S2E10: "Free AS IN Beer, Not FREE BEER"
Posted
Modified
Comments
0
| Previous Episode | Next Episode |
|---|---|
| S2E9: "Fileswatter" | S2E11: "The Blame Game" |
| Recorded (UTC) | Aired (UTC) | Editor |
|---|---|---|
| 2017-06-22 02:21:20 | 2017-07-02 16:13:48 | "Edita" |
| Format | SHA256 | GPG | Audio File |
|---|---|---|---|
| MP3 | c04134f4b3a4d5ae6513396e66923edb77d0fc74fb402862383a4367b422288d | click | click | OGG | e1b073659478e4011dd66d15b0e307a511ff2d2cfc07151b8101f6c57753f0f7 | click | click |
In this episode we talk about FreeIPA, an opensource identity management system that ties into Active Directory, and a couple other odds and ends.
News
- GOP data firm accidentally leaked 200 million American voter details.
- The EU proposes banning encryption backdoors…
- Which is in direct opposition to what the UK wants – perhaps this ties in deeper with Brexit politics?
- Cisco private key found in embedded executable.
- Paden mentioned the time when Microsoft had their EFI binary signing key leaked – we covered that during the news segment for S1E14.
- The NSA has their own GitHub account (but we caution you against running anything in there blindly, at the least without a full audit you personally have done).
- Speaking of the NSA, a Honda plant was brought down (or “shut down”) by Wannacry.
Notes
Starts at 8m41s.
I was drinking Bulleit Bourbon 10. Paden was drinking water. Jthan was drinking a gin and tonic (he didn’t mention which gin) and then moved on to a yorsh of FATE Brewing Co.‘s Watermelon Kölsch (which he’s had before on the show) – he didn’t mention which vodka.
- We replied to a question we received from Andrew Barchuk in response to S2E9.
- Q: “…Is full-disk encryption a good deterrent for data recovery for decommissioned hardware?”
- A: More or less, yeah! You’ll want to make sure you destroy the header (if it’s an encryption scheme that uses one) and then do a wipe or physical destruction, depending on the severity of your risk model.
- FreeIPA (17m55s)
- It’s intended to create an opensource shared identity management node within Active Directory (such that *nix services can more easily integrate back into the Active Directory domain)…
- But it’s not (currently) viable as a replacement for an Active Directory Domain Controller. :(
- It still can be an immensely useful tool, however!
- Why use a centralized authentication/identity management instead of configuration management? (31m09s)
- To fill some time, Jthan posits the above question.
- Generally speaking, config management systems are too kludgy to be a viable solution – with a centralized identity management system, you add a user once and it’s immediately available system-wide in the appropriate role(s). This means you don’t need to customize each server’s configuration based on its role, etc.
- Linode’s Open Beta for large-storage pools (47m52s)
- In their Newark datacenter, they’re doing an open beta for large-storage SSD-backed pools (all of their other services are SSD-backed, but this is for a new system of large-storage – a pay-as-you-go non-tiered storage system).
Sysbadministration Award
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (41m00s)
- A South Korean webhosting company has paid a 1mil USD ransomware ransom. Guaranteed a backup system would have been cheaper.
Errata
- No, Paden, five nines is, indeed, 5 minutes a year (closer to 5 minutes 15 seconds, but eh).
Music
| Track | Title | Artist | Link | Copyright/License |
|---|---|---|---|---|
| Intro | Ahmad | William Ross Chernoff's Nomads | click | CC-BY 4.0 | Outro | Sun Iced Tea | Basement Bohemian | click | CC0 1.0 |
Author
r00t^2
Categories
Season Two
Comments
There are currently no comments on this article.
Comment...