Archive for September, 2012

Microsoft Dynamics is awesome!

September 30th, 2012

Viral videos seems to be the in marketing trend,

Hardly politically correct  - this parody of implemenring SAP does touch a  few nerves and some important things to consider whichever erp system you adopt:Hitler implements SAP (the real reason for the 3rd Reich’s downfall)- http://www.youtube.com/watch?NR=1&feature=endscreen&v=nYli9aHqhFI

Microsoft of late has also gone in for an upeat, humorous style  perhaps indicating increased confidence as the Dynamics solutions have steadily leveraged the Microsoft technology stack and found their place, and the marketing strategies have matured,  for example: Dynamic Business  http://www.youtube.com/watch?v=iO8HZLR8-G4

Dynamics Ax for Utility Billing

September 30th, 2012

We have implemented utility billing solutions in Dynamics Ax  for both a local district cooling provider and also for the Fujeirah Government for sewerage billing.  Recently we successfully upgraded the Fujeriah system from Ax Version 3.  Here are the project team during go live:

TAGpedia – coming soon

September 30th, 2012

TAGpedia, an online encyclopaedia will increase the amount of Arabic content on the Web, and is scheduled to launch in December with about 500,000 articles. Talal Abu-Ghazaleh, TAG-Org chairman and CEO, said: “The target is to have the largest databank of Arab content ever.” The encyclopaedia will be similar in format to Wikipedia,

 Currently, only 2% of all Web content is in Arabic, although Arabic speakers account for 5% of global Internet users, according to Google.  In the Middle East, there are an estimated 78.62m Internet users, a number that grew by 2,293% between 2000 and 2011, according to internetworldstats.com. About 65% of Arabs using the Internet surf the web in Arabic and look for Arabic content.

SQL Server 2012 SP1 CTP4 is released

September 30th, 2012

SQL Server 2012 SP1 CTP4

  • AlwaysOn Availability Group OS Upgrade: With the release of SQL Server 2012 RTM the operating system upgrade story for AlwaysOn customers without taking significant downtime to perform a data migration does not exist. Windows Server 2008 and Windows Server 2008 R2 do not support an upgrade of clustered servers from previous versions, because of incompatibilities between the cluster versions. SQL Server 2012 SP1 provides a compatibility solution to do Availability Group migration from a lower version of Windows Cluster to a higher version of Windows Cluster. It can help when upgrading Windows Cluster operating systems.
  • Selective XML Index Performance Update: Selective XML Index solves a longstanding  performance issue by allowing users to promote certain paths from their XML documents that will be indexed. The update introduces a new type of XML index to SQL Server in addition to Primary XML Index (PXI). The new indexing will improve querying performance over data stored as XML in SQL Server, thus allow for much faster indexing of large XML data workloads and improve on scalability by reducing storage costs of the index itself.
  • SSMS Complete in Express: SQL Server 2012 SP1 Express Editions (SQL Server Express With Tools, SQL Server Express COMP, SQL Server Express with Advanced Services and SQL Server Management Studio Express) will now ship the SSMS feature with functionalities that existed with the SSMS from Full Editions of SQL Server.
  • SlipStream Full installation: The SlipStream deployment/packaging capability provides  a pre-built “Slipstream image” consisting of a compressed self-extracting .exe and a ‘.box’ payload file that contains a SQL Server 2012 RTM image (Setup.exe, MSI’s, etc.) along with the most recent Service Pack. Previously this capability was only provided with the Express SP packages. As with Express Slipstream, users can exercise the .exe just as they would Setup.exe.
  •  SQL Server 2012 SP1 CTP4 also contains a number of security updates and fixes released in SQL Server 2012 CU1 & CU2.

For a complete list of changes in SQL Server 2012 SP1 CTP4 read the What’s new document and KB article 2674317.

Passwords -Beware!

September 30th, 2012

Beware: The next time you get an email from privacy@microsoft.com in your inbox, just click Delete.

You’re likely to be the target of a phishing scam designed to steal Gmail, Yahoo, Windows Live and AOL passwords, according to Naked Security, a blog by IT security firm Sophos.

The emails are Titled, “Microsoft Windows Update,” and urges recipients to verify their email accounts by entering personal login information.

Dear Windows User,

It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.

This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click in the Verify button below and enter your login information on the following page to Confirm your records.

VERIFY

Thank you,
Microsoft Windows Team.

While the hoax is pretty slick, eagle-eye Internet users will notice odd instances of capitalization and grammar that betray the email’s insidious intentions.Clicking on the “verify” link leads you to a third-party website that purports to be Microsoft.com, but  isn’t , . Here, users are warned that their computers are out-of-date and at high risk; they are then “required” to select one of four email providers and enter their username and password. Naturally, this information is sent directly to the scammers — putting recipients at risk of online identity theft.

Meanwhile last week the world’s largest professional organization for computer engineers exposed user names, plaintext passwords, and website activity for almost 100,000 of its members, some of whom are employees of Apple, Google, IBM, and other large companies.

 The exposure provides outsiders with a candid view of the password choices of some of the world’s most influential software and hardware engineers. Many Internet users employ the same or a similar password for multiple accounts, with the average person using just 6.5 passcodes to access 25 separate accounts, according to one study.

 Dragusin anlysis revealed that  a statistically significant sample of the exposed passwords are so overused that those typically take less than a second to be cracked by freely available programs such as Hashcat and John the Ripper. The password “123456″ (minus the quotes) was used 271 times, while “ieee2012″, “12345678″, “123456789″, and “password” were used 270, 246, 222, and 109 times respectively. Domain names in some of the exposed e-mail addresses included uspto.gov and ieee.org, among others.

Dynamics 2012 Training in Dubai with Synergy Software Systems

September 29th, 2012

Dynamics Ax 2012 Technical Training for Roshan (Afghanistan)

An intensive week training was arranged at Microsoft’s request at Synergy’s offices in Dubai this week.

“Very knowledgeable trainer and very much informative training was provided”

“I personally liked the training and learned very important things in Dynamics Ax 2012″

“Excellent training very knowledgeable instructor very imformative “

Infor SunSystems: Support for Microsoft SQL

September 27th, 2012

Infor has announced support and compliance of the following Infor SunSystems versions with Microsoft SQL Server 2012.

This support statement will enable customers to migrate to the latest release of Microsoft SQL Server, which is now, in many territories, the default available version from hardware suppliers.

  • Infor SunSystems 4 version 4.4 (Patch Set 6)
  • Infor SunSystems version 6.1 (Patch Set 11)

Mindjet news- simpler more powerful more available

September 26th, 2012

Last year we launched our Collaborative Work Management software, designed to close this gap by bridging ideas and execution. This combination of products dramatically improved how people worked together, accomplished goals and managed their productivity. It was a big hit. And just this week, you made us the Stevies “People’s Choice” winner in the collaboration software category. Thank you.

Because of your feedback, we’ve been busy delivering products that extend our capabilities to mobile devices, on-premise solutions and multiple platforms. While these extensions have succeeded in adding even more value, there is such a thing as having too much of a good thing.

You’ve told us that you want a simpler, more powerful, more available solution – and we’ve listened.

Today, everything we’ve worked on comes together. Moving forward, all of our products (Mindjet Connect, MindManager and Mobile) are integrated into one offering, simply called Mindjet. The latest Mindjet is at one price. Available on virtually every platform and device.

The new Mindjet also includes features such as advanced project budgeting and planning within maps, task syncing to our cloud as well as on premise software, and custom workspace design to place favourite commands in a personalised home tab. It’s the most powerful, useful and accessible Mindjet to date.

You can upgrade or learn more about the new Mindjet offering, including our latest desktop version,. If you are a Mac user please look out for a special offer coming soon.

Our company was founded on one idea. That idea was you. We create products so that you can build up on your best ideas to become more successful. Our goal has always been to deliver upon that promise.

To do this we need your continued support. Let us know how we are doing. Together we can build a great future with even more exciting news to come.

Sincerely,
Scott Raskin
CEO

The new Mindjet

As of September 20th, 2012, MindManager for Windows and Mac, as well as Mindjet Connect and Mindjet Connect SP editing capabilities, are  part of an integrated subscription simply called “Mindjet“. Mindjet is sold via subscription so that customers will always have the most current version of Mindjet software and automatically receive a continuous flow of improvements.

For a limited time, current MindManager customers can buy both the latest version of our desktop software and a full Mindjet subscription, all at one low upgrade price.

Mindjet includes:
  • Mindjet for Windows (v11), which replaces MindManager 2012)
  • Mindjet for Mac (v10), which replaces MindManager v9 for Mac)
  • Mindjet web (formerly Mindjet Connect and Connect SP editor)
  • Note: to use Mindjet web capabilities in SharePoint environments requires Mindjet on-premise (formerly called Connect SP server)
  • Connectivity with Mindjet mobile apps via Mindjet web.
  • Note: To use Connect SP editing capabilities you need to have the Mindjet on-premise server application (purchased separately).

Ask Synergy Software Systems, Dubai about PowerPivot for SharePoint:

September 25th, 2012

A new architecture for SQL Server 2012 SP1 CTP4 PowerPivot that supports a PowerPivot server outside a SharePoint 2013 farm. The new architecture leverages Excel Services for querying, loading, refreshing, and saving data.

The PowerPivot server can still be installed on a server that also hosts SharePoint servers but it is not required. The new architecture is available when you deploy a new PowerPivot server with the slipstream version of SP1. The new architecture  is not available when you deploy the patch version of SP1 onto an existing PowerPivot.

SQL Server 2012 SP1 CTP4 introduces new features for Analysis Services running in Tabular mode, including optimized storage for measures and KPIs, extended data categorizations, extended characters, hierarchy annotation, and improved support when importing from Data Market data feeds. In some cases, Tabular model projects being deployed may not be compatible with an Analysis Services deployment server instance. With SP1 applied, you can specify Compatibility Level when creating new Tabular model projects, when upgrading existing Tabular model projects, when upgrading existing deployed Tabular model databases, or when importing PowerPivot workbook.

You can access a tabular model from within SharePoint using a new type of connection object called a BI semantic connection. A BI semantic connection provides an HTTP endpoint to Analysis Services databases that are deployed on a standalone server, or to an Excel workbook containing PowerPivot data in a SharePoint farm that includes PowerPivot for SharePoint. A BI semantic connection file is a SharePoint content item that specifies the server location of a model database, similar to how Office Data Connection (.odc) files store connection information to external data. Within a SharePoint environment, a BI semantic connection is a supported data source for Power View reports that you design and use in SharePoint. You can also use a BI semantic connection as a data source for PivotTables in Exce

You can now import PowerPivot in Excel 2013 workbooks into new Tabular model projects created in SQL Server Data Tools or directly in SQL Server Management Tools.

Oracle password vulnerability

September 23rd, 2012

A researcher warned that a weakness in an Oracle login system—used in the company’s databases which grant access to sensitive information—makes it trivial for attackers to crack user passwords and gain entry without authorization, Tthe problem stems from a session key the Oracle Database 11g Releases 1 and 2 sends to users each time they attempt to log on, according to Threatpost. The key leaks information about a cryptographic hash used to obscure the plaintext password. The hash, in turn, can be cracked using off-the-shelf hardware, free software, and a variety of attack methods that have grown increasingly powerful over the past decade. Proof-of-concept code exploiting the weakness can crack an eight-character alphabetic password in about five hours using standard CPUs.

Oracle engineers  corrected the problem in Oracle Database version 12 of the authentication protocol, but apparently they have no plans to fix it in version 11.1,  Even in version 12, the vulnerability isn’t removed until an administrator changes the configuration of a server to use only the new version of the authentication system. There are no overt signs when an outsider has targeted the weakness, the session key is sent whenever a remote user sends a few network packets or uses standard Oracle desktop software to contact the database server. All an attacker needs is a valid username on the system and a rudimentary background in password cracking.

The best way to prevent attacks that exploit the vulnerability is to install the patch and make the necessary configuration changes. Even those who continue to use vulnerable systems can take precautions that will go a long way. Passwords for all users should be randomly generated and contain a minimum of nine characters, although 13 or even 20 characters is better. The strategy here is to create a passcode that will take months or years to crack using brute-force methods, which systematically guess every possible combination of letters, numbers, and symbols.

New Poison Ivy attack on IE – critical patch released

September 23rd, 2012

Redmond on late Monday   urged users to download the Enhanced Mitigation Experience Toolkit if they are using IE version 6 through 9.  IE 10, which is set to debut with the new Windows  8 operating system, is not affected.

Microsoft is aware of targeted attacks that attempt to exploit this vulnerability. A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated,” Microsoft said in its advisory.

“The vulnerability may corrupt memory  in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site.”

 French security Web site ZATAZ.com reveals the exploit was discovered when analyzing a batch of files hosted on one of the servers the Nitro gang used to distribute attacks that exploited the Java vulnerability..html and Flash files were used to identify proper targets (Windows XP systems running IE 7 and 8) and use a common technique called a ‘heap spray’ to lay the groundwork for a successful iFrame attack against the systems that exploited the vulnerability and used it to install a malicious program, 111.exe. That malware  has been identified as a new variant of the Poison Ivy Trojan horse program,

If Microsoft, issues a snap fix then it means the threat is serious and you should patch immediately,

“Patch Tuesday was designed to introduce the least amount of disruptions, so to break that cycle it means Microsoft thinks is a very real and serious threat where somebody can do damage. Microsoft is moving aggressively to halt the damage

 When you have a complex product there’s always a chance that somebody is going to discover a hole. The process should be that you fix the hole before somebody exploits it. One of Microsoft’s strengths is to respond so quickly to the threat. Not only will there be a patch, Microsoft will also attempt to identify the attacker and get him locked up.

Cloud overload?

September 19th, 2012

IT management is increasingly complex and embraces many aspects: hardware, software, services, security, policies and compliance , back ups, storage , data amangemetn and retention policies, etc.  As companeis grows so  their IT workload grows and diversifies often this is incremental and ad hoc. A move to the cloud may  involve considering all of these aspects and there are various options e.g.: 

  •  Software as a service ‘SaaS’
  • security-as-a-service
  • testing-as-a-service,
  • as platform-as-a-service
  • infrastructure-as-a-service.

Specific  services include: storage, database, information, process, integration, security, management/governance, and testing.

Broader  services include: application, platform, and infrastructure.

 as companies adopt the cloud businesses need to rethink how they will manage their  IT resources  and the taks they undertake which amy already be too numerous and complex deal with ad hoc.

The number of cloud services used will  grow. Some services are  easy to track, and many companies may use hundreds or even thousands of services e.g Google apps, or social media, or apps store services such a s payment gateways. IT staff   approach what cloud guru David Linthicum  calls a tipping point where the number of services exceeds IT’s ability to manage those..

Companies have to manage these cloud services with appropriate tools  e.g. to monitor usage, uptime, security, governance, and compliance with SLAs. It is best to consider these requirmenents efore adopting cloud services. otherwise you have retrofit cloud services management strategy and technology.

What’s an IT manager to do? David Linthicum advises:

First, create a management strategy. Each business uses cloud computing services differently and so requires different approaches. You must define the features of cloud service management, including monitoring, use-based accounting, and autoprovisioning.

Second, pick one or more technologies that can help meet the services-management objectives defined in your strategy. Many tools are available, either on-premises and cloud-delivered. Map out a path for implementing that technology, being very careful not to break legacy systems. .

Finally, consider how all of this will scale. As you expand the use of cloud computing, you will have more services to deal with, so you’ll discover more tipping points. The ability to use and manage thousands of cloud services from hundreds of cloud providers is the end-game. Prepare for it now.

Switching to a cloud service isn’t just about swapping one technology for another, it’s about changing a way an organisation operates. For example, a bespoke IT system will cater for the idiosyncratic needs of an organisation, whereas a cloud service is a generic system built for the needs of a mass market.

Dr Mark Thompson, lecturer in Information Systems at Cambridge Judge Business School and ICT Futures advisor to the Cabinet Office warned: “The cloud environment isn’t ready to provide a lot of features of functions that we’ve come to accept.It’s useless unless we’ve got a grip of our business models and architecture, and data architecture underlying that, to understand whether we should be using this stuff in the first place.”

Before government bodies can replace IT systems built and maintained by suppliers with off-the-shelf generic cloud services they will likely have to carry out a detailed assessment of organisational structure followed by significant restructuring.

Cloud’s commodity nature isn’t suited to delivering every type of service. Technology is a small proportion of the process and the cost of change management, of process reengineering may be high.

Ask yourself :

 ‘What’s the benefit – why change? ?’,

 ‘What’s your clarity about where you’re going ?’

“Are you prepared to make those difficult decisions to get to that end point?’.”

Even once an organisation is decided the ‘cloud’ is the right fit for a particular task and restructured accordingly, there’s still some tricky technical issues to be sorted out – e.g. dealing with porting problems, complexity and consistency between the old and the new environment.

Organsiations will still invest in the switch to cloud services, given the long term savings on offer butsensibel planning and strategy is needed or the transiton will be be long and difficult.

Dr Mark Thompson, lecturer in Information Systems at Cambridge Judge Business School and ICT Futures advisor to the Cabinet Office, said while the government’s cloud strategy is “a great step in the right direction, however it’s not the answer”.Thompson said the whole idea of a “G-cloud” or “CloudStore” of services just for government is contrary to the unspecialised nature of cloud services. Cloud …means utility, we do stuff the same as everyone else therefore we can just consume it. Putting G in front of it means we’re going to do everything the same way but we’re going to have a little enclave for government. A government enclave within cloud. [Being] special and not special literally doesn’t make sense. It’s a great step on the way forward, it’s highly valuable. It’s a beacon for the future in government procurement but it’s not the same as the relentless commoditisation [I'm referring to] when I’m talking about cloud.”

Synergy goes live with Dynamics Ax in Oman

September 18th, 2012

Further  to succesful go lives earlier this year in Abu Dhabi, KSA, and Dubai  and support for UK and Ghana implementations,  we have just successfuly completed the second phase for supply chain and production  go live at a new factory in OMAN in line with the factory commissioning schedule. The project team photograph:  – Synergy members can be identifed by the new Synergy T shirts .

OFAC’s Guidance On Software Exports To Iran

September 18th, 2012

Earlier this year , the U.S. Department of the Treasury’s Office of Foreign Assets Control issued interpretive guidance and a new licensing policy regarding its rule authorizing the export to Iran of certain services and software incident to the exchange of personal communications over the Internet.

 The new guidance makes explicit that certain free services and software for personal communications, data storage and browsers are within the scope of the general license. OFAC will grant licenses on a case-by-case basis for similar paid products not covered by the existing authorization.

In March 2010, OFAC published a rule authorizing exports to Iran, Cuba and Sudan of certain services “incident to the exchange of personal communications over the Internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging.” The rule also authorized the export — to Iran and Sudan, but not Cuba — of software necessary to enable the services listed above, as long as the software was classified as EAR99 or ECCN 5D992 mass market software, or not subject to the Export Administration Regulations.

The general license was subject to several restrictions, including a requirement that the services and software must be publicly available for free. OFAC issued this rule to implement U.S. foreign policy that encouraged the free download to Iran of mass market software necessary for the exchange of personal communications and sharing of information over the Internet.

 OFAC therefore  issued interpretive guidance on the scope of the personal communications services and software license. Below is a nonexhaustive list of products that OFAC has determined are within the scope of the authorization (subject to the restrictions in the rule), with examples in parentheses:

  • personal communications (e.g., Yahoo! Messenger, Google Talk, Microsoft Live, Skype (nonfee-based));
  • updates to personal communications software;
  • personal data storage (e.g., Dropbox);
  • browsers/updates (e.g., Google Chrome, Firefox, Internet Explorer);
  • plug-ins (e.g., Flashplayer, Shockwave, Java);
  • document readers (e.g., Acrobat Readers);
  • free mobile apps related to personal communications; and
  • RSS feed readers and aggregators (e.g., Google Feed Burner).

OFAC’s guidance makes clear that free Voice over Internet Protocol services and software are covered, along with other common Internet communications tools, and may be exported license-free to Iran under the rule. Despite the continued tightening of U.S. sanctions against Iran, OFAC issued this guidance to “ensure that the sanctions on Iran do not have an unintended chilling effect on the ability of companies to provide personal communications tools to individuals in that country.”

OFAC announced a favorable licensing policy for services and software including Web hosting, online advertising, fee-based mobile apps, and fee-based Internet communications services. OFAC expressly noted Skype Credit and Google Talk in the last category.

However, we understand that these OFAC licenses will generally include a restriction on dealing with designated Iranian banks. This restriction may limit the utility of such licenses as they are designed to allow exports to individual Iranians, who are not likely to maintain accounts at third-country banks.

 OFAC’s guidance and statement of licensing policy applies only to its Iran sanctions program, while its original rule applied to Cuba and Sudan as well. .

Exports to Iran that are licensed by OFAC do not require separate authorization from the U.S. Department of Commerce’s Bureau of Industry and Security under Section 746.7 of the EAR.

Second, Internet-based personal communication is one of the very few areas in which the U.S. government currently encourages exports to Iran. In the context of ever-tightening economic sanctions against Iran, OFAC presumably issued this guidance and licensing policy in an effort to promote the free flow of information to Iranian citizens through the export of Internet-based services and software and its action is consistent with U.S. foreign policy with respect to Iran.

 OFAC’s licensing policy is consistent with the U.S. State Department’s current approach to Internet freedom as a foreign policy tool.

iTunes massive patch but worry about old Java installations.

September 18th, 2012

To fix 163 issues a massive patch was recently published  to WebKit, an open source technology for rendering HTML used by iTunes and many other applications, including Safari, Google’s Chrome, and Yahoo Messenger.

The major incidents that have impacted users of the Mac OS X operating system target vulnerabilities in the Java platform.  The good news is Qualys did not find any issues that seemed particularly critical. 

The latest security update moves iTunes to version 10.7. The company announced on Wednesday that in October it would update the program with user interface changes to put the content front and center.

The most exploited attack vectors,areoutdated PDF readers and old Java installations.

Recent attacksfocused on exploiting Javae,g this month, , Oracle rushed out a patch to fix a flaw in the Java runtime environment that allows an attacker to take control of a Windows, Mac, or Linux system with no actions on the part of the user, aside from visiting a website with a Java-enabled browser. Earlier this year, the Flashback trojan infected some 600,000 Mac OS X systems using a vulnerability in Java.