Monday, 31 January 2005

How do you save a few bucks on McDonald's drive-through staff in Oregon?

Outsource them. To North Dakota. Click for more...


Add/Read: Comments [5]
Random Stuff | Things that Suck
Monday, 31 January 2005 17:34:30 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 30 January 2005

An "open letter" to Microsoft...

Once again, commenters everywhere are espousing opinions on Microsoft's latest statements regarding the company's plans to disallow updates for pirated copies of Windows (and other software).

We all know taking that position results in one primary problem: Unpatched computers get infected or overrun and then bombard computers of others - making victims of people with valid, paid-for copies of Windows.

I understand Microsoft's position, I disagree with it, and I have a solution.

Patch the pirated computers, "update" the pirated computer's firewall to control two-way traffic, then turn that firewall on. Turn it on all the way. Like as in "nothing-in, nothing-out." Stop all the network traffic on those machines. And put "PIRATED" in all four corners of the screen, like you do with Safe Mode. Heck, for that matter, only allow users to boot into safe mode if it's pirated.

Of course, you could leave open connections to, say, a Microsoft site where people could be allowed something like, oh maybe 30 days to register their software. Give 'em a reduced registration rate maybe. Or maybe not. That's up to you.

Seriously - A significant portion of my job is protecting my company from all those unpatched and out-of-date computers. My time is valuable, and so is the time of many others like me. The ball belongs in your court - Where thousands of people have to spend hours and hours defending networks, you can fix it for all of us in one fell-swoop.

Microsoft's failure to patch problem computers makes for a less-secure Internet. It makes for higher operating costs for my company. It means I am focusing my time on things I need not deal with. It means I'm not focused on more important things that deserve my individual time.

Revenues are important, sure, but so are your customers, and so is wide area network security. This is the one area where revenues might just need to take a back seat. Think about it. Do the right thing.

Drastic? Sure, but healthier than leaving security holes all over the planet.

By not helping your enemies, you hurt your friends. You can't win, but you can make sure the people who are already on your side are taken care of.

Patch that software. Then get 'em with the firewall. Do it. We need you.

And thanks for listening.


P.S. - Is this a little tongue in cheek? Sure it is, somewhat. The idea is to discuss all the options and possibilities, and I think people need to talk more about the option of making it harder for software thiefs, regardless of the PR impact. Talking about it and actually doing it are two very different things, and often useful ideas come out of the conversations about the "fringe" options.

Already several emails and opinions are coming in (keep 'em coming, and you can also use the comments link below), so let me point out a few things...

  • First, I don't think Microsoft is "evil" - and that was not my point. Not even close.
  • Second, I know automatic updates would still work for pirated software under the proposed plan. That's not my concern - apparently there are some idiots who steal software that just don't have the brains or desire to turn it on, for whatever reasons.
  • Third, I'm not freaking out over something that hasn't happened yet. Rather, I am thinking about and commenting on something that's being discussed and in which I have professional interest and experience. Part of my experience is that if you offer opinions before Microsoft takes action, you're more likely to have your opinion count for something, however small. Come to think of it, that's more about the way the world works in general than it is about Microsoft...
  • Fourth, my thoughts are more about Microsoft asserting itself from both the "security-custodian" and "software-seller" roles. Two statements (drastic ones, granted) in one brush stroke.

Mitch Wagner at Security Pipeline has his own opinions on the matter, too. See what other people are writing about the subject with Feedster.

Interesting conversation. What do you think?

Add/Read: Comments [5]
IT Security | Tech
Sunday, 30 January 2005 23:15:50 (Pacific Standard Time, UTC-08:00)
#  Trackback

Joe Stagner, a Developer Community Champion at Microsoft, will be presenting a series of two webcasts per month, starting this week and running through May on the general topic of designing and writing secure applications.

Dubbed the "Digital Blackbelt Series," the webcasts will cover these topics:

MSDN Webcast: Digital Blackbelt Series: Building an Intentionally Secure Development Process (Level 200)
Friday, February 18, 2005
11:00 A.M.–12:00 P.M. Pacific Time, United States and Canada (UTC-8)

MSDN Webcast: Digital Blackbelt Series: Developer Security Principals and Guidelines (Level 200)
Friday, March 4, 2005
11:00 A.M.–12:00 P.M. Pacific Time, United States and Canada (UTC-8)

MSDN Webcast: Digital Blackbelt Series: Protecting Secret Data (Connection Strings, Passwords, etc.) (Level 200)
Friday, March 18, 2005
11:00 A.M.–12:00 P.M. Pacific Time, United States and Canada (UTC-8)

MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 1 of 2): The SQL Injection Attack in Detail (Level 300)
Friday, April 8, 2005
11:00 A.M.–12:30 P.M. Pacific Time, United States and Canada (UTC-7)

MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 2 of 2): Making the Right Design Choices (Level 300)
Friday, April 22, 2005
11:00 A.M.–12:00 P.M. Pacific Time, United States and Canada (UTC-7)

MSDN Webcast: Digital Blackbelt Series: Beating the Hacker: Don't Let Them Steal Your Code (Level 200)
Friday, May 6, 2005
11:00 A.M.–12:00 P.M. Pacific Time, United States and Canada (UTC-7)

MSDN Webcast: Digital Blackbelt Series: Social Engineering and Mitigating System Vulnerability (Level 200)
Friday, May 20, 2005
11:00 A.M.–12:00 P.M. Pacific Time, United States and Canada (UTC-7)

Add/Read: Comments [0]
IT Security | Tech
Sunday, 30 January 2005 22:22:51 (Pacific Standard Time, UTC-08:00)
#  Trackback

Today was a real win for - and by - the people of Iraq. Today was a great day.

Read reports direct from Iraq here, and see more photos here.


Atheer Almudhafer, from Falls Church, Va., gives the Iraqi sign of victory after casting his absentee ballot at the New Carrollton, Md., voting station, Jan. 28, 2005. His finger is marked with indelible blue ink, intended to prevent double voting. "I give the sign of peace and voting. Together it is victory," Almudhafer said. Defense Dept. photo by Tech. Sgt. Cherie A. Thurlby, U.S. Air Force.


Add/Read: Comments [0]
Random Stuff
Sunday, 30 January 2005 16:39:56 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 29 January 2005

Microsoft has opened up the Office document formats and made them available for the world to see.

The Schemas provide developers and representatives of business and government a standard way to store and exchange data stored in documents. The download contains documentation on a number of XML schemas for Microsoft® Office 2003 Editions including:

  • Microsoft Office Word 2003
  • Microsoft Office Excel 2003
  • Microsoft Office InfoPath® 2003
  • and Microsoft Office Visio® 2003

It also includes schema information for:

  • Microsoft Office OneNote® 2003
  • Microsoft Office Project 2003
  • and Microsoft Office Research Services

Download the schemas and documentation and read the Office 2003 XML Reference Schemas Frequently Asked Questions.

News coverage from TechWorld:

"The move puts Microsoft on a better footing to compete against open-source applications and non-proprietary document formats. Governments around the world have begun to reconsider the use of proprietary formats, which usually lock them into using particular applications and may hinder archiving efforts.

"Microsoft Office formats have become a de facto standard, one of the factors making it difficult for organisations to use alternative applications."

(via Robert Scoble)

Add/Read: Comments [2]
Office 2003 | Tech
Saturday, 29 January 2005 23:36:25 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 28 January 2005

My employer, Corillian Corporation, has a few openings, including one for an employee to work on the IT Department's Help Desk. Maybe you'd be interested, or maybe someone you know would fit the bill?

Corillian is a Portland, Oregon-area software company, and IMHO it's a pretty darn nice place to work. Great challenges, great opportunity, and great people.

The IT Help Desk job is an entry-level or early-career position, working in the corporate IT department. The employee in this position acts as the point person for the company's internal help desk. Managing requests for service and basic Windows computer and network troubleshooting are the primary day-to-day job tasks. Excellent customer service skills and a customer-oriented, confident, on-your-game personality are critical. The company is looking for someone who can hit the ground running from a customer-service standpoint.

If you or someone you know is interested, time is of the essence - So email or call me and I will put you in touch with the hiring manager. My email is and my office phone is 503-629-3771.

QA and Software Developer Positions: I am told that Corillian is also looking for QA and Software Engineers, so if you are what a leading-edge software company would consider a top performer in either of those areas, email or call me about those positions, too, and I will make sure you are put in touch with the right people. It'll be competitive, I can tell you that, so be prepared, but don't hold back.

Note: This post is my own, and is not a communication by or for my employer. I am just trying to make people aware of some opportunities that I happen to know about. In the interest of full disclosure, I should say that if you get hired, depending on the position they might spot me a small bonus that would probably pay for a nice lunch or dinner for you and me. But don't count on it - and the help desk job reports under me in the organizational scheme, so I am not eligible for any bonus on that position. Phew! :-)

Add/Read: Comments [0]
Random Stuff | Tech
Friday, 28 January 2005 21:43:08 (Pacific Standard Time, UTC-08:00)
#  Trackback