Storage Short Take #9

I’m about to head off onto a much-needed vacation, but before I do I realize I’m seriously overdue on my storage short takes. Ooops.

Let’s get started with the Storage Short Take #9! As always, links are valid at the time of publication.

• Storage Media
• Storage Companies in the News
• Industry Associations and Standards
• Webinars and Conferences
• Synology Security News
• Bonus Round

Storage Media

If you use Apple’s Time Machine, this may be of interest. Backblaze has written a blog about how to use multiple HDDs with Time Machine.

Kingston announces high-endurance microSD cards. Check out the operating hours for the 128GB!

Both NetApp and EMC have announced Optane support.

Intel is crowing about increased adoption of Optane, naturally. You should be aware of the different modes, however, as being used in memory mode, Optane is not persistent.

Could 2018 Be The Last Year Hybrid Shipments Greater Than AFAs?

Now, I’ve had my own issues with Tom’s Hardware before, but they’ve got an interesting article on Samsung’s Z-NAND vs. Intel’s Optane that is worth a cursory glance.

Back to Table of Contents

Storage Companies in the News

Good for Excelero. They’ve managed to score a partnership with Lenovo’s ThinkSystem portfolio with NVMesh.

In another “Good for them,” moment, Elastifile (another company of which I’m a big fan) has announced self-service availability for File-Storage-as-a-Service on Google Cloud.

Storage Newsletter wonders if DataCore can rebound with new CEO and Management Team.

DriveScale announces composable storage architectures using NVMe/TCP (the first one that I’ve seen).

Remember Violin? As part of their attempt to live up to the Greek Phoenix legend, they’ve been accepted to the HPC STAC benchmark council.

AWS has announced updated long-term retention storage for as low as $1/TB per month. No idea how much it costs to get it back, though.

Back to Table of Contents

Industry Associations and Standards

If you are part of a SNIA member company and are interested in Computational Storage, you should consider joining the Working Group.

Back to Table of Contents

Webinars and Conferences

Presentations from the SNIA EMEA conference are now available.

To that end, the 2019 SNIA Storage Developer Conference Call for Presentations is now open.

SNIA’s webinar on Transactional Models and their Storage Requirements, held on April 9, covered some of the important concepts of transactions in storage – useful in financial applications in particular. This is a good primer for understanding one of the most fundamental aspects of storage use cases.

We’ve taken a bit of a hiatus in the Networking Storage Forum of SNIA for the Everything You Wanted To Know About Storage But Were Too Proud To Ask series, but we’re back with part Taupe and the Memory Pod. This has been one of the most commonly requested webinars, and you can register for it for May 16, 2019.

You can learn about the technical deep dive of Fibre Channel Protocol Analytics 201, with Viavi’s Yamini Shastry and Teledyne LeCroy’s David Rogers, broadcast on April 11, 2019.

Can you believe June is just around the corner? I’ll be moderating a Fibre Channel Zoning Basics webinar on June 27, 2019.

You can follow NVM Express,  SNIA’s Networking Storage Forum and FCIA on Twitter, too.

Back to Table of Contents

Synology Security News

Please see earlier Storage Short Takes for additional Synology advisories (#8, #7, #6, #5, #4).

Important Severity

Affected: Apache HTTP Server 2.4

Status: Ongoing

Solution: None yet.

Details:

CVE-2019-0211 allows local users to conduct privilege escalation attacks via a susceptible version of Apache HTTP server 2.4.

References

• CVE-2019-0211
• httpd 2.4 vulnerabilities

 

Affected: Calendar

Status: Resolved

Solution: Upgrade to 2.3.1-0617 or above

Details:

A vulnerability allows remote attackers to execute arbitrary commands via a susceptible version of Calendar.

Moderate Severity

Affected: Dragonblood. SRM 1.2

Status: Ongoing

Solution: None yet.

Detail:

Dragonblood attacks, CVE-2919-9494, and CVE-2019-9496 allow remote attackers to obtain sensitive information or conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM). CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, and CVE-2019-9499 allow remote attackers to obtain sensitive information via a susceptivle version of RADIUS Server.

 

Affected: Office

Status: Resolved.

Solution: Upgrade to 3.1.4-2772 or above

Detail:

A vulnerability allows remote authenticated users to inject arbitrary web script or HTML via a susceptible version of Office.

Low Severity:

Affected: Dragonblood. RADIUS Server 3.0

Status: Ongoing

Solution: None yet.

Detail:

Dragonblood attacks, CVE-2919-9494, and CVE-2019-9496 allow remote attackers to obtain sensitive information or conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM). CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, and CVE-2019-9499 allow remote attackers to obtain sensitive information via a susceptivle version of RADIUS Server.

References:

• VU#871675
• Wi-Fi Alliance® security update
• Authentication bypass in EAP-PWD
• CVE-2019-9494
• CVE-2019-9495
• CVE-2019-9496
• CVE-2019-9497
• CVE-2019-9498
• CVE-2019-9499

Back to Table of Contents

Bonus Round

Over 13,000 iSCSI storage clusters left exposed online without a password. Ooops.

Also, using biological synthetic DNA to storage data. Wait, what?

Back to Table of Contents