PraxIS January 2006

06-01 Contents: WMF insecurity, Chance news, Action Item, Google's Starter Pack, Eiro, Spreadsheet updates

ISSN 1649-2374 This issue online at   [Previous] [Index] [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
     Windows WMF Vulnerability - update available
     Spam Attacked
     'Rootkit' uprooted
2) Things noticed
     Chance would be a fine thing
     Action Items
     Google's Software Starter pack for consumers
3) Euro
     Eypo, evro, eiro, ewro ...
4) Spreadsheets
     ScanXLS updates due this month
     Training courses booking for Feb 2006
     Updates and suggestions for Spreadsheet Check+Control book
5) Off Topic
     Silly ideas and images
17 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

I'm keen to hear from readers of my Spreadsheet Check+Control book on the kind of material they would like to see on the readers' support site.

Best wishes for a successful 2006,

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk and Security

Windows WMF Vulnerability - update available MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

WMF = Windows Meta File which is a type of image using Microsoft's own technology and specifications. They are not commonly used on web sites or emails because they are Windows specific. However all Office users will have used WMF files because they are the format used for Microsoft Office Clipart. Woody's Office Watch comments :

"Hackers have found a way to make a program run on your computer simply by viewing a WMF file. Once there's a way to run code on your computer from a remote site there's an opportunity to infiltrate your computer with viruses or privacy breaching programs.  Often these exploits are only theoretical, someone finds the problem and tells the anti-virus companies plus Microsoft who then act with varying degrees of efficiency to guard against the potential threat. In many cases these problems are never used by baddies or 'in the wild' as it's called in the industry. The WMF exploit is different, it is out there and being used. That's why companies like Symantec have rated this as high risk."

Spam Attacked Spammer successfully sued in the UK.

Chartered engineer Nigel Roberts became the first person to win a court judgment for 300 over a UK company's breach of the UK's anti-spam law late last year. His success received widespread media coverage and now he's encouraging others to do the same. Roberts has shared with OUT-LAW all correspondence between himself and Media Logistics, the company's solicitors and the court documents. He plans to make the necessary lawsuit tools publicly available from his own Spam Legal Action website.

'Rootkit' uprooted The risks of concealing from consumers what your software does.

Sony BMG looks set to settle a class action lawsuit filed over its release of music CDs that, when played on PCs, installed damaging copy-control software. A deal awaiting court approval offers compensation of $7.50 and free music to each claimant.  


2) Things noticed

Chance would be a fine thing

Chance News is a monthly publication that reports on interesting - for good and bad reasons - uses of statistical method in the media. The current issue begins with the grey line between gambling and investment in poker and online games. It then reports from The Guardian newspaper, of December 28, 2005, that a team of statisticians headed by Dr. Alvai Winkler, formerly of Middlesex University, "assumes that much of success lies in the title" of a bestselling book. "Comparing these with a control group of less successful novels by the same authors, they found that the winning books had three common features; they had metaphorical, or figurative titles instead of literal ones; the first word was a pronoun, a verb, an adjective or a greeting; and their grammar patterns took the form either of a possessive case with a noun, or of an adjective and noun or of the words The ... of ...". For example, "The Da Vinci Code"

A variation on "the dog ate my homework" is "the termites ate my research", offered by Ram Singh in India for being unable to produce data backing up his assertion in the British Medical Journal that eating vegetables is good for you. with Death  Stephen Senn's Dicing with Death [Cambridge University Press, 2003] is an amusing, iconoclastic book about statistics, managing to combine humour and deep insight. His analysis indicates that the public fails to appreciate--due in good part to trial lawyers who stand to make a fortune on litigation-- that problems attributed to a treatment such as a vaccine or a breast implant require comparisons with those who are not treated.

Action Items

TechRepublic has a download of '10 things you can do to turn useless meetings into productive ones. We've all had to sit through meetings that were nothing but a waste of our time. Here are some tactics you can use to salvage something productive from the ones that drag on forever or go completely off the rails.' It includes the inevitable 'Take action items'. which is my cue for mentioning the Action Item Man cartoon: the Adventures of Action Item. by Meeting The Death by Meeting: A Leadership Fable... About Solving the Most Painful Problem in Business. Patrick Lencioni's book is in large part about boring meetings with lessons about meetings throughout the story, revealed by the characters' experiences. That is followed by about 40 pages of straightforward, expository prose about how to have more effective, engaging meetings.

Google's Software Starter pack for consumers (AP) Google Introduces Software Starter Kit Bundles range of goodies that form basis for Windows-less PC. The "Google Pack" software bundle will include third-party apps such as the Firefox browser, Adobe Reader, Norton AntiVirus, RealNetworks's media player, Cerulean Studios' Trillian instant messaging program, and six of Google's own programs, including Desktop Search and the Picasa image management tool. Notably missing are word processing and spreadsheet programs, though Google pledged in October to work with Sun Microsystems to promote an open-source version of those applications.,1217,a=168687,00.asp 'a move to embed the Google brand on desktops.'

In which case they might improve Google Desktop Search (GDS) to include text files other than .TXT files - such as Eudora .MBX files. I still use the free Wilbur from, although the Windows 2GB limit on index files is beginning to limit how much I can index. I used to be able to index numbers and words, now it's just words.

eCard gripes

Last month I used a service to send eCards for Christmas to support the Red Cross. The first time, the links in the received mail did not work, they were missing the card identifier. I reported it, got no reply, but they must have fixed it because the second time it worked. Except that now, some test recipient addresses did not receive a copy. They asked for addresses to be input in the form First Name, comma, email address. For some I just entered the email address. The system did not report any problem with that, but simply silently dropped or ignored that address. You'd think people would test these systems before putting them into use. I just hope that at least the Red Cross didn't have to pay for the service. Not to say that something can be lower quality if it's provided pro-bono.


3) Europe

Eypo, evro, eiro, ewro ...

You may have noticed that under the word 'euro' on our banknotes is what looks like 'eypo' : it is actually ΕΥΡΩ (ευρώ), in Greek, pronounced 'evro'. Europa is the name of a Greek goddess (Ευρώπη), so they were allowed a special version while the rest of Europe adopted the convention of 'euro'. In the November 2004 PraxIS, I mentioned that Latvia wanted to hold on to their 'eiro' spelling. reports that they have since confirmed this intention: 'Citing national pride, history and linguistics, Latvia's government on Tue Jan 3, 2006,  voted to call the single European currency the "eiro", brushing off appeals from the European Central Bank to stick to the official "euro" name. ... Malta announced last month that it will spell the currency's name with a "w" -- ewro (the same as the Welsh). Latvia plans to replace the national currency, the lat, with the eiro -- pronounced more or less "aero" -- in January 2008.'

For more philological research, see Michael Everson's article: The name of the euro in European languages

By the way, the abbreviation EIRO also stands for the European Industrial Relations Observatory


4) Spreadsheets

ScanXLS updates due this month

I have had a number of requests from users to add more features to ScanXLS. That is my spreadsheet tool to collect an inventory of spreadsheets in a network and produce statistics on their size, potential errors, and complexity. It shall include

The update shall be available at no cost to those who bought since Aug 1, 2005. Those who bought before that date can upgrade for only 30 euro. More information later this month at: Utility to scan directories for spreadsheets, assess size and quality.

Training course in spreadsheet auditing methodology  now taking bookings for:
Dublin (city centre) Thursday 16 February 2006
London (city centre), Thursday 23 February 2006

The intended audience is anyone who builds or reviews spreadsheet models, such as managers, accountants, actuaries, financial modellers, or IT analysts in enterprise IT audits. You need to have an intermediate or advanced knowledge of Excel. You should leave the seminar with the confidence to use the tools and methods shown to risk-assess and test spreadsheets in your organisation.

Where to start and what are the most efficient techniques to use
How you can cut down a huge system of spreadsheets to a manageable audit task
The symptoms that indicate potential or actual problems
How a company can create an inventory of its critical spreadsheets, assess them for risk, and prioritize scarce resources
How the top spreadsheet auditing software tools compare, including little-used secrets of Excel's auditing features
Includes a copy of "Spreadsheet Check and Control", my new book of 47 professional checking techniques
Reinforce your learning with an optional hour of hands-on practice using demonstration versions of auditing software

Spreadsheet Check and Control book reader updates

I shall be adding more material to the reader support web page (access requires a username and password provided in the book), If you have improvement suggestions, please let me know so I can make this a better resource.

May I ask purchasers to add a review to the Amazon web site in your country? The UK, Germany, France and Canada especially.

The book got a mention at Ivars Peterson's Math Trek: The Risky Business of Spreadsheet Errors, Science News ... Faulty spreadsheets and poor software practices can put businesses at risk.



Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

5) Off Topic Drawing interface for Flickr Retrievr is a web-based tool that searches a database of Flickr ( images based on a rough sketch. The search tool relies on wavelet transformations of images and a statistical regression model, called the logit model. I tried it but can only conclude that either my drawing skills are nonexistent, or they have a very limited set of images to illustrate what one draws.  Silly Patents - the humour of invention.


Copyright 2006 Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com - it's free!

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I will be moderating posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website