This status report includes January, since I missed publishing January's report. The last couple months have been busy, with progress being made on multiple fronts.

In the src tree:

1. PaX SEGVGUARD is now integrated with Capsicum. Capsicum violations now count against the process when the kern.trap_enotcap sysctl tunable is set. This feature was inspired by conversations with alip from Syd Linux.
2. A new sysctl tunable (hardening.elf_pie_only) was created to control whether non-PIE ELF executables are permitted to be executed. This feature was inspired by conversations with alip from Syd Linux.
3. _FORTIFY_SOURCE=2 was fixed for arm64.

In the ports tree:

1. Register zeroing (the new ZEROREG option) is now opt-in rather than opt-out. Several critical Python-related ports fail to build when ZEROREG is enabled by default for the entire ports tree.
2. Register zeroing was enabled for the following ports:
   1. dns/unbound
   2. irc/weechat
   3. net/openntpd
   4. net/rsync
   5. ports-mgmt/pkg
   6. security/openssh-portable
   7. security/openvpn
   8. security/tor
   9. www/firefox
   10. www/librewolf
   11. www/lighttpd
   12. www/nginx
   13. x11-servers/xorg-server
3. The build was fixed for security/wazuh-agent
4. CFI was enabled for net/rsync
5. The build was fixed for net/libfabric

Additional research and development was done for the BATMAN port to freebsd/hardenedbsd. The code doesn't compile, yet, but we're working on it. The goal for having something ready by the end of February wasn't acheived, but work is still being done. R&D is continuing, though at a slower pace than originally anticipated.

On the side of infrastructure, I got another server ready for deployment. We have a few servers waiting for deployment. On 12-13 March 2025, we will dramatically increase power capabilities in the server room in my home.

Since package builds take over two weeks to complete, I do NOT plan to start package builds until after the construction work is completed. It might be that the next package build will be 01 Apr 2025.

We will be able to deploy the two Cavium ThunderX1 arm64 servers and two amd64 servers. Cooling might become an issue, but at least we'll have the power capacity.

I deployed a new (well, new-to-us) NAS running HardenedBSD with 30TB usable capacity. I also deployed a little Protectli appliance for our internal DNS server and wrote a little script to update various DNS records when our IPv4 address changes.

All this infrastructure work would not be possible without donations from the community. We're able to expand due to the generosity of a few contributors. I would like to extend a heartful thank you to all who contribute to the project and the Foundation, no matter the form in which those contributions come--code, documentation, advocacy, funding, inspirational conversations, or otherwise.