infrastructure

The Idealistic Future of HardenedBSD

In the last status report, we stood up our own git server. Since then, we've migrated our entire infrastructure to point to our self-hosted git as the source-of-truth repo.

Over the past month, we purchased and deployed the new 13-CURRENT/amd64 package building server. We published our first 13-CURRENT/amd64 production package build using that server. We then rebuilt the old package building server to act as the 12-STABLE/amd64 package building server. This post signifies a very important milestone: we have now fully recovered from last year's death of our infrastructure. Our 12-STABLE/amd64 repo, previously out-of-date by many months, is now fully up-to-date!

We now have four build servers in total:

  1. ci-01.md.hardenedbsd.org: nightly build server for 13-CURRENT/amd64 and 13-CURRENT/arm64.
  2. ci-02.md.hardenedbsd.org: nightly build server for 12-STABLE/amd64.
  3. ci-03.md.hardenedbsd.org: Package building server for 13-CURRENT/amd64.
  4. ci-04.md.hardenedbsd.org: Package building server for 12-STABLE/amd64.

From here, we have two major improvements to make:

  1. Deploy Kerberos + LDAP across our infrastructure. Not only do we have those four servers, but we have others along with a number of jails. Unifying authentication would drastically simplify management.
  2. Set up various Tor Onion Service v3 endpoints for the various parts of our infrastructure. Distribute those Onion Service hostnames to the various stake holders (there will be a notion of public endpoints versus private).

HardenedBSD is in a very unique position to provide innovative solutions to at-risk and underprivileged populations. As such, we are making human rights endeavors a defining area of focus. Our infrastructure will integrate various privacy and anonymity enhancing technologies and techniques to protect lives. Our operating system's security posture will increase, especially with our focus on exploit mitigations.

Navigating the intersection between human rights and information security directly impacts lives. HardenedBSD's 2020 mission and focus is to deliver an entire hardened ecosystem that is unfriendly towards those who would oppress or censor their people. This includes a subtle shift in priorities to match this new mission and focus. While we implement exploit mitigations and further harden the ecosystem, we will seek out opportunities to contribute a tangible and unique impact on human rights issues. Providing Tor Onion Services for our core infrastructure is the first step in likely many to come towards securely helping those in need.

We are grateful for the opportunity to serve. Let us welcome 2020 with a rebuilt infrastructure and a renewed purpose!

Tags: 

Subscribe to RSS - infrastructure