Stefan Sperling

@[email protected]
694 Followers
703 Following
201 Posts

Posting mostly about tech stuff I'm working on but happy to read and chat about non-tech stuff too. I'm grateful to be learning so much about the world from all of you.

Tech stuff I'm working on currently includes OpenBSD, Apache Subversion, Software Heritage, Game of Trees, @gothub, and Dulwich.

Toots get auto-deleted after one month.

wwwhttps://stsp.name
languagesde/en, a little fr
citiesBerlin / Brussels
pronounshe/him/his
Stefan Sperling2h ago

vim-classic in #OpenBSD 

https://marc.info/?l=openbsd-ports-cvs&m=177461514809884&w=2

'CVS: cvs.openbsd.org: ports' - MARC

Stefan Sperling4h ago

@vanhoefm I am leaning towards only supporting the fixed variant of #WPA3 in #OpenBSD.

Hash-to-element has the advantage that ifconfig can compute the PT in userland, leaving the kernel to compute only the PWE during association.

Not supporting the workarounds for the broken version of WPA3 might help push people to updating (or replacing) their APs in case they are broken (or unfixable), at least in the OpenBSD user community. I don't think that would be a bad thing.

As far as I understand, hash-to-element can be added to older WPA3 devices with a software update. It doesn't require hardware modifications. Correct? If so, all vendors should be able to provide an update which adds support for hash-to-element.

Stefan Sperling6h ago
gonzalo6h ago

Backup all the things with #plakar and #OpenBSD !

https://x61.sh/log/2026/03/25032026151800-plakar.html

Stefan Sperling21h ago
kusma22h ago
New blog post, Open Source and AI: https://kusma.xyz/blog/2026/03/26/open-source-and-ai/ #openSource #AI
Open Source and AI

More and more frequently, I get asked about my stance on AI in the context of programming. This is my attempt to summarize my stance for those who wonder.

Erik “kusma” Faye-Lund
Stefan Sperling2d ago
Prof. Sam LawlerMar 20

I presented at the local planetary journal club this morning about the 3 articles I co-authored for The Conversation in the past weeks about the effects that one million satellites would have on the night sky, the atmosphere, and the orbital environment (spoiler alert: all very very bad)

https://theconversation.com/a-new-space-race-could-turn-our-atmosphere-into-a-crematorium-for-satellites-276366

https://theconversation.com/too-many-satellites-earths-orbit-is-on-track-for-a-catastrophe-but-we-can-stop-it-275430

And one on light pollution that I thought would get published today but might not be out until after the weekend.

A new space race could turn our atmosphere into a ‘crematorium for satellites’

Planned ‘megaconstellations’ of satellites could cause unforeseen harm to the ozone layer and climate systems. Global regulation is needed before it’s too late.

The Conversation
Stefan Sperling3d ago

Doing a small bit of work on #IPSec for a change.

nom nom nom 🍪​

https://marc.info/?l=openbsd-tech&m=177427992521159&w=2

'iked SA_INIT cookies' - MARC

Stefan Sperling4d ago
Lucie / minute4d ago
"programming as theory building", peter naur, 1985
Stefan Sperling6d ago
Aaron BieberMar 20

It has taken me a while to put into words why I dislike the use of AI in open source. I think I finally pin'd it down.

One of the best aspects of open source has always been sharing in the excitement around a project. An author spent time and energy to make this project that they were excited about, or solved a problem they had. You had the same problem or were inspired by their excitement and joined in on the fun.

Now people are shitting out entire code bases to do something and I just can't get excited about it. If you can't be ars'd to put in the effort, neither can I.

Then there are the other aspects: paying a company to be a Developer™, now there is an expectation of HyperProductivity®, environmental, ethical... the list goes on.

What happens to your codebase if you stop paying? Are you going to maintain the 200k lines it shat out in a week? Doubt it. Your skill set has been captured. Your project has been captured. Now you must pay to access it.

Fuck that.

Stefan SperlingMar 19
Bastien Guerry 🧢Mar 19

What's if you could ~$ git clone SWHID?

"You’d end up with git clone as a content-addressed fetch primitive rather than just a URL fetch, which is an interesting building block for reproducible builds and supply chain verification."

A nice write-up by @andrewnez on git remote helpers 👉 https://nesbitt.io/2026/03/18/git-remote-helpers.html

#Git #SWHID #ReproducibleBuilds

Git Remote Helpers

Git can talk to anything if you write the right helper.

Andrew Nesbitt
Stefan SperlingMar 19
sashMar 19
Rooting OpenWRT from the parking lot: I discovered an XSS in the OpenWRT SSID scan page, that can be chained to remote root access 👾
Write-up and demo: https://mxsasha.eu/posts/openwrt-ssid-xss-to-root/
CVE-2026-32721, fixed in 24.10.6 / 25.12.1