S3E18: "Arousal (pt. 1)"
|Previous Episode||Next Episode|
|S3E17: "China Dentata"||S3E19: "Byte Sudo Sys Jail Privilege"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2018-10-27 02:55:24||2018-11-04 17:44:18||"Edita"|
In this episode, Jthan and I (Paden was unavailable) talk about different ways of distributing workload based on role and hardware distribution.
The title is a complete misnomer but thanks to Jthan incessantly bringing up how aroused he was for me, it was obligatory.
- Microsoft is implementing Google’s Retpoline fix for Spectre.
- There’s been a libssh vulnerability discovered and reported in a Cisco advisory (as I believe they use it for certain components).
- And boy howdy, is it a doozy.
- Once again, this is not OpenSSH or any of its associated libraries, this is libssh — a standalone C library for the SSH protocol. Typically it is used for clients, but on the rare occurrence where it is used for a server (where this vulnerability occurs), it’s typically in embedded applications. And these.
- A Russian greyhat (maybe?) hacker is patching MikroTik routers.
- This isn’t as friendly a thing as you may think as there’s a lot of reasons why people would be rightfully upset at this, and we talk a bit about why.
Starts at 21m28s.
- Deploying hierarchy
- Jthan brings up how this topic came up re: IRC and netsplits (thanks, atg and amayer!). I mention that per the RFC, it’s a non-flat leafnode/tree system of distribution.
- Jthan talks about federated authentication (when he ACTUALLY means centralized, but more on that later).
- He mentions Shibboleth (other alternatives are: Twitter’s auth (or any OAuth service), OpenID, etc.).
- XMPP, Mastodon, and email are unfederated because they allow an organization to they themselves be the central authorized source of the service they use (within their “domain” or “realm”) while still interacting with other services in kind.
- Federation, on the other hand, is a single external source through which multiple “client parties” can access that service.
- Distributed systems are multiple servers working together segregated by role/purpose/goal. Non-distributed (“localized”, as I prefer) would be one server running all services/multiple roles.
- As an example, distributed would be one or more servers handling databases, one or more servers handling webservers, etc. A localized server would run a database and webserver on the same instance.
- Basic cost (price)
- Flexibility (e.g. staggered patching)
- Stability/collective uptime
- (MUCH) more complex maintenance
- No single point of failure
- Best practice, honestly.
- Vendor lock-in
- Not able to “wash your hands of it” — you are solely responsible for the hardware, updates, security, etc.
- Flexibility (patching, featureset, etc.)
- Best practice, I’d argue.
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (46m0s)
- The definition that William Gibson gives cyberspace is “a consensual hallucination experienced daily by billions of [users]”.
- The last episode where it was just Jthan and I (officially, anyways) before we brought Paden on was S0E18.
- The photo at HOPE that looks suggestive can be found here. It’s also available via the Sysbot command “!scandal”.
- Jthan finally gave me a photo he said he would:
- The “jiraphics” throwback is a reference to S0 shitshow.
- The feature request I placed in Red Hat’s bugtracker for virsh and globbing/regex patterns is here.
- The “jazzed” thing is this (from April 4, 2018; timestamps in EST):
... 12:05:06< r00t^2> also what's maxilaria 12:05:09< jthan> r00t^2: get jazzed 12:05:15< jthan> r00t^2: maxilaria is a genus of orchids. 12:05:16< r00t^2> NU PLZ 2 NOT JAZZ ON ME
- …and is indeed a Sysbot command:
12:12:20 < r00t^2> !jazzed 12:12:21 <@sysbot> NUUUUUUUUUU PLZ 2 NOT JAZZ ON ME :(((((
|Intro||Techno My EchoOo||KidNNasty||click||CC-BY-SA 4.0||Outro||My Algo2||Yan Terrien||click||CC-BY-SA 4.0|