S3E1: "Strike(r) In the New Season"

Posted
Modified
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2018-03-01 03:46:45 2018-03-12 09:41:51 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 8f53d757aa28809e3ba5d37d16dddf5b29fd98ae5cda54b9ff2188a40df8e4c1 click click
OGG 638c5d38f6e6fa591b2d632c8184a0b024382e2ebd424f9edfaaf924f53eba1e click click
Quicklisten:

Striker (yes, that’s his real name), from FreeIPA (which we talk about in S2E10), joins us to talk more in-depth about the project.

Sorry for the delay in release!

News

  • In S3E0, we reported that Intel had 3 class-action lawsuits for Spectre/Meltdown-related claims. That has now jumped to 32.
  • Memcrashed, as it’s being called, is capable of some pretty potent DDoS reflection/amplification attacks.
    • You can mitigate by having memcached use a system socket instead of a network socket, only have it listen on localhost, or firewall off memcached to specific IPs. Anything that prevents a random client on the Internet from reaching it.

Notes

Starts at 6m39s. Sort of.

I was drinking Jefferson’s Reserve bourbon. Paden was drinking vodka and cranberry juice (he didn’t specify which vodka). Jthan was drinking Bud Light. Striker was drinking a Butter Pecan moonshine (he didn’t specify but at a guess, either Ole Smoky’s or Sugarlands’).

  • We interview Striker, from the FreeIPA project.
    • You may recall us talking about it in S2E10
  • We mention the following a lot throughout the episode:
  • Centralized authentication (such as LDAP/Kerberos) that FreeIPA (and other projects) provide are SUPER useful. They can be used for:
    • Email
    • SSH
    • XMPP
    • Wikis (and other services/resources)
    • And, of course, workstation/server logins as well.
  • I express worry about how most turnkey “solutions” end up creating more problems than they solve because of how inflexible they are and how their components are intertwined. Striker gives us the good news that it’s piecemeal; they try to strongly support migration, integration into existing services, etc.
  • He mentions that FreeIPA is spending a LOT of focus on integrating into Samba 4.
    • The end-goal here is a complete Windows Active Directory Server/Domain Controller replacement. Which is amazing.
  • You can find Striker (and probably us) at SELF 2018.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (50m0s)

Thanks to amayer in our IRC channel for tipping us off to this Baddie!

An npm bug was completely hosing system permissions. It’s hilarious to me that people on GitHub throw more shade on systemd bugs than they do on completely system-breaking bugs.

Errata

  • We’re still re-balancing our audio for season 3 (and Jthan’s audio is, again, off because while he was back on his proper mic this time (unlike S3E0), he was recording in a different physical location. Fingers crossed S3E2 is better.
  • I almost titled this episode “Striker? I Hardly Know ‘Er!” You’re welcome.
  • I make a shoutout to Radio Statler.
  • There’s no such thing as “ethereal” ports. There are ephemeral ports, which are what (typically the initiating end) uses to bind to, a random port number (hence the name “ephemeral”). There are also “well-known” or “system” ports, which are 0-1024 (and typically require administrator/superuser/root privileges, so they’re also sometimes called “privileged ports”), and registered ports which are 1024-49151 (port numbers 49152–65535 are usually reserved for ephemeral ports, though you can configure your system to use a wider/different range).
  • Striker’s talk he mentions at SELF 2017 is here.
  • Cat’s Cradle is a great book. But the word I was looking for is indeed karass. The podcast would be our “wampeter” and authentication services in Linux would be our “sinooka”. I think. Anyways, you should read the book, it’s a good read.
  • I ragged on Zoho …I meant Zimbra. Oops.
  • It’s true, microwaves really do affect wi-fi.
  • SERIOUSLY you need to check out mtree!
    • I have it packaged in Arch’s AUR as nmtree.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro kick, push. Ryan Little click CC-BY-SA 4.0
Outro Blacklight Krestovsky click CC-BY-NC-SA 3.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.