F25-20170510 Updated Lives Available (4.10.14-200 kernel + Patch for cve-2017-7895)

We in the Respins SIG are pleased to mention the latest series of Updated Live Respins carrying the 4.10.14-200 Kernel which IS patched for CVE2017-7895 [[rhsa]]. These respins use the livemedia-creator tool packaged in the default fedora repo and following the guide here as well as using the scripts located here.


As Always  there are available @  http://tinyurl.com/live-respins2

For those needing a non-shortened url that expands to https://dl.fedoraproject.org/pub/alt/live-respins/


GPG Clearsigned CHECKSUM Files: Using KeyID: E3A735D20D29A7157E991D6897DCB0E07AC3421D

Fingerprint: E3A7 35D2 0D29 A715 7E99  1D68 97DC B0E0 7AC3 421D

CHECKSUM512-20170510 (ISO Checksum hashes)

Hash: SHA256

de97ca64c37e4bff57fa403425868e123b4faa99f21212e6ecaef5a7f7628bcbac6fe716765787b412a33319be98dfbcb1d4aaed924d49358a80d1f903fa37c0 F25-CINN-x86_64-20170510.iso
3f286b23586c29ec5f8d5539a7726232e4857002e774895e774b23c03c56a8af65a69445d3c8f1bca4cf1fbc049f3f7d6c4656932a6d5a27d757abe45a303f68 F25-KDE-x86_64-20170510.iso
1c827a6405e54ce96cd2525c06d8bdd2e2e06c2035fef7e6fa7678535b7a879dd198a43381a6938d90e3f5ac389e6bdfba8047988770438c7776c325cfa4ebd9 F25-LXDE-x86_64-20170510.iso
028cdb293da0df3fe6b4e04a64103280d63504c1201fe59cbe257c8372cb736b14a5bcc81be6c9d6af13c903720caa26b23ff6a8068955247cea1a7b87106983 F25-MATE-x86_64-20170510.iso
74e34d0c8601b5f533e4c417e79dfdda71e7a19644c0b344c2009174a496ac5b548be31634cc4dc4a72f8fef4c51b4bf2ad8b12e846e6ae7fc6d3823a9a23cb9 F25-SOAS-x86_64-20170510.iso
d36b5f832e7e2dfd0cda7bfc6193fdc23e2f2a0894f613f842222771312e2147ae70a55148015e706801dea940d70023f8efb87c013b6ba437e543168bf7bab6 F25-source-20170510.iso
c3583a98328ea0846bdddfe0350e1839793ed621a3e7ccb274d64e0004e6ed8fe201f00e1de29a875d69816942499f9fa16f6cda2ad100cf1ac8282836308102 F25-WORK-x86_64-20170510.iso
583044195a30555a973ce223324b15641e948b5dfa4d669323da79377088ff5a6d62bd7160a83113ed7aec28e37b07c77fc08a42e89958a8ca9fc1308d55e6ca F25-XFCE-x86_64-20170510.iso
Version: GnuPG v2


HASHSUM512-20170510 (Torrent Checksum Hashes)

Hash: SHA256

7bfdfe4745aa706feee460db301c61bd397951ed – F25-CINN-x86_64-20170510.iso
8bbdd31863b825e3fd1dd4a2cee38916195198b0 – F25-KDE-x86_64-20170510.iso
cf1facecb86a061d189a6efc8246a0f55e3ca636 – F25-LXDE-x86_64-20170510.iso
71c7cf6bc086cec8adf65d1349aacb0647ca1eb0 – F25-MATE-x86_64-20170510.iso
887766e73b6fda2bcc719132cc5569006b253d5c – F25-WORK-x86_64-20170510.iso
da613b7664014d679ceeb0bdcb53e516e0a3fa24 – F25-SOAS-x86_64-20170510.iso
fe2d237118f264416f13f3e43eaa782ec7b-240a1 – F25-XFCE-x86_64-20170510.iso

Version: GnuPG v2



Fedora @ BitCamp 2017: Event Report

So what is Bitcamp?   Bitcamp is an MLH sponsored Hackathon.  A Hackathon is more or less as one of this year’s attendees’ tweeted: “Bitcamp is like woodstock for nerds!!”. where hackers and mentors work together in this case over a 36 hour period to:

  1. make some new technology (or extension of existing one) –i.e. new or better module for VR controller, DIY Arduino Thermostats, IP camera monitors.
  2. Learn how to code (in most if not all languages out there and used)
  3. Network with vendors, other attendees, vendors and make more connections that can help them or their teammates in future ventures/learning.

We (Mike Depaulo and I) attended Bitcamp for yet a second year this past weekend.  We showcased Fedora’s Security and Robotics Labs as well as Workstation. I personally spent a large portion of my time helping several teams with mostly Web app/Website design and implementation of 2 Factor/multi-factor back-end support  (namely the OAuth2 and OpenID APIs).  DVD Media of 25 Workstation was in HIGH demand, so much so that of the 100 DVDs we had at the start by the start of Saturday morning’s Breakfast we had to start rationing distribution so as to have some throughout the event.

Surprising to me was the,  in general, decent knowledge of 2FA/MFA but the lack of its implementation server side for apps, largely due to, from what I heard from hackers, ‘It’s too hard, and will take longer than the hackathon to implement and polish up the app!!”. Thankfully in the case of the team behind ‘Scandicash’ a currency brokerage startup in attendance I was working with, we proved that statement wrong!!.  The public facing site is still in the works so sadly no link for publishing at the time of this report.

During intermittent wifi stability, I happened to show a few very interested Developers some of the finer things and options of Cockpit and using locally stored mirrors for development pods and deployment. (That part was REAL fun).

Sadly, I was called back to work mid-event but I was pleased with the connections and time I was able to spend with my colleague Mike AND the hackers and other vendors.  I was even asked about having Fedora sponsor or at least provide mentors for a few NE hackathons in the coming fall term, Namely YCPHacks and HoyaHacks



With any luck, Fedora will be in attendance in some manner for at least one of those upcoming Hackathons.

In closing, I’d love to give a few shootouts,

BSN, Back Stage Networks, in collaboration with MAX Media for the Donated Ethernet and whilst dodgy at times also the WiFi. With special Shootouts to Dan and Josh.

UofMD, Events / Concessions Staff, This was a VERY WELL executed Hackathon 

Major League Hacking, who works with SEVERAL Universities and sponsors/partners to make such Hackathons like Bitcamp a recurring success.

and of course, not the least of them all ALL of you HACKERS, that continue to push both your mentors and technology/mindsets to and often beyond the current perceived envelope of feasibility and doing it year round in 24-48 hour cram sessions where Humble mentors/sponsors like my colleague and I and Fedora may continue to be amazed.




Fedora@LISA2016: Event Report

LISA 2016 (Large Install System Admin “Sysadmin” Conference) 2016 Dec 4-9th,2016, Expo Dec 7-8th,2016.  Hosted Sheraton Downtown Boston.

Attending Ambassadors, Fedora Contributors included: Corey Sheldon (linuxmodder), Nick Bebout (nb), Mike DePaulo (mikedep333), Beth Lynn (bethlynn), Matthew Miller (mattdm), Stephen Gallagher (sgallagh).  Having a rather nice spread of the Fedora Community among us made for a very productive display and sidebar chats amongst ourselves and the Redhat / Centos Table folks we were with. Among us were several conference talk attendees and even a GPG Signing Party (as a BoF).

Day 1 — Wednesday — (Expo):

Things started off a bit sluggish til just after lunch when there was the first break from all talks on Wednesday.  We had folks from all sectors of the industry coming to the booth, and they had mostly upgraded to 25 already.  A few common questions revolved around what was in the pipeline for modularity and issues/gripes with systemd.  Being a ‘ Large Install`  centric conference we saw plenty of folks also asking about using Dockerfiles and cockpit, which mattdm so happily had displayed on one of the two monitors we had been provided at the booth.  Thanks to some pesky hardware or a bad burn, we even had the pleasure of helping one of our own clean install F25 at the booth (bethlynn).  Among several of the talks that some of us attended there were:  Beginner Wireshark, SRE: At a Startup: Lessons from LinkedIn, SRE: It’s people all the Way Down, The Road to Mordor: Information Security Issues and Your Open Source Project. Also of interest to both booth staff and many attendees was LISA Build, think of that as a Cisco NET+ hands-on event, where all skill levels learned/taught things on building networks, configuring routers/load balancers and setting up native IPv6.  Day one ended with a small number of DVDs (F24, as F25 media was not just available) about  75% of our unixstickers supply and about 50% of the combined USBs from the RedHat / Centos booths.

Day 2 — Thursday — (Expo):

Day 2 started at 10a as far as the expo was concerned but several of the team took advantage of the late start to visit local restaurants for breakfast, braving the wind and cold all the while.  Day 2 saw a lot of the same questions and some more complex questions regarding more complex deployments including ones with advanced SELinux and docker images which given the selection of talks that day was quite understandable.  There were several BoFs (Birds Of a Feather) talks on day 2 as is customary at LISA conferences, the note-worthy one from the Redhat / Fedora / CentOS team was the GPG key signing party which saw less than expected numbers with only 13 attendees but several were either new to key signing or the practice itself. As an uncommon occurrence would have it 3 of the attendees (including Nick Bebout the organizer) that were CACert validators, which would have allowed any interested folks to get over the required 100 points to become a certifier in their own right, sadly this is an aspect of the Web Of Trust (WoT) that is too under publicized.

Several of the booth staff stayed for the Thursday night Google Ice Cream Social, which is always a great networking event that is very low key and laid back.  Nick Bebout (nb) even won (via raffle) a signed copy of the SRE book on website optimization.

All in all, while we still had media on the table at the conclusion, we shared plenty of the other swag and had PLENTY of awesome user interactions with seasoned users and new users alike.  We also had a blast talking and working out ideas amongst ourselves at the booth.


Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

#RedhatDID: Retrospective and a look ahead to future events

Oct 6, 2016:  The day several Redhat trainers and industry folks met to talk about best practices and give feedback on the vision and mission ( and speed of progression) of Redhat Enterprise Linux (RHEL) and upstream /  downstream projects and products.  Among one of the most popular Sessions was the one by Robin Price and Martin Priesler on OpenSCAP which was a standing room only  session with nearly  1/3 of attendants in attendance for this talk / session.  Rita Carroll and others setup a interest list for those that would like to attend another OpenSCAP Workshop (mainly centered on a hands-on event but other venues seemed open for debate). If you’d be interested regardless of whether you like me were in attendance please email Rita @ rita@redhat.com with a simple subject line referencing OpenSCAP Workshop (Tysons Area).

All slide decks will be up on the RedHatDID site used for registration within the coming week or two ( some presenters were not  Redhat afterall).

The above link has all the info about all 4  tracks presented and the topics, If you would like more info or a company visit on any topic shown ( or maybe something more topical to your organization) feel free to contact Rita or another event coordinator to schedule.

Next Event will be on Nov 2, 2016 at the Ritz-Carlton, Pentagon City, Va  and is FREE for Gov’t folks when registering for the rest of us Industry folks that’s still only $195 for a 8 hr symposium with some of the most authoritative folks in the industry.