Archive | June 15, 2006

Bank of America outsources… Americans

Slashdot had a feeding frenzy over the weekend on reports that Bank of America IT personnel were required to train their outsourced replacements under the threat of losing their severance pay. It’s a sad situation, with overtones of racism and xenophobia, but strikes me as business as usual. When AIG closed the New Hampshire Insurance offices in Manchester in the early nineties, they hired an “outsourcing firm” (though they weren’t called that, back then) to take over essential functions as the office wound down, and all employees were expected to cooperate with the people replacing them (and interview for jobs with the firm), some of whom would have jobs for years. There were dozens of heart-breaking stories of people who had just moved to the area, bought houses, expecting families, folks who had just gotten bad health news, people weeks from vesting or retirement, all out on the street. That’s business. Soulless heartless beasts who need to have basic employee “rights” like family leave, reasonable notice of layoffs, COBRA and so forth. It’s no wonder that company loyalty is dead.

In the dot com era, many of the downsizings and closings required over-reaching non-disclosure agreements: essentially, you weren’t allowed to go to the media to talk about how the bozo VCs and their idiotic managers wasted millions of dollars with no attention to business fundamentals, dumping the employees on the streets after the bubble burst. These strong-arm tactics are nothing new. It’s business. The company has leverage; it uses it.

BoA seems to be taking this to a new level, though. A BusinessWeek Online article in January 2006:

Indeed, when Barbara J. Desoer became the bank’s chief technology, service, and fulfillment executive in 2001, the biggest complaint she heard from the myriad departments her technology team supported was that the IT staff “takes too long, costs too much, and [was] not on schedule enough.” … But by shifting some programming work offshore, BofA was able to convert itself into a 24-hour company. Programmers in California could hand off work overnight to colleagues in India, who handed it back off the next morning.

Sounds like piecework, not programming work.

There’s also the concern about moving account information worldwide: names, addresses, SSNs, account numbers are now shipped worldwide, left in the hands of people in other countries whose laws may not even be as strong as the US’s when it comes to the protection of identifying information. Not that the US is a paragon of virtue when it comes to protecting identity; quite the contrary, sadly.

For me, a bank is a convenient place to keep some money so I can send paper checks to accounts receivable and pay a purchase with a credit card. I rarely need international reach. And I’d like my bank to employ people locally, not at the far end of the globe. A huge corporation like BoA doesn’t offer me anything I can’t get at the local credit union. And money saved here is more likely to stay here.

Bank of America has been running a set of ads in the Boston area for the past two years, feel-good ads of how they are re-investing in their communities. I would much rather they re-invested in their communities by being a loyal employer than by contributing to a homeless shelter for ex-employees.

Deep fixes in Microsoft's monthly security bulletin

Microsoft shipped its monthly security updates, and these are not superficial patches, but deep fixes, likely with ramifications for everyone using these products. Anticipate serious perturbations to your systems if you are depending on the behavior of these applications as part of your customer solutions. Microsoft ships patched code it classifies as “Critical” for:

MS06-021 – Cumulative Security Update for Internet Explorer (916281): this is supposed to include patches addressing the ActiveX behaviors in the Eolas suit. This is a good time to abandon ActiveX controls and IE if you are still supporting them.

MS06-022 – Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

MS06-023 – Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344): JScript? Are they still making that?

MS06-024 – Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

MS06-025 – Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)

MS06-026 – Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

MS06-027 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)

MS06-028 – Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)

“Important,” perhaps less critical patches include:

MS06-029 – Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

MS06-030 – Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

MS06-032 – Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

One “Moderate” patch rounds out the bunch:

MS06-031 – Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736

In addition, MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) has been re-released as version 2.0 with new patching information.

It's the 24th week of the year, and Microsoft is up to 31 patches.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.