S2E11: "The Blame Game"
Posted
Modified
Comments
0
| Previous Episode | Next Episode |
|---|---|
| S2E10: "Free AS IN Beer, Not FREE BEER" | S2E12: "Virtual Insanity" |
| Recorded (UTC) | Aired (UTC) | Editor |
|---|---|---|
| 2017-07-06 02:29:37 | 2017-07-16 04:31:52 | "Edita" |
| Format | SHA256 | GPG | Audio File |
|---|---|---|---|
| MP3 | e059ad291aa19eac09557ec9412b388a41c1862fb5f35cafae038e28e40a420b | click | click | OGG | a592c9b47ba5fa89816ed9e5e210f0bc9d396fb2271e4defb43a538180f5b8fc | click | click |
We talk about an interesting new(-ish) approach to password management and whether upstream is responsible for downstream SNAFUs.
News
- An attack against libgcrypt has been found.
- Amazon and eBay images were held “ransom” by Photobucket.
- There is a PC build that self-destructs if tampered with.
- Canonical pushing “advertisements” in the MOTD.
- Apparently wind turbines are easily compromised.
- NotPetya is making the rounds
- Windows 10 S has been compromised (despite Microsoft’s claim that it is invulnerable).
- Some Windows 10 development builds and source code have been leaked.
Notes
Starts at 14m0s.
I was drinking a mango smoothie. Paden was drinking Pabst Blue Ribbon. Jthan was drinking water because he is unwell.
- We discuss a new implementation of password management
- Who’s responsible for downstream’s fuck-ups? (19m37s)
- Where does liability lie if downstream patches break intended functionality?
- Examples:
- Debian’s openssh/openssl fiasco was created downstream…
- The recent “systemd” “vulnerability” was actually caused by various packagers on distros patching out hard username restrictions in shadow-utils/libuser (known guilty parties currently are Red Hat/CentOS and Debian)
- But all you systemd haters would know that if you actually read the bug report instead of being sensationalist and irrational.
- We then discuss:
- Why patching downstream (for either “fixing” nonexistent issues or for introducing new
bugsfeatures) bad. - Why upstream should not be held responsible for developing “around” downstream.
- Why/how this happens is usually downstream wanting to add functionality without understanding of the entire system ecosystem (but also failed communication within large downstream projects).
- How this can be avoided.
- Why patching downstream (for either “fixing” nonexistent issues or for introducing new
Sysbadministration Award
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (40m30s)
- “NotPetya” (also called “Nyetya”, lol. I’ve taken to calling it “!Petya”) failed because the supporting infrastructure fell apart, and it’s easily thwarted.
- As I mentioned, it’s not quite actually ransomware.
Errata
- In the News segment, Paden refers to “Petya” – it’s actually referring to NotPetya, named as such because it’s a variant/masquerade of Petya but is a whole different thing. See the Baddie for more information.
- Debian 7 (“Wheezy”) supported switching to systemd, but Debian 8 implements it by default.
Music
| Track | Title | Artist | Link | Copyright/License |
|---|---|---|---|---|
| Intro | C L I M A X | Soft and Furious | click | CC0 1.0 | Outro | net neutrality | Noiseonport | click | CC-BY 4.0 |
Author
r00t^2
Categories
Season Two
Comments
There are currently no comments on this article.
Comment...