gyptazy
@gyptazy@gyptazy.ch
FreeBSD Tips and Tricks: Native Read-Only Root File System
https://it-notes.dragas.net/2024/05/31/freebsd-tips-and-tricks-native-ro-rootfs/
Goodness, how do I adore the look&feel of @gyptazy 's blog at https://gyptazy.ch/howtos/howto-monitor-ssl-certificates-expiration-in-grafana/
I just bought #FreeBSD from Indonesia VPS Provider with the following specs:
If you have similar VPS, how can you tune performance and harden the server?
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
security.bsd.see_jail_proc=0
security.bsd.unprivileged_read_msgbuf=0
security.bsd.unprivileged_proc_debug=0
kern.randompid=1
Beside this, running services in jails and keeping software up to update. All of this is already a pretty good way. You may also want to check pf (firewall) since your system is probably directly reachable from the internet. So, scrubbing the traffic and firewalling may also be an improvement.
@gyptazy Thank you sir 🫡
https://gyptazy.ch/howtos/howto-monitor-ssl-certificates-expiration-in-grafana/
@gyptazy The second config file is also called blackbox.yaml? 🤔 Typo?
This is precisely why my own cadence has drastically slowed when working on #HardenedBSD. Things take time. Can be really hard to juggle.
Only a few hours per week to start with but approaching a fulltime (unpaid!) job at the end.
It’s excactly this
@gyptazy For me, funding is part of the problem. My dog's walking schedule doesn't really care about funding. I still have a conflict of needing to be in multiple places at once, regardless of funding.
@gyptazy are the certificate checks done via blackbox exporter? Do you have by chance the json of this dashboard somewhere? :)
https://grafana.com/grafana/dashboards/13230-certificate-monitor/
Friends of #BSDCafe and the #Fediverse,
The second presentation from #BSDPub, hosted by @gyptazy, is now available on our BSD Cafe YouTube channel.
Join me as I delve into the infrastructure of BSD Cafe and share techniques on managing its backups. This talk was part of the BSD Pub Meeting held on 23/05/2024.
Watch the presentation here: https://youtu.be/GcaylXGt2j8
🔗 Learn more about setting up and backing up the BSD Cafe: https://wiki.bsd.cafe/bsdcafe-technical-details
🔗 Discover more about the BSD Pub Weekly Meetings: https://bsdpub.bsd.cafe
🔗 More about the BSD Cafe: https://bsd.cafe
Stay tuned for more insightful talks and presentations!
#OpenSource #TechCommunity #FreeBSD #BSDCafeTV #BSDPub #ServerManagement
Anyone got shell accounts to an OpenBSD server I can get an invite to? (Not privileged or anything/teensy quota is fine)
Just wanted to have a shell account I can learn on. I do have an OpenBSD machine at home, but my PineBook is realistically Linux-only. OpenBSD *will* run, but the framebuffer doesn't work (yet?), so I think it's just "hope xenodm works, otherwise debug with a serial cable" ;)
P.S. I think I was looking in the wrong place. There is a list here: https://tildeverse.org/members/
Awesome, thank you! I've requested an account on https://tilde.institute/, but I will keep you in mind. <3
@RL_Dane oh no. You mean I can just get shell access and other things on these communities for free? This sounds like too much fun. Down the rabbit hole I go…
LOL!!! Yaaay! Here's me, contributing to the delinquent delight of a major awesome dude! lol
https://tildeverse.org/
-> https://tildeverse.org/members/
-> https://tilde.institute/ (this one looks good!)
@RL_Dane while also killing any productivity I might have had for the next few days!😂
Oh, just fyi, there's gemini://tilde.pink for #NetBSD shell accounts. :D
#coffeebreak
How many Italians use #BSD ?
@alfonsosiciliano although my handle is “arosano” I wouldn’t know. Aros is in Denmark. But I use #netbsd and #openbsd :)
@alfonsosiciliano bonan apetiton!
Friends of #BSDCafe and the #Fediverse, some of the presentations at #BSDPub, hosted by @gyptazy are noteworthy and many of you who couldn't attend might be interested in watching them.
We have therefore decided to create a channel for BSD Cafe (currently on YouTube, but I have other ideas more aligned with the OpenSource spirit of the Fediverse) where the most requested and interesting talks will be published.
The first video is the presentation of Freedive, a mobile-first web interface to run FreeBSD as a personal/public server. Developed and presented by Harshad - @harshad - it allows you to manage FreeBSD server or jail services directly from a mobile device—a dream come true for all of us who often find ourselves typing commands on the tiny keyboards of today's smartphones.
I highly recommend everyone to watch Harshad's presentation here: https://youtu.be/YhKQsPVM8sQ
In the coming days, I will also publish my presentation on the basic infrastructure of BSD Cafe and the management of its backups.
Stay tuned!
#OpenSource #TechCommunity #FreeBSD #Freedive #ServerManagement #BSDCafeTV #BSDPub
It’s been an epic yak shave of a day. A crash on macOS 11/x86-64 was reported. OK, I usually use my old MBP 2015 for testing/debugging with that platform.
Got the MBP out for the first time after returning from travel. Uh oh, bottom case felt kind of bulge-y. Unscrewing the cover confirmed my fears: the batteries had expanded.
OK, that MBP is considered obsolete by Apple and service providers, check iFixit: yup, they have a guide and sell you the replacement too.
First priority is discharging and then safely removing the batteries and disposing of them. Discharging is easy, the Mac still boots.
Batteries are of course glued in (ugh). iFixit recommends acetone (eep) or warming up the batteries to soften the adhesive. They want to sell you their warming pad, but I don’t want to wait, plus I’ve got gel ice packs at home, surely those will work?
It did work, sort of. Getting the batteries out this way took me absolute ages, about an hour? Maybe acetone would have been faster. Eventually though - success. The grotty old baking tray was my makeshift fireproof receptacle in case things went wrong. 😅
The MBP still boots without its battery, but it’s very slow even by the standard of 9-year-old Intel laptop CPUs. I guess the power delivery mechanism from mains isn’t designed for wildly fluctuating power draw, so the battery makes up the slack in normal operation. Without the battery, the CPU/GPU is throttled to minimise fluctuation.
Anyway, it’s good enough for me to test and debug that crash, and I’ve now ordered a replacement battery from iFixit as well. Installing that SHOULD be a lot faster than extracting the old ones from their glued-in position.
I’ll take the damaged parts down to the recycling centre later this week, until then they’re on that baking tray, in a fully tiled room in our basement with no fire hazards or flammable materials nearby.
(We actually also have a security camera watching that room as it’s the one where the flood water entered the building when we got flooded last summer. We have installed extra defenses, but it’s hard to know if they’re actually working, hence the early warning system. In any case, I’ll get an instant alarm on my phone if anything moves down there - and that should include spontaneous lithium battery combustion.)
@pmdj Good luck with the replacement one. Bought one (also for a 2015 MBP, 13“ in my case) from iFixIt a few years ago, but it quickly lost capacity, and started bulging a little bit. Not the same as original parts (which unfortunately aren’t available anymore). Let me know if your replacement works well after a few months of use, maybe I just got a dud and should try another one.
@thp Good to know, thanks! My usage pattern (occasional use, rarely on battery) is probably not ideal either, but I guess for the €80 inc vat it still beats buying a used Mac Mini for the same purpose. (Testing/debugging on old HW/OS.)
@gyptazy I can live with it for a few days, there are too many other annoyances as well to not have a battery in it long term.
@pmdj Kind of weird that all cells expand simultaneously. Not sure if I should consider that good (consistency in manufacturing) or bad (they all suck by design and nobody fixed the design).
@arroz This is already the second set of batteries in that laptop. The first set failed in exactly the same way, also after 4 years or so. I got it fixed by an Apple authorised service provider with original parts, so to be honest it seems like that model just fails in that particular way.
Heh race day tomorrow and I'm nervous as always. 1.5km swim, 40km bike and a 10k run really isn't all that easy 😅✌🏻
Well everything I could do is done, nothing is left to do, so we'll either see each other tomorrow evening or in heaven 🤓🙏🏻
#SwimBikeRun #Triathlon #DeathBeforeDNF
@DesRoin good luck 😁
Fiddling with #FreeBSD jails(examples) part-I.
@Padukajorat this is beautiful. Thank you for sharing!
Key message of the day. A client, a few months back, whom I convinced to try FreeBSD on one of their servers.
They have a new project to launch and just messaged me: "The Dev has been working with Docker. Help him migrate out of Docker and set everything up on FreeBSD jails for production."
Moments of fulfillment.
@stefano Any reason why he can't just use Podman to work with OCI container on FreeBSD?
@stefano niiiiiceeeeeee 😎😊
@stefano the knowledge that there is more than one tool for every job (and often a better tool) is definitely a good thing. Kudos to your client (and to you for spreading the word!)
It’s excactly this:
In the meantime it's back to HE I'm afraid. I have also had some success with a cheap VPS with a /64 and routing it over Wireguard. But that was because my local HE server were completely overloaded.I’m still using HE for some corner cases but beside this, I use cheap small VPS to get static v4 and v6 to my home. This also comes with additional benefits:
So Harshad just wrote me that he wants to remove the tailwind does, so I’m not sure if it’s worth to put any efforts into building it for ARM64 anymore - especially when even you are already saying that it is a totally mess to deal with it. :)
I love #FreeBSD, have used it since early 2000s and see myself relying on its Power to Serve for the next two decades.
However, I've been itching to have a mobile/web GUI to manage my several FreeBSD servers as running servers is no longer my day job.
I also want to showcase and share all the good things, with anyone curious about this OS, that make me choose it over alternatives. Especially beginners who have no prior exposure to the Unix environment and cli.
A recording of this part will also be provided soon!
https://gyptazy.ch/howtos/howto-build-freedive-a-freebsd-gui-management-tool/
#FreeBSD #OpenBSD #NetBSD #BSDCafe #Community #Mastodon #BSD #RUNBSD
Big companies can't go down.
Big company services will never stop.
Big companies have THE CLOUD!
#Cloud #Bing #BingIsDown #Microsoft #Down #BigTech #IT #SysAdmin #CloudComputing
I use WireGuard to tunnel everything right now
As planned last week, in tomorrow's weekly #BSDPub meetup, we'll delve into backup strategies and showcase some behind-the-scenes of the BSD Cafe setup and its backups. More details on the event's website: https://bsdpub.bsd.cafe
Oke, oke - I know, you just thought “oh noez, not he again” 🤣
I listen to everyone, respect everyone,That’s excactly the right approach!
but I make my own decisions
and take the responsibility.
Thanks @stefano@bsd.cafe!
#FreeBSD #OpenBSD #NetBSD #BSDPub #Community #FOSS #OpenSource @stefano@bsd.cafe
$> ./updateYay :)
$> Successfully updated. You might want to cleanup files. Old files are located in backup subfolder in /var/lib/important_app
$> *AI: Going to clean up: Delete /var/lib/important_app
$> rm -rf /var/lib/important_app
If you’re coming around, feel free to reach out to me! I’ll also share some stickers of #gyptazy and #BoxyBSD :)
#opensource #event #BSDCafe #community #foss #conference #freebsd #linux
* Plutono: Fix roleAttributionPath
* Plutono: Fix null pointer references
* Plutono: Security - Update crewjam/saml to 0.4.14
[...]
https://gyptazy.ch/notes/plutono-7-5-30-and-vali-valitail-2-2-15-release-a-grafana-fork/
Switching domains or whole software products is still a mess on the Fediverse - unfortunately
So (but it's still guessed), it is fixed to the 5V for the fan.
But maybe @DesRoin@geekdom.social can tell us more here.
Tonight's BSDPub meeting was really interesting, and next week we already have the first major topic: backups and their strategies.
It will be really fascinating.
Thanks to everyone who participated!
Thanks for joining and sharing all your insights! But there's one more thing - should the call keep time boxed of 60 minutes or open end? I think today we would have needed more time but I can clearly understand when the call takes too long in the evening and people start to drop. People can of course stay in the room even after the official meeting.
Time boxed: | 8 |
Open end: | 3 |
Closed
Would be a free public shell account service based on #FreeBSD/#OpenBSD systems interesting for you? If yes, what would you run on it?
Please provide feedback, so @gyptazy can check if it makes sense to provide such a service (this is already available in a limited beta).
What to expect:
A free user login to a FreeBSD or #OpenBSD based system where multiple users can access it at the same time. You can do everything in your own home directory, run processes, open sockets, compile stuff etc. System is managed in general for you.
What you cannot do:
Make changes to the system in general, use low ports, install or modify things system wide.
#BSDCafe #FreeBSD #OpenBSD #NetBSD #helloSystem #BastilleBSD #cbsd #ezjail #jails #zfs
QuickStart:
pkg install cbsd
service cbsdd start
env workdir="/usr/jails" /usr/local/cbsd/sudoexec/initenv
cbsd jconstruct-tui
cbsd jstart 1
Use the tui to get familiar and afterwards you may use it without (if needed).
Have a nice weekend #FreeBSD fans (and of course also everyone else).
Let's start weekend with #FreeBSD wallpapers
25 years ago today, Google was founded.
On the same day, I wiped Windows 98 off my computer, believing that Debian Linux (which I had been using for a while but still kept Windows on another partition) could do everything I had been doing with Windows until then.
Since that day, many installations of Linux, *BSD, MacOS have graced my computers, but Windows has remained, on a few occasions, only an occasional (unwelcome) guest.
In the spirit of a typical support group phrase, I can joyfully say:
'Hello, I'm Stefano, and I haven't been using Windows as my primary operating system for 25 years.'
Please boost and share your experience!
#Linux #OpenSource #OperatingSystems #TechJourney #GoogleAnniversary #Debian #MacOS #BSD #WindowsJourney #Mastodon #TechLife #GeekLife #Google #Windows
Unless this is clarified and discussed with you all, we will not publish any recordings. If the outcome should still be that it should be published, I can still upload them afterwards.
But the question is more if we want to do this on a weekly base at the beginning, or a checkbox where a user must confirm to enter in general. I think, we need to improve this in general.
In the meantime it worked out, that it might be more valuable to record these calls because they shifted more into background stories, technical guides and solutions instead of a typical pub chat with ranting and regretting afterwards.
Yesterday, there was a discussion about bhyve and #ZFS where VMs might get killed by the kernel when initially starting all the VMs after a “hypervisor” reboot due to memory pressure and @meka@bsd.network and @stefano@bsd.cafe talked about approaches by running #bhyve in #jails and make use of the dependency handling.
I think this is a valuable information to share, like all the other ones.
But I can also fully understand your point of view, because I was on the same page. It was also a choice to take pressure away and make people more comfortable to involve themselves into discussions but no one was against a recording. So, currently it looks like I was wrong and a recording might be worth.
The other thing is how to provide the recording, I can see benefits by placing them on YouTube (to share valuable information to a as many as possible) and to get more awareness for BSD in general. But I can also see the benefits of just keeping it in a non public PeerTube instance. So, this is still open…
I’m happy to get more input regarding recordings in general and also where to publish.
We do not want to make any pressure to anyone. As soon as you feel comfortable enough, go ahead :)
No one will judge you, everyone starts at some point :) Happy to see you next week again!
If you like join our weekly #BSDPub meeting you can find more information at https://bsdpub.bsd.cafe
#BSDCafe #BSDPub #FreeBSD #OpenBSD #NetBSD #Community #Fediverse
Currently looking into something like 3x geekhome with ryzon and 64gb ram. But they’re limited at 64G for each device. I’m looking for something that can hold up to 128gb memory
Therefore, I just created a PR (https://brew.bsd.cafe/BSDCafe/checkmyip/pulls/1) which will return just the raw IP by requesting the context path /raw. So you can directly use it in shell scripts like:
ipv4=$(curl -4 myip.bsd.cafe/raw)
ipv6=$(curl -6 myip.bsd.cafe/raw)
When: 7PM (GMT +2)
Where: https://meet.gyptazy.ch/BSDPub
iCal: https://cdn.gyptazy.ch/files/misc/bsdcafe/bsdpub/bsdpub_weekly.ics
More infos: https://bsdpub.bsd.cafe/
Feel free to jump in :)
#BSDCafe #FreeBSD #OpenBSD #NetBSD #helloSystem #DragonflyBSD
Can't attend #BSDCan in person?
Watching the live streams is the next best thing!
Our A/V team has identified several key components that BSDCons have spent WAY too much money renting over the years.
We invite you to help the team buy these for use at BSDCan, @EuroBSDCon, and #AsiaBSDCon!