Re: Is it possible to use pledge(2) to make something similar to firejail?

[dan mclaughlin]

On Sun, 29 Nov 2015 07:08:57 -0700 "Anthony J. Bentley"  
wrote:
> Lampshade writes:
> > Is it possible, in theory, to use pledge(2) to make something similar to 
> > fire
> > jail?
> > https://packages.debian.org/sid/main/firejail
> > Firejail is a Gnu/Linux's program which executes Firefox as it's descendant
> > with reduced privilages.
> > For example I would like to restrict Firefox to not write and read to 
> > directo
> > ry
> > outside /home/firefox directory. Let's assume that I run firefox as another 
> > u
> > ser than
> > my normal account. I would restrict, using traditional Unix privilages, 
> > Firef
> > ox
> > and all its descendants, logging as another user to regain privilages to
> > for example to /home/open. I imagine that would still leave huge attack 
> > vecto
> > r
> > to pown system and/or sniff password, but I think it is better than nothing.
> 
> After the recent Firefox pdf.js exploit (where malicious PDFs on an ad
> server were reading files under ~, including ssh keys), I started
> running Firefox as its own user, and tightened the permissions on my
> home directory so Firefox can't access it.
> 
> There's a large class of attacks this doesn't help against (anything
> that uses X to access keystrokes or similar) but it stops a large set of
> potential Firefox exploits right away with nothing but Unix filesystem
> permissions.
> 
> http://lists.dragonflybsd.org/pipermail/users/2015-August/228324.html
> 
> -- 
> Anthony J. Bentley
> 

you can mitigate those X attacks using 'ssh -X'. i detailed a number of
mitigations here in 'isolating untrusted programs in ssh chroot jails'
(https://marc.info/?l=openbsd-misc=142676615612510=2).

it has been reported that those methods work for firefox as well.

if going the route of chroot itself is too extreme, you would still profit
from some of the other information in that post ie X11 Security Extensions,
Xephyr.

for pdfs, i have a chroot under a user who is denied access to the net
via pf. i find it a good idea to only allow specific users access, eg:

pass out log quick on $intif proto tcp user { browse, 1000, pfetch }
pass out log quick on $intif proto udp user { browse, 1000, pfetch }

even root is denied net access with the above.

Re: Multiple interfaces match the same subnet

[Chris Cappuccio]

bluesun08 [nans_na...@yahoo.de] wrote:
> Hi,
> 
> my setup:
> 
> */etc/hostname.re0*
> up
> 
> */etc/hostname.vlan100*
> inet 192.168.100.184 255.255.255.0 192.168.100.255 vlandev re0 description
> VLAN1-Net1
> 

You don't need to specify the broadcast address. The kernel is smart
enough to figure it out by itself!

> */etc/hostname.bridge0*
> add vlan100
> add athn0
> up
> 

Since you are bridging vlan100 with athn0, there is no need to put
an IP address on athn0. This might result in multipath routing, but in
any event, it's not going to do what you expect.

> Nov 27 01:31:27 openbsd dhcpd[31924]: Multiple interfaces match the same
> subnet: athn0 vlan100
> Nov 27 01:31:27 openbsd dhcpd[31924]: Multiple interfaces match the same
> shared network: athn0 vlan100
> 

So, get rid of the IP on one of either athn0 or vlan100.

Re: startx fail on Lenovo G50-80 amd64

[Adam Wolk]

On Sat, 28 Nov 2015 10:56:41 -0600
Andrew  wrote:

> On 11/28/15, Doug Hogan  wrote:
> > On Fri, Nov 27, 2015 at 09:47:23AM +, freeu...@ruggedinbox.com
> > wrote:
> >> I installed OpenBSD 5.8 on USB flash memory. It's fine:)
> >> Then Lenovo G50-80 could booting. but, startx fail and xdm was
> >> fail.
> >
> > I would focus on startx.
> >
> >> 1.background is blank(black) screen, mouse icon(X and arrow)
> >> couldn't move.
> >
> > Was there an error message in the console about the mouse?
> >
> >> 3.X will draw window manager's background, but behave was strange.
> >
> > What WM are you using?
> >
> >> 5.couldn't get X.0.log
> >
> > If you startx, let it load and then either kill it or switch back
> > to the console, does it show any errors?  Are there
> > any /var/log/Xorg.*.log files?
> >
> >> dmesg|grep drm:
> >
> > Could you post the full dmesg?  In our dmesg archive, I see someone
> > report that their Lenovo G50-80 works more than your report
> > indicates. However, theirs didn't load inteldrm properly and yours
> > did.  I can't compare the two dmesgs since you snipped it.
> >
> >> xorg.conf:
> >
> > Can you try it without a xorg.conf file?  It's usually not
> > necessary. In general, try to make things simpler to debug by using
> > startx, no xorg.conf file, a simple WM like cwm and try to find a
> > way to get us a log file or error message.
> >
> > If possible, could you try installing an amd64 snapshot from
> > tomorrow to see if it was fixed between 5.8 and -current?
> 
> 
> I have a Lenovo G50-70 running the 5.7 stable.amd GENERIC.MP
> 
> I am humble enough to admit that I was also baffled by a blank screen,
> seemingly no keyboard, no mouse, no error messages ... and I had to
> ask for help too.
> 
> The solution may be as simple as tappng the "brightness" button a few
> times on the keyboard. It's the F12 button on my laptop.
> 
> See also:
> 
> localhost> man xbacklight
> 

I reported the same problem ;) If you plug in an external monitor you
will notice it showing X correctly. You're screen is just black like
mentioned by Andrew. Use the brightness key :)

Regards,
Adam

Re: athn0: device timeout

[Adam Wolk]

On Sat, 28 Nov 2015 22:30:03 -0800
Bryan Vyhmeister  wrote:

> On Sat, Nov 28, 2015 at 09:24:23AM -0700, bluesun08 wrote:
> > ok, now i tested my adapter on 
> > a) another machine
> > b) another usb port.
> > 
> > Result: The adapter don't work on a) and don't work on b).
> > 
> > Is there any other Wifi-USB-adapter which work reasonably reliable
> > on OpenBSD in HostAP mode?
> 
> I have what I believe is the exact same device you do (TP-Link
> TL-WN722N) and I just plugged it in to my MacBookAir7,2 where uhub0 is
> attached to usb0 which is attached to xhci0 and, after running
> fw_update to get the athn(4) firmware, was able to reattach and bring
> it up in hostap mode without any issues.
> 
> athn0 at uhub0 port 1 configuration 1 interface 0 "ATHEROS USB2.0
> WLAN" rev 2.00/1.08 addr 8
> athn0: AR9271 rev 1 (1T1R), ROM rev 13, address f8:1a:67:1f:cc:89
> 
> athn0: flags=8843 mtu 1500
> lladdr f8:1a:67:1f:cc:89
> priority: 4
> groups: wlan
> media: IEEE802.11 autoselect (autoselect hostap)
> status: active
> ieee80211: nwid "hostap test" chan 1 bssid f8:1a:67:1f:cc:89
> 
> 
> I think stsp@ is correct that something else is going on with xhci(4)
> on your machine since this USB device works pretty well. I also
> tested an older rum(4) device I have as well and that also works.
> 
> Bryan
> 

I recently bought the exact same TP-LINK USB wireless (TL-WN722N). It
brings the interface nicely up and the connection works but times out
quite regularly but I am able to reconnect it back with doas
sh /etc/netstart.

Though in my case it's just athn0: device timed out without any
firmware info.

Tested on OpenBSD -current amd64 snapshots from: 31 Oct & 25 November
on a Lenovo G50-70.

Now to be precise. I can use this dongle quite fine. It sometimes goes
up to 1 hour of usage without any timeouts. When it does timeout it's
usually in rapid succession (like 2-3 times in next 10 minutes). Each
time after a timeout I can restart the connection with netstart
*without* unplugging the device.

OpenBSD 5.8-current (GENERIC.MP) #1663: Wed Nov 25 13:59:58 MST 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8464887808 (8072MB)
avail mem = 8204222464 (7824MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6e40 (38 entries)
bios0: vendor LENOVO version "9ACN29WW" date 10/20/2014
bios0: LENOVO 20351
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC UEFI FPDT POAT ASF! HPET APIC MCFG WDAT SSDT BOOT 
LPIT ASPT DBGP SSDT SSDT SSDT SSDT
acpi0: wakeup devices P0P1(S4) UAR1(S3) EHC1(S3) XHC_(S3) HDEF(S4) TPD4(S4) 
TPD7(S0) TPD8(S0) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) 
PXSX(S4) RP04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.87 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
cpu3: 

Re: Is it possible to use pledge(2) to make something similar to firejail?

[Anthony J. Bentley]

Lampshade writes:
> Is it possible, in theory, to use pledge(2) to make something similar to fire
> jail?
> https://packages.debian.org/sid/main/firejail
> Firejail is a Gnu/Linux's program which executes Firefox as it's descendant
> with reduced privilages.
> For example I would like to restrict Firefox to not write and read to directo
> ry
> outside /home/firefox directory. Let's assume that I run firefox as another u
> ser than
> my normal account. I would restrict, using traditional Unix privilages, Firef
> ox
> and all its descendants, logging as another user to regain privilages to
> for example to /home/open. I imagine that would still leave huge attack vecto
> r
> to pown system and/or sniff password, but I think it is better than nothing.

After the recent Firefox pdf.js exploit (where malicious PDFs on an ad
server were reading files under ~, including ssh keys), I started
running Firefox as its own user, and tightened the permissions on my
home directory so Firefox can't access it.

There's a large class of attacks this doesn't help against (anything
that uses X to access keystrokes or similar) but it stops a large set of
potential Firefox exploits right away with nothing but Unix filesystem
permissions.

http://lists.dragonflybsd.org/pipermail/users/2015-August/228324.html

-- 
Anthony J. Bentley

Re: printing change over the ages

[Theo de Raadt]

> Saturday I saw this line on tech from Theo:
> 
>lpd lpr lpq lprm (yes, legacy software, but still)
> 
> Is CUPS become more "the thing" among developers?

Having read CUPS code, and aware of how things interface withit, it is
something I definately try to shy away from.

But it is true that our lp suite receives insufficient maintainance.

printing change over the ages

[Ed Ahlsen-Girard]

Saturday I saw this line on tech from Theo:

   lpd lpr lpq lprm (yes, legacy software, but still)

Is CUPS become more "the thing" among developers?

-- 

Edward Ahlsen-Girard
Ft Walton Beach, FL

Re: bridge fails to broadcast ARP from gif tunnel

[Rolf Sommerhalder]

Looking at the source in sys/netinet/ip_ether.c of
 void etherip_decap(struct mbuf *, int);
which calls etherip_getgif(struct mbuf *m) first, and then clears
these flags of the _inner_ Ethernet header:
...
/* Reset the flags based on the inner packet */
m->m_flags &= ~(M_BCAST|M_MCAST|M_AUTH|M_CONF|M_PROTO1);

Why? I can not yet understand this (false?) symmetry to what
gif_encap() does to the outer Ethernet header which gif_output() calls
in sys/net/if_gif.c .

Could that be the cause of my problem where Ethernet frames that come
out of the gif tunnel and are EtherIP decapsulated are actually not
forwarded by the other members of the bridge because the M_MCAST bit
got cleared, instead being left untouched on decapsulation?

Setting up a build host with current right now to find out...

Re: Is it possible to use pledge(2) to make something similar to firejail?

[Jiri B]

On Sun, Nov 29, 2015 at 01:15:24PM +0100, Lampshade wrote:
> Is it possible, in theory, to use pledge(2) to make something similar to 
> firejail?
> https://packages.debian.org/sid/main/firejail
> Firejail is a Gnu/Linux's program which executes Firefox as it's descendant
> with reduced privilages.
> For example I would like to restrict Firefox to not write and read to 
> directory
> outside /home/firefox directory. Let's assume that I run firefox as another 
> user than
> my normal account. I would restrict, using traditional Unix privilages, 
> Firefox
> and all its descendants, logging as another user to regain privilages to
> for example to /home/open. I imagine that would still leave huge attack vector
> to pown system and/or sniff password, but I think it is better than nothing.

Firefox is a huge app. IMO you should ask upstream for a feature to be
able to define r/o and r/w paths which Firefox could use. Then OS specific
sandboxing-like features could implement enforcing such policy.

j.

Is it possible to use pledge(2) to make something similar to firejail?

[Lampshade]

Is it possible, in theory, to use pledge(2) to make something similar to 
firejail?
https://packages.debian.org/sid/main/firejail
Firejail is a Gnu/Linux's program which executes Firefox as it's descendant
with reduced privilages.
For example I would like to restrict Firefox to not write and read to directory
outside /home/firefox directory. Let's assume that I run firefox as another 
user than
my normal account. I would restrict, using traditional Unix privilages, Firefox
and all its descendants, logging as another user to regain privilages to
for example to /home/open. I imagine that would still leave huge attack vector
to pown system and/or sniff password, but I think it is better than nothing.

Re: azalia(4) partially working on Intel NUC NUC5i7RYH

[Alexandre Ratchov]

On Mon, Nov 30, 2015 at 11:09:51AM +0800, Josh wrote:
> Hi,
> 
> Running amd64-current (last update at ~5pm UTC 29th Nov), azalia(4)
> works partially on that NUC NUC5i7RYH device:
> Recording through audacity for instance seems to work as I can see the
> amplitude changing when speaking through the microphone.

this indicates that data moves between the device and the host, so
problems are likely to be caused by the mixer.

> nuc$ mixerctl -av
> inputs.dac-0:1=126,126
> inputs.dac-2:3=126,126
> record.adc-0:1_mute=off  [ off on ]
> record.adc-0:1=124,124
> record.adc-2:3_mute=off  [ off on ]
> record.adc-2:3=124,124
> inputs.mix_source=mic  { mic }
> inputs.mix_mic=120,120
> inputs.mix2_source=dac-0:1,mix  { dac-0:1 mix }
> inputs.mix3_source=dac-2:3,mix  { dac-2:3 mix }
> inputs.mic=85,85
> outputs.mic_dir=input-vr80  [ none input input-vr0 input-vr50
> input-vr80 input-vr100 ]
> outputs.hp_source=mix2  [ mix2 mix3 ]
> outputs.hp_mute=off  [ off on ]
> outputs.hp_boost=off  [ off on ]

^^
does setting outputs.hp_boost=on helps ?

Re: azalia(4) partially working on Intel NUC NUC5i7RYH

[Josh]

On Mon, Nov 30, 2015 at 11:24 AM, Alexandre Ratchov  wrote:
> On Mon, Nov 30, 2015 at 11:09:51AM +0800, Josh wrote:
>> Hi,
>>
>> Running amd64-current (last update at ~5pm UTC 29th Nov), azalia(4)
>> works partially on that NUC NUC5i7RYH device:
>> Recording through audacity for instance seems to work as I can see the
>> amplitude changing when speaking through the microphone.
>
> this indicates that data moves between the device and the host, so
> problems are likely to be caused by the mixer.
>
>> nuc$ mixerctl -av
>> inputs.dac-0:1=126,126
>> inputs.dac-2:3=126,126
>> record.adc-0:1_mute=off  [ off on ]
>> record.adc-0:1=124,124
>> record.adc-2:3_mute=off  [ off on ]
>> record.adc-2:3=124,124
>> inputs.mix_source=mic  { mic }
>> inputs.mix_mic=120,120
>> inputs.mix2_source=dac-0:1,mix  { dac-0:1 mix }
>> inputs.mix3_source=dac-2:3,mix  { dac-2:3 mix }
>> inputs.mic=85,85
>> outputs.mic_dir=input-vr80  [ none input input-vr0 input-vr50
>> input-vr80 input-vr100 ]
>> outputs.hp_source=mix2  [ mix2 mix3 ]
>> outputs.hp_mute=off  [ off on ]
>> outputs.hp_boost=off  [ off on ]
>
> ^^
> does setting outputs.hp_boost=on helps ?
>

Unfortunately, I've tried and setting outputs.hp_boost=on does not help.

azalia(4) partially working on Intel NUC NUC5i7RYH

[Josh]

Hi,

Running amd64-current (last update at ~5pm UTC 29th Nov), azalia(4)
works partially on that NUC NUC5i7RYH device:
Recording through audacity for instance seems to work as I can see the
amplitude changing when speaking through the microphone.

However, I was unable to get any sound out through that (only) headphone
jack.
I've tried different combinations such as maxing out all outputs,
unmute all of them, with sndiod stopped or started without/with flags
-f rsnd/0 but same results. cat /dev/random > /dev/audio, audio0 or
sound does not produce any sound.

I've listed below some tests results as well as outputs of the system
including dmesg with GENERIC.MP and DEBUG.MP (option AZALIA_DEBUG),
pcidump.
Any help would be greatly appreciated :)

Cheers,

nuc$ cat > /dev/audio < /dev/zero &
[1] 27833

nuc$ audioctl play.{seek,samples,errors}
audioctl: field play.seek does not exist
audioctl: field play.samples does not exist
play.errors=0

nuc$ audioctl play.{seek,samples,errors}
audioctl: field play.seek does not exist
audioctl: field play.samples does not exist
play.errors=0

nuc$ l /dev/audio*
lrwxr-xr-x  1 root  wheel 6 Nov 27 15:10 /dev/audio -> audio0
crw-rw-rw-  1 root  wheel   42, 128 Nov 30 10:49 /dev/audio0
crw-rw-rw-  1 root  wheel   42, 129 Nov 29 11:03 /dev/audio1
crw-rw-rw-  1 root  wheel   42, 130 Nov 27 15:13 /dev/audio2
lrwxr-xr-x  1 root  wheel 9 Nov 27 15:10 /dev/audioctl -> audioctl0
crw-rw-rw-  1 root  wheel   42, 192 Nov 28 23:17 /dev/audioctl0
crw-rw-rw-  1 root  wheel   42, 193 Nov 29 11:02 /dev/audioctl1
crw-rw-rw-  1 root  wheel   42, 194 Nov 27 15:13 /dev/audioctl2

nuc$ mixerctl -av
inputs.dac-0:1=126,126
inputs.dac-2:3=126,126
record.adc-0:1_mute=off  [ off on ]
record.adc-0:1=124,124
record.adc-2:3_mute=off  [ off on ]
record.adc-2:3=124,124
inputs.mix_source=mic  { mic }
inputs.mix_mic=120,120
inputs.mix2_source=dac-0:1,mix  { dac-0:1 mix }
inputs.mix3_source=dac-2:3,mix  { dac-2:3 mix }
inputs.mic=85,85
outputs.mic_dir=input-vr80  [ none input input-vr0 input-vr50
input-vr80 input-vr100 ]
outputs.hp_source=mix2  [ mix2 mix3 ]
outputs.hp_mute=off  [ off on ]
outputs.hp_boost=off  [ off on ]
outputs.hp_eapd=on  [ off on ]
record.adc-2:3_source=mic,mix  { mic mix }
record.adc-0:1_source=mic,mix  { mic mix }
outputs.mic_sense=unplugged  [ unplugged plugged ]
outputs.hp_sense=plugged  [ unplugged plugged ]
outputs.master=126,126
outputs.master.mute=off  [ off on ]
outputs.master.slaves=dac-0:1,hp  { dac-0:1 dac-2:3 hp }
record.volume=124,124
record.volume.mute=off  [ off on ]
record.volume.slaves=adc-0:1,adc-2:3  { adc-0:1 adc-2:3 mic }

nuc$ audioctl
name=HD-Audio
encodings=slinear_le:16:2:1,slinear_le:20:4:1,slinear_le:24:4:1
properties=full_duplex,independent
hiwat=2
lowat=2
mode=
play.rate=48000
play.channels=2
play.precision=16
play.bps=2
play.msb=1
play.encoding=slinear
play.pause=0
play.active=0
play.block_size=3840
play.bytes=0
play.errors=0
record.rate=48000
record.channels=2
record.precision=16
record.bps=2
record.msb=1
record.encoding=slinear
record.pause=0
record.active=0
record.block_size=3840
record.bytes=0
record.errors=0

dmesg using GENERIC.MP
OpenBSD 5.8-current (GENERIC.MP) #12: Mon Nov 30 01:16:26 SGT 2015
r...@nuc.none:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16035188736 (15292MB)
avail mem = 15545081856 (14824MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x36ee7000 (53 entries)
bios0: vendor Intel Corporation version
"RYBDWi35.86A.0350.2015.0812.1722" date 08/12/2015
bios0: Intel Corporation NUC5i7RYB
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT
ASF! SSDT SSDT SSDT DMAR
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4)
PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz, 2894.02 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz, 2887.55 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX

Re: printing change over the ages

[Ed Ahlsen-Girard]

On Sun, 29 Nov 2015 07:20:56 -0700
Theo de Raadt  wrote:

>  [...]  
> 
> Having read CUPS code, and aware of how things interface withit, it is
> something I definately try to shy away from.
> 

That was what I had thought was the case.

> But it is true that our lp suite receives insufficient maintainance.

Which doesn't sound like an endorsement of CUPS, so I will stand fast.


-- 

Edward Ahlsen-Girard
Ft Walton Beach, FL

X randomly crashes/segfaults/freezes on Intel NUC5i7RYH with intel(4) i915

[Josh]

Hi,

Running X on an amd64 -current (updated ~5pm UTC 29th Nov) will
produce random behaviours:
1) X freezes and the machine is not responding anymore. Power-cycle is
the only thing to do but I am not able to grab any logs. This happens
randomly and can be while browsing the web with Dillo, highlighting
some text in the terminal or running glxgears for a few seconds.
2) X crashes and restarts on its own (xdm). From there, I can get a
log from Xorg.0.log (see below) and X segfaults. This happens also
randomly while browsing / highlighting.
3) From time to time, the cursor will become very sluggish and X
crashes eventually (not always). This happens when highlighting some
text in the terminal, moving windows around.
4) Not sure if it's directly linked to X but playing a video via
mplayer or vlc is sluggish/scrambled; resizing the window will just
black out the borders and keep the original video size.

Please let me know if there is any further info I could provide or
tests/debug I could perform?

Cheers

nuc$ sysctl |grep aperture
machdep.allowaperture=2

nuc$ cat /var/log/Xorg.0.log
[47.871] (--) checkDevMem: using aperture driver /dev/xf86
[47.876] (--) Using wscons driver on /dev/ttyC4 in pcvt
compatibility mode (version 3.32)
[47.886]
X.Org X Server 1.17.4
Release Date: 2015-10-28
[47.886] X Protocol Version 11, Revision 0
[47.886] Build Operating System: OpenBSD 5.8 amd64
[47.886] Current Operating System: OpenBSD nuc.none 5.8 GENERIC.MP#12
amd64
[47.886] Build Date: 30 November 2015  01:16:26AM
[47.886]
[47.886] Current version of pixman: 0.32.8
[47.886]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[47.886] Markers: (--) probed, (**) from config file, (==) default
setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[47.886] (==) Log file: "/var/log/Xorg.0.log", Time: Mon Nov 30
02:07:31 2015
[47.887] (==) Using system config directory
"/usr/X11R6/share/X11/xorg.conf.d"
[47.888] (==) No Layout section.  Using the first Screen section.
[47.888] (==) No screen section available. Using defaults.
[47.888] (**) |-->Screen "Default Screen Section" (0)
[47.888] (**) |   |-->Monitor ""
[47.888] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[47.888] (==) Disabling SIGIO handlers for input devices
[47.888] (==) Automatically adding devices
[47.888] (==) Automatically enabling devices
[47.888] (==) Not automatically adding GPU devices
[47.894] (==) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
[47.894] (==) ModulePath set to "/usr/X11R6/lib/modules"
[47.894] (II) The server relies on wscons to provide the list of
input devices.
If no devices become available, reconfigure wscons or disable
AutoAddDevices.
[47.894] (II) Loader magic: 0x106fc5231ce0
[47.894] (II) Module ABI versions:
[47.894]X.Org ANSI C Emulation: 0.4
[47.894]X.Org Video Driver: 19.0
[47.894]X.Org XInput driver : 21.0
[47.894]X.Org Server Extension : 9.0
[47.894] (--) PCI:*(0:0:2:0) 8086:162b:8086:2057 rev 9, Mem @
0x7900/16777216, 0x8000/1073741824, I/O @ 0x3000/64
[47.894] (II) LoadModule: "glx"
[47.895] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[47.904] (II) Module glx: vendor="X.Org Foundation"
[47.904]compiled for 1.17.4, module version = 1.0.0
[47.904]ABI class: X.Org Server Extension, version 9.0
[47.904] (==) AIGLX enabled
[47.904] (==) Matched intel as autoconfigured driver 0
[47.904] (==) Matched vesa as autoconfigured driver 1
[47.904] (==) Assigned the driver to the xf86ConfigLayout
[47.904] (II) LoadModule: "intel"
[47.904] (II) Loading /usr/X11R6/lib/modules/drivers/intel_drv.so
[47.906] (II) Module intel: vendor="X.Org Foundation"
[47.906]compiled for 1.17.4, module version = 2.99.916
[47.906]Module class: X.Org Video Driver
[47.906]ABI class: X.Org Video Driver, version 19.0
[47.906] (II) LoadModule: "vesa"
[47.906] (II) Loading /usr/X11R6/lib/modules/drivers/vesa_drv.so
[47.906] (II) Module vesa: vendor="X.Org Foundation"
[47.906]compiled for 1.17.4, module version = 2.3.3
[47.906]Module class: X.Org Video Driver
[47.906]ABI class: X.Org Video Driver, version 19.0
[47.906] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets:
i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G,
915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM,
Pineview G, 965G, G35, 965Q,