I recently had the pleasure of attending EuroMPI 2015, hosted by INRIA in Bordeaux, France (…hey, you should attend EuroMPI 2016 in Edinburgh, Scottland!).
I gave two mini-talks during my speaking slot, the first of which was entitled: Crazy ideas about revamping MPI_INIT and MPI_FINALIZE.
Continue reading “Crazy ideas to revamp MPI_INIT and MPI_FINALIZE”
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Post authored by Earl Carter and William Largent
Talos is disclosing the discovery of an exploitable buffer overflow vulnerability in the the MiniUPnP library TALOS-2015-0035 (CVE-2015-6031). The buffer overflow is present in client-side XML parser functionality in miniupnpc. A specially crafted XML response can lead to a buffer overflow, on the stack, resulting in remote code execution.
This miniupnpc buffer overflow is present in client-side part of the library. The vulnerable code is triggered by an oversized XML element name when applications using miniupnpc library are doing initial network discovery upon startup, while parsing the replies from UPNP servers on the local network.
MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, such as Tor and cryptocurrency miners and wallets, to operate on the network.
When parsing the UPNP replies, the XML parser is initialized and `parsexml()` function is called:
On September 30, 2015, Cisco received the International Corporate Energy Management Award from the Association of Energy Engineers (AEE) for our global energy management program and our commitment to reducing greenhouse gas (GHG) emissions globally. We are very honored to receive this award and very proud of the work that we have done in setting aggressive targets and pursing high value projects to achieve the targets.
Cisco has set and achieved a series of environmental sustainability goals. In 2009, Cisco met a goal we had set in 2006 to reduce business-air-travel emissions worldwide by 10 percent against a 2006 baseline. In 2012, we met a commitment to reduce all Scope 1, 2, and business-air-travel Scope 3 GHG emissions worldwide by 25 percent against a 2007 baseline. In February 2013, we announced a set of five new goals related to our operational energy use and GHG emissions. To achieve these goals, we approved $57.5 million in funding for 2014 through 2017 for the creation of a program called EnergyOps. The EnergyOps team is comprised of energy and sustainability professionals who identify and implement energy efficiency and renewable energy projects throughout our global real estate portfolio working with local facilities teams, engineers and project managers. Many of the EnergyOps team members are Certified Energy Managers through AEE.
Since we launched the EnergyOps program, we have completed or initiated 344 energy efficiency and renewable energy projects. This has reduced Cisco’s energy annual use by 105 GWh and GHG emissions cumulatively by over 1 million metric tonne of CO2e. Examples of some of these projects include solar installations in the United States and India, numerous indoor and outdoor lighting improvements, and various types of upgrades to HVAC systems at many of our campuses, like our Shanghai location.
The multi-year EnergyOps program is not only helping us achieve our energy saving goals, but also manage operational expense, reduce exposure to fluctuating energy prices, and reinforce our commitment to being environmentally responsible. We estimate that the projects we have completed or initiated to date will save approximately US$15M annually.
The AEE Awards are presented annually at the World Energy Engineering Congress to energy companies and professionals who have achieved international, national, regional, or local prominence in their fields.
Please read more about Cisco’s commitment to reducing GHG emissions at csr.cisco.com.
You’ve seen the data points: 30 million new devices connected to the Internet each week. A whopping 50 billion connected by 2020. This surge of connectivity – driven largely by the Internet of Everything – is creating vast new opportunities for digitization as industries transform.
This tidal wave of connected devices is also reshaping the data center. Why? Because every single thing connected to the Internet has a MAC and IP address, and this enormous growth will unleash more addresses than anyone can imagine. These addresses need, feed, and breed applications, whether by running an app or providing it data. And as this happens at an exponential scale, the data center becomes the key to making it all work.
We know that the applications will be everywhere, and that’s a good thing. Apps will continue to be in the enterprise data center – the private cloud—where they’ve been running for a long time. And they’ll run in cloud-based data centers. They’ll also run at the edge – whether the edge is a branch office, your home, or even a part of your body.
For applications to perform optimally no matter where they are, the infrastructure has to understand the language of applications. We have to teach it. And this is where policy comes in. For us, policy is teaching the infrastructure the language of the application so that the application can tell the infrastructure, “Here is what I need to run at my best.”
This is an area where Cisco has a lot of skin in the game. After all, no one knows Data Center infrastructure better than we do.
Continue reading “Data Centers: Applications, Networks and Chicken-Salad Sandwiches”
Earlier this week, I hosted a #CiscoChat along with other team members of the @CiscoMFG team including Nancy Cam-Winget (@ncamwingw), an industrial security expert and Distinguished Engineer at Cisco, along with cohost Gregory Wilcox (@gswilcox_ohio) of our strategic alliance partner Rockwell Automation (@ROKAutomation). We had a thought-provoking interchange on how new digital business models impact industrial security interests, as well as some of the other inherent security risks for manufacturers.
If you missed the chat, the full recap is here, and below, I summarize a few of the highlights and insights for me.
Why is security for manufacturers such a top-of-mind concern, discussed across engineering, production, supply chain and boardroom alike?
By 2020, there will be an estimated 50+ billion intelligent things connected to the Internet. The emergence of more “smart” connected factories, in which machines and devices Continue reading “Security for the Digital Manufacturer: Recap of recent #CiscoChat”
Every once in a while you need to take a step back, and think about the future. Where’s a good place to look for high risk, high opportunity ideas in the future of computer security? New Security Paradigms Workshop (NSPW) is a crystal ball view into the future of cybersecurity. NSPW is an invitation only workshop dedicated to in-depth discussions of radical forward thinking in security research. Here are highlights from a handful of presentations that pursue areas that might be evocative or inspirational to the broader Cisco security community.
Milware: Identification and Implications of State Authored Malicious Software is a research effort that starts with looking to establish a technical basis for distinction between mal- and milware. The authors evaluated and reverse engineered sample malicious software to establish an initial set of criteria that consistently distinguishes the samples identified as state or non-state authored. These are:
Continue reading “Looking Into a Crystal Ball for the Future of Cybersecurity”
The Cisco UCS® C220 M4 Rack Server continues its tradition of Industry leadership with the latest announcement of the first top 2-socket performance for max- jOPS in a multiple–Java virtual machine (JVM) environment ahead of other vendors.
Some of the key highlights of Cisco’s new SPECjbb2015 benchmark results are:
The benchmark configuration consisted of the benchmark controller, back-end, and transaction injector functions, each running on its own JVM. The JVM instances ran on a Cisco UCS C220 M4 Rack Server powered by two 18- core Intel Xeon processor E5-2699 v3 CPUs running a single instance of Red Hat Enterprise Linux (RHEL) Server 6.5 and 64-bit Oracle Java HotSpot Server Virtual Machine (VM) 1.8.0_60. Check out the Performance Brief for additional information on the benchmark configuration. The detailed official benchmark disclosure report is available at the SPECjbb2015 Website.
The new SPECjbb2015 benchmark has enhancements that align with the changes that you are experiencing in your own IT organization—thus giving you a more accurate capacity measurement than previous versions of the benchmark.
Let’s take a look at what this UCS C220 M4 SPECjbb2015 performance result means for the end users and customers…
When you choose Cisco UCS servers, customers benefit from the performance and rapid deployment capabilities of Cisco UCS.
Additionally you gain business advantages such as:
Accelerated response: Cisco tunes the chip sets and servers for specific workloads. With high-performance processors, large and fast memory configurations, and efficient use of Intel Turbo Boost Technology, the Cisco UCS C220 M4 delivers low latency and server optimization to JVMs.
Increased scalability: The benchmark results show that the Cisco UCS C220 M4 delivers excellent scalability to JVMs and applications.
Data center simplification: Cisco UCS delivers the scalability needed for large Java application deployments. The dramatic reduction in the number of physical components results in a system that makes effective use of limited space, power, and cooling resources by deploying less infrastructure to perform the same, or even more work.
Although all vendors have access to same Intel processors, only Cisco UCS unleashes their power to deliver high performance to applications through the power of unification. The unique, fabric-centric architecture of Cisco UCS integrates the Intel Xeon processors into a system with a better balance of resources that brings processor power to life. . For additional information on Cisco UCS and Cisco UCS Integrated Infrastructure solutions please visit Cisco Unified Computing & Servers web page.
Disclosure
SPEC and SPECjbb are registered trademarks of Standard Performance Evaluation Corporation. The performance record described in this document was valid based on results posted at http://www.spec.org as of September 23, 2015.
-Bill Martorelli, Principal Analyst, Forrester Research
For the past two decades many enterprises managed their IT vendor relationships pretty much the same with batch updates and reviews. That worked well when they were fully outsourcing their IT function with a single service vendor. But, in our hyper-connected world IT departments are managing five times as many providers as they were seven years ago and the pace and scale are increasing.
We all know the right cloud solutions help organizations improve agility, accelerate time to market, and deliver cost savings. But for customers, it’s not always easy to know where to start. Between public, private, and hybrid cloud solutions, they need to know which choice is best for their business and what to do first. They need a cloud strategy.
According to a new Cisco-sponsored IDC report (“Don’t Get Left Behind: The Business Benefits of Achieving Greater Cloud Adoption”), only 1% of organizations have fully-optimized cloud strategies in place. Only 1%.
Help Customers Build Better Cloud Strategies
Here’s where customers need your expertise. And we want to help you develop this expertise.
Based on in-depth IDC market research and insights from over 3,400 organizations across 17 countries, we developed the Cisco Business Cloud Advisor — a framework to help customers translate in-depth research into actionable cloud adoption plans.
Now we’re making it available to you, our partners, to make your customer conversations easier.
Consider the benefits of showing customers how much they will gain and how much more competitive and productive they will be with a cloud strategy. Collaborating with IDC, we analyzed cloud adoption levels by geography, industry, and company size. Using the Cisco Business Cloud Advisor, you can provide cost and time-to-market improvement estimates based on an organization’s cloud adoption.
Once your customers understand the business benefits of cloud adoption, you can offer concrete recommendations, and strategy that includes real solutions and services — from your portfolio and ours — to help them meet their business needs.
Continue reading “Lead Cloud Disruption and Adoption. We’re With You.”
