Kernel Panic
I login on root to restart the network and the system crashed. What I did: - Login with root on ttyC0 - Tell dhcp that I wanted dns to localhost: # echo "supersede domain-name-servers 127.0.0.1;" >> /etc/dhclient.conf - Then restarted the net: # sh /etc/netstart After that the system crashed. Here's the log: panic: pod_do_get: mcl9k free list modified: page 0xff0038f8; item addr 0xff0038f90218; ofset 0x0= 0921ff7e91d5d342f Stopped at Debugger+0x9: leave TID PID UID PRFLAGS PFLAGS CPU COMMAND debugger() at debugger+0x9 panic() at panic+0xfe pool_do_get() at pool_do_get+0x2ee pool_get() at pool_get+0xb5 m_clget() at m_clget+0x51 re_newbug() at re_newbug+0x34 re_rx_list_fill() at re_rx_list_fill+0x3a re_rxeof() at re_rxeof+0x334 re_intr() at re_intr+0x189 intr_handler() at intr_handler+0x28 Xintr_ioapic_edge22() at Xintr_ioapic_edge22+0xc9 --- interrupt --- acpicpu_idle() at acpicpu_idle+0x209 cpu_idle_cycle() at cpu_idle_cycle+0x10 end trace frame: 0x0, count:2 I forced the reboot and had to manually run fsck_ffs(8) on /dev/sd0k (my /home/). After that the system booted just fine. Here's the dmesg, if you need more informations let me know: OpenBSD 5.9 (GENERIC) #1761: Fri Feb 26 01:15:04 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 8443473920 (8052MB) avail mem = 8183418880 (7804MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (93 entries) bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013 bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT DMAR SSDT SSDT acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) PS2K(S4) PS2M(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus 1 (PEG0) acpiprt5 at acpi0: bus -1 (PEG1) acpiprt6 at acpi0: bus -1 (PEG2) acpiprt7 at acpi0: bus -1 (PEG3) acpiprt8 at acpi0: bus 5 (RP04) acpiprt9 at acpi0: bus 3 (RP03) acpiprt10 at acpi0: bus 4 (PXSX) acpiec0 at acpi0: not present acpicpu0 at acpi0: C3(350@80 mwait.1@0x20), C2(500@59 mwait.1@0x10), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: FN00, resource for FAN0 acpipwrres1 at acpi0: FN01, resource for FAN1 acpipwrres2 at acpi0: FN02, resource for FAN2 acpipwrres3 at acpi0: FN03, resource for FAN3 acpipwrres4 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 106 degC acpitz1 at acpi0: critical temperature is 106 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 ppb0 at pci0 dev 1 function 0 "Intel Core 3G PCIE" rev 0x09: msi pci1 at ppb0 bus 1 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 2500" rev 0x09 drm0 at inteldrm0 inteldrm0: msi inteldrm0: 1920x1080 wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x05: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x05: msi azalia0: codecs: VIA/0x0397 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb5: msi pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 2 "Intel 82801BA Hub-to-PCI" rev 0xb5: msi pci3 at ppb2 bus 3 ppb3 at pci3 dev 0 function 0 "ASMedia ASM1083/1085 PCIE-PCI" rev 0x03 pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb5: msi pci5 at
6.0 lyrics
I'm impressed. Great job on the music and artwork, I'm sure the cyberpunk community screaming right now. It's a great contemporary remake of a classic work that marked a generation. Congrats for everyone that worked on this.
Re: where is the image of openbsd arm ?
Too much noise folks. Hardware discussion does not belong to misc@. Please try go to other mailing list, maybe people in openbsd-arm will like this hardware related discussion, but not here. Thanks.
Re: OpenBSD on SBC?
There's some reports of Minnowboard Max working with OpenBSD: http://web.archive.org/web/20150705061723/http://countersiege.com/2015/02/22/minnowboard_max_openbsd.html
Re: Impossibility of cryptographic verification of downloads
>Anything else, that has PGP keys and such. Good luck! It's curious you say this Theo, since OpenSSH already uses PGP to sign the releases... no? Web of Trust wouldn't minimize the probablity of corrupted packages? What makes you think that the main server (openbsd.org) cannot not be pwned? Just asking because I don't really understand the crypto theory behind it all, but I didn't read any elaborated argument besides a big "NO" from openbsd community about use of TLS and PGP for packages.
Re: Suggestion: new webpage for openbsd.org
>Is this thread to be taking serious? That's exactly my thought, Mihai. I think this thread fall under the "Poe's Law": https://en.wikipedia.org/wiki/Poe%27s_law >lists () wrant ! com wrote: >As most development is done on mobile phones these days This doesn't mean the only sane operating system these days need to get inside this mobile madness too. What's the next step here? Put all the content under javascript? Use CloudFlare? Oh, get Open Sans from Google servers, sure. Nice css from html5doctor.com , by the way. If someone are going to implement it, at least remove the reset.css and the google font. Serious, that's disgusting. Could also put the css inline with
Re: Suggestion: new webpage for openbsd.org
>I think it's more important to have good mobile support than perfect console browser support. I agree with Kamil, this is not a community for Iphone hipsters. Stop trying to push your user centered design bullshit. Also, no requests for outside servers should be done, and your template uses google font. Many people here use text-based browsers daily. There's many reasons to do that: speed, security, don't require Xenocara, etc.
Re: TLS now supported on openbsd.org?
>So >is their an agenda or just many idiots who see TLS=security and don't >see lack of secure cookie usage and XSS vulnerabilities (now protected >by SSL everywhere) meaning a site is likely exploitable in other ways!! You guys should seriously check "Nirvana fallacy".
Re: TLS now supported on openbsd.org?
Just in case someone don't know, there's a non root-required client for Let's Encrypt: https://github.com/diafygi/letsencrypt-nosudo There's some perl scripts too, so you don't have to download python. Also, after you generate and sign the certificate, you don't have to keep the script.
apache-httpd-openbsd?
try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz
TLS now supported on openbsd.org?
It's great to see OpenBSD Project supporting Let's Encrypt. I don't know if you folks still configuring it, but there's some points that I noticed: - I don't know in modern browsers, but Links 2.12 say that the certificate is not valid. It's just old browsers, or firefox also have this same problem? - The RSA is 4096 bits. If I remember correctly, reyk@ said once that 4096 is overkill. Any specific reason to use 4096 instead of 2048? - Do you plan to support ftp.openbsd.org? Would be great to download packages with more security
Re: non-wintel hardware choices
Why is ARM not mentioned? patrick@ seems to be doing a great job on this port. Bitrig is also a thing. i.MX6 processor seem well supported and could easily run desktop stuff like HD videos. I think ODROID-C1 run already, no? It's just $35 last time I checked. Sabrelite is the standard for i.MX6, though.
Re: systrace removed? Why?
I know about the pledge(2) development, but systrace and pledge are not mutually exclusive. Pledge need to be used inline, where systrace can be used as a command line tool. If you remove it, many scripts that use systrace for privilege reduction will broke. Of course, you can put it on packages, but if you follow this logic, shouldn't other tools be also removed and be on packages? banner(1) for example, is kind useless. The cpan(1) pkg manager from perl also could be in packages. Same with sqlite3, I think. Or telnet, since almost no one uses it anymore. Etc.
systrace removed? Why?
Why?
Re: Firefox Crashes; slow xfce
I think the problem is with firefox itself. tedu@ wrote a post about this: http://www.tedunangst.com/flak/post/firefox-vs-rthreads Since the code is so bloated, no one will ever waste time trying to fix all the issues. Just switch to some other browser, there's plenty of options. I'm using Links 2.12 on -stable and it works fine for my needs. But there's also Xombrero if you need javascript support.
Re: Firefox Crashes; slow xfce
Try to raise your aperture driver level to give your gpu more privileges: # sysctl machdep.allowaperture=2 You can read more about the other levels on man pages (type "man xf86").
Re: can't upgrade using the last snapshot
I have network connectivity and DNS seems Ok. The build is 1459828632, from Apr 5. And now the system is broken (panic): Stopped at debugger+0x9: leave debugger() at debugger+0x9 panic() at panic+0xfe setroot() at setroot+0xa59 diskconf() at diskconf+0xe3 main() at main+0x538 Sorry, but I can't keep this. I need to have something (at least) working, and snapshots are not. I'll just switch to stable.
can't upgrade using the last snapshot
The snapshot can't find the mirror. It prints: "no address associated with this name". I have tried many mirrors (inclusing the mother, ftp.openbsd.org), none work for me. I has been a hard time to work with snapshots since last month... many bugs. I'm using snapshots to help reporting bugs, of course, so I know that this kind of situation will happen some times. But, I can't crash the system everytime I do a new upgrade... I think it's time to just use stable.
Re: libc issues on last snapshot
Solved for me on build 1459134312. Thanks.
Re: libc issues on last snapshot
Same problem with build 1458662970. Anyone experiencing this same problem? I need to know if this is a hardware problem or if this have something to do with a build fail.
libc issues on last snapshot
I did three installations, using install59.fs. In all of them I had problems with libc. The two first I could not boot due to "can't load library libc.so.85.o". The other I could not install packages because "library c.84.2 not found". The build is 1458628644 - Tue Mar 22 06:37:24 UTC 2016. I used a flash device with install59.fs from ftp.openbsd.org. SHA256 checked. Maybe a hardware problem? Other systems boot normally (debian live, for example). This is a old dmesg from the same machine, since I can't boot from openbsd: OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16481857536 (15718MB) avail mem = 15978151936 (15237MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries) bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013 bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) PEG0(S4) \ PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) PS2K(S4) PS2M(S4) \ [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D \ S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2 \ ,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR \ AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D \ S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2 \ ,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR \ AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D \ S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2 \ ,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR \ AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,D \ S,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2 \ ,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDR \ AND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus 1 (PEG0) acpiprt5 at acpi0: bus -1 (PEG1) acpiprt6 at acpi0: bus -1 (PEG2) acpiprt7 at acpi0: bus -1 (PEG3) acpiprt8 at acpi0: bus 5 (RP04) acpiprt9 at acpi0: bus 3 (RP03) acpiprt10 at acpi0: bus 4 (PXSX) acpiec0 at acpi0: not present acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: FN00, resource for FAN0 acpipwrres1 at acpi0: FN01, resource for FAN1 acpipwrres2 at acpi0: FN02, resource for FAN2 acpipwrres3 at acpi0: FN03, resource for FAN3 acpipwrres4 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 106 degC acpitz1 at acpi0: critical temperature is 106 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 ppb0 at pci0 dev 1 function 0 "Intel Core 3G PCIE" rev 0x09: msi pci1 at ppb0 bus 1 inteldrm0 at pci0 dev 2
Re: some problems with disks
Thanks for the help Jiri and dan.
Shoudn't full disk encryption be a option on installer?
I'm using softraid_crypto for full disk encryption for about one year now. I used this on a low end Core2Duo and noticed absolutely *no* performance hit. I also use this on a newer platform and, again, no performance problems. It's stable too, no issues on booting. I know some high intensive servers/routers and old machines with old hard drivers can have serious performance decrease due to this, but this could be at least a option on installer, I think. The developers have any arguments against this? Why not? I think this is a great security improvement, specially for a notebook user.
some problems with disks
I'm having some problems with disks. Probably because I still don't understand enough of how BSD manage them: 1. I was going to install -current on a USB flash drive. I did the install media using install59.fs and booted. I scape from installer to shell because I wanted to wipe the drive using dd(1) and to create a RAID partition (for FDE). I could not find the disk on /dev/, however. The system print on screen that the disk is located at "sd5" interface ("dmesg | grep sd" confirm this), but I cound not find it using "disklabel /dev/sd5". The only interfaces there was sd0 and wd0, none was my disk. How can I find it? The ./install script can find the sd5 normally, but I can't find it manually. 2. I gave up of the FDE idea temporarily and I just did the install normally. No problem to install, but the speed of the system was too slow... at the point that it was basically unusable (>4 hours to install 10 packages and ~4 minutes to startx). The device, a USB flash drive, have about 10MB/s write speed. It's kinda slow, but I don't think this was the cause of the slowliness. I checked the signature of the snapshot and the installed sets had no problem with SHA256 too, so it's not a problem with corrupted snapshot. 3. When procceding to wipe the disk on my desktop (openbsd -current too) I cound not do this. This time I could find sd5 using disklabel, but: # dd if=/dev/arandom of=/dev/sd5 bs=4096 /: write failed, filesystem is full dd: /dev/sd5: No space left on device The same happen on rsd5. When trying to wipe just one partition: # dd if=/dev/arandom of=/dev/rsd5c Operation not permitted The message show after just some seconds (the disk has 7.2GB) and the partitions still there, so I know that dd did not work. I thought it was something to do with my kern.securelevel, but when to down from 2 -> 1 got the same permission problem: # sysctl kern.securelevel=1 sysctl: kern.securelevel: Operationg not permitted dmesg: penBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16481857536 (15718MB) avail mem = 15978151936 (15237MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries) bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013 bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) PS2K(S4) PS2M(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.47 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0,
Re: e-commerce framework suggestion? medoc?
So, I'll probably use Ubercart. Thanks everyone. The "Django" software seems good too 'Mariano', I'll read more on that. About the laws and regulations 'Dave', I will need to see that. Here in my country we have all these regulations too. Thanks for the advice.
e-commerce framework suggestion? medoc?
I'm currently deciding to do a "e-commerce" website. I noticed that OpenBSD Store use a software from medoc.com. If not medoc, do you guys have any other suggestion for e-commerce framework? It have to be open source, because I can't pay a service now (and I woudn't trust them anyway). The idea is to be secure as possible (I know it's difficult with all this sql/php madness). I'll, of course, use httpd(8) on -stable. Regards.
Re: root access after failed fsck
Wow, that's new to me. Thanks. Anyway, I still think that this "password rescue" should not be allowed by default. I know operating systems can do very little to prevent physical problems like side-channel attacks, but this is not the case, and this does not mean that the OS should not make it harder the attacks even if someone have physical access. There's systems, from what I remember (HP servers, I think), that allow remote control based on firmware. One could use this escape "feature" to get your root, without physical access. Same for hosts services. Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is real encryption, there's not a back door or magic unlocking tool." why exactly the root should be different? If one lost his passphrase, it's his fault. I thought the philosophy was "secure by default", even if this make the "computer difficult to manage properly".
root access after failed fsck
Some minutes ago I had a energy blackout here in my city. I was running OpenBSD. When I booted after energy came back, the system did the usual fsck. But this time something went wrong and he just escaped to root, without asking for any passphrase. The system did a question like "point the path to sh", and I just typed "/bin/sh" and he gained access to root. I think this is a serious security problem folks. I have softraid_crypto, so no problem for me, but one could (probably) induce this failure to access root when no FDE configured and he have physical access (or remove, who know with all these Intel AMT microcodes). The /var/log/ have none logs about it, all I can show is the dmesg (if you need more information, just ask): OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16481857536 (15718MB) avail mem = 15978151936 (15237MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries) bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013 bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) PS2K(S4) PS2M(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus 1 (PEG0) acpiprt5 at acpi0: bus -1 (PEG1) acpiprt6 at acpi0: bus -1 (PEG2) acpiprt7 at acpi0: bus -1 (PEG3) acpiprt8 at acpi0: bus 5 (RP04) acpiprt9 at acpi0: bus 3 (RP03) acpiprt10 at acpi0: bus 4 (PXSX) acpiec0 at acpi0: not present acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: FN00, resource for FAN0 acpipwrres1 at acpi0: FN01, resource for FAN1 acpipwrres2 at acpi0: FN02, resource for FAN2 acpipwrres3 at acpi0: FN03, resource for FAN3 acpipwrres4 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 106 degC acpitz1 at acpi0: critical temperature is 106 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 ppb0 at pci0
Re: No more proxy on ftp(1)?
Thank you for your help Stuart. I'll just use curl for now. Actually use torsocks seems a bad practice for any situation, I should just set a transparent proxy (but the pf.conf from torproject.org does not work, I'll need to write is myself some day). Thanks again.
No more proxy on ftp(1)?
Hi, I just did the upgrade to 5.9 -current and found that socks connections don't work for ftp(1) and, of course, the perl scripts using it (pkg_add). Is this a expected behaviour? I'm using the "torsocks" wrapper to force socks to localhost:9050. This have something to do with new pledge privsep?
Re: No more proxy on ftp(1)?
Thanks. Yes, it does core dump on "Abort trap". Any idea on how I can force ftp(1) to socks5? The man page say nothing about proxy other than http or ftp, and I have not set a transparent proxy yet... Good to know that pledge is doing his job. So far, no other problem with the transition between 5.8 to 5.9.