Feeds

Rogue character space tripped Scottish exam results

AQL caught out by Excel trying to be clever

Top three mobile application threats

A rogue space in the date field caused almost 30,000 Scottish students to get their exam results a day early, as Excel versions clashed and human checking fell down.

The texts telling students their Higher results (the Scottish equivalent of A-Levels) were supposed to go out Thursday morning, having been preloaded onto the automated systems at text-specialist AQL, as a CSV export of an Excel spreadsheet. The problem was a space which somehow got appended to the dates, causing Excel to export it as a text field, in quotes, which got rejected by the automated system which then substituted the default setting: the current date.

None of this is good. AQL, who've been doing this kind of thing for more than a decade and should know better, is suitably embarrassed and assures us it won't happen again.

The vast majority of AQL's clients, which number more than 30,000, manage their requirements through a direct interface with AQL's Web Services back end. From there, they can send messages and manage campaigns without human interaction or the possibility of incompatibilities.

But the annual sending of exam results, which AQL does as a freebie, doesn't really need a direct interface, so each year the company sends the Scottish Qualifications Authority a template spreadsheet to be populated and returned. This year that spreadsheet came back as an "xlsx" rather than an "xls", but (more importantly) it also came back with a space appended to every date field, causing Excel to assume it was text instead.

So Excel dropped quotation marks round the field when exporting it, which caused the import to disregard the field and replace it with a default date – today (that day) – so the messages were instantly sent out.

Fortunately the damage was minimal. Students got their results slightly early but as the clearing system wasn't operational they couldn't do much with the information other than celebrate/drown their sorrows 24 hours earlier than they might have done.

AQL tells us the import software has already been fixed, so the combination of events can't reoccur. They'll be checking all their processes to find out why the last-stage human read-through didn't pick up the error, and see where else their old systems might need updating.

It's easy to say it shouldn't have happened, but as our own Verity Stob explained last week the rusting of software applications is inevitable as assumptions made during development become invalid. We'd like to think our own applications would flag such an apparently obvious corruption of the imported data, but there's nothing like watching someone else get it wrong to focus the mind and make sure its not us the next time around. ®

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.