Self Spreadsheet Saboteur risks 10 years porridge

I used to put a little support contact details messagebox  in some of my more complex spreadsheets in the hope I may get a lucrative support gig.

This guy went a bit further.

He time bombed his VBA and locked the projects. Now its in court and it could be 10 years in prison and/or 250kUSD fine. Oops!

I wouldn’t accept a contractor keeping passwords, a proper external supplier maintaining their IP ok, but a contractor working on company files? no. And I personally wouldn’t lock my VBA either, if the client wants to do that fine, until they lose the password and I have to hack it…

 

 

Eusprig 2019

If you are interested in Excel, and therefore spreadsheets you could do a lot worse then spend a day immersed in the risks and challenges associated with them.

That’s where the European Spreadsheet Risk Group comes in with their annual conference, this year in that London.
—————————————–

The European Spreadsheet Risk Interest Group Conference (EuSpRIG 2019)
will be held at Browns Courtrooms, Browns Covent Garden, London, on
Thursday 11th and Friday 12th July 2019.

http://www.eusprig.org

Real life case studies of EUC control, deep dive into data analysis,
experience with skills transfer, and two tutorials on new features.

—————————————–

I can’t be there this year, but I’ve been a few times and would heartily recommend it to anyone with more than a passing interest in spreadsheets.

Even if the content does not seem immediately, directly relevant, a day in that environment will raise your awareness of the risks and dangers and have you thinking more cautiously next time you are building or changing a spreadsheet. Which is a very good thing.

cheers

simon

Excel 2016 Performance

What’s your view on Excel 2016 performance and stability?

In particular Excel 2016 32bit on Win10 63 bit?

I’m talking about 365, so bang up to date, and what I am seeing is:

• Excel or other Office apps freeze for around 4 minutes, once or twice most days
• Too many styles will cause a workbook that would have dropped all formatting in 2010 will be unopenable and unrecoverable in 2016
• Too many conditional format will crash 2016 completely, where 2010 would be bearable, but stable.
• General calc speed seems slower
• UI is laggy, even with all Win10 bullshit turned off
• Excel VBA can completely freeze every running office application
• Opening everything in the same Excel instance is a monumental ball ache
  • Opening everything in its own one is not much better
  • Why can’t we have the 2003 behaviour of opening in last activate instance??
  • debuggering from VS is pants, I don’t want all my dodgy xlls loading into my working Excel.  So back to run excel /e
• Did YOU ask for cell selection change to be animated????????????
• Can’t paste charts as live links any more?

So the intermittent freezes and the instability are my main issues, I’m back to saving my work every 2 to 3 minutes like in Excel 2000. And spending a fair chunk of my life waiting for stuff to calculate.

Overall I’m thoroughly underwhelmed, 2003 is still the best ever, but 2010 is starting to feel like a not too shabby vintage too (I never tried 2013, was it any good?). I reckon 2003 would utterly fly on my 16gb i7, well apart from the single threadedness.

(the 63 bit was a typo, but somehow seems appropriate as the odd bit seems to get dropped here and there on this combo.) Sadly I see Office gradually choking Excel, or as its new name Word(tables edition).

What are your experiences?

Which is your favourite Excel?

Is 64 bit more stable?

cheers

simon

lets discuss it at DevelopExcel in October!

Eusprig Conference

Its nearly time for the Eusprig conference on spreadsheet risk etc. (Thursday 5th July, glad you asked)

Here is the link, if you can make it and are involved in spreadsheet development, modelling or management its well worth a few hours of your time. Its at Imperial this year.

I’m a bit out of that world these days, I am waiting for the Excel extensibility conf in October.

But I would recommend Eusprig to anyone, lots of valuable info and contacts.

cheers

simon

GDPR phishing

We are still a few days away from the data slurppocalypse and my inbox is bulging with ‘privacy improvements’ messages. All include links to log-in or sign up or learn more. Many from complete randoms.

In general I’m ignoring them, but it does seem a great opportunity for the ne’er-do-wells to do a bit of data slurping of their own.

stay safe…

Eventbrite warning

Someone recently mentioned using Eventbrite or similar for organising the next Excel Conf (I have not heard more, so no idea if anything is in the offing or not).

Their latest agreement that you sign up to (after reading carefully I’m sure) grants them (amongst other stuff) the right to enter your event , and pre and post setup/teardowns, take as much video and photos as they like of anything they like, for them to use whenever, where ever they like for ever!!!

That also means you grant them right to publish photos of any and all attendees any time any where.

Dunno if it applies in the UK/EU

Fuller details here

What an outrageous rights grab

Vetting pantomime

Hopefully you have heard the phrase coined by Bruce Schneier ‘security theatre’ to refer to a lot of the recent changes in travel security etc. The basic inference is that it looks like security but isn’t really.

I know this because I have had all sorts of things confiscated while trying to board a plane, but have never been arrested. Too much of a threat to take my plastic clamp on the plane but not enough for a life sentence at gitmo. At least I can take comfort knowing that none of the other passengers has a small plastic clamp with which to take over the plane (or the world).

I am now living through a vetting pantomime. I have been offered a (short term) contract at a UK bank, and now ‘just need to go through the security vetting process’.

I need a disclosure Scotland, can’t get one on line as I don’t have a uk address. One suggestion was that I use someone I knows’ address in the uk as my current residence. Hmm – false information?

They want a 5 year work history, which I have provided, but now they want the gaps explaining. Well derrr I’m a contractor, sometimes there are gaps…

No, they want me to send them bank statements for all the gaps! What the fuck for??? They haven’t specified which account so I guess I shouldn’t use the one with all those NSA/KGB payments for leaking vital information? Or at least I should ensure those payments do not fall in a month when I am not in a contract.

Someone suggested it is to see if I have ‘been away’, ie looking for lack of transactions whilst held at her Royal Britannic Majesty’s pleasure. Its a joint account – there are transaction all the time (me putting money in, wife taking it out :-))

What are they going to do with my bank information? How can it help their vetting? it can’t. its stupid. If they came to me with a list of all my accounts then maybe, but thats SC level stuff not mickey mouse 10 week contract stuff.

Why are banks wanting to recruit people that think its ok to spaff personal confidential information all over the interwebs??

That’s right they want me to email them my bank statements, no mention of a sFTP secure upload facility, no details on the usage of the information, the storage, or the expiry/deletion. they just want people who don’t give a shit about information security, incredible.

Leaving aside of course the irony that between me and this bank, only one of us has ever been found guilty of any fraud or criminality. and I don’t (mis) sell PPI or fix Libor rates.

I’m know I am too old and battle scarred for this shit but really…

You’re the bad guy, oh no I’m not you’re the bad guy, oh no I’m not etc etc. He’s behind you…

Aaaanyway if you need a grumpy old fart with just enough knowledge about security to be cantankerous then let me know. It looks like I may be having a gap opened up in my agenda for me…

Has Eusprig increased spreadsheet risk?

The European Spreadsheet Risk Interest Group is a collection of academic and business people with an interest in the risks in spreadsheet based systems.

They raise awareness of the risks associated with spreadsheets. The annual conference gives a platform to people and organisations to propose their solutions to the issue, as well to researchers working in the area.

I’ve been to the conference a few times, I’ve spoken there a few times, its a great bunch of people.

But I am starting to feel their influence may be having unanticipated negative consequences.

Raising awareness of the dangers of spreadsheets seems like a noble pursuit, but what I see now is fear of spreadsheets in organisations. Which might be ok, except that what really happens is all that budget for well built professional tactical spreadsheet based solutions is diverted to strategic systems. That pressing short term need? The user throws something together in their own time, under the IT radar. So less process, less control, more risk.

Thanks to Eusprig, SOX, Frank Dodd, etc spreadsheets have a bad name. A technology is being blamed for poor usage practices. Like blaming the car when a driver driving too fast crashes..

Eusprig has done a lot of warning, highlighting failures etc, but has always as a matter of principle avoided proposing good practice. They have (deliberately) left that field open for others to address, by presenting at their conference for example.

Avoiding spreadsheets because of the risk is ok if you replace them with something with less risk. But you know what? that thing doesn’t exist.

No technology can deliver many working tools as fast as spreadsheets. So just changing technologies creates a delivery delay during which the organisation is exposed. Not the IT department, but the business department, If they don’t mitigate that exposure (with whatever tools they have to hand) they could be breaching professional codes of conduct even (eg. fiduciary duties for beancounters). not good.

Yes spreadsheets aren’t as stable as forms/browser based CRUD apps, but they are easier to adapt to changing business needs so more likely to be up to date. Try adding a field to a productions database in a large company, and comment on how long that takes. Days or weeks. Add column in a live spreaddie? seconds. Accidentally delete a critical column? seconds also :-)

So I think a big chunk of spreadsheet work has disappeared for now into IT department work queues, and is being worked around (‘temporarily’) by the business, in part due to misplaced and misunderstood fearmongering about spreadsheet danger.

So for me, yes, I think spreadsheet risk is increasing, and I am even more certain that overall organisation risk is increasing as requirements go into IT work backlog queues and/or quick and very dirty end user created temporary workarounds.

Are you seeing this fear of spreadsheets? What do you think is happening to organisational risk?

cheers

simon

Some of that Excel development

At one place I worked, the IT department were, you might say, not massively responsive to user needs.

User needs being rapid response (hours or days, rather than months or years) systems development.

The RAD team I was in was a battleground, Users wanting us to rush stuff into production as soon as it compiled, IT wanting us to stop development and start documenting from scratch on new improved word templates. (The improvement being a more consistent theme and styling rather than anything of business value.)

Then  a funny thing happened – the users stopped calling us.

They had been recruiting assistants with strong Excel VBA dev skills and were bypassing the whole IT rigmarole.

This is where I think a fair chunk of Excel dev work has gone – under the radar, out of IT control, and off the IT job boards.

And when I say strong skills I mean on a business scale rather than a developer scale. ie crap naming, global variables, no design, no testing, lots of macro recorder pap, etc etc.

Overall, I doubt this move will have a positive impact on long term delivery ability, or quality (compared to decent RAD input – you can’t compare to mainstream IT as they wouldn’t have delivered anything, so sure, they would have less production defects).

Anyone else seen this rise of the super user?

cheers

simon

 

 

Good Spreadsheet practice

Something a bit more realistic and less dramatic than ‘don’t use them’, from the ICAEW.

Please have a read and make some (constructive) comments on that site.

I can think of a counter example to all of their suggestions but I guess in general they are mostly fair enough, if perhaps a little woolly.

Some of them read a little like workarounds for poor fundamental design (eg protection – I’m never a fan!).

cheers

simon