I got tagged…

Been a while…..

Was tagged by Kurt, in an internet meme about drawing bunnies.

I was most famously (or notoriously) chided in my high school days for “drawing” a landscape piece that looked like a 3 year old artwork.

To preempt any disappointment, i am glad to say that the incident was an indication of my overall interest in drawing,.. nil.

So i tried a 2 minute quick draw, and here’s what i got.

Looks bad huh?

After i stopped laughing for a while, i decided to make another attempt.

This is about as good as i can get!

And to finally continue on this meme, i’m going to tag Alex Eckelberry, Roger Thompson and of course, Randy Abrams.

Minor change

Away for too long. Added Avira's newly launched blog to my blogroll.

antivirus antimalware antispyware

Back from Amsterdam

I was in Amsterdam for two events: the AMTSO meeting and the CARO workshop on Packers, Decryptors and Obfuscators.

First, the AMTSO meeting. It was a follow-up to the discussions made in the last few AV industry conferences and gatherings, and the Pro-Term management committee did a lot of work to get the discussions flowing.

What's the AMTSO you ask? The Anti-Malware Testing Standards Organization, or AMTSO, is dedicated to helping improve the objectivity, quality and relevance of anti-malware technology testing.

Open discussions were the main goal of the day, on various subjects ranging on the technical details to the practicality of some of the recommendations that came out of these discussions.

The fact that there were professional testers, publishers and legal representatives gave better and instant feedback to some of the issues that were brought up, instead of delaying them to offline discussions later.

I look forward to the next AMTSO meeting, and the eventual adherence to its recommendations to improve the overall quality of testing of the antimalware products.

The CARO workshop was a great gathering of the experts that are doing the unpacking, the decrypting and the de-obfuscating of files on a day to day basis sharing their insights and lessons learnt from their work.

Kurt Natvig from Norman started off with an opening that made it really hard to follow-up on. Most of the presenters gamely took on that challenge though! Even I was able to understand the challenges and the work required for future research. Fellow attendee from McAfee also agreed on that point.

The program was organized very tightly and had papers that related and continued on the prior papers' work in a very logical manner. This helped to facilitate lots of discussions during the various coffee-break sessions and the dinner sessions.

A few themes were constantly present through the two events. The need to do good for the sake of the computing community being always in the minds and hearts of the folks that attended the events. Everyone was in a position that can and will make product improvements that will impact large groups of IT users.

To facilitate that need, this group of experts are sharing their knowledge and their experience with one another. Do keep in mind that the attendees are working in competing companies, but yet, they share most of their insight to help one another.

To make full use of these kind of gatherings, the attendees practically need to wave their goodbyes to something known as sleep. Discussions continued through the late night, accompanied by the industry number one energy drink: beer. I even got a few action items that i need to work on when i'm back at work.

The CARO workshop and the hosting of the AMTSO were organized by Righard Zwienenberg, from Norman ASA. Thanks to his great work, amidst a personal monumental event, and slight sickness, both events went on fine. Thanks Righard!

Back from AVAR 2007

I just came back to the States after attending the AVAR 2007 conference in Seoul, and a detour to Singapore to visit my family & friends.

The organizers made a great decision in arranging for the papers with related subjects to be presented within the same session. The whole session on anti-malware testing kept everyone in thinking how such issues affect the industry.

The conference this year had a few papers that focused on hacking or malware on online gaming, which reflected the massive online gaming market in South Korea.

Two other local presenters, one from my company, and is a immediate team member of Jeanette, did a paper on Vista technology, while a representative from KISA showcased the botnet mitigation efforts in Korea.

Another interesting paper was on the research and defense against password stealing trojans in China. It gave a different flavor to what most of the attendees have seen outside of China.

I believe having more and more regional based presentations will make AVAR a much more unique conference as compared to the other major anti virus conferences. Having the local presenters present in a language that they're comfortable in also make good sense, as that will increase the quality of the presentation to the local attendees, but will increase some operational costs on the organizers to provide real-time translations and the equipment required for such a service.

Randy Abrams did a very interesting paper on heuristics. It was unique in the sense that he described a highly technical subject matter in a very easy to understand manner, as the WebSense folks mentioned,.. ".. moved the audience deeply."

It's quite funny to find that oftentimes, i have to go to a conference overseas to meet up with someone else in the company. I finally got a chance to meet up face-to-face with Dan, who's a great guy to be with, and Jaime, who is a fellow Singaporean that moved to Redmond, instead of just shooting each other emails.

Of course, meeting up with members from the various AV companies, and my company's other colleagues, and having a great time doing such discussions make any conference fun, and make the 20+ hour travel a lot more easier to handle.

The post-conference tour was unique in the sense that we got to visit the DMZ. The most memorable thing on that tour was something that was totally unscheduled. It was a group of guys in the thirties-to-fifties, in a volleyball-like court, playing something that's quite similar to Asia's Sepak Takraw, but with a soccer ball. The energy and excitement these folks had in their games totally impressed the tour attendees, who were mostly tired from walking down a path that probably was designed for hobbits rather than typical humans nowadays.

I thank the AhnLab folks that organized this year's conference for being able to provide such a great conference!

All hail XKCD

Best Comic Indeed.

[nod to Fergie]

Commentary on commentaries

During my high school days, one of the primary books that i had to cover is William Shakespeare's Macbeth. At that time, one couldn't really grasp the prowess of his words and phrasing that captured every essence in life. I guess you really need life's experiences to complement such classic literature.

I can still easily recite some of the soliloquys from the main character. One of my favorite quotes from Macbeth is in Act V, Scene V, where Macbeth, upon hearing the death of his wife, cited:

"Out, out, brief candle! Life's but a walking shadow, a poor player that struts and frets his hour upon the stage and then is heard no more: it is a tale told by an idiot, full of sound and fury, signifying nothing."

The last line has multiple layers of meaning to it. The layer that i'm focusing on this post is about the comment that Shakespeare made on what constitutes good drama. I believe that the comment applies to sports, and other areas as well.

Being a boy in his teenager years in Singapore, chances are that he would be playing football (aka Soccer in USA), and would have been watching the Big League Soccer from the UK. At that time, the telecast would be a straightforward showing of the football match, with minimal commentary. Similarly, the football World Cup matches would be shown on TV right at the minute the matches started in the host countries. You'd watch the game, have a break during half time, and finish the game right at the final whistle.

Nowadays, it is not uncommon to see a pre-game show that lasts for an hour. Sometimes for big events like the World Cup final, the pre-game show might be three hours for a 90 minute match! A big team of former players, commentators, "experts" and other guests will be sharing their points of view with one another.

Similarly, during the actual match, the commentators will start to cite tons of metrics, for example:

1) how many assists each player make this season

2) how many tackles (successful/failed)

3) how much playing time each player has

4) so on and so forth....

I wonder how all these metrics actually matter. At the end of the day, isn't the one important data point is whether one team scores more goals than the other? Team A can make 1000 assists, has 100 shots at goal, make 100 successful tackles, and ran 10000 yards during the 90 minutes, but if Team B can make their 1 shot at goal count, nothing else matter. The top scorer in the World Cup 2006 was Germany's Miroslav Klose, who had a two goal lead against the next set of top scorers, but the final was between Italy and France.

What all the pre-game/post-game shows and the in-game commentaries have done is to create a huge and profitable market in terms of allowing these non-playing "experts" to give their two cents' worth of opinion in as many media channels as they can.

I recalled that there was a series in probably early 2002 that had two sets of commentators that were spouting different "data" on the same players in the same season. One set would say that Zola passed 212 times in the month of August, while another set said it was 195 times. It became a farce when they started arguing about the definition of a pass from their respective point of view!

Is there any real value added to the game? No. The unnecessary hype of such useless metrics not only do not add value to the game, but rather, shifts people's focus off the most important goal, which is, who score more goals!

This also created some false sense of authority on these "experts". Again, the ones that gained from these "sound and fury" are the ones that go around spreading sound and fury. I pity the players that are doing the actual sports. At least in terms of football players, most top league players are getting rich enough that they can afford to ignore this kind of distraction.

Technorati Tags: Commentary , Shakespeare , Football , Soccer , World Cup , Macbeth

Optimizing for metrics

While waiting for Sharon yesterday, i was at the company's in-house library and read from cover to cover two to three small but good books. The topics range from various software development models, Mathematical Puzzles (gosh, how i missed doing the math and logic puzzles from Martin Gardner when i was in high school) and one on good management and leadership skills on a quality team!

The first book (Smart and Gets Things Done) that i just completed in about 20 mins was a book by Joel. Some of the chapters do not apply to me since i'm not a hiring manager, but the concise but very detailed chapters are great to incite ideas in my brain. I can see someone already shivering from afar.

An example that he mentioned on Starbucks vs other local cafes was just something that i personally observed recently. Having the chance to visit two similar Mexican fast food places, Chipotle and Qdoba, that have practically the same setup in terms of layout and menu options. They even had the same number of people queuing up for orders but somehow, one had a very quick flow while the other was stuttering along.

The only thing different is that Chipotle has a very optimized process from the point that the customer orders the food to the point where the customer pays for the food. The order is only taken once, and the necessary information is passed down the "service line" in an effective manner. This is something that Qdoba didn't do. First the customer give his order to the first "server", and then to the one that handles the condiments, and then to the cashier eventually.

Three times vs one time. Hmm.. So where's the secret trick that Starbucks and Chipotle do that the others don't? The person taking the order WRITES down all the necessary information in acronyms on the wrapper/cup, and basing on the provided information, the rest of the service line can continue on without impacting the customer.

I wonder why that there's such a big difference in the way the two sets of examples are doing processes that are inherently the same?

One way of looking at it is perhaps the way that the organizations are measuring their staff. What is the critical metric that they should focus on? Is it the eventual customer satisfaction, or the measurement of how long each member along the service line take?

That line of thought link the first book to the book with the mathematical puzzles that i just couldn't remember the title for. A puzzle that was detailed is the well known Prisoner's Dilemma. In this game, as in all game theory, the only concern of each individual player ("prisoner") is maximizing his/her own payoff, without any concern for the other player's payoff.

Since each member along the service line is measured for his own efficiency, the quicker he can move the customer down the line the more rewards he will get. He will not care for whether the downstream gets the necessary information to work with, or worse, whether the customer is even being frustrated by the repeated queries on the same order again.

Would i blame the folks on the service line? No. If their management gives them such a metric for measurement, chances are that the folks will find ways to optimize for the specific metric that gets rewarded, without actually achieving the most significant outcome that is desired. In this case, i believe that the management might want happy customers that will be glad to come back for future purchases, but will they get such repeated purchases? I know that i won't want to spend time in Qdoba. If i want the same kind of food, i'll go to the more effective and efficient Chipotle.

More book reviews in the future. I promise a more regular update on this blog. 8).

Technorati tags: book review, starbucks, fastfood, chipotle, qdoba, joel, notes