Hey, Kids! Comics!

During a recent road trip the kids and I stormed two geek stores: Lone Star Comics in Dallas and Cosmic Cat Comics in Tallahassee. This is a foolish thing to do, because I have poor impulse control and my sons have a serious Yu-Gi-Oh jones.

The clerk at Lone Star was exceptionally friendly, digging up free comics for the kids and teaching them how to slam Pogs, which are undergoing an attempted revival.

We did $80 damage at Lone Star on cards, comics, manga and a $13 box that contained three pieces of laminated cardboard and two plastic Slammers.

The clerk at Cosmic Cat couldn't have been less friendly if he was channeling Jack Black in High Fidelity.

My son Eli believes that stores that don't stock Yu-Gi-Oh cards are secretly holding out on him, so he interrogates clerks like Mike Wallace working somebody over on 60 Minutes. His favorite technique is to ask a series of similar questions to see if the story changes. Some clerks actually begin to sweat under this fusillade, which always reminds me of his mother.

In a store with no other customers that's part of a run-down shopping center hurting for business, the clerk copped so much attitude that we left without spending a cent.

Thank you, Cosmic Cat Comics!

Florida · Dallas · Comics · 2006/06/16 · 4 COMMENTS · Link

Robert Scoble, Naked Conversations and Exposed PCs

Robert Scoble's departure from Microsoft is getting major-news treatment from the mainstream media this morning:

Mr. Scoble's blog, called Scobleizer, is widely seen as helping to humanise Microsoft and shift its stance from arrogant and aloof to one that is more inclusive and accepting of criticism. It also commented on broader changes in the net world and how they affected the company.

Scoble began his blog around the time he left UserLand Software and deserves credit for using an employee blog launched in obscurity to route around Microsoft's PR firewall and elevate himself into one of the company's best-known names. But now that the Scobleizer has become the Defenestrator, I wonder how much impact his blog really had on Redmond.

Though he's been touted as a direct channel between the user/developer community and Microsoft, Scoble was heavy on ain't-it-cool and light on criticism. Considering my recent experience with a compromised PC, I was curious how much he's said about the company's biggest problem: the long-running inability to make Windows secure, no matter how many times they launch new initiatives to address the issue.

The answer: very little.

Shortly before New Year's Day, Russian crackers began taking over fully patched Windows systems by exploiting a huge security hole in Windows MetaFile (WMF) graphics. All it took to become compromised was to display a graphic, which could occur automatically when a web page was opened, e-mail attachment was indexed or thumbnail images were prepared in a folder. After an exploit for this hole was widely publicized, Microsoft took more than a week to release a patch, even though outside security experts thought it was serious enough to pull all-nighters over the holidays on unofficial fixes:

To the best of my knowledge, over the past 5 years, this rag-tag group of volunteers hasn't asked for your trust: we've earned it. Now we're going to expend some of that hard-earned trust:

This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice -- unregister shimgvw.dll and use the unofficial patch.

This was a disaster on multiple levels, beginning with Microsoft's reckless decision to permit executable code in a graphics file format. That's a security nightmare, as the company should have learned six years ago when it permitted executable code in e-mail.

Looking over Scoble's naked conversation during that crisis, he did what software companies always do when they've left users exposed: Pretend it was an act of God, release a patch and cover your ass. If he thought it was a bad idea to put code in graphics or let days pass without a patch, Scoble didn't test his company's acceptance of criticism. His final word on the matter was to quote his brother:

Microsoft is more responsive than people want to give them credit for.

Windows Xp · Security · 2006/06/12 · 17 COMMENTS · Link

The Mother of All Infected Windows XP Systems

My mom has a Windows XP system with an always-on high-speed Internet connection that's occasionally used by relatives and other guests. The PC had become glacially slow, opening new web pages after a pause of 10 or more seconds, so I started looking for spyware or viruses that might be causing the problem.

I brought the virus definitions in Norton Anti-Virus up to date and installed Ad-Aware to look for other junk.

As they were running, shortly after midnight the PC began sending hundreds of spams that triggered "Scanning message" dialogs in a Norton program that inspects outgoing e-mail for viruses. The computer was infected with Trojan.Abwiz and had been hijacked by a spammer. Hundreds of spams were being sent each minute until I yanked the DSL cable to stop the deluge.

A post on Spyware Sucks describes a Russian spam operation exploiting some of the other trojan files present on her computer, which included winsub.xml, svcp.csv and taskdir.dll:

What I thought was going to be pretty standard forensics "ok-the-machine-is-infected (yawn) lets-get-it-cleaned, reduce user permissions and give it back" turned out to be anything but. While I was connected to the PC via VNC something bad on that box woke up. A slew of connections were made to Russia right before my eyes and things suddenly got very very interesting. This was very cool - sure, I've seen many reports of infected PCs, and helped users fix their machines from afar using various automated products and analysis logs, but I've never had the chance to be hands on with a real, live, actively pumping spambot

Her PC had both Windows Firewall and Norton Anti-Virus running, though the latter's virus definitions were last updated in January. Neither one stopped this crack, which is reportedly installed by exploiting an Internet Explorer vulnerability. I think I've found and removed the trojans, which weren't gone completely until I got rid of all System Restore backups saved by XP, but I'm tempted to wipe the hard drive and reinstall to make sure.

Because Trojan.Abwiz can update itself and send data such as a keystroke log to other compromised PCs, mom has to change her credit card numbers and review other confidential information that might now be in the hands of identity thieves.

In other news, Microsoft will be releasing 12 security updates on Tuesday.

Windows Xp · Security · 2006/06/10 · 14 COMMENTS · Link

Outsourcing: Not Safe for Work

I've taken Workbench back from Vivek Seal.

I appreciate his efforts -- especially considering some of the abuse he took -- but remain unsold on the notion that outsourcing is beneficial to Americans. Seal's clear on the fact that it helps India, of course, but the most he offers us is a platitude that's laid on downsized employees all the time -- you ought to develop skills for another job that'll make you more valuable:

I know many jobs are being lost but there are many new jobs which are being created. A person has to forecast what kind of a job is indispensable and should strive for that to retain one's job. I am absolutely sure that now the time is here where a person cannot relax in his job and must keep adding extra qualifications and training on a regular basis.

No one who offers this advice ever provides an example of an indispensable new job. For geeks like me who gravitate to software development and related professions, I don't see anything that can't be done in places where $15,000 a year buys an aspirational middle class life. When I was 20 in 1987, a computer science degree was a pretty solid path to the American dream. Today, even software project management is being outsourced. What do career counselors tell college freshmen with undeclared majors when they express an interest in programming? They ought to wire their chairs and dispense a corrective electrical shock.

I don't begrudge Seal's people taking their shot at the Indian dream, but I think it's in Americans' self-interest to make outsourcing as expensive as possible.

In April, Information Week reported that the cost-saving benefits of outsourcing are exaggerated:

... while more companies are turning critical IT and business functions like help desk support and customer service over to third parties, who in turn often send the work to subsidiaries in low-cost countries like India or China, they're saving less from the process than is widely believed. In India, programmers and service workers are paid anywhere from 80% to 40% less than their U.S. counterparts. However, the overhead associated with outsourcing appears to be eating up the bulk of those savings. Factoring in transition, legal, advisory, and management costs, outsourcing typically lets a company reduce the expense of a particular function by 15%, TPI says.

A 15 percent savings seems pretty vulnerable, considering the hassles involved in moving a company's labor to the other side of the planet. Americans don't like jobs moving overseas, because the fears of a shrinking middle class are one of the things on which red, blue and purple America agree completely. Companies like Dell are vulnerable to the publicity associated with moving work to India. If outsourcing became the dolphin-unsafe tuna of this decade and that 15 percent savings dropped, it could be extremely tough for workers in places like India to compete with Americans closer to home.

If that happens, I hope Vivek can find new training in something more indispensable.

Programming · Politics · Outsourcing · 2006/06/06 · 36 COMMENTS · Link

Outsourcing: What's in a Name?

A name, your preview to the world, may mean everything to someone, but in call centers in India they choose an alias name for themselves to make Americans life easier. Whether they are able to do it or not is a separate issue altogether.

You all must be surprised to know that the U.K. companies are much more broadminded as compared to the U.S. ones in the accent, name and even the culture of an employee (maybe because of our past).

In fact all the voice-based processes in India are divided into the U.K. and U.S. units. The U.K. ones generally do not require you to choose an alias name or to make your accent British, in fact they let you keep your original name and ask you to try speaking in a neutral accent.

Indian youth just go totally ballistic in choosing an American name. Famous ones are "Mr. Anderson" or "Mr. Smith," more Hollywood names like "Tom", "Will" for the Adams and for the Eves it is "Nicole" or "Marie," etc. They do this so that you people will get a feeling that you are talking to someone American and not some Indian dude.

But as far as I know, many companies are letting the employees use their original names instead of the fake ones. Is it helpful or not is what you people have to analyze. So what do you think: Should the Indian call center executive welcome you with an Indian name like "Mr. Rangaswamy" or with much familiar name to you like "Mr. Smith"?

This post was written by Vivek Seal.

Outsourcing · Politics · 2006/06/03 · 34 COMMENTS · Link

Outsourcing: Drop the Accent

I have received many comments that Americans are getting pissed because of the accent of the offshored employees. I just had a meeting with a top executive from Vertex, which is one of the biggest BPO companies in the world (right now they are Eurocentric), and that young gentleman told me that many of their British customers are happy with the work being done in India -- and in fact the customer satisfaction is headed towards north.

I can validate this argument further because when I was there in Convergys two years back, I remember my team manager was maintaining the quality of the calls above or around 90 percent (same or above the US/European levels) -- quality: first call resolution, empathizing and going the extra mile. The quality evaluators I had were from the UK itself and the company was Capital One (which is unheard in India but is quite popular abroad).

Our team was hitting the quality targets, which were above the standards maintained by their US/European counterparts again and again. The big greedy "corporates," as many of you say it, are no fools to offshore their business so that they can drive away their customers. There are set quality standards for the BPO industry, which is met by the vendors to maintain their promises.

Also, I must tell you guys that the average education level for a call center job in India is at least a graduate degree (bachelors in commerce, economics, arts, etc.) as compared to school-level education there. For all you people who are not happy with an accent, just imagine the time you called up someone in your country and try to compare it without having this inherent hate for outsourcing. You may very well realize that it is not all that bad -- I mean the accent.

This post was written by Vivek Seal.

Outsourcing · 2006/06/01 · 58 COMMENTS · Link

Interview Request: Americans Affected by Outsourcing

I am very keen on doing a story about Americans who have lost their jobs due to outsourcing. Global Services reaches an audience of around 50,000 in the U.S. and I really would like to know the views of the CEOs, CFOs, CTOs and others who have lost their jobs. If you have any suggestions for people I should interview, send an e-mail through this weblog.

This post was written by Vivek Seal.

Outsourcing · 2006/06/01 · 2 COMMENTS · Link

Read More Entries