S1E6: "I Tour My ACL"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2016-04-28 04:34:35 2016-05-09 02:48:05 aaron k.
Verification
Format SHA256 GPG Audio File
MP3 536e8b69c9b9a1b963daeddd22e48e4fe0b88ec8355322db6b308cadfe72f53f click click
OGG 36a1a18b30df7937a376e54fffa0833318bb7fb652a70e28c4a7509cf0dd2eaf click click

Various security mechanisms such as ACL, SElinux, etc.

This is also the episode where the “cockulator” joke was born.

News

Starts at 4m36s.

Notes

Starts at 14m31s.

I was drinking Different Drum Rum from La Colombe Distillery (yet again), Paden was drinking his Buckeye vodka also again, and Jthan was drinking Princess Yum Yum (lolz) from Denver Beer Co..

  • There are a lot of interesting things you need to take into consideration when using Tor.
    • I mention CJDNS in particular, as well as OpenVPN as proper alternatives.
    • I reference this Radiolab episode regarding Timothy McVeigh.
    • If you really want a liveCD that has better anonymity options, either spin your own (which is easy using BDisk!) or use Qubes OS, which is basically meh.
  • We finally (try to) put the San Bernardino thing to rest. (32m12s)
    • tl;dr: it was more about the precedent and being a power play by the FBI rather than the case, which is a clear and distinct abuse of power by the FBI.
    • Jthan also brings up the Philadelphia cop who is being jailed indefinitely due to his encrypted harddrive.
    • Which is bullshit.
  • GNU/Linux security mechanisms (56m40s)
    • PAM is pretty cool.
      • Including Duo and Google Authenticator.
      • I also mention (though it’s unrelated) SPDY. I also mention WiKID (see errata).
      • This is a good example of TTY login limitations. For more fine-grained control, you should also look into the options for /etc/security/access.conf.
    • GRsecurity PaX.
      • You can hear Jim (TheTechStewart) on S0E18.
    • SElinux isn’t all too hard to learn.
    • This is a good resource to learn it.
    • Aaron chopped some of this discussion out. :| You can find the link to the uncut/unedited mix in the Errata section.
    • The NSA security guide can be found here. Mysteriously, the original link is broken. Also worth a look is this.
    • Octal modes and Ownerships
    • XATTRs (extended attributes) are pretty handy. The pink book goes into more detail for this, which is why I highly recommend it.
      • To use it, though, you need to use the “xattr” mount option.
    • There’s also normal attributes.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h44m00s)

This episode’s winner of the Baddies was the unnamed sysadmin/netadmin responsible for this. Way to go.

Errata

  • Jthan and Paden kept playing Slither during the pre-recording meeting.
  • I refer to Chelsea Manning as Bradley Manning because at the time of incident, Manning still identified as male- or at the least was known as Bradley.
  • Aaron has stated he wants to come on the show to discuss documentaries more in-depth, but it’s already pretty irrelevant. I already know what he’s going to say, though, since we’re good friends and have talked about it in-length before- he doesn’t believe there’s such a thing as objective facts, and especially that humans aren’t capable of objectivity even if it exists.
  • I reference the Ballmer Peak.
  • I mistakenly referred to WiKID as “Twistid”- I have no idea why, but I do it all the time.
  • Aaron cut chunks out of conversation, and some context was missed. Please feel free to grab the FLAC XZ-compressed (and the signature).

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Sauronator (ft. Jthan) GovLove click CC-BY-SA 4.0
Outro Sauronator (ft. Jthan) GovLove click CC-BY-SA 4.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories Season One

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.