S5E6: "Captive Portals? How Of-Fence-ive!"
Posted
Modified
Comments
0
| Previous Episode | Next Episode |
|---|---|
| S5E5: "User? I've Never Met 'Er pt. 1" | S5E7: "SIT Tunnels? How Sixy!" |
| Recorded (UTC) | Aired (UTC) | Editor |
|---|---|---|
| 2020-04-30 02:12:13 | 2020-05-09 03:19:27 | "Edita" |
| Format | SHA256 | GPG | Audio File |
|---|---|---|---|
| MP3 | bb24a88d73a17216a956308f754a5def4204029f100b9c25d6750265abb01c53 | click | click | OGG | c8f66984e5fccb644fa65b9d5edb9b45fd08643437b52686b81133b0824bfce6 | click | click |
We talk about WebMD- I mean PacketFence, a captive portal/802.1X/RADIUS/etc. turnkey solution.
Just the Tip
- Paden talks more about grep.
- We have talked about regex a lot, it should be nothing new. If you need to learn, these are good.
Notes
Starts at 14m42s.
I was drinking water. Paden was drinking apple juice. Jthan was drinking a Denver Beer Company Pretzel Assassin.
- PacketFence
- It is turnkey, but it seems to be a fairly mature product. Their available docs are pretty good too.
- They don’t mess around with e.g. FreeRADIUS config very much, which means that it’s one of the more clean turnkeys.
- It does 802.1X (with any EAP method that is part of 802.1X and supported by FreeRADIUS).
- It has its own integrated DNS and DHCP, which might not be ideal for your environment. We weren’t 100% certain if it could be disabled/deferred to another server.
- It’s neat that they use a fingerprinting DHCP server though.
- And while they don’t constitute a solid security depth, PacketFence does integrate with things like Nessus and OpenVAS.
- They DO, in fact, support Ubiquiti/Unifi kit.
15 Clams
In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)
Starts at 45m34s.
Jthan is v big mad and super salty about some shitty Prometheus thing.
Jthan is still wrong, though; the last certificate (the last leaf; the HTTPS cert for a webserver for instance) in a chain usually DOES expire first.
On a listen back, I think I understand where the develeoper is coming from. If your intermediate expires before your user cert, you should switch over to the newer bridge/cross-sign intermediate first before ever even worrying about your user/server certificate.
Errata
- Jthan ordered the chair he tried to recommend to Paden except it arrived damaged. And he’s having a dickens of a time getting it replaced. Caveat Emptor, bitches. You get what you pay for.
- It seems that HOPE is, so far, planned to go ahead but of course that might change. The third round of tickets are up currently and are 200USD/ea. The new venue is St. John’s University in Queens, New York City.
- I was right! The lockdowns really don’t seem to be having the effect people think they are. Intuition: 1, Paden: 0.
- Also, masks don’t seem to be effective at all in preventing spread, aside from ones like N95 masks…
- Which are earmarked for medical/healthcare (and government?!) workers, which means
- The general public are going to have a REALLY hard time finding them.
- So the CDC recommends cloth masks, and in fact downright recommend AGAINST wearing actually effective masks (“Do NOT use a facemask meant for a healthcare worker.”).
- Jthan and CDC are tied at 0.
- It also seems that the multiple strains might not affect immunity, so that’s some good news if it conclusively turns out to be true (studies/research are ongoing).
- But I might be wrong; there’s a possibility that SARS-CoV-2 can spread via sexual contact.
Music
| Track | Title | Artist | Link | Copyright/License |
|---|---|---|---|---|
| Intro | Nuni | Floating Mind | click | CC-BY-NC-SA 4.0 | Outro | When the Lights Fade | MVar | click | CC-BY-NC-SA 4.0 |
Author
r00t^2
Categories
Season Five
Comments
There are currently no comments on this article.
Comment...