2017-06-05

Trip to Moscow

Trip to Moscow

reprinted from  http://thesaker.is/trip-to-moscow-by-the-geneva-observer/

edited by Scott Humor



Hello Scott,

We have safely arrived from Geneva, both very tired (both of us had to get up at 5am). I am quickly having to learn the Cyrillic alphabet and a few words I can start recognizing (already knowing German, French and English is a big help -Russian, despite the different alphabet is a very much European language).
We found a bank to change money. Very well organized, very private booths for each customer, with a ticket system and large comfortable waiting room. Russian banking is way ahead of consumer banking than even Geneva, quite the surprise. Such a pleasant surprise from my memories of the Socialist paradise I saw in Bratislava in 1981.
The weather was wet enough to go out with the umbrella.  and discover that the streets and sidewalks have no camber, making large puddles all over. Trying to keep one’s feet dry is a real challenge. Now I know why people spend so much on shoes :-)
From the canal we walked to Red Square, saw the Kremlin but it was too late to invite Mr. Lavrov or Mr. Putin for tea. We will have to invite them another time. There was a projection onto the walls of one of the nearby buildings, in preparation for the May 9th Victory celebrations.
Impressive computer graphics, and sound system. Very creative and competent technically, do not have to envy Hollywood.
I was overwhelmed by all the monuments to the soldiers that had died in WW2. The Partisan metro station is a memorial monument, with many sculptures. There is one, a soldier with a dog at his side. It is quite funny, compared to all the others. The dog’s nose is a bright shiny bronze from all the passersby touching its nose. It seems the dog brings out some very strong emotions, more than the sculptures of various heroic men and women.  Perhaps a statement of the times? It is a true indicator of the power of art, to bring out the positive emotions from so many people. Both men and women would pat the dog sculpture as they passed by, it was almost a fetish for some.
Tomorrow it will be jeans and running shoes to continue the visit. The distances are considerable and there seems to be so much worth seeing.
The weather should be much warmer tomorrow, about 20 Celsius. It is very difficult to decide on how to dress at this time of year. We can report the first flowers in the park next to the Kremlin. The trees are just beginning to open their buds after a long winter sleep. The sense of spring is in the air. A few young women dare to go out wearing skirts and stockings, attracting admiring looks from  young and old men alike.
Young men and women seem to prefer wearing jeans, with the pre-worn look. The women prefer tight-fitting to show their form. Most of the women have a long hair style, either drawn back or braided, with a refined makeup showing a great attention to detail. In contrast the men pay much less attention to their clothing and looks, often with ill fitting clothes and a five o’clock shadow, with a tired face after a
long day working somewhere. Noticeably absent was the smell of day old sweat when entering the metro. Personal hygiene for Russian men and women is a pleasure to experience on the metro at rush-hour – no bad smells, certainly a pleasant surprise from a number of other places I have been (no naming and shaming today).
There are still a few homeless people in a sorry state at the inside to the metro entrances. A few people panhandling to get enough for their next drink or whatever. No bums living in cardboard boxes under the bridges as in London though, thank goodness.

Thanks and best wishes

Gallery of April in Moscow images
Luzhniki-City Moscow



 

2017-03-26

It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so.
~ Mark Twain

2017-02-12

Support Nebbia sportswear

A Slovakian sportswear firm called Nebbia has promised to refund customers offended by its advert featuring a black Norwegian bodybuilder – on condition that they send their requests to an email address that reads “I am racist” in Slovak. 

Hats off to the CEO, Martin Pecko.

For details see 

https://www.rt.com/viral/377096-slovakia-racist-sportswear-commercial/

2017-02-09

Amnesty International - caught out again on their Syrian “Human Slaughterhouse” Report

Amnesty International (AI) has been caught out again as being shills.  For details read,
http://www.activistpost.com/2017/02/amnesty-international-human-slaughterhouse-report-lacks-evidence-credibility-reeks-of-state-department-propaganda.html


The grave accusations AI are making are worthy of numerous libel suits. No judge is going to go to trial with such trash. It would be career suicide unless you were Louise Arbour.

You must really pay more attention to the details of their claims. Will they stand up in a criminal court proceeding?

Never.

Please read "Amnesty International is US State Department Propaganda", by Tony Cartalucci, https://landdestroyer.blogspot.ch/2012/08/amnesty-international-is-us-state.html#_blank

The financial structure is an elaborate fraud that leaves most people thinking AI is a real charity. Again you find the convicted felon, George Soros and his Open Society Foundation as well as the US State department and others of ill repute.

I highly recommend boycotting Amnesty International.

2017-02-08

After Edward Snowden… are core banking systems secure ?

The power and ubiquity behind spyware

The US administration – along with governments of other countries – has been using ever more sophisticated methods of data analysis, designed to defend and protect its interests and those of its citizens against foreign cyber attacks and other threats. At least this was the official story, until Edward Snowden, a former US National Security Agency (NSA) contractor, made public a significant volume of hitherto secret intelligence files last month. Mr Snowden’s stunning exposure of US government documents painted a rather different picture of US cyber activity on a global scale, including clandestine surveillance, data and software hijacking as well as aggressive attacks on other states, their critical infrastructure and their economic competitiveness, arguably with the potential – in extremis – to bring down large parts of the world economy. It is likely that few in the international banking industry are prepared for such an outcome.

Non-American IT professionals have long suspected that US government agencies had a healthy disregard for their rights to privacy. Mr Snowden has given the world a wake up call in this respect. The USA’s various three letter agencies (FBI, CIA, NSA, DIA) and the UK’s GCHQ, as well as agencies in Argentina, Brazil, Canada, France, Germany, Italy, Spain, even New Zealand and Australia have all shown more than a healthy interest in Swiss private banks. Mr Snowden confirmed that, since 1999, many US government agencies have been able to penetrate all Microsoft operating systems. The NSA’s ‘Prism’ surveillance project is alleged by Mr Snowden to have been operational since 2006.

Up to now, Prism’s main interest has been to tap into data from network switches, or fibre-optic cables, rather than to attack individual computers directly. It appears that the agencies concerned decided it was more expedient to collect data at the network level, taking all they could obtain from firms such as Microsoft, Facebook, Verizon, AT&T, Google, Twitter, Apple, Oracle, Yahoo and Skype (now owned by Microsoft). According to Mr Snowden, the CEOs of many of these organisations have been actively collaborating with the US administration for some time.

The US administration has set its sights on the Swiss private banking sector, with some significant punitive action, such as the US Internal Revenue Service (IRS) awarding Bradley Birkenfeld $104 million for outing those American clients of UBS who were tax cheats, as well as the Department of Justice’s legal pursuit of Wegelin & Cie, Switzerland’s oldest bank, causing it to close its doors after more than 200 years. At least 13 other banks are in the firing line.

Mr Snowden has alleged that these initiatives were apparently just the tip of an iceberg, as reported on 10th June 2013 in The Guardian, a UK newspaper, where he describes the entrapment of a Swiss banker in Geneva. The value of catching some rich tax evaders is nothing when compared to the value of the proceeds of corporate espionage. Most of the data intercepts have been tracked back to countries that are economic competitors to the US, such as China, Germany and India, in high margin industries like banking, aviation, IT, media and pharmaceuticals. It is conceivable that any private banker working with clients even remotely connected with these industries risks harassment, interference, eventually blackmail (such as in Snowden's example of a certain banker in Geneva), not to mention poaching of clients and employees by competitors.

Another problem is that over collection of this data has led to false positives, such as the UK case of David Mery reported in The Guardian on 22nd September 2005. Despite all charges being dropped against Mr Mery that year, apparently he is still on file as a potential terrorist and can no longer obtain a travel visa.

The back-doors to the various operating systems used in the financial services sector enable the use of key logging, programmed trade front running, the planting false evidence and other nefarious acts. Other parts of government and regulatory machinery appear to be unfit for purpose in providing the checks and balances one would expect from an effective administration.

For example, there still has been no adequate explanation for the massive spike in put and call options in relevant listed companies prior to September 11th, 2001. According to 911research, a website established to collate information about the terrorist attack on the World Trade Center in New York on 11th September 2001, a significant number of industry professionals were “deputized” by the US authorities to snuff out any form of disclosure. In other words, they are unable to speak about what they know, as they now represent the US government.

What is clear is a certain privileged group made a proverbial killing (see “The impact of terrorism on financial markets: An empirical study”, by Marc Chesney, Ganna Reshetar and Mustafa Karaman, Journal of Banking & Finance – vol. 35, no. 2, pp. 253-267, 2011). The SEC has so far done little, despite records that show trading volumes increasing by an unusually large margin. In the case of the NSA and the Foreign Intelligence Surveillance Court (FISA), for the last three years, these organisations have approved all government surveillance requests, excluding four that were withdrawn.

Open democracies or Big Brother states? The answer seems clear

The laws passed since 2001 allow the US government to enter a US citizen’s home with a secret warrant (FISA under the Patriot Act) , imprison the citizen indefinitely at a secret location , try the individual with secret evidence (again FISA and the Patriot Act) and – just in case these powers over a US citizen were not enough, it allows them to revoke US citizenship as a suspected terrorist . With this in mind, how fairly can non-US citizens expect to be treated?

It is fair to assume that traffic analysis from the collected meta-data could expose even judges and journalists, let alone bankers and their clients. This means the Swiss banking industry should not assume that even a legal solution is going to be possible. Perhaps banks in other jurisdictions need to consider what steps they need to take to protect themselves, their employees and clients.

Recent reports have shown that surveillance programs have regularly been abused. As well as the much-publicised News of the World phone hacking scandal in the UK, Rupert Murdoch’s news empire has also been accused of acting as a global extension of the Israeli secret service programs for intelligence gathering, propaganda and political infiltration. Evidently, Murdoch’s news organization was not simply limited to spying on celebrities. In the aftermath it has emerged that the initial Scotland Yard investigators of News Corporation were also bribed, according to reports in The Guardian.

Other alleged examples of the exploitation of software ‘back doors’ include the listening in on the Greek prime minister in 2005, during the preparation of the Olympic bid and the breach of Google's Gmail by Chinese hackers to unmask political dissidents.

Perhaps the best example of illicit corporate surveillance was Nokia, whose mobile browser decrypted all encrypted traffic from its handset's browser. Nokia diverted all traffic from its handsets through its own servers, decrypted the encrypted traffic, re-encrypting it before passing it on, issuing HTTPS certificates on the fly that the Nokia phone had been instructed to trust as secure. Deliberate or not, Nokia betrayed its financial services industry customers, amongst others, by specifically designing its phones to enable full, unecrypted access to users’ browsing activity without their knowledge. Nokia was forced to push out a patch to close the vulnerability, but could just as easily create another one if they wanted to.

Official information regarding the US-based Prism program is dubious. In effect, James Clapper, director of US National Intelligence appears to have perjured himself, by admitting that he gave an ‘erroneous’ answer to the congressional committees that were supposed to be overseeing him. This is not the first time that officials have been caught out lying in public, nor is it likely to be the last. What we can be fairly certain about regarding intelligence information is that whatever is disclosed will be the strict minimum and likely to be slanted to reflect the current administration's policies.

It appears that the current US military, led by General Keith Alexander as head of the NSA and Cyber Command, want to do more than passive eavesdropping. According to Mr Snowden, these agencies are penetrating and damaging foreign networks, both for espionage purposes and to ready them for cyber attack, if required. Apparently, the US (and possibly governments of other countries) has already created custom-designed Internet weapons, pre-targeted and ready to be "fired" against some piece of another country's electronic infrastructure on a moment's notice. These include the Flame super-virus, which was uncovered last year (to spy on PDF files) and – allegedly – Stuxnet, which was deployed in Iran to destroy centrifuges (see http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet for details). This led to considerable additional collateral damage in Iran. A similar malware called Gauss targeted Lebanese banks, including Bank of Beirut, Byblos Bank and Fransabank, according to Kaspersky Lab, a Moscow-based security firm. There is still some speculation as to what Gauss’s purpose was. What is certain is that other people will take these examples and copy them.

The sophistication and complexity of these forms of malware is frighteningly impressive and opinion is united in pointing to state sponsorship. The message from Mr Snowden is that these illicit practices are set to continue, unless they can be held in check.

Unfortunately the victims of these attacks will not just be individuals or selected targets, but also proprietary software suppliers and, ironically, American hardware and software suppliers perhaps most of all. The revelations make clear that all the hard work to stabilise the various operating platforms and the software application stacks built on top of them by most businesses over the past 25 years or so are now completely compromised, as are most of the network devices in use.

Can existing core banking systems really be secure?

The proprietary nature of most of the current software stack means that there is no access to, nor oversight of the underlying source code, nor to the compiler tools used to create the final binary programs that are installed, where all sorts of malware can be intentionally hidden. There are just not enough software experts to comb through all the coding in the software being used today, to check for hidden malware in a reasonable period of time.

The biggest core banking software providers, such as Temenos, Avaloq and Olympic are based in Switzerland, regarded by many as possibly the safest jurisdiction world-wide in terms of personal privacy. However, none of these firms have anywhere close to the tens of thousands of people and $billions in government funding available to General Alexander at the NSA and US Cyber Command. The headcount at Cyber Command alone is set to increase five-fold, following Pentagon approval in January this year, according to The Washington Post, a US newspaper.

Until now in Switzerland, most banks have been working on their core banking systems individually, or – rarely – in small groups, as with some Cantonal banks. Typically, the hope has been that a bank will have a working application after installation of a commercial package, with some period of parallel testing and tweaking of parameters as required. Getting the application into operation within a given deadline has almost always taken precedence over any other issues. This means there is a lot of bug-filled, inefficient code sitting in banks’ server rooms. Much of the code in the last decade has been outsourced to various low wage economies, which have cultures less inclined to balk at bribery (China, India, Russia, Eastern Europe). This will almost certainly catch up with the industry and bite bankers in the tail; we just do not know when, or where.

Banks have relied upon vendor staff to create and maintain the packages. The development costs of the solution were shared amongst the buyers, who hoped to pay less than the total cost to write and maintain specific subject applications in-house.

Naturally, vendors try to address the broadest possible requirements. Unfortunately, not only does this accentuate the homogenisation of the industry – a competitive nightmare, but it also means that individual requirements still require custom modifications, though this often negates the labour displacement and cost savings.

The packages are most often sold without the source code, or developer documentation, so the customer bank has no real way to audit the software package in any depth, or to fix any defects, without going back to the vendor. The buyers are at the mercy of the vendor, putting them at risk should the vendor decide to discontinue the use of a particular package, or, worse still, go out of business.

Buyers also have to struggle with incompatibility as in-house applications are mixed with different vendor packages that may not be fully compatible. Several products may have redundant functionality, or not handle certain functions at all as there is no clear line of demarcation between all of them.

The business environment is changing faster than the programs that seek to model it, meaning that the programs are a perpetual drag on corporate performance. Core banking systems often take years to modify, or change. Many of these projects have ended the careers of some otherwise competent IT professionals.

The tendency to outsource has added additional layers to the development process, creating additional expense and delays. Worst of all, it has created inevitable conflicts of interest.

The above security implications mean that, if there are no major radical changes in the software stack being used, then sooner rather than later, someone else could be eating bankers’ lunches. The current proprietary model is open to abuse by corrupted employees, competitors and government agencies, even more so when the applications are outsourced.

What the banking industry needs is software where the users and their representatives, can review, modify and share source code in the best interests of transparency, security and maintaining customer goodwill built on a free (as in freedom) software platform.

New devices such as mobile phones and tablets in various formats are also giving a strong impetus to refresh the approach to core banking applications. Many core banking systems have severe problems when it comes to scalability and integration with other software systems. Open standards and free software have a lot to offer to help build a more robust and appropriate solution for the future.

What is free software?

Free software, as defined by the Free Software Foundation ( http://www.fsf.org/ ), is not about price; it is about users' freedom to run software, to study and change a program in source code form, to redistribute exact copies, to distribute modified versions. Free software also implies free documentation. The freedom to modify is also crucial for documenting free software. When people exercise their right to modify the software, and add or change its features, if they are conscientious they will also change the software manual, in order to provide accurate and usable documentation for the program they have modified.

Free software means the users (banks, in this case) control the program. Otherwise, the program controls the users. There are several million developers writing software today. There is a high likelihood that the majority of what you want to write has already been written by someone else. Black Duck Software, a Burlington, Massachusetts, US-based provider of consulting and software for enabling enterprise adoption of open source software (OSS), estimates there are some 600,000 free or open source software projects in existence, with some 20 billion lines of code available. This represents some 10 million man-years of work http://devsbuild.it/files/PRE_andevcon_innovate-more-code-less.pdf. Free software allows organisations to save time and investment through the re-use of code.

Where is free software being used?

Free software has been at the heart of a lot of operating systems, such as the GNU/Linux kernel, which has been in use at the London Stock Exchange since February 2011. After its installation, trading times went from an average of three to four milliseconds under Microsoft and Accenture's supplied TradElect to 126 microseconds (i.e. around 30 times faster) using Millennium IT’s Turquoise. Other stock exchanges that use GNU/Linux include Deutsche Börse, the Tokyo Stock Exchange,  NASDAQ, India's National Exchange and the New York Stock Exchange.

Most readers are likely to have seen free software being used in an opportunistic fashion, but what I will be proposing in this article is a more systematic use, for more mission critical applications. Up to now, the banking industry has been more concerned with time to market, lower costs and quality, but the industry is now at a technological crossroads and is facing a major shake up. The perceived threats are potentially so great, that the private banking industry may have to set out a new software policy that is capable of meeting the challenges of the future.

Why free software for core banking?

Core banking systems have cost many millions of dollars to develop and implement. They are also typically the longest lived software applications in a bank. There is great reluctance to change these systems for many well-founded reasons.

The ethics of banking and the financial services industry more generally have often been challenged, but the revelations since 2007 have given rise to more scrutiny of professional practices than ever before. Arguably, we have seen the disadvantages of historic (and often still current) business practices being thrown into sharp relief. Proprietary software impedes most people from looking at the source code, whilst users are unable to contribute to make it faster and more secure, or to improve its development. The financial services industry has been one of the largest software consumers after government for the past forty years, but has traded off essential freedoms for very little in return. IT purchasing agents have rarely spoken about freedom, ethical issues, or responsibilities. It is probable that most leaders of financial services businesses have preferred to ignore these issues up to now, but recent observations are bringing the industry to a pivotal inflection point, not least because corporate reputations and the businesses behind them are at risk.

Why a Free IT Foundation?

Finding competent people to produce the core banking application stack is still a concern. There are not that many firms that can properly pull this off. The fastest way seems to be a takeover by a consortium of banks through a not-for-profit foundation to buy out one or more of their banking software suppliers, change the software licenses to a free source code license or re-implement software under a free license. A foundation aligns the banks interests to leverage their power and regain competitiveness against those that have received unfair advantages. Contributors to a free software project are able to capitalize their investment and treat it as an asset instead of expense all their expenditures (http://www.free-it-foundation.org).

Perhaps it is time to close some old windows and open some new doors.

Gerold Rupprecht is an independent IT specialist, based in Geneva.



After Edward Snowden…are core banking systems secure?
by Gerold Rupprecht - geroldr(at)bluewin.ch - is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
All reproductions shall include the words "This article originally appeared on www.thewealthnet.com".
Commercial copyright enquiries should be made to janderson(at)paminsight.com

Blog purpose

Geneva  is an extraordinary crossroads, not only for Europe, but the world. In the same day one can hear English, French, German and a multitude of other languages. The financial industry as it is represented here makes it a nerve center for business, politics and culture, placing it at the heart of decision-making that affects millions of people.

This blog explores some of the issues I am interested in.

You are welcome to make comments, as long as they are respectful to all others, well substantiated, logically organized and substantive. Venting and slogans will be rejected; all capitals is like screaming in writing and will be removed. Thanks in advance to all that contribute interesting and sane comments.

Any comments regarding moderating will not be posted to the main comments section. It looks unprofessional in my humble opinion.