Archive for the 'secuirty' Category

IoT App hell of the future

On the day after it was revealed that some models of the Google Home Mini speaker was revealed to be recording voices 24/7 due to a defect, Danny Palmer has a thoughtful piece on ZDNet about the toxic legacy of IoT devices.

Danny is spot-on about the social and technological impact of connected devices past their support date. While I’ve complained in the past about constantly updating apps, both adding function that slows the original device, and removing function that changes, often destroys the original value proposition of the device. It’s perhaps when the devices stop getting updates we have the most to fear from?

I have a Netgear NAS that is out of support, in fact, since I have an identical NAS that wakes-up Tuesdays at 2am and backs-up the primary NAS, I have two of them. While they are out of support, Netgear has been good at fixing urgent vulnerabilities. Of course, since I can’t see the source, I don’t know what vulnerabilities they have not fixed.

Kate and I went to see Blade Runner 2049 on the opening day at the local AMC cinema. It’s a bit of a thing of mine to sit through ALL, and I mean all of the end credits, As we left the theater, there it was, right at the very bottom of the screen, unseen from the seats, the Windows XP Start-button. I have no idea what projector they were using, but yes, many projectors did, and obviously still do run Windows XP.

More on OpenSSL, Heartbeat

I don’t propose to become an expert on OpenSSL, much less the greater security field, but I know people who are. My role in the Linux Foundation Core Infrastructure Initiative was to help Dell recognize how we can support a key industry technology, and at least give Dell the ability to have input on what comes next.

Our SonicWall team have many experts. They’ve published a great blog both on  their product positioning and use in relation to Heartbleed and vulnerabilities, and Network Security product manager Dmitriy Ayrapetov raises the question, in a world of mostly TCP traffic, are TLS Heartbeats even necessary?

The Dell SecureWorks Counter Threat Unit™ (CTU) have a blog on malware arising out of and exploiting the heartbleed vulnerability. Another great Dell resource well worth following for those with an interest in secuirty.

Der Spiegel Article Regarding NSA TAO Organization

As I know from search engine referrals to my blog a lot of readers arrive here for searches on firmware, open source and security, I thought it worth adding a link to point to the official Dell Corporate response to the current concerns on the Der Spiegel report.

This mirrors and was my experience.

Dell to acquire SonicWall

8:16 AM Dell (DELL) says that it will snap up network security player SonicWall from P-E firm Thomas Bravo for an undisclosed amount in a deal that is expected to close within 45 days. SonicWall was taken private by Thomas Bravo back in 2010.

10:15 AM Here is a link to the formal corporate announcement with more detail on SonicWall

Posted from WordPress for Windows Phone

Customer service – You’ve been Zappos’d

When I first ordered from Zappos.com and they screwed up with the packaging, craming a $200+ dollar jacket in a shoe box, so much so I had to have it professionally steamed to get the creases out, I was prepared to forgive them. After another order they put me on their VIP list, free shipping both ways[read shipping included in the price, since they are anything but cheap.] Zappos is an Amazon.com business.

My 3rd order was for some shoes, I ordered a 12, they shipped an 8. I returned them free, instead of a refund, I got a credit note. I’d have happily accepted the right size, but they didn’t have them. I did do at least one more order, but have backed off recently.

Then late last week I got an email telling me they’d been hacked, some of my data and my password had been compromised, they’d reset my password and I should logon and change it. So I tried. Their system responded “”We are so sorry, we are currently not accepting international traffic. If you have any questions please email us at help@zappos.com”.

Here is my summary email sent back to them today. What’s clear is that their customer service, average under normal circumstances, is less than what I’d expect, VIP or not.

“No wonder you got hacked. Let recap, please read carefully…

1. You got hacked
2. You write to me telling me to change my password
3. Your system won’t let me change my password because I’m overseas attending my father’s funeral.
4. I ask you to remove my account and ALL my data
5. You write back telling me to change my password
6. I write back telling you that wasn’t what I asked, and to delete my account and remove all my data
7. You write back telling me to deactivate my own account
8. I can’t. See #3
9. I write this email back pointing out how useless you are.”

Dell Management Console and 11G Server Launch

I spent Friday afternoon in a wet Round Rock parking lot where we held the launch thank you party for the team that put together the 11th Generation of Dell servers and the associated management software. We don’t complain about rain in Austin, it feeds some of the best things about town, namely Barton Springs, Lake Travis, which feeds Town Lake where I run, and the lake at Pure Austin North where I swim, in perfect conditions, twice per week. The celebration was sponsored by our partner Broadcom.

The event was hosted by our executives, including Michael Dell, and they made some important observations on the process to design the servers, market acceptance and customer feedback. While I was waiting in the food line, one the other folks and I got talking, he said “I looked at your blog the other day and you didn’t write anything on the Dell Management Console”. And he’s right.

It’s a significant step forward for Dell customers and for Dell. The DMC is based on the modular Symantec Management Platform architecture and offers a comprehensive set of features at no additional cost. While I was in IBM Power Systems, one of the fights I had with them was over their console and management strategy. While I’m sure they had good reasons the way they did, what they did, their ongoing strategy couldn’t follow the same path of fragmented consoles for this, consoles for that, different interfaces, different terminology for the same things etc. I’m hopeful still that when they introduce their next generation of servers, they’ll have learned the lessons that Dell already has.

DMC replaces the existing Dell hardware management console, Dell OpenManage IT Assistant. DMC has a plug-in architecture that allows the console to be extended with additional function and to be used as a manager for other scenarios, devices etc. However, true to the Dell mission to simply IT, Reduce TCO and one way we are doing that is to included a significant amount of function in the base, rather than as chargeable plugins. Here’s a summary of the major functions and improvements over prior offerings:

  • Hardware – multiple choices on how to explore, report and understand hardware configs plus export as tables; many pre-configured reports asd well as the ability to create your own.

    Proactive heartbeat monitoring is also supported, based on a user defined schedule; event suscription is also supported for Dell servers and MIBs can be imported for non-Dell hardware.

    You can push config changes and agent, BIOS, driver and firmware patches to many servers simultaneously without scripting.

  • Security – you can group devices and servers by geographical, logical, organisztional or type, or create your own. These can then be managed using role based secuity. You can create your own roles, or import them from Microsoft Active Directory.
  • Software – Support for hypervisors such as VMware(r) ESXi as well as Microsoft and Citrix. Health monitoring, discovery of virtual machines, associate to physical host server etc. Also included is the normal OS monitoring of utilization for memory, processors, free space and I/O.
  • Networking – The console includes support for a broad range of devices, but also includes support for Fibre Channel switches.

Thats an outline of the support in the new Dell Management Console, powered by Altiris from Symantec. I went to look for a couple of white papers to include links for. One with a more detailed list of device support and a second with a more comprehensive strategy that showed the plug-in architecture and the other function available for DMC. I came across this great resource, the Dell POWER Solutions magazine(just a hint of irony).

Here is a link where you can download the entire magazine, as a 21Mb PDF file. Alternatively, here is a link for an index into the articles where you can review each article seperately.

On Power Systems and Security

One of the topics I’m trying to close on at the moment is Power Systems Security. I have my views on where I think we need to be, where the emerging technology challenges are, what the industry drivers are(yours and ours), and the competitive pressures.

If you want to comment or email me with your thoughts on Power Systems security, I’d like to hear. What’s important, what’s not?  Of course I’m interested in OS related issues, AIX, i, or Linux on Power. I’m also interested in requirements that span all three, that need to apply across hardware and PowerVM.

Interested in mobility? Want your keys to move between systems with you? Not much good if you move the system but can’t read the data becuase you don’t have key authority. Is encryption in your Power Systems future? Is it OK to have it in software only, to have it as an offload engine or does it need to run faster via acceleration. Do you have numbers, calculations on how many, what key sizes etc.

Let’s be clear though, we have plans and implementations in all these areas. What I’m interested in are your thoughts and requirements.


About & Contact

I'm Mark Cathcart, formally a Senior Distinguished Engineer, in Dells Software Group; before that Director of Systems Engineering in the Enterprise Solutions Group at Dell. Prior to that, I was IBM Distinguished Engineer and member of the IBM Academy of Technology. I'm an information technology optimist.


I was a member of the Linux Foundation Core Infrastructure Initiative Steering committee. Read more about it here.

Subscribe to updates via rss:

Feed Icon

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 936 other followers

Blog Stats

  • 84,148 hits