HardenedBSD cofounder, Emerald Onion Advisory Board member, all around infosec wonk.
This is Shawn Webb from The HardenedBSD Project. I use the bsd.network Mastodon
instance. This message is cryptographically signed with GPG by me.
My GPG public key can be found here: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
-----BEGIN PGP MESSAGE-----
owGbwMvMwMH4Xy99UfmPh78Y1zL6JYnlJhaX5Kfk5+mWpRZlplXqGhjqlVSUJGeY
LgrJyCxWAKLgjMTyPIXw1KQkhbSi/FyFkIxUBY/EopTUvNQUp2AXhYCi/KzU5BI9
BU+F0uJUhRKgdFJxil5eakl5flG2gi/UAq7MvOKSxLzkVD0FsMm5qcXFiempIBuS
iyoLSvLTixILMjKTE3NyKhWKM9OBpiuUZ5ZkKLgHuCskVQLV63Fx+VaCuQWlSTmZ
yQrZqZUKyYl5CkmpCmn5pXkpChmpRalWChklJQXFVvr66ZklehlQh4JclF+Uro/E
1weaAjShWF9XvyixXB8UEKlF+mDfxoN8q29g7Gji7OTq5GRh5Opo6mhm7mLpZmxh
auzmZuRqZu5oZG7uZuFq6OaoBzRIL7E4mauTyZiFgZGDQVZMkYV5yenXO/SWLqud
bxEMC3FWJlC4MnBxCsBEvBj5f7N6cu+IKbu0W9lzaq5JetLVD0ey12mlHj/msqfr
uMmbBZ2rOf6eiDQ12V/pp1l/w0Ju+qff7rKnLq8qjH8Y2HftWnv1m9DK8/uSXk9J
/NQl9a9e51utUPdGNZGFvBUXbGX5P+7f+XL6ogtGJjf0Jk24c1P5e2bWNwfOA29l
Kz236GmtXXjaJunG0S12P8z6+CXiTdeJnFeW4Fp0yr3sor7ZBc1LCnZ+ukIzsoUW
r1885eyr9fsvcagHKLIuMn17yULsYECJdOBR6d3FW56kuav+e9UYqsFffvXUAY0Q
k2sdUbu+v2mpuaid7R0mu+QTg2WXb1haZjzP+qU35nxPOciRX6ctoXTrTXPwlAs3
d22bFTjllBPfffYbUx5Oc9lcuP6Sj+QWzxfv/i+N++nAc/Ndk8zHfdrfd6pqb345
b/F5lo+eBf8bb+rN/Ow6YdaFp9ElyUcVOnR0Xe28jxdM32v/trTjM+P27fqmZtJG
mROK/z3I/JuwZMHy0ysTr9rUB29d+PFK7ELzvPSKG+uZJxzNnblu08lT4S6mLK3H
/5wSvKvUz6Sd0XEt4JEA55qrbEon1SfuO6xVI3Uju8trfkRYLtPZ4x+kth++quT8
NG7qhe87tu2pNee4Pj30vGXotRtnjlbcn270NSj0A2u4y87LgqyTlOxuam+M/Xwx
753l+S9yCjoi1TevTP81R+xzQrpdcsO0Zz4qH5Qr3adfAwA=
=E4qi
-----END PGP MESSAGE-----
I restarted the last #HardenedBSD 15-STABLE package build. Tons of ports failed due fetch due to the network issues. Starting it from an incremental state means it should be finished relatively quickly.
We're now mostly alive! IPv6 is having issues, so I've disabled that. But IPv4 access into the #HardenedBSD infrastructure now works.
Even though we cannot currently provide packages and installation media, #HardenedBSD users can fetch the src tree via #Radicle and build the base OS bits.
I'm hoping this weekend to have fully integrated the Radicle distfile download support.
It's now 19:00. I've only clocked in two hours at work. I have a migraine. I still have six hours left to work.
Then I need to work on the #HardenedBSD #Radicle integration with ports.
Right now, folks cannot build their own packages since our #GitLab is down. Our GitLab is down due to the server exhibiting hardware failure after being hammered by AI/LLM web scraping bots too hard over the weeknd.
Now I'm left with a half-working internet connection, no GitLab, and no way to provide our package repos to the public.
Although, our #Tor users should be able to hit our infrastructure again since we provide Tor Onion Service endpoints for our package repos.
That's actually a bright side to this: at least the core part of our "human rights-focused infrastructure" remains functional even while its own infrastructure is crumbling around it (to be clear: the hbsd infrastructure, not Tor, is crumbling.)
My grumpiness level is nearing historic levels today. I'm so very frustrated, tired, angry, and burnt out. Everywhere I go, I just run into problem after problem after problem after problem, and there's no one else to fix them.
Once I shave a few years off my life by tackling these current issues, I think I'm gonna take a break.
I don't have access to my email since my email VM is offline.
The #HardenedBSD dev/build infrastructure will remain offline for the foreseeable future until our ISP situation improves.
Lost enough dexterity over the past couple years that I can't make a single ethernet cable. Giving up after two hours.
I've got things working! I now suspect the problem was my Framework16 laptop, not the server.
Directing #Radicle to point to my other laptop for the initial seed fetch for both src and ports resulted in success!
So we are officially on to the next step of the process: Integrate Radicle support into the #HardenedBSD ports tree.
Now, time for sleep.
I feel like everything is breaking around me and I have no way to recover.
I'm 100% out of ideas. Our servers cannot handle the load the AI/LLM web scraping bots place on #GitLab. #Radicle is turning out to still not be ready for prime-time. I refuse to use #GitHub beyond being a read-only mirror.
Self-hosting our code repos is an absolute requirement in order to provide higher levels of OPSEC than what third-party hosted services can provide.
So, at the hands of our oligarchic overlords, is this the death of HardenedBSD?
Someone please provide me ideas. I have no idea what to try next and I'm desperate.
editi[0]: This is solved! I changed my approach and now everything's happy--and so am I! :-)
#Radicle is working fine for #HardenedBSD src and ports between two laptops on the same physical network.
But, it's not working in the slightest on the HardenedBSD infrastructure. I cannot get the seed node fully fetching the repos. Radicle just times out.
The biggest issue is that it will try to restart the fetch from the very beginning upon failure.
So we're transmitting the same exact data many, many, many, many, many, many times only to end up failing again.
Radicle should probably archive the data at the point of failure, then when restarting the fetch, it can start from where it left off.
Otherwise, we're experiencing first-hand the populist definition of insanity: doing the same thing over and over and over again but expecting different results.
So we have the #HardenedBSD hardened/current/master branch on #Radicle. I pushed the hardened/15-stable/main branch, but on my other system, git branch -r | grep rad shows no other branches, just hardened/current/master.
I'm supposed to add a crefs rule in the identity document, but I'm not sure what that's supposed to look like.
Would it be something like this or something else? I'm a bit confused.
"xyz.radicle.crefs": {
"rules": {
"refs/heads/hardened/*": {
"allow": [ "*" ]
}
}
}
Today, I'm thankful for the last #HardenedBSD server donation, which is our storage server. This is allowing us to backup and transfer VMs from a mostly-dead host to another.
I might just buy the new Framework16 keyboard since I've been experiencing major issues with the existing one.
So, my conversation with Dell to get a quote for a new server: just under $69,000 USD.
I'm gonna guess used servers manufactured in 2020 or sooner are gonna be prohibitively expensive, too.
I don't really see a possibility where the #HardenedBSD project could ever afford any new server, whether brand new or used.
Welcome on Radicle! The repos for src and ports are now seeded on at least six nodes on the network. Most of these are operated by community members. Shout outs go to @defelo, @yorgos, @liw who are supporting with bandwidth and storage in various places in Europe and North America. ✊️
Happy to have your feedback as we continue to work on improving Radicle day by day.
It is really heartening and motivating to see the #Radicle community come to aid #HardenedBSD. I'm so grateful folks are helping out, especially at the cost of time, bandwidth, and storage.
I feel full of gratitude this morning.
HardenedBSD cofounder, Emerald Onion Advisory Board member, all around infosec wonk.
