CVE 2019-14866: GNU cpio

I found a security bug in GNU cpio and thought I’d write down the story of that. It’s not the most interesting bug in the world, but it may still be an interesting story to some.

An odd limit

The whole thing started with me looking at the manpage

-H, --format=FORMAT
  Use given archive FORMAT. Valid formats are (the number in
  parentheses gives maximum size for individual archive member):
  bin    The obsolete binary format. (2147483647 bytes)
  odc    The old (POSIX.1) portable format. (8589934591 bytes)
  newc   The new (SVR4) portable format, which supports file
         systems having more than 65536 i-nodes. (4294967295 bytes)
  crc    The new (SVR4) portable format with a checksum added.
  tar    The old tar format. (8589934591 bytes)
  ustar  The POSIX.1 tar format. Also recognizes GNU tar archives, which are
         similar but not identical. (8589934591 bytes)
  hpbin  The obsolete binary format used by HPUX's cpio (which stores device
         files differently).
  hpodc  The portable format used by HPUX's cpio (which stores device files
         differently).

What’s wrong with this picture? Those are some very odd size limits. 2GiB and 4GiB I understand, as it’s 32bit signed and unsigned int. But tar having a max size of 8GiB? 33 bits? That Continue reading

Analysts Debate SASE’s Merits as Vendors Board Hype Train

Heavy Networking 484: Cloud And SD-WAN Are New Opportunities To Rethink Your Network (Sponsored)

Today on Heavy Networking, sponsor Open Systems comes on the podcast to discuss the new opportunities--and challenges--for networking in a time when more applications and services are running in the cloud. We explore how cloud services affect WAN design, how organizations can use SD-WAN to enhance networking and security, and much more. Our guest is Silvan Tschopp, head of solutions architecture at Open Systems.

The post Heavy Networking 484: Cloud And SD-WAN Are New Opportunities To Rethink Your Network (Sponsored) appeared first on Packet Pushers.

Why is everybody talking about 6G?

We're not even using 5G yet, and already 6G is in the news. What is 6G? Is it real? When do we all get it? (Spoiler alert: Nonexistent, no and a long time from now.)

Google Killed Chronicle, Report Claims

Rakuten: We Have More Edge Locations Than Amazon

Weekly Wrap: Fortinet Fortifies Firewall, SD-WAN Capabilities

Kasten K10 v2.0 Targets Security and Simplicity

The Future of Hidden Features

You may have noticed last week that Ubiquiti added a new “feature” to their devices in a firmware updated. According to this YouTube video from @TomLawrenceTech, Ubiquiti built an new service that contacts a URL to “phone home” and check in with their servers. It got some heavy discussion going, especially on Reddit.

The consensus is that Ubiquiti screwed up here by not informing people they were adding the feature up front and also not allowing users to opt-out initially. The support people at Ubiquiti even posted a quick workaround of blocking the URL at a perimeter firewall to prevent the communications until they could patch in the option to opt-out. If this was an isolated incident I could see some manner of outcry about it, but the fact of the matter is that companies are adding these hidden features more and more every day.

The first issue comes from the fact that most release notes for apps any more are nothing aside from platitudes. “Hey, we fixed some bugs and stuff so turn on automatic updates so you get the best version of our stuff!” is somewhat common now when it comes to a list of Continue reading

This 11-course Microsoft & Oracle SQL certification prep bundle is only $39 today

If you’re interested in a career in data administration, you’re in luck! Nowadays, companies handle larger data sets than ever before, so the need for data experts is higher than ever. Whether you’re new to the field or you want to brush up on your database management skills, this $39 bundle is for you. The Complete Microsoft & Oracle SQL Certification Bundle features 11 courses on how to become a skilled database administrator. One of the most popular relational database management systems is Microsoft SQL Server, and you’ll learn the basics behind this tool such as modifying data and combining data sets in Microsoft 70-461: Querying SQL Server 2012. Alternatively, you can specialize in Oracle, another popular RDBMS, by completing Oracle 12c OCP 1Z0-061: SQL Fundamentals. Once you’ve completed either of these, you can pursue advanced SQL certifications to design data warehouses, design business intelligence solutions, and more. To read this article in full, please click here

IDG Contributor Network: Microsoft’s vision for the multi-cloud future

We are seeing it from all sides now. From the usual suspects in OEM to HCI to virtualization to public cloud, everyone is out to address the growing demand to shift legacy IT workloads to agile, cloud native, consumption-based, hybrid-friendly, modernized IT environments. A mouthful perhaps, but that doesn’t make it any less true. We have entered a multi-cloud world, and the competition is going to be abundant.The question that’s top of mind for many is which company or companies will emerge as the market leader. This week at Ignite, Microsoft’s annual customer conference, the company made a number of announcements around its Azure Cloud. Based on those announcements and the company’s existing platform of services, I wanted to break down how I see Microsoft’s Azure strategy evolving and share what business and IT leaders need to be thinking about when they are looking at modernizing their IT to support the growing multi-cloud initiative.To read this article in full, please click here

Rita Younger – Believe in Yourself, Technical Woman

Showing the path helps you walk it

The post Rita Younger – Believe in Yourself, Technical Woman appeared first on EtherealMind.

HPE boosts storage, hyperconvergence products with AI

Two announcements from Hewlett Packard Enterprise highlight the potential for artificial intelligence to make systems more autonomous and adaptable to changing workload demands.HPE has beefed up its SimpliVity hyperconverged infrastructure (HCI) platform and its Primera storage system to include AI capabilities and composability features from HPE Synergy and HPE Composable Rack. Read more: Making the right hyperconvergence choice: HCI hardware or software?To read this article in full, please click here

HPE boosts storage, hyperconvergence products with AI

Two announcements from Hewlett Packard Enterprise highlight the potential for artificial intelligence to make systems more autonomous and adaptable to changing workload demands.HPE has beefed up its SimpliVity hyperconverged infrastructure (HCI) platform and its Primera storage system to include AI capabilities and composability features from HPE Synergy and HPE Composable Rack. Read more: Making the right hyperconvergence choice: HCI hardware or software?To read this article in full, please click here

NXTWORK 2019 – It’s that time!

It’s that time – time for Juniper NXTWORK 2019 in Las Vegas, NV at Ceasars Palace! Few quick things to …

Continue reading →

The post NXTWORK 2019 – It’s that time! appeared first on Fryguy's Blog.

Video: Putting the Networking Layers Together

The previous videos from the How Networks Really Work webinar covered an overview of networking challenges and the importance of networking layers.

Now it’s time to put it all together.

You need free ipSpace.net subscription to watch the video, or a paid ipSpace.net subscriptions to watch the whole webinar.

The inflection point hypothesis: a principled approach to finding the root cause of a failure

The inflection point hypothesis: a principled debugging approach for locating the root cause of a failure Zhang et al., SOSP’19

It’s been a while since we looked a debugging and troubleshooting on The Morning Paper (here’s a sample of earlier posts on the topic). Today’s paper introduces a root cause of failure detector for those hard-to-pin-down bugs. Whereas most root cause analysis systems start from the failure and work backwards, Kairux starts from the beginning of the program execution and works forwards. It’s based on the simple idea that the root cause is likely to be found where the failing execution deviates from successful executions.

If we model an execution as a totally ordered sequence of instructions, then the root cause can be identified by the first instruction where the failure execution deviates from the non-failure execution that has the longest instruction sequence prefix in common with that of the failure execution.

This point where the failing run deviates from the longest successful instruction sequence prefix is called the inflection point, and the Inflection Point Hypothesis says that the inflection point is likely to be the root cause.

The definition of root cause itself is taken from Continue reading

Webinar, Podcast And Free Videos

DMZ Anywhere Architecture – Webinar

In this webinar Orhan Ergun and Ahmed Al-Deeb are talking about DMZ Anywhere architecture. Micro Segmentation , Deploying DMZ in a virtual environment to reduce cost, providing flexibility and better performance will be highlighted.

www.orhanergun.net DMZ Anywhere Webinar

Mobile Broadband Basics – Webinar

In this webinar Orhan Ergun and Karim Rabie is talking about Mobile broadband technologies basics. 2G, 3G,4G,LTE and 5G is explained by Mobile Broadband expert Karim Rabie.
 Sessions slides will be uploaded shortly.Introduction to Mobile Broadband- 2G, 3G, 4G, LTE and 5G Technology basics

Global CCDE List

Global CCDE List

How many CCDEs are there in the world? What country has the most CCDEs? How do you become a CCDE Global List member? You can find out the answers to these questions below. If you have a CCDE number, if you changed your country or company share it in the comment box below or contact me directly. This list will be updated as soon as new members are accredited. You can be the one of them.More than 60 of these CCDEs passed the exam after Orhan Ergun’s CCDE bootcamp.

Check Orhan Ergun’s CCDE Training Program

Total Number of CCDE: 430

GLOBAL CCDE LIST

4 Main Design Principles of Mobile Networks

4 Main, Key Design Principles of Mobile Networks – I will explain the 4 key design principles of cellular networks in plain English.

In fact I should have said, cell based systems as mobile networks may not be design based on cell based architecture.

Let me explain what would be the other deployment option for the mobile network, other than cell based systems and then will highlight the 4 main characteristics of cell based mobile networks.

Before, cellular systems designed, mobile network operators used to place their radio transmitters at the tallest buildings in the area which they want to provide a coverage. Single, very high-power transmitters was used to cover very large geographic areas.

With the cell based telephone systems, so many  low-power, small coverage area transmitters are used instead of a single, powerful, monolithic transmitter to cover a wide area.

This is first design principles of cell based mobile phone networks.

Second design principle of cell based systems is frequency reuse.

I hared a post on wireless frequency spectrum allocation problem here. Read it as well, if you want to understand the limit and the problems of electromagnetic frequency spectrum.

The second design principle which is frequency reuse, takes Continue reading