04-03 Contents: eVoting, Good Security Practices, Skype confcalls, Blackout bug, IT project disasters, Excel freeware, audit tools
This issue online at http://www.sysmod.com/praxis/prax0403.htm [Previous] [Index] [Next]
Systems Modelling Ltd.: Managing reality in Information Systems - strategies for success
1) Risk management
Irish Computer Society favours e-Voting review
OCTAVE Catalogue of good security practices
2) Internet and e-business
Skype Launches Free Conference Calling
3) Software Quality
Software bug contributed to US Aug-03 blackout
Worst run software project of 2003?
Computer Weekly's campaign against government incompetence
4) Excel add-ins freeware
XLAnalyst, Master Tool, Navigator Utilities, Excel Utilities
Range Name curiosities
Beta testing auditors for ActiveData by March 5th
5) On the lighter side
Programmer's Drinking Song
26 Web links in this newsletter
About this newsletter and Archives
Disclaimer
Subscribe and Unsubscribe information
_______________________________________________________
What do you find interesting in these newsletters? What would you like me to write more about? I'm always ready to hear from you!
Patrick O'Beirne
_______________________________________________________
_______________________________________________________
However, the government is not changing its mind on the key Voter-verified audit trail (VVAT) called for by IT critics.
Silicon Republic reports the Taoiseach (Prime Minister) Bertie Ahern as saying "“Printers are unreliable in a high volume situation and that is the reason they are not used. The ballot papers printed at the time of voting and used in a manual count might not give the same precise results as the electronic voting system." That is because of the sampling system used in manual counts. But shouldn't we have legislated for a deterministic and predictable outcome for electronic counting?
http://evoting.cs.may.ie/ Irish Citizens for Trustworthy E-voting (ICTE) spokesperson Margaret McGaley said that "while it would soon be obvious if a printer had broken down, if the e-voting machines made a mistake there would be no way of knowing."
www.electronicvoting.ie is the official government site.
The Department of the Environment have
published the terms of the review commission but the navigation menu from the
home page does not work for me, so here is the direct link:
http://www.environ.ie/DOEI/DOEIPub.nsf/6fb57b90102ce64c80256d12003a7a0d/cb1dd07409c9f66980256e450032b2ab?OpenDocument
It states: "The Government has confirmed today (24th February) that the national roll out of electronic voting in the June European and Local elections would continue as planned. " Terms of reference: "The Commission will prepare a number of reports for presentation to the Chairman of the Dáil on the secrecy and accuracy of the Powervote/NEDAP system." The Minister said "As a democrat, I believe that every voter should know that if they cast a vote it will be counted accurately and not ruled out because of an innocent mistake."
There is the sticking point and the difference between the Government and its critics. The Government appears to be believe that a test and review is sufficient to guarantee that every voting machine has no operational failure mode undetected by the test but discoverable in use; and that from that point onwards the machines will work flawlessly on every occasion. Perhaps implicitly they believe that if a fault occurs, it will be obvious. Those of us experienced in IT know the contrary reality. There are many hardware maintenance, software support, and data recovery companies whose continuing business is predicated on the obvious fact that hardware and software fail and lose or corrupt data. I believe that every voter should know that when they cast a vote it has been counted accurately and not lost or corrupted by failures. (Innocent or otherwise).
_______________________________________________________
Strategic Practices (SP) Security Awareness and Training, Strategy, Management, Policies and Regulations, Collaborative Management, Contingency Planning/ Disaster Recovery.
Operational Practices (OP) :
Physical Security, Information Technology Security, Staff Security
____________________________________________________________
____________________________________________________________
____________________________________________________________
Seen at
http://catless.ncl.ac.uk/Risks/23.21.html. Peter Ladkin describes "a
contract for a complex, highly-distributed system, of a sort which did not exist
anywhere before, with a non-trusted, indeed partially non-trustworthy, user
group numbering in the millions, that would cost of the order of a billion euros
and about 450 technical-person-years to develop, which was to be in full revenue
service inside a calendar year from development start date. And then apparently
allowed the whole road-construction industry to become dependent on that
anticipated revenue, as well as part of the railways."
This is a toll-collection system for heavy goods vehicles that
use the German Autobahn network. It was planned to deliver 450,000 On Board
Units (OBU) with GPS tracking by the in-service date of 31 August 2003.
April 2002: call for proposals; one of the two final bidders said the
government's 12-month schedule was "unrealisable"
July 2002: EUR 600M contract awarded to Toll Collect, who proposed an
eleven-month development schedule, with a four-month trial period during which
the usual contractual penalties for non-performance would be waived.
Aug 2003: Deadline passes; five weeks later only 210,000 OBUs had been
installed.
Feb 2003: Government declares it would cancel the contract with damages of
around EUR 6,500 million.
Dec 2003: Consortium paying EUR 250K/day in fines increasing to EUR 500K/day in
March 2004.
The consortium has offered to deliver a system with reduced functionality by 31 December, 2004, with full functionality implemented a year later. The government estimates foregone revenue at EUR 156M per month and lost revenue from the former "vignette" (sticker) system, which was taken out of service by 31 August 2003, amounts to EUR 30-38M/month. All new road projects and related public-works projects have been put on hold because of the revenue shortfall. Some estimate that up to a quarter of transport ministry projects may be cancelled in 2004, putting 70,000 jobs on the line.
Peter Ladkin concludes "The contract has remained secret, although there is nominally a requirement that it be public. Even the German parliament has not seen it. So few, if any, independent people with the capacity to evaluate them know what the system requirements were or how well they were met, or how close the technology is to meeting them. The contract is so remarkable that few tech-savvies believe that the consortium can have negotiated it in good faith. Some even have a hard time believing that the government negotiated it in good faith, although more are inclined to believe it just didn't know what it was doing."
German engineering loses luster, Mark Landler, International
Herald Tribune, Feb 20th, 2004,
www.iht.com/articles/130404.html
Berlin kills contract to build satellite-based toll system, International Herald
Tribune, Feb 18th, 2004,
www.iht.com/articles/130098.html
Joachim Budeck, Dr. Egbert Meyer, Ausgebremste Automatik, c't No. 21, 2002 (in
German), available through www.heise.de
Andreas Hagen, Zwischenspiel oder letzter Akt mit Toll Collect? (in German),
Telepolis magazine, 25th Feb 2004,
www.heise.de/tp/deutsch/special/eco/16827/1.html
Peter B. Ladkin, University of Bielefeld,
www.rvs.uni-bielefeld.de
____________________________________________________________
CW have submitted evidence to the National Audit Office (UK equivalent of the US GAO). See:
www.computerweekly.com/articles/article.asp?liArticleID=128417
Legislation is only way to stop central government IT disasters
www.computerweekly.com/articles/article.asp?liArticleID=128384
How to stop government departments from flouting the basics of project
management
_______________________________________________________
I've been looking at a few tools for spreadsheet review, auditing, testing, and managing them more easily. I'll start with some free ones this month and work my way up to the heavy-duty ones later. These are free either as limited versions or simply free user contributions. Their creators intentionally prefer to create specific focused tools rather than try to add too many features.
Codematic are offering a free cut-down ResearchWare version of their spreadsheet analyser. Partly to get feedback on features, but also, for a conference paper, to collect reports from users of real examples of bad practice in spreadsheet use. It tests for a number of items such as Circular References, Cells Displaying A Number But Storing Text, Mixed Formulas And Values, Formulas Evaluating To An Error, Vlookups/Hlookups Expecting An Ordered List, Links To External Workbooks, Presence Of Very Hidden Sheets, Hidden Rows Or Columns, and much more including some metrics. It's a simple one-click analyser, it only reports the first error of each type it finds, but it's free.
This is an add-in that can handle tedious tasks that normally require repeated Excel menu selections, manipulate buried Excel functionality and detect hidden Excel features. Tools are: Link and Dependency Tracer, Sheet Manager, Range Name Manager, Colour Structure. With one click you can on all sheets unhide sheets rows, and columns, unmerge all cells, remove panes, set zoom, colour code text, numbers, errors, and formula patterns. All Chris Gorham asks you to do in return is to read his CV.
Mark Robinson's add-in helps you to easily navigate through Sheets, Links, and Named Ranges, adds an Enhanced Find/Replace and breaks passwords to remove sheet protection and workbook structure protection.
Rob Bovey's Excel Utilities add-in provides 25 routines for Excel development that simplify the maintenance of styles, formats, defined names, worksheets, and application settings, and provide internal information on selections. For example, one feature can trim leading and trailing spaces from all cells in a selection - try doing that with Find & Replace!
If you are puzzled by some of the curious Excel features that these tools can sniff out, here are some links that tell you more than you wanted to know about range names, their creation, scoping and visibility:
www.jkp-ads.com/ExcelNames.htm
www.excelsig.org/PastMtgs/0110/Creating_Range_Names.htm
This is an Excel add-in for accounting auditors, and it got an rare endorsement from Jim Kaplan of AuditNetLists.org. It provides data manipulation tools for the bread-and-butter testing that auditors and accountants normally do either by entering verification formulas, or running homegrown macros. Things like checking missing or duplicate cheque numbers, checking that codes for salespersons, products, and customers are valid, that digit frequency does not indicate falsification, and so on. Not entirely free - you have to spend a day or two of your valuable time to test every feature of this product. But if your time is that valuable, this will help you save some of it. To participate in the beta test which closes March 5 please proceed to:
www.informationactive.com and follow the beta test links and instructions.
_______________________________________________________
Simply send your comments to FEEDBACK (at) SYSMOD (dot) COM
If you like the newsletter, a great way to show your support is to make your next book or CD purchase from our Amazon shop page!
Thank you! Patrick O'Beirne, Editor
_______________________________________________________ _______________________________________________________
From Fred Langa's newsletter: www.langa.com/newsletter.htm
99 programming bugs in the code
99 programming bugs
Fix one bug, compile it again
Now there's 100 bugs in the code!
(Repeat until bugs=0)
_______________________________________________________
_______________________________________________________
Copyright 2004 Systems Modelling Limited,
http://www.sysmod.com .
Reproduction allowed provided the newsletter is copied in its entirety and with
this copyright notice.
We appreciate any feedback or suggestions for improvement. If you have received
this newsletter from anybody else, we urge you to sign up for your personal copy
by sending a blank email to EuroIS-subscribe (at) yahoogroups (dot) com - it's free!
For those who would like to do more than receive the monthly newsletter, the
EuroIS list makes it easy for you to discuss issues raised, to share experiences
with the rest of the group, and to contribute files to a common user community
pool independent of the sysmod.com web site. I will be moderating posts to the
EuroIS list, to screen out inappropriate material.
Patrick O'Beirne, Editor
_______________________________________________________
ABOUT THIS NEWSLETTER
"Praxis" means model or example, from the Greek verb "to do". The name is chosen
to reflect our focus on practical solutions to IS problems, avoiding hype. If
you like acronyms, think of it as "Patrick's reports and analysis across
Information Systems".
Please tell a friend about this newsletter.
We especially appreciate a link to www.sysmod.com from your web site!
______________________________________________________
ARCHIVES
To read previous issues of this newsletter please visit our web site at
http://www.sysmod.com/praxis.htm
DISCLAIMER
This newsletter is prepared in good faith and the information has been taken
from observation and other sources believed to be reliable. Systems Modelling
Ltd. (SML) does not represent expressly or by implication the accuracy,
truthfulness or reliability of any information provided. It is a condition of
use that users accept that SML has no liability for any errors, inaccuracies or
omissions. The information is not intended to constitute legal or professional
advice. You should consult a professional at Systems Modelling Ltd. directly for
advice that is specifically tailored to your particular circumstances.
_______________________________________________________
PRIVACY POLICY:
We guarantee not to sell, trade or give your e-mail address to
anyone.
To subscribe to this Newsletter send an email to
EuroIS-subscribe (at) yahoogroups (dot) com
To unsubscribe from this Newsletter send an email to
EuroIS-unsubscribe (at) yahoogroups (dot) com
EuroIS is the distribution list server of the PraxIS newsletter. It also offers
a moderated discussion list for readers and a free shared storage area for
user-contributed files. The archives of this group are on YahooGroups website
http://groups.yahoo.com/group/EuroIS/
_______________________________________________________