Install the required patches and reboot your host

In a report on the security mega-GAU Meltdown and Spectre with the potential impact on SAP Hana, we also published parts of SAP Note 2586312 (How to protect against speculative execution vulnerabilities?) in original English, see E-3 Issue February 2018, page 38.

"Install the required patches and reboot your host" - you can't get any more disrespectful towards SAP's existing customers!

Even non-IT staff know that a Hana server affected by Meltdown and Spectre cannot be rebooted without extensive preparation and planning. A Hana server is not a private notebook or gaming console where quickly unplugging it and then booting it up solves most problems.

Hana servers are integrated into a complex IT network with redundant and fail-safe components. Most SAP data centers have 24x7 operation.

Even the simplest updates and service tasks require detailed scheduling. Incidentally applying patches and bios updates on the hardware and operating system level is risky, if not negligent.

One can speak of luck if the server can be booted again at all after such an "operation". Meltdown and Spectre patches from Intel and Dell created exactly this horror scenario: Either the patched devices booted multiple times or failed completely.

Even after comprehensive and successful evaluation on the development and test servers, there is still a residual risk, so SAP's advice "Install the required patches and reboot your host" is only to be understood as a joke.

It was therefore not surprising that the E-3 report in the February from page 38 caused numerous reactions and many calls to the editorial office. As a "service" to this distressing topic, there is in this issue on page 68 a continuation.

But the disrespectful SAP note was not the only surprise to start the new year. SAP wants to buy Callidus! According to SAP CFO Luka Mucic, they have been working internally with this CRM software for sales for some time.

Because they are convinced of the functionality and there are already interfaces to SAP's ERP, the step was a logical one according to Mucic: SAP wants to take over the US company for about 2.4 billion US dollars.

Technically, the Callidus software falls into the Sales Performance Management (SPM) and Configure Price Quote (CPQ) space. In practical terms, it is SAP's defensive battle against Salesforce's CRM software.

Even the brutal and unjustified action of the SAP against the British Drinks manufacturer Diageo could not prevent many existing SAP customers from choosing the "better" CRM. Diageo was ordered to pay a high license back payment - indirect use - because a Salesforce system is connected to the SAP ERP.

SAP was very lucky in this respect: The same case in Germany would not have been so successful for SAP, as can be clearly read in this E-3 issue on page 11.

But Salesforce also seems to be only vaguely informed about SAP's actual licensing terms. Instead of triumphing and backing its own existing customers, Salesforce in Germany has been conspicuously quiet. Whoever thinks that's a bad thing?

With the unknown SAP Leonardo, the ERP world market leader is trying its hand at IoT, blockchain (see this issue's cover story) and also machine learning. The latter will probably become a laughing stock in Walldorf, even if the carnival is already over.

Machine Learning and also Deep Learning is the ability of neural networks, replicated in hardware and software, to "learn" from data and then respond "reasonably" - the whole system is modeled on human learning.

For special fields such as image and speech recognition, chess and Go, the technology Machine/Deep Learning now works excellently. A Google computer has taught itself the board game Go without prior knowledge and now plays better than any human being - the human being has constructed this computer, but he has no idea of the "self-taught" Go algorithm!

This is a danger that many experts warn against: The neural network masters processes that cannot be verified algorithmically. Naturally, proof of correct semantics is not easy to find even for algorithms written by humans.

According to a report in Handelsblatt, however, SAP CFO Luka Mucic wants to make precisely these unknown AI algorithms transparent. An SAP team is working on an AI code of conduct.

According to the Handelsblatt: Among other things, the rules stipulate that customers should be given insight into the algorithms. "If the customer perceived us as a black box, that would put a strain on our relationship," said Mucic.