Is SAP Searching In The Clouds?

Esoteric business software maker, which no one is really certain what it does, SAP is debating whether to accelerate moving more of its business to the cloud.

The move would be a change in strategy which might initially have only a small impact on its sales. Co-chief executive Jim Hagemann-Snabe said the change would generate more sales by 2017 particularly in markets like the US where there is a big push onto the cloud.

Talking to a Morgan Stanley investor conference this morning, Hagemann-Snabe said that this would have impact on the 2015 level, I don’t expect enormous impact but it would have some impact because you are delaying some revenues. In the long term however it makes a lot of sense, which is not the sort of thing people expect from SAP.

Source

SAP To Stop Offering SME

The maker of expensive esoteric software which no-one is really sure what it does, SAP has decided to pull the plug on its offering for small businesses. Business weekly Wirtschaftswoche said SAP would stop the development of a software dubbed Business By Design, although existing customers will be able to continue to use it.

SAP insists that development capacity for Business By Design was being reduced, but that the product was not being shut down. Business by Design was launched in 2010 and was supposed to generate $1 billion of revenue. The product, which cost roughly 3 billion euros to develop, currently has only 785 customers and is expected to generate no more than 23 million euros in sales this year.

The Wirtschaftswoche report said that ever since the SAP product’s launch, customers had complained about technical issues and the slow speed of the software.

Source

Oracle Goes After SAP’s HANA

Oracle has upped its game in its fight against SAP HANA, having added in-memory processing to its Oracle 12c database management system, which it claims will speed up queries by 100 times.

Oracle CEO Larry Ellison revealed the update on Sunday evening during his opening keynote at the Oracle Openworld show in San Francisco.

The in-memory option for Oracle Database 12c is designed to ramp up the speeds of data queries – and will also give Oracle a new weapon in the fight against SAP’s rival HANA in-memory system.

“When you put data in memory, one of the reasons you do that is to make the system go faster,” Ellison said. “It will make queries go faster, 100 times faster. You can load the same data into the identical machines, and it’s 100 times faster, you get results at the speed of thought.”

Ellison was keen to allay concerns that these faster query times would have a negative impact on transactions.

“We didn’t want to make transactions go slower with adding and changing data in the database. We figured out a way to speed up query processing and at least double your transaction processing rates,” he said.

In traditional databases, data is stored in rows, for example a row of sales orders, Ellison explained. These types of row format databases were designed to operate at high speeds when processing a few rows that each contain lots of columns. More recently, a new format was proposed to store data in columns rather than rows to speed up query processing.

Oracle plans to store the data in both formats simultaneously, according to Ellison, so transactions run faster in the row format and analytics run faster in column format.

“We can process data at ungodly speeds,” Ellison claimed. As evidence of this, Oracle demoed the technology, showing seven billion rows could be queried per second via in-memory compared to five million rows per second in a traditional database.

The new approach also allows database administrators to speed up their workloads by removing the requirement for analytics indexes.

“If you create a table in Oracle today, you create the table but also decide which columns of the table you’ll create indexes for,” Ellison explained. “We’re replacing the analytics indexes with the in-memory option. Let’s get rid of analytic indexes and replace them with the column store.”

Ellison added that firms can choose to have just part of the database for in-memory querying. “Hot data can be in DRAM, you can have some in flash, some on disk,” he noted. “Data automatically migrates from disk into flash into DRAM based on your access patterns. You only have to pay by capacity at the cost of disk.”

Firms wanting to take advantage of this new in-memory option can do so straightaway, according to Ellison, with no need for changes to functions, no loading or reloading of data, and no data migration. Costs were not disclosed.

And for those firms keen to rush out and invest in new hardware to take advantage of this new in-memory option, Ellison took the wraps off the M6-32, dubbed the Big Memory Machine. According to Ellison, the M6-32 has twice the memory, can process data much faster and costs less than a third of IBM’s biggest comparable machine, making it ideal for in-memory databases.

Source

Cyber Attacks Increasing In Middle East

Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.

More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.

“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.

He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.

“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.

DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.

The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.

Beek described SEA as similar to Anonymous.

“There’s a group leading operations, with a support group of other people that can help,” said Beek.

McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.

Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.

“It’s where the wealth and critical infrastructure is concentrated,” he said.

The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.

“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”

Source

Chinese Hackers Go After Dissidents

The “Comment Crew,” a group of China-based hackers whose outing earlier this year in major media outlets caused a conflict with the U.S., have resumed their attacks against dissidents.

FireEye, a security vendor that specializes in trying to stop sophisticated attacks, has noticed attackers using a fresh set of tools and evasion techniques against some of its newer clients, which it can’t name. But Rob Rachwald, director of market research for FireEye, said in an interview Monday that those clients include an organization in Taiwan and others involved in dissident activity.

The Comment Crew was known for many years by security analysts, but its attacks on The New York Times, described in an extensive report in February from vendor Mandiant, thrust them into an uncomfortable spotlight, causing tense relations between the U.S. and China.

Rachwald said it is difficult to determine if the organizations being targeted now were targeted by the Comment Crew previously, but FireEye said last month that the group didn’t appear to be hitting organizations they had compromised before.

Organizations opposing Chinese government policies have frequently been targeted by hackers in what are believed to be politically motivated surveillance operations.

The Comment Crew laid low for about four months following the report, but emerging clues indicate they haven’t gone away and in fact have undertaken a major re-engineering effort to continue spying. The media attention “didn’t stop them, but it clearly did something to dramatically alter their operations,” Rachwald said in an interview.

“If you look at it from a chronological perspective, this malware hasn’t been touched for about 18 months or so,” he said. “Suddenly, they took it off the market and started overhauling it fairly dramatically.”

FireEye researchers Ned Moran and Nart Villeneuve described the new techniques on Monday on FireEye’s blog.

Two malware samples, called Aumlib and Ixeshe, had been used by the Comment Crew but not updated since 2011. Both malware programs have now been altered to change the appearance of their network traffic, Rachwald said.

Many vendors use intrusion detection systems to spot how malware sends data back to an attacker, which helps determine if a network has been compromised. Altering the method and format for how the data is sent can trick those systems into thinking everything is fine.

In another improvement, encryption is now employed to mask certain components of the programs’ networking communication, Rachwald said. The malware programs themselves, which are designed to steal data and log keystrokes, are basically the same.

Mandiant’s report traced the hacking activity to a specific Chinese military unit called “61398.” The company alleged that it waged a seven-year hacking spree that compromised 141 organizations.

Rachwald said it is strongly believed the Comment Crew is behind the new attacks given its previous use of Aumlib and Ixeshe. But the group has also re-engineered its attack infrastructure so much over the last few months that it is difficult to say for sure.

Source

Oracle Issues Massive Security Update

Oracle has issued its critical patch update advisory for July, plugging a total of 89 security holes across its product portfolio.

The fixes focus mainly on remotely exploitable vulnerabilities in four widely used products, with 27 fixes issued for the Oracle Database, Fusion Middleware, the Oracle and Sun Systems Product Suite and the MySQL database.

Out of the 89 security fixes included with this update, the firm said six are for Oracle Database, with one of the vulnerabilities being remotely exploitable without authentication.

Oracle revealed that the highest CVSS Base Score for these database vulnerabilities is 9.0, a score related to vulnerability CVE-2013-3751, which affects the XML Parser on Oracle Database 11.2.0.2 and 11.2.0.3.

A further 21 patched vulnerabilities listed in Oracle’s Critical Patch Update are for Oracle Fusion Middleware; 16 of these vulnerabilities are remotely exploitable without authentication, with the highest CVSS Base Score being 7.5.

As for the Oracle and Sun Systems Products Suite, these products received a total of 16 security fixes, eight of which were also remotely exploitable without authentication, with a maximum CVSS Base Score of 7.8.

“As usual, Oracle recommends that customers apply this Critical Patch Update as soon as possible,” Oracle’s director of Oracle Software Security Assurance Eric Maurice wrote in a blog post.

Craig Young, a security researcher at Tripwire commented on the Oracle patch, saying the “drumbeat of critical patches” is more than alarming because the vulnerabilities are frequently reported by third parties who presumably do not have access to full source code.

“It’s also noteworthy that […] every Oracle CPU release this year has plugged dozens of vulnerabilities,” he added. “By my count, Oracle has already acknowledged and fixed 343 security issues in 2013. In case there was any doubt, this should be a big red flag to end users that Oracle’s security practices are simply not working.”

Source

WiLan Loses In Court

Wi-Lan has suffered defeat in its patents trial against Alcatel Lucent, Ericsson, HTC and Sony, as a Texas court decided that the firms did not infringe its patents.

Wi-Lan filed a lawsuit against Alcatel Lucent, Ericsson, HTC and Sony in 2010 claiming the firms infringed patents that relate to data transmission over wireless networks. However a Texas court ruled that the four firms did not infringe Wi-Lan’s patents and found one patent Wi-Lan asserted against HTC and two it asserted against Alcatel Lucent invalid.

Wi-Lan had asserted that Alcatel Lucent and Ericsson infringed three patents, none of which claims were upheld by the court. The firm also asserted that HTC and Sony infringed another patent, and there the court not only judged against infringement but invalidated the patent.

Alcatel Lucent and HTC both said that Wi-Lan was trying to stretch its patents to cover technology in their devices.

Sally Julien, a spokeswoman for HTC said, “HTC believes that Wi-Lan has exaggerated the scope of its patent in order to extract unwarranted licensing royalties from entities who have been focused on bringing innovation forward in their own products.”

Kurt Steinert, an Alcatel Lucent spokesman said, “We think this validates our belief that Wi-Lan was stretching the boundaries of its patents, and the jury confirmed that belief.”

Wi-Lan has managed to get several companies to license its technology including Dell and Panasonic, and in May it initiated legal proceedings against Blackberry over a patent relating to Long Term Evolution network technology. However in this case the firm did not prevail against two large telecom equipment companies and two big smartphone makers.

Source

Oracle Changing Berkeley

Oracle has changed the license of its embedded database library, Berkeley DB. The software is widely used as a key-value store within other applications and historically used an OSI-approved strong copyleft license which was similar to the GPL.

Under that license, distributing software that embedded Berkeley DB involved also providing “information on how to obtain complete source code for the DB software and any accompanying software that uses the DB software.”

Now future versions of Berkeley DB use the GNU Affero General Public License (AGPL). This says “your modified version must prominently offer all users interacting with it remotely through a computer network … an opportunity to receive the Corresponding Source of your version.”

This will cause some problems for Web developers using Berkeley DB for local storage. Compliance has not really been an issue because they never “redistributed” the source of their Web apps.Now they will have to make sure their whole Web app is compliant with the AGPL and make full corresponding source to their Web application available.

They also need to ensure the full app has compatible licensing. Practically that means that the whole source code has to be licensed under the GPLv3 or the AGPL.

Source

IBM Buys SoftLayer

IBM has signed an agreement to purchase SoftLayer Technologies, as it looks to accelerate the build-out of its public cloud infrastructure. The company is also forming a services division to back up the push.

The financial details of the deal were not announced, but SoftLayer is the world’s largest privately held cloud computing infrastructure provider, according to IBM.

IBM already has an offering that includes private, public and hybrid cloud platforms. The acquisition of SoftLayer will give it a more complete in-house offering, as enterprises look to keep some applications in the data center, while others are moved to public clouds.

SoftLayer has about 21,000 customers and an infrastructure that includes 13 data centers in the U.S., Asia and Europe, according to IBM. SoftLayer allows enterprises to buy compute power on either dedicated or shared servers.

Following the close of the acquisition of SoftLayer, which is expected in the third quarter, a new division will combine its services with IBM’s SmartCloud. IBM expects to reach $7 billion annually in cloud revenue by the end of 2015, it said.

Success is far from certain: The public cloud market is becoming increasingly competitive as dedicated cloud providers, telecom operators and IT vendors such as Microsoft and Hewlett-Packard all want a piece. The growing competition should be a good thing for customers if it drives down prices. For example, Microsoft has already committed to matching Amazon Web Services prices for commodity services such as computing, storage and bandwidth.

Not all hardware vendors feel it’s necessary to have their own public cloud. Last month, Dell changed strategy and said it would work with partners including Joyent, instead of having its own cloud.

Source

Will Oracle Retire MySQL?

The founder of MySQL Michael Widenius “Monty” claims that Oracle is killing off his MySQL database and he is recommending that people move to his new project MariaDB. In an interview with Muktware Widenius said his MariaDB, which is also open source, its on track to replacing MySQL at WikiMedia and other major organizations and companies.

He said MySQL was widely popular long before MySQL was bought by Sun because it was free and had good support. There was a rule that anyone should get MySQL up and running in 15 minutes. Widenius was concerned about MySQL’s sale to Oracle and has been watching as the popularity of MySQL has been declining. He said that Oracle was making a number of mistakes. Firstly new ‘enterprise’ extensions in MySQL were closed source, the bugs database is not public, and the MySQL public repositories are not anymore actively updated.

Widenius said that security problems were not communicated nor addressed quickly and instead of fixing bugs, Oracle is removing features. It is not all bad. Some of the new code is surprisingly good by Oracle, but unfortunately the quality varies and a notable part needs to be rewritten before we can include it in things like MariaDB. Widenius said that it’s impossible for the community to work with the MySQL developers at Oracle as it doesn’t accept patches, does not have a public roadmap and there was no way to discuss with MySQL developers how to implement things or how the current code works.

Basically Oracle has made the project less open and the beast has tanked, while at the same time more open versions of the code, such as MariaDB are rising in popularity.

Source

« Previous Page — Next Page »