PraxIS Oct. 2007

07-10 Contents: eVoting, Phishing, Testing Conferences, Excel bug

ISSN 1649-2374 This issue online at   [Previous] [Index]  [Next]

Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success  


1) Risk & Security
     Nedap voting machines de-certified in The Netherlands
     Phishy education
2) Testing
     Holistic Test Analysis and Design
     Software & Systems Quality Conferences in London and Dublin
3) Spreadsheets
     65535 calculation bug in Excel 2007 cell display
4) Off Topic
     Mnemonics and pangrams
21 Web links in this newsletter
About this newsletter and Archives
Subscribe and Unsubscribe information


Welcome to PraxIS

Here's a question this month: what can we do with 50m euro cost of 7,500 unused voting machines, costing the taxpayer money in storage?

Patrick O'Beirne

_______________________________________________________ _______________________________________________________

1)  IT Risk

Nedap voting machines de-certified in The Netherlands

In a case brought by e-Voting activists, a judge has ruled that the approval for Nedap voting machines is null and void. This happened only a few days after a commission set up by the Dutch Government late last year concluded that none of the evoting systems in use there -- including the Nedap system -- were suitable for use in national elections. The Dutch government is now planning to create an electronic voting system based on printed paper ballots and counting machines.

"The ruling is yet another victory for the Dutch "we don't trust voting computers foundation", which in the past demonstrated that many Dutch e-voting machines could be easily intercepted from 20 to 30 metres away. "

Imagine. Ireland decided that three years ago as I reported in

Ireland Environment Minister John Gormley says 'I've always said that I'm in favour of electronic voting but we can only proceed if we're satisfied that it can work successfully - that the machines cannot be hacked into and there is a verifiable paper audit trail'


Anti-Phishing Phil

Anti-Phishing Phil is an interactive game that teaches users how to identify phishing URLs, where to look for cues in web browsers, and how to use search engines to find legitimate sites. CMU user studies have found that user education can help prevent people from falling for phishing attacks. However, it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves.


2) Quality

SoftTest Ireland half day seminar Sep 19, 2007

Neil Thompson, Thompson information Systems Consulting Ltd. (TiSCL)
Holistic Test Analysis and Design
(presentation prepared in collaboration with Mike Smith, Testing Solutions Group)

Neil began by asking us if we knew what test cases were; when we nodded, he then asked if we understood test conditions. That gave no result. In the lab world, test conditions comprise the assumptions and facts describing the environment, instrument and sample to be measured, eg temperature, relative humidity, power, frequency, etc. In software testing, Neil went on to describe them as 'resolving entities' that gave a normalised mapping from test basis to test case. His slide "Test Items, Features, Conditions, Cases… what do standards & textbooks tell us?" shows the different terms and meanings that have been used. Like all his slides, it was packed with content!

Neil went on to describe logical and physical coverage; 'logical' refers to requirements and functional specification, 'physical' to the technical design and module specifications. Multi-dimensional charts showed relations between levels of test (from component to system) and test techniques. His 'Holistic Method' integrates test items, testable features, test basis documents, and product risks. It allows hierarchies of test conditions, and integrates multiple techniques & scripted-exploratory mixtures. He offered the spreadsheet of this model to the attendees. He concluded with a chart of information traceability and an application of the Balanced Scorecard concept to test coverage.

Other links on this topic are:  Standard glossary of terms used in Software Testing UK SIGIST magazine "The Tester" has related articles.

Test Insourcing

Paul Shortt of Allied Irish Banks Corporate Banking Technology Solutions and Services (CBTSS) presented on the evolution of testing in AIB. Testers such as Rachel McLaughlin (who gave half the presentation) from Insight Test Services were brought in to a gradually developing test function. He described the daily activities of testers, the planning and formal issue resolution. The examples of a Quality Risk Analysis matrix were a simple answer to the difficulties Felix Redmill raised at the UK conference on October 2nd. He concluded with a list of benefits that included a reduction in the number of high profile incidents raised in the live system, and the increasing recognition by business customers that the 'best in class' approach of CBTSS should be extended to other groups.

Software & Systems Quality Conference London October 2007

I attended a number of sessions at the SQS conference in the QE II conference centre in London's historic Westminster area.

Theresa Lanowitz of voke (USA) gave the keynote on day 1, "Moving the Enterprise Forward Through Quality"

Her main point was that the Quality Assurance organization must transform itself to provide more strategic benefit throughout the lifecycle. She also covered:

Felix Redmill of Newcastle University presented an interactive talk on "Do We Really Know What Risk Based Testing Is?"
The word "risk" is used extensively in the context of software testing, but the great number of professional in testing employ inconsistent vocabulary. This talk presented many different risk concepts, including the classical Impact times Likelihood measure. He suggested that as it so hard to estimate the likelihood of risk, one may simply consider impact. He concluded that it is not enough to have a two-hour brainstorming session about risks at the start of a project. My own take on this is to use assessments of organizational maturity - as determined by the presence or absence of key indicators - as an estimate of how likely certain quality problems are to strike.

Bernard Homès of TESSCO presented on the "Hyperspace of Danger". He in effect did an informal capability maturity assessment of the audience by listing various software engineering techniques and asking how many present used them. Needless to say, very few did. His article can be read online at

The afternoon keynote "Trends in Software Testing Activities" was presented by Ian Parkes of Coleman Parkes Research. They did 250 13-minute interviews of IT project managers in the UK, Ireland and South Africa. In short, there is little difference in software testing practice since the last survey in 2001. Numbers that stuck were: 49% have no independent testing budget, 60% say ‘significant’ cost from poor testing; 48% use Excel as an automation tool.

Chris Ambler of Electronic Arts asked the simple question "What is Quality?" and proceeded to give very different analyses of it from the point of view of the games industry. The essential aspects to them, apart from cost, are

He applied these as metaphors to more conventional applications such as ATM software. As an aside, he mentioned that they used to pay for bug reports, but got ridiculous bugs reported, so now they only pay for bugs they fix. It looks to me like Bug Bounty Hunters are a cheap form of acceptance testing, but they better be minor bugs!


Software & Systems Quality Conference Dublin 5th March 2008

Call for Presentations for Ireland’s only Conference focussed on Software and Systems Quality.

SQC Ireland is organised and underwritten by SQS Ireland and held as an open conference for participation from all practitioners and suppliers in the testing and software quality management sector.

They are now looking for the best original case studies, research and solution presentations and tutorials that will share actual experience and knowledge of Testing and Quality Management projects for the 2008 conference.

In return, you will achieve visibility for your project and achievements at the conference as well as being a special free guest of the conference. Your submission should include a meaningful abstract of your presentation, a short biography of the speaker and full contact details. 



3) Spreadsheets

65535 Bug in Excel 2007 cell display

After all the discussion above of the importance of testing, thousands of web pages now describe Microsoft's embarrassing bug in Excel 2007. Certain floating point operations (eg 850 by 77.1) that result in 65535 display 100000 in the cell. I don't know how they arrive at that; for interest, 65536 in decimal is 10000000000000000 in binary, 200000 in octal, and 10000 in hex. Many discussions confuse it with the normal inaccuracy of floating point arithmetic. It is a rendering bug; the underlying value is 65535. However, displays and printouts will look wrong, and calculations that use the text value (eg the TEXT() and ROUND() functions) of the cell will propagate the incorrect value. David Gainer's blog acknowledges the issue:
states that the error occurs with exactly 12 floating point values, 6 near 65535 and 6 near 65536.

An article by a Mathematica developer explains how difficult speed optimisation can be:

'It's not easy to get reliable numerical computation, and it's not something one can "bolt on" after the fact. It's something one has to build in from the beginning, as we've done in Mathematica for nearly 20 years.'

Eight of the Worst Spreadsheet Blunders

Spreadsheet typos and oversights can wind up costing your company millions. Here's a look at eight big mistakes, and tips on how to prevent them from happening at your company.

One of the comments to that article is: "Pranita Tue, 2007-08-21 17:36 Spreadsheets are ignored for testing even if they are designed and developed like other applications." Indeed. At SQC London I asked a speaker whether the integrated quality management suite that they were so proud of (for requirements management, test management, change control, defect tracking) was applied to spreadsheets. He had difficulty understanding the question and when I gave the example of an option pricing model he said that he couldn't speak for what the managers were doing, or words to that effect.


Spreadsheet Check and Control: 47 best practices to detect and prevent errors Available worldwide from Amazon.  Our offer - free shipping to EU .




Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM

Thank you! Patrick O'Beirne, Editor

_______________________________________________________ _______________________________________________________

4) Off Topic

EU27 mnemonic

Correspondent Sean Murphy reminds me of an old question I had for a mnemonic for the names of the EU countries. It's more difficult now there are 27 since Romania and Bulgaria joined in January 2007. Has anyone else got ideas?


Sentences with all 26 letters of the alphabet:  includes my old favourite "Cwm, fjord-bank glyphs vext quiz"



Copyright (c) Systems Modelling Limited, . Reproduction allowed provided the newsletter is copied in its entirety and with this copyright notice.

We appreciate any feedback or suggestions for improvement. If you have received this newsletter from anybody else, we urge you to sign up for your personal copy by sending a blank email to   EuroIS-subscribe (at) yahoogroups (dot) com

For those who would like to do more than receive the monthly newsletter, the EuroIS list makes it easy for you to discuss issues raised, to share experiences with the rest of the group, and to contribute files to a common user community pool independent of the web site. I moderate posts to the EuroIS list, to screen out inappropriate material.

Patrick O'Beirne, Editor
"Praxis" means model or example, from the Greek verb "to do". The name is chosen to reflect our focus on practical solutions to IS problems, avoiding hype. If you like acronyms, think of it as "Patrick's reports and analysis across Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to from your web site!
To read previous issues of this newsletter please visit our web site at

This newsletter is prepared in good faith and the information has been taken from observation and other sources believed to be reliable. Systems Modelling Ltd. (SML) does not represent expressly or by implication the accuracy, truthfulness or reliability of any information provided. It is a condition of use that users accept that SML has no liability for any errors, inaccuracies or omissions. The information is not intended to constitute legal or professional advice. You should consult a professional at Systems Modelling Ltd. directly for advice that is specifically tailored to your particular circumstances.
We guarantee not to sell, trade or give your e-mail address to anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers a moderated discussion list for readers and a free shared storage area for user-contributed files. The archives of this group are on YahooGroups website