Server - Page 20 of 34

Bloomberg: Microsoft is developing its own Arm server processor

According to Bloomberg sources, in addition to the server processor, Microsoft may also design the processor for the Surface series.

Big money is moving in server processors, and Amazon, among others, the world’s largest cloud service provider, has also developed its own processors for its servers. According to a Bloomberg report, Microsoft is now on the same track. According to Bloomberg’s anonymous sources, Microsoft is currently developing its own Arm-based server chip for Azure cloud services. Microsoft has developed its own chips before, and the augmented reality HoloLens 2 glasses, for example, use the company’s Holographic Processing Unit 2.0

. According to the sources on the news site, it is possible that there would also be something suitable for Surface devices underway, but the sources were even more cautious about that. Microsoft currently uses its own SQ1 and SQ2 chips in its Surface X Pro tablets, but they are based on Qualcomm’s system circuits instead of the company’s own design.

Microsoft is known to have hired processors in recent years to process processors from AMD, Intel and Qualcomm, which has buried its own server processor lines. The company has, of course, refused to comment on the actual rumors in any way, but stated that the company will continue to invest in its own circuits, their design and manufacture, and in its numerous collaborations with other circuit manufacturers.

Source: Bloomberg

Serverless hosting: Cloudflare takes over Linc

The provider Cloudflare, which specializes in DNS and content delivery network (CDN) services, has announced the takeover of Linc. Linc sees itself as a front-end delivery platform that developers can use to manage CI / CD pipelines for their front-end applications. Linc is pursuing an alternative architecture approach to the widely used JAMstack via the so-called Frontend Application Bundles (FAB). In interaction with Cloudflare’s serverless services workers and pages, FABs are intended to bridge the gap between static and dynamic frontends.

FAB vs. JAMstack With the JAMstack (JavaScript, API, markup), which is based on Netlify, JavaScript code handles the communication with the server via web APIs, while the markup on delivery handles the content via generates a (static) site generator or a framework with template support. With the FAB approach, Linc is taking a different approach: A deployment artifact should cover support for all server-side requirements, from purely static sites to apps (which use API routes or cloud functions) to fully server-side streaming rendering.

When using FABs, web developers can work with familiar frameworks such as Angular, React, Next.js or Vue.js. The FAB compiler generates a fab.zip file that matches the respective framework. It contains two components: a server.js file that serves as the server-side entry point and a _assets directory that stores HTML, CSS, JS, images and fonts that are sent to the client. According to Linc, the approach not only works with the differently structured app types, but is also designed for common CDNs and serverless hosting platforms.

With the FAB approach, Linc and Cloudflare on load balancer and CDN.

(Image: Cloudflare)

Past Load Balancer and CDN Its specific advantages apparently only come into play in interaction with Cloudflares Workers and the underlying key value store (Workers KV). While most platforms provide the two components of an FAB separately – the assets can be stored on inexpensive object storage on the CDN and the server components transferred to the serverless host – Cloudflare workers enable the FABs to be installed directly at the edge without any upstream Run Load Balancer or CDN. Although all requests have to be made by the worker with the server.js in this configuration, the FAB approach offers performance advantages, assure the Linc managers. The assets stored in Cloudflare Workers KV would be available more quickly than those from third-party hosts that are connected via proxies.

Further information on the takeover of Linc by Cloudflare is provided in a blog post that also describes the Frontend application bundles explained in more detail. More details about frontend delivery via FAB can be found on the Linc homepage.

(map)

Let's Encrypt: Certificate solution for old Android versions presented

In mid-November 2020 the Certificate Authority (CA) Let’s Encrypt warned of the expiry of the IdenTrust root certificate with which its own free X. 509 certificates are cross-signed. Instead of solving the problem with a new cross signature, the CA wants to rely entirely on its own root certificate ISRG Root X1 in the future in favor of more independence.

For Android devices with operating system versions prior to 7.1.1, this would have meant that apps and internal browsers would no longer have been able to connect to servers with certificates from Let’s Encrypt. At least not without manual “contortions”, because with these versions Let’s Encrypt’s own root certificate is not contained in the memory of the root certificates. From the start of the changeover to ISRG Root X1 on 11. January 2021 it would have hailed error messages when surfing many websites – because an alternative “Intermediate Certificate”, the previous root certificate “DST Root X3” from IdenTrust until it expires on 11. September 2021 should have been explicitly requested by the server operator.

A comprehensive solution to the problem was initially missing. But now Let’s Encrypt has convinced IdenTrust to continue to act as a higher-level certificate authority and to provide the new root certificate ISRG Root X1 with a cross signature for another three years. This means that the compatibility problems feared from January will no longer apply, according to a current blog entry by Let’s Encrypt.

DST Root X3 long-term as an anchor certificate Already when Let’s Encrypt was founded almost five years ago, IdenTrust came up with the DST Root X3 root certificate as Partner on because this s ch was already established in the leading web browsers as well as under Windows, Mac OS X, iOS and Android. The cross-signature ensured that these systems and browsers also trusted Let’s Encrypt from the start, whose own root certificate ISRG Root X1 was still largely unknown.

Current browsers and systems have long known this certificate, but old ones Android versions whose certificate store cannot be updated by Google, simply not. Let’s Encrypt will therefore continue to provide a certificate chain that contains its own ISRG Root X1 with a cross signature via IdenTrust’s DST Root X3.

Since the validity of DST Root X3 in September 2021 is an unusual action, so Let’s Encrypt. As an anchor certificate, it is still not worthless, as these basic root certificates in particular are not assigned an expiration date on Android – they remain valid indefinitely on this platform. Other operating systems and browsers ignore the cross-signature because of the expiry date, but are satisfied with the current ISRG Root X1 anyway.

But not complete independence The ISRG (Internet Security Research Group) consortium behind Let’s Encrypt and IdenTrust have obtained confirmation from the auditors that this procedure continues to meet the guidelines of the CA / Browser Forum. As a higher authority and association of CAs, browser manufacturers and developer companies, it monitors the issuing practice of recognized X. 509 certificates.

For IdenTrust, this step means continuing to share part of the responsibility for Let’s Encrypt. And for the free provider, a dependency remains, from which Let’s Encrypt actually wanted to free itself, according to its now updated statement. The need to continue to use the older Android versions, which are still in widespread use, ultimately outweighed the desired independence via one’s own root certificate.

Longer term, longer certificate chain The change to the new, downwardly compatible certificate chain as the standard will take place on 11. January 2021 now in late January or early February 2021 respectively.

The The new certificate chain with two intermediate certificates (center) still contains the DST Root X3 from IdenTrust as a cross signature for old Android versions.

(Image: letsencrypt.org)

Nothing changes for the server operator and visitors and no further actions are necessary than the usual certificate renewal with one of the Let’s Encrypt clients. However, the provider points out that the client used must be up-to-date in order to use the latest version of the ACME (Automatic Certificate Management Environment) used for domain validation. As an official client, Let’s Encrypt offers its own Certbot written in Python, but also maintains a list of compatible clients in other languages.

For connecting to servers and services with certificates from Let’s Encrypt, this means longer certificate chain with the additional intermediate certificate, more effort for the TLS handshake, since the server presents two certificates. Let’s Encrypt wants to make the handshake more efficient again in the future and is therefore planning ECDSA-based root and intermediate certificates in the coming year, which will be significantly shorter than the previous RSA-based certificates. (ovw)

Microsoft SQL Server: The PASS Global Community is giving up

PASS, the community association originally founded by Microsoft under the name Professional Association for SQL Server, has announced that it will be 15. January 2021 ceases its business. This applies to PASS Global, but not to its German offshoot PASS Deutschland eV According to the board, the background is the desolate financial situation after what was known as the “annus horribilis” year. Those responsible at PASS Global name the economic effects of the COVID 19 – crisis.

as the cause of the imbalance. The liabilities for the next five years for hotel and seminar rooms (in the event of an uncertain event situation) were offset by 2020 loss of income at the community summits . The debts that had accrued at the end of the year and in the future could apparently no longer be absorbed. At the beginning of December, the resolution was resolved in an orderly bankruptcy procedure – with a heavy heart, as the blog announcement says.

PASS Global until 15. January 2021 online The SQL PASS Summit and the SQL Saturdays are mainly affected by the bankruptcy. Until mid-January, paying members (PASS Pro) can access the learning and knowledge resources of PASS Global such as recordings of past summits. The non-profit organization expressly calls for content to be accessed while this is possible. The article does not reveal whether there are download options for backing up the material. The operation is according to PASS until 15. January 2021 guaranteed – then the club servers go offline. At the moment all documents and live recordings on the topics of data architecture, data management, data analysis, all whitepapers and all blog entries are online.

PASS is a not-for-profit association and has existed as a network for the Knowledge exchange for IT people who work with Microsoft’s SQL server. The network is divided into regional user groups that were previously self-organized; numerous regional offshoots continue to be. Shortly after the insolvency of the US-American PASS Global became known, the Microsoft SQL server team took a position on the company’s cloud blog. Microsoft emphasizes the importance of the community for SQL Server and expresses its thanks to PASS Global for “the support given to the SQL family”.

What happens next for the global SQL Server Community? In order to absorb those affected, the SQL Server team is planning to set up a new landing page for local user groups. From there, resources for training on SQL Server and Azure Data should also be accessible. The previous structure of local groups and group leaders would obviously be retained; the individual group leaders should continue to have sovereignty over memberships and the content made available. Microsoft invites the SQL server professionals affected by the bankruptcy to join the Meetup Pro network. Microsoft Teams will in future be available to user groups for virtual meetings. Details will follow, group leaders concerned can contact the Microsoft Azure Data Tech Groups directly.

Further information can be found in the message in the PASS blog. The statement from Microsoft’s SQL server team can be read in their cloud blog.

(sih)

Qboxmail: tomorrow's emails for today's business. Our proof

Emails remain an important part of business and the market offers countless solutions for their management. The Italian Qboxmail offers a service with advanced features that meets the needs of both users and system administrators, thanks to a clear and simple interface and numerous configuration options

by Riccardo Robecchi published on 22 December 2020 , at 13: 31 in the Cloud channel

The death of the emails has now been declared several times, but in all cases these predictions turned out to be inaccurate. Even today, emails are the tool that companies choose for their internal and external communication due to their reliability and simplicity. The market offers numerous options to choose from to manage company emails and among these there is Qboxmail , an Italian company which proposes an easy, intuitive, economical business email management model with many advanced features that satisfy even the most demanding users.

Whether you like it or not, emails remain the main communication tool inside (and outside) companies. Precisely for this reason they are of capital importance in business activities, but the right weight is not always given to this aspect in the choice of the service provider. In other words, the problem is that companies do not always have the right tools to manage their emails.

Qboxmail provides a service that we could define as “complete”, in the sense that offers simple but powerful tools for corporate e-mail that can meet the needs of any user. From a web interface that competes with market leaders to advanced tools for analyzing activities and managing individual accounts, Qboxmail has created a service that is able to meet the needs of both users and administrators of system.

Switching to Qboxmail: an easy and painless procedure

To try Qboxmail I decided to migrate the email address I use for my personal blog. The process was extremely simple and took only a few minutes. Once the account on Qboxmail was created, it was a matter of setting up the domain: it is necessary to create one in the settings page and then follow the instructions to actually activate the reception and sending of emails. Specifically, it is necessary to set a type A record and modify the MX records in the DNS of your domain: it is therefore necessary to be able to access the DNS configuration in order to use Qboxmail, but this is not a problem in the vast majority of cases.

Once this step has been carried out it is possible to create the accounts : in addition to the address, it is possible to specify name, surname, space available (between 1 GB and 8 GB) and type of possible connections (POP, IMAP, SMTP, webmail and DAV). You can also activate accounts from 16, 25 is 50 GB by paying extra. In the case of Enterprise accounts, it is also possible to take advantage of connections Exchange ActiveSync and storage space until 100 GB .

Among the options available to facilitate the initial setup process we find the possibility of import the configuration of domains, domain aliases, email accounts and account aliases using a CSV file , so you don’t have to manually perform all the operations. In the same way, it is possible to automatically carry out the migration of emails from the previous provider using the IMAP protocol. Supported providers include Office 365, Gmail, Exchange and generic providers (both that support SSL whether or not they do).

The administration interface provides numerous tools to keep the situation under control at every point. In addition to a dashboard that allows you to see the situation at a glance (active domains, split email boxes by capacity and status of activity, alias etc.), there is also ETLive , a tool that analyzes in time real email traffic. Thanks to it you can see the sender and recipient of each incoming email, view the technical details (IP of the origin server, email ID, size, etc.) and download a PDF report containing all the information. This tool can be particularly useful for carrying out technical checks and settling disputes.

There is also the possibility to define team member who have the ability to access domain and email address settings, restricting these permissions as needed. For example, it is possible to assign only the management permissions of a specific domain.

Point of particular interest is the possibility to activate (for a fee) the email archive : it is a service that allows you to keep for 10 years all messages received and sent automatically. The archive is available in read-only mode, so that no changes can be made: it is a particularly useful tool for compliance with the GDPR. However, Qboxmail recommends that you contact legal experts before activating the functionality, so as to evaluate together with them the actual need for the service and the additional requirements it entails (such as, for example, the need to communicate its operation to employees and collaborators ). It is also possible to define delegates who can access messages stored in one or more accounts for a period of time default.

The register allows you to view all operations performed within the account by all users: you can view access to users’ webmail, change of settings both at a general level (with the user responsible for the changes that is reported) and in individual accounts. The reporting is quite complete and also includes the IP address, the country from which the connection is made and the operation performed. In this way you are always aware of the fateful “who did what”, especially important in the event of malfunctions to understand the origin and avoid repeating mistakes.

Lastly, there is the possibility to download reports containing details on domains, domain aliases, domain limits, email accounts, email aliases and the email archive. These reports are provided in CSV format in order to facilitate their use and manipulation.

The Qboxmail web interface: easy to use and feature rich

One of the most interesting aspects of the Qboxmail Web interface is the presence of many features that could be defined ” advanced “, such as the unsubscribe , the real-time notifications , integration with a calendar and the ability to customize the user interface . These features represent one of the strengths of Qboxmail because they bring it to the same level as competing solutions such as Gmail: if you are used to the latter, the transition to Qboxmail is definitely painless. The positive comparison with the market leader solution shows how much Qboxmail’s investments in creating a functional and pleasant to use webmail have hit the target.

The interface is, indeed , even better in some respects . Calendar and address book are accessible with a click directly in the same browser tab, which makes it easier and faster to switch between functions without interrupting your workflow.

IS You can choose between three settings to view emails (vertical division between list and email, horizontal division or full screen view), so as to satisfy almost every preference in this regard.

One aspect particularly interesting is the possibility not only to divide the emails into folders, but also to apply labels to them to help to categorize emails beyond folders, for example by themes. However, these labels are not equivalent to those used, for example, by Gmail, since they remain distinct from the folders. customizable cancellation time that allows you to cancel the sending of the message: this function is especially useful if you realize you have made a mistake and

Each box gives the possibility to create antispam filters thanks to black and white lists that can be customized by the user.

The heading is divided into two areas: the corporate and the personal. This makes it particularly easy to have access to company contacts to contact colleagues and collaborators. The personal area is easily customizable with the addition of contacts in which it is possible to specify, in addition to the classic information, also the role of the contact within the company and his work team (respectively “boss” and “expeditions” , for example).

The calendar offers a large number of features: in addition to all the classic event creation features, you can specify the type of event (confidential, private or public), set two alerts at different times, prioritize the event and apply a ‘label to better categorize the events.

Inside the calendar there is the integration with Zoom that allows you to create new meetings on Zoom directly from the Qboxmail interface: simply select “Zoom” as the location for the system to automatically schedule the meeting and

A particularly interesting aspect is the possibility of enabling the two-factor authentication : using an application for generating “disposable” passwords (we used FreeOTP for Android, for example) it is possible to make access more secure and thus protect yourself by tempted vi of account compromise.

Overall, therefore, the service offered by Qboxmail constitutes a truly complete and effective solution . It gives its best if used directly from the site, which is extremely easy to use and feature rich, but can also be used with clients such as Outlook and Thunderbird. available on the official website at low prices starting from 1.5 ?? per month per account (or 15, 3 ?? the year). There are three bands: “basic”, which offers boxes up to 25 GB and contains almost all the features listed in this article with the exception of the calendar and integration with Zoom; “professional”, on which we based this piece and which allows you to go up to 50 GB; “enterprise”, offering boxes up to 100 GB, the access via Exchange ActiveSync and the ability to enforce policies on changing passwords, logging in with two-factor authentication, etc.

Cyberpunk 2077 without a gaming PC or console: tried out Stadia and GeForce Now

Cyberpunk 2077 is currently not only notorious because of its many bugs, but also for its exorbitant hardware requirements: If you want to play with ray tracing, for example, you not only need an Nvidia graphics card, but in most cases also have to switch on the AI upscaling DLSS – otherwise it will even jerk on an RTX 3080.

Stadia not only shows a blurred image, but also more unrealistic reflections on the glass due to the lack of ray tracing .

(Image: c’t Magazin)

The hour for cloud streaming platforms strikes: Services such as Google Stadia, Nvidia GeForce Now or Shadow run the game in data centers on server hardware and stream the Video output to customers. This doesn’t even require a computer, so all three services also run on iOS and Android mobile devices or even on streaming boxes for the television (Stadia on Chromecast Ultra, GeForce Now on Shield TV). For all services you have to buy Cyberpunk 2077, but the conventional GOG runs on GFN and Shadow – or Steam version (you just log into your own account), you have to buy the game on Google on the Stadia platform – if you have it on Steam or GOG, this doesn’t do you any good.

Latencies are not a big problem with proper Internet access, as several c’t tests have already shown, for example this one here (for a fee).

From 16 watch we stream live with GeForce Now and Google Stadia.

Video live stream: We play Cyberpunk 2077 on Stadia and GeForce Now

GeForce Now impresses: Raytracing Ultra with 60 fps We to have Cyberpunk 2077 (Version 1. 05) tried on Stadia and GeForce Now (GFN) and were positively surprised, especially by the Nvidia service GFN: With a chargeable “founder” account (currently 27, 45 Euro for 6 months) we could play the game with all (!) Settings on the maximum value without any problems in 1080 Use p-resolution (“Raytracing Ultra”) – at least if DLSS is activated (“Auto”). Without the AI-supported upscaling function, you could still play reasonably well, but with it it was much more fun and feels like 60 fps. Unfortunately, with the GOG version we tested it is currently not possible to display the frame rate calculated by the server. For comparison: On a local gaming PC with a GeForce RTX 2070 and AMD Ryzen 3700 x the game ran significantly worse with the same settings. There is also free GFN access, but there always seems to be long waiting times. With the chargeable founder account, we never recorded waiting times on several test days.

Google Stadia: Runs okay, but graphically slimmed down There is also Google Stadia in a free version, we could use it without any problems. It runs with a maximum of 1080 p-resolution and stereo sound. 4K, HDR and 5.1 sound are reserved for the Pro version (9, 99 euros per month). We also tested with this. Unlike GFN, Stadia runs a specially adapted version that has significantly fewer setting options. So there is only one option under “Graphics” between a 60 – fps mode (“high frame rate”) and a 30 – fps mode (“graphics”). Otherwise you can only set chromatic aberration, depth of field, lens flare and motion blur. Both Stadia preset modes are significantly slimmed down compared to the PC or GeForce Now version: For example, there does not seem to be any ray tracing effects, not even in the 30 – fps mode.

Cyberpunk 2077 in the cloud: image quality in comparison (10 Pictures) PC native (Raytracing Ultra)

(Image: c’t Magazin) In our test runs, the game always ran smoothly under Stadia and also worked without any problems via a Chromecast Ultra with a Stadia controller. However, the image sharpness varied significantly, especially when we used a browser instead of Chromecast. In one case – Edge was running under Windows 10 – the picture worked especially in 60 – fps mode very washed out. After a restart there was more sharpness in the picture. We didn’t have these problems with Chrome. Incidentally, it didn’t seem to be due to the video codec used: With the browser extension “Stadia Enhanced” we had manually preset VP9, the codec is more efficient than the H otherwise used. 264. During the two-hour test run, the Stadia version crashed twice.

All tests ran on a gigabit cable connection (1000 Mbit / s down, 50 Mbit / s up), the Windows – 10 – test computer was connected to the router by cable. We didn’t test Shadow because it currently takes around six months to get an account.

Conclusion The free version of GeForce Now requires a lot of waiting.

Cyberpunk 2077 is more fun in the cloud than on many gaming PCs – especially with GeForce Now you can get into that Enjoy the full graphic splendor, including ray tracing effects. At first glance, these are subtle, but make for a much more realistic overall impression. The unfortunately ray-tracing-free Stadia version is well suited for people who have a Chromecast Ultra but do not have a gaming PC. If you are not too impatient, you should wait a few months anyway until CD Projekt Red has eliminated the most violent bugs.

(jkj)

Streaming platform: Apache Kafka 2.7 gets new inter-broker API

The Kafka message broker, which has been further developed by the community and Confluent under the umbrella of the Apache Software Foundation, is officially available in version 2.7. The update of the open source project, which is designed for real-time processing of large amounts of data, contains numerous bug fixes, various improvements and some new functions. The Kafka team has made progress especially in efforts to replace ZooKeeper with a self-managed metadata quorum with a view to Release 3.0 (KIP – 500).

Apache Kafka 2.7 offers a new Inter-Broker API for this purpose. It should create the prerequisites for making changes in the In-sync Replica (ISR) faster and more safely. The previous approach, updates of the controller (broker responsible in the Kafka cluster for the status management of partitions and replicas) and the partition leaders in ZooKeeper (znode “https://www.heise.de/brokers/topics/ / partitions / [partitionId] / state “) saved information about zkVersion was accompanied by time delays. In particular, the forwarding of zkVersion by the leader to the controller takes place up to 60 seconds delayed. To prevent future metadata queries from delivering outdated information, the new AlterIsr – API help. It grants the controller the exclusive privilege to update Partition Leader and ISR.

Bill Bejeck from the Developer Relations Team Confluent gives a compact overview of Apache Kafka 2.7

in the video Another measure that should help to replace ZooKeeper is the introduction of a broker-side SCRAM configuration API. As stated in the Kafka Improvement Proposal KIP – 554 in front seen, SCRAM credentials can in future be managed via the Kafka protocol. Version 2.7 of the associated tool kafka-configs has been adapted to the new protocol API.

In the update of the Message Broker there is also a Core Raft implementation in accordance with KIP- 595. A separate “Raft” module contains the core of the consensus protocol. As long as the integration with the controller has not yet been completed, however, Kafka users have a separate server available to test the performance of the Raft implementation.

More details and a complete one The Confluent blog post announcing the new version and the release notes for Apache Kafka 2.7 provide an overview of all new features.

(map)

heise offer: Now in the magazine trade: special issue c't PC self-construction

The special edition c’t PC-Selbstbau is now available at the kiosk. Tests and purchase advice help to select the right components for your requirements from the huge range of current processors, SSDs, graphics cards and mainboards. In addition to three building instructions for all-round and gaming PCs, the special issue contains a focus on the topic of home servers.

Assembling the Ryzen-Allrounder Plus Three PC construction proposals Using three suggestions from the c’t laboratory, you can recreate your desired PC: You can choose from the Ryzen Allrounder Plus, the basic version with the six-core AMD Ryzen 3600 begins. For more demanding tasks, it can be used with more powerful CPUs up to 16 – Kerner Ryzen 9 5950 X, a PCIe 4.0 SSD Samsung 980 Pro and a high-end graphics card. For those on a tight budget, there is an inexpensive gaming machine with an AMD or Intel CPU that is suitable for common 3D games in Full HD resolution.

Hardware tests and purchase advice The large processor purchase advice takes you through the CPU maze of AMD Athlon, Ryzen with and Without graphics, Ryzen Threadripper and Intel Celeron, Pentium, Core i and Core X. Using benchmarks and tests, the special issue c’t PC-Selbstbau not only shows which applications and 3D games benefit from how many CPU cores, but also delivers Suggestions for the motherboard suitable for the processor. The graphics card purchase advice explains which current 3D accelerator fits best. SSD test reports help you to find the right mass storage device.

Special issue PC self-assembly 2020 (5 pictures) Self-built home server In addition, you will find instructions for a flexible home server in the special issue c’t PC self-construction which, if necessary, not only records over 99 TByte of data, but also some Offers professional features such as ECC RAM and remote maintenance. In the associated server purchase advice, you can find out which alternatives are available if you are toying with a finished NAS or an economical mini PC as data storage. We also have server SSDs and a hard drive with 18 TByte capacity under the microscope.

Printed and digital c’t do-it-yourself PC it both on paper and in digital form. Who the print edition for 14, 90 Euro up to and including 29. 12. 2020 Ordered in the heise shop, does not pay shipping costs.

The digital version as a PDF is now available for 12, 99 euros in the heise shop and in our Android and iOS apps as well as on Amazon. (chh)

New, sometimes critical gaps discovered in the Treck TCP / IP stack – updates available

Intel researchers have discovered four security flaws in the (closed-source) TCP / IP stack from Treck – the stack that was released in June of this year by 19 Collection “Ripple 20” was affected. Two of the new vulnerabilities are considered critical: remote, unauthenticated attackers could misuse them to paralyze vulnerable systems via denial-of-service attacks or to execute arbitrary program code on them. The other two gaps were assigned “Low” and “Medium” ratings.

The TCP / IP stack from Treck is for embedded Devices are optimized and used by companies such as HP, Intel, Schneider Electric, Rockwell Automation and many others. The areas of application are diverse and range from smart home and networked office components to medical devices and industrial control systems.

Treck has confirmed the gaps and published an update. To date, no publicly available exploit code for the vulnerabilities has emerged, and no active attacks have been observed. The attack complexity for the critical vulnerabilities is rated as low.

Affected stacks and updates The CVE vulnerabilities – 2020 – 25066, CVE – 2020 – 27337, CVE – 2020 – 27338 and CVE – 2020 – 27336 (CVSS scores 9.8, 9.1 , 5.9, 3.7) are in the HTTP server, IPv6 and DHCPv6 code of all stack versions up to and including 6.0.1. 67 . A separately published security notice by the US authority CISA indicates that the Treck TCP / IP stack is also used under other names and cites as examples Kasago TCP / IP, ELMIC, Net + OS, Quadnet, GHNET v2, Kwiknet and AMX .

Stacks from version 6.0.1. 68 are covered according to CISA; Manufacturers of vulnerable products can send an email to Treck about patches.

Further information As a rule, end users only find out about the vulnerability of their devices if the manufacturers inform about it and provide updates. As a guide, the CVE IDs can help to assign the patches in question to the holes. However, many users are likely to look in vain: For many (cheap) devices, there are simply no updates and update mechanisms provided. In other cases it takes a long time to distribute.

Treck advises users with no update options to use firewall rules to block HTTP packets that have a negative “Content-Length” header field Have value. The CISA provides a more general hint, with which the average person can probably start more – namely to minimize the access options to potentially vulnerable devices via the Internet and, in case of doubt, to use a secure connection, e.g. via VPN.

(ovw)

High Level Vulnerability in Dell Wyse thin clients

Dell’s Wyse ThinOS operating system is vulnerable and endangers series computers. The two gaps are considered ” critical “. After successful attacks, attackers could completely compromise clients.

The security holes (CVE – 2020 – 29491, CVE – 2020 – 29492) have the highest possible CVSS Base Score 10 of 10 classified. They affect all versions of Wyse ThinOS up to and including 8.6. Dell issues a warning that the issue 8.6 MR8 is secured. The computer manufacturer also lists the affected models there.

In a contribution by the discoverers of the gaps in CyberMDX, the security researchers explain what possible attacks could look like. Devices of the Wyse Thin series are compact PCs as virtual desktop solutions that connect to a high-performance server for demanding computing tasks and thus carry out calculations.

The security problem Admins can also manage Wyse thin clients globally over the network – and this is where the security problem lies. A local FTP server is used as standard for remote administration, which provides firmware updates and configuration files, among other things.

This is problematic that the access succeeds without entering log-in data. The firmware files are signed, but this is not the case with INI configuration files. To make matters worse, a certain INI file is writable so that anyone in the network could manipulate this file.

In this way, attackers could manipulate files with comparatively little effort to gain control over clients the security researchers warn.

(des)

How to Use a Tablet as a Portable Raspberry Pi Screen

Every model of Raspberry Pi needs some form of output and typically this takes the form of a screen. You can forgo a monitor and set up a headless Raspberry Pi, but having a screen is better where possible because you don’t need a network connection and using VNC for remote viewing makes watching videos or the camera feed slow and tedious.

Over the years there have been many projects and hacks to include a portable screen. From Motorola Atrix Lapdocks, to CrowPi2 there are many different ways to have a portable Pi. But after reading a Reddit thread, we wondered if we could make our own portable Raspberry Pi setup by using an Android tablet (or phone) as the screen.

For this project you will need

Any Raspberry Pi, we used a Raspberry Pi 400
Keyboard / Mouse and power for your Raspberry Pi
An old Android tablet, we used a Nexus 7 2013
A USB to HDMI adapter
USB to micro USB / USB C adaptor

This project will see the HDMI output from our Raspberry Pi converted into a USB “webcam” input via a USB HDMI video capture device, which sells for around $15. Using a free app we “trick” the tablet into displaying the Raspberry Pi desktop. All of this kit will fit easily into a bag for easy transport and it can be used with a USB power bank.