Updated Fedora Lives Available (4.10.16-200) Memorial Weekend Run

 

We in the Respins SIG are pleased to mention the latest series of Updated Live Respins carrying the 4.10.16-200 Kernel.  These respins use the livemedia-creator tool packaged in the default Fedora repo and following the guide here as well as using the scripts located here.

As Always  there are available @  http://tinyurl.com/live-respins2

For those needing a non-shortened url that expands to https://dl.fedoraproject.org/pub/alt/live-respins/

This round will be noticeably missing from it’s usual gpg clearsigned CHECKSUM|HASHSUM files hosted on https://community.ameridea.net due to a key cycling operation.  This post will be updated with the  new KeyID|Fingerprint next week however, next run will be the first run with that key in play.

 

Fedora @ BitCamp 2017: Event Report

So what is Bitcamp?   Bitcamp is an MLH sponsored Hackathon.  A Hackathon is more or less as one of this year’s attendees’ tweeted: “Bitcamp is like woodstock for nerds!!”. where hackers and mentors work together in this case over a 36 hour period to:

1. make some new technology (or extension of existing one) –i.e. new or better module for VR controller, DIY Arduino Thermostats, IP camera monitors.
2. Learn how to code (in most if not all languages out there and used)
3. Network with vendors, other attendees, vendors and make more connections that can help them or their teammates in future ventures/learning.

We (Mike Depaulo and I) attended Bitcamp for yet a second year this past weekend.  We showcased Fedora’s Security and Robotics Labs as well as Workstation. I personally spent a large portion of my time helping several teams with mostly Web app/Website design and implementation of 2 Factor/multi-factor back-end support  (namely the OAuth2 and OpenID APIs).  DVD Media of 25 Workstation was in HIGH demand, so much so that of the 100 DVDs we had at the start by the start of Saturday morning’s Breakfast we had to start rationing distribution so as to have some throughout the event.

Surprising to me was the,  in general, decent knowledge of 2FA/MFA but the lack of its implementation server side for apps, largely due to, from what I heard from hackers, ‘It’s too hard, and will take longer than the hackathon to implement and polish up the app!!”. Thankfully in the case of the team behind ‘Scandicash’ a currency brokerage startup in attendance I was working with, we proved that statement wrong!!.  The public facing site is still in the works so sadly no link for publishing at the time of this report.

During intermittent wifi stability, I happened to show a few very interested Developers some of the finer things and options of Cockpit and using locally stored mirrors for development pods and deployment. (That part was REAL fun).

Sadly, I was called back to work mid-event but I was pleased with the connections and time I was able to spend with my colleague Mike AND the hackers and other vendors.  I was even asked about having Fedora sponsor or at least provide mentors for a few NE hackathons in the coming fall term, Namely YCPHacks and HoyaHacks

https://pagure.io/ambassadors-na/tasks/issue/174

https://pagure.io/ambassadors-na/tasks/issue/175

With any luck, Fedora will be in attendance in some manner for at least one of those upcoming Hackathons.

In closing, I’d love to give a few shootouts,

BSN, Back Stage Networks, in collaboration with MAX Media for the Donated Ethernet and whilst dodgy at times also the WiFi. With special Shootouts to Dan and Josh.

UofMD, Events / Concessions Staff, This was a VERY WELL executed Hackathon 

Major League Hacking, who works with SEVERAL Universities and sponsors/partners to make such Hackathons like Bitcamp a recurring success.

and of course, not the least of them all ALL of you HACKERS, that continue to push both your mentors and technology/mindsets to and often beyond the current perceived envelope of feasibility and doing it year round in 24-48 hour cram sessions where Humble mentors/sponsors like my colleague and I and Fedora may continue to be amazed.

 

 

 

Fedora@LISA2016: Event Report

LISA 2016 (Large Install System Admin “Sysadmin” Conference) 2016 Dec 4-9th,2016, Expo Dec 7-8th,2016.  Hosted Sheraton Downtown Boston.

Attending Ambassadors, Fedora Contributors included: Corey Sheldon (linuxmodder), Nick Bebout (nb), Mike DePaulo (mikedep333), Beth Lynn (bethlynn), Matthew Miller (mattdm), Stephen Gallagher (sgallagh).  Having a rather nice spread of the Fedora Community among us made for a very productive display and sidebar chats amongst ourselves and the Redhat / Centos Table folks we were with. Among us were several conference talk attendees and even a GPG Signing Party (as a BoF).

Day 1 — Wednesday — (Expo):

Things started off a bit sluggish til just after lunch when there was the first break from all talks on Wednesday.  We had folks from all sectors of the industry coming to the booth, and they had mostly upgraded to 25 already.  A few common questions revolved around what was in the pipeline for modularity and issues/gripes with systemd.  Being a ‘ Large Install`  centric conference we saw plenty of folks also asking about using Dockerfiles and cockpit, which mattdm so happily had displayed on one of the two monitors we had been provided at the booth.  Thanks to some pesky hardware or a bad burn, we even had the pleasure of helping one of our own clean install F25 at the booth (bethlynn).  Among several of the talks that some of us attended there were:  Beginner Wireshark, SRE: At a Startup: Lessons from LinkedIn, SRE: It’s people all the Way Down, The Road to Mordor: Information Security Issues and Your Open Source Project. Also of interest to both booth staff and many attendees was LISA Build, think of that as a Cisco NET+ hands-on event, where all skill levels learned/taught things on building networks, configuring routers/load balancers and setting up native IPv6.  Day one ended with a small number of DVDs (F24, as F25 media was not just available) about  75% of our unixstickers supply and about 50% of the combined USBs from the RedHat / Centos booths.

Day 2 — Thursday — (Expo):

Day 2 started at 10a as far as the expo was concerned but several of the team took advantage of the late start to visit local restaurants for breakfast, braving the wind and cold all the while.  Day 2 saw a lot of the same questions and some more complex questions regarding more complex deployments including ones with advanced SELinux and docker images which given the selection of talks that day was quite understandable.  There were several BoFs (Birds Of a Feather) talks on day 2 as is customary at LISA conferences, the note-worthy one from the Redhat / Fedora / CentOS team was the GPG key signing party which saw less than expected numbers with only 13 attendees but several were either new to key signing or the practice itself. As an uncommon occurrence would have it 3 of the attendees (including Nick Bebout the organizer) that were CACert validators, which would have allowed any interested folks to get over the required 100 points to become a certifier in their own right, sadly this is an aspect of the Web Of Trust (WoT) that is too under publicized.

Several of the booth staff stayed for the Thursday night Google Ice Cream Social, which is always a great networking event that is very low key and laid back.  Nick Bebout (nb) even won (via raffle) a signed copy of the SRE book on website optimization.

All in all, while we still had media on the table at the conclusion, we shared plenty of the other swag and had PLENTY of awesome user interactions with seasoned users and new users alike.  We also had a blast talking and working out ideas amongst ourselves at the booth.

 

Dirty Cow: Privilege Escalation Exploit, Linux Kernel

Okay so likely have heard about this, if you like me use Linux daily, in your college, professional or hobbyist life but like what the heck is it really?

To paraphrase from the initial disclosure docs:

the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, to gain root-level access and completely hijack the device.

The programming bug gets its name from the copy-on-write mechanism in the Linux kernel; the implementation is so broken, programs can set up a race condition to tamper with what should be a read-only root-owned executable mapped into memory

So exactly what does all that mean?  It means your web facing servers and even Androids have a big time issue with multi tasking in a sense.  This bug allows for what is called a ‘race condition’  which as you may have guessed makes for a first one in wins scenario.  The bad part is that that allows the kernel to be tricked into mapping a new ‘page’  (a coding term for the memory allocation) without fully un-allocating or ‘unlocking’  the previous one. This in turn allows for a bad memory page to get into a root-owned (the almighty full system admin) which is bad news.  The process that is overwritten or bypassed is called Copy-On-Write  (hence the COW part of the name) and being that the race condition is executed by using and triggering dirty paging within or  in an effort to gain privileged access its been Dubbed Dirty CoW.  If you feel so inclined to read the much more technical details feel free to read up on CVE 2016-5195

F24 Updated ISOs available. (Kernel with Dirty Cow Patched)

It is with great pleasure to announce that the Community run respin team has yet another Updated ISO round.  This round carries the 4.7.9-200 kernel along with over 800 MB of updates (avg,  some Desktop Environments more, some less) since the Gold release back in June.

Torrents will be available at the same link as usual alongside the .iso files.

You have heard about this nasty privilege escalation bug called ‘Dirty Cow’ , well rest assured the infected farm and farmer have been found and the vaccine has been applied to the kernel in these updates. More info on ‘Dirty Cow’  on my blog post on it here.

Below are the contents of Both CHECKSUM512-20161023 and HASHSUM512-20161023 (the later is torrent hashes):

cat CHECKSUM512-20161023

(Clearsigned with 0xF59276298D2264944)

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

8d1c8b9637b1ccc16233ae740e6e0137485574a6f02ab05e66e5a6fb8d5c18a6671395e14341e2cb45f902cd20a4ef987bd83265b68932b8c2183ff2b5194e5e F24-source-20161023.iso
aee5e894dc6b34e207aaa0f23f7a4fd6d16577846d5f7ab3568a234f9e0b2bea1ae814a2291852cb2dbba3930b046ce31cffbcadaf5bff72208a36176eabbecd F24-x86_64-CINN-20161023.iso
6875a43e59a899e4520260e19fb28bb7ade59565b46fc6ad4f22ca8da01c57822ca7ed9373f795377dfaf750d28b6df6c1c083da5d5a0628f8d26553fb744ea0 F24-x86_64-KDE-20161023.iso
197ea70be8337f97f60e2558188e82f53eae0208d3166a7356267dc515e0b7c6204e4b5aae1ae4b44150ff59881a7c2b3d8c998e9dd715872d8c2fe1fe0485c3 F24-x86_64-LXDE-20161023.iso
7f4b48998cb716042a899089f1b292aa77ce5fca44c8d69ceb25f8769da5d9bbe2b29cef728630ae643ad4fc290c64adf270debb228454e620509f039294849c F24-x86_64-MATE-20161023.iso
ffb77a60e5895d4521c58efcbb41bb6afcca7a9a2b3320929cecb9422d00caa1cb7e5f23b04bae9644bf6ea0dae1ab2c9674f4f7ba243acd6250fd5e90221c1d F24-x86_64-WORK-20161023.iso
4ba2915a0ba51b870e7a51eb8d658464bac99f6d998f9f06c26ab8642fedd0212c2ab47c256c7fb5be060494dd6c8eb3279a0d84ca8516db199e45e612d2e502 F24-x86_64-XFCE-20161023.iso
—–BEGIN PGP SIGNATURE—–

iQIVAwUBWA4cJVknYpjSJklEAQJ/JA/+MU/4Xrq8fXdLRbvA4OF62ppOgwaYndi+
iU2bLNACA8251FW8V/okP4zk0yq7s2kWJpjc/ULjmBUflXaUFQJM94C8/vzkhRBF
QDi08YddEhZwcWXO+0Xut+7i8omrvGlXtlgFC9MZrzug2ZMhFBFWs+i26tTlFrsQ
LF4P6GyBu7ozNSuQMUGFz26jmC2lxpWvJHXLqgoHdpKK/TvIlUSFzO5viB4nGfaH
MoUFR8f4pSvFXzo9j7/IbzDjR3j1/UHjT8TKmGIaVlAMhtxkEXUcbpwetvZ2xl3G
rYjFWibMkeW10IAsCLJ+zXPEg0CcBL/+PXjvKHBas/A2PgD0B8VbLgXOpk26wJHq
tMEcgTGNLZqukVysr2eWRNtnaDgWvngIEL8VgtfuYTAOWR4bnpuK30ll22mEA91N
ui8djInyd37nLzVpMdlSD1gnf/OkOu5BxH4Qslw7GNZZHXNyuV1bDIAOtC67CXk3
PRYUdb3/be9MLPYjuvNdsKlUBUBFE/zPHtTOdS1susCylqjJbIWNA8DEOo8pTWmv
+npkvAb647RV20c/5nr5TL0xZvD7dTj/geBPZ8xnf3vSp/p5uNUeBOJ+2JVWj117
4q4yhEb1bEPL0vStyyoFuDHCI8wEDJkwRrZG8PE0I1m6B19lXoA/nfYWd/h6OaQ3
w0tSYvcHqpQ=
=+BTN
—–END PGP SIGNATURE—–

cat HASHSUM512-20161023

(Clearsigned with 0xF59276298D2264944)

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

c45662c568ecb116fd18e8f2fae4dedb43a17bdd F24-x86_64-CINN-20161023.iso
379d63a42b3e218cc0aefebc176eabe4c508c622 F24-x86_64-KDE-20161023.iso
89cd48b48d4b1163ac0b81fa639b40ae11fc36ae F24-x86_64-LXDE-20161023.iso
9dfb8df60faa611178d430d897ea365f3df4bd00 F24-x86_64-MATE-20161023.iso
240f78a935d54ef5c92491ee14334b14ad4d5951 F24-x86_64-WORK-20161023.iso
4af163e1162642e8d2a2632878106b94c58ac22a F24-x86_64-XFCE-20161023.iso
—–BEGIN PGP SIGNATURE—–

iQIVAwUBWA4cRlknYpjSJklEAQIbKw//U9SbHay3ma/wo1fz1atkVmabYqsAHUZP
NA4iF1iJuFIfgkDIxlnoF8cAHAnxymp13oeA5jd5Mrx8m3TsLkFlv8XRG9tSjyXp
zGtrkxCrqSMNlE71FrU7iicAhOhDa0MvX14o76Zvn03oLfeWCI+Rjl2XTHDwnxPf
vcKKrRR7QSOfD8LjbzaIm1HmnRD83uU2ZEWixdrFwcf0Ris1iiaXffnWLyi11Y0M
TYtu2UWSot/FNsa0tprqh/w0Pb1EOJz6xCjOHbUAlZg0K2WzQd8k+be3AzIaZRUs
r8HmN6xW8RqUnoojk0sbeA3uMAg6UkECbhmI//RLw89g24WBfOGE2bJpBCRIHmZp
aXohVaR9vOpUvjcovg8Ux1UzI01u8C9ncXoAfSLpouaE3iecafNswkGC5NzTKUE+
T6ipz8ORJ14dgnXW0piztf1+tg3uy+P86qcLj2cAX1UKsYPCR6/oUlAt3iO0BPbA
KJxwTNzITIZIA0V83qGQyyiPYH9vv4oP9D/bZjomOpyGchI0BlpA+ldQYXIXtXFv
o697JA8gBzYIjjdqgKZn6srRjHoWDMyLv9qKFShjtadnaKcc2zU1Z3+JA9Bshuhu
LB0ER9kVDhrAblZZZ2GqXhUvSVvZYv86qt6Jg1x/HouLHD0AaOT8oJ/9sdbJyZZl
l5Lt7JcoMH8=
=Vk0T
—–END PGP SIGNATURE—–