Unofficial OpenBSD Announce is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Unofficial OpenBSD Announce @openbsd@mastodon.social

After demonstrated they can't be trusted, disables their studies on new profiles.

"""While i usually don't like diverting from upstream defaults, something
that automagically loads unwanted add-ons isn't right, so i'm making an
exception here."""

marc.info/?l=openbsd-ports-cvs

Why do you care about this? This makes work /much/ better on a wifi network that has multiple Access Points with the same name.

Most Conferences, shopping malls, large buildings, etc, have this type of wifi network.

Previously, it would "stick" to the first Access Point that it found. Now, it will switch to a better one when the signal strength is too weak.

"""Add support for background scanning to net80211 and iwm(4).

The iwm(4) driver will now roam between access points which share an SSID."""

thanks @stsp!
marc.info/?l=openbsd-cvs&m=151

s2k17 Hackathon Report: Stefan Sperling (stsp@) on wireless (iwm(4), athn(4) and more) progress

undeadly.org/cgi?action=articl

One year ago I joined @evolix (yeah the company even has a mastodon account on its own mastodon instance :3). I’m pretty happy to work with my lovely coworkers there. It’s also great to work with #OpenBSD machines 🐡

Want to join us? on-recrute.evolix.com/

The s2k17 has started!

The attendees are hiking with snowshoes to the cabin.

There is an auction for the only 6.2 cd-set to exist in the world!

Custom artwork hand drawn by Theo de Raadt.

ebay.ca/itm/Official-OpenBSD-6

Bid Early, Bid Often!

@Thib @wxcafe Yes the problem in a nutshell is that replayed key messages caused nonces to be reset (as it happens when a new key gets installed).

This means parts of the keystream will be reused, and that allows for further attacks on the crypto.

As 's de-facto wifi maintainer, I first learned about this WPA problem in June. A simple patch was provided which I could commit with slight modifications.

The original embargo was already 2 months long, and then extended again for 2 months.

The generall public (you) were left in the dark about this for at least 4 months.

This is a very sad state of affairs. It takes the industry much too long to apply a simple patch.

looks like fixed the attack in 6.1 Errata 027. This is also fixed in 6.2-release.

The signify keys for the upcoming 6.2 release:

base: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
fw: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
pkg: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI

The signify keys for the upcoming 6.2 release:

base: RWRVWzAMgtyg7g27STK1h1xA6RIwtjex6Vr5Y9q5SC5q5+b0GN4lLhfu
fw: RWSbA8C2TPUQLi48EqHtg7Rx7KGDt6E/2d8OeJinGZPbpoqGRxA0N2oW
pkg: RWRvEq+UPCq0VGI9ar7VMy+HYKDrOb4WS5JLhdUBiX3qvJgPQjyZSTxI