Thursday, May 12, 2005

Exceptions vs. Return Codes, part 912


Picture credit: Congreve
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueHee hee. Joel's at it again, raising cain in the age-old return-codes versus exceptions argument. Personally, I think it's case-closed for return codes when both Raymond Chen and Joel Spolsky weigh in that exceptions are hazardous, to say the least. But, hey, I'll throw in my two cents (*sigh*, again).

First, let's see what Joel has to say in his latest missive.

Here’s the thing with exceptions... Your eyes learn to see wrong things, as long as there is something to see, and this prevents bugs. In order to make code really, really robust, when you code-review it, you need to have coding conventions that allow collocation. In other words, the more information about what code is doing is located right in front of your eyes, the better a job you’ll do at finding the mistakes. When you have code that says

dosomething();
cleanup();

...your eyes tell you, what’s wrong with that? We always clean up! But the possibility that dosomething might throw an exception means that cleanup might not get called. And that’s easily fixable, using finally or whatnot, but that’s not my point: my point is that the only way to know that cleanup is definitely called is to investigate the entire call tree of dosomething to see if there’s anything in there, anywhere, which can throw an exception, and that’s ok, and there are things like checked exceptions to make it less painful, but the real point is that exceptions eliminate collocation. You have to look somewhere else to answer a question of whether code is doing the right thing, so you’re not able to take advantage of your eye’s built-in ability to learn to see wrong code, because there’s nothing to see.


It's worth repeating the highlighted sentence, because it's true no matter what the pro-exception crowd says: You have to look somewhere else to answer a question of whether code is doing the right thing. Because there's nothing to see.

And that is why you will never be permitted to rely on an exception-based infrastructure if you write mission-critical code. There's no argument about that. None. If you write code for an OS, the FAA, NASA, a database engine, or a nuclear reactor, or any other sphincter-clenching application*, you will not be permitted to rely upon exceptions. Period.

* Defined as any application that, the first time you run it in a production environment, causes: (a) your blood pressure to soar to double its normal levels, (b) you to break out in a cold sweat, or (c) under extreme circumstances, forces you to exert conscious control over certain bodily orifices.


Quick summary: we won't be able to use exceptions if we're writing code for Joel's proverbial open-heart-surgery circular saw. By the way, if you don't agree with this contention, please take a close look at mission-critical software certification specs like DO-178B. Then get back to me.

The reason exceptions are verboten is simple: the code can't be reviewed and validated in any contained fashion.

And now that we've established that exceptions are forbidden in the adult world, I have a question for exception aficionados:

Where do you draw the line between mission-critical and non-mission-critical software?

I'd just like some guidance here: when is it okay to go for anything less than bullet-proof code? What are the rules for delineating between mission-critical and non-mission-critical?

Update: In the comments area, Gil wrote the following. I thought it was worth calling out, for obvious reasons:

I think you've already provided the most useful definition possible of mission-critical software: any software for which it's required to meet an existing standard of mission-critical reliability, like DO-178B or an equivalent. It wouldn't surprise me at all to find that most, if not all, such standards, don't mention or explicitly reject exceptions. This isn't surprising since such standards tend to be very conservative and to rely on time-tested best practices, for the same reason that the chips in the space shuttle are 486s.

The point I think you're getting at is that even pro-exception coders won't use exceptions in life-threatening situations; by getting them to draw a line, they're implicitly accepting that exceptions are not a good coding practice, to be followed by the 2 in the 1-2 punch of "if they're not a good coding practice when lives are at stake, why would they be considered good when the software is less than life-threatening? Exceptions are generally bad, and should never be used. QED."

The reason no ones drawing the line you're asking them to draw is because they recognize the dilemma you're presenting and are refusing to accept the initial premise.


Exactly.

Joel: Raising cain
 

Google, DNS Cache Poisoning, and Phishers


(Picture credit Quantrimang)
Excel-web sharing of spreadsheetsInformationWeek reports that Google was knocked offline on Saturday. The cause: DNS Cache Poisoning. In a nutshell, bad guys can take advantage of various weaknesses in the DNS protocol (e.g., a combination of guessing sequence numbers and spoofing IP addresses) to pollute the caches of legitimate name servers. A good explanation of the history of DNS cache poisoning was published a while back on the SecurityFocus site.

In addition, TechWeb reports that Phishers are also starting to use DNS weaknesses to their advantage. Phishers are the persons or organizations running bogus websites that mimic, say, Citibank... and try to capture authentication and identity data from legitimate customers. Having captured that information, the Phishers attempt to use it for financial gain.

Aside from simply hosting bogus DNS servers on co-opted machines, they can also attempt nasty tricks like polluting hosts files on client machines. The effect? You think you're logging into Citibank, but you're really authenticating to a zombie Dell PC in Skokie, Illinois.

Here's hoping that a robust generation of DNS software and browsers, sufficiently innoculated against these sorts of attacks, comes sooner rather than later.

The Dailydave mailing list laid out the process.

"The hostname that is hosting the phishing site is served up by five different name servers. Those five name servers are on home computers residing on networks such as Comcast, Charter, etc.

"The name servers are using some sort of round-robin DNS to serve up five different IP addresses for the phishing site, and the five IP addresses used are changing every ten to fifteen minutes.

"All of this seems to be a distributed phishing scam controlled by some sort of bot network. This type of phishing site organization is virtually impossible to get shut down, other than having the registrar of the domain deactivate the domain. Anyone that has ever worked with a registrar on something like this knows that it's like speaking to a wall."

"These DNS servers can change the IP address of the fake site over and over again," said Hubbard. "Say the fake site is hosted in China, but is quickly shut down. The phisher just has to change the bogus DNS server and anyone clicking on a phishing link would get sent to another machine, maybe now in the U.S., that's hosting the phony site."


p.s., Did you know Google offers a H4x0r search engine?

p.p.s., On an unrelated topic, Google just bought the mobile social networking service Dodgeball. Combined with Google maps, the possibilities are amazing.
 

Could the Saudis Blow Up Their Own Oil Infrastructure?


(Picture credit BBC News)
Excel-web sharing of spreadsheetsFrontpage Magazine features a fascinating article by Daniel Pipes. The topic: the possibility that the Saudis have booby-trapped their oil infrastructure to prevent anyone else from taking control.

In what sounds like the far-fetched plot of a Bond film, Pipes describes Gerald Posner's new book about US-Saudi relations. Posner, the investigative reporter and author of ten books, reportedly based this assessment on a variety of "intelligence intercepts". Supposedly spurred on by veiled threats from the US State Department during the oil crush of the 1970's, the Saudis came up with their own plan to repel any would-be takeover.

This became a top-priority project for the kingdom. Posner provides considerable detail about the mechanics of the sabotage system, how it relied on unmarked Semtex from Czechoslovakia for explosives and on radiation dispersal devices (RDDs) to contaminate the sites and make the oil unusable for a generation. The latter possibilities included one or more radioactive elements such as rubidium, cesium 137, and strontium 90.

Collecting the latter materials, Posner explains, was not difficult for they are not useable in a nuclear weapon and no one had the creativity to anticipate Saudi intentions:

It is almost impossible to imagine that anyone could have thought a country might obtain such material … and then divert small amounts internally into explosive devices that could render large swaths of their own country uninhabitable for years.


Saudi engineers apparently then placed explosives and RDDs throughout their oil and gas infrastructure, secretly, redundantly, and exhaustively.

The oil fields themselves, the lifeline for future production, are wired … to eliminate not only significant wells, but also trained personnel, the computerized systems that seemingly rival NASA’s at times, the pipelines that carry the oil from the fields …, the state-of-the-art water facilities (water is injected into the fields to push out oil), power operations, and even power transmission in the region.


Nor is that all; the Saudis also sabotaged their pipelines, pumping stations, generators, refineries, storage containers, and export facilities, including the ports and off-shore oil-loading facilities...


Pipes: Will the Saudis Blow Up Their Own Oil Infrastructure?
 

Wednesday, May 11, 2005

The Five Most Shocking Things About the ChoicePoint Debacle



Excel-web sharing of spreadsheetsA senior editor at CSO Online, Sarah Scalet, shreds ChoicePoint in impressive fashion, highlighting some of the concerns I mentioned in several earlier blog-missives.

One of the most amazing aspects to the aftermath of the incident were statements made by ChoicePoint's CISO, Rich Baich, who claimed that it really wasn't his concern:

"Look, I'm the chief information security officer. Fraud doesn't relate to me."

Wow.

So, Rich, who would this sort of incident relate to, if not the CISO? Wouldn't some CISOs have established processes for analyzing access to the crown jewels? Say, detecting anomalous activity, or creatively discerning whether customer activities match up with their claimed size and role in the market? Or is the data held in the various repositories really not that crucial to ChoicePoint's business?

...The security community seems skeptical of Baich's argument too. CISOs have long asserted that their responsibilities ought to encompass all aspects of information protection-whether a vulnerability stems from insider misuse, an outside hack or (in ChoicePoint's case) a social engineering scam. It seemed an especially convenient moment for Baich to argue, uncharacteristically, that his job description is actually narrower than one would assume...


It all really does translate back to process. You could have orchestrated a series of stellar vulnerability assessments, indicating that you'd closed all the holes known to exist... and then, only a week later, be utterly exposed to a catastrophic crime through a zero-day exploit. Good processes, creative and committed people, and -- least of all -- technologies together need alignment under the management of a CISO willing to take responsibility for all of IT. Not just firewalls and network monitoring - but application development, databases and other repositories, remote access, the gamut of offerings that make up today's IT world.

...It would also behoove companies to review their use and/or implementation of IT security best practices, such as the ISO 17799:2000 framework, as well as the NIST 800 series practices for sound IT security management. IT's one thing to have the "CISO of the year in the State of Georgia" at the helm of your security function, but it's far better to have "state of the art" security best practice processes integrated into your business. Which would you prefer? I prefer the latter...


An "award-winning" CISO unwilling to tackle the tough problems of information security is like a brand new Mercedes convertible... without an engine. On paper, it looks great. It just won't get you from point A to point B.

CSO Online: The Five Most Shocking Things About the ChoicePoint Debacle
 

The Political Influence of the Blogosphere



Excel-web sharing of spreadsheetsIf you've wondered what impact the blogosphere made on presidential politics in 2004, wonder no more. The analysts at Blogpulse have dissected the topography of the blogosphere -- both left and right -- and have come to some interesting conclusions.

Coverage by political leaning was fairly balanced. Of 1,494 blogs that met the researchers' definition of influence, 759 were liberal and 735 were conservative... Even though numbers of blogs were fairly balanced, conservative blogs showed a greater tendency to link to other blogs (84% linked to other blogs, 82% received a link) compared to liberal blogs (74% linked to other blogs, 67% received a link). That behavior is captured in the [accompanying] graphic...


Blogpulse: Political Influence of the Blogosphere
 

Fending off a DDOS Attack


(Picture credit SIGgraph)
Excel-web sharing of spreadsheetsI usually don't link to Slashdot articles simply because they're so widely read. But this one is well worth the ten to twenty minutes in case you happened to miss it. It describes how an owner of a gambling website, faced with an extortionist, went through hell and back attempting to fend off a massive distributed denial-of-service (DDOS) attack.

Slashdot: Taking on an online extortionist
 

Eight Gigs


(Picture credit IBsys and AP)
Excel-web sharing of spreadsheetsHitachi recently introduced its 8 gigabyte "Mikey" hard-drive. Shown here -- with dominos for perspective -- it can store several thousand MP3's in a tiny form-factor. Hitachi is basically saying to its competition (with apologies to Boyz in the Hood): "Domino, m*********r."
 

Book Review: Frederick Forsyth's Icon



Amazon - Icon, by Frederick ForsythThough it was published in 1996, Icon is especially relevant today, given Russia's wavering stance on democracy. Icon looks several years into the future, to a day where Russian crime syndicates, a teetering economy, and an American-style public relations campaign conspire to carry a man named Komarov to the office of president.

The British embassy in Moscow, however, accidentally acquires a document Komarov never meant to make public. Called The Black Manifesto, it describes his plans to consolidate power, recapture the breakaway Soviet Republics, and launch a program of genocide against any religious group that could oppose him: Christians, Jews, and Muslims alike. In this effort, he is funded by a major mafia syndicate and has the support of a para-military organization not unlike Hitler's brown-shirts.

While the manifesto alone is not enough to stir official Western government action against Komarov, it is sufficiently worrying that senior officials feel they must act. Retired British spymaster Sir Nigel Irvine, a hero of the Cold War, is brought back into the fold. And spyrunner Jason Monk, formerly of the CIA, is unretired.

Like chessmasters, Irvine and Komarov move their pieces across the board in this brilliant, complex and wide-ranging novel. With the fate of Russian fascism -- and a Nazi-style genocide -- hanging in the balance, Irvine and Monk are the last, best hopes for a democratic Russia.
 

Tuesday, May 10, 2005

Judicial Filibusters: a Brief History


(Picture credit US Senate Committee on the Judiciary)
Excel-web sharing of spreadsheetsI'd heard rumblings from the MSM/DNC that the idea of the judicial filibuster wasn't truly a Democratic party invention. That the GOP had effectively stonewalled some of President Clinton's nominees using procedural nastiness, albeit not filibusters themselves. I'd wondered about this issue. Was it correct? Was the GOP just as guilty as the Democrats in refusing to let Clinton's nominees come to a vote?

I hadn't seen a detailed explanation of these "procedural" methods until I came across this explanation on El Rushbo's site.

...Hagel said, "What we did with Clinton's nominees about 62 of them, we just didn't give them votes in committee or we didn't bring them up." In the first place, Bill Clinton had a large percentage (71%) of his nominees confirmed. George W. Bush has the lowest percentage (50%) of his nominees confirmed of any recent president, going back to Truman (over 90%).

Now, in this case the filibuster was not used. There was no violation of Senate rules in what the Republicans did. They didn't pass some of these nominees out of committee. Some of Bush's nominees haven't come out of committee. But none of the senators that came out of the judiciary committee when Clinton was president and the Republicans are running the committee, none of them were filibustered. Those that got out of committee got votes on the floor. That is not what's happening now.

The Democrats are the ones trying to change the age-old traditions of the Senate...


In other words, the majority used the Judiciary committee for its intended purpose: to determine the fitness of the nominee, stamping approval on those nominees deemed acceptable and forestalling others. This has occurred for many decades and is considered standard practice.

What has not been standard practice, at least for the last 215 years, is the judicial filibuster. Over that period, there has not been a single sustained filibuster of any judicial nominee.

Hugh Hewitt distills its history and ramifications a bit further:

The fact is that Senate Democrats want to enshrine a new rule -- a 60 vote rule -- for judicial confirmations.

If they want that rule, they should win some elections on the issue, rather than lose them.

It is clear that there will be no "compromise" worth having, just a vote on whether the Senate will abide by the design of the Framers and its practices of 215 years, or the desires of Patrick Leahy, Barbara Boxer, Chuck Schumer, Ted Kennedy, and Harry Reid to ignore that design and throw out those practices.


Piling on, Patterico reveals a beautifully laid out expose (shades of windiff for journalists) of the LA Dog-Trainer Times. Their apparent selective editing of Professor Greenberg's article on the history of the judicial filibuster compares with the best efforts of Pravda circa 1960 - and is just as relevant to today's news consumers.

If the MSM really stoops to these lows -- slashing op-ed pieces in chainsaw-massacre fashion to reach the conclusions they desire -- it simply indicates their rising panic. Heaven forbid they actually staunch subscription bleedout with op-ed balance or a sense of fair play. It's crystal clear from these tactics just how wrong they are... and how out of touch with their readers they remain. From all appearances, they can't trust their readers to read Greenberg's real op-ed piece... so they've created their own version, hoping to swing some opinions with adulterated bile.
 

Sharkfish's experiences interviewing techies


Picture credit: Boston College
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThrough a link on the JOS discussion board, Sharkfish discusses his takeaways from a long series of technical interviews. Here are some of the salient details:

# DO NOT send a resume with misspellings. You would be surprised how many of these we saw.

# I do not hammer people and I give them all sorts of leeway to relax. If a tense moment comes up (couldn't answer a technical question), I fall back and ask something more general. If you do not know the answer, just say you don't know. Hemming and hawing makes interviewers nervous. Yes, we interviewers are nervous, too.

# I was surprised at the number of people who out and out LIED on their resume. In addition to the usual Indian name with the resume of SuperMan (how in hell can you be great at EVERYTHING?). How DOES one get a skillset that includes mainframe, mini, PC, web apps, network admin, Unix, windows, database, programming EXPERT? Why is it that people with these mythical SuperResumes never seem to attach the skill with the employer, leaving me to guess that all this stuff was accomplished in India where it can never be verified?

# Don't put a web site on your resume that is supposed to be an example of your work if it is going to give a 404! We had at least two of these....


My experience interviewing techies
 

Monday, May 09, 2005

Meet the Fockers


Picture credit: RH Sager
Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThe endlessly disappointing Bob Herbert reprised the Iraq war in a Times' Op-Ed piece this morning. I'll save you the time and effort of reading his diatribe, which can only be characterized as a complete waste of fourteen column-inches. Here are the key sound-bites, which I'm pretty sure were stolen from John Kerry's dustbin sometime in October:

  • ...war in Iraq has been an exercise in extreme madness...

  • ...amateurs and incompetents have run the war from the start...

  • ...Abu Ghraib was not an aberration. It was a symptom...

  • ...clownish, disastrous war...

  • Even putting aside his vicious, unwarranted insults of the US Military, it's stunning that Herbert has neither the eloquence or intellectual honesty of even, say, the virulent Barbra Streisand.

    Here's what Herbert fails to mention: 9/11. The innocents slaughtered in the Madrid Train Bombings. The promises by terrorists to kill three million Americans through any means possible. The Global War on Terror. The elections frenzy sweeping the Mideast.

    Think about it: even the senseless Barbra Streisand, in the recent open letter posted on her site, was willing to mention 9/11 and the implication of WMDs on American soil.

    Of course, her statement likening President Bush to Nazi Germany's Hermann Goering, was rendered unintentionally comic through its record-setting levels of irony.

    Consider the analogy: an immensely wealthy, ultra-liberal entertainer criticizes the Third Reich in, say, 1936. The outcome? She is either deported, executed, or sent to a concentration camp. Streisand's willingness to minimize the horrors of Nazi Germany would truly be ludicrous were the implications not so tragic.

    That Herbert could attempt a Reader's Digest version of the Iraq War without mentioning the war on terror, the lives lost on 9/11, Afghanistan, the elections sweeping the region, and the general topography of life in the early 21st century is proof of either utter bias or stupefying ignorance. I'm betting on the latter.
     

    Saturday, May 07, 2005

    Zarqawi's Morale Problem - Exclusive Memo



    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueIraqi and US counter-terror operators recently captured a computer owned by insurgent COO Musab al-Zarqawi. Among the documents found on the hard-drive: a memo from Zarqawi to the insurgent rank-and-file related to wavering morale.

    Through an exclusive sharing agreement with a source inside the New York Times (hat tip: MoDo), I'm pleased to offer the only translated copy of the Zarqawi memo addressing the insurgency's morale problems:

    To: The Mujahaddin
    From: The Sheikh
    Subject: Morale

    I am greatly disappointed to hear reports of low morale among the mujahaddin. To address these problems, our Vice-President of Human Resources has promoted Sheikh Abdul Hassan al-Bharbouti to Director of Organizational Development.

    Sheikh al-Bharbouti will be responsible for training programs, martyrdom operations, and selected special missions against the American and Iraqi devils.

    To that end, he will be tasked with quantitatively addressing morale problems with our fighters:

    - Training programs: each fighter will be required to attend at least one week of training in any of the following areas: explosives preparation, bomb-belt construction, car-bomb wiring, fuses (beginning and advanced), and suicide-bombing methods
    - Martyrdom operations: to improve morale, the Sheikh will be selecting certain fighters to participate in martyrdom operations within the coming few days and weeks
    - Special missions: each fighter will be required to participate in special missions against the American devils including night operations and small-arms attacks against armored vehicles

    Please give the Sheikh your full cooperation in these efforts - they are certain to result in high morale as we dismantle the devil occupiers.

    Sheikh

     

    Thursday, May 05, 2005

    Can Bill Gates Slow Google Down?


    Picture credit: ZDnet Korea
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueFortune Magazine features a great article on the challenges Microsoft faces from Google's juggernaut. The amazing list of innovations -- think Google Maps, Google Mail, Blogger, and the nearly omniscient Google search engine -- are jaw-droppingly good.

    Okay, let me sidetrack my narrative for a moment. If you haven't experimented heavily with Google's search engine (and only a few serious geek losers like me have), you'll find that it is:

  • A calculator (type in 5250 * 1818 into the search box)

  • A dictionary (type in define staid)

  • An address and phone book (type in David Smith, Boston Mass)

  • A patent lookup engine (type in patent followed by a patent number)

  • A UPS/Fedex tracking system (type in a tracking number)

  • A stock-quotation device (type in GOOG)

  • An airport traffic checker (type in sfo airport)

  • An airline flight status system (type in a flight number like ual 134)

  • A spell-checker

  • A VIN -- vehicle identification number -- tracker (type in a VIN number)

  • An FAA airplane registration system

  • A UPC code lookup engine

  • An area-code cheat sheet (type in 404)

  • and so forth


  • Think it's hard for the other search engines to match up? One word: ayup.

    Google's method is to overwhelm the competition with technical innovation, giving lie to academic poseurs like Nicholas Carr, who claim that 'IT doesn't matter.' Google's IT innovation -- I mean order-of-magnitude leaps like Google Maps' use of AJAX -- has resulted in billions in market capitalization. And the same can be said for other IT innovators, even staid insurance companies like Progressive.

    Google spurs its innovation by encouraging scientists and engineers to devote 20% of their time to pet projects. Gems like Google News and Orkut sprung from 'hobby' sites created by creative entrepeneur-employees at G-ville.

    The latest? A downloadable tool that speeds up web surfing using Google's outrageously scalable (and - uhmm - Linux-based) infrastructure.

    This is where things get real, real risky for Microsoft (NASDAQ:MSFT).

    The desktop has always been Microsoft's to control. But small inroads -- like the acceleration engine and the desktop search product -- are encroaching on Gates' turf. And they're as welcome there as the Bloods are twelve blocks into Crips territory.

    To add to this ominous (well, ominous as far as Microsoft's shareholders are concerned) behavior, Google's rumblings towards the Mozilla/Firefox browser are -- at best -- worrisome. Because the browser has, for many classes of application, become the de facto desktop, the sonar pings are coming louder and faster at Gates' lakefront manse.

    Firefox's usage rates are already skyrocketing due to the pandemic of security issues with Internet Explorer: the unfortunately named IE trojan-hider called Browser Helper Objects (or BHO's, for short) are examples of egregious shortcomings in IE's security architecture.

    Now imagine Firefox tightly integrated with all of Google's offerings. And here's the kicker:

    A lightweight plug-in installer that instantly adds browser support for any of Google's newly hatched research projects

    I'll give you an example. Say you're starving - you were in meetings all day and missed lunch. You do a Google search (from the integrated Firefox/Google search bar) for pizza topeka. The browser gives you a list of pizza places and their phone-numbers... and also adds a Dial Now button that places the call for you. And it'll make a VoIP call if your computer is so equipped. And, yes, you need to place a voice-call to see if they have the jalapeno and banana special that you used to order in LA. Cool, eh?

    Imagine a browser that is tightly integrated with Google. A browser that is multi-platform: Linux, Windows, PocketPC, Symbian, Blackberry, etc. A browser that... becomes your operating system.

    No wonder MSFT's market cap hasn't budged since Google rose to prominence.

    In my estimation, Microsoft has to concentrate on one thing -- and one thing alone. And it's not security, though heaven knows that  remains a concern. Microsoft needs:

    Ease-of-use

    I'm not talking about making Outlook or Access or Excel easier to use (though products such as Access routinely get their asses kicked by products like Alpha Five, from tiny companies, due mostly to learning curve). No, I'm specifically focusing on IT ease-of-use. Reducing complexity. Making IT simple.

    Seen the Visual Studio .NET interface lately? If there were more windows -- all purportedly there to make life easier -- you'd have a skyscraper.

    Tried to deploy a .NET thick-client (WinForms) app? Talk about bringing on the pain. Yeah, I really want to make 80% of my users download the 25 Mb .NET runtime -- to get my 1 Mb app to run -- and hope the install takes. This is what Mark Lucovsky talked about when he said Microsoft no longer knew how to ship software.

    Seen a great piece of software out of MSFT lately? Maybe, just maybe, MSN search makes the grade. But that's a catch-up play... copying Google, which is no way to play offense.

    The bottom line is that Microsoft has to make their software idiot-proof. I know, I know, when you build more idiot-proof software, the world will catch up and build better idiots. But I think you get the flavor.

    When we tune a SQL Server installation, it shouldn't require a week and a gaggle of Avanade consultants. When we configure SharePoint, it should be so dead-nuts simple that a business analyst can handle it... easily. When we want to share an Excel spreadsheet over the web, it shouldn't require six different technologies and a project plan.

    These are simple concepts. Useful concepts. Concepts that translate to real dollars for organizations spending major moolah on IT. And it's a place that Microsoft had better start innovating... before Google takes a serious look at corporate IT.

    Fortune: Search and Destroy - Bill Gates is on a mission to build a Google killer
     

    Baseball Trivia



    Picture credit: Boston Red Sox
    J McGraw, C Mack, M Huggins, C Stengel, J McCarthy, W Alston, S Anderson, J TorreHere's a bit of baseball trivia: eight managers in the history of the game have won three or more World Championships. Can you name them? Hint: four of the eight managed the Yankees.

    For the answer, position your mouse cursor over the picture of the trophy.
     

    Wednesday, May 04, 2005

    CBS' Bob Schieffer: Unfair and unbalanced


    (Picture credit Tcho.ch - results of an image search for 'Schieffer'!)
    Excel-web sharing of spreadsheetsIf you thought CBS' talking heads would at least make an effort at a little political balance, you'd be wrong. And if you thought CBS would lighten up on the Bush administration -- and the GOP in general -- you'd be wrong. Dead wrong.

    Let me give you a few sounds bites from CBS anchor Bob Schieffer's appearance on the Don Imus show this morning:

    WMD. Iraq. Things getting worse, not better. Vietnam. Bodybags.

    That's the gist. Put simply, phrases pitched straight from John Kerry's talking points memo distributed in, what, October? Can't someone change Schieffer's teleprompter?

    Of course, Schieffer neglected any mention that another senior Al Qaeda leader was just captured. And he couldn't find time to report that Saddam's nephew, was nabbed: a major financier and director of insurgent operations, according to reports. Nephew Hussein was discovered in the briar patch of a giant weapons cache, but I suppose that's not newsworthy.

    Things are getting bad for CBS when even the Guardian, yes, the staunch, leftmost bastion of Europe, states that, "perhaps the neocons got it right in the Middle East.".

    You'd think even Schieffer -- or at least his pointy-headed bosses at CBS -- would be coming around. A little balance might improve the ratings. And, heaven knows, it might attract some of those middle-of-the-road viewers who departed in droves when disgraced ex-anchor Dan Rather drowned in a sea of blinking GIF files.

    But, no, Schieffer went on to predict that Rep. Delay was going to go down in flames. Though it now appears that fat-cat lobbyists like Abrahamoff were paying travel expenses for both Democrats and Republicans.

    And Schieffer couldn't find time to discuss Ms. Hypocrisy '05, Nancy Pelosi, who is now utterly silent about said travel issues. "She demanded an investigation into [Majority Leader] Tom DeLay, but hasn't said a word about these Democrats who have done the same thing," said Rep. Patrick McHenry (R-NC).

    Maybe someday Schieffer can ask his staff to look into all Congressional travel expenses, so the public could determine just how frequently these jaunts are practiced. But that would require exposing Democrats, and not just Republicans, so I wouldn't hold your breath.

    Until then, CBS has all the relevance of Leonard Nimoy at the Grammys.
     

    Despair


    Picture credit: Despair.com
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueThe inimitable Despair.com is back in the news again, albeit through a mention on CNet's blog. I don't mean to demean media outlets that have turned to blogging -- least of all CNet, because they do a good job -- but they exude a slight odor of late-comer to the whole blogging party.

    Despair is the firm who markets "de-motivational" posters - the bizarro-universe version of those classic posters so prevalent in cube farms. Here are a couple of Despair's good ones:

  • Motivation - If a pretty poster and a cute saying are all it takes to motivate you, you probably have a very easy job. The kind robots will be doing soon.

  • Get to work - You aren't being paid to believe in the power of your dreams.

  • Achievement - You can do anything you can set your mind to when you have vision, determination and an endless supply of expendable labor.

  • Sounds like Carly was working on some of this material. Anyhow, here's a few I just came up with:

  • Losing - Because your best will, frankly, never be good enough.

  • Effort - If, at the end of the day, you can say you gave it your best shot, you will be - a liar.

  • Focus - Don't concern yourself with "goals". The obstacles in your way are insurmountable.

  • Innovation - Creativity is easiest when you can steal ideas from underlings.

  • Anyhow, the funniest thing on Despair's site relates to the frowny emoticon :-( . They set off a firestorm of controversy in '01 when they (really) trademarked the frowny and claimed that everyone who used it had to pay royalties. Of course, the whole royalty thing was tongue-in-cheek... but some didn't get it.

    DALLAS, TX - February 5th, 2001 - Individuals across the globe have registered their outrage and despair at the recent announcement by Despair, Inc. that they had been awarded a registered trademark for the 'frowny' emoticon by the United States Patent and Trademark Office (USPTO) and that the company intended to sue anyone who used the trademarked symbol in email.

    The firestorm of controversy even led to an entire newsthread discussing the lawsuit on the highly respected tech-news site Slashdot, which in turn inspired a subsequent story by the Gray Lady herself, The New York Times.

    But the outrage wasn't limited to the English speaking world. Newspapers and websites across the globe voiced all manner of bemusement, confusion, disdain and disgust over the trademark and lawsuit.

    In the face of international public outcry, company founder and COO Dr. E.L. Kersten announced today that he was prepared to offer a compromise to the global Internet community -- one that would allow for the continued legal use of the symbol in email.

    Kersten explained both a change of heart and of policy in a press release...


    And some poor, gullible losers (oops, I mean "L" is for "Love") even assumed that Despair was scanning all Internet email traffic for trademark violations. Some of the letters they received were classic.

    From: Mark (removed) <(removed)@(removed).com>
    To: media@despair.com
    Subject: Frowny Face suit
    Date: Mon, 29 Jan 2001 09:15:50

    To whom it may concern,

    If you have searched any of my mail, send me confirmation of that fact immediately. Under consumer protection laws, and the Freedom of Information Act, you are required to confirm or deny that you have a record of searching my mail. My two addresses are (removed)@(removed).com and mark@(removed).

    Failure to comply is punishable by law.

    If you have searched any of my mail, you have illegally searched me and are in violation of civil rights laws.

    Sincerely,
    Mark (removed)
    -------
    From: "Dr. E.L. Kersten"
    To: Mark (removed) <(removed)@(removed).com>
    Subject: Re: Frowny Face suit
    Date: Tue, 30 Jan 2001 11:34:23
    Mr. (removed):

    While we did not find either of your referenced email addresses in our list of 7,000,000 some odd citizens who have violated our trademark via email, we'll take your panicked entreaty as a confession of probable guilt and make sure to keep an eye on your future communications.

    Attentively yours,

    E.L. Kersten, Ph.D.

    -------

    From: Paul (removed)
    To: feedback@despair.com
    Subject:
    Date: Wed, 31 Jan 2001 14:40:27

    Best site I've enjoyed in some time. I was alerted to it by a bulletin board discussion about the frowning emoticon lawsuit. Out of 31 posts, one person "got it."

    Thanks!
    -------
    From: "Dr. E.L. Kersten"
    To: Paul (removed)
    Subject: Re:
    Date: Wed, 31 Jan 2001 19:01:47

    No offense intended- but it may be time to start hanging around in smarter bulletin boards.

    Regards,
    E.L.


    News.blog: Despair in the Air
     

    Tuesday, May 03, 2005

    Oh, Those  Dangers of Outsourcing, Part III



    Excel-web sharing of spreadsheetsIn April, insurance firm Northwestern Mutual proudly announced to the world that it routinely ships policyholders' personal data overseas to save money on IT costs. The venue was Gartner's Outsourcing Conference.

    NM CIO Barbara Piehler explained the rationale: they weren't getting enough out of offshore contractors because of an internal restriction on shipping customer data offshore. And that, "limits what you can do offshore." So senior executives removed the internal obstacle to allow customer data to transit overseas.

    But some federal regulators believe that shipping customer data overseas carries significant privacy risks. The FDIC noted last year that service firms in the US adhere to a completely different standard than those overseas. Who vets the outsourcers' employees, for instance?

    Worse yet, Northwestern Mutual hasn't informed its 3 million policyholders that their personal data can be viewed by offshore workers. Phil Fersht at the Yankee Group is not enamored with this practice. "Beyond... ethical responsibility, you don't want your customers to have a nasty surprise if something goes wrong."

    In my opinion, NM is undertaking a huge set of risks for what appear to be minimal rewards:

  • Some customers, certain to be aware of the offshoring trend, will not be pleased to find out that their personal data is transiting back and forth to India. They will likely change insurers once they discover this nugget of information.

  • There's been no explanation of any vetting process for the outsourcer's employees (e.g., a background check that would be routine in the U.S.). The risk is that the NM will be victim to fraudulent transactions that are very difficult to detect. The recent Citibank call center fraud, in which twelve persons tied to the outsourcing firm were arrested, is a case in point.

  • The targeting of Indian IT outsourcing companies by terrorists raises the specter of other, even more serious risks.


  • There are rumblings in certain state capitols, as well as Washington, that something needs to be done about this practice. Here's hoping that regulators and legislators deal with this issue quickly and comprehensively. Consumers shouldn't have to worry that the next ChoicePoint-style privacy conflagration will begin burning in Bangalore.

    Anyone up for a blogswarm?

    Information Week: The hard road to offshoring
     

    Rafsanjani


    Picture credit: Pritchett Cartoons
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueHashemi Rafsanjani. The man believed to be the frontrunner for the presidency of Iran. A man dedicated to acquiring nuclear technology. A man who threatens use of nuclear weapons against Israel.

    On April 8, Iranian TV aired Rafsanjani's Friday speech at Tehran University:

    Rafsanjani: The teachings of Jesus do not exist in the Christian world today. They cannot serve as popes and spread the teachings of Jesus, and at the same time disregard the crimes that America commits all over the world. It's true that they opposed the war in Iraq, but America's crimes aren't limited to that. What America does all over the world in the name of the war on terrorism, the way in which it plunders the resources of peoples in needy and backwards countries, its aggression in international organizations, which belong to all of the world's peoples, and the inflammatory propaganda it uses in order to undermine other countries – all of these certainly contradict the spirit of the teachings of Jesus. Jesus compared the money-grubbing oppressors of his time to man-eating vipers and confronted them, so how can the Pope's functionaries remain indifferent when they see the oppression committed by the international arrogance? Therefore, a heavy responsibility lies on their shoulders. They should raise a great outcry against America. They should say to the Americans: Through the crimes you commit you disgrace Jesus, because you use the names of Jesus and the church to win over many votes in the American public.

    Crowd: Death to America

    Death to America

    Death to America

    Death to America

    Death to America


    MEMRI: Former Iranian President Hashemi Rafsanjani
     

    Monday, May 02, 2005

    Financial Ruin: It's Automatic



    Picture credit: Elder Law St. Louis
    Excel web sharing - spreadsheet collaboration over the Internet made easy with BadBlueTime Magazine's Blog of the Year continues its run of outstanding commentary. John Hinderaker posts the following ominous missive on the failure of either party to get serious about addressing out-of-control entitlement spending.

    And, yes, the MSM/DNC is worse -- much worse -- than the GOP because they fail to even acknowledge the problem. It used to be that both parties would step up to challenges together to confront true threats to the United States.

    But the Democratic leadership is no longer acting in the best interest of Americans. They are, instead, on a course of obstructionism for obstructionism's sake. And that spells the continued, catastrophic meltdown of the Democratic party. Read on:

    Entitlements are devouring the federal budget and, if they are not checked, will inevitably dictate higher taxes and a downward spiral of slow growth and unemployment. That's the way it looks to me, anyway. And no one is doing anything about it. The "cuts" proposed by the Republicans are so trivial as to be merely symbolic, as is the ritual faux-outrage expressed by the Democrats in response. Dafydd ab Hugh dissects the latest round of fake "cuts" and fake "outrage":

    Those nasty, brutish, and short Republicans are once again trying to take the pills that Grandma needs right out of her mouth, according to the Associated Press. Here is the scareline of the AP article:

    House Passes Budget That Cuts Medicaid

    Oh, no -- cutting Medicaid! Granny will have to choose between antibiotics and bread! The first two paragraphs make clear the perfidy of the Republicans:

    WASHINGTON (AP) - The House narrowly passed a $2.6 trillion budget Thursday evening that would cut back the Medicaid health care program for the poor for the first time since 1997 in a step toward trimming federal deficits.

    The 214-211 vote approved a blueprint that instructs lawmakers to freeze or cut spending in many domestic programs outside defense and homeland security and restrain farm, student loan, pension and some other government programs that grow automatically from year to year....


    So what are the specifics? How much will the dastardly Republicans slash from Granny’s health care?

    The budget would shave automatically increasing benefit programs by $35 billion over five years while also cutting taxes by as much as $106 billion over the same period.

    Medicaid, the federal-state health program for needy and disabled Americans, gets marked for the single biggest change, a $10 billion reduction over four years....


    Wait a moment... the new budget plan would shave the “automatically increasing” program? What exactly does that mean? Here is the kicker:

    Without any change, the Congressional Budget Office expects the government to spend $191 billion on Medicaid next year and more than $1.1 trillion over the five years covered by the budget.

    In other words, we originally anticipated spending an average of more than $220 billion per year over the next five years... which is an average increase of nearly $30 billion per year (15%) over the 2006 budget; but under the Republican plan, this would be reduced by $10 billion over four years, or an average of $2.5 billion per year.

    In other words, the “cuts” to Medicaid under the new budget would mean that instead of increasing the Medicaid budget by $30 billion per year -- we’ll only increase it by $27.5 billion per year!

    To Nancy Pelosi, that’s a pay cut so staggering it amounts to “an assault on our values!”


    Any truthful discussion of entitlement spending seems to be impossible. So the escalator just keeps on rising. It's automatic.


    Powerline: Financial Ruin: It's Automatic
     

    Scanning Cargo Containers



    Excel-web, collaborative sharing of spreadsheets over the InternetIn a recent blog post, I critiqued an anonymous column in CSO Online. Its basic premise was that we've spent too much money for too few results in the area of homeland security. One of its strawmen indicated that -- because we're only searching 3% of containers that enter the country -- it would be impossible to search significantly more, thus we should simply not bother. We should spend the money on reducing the deficit. Or a giant block party for the entire country on July 4th. Or something like that.

    Anyhow, among other things, I pointed out that a few dollars sensibly invested in container-scanning technologies could provide a dramatically increased capability for securing ports of entry. Sure enough, I recently noticed the following new cargo-scanner:

    Container Inspection

    * Enables the terminal to scan high volumes of containers in normal traffic.
    * Provides useful, timely data to help identify and inspect high-risk containers.
    * Integrates data from many sources, including legacy and third-party systems.
    * Increases throughput by collecting and storing data quickly for later analysis.
    * Can serve as a central component of a layered, comprehensive security solution.
    * Open-architecture design facilitates integration and expansion.

    ...ICIS can collect data from cargo-scanning systems throughout the terminal, including legacy and third-party systems... [and] offers these high-speed scanning capabilities:

    * Gamma ray imaging: The VACIS® gamma ray imaging system provides radiographic images of container contents.
    * Radiation scanning: The EXPLORANIUM™ Radiation Portal Monitor (RPM) provides a graphic profile of radioactivity levels inside the container.
    * OCR: OCR portal system technology automatically identifies containers to enable ICIS to integrate data for each container.


    Integrated Container Inspection System (ICIS)