MadaMada
@madamada@snac.void.my
SysAdmin with a simple life..interested in FOSS, FreeBSD, Linux, IPv6, cloud stuff and whatever things that come along the way I find interesting..
MadaMada
@madamada@snac.void.my
Well.. got #steam working on #FreeBSD. Not sure how to solve the /compat/linux/dev/shm thing automatically but it's downloading the games.
Alt...
A picture of my i3 desktop running Valve's Steam client on the left-hand side of the screen which is downloading Portal 2 and Skyrim. On the right-hand side is a terminal window with fastfetch text showing the system is running FreeBSD 14.3-RELEASE-p3.
Outcome of testing #Steam on #FreeBSD:
1. Downloading and installing games was painful. Steam would crash with some monitor file descriptor assert error. I had to start Steam multiple times to install a game
2. Running games is impossible:
"lsu-bwrap-stub.rb: Bubblewrap doesn't work on FreeBSD. Select LSU chroot or Legacy Runtime in the game compatibility settings"
Selecting Legacy Runtime made Portal 2 run but the graphics are all messed up and stuttery.. setting graphics to 1920x1080 made the game and Steam crash out. Why back in and getting loads of graphics corruption.
Skyrim didn't run at all no matter what I tried.
Sadly this experiment didn't go well.
It's not quite there yet..but it's getting there bit by bit..
Hopefully FreeBSD 15-RELEASE will be an upgrade to all that..
Hey #FreeBSD friends: Is there some kind of severe rate/connection throttling in base sshd? I was able to connect once and then since then, it hangs. Off I telnet to port 22 I do get a banner but the key exchange just hangs and I get a connection reset after a while.
Am I better off disabling the base sshd and install openssh server?
Netgate sponsors the modernisation of the FreeBSD variant of pf(4)
FreeBSD 15.0 is expected to bring noticeable improvements to its pf(4) variant. This will also benefit pfSense and OPNsense.
5 days to go!
Secure e-mail stack with OpenSMTPD, Rspamd, Dovecot – on FreeBSD.
#EuroBSDConAdvent #EuroBSDCon #BSD #FreeBSD #OpenBSD #NetBSD #DragonFlyBSD #ZFS #PF #RunBSD
@stefano 5 days to go until what?
Re Zimbra, I think it lives on as Carbonio developed by your own paesani at Zextras. There's commercial support available, too.
@Nux It's the EuroBSDConAdvent calendar, so 5 days to EuroBSDCon 🙂
Zimbra is still Open Source, they just don't provide the builds anymore - but you can build it yourself.
Carbonio is another software - a Zimbra fork.
@stefano Oh, how lovely, have a nice time there! Hope to catch up with the slides and recordings, would love to come in person at some point.
Re Zimbra, I think it lost a lot of credibility when exchanging so many hands. My gut prefers Zextras atm.
@Nux I agree, all those ownership changes didn't look good at all. More, they seem more oriented towards providing software and services to "the big cloud players" so they're not focused on self-hosting anymore. And it's a shame.
About Zextras - I've very good reasons to avoid dealing with them. This could be one of the future horror stories on my blog...
@stefano what about fail2ban for your mailserver setup to prevent constant mailserver requests with different passwords?
@drheho This article just covers the basics - of course, the server should be hardened, both at firewall level (limiting the requests, connections, etc.) and using solutions like fail2ban. But I didn't want to go too deep.
@stefano would it be possible to maybe see an advanced server tutorial/dokumentation sometime which addresses this
An alternative for those that want the heavy lifting done automatically can checkout iRedMail
I don’t understand the value of consumer VPNs. Can someone explain it to me?
We do pretty much everything over SSL these days. Definitely everything that matters. That provides confidentiality, so network intermediaries can’t see the data, and server authentication, so they can’t impersonate the server.
Yes, DNS is the exception, it’s not encrypted, but more and more browsers and other user agents are building in DoH and DoT, and even enabling it by default.
So, given all that, what do general purpose VPNs add? What am I missing? Are they just security theater marketing? Or do they bundle other security features like anti-malware etc, and the term “VPN” now means a bundle of miscellaneous endpoint security features, like (shudder) anti-virus used to?
Want to watch a streaming tv series but it's not available in your region, a VPN can help..
In countries like China where most things are blocked, how do you access say, Youtube ? A VPN..
And the lists goes on..
A VPN used to be a thing that links two or more networks together..oh how much it has grown..
I use it all the time when I am on a public network..simply because I trust my own network more..
For the FN Keys, it seems only the volume keys work 😞
For Wifi, 2.4G works, associates quickly.. but for 5G with the same passphrase, it tries to associate and fails 😞
But no worries, just trying this out to see what works and what doesn't..
@madamada when xlibre?
@madamada here is the NYC*BUG dmesgd page for your laptop. Perhaps you may find helpful information among the entries:
https://dmesgd.nycbug.org/dmesgd?do=index&fts=Thinkpad+T480
git
tayga
make/gcc compiler
a NAT64 service running on your local network (Tayga/Jool)
mkdir staging
cd staging
git clone https://github.com/apalrd/tayga.git
cd tayga
make
make install
cat /etc/tayga.conf
tun-device clat
ipv4-addr 192.0.0.2
ipv6-addr 2001:db8:feed::65
map 192.0.0.1 2001:db8:feed::64
prefix 64:ff9b::/96 # NAT64 prefix
Replace 2001:db8:feed with your /64 GUA prefix.
You can use Cloudflare's 2606:4700:4700::64 as the DNS4 resolver.
#!/usr/bin/env bashExample output should look like this:echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 2 > /proc/sys/net/ipv6/conf/eth0/accept_ra
echo 1 > /proc/sys/net/ipv6/conf/eth0/proxy_ndpip neigh add proxy 2001:db8:feed::64 dev eth0
ip neigh add proxy 2001:db8:feed::65 dev eth0tayga -c /etc/tayga.conf --mktun
ip link set dev clat up
ip addr add 192.0.0.1/29 dev clat
ip route add default dev clat mtu 1260
ip route add 2001:db8:feed::64/127 dev clattayga -c /etc/tayga.conf
root@skully:~# ip a s dev clatEnjoy 🙂
5: clat: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
link/none
inet 192.0.0.1/29 scope global clat
valid_lft forever preferred_lft forever
inet6 fe80::cbdf:afeb:7379:bd0a/64 scope link stable-privacy
valid_lft forever preferred_lft forever
root@skully:~# ping -c 3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=13.0 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=52 time=16.6 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=52 time=13.7 ms--- 1.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 13.008/14.429/16.557/1.532 ms
Plasma 6 on #FreeBSD simply reboots the machine after an hour or so. Nothing heavy running on the machine. Sadly no logs, core files etc. just reboots. Don't have the energy to look into this now. Sadly, the desktops are all Linux first and bring in a lot of Linuxisms. I used to use i3 earlier but these days I don't want to tweak config files. GNUstep? Lumina?
My choices are XFCE or LXDE. Both are lightweight and serves my needs. For me, I look at the programs that are must have's regardless of either DE or WM, which are quite minimal..
A terminal, browser, media player, torrent client, pdf reader, file manager, editor, and a screenshot program.
Most of my time is spent in the terminal..
The perfect DE/WM for me are the one's where you rarely have to mess around with that much. It should just work and not get in the way of you spending that time on productive/leisure things that matter most.
@madamada agreed. I wouldn't call xfce lightweight though. last I checked, a fresh empty plasma desktop weighs only slightly more.
Unlike VMs my #FreeBSD #jails don’t need a ssh server. I just connect to the host and pass tmuxjail.sh <jailname> to log into each one.
https://gist.lema.org/santiago/6384991f0ad447cca4327af6935e469c
@madamada Yeah it’s not necessary most of the time unless you have to give access to someone who doesn’t also own the host machine.
It’s one case where the default influenced my behavior. My default LXCs in proxmox come with sshd by default and jails did not so I adapted.
In my case all VMs are in a VLAN at home and only the remote frontend can hit them with http(s) via a tunnel so having a ssh service or not doesn’t matter much as it’s not reachable from the outside.
I’m going to be running an experiment… I’ll turn off the archaic IPv4 stack on my home network.
No NAT64.
How long will I last?
- - -
Je vais faire une petite expérience… je vais désactiver l’archaïque pile IPv4 sur mon réseau domestique.
Pas de NAT64!
Combien de temps je vais l’endurer?
| <1 day/jour: | 0 |
| 1 day/jour – 1 week/semaine: | 0 |
| 1-2 weeks/semaines: | 0 |
| >2 weeks/semaines: | 0 |
So, the answer: 1 day and 8 minutes.
Things got progressively worse as the day went on. This morning, I still had bidirectional messaging (SMS/MMS). Now, I can only receive messages, not send any (mobile service is unreliable at my place).
Also, I don’t have email anymore.
- - -
Donc, la réponse: 1 jour et 8 minutes.
Ça s’est détérioré au cours de la journée. Ce matin, j’avais encore les textos bidirectionnels. Maintenant, je ne pense que les recevoir, pas en envoyer.
I will note that some news services like CBC are unavailable unless you know French.
It felt zen not to read news 😁
- - -
Je noterai que certains services de nouvelles comme Radio-Canada étaient indisponibles à moins de connaître le français.
C’était très zen de ne pas lire l’actualité 😁
@EdwinG can your try again with https://gitlab.com/miyurusankalpa/IPv6-dns-server or https://codeberg.org/IPv6-Monostack/delegacy-rpz
For lot of websites IPv6 can be forced.
So this binds to [::]:53 ? I would like to use this along side Unbound if possible..
I don’t usually promote personal projects here, but I’ll give it a try.
Meet Tocaia, a minimalist, cross-platform TUI Gopher client written in C89 for POSIX systems.
It even supports Haiku.
Pull requests and bug reports are welcome! =)
https://github.com/manipuladordedados/tocaia
#gopher #TUI #haikuos #FreeBSD #NetBSD #OpenBSD #smolweb #retrocomputing #programming
@xinqu it would be helpful if it was explain why not and what were the problems encountered.
@EF Of course, and I really wish I had more time for that. But at the moment, I need a laptop that "just works" so I didn't spend much time troubleshooting.
What I remember: WiFi works, but only occasionally - one time the WiFi-Interface is "UP" but has "no link" (according to dhclient). After the next reboot, everything is fine.
X works (I tried to no-Wayland variant)! But when I close the lid and open it again, the Laptop is 'bricked' Blank screen, does not react to anything (CTRL-ALT-Fx e.g.). This was the main reason I gave up.
I choose xfce: No battery indicator, no backlight control (although the cli command `backlight` worked!). Maybe there were just a few xfce-packages missing - but I had no experience with xfce so I didn't know where to look for solutions.
I'll buy the same laptop again soon, because I can get them very inexpensive at the moment and it works perfectly with Fedora. Then I have a backup and I can try again with #FreeBSD
The FreeBSD Foundation has allocated efforts to improve this now, so time will tell..
I'll probably wait for the next 2-3 years and come back to check on things again.. Until then, I'll stick to what I use now or I'll probably just install some flavor of Linux and be done..
So as a "normal" #FreeBSD user, you can't run pw user mod -s /usr/local/bin/bash yourself but you can chsh -s /usr/local/bin/bash yourself. I don't see the coherance here.
Yes, chpass is '+s' when pw is not. But I still have difficulty understanding -1- the reason for pw to exist when other commands already do and -2- why not applying the same kind of permission to both command(s set).
See man pw(8), chsh(1) for more details.
OVH VPS is limited with only one IPv6 so I can't run FreeBSD jails with each an IPv6. Too sad.
Contabo VPS have an IPv6 /64 but I can't get it to work with FreeBSD (Linux works). Too sad.
I have to find a VPS provider with similar cost than OVH or Contabo which works with FreeBSD.
@madamada Currently without any jail, IPv6/64 on Contabo VPS does not work with default router address in /etc/rc.conf: ipv6_defaultrouter="fe80::1%vtnet0"
(See https://forums.freebsd.org/threads/cant-get-ipv6-working-reliably-on-contabo-vps-freebsd-13-1.87611/post-712140 for further information)
v2.10.0 Desktop = Windows 10
Guide: FreeBSD, KDE Plasma, and Wayland
But what if your friends and relatives are more interested in FreeBSD than Linux? Well, here we have a detailed guide to setting up a FreeBSD desktop using KDE Plasma and Wayland. Yes, Wayland is available in the BSD world as well, and in a few years I wouldn't be surprised to see most FreeBSD desktop guides - including the documentation from FreeBSD itself -
https://www.osnews.com/story/143103/guide-freebsd-kde-plasma-and-wayland/
#NoNAT Saturday
Interesting findings:
https://geschaeftskunden.telekom.de/ is #IPv4only
Same with https://www.telekom.de/start
To extend this to other German ISPs
Reachable on #IPv6
#1und1 OK
#DeutscheGlasfaser OK
#Telekom NOK
#o2 NOK
#Vodafone NOK
#Easybell NOK
#WOBCOM NOK
#DeutscheGiganetz NOK
@goetz quick check from my side.
www.vodafone.de has v6
www.o2online.de has v6
www.wobcom.de have a fe80 address 😂
@miyuru Thank you www.vodafone.de works. only checked vodafone.de
www.o2online.de gives you only a "Willkommen bei o2" text as some CDN and Script endpoints are not reachable.
With v055q, it force closes more often and Wireguard(dual-stack) keeps connecting/disconnecting causing the state to be Protected/No internet..so I've turned that off for now..
At the moment I'm running rdns with my own DoT DNS + On-Device blocklists which works and is somewhat stable..
I've been testing pkgbase on a VM and just updated to 14.3p2 no problem. Is it safe to upgrade to pkgbase a VM in production? Should I wait till FreeBSD 15? Probably.
@matuzalem you should check @vermaden 's timeline
@ottobackwards @vermaden I followed his toutorial ;)
@matuzalem @vermaden he has been raising issues with pkgbase on the lists
For a start I would just say that I like PKGBASE and I see it as a step forward comparing to existing freebsd-update(8) solution ... but there are serious concerns that need to be addressed.
Its 'the' future - but I would not use it in production yet.
First - it removes the Base System feature:
- https://lists.freebsd.org/archives/freebsd-pkgbase/2025-July/000590.html
- https://lists.freebsd.org/archives/freebsd-pkgbase/2025-July/000596.html
- https://lists.freebsd.org/archives/freebsd-pkgbase/2025-August/000626.html
- https://lists.freebsd.org/archives/freebsd-pkgbase/2025-August/000674.html
Second - even updating sometimes renders system unusable:
- https://lists.freebsd.org/archives/freebsd-pkgbase/2025-August/000691.html
Generally - everytime you want to bess with pkg(8) - create new ZFS Boot Environment with beadm(8) or bectl(8) command.
I do not know if these problems will be solved before 15.0 ... but they will be solved some time.
From the good news - the 'old' way with freebsd-update(8) should still be supported during entire 15.x line - so no rush to migrate to PKGBASE at least.
@matuzalem If you use "pkgbase", be sure to confirm the list of packages to be deleted lest your are left in a less than ideal state. (Oh, making ZFS snapshots and/or boot environment before changing installed packages would provide assurance.)
Work on classification of "vital" (so far I understand that as "damn hard to remove") packages is on going, on "pkgbase" in general. Follow along via freebsd-{stable,current}@ — https://lists.freebsd.org/archives/freebsd-stable/ , https://lists.freebsd.org/archives/freebsd-current/ — mailing lists.
I think its a routed /64, I am not sure.
@madamada yes, I had to register yesterday to ask if they support IPv6 on object storage.
Also I read on lowendtalk that we need to create separate accounts to get servers in different regions.
Hey #FreeBSD admins with #OpenBSD as second language, what would be the equivalent to ˋacme-client` on FreeBSD?
Like in single command you run every night that checks if your Let’s encrypt certificates are up to date and, if not, just request another one. Nothing more, no integration with other software configuration.
I have looked in the handbook but there doesn’t seem to be a stock option. Also, I used pkg search but can’t make up my mind from the tenth of results :-/
@madamada There is no public room/chat group directory where you could discover groups. It's all for private chatting with family, friends and pre-existing/forming circles. You can leave a group by clicking the "3-dot" menu and then tap "leave group".
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/113/673/890/154/879/794/original/b86b9e9e718d3233.jpg)
![[?]](https://snac.void.my/madamada/s/avatar-db29b53530cce56ebd89a06f3456f9e4.png){kind=avatar}
![[?]](https://social.heise.de/system/accounts/avatars/112/881/119/160/228/266/original/baf7ad72ec92f728.jpg)
sysop ![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/740/169/477/916/693/original/dfa8f1b9beefa405.png)
![[?]](https://cdn.fosstodon.org/accounts/avatars/109/295/874/696/581/372/original/acad72cda733fbce.png)
![[?]](https://files.mastodon.social/accounts/avatars/109/309/109/893/059/057/original/1208ebc371b53f10.png)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/114/439/967/181/871/365/original/9c94f4a4076e444d.jpg)
![[?]](https://snarfed.org/ryan_profile_medium.jpg)
![[?]](https://mitra.social/media/6a785bf7dd05f61c3590e8935aa49156a499ac30fd1e402f79e7e164adb36e2c.png)
![[?]](https://media.fedi.my.id/pglx/accounts/avatars/109/295/775/342/065/475/original/fcb607924cf5851f.jpg)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/756/096/859/935/506/original/90f3df31d8a07d56.png)
![[?]](https://files.mastodon.online/accounts/avatars/000/031/889/original/b8c911c64aee8826.png)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/112/919/932/844/981/125/original/a0f0c89808997d9c.jpg)
![[?]](https://social.mkj.earth/system/accounts/avatars/111/473/009/011/879/066/original/d16bfb0f7e7efe1b.png)
![[?]](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAEAAAABAAQAAAACCEkxzAAAAUUlEQVQoz43R0QkAMQwCUDdw/y3dwEvsvzlL4X1IoQkAisKmwfAFT3RgJHbQezpSRoXEqeqCL9BJBf7h3QbOCCxV5EVWMEMwG7K1/WODtlvxAYTtEsDU9F34AAAAAElFTkSuQmCC)
![[?]](https://gone.lema.org/fileserver/01AGG3YT2F4M3S9YGAKRQAP768/attachment/original/01K2QJ616KA8K531FV56FRH7A3.png)
👾![[?]](https://mstdn-media.moimeme.ca/accounts/avatars/112/839/198/878/411/686/original/5d2418cebf5a7279.png)
![[?]](https://ipv6.social/system/accounts/avatars/109/267/917/602/685/335/original/1cc9d1e32a1c6faa.jpg)
![[?]](https://mastodon.sdf.org/system/accounts/avatars/108/110/544/204/050/244/original/ede5b9e75b684337.jpg)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/114/659/248/674/846/907/original/9f72973d3202d97c.png)
![[?]](https://gts.tumfatig.net/fileserver/01FJ093H6Y5VGN20G998J7KN1M/attachment/original/01JZTJV1P9RVJ502PCXKN68R1F.jpeg)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/114/619/469/034/785/231/original/12584f88ce171a79.png)
![[?]](https://media.mstdn.social/accounts/avatars/109/287/431/436/273/223/original/bd10ff8488024893.png)
![[?]](https://ipv6.social/system/accounts/avatars/113/736/943/907/071/758/original/ddf07928182b3bda.jpeg)
![[?]](https://ipv6.social/system/accounts/avatars/109/264/914/124/733/601/original/d445ad99089fb700.jpg)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/111/861/252/987/458/799/original/e72e943243b2a512.png)
![[?]](https://media.hachyderm.io/accounts/avatars/114/405/095/765/532/631/original/c9f1f67559d911d4.jpg)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/753/691/400/011/788/original/7decba5a2514dda4.png)
![[?]](https://nfts.freeradical.zone/accounts/avatars/113/534/365/251/365/702/original/ac9c08cf21dc5ed3.jpeg)
![[?]](https://cdn.soc.feditime.com/uploadsocfeditime/865e07be-5fe6-456f-baf5-c18426a5f672/Jason-2.jpg)
Ok, I managed to have ![[?]](https://assets.chaos.social/accounts/avatars/000/091/659/original/f259dcdc9fe552fb.png)