S2E10: "Free AS IN Beer, Not FREE BEER"

Comments 0

Previous EpisodeNext Episode
Recorded (UTC) Aired (UTC) Editor
2017-06-22 02:21:20 2017-07-02 16:13:48 "Edita"
Format SHA256 GPG Audio File
MP3 c04134f4b3a4d5ae6513396e66923edb77d0fc74fb402862383a4367b422288d click click
OGG e1b073659478e4011dd66d15b0e307a511ff2d2cfc07151b8101f6c57753f0f7 click click

In this episode we talk about FreeIPA, an opensource identity management system that ties into Active Directory, and a couple other odds and ends.


  • GOP data firm accidentally leaked 200 million American voter details.
  • The EU proposes banning encryption backdoors…
    • Which is in direct opposition to what the UK wants – perhaps this ties in deeper with Brexit politics?
  • Cisco private key found in embedded executable.
    • Paden mentioned the time when Microsoft had their EFI binary signing key leaked – we covered that during the news segment for S1E14.
  • The NSA has their own GitHub account (but we caution you against running anything in there blindly, at the least without a full audit you personally have done).
    • Speaking of the NSA, a Honda plant was brought down (or “shut down”) by Wannacry.


Starts at 8m41s.

I was drinking Bulleit Bourbon 10. Paden was drinking water. Jthan was drinking a gin and tonic (he didn’t mention which gin) and then moved on to a yorsh of FATE Brewing Co.‘s Watermelon Kölsch (which he’s had before on the show) – he didn’t mention which vodka.

  • We replied to a question we received from Andrew Barchuk in response to S2E9.
    • Q: “…Is full-disk encryption a good deterrent for data recovery for decommissioned hardware?”
    • A: More or less, yeah! You’ll want to make sure you destroy the header (if it’s an encryption scheme that uses one) and then do a wipe or physical destruction, depending on the severity of your risk model.
  • FreeIPA (17m55s)
    • It’s intended to create an opensource shared identity management node within Active Directory (such that *nix services can more easily integrate back into the Active Directory domain)…
    • But it’s not (currently) viable as a replacement for an Active Directory Domain Controller. :(
    • It still can be an immensely useful tool, however!
  • Why use a centralized authentication/identity management instead of configuration management? (31m09s)
    • To fill some time, Jthan posits the above question.
    • Generally speaking, config management systems are too kludgy to be a viable solution – with a centralized identity management system, you add a user once and it’s immediately available system-wide in the appropriate role(s). This means you don’t need to customize each server’s configuration based on its role, etc.
  • Linode’s Open Beta for large-storage pools (47m52s)
    • In their Newark datacenter, they’re doing an open beta for large-storage SSD-backed pools (all of their other services are SSD-backed, but this is for a new system of large-storage – a pay-as-you-go non-tiered storage system).

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (41m00s)


  • None!


Music Credits
Track Title Artist Link Copyright/License
Intro Ahmad William Ross Chernoff's Nomads click CC-BY 4.0
Outro Sun Iced Tea Basement Bohemian click CC0 1.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Categories Season Two


There are currently no comments on this article.


Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.