Category Archives: Hardware

WannaCry ? Time has come so dry your tears and act!

The unprecedented ransomware attack that started on 12th May was wholly predictable and a wakeup up call of reality to a sleepwalking world.

Everyone seems to have a view on the attack with traditional media and social media being red hot with comments and finger pointing; according to Microsoft it’s all the fault of the NSA . In today’s world this is to be expected but it is only through serious investigation that the truth will be uncovered and this is the role of the authorities, supported by experts. We can all only hope they succeed in their endeavours.

We must resist the temptation of naivety. Our industry is renowned for its ability in providing innovation and making possible today what was only a dream yesterday but that ability brings with it the paradox that has been with us since the first computer was designed; the products which are launched on the market, either hardware of software, are vulnerable. No manufacturer of IT products can pretend their systems are without a hole or a door that ill-intentioned and very determined individuals or organisations can enter to either steal our identities, to spy on our private lives or to kill our businesses. It is a very reasonable paranoia to declare that WannaCry is just a taste of our future and a clarion call of what is to come.

There are many on-going debates around the world with purpose of setting up rules, providing guidance and introducing policies to deal with the threat so we can be prepared. For example in the US one debate is clearly described in a report under the title “Law Enforcement Using and Disclosing Technology Vulnerabilities” . The questions raised in this report can be condensed as, should we make public a vulnerability to which there is no associated fix and how should we organize and reward the community of “good guys” that detect the vulnerabilities and fix them before hackers exploit them? Those who read the report will be disturbed to discover that security agencies are playing on 2 boards of the same game by exploiting for their own needs the vulnerabilities. This is the real world we are living in and we will not change it by simply trying to wish it away. We have to face the facts and be cognisant of reality.

Contained within the report is a detail which is of most interest for our secondary market industry. On Page 2 is a short but clear definition in a grey box under the title Relevant Terms. Vulnerability is defined as “a security hole or weakness in hardware, software, or firmware that can leave it open to becoming compromised.” Previous attempts at defining vulnerabilities have never been as clear. Reviewing the “Common and Vulnerabilities Exposures” (CVE) web site we can read : “A “vulnerability” is a weakness in the computational logic (eg. code) found in software and some hardware components (eg. firmware)…”. We are glad that the definition provided in the report takes us one step further than the CVE definition with the clear distinction between hardware, firmware and software being independently potential sources of vulnerability that require discreet fixes. This definition reflects the point of view of Free ICT Europe despite the many debates and attempts by OEMs and Software Companies to make it confusing.
For our precious secondary market to move forward and be a part of a secure future the lessons to be learned are easy to summarise:
– Firmware & Software updates that fix vulnerabilities should be applied on a regular routine basis and in emergency when an attack in imminent or in progress
– If it is a customer responsibility to keep their infrastructure up to date and protect them with all technological means, independent services providers should advise customers of serious threats which are in the scope of the commitments of their services agreements
– OEMs and Software Companies should make available without charge, unfettered and in an expeditious way all vulnerability fixes, without the precondition of a service agreement and allow independent providers to act on the behalf of their customers

The last point in the list is one of the main positions we defend at Free ICT Europe. We have tirelessly campaigned to raise the awareness of the stakeholders and are heavily involved in the legislative agenda of the European Commission.
In discussions with the new initiative of Directive for Ecodesign , we have successfully introduced the obligation on an OEM to provide firmware updates in to their project. This is just a first step but we will not giving anything away.
To enable us to reach the goals that will benefit us all your support is more than precious and we are thankful for your contributions. The very future of our industry is in our collective hands.
Don’t give up, be part of the solution and join us. We need you, you need us, we all need each other.

(1)] https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

(2) https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000b0jp3ebltdsdrs71bju2qbfb1

(3) https://www.hsdl.org/?abstract&did=800768

(4) https://cve.mitre.org/about/terminology.html

EU inaction would costs taxpayers €1bn+& hands it straight to US multinational

The EU made a Decision in 2011 to break the monopoly of IBM on the secondary market of maintenance and support of IBM mainframes. During the last five years mainframe users who chose Independent Service Providers (ISP) as an alternative to IBM, have reaped the benefit of millions of euro in costs savings as is to be expected in a fair, open and competitive landscape.

This Decision expired on December 14th 2016 when, in accordance with the spirit of competition rules it was expected that all the stakeholders involved would  come to a gentleman’s agreement to renew it on equitable terms. If the regulatory authorities cannot make a difference in applying Article 101 & 102 of the “Treaty on the Functioning of the European Union” (TFUE) this case shows its limitations in the real world.

ISPs need a long term “(main)frame of regulation” to protect their investments, their skills and their customers. Customers need to be sure ISPs will be able to comply with their needs. Customers need the certainty there is an authority that is strong enough to guarantee the balance between IBM and ISPs and, in case of any infringement, an authority that has the power to impose penalties.

It is illusory to believe that a multinational such as IBM would act in compliance with a Decision that is expired. It is  more realistic to consider that IBM would impose, without any negotiation, unilateral Terms and Conditions that dramatically reduces the level of the obligations IBM was forced to accept. The reality is that IBM is now ready and prepared to engage in a fast winback of the market share of the ISPs on the secondary market of services.

As a result the cost to Europe will be in excess of €250m.per year through higher maintenance and support costs with potentially up to €1bn in additional capital costs as the US giant, International Business Machines Corp (IBM), takes back total control of the mainframe hardware market in Europe.

Who will pay? Well of course it will be the European taxpayers and consumers of the large European organisations such as banks, insurance companies and financial institutions that still invest in this reliable technology that is critical to their businesses.

Don’t sleep at the wheel !

Having been alerted by the ISPs and then on its own initiative, the EU took bold step in dealing with the discriminatory behaviour toward competing suppliers of mainframe maintenance and support services. In 2016 the EU has to investigate again as, to not do so they will be handing back to IBM complete control of this lucrative market.

Despite the efforts of many European bodies and organisations to warn the EU of the potential costs of not renewing this arrangement, the Decision has not been renewed.

Nevertheless, the EU has received many requests from ISPs to re-open the case in order to renew the Decision. There is no doubt that any upcoming investigation will demonstrate IBM will again be in a monopoly without the Decision, and will come to the same conclusion it did in 2011.

Free ICT Europe is calling on the EU to make this a priority.

Jobs

The inevitable impact of this on the European IT services providers who operate in this sector are job losses. Of even greater significance will be the inevitable job losses from the organisations that use mainframes as they struggle with higher costs and the need to reduce their IT budgets. People are always the first thing to go in times of austerity.

For more information email to: contact@free-ict-europe.eu or call +(31) 30 698 2698

IBM EU Commitments

Five years ago the Directorate General of Competition of the European Union made a Decision related to the maintenance and the support of the IBM Mainframes. It was the result of a complaint filed 2 years before. This Decision could be compared to an earthquake as it was the first time in Europe a big IT player was forced to provide TPM’s with necessary inputs to compete on the secondary market of services. It was as well the first time a Decision article 9 was taken against an US company in favor of independent European companies. IBM was force to provide Commitments and the European Commission made them binding with a 10% penalty on the worldwide turnover in case of infringement or circumvention. This was in 2011.

Since we know how most of OEMs have been arguing about Intellectual Property in order to first withdraw the rights of customers to access bugs fixes for free and then foreclose the secondary market of services for the TPMs.

It is worth to notice that IBM was preparing its policy change (microcode update access restrictions) for Power Servers and Storage Solutions while in the meantime the company was forced to commit on making them accessible at reasonable terms and conditions microcode updates, spare parts and configuration records for mainframes.

The EU Decision will end December 14, 2016 and the subsequent contract some TPM signed (aka “TPM Agreement”) will expire at the same date. We bet the terms and conditions of the new TPM Agreement proposed by IBM will be reviewed to their lowest level while not being under the control of a Decision.

Also when you are not dealing in Mainframe products or services, this has still impact; the domination of IBM will increase their position in other segments and deeply inspire other OEMs and Software companies.

So doing nothing is absolutely no option. To get the required attention FIE supports a new complaint that has been filed to request the Commission to renew their Decision.

The future for Short Termism? Well, it’s short term!

Once upon a time it was always sunny in summer, it always snowed at Christmas & the world revolved at a much slower pace, whilst the former two maybe views from the rose tinted spectacles of age, the latter is undoubtedly true. Was the world a better place then or not I really couldn’t say, but the now ubiquitous appetite for instant gratification & desire for short term gain surely has a detrimental effect on the transition of time for all of us; whatever happened to the simple pleasure to be had in waiting for something to arrive, or the heightened pleasure to be got out of it when it did? That short termism is bad for the individual psyche is a purely personal viewpoint & moot, however in terms of the businesses that affect all our lives it’s a curse that if left unchecked will blight future generations in an unending cycle of jam today with no bread to spread it on tomorrow, with bust following boom as sure as night follows day.

The future for Short Termism? Well, it’s short term!

It seems that long gone are the days when business cycles were measured in years, when the long term stability of an organisation was far more important than any short term outlook. The annual announcing of a company’s figures so that the shareholders could see the basis on which their dividends had been worked out has always been, but recent history seems to show that share value is now far more important than dividends. The problem with using share value as the measure of success is that they are far more prone to vagaries in a market or short term influences & can be kept artificially high; to compound the problem we’ve gone from annual reporting, to quarterly reporting to what is now almost a daily picture of a company’s share value which can then wrongly be translated as a measure of its success. The obsession with keeping it high will almost naturally lead to practises that in the short term do indeed meet their given objective, but without thought of the possible long term consequences lead to disasters that affect all of us, sometimes for a very long time. The epitome of short termism are some of  the events in the lead up to the austere times we’re all living through now; I mean, who in their right mind would have thought it was a good idea to lend money to people in the sure knowledge that it would not/could not be paid back? To then bundle up these loans into packets of thousands of borrowers & move these packets around the world for different banks to use as security to borrow more money from other banks they could then lend to more people that had no prospect of ever paying it back; to most of us this would seem like lunacy. But the goal of short termism was achieved & the shareholders were happy. It’s easy to say with hindsight that anyone that was involved in these practises that didn’t realise one day the tally man would come knocking & the debts would be called in must have been an idiot; & anyone involved that did realise that this would be the case, yet continued regardless, must have been a criminal, though when it really boils down to it, the vast majority of us benefitted from the excesses, drunk on the prospect of cheap & easy mortgages, even those that were in a position to stop it didn’t. We were all taken in either wittingly or otherwise for which we all now have the hangover, even those once happy shareholders. I hasten to add that this is not meant as a Banker Bash so I use this only as a clear example of which we are all familiar as to where short termism can lead & invariably does.

But there is another way, & maybe the winds of change are beginning to whisper, although quietly for now, in the circles where change can really happen. Progressive Procurement Departments are beginning to look further than just the bottom line of companies they award business to. Government Departments are being instructed to award contracts to Small to Medium Enterprises who are less likely to be shackled by hoards of baying shareholders; though I fear that one of the greatest challenges of Government is their inability to write Tenders that don’t almost instantly preclude the very SMEs they are wanting to recruit from responding to the Tenders, but at least the thought is there; maybe one day they’ll get it right. Naturally any organisation that awards business to another, needs to know that the company they are awarding to is financially sound, but questions in tenders on the subjects of cost cutting & redundancies are becoming more common, suggesting that long term soundness is taking precedence over short term appearance. But there’s more; questions on how a company interacts with its local & greater society are beginning to appear in tenders; questions on a company’s ecoego seem to be taking on a more important role in the awarding of business. Now I’m no fool & I do realise that a lot of this may just be box ticking for the time being, but I do hope that one day it will be realised that a combination of these three fundamentals will prove that a company with long term goals & a long term perspective is a far better proposition for society in general than a company whose only fixation is that of Share Holder Value. The basics for a company to truly become progressive can be encapsulated into the principles of the Triple Bottom Line, with a wider adherence to these principles bringing, may be not an end to short termism, at least smoothing out some of the troughs & peaks. I’m not going to repeat Gordon Brown’s claims of bringing an end to Boom & Bust, but maybe in future it might just be Fizzle & Just a Little Bit Broken (but don’t worry, it’s easily fixed).

So, the first principle of the Triple Bottom Line is that of Social Responsibility & for me the fundamental obligation of any company that claims to be responsible to the society in which it works is to pay the correct amount of tax in whatever country it conducts its business. It’s very convenient to forget that the people within a country that buy a company’s product are the customers that produce its profits within that country, & with that comes a duty to pay taxes back to those people, but I’m afraid forgetfulness is not really a defence in the avoidance of tax. How many times have you heard that tax avoidance is within the law? But again for me that’s no defence. There are many things that the law allows me to do but, for whatever reason I choose not to, it’s my choice as it is likewise with the tax avoiders; because the law says they can it doesn’t mean they have to, it’s their choice. It is a conscious decision & they choose not to pay tax to those they owe it to, it doesn’t just happen. Any company that claims Social Responsibility & then avoids paying tax in that society is deluding itself, its customers, or both. Whilst for me, the payment of tax is a fundamental, real Social Responsibility has a far deeper reach than just that & begins with the welfare of a company’s employees. These days I think it’s taken as read that a worker is paid a fair days pay for a fair days work, but it seems that organisations that really take in to account the well being of their workers are still few & far between; a happy worker is a good worker is an adage that appears to be lost in the mists of time but can be so easily resurrected with just a little thought plus a little expenditure. Then there’s a responsibility to the local area in which a company is based & where the majority of its employees will live. By using local companies wherever possible, not just based on price, & by sourcing from local producers wherever possible, the local economy will improve & exponentially increase the well being of a company’s employees as this creates greater opportunities for husbands/wives/children to gain employment in the local community in an almost self fulfilling cycle. Supporting local organisations, both charitable & business, is the true mark of a socially responsible company.

The second principle of the Triple Bottom Line is the traditional one, that of profit; now profit is not a dirty word, profit is good as without profit a company cannot do all the other things that make it into a truly successful company. However, the problem with short term profits is that they become the singular goal with all other considerations ignored. How many times do we see companies cutting costs, which usually means the loss of people’s jobs, just because their profits are down? They’re still making a profit just not as much as they were, or as much as they’re shareholders expect. Even the great behemoths of our own industry would rather lose people than admit to a reduction in profits, once loyal employees become little more than faceless, collateral damage in their war to keep shareholders happy, cast adrift with no thought to the devastation unemployment can cause them & their families. Obviously there are times when companies must let people go, but when it’s done purely to prop up share value it’s wrong. So all successful companies must make a profit, but a profit that is holistic to everything else the company does & not a single end in its own right, profit built on sound, long term business practises is what we should all strive for.

There’s an odd juxtaposition with the final principle as in most respects it could be deemed as the most important in the long term, but in the extreme long term is of absolutely no consequence at all. The Golden Age in which we have lived for the past 15,000 years cannot, will not last forever; as in a poem to Ozymandias all things will come to end, however grand they were in existence & our civilisation is no exception (though that’s probably the subject of another blog!).  At least with the third principle of Environmental Responsibility we do have the chance of kicking that can as far as possible down the road of inevitability & have a duty to future generations to do so. The current rate of consuming natural resources cannot go on for much longer as nothing is endless & from building infrastructure with as small an environmental impact as possible to making sure all unnecessary lights are turned off at night, businesses are in the vanguard of making sure that the generations that follow will have a world worth living in.

As I’m sure you probably realised by now, that as this blog is appearing on a Blue Chip website I believe Blue Chip to be a great exponent of the Triple Bottom Line, though whether this was an predetermined goal of the company or whether it’s just evolved over time as the right way to run a business I couldn’t say. Something I do know is that I’m proud to work for such a progressive organisation & that the feeling of self satisfaction it engenders is probably an obtuse benefit that most if not all employees feel; I doubt whether all other Blue Chip staff have sat down & thought about it in detail but rest assured they will all have benefitted to a greater or lesser extent to the Triple Bottom Line. So this is not a smoke blowing exercise no, even though it’s too big a subject to cover in a couple of thousand words the point of this blog, if indeed blogs need to have a point other than a means to while away a wet Sunday afternoon in June, is to give a glimpse in to why Blue Chip is the right kind of company to do business with. Secondly, though just as importantly, to hopefully strike a note that to have a successful company in its broadest sense it is possible or maybe even necessary to be truly successful, to look after its People, it’s Profits & its Planet.

Image Credit: http://www.britviclearningzone.com