Implementing Personal Kanban

A couple of months ago I discovered Kanban, a tool used in different manufacturing and development processes. Up until now I had the impression that Lean, Kanban, Just-In-Time was mostly for software development and building cars. No way it could be to any use for me as a person or Service Manager. How wrong I was. After some quick research I discovered multiple books, sites, articles and success stories where people used Kanban and other lean tools/processes to improve their work or personal life.

Everywhere I went online, people were mentioning a book by Jim Benson and Tonianne DeMaria Barry called ‘Personal Kanban‘. So we bought it to our company library. The book was great! Easy to read, down to earth examples and several ahaaa-moments. After some initial reading I started to implement kanban boards for things I needed to get done both at work and at home.
Before I have used a system of boring to-do lists and mindmaps to keep track of all my ideas and things that have to be done. Now, all of that have been transferred to kanban boards. Everything from planning my music projects to cleaning the house or grocery shopping.

The two main points of personal kanban is to visualize your work and limit your work-in-progress. With those two simple ideas you can accomplish a lot.

Visualize your work

This include setting up some kind of board and the scrutinizing work of getting all those to-do-things down on paper/screen to create your first backlog. It will probably be a lot, but don’t worry, good things come later on.

Create the board

Whether you use a whiteboard, a door or an electronic tool doesn’t matter. Use what you have and what fits your purpose. I prefer an electronic board which also have an iPhone app so I can update or add new ideas while not close to the board. On the other hand, a whiteboard gives another feel when you draw your board and move notes around.

Board layout

When you start out you probably want at least three columns:

Ready / Backlog: which is everything you want to get done
Doing / WIP: what you are doing right now
Done: what is done, completed, finito!

But as you go along this will probably change, more columns will be drawn, swim lanes might be added. Don’t be afraid to change your board as you go along, it’s part of the process. Some projects will use a simple board, others require a complex layout.
The picture below show one of our boards at work. A few weeks in we are still changing the layout at least weekly. And probably will do for some time until we have found the ‘perfect’ layout.

Kanban board

One of the Kanban boards at Basefarm

WIP Limit

Personal Kanban stress the importance of limiting your work in progress. Usually we try to do too many things at once instead of achieve a flow which will actually allow more things to be done in less time.

My own experience is that WIP limit relieves stress since, while I know my backlog might be massive, I only need to concentrate on what’s in my WIP/Doing column. When a task is done, I pick the next one on top of the queue. Well, it’s almost that simple but there is always some crisis or unforseen activities that pop up out of nowhere that need immediate attention. But I have discovered that those things are also easier to take care of since I know my WIP limit (which currently is 2) and I can complete the task before starting on the next one.

It is also an iterative process to check your backlog and prioritise the tasks in there. Before I used a common tool of prioritising my work, the Eisenhower matrix, but now I’m trying out another common approach, to always have the most important task at the top of the column. No tasks are equally important, there’s always a prioritisation done and one task is on top, the most important one. This can of course change, but it makes it easy for me to know what to do next. It’s the top one, right.

Pull!

When the board is done, the first backlog is established, it is time to get to work! The process is simple. Pull the first task from the backlog to your Doing column and start doing what is supposed to be accomplished. When the task is done, pull the next one. Depending on what WIP limit you decide you can handle you only juggle x many tasks at the same time.

Reflect

After some time you will have completed several tasks and it is time to look back and reflect how it went. This is an important step that usually is forgotten or skipped due to limited time or any other excuse you can come up with. But don’t. Take the time to reflect since it might give great results in evaluating if you have become more effective, what can be done to improve further, what kind of tasks should you focus on and what kind of tasks should you try to delegate and so on.

Next steps

After my initial tries with a kanban board I noticed it really worked for me and I put more and more things into kanban boards, the boards grew in complexity and size but still very simple for me to handle. My personal to-do board have a few more columns than Backlog/Doing/Done and my board for my music projects have several swim lanes, columns, categories and colours involved.

This was just a short introduction based on my own experience. I’m in no way an expert and did not cover much in this blog post. But with any luck you have got something out of it and might read more from other sources. Not surprisingly, I recommend the book ‘Personal Kanban‘ which covers what I have mentioned here in depth and then more.

In my next post I will take a quick look at different online kanban tools I have tried out. Soon on a blog near you.

50 million customers hit in LivingSocial hack

LivingSocial, the a deal-of-the-day website that features discounted gift certificates usable at local or national companies, has been hit by a cyber attack on their systems.
The information they were able to steal included names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. Credit card information was apparently not lost.
While the passwords were encrypted, it’s still recommended to change password immediately on LivingSocial, as well as any other sites where you’re using the same password.

Using the same password for different websites is a very bad idea, and you should avoid it as much as you can. Security tips regarding passwords can be found in our newsletter here: http://blog.basefarm.com/blog/2013/03/08/basefarm-sirt-newsletter-2013-03-08/

You can find more information on their website:
https://www.livingsocial.com/createpassword

Basefarm SIRT Newsletter 17

This week, Verizon released their Data Breach Investigations Report for 2013. Some interesting facts are that 92% of breaches were done by outsiders and that 76% of breaches were caused by intrusion due to weak or stolen credentials. A survey has also put light to 80% of small UK firms were victims of hacks last year, and DDoS gained popularity. The twitter account owned by the Associated Press caused a major drop in the US stock market when it announced that the White House had been bombed and that Obama had been hurt – all of which was untrue and was posted due to their Twitter account got compromised which shows the effect on society that a breached twitter account could have.

Top 5 Business Intelligence links
The Verizon Data Breach Investigations Report for 2013 – a must read!
8 in 10 small UK firms hacked last year – at £65k a pop
35% of businesses experienced a DDoS attack in 2012
2013 First Quarter Zero-Day Vulnerabilities
Escalation of Cyberattacks from North Korea

Top 5 Miscellaneous Security links
Caught in the System, Ex-Hacker Is Stalked by His Past
‘Aurora’ Cyber Attackers Were Really Running Counter-Intelligence
Hosting company Hostgator hacked, suspect arrested after being “rooted with his own rootkit”
Malware C&C Servers Found in 184 Countries
Collateral Damage Control of a Hacked Account

Vulnerabilities
High Risk WordPress Super Cache and W3 Total Cache vulnerability

High Risk WordPress Super Cache and W3 Total Cache vulnerability

A vulnerability for the very popular cache plugin “W3 Total Cache” has been made public. It’s advised that those who are using WordPress to check if they have this plugin – and if they have the latest version or not.
It turns out that this also affects WP Super Cache. Both of these account for about 6.5 million downloads, and about 90% of all installations running cache on their wordpress installations use either of these.
The issue comes with blogs that have comments enabled and aren’t using a third party system like Disqus.

To test if you’re affected you can add a comment like this:
<!–mfunc echo PHP_VERSION; –><!–/mfunc–>

This should, if you don’t have the latest version of WP Super Cache or W3 Total Cache, show the version of your PHP which means the installation can be exploited.

The W3 Total Cache plugin for WordPress is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server.
W3 Total Cache 0.9.2.8 is vulnerable. Other versions may also be affected.

More information:
http://www.securityfocus.com/bid/59316/discuss
http://wordpress.org/extend/plugins/wp-super-cache/changelog/

Basefarm SIRT Newsletter 16

Top headlines from this week include information regarding the wordpress attack that happened this week, along with tips on how to protect yourself against spear phishing attacks. There’s also some reminiscence about hacks in the past.

Top 5 links
Under the microscope: The bug that caught PayPal with its pants down
How hacking fixed the worst video game of all time
The WordPress Brute Force Attack Timeline
From US-CERT: Tips To Avoid Becoming A Victim Of Spear Phishing
Large scale malicious spam campaign exploiting Boston bombing

Vulnerabilities
Apple OS X – Java 2013-003 1.0 and Safari 6.0.4
Oracle Patch Update April 2013
WordPress sites targeted by brute-force botnet attack

Board Game Evening with [d0x3d!]

A couple of times each year, a couple of friends at Basefarm run small board game evenings in the office where we play various games from Settlers, Carcassonne, The Resistance, Talisman and other games.
This time though we found a game that we had not played in the past, and it was an open-source board game called [d0x3d!]. You can either print the manual and cards yourself, or order a pre-printed version.

[d0x3d!] is a board game designed to introduce a diverse body of students to network security terminology, attack & defend mechanics, and basic computer security constructs.

The game has its strenght not with the actual game play (in my opinion), but with the talk about real life threats that comes up while playing. Discussions such as best practices for network topology, current zero-day exploits, and how to protect oneself and applications in the best manner were on the table.

hm

More information:
http://d0x3d.com

Apple OS X – Java 2013-003 1.0 and Safari 6.0.4

Apple have released updates for Java and Safari. These are security updates, so users are advised to update as soon as possible by going to “Software Update”.

More information:
http://support.apple.com/kb/HT5682
http://support.apple.com/kb/HT5678

Oracle Patch Update April 2013

Oracle has released patch information for their April 2013 updates. This contains 128 security patches, with a lot of them being critical and for Java! Because of this, we advice users to update their applications as soon as possible!

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
Oracle Database 11g Release 1, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Oracle Application Express, versions prior to 4.2.1
Oracle Containers for J2EE, version 10.1.3.5
Oracle COREid Access, version 10.1.4.3
Oracle GoldenGate Veridata, version 3.0.0.11
Oracle HTTP Server, versions 10.1.3.5.0, 11.1.1.5.0, 11.1.1.6.0
Oracle JRockit, versions R27.7.4 and earlier, R28.2.6 and earlier
Oracle Outside In Technology, versions 8.3.7, 8.4.0
Oracle WebCenter Capture, version 10.1.3.5.1
Oracle WebCenter Content, versions 10.1.3.5.1, 11.1.1.6.0
Oracle WebCenter Interaction, versions 6.5.1, 10.3.3.0
Oracle WebCenter Sites, versions 7.6.2, 11.1.1.6.0, 11.1.1.6.1
Oracle WebLogic Server, versions 10.0.2, 10.3.5, 10.3.6, 12.1.1
Oracle Web Services Manager, version 11.1.1.6
Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3
Oracle E-Business Suite Release 11i, version 11.5.10.2
Oracle Agile EDM, versions 6.1.1.0, 6.1.2.0, 6.1.2.2
Oracle Transportation Management, versions 5.5.05, 6.2
Oracle PeopleSoft HRMS, version 9.1
Oracle PeopleSoft PeopleTools, versions 8.51, 8.52, 8.53
Oracle Siebel CRM, versions 8.1.1, 8.2.2
Oracle Clinical Remote Data Capture Option, versions 4.6.0, 4.6.6
Oracle Retail Central Office, versions 13.1, 13.2, 13.3, 13.4
Oracle Retail Integration Bus, versions 13.0, 13.1, 13.2
Oracle FLEXCUBE Direct Banking, versions 2.8.0 – 12.0.1
Primavera P6 Enterprise Project Portfolio Management, versions 7.0, 8.1, 8.2
Oracle and Sun Systems Product Suite
Oracle Sun Middleware Products
Oracle MySQL Server, versions 5.1, 5.5, 5.6
Oracle Automatic Service Request, versions prior to 4.3.2

More information: http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

WordPress sites targeted by brute-force botnet attack

There is a botnet consisting of more than 90 000 hosts crawling and brute-force attacking (using the following list: https://krebsonsecurity.com/wp-content/uploads/2013/04/WPpasslist.txt) WordPress installations. Because of this, it’s important that you make sure your WordPress installation is secure.

We strongly advise all users to delete the “admin” account after adding another administrator, adding 2-factor authentication such as http://wordpress.org/extend/plugins/google-authenticator/ and have a look at http://codex.wordpress.org/Hardening_WordPress.

On top of that is the obvious to make sure you have your WordPress Core and Plugins up to date.

More information: http://www.us-cert.gov/ncas/current-activity/2013/04/15/WordPress-Sites-Targeted-Mass-Brute-force-Botnet-Attack

Basefarm SIRT newsletter Week 15

Top headlines from this week include how hackers have infiltrated the network of more than 35 MMORPG developers, cyber attack statistics for March (DDoS being the top attack) and how Google has managed to detect 99 percent of malicious executables downloaded by users – which outperforms antivirus services.

Top 5 links
Gaming Company Certificates Stolen and Used to Attack Activists, Others
Meet the hackers who sell spies the tools to crack your pc and get paid six figure fees
March 2013 Cyber Attacks Statistics
Phoenix Exploit Kit Author Arrested In Russia?
Google Uses Reputation To Detect Malicious Downloads

Vulnerabilities
Security updates available for Adobe Flash Player, ColdFusion and Shockwave Player
Microsoft Patch Tuesday April 2013