--- Log opened Wed May 03 00:00:14 2023
00:15 -!- seninha [~seninha@user/seninha] has quit [Remote host closed the connection]
00:35 -!- adip [~adip@c134-177.icpnet.pl] has quit [Ping timeout: 260 seconds]
00:45 -!- blackmetal [~BlackMeta@9.20.213.193.static.cust.telenor.com] has joined #openbsd
00:46 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
00:49 -!- zimmer [~zimmer@51.219.226.24] has joined #openbsd
00:49 -!- zimmer [~zimmer@51.219.226.24] has quit [Changing host]
00:49 -!- zimmer [~zimmer@user/zimmer] has joined #openbsd
00:50 -!- dastain [~dastain@2a00:d880:6:262::45a3] has quit [Ping timeout: 265 seconds]
00:50 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 240 seconds]
00:51 -!- clicker [~clicker@ip70-161-192-21.hr.hr.cox.net] has quit [Ping timeout: 268 seconds]
00:53 -!- Trigon [~reuben@144.39.114.115] has quit [Ping timeout: 240 seconds]
00:53 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
00:58 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
01:01 -!- Trigon [~reuben@144.39.114.115] has joined #openbsd
01:06 -!- morte [~user@user/monkey/x-0691028] has quit [Remote host closed the connection]
01:06 -!- morte_ [~user@user/monkey/x-0691028] has joined #openbsd
01:08 -!- morte_ is now known as morte
01:09 -!- Trigon [~reuben@144.39.114.115] has quit [Ping timeout: 240 seconds]
01:10 < coreystephanphd> xse: Most WMs and DEs have sticky foreground and background options that are easy to manage.
01:10 < coreystephanphd> Sometimes called 'pins,' sometimes other things.
01:12 -!- dastain [~dastain@81.4.102.12] has joined #openbsd
01:12 < coreystephanphd> It sounds like a Windows-specific problem to not be able to manage a window for a running application to be just where you want it to be, right? Unless you have some specific option for needing a true 'clone.'
01:13 -!- Lucas6023 [~Lucas6023@gateway/tor-sasl/lucas6023] has quit [Remote host closed the connection]
01:13 < thrig> clone might be trickier for random windows in x11?
01:18 -!- Lucas6023 [~Lucas6023@gateway/tor-sasl/lucas6023] has joined #openbsd
01:20 -!- markmcb_ [~markmcb@static-68-235-44-46.cust.tzulo.com] has joined #openbsd
01:20 -!- markmcb [~markmcb@66.115.189.229] has quit [Ping timeout: 268 seconds]
01:20 -!- markmcb_ is now known as markmcb
01:23 -!- bilegeek [~bilegeek@2600:1008:b066:4741:90e7:9e90:b9cb:f461] has joined #openbsd
01:31 < xse> yeah it's not really about managing a window to be where you want but more like being able to crop a bit of that cloned window and resize that cropped bit. And Still being able to interact with it through that cloned bit instead of having to resize the whole origin window which would end up distorted/unreadable/..
01:31 < xse> random useless example: http://www.ericbrasseur.org/
01:31 < xse> oof wrong link sorry https://i.imgur.com/TL8Q8ch.png
01:32 < xse> might not be easily doable with x11 stuff indeed
01:36 -!- Xenguy [~Xenguy@user/xenguy] has joined #openbsd
01:39 -!- SirJitsu [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has joined #openbsd
01:45 -!- Manikariza [~Manikariz@189.172.242.162] has joined #openbsd
01:46 -!- Lucas6023 [~Lucas6023@gateway/tor-sasl/lucas6023] has quit [Remote host closed the connection]
01:46 -!- xtile [~terrain@c-24-56-224-169.customer.broadstripe.net] has quit [Quit: sleep]
01:47 -!- Lucas6023 [~Lucas6023@gateway/tor-sasl/lucas6023] has joined #openbsd
01:48 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has quit [Remote host closed the connection]
01:48 -!- SirJitsu [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has quit [Ping timeout: 240 seconds]
01:49 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has joined #openbsd
01:53 -!- Manikariza [~Manikariz@189.172.242.162] has quit [K-Lined]
01:54 -!- Rynn [~rynn@216.30.158.198] has quit [Quit: ZZZzzz…]
02:00 -!- peas [~peasfulto@user/PeasfulTown] has quit [Ping timeout: 268 seconds]
02:02 -!- peas [~peasfulto@user/PeasfulTown] has joined #openbsd
02:07 -!- vysn [~vysn@user/vysn] has quit [Remote host closed the connection]
02:08 -!- ebonheart [~quassel@180-144-25-115f1.osk3.eonet.ne.jp] has quit [Remote host closed the connection]
02:12 -!- beandog [~sdibb@user/beandog] has quit [Quit: Leaving]
02:18 -!- morte [~user@user/monkey/x-0691028] has quit [Ping timeout: 276 seconds]
02:20 -!- chrisz [p4iz6uinu2@195.52.146.167] has quit [Ping timeout: 246 seconds]
02:22 -!- chrisz [s9w7wukzdj@195.52.146.104] has joined #openbsd
02:34 -!- bilegeek [~bilegeek@2600:1008:b066:4741:90e7:9e90:b9cb:f461] has quit [Quit: Leaving]
02:35 -!- morte [~user@user/monkey/x-0691028] has joined #openbsd
02:35 -!- hussein1 [~weechat@gateway/tor-sasl/hussein1] has quit [Quit: hussein1]
02:39 -!- dsrt^ [~dsrt@c-76-105-96-13.hsd1.ga.comcast.net] has joined #openbsd
02:50 -!- Mete- [~Mete-@2804:da8:f7a3:f16e:585e:2f6c:400d:89d4] has quit [Ping timeout: 264 seconds]
02:55 -!- tomas_be [~tomas_be@2402:9d80:a50:a036:c400:d28d:917b:16f9] has quit [Read error: Connection reset by peer]
03:00 -!- tomas_be [~tomas_be@2402:9d80:a50:a036:c400:d28d:917b:16f9] has joined #openbsd
03:03 -!- moldorcoder7 [~moldorcod@192.145.81.26] has quit [Ping timeout: 276 seconds]
03:04 -!- peas [~peasfulto@user/PeasfulTown] has quit [Quit: leaving]
03:09 -!- drainpipe [~drainpipe@pool-98-116-192-7.nycmny.fios.verizon.net] has joined #openbsd
03:18 -!- tomas_be [~tomas_be@2402:9d80:a50:a036:c400:d28d:917b:16f9] has quit [Read error: Connection reset by peer]
03:21 -!- tomas_be [~tomas_be@2402:9d80:a50:a036:c400:d28d:917b:16f9] has joined #openbsd
03:29 -!- tomas_be [~tomas_be@2402:9d80:a50:a036:c400:d28d:917b:16f9] has quit [Ping timeout: 250 seconds]
03:42 -!- drainpipe [~drainpipe@pool-98-116-192-7.nycmny.fios.verizon.net] has quit [Quit: WeeChat 3.8]
03:42 -!- Trigon [~reuben@144.39.114.115] has joined #openbsd
04:07 -!- jmcgnh [~jmcgnh@wikipedia/jmcgnh] has quit [Read error: Connection reset by peer]
04:08 -!- anshupati [anshupati@tilde.team] has quit [Ping timeout: 248 seconds]
04:08 -!- MaddieKalan [~user@2605:6400:30:f149::] has quit [Ping timeout: 250 seconds]
04:09 -!- anshupati [anshupati@tilde.team] has joined #openbsd
04:09 -!- MaddieKalan [~user@pineneedle.emailaffinity.top] has joined #openbsd
04:13 -!- jmcgnh [~jmcgnh@wikipedia/jmcgnh] has joined #openbsd
04:15 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
04:21 -!- Xenguy_ [~Xenguy@user/xenguy] has joined #openbsd
04:21 -!- Merdam [~Merdam@189.172.57.162] has joined #openbsd
04:23 -!- Xenguy [~Xenguy@user/xenguy] has quit [Ping timeout: 240 seconds]
04:29 -!- Merdam [~Merdam@189.172.57.162] has quit [K-Lined]
04:34 -!- DeSantis [~DeSantis@189.172.121.16] has joined #openbsd
04:43 -!- DeSantis [~DeSantis@189.172.121.16] has quit [K-Lined]
04:46 -!- sneaker [~sneaker@99-112-161-247.lightspeed.austtx.sbcglobal.net] has quit [Ping timeout: 250 seconds]
04:47 -!- TFOZ [~tom@user/TFOZ] has joined #openbsd
04:59 -!- dsrt^ [~dsrt@c-76-105-96-13.hsd1.ga.comcast.net] has quit [Ping timeout: 276 seconds]
05:00 -!- dsrt^ [~dsrt@c-76-105-96-13.hsd1.ga.comcast.net] has joined #openbsd
05:12 -!- Leone [~Leo@104.247.239.156] has quit [Ping timeout: 268 seconds]
05:21 -!- foul_owl [~kerry@45.143.82.151] has quit [Ping timeout: 248 seconds]
05:21 -!- morte [~user@user/monkey/x-0691028] has quit [Quit: ERC 5.4 (IRC client for GNU Emacs 28.2)]
05:22 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 268 seconds]
05:23 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Quit: ZNC 1.8.2 - https://znc.in]
05:23 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd
05:25 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
05:27 < brocashelm> will hw.smt=1 make openbsd run significantly faster? since it's a quad core cpu
05:28 < thrig> probably not. but do benchmarks if you're feeling motivated
05:33 < IcePic> in the bad old days, hyperthreading would sometimes slow down, and in other happy cases give a slight speedup. Now cpus are better and hyperthreading might actually be more beneficial and less bad in the worst case. But as thrig wrote, do benchmarks of the expected workload before and after
05:35 -!- foul_owl [~kerry@71.212.137.212] has joined #openbsd
05:36 < brocashelm> looking for ways to get it to running. what commands are good for benchmarking cpus in openbsd?
05:36 -!- mncheck [~mncheck@193.224.205.254] has joined #openbsd
05:40 -!- horrad [~horrad@217.91.26.253] has joined #openbsd
05:44 < IcePic> sounds a bit backwards
05:45 < dlg> smt isnt disabled for performance reasons though
05:47 < IcePic> brocashelm: change the sysctl, reboot, do what you want to have done, see if you notice a difference. If not, set it back and move on
05:49 -!- tjdaugaard [~tjdaugaar@77.241.136.251.bredband.3.dk] has joined #openbsd
05:54 -!- sliced [~sliced@81.15.241.20] has joined #openbsd
05:55 < brocashelm> yes, i have done that and rebooted. noticed a slight spike in performance, but startup is always the slowest IME
05:56 < brocashelm> although i can see why it was disabled by default (for security mitigations)
05:58 -!- rsjw [~rsjw@pool-138-88-60-108.washdc.fios.verizon.net] has quit [Quit: leaving]
06:07 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
06:09 -!- militantorc [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
06:09 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
06:10 -!- pikapika [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd
06:10 -!- nihraguk [~nihraguk@vulg.us] has quit [Quit: Ping timeout (120 seconds)]
06:11 -!- nihraguk [~nihraguk@vulg.us] has joined #openbsd
06:15 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
06:23 -!- Xenguy_ is now known as Xenguy
06:25 -!- todd [~todd@gateway/tor-sasl/toddf] has quit [Remote host closed the connection]
06:28 -!- todd [~todd@gateway/tor-sasl/toddf] has joined #openbsd
06:33 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has joined #openbsd
06:40 -!- blackmetal [~BlackMeta@9.20.213.193.static.cust.telenor.com] has quit [Quit: Lost terminal]
06:48 -!- schillingklaus [~schilling@ip2504e20a.dynamic.kabel-deutschland.de] has joined #openbsd
06:49 -!- schillingklaus [~schilling@ip2504e20a.dynamic.kabel-deutschland.de] has quit [Client Quit]
06:55 -!- yella [regg@user/yella] has quit [Ping timeout: 260 seconds]
06:56 -!- zimmer [~zimmer@user/zimmer] has quit [Ping timeout: 268 seconds]
06:59 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has quit [Ping timeout: 240 seconds]
07:00 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
07:00 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has joined #openbsd
07:02 -!- feriman [~feriman@188.163.114.49] has joined #openbsd
07:08 -!- LW [~LW@i5E866B3A.versanet.de] has joined #openbsd
07:08 -!- LW [~LW@i5E866B3A.versanet.de] has quit [Client Quit]
07:09 -!- Trigon [~reuben@144.39.114.115] has quit [Ping timeout: 268 seconds]
07:18 -!- __giovanni [~giovanni@host-79-11-196-3.business.telecomitalia.it] has joined #openbsd
07:19 -!- feriman [~feriman@188.163.114.49] has quit [Quit: leaving]
07:20 -!- feriman [~feriman@188.163.114.49] has joined #openbsd
07:22 -!- jmarsman [~jma@gw.office.elitelabs.nl] has quit [Ping timeout: 276 seconds]
07:24 -!- piotr_ [~piotr@user/filystyn] has joined #openbsd
07:24 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
07:24 -!- piotr_ is now known as Filystyn
07:28 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
07:32 -!- ivdsangen [~ivo@86-95-161-96.fixed.kpn.net] has joined #openbsd
07:38 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
07:44 -!- pessoa [~pessoa@ip2504e20a.dynamic.kabel-deutschland.de] has joined #openbsd
07:51 -!- monkeybusiness [~monkeybus@user/monkeybusiness] has quit [Quit: Bye]
07:51 -!- TFOZ [~tom@user/TFOZ] has quit [Read error: Connection reset by peer]
07:51 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has quit [Killed (osmium.libera.chat (Nickname regained by services))]
07:51 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has joined #openbsd
07:54 -!- monkeybusiness [~monkeybus@user/monkeybusiness] has joined #openbsd
08:05 -!- pessoa [~pessoa@ip2504e20a.dynamic.kabel-deutschland.de] has quit [Quit: pessoa]
08:06 -!- schillingklaus [~schilling@ip2504e20a.dynamic.kabel-deutschland.de] has joined #openbsd
08:13 -!- Filystyn [~piotr@user/filystyn] has quit [Quit: Lost terminal]
08:13 -!- rain0r2 [~rainer@static.176.169.109.65.clients.your-server.de] has quit [Ping timeout: 240 seconds]
08:14 -!- rain0r2 [~rainer@static.176.169.109.65.clients.your-server.de] has joined #openbsd
08:21 -!- vysn [~vysn@user/vysn] has joined #openbsd
08:33 -!- mnour_bsd [~mnour_bsd@host-vl4w6h0qwyud154mwy.pdv6.obg1.zeelandnet.nl] has joined #openbsd
08:35 -!- adip [~adip@c134-177.icpnet.pl] has joined #openbsd
08:37 -!- mnour_bsd [~mnour_bsd@host-vl4w6h0qwyud154mwy.pdv6.obg1.zeelandnet.nl] has quit [Ping timeout: 245 seconds]
08:38 -!- Trigon [~reuben@144.39.114.115] has joined #openbsd
08:42 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Remote host closed the connection]
08:43 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd
08:47 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
08:49 -!- luna [~luna@fedora/bittin] has joined #openbsd
08:49 -!- luna [~luna@fedora/bittin] has left #openbsd []
08:52 -!- nyah [~nyah@cpc75709-york6-2-0-cust260.7-1.cable.virginm.net] has joined #openbsd
08:55 -!- zimmer [~zimmer@user/zimmer] has joined #openbsd
08:58 -!- ikarso [uid475540@id-475540.tinside.irccloud.com] has joined #openbsd
08:59 -!- AlaskanEmily [~AlaskanEm@user/alaskanemily] has quit [Remote host closed the connection]
09:06 -!- m1dnight [~christoph@78-22-4-67.access.telenet.be] has quit [Ping timeout: 252 seconds]
09:07 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Remote host closed the connection]
09:07 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd
09:08 -!- m1dnight [~christoph@78-22-4-67.access.telenet.be] has joined #openbsd
09:15 -!- m1dnight [~christoph@78-22-4-67.access.telenet.be] has quit [Ping timeout: 268 seconds]
09:17 -!- m1dnight [~christoph@78-22-4-67.access.telenet.be] has joined #openbsd
09:19 -!- Trigon [~reuben@144.39.114.115] has quit [Ping timeout: 240 seconds]
09:23 -!- tjdaugaard [~tjdaugaar@77.241.136.251.bredband.3.dk] has quit [Ping timeout: 240 seconds]
09:30 -!- NiceBird [~NiceBird@185.133.111.196] has joined #openbsd
09:50 -!- jschpp [~jschpp@user/jschpp] has quit [Quit: connection reset by purr]
09:51 -!- SiFuh [~SiFuh@user/sifuh] has quit [Ping timeout: 246 seconds]
09:51 -!- SiFuh [~SiFuh@user/sifuh] has joined #openbsd
09:56 -!- m1dnight [~christoph@78-22-4-67.access.telenet.be] has quit [Ping timeout: 246 seconds]
09:57 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Remote host closed the connection]
09:58 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd
09:58 -!- schillingklaus [~schilling@ip2504e20a.dynamic.kabel-deutschland.de] has quit [Remote host closed the connection]
09:59 -!- m1dnight [~christoph@78-22-4-67.access.telenet.be] has joined #openbsd
10:02 -!- Mete- [~Mete-@2804:da8:f7a3:f16e:f3a8:8b4f:b8c1:b0f5] has joined #openbsd
10:03 -!- wiu [~wiu@user/wiu] has quit [Read error: Connection reset by peer]
10:03 -!- wiu [~wiu@user/wiu] has joined #openbsd
10:03 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has quit [Ping timeout: 250 seconds]
10:05 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has joined #openbsd
10:10 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has quit [Client Quit]
10:11 -!- jschpp [~jschpp@user/jschpp] has joined #openbsd
10:21 -!- grobi [~grobi@user/grobi] has quit [Ping timeout: 248 seconds]
10:22 -!- seninha [~seninha@user/seninha] has joined #openbsd
10:27 -!- tjdaugaard [~tjdaugaar@77.241.136.251.bredband.3.dk] has joined #openbsd
10:28 -!- n4dir [~user@i59F518DE.versanet.de] has joined #openbsd
10:34 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 276 seconds]
10:34 -!- mnour_bsd [~mnour_bsd@host-6twp9e8cmqu9c54mwy.pdv6.obg1.zeelandnet.nl] has joined #openbsd
10:47 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
10:48 -!- thrig [~thrig@c-73-225-161-25.hsd1.wa.comcast.net] has quit [Ping timeout: 276 seconds]
10:50 -!- thrig [~thrig@c-73-225-161-25.hsd1.wa.comcast.net] has joined #openbsd
10:51 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
10:53 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 276 seconds]
10:55 -!- __giovanni [~giovanni@host-79-11-196-3.business.telecomitalia.it] has quit [Quit: leaving]
10:59 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
10:59 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
10:59 -!- mns` [~mns`@45.189.240.80] has joined #openbsd
11:04 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
11:04 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 268 seconds]
11:06 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
11:09 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
11:11 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
11:13 -!- BadCoderFinger [~john@user/badcoderfinger] has quit [Ping timeout: 246 seconds]
11:14 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
11:15 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
11:16 -!- n4dir [~user@i59F518DE.versanet.de] has quit [Remote host closed the connection]
11:19 -!- lavaball [felix@31.204.155.215] has joined #openbsd
11:23 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 246 seconds]
11:31 -!- BadCoderFinger [~john@user/badcoderfinger] has joined #openbsd
11:35 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
11:36 -!- feriman [~feriman@188.163.114.49] has quit [Ping timeout: 240 seconds]
11:38 < oldlaptop> brocashelm: Most things you want to do probably aren't very parallel, and therefore can't benefit from SMT as a fundamental matter (unless you try to do two of them at once, I suppose). The boot process *definitely* qualifies.
11:40 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 265 seconds]
11:42 -!- xtile [~terrain@c-24-56-224-169.customer.broadstripe.net] has joined #openbsd
11:44 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
11:46 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
11:46 -!- bouncy_ [~ben@user/benoit] has quit [Ping timeout: 268 seconds]
11:47 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
11:49 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
11:50 -!- mnour_bsd [~mnour_bsd@host-6twp9e8cmqu9c54mwy.pdv6.obg1.zeelandnet.nl] has quit [Quit: Client closed]
11:55 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 276 seconds]
11:57 -!- an3223 [~user@user/an3223] has quit [Remote host closed the connection]
11:57 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
12:00 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Remote host closed the connection]
12:00 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd
12:02 -!- yetoo [~yetoo@user/yetoo] has quit [Ping timeout: 248 seconds]
12:02 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 268 seconds]
12:02 -!- engler [~engler@user/emilengler] has joined #openbsd
12:02 -!- yetoo [~yetoo@user/yetoo] has joined #openbsd
12:04 -!- reset [~reset@user/reset] has quit [Quit: reset]
12:04 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
12:05 -!- Nahual [~Nahual@centos/community/Nahual] has joined #openbsd
12:06 -!- mns` [~mns`@45.189.240.80] has quit [Remote host closed the connection]
12:06 -!- mns`` [~mns@45.189.240.80] has joined #openbsd
12:06 -!- mns`` [~mns@45.189.240.80] has quit [Client Quit]
12:06 -!- mns` [~mns@45.189.240.80] has joined #openbsd
12:08 -!- Rynn [~rynn@216.30.158.198] has joined #openbsd
12:09 -!- mnour_bsd [~mnour_bsd@host-6twp9e8cmqu9c54mwy.pdv6.obg1.zeelandnet.nl] has joined #openbsd
12:12 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
12:13 -!- Skiltonian [~DeSantis@149.19.169.195] has joined #openbsd
12:16 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 268 seconds]
12:18 -!- gman999 [~GMan999@user/gman999] has joined #openbsd
12:21 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
12:21 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
12:22 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
12:22 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
12:24 -!- Skiltonian [~DeSantis@149.19.169.195] has quit [K-Lined]
12:27 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
12:30 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
12:31 -!- seventh [~seventh@169.150.197.239] has joined #openbsd
12:33 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
12:35 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
12:42 -!- ripdog [~ripdog@user/ripdog] has quit [Ping timeout: 265 seconds]
12:44 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
12:47 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
12:51 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
12:53 -!- moldorcoder7 [~moldorcod@185.245.254.235] has joined #openbsd
12:53 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
12:56 -!- scain [~scain@2603-8080-b104-4e00-45cf-678b-0a7f-b897.res6.spectrum.com] has joined #openbsd
12:56 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
12:58 -!- morte [~user@user/monkey/x-0691028] has joined #openbsd
13:03 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
13:04 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 248 seconds]
13:06 -!- engler [~engler@user/emilengler] has quit [Quit: leaving]
13:08 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
13:15 -!- vysn [~vysn@user/vysn] has quit [Remote host closed the connection]
13:15 -!- Saint_Tuesday [~saint@tuesday.ee] has joined #openbsd
13:19 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
13:19 -!- tjdaugaard [~tjdaugaar@77.241.136.251.bredband.3.dk] has quit [Ping timeout: 268 seconds]
13:21 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
13:22 -!- mns` [~mns@45.189.240.80] has quit [Ping timeout: 240 seconds]
13:24 -!- mns` [~mns@187.95.218.247] has joined #openbsd
13:26 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 276 seconds]
13:26 -!- Xenguy [~Xenguy@user/xenguy] has quit [Quit: Leaving]
13:29 -!- leo-unglaub [~leo-ungla@2001:871:258:32ee:d374:eb2c:adc1:1a13] has joined #openbsd
13:39 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
13:39 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
13:40 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
13:40 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
13:42 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
13:43 -!- mnour_bsd [~mnour_bsd@host-6twp9e8cmqu9c54mwy.pdv6.obg1.zeelandnet.nl] has quit [Quit: Client closed]
13:44 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
13:46 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 240 seconds]
13:47 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has joined #openbsd
13:48 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has quit [Ping timeout: 246 seconds]
13:50 -!- tercaL [~tercaL@user/tercal] has joined #openbsd
13:52 -!- Leone [~Leo@104.247.239.156] has joined #openbsd
13:56 -!- lowcrash [~admin@84-255-205-230.static.t-2.net] has quit [Quit: The Lounge - https://thelounge.chat]
13:57 -!- lowcrash [~admin@84-255-205-230.static.t-2.net] has joined #openbsd
13:59 -!- feriman [~feriman@188.163.114.49] has joined #openbsd
13:59 -!- rsjw [~rsjw@pool-138-88-60-108.washdc.fios.verizon.net] has joined #openbsd
13:59 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
14:00 -!- gh34 [~textual@cpe-184-58-181-106.wi.res.rr.com] has joined #openbsd
14:00 -!- tjdaugaard [~tjdaugaar@77.241.136.251.bredband.3.dk] has joined #openbsd
14:01 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has joined #openbsd
14:01 -!- mns` [~mns@187.95.218.247] has quit [Quit: bbl]
14:04 -!- hitest [~hitest@user/hitest] has joined #openbsd
14:04 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 246 seconds]
14:07 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
14:10 -!- mnour_bsd [~mnour_bsd@host-6twp9e8cmqu9c54mwy.pdv6.obg1.zeelandnet.nl] has joined #openbsd
14:10 -!- edgars_ [~edgars@95.68.97.7] has joined #openbsd
14:15 -!- edgars_ [~edgars@95.68.97.7] has quit [Ping timeout: 240 seconds]
14:18 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has quit [Remote host closed the connection]
14:19 -!- an3223 [~user@user/an3223] has joined #openbsd
14:24 -!- sunwind [~paradox@173.41.9.51.dyn.plus.net] has joined #openbsd
14:25 -!- byteskeptical [~amnesia@user/byteskeptical] has quit [Quit: leaving]
14:26 -!- stellacy [~stellacy@gateway/tor-sasl/stellacy] has quit [Remote host closed the connection]
14:28 -!- tjdaugaard [~tjdaugaar@77.241.136.251.bredband.3.dk] has quit [Ping timeout: 240 seconds]
14:28 -!- zimmer [~zimmer@user/zimmer] has quit [Ping timeout: 240 seconds]
14:30 -!- byteskeptical [~amnesia@user/byteskeptical] has joined #openbsd
14:32 -!- stellacy [~stellacy@gateway/tor-sasl/stellacy] has joined #openbsd
14:33 -!- cryptexx0 [~cryptexx0@192.9.171.167] has quit [Remote host closed the connection]
14:35 -!- cryptexx0 [~cryptexx0@192.9.171.167] has joined #openbsd
14:37 -!- dqk [~dqk@agrenoble-651-1-488-7.w90-42.abo.wanadoo.fr] has quit [Ping timeout: 260 seconds]
14:40 -!- seventh [~seventh@169.150.197.239] has quit [Quit: ...]
14:42 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
14:45 -!- leo-unglaub [~leo-ungla@2001:871:258:32ee:d374:eb2c:adc1:1a13] has quit [Quit: Leaving.]
14:47 -!- lavaball [felix@31.204.155.215] has quit [Ping timeout: 240 seconds]
14:51 -!- lavaball [felix@31.204.155.215] has joined #openbsd
14:52 -!- horrad [~horrad@217.91.26.253] has quit [Remote host closed the connection]
14:53 -!- gman999 [~GMan999@user/gman999] has quit [Quit: WeeChat 3.8]
14:53 -!- davlefou [~davlefou@2a01:e0a:5f4:4bd0:250a:2632:f14f:6703] has quit [Ping timeout: 240 seconds]
14:56 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
15:01 -!- darkblack [~darkBLACK@rrcs-67-53-148-69.west.biz.rr.com] has quit [Ping timeout: 268 seconds]
15:01 -!- darkblack [~darkBLACK@rrcs-67-53-148-69.west.biz.rr.com] has joined #openbsd
15:05 -!- davlefou [~davlefou@2a01:e0a:5f4:4bd0:cb64:11cc:f67d:d3e6] has joined #openbsd
15:16 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
15:17 -!- yella [regg@2607:fb90:b7e3:8f67:ea41:70e3:975e:38a5] has joined #openbsd
15:17 -!- yella [regg@2607:fb90:b7e3:8f67:ea41:70e3:975e:38a5] has quit [Changing host]
15:17 -!- yella [regg@user/yella] has joined #openbsd
15:18 -!- dqk [~dqk@2a01:cb15:827b:b00:dea6:32ff:fee4:6629] has joined #openbsd
15:20 -!- morte` [~user@181.114.17.106] has joined #openbsd
15:21 -!- morte [~user@user/monkey/x-0691028] has quit [Ping timeout: 240 seconds]
15:21 -!- seninha [~seninha@user/seninha] has quit [Quit: Leaving]
15:22 -!- an3223 [~user@user/an3223] has quit [Ping timeout: 240 seconds]
15:23 -!- feriman [~feriman@188.163.114.49] has quit [Quit: leaving]
15:27 -!- pikapika is now known as militantorc
15:30 -!- feriman [~feriman@188.163.114.49] has joined #openbsd
15:32 -!- ikarso [uid475540@id-475540.tinside.irccloud.com] has quit [Quit: Connection closed for inactivity]
15:34 -!- JE-46600 [~mk@141.255.164.91] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
15:34 -!- rahl [rahl@otaku.sdf.org] has joined #openbsd
15:34 -!- an3223 [~user@user/an3223] has joined #openbsd
15:35 -!- SirJitsu-work [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has joined #openbsd
15:36 -!- mnour_bsd [~mnour_bsd@host-6twp9e8cmqu9c54mwy.pdv6.obg1.zeelandnet.nl] has quit [Ping timeout: 245 seconds]
15:36 < rahl> If I'm going to run several services on my personal server (vps, kvm iirc) - e.g. irc, matrix, ... - is it reasonable/preferred to use virtualization for each?
15:41 -!- Alhazred [~Alhazred@user/Alhazred] has quit [Ping timeout: 268 seconds]
15:41 < sibiria> maybe. if you plan on being a target
15:42 -!- antanst [~user@user/antanst] has quit [Quit: WeeChat 3.8]
15:43 -!- djhankb [~djhankb@208.113.164.68] has quit [Remote host closed the connection]
15:43 < rahl> sibiria: not sure what you mean by "plan on". I err on the side of caution where possible. 
15:43 < sibiria> tucking every small thing into a VM of its own for private use is more often than not an excessive opsec exercise
15:44 < rahl> ah
15:44 < thrig> one could recompile irssi with pledge and unveil patches
15:44 -!- djhankb [~djhankb@208.113.164.68] has joined #openbsd
15:44 < sibiria> gets a bit annoying to maintain and use as well. pledge and chroot are pretty powerful tools in contrast
15:44 < sibiria> and unveil
15:45 < rahl> afk for a bit. hopefully can pick your brains in a little while
15:45 < thrig> zombie spotted
15:47 < rahl> :(
15:47 < rahl> definition?
15:48 < sibiria> thrig: did you mean actual patches integrated into irssi, or just a separate sandbox launcher kinda deal?
15:49 < thrig> technically it's a git repository with a branch on it
15:51  * rahl facepalms having just recollected his brain picking comment...
15:51 -!- morte` [~user@181.114.17.106] has quit [Remote host closed the connection]
15:55 -!- markb1 [~markb1@2603-6080-6000-00d4-babd-8253-5f07-7f82.res6.spectrum.com] has quit [Ping timeout: 260 seconds]
15:56 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Ping timeout: 240 seconds]
15:58 -!- Alhazred [~Alhazred@user/Alhazred] has joined #openbsd
15:59 < pardis> rahl: nested virtualisation is not usually supported on a VPS
15:59 < pardis> you would need to rent one VPS per service if you wanted to do that
16:02 < sibiria> qemu is pretty fast in emulation mode
16:04 -!- gman999 [~GMan999@user/gman999] has joined #openbsd
16:04 -!- morte_ [~user@user/monkey/x-0691028] has joined #openbsd
16:05 < eea> or rent a vm capable hardware host
16:06 < eea> several decent and fairly priced 
16:06 < eea> providers
16:07 < lts> I like to virtualize to multiple VMs simply so that not all services are down when one is worked on
16:08 -!- markb1 [~markb1@2603-6080-6000-00d4-babd-8253-5f07-7f82.res6.spectrum.com] has joined #openbsd
16:08 < eea> "microservices"
16:08 -!- Tekk [~tekk@024-216-148-240.res.spectrum.com] has joined #openbsd
16:08 < eea> openbsd chroot is p.decent out of the box
16:08 < pardis> lts: but then they are all down when the host is worked on, which is the same thing
16:08 < eea> ^
16:09 < eea> distrinuted single point of failure
16:09 < eea> distributed too
16:09 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd
16:09 < lts> I accept the solution which helps 9/10 times
16:12 -!- tercaL [~tercaL@user/tercal] has quit [Quit: enter the Tekken!]
16:14 -!- Bella988 [~Bella988@212.58.102.33] has joined #openbsd
16:19 -!- Leonarbro_ [~Leo@user/leonarbro] has joined #openbsd
16:20 -!- Bella988 [~Bella988@212.58.102.33] has quit [K-Lined]
16:20 -!- polishdub [~polishdub@ip72-208-203-185.ph.ph.cox.net] has quit [Remote host closed the connection]
16:22 -!- Leonarbro [~Leo@user/leonarbro] has quit [Ping timeout: 276 seconds]
16:25 -!- user71 [~user71@2001:1530:1007:8d82:1e6f:65ff:fe88:557f] has joined #openbsd
16:31 -!- n4dir [~user@i59F518DE.versanet.de] has joined #openbsd
16:42 -!- JE-46600 [~mk@141.255.164.91] has joined #openbsd
16:43 -!- absc [~absc@213.55.242.46] has joined #openbsd
16:51 -!- tjdaugaard [~tjdaugaar@77.241.136.48.bredband.3.dk] has joined #openbsd
16:51 < markmcb> am i correct that iavf is the only virtual function driver in openbsd? i have a mellanox card. i see the mcx driver, but not one for the vf. i'm trying to run openbsd as a guest os via qemu and use an sriov vf for the network, but it's not detected.
16:54 -!- Mete- [~Mete-@2804:da8:f7a3:f16e:f3a8:8b4f:b8c1:b0f5] has quit [Remote host closed the connection]
16:54 -!- Mete- [~Mete-@2804:da8:f7a3:f16e:f3a8:8b4f:b8c1:b0f5] has joined #openbsd
16:55 -!- Vizva [~vizva@gateway/tor-sasl/vizva] has joined #openbsd
16:57 < markmcb> actually, now that i look at pcidump and dmesg, i see it recognizing the vf and referring to it as mcx0, but i don't see anything in ifconfig ... am i missing a step?
17:00 -!- nebulabc [~quassel@user/nebulabc] has quit [Quit: must've rage quit ¯\_(ツ)_/¯]
17:01 -!- JE-46600 [~mk@141.255.164.91] has quit [Read error: Connection reset by peer]
17:01 < markmcb> ah, i found a "not enough msi-x vectors" error ... no idea what that means, so i guess i have some homework to do
17:02 -!- Mete- [~Mete-@2804:da8:f7a3:f16e:f3a8:8b4f:b8c1:b0f5] has quit [Remote host closed the connection]
17:03 -!- Mete- [~Mete-@2804:da8:f7a3:f16e:bbb:56bc:7791:5a9b] has joined #openbsd
17:03 -!- jamtorus [~quassel@141.98.255.153] has joined #openbsd
17:05 -!- Netsplit *.net <-> *.split quits: DanielNechtan, ryan, fkr, andinus`, zmoment, moviuro, renaud, terminaldweller, eschaton, kori,  (+17 more, use /NETSPLIT to show all of them)
17:05 -!- f91w_ [~f91w@45.32.220.195] has joined #openbsd
17:05 -!- xdefrag_ [~xdefrag@xdefrag.vm.tornadovps.net] has joined #openbsd
17:05 -!- imega [~coma@nat-wlan-eduroam-192-41-132-233.uzh.ch] has quit [Ping timeout: 240 seconds]
17:05 -!- fkr_ [~fkr@hawkins.hazardous.org] has joined #openbsd
17:05 -!- kori [~kori@185.21.216.167] has joined #openbsd
17:05 -!- Netsplit over, joins: van, renaud
17:05 -!- andinus`` [andinus@tilde.institute] has joined #openbsd
17:05 -!- Netsplit over, joins: jess
17:05 -!- polarian_ [~polarian@2001:8b0:57a:2385::6] has joined #openbsd
17:05 -!- cation_ [cation@user/cation] has joined #openbsd
17:06 -!- Netsplit over, joins: xarthna
17:06 -!- Netsplit over, joins: ryan, moviuro
17:06 -!- viniciorl [~viniciorl@189.232.51.46] has joined #openbsd
17:06 -!- int16h [~int16h@user/bombuzal] has joined #openbsd
17:06 -!- Netsplit over, joins: lucenera
17:06 -!- RaySl [~raysl@sdf1.vm.tornadovps.net] has joined #openbsd
17:06 -!- polarian_ is now known as polarian
17:06 -!- Netsplit over, joins: eschaton, zmoment, terminaldweller
17:07 -!- Netsplit over, joins: vjoki
17:07 -!- Netsplit over, joins: tom-1
17:08 -!- cation_ is now known as cation
17:10 < lavaball> i want to do ssh -L 5900:remotbox_localhost:5900 remotebox. as in connect to my ssh server here to 5900, which forwards it over ssh to the remote box and connect there to 5900. how do i do that properly?
17:10 -!- rjc [yzkmufzg0g@srv.dataswamp.org] has joined #openbsd
17:12 -!- lennox[m] [~lennox@2001:470:69fc:105::2:601d] has joined #openbsd
17:12 -!- nebulabc [~quassel@20.163.143.80] has joined #openbsd
17:12 -!- nebulabc [~quassel@20.163.143.80] has quit [Changing host]
17:12 -!- nebulabc [~quassel@user/nebulabc] has joined #openbsd
17:12 -!- nebulabc_ [~quassel@20.163.143.80] has joined #openbsd
17:13 -!- nebulabc_ [~quassel@20.163.143.80] has quit [Client Quit]
17:14 -!- KekoPR [~Keko@179.105.9.40] has joined #openbsd
17:15 -!- nebulabc [~quassel@user/nebulabc] has quit [Client Quit]
17:15 < sibiria> is AllowTcpForwarding set to "no"?
17:16 < lavaball> question is where. on the sshd here, or the remote one?
17:16 < lavaball> i'll chck bth.
17:17 < lavaball> haven't change anything. the default says yes but is commented out.
17:17 < lavaball> also i need the proper command first. is it ssh -L 5900:localhost:5900 remotebox?
17:17 < sibiria> there's an "all" mode as well which has some effect on some forwarding schemes. i'm not entirely sure about it
17:17 < sibiria> or maybe that went away with time
17:18 -!- nebulabc [~quassel@20.163.143.80] has joined #openbsd
17:18 -!- nebulabc [~quassel@20.163.143.80] has quit [Changing host]
17:18 -!- nebulabc [~quassel@user/nebulabc] has joined #openbsd
17:18 < lavaball> actually, since you are here. have you seen the whale movie?
17:18 -!- nebulabc [~quassel@user/nebulabc] has quit [Client Quit]
17:18 < sibiria> not yet but it's on my list
17:19 -!- nebulabc [~quassel@20.163.143.80] has joined #openbsd
17:19 -!- nebulabc [~quassel@20.163.143.80] has quit [Changing host]
17:19 -!- nebulabc [~quassel@user/nebulabc] has joined #openbsd
17:19 < lavaball> do you have one of those 2160p screens?
17:19 < sibiria> localport:remotehost:remoteport is the syntax i think
17:19 < sibiria> a 4k screen, yes i do
17:19 < lavaball> very NAISU!
17:20 < sibiria> though i never really watch anything in 4k. 99% of it is 1080p content which scales up perfectly fine and sharp to 2160p
17:20 < sibiria> it doesn't blow my mind, but proper 4k content sure looks crisp or whatever
17:22 -!- Siva [Siva@staff.lecturify.net] has joined #openbsd
17:22 < lavaball> well, ssh -L 5900:remotebox:5900 gives me the usage: message.
17:23 -!- unix-priest[m] [~unix-prie@2001:470:69fc:105::3:5044] has joined #openbsd
17:25 < sibiria> usually you'd do something like ssh -L 12345:192.168.5.5:12345 -p remotesshdport 192.168.5.5
17:25 < rjc> lavaball: there's is a difference between '12345:localhost:12345 remote' and '12345:remote:12345'
17:25 < sibiria> presuming your remote sshd is on 192.168.5.5 and port "remotesshdport"
17:26 < sibiria> -L is just the forwarding part. you need to specify the host you intend to connect to as well
17:26 < rjc> if the service is running on the main, or all interfaces, the latter will suffice, if it runs only on localhost, you have to use the former
17:27 < rjc> sibiria: 17:25 < sibiria> usually you'd do something like ssh -L 12345:192.168.5.5:12345 -p remotesshdport 192.168.5.5
17:28 < rjc> this is redundant - you're using the same ip address twice
17:29 < pardis> it's not redundant, it's used for two different things
17:34 < lavaball> the remote stuff is all saved in config. i just need to write remotebox. but i tried 5900:localhost:5900 remotebox ... it connects even though it gives me some multi something socket error. but when i connect  to 5900 on my local sshd, it doesn't go through.
17:34 < sibiria> rjc: the first IP address is where sshd on the remote will forward the traffic to
17:34 < sibiria> in case you need to tunnel directly to a different machine inside the remote's network
17:35 < lavaball> so the localhost should mean the remotebox lcoalhost, not one i run the ssh -L on, right?
17:35 < lavaball> i always has a hard time understanding these ... sorry. and the man page has that irc example which confuses me even more actually. 
17:35 < rahl> pardis: noted re nested virtualisation - will look into my options
17:35 < sibiria> lavaball: yes, the host "in the middle" of the argument is the intended destination once the traffic has reached the remote sshd
17:36 < sibiria> if localhost then the remote sshd will simply drop the traffic right there, on localhost
17:36 < lavaball> well, isn't working.
17:36 -!- morte_ [~user@user/monkey/x-0691028] has quit [Remote host closed the connection]
17:37 < sibiria> WELL THEN YOU BROKE IT
17:37 < lavaball> but i have errors for you: mux_client_forward: forwarding request failed: Port forwarding failed     muxclient: master forward request failed  
17:37 < lavaball> i know i did. who else
17:37 < lavaball> ?
17:37 < rahl> my original idea for separating services was less about opsec (though that played a part) and more about isolating maintenance, or considering that it might facilitate moving any one service from one machine to another
17:37 < rahl> whether that's an accurate belief though...
17:37 < sibiria> lavaball: sorry, no idea. i have never seen those error messages
17:37 < lavaball> that makes two of us.
17:39 < quinq> Maybe you're doing connection sharing and that gets in the way
17:39 < lavaball> thank you for your input.
17:40 -!- imega [~coma@2001-8e0-2222-2000--a30.ewz.ftth.ip6.as8758.net] has joined #openbsd
17:40 < quinq> Oh, that's this nice guy again
17:40 -!- osm [~osm@h-81-170-131-78.A357.priv.bahnhof.se] has quit [Ping timeout: 265 seconds]
17:46 < lavaball> hm netstat says rfb is listening. pf allows it. yet it says: unable to connect to vnc server. but via openvpn it works. the server is running and working over there.
17:46 < lavaball> weird.
17:46 -!- reset [~reset@user/reset] has joined #openbsd
17:47 < sibiria> have you considered that the problem might be you dripping lava all over the stuff
17:48 < IcePic> sibiria: but obsd boxes are secure?
17:50 < lavaball> sibiria, i just heard yesterday you are supposed to drip lava 21 times a month to prevent cancer of the lava distribution system.
17:51 -!- hitest [~hitest@user/hitest] has quit [Quit: Leaving]
17:51 < sibiria> aka LRS, Lava Renal System
17:51 < lavaball> anyway, i really thought that was you i saw the other day. had the same name. was all about that whale movie in 2160p. 
17:51 < sibiria> IcePic: only against salt water ingress i believe
17:51 < lavaball> i guess you don't frequent other establishments besides this channel.
17:52 < sibiria> these days libera is main waterhole
17:52 < thrig> water goes through volcanic rocks plenty fine
17:56 -!- mayron [~mayron@2804:30c:d06:5300:1a41:bc7c:1e7c:52aa] has joined #openbsd
17:56 -!- mayron is now known as zom
17:59 -!- zom [~mayron@2804:30c:d06:5300:1a41:bc7c:1e7c:52aa] has quit [Quit: Leaving]
18:01 -!- begriffs [~begriffs@user/begriffs] has joined #openbsd
18:01 -!- osm [~osm@h-81-170-131-78.A357.priv.bahnhof.se] has joined #openbsd
18:05 -!- polishdub [~polishdub@ip72-208-203-185.ph.ph.cox.net] has joined #openbsd
18:17 -!- ajr [~ajr@user/ajr] has joined #openbsd
18:19 -!- zimmer [~zimmer@92.40.171.220.threembb.co.uk] has joined #openbsd
18:19 -!- zimmer [~zimmer@92.40.171.220.threembb.co.uk] has quit [Changing host]
18:19 -!- zimmer [~zimmer@user/zimmer] has joined #openbsd
18:19 -!- jmcunx [~jmc@user/zjmc] has joined #openbsd
18:22 -!- PeasfulTown [~peasfulto@user/PeasfulTown] has joined #openbsd
18:25 < rahl> I suppose if I'm looking more from a perspective of isolating installations - either for moving around or removal - than of security, chroot should be a good fit right?
18:25 -!- PeasfulTown is now known as peas
18:26 < rahl> I really would like to work more with unveil and pledge but that's gonna be limited to personal projects or code that already cares about such things.
18:26 -!- xet7 [~xet7@user/xet7] has joined #openbsd
18:27 -!- archpc [~archpc@user/archpc] has quit [Quit: cat /pet/pat]
18:27 -!- archpc [~archpc@user/archpc] has joined #openbsd
18:29 < sibiria> it's possible to sandbox executables by wrapping them in pledge and unveil. it's a bit messier than proper integration, but it works
18:31 -!- lockywolf [~lockywolf@public.lockywolf.net] has quit [Ping timeout: 276 seconds]
18:31 -!- gh34 [~textual@cpe-184-58-181-106.wi.res.rr.com] has quit [Quit: Textual IRC Client: www.textualapp.com]
18:32 < pardis> not unveil, only pledge
18:32 < pardis> unveil doesn't survive execve
18:32 < rahl> oh interesting. Might you have any reading recommendations for getting up to speed with pledge and unveil; the former also with regard to wrapping?
18:32 < rsjw> would you do that by adding code to the program and recompiling it, or would you do it by writing a separate program that runs pledge/unveil and then execs the regular executable? if the second, how would you ensure that all executions go through the wrapper and don't bypass it by calling the regular executable directly?
18:32 < rahl> pardis: cheers
18:33 < sibiria> rsjw: the latter
18:33 -!- lockywolf [~lockywolf@public.lockywolf.net] has joined #openbsd
18:33 -!- KekoPR [~Keko@179.105.9.40] has quit [Quit: Leaving]
18:33 < pardis> see execpromises in pledge(2), and you can't really ensure that
18:34 < pardis> but you also can't ensure that users can't download random binaries and execute them
18:34 < rsjw> I'm more concerned about some other package invoking the non-pledged binary because that's where it expects it
18:35 < rsjw> but I guess things could be renamed
18:36 < sibiria> it's more of a makeshift solution for one's own immediate use of this or that application
18:37 -!- raspbeguy [~raspbeguy@wireguard/tunneler/raspbeguy] has quit [Quit: Gateway shutdown]
18:38 < sibiria> rahl: give me a minute, i know i bookmarked a blog article making an example of it some years ago
18:40 < sibiria> rahl: https://ioctl.uk/2019/03/sandboxing-irssi/
18:40 < sibiria> i don't really know if this works still. it's about as old as pledge and unveil are, and a lot has happened since
18:41 < sibiria> but it generally outlines the approach nonetheless
18:41 < pardis> this has never been correct
18:41 < sibiria> there have been some examples on the mailing lists over the years, too
18:42 < pardis> the pledge part should work, the unveil part will only affect the wrapper
18:42 < pardis> "To test, type /exec cat /etc/passwd inside irssi: the process should be killed." is also wrong, since unveil doesn't kill processes, it makes syscalls return errors
18:43 < rahl> sibiria: much obliged, cheers
18:44 < thrig> pledge will cause process kills though
18:44 < pardis> yes, but that example is pledging rpath, so 'cat /etc/passwd' shouldn't kill it
18:45 < thrig> but not fork/exec so boom process kill
18:45 < pardis> ah, I see, that makes sense
18:45 < pardis> so it's right for the wrong reasons
18:46 < pardis> rahl: you will have an easier time just reading the documentation of execpromises in pledge(2) than reading a blog post that is mostly about something that won't work anyway
18:47 < pardis> execpromises is the only thing you can use in this way
18:49 -!- mnour_bsd [~mnour_bsd@host-r8d4vxnlwnrkc54mwy.pdv6.obg1.zeelandnet.nl] has joined #openbsd
18:50 < sibiria> there are newer examples on the mailing lists
18:51 < rahl> pardis: ack, appreciated
18:51 < pardis> there cannot be examples of something that doesn't work
18:52 < sibiria> you have to stop interpreting it as an identical alternative to *patching* something so that it can jail itself
18:54 < pardis> might have to start doing that before I can stop
18:56 < pardis> though looking at the code, it might be that unveil is only inherited across execve(2) if execpromises is set
18:56 < pardis> which seems like confusing behaviour, but would mean that I'm wrong in this case
18:58 < rsjw> it would be easier to understand that way; you wouldn't have to know which things automatically got passed on to the child, it's already spelled out by the promises/execpromises partition
18:58 -!- nyx1337 [~nyx1337@host-104-158-66-217.spbmts.ru] has joined #openbsd
18:58 -!- Leonarbro_ is now known as Leonarbro
18:58 -!- mnour_bsd [~mnour_bsd@host-r8d4vxnlwnrkc54mwy.pdv6.obg1.zeelandnet.nl] has quit [Ping timeout: 245 seconds]
18:59 < pardis> no, it's not easier to understand, because your call to pledge(2) shouldn't change what unveil(2) does
19:00 < pardis> it means if you have a privsep program with two processes, both unveiled but only one pledged, then any execs from one will inherit the unveil but from the other will not
19:00 < pardis> it also means that disabling pledge for testing could break unveil
19:00 < pardis> I hope I'm misreading the code but I have to go do something else now
19:02 -!- ikarso [uid475540@id-475540.tinside.irccloud.com] has joined #openbsd
19:03 < rahl> How might one go about determining what files a given process needs to read or read/write?
19:04 < thrig> ktrace, running under pledge/unveil until it the error rate is acceptably low
19:04 < rahl> Fairly manually, like evaluating the source? Or running it and somehow monitoring what files it pokes at?
19:05 < rahl> thrig: ack, thanks
19:05 < thrig> or writing your own irc client that has pledge in from the start
19:05 < rahl> :)
19:05 < rsjw> or checking the FILES section of the manpage
19:05 < rahl> Assuming the target program has one
19:05 < thrig> FILES won't mention that X11 programs randomly like to run fontconfig something
19:06 < rsjw> yeah it's more like "contributing information"
19:06 < thrig> FILES is a good place to start but probably ktrace kdump | grep NAMI
19:17 -!- begriffs [~begriffs@user/begriffs] has quit [Quit: Leaving]
19:18 -!- nyx1337 [~nyx1337@host-104-158-66-217.spbmts.ru] has quit [Read error: Connection reset by peer]
19:24 < rahl> thrig: when you mentioned ktrace, running under pledge/unveil, would the process look something like: writing a pledge/unveil wrapper that runs the target, compiling, calling the wrapper with ktrace, rinse, repeat?
19:25 < thrig> I've never done the wrapper thing
19:25 -!- frkazoid333 [~frkazoid3@2603-9000-cf01-74e0-bc1e-2956-909e-a4f1.inf6.spectrum.com] has joined #openbsd
19:25 < sibiria> you can get a lot of info by just running something with ktrace and exiting, then peeking in the dump file
19:26 < sibiria> beware: dump file can grow huge very fast
19:27 < sibiria> e.g.    ktrace ~/sausages     <exit>      kdump -f sausages.out
19:27 < sibiria> you will get better and immediate info by locking the application down so that it croaks as soon as it breaks its pledge
19:28 < thrig> unveil, however, can be pretty silent about denying a ~/.terminfo (ok) or ~/.ssh (not ok) read
19:29 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has quit [Quit: Lost terminal]
19:29 -!- frkzoid [~frkazoid3@2603-9000-cf01-74e0-f2e1-3b66-520e-9e94.inf6.spectrum.com] has quit [Ping timeout: 260 seconds]
19:31 -!- format_c [~format_c@2a02:b98:f181:4094:f550:7488:2d5:5ffa] has joined #openbsd
19:31 -!- jamtorus is now known as jellydonut
19:34 -!- ule [~ule@user/ule] has joined #openbsd
19:34 -!- ficonni [~ficonni@178-223-149-188.dynamic.isp.telekom.rs] has joined #openbsd
19:36 < rahl> thanks again to you both
19:36 -!- frkazoid333 [~frkazoid3@2603-9000-cf01-74e0-bc1e-2956-909e-a4f1.inf6.spectrum.com] has quit [Ping timeout: 260 seconds]
19:38 < rahl> thrig: if you weren't referring to some kind of wrapper, what did you mean by "under pledge/unveil"?
19:39 < thrig> presumably the code would have pledge and unveil calls in it, rather than from a wrapper
19:40 -!- frkazoid333 [~frkazoid3@35.136.233.205] has joined #openbsd
19:40 < IcePic> the logic around pledge/unveil is based on starting with more privs and dropping them as soon as they are not needed
19:40 < thrig> see, for example, lots of the openbsd source tree
19:40 < IcePic> the fault of many other sandboxing systems is that if you only do it once, before start, they need to cover all possible uses, for the whole lifetime of the process
19:41 -!- format_c [~format_c@2a02:b98:f181:4094:f550:7488:2d5:5ffa] has quit [Quit: format_c]
19:43 < sibiria> i got curious about that old sandboxing example so i tried it out. it does indeed work: unveil propagates through execve if "execpromises" has "exec"
19:44 < sibiria> that the sandboxed executable gets "exec" is in itself of course unfortunate :D
19:45 < sibiria> but at least it lets you sandbox an application so that it can't directly read stuff off of the file system
19:46 < rsjw> what if execpromises doesn't have "exec"? does the unveil still get propogated?
19:46 -!- ajr [~ajr@user/ajr] has quit [Remote host closed the connection]
19:47 < sibiria> i don't think so if i recall discussions on the mailing lists correctly, but lemme try it out
19:49 < pardis> I still think this API is poorly designed if it works this way
19:49 < pardis> iirc it's still subject to change since nothing in base uses it
19:49 < rsjw> it'd have to be passed a string without exec, not just NULL, which doesn't change the current value
19:50 < pardis> rsjw: the content of execpromises doesn't matter, only its presence
19:50 < sibiria> unveil propagates even without execpromises having exec, but pledge doesn't fall over from it
19:51 < pardis> which makes sense
19:51 < sibiria> the invoked process simply doesn't get access to the disallowed file and that's it
19:51 < sibiria> i.e. fopen etc. finds nothing
19:51 < rahl> thrig: well that would be nice. Except I'm currently looking at a target program which is not native openbsd, and has no use of peledge nor unveil
19:52 < sibiria> so i'd say, despite being 4 years old, that specific sandboxing trick/example does work as a makeshift solution when patching the actual application is too much work
19:52 < sibiria> and for some software it really can be loads of work
19:53 < pardis> yep, agreed, I was wrong about that
19:53 < pardis> I now simply disagree with how execpromises silently affects unveil
19:53 -!- piotr_ [~piotr@user/filystyn] has joined #openbsd
19:54 < sibiria> how some of the keywords/funcs of pledge works is also a bit iffy. i remember that "error" lives a life of its own sometimes
19:54 -!- piotr_ is now known as Filystyn
19:54 < sibiria> in some cases it lets you know what broke, in some cases it doesn't say anything at all
19:54 < Filystyn> net seems to work better after patch
19:54 < Filystyn> and people here were like "we don't need patches"
19:55 < sibiria> that is, sometimes nothing ends up with ENOSYS and you still have no idea what made pledge hit the wall
19:55 < pardis> another reason this API is problematic is that there is no way to use unveil in a wrapper without also using pledge
19:55 < pardis> so if something uses syscalls that can't be allowed with pledge, you also can't unveil it
19:56 -!- an3223 [~user@user/an3223] has quit [Remote host closed the connection]
20:02 -!- morte_ [~user@user/monkey/x-0691028] has joined #openbsd
20:04 -!- Alhazred [~Alhazred@user/Alhazred] has quit [Ping timeout: 268 seconds]
20:04 -!- morte_ is now known as morte
20:05 -!- militantorc [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
20:06 -!- pikapika [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd
20:07 -!- absc [~absc@213.55.242.46] has quit [Remote host closed the connection]
20:07 -!- jmcunx [~jmc@user/zjmc] has left #openbsd []
20:07 -!- absc [~absc@213.55.242.46] has joined #openbsd
20:09 -!- TFOZ [~tom@user/TFOZ] has joined #openbsd
20:09 -!- TFOZ [~tom@user/TFOZ] has quit [Client Quit]
20:10 -!- Alhazred [~Alhazred@user/Alhazred] has joined #openbsd
20:13 -!- Night-Shade [~Tim@ip5b4168cf.dynamic.kabel-deutschland.de] has joined #openbsd
20:14 < rahl> Is it just me or does the manpage for pledge not really describe promises and execpromises?
20:14 < rahl> promises can be gleaned
20:14 -!- darkblack [~darkBLACK@rrcs-67-53-148-69.west.biz.rr.com] has quit [Ping timeout: 240 seconds]
20:14 < rahl> Maybe I'm just being slow.
20:15 < pardis> it's documented under the behaviour of the exec syscall
20:15 < pardis> execpromises, that is
20:16 -!- Trigon [~reuben@144.39.114.115] has joined #openbsd
20:16 < rsjw> you can search for the string "execpromises" using / and "n"
20:17 -!- mrblarg64 [~mrblarg64@142-165-167-195.sktn.static.sasknet.sk.ca] has joined #openbsd
20:17 -!- lavaball [felix@31.204.155.215] has quit [Remote host closed the connection]
20:18 < sibiria> rahl: it's a bit fuzzy, but the first argument is the list of restrictions taking place immediately after pledge(), and the second argument (execpromises) take place for the next thing invoked with execve()
20:20 -!- lavaball [felix@31.204.155.215] has joined #openbsd
20:20 -!- Vizva [~vizva@gateway/tor-sasl/vizva] has quit [Remote host closed the connection]
20:24 -!- Alhazred [~Alhazred@user/Alhazred] has quit [Ping timeout: 268 seconds]
20:25 -!- Trigon [~reuben@144.39.114.115] has quit [Ping timeout: 268 seconds]
20:25 < rahl> pardis: cheers
20:26 < quinq> parchis: deers
20:26 -!- kori [~kori@185.21.216.167] has quit [Changing host]
20:26 -!- kori [~kori@user/kori] has joined #openbsd
20:27 -!- Nahual [~Nahual@centos/community/Nahual] has quit [Quit: Leaving.]
20:28 < rahl> rsjw: I was gonna be snarky, but as you both pointed out it's in there; just oddly buried
20:28 -!- ajr [~ajr@user/ajr] has joined #openbsd
20:31 -!- free_help [~bacano@2804:14c:4c7:854f::1] has joined #openbsd
20:38 -!- ivdsangen [~ivo@86-95-161-96.fixed.kpn.net] has quit [Quit: https://github.com/ivdsangen]
20:39 -!- user71 [~user71@2001:1530:1007:8d82:1e6f:65ff:fe88:557f] has quit [Quit: Leaving]
20:42 -!- darkblack [~darkBLACK@rrcs-67-53-148-69.west.biz.rr.com] has joined #openbsd
20:45 -!- Leonarbro [~Leo@user/leonarbro] has quit [Quit: Bye]
20:49 -!- vysn [~vysn@user/vysn] has joined #openbsd
20:51 -!- tjdaugaard [~tjdaugaar@77.241.136.48.bredband.3.dk] has quit [Ping timeout: 240 seconds]
20:56 < rsjw> pardis: yeah I just tried it and it is weird like you said. maybe unveil could use an inherit flag for each path that is set. I don't know whether this would be the best answer though
20:58 < pardis> I think the API sucks because none of the OpenBSD developers are using it
20:58 < pardis> the second argument to pledge(2) used to be an array of paths, before unveil(2) existed
20:58 < pardis> when unveil(2) was created, pledge(2)'s second argument was repurposed rather than change the kernel ABI
20:58 < pardis> but nothing ever made use of it
20:59 -!- ajr [~ajr@user/ajr] has quit [Remote host closed the connection]
21:00 < rsjw> if the semantics of the second argument were changed then the abi was changed, regardless of whether the types are the same
21:00 < rsjw> but I guess that's not the point being made
21:01 -!- n4dir [~user@i59F518DE.versanet.de] has quit [Remote host closed the connection]
21:01 < rsjw> yeah so that would explain the pledge/unveil package deal thing
21:01 -!- yella [regg@user/yella] has quit [Ping timeout: 260 seconds]
21:05 -!- lavaball [felix@31.204.155.215] has quit [Remote host closed the connection]
21:07 -!- lavaball [felix@31.204.155.215] has joined #openbsd
21:08 -!- Filystyn [~piotr@user/filystyn] has quit [Quit: Lost terminal]
21:09 -!- absc [~absc@213.55.242.46] has quit [Remote host closed the connection]
21:10 -!- an3223 [~user@user/an3223] has joined #openbsd
21:11 < brocashelm> what's a good program for mapping controller buttons to key presses (similar to joy2key, qjoypad, antimicro, etc.)? and, how to define hotplug rules so that if i remove a usb device (like a game controller), i can put it back on and the kernel will detect it right away? is this supported in openbsd?
21:12 -!- free_help [~bacano@2804:14c:4c7:854f::1] has quit [Quit: Leaving]
21:13 -!- mrblarg64 [~mrblarg64@142-165-167-195.sktn.static.sasknet.sk.ca] has quit [Quit: Leaving]
21:21 -!- feriman [~feriman@188.163.114.49] has quit [Ping timeout: 240 seconds]
21:26 -!- Ellenor is now known as MelMalik
21:35 -!- seninha [~seninha@user/seninha] has joined #openbsd
21:36 -!- gman999 [~GMan999@user/gman999] has quit [Quit: WeeChat 3.8]
21:38 -!- markb1 [~markb1@2603-6080-6000-00d4-babd-8253-5f07-7f82.res6.spectrum.com] has quit [Ping timeout: 250 seconds]
21:39 -!- markb1 [~markb1@2603-6080-6000-00d4-babd-8253-5f07-7f82.res6.spectrum.com] has joined #openbsd
21:50 -!- morte [~user@user/monkey/x-0691028] has quit [Remote host closed the connection]
21:53 -!- an3223 [~user@user/an3223] has quit [Remote host closed the connection]
22:08 -!- ajr [~ajr@user/ajr] has joined #openbsd
22:09 -!- an3223 [~user@user/an3223] has joined #openbsd
22:09 -!- NiceBird [~NiceBird@185.133.111.196] has quit [Ping timeout: 268 seconds]
22:11 -!- SexWarrior [~DankFrank@2a01:4b00:940e:f600:8cca:b0aa:2ca6:e8c3] has joined #openbsd
22:13 -!- mncheck [~mncheck@193.224.205.254] has quit [Ping timeout: 240 seconds]
22:13 -!- djhankb [~djhankb@208.113.164.68] has quit [Remote host closed the connection]
22:16 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has quit [Read error: Connection reset by peer]
22:19 -!- lavaball [felix@31.204.155.215] has quit [Remote host closed the connection]
22:21 -!- AslakR [~aslakr@2001:700:300:22:c0b:9dd4:404:56a4] has quit [Remote host closed the connection]
22:22 -!- jak3b [~jak3b@2601:645:8085:b6d0:2ae2:65b:296a:9f94] has joined #openbsd
22:25 -!- scain [~scain@2603-8080-b104-4e00-45cf-678b-0a7f-b897.res6.spectrum.com] has quit [Quit: Konversation terminated!]
22:25 -!- accelerat0r [~user@user/accelerat0r] has joined #openbsd
22:26 -!- mns` [~mns@45.189.240.80] has joined #openbsd
22:28 -!- elastic_dog [~elastic_d@2a01:118f:620:5c00:5b5c:587d:9e9e:d473] has joined #openbsd
22:29 -!- foul_owl [~kerry@71.212.137.212] has quit [Quit: WeeChat 2.3]
22:32 -!- jak3b [~jak3b@2601:645:8085:b6d0:2ae2:65b:296a:9f94] has quit [Quit: WeeChat 3.8]
22:36 -!- Xenguy [~Xenguy@user/xenguy] has joined #openbsd
22:42 -!- ikarso [uid475540@id-475540.tinside.irccloud.com] has quit [Quit: Connection closed for inactivity]
22:44 -!- frkazoid333 [~frkazoid3@35.136.233.205] has quit [Ping timeout: 240 seconds]
22:45 -!- pyu [~pyu@cm222-166-4-103.hkcable.com.hk] has quit [Read error: Connection reset by peer]
22:47 -!- pyu [~pyu@cm222-166-4-103.hkcable.com.hk] has joined #openbsd
22:48 -!- hussein1 [~weechat@gateway/tor-sasl/hussein1] has joined #openbsd
22:54 -!- foul_owl [~kerry@71.212.137.212] has joined #openbsd
22:55 -!- frkazoid333 [~frkazoid3@35.136.233.205] has joined #openbsd
22:55 -!- ajr [~ajr@user/ajr] has quit []
23:03 -!- accelerat0r [~user@user/accelerat0r] has quit [Remote host closed the connection]
23:17 -!- nyah [~nyah@cpc75709-york6-2-0-cust260.7-1.cable.virginm.net] has quit [Quit: leaving]
23:20 -!- xtile [~terrain@c-24-56-224-169.customer.broadstripe.net] has quit [Quit: sleep]
23:26 -!- Xenguy [~Xenguy@user/xenguy] has quit [Remote host closed the connection]
23:27 -!- Xenguy [~Xenguy@user/xenguy] has joined #openbsd
23:31 -!- acidfoo [~acidfoo@modemcable137.64-162-184.mc.videotron.ca] has joined #openbsd
23:34 < acidfoo> anyone use openbsd to host VMs ? curious if you use one veb bridge per VM to isolate them, or if you manage to isolate it with some pf/bridge rules ? if so how do you isolate the broadcast ?
23:34 < acidfoo> with veb bridge there is no way to stop broadcast/multicast from being flooded to every port. The DISCOVER bit just stop the unicast from being flooded
23:35 < dlg> was the diff on tech@ yours?
23:35 < acidfoo> yeah, it was half baked, but I hope to spark a discussion, that did not happen it seems :/
23:35 < acidfoo> hoped*
23:35 -!- adip [~adip@c134-177.icpnet.pl] has quit [Ping timeout: 240 seconds]
23:35 < dlg> i was goign to look at that, but yesterday was a tyre fire
23:36 < dlg> maybe today
23:36 < dlg> "protected" on bridge and veb sounds more like what you want
23:36 < dlg> which is like pvlan or client isolation
23:36 -!- mns` [~mns@45.189.240.80] has quit [Quit: bbl]
23:36 < acidfoo> yeah, the thing is that once I put VM in a protected domain, how to I then add logic to select which VM can talk to another VM
23:37 < acidfoo> if I could just remove flooding from  happening completely, then I can have pf/bridge rules + static address on the bridge to build only the paths that I need
23:37 < acidfoo> a bit like with openvswitch when you disable learning bridge, and disable flooding, you can then build only the paths you need with the flows you add
23:37 < dlg> a vm could add it's own static arp entries though
23:38 < acidfoo> right, I was trying to not put the burden inside the VMs, that way I can own the "magic" of how things are plumbed
23:39 < dlg> i mean the vm might be able to bypass your policy with its own static arp entries
23:39 < dlg> if you want pf to get involved, you could use veb and enable link1
23:39 < dlg> that will have it run pf on "port" interfaces (the vm tap interfaces)
23:40 < acidfoo> so my plan was to disable flooding on every port except one port, let's say tap123. And behind tap123 I will have my own custom daemon that read/write the TAP interface and reply to all ARP request, and knows who is allowed to talk to another
23:41 < dlg> a bit like https://github.com/eait-itig/commarp ?
23:41 < acidfoo> (opening the link to see)
23:41 < acidfoo> yeah exactly something like that
23:42 < dlg> you just want to bulk up the policy a bit i guess
23:43 < dlg> commarp shoudl work with "protected"
23:44 < dlg> and you can get pf or whatever is running on the community port to do the filtering
23:44 < dlg> or you can enable link1 and get pf to filter packets as they go over the bridge ports
23:45 < acidfoo> so I would put all my VMs in the same protected domain, I would put tap123 _not_ in my protected domain. So between the VMs and the arp responder that's fine. But if I have 2 VMs now that I want to be able to speak together :thinking:
23:46 < acidfoo> how do I then enable unicast between 2 VMs in the same protected domain 
23:46 -!- Alhazred [~Alhazred@user/Alhazred] has joined #openbsd
23:46 < dlg> the responder will cause all the ip traffic from vm A to vm B to go via the router on tap123 (or more likely vport123)
23:46 < dlg> so you just have to write pf rules for that
23:47 < dlg> "pass on tap123 from $vm_a to $vm_b port http" or something
23:47 < acidfoo> ah I see .. hmmm i'm thinking
23:48 < dlg> https://mild.embarrassm.net/~dlg/openbsd-bits/net/firewall-intro.html might be worth a read too
23:48 < dlg> cos in that situation packets will still go through pf twice
23:49 < dlg> once when they come in on tap123, and again after they're routed and go out tap123
23:50 < acidfoo> nice I'll read that
23:51 -!- foul_owl [~kerry@71.212.137.212] has quit [Ping timeout: 240 seconds]
23:51 < acidfoo> ok I'll play with all that again, meanwhile you can play in your head to see if being able to totally disable flooding could be interesting, I understand I just came out of nowhere with that hehe, but I'm used to work with openbsd, so I guess that was my first mental reflex to go with that kind of setup
23:51 < acidfoo> s/openbsd/openvswitch
23:51 < acidfoo> the typo =)
23:52 < acidfoo> thanks for the discussion !
23:52 < dlg> i just need to get my head back in the space
23:53 < acidfoo> hehe yeah of course
23:53 < acidfoo> anywya, thanks for the pointers, I'll start with that and I'll see what that brings me
--- Log closed Thu May 04 00:00:15 2023