S5E12: "Bad Developer! No Biscuit!"

Posted 2020-08-02 23:59
Modified 2020-08-02 02:15
Comments 0

We talk about really bad things developers use and why you oughtn’t use them.

• Just the Tip
• Notes
• 15 Clams
• Errata
• Music

Just the Tip

• RHEL 7 has a condition where a double MOTD will be displayed if the following lines exist in their respective files:
  • /etc/pam.d/sshd: session optional pam_motd.so
  • /etc/ssh/sshd_config: PrintMotd no

Notes

Starts at 24m56s.

I was drinking Moosehead again. Paden was drinking a diet soda (he didn’t mention which soda). Jthan was drinking Corona.

• Tunneling for sites in-development
  • expose (self-hosted, written in PHP)
  • ngrok hosted
    • It was previously F/LOSS.
  • TLDR, don’t do this. It’s a stupid thing to do.
  • Developers don’t understand the operations perspective (nor should they be expected to), so they shouldn’t be deploying to production.
    • Sysadmins need to provide a viable development platform for developers (VM lab, VMs on developer workstation, etc.), and
    • Promote understanding of not only where the boundaries are but why they’re there. It boils down to “discouraging the desire to circumvent.”
    • Developers, you need to respect the boundaries of your Operations team(s). They have a bigger picture view than you do and have a more intricate intimacy of the network, access controls, possible routes of compromise, etc., and
    • You need to clearly communicate what needs your environment has in terms of access, etc. and why. We don’t want you to fail! We want to give you the best chance of success, but we have limitations, compliance/liability regulations, policy handed to us from higher-ups, and the like that you may not be aware of.
  • Only developers working on a project being developed should have access to that resource/project!
  • As much of a fan as Jthan and I are not of containers in prod, they’re perfectly fine for dev and are a better option than opening a WAN-routed tunnel to a developer workstation.
  • Developers and sysadmins, make sure you know what problem you’re actually trying to solve.

15 Clams

In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)

Starts at 1h04m51s.

Jthan wanted to talk about PGP/GPG. Someone out there thinks their functionality can be replaced with HTTPS. I talk about why that’s dumb and wrong.

Errata

• “Shoutout to amayer”
• We have a Discord now, thanks to Jthan’s incessant bitching.
• There is indeed a can shortage.
• I accidentally the whole thing. Is this bad?
• Paden was talking about Hamachi.
• Jthan doesn’t know how to let me talk when it’s “my turn” and yet criticizes me for doing the same thing, lol
• The magic packet is a part of Wake-on-LAN.
• I say that the RFCs for IRC don’t provision for TLS-tunnled DCC. Turns out DCC isn’t even in the RFCs itself.

Music

Author r00t^2
Categories Season Five