Brief Banter By Ben

Colour Vision Test

A wealthy old lady decides to go on a photo safari in Africa, taking her faithful pet poodle along for company.

One day the poodle starts chasing butterflies and before long he discovers that he is lost.

Wandering about, he notices a leopard heading rapidly in his direction with the obvious intention of having lunch.

The poodle thinks, "Uh-oh, I'm in deep trouble now!"

Noticing some bones on the ground close by, he immediately settles down to chew on the bones with his back to the approaching cat.

Just as the leopard is about to leap, the poodle exclaims loudly, "Boy, that was one delicious leopard. I wonder if there are any more around here."

Hearing this, the leopard halts his attack in mid-stride, a look of terror comes over him, and he slinks away into the trees. "Whew," says the leopard. "That was close. That poodle nearly had me."

Meanwhile, a monkey who had been watching the whole scene from a nearby tree, figures he can put this knowledge to good use and trade it for protection from the leopard. So, off he goes.

But the poodle sees him heading after the leopard with great speed, and figures that something must be up.

The monkey soon catches up with the leopard, spills the beans and strikes a deal for himself with the leopard.

The leopard is furious at being made a fool of and says, "Here monkey, hop on my back and see what's going to happen to that conniving canine."

Now the poodle sees the leopard coming with the monkey on his back and thinks, "What am I going to do now?"

But instead of running, the dog sits down with his back to his attackers, pretending he hasn't seen them yet and, just when they get close enough to hear, the poodle says.....................

"Where's that damn monkey? I sent him off half an hour ago to bring me another leopard!"

SOMETIMES BULLSHIT AND BRILLIANCE ARE THE SAME.

A French teacher was explaining to her class that in French, unlike English, nouns are designated as either masculine or feminine. "House" for instance, is feminine -- "la maison."

"Pencil", however, is masculine -- "le crayon."

A student asked, "What gender is 'computer'?"

Instead of giving the answer, the teacher split the class into two groups, male and female, and asked them to decide for themselves whether "computer" should be a masculine or a feminine noun.

Each group was asked to give four reasons for their recommendation.

The men's group decided that "computer" should definitely be of the feminine gender ("la computer"), because

1. No one but their creator understands their internal logic;

2. The native language they use to communicate with other computers is incomprehensible to everyone else;

3. Even the smallest mistakes are stored in long term memory for possible later retrieval; and

4. As soon as you make a commitment to one, you find yourself spending half your paycheck on accessories for it.

(No chuckling guys... this gets better!!!)

The women's group, however, concluded that computers should be Masculine (le computer"), because

1. In order to do anything with them, you have to turn them on;

2. They have a lot of data but still can't think for themselves;

3. They are supposed to help you solve problems, but half the time they ARE the problem; and

4. As soon as you commit to one, you realize that if you had waited a little longer, you could have gotten a better model.

The women won.

A number of children are standing in a circle. They are evenly spaced and the 6th child is directly opposite the 16th child. How many children are there altogether?

Testing times for software

'Life can only be understood backwards, but it must be lived forwards.' - Soren Kierkegaard. (1813 - 1855).

A software controlled cruise control system needs to undergo more than 800,000 unique test scenarios before software errors that could cause a malfunction can be completely removed.

And, because the number of test scenarios required is so high, it is economically impossible to implement using standard software development techniques.

That's according to two English fellas that have recently started a new company - Verum Consultants - to help software developers over this seemingly insurmountable hurdle.

And since they were in London last week, having flown over from their software base in the Netherlands, I had the pleasure of meeting them. During our summit, the two chaps in question- Guy Broadfoot and Robert Howe - demonstrated just why modern car manufacturers cannot wholly guarantee that software based electronic systems incorporated in modern vehicles are safe and reliable.

Naturally, as a car driver, I was rather unnerved by the demonstration. And I must say, rather relieved to discover how they had developed a solution to the problem as a result of some rather late nights of study at the rather prestigious Oxford University in England.

The two engineers believe that existing software development models, based on testing as the principle means to remove software defects, are flawed. Because no design verification is possible, software testing involves finding and removing not only implementation defects, but all defects introduced through the development lifecycle, and the inherently non-deterministic nature of complex behavioural software means that it is essentially untestable.

"Every experienced software professional and computer scientist knows that software correctness cannot be established by testing alone. It is simply impossible to test all aspects of a complex software system. Even if this were not the case, the number of tests required would be so large as to be economically infeasible," said Broadfoot.

The Verum solution, which they've called the Analytical Software Design (ASD) process, brings an engineering design discipline and mathematical rigor to the development of software design to eliminate these errors and reduce rework.

ASD itself enables the specification for a software program to be written in simple terms that are comprehensible to the layperson. The technique generates a series of models that can then be used to test the software's accuracy against the original specification.

It was impressive to see it run on Broadfoot's notebook. The software rattled through the 800,000 test scenarios of a cruise controller in less than a few minutes. And Broadfoot demonstrated how the software could flag software inconsistencies and then allow the user to fix them rather rapidly too.

But despite all their smarts, Broadfoot and Howe face an uphill battle over the coming years. They must now set about convincing busy software development managers that they should re-examine their software design process - concentrating on the testing of the software architecture of their systems prior to deployment.

Let's hope that it doesn't take a cruise control to lock up at 350 kph on a German autobahn before some of the automotive OEMs invite them in to share their knowledge.

To learn more about the Verum software, go to http://www.verum.com.

David Wilson
david.wilson@e4engineering.com
Editor, e4engineering.com

GDI+ Security Flaw

This is an example of a totally avoidable problem: Already, some users' systems are being compromised by a trojan/worm--- and some security experts are claiming that this will be the "next big worm" we'll have to face--- even though a fix was available before any instances of the worm/trojan appeared in the wild. No one's system need be vulnerable to this worm, but if history is a guide, millions of users will ignore the fix, and we'll all suffer the consequences as system and servers bog down with totally unnecessary worm traffic. Sigh.

A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. Any program that processes JPEG images on the affected systems could be vulnerable to this attack, and any system that uses the affected programs or components could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

This issue affects software that supports this image format....

JPEG/JPG is a ubiquitous image format, so this means that essentially *all* version of Windows and all versions of Office can be affected. But the fix is tiny, fast, and free: http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

In fact, if you've been keeping up with your patches, or have allowed your system to patch itself as needed, you probably already have this fix. If so, please make sure your friends and family have their systems patched. Again, this is a wholly- preventable problem, as no instances of this worm appeared on the web until *after* the patch was released. This is a worm that should go nowhere--- but probably will find a ton of unpatched systems to infect.

More info:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Be on the lookout!

We recently received credible intelligence that there have been seven terrorists working in your office. Six of the seven have been apprehended.

Bin Sleepin, Bin Loafin, Bin Surfin, Bin Lunchin, Bin Golfin and Bin Drinkin@Foxin have all been taken into custody.

At this time, no one fitting the description of the seventh cell member, Bin Workin, has been found.

We are confident that anyone who looks like he's BinWorkin will be very easy to spot.

You are OBVIOUSLY not a suspect at this time. So keep on doing what you Bin Doin!