07-10 Contents: eVoting, Phishing, Testing Conferences, Excel bug
ISSN 1649-2374 This issue online at http://www.sysmod.com/praxis/prax0710.htm [Previous] [Index] [Next]
| Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success | |
IN THIS ISSUE |
|
| 1) Risk & Security Nedap voting machines de-certified in The Netherlands Phishy education |
|
| 2) Testing Holistic Test Analysis and Design Software & Systems Quality Conferences in London and Dublin |
|
| 3) Spreadsheets 65535 calculation bug in Excel 2007 cell display |
|
| 4) Off Topic Mnemonics and pangrams |
|
| 21 Web links in this newsletter |
|
| About this newsletter and Archives Disclaimer Subscribe and Unsubscribe information |
_______________________________________________________
Here's a question this month: what can we do with 50m euro cost of 7,500 unused voting machines, costing the taxpayer money in storage?
Patrick O'Beirne
_______________________________________________________ _______________________________________________________
http://lists.stdlib.net/pipermail/e-voting/2007-October/006282.html
In a case brought by e-Voting activists, a judge has ruled that the approval for Nedap voting machines is null and void. This happened only a few days after a commission set up by the Dutch Government late last year concluded that none of the evoting systems in use there -- including the Nedap system -- were suitable for use in national elections. The Dutch government is now planning to create an electronic voting system based on printed paper ballots and counting machines.
http://www.theregister.co.uk/2007/10/01/dutch_pull_plug_on_evoting/
"The ruling is yet another victory for the Dutch "we don't trust voting computers foundation", which in the past demonstrated that many Dutch e-voting machines could be easily intercepted from 20 to 30 metres away. "
Imagine. Ireland decided that three years ago as I reported in http://www.sysmod.com/praxis/prax0405.htm
Ireland Environment Minister John Gormley says 'I've always said that I'm in favour of electronic voting but we can only proceed if we're satisfied that it can work successfully - that the machines cannot be hacked into and there is a verifiable paper audit trail'
http://cups.
Anti-Phishing Phil is an interactive game that teaches users how to identify phishing URLs, where to look for cues in web browsers, and how to use search engines to find legitimate sites. CMU user studies have found that user education can help prevent people from falling for phishing attacks. However, it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves.
____________________________________________________________
____________________________________________________________
Neil Thompson, Thompson information Systems Consulting Ltd. (TiSCL)
Holistic Test Analysis and Design
(presentation prepared in collaboration with Mike Smith, Testing Solutions
Group)
Neil began by asking us if we knew what test cases were; when we nodded, he then asked if we understood test conditions. That gave no result. In the lab world, test conditions comprise the assumptions and facts describing the environment, instrument and sample to be measured, eg temperature, relative humidity, power, frequency, etc. In software testing, Neil went on to describe them as 'resolving entities' that gave a normalised mapping from test basis to test case. His slide "Test Items, Features, Conditions, Cases… what do standards & textbooks tell us?" shows the different terms and meanings that have been used. Like all his slides, it was packed with content!
Neil went on to describe logical and physical coverage; 'logical' refers to requirements and functional specification, 'physical' to the technical design and module specifications. Multi-dimensional charts showed relations between levels of test (from component to system) and test techniques. His 'Holistic Method' integrates test items, testable features, test basis documents, and product risks. It allows hierarchies of test conditions, and integrates multiple techniques & scripted-exploratory mixtures. He offered the spreadsheet of this model to the attendees. He concluded with a chart of information traceability and an application of the Balanced Scorecard concept to test coverage.
Other links on this topic are:
www.istqb.org/downloads/glossary-1.1.pdf Standard glossary of terms used in Software Testing
www.sigist.org.uk UK SIGIST magazine "The Tester" has related articles.
Paul Shortt of Allied Irish Banks Corporate Banking Technology Solutions and Services (CBTSS) presented on the evolution of testing in AIB. Testers such as Rachel McLaughlin (who gave half the presentation) from Insight Test Services were brought in to a gradually developing test function. He described the daily activities of testers, the planning and formal issue resolution. The examples of a Quality Risk Analysis matrix were a simple answer to the difficulties Felix Redmill raised at the UK conference on October 2nd. He concluded with a list of benefits that included a reduction in the number of high profile incidents raised in the live system, and the increasing recognition by business customers that the 'best in class' approach of CBTSS should be extended to other groups.
http://www.sqs-conferences.com/uk/index.htm
I attended a number of sessions at the SQS conference in the QE II conference centre in London's historic Westminster area.
Theresa Lanowitz of voke (USA) gave the keynote on day 1, "Moving the
Enterprise Forward Through Quality"
Her main point was that the Quality Assurance organization must transform itself
to provide more strategic benefit throughout the lifecycle. She also covered:
Felix Redmill of
Newcastle University presented an interactive talk on "Do We Really Know What Risk
Based Testing Is?"
The word "risk" is used extensively in the context of software testing, but the
great number of professional in testing employ inconsistent vocabulary. This
talk presented many different risk concepts, including the classical Impact
times Likelihood measure. He suggested that as it so hard to estimate the
likelihood of risk, one may simply consider impact. He concluded that it is not
enough to have a two-hour brainstorming session about risks at the start of a
project. My own take on this is to use assessments of organizational maturity -
as determined by the presence or absence of key indicators - as an estimate of
how likely certain quality problems are to strike.
Bernard Homès of TESSCO presented on the "Hyperspace of Danger". He in effect did an informal capability maturity assessment of the audience by listing various software engineering techniques and asking how many present used them. Needless to say, very few did. His article can be read online at
http://www.stickyminds.com/sitewide.asp?ObjectId=8644&Function=DETAILBROWSE&ObjectType=ART
The afternoon keynote "Trends in Software Testing Activities" was presented by Ian Parkes of Coleman Parkes Research. They did 250 13-minute interviews of IT project managers in the UK, Ireland and South Africa. In short, there is little difference in software testing practice since the last survey in 2001. Numbers that stuck were: 49% have no independent testing budget, 60% say ‘significant’ cost from poor testing; 48% use Excel as an automation tool.
Chris Ambler of Electronic Arts asked the simple question "What is Quality?" and proceeded to give very different analyses of it from the point of view of the games industry. The essential aspects to them, apart from cost, are
He applied these as metaphors to more conventional applications such as ATM software. As an aside, he mentioned that they used to pay for bug reports, but got ridiculous bugs reported, so now they only pay for bugs they fix. It looks to me like Bug Bounty Hunters are a cheap form of acceptance testing, but they better be minor bugs!
http://www.sqs-conferences.com/ire/index.htm
Call for Presentations for Ireland’s only Conference focussed on Software and Systems Quality.
SQC Ireland is organised and underwritten by SQS Ireland and held as an open conference for participation from all practitioners and suppliers in the testing and software quality management sector.
They are now looking for the best original case studies, research and solution presentations and tutorials that will share actual experience and knowledge of Testing and Quality Management projects for the 2008 conference.
In return, you will achieve visibility for your project and achievements at the conference as well as being a special free guest of the conference. Your submission should include a meaningful abstract of your presentation, a short biography of the speaker and full contact details.
____________________________________________________________
____________________________________________________________
After all the discussion above of the importance of testing, thousands of web pages now describe Microsoft's embarrassing bug in Excel 2007. Certain floating point operations (eg 850 by 77.1) that result in 65535 display 100000 in the cell. I don't know how they arrive at that; for interest, 65536 in decimal is 10000000000000000 in binary, 200000 in octal, and 10000 in hex. Many discussions confuse it with the normal inaccuracy of floating point arithmetic. It is a rendering bug; the underlying value is 65535. However, displays and printouts will look wrong, and calculations that use the text value (eg the TEXT() and ROUND() functions) of the cell will propagate the incorrect value. David Gainer's blog acknowledges the issue:
http://blogs.msdn.com/excel/archive/2007/09/25/calculation-issue-update.aspx
states that the error occurs with exactly 12 floating point values, 6 near 65535
and 6 near 65536.
An article by a Mathematica developer explains how difficult speed optimisation can be:
http://blog.wolfram.com/2007/09/arithmetic_is_hardto_get_right.html
'It's not easy to get reliable numerical computation, and it's not something one can "bolt on" after the fact. It's something one has to build in from the beginning, as we've done in Mathematica for nearly 20 years.'
Spreadsheet typos and oversights can wind up costing your company millions. Here's a look at eight big mistakes, and tips on how to prevent them from happening at your company.
http://www.cio.com/article/131500?source=nlt_cioinsider
One of the comments to that article is: "Pranita Tue, 2007-08-21 17:36 Spreadsheets are ignored for testing even if they are designed and developed like other applications." Indeed. At SQC London I asked a speaker whether the integrated quality management suite that they were so proud of (for requirements management, test management, change control, defect tracking) was applied to spreadsheets. He had difficulty understanding the question and when I gave the example of an option pricing model he said that he couldn't speak for what the managers were doing, or words to that effect.
http://www.sysmod.com/az.php?a=190540400X&b=Spreadsheet+Check+Control Available worldwide from Amazon.
http://sysmod.buy.ie/catalog/product_info.php?products_id=188 Our offer - free shipping to EU .
_______________________________________________________
_______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
Correspondent Sean Murphy reminds me of an old question I had for a mnemonic for the names of the EU countries. It's more difficult now there are 27 since Romania and Bulgaria joined in January 2007. Has anyone else got ideas?
Sentences with all 26 letters of the alphabet:
http://www.funtrivia.com/askft/Question21437.html includes my old favourite "Cwm, fjord-bank glyphs vext quiz"
http://www.rinkworks.com/words/pangrams.shtml
_______________________________________________________
_______________________________________________________
Copyright (c) Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I moderate posts to the EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://finance.groups.yahoo.com/group/EuroIS/
_______________________________________________________