Archive for the ‘Technology’ category

Microsoft Ignite agenda insights to the future road map

August 14th, 2018

Microsoft recently published the session list for its annual Ignite IT Pro conference happening at the end of the September. Alook at the topcis gives a clue to its roadmap. There sessionson on the next version of SQL Server. Surface Hub 2 and Surface Go with LTE, Intune and Windows Autopilot, Windows Server 2019. New Remote Desktop services.

Last year, Microsoft used Ignite to highlight AI, intelligent edge and its futuristic quantum-computing technologies but overall the listed sessions, look more down to earth. There are two mixed-reality sessions — including “Visio Immersive,” Almost 100 listed sessions touch on AI . At Inspire Microsoft told partners the “AI Accelerate Kit”would be coming in October and include AI use cases, best practices and “Ethical AI” guidance so that seems lilley to be included.

At Ignite Microsoft will again focus on Microsoft 365,- the bundle of Windows 10, Office 365 and Intune security/management technologies.

Expect to a lot of Dynamics 365 CRM and ERP content — because October is when the next feature update will arrive for the suite of Dynamics products.

There seems to be more developer content: . ASP.NET, Visual Studio Code and Visual Studio 2017, Node.js, and sessions on linux and Docket containers, Progressive Web Apps and MSIX, the new Windows 10 application-packaging technology Microsoft is rolling out.

There are 115 sessions listed for SQL Server /Azure SQL. Mayeb we will get an insight into the successor to SQL Server 2017 — codenamed “Aris,” which is currently in private Community Technology Preview testing.

Microsoft wil lalso show the new the Surface Hub 2 and Surface Go.

Expect Windows Server 2019, Microsoft’s next major release of Windows Server, to be a hot topic -it’s due to start roll out before year end.

https://www.microsoft.com/en-us/ignite

https://www.microsoft.com/en-us/ignite/faq

September 24–28, 2018 | Orlando, Florida

Dynamics 365 October 2018 release – many new features

August 4th, 2018

What to expect from the Dynamics 365 October 2018 release is set out in a 250 plus page document. The coming October update includes more than a hundred incremental updates to: the core Dynamics, Sales, Marketing, Customer Service, Portals, Omni-channel Engagement Hub, Field Service, Project Service, Social Engagement, Finance and Operations, Talent, Retail, and Business Central products and services.

The new Dynamics 365 AI for Sales app, will help sales teams to use technologies, such as call sentiment analysis and warnings about deals being at risk, to take proactive actions. This app will be in public preview as of October 2018.

Expect to see a more tightly integrated Dynamics 365 with Microsoft Teams, SharePoint, LinkedIn, Microsoft Stream video platform, Azure, Azure IoT Central, Outlook together with relationship analytics and predictive lead scoring also in public preview as of October.

Finance and Operations (Dynamics AX, ERP) each feature listed below will be released with general availability
Financial
• Dual currency
• View settlement transactions
• Global number sequences
• Vendor and customer approvals for specific fields
• Data entry dimension values
• Consistent validation actions
• IBAN number validation
• Change cash discounts
• Automatic ledger settlements
• Reverse journal posting
• On-hand inventory report performance
• Simplification through configurable templates
• Enterprise credit management
• Revenue recognition

Operations
• Master planning performance improvements
• Consolidation of planned orders during parallel firming
• Sealed bidding
• Unit of measure
• Public sector enhancements

Globalization
• Russian localization
• Globalization – enhanced configurability
• Regulatory Services, Configuration service
Platform Updates
• Usability and productivity updates
• Personalization improvements
• Additional demo data
• Data resident subscriptions
• Supportability rules
• Test automation support
• Troubleshooting for the document routing agent
• Upgrade automation
• On-premises deployment
• Manage batch jobs

Integration
• Integration with Field Service: Inventory and Projects
• Extend analytical workspaces by mashing up external data with Power BI

Analytics
• BYOD (Public Preview)
• Edit analytical workspaces
• Pin Power BI dashboards to workspaces
• Real-time embedded Power BI Reports

Lifecycle Services
• Dynamics Translation Services API (Public Preview)

Microsoft continues to emphasize the applicability of its HoloLens augmented reality goggles with the company’s business applications. The October 2018 update will feautre integration with Remote Assist, Microsoft’s new hands-free video calling, and Microsoft Layout, which allows space planners to design their spaces.

The Common Data Service, which is part of its “Power Platform,” will also be updated with the October 2018 release.

SQL Server 2016 SP2 CU2, SP1 CU10

July 18th, 2018

Fixes and improvements:
• DAG improvement – automatically seed replicas – when you add a database to an existing AG, SQL Server can automatically seed it across the secondary replicas. .
• AGs – configurable session_timeouts
• AGs – slow transactions with 1 sync and 1 async secondary
• AGs – on cross-data-center AG failover, you get a non-yielding scheduler and a crash
• AGs – queries on secondary take twice as long
• AGs – VSS backups fail on secondary replicas in a Basic Availability Group (which technically you’re not supposed to do, but you can still back up the entire secondary VM, and that’s where the problem looks like it’s coming in)
• AGs – fixing error 19432 for duplicate log blocks
• Log shipping – add support for Transparent Data Encryption by configuring MAXTRANSFERSIZE.
• Dynamic data masking doesn’t
• SSAS crashes when Process Full follows Process Clear –“you will notice that the SSAS may crash.” .
• Memory dump when you merge partitioned temporal tables .
• Stats updates can get a “corrupted index” message and a disconnect
• Assertion error when you add a database
• Slow performance when Query Store is enabled
• Non-yielding schedulers require a reboot – not the most informative KB article ever. “Assume that you have a Microsoft SQL Server 2016 installed.” .

See KB articles for more information . Download SQL 2016 SP2 CU2 and/or SP1 CU10.

https://support.microsoft.com/en-us/help/4341569/cumulative-update-10-for-sql-server-2016-sp1

End of life for SQL 2008 and 2008 r2 is only a year away

July 14th, 2018

On July 9, 2019, Microsoft will end Extended Support, for SQL Server 2008 and 2008 R2hich means no more updates or support of any kind, potentially leaving you vulnerable to security and compliance issues.
Some considerations:
That is only a year away. So time to start planning and to get it into your 2019 budget.
What applications are affected? With what new SQL version are they compatible?
Will you need to rebuy licenses? The SQL license cost is now core based and it might prove lot higher than last time so take the time to consider all options.
Should any of your applications move to the cloud?
Should you also look at upgrades to Hardware? Windows, Office, Exchange, or Business finance/erp systems in conjunction with SQL?
Is now the time to review your security solutions?
Are you going to expand, or implement heavy new processes like consolidation, budgeting, BI in then next 2-3 years?
Is your mobile network growing?

There are major enhancements at QL 2016 sp1 so we recommend you should not consider any version lower than that. By next year SQL 2017 will also have settled down.

To discuss options callus o 0097143365589

Is your rdp access secure?

July 14th, 2018

A recently released report sponsored by IBM Security and conducted by Ponemon Institute estimated that a data breach costs Companies an average of $148 per lost or stolen record. This was based on interviews regarding meg breaches i.e. more than 1 million records.

According to the McAfee Advanced Threat research team, Cybercriminals are compromising and selling remote desktop protocol (RDP) access on the dark web for as little as $10, Cybercriminals will try to RDP access to: create false flags, spam, account abuse, credential harvesting, extortion, ransomware, and to cryptomine.

If you use RDP network access then you are vulnerable to such attack, which will concern everyone from government to healthcare institutions,

Remote access systems are needed by many organizations to conduct their businesses, McAfee’s research team recommendations:
• Use complicated passwords and two-factor authentication on your RDP, as this will make brute-force attack more difficult to complete
• Do not conduct or allow RDP connections across open internet
• Lock out or timeout users with too many failed login attempts
• Check event logs regularly for strange login attempts
• Use an account-naming convention that doesn’t give away details about your organization
• Make a list of all systems using the network and what protocols they are connected through, including POS systems and Internet of Things (IoT)

The good news is that the research found that security automation tools are doing their stuff.. Machine learning, artificial intelligence, analytics, and orchestration to identify and contain breaches are new tools in the fightback against malware.. Companies that extensively use automatic security tech saved over $1.5 million on the total of a breach, said the release.

Meanwhile

Sharepoint Updates

July 8th, 2018

Idle-Session Timeout Policy
The general availability release of the new Idle-Session Timeout Policy feature, will help businesses to avoid the risk of data leaks and theft.

When devices are left unattended or are shared among multiple users organizations can set timeout thresholds to automatically sign out users when SharePoint Online remains inactive. The Idle-Session Timeout Policy feature is available for both SharePoint Online and OneDrive, ,
Companies that use SharePoint Online tend to keep some sensitive information on the collaboration platform.

Bill Baer, Senior Technical Product Marketing Manager for SharePoint at Microsoft, in a July 2 announcement said:. “Idle session timeout provides [a way for] an Office 365 administrator to configure a threshold at which a user is warned and subsequently signed out of SharePoint or OneDrive after a period of inactivity.”

SharePoint Migration Tool-compatible cmdlets
Administrators can migrating from on-premise to the cloud can now use PowerShell “cmdlets”, or single-function commands, to create, start and add tasks to a migration session, among other actions. The complete list of new SharePoint Migration Tool-compatible cmdlets is available in the online support document.

Page Diagnostics Tool for SharePoint.
SharePoint content renders well on PCs, smartphones and tablets, but some legacy pages can give problems. The Page Diagnostics Tool for SharePoint runs older pages through a set of baseline rules, and e.g. checks for large image sizes, alerts users when it encounters an issue, and points them to a support page to help solve the issue. The Chrome browser extension helps users get to the bottom of performance problems affecting Classic SharePoint pages hosted in SharePoint Online.

Infor Sunsystems 6.3 ask Synergy Software Systems why its time to upgrade.

July 7th, 2018

If you have not yet upgraded to SunSystems 6.3 from Infor it is time to consider what major benefits are available for existing SunSystems clients. Infor has for many years provided ongoing support for a range of SunSystems versions. This has been great for clients to maximise their investment in the solution over extended time frames, but it can cause difficulty when assessing when and why to upgrade to the latest version. This comprehensive, updated financial management system is particularly significant because it not only delivers mnay new features and enhancements but also runs on Infor Xi, the latest and most innovative enterprise technology platform from Infor.

Let’s have a look at the various top level versions in use today:
SunSystems v4 (The current production release is v4.4)
Pros: A proven, self-contained system that operates on minimal IT infrastructure and demands little support and maintenance effort. Continues to be patched and upgraded with new features and Microsoft technology framework compliance.

Cons: Its been around a long time with an aging user interface, some operating limitations on modern technology platforms and is not integrated to the Infor Platform Xi enterprise framework.
SunSystems v5 (The final version is v5.4)
Pros: Still covered under the support framework.
Cons: This version is effectively at end-of-life from an extension point of view. There are no new patches or updates being released, it will not be kept compliant with future versions of Microsoft Windows and SQL Server and it is not possible to purchase additional user licences.

SunSystems v6 (v6.3)
Pros: Significant increase in power and scalability from the original Sun 4.
A complete re-visioning of the system :more agility, flexibility, and control for companies with complex financial management requirements, multi-company operations, multi-currency trading.
Modern user interface stemming from Infor’s in-house user experience and design team, Hook and Loop.
Cons: SunSystems itself and the broader Infor Platform Xi framework demands more computing power and hardware than v4 or v5 did.

Why upgrade now to SunSystems v6.3?
User experience and usability – the screen designs and operation are revised to enhance user experience. Think “apps” on smartphones and tablets that require little or no user training, Infor has a vision of enterprise grade software usability going the same way. Every new release take steps towards that goal using content feeds, visual triggers and graphics to help people navigate rather than menus and options.
SunSystems users can now replace their Favorites menu page with a customizable homepage—available through Infor Ming.le® or directly within SunSystems. Users can also select the graphical content that best reflects their roles and daily tasks with drag-and-drop widgets. Widgets allow users to create links to relevant SunSystems functions, reports, and records, to help speed up routine tasks and navigation

Integrated Document Management Repository – best practice financial management is underpinned by substantiating documents from many sources. The integrated document management repository lets you attach a PDF or other document to the exact transaction or reference data it relates to and to easily find and view that document again at any time. Documents can be searched and retrieved directly from within the web-based IDM application.

External web portal – this new module allows secure access to SunSystems documents to for additional stakeholders to engage electronically with the financial arm of the business. Get your suppliers to upload their own invoices and maintain their own details; let your clients access their own statements and order history, or let your employees access their expenses history. Reduce the number of queries into the finance team and the rekeying of data when external stakeholders could choose to serve themselves.

Automated master data management – for larger companies running multiple sites or business units the administration of managing common reference data between systems and entities can be centralised. Define a primary business unit for your supplier register and any moves/adds/changes/deletes applied to this primary data can be automatically applied to any nominated secondary entities.

Configuration
Infor SunSystems 6.3 consolidates all configuration settings, over 400 of these, into a single web-based console and makes complete control of all aspects within the system much easier.

Performance
Allocate memory capacity in Ledger Import caching, to speed up the process – up to 2 – 3 times faster.
For many processes system’s memory is now dynamically allocated for maximum performance. The caching limits can be set in the Configuration Manager and a task is completed, all allocated memory will be freed immediately. Similar web-enabled enhancements are extended to functions like Transfer Desk, Business Unit Administration, and SunSystems Connect portal.

Currency Rate Type
Multicurrency functionality has always been a key strength of Infor SunSystems. In the 6.3 release, users wcan create different sets of exchange rates for different purposes and have control of when and how they can use a specific rate type. Use one exchange rate that is different from the default monthly rate for a specific collection run. Use a different rate for evaluation than the rate used for day-to-day transactions. These rate types are defined at business unit level.

Withholding tax
Now a core function. SunSystems can now automatically calculate withholding taxes for payment and invoice posting directly from within the core, SunSystems application

Form management
Currently, when users want to make some changes to a form, they need to check out that form, make necessary changes, and check it in again. Sometimes, users check out forms and forget to check them back in again. With SunSystems 6.3, the check-in and check-out process is performed entirely in the background. Users only need to open the form and make amendments using Forms Designer.

For more information contact Synergy Software Systems, your SunSystems U.A.E. partner, supporting clients across MEA for over 20 years, 0097143365589

SQL training in Arabic – free on line course

June 26th, 2018

A free video course presented in Arabic to help you learn about SQL Server 2012. The course covers a number of concepts important to database professionals such as installation, configuration, storage, backup, security and high availability/disaster recovery concepts. Ayman El-Ghazali narrates the course in the Arabic language and demonstrates the skills so you can follow along on your own instance. You can find the videos and more information here.

https://thesqlpro.com/ArabicSQL/

SQL 2016 Servcies packs May 2018

May 31st, 2018

SQL Server 2016 Service Pack 2 came out last month, but Microsoft also just released Service Pack 1 Cumulative Update 9, which has fixes that aren’t in Service Pack 2:
•PFS page round robin algorithm improvement
•Fixed PAGELATCH_EX and PAGELATCH_SH waits in TempDB
•Change tracking is inconsistent during an update on a table with a clustered index
•TDE database goes offline during a log flush

However, they also just released 2016 SP2 CU1! https://support.microsoft.com/en-us/help/4135048/cumulative-update-1-for-sql-server-2016-sp2

Windows 10 April update

May 28th, 2018

The Windows 10 April Update is causing stress for users, with many claiming their PCs were wiped clean after they hit OK on the update prompt.
Windows message boards were bombarded with complaints after users found that the “restart and install” prompt for the Windows 10 update led to a blank screen with a message saying:

C:\WINDOWS\system32\config\systemprofile\Desktop is unavailable. If the location is on this PC, make sure the device or drive is connected or the disc is inserted, and then try again. If the location is on a network, make sure you’re connected to the network or internet, and then try again. If the location still can’t be found, it might have been moved or deleted.

The screen has no icons and a few users were only able to remedy the problem with the help of another PC. The blank desktop issue has reached users across the world but does not appear to have affected a large number of users. If you have already installed the Windows 10 update and had no problems, then you don’t have to worry.

The problem seems to be linked to Avast Antivirus and a specific line of code. Avast released a statement denying any involvement in the issue.
“We have tested this and couldn’t identify any problems affecting Avast Antivirus consumer users specifically. …”We cannot rule out that a small number of Avast users may be having difficulties updating, too, but we don’t see any indications that this is caused by Avast.”

This month, Microsoft Surface users said they had issues with the device following the Windows 10 update. The all-in-one desktop Surface Studio and 2017 Surface Pro models repeatedly froze and disconnected from keyboards and mouses after the update.

•If you have Avast Antivirus, it may be prudent to delete it before installing the new Windows 10 update, as many users have reported losing access to all of their files after the installation.
•If you have been affected by the issue, computer repair shops have released lists of steps you can take to restore your desktop and get your files back.

Optimisation Advisor – boost your Dynamics 365 Finance and Operartions Enterprise performance

May 13th, 2018

The Optimization advisor workspace is a tool that assists power users, business analysts, functional consultants, and IT support functions to identify issues in Dynamics 365 Finance and Operations Enterprise that are related to module configuration and business data. The Optimization advisor suggests best practices for module configuration and identifies business data that is obsolete or incorrect.

If master data isn’t correct (for example, or if you have unit of measure conversions for units that haven’t been defined, or if you have unit of measure conversions that have a division by 0 [zero]), then an optimization opportunity is generated to suggest that you correct the data.

If you have too many batch job history entries, or obsolete items, or closed on-hand entries for warehouse enabled items, and so on, or if those entries and items are too old, then optimization opportunities are generated to suggest that you clean up the data to help improve overall system performance.

The Optimisation advisor works by periodically running a set of best practice rules, using telemetry to analyse business processes, and finding optimisation opportunities. Optimisation opportunities can be company-specific or cross-company, and new rules can be coded to apply per legal entity or to the whole system.

Yet another great feature with Dynamics 365 for more information contact your Dubai partner, Synergy Software Systems 00971 4 3365589

Microsoft Build 2018 – AI, IoT and Edge are changing the world

May 9th, 2018

Microsoft’s annual developer conference, Build, is happening in Seattle.

Expect the products and services that emerge from the conference to have a major impact on all businesses not just those that use Microsoft products.. Azure and Microsoft 365, the announcements made at Build 2018 seem to point to key themes that will impact the enterprise.

By 2020, the average person will generate 1.5GB of data a day, a smart home 50GB and a smart city, a whopping 250 petabytes of data per day. This data presents an enormous opportunity for developers — while also giving them tremendous responsibility. That’s why this morning at Build, we don’t take our jobs lightly in helping to equip these developers with the tools and guidance to change the world. Microsoft CEO Satya Nadella described this new world view, and AI that can power better health care, relieve challenges around basic human needs and create a society that’s more inclusive and accessible.

In the next 10 years, billions of everyday devices will be connected — smart devices that can see, listen, reason, predict and more, without a 24/7 dependence on the cloud. This is the intelligent “Edge”, the interface between the computer and the real world. The Edge combines AI and cloud together to collect and make sense of new information, whether they be on the factory floor or in the operating room or areas to dangerous for humans.

What to expect:

1. AI – all pervasive
Google and facebook are not the only tech firms leveraging artificial intelligence (AI) and machine learning, Microsoft’s declared its mission to “help every developer be an AI developer.” CEO Satya Nadella called it the “era of the intelligent cloud and intelligent edge.” Microsoft announced a new architecture for neural networks, new AI SDKs, new cognitive services, and even AI-powered software development.

The firm also unveiled Windows Machine Learning, which it described in a press release as “a new platform that enables developers to easily develop machine learning models in the intelligent cloud and then deploy them offline and in high performance to the PC platform.”

2.Over the Edge
Microsoft has expanded outside of the office. Building on its efforts in AI, Microsoft launched a host of new edge computing capabilities and Internet of Things (IoT) products for developers to build solutions to support new, automated business processes.

At Build, Microsoft:
- open sourced the Azure IoT Edge Runtime for easier debugging,
- enabled its Custom Vision cognitive service to run on the Azure IoT platform,
- worked with DJI to build a drone SDK for Windows 10 PCs,
- highlighted mixed reality, with two new apps for irst workers to interface with customers and triage problems: Microsoft Remote Assist and Microsoft Layout. Microsoft Remote Assist enables remote collaboration via hands-free video calling, letting firstline workers share what they see with any expert on Microsoft Teams, while staying hands on to solve problems and complete tasks together.
In a similar vein, Microsoft Layout lets workers design spaces in context with mixed reality, using 3D models for creating room layouts with holograms.
- With Qualcomm Technologies Inc., announced a joint effort to create a vision AI dev kit running Azure IoT Edge, for camera-based IoT solutions.
Other advancements include a preview of Project Brainwave, an architecture for deep neural net processing, available on Azure and on the edge. Project Brainwave makes Azure the fastest cloud to run real-time AI today.
. Microsoft is integrating Visual Studio App Center with GitHub for iOS and Android developers to support DevOps process automation,
- Microsoft is also embracing blockchain with the Microsoft Azure Blockchain Workbench, to streamline the process for building blockchain applications.
- Project Kinect for Azure — a package of sensors from Microsoft that contains unmatched time-of-flight depth camera, with onboard compute, in a small, power-efficient form factor — designed for AI on the edge. Project Kinect for Azure brings together this leading hardware technology with Azure AI

3. Microsoft 365 is here to stay

Microsoft 365, the company’s enterprise bundle offering of Office 365, Windows 10, and enterprise mobility and security, was also a focus of Build,
“Microsoft 365 is where the world gets its best work done,” said Joe Belfiore, corporate vice president of Microsoft,. “With 135 million commercial monthly active users of Office 365 and nearly 700 million Windows 10 connected devices, Microsoft 365 helps developers reach people how and where they work.”

The Microsoft 365 offering, is boosted by:
- new support for Power BI Visualizations in Excel,
- Microsoft Teams APIs in the Microsoft Graph,
- Fluent Design System updates, .
- NET Core 3.0, and Azure Machine Learning and JavaScript custom functions for Excel.

TSB upgrade – what lessons are there to learn?.

May 5th, 2018

By now most of us have heard about the catastrophic attempt by the Spanish-owned TSB to introduce a new IT platform for their UK customers.
As my first mortgage was with the TSB many years ago, and I was also in the U.K. when the story broke I took a little more interest.

TSB, (Trustee Savings Bank), merged with and was spun out of Lloyds Bank after the EU ruled that it was a monopoly, because of the state aid it had received at the time of the banking crisis. TSB used Lloyds IT at a cost of about £220 million a year, but later moved to the Proteo platform, also used by its new owners, Sabadell. The Proteo system design goes back to 2000 and was specifically for mergers, and was used for successful integration of the four Spanish banks.

Proteo is based on Accenture’s Cobol-based Alnova system, and is customized, installed and managed by TSBs staff and runs on Amazon Cloud.

At the launch of Proteo4UK, Paul Pester, CEO of TSB, boasted that they had “created a more digital, agile and flexible TSB”. Carlos Abarca, the CIO, agreed, “It’s the technology journey that we are on together with our customers!” Similar ‘digital transformation’ good news messages from cloud providers are all too familiar.

This was to be “customer-centric by design” platform to “enable the open banking revolution”.

Well there was a revolution alright – from the locking nearly two million banking customers out of their accounts for up to ten days.

This was over a month-end, when businesses rely more heavily on access to their accounts.

TSB turned to IBM, to help get the system under control and “to help identify and resolve performance issues in the platform”. This included customers : experiencing zero balances, incorrect currencies, massively inflated mortgage amounts, and e-mails saying that there are no records of recent direct debits. IBank customers puzzled over on-screen messages, such as: ‘BeanCreationNotAllowedException exception: Error creating bean with name ‘contextManagerPostController’: Singleton bean creation not allowed while the singletons of this factory are in destruction (Do not request a bean from a BeanFactory in a destroy method implementation!)’

Customers who tried to make transfers got errors like: ‘ArrayIndexOutofBounds’ and java.lang.NullPointer and some Branches reported the systems spewing out error messages in Spanish. When I travelled back form U.K. early May, problems with internet banking wee still being reported by customers.

Instead of saving TSB over £100 million a year, this has greatly reduced public confidence in the bank but also in other banks and other financial services on the cloud generally. TSB are likely to be fined by the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO), which is the last thing they need to get things sorted – the loss in reputation alone is huge.

Supporters of Peter Pester believe he is being scapegoated for tech disaster:
• Allies said he has been ‘betrayed’ by a ‘bunch of Spanish numpties’
• Software that caused the problems was installed by Sabadell’s technology offshoot, Sabis
• Regulators could put TSB under a Section 166 probe – a formal investigation by an independent expert

What are the lessons?
Well, the first is not to claim success until the job is done. ( A damning report on the Guardian website suggests there were plenty of warning signs, up to a year before this all happened. Quoting an anonymous insider, the report explains how a mixture of poor technical and business decisions led to the eventual crises TSB finds itself in today.)

Which leads to the second lesson- bearers of bad news may have appoint to consider and is a hint at least the challenge needs more attention.

It seems Sabadell, the company that bought TSB, was warned about the high risk of its migration plans, which were seen by some as having too short a deadline and not big enough a budget. But Sabadell was not to be discouraged, and it pressed ahead with its plans, confident that it could successfully transfer TSB customers to its own Proteo software, as it had done with other customers in the past.

If you are doing some thing big and complicated consider the worst case and what that means for: insurance, contingency plans, contractual and legal protection, (so far none of the original contractors on the TSB redesign and upgrade have acknowledged any culpability) and PR mitigation:

PR week called it the flop of the month …….. and recipe for reputational disaster. Pester is well respected in the industry, but took too long to accept responsibility, was too quick to assume the problem was over, and too slow to appease customers. Easy to say from an armchair in Dubai but why do corporate leaders fail to heed the lessons of the past and to recognise the potential for disaster and that that when disaster arrives the only way to avoid reputational damage is to offer maximum compensation and care and to call in reinforcements asap.
Sabis is understood to have given TSB a written assurance that the parts of the system for which they were responsible had been comprehensively tested- maybe TSB needed to be more involved in those tests.

Total meltdown – patch now and revisit patches mnay are bugged

April 27th, 2018

A person known as XPN, whose blog lists identifies as a hacker and infosec researcher, posted details of a working exploit that takes advantage of Total Meltdown on Monday. The source code for Total Meltdown, a vulnerability created when Microsoft tried to patch the initial Meltdown flaw, is available on GitHub.

XPN describes Total Meltdown as a “pretty awesome” vulnerability in that it allows “any process to access and modify page table entries.”

XPN also noted that the goal was to create an exploit that could “elevate privileges during an assessment,” but it was only to help other people understand the exploitation technique, not to create a read-to-use attack.

Total Meltdown was originally created from a botched patch Microsoft issued for the original Meltdown flaw–of the Spectre/Meltdown vulnerabilities reported earlier.

Whereas the original Meltdown flaw was read-only, Total Meltdown also provides write access. This only affects 64-bit versions of Win7 and Server 2008 R2.

See the Woody on Windows column in Computerworld, https://www.computerworld.com/article/3269003/microsoft-windows/heads-up-total-meltdown-exploit-code-now-available-on-github.
There have been a series of flawed patches and its not pretty reading so take tiem to check out the article in full.

To tell if you’re protected from Total Meltdown, you’ll have to check your patch history. If you have no patches from 2018, you should be good, according to Woody on Windows. If you do have patches, KB 4100480, 4093108, or 4093118 installed, you should also be protected. Without those, Woody on Windows noted, you’ll need to rollback your machine, manually install KB 4093108, or use “Windows Update to install all of the checked April Windows patches.”

However there is lot more cautionary advice to read.

Drupal CMS critical bug

April 2nd, 2018

The team behind the popular open-source CMS Drupal is urging admins to update their sites to ward off a nasty bug that could leave their sites “highly compromised” to attackers, according to the organization.

The effected versions (Drupal i 6, 7 and 8) of the CMS power over one million websites on the internet.

Drupal has marked the security risk as “highly critical” and warns that any visitor to the site could theoretically hack it through remote code execution due to a missing input validation.

“This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised,”