S5E6: "Captive Portals? How Of-Fence-ive!"
|Previous Episode||Next Episode|
|S5E5: "User? I've Never Met 'Er pt. 1"||S5E7: "SIT Tunnels? How Sixy!"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2020-04-30 02:12:13||2020-05-09 03:19:27||"Edita"|
We talk about WebMD- I mean PacketFence, a captive portal/802.1X/RADIUS/etc. turnkey solution.
Just the Tip
- Paden talks more about grep.
- We have talked about regex a lot, it should be nothing new. If you need to learn, these are good.
Starts at 14m42s.
I was drinking water. Paden was drinking apple juice. Jthan was drinking a Denver Beer Company Pretzel Assassin.
- It is turnkey, but it seems to be a fairly mature product. Their available docs are pretty good too.
- They don’t mess around with e.g. FreeRADIUS config very much, which means that it’s one of the more clean turnkeys.
- It does 802.1X (with any EAP method that is part of 802.1X and supported by FreeRADIUS).
- It has its own integrated DNS and DHCP, which might not be ideal for your environment. We weren’t 100% certain if it could be disabled/deferred to another server.
- It’s neat that they use a fingerprinting DHCP server though.
- And while they don’t constitute a solid security depth, PacketFence does integrate with things like Nessus and OpenVAS.
- They DO, in fact, support Ubiquiti/Unifi kit.
In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)
Starts at 45m34s.
Jthan is v big mad and super salty about some shitty Prometheus thing.
Jthan is still wrong, though; the last certificate (the last leaf; the HTTPS cert for a webserver for instance) in a chain usually DOES expire first.
On a listen back, I think I understand where the develeoper is coming from. If your intermediate expires before your user cert, you should switch over to the newer bridge/cross-sign intermediate first before ever even worrying about your user/server certificate.
- Jthan ordered the chair he tried to recommend to Paden except it arrived damaged. And he’s having a dickens of a time getting it replaced. Caveat Emptor, bitches. You get what you pay for.
- It seems that HOPE is, so far, planned to go ahead but of course that might change. The third round of tickets are up currently and are 200USD/ea. The new venue is St. John’s University in Queens, New York City.
- I was right! The lockdowns really don’t seem to be having the effect people think they are. Intuition: 1, Paden: 0.
- Also, masks don’t seem to be effective at all in preventing spread, aside from ones like N95 masks…
- Which are earmarked for medical/healthcare (and government?!) workers, which means
- The general public are going to have a REALLY hard time finding them.
- So the CDC recommends cloth masks, and in fact downright recommend AGAINST wearing actually effective masks (“Do NOT use a facemask meant for a healthcare worker.”).
- Jthan and CDC are tied at 0.
- It also seems that the multiple strains might not affect immunity, so that’s some good news if it conclusively turns out to be true (studies/research are ongoing).
- But I might be wrong; there’s a possibility that SARS-CoV-2 can spread via sexual contact.
|Intro||Nuni||Floating Mind||click||CC-BY-NC-SA 4.0||Outro||When the Lights Fade||MVar||click||CC-BY-NC-SA 4.0|