S2E2: "Ayyy, I Took Your Job"

Posted 2017-03-13 03:59
Modified 2017-03-11 18:12
Comments 0

Navigation
Previous Episode	Next Episode
S2E1: "Like Files Caught in a Web"	S2E3: "Ass-Backwards Passwords"

Log
Recorded (UTC)	Aired (UTC)	Editor
2017-03-02 03:39:30	2017-03-13 03:59:00	"Edita"

Verification
Format	SHA256	GPG	Audio File
MP3	`89ef31bd6888ed155b256c5b362281cd7b04851e2fe6ed49e06d52f3b694205e`	click	click
OGG	`feba6b31b985c6b52978618dbb27d917c67a6e5b495b0ead849ecaeb693e2f2e`	click	click

Quicklisten:

We talk about SHA1 collisions and robots TOOKin’ yer JERB.

SHA1 has been officially BROKEN.
- Webkit tried to implement a check for it, and broke their repo.
- Linus Torvalds has addressed the use of SHA1 in git.
- We talk about it more in the episode, and don’t explicitly mention the resolution in the show, but the topic of SHA1 use in GPG fingerprints has been brought up and has been addressed TL;DR: you’re still fine. A second pre-image attack for SHA1 would be required, and that has not been found- only a collision.
A vulnerability was discovered in Cloudflare services.
- Digital Ocean specifically mentions being affected.
If you’re running a webserver on OpenBSD, you’d better patch
Amazon had a pretty severe outage (Note: this report was not yet available when we recorded.)

Starts at 08m20s.

I was drinking Bulleitt bourbon. Paden was drinking the same Glenlivet. Jthan was drinking Johnny Walker Black.

Paden installed LineageOS on his tablet (from vendor-supplied stock)! He talks a bit about the experience.

Could AI take over the role of a sysadmin? (20m05s)
- The article Jthan references is here
- If you haven’t seen robots actually try to walk, it’s hilarious.

Dev vs. Prod- are mismatches/compromises in matching okay? (43m50s)
- MariaDB, in my book, is 99.999% of the time a perfectly acceptable “mismatch” with MySQL, provided you version-match your dev to prod.
  - They even strictly document any possible incompatibilities between the two.

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (56m14s)

The RSA “security conference” attendees apparently don’t know the first thing about wireless security.

The Wordpress vuln we mention is reported here
At 33m31s i say “humans are not sentient”- I meant “machines are not sentient”. Ooops!
For a *split*-second, I thought Jthan was talking about this. Nope. He was talking about the actual fish.

Music Credits
Track	Title	Artist	Link	Copyright/License
Intro	MIDNIGHT RADIO	The Polish Ambassador	click	CC-BY-NC-SA 3.0
Outro	Submersed Phonics (JBYo Collab)	Sro	click	CC-BY-NC-SA 4.0

(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author r00t^2
Categories Season Two

There are currently no comments on this article.

Sysadministrivia