S3E8: "When You Have to Swing Both Ways"
|Previous Episode||Next Episode|
|S3E7: "Dude, Where's My Cert?"||S3E9: "Git Outta Here"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2018-06-07 02:54:59||2018-06-17 00:00:12||"Edita"|
We talk about administration of systems in a cross-platform/cross-OS fleet. Jthan poses a question about evaluating software for deployment.
- Microsoft has bought GitHub for 7.5 billion USD.
- The FBI recommends rebooting your consumer router to clear RAM-based malware.
- A long-lived Steam client RCE has been patched.
- Cloudflare’s “18.104.22.168” resolver has suffered a BGP hijacking.
- A pretty serious vuln in ext4 has been patched.
Starts at 23m40s.
I was drinking Jefferson’s Reserve again. Paden was drinking water. Jthan was drinking Dogfish Head’s SeaQuenched Ale.
- Nosbig from our IRC channel told us about Gogs, a Go-based git server (alternative to Gitlab)
- We will trial/review Gogs, Gitea (a fork of Gogs), and I’ll be additionally reviewing Gitlab for comparison of all three.
- Jthan then brings us into a discussion on how to determine whether software is mature enough for deployment to your production environment.
- I usually do it by finding out how long the project has been “in the open” – first release, first commit, etc.
- Then I look at how many Google search results the name of the project turns up to get a rough idea of how common it is. One could theoretically utilize Google Trends to get a better idea of this.
- Then I glance through the documentation — is it well-written, in-depth?
- Then you look at their bug tracker/issue tracker to get an idea of how quickly they respond to issues, the oldest open issue, how many issues are open vs. closed, the severity of issues that were opened, etc.
- Then I build a POC to see how the software “feels” to deploy.
- Jthan doesn’t deploy much new software (hence bringing up the topic in the first place).
- Cross-platform administration/mixed fleets (34m10s)
- Powershell is opensource and can be compiled for Linux.
- You can extract SSH keys in Windows’ built-in SSH system.
- You should strive to “write [scripts] once, [and they should] run everywhere”.
- Python is recommended over Powershell or bash/sh/ksh/etc. as it’s more widely supported cross-platform (and even allows platform-conditional logic). See the table below for which distros/operating systems contain a python installation by default and what version.
- Powershell on Linux is mostly useful for remotely interacting with Windows boxen.
- Applescript is probably ideal for macOS servers. Or bash.
- For the BSDs and more traditional unices, stick to Bourne SHell conventions (“sh”, NOT Bourne Again SHell — BASH).
- WSL or Cygwin can help greatly in “closing (some of) the gaps”…
- Active Directory/LDAP/etc. help a LOT, but they aren’t perfect.
- FreeIPA can help a lot with this.
- As Jthan mentions, configuration management systems (which we talk about more in S0E6 and S0E15.
Default Python Distribution
If multiple python versions come installed, the default (e.g.
/usr/bin/python) is in bold. These are based on a freshly-installed OS with no modifications/updates applied.
|OS/Distro||Python included in base install?||Version(s)|
(7.5, Minimal; incl. RHEL equiv.)
(9.4.0, only SSH Server and Standard System Utilities enabled)
(Found directly from systemd stage3 tarball)
|Ubuntu 18.04 LTS
(10, build 1703)
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (1h4m50s)
MyHeritage, a consumer DNA sequencing firm, has suffered a breach of over 92 million accounts.
- Jthan is a “modern cowboy” because apparently on a steel horse he rides.
- I think he’s not a cowboy at all.
- I bet he’s never even branded a calf.
- But he’s probably had a bear brand him.
- I totally forgot to tweet about SELF. Oops.
- Guido von Russum wrote Python for Unix/C hackers.
- Jthan never got back to me as to what the tool was that “lets you access config files like the Windows registry”.
- I just checked – SuSE (or, openSuSE Tumbleweed Server edition, at the very least) does in fact use Btrfs by default.
|Intro||Between||Meydän||click||CC-BY 4.0||Outro||Drag Chain||Steve Combs||click||CC-BY 4.0|