Vacancy Announcement: MakerSpace Coordinator, NovaLabs

novalabs-makerspace-coordinatorNew Vacancy Announced at NovaLabs, Reston, Va

MakerSpace Site: http://www.nova-labs.org/about/

ANNOUNCEMENT for a Makerspace Coordinator, Announcement pdf below.

novalabs-makerspace-coordinator

Anyone that is interested is highly encouraged to contact Jim (email in the PDF) or anyone at the MakerSpace. NovaLabs is located at 1916 Isaac Newton Square West  (approx. .5 mile from the Reston Silver Line Station).

Not your thing, feel you’re not qualified but know someone else whom may be a fit or interested? Share this post or the pdf itself freely.

F26 Live Respins Test Builds available, *** Call for additional testers ***

With the recent public release of Fedora 26, we in the Respins SIG, have begun testing of Fedora 26 builds.  These test builds include:

Cinnamon (CINN)

KDE (KDE)

LXDE (LXDE)

LXQT (LXQT) — New addition with Fedora 26, additional/heavy testing requested.

MATE (MATE)

Sugar On A Stick (SOAS) – Educational spin, tailored to youth and those with cognitive problems, (i.e. rehab after a stroke)

Gnome Workstation (WORK)

XFCE (XFCE)

Please grab the ISOs from [ http://de.fspin.org/Testing/ ] or  [ http://tx.fspin.org/Testing/ ]. If you happen to see multiple runs there unless otherwise asked to, test the newest date run.

 

It is planned to have any build issues worked out by mid-August and by the start of Fall term having Official 26 Respins replace the present 25 builds.

For any questions, feel free to join us on IRC, [ ircs://irc.chat.freenode.net/#fedora-respins ].

 

 

 

 

 

 

F25 Updated Lives Available (4.11.6-201)

We in the Respins SIG are pleased to mention the latest series of Updated Live Respins carrying the 4.11.6-201 Kernel.  These respins use the livemedia-creator tool packaged in the default Fedora repo and following the guide here as well as using the scripts located here.

As Always  there are available @  http://tinyurl.com/live-respins2

For those needing a non-shortened url that expands to https://dl.fedoraproject.org/pub/alt/live-respins/

 

 

Updated Fedora Lives Available (4.10.16-200) Memorial Weekend Run

 

We in the Respins SIG are pleased to mention the latest series of Updated Live Respins carrying the 4.10.16-200 Kernel.  These respins use the livemedia-creator tool packaged in the default Fedora repo and following the guide here as well as using the scripts located here.

As Always  there are available @  http://tinyurl.com/live-respins2

For those needing a non-shortened url that expands to https://dl.fedoraproject.org/pub/alt/live-respins/

This round will be noticeably missing from it’s usual gpg clearsigned CHECKSUM|HASHSUM files hosted on https://community.ameridea.net due to a key cycling operation.  This post will be updated with the  new KeyID|Fingerprint next week however, next run will be the first run with that key in play.

 

Halloween Respins – F24-20161031 Available NOW!

It is with great pleasure to announce that the Community run respin team has yet another Updated ISO round.  This round carries the 4.8.4-200 kernel along with over 800 MB of updates (avg,  some Desktop Environments more, some less) since the Gold release back in June.

Torrents will be available at the same link as usual alongside the .iso files.

Below are the contents of Both CHECKSUM512-20161009 and HASHSUM512-20161009 (the later is torrent hashes):

cat CHECKSUM512-20161015

(Clearsigned with 0x418E43BCA33F2A72)

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

097865c98d5f9f57ee7ad3fada949ac8b157edd630583469edd907ce462bbe35acf12ca12bbfc25c267b9408039f0543281ac8f9f9e282bfe7df9641062b9a39 F24-source-20161031.iso
2166affc2ff4deaa0bec43886a237c5b7f48c84d99aa9d9cd489570a37a196e04b922705805849f939bf7a42fd66fa02ac3e0999f551c7a8447e8a441e0bd232 F24-x86_64-CINN-20161031.iso
e22749beb1551ffcaf4c783f8f80ddca75b7a598a64ba871ff7b05606291a04140be3e1f7cf38eaad04d1d9472b6cbc5ae4625e149c36a2b896f4417fd9c6806 F24-x86_64-KDE-20161031.iso
52b40fb102937c4ec26fc023ae4c35017d63b0fb020af7ebac23b709c8e377563539fc28cf88695a26578c03c03c9fc3a35b99a6dfc41e9d8a1242080f00bea4 F24-x86_64-LXDE-20161031.iso
940da45b86f0eae4dfdcc3aae8996b3f362b4c6cfa2bd64f738c443fb2d5e44402ed2ce525f1b5c40b0c9a0fc15d38fa8abccf1769a283a4668fd82471a9a642 F24-x86_64-MATE-20161031.iso
e8f17566749c479f85daa853ae1b90023344bbc73175685e3a3b5aa30b3da834337724ee5368441e9c8d0d309840f110abaf30ae5c47958e85c412f30aee4e7b F24-x86_64-WORK-20161031.iso
782bdc335d26ac37ee98873a121494c69599e711f13a21c512155067117c4c4185a3e75d98226f23245adf8aeafac36a995776ffbb43b24bb86d675674f44064 F24-x86_64-XFCE-20161031.iso
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iF4EARYIAAYFAlgXyFwACgkQVcTldQ4br27U8QEA/IuJ0GO9nlBjPu/IEW9chu+v
NlsxETRymMTHEx/2SYoBAPfWDenvJHsXzxgHJ2rplnVZMFgqZKyDdnjz9vhj6fgE
=9FhV
—–END PGP SIGNATURE—–

cat HASHSUM512-20161015

(Clearsigned with 0x418E43BCA33F2A72)

 

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

63f89913c4d6e624ae3c597db04f550b7c439062 – F24-x86_64-CINN-20161031.iso
32940a5c6fc8fb9ef0834c0f6e94031d608ff6de – F24-x86_64-WORK-20161031.iso
f480c0d871b3caffe5442e949a2f0da9de6aba0c – F24-x86_64-KDE-20161031.iso
feceb406b513e912fda319de4f0eb0806f47a9fd – F24-x86_64-XFCE-20161031.iso
90c2e7169047a2d82b672b5fd958380ec2178be3 – F24-x86_64-LXDE-20161031.iso
dd8552d9acde541ae352ca9e80ddbd1afcc69b28 – F24-x86_64-MATE-20161031.iso
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iF4EARYIAAYFAlgXyEYACgkQVcTldQ4br27aGgD9HUoY7F41zxtibZyYzFxt7Eim
IR1TsmqCJruJNx97t5IBAIUSfMgFEVLbf0dpeNrJoM+h9FNRF7Fe1navV5t2YScD
=c951
—–END PGP SIGNATURE—–

Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

F24 Updated ISOs available. (Kernel with Dirty Cow Patched)

It is with great pleasure to announce that the Community run respin team has yet another Updated ISO round.  This round carries the 4.7.9-200 kernel along with over 800 MB of updates (avg,  some Desktop Environments more, some less) since the Gold release back in June.

Torrents will be available at the same link as usual alongside the .iso files.

You have heard about this nasty privilege escalation bug called ‘Dirty Cow’ , well rest assured the infected farm and farmer have been found and the vaccine has been applied to the kernel in these updates. More info on ‘Dirty Cow’  on my blog post on it here.

Below are the contents of Both CHECKSUM512-20161023 and HASHSUM512-20161023 (the later is torrent hashes):

cat CHECKSUM512-20161023

(Clearsigned with 0xF59276298D2264944)

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

8d1c8b9637b1ccc16233ae740e6e0137485574a6f02ab05e66e5a6fb8d5c18a6671395e14341e2cb45f902cd20a4ef987bd83265b68932b8c2183ff2b5194e5e F24-source-20161023.iso
aee5e894dc6b34e207aaa0f23f7a4fd6d16577846d5f7ab3568a234f9e0b2bea1ae814a2291852cb2dbba3930b046ce31cffbcadaf5bff72208a36176eabbecd F24-x86_64-CINN-20161023.iso
6875a43e59a899e4520260e19fb28bb7ade59565b46fc6ad4f22ca8da01c57822ca7ed9373f795377dfaf750d28b6df6c1c083da5d5a0628f8d26553fb744ea0 F24-x86_64-KDE-20161023.iso
197ea70be8337f97f60e2558188e82f53eae0208d3166a7356267dc515e0b7c6204e4b5aae1ae4b44150ff59881a7c2b3d8c998e9dd715872d8c2fe1fe0485c3 F24-x86_64-LXDE-20161023.iso
7f4b48998cb716042a899089f1b292aa77ce5fca44c8d69ceb25f8769da5d9bbe2b29cef728630ae643ad4fc290c64adf270debb228454e620509f039294849c F24-x86_64-MATE-20161023.iso
ffb77a60e5895d4521c58efcbb41bb6afcca7a9a2b3320929cecb9422d00caa1cb7e5f23b04bae9644bf6ea0dae1ab2c9674f4f7ba243acd6250fd5e90221c1d F24-x86_64-WORK-20161023.iso
4ba2915a0ba51b870e7a51eb8d658464bac99f6d998f9f06c26ab8642fedd0212c2ab47c256c7fb5be060494dd6c8eb3279a0d84ca8516db199e45e612d2e502 F24-x86_64-XFCE-20161023.iso
—–BEGIN PGP SIGNATURE—–

iQIVAwUBWA4cJVknYpjSJklEAQJ/JA/+MU/4Xrq8fXdLRbvA4OF62ppOgwaYndi+
iU2bLNACA8251FW8V/okP4zk0yq7s2kWJpjc/ULjmBUflXaUFQJM94C8/vzkhRBF
QDi08YddEhZwcWXO+0Xut+7i8omrvGlXtlgFC9MZrzug2ZMhFBFWs+i26tTlFrsQ
LF4P6GyBu7ozNSuQMUGFz26jmC2lxpWvJHXLqgoHdpKK/TvIlUSFzO5viB4nGfaH
MoUFR8f4pSvFXzo9j7/IbzDjR3j1/UHjT8TKmGIaVlAMhtxkEXUcbpwetvZ2xl3G
rYjFWibMkeW10IAsCLJ+zXPEg0CcBL/+PXjvKHBas/A2PgD0B8VbLgXOpk26wJHq
tMEcgTGNLZqukVysr2eWRNtnaDgWvngIEL8VgtfuYTAOWR4bnpuK30ll22mEA91N
ui8djInyd37nLzVpMdlSD1gnf/OkOu5BxH4Qslw7GNZZHXNyuV1bDIAOtC67CXk3
PRYUdb3/be9MLPYjuvNdsKlUBUBFE/zPHtTOdS1susCylqjJbIWNA8DEOo8pTWmv
+npkvAb647RV20c/5nr5TL0xZvD7dTj/geBPZ8xnf3vSp/p5uNUeBOJ+2JVWj117
4q4yhEb1bEPL0vStyyoFuDHCI8wEDJkwRrZG8PE0I1m6B19lXoA/nfYWd/h6OaQ3
w0tSYvcHqpQ=
=+BTN
—–END PGP SIGNATURE—–

cat HASHSUM512-20161023

(Clearsigned with 0xF59276298D2264944)

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

c45662c568ecb116fd18e8f2fae4dedb43a17bdd F24-x86_64-CINN-20161023.iso
379d63a42b3e218cc0aefebc176eabe4c508c622 F24-x86_64-KDE-20161023.iso
89cd48b48d4b1163ac0b81fa639b40ae11fc36ae F24-x86_64-LXDE-20161023.iso
9dfb8df60faa611178d430d897ea365f3df4bd00 F24-x86_64-MATE-20161023.iso
240f78a935d54ef5c92491ee14334b14ad4d5951 F24-x86_64-WORK-20161023.iso
4af163e1162642e8d2a2632878106b94c58ac22a F24-x86_64-XFCE-20161023.iso
—–BEGIN PGP SIGNATURE—–

iQIVAwUBWA4cRlknYpjSJklEAQIbKw//U9SbHay3ma/wo1fz1atkVmabYqsAHUZP
NA4iF1iJuFIfgkDIxlnoF8cAHAnxymp13oeA5jd5Mrx8m3TsLkFlv8XRG9tSjyXp
zGtrkxCrqSMNlE71FrU7iicAhOhDa0MvX14o76Zvn03oLfeWCI+Rjl2XTHDwnxPf
vcKKrRR7QSOfD8LjbzaIm1HmnRD83uU2ZEWixdrFwcf0Ris1iiaXffnWLyi11Y0M
TYtu2UWSot/FNsa0tprqh/w0Pb1EOJz6xCjOHbUAlZg0K2WzQd8k+be3AzIaZRUs
r8HmN6xW8RqUnoojk0sbeA3uMAg6UkECbhmI//RLw89g24WBfOGE2bJpBCRIHmZp
aXohVaR9vOpUvjcovg8Ux1UzI01u8C9ncXoAfSLpouaE3iecafNswkGC5NzTKUE+
T6ipz8ORJ14dgnXW0piztf1+tg3uy+P86qcLj2cAX1UKsYPCR6/oUlAt3iO0BPbA
KJxwTNzITIZIA0V83qGQyyiPYH9vv4oP9D/bZjomOpyGchI0BlpA+ldQYXIXtXFv
o697JA8gBzYIjjdqgKZn6srRjHoWDMyLv9qKFShjtadnaKcc2zU1Z3+JA9Bshuhu
LB0ER9kVDhrAblZZZ2GqXhUvSVvZYv86qt6Jg1x/HouLHD0AaOT8oJ/9sdbJyZZl
l5Lt7JcoMH8=
=Vk0T
—–END PGP SIGNATURE—–

Fedora 24 Upgrade issue — Workarounds

So if you have been around Fedora  for awhile you are familiar with one or both of these commands:

sudo dnf update

 

sudo dnf upgrade 

Well if you grab the ‘Gold’  ISO (the one supplied at Get Fedora), and do the usual updates upon install within the X Server Environment (the usual graphical desktop most users are familiar with),  due to an odd trifecta of updates that are all coming in at once the update sequence has been found (in Gnome, possibly others) to crash the X Session whilst in the update process. The issue is this sequence downloads the new bits (namely XServer, Systemd, kernel-4.7.6-200) yet fails to install them properly due to the X crash, and effectively leaves your system in an unstable and often unusable state ( for the non techie types at least) .  So are there workarounds?  Sure.

If you install from the Gold you have a few option you can do:

• Do your first update via the command-line ( /dev/tty) not the one in the graphical environment,  this takes the X Crash out of the picture as its not even in play doing it this way.  This is as simple as Holding down CTL+ALT and pressing ‘F2’ to bring up a legacy terminal ( the dreaded black terminal, where you merely need to login with same credentials as you would to login with the graphical, once logged in run ‘sudo dnf update’ , and let it do it’s thing and reboot… VOILA.
• Use a ‘Net-install’  Installer image ( this requires networking capability — unless a local nfs or similar local share is used). This option pulls in packages from the mirrors directly installing the most current ones for your install, negating the need to do an immediate ‘sudo dnf upgrade‘ as those same packages are installed from the beginning.  If you are wishing to setup a local mirror you will need ~ 500 GB and can find more info on those setup details here. If you are solely using this mirror for internal use, feel free to disregard the Intelligent Mirror Bits.
• Use the Updated ISOs made and maintained by a small team of Ambassadors for use by the Fedora community at large, they can be located in the most recent edition here. These are made upon every new kernel release (into stable), and include both native direct download and .torrent options. I personally sign with my Fedora GPG Key all checksum512 and hashsum512 files on my ‘people space‘ , with the key available in the common parent directory.  These files are contain the sha512 values for the valid ISOs and torrents ( hashsum512-$(date) is the torrent hash itself). All torrents contain the corresponding ISO Sha512 in the Comments section.

Also a quick note for those using system-wide network keys ( normally when you select ‘Allow all users to connect to this Network) and doing a ‘clean install‘ using the Gold ISO,

backup along with you /home, the following sub-directory so as not to lose your network login keys and credentials: /etc/sysconfig/network-scripts/keys-* 

 

F24-20161009 Updated ISOs (w/ 4.7.6-200) Available.

It is with great pleasure to announce that the Community run respin team has yet another Updated ISO round.  This round carries the 4.7.6-200 kernel along with over 700 MB of updates (avg,  some Desktop Environments more, some less) since the Gold release back in June.

Torrents will be available at the same link as usual alongside the .iso files.

Below are the contents of Both CHECKSUM512-20161009 and HASHSUM512-20161009 (the later is torrent hashes):

CHECKSUM512-20161009:

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

028191c9aec53a93ce78263d308e859208452034ba37da0759603c239ca4877c8b76d2737c735a2adfe1bf017ffabb97ec1574e96dea8fb764fba8df0bb246f8 F24-source-20161009.iso

5597530fcab9a6ac2e34c4faa3f2c7d38bedbe5f56d0f381769b839e3dc2b5d7c9b9b2bb6f967ed5c1255706ddf1c9cd955da54d1dd282eb4f3eb7ff25249641 F24-x86_64-CINN-20161009.iso

187cbedc4fef26150a486ac81a944d486c579884ebf22fd6d99923c256cef2115352ddd0d9063057e5b7dd1f1a539b53e3e02b8ee992242819ebe8aa30df3e30 F24-x86_64-KDE-20161009.iso

325a211e844fdfd0fe3e27c68eef5bf6aa447506f1448a2f842f30a6a9de9b37b06738982b39dac7cf5672a92558a0a67ad305fd28f92cbb15997c71b23b3d03 F24-x86_64-LXDE-20161009.iso

8439d46ddeba4d7b83d46e214ec9e126a6ce03fa08569c2097413a92921d9a5a627c836048d62eda8190f58e7954b1c991e6dd4e90a8ac0d26ade38ef6bc2414 F24-x86_64-MATE-20161009.iso

aa19c1b3fac9dc1335e1bbfe65ab1674ad95bdc0423cf59f086f44f5ec82b88e8f9ef6791f461baacd3b5407de600c5591bc6b0e53d5002c78416fba73529a4d F24-x86_64-WORK-20161009.iso

9e14ff1edeba6d4db9a70e4c575b1087ec23413eadc8f3f1d8f0f23fc1e239ccf5a074756b19ad4fd4e71d042cc44bb029c8c651bf162adbe1ee275da2744eb0 F24-x86_64-XFCE-20161009.iso

—–BEGIN PGP SIGNATURE—–

iQIVAwUBV/rlD1knYpjSJklEAQIAfg/+ONSGWq5DSdJBlypKTkqjGGGNIfhlMeIR
BzTRrjuwHTPgmspOgl/jDSCnP7AEyqsd8d3ZjihIKcsAiXhg/brnaWz8tvSbSVje
CQ5CXRBXnoxzHKibEIVTXjJB8868/WhoPbR+kqhQ3SbH/YyU586T8DXj2tXUp40q
Dpqq4hvZVxQRQPcZvnXrr+nNS1BaXdF1ykeAYkVsRtVy8M8N+JS0NyKgxLpeN34c
LF6c6x+Ey9TfTq7Cni7NuyAcMhkA7Xxjx4Tn2oMLeqreE+BXvGOAdnF4tRdfL36m
KIunKYuEqcJV08MntBCzVYWpTByusCwj5lFw7pNcdzfuBRBnwqY+7r/Nad89FAuy
xof9rVHZLWeF/HmY5HlCJ3HMb4k6Tcrl5rfXDpoUev9OprNdaIrA2nG8loIxtHmj
Eyg0e4EXVj26ZjKdHuddlgNt5+meKA50VLQCwXnQ2ZtQAyHuY38Nq6/qTLBzBE+m
SBp5aitXVLCWPcRC4m5ERkUvRo5T84AnbQqsZPUSHYG7DiG751e/Q+6Y7LIUhu/d
dNSV/kzgz/ycrV9S2FV91KrbnMpgFd0pAvEEl+nM4wxtGZ1heCbUrHaXAJ+zohgL
mTAa/+EpThqixZk6S4YMX04Eb7YO/NS07eNU+s9Ve6OxB2PKhniMhSUoDuYAOzat
Eig5cr019MY=
=GSJn
—–END PGP SIGNATURE—–

HASHSUM512-20161009:

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

a084246db34a479fccfb451b9105f0c756873ea275ceee936e440a57118798bac2d6ca42f91aaddaa7f2898988fedc083697c7551cff9f58bb014dd3f9340d86 F24-x86_64-CINN-20161009.torrent

529fcf3715f0dd845b4d2b86cbea3a5a46e124069a6407a3a2b4794fc460e3202c730409ced22e9f2f2c19d9e436dbc3dcc0867c7d3b3d663984532904a7f6b7 F24-x86_64-KDE-20161009.torrent
258b4dc9b81f5dc05c85182328f42c3255f0a57112133030c28df62af34b9ae2de4fdc0a256a378a2674e40a15dbe9df8a558736d246951cfd0c0201b2374d11 F24-x86_64-LXDE-20161009.torrent

e17a7890da5db486457dd39137f7131703fe526afa6cbe34d06f3a2f2df5d2c8ad0d689ccc038ca8800b153ba90e4e73c56a4579f3bd9cfd4098b9f431c0ec05 F24-x86_64-MATE-20161009.torrent

b8b5e73602e170e63bc07ea63bb864bd6b4b88c2947eda85c3e17b8b36f83175f5aca5552111d1ad7f5f939c95cffd96f4d9837cf3b645b80b73552030ca11f4 F24-x86_64-WORK-20161009.torrent

bc9855d5c9c0f0f9a13fba84ab99e9bf7cfe1142b16c68775bdd4e2dddd3732c3bf0c72ab6f1f7d4f2db63a1675fff097d56dffb970c5c5cc3742300fd1bdaf0 F24-x86_64-XFCE-20161009.torrent

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iF4EARYIAAYFAlf63IEACgkQrio19Q2QBZDnegEAoqBnQAAzWwoSyngvYq2aakqh
/N8Z7lMjAl4f/DWP0UoBAIMLnL+CarHM/iv+fqmuG9SAPx2RItbvuZHfimWsmzED
=6lx5
—–END PGP SIGNATURE—–

 

 

 

#RedhatDID: Retrospective and a look ahead to future events

Oct 6, 2016:  The day several Redhat trainers and industry folks met to talk about best practices and give feedback on the vision and mission ( and speed of progression) of Redhat Enterprise Linux (RHEL) and upstream /  downstream projects and products.  Among one of the most popular Sessions was the one by Robin Price and Martin Priesler on OpenSCAP which was a standing room only  session with nearly  1/3 of attendants in attendance for this talk / session.  Rita Carroll and others setup a interest list for those that would like to attend another OpenSCAP Workshop (mainly centered on a hands-on event but other venues seemed open for debate). If you’d be interested regardless of whether you like me were in attendance please email Rita @ rita@redhat.com with a simple subject line referencing OpenSCAP Workshop (Tysons Area).

All slide decks will be up on the RedHatDID site used for registration within the coming week or two ( some presenters were not  Redhat afterall).

The above link has all the info about all 4  tracks presented and the topics, If you would like more info or a company visit on any topic shown ( or maybe something more topical to your organization) feel free to contact Rita or another event coordinator to schedule.

Next Event will be on Nov 2, 2016 at the Ritz-Carlton, Pentagon City, Va  and is FREE for Gov’t folks when registering for the rest of us Industry folks that’s still only $195 for a 8 hr symposium with some of the most authoritative folks in the industry.

FOSSCON 2016 –Event Recap

FOSSCON 2016: Free & Open Source Software CONference was hosted at the International house of Philadelphia on Aug 20th 2016, and showcased nearly  20 vendors and nearly as many talks (plus ‘lightning talks’) and a Key Signing party.

This year saw nearly 600 folks attend during the 9 hour conference,  and had several interesting talks including:

• A Tour of OpenStack Deployment Scenarios
• Secrets of the Dead: What Modern Programmers can Learn form COBOL
  • This one was rather thought provoking and mostly went into the modern disease of  fast to market, and screw fuzzing (the manual, qa style testing and debugging)
• WeeChat, Always on all the things
  • Despite the botched demo (blame a lack of  demo god sacrifice, lol) this talk was Very informative regarding what is possible with this popular Bouncer for IRC and XMPP (jabber, whatsapp,etc)
• Using FreeBSD, Jails,Poudriere, and ZFS for fun and profit
  • This was much like the COBOL talk very secure the things centric and very informative.

Back at the Fedora booth,  I had a steady flow of interested folks before and after the installfest, which also was the co-location of a impromptu key signing party where at least 3  folks were walked thru a Fedora 24 install (one on a now dual booted Mac Book Pro –without bootcamp) and much teaching on best practices  for installs, Out of Band (OOB) vetting / validation of keys was taught to new comers.

We distrubuted around 40 DVDs to booth visitors most of whom were already Linux users and about half of those Fedora 23 /24 users.  Several visitors this year were repeat visitors from last year’s conferencem, where most folks had never seen much less handled / played with the XO which has become a stable attention getter for the booth.

Also, several ‘test drives’ were had on the Event Thinkpad T510 with F24 updated Multi-boot (Not generally published with the usual Updated ISOs — http://tinyurl.com/live-respins2 , however available on request.)

For more info on planned events to meet with the Ambassadors team, stay up to date with where we will be at:

https://fedoraproject.org/wiki/Events#North_America_.28NA.29

NGA Hackathon series: AngelHacks w/ Blue Compass to host two Hackathons in Sept & Nov

NGA Hackathon / Demothons in Sept & Nov 2016

This back to school season, look at these two prize money / possible job placement Hackathons/Demothons.

The NGA ( National Geo-Spatial Intelligence Agency  — https://nga.gov ) is looking for new fresh ideas for big data analysis and dataset collection and has opened the Disparate Data Challenge.  This Hackathon & Demothon is a 2 stage engagement with stage 1 open to US citizens and stage 2 only open to stage 1 winners. Stage 1 submissions due by Sept 19, 2016.

Also part of NGA’s Hackathon series and backed by the AngelHack as well as Blue Compass LLC, is  ExpeditionHacks, hosted at Hunter College, NYC On  Nov 12-13,2016. This Event is more of the traditional 24 hr hackathon. Where teams of UP TO 5 can show their merit on a Geo-spatial conservation and efficiency hack session.  Show you can provide a sustainability, or ‘come-up’ solutions for indigenous communities.

 

 

 

F24-20160823 Updated Lives Available (Last of the 4.6.x Kernel updates)

Today we have the newest installment of the  F24 Updated Lives, carrying on average 690 Mb of updates over the Gold Images from two months ago.

These updates carry the 4.6.7-300 Kernel and all updates from 20160815 up to 0800 20160823.

As will be the new standard there is CHECKSUM512-20160823 & HASHSUM512-20160823, which includes the raw CHECKSUMS & HASHSUMS , aka checksums of the ISOs and the torrent hashes (fully searchable type).

F24 Updated Lives

NO Source Torrent is made, if you have a need for one contact me either via email or in a comment here. The contents of both files are embedded below. Notably absent fora second update is the SOAS spin which again failed to build.  There have been a few tracker issues with this series, if you experience any please contact myself or Southern_Gentlemn|kk4ewt in the #fedora  channel on Freenode or via email — linuxmodder(@)fedoraproject(dot)org or jbwillia(@)fedoraproject(dot)org.  We have also asked last series for testing of the KDE-JAM spin that was in last series, if you’d be interested in testing this spin for stability and usability again please contact one of us vai means mentioned above.

 user@localhost $ cat CHECKSUM512-20160823

eaa2d96de1da8615a6c34b8e98ec50c8384aaa7fe2df6ab40d41f4524cea9981ff9c50a7055a6fbdacf6589d37d5ee48fe1eb07049bcbf096f8649e5edb5f85b F24-x86_64-CINN-20160823.iso

34cffbe15c58823b390baf2d7f889080cd3f9d3643da1b017337192c792c1666e165dc49de5f3efa5c9c510f185cdc48f14245caef3310b61e1acb96b49150ba F24-x86_64-KDE-20160823.iso

0df2de6d6f743869ce9352e8d4983d28574e331a9cbf0bd2fa58d4bde9b9d67332b766696769fbf6a747e988dc5c508c979c9882b8ef7f3f393e3d0fb550f33a F24-x86_64-LXDE-20160823.iso

710d68037978c4db4acdf164aa13ba0a483782212b98b81a7e138718d452ccb609cd95e66f9e0b1cfb1cd4696b37f0b5849e2a7d26a1bae69bf1f0e84b33d8c7 F24-x86_64-MATE-20160823.iso

3d532525cfbe1b93c64bcddd84cab2ea364b3fee76e8d7d7c8efa441c7e27fd2b8209f7b4b6d5ff6b56bdeebc1b24e805e01fc18883a7fcb84e3719642ce2821 F24-x86_64-WORK-20160823.iso

bb71a74c42f73f89c98daa53c0707494da07beb82b101eec4635cd9385cec2029a7eed23690e9b1d2a35d28c8b08a234ff2ca590d5fd8c44a59570a4891d9b97 F24-x86_64-XFCE-20160823.iso

user@localhost$ cat HASHSUM512-20160823:

 

7b18a13a4f088b7a2e5a97d63879c8db9a1d3d9f F24-x86_64-CINN-20160823.iso

0a4ba0362b59746d860fceba690c145df88ed4ce F24-x86_64-KDE-20160823.iso

31ab072a41551a876ea200503c897ddd4dbbe9d5 F24-x86_64-LXDE-20160823.iso

76c63de699188cc4331fdaf7d26e4e132b578bc1 F24-x86_64-MATE-20160823.iso

20f3d161d99209725420a0e958b709f8da647deb F24-x86_64-WORK-20160823.iso

ce07d9593525f957f607cd07a5a2a2b44492f8f3 F24-x86_64-XFCE-20160823.iso

LastPass 0Day — Why Using cleartext tokens in the URL is bad practice.

Source: lastpass password manager tell all

This is yet another reason why sanitizing OpenAuth or  other token urls to the minimal allowed to resolve (the hostname) is good practice.

So exactly what is the issue at hand?

Well LastPass as with most password managers that in some way connect to a sync or cloud mechanism,  uses a  cookie of sorts on all sites you setup with autofill ( no typing needed,  great defense against keyloggers),  however the issue is that the parser to determine if such a site is accessed / logged in leaves cleartext tokens in the url and takes a malformed url as username:password @ foo.tld i.e. johndoe/mypassword@facebook.com which allows an attacker on a machine that is logged in (without 2fa –more on this later) to spill the beans about all passwords in 2 ways.

Method 1:  log in or access a machine that is logged in and not locked out (Lock screens are useful folks) to access without any further password/credential prompts the password store and click ‘show password’ and then jig is up.  As alluded to earlier if 2fa (two factor auth) is enabled this is thwarted as it requires that secondary challenge for anything account or password store related.

Method 2: Typing in the username (in plaintext in password store) and the target site and the password becomes visible in plaintext in the url.

The really scary part is that now 2  security researchers have exposed these attacks and its still unpatched.

Original article courtesy of https://www.thehackernews.com

First round of Fedora 24 Updated Lives now available. (torrents expected later this week)

As noted by my colleague on his blog   the first round of  F24  Updated Lives are now available and carry the date 20160720, Also as mentioned last week on his blog F23 Respins are not  going to be actively made, however we and the rest of the volunteer team will field off-off requests as time and resources permit.  We are considering a new/second tracker for the Updated Spins but as of  today there are only  .ISO files available at https://alt.fedoraproject.org/pub/alt/live-respins [shortlink] F24 Live-Respins .  The F24 respins carry the 4.6.4-200 Kernel and roughly ~500M of updates since the Gold ISOs were released just 5 weeks ago.  (some ISOs have more updates, some less)

CHECKSUM512-20160720 is hosted on above link as well as on my  usual people space fedorapeople hosting

HASHSUM512-20160720 is also hosted on my  fedorapeople space tracker should be back up and running within the week.

Updates & Notables:

4.6.4-200 Kernel

 

Linux Mint: Hacked 2.0 (Official Unofficial Notice) UPDATED: 2016-07-18

UPDATE: 20160718T12Z

Torrent server has been reset and  a  ‘private dht seed’ made greatly increasing the security of the seed pool and  denying most WAREZ trackers from leeching or  connecting back.

paste.linuxmint.com also seems to be fully back up and functioning fully / correctly (irc logs in #linux-dev this morning show both were reset and restarted)

GPG keys are again retrievable normally  and the proper commands for retrieving them and checking the sha256sum files updated to reflect proper / best practice methods.

Changes to overall mentality are still likely needed but a start in the proper direction seems to finally have been made.  Updates to follow as they present themselves.

It is with deep despair that today I have to write that at least portions of the Linux Mint Infrastructure seem to have  come under a coordinated attack and that the Development Team has to date NOT responded to subtle non standard channel requests for info on this.

Late last night, US East Coast time, it became apparent to several of the users presently in #linuxmint-help on the Linux Mint IRC Network housed over at  ircs://irc.spotchat.org  that links returning from  https://paste.linuxmint.com were acting ‘funny’ or  not even loading, later it became that the main page irregardless of the /view/foo   was no longer loading without the aid of a VPN with an Endpoint  from within the EU / Asian Geographic area of the globe.

Some snippets of these that became alarming follow:

/usr/local/bin/pastebin   is supposed to be  .noarch aka does not care if the system is 32 or 64 bit  as it runs same regardless and only needs added / used once in the build process, however if you run a ls -la OR sha256sum operation on the file you will see one of 3 outcomes

 ls -la /usr/local/bin/pastebin     No such file or directory

 

sha256sum /usr/local/bin/pastebin

5e11507cacfa516b3c2e0610cf3d437b07aeaddb388bcf92a89f19b1bca54d55

 

sha256sum /usr/local/bin/pastebin

74901a0a6884104ccaa6fba5858622bcd7603bf3b666ae5db2fddd9a38b2ca16 /usr/local/bin/pastebin (valid hash)

 

Furthermore: The troubled https://linuxmint.com/verify.php fails to indicate how to download the sha256sum.txt and sha256sum.txt.gpg files are they need a non standard way  i.e. wget or cURL.

Complicating things is the fact that since around 930-945 PM US EST last night (7-16-16) the following commands were failing:

gpg –list-keys –with-fingerprint

gpg –verify sha256sum.txt.gpg sha256sum.txt

gpg –recv-keys A25BAE09

gpg –recv-keys A25BAE09

In large part because Linux Mint comes WITHOUT a default –keyserver, which I can understand the desire to not force any one or series of keyservers on the user, but knowing this and that Clem the fearless leader only  directly pushes to keyserver.ubuntu.com  those above –recv-keys commands should include –keyserver keyserver.ubuntu.com .

But all that aside the keys are not even obtainable from:    keyserver.ubuntu.com, possibly in part to Ubuntu’s response to their own hack of their Forums: Ubuntu’s Forums Hacked, 2 Million usernames stolen .

Due to this:  last week I emailed Clem about ways to clean up the readability and even made the following gist paste available for use or  straight scraping.

Linux Mint 18 ISO GPG validation steps

This went on seemingly deaf ears after an apparent initial response of sure we can do that.

UPDATE:  AS OF:  17 Jul 2016 1845UTC   whois record for http://paste.linuxmint.com  indicates it is UP FOR SALE.  Discontinue use immediately.

AS OF 2000utc  17 Jul 2016 , 18 hours after community confirmation of compromise no word what so ever from the dev team.

Some other enlightening links for the scope of shit going down unanswered:

http://status.linuxmint.com

http://65.19.183.167/ameridea  look at Screenshots on that page

https://www.irccloud.com/pastebin/2Rfo6Oh9

https://www.irccloud.com/pastebin/7TG8pwGW (contains valid hash for the script that is /usr/local/bin/pastebin )

http://www.omgubuntu.co.uk/2016/07/ubuntu-forums-hacked-2-million-usernames-stolen  (mentioned above as well)

whois |  traceroute | mtr | dig      141.8.244.93 and compare to same for 208.92.233.240

https://gist.github.com/linux-modder/053f1da7bf247aa448a128ad7799557d  (decrypted copy of email originally sent to Clem  root@linuxmint.com at 1300UTC 3 Jul 2016.)

http://network-tools.com/default.asp?prog=dnsrec&host=paste.linuxmint.comand

 

And some IRC chat logs that are telling: Times unless stated otherwise in logs are  US EST (utc -4)

FROM ircs://irc.spotchat.org/#linuxmint-dev

[Sat, 16 July ://: 19:18:03] .:linuxmodder:. ANYONE from admin@ or root@ here? seems a major set of issues with paste.lm.c
[Sat, 16 July ://: 19:19:48] «— notis (notis@SpotChat-bdrdnk.dyn.forthnet.gr) has Quit (Quit: Leaving)
[Sat, 16 July ://: 19:29:39] .:r00t:. Said that in here ~6 hours ago **
[Sat, 16 July ://: 19:31:53] .:linuxmodder:. r00t, a paste sourced from -help is seemingly proxy aware and asking for openkeychain for some and for my setupvpn browser login creds SOMEONE from the infra side needs to do some serious checking
[Sat, 16 July ://: 19:33:44] .:r00t:. It seems normal to me now. But then, I don’t use a proxy
[Sat, 16 July ://: 19:34:34] .:linuxmodder:. what seems normal now?
[Sat, 16 July ://: 19:34:59] .:r00t:. I mean I click on a link and it shows the text
[Sat, 16 July ://: 19:35:06] .:r00t:. Normal
[Sat, 16 July ://: 19:35:29] .:r00t:. I talked about something being strange a few hours ago, and they must’ve fixed it
[Sat, 16 July ://: 19:36:14] .:linuxmodder:. nope does not look that way
[Sat, 16 July ://: 19:37:01] .:r00t:. I know what I’m seeing right in front of me. Maybe your proxy is doing something
[Sat, 16 July ://: 19:40:29] .:r00t:. Besides, only clem has access to the servers so nobody here can do anything about it (if it is actually messed up)
[Sat, 16 July ://: 19:41:37] .:linuxmodder:. r00t, that’s just it I’m not over proxy (besides tor on the nic)
[Sat, 16 July ://: 19:48:42] —» calexil_SteamBox (jd@SpotChat-e6ogl5.de.comcast.net) has Joined #linuxmint-dev
[Sat, 16 July ://: 19:52:29] —» LunarEclipse120 (LunarEclips@unaffiliated/lunareclipse120) has Joined #linuxmint-dev
[Sat, 16 July ://: 19:56:08] .:linuxmodder:. calexil, you have a way to wake / get hold of clem ?
[Sat, 16 July ://: 19:56:35] .:linuxmodder:. i know its like 2am there but think its warranted

** [Sat, 16 July ://: 13:55:44] .:r00t:. For some reason paste.linuxmint.com makes someone download the paste, and makes it a .bin extension

---

[Sat, 16 July ://: 21:27:12] .:linuxmodder:. calexil, ??

[Sat, 16 July ://: 21:28:21] —» Testing567 (Testing567@SpotChat-hegnee.dyn.optonline.net) has Joined #linuxmint-dev
[Sat, 16 July ://: 21:30:48] «— bario (bario@I.am.not.your.friend) has Quit (Quit: Leaving)
[Sat, 16 July ://: 21:30:55] <JosephM> linuxmodder: he can’t do anything. Clem will be here when he gets here
[Sat, 16 July ://: 21:31:02] »» maccarone is now known as bario
[Sat, 16 July ://: 21:31:28] .:linuxmodder:. RECHECK servers and gpg keys Something is —-seriously not right http://65.19.187.163/ameridea/ 2nd-4th screenshots

---

[Sat, 16 July ://: 23:56:27] .:linuxmodder:. when clem gets up Purge the servers

[Sat, 16 July ://: 23:56:44] .:linuxmodder:. routing from traceroute is using a known hacker spoof route

---

[Sun, 17 July ://: 03:42:16] .:linuxmodder:. your infra and keys are going to shit you gonna do anything yet?

---

[Sun, 17 July ://: 15:07:05] 19.:2823linuxmodder19:. someone needs to come out and explain the loss of paste..linuxmint.com and other oddities today

---

---

 

FROM ircs://irc.spotchat.org/#linuxmint-help (again all times shown or utc -4 unless specified)

[Sun, 17 July ://: 16:22:38] 19.:2823linuxmodder19:. mtn, so we are gonna forget or ignore that facts that BOTH paste.linuxmint.com and linuxmint.com BOTH show NX on a whois lookup?
[Sun, 17 July ://: 16:22:41] 31-31-19-19» 19juanjo (juanjo@SpotChat-nfu.6c1.71.90.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 16:22:48] 28.:1924mtn28:. hippo: what, you just want to start the update manager from the command line?
[Sun, 17 July ://: 16:22:49] 31-31-19-19» 19c (c@SpotChat-6f2ide.pa.comcast.net19) has Joined #linuxmint-help
[Sun, 17 July ://: 16:22:54] 26«26-31-31- 26juanjo (juanjo@SpotChat-nfu.6c1.71.90.IP26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 16:22:56] 26«26-31-31- 26c (c@SpotChat-6f2ide.pa.comcast.net26) has Quit (Connection closed26)
[Sun, 17 July ://: 16:22:59] 31-31-19-19» 19bona (bona@SpotChat-n7q6ik.p9ot.juqq.120b.2a02.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 16:23:07] 04<mtn04>04 linuxmodder: I have to say it does not matter to me

---

[Sun, 17 July ://: 15:48:32] 19.:2823linuxmodder19:. mtn, where the hell is clem with a response to last night and today’s oddities?/
[Sun, 17 July ://: 15:48:49] 19.:2823linuxmodder19:. or anyone form the dev team for that matter

---

[Sun, 17 July ://: 15:51:01] 04<mtn04>04 linuxmodder: which oddities?
[Sun, 17 July ://: 15:51:03] 31-31-19-19» 19shadowmaster (shadowmaste@SpotChat-074v1o.res.rr.com19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:51:25] 31-31-19-19» 19Guest8229 (john@SpotChat-5iv951.east.verizon.net19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:51:31] 19.:2823linuxmodder19:. mtn, in a few minutes you can read about them from my blog
[Sun, 17 July ://: 15:51:44] 26«26-31-31- 26SimonNL (Simon@i.am.the.true.idiot26) has Quit (Quit: Leaving (Close)__If I have said something clever. my apologies\o26)
[Sun, 17 July ://: 15:51:48] 31-31-19-19» 19oem (oem@SpotChat-rvs.utr.20.159.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:51:50] 31-31-19-19» 19notis (notis@SpotChat-r0bbk5.dyn.forthnet.gr19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:52:33] 19.:2823linuxmodder19:. but some quick hits http://paste.linuxmint.com has been beeing blocked from all BUT eastern EU / Asian IPs (or vpns) and is now according to whois up for sale
[Sun, 17 July ://: 15:52:34] 31-31-19-19» 19mint (mint@SpotChat-mei.265.172.178.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:52:38] 26«26-31-31- 26mint (mint@SpotChat-mei.265.172.178.IP26) has Quit (Connection closed26)
[Sun, 17 July ://: 15:52:47] 19.:2823linuxmodder19:. it has been hanging and timing out for over 16 hours

---

[Sun, 17 July ://: 15:51:31] 19.:2823linuxmodder19:. mtn, in a few minutes you can read about them from my blog
[Sun, 17 July ://: 15:51:44] 26«26-31-31- 26SimonNL (Simon@i.am.the.true.idiot26) has Quit (Quit: Leaving (Close)__If I have said something clever. my apologies\o26)
[Sun, 17 July ://: 15:51:48] 31-31-19-19» 19oem (oem@SpotChat-rvs.utr.20.159.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:51:50] 31-31-19-19» 19notis (notis@SpotChat-r0bbk5.dyn.forthnet.gr19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:52:33] 19.:2823linuxmodder19:. but some quick hits http://paste.linuxmint.com has been beeing blocked from all BUT eastern EU / Asian IPs (or vpns) and is now according to whois up for sale
[Sun, 17 July ://: 15:52:34] 31-31-19-19» 19mint (mint@SpotChat-mei.265.172.178.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:52:38] 26«26-31-31- 26mint (mint@SpotChat-mei.265.172.178.IP26) has Quit (Connection closed26)
[Sun, 17 July ://: 15:52:47] 19.:2823linuxmodder19:. it has been hanging and timing out for over 16 hours
[Sun, 17 July ://: 15:52:48] 26«26-31-31- 26oem (oem@SpotChat-rvs.utr.20.159.IP26) has Quit (Quit: Sto andando via26)
[Sun, 17 July ://: 15:52:49] 26«26-31-31- 26shadowmaster (shadowmaste@SpotChat-074v1o.res.rr.com26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 15:52:55] 31-31-19-19» 19zodian (zodian@SpotChat-pjirop.home.otenet.gr19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:52:57] 31-31-19-19» 19neosunaru (neosunaru@SpotChat-operb0.u42h.g04k.c1a0.2a00.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:53:04] 26«26-31-31- 26neosunaru (neosunaru@SpotChat-operb0.u42h.g04k.c1a0.2a00.IP26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 15:53:06] 26«26-31-31- 26martin_ (martin@SpotChat-59s6tu.starnet.cz26) has Quit (Ping timeout: 121 seconds26)
[Sun, 17 July ://: 15:53:15] 31-31-19-19» 19zodian_ (zodian@SpotChat-pjirop.home.otenet.gr19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:53:18] 19.:2823linuxmodder19:. gpg keys for BOTH 17.x and 18 have been unreliably recieveable for same period
[Sun, 17 July ://: 15:53:21] 19.:2823linuxmodder19:. and others
[Sun, 17 July ://: 15:53:26] 26«26-31-31- 26zodian_ (zodian@SpotChat-pjirop.home.otenet.gr26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 15:53:31] 31-31-19-19» 19ciber (ciber@SpotChat-sue.jq7.236.201.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 15:53:34] 26«26-31-31- 26zodian (zodian@SpotChat-pjirop.home.otenet.gr26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 15:53:38] 19.:2823linuxmodder19:. cat is out of the bag FOLKS

---

[Sun, 17 July ://: 15:55:22] 19.:2823linuxmodder19:. I personally can not recommend or vouch for the sanity / integrity of servers / mirrors

[Sun, 17 July ://: 15:56:45] 04<mtn04>04 linuxmodder: not good at all 😦

[Sun, 17 July ://: 15:57:20] 19.:2823linuxmodder19:. mtn, no shit ( pardon the language) but I’ve been helping others pinpoint that for over 18 hours on a distro I don’t even daily use
[Sun, 17 July ://: 15:57:32] 19.:2823linuxmodder19:. and been crickets from clem et al
[Sun, 17 July ://: 15:58:16] 28.:1924bario28:. where can I read about these oddities?
[Sun, 17 July ://: 15:58:22] 19.:2823linuxmodder19:. I’ve been alerting folks around the globe and across projects more than I do for me beloved Fedora Release day
[Sun, 17 July ://: 15:58:28] 28.:1924javier_28:. Im Javier, nice to meet you. Im using Mint 18 a 2 days ago and Im really impresed, almost love it
[Sun, 17 July ://: 15:58:32] 26«26-31-31- 26Dragoon (cyber_drago@SpotChat-os6.ve6.7.179.IP26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 15:58:36] 19.:2823linuxmodder19:. bario, try loading http://paste.linuxmint.com
[Sun, 17 July ://: 15:58:43] 26«26-31-31- 26ciber (ciber@SpotChat-sue.jq7.236.201.IP26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 15:58:45] 19.:2823linuxmodder19:. whois paste.linuxmint.com in a terminal

[Sun, 17 July ://: 16:02:45] 19.:2823linuxmodder19:. traceroute 208.92.233.240 and see the blocks and redirects

---

[Sun, 17 July ://: 16:45:30] 04<revdjenk04>04 linuxmodder: I am not seeing any signs, notifications, alerts about this at all.
[Sun, 17 July ://: 16:45:51] 28.:1924revdjenk28:. paste is down, only
[Sun, 17 July ://: 16:45:52] 19.:2823linuxmodder19:. that is the problem
[Sun, 17 July ://: 16:45:57] 31-31-19-19» 19iceunicorn (iceunicorn@SpotChat-o95.a02.203.67.IP19) has Joined #linuxmint-help
[Sun, 17 July ://: 16:46:05] 26«26-31-31- 26aron (aron@SpotChat-9t323c.078h.76to.a601.2605.IP26) has Quit (Quit: Leaving26)
[Sun, 17 July ://: 16:46:13] 19.:2823linuxmodder19:. revdjenk, my blog post with the signs for those unaware will be up shortly.

 

 

F23-20160428 Updated Lives Available NOW!! (4.4.8-300)

Hello again fellow Fedorians,

Last night, 4.4.8-300 was deemed stable and we have new updated lives f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160428.

%CHANGELOG

20160428 Kernel Fixes / Package Updates

Kernel Update info (bodhi)

• 4.4.8-300
• CVE 2016-3961 — xsa174 xen: hugetblfs crashing guests (PV Guests) rhbz # 1323956
• rhbz # 1309980 skylake p_state won’t boot
• CVE 201-3955 —  kernel usbip: buffer overflow trusting length of  IP packets rhbz #1328479
• rhbz # 1309487 RTL8723BE chipset has  weak signal

Package  Updates:  285  in total

Notable updates:

• abrt including addons
• avahi
• bluez
• cinnamon-devel
• cinnamon-docs
• cinnamon itself
• eclipse
• OCE

https://linuxmodder.fedorapeople.org/live-respins/updates.txt

Where to get them? F23 Live-Respins (ISOs) (updated to 20160428/4.4.8-300)

Want to torrent pull? F23 Live Respins (Torrents) (updated to 201604028/4.4.8-300)

Need Torrent Hashes ? F23-20160420 ISO Checksums & Torrent Hashes

New Feature: rsyncd is now running for the respins  you can obtain them via this method at:

rsync://dl.fedoraproject.org/fedora-live-respins

Per request from a few folks I have  pgp signed  the  hash files and  a non gpg signed hash files (which  both match for those that have  shown fears of a  modified  hash / MiTM… The key used is my  Fedora key: OxD2264944  FP: 6292 9ABD 6374 6AA7 6D4B 730F 5927 6298 D226 4944

Want to run a installfest / have options for install? F23-20160428 Multi Boot ISO (x86_64 Only) — I can help you create a Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.  (Due to migration the MultiBoot will be delayed however the checksum is  available in its the usual location.

F23-20160420 Updated Lives Available NOW!!!

Hello again fellow Fedorians,

Last night, 4.4.7-300 was deemed stable and we have new updated lives f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160420.

%CHANGELOG

20160420 Kernel Fixes / Changelog

https://bodhi.fedoraproject.org/updates/FEDORA-2016-8e858f96b8

4.4.7-300

 

Where to get them? F23 Live-Respins (updated to 20160420/4.4.7-300)

Want to torrent pull? F23 Live Respins (updated to 201604020/4.4.7-300)

No Torrent Hashes ? F23-20160420 ISO Checksums & Torrent Hashes

Per request from a few folks I have  pgp signed  the  hash files and  a non gpg signed hash files (which  both match for those that have  shown fears of a  modified  hash / MiTM… The key used is my  Fedora key: OxD2264944  FP: 6292 9ABD 6374 6AA7 6D4B 730F 5927 6298 D226 4944

Want to run a installfest / have options for install? F23-20160420 Multi Boot ISO (x86_64 Only) — I can help you create a Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.

Badlock: Samba Vulns & Patching your machines

Hello again folks,

Unless you are living in a black hole aka SCIF, or otherwise totally disconnected from various news outlets, you have likely heard about the numerous vulns that dropped as a series of CVEs better known as  ‘badlock’ Tuesday. Well, there is good news for those on Redhat based distros! Patches are already in the default repos for Fedora / RHEL / CentOS.

So  a  quick  layman’s rundown and then on to how to patch / update:  (hyperlinks direct to the respective Red Hat Access Customer Portal advisories), below are  tl;dr  briefs of each vulnerability.

For those desiring the more technical read:  Badlock: Red Hat Security Announcement

CVE-2015-5370

Multiple flaws were found in Samba’s DCE/RPC protocol implementation in which a condition was created where a remote, authenticated attacker could cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle (MITM) attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC).

CVE-2016-2110

Several flaws were found in Samba’s implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection.

LDAP (with NTLMSSP authentication) is used as a client by various administrative Samba project tools (for example, “net”, “samba-tool”, “ldbsearch”, or “ldbedit”).

CVE-2016-2111

It was discovered that Samba configured as a Domain Controller (DC) would establish a secure communication channel with a machine using a spoofed computer name (aka rogue machine). A remote attacker would then in this  scenario be able to observe network traffic to obtain session-related information about the spoofed machine.

This flaw only affects Samba running as a classic primary DC, backup DC, or Active Directory DC.

CVE-2016-2112

It was found that Samba’s LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle (MITM) attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections.

This flaw affects all possible roles Samba can operate in.

The security advisory patch for this flaw introduces a new smb.conf option: smb.conf

LDAP setup

Note: The LDAP server does not have an option to enforce strong 
authentication yet. The security patches mentioned herein introduce a new 
option called ldap_server_require_strong_auth, possible values of which are
 no, allow_sasl_over_tls and yes.

As the default behavior was set to no before, you may have to explicitly change this option until all clients have been adjusted to handle LDAP_STRONG_AUTH_REQUIRED errors. Windows clients and Samba member servers already use integrity protection.

CVE-2016-2113

It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (like the one  made famous recently  known as ‘Drown‘)

This flaw affects all possible roles Samba can operate in.

The security advisory patch for this flaw introduces a new smb.conf option: smb.conf

CVE-2016-2114

It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server.

This flaw affects the following server roles: standalone server, member server, classic primary DC, backup DC, and Active Directory DC. Samba server roles

Mitigation:

An explicit server signing = mandatory configuration option in the [global] section of the smb.conf file together with server min protocol = SMB2, should prevent connections without signing protection. However, this may cause older clients without support for SMB2 (or higher) to not be able to connect.

Patched versions are in default repos: 

4.4.2 (in f24), 4.3.8 (in f23) and 4.2.11 (in f22)

CVE-2016-2115

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (Very similar to 2016-2114 but  via  a different  packet  modification vector)

The security advisory patch for this flaw introduces several new smb.conf options: smb.conf

Mitigation:

An explicit client signing = mandatory configuration option in the [global] section of the smb.conf file.

This flaw affects all possible roles Samba can operate in.

Patched versions are in default repos: 

4.4.2 (in f24), 4.3.8 (in f23) and 4.2.11 (in f22)

CVE-2016-2118

DCE/RPC is the specification for a remote procedure call mechanism that defines both APIs and an over-the-network protocol. The Security Account Manager (SAM) Remote Protocol (Client-to-Server) provides management functionality for an account store or directory containing users and groups. The protocol exposes the “account database” for both local and remote Microsoft Active Directory domains. The Local Security Authority (Domain Policy) Remote Protocol is used to manage various machine and domain security policies. This protocol, with minor exceptions, enables remote policy-management scenarios. Both SAMR ( security Account Manager –Remote) and LSA (Local Security Authority) protocols are based on the DCE 1.1 RPC protocol.

These protocols are typically available to all Windows installations, as well as every Samba server. They are used to maintain the Security Account Manager database. This applies to all roles (for example, standalone, domain controller, or domain member).

---

PATCH TIME:

---

Fedora 22

sudo yum update samba

Fedora 23 / 24 Alpha

sudo dnf update samba

Centos 6 / 7:

 sudo yum update samba

 

LATE POST: F23-20160408 Updated Lives Availabel (4.4.6-301 + Several bug fixes)

Hello again fellow Fedorians,

Last friday, 4.4.6-301 was deemed stable and we have new updated lives  f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160408.

%CHANGELOG

20160408 Kernel Fixes / Changelog

• 4.4.6-301

 

Where to get them? F23 Live-Respins (updated to 20160408/4.4.6-301)

Want to torrent pull? F23 Live Respins (updated to 20160408/4.4.6-301)

No Torrent Hashes ? F23-20160408 ISO Checksums & Torrent Hashes

Want to run a installfest /  have options for  install? F23-20160408 Multi Boot ISO (x86_64 Only) — I can help you create a  Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.

Look out for posts | tutorials  | github repo creation / modifications for  this as well in the coming  week(s).

Some help with rsyncd overload?

So you love  Fedora so much you have  decided to mirror it ?  Great! However some of you are causing undo strain on the master servers by doing  partial rsyncs ( times out mid way  or  connection tanks).   So how to know if you are one of strainers and /or  why would | should you care one iota? Well  those partials are  `stat`ed and  take a very large toll on  remaining open connections for others, seeing as in the default rsync the master servers have to check your current copy  against its copy to see what you have and still need.  These partials of  (often 1Tb-10Tb trees like alt, development (Alpha builds for Fedora 24), and rawhide) take up bandwidth, IOPS, and available connections for other folks namely the registered `Tier 0` and `Tier 1` mirrors (aka the ones we  average mortals  get updates from).  Makes sense that if they  can’t  get timely  copies of  updates on their  drives they  surely  can’t get them to you can they?

So you think you may be one of these offenders or  wanna help someone (friend who is mirroring or the admin of your local mirror) stop / prevent being one,  what can you do?

• Read Mirroring Guidelines: Recommended rsyncd timing
• Set your cron jobs to a more sane and practical 6-8 hours OR 2/3x daily
• Let your main internal use mirror source your machines in your environment, updating your local master daily
• Ensure you are on the master list of official mirrors, and the mirroring mailing list, which keeps you (or the admin running it) up to date of  high traffic  days or  pre-release `bit-flip` times when rsyncs that are not  deltas are  requested to stay at a minimal
• Once you are fully  updated that first time  use delta pulls `–delta –delete-after`  which only  pulls in  what is  missing not  re-downloading the entire mirror

 

HAPPY MIRRORING !!

Source: partial rsyncs causing undo stress on main servers

Promising use of 3d printing

Organ Harvesting on the Black market seeing the beginning of  its demise?

A team in China,  saved a 9 month old baby with a  3d printed  Heart.  My  first thought was how many  poor cancer and kidney / liver sufferers could benefit IF (hopefully only when not if) this  becomes something that is the new medical norm, and then the reality of  cloning and  using this to revive less than desireable individuals (like violent offenders) also came to the forefront. I can only hope a reasonable and  sane minded (if that can truly be  quantified and agreed on) body  can regulate this in a way where everyone wins.

Source:http://futurism.com/3d-printed-heart-replica-helps-save-baby

F23-20160324 Updated Lives Available (4.4.6-300 Kernel)

Hello again fellow Fedorians,

Last night 4.4.6-300 was deemed stable and today we have new updated lives  f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160324.

%CHANGELOG

20160324 Updates Changelog

• 4.4.6-300

Nearly  815  assorted updates, among them were several large update suites for:

• cinnamon
• kde
• playonlinux
• wine
• eclipse
•  evolution
• git
• glusterfs
• libpurple
• libcacard (smartcards)
• libvirt
• qemu/kvm
• owncloud
• php
• python2/3 (various updates)
• qtwebkit
• xen

Where to get them? F23 Live-Respins (updated to 20160324/4.4.6-300)

Want to torrent pull? F23 Live Respins (updated to 20160324/4.4.6-300)

No Torrent Hashes ? F23-20160324 ISO Checksums & Torrent Hashes

Want to run a installfest /  have options for  install? F23-20160324 Multi Boot ISO (x86_64 Only) — I can help you create a  Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.

Look out for posts | tutorials  | github repo creation / modifications for  this as well in the coming  week(s).

F23-20160318 Updated Lives Available NOW! (4.4.5-300 kernel)

Hello again fellow Fedorians,

Last night 4.4.5-300 was deemed stable and today we have new updated lives  f23-{i386,x86_64}-{CINN,KDE,LXDE,MATE,SOAS,WORK,XFCE}-20160318.

%CHANGELOG

• 4.4.5-300  — MINOR CHANGES TO HELP FIX A KNOWN ARM64 BOOT ISSUE
• assorted updates

Where to get them? F23 Live-Respins (updated to 20160318/4.4.5-300)

Want to torrent pull? F23 Live Respins (updated to 20160318/4.4.5-300)

No Torrent Hashes ? F23-20160318 ISO Checksums & Torrent Hashes

Want to run a installfest /  have options for  install? F23-20160318 Multi Boot ISO (x86_64 Only) — I can help you create a  Multi Arch or host one elsewhere if desired however with the reduction in i686 installs in this day and age it’s not something I will host normally.

Look out for posts | tutorials  | github repo creation / modifications for  this as well in the coming  week(s).

 

GSoC + Fedora in 2016

Fedora has once again for the 11th year been accepted as a mentoring organization at GSoC aka Google Summer of Code.

Fedora Now Accepting GSoC student applications

 

 

 

F23-20160311 Updated Lives Available (4.4.4-301)

It’s that  time again,  another kernel dropped to stable updates.  This respin cycle  also includes a series of updates (shown below).

Changelog:

Kernel:  4.4.4-301

RHBZ Fixes:

• 1314253 / 1314255  Partial SMAP bypass on x86_64 Kernels
• 1316133 integer overflow  (libotr 4.1.0 ->  4.1.1)

Updates:

• Require updated XFS Utilities
• Switch back to using ` CONFIG_ACPI_REV_VERSION_OVERRIDE_POSSIBLE`
• Several Updates for:
  • libreoffice
  • wine
  • xorg-X11
  • xen-libs
  • firefox 45 (stable tag)
  • chrome 49 (stable tag)
  • cinnamon | nemo
  • libotr-4.1.1 ( patch update for rhbz 1316133)
  • flash-plugin-11.2.202.577-release
  • kde
  • evince
  • transmission-gtk
  • dnf

For the full list take a look here (117 Updates in total):

20160311 Updates list

As usual the  respins are  available here at this link: F23 Live Respins.  The link has  traditional .iso and  .torrent  files for your download  method of  choice.

Checksums are  sha512 are  are  below:

F23-201560311-TORRENTHASH

F23-20160311-CHECKSUM

 

Fedora at FOSDEM

===============================================================Re Posting for a fellow Fedorian. Well written post showing  not only how focused efforts geared toward  on-boarding and retaining contributors worked better than expected showcasing a powerful called Datagrepper…

===============================================================

• Introduction blatantly copied from mattdm’s Five Things in Fedora This week post in Magazine . ” Fedora spends quite a bit of energy, time, money, and other resources on Fedora’s pres…

Source: Fedora at FOSDEM

WordPress: Got Plugins? (4 Plugins you need to check)

Thanks to a wordfence blog post, we have a fuller understanding of a previously  disclosed backdoored official plugin ( CCTM ) and  3 more  plugins which within the last  week or so have been publicly  disclosed and patched.  For full details read teh wordfence blog post  below:

1 Backdoored Plugin, 3 Other Publicly Vulnerable ones

F23-20160303 Updated Lives Available NOW. (4.4.3-300 Kernel)

It’s that  time again,  another kernel dropped to stable updates.  This respin cycle  also includes a series of updates (shown below).

Changelog:

Kernel:  4.4.3-300

RHBZ Fixes:

• Fix automounting behavior of ATA drives (rhbz 1310682)
• Fix suspend blacklight blanking behavior
• Fix deferred nouveau module loading on tegra

– CVE-2016-2550 af_unix: incorrect accounting on in-flight fds (rhbz 1311517 1311518)

Updates:

Generic  Updates of  various packages.

As usual the  respins are  available here at this link: F23 Live Respins.  The link has  traditional .iso and  .torrent  files for your download  method of  choice.

Checksums are  sha512 are  are  below:

F23-201560229-TORRENTHASH

F23-20160229-CHECKSUM

 

Also noted at:  https://jbwillia.wordpress.com/2016/03/03/f23-20160303-update-lives-released/

Fedora Safe from DROWNing Attack

If you are familiar with security , you likely  saw the disclosure yesterday of the openssl v2 vulnerability given the sensational name  “Drown”.  Good news if you use Fedora (and it’s updated  — Update with 20160229 ISOs) you don’t need to worry about  a  0 day  vuln fix.  Openssl-1.0.2g  IS the patched version and  is on all Fedora Infrastructure and  openssl that is shipped in fedora  DEFAULTS to having the v2 AND v3  protocols  not  built-in “Compiled without openSSLv2/v3 support”.

Have a read at the  official Fedora Magazine article to this effect Fedora Not “Drown”ing.

 

 

 

F23-20160229 Updated Lives Available Now.

It’s that  time again,  another kernel dropped to stable updates.  This respin cycle  also includes a  plethora of updates including several recent bugzilla reports (shown below).

SIDENOTE: regarding DROWN,  ALL fedora servers are patched and not vulnerable to this sslv2 attack vector, statement form security-team or admins expected in the coming days to this effect.  For personal systems ensure you are NOT  still allowing  sslv2 connections to your critical instances and that you are updated to openssl-1.0.2g.

Changelog:

Kernel:  4.4.2-301

rhbz  fixes:

CVE 2015-7547 | redhat CVE 2016-0235 (glibc)

1303270,1306987,1303532,1309548,131058

1305803 & 1305804  — CVE 2016-0617

1308452 & 1308453 — CVE 2016-2383

1308444 & 1308445 — CVE 2016-2384

As usual the  respins are  available here at this link: F23 Live Respins.  The link has  traditional .iso and  .torrent  files for your download  method of  choice.

Checksums are  sha512 are  are  below:

F23-201560229-TORRENTHASH

F23-20160229-CHECKSUM

 

F23-20160202 Updated Lives Available. Complete with 4.3.4-300 Kernel

Updated Lives for 23  are  available in torrent and raw iso download format from: (Includes GNOME,KDE,LXDE,MATE,CINNAMON,SOAS,XFCE)

Fedora 23 Updated Lives

Additional Spins available from:

Fedora Spins

All Versions also available  via Official Torrent from:

All Official Fedora Torrents

F23-20160127 Live Respins are available now.

Updated Lives for 23  are  available in torrent and raw iso download format from: (Includes GNOME,KDE,LXDE,MATE,CINNAMON,SOAS,XFCE)

Fedora 23 Updated Lives

Additional Spins available from:

Fedora Spins

All Versions also available  via Official Torrent from:

All Official Fedora Torrents

Health Insurer Missing Hard Drives and Patient Data

ComputerWorld Article — Health Insurer reports 6 Hard Drives Missing

As mentioned in the above article,  Centene has  reported having lost  (or misplaced) 6 hard drives with patient data from 21 states totaling 95k patients.   They claim it has no reason to believe anything malicious has been done with the data but  its reporting in an effort to show an abundance of caution and transparency.

From the article above:

The hard drives contained the personal health information of customers who received laboratory services from 2009 to 2015. The personal information on its customers includes their name, address, date of birth, Social Security number, member ID number and health information.

The hard drives do not include any financial or payment information, Centene stated.

Neidorff said the hard drives were part of a data project using laboratory results “to improve the health outcomes of our members.”

As has become the de-facto aftermath effort  Centere has indicated they will be  contacting any possible patients that were / could be effected and offering monitoring for credit and healthcare accounts for an undisclosed time and from a undisclosed vendor.

Let’s hope this was a simple misplacement or  shoddy logs of  transfer / maintenance  but to any and all effected folks please take due diligence to check and monitor your data.

 

 

 

OpenSSH Vulnerabilities CVE-2016-0777/0778

For a very  clear explanation and non techy why do I care?  head to the link below or  any others of the tech world, most  folks are  doing a swell job of  barney ‘ing it down so everyone understands (without talking down to the less techy).

https://fedoramagazine.org/openssh-vulnerability-expose-private-credentials/

 

keybase.txt

==================================================================

https://keybase.io/linuxmodder

I hereby claim:

• I am an admin of https://linuxmodder.wordpress.com
• I am linuxmodder (https://keybase.io/linuxmodder) on keybase.
• I have a public key ASASiAQEdkcyP7Di2irRApzQJoE3ssto3Xn_WRN1IA49NAo

To do so, I am signing this object:

{
“body”: {
“key”: {
“eldest_kid”: “0120128804047647323fb0e2da2ad1029cd0268137b2cb68dd79ff591375200e3d340a”,
“host”: “keybase.io”,
“kid”: “0120128804047647323fb0e2da2ad1029cd0268137b2cb68dd79ff591375200e3d340a”,
“uid”: “31a1e44ac6ae79986b4da05bc8295c19”,
“username”: “linuxmodder”
},
“service”: {
“hostname”: “linuxmodder.wordpress.com”,
“protocol”: “https:”
},
“type”: “web_service_binding”,
“version”: 1
},
“client”: {
“name”: “keybase.io go client”,
“version”: “1.0.17”
},
“ctime”: 1477613507,
“expire_in”: 504576000,
“merkle_root”: {
“ctime”: 1477613243,
“hash”: “34904bf643942de75a6a1d4749321214088c44481561ecdfe1b30ddd34d3ad2245f7e7821d9b52d8b1f2b4795afef1b340126cd71bea98e78ff42371f5225165”,
“seqno”: 691380
},
“prev”: “9f4e3ca69ee8101c911e33b44e540e76802f0d92e2322a6ffba62b13850a6649”,
“seqno”: 198,
“tag”: “signature”
}

which yields the signature:

hKRib2R5hqhkZXRhY2hlZMOpaGFzaF90eXBlCqNrZXnEIwEgEogEBHZHMj+w4toq0QKc0CaBN7LLaN15/1kTdSAOPTQKp3BheWxvYWTFAwZ7ImJvZHkiOnsia2V5Ijp7ImVsZGVzdF9raWQiOiIwMTIwMTI4ODA0MDQ3NjQ3MzIzZmIwZTJkYTJhZDEwMjljZDAyNjgxMzdiMmNiNjhkZDc5ZmY1OTEzNzUyMDBlM2QzNDBhIiwiaG9zdCI6ImtleWJhc2UuaW8iLCJraWQiOiIwMTIwMTI4ODA0MDQ3NjQ3MzIzZmIwZTJkYTJhZDEwMjljZDAyNjgxMzdiMmNiNjhkZDc5ZmY1OTEzNzUyMDBlM2QzNDBhIiwidWlkIjoiMzFhMWU0NGFjNmFlNzk5ODZiNGRhMDViYzgyOTVjMTkiLCJ1c2VybmFtZSI6ImxpbnV4bW9kZGVyIn0sInNlcnZpY2UiOnsiaG9zdG5hbWUiOiJsaW51eG1vZGRlci53b3JkcHJlc3MuY29tIiwicHJvdG9jb2wiOiJodHRwczoifSwidHlwZSI6IndlYl9zZXJ2aWNlX2JpbmRpbmciLCJ2ZXJzaW9uIjoxfSwiY2xpZW50Ijp7Im5hbWUiOiJrZXliYXNlLmlvIGdvIGNsaWVudCIsInZlcnNpb24iOiIxLjAuMTcifSwiY3RpbWUiOjE0Nzc2MTM1MDcsImV4cGlyZV9pbiI6NTA0NTc2MDAwLCJtZXJrbGVfcm9vdCI6eyJjdGltZSI6MTQ3NzYxMzI0MywiaGFzaCI6IjM0OTA0YmY2NDM5NDJkZTc1YTZhMWQ0NzQ5MzIxMjE0MDg4YzQ0NDgxNTYxZWNkZmUxYjMwZGRkMzRkM2FkMjI0NWY3ZTc4MjFkOWI1MmQ4YjFmMmI0Nzk1YWZlZjFiMzQwMTI2Y2Q3MWJlYTk4ZTc4ZmY0MjM3MWY1MjI1MTY1Iiwic2Vxbm8iOjY5MTM4MH0sInByZXYiOiI5ZjRlM2NhNjllZTgxMDFjOTExZTMzYjQ0ZTU0MGU3NjgwMmYwZDkyZTIzMjJhNmZmYmE2MmIxMzg1MGE2NjQ5Iiwic2Vxbm8iOjE5OCwidGFnIjoic2lnbmF0dXJlIn2jc2lnxEDlzi+mJ562IGHNQujBJiykH2tGJLfTdyfJ8nphX7Tbr+OL7JmsdYKCJM4hil7ZIVI6zTFJ1CqlsKvELKN00FoCqHNpZ190eXBlIKRoYXNogqR0eXBlCKV2YWx1ZcQg2CiuQ947eC8yp6hKbJtVjZP4b2rHGRpZ0w3FiqW4bIqjdGFnzQICp3ZlcnNpb24B

And finally, I am proving ownership of this host by posting or
appending to this document.

View my publicly-auditable identity here: https://keybase.io/linuxmodder

==================================================================

Newest F26 Updated Lives Available (20171026)

It is with great pleasure that the Fedora Respins SIG is able to announce the latest set of UPDATED Fedora 26 Lives.   They can be found at [ https://alt.fedoraproject.org/pub/alt/live-respins ] or at the shortened link: [ http://tinyurl.com/live-respins2 ] .