What a busy month it has been! And not just for HardenedBSD, but for the rest of the security and IT industries as we work through the xz backdoor (CVE-2024-3094). In src, the hbsdcontrol utility, and the library implementing the core logic (libhbsdcontrol) were rewritten from the ground up. While the implementation is now feature complete, there is still a bit of work to be done. Chiefly, rewriting the manual pages. After the documentation is updated, I plan to also integrate libucl support, to support JSON output and perhaps also support applying rules specified by a configuration file. In ports, www/firefox was fixed and the minimum llvm version number was bumped for devel/boost. Updates were applied across the entire infrastructure. A new build of hbsdfw (a HardenedBSD-basd fork of OPNsense) was deployed. This build has some issues, so I would recommend others not to deploy it, though it works fine enough for us to keep this current build deployed. Here's what to look for in April: Continued work on {,lib}hbsdcontrol. I'm hoping to study more the dance between the CSU, libc, libthr, and the RTLD. More work on libhijack, perhaps a new shim library that gets injected to help aid further process injection work. And, lastly: $ fetch -q -o - https://api.github.com/repos/HardenedBSD/HardenedBSD | jq -r .created_at 2014-04-08T10:10:24Z Happy birthday, HardenedBSD! May the next decade be as impactful as the previous...