Storage Short Take #29

Not the actual guys

After a bit of a hiatus, we’re back with Storage Short Take #29. Some company updates, some misinformation about NVMe-oF, a whole lot of Synology security updates, and a mysterious visit from the FBI to a friend of mine.

As always, links were active at time of publication.

Storage Media and Technology

Tom’s Guide has an interesting article on how Cloud storage technologies have changed over the years.

There’s a short white paper on the Impact of AI on Storage and IT (PDF) that raises some interesting questions. I wish that it had been just a bit more specific about what the nature of these impacts are, but I may be the wrong audience for this white paper. It’s very high level, which is fine in it’s own regard, but I would like to see exactly what the characteristics of these workloads do to the storage and IT management, but unfortunately it’s vague on that subject.

Don’t have Intel Optane DIMMs yet? Well, fuggedaboutit. Gen 2 is now here.

Cybersecurity Ventures predicts that global storage will exceed 200ZB by 2025. I remember 10 years ago when we were making predictions about how much data would be available by 2020. I really need to go back and see if I can find some of those old presentations and see what the numbers were…

CNET has a list of the “Best External Hard Drive and SSD in 2020 for Mac, PC, PS4 and XBox.” This question seems to come up a lot, so I’ll try to add these reports when I see them. You can compare the list with CBR, who made their own Top 10 External HDD list.

I find these kinds of things little more than clickbait, usually, but this report by Digital Guardian (no, not familiar with them either) on Assessing the Risk of Data Loss During the COVID-19 Pandemic (PDF) runs some pretty interesting numbers of what people do with their data during events like this. Even as a broad stroke, it’s an interesting take on storage behavior.

Image stolen from express.co.uk. LETSGODIGITAL • SONY • MICROSOFT

If you’re a console gamer, you really want to read this article on Why Xbox and Playstation SSDs Usher In a New Era of Gaming. First, it’s because it’s written by Billy Tallis, who really knows his stuff, and second, you’re going to want to know what he has to say about what the new technology means to your gaming experience.

Howard Marks has done a really good job writing about Declustered Parity, also known as Declustered RAID. It’s a form of distributed RAID, and something that I’ve been toying with in the back of my head for a number of years now, but haven’t really gotten my act in gear to finish my Brilliant Idea Worth Billions™. In any case, it’s an interesting concept and has some profound implications for some of the systems and technologies that are starting to emerge in the industry.

SearchStorage has written an article on NVMe-oF that, unfortunately, is full of errors. Some of them are minor (e.g., the initial goal was that NVMe storage over a fabric was intended to be less than 20 us, not 10), but some are pretty major. For example, an article written at the end of May, 2020, should not be naming DSSD at all, given its demise more than 3 years prior. What’s more, it was PCIe and not NVMe-oF at all. It’s a true mystery as to why it’s included. It also falsely claims that NVMe/FC (the proper acronym for running NVMe over Fibre Channel) is a “nearly zero-copy process” (FC has had zero copy for years before Ethernet). Then, before I had to stop reading, the article claims “It [NVMe/RDMA] requires special configurations, such as enabling priority flow control and explicit congestion notification to eliminate dropped packets.” Oh god no it doesn’t, and that’s not how any of it works.

Back to Table of Contents

Storage Companies in the News

Infinite.io follows on the heels of its Google Cloud integration with support for Microsoft Azure. I really like Infinite.io, actually. It’s got a very clever approach to solving the I/O problem, by letting hosts avoid the I/O in the first place when possible. It’s a really neat technology, best suited to greenfield environments, sure, but has some great potential for integration with Cloud as well.

Well, it appears we’re not done with the onslaught of new storage startups that begin with the letter “N.” Newly emerging stealth company Nebulon has a “hardware-assisted, scale-out, all-flash storage array featuring real-time AI Ops management and a cloud control plane.”

Zerto, the disaster recovery company, has been around for a long time (since 2009). At this point, even Blocks and Files seems to be somewhat bearish on its outlook as it looks for more funding. (Note: after I entered this in, I saw that Zerto had, in fact, secured $53M in funding). This is right after their virtual conference, ZertoCON 2020 this month, talked about some new extensions for Cloud-based applications.

Blocks and Files did an interview with David Flynn, CEO of Hammerspace. I was fortunate enough to have a conversation with them last year about their technology, and they’ve got some really cool stuff going on. The unfortunate part about the article is that David spends a lot of his time in marketing-speak. I find that frustrating, because coming into the article it’s really not clear what it is that Hammerspace does.

Is Cloudera up for sale?

Back to Table of Contents

Webinars, Podcasts, and Conferences

StorageUnpacked has a podcast sponsored by Tintri on the changing role of the storage admin. I don’t usually link to sponsored commercials like this, but the role of the storage admin is changing, and the discussion is worth having.

I participated in a new SNIA webinar on Key Management 101 with Dell’s Judy Furlong, and we just published the FAQ for the session. If you’re curious at all about Key Management for storage, this is a great place to start.

Speaking of the Storage Security Series, the Q&A for the Encryption webinar has also been posted.

The Flash Memory Summit is still happening, but it will be virtual. I’ll be moderating a panel on AI/ML, which is perfect because I’ll have almost nothing to say on the matter and you’ll get all the lovely goodness from the actual panelists. FMS will be held on October 20-22.

There are a lot of things going on in the world of storage, including Computational Storage, NVMe, and the like. It’s a good idea to get a handle on some of the terms and technologies. At SNIA SDC EMEA, Or Lapid did a presentation on Understanding NVMe Namespaces that’s worth a look.

Back to Table of Contents

Synology News and Security Info

Synology has been on a roll for the past couple of weeks. First, they announced new All-Flash NAS servers for small-and medium sized businesses, and then they updated their DS Plus line of home/small business NAS devices. I didn’t write a blog about their NAS servers, because I had some questions for them that I wanted to include, and got some answers over the weekend. So, I’ll be writing that blog as soon as I can.

Please see earlier Storage Short Takes for additional Synology advisories. Some of those vulnerabilities are still active. Note: these advisories here are for PSA purposes only. I make absolutely no warranties, expressed or implied, as to the efficacy of the fixes here. If you own a Synology product, it is your responsibility to be actively engaged in the security of your Synology product.

Critical Severity

Affected: SRM

Status: Resolved.

Solution: Upgrade to 1.2.4-8081 or above.

Details:

Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Synology Router Manager (SRM).

 

Important Severity

Affected: CallStranger.

Status: Ongoing

Solution: Mixed. Most services are not affected. You should upgrade your SRM1.2 to 1.2.4-8081 or above. Media Server 1.8 is still ongoing.

Detail:

A vulnerability allows remote attackers to obtain sensitive information or conduct denial-of-service attack via a susceptible version of Synology Router Manager (SRM) or Media Server.

References:

 

Affected: NXNSAttack.

Status: Ongoing

Solution: Mixed. Most services are not affected. You should upgrade your SRM1.2 to 1.2.4-8081 or above. Media Server 1.8 is still ongoing.

Detail:

CVE-2020-8616 allows remote attackers to conduct denial-of-service attacks via a susceptible version of DNS Server. None of Synology’s products are affected as CVE-2020-12662 only affects when Unbound DNS resolver is enabled.

References:

 

Affected: SRM.

Status: Resolved.

Solution: Upgrade to 1.2.3-8017-2 or above

Detail:

A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).

 

Affected: WordPress.

Status: Ongoing

Solution: None yet.

Detail:

Multiple vulnerabilities allow remote attackers to inject arbitrary web script or HTML via a susceptible version of WordPress.

References:

 

Affected: Samba.

Status: Ongoing

Solution: None yet.

Detail:

CVE-2020-10704 allows to conduct denial-of-service attacks via a susceptible version of Synology Directory Server. None of Synology products are affected by CVE-2020-10700 as this vulnerability only affect Samba 4.10.0 and later.

References:

 

Moderate Severity:

Affected: Cloud Station Backup

Status: Resolved.

Solution: Upgrade to 4.3.3-4468 or above.

Detail:

A vulnerability allows local users to execute arbitrary code via a susceptible version of Cloud Station Backup.

 

Affected: Synology Calendar

Status: Resolved.

Solution: Upgrade to 2.3.4-0631 or above.

Detail:

Multiple vulnerabilities allow remote authenticated users to download arbitrary files or hijack the authentication of administrators via a susceptible version of Synology Calendar.

 

Affected: DSM

Status: Resolved.

Solution: Upgrade to 6.2.3-25423 or above.

Detail:

Multiple vulnerabilities allow remote authenticated users to conduct denial-of-service attacks or obtain user credentials via a susceptible version of DSM.

 

No Severity:

Affected: BIND

Status: Not affected.

Solution: None.

Detail:

ISC releases security advisories for BIND, but it only affects ISC BIND 9.11.14 and later.

 

Affected: Ripple20

Status: Resolved/Not Affected

Solution: N/A.

Detail:

None of Synology’s products are affected as these vulnerabilities only affect products equipped with Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM).

 

Affected: OpenSSL

Status: Resolved/Not Affected

Solution: N/A.

Detail:

None of Synology’s Products are affected as CVE-2020-1967 only affects OpenSSL 1.1.1 and later.

Back to Table of Contents

Bonus Round

Just one more reason why multiple backups are really important, as well as a disaster recovery plan. Disgruntled employees might only get community service, but businesses can suffer greatly.

Oh, and for a really great read, do not miss Howard Marks’ visit from the FBI.

Back to Table of Contents

If you find this useful, please consider dropping a few pieces of loose change into the tip jar. It helps with incidental expenses to provide this information to you. 🙂

Donation for Good Work ($1 after PayPal takes its cut)

$1.43

Follow, sponsor, or see more at:
Advertisements

1 Comment

  • Lance A. Leventhal July 8, 2020 at 19:44

    You have done your usual great job. However, please note that to us English speakers, ” it’s own regard” should be “its own regard”. Didn’t someone teach you that on your way to your PhD? As for the short hiatus, I really wish you had called me since I would have been glad to bail you out. I understand you have only a “J” to use as a name, but that is no excuse for trying to steal from ICANN! Best regards, Lance A. Leventhal

    Reply

Leave a Reply

%d bloggers like this: