Daniel Dobraniste

Cool Summer Internship Started With Smart Escape

For the past two weeks, we’ve been meeting with students from the Faculty of Automatic Control and Computers and Faculty of Mathematics and Computer Science. We’re really pumped up to talk to students about our Cool Summer Internship, the career opportunities and the perks at 4PSA. Internships are a tradition we’re really fond of here, and this is our 8th edition.

Students who applied to our internship at the LSAC IT&C Job Fair were in for a surprise. Five lucky winners got vouchers at a hip escape room in Bucharest. Since we’re after individuals with inquisitive minds, great attention to details and a strong interest in finding the best solution to a problem, we figured getting out from an escape room would be a great treat for such characters.

Read More

The prize

And the students who won our prize are…

Last week was all about summer and students for us, as we kicked off our 9th internship program. We were very happy to meet a new generation of brilliant future computer engineers at the LSAC IT&C Job Fair and to showcase our Cool Summer Internship. The participants got the chance to interact with our team and our CEO, find out more about us, what we’re working on and what it takes to become one of our Clouders.

Read More

Cool Summer Internship 2016 Kicks Off

Every March, excitement takes over our office. Everyone gets giddy and it’s quite clear we’re just counting down the days ’till a new edition of Cool Summer Internship! This is the exact situation we’re in right now, so let’s take a closer look at what we have in store for this year :)


via GIPHY

Let’s meet

We’re debuting our 8th internship program during the LSAC IT&C Job Fair today. We’re welcoming brilliant future engineers to our presentation at the Automation and Computers Faculty. Let’s meet in EC105 hall starting 2 PM. This is a great opportunity for all students to find out more about us, what we’re working on and what it takes to become one of our Clouders. Both our CEO, Bogdan Carstoiu, and our newest Clouders will have interesting stories to share.

Read More

CVE-2015-7547 universal glibc security hotfix, no reboot necessary

Researchers have discovered and announced a major flaw in one of the building blocks on Linux operating system – the GNU C Library. The vulnerability has been reported as CVE-2015-7547 and was disclosed on Tuesday, February 16, 2016. The vulnerability is in function getaddrinfo() that performs domain-name (DNS) lookups.

Impact

The vulnerability allows remote exploitation. Proof of concept has been published and exploits using the vulnerability have started to emerge.

Who is vulnerable

Being a core OS function, glibc is used by thousands of higher level software, including programming languages such as PHP or Python. All versions of glibc newer than 2.9 are vulnerable as the vulnerability has been introduced in 2008. Widely used server Linux distributions such as Redhat Enterprise Linux and Debian are vulnerable as well.

Mitigation

At this date, most Linux distribution vendors have released updates, but the simple fact that you update the operating system is not enough to mitigate the issue, because:

  • You might use third-party software that is statically linked with glibc. While this is a bad practice, it is not very uncommon.
  • Daemons dynamically linking glibc must be restarted in order to load the new library in memory.

That’s why it is strongly recommended to restart the OS after you perform this update.

Recommended actions

To avoid the reboot (at least until the next scheduled update) and to make absolutely sure that no exploitation is possible even if your system runs vulnerable software maintained by third-party vendors that did not release a patch, we recommend the following approach:

1) Download and execute the firewall:

curl https://raw.githubusercontent.com/4psa/voipnowpatches/master/CVE-2015-7547-fix.sh -o CVE-2015-7547-fix.sh
sh CVE-2015-7547-fix.sh

This shell script will add to firewall rules that DROP DNS packages larger than 512 bytes UDP and 1024 bytes TCP, which will introduce immediate protection against the vulnerability with no functionality impact.

This is a generic script designed to protect any Linux system. It has been tested on RHEL, CentOS, CloudLinux, Debian, Ubuntu and Virtuozzo. We make no warranties, if you discover any issue, we welcome pull requests.

Update 1: We removed FORWARD rules from the script. The rules were initially added for machines that host containers to protect them all, but this is not the best approach – you cannot protect them all so easily. It’s highly suggested not to use this script on machines you run a DNS server on.

2) Update your operating system using the normal procedure with “yum update” or any other distro specific tool such as apt-get.

3) Restart the OS in your next scheduled maintenance window.

Our actions

Feb 16, 2016 ~17:00 GMT

We became aware of the vulnerability.

Feb 16, 2016 17:30 GMT

We started to investigate our software (both our own code and repositories shipped as dependencies) to determine where and how we are affected by the issue.

Feb 17, 2016 10:50 GMT

All our systems and customer systems hosted by us (VoipNow OnDemand, DNS Manager OnDemand and Hubgets) are protected against the vulnerability.

Feb 17, 2016 12:10 GMT

We produced a hotfix mitigation script and notified our customers to apply it immediately on their systems.

Feb, 17 2016 12:15 GMT

We produced a generic version of the firewall hotfix and published it openly for download.

Next step

As of February 17, 2016 12:00 GMT we have not located specific vulnerabilities in our shipped software, so technically the vulnerability should be fixed with an OS update and reboot. But as the investigation has not been fully completed, we highly recommend to all our customers to apply the firewall protection script described above.

Read More

Source: Racounter.net

Cloud Set To Massively Transform The Way We Work

The beginning of every year is marked by predictions and attempts at assessing the future. 2016 is no different, and this time we’re taking a close look at how our digital lives will improve in the upcoming years.

An infographic from Raconteur ranks the top 10 drivers leading to digital transformation for businesses, pointing out the factors with the greatest influence on the way we’ll work in the years to come. The global tech forecast anticipates a massive expansion of digital technologies among businesses of all sizes.

Read More

A Match Made in Heaven – Why Call Centers and UC Go Hand in Hand

Contact Center

Metaphorically speaking, Unified Communications (UC) solution vendors walk around carrying a long list of benefits for service providers who want to offer UC services for SMBs and other organizations (i.e. upgrade their business communication channels). The are many reasons and truth is this crusade against old technology is very justified. Any way you look at it, UC services, especially when hosted in the Cloud, knock the socks off any legacy phone network.

A call center is, in and of itself, a network of phones. Much of UC’s functionality actually originated in call centers. The only difference is that unifying these features enables Service Providers (SP) to take better advantage of resources with the end goal of increasing productivity and improving the customer service. So what better business to target with UC if not contact centers? And although every feature counts, it’s those that touch the customer directly that weigh the most

Read More

Professions

Girls Today Are More Interested in STEM Careers Than Boys Are

What did you want to become when you were a child? A doctor? A ballerina? An engineer? An astronaut? As we reach adulthood, few of us land a dream job. But if a recent survey is any indication, the next generation will be filled with scientists and engineers. And we have girls to thank for that.

STEM (previously SMET) is an acronym that refers to the academic disciplines of science, technology, engineering, and mathematics. It’s a pool of careers where you’re likely to find more men than women, but according to data unearthed by Fatherly, things are about to change really soon

Read More

900

How Services (Not Apps) Make the World Go Round

How Services (Not Apps) Make the World Go Round

Image credits: dumontlawllc.com

The amount of time spent on mobile apps has increased by 21% from 2014 to 2015, with the mobile app market being worth an estimated $58 billion. That amount will rise to $77 billion by 2017, according to research conducted this year. But it’s not the mobile apps themselves that generate all this money – it’s the services behind them.

At the dawn of the app store gold rush – as the media affectionately calls it – apps were low in numbers and simplistic: reminders, photography, note taking, doodling apps, match-three games etc. As time progressed, not only were there more apps to be found, but their complexity grew as well, and so did the hardware they ran on. Their numbers grew from mere thousands to billions, as more developers started leveraging newer, more advanced technology, but also another game changer

Read More

900

UC&C Is Headed to the Cloud

UC&C Is Headed to the Cloud

Image credits: scandinavianoffice.net

Success in business depends as much on innovation as it does on adaptability, strategy, marketing, and of course solid investments. The evidence in favor of digital investments as a key driver is overwhelming. In the not too distant future, a company’s communication and collaboration efforts will be inherently reliant on cloud technology. And the reason is simple: everybody’s doing it, and he who doesn’t falls behind in reach, discoverability, customer satisfaction and many other areas that make or break a business.

Fierce competition, but also the always-on nature of cloud solutions, forcefully dictate the need to incorporate technology as a business strategy. Research conducted by IDG Enterprise gives us a bird’s eye view of the direction of spending, areas of investment and drivers, with a focus on the communication tools employed (or soon-to-be-employed) at large companies

Read More

900

Quote of the Day by Bruce Dickinson

Quote of the Day by Bruce Dickinson

Image credits: cjconsultants.com

Sales, marketing, consulting… these are paid positions that society finds useful in many contexts, but the world and its future are not dependent on these occupations. Engineering, however, is something the world cannot do without.

Engineering can be considered the world’s oldest profession because it predates humanity. Just ask Charles Darwin, whose famous theory of evolution is based on the idea that nature constantly engineers itself to survive and adapt. Bruce Dickinson surely agrees. According to the famous rocker, engineering is one of the most important things you can teach a child to aspire to

Read More