S2E4: "From TCP to Shining UDP"
|Previous Episode||Next Episode|
|S2E3: "Ass-Backwards Passwords"||S2E5: "Suck my Disk"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2017-03-30 02:52:55||2017-04-10 03:59:00||"Edita"|
In which we talk about Caddyserver, some practical applications of QoS, and respond to an email we received.
- Lastpass has yet another vulnerability
- HP Bromium runs self-destroying VMs
- We mention Qubes OS.
- Skype is now serving malware as advertisements
- Remember how I said that adblockers are a necessity? This is why.
- Google has called Symantec out for mis-issuing 30k certs.
- Senate Joint Resolution 34 has passed, nullifying 81 Federal Regulation 87274
- In other words, “yer digital privacy’s officially fucked now, lel”
- Reminder that Jthan still needs some people with programming experience (and biologists!) to sign up for his hackathon.
Starts at 13m45s.
- I was not impressed. It felt like “Fisher-Price Nginx” – and I inherently don’t trust “automagic” things because they dumb down complex mechanisms/configuration, and something’s bound to be missed when you do that.
- I mention mcTLS which is a very silly thing and should be shunned. SHUN THE NON-BELIEVER. SHUNNNNNNNNN-UH.
- Our general takeaway/consensus is “It’s probably easier to use for beginners, but there isn’t a ‘good’ use case for it.”
- QoS/Traffic Shaping (25m10s)
- A defense of “the cloud”/DevOps (37m28s)
OK, no essay or chastisement like I sent last time :)
I just wanted to weigh in a bit on the whole “cloud” thing after S2E3. For me, it’s a question of these providers allowing a user to communicate with the VM-based infrastructure via an API. This allows you to programatically bring up and tear down infrastructure just by writing code to do so. Hashicorp’s Terraform is a great tool for this.
Most, if not all cloud providers are not without their issues, but I think that’s normal in this topsy-turvy threat-addled world in which we operate :) They’re also by-and-large big megacorps, so that can’t be good. Maybe the answer is an open-source specification for such a thing, but I guess then we have Openstack – though that seems mega-complex. If we could have a simplified thing like Digital Ocean, that would probably be better, in that it lowers the barrier for entry.
I’ve currently just started a gig using AWS, Terraform, Kubernetes (my first real use of containers) so I’ve gone a bit devops-y, but I still self-identify as a sysadmin, don’t worry :) Currently looking at filebeat / logstash for log aggregation and parsing – perhaps a future topic?
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (55m15s)
- A Redhat engineer pushed creds to GitHub.
- The episode in which we kept having to restart/have outtakes at the end is S1E5.
- If Jthan’s Solaris-esque endpoint was running in a VM, Solaris has flowadm as part of its Crossbow suite.
- It turns out filtering traffic per UID is indeed pretty easy with iptables.
- Jthan mentioned something about getting a Baddie for rm -rf’ing /bin. Turns out, that’s not what he got a baddie for.
|Intro||Ace of Clubs||RoccoW||click||CC-BY-SA 4.0||Outro||PENicillin (Produced By JBlanked)||DRVN||click||CC-BY-SA 4.0|