Security

I spoke at the first Orchestructure Meetup of 2018. I have to admit, this is probably the smoothest run Meetup I’ve been a part of for quite some time. That’s not to say other Meetups weren’t well organized. But, Mario, Bob, and Jorge have their poop in a group. Orchestructure is one great Meetup. If you’re in Michigan, you’re missing out if you haven’t attended. I created a new Go talk for this group. I hope to reuse it to enlighten people on the awesomeness of Go. This talk is title Go: Enabling DevOps To Go Faster. The talk walks through why and who created Go, examples of the things that makes Go great, three uses of Go and the why behind them, and finally walks through how Go has bailed me out in the past. ...

I had an amazing experience at DevOpsDays NYC 2018. The organizers put together an all-star lineup. You can tell this meant a lot to the organizers by the quality of the event itself; it was top notch. Being a part of the DevOps community is absolutely amazing. I am always thrilled to get invites to DevOpsDays events; they’re so well done. I was able to speak about Go and how I used it to save my DevOps ass at Solarwinds MSP. My team of merry DevOps’ers inherited an application. A third-party built the app a few years before we inherited it. The app had been in maintenance mode for quite some time. Before we could do any re-engineering work, we had to resolve a critical issue. The certificates were about to expire! ...

The British government wants to build backdoors into standard encryption libraries. This means the technology that protects your financial transactions could have a backdoor. These same backdoors were just exploited in the WannaCry outbreak that just took down the NHS. Who created that backdoor? The NSA, whose incompetence allowed this “tool” to fall into the hands of a Russian government-affiliated hacking group. You don’t do anything illegal? Great! You do have a bank account, right? You do have private conversations with your significant other, right? Would you want either to be open for potentially anyone to see? Probably not. Resist government’s demands to force Internet companies to open backdoors for them. Nothing good will come of it. ...

The Ansible lineinfile module is designed to search a file for a line, and ensure that it is present or absent. lineinfile is very effective at that particular task. However, when the line has to be in a certain place or before or after a certain line, lineinfile becomes a hassle to manage. Most people on IRC (#ansible) tend to agree, lineinfile is not a very good module in practice. Even Brain Coca says to avoid the lineinfile module. But, there is one use case I have found where line in file really excels. ...

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command). For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all Or you can be very granular and use an Ansible Playbook to audit and patch samba packages: 1 2 3 4 5 6 7 8 9 10 --- - hosts: all tasks: - name: Check if samba packages are installed shell: "yum list installed *samba* | awk '!/^Loaded|^Installed/' | cut -d ' ' -f 1" register: yum_samba - name: Update samba if installed yum: name={{ item }} state=latest when: yum_samba.stdout != "" with_items: '{{yum_samba.stdout_lines}}' A similar Ansible Playbook for a Debian based system would look something like this: ...