Archive for December, 2008

Another missed date

Wednesday, 10th December, 2008

Office 2007 was two years old last week (30th Nov)

What did you do to celebrate?

More code signing mischief

Tuesday, 9th December, 2008


So I took the general advice and didn’t bother renewing the codematic code signing signature.

The published version of the worksheet unprotector is signed, but the signature expired a while ago. It was valid and in-date when I signed it, although I did not timestamp it. (I hadn’t seen anything to suggest it was (effectively) obligatory)

So I got this screenshot from a potential customer (or maybe not after this farce). (Actually it was the French version – but I thought this would be clearer for most sos readers)

Signing my code effectively timebombs it – Excel 2007 will claim its invalid and refuse to even load it, even from a trusted zone, once the sig has expired.

Not signing my code just gets the user a quick familiar ‘enable macros?’ warning.

It’s not a hard choice is it? even ignoring the rip-off nature of buying a cert.

I’m not totally clear how all of this helps security, as it just makes code signing even less attractive. Is something that was signed but has expired really more of a security risk than something that was never signed? Bearing in mind everything that is signed will expire at some point.

I guess I should test it with something that is signed and timestamped, and expired. Has anyone else done that?

At this stage I’m all set to totally give up on signing. I really want to sign my code, because I think its the right thing to do. Perhaps I should just get over myself – who is going to immitate a codematic tool with some nastyware?

Hmm what shall I spend the 200 quid I have saved by not buying a cert on?




Sunday, 7th December, 2008

Not long ago (ha ha) I did a post on the CALL() function. I mentioned then I would also cover CALLs sibling function REGISTER.

I’ve put it on Codematic here.

REGISTER is similar to CALL in that it allows easy access to code resources in dlls. The advantage of REGISTER is that once you have registered your dll function with Excel you don’t need to pass through a macro sheet or VBA.

The other great thing about REGISTER is if you get a totally clear understanding of it it makes converting dlls to xlls more achievable. This is exactly the function you use inside an xll to register your functions when your xll add-in is opened by Excel.

If you are interested in xll development I strongly recommend learning about REGISTER. Effectively an xll is simply a dll with the REGISTER functions embedded in it.

The page on Codematic shows both the XLM way and the VBA way to use REGISTER, just because the XLM is easier to understand (IMO).

I did manage to corrupt my workbook so that opening the function wizard crashed Excel, but I think that is because of all the messing I was doing. I will retest.

All feedback welcome as usual, especially from anyone using this sort of approach in production.



Christmas sorted

Saturday, 6th December, 2008

Print this out and post it up your chimney in the elfmail:

Christmas list

Christmas list

Dear Santa,
All I want for Christmas is to go to the Excel User Conference in London in April 2009. I promise to be good.

That’s got to be better than a Christmas jumper surely? And cheaper – its free!

Its the first and/or second of April, our friends at Microsoft are providing the venue (and the coffee (and biscuits? (Chocolate Hobnobs please)). And one of the Excel team will be presenting. You can attend one day or both. There should be close to 100 people there each day.

Nick has the program and further details here.

This is THE Excel event in the UK in 2009. I’ve already started preparing.

Just to highlight that again – 2 days of Excel content delivered by Excel experts for FREE, nowt, nada. Surely you can sell your boss on the time off and a few quid for beer?

Hope to see you there.



[If you would like to explore what Codematic Calligraphy ™ can do for your announcements please get in touch.]

Bad spreadsheet

Friday, 5th December, 2008

Dennis made a good point on the last post about being fed up with people always blaming spreadsheets when there is an error. You know who

I totally agree. I can’t remember the last _spreadsheet_ error I saw*. Actually they are usually _user_ errors, either in the mechanics of spreadsheets, process of development or lack of domain knowledge, or whatever.

I blame Sarbox, Eusprig and auditors, in that order, for raising the awareness of spreadsheet risks, without giving due regard to the wider issue. The wider issue being poor controls of any software development will create risky, error prone systems.

At Eusprig 2007 I think the first 3 speakers (one was me, one was DB from the FSA (regulators of all UK financial services)) highlighted the increased risk from user developed Access databases.

The Eusprig stance is entirely reasonable – they are focused on spreadsheet risk (the clue is in the name). If someone wants to create another group to focus on the risks of end user databases, or other types of risk, Eusprig would be happy to help and collaborate. But in 10 years of Eusprig there is no sign of EuDBrig – possibly because the name is even less catchy?

Sarbox and auditors I feel are a little less reasonable in hounding spreadsheets and spreadsheet users. Partly I suspect this is because auditors think they can audit spreadsheets, but I bet very few of them have the first clue about databases (or code actually). ‘Proper’ systems get proper systems auditors with an IT background, not the fresh faced graduate accountant trainees found in financial auditing. (I have no idea which department is auditing the .net based financial reconciliation system I built for a recent finacial services client.)

Should we start a ‘spreadsheets are innocent’ campaign?

What sort of catchy slogans should we be painting on walls and pavements outside large auditing firms?

‘Excel is innocent – it woz Access wot done it’?

*Of course I can really – its the Excel 2007 calculation presentation bug – I coded a test proc here



Another spreadsheet WTF

Thursday, 4th December, 2008

At the daily WTF of course.

This doesn’t sound much like a WTF to me, its completely standard practice isn’t it?

Spend a stack of time/money/effort creating a report that everybody ignores?

Thats the whole reason why the ‘whoooo – spreadsheets have errors’ scare story breaks down in the commercial world. Everybody ignores them, or at least very very few decisions (important or otherwise) get made on the strength of only one single reporting/analysis spreadsheet. (Financial traders are excluded from that generalisation).

I would argue a great many decisions are made on gut feel and/or wide ranging, hard to specify research and information gathering, and the spreadsheet is used as rational justification. See El Reg’s savage destruction of M Gladwell (author of Blink) here.

Everywhere I have ever worked I have seen multiple period reports issued that have been nonsense and they have got away with it too. I think the self healing nature of organisation is often underestimated.

I’d be interested in any research that compares gut feel to error ridden spreadsheets for decision quality.

I’d also be interested in any research comparing what people do when gut feel != system result.

If you have research in these or other related areas then you should tart it up and submit to Eusprig, thenĀ  we can meet in Paris for a Pastis in July.

Who else has seen supposedly ‘big’ errors in spreadsheets in companies that survived just fine? Or more to the point which companies failed because of them?



Google v Yahoo

Wednesday, 3rd December, 2008

I have been watching Yahoo Slurp slurp up all the Codematic bandwidth in my site stats

Here is the bot comparison (from Nov figures):

  • Yahoo visits 6 times as often as Google
  • Yahoo takes 6 times the bandwidth of Google
  • Google refers 14 times as many visitors!
  • Yahoo refers 1 visitor per Mb of bandwidth its crappy bot sucks up
  • Google refers over 80 visitors per Mb.
  • Live + MSN together send half as many visitors as Yahoo.

Are your figures similar?

I’m thinking I may have to exclude Yahoo slurp from some parts of the site to save some bandwidth and server responsiveness for useful visitors. Anyone else had to do that?



The hidden cost of controls

Tuesday, 2nd December, 2008

Paul Graham has an interesting article here about the hidden cost of controls.

He makes a good point (as usual), that some of the controls large organisations implement have a hidden, rarely considered cost.

One example given is the big co’s who do solvency checks on suppliers. Seems to make sense, except perhaps that discourages or prevents the best suppliers from even bidding for work.

I have walked away from potential work because the (potential) client makes the procurement process too burdensome. If I was short of work I might have sucked it up, but actually if there is enough work from reasonable customers, why bother with restrictive NDA’s, or submitting tonnes of insurance certificates, or providing bank statements or any other back covering bullshit?

Same with the government, they won’t even consider Codematic as its too small. Likewise many big Co’s want to use an agency to protect themselves from employment law obligations. Even though the cost of using the agency is worse than the worst worse case scenario of getting a ‘deemed employment’ judgement.

Have you seen this hidden cost in operation?

Have you walked away from work or projects because of them?