S2E10: "Free AS IN Beer, Not FREE BEER"
|Previous Episode||Next Episode|
|S2E9: "Fileswatter"||S2E11: "The Blame Game"|
|Recorded (UTC)||Aired (UTC)||Editor|
|2017-06-22 02:21:20||2017-07-02 16:13:48||"Edita"|
In this episode we talk about FreeIPA, an opensource identity management system that ties into Active Directory, and a couple other odds and ends.
- GOP data firm accidentally leaked 200 million American voter details.
- The EU proposes banning encryption backdoors…
- Which is in direct opposition to what the UK wants – perhaps this ties in deeper with Brexit politics?
- Cisco private key found in embedded executable.
- Paden mentioned the time when Microsoft had their EFI binary signing key leaked – we covered that during the news segment for S1E14.
- The NSA has their own GitHub account (but we caution you against running anything in there blindly, at the least without a full audit you personally have done).
- Speaking of the NSA, a Honda plant was brought down (or “shut down”) by Wannacry.
Starts at 8m41s.
I was drinking Bulleit Bourbon 10. Paden was drinking water. Jthan was drinking a gin and tonic (he didn’t mention which gin) and then moved on to a yorsh of FATE Brewing Co.‘s Watermelon Kölsch (which he’s had before on the show) – he didn’t mention which vodka.
- We replied to a question we received from Andrew Barchuk in response to S2E9.
- Q: “…Is full-disk encryption a good deterrent for data recovery for decommissioned hardware?”
- A: More or less, yeah! You’ll want to make sure you destroy the header (if it’s an encryption scheme that uses one) and then do a wipe or physical destruction, depending on the severity of your risk model.
- FreeIPA (17m55s)
- It’s intended to create an opensource shared identity management node within Active Directory (such that *nix services can more easily integrate back into the Active Directory domain)…
- But it’s not (currently) viable as a replacement for an Active Directory Domain Controller. :(
- It still can be an immensely useful tool, however!
- Why use a centralized authentication/identity management instead of configuration management? (31m09s)
- To fill some time, Jthan posits the above question.
- Generally speaking, config management systems are too kludgy to be a viable solution – with a centralized identity management system, you add a user once and it’s immediately available system-wide in the appropriate role(s). This means you don’t need to customize each server’s configuration based on its role, etc.
- Linode’s Open Beta for large-storage pools (47m52s)
- In their Newark datacenter, they’re doing an open beta for large-storage SSD-backed pools (all of their other services are SSD-backed, but this is for a new system of large-storage – a pay-as-you-go non-tiered storage system).
In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (41m00s)
- A South Korean webhosting company has paid a 1mil USD ransomware ransom. Guaranteed a backup system would have been cheaper.
- No, Paden, five nines is, indeed, 5 minutes a year (closer to 5 minutes 15 seconds, but eh).
|Intro||Ahmad||William Ross Chernoff's Nomads||click||CC-BY 4.0||Outro||Sun Iced Tea||Basement Bohemian||click||CC0 1.0|