Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
On Saturday, March 30, 2024, hahahahacker2009 wrote: > Vào Th 7, 30 thg 3, 2024 vào lúc 11:19 Dan đã > viết: > > >> > >> > >> > I've looked at the > >> > source code and issue tracker of upstream Firefox in the past and it > has > >> > upstream support for pledge(2) and unveil(2). > >> > >> Great, you figured it out: if you want to know if a given piece of > >> software uses pledge, grep its source code for pledge. > > > > > > Sounds very tiresome and cumbersome to check. You failed to point at any > rule according to which I'm not permitted to ask a general question about > such software without resorting to tiresome and cumbersome manual methods > like what you're suggesting here, and you consistently ignore this by > bringing the same manual grep/find suggestion again and again with no > sensible reason given what I explained now. > > Even "friendly" linux communities would tell you to check yourself. There's no problem in being told to do that, just as there's no problem in asking if people know about such programs without me having to tiresomely check everything. Perhaps there's a website somewhere that lists all pledged/unveiled apps and I'd be duplicating the effort needlessly? > You are wasting people's time. Subjective. > And before spamming in the list can you make your message > fit 72 character per line and disable HTML? First, I'm not spamming. Second, no, I can't. The Gmail web interface for mobile (which I'm using) doesn't let me disable HTML, and I don't see how I could limit line length except by manually counting characters and breaking lines, and I'm obviously not gonna do that. Sorry. I may switch to a different email client/interface in the future, this Gmail interface seems to not be paid much attention to by Google. > > > > > >> > >> You really need to shut the fuck up now. > >> > >> Please note that I am replying to you directly, off-list. > >> Hint: there is a reason for that. > > > > > > I am deliberately shaming you on a public mailing list because you're a > troll. I may also block you in my Gmail settings if I'll find the setting > in mobile. I'm giving you a middle finger. > > > > ~ | ~ | ~ | ~ | ~ | ~ > > > > (Note for everyone: This message is intended to shame a troll; if you're > here to follow the technical discussion only, feel free to skip reading > this message.) > > Dan, I see you are a troll too. False. I asked legitimate questions and I answer honestly and precisely. > You are sending HTML emails and it doesn't fit 72 char per line. Ditto. > It is annoying. Your message include a bunch of not needed trash. I answer everything that's brought up as comprehensively as needed, so I don't see what's "not needed". > > You ask the whole list things that you can research yourself, they are Ditto. > not highly advanced topics. These topics are repeatedly asked by people > who will never read man pages or faq. That That doesn't appear in the man pages or FAQ, and in my very first message I've already mentioned how Chromium, Firefox, and Tor Browser are sandboxed, so I obviously did look up things before asking here. So you're wrong here in two aspects. attitude should only exist > on reddit/lemmy and other linux communities which tries to be "friendly". Please elaborate, what attitude are you referring to precisely? That's a vague statement. Also, please explain the reasoning (or point to a rule) whereby the attitude should not exist here. > So please: > > Do your homework before you post. Ditto. > > > I saw Jan Stary's messages > (https://marc.info/?a=10863507214&r=1&w=2) > are mostly answering people's question. > But your messages are asking people to do research for you. False. I didn't tell anyone to do anything for me. I asked questions. > > If you can't do research yourself, why expecting people to do it for you? Both premises are false. Ditto. > They might think that you don't have any knowledge and thus ignore you > (for example, they think you might not understand what they are writing). I'm not sure what logic follows from asking questions about specific things (specific as they are in the question) to drawing a conclusion that the asker lacks knowledge about things not specified/asked about in the questions. Regarding the things that are specified/asked about in the question, it's obvious that the asker doesn't know about them, because I wasn't presenting a riddle, and this is true universally to everyone. I don't understand how I'm special here from any other people that ask questions here. > Or simply, if you cannot respect yourself, why expect others to respect > you? Excuse me? > > In Viet Nam, you are simply called "animals" (súc vật, very offensive) and > then ignored. > Excuse me? What the fuck did you call me??
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
On Saturday, March 30, 2024, hahahahacker2009 wrote: > Vào Th 6, 29 thg 3, 2024 vào lúc 07:40 Dan đã > viết: > > > This only lists third-party packages that have an OpenBSD > ports-originated addition of pledge/unveil configuration files; packages > that use pledge/unveil without configuration files, or whose pledge/unveil > configuration files originate from the upstream distribution, are not > listed. Chromium, Ungoogled Chromium, Firefox, Firefox ESR, and Tor Browser > are sandboxed, which is excellent because Web browsing is one of the most > popular desktop activity and browsers are meant to use networking and > execute untrusted JavaScript/WebAssembly code, and parse untrusted data > like media, CSS, etc. Contrary to servers, that if they're hacked then some > business might be ruined, personal computers are used to do banking and > shopping online, chat with distant friends/family > members/doctors/lawyers/coworkers/etc., > and hold our personal thoughts and memories, so I believe that they > shouldn't get compromised just because the user entered the wrong website > on a bad day, or opened the wrong video, or the wrong file, etc. OpenBSD > already has the excellent system calls pledge(2) and unveil(2), and already > uses them extensively in the base system and for the aforementioned > browsers, but what about other programs? > > You can help on applying pledge and unveil to your other programs > now, instead of spamming on mailing list like this. Are you the > Nowarez Market guy again? > What spam exactly? I have no idea who is "Nowarez Market guy".
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
James Huddle : > I live in post-2016 USA and have essentially given up hope of any sort of > computer security. Personal thought and from USA where the core of private data business resides. Due to different reasons and the env I work in I results attacked very often under OpenBSD, in X. Having the name of the vulnerability makes not such a difference to me, thanks for the insight anyway. However, I think to not say it wrong recalling that most of people are here for the sempliticy applied to security and portability subjects In OpenBSD. Minimize the security subject at this point seems having a purpose, wrong. -Dan Mar 30, 2024 18:23:38 James Huddle : > I live in post-2016 USA and have essentially given up hope of any sort of > computer security.
Re: lcamtuf on the recent xz debacle
I will briefly add a few links where the issue is further debated for those who are interested: https://boehs.org/node/everything-i-know-about-the-xz-backdoor https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 > 30. 3. 2024 v 11:33, Peter N. M. Hansteen : > > While this issue does not in fact affect OpenBSD, I think it will still be > of interest to OpenBSD users -- a lot of us deal with Linux in our dayjobs, > after all. > > This is one of the best explanations of the matter I have seen so far: > https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor > > and it leads in with a quote to remember - > > "This dependency existed not because of a deliberate design decision > by the developers of OpenSSH, but because of a kludge added by some > Linux distributions to integrate the tool with the operating > system’s newfangled orchestration service, systemd." > > Enjoy! > > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
When X11 came to my attention, in the 1980's, it was called X11. "What," I wondered back then, "could that mean?" Back then, we would get to know new software long before version 11, so it seemed an odd name. Back then. It's been X11 for millennia. I discovered Exfiltrator (or Exfiltration, 'ex'+10) about a year ago. LOL. I actually did not know about the vulnerability. Thanks, Matthew. And yes, I was voicing the untested theory of precisely what you articulated, Luke. I live in post-2016 USA and have essentially given up hope of any sort of computer security. The mantra I developed, as my coworkers insisted on using (for instance) the React JS package that had "Exfil" as a dependency, was: "When in Rome." On Fri, Mar 29, 2024 at 4:44 PM wrote: > Luke A. Call writes: > > > > On 2024-03-29 09:01:07-0400, James Huddle > wrote: > > > Exfiltrator. There's an 11-letter word that starts with "ex". X11. > > > > After a quick web search, I'm not sure I follow. Is that a reference to > > a program that exfiltrates data after a computer is compromised? Can you > > elaborate a little? I realize this is an ignorant question. > > In short, there is a well known shortcoming or feature depending > on who you ask inherent in the X protocol's design where any > application which uses the X server (ie. can access the tcp port > or unix socket and has the correct xauth key, which is to say all > of them) can request (and get) the ability to read all of the X > events, which includes every key press and mouse movement in every > application. > > Exfiltrator is 11 letters and we are at X protocol version 11. > > There are common mitigations against this problem, such as not > giving strangers the ability to run unknown programs on your console. > > Matthew > >
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 08:59:49PM +0500, ofthecentury wrote: > And now something else happened, which seems like a big > bug. > athn0 sent a reason 6 deauthentication to my wifi client > after I cycled the athn0 wifi interface! > Reason 6 death is class 2 frame received from a nonauthenticated > station. Correct me if I'm wrong, but this sounds like a major > bug in the driver. Or shitty hardware with a helping of possibly not-too-great firmware. With a bit of luck, any errors from the card itself should be possible to glean from dmesg output. (on a side note, I am on the list, the Cc:s are not necessary and in fact a bit annoying) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
And now something else happened, which seems like a big bug. athn0 sent a reason 6 deauthentication to my wifi client after I cycled the athn0 wifi interface! Reason 6 death is class 2 frame received from a nonauthenticated station. Correct me if I'm wrong, but this sounds like a major bug in the driver. It's basically the wifi driver deauthenticates a client who is AUTHENTICATED but just not associated at the moment of receipt of that class 2 frame? The logical thing would be for the driver/AP to re-associate the client because it's already authenticated, versus what it's doing now - deauthenticating an already authenticated client. I don't even understand why the athn0 hostap wouldn't just re-associate the already authenticated client, especially since I have the nwflag "stayauth" turned on on the interface. On Sat, Mar 30, 2024 at 8:30 PM ofthecentury wrote: > > Ok, I also just got reason 16 deauth happen. It says it was > sending msg 1/2 of the group key handshake to my wifi client, > it repeated it twice, and then the reason 16 deauth happened. > Then it says deauth to the wifi client and then wifi client was > purged from node cache. And now, the network SSID does not > show up in the list of wireless network on my wifi client! > athn0 appears as "UP" in ifconfig. > THEN, I cycle athn0 down/up, and then the wifi client finds > the network immediately and reconnects. > What is going on here?? > > On Sat, Mar 30, 2024 at 7:47 PM Peter N. M. Hansteen wrote: > > > > On Sat, Mar 30, 2024 at 05:44:32PM +0500, ofthecentury wrote: > > > On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen > > > wrote: > > > > > > > > why? > > > > > > I got "disassoc"s events in the log. > > > > disassociations can happen for a number of different reasons. The event > > should log a reason code, which you can look up with a simple web search. > > > > In order to debug properly it would likely help to have ifconfig debug > > output from both sides (access point and client both). > > > > I would suspect banal radio interference by such things as improperly > > shielded equipment somewhere close by, but with no actual data it's > > only guesswork from here. > > > > -- > > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > > "Remember to set the evil bit on all malicious network traffic" > > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >
Re: wifi hotspot workaround
Ok, I also just got reason 16 deauth happen. It says it was sending msg 1/2 of the group key handshake to my wifi client, it repeated it twice, and then the reason 16 deauth happened. Then it says deauth to the wifi client and then wifi client was purged from node cache. And now, the network SSID does not show up in the list of wireless network on my wifi client! athn0 appears as "UP" in ifconfig. THEN, I cycle athn0 down/up, and then the wifi client finds the network immediately and reconnects. What is going on here?? On Sat, Mar 30, 2024 at 7:47 PM Peter N. M. Hansteen wrote: > > On Sat, Mar 30, 2024 at 05:44:32PM +0500, ofthecentury wrote: > > On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen > > wrote: > > > > > > why? > > > > I got "disassoc"s events in the log. > > disassociations can happen for a number of different reasons. The event > should log a reason code, which you can look up with a simple web search. > > In order to debug properly it would likely help to have ifconfig debug > output from both sides (access point and client both). > > I would suspect banal radio interference by such things as improperly > shielded equipment somewhere close by, but with no actual data it's > only guesswork from here. > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >
Re: wifi hotspot workaround
Ok, I'm honing in on the details. There were different things going on that were making it confusing. It still might be different things going on, but there's a little more info. For now, it seems that I get the "athn0: device timeout" that the man page for athn0 mentions. That resets athn0, it 'creates ibss' but then it proceeds to start hostap mode from the hostname.athn0 config file, at least this one time that this just happened. The wifi client device proceeded to connect to the wifi network just fine. Before, the problem was that my phone wouldn't connect to the wifi after this athn0 cop out. It wouldn't even see the network in scan results. Now it did see it and reconnected. This may still occur later, but at least it rules out that some athn0 restarts aren't the issue. However, I changed my hostname.athn0 config to a specific channel today so that it doesn't change channels on these device timeouts. When I was checking logs I saw that after some of the timeouts the channel changed, and then my Android phone would not see the saved network after an athn0 cop out because Android, I think, saves the specific channel along with the network info. Maybe that was the issue, we'll see. I do not understand what causes athn0: device timeout resets on the wifi card. There's no info on the athn0 man page except a one-liner. There's virtually no network activity on the athn0 or the egress interface when this device reset occurs. There's however constant background scanning of wifi networks that shows up in the log, which is normal from what I gather, but I get constant, constant network node cache purges for some reason...like, twice per minute with up to 8 stations per node cache purge, which does not seem that excessive. On Sat, Mar 30, 2024 at 5:44 PM ofthecentury wrote: > > On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen wrote: > > > > why? > > I got "disassoc"s events in the log. > > > The option to make the driver output more information is > > > > debug > > I did this. "ifconfig athn0 debug." That's how I saw "disassoc" > events. > > Anyone can send disassociation events to the access point? > Or just the authenticated users? I think I read dissasociation > events are unencrypted? I have set "stayauth" option in the > ifconfig for the athn0, but that doesn't really do anything if > someone sends disassociation packets to the AP?
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 05:44:32PM +0500, ofthecentury wrote: > On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen wrote: > > > > why? > > I got "disassoc"s events in the log. disassociations can happen for a number of different reasons. The event should log a reason code, which you can look up with a simple web search. In order to debug properly it would likely help to have ifconfig debug output from both sides (access point and client both). I would suspect banal radio interference by such things as improperly shielded equipment somewhere close by, but with no actual data it's only guesswork from here. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Minimum viable HW for OpenBSD
On 3/16/24 14:32, Peter J. Philipp wrote: On 3/16/24 14:10, Gabor Nagy wrote: hello, maybe? Running OpenBSD on Raspberry Pi Zero 2 W https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/ This is incredible! I have a zero 2W somewhere, though I put it into a GPI case. The drawback with the GPI case is it will not boot with batteries, because it's really made for the zero 1W, so it's bonded to the USB power cable. I'm gonna try putting this on! Thank you in advance. The GPI case uses a LCD display (It's the gameboy) do you know any BSD drivers for this? Best Regards, -pjp I have another use for this RPI Zero 2W, I want to make it a remote power switch for 5x USB and 3x 220V AC. I once purchased this (for another project and I think I'll reuse this): https://www.waveshare.com/catalog/product/view/id/3616/s/rpi-relay-board-b/category/37/ My question then is... would I have any problems with the GPIO controls with OpenBSD on RPI zero 2W? Otherwise I'll have to make it another OS. Best Regards, -pjp PS: I'll probably do this next week I have a need for different hardware in my 9U rackmount cabinet. And one particular one needs powercycles (and possibly console) as well. It's the mango pi, which is currently in panic mode most likely or it's hung up, I was building ports on it and the 100 Mbit connection went down. Olaf Schreck ezt írta (időpont: 2024. márc. 15., P, 23:43): > Could you point out a hardware for this kind of use-case? I would liek to have something smaller than a regular-Pi SBC. I'm still playing with this kind of stuff. Good luck on your journey, but it will be a rough ride. You already mentioned some issues. I have/had a pair of Raspberry 3B and also a pair of Pine64 SBCs, running OpenBSD 7.x and CARP failover for experimental things. Working, but not as reliable as I would like. You seem to aim at even smaller boards like that, and newer ones should match the specs of Raspi3B or Pine64. However: - there is no fine "sysupgrade" for these platforms, so you need to reinstall every time - which means fiddling with non-OpenBSD "uboot" and EFI definition files - consider creating a network boot infrastructure - these devices are very sensitive to power voltage instabilities, triggering spontaneous reboots. You may want to run them from stable USB power source - I doubt this can be reasonably battery-powered, over longer time periods - storage like SD-card or eMMS draw extra power during operation, writes may be unreliable during voltage drops - storage like SD-card or eMMS will wear out and die hard, sooner or later - Wifi hardware may not be supported - RS232 serial usually provided (and working) by bus pinout, but you need to add a FTDI232 or CH340 adapter That said, I'd like to hear about it if you find interesting hardware :) Olaf -- Over thirty years experience on UNIX-like Operating Systems starting with QNX. -- Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen wrote: > > why? I got "disassoc"s events in the log. > The option to make the driver output more information is > > debug I did this. "ifconfig athn0 debug." That's how I saw "disassoc" events. Anyone can send disassociation events to the access point? Or just the authenticated users? I think I read dissasociation events are unencrypted? I have set "stayauth" option in the ifconfig for the athn0, but that doesn't really do anything if someone sends disassociation packets to the AP?
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 04:19:31PM +0500, ofthecentury wrote: > I have an athn0 wifi hotspot going. > I think I get wifi dissassoc attacks. why? > I actually don't understand why cycling > the interface gets my wifi device back > online. Maybe it's actually a problem with > the athn0? The logs sometimes say > "athn0 device timeout" or mention > something about going into IBSS mode > WHILE ifconfig still shows it's in hostap > mode. Is there a way to interrogate the > interface's function to make sure it's > in hostap mode and test it's performing > that function? I'm just trying to > troubleshoot. The option to make the driver output more information is debug Add that to whatever options the configuration for the interface already contains, then restart the interface. That will produce significantly more information in your system logs. That said, it would have been a lot easier to help you out if you had provided your actual configuration (with any secrets shrouded as appropriate) and at least a dmesg. Keep in mind that wireless connections are in fact quite brittle in nature and subject to all sorts of radio interference that's essentially background noise -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
wifi hotspot workaround
I have an athn0 wifi hotspot going. I think I get wifi dissassoc attacks. I know I'm just mitigating for now, but I cycle the wifi interface periodically, and that gets my client device back online. I actually don't understand why cycling the interface gets my wifi device back online. Maybe it's actually a problem with the athn0? The logs sometimes say "athn0 device timeout" or mention something about going into IBSS mode WHILE ifconfig still shows it's in hostap mode. Is there a way to interrogate the interface's function to make sure it's in hostap mode and test it's performing that function? I'm just trying to troubleshoot. I know the man page for athn0 says there may be vulnerabilities, but I don't even know what actually transpires right now and want to see if OpenBSD can enable me to just even identify the issue. Thx.
Re: qwx0 / QCNFA765 Does 802.11g Only
Dan, You are being inappropriate and obnoxious. Stop it. This is unaccepable behaviour.
Re: qwx0 / QCNFA765 Does 802.11g Only
4 : > dear, why didn't you write about it in man? Thanks 4, to support the wide community of who still remain surprised about the scarsity of the doc. I personally have subscribed also "Then, why the man in XXI century interested group". But probably having roman numbers I have been the only group member till now. Is it we need a man secretary or an I'm-not-a-dev-for-sure small woman without dev bubbles who is able to dishern doc for users? Is it we need a good man alternative? ( I personally hate 555 man pages doc when most of us have one life only to set a firewall by reccomended choices, indeed did you notices 'man sh' end ? ) Indeed, the prefance must be always a capital 'thanks' to all the devs and a capital 'for your good will' versus having the possibility of a good publishing business. Mar 30, 2024 10:40:50 4 : > dear, why didn't you write about it in man?
Re: No coloring with colorls
On 2024-03-29, Karel Lucas wrote: > What should I put in /etc/ttys, taking into account that I regularly use > multiple virtual consoles? And where in that file do I place that? At > the beginning or the end? Or somewhere in between? Replace "vt220" with your preferred option on "console" and "ttyC" lines.
Re: Dell PERC H745
On 2024-03-29, Kapetanakis Giannis wrote: > > There are so many adapters given/updated by Dell every year, maybe we should > update the man pages to add the working ones? Diffs welcome :-) > My BOSS-S1 Modular adapter is detected both on 7.4 and current. > PERC H755 Front is indeed also detected with current. I'm sure it was not > with 7.4 when I tried yesterday. Yes, support was added after 7.4.
lcamtuf on the recent xz debacle
While this issue does not in fact affect OpenBSD, I think it will still be of interest to OpenBSD users -- a lot of us deal with Linux in our dayjobs, after all. This is one of the best explanations of the matter I have seen so far: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor and it leads in with a quote to remember - "This dependency existed not because of a deliberate design decision by the developers of OpenSSH, but because of a kludge added by some Linux distributions to integrate the tool with the operating system’s newfangled orchestration service, systemd." Enjoy! -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: qwx0 / QCNFA765 Does 802.11g Only
On Sat, Mar 30, 2024 at 11:31:11AM +0300, 4 wrote: > > On Fri, Mar 01, 2024 at 07:14:17PM -0500, Philippe Meunier wrote: > > This driver does not yet > > support 11n/11ac modes, and adding such support will require a big > > chunk of further development time, it won't be ready for 7.5. > dear, why didn't you write about it in man? that there is no 11ac. that there > is no Host AP. we would have kept your secret and would not have spent our > money again in another vain hope to get a native AP with 11ac support in > obsd. dear, please don't give us false hopes, because this is very cruel! > > Because I'm waiting for your working diffs that add such support.
Re: qwx0 / QCNFA765 Does 802.11g Only
> On Fri, Mar 01, 2024 at 07:14:17PM -0500, Philippe Meunier wrote: > This driver does not yet > support 11n/11ac modes, and adding such support will require a big > chunk of further development time, it won't be ready for 7.5. dear, why didn't you write about it in man? that there is no 11ac. that there is no Host AP. we would have kept your secret and would not have spent our money again in another vain hope to get a native AP with 11ac support in obsd. dear, please don't give us false hopes, because this is very cruel!