S2E10: "Free AS IN Beer, Not FREE BEER"

Posted
Modified
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2017-06-22 02:21:20 2017-07-02 16:13:48 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 c04134f4b3a4d5ae6513396e66923edb77d0fc74fb402862383a4367b422288d click click
OGG e1b073659478e4011dd66d15b0e307a511ff2d2cfc07151b8101f6c57753f0f7 click click
Quicklisten:

In this episode we talk about FreeIPA, an opensource identity management system that ties into Active Directory, and a couple other odds and ends.

News

  • GOP data firm accidentally leaked 200 million American voter details.
  • The EU proposes banning encryption backdoors…
    • Which is in direct opposition to what the UK wants – perhaps this ties in deeper with Brexit politics?
  • Cisco private key found in embedded executable.
    • Paden mentioned the time when Microsoft had their EFI binary signing key leaked – we covered that during the news segment for S1E14.
  • The NSA has their own GitHub account (but we caution you against running anything in there blindly, at the least without a full audit you personally have done).
    • Speaking of the NSA, a Honda plant was brought down (or “shut down”) by Wannacry.

Notes

Starts at 8m41s.

I was drinking Bulleit Bourbon 10. Paden was drinking water. Jthan was drinking a gin and tonic (he didn’t mention which gin) and then moved on to a yorsh of FATE Brewing Co.‘s Watermelon Kölsch (which he’s had before on the show) – he didn’t mention which vodka.

  • We replied to a question we received from Andrew Barchuk in response to S2E9.
    • Q: “…Is full-disk encryption a good deterrent for data recovery for decommissioned hardware?”
    • A: More or less, yeah! You’ll want to make sure you destroy the header (if it’s an encryption scheme that uses one) and then do a wipe or physical destruction, depending on the severity of your risk model.
  • FreeIPA (17m55s)
    • It’s intended to create an opensource shared identity management node within Active Directory (such that *nix services can more easily integrate back into the Active Directory domain)…
    • But it’s not (currently) viable as a replacement for an Active Directory Domain Controller. :(
    • It still can be an immensely useful tool, however!
  • Why use a centralized authentication/identity management instead of configuration management? (31m09s)
    • To fill some time, Jthan posits the above question.
    • Generally speaking, config management systems are too kludgy to be a viable solution – with a centralized identity management system, you add a user once and it’s immediately available system-wide in the appropriate role(s). This means you don’t need to customize each server’s configuration based on its role, etc.
  • Linode’s Open Beta for large-storage pools (47m52s)
    • In their Newark datacenter, they’re doing an open beta for large-storage SSD-backed pools (all of their other services are SSD-backed, but this is for a new system of large-storage – a pay-as-you-go non-tiered storage system).

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (41m00s)

Errata

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Ahmad William Ross Chernoff's Nomads click CC-BY 4.0
Outro Sun Iced Tea Basement Bohemian click CC0 1.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.