Some offshoring tidbits that I have come across recently: IDC is predicting that by 2007 nearly 1 out of every 4 (23%) IT jobs in America will have been moved offshore and performed by non-US personnel.  For 2003 the figure is 5%. EDS, one of the largest technical services organizations in the world, is planning on cutting 5200 jobs in America and Europe next year while at the same time hiring 5800 new personnel in offshore locations like India, Brazil and Ireland. AOL recently admitted to opening an office in India to begin offshoring some of its development activities.  In the same breath, they announce...

So I trucked down to Su Casa for dinner tonight, as I often do when I'm flying solo for meals.  Lately that's been 3-5 times per week.  I just can't get enough of this place.  Just when I start getting bored with one thing, they bust out something completely new and mind-blowing, and I'm re-hooked.  When I get tired of carne guisada gordos, I switch to chicken ones with rice and jalapenos.  I think I may need an intervention soon. Anyway, I walked in and who did I see but former Mariner great Jay Buhner, having dinner there with his family.  Robert...

Microsoft has released the first Beta of Service Pack 2 for Windows XP.  I was not on the initial list of beta testers, but thanks to a friend of mine at Microsoft (who will remain anonymous, lest he gets swamped with similar requests for Beta membership), I am now.  I hope to get the CD in a few days so I can have a look. Then perhaps, as my friend suggested: “You can stop complaining”. We'll see.  My biggest fear right now is that ICF (or Windows Firewall, as it is now called) has been enhanced to the point of being immediately...

Comcast keeps sneaking new High-Definition channels into our lineup.  Not that I'm complaining! Last week it was NBC, today they added Fox and WB channels. And I finally convinced someone at Comcast that INHD and INHD2 were not pay-per-view or Spanish channels, so they lit those up for me as well.  And on INHD they played a show about a blind guy who climbed Mount Everest.  My friend Steve climbed Mount Everest at the same time this guy was doing it, a couple years ago now. And Steve is the one that told me about the new HD channels going live today. The obvious lesson...

I had an idea a couple days ago about an application that I think would just kill on a mobile device.  I mentioned it in passing to a team-mate of mine, and he said “You know, that's a really cool idea.  You should talk to this guy I know...” So I dropped an email to the guy, who happens to work in a more influential part of the organization than I do, explaining the simple concept. His reply back, just a minute later: “Dude, Rock and Roll.  THAT'S WHAT I'M TALKING ABOUT!!  Great idea.  [That technology] is the shiznit!  We should talk more.” The...

We got home at 4AM this morning after standing in line outside the theatre for an hour, then sitting through the 3.5 hour movie. Not that I'm complaining though, the movie was worth it.  I am a little disappointed in some of the things they left in, knowing some key elements they chose to cut out at the last minute, but Peter Jackson is the genius and I'm not, so I will let it slide.  I also felt the soundtrack was a little off in parts, like playing the Shire Theme in areas where drama was building.... it just didn't seem to...

(I spent the last 2 hours rewriting this entire article, save the first paragraph, thanks to the aforementioned failure of w.Bloggar's "Save" function. It's 2AM but at least I can sleep now.) If you thought the economy has been bad the past couple of years, you ain't seen nothing yet if you work in the high tech industry. I have to admit that nothing concerns me more today than the increasing exportation of US jobs to foreign workers who can do the same job for as little as 1/10th the cost. I remember back in my BSQUARE days when I learned that...

In my late-night diatribe about the H1-B and L1 visa programs being severely abused and used to replace American workers with imported ones, I failed to include links to a couple of current peices of legislation that are trying to address the issues I laid out:HR2702: HR-2702 would take several steps to address the huge holes in the L1 visa program. If you remember, there is currently no cap on the number of L1 visas that can be issued annually, like there is with the H1-B program. Also there is nothing requiring companies to pay a prevailing...

(Apologies to Dire Straits, but that quote from Industrial Disease seems very appropriate for the following story) So buried in last week's Ketchup Day post was a blurb about Dell rerouting some of its support calls back to the US after a number of complaints.  54% of Dell's employees now work outside the US, by the way. But to hear Dell's India operations tell it, that was a complete fabrication, and the work will continue to be performed by Indians.  Someone at Dell is lying. === In other offshoring news, I read a depressing article from the Boston Globe that quotes a Silicon Valley...

Unemployment rose in the Puget Sound region last month, according to a recent story in the Seattle Post-Intelligencer.  While unemployment state-wide is levelling off, the private sector (Washington's primary driver for new jobs) shed another 2000 jobs last month.  The article also discusses the ripple effect of having so many highly paid people out of work, and therefore not contributing to the local economy. === In related news, there is a new push by state lawmakers to deny contracts to companies who outsource that work to offshore entities.  Because of budgetary problems (thanks Tim Eyman), state agencies are increasingly awarding contracts to companies who operate offshore...

Prior to Saddam's capture last weekend, there had been a growing number of “Saddam Sightings” that were generally written off as the usual “Elvis Sightings” that are common when beating every bush for such a famous individual. When I heard that parked next to Saddam's little hideout was a motorcycle and a taxi, I was reminded of a blog entry a few weeks back by Zeyad, noting that more than one story involving Saddam in a taxi had been making the urban legend rounds. They were all written off as Elvis Sightings, and appropriately so in most cases.  But I thought it...

Tonight at 12:01AM, my wife and I will start watching the 3rd and final installment of the Lord of the Rings epic.  We got tickets last night on Fandango for the first showing in our local cineplex. I was commenting to friends a few days ago (we will be seeing Return of the King for a second time with them on Thursday night) how this feat will probably not be surpassed in our lifetimes.  I can't think of a fantasy epic that is so universally loved as Lord of the Rings, much less have it adapted so incredibly well to the...

After reading the explanation put out by Microsoft today regarding the address bar spoofing bug, where they explained how the end user should copy and paste the shortcut into Notepad to protect themselves instead of providing a damn patch, I decided to give up on Microsoft fixing Internet Explorer.  All hopes seem to rest on XP's Service Pack 2, so we're pretty much on our own until they ship that in 6 months. I have moved now to MyIE2, which has all the features of Internet Explorer, with the added bonus of being maintained and updated against new exploits as they come out. ...

Chris Pirillo did a very nice job detailing the changes going into Service Pack 2 for WindowsXP. All we have to do is hold our positions for 6 more months, people!

There are currently 20 known vulnerabilities in Internet Explorer that have gone unpatched.  Some have been known for nearly 2 years.  The list used to be maintained by Thor Larholm at Pivx, but they took it down for reasons that are still unclear (and often speculated about, seeing how Microsoft now appears on Pivx' client list).  Thor states that the page had “served its purpose“.  20 vulnerabilities still unpatched, Thor.  That doesn't spell “Mission Accomplished“ to me. These issues have gone unpatched because Microsoft considers them all “low risk”, and maybe individually most of them are.  However, thanks to diligent work by Lie...

One of the IE exploits Liu Die Yu announced in November, and Microsoft opted not to patch against in December, is one that allows a web site to upload an executable file to your computer and then execute it.  All the user must do is go to the malicious web site.  No other action is required to trigger the exploit. For a great (and harmless) demo of this issue, turn off your popup blocker and go here. Scary huh.

(apologies to Monty Python) I have been negligent in the reporting of my personal life, a fact that has gone without notice by all of my readers, I have noted.  Self-absorbed bastards. I want to tell you about the time Jessica and I drove out into the woods and (tree huggers, cover your ears) tree-napped a completely unsuspecting tree, strapped it atop the Liberty, dragged it home, and made it stand in the corner of our living room holding all manner of lights and shiny objects. Ahh, I remember it like it was last week.  Actually, it was last week.  Sunday, to be precise. The Plan was...

So this is the 3rd Christmas I will be celebrating in my house.  The first one did not count though, since I moved in a mere week prior to Christmas, and was so overwhelmed by the fact that someone allowed me to go THAT far into debt that I couldn't manage a proper Christmas.  I think I spent Christmas at Paula's house that year, if I recall correctly. Anyway, with this being only the second real Christmas I have experienced in a house of my own, I am quite the newbie when it comes to certain things.  Well, a great number...

OK, so it seems that everyone that tries OneNote falls in love with it. Except me. I tried it for a few weeks, and walked away with a “eh” feeling.  Nothing revolutionary, at least not for me.  Maybe I'm not the right kind of user?  I don't haul around a laptop or other electronic device to meetings, I take a simple notepad.  Is that where OneNote's paradigm breaks down?  Is it only really useful for people who take machines into meetings? Even when I'm sitting at my desk, and want to jot something down real quick, I find myself reaching for a post-it...

If you feel the need to ask why I have been posting random things about Iraq on my blog, I will repost a quote that I included in a blog entry from a couple days ago, regarding brave Iraqi blogger Zeyad: All it took was one person. Thanks to the Internet and weblogs -- and a little help from the community there -- it is possible for one man in a country just coming out from under dictatorship and war to speak to the world, to exercise free speech, to help spread that free speech, to report news, to make news,...

This would be funny if it wasn't true: The above cartoon is property of www.daybydaycartoon.com.  Sorry for jacking it, but you don't make it easy to link to a specific cartoon on your site. === In a related story, the New York Post published an editorial about the news brownout surrounding the anti-terror demonstrations.  The article, entitled “Media Vs. Hope” is a great commentary on the current bias in the media and how bloggers on the Internet are putting a huge-ass spotlight on that issue. And I think that's a really important story here.  The news media can no longer ignore important stories just because...

You'd never know it by the way the world press (including the US press) covers the Iraq situation, but there have been some very exciting developments there over the past couple of weeks: Today between 3,000 and 10,000 Iraqi citizens (depending upon which number you beleive) marched in Baghdad in denouncement of terrorism.  One official at the demonstration was quoted as saying “This is also a message of thanks to the coalition force for liberating Iraq from the dictator.“  Zeyad from the Healing Iraq blog was there, and took many pictures.  Omar, another Iraqi blogger, also covered the event.  Additional coverage can...

Due to the malicious code I had to use in order to demonstrate the newly-discovered Address Bar Spoofing issue, my RSS feed would not pass validation.  RSS feeds that do not pass validation are often not read by aggregators.  While the aggregator I use, FeedDemon, downloaded and displayed the post just fine, the aggregator 60% of my viewers use, FeedReader, displayed nothing.  Also, several sites automatically suspended bmonday(dot)com from their blogrolls because of the validation failure (thanks Jose Nazario at infosecdaily.net for emailing me about that issue). So, what I ended up doing was deleting the offending post and resubmitting it as a “story”...

As Dana pointed out, Microsoft today published their first Security Newsletter.  You can view it online here.

Yes, I know a huge browser flaw has been found this week.  I am working on a blog entry about it, but I want to wait until I update my Phishing Scam demo so I can demonstrate how devastating this issue can be, especially for targets of phishing scammers. In the meantime, you can read about the problem (and see if your browser is vulnerable) by going here.  The web site says it's an IE bug, but it was confirmed that Mozilla is also vulnerable to this issue.

The Holidays is traditionally a busy time for hacking activity.  One of the reasons is the fact that a lot of script kiddies have the holidays off from school, and have nothing better to do with their time than mucking with someone else's network, trying to score some credit cards to use for holiday shopping.  Then there is the fact that a lot of IT staffs are on vacation, or at least short-staffed, during this time of the year.  So that gives courage to the *real* hackers, who count on slipping unnoticed past the remaining over-worked staffers that emptied their vacation pool attending Oktoberfest. The combination...

A little bird told me that BSQUARE is moving closer to spinning off Power Handheld (Maui) as a separate company.  Nothing is finalized yet, it seems, but there was just a significant reorg at the top of the Maui food chain to prepare for such an event.  Bill has now assumed complete responsibility for the Maui effort, and Brian Deutsch and Andre Fournier now report directly to him. According to a recent SEC filing, BSQUARE is seeking alternative sources to continue funding the project.  That smells like a spin-off to me, but I've been predicting a spin-off for a few months now, ever...

If you were like me and missed the majority of the webcasts Microsoft did last week during Security Webcast Week, here's your chance to catch up. You can get on-demand replays of all the webcasts by going to the Security Webcast Week site and clicking on the session you want to see. I only caught one webcast last week, and saw 2 more so far in repeats, but they seem to have been very informative.

So Microsoft opted not to ship any patches this month.  Not because there was nothing to fix.  But because they weren't ready. This is a very dangerous game for Microsoft to be playing, for a number of reasons: Responsible Disclosure only works when the vendor is responsive about fixing the problems.  I will bet money that at least one of the researchers who have been working with Microsoft to get these vulnerabilities fixed will not wait another month before going public with the issue.  The reasoning will be something along the lines of “Microsoft needs to be reminded about what happens when they are slow with...

I am going to be doing some research on hostile web sites and I'm looking for some tools to use.  Basically, I want to set up a honeypot of sorts, that I can use to surf to various sites and find out if they are doing anything evil as a result. The goal is not to test a particular browser's ability to repel such attacks, the goal is to identify and capture the attacks (successful or not). I have some ideas of how to conduct this research, involving a mix of packet analysis, Snort and Tripwire-ish utilities, but that is looking like a huge...

I am playing around with a new web site stats package called SmarterStats Pro, which is free for a single site.  So far I like it, lots of really powerful reports. I took some time tonight to look at some stats on the site, and there was one chart in particular that really stood out. Have a look at this chart, which lists the top 10 User Agents for the month of November (the User Agent is the program my audience is using to access the web site.  Internet Explorer, for instance, is a user agent): Where do you think Internet Explorer lands on this list?  Would it surprise you to...

So Joat did notice that I voted him off the blogroll a few days back.  I thought my little site would be noise to him, and I was pretty surprised at the time he spent on the thoughtful reply he made to my post. Maybe I have been too hard on the guy.  He's been much more on topic lately, and has posted some valuable things.  And truth be told, I still visit his site every couple of days to see what his take is on certain things.  Maybe I can overlook his occasional snipes at Microsoft if he overlooks mine at...

We're in the midst of a fairly nasty windstorm here in Seattle, with winds gusting to 80MPH.  This is wreaking havoc on the power at the house, as well as the internet connection.  My UPS powers 5 systems, and can only sustain them for about 15 mins before it goes to lunch, so I make no warranties about the accessibility of the site while we weather this... uh, weather.

Patience is running out at the legislative level, it seems, for convincing companies to do the right thing with customer data. This has been an increasing number of comments coming out of various government agencies about the continued failures of corporate America to do the right thing when it comes to protecting consumer information, and protecting their networks from cyberattacks.  Scary comments, like "We are not going to let anybody who operates in this space dodge their responsibility, and I will be sticking my finger into people's chests to make sure they live up to their responsibilities." (Robert Liscouski, assistant secretary of...

One of the Security Webcast Week webcasts that I have been eagerly awaiting is the one entitled “Using the Microsoft Security Tools” that plays tomorrow (Thursday) morning.  This should be a great demonstration of how the varying tools are used together to implement (and audit) security on the Enterprise. It better be good too, because I'm dragging my lazy butt into the office at 8:00 AM to catch it :)

I've hinted in the past about Comcast's plans to provide Tivo/ReplayTV-like DVR technologies into their cable boxes, but I didn't realize they were going at it full bore. According to comments made by Comcast's CEO at the Western Cable Show in Anaheim, Comcast will start rolling out the new set-top box this month, and expects to make them available to 90% of their customers by the end of 2004.  No idea what the fee will be. This is HUGE.  The DVR that Comcast is going to be using is capable of recording HD content, which Tivo does not currently support. I can't freaking...

MSNBC is reporting on a new study that claims 30% of spam originates from hacked systems. Yep, I beleive it.  Actually I'm surprised the number is not higher. Spammers have increasingly relied upon the availability of hacked systems to obscure the source of their emails, especially as legislation seeks to penalize their spamming ways.  In fact, one of the growing concerns is the fact that a good number of recent viruses are engineered for specifically this purpose, to turn the infected system into a spam relay. And then there are smegheads like Send-Safe who make a business out of finding exposed spam relays...

I guess consumers are a bit surprised that Local Number Portability is not the bliss it was advertised.  Little things like handset incompatabilities and SIM locks are forcing customers to also buy a new handset, in addition to signing up for new long-term contracts.  By the way, the average new service contract went from 1 year to 2 years since LNP debuted a week and a half ago.  And you usually have to go the 2-year route if you want the devices for the cheap price. Seems like someone should have warned these people that LNP was an enormous fraud on consumers. I'd...

The SANS Institute is giving a free webcast on Wednesday about how to hack-proof your identity.  It will be conducted by Cisco's Director of Corporate Security, John Stewart.  Don't miss this one!

Just a reminder that Security Webcast Week starts today on Microsoft's Technet site.  Lots of good security information should be flowing at these webcasts, so don't miss them.