Google patches critical media processing flaws in Android

New security patches for Google's Nexus devices address seven vulnerabilities, two of which are critical and could allow for remote code execution when handling media files.The updates, released on Monday, are part of Google's recently introduced monthly patch cycle and are available for Nexus devices running both Android 5.1 (Lollipop) and 6.0 (Marshmallow). The source code for the fixes will also be added to the Android Open Source Project (AOSP) over the next 48 hours.The most serious flaws patched in this release are tracked as CVE-2015-6608 and CVE-2015-6609, and are located in the mediaserver and libutils components of Android, respectively. Both vulnerabilities can be exploited remotely through specially crafted media files.To read this article in full or to leave a comment, please click here

Chaos Computer Club: Apple rejected TV-streaming app because of hacking iOS talks

Despite Apple having championed privacy and encryption, and having its most profitable year yet, the company is apparently not above censoring free speech on its Apple TV platform. The Chaos Computer Club claimed that Apple rejected the CCC's TV app that would allow viewers to stream the hacking conference because researchers have previously presented talks centered on hacking iOS.To read this article in full or to leave a comment, please click here

Chaos Computer Club: Apple rejected TV streaming app because of hacking iOS talks

Despite Apple having championed privacy and encryption, and having its most profitable year yet, the company is apparently not above censoring free speech on its Apple TV platform. The Chaos Computer Club claimed that Apple rejected the CCC’s TV app that would allow viewers to stream the hacking conference because researchers have previously presented talks centered on hacking iOS.To read this article in full or to leave a comment, please click here

Worth Reading: Avago buys Broadcom

If the modern datacenter has taught us anything, it is that scale matters and as it turns out it matters for the manufacturers of the devices that go into various systems in the datacenter as much as it does for those who deploy and use those systems. It is with this in mind that we ponder the implications of the $37 billion acquisition of networking and wannabe server processor maker Broadcom by the recently very acquisitive Avago Technology, a maker of chips for optical networking, server networking, and storage controllers, among other things. via the platform

The post Worth Reading: Avago buys Broadcom appeared first on 'net work.

Rail-launched rocket set to blast NASA satellite network swarm into space

It’s a space mission of firsts. First -- a flock of eight, 4lb tissue box-sized satellites will be launched into space in a proof-of-concept mission that will show how multiple, yet affordable nanosatellites can handle astrophysics duties or perform planetary science investigations, such as placing a network of satellites around an asteroid, Earth’s moon, or another planet.+More on Network World: Gartner: Risk, relentless data center demand, open source and other tech trends IT needs to know+To read this article in full or to leave a comment, please click here

Arista Networks Downgraded on Cloud Capex Concerns

Increased competition and slower cloud growth don't add up for Arista.

Mellanox Joins the Open Compute Party

Nothing against Broadcom, but it's nice that the OCP has other options.

How to earn the trust of millennials concerned with security

Part of a great marketing strategy includes building trust with consumers, especially with influential groups like millennials. You might also call them Generation Y or digital natives, but whatever you call them, it applies anyone born between 1980 and the early 2000s. This group is usually top of the list for companies’ brand awareness efforts, but the biggest threat to your marketing strategy lies more in your approach to cybersecurity than how much money you spend on advertising.Intercede, a company specializing in identity management and secure authentication technology, surveyed roughly 1,000 U.S .and 1,000 U.K. participants aged 16 to 35 about levels of digital trust. And the study found that millennials have suspicious attitudes and a general mistrust towards businesses. In a time where celebrities’ iCloud accounts are hacked and every few months there is another data breach, it makes sense for young people to have a general sense of uncertainty towards where their data goes and how it’s used.To read this article in full or to leave a comment, please click here

Forrester’s top 10 predictions for business in 2016 — and what they mean for tech

2016 will be a year of action for companies. It will be the year that the companies that thrive will be those advancing down the customer obsession path — while those that downplay their customers’ needs will start to wither away.The good news? You and your technology teams have a critical role in helping — and in some cases, leading — your organization in adapting and thriving in the age of the customer.Here are the top trends Forrester sees shaping your business in 2016, and what you can do to advance them.1. Personalization is the new bar. What it means: The level and quality of contextual, personalized experiences will be a key determinant of who wins mindshare and share of wallet.To read this article in full or to leave a comment, please click here

Are you ready to anticipate breach?

Breach HappensImage by NOAAHave you been affected by a breach? Gotten the notice in the mail that your payment card or other information may have been compromised?More hands are raised each time I ask my audiences that question.To read this article in full or to leave a comment, please click here

OpenStack Summit – Tokyo – 2015 – Wednesday 28th – Show Notes

It’s Tuesday, it’s 9am and most people have hangovers from the numerous evening events going on in and around Takanawa. 

The opening keynote seemed to revolve around Neutron and the great work Kyle (@mestery) has been doing as the project technical lead (PTL) of Neutron. Seriously, Neutron has the highest activity rate of all projects. Some argue that Neutron is too complicated and previous to attending the summit, rumours were rife around increasing support for simplifying Neutron to replacing it with Open Daylight. Needless to say, there are parties out there that want to see Neutron dead and claim it’s just too complicated to use.

So, to some keynote ‘framing’ figures: In 2014, 68% if OpenStack users (at least of those reporting) were making use of Neutron. Just one year later and it’s jumped to 89%! Maybe this can be attributed to OpenvSwitch and OVN, but either way, usage is increasing. This could also be attributed to new users not wanting to veer away from the popular projects.

With regards to the ever standing argument of “OpenStack isn’t ready for wide adoption”, which is self perpetuating, the guest speakers who were part of the keynotes, seemed to Continue reading

Paper: Coordination Avoidance in Distributed Databases By Peter Bailis

Peter Bailis has released the work of a lifetime, his dissertion is now available online: Coordination Avoidance in Distributed Databases.

The topic Peter is addressing is summed up nicely by his thesis statement: 

Many semantic requirements of database-backed applications can be efficiently enforced without coordination, thus improving scalability, latency, and availability.

I'd like to say I've read the entire dissertation and can offer cogent insightful analysis, but that would be a lie. Though I have watched several of Peter's videos (see Related Articles). He's doing important and interesting work, that as much University research has done, may change the future of what everyone is doing.

From the introduction:

The rise of Internet-scale geo-replicated services has led to upheaval in the design of modern data management systems. Given the availability, latency, and throughput penalties associated with classic mechanisms such as serializable transactions, a broad class of systems (e.g., “NoSQL”) has sought weaker alternatives that reduce the use of expensive coordination during system operation, often at the cost of application integrity. When can we safely forego the cost of this expensive coordination, and when must we pay the price?

In this thesis, we investigate the potential for coordination avoidance—the Continue reading

How Shopify Scales to Handle Flash Sales from Kanye West and the Superbowl

This is a guest repost by Christophe Limpalair, creator of Scale Your Code.

In this article, we take a look at methods used by Shopify to make their platform resilient. Not only is this interesting to read about, but it can also be practical and help you with your own applications.

Shopify's Scaling Challenges

Shopify, an ecommerce solution, handles about 300 million unique visitors a month, but as you'll see, these 300M people don't show up in an evenly distributed fashion.

One of their biggest challenge is what they call "flash sales". These flash sales are when tremendously popular stores sell something at a specific time.

For example, Kanye West might sell new shoes. Combined with Kim Kardashian, they have a following of 50 million people on Twitter alone.

They also have customers who advertise on the Superbowl. Because of this, they have no idea how much traffic to expect. It could be 200,000 people showing up at 3:00 for a special sale that ends within a few hours.

How does Shopify scale to these sudden increases in traffic? Even if they can't scale that well for a particular sale, how can they make sure it doesn't affect Continue reading

Ixia Secures the Connected Car

Car connectivity is on the rise, but with that connectivity comes vulnerability. Ixia looks at how to secure access points into connected cars.

Vote: What’s the better strategy – HP splitting up or Dell buying EMC?

HP is splitting up while Dell and EMC are coming together. Which move will pan out better?+MORE AT NETWORK WORLD: HP is now two companies: How did we get here? +The two companies are taking dramatically different paths to set themselves up to compete in the fast-moving technology landscape of today.HP is dividing itself into two businesses starting today; HP Inc. will sell PCs and printers while Hewlett Packard Enterprise will focus on infrastructure sales. Dell, meanwhile, has engineered a $67 billion buyout of EMC, and by extension VMware.To read this article in full or to leave a comment, please click here

Network Break 60: Cisco’s Acquisitions, Verizon’s IoT Ambitions

Network Break analyzes Cisco's latest acquisitions, Verizon's IoT ambitions, Microsoft's failed bid for Mesosphere, a security bill that endangers privacy, and a new startup from an old NSA hand.

The post Network Break 60: Cisco’s Acquisitions, Verizon’s IoT Ambitions appeared first on Packet Pushers.

Baidu Android app component puts 100 million devices at risk

A software development kit created by Chinese Internet services company Baidu and used by thousands of Android applications contains a feature that gives attackers backdoor-like access to users' devices.The SDK is called Moplus and while it's not open to the public, it was integrated in more than 14,000 apps, of which only around 4,000 were created by Baidu, security researchers from Trend Micro said in a blog post Sunday.The company estimates that the affected apps are used by over 100 million users.To read this article in full or to leave a comment, please click here

SDxCentral’s Top 10 SDN and NFV Articles — October 2015

AT&T, Juniper, Charles Giancarlo, and HP are in the top 3.

IEEE plugs into Smart Cities movement

Guadalajara, Mexico -- Smart Cities are the best response to the global urban future, according to the IEEE, which bills itself as “the world's largest professional association for the advancement of technology.”Gilles Betis, IEEE Smart City Initiative Chair, said the population in cities will grow from 3.5 billion today to 7.2 billion by 2050.“Doubling the number of people in cities is not an adjustment, this is a transition,” he said.Betis made the remarks in his keynote speech at the first IEEE Smart Cities Conference last week in Guadalajara, “the Silicon Valley of Mexico.”The city was the first of five “core cities” the association is focusing on for research grants and development projects.To read this article in full or to leave a comment, please click here

Review: The Art of the Humble Inquiry

Humble Inquiry: The Gentle Art of Asking Instead of Telling
Edgar H Schein

Edgar Schein says we have a cultural issue. We like to tell people what we think, rather than asking them what they’re trying to tell us. Overall, especially in the world of information technology, I tend to agree. To counter this problem, he suggests that we perfect the art of the humble inquiry — redirecting our thinking from the immediate solution that comes to mind, or even from the question that was asked, and trying to get to the what the person we’re talking to is actually asking.

He gives numerous examples throughout the book; perhaps my favorite is of the person who asked stopped their car while he was doing yard work to ask directions to a particular street. Rather than answering, he asked where they were trying to get to. They were, in fact, off course for their original plan, but he directed them down a different path that got them there faster than if they’d turned around and found their way back to that original path. This is a perfect example of asking returning a specific question with a larger question — an authentic Continue reading