PraxIS April 2003                    ISSN 1649-2374

Contents:  Business case, I.T. ROI, Spam avoidance, Safe Surfing, Testing resources, Euro on the BBC, Microsoft & "hackers"

This issue online at


Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success

The Business case for I.T.

   Finance and I.T. should be friends

Internet - Spam avoidance

   Double wrapped for double protection
   Safe Surfing - a guide for parents

Software Testing

  Testing resources for free download

Euro news

  BBC helps UK viewers make up their mind.

On the lighter side 

  Microsoft and the "extinction" of the hacker

13 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information



A week later than usual, this issue still aims to bring you my pick of the interesting recent items in I.T. I'm always ready for your comments! Thanks for reading,

Patrick O'Beirne



The Business case for I.T. 

I attended the ICS Annual Heads of Industry Conference at the ICT Expo in Dublin in April. Most of the presentations were fairly ho-hum stuff, but I liked the hard-nosed approach of Jeremy Young, Finance Director for DHL's Global Information Services Division. His presentation can be downloaded from

My own take on this is that it is always a business issue. The business has to decide among the alternatives among the IT solutions on offer just as producers do with process plant equipment. Just like engineers, IT managers will want to specify more so as to have a reserve for future needs. Accountants will want them to make do with what they have. Marketing want to be able to have anything they dream up - yesterday, before the competition get it. Senior management and the board have to weigh up the alternatives - make or buy? - produce or outsource? - expand existing resources, upgrade, or start anew?  None of this is easy - that's what senior people are paid to decide upon. If they need extra guidance in evaluating the proposals on offer, that's what consultants like me are paid to do.


Internet and risk management

Double-filtered protection against spam

Spam is the scourge of the internet today. I get send from ten to twenty spams a day. Fortunately, I only see one or two of these. How do I do it? I combine two approaches to spamblocking - blacklists and content filters.


There are many databases on the net of known sources of spam. Not the email addresses, which are often faked as, but the network (IP) address of the source computer. One of the services that uses such lists is which for $36/year will filter email for you. Because some spammers can use popular internet service providers (ISP) to send their mail through (until they are caught), this sometimes results in these companies being unfairly blacklisted. Therefore SpamCop provides a "whitelist" feature whereby you can flag certain known senders as genuine, so they get through to you without being stopped.  This has got pretty good now; I occasionally check the filters online to see if anything genuine is caught in them, and rarely - maybe once a month - do I find a bona fide email. It would not matter now if I never checked the filters and let the blocked emails expire.

The other feature is SpamCop is the "get mad and get even" approach which allows me to send a spam report to the "abuse" reporting address of their ISP. Frankly, as far as I can see, most ISPs seem to ignore this, but it helps me feel I can kick back a bit. I certainly do it for any email that dodges the filters, and if I ever see one in the filters that has forged my address at as the "from" address, I instantly report them too. Because SpamCop traces the spam to its real source, there is no danger of reporting myself as the apparent source!

Content filters

Also known as "Bayesian" filters because of their use of statistical pattern recognition, these act in a similar way as people do - looking for certain words and phrases that are characteristic of spam. An example is SpamAssassin, which awards points for such terms and blocks the mail if it reaches a certain threshold.  One of my email providers ( uses that system. Unfortunately, they don't have a whitelist system, so I do have to check the mail and let through some newsletters that are advertising-supported. You can also see spam writers mutating their text (e.g. "free" becomes "fr*e" to avoid these content filters - it's kind of like a virus mutating as defences get better.  A BIG page listing the tags that trigger the filters How to avoid the filters!  Bogofilter also uses a statistical approach  as does POPFile with Eudora.  Fred Langa's article on spam solutions.


Of course .. given all the trigger words I'm using in *this* issue, you may never get this ... how would you know? I'm not using "web bugs" to track those people who read this when online. Maybe I should ask you next month if you got the April issue!


As an alternative to those filters, I can use special email subscription addresses for each known good newsletter and set up my mail provider to forward them to me directly without going through the spam filters. On the occasion that those addresses leak out to spammers - for example one respected source ( had their database hacked last year and that old address is now receiving spam which I send straight to SpamCop.

By forwarding all other ("catchall") mail to Spamcop and thence to EdoMail, I therefore guarantee to get pretty well-filtered email through to me without clogging my dial up connection.


Safe Surfing - a guide for parents,amrNQcm 

What you as a parent (or guardian) can do to ensure your children surf safely. Mainly intended for readers in Ireland, it includes guidance for children from the BBC:

_______________________________________________________ _______________________________________________________

Software Testing 

The Testing Standards Working Party is sponsored by the British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST) and is a volunteer group devoted to the development of new software testing standards. The group was previously responsible for the production of the British Standards, BS 7925-1 Vocabulary of terms in software testing, and BS 7925-2 Software component testing.

There are some useful downloads from that site - test methods for database applications, for example.

_______________________________________________________ _______________________________________________________



Evan's euro adventure (for UK readers) 

"This is arguably our biggest economic decision since the Battle of Hastings. So, BBC economics editor, Evan Davis previews the government's decision, by taking a whistle-stop tour of four eurozone countries...the construction site of next year's Athens Olympics and the giant Airbus assembly plant in Toulouse...talks to anyone, from the taxi-driver or teacher, to the Michelin-starred chef, to the central banker." Reader comments are on:

_______________________________________________________ _______________________________________________________



Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________


On the lighter side

Microsoft and the "extinction" of the hacker 

An advert claiming that hackers would soon be extinct due to the security of Microsoft software was pulled in South Africa for breaching advertising standards by making unsubstantiated and misleading claims. It claimed "Microsoft fully maintains that its software is able to fulfil the task of keeping hackers and viruses out, making the customers' data safer than if kept in a safe."

An astute reader pointed out that the term "hacker" used to mean an amateur programmer, a cowboy coder, and he prefers "cracker" to refer to those who crack security systems. Now, if MS could produce software development kits that made obsolete "hackers" in that sense, that would really be progress!


Another way to handle spam - from the Dilbert newsletter: 

"Here's a fun hobby of mine: When I get e-mail spam that includes an 800-number, I save the number for later. Then when one of the hundreds of Nigerian scam e-mails hits my e-mail box, I reply enthusiastically and give the 800-number of the spammer as my own."


Copyright 2003 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to 
EuroIS-subscribe (at) yahoogroups (dot) com
- it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor

"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".


To read previous issues of this newsletter please visit our web site at


This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.

Copyright (c) SML 2003

Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!


We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website