Supplier Report: 1/5/2018

Here we go again… there is another security flaw that could impact almost all connected computers.  This time the issue is at the CPU kernel level and it could take some time to completely correct.

Amazon is one of the companies impacted by this flaw, but on the bright side, their bets on home speakers, video and music services, and grocery stores are paying off. The company also seems to be making progress on ridding themselves of Oracle software internally and in their service offerings.

And last but not least, Google is saving billions of dollars in another off-shore tax shelter plan.

Acquisitions

  • Microsoft acquires Avere Systems, file-storage vendor for Windows and Linux

    Microsoft announced intentions to buy the Pittsburgh, Penn.-based vendor on Jan. 3 for an undisclosed amount.

    Avere has developed file system and caching technologies designed to speed access to compute and storage in hybrid environments. Avere provides NFS and SMB file storage for Windows and Linux clients running in the cloud, hybrid, and on-premises environments.

    http://www.zdnet.com/article/microsoft-acquires-avere-systems-file-storage-vendor-for-windows-and-linux/

  • How FANG Stocks Left the Media Business Snakebitten: A 2017 Retrospective

    But media moguls aren’t taking all this lying down; to defang FANG, they’re fighting with fire. They are remaking their companies in the same mold as their tech rivals, first by striking the deals necessary to scale into a group of fewer but bigger businesses that can at least approach the size of a quartet boasting a combined market capitalization of $1.9 trillion. They are also pivoting toward their rivals’ style of data-driven streaming direct to the consumer. As Murdoch summed it up in the wake of the Disney deal, “Silicon Valley is spending tens and tens of billions on entertainment programming,” he told NPR. “So it makes sense to bulk up the entertainment side, so that we’ve got a company that can go direct to consumers in a big way.”

    Nothing defined the media sector more in 2017 than the mergers and acquisitions that have been the order of the day to appease an increasingly skeptical Wall Street. In addition to the Fox-Disney stunner, there was the $14.6 billion union of Discovery and Scripps completed in November. More such deals seem inevitable next year, such as the potential for Shari Redstone to engineer the reunion of CBS Corp. and Viacom. Maybe someone in Silicon Valley will finally buy one of the content companies as well.

    http://variety.com/2017/digital/news/fang-facebook-amazon-netflix-amazon-2017-1202645607/

  • Inside the Eccentric, Relentless Deal-Making of Masayoshi Son

    Chris Lane, an analyst with Sanford Bernstein, says about eight in 10 of the investors he talks with are skeptical of Son. They see him as a solid telecom operator who is taking enormous risks with his investments and has demonstrated no special skill in technology investment. Lane sees clear evidence of that disbelief: SoftBank’s stock in Alibaba and other assets are worth more than 19 trillion yen after subtracting all its debt, but SoftBank’s market cap is only 9.8 trillion yen. It’s like your neighbor having a suitcase stuffed with $1 million in cash, but you’ll only pay him $500,000 for it because you think he’ll lose the rest on the way to your house. Critics not only don’t believe Son can pick the next Alibaba; they’re convinced he’s going to squander what he already has.

    “If you think of this as a telco making unrelated investments and likely to lose money, then maybe the discount is right,” Lane says. “If you think this is a sophisticated technology investment firm with a strong track record, then this is an unbelievable opportunity.”

    https://www.bloomberg.com/news/features/2018-01-02/inside-the-eccentric-unstoppable-deal-making-of-masayoshi-son

Artificial Intelligence

  • China emerges as a hotbed for artificial intelligence (thanks JD!)

    The rapid growth of AI in China can also be partly attributed to government support. Beijing laid out a development plan in July to become a world leader in AI, aiming to build a domestic AI industry worth at least 1 trillion yuan (around $1.5 billion), according to a government document. Chirag Dekate, research director of high-performance computing for Gartner, thinks China is getting into AI for the long haul. “The U.S. is driving AI innovation across the spectrum, in software and hardware,” said Dekate in an interview with Investor’s Business Daily. “Early use cases and early adopters are happening more in the U.S. than any geography in the world. But China is looking at it from a marathon perspective.”

    https://digiday.com/marketing/china-emerges-hotbed-artificial-intelligence/

Cloud

  • The CPU catastrophe will hit hardest in the cloud

    But privilege escalation is much scarier in the cloud, where the same server could be working for dozens of people at once. Platforms like Amazon Web Services and Google Cloud let online companies spread a single program across thousands of servers in data centers across the world, sharing hardware the same way you’d share an airplane or a subway car. Collective hardware isn’t a security problem because even when different users are on the same server, they’re in different software instances, with no way to jump from one instance to another. Spectre could change that, letting attackers steal data from anyone sharing the same chip. If a hacker wanted to perform that kind of attack, all they’d have to do is start their own instance and run the program.

    Cloud services are also a lucrative target for anyone hoping to cash in on Spectre. Lots of midsize businesses run their entire infrastructure on AWS or Google Cloud, often trusting the platform with sensitive and potentially lucrative information. Bitcoin exchanges, chat apps, even government agencies all keep passwords and other sensitive data on cloud servers. If you’re running a modern web service, there’s simply no other choice. If someone did set a new exploit running on a cloud instance, there’s no telling what kind of data might shake out.

    https://www.theverge.com/2018/1/4/16850120/meltdown-spectre-vulnerability-cloud-aws-google-cpu

Software/SaaS

  • Facebook has a 100-person engineering team that helps advertisers build tools and infrastructure

    You’d expect any digital media business to offer some degree of technical support to its biggest advertisers, but the solutions engineering team is actually building products.

    For example, it was involved in creating Facebook’s dynamic ads format (where ads show different products to different users based on their activities and interests). Mehta said dynamic ads were first inspired by the complaints of an advertiser he was meeting with in Hamburg, Germany, and he then worked with the Facebook Ads team to create a prototype, eventually leading to a more polished product and broader availability.

    It’s probably safe to say that not every client meeting leads to a new ad format — sometimes Mehta’s team is just helping advertisers understand how to use their existing tools in a more effective way. But that other option, working with the rest of Facebook to build something new, is also on the table.

    https://techcrunch.com/2017/12/29/facebook-solutions-engineering/?ncid=rss

  • Amazon and Salesforce are reportedly making ‘significant progress’ moving away from Oracle technology

    Salesforce is developing its own alternative to Oracle’s database, while Amazon is moving toward open-source technology called NoSQL, sources told The Information. If Amazon and Salesforce could move away from Oracle, it could be proof that other big businesses could, too, one consultant told The Information.

    Oracle’s database technology, as well as the coding language Java, have been the market standard in many industries since at least the 1990s, as one of the first databases to support “http” technologies online.

    https://www.cnbc.com/2018/01/02/amazon-salesforce-moving-away-from-oracle-technology-report.html

Security

  • Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?

    In modern architectures, there are inviolable spaces where data passes through in raw, unencrypted form, such as inside the kernel, the most central software unit in the architecture, or in system memory carefully set aside from other applications. This data has powerful protections to prevent it from being interfered with or even observed by other processes and applications.

    Meltdown and Spectre are two techniques researchers have discovered that circumvent those protections, exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications.

    Meltdown affects Intel processors, and works by breaking through the barrier that prevents applications from accessing arbitrary locations in kernel memory. Segregating and protecting memory spaces prevents applications from accidentally interfering with one another’s data, or malicious software from being able to see and modify it at will. Meltdown makes this fundamental process fundamentally unreliable.

    Spectre affects Intel, AMD, and ARM processors, broadening its reach to include mobile phones, embedded devices, and pretty much anything with a chip in it. Which, of course, is everything from thermostats to baby monitors now.

    https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/
    Cloud infrastructure vendors begin responding to chip kernel vulnerability

    “We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”

    https://techcrunch.com/2018/01/03/cloud-infrastructure-vendors-begin-responding-to-chip-kernel-vulnerability/?ncid=rss

  • Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock

    But while the public is just being informed about the security problem, tech companies have known about it for months. In fact, Google informed Intel of the vulnerability in June, an Intel representative told Business Insider in a statement.

    That means Intel was aware of the problem before Krzanich sold off a big chunk of his holdings. Intel’s CEO saw a $24 million windfall November 29 through a combination of selling shares he owned outright and exercising stock options.

    The stock sale raised eyebrows when it was disclosed, primarily because it left Krzanich with just 250,000 shares of Intel stock — the bare minimum the company requires him to hold under his employment agreement.

    http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1

Other

  • Amazon did a lot of funky stuff this year and it’s paying off

    The bet paid off, with AWS now on track to generate more than $10 billion annually. More importantly, that $10 billion annually comes with a pretty healthy margin — though, over time, that margin may slip down. For the time being, though, it’s an impressive business compared to the razor-thin profits that Amazon might generate from its retail operations and a good data point as its media services like video or music start to play out.

    And, as usual, recurring revenue is a story that Wall Street loves. Amazon is a company that people will often tell you not to bet against, and its stock is up more than 50 percent on the year thanks to an array of businesses that all appear to be showing growth and the company’s recent-ish ability to turn a profit. Amazon can thank AWS a lot for that.

    https://techcrunch.com/2017/12/29/amazon-did-a-lot-of-funky-stuff-this-year-and-its-paying-off/?ncid=rss

  • Peter Thiel’s Founders Fund Makes Monster Bet on Bitcoin

    Relatively few mainstream investors have bought large sums of bitcoin, scared off by concerns about cybersecurity and liquidity, as well as more mundane fears of investment losses. Even some of those who do own it are cautious about speaking too publicly, lest they draw the attention of hackers.

    The recent price plunge has also spooked some. On Dec. 22, the prominent investor Michael Novogratz said he was delaying launching a crypto-focused hedge fund for outside investors, stating “we didn’t like market conditions for new investors.” South Korea announced last week it would crack down on cryptocurrency trading, an ominous sign given that the country at one point accounted for as much as one-fourth of global bitcoin trading activity.

    https://www.wsj.com/articles/peter-thiels-founders-fund-makes-big-bet-on-bitcoin-1514917433

  • Google used a popular tax trick to shelter $19.2 billion

    Newly published Netherlands regulatory filings show that Google shielded €15.9 billion (about $19.2 billion) in 2016 using the popular “Dutch Sandwich” tax trick, saving it about $3.7 billion in taxes. The maneuver involves shifting revenue from an Irish subsidiary to a Dutch firm with no staff, and promptly moving the funds to a Bermuda mailbox owned by another Ireland-listed company. And this practice isn’t slowing down — Google moved 7 percent more cash through this approach in 2016 than it did a year earlier.

    https://www.engadget.com/2018/01/02/google-dutch-sandwich-tax-maneuver/