Microsoft, Please Open Source Windows XP

The day is now upon us. After a nearly 13 year affair, marked by manic periods of love and hate, we now face the inevitable conclusion of our relationship with Windows XP. We knew that our time together was only temporary, and many are applauding the end of an era that was probably several years past its prime. As much as I appreciated the time that Microsoft granted us, I recognize that it’s time to move on.

My acceptance aside, I believe that many others are forced to remain in denial. Consider that some reports continue to pin XP usage at anywhere from 10% to nearly 30% of all desktop systems. Combine these statistics with reports that 95% of all ATMs, many medical devices and cash registers run Windows XP. I’m not one to succumb to FUD (Fear, Uncertainty, and Doubt), but the numbers imply that we face a potentially catastrophic security condition once Microsoft ceases its support for the operating system. How many vulnerabilities are hiding out there, their hacker benefactors giddy as they wait for Microsoft to cease providing security patches for XP computers? I suspect that we’ll find out soon.

Microsoft can help by making the XP operating system core available as open source software. I think that it should.

The Mobile Security Failure

Mobile has substantially changed the security update landscape, driven in part by evolving consumer expectations that champion frequent, minor enhancements over stability and security. I first discussed the defect acceptance trend in 2012 as a way to explain how software companies have been able distribute flawed software while also handing responsibility for maintaining that software to the consumer. In the two years since, accelerated use of mobile, and by extension cloud, applications has worsened the trend by limiting end-user control and forcing the consumer to accept unwanted feature changes to receive security updates. Not only must consumers accept flawed software, they must now also trade flexibility for some semblance of protection.

I’ve recently had three operating system software updates that each provide new perspective on how software maintenance has changed over the last decade. I’ll take a look at how those changes reflect new cost to consumers.

Identity Theft: Be Prepared for the Long Haul

Nearly a month after first detecting a potential identity theft when reviewing my credit reports, I’m frustrated by the lack of progress despite my efforts. A recent email from Experian, the credit bureau that seems to be the source of my problems, highlighted the company’s refusal to remove what I believe is the root cause record on my report. Just when I thought I was entering the final phase of cleaning up my credit report, I came to realize that I’m probably just getting through an early chapter in what will be a much longer story.

Identity Theft: Proof that Life is not Fair

I spent a weekend fuming over the fact that my credit reports from two bureaus showed a fraudulent collection from Dish Network and several personal information entries that listed names, addresses, and phone numbers on my report that were not mine. There were several possibilities for the entries: 1) The bureaus screwed up; 2) Someone fat-fingered my social security number when providing credit for Dish Network service; 3) Someone had fraudulently used my social security number. No matter how little control I had over the initial event, if I wanted clean credit reports, I knew that no one was going to help me out.

Identity Theft: Guilty Until Proven Innocent

“What is your identity?” It’s more than just an existential question, it’s a question that you need to ask yourself when addressing a potential identity theft situation. To be more precise, you have to ask yourself, “What is it that identifies you?” To begin the recovery process once you detect an identity theft, something that I discussed recently in relation to my own issue, you have to be able to provide documentation that assures everyone involved that you are who you say that you are. Perhaps even more important is the inverse, that you need to be able to show that you aren’t who you say you aren’t.

Federal Contracting Part 4: Intervention and Rehab

The challenge faced by HHS and CGI Federal to build Healthcare.gov were exceptional. They attempted to tackle an extremely complex data integration and communications platform in the relatively short timeframe of just under two years. Even without the highly charged political environment that hovered over the project, threatening to rain down at every moment, I would consider the project to be as ambitious as any government IT project has been. Add to that the directives and regulations that the project had to be managed against and I would have though initial success to have been an improbable expectation.

A Victim of Identity Theft?

I believe that I am the victim of identity theft.

At first, I didn’t think much of it. Perhaps my understanding of how personal data flows and security drove me to discount what it was I was seeing as “really no big deal.” Or, maybe I have become so cynical about how the definition of identity theft has expanded to include acts that I wouldn’t naturally consider a “theft” that I disregarded the event. Whatever the root cause of my denial, I’ve moved on. It’s time to deal with the problem and I plan to share my experiences every step of the way.