2009-06-29

who's to blame?

http://thedailywtf.com/Articles/Death-by-Delete.aspx

interesting story.  I don't know how many readers I have (or still have, after that article on MBAs and ethics ;-) but I'm torn as to whom to blame for this.

Opinions?

2009-06-28

what are they all mourning?

I find it hard to digest all this mourning for Michael Jackson.  The "King of Pop" with the pulse-pounding beats and act died long ago; the person who died on Friday was no more than a shadow of his former self, and a dark, dangerous, shadow at that.  Mentally unstable, physically ravaged, and accused of probably the worst sort of crimes that a parent can imagine, I am so happy that my two children hardly know who he is.

Humans tend to hang on to their idols long after the idols have been found wanting.  Until we stop doing that, celebrities will continue to get away with murder, at least figuratively, if not literally.

2009-06-19

Re your column on "Courtesy crisis at workplace"

Dear Mr Banerjee,

I read your column in today's DC, Hyderabad edition.  I normally don't bother writing letters to editors or columnists, but there are some things I have strong feelings about, and then I have to.  I have no idea if there is any scope in your column for you to print your reader's comments, but that is upto you.

Linking the failure of Lehman or AIG with the informal culture of a US company, and conversely the success of the Tatas and Birlas with the opposite, is naive, to say the least.  Correlation does not, as they say, imply causation.

The correct causation for your examples is simple: all the failed companies you mention have ethics problems at the top.  All of them are run by MBAs who have been taught a badly skewed value system, one which maximises either their own, or their company's, worth in purely monetary terms.  I do not believe MBAs are even taught the basics of ethics or morality.  It's just not one of their priorities.  How else can we explain the dean of ISB brazenly voting for something that an average man on the street could easily see was unethical!

[You may wish to read http://www.timesonline.co.uk/tol/news/uk/education/article5821706.ece -- though it is directed at Harvard, I suspect most B-schools are the same anyway]

In contrast, if you take the people you've named (Tatas, Birlas, etc)., they all have a highly developed sense of ethics at the top levels, even a sense of "ownership".  Perhaps it comes from the fact that the firm carries their name!  Similarly, the old guard at Lehman would have had the same values too.  But they have long since given way, (due to pressures on the "Street" perhaps?) to the MBA crowd.  With the results we all see today.

Of course, it is certainly true that "old guard" people also tend to be more formal, that is quite a different matter entirely.

Warm regards,

Sitaram

PS: I work for a large IT company, I have nearly 23 years of experience, and I insist that everyone, even the freshers, call me Sita or Sitaram.  And I don't like people who insist on being called "Sir" or "Mr ..." or whatever.  It means their notion of "respect" is very shallow, and (often enough), also that they lack the ability to actually earn my respect anyway.

Of course, this means I have to work a little harder to uphold my dignity and authority.  Once in a while someone will mistake my attitude for weakness and take liberties, or cross some other invisible line, and will need to be pushed back firmly.  I have to be constantly on the watch for such issues.

Why then do I do this?  Would it not be better to "act my age"?  After all, some of my team members are barely a few years older than my son!

Because it helps them open up.  Even in a formal meeting, being able to call me Sita gives them just that extra bit of confidence to tell me what they really think of something I am proposing, or seconding.  It helps them say "Sita, I don't think that would work".  It gets them asking just that one extra question that tells me something is wrong, or has been misunderstood, or points to a problem the project will have way down the line.  In short, it gets me feedback I'd never have got otherwise, or would have to guess at from other signals or behaviour.

And yes, I have gone drinking with people who report to me and are very junior to me.  It's not that difficult to be one of the lads without all the negative fallout you seem to impute to it.  You just have to be fair, honest, and firm.

2009-06-11

Malware Steals ATM Data

...all you Linux people think you're safe from us?

MUA-HA-HA-HA!

via Schneier on Security by schneier on 6/10/09

One of the risks of using a commercial OS for embedded systems like ATM machines: it's easier to write malware against it:

The report does not detail how the ATMs are infected, but it seems likely that the malware is encoded on a card that can be inserted in an ATM card reader to mount a buffer overflow attack. The machine is compromised by replacing the isadmin.exe file to infect the system.

The malicious isadmin.exe program then uses the Windows API to install the functional attack code by replacing a system file called lsass.exe in the C:\WINDOWS directory.

Once the malicious lsass.exe program is installed, it collects users account numbers and PIN codes and waits for a human controller to insert a specially crafted control card to take over the ATM.

After the ATM is put under control of a human attacker, they can perform various functions, including harvesting the purloined data or even ejecting the cash box.