6.1 fails to boot on a 486

[Andrew Daugherity]

I recently dug out of the closet my old IBM PS/2E, which had served as
my firewall box from 2000ish-06, and was in fact the very first
machine I ever installed OpenBSD on, to see if it still worked
properly.  It did (after changing the CMOS battery), but booted into
OpenBSD 4.1... yeah, just a *bit* out of date there.  The machine may
not be of great use nowadays (I'd retired it when it couldn't keep up
with my internet connection), but even as a retro-computing
playground, running a 10-year-old/20-releases-ago version of OpenBSD
is of no benefit.  Let's rectify that!


>> OpenBSD/i386 BOOT 3.31
boot> hd0a:/bsd61.rd
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/bsd61.rd: 3208120+1332224+3342348+0+446464
[72+288736+277711]=0x87e694
entry point at 0x2000d4

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1 (RAMDISK_CD) #289: Sat Apr  1 13:58:25 MDT 2017
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
fatal privileged instruction fault (0) in supervisor mode
trap type 0 code 0 eip d03b1f7c cs d09f0008 eflags 10046 cr2 0 cpl 0
panic: trap type 0, code=0, pc=d03b1f7c

The operating system has halted.
Please press any key to reboot.


Well, that's not good -- I didn't expect 6.1 to run particularly well
on this, but I figured it would at least boot... how about 6.0?



booting hd0a:/bsd60.rd: 3211188+1318224+2061312+0+442368
[72+298576+282894]=0x744144
entry point at 0x2000d4

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2016 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 6.0 (RAMDISK_CD) #1864: Tue Jul 26 12:57:09 MDT 2016
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel 486DX (486-class)
real mem  = 16183296 (15MB)
avail mem = 8122368 (7MB)
mainbus0 at root
bios0 at mainbus0: date 03/31/93
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x2000
cpu0 at mainbus0: (uniprocessor)
isa0 at mainbus0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
com0 at isa0 port 0x3f8/8 irq 4: ns16450, no fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
vga0 at isa0 port 0x3b0/48 iomem 0xa/131072
wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation), using wskbd0
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors
wd0(wdc0:0:0): using BIOS timings
npx0 at isa0 port 0xf0/16 irq 13
pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384
pcic0 controller 0:  has sockets A and B
pcic0 controller 1:  has sockets A and B
pcmcia0 at pcic0 controller 0 socket 0
pcmcia1 at pcic0 controller 0 socket 1
pcmcia2 at pcic0 controller 1 socket 0
ep1 at pcmcia2 function 0 "3Com, 3C574-TX Fast EtherLink PC Card, A"
port 0x340/32, irq 3: address 00:10:4b:5f:20:c0
tqphy0 at ep1 phy 0: 78Q2120 10/100 PHY, rev. 3
pcmcia3 at pcic0 controller 1 socket 1
ep2 at pcmcia3 function 0 "3Com, 3C574-TX Fast EtherLink PC Card, A"
port 0x300/32, irq 9: address 00:60:08:93:80:48
tqphy1 at ep2 phy 0: 78Q2120 10/100 PHY, rev. 3
pcic0: irq 5, polling enabled
softraid0 at root
scsibus0 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T

Welcome to the OpenBSD/i386 6.0 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?


Seems fairly normal.  Did I miss something about 6.1 dropping 486
support?  [/me checks i386.html... still says 486 or better!]

Turns out that GENERIC can give us a little more useful information
than RAMDISK_CD, as it drops into ddb:



boot> hd0a:/bsd.61
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/bsd.61: 7678420+2057220+174556+0+1097728
[72+501520+501951]=0xb761b4
entry point at 0x2000d4

[ using 1003956 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1 (GENERIC) #291: Sat Apr  1 13:49:08 MDT 2017
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
kernel: privileged instruction fault trap, code=0
Stopped at  cpuid+0x12: cpuid
ddb> trace
cpuid(8000,d0d78ef0,d0d78ed8,0,7d) at cpuid+0x12
identifycpu(d0c7d8a0,d09fbb83,10,0,) at identifycpu+0x80d
cpu_startup(d09cefed,d09d1680,16c,8,0) at cpu_startup+0xb9
main(d02004c6,d02004ce,0,0,0) at main+0x6a
ddb> ps
   PID TID   PPIDUID  S   FLAGS  WAIT  COMMAND
ddb>


Looks like it's trying to run the CPUID instruction, which this
processor probably

Re: OpenBSD 6.1-stable lock up

[Philipp Buehler]

Hello,

Am 01.09.2017 00:33 schrieb Maxim Bourmistrov:

0/232/64 mbuf 2048 byte clusters in use (current/peak/max)
423/2865/120 mbuf 2112 byte clusters in use (current/peak/max)
0/160/64 mbuf 4096 byte clusters in use (current/peak/max)
0/200/64 mbuf 8192 byte clusters in use (current/peak/max)


I've seen this before - including a kind of "lock up".
How does one reach a peak/current way over the maximum - and 2112 byte 
mcl?
IIRC, there was activity in this area changing allocation and 
statistics.


--
pb

sudoreplay in sudo 1.8.21 on 6.2-snapshot

[David A. Pocock]

Using sudoreplay with log_input and log_output on OpenBSD I recently 
encountered:

After updating to sudo-1.8.21 today when I do "sudoreplay " the 
session 
begins but does not proceed to the next screens. 

Last worked in sudo-1.8.20p2 still works fine.

I've tried this with sudoreplay -R also. The symptom persists.

Sessions created in 1.8.21 or 1.8.20 I cannot play back using 1.8.21.
Sessions created in 1.8.21 or 1.8.20 I canplay back using 1.8.20.

Tested on:
OpenBSD maleah.dayid.org 6.2 GENERIC.MP#101 i386
$ sudo -V
Sudo version 1.8.21

I've been able to consistently recreate by attempting to sudoreplay any 
session. 

Is there any further useful information I may provide to investigate such 
behavior?

-David A. Pocock

OpenBSD 6.1-stable lock up

[Maxim Bourmistrov]

Hey,
having a dual-node setup of 6.0 in prod, I decided to move forward with one of 
machines
and upgrade to 6.1-stable. Ending up in benchmark tool ”locking” the 6.1 
machine.

Background:
Nodes are Xeon E5-2642v3 3.4Ghz x12, 16G RAM, 64G DOM modules as hdd,
4x X540T (ix) - 2x on-board and 2x PCI-card.

All 4x X540T are connected to 2x Cisco Nexus 3000-series, creating an LACP 
trunk (1x on-board + 1x PCI).
trunk0 - external (VLAN), 1x NIC connected to switch1 and 1x NIC connected to 
switch2 (ix0 + ix3)
trunk1 - internal (VLAN) , 1x NIC connected to switch1 and 1x NIC connected to 
switch2 (ix1 + ix2)
As I have 2x Nexus 3000, VPC is configured and sitting on top of LACP trunk on 
their end.

Each obsd node have several carp interfaces configured on top of trunk0.
Only one carp interface on trunk1 - carp1.

Each switch acting as a default gw (VRRP configured) for any existing VLAN, 
except one towards trunk1.
Default gateway for those switches is IP on carp1.
Those switches run OSPF as well as obsd nodes do.

obsd nodes are the front line, facing the Internet. (2x uplink goes into 2x 
Nexus and then traffic is passed to 2x obsd.)
Running relayd with SSL-offload and plain HTTP.
Except relayd, there is ospfd, ntpd, snmpd, and bgpd(for distributed 
blacklisting around other global nodes).

The problem:
While doing a bench with https://github.com/wg/wrk  
from my laptop (OS X, 1Gbps max. pipe) agains the environment (HTTPS)
relayd experienced problems with handling the traffic.

shell# ./wrk -t16 -c1500 -d90s —latency 

wrk hammering apache 2.4(behind those nodes), serving a txt file with avg 
7k-10k req/s as an output:

wrk -t16 -c1500 -d90s --latency https://ping.txt
Running 2m test @ https:///ping.txt
  16 threads and 1500 connections
  Thread Stats   Avg  Stdev Max   +/- Stdev
Latency   131.17ms   70.91ms   1.97s91.70%
Req/Sec   651.06135.80 1.09k84.95%
  Latency Distribution
 50%  131.90ms
 75%  144.63ms
 90%  159.63ms
 99%  230.92ms
  927039 requests in 1.50m, 190.12MB read
  Socket errors: connect 0, read 0, write 0, timeout 1330
Requests/sec:  10290.54
Transfer/sec:  2.11MB

wrk hammering apache 2.4, mod_proxy_balance, with NodeJS nodes behind apache:

wrk -t16 -c1500 -d90s --latency https:///nodejs
Running 2m test @ https:///nodejs
  16 threads and 1500 connections
  Thread Stats   Avg  Stdev Max   +/- Stdev
Latency   445.91ms  518.66ms   2.00s83.49%
Req/Sec56.80 26.89   180.00 68.48%
  Latency Distribution
 50%  217.57ms
 75%  374.15ms
 90%1.50s
 99%1.95s
  80673 requests in 1.50m, 1.12GB read
  Socket errors: connect 0, read 5534, write 0, timeout 18099
Requests/sec:895.42
Transfer/sec: 12.72MB 

’top’ showed none interrupting at all, but rather heavy system load values and 
some user values.
20-30% - user
80-90% - system
relayd (12 forks as the number of cores) - 99% usage.

I basically killed both machines running 6.0, thus my decision to upgrade to 
6.1.
However, during the tests against 6.0, my ssh session never got terminated 
(”kicked out”) even with this hight load (0% CPU idle).
6.1 showed different symptoms - ssh session termination, login via web based 
IPMI GUI hanging after log in part,
ping not responding(from the switches and node1 which is 6.0 yet).
After a while, with bench aborted, 6.1 eventually let me in via ssh (terminal 
via IPMI stil hanging).

snmpd which been running (remember), been polled by other sys doing graphs.
What been seen on those graphs is high rate of output err pkts on trunks, not 
NICs (ix) them selves.
Also, syslog, with enabled ’log all’ for relayd showed a lot of ’buffer timeout 
event’,
ospfd yeilding about ’no buffer space available’.

I had to modd relayd.conf to spawn only 8 preforks instead of 12
and 

kern.maxclusters=24576 #12288
kern.maxfiles=65536 #32768

in order to survive the bench (e.g.. having ssh session alive).
Values commented out are from the 6.0 setup.

I’m looking for any advice here, which hopefully will lead to a stable and 
performant setup.
Configuration follows.

———sysct.conf (obsd 6.0)
net.inet.ip.forwarding=1
net.inet.ipcomp.enable=1# 1=Enable the IPCOMP protocol
net.inet.etherip.allow=1# 1=Enable the Ethernet-over-IP protocol
net.inet.tcp.ecn=1  # 1=Enable the TCP ECN extension
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
net.inet.carp.log=3 # log level of carp(4) info, default 2
ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
ddb.console=1   # 1=Permit entry of ddb from the console
kern.pool_debug=0
net.inet.ip.maxqueue=2048
kern.somaxconn=4096
kern.maxclusters=12288
kern.maxfiles=32768
net.inet.ip.ifq.maxlen=2048


login.conf———
relayd:\
:maxproc-max=31:\
:openfiles-cur=65536:\
:openfiles-max=65536:\
:tc=daemon:

—pf.conf———
set 

Re: Moving a Web site from IIS to httpd

[BergenBergen BergenBergen]

I wish migrating from Rails Nginx to Rails httpd would be that easy. Seems
now I have to pay the uwsgi team hundreds of dollars to come up with a
config for me.

If anybody wishes to join me in paying for this config so we can create an
online tut do feel free to let me know.

All the best,
Murk


On Thu, Aug 31, 2017 at 11:04 PM, Jesper Wallin  wrote:

> On Thu, Aug 31, 2017 at 07:20:16PM +, Peter Fraser wrote:
> >
> > It would be nice if httpd could be used to convert or ignore case in
> URL's.
>
> Hi Peter,
>
> First of all, from an SEO standpoint, you shouldn't ignore the case in
> URL's, as you end up with duplicate content. Pick a certain naming style
> and use it everywhere on your site.
>
> Your best luck is to check your logs for incorrect links. Then simply
> add a "location" block for every link and redirect it to the correct one
> using a "block return 301". Be sure to use the 301 (Permanently moved)
> to tell clients not to use the old URL anymore.
>
> server "domain.tld" {
> listen on * port 80
>
> location "/FOOBAR.HTML" {
> block return 301 "http://domain.tld/foobar.html";
> }
> }
>
> You can probably make this a bit more universal using patterns(7) for
> the locations block. Also, the example above is more or less copied from
> httpd.conf(5).
>
>
> Another alternative, like you said, is to create a copy of the page. To
> prevent duplicate content and let clients know where your "real" page
> is, use a link canonical tag. E.g,
>
> http://domain.tld/foobar.html";>
>
> However, this won't solve the issue with others linking to the wrong
> pages and it will probably be a real pain to maintain your site.
>
>
> Jesper Wallin
>
>

Re: Moving a Web site from IIS to httpd

[Jesper Wallin]

On Thu, Aug 31, 2017 at 07:20:16PM +, Peter Fraser wrote:
> 
> It would be nice if httpd could be used to convert or ignore case in URL's.

Hi Peter,

First of all, from an SEO standpoint, you shouldn't ignore the case in
URL's, as you end up with duplicate content. Pick a certain naming style
and use it everywhere on your site.

Your best luck is to check your logs for incorrect links. Then simply
add a "location" block for every link and redirect it to the correct one
using a "block return 301". Be sure to use the 301 (Permanently moved)
to tell clients not to use the old URL anymore. 

server "domain.tld" {
listen on * port 80

location "/FOOBAR.HTML" {
block return 301 "http://domain.tld/foobar.html";
}
}

You can probably make this a bit more universal using patterns(7) for
the locations block. Also, the example above is more or less copied from
httpd.conf(5).


Another alternative, like you said, is to create a copy of the page. To
prevent duplicate content and let clients know where your "real" page
is, use a link canonical tag. E.g,

http://domain.tld/foobar.html";>

However, this won't solve the issue with others linking to the wrong
pages and it will probably be a real pain to maintain your site.


Jesper Wallin

Reforma Trabalhista - Aspectos Práticos e os Impactos na Gestão

[Fabio Barbosa]

Desafios e Impactos da

REFORMA TRABALHISTA

Aspectos Práticos e Impactos Diretos na Gestão das Companhias

28 e 29 de setembro 2017 - São Paulo-SP

Identifique previamente os pontos críticos geradores de riscos na gestão e 
administração de recursos humanos, para fortalecer ainda mais o trabalho de 
prevenção de demandas judiciais, além de conhecer as novas oportunidades de 
práticas corporativas.

Principais assuntos a serem tratados 

Regime do Teletrabalho
Contrato de Trabalho Intermitente
Dano Extrapatrimonial
Representação dos Empregados
Responsabilidade por Dano Processual
Incidente de Desconsideração da Personalidade Jurídica
Processo de Jurisdição Voluntária para Homologação de Acordo 
Extrajudicial
Direito Individual do Trabalho
Prescrição Trabalhista
Penalidades Administrativas aplicadas pelos Órgãos de Fiscalização
Jornada de Trabalho e Férias
Proteção do Trabalho da Mulher
Contrato Individual de Trabalho
Remuneração
Extinção Contratual
Direito Coletivo do Trabalho
Direito processual do Trabalho

SOLICITE A PROGRAMAÇÃO COMPLETA E FICHA DE INSCRIÇÃO

VAGAS LIMITADAS!

Para mais informações e inscrição, entre em contato!

Fabio Barbosa

11 4105-3904

11 98661-6822

fabio.b...@gmail.com mailto:fabio.barb...@multicursos.com.br

Não deseja mais receber nossas mensagens? Acesse este link [unsubscribe 
https://u5033597.ct.sendgrid.net/asm/unsubscribe/?user_id=5033597&data=a9JfU2gZxtI-m97v0f3zGjI1rsp3kZ3lxikTdHgfJavQLMPd-fTbx0eOVrWe0k03KacBxbk-ZU8jJLKyf_1q1P1K_ZSYKEybeNi51kJvYXToQGEtlmNiWT8WHoLzw6SXiUIRqmjie4F9JekGkVPff4HdSR35dJnfufgCBRRe6lsx2daCm4s1aK8cGtBC6DsWs-X62ZCdNKN-xgDTBTWP3_Pcpsxygy1OnbaAzJQshDBwkp1UDJK1itnDHVKahJIgSEPGnsWd6gcc3LlWn99VrfjZSFmztFCvCpBorEKDKU1d0woJsbLSouj7eztm8gt42uLb1OX3-lRjamcMSxUV3qhY12QUbP9evAGrsElQuNTFGIqZKMfFOI-owIiRTCwHMYP6C8FHZ4h9QmDqoFDXpg2-7AGIJ_KSrR0v20q8rzzVgnpbHJ3HNxU2EHFUeVH5g0O9XQKLV2NaR1WAgEeW3viNpu4BpF1dyhwOmHVVV93FdZN0nTE5Q45fLxB39pkhXd3qY1Farw4atdjE5RH8y8chaDB5SMh12_smC9Ij0o6Yan9T-N5LFhPHyLBMMuX7UBPYnUFvzbhJhz3fHb3Dgw==]

Moving a Web site from IIS to httpd

[Peter Fraser]

The move was no trouble and simple except of one problem.

I originally moved the files as is to OpenBSD, but the web site at times 
referred to
files using different cases and those references failed, and since IIS ignores 
the case
in filenames there was no problem.

I then lower cased all the file names on OpenBSD, and made all the references
consistently use the lower case name. This fixed the problem with use of the web
site, but there is still the problem of external references that have saved 
URL's
with differing cases.

I could figure out no way to convert the names using HTTPD. My interim 
mitigation
is to create multiple copies of the most used  files with case distinctions  in 
the
web site, the files just redirect to the lower case versions.

It would be nice if httpd could be used to convert or ignore case in URL's.

Re: ECDH

[Patrick Dohman]

I got this working last night.

It appears the certificate was being created incorrectly that certificate 
authority  is unwanted & that the SSL client extension is needed.
Regards
Patrick


> On Aug 30, 2017, at 4:36 PM, Patrick Dohman  
> wrote:
> 
> 
>> Because they copied M$IE. This is no longer the case with the latest version 
>> of FF.
> 
> 
> I read this afternoon that conversion of the certificate type from PEM format 
> to the likes of PKCS#12 allows Firefox to cope 
> with a client server certificate exchange. However this config will likely 
> break Shodan & urchin analytics. 
> 
> I may attempt to test this in the next release...
> 
> 
>> We do not trust browsers keychain management. We use their own keychain with 
>> care, and avoid linking it with system keychain.
> 
> The default Apache SSL verify depth of 10 certificate authorities is often 
> unnecessary & may exacerbate the complex knob patching Ted is attempting 
> simplify. 
> 
> Regards
> Patrick
>