How malware ate my Desktop PC .. what I learnt.

Like any of us if enough time goes by in peace and quiet we get complacent and don't follow our own established procedures. That's what happened to me two weeks ago. My PC was infected with a particularly nasty bit of malware.. due to my complacency and probably a tired click on the wrong link.

It was very late and I was tired, already a recipe for IT disaster :-) and the next morning I booted up my PC none the wiser. I had been running my Antivirus as part of Panda Internet Security regularly but since all was reasonably quiet I had not been running an additional anti-spyware program frequently enough.

I had Windows Defender installed and MalwareBytes but was only getting around to running them about once a month.

As I said I booted the PC and after typing my password went to get a cup of coffee. On my return Windows XP was reporting a problem with OS files having been overwritten and this was the first sign that something was seriously wrong.

I couldn't run Panda or either of the anti-spyware programs, no executables or OS folders could be found throught search, Explorer or via DOS either locally, over the workgroup and finally no Disk On Key Apps could be run.

So I tried a System Restore .. nope.

Then I tried a Repair from the Boot Disk .. my Administrator password was not recognized.

Several inappropriate words later I deciced to try backing up my data, PST etc to an external drive .. luckilly this worked. Then of course I opened my laptop and used it to scan the external drive as deep as it could go using Panda, Spybot Search and Destroy and MalwareBytes.

I decided to cut my attempts at repairing the damage short and just reformat and reinstall the OS and programs.

To cut a long story short, the PC is up and running better than ever with more stringent security; what did I learn?

• 
  
  Complacency is one step before disaster.
  
  
  
• 
  
  Backup, backup, backup.
  
  
  
• 
  
  Keep all your data on a separate partition and preferably sync it to a remote or network store.
  
  
  
• 
  
  Keep a list safe (hardcopy in this case) of all your license keys for all your software.
  
  
  
• 
  
  It's worth having a reminder for scheduled antivirus and antispyware scans.
  
  
  
• 
  
  If you even suspect that you clicked on the wrong thing or the PC is acting strange then run your security programs. 
  
  
  

Cellular Hack *81

Yesterday I saw I had a message on my Windows Mobile phone and half paying attention dialed *80 to access my voicemail.

Actually I had dialled *81 and I hung up after several seconds and redialled to discover that by dialling *81 I had activated voicemail recording from my phone.

So the next time you want to have a spy moment or you are in a meeting/ interview you want to keep a discreet record of, try dialing *81 and for the cost of the call you can record the proceedings to your voicemail box.

Now to test other * codes on the phone and see what they do.

Think outside the box? Ignore the box and just think.

When confronted by a difficult or challenging problem we are encouraged to Think outside the box.

This concept is based on finding non-conventional, creative or more radical solutions that would not normally be used.

In software testing "the box" is the application/ component/ feature being tested and the categories of testing are Black - hands on (WYSIWYG) testing and White - automated and code level testing of the internals.

However with most problems the solution may require a blended or holistic approach. So, I have defined for myself to ignore the box, start with the solution you would like to arrive at and work backwards without limiting yourself from the initial phase of your thinking about the mechanics of the solution.

(In some ways this may be viewed as being requirements driven.)

The truth is that if you start with your ideal or desired endpoint it doesn't matter whether you think in or out of the box, just that you reach your intended "destination".

Making the testing cycle easier to swallow

As a manager an consultant one of things I frequently encounter when I am hired to increase productivity in the test lifecycle is conflict.

Now there are contructive ways for conflict to flourish but with respect to QA/ testing one of the most common occurences in the Start Up arena is the need to get deliverables out of the door compromising the test cycle. Or unrealistic expectations on R&D creating a need for them to borrow testing time in the lifecycle which creates friction between the R&D teams and QA.

 

In a previous Start Up the VP of R&D would allow me as QA Manager to borrow back Developers to help with end-run testing. Whilst not optimal the extra hands did help but, there are a few things I learnt to do from this and other occurences:

1. Getting more hands to help if they are not guided doesn't necessarilly produce good results.

2. Developers shouldn't (except for Unit Testing) test their own code; the corollary to this is pairwise review which works well for testing too; you can team the developer with a QA tester or another developer.

3. Have the test cases mapped out and ready to distribute/ accessible to the extended testing team [yes, this is why we love Microsoft Team System] and ensure the same for the Bug Tracking.

4. Make it fun! Use Best Bug Awards and a big wall chart in the QA Lab; if the company will spring for it even have a small cash prize/ meal out for the absolute best showstopper.

5. Don't let this become habit. It's not healthy for QA to continually compromise the test cycle and R&D testing means they aren't developing and Developer hours are costly.

When I did Best Bug Awards I liked to use a wooden plaque with a gold painted big bug stuck on it. We would ceremonially review the bug and award the plaque (to be held until the next contest) at our weekly meeting; the person who found the bug would receive the award and then be responsible for explaining the process of how they tested and found the bug.

The most common phrase I used to hear from R&D when we found a bug was "I can't reporduce this." so make the QA Lab accessible (even by Remote) and encourage the Developers to feel at home to use the Test environments to see how the bug occurs in the wild.

All of this is part of a greater process with an underlying philosophy of marketing QA as valuable but also ensuring that other teams don't see QA as an interference in their progress.

A lot of this boils down to something my Grandpa told me,"You can draw more flies with honey than vinegar." This especially holds true for the sort of work done by QA/ Testing.

Movie bests etc.

I am a huge movie fan. I have always enjoyed the movies and not just the whole popcorn, big drink experience but also remembering quotes, facts etc.

I decided to compile my own list of "bests" so here they are: -

Best psychological thriller: Dead Again starring Kenneth Branagh, Emma Thomson, Andy Garcia and Derek Jacobi.

Best Western: The Good, the Bad and the Ugly

Best War Movie: The Great Escape

Best Sci-fi: Blade Runner

Best Martial Arts: Enter the Dragon

Best Action: Die Hard

Best Sci-fi Action: Total Recall or Predator

Best Swashbuckling Comedy: The Princess Bride

Best Tarantino: Reservoir Dogs

Best Cult Movie: Highlander or Terminator

Best Dark Comedy: Grosse Point Blank starring John and Joan Cusack, Minnie Driver and Dan Ackroyd

Best Spoof: Austin Powers, International Man of Mystery

Best Rom-Com: Addicted to Love starring Meg Ryan and Matthew Broderick

Best Comedy: Life of Brian or Young Frankenstein

Memorable...

Best bar-room brawl: Zhang Ziyi in Crouching Tiger, Hidden Dragon

Best sword fight: Uma Thurman's Bride in Kill Bill faces off against all the Crazy 88

Best gun fight: Raiders of the Lost Ark in the Souk.

Best fist fight: Fury of the Dragon where Bruce Lee fights Chuck Norris

Best car chase: Steve McQueen as Bullitt

Best anti-hero: Kurt Russell defines the genre as Snake Plisken in Escape from New York

Best court room scene: Jack Nicholson as Col. Nathan Jessep explains some hard truths to JAG lawyer Tom Cruise, "You want the truth. You can't handle the truth!" A Few Good Men.

Most likely to be sponsored by Energizer: Bruce Willis as John McClane in Die Hard

Villain we just have to hate: Alan Rickman sneers his way to the peak of euro-evildom as uber-villain Hans in Die Hard (and not a stolen nuclear warhead in sight)

Best stiff upper lip: Sean Connery in Goldfinger is James Bond, "Do you expect me to talk, Goldfinger?"

Best quotes ever: so many from Dirty Harry, all Clint Eastwood.

Most committed to vengeance: "My name is Inego Montoya..." The Princess Bride

Best angst ridden cry: James T. Kirk howls in unbridled rage "Khaaaaan!" Star Trek: The Wrath of Khan

Best death scene: Opera, tommy guns and the crawling bullet riddled Sean Connery as Malone in The Untouchables

Best we never saw that coming moment: "Luke, I'm your father!"

There are so many others that I might just do a follow on but for now enjoy the list and if you have other ideas let me know.

Martial Arts (Judo and Hapkido) as a life philosphy

I practised Judo and Hapkido for quite a number of years. As a martial artist I always prided myself on one thing. No matter the number of times I was thrown, kicked, punched or battered I would always get up one more time than my opponent. This was the key to my success.

It was never about pride, traditionally in all martial arts the rule is the one who breathes for longest wins. However for me combat was always about the application of kata and determination. I was only competing with myself.

Several years ago my Sensei retired and I never found a teacher to replace him, in effect I didn’t get back up.

I moved to a new town (Modiin), this is an area rife with martial artists; Ju Jitsu, Tae Kwan Do, Karate, Kung Fu, and many others but I never took the time. The thought of having found a style of martial arts that suited me (Hapkido); progressing and then abandoning it for another style probably held me back too. Instead of viewing the knowledge and skills I had acquired in Hapkido as something I could port to another style I became rigid in my thinking.

Martial arts had been a driving philosophy throughout my life and without it I lost something. Or maybe I just forgot my governing principles.

Recently I lost my job. Reasons aside I have been metaphorically on the mat, on my back and bloodied by my opponent but now it is time to get back up one more time than my opponent.

Tools, techniques and resolving conflicts in Development

There are many different organizations, start-ups amongst them where the transfer of knowledge between teams or individual can be akin to pulling teeth; difficult, messy and painful.
The classic example in development is when the QA or Test team has to begin defining tests for the next release but has no clear idea beyond terminology on a Gantt or various emails what they have to test.

Getting documentation at this stage can be frustrating and even ultimately counterproductive in terms of the conflict or friction it raises between the person who has to produce the documentation (in our case specifications) and the person who needs the documentation to continue working and not become a bottleneck.

In SCRUM during the daily meeting this issue would be raised as an impediment to the testing progress and the Scrum Master would help the team in resolving this.

However as an experienced QA Manager I can state that this issue is a function of corporate culture. Normally this occurs where VP of R&D and or the CTO continues to make statements committing to full knowledge transfer but actually the real concept being maintained is that writing code comes first and if you are lucky we might get to writing spec down the line.

This truly demonstrates a Waterfall methodology regardless of the methodology that the organization claims to be using.

How do we resolve this? Perhaps this is something you just have to live with and realize that this is an organization that will never embrace Kanban, Lean, Kaizen, and Agile - SCRUM or any variant thereof without a true management commitment.

There are different personality types depending on which theory of psychology you adhere to; I’m a tools and techniques guy, I try to identify the problem and knowing it will recur find the correct tool or technique that allows everyone involved to keep a smile on their face and get the job done.

I encountered this kind of problem myself several times and it occurred to me that if the core of the problem is finding the time to write stuff down, then why make people write at all? The written medium is tiresome to create an often just as difficult to read and learn from. So why not use a different medium?

Ideally, you would introduce the use of Digital Audio or preferably Video recording and get the relevant knowledge owner to speak freely explaining the (in our example) spec. Diagrams, charts and slides could be added later making this “living document” or work in progress. (I re-heard this idea at the Israel Scrum Users Conference, earlier this month; many of us confirming that a good idea is something others thought of at the same time as you).

This is the easy part; there will still be a need for post-processing, review/ approval, document control and much larger storage/ backup than if these were simple textual documents.

Users would have to learn to be comfortable with being filmed, cameras would have to be readily available and seated on a stable platform. The video files would need some form of tagging which could be used for creating a searchable index in the Document control database but ultimately the ROI would be enormous in terms of reducing the friction and frustration in dealing with this impediment.