F26 Live Respins Test Builds available, *** Call for additional testers ***

With the recent public release of Fedora 26, we in the Respins SIG, have begun testing of Fedora 26 builds.  These test builds include:

Cinnamon (CINN)

KDE (KDE)

LXDE (LXDE)

LXQT (LXQT) — New addition with Fedora 26, additional/heavy testing requested.

MATE (MATE)

Sugar On A Stick (SOAS) – Educational spin, tailored to youth and those with cognitive problems, (i.e. rehab after a stroke)

Gnome Workstation (WORK)

XFCE (XFCE)

Please grab the ISOs from [ http://de.fspin.org/Testing/ ] or  [ http://tx.fspin.org/Testing/ ]. If you happen to see multiple runs there unless otherwise asked to, test the newest date run.

 

It is planned to have any build issues worked out by mid-August and by the start of Fall term having Official 26 Respins replace the present 25 builds.

For any questions, feel free to join us on IRC, [ ircs://irc.chat.freenode.net/#fedora-respins ].

 

 

 

 

 

 

Updated Fedora Lives Available (4.10.16-200) Memorial Weekend Run

 

We in the Respins SIG are pleased to mention the latest series of Updated Live Respins carrying the 4.10.16-200 Kernel.  These respins use the livemedia-creator tool packaged in the default Fedora repo and following the guide here as well as using the scripts located here.

As Always  there are available @  http://tinyurl.com/live-respins2

For those needing a non-shortened url that expands to https://dl.fedoraproject.org/pub/alt/live-respins/

This round will be noticeably missing from it’s usual gpg clearsigned CHECKSUM|HASHSUM files hosted on https://community.ameridea.net due to a key cycling operation.  This post will be updated with the  new KeyID|Fingerprint next week however, next run will be the first run with that key in play.

 

Fedora @ BitCamp 2017: Event Report

So what is Bitcamp?   Bitcamp is an MLH sponsored Hackathon.  A Hackathon is more or less as one of this year’s attendees’ tweeted: “Bitcamp is like woodstock for nerds!!”. where hackers and mentors work together in this case over a 36 hour period to:

1. make some new technology (or extension of existing one) –i.e. new or better module for VR controller, DIY Arduino Thermostats, IP camera monitors.
2. Learn how to code (in most if not all languages out there and used)
3. Network with vendors, other attendees, vendors and make more connections that can help them or their teammates in future ventures/learning.

We (Mike Depaulo and I) attended Bitcamp for yet a second year this past weekend.  We showcased Fedora’s Security and Robotics Labs as well as Workstation. I personally spent a large portion of my time helping several teams with mostly Web app/Website design and implementation of 2 Factor/multi-factor back-end support  (namely the OAuth2 and OpenID APIs).  DVD Media of 25 Workstation was in HIGH demand, so much so that of the 100 DVDs we had at the start by the start of Saturday morning’s Breakfast we had to start rationing distribution so as to have some throughout the event.

Surprising to me was the,  in general, decent knowledge of 2FA/MFA but the lack of its implementation server side for apps, largely due to, from what I heard from hackers, ‘It’s too hard, and will take longer than the hackathon to implement and polish up the app!!”. Thankfully in the case of the team behind ‘Scandicash’ a currency brokerage startup in attendance I was working with, we proved that statement wrong!!.  The public facing site is still in the works so sadly no link for publishing at the time of this report.

During intermittent wifi stability, I happened to show a few very interested Developers some of the finer things and options of Cockpit and using locally stored mirrors for development pods and deployment. (That part was REAL fun).

Sadly, I was called back to work mid-event but I was pleased with the connections and time I was able to spend with my colleague Mike AND the hackers and other vendors.  I was even asked about having Fedora sponsor or at least provide mentors for a few NE hackathons in the coming fall term, Namely YCPHacks and HoyaHacks

https://pagure.io/ambassadors-na/tasks/issue/174

https://pagure.io/ambassadors-na/tasks/issue/175

With any luck, Fedora will be in attendance in some manner for at least one of those upcoming Hackathons.

In closing, I’d love to give a few shootouts,

BSN, Back Stage Networks, in collaboration with MAX Media for the Donated Ethernet and whilst dodgy at times also the WiFi. With special Shootouts to Dan and Josh.

UofMD, Events / Concessions Staff, This was a VERY WELL executed Hackathon 

Major League Hacking, who works with SEVERAL Universities and sponsors/partners to make such Hackathons like Bitcamp a recurring success.

and of course, not the least of them all ALL of you HACKERS, that continue to push both your mentors and technology/mindsets to and often beyond the current perceived envelope of feasibility and doing it year round in 24-48 hour cram sessions where Humble mentors/sponsors like my colleague and I and Fedora may continue to be amazed.

 

 

 

Fedora@LISA2016: Event Report

LISA 2016 (Large Install System Admin “Sysadmin” Conference) 2016 Dec 4-9th,2016, Expo Dec 7-8th,2016.  Hosted Sheraton Downtown Boston.

Attending Ambassadors, Fedora Contributors included: Corey Sheldon (linuxmodder), Nick Bebout (nb), Mike DePaulo (mikedep333), Beth Lynn (bethlynn), Matthew Miller (mattdm), Stephen Gallagher (sgallagh).  Having a rather nice spread of the Fedora Community among us made for a very productive display and sidebar chats amongst ourselves and the Redhat / Centos Table folks we were with. Among us were several conference talk attendees and even a GPG Signing Party (as a BoF).

Day 1 — Wednesday — (Expo):

Things started off a bit sluggish til just after lunch when there was the first break from all talks on Wednesday.  We had folks from all sectors of the industry coming to the booth, and they had mostly upgraded to 25 already.  A few common questions revolved around what was in the pipeline for modularity and issues/gripes with systemd.  Being a ‘ Large Install`  centric conference we saw plenty of folks also asking about using Dockerfiles and cockpit, which mattdm so happily had displayed on one of the two monitors we had been provided at the booth.  Thanks to some pesky hardware or a bad burn, we even had the pleasure of helping one of our own clean install F25 at the booth (bethlynn).  Among several of the talks that some of us attended there were:  Beginner Wireshark, SRE: At a Startup: Lessons from LinkedIn, SRE: It’s people all the Way Down, The Road to Mordor: Information Security Issues and Your Open Source Project. Also of interest to both booth staff and many attendees was LISA Build, think of that as a Cisco NET+ hands-on event, where all skill levels learned/taught things on building networks, configuring routers/load balancers and setting up native IPv6.  Day one ended with a small number of DVDs (F24, as F25 media was not just available) about  75% of our unixstickers supply and about 50% of the combined USBs from the RedHat / Centos booths.

Day 2 — Thursday — (Expo):

Day 2 started at 10a as far as the expo was concerned but several of the team took advantage of the late start to visit local restaurants for breakfast, braving the wind and cold all the while.  Day 2 saw a lot of the same questions and some more complex questions regarding more complex deployments including ones with advanced SELinux and docker images which given the selection of talks that day was quite understandable.  There were several BoFs (Birds Of a Feather) talks on day 2 as is customary at LISA conferences, the note-worthy one from the Redhat / Fedora / CentOS team was the GPG key signing party which saw less than expected numbers with only 13 attendees but several were either new to key signing or the practice itself. As an uncommon occurrence would have it 3 of the attendees (including Nick Bebout the organizer) that were CACert validators, which would have allowed any interested folks to get over the required 100 points to become a certifier in their own right, sadly this is an aspect of the Web Of Trust (WoT) that is too under publicized.

Several of the booth staff stayed for the Thursday night Google Ice Cream Social, which is always a great networking event that is very low key and laid back.  Nick Bebout (nb) even won (via raffle) a signed copy of the SRE book on website optimization.

All in all, while we still had media on the table at the conclusion, we shared plenty of the other swag and had PLENTY of awesome user interactions with seasoned users and new users alike.  We also had a blast talking and working out ideas amongst ourselves at the booth.

 

Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195