Category: Uncategorized

Recently, I assisted our audit team to performed a technical audit on a public listed company in Malaysia. While the details of the audit are confidential, I would like to share my experience since this was the first time that I did such an audit before. Needless to say, it was quite interesting.

On our first visit, we got there early and I was promptly introduced to the director and development team as the newest member in our audit team. I said my greetings to everyone and took a seat in the centre of the meeting table since nobody else took it.

Water was then brought in by the tea lady. She brought in a number of glasses and two jugs of water. Unfortunately, we weren’t served the water and since I was rather thirsty, I got up and served everyone a glass of water. My audit team members remarked that I was really sweet in doing so – I was just doing it because the tea-lady placed it all on the table and left.

Since this was my first time exposed to this project, I asked for a quick briefing on the product that they have developed. Before this, I already knew their main objectives but I was still curious as to how they would go about achieving them. As they explained things to me, I began to probe their system and their understanding of the issues involved.

The development team was fairly nice to me and explained things that I had difficulty understanding to me. For example, I couldn’t understand why they had chosen certain cryptographic ciphers and used them in a certain way, which resulted in reduced security. I let them dig their own grave.

In fact, the rest of my audit team remarked that I was extremely nice to them because I did not go on the attack. There was no need to come out guns blazing when they were doing such a good job of cornering themselves. During the product demo, I asked them to run the thing a certain way – and the thing crashed, which demonstrated a lack of robustness.

So, we were quite disappointed that it didn’t work. As the audit team, we try not to fail anyone and personally, I try my best to pass other people. So, we told them to fix things and to arrange for another session. We’ll give them another chance.

On our second meeting, I got to meet the CEO of the company who decided that it was important enough to grace us with his presence. This time around, the tea-lady brought in the water and placed it on the table without serving too. However, the director got up and served me a cup of water instead.

The treatment this time was totally different. It was “Dr. Shawn” this and that from the development team, “Dr.” this and that from the director and “Doc” this and that from the CEO (it got shorter as we went up the hierarchy). However, as the CEO tried to drag some wool over our eyes with his charisma, I was forced to take out my pistols and shoot down some of his points.

In the end, they tried to do a proper demo but even that did not pass satisfactorily. I spoke to the development team and we were all in agreement that the system did not perform as it was supposed to. In fact, their external consultant and team lead privately told me that they would need another few months to finish the product.

After the poor showing, the CEO was visibly furious and started to bark at his people. Our audit team were quite sympathetic with the development team because we knew that they were all going to kena after we left. It is sad, but they were not able to deliver what they promised to.

On a more personal note, I could appreciate the problem that they were trying to solve. In fact, I even told them that there was clear value in certain parts of their product. However, I do not have the confidence that they would be able to solve it since they failed to demonstrate sufficient technical competency. There was also sufficient inconsistency in their speech versus the actual product that they developed to further weaken my confidence.

Anyway, I have a couple more companies to audit after Raya and I am looking forward to more excitement!

Through my limited experience in life, I have come to the conclusion that there are three types of worker types in the human species – people who treat their work as: contract, career or calling. At the risk of making generalisations, these archetypes are something that I can easily categorise people into. It is also fairly easy to detect which category someone falls under.

• Contract types are people who work for a job. They have chosen to trade their labour in exchange for money or other resource. These are people who find jobs and who see it as just something to get done in order to survive. They will often find happiness outside of the work-place, either with family, friends or some extra-curricular activity. These people are workers.
• Career types are people who are out to build. They are interested in building a reputation and a career for themselves in order to increase their value. These are people who will find jobs that are in-line with their long term plans. They will often justify their sacrifices by attributing it to the pursuit of happiness. These people are planners.
• Calling types are people who do what they love. They are the lucky few who are able to turn their passions into money making careers. They are passionate about their work because they see it as something larger than life. They will not be able to survive outside of their comfort area and would take whatever risks necessary for their love. These people are leaders.

That’s what I think anyway.

There are lessons to be learned from the looming war between Google and Oracle. However, one lesson to take away as a developer is this:

Never Let Your Company File for Patents on Your Work

James Gosling is usually pretty cryptic in his non-technical writing, but I think if you read carefully, it seems to me that Gosling regrets that Oracle now holds his patents on Java. I know developers get nice bonuses if they let their company apply for patents on their work. I also know there’s pressure in most large companies to get more patents. We, as developers, must simply refuse this. We invent this stuff, not the suits and the lawyers who want to exploit our work for larger and larger profits. As a community of developers and computer scientists, we must simply refuse to ever let someone patent our work. In a phrase: just say no.

Even if you like your company today, you never know who will own those software patents later. I’m sure James Gosling originally never considered the idea that a company as revolting as Oracle would have control of everything he’s invented for the last two decades. But they do, and there’s nothing Gosling can do about what’s done with his work and “inventions”. Learn from this example; don’t let your company patent your work. Instead, publish online to establish prior art as quickly as possible.

For some reason, our mainstream media has recently gained an obsession to highlight baby dumping issues. I guess that since they cannot highlight other ‘sensitive’ issues, this is the best that they are allowed to do – social issues. You sometimes really need to leave it to our government officials to come up with the craziest notions on what is wrong with our society.

Widespread access to pornography and weakened family ties have led to an increase in baby dumping in the past five years, according to Federal CID director Comm Datuk Seri Bakri Zinin.

Honestly, while I understand that porn is an easy target for weakened family values, it is definitely not the cause. In fact, studies done overseas have shown that there is generally, a reverse correlation between porn and rising social crimes. The more accessible porn material is, the less social crimes there are.

Women’s Aid Organisation executive director Ivy Josiah said there was no correlation between a rise in baby dumping and pornography.

The crux of the matter isn’t the easy availability of porn but the lack of education among our young. Abstinence programmes have proven to be a failure and so, let’s avoid them here. Young people should be taught about their bodies – physical, physiological and psychological aspects of sex.

Sex education should not be treated as a taboo but introduced to combat problems like baby dumping, said Malaysian Council for Child Welfare honorary secretary Ismail Majid.

That is exactly the kind of solution that we need to the problem – instead of just vilifying porn. Don’t mistake me for defending porn, I am attacking stupidity. Anyone who knows me knows that I have zero tolerance for stupidity. Our police chief should learn to keep his opinions to himself and to channel them through a proper channel such as a media spokesperson.

A HONG KONG film-maker is aspiring to become the first person in the world to release a 3D erotic movie. Director Christopher Sun said he was racing against time to complete the filming of the flick titled 3-D Sex and Zen: Extreme Ecstasy.

While I know that 3D is all the craze these days, I’m not quite sure how it would translate porn. Porn is largely viewed in the privacy of homes where availability of 3D devices is less, and there is less need for it because of the smaller viewing experience. However, I’d be interested to find out how it does around the world.

http://vimeo.com/moogaloop.swf?clip_id=11732348&server=vimeo.com&show_title=1&show_byline=1&show_portrait=1&color=00ADEF&fullscreen=1&autoplay=0&loop=0

Selepas Tsunami (After the Tsunami) from Pusat KOMAS on Vimeo.

I like the term – Memperkasakan Rakyat – empowering people.

Having previously attended one of his talks, I can say that I like his lecture on Student Power. It was very informative and educational, without being boring and intellectual. It made me ask a simple question – why was all this history suppressed? I would have loved to know the kinds of achievements that the students made in the swinging 60s.

I would think that such acts of courage, thought and conviction would serve as examples and encourage students today to think outside the box and to develop themselves into creative thinkers, capable innovators and future leaders.

Seriously, anak sendiri mati kelaparam, why?

I have recently been helping a friend build some stuff – a special kind of website, really. The reason that I agreed to help them was because I felt that their objectives were sound, that they did not have anyone who could do it right, and that I did it as a favour to my friend.

I have been working on the system for about 3 weeks now, as the sole developer building the things. This friend of mine keeps suggesting ideas that I keep trashing. Yesterday, my friend suggested another idea and after I rejected it, my friend took it up with the team looking for support. In order not to waste time debating the idea, I pulled rank and shut it down.

My friend is confused – software development work is not a democracy.

Design by committee is a term referring to a style of design and its resultant output when a group of entities comes together to produce something (often the design of technological systems or standards), particularly in the presence of poor and incompetent leadership. The defining characteristics of “design by committee” are needless complexity, internal inconsistency, logical flaws, banality, and the lack of a unifying vision.

If you want to develop mediocre stuff – maybe – but if you want to build something good, it is not a democracy. Look at the good software products – they were the brainchild and work of generally one person e.g. Linux. Even today, when Linux is worked on by thousands of contributors, when it comes to policy decisions, Linus calls the shots. Classic examples – monolithic vs microkernel, c vs c++.

The reason for this is simple – when it comes to technical decision, you cannot leave it up to the majority who tend not to know a thing about it – you leave it to the technical expert in charge. Say, when it comes to adding a feature that has the potential to compromise security of the system, you leave the decision to the security guy, not a majority vote.

In addition, when there is only one guy writing the code, you leave it to that guy to make the call. He is responsible for delivering the feature and making sure that it works correctly and safely. Only he knows how much effort and rework might need to be done to cater to that one feature. Only he has any idea what needs to be done to get things to work.

Any software that is designed by committee is going to suck, universally.

Often, when software is designed by a committee, the original motivation, specifications and technical criteria take a backseat and poor choices may be made merely to appease the egos of several individual committee members. Such products and standards end up doing too many things or having parts that fit together poorly (because the entities who produced those parts were unaware of each other’s requirements for a good fit).

A similar thing happened a couple of weeks ago. They wanted a feature that I opposed and after wasting over an hour debating over it, they finally came to the natural conclusion that my way was the right way. I could have told them that right from the start! I am not going to waste more needless hours debating over other features.

I’ve already given my friend notice because I know that I cannot work with these bunch of people. I have zero tolerance for stupidity.

PS: This also explains why the stuff at work, generally sucks and why life sucks in general too.