status report

HardenedBSD July 2020 Status Report

The filesystem extended attribute support work is now completed. As time progresses, more ports will be marked with toggles. I've started documenting which ports are marked with exploit mitigations toggled.

On to a different subject: hosting network stability. Since the migration of the build infrastructure to BlackhawkNests's hosting facility, we've had a number of network-related issues, especially with regards to network stability. The stability issues have hopefully been worked out as of this morning.

We're also in talks with Verizon FiOS and will hopefully switch to FiOS once installation is completed. The switch will also drastically increase available bandwidth.

I'm also working on migrating our gitea instance from using sqlite as the database backend to mysql. Migrating to mysql should drastically increase speed and stability of our self-hosted git service. I will keep you, the HardenedBSD community, updated with my progress.

DEF CON and Jeff Moss have donated funds for a new development laptop for me. I received it last week and am migrating to it. Once the self-hosted git service work is completed, I plan to start completing our SafeStack integration such that SafeStack can be applied to shared objects, opening the door to applying SafeStack to our entire ecosystem (base world + ports).


HardenedBSD June 2020 Status Report

Now that HardenedBSD's infrastructure has found its new home, it's time to ramp up development again. We're working out kinks with regards to bandwidth and hope to increase bandwidth to our infrastructure on the inside of two months.

I've started working on adding filesystem extended attributes support to tmpfs. Once support is added, we should be able to integrate with ports/packages such that our users will no longer need to worry about toggling exploit mitigations--they'll already come pre-toggled for misbehaving applications.

I suspect this work will take a few months to complete. I've never done filesystem development, so I'm treading new waters. Once filesystem extended attribute support is added, I plan to integrate exploit mitigation toggling in the ports tree.

When all is said and done, I'm thinking around six months time frame. Granted, I have health issues, so there's no guarantees. I'll keep everyone updated.

My next goal will be integration of SafeStack into the RTLD. This is needed in order to apply SafeStack to both shared libraries and applications. This integration work relates directly with Cross-DSO CFI support, since Cross-DSO CFI requires the same/similar types of integrations.

I'm interviewing a few people to add to the HardenedBSD Board of Directors. We've added Jordan Boland to the team. He will help maintain the infrastructure. I plan to get with him once the bandwidth issues have been resolved.

I've included an intro to Jordan below. We will have more exciting news to share soon with regards to the Board of Directors.

I'm very excited to be getting more involved with HardenedBSD and to have an opportunity to serve on the Board.

I'm a lifelong tinkerer and open-source enthusiast. I was introduced to Linux in middle school and was fascinated with it until I was introduced to FreeBSD while in college. I ran FreeBSD on my personal machines for almost a decade until I was introduced to HardenedBSD, which quickly took over as my OS of choice.

My degree includes a specialization in network administration, and although I love that field I've worked in too many small IT shops to avoid becoming a generalist, and these days I do nothing related to it in my professional life. I've worked in higher education,
healthcare, telecommunications, and (to the complete surprise of my 17-year-old self) have somehow arrived at Microsoft, where I am a support engineer in the research division.

I'm not a programmer, I'm a person who occasionally has a problem that requires writing some code. On that journey I've dabbled in C, C++, C#, Java, Python, Perl, Powershell, and BASH/Bourne Shell (extensively). I really admire those that can write kernel code
and have such a deep understanding of the hardware and what is happening "under the hood", and I'd love to have that kind of proficiency someday. In the meantime, my best contribution to this project will likely be infrastructure-related. Deployment of Kerberos
and LDAP comes to mind, and perhaps digging around inside Gitea to understand why it gives 5xx errors to us. Let me know if you have any questions I didn't cover here. I'm excited to get to work with all of you!


HardenedBSD April 2020 Status Report

Hey HardenedBSD Community,

It has been a while since I've written a status report, and now is definitely time to do so. Over the past few months, I've put my focus on infrastructure stability and merge conflict resolution. The work on exploit mitigations is still somewhat on pause, though I've made slight progress on Cross-DSO CFI.

Our build infrastructure has been hosted at my current employer for a few years now. I'm so grateful for G2, Inc (now Huntington Ingalls Industries) for their support and help in ensuring the continued success of the project.

After over five years of service at my current employer, I've tendered my letter of resignation. The people I've met, the projects I've worked on, and the culture and virtues instilled in me made me fall in love with G2.

I've decided to take a new employment opportunity. BlackhawkNest will host the HardenedBSD build infrastructure with room to grow. I've architected the infrastructure such that the migration should be mostly plug-n-play, only needing to change a few IP addresses.

I plan to shut down the infrastructure in preparation for the migration on 02 May 2020, which is one week in advance of my start date. Builds will resume once the infrastructure has been deployed at the new facility. Note that published builds and package repos will still be accessible. Only the build infrastructure, which is separate from the infrastructure serving the builds and package repos, will be down. I do not currently have a date for when the infrastructure will be back online, but I suspect around two to three weeks from 02 May 2020.

I'm excited for this new opportunity, and especially for BlackhawkNest for agreeing to host the build infrastructure. I'm positive that the relationship between HardenedBSD and BlackhawkNest will be symbiotic.

Thank you so much for your help for and support of the project.


Subscribe to RSS - status report