Tuesday, December 08, 2009

Jim Rohn Has Left the Building

It was with sadness I learned of the passing this past weekend of a man that had a great influence on my life, Jim Rohn. Most technical people have never heard of Mr. Rohn, but he was a giant in the field of personal development. Jim was the picture of heath until a couple of years ago when he was diagnosed with pulmonary fibrosis. He was 79.

As not only a software tester, but a business owner, I learned early on that I had to learn about what it means to be successful in business. Not in a greedy way, but in a way that helps others. Mr. Rohn taught me how to do that.

I'm not a believer in "The Secret" - the idea that you attract the things that come into your life - good and bad. (I do believe we can attract certain things by what we do, but that's different.) Anyway, I did have an experience that was amazing in the realm of goals.

I started Rice Consulting back in 1990 with no idea of where it would lead or even if it would be successful. I just knew that very few consultants and trainers specialized in testing at that time.

Before long, I realized my business lacked direction and control, so I started looking for how to get that positive direction. One resource I found was a tape set called "The Art of Exceptional Living" by Jim Rohn. I listened to those tapes at least a dozen times while I would be on walks, driving, etc. In fact, I still listen to them on occasion.

I thought, "I would sure like to meet Mr. Rohn in person one day." Then, amazingly about six months later he came to Oklahoma City to present a half-day session on The Seasons of Life. I bought the VIP ticket so I could attend a pre-event reception. I remember like yesterday seeing Mr. Rohn standing at the side of the room with no one else around, so I introduced myself and asked if it was OK to ask a question. He graciously said, "Of course."

I asked Mr. Rohn a question I would not have asked anyone else because I knew he came from the same spiritual perspective as me. "Do you think it is possible to be too rich?" I asked.

He paused, pursed his lips and said, "Well...let me see...Is it possible to be too happy? Or too healthy? Or have too many good relationships? No...I don't think you can be too rich."

Now, context is important here. I had heard Jim's teaching on "enlighted wealth" where it's not the accumulation of prosperity for the sake of ourselves, so I knew he was not advocating wealth at any cost. I was just curious because of my lower middle class background and past spiritual teachings.

Since then, I have heard him say that humans are the only creatures that place limits on their own growth. So, it would be like asking, "Can a tree grow too tall?"

Jim was the person that taught me the importance of communication and how ideas are conveyed. He also taught me that it's possible to create something tangible from something intangible, like an idea.

Jim touched millions of people around the world. If you would like to see the tributes, there are many at http://tribute.jimrohn.com/. There are also some video clips there of his teaching. If you are inspired and want to go deeper, I highly recommend "The Art of Exceptional Living (abridged version)" or full version as a starting point.

Jim Rohn will be missed, but he left a legacy of teaching that will endure for a long, long time. I know he is in a better place.

Tuesday, November 24, 2009

Back in the USA, Flu and all

Hi Folks,

It's good to be back in the USA. The courses in Rome went very well. It's always fun and the people are super, but also a challenging adjustment to be teaching from 2 a.m. to 10 a.m. body time. It's also nice to do things without converting time, money, language or electricity.

Janet went with me on the trip and we saw some sights both in London and Rome. I was able for the fifth or sixth straight year to get my annual journal at Harrods. It winds up costing me about $50, but that's a motivator to actually use it. That has become a tradition for me.

I promised Janet that the first thing I would do is buy a cup of Starbucks coffee in NYC, since we arrived at JFK, took a taxi to LaGuardia and then after spending the night at a really nice Hampton Inn (I'm serious, it was great), on to DFW and OKC. All went well until DFW, then the flu hit me and the last thing I wanted was coffee. Those who know me know coffee is a very, very important thing to me, so Janet knew I was sick. That and wearing a coat while shivering.

I went to the doctor yesterday and he confirmed flu, but not sure of "regular" or "swine". He percribed Tamiflu and I'm feeling much better today, so I'm thinking "regular".

Back to the coffee...The gentle bagage handlers managed to break my French press on the way back home. Also, I took several packets of the new Starbucks VIA instant coffee on the trip and it helped. I give the Starbucks people credit for a good instant coffee. It's not that I hate Italian coffee, it just that the intensity is pretty strong - basically expresso.

I plan to return there in June to teach Innovative Software Testing Approaches, one I've taught there before, and Practical Software Test Automation, a new class for the spring I am very excited about.

Well, back to resting some. By the way, I'll be posting soon the prelimiary research on the tester to developer ratios.

Until then, I wish all in the USA a blessed Thanksgiving!

Sunday, October 25, 2009

Join Me in Rome for Software Testing Courses in November

Hi everyone,

For those of you in Europe, or anyone interested in visiting Rome and attending a testing class, here's your chance. On November 16 - 20, I'll be presenting two popular courses:

Testing SOA (Nov. 16 - 17, 2009)

Advanced Software Testing (Nov. 18 - 20, 2009)

Just click on the links above for more information and to register go to www.technologytransfer.eu.

I hope to see you there!


Tuesday, October 20, 2009

EuroStar 2009 Software Testing Conference Ticket on eBay!

Hi everyone,

Here's a great deal, especially for those of you reading this in Europe. Last year, I won a conference pass to this year's EuroStar Testing Conference to be held in Stockholm, Sweden.

I can't use the pass this year, so I have placed it up for auction on eBay. The starting price is $500 and the auction lasts for 10 days. So, if you are looking for a great deal on a great conference, here's your chance!




Tuesday, October 13, 2009

Major Apple Snow Leopard Defect...Warning

Hi all,

I'm not one of those Mac users who downplay the problems just to make the Mac look better than a PC! There is a major problem with Snow Leopard that everyone should be aware of. Under Snow Leopard when you log into a guest account, you lose all your data. I think this may have happened to my son. All I know is he lost everything, too. Here is a full account of the problem from Computerworld:


So...if you have upgraded to Snow Leopard, keep making those backups and don't log in to a guest account! Oh, and to Apple...fix it!!! I can see the new Mac vs. PC commercials now (of course, it would need to be a parody since Apple won't make an ad where their guy just disappears!).

Thursday, October 08, 2009

StarWest 2009

Hi Friends,

I'm returning home from StarWest 2009 and found some time to blog as we are delayed out of Orange Country airport by about 3 hours.

It was a good conference. I was glad to see a higher attendance than at StarEast this year. In fact, the conference had a good feel for the week attendance-wise. It makes me hopeful that the economy is coming back.

There also seemed to be quite a few international attendees and people from the central and eastern parts of the U.S.

My Monday tutorial on Becoming an Influential Test Team leader went well and the two track sessions (one on Cheap and Free Test Tools and the other on Making Your Defects Pay) seemed to go well also. It's always great to meet new people and hopefully provide some helpful information.

It was also great to connect with friends. I really enjoyed Lloyd Roden's keynote on Top Testing Challenges. He and I approach the challenges from different perspectives, mine from a survey basis and Lloyd's from an observation perspective, but I really have a lot to think about from his session. I have been working a lot with test metrics lately and Lloyd's thoughts on making metrics meaningful and accurate is one that we should all take to heart. Everyone talks about test metrics, but few understand the work it takes to define them for a particular organization. I'll blog more about that later.

I also enjoyed Julie Gardner's session on test environments. Very few people tackle that topic in a conference setting and she did a good job on striking a balance of covering the topic without getting too specific.

I heard several people say they had a hard time deciding which sessions to attend. To me, that's the sign of a good program. It seemed that people were picking up lots of good testing tips and techniques.

The vendor expo was pretty well attended by vendors and attendees. Once again, another hopeful sign of an economic recovery.

So, I give the conference high marks. Kudos to SQE for a great conference.

On my free day, Tuesday, Janet and I went to a taping of the Jay Leno Show, but got there a little late. So, instead being part of the studio audience, we got to watch the outdoor segment where Tim Allen raced a Ford electric car. That was fun. We were just a few feet away from Tim and Jay and we were on camera, too. Last year, Jay waved at us at the stop light as he was one his way home driving his Arial Atom hot-rod.




Monday, August 31, 2009

Mac Snow Leopard and Parallels 3.0

Hi Folks,

Sorry for the long delay in posting. I've been busy...really, busy.

This past weekend I installed Snow Leopard on my Mac Book and overall, have been happy with it. One problem that I want to warn people about is an incompatibility with Parallels 3.0.

Apple lists incompatibility with Parallels 2.5 and earlier, but when I upgraded and then tried to access Parallels, I got an incompatibility message. Postings at Parallels forum have been ignored on this issue, so before you upgrade to Snow Leopard, you would be wise to upgrade to Parallels 4.0 first.

The good news for me is that I basically abandoned Parallels several months ago due to instability and bugs. I have found VM Ware to be much more stable. That one works just fine under Snow Leopard.

You will likely find other incompatibilities, especially with open source software. So, take those backups.

More to come very soon...


Wednesday, May 27, 2009

Where's My Gate?

Hi Folks,

I travel a lot. I have almost 2 million program miles just on American.

A couple of weeks ago, I experienced a new one. My wife and I were returning from Orlando and StarEast, connecting through DFW on American. (By the way, we had a great week at StarEast. It was good to see everyone.)

We were stranded in DFW on Friday evening due to the flight being delayed from Orlando so we stayed at the Hyatt in Terminal D. On Saturday morning we cleared security in Terminal D and saw that our gate to OKC was A22. So, we hopped on the SkyTrain and went to Terminal A. As we were walking to the gate, I looked at the monitors and saw to my dismay that the flight to OKC was leaving from gate D28. "Crap", I thought (and said, I think). I looked again just to make sure I wasn't looking at arrivals. Nope, it was D28.

So, we went back to Terminal D. As a sanity check, I looked again at the monitors and the flight was listed at gate A22. The information man must have seem my stunned look and asked if he could help. When I asked "Yes, which gate is the flight to Oklahoma City really leaving from?" He said, "Gate A22, just like it says there." I tried explaining that in Terminal A, the monitors said something different. By then, my wife was threatening to file for divorce.

We verified there was no plane at gate D28 heading to OKC, so BACK we went to A22. Finally, at gate A22 (my critical mistake was not actually going to gate A22 the first time), I told the gate agent that the monitor was showing the wrong gate. Her response? "Oh, those are wrong all the time."

Here's my question. Shouldn't the monitors be getting the data from the same source? Second question. If these are wrong "all the time" should someone be looking in to that? Oh well...at least we made it home. I just won't be quite as trusting in the future.

Now for something completely different....

I keep finding these great videos I intend to share and never get around to it. You really need to check these out.

The "Retroincabulator" - This must have been filmed for the Rockwell Christmas party!


If you liked that, check this one out as well: http://www.youtube.com/watch?v=rLDgQg6bq7o

Watch your grammar. Otherwise, you may be visited by the grammar police!


Here is amazing one. Three guys playing one guitar!


Finally...Do you have ping pong ball skills? These guys do!


OK...now back to work! Have a great week!


Wednesday, April 22, 2009

Project Life

Hi everyone!

I know you may have been wondering if I fell off the face of the earth, got abducted by aliens, or whatever. Well, I have ventured on to a full-time project in San Francisco. This requires that I commute from Oklahoma City each week, which is about 7+ hours each way, including connections. (That is, when I actually make it home without getting stranded someplace!)

Of course, this really constrains my time for blogging and writing. I've also not presented a podcast or webcast for over a month. I hope to get back into that soon.

This has presented some other interesting challenges and changes. For the past 6 or 7 years, I have done about 80% training and 20% consulting. Now, it's 5% training and 80% consulting and 15% travel! I enjoy consulting and getting into the trenches of testing. I'm doing a lot of mentoring, which is gratifying.

I am also experiencing death by meetings. Take today, for example. I had to cancel by participation in one last-minute called four-hour meeting so I could attend attend another more important four-hour meeting (at least they had better food!). I also had to cancel three other meetings because of the two other four-hour meetings. Then, this afternoon, I had back to back meetings from 1 until 6 PM. That's almost 10 hours straight! I look forward to the meetings tomorrow may bring.

OK...enough about that. I'm not bitter, I'm better.

I am posting three pictures I took recently. The first is a rainbow over downtown San Francisco taken from my hotel room on the 30th floor of the Westin.

The next two are also unique. I have found that one of the best places to grab a quick dinner that's really good is in the basement of Macy's across from Union Square. There's a Boudin Bakery (which has some of the best clam chowder and tomato soup I've ever had - and yes, I've been to Boston!), also there's a Wolfgang Puck Express (I love the rosemary chicken there), and other places that are good.

Outside of Macy's nearly every day, you will see people with their cameras and cell phones out taking pictures of this guy. He's got a big dog, a cat that sits on the dog, and a rat that sits on the cat. Now, it's amazing to see them just laying there on each other.

Believe it or not, the other day, I saw him walking his dog, with the cat STANDING balanced on the dog, and the rat resting on the dog. There are many homeless people on the street begging for money. I saw this guy counting his tips the other day and he had a wad of bills. I think that's awesome! He asks for a dollar tip for taking a picture. The way I see it, he's in the entertainment business. I was happy to contribute to a friendly guy with quite a little show going on.

I ought to title this picture, "Can't We All Just Get Along?"

I am also working on two books - Testing Dirty Systems and also one on UAT. I do get some time to write a little in the evenings.

I'm really looking forward to presenting a tutorial, track session and keynote at StarEast in a couple of weeks. Then, I conduct two days of training on use cases and root cause analysis in Kansas City on May 13 and 14. (We still have some seats available - go to www.kcqaa.org for details.)

I also have some other blog posts cued up, so I should have another posting soon.

Thanks for checking in!


Monday, March 23, 2009

5 IT Roles That Drive Cost Reduction...Plus One.

I just got this e-mail promoting a slide show from Forrester Research about 5 IT Roles That Drive Cost Reduction. Being an inquiring mind, I was curious as to what they had. I was disappointed but not surprised to see that no relationship between quality and cost was there. For example, no mention of QA or testing, process improvement, etc.

When you consider the billions of dollars ($59.5 billion to be in the ballpark, based on a NIST study), that are spent on software defects, it would make sense that this is one gap to be closed.

This also shows me how far the business case for quality has fallen. Back in the last recession (early nineties), Deming was king and U.S. industry was clammoring for anything about quality. Unfortunately, here in the USA we fell victim to the marketing (TQM) and forgot the discipline involved. So, a few years later we had regressed to the same attitudes that had prevailed earlier.

Here's my point. If you want to cut costs AND increase profits, learn from those defects we all experience. Take those learnings and improve the processes, or at least learn how to catch the defects while they are small and less expensive to fix.

I won't list the other 5, you can read the slide show here:


Just don't forget my nomination of #6 - Software Quality

Have a great day!


Thursday, March 19, 2009

New Service Offering - Live Online Training in Software Testing and QA

Good Thursday everyone!

I just finished speaking at the Oklahoma City Red Earth QA SIG at lunch today. Thanks to everyone that attended. I spoke on the same topic I'll be presenting as a keynote at StarEast (May 4 - 8). I hope you can make it to Orlando in May. It will be a great conference!

I've been very busy lately. First, we have a totally redesigned web site - same URL - www.riceconsulting.com. If you haven't seen it, please drop by and let me know what you think.

Part of this effort is a new service offering for me. Sure, web seminars are nothing new. However, I haven't used this medium as a standard training offering - until now.

Because the current economy has forced many companies to cut training budgets, travel budgets, etc. Since 2001, I have been working to deliver online training in effective ways.

So far, we have a great line-up of pre-recorded training courses, which many people have found a great way to balance time, money and content.

However, some people just like live training - and that's fine. The problem is that it's not always feasible to have me live at your location.

Imagine having your team of any size in any number of locations linked together, being taught live! You can ask questions, make comments and work on exercises - just like if I was at your site.

We've been doing this type of training on a limited basis for several years. Now we are offering it to you and your team at very affordable prices. You pick the course and we work together to set the outline and schedule.

The possibilities are many. You can have:

  • a 3-hour morning session and a 3-hour afternoon session
  • a 3-hour morning session or a 3-hour afternoon session, conducted for as many days as needed to complete the course. You can train half the day and still work on your projects.
  • a weekly session of 3-hours on the day of your choice

(the 3-hour sessions have a 15 minute break at the 1.5 hour point)

Example: Your team can take our Basic Training in Software Testing course (a 2-day class) in four 3-hour sessions! All-day Monday and Tuesday, or just in the mornings or afternoons four days out of the week.

Here's the best part - the pricing!

Because of the current economic conditions, I am going all out to help. Each 3-hour training segment is priced at $500! Course books can be printed and shipped to your site for roughly $30 per book in the USA. For international pricing, please contact me for options.

So, you could have your entire team trained live online in a 2-day class (4 sessions) for $2,000 plus books. No travel expenses, even if your team is located in multiple locations. A one-day (2 session) class would be $1,000, plus books.

There are some logistical details that have to be planned, such as getting a training room with projector, computer with Internet access, and having someone you can designate as an on-site facilitator.

If you want to learn more, contact me by e-mail or call 405-691-8075. Let's keep building those skills so you can do more with less!

Friday, March 13, 2009

Today's Webcast on Charting For Root Cause Analysis

Help me test a new platform for web seminar delivery!

Today, March 13, 2009, 12:00 Noon Eastern Daylight Time I will be conducting a live web tutorial at:


The topic will be Charting Events for Root Cause Analysis. In this session you will learn how to diagram a timeline of events, identify contributing causes, and hopefully, identify the root cause of a problem.

You can download the notes here:


This is a free session and is limited to 24 people, so please arrive a little early to get a spot. The session will last one hour or less.

Also, please understand that this is also a test. We may experience some problems, so please be patient in that regard. The audio should play over your computer speakers.

I hope you can be there!

To hear this session, click here:

To download the session, click here:



Friday, March 06, 2009

Getting Started in Root Cause Analysis

Today's podcast will be on the topic of "Getting Started in Root Cause Analysis". This is a topic that many people are interested in, and another one of the ways you can do "more with less" in software testing and QA.

To listen live toady at 12 Noon, EST, just go to:


You can call in or type in your questions. After the live session, you can visit the same link and listen to the recorded call.

Here are the notes for today's call:


I hope to see you in the podcast today!



Wednesday, February 04, 2009

Five Ways to do More With Less in Software Testing

It seems that many test managers are in the squeeze of tight testing budgets or no budgets at all. That means there is a lot of interest in doing more with less. The economy is bad, but we still have the need to do software testing well.

While I understand the need for efficiency in today's economy, this is not a new message. When I first started training in software testing back in 1990, there was a recession underway. There was also a quality crisis as U.S. manufacturers were battling against higher quality foreign imported items which included everything from VCRs to cars.

We learned how to recoup for the cost or quality with high-quality methods. This is what Phillip Crosby wrote about in his book "Quality is Free". In IT, however, the message of the economy of high quality has been lost over the years. In fact, in recent years I have found that senior IT and business management in many of the companies I have worked with will spend lots of money and take lots of risks with little to show for it.

So, for this window of time (hopefully a small stretch of time), the kinds of things I'll be discussing here have a home in the minds of people. However, the principles are profitable in any economy and we need to remember them.

#1 - Know What You are Doing

The number one value of training and skill building in my opinion is to learn the best and most efficient ways of doing things. After all, someone with no training could attempt just about any job but the results wouldn't be very good in most cases.

In software testing, there is a popular misconception that anyone can test. I have learned that many people have the ability to test, but there are skills that must be developed before someone can do a decent job of testing. And, some people just don't have the mindset or patience to be a good tester.

Training is how you learn what to do at the right times. Repetition is an important part of the training process. So, a three-day class once a year isn't enough to build skills.

Training can be expensive, but doesn't have to be. There are effective options:

* Self-study on the web and by reading books
* Team study such as reading and discussing the same book for a month or more
* Design and conduct your own in-house mini-course
* Have someone share a great new technique or tool at each test team meeting
* Webinars and teleconferences
* E-learning - its better than it used to be!

#2 - Reuse What You Use

This is really basic, but can be a big timesaver. If you have a good test plan or test strategy for one project, make a template and use it as the basis for other projects.

This idea can extend to detailed test design and test automation.

Perhaps the hardest part of reuse is managing the items as they are shared. This is the situation when people share and reuse test cases and test automation. There must be control over the items.

#3 - Define Tests Efficiently

There is an economy of testing. More tests are not necessarily better. In fact, each test case you have is one more you must maintain and perform. If a test case isn't adding specific value to your understanding of the software under test, you should consider why it is in the test.

Many people are surprised that once they start to analyze combinations of tests, how few tests they actually need.

While not every project is a good application of pairwise testing, it is a good technique to explore and try.

#4 - Automate Well

There is a great potential in good test automation. Some have realized this value is actual practice while others still struggle. In my experience, test automation is one of those areas where you can spend a lot of money in a hurry with little to show for it.

There are some free test tools such as FitNesse (www.fitnesse.org) that can be helpful, as well as scripting languages. Other free tools are at www.opensourcetesting.org.

It's good to learn the lessons of automation on the free and less expensive tools before moving on to the more robust and expensive tools.

#5 - Learn From Your Defects

Each defect tells a story. If you take the top 10 defects (as measured by the frequency and impact) in the previous month and perform root cause analysis to learn why the defect occurred, you will make significant strides toward improving your processes. The main investment in this effort is time. It will also take management support to fix the processes. However, these are things you can often do with very little direct cash outlay and they yield big value.

#5.5 - Bonus - Write and Use Checklists

Checklists are easy and inexpensive to create. They help improve processes and prevent mistakes. They also add consistency as to how things are done. If you don't believe me about the value of checklists, ask a pilot.


Going back in time again, one of the first books I read when starting out as a consultant in the early 90's was Jerry Weinberg's, The Secrets of Consulting. One of the laws is the "Law of Raspberry Jam", which basically says the wider you spread something, the thinner it gets.

Like jam, you can only spread people and tests so far before they lose their effectiveness and value.

We should be lean and mean in our testing because we just don't have the luxury of time (and right now, of money). So it's a good thing to learn efficient ways of testing. Just remember there are limits.

To hear my podcast on this topic, visit http://recordings.talkshoe.com/TC-27009/TS-182201.mp3

Saturday, January 31, 2009

Software Testing e-learning

One of the best ways to stretch your training dollars - whether you are paying for training personally or from corporate accounts - is to consider e-learning.

Not only does e-learning cost less than live public or in-house training, it is a great solution for people who don't have the time to devote 7 or 8 hours (or 2 - 5 days) for training.

Studies have shown that e-learning is just as effective in getting the information across as live training. I think it may be even more effective because you can repeat material as needed. You can't do that in a live class.

It's also a great way to make sure everyone gets the same training no matter where they live.

And...for those training managers concerned about any trainer behavior (jokes, comments, etc.), e-learning is safe. No profanity, no inappropriate remarks, etc.

I have found that the key for effective e-learning is to interact with the instructor. That's why I offer teleconference sessions for my e-learning participants. You get the chance to ask questions and interact with me. Of course, I am always reachable by e-mail and try my best to answer questions by phone.

These are just a few of the benefits of e-learning. If you want to learn more about my e-learning courses (I have 13 of them now, including an ISTQB foundation level course), just visit http://www.riceconsulting.com/training/e-learning.htm.

To experience free demos of any of my courses, just visit http://www.softwaretestingtrainingonline.com/moodle and select the demo section. You can login as a guest.

To buy a course, just visit www.mysoftwaretesting.com. We have a sale on right now!

Riceconsulting.com banned from Google

Well, the saga continues. Because of the redirects on my site, then my subsequent removal of the malicious links, I have been banned from Google. I'm not upset at Google - I understand their need for maintaining integrity in the search results.

It is frustrating to go from the #1 listed site for "software testing consulting" and the #4 site for "software testing training" to not even being in the search results at all.

So, if you are looking for me on the web, I hope this post helps you to find me.

I have gone through the steps to request re-inclusion and hope to be back in there soon.

Wednesday, January 28, 2009

Battling the Russian Hackers

I've been having an interesting time the past few days dealing with a bot attack on my web site. Don't worry - if you are a customer for my e-learning or anything else that required credit card payment. Your information is not kept on my server. Several months ago I got out of the shopping cart business and went with Volusion.com. Volusion is PCI certified and is as secure as it gets.

Also, my Moodle e-learning environment is on a new secure server as well for several months now.

So, here's what happened. I hope this helps someone else defeat these guys.

In early December I noticed that my home page at riceconsulting.com was no longer an html page, but rather a php page. Also, my htaccess file had been changed to point to this new php file. I called my web host and they didn't know how it had been changed. So, I changed my ftp password and changed things back.

Last week, this happened again and I changed it back again to index.html. The next day the home page was index.php again.

After doing some research I discovered that my old version of Moodle still on the site had vulnerabilities which allowed the attackers to place the first Mad Shell script. So, I deleted every php application on my site. I also got rid of some old cgi scripts.

Then, they messed up. That's why I think it was just script kiddies.

They added a new file, named after one of my other pages, but appended with .php. By listing the main directory in my ftp client, I found the recent change.

I looked at the page source and found an encoded script on the page, which I was able to identify as Mad Shell. Now, this is a powerful script. It allows an attacker to do anything an ftp program can do. If you want to know more about Mad Shell, visit this blog.

I deleted that page, changed my htaccess file back to normal and started watching the server logs.

Sure enough, about 10 hours later, another change!

So I started studying the server logs again. This attack was using a redirect to bounce traffic from Yahoo Slurp through my site and on to a site selling drugs that enlarge things.

I was able to identify exactly when the redirects started happening again in the log and found two deeply embedded files - both newly created as php files. So, I deleted them. They had tried to hide them deep in my folder structure, but sorting by modification date helped find the folders.

Finally, that stopped the attack.

Here are my lessons learned (you may see others - if, please comment):

1) Whenever you introduce an application to a web site you are very likely to also introduce vulnerabilities. This is especially true for php apps and even more true for open source php apps.

2) Don't leave unused apps laying around on the site. I'm the kind of person that doesn't like to throw things away. In this case, I should have!

3) Take those security updates seriously. However, in the case of open source, you may not be notified of a vulnerability. It helps to keep an eye out on the support boards for the apps you use.

4) Keep an eye on your server logs and visitor stats. I have known for some time that bots kept hitting my site, but that's just the deal with bots. Every web site owner deals with bots. However, the server logs can be very revealing.

5) Don't expect much help from the web host. While a couple of people at my web host were informative and helpful, one guy told me to "do a Google search" to learn how to secure my files. I was looking for some specific ideas and his response was one of the most unhelpful. Back in December when I was asking support for reasons why my htaccess file had changed, they didn't have a clue. I would expect a tech support person with about one week of experience to suggest that an attack might be occurring. I think I'm ready to change hosting service providers.

6) Stay vigilant and fight back. These attacks can be defended and defeated.

Now, hopefully, it's on to more productive work!

Wednesday, January 14, 2009

Calling All Dashboards

In my December newsletter I asked for any of you that have created and/or maintained software testing or software project dashboards to let me know some of the most helpful metrics you track on those dashboards. I have received a few responses, but could use a few more to get a good sense of trends.

The reason I'm asking is because I am working on a keynote presentation for StarEast 2009 on that topic. It would be good to share the most popular dashboard items as described by you, my loyal blog readers, clients, students and friends (hey, some of you may be in all three of those categories!).

In case you are wondering what a testing dashboard is, you can view and listen to my original presentation here: Keeping it Between the Ditches - A Dashboard to Guide Your Testing. It's about 35 minutes long.

By the way, for all those who submit their ideas, I will send a copy of my StarEast presentation.

Also, I hope you can join me and my special guest Fiona Charles on Friday, January 16th at Noon Eastern time as we discuss the new book "The Gift of Time". This book is a tribute to the life of Jerry Weinberg and is a collection of essays by people like James Bach, Michael Bolton, Ester Derby, Johanna Rothman and many others.

I think you will leave this teleconference with wisdom and insights that Jerry Weinberg has imparted to us that can add a new perspective on "why" you do "what" you do in IT.

This Friday (January 16th) at noon Eastern time, you can get in on this call. You can also call in to ask your questions live!

There is no cost for this call, except for the long distance charges if you choose to call in. (You can listen free on the web.) If you can't be there live, it will be recorded for later listening.

Just go to http://www.talkshoe.com/tc/27009. The call in number is (724) 444-7444 Call ID: 26874 The start time is 12:00 EST (Friday) and the call will last no longer than an hour.

Once again, you can listen over the web and ask your questions by text message if you are in another country or just don't want to call in.



Tuesday, January 06, 2009

New Year, New Goals

Happy New Year everyone!

It seems that everyone I've been speaking with over the past week or so is really glad we have 2008 behind us. I am, too, but I'm not very sure 2009 will be better (at least in terms of the economy). I hope it is better, but I like to keep my expectations in line. We have pretty big challenges as a country and world.

I try to avoid making New Year resolutions because they are so easily forgotten. Instead, I try to focus on goals. One year, I made a list "10 things I want to remember" for the coming year. That was interesting to bring to mind throughout the year the important things.

I have some pretty major goals this year:
  • Finish three books I have in progress
  • Get about six more e-learning courses produced and out on the website.
  • Develop some test strategies and content for cloud computing (Thanks, Mike for that suggestion).
  • Contact at least two people in my network each day, just to stay in touch (so don't be surprised if you get a call from me).
  • Complete my advanced level test certification (one part down - two to go!)
  • Actually publish my newsletter every month this year!
  • I'm also working on this major project to document all of the processes used in my office - all the way from accounting to website maintenance.

Then, there are my personal goals: books I want to read, people I want to develop deeper relationships with, a better use of my time, and then the big one: to organize my office!

I also have this car restoration project (a 1949 Plymouth) I would like to finish while my dad is still alive to see it and ride in it.

One more thing - My goal is to journal each day. I have been hit and miss, but at least have been doing it for a few years. Back in November while in London I was able to stop by Harrods and get their 2009 Diary, which I find perfect for journaling. Plus, it's expensive enough to give me the incentive to actually use it.

I learned a great tip on this from my mentor, Jim Rohn. Mr. Rohn says that it's good to have a notebook with loose leaf pages for all my projects. Each project gets a tab. Throughout the year I will make notes about how each project is going. On the journals, the one time I spoke face to face with Mr. Rohn he told me that if I stay consistent, one day I'll have an entire shelf of journals to document for my kids and grandkids my ideas, experiences, pictures and thoughts. Today, I look at my shelf and I have about ten of those books. My goal is one book per year.

I hope this prompts you to make a short list of things you would like to do, be, or experience this year. It's easy to dismiss goals, like resolutions. But they really do propel us forward and give a chance to review at the end of the year the progress we have made. For me, if it's not a goal I probably will get distracted and not do it.

Your goals might be:
  • To learn a new skill
  • To visit a new place
  • To make a new friend
  • To be better at what you do
Just remember, it's not the economy that determines our success or failure - it's your outlook, faith and philosophy. There are always people that do well in bad times as well as good.

I hope you comment on this post and share some of your goals and thoughts about the New Year!