HardenedBSD February 2026 Status Report
15 views
Skip to first unread message
Shawn Webb
Mar 1, 2026, 3:33:14 PMMar 1
to HardenedBSD Users
Hey all,
February saw a few changes in HardenedBSD. The majority of my time was spent
chasing down the kernel crash in HardenedBSD 15-STABLE that has been plaguing
our users. I worked on narrowing down to a three-day window during which a
commit was made that causes the crash.
As I write this, I'm narrowing that down further to the specific commit. I'm
hoping to have this resolved this month. If I find and fix the problem this
week, I will create new builds for folks to use. Otherwise, the next scheduled
regular quarterly build is for 01 Apr 2026.
I appreciate everyone's patience on this. This has been a tricky bug (at times,
it fit the description of a "heisenbug"). My spare time is limited (I have a
rather large amount of tasks/obligations in everyday ${LIFE} right now), so it
has naturally taken a long while to get to this point.
While inbetween clients at my dayjob, I have been granted the opportunity to
research meshtastic and other mesh networking projects. I'm getting a lot closer
in my censorship- and surveillance-resistant mesh network proof-of-concept. I'm
now at the point where I need to port Linux-specific code to HardenedBSD. I'm
hoping to get normal tcp/ip packets flowing through Reticulum nodes on the
inside of six months. This project, announced in partnership with Protectli
one-and-a-half yuears ago[1], is starting to move along at a nice pace. I will
have more to share on that by the next status report.
On Saturday, 28 Feb 2026, I had given my local Hackers N' Hops chapter a little
show & tell of Meshtastic, Reticulum, and HardenedBSD. I met with a bunch of
really cool hacckers there, and demoed two Reticulum RNodes backed by Reticulum
instances on two HardenedBSD laptops. I demoed an exec-over-meshtastic Python
script I wrote the day prior. The script is available on Radicle as
rad:z44pvAJS7SiQf2CGtpn8hY44GDMyu.
Speaking of Radicle, I plan to migrate some of my personal repos away from our
self-hosted GitLab and onto the Radicle network. With time, I'm hoping to
migrate us completely towards Radicle. Now would be a good time for those who
want to contribute to HardenedBSD to start playing around and experimenting with
Radicle.
In src:
1. Contributor "gmg" hardened the kernel crashdump interface.
2. Opt zlib kernel module into -ftrivial-var-auto-init=zero
3. bsdinstall(8): Align us more closely with FreeBSD
In ports:
1. net-p2p/reticulum was updated to 1.1.3_2
2. Disable PaX PAGEEXEC and PaX NOEXEC for science/zotero
3. Bring in candidate patch to fix dns/unbound
4. Hook hardenedbsd/ctrl into the build
5. 0x1eef added a new port: hardenedbsd/ctrl
6. Bump ports-mgmt/pkg to 3.5.1_1
7. 0x1eef updated a port: portzap v2.1.1
8. 0x1eef updated a port: sourcezap v2.1.1
Once I have figured out what's going on with the 15-STABLE panic and have a
proper fix in place, I plan to quickly switch gears towards hbsdfw. I haven't
produced a working hbsdfw build in a long time, and it's far past due. After
that, I plan to switch right back to the Reticulum research and development.
I'll make sure to keep the community informed of the 15-STABLE findings and
fixes.
[1]: https://hardenedbsd.org/article/shawn-webb/2024-09-23/hardenedbsd-and-protectli-collaborates-censorship-and-surveillance
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
February saw a few changes in HardenedBSD. The majority of my time was spent
chasing down the kernel crash in HardenedBSD 15-STABLE that has been plaguing
our users. I worked on narrowing down to a three-day window during which a
commit was made that causes the crash.
As I write this, I'm narrowing that down further to the specific commit. I'm
hoping to have this resolved this month. If I find and fix the problem this
week, I will create new builds for folks to use. Otherwise, the next scheduled
regular quarterly build is for 01 Apr 2026.
I appreciate everyone's patience on this. This has been a tricky bug (at times,
it fit the description of a "heisenbug"). My spare time is limited (I have a
rather large amount of tasks/obligations in everyday ${LIFE} right now), so it
has naturally taken a long while to get to this point.
While inbetween clients at my dayjob, I have been granted the opportunity to
research meshtastic and other mesh networking projects. I'm getting a lot closer
in my censorship- and surveillance-resistant mesh network proof-of-concept. I'm
now at the point where I need to port Linux-specific code to HardenedBSD. I'm
hoping to get normal tcp/ip packets flowing through Reticulum nodes on the
inside of six months. This project, announced in partnership with Protectli
one-and-a-half yuears ago[1], is starting to move along at a nice pace. I will
have more to share on that by the next status report.
On Saturday, 28 Feb 2026, I had given my local Hackers N' Hops chapter a little
show & tell of Meshtastic, Reticulum, and HardenedBSD. I met with a bunch of
really cool hacckers there, and demoed two Reticulum RNodes backed by Reticulum
instances on two HardenedBSD laptops. I demoed an exec-over-meshtastic Python
script I wrote the day prior. The script is available on Radicle as
rad:z44pvAJS7SiQf2CGtpn8hY44GDMyu.
Speaking of Radicle, I plan to migrate some of my personal repos away from our
self-hosted GitLab and onto the Radicle network. With time, I'm hoping to
migrate us completely towards Radicle. Now would be a good time for those who
want to contribute to HardenedBSD to start playing around and experimenting with
Radicle.
In src:
1. Contributor "gmg" hardened the kernel crashdump interface.
2. Opt zlib kernel module into -ftrivial-var-auto-init=zero
3. bsdinstall(8): Align us more closely with FreeBSD
In ports:
1. net-p2p/reticulum was updated to 1.1.3_2
2. Disable PaX PAGEEXEC and PaX NOEXEC for science/zotero
3. Bring in candidate patch to fix dns/unbound
4. Hook hardenedbsd/ctrl into the build
5. 0x1eef added a new port: hardenedbsd/ctrl
6. Bump ports-mgmt/pkg to 3.5.1_1
7. 0x1eef updated a port: portzap v2.1.1
8. 0x1eef updated a port: sourcezap v2.1.1
Once I have figured out what's going on with the 15-STABLE panic and have a
proper fix in place, I plan to quickly switch gears towards hbsdfw. I haven't
produced a working hbsdfw build in a long time, and it's far past due. After
that, I plan to switch right back to the Reticulum research and development.
I'll make sure to keep the community informed of the 15-STABLE findings and
fixes.
[1]: https://hardenedbsd.org/article/shawn-webb/2024-09-23/hardenedbsd-and-protectli-collaborates-censorship-and-surveillance
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Reply all
Reply to author
Forward
0 new messages