing, seriously) and on-par with macos (to me) even though, it is bloated and I can't help myself but to disable some stuff (auto-update, snap, tracker3, etc..) but my wife uses a vanilla version and she's happy or I would say, doesn't complain and more importantly, I don't have to intervene. :P
My advise: Use ubuntu LTS as you would use macos, I guess you don't really care to tinker or go deeper in linux on desktop.
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/114/190/658/162/860/829/original/98696a3d476c64fd.png)
...
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/112/333/060/238/284/470/original/1c072481f6f94ff9.png)
@lejax I use NSD but the zone files are basically the same as Bind9's. When I do changes, I first commit them to a local git server (Gitea in a VNET jail) and then push them to my name servers (also VNET jails) via ansible.
![[?]](https://comam.es/snac/susie.png)
Added a server-wide Webmention hook; this way, if somebody out there (that supports Webmention) links to a user or post in this instance, a notification is sent (this is the complementary of what was implemented in version 2.76).
Fixed regression while sending email via pipe on OpenBSD.
Fixed Markdown parsing when the URL has parenthesis.
Always show the 'pending follow confirmations' section if there are any (even if the toggle is off).
If a metadata value is an account handler, it's also tried to be validated (rel="me" links).
Another search by URL tweak (this time for Pixelfed links).
Mastodon API: fixed a bug that made some boosts disappear after being shown in apps like Tusky, added followed hashtags maintenance, other minor changes.
Renamed command-line actions create_list to list_create and delete_list to list_remove.
The default favicon URL can be changed from the server configuration.
New command-line option export_posts, to export all posts by a user in a JSON format compatible with the one generated by Mastodon.
The command-line options to send notes also allow an optional -r argument, to set the URL of a Fediverse post this note is a reply to.
If you find #snac useful, please consider buying grunfink a coffee or contributing via LiberaPay.
...
...
I've just updated my blog post: Make your own E-Mail server - Part 1 - FreeBSD, OpenSMTPD, Rspamd and Dovecot included
...
Older...
![[?]](https://static.toot.community/accounts/avatars/109/276/200/938/177/036/original/873856e70d624453.jpeg)
![[?]](https://cdn.fosstodon.org/accounts/avatars/106/835/806/787/763/704/original/52cf769fd1c1b183.png)
@stefano so hetzner also block port 25 for new users. Is that permanent or does it expire? The same applies for the one long established VPS I have. I was using a smarthost from the company I get my domain from and they just turned it off with minimal warning. Is there anywhere I can get access to outgoing port 25? Even if I have to take the 60% chance of starting with bad IP reputation?
...
Vultr/Linode do allow it on requests..
@okapi if i remember correctly, it is for six months. The hetzner ips are usually clean enough. Ovh has a more relaxed approach but this means high probability of a listed ip
wblist_admin.py..So using the tool, first blacklist all recipients and then whitelist the one's I trust/allow..this way, I can turn off all the spam features on the mail server as I know the whitelist sources are clean..
So now, the mail server just runs Postfix, Dovecot and Nginx but I have Nginx disabled and only enable it when I want to do administrative tasks from the frontend..
NOTE: This only works on a personal self-hosted email server :>
@stefano If I didn't already have so many unfinished projects, I would love to immediately set up my own mailserver after reading your blog post. 😁
...
![[?]](https://neander.social/system/accounts/avatars/114/491/045/194/104/606/original/c53a82b6e6da5623.jpg)
@subnetspider @stefano I can feel that. So many interesting thing, so less time
...
Client messages me: "Login isn't working! Fix it immediately!" - followed by a string of complaints about how it can't just stop working "all of a sudden" on a Saturday morning.
I ask for their login details, immediately notice they're using the wrong username, and point it out.
Their reply: "Ok."
Sometimes a "sorry" would be nice. 😂
...
Older...
![[?]](https://media.norden.social/accounts/avatars/108/211/033/114/136/767/original/c1fd2790d2dd175d.jpg)
@stefano That is why I no longer work for customers but with students. Both groups sometimes lack knowledge or skill but the latter wants to learn (mostly).
![[?]](https://mastodon.giftedmc.com/system/accounts/avatars/111/283/273/004/122/255/original/463c51a6d812105f.webp)
@stefano
Holy shit. These people somehow always get lost in my pile of work from that monent on. I cant seem to see their messages, tickets or other things. I might even come by their office after hours and "help" their office decoration a bit.
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/112/373/700/241/845/642/original/6d10bbc1d5e4eca0.jpg)
@stefano hahahaha nice story, ask them next time to use regular username instead of "Saturday morning one" 😜
...
@stefano Reminds me of this story from the venerable site Rinkworks:
'Once I got called to the office of a co-worker (let's call him Joe User) to help him figure out his username (he knew his password).
Me: "Your username is 'Joe User'."
Him: "Unacceptable! How much am I supposed to remember? I can only remember a certain number of things."
Me: "Wouldn't one of those things be your name?"
Him: "I guess I'll have to write it down."
He proceeded to write his own name on a sticky note and attach it to his monitor.'
![[?]](https://anarres.family/system/accounts/avatars/110/513/151/988/103/664/original/613e74166933a604.png)
@stefano @ics Many years ago I was leading a project for a customer where we rebuilt the whole online app (voting app for annual general meetings). And the project manager on the customer side called and complained that the new site *does not look at all* like the old one. We had a conference call with the engineers, because I had no idea what the problem was. Again she heavily complained without giving any details.
Then a Russian colleague leaned over to the phone and very slowly said: "Please press Ctrl-0."
And she made a surprised sound: "Ha! Now they look the same!"
We tried to explain that she had manually zoomed the one window, but not the other one. And her answer was: "Fine, fine. Please make sure this doesn't happen when I'm presenting at a customer!" 
...
![[?]](https://files.mastodon.social/accounts/avatars/113/703/330/252/212/961/original/9f9db6ceed78377d.jpg)
"Your repeated use of wrong credentials triggered the server lock defense mode.
Now I'll have to charge you for the repairs"
![[?]](https://mastodon-media.jamesoff.net/accounts/avatars/000/000/002/original/1d737475e632012d.png)
@stefano When I ran the mail servers at work I had a sales guy mail me and cc management including the CEO saying delivery from external addresses wasn’t working and I needed to fix it, quoting a bounce message he’d received from a test.
I replied all to ask if he wanted me to update his account to match the misspelling of his surname he’d used in the test.
...
@jamesoff oh yes, I had to do this, too. A person was sending e-mails to a customer misspelling the surname. The customer asked me to create an alias 🙂
...
@stefano When I was buying my car the dealership spelled my domain wrong in my email address and it was easier to buy that domain and point it at my hosting for a year than try to get them to fix it in all dealer/manufacturer systems it had propagated to (luckily on a cheap TLD)
![[?]](https://media.mstdn.social/accounts/avatars/109/287/346/262/020/261/original/4627ce6796e1a634.png)
![[?]](https://hostux.social/system/accounts/avatars/112/390/263/931/470/110/original/441a425e9f83b04a.jpg)
@stefano One of the most hilarious things happened to me was in 2002 when a customer sent me an email telling me that the email server wasn't working "AT ALL". Then I replied him via emal telling him: Ok, but tell me... if the mail server is not working, why are we exchanging emails right now?😜
![[?]](https://cdn.masto.host/floss/accounts/avatars/000/061/282/original/e8cd8a5185e1eec3.png)
@stefano Nobody has any respect for IT workers. Absolutely no respect at all in any company. All these companies talk about mental well being and respect in the workplace but then find it acceptable to speak to IT workers with absolute contempt.
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/033/293/822/670/571/original/436dcf170cc75fdc.png)
@stefano "Give them enough rope to hang themselves", install a web frontend so they can manage their credentials ... accessible only at premises /bofh
![[?]](https://media.exquisite.social/exquisite/accounts/avatars/109/491/199/486/260/631/original/fd8523256a635901.png)
![[?]](https://snac.rblgk.sh/blainsmith/s/avatar-6dc00422d7717f0c3ba775b05c35083f.png){kind=avatar}
Would be therapeutic to say back. 🙂
...
@blainsmith eheh i Just respond politely as we all make mistakes. But I don't love that aggressive way of complaining.
Latins used to say: Stultum est queri de adversis, ubi culpa est tua. (Seneca)
(It's stupid to complain about the fate (problems) when it's all your fault)
![[?]](https://media.phpc.social/accounts/avatars/109/286/374/993/928/583/original/c2b61546c008fbef.jpg)
🇨🇦@stefano No complaints here, I suppose I am very fortunate. The user base from a few of my clients is always respectful and apologetic if the fault is indeed on their end. 🥰
![[?]](https://cdn.masto.host/thepitsocial/accounts/avatars/113/017/722/794/575/297/original/6e7ec2824b01c8b9.png)
@stefano I have occasionally called IT just to let them know that my computer is working great and they do good work.
![[?]](https://hhsocial.de/system/accounts/avatars/109/456/499/953/474/036/original/9fd8a245da5504b4.jpg)
...
![[?]](https://storage.gra.cloud.ovh.net/v1/AUTH_91eb37814936490c95da7b85993cc2ff/bildungsocial/accounts/avatars/109/252/430/547/005/270/original/0d8fade3c722f707.png)
@stefano Back when I was freelanding, I sent such clients an invoice about half an hour of support (the minimum time unit) with the line item („memory refreshment“). No, I didn‘t lose these clients, but they thought about calling me on the weekend the next time. 😎 But maybe that was a different world, decades ago.
...
@Linkshaender 🤣
Yes, a different world.
...
@stefano Just tbh, I had clients with problems on a weekend and when I arrived at their office, the had a great coffee and a sandwich prepared for me. There are clients and clients, just like everywhere.
...
![[?]](https://cdn.fosstodon.org/accounts/avatars/000/321/008/original/db981c4f993f59ec.png)
#FreeBSD I just upgraded my systems using #pkgbase and I can tell you it’s fscking awesome. I have been running CURRENT for years, building from source, and this is a game changer.
pkgbase is actually already available in 14.3 but … erm … we haven’t quite got the documentation sorted yet. Working on it!
...
@dch I'm upgrading my hosts to 14.3 using the old approach right now, but it's soooo slow, especially with low-powered x86 devices. Some of them have been at it for an hour at this point. I hope pkgbase will be faster than freebsd-update?
...
@subnetspider yes a shit load faster. You can try FreeBSD-rustdate in ports it’s also significantly faster but still does “old school” style.
The big win is that you don’t checksum every single file and apply 7000+ small patches.
This was a win in the days when bandwidth was scarce and pricey, but for most people, downloading a full tarball is 10-20x faster than the patch approach.
...
Hey, maybe you could post the steps taken to upgrade with pkgbase for those early birds(me) that want to try it sometime..
...
@madamada I have some rough notes here but more for people who are already building from sources. I can share these over the weekend I think. Thanks for being willing to test!
@subnetspider @dch It’s so much faster and more convenient. Just run a pkg update and that’s it. Super fast. I guess you won’t regret the change.
...
@NebulaTide @dch Is pkgbase stable to use on (home) production servers yet?
...
@subnetspider @dch I haven’t seen any issues. But if you want to be safe, wait until it’s officially out.
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/111/697/277/820/456/122/original/886dd177470837e8.jpg)
@dch likewise I’ve been using it on CURRENT and its amazing.
I’m waiting for the official blessing before converting over my 14.3 boxen
![[?]](https://files.techhub.social/accounts/avatars/109/318/429/400/784/230/original/f8ffcdd847d7291f.jpg)
![[?]](https://wizard.casa/media/6b72567db03b98ddb6a59e579fb244e4c18245672af523c32ebde5b781390599.jpe)
Found a nice 7 bit strength yggdrasil vanity address and am using it for wizard.casa here:
http://[207:1337:84e2:31bf:ba91:8ff7:d6ae:cafe]
let me know if anything is broken, all I've done was made sure I could curl and get a response from another yggdrasil node
cc: @ps @silverpill
...
@nimda @silverpill congratulations!
only one problem - you've mirrored the internet node:
yes, Yggdrasil users can read your website, but can't interact with API
try follow this my account - it has internal ID
@ps@[302:68d0:f0d5:b88d::fed]
So by using Yggdrasil in the Fediverse context, you may want to setup API interaction, anyhow. Because I can't subscribe your internet ID (resolved IP) from the local network.
For me, Yggdrasil+Fediverse is just parallel dimension/galaxy, not integrated with the internet federation (ActivityPub protocol requires host name as the part of user ID).
p.s. see also subnet addresses to run multiple services using different host:
http://[222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c]/yggdrasil:subnet_setting
...
@ps @silverpill Thanks for checking it out, I'll see what I can figure out
...
@ps I see, I can access and use the instance but not federate over yggdrasil, @silverpill the only thing I can think of that might work is using the proxy_url param with something to route yddgrasil traffic? or am I overthinking it
...
@ps @silverpill nevermind, it works with mitra v4.4.0 
...
@nimda @silverpill not sure about Mitra implementation, but it's ActivityPub level: for example, I can't follow username@wizard.casa because wizard.casa is the internet (not local) host (IP resolved is not 0200::/7).
I can view the web interface, but API interaction still goes to original host ID.
The only option imho, is using proxy with content replacement (e.g. with sub_filter) or maybe handle these multiple IDs with Mitra backend from some aliases array in config, according to the current address family of connection.
In other words, multi-network mode support would be super useful feature for Mitra, because all solutions I know, works with Internet mode only.
For example, we can create some networks routing Enum with address match implementation (you can find an example for Yggdrasil pattern in the Alfis DNS: https://github.com/Revertron/Alfis/blob/master/src/commons/mod.rs#L107, same for Mycelium, CJDNS, etc)
Doubts only is it possible, as the messages stored in JSON format, where content includes static links to only one ID. Thoughts, the ActivityPub restriction.
...
![[?]](https://mitra.social/media/6a785bf7dd05f61c3590e8935aa49156a499ac30fd1e402f79e7e164adb36e2c.png)
>I can't follow @username@wizard.casa because wizard.casa is the internet (not local) host (IP resolved is not 0200::/7).
Is it because you don't want to allow internet connections?
@madamada was able to follow my account from the yggdrasil instance, that means it is not impossible.
>Doubts only is it possible, as the messages stored in JSON format, where content includes static links to only one ID. Thoughts, the ActivityPub restriction.
This restriction can be removed if we start using server-independent IDs:
https://codeberg.org/fediverse/fep/src/branch/main/fep/ef61/fep-ef61.md
I am working on implementing it in Mitra.
...
I am working on implementing it in Mitra.Is this in the latest 4.5.0 ?
CC: @ps@wizard.casa @nimda@wizard.casa @madamada@[201:247c:41e9:5c8f:a612:2818:5e9a:e868]
...
@madamada Yes, but this feature is disabled by default. You can enable it by setting federation.fep_ef61_gateway_enabled to true in your configuration file
https://codeberg.org/silverpill/mitra/src/branch/main/docs/c2s.md
It also requires a special client:
![[?]](https://mitra.void.my/media/58b22585bf961f9c5b836b7b337833271c5954f5c3056c11cdc24c41982aaaca.jpg)
@ps @nimda @silverpill Yggdrasil addresses like IPv6, are hard to remember .. maybe create a subdomain y.wizard.casa pointing to your Yggdrasil address ..
![[?]](http://[201:247c:41e9:5c8f:a612:2818:5e9a:e868]/madamada/s/4c95c5cd81bfcfb19ed7969930accf60.png)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/111/861/252/987/458/799/original/e72e943243b2a512.png)
The scanner is growing up.
...
![[?]](https://media.bsd.network/accounts/avatars/000/017/286/original/62d6026d07202579.jpg)
There are 3 approaches to this .. the ndproxy approach, the NAT66 approach and the vnet jail approach. They all work depending on scenario..
I'll be doing some more tests just to catch any surprise cases that might pop up.. I'll maybe then write a simple guide to get this done all ways 🙂
...
Tayga CLAT on FreeBSD 14.3-RELEASE with NDPROXY
CLAT as part of 464xlat as defined in RFC 6877 is meant to be running on an IPv6-only host.
The Setup
pkg install gmake gcc ndproxy-3.2.1403000_1
Get the tayga git repo
mkdir /root/staging ; cd /root/stagingPrepare tayga configuration
git clone https://github.com/apalrd/tayga.git
cd tayga
gmake
cp tayga /usr/local/bin/
mkdir /var/db/tayga
chown nobody:nobody /var/db/tayga
cat /etc/tayga.confReplace 2001:db8:1:1:: with your own IPv6 prefix. I am using my own NKP prefix here for NAT64. You can use one from here
tun-device clat0
ipv4-addr 192.0.0.2
ipv6-addr 2001:db8:1:1::65
#prefix 64:ff9b::/96 # Well-Known Prefix
prefix 2001:db8:64:64::/96 # Network-Known Prefix
data-dir /var/db/tayga
wkpf-strict no
map 192.0.0.1 2001:db8:1:1::64
log drop reject
Write a script to configure the clat0 interface and it's routes and save it as /root/bin/routes-clat.sh
#!/bin/shMake the script executable. Next setup tayga and ndproxy to start on boot..
ifconfig clat0 inet 192.0.0.1/29 192.0.0.1 up
ifconfig clat0 inet6 -ifdisabled
route add default -iface clat0
route -6n add 2001:db8:1:1::64/127 -iface clat0
cat /etc/rc.conf.localDownload the rc script for Tayga
# TAYGA (CLAT)
tayga_enable="YES"
tayga_interfaces="clat0"
# NDPROXY
ndproxy_enable="YES"
ndproxy_uplink_interface="vtnet0" # host interface
ndproxy_downlink_mac_address="xx:xx:xx" # host mac address
ndproxy_uplink_ipv6_addresses="fe80::xx:xx:xx" # gateway link-local address
ndproxyconf_exception_ipv6_addresses=""
curl -O https://buster.xpath.my/tayga/rc.d-tayga.txtNow that everything is in place, time to start and test it..
mv rc.d-tayga.txt /usr/local/etc/rc.d/tayga
chmod +x /usr/local/etc/rc.d/tayga
service tayga startTest with the ping command. Example output will look like this:
service ndproxy start
sysctl net.inet6.ip6.forwarding=1
sysrc ipv6_gateway_enable="YES"
ping -c3 1.1.1.1With curl:
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=37 time=216.021 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=37 time=216.013 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=37 time=215.861 ms--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 215.861/215.965/216.021/0.073 ms
curl -kI https://8.8.8.8/NOTE: If you are using NAT64/PLAT address from nat64.net, some of them might block ICMP. If so test with curl instead. Latency-wise, it is better to run your own NAT64 or use one that is geo closer to you. You can either use #Jool or #Tayga for NAT64.
HTTP/2 302
x-content-type-options: nosniff
location: https://dns.google/
date: Sun, 22 Jun 2025 06:41:58 GMT
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 216
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Please test and provide feedback. Thanks 🙂
...
Older...
![[?]](https://eigenmagic.net/system/accounts/avatars/109/390/362/420/663/973/original/99c35790715fe114.png)
...
...
...
![[?]](https://cdn.soc.feditime.com/uploadsocfeditime/865e07be-5fe6-456f-baf5-c18426a5f672/Jason-2.jpg)
@madamada at some point this blog post could be an amazing conference talk! I need to look up what CLAT even is now
...
I should also mention a lot of work is currently being done in Tayga by the new maintainer apalrd so expect new features and performance improvements soon 🙂
@madamada On the translation side everything seems to be working, but on the routing side, I'm completely stuck ... :(
...
...
@madamada On a FreeBSD 14.3-RELEASE VM. I think I'm doing something wrong with the networks in rc.conf / tayga.conf / my firewall though. In particular, I don't know where in my network I have to the NKP (FreeBSD VM? Firewall?) and so on.
...
You setup rc.conf as usual, on the Tayga side, they use a different address under the same IPv6 subnet..
Update:
On the firewall, pass quick on clat0 all or check with tcpdump..
During my tests, I disabled the firewall just to rule out if there was an issue, the firewall isn't at fault and something else was..
...
@madamada Oh wait, I think I know what I've done wrong - Tayga is only converting IPv4 to IPv6 here, I still have to convert it back to IPv4 on with NAT64 the router / firewall... 🤦♂️ (because CLAT = NAT46)
...
It assumes you already have a local NAT64 in place which makes things a little easier to set up..
These steps are rather brief, assuming you already have Tayga installed..
CLAT on Host
Tayga configuration
> cat /etc/tayga.confRoutes
tun-device clat0
ipv4-addr 192.0.0.2
ipv6-addr 2001:db8:64:a::65
prefix 64:ff9b::/96
data-dir /var/db/tayga
wkpf-strict no
map 192.0.0.1 2001:db8:64:a::64
log drop reject
> cat /root/bin/routes-clat.shStart CLAT and run the script..
#!/bin/shifconfig tun11 create name clat0
ifconfig clat0 inet 192.0.0.1/29 192.0.0.1 up
ifconfig clat0 inet6 -ifdisabled
route -n add default -iface clat0
route -6n add 2001:db8:64:a::64/127 -iface clat0
service tayga startNAT64/PLAT
/root/bin/routes-clat.sh
sysctl net.inet6.ip6.forwarding=1
The NAT64/PLAT is configured on a dual-stack machine.
Tayga configuration
> cat /etc/tayga.confRoutes
tun-device nat64
ipv4-addr 10.64.64.1
prefix 64:ff9b::/96
wkpf-strict no
dynamic-pool 10.64.0.0/16
data-dir /var/db/tayga
log drop reject
> cat /root/bin/routes-nat64.shStart NAT64 and run the script..
#!/bin/sh
net4='10.64.0.0/16'
pref6='64:ff9b::/96'ifconfig tun11 create name nat64
ifconfig nat64 inet6 2001:db8:64:a::8200/128 up
route -n add -net $net4 -iface nat64
route -6n add -net $pref6 -iface nat64
service tayga startDNS64 - DNS64 with BIND9 or Unbound
/root/bin/routes-nat64.sh
sysctl net.inet.ip.forwarding=1
sysctl net.inet6.ip6.forwarding=1
BIND9
dns64 64:ff9b::/96 {
clients { localhost; localnets; trusted-nets; };
mapped { !10/8; !192.168/16; !172.16/12; any; };
exclude { 0::/3; 4000::/2; 8000::/1; 2001:db8::/32; };
recursive-only yes;
break-dnssec yes;
};
Unboundmodule-config: "respip dns64 validator iterator"This guide is based on my tests running on a FreeBSD VPS. The host acted as a CLAT client
dns64-prefix: 64:ff9b::/96
and then later as a NAT64 router with the CLAT running in a vnet jail.
![[?]](https://itoot.alexx.space/system/accounts/avatars/114/632/917/153/048/040/original/e4c713233c2d6fcf.webp)
Alejandro C. 
I'm once again asking the #Fediverse for a little bit of it's enlightenment.
What non USA-based #VPS are you using, or you recommend?
Currently with Linode. And even though I've just migrated from a Texas located node to a Canadian (Vancouver) one, I would really like to use the services from a company that's not under the jurisdiction of the orange tyrant / clown.
Preferably one that can offer me a machine close to my current location (Mexico).
Atm, #Hetzner , Netcup, Contabo & Mythic Beasts looks promising. Anything I should know before getting involved with any of those?
Thanks in advance for reading! 
...
![[?]](https://files.mastodon.social/accounts/avatars/000/152/394/original/6876IMG_20190421_142631.jpg)
...
![[?]](https://cdn.masto.host/indiewebsocial/accounts/avatars/112/693/594/696/597/817/original/80ca0d3825ab91b2.png)
...
@bekopharm @Alexx to be fair I never tested #IPv6. The farthest I went is to set up the #AAAA records. 😅
...
...
![[?]](https://ipv6.social/system/accounts/avatars/109/267/917/602/685/335/original/1cc9d1e32a1c6faa.jpg)
I can confirm that Contabo's IPv6 is not stable. Their support also refers to the server by its IPv4 address.
...
...
@madamada @miyuru @bekopharm @panigrc @Alexx Same here, with IPv6 being unreliable as hell... I had to set up a script that pings to outside over IPv6 every 4-5 minutes to keep my incoming link stable. And indeed, only the first of the /64 is usable.
Stay away from Contabo if you need IPv6.
(I now have a server host migration on my TO-DO list.)
...
@namedbird @madamada @miyuru @bekopharm @panigrc
Well, I'm using the VPS as a reverse proxy to expose my (very little) home-lab to the internet, as it is a very unpleasant experience to get a public (even a dynamic) IP here in Mexico for a residential domicile, so connectivity is very important. Specifically because I'm willingly relying on IPv6 for the sake of learning.
It seems like Contabo is a rotund No.
Thanks for sharing your experiences, y'all! 
![[?]](https://cdn.tenforward.social/accounts/avatars/113/478/419/701/443/766/original/67e87677e8793fa1.png)
There has been quite a bit of buzz lately about Linux distros wanting to drop 32-bit support.
I would also like to drop 32-bit support. 32-bit IPv4 addresses that is.
...
![[?]](https://files.mastodon.social/accounts/avatars/000/361/851/original/5fda231f70bd86f7.jpg)
@nivex Hm... building an IPv6 only disto.
...
@quux Problem is (last I heard) you can't compile IPv4 out of the kernel without disabling networking entirely. Not to mention how much of userland would break. I don't even want to think about how much 127.0.0.x is hard-coded into places.
...
Older...
@nivex Fun!
...
![[?]](https://ipv6.social/system/accounts/avatars/111/296/888/673/560/456/original/374470677fbb1c2c.png)
...
@litchralee_v6 @quux It would be a difficult sell. IPv6-only networks are still seen as "enthusiast" domains and "Disable IPv6" tutorials are still prevalent among the "security" crowd.
![[?]](https://gruenesocial-userfiles.nbg1.your-objectstorage.com/accounts/avatars/109/360/323/392/220/323/original/4966236a292bd12e.jpg)
The IT-Notes blog is now served by the 1 euro/month #NetBSD VPS, too.
...
Older...
@stefano Pretty amazing that your blog on a 1€/month VPS has so much faster loading times than almost all of the websites I usually visit, but then I guess that's a given, because my browser doesn't have to download hundreds of megabytes of JavaScript and run hundreds of trackers in the background. 😁
...
@subnetspider exactly. Keeping things minimal and simple doesn't mean ugly and outdated.
...
@stefano Not everything needs to be NASA level of stability, Google level of scaling, or IBM Z Mainframe levels of redundancy.
Because like you showed us, a blog with >99% uptime, scaling (with a DIY CDN) and less than 1 second of load times are all achieveable with minimal complexity and tiny budgets. 😎
...
![[?]](https://media.mastodon.cloud/accounts/avatars/109/746/178/721/531/398/original/c6b29de60c3f938b.jpeg)
@subnetspider @stefano I can’t agree more. One can do a lot with basics and very well considered backup/restore options.
![[?]](https://frankfurt.social/system/accounts/avatars/109/313/152/576/636/236/original/4d0b8c6547b0d4da.png)
@stefano Couldn't resist. :D
Alt...
If those kids could read they'd be very upset meme saying
"A 1€/month VPS is enough to serve websites" to the devops team.
...
...
...
...
...
...
...
@madamada @subnetspider yes, the Piko VPS is sold out at the moment.
I've tried one of those IONOS VPS servers many years ago. Maybe it's time to try a new one. But yes, when FreeBSD is not supported, I use mfsbsd.