I. T. Epistemology (Study Of Information Technology)

Microsoft's DreamSpark Sparks I.T. Students Worldwide

noreply@blogger.com (Steven Ashley) — Wed, 20 Feb 2008 06:15:00 +0000

I've spent a lot of time saying that rather than pursuing additional H-1B visa's Microsoft which arguably hurts American educational competitiveness, they need to do more to just the opposite, improving American educational competitiveness.

Looks like they may have listened they have just introduced the DreamSpark program aimed at fostering technology innovation worldwide. Through the DreamSpark program, Microsoft is giving away development and design software to university and high school students around the world, including those right here in the United States.

Microsoft Chairman Bill Gates is expected to unveil the DreamSpark program Tuesday at Stanford University on the first stop of a U.S. and Canadian college tour. The program is now available to more than 35 million college students in Belgium, China, Finland, France, Germany, Spain, Sweden, Switzerland, the U.K. and the U.S.

Software available to students through DreamSpark includes Microsoft's development environment, Visual Studio 2005 Professional Edition, and its Web and graphic design toolset, the Expression Studio, also available through the program is the XNA Game Studio 2.0, SQL Server Developer Edition, Windows Server Standard Edition and other software and resources.

The programs available include:

Testers Check Out uTest The New Pay Per Bug Testing Community

noreply@blogger.com (Steven Ashley) — Wed, 13 Feb 2008 06:59:00 +0000

Testers, looking for something to do in your spare time, you might want to take a look at uTest a new pay per bug software testing community.

Anyone can sign up be a software tester and make some cash. uTest estimates that its testers will be able to rake in anywhere from a few hundred to a few thousand dollars per month.

I don't know about your but I could use an extra few thousand per month. If your like me and want to find out more check out TechCrunch - uTest Now Open for Business: Get Paid to Find Software Bugs:

The startup is trying a crowdsourcing approach to testing software bugs. Anyone can sign up to test software and make some cash. uTest estimates that its testers will be able to rake in anywhere from a few hundred to a few thousand dollars per month, depending on tester-expertise and bug pricing.
It is important to note that bug prices will fluctuate in real-time based on a variety of parameters, including: Bug type (logical, GUI), type of application (Web, desktop), number of testers that fit the required profile for the testing environment, bugs left to find, and more.

Over 2000 testers from around the world have already signed-up, so it seems the company’s pay-per-bug model is resonating well across testing professionals.

Be Careful What You Post Online, The World Is Watching!

noreply@blogger.com (Steven Ashley) — Wed, 13 Feb 2008 06:01:00 +0000

For year's I have told my teenagers and their friends to be careful what they post online in Facebook or on other such services because, I know that between Google making what amounts to a continuous history and the retention polices of the sites themselves, there is really no such thing as deleting a post after it has been exposed for anytime online.

Proving my point, is an article in today's New York Times called How Sticky Is Membership on Facebook? Just Try Breaking Free. In it MARIA ASPAN states:

Some users have discovered that it is nearly impossible to remove themselves entirely from Facebook, setting off a fresh round of concern over the popular social network’s use of personal data.
While the Web site offers users the option to deactivate their accounts, Facebook servers keep copies of the information in those accounts indefinitely. Indeed, many users who have contacted Facebook to request that their accounts be deleted have not succeeded in erasing their records from the network.
“It’s like the Hotel California,” said Nipon Das, 34, a director at a biotechnology consulting firm in Manhattan, who tried unsuccessfully to delete his account this fall. “You can check out any time you like, but you can never leave.”
It took Mr. Das about two months and several e-mail exchanges with Facebook’s customer service representatives to erase most of his information from the site, which finally occurred after he sent an e-mail threatening legal action. But even after that, a reporter was able to find Mr. Das’s empty profile on Facebook and successfully sent him an e-mail message through the network.
In response to difficulties faced by ex-Facebook members, a cottage industry of unofficial help pages devoted to escaping Facebook has sprung up online — both outside and inside the network.
“I thought it was kind of strange that they save your information without telling you in a really clear way,” said Magnus Wallin, a 26-year-old patent examiner in Stockholm who founded a Facebook group, “How to permanently delete your facebook account.” The group has almost 4,300 members and is steadily growing.
The technological hurdles set by Facebook have a business rationale: they allow ex-Facebookers who choose to return the ability to resurrect their accounts effortlessly. According to an e-mail message from Amy Sezak, a spokeswoman for Facebook, “Deactivated accounts mean that a user can reactivate at any time and their information will be available again just as they left it.”
But it also means that disenchanted users cannot disappear from the site without leaving footprints. Facebook’s terms of use state that “you may remove your user content from the site at any time,” but also that “you acknowledge that the company may retain archived copies of your user content.”
Its privacy policy says that after someone deactivates an account, “removed information may persist in backup copies for a reasonable period of time.”
Facebook’s Web site does not inform departing users that they must delete information from their account in order to close it fully — meaning that they may unwittingly leave anything from e-mail addresses to credit card numbers sitting on Facebook servers.
Only people who contact Facebook’s customer service department are informed that they must painstakingly delete, line by line, all of the profile information, “wall” messages and group memberships they may have created within Facebook.
“Users can also have their account completely removed by deleting all of the data associated with their account and then deactivating it,” Ms. Sezak said in her message. “Users can then write to Facebook to request their account be deleted and their e-mail will be completely erased from the database.”
But even users who try to delete every piece of information they have ever written, sent or received via the network have found their efforts to permanently leave stymied. Other social networking sites like MySpace and Friendster, as well as online dating sites like eHarmony.com, may require departing users to confirm their wishes several times — but in the end they offer a delete option.

So if you have MySpace or Facebook account, be careful what you post, as it can and very well may be retrieved by friends, family or even potential employers.

IBM Releases 2007 X-Force Security Report, Hackers Are Gaining Sophistication

noreply@blogger.com (Steven Ashley) — Tue, 12 Feb 2008 21:23:00 +0000

I spend a lot of time speaking my mind on the security problems the Information Technology sector faces in today's world, but I'm not alone, Help Net Security has a nice post detailing the findings of IBM's 2007 X-Force Security report. Today's IBM report revealed a disturbing rise in the sophistication of attacks by criminals on Web.

Check out this from Help Net Security - Report - Web browsers under siege from organized crime:

The Storm Worm, the most pervasive Internet attack last year, continues to infect computers around the world through a culmination of the threats the X-Force tracks, including malicious software (malware), spam and phishing. Last year, delivery of malware was at an all time high, as X-Force reported a 30 percent rise in the number of malcode samples identified. The Storm Worm comprised around 13 percent of the entire malcode set collected in 2007.

In other findings, for the first time ever, the size of spam emails decreased sharply to pre-2005 levels. X-Force believes the decrease is linked to the drop off of image-based spam. This decrease can be counted as a win for the security industry - as anti-spam technologies became more efficient at detecting image-based spam, spammers were forced to turn to new techniques.

The X-Force has been cataloguing, analysing and researching vulnerability disclosures since 1997. With more than 33,000 security vulnerabilities catalogued, it has the largest vulnerability database in the world. This unique database helps X-Force researchers to understand the dynamics that make up vulnerability discovery and disclosure.

The new X-Force report from IBM also reveals that:
The number of critical computer security vulnerabilities disclosed increased by 28 percent, a substantial upswing from years past.
The overall number of vulnerabilities reported for the year went down for the first time in 10 years.
Out of all the vulnerabilities disclosed last year, only 50 percent can be corrected through vendor patches.
Nearly 90 percent of 2007 disclosed vulnerabilities are remotely exploitable.

IBM estimates the Storm worm is netting just under $2 million per day for its creators which is a major incentive for hackers to create more and more similar attacks. The Worm's financial success comes the massive collection of autonomously running computers (botnet) which then launch profitable spam campaigns.

I have to admit if I were a little less scrupulous I would be tempted!!

Programmers Guild: BusinessWeek exposes how Industry really uses H-1b workers

noreply@blogger.com (Steven Ashley) — Wed, 06 Feb 2008 05:12:00 +0000

If you've read my blog you know that I believe the H-1B program is the source of the decline of the I.T. profession in the United States and the destruction of the I.T education system in the United States, and I would be remiss if I didn't bring you the latest stories on the H-1b program and how is is used and abused by America's I.T. industry, so I submit for your reading two stories on the issue.

Programmers Guild: BusinessWeek exposes how Industry really uses H-1b workers:

Listening to Compete America one would think that H-1b workers are the "best and brightest" in the world, contributing to "U.S. global competiveness." But as the 1/31/08 BusinessWeek article "Are H-1B Workers Getting Bilked?" exposes, H-1b are being used by Indian consulting firms to bring in cheap labor, driving American consulting firms out of business, and displacing highly-skilled U.S. workers.

First, Indian consulting firm Patni undercut American workers when DOL approved the labor condition applications for a "prevailing wage" of $44,000 per year. This is far below the "$45 to $80 per hour" that the Yoh study found to be the average for U.S. workers with "high demand" skills, such as "Database Administrator" and "Application Developer."

What Patni didn't disclose was that the $44,000 "salary" presumed that their workers put in lots of overtime. Their base pay was only $11.72 an hour - they were expected to reach their "salary" by working overtime. But even with 23 days of overtime, one H-1b's annual pay worked out to only $35,305 in 2004.

As State Farm in Bloomington Illinois was laying off their American staff, the LCA Database reveals that Patni Computer Systems was bringing in hundreds of Indians on H-1b visas - many placed at State Farm. As mandated by the U.S. Congress, the Department of Labor rubber-stamped these LCAs (labor condition applications) for wages as low as $27,000 for computer programmers. H-1b workers must have a minimum of a BS degree and specialized skills.

Many of the LCAs were filed by Dayanand Allapur, Vice President HRD 617-914-8367. Patni's main number Cambridge, MA is 617-914-8000

Among the Americans who lost their jobs was George Moraetes. He reports having "seen 4 - 5 H1-b's living in a one bedroom apartment" and that the same pattern of H-1b usage was employed by GE.

Contrary to helping the U.S. remain "globally competitive," the top users of the H-1b program are Indian consulting firms. They are transferring U.S. jobs and technology back to India and increasing the U.S. trade deficit. Without the H-1b and L-1 visa programs much of this loss of U.S. tech leadership would not be possible.

Patni is headquartered in Mumbai, India. Their website provides roadmaps for transferring manufacturing offshore: http://www.patni.com/

The U.S. Congress needs to wake up to the imminent threat posed to the U.S. economy by shipping our manufacturing to China and now services to India. Or economy cannot sustain this growing trade deficit and gutting of U.S. infrastructure.

Businessweek - Are H-1B Workers Getting Bilked?

A few years ago, Vishal Goel had high hopes of moving from his native India to the U.S. to work as a computer programmer. He approached Patni Computer Systems, a Mumbai company that provides tech services to many American businesses, and Patni agreed to apply for a U.S. work visa on his behalf. By 2004, Goel was in Bloomington, Ill., working for Patni at State Farm Mutual Automobile Insurance, the largest car insurer in the country.

But this was no dream job come true. Goel's base salary was $23,310, about half the $44,000 that Patni had said it would pay on the visa application, according to a lawsuit he has filed against the company. When Goel complained, one official said that Patni would brand him a "troublemaker" and that his parents in India would be harassed unless he stopped, the suit alleges. Goel, who left Patni in 2005, filed suit in November, 2007, in federal court in Illinois. He's suing along with a former colleague, Peeush Goyal, who alleges he was subjected to similar treatment. Patni declined to comment, though in court documents it denies the charges.

Goel's is not an isolated case. A number of the most active users of the work-visa program, for what are known as H-1B visas, have been accused of underpaying or otherwise mistreating workers. Last year, Patni paid $2.4 million to 607 H-1B visa workers after a Labor Dept. investigation uncovered systematic underpayment of wages. "I highly suspect that these employment practices are widespread among the tech-outsourcing firms," says Ron Hira, assistant professor of public policy at Rochester Institute of Technology, who will testify as an expert witness in the Goel case.

The Goel lawsuit is one of the first filed in U.S. courts by a visa worker against his employer, perhaps because of the murky legal status of such workers. The estimated 500,000 people in the U.S. on H-1Bs are by definition citizens of other nations, and they're usually beholden to employers that can transfer them home at will. The Goel case provides rare insight into how one outfit allegedly has treated workers it brings into the U.S.

SIMPLE GREED

In their case, Goel and Goyal say that Patni regularly underpays employees in the U.S. "This forces the same financially strapped individuals ... to incur the expense of retaining an attorney to try and obtain the money to which they are entitled," the suit charges. If workers complain, the plaintiffs say, Patni threatens to sue them. They charge that Patni's motivation is simple greed. "The more H-1B employees that Patni is underpaying, the more total profit that is made by Patni," the suit alleges.

Goel, Goyal, and their lawyer, Thomas J. Arkell, declined to comment for this article because the litigation is ongoing. Patni says in court papers it didn't promise Goel $44,000 and says he has no "right to action" because he has no claim under the laws cited in the case.

The Goel lawsuit raises questions for U.S. workers, too. The H-1B program requires companies that bring employees into the U.S. to pay the prevailing wage in that job, so as not to depress the salaries of Americans in similar occupations. Documents filed in the suit appear to show that Patni told the Labor Dept. it would pay Goel a base salary of $44,000, which it said was more than the $43,867 prevailing wage it determined for a midlevel programmer and analyst. Yet even after working the equivalent of 23 days of overtime at $11.72 an hour, Goel earned a total of $35,305 in 2004. "Patni's underpayment of wages not only harms its H-1B employees but also harms the wages of U.S. employees," the lawsuit charges.

Many prominent U.S. companies use outsourcers, especially for tech services and support. Patni's largest client is General Electric (GE). Others include MetLife (MET) and St. Jude Medical. GE and MetLife declined to comment on Patni and whether they monitor how it manages its workers. St. Jude says it advocates for contract workers who file complaints, although no Patni workers have done so.

State Farm has turned increasingly to Patni and is now its No. 2 client. Dick Luedke, a State Farm spokesman, says that visa workers receive fair treatment. "Working conditions at all our State Farm locations are monitored and maintained without distinction of State Farm or vendor employee," he says. "We of course negotiate how much we pay the vendor; what the vendor does to get the work done is up to the vendor." According to the Goel suit, State Farm paid Patni "in excess of" $100,000 per worker.

State Farm has had layoffs as it has brought in Patni workers. Outplacement specialist Challenger, Gray & Christmas says the insurer has let go 10,000 workers nationwide since 1995, though Luedke says only one quarter of those were "involuntary severances." He says Patni employees have not replaced staffers and the insurer's own IT staff has risen from 5,500 in 1995 to 5,900 in 2007. Luedke says State Farm doesn't track how many outsourced workers it uses.

George Moraetes is a U.S. worker who believes he was affected by the H1-B program. A specialist in info tech security, he worked at State Farm from 2002 to 2004, when the company declined to extend his contract. Now in Chicago, he's unable to find a staff position in his specialty. "The whole industry is being outsourced and contracted," he says. "The American IT worker is a dying breed."

Moraetes has empathy, not anger, for employees such as Goel who come to the U.S. on H-1Bs. "The workers are living in squalor," he says. "I feel sorry for them."

The H-1B program could get an overhaul later this year. Senators Richard J. Durbin (D-Ill.) and Charles E. Grassley (R-Iowa) have proposed reforms because of what they consider widespread abuse. "There are simply too many loopholes that companies can use to get around the original intent of the H-1B visa," says Grassley in an e-mail.

As for Goel, he hasn't given up on his dream of living in the U.S. He's in California with another employer serving as his visa sponsor. His case is expected to go to trial later this year.

Links
More Harm Than Good?
In his paper "Outsourcing America's Technology and Knowledge Jobs," Ron Hira, a Rochester Institute of Technology assistant professor, argues that U. S. visa programs for overseas workers hurt the wages and job security of U.S. tech workers. Expanding the number of visas, Hira contends, "would directly lead to more offshore outsourcing of jobs, displacement of American technology workers, decreased wages and job opportunities, and the discouragement of young people from entering science and engineering fields."

Wake up American, we cannot remain great if we have to depend on other countries to educate and supply people so critical to our economies wellbeing.

Presidential candidates positions on tech positions

noreply@blogger.com (Steven Ashley) — Wed, 06 Feb 2008 02:47:00 +0000

As the presidential candidate pools shrinks their positions on issues important to us techies become more and more important. To feed your need to know check out

InfoWorlds - Presidential candidates stake out tech positions:

Senator Hillary Clinton
New York Democrat Clinton, like other candidates, hasn't made tech issues a central part of her campaign, but she has championed an " innovation agenda" as one of her top issues. That agenda includes several policies that many large tech companies have embraced.
Clinton wants to pump up the basic research budgets at the National Science Foundation, the Department of Energy's Office of Science, and the Department of Defense by 50 percent over 10 years.
She also would require that federal research agencies set aside at least 8 percent of their research budgets for discretionary funding of high-risk research, and she would increase funding for research on Internet- and IT-based tools, including supercomputing and simulation software.
"Under the Bush administration, agencies like the Defense Advance Research Projects Agency (DARPA) have reduced support for truly revolutionary research," Clinton's Web site says. "This is a problem because DARPA has played a major role in maintaining America's economic and military leadership. DARPA backed such projects as the Internet, stealth technology, and the Global Positioning System."
Clinton also wants tax incentives to encourage broadband providers to deploy services in underserved areas. She has called for federal support of state and local broadband programs, including municipal broadband projects. Clinton has also called for a research-and-development tax credit, extended temporarily multiple times since 1981, to be made permanent.
Clinton has said she would support net neutrality regulations for U.S. broadband providers.
Former Governor Mike Huckabee
Huckabee, an Arkansas Republican and ordained Baptist minister, has largely ignored tech issues during his campaign.
He has, however, called for an increase in immigrant visas for highly skilled and highly educated workers, a position shared by many large tech companies. Otherwise, Huckabee would largely shut down U.S. borders to immigrants.
Instead of technology, Huckabee has focused on social issues such as making abortion illegal and defining marriage as only between a man and a woman.
Huckabee also wants the United States to achieve independence from oil-producing nations.
Senator John McCain
The Arizona Republican is a longtime member of the Senate Commerce Committee. As such, he can argue that he has the most tech policy experience of any of the remaining major-party candidates.
In recent years, McCain has pushed for a nationwide voice and data network for public safety agencies. He was one of the Senate's leading voices in the effort to get U.S. television stations to give up part of their analog spectrum for use by police and fire departments. The rest of that spectrum is being sold in the FCC's auctions now under way.
McCain has been noncommittal about net neutrality laws. He's said he'd be concerned if Internet users' access is blocked, but he's also suggested broadband carriers need to recoup their investments.
McCain last year also called for an increase in government research and development spending, and he's said he'd draft "the best and the brightest" of American CEOs to work in his administration if he were elected, including Cisco Systems' John Chambers and Microsoft's Steve Ballmer.
He has also supported efforts to make an Internet tax moratorium permanent, recently calling the Internet "likely the most popular invention since the light bulb." In 2004, he urged the Federal Trade Commission to focus more of its efforts on fighting spam.
In 2005, McCain split from many other Republicans by authoring legislation that would prohibit states from outlawing municipal broadband projects. McCain said then he was concerned that the United States has fallen behind more than a dozen other countries on broadband adoption.
Senator Barack Obama
The Illinois Democrat in November released an extensive tech policy paper, earning him praise from several tech groups.
Obama gets technology, said Julius Genachowski, co-founder of Rock Creek Ventures and a longtime friend. "He will be a true 21st-century president, using technology to improve the lives of all Americans," Genachowski said at a tech forum last week.
In the tech agenda, Obama called for net neutrality regulations for broadband carriers. "Users must be free to access content, to use applications, and to attach personal devices," he said in his tech policy.
Parents need better tools and information to control what their children see on the Internet and television, he said.
He called for greater privacy protections for all U.S. residents, including Internet users, and he said government and businesses should be held accountable for privacy violations. He wants an update of government surveillance laws that allow intelligence-gathering on U.S. citizens to be done "only under the rule of law."
Obama would also increase the Federal Trade Commission's enforcement budget and focus increased international cooperation to track down cybercriminals.
Obama also wants to make government data more available online. He would revamp a number of existing programs and create some new ones to help roll out broadband in the United States. He called for a review of wireless spectrum use in the United States and said he would "confront the entrenched Washington interests that have kept our public airwaves from being maximized for the public's interest."
He has pledged to make the research-and-development tax credit permanent. He also called for patent reform, primarily by giving the U.S. Patent and Trademark Office more resources to improve patent quality.
Former Governor Mitt Romney
Romney, a Massachusetts Republican, hasn't made many tech issues a central part of his campaign, but he has focused on U.S. competitiveness, a popular issue for many IT companies.
Romney's competitiveness initiative would seek to improve U.S. schools and at the same time cut individual and corporate tax rates. He wants to improve worker retraining programs by consolidating and streamlining numerous federal programs.
He has taken positions on a couple of other tech-related issues as well. In interviews Romney has expressed support for a permanent Internet tax ban, and he's said he supports free trade, a position echoed by many large tech vendors.
Romney has also said he would support an increase in H-1B visas for high-skilled workers.
"I like the idea of the best and brightest in the world coming here," he told the TechCrunch blog in November. "I'd rather have them come here permanently rather than come and go, but I believe our visa program is designed to help us solve gaps in our employment pool. Where there are individuals who have skills that we do not have in abundance here, I'd like to bring them here and contribute to our economy."

Where Are I.T. Budgets Increasing? The Federal Government Of Course

noreply@blogger.com (Steven Ashley) — Wed, 06 Feb 2008 02:30:00 +0000

In todays I.T. environment of shrinking budgets, it might be a good time to look around at where I.T. budgets might actually be growing and the guys at ZDNet have done at least some of our work for us, and guess what they found in the new federal budget released yesterday. There are branches within the government with big boosts in spending check out ZDNet - Parsing the federal budget: The tech highlights:

President Bush unveiled his $3.1 trillion–yes trillion–fiscal 2009 budget and there are a lot of technology highlights to go around.
Whether this budget ever gets approved anywhere near its current state remains to be seen (fiscal 2008’s budget isn’t official), but directionally there are some key highlights. Among the items that may warrant further inspection.

The National Science Foundation is recommended to receive $397 million for nanotechnology research and facilities to understand “those devices and materials with revolutionary properties.”

The budget also recommends that the NSF gets:

$1.1 billion for fundamental information technology research and cutting-edge supercomputing and networking resources, including: $100 million, an 110-percent increase, for an NSF-wide effort to develop radically new computational concepts and tools; and $30 million for a new targeted cyber-security research effort in privacy, fundamental theory, and usability.

Overall, the NSF’s 2009 budget is an estimated $6.85 billion, up from $6 billion estimated for 2008.

The Department of Veteran Affairs is getting a major IT spending bump. The VA’s IT spending was $1.2 billion in 2007 and is slated to jump to $1.98 billion in 2008. In fiscal 2009, the VA is slated for $2.44 billion.

NASA has a $1 billion fiscal 2009 budget for the Orion Crew Exploration Vehicle, a piloted spacecraft to land anywhere on the Moon. Another $1 billion is for the Ares I Crew Launch Vehicle–the rocket that will launch Orion. NASA is expected to blow $5.1 billion on operating the International Space Station and flying the Space Shuttle to the station in 2009.

The Department of Commerce budget “provides $634 million for investments in quantum and neutron research, nanotechnology, and related scientific work at the National Institute of Standards and Technology, a 20-percent increase over the 2008 enacted level, excluding earmarks and unrequested grants.”

And as previously noted, US-CERT is getting $242 million to better monitor cyberattacks.

"Work From Home" Generation Lists Good And Bad

noreply@blogger.com (Steven Ashley) — Sun, 27 Jan 2008 04:35:00 +0000

The ReadWriteWeb blog has come up with their lists of both good things and bad thinks about working at home, It's a good read for any one currently working from home or wishing they were.

It might just strike a nerve, here are the highlights, each explained in detail in their post.

The Good things About Working from Home

1. No commute
2. Flexibility
3. Saving money and the environment
4. Increased productivity

The Bad Things About Working from Home

1. Brainstorming is difficult
2. You never leave work
3. Entropy is after you

For more read, The "Work From Home" Generation - ReadWriteWeb:

For decades in American households the most dreaded morning sound was that of an alarm clock. Sometime between 6 and 7am a beep or radio music signaled that it was time to get up and head to work. But in the early 21st century two things have begun to change. First, the alarm clock is going off a little bit later. And second, instead of putting on suits and driving to work, people are heading to the basement in their pajamas and turning on their personal computers. These are the early days of the new Work From Home generation.

With the invention of modern laptops, ubiqity of broadband Internet access, and advances in communication software, there is no longer a need to be in the office. At least not everyday. Thousands of companies are rolling out work from home policies and hundreds of thousands of people are starting to take advantage of them. What are the pros and cons of working from home? In this post we take a close look, as well as discuss what lies ahead for this new, rapidly growing generation.

....

What's Next?

There are certainly challenges to working from home, but the benefits out-weigh them for many people. More companies and people are beginning to discover that working from home does more good than bad, as it introduces flexibility into people's schedule without impacting their productivity. The bottom line is that things get done and people are happier.

In terms of innovation and the technologies that are likely to evolve to help support work from home environments, there are several areas. We have previously written about basic software for virtual teams, as well as how to assemble an online office. But there is still certainly a lot of room for better tools for the at home workforce. From better brainstorming tools to video conferencing there are opportunities to innovate to make virtual collaboration smooth and painless.

And now, as always, we'd love to hear your input. Are you working from home now? If not, would you like to? What do you think are the pros and cons of working from home?

The Over 50 Worker, Is Their Room In Information Technology?

noreply@blogger.com (Steven Ashley) — Sun, 27 Jan 2008 03:46:00 +0000

I'm a big fan of Diane Stafford, and what she has to say about the value of the older worker, maybe because I'm resembling one more and more every day. The older worker has a lot to offer, especially in the information technology field, but I.T employers are more interested in the current training of employee, not their experience.

Talk a look at her post Workspace by Diane Stafford: Seeking the over-50 worker:

A couple of weeks ago I wrote a careers column for The Kansas City Star about the AARP program that lists employers deemed to be open to hiring older workers.
Judging from followup calls and e-mails, there are plenty of over-50 workers in frustrating job searches. I heard quite a bit of skepticism that the companies would actually hire them.

That may be the case, but here's my take on the list: No employer would set itself up as an older-worker-friendly company if it didn't actually intend to spend the time and money following through with considering applications fairly.

What's in it for them by saying they're open to hiring the over-50s if they're really not? They're just setting themselves to get a bucketload of resumes, and most companies, thanks to the internet, already are suffering from an excess of applicants. Why invite more, especially when they know they're appealing to a job-hunting group that feels shut out in the broad job market.

So, I'll take the list at its promised face value -- as a resource tool for the older job hunter. And I'll share the latest news about the AARP list: They've added some more employers.

Three of the new entries are federal government agencies: The Peace Corps, the Internal Revenue Service, and the U.S. Small Business Administration's Office of Disaster Relief. (Federal job openings are listed and searchable at www.usajobs.gov.)

New private-sector employers on the AARP list are: AnswerNet, Bright Horizons Family Solutions, Home Instead Senior Care, Scripps Health, Synergy HomeCare, and Vedior North America.

http://www.aarp.org/money/careers/findingajob/featuredemployers/info.html is the site for the AARP list.

Times Is Predicting a I.T. Belt Tightening This Year

noreply@blogger.com (Steven Ashley) — Sun, 27 Jan 2008 03:35:00 +0000

Well, Looks like it's Belt Tightening time again, the New York Times is reporting that Tech spending won't grow at the rate that it has the past few years, about 7% and will instead be held to a much more modest increase of about 4%.

I wonder what clued them in, perhaps last weeks global stock drop?

I personally think that as time goes on this year, the movement to cloud computing, which means massive consolidation of computing resources with make up most if not all of the missing 3%. So I for one don't believe that hard times are coming through out the industry.

Check out the story in New York Times - Belt-Tightening, but No Collapse, Is Forecast in Technology Spending:

In the consumer economy, the Main Street shopper leads the way. In the corporate economy, big technology buyers like Monte Ford will determine the arc of business spending in the coming months.

The decisions of Mr. Ford, the chief information officer of American Airlines, and his peers across corporate America matter a lot, because information technology looms so large in the modern economy. Today, purchases of computer hardware and software account for half of all capital spending by businesses.

Will falling corporate investment be the next shoe to drop on the way to a recession, or will it hold up enough to help steady the economy?

The outlook is encouraging, according to corporate technology buyers and industry analysts. There will surely be belt-tightening, and cuts may be sharp in some industries, especially the financial sector. Overall growth in technology spending may fall from 7 percent last year to 4 percent or less this year, according to estimates by IDC, a research firm.

That would be in sharp contrast to the experience of the 2001 recession, when technology spending fell 11 percent over two years in the aftermath of the dot-com collapse. During the boom years, the mentality was to spend on technology and hope for a payoff. But in recent years, corporate technology managers have been far more disciplined spenders, measuring results to prove that investments in technology really can cut costs, increase productivity and lift sales.

So the cutbacks in this downturn, analysts say, should be modest — reassuring news for the economy. “This is a reason for optimism that if there is a recession, it will be a mild one,” said Mark Zandi, chief economist at Moody’s Economy.com.

At American Airlines, a unit of AMR, Mr. Ford doubts that the current downturn could be worse for the airlines than the falloff after the 9/11 terrorist attacks — “a gigantic economic crack for our industry,” he said. The company decided then that despite cutbacks elsewhere, it would not sharply pare its technology budget. This year, he plans to spend modestly more — a few percent — than last year.

To explain, Mr. Ford points to three major costs for an airline: people, planes and fuel. “Technology remains the best lever for getting more value from all those, making your employees more productive, making better use of your fleet and increasing your fuel efficiency,” he said.

That view, Mr. Ford said, is supported by results. A fuel efficiency drive begun in 2005, including software to tailor routes, flight paths, even baggage loading, has reduced fuel consumption by an estimated 96 million gallons a year.

At Pitney Bowes, a maker of mail handling equipment and marketing services, Gregory E. Buoncontri, the chief information officer, expects his budget this year to be roughly $180 million, about the same as last year. Despite the economic slowdown, Pitney Bowes will make some targeted new investments that the senior management team has agreed are priorities to help the company become more competitive. The priority projects, Mr. Buoncontri said, include analytics programs that sort through customer data to predict promising sales opportunities and to improve customer service.

“You only want to start projects you are dead-serious about,” he said. “A downturn really heightens that discipline.”

To make room for spending on new things, managers must make cuts in the spending for basic operations. The preferred way to do that is to trim the budget for routine things like replacing personal computers, issuing employees mobile devices like BlackBerrys and putting off upgrades to new desktop software like Microsoft’s Windows Vista operating system or Office 2007 programs.

“You adopt the mentality of a small-business owner for those kinds of things — you just want to avoid writing a check,” said Jack Santos, an analyst at the Burton Group, a technology research firm.

In a survey of 300 chief information officers last month, IDC found that personal computers and mobile devices were the hardware products that would face spending cuts first, said Stephen Minton, an IDC analyst. The software products at the top of the budget-cutting list were office programs and desktop operating systems.

Microsoft this week reported strong quarterly results, led by its big desktop software businesses. But the C.I.O. survey suggests a slowdown in sales, especially in the United States, if the economy falters.

Technology spending, if managed prudently, can also deliver new abilities and productivity without more dollars, executives say. With processing speeds and storage capacity doubling every 18 months or so, each generation of technology is faster, cheaper and smaller than its predecessor.

So, according to Frank Modruson, chief information officer for Accenture, a real danger during an economic downturn is adopting a rigid austerity that saddles a company with technology that is behind the curve. Steady investment, he said, can save money fairly quickly because of the rapid pace of improvement in computing technology.

Accenture, a technology services company, spends less on technology today than it did in 2001, even though its payroll has more than doubled to 175,000 employees worldwide. “The reason we could do that is that we invested during the last downturn,” Mr. Modruson said.

Companies are likely to find that it is smart to make new investments as long as their overall technology spending is under control. In a recent survey of large companies, Gartner found that technology budgets have increased an average of 2.8 percent annually in the last three years. By contrast, spending at those companies in the three years leading up to the 2001 recession had grown 12.9 percent a year.

“Information technology spending,” said Mark McDonald, an analyst at Gartner, “is not the rich target for cuts that it was in 2001.”

The Stocks Are Falling! The Stocks Are Falling! What Can You Do?

noreply@blogger.com (Steven Ashley) — Mon, 21 Jan 2008 22:08:00 +0000

Have you seen what has been going on in the overseas stock markets today, wow, 6 to 10% drops across the board. I don't know about you but I starting to think 2008 might be a tough year everywhere, and maybe we should start looking to Recession Proof ourselves as much as possible.

So I took a quick look around and I found this at Web Worker Daily, one of my favorite sources for helpful tips. Take a look at what they had to say in Web Worker Daily - Archive 5 Ways to Recession-Proof Your Career :

We could already be suffering a recession in the U.S., and the tech industry is not immune, as potential Yahoo! layoffs show. What should you be doing now to protect yourself?

Keep building that online persona. Share who you are and what you’re about online — through a blog or other means. Raising your professional profile online is one of the best ways to attract new job and business opportunities your way. Don’t just create an online version of a resume; get active and connected online.

Create additional income streams, even if you are an employee. Or perhaps especially if you are an employee — because your salary is vulnerable to disappearing all at once, while freelancers and business owners usually have multiple clients.

How can you create additional streams of income? Find a side job as a freelancer (be careful not to break any of your employer’s noncompete policies by doing so), start an ad-supported blog, sell products online, or offer consulting services in your field of expertise. While none of these things will — at least initially — make enough money to replace a full-time-with-bennies job, they can cushion the pain of income loss while teaching you new skills and growing your professional network.

Stay aware of what the market wants. Even during a recession, jobs go begging when employers can’t find people with the right skills. Even if you’re not looking for a job or more contract work right now, subscribe to Craigslist job listing feeds using searches that match what kind of positions might interest you. You’ll keep yourself informed as to what skills you might need to add to your arsenal, what companies are hiring in your area, and whether hires in your field are trending up or down.

Invest in human capital. In other words, beef up your skills. You don’t have to spend money on classes to do so, though that might be the easiest way to learn the basics of something unfamiliar to you. You can spend your time: find an unpaid internship with training as your compensation, do volunteer work for a nonprofit, get involved in an open source effort, or start your own just-for-learning-purposes project.

Create social capital too. If you do lose your job or a major client, your next one may very well come through your online network of friends and associates. Your online social network can not only help find new opportunities just when you need them, it can also provide emotional support when you go through tough times. Not sure exactly how to go about creating social capital? Here are some tips for networking like a human.

For more tips on recession-proofing your career, see Robert Scoble’s article from December “Surviving the 2008 recession” and Penelope Trunk’s article posted today “Maybe there will be a recession. Here’s what to do just in case.”

I really hope that in a week/month/year and remember this post and think how wrong I was, but as for what I see today, I don't think so.

FOXNews.com - Personal Information Lost on 650,000 Credit Card Holders After Computer Tape Goes Missing - Science News | Science & Technology | Techno

noreply@blogger.com (Steven Ashley) — Mon, 21 Jan 2008 04:53:00 +0000

It's an Data Breach epidemic!! From Fox News, 650,000 J.C. Penney customers have their Credit records stolen. Some 150,000 records included Social Security Numbers. When will the government step up and take a proactive stance in fixing these leaks.

Check out FOXNews.com - Personal Information Lost on 650,000 Credit Card Holders After Computer Tape Goes Missing:

Personal information on about 650,000 customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing.
GE Money, which handles credit card operations for Penney and many other retailers, said Thursday night that the missing information includes Social Security numbers for about 150,000 people.

The information was on a backup computer tape that was discovered missing last October. It was being stored at a warehouse run by Iron Mountain Inc., a data storage company, and was never checked out but can't be found either, said Richard C. Jones, a spokesman for GE Money, part of General Electric Capital Corp.

Jones said there was "no indication of theft or anything of that sort," and no evidence of fraudulent activity on the accounts involved.

Iron Mountain spokesman Dan O'Neill said it would take specialized skills for someone to glean the personal data from the tape. He said the company regretted losing the tape, "but because of the volume of information we handle and the fact people are involved, we have occasionally made mistakes."

Penney said it had been told of the situation and referred further inquiries to GE Money.

Jones declined to identify the other retailers whose customers' information is missing but said "it includes many of the large retail organizations."

Jones said GE Money was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

Incidents like this add to consumer concern about fraud. The Identity Theft Resource Center says there was a six-fold increase last year in the number of records reported compromised in the United States — to 125 million.

Data breaches can stem from hacking, as well as the physical loss or theft of computers of data storage equipment.

TJX Cos., owner of the T.J. Maxx and Marshalls retail chains, reported last year that tens of millions of credit and debit card owners were exposed to fraud when hackers stole data while it was being transmitted wirelessly.

It took GE Money two months to reconstruct the missing tape and identify the people whose information was lost. Since December, the company has been notifying consumers in batches of several thousand and telling them to phone a call center set up to deal with the breach. The notification is expected to be completed next week.

Penney's card holder Elizabeth Rich of Everett, Wash., got one of the GE Money letters saying her name, address and account number may have been compromised. She was told her Social Security number was not on the tape.

The letter, signed by GE Money President Brent P. Wallace, read in part, "We have no reason to believe that anyone has accessed or misused your information. The pieces of information on the tape would not be enough to open new accounts in your name, and we have implemented internal monitoring to protect your account number from misuse due to this incident."

Wallace said in the letter that Penney "was in no way responsible for this incident."

The Penney name didn't appear on the envelope Rich received, and she thought it was a credit solicitation when she saw the GE Money return address.

"I think the average consumer has thrown away that GE Money letter because they don't know it's about J.C. Penney," Rich said. "Not everybody opens junk mail."

Rich said she canceled her Penney card immediately

Save Your Fuel System, Don't Fill Up If You See A Tanker

noreply@blogger.com (Steven Ashley) — Mon, 21 Jan 2008 03:29:00 +0000

Readers Digest has just updated their list of tips you can to do keep your car running in optimal condition and I really like Number 4,

" Don't fill up if you see the tanker

If you happen to see a gasoline tanker filling the tanks at your local gas station, come back another day or go to a different station. As the station's underground tanks are being filled, the turbulence can stir up sediment. Sediment in your gas can clog fuel filters and fuel injectors, causing poor forward to reverse repeatedly, as well as spinning tires at high speeds, can generate lots of heat and spell trouble for transmissions, clutches, and differentials. It may be cheaper in the long run to call the tow truck rather than risk big repair bills down the road. It's a good idea to carry a traction aid in the trunk, such as sand, gravel, or cat litter. performance and possibly necessitating repairs."

It makes a lot of sense, I know those tanks have to be filled with all kinds of stuff, and none of it would be good for your car's fuel system.

They have a lot more, check out Reader's Digest - 75 Tips to Keep Your Car in Top-Notch Condition: Operating Your Car

British Navy Misplaces Laptop with personal information of 600,000

noreply@blogger.com (Steven Ashley) — Mon, 21 Jan 2008 01:29:00 +0000

Looks like the Brits are picking up where they left off last year, losing the personal information of their citizens. If anything I think the British are as bad or worse that our government at carelessly disregarding the importance of maintaining security of it's citizens private information.

PC World - British Navy Loses Laptop Containing Personnel Data:

A laptop containing personal information on about 600,000 people was stolen from an officer in the Royal Navy, the U.K.'s Ministry of Defense said on Friday.
The laptop contained information about new and potential recruits to the Royal Marines, the Royal Navy and the Royal Air Force, and was stolen in Birmingham last week, the ministry said.
The stolen data includes passport details, national insurance numbers, family details and doctors' addresses for people who submitted an application to the forces, the ministry said. The laptop also contained bank details for at least 3,500 people.
"The Ministry of Defence is treating the loss of this data with the utmost seriousness," it said in a statement.
It is writing to people whose bank details were on the laptop and has notified the Association for Payment Clearing Services to watch for unauthorized access, it said.
The ministry is investigating the theft with the West Midlands Police. The laptop was stolen Jan. 10, but the ministry said it didn't disclose the incident immediately for fear of compromising the investigation. It decided to go public with the loss after media reports surfaced about it on Friday, it said.
The laptop was stolen during the night from the car of a junior Royal Navy officer, who now faces a possible court martial, according to a report in the London Times.
This is the latest in a string of data security lapses in Britain that have embarrassed the government and called into question its plan to create a central database of patient records for the National Health Service.
In November, Her Majesty's Revenue & Customs lost two CDs containing personal data on about 25 million Britons. The discs, which were encrypted and password-protected, were sent via interoffice mail and never arrived.
The following month, the Driving Standards Agency said it lost a disc containing the records of 3 million learner drivers, and soon after that the Department of Health said that nine of its regional NHS trusts had lost patient data, including medical records for about 160,000 children in East London.
Des Brown, the U.K. defense secretary, will make a statement to Parliament about the latest incident early next week, the Defense Ministry said. It did not say if the information on the Navy's laptop was encrypted or protected by password.
People who think they have been affected can send an e-mail to recruitdata@check.mod.uk from Saturday at 10 a.m. U.K. time onward, the ministry said.

Programmers Guild Discusses H-1B policy at Sloan West

noreply@blogger.com (Steven Ashley) — Mon, 21 Jan 2008 01:19:00 +0000

The Programmers Guild gave a presentation at Sloan West Coast Program, outlining the industry problems directly traceable to the countries current H-1B policy. I have noted my beliefs here repeatedly and have talked about how dangerous the current policies are to both our profession and our country. I applaud Kim Berry and the Programmer's Guild for attempting to raise awareness of this very important topic, I only wish had been in attendance to provide my support.

Check out Norm Matloff's newsletter:

Kim Berry of the Programmer's Guild gave a really outstanding talk. I had seen his slides earlier, and they were fine, but his delivery greatly enhanced the content. Here was a real victim, speaking calmly yet with contained anger at the fact that all our respected institutions--both major political parties, the business community and academia--are complicit in maintaining that sham known as H-1B. His account of hiring decision meetings in which he participated, in which qualified American applicants were repeatedly rejected in favor of H-1Bs, ought to have been videotaped; his speech would have been just as effective the Cohen & Grigsby "TubeGate" videos.

In summary their presentation made these points and suggestions concerning the H-1B policy:

True prevailing wage of at least what average Americans earn within the same job classifications.
H-1b and L-1 LCAs only approved after the employer has conducted good faith, transparent recruitment, and was unable to find any qualified U.S. candidates, at any price.
H-1b only granted to U.S. business entities with as direct hires - not to consulting firms (Indian or otherwise) to be re-shopped against American job seekers.
H-1b to include a $1,200 annual fee that would be used to fund $15,000 scholarships for American college students in STEM programs - consistent with legislation that Senator Sanders has introduced twice.

7 Rules For Avoiding Online Data Breaches

noreply@blogger.com (Steven Ashley) — Mon, 14 Jan 2008 01:34:00 +0000

I spend a lot of time detailing the failings of the Information Technology Industry including to today's entry on potential problems at the TSA and not nearly enough discussing how to avoid falling into the Breach so to speak. Thanks to eWeek for giving me a chance to hop on their bandwagon by posting their 7 ways to avoid being the data breach. So please take the time and read eWeek - How to Avoid the Next Data Breach:

1. Have a viable, up-to-date security policy: Make sure your security policy takes into account what data assets need protecting, the threat landscape and the potential consequences of a breach. Have procedures in place for quick response so that if the worst happens, the organization can react rapidly and minimize damage. Too many companies have policies that address yesterday's threats, or ones that are up to date but are hidden from the employees who should know them by heart. Communicate your policy to employees, and revise it periodically.
2. Know your sensitive data and safeguard it: Determine where your sensitive data assets are – by "sensitive", we mean data that if stolen or exposed would cause serious damage to the business, its employees, shareholders, customers or partners. Control access to this data, preventing unauthorized copying, printing and backups. When reading about lost laptops with sensitive data (encrypted or not), one often wonders what such data was doing on a laptop in the first place – start there.
3. Apply the least privilege principle: Give users and applications the minimum required access, especially as regards sensitive data. Do not grant privileges based on future needs but current ones, and regularly review existing privileges and revoke the ones that are no longer required. In today's enterprise, with so many consultants, outsourced developers and partners gaining access to internal systems, it is easy to disregard just how many external elements have access to systems for which they no longer need it.
4. Encrypt data in motion: Choose the right solution for your environment, using strong encryption standards and algorithms, coupled with authentication and key exchange mechanisms that make sense. There are no "one size fits all", and a heterogeneous environment may require the use of various standards including IPSec, WPA2, SSL and SSH. TJX, for example, used weak encryption (WEP) on its point-of-sale WiFi devices, giving criminals the opening through which they began stealing credit card numbers.
5. Encrypt data at rest: When done right, this ensures that only those who need to see sensitive data see it. However, it is important to choose the right kind of encryption and do it judiciously, covering only sensitive data. Key management is crucial, because if encryption keys are distributed to too many users, applications and devices, it will render itself useless in terms of security.
6. Monitor database activity: Nowhere would you find more useful sensitive data than in enterprise databases, yet most enterprises have zero visibility into who is doing what in the database. Real-time monitoring and auditing gives you the ability to enforce usage policy and provides an additional and necessary layer of security in the place most likely to be the source of a major breach. Apply automatic prevention where appropriate (e.g., obvious SQL injection attacks). The hackers that pilfered almost 100 million credit card records from TJX could not have done so without unfettered access to the database – monitoring would have certainly caught this early on. It is not for naught that database activity monitoring is considered a premier "compensating control" in PCI DSS, being a viable alternative to encryption.
7. Regularly check and harden configuration of components: Use automated tools to find bad configurations, weak passwords and vendor defaults in databases, application servers, routers and other devices. For example, a certain system has a default privileged user account that comes with the password "change_on_install", which of course needs to be changed after installation but sometimes is not. A surprising number of breaches are due to weak passwords – those are practically "X marks the spot" signs for potential intruders.

2008 will be year that either the industry and government really get serious about solving this growing problem or the data breaches will become so bad that the public will force their action on the problem. It pays to be proactive and take eWeek's seven suggestions to heart.

Security Still A Problem At TSA (Transportation Security Administration) Per House Oversight Committee

noreply@blogger.com (Steven Ashley) — Mon, 14 Jan 2008 01:31:00 +0000

Doesn't look like much has changed over at the TSA. Thats right the people that are resposible for keeping us save and secure on our airline flights are doing a rotten job keeping our identities secure online.

Less than a year ago the TSA lost a hard drive with names, Social Security numbers, salary information, and other personal information for 100,000 TSA employees. And their bosses, the DHS has also suffered serious security breaches over the past year.

Now in a House Oversight and Government Reform Committee report issued Friday, the TSA traveler redress web site was found to have numberous security flaws which exposed it's users while attempting to get removed from TSA watch lists to potential identity theft. So if you are on their list mistakenly and you try to get off, by using their website, then the bad guys can potentially get your personal information so they can use it, and then you really should be watched. How ironic.

Check out more one the story at Arstechnica.com - TSA security flaws exposed users to risk of identity theft:

The chairman of the House Oversight and Government Reform Committee published a report Friday with details about the committee's investigation into security flaws found in the Transportation Security Administration's (TSA) traveler redress web site. TSA is a division of the Department of Homeland Security (DHS) and is responsible for baggage inspection and airport security. The site—which enables travelers to seek removal from airline watch lists by providing personal identification information—operated for four months before the vulnerabilities were detected.
The web site was hosted on a commercial domain by a contractor and did not use SSL encryption for submission forms that transmit sensitive identification information. The few pages of the site that did use SSL used an expired certificate that had been self-signed by the contractor. The lack of proper encryption was brought to the attention of TSA last year by security researcher Chris Soghoian, who noted that such "major incompetence" could have been avoided by basic oversight.
"At the request of Chairman Henry Waxman, Committee staff have been investigating how TSA could have launched a web site that violated basic operating standards of web security and failed to protect travelers' sensitive personal information," says the report summary. "These deficiencies exposed thousands of American travelers to potential identity theft."

According to the report, the TSA was completely unaware of the security issues while the site was in operation. During that time, thousands of travelers submitted personal information through the website and a TSA administrator claimed in congressional testimony that the agency had assured "the privacy of users and the security of the system."

The web site was created by Desyne Web Services, a web marketing firm from northern Virginia whose clientèle includes the FBI, USA Today, and George Foreman. TSA awarded Desyne a no-bid contract valued at $48,816 for development of the redress system. According to the report, the Request for Quote (RFQ) issued by TSA prior to making the deal stated that Desyne was "the only vendor that could meet the program requirements." The report notes that Nicholas Panuzio, the TSA employee and technical lead who authored the RFQ, had previously worked for Desyne and had known the owner of the web design company since high school—a serious conflict of interest.

Following the revelation of security vulnerabilities in the system, TSA transferred the site to a Department of Homeland (DHS) Security domain and notified users who submitted information through the unencrypted form that they had been exposed to risk of identity theft. The committee's report notes, however, that TSA never reprimanded Panuzio or imposed sanctions on Desyne. In fact, the report says that Desyne continues to operate several major TSA web sites and has received over $500,000 of no-bid contracts web services from TSA and DHS.

This isn't the first time that TSA has gotten itself into trouble for exposing sensitive identification information. Last year, the agency lost a hard drive with names, Social Security numbers, salary information, and bank routing numbers for 100,000 TSA employees, including air marshals. The DHS has also suffered serious security breaches in the past year.

As we have noted in the past, the TSA terror watch list has very little efficacy and may actually contribute to security problems. The creation of the TSA redress system was precipitated in the first place by a study conducted by the Government Accountability Office (GAO) which found that approximately half of the individuals on the watch lists were false positives. The GAO has also reported ongoing problems with people on the no-fly list accidentally being permitted to fly. Additionally, TSA reported last year that screeners missed approximately 75 percent of simulated explosives and bomb components that testers hid in their clothing and carry-on bags at Los Angeles International Airport during a review of airport security procedures.

In light of TSA's steady litany of serious failures, perhaps it's time for Congress to reconsider the agency's role in airport security.

I have to agree, it our own security agencies can't manage to keep our information save then we either need to radically change the agencies internal policies or eliminate their role from our lives.

Massive SQL-based Web Attack Last Weekend On SQL Server based Websites

noreply@blogger.com (Steven Ashley) — Wed, 09 Jan 2008 21:42:00 +0000

In what has to be one of the largest SQL based Web attacks on record, last weekend Google says over 70,000 domains were affected by a massive attack. This time it wasn't Oracle that was affected it was Microsoft SQL and IIS that were hacked. And here I was giving Oracle grief for not patching their errors, guess I should have been looking toward Microsoft instead.

Using a MDAC vulnerably that was supposed to have been patched in September of 2006 they used SQL injection to infect the sites. For those unfamiliar with SQL injection, the hackers insert SQL commands in what the website thinks is data, and instead of performing its normal processes, the hacked server performs the hackers inserted SQL commands.

Check out what CNET has to say in Massive SQL-based Web attack decoded:

On Wednesday, the SANS Internet Storm Center and others published details about the massive SQL-based Web attack that occurred over the weekend. The attack, says SANS, is similar to a smaller SQL-injection attack seen last November. At least 70,000 sites were compromised in short period of time, leading some speculate this was an automated attack..
From logs files, the attack code appears to exploit a variety of SQL injection vulnerabilities existing on Web sites using Microsoft SQL or Microsoft IIS. On the vulnerable sites, malicous javascript is injected into all varchar and text fields in the SQL database such that when a visitor hits the site, their browsers, if vulnerable, are then redirected to another domain--in this case, us8010.com.
Roger Thompson, chief research officer at Grisoft, identified one exploits served at the malicious server as taking advantage of MS06-014, a MDAC vulnerability that Microsoft patched in September 2006. He also noted that "this domain uc8010(dot)com was registered just a few days ago (Dec 28), and yet, at one point Google showed script injections pointing to it were showing up on over 70k domains." Yet by January 5, 2008, most of these domains had already been cleaned.

Has Sony Just Ended The DRM War?

noreply@blogger.com (Steven Ashley) — Tue, 08 Jan 2008 01:04:00 +0000

The last holdout in the DRM war between Record Companies and Consumers may have just thrown in the towel and began selling DRM free music, even if they are making you go to a record store to buy it. Techcrunch is reporting in their blog post that starting mid month, you will be able to buy a “Platinum Music Pass” for the album you want and then redeem the pass for DRM free music on a internet website.

I'll bet that the in store requirement is just a face saving move that will fade within a month or two, and then all the major recording companies will be offering DRM free music over the internet, and no doubt where the recording companies go today the movie studios will follow soon after.

I for one won't miss looking over my shoulder when playing my MP3's on my Smart Phone. DRM was a bad idea when it started and will remain a bad idea in the future.

Check out what Techcrunch has to say in Sony BMG Confirms DRM Free Music, But Will Force Customers to Visit A Store To Buy It:

As we reported January 4, Sony BMG will become the last of the big four record companies to sell DRM free music, but with one very stupid catch. DRM free music from Sony BMG will be available from January 15 to those who purchase a plastic card called the “Platinum Music Pass” for the album they want from a retail store for $12.99. Buyers will then have to visit MusicPass.com and enter a code to download the DRM free album they selected in the store.

According to a USA Today report, Best Buy, Target and Fred’s will be first stores to offer the cards, with Winn-Dixie, Coconuts, FYE, Spec’s and Wherehouse to follow.

When we first wrote about Sony BMG offering DRM free music we were positive on the move, and it still is a step forward, but forcing customers who want to buy digital music into a physical store where they will be forced to pick the album then and there, then go home to download it…WTF?. It’s nearly like Sony BMG is setting this up to fail, so they can then go back to only selling DRM infested music whilst saying that there wasn’t demand for DRM free music because this experiment failed.

What is Scrum and Why Would I Want To Implement It?

noreply@blogger.com (Steven Ashley) — Tue, 08 Jan 2008 00:46:00 +0000

If you ever wondered what all the buzz about agile programming is about I recommend that you take some time and take a look at All About Agile's post "How to implement Scrum in 10 easy steps." Scrum is one of Agile programmings more popular methodologies, and Kelly has done a fine job of explaining just what you need do to to get started and best of all it done in a clear and easy to understand style.

So if your wishing that your development team was more efficient take the time to read and consider All About Agile: How to implement Scrum in 10 easy steps:

When I first encountered agile software development, I found it hard to understand. Okay, I might not be the brightest person you've ever met! But I'm not stupid either, I think :-)

There's a myriad of different approaches, principles, methods and terms, all of which are characterised as 'Agile'. And from my perspective, all this 'noise' makes agile development sound far harder, far more scientic, and far more confusing than it really needs to be.

For this reason, I favour the Scrum methodology. Admittedly there's a bit of jargon to learn. But otherwise Scrum provides what is fundamentally a very simple way of managing software development more effectively.

Sure, it's great to have a deep understanding of the underlying values and principles of agile development.

Sure, it's great to have a thorough understanding of why Scrum works.

Sure, it's great to know lots of case studies where Scrum has been applied and try to relate them to your own individual situation.

But, fundamentally, I believe you can implement Scrum without all this knowledge. And still find many benefits and have a very positive experience of agile development.

In these 10 posts, I outline specifically how to implement Scrum in 10 easy steps:

- Step #1: Get your backlog in order!
- Step #2: How to estimate your product backlog
- Step #3: Sprint Planning/clarify requirements
- Step #4: Sprint Planning/estimate tasks
- Step #5: Create a collaborative workspace
- Step #6: Sprint!
- Step #7: Stand up and be counted!
- Step #8: Track progress with a daily burndown chart
- Step #9: Finish when you said you would
- Step #10: Review, reflect, repeat...

See also:
'Implementing Scrum' PowerPoint Presentation
10 Key Principles of Agile Software Development

Nicholas Carr Agrees, The IT Department Is On It's Way Out

noreply@blogger.com (Steven Ashley) — Mon, 07 Jan 2008 22:59:00 +0000

I have long lamented about the future of American I.T. professionals, with the rise of the H-1B imports, the outsourcing our jobs overseas and the rise of cloud computing. Now author Nicholas Carr predicts a similar fate in his new book, The Big Switch: Rewiring the World from Edison to Google.

The book makes a case for the continued commoditization of the I.T. environment, first with outsourcing menial tasks, then entire projects, in the future he sees entire I.T. departments becoming part of the I.T. cloud.

Take a look at what Network World has to say about Nicholas Carr and his latest book in Network World - The IT department is dead:

The IT department is dead, and it is a shift to utility computing that will kill this corporate career path. So predicts Nicholas Carr in his new book, The Big Switch: Rewiring the World from Edison to Google.

Carr is best known for a provocative Harvard Business Review article entitled "Does IT Matter?" Published in 2003, the article asserted that IT investments didn't provide companies with strategic advantages because when one company adopted a new technology, its competitors did the same.

The Harvard Business Review article made Carr the sworn enemy of hardware and software vendors including Microsoft, Intel and HP, as well as of CIOs and other IT professionals.

With his new book, Carr is likely to engender even more wrath among CIOs and other IT pros.

"In the long run, the IT department is unlikely to survive, at least not in its familiar form," Carr writes. "It will have little left to do once the bulk of business computing shifts out of private data centers and into the cloud. Business units and even individual employees will be able to control the processing of information directly, without the need for legions of technical people."
Carr's rationale is that utility computing companies will replace corporate IT departments much as electric utilities replaced company-run power plants in the early 1900s.

Carr explains that factory owners originally operated their own power plants. But as electric utilities became more reliable and offered better economies of scale, companies stopped running their own electric generators and instead outsourced that critical function to electric utilities.

Carr predicts that the same shift will happen with utility computing. He admits that utility computing companies need to make improvements in security, reliability and efficiency. But he argues that the Internet, combined with computer hardware and software that has become commoditized, will enable the utility computing model to replace today’s client/server model.

"It has always been understood that, in theory, computing power, like electric power, could be provided over a grid from large-scale utilities — and that such centralized dynamos would be able to operate much more efficiently and flexibly than scattered, private data centers," Carr writes.

Carr cites several drivers for the move to utility computing. One is that computers, storage systems, networking gear and most widely used applications have become commodities.

He says even IT professionals are indistinguishable from one company to the next. "Most perform routine maintenance chores — exactly the same tasks that their counterparts in other companies carry out," he says.

Carr points out that most data centers have excess capacity, with utilization ranging from 25% to 50%. Another driver to utility computing is the huge amount of electricity consumed by data centers, which can use 100 times more energy than other commercial office buildings.

"The replication of tens of thousands of independent data centers, all using similar hardware, running similar software, and employing similar kinds of workers, has imposed severe economic penalties on the economy," he writes. "It has led to the overbuilding of IT assets in every sector of the economy, dampening the productivity gains that can spring from computer automation."

Carr embraces Google as the leader in utility computing. He says Google runs the largest and most sophisticated data centers on the planet, and is using them to provide services such as Google Apps that compete directly with traditional client/server software from vendors such as Microsoft.

"If companies can rely on central stations like Google's to fulfill all or most of their computing requirements, they'll be able to slash the money they spend on their own hardware and software — and all the dollars saved are ones that would have gone into the coffers of Microsoft and the other tech giants," Carr says.

Other IT companies that Carr highlights in the book for their innovative approaches to utility computing are: Salesforce.com, which provides CRM software as a service; Amazon, which offers utility computing services called Simple Storage Solution (S3) and Elastic Compute Cloud (EC2) with its excess capacity; Savvis, which is a leader in automating the deployment of IT;
and 3Tera, which sells a software program called AppLogic that automates the creation and management of complex corporate systems.

Carr points out that many leading software and hardware companies — Microsoft, Oracle, SAP, IBM, HP, Sun and EMC — are adapting their client/server products to the utility age.

"Some of the old-line companies will succeed in making the switch to the new model of computing; others will fail," Carr writes. "But all of them would be wise to study the examples of General Electric and Westinghouse. A hundred years ago, both these companies were making a lot of money selling electricity-production components and systems to individual companies. That business disappeared as big utilities took over electricity supply. But GE and Westinghouse were able to reinvent themselves."

Carr offers a grimmer future for IT professionals. He envisions a utility computing era where "managing an entire corporate computing operation would require just one person sitting at a PC and issuing simple commands over the Internet to a distant utility."

He not only refers to the demise of the PC, which he says will be a museum piece in 20 years, but to the demise of the software programmer, whose time has come to an end.

Carr gives several examples of successful Internet companies including YouTube, Craigslist, Skype and Plenty of Fish that run their operations with minimal IT professionals. YouTube had just 60 employees when it was bought by Google in 2006 for $1.65 billion. Craigslist has a staff of 22 to run a Web site with billions of pages of content. Internet telephony vendor Skype supports 53 million customers with only 200 employees. Meanwhile, Internet dating site Plenty of Fish is a one-man shop.

"Given the economic advantages of online firms — advantages that will grow as the maturation of utility computing drives the costs of data processing and communication even lower —traditional firms may have no choice but to refashion their own businesses along similar lines, firing many millions of employees in the process," Carr says.

IT professionals aren't the only ones to suffer demise in Carr's eyes. He saves his most dire predictions for the fate of journalists.

"As user-generated content continues to be commercialized, it seems likely that the largest threat posed by social production won't be to big corporations but to individual professionals — to the journalists, editors, photographers, researchers, analysts, librarians and other information workers who can be replaced by . . . people not on the payroll."

Carr's argument about the future of utility computing is logical and well written. He offers a solid comparison between the evolution of electrical utilities in the early 1900s and the development of utility computing that's happening today.

Carr's later chapters — about the future of artificial intelligence and the many downsides of the Internet — seem less integral to his utility computing argument. And his discussion of Google's vision of a direct link between the brain and the Internet seems far-fetched.

Nonetheless, The Big Switch is a recommended read for any up-and-coming IT professional looking to make a career out of providing computing services to corporations. If Carr's predictions come true, strong technical skills will still be valued by service providers.

I really hate it when I right and I have little doubt that both my and Nicholas Carr predictions will be proven for the most part correct over time. Take the time to read his book and see if you don't agree. If Congress will wake up and recognize the value of a strong I.T. industry to this countries future security and position in the world, there is still time to reverse the trends seen in his book and predicted here in this blog..

More than 120 million affected by data security problems in 2007

noreply@blogger.com (Steven Ashley) — Thu, 03 Jan 2008 04:09:00 +0000

I blogged about this incessantly during the last year but it looks like the final toll of personal data breechs for 2007 exceeded an unbelievable 120 million records. Nearly 10 times as many as was reported in 2006 , but as data has continued to be concentrated and made available online, little has been done to force the industry to face the growing problem so I have little doubt that this years total will exceed even last years.

But at least someone besides myself is noticing, lets hope they have more success pointing out the problem than I have. Check out PC World - Leaks of Personal Data Swell to a Deluge: "

More than 120 million people in the U.S. had personal data exposed in 2007 as identity theft reached record heights. That's according to research from the nonprofit organization the Identity Theft Resource Center (ITRC) which reported 446 separate breaches exposing 128 million records.
The data shows a more-than sixfold increase over its 2006 figures, when 312 incidents were recorded, involving more than 19 million individuals.
Another group, Attrition.org, shows 319 personal information data loss incidents in 2007 in its database, both in the U.S. and other countries.
Criminals can fraudulently use other another person's identity data to buy goods, take out loans, take money from savings accounts, and hire cars. That person has to recover from the loss and endure badgering by debt-recovery organizations and bailiffs.
British Incidents Increase
The U.K. also grappled with numerous incidents of personal data loss, leaving millions vulnerable to potential identity theft. U.K. government agencies alone lost over 28 million people's identity data in 2007. Additional medical data records were lost due to NHS errors. Among the most infamous incidents in 2007 were:
- HMRC and Standard Life - 15,000 records exposed
- HMRC child benefit database - 25 million records lost
- HMRC and Countrywide Assured - 6,500 records leaked
- Northern Ireland Driving Agency - 6,500 records exposed
- Driving Standards Agency - 3 million records lost.
Credit Agencies Note Fraud
The number of new identity fraud victims contacting credit reference checking agency Experian continues to grow: 2,570 victims of identity fraud contacted it for assistance in the first half of 2007; a 68 percent year-on-year increase.
Helen Lord, Experian's fraud and regulatory compliance director at Experian, said: "The rate of identity fraud growth continues to be scary."
Identity theft criminals are being caught and punished. However, ITRC founder, Linda Foley, herself an identity theft victim, said: "Identity theft is like the never-ending story. It acts like an oil spill that spreads in yet another direction with the ocean currents and wind despite best efforts to contain it."

Workplace of the Future? IBM's Virtual World is one possiblity.

noreply@blogger.com (Steven Ashley) — Fri, 21 Dec 2007 19:55:00 +0000

I know its been tried before, I participated in a similar experiment in the early 90's while working for AT&T with limited success. Now IBM is taking a stab at designing the work place of the future, in it workers from all over the world would meet and interact in a Virtual Environment similar to Second Life, called the Metaverse but with the security features that IBM expects already in place.

This time communications may have advanced enough to actually pull it off. The primary complaints of Telecommuting experiments in the past is that managers cannot verify that their charges are actually on the job. A Virtual Environment solves the problem because the managers will see their charges at work in the virtual environment, or at least a virtual representation of their charges.

If this type of work environment were to take hold, the only limitation a Virtually Enabled company employee would be high speed network access and a suitable PC. Think of the savings in time, office space and last but not least travel expenses, not a minimal amount given oil hitting $100 a barrel these days.

I hope their experiment or another similar experiment solves the Virtual Worker problem once and for all, and we'll all be able to live and work where we really want to in the near future.

For more on IBM's Virtual World experiment check out PC World - Business Center: IBM Virtual World Defies Laws of Physics:

IBM's uptight, starched-shirt image has survived for many decades, but the stereotype may finally meet its demise at the hands of a giant boulder and a meeting room up in the sky.
IBM is building a virtual world to help its employees collaborate, and while it's not the first big technology company to do so, Big Blue may be unusual in that it decided not to mess with those silly laws of physics in its own virtual environment.
"Why do we need walls and ceilings to do a meeting?" asks Michael Ackerbauer of IBM, who is building the company's virtual world, called the Metaverse. "We've had meetings under water and up in the air. Meetings are where you want them to be."
There have been some mixed reactions to the unconventional model, Ackerbauer admits.
"Some are saying 'wow, this is great, I'm ready to go.' Others are scratching their heads," he says.
Ackerbauer described the Metaverse project this week at Big Blue's Manhattan offices, where IBM CIO Mark Hennessy was meeting with analysts and journalists to show off a range of technologies IBM uses to help its employees collaborate.
IBM's two-year-old Metaverse project is in its early stages and it's not clear just how extensively it will be used throughout the company, which has 372,000 employees worldwide. While a small subset of IBMers do real work in the Metaverse, some of Ackerbauer's initiatives are simply experiments to see what's possible.
That's where the giant boulder comes in. The greenish rock is several times the height of the virtual world's human inhabitants, who gather around the boulder like office workers chatting by a water cooler.
"You can kick this boulder about 1,400 kilometers," Ackerbauer says. "We're just coming up with goofy games on the fly. Let's see how far we can kick it ... what would it be like in zero gravity?"
Something useful will come out of this, Ackerbauer believes. If a few people from different countries gather around the boulder, they're more likely to work together in the future, he says.
"There's business value to making work fun and making them want to come in every day," he says.
Ackerbauer and his team of 10 employees have learned both from massively multiplayer online games as well as Second Life. IBM interacts with customers in Second Life already, and owns plenty of virtual Second Life real estate.

IOPES the Free Smart E-Mail Search Tool, Including Fuzzy Searches Available From IBM

noreply@blogger.com (Steven Ashley) — Fri, 21 Dec 2007 19:18:00 +0000

For all of you who use your email systems as Personal Information repositories (databases) and I'm one of them, but miss the ability to really miss the ability to quick search them for life's important facts, that you could do it they were a real database, guess what, IBM has launched a Smart E-Mail Search Tool designed to do just that, quickly search your email repository for just what your looking for. In fact in case you not quite sure what your looking for, it even does fuzzy searches and best of all its FREE. Initially developed for Lotus Notes, there is a plug-in for Microsoft Outlook as well. I wonder if I can get them to write one for Thunderbird as well.

Any way take a look at PC World - IBM Launches Free E-Mail Search Tool:

IBM has launched an email search engine that does fuzzy searches. IBM said it used "advanced algorithms that can interpret incomplete queries and find information such as phone numbers, people, meetings, presentations, documents, images and more."
The idea, according to Big Blue, is to help people find information in their Lotus Notes email databases by identifying the most relevant information in a search query and extrapolating what the user is trying to find. There is also a plug-in for Microsoft Outlook.
It's free, is called IBM OmniFind Personal Email Search (IOPES), and emanates from the company's research labs. According to IBM, it can find information such as a person's phone number even if the email database does not have the words "phone" and "number" in the text. IOPES also allows users to create, save and share personalized searches for future use.
The company reckoned that the tool improves on standard search tools because you don't get irrelevant search results as with a simple text or keyword search. Common search concepts, such as dates, times and phone numbers, are built into the software; additional search parameters, such as meeting requests or specific locations, can be defined and used on the fly without any programming expertise. Such user-defined concepts can be shared between individuals and used to build a more personalized search system, said IBM.
IOPES was created through a collaborative effort spanning IBM labs in Almaden in California, Haifa and Delhi. The software uses the Unstructured Information Management Architecture (UIMA), an open source software framework that helps organizations build new analysis technologies to realize more value from their unstructured information by discovering relationships, identifying patterns, and predicting outcomes.
Originally developed by IBM, UIMA is now an open source project at the Apache Software Foundation (ASF), according to IBM. The company claimed that UIMA was used to enable text analysis, extraction and concept search capabilities in other parts of the IBM OmniFind enterprise search portfolio, including OmniFind Enterprise Edition, OmniFind Analytics Edition, and OmniFind Yahoo! Edition.
"With gigabytes of email storage readily available to nearly everyone, email has evolved from a simple communication tool into a personal database where we retain vast amounts of valuable information," said Lotus distinguished engineer and chief technology officer Douglas Wilson. "We continue to deliver better tools to speed and improve personal mailbox search, and OmniFind Personal Email Search illustrates how IBM's advanced technology delivers the ability to quickly and easily access the precise information we need, exactly when we need it."
Prior to release on alphaWorks, IOPES was tested inside IBM by early adopters who participate in the company's internal technology adoption program, reckoned IBM. AlphaWorks opens up some of the work being done by IBM labs and provides it free.

One by One my excuses for being unorganized are bitting the dust, looks like 2008 might be the year I actually become organized.

Has Artificial Intelligence Arrived? Russians Claim Smart Chatroom Bot

noreply@blogger.com (Steven Ashley) — Fri, 14 Dec 2007 05:54:00 +0000

If as some have theorized the criteria for achieving Artificial Intelligence is creating a program significantly sophisticated enough to be able to converse with humans without the humans being able to distinguish between it and other humans, then that day may have arrived.

I4UNews is reporting that a Russian website says it has a software tool designed to troll online chat forums and posing as a man collect personal information from unexpecting women including names, and phone numbers. They claim that it can chat with up to 10 different women at a time.

While the claims sound fantastic, PC Tools who previewed the software, has warned that the software could be used to harvest personal details online for nefarious uses.

Whether or not the claims are true will become clear when the software goes on sale around February 15.

To find out more, check out I4U News - Russian Computer Program fakes Chatroom Flirting

So before you give out personal information to someone in a chat room, think twice, you might be talking to a nefarious bot.