Categories
Opinions

RIP CentOS

How IBM and Red Hat are killing off CentOS

Opinions and views expressed in this post are entirely my own.

For those of you who don’t know, CentOS is a popular Linux distribution which is a binary compatible clone of Red Hat Enterprise Linux. The idea of Red Hat Enterprise Linux is that it offers a stable production-ready environment with Long Term Support (typically, a version of RHEL/CentOS will remain supported for years before you need to upgrade).

However, RHEL is a commercial product whereas CentOS is a free, community-supported operating system. As RHEL is open-source, it is perfectly permissible for projects such as CentOS to clone and re-release the source, as long as they remove any potential trademarks. After all, RHEL itself benefits from many free things, such as the Linux Kernel.

In January 2014, Red Hat Inc acquired the CentOS trademark and became a primary sponsor of the project. Ever since, they have been investing in the CentOS project and maintaining the project as a community driven operating system, mirroring RHEL. In July 2019, IBM acquired Red Hat. Can you see where this is going?

Concerns were naturally expressed by the community through these various acquisitions as to whether the CentOS project would continue as a community driven project. Time passes by, and a new product was announced (alongside CentOS Linux) called CentOS Stream. CentOS Stream is different to traditional CentOS Linux in the sense that it is considered a rolling release distribution, and will receive more regular updates than CentOS Linux, making it potentially unsuitable for production environments which need to retain stability. In essence, CentOS Stream sits upstream from RHEL (almost like a testing distribution/sandbox), whereas CentOS Linux sits downstream (and mirrors the same stability we know and love from RHEL).

Again, this raised concerns from the community over the future of the CentOS Linux project. The Chief Technology Officer of Red Hat provided reassurance to the community that CentOS as we know it isn’t going anywhere.

Old school CentOS isn’t going anywhere. Stream is available in parallel with the existing CentOS builds. In other words, “nothing changes for current users of CentOS.”

The lying words of Chris Wright, CTO of Red Hat, as seen on ZDNet.

Roll on the 8th December 2020, and Red Hat announce they are shifting all investment away from the CentOS Linux project and focusing entirely on CentOS Stream instead, ending the life of traditional CentOS Linux. Not only that, the already-published end of life date for CentOS 8 was changed from 2029, to 2021 – removing 8 years off of the product support life span. For those who have already migrated to CentOS 8, they now have until the end of 2021 to upgrade instead of the previously promised 2029.

This is a huge breach of trust and unsurprisingly has drawn huge criticism from the community (and rightly so!). It is a colossal dick move by IBM and Red Hat who clearly have no regard for the community which is built up of many people who ironically probably work for companies all over the world that lines their pockets.

Their motive? Who knows? Maybe they want people to shift from CentOS to RHEL and pay an arm and a leg for the privilege.

This is the day in which CentOS as we have known and loved for 16 years dies. Red Hat have truly found a way to make 2020 that little bit worse. Rest in peace.

Categories
CTF's My CTF's

Insanity – CTF

Welcome to Insanity – my fifth CTF. There is one flag on this CTF. Your objective is to gain root access.

Download Now

This CTF is rated as 5/5 for difficulty. What makes this CTF difficult is not necessarily the types of vulnerabilities you will find – instead, it’s the process of exploiting them. DHCP is enabled – this CTF has been tested on VirtualBox only, though I don’t think there’ll be issues if you run it with VMWare.

Synopsis

A web hosting provider has asked you to test their security. Can you find the vulnerabilities on their server and gain root access? If anyone wants to submit a written report for this, I’d give it a read and potentially publish it on this blog! 🙂

Note about hints

Please note, I will not be giving out hints for this CTF until at least the 30th August 2020. Try harder.

Edit: A few people have joined my Discord Server to share information (which is absolutely fine). Feel free to join and discuss ways to hack this CTF.

Download now

You can download Insanity here.

SHA-256: 75819bda88013d13465c9ec4145d56470378450e8c6c0c6faa8c72503a049850
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl85f2UACgkQPvHWS2kZ
5UOzOA//U4MqQxALEc3yRdvhR9ZOMIWUeywgoiy+KsmExplMKRJXWXKy4Nh0vcUT
tJP1zT20jUEwWJA1+gREZsfVIB/3pKvHK2RWKyaI5QwqAoD6aXdkHniwA+ZFBJAB
IG0JqGBrre90NccQ9Z7KxNmxGCDaGPI2xgIPTj8iEgfeWeMh6gdZN8kl8h17yggv
GRIpIeJkgzKgHsVXQhFxnyZrRUBADn+wgYuxAMbqRd20n2Ms5QvRgOUWh5Mltr6+
BO4lr6Chjgsbu/7zAeeUdNgJGRLTAnZvM0E/2NocBD5Dul9WNIlQSDjarGpjTxGV
2aIaNCoHht3YnTsSOF+FP5930sz1ctaCsGt7Wpb2XLEalOF8n5LHSbvTw6TxvbCC
i9BTzcQriHEzxQffr+jSxhqvOcez+gatxOn3Tsc+CE0PCxxo5Hwju2O7gsb6NJDJ
/biaAt3R54brBiIMitXXH2JjOxRu9d+FPnCYlftCztTREqmJ7I6wlsmn9k691Xf6
V19uyF2J5x9a0o3DQvFBMwp3tEB4uCaZuPt6MMao41Gd5QLcK+2q6XNVVCTBJCKA
uxPCyIp8zhbLzEhD0V4Ty3AIkEzo3zptXnoloTG8dchJAtK/t90ooqRumfwz22P8
UTBEqDpr3t3pZW/qriF3pMVHnOeHY+ZcYBtE8PlOHsAaki4l+JI=
=h7cJ
-----END PGP SIGNATURE-----

How hard did you find Insanity?

View Results

Loading ... Loading ...