First F25 Updated Live Respins are Now Available.

New year, and a new set of Updated lives, this time it’s Fedora 25.  If someone desires an one off updated live still for the Fedora 24 series thru it’s remaining lifecycle ( ~ July 2017) they can reach out to the team for help or a one-off, please understand that this will be at a time/resource permitting basis for F24 now.

With the Fedora 25 gold release, at the tail end of last year, there were many things added/enhanced, check out F25 Release Notes for more on that.  With this first Updated Set comes an average of  675Mb of updates across all 7  Desktop Environments (DEs).

This first set carries the 4.8.16-300 Kernel for 25, and with Fedora 25 the frequency will slow down ( or at least space out some) to every even point release. i.e. 4.8.16~>4.8.18 (or more likely  4.9.2~> 4.9.4).

The Set includes (all x86_64, x86 via special request ONLY):

Cinnamon, KDE, LXDE, MATE, SOAS (Sugar on a Stick-Education), WORK (Gnome), XFCE

As has become the customary thing here:  CHECKSUM512-2017011 |  HASHSUM512-20170111 on my VPS and on cross seeding hosts are GPG Signed, but with a new updated all ECC key:

0x0AA25C0835E781E7

Key fingerprint = 9398 803D EE7F 6F37 C20A C57E 0AA2 5C08 35E7 81E7

$ cat CHECKSUM512-20170111

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

b8e6d7efa2084aa23c05125b8f27774d87e63f36dfd6ce7de991b171903d6a2c0564c76d692750012f33b4c56be063c1eff510676230152930bf8c1ea7e2a6d2 F25-Cinn-x86_64-20170111.iso
3ca7802f302ae7180c00195636288800a2c6dc2428a9b0d3bd0de0ff72bbf542da0f7a0030982e946e0dfcfde2c650083a92e68c7c8a180264235127fa873746 F25-KDE-x86_64-20170111.iso
0e81e817aeac0cdd4567f990a41b7a3765aa481b12e53f4c486b70fa262e99cc08f887cc7c4b51570f3f4238f63203a66b4ed27ff2ffffb20bd89eba016ccc4b F25-LXDE-x86_64-20170111.iso
d6f3b5dca6f6e057cb20fd384361797fb71417ed939284ae94e94b883af9b61b0f3c1868755c8ed975b8b4223969421c057951da04703e7b5337c9efc1677cc9 F25-MATE-x86_64-20170111.iso
a0942f2adddc892cb7f7041a52e29ef8e43513b16633ba322323e0e3e1e80af9c2a4e7bcee087dc0a670959f941641d470f1df9dc12d2fcfc5d273d7cef4d7a6 F25-SOAS-x86_64-20170111.iso
19b57de3d158aefdcffbf0f04e128a3e8a187b74108bc9b8a8b551e62f026682f07697ab38197cfccd787363bf61408d4756142a4337e33bb049f43e5a202d37 F25-source-20170111.iso
147a04e01f0f8d3900614ee3a87d85e6877a0bb64d684e525648da7397d2cdccb0ab572d43cac0c354961a95dfbcc70ae1f9c9f2450e14f2bc74c91932281909 F25-WORK-x86_64-20170111.iso
bbb02aa7410bc62ad26f3771e2f693ca956656e259c1b11ec7a78b8aba03b6aebece9c1611d541748bfd80ba0a00091cb156d007ebd0a86af256740390010b0c F25-XFCE-x86_64-20170111.iso
—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJYdp4bAAoJEPROuduwt8rH45YP/2Bo6NfgSdXw7ona2HnKcaC+
2y5gfViXHRnuSeSIJ5F5gfpqhfJJhL8HaoNd5vqcWEQ/fK2xr+/TNp+FCqKnW9BJ
6jiM6h9KgRDgmXtzigFV47HddveNtlOhxXXCkw+41C7heyhbzAp/gOf2UmLFlW7d
6Njj0VntqZjYptXXyWV1Uopz8yflVM2elsumUO4AOl3T/PmxYjG084oEUeAulUXH
tolx5v0BMNQvrEyKet6lHMwQ9CTUmu5zLNs/yxj7e9aWsE8JMKIleO03gSb3lxGL
447Jsr5kx+aW6diajIsGWVhHfSiBdCdnQVWngVKpiOUs/BIbsAmUko4wOnAqMXKe
5JxY6PXNtq7O7jOfF3aFsfkxM0Tmu2jpxbnrwi94/bGEawNjghvv9Sa1W0/dGdxf
CUyYvjjh47P4hAmNkvGdvw8quVBskXHAJ+tvd9dVBl/ZGCgbfdkUIyuoo5UHREH/
qEMCOu6EVspcV95fMVhqrpE1WQQzHXoarAiaIcDZdSWYuy4i6eVX39b2zmdOfGza
4CKOZ8q1wSo3HN50fR8O1Eh20pIXKH1166RqCOjOcZHYMnsrH0hlG+SCrkPnj2Gv
DCW/0W9P0MXwE48SIEc27D0YHiQZueP2GszAHdkSbxi3mNY7v0vi68S5ix4wYy96
yafL0pG660XIox61jeiZ
=UkBP
—–END PGP SIGNATURE—–

$ cat HASHSUM512-20170111

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

F25-CINN-x86_64-20170111.iso
fcf12b9dc2821b40c5dcf57806762d969e9e6b91 –
F25-KDE-x86_64-20170111.iso
641f1ad252e759165feeae298ab5f68dd5c247c6 –
F25-MATE-x86_64-20170111.iso
e7cd7ce710a0fac2dd4b066d964bc853f9a61993 –
F25-WORK-x86_64-20170111.iso
dffe7668d353fb6ffb320f9c13ea1e7c40b9553b –
F25-SOAS-x86_64-20170111.iso
bb1ef41487e84844048ccda11b7a98df9dd38b96 –
F25-XFCE-x86_64-20170111.iso
—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJYdqf4AAoJEPROuduwt8rHCa0QAK96VGJShmT2fpYadg8STweA
2RmPc+BUIvAnwvUb2d7Nn8qgfnfTThxgSojFOoNGfqSROLi0BqObkzWCgid+gK5N
POk1VjqlqfT7X9fjSQOIbkra0ctRLhSWlN+kkpi6Avtf4Mv5g7Cz/8e9TsfO2cwt
IoC8Q0PXF110bJFyyAdwZiJcIk8F2n9CzwHmibDoaODx5TYLGkOIM/tCZNBF/xFp
j56almICUYfJaIeVoZzdOSxbfMJpIywZKtObb5NOH3g/C0S0/6/Y6amZuPcQ2q9r
m8SB9BFQoke0TSG/krKGD6iAnWs6WmiBUjdG4vSY+qCkEPU1qw6Vz5188o2k5UFR
C0mn8WL89Gcr7O/fF1GSpE++xCDY8kiU7Ux/nveMfbKgKD9BmVxj5ICN0h6AlSkO
n7F448FMUgKKW92FHfD2/siE5EiaLl6qSyzJerNpMGHejwK7wlfyqa4tzWI7Qa2k
dSbqyEBLUzavRmILoNDkd2Xp0aR6RJBdUqPkYvAzXhrtzNw+rS1dJdRMaikn1qN/
NoBsafq5fqU6UBMmEnQEZzJqFJjxbR9bra8ekeMRfJmVwbbWnONUXeRT3Ac0byd1
FWkJdLCbBB6RlNQqnB+v/i1N81wt/Q9GBMpNWurSbvCiC+S/jEdJXsYrkhEj+ICk
mxSph+Z9uo7bXv0WOoAu
=HuRM
—–END PGP SIGNATURE—–

Please forward any questions,  for one-offs making your own or seeding/hosting these ISOs to the team at ircs://chat.freenode.net/#fedora,#kk4ewt or email me at linuxmodder AT fedoraproject DOT org OR sheldon DOT corey AT openmailbox DOT org.

 

Advertisements

Fedora@LISA2016: Event Report

LISA 2016 (Large Install System Admin “Sysadmin” Conference) 2016 Dec 4-9th,2016, Expo Dec 7-8th,2016.  Hosted Sheraton Downtown Boston.

Attending Ambassadors, Fedora Contributors included: Corey Sheldon (linuxmodder), Nick Bebout (nb), Mike DePaulo (mikedep333), Beth Lynn (bethlynn), Matthew Miller (mattdm), Stephen Gallagher (sgallagh).  Having a rather nice spread of the Fedora Community among us made for a very productive display and sidebar chats amongst ourselves and the Redhat / Centos Table folks we were with. Among us were several conference talk attendees and even a GPG Signing Party (as a BoF).

Day 1 — Wednesday — (Expo):

Things started off a bit sluggish til just after lunch when there was the first break from all talks on Wednesday.  We had folks from all sectors of the industry coming to the booth, and they had mostly upgraded to 25 already.  A few common questions revolved around what was in the pipeline for modularity and issues/gripes with systemd.  Being a ‘ Large Install`  centric conference we saw plenty of folks also asking about using Dockerfiles and cockpit, which mattdm so happily had displayed on one of the two monitors we had been provided at the booth.  Thanks to some pesky hardware or a bad burn, we even had the pleasure of helping one of our own clean install F25 at the booth (bethlynn).  Among several of the talks that some of us attended there were:  Beginner Wireshark, SRE: At a Startup: Lessons from LinkedIn, SRE: It’s people all the Way Down, The Road to Mordor: Information Security Issues and Your Open Source Project. Also of interest to both booth staff and many attendees was LISA Build, think of that as a Cisco NET+ hands-on event, where all skill levels learned/taught things on building networks, configuring routers/load balancers and setting up native IPv6.  Day one ended with a small number of DVDs (F24, as F25 media was not just available) about  75% of our unixstickers supply and about 50% of the combined USBs from the RedHat / Centos booths.

Day 2 — Thursday — (Expo):

Day 2 started at 10a as far as the expo was concerned but several of the team took advantage of the late start to visit local restaurants for breakfast, braving the wind and cold all the while.  Day 2 saw a lot of the same questions and some more complex questions regarding more complex deployments including ones with advanced SELinux and docker images which given the selection of talks that day was quite understandable.  There were several BoFs (Birds Of a Feather) talks on day 2 as is customary at LISA conferences, the note-worthy one from the Redhat / Fedora / CentOS team was the GPG key signing party which saw less than expected numbers with only 13 attendees but several were either new to key signing or the practice itself. As an uncommon occurrence would have it 3 of the attendees (including Nick Bebout the organizer) that were CACert validators, which would have allowed any interested folks to get over the required 100 points to become a certifier in their own right, sadly this is an aspect of the Web Of Trust (WoT) that is too under publicized.

Several of the booth staff stayed for the Thursday night Google Ice Cream Social, which is always a great networking event that is very low key and laid back.  Nick Bebout (nb) even won (via raffle) a signed copy of the SRE book on website optimization.

All in all, while we still had media on the table at the conclusion, we shared plenty of the other swag and had PLENTY of awesome user interactions with seasoned users and new users alike.  We also had a blast talking and working out ideas amongst ourselves at the booth.

 

Election Respins!! 20161108 Updates Now Available (with 4.8.6.200)

So this election is over (for us USA folks).  And you may wanna reboot your life, well can’t help there but however if you want to reboot your box with a new shiny  version of Fedora 24 or have a spare updated copy on hand to show off to friends or at events,;  you’re in luck.

Thanks to the community respins team there are a new set this time complete with a MultiBoot ISO ( which has all 6 64 bit ISOs on one ‘demo’  image.  Caveat on the MultiBoot it is 9.7Gb in size so a 16gb not the usual 2gb USB will be required.

 

All of them are as usual available here

As has become normal here the contents of HASHSUM512 and CHECKSUM512 files are:

 

cat CHECKSUM512-20161108
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

5dd169abbb7c3727d6e8e49797aab5cb37ad9dcd311e9b1970a0e5dd815c8cdea335e7bfcb0296d3e5effbe45da49884382174891180d7b95bbda2b0f4db7090 F24-source-20161108.iso
b9330896a940b79b015df6e3cf4832b11944fda0d46395026347c8fc1d61d6ef68805434823bba983fa931520d0ccbe9cd1ca8d0d1a75588a53f95be3008f069 F24-x86_64-CINN-20161108.iso
b809bc47d45841406e15a1f51d40e61b3178cd20f2f6e3205ef63bd2096d9c10c4b59cc243dab19f255489a45f6910f063dbc0b11af94ccdba932f4e65d967d1 F24-x86_64-KDE-20161108.iso
4c2465250d411c91b706e0a621832506da52e36a117c8c9d684aac6f7863ad345f87b887479aa00eb64c5b5a5123c545b704eb6a5b2bcc9a9a627ee7df4ea4b5 F24-x86_64-LXDE-20161108.iso
8cebfd052440db3c0902424769a2ab1eca3386f17d10af39eb0ea29cd46e9aa9a77bfcbd42385662f3951456a137501667fb01c53c1293f4d2537c425eed5195 F24-x86_64-MATE-20161108.iso
73b7e2c6c3fe92fe1625a7188477ba0e2f6a8c5e75394507ebd21b8c478ee7d61e83a4db3f3f393caad9363d1f181689d5972315f3241b4dbac0eb5a4bb8639c F24-x86_64-WORK-20161108.iso
abb92b6bcf5ec7bc12044a476b413d816545787edf22b5dd39d6455ed1ff47fe6d82848d4fc7f308415c6403801c0f9e4c6c2ac93ecc31e36265994f0c32c685 F24-x86_64-XFCE-20161108.iso
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iH0EARYIACUFAlgiLfceHGxpbnV4bW9kZGVyQGZlZG9yYXByb2plY3Qub3JnAAoJ
EFXE5XUOG69uXUwA/AskC4DoPqgQ8eIgy/15+bS7zHw8ILZwqAhEBILHUmXeAPwO
Zdp0/sRNwfSfKJy6gW/Wg12P6c+t+tZFnxXD5NiOAw==
=sY5o
—–END PGP SIGNATURE—–

 

cat HASHSUM512-20161108
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

ff708438dcbc044fc1f199fd5e75db2cca8cc6ae – F24-x86_64-WORK-20161108.iso
20673d8509a15cb016d8cc82bcb86e594b905832 – F24-x86_64-KDE-20161108.iso
146543dbd0f581f5ea6894a72d4d9b3407fd27fa – F24-x86_64-LXDE-20161108.iso
e157711a8acd8f394a2417a9205e097eb80e1184 – F24-x86_64-XFCE-20161108.iso
99ea075a3c035367705525f80ddef6277844c2cd – F24-x86_64-MATE-20161108.iso
5be1c0e3327da85f819ebd7822a40253142a8a9a – F24-x86_64-CINN-20161108.iso
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iH0EARYIACUFAlgiLbUeHGxpbnV4bW9kZGVyQGZlZG9yYXByb2plY3Qub3JnAAoJ
EFXE5XUOG69u/lUBAPlmFthGzC/D8jor8K9gwB+zJiiCaJWjA7S5LsRam/qwAQCA
Q2KM5PkfV4clGYgcgEdfcbzq/Mk6YZq9IJtDsB03DQ==
=p5FU
—–END PGP SIGNATURE—–

The Multi has a CHECKSUM512 as well on this round, however there is NO torrent of it.

cat CHECKSUM-Multi-20161108
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

b99b8bd45ee54b84f23e657662dd728060bf89725a65b258c1417d1d8186413f2b2813153a49f08ab42ba43e6bb73c8db9122896ce079022b5368542dd84984f F24-Multiboot-20161108.iso
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iF4EARYIAAYFAlgk70kACgkQVcTldQ4br26xXAD/SjZ873AG8Ie/7fXwqbUh+oEt
+8iL5bYOM6xIOBMwcxEBANgPuD1S5K73kgLN+Zatg1HO8xtLGpLYFpdKRhbPxYoP
=7CxA
—–END PGP SIGNATURE—–

Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

FOSSCON 2016 –Event Recap

FOSSCON 2016: Free & Open Source Software CONference was hosted at the International house of Philadelphia on Aug 20th 2016, and showcased nearly  20 vendors and nearly as many talks (plus ‘lightning talks’) and a Key Signing party.

This year saw nearly 600 folks attend during the 9 hour conference,  and had several interesting talks including:

  • A Tour of OpenStack Deployment Scenarios
  • Secrets of the Dead: What Modern Programmers can Learn form COBOL
    • This one was rather thought provoking and mostly went into the modern disease of  fast to market, and screw fuzzing (the manual, qa style testing and debugging)
  • WeeChat, Always on all the things
    • Despite the botched demo (blame a lack of  demo god sacrifice, lol) this talk was Very informative regarding what is possible with this popular Bouncer for IRC and XMPP (jabber, whatsapp,etc)
  • Using FreeBSD, Jails,Poudriere, and ZFS for fun and profit
    • This was much like the COBOL talk very secure the things centric and very informative.

Back at the Fedora booth,  I had a steady flow of interested folks before and after the installfest, which also was the co-location of a impromptu key signing party where at least 3  folks were walked thru a Fedora 24 install (one on a now dual booted Mac Book Pro –without bootcamp) and much teaching on best practices  for installs, Out of Band (OOB) vetting / validation of keys was taught to new comers.

We distrubuted around 40 DVDs to booth visitors most of whom were already Linux users and about half of those Fedora 23 /24 users.  Several visitors this year were repeat visitors from last year’s conferencem, where most folks had never seen much less handled / played with the XO which has become a stable attention getter for the booth.

Also, several ‘test drives’ were had on the Event Thinkpad T510 with F24 updated Multi-boot (Not generally published with the usual Updated ISOs — http://tinyurl.com/live-respins2 , however available on request.)

For more info on planned events to meet with the Ambassadors team, stay up to date with where we will be at:

https://fedoraproject.org/wiki/Events#North_America_.28NA.29