Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Mikael]

2016-10-19 12:59 GMT+08:00 Ralph Siegler :
..

>  too expensive to have for development, too expensive to run, to
> expensive for a userbase while businesses waited for a mature version, no
> compelling use case in the open source world that couldn't be done with
> Xeon drawing half to a third the power.
>

Ralph,

At 2850 to 5300 USD for rack chassi+mobo+CPU, I think Power8 servers do
make sense - it seems like a great way to diversify from AMD64, while still
in a robust server architecture.

Oracle have been talking about making a low-end server model of their new
Sparc64 chip, I guess that one will sell at around 5000 USD too.

So then there's two alternative architectures to AMD64, great!

(I didn't see any convincing ARM64 servers on the market yet.)

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Ralph Siegler]

On Wed, 19 Oct 2016 12:29:21 +0800, Mikael wrote:

> 2016-10-19 6:51 GMT+08:00 Ralph Siegler :
>  ..
> 
>> no one is going to buy box from product line that starts at $11,000
>> (non-
>>
>>
> Power8 machine offers start at USD 2,850:
> http://www.tyan.com/campaign/openpower/index.html
> 
> And their standard prices are USD 5,530 and up, that is
> http://www.tyan.com/Barebones_TN71-BP012_BSP012T71V14HR-4T-3 .

that is not an IBM Power E8xx or S8xx server, it can't for example run AIX 
or system i, has different architecture

Porting OpenBSD to Tyan would not give you an OpenBSD that ran on IBM 
business system

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Ralph Siegler]

On Tue, 18 Oct 2016 21:42:13 -0500, Chris Bennett wrote:

> On Wed, Oct 19, 2016 at 02:06:51AM +, Ralph Siegler wrote:
>> 
>> Linux on Power8 provides a way to run certain  closed source softwares
>> that are certified to run on  Linux on PowerPC. Of course, those
>> softwares generally run even faster on AIX with less "loose ends" and
>> bugs because they were specifically developed and tuned for a couple
>> decades using bespoke tools before recent porting to Linux.
>> 
>> 
> Hmm. OpenBSD's license does not in any way prohibit using closed source
> software with it. Would it be better than AIX or Linux?

None of that closed source software will ever run on OpenBSD.  There will 
never be IBM Websphere for OpenBSD, nor Lawson Financials for OpenBSD, 
nor JDEdwards EnterpriseOne for OpenBSD. 


> Maybe. Or maybe not. Speed has not been the primary goal of OpenBSD.
> Which is OK for me. But, for such a high priced box, I think speed might
> be way up there or would reliability be more important?
> 
In most cases the reliability of the OS and the kind of  app I'm talking 
about is a given, uptime will be indefinite for most customers.  It's a 
OS plus app plus libraries plus tools solution groomed over a couple 
decades for that architecture.  Security will be external, right or wrong 
that's how it is.



> For example, scientific software would definitely place more emphasis on
> precise and accurate calculations rather than speed.
>
There are specs for that and standard libraries, certainly for HPC where 
power architecture plays speed is huge consideration but then they have 
nvidia gpu doing the bulk of the work along side of the power8, different 
beast than business power8.


> 
>> 
>> Developers are interested in that architecture you say...yes I believe
>> that.  I'm a photographer and am interested in a Hasselblad H5D-200c
>> which the body alone goes for $45,000.  I can't afford one, let alone
>> say  put a lens on it, have no earthly use that would  require
>> one.but dang if it isn't cool.
>> > 
>> > Below you suggest getting going with Power6 and 7, which are much
>> > cheaper to purchase.
>> > 
>> > Would it be reasonable to look at this the other way around:
>> > 
>> > Develop the Power8 architecture now so that when prices fall later,
>> > companies can then afford to buy them and immediately use a developed
>> > and tested OpenBSD on them?
>> 
>> Develop for architecture none of the userbase has or will have for five
>> plus years?   Of course the BSD licensed open source drivers that IBM
>> will provide for all that poop that flies by in the five minute POST
>> time will make the job easier, and the megabytes of spec docs they've
>> written...cause they wouldn't have the gall to  hand over BLOBs for
>> hardware without full specs
>> 
>> 
> Supposedly, IBM is energetically supporting Open Source for this.
> 
> 
>> We'll have to make the BSD foundation thermometer taller for N devs
>> times $170 month or more extra electric bill.
>> 
>> 
> If IBM is really interested in Open Source, they might just decide to
> donate to the OpenBSD Foundation. Would pay the electric bill
> (hopefully).

OpenBSD foots electric bill for devs? 


Oh, and when they start power8 box will put a HP blade chassis  to shame 
with the volume level for a few minutes, I couldn't imagine having one in 
a home and repeatedly booting to port an OS.  
> 
> But talk is not action.

Action is too expense, too pointless.  It's out of league just as a Cray 
vector supercomputer  OpenBSD port would be

> 
> 
> General question:
> Would Power8 lead to using Power9, Power10, etc?


 too expensive to have for development, too expensive to run, to 
expensive for a userbase while businesses waited for a mature version, no 
compelling use case in the open source world that couldn't be done with 
Xeon drawing half to a third the power.  

> 
> Chris Bennett

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Mikael]

2016-10-19 6:51 GMT+08:00 Ralph Siegler :
 ..

> no one is going to buy box from product line that starts at $11,000 (non-
>

Power8 machine offers start at USD 2,850:
http://www.tyan.com/campaign/openpower/index.html

And their standard prices are USD 5,530 and up, that is
http://www.tyan.com/Barebones_TN71-BP012_BSP012T71V14HR-4T-3 .

Happy Birthday

[STeve Andre']

Happy Birthday to OpenBSD.

Hey, it's 21.  It can drink in Michigan now!

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Chris Bennett]

On Wed, Oct 19, 2016 at 02:06:51AM +, Ralph Siegler wrote:
> 
> Linux on Power8 provides a way to run certain  closed source softwares 
> that are certified to run on  Linux on PowerPC. Of course, those 
> softwares generally run even faster on AIX with less "loose ends" and 
> bugs because they were specifically developed and tuned for a couple 
> decades using bespoke tools before recent porting to Linux.  
> 

Hmm. OpenBSD's license does not in any way prohibit using closed source
software with it. Would it be better than AIX or Linux?
Maybe. Or maybe not. Speed has not been the primary goal of OpenBSD.
Which is OK for me. But, for such a high priced box, I think speed might
be way up there or would reliability be more important?

For example, scientific software would definitely place more emphasis on
precise and accurate calculations rather than speed.

> 
> 
> Developers are interested in that architecture you say...yes I believe 
> that.  I'm a photographer and am interested in a Hasselblad H5D-200c 
> which the body alone goes for $45,000.  I can't afford one, let alone 
> say  put a lens on it, have no earthly use that would  require 
> one.but dang if it isn't cool. 
> > 
> > Below you suggest getting going with Power6 and 7, which are much
> > cheaper to purchase.
> > 
> > Would it be reasonable to look at this the other way around:
> > 
> > Develop the Power8 architecture now so that when prices fall later,
> > companies can then afford to buy them and immediately use a developed
> > and tested OpenBSD on them?
> 
> Develop for architecture none of the userbase has or will have for five 
> plus years?   Of course the BSD licensed open source drivers that IBM 
> will provide for all that poop that flies by in the five minute POST time 
> will make the job easier, and the megabytes of spec docs they've 
> written...cause they wouldn't have the gall to  hand over BLOBs for 
> hardware without full specs
> 

Supposedly, IBM is energetically supporting Open Source for this.


> We'll have to make the BSD foundation thermometer taller for N devs times 
> $170 month or more extra electric bill. 
> 

If IBM is really interested in Open Source, they might just decide to
donate to the OpenBSD Foundation. Would pay the electric bill
(hopefully).

But talk is not action.


General question:
Would Power8 lead to using Power9, Power10, etc?

Chris Bennett

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Ralph Siegler]

On Tue, 18 Oct 2016 18:28:58 -0500, Chris Bennett wrote:

> On Tue, Oct 18, 2016 at 10:51:56PM +, Ralph Siegler wrote:
>> On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote:
>> 
>> > Chris Bennett wrote:
>> >> Does anyone need a Power8?
>> > 
>> > Chris, this is the hottest high-end server in the IBM universe today.
>> 
>> > The Power8 *needs* OpenBSD because they don't have a really good
>> > firewalling regimen at that level.
>> > 
>> > 
>> Ya know, I actually admin some AIX Power8 boxes besides the Linux and
>> BSD at work, and put together the specs for two employer just purchased
>>  for G/L application
>> 
>> 
> Ah, someone with some Power8 boxes!
> 
> OK, Power8 officially works with Linux.
> What does Linux bring to the table for these boxes?
> Useful applications or just showing up for the hell of it?
> 
> Off-list, I have been informed that there ARE developers interested in
> this architecture.

Linux on Power8 provides a way to run certain  closed source softwares 
that are certified to run on  Linux on PowerPC. Of course, those 
softwares generally run even faster on AIX with less "loose ends" and 
bugs because they were specifically developed and tuned for a couple 
decades using bespoke tools before recent porting to Linux.  



Developers are interested in that architecture you say...yes I believe 
that.  I'm a photographer and am interested in a Hasselblad H5D-200c 
which the body alone goes for $45,000.  I can't afford one, let alone 
say  put a lens on it, have no earthly use that would  require 
one.but dang if it isn't cool. 
> 
> Below you suggest getting going with Power6 and 7, which are much
> cheaper to purchase.
> 
> Would it be reasonable to look at this the other way around:
> 
> Develop the Power8 architecture now so that when prices fall later,
> companies can then afford to buy them and immediately use a developed
> and tested OpenBSD on them?

Develop for architecture none of the userbase has or will have for five 
plus years?   Of course the BSD licensed open source drivers that IBM 
will provide for all that poop that flies by in the five minute POST time 
will make the job easier, and the megabytes of spec docs they've 
written...cause they wouldn't have the gall to  hand over BLOBs for 
hardware without full specs

We'll have to make the BSD foundation thermometer taller for N devs times 
$170 month or more extra electric bill. 

> 
> Chris Bennett
> 
> 
> 
> 
>> and openbsd is my favorite server OS
>> 
>> BUT
>> 
>> no one is going to buy box from product line that starts at $11,000
>> (non-
>> expandable entry level box) to run pf on 1 of its six cores.   That's
>> crazy talk.  And anu more usual power8 box is going to be $50K and up.
>> x86-64 would be much more cost effective for any app where OpenBSD
>> shines like web server, mail, dns, firewall, router, etc. and etc.
>> 
>> There is zero need, use or justification for openbsd on power8 in 2016.
>> People buy power8 because there is app that requires it or other Unix
>> with a (TM) after it.
>> 
>> For the low end expandable $26,000 each boxes, well at least a body
>> only need plug in two of the four 900W power supplies if only single
>> six-core cpu is installed,  can keep electric bill low that way. HA!
>> 
>> I especially like the comment about wanting openbsd port for power8
>> desktop or laptopsomeone never lifted a power8 chip plus heat sink
>> I can tell
>> 
>> What would be *useful* is Power6 port that could optionally run on
>> later models, some good deals on ebay with power7 going for $3k and up)
>>But IBM isn't going to help with that.

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Lyndon Nerenberg]

> On Oct 18, 2016, at 10:48 AM, Jack J. Woehr  wrote:
>
> The Power8 *needs* OpenBSD because they don't have a really good firewalling
regimen at that level.

I suspect anyone running Power8 gear is doing so behind dedicated firewall
hardware, e.g. Juniper SRX.

--lyndon

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[.]

Perhaps if OpenBSD were regularly used on more powerful machines, it would
acquire abilities beyond what a 486 is capable of?

And I hear it's got a hypervisor now.

Matthew

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Chris Bennett]

On Tue, Oct 18, 2016 at 10:51:56PM +, Ralph Siegler wrote:
> On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote:
> 
> > Chris Bennett wrote:
> >> Does anyone need a Power8?
> > 
> > Chris, this is the hottest high-end server in the IBM universe today.
> 
> > The Power8 *needs* OpenBSD because they don't have a really good
> > firewalling regimen at that level.
> > 
> 
> Ya know, I actually admin some AIX Power8 boxes besides the Linux and BSD 
> at work, and put together the specs for two employer just purchased  for 
> G/L application
> 

Ah, someone with some Power8 boxes!

OK, Power8 officially works with Linux.
What does Linux bring to the table for these boxes?
Useful applications or just showing up for the hell of it?

Off-list, I have been informed that there ARE developers interested in
this architecture.

Below you suggest getting going with Power6 and 7, which are much
cheaper to purchase.

Would it be reasonable to look at this the other way around:

Develop the Power8 architecture now so that when prices fall later,
companies can then afford to buy them and immediately use a developed
and tested OpenBSD on them?

Chris Bennett




> and openbsd is my favorite server OS
> 
> BUT
> 
> no one is going to buy box from product line that starts at $11,000 (non-
> expandable entry level box) to run pf on 1 of its six cores.   That's 
> crazy talk.  And anu more usual power8 box is going to be $50K and up.  
> x86-64 would be much more cost effective for any app where OpenBSD shines 
> like web server, mail, dns, firewall, router, etc. and etc.
> 
> There is zero need, use or justification for openbsd on power8 in 2016.  
> People buy power8 because there is app that requires it or other Unix 
> with a (TM) after it.
> 
> For the low end expandable $26,000 each boxes, well at least a body only 
> need plug in two of the four 900W power supplies if only single six-core 
> cpu is installed,  can keep electric bill low that way. HA!
> 
> I especially like the comment about wanting openbsd port for power8 
> desktop or laptopsomeone never lifted a power8 chip plus heat sink I 
> can tell
> 
> What would be *useful* is Power6 port that could optionally run on later 
> models, some good deals on ebay with power7 going for $3k and up)But 
> IBM isn't going to help with that.

Re: USB mouse not working

[Daniel Cavanagh]

I've tried that and it doesn't help at all unfortunately. Although I
wouldn't have considered it a great solution since I actually want to use
USB 3 in Windows! And it would be a massive pain to toggle it every time I
switched between OSes

Thanks anyway for the suggestion

On Tue, 18 Oct 2016 at 21:13 Bojan Nastic  wrote:

> Have you tried disabling USB3 in the BIOS?
> Forcing USB2.0 helped with similar problems on my Thinkpad.
>
>
> > On 18 Oct 2016, at 07:18, Daniel Cavanagh 
> wrote:
> >
> > Hiya
> >
> > I'm having trouble getting my USB mouse to work in the latest snapshots.
> > Unless my memory is faulty, this mouse used to work only a few months ago
> >
> > I have noticed that the kernel disables the device at boot (see bold text
> > in dmesg below). I've tried disabling xhci, but that doesn't help. Other
> > than that, I'm not really sure what else to do. Does anyone know
> anything I
> > can try to fix or track down the root cause of this issue?
> >
> > I also have an 3.5mm audio in/out <-> USB converter that appears not to
> > work, again with the kernel disabling the device. I've not looked into
> this
> > one though. Perhaps it's the same issue
> >
> > Cheers :)

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Ralph Siegler]

On Tue, 18 Oct 2016 11:48:04 -0600, Jack J. Woehr wrote:

> Chris Bennett wrote:
>> Does anyone need a Power8?
> 
> Chris, this is the hottest high-end server in the IBM universe today.

> The Power8 *needs* OpenBSD because they don't have a really good
> firewalling regimen at that level.
> 

Ya know, I actually admin some AIX Power8 boxes besides the Linux and BSD 
at work, and put together the specs for two employer just purchased  for 
G/L application

and openbsd is my favorite server OS

BUT

no one is going to buy box from product line that starts at $11,000 (non-
expandable entry level box) to run pf on 1 of its six cores.   That's 
crazy talk.  And anu more usual power8 box is going to be $50K and up.  
x86-64 would be much more cost effective for any app where OpenBSD shines 
like web server, mail, dns, firewall, router, etc. and etc.

There is zero need, use or justification for openbsd on power8 in 2016.  
People buy power8 because there is app that requires it or other Unix 
with a (TM) after it.

For the low end expandable $26,000 each boxes, well at least a body only 
need plug in two of the four 900W power supplies if only single six-core 
cpu is installed,  can keep electric bill low that way. HA!

I especially like the comment about wanting openbsd port for power8 
desktop or laptopsomeone never lifted a power8 chip plus heat sink I 
can tell

What would be *useful* is Power6 port that could optionally run on later 
models, some good deals on ebay with power7 going for $3k and up)But 
IBM isn't going to help with that.

Because Theo de Raadt said that the buttons are for idiots?

[SOUL_OF_ROOT 55]

Because Theo de Raadt said that the buttons are for idiots?


http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mg/Attic/theo.c?rev=1.125

Peoples that participate in IRC of openbsd-br suggested for me ask this
here in openbsd misc and for the Theo de Raadt.

Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)

[Karel Gardas]

Hello Anton,

On Mon, Oct 17, 2016 at 11:25 PM,   wrote:
> Mon, 17 Oct 2016 18:00:39 +0200 Karel Gardas 
>> 1) use machine with proper ECC support
>
> Hello Karel,
>
> Please explain this "proper ECC support" for every laptop user out there?
> I am not sure my system implements "proper ECC support", how to validate?
> Can you advise why OpenBSD developers still run laptops if they lack ECC?

I've been replying based on past experience with what Tinker wrote to
this mailing list. From his posts I expected context of super-reliable
data storage on the server-class hardware. In this context non-ECC
system is simply a no go. By proper ECC support I mean system with
SECDED working at least. You are right that support for ECC in laptops
these days is pretty limited to vintage machines with UltraSPARC, some
PowerPC thinkpads (IIRC) and new machines with Xeon E3v5 from
Lenovo/Dell/HP/Fujitsu at least. OpenBSD devs are probably using what
is available to them like anybody else, don't they?

Cheers,
Karel

Intel/amd64 hardware donation.

[noah pugsley]

Today I found some hardware I forgot to rma a few months ago.

I'd be happy to donate it to the project if anyone can use it. Nothing
special.

2 x Intel Xeon X5570 Quad-Core Nehalem EP Processor 2.93GHz 6.4GT/s 8MB LGA
1366 CPU, OEM. New in package.

4 x Super Talent DDR3-1333 8GB/512Mx8 ECC/REG CL9 Samsung Chip Server
Memory. New also, never installed.

If anybody wants it please let me know.

--Noah P

Re: Failure to get unbound to talk to nsd on the same server (Solved)

[Johan Mellberg]

Hi all,

thanks for all the suggestions. However it turned out that all I needed to do 
was to add

domain-insecure: "my.domain"

to unbound.conf so that unbound would ignore the lack of DNSSEC of my internal 
domain. I have not paid much attention to DNSSEC until now, but it seems I may 
need to.

So, problem solved, onto the next one! ;-)

/Johan

On Wed, Oct 12, 2016 at 04:18:39PM +0300, Kapetanakis Giannis wrote:
> Hi, 
> 
> Haven't followed the whole thread and by just looking at the topic,
> I have a similar setup (carped as well) for caching DNS.
> 2 servers, 2 carped IPs.
> 
> This is how it works:
> 
> unbound.conf:
> interface: 127.0.0.1
> port: 53
> outgoing-interface: ext_ip
> access-control: local_networks
> do-not-query-localhost: no
> include: "/var/unbound/etc/stub_zones_insecure"
> include: "/var/unbound/etc/stub_zones"
> 
> stub_zones:
> stub-zone:
> name: "foo.example.com."
> stub-addr: 127.0.0.1@5678
> 
> stub_zones_insecure:
> domain-insecure: "foo.example.com."
> 
> insecure is for when you have network problems to be able to resolv
> otherwrise it hungs at DNSSEC (if you have it enabled). This is for local 
> zones only.
> 
> resolv.conf:
> nameserver 127.0.0.1
> 
> nsd.conf:
> ip-address: 127.0.0.1@5678
> zone:
>name: foo.example.com
>zonefile: /var/nsd/zones/slave/%s
>request-xfr: master_DNS_IP NOKEY
>allow-notify: master_DNS_IP NOKEY
> 
> pf.conf:
> # requests from local dns server (unbound)
> pass out quick on $dns1_if proto {tcp, udp} to $dns1_if:network port 53 
> modulate state (if-bound, no-sync) nat-to ($dns1_if)
> pass out quick on $dns1_if proto {tcp, udp} to any port 53 modulate state 
> (if-bound, no-sync) route-to ($dns1_if $dns1_gw) nat-to ($dns1_if)
> pass out quick on $dns2_if proto {tcp, udp} to $dns2_if:network port 53 
> modulate state (if-bound, no-sync) nat-to ($dns2_if)
> pass out quick on $dns2_if proto {tcp, udp} to any port 53 modulate state 
> (if-bound, no-sync) route-to ($dns2_if $dns2_gw) nat-to ($dns2_if)
> 
> # requests from clients (unbound)
> pass in quick on $dns1_if proto {tcp,udp} from $dns1_if:network to 
> ($dns1_carp) port 53 keep state rdr-to 127.0.0.1 reply-to $dns1_if
> pass in quick on $dns2_if proto {tcp,udp} from $dns2_if:network to 
> ($dns2_carp) port 53 keep state rdr-to 127.0.0.1 reply-to $dns2_if
> pass in quick on $dns1_if proto {tcp,udp} from  to ($dns1_carp) 
> port 53 keep state rdr-to 127.0.0.1 reply-to ($dns1_if $dns1_gw)
> pass in quick on $dns2_if proto {tcp,udp} from  to ($dns2_carp) 
> port 53 keep state rdr-to 127.0.0.1 reply-to ($dns2_if $dns2_gw)
> pass out quick on $dns1_if proto udp from 127.0.0.1 port 53 nat-to 
> ($dns1_carp)
> pass out quick on $dns2_if proto udp from 127.0.0.1 port 53 nat-to 
> ($dns2_carp)
> 
> # nsd 
> pass in quick on $dns1_if proto udp from $master_DNS to ($dns1_if) port 5678 
> keep state rdr-to 127.0.0.1 reply-to $dns1_if
> 
> hope these help. For me they work the last 2 years. They only problem I 
> haven't solved so far which requires a different setup is when you make a 
> change on the master and the unbound has the previous entry in the cache... 
> the cache has to expire.
> 
> 
> G

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Chris Bennett]

On Tue, Oct 18, 2016 at 11:48:04AM -0600, Jack J. Woehr wrote:
> Chris Bennett wrote:
> >Does anyone need a Power8?
> 
> Chris, this is the hottest high-end server in the IBM universe today.
> 
> It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under 
> many organizations.
> 
> IBM is currently energetically supporting Open Source development (as their
> vendors are becoming disillusioned about industry growth).
> 

Excellent.

> The Power8 *needs* OpenBSD because they don't have a really good firewalling 
> regimen at that level.
> 

Yes, that's a definite need!

> At the z/OS level, they have world-class stuff, but not around the
> neighborhood of IBM i, which is actually selling better than z/OS these
> days.
> 
> If you haunt the IBM world as I do, you'd realize that this could be a very
> big cash cow for OpenBSD supportniks if Mikael's idea flies.

Sounds very good.
I don't know IBM.
Energetically supporting Open Source does not always lead to (sadly)
"effectively" supporting Open Source. Linux !~ good security, but it's
becoming more and more "everywhere".

Do you think that the right-minded ( as in open-minded ) people are
there?

Given OpenBSD's reputation, I'm actually surprised that this is even
difficult, especially with the amount of profit IBM sees.

And 6 months to even get to talk to the right person! Shame on IBM!


A question I still have, how hard is adding this architecture going to
be? From what you said and what I saw quickly looking on IBM's site,
does seem to be worth adding.

Mikael, no disrespect intended in my email at all. Sometimes I come
across too harsh than I intend to.

Chris Bennett

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Jack J. Woehr]

Matthew Weigel wrote:

On 2016-10-18 12:43, Jack J. Woehr wrote:


Routing, firewalling, DMZing, net address translation, OpenSSL,


LibreSSL. :-)



My apologies, I sit corrected.

--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Matthew Weigel]

On 2016-10-18 12:43, Jack J. Woehr wrote:


Routing, firewalling, DMZing, net address translation, OpenSSL,


LibreSSL. :-)

--
 Matthew Weigel
 hacker
 unique & idempot . ent

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Jack J. Woehr]

Chris Bennett wrote:

Asking about what apps someone would run is a legitimate question.


Mikael, most Linux apps port to most OpenBSD flavors. Probably much of the 
OpenBSD ports
tree could easily be converted to a prospective little-endian Power8 OpenBSD. 
The very popular
(in the IBM i world) Perzl-on-PASE effort is probably more difficult and less 
satisfactory than porting
the OpenBSD ports tree would be to a prospective little-endian Power8 OpenBSD.

One would hope that IBM would lend support and some engineering assistance to 
the OpenBSD project in
the event of a little-endian Power 8 OpenBSD port being planned.

PASE: 
https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzalf/rzalfintro.htm
Perzl: http://perzl.org/

--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Jack J. Woehr]

Chris Bennett wrote:

Does anyone need a Power8?


Chris, this is the hottest high-end server in the IBM universe today.

It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under 
many organizations.

IBM is currently energetically supporting Open Source development (as their vendors are becoming disillusioned about 
industry growth).


The Power8 *needs* OpenBSD because they don't have a really good firewalling 
regimen at that level.

At the z/OS level, they have world-class stuff, but not around the neighborhood of IBM i, which is actually selling 
better than z/OS these days.


If you haunt the IBM world as I do, you'd realize that this could be a very big cash cow for OpenBSD supportniks if 
Mikael's idea flies.


--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)

[gwes]

On 10/17/2016 22:47, Tinker wrote:

[...]

If you have any thought about how make that happen feel free to share.

Anyhow in the absence of any such logic, just doing a
hardware reset is fine, it's just a bit constrained as
it comes without automated reporting that 
could be used to distinguish hardware/kernel issues 
from userland issues, which encourages hardware
replacement and userland software debugging beyond what's really 
necessary.


Tinker


The first option you should consider (if not already mentioned)
is a serial link from the console port to another system.
One could then construct some sort of periodic probe & response.
On failure, break into DDB and dump state, sync disks, and reboot.

One possibility would be to start a very small user process at
the highest prioritycommunicating with a process at normal
or slightly below priority.
The lower priority process would send a message every N seconds.
At T + (say) 10N the high priority process would kick off whatever
action you want.

Saving state to disk in a hung system is problematic.
Network communication is chancy.
Serial communication is ancient but effective.

Geoff Steckel

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Jack J. Woehr]

Mikael wrote:

Please describe the practical and technical utility and value, the
organization/social context, scope, duration, anything that is relevant to
motivate them.


Mikael, thanks for urging IBM to support OpenBSD. I've been  urging them to do 
so for about 15 years, good luck!

OpenBSD provides the most secure, mature, reliable, and actively maintained open source toolchain relating to TCP/IP 
networking.


Routing, firewalling, DMZing, net address translation, OpenSSL, OpenSSH, IPSec, spam blocking, and especially the open 
source
world's supreme packet filter all are part of the core OpenBSD mission and among the list of supported mission-critical 
applications.


If the organizational mission is sophisticated and secure use of the 
Internet/Intranet, OpenBSD should be stationed like
Horatio at the bridge as the nexus between the organization and the outside 
world.

While Linux offers a better end-user experience and arguably a more mature web 
development environment, OpenBSD stands
ready and able to guard your all-too-vulnerable Linux cloud. For that matter, 
the security regimen of OpenBSD almost without
a doubt surpasses that of IBM i itself.

--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Chris Bennett]

On Wed, Oct 19, 2016 at 12:35:13AM +0800, Mikael wrote:
> Hi everyone,
> 
> I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for
> adding support for this arch. After 6 months this got all the way to their
> Director of the Power(8) Ecosystem & Alliances, that is the highest
> executive for the whole arch. Just right now, she's asking for a motivation
> for IBM to donate - she asks:
> 
> 
> "It would be helpful to know where you are seeing requests for OpenBSD on
> Power and what applications on top of OpenBSD are being requested. We have
> not seen any requests as of yet from our target clients. "
> 
> 
> Can you please collect answers to this question and post them here in this
> thread, or PM them to me. I'll forward your responses and they'll decide
> whether to donate Power8 devices to OpenBSD, based on them.
> 
> ** Please tell the next 6-7 days!
> 
> Thanks!
> Mikael
> 

Forgive me if I've missed something on tech@.

Have you found any developers that want to develop this architecture?
That's definitely a lot of work!

If you've been working on this for 6 months, you should already know who
they are.

Your question seems poorly worded to get the kind of responses you need.
Does anyone need a Power8?
Why? Would be a good question. Why would a Power8 be a preferred
solution versus what they already have or currently plan to upgrade to?

Asking about what apps someone would run is a legitimate question.
I didn't look at any details about Linux running on it, but that might
make porting the same apps over to OpenBSD not too difficult.

I would guess, and only guess, that similar needs would be found by
OpenBSD users.

This thread should also be posted to tech@.

If IBM is serious, I doubt that replies within 6-7 days will make much
difference versus replies within a month.

Good luck,
Chris Bennett

WiFi is very slow or does not work

[François RONVAUX]

Hello,


I post here following the advice of jggimi, from
http://daemonforums.org.

I bought a small PC Engines APU2C4 [1][2] with the wle200nx wireless
module [3][4]. I installed OpenBSD 6.0 without any problems but I have
an issue with the wireless module : the "link" is very slow when I
successfully connect it (some times I can't).

My mobile phone is a Honor 5C (Android 6.0) and connect perfectly to
other WiFi Access Point (Raspberry Pi 3, various Internet boxes...) with
a speed up to 50 or 70 Mb/s. When I succeed to connect to my PC Engines,
my phone displays only 1 Mb/s speed link and the connection is not
usable : every apps and Web pages time out.

The strange thing is that with the PC Engines antennas, the power signal
is -28/32 dBm versus a "poor" -45/54 dBm on my Raspberry Pi 3. To avoid
channel interferences, I switched off the WiFi on my Internet box and
Raspberry Pi 3 with no changes.

Below is what I do...

I boot with an empty "/etc/hostname.athn0" file.


The status of the WiFi device...
francois@openbsd60 [19:01:19]:~$ ifconfig athn0
athn0: flags=8802 mtu 1500
lladdr XX:XX:XX:XX:XX:XX
index 4 priority 4 llprio 3
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid ""

Then I enter some commands to enable WiFi Access Point...
root@openbsd60 [19:08:03]:~$ ifconfig athn0 media autoselect mode 11g
mediaopt hostap nwid pcengines wpa wpaprotos wpa2 wpakey 123456789
root@openbsd60 [19:09:26]:~$ ifconfig athn0 192.168.50.1

And the status become...
root@openbsd60 [19:09:43]:~$ ifconfig athn0
athn0: flags=8843 mtu 1500
lladdr XX:XX:XX:XX:XX:XX
index 4 priority 4 llprio 3
groups: wlan
media: IEEE802.11 autoselect (OFDM6 mode 11a)
status: no network
ieee80211: nwid pcengines wpakey
0x17ddcbf015970cf8bacc8b0702bc2babeb14c93b63ad694f60b115033d055a4c
wpaprotos wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip
inet 192.168.50.1 netmask 0xff00 broadcast 192.168.50.255

Logically, WiFi should be 11g but it looks to be 11a ???

To force 11g mode, I have to enter a second time...
root@openbsd60 [19:22:52]:~$ ifconfig athn0 media autoselect mode 11g
mediaopt hostap


Then I start the dhcpd service...
root@openbsd60 [19:16:41]:~$ rcctl start dhcpd
dhcpd(ok)

Content of the config files...
root@openbsd60 [19:15:59]:~$ cat /etc/rc.conf.local
dhcpd_flags=athn0

root@openbsd60 [19:12:07]:~$ cat /etc/dhcpd.conf
option domain-name-servers 192.168.0.1;
default-lease-time 3600;
max-lease-time 86400;
authoritative;

subnet 192.168.50.0 netmask 255.255.255.0 {
range 192.168.50.10 192.168.50.100;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.50.255;
option routers 192.168.50.1;
option domain-name-servers 192.168.0.1;
option ntp-servers 192.168.0.1;

host honor5c {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address 192.168.50.10;
}
}

The firewall rules...
$ cat /etc/pf.conf
match out on em0 inet from athn0:network to any nat-to (em0) port 1024:65535
set skip on lo
block return# block stateless traffic
pass# establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010


IPv4 forwarding is enable in "/etc/sysctl.conf".

And my phone can (at the time where I write this message) join the Acces
Point but the speed is limited to 1 Mb/s and there is message about the
connection status : "no Internet connection".

I you have any clue...

I add the dmesg output in case you would find relevant informations.



root@openbsd60 [18:39:18]:~$ dmesg
OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261076992 (4063MB)
avail mem = 4127465472 (3936MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "88a4f96" date 03/07/2016
bios0: PC Engines apu2
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4)
UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.27 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPC
NT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMC
R8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Theo de Raadt]

misc never fails to deliver


> Well personally I don't think the matter concern me since I don't handle any 
> server.
> But I would love to use power8 PC as a desktop or laptop with OpenBSD. (If 
> that becomes a possibility in the future)
> The main reason is security. I don't trust Intel close source firmware etc
> 
> On Oct 18, 2016 7:35 PM, Mikael  wrote:
> >
> > Hi everyone, 
> >
> > I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for 
> > adding support for this arch. After 6 months this got all the way to their 
> > Director of the Power(8) Ecosystem & Alliances, that is the highest 
> > executive for the whole arch. Just right now, she's asking for a motivation 
> > for IBM to donate - she asks: 
> >
> >
> > "It would be helpful to know where you are seeing requests for OpenBSD on 
> > Power and what applications on top of OpenBSD are being requested. We have 
> > not seen any requests as of yet from our target clients. " 
> >
> >
> > Can you please collect answers to this question and post them here in this 
> > thread, or PM them to me. I'll forward your responses and they'll decide 
> > whether to donate Power8 devices to OpenBSD, based on them. 
> >
> > ** Please tell the next 6-7 days! 
> >
> > Thanks! 
> > Mikael 

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[g.pediaditis1983]

Well personally I don't think the matter concern me since I don't handle any 
server.
But I would love to use power8 PC as a desktop or laptop with OpenBSD. (If that 
becomes a possibility in the future)
The main reason is security. I don't trust Intel close source firmware etc

On Oct 18, 2016 7:35 PM, Mikael  wrote:
>
> Hi everyone, 
>
> I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for 
> adding support for this arch. After 6 months this got all the way to their 
> Director of the Power(8) Ecosystem & Alliances, that is the highest 
> executive for the whole arch. Just right now, she's asking for a motivation 
> for IBM to donate - she asks: 
>
>
> "It would be helpful to know where you are seeing requests for OpenBSD on 
> Power and what applications on top of OpenBSD are being requested. We have 
> not seen any requests as of yet from our target clients. " 
>
>
> Can you please collect answers to this question and post them here in this 
> thread, or PM them to me. I'll forward your responses and they'll decide 
> whether to donate Power8 devices to OpenBSD, based on them. 
>
> ** Please tell the next 6-7 days! 
>
> Thanks! 
> Mikael 

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Mikael]

2016-10-19 0:48 GMT+08:00 Kapetanakis Giannis :
>
> pf, relayd, bgpd ;)
>
> G
>
> ps. after the unlocking
>

Giannis, this is too little info to be useful.

Please describe the practical and technical utility and value, the
organization/social context, scope, duration, anything that is relevant to
motivate them.

Right now they have no idea so this is to inform them.

Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Kapetanakis Giannis]

On 18/10/16 19:35, Mikael wrote:

Hi everyone,

I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for
adding support for this arch. After 6 months this got all the way to their
Director of the Power(8) Ecosystem & Alliances, that is the highest
executive for the whole arch. Just right now, she's asking for a motivation
for IBM to donate - she asks:


"It would be helpful to know where you are seeing requests for OpenBSD on
Power and what applications on top of OpenBSD are being requested. We have
not seen any requests as of yet from our target clients. "


Can you please collect answers to this question and post them here in this
thread, or PM them to me. I'll forward your responses and they'll decide
whether to donate Power8 devices to OpenBSD, based on them.

** Please tell the next 6-7 days!

Thanks!
Mikael



pf, relayd, bgpd ;)

G

ps. after the unlocking

Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)

[Mikael]

Hi everyone,

I asked IBM to donate 4-10 Power8 servers to the OpenBSD Foundation, for
adding support for this arch. After 6 months this got all the way to their
Director of the Power(8) Ecosystem & Alliances, that is the highest
executive for the whole arch. Just right now, she's asking for a motivation
for IBM to donate - she asks:


"It would be helpful to know where you are seeing requests for OpenBSD on
Power and what applications on top of OpenBSD are being requested. We have
not seen any requests as of yet from our target clients. "


Can you please collect answers to this question and post them here in this
thread, or PM them to me. I'll forward your responses and they'll decide
whether to donate Power8 devices to OpenBSD, based on them.

** Please tell the next 6-7 days!

Thanks!
Mikael

Super slow read/write/boot flash with acpidump error also

[Chris Bennett]

I bought this 128GB flash about two months ago.
I installed i386 -current on it, but had horribly slow everything.
The i386 machine was very old, so I wrote it off ass maybe the machine.
Here I have a "newer" amd64. So I installed a much newer version of
amd64 -current.
Same issues.

I also get a message:
acpidump: RSDT entry 3 is corrupt

Didn't get that on i386, but -current i386 (older -current) may not show
that or was irrelevant to i386.

I have a passport USB hard drive that is USB3 but uses usb 2.1.
This new flash is USB3 but uses 2.1 also.

Passport works fine.
lsusb shows different minimum speeds, which might be the problem?

dmesg and lsusb -v shown below.

I added  comments to show each drive.

Thanks,
Chris Bennett


OpenBSD 6.0-current (GENERIC.MP) #0: Sun Oct 16 22:19:59 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4277862400 (4079MB)
avail mem = 4143681536 (3951MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f800 (48 entries)
bios0: vendor American Megatrends Inc. version "080014" date 01/13/2009
bios0: BIOSTAR Group A760G M2+
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) 
PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) UAR1(S1) P0PC(S4) UHC1(S4) 
UHC2(S4) UHC3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.48 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 2MB 64b/line 32-way L3 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: AMD erratum 721 detected and fixed
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.13 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 2MB 64b/line 32-way L3 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu1: AMD erratum 721 detected and fixed
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.13 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 2MB 64b/line 32-way L3 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu2: AMD erratum 721 detected and fixed
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) 9550 Quad-Core Processor, 2200.13 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,ITSC
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache, 2MB 64b/line 32-way L3 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu3: AMD erratum 721 detected and fixed
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (PCE2)
acpiprt3 at acpi0: bus -1 (PCE3)
acpiprt4 at acpi0: bus 2 (PCE7)
acpiprt5 at acpi0: bus 3 (P0PC)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpicpu2 at acpi0: C1(@1 halt!), PSS
acpicpu3 at acpi0: C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 127 degC

Re: SSHowDowN

[Peter Janos]

wow, thanks for the reply!


"At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server."


was this fixed meanwhile?

 

Sent: Tuesday, October 18, 2016 at 5:01 PM
From: "Christian Weisgerber" 
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 2016-10-18, "Peter Janos"  wrote:

> so having AllowTcpForwarding=NO would help.
>
> Why is it yes by default? someone requested it to be yes? does anybody
know?

It has always been like this. OpenSSH inherited it from Ylønen-SSH.

In the beginning, OpenSSH didn't even have a configuration option
to disable port forwarding. Sixteen years ago Markus committed the
diff I had submitted that added the AllowTcpForwarding option.

--->
CVSROOT: /cvs
Module name: src
Changes by: mar...@cvs.openbsd.org 2000/10/14 06:12:09

Modified files:
usr.bin/ssh : servconf.c servconf.h serverloop.c session.c
sshd.8

Log message:
AllowTcpForwarding; from naddy@
<---

At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server.

--
Christian "naddy" Weisgerber na...@mips.inka.de
 

Re: SSHowDowN

[Christian Weisgerber]

On 2016-10-18, "Peter Janos"  wrote:

> so having AllowTcpForwarding=NO would help.
>
> Why is it yes by default? someone requested it to be yes? does anybody know?

It has always been like this.  OpenSSH inherited it from Ylønen-SSH.

In the beginning, OpenSSH didn't even have a configuration option
to disable port forwarding.  Sixteen years ago Markus committed the
diff I had submitted that added the AllowTcpForwarding option.

--->
CVSROOT:/cvs
Module name:src
Changes by: mar...@cvs.openbsd.org  2000/10/14 06:12:09

Modified files:
usr.bin/ssh: servconf.c servconf.h serverloop.c session.c 
 sshd.8 

Log message:
AllowTcpForwarding; from naddy@
<---

At the time I was running an AnonCVS server and I had realized that
the anonymously connecting clients could use port forwarding to
bounce TCP connections off the server.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: SSHowDowN

[Theo de Raadt]

> shouldn't the default be "no" for the AllowTcpForwarding? Why is an
> insecure option "yes" by default?
> https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
> Thanks.
> 

this comes up post-authentication

if someone is authenticated, they can do just about everything else also

frankly, I don't think you have got a clear picture of the problem, which
is that even if we disable this, vendors will simply renable it anyways
and nothing changes.

Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)

[Alex French]

> This is an ARM SBC, it has no BMC and AFAIK no watchdog or other timer
> that can be programmed to cause a reboot, if you are aware of anything
> like that on ARM SBC:s let me know?

Watchdog timers are a somewhat common feature for SoCs designed for embedded
use. Look up the reference manual for your device, it might have one. If not,
you could implement your own as long as you can toggle a GPIO line. Here's a
device from Maxim Integrated that could work:

http://www.digikey.com/product-detail/en/maxim-integrated/MAX6373KA-T/MAX6373
KA-TCT-ND/948267

It ought to be fairly simple to wire up the watchdog input to a GPIO line and
the output to your RESET input, and it can be configured to have a long delay,
which is probably a good idea because it may take a while before you're booted
up enough to start sending heartbeat pulses.

Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)

[Stuart Henderson]

On 2016-10-17, Karel Gardas  wrote:
> 1) use machine with proper ECC support
> 2) man sendbug -- and following it report your OpenBSD kernel misbehavior

This can be a hard thing to report.

When the machine totally locks up, it is very difficult to get the information
needed to make a bug report, often it is not known exactly how to trigger it,
or whether it's software bug, bit flip, or a hardware fault.

Sometimes you can get useful information from monitoring the machine in the
run-up to a failure - symon (in ports) can be useful for logging things to a
remote machine at an interval which is often fast enough to give clues into
what might be happening. But unless you have a reproducible case, or something
which happens randomly but fairly often, you can be watching for a long time
and not really not exactly what to be monitoring.

On the other hand if you do have a *reproducible* way to trigger such a bug,
that's of great interest.


> On Mon, Oct 17, 2016 at 3:48 PM, Tinker  wrote:
>> Sometimes a machine goes unresponsive. In this case, a non-ECC RAM machine.
>>
>> The reason could be that something in the hardware or kernel failed, e.g. a
>> bit flip error [1].
>>
>> In this case (for a non-kernel developer), tough luck, and the proper thing
>> would be to reboot, and keep statistics over failures on that machine and
>> replace the hardware should the crashes go above some frequency threshold.

If you're not running an up-to-date release, please do so: stefan@'s work on
amap in the 5.9-6.0 timeframe certainly helps some cases - one of the post-6.0
errata might also apply with very large allocations, so 6.0-stable or -current
would be advisable.

Re: How assign some logic to handle system-gone-totally-unresponsive events (if not else then to enable admin with differentiated failure tracking between userland and hardware failures)

[Tinker]

Thanks for your remarks Anton (below).


What Anton said leads to an interesting question, which is, what 
characteristics does a program have to have to be sink-proof?


This is interesting to know for the design of a "supervisory program" 
whose only function is to check that another program is alive - if it 
froze shut it down, if it shut down restart it - and all the while not 
sink itself. That's all.


Sink-proof in the sense that the likelihood is as close to possible to 
zero that it would terminate or its execution otherwise would stop 
because the system would be out of memory, descriptors, fairly jammed 
kernel, whatever - if even swapping of binary and heap from resident RAM 
to disk could be prevented even that would be useful.



Any code examples or principles available?

Wild guesses: Keep it minimal and to only the absolute basics e.g. 
printf()/fprintf()/(f?)write()/(f?)read()/select() + fsync(), limited to 
output to console or serial IO only and to read from 'watchdog' pipe 
only, kill() + wait(), fork() + exec()/execve(), sysctl() to check and 
report free memory if relevant, only utilize buffers on the stack or 
allocated on process start, and don't do any malloc(), and.. run the 
supervisory program with lower niceness than the supervised program, 
and, run it as root??



Finally, the signal is preferably SIGQUIT as 
http://man.openbsd.org/sigaction.2 says that should produce a core dump. 
Yey!


(Best thing obviously is to run software that works.)

Tinker

On 2016-10-18 13:38, li...@wrant.com wrote:

Tue, 18 Oct 2016 12:40:10 +0800 Tinker 

Anton,

Thanks for your remarks and clarifications,

Sorry if the question not appeared perfectly clear from the beginning.

Reset by HW watchdog would not dump state. (Thanks for pointing out 
that

it exists though, wasn't aware.)


Hi Tinker,

In this case, you most probably need to make sure you go though a 
graceful
(non crash / panic) OS halt resulting in the required level of state 
keep.



I see the rationality in your suggestion that BSD/Unix is a thinner
abstraction than as to contain userland failure handling logics (i.e.
userland is presumed to work).


If processes die out of program error / get killed because they exceed 
the
allowed resource allocated, a dedicated process that monitors them and 
for
the most common case optionally restarts / respawns them - known as 
system
supervisor program, see: 
https://en.wikipedia.org/wiki/Supervisory_program
This is a common problem usually also solved for system services / 
daemons
via privilege separation where a parent minimal process runs background 
as
high privileged program, and a child / separate process runs user level 
as
the program that can get abused or suffer unexpected operating 
conditions.
What you're probably thinking like is a form of system monitor, which 
in a
UNIX like system is typically realised as resource limits and 
supervisors.
Here is another article: 
https://en.wikipedia.org/wiki/Process_supervision



Also I agree the best thing is that userland never breaks the system.
This might be realistic. I had some experiences with machines that 
died

totally because of userland, that's why I raised this topic at all.


Yes, I know what you mean, however, this is not the design of the OS, 
that
should factor in incorrect / poor programs, they're supposed to hit a 
hard
limit and terminate / die suddenly with an explicit error.  Then 
depending
on the software stack arrangement depending mostly on the skills of the 
op
or dev, the system could continue running as expected with a re-spawned 
or
other state processes table.  Further, you can devise a special monitor 
of
the system running parameters and make automated decisions / system 
calls.


In the presence of some occasional userland crashes, I still think 
there

is relevance in the idea of a kernel-level "watchdog" that dumps state
and reboots at timeout.


Probably, and most probably such a mechanism may exist in the kernel 
level
around the panic / kernel debugger code, you have to ask and look 
further.


I'm in a place where I'm running a piece of inhouse software that can 
be

heavy. Using the HW watchdog would not help me distinguish userland vs
kernel issue. Implementing own "I'm alive" reporting from userland to
the network would however, though, such a solution would not get the
dump which would inform exactly where the actual halt happened.


You MUST have some resource limits, or another mechanism to guard 
runaway.



So basically just a kernel patch to do the "ps", "trace /u", "boot
reboot" ddb(4) commands, when "echo >> /dev/kernelwatchdog" not 
happened

for 60 secs.


You may be overly simplifying this, I know what you meant yet the 
concepts
of SoftECC were a mislead, and I was interested if somebody would 
discuss.


Kind regards,
Anton


Anyhow, very sorry that you felt this bothered you - Have a good day!!
Tinker

On 2016-10-18 11:52, li...@wrant.com wrote:
> Tue, 18 

Re: USB mouse not working

[Bojan Nastic]

Have you tried disabling USB3 in the BIOS?
Forcing USB2.0 helped with similar problems on my Thinkpad.


> On 18 Oct 2016, at 07:18, Daniel Cavanagh 
wrote:
>
> Hiya
>
> I'm having trouble getting my USB mouse to work in the latest snapshots.
> Unless my memory is faulty, this mouse used to work only a few months ago
>
> I have noticed that the kernel disables the device at boot (see bold text
> in dmesg below). I've tried disabling xhci, but that doesn't help. Other
> than that, I'm not really sure what else to do. Does anyone know anything I
> can try to fix or track down the root cause of this issue?
>
> I also have an 3.5mm audio in/out <-> USB converter that appears not to
> work, again with the kernel disabling the device. I've not looked into this
> one though. Perhaps it's the same issue
>
> Cheers :)

Re: SSHowDowN

[Peter Janos]

having the username for password is yes, almost the biggest retarded idiotism
in 2016, but disabling AllowTcpForwarding by default could help a little and a
little in this case is big.

I hope this admin user doesn't have permission to change shell, etc.. And in
this general case (iot) , they have /sbin/nologin, so hopefully not.

That's why AllowTcpForwarding=no by default could help in general.  

heck, it even has a CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1653



Sent: Tuesday, October 18, 2016 at 11:05 AM
From: "Christian Gruhl" 
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 10/18/2016 10:56 AM, Peter Janos wrote:
> sometimes I send mails in HTML format, sorry for that, mail.com has this by
> default..
>
> so the PDF also states that the "admin" user had /sbin/nologin for shell
>
> --
> http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5
...
> Note that disabling TCP forwarding does not improve security unless users
are
> also denied shell access
>
> so having AllowTcpForwarding=NO would help.
>
> Why is it yes by default? someone requested it to be yes? does anybody
know?
>
> Thanks.

See the DenyUsers option for sshd_config:
http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5[http://man.openbsd.
org/OpenBSD-current/man5/sshd_config.5] That should
allow you to prevent
the forwarding as well.

Using tcp forwarding is allows to establish secure tunnels between
systems that are not directly reachable without the need for a full
blown vpn. But this is just my opinion.
 

Re: SSHowDowN

[Christian Gruhl]

On 10/18/2016 10:56 AM, Peter Janos wrote:
> sometimes I send mails in HTML format, sorry for that, mail.com has this by
> default..
> 
> so the PDF also states that the "admin" user had /sbin/nologin for shell
> 
> --
> http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5
...
> Note that disabling TCP forwarding does not improve security unless users are
> also denied shell access
> 
> so having AllowTcpForwarding=NO would help.
> 
> Why is it yes by default? someone requested it to be yes? does anybody know?
> 
> Thanks.

See the DenyUsers option for sshd_config:
http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 That should
allow you to prevent
the forwarding as well.

Using tcp forwarding is allows to establish secure tunnels between
systems that are not directly reachable without the need for a full
blown vpn. But this is just my opinion.

Re: SSHowDowN

[Peter Janos]

sometimes I send mails in HTML format, sorry for that, mail.com has this by
default..

so the PDF also states that the "admin" user had /sbin/nologin for shell

--
http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5
 AllowTcpForwarding
Specifies whether TCP forwarding is permitted. The available options are
yes (the default) or all to allow TCP forwarding, no to prevent all TCP
forwarding, local to allow local (from the perspective of ssh(1)) forwarding
only or remote to allow remote forwarding only. Note that disabling TCP
forwarding does not improve security unless users are also denied shell
access, as they can always install their own forwarders.
--
-->>
Note that disabling TCP forwarding does not improve security unless users are
also denied shell access

so having AllowTcpForwarding=NO would help.

Why is it yes by default? someone requested it to be yes? does anybody know?

Thanks.
 


Sent: Tuesday, October 18, 2016 at 10:46 AM
From: "Christian Gruhl" 
To: misc@openbsd.org
Subject: Re: SSHowDowN
On 10/18/2016 10:41 AM, Sol��ne Rapenne wrote:
> Le 2016-10-18 10:35, Peter Janos a ��crit :
>> shouldn't the default be "no" for the AllowTcpForwarding? Why is an
>> insecure option "yes" by default?
>>
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshow
down-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pd
f
>>
>> Thanks.
>
> from sshd_config(5)
>
> AllowTcpForwarding
> Specifies whether TCP forwarding is permitted. The available
> options are yes (the default) or all to allow TCP
> forwarding, no
> to prevent all TCP forwarding, local to allow local (from the
> perspective of ssh(1)) forwarding only or remote to allow
> remote
> forwarding only. Note that disabling TCP forwarding does not
> improve security unless users are also denied shell access, as
> they can always install their own forwarders.
>

Also the article states that "We checked our factory-defaulted device
and noticed that the ���admin:admin��� credential pair allows
us to connect to the web-based configuration interface."

Using such a weak password is more likely the problem, than the enabled
TCP forward.

[demime 1.01d removed an attachment of type application/pkcs7-signature which
had a name of smime.p7s]
 

Re: SSHowDowN

[Christian Gruhl]

On 10/18/2016 10:41 AM, Solène Rapenne wrote:
> Le 2016-10-18 10:35, Peter Janos a écrit :
>> shouldn't the default be "no" for the AllowTcpForwarding? Why is an
>> insecure option "yes" by default?
>>
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshow
down-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pd
f
>>
>> Thanks.
>
> from sshd_config(5)
>
>  AllowTcpForwarding
>  Specifies whether TCP forwarding is permitted.  The available
>  options are yes (the default) or all to allow TCP
> forwarding, no
>  to prevent all TCP forwarding, local to allow local (from the
>  perspective of ssh(1)) forwarding only or remote to allow
> remote
>  forwarding only.  Note that disabling TCP forwarding does not
>  improve security unless users are also denied shell access, as
>  they can always install their own forwarders.
>

Also the article states that "We checked our factory-defaulted device
and noticed that the “admin:admin” credential pair allows
us to connect to the web-based configuration interface."

Using such a weak password is more likely the problem, than the enabled
TCP forward.

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: SSHowDowN

[Solène Rapenne]

Le 2016-10-18 10:35, Peter Janos a écrit :

shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Thanks.


from sshd_config(5)

 AllowTcpForwarding
 Specifies whether TCP forwarding is permitted.  The 
available
 options are yes (the default) or all to allow TCP 
forwarding, no
 to prevent all TCP forwarding, local to allow local (from 
the
 perspective of ssh(1)) forwarding only or remote to allow 
remote
 forwarding only.  Note that disabling TCP forwarding does 
not
 improve security unless users are also denied shell access, 
as

 they can always install their own forwarders.

SSHowDowN

[Peter Janos]

shouldn't the default be "no" for the AllowTcpForwarding? Why is an
insecure option "yes" by default?
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
Thanks.

Re: pf on carp backup resets connection after failover

[Robert Paschedag]

Hello @misc,

Just some further information on this.

When I stop relayd and enter the pf rules like relayd does with
its anchor, then it's - more or less - working as expected.

When I start an upload within an SFTP session and failover, then
the session is "stalled" nearly forever. When I set the
tcp.established to 60 (instead of 600), then the "state" times
out but the SFTP client starts reconnecting after a while
(about 2-3 minutes) and the sessions keeps running.

So it looks like relayd is "terminating" the session when
carp fails over. With relayd and doing a carp failover, I get
an

Broken pipe. Connection reset by peer

immediately.

I just want to know, if this is a normal behaviour with this setup.

Thanks.

Robert


> Gesendet: Mittwoch, 12. Oktober 2016 um 14:21 Uhr
> Von: "Robert Paschedag" 
> An: "Robert Paschedag" 
> Cc: misc@openbsd.org
> Betreff: Aw: Re: pf on carp backup resets connection after failover
>
> This time it should be better. Again sorry..
>
>
> Hi all,
>
> basically, if have exactly this problem already described here
>
(https://groups.google.com/forum/#!topic/bit.listserv.openbsd-pf/yZn4EUjxwfY)
.
> But because there is no answer since 2009, I'll give it a try.
>
> The setup of the 2 servers is also the same as in the other thread
> only exception is, that my boxes are behind a "master" firewall
> which I do not manage.
>
> I have 2 OpenBSD 6.0 servers that should just act as a load balancer
> for SFTP connections. We use DSR mode because huge files get
> downloaded from the SFTP servers and don't want the "load" to
> pass completly through the OpenBSD load balancers.
>
> Everything is working as long as I don't do a failover to the backup
system.
> In this situation, I see, that the "new" carp master "resets" the
connection
> of the client. Immediatly opening a new SFTP sessions then works as
> expected through the "new" carp master.
>
> This is my /etc/pf.conf (identical on both). Still testing..
>
> # cat /etc/pf.conf
> carp_if = "vmx0"
> sync_if = "vmx1"
> # already allow pfsync and carp protocols
> pass quick on $sync_if proto pfsync keep state (no-sync)
> pass on $carp_if proto carp keep state (no-sync)
> # allow relayd to communicate with pf and set rules
> anchor "relayd/*"
>
> And this is the relayd.conf
>
> log updates
> prefork 5
> fx_vip = "VIP"
> table  {
> "host1"
> "host2"
> }
> redirect FX-SFTP {
> listen on $fx_vip port 22 interface vmx0
> route to  check tcp interface vmx0
> sticky-address
> }
>
> This is the "ruleset" (identical on both) after reloading pf
>
> # pfctl -a '*' -s rules
> pass quick on vmx1 proto pfsync all keep state (no-sync)
> pass on vmx0 proto carp all keep state (no-sync)
> anchor "relayd/*" all {
>   anchor "FX-SFTP" all {
> pass in quick on vmx0 on rdomain 0 inet proto tcp from any to VIP port =
22
> flags any keep state (sloppy, tcp.established 600)
> route-to @vmx0 round-robin sticky-address
>   }
> }
>
> When the first connection is made, I see the state on the
> backup carp machine. But with slightly different content.
>
> This is on "master"
>
> all tcp VIP:22 <- CLIENT:43334   ESTABLISHED:ESTABLISHED
>[0 + 1]  [946261580 + 2]
>age 00:00:35, expires in 00:09:37, 16:0 pkts, 913:0 bytes, anchor 2, rule
2, sloppy
>id: 57fbd552a2b4 creatorid: d4cdd00a
>
> "expires" is 10 minutes (tcp.established 600) and I see the anchor and rule
> which generated state
>
> This in on "backup"
>
> all tcp VIP:22 <- CLIENT:43334   ESTABLISHED:ESTABLISHED
>[0 + 1]  [946261580 + 2]
>age 00:00:32, expires in 23:59:41, 0:0 pkts, 0:0 bytes, sloppy
>id: 57fbd552a2b4 creatorid: d4cdd00a
>
> expires is 1 day (?) and "backup" did not yet see any packes.
>
> Now, how can I get this to work, so the sessions won't be terminated
> in case of a failover.
>
> Every help will be appreciated.
>
> Kind regards,
> Robert
>
>
> > Gesendet: Mittwoch, 12. Oktober 2016 um 14:18 Uhr
> > Von: "Robert Paschedag" 
> > An: misc@openbsd.org
> > Betreff: Re: pf on carp backup resets connection after failover
> >
> > Sorry for this bad web mailer formatting. I didn't want that.Am 12.10.2016
2:08 nachm. schrieb Robert Paschedag :
> > >
> > > Hi all, basically, if have exactly this problem already described
here(https://groups.google.com/forum/#!topic/bit.listserv.openbsd-pf/yZn4EUjx
wfY).But
> > > because there is no answer since 2009, I'll give it a try. The setup of
> > > the 2 servers is also the same as in the other threadonly exception is,
> > > that my boxes are behind a "master" firewallwhich I do not manage. I
have
> > > 2 OpenBSD 6.0 servers that should just act as a load balancerfor SFTP
> > > connections. We use DSR mode because huge files getdownloaded from the
> > > SFTP servers and don't want the "load" topass completly through the
> > > OpenBSD load balancers. Everything is working as long as I 

USB mouse not working

[Daniel Cavanagh]

Hiya

I'm having trouble getting my USB mouse to work in the latest snapshots.
Unless my memory is faulty, this mouse used to work only a few months ago

I have noticed that the kernel disables the device at boot (see bold text
in dmesg below). I've tried disabling xhci, but that doesn't help. Other
than that, I'm not really sure what else to do. Does anyone know anything I
can try to fix or track down the root cause of this issue?

I also have an 3.5mm audio in/out <-> USB converter that appears not to
work, again with the kernel disabling the device. I've not looked into this
one though. Perhaps it's the same issue

Cheers :)

OpenBSD 6.0-current (GENERIC.MP) #2473: Sun Sep 18 23:24:19 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17118060544 (16325MB)
avail mem = 16594767872 (15826MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xee310 (26 entries)
bios0: vendor American Megatrends Inc. version "P1.80" date 10/24/2014
bios0: ASRock 970 Pro3 R2.0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG AAFT HPET SSDT IVRS BGRT
acpi0: wakeup devices SBAZ(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4)
UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PC02(S4) PC04(S4) PC09(S4) PC0A(S4)
PC0B(S4) PC0D(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD FX(tm)-8320 Eight-Core Processor, 3492.88 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN
T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI
CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE
XT,ITSC,BMI1
cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB
64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN
T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI
CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE
XT,ITSC,BMI1
cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB
64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN
T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI
CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE
XT,ITSC,BMI1
cpu2: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB
64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache
cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 19 (application processor)
cpu3: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN
T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI
CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE
XT,ITSC,BMI1
cpu3: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB
64b/line 16-way L2 cache, 8MB 64b/line 64-way L3 cache
cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully
associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 20 (application processor)
cpu4: AMD FX(tm)-8320 Eight-Core Processor, 3492.49 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCN
T,AES,XSAVE,OSXSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPI
CSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPE
XT,ITSC,BMI1