I’m about to head off onto a much-needed vacation, but before I do I realize I’m seriously overdue on my storage short takes. Ooops.
Let’s get started with the Storage Short Take #9! As always, links are valid at the time of publication.
- Storage Media
- Storage Companies in the News
- Industry Associations and Standards
- Webinars and Conferences
- Synology Security News
- Bonus Round
Storage Media
If you use Apple’s Time Machine, this may be of interest. Backblaze has written a blog about how to use multiple HDDs with Time Machine.
Kingston announces high-endurance microSD cards. Check out the operating hours for the 128GB!
Both NetApp and EMC have announced Optane support.
Intel is crowing about increased adoption of Optane, naturally. You should be aware of the different modes, however, as being used in memory mode, Optane is not persistent.
Could 2018 Be The Last Year Hybrid Shipments Greater Than AFAs?
Now, I’ve had my own issues with Tom’s Hardware before, but they’ve got an interesting article on Samsung’s Z-NAND vs. Intel’s Optane that is worth a cursory glance.
Storage Companies in the News
Good for Excelero. They’ve managed to score a partnership with Lenovo’s ThinkSystem portfolio with NVMesh.
In another “Good for them,” moment, Elastifile (another company of which I’m a big fan) has announced self-service availability for File-Storage-as-a-Service on Google Cloud.
Storage Newsletter wonders if DataCore can rebound with new CEO and Management Team.
DriveScale announces composable storage architectures using NVMe/TCP (the first one that I’ve seen).
Remember Violin? As part of their attempt to live up to the Greek Phoenix legend, they’ve been accepted to the HPC STAC benchmark council.
AWS has announced updated long-term retention storage for as low as $1/TB per month. No idea how much it costs to get it back, though.
Industry Associations and Standards
If you are part of a SNIA member company and are interested in Computational Storage, you should consider joining the Working Group.
Webinars and Conferences
Presentations from the SNIA EMEA conference are now available.
To that end, the 2019 SNIA Storage Developer Conference Call for Presentations is now open.
SNIA’s webinar on Transactional Models and their Storage Requirements, held on April 9, covered some of the important concepts of transactions in storage – useful in financial applications in particular. This is a good primer for understanding one of the most fundamental aspects of storage use cases.
We’ve taken a bit of a hiatus in the Networking Storage Forum of SNIA for the Everything You Wanted To Know About Storage But Were Too Proud To Ask series, but we’re back with part Taupe and the Memory Pod. This has been one of the most commonly requested webinars, and you can register for it for May 16, 2019.
You can learn about the technical deep dive of Fibre Channel Protocol Analytics 201, with Viavi’s Yamini Shastry and Teledyne LeCroy’s David Rogers, broadcast on April 11, 2019.
Can you believe June is just around the corner? I’ll be moderating a Fibre Channel Zoning Basics webinar on June 27, 2019.
You can follow NVM Express, SNIA’s Networking Storage Forum and FCIA on Twitter, too.
Synology Security News
Please see earlier Storage Short Takes for additional Synology advisories (#8, #7, #6, #5, #4).
Important Severity
Affected: Apache HTTP Server 2.4
Status: Ongoing
Solution: None yet.
Details:
CVE-2019-0211 allows local users to conduct privilege escalation attacks via a susceptible version of Apache HTTP server 2.4.
References
Affected: Calendar
Status: Resolved
Solution: Upgrade to 2.3.1-0617 or above
Details:
A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Calendar.
Moderate Severity
Affected: Dragonblood. SRM 1.2
Status: Ongoing
Solution: None yet.
Detail:
Dragonblood attacks, CVE-2919-9494, and CVE-2019-9496 allow remote attackers to obtain sensitive information or conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM). CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, and CVE-2019-9499 allow remote attackers to obtain sensitive information via a susceptivle version of RADIUS Server.
Affected: Office
Status: Resolved.
Solution: Upgrade to 3.1.4-2772 or above
Detail:
A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Office.
Low Severity:
Affected: Dragonblood. RADIUS Server 3.0
Status: Ongoing
Solution: None yet.
Detail:
Dragonblood attacks, CVE-2919-9494, and CVE-2019-9496 allow remote attackers to obtain sensitive information or conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM). CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, and CVE-2019-9499 allow remote attackers to obtain sensitive information via a susceptivle version of RADIUS Server.
References:
- VU#871675
- Wi-Fi Alliance® security update
- Authentication bypass in EAP-PWD
- CVE-2019-9494
- CVE-2019-9495
- CVE-2019-9496
- CVE-2019-9497
- CVE-2019-9498
- CVE-2019-9499
Bonus Round
Over 13,000 iSCSI storage clusters left exposed online without a password. Ooops.
Also, using biological synthetic DNA to storage data. Wait, what?
Comments
Pingback: Storage Short Take #10 – J Metz's Blog
Pingback: Storage Short Take #11 – J Metz's Blog
Pingback: Storage Short Take #12 – J Metz's Blog