The above errors were caused by the plugin:adi_menu
The above errors were caused by the plugin:mg_setheader
The above errors were caused by the plugin:mta_sanitize
The above errors were caused by the plugin:ngd_recaptcha
The above errors were caused by the plugin:pax_grep
The above errors were caused by the plugin:smd_query
The above errors were caused by the plugin:soo_toc
The above errors were caused by the plugin:zem_contact_reborn
S2E0: "I Think There's a Delay" | Sysadministrivia

S2E0: "I Think There's a Delay"

Posted
Comments 0

Log
Recorded (UTC) Aired (UTC) Editor
Verification
Format SHA256 GPG Audio File
MP3 click click
OGG click click

We talk about GitLab having an infra meltdown, some tools for enterprise fleet management, and a bird’s-eye-view of BIOS/UEFI.

And Jthan wasn’t HIGH-ENERGY enough. It must have been all the “cranberra vodkys”.

News

  • Delta Airlines has a pretty nasty snafu with their reservation system.
  • Supposedly a hotel was ‘held ransom’ by ransomware, affecting their door locking system and leaving guests locked in/out of their rooms.
    • But this is bullshit and seems to have originated by a “news” source that was described by BuzzFeed as “the King of Bullshit News”. Yes, you read that correctly. When BuzzFeed of all media calls you bullshit, you know you’re in trouble.
  • The Guardian reported WhatsApp as backdoored
  • A Los Angeles college paid off a ransomware. Gorram it, stop doing this. Keep a good backup system instead, knuckleheads.
  • There’s a pretty hilarious cryptkeeper bug
    • Upstream is dead, though, and it’s been removed for Debian 9 so it’s not such a big deal…
    • But if you’re using it, stop.
  • There are multiple tcpdump vulnerabilities (most having to do with separate functions suffering from similar flaws).

Notes

Starts at 19m53s.

I was drinking Northcoast Brewing’s Old Rasputin, Jthan was drinking an herbal infusion because he wasn’t HIGH-ENERGY enough, and Paden was drinking Glenlivet 12 years.

  • Enterprise fleet management
    • We have mentioned config management in S0E15
    • We talk about rConfig for managing net kit
    • And Augeas for accessing config files in an “object-oriented” sort of approach
    • NeDI is handy for an overview of your fleet…
    • But I like Observium better because it feels more “polished”.
    • And handy for managing other information into visual presentation is Cacti.
    • Also, neti pots.
  • We also talk about BIOS/UEFI (39m08s)
    • BIOS (Basic Input/Output System) has been around a very long time
      • It runs on the motherboard, and initializes the hardware sequentially
    • UEFI (Unified Extensible Firmware Interface) has been around for less time (2005, but first developed in the mid-90’s for IA-64), but is much more robust
      • It runs on a dedicated subsystem and initializes devices as-needed/in parallel, which greatly speeds up boot time
    • UEFI lets you run things like memtest86+, various kernels, etc. directly – meaning without even needing to boot an initrd or memdisk!
    • Bruce Schneier talks about the “Evil Maid” attack here
    • We talk about the rm -rf bug with UEFI variables in S1E0
      • We didn’t mention it in the show, but there was also a UEFI exploit on Thinkpad devices that we mention in S1E11.

Sysbadministration Award

In this segment, we highlight system administration mistakes. Think of them as the IT equivalent of the Darwin Awards. (49m32s)

GitLab killed a prod server with what was a literal wrong rm -rf. AND THEIR BACKUPS- ALL OF THEM- WERE BAD. They ended up recovering from a live copy (so props for redundancy). However, their write-up is top-notch and they even livestreamed the recovery effort. Unfortunately they didn’t archive it, but it was interesting to watch.

Bonus points, I reference this meme.

Errata

  • Edita counted for me; the times I tell Jthan to be “high-energy” is 5 times throughout the episode. hahaha
  • We talk about how hard it was to kill Rasputin. He actually survived one. He was a pretty tough bastard and people really wanted him dead.
  • Juniper kit actually uses ‘JunOS’, not “JuniperOS”, and it’s FreeBSD-based, not GNU/Linux-based.

Music

Music Credits
Track Title Artist Link Copyright/License
Intro click
Outro click
(All music is royalty-free, properly licensed for use, used under fair use, or public domain.)

Author
Categories

Comments

There are currently no comments on this article.

Comment...

Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.