S2E6: "Merry-Go-Round-Robin"

Posted 2017-05-08 03:59
Modified 2017-05-07 20:43
Comments 0

We talk about different ways of addressing HA (high-availability) at the network layer, UUIDs, and AppArmor

• News
• Notes
• Sysbadministration Award
• Errata
• Music

News

• Schools are “breeding grounds“ for IT professionalism but also rich targets for attackers
• Bricker bot is back
• There is a draft being composed about increasing security (and it actually looks promising)
• Pentesting is (thankfully) starting to catch on
• Bose wireless headphones leak signal
• There are design flaws in Lastpass 2FA
  • And precisely zero surprise here; Lastpass is trash
• The AV software Webroot marks Windows system files as malicious

Notes

Starts at 18m06s.

I was drinking Bulleit bourbon (10-year). Paden was drinking Glenlivet Single-malt 12-year again. Jthan was drinking Alaskan Summer Ale (which he turned into a yorsh).

• We discuss ways of addressing some high-availability methods on the network level
  • We discuss anycast, multicast, and unicast
    • Anycast is probably the one you want if you’re doing geographical-sensitive routing
    • Multicast can be useful for heartbeating within a cluster
    • And unicast is direct host-to-host, which will give you the most accurate reporting for a host being up/down but can put more load on the availability controller depending on how many hosts it has to keep track of
  • We also talk about how to handle load balancing and failover
    • We do a sort of “case-study” which is what got Jthan interested in it in the first place- he wants to do failover (and/or load balancing) for data processors in front of a shared SAN
  • We also discuss “poor-man’s HA”, via things like round-robin DNS and ARP switching
    • Which DigitalOcean is trying to pass off as something new
  • If you do work in HA, please contact us!
• We talk a bit about UUIDs (36m22s)
  • This is what a UUID looks like: 61a058c9-ec40-4675-85be-5fb8f52405a2
  • They differ from hashes in that they’re implementation-specific, and one resource may have different UUIDs in different implementations (whereas an e.g. SHA256 is always going to evaluate to the same thing given the same data). More info on UUIDs in disk usage specifically can be found here.
  • You can generate a UUID with a couple different tools. e2fsprogs has uuidgen, python has the uuid module, etc.
  • The mdadm thing Jthan mentioned is this.
• We also talk about AppArmor (45m54s)
  • Jthan is correct, SuSE actually originally developed it.
  • If you want to hear us yammer on more about SELinux and GRSecurity/PaX here.
  • You can see an interesting case study on SELinux here, here, and here.
  • SELinux is a lot more intricate than Jthan realizes, I think.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (54m30s)

A sysadmin installed malware and RATs to find out if he’d be included in the upcoming layoffs – the irony is that he wasn’t going to be initially, but this definitely got his stupid ass fired.

Errata

• None!

Music

Author r00t^2
Categories Season Two