Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
2016-10-19 12:59 GMT+08:00 Ralph Siegler: .. > too expensive to have for development, too expensive to run, to > expensive for a userbase while businesses waited for a mature version, no > compelling use case in the open source world that couldn't be done with > Xeon drawing half to a third the power. > Ralph, At 2850 to 5300 USD for rack chassi+mobo+CPU, I think Power8 servers do make sense - it seems like a great way to diversify from AMD64, while still in a robust server architecture. Oracle have been talking about making a low-end server model of their new Sparc64 chip, I guess that one will sell at around 5000 USD too. So then there's two alternative architectures to AMD64, great! (I didn't see any convincing ARM64 servers on the market yet.)
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Wed, 19 Oct 2016 12:29:21 +0800, Mikael wrote: > 2016-10-19 6:51 GMT+08:00 Ralph Siegler: > .. > >> no one is going to buy box from product line that starts at $11,000 >> (non- >> >> > Power8 machine offers start at USD 2,850: > http://www.tyan.com/campaign/openpower/index.html > > And their standard prices are USD 5,530 and up, that is > http://www.tyan.com/Barebones_TN71-BP012_BSP012T71V14HR-4T-3 . that is not an IBM Power E8xx or S8xx server, it can't for example run AIX or system i, has different architecture Porting OpenBSD to Tyan would not give you an OpenBSD that ran on IBM business system
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Tue, 18 Oct 2016 21:42:13 -0500, Chris Bennett wrote: > On Wed, Oct 19, 2016 at 02:06:51AM +, Ralph Siegler wrote: >> >> Linux on Power8 provides a way to run certain closed source softwares >> that are certified to run on Linux on PowerPC. Of course, those >> softwares generally run even faster on AIX with less "loose ends" and >> bugs because they were specifically developed and tuned for a couple >> decades using bespoke tools before recent porting to Linux. >> >> > Hmm. OpenBSD's license does not in any way prohibit using closed source > software with it. Would it be better than AIX or Linux? None of that closed source software will ever run on OpenBSD. There will never be IBM Websphere for OpenBSD, nor Lawson Financials for OpenBSD, nor JDEdwards EnterpriseOne for OpenBSD. > Maybe. Or maybe not. Speed has not been the primary goal of OpenBSD. > Which is OK for me. But, for such a high priced box, I think speed might > be way up there or would reliability be more important? > In most cases the reliability of the OS and the kind of app I'm talking about is a given, uptime will be indefinite for most customers. It's a OS plus app plus libraries plus tools solution groomed over a couple decades for that architecture. Security will be external, right or wrong that's how it is. > For example, scientific software would definitely place more emphasis on > precise and accurate calculations rather than speed. > There are specs for that and standard libraries, certainly for HPC where power architecture plays speed is huge consideration but then they have nvidia gpu doing the bulk of the work along side of the power8, different beast than business power8. > >> >> Developers are interested in that architecture you say...yes I believe >> that. I'm a photographer and am interested in a Hasselblad H5D-200c >> which the body alone goes for $45,000. I can't afford one, let alone >> say put a lens on it, have no earthly use that would require >> one.but dang if it isn't cool. >> > >> > Below you suggest getting going with Power6 and 7, which are much >> > cheaper to purchase. >> > >> > Would it be reasonable to look at this the other way around: >> > >> > Develop the Power8 architecture now so that when prices fall later, >> > companies can then afford to buy them and immediately use a developed >> > and tested OpenBSD on them? >> >> Develop for architecture none of the userbase has or will have for five >> plus years? Of course the BSD licensed open source drivers that IBM >> will provide for all that poop that flies by in the five minute POST >> time will make the job easier, and the megabytes of spec docs they've >> written...cause they wouldn't have the gall to hand over BLOBs for >> hardware without full specs >> >> > Supposedly, IBM is energetically supporting Open Source for this. > > >> We'll have to make the BSD foundation thermometer taller for N devs >> times $170 month or more extra electric bill. >> >> > If IBM is really interested in Open Source, they might just decide to > donate to the OpenBSD Foundation. Would pay the electric bill > (hopefully). OpenBSD foots electric bill for devs? Oh, and when they start power8 box will put a HP blade chassis to shame with the volume level for a few minutes, I couldn't imagine having one in a home and repeatedly booting to port an OS. > > But talk is not action. Action is too expense, too pointless. It's out of league just as a Cray vector supercomputer OpenBSD port would be > > > General question: > Would Power8 lead to using Power9, Power10, etc? too expensive to have for development, too expensive to run, to expensive for a userbase while businesses waited for a mature version, no compelling use case in the open source world that couldn't be done with Xeon drawing half to a third the power. > > Chris Bennett
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
2016-10-19 6:51 GMT+08:00 Ralph Siegler: .. > no one is going to buy box from product line that starts at $11,000 (non- > Power8 machine offers start at USD 2,850: http://www.tyan.com/campaign/openpower/index.html And their standard prices are USD 5,530 and up, that is http://www.tyan.com/Barebones_TN71-BP012_BSP012T71V14HR-4T-3 .
Happy Birthday
Happy Birthday to OpenBSD. Hey, it's 21. It can drink in Michigan now!
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Wed, Oct 19, 2016 at 02:06:51AM +, Ralph Siegler wrote: > > Linux on Power8 provides a way to run certain closed source softwares > that are certified to run on Linux on PowerPC. Of course, those > softwares generally run even faster on AIX with less "loose ends" and > bugs because they were specifically developed and tuned for a couple > decades using bespoke tools before recent porting to Linux. > Hmm. OpenBSD's license does not in any way prohibit using closed source software with it. Would it be better than AIX or Linux? Maybe. Or maybe not. Speed has not been the primary goal of OpenBSD. Which is OK for me. But, for such a high priced box, I think speed might be way up there or would reliability be more important? For example, scientific software would definitely place more emphasis on precise and accurate calculations rather than speed. > > > Developers are interested in that architecture you say...yes I believe > that. I'm a photographer and am interested in a Hasselblad H5D-200c > which the body alone goes for $45,000. I can't afford one, let alone > say put a lens on it, have no earthly use that would require > one.but dang if it isn't cool. > > > > Below you suggest getting going with Power6 and 7, which are much > > cheaper to purchase. > > > > Would it be reasonable to look at this the other way around: > > > > Develop the Power8 architecture now so that when prices fall later, > > companies can then afford to buy them and immediately use a developed > > and tested OpenBSD on them? > > Develop for architecture none of the userbase has or will have for five > plus years? Of course the BSD licensed open source drivers that IBM > will provide for all that poop that flies by in the five minute POST time > will make the job easier, and the megabytes of spec docs they've > written...cause they wouldn't have the gall to hand over BLOBs for > hardware without full specs > Supposedly, IBM is energetically supporting Open Source for this. > We'll have to make the BSD foundation thermometer taller for N devs times > $170 month or more extra electric bill. > If IBM is really interested in Open Source, they might just decide to donate to the OpenBSD Foundation. Would pay the electric bill (hopefully). But talk is not action. General question: Would Power8 lead to using Power9, Power10, etc? Chris Bennett
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Tue, 18 Oct 2016 18:28:58 -0500, Chris Bennett wrote: > On Tue, Oct 18, 2016 at 10:51:56PM +, Ralph Siegler wrote: >> On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote: >> >> > Chris Bennett wrote: >> >> Does anyone need a Power8? >> > >> > Chris, this is the hottest high-end server in the IBM universe today. >> >> > The Power8 *needs* OpenBSD because they don't have a really good >> > firewalling regimen at that level. >> > >> > >> Ya know, I actually admin some AIX Power8 boxes besides the Linux and >> BSD at work, and put together the specs for two employer just purchased >> for G/L application >> >> > Ah, someone with some Power8 boxes! > > OK, Power8 officially works with Linux. > What does Linux bring to the table for these boxes? > Useful applications or just showing up for the hell of it? > > Off-list, I have been informed that there ARE developers interested in > this architecture. Linux on Power8 provides a way to run certain closed source softwares that are certified to run on Linux on PowerPC. Of course, those softwares generally run even faster on AIX with less "loose ends" and bugs because they were specifically developed and tuned for a couple decades using bespoke tools before recent porting to Linux. Developers are interested in that architecture you say...yes I believe that. I'm a photographer and am interested in a Hasselblad H5D-200c which the body alone goes for $45,000. I can't afford one, let alone say put a lens on it, have no earthly use that would require one.but dang if it isn't cool. > > Below you suggest getting going with Power6 and 7, which are much > cheaper to purchase. > > Would it be reasonable to look at this the other way around: > > Develop the Power8 architecture now so that when prices fall later, > companies can then afford to buy them and immediately use a developed > and tested OpenBSD on them? Develop for architecture none of the userbase has or will have for five plus years? Of course the BSD licensed open source drivers that IBM will provide for all that poop that flies by in the five minute POST time will make the job easier, and the megabytes of spec docs they've written...cause they wouldn't have the gall to hand over BLOBs for hardware without full specs We'll have to make the BSD foundation thermometer taller for N devs times $170 month or more extra electric bill. > > Chris Bennett > > > > >> and openbsd is my favorite server OS >> >> BUT >> >> no one is going to buy box from product line that starts at $11,000 >> (non- >> expandable entry level box) to run pf on 1 of its six cores. That's >> crazy talk. And anu more usual power8 box is going to be $50K and up. >> x86-64 would be much more cost effective for any app where OpenBSD >> shines like web server, mail, dns, firewall, router, etc. and etc. >> >> There is zero need, use or justification for openbsd on power8 in 2016. >> People buy power8 because there is app that requires it or other Unix >> with a (TM) after it. >> >> For the low end expandable $26,000 each boxes, well at least a body >> only need plug in two of the four 900W power supplies if only single >> six-core cpu is installed, can keep electric bill low that way. HA! >> >> I especially like the comment about wanting openbsd port for power8 >> desktop or laptopsomeone never lifted a power8 chip plus heat sink >> I can tell >> >> What would be *useful* is Power6 port that could optionally run on >> later models, some good deals on ebay with power7 going for $3k and up) >>But IBM isn't going to help with that.
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
> On Oct 18, 2016, at 10:48 AM, Jack J. Woehrwrote: > > The Power8 *needs* OpenBSD because they don't have a really good firewalling regimen at that level. I suspect anyone running Power8 gear is doing so behind dedicated firewall hardware, e.g. Juniper SRX. --lyndon
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Perhaps if OpenBSD were regularly used on more powerful machines, it would acquire abilities beyond what a 486 is capable of? And I hear it's got a hypervisor now. Matthew
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Tue, Oct 18, 2016 at 10:51:56PM +, Ralph Siegler wrote: > On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote: > > > Chris Bennett wrote: > >> Does anyone need a Power8? > > > > Chris, this is the hottest high-end server in the IBM universe today. > > > The Power8 *needs* OpenBSD because they don't have a really good > > firewalling regimen at that level. > > > > Ya know, I actually admin some AIX Power8 boxes besides the Linux and BSD > at work, and put together the specs for two employer just purchased for > G/L application > Ah, someone with some Power8 boxes! OK, Power8 officially works with Linux. What does Linux bring to the table for these boxes? Useful applications or just showing up for the hell of it? Off-list, I have been informed that there ARE developers interested in this architecture. Below you suggest getting going with Power6 and 7, which are much cheaper to purchase. Would it be reasonable to look at this the other way around: Develop the Power8 architecture now so that when prices fall later, companies can then afford to buy them and immediately use a developed and tested OpenBSD on them? Chris Bennett > and openbsd is my favorite server OS > > BUT > > no one is going to buy box from product line that starts at $11,000 (non- > expandable entry level box) to run pf on 1 of its six cores. That's > crazy talk. And anu more usual power8 box is going to be $50K and up. > x86-64 would be much more cost effective for any app where OpenBSD shines > like web server, mail, dns, firewall, router, etc. and etc. > > There is zero need, use or justification for openbsd on power8 in 2016. > People buy power8 because there is app that requires it or other Unix > with a (TM) after it. > > For the low end expandable $26,000 each boxes, well at least a body only > need plug in two of the four 900W power supplies if only single six-core > cpu is installed, can keep electric bill low that way. HA! > > I especially like the comment about wanting openbsd port for power8 > desktop or laptopsomeone never lifted a power8 chip plus heat sink I > can tell > > What would be *useful* is Power6 port that could optionally run on later > models, some good deals on ebay with power7 going for $3k and up)But > IBM isn't going to help with that.
Re: USB mouse not working
I've tried that and it doesn't help at all unfortunately. Although I wouldn't have considered it a great solution since I actually want to use USB 3 in Windows! And it would be a massive pain to toggle it every time I switched between OSes Thanks anyway for the suggestion On Tue, 18 Oct 2016 at 21:13 Bojan Nasticwrote: > Have you tried disabling USB3 in the BIOS? > Forcing USB2.0 helped with similar problems on my Thinkpad. > > > > On 18 Oct 2016, at 07:18, Daniel Cavanagh > wrote: > > > > Hiya > > > > I'm having trouble getting my USB mouse to work in the latest snapshots. > > Unless my memory is faulty, this mouse used to work only a few months ago > > > > I have noticed that the kernel disables the device at boot (see bold text > > in dmesg below). I've tried disabling xhci, but that doesn't help. Other > > than that, I'm not really sure what else to do. Does anyone know > anything I > > can try to fix or track down the root cause of this issue? > > > > I also have an 3.5mm audio in/out <-> USB converter that appears not to > > work, again with the kernel disabling the device. I've not looked into > this > > one though. Perhaps it's the same issue > > > > Cheers :)
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote: > Chris Bennett wrote: >> Does anyone need a Power8? > > Chris, this is the hottest high-end server in the IBM universe today. > The Power8 *needs* OpenBSD because they don't have a really good > firewalling regimen at that level. > Ya know, I actually admin some AIX Power8 boxes besides the Linux and BSD at work, and put together the specs for two employer just purchased for G/L application and openbsd is my favorite server OS BUT no one is going to buy box from product line that starts at $11,000 (non- expandable entry level box) to run pf on 1 of its six cores. That's crazy talk. And anu more usual power8 box is going to be $50K and up. x86-64 would be much more cost effective for any app where OpenBSD shines like web server, mail, dns, firewall, router, etc. and etc. There is zero need, use or justification for openbsd on power8 in 2016. People buy power8 because there is app that requires it or other Unix with a (TM) after it. For the low end expandable $26,000 each boxes, well at least a body only need plug in two of the four 900W power supplies if only single six-core cpu is installed, can keep electric bill low that way. HA! I especially like the comment about wanting openbsd port for power8 desktop or laptopsomeone never lifted a power8 chip plus heat sink I can tell What would be *useful* is Power6 port that could optionally run on later models, some good deals on ebay with power7 going for $3k and up)But IBM isn't going to help with that.
Because Theo de Raadt said that the buttons are for idiots?
Because Theo de Raadt said that the buttons are for idiots? http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/Attic/theo.c?rev=1.125 Peoples that participate in IRC of openbsd-br suggested for me ask this here in openbsd misc and for the Theo de Raadt.
Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)
Hello Anton, On Mon, Oct 17, 2016 at 11:25 PM,wrote: > Mon, 17 Oct 2016 18:00:39 +0200 Karel Gardas >> 1) use machine with proper ECC support > > Hello Karel, > > Please explain this "proper ECC support" for every laptop user out there? > I am not sure my system implements "proper ECC support", how to validate? > Can you advise why OpenBSD developers still run laptops if they lack ECC? I've been replying based on past experience with what Tinker wrote to this mailing list. From his posts I expected context of super-reliable data storage on the server-class hardware. In this context non-ECC system is simply a no go. By proper ECC support I mean system with SECDED working at least. You are right that support for ECC in laptops these days is pretty limited to vintage machines with UltraSPARC, some PowerPC thinkpads (IIRC) and new machines with Xeon E3v5 from Lenovo/Dell/HP/Fujitsu at least. OpenBSD devs are probably using what is available to them like anybody else, don't they? Cheers, Karel
Intel/amd64 hardware donation.
Today I found some hardware I forgot to rma a few months ago. I'd be happy to donate it to the project if anyone can use it. Nothing special. 2 x Intel Xeon X5570 Quad-Core Nehalem EP Processor 2.93GHz 6.4GT/s 8MB LGA 1366 CPU, OEM. New in package. 4 x Super Talent DDR3-1333 8GB/512Mx8 ECC/REG CL9 Samsung Chip Server Memory. New also, never installed. If anybody wants it please let me know. --Noah P
Re: Failure to get unbound to talk to nsd on the same server (Solved)
Hi all, thanks for all the suggestions. However it turned out that all I needed to do was to add domain-insecure: "my.domain" to unbound.conf so that unbound would ignore the lack of DNSSEC of my internal domain. I have not paid much attention to DNSSEC until now, but it seems I may need to. So, problem solved, onto the next one! ;-) /Johan On Wed, Oct 12, 2016 at 04:18:39PM +0300, Kapetanakis Giannis wrote: > Hi, > > Haven't followed the whole thread and by just looking at the topic, > I have a similar setup (carped as well) for caching DNS. > 2 servers, 2 carped IPs. > > This is how it works: > > unbound.conf: > interface: 127.0.0.1 > port: 53 > outgoing-interface: ext_ip > access-control: local_networks > do-not-query-localhost: no > include: "/var/unbound/etc/stub_zones_insecure" > include: "/var/unbound/etc/stub_zones" > > stub_zones: > stub-zone: > name: "foo.example.com." > stub-addr: 127.0.0.1@5678 > > stub_zones_insecure: > domain-insecure: "foo.example.com." > > insecure is for when you have network problems to be able to resolv > otherwrise it hungs at DNSSEC (if you have it enabled). This is for local > zones only. > > resolv.conf: > nameserver 127.0.0.1 > > nsd.conf: > ip-address: 127.0.0.1@5678 > zone: >name: foo.example.com >zonefile: /var/nsd/zones/slave/%s >request-xfr: master_DNS_IP NOKEY >allow-notify: master_DNS_IP NOKEY > > pf.conf: > # requests from local dns server (unbound) > pass out quick on $dns1_if proto {tcp, udp} to $dns1_if:network port 53 > modulate state (if-bound, no-sync) nat-to ($dns1_if) > pass out quick on $dns1_if proto {tcp, udp} to any port 53 modulate state > (if-bound, no-sync) route-to ($dns1_if $dns1_gw) nat-to ($dns1_if) > pass out quick on $dns2_if proto {tcp, udp} to $dns2_if:network port 53 > modulate state (if-bound, no-sync) nat-to ($dns2_if) > pass out quick on $dns2_if proto {tcp, udp} to any port 53 modulate state > (if-bound, no-sync) route-to ($dns2_if $dns2_gw) nat-to ($dns2_if) > > # requests from clients (unbound) > pass in quick on $dns1_if proto {tcp,udp} from $dns1_if:network to > ($dns1_carp) port 53 keep state rdr-to 127.0.0.1 reply-to $dns1_if > pass in quick on $dns2_if proto {tcp,udp} from $dns2_if:network to > ($dns2_carp) port 53 keep state rdr-to 127.0.0.1 reply-to $dns2_if > pass in quick on $dns1_if proto {tcp,udp} from to ($dns1_carp) > port 53 keep state rdr-to 127.0.0.1 reply-to ($dns1_if $dns1_gw) > pass in quick on $dns2_if proto {tcp,udp} from to ($dns2_carp) > port 53 keep state rdr-to 127.0.0.1 reply-to ($dns2_if $dns2_gw) > pass out quick on $dns1_if proto udp from 127.0.0.1 port 53 nat-to > ($dns1_carp) > pass out quick on $dns2_if proto udp from 127.0.0.1 port 53 nat-to > ($dns2_carp) > > # nsd > pass in quick on $dns1_if proto udp from $master_DNS to ($dns1_if) port 5678 > keep state rdr-to 127.0.0.1 reply-to $dns1_if > > hope these help. For me they work the last 2 years. They only problem I > haven't solved so far which requires a different setup is when you make a > change on the master and the unbound has the previous entry in the cache... > the cache has to expire. > > > G
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Tue, Oct 18, 2016 at 11:48:04AM -0600, Jack J. Woehr wrote: > Chris Bennett wrote: > >Does anyone need a Power8? > > Chris, this is the hottest high-end server in the IBM universe today. > > It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under > many organizations. > > IBM is currently energetically supporting Open Source development (as their > vendors are becoming disillusioned about industry growth). > Excellent. > The Power8 *needs* OpenBSD because they don't have a really good firewalling > regimen at that level. > Yes, that's a definite need! > At the z/OS level, they have world-class stuff, but not around the > neighborhood of IBM i, which is actually selling better than z/OS these > days. > > If you haunt the IBM world as I do, you'd realize that this could be a very > big cash cow for OpenBSD supportniks if Mikael's idea flies. Sounds very good. I don't know IBM. Energetically supporting Open Source does not always lead to (sadly) "effectively" supporting Open Source. Linux !~ good security, but it's becoming more and more "everywhere". Do you think that the right-minded ( as in open-minded ) people are there? Given OpenBSD's reputation, I'm actually surprised that this is even difficult, especially with the amount of profit IBM sees. And 6 months to even get to talk to the right person! Shame on IBM! A question I still have, how hard is adding this architecture going to be? From what you said and what I saw quickly looking on IBM's site, does seem to be worth adding. Mikael, no disrespect intended in my email at all. Sometimes I come across too harsh than I intend to. Chris Bennett
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Matthew Weigel wrote: On 2016-10-18 12:43, Jack J. Woehr wrote: Routing, firewalling, DMZing, net address translation, OpenSSL, LibreSSL. :-) My apologies, I sit corrected. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On 2016-10-18 12:43, Jack J. Woehr wrote: Routing, firewalling, DMZing, net address translation, OpenSSL, LibreSSL. :-) -- Matthew Weigel hacker unique & idempot . ent
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Chris Bennett wrote: Asking about what apps someone would run is a legitimate question. Mikael, most Linux apps port to most OpenBSD flavors. Probably much of the OpenBSD ports tree could easily be converted to a prospective little-endian Power8 OpenBSD. The very popular (in the IBM i world) Perzl-on-PASE effort is probably more difficult and less satisfactory than porting the OpenBSD ports tree would be to a prospective little-endian Power8 OpenBSD. One would hope that IBM would lend support and some engineering assistance to the OpenBSD project in the event of a little-endian Power 8 OpenBSD port being planned. PASE: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzalf/rzalfintro.htm Perzl: http://perzl.org/ -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Chris Bennett wrote: Does anyone need a Power8? Chris, this is the hottest high-end server in the IBM universe today. It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under many organizations. IBM is currently energetically supporting Open Source development (as their vendors are becoming disillusioned about industry growth). The Power8 *needs* OpenBSD because they don't have a really good firewalling regimen at that level. At the z/OS level, they have world-class stuff, but not around the neighborhood of IBM i, which is actually selling better than z/OS these days. If you haunt the IBM world as I do, you'd realize that this could be a very big cash cow for OpenBSD supportniks if Mikael's idea flies. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)
On 10/17/2016 22:47, Tinker wrote: [...] If you have any thought about how make that happen feel free to share. Anyhow in the absence of any such logic, just doing a hardware reset is fine, it's just a bit constrained as it comes without automated reporting that could be used to distinguish hardware/kernel issues from userland issues, which encourages hardware replacement and userland software debugging beyond what's really necessary. Tinker The first option you should consider (if not already mentioned) is a serial link from the console port to another system. One could then construct some sort of periodic probe & response. On failure, break into DDB and dump state, sync disks, and reboot. One possibility would be to start a very small user process at the highest prioritycommunicating with a process at normal or slightly below priority. The lower priority process would send a message every N seconds. At T + (say) 10N the high priority process would kick off whatever action you want. Saving state to disk in a hung system is problematic. Network communication is chancy. Serial communication is ancient but effective. Geoff Steckel
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Mikael wrote: Please describe the practical and technical utility and value, the organization/social context, scope, duration, anything that is relevant to motivate them. Mikael, thanks for urging IBM to support OpenBSD. I've been urging them to do so for about 15 years, good luck! OpenBSD provides the most secure, mature, reliable, and actively maintained open source toolchain relating to TCP/IP networking. Routing, firewalling, DMZing, net address translation, OpenSSL, OpenSSH, IPSec, spam blocking, and especially the open source world's supreme packet filter all are part of the core OpenBSD mission and among the list of supported mission-critical applications. If the organizational mission is sophisticated and secure use of the Internet/Intranet, OpenBSD should be stationed like Horatio at the bridge as the nexus between the organization and the outside world. While Linux offers a better end-user experience and arguably a more mature web development environment, OpenBSD stands ready and able to guard your all-too-vulnerable Linux cloud. For that matter, the security regimen of OpenBSD almost without a doubt surpasses that of IBM i itself. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On Wed, Oct 19, 2016 at 12:35:13AM +0800, Mikael wrote: > Hi everyone, > > I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for > adding support for this arch. After 6 months this got all the way to their > Director of the Power(8) Ecosystem & Alliances, that is the highest > executive for the whole arch. Just right now, she's asking for a motivation > for IBM to donate - she asks: > > > "It would be helpful to know where you are seeing requests for OpenBSD on > Power and what applications on top of OpenBSD are being requested. We have > not seen any requests as of yet from our target clients. " > > > Can you please collect answers to this question and post them here in this > thread, or PM them to me. I'll forward your responses and they'll decide > whether to donate Power8 devices to OpenBSD, based on them. > > ** Please tell the next 6-7 days! > > Thanks! > Mikael > Forgive me if I've missed something on tech@. Have you found any developers that want to develop this architecture? That's definitely a lot of work! If you've been working on this for 6 months, you should already know who they are. Your question seems poorly worded to get the kind of responses you need. Does anyone need a Power8? Why? Would be a good question. Why would a Power8 be a preferred solution versus what they already have or currently plan to upgrade to? Asking about what apps someone would run is a legitimate question. I didn't look at any details about Linux running on it, but that might make porting the same apps over to OpenBSD not too difficult. I would guess, and only guess, that similar needs would be found by OpenBSD users. This thread should also be posted to tech@. If IBM is serious, I doubt that replies within 6-7 days will make much difference versus replies within a month. Good luck, Chris Bennett
WiFi is very slow or does not work
Hello, I post here following the advice of jggimi, from http://daemonforums.org. I bought a small PC Engines APU2C4 [1][2] with the wle200nx wireless module [3][4]. I installed OpenBSD 6.0 without any problems but I have an issue with the wireless module : the "link" is very slow when I successfully connect it (some times I can't). My mobile phone is a Honor 5C (Android 6.0) and connect perfectly to other WiFi Access Point (Raspberry Pi 3, various Internet boxes...) with a speed up to 50 or 70 Mb/s. When I succeed to connect to my PC Engines, my phone displays only 1 Mb/s speed link and the connection is not usable : every apps and Web pages time out. The strange thing is that with the PC Engines antennas, the power signal is -28/32 dBm versus a "poor" -45/54 dBm on my Raspberry Pi 3. To avoid channel interferences, I switched off the WiFi on my Internet box and Raspberry Pi 3 with no changes. Below is what I do... I boot with an empty "/etc/hostname.athn0" file. The status of the WiFi device... francois@openbsd60 [19:01:19]:~$ ifconfig athn0 athn0: flags=8802mtu 1500 lladdr XX:XX:XX:XX:XX:XX index 4 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid "" Then I enter some commands to enable WiFi Access Point... root@openbsd60 [19:08:03]:~$ ifconfig athn0 media autoselect mode 11g mediaopt hostap nwid pcengines wpa wpaprotos wpa2 wpakey 123456789 root@openbsd60 [19:09:26]:~$ ifconfig athn0 192.168.50.1 And the status become... root@openbsd60 [19:09:43]:~$ ifconfig athn0 athn0: flags=8843 mtu 1500 lladdr XX:XX:XX:XX:XX:XX index 4 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect (OFDM6 mode 11a) status: no network ieee80211: nwid pcengines wpakey 0x17ddcbf015970cf8bacc8b0702bc2babeb14c93b63ad694f60b115033d055a4c wpaprotos wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip inet 192.168.50.1 netmask 0xff00 broadcast 192.168.50.255 Logically, WiFi should be 11g but it looks to be 11a ??? To force 11g mode, I have to enter a second time... root@openbsd60 [19:22:52]:~$ ifconfig athn0 media autoselect mode 11g mediaopt hostap Then I start the dhcpd service... root@openbsd60 [19:16:41]:~$ rcctl start dhcpd dhcpd(ok) Content of the config files... root@openbsd60 [19:15:59]:~$ cat /etc/rc.conf.local dhcpd_flags=athn0 root@openbsd60 [19:12:07]:~$ cat /etc/dhcpd.conf option domain-name-servers 192.168.0.1; default-lease-time 3600; max-lease-time 86400; authoritative; subnet 192.168.50.0 netmask 255.255.255.0 { range 192.168.50.10 192.168.50.100; option subnet-mask 255.255.255.0; option broadcast-address 192.168.50.255; option routers 192.168.50.1; option domain-name-servers 192.168.0.1; option ntp-servers 192.168.0.1; host honor5c { hardware ethernet XX:XX:XX:XX:XX:XX; fixed-address 192.168.50.10; } } The firewall rules... $ cat /etc/pf.conf match out on em0 inet from athn0:network to any nat-to (em0) port 1024:65535 set skip on lo block return# block stateless traffic pass# establish keep-state # By default, do not permit remote connections to X11 block return in on ! lo0 proto tcp to port 6000:6010 IPv4 forwarding is enable in "/etc/sysctl.conf". And my phone can (at the time where I write this message) join the Acces Point but the speed is limited to 1 Mb/s and there is message about the connection status : "no Internet connection". I you have any clue... I add the dmesg output in case you would find relevant informations. root@openbsd60 [18:39:18]:~$ dmesg OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4261076992 (4063MB) avail mem = 4127465472 (3936MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries) bios0: vendor coreboot version "88a4f96" date 03/07/2016 bios0: PC Engines apu2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S2 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD GX-412TC SOC, 998.27 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPC NT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMC R8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
misc never fails to deliver > Well personally I don't think the matter concern me since I don't handle any > server. > But I would love to use power8 PC as a desktop or laptop with OpenBSD. (If > that becomes a possibility in the future) > The main reason is security. I don't trust Intel close source firmware etc > > On Oct 18, 2016 7:35 PM, Mikaelwrote: > > > > Hi everyone, > > > > I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for > > adding support for this arch. After 6 months this got all the way to their > > Director of the Power(8) Ecosystem & Alliances, that is the highest > > executive for the whole arch. Just right now, she's asking for a motivation > > for IBM to donate - she asks: > > > > > > "It would be helpful to know where you are seeing requests for OpenBSD on > > Power and what applications on top of OpenBSD are being requested. We have > > not seen any requests as of yet from our target clients. " > > > > > > Can you please collect answers to this question and post them here in this > > thread, or PM them to me. I'll forward your responses and they'll decide > > whether to donate Power8 devices to OpenBSD, based on them. > > > > ** Please tell the next 6-7 days! > > > > Thanks! > > Mikael
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Well personally I don't think the matter concern me since I don't handle any server. But I would love to use power8 PC as a desktop or laptop with OpenBSD. (If that becomes a possibility in the future) The main reason is security. I don't trust Intel close source firmware etc On Oct 18, 2016 7:35 PM, Mikaelwrote: > > Hi everyone, > > I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for > adding support for this arch. After 6 months this got all the way to their > Director of the Power(8) Ecosystem & Alliances, that is the highest > executive for the whole arch. Just right now, she's asking for a motivation > for IBM to donate - she asks: > > > "It would be helpful to know where you are seeing requests for OpenBSD on > Power and what applications on top of OpenBSD are being requested. We have > not seen any requests as of yet from our target clients. " > > > Can you please collect answers to this question and post them here in this > thread, or PM them to me. I'll forward your responses and they'll decide > whether to donate Power8 devices to OpenBSD, based on them. > > ** Please tell the next 6-7 days! > > Thanks! > Mikael
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
2016-10-19 0:48 GMT+08:00 Kapetanakis Giannis: > > pf, relayd, bgpd ;) > > G > > ps. after the unlocking > Giannis, this is too little info to be useful. Please describe the practical and technical utility and value, the organization/social context, scope, duration, anything that is relevant to motivate them. Right now they have no idea so this is to inform them.
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
On 18/10/16 19:35, Mikael wrote: Hi everyone, I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for adding support for this arch. After 6 months this got all the way to their Director of the Power(8) Ecosystem & Alliances, that is the highest executive for the whole arch. Just right now, she's asking for a motivation for IBM to donate - she asks: "It would be helpful to know where you are seeing requests for OpenBSD on Power and what applications on top of OpenBSD are being requested. We have not seen any requests as of yet from our target clients. " Can you please collect answers to this question and post them here in this thread, or PM them to me. I'll forward your responses and they'll decide whether to donate Power8 devices to OpenBSD, based on them. ** Please tell the next 6-7 days! Thanks! Mikael pf, relayd, bgpd ;) G ps. after the unlocking
Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Hi everyone, I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for adding support for this arch. After 6 months this got all the way to their Director of the Power(8) Ecosystem & Alliances, that is the highest executive for the whole arch. Just right now, she's asking for a motivation for IBM to donate - she asks: "It would be helpful to know where you are seeing requests for OpenBSD on Power and what applications on top of OpenBSD are being requested. We have not seen any requests as of yet from our target clients. " Can you please collect answers to this question and post them here in this thread, or PM them to me. I'll forward your responses and they'll decide whether to donate Power8 devices to OpenBSD, based on them. ** Please tell the next 6-7 days! Thanks! Mikael
Super slow read/write/boot flash with acpidump error also
I bought this 128GB flash about two months ago. I installed i386 -current on it, but had horribly slow everything. The i386 machine was very old, so I wrote it off ass maybe the machine. Here I have a "newer" amd64. So I installed a much newer version of amd64 -current. Same issues. I also get a message: acpidump: RSDT entry 3 is corrupt Didn't get that on i386, but -current i386 (older -current) may not show that or was irrelevant to i386. I have a passport USB hard drive that is USB3 but uses usb 2.1. This new flash is USB3 but uses 2.1 also. Passport works fine. lsusb shows different minimum speeds, which might be the problem? dmesg and lsusb -v shown below. I added comments to show each drive. Thanks, Chris Bennett OpenBSD 6.0-current (GENERIC.MP) #0: Sun Oct 16 22:19:59 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4277862400 (4079MB) avail mem = 4143681536 (3951MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f800 (48 entries) bios0: vendor American Megatrends Inc. version "080014" date 01/13/2009 bios0: BIOSTAR Group A760G M2+ acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) UAR1(S1) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.48 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 2MB 64b/line 32-way L3 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: AMD erratum 721 detected and fixed cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.13 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 2MB 64b/line 32-way L3 cache cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu1: AMD erratum 721 detected and fixed cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.13 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 2MB 64b/line 32-way L3 cache cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu2: AMD erratum 721 detected and fixed cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.13 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 2MB 64b/line 32-way L3 cache cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu3: AMD erratum 721 detected and fixed cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 1 (PCE2) acpiprt3 at acpi0: bus -1 (PCE3) acpiprt4 at acpi0: bus 2 (PCE7) acpiprt5 at acpi0: bus 3 (P0PC) acpicpu0 at acpi0: C1(@1 halt!), PSS acpicpu1 at acpi0: C1(@1 halt!), PSS acpicpu2 at acpi0: C1(@1 halt!), PSS acpicpu3 at acpi0: C1(@1 halt!), PSS acpitz0 at acpi0: critical temperature is 127 degC
Re: SSHowDowN
wow, thanks for the reply! "At the time I was running an AnonCVS server and I had realized that the anonymously connecting clients could use port forwarding to bounce TCP connections off the server." was this fixed meanwhile? Sent: Tuesday, October 18, 2016 at 5:01 PM From: "Christian Weisgerber"To: misc@openbsd.org Subject: Re: SSHowDowN On 2016-10-18, "Peter Janos" wrote: > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does anybody know? It has always been like this. OpenSSH inherited it from Ylønen-SSH. In the beginning, OpenSSH didn't even have a configuration option to disable port forwarding. Sixteen years ago Markus committed the diff I had submitted that added the AllowTcpForwarding option. ---> CVSROOT: /cvs Module name: src Changes by: mar...@cvs.openbsd.org 2000/10/14 06:12:09 Modified files: usr.bin/ssh : servconf.c servconf.h serverloop.c session.c sshd.8 Log message: AllowTcpForwarding; from naddy@ <--- At the time I was running an AnonCVS server and I had realized that the anonymously connecting clients could use port forwarding to bounce TCP connections off the server. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: SSHowDowN
On 2016-10-18, "Peter Janos"wrote: > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does anybody know? It has always been like this. OpenSSH inherited it from Ylønen-SSH. In the beginning, OpenSSH didn't even have a configuration option to disable port forwarding. Sixteen years ago Markus committed the diff I had submitted that added the AllowTcpForwarding option. ---> CVSROOT:/cvs Module name:src Changes by: mar...@cvs.openbsd.org 2000/10/14 06:12:09 Modified files: usr.bin/ssh: servconf.c servconf.h serverloop.c session.c sshd.8 Log message: AllowTcpForwarding; from naddy@ <--- At the time I was running an AnonCVS server and I had realized that the anonymously connecting clients could use port forwarding to bounce TCP connections off the server. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: SSHowDowN
> shouldn't the default be "no" for the AllowTcpForwarding? Why is an > insecure option "yes" by default? > https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf > Thanks. > this comes up post-authentication if someone is authenticated, they can do just about everything else also frankly, I don't think you have got a clear picture of the problem, which is that even if we disable this, vendors will simply renable it anyways and nothing changes.
Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)
> This is an ARM SBC, it has no BMC and AFAIK no watchdog or other timer > that can be programmed to cause a reboot, if you are aware of anything > like that on ARM SBC:s let me know? Watchdog timers are a somewhat common feature for SoCs designed for embedded use. Look up the reference manual for your device, it might have one. If not, you could implement your own as long as you can toggle a GPIO line. Here's a device from Maxim Integrated that could work: http://www.digikey.com/product-detail/en/maxim-integrated/MAX6373KA-T/MAX6373 KA-TCT-ND/948267 It ought to be fairly simple to wire up the watchdog input to a GPIO line and the output to your RESET input, and it can be configured to have a long delay, which is probably a good idea because it may take a while before you're booted up enough to start sending heartbeat pulses.
Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)
On 2016-10-17, Karel Gardaswrote: > 1) use machine with proper ECC support > 2) man sendbug -- and following it report your OpenBSD kernel misbehavior This can be a hard thing to report. When the machine totally locks up, it is very difficult to get the information needed to make a bug report, often it is not known exactly how to trigger it, or whether it's software bug, bit flip, or a hardware fault. Sometimes you can get useful information from monitoring the machine in the run-up to a failure - symon (in ports) can be useful for logging things to a remote machine at an interval which is often fast enough to give clues into what might be happening. But unless you have a reproducible case, or something which happens randomly but fairly often, you can be watching for a long time and not really not exactly what to be monitoring. On the other hand if you do have a *reproducible* way to trigger such a bug, that's of great interest. > On Mon, Oct 17, 2016 at 3:48 PM, Tinker wrote: >> Sometimes a machine goes unresponsive. In this case, a non-ECC RAM machine. >> >> The reason could be that something in the hardware or kernel failed, e.g. a >> bit flip error [1]. >> >> In this case (for a non-kernel developer), tough luck, and the proper thing >> would be to reboot, and keep statistics over failures on that machine and >> replace the hardware should the crashes go above some frequency threshold. If you're not running an up-to-date release, please do so: stefan@'s work on amap in the 5.9-6.0 timeframe certainly helps some cases - one of the post-6.0 errata might also apply with very large allocations, so 6.0-stable or -current would be advisable.
Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)
Thanks for your remarks Anton (below). What Anton said leads to an interesting question, which is, what characteristics does a program have to have to be sink-proof? This is interesting to know for the design of a "supervisory program" whose only function is to check that another program is alive - if it froze shut it down, if it shut down restart it - and all the while not sink itself. That's all. Sink-proof in the sense that the likelihood is as close to possible to zero that it would terminate or its execution otherwise would stop because the system would be out of memory, descriptors, fairly jammed kernel, whatever - if even swapping of binary and heap from resident RAM to disk could be prevented even that would be useful. Any code examples or principles available? Wild guesses: Keep it minimal and to only the absolute basics e.g. printf()/fprintf()/(f?)write()/(f?)read()/select() + fsync(), limited to output to console or serial IO only and to read from 'watchdog' pipe only, kill() + wait(), fork() + exec()/execve(), sysctl() to check and report free memory if relevant, only utilize buffers on the stack or allocated on process start, and don't do any malloc(), and.. run the supervisory program with lower niceness than the supervised program, and, run it as root?? Finally, the signal is preferably SIGQUIT as http://man.openbsd.org/sigaction.2 says that should produce a core dump. Yey! (Best thing obviously is to run software that works.) Tinker On 2016-10-18 13:38, li...@wrant.com wrote: Tue, 18 Oct 2016 12:40:10 +0800 TinkerAnton, Thanks for your remarks and clarifications, Sorry if the question not appeared perfectly clear from the beginning. Reset by HW watchdog would not dump state. (Thanks for pointing out that it exists though, wasn't aware.) Hi Tinker, In this case, you most probably need to make sure you go though a graceful (non crash / panic) OS halt resulting in the required level of state keep. I see the rationality in your suggestion that BSD/Unix is a thinner abstraction than as to contain userland failure handling logics (i.e. userland is presumed to work). If processes die out of program error / get killed because they exceed the allowed resource allocated, a dedicated process that monitors them and for the most common case optionally restarts / respawns them - known as system supervisor program, see: https://en.wikipedia.org/wiki/Supervisory_program This is a common problem usually also solved for system services / daemons via privilege separation where a parent minimal process runs background as high privileged program, and a child / separate process runs user level as the program that can get abused or suffer unexpected operating conditions. What you're probably thinking like is a form of system monitor, which in a UNIX like system is typically realised as resource limits and supervisors. Here is another article: https://en.wikipedia.org/wiki/Process_supervision Also I agree the best thing is that userland never breaks the system. This might be realistic. I had some experiences with machines that died totally because of userland, that's why I raised this topic at all. Yes, I know what you mean, however, this is not the design of the OS, that should factor in incorrect / poor programs, they're supposed to hit a hard limit and terminate / die suddenly with an explicit error. Then depending on the software stack arrangement depending mostly on the skills of the op or dev, the system could continue running as expected with a re-spawned or other state processes table. Further, you can devise a special monitor of the system running parameters and make automated decisions / system calls. In the presence of some occasional userland crashes, I still think there is relevance in the idea of a kernel-level "watchdog" that dumps state and reboots at timeout. Probably, and most probably such a mechanism may exist in the kernel level around the panic / kernel debugger code, you have to ask and look further. I'm in a place where I'm running a piece of inhouse software that can be heavy. Using the HW watchdog would not help me distinguish userland vs kernel issue. Implementing own "I'm alive" reporting from userland to the network would however, though, such a solution would not get the dump which would inform exactly where the actual halt happened. You MUST have some resource limits, or another mechanism to guard runaway. So basically just a kernel patch to do the "ps", "trace /u", "boot reboot" ddb(4) commands, when "echo >> /dev/kernelwatchdog" not happened for 60 secs. You may be overly simplifying this, I know what you meant yet the concepts of SoftECC were a mislead, and I was interested if somebody would discuss. Kind regards, Anton Anyhow, very sorry that you felt this bothered you - Have a good day!! Tinker On 2016-10-18 11:52, li...@wrant.com wrote: > Tue, 18
Re: USB mouse not working
Have you tried disabling USB3 in the BIOS? Forcing USB2.0 helped with similar problems on my Thinkpad. > On 18 Oct 2016, at 07:18, Daniel Cavanaghwrote: > > Hiya > > I'm having trouble getting my USB mouse to work in the latest snapshots. > Unless my memory is faulty, this mouse used to work only a few months ago > > I have noticed that the kernel disables the device at boot (see bold text > in dmesg below). I've tried disabling xhci, but that doesn't help. Other > than that, I'm not really sure what else to do. Does anyone know anything I > can try to fix or track down the root cause of this issue? > > I also have an 3.5mm audio in/out <-> USB converter that appears not to > work, again with the kernel disabling the device. I've not looked into this > one though. Perhaps it's the same issue > > Cheers :)
Re: SSHowDowN
having the username for password is yes, almost the biggest retarded idiotism in 2016, but disabling AllowTcpForwarding by default could help a little and a little in this case is big. I hope this admin user doesn't have permission to change shell, etc.. And in this general case (iot) , they have /sbin/nologin, so hopefully not. That's why AllowTcpForwarding=no by default could help in general. heck, it even has a CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1653 Sent: Tuesday, October 18, 2016 at 11:05 AM From: "Christian Gruhl"To: misc@openbsd.org Subject: Re: SSHowDowN On 10/18/2016 10:56 AM, Peter Janos wrote: > sometimes I send mails in HTML format, sorry for that, mail.com has this by > default.. > > so the PDF also states that the "admin" user had /sbin/nologin for shell > > -- > http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 ... > Note that disabling TCP forwarding does not improve security unless users are > also denied shell access > > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does anybody know? > > Thanks. See the DenyUsers option for sshd_config: http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5[http://man.openbsd. org/OpenBSD-current/man5/sshd_config.5] That should allow you to prevent the forwarding as well. Using tcp forwarding is allows to establish secure tunnels between systems that are not directly reachable without the need for a full blown vpn. But this is just my opinion.
Re: SSHowDowN
On 10/18/2016 10:56 AM, Peter Janos wrote: > sometimes I send mails in HTML format, sorry for that, mail.com has this by > default.. > > so the PDF also states that the "admin" user had /sbin/nologin for shell > > -- > http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 ... > Note that disabling TCP forwarding does not improve security unless users are > also denied shell access > > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does anybody know? > > Thanks. See the DenyUsers option for sshd_config: http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 That should allow you to prevent the forwarding as well. Using tcp forwarding is allows to establish secure tunnels between systems that are not directly reachable without the need for a full blown vpn. But this is just my opinion.
Re: SSHowDowN
sometimes I send mails in HTML format, sorry for that, mail.com has this by default.. so the PDF also states that the "admin" user had /sbin/nologin for shell -- http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 AllowTcpForwarding Specifies whether TCP forwarding is permitted. The available options are yes (the default) or all to allow TCP forwarding, no to prevent all TCP forwarding, local to allow local (from the perspective of ssh(1)) forwarding only or remote to allow remote forwarding only. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. -- -->> Note that disabling TCP forwarding does not improve security unless users are also denied shell access so having AllowTcpForwarding=NO would help. Why is it yes by default? someone requested it to be yes? does anybody know? Thanks. Sent: Tuesday, October 18, 2016 at 10:46 AM From: "Christian Gruhl"To: misc@openbsd.org Subject: Re: SSHowDowN On 10/18/2016 10:41 AM, Sol��ne Rapenne wrote: > Le 2016-10-18 10:35, Peter Janos a ��crit : >> shouldn't the default be "no" for the AllowTcpForwarding? Why is an >> insecure option "yes" by default? >> https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshow down-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pd f >> >> Thanks. > > from sshd_config(5) > > AllowTcpForwarding > Specifies whether TCP forwarding is permitted. The available > options are yes (the default) or all to allow TCP > forwarding, no > to prevent all TCP forwarding, local to allow local (from the > perspective of ssh(1)) forwarding only or remote to allow > remote > forwarding only. Note that disabling TCP forwarding does not > improve security unless users are also denied shell access, as > they can always install their own forwarders. > Also the article states that "We checked our factory-defaulted device and noticed that the ���admin:admin��� credential pair allows us to connect to the web-based configuration interface." Using such a weak password is more likely the problem, than the enabled TCP forward. [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: SSHowDowN
On 10/18/2016 10:41 AM, Solène Rapenne wrote: > Le 2016-10-18 10:35, Peter Janos a écrit : >> shouldn't the default be "no" for the AllowTcpForwarding? Why is an >> insecure option "yes" by default? >> https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshow down-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pd f >> >> Thanks. > > from sshd_config(5) > > AllowTcpForwarding > Specifies whether TCP forwarding is permitted. The available > options are yes (the default) or all to allow TCP > forwarding, no > to prevent all TCP forwarding, local to allow local (from the > perspective of ssh(1)) forwarding only or remote to allow > remote > forwarding only. Note that disabling TCP forwarding does not > improve security unless users are also denied shell access, as > they can always install their own forwarders. > Also the article states that "We checked our factory-defaulted device and noticed that the âadmin:adminâ credential pair allows us to connect to the web-based configuration interface." Using such a weak password is more likely the problem, than the enabled TCP forward. [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: SSHowDowN
Le 2016-10-18 10:35, Peter Janos a écrit : shouldn't the default be "no" for the AllowTcpForwarding? Why is an insecure option "yes" by default? https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf Thanks. from sshd_config(5) AllowTcpForwarding Specifies whether TCP forwarding is permitted. The available options are yes (the default) or all to allow TCP forwarding, no to prevent all TCP forwarding, local to allow local (from the perspective of ssh(1)) forwarding only or remote to allow remote forwarding only. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders.
SSHowDowN
shouldn't the default be "no" for the AllowTcpForwarding? Why is an insecure option "yes" by default? https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf Thanks.
Re: pf on carp backup resets connection after failover
Hello @misc, Just some further information on this. When I stop relayd and enter the pf rules like relayd does with its anchor, then it's - more or less - working as expected. When I start an upload within an SFTP session and failover, then the session is "stalled" nearly forever. When I set the tcp.established to 60 (instead of 600), then the "state" times out but the SFTP client starts reconnecting after a while (about 2-3 minutes) and the sessions keeps running. So it looks like relayd is "terminating" the session when carp fails over. With relayd and doing a carp failover, I get an Broken pipe. Connection reset by peer immediately. I just want to know, if this is a normal behaviour with this setup. Thanks. Robert > Gesendet: Mittwoch, 12. Oktober 2016 um 14:21 Uhr > Von: "Robert Paschedag"> An: "Robert Paschedag" > Cc: misc@openbsd.org > Betreff: Aw: Re: pf on carp backup resets connection after failover > > This time it should be better. Again sorry.. > > > Hi all, > > basically, if have exactly this problem already described here > (https://groups.google.com/forum/#!topic/bit.listserv.openbsd-pf/yZn4EUjxwfY) . > But because there is no answer since 2009, I'll give it a try. > > The setup of the 2 servers is also the same as in the other thread > only exception is, that my boxes are behind a "master" firewall > which I do not manage. > > I have 2 OpenBSD 6.0 servers that should just act as a load balancer > for SFTP connections. We use DSR mode because huge files get > downloaded from the SFTP servers and don't want the "load" to > pass completly through the OpenBSD load balancers. > > Everything is working as long as I don't do a failover to the backup system. > In this situation, I see, that the "new" carp master "resets" the connection > of the client. Immediatly opening a new SFTP sessions then works as > expected through the "new" carp master. > > This is my /etc/pf.conf (identical on both). Still testing.. > > # cat /etc/pf.conf > carp_if = "vmx0" > sync_if = "vmx1" > # already allow pfsync and carp protocols > pass quick on $sync_if proto pfsync keep state (no-sync) > pass on $carp_if proto carp keep state (no-sync) > # allow relayd to communicate with pf and set rules > anchor "relayd/*" > > And this is the relayd.conf > > log updates > prefork 5 > fx_vip = "VIP" > table { > "host1" > "host2" > } > redirect FX-SFTP { > listen on $fx_vip port 22 interface vmx0 > route to check tcp interface vmx0 > sticky-address > } > > This is the "ruleset" (identical on both) after reloading pf > > # pfctl -a '*' -s rules > pass quick on vmx1 proto pfsync all keep state (no-sync) > pass on vmx0 proto carp all keep state (no-sync) > anchor "relayd/*" all { > anchor "FX-SFTP" all { > pass in quick on vmx0 on rdomain 0 inet proto tcp from any to VIP port = 22 > flags any keep state (sloppy, tcp.established 600) > route-to @vmx0 round-robin sticky-address > } > } > > When the first connection is made, I see the state on the > backup carp machine. But with slightly different content. > > This is on "master" > > all tcp VIP:22 <- CLIENT:43334 ESTABLISHED:ESTABLISHED >[0 + 1] [946261580 + 2] >age 00:00:35, expires in 00:09:37, 16:0 pkts, 913:0 bytes, anchor 2, rule 2, sloppy >id: 57fbd552a2b4 creatorid: d4cdd00a > > "expires" is 10 minutes (tcp.established 600) and I see the anchor and rule > which generated state > > This in on "backup" > > all tcp VIP:22 <- CLIENT:43334 ESTABLISHED:ESTABLISHED >[0 + 1] [946261580 + 2] >age 00:00:32, expires in 23:59:41, 0:0 pkts, 0:0 bytes, sloppy >id: 57fbd552a2b4 creatorid: d4cdd00a > > expires is 1 day (?) and "backup" did not yet see any packes. > > Now, how can I get this to work, so the sessions won't be terminated > in case of a failover. > > Every help will be appreciated. > > Kind regards, > Robert > > > > Gesendet: Mittwoch, 12. Oktober 2016 um 14:18 Uhr > > Von: "Robert Paschedag" > > An: misc@openbsd.org > > Betreff: Re: pf on carp backup resets connection after failover > > > > Sorry for this bad web mailer formatting. I didn't want that.Am 12.10.2016 2:08 nachm. schrieb Robert Paschedag : > > > > > > Hi all, basically, if have exactly this problem already described here(https://groups.google.com/forum/#!topic/bit.listserv.openbsd-pf/yZn4EUjx wfY).But > > > because there is no answer since 2009, I'll give it a try. The setup of > > > the 2 servers is also the same as in the other threadonly exception is, > > > that my boxes are behind a "master" firewallwhich I do not manage. I have > > > 2 OpenBSD 6.0 servers that should just act as a load balancerfor SFTP > > > connections. We use DSR mode because huge files getdownloaded from the > > > SFTP servers and don't want the "load" topass completly through the > > > OpenBSD load balancers. Everything is working as long as I
USB mouse not working
Hiya I'm having trouble getting my USB mouse to work in the latest snapshots. Unless my memory is faulty, this mouse used to work only a few months ago I have noticed that the kernel disables the device at boot (see bold text in dmesg below). I've tried disabling xhci, but that doesn't help. Other than that, I'm not really sure what else to do. Does anyone know anything I can try to fix or track down the root cause of this issue? I also have an 3.5mm audio in/out <-> USB converter that appears not to work, again with the kernel disabling the device. I've not looked into this one though. Perhaps it's the same issue Cheers :) OpenBSD 6.0-current (GENERIC.MP) #2473: Sun Sep 18 23:24:19 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17118060544 (16325MB) avail mem = 16594767872 (15826MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xee310 (26 entries) bios0: vendor American Megatrends Inc. version "P1.80" date 10/24/2014 bios0: ASRock 970 Pro3 R2.0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG AAFT HPET SSDT IVRS BGRT acpi0: wakeup devices SBAZ(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4) UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PC02(S4) PC04(S4) PC09(S4) PC0A(S4) PC0B(S4) PC0D(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD FX(tm)-8320 Eight-Core Processor, 3492.88 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE XT,ITSC,BMI1 cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE XT,ITSC,BMI1 cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE XT,ITSC,BMI1 cpu2: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 19 (application processor) cpu3: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE XT,ITSC,BMI1 cpu3: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 20 (application processor) cpu4: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE XT,ITSC,BMI1