AMD issues firmware fixes for Epyc, Ryzen processors

Earlier this month AMD quietly disclosed 31 new CPU vulnerabilities affecting both its Ryzen desktop chips and EPYC data center processors. AMD disclosed the flaws in coordination  with several researchers, including teams from Google, Apple, and Oracle.AMD typically releases vulnerability findings twice a year, in May and November, but decided to release the fixes early due to the relatively large number of new vulnerabilities and the timing of the mitigations.Despite the severity and number of flaws, AMD posted the lists to its security page. The flaws include BIOS/UEFI revisions that AMD has distributed to its OEMs. Since every OEM has a different BIOS/UEFI, it’s best to check with your motherboard maker or system vendor to see if you need the updates.To read this article in full, please click here

AMD issues firmware fixes for Epyc, Ryzen processors

Earlier this month AMD quietly disclosed 31 new CPU vulnerabilities affecting both its Ryzen desktop chips and EPYC data center processors. AMD disclosed the flaws in coordination  with several researchers, including teams from Google, Apple, and Oracle.AMD typically releases vulnerability findings twice a year, in May and November, but decided to release the fixes early due to the relatively large number of new vulnerabilities and the timing of the mitigations.Despite the severity and number of flaws, AMD posted the lists to its security page. The flaws include BIOS/UEFI revisions that AMD has distributed to its OEMs. Since every OEM has a different BIOS/UEFI, it’s best to check with your motherboard maker or system vendor to see if you need the updates.To read this article in full, please click here

A Journey To The AWS Advanced Networking Certification

There’s a trend to cloudify every aspect of IT. You might think that there’s no need to understand classical networking because “the cloud” solves problems related to routers and switches. The truth is that clouds have massive networks under the hood. Someone needs to connect cloud services and bring users to these clouds in a […]

The post A Journey To The AWS Advanced Networking Certification appeared first on Packet Pushers.

C can be memory-safe

The idea of memory-safe languages is in the news lately. C/C++ is famous for being the world's system language (that runs most things) but also infamous for being unsafe. Many want to solve this by hard-forking the world's system code, either by changing C/C++ into something that's memory-safe, or rewriting everything in Rust.

Forking is a foolish idea. The core principle of computer-science is that we need to live with legacy, not abandon it.

And there's no need. Modern C compilers already have the ability to be memory-safe, we just need to make minor -- and compatible -- changes to turn it on. Instead of a hard-fork that abandons legacy system, this would be a soft-fork that enables memory-safety for new systems.

Consider the most recent memory-safety flaw in OpenSSL. They fixed it by first adding a memory-bounds, then putting every access to the memory behind a macro PUSHC() that checks the memory-bounds:

A better (but currently hypothetical) fix would be something like the following:

size_t maxsize CHK_SIZE(outptr) = out ? *outlen : 0;

This would link the memory-bounds maxsize with the memory outptr. The compiler can then be relied upon to do all the bounds checking to prevent buffer Continue reading

Response: Complexities of Network Automation

David Gee couldn’t resist making a few choice comments after I asked for his opinion of an early draft of the Network Automation Expert Beginners blog post, and allowed me to share them with you. Enjoy 😉

Network automation offers promises of reliability and efficiency, but it came without a warning label and health warnings. We seem to be perpetually stuck in a window display with sexily dressed mannequins.

Read more …

Response: Complexities of Network Automation

David Gee couldn’t resist making a few choice comments after I asked for his opinion of an early draft of the Network Automation Expert Beginners blog post, and allowed me to share them with you. Enjoy 😉

Network automation offers promises of reliability and efficiency, but it came without a warning label and health warnings. We seem to be perpetually stuck in a window display with sexily dressed mannequins.

Read more …
1 310 311 312 313 314 3,792