Patch to note Sun M3000 is allergic to OpenBSD right now

[Kurt Mosiejczuk]

Saw some folks talking about Sun M3000 machines that got "bricked" by
installing OpenBSD. (They aren't really bricked, but the unbricking 
process so far is having an Oracle Support contract and getting a hardware
engineer out).

Since some folks apparently pick these up to run OpenBSD, let's move it
from "Untested machines (please help us test!)" to "Unsupported machines"
along with a little note.

--Kurt

Index: sparc64.html
===
RCS file: /cvs/www/sparc64.html,v
retrieving revision 1.389
diff -u -p -r1.389 sparc64.html
--- sparc64.html24 Dec 2017 14:15:34 -  1.389
+++ sparc64.html15 Jan 2018 16:13:51 -
@@ -544,7 +544,6 @@ The following machines may work, but hav
  Sun Netra CP2140
  Sun Netra CP2160
  Sun Netra CP2300
- Sun SPARC Enterprise M3000
 
  Oracle SPARC T3-1B
  Oracle SPARC T4-1B
@@ -597,6 +596,7 @@ The following machines do not run OpenBS
  Fujitsu S-7/300
  Fujitsu GP7000F Model 200/400/600/1000/2000
  Fujitsu PRIMEPOWER 200/400/600/1000/2000 (with SPARC64-IV CPUs)
+ Sun SPARC Enterprise M3000 The OpenBSD installer is known to brick 
this machine
 
 
 

Re: OpenBSD !HTTPS websites - why?

[Allan Streib]

who one  writes:

> 70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , 
> see "Percentage of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is 
> security oriented, HTTPS should be de facto. 

Letsencrypt is possibly not the best example to cite, since they
recently disclosed a vulnerability in one of the protocols they use to
validate control of a domain.

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/5a55777ed9a9c1024c00b241

https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996

Allan

Re: OpenBSD !HTTPS websites - why?

[chohag]

"who one" writes:
> Hello, 
> 
> http://www.openbsdfoundation.org/
> http://firmware.openbsd.org/firmware/
> 
> When can we have HTTPS connection on these websites? 
> 
> What website remains that doesn't have HTTPS yet and related to OpenBSD? 
> 
> Security should be in layers, HTTPS is one additional layer. 
> 
> 70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , 
> see "Percentage 
> of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is security oriented, 
> HTTPS should be 
> de facto. 

What security does exposing openbsd.org's public websites over https grant? 
What threat model is doing so, with all the extra work and extra opportunities 
for failure, supposed to circumvent? Security is not a flag you can toggle on 
or off. The x509-based PKI is a racket which I, for one, am glad openbsd has 
not succumbed to.

This has been discussed ad nauseum.

Matthew

Re: Hotplug USB teethering using an Android phone

[edgar]

On Jan 15, 2018 1:42 PM, ed...@pettijohn-web.com wrote:
>
>
> On Jan 15, 2018 12:25 PM, Alexander Hall  wrote:
> >
> >
> >
> > On January 15, 2018 9:10:12 AM GMT+01:00, "Jean-Michel Pouré" 
> >  wrote:
> > >
> > >Dear all,
> > >
> > >First, I would like to thank you all for the hard work over OpenBSD
> > >over the years. 
> > >
> > >My question is about USB teethering using an Android phone. I would
> > >like to mount urdnis0 and dhcp interface as soon as the phone is
> > >connected.
> > >
> > >urdnis is configured as follows:
> > >
> > >$cat /etc/hostname.urndis0 
> > >up
> > >dhcp
> > >
> > >hotplugd is running as follows:
> > >
> > >$cat /etc/hotplug/attach   
> > >  
> > >#!/bin/sh 
> > > 
> > >DEVCLASS=$1 
> > >DEVNAME=$2 
> > > 
> > >case $DEVCLASS in 
> > >3) 
> > >    # network devices; requires hostname.$DEVNAME 
> > >    sh /etc/netstart $DEVNAME 

Sorry
sh /etc/netstart "$DEVNAME"0

> maybe
> > >    ;; 
> > >esac
> > >
> > >Do you know why dhcpclient is not triggered over phone usb connection?
> >
> > Maybe
> >
> > # chmod +x /etc/hotplug/attach
> >
> > If not, try
> >
> > logger "attach $*" or somesuch in the script, to see if it is run at all.
> >
> > /Alexander
> >

Re: Hotplug USB teethering using an Android phone

[Alexander Hall]

On January 15, 2018 9:10:12 AM GMT+01:00, "Jean-Michel Pouré"  
wrote:
>
>Dear all,
>
>First, I would like to thank you all for the hard work over OpenBSD
>over the years. 
>
>My question is about USB teethering using an Android phone. I would
>like to mount urdnis0 and dhcp interface as soon as the phone is
>connected.
>
>urdnis is configured as follows:
>
>$cat /etc/hostname.urndis0 
>up
>dhcp
>
>hotplugd is running as follows:
>
>$cat /etc/hotplug/attach   
>  
>#!/bin/sh 
> 
>DEVCLASS=$1 
>DEVNAME=$2 
> 
>case $DEVCLASS in 
>3) 
># network devices; requires hostname.$DEVNAME 
>sh /etc/netstart $DEVNAME 
>;; 
>esac
>
>Do you know why dhcpclient is not triggered over phone usb connection?

Maybe

# chmod +x /etc/hotplug/attach

If not, try

logger "attach $*" or somesuch in the script, to see if it is run at all.

/Alexander

Re: Performance issues as KVM guest?

[Tom Smyth]

Hello,

Just to clarify  Todds / Stefans Email earlier in the chain, (Thanks
Stefan and Todd,)


disable kvm_intel.preemption_timer on the host (see \
> /sys/module/kvm_intel/parameters/preemption_timer ) This seems to be buggy in 
> linux \
> 4.10 and newer

disabling intel-kvm preemption_timer worked for me and it resolved the
timer drift issue
in openbsd on Proxmox 5.1

so in debian / proxmox  I ran the following command

echo options kvm-intel preemption_timer=N >>/etc/modprobe.d/kvm-intel.conf

then reboot the host,  (the open BSD guest vm default settings seemed
to work fine )


disable kvm_intel.preemption_timer on the host (see \
> /sys/module/kvm_intel/parameters/preemption_timer ) This seems to be buggy in 
> linux \
> 4.10 and newer






On 12 January 2018 at 13:11, Tom Smyth  wrote:
> Hello Todd,
>
> This issue (Virtual hardware issue happens on latest proxmox5.x  but
> not on Proxmox 4.4 ) with 6.2 (and 6.1 for that matter)
> It is discussed here
> https://marc.info/?l=openbsd-misc=151472854021947=2
>
> but in recent versions of Proxmox 5.1 (QEMU/KVM)   there were no console 
> freezes
> (Proxmox updates fixed this issue (ie virtual  Hardware Fix not an
> OpenBSD Software Fix)
> https://marc.info/?l=openbsd-misc=151467636114177=2
>
>
> So OpenBSD 6.2 Runs Fine on older QEMU and KVM but not on latest  KVM QEMU
>
> My 2 cents is that the issue is a change in Virtual Hardware that is
> incompatible with
> OpenBSD  as opposed to change in OpenBSD that has caused the issue,
>
>
> in my humble opinion it is more likely a old driver incompatibility
> with newer (Virtual) hardware.
>
>
>
> I hope this helps
> Tom Smyth



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0

[Tom Smyth]

Hello all, I just want to reference the following post which resolved
my issues of running
OpenBSD guests on Proxmox 5.x

Just to clarify  Todds / Stefans Email in another thread  (Thanks
Stefan and Todd,)

https://marc.info/?l=openbsd-misc=151600765414976=2


disable kvm_intel.preemption_timer on the host (see \
> /sys/module/kvm_intel/parameters/preemption_timer ) This seems to be buggy in 
> linux \
> 4.10 and newer

disabling intel-kvm preemption_timer worked for me and it resolved the
timer drift issue
in openbsd on Proxmox 5.1

so in debian / proxmox  I ran the following command

echo options kvm-intel preemption_timer=N >>/etc/modprobe.d/kvm-intel.conf
Thanks,

Tom Smyth

On 30 December 2017 at 23:25, Tom Smyth  wrote:
> Hello I have repeated OpenBSD 6.2  Testng on Proxmox PVE
> 5.1 3r Relasee CD
>
> The console does not hang like in previous releases of Proxmox
> PVE 5.x
> However the issue of  delays between pings (slow sleep time) stil
> is there since the 5.1 Release 2 and is present in 5.1 release 3 iso
> (the Proxmox 5.1 CD that was released 22 December 2017
>
> if I do date;sleep 1;date
> I will get the first time and date, and the second time about
> 9-11 seconds after the first...  and the interval between pings is
> sporadic... I will raise a case with Proxmox again about this
> Ill do some further digging...
> Thanks
>
> On 27 October 2017 at 07:18, Tom Smyth  wrote:
>> Hello Theo, Mike, All,
>>
>> @Theo Understood it is important to protect developers and the project goals
>> ... @Mike Thanks for your Generosity in the time you took on this thread,
>> Yes I want Mike to make VMM more awesome :)  @Mike keep up the good work
>>
>> I cant disagree with any point that Theo made in his email on this tread
>> that said,
>> unfortunately I cant always choose my hypervisor and I dearly want to run
>> OpenBSD on it proxmox...
>>
>> I do think (based on the fact that OpenBSD 6.0-6.2 works on PVE 4.4 it is
>> probably a (virtual Hardware issue ) .. not necessarily an OpenBSD issue
>> I will raise this with the PVE Support guys (as I have already done since mid
>> July )
>>
>> Any further posts on this thread from me will be (hopefully for other OpenBSD
>>  users benefit (if I make progress)
>> and certainly not intended as a request or a distraction for Core
>> OpenBSD Developers
>>
>> All the Best,
>>
>> Tom Smyth
>>
>> On 27 October 2017 at 06:37, Theo de Raadt  wrote:
>>> Tom,
>>>
>>> A virtual machine setup is an operating system running on an operating
>>> system on top of an operating system.
>>>
>>> OK, not quite.  The middle one, the VM itself, is as a bit less
>>> complex than a full operating system as machine-independent code goes,
>>> but nevertheless the machine-dependent bat-shit-crazy stuff is far
>>> more complex with gobs of extremely messy nuances face it on both
>>> sides because x86 is a fucking minefield
>>>
>>> Everyone needs to adjust their expectation that all 3 layers are
>>> perfect, AND not assume that it is our layer doing the wrong thing
>>>
>>> Really the layers should simplify but the current marketplace is still
>>> gaining more value out of product differentiation than
>>> simplification+convergence, both sw and hw
>>>
>>> Even if our subsystem isn't doing something 'right', it is NOT the
>>> stated goal of OpenBSD to run well on every garbage VM, because it has
>>> become impossible for the little guy to be perfect.
>>>
>>> Concerted efforts to diagnose and improve these low-level issues uses
>>> the same crowd of people who are trying to improve other edges which
>>> may be more important.  do you want our vmm to work well?  or do you
>>> want us to work better on someone else's vmm?  Sorry, limited
>>> skillset, pick what you want mlarkin to focus on!  But that is unfair,
>>> and even if he listened to your wishlist, UNPRODUCTIVE.
>>>
>>> Where does this go?  Get ready for monopolies in everything, or
>>> oligopolies at best... or fight their establishment.
>>>
 Just to say the gaps in ping response seems  get worse as the uptime 
 increases
 ie
 with the uptime around 5 minutes the gaps between ping results are around 
 1 sec
 (what I consider normal)
 with the uptime around 2 hrs 45 minutes the gaps between ping results are 
 13 sec
 with the uptime 8 hrs 30 minutes  the gaps between ping results are 35 
 seconds

 Output of sysctl kern.timecounter below

 kern.timecounter.tick=1
 kern.timecounter.timestepwarnings=0
 kern.timecounter.hardware=acpihpet0
 kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000)
 dummy(-100)

 I will change the ACPI  now to i8254  and report back later on
 Thanks


 On 26 October 2017 at 20:25, Mike Belopuhov  wrote:
 > On Thu, Oct 26, 2017 at 19:05 +0100, Tom Smyth wrote:
 >> Lads,
 >>
 >> Im pleased to say 

Re: OpenBSD !HTTPS websites - why?

[Jonathan Sélea]

Hi,

I can't really find a form on any of those websites so SSL/TLS does not
really matter in this case.
The only thing SSL/TLS will do is to improve CEO and load times ( if
http/2 and brotli is not implemented). And as Allan said LE is not a
good alternative either.

With that being said - HTTPS on the sites mentioned should still be an
option and should be considered.

/ Jonathan


On 2018-01-15 11:07, who one wrote:
> Hello, 
>
> http://www.openbsdfoundation.org/
> http://firmware.openbsd.org/firmware/
>
> When can we have HTTPS connection on these websites? 
>
> What website remains that doesn't have HTTPS yet and related to OpenBSD? 
>
> Security should be in layers, HTTPS is one additional layer. 
>
> 70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , 
> see "Percentage of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is 
> security oriented, HTTPS should be de facto. 
>
> Many thanks.
>




signature.asc
Description: OpenPGP digital signature

Re: landisk hardware

[Diana Eichert]

I used to have several Plextors at work and home.  I still have one
running at home, see below.
$ uname -a
OpenBSD plexy.wrench.com 4.4 GENERIC#190 landisk

The serial console is wired up too.

diana

On Sun, 14 Jan 2018, Jordan Geoghegan wrote:


Hi folks,

Does anyone know where I can get my hands on some landisk hardware? I would 
love to play with some SH4 kit but am having trouble tracking down any 
supported models. Any suggestions?


Thanks,

Jordan Geoghegan

Re: Hotplug USB teethering using an Android phone

[edgar]

On Jan 15, 2018 12:25 PM, Alexander Hall  wrote:
>
>
>
> On January 15, 2018 9:10:12 AM GMT+01:00, "Jean-Michel Pouré" 
>  wrote:
> >
> >Dear all,
> >
> >First, I would like to thank you all for the hard work over OpenBSD
> >over the years. 
> >
> >My question is about USB teethering using an Android phone. I would
> >like to mount urdnis0 and dhcp interface as soon as the phone is
> >connected.
> >
> >urdnis is configured as follows:
> >
> >$cat /etc/hostname.urndis0 
> >up
> >dhcp
> >
> >hotplugd is running as follows:
> >
> >$cat /etc/hotplug/attach   
> >  
> >#!/bin/sh 
> > 
> >DEVCLASS=$1 
> >DEVNAME=$2 
> > 
> >case $DEVCLASS in 
> >3) 
> >    # network devices; requires hostname.$DEVNAME 
> >    sh /etc/netstart $DEVNAME 

sh /etc/"$DEVNAME"0

maybe
> >    ;; 
> >esac
> >
> >Do you know why dhcpclient is not triggered over phone usb connection?
>
> Maybe
>
> # chmod +x /etc/hotplug/attach
>
> If not, try
>
> logger "attach $*" or somesuch in the script, to see if it is run at all.
>
> /Alexander
>

Re: 4G modems for OpenBSD?

[Israel Brewster]

> On Jan 9, 2018, at 11:06 PM, Daniel Gracia  wrote:
> 
> This scenario is trivial, as far as the Sierra Wireless Airlink supports UDP 
> client/server links. I.e., a properly configurated gateway (easily done 
> through their web interface) should be able to accept UDP packets on any 
> defined port and accept messages in the form 
> '<<>>', so just using netcat to send the 
> line
> 
> <<<16046556677,ASCII,14,5448495320495320412054455354>>>
> 
> (being the message formatted in hex ASCII, in this case 'THIS IS A TEST') 
> will do the trick. You should receive another UDP packet to a port of your 
> choice ACKing the message. And that's all.
> 
> Regards!
> 
> 

Thanks. Yeah, I saw that in the documentation, and after discussing with my 
coworkers we're thinking this is the way to go. Perhaps a bit pricier than 
other options, but it looks like it could be more useful. The main thing will 
be to work out the code that receives the response such that I can receive both 
ACKs as well as incoming messages (if we decide to do so), but that's what 
makes it fun!

> 
> 2018-01-09 18:03 GMT+01:00 Israel Brewster  >:
> On Jan 9, 2018, at 12:07 AM, Daniel Gracia  > wrote:
>> 
>> Maybe this is not exactly the solution you're looking for, but have you
>> considered using a 4G gateway? In the past I've had great success with
>> Sierra Wireles AirLink family. It's pretty easy to send SMS commands
>> through IP with them, so a local Ethernet connection to the gateway should
>> do the trick. Neat devices!
> 
> Sounds worth checking out. I can always connect it directly via a second 
> ethernet port or the like, so being IP should be fine.
> 
> The main concern is that the machine in question be able to get a message 
> out, even if the switch it is connected to dies. So a little creative 
> networking, and a solution like this should be fine, as long as the SMS 
> commands can be sent from the command line. 
> 
> Thanks!
> 
> ---
> Israel Brewster
> Systems Analyst II
> Ravn Alaska
> 5245 Airport Industrial Rd 
> 
> Fairbanks, AK 99709 
> 
> (907 
> )
>  450-7293
> ---
>> 
>> Regards,
>> 
>> 
>> 2018-01-09 1:35 GMT+01:00 Israel Brewster > >:
>> 
>>> Could anyone suggest a USB 4G cell modem model that will work well with
>>> OpenBSD, specifically SMSTools? I've looked over most of the list in "man
>>> umsm", but those all appear to be 3G. That said, I haven't checked every
>>> model on the list, so there could be one or more 4G models that I missed.
>>> I've also seen this thread: http://openbsd-archive.7691 
>>> .
>>> n7.nabble.com/4g-LTE-modem-td106310.html 
>>>  
>>> .
>>> n7.nabble.com/4g-LTE-modem-td106310.html 
>>> >, but that is over 5 
>>> years old.
>>> There is also this thread: http://openbsd-archive.7691 
>>> .
>>> n7.nabble.com/Anyone-experienced-with-4G-LTE-modems-td281872.html 
>>>  <
>>> http://openbsd-archive.7691.n7.nabble.com/Anyone-experienced-with-4G-LTE- 
>>> 
>>> modems-td281872.html>, but that doesn't appear to offer any suggestions
>>> of USB cell modems - just suggestions of using external cellular routers.
>>> 
>>> I do need a direct USB connection for the purposes of sending SMS messages
>>> directly from the system, i.e. I need to be able to send a SMS even if the
>>> internet is down, so online cloud services or the like that can convert
>>> e-mail to SMS aren't an option. Thanks.
>>> 
>>> ---
>>> Israel Brewster
>>> Systems Analyst II
>>> Ravn Alaska
>>> 5245 Airport Industrial Rd 
>>> 
>>> Fairbanks, AK 99709 
>>> 
>>> (907 
>>> )
>>>  450-7293
>>> ---
>>> 
>>> 
>>> 
>>> 
>>> 
> 
> 

Re: Integrating "safe" languages into OpenBSD?

[Max Hayden Chiz]

On Sun, Dec 3, 2017 at 7:59 PM, Nicolas Schmidt 
wrote:
> Hi,
>
> I recently watched a recording of Theo's talk on pledge at
> EuroBSDCon 2017, in which the question of memory-safe
> languages and their practical usefulness came up. Specifically,
> someone in the audience criticized the approach taken by
> OpenBSD, which (as I understand) accepts that all software
> is broken and mitigates the damage caused
> by various classes of exploits through techniques like ASLR, and
> suggested that instead one should stick to "memory safe languages"
> to avoid these exploits altogether.
>
> As a response to this, Theo asked rhetorically "Where's ls, where's
> cat, where's grep, and where's sort?", implying that noone so far
> bothered to write implementations of even the basic unix utilities
> in such a language.
>
> This brings me to the question, what if someone actually bothered?
> Under what conditions would you consider replacing one of the
> current C implementations with an implementation written in
> another, "safer" language? Note that with Cgrep and haskell-ls,
> there do in fact exist implementations/analogues of two of the
> mentioned utilities in a memory safe language (Haskell).

Sorry for the thread res, but I wanted to add something to this discussion
and didn't have a chance until now.

There's a big misconception here about the point of "safe" languages. Safe
languages are *not* a security feature.

Let's take Rust as an example. Neither of the "two remote holes" would have
been caught by Rust's features. Rust doesn't protect against integer
overflow errors. *At best*, if SSH had been written in Rust, it would have
turned the remote hole into a failed bounds check and a panic. So instead
of a remote hole, we'd have had a denial of service attack. More
realistically, if the code in question had been part of an "unsafe" block,
the same security breach would have occurred.

Similarly, Rust doesn't prevent SSL from being written with spaghetti code
and obfuscating the fact that it was taking a user provided number to use
as a bounds check on a crappy custom memory structure. The same limitations
holds for most of the security bugs recorded in the CERT C standard. The
ones that can be automatically checked can be detected by C programming
tools. The ones that can't be automatically checked don't magically go away
when you use Rust.

More fundamentally, even if you have an application written in a safe
language, you have no way of examining the binary and knowing that those
safety guarantees still hold. In an embedded system, you can do verified
programming, use a verified compiler, and then make sure that the binary
can't be modified afterward by using read-only memory. (And you could still
have a problem due to a hardware bug.) None of that stuff is available or
practical for OpenBSD. Even worse, if your "safe" system has an elaborate
run-time, like Java or JavaScript, that run-time itself becomes an attack
surface. (Just look at how many security issues these things have had over
the years.)

Moreover, *good* C code is about as safe as it can be. CCured was an
application that (in part) could automatically prove that large aspects of
C programs were safe. In practice about 90% of the code was safe as-is.
Another 9% was safe if it had a bounds check (the system couldn't verify
this). And only 1% needed special handling. If you translate the code into
Rust, you are just going to end up proving that the safe 90% is safe and
the remaining 10% will live in an "unsafe" block because of what it does.

Contra the questioner's assumption, the real point of safe languages is
that they enhance programmer productivity by handling certain repetitive
issues automatically and by allowing for easier use of higher-level
language constructs. Done well, a safe language makes your code more
compact, faster to write, and easier to reason about.

But stated that way, it's obvious that OpenBSD won't benefit from them. For
one, an operating system is inherently low-level and doesn't have much room
for higher-level constructs. For another, productivity enhancements only
count when you are writing code from scratch. Re-writing the 3M+ lines of
OpenBSD's kernel code would be an obvious waste. (Not to mention the rest
of the system.)

Don't get me wrong, I think Rust is worth using in a new project for a
sufficiently complex application. But "use the right tool for the job"
applies here. Most of what an OS does (be it the kernel, ld.so, or the
various state machines inside of priv-sep'ed services) is "low-level" and
benefits from neither the additional abstraction nor from the safety
guarantees that you'd just have to disable or work around.

In contrast to mere memory-safety, how to do *low-level* programming in a
verifiable, bug-free way is still an active area of language research.
There are some promising developments out there, and rather than rewriting
Unix tools in Rust or making yet another 

Re: bsd.mp not installed on EdgeRouter Lite

[jungle Boogie]

On 12 January 2018 at 08:24, Scott Bennett  wrote:
> After reading INSTALL.octeon, I was able to write miniroot62.fs to a usb,
> plug that into the ERL, and perform a normal installation. The problem is
> that the installer was not able to detect both cores, so it only installed
> bsd.sp (bsd.mp was not an option in the set selection).

See this post:
https://an.undulating.space/post/171020-erl-openbsd-smp/

See this reddit thread:
https://www.reddit.com/r/openbsd/comments/7agdgh/openbsd_62_on_edgerouter_lite_with_bsdmp/

Hope that helps

Re: Performance issues as KVM guest?

[Infoomatic]

Hi Stefan,

Thanks a lot, that solved the problem! 
However, I still wonder why the difference in cputime consumption between a 
FreeBSD KVM and a OpenBSD KVM (both just a basic install) is so huge ... now I 
see 643min on OpenBSD vs 46min on FreeBSD.

Regards,
Robert

> Gesendet: Freitag, 12. Januar 2018 um 12:48 Uhr
> Von: "Stefan Fritsch" 
> An: Infoomatic 
> Cc: misc@openbsd.org
> Betreff: Re: Performance issues as KVM guest?
>
> Hi, I don't see this issue on my Debian system, but please try two things: * 
> disable kvm_intel.preemption_timer on the host (see 
> /sys/module/kvm_intel/parameters/preemption_timer ) This seems to be buggy in 
> linux 4.10 and newer * enable hpet in the vm config: Make sure there is no in 
> your libvirt xml (or don't pass -ho-hpet to qemu). Unfortunately, newer 
> libvirt versions seem to disable hpet by default. Different issue: If you 
> remove the USB controllers, the CPU load on the host will reduce by a few 
> percent (~ 3%). Add and remove all other usb controller sections. Just 
> removing the usb controller sections without adding the 'none' makes libvirt 
> add them back (this is stupid). Cheers, Stefan On Fri, 12 Jan 2018, 
> Infoomatic wrote: > Same problem here. While we did have significant 
> differences in cpu > usage between FreeBSD and OpenBSD (basic OS without 
> configuration: > FreeBSD ~ 33min CPU time, OpenBSD ~ 474min CPU time - both 
> started at > the same time), with the latest kernel patches for Ubuntu 17.04 
> (our > test environments all run Ubuntu 17.04 for KVM VMs), OpenBSD now 
> becomes > practically unusable: as soon as I su or login on the console with 
> su, > cpu usage is at 100% - the system freezes. :-/ guess we need some > 
> dedicated BSD machines to host some test-VMs ;-) > > Regards, > Robert > > > 
> > Gesendet: Donnerstag, 11. Januar 2018 um 20:32 Uhr > > Von: "Kirill 
> Miazine" > > An: misc@openbsd.org > > Betreff: Re: Performance issues as KVM 
> guest? > > > > * Kent Watsen [2018-01-11 17:38]: > > [...] > > > > > Since my 
> hosting provider https://www.bytemark.co.uk/cloud-hosting/ > > > > > patched 
> for Meltdown last weekend I'm seeing significant performance > > > > > issues 
> with an OpenBSD virtual instance there. It seems okay after a > > > > > fresh 
> reboot but then progressively returns to being very slow: for > > > > > 
> example "sleep 1" may take four seconds, then five, six, seven, then > > > > 
> > rather more. Curiously it does tend to be an integral multiplier. > > > > > 
> > > > > > I wondered, is anybody else seeing significant performance problems 
> with > > > > > OpenBSD (or other BSDs) virtual instances since Meltdown 
> patching? Is > > > > > there anything to tweak at my end or am I reliant on 
> the provider? > > > > > > > > > > -- Mark > > > > > > > > > There are a ton 
> of threads talking about this issue, and it's not meltdown > > > > specific. 
> Please search the archives. > > > > > > > > -ml > > > > > > [...] > > > Also, 
> Mark, could you say some more about the issue.  For instance, how long > > > 
> after a reboot does it take until you start to notice the issue, and how > > 
> > quickly does it get worse? > > > > I'm another customer of Bytemark 
> experiencing the same issue. I'm taking > > care of one VM there and I'm 
> primarly noticing it in two situations: > > sleep() takes a long time (e.g. 
> sleep(1) might take up to 40 seconds) > > and the clock slows down. > > > > 
> Right now, 9 hours after reboot, the clock on VM is 3 hours behind real > > 
> clock. And sleep(1) takes 13 secs: > > > > km@buildfarm ~ $ time sleep 1 > > 
> 0m13.85s real 0m00.00s user 0m00.01s system > > > > This all started after 
> the host was patched and VM rebooted. > > > > Bytemark guys are looking at 
> the issue and doing their own debugging. > > Here're findings so far: > > > > 
> I spun a few OpenBSD VMs up and left them overnight - looks like the > > 
> clock isn't drifting but there's still the 'time sleep 1' issue. > > My 
> testing results seemed to concur with User_4574's, virtio was slowing > > 
> down only a few minutes after a fresh install whereas compatibility > > would 
> stick at 1s, jump to 2s, etc. > > > > > > Thanks, > > > Kent > > > > > > > -- 
> > > -- Kirill Miazine > > > > > >

OpenBSD !HTTPS websites - why?

[who one]

Hello, 

http://www.openbsdfoundation.org/
http://firmware.openbsd.org/firmware/

When can we have HTTPS connection on these websites? 

What website remains that doesn't have HTTPS yet and related to OpenBSD? 

Security should be in layers, HTTPS is one additional layer. 

70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , 
see "Percentage of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is 
security oriented, HTTPS should be de facto. 

Many thanks.

Re: help understanding ikectl error messages

[Stuart Henderson]

On 2018/01/15 06:35, Andreas Thulin wrote:
> Sorry, my bad!
> 
> 6.2-stable. And after sending my e-mail, I found a post about this issue, 
> that ended up in
> ikeca.c (?) having been patched on 8 November last year to resolve the same 
> issue, I believe. I
> have installed 6.2-current on another machine to figure out if that solves 
> the problem.
> 
> BR, Andreas

Thanks - -current should fix this. (I did think that it had been fixed
before 6.2 which is why I asked about the version, but yes it looks like
this one wasn't fixed until 8 Nov).

Re: 6.2-current on a MacBook

[Joerg Jung]

> Am 13.01.2018 um 16:35 schrieb Jan Stary :
> 
> What do people use for pasting instead of
> the nonexistent and shift-insert?

Do you have a  key?

Try ++ to get insert,
works for me on newer models.

Similar page scroll up/down can be reached 
through fn and cursor keys.
delete is backspace + fn.

Re: 6.2-current on a MacBook

[Mario]

On 15/01/18 10:43, Joerg Jung wrote:

Am 13.01.2018 um 16:35 schrieb Jan Stary :

What do people use for pasting instead of
the nonexistent and shift-insert?

Do you have a  key?

Try ++ to get insert,
works for me on newer models.

Similar page scroll up/down can be reached
through fn and cursor keys.
delete is backspace + fn.


Cmd-v should work


--
Grüße/Regards

Mario

Re: OpenBSD !HTTPS websites - why?

[Stuart Henderson]

On 2018-01-15, who one  wrote:
> Hello, 
>
> http://www.openbsdfoundation.org/
> http://firmware.openbsd.org/firmware/
>
> When can we have HTTPS connection on these websites? 
>
> What website remains that doesn't have HTTPS yet and related to OpenBSD? 
>
> Security should be in layers, HTTPS is one additional layer. 
>
> 70% of the websites in the world uses HTTPS: https://letsencrypt.org/stats/ , 
> see "Percentage of Web Pages Loaded by Firefox Using HTTPS". If OpenBSD is 
> security oriented, HTTPS should be de facto. 
>
> Many thanks.
>
>

I can't speak for openbsdfoundation, but for firmware.openbsd.org it's
hosted on various machines run by different people. I'm not sure if
there's any viable way to handle keys and certificates for this type
of situation.

Firmware packages do have signify(1) signatures themselves. These
are verified early - before passing to gzip to decompress them.
However there is a remaining issue that a MITM could suppress
certain packages, or provide older signed versions.

Re: risc-v

[flipchan]

I love risc-v !

But has risc-v started producing on real hardware and not kvm/qemu ? would be 
cool to have that

On January 14, 2018 9:43:27 PM GMT+01:00, "Peter J. Philipp"  
wrote:
>Is anyone interested/working/planning around this ingenious open source
>Instruction Set Architecture?  Not many developer boards yet but there
>is 
>simulators...
>
>Small contribution from me (how to compile riscv-qemu on OpenBSD
>6.2-stable):
>
>http://centroid.eu/blog/index.php?article=1515597453  <-- needs
>javascript to
>view
>
>I've spent a few hours trying to compile a cross compiler but haven't
>had
>much luck with that, my ultimate goal would be to boot OpenBSD on qemu
>and
>by then there would be enough developer boards perhaps to look further.
>
>More interesting things are found at https://riscv.org , there is a
>FreeBSD
>port but I had problem building it in vmware.  Perhaps FreeBSD can
>serve as
>a helping source to port OpenBSD to this?
>
>Regards,
>-peter

-- 
Take Care Sincerely flipchan layerprox dev

Re: risc-v

[S V]

iirc sifive made some devkits https://dev.sifive.com/freedom-soc/evaluate/fpga/

2018-01-15 11:25 GMT+03:00 flipchan :
> I love risc-v !
>
> But has risc-v started producing on real hardware and not kvm/qemu ? would be 
> cool to have that
>
> On January 14, 2018 9:43:27 PM GMT+01:00, "Peter J. Philipp" 
>  wrote:
>>Is anyone interested/working/planning around this ingenious open source
>>Instruction Set Architecture?  Not many developer boards yet but there
>>is
>>simulators...
>>
>>Small contribution from me (how to compile riscv-qemu on OpenBSD
>>6.2-stable):
>>
>>http://centroid.eu/blog/index.php?article=1515597453  <-- needs
>>javascript to
>>view
>>
>>I've spent a few hours trying to compile a cross compiler but haven't
>>had
>>much luck with that, my ultimate goal would be to boot OpenBSD on qemu
>>and
>>by then there would be enough developer boards perhaps to look further.
>>
>>More interesting things are found at https://riscv.org , there is a
>>FreeBSD
>>port but I had problem building it in vmware.  Perhaps FreeBSD can
>>serve as
>>a helping source to port OpenBSD to this?
>>
>>Regards,
>>-peter
>
> --
> Take Care Sincerely flipchan layerprox dev



-- 
Nerfur Dragon
-==(UDIC)==-

Re: risc-v

[Peter J. Philipp]

On Mon, Jan 15, 2018 at 08:25:58AM +, flipchan wrote:
> I love risc-v !
> 
> But has risc-v started producing on real hardware and not kvm/qemu ? would be 
> cool to have that
> 

In the riscv.org news there is this:

https://abopen.com/news/future-ships-avalanche-fpga-dev-board-risc-v-core/

But its a little pricy, I suspect there is more of these kinds of dev boards
coming.

Regards,
-peter

Re: risc-v

[Alexis]

flipchan  writes:


I love risc-v !

But has risc-v started producing on real hardware and not 

kvm/qemu ?

Yes; cf. e.g.

https://riscv.org/risc-v-cores/#fe310-g000

which is used for the HiFive1 Arduino board.


Alexis.

Re: risc-v

[Peter J. Philipp]

On Mon, Jan 15, 2018 at 08:46:19AM +0100, Janne Johansson wrote:
> Perhaps take a look at what kevlo@ started doing?
> 
> https://marc.info/?l=openbsd-ports=150148952705168=2

Awesome!  That basically did what I had planned next, so then I can look at
getting an OpenBSD kernel cross compiled (perhaps with a freebsd locore?) and
that would further my goal of booting a bsd.rd or something in qemu.

Cheers,
-peter


> 2018-01-14 21:43 GMT+01:00 Peter J. Philipp :
> 
> > Is anyone interested/working/planning around this ingenious open source
> > Instruction Set Architecture?  Not many developer boards yet but there is
> > simulators...
> >
> > Small contribution from me (how to compile riscv-qemu on OpenBSD
> > 6.2-stable):
> >
> > http://centroid.eu/blog/index.php?article=1515597453  <-- needs
> > javascript to
> > view
> >
> > I've spent a few hours trying to compile a cross compiler but haven't had
> > much luck with that, my ultimate goal would be to boot OpenBSD on qemu and
> > by then there would be enough developer boards perhaps to look further.
> >
> > More interesting things are found at https://riscv.org , there is a
> > FreeBSD
> > port but I had problem building it in vmware.  Perhaps FreeBSD can serve as
> > a helping source to port OpenBSD to this?
> >
> > Regards,
> > -peter
> >
> >
> 
> 
> -- 
> May the most significant bit of your life be positive.

Re: risc-v

[Karel Gardas]

Have a look at SiFive.com -- they are probably closest to have some IP 
capable of running general purpose OS.


You can try their Freedom SoC U500, but supported Virtex platform is 
quite costy... Or you can wait if their U54-MC CPU appear somehow in the 
market...



On 01/15/18 09:25, flipchan wrote:

I love risc-v !

But has risc-v started producing on real hardware and not kvm/qemu ? would be 
cool to have that

On January 14, 2018 9:43:27 PM GMT+01:00, "Peter J. Philipp"  
wrote:

Is anyone interested/working/planning around this ingenious open source
Instruction Set Architecture?  Not many developer boards yet but there
is
simulators...

Small contribution from me (how to compile riscv-qemu on OpenBSD
6.2-stable):

http://centroid.eu/blog/index.php?article=1515597453  <-- needs
javascript to
view

I've spent a few hours trying to compile a cross compiler but haven't
had
much luck with that, my ultimate goal would be to boot OpenBSD on qemu
and
by then there would be enough developer boards perhaps to look further.

More interesting things are found at https://riscv.org , there is a
FreeBSD
port but I had problem building it in vmware.  Perhaps FreeBSD can
serve as
a helping source to port OpenBSD to this?

Regards,
-peter

Re: help understanding ikectl error messages

[Andreas Thulin]

Thanks Stuart for replies! I can confirm that I could proceed without
issues on 6.2-current. :-)

BR, Andreas
mån 15 jan. 2018 kl. 10:31 skrev Stuart Henderson :

> On 2018/01/15 06:35, Andreas Thulin wrote:
> > Sorry, my bad!
> >
> > 6.2-stable. And after sending my e-mail, I found a post about this
> issue, that ended up in
> > ikeca.c (?) having been patched on 8 November last year to resolve the
> same issue, I believe. I
> > have installed 6.2-current on another machine to figure out if that
> solves the problem.
> >
> > BR, Andreas
>
> Thanks - -current should fix this. (I did think that it had been fixed
> before 6.2 which is why I asked about the version, but yes it looks like
> this one wasn't fixed until 8 Nov).
>
>

Hotplug USB teethering using an Android phone

[Jean-Michel Pouré]

Dear all,

First, I would like to thank you all for the hard work over OpenBSD
over the years. 

My question is about USB teethering using an Android phone. I would
like to mount urdnis0 and dhcp interface as soon as the phone is
connected.

urdnis is configured as follows:

$cat /etc/hostname.urndis0 
up
dhcp

hotplugd is running as follows:

$cat /etc/hotplug/attach  
#!/bin/sh 
 
DEVCLASS=$1 
DEVNAME=$2 
 
case $DEVCLASS in 
3) 
# network devices; requires hostname.$DEVNAME 
sh /etc/netstart $DEVNAME 
;; 
esac

Do you know why dhcpclient is not triggered over phone usb connection?

Kind regards,
-- 
Jean-Michel Pouré