Risk Factor iconRisk Factor

What Does Microsoft Do With All That Error Data?

On a "good" day, some 50 gigabytes of error data flows into Microsoft, according to a story in today's Wall Street Journal (subscription required). Two dozen programmers pore over the data, looking for OS kernel and or application problems resulting from design flaws, programming, errors, resource conflicts, and other sorts of programmer and designer ingenuity.

Microsoft won't say where the majority of errors lie or who is at fault, nor give any details about how Vista, XP, Windows 98, Windows 95 all compare, which is too bad. Nor does Microsoft say how errors are prioritized for repair, and whether those two dozen programmers get any say. It also doesn't say how many 50 gigabyte days occur, either.

As I read the story, I got to wondering about those two dozen programmers who look over all the error data coming in. Do they get excited when a big day of error data hits? Do they take bets when the first 60 gigabyte day occurs, or the least busy day of the year is? Do they have a list of known but obscure errors, and then try to guess (err.. predict) when the first time it will show up? Is there a bell that gets rung when it does?

Also, is that position a stop on the way towards bigger and better things, or is it a career path all its own? Is there a title of Chief Error Guru? Do you move from a development team to this error discovery team, or vice versa? After being there awhile, you must get a pretty good education as to what not to do in developing applications or OS kernels. Are those lessons learned promulgated throughout the company and to others in the software community?

Anyone out there who knows, let me know. I'm curious about the dirty two-dozen.

New England Patriots Win Big - On Two Fronts

Having grown up in New England but now living in Virginia, it has been a mixed week for me in the world of sports. Boston College beat Virginia Tech last Thursday night in Blacksburg, Virginia, coming from 10 points behind in the last four minutes to win and keep their number 2 ranking in college football. Then yesterday afternoon, the New England Patriots crushed the Washington Redskins for their eighth win in a row to keep their perfect season hopes alive. (Oh yes, the Bosox won the World Series again last night - but at least they weren't playing the Washington Nationals.)

Anyway, it must be great to be a sports fan right now in New England, except maybe for some Patriot season ticket holders. You see, last year the Patriots sued StubHub! (which is owned by eBay and enables fans to buy and sell tickets to sporting, concert, theater and other live entertainment events, even those that are otherwise sold out) for its list of people who were using the site to resell their Patriot tickets. The Patriots allow season ticket holders to resell their tickets at face value on the team's website, but prohibit all other resales.

StubHub! fought hard against the lawsuit, claiming it violated customer privacy, was anti-competitive, etc., etc., but the company was recently ordered by a Massachusetts Superior Court judge to turn over to the Patriots the contact information of every person who used StubHub.com to sell, attempt to sell, buy, or attempt to buy a ticket to a Patriots home game from November 2002 to January 2007. It is estimated that 13,000 names have since been turned over.

The Patriots, have remained mum on what exactly they are going to do with the information now that they have it. However, the Massachusetts court judge said that the Patriots intended to use the identities of the purchasers and sellers not only for this case, but also for its own other allegedly legitimate uses, such as canceling season tickets of 'violators' or reporting to authorities those customers that they deem to be in violation of the Massachusetts anti-scalping law.

At this time, the Patriots will most likely make it deep into the NFL play-offs, and, if they continue to play as they have so far this season, they have a decent chance to repeat as Super Bowl champions.

I wonder if the Patriots are going to drop kick some of their season ticket holders before or after the playoffs.

Too Busy to Help the Poor and Sick In Connecticut

WellCare Health Plans Inc. of Connecticut appears to be too busy to fix a software bug that is harming low-income adult and children Medicaid patients, the Hartford Courant is reporting today. During the summer, WellCare and two other insurance companies, Anthem and HealthNet, were discovered "accidentally" sending pharmacists computer messages saying that a prescription was not covered when in fact what should have been sent was that the prescription required prior authorization from the insurer. By law, managed care organizations are required to cover all drugs that are approved by the federal Food and Drug Administration.

Anthem and HealthNet have already fixed the problem, but Wellcare says it can't do so until December 1st. Must be part of a larger WellCare software maintenance build, I guess. It may also be because the FBI, Department of Health and Human Services, and Florida Medicaid Fraud Control Unit raided the company's Tampa, Fla., headquarters last Wednesday.

Wellcare says "to the best of its knowledge" it knows of no one who has been denied coverage, but Connecticut Attorney General Richard Blumenthal said his office has credible and plausible reports that prescriptions have been denied.

The TJX Data Breach - The Gift Just Keeps on Giving

The Boston Globe reported this morning that the data breach at TJX affected 94 million customers, more than twice the number TJX had admitted to previously. According to the article:

"The data breach affected about 65 million Visa account numbers and about 29 million MasterCard numbers ...A Visa official also put fraud losses to banks and other institutions that issued the cards at between $68 million and $83 million on Visa accounts alone."

TJX claims its costs of the breach will remain about $256 million - although, given past history, I wouldn't place any bets.

I wonder how long ago TJX knew these "new" numbers, but "forgot" to let its investors (or customers) know.

BTW, the original hacker(s) have still not been caught.

If a Data Breach Occurs, But No One Reports It, Then ...

Government Executive magazine reported today that, "Federal agencies report an average of 30 incidents a day in which Americans' personally identifiable information is exposed, double the incidents reported early this summer."

The increase in the number was attributed by the US Office of Management and Budget (OMB) "to agencies conducting more thorough reporting on security breaches."

OMB also said not to worry, that only a small number actually "pose a significant risk to Americans' personal information."

That makes me feel much better. Only half of a small proportion of Federal government related significant data breaches have gone unreported.

Hear ye, Hear ye: Government Solves IT Project Problems

The US Office of Management and Budget (OMB) announced yesterday that "As of September 30, 2007, there were 134 business cases remaining on the Management Watch List, compared to 346 in February 2007 when the President released his FY2008 budget request, a decline of 61 percent over almost seven months."

This is truly amazing. Sixty-one percent of government IT projects on the OMB watch list, which indicates whether they are well-positioned to execute, all got better at the same time. One can only conclude that the government has found a new, secret breakthrough to manage IT project risk.

And just in time too, as a bunch of noisy Congressman have been calling for better management of government IT projects, and hinting that some should even be terminated.

Will OMB reveal the newly discovered secret sauce to IT project success, or is its disclosure putting national security at risk? Just think what it would mean to the US economy if suddenly 61% of all IT projects significantly improved their probability of success. It could even mean the end of IT outsourcing!

Who Owns You, Baby?

An interesting article was published in today's LA Times on a federally-funded identity-theft study performed by the Center for Identity Management and Information Protection (CIMIP) located at Utica College in New York. The study says that contrary to popular belief, about half of identity theft is performed by strangers, not family or acquaintances, as reported by others like Javelin Strategy & Research and ID Analytics. Both have strongly suggested (here and here) that on-line id theft was overblown, and that consumers shouldn't be worried about it.

Javelin said that the CIMIP study didn't contradict their work (which is funded by Visa USA, Wells Fargo & Co., and others with a vested interest in promoting on-line transactions) because the CIMIP study focused "on high-dollar cases" which would "more likely to involve businesses, strangers and technology" than their broad base of consumer victims reached through telephone surveys.

Okay, sure.

Anyway, I think it is going to take some time sorting out who is at risk by whom, but regardless, on-line or off, it isn't getting any safer out there.

SBInet or Bust

In the next ten days, Boeing plans to once again test its virtual border system SBInet. According to the AP:

"Boeing personnel who briefed federal officials 'sounded real optimistic' about the fixes, said Brad Benson, a U.S. Customs and Border Protection spokesman in Washington. 'I have talked to Border Patrol personnel, and they weren't quite that optimistic.' "

Don't you just love the suspense? Will Boeing succeed? If they do, will all be forgiven? If Boeing fails, will they be fired?

I'll let you know.

Deja Vu All Over Again

Last May, you may recall, TB patient Mr. Andrew Speaker flew back to the US from Europe over his doctorsâ'' objections, and was able to enter the US even though he was on a travelersâ'' watch list. To reduce the possibility of something like this happening again, US Custom and Border Protection officials said that they were putting new procedures in place.

Well, last week it was disclosed that a Mexican national with multi-drug-resistant tuberculosis boarded 11 flights, at least one to the United States and crossed the US border a total of 76 times. Customs and Border Protection (CBP) officials were warned on April 16 that this person was infected, but it took the Department of Homeland Security until June 7 to warn the inspectors on the border and the Transportation Security Administration to add this traveler to the travelers' watch list.

So there were actually two incidents, one highly publicized and one not, happening simultaneously. During the Speaker incident, DHS said that it was inexcusable what happened.

However, it is very clear that given the bad publicity of the Speaker case, senior DHS officials deliberately tried to keep this other traveler off the watch list until things quieted down a bit. The DHS, surprise, surprise, is not commenting on this latest "oops".

As I wrote before, I was skeptical that the Speaker incident would trigger a wider review of the limitations of the Custom and Border automated travelers' watch system as well as its systemic role in being able to manage the risks of travelers having infectious diseases. I guess I was more correct than I knew, unfortunately.

Back to the Future - 1984 Update

As I noted a while ago, over the past decade or so, the UK has been in a hurry to implement a 1984 society. A new Home Office and Association of Chief Police Officers' National Strategy report on CCTV cameras says that new video standards are needed, since the 4.2 million cameras now in use are not of sufficient quality to identify offenders, so are being used mostly to look for wayward motorists. In addition, there is an increasing proliferation of different types of video systems being used, which makes reviewing and sharing video information increasingly difficult. Furthermore, since no one knows where all the camera are looking, no one knows what and what is not being looked at.

To resolve these and other issues, the Home Office and Police want additional resources on top of the £200 million already spent to solve these problems and also to ensure that cameras cover all public space in the Britain. Bet people there can't wait.

Most Commented Posts

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Load More