Across the Pacific, veteran security tester Charles Henderson tells of how years back he exited a warehouse after a red-teaming job. "I was walking out to leave and I looked over and saw this truck," Henderson says. "It was full of the company's disks ready to be shredded. The keys were in it." Henderson phoned the CEO and asked if the truck was in-scope, a term signalling a green light for penetration testers. It was, and if it weren't for a potential call to police, he would have hopped into the cab and drove off. Henderson now leads IBM's new red-teaming unit in the United States, which he also built from the ground up."There are some instances where criminal law makes little distinction between actions and intent, placing red teams in predicaments during an assignment, particularly when performing physical intrusion tasks," Nathaniel Carew and Michael McKinnon from Sense of Security's Melbourne office say. "They should always ensure they carry with them a letter of authority from the enterprise."Your reporter has, over pints with the hacking community, heard many stories of law enforcement showing up during red-team ops. One Australian was sitting off a site staring through a military-grade sniper scope, only to have a cop tap on the window. Gatford some years ago found himself face-to-face in a small room with a massive industrial furnace while taking a wrong turn on a red-team assignment at a NSW utility. He and his colleagues were dressed in suits. Another tester on an assignment in the Middle East was detained for a day by AK-47-wielding guards after the CEO failed to answer the phone. Red teamers have been stopped by police in London, Sydney, and Quebec, The Register hears.One of Australia's notably talented red teamers told of how he completely compromised a huge gaming company using his laptop and mobile phone. Whether red teaming on site or behind the keyboard, the mission is the same: breach by any means necessary.
Vid Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.So say researchers with Cybereason, who claim a pair of high-profile vulnerabilities they spotted in surveillance cams two years ago have been completely ignored by vendors – thus leaving the door wide open for miscreants to hijack potentially "hundreds of thousands" of devices and use them for attacks.Cybereason's Amit Serper says he and fellow researcher Yoav Orot exploited flaws in off-the-shelf internet-connected cameras back in 2014 in an effort to show how poor IoT security was at the time.Since then, Serper says, the bugs have not only gone unpatched, but the insecure code has popped up in network camera firmware shipped by dozens of manufacturers selling their weak wares on Amazon. The Cybereason pair finger VStarcam as one vendor of vulnerable kit."I’m also not releasing the names of all the camera vendors," said Serper. "This would encourage hackers to look for the software flaws. I named VStarcam since their cameras are readily available from eBay and Amazon. Their cameras are also sold under the name Eye4."
(Another example: while writing this Virgin Media went down, and the Huawei smoothly switched to 4G.)Design-wise, it’s a modest evolution of the gimmick-free Mate formula: large, with nicely tapered sides. The speaker quality is a whole lot better this year, though – it’s probably the first thing you’ll notice as the device boots. It’s really a bottom-firing mono speaker but the earpiece speaker also chimes in with a little bit of treble, giving an ersatz stereo soundstage. Switch from landscape back to portrait, and the sound changes from bogo-stereo to what Huawei calls “euphonius sound”, which nobody there can explain. There’s decent balance at mid-volume, but the bass disappears as the decibels increase.Note that the Porsche Design variant of the Mate 9 has "Porsche Designed" speakers.With the Mate 9, Huawei very much wants you to know that it has revamped its Emotion UI (or EMUI) launcher and skin. This heavy, paternalistic, iPhone-derived Sino-centric design served it well as Huawei took its first steps into the Asian consumer market. But Huawei is keenly aware – having been berated so often by reviewers - that the UI needs more polish and fewer eccentricities to succeed at the premium end of the Western market.
So Huawei has hired [subscription required] former Apple designer Abigail Brody to revamp the UI. EMUI here gets a numerical bump up to 5.x, and is based on Android Nougat 7.0. But despite the bump, it’s very early days. The most noticeable change is that EMUI gains an Android-standard app drawer, although the iPhone-style pile up all the apps on the home screen mode is still the default setting. Notifications are presented in a much more banal-looking list than previously, but you can blame Google here – it’s the Nougat standard.Proportions look better, some dialogs have been smartened up, and EMUI doesn’t mask third-party desktop icons quite so aggressively. I like how if you hold the app drawer icon down for a second, then the drawer starts, but the UI input focus goes straight to a search box. That means you can’t shift the drawer icon from its permanent centre spot on the dock. EMUI also supports three preset scalings (like the iPhone’s "Zoomed" setting), a blue light filter, and the ability to start two instances of apps, each with a different user account.We’re at the beginning of a design design overhaul that I suspect will take at least two more iterations.At 1080 x 1920, the display will delight everyone except the basement-dwelling gadget bloggers who anoint something a failure if it falls below the maximum ppi. I’m pleased Huawei has shunned a power-guzzling QHD (1440 x 2560) resolution display, however, for its mainstream Mate – for this a very good panel indeed. (But watch this space: Huawei has just announced a China-only Mate 9 with a QHD panel, because your buying decisions just aren’t complicated enough).
The imaging unit used by the P9 and P9 Plus is incorporated here, the Leica-branded 20MP/mono 12MP combo that can turn in excellent results. I won’t dwell on it since this is the only familiar part of the phone (see our P9 snaps review here), and I will cover it in more depth in the full final review.The Mate 9’s performance was particularly outstanding, with rapid startup times. Huawei claims the system performs additional optimisations based on how frequently you use an app. But the new Kirin 960 silicon helps too. This uses the latest ARM cores – four of the A-73s – with four older A-53 cores.And not surprisingly, given the latest SoC, the Mate 9 roasts the competition on both synthetic benchmarks like Geekbench, and high frame rates for games. Geekbench 4 returned a single core result (1914) higher than either of the Galaxy S7s or the Note 7, while the multicore result (5810) was even further out in front (the Note 7 recorded 5228, last year’s Nexus 6P 2848.Call quality was predictably excellent - it's a Huawei - holding a signal well, and grabbing one quickly. The battery needs a longer workout. It's one of the strongest in its class, at 4000mAh, and Huawei has a bunch of tricks to prolong the charge. Whether it fulfils Huawei's promise of "two full days" is something I can't yet corroborate, given the hammering it has been taking.
In summary, the Mate 9 carries forward the Art of the Phablet without any gimmicks, and without encroaching on Samsung’s pen-centric territory. As for value for money, without a UK street price, we can’t say much. But watch this space. Analysis A sea change is gathering pace in storage, powered by NVMe drive-level and fabric-level connectivity, the two declaring war on data access latency, and combining to bring data closer to compute and get more applications running in servers faster.The change we are facing is that from the SAS/SATA drive array accessed over Fibre Channel or iSCSI to one accessed across an NVMe fabric and using NVMe drives inside. And there is another change going on, which is the rise of hyper-converged infrastructure (HCI) systems with virtual, not physical, SANS. Although such HCI systems will eat into the physical SAN market it's not likely to destroy it and the SAN market is going to stick around for many years, especially if its data access latency disadvantages can be removed.NVMe storage nirvana, the combination of NVMe-accessed drives asnd NVMe over Fabrics-accessed shared storage arrays, is not a simple plug-and-play style change. A series of steps are needed to build a staircase to NVMe heaven and enable a general adoption of NVMe storage. We're asking people in the industry what they think of these steps and and how general NVMe storage adoption might take place.
The suppliers we are approaching include Dell EMC, E8, HDS, HPE, Huawei, IBM, Kaminario, Lenovo, Mangstor, NetApp, Nimble, Pure, Tegile and Tintri; all of them shared storage array suppliers.Dimitris Krekoukias is a global technology and strategy architect at Nimble Storage and here are his ideas about NVMe adoption, which he emphasises are his general ideas and not to be taken as indicative of Nimble Storage plans or intentions. They are his personal views of how the storage array-using community might adopt NVMe.Dimitris Krekoukias NVMe is a relatively new standard that was created specifically for devices connected over a PCI bus. It has certain nice advantages versus SCSI such as reduced latency and improved IOPS. Sequential throughput can be significantly higher. It can be more CPU-efficient. It needs a small and simple driver, the standard requires only 13 commands, and it can also be used over some FC or Ethernet networks (NVMe over Fabrics). Going through a fabric only adds a small amount of extra latency to the stack compared to DAS.
El Reg Why and where should we use NVMe drives now?Dimitris Krekoukias NVMe drives are a no-brainer in systems like laptops and DASD/internal to servers. Usually there is only a small number (often just one device) and no fancy data services are running on something like a laptop... replacing the media with better media+interface is a good idea.Dimitris Krekoukias Tests illustrating NVMe performance show a single NVMe device being faster than a single SAS or SATA SSD. But storage arrays usually don't have a single device and so drive performance isn't the bottleneck as it is with low media count systems.The main bottleneck in arrays is the array controller and not the SSDs (simply because there is enough performance in just a couple of dozen modern SAS/SATA SSDs to saturate most systems). Moving to competent NVMe SSDs will mean that those same controllers will now be saturated by maybe 10 NVMe SSDs. For example, a single NVMe drive may be able to read sequentially at 3GBps, whereas a single SATA drive does 500MBps. Putting 24 NVMe drives in the controller doesn't mean that magically the controller will now deliver 72GBps. In the same way, a single SATA SSD might be able to do 100,000 read small block random IOPS and an NVMe with better innards 400,000 IOPS. Again, it doesn't mean that same controller with 24 devices will all of a sudden now do 9.6 million IOPS!
Dimitris Krekoukias Current NVMeF arrays prioritise performance and tend not to have HA, very strong RAID, multi-level checksums, encryption, compression, data reduction, replication, snaps, clones, hot firmware updates. Or the ability to dynamically scale a system.Dual-ported SSDs are crucial in order to deliver proper HA. Current dual-ported NVMe SSDs tend to be very expensive per TB versus current SAS/SATA SSDs.Dimitris Krekoukias Due to the much higher speed of the NVMe interface, even with future CPUs that include FPGAs, many CPUs and PCI switches are needed to create a highly scalable system that can fully utilize such SSDs (and maintain enterprise features), which further explains why most NVMe solutions using the more interesting devices tend to be rather limited.Dimitris Krekoukias Using NVMe over Fabrics can often mean purchasing new HBAs and switches, plus dealing with some compromises. For instance, in the case of RoCE, DCB switches are necessary, end-to-end congestion management is a challenge, and routability is not there until v2.
El Reg So how can we take advantage of NVMe without taking away business-critical capabilities?Dimitris Krekoukias Most customers are not ready to adopt host-side NVMe connectivity – so have a fast byte-addressable ultra-fast device inside the controller to massively augment the RAM buffers (like 3D Xpoint in a DIMM), or, if not available, some next-gen NVMe drives to act as cache. That would provide an overall speed boost to the clients and not need any client-side modifications.An evolutionary second option would be to change all internal drives to NVMe, but to make this practical would require wide availability of cost-effective, dual-ported devices. Note that with low SSD counts (less than 12) this would provide speed benefits even if the customer doesn't adopt a host-side NVMe interface, but it might be a diminishing returns endeavor at scale, unless the controllers are significantly modified.El Reg And when customers are ready and willing to adopt NVMe over Fabrics?Dimitris Krekoukias In this case, the first thing that needs to change is the array connectivity to the outside world. That alone will boost speeds on modern systems even without major modifications.Replacement Laptop Battery & Adapter online, Buy Notebook Batteries at all-laptopbattery.com