F25-20170510 Updated Lives Available (4.10.14-200 kernel + Patch for cve-2017-7895)

We in the Respins SIG are pleased to mention the latest series of Updated Live Respins carrying the 4.10.14-200 Kernel which IS patched for CVE2017-7895 [[rhsa]]. These respins use the livemedia-creator tool packaged in the default fedora repo and following the guide here as well as using the scripts located here.

 

As Always  there are available @  http://tinyurl.com/live-respins2

For those needing a non-shortened url that expands to https://dl.fedoraproject.org/pub/alt/live-respins/

 

GPG Clearsigned CHECKSUM Files: Using KeyID: E3A735D20D29A7157E991D6897DCB0E07AC3421D

Fingerprint: E3A7 35D2 0D29 A715 7E99  1D68 97DC B0E0 7AC3 421D

CHECKSUM512-20170510 (ISO Checksum hashes)

—-BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

de97ca64c37e4bff57fa403425868e123b4faa99f21212e6ecaef5a7f7628bcbac6fe716765787b412a33319be98dfbcb1d4aaed924d49358a80d1f903fa37c0 F25-CINN-x86_64-20170510.iso
3f286b23586c29ec5f8d5539a7726232e4857002e774895e774b23c03c56a8af65a69445d3c8f1bca4cf1fbc049f3f7d6c4656932a6d5a27d757abe45a303f68 F25-KDE-x86_64-20170510.iso
1c827a6405e54ce96cd2525c06d8bdd2e2e06c2035fef7e6fa7678535b7a879dd198a43381a6938d90e3f5ac389e6bdfba8047988770438c7776c325cfa4ebd9 F25-LXDE-x86_64-20170510.iso
028cdb293da0df3fe6b4e04a64103280d63504c1201fe59cbe257c8372cb736b14a5bcc81be6c9d6af13c903720caa26b23ff6a8068955247cea1a7b87106983 F25-MATE-x86_64-20170510.iso
74e34d0c8601b5f533e4c417e79dfdda71e7a19644c0b344c2009174a496ac5b548be31634cc4dc4a72f8fef4c51b4bf2ad8b12e846e6ae7fc6d3823a9a23cb9 F25-SOAS-x86_64-20170510.iso
d36b5f832e7e2dfd0cda7bfc6193fdc23e2f2a0894f613f842222771312e2147ae70a55148015e706801dea940d70023f8efb87c013b6ba437e543168bf7bab6 F25-source-20170510.iso
c3583a98328ea0846bdddfe0350e1839793ed621a3e7ccb274d64e0004e6ed8fe201f00e1de29a875d69816942499f9fa16f6cda2ad100cf1ac8282836308102 F25-WORK-x86_64-20170510.iso
583044195a30555a973ce223324b15641e948b5dfa4d669323da79377088ff5a6d62bd7160a83113ed7aec28e37b07c77fc08a42e89958a8ca9fc1308d55e6ca F25-XFCE-x86_64-20170510.iso
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQI7BAEBCAAlBQJZE4Z9HhxsaW51eG1vZGRlckBmZWRvcmFwcm9qZWN0Lm9yZwAK
CRAI5fBPV5bBaDl2EAC7XXFfAyHdwltl5zJQZWhukb9wPDlawR+WfOYHU0ASWra+
jdYI/kEXK27JPlIVFjRJsi7Tx8hoYvkrGHB+eb1nx0IcbKa27zq2uxJEiPnJGkPp
V4XrJZPT0kyTjUHc4w2ApJR64/60MGSIBOSMAQANQW/eIiAvPUlZG20pVaLLJi4D
wfxwbn/0+HKVg0aQIy2NsKj0VN3CvgwToK3xCtvC12e5uNFSmS8zfFVrph+O3p9n
obOYrFo9akh6vaq5+8xzimGSLcNEQ8lqRTtWvQcFWspDMLgW62EAwUsCOj+aTJcO
YtdkLbWaHXBfEKwN1ZNW75adVm07kd8a//IPdDxaOTUUZXyT5peWXk/kdUDtIwpr
AIPygWMvuJ9eeMxyoJnGM17kh6q5wCqM5txYUQkmTCE/TeV5wZKak6lhMj52nn1I
GBOIA0m8QFxYie7NffgmJbc63VItqmpN9Xu5DMUgfOJkSc9B25DSqAaFGE6q0WDW
X+5W/iVsXZval2JEq9QIBCDDSRwSXUBJS79xgF7AvgpzSpWXRADWFXI4p67C+VJ3
oBfnoYz1qYliDxChgbp6q+lGlHycF5DD7RALZQp3cz1TX7O4pCOiQZiIg1kqsdsf
ijuhN/fPe5OOq8JGdSpYvEFnz38vUfPyQxaDUy9cdWHQO/PAQzNnj6nTcDeK6g==
=g6Hc
—–END PGP SIGNATURE—–

HASHSUM512-20170510 (Torrent Checksum Hashes)

—-BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

7bfdfe4745aa706feee460db301c61bd397951ed – F25-CINN-x86_64-20170510.iso
8bbdd31863b825e3fd1dd4a2cee38916195198b0 – F25-KDE-x86_64-20170510.iso
cf1facecb86a061d189a6efc8246a0f55e3ca636 – F25-LXDE-x86_64-20170510.iso
71c7cf6bc086cec8adf65d1349aacb0647ca1eb0 – F25-MATE-x86_64-20170510.iso
887766e73b6fda2bcc719132cc5569006b253d5c – F25-WORK-x86_64-20170510.iso
da613b7664014d679ceeb0bdcb53e516e0a3fa24 – F25-SOAS-x86_64-20170510.iso
fe2d237118f264416f13f3e43eaa782ec7b-240a1 – F25-XFCE-x86_64-20170510.iso

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQI7BAEBCAAlBQJZE4aNHhxsaW51eG1vZGRlckBmZWRvcmFwcm9qZWN0Lm9yZwAK
CRAI5fBPV5bBaDVEEACKlrWrjNi1mIZJAHEVyxO6lAIHvklkL0BvszFkYesZjFku
Vn08ewkRe7K9J87JKKXNsM6v/8Te9WyeyJXz7QtVeM4J3Lju2BWU3a0DXCS5MWAN
+UxGIAG914sHzavr5ll2R3trgtXAbqN3+YQATzsGEaGeeIuF7vxcrU1QGAZt2NBF
dIUwwST/5QgWhdr4FqJqo+TGMNe30lNI6G6RJMw6L2GIp3eqxPJsOEuQ0+w+ZqUe
LkUKp2kEzIUsQ+CyFExd4pzmXl7eZ6GqYFrU0hUVA1vYNK2dHwDDuHmyolOI2LUF
4wA/bj7ZDC5mwGyCNeekWI4dCs7QBYuxYtRemUxgPR+rkS3+L/epumDvfCS9s37s
eWIVHviTkhQkEH/nTI7vbJXfZYNQF2guxVXj1i6Ysz30azVmue1+bLaD8soqwBWp
MmP+cK7cXfzGvk0NuIjDuex9OV4tUanjDyjzu8t9kRtoTf57824XQ/3kz/s3HmbW
cw0INasW9eoV1k0lKw9x5i2NA+96xFkZmv38Qnh1UObqryHAfVeNEobt+ibAReYv
LVT6ai1HDq1nGDfuoq1LSHmGpZKJIadIexTzg0mSTn/6v0j2l/6+Us1rcFbIPf/B
/nZg/DmXCkQv6b3M/F2JHazOnCMqcqtPHa4ugvGf9BXmsqXORs0HMwoNuK8YRw==
=6J/I
—–END PGP SIGNATURE—–

Fedora @ BitCamp 2017: Event Report

So what is Bitcamp?   Bitcamp is an MLH sponsored Hackathon.  A Hackathon is more or less as one of this year’s attendees’ tweeted: “Bitcamp is like woodstock for nerds!!”. where hackers and mentors work together in this case over a 36 hour period to:

  1. make some new technology (or extension of existing one) –i.e. new or better module for VR controller, DIY Arduino Thermostats, IP camera monitors.
  2. Learn how to code (in most if not all languages out there and used)
  3. Network with vendors, other attendees, vendors and make more connections that can help them or their teammates in future ventures/learning.

We (Mike Depaulo and I) attended Bitcamp for yet a second year this past weekend.  We showcased Fedora’s Security and Robotics Labs as well as Workstation. I personally spent a large portion of my time helping several teams with mostly Web app/Website design and implementation of 2 Factor/multi-factor back-end support  (namely the OAuth2 and OpenID APIs).  DVD Media of 25 Workstation was in HIGH demand, so much so that of the 100 DVDs we had at the start by the start of Saturday morning’s Breakfast we had to start rationing distribution so as to have some throughout the event.

Surprising to me was the,  in general, decent knowledge of 2FA/MFA but the lack of its implementation server side for apps, largely due to, from what I heard from hackers, ‘It’s too hard, and will take longer than the hackathon to implement and polish up the app!!”. Thankfully in the case of the team behind ‘Scandicash’ a currency brokerage startup in attendance I was working with, we proved that statement wrong!!.  The public facing site is still in the works so sadly no link for publishing at the time of this report.

During intermittent wifi stability, I happened to show a few very interested Developers some of the finer things and options of Cockpit and using locally stored mirrors for development pods and deployment. (That part was REAL fun).

Sadly, I was called back to work mid-event but I was pleased with the connections and time I was able to spend with my colleague Mike AND the hackers and other vendors.  I was even asked about having Fedora sponsor or at least provide mentors for a few NE hackathons in the coming fall term, Namely YCPHacks and HoyaHacks

https://pagure.io/ambassadors-na/tasks/issue/174

https://pagure.io/ambassadors-na/tasks/issue/175

With any luck, Fedora will be in attendance in some manner for at least one of those upcoming Hackathons.

In closing, I’d love to give a few shootouts,

BSN, Back Stage Networks, in collaboration with MAX Media for the Donated Ethernet and whilst dodgy at times also the WiFi. With special Shootouts to Dan and Josh.

UofMD, Events / Concessions Staff, This was a VERY WELL executed Hackathon 

Major League Hacking, who works with SEVERAL Universities and sponsors/partners to make such Hackathons like Bitcamp a recurring success.

and of course, not the least of them all ALL of you HACKERS, that continue to push both your mentors and technology/mindsets to and often beyond the current perceived envelope of feasibility and doing it year round in 24-48 hour cram sessions where Humble mentors/sponsors like my colleague and I and Fedora may continue to be amazed.

 

 

 

Fedora@LISA2016: Event Report

LISA 2016 (Large Install System Admin “Sysadmin” Conference) 2016 Dec 4-9th,2016, Expo Dec 7-8th,2016.  Hosted Sheraton Downtown Boston.

Attending Ambassadors, Fedora Contributors included: Corey Sheldon (linuxmodder), Nick Bebout (nb), Mike DePaulo (mikedep333), Beth Lynn (bethlynn), Matthew Miller (mattdm), Stephen Gallagher (sgallagh).  Having a rather nice spread of the Fedora Community among us made for a very productive display and sidebar chats amongst ourselves and the Redhat / Centos Table folks we were with. Among us were several conference talk attendees and even a GPG Signing Party (as a BoF).

Day 1 — Wednesday — (Expo):

Things started off a bit sluggish til just after lunch when there was the first break from all talks on Wednesday.  We had folks from all sectors of the industry coming to the booth, and they had mostly upgraded to 25 already.  A few common questions revolved around what was in the pipeline for modularity and issues/gripes with systemd.  Being a ‘ Large Install`  centric conference we saw plenty of folks also asking about using Dockerfiles and cockpit, which mattdm so happily had displayed on one of the two monitors we had been provided at the booth.  Thanks to some pesky hardware or a bad burn, we even had the pleasure of helping one of our own clean install F25 at the booth (bethlynn).  Among several of the talks that some of us attended there were:  Beginner Wireshark, SRE: At a Startup: Lessons from LinkedIn, SRE: It’s people all the Way Down, The Road to Mordor: Information Security Issues and Your Open Source Project. Also of interest to both booth staff and many attendees was LISA Build, think of that as a Cisco NET+ hands-on event, where all skill levels learned/taught things on building networks, configuring routers/load balancers and setting up native IPv6.  Day one ended with a small number of DVDs (F24, as F25 media was not just available) about  75% of our unixstickers supply and about 50% of the combined USBs from the RedHat / Centos booths.

Day 2 — Thursday — (Expo):

Day 2 started at 10a as far as the expo was concerned but several of the team took advantage of the late start to visit local restaurants for breakfast, braving the wind and cold all the while.  Day 2 saw a lot of the same questions and some more complex questions regarding more complex deployments including ones with advanced SELinux and docker images which given the selection of talks that day was quite understandable.  There were several BoFs (Birds Of a Feather) talks on day 2 as is customary at LISA conferences, the note-worthy one from the Redhat / Fedora / CentOS team was the GPG key signing party which saw less than expected numbers with only 13 attendees but several were either new to key signing or the practice itself. As an uncommon occurrence would have it 3 of the attendees (including Nick Bebout the organizer) that were CACert validators, which would have allowed any interested folks to get over the required 100 points to become a certifier in their own right, sadly this is an aspect of the Web Of Trust (WoT) that is too under publicized.

Several of the booth staff stayed for the Thursday night Google Ice Cream Social, which is always a great networking event that is very low key and laid back.  Nick Bebout (nb) even won (via raffle) a signed copy of the SRE book on website optimization.

All in all, while we still had media on the table at the conclusion, we shared plenty of the other swag and had PLENTY of awesome user interactions with seasoned users and new users alike.  We also had a blast talking and working out ideas amongst ourselves at the booth.

 

Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

NGA Hackathon series: AngelHacks w/ Blue Compass to host two Hackathons in Sept & Nov

NGA Hackathon / Demothons in Sept & Nov 2016

This back to school season, look at these two prize money / possible job placement Hackathons/Demothons.

The NGA ( National Geo-Spatial Intelligence Agency  — https://nga.gov ) is looking for new fresh ideas for big data analysis and dataset collection and has opened the Disparate Data Challenge.  This Hackathon & Demothon is a 2 stage engagement with stage 1 open to US citizens and stage 2 only open to stage 1 winners. Stage 1 submissions due by Sept 19, 2016.

Also part of NGA’s Hackathon series and backed by the AngelHack as well as Blue Compass LLC, is  ExpeditionHacks, hosted at Hunter College, NYC On  Nov 12-13,2016. This Event is more of the traditional 24 hr hackathon. Where teams of UP TO 5 can show their merit on a Geo-spatial conservation and efficiency hack session.  Show you can provide a sustainability, or ‘come-up’ solutions for indigenous communities.