Wednesday, November 28, 2007

Where Does the Magic Come From?

Any sufficiently advanced technology is indistinguishable from magic.
- Clarke's Third Law


In my career, I have at times run a successful project, built a high-performing team, or conducted a stunning class. Each time, though, I knew that my technology seemed like magic even to me, because I didn't really know how I did it. I do like to succeed, so perhaps I should be content with success alone. But I always worry:

"If it's indistinguishable from magic,
how do I know it won't go away next time?"


The Double Bind

When I worry, I'm reluctant to change anything, no matter how small, for fear that the magic will flee. I feel trapped between the fear of losing the magic by change and the fear of losing the magic by failing to change - a classic example of the trap known as a "double bind" (damned if you do, damned if you don't).

Double binds often result in paralysis or ritualized behavior. For example, I'm often called upon to improve meetings, but then find it difficult to persuade my clients to change anything about the meeting. "If we move to another room, it might not be as good as this one." "If we don't invite Jack to the next meeting, we might need something he knows." "If we change the order of the agenda, we might not get through on time." "If we vote in a different way, we might make a poor decision." "We must order our donuts from Sally's Bakery or we won't have a successful meeting."

The "Magic" of PSL

I'd find this behavior even more frustrating if I hadn't experienced the same double bind myself–for example, when faculty considers some potential improvements to our Problem Solving Leadership workshop (PSL). Over the years, lots of people have experienced what they call "the magic of PSL," and we're proud of that. But each time we consider a change, someone raises the fear that the change might make the magic disappear. Fortunately, each time we do this, someone is able to prove that the magic is not tied to the factor under consideration.

For instance, we've worried about changing the hotel or city where PSL is held. We do attempt to find magical sites, but then we remember that many PSLs have transformed mundane hotels in mundane cities into magical sites. This proves to us that the magic can't be in the site, and frees us from that double bind.

Or, we've worried about changing the faculty who teach PSL. We certainly don't choose faculty members at random, but every faculty member has led many, many magical PSLs. So the magic can't be in any particular faculty members.

Or, we've worried about the combination of faculty members. We don't choose our co-training teams at random, either, but all combinations experience magic. So the magic can't be in the faculty combination.

Again, we've worried about the materials we use. We certainly don't choose materials at random, but we do change materials from class to class, and each class deviates from the "standard" materials in a variety of ways. Indeed, there is no single item of material that's in common between the very first PSL (back in 1974) and the most recent one. So the magic can't be in particular materials, either.

Breaking the Bind

The same approach can be used to break other double binds - by finding a counter-example to match each objection:

- "If we move to another room, it might not be as good as this one." "Ah, but remember when they were painting this room and we met downstairs? We had a good meeting then."

- "If we don't use Microsoft Project, this project might fail." "Could be, but we did project X with other tracking software, and we did a fine job."

- "If we change to a new version of the operating system, we might have crashes." "True. But we had a few crashes the last time we upgraded, and though it was some trouble, we dealt with them."

- "If I clean up that code, the system might fail." "That could happen, but the previous three times we cleaned up some code, we caught all the failures in our technical reviews and regression testing. So let's do it, but let's be careful."

The Effective Use of Failure

What can you do if you don't have a counter-example and can't create one in a safe way? In that case, it helps if you can demystify the magic and understand its underlying structure. To do this, you need examples where the magic didn't happen. In social engineering, as in all engineering, failures teach you more than successes.

For instance, the PSL faculty became more aware of the source of PSL magic by observing a few times that the magic didn't "work." Usually, people come to PSL voluntarily–but not always. Once in a while, someone is forced to come to PSL to be "fixed," but people who have been labeled as "broken" may resent the whole experience, and may not feel much PSL magic at all.

From these rare failures of PSL magic, we have identified one key component of the magic of PSL:

People are there because they have chosen to be there.

Curiously, the same component works in creating magical meetings, magical projects, and magical teams. When people are given a choice, they are the magic. Or, more precisely, they create the magic.

When people choose to attend a workshop, to participate in a project, or to join a team, they plunge themselves fully into the experience, rather than simply going through the motions. Consultants can thus have a "magic" advantage over employees: They always know that they've chosen this assignment, so they can always throw themselves into it without reservation. Employees can have this choice, too, but they often forget–just as some consultants forget when they feel forced to take an assignment out of economic necessity.

Keep this in mind the next time you choose an assignment. If you feel forced, you won't do your magical best. You won't have access to the magic that lives inside of yourself.

Do You Want to Experience the Magic of PSL?

Esther Derby, Johanna Rothman, and I will be leading another PSL (Problem Solving Leadership) March 16-21, 2008, in Albuquerque, NM.

PSL is experiential training for learning and practicing a leader's most valuable asset: the ability to think and act creatively. PSL is the gold standard for leadership training, and I'm thrilled to be teaching again with Esther and Johanna.

See <http://www.jrothman.com/syllabus/PSL.html> for the syllabus. If you're interested, please send Esther an email, [Esther Derby <derby@estherderby.com>]. We'd love to have you help us create some more magic.

Thursday, November 22, 2007

My Career, An Interview

Magnus Ljadas has just published an interview with me on the Citerus (Sweden) website (www.citerus.se).

I've been interviewed many times over the years, but Magnus is the best interviewer I can remember. I hope it's as fun and informative for you to read as it was for me to write.

http://www.citerus.se/kunskap/pnehm/pnehmartiklar/interviewwithjerryweinberg.5.484cc23b1165f30e75680002483.html

Or you can use tiny url = <http://tinyurl.com/2tro4f>

Thursday, November 15, 2007

Developing Emotionally, Part 3

William Responds to Melissa:


Melissa, my secret is this: I have learned to really enjoy interaction on the emotional level. Perhaps "being emotional" was an innate need, but before and during high school I only had 2 close friends (ever), and I was very controlled–I didn't let anything out (if I could help it). Then I had a life-changing experience: I went to a summer program for high-ability science students, and the program director wanted to develop our little personalities as well as our big brains! So he included a simulation–we were stranded (in groups of 8) on a desert island, and had to solve all sorts of problems, which grew more and more personal. I was lucky enough to land in a very supportive group where we related to each other on a very personal and emotional level...and I was hooked! I realized that personal interaction needed to be a part of my life.

This experience really was life changing. For example, it resulted in my changing my college goal to a small liberal arts college instead of the US Naval Academy. And it resulted in my adding a second major to my academic program, Psychology as well as Computer Science. But the experience itself was relatively simple: 16 4-hour sessions over a period of 8 weeks.

Since that time, I have participated in a number of self-development groups, of all flavors. I have worked to develop my consulting skills and my counseling skills (quite related!). And this stuff is learnable: it just requires practice. Perhaps I had an innate ability for empathy–I get it from my mother! But when I was in college, I participated in a basic training session for drug counselors (lay people, not professionals), and the model they used involved practicing empathy. For several hours a day. That's what got me started in that direction. And believe it or not, practicing this stuff really can help to improve your ability to detect and "process" signals that other people are sending out. At least, that has been my experience.

Today, I really enjoy relating to people as people. I find it most satisfying when I am in a situation where it is "permissible" to relate on an emotional level. (I admire Jerry W., who seems to be able to establish this permission in almost any situation!)

So, I guess my secret was participating in a number of self- development exercises in "safe" situations, where I could take more and more risks and learn to enjoy being more open. I have done this at various times over the past years, and even PSL counts in this direction, because it shows you your emotional limits and helps you to realize what you might need to work on.

Like I said, I don't know if this helps, but it is my story...

Forest Responds to William's Story:


I am so grateful that you shared this story with everyone. It was wonderful to read, and allowed me to feel a number of things that I had recently closed off again.

I identify with how you are most comfortable when you can relate emotionally in a situation. I used to struggle more than I do now in balancing my desire to relate emotionally, with what those around me were comfortable with–or, perhaps it is what I perceived the situation to allow. In the 'professional' world, I have perceived that emotions are frowned upon, and that people are to keep them out of the office. My inclination is to balance emotion with the rest, but I tended to lock them up in many situations.

At my first AYE conference, I learned that the emotional aspect is necessary to connect with people. And notably, that it was okay. During that experience I allowed myself to be more open in connecting with people and to be myself emotionally. I prefer to operate in an environment like that, so I give myself permission to create environments in my life where I am able to (work included). I feel like my true self when I am able to, almost like the mask comes off. I have found the AYE and PSL communities to be extremely supportive and safe in this realm. Which is why I keep going back... I can be myself, and I can recharge my energy to continue to be myself in my day-to-day life.


And William Replies to Forest:


Thanks very much for the affirmative feedback. It is music to my ears, balsam for my soul, etc.! [The writers among you are cringing at the cliches, I'm sure... :-) ]

Theoretically, the workplace is devoid of emoitions. But in real life, that's never the case. And in fact, emotions often have a much higher effect on productivity than almost anything else. I really enjoyed my 5-year stint as an internal consultant, because one big part of consulting skills is being aware of your own emotions and (trying to) understand what is triggering them. It is almost always something in the current situation. Identifying that cause can often lead to a breakthrough in consulting. My favorite book about this is "Flawless Consulting" by Peter Block, which has a prominent place on my bookshelf, right near "The Psychology of Computer Programming." And acting as a consultant, you (often) have permission to name or surface those underlying emotions in one way or another. In fact, sometimes that is your #1 job.

Many management trainings also concentrate on identifying your emotional reactions and using those in the workplace. It is often more OK to be yourself than we realize. In fact, sometimes openness is what is needed to break a "logjam". But I agree, for many people this is very unexpected, and it is a risk to be the first to try it.

Perhaps you can give yourself permission to establish yourself as a "whole person" in your new job, able to relate to your new colleagues and employees as a real and open person. I must admit, I am not currently doing that in my job! So I don't claim it's easy. But perhaps it can be done. (Then again, on the other hand, I just recently read an article from a German psychologist that claimed that being open and authentic is career suicide, and that the guys who get ahead are the ones who manipulate the best! In my cynical moments, I believe this might be true, but I prefer to ignore it...)

Jerry Comments


If this is what "getting ahead" requires, I would question whether it's really "ahead" at all. You might make more money, and have more authority to order people around (which they'll ignore as best they can), but you're really falling back. And, for a consultant, "ahead" and "up" are not synonyms anyway.

In any case, whatever direction you want to travel, studying your emotional system and practicing to improve your understanding of it—those are keys for most consultants to improve their effectiveness. The emotional system is your priority analyzer. Without it, you don't know what's important. And with it, if you don't know how to understand it, you'll act like a robot who doesn't understand the difference between the important and the trivial.

Saturday, October 27, 2007

Developing Emotionally, Part 2

A client, let's call him Robert, who wishes to remain anonymous, writes about the body inventory:

"This was one of my key "lessons learned" from the Problem Solving Leadership workshop (PSL): acknowledging my feelings/emotions. As an INTP myself, this didn't make much sense at the time. :-)

Even though it was some years ago, I recall Jerry mentioning during PSL that INTPs have very fragile feelings which is why we need to protect them and appear to others as if we didn't have any.

After PSL I have been doing the exercise Jerry describes every morning at my desk in the office while writing in my journal. I close my eyes and write down what I feel. I just acknowledge it to myself on paper. In my case though, I don't start at my toes. I have learned that my emotions get trapped in 3 very specific places in my body: my stomach, my chest, and my throat. So, I just aim for those. If I listen closely, I hear what I am saying... emotionally. That helps me balance myself to begin my day at work.

In dealing with others, I also often find myself "not understanding why others feel the way they do". That is my trigger to stop trying to figure it out and just be. I am just there for the other person. I just acknowledge their feelings. I don't try to change them. Sometimes I catch myself not being able to do that. I realize that, in those situations, I am emotionally out of balance. I am trying to "fix" the other person when, in fact, what I really want is to balance myself."



I'm so glad he wrote this, for his experience is as a valuable model for others of how the body inventory works, and how working on yourself first helps you understand others.

And, how helping others helps you, for when I asked Robert for permission to use his feedback, he wrote:

Jerry, please go ahead and use it on the blog.I am already thinking that once I see it on on your blog, it will help me be less afraid of sharing my thoughts in a larger audience. I'll get there. :-)

And, it is already helping other people. Melissa wrote:

Robert, I appreciate you for your insights. I have discovered my emotions are showing up in my stomach mostly. I will have to check in with my chest and throat. My stomach has been tense during my situations and could overwhelm different bottlenecks elsewhere.

Your second description about being out of balance perfectly describes my situations as well. You phrased it better and more deeply than my current level of understanding. Thank you for those insights. Being centered myself helps me be more present for the other person. As my centering improves I even get better at meeting new people. :-)

I also like the idea of doing The Body Inventory at your desk. I tried it yesterday for the first time while lying down. I almost fell asleep. (Though maybe that is what my body really needed then.)


The post also elicited a profound and helpful comment from Doris Hernandez, a "life coach." I recommend my readers take a look at her blog, Building the Life You Want, as well.

Thursday, October 25, 2007

Developing Emotionally

Melissa, a client, writes: "As you recall I got booted from my job when you were consulting here a while back. In the congruent model I was too self-oriented and neglected the needs of the Presidential Other and the Context. I recently exited another situation in similar fashion (but recognized the self-orientation problem right away). In my analysis I have discovered my INTP self has built a huge ability to work through and understand problems rationally and a minuscule ability to comprehend problems or situations emotionally. So far I realize I need to build emotional awareness, both of my self and of others. I think they go together. Seeing emotions in myself helps me see them in others. I think I also need more emotional problem skills. A friend pointed out humans are quite often irrational and I get confused trying to deal with those situations rationally. I guess I am looking for ways to develop emotionally. I appreciate any emotions or ideas that you and others are willing to share. Thank you."

I'd like my readers to post any help they can give to Melissa. Let me start by offering an exercise I found extremely useful in learning to perceive my own emotional state:

The Body Inventory


Sit down by yourself.

Close your eyes and mentally perform an inventory of your physical state.

Start with the tip of the big toe on your right foot. Is it feeling anything? Quiet? Itchy? Painful? What kind of pain?

Acknowledge the feeling, then move on to the next toe and repeat the process.

Finish your right toes, then do the left. Then do the parts of your feet, then your ankles and up your legs.

Continue the process up your body, inside and out, until you finish at the top of your head.

If you're pressed, the entire process can take as little as one minute, though if you can spare a couple of minutes, that would be better. You can almost always get a couple of minutes. For example, if I'm in a stressful client meeting, I ask for a health break and head for the men's room (in your case, Melissa, the ladies' room). I can hide out in a booth and perform the inventory. When I'm finished, I not only know my physical state (and perhaps something I want to do to improve it), but I usually have some insight into my emotional state and the emotional states of the others in the meeting.

Give it a try.

Any other suggestions?

Wednesday, October 17, 2007

Evidence That Teams Are More Productive

On The Collaborative View blog, I read the following question. Since it referred to me, I thought I ought to respond:

You have an assertion - that good employees who work together as a team outperform great employees who don't.

For a very long time I've been looking for a reference that provides some/any evidence for this, apart from anecdote or assertion.

Do you know any sources that show teams are more productive and creative?

I've read a heap of Jerry Weinberg's & friends work - this is one of their major planks. I believe it to be true, from my own experience, both negative and positive, I know it to be true, but haven't been able to find any hard/definitive evidence.


Calling It a Team Doesn't Make It a Team


First of all, the initial assertion is wrong. Sometimes it's true, but sometimes you can put a bunch of good employees together, call them a team, and find that they perform worse than the individuals would have done alone. It's like the little girl with the curl on her forehead. When a team is good, it can be very, very good; but when it is bad, it can be horrid.

Lincoln used to ask a riddle: "If you call a tail a leg, how many legs does a dog have?" Answer: Four, because calling it a leg doesn't make it a leg. And calling a bunch of employees a "team" doesn't make them a team. It takes time, teaming talent, and work to make a team.

Apart From Anecdote or Assertion


Second, consider the request: "apart from anecdote or assertion." You're not going to find any experimental evidence on "great teams" because it takes time for great teams to form. Thus, you cannot assemble some teams of college freshmen and expect them to become great teams in a few hours or days.

Nevertheless, I have done experiments in my classes (with computer professionals, not college students) that show numerically on some relatively small problems that team results can range from ten times better to ten times worse than the individuals on that same team. Since I'm telling you that, but not publishing in some psychological journal, this qualifies as an assertion. If you believe me when I tell you that I've repeated these experiments dozens of times, then it qualifies as an experiment.

As an experiment, it's limited by the time scale, as my Problem Solving Leadership (PSL) classes run for only a week of intensive team building. Most of the teams become very, very good during that time, but they don't become great. That takes longer.

Some Great Teams


In my consulting, I have seen many great teams over half a century. I remember them, because great teams are always memorable. But many people do not observe these great teams in their own organizations, largely because great teams in large bureaucracies know they have to hide from their own management. Why? For one reason, managers want to improve the whole organization, not just one team. That's admirable, but fails when it's connected with the fallacy that you can break up a team, put its members--one each--on other teams, and then the other teams will also become great. You build great teams one team at a time.

For another reason, managers worry that they will be judged by the standard of the great team. If all their teams don't live up to this standard (and they can't), then the manager's manager may think that the manger is not doing a good job with those other teams.

And, some managers simply don't believe it's possible for a team of software builders to produce software on time, within budget, that works well and pleases their customers. They literally can't see it when it happens, even when it happens consistently. One reason, of course, is that the customers of such a great team don't want the manager to see it, because then they may lose the team to the manager's attempts to spread the greatness.

Anecdotes from Sports


By the way, one of the reasons I became interested in teams early in my life was from observing what I call the All-Star Effect. Years ago, many of the professional sports held All-Star games in which the championship team played against a "team" composed of the star players from all the other teams in the league. Over time, though, people began to notice that the real team always won over the pseudo-team--a bunch of outstanding players thrown together for a short time and told to become a team. One by one, the different sports stopped this practice and converted to an All-Star game that pitted stars from one half of the league against stars from the other half. This new format was very entertaining, but told us nothing about "great teams."

More recently, the American basketball coaches learned this lesson about international play. For many years, the American stars were just so much better than the players from other countries that the Americans could throw together a bunch of them, call them a team, and have them dominate every single competition. But as the standard of play in other countries grew, the American All-Stars began to lose. Now, when the Americans put together a "team," they insist that the players work together for much longer periods of time before taking the court for official games. And now they are doing much, much better. Talent helps, of course, but talent plus talent does not automatically make a team.

What Kind of Team?


Finally, in different activities, the meaning of "team" changes. At one of my clients, the manager kept insisting that his employees work "as a team." Since they "team" consisted of field support agents who worked individually in different parts of the country, nobody knew what he meant. Finally, someone worked up the courage to ask, "What kind of team do you mean?"

He said, "Like a ski team!"

Monday, September 24, 2007

When Management Won't Hear the Truth: A Dialogue



A consultant writes: "I find that when I tell management the truth of what a task will take, they can't hear it. In fact, my diagnosis has sometimes meant the end of the interview. But it seems to me if I take a job without giving them my honest assessment, then I'm signing up to do something I can't do."

Jerry: I've often had this experience, with several different outcomes:

1. I don't get the job.

2. I get the job because, they say, "you're the only one who told us the truth."

3. They say, "Look, we just want to get CMMI certified. [or whatever] Show us the minimum we can do to fool the assessors." I leave.

4. I don't get the job. Somebody else lies to them, and X months later, they client comes back to me and says, "They lied to us, and it didn't work the way they said. You told us the truth, so we want you." Sometimes I come back. Sometimes I'm too busy. But if I come back, they're much better listeners the second time.

The consultant also wrote: "Another consultant, working for a large firm, told me that in some cases they do whatever the client wants and don't let it bother them if it blows up. They send an invoice, say 'well, we did what you wanted,' and move on. But I can't imagine myself taking this route, either. I'd like to know how other people deal with situations like this."

Jerry: You could do this if you had employees on the payroll that you had to farm out on billable hours. That's why I never had employees who had to be billed out, and why I always kept up my personal savings so that I, myself, didn't have to be billed out. Like you, I could never say, 'well, I did what you wanted,' and therefore could never work for a company that did. So, I'm not dependent on a company, and no employees are dependent on me. That's essential if I'm to be an honest consultant, and that's important to me.

The consultant further wrote: "Currently, I'm taking a university course called 'Ethical Decision Making for Leaders.' Our first paper is to be a case study of an ethical dilemma we've faced in our careers. I chose to discuss a job in which I was hired as project manager over a troubled product line, only to realize far too late that those in power did not want a solution as much as they wanted an excuse. My group and I were making some real positive change when I was tarred, feathered, and run out of town -- not by the systems engineers and consultants who had to deal with the angry customers (they loved what we were doing), but by the management in R&D above me. That company no longer exists -- a huge company acquired what was left. The incompetents at the top most responsible moved over to executive positions at the acquiring company. Over two-thirds of the rest lost their jobs at the time when the IT industry tanked (about five years ago).

Jerry: That's usually the (wrong) way these things are handled--bottom up--probably because it's the executives who are making the deal.

Finally, the consultant says: I've been through experiences similar to this so many times that I've wondered whether I'm really cut out for this kind of consulting work.

Jerry: The fact that you've weathered these situations means that you're as cut out for this kind of consulting work as much as anyone. Over time, you may get better at seeing these situations coming, so you don't get hooked into so many of them. That's one of the big things I'm trying to teach my readers. And a big part of being able to do this is financial independence.

Thanks for letting me quote you on my Secrets of Consulting blog. This is one of a handful of really essential topics for consultants of all kinds.

Tuesday, September 18, 2007

Blatant Advertising



Some readers of The Computer Consulting Kit's recent post on the "Working Conditions Thread" may see it as blatant advertising for their meta-consulting service (consulting about consulting). Those readers are right.

Some readers may see blatant advertising of consulting services as somehow distasteful or immoral. Those readers are wrong.

CC Kit's services seem heavily focused on marketing yourself as a consultant. They are right on target. Most consultants who fail, fail because of inadequate marketing. They somehow feel that clients should just seek them out as if by magic.

Warning: Blatant Advertising Ahead: Those consultants who feel that way should (buy and) read my book, The Secrets of Consulting. Then they should probably take a look at the CC Kit website, and any other marketing advice they can find.

But only if they want their consulting business to be successful.

Wednesday, September 05, 2007

Introducing New Technology: Agile Methods

It's one thing for a consultant to have great ideas that would help your clients. It's quite another to actually help those clients actually implement those ideas.

I've recently been interviewed by PM Boulevard about introducing agile methods. They asked me five questions:

Why use Agile methods?

What is the biggest challenge of implementing Agile methods?

In what environment will Agile be most successful?

What is the future of Agile?

What other information source about Agile do you find interesting or intriguing right now?

On the same site, you can also read answers to these same five questions by David Anderson and Steve McConnell. Check it out: PM Boulevard

Sunday, July 29, 2007

Working Conditions that Prevent Consultant Misery

In my workshops, I always set aside time for consulting with participants on any situation they choose. In a recent Problem Solving Leadership workshop, I spent some of this time with Celia, a programmer working as a consultant/contractor. Because she questioned some of the company's business practices, Celia was deeply troubled by the implications of her latest contract offer. "What they want me to do for them will affect the lives of thousands or millions of people," she told me.

"That's not unusual," I said. "It's the nature of networked information systems."

"But my programming is invisible to them, and most of their customers won't know what's being done to them by the system–and that it's being done by me. That's too much power for me," she complained. "What can I do about it?"

Celia wasn't willing to accept those meaningless standard explanations: “That’s the way the computer must do it,” or the even more insidious, “That’s the way things are.”

I reminded her that some consultants in her situation salve their conscience by sabotaging their client's information systems in small ways. In many cases, it’s difficult to tell whether this is an conscious or unconscious reaction to their client's questionable practices. I've seen cases where I didn't doubt the subversion was conscious, but Celia wasn't interested in sabotage. "It's not in my nature," she said.

I then explained that at least she wasn't alone. Many consultants have complained to me that their current assignment holds no meaning. They don’t know what is being done with their work, or they do know and don’t approve. Their response is to stay on the job, draw the fee, and badmouth their client at every safe opportunity. Again, Celia said this wasn't her way.

I know lots of consultants like Celia, consultants who feel an enormous responsibility to the people whose lives will be impacted by their work. These people ask me, as did Celia, "If I don’t believe in what my client is doing, or I don’t understand it, then why should I be I working there? To draw a fat fee? If so, what does that make me?"

I offered Celia a set of principles I've always used when taking a new assignment, principles that have kept me out of certain kinds of troubles for many years:

1. I will not work for an organization whose goals are not consonant with my own beliefs.

2. I will not work on projects whose goals I do not understand, or cannot agree with.

3. Before becoming part of a project, I will first obtain agreement on what percentage of my time I can (and must) spend on continuing professional development, and what resources will be provided me for that purpose.

4. I will not work under measurement schemes that pit one person’s performance against another’s. Rather, I will cooperate totally to help others in the project achieve their full potential, as I expect them to help me do.

5. I will not accept work without understanding what is to be done, and why, nor will I pass work to others without their similar understanding.

6. All my work will always be open and available for critical comments (circumscribed, as appropriate, by real security considerations); and I will always stand ready to review the work of others in exchange for them returning the reviewing service to me on my work.

7. As long as the above conditions are met, I will devote myself in the utmost to achieving the goals of my project and the organization that has retained my services.

Sometimes, a manager trying to hire me is outraged at one of these conditions. That's unfortunate, but it's a sure indication of trouble later, if I make the mistake of accepting that assignment.

Over the years, I’ve found that consultants who ask these questions and set those conditions don’t wind up in assignments that make them miserable. Sometimes, when they ask them honestly, they leave their present position for somewhere else that makes them happier, even at a lower fee.

Monday, June 18, 2007

How Good Are Expert Predictions?

Magazines are ephemeral, but some of my friends compulsively keep stacks of copies of old magazines. I've always wondered what possible use these collections can be, but here's a lovely contribution one of my readers sent, taken from Popular Science of May, 1967, page 93.

"Time sharing, most experts agree, is the key to the computer's future, at least for general use. A few years ago, when people thought about household computers at all, they though of some small, inexpensive, individual unit that would keep track of the family checking account and automatically type of Christmas-card labels. Now we know it won't be like that at all.

"The reason is economic. The bigger and faster the computer, the cheaper it makes each computation. Consequently, it will be far cheaper to build one monster computer with thousands or even millions of customers hooked into it than to have small, individual machines in individual homes."

Now we know that "most experts" were wrong: we know it would be like that, because today, 40 years later, it is like that. I was something of an "expert" in 1967, and I'm proud to say that I wasn't one of those who made such a piss-poor prediction. That's probably because I don't make predictions—except the prediction that almost all of the predictions we make today will turn out to be piss-poor 40 years later.

Why do I make such a meta-prediction? Well, I've researched the past, and, as Patrick Henry said, "I only know the future from the past." But don't take Patrick's or my word for it. Here's how you can find out for yourself. Beg, borrow, or steal a copy of some old computer magazine. Spend as much time reading it as you typically spend on this month's issue of the same publication (or an equivalent one, if the old one is no longer around). I guarantee that the time spent on the old one will be more productive.

Because I was an "expert" in the 1960s, I published a number of articles in the leading computer magazine of the time, Datamation.. I do save my old articles, so I happen to have a copy of Datamation. from September, 1962. My article in that issue is entitled, "How to Automate Demonstrations."

Although the print magazine Datamation. itself shuffled off this mortal coil in 1997, I'm proud to say that my 1962 article would stand up pretty well even today. Perhaps even better today. Now that hardly any part of the computer moves, demonstrations are much more challenging to create. Of course, this was supposed to be a humorous article, though not everyone realized it at the time. I received a dozen requests for the Demonstration Compiler—that is, the compiler that compiled fake demonstrations. (Hmm, is there any other kind?)

On page 79 of that issue of Datamation., there's an advertisement from Computer Dynamics of Silver Spring, Maryland. (What ever happened to them.?
"MEMO Re: COMPUTER TIME
Solve your computer problems efficiently and economically by using our 32K, 10 tape IBM 7090 at $450 per hour." (That's about $5,000 per hour or more in today's dollars.)

Today, 45 years later, I own five computers, each of which is far more powerful than that 7090. As far as their value, I've thrown away a more computing power than that because nobody wanted it. Yes, the ten tape drives would still be a bit expensive today, but why would I want them? I own more than a dozen disk drives, each of which stores far more than those ten tapes.

The list of advertisers from that issue contains many forgotten names of companies selling computers, plus a few companies that are still around but no longer selling computers. Here's some examples:

PHILCO "Philco's on the move."

RCA "What's new at RCA is news in EDP."

GENERAL PRECISION (Surely everyone remembers the RPC-4000.)

ASI "More computation per dollar—on the ASI-210."

GENERAL ELECTRIC "Progress is our most important product."

FRIDEN "This is Practimation."

AUTONETICS "It's called RECOMP III."

TRW "Be operational now with the TRW-130 (AN/UYK-1)"

BENDIX "Is your programming career in a closed loop?"

Bendix didn't actually advertise their machine (no, it wasn't a washing machine), but they were crying out for programmers. And so were most of the others, "from $7,000 on up."

Even IBM (who, at last look, was still around), was desperate for programmers to "shape the future of a new technology." Sound familiar? Although machines are millions of times faster and cheaper, some things—human things, mostly—don't seem to change in 45 years:

"IBM programmers ... are devising programs that in turn use machine capability for formulating new programs. They are creating programs that enable computers to diagnose their own faults through self-checking. And they are helping to design the systems that will let scientists and engineers 'talk' to machines in the everyday language of science and engineering."

Gee, I hope they finish these projects soon. I've been waiting a long time to talk to my computers.

Perhaps, in the end, all this flux of companies and jargon and sales promises is merely an illusion. Perhaps it's what doesn't change that teaches us the most important things about ourselves.

And what is it that doesn't change?

Us.

Oh, the faces change. The names change. But the behavior, the hopes, the visions, the gullibility—they don't change. Maybe that's a prediction you can safely make.

Saturday, June 02, 2007

The Exception is the Rule

Recently, I was trying to help a client (let me call them "StartupCompany") mired in conflicts, exceptions, errors, anomalies, lapses, modifications and other deviations from the norm. These annoying exceptions were playing tricks with my blood pressure, so I had to be wired to a wearable blood pressure computer for twenty-four hours. As if StartupCompany didn't have enough interruptions, now my wearable computer was inflating a blood pressure cuff at random intervals throughout the day.

Every time the cuff inflated, I petulantly asked myself: Why can't they run a project like real people living run-of-the-mill, low-blood-pressure lives?

That night, I was using the Yellow Pages, and in the A categories in the Yellow Pages index, I chanced to notice a curious pattern. Here are the first few items:

Abortion Services and Alternatives. These were the first two entries in the index. I decided to skip them both, so as not to take sides in the pro-choice/pro-life conflict. I had enough conflicts within StartupCompany.

Abuse - Men, Women, Children. I decided to continue my scan of the index, and this was the next entry. The normal process of family living involves people loving and respecting each other, communicating well, and behaving appropriately according to societal norms. But when people start behaving inappropriately, they need Abuse Services. In StartupCompany, people normally respected one another, communicated well, and behaved appropriately according to societal norms. But they sometimes didn't, and they lacked "abuse services" for coping.

Academies (including private schools and special education). When the formal education system doesn't provide special knowledge or handle special cases, private academies and special education are called for. People within StartupCompany often needed to know things they hadn't learned in the public schools, but StartupCompany had no provision for special education.

Accident Prevention. Accidents aren't "supposed" to happen, StartupCompany had accidents. In order to improve, they needed processes to prevent accidents and to mitigate their consequences.

Accordions. Despite what some people think, accordions are perfectly normal, though not everybody learns to play them or appreciate them. Still, StartupCompany could have used some entertainment to lighten the mood once in a while.

Accountants. Accounting is also normal, but, if everything always went according to plan, we wouldn't need to account for things so carefully. We have to protect our financial well-being from mistakes and misbehavior, and that's what accountants do - and also what they should have been doing in StartupCompany.

Acetylene Welding. Some welding is normal, and some is for repairing things that are not supposed to break - but do anyway. StartupCompany lacked a "welding team" to handle lots of stuff that broke.

Acrylic Nails. Most normal people have fingernails, so why is there a nail business? Oh, yes, it's the human interface, and StartupCompany had to cope with conflicting ideas of what made a system beautiful - but they had no special beauty experts to resolve the conflicts.

Acting Instruction. We all need to "put on an act" now and then when we're caught by surprise. StartupCompany's people certainly needed training in how to behave in improvisational situations, but there was no acting instruction.

Acupressure/Acupuncture. If we were all healthy all the time, we wouldn't need medical services, and if "normal" Western medical services worked all the time, we wouldn't need acupressure and acupuncture. So, there are not only abnormal services, but meta-abnormal services - the services when the normal abnormal services fail - certainly true in StartupCompany.

Addressing Service. Have you ever tried to maintain a mailing list? Almost all the work is not the mailing itself, but maintaining the addresses. It's even worse for email, because email services haven't yet evolved "normal" ways of dealing with changes. Gee, neither had StartupCompany.

Adjusters. Adjusters, of course, are an abnormal service from the get-go. Without accidents, we wouldn't need insurance, and if things stayed on course, StartupCompany wouldn't have needed risk analysis. But they did.

Adobe Materials and Contractors. Adobe materials may not be "normal" where you live, but here in New Mexico, adobe is a normal building method. StartupCompany, too, has its idiosyncratic processes that are not normal in other projects - and newcomers have to learn about them or pay the price. But StartupCompany had no special services to bring newcomers up to speed.

Adoption Services. Yes, sometimes people are not wanted by their parents, and StartupCompany certainly had some unwanted people. But, they lacked "adoption" services for moving unwanted people around.

Adult Supervisory Care. "Normal" adults can take care of themselves without supervision, and normal workers wouldn't need much managing at all. But StartupCompany had two adults who could not take proper care of themselves, and the managers spent an inordinate amount of time on these two out of a hundred.

I stopped there, sobered by my reading. It was now clear to me that StartupCompany, being a startup, had an overly simplistic picture of what it takes to run a company. I needed an adjustor to adjust my blood pressure - I needed to see that my job as their consultant was to teach them that deviations are normal, and that they (and I) could do what real people do:

• stop whining and deal with them

• create systems to deal with them

• create systems to prevent them

And, of course, I have to do these three things in my own company - like not whining about my blood pressure.

Monday, April 09, 2007

Why Would an Old Consultant Retire?

A Letter From An Old Colleague

I received thought-provoking email today from another old-timer, about ten years younger than I, but still pretty old. Here's what he said:

"I was having dinner with another old lamenting engineer, and we talked about times past, and those that have since drifted into retirement (here he gave a list of well-known luminaries in our profession: J). A bunch of them have drifted away, and if you asked present day professionals about some of these names they would look at you with uncertainty in confusion. Maybe it was the wine, but I offered up the possibility of holding a 'Sage Oracle' conference to put these industry leaders front-stage-center.

"My wife suggested that maybe a better venue would be a book where each would contribute a chapter of noteworthy wisdom. To pilot this I quickly set about drafting an email to these parties asking if there was interest (from a monetary standpoint we would self-publish and donate the proceeds to some worthy venture, and not our own wealth building). What surprised me was the comments that I received:

- 'No, I'm retired and intend on staying that way.'

- 'Thanks but no thanks, I tried to make a difference, and I did in the short term but look at things now.'

- 'Sorry, not interested since it seems that software engineering has evolved into a science of excuse methodologies that don't strike at the cause of the problem but rather attempt to appease and cajole.'

"I guess I'm not surprised, but at the same time isn't it amazing that our short time on this earth, regardless of how much we think we have accomplish, has produced a batch of undurable stuff? Thought I would share this and maybe it might be a topic for interesting discussion in one your sessions."

My Reaction

Well, I thought it might make an interesting discussion on this consulting blog, so here are a few thoughts of mine:

I never thought I would make a "big" difference in the profession, so I'm not disillusioned. I figured that one person could do the most by working one-on-one with other people, and that's the way it's worked for me. Sure, I've written a lot of books, but the knowledge underlying those books has come from my work with individuals over half a century. And, when I see how they are continuing to work, to write, to influence other people, I would never say that I have "produced a batch of undurable stuff."

When you work with people, your work endures through them. I have not grown cynical, or bitter, but intend to keep on working through the marvelous people in our profession until I drop dead. I'm an old guy now--pretty much all of my contemporaries are gone--but I continue to work, even though my emphasis on different methods has changed. For example, it's harder to do long, intensive workshops that Dani and I did for so many years, but the AYE Conference is a format my old bones can tolerate. I can still do three hours, non-stop, and do it every day through the conference.

[After writing the above paragraph, I thought about how much I miss those workshops. I decided to do something about it, so I asked two of my younger colleagues, Johanna Rothman and Esther Derby if they would support me through another Problem Solving Leadership Workshop (PSL). They heartily agreed, and we're going to give it a try this June. If I can ease off a bit and let them do some of the hard stuff, I should be able to keep going for a few more years. We'll see.]

I continue to write, though it's a bit harder on my fingers (and I've had no luck with talk-and-type software, so far). But I have changed the emphasis of my writing. I continue to write non-fiction (like my new book on writing, Weinberg on Writing), but I'm now writing novels that I hope will catch the attention of the rising generations. My protagonists are just like the people I've worked with over these many years--people with special talents who face a world that doesn't understand them, but wants to commandeer their talents.

I think I can indefinitely continue my on-line SHAPE Forum (Software as a Human Activity Practiced Effectively)--again, with some assistance. It's such a pleasure to hear from the best minds in our profession every day and share thoughts and feelings with them. What a privilege it has been to work in this fascinating profession for all these years. How could anyone ever want to give it up for mere retirement?

Monday, March 12, 2007

Innocent but Dangerous Language

To be successful as a consultant, you need to pay attention to seemingly innocent language. The computer software field is filled with such language booby traps, but let me introduce the subject by citing a field that might be more familiar to more people—dog training.

My wife, Dani, is an anthropologist by profession, and so naturally is a skilled listener. She's now retired from her anthropology career, but brings all her skills and experience as an anthropologist and management consultant to her new career of behavioral consulting with dog owners and dog trainers. The combination produces many interesting ideas, like what she told me about the way attack dogs are trained. As usual, the big problem with attack dogs is not the dogs, but the people.

When someone hears that a dog is attack trained, chances are about one in three that they'll turn to the dog and command: KILL!

As a joke.

Or just to see what the dog will do.

To protect against this idiotic human behavior, this carelessness with words, attack-dog trainers never use words like "kill" as the attack command. Instead, they use innocent words like "health" that would never be given in a command voice.

This kind of protection is needed because a trained dog is an information processing machine, in some ways very much like a computer with big teeth. A single arbitrary command could mean anything to a dog, depending on how it was trained—or programmed.

This arbitrariness doesn't matter much if it's not an attack dog. The handler might be embarrassed when Rover runs out to fetch a ball on the command ROLL OVER, but nothing much is lost. But if the dog were trained to respond to ROLL OVER by going for the throat, it's an entirely different matter.

Maintenance, or Computers with Teeth


It's the same with computers. Because computers are programmed, and because the meanings of many words in programs are arbitrary, a single mistake can turn a helpful computer into one that can attack and kill an entire enterprise. That's why I've never understood why some of my clients take such a casual attitude toward software maintenance. Time and again, I hear managers explain that maintenance can be done by less intelligent (and cheaper) people, operating without all the formal controls and discipline of development—because it's not so critical. And no amount of argument seems able to convince them differently—until they experience a costly maintenance blunder.

Fortunately (or unfortunately), costly maintenance blunders are rather common, so managers have many lessons, even though the tuition is high. I keep a confidential list of expensive programming errors committed by my clients, and all of the most costly ones are maintenance errors. And almost all of those involve the change of a single digit in a previously operating program.

In all these cases, the change was called, innocently, "trivial," so it was instituted casually by a supervisor telling a low-level maintenance programmer to "change that digit"—with no written instructions, no test plan, nobody to review the change, and, indeed, no controls whatsoever between that one programmer and the day-to-day operations of the organization. It was exactly like having an attack dog trained to respond to KILL—or perhaps HELLO.

Just Change One Line


I've done studies, confirmed by others about the chances of a maintenance change being done incorrectly, depending on the size of the change. Here's the first part of the table:

     Lines         Chance of

    Changed        Error

          1                    .50

          2                    .60

          3                    .65

          4                    .70

          5                    .75


Developers are often shocked to see this high rate, for two reasons. In the first place, development changes are simpler than maintenance changes because they are being applied to cleaner, smaller, better-structured code. Usually, the code has not been changed many times in the remote past by unknown hands, so does not contain many unexpected linkages. Such linkages were involved in each of my most costly disasters.

Secondly, the consequences of an erroneous change during development are usually smaller, because the error can be corrected without affecting real operations. Thus, developers don't take that much notice of their errors, and thus tend to underestimate their frequency.

In development, you simply fix errors and go on your merry way. Not so in maintenance, where you must mop up the damage the error caused, then spend countless hours in meetings explaining why it will never happen again—until the next time.

For these two reasons, developers interpret this high rates of maintenance errors as indicative of the ignorance or inexperience of maintenance programmers. But if we continue down the table a few lines, we can see that the cause cannot be either ignorance or inexperience:

     Lines         Chance of

    Changed        Error

          10                   .50

          20                   .35


The decrease in error rate as the size of the change increases shows that maintenance programmers are perfectly capable of doing better work than their record with small changes seems to indicate. That's because these "trivial" changes are not taken seriously, and so are done carelessly and without controls. How many times have you heard a programmer say, "No problem! All I have to do is change one line."

Who Coined These Innocent-Sounding Words?


And how many times have you heard these programmers' managers agree with them? Or even to work "quick and dirty" when "it's only a minor change"?

This carefree attitude would be sensible if "minor" changes were truly minor—if maintenance of a program were actually like maintenance of an apartment building. Not that janitorial maintenance can't be dangerous, but the janitor can assume that changing one washer in the kitchen sink won't incur great risk of causing the building to collapse and bury all the occupants. It's not safe to make the same assumption for a program used every day to run a business, but because we are so free and arbitrary with words, the word "maintenance" has been misappropriated from the one circumstance to the other.

Whoever coined the word "maintenance" for computer programs was as careless and unthinking as the person who trains an attack dog to kill on the command KILL or HELLO. With the wisdom of hindsight, I would suggest that the "maintenance" programmer is more like a brain surgeon than a janitor—because opening up a working system is more like opening up a human brain and replacing an nerve than opening up a sink and replacing a washer. Would maintenance be easier to manage if it were called "software brain surgery"?

Think about it this way. Suppose you had a bad habit—like saying KILL to attack dogs. Would you go to a brain surgeon and say, "Just open up my skull, Doc, and remove that one little habit. And please do a quick and dirty job—it's only a small change! Just a little maintenance job!"?

The Moral


Of course, you as a consultant would never be this careless with language, would you? But when you're called in by a client who's having trouble—like disastrous small maintenance changes—listen to their "innocent" language. It may contain just the clue you need to make one small change and fix the problem.

Oh, wait a minute!

Monday, January 08, 2007

Protecting Your Client Communications

We hear a lot in the consulting literature about "communications," but mostly they (me, too) are talking about the psychology of getting information from one person to another. That's a tough topic, but there's also the physical problem of getting information from one person to another. In the past week, I've been alerted to several instances where electronic communications have been corrupted or diverted. It's time to take a serious look at what's happening to your electronic messages.

Case 1. AOL Security Hacked

This is a note from one of my correspondents:

Last night was horrific. I lost my screen name. Some hacker stole it from me and no one - *NO ONE* - from AOL would help me. When the hacker got in, he changed my password, my security question, my billing. Yep, he changed it so that he would be billed. Why? Because he liked my screen name. It's XXXXXX. He wanted it. He was willing to pay for it. And he was willing to screw me over to get it.

I was on a secondary screen name at the time - one that I use when I'm online and I don't want to be distracted by e-mails and such. I got an e-mail. It was from AOL telling me that the master screen name's password was changed. I didn't change it. No one has that password but me. No one.

I immediately tried to access that name. No luck. I called AOL and suffered through repeated recordings that tried to "solve my problem" for me before sending me to a real person. No... hitting "0" didn't work. But I found out that "9" does. I talked to everyone I could.

No one would talk to me. Why not? Because I was no longer the owner of the account. I've had this account since 1996 and they would not listen. They told me that since I was not the current owner, they could not talk with me. They claimed to have no record of me at all. The guy had had control for less than an hour and they wouldn't budge because I wasn't the owner of record.

You can't imagine my frustration. Or maybe you can. I conduct *ALL* my consulting business from this screen name. Losing it would be disastrous. Hideously so. I was apoplectic. I offered to prove that I owned the account - to no avail. THEY WOULD NOT TALK TO ME.

They referred me to the Fraud department, which was closed till nine this morning. But I couldn't wait. I couldn't stand it.

I was still on my secondary e-mail and I waited till the (expletive deleted) signed on. And then I IMed him. I called him a nasty name and then started in on the questions - why? how?

He laughed. Sent me "LOL" and told me I'd just learned a lesson the hard way.

He knew I was a consultant. And I asked him how he knew.

Here's what happened: I'd put some information in my AOL profile, thinking that it was a cool way of promoting my services in case anyone was browsing. Mistake. That gave him my name. He googled me and found out what college I went to. Bingo. That gave him the answer to my security question.

He didn't even need my password to get in. He used the "password reset" option and used the security question to bypass it all. This bears repeating: HE DIDN'T NEED MY PASSWORD.

He said he collects screen names for a living and laughed at me.

All this in an IM.

And then, I asked, please. I told him that he was messing with my career. That my screen name was my lifeblood and that losing it would hurt more than he could ever imagine.

And then the hacker did what AOL refused to do. He gave me my screen name back. He gave me the new password (which I promptly changed) and the new security answer. He got suddenly chatty and started giving me hints about him and where he lives and such. Not that I believe any of it. He made my XXXXXX to a lower case xxxxxx and offered to send me the program he used to change it. I declined, telling him that the lower case "x" would be a constant reminder to me to be vigilant.

I have no idea why he did this. But he did. He said he was a hacker with a conscience. I believe it. I still hate that it happened. But I learned a lot last night, in the midst of all the angst. I have a cryptic answer to my security question now. I have all new passwords. I have NO profile on AOL now. I'm sure someone can still make the connection, but I'm taking steps to protect myself.

Jerry, can you make this into a well-worded warning and try to get it out there on your blog for other consultants?

AOL did not help me when I needed them. I called the Fraud department this morning and I ripped into them. Did they care? No.

They're the ones who forced me to set up a security question. I never wanted one. I foolishly believed that the question would come into play only *AFTER* the password was given. I was wrong.

Double check your security. Do not go through the agony I went through last night.

MORAL: 1. Don't count on AOL for security help.

2. Don't count on any ISP for security help. It's your responsibility.

3. Don't be stupid about your passwords.


Case 2. Don't Be Spoofed and Don't Be a Pfish


I receive income from Amazon for my short essays posted on their site. Yesterday, someone tried to hijack my Amazon account. If they had succeeded, they could have diverted my income directly to their bank account. Even worse, there are cases where they could post counterfeit writing under my name, which could kill my reputation.

I received an email that looked exactly as if it had come from Amazon and asking me to update my account information. Heeding previous advice, however, I did not click on the link but instead wrote directly to Amazon using their website (which I reached by typing the url myself). I received the following information and advice, which applies to all such 'update your account" messages:


Greetings from Amazon

The e-mail you received was not from Amazon.com. We are investigating the situation, and we appreciate you letting us know that you received this.

For your protection, we suggest that you never respond to requests for personal information that may be contained in suspicious e-mail. It is best to assume any e-mail that asks for personal financial information (or web site linked to from such an e-mail) is not authentic.

If you did not click on the link in the fraudulent e-mail, your account at Amazon.com is fine--there's nothing more you need to do. If you did click the link, but didn't enter any personal information (such as your login or password), the phishers will not have your Amazon.com account information.

However, please know that if you ever respond to a phishing e-mail and do enter your Amazon.com login and password (or any other personal information) on the forged web site, the phishers will have collected that information and you should take appropriate action. We recommend that you update your Amazon.com password immediately, and, if you entered financial information, you may want to contact your bank or credit card provider.

If you encounter any other uses of the Amazon.com name that you think may be fraudulent, please do not hesitate to contact us again.

Thank you for contacting Amazon.com.

WHAT IS PHISHING?

Phishing e-mails have been around for years. The term phishing comes from the use of increasingly sophisticated lures to "fish" for users' personal or financial information. In phishing, the scam artist usually sets up a spoofed a web page, which looks like the real one, but is owned and operated by the phisher.

Go to www.amazon.com/phish to read more about ways to protect yourself from phishing.


WHAT IS SPOOFING?

Spoofing, in this context, refers to a counterfeit web page or e- mail that is made to "look and feel" authentic but is actually owned and operated by someone else. It is intended to fool someone into thinking that they are connected to a trusted site, or that they have received an e-mail from a trusted source.


MORAL: Don't be so trusting. These are not people you're dealing with.


Case 3. They're Faster Than You Are


Fraudulent abusers of the internet are at work 24/7, and there are thousands of them, so one little lapse will cost you. As the Amazon warning said, by the time you notice you've been pfished or spoofed, they will already have your "secure" information, which they will sell many times over.

My SHAPE forum is subscription-only, and guarded by a password. The other day, however, we accidentally published a "clean" email address for special use, but mistakenly put it outside the protected area. In less than 24-hours, we started receiving spam on that address.

Imagine what would happen if you exposed one of your clients' email addresses or secure websites--or, heaven forbid, one of their passwords.

MORAL: One mistake, for one minute, can cost you your business.

Case 4. Watch Your Blog: They're Not Script Kiddies Playing Around


The other day, some of us started seeing strange, obscene material on Don Gray's blog. Don asked the AYE Conference hosts about this, and Dave Smith, our internet guru, gave this reply:

I took a close look at your blog. You've been hacked. Pull up http://www.donaldegray.com/tiki-view_blog.php?blogId=2 and View Source. The chunk of JavaScript at the bottom adds a hidden section that will render the links invisible to modern browsers (Some probably saw it because she's using an older browser like Lynx). Google will see the links, and will drop your site from the Google index. I'll dig up the procedure to get reinstated.

I suggest checking with the TikiWiki people to see about security updates. I recall there being an issue several months back that caused someone else I know to get hacked. Might be the same issue. You might also want to check the rest of your blog to see how widespread the damage is.


Don wrote back: I'm curious, what good does it do someone, if the primary result is dropping the site from the Google index? Script kiddies having fun?

Dave replied: This stuff isn't script kiddies. Basically, it's organized minor crime. By using automatic attack tools to hide a bunch of links for their clients, they're bumping up the "rank" of their sites on various services that aren't (yet) as aggressive as Google in culling out junk. Using automated tools is cheap; just park a laptop in a coffee shop with an open wifi, and let it rip. If you get caught, move down the street. The more sophisticated crooks rent time on large networks of compromised home windows machines. It's a huge problem. This, sadly, is why nobody who tries unfiltered or unmoderated blog comment systems survives for long in the open. I don't have comments enabled on my blog, but still see daily evidence of automated attack attempts in my server logs.

My own blogs, including this one, receive numerous spam messages every day, which I block, but some of my colleagues still have unmoderated blogs. Everything that goes up on your blog reflects on you. Just the fact that you allow it to go up there reflects on you. Yes, you can moderate posts off your blog after they're posted, but that's too late. You want your clients to read your blog, don't you? Some of them will see the posts before you are able to remove them, so stop them before they reach the site.

MORAL: Everything on your blog or your website reflects upon you. Make sure it's the reflection you want.

META-MORAL: I could go on endlessly with examples of corrupted or diverted communication, but I couldn't keep up with the new scams that appear every day. You have to be super-cautioius, and well-informed, but many consultants I know are failing in this responsibility.

Yesterday, I talked to a consultant who uses "password" for her password. When I asked her why, she said, "Yes, I know better, but it's just not a high priority." Well, maybe this is the psychology of communication after all.