04-05 Contents: Sasser worm, Complex IT projects, eVoting, EU enlargement, Spreadsheet Testing
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0405.htm [Previous] [Index] [Next]
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success
1) Risk management
Sasser worm - critical Windows patch needed!
The Challenges of Complex IT Projects (BCS paper)
2) Electronic Voting
Commission on E-Voting report: "unable to recommend"
3) EU Enlargement
Celebrations, and a challenge for readers
Euro Conversion Calculator updated for new EU member currencies
4) Spreadsheet Testing
Typo costs University $2.4M
"Testing Spreadsheets" presentation available for download
Review of XLSior, Excel testing and auto-documenting add-in
5) On the lighter side
Annals of Improbable Research
James Joyce - Bloomsday centenary
21 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information
Try the Euro acronym challenge this month!
All you have to do to get infected is to be online and unpatched. I am highlighting this because unlike the now very common email viruses, this is like Blaster, a worm that enters PCs running Windows without the critical update of 13 April. Microsoft issued an alert on 23 April :
"Customers who are still evaluating and testing MS04-011 should immediately implement the workaround steps detailed for the PCT/SSL vulnerability detailed in the MS04-011. In addition, Microsoft has published a knowledge base article KB187498 at http://support.microsoft.com/default.aspx?scid=kb;en-us;187498 which provides additional details on SSL and how to disable PCT without applying MS04-011."
Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows
Issued: April 13, 2004 Updated: April 28, 2004 Version: 1.2
Summary Who should read this document: Customers who use Microsoft® Windows®
Impact of vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately.
The news today is showing increasing coverage of the Sasser worm that exploits the vulnerability:
1. Disconnect your computer from the Internet.
2. Press the keys "Ctrl" "Alt" and "Del" at the same time. That should launch Windows Task Manager. Click on the "Processes" tab. Look for a file called "aserve.exe" or "*_up.exe". If one of these files appears, highlight it and click on the "End Process" button. Click "yes" when it asks for confirmation.
3. Find and delete the worm: Click on the "Start" button in the bottom-left corner of your screen, then choose "Search". Search your entire computer (in the field next to the "all files and folders" option) for the following files: "avserve.exe", and "*_up.exe". Delete any matching files.
http://news.bbc.co.uk/2/hi/technology/3678725.stm BBC coverage
www.cev.ie, report (165K PDF)
"The Commission accordingly concludes that, having regard to the issues of secrecy, accuracy and
testing as set out in its terms of reference, it is unable to recommend the use of the proposed system
at the local and European elections and, by extension, at the referendum due to be held on 11 June."
They highlighted the insufficient testing: "there is not sufficient time before the June elections for full testing of the final version of the software which would be essential before the software could be run in these elections;"
They even discovered an error: "certain of the tests performed at the request of the Commission identified an error in the count software which could lead to incorrect distributions of surpluses; there is a possibility that further testing will uncover further software errors;"
They made short work of the so-called "secure" system: "experts retained by the Commission found it very easy to bypass electronic security measures and gain complete control of the 'hardened' PC".
I have to confess I was a cynic and believed the Commission could only report that in the time they had, they could find no problems, and that Minister Cullen could use that to press ahead. It is heartening to see a resounding endorsement of good practice. (See the BCS paper, above)
The report mirrors every point made by Joe McCarthy (see
www.iol.ie/~aecolley/icte/Joe-CEV.doc). His hard work and
persistence, and willingness to spend his own money on Freedom of Information
Act (FOI) requests to force disclosures of documents from the Dept. of the
Environment, is an example of investigative analysis.
Irish Examiner: www.irishexaminer.com
See also the previous four issues of PraxIS (www.sysmod.com/praxis/)
Here's a challenge for you: can you think of an acronym to help people remember the names of the ten new members? You already know the "Baffling Pigs and Duks" acronym for the present EU-15? (The 12 Euro countries: Belgium, Austria, Finland, France, Luxembourg, Ireland, Netherlands, Germany, Portugal, Italy, Greece, Spain, and the three non-euro: Denmark, UK, Sweden)
Here's one I came up with, using the second letter of the ISO abbreviations of the countries: Phlimzy Kev. OK, you do better.
Pl: Poland Hu: Hungary Lt: Lithuania sI: Slovenia Mt: Malta cZ: Czech rep. cY: Cyprus sK: Slovakia Ee: Estonia lV: Latvia
www.eu2004.ie Irish EU Presidency website
http://www.sysmod.com/eurocalc/eurocalc.php euro calculator
I have now updated the online calculator to show the currencies of the new members, and the exchange rates for the other world currencies. It is updated every day from the European Central Bank rates. I am pleased to say it has been syndicated to the European information portal EUBusiness.com (www.eubusiness.com/Currency-converter)
If you would like to feature this on your web site, just email me telling me the page you want it on and I'll explain to your web maintainer how to do it. In return, I ask that you retain my advertisement display and links to my site.
That story joins more than thirty spreadsheet problems at http://www.eusprig.org/stories.htm
From the BCS report above, a quote on professionalism: "Everybody is taught some software writing skills – they are not taught the responsibility that goes with it" (K. Longmore)
www.SoftTest.ie/20040426.htm My presentation to SoftTest Ireland, April 26.
The risks in business dependence on spreadsheets developed by overconfident "near experts" are confirmed by research and news stories on spreadsheet errors. This paper presents dynamic and static methods of testing spreadsheets, and describes good design practice to build in protection, validation, usability. Context-driven risk assessment helps prioritise the resources to maximise the returns from the effort expended. I describe auditing tools to assess the quality of existing spreadsheet assets and provide tips for managing the spreadsheet development process.
From the help file: "XLSior makes it easy to build better Excel spreadsheets by supporting the use of automatic testing, systematic development and organisation-wide standards and processes. It includes tools for: Automatic testing Automatic documentation Controlling development versions and releases Handling protected and hidden worksheets Automatic importing of values from other workbooks".
It supports Excel 2000 and later. 30-day evaluation licenses are free. The single user license is £249 which includes basic technical support by email for 90 days, and all upgrades until the next major version.
In summary, this is a unique tool that simplifies the most bothersome part of spreadsheet development, the job people hate to do, but the job they should do almost more importantly than anything else – testing.
XLSior uses an attractive choice of plum and yellow colours to indicate the function and contents of cells in the worksheets it uses. It can add any or all of these worksheets to your workbooks: List of cell comments in the workbook, inserted and updated by the AutoDocument > List cell Comments command. List of external links in the workbook, inserted and updated by the AutoDocument > List external Links command. List of sheets in the workbook, inserted and updated by the AutoDocument > List Names command. List of sheets in the workbook, inserted and updated by the AutoDocument > List Sheets command. (It takes the sheet title from cell A1 in each sheet.) Sheets of import definitions. Sheets of test definitions. Results of the last set of tests run by the Tests > Run Tests command. A record of all the versions and releases that have been made from the workbook.
You can specify a standard page footer when you print containing the full filename (including path) and sheet name on the left and date, time and page number on the right. This is a useful audit trail, and is mandated in regulated environments.
You can choose to update existing AutoDocumentation sheets, or to run the tests in the workbook, whenever a workbook is opened or a workbook, version, or release is saved. You can also add a distinctively formatted box near the top of the sheet to hold comments about the sheet.
Figure 1: XLSior screen shot showing test cases
This for me is the highlight of XLsior, reminiscent of JUnit for Java unit testing. The traditional problem with spreadsheet testing is that it is manual, repetitive, and boring, and therefore very likely to be skipped under schedule pressure. This is of course a false economy of time as it often leads to embarrassing releases that have to be re-issued and in some cases more time wasted on data recovery. XLSior allows you to define a set of tests for each workbook and run them automatically. Testing thus becomes a pain free exercise, meaning that it is more likely to happen.
The basic idea of testing is to perform controlled execution of the workbook, and to check that it behaves as expected. The test data consist of substitutions that are to made on the spreadsheet: which cells should be set to which values. When a test is run, the test data is substituted, then the workbook is recalculated and the test conditions are evaluated. Finally, all cells affected by the substitution of test data are set back to their original values or formulae and the workbook is recalculated again.
After testing, the calculations in the main workbook are unchanged. The results of running the tests are recorded on sheet X~TestResults, which summarises all the tests, and on the individual sheets on which they were defined.
Dealing with worksheets can be fiddly and time consuming in Excel. Protecting, hiding, and reordering can be performed only one sheet at a time, requiring you to go through a series of menu selections and dialogs for each. Like the tools mentioned in PraxIS March 2004, XLSior provides menu items to operate on groups of sheets.
XLSior provides protected sheets where you can specify ranges from other workbooks to be imported onto each import sheet.
Usually, you have to diligently keep and track multiple copies of your workbook as you develop new versions. Although Excel provides a way of tracking changes, and undoing them if necessary, this only works on shared workbooks; and you can only make limited changes to these workbooks. XLSior provides you with mechanisms for keeping backup versions of workbooks, snapshots that enable you to return to earlier copies, and for differentiating these from releases, copies that can be used in earnest by users. It also records these in a change log, which again is a mandated requirement in regulated organisations. The Save Version / Release command saves a copy of the current workbook using a special name, effectively taking a snapshot of the current state. Whenever you save a version or release copy using XLSior, a record is kept in the original workbook of the name of the copy that was saved, when it was saved and who saved it. You can also add a comment describing the purpose of the copy or what changes it includes.
Figure 2 :XLSior screen shot showing saved versions
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!
Thank you! Patrick O'Beirne, Editor
www.improbable.com The journal sponsors the annual IgNobel Prizes This year, AIR started an AIRHead blog ( http://improbable.typepad.com ) with a new improbable entry every day. Scientific, slightly nerdy, sometimes silly, sometimes guffaw-inducing satire.
This is of personal interest as my wife Megan is preparing photographic exhibitions in Dublin and Trieste on sites where Joyce lived, worked, and died. If you relish "the inner organs of beasts and fowls” on June 13, check out www.MeganOBeirne.com/joyce-2004.htm
www.rejoycedublin2004.com/ The official Bloomsday 100 site.
Copyright 2004 Systems Modelling Limited,
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the sysmod.com web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
To read previous issues of this newsletter please visit our web site at http://www.sysmod.com/praxis.htm
This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website http://groups.yahoo.com/group/EuroIS/
[Previous] [Index] [Next]