Category Archives: Show Notes

- Enabling TLS 1.2 and disabling TLS 1.1, 1.0 and SSL 3.0 and SSL 2.0.
  - Test your Server to what SSL/TLS version you website uses – ssl labs
  - Enable/Disable TLS versions via a GUI – IISCrypto
- Immutable Infrastructures – CoreOS
  - CoreOS is a linux distribution that is completely described by YAML
  - Kubernetes – learnt a bit more about it by actually installing it (kubespray), also, trying to do it in an “air-gapped” environment proved hard work
  - kubespray works by bootstrapping python onto the CoreOS nodes so it can use ansible.
  - Doing Immutable Infrastructure with deb packages?
  - Docker
  - Terraform
    - Plan & Apply stage
    - Providers talk to cloud provider APIs
  - Lab with PXE Booting using Ansible
- Highly available Network Appliances on OpenStack
  - Allowed_Address_Pairs – 0.0.0.0/1 and 128.0.0.0/1
  - Virtual MAC address between HA members, which means adding an extra Allowed_Address_Pairs pair per Virtual MAC address
  - Ansible with Jinja2 for the Allowed_Address_Pairs variable
- Ansible 2.5 is out
  - With_SubElements has been depreciated – still works, but documentation refers to loop and lookup plugins
  - loops can have names now
  - roles: has been replaced by include_roles
  - Ansible Galaxy roles don’t need to be the files from galaxy.ansible.com – you can use Git repos.
- Matrix.org / riot.im
  - Bridges to Telegram and others
  - Matrix.org runs bridges to IRC, Slack and Gitter and host some bots and plugins.
  - Other bridges are in-place (e.g. t2bot.io) and you can host your own.
  - French Government to use Matrix as their inter-government communication system
  - Synapse (Matrix.org homeserver) federates between all the other Synapse servers, and updates the servers when they all come back online. Demo at matrix.org.
- Email about Postlayer (Email and Spam Filtering) being demised
  - Replaced by Fusemail
  - Discussed open source options (no conclusion)
- Bullet journal revisited
  - Monthly too often – weekly…

Audio Production by Dave Lee @thebugcast
Fosstalk Live
Glasgow Podcrawl
Oggcamp

Admin Admin Podcast #63 – Show Notes Diving into Ansible

In this edition of the Admin Admin Podcast, we discuss a little bit about FOSDEM and ConfigMgmtCamp, and then our deep-dive on Ansible.

When talking about Ansible, we talk about the alternatives (Puppet, Chef, Salt, Desired State Configuration and reverse DSC, and that you can install software on Windows via Group Policy), and then talk about:

Provisioning cloud environments with Ansible
Ansible Modules
The Inventory file
Playbooks
Variables
Filters
Jinja2
Yaml
Handlers
Ansible Tower and it’s upstream project – AWX
Example files by Jon
Tags
Example files by Al
Roles
Ansible Vault
Hashing
Jon’s Github Profile
Al’s Github Profile
Jerry’s Github Profile

We plug the following forthcoming events: FossTalk Live – 9th June at King’s Cross, London, Glasgow Podcrawl – 28th July, Glasgow and OggCamp – 18th and 19th August, Sheffield

We mention the following other things: Jerry’s Tech Blog, Bullet Journals, Hackable Podcast, Cool Tools Podcast, Centre for Computing History, Cambridge, and the fiction series Within the Wires.

Admin Admin Podcast #62 Show Notes – Admin in the Ham Shack

Special Guest Co-Presenter: Russ Woodman from Linux In The Ham Shack

Errata: Jon got Streisand Routing wrong in the last show.

Russ works for a Broadband Carrier (ISP) that also supplies telephone, cellular (mobile), internet, satellite and cable. He’s in a team of 5 people, and is the main escalation point for the team.

Jon explains “Pets versus Cattle” (badly) and Russ explains they’re converting from Pets to Cattle.

The Broadband Carrier that Russ works for uses mostly open source technologies, and he is trying to move to more robust services.

He explains his path to Linux and Open Source, via VMS, BSD, Minix and SCO Unix. He started in his current job just after Y2K but has been working in System Administration for many years before that.

Russ talks about using Amateur Radio with Linux and Open Source.

We talk about how his job has changed, which is mostly in the abstraction of Hardware away from users, but Russ also talks about REST APIs and SOAP.

We all talk about Cloud reliability and cost.

Jerry brings up RINA.

Russ talks about his home network. Jon talks about “Becoming your own WISP”.

Al asks Russ about Amateur Radio and how you use it from Linux. Russ talks about different transmission modes and encoding/decoding. He then explains a bit about the Linux In The Ham Shack podcast.

Al talks about setting up a new server for hosting WordPress and how he’s moving away from FreeBSD to Ubuntu (or RedHat/CentOS). He asks for guidance about Ansible and authentication. Russ suggests OpenSUSE as an alternative to review as well. Jon mentions about commercial support. Jon also talks about the recent history of SUSE. Al asks about running sudo to become root. Jon talks about setting up TOTP (Google Authenticator) and enabling it for PAM authentication.

Al also asks about Linux permissions. Russ talks about setting permissions. There is a talk about SetUID and SetGID. Jon suggests using containers or chroot instead of trying to harden a whole machine. Jerry talks about ACLs.

Al goes on to ask about whether he’s in the right job. Jerry, Jon and Russ all provide their viewpoints.

Al mentions about a telegram group which he heard about on Tuxjam Podcast which alert you on the latest security alerts https://t.me/itsecalert

We read some feedback

Gary Williams talks about naming conventions on servers, dnsnames for SQL servers
Mike Bickerton says we’re good 🙂 Mentions we’re very Windows, likes the audio, and asks about the theme tune (it’s “Now It’s Over” by “The ClayFoxes” as listed on our “About” page.) He mentions he asked our telegram channel for help with getting DNS hosting on Hurricane Electric, and then blogged about it. Jerry mentions some alternatives. Russ asks about IPv6 records.
Paul Tansom mentions his naming conventions

We ask a question for a follow-up podcast – if you have got some suggestions about how you would do a backup for your clients and customers which doesn’t involve spending money, or at least, as cheaply as possibly.

We mention FossTalk Live (9th June at King’s Cross, London), OggCamp (18th and 19th August in Sheffield) and Podcrawl Glasgow (28th July in Glasgow).

Please consider spreading the word about the podcast. We have a presence on Facebook and Twitter. The team chat on Telegram, and if you want to support the show, we have a Patreon account.

What would you would like to see on the podcast? Is there anything we should change? Please get in touch via our Telegram group or email feedback@nospam.adminadminpodcast.co.uk (remove the filter to send the mail…) 🙂

Admin Admin Podcast #61 Show Notes – Not quite so ephemeral

Show notes:

Relaunched the podcast!
- Andy has stepped back 🙁
- Jon Spriggs has stepped in 🙂
- Al and Jerry are sticking around 🙂
- We’re planning to do a monthly release (starting this month!)
- Hopefully better audio (although, Jerry’s audio played up a bit in the middle… we know why, we’re fixing it for the next time!)
- If you want us to make any changes, let us know!
How do you name servers?
- Al mentioned the Iron Sysadmin Podcast
- We basically concluded that naming by function is probably best in managed networks, but that’s based on how you manage your security posture.
- We briefly touched on how we name our personal machines… but who typically has more than one personal laptop? 🙂
- It’s different in cloud environments – hosts may have ephemeral names, and Jon explained about Ephemeral Naming, and how that works with DNS names.
Talking about home routers
- Jerry mentioned Steve Gibson from the Gibson Research Corporation
- Jerry wanted to move away from having disparate devices, and is going to replace various boxes with a single Edgerouter X
- Jon explained basically about FTTC (Fiber-to-the-Cabinet)
- Al mentioned that he uses a Mikrotik router – This model: RB2011iL-IN
- Jerry mentioned that you can install Lede on the Edgerouter X.
- Jon very briefly explained VRRP
Home labs
- Jon mentioned the Home Labs facebook group
- Jon and Al mentioned their home lab kit, while Jerry explained how he threw away all his old kit, and now uses the cloud
- Jon explained how he got in trouble because he got rid of his old kit and explained how he debugged hardware failure on a computer with no spare parts
- All the hosts explain that they virtualize everything
- Jon and Jerry both use talked about using Vagrant to stand up boxes both locally and remotely using the Digital Ocean Plugin or AWS Plugin. Jerry has also used the VSphere Plugin and mentioned the Azure Plugin. Jerry mentioned using the Mosh plugin and Jon mentioned the you can use RDP (as well as SSH) and talks about the Vagrant Cachier plugin
- Jerry mentioned “Kubernetes the Hard Way“
- Jon explained how he separates out the Vagrant boxes on his home server, and (at GREAT LENGTH) incorrectly explained how he sets up the networking for his VPN appliance – he’ll explain more in another show!
- Al mentioned Openstack
- Jerry mentioned the “Partner Acceptance Test” and noted that anything more significant than what we have would fail this test
Firewalls
- Al has been learning about using Palo Alto firewalls. Site to get Training.
- Al mentioned Udemy
- Jon mentioned FortiNet FortiGate, Juniper ScreenOS and JunOS and Check Point firewalls and Pulse Secure IVE product. He specifically mentions that a model of the FortiAP also does Firewalling
AOB
- Al mentioned the SysAdmin Show podcast
- Jon recommended the Darknet Diaries Podcast and particularly mentioned the Beirut Bank episode.
- FOSS Talk Live is on 9th June at King’s Cross, London
- OggCamp ’18 is on 18th and 19th August in Sheffield

Admin Admin Podcast #60 Show Notes – Hacktoberfest at last!

Tic Tac Toe Code

Jerry

/lib/init/fstab
- Samba issue with “locking.tdb”
Vagrant-vsphere

Jon

Matrix.org bridges to IRC, Slack with GitHub and RSS feeds
Ansible all the things! (https://github.com/lugorguk)
All Day Devops
Packt Pub Free Book Of The Day

GitHub

- - Learn the basics of Git in 15 minutes
  - How To Create a Pull Request on GitHub
  - GitHub Training Kit: Open source slides, workbook, and cheat sheet courseware for teaching Git and GitHub classes
  - Git cheat sheets in multiple languages
  - Understanding the GitHub Flow
  - GitHub training sessions and webcasts
  - Patchwork: Casual, mentored workshops for beginners to Git and GitHub
  - More resources from GitHub

Admin Admin Podcast #059.5 Show Notes – A Quick Update From Al

Advanced IP Scanner

Use PSEXEC to Change Static IPs to DHCP Remotely

https://www.pockethernet.com/


# Convert macs to 00:50:56:96:8B:07 take out :

=LOWER(SUBSTITUTE(SUBSTITUTE(SUBSTITUTE(O2,":",""),".",""),"-",""))

# Convert to HP format

=LOWER(MID(P2,1,6)&amp;amp;"-"&amp;amp;MID(P2,7,6))

LDWin: Link Discovery for Windows

How to copy DHCP Reservations from one server to another

http://www.kernelpanicpodcast.com/