S3E8: "When You Have to Swing Both Ways"

Posted 2018-06-18 03:59
Modified 2018-06-17 12:22
Comments 0

Navigation
Previous Episode	Next Episode
S3E7: "Dude, Where's My Cert?"	S3E9: "Git Outta Here"

Log
Recorded (UTC)	Aired (UTC)	Editor
2018-06-07 02:54:59	2018-06-17 00:00:12	"Edita"

Verification
Format	SHA256	GPG	Audio File
MP3	`d9fab22c9ce85f6bde15d35e1456b3528cca6f2b5272c5128796129f659c9bb6`	click	click
OGG	`a713fd42e9781c8c596996cdebc3c59a60ca902e80bc95e74c8466b52dcdc32b`	click	click

Quicklisten:

We talk about administration of systems in a cross-platform/cross-OS fleet. Jthan poses a question about evaluating software for deployment.

News
Notes
- Default Python Distribution
Sysbadministration Award
Errata
Music

News

Microsoft has bought GitHub for 7.5 billion USD.
- Gitlab has extended their hosted “Gold” and “Ultimate” plans to be free for educational institutes and purely opensource projects. This blog post also includes the graphs we talk about.
- Seriously, though, there was a fairly large stock jump for MSFT.
The FBI recommends rebooting your consumer router to clear RAM-based malware.
A long-lived Steam client RCE has been patched.
Cloudflare’s “1.1.1.1” resolver has suffered a BGP hijacking.
A pretty serious vuln in ext4 has been patched.

Notes

Starts at 23m40s.

I was drinking Jefferson’s Reserve again. Paden was drinking water. Jthan was drinking Dogfish Head’s SeaQuenched Ale.

Nosbig from our IRC channel told us about Gogs, a Go-based git server (alternative to Gitlab)
- We will trial/review Gogs, Gitea (a fork of Gogs), and I’ll be additionally reviewing Gitlab for comparison of all three.
- Jthan then brings us into a discussion on how to determine whether software is mature enough for deployment to your production environment.
  - I usually do it by finding out how long the project has been “in the open” – first release, first commit, etc.
  - Then I look at how many Google search results the name of the project turns up to get a rough idea of how common it is. One could theoretically utilize Google Trends to get a better idea of this.
  - Then I glance through the documentation — is it well-written, in-depth?
  - Then you look at their bug tracker/issue tracker to get an idea of how quickly they respond to issues, the oldest open issue, how many issues are open vs. closed, the severity of issues that were opened, etc.
  - Then I build a POC to see how the software “feels” to deploy.
  - Jthan doesn’t deploy much new software (hence bringing up the topic in the first place).

Cross-platform administration/mixed fleets (34m10s)
- Powershell is opensource and can be compiled for Linux.
- You can extract SSH keys in Windows’ built-in SSH system.
- You should strive to “write [scripts] once, [and they should] run everywhere”.
  - Python is recommended over Powershell or bash/sh/ksh/etc. as it’s more widely supported cross-platform (and even allows platform-conditional logic). See the table below for which distros/operating systems contain a python installation by default and what version.
  - Powershell on Linux is mostly useful for remotely interacting with Windows boxen.
  - Applescript is probably ideal for macOS servers. Or bash.
  - For the BSDs and more traditional unices, stick to Bourne SHell conventions (“sh”, NOT Bourne Again SHell — BASH).
- WSL or Cygwin can help greatly in “closing (some of) the gaps”…
- Active Directory/LDAP/etc. help a LOT, but they aren’t perfect.
  - FreeIPA can help a lot with this.
- As Jthan mentions, configuration management systems (which we talk about more in S0E6 and S0E15.

Default Python Distribution

If multiple python versions come installed, the default (e.g. /usr/bin/python) is in bold. These are based on a freshly-installed OS with no modifications/updates applied.

Python Availability/Versions
OS/Distro	Python included in base install?	Version(s)
Arch	N	–
CentOS (7.5, Minimal; incl. RHEL equiv.)	Y	2.7.5
Debian (9.4.0, only SSH Server and Standard System Utilities enabled)	Y	2.7.13, 3.5.3
FreeBSD (11.1)	N	–
Gentoo (Found directly from systemd stage3 tarball)	Y	2.7.14, 3.5.5
macOS (10.13)	Y	2.7.10
NetBSD (7.1.2)	N	–
OpenBSD (6.3)	N	–
openSuSE (Tumbleweed, Server)	Y	2.7.15, 3.6.5
Ubuntu 18.04 LTS (Server)	N	–
Windows (10, build 1703)	N	–

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h4m50s)

MyHeritage, a consumer DNA sequencing firm, has suffered a breach of over 92 million accounts.

Errata

Jthan is a “modern cowboy” because apparently on a steel horse he rides.
- I think he’s not a cowboy at all.
- I bet he’s never even branded a calf.
- But he’s probably had a bear brand him.
I totally forgot to tweet about SELF. Oops.
Guido von Russum wrote Python for Unix/C hackers.
Jthan never got back to me as to what the tool was that “lets you access config files like the Windows registry”.
I just checked – SuSE (or, openSuSE Tumbleweed Server edition, at the very least) does in fact use Btrfs by default.

Music

Music Credits
Track	Title	Artist	Link	Copyright/License
Intro	Between	Meydän	click	CC-BY 4.0
Outro	Drag Chain	Steve Combs	click	CC-BY 4.0

(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author r00t^2
Categories Season Three

Comments

There are currently no comments on this article.

Sysadministrivia

Linux, Lagers, and Late Nights