Implementing Personal Kanban

A couple of months ago I discovered Kanban, a tool used in different manufacturing and development processes. Up until now I had the impression that Lean, Kanban, Just-In-Time was mostly for software development and building cars. No way it could be to any use for me as a person or Service Manager. How wrong I was. After some quick research I discovered multiple books, sites, articles and success stories where people used Kanban and other lean tools/processes to improve their work or personal life.

Everywhere I went online, people were mentioning a book by Jim Benson and Tonianne DeMaria Barry called ‘Personal Kanban‘. So we bought it to our company library. The book was great! Easy to read, down to earth examples and several ahaaa-moments. After some initial reading I started to implement kanban boards for things I needed to get done both at work and at home.
Before I have used a system of boring to-do lists and mindmaps to keep track of all my ideas and things that have to be done. Now, all of that have been transferred to kanban boards. Everything from planning my music projects to cleaning the house or grocery shopping.

The two main points of personal kanban is to visualize your work and limit your work-in-progress. With those two simple ideas you can accomplish a lot.

Visualize your work

This include setting up some kind of board and the scrutinizing work of getting all those to-do-things down on paper/screen to create your first backlog. It will probably be a lot, but don’t worry, good things come later on.

Create the board

Whether you use a whiteboard, a door or an electronic tool doesn’t matter. Use what you have and what fits your purpose. I prefer an electronic board which also have an iPhone app so I can update or add new ideas while not close to the board. On the other hand, a whiteboard gives another feel when you draw your board and move notes around.

Board layout

When you start out you probably want at least three columns:

Ready / Backlog: which is everything you want to get done
Doing / WIP: what you are doing right now
Done: what is done, completed, finito!

But as you go along this will probably change, more columns will be drawn, swim lanes might be added. Don’t be afraid to change your board as you go along, it’s part of the process. Some projects will use a simple board, others require a complex layout.
The picture below show one of our boards at work. A few weeks in we are still changing the layout at least weekly. And probably will do for some time until we have found the ‘perfect’ layout.

Kanban board

One of the Kanban boards at Basefarm

WIP Limit

Personal Kanban stress the importance of limiting your work in progress. Usually we try to do too many things at once instead of achieve a flow which will actually allow more things to be done in less time.

My own experience is that WIP limit relieves stress since, while I know my backlog might be massive, I only need to concentrate on what’s in my WIP/Doing column. When a task is done, I pick the next one on top of the queue. Well, it’s almost that simple but there is always some crisis or unforseen activities that pop up out of nowhere that need immediate attention. But I have discovered that those things are also easier to take care of since I know my WIP limit (which currently is 2) and I can complete the task before starting on the next one.

It is also an iterative process to check your backlog and prioritise the tasks in there. Before I used a common tool of prioritising my work, the Eisenhower matrix, but now I’m trying out another common approach, to always have the most important task at the top of the column. No tasks are equally important, there’s always a prioritisation done and one task is on top, the most important one. This can of course change, but it makes it easy for me to know what to do next. It’s the top one, right.

Pull!

When the board is done, the first backlog is established, it is time to get to work! The process is simple. Pull the first task from the backlog to your Doing column and start doing what is supposed to be accomplished. When the task is done, pull the next one. Depending on what WIP limit you decide you can handle you only juggle x many tasks at the same time.

Reflect

After some time you will have completed several tasks and it is time to look back and reflect how it went. This is an important step that usually is forgotten or skipped due to limited time or any other excuse you can come up with. But don’t. Take the time to reflect since it might give great results in evaluating if you have become more effective, what can be done to improve further, what kind of tasks should you focus on and what kind of tasks should you try to delegate and so on.

Next steps

After my initial tries with a kanban board I noticed it really worked for me and I put more and more things into kanban boards, the boards grew in complexity and size but still very simple for me to handle. My personal to-do board have a few more columns than Backlog/Doing/Done and my board for my music projects have several swim lanes, columns, categories and colours involved.

This was just a short introduction based on my own experience. I’m in no way an expert and did not cover much in this blog post. But with any luck you have got something out of it and might read more from other sources. Not surprisingly, I recommend the book ‘Personal Kanban‘ which covers what I have mentioned here in depth and then more.

In my next post I will take a quick look at different online kanban tools I have tried out. Soon on a blog near you.

50 million customers hit in LivingSocial hack

LivingSocial, the a deal-of-the-day website that features discounted gift certificates usable at local or national companies, has been hit by a cyber attack on their systems.
The information they were able to steal included names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. Credit card information was apparently not lost.
While the passwords were encrypted, it’s still recommended to change password immediately on LivingSocial, as well as any other sites where you’re using the same password.

Using the same password for different websites is a very bad idea, and you should avoid it as much as you can. Security tips regarding passwords can be found in our newsletter here: http://blog.basefarm.com/blog/2013/03/08/basefarm-sirt-newsletter-2013-03-08/

You can find more information on their website:
https://www.livingsocial.com/createpassword

Basefarm SIRT Newsletter 17

This week, Verizon released their Data Breach Investigations Report for 2013. Some interesting facts are that 92% of breaches were done by outsiders and that 76% of breaches were caused by intrusion due to weak or stolen credentials. A survey has also put light to 80% of small UK firms were victims of hacks last year, and DDoS gained popularity. The twitter account owned by the Associated Press caused a major drop in the US stock market when it announced that the White House had been bombed and that Obama had been hurt – all of which was untrue and was posted due to their Twitter account got compromised which shows the effect on society that a breached twitter account could have.

Top 5 Business Intelligence links
The Verizon Data Breach Investigations Report for 2013 – a must read!
8 in 10 small UK firms hacked last year – at £65k a pop
35% of businesses experienced a DDoS attack in 2012
2013 First Quarter Zero-Day Vulnerabilities
Escalation of Cyberattacks from North Korea

Top 5 Miscellaneous Security links
Caught in the System, Ex-Hacker Is Stalked by His Past
‘Aurora’ Cyber Attackers Were Really Running Counter-Intelligence
Hosting company Hostgator hacked, suspect arrested after being “rooted with his own rootkit”
Malware C&C Servers Found in 184 Countries
Collateral Damage Control of a Hacked Account

Vulnerabilities
High Risk WordPress Super Cache and W3 Total Cache vulnerability

High Risk WordPress Super Cache and W3 Total Cache vulnerability

A vulnerability for the very popular cache plugin “W3 Total Cache” has been made public. It’s advised that those who are using WordPress to check if they have this plugin – and if they have the latest version or not.
It turns out that this also affects WP Super Cache. Both of these account for about 6.5 million downloads, and about 90% of all installations running cache on their wordpress installations use either of these.
The issue comes with blogs that have comments enabled and aren’t using a third party system like Disqus.

To test if you’re affected you can add a comment like this:
<!–mfunc echo PHP_VERSION; –><!–/mfunc–>

This should, if you don’t have the latest version of WP Super Cache or W3 Total Cache, show the version of your PHP which means the installation can be exploited.

The W3 Total Cache plugin for WordPress is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server.
W3 Total Cache 0.9.2.8 is vulnerable. Other versions may also be affected.

More information:
http://www.securityfocus.com/bid/59316/discuss
http://wordpress.org/extend/plugins/wp-super-cache/changelog/

Basefarm SIRT Newsletter 16

Top headlines from this week include information regarding the wordpress attack that happened this week, along with tips on how to protect yourself against spear phishing attacks. There’s also some reminiscence about hacks in the past.

Top 5 links
Under the microscope: The bug that caught PayPal with its pants down
How hacking fixed the worst video game of all time
The WordPress Brute Force Attack Timeline
From US-CERT: Tips To Avoid Becoming A Victim Of Spear Phishing
Large scale malicious spam campaign exploiting Boston bombing

Vulnerabilities
Apple OS X – Java 2013-003 1.0 and Safari 6.0.4
Oracle Patch Update April 2013
WordPress sites targeted by brute-force botnet attack

Board Game Evening with [d0x3d!]

A couple of times each year, a couple of friends at Basefarm run small board game evenings in the office where we play various games from Settlers, Carcassonne, The Resistance, Talisman and other games.
This time though we found a game that we had not played in the past, and it was an open-source board game called [d0x3d!]. You can either print the manual and cards yourself, or order a pre-printed version.

[d0x3d!] is a board game designed to introduce a diverse body of students to network security terminology, attack & defend mechanics, and basic computer security constructs.

The game has its strenght not with the actual game play (in my opinion), but with the talk about real life threats that comes up while playing. Discussions such as best practices for network topology, current zero-day exploits, and how to protect oneself and applications in the best manner were on the table.

hm

More information:
http://d0x3d.com

How to SSH into a VirtualBox Linux guest from your host machine

This small guide will show some easy steps of how to ssh into a VirtualBox guest os from your host machine.

The guide below assumes you already have a machine created, if you have not done so then skim through the guide and do the steps at the creation of the machine and the result will be the same.

This guide is based on a Fedora 18 virtual machine and should work on any other Linux operating system, the locations and commands I use might be different if you use a non red hat based system.

Step 1: Stop your VirtualBox machine
Not much to explain here – stop your virtual machine as the change would require a restart of the os.

If you use VirtualBox on a Mac OS system you first have to create a secondary adapter in the main VirtualBox setting, if you use windows you can just continue with step 2.

Step 2: Go to the settings of your machine
Right click your virtual machine and choose “Settings” alternative click on the machine and press ctrl+s.

Step 3: Click on the network tab
Just have a look at the picture below if you are lost.

Step 4: Fill in the “Adapter 2” information
We will now make it so that the os has a secondary network card that connects to your host only.
All you have to do is make Adapter 2 look like the picture below, if you already use multiple network cards you can simply use Adapter 3 or 4, this is no problem at all.

Step 5: Start your machine
If you did step 4 correctly you can simply start your machine and wait for your linux host to get started.

Step 6: Find your ip information
In order to ssh into your machine we would need to find the ip information, please run one of the following commands: “ifconfig” or “ip addr”.
$ ip addr

You should then see something like this:

If you look at my example the ip address you need is the bottom one “192.168.56.102” ofcourse this can differ for everyone and there is no way to know your setup so just try the ip addresses you will see and one will work :).

Step 7: Test you can SSH into your virtualbox machine (from your real pc)
Go to your own Linux or Windows machine and start a terminal or Putty and do the following:
$ ssh root@192.168.56.102

Congratulations you can now ssh into your own virtualbox machine from you pc! 🙂 I told you it was easy.

**extra steps** (not necessarily needed)
I think it is not fun at all to find the ip address of your virtual-box, unfortunately if you use DHCP you have no choice to look up your ip every time again, however you could simply give your machine a static ip address and to make it even more easy give this IP a name in your host file.

Nice talking but how would you actually do this? Well have a look below.
Extra Step 1: Find your ip information and network card name.
If you already forgot your ip information then once again find it with “ifconfig” or “ip addr”.
$ ifconfig

Like I explained above you should see something like this:

In this case my network card is called “p7p1” and my ip address is “192.168.56.102”.
(if you do not have ifconfig you can install it with: “sudo yum install net-tools”)

Extra Step 2: open you network card configuration file
$ vi /etc/sysconfig/network-scripts/ifcfg-p7p1

Again have a good look as the vi link above difference of course for you cards name.

Extra Step 3: Change your network card to static ip
In your configuration file add the following or change it (please use your ip information ofcourse).

BOOTPROTO=static
IPADDR=192.168.56.102
NETMASK=255.255.255.0

My file looks as following:

Extra Step 4: Restart your network service
$ systemctl restart network.service

So now that you have a static ip address you can always ssh to that machine! easy enough but now lets make it a little bit more easy and create a name for your ip address.

Extra Step 5: Open your host file (from your real pc not virtualbox)
Fedora 18: (or mac os)
$ vi /etc/hosts
Windows 8:
notepad C:\Windows\System32\Drivers\etc\hosts

Extra Step 6: add your ip and give it a name (from your real pc not virtualbox)

192.168.56.102 vb2

My hostfile for example looks as following:

Right now you could for example ssh into you machine like this:
$ ssh root@vb2

I hope you found it interesting to read. If you have some tips or suggestions of how to do this easier feel free to give a reply and I’ll update the guide with any helpful information.

Apple OS X – Java 2013-003 1.0 and Safari 6.0.4

Apple have released updates for Java and Safari. These are security updates, so users are advised to update as soon as possible by going to “Software Update”.

More information:
http://support.apple.com/kb/HT5682
http://support.apple.com/kb/HT5678

Oracle Patch Update April 2013

Oracle has released patch information for their April 2013 updates. This contains 128 security patches, with a lot of them being critical and for Java! Because of this, we advice users to update their applications as soon as possible!

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Application Express, versions prior to 4.2.1
Oracle Containers for J2EE, version 10.1.3.5
Oracle COREid Access, version 10.1.4.3
Oracle GoldenGate Veridata, version 3.0.0.11
Oracle HTTP Server, versions 10.1.3.5.0, 11.1.1.5.0, 11.1.1.6.0
Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier
Oracle Outside In Technology, versions 8.3.7, 8.4.0
Oracle WebCenter Capture, version 10.1.3.5.1
Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0
Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0
Oracle WebCenter Sites, versions 7.6.2, 11.1.1.6.0, 11.1.1.6.1
Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1
Oracle Web Services Manager, version 11.1.1.6
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile EDM, versions 6.1.1.0, 6.1.2.0, 6.1.2.2
Oracle Transportation Management, versions 5.5.05, 6.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6
Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4
Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
Oracle FLEXCUBE Direct Banking, versions 2.8.0 – 12.0.1
Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2
Oracle and Sun Systems Product Suite
Oracle Sun Middleware Products
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle Automatic Service Request, versions prior to 4.3.2

More information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

WordPress sites targeted by brute-force botnet attack

There is a botnet consisting of more than 90 000 hosts crawling and brute-force attacking (using the following list: https://krebsonsecurity.com/wp-content/uploads/2013/04/WPpasslist.txt) WordPress installations. Because of this, it’s important that you make sure your WordPress installation is secure.

We strongly advise all users to delete the “admin” account after adding another administrator, adding 2-factor authentication such as http://wordpress.org/extend/plugins/google-authenticator/ and have a look at http://codex.wordpress.org/Hardening_WordPress.

On top of that is the obvious to make sure you have your WordPress Core and Plugins up to date.

More information: http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-Targeted-Mass-Brute-force-Botnet-Attack