S2E11: "The Blame Game"

Posted
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2017-07-06 02:29:37 2017-07-16 04:31:52 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 e059ad291aa19eac09557ec9412b388a41c1862fb5f35cafae038e28e40a420b click click
OGG a592c9b47ba5fa89816ed9e5e210f0bc9d396fb2271e4defb43a538180f5b8fc click click

We talk about an interesting new(-ish) approach to password management and whether upstream is responsible for downstream SNAFUs.

News

  • An attack against libgcrypt has been found.
  • Amazon and eBay images were held “ransom” by Photobucket.
  • There is a PC build that self-destructs if tampered with.
    • We talked about QubesOS in S1E6 and S2E4.
  • Canonical pushing “advertisements” in the MOTD.
  • Apparently wind turbines are easily compromised.
  • NotPetya is making the rounds
    • And you can find the “live blog” that Paden mentions here.
    • But see Errata
  • Windows 10 S has been compromised (despite Microsoft’s claim that it is invulnerable).
  • Some Windows 10 development builds and source code have been leaked.

Notes

Starts at 14m0s.

I was drinking a mango smoothie. Paden was drinking Pabst Blue Ribbon. Jthan was drinking water because he is unwell.

  • Who’s responsible for downstream’s fuck-ups? (19m37s)
    • Where does liability lie if downstream patches break intended functionality?
    • Examples:
      • Debian’s openssh/openssl fiasco was created downstream
      • The recent “systemd” “vulnerability” was actually caused by various packagers on distros patching out hard username restrictions in shadow-utils/libuser (known guilty parties currently are Red Hat/CentOS and Debian)
        • But all you systemd haters would know that if you actually read the bug report instead of being sensationalist and irrational.
    • We then discuss:
      • Why patching downstream (for either “fixing” nonexistent issues or for introducing new bugs features) bad.
      • Why upstream should not be held responsible for developing “around” downstream.
      • Why/how this happens is usually downstream wanting to add functionality without understanding of the entire system ecosystem (but also failed communication within large downstream projects).
      • How this can be avoided.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (40m30s)

Errata

  • In the News segment, Paden refers to “Petya” – it’s actually referring to NotPetya, named as such because it’s a variant/masquerade of Petya but is a whole different thing. See the Baddie for more information.
  • Debian 7 (“Wheezy”) supported switching to systemd, but Debian 8 implements it by default.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro C L I M A X Soft and Furious click CC0 1.0
Outro net neutrality Noiseonport click CC-BY 4.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories Season Two

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.