S1E17: "Is that Your Gun (or Are You Just Happy to See Me?)"

Posted 2016-10-10 00:19
Modified 2017-01-31 06:15
Comments 0

Scripting and automation, and OpSec (“Operational Security”) in the workplace- physical security, concealed carry, etc.

• News
• Notes
• Sysbadministration Award
• Errata
• Music

News

Starts at 3m32s.

• We’ve had more aggressive cuts in this episode and the previous episode!
  • Do you like them? Hate them? Didn’t notice?
  • And I’ve been leaving the full tracks in for the outro music pieces. Are you digging that? Do you listen?
  • We make the cuts and pass the savings on to YOUUUUUU!
• Another openssl bug…
• Textpattern 4.6.0 dropped! Yay! (We talk about TXP in S0E6.)
• Firefox is going to kill WoSign’s trust in their trust store.
• You should probably just not even bother buying a Lenovo at this point, seriously.
• There were reports of the Wi-FI at the political debate being, uh, controlled in a slightly less than savory manner…
  • But the FCC is on the case!
• There’s also a nasty bug in systemd…
  • Which, just like eeeeevery other bug in systemd, has been blown out of proportion.
  • I recommend reading this thread.
• People have, apparently, been “drilling their own ‘headphone socket’ into the iPhone 7.
  • lol.
• The oldest computer in use by the government has been tracked down.
• Jthan doesn’t know how announcements work.

Notes

Starts at 14m43s.

I was drinking Knob Creek Whiskey (yes, again). Jthan was drinking a rum and coke (but didn’t specify which rum). Paden was drinking a Bold Rock Hard Cider.

• Scripting!
  • I use a lot of the ansible command and shell modules, along with the speedtest-cli script.
  • I also use a lot of iperf3 and I mention mtr too, but they aren’t scripts.
  • DON’T PUSH IT ANYWHERE, but this cron job will save your ass: 0 2 * * * cd /etc ; git add --all . ; git commit -m "Nightly commit" (you need to cd /etc ; git init . first)
  • Things that make a good script (differs on the platform/environment):
    • If you’re a Windows admin, LEARN POWERSHELL. PERIOD.
    • A parser that’s available on every box in your fleet by default
    • Well-tested
    • Well-commented
    • Always fail on error (unless you’re expecting one)- bash’s set -e does a pretty decent job of this. (And set -x is handy for debugging scripts.)
    • Clean formatting (python/PEP-8 is a good way of enforcing this)
    • Separate out variables- define them all at the beginning of the script if possible. Try not to set variables right before they’re needed when possible.
    • Syntax highlighting helps a LOT when writing them. If you prefer a GUI editor, Atom and Brackets are great.

• Workplace OpSec (29m09s)
  • There’s a “Physical” aspect and a “Cyber” aspect
  • OpSec can be summed up as applied security in your workflow, life, etc.- behavioral.
  • Be CAREFUL what is not only shared by YOU, but who you share WITH and what is even recorded in the first place.
  • Canaries are quite useful.
  • By the way, “smart” tampons are totally a thing.
  • The android app I mention that lets you set a different disk encryption passphrase vs. unlock passphrase is called Cryptfs Password.
  • ALWAYS VERIFY IDENTITIES/AUTHORIZATION.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h13m38s)

A server was rebooted in the middle of a / transfer… with 81.2% done. Ouch.

Errata

• Jthan’s second question was “If you had to learn just one scripting language and learn it well, what would it be?”
  • My response would be “it depends”. If you’re in a mixed environment, ABSOLUTELY the answer will be python. If you’re all Windows, Powershell. If you’re all *nix, bash (or sh, specifically).

Music

Author r00t^2
Categories Season One