botsin.space
#openbsd

#introduction #introductions

I'm
- a web developer,
- writing #Haskell on backend and #Elmlang frontend,
- running #OpenBSD on (almost) all of my computers,
- #Vim fan.

Well, that's weird. When I install the jekyll and bundler gems system-wide on #OpenBSD, they get installed as jekyll24, bundle24, and bundler24. I guess that's because I'm using ruby 2.4.2p198.

I never saw that under Linux, that's all. :)

@starbreaker Yup. On #OpenBSD, you can have multiple versions of ruby stuff at the same time without all the "virtual environments" or "version managers".

Mad props to the #OpenBSD ports team.

@kellerfuchs @phessler Or maybe just not moving the goal posts on disclosure? #OpenBSD *did* honor the original embargo. They did not agree to another extension. Even so, they left out parts of the patch that explained it until the extension ended.

@kurtm @kellerfuchs and to be perfectly clear: we coordinated with the original author on our commit in August.

That the author regrets that choice is 1) not our problem, and 2) not our responsibility.

it is completely inappropriate that he singled out #OpenBSD, when e.g. Mikrotik also stealth published before hands.

funny how the only vendor taking flak over #KRAK is #OpenBSD, for patching it. Not the vendors who left everyone vulnerable while they delayed and stalled for half a year.

So #OpenBSD is getting flak for #KRACK early patch, yet a silent patch a week before release from Mikrotik is OK? forum.mikrotik.com/viewtopic.p

@troubleMoney and #OpenBSD was patched on August 30th both for 6.0 (errata), 6.1 (errata), -current (so included in the released 6.2).

Don't worry about today's WPA2 vuln if you're running #OpenBSD - both 6.1-stable and 6.2 release are already patched.

As #OpenBSD's de-facto wifi maintainer, I first learned about this WPA problem in June. A simple patch was provided which I could commit with slight modifications.

The original embargo was already 2 months long, and then extended again for 2 months.

The generall public (you) were left in the dark about this for at least 4 months.

This is a very sad state of affairs. It takes the industry much too long to apply a simple patch.

looks like #OpenBSD fixed the #KRACK #WPA2 attack in 6.1 Errata 027. This is also fixed in 6.2-release.

So yesterday I mildly grumped at our sysadmin for being rather critical of a user who was having computer trouble. There's much nicer ways he could have said "you're doing it wrong".

He took it gracefully and nodded and agreed that, he was not in a great mood and he should not talk down to (l)users.

Then he thought for a moment, and said, (you must imagine a thick slavic accent) "Now I know why you are #debian user, you have soft heart. I am #openbsd user, so I am very cruel."

🤣