Show threadShawn Webb4h ago

@AnachronistJohn For eventual Cross-DSO CFI support in #HardenedBSD. Even just compiling an application with Cross-DSO CFI requires a freakton of memory, let alone execution.

LLVM's Cross-DSO CFI implementation runtime creates HUGE memory mappings on a per-thread basis.

Building #rustlang on HardenedBSD takes somewhere between 48-64GB (depending on configuration). This will likely easily balloon to over 512GB--just for compiling the Rust compiler.

So, when we build 36,000 packages (with parallel build processes), Cross-DSO CFI creates an overwhelmingly large burden on the virtual memory system.

Shawn Webb7h ago
Current status: Doing a new build of the #HardenedBSD 16-CURRENT quarterly branch to test whether I've fixed the installer image generation issue.
Shawn Webb11h ago

Conversation started with #Dell for the purchase of a new #HardenedBSD build server.

The biggest hurdle will be the requirement of at least 1TB RAM.

With our less-than-shoestring budget, I will likely announce an official call-for-donations over the next couple months.

Shawn Webb12h ago

I guess #HardenedBSD is now too hard for #GIMP.

Why is GIMP trying to ptrace itself?

Shawn Webb1d ago

85F outside, 69F in the #HardenedBSD server room at ${HOME}.

I suspect this year we'll need to finally bite the bullet on a dedicated mini-split HVAC.

Shawn Webb1d ago

Any #GitLab Customer Support people here? The #HardenedBSD self-hosted GitLab Enterprise instance license has expired, and I've been trying for weeks to get it renewed, even reaching out to multiple customer support email addresses.

Now our GitLab instance is in read-only mode and we can't get anything done. And GitLab customer support remains completely and utterly silent.

Show threadShawn Webb3d ago

Hoping to have the devel/openapi and security/nikto ports this week.

#infosec #OpenAPI #Nikto #HardenedBSD

Shawn WebbMar 12

The version of #Nikto in the #FreeBSD ports tree is woefully out-of-date.

Version in ports: 2.1.6
Last official release: 2.6.0

Ouchies. I might try my luck at updating it in the #HardenedBSD ports tree, depending on timeframes at ${DAYJOB}.

Show threadHardenedBSDMar 12
The new #HardenedBSD 15-STABLE build has been published.
HardenedBSDMar 11

With this commit, we have resolved the kernel panic plaguing our #HardenedBSD users. This one was a tricky one.

https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/4f1ff705926f9c35813f28dd3d029f31f2951613

HBSD: Re-Enable core kernel debugging features (4f1ff705) · Commits · HardenedBSD / HardenedBSD · GitLab

With commit 1aad58b919d3d22f86be01b8e26a203cd020eaae, FreeBSD removed the inclusion of "std.debug" in the GENERIC kernel. This results in a broken kernel on HardenedBSD since we rely on INVARIANTS and WITNESS. This is...

GitLab