PraxIS March 2004                    ISSN 1649-2374

04-03 Contents: eVoting, Good Security Practices, Skype confcalls, Blackout bug, IT project disasters, Excel freeware, audit tools

This issue online at     [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success


1) Risk management
   Irish Computer Society favours e-Voting review 
   OCTAVE Catalogue of good security practices

2) Internet and e-business
   Skype Launches Free Conference Calling

3) Software Quality
   Software bug contributed to US Aug-03 blackout
   Worst run software project of 2003?
   Computer Weekly's campaign against government incompetence

4) Excel add-ins freeware
   XLAnalyst, Master Tool, Navigator Utilities, Excel Utilities
   Range Name curiosities
   Beta testing auditors for ActiveData by March 5th

5) On the lighter side
   Programmer's Drinking Song 

26 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS!

What do you find interesting in these newsletters? What would you like me to write more about? I'm always ready to hear from you!

Patrick O'Beirne



1) Risk management

Irish Computer Society favours e-Voting review
"The ICS welcomes the review promised by the government, and welcomes public debate so that public concerns about the integrity of e-voting are addressed and further lead to greater acceptance of the value of IT systems as we move to a knowledge based society."

However, the government is not changing its mind on the key Voter-verified audit trail (VVAT) called for by IT critics.
Silicon Republic reports the Taoiseach (Prime Minister) Bertie Ahern as saying "“Printers are unreliable in a high volume situation and that is the reason they are not used. The ballot papers printed at the time of voting and used in a manual count might not give the same precise results as the electronic voting system." That is because of the sampling system used in manual counts. But shouldn't we have legislated for a deterministic and predictable outcome for electronic counting? Irish Citizens for Trustworthy E-voting (ICTE) spokesperson Margaret McGaley said that "while it would soon be obvious if a printer had broken down, if the e-voting machines made a mistake there would be no way of knowing." is the official government site.

The Department of the Environment have published the terms of the review commission but the navigation menu from the home page does not work for me, so here is the direct link:

It states: "The Government has confirmed today (24th February) that the national roll out of electronic voting in the June European and Local elections would continue as planned. " Terms of reference: "The Commission will prepare a number of reports for presentation to the Chairman of the Dáil on the secrecy and accuracy of the Powervote/NEDAP system." The Minister said "As a democrat, I believe that every voter should know that if they cast a vote it will be counted accurately and not ruled out because of an innocent mistake."

There is the sticking point and the difference between the Government and its critics. The Government appears to be believe that a test and review is sufficient to guarantee that every voting machine has no operational failure mode undetected by the test but discoverable in use; and that from that point onwards the machines will work flawlessly on every occasion. Perhaps implicitly they believe that if a fault occurs, it will be obvious. Those of us experienced in IT know the contrary reality. There are many hardware maintenance, software support, and data recovery companies whose continuing business is predicated on the obvious fact that hardware and software fail and lose or corrupt data. I believe that every voter should know that when they cast a vote it has been  counted accurately and not lost or corrupted by failures. (Innocent or otherwise).


OCTAVE Catalogue of good security practices

The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE (SM)) is an information security risk evaluation that is comprehensive, systematic, and context driven.
CERT has put its material online for free downloading at
This catalog (CMU/SEI-2001-TR-020 8 398K PDF) of good security practices is used with the self-directed information security risk evaluation
• to measure current organizational security practices
• to provide a basis for developing security improvement strategies and risk mitigation plans

Strategic Practices (SP) Security Awareness and Training, Strategy, Management, Policies and Regulations, Collaborative Management, Contingency Planning/ Disaster Recovery.

Operational Practices (OP) : Physical Security, Information Technology Security, Staff Security

2) Internet

Skype Launches Free Conference Calling

I posted this to in case other people involved in FP6 projects might like to try this to save expensive international calls for project co-ordination.
Stuart Henshall says:"I just connect a conference with Bay Area (2), France and India. Great call quality."
Free Beta download:


3) Software quality

Software bug contributed to US Aug-03 blackout

Seen on
Date: Wed, 11 Feb 2004 19:38:06 From: "Kevin L. Poulsen"
A previously-unknown software flaw in a widely-deployed General Electric energy management system contributed to the devastating scope of the 14 Aug 2003 northeastern U.S. blackout.
The bug in GE Energy's XA/21 system was discovered in an intensive code audit conducted by GE and a contractor in the weeks following the blackout, according to FirstEnergy Corp., the Ohio utility where investigators say the blackout began. "It had never evidenced itself until that day," said spokesman Ralph DiNicola. "This fault was so deeply embedded, it took them weeks of pouring through millions of lines of code and data to find it."


Worst run software project of 2003?

Seen at Peter Ladkin describes "a contract for a complex, highly-distributed system, of a sort which did not exist anywhere before, with a non-trusted, indeed partially non-trustworthy, user group numbering in the millions, that would cost of the order of a billion euros and about 450 technical-person-years to develop, which was to be in full revenue service inside a calendar year from development start date. And then apparently allowed the whole road-construction industry to become dependent on that anticipated revenue, as well as part of the railways."
This is a toll-collection system for heavy goods vehicles that use the German Autobahn network. It was planned to deliver 450,000 On Board Units (OBU) with GPS tracking by the in-service date of 31 August 2003.
April 2002: call for proposals; one of the two final bidders said the government's 12-month schedule was "unrealisable"
July 2002: EUR 600M contract awarded to Toll Collect, who proposed an eleven-month development schedule, with a four-month trial period during which the usual contractual penalties for non-performance would be waived.
Aug 2003: Deadline passes; five weeks later only 210,000 OBUs had been installed.
Feb 2003: Government declares it would cancel the contract with damages of around EUR 6,500 million.
Dec 2003: Consortium paying EUR 250K/day in fines increasing to EUR 500K/day in March 2004.

The consortium has offered to deliver a system with reduced functionality by 31 December, 2004, with full functionality implemented a year later. The government estimates foregone revenue at EUR 156M per month and lost revenue from the former "vignette" (sticker) system, which was taken out of service by 31 August 2003, amounts to EUR 30-38M/month. All new road projects and related public-works projects have been put on hold because of the revenue shortfall. Some estimate that up to a quarter of transport ministry projects may be cancelled in 2004, putting 70,000 jobs on the line.

Peter Ladkin concludes "The contract has remained secret, although there is nominally a requirement that it be public. Even the German parliament has not seen it. So few, if any, independent people with the capacity to evaluate them know what the system requirements were or how well they were met, or how close the technology is to meeting them. The contract is so remarkable that few tech-savvies believe that the consortium can have negotiated it in good faith. Some even have a hard time believing that the government negotiated it in good faith, although more are inclined to believe it just didn't know what it was doing."

German engineering loses luster, Mark Landler, International Herald Tribune, Feb 20th, 2004, 
Berlin kills contract to build satellite-based toll system, International Herald Tribune, Feb 18th, 2004, 
Joachim Budeck, Dr. Egbert Meyer, Ausgebremste Automatik, c't No. 21, 2002 (in German), available through 
Andreas Hagen, Zwischenspiel oder letzter Akt mit Toll Collect? (in German), Telepolis magazine, 25th Feb 2004,
Peter B. Ladkin, University of Bielefeld,


Computer Weekly's campaign against government incompetence

CW have submitted evidence to the National Audit Office (UK equivalent of the US GAO). See: 
Legislation is only way to stop central government IT disasters
How to stop government departments from flouting the basics of project management


4) Free Excel spreadsheet add-in tools

I've been looking at a few tools for spreadsheet review, auditing, testing, and managing them more easily. I'll start with some free ones this month and work my way up to the heavy-duty ones later. These are free either as limited versions or simply free user contributions. Their creators intentionally prefer to create specific focused tools rather than try to add too many features.


Codematic are offering a free cut-down ResearchWare version of their spreadsheet analyser. Partly to get feedback on features, but also, for a conference paper,  to collect reports from users of real examples of bad practice in spreadsheet use. It tests for a number of items such as Circular References, Cells Displaying A Number But Storing Text, Mixed Formulas And Values, Formulas Evaluating To An Error, Vlookups/Hlookups Expecting An Ordered List, Links To External Workbooks, Presence Of Very Hidden Sheets, Hidden Rows Or Columns, and much more including some metrics. It's a simple one-click analyser, it only reports the first error of each type it finds, but it's free.

Master Tool from

This is an add-in that can handle tedious tasks that normally require repeated Excel menu selections, manipulate buried Excel functionality and detect hidden Excel features. Tools are: Link and Dependency Tracer, Sheet Manager, Range Name Manager, Colour Structure. With one click you can on all sheets unhide sheets rows, and columns, unmerge all cells, remove panes, set zoom, colour code text, numbers, errors, and formula patterns. All Chris Gorham asks you to do in return is to read his CV.

Navigator Utilities from

Mark Robinson's add-in helps you to easily navigate through Sheets, Links, and Named Ranges, adds an Enhanced Find/Replace and breaks passwords to remove sheet protection and workbook structure protection.

Excel Utilities from

Rob Bovey's Excel Utilities add-in provides 25 routines for Excel development that simplify the maintenance of styles, formats, defined names, worksheets, and application settings,  and provide internal information on selections. For example, one feature can trim leading and trailing spaces from all cells in a selection - try doing that with Find & Replace!

Range Name curiosities

If you are puzzled by some of the curious Excel features that these tools can sniff out, here are some links that tell you more than you wanted to know about range names, their creation, scoping and visibility:

Beta testing auditors for ActiveData req by March 5th

This is an Excel add-in for accounting auditors, and it got an rare endorsement from Jim Kaplan of It provides data manipulation tools for the bread-and-butter testing that auditors and accountants normally do either by entering verification formulas, or running homegrown macros. Things like checking missing or duplicate cheque numbers, checking that codes for salespersons, products, and customers are valid, that digit frequency does not indicate falsification, and so on. Not entirely free - you have to spend a day or two of your valuable time to test every feature of this product. But if your time is that valuable, this will help you save some of it. To participate in the beta test which closes March 5 please proceed to: and follow the beta test links and instructions.




Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) On the lighter side

From Fred Langa's newsletter:

Programmer's Drinking Song

99 programming bugs in the code
99 programming bugs
Fix one bug, compile it again
Now there's 100 bugs in the code!
(Repeat until bugs=0)



Copyright 2004 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website 

    [Previous] [Index] [Next]