S5E12: "Bad Developer! No Biscuit!"

Posted
Modified
Comments 0

Navigation
Previous EpisodeNext Episode
Log
Recorded (UTC) Aired (UTC) Editor
2020-07-23 02:35:20 2020-08-01 04:56:55 "Edita"
Verification
Format SHA256 GPG Audio File
MP3 e9ecbc710e72f8740d16bd83e53b6451b2626f747c492df7a7ae2e81d7f548df click click
OGG 74f434a2f871638e58765f2caf4e047f746d55d57e0a7e1bcf4cdbfa86c52dc8 click click
Quicklisten:

We talk about really bad things developers use and why you oughtn’t use them.

Just the Tip

  • RHEL 7 has a condition where a double MOTD will be displayed if the following lines exist in their respective files:
    • /etc/pam.d/sshd: session optional pam_motd.so
    • /etc/ssh/sshd_config: PrintMotd no

Notes

Starts at 24m56s.

I was drinking Moosehead again. Paden was drinking a diet soda (he didn’t mention which soda). Jthan was drinking Corona.

  • Tunneling for sites in-development
    • expose (self-hosted, written in PHP)
    • ngrok hosted
    • TLDR, don’t do this. It’s a stupid thing to do.
    • Developers don’t understand the operations perspective (nor should they be expected to), so they shouldn’t be deploying to production.
      • Sysadmins need to provide a viable development platform for developers (VM lab, VMs on developer workstation, etc.), and
      • Promote understanding of not only where the boundaries are but why they’re there. It boils down to “discouraging the desire to circumvent.”
      • Developers, you need to respect the boundaries of your Operations team(s). They have a bigger picture view than you do and have a more intricate intimacy of the network, access controls, possible routes of compromise, etc., and
      • You need to clearly communicate what needs your environment has in terms of access, etc. and why. We don’t want you to fail! We want to give you the best chance of success, but we have limitations, compliance/liability regulations, policy handed to us from higher-ups, and the like that you may not be aware of.
    • Only developers working on a project being developed should have access to that resource/project!
    • As much of a fan as Jthan and I are not of containers in prod, they’re perfectly fine for dev and are a better option than opening a WAN-routed tunnel to a developer workstation.
    • Developers and sysadmins, make sure you know what problem you’re actually trying to solve.

15 Clams

In this segment, Jthan shares with you a little slice of life. The title is a reference to this video. (2m16s in)

Starts at 1h04m51s.

Jthan wanted to talk about PGP/GPG. Someone out there thinks their functionality can be replaced with HTTPS. I talk about why that’s dumb and wrong.

Errata

  • “Shoutout to amayer”
  • We have a Discord now, thanks to Jthan’s incessant bitching.
  • There is indeed a can shortage.
  • I accidentally the whole thing. Is this bad?
  • Paden was talking about Hamachi.
  • Jthan doesn’t know how to let me talk when it’s “my turn” and yet criticizes me for doing the same thing, lol
  • The magic packet is a part of Wake-on-LAN.
  • I say that the RFCs for IRC don’t provision for TLS-tunnled DCC. Turns out DCC isn’t even in the RFCs itself.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro Nature Dusk D-Echo Project click CC-BY-NC-ND 4.0
Outro Douche Manouche Bralitz click CC-BY-NC-SA 4.0
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.