kindlemalaysia.com

It's a long hiatus from me. I haven't been updating this blog for ages, and now I am back, just to do some shameless promotion for my new side adventure.

To help my fellow Malaysians to get their hands on Kindle, I've decided to launch kindlemalaysia.com. Basically this is a website that allows you to purchase kindle the eBook reader direct, because the Amazon.com just won't ship its precious eBook reader device to Malaysia. So, anyone who is residing in Malaysia who wishes to get their hands on the device can go to the website and order one. The purchase process is painless, just like how would normally you buy things online.

If you have any questions you should read the FAQ, and contact admin@kindlemalaysia.com if your questions are not covered in FAQ.

One would think that my main purpose to setup this eCommerce shop is to make money. Nothing could be further from the truth. I have a nice full time job, and don't really need any part time income, thank you very much ( Although I would be much delighted if my friends who like to engage me as their wedding MC). And from my survey I highly doubt whether Malaysians are that much into book reading that I can make a nice living selling Kindle.

The reason I would do this, is to experiment with Google Adwords and online eCommerce. In other words, I am doing this for fun, and experience. Or maybe gaining a few talking points on this blog; writing about software isn't that fun after all. I hope that by one year later I can educate, regale everyone about my experience and what I've learnt.

We will see how it goes.

CliSecure

One of the benefits ( or drawbacks) of .NET application is that the code can be easily decompiled by tools such as Reflector. This feature is tremendously useful if you have a third party application whose methods are  behaving bizarrely and you want to know what’s under the hood so that you can work around it. It is also comes in handy when you are trying to understand the algorithms offered by .Net framework ( such as LINQ’s Sort()) so that you can decide whether to use the existing one or writing your own.

However, for those who are in the line of selling software ( as opposed to, say open sourcing the software and then selling the service), the danger of having the whole application decompiled and resold by the competitors is just too great to ignore. Which is why .NET developers will have to obfuscate and encrypt their code before they package it for sale.

CliSecure .NET Obfuscator is a .NET code protection and licensing solution that I have been using for past one year. To date, we are very satisfied with the product and the service. Here are a list of the features that we really love

1.    .NET 4.0 support. We are in the process of migrating to .NET 4.0. The most important .NET 4.0 feature for us is PLINQ. For computationally intensive application, parallelism is the way to go as Moore’s Law is going to hit the wall. Instead of counting on the processor clock cycle to double up every 18 months, it is far more realistic to distribute computational loads to different cores to solve your speed issue. Which is why .NET 4.0 support is crucial for us in this matter. With CliSecure 5.2, we know that by the time we have transit to 4.0, we can release it straight to the customers without worrying about whether the protection tool is up to the task or not.

2.    Support various .Net Applications. The  .NET ecosystem is vast; Windows Form, ASP.NET, Silverlight, WPF, WCF, Windows Phone 7 etc. Different types of application development caters to different groups of needs, but they share the same CLR and framework. It is not unlikely that your application has to run on desktops, browsers and windows smartphones at the same time. The good thing about CliSecure is that it can handle all the nuances of the types, so that you don’t have to use different protection tools for different types of applications. One caveat though, some of the nonstandard .NET applications ( such as assemblies compiled by Matlab .NET builder and Silverfrost the fortran.Net compiler) may not be supported due to the nonstandard nature of those compiled assemblies. But in those cases, one can readily work around the limitation by editing the assemblies by hand. For me, this is not really a problem, as we seldom compile those nonstandard .NET code.

3.    Method Call Obfuscation. A lot of the protection tools keep the name of external calling method intact, because the names are needed in order to resolve the dependencies between different methods across different assemblies at runtime. This could create a security risk as hackers can determine what are the external calls your assemblies make and guess the content of your code. However, CliSecure solves this problem by replacing external calls with internal delegates so that the real, external calls are hidden from Reflector tools. With method call obfuscation, there is no problem in protecting the dynamic type objects, introduced in C# 4.0. So all your dynamic language fanatics! You can now have the privilege to write duck typing code that is previously restricted to dynamic type languages. But don’t blame anyone else if you introduce silly bugs that could have been caught by C# compilers. Greater flexibility comes with greater risks, I’m warning you. 

4.    64 bit support. Our application is a heavy number crunching engineering application. It uses up memory a lot. So 64 bit machine is the only hope for large projects. We were using other protection tools before stumbling upon CliSecure. Amazingly at that time ( about a year ago) there was not a single .NET obfuscator tool that protected a pure 64 bit application. When contacted on how to solve this problem, those tool providers advised us to compile our application as 32 bit app and run as 32 bit app on 64 bit OS. But this is completely impractical, as the very reason why we need 64 bit OS is because we need bigger memory.  I communicated this need to CliSecure and they got it done in one month. This was the deal breaker for us to use CliSecure.

5.    Stack Trace Translation. It’s often that when you are debugging a assembly which calls a protected assembly, you will get a gibberish stack trace when the crash happens. With the obfuscation, the real stack trace is also obfuscated and thus make debugging hard. However, with CliSecure 5.2, the stack trace is nicely preserved so that the developers won’t have to scratch his head and guess what’s going on wrong in the protected assembly. This would save us tremendous amount of time.

6.    Encryption, not just obfuscation. There is a difference between encryption and obfuscation. With obfuscation, Reflector can still see your method body and logic, with all the variables renamed, logic reshuffled ( not to the point of destroying the original code flow, of course). The weakness is that with enough determination, the hacker can still de-obfuscate the code and understand what is going on in your application. Encryption, on the other hand, completely hides the method body from hackers so there is no way of guessing what the code does beyond what is revealed from the method name.

7.    Compatible with reflection. One of the things I love about .NET is its rich meta data and the ability to use reflection to manipulate it. You can use reflection to dynamically infer an object’s type, create an instance of a type, access an object’s available methods, fields and properties. This is extremely useful when you are trying to  bind and display data in a declarative fashion. Unfortunately, obfuscation tools have the nasty habit of obfuscating private variables’ name, and make them inaccessible reflection, thus defeating the purpose of .NET rich metadata concept. CliSecure, on the other hand, doesn’t have problems with reflection. You can write the code in the way you want to without worrying about how the protection tool would work on it.

8.    Technical Support. The standard mantra of technical support in software world is “we’ll get back to you in 24 hours time”. But not everyone follows this. When we were researching for a .Net protection tool, there was one provider who got back to us only one week later, and his response was “sorry we can’t do this now, but we’ll keep you posted” and we never heard from him since. Providing good technical support is very important as we, the end users have our business to do; we can’t wait too long for our vendors to fix their problems or else our business would be affected. Provide timely and helpful technical support is sometimes more important than features. And for this reason I would normally eschew large software company with resellers and prefer the ones that are small and nimble enough to answer my question quickly. CliSecure .NET Obfuscator has never failed to resolve my queries in a timely manner. When I encountered bugs in their software, they would usually give me an update that fixed the problem within a reasonable time frame. The technical support should always factor into the consideration when purchasing a component.

How to Use C# Client to Consume Google App Engine's rpc

Google App Engine allows one to run the web apps on Google infrastructure. This is especially enticing to developers because it takes care of hardware, hosting,  scaling, authentication and deployment issues.

I'm glad to learn that one can create desktop clients in any language to take to the Google App Engine backend. The way this can be done is as thus. First, get the excellent xml rpc python code from here, integrate it into your Google App Engine application.

The meat of your web service method is defined inside the application class, assuming that we have the following method in the application class:

def getName(self,meta, keyInput):                                                    
    return keyInput

This is how you can call this service method from C# client, by making use of the xml-rpc.net library:

[XmlRpcUrl("http://localhost:8080/xmlrpc")]
public interface AppTest: IXmlRpcProxy
{
    [XmlRpcMethod("app.getName")]
    string GetName(string number);

}

public string GetName(string keyInput)
{
        var  appProxy = XmlRpcProxyGen.Create<apptest>();
        appProxy.Url = "http://localhost:8080/xmlrpc/";
        return appProxy.GetName(keyInput);

}

So now your C# client can talk to Google App Engine backend with ease.

Isn't it simple? But it took me a few days to figure this out.

5A99

I waited my friend at RHB bank opposite the Spring Shopping Mall, he was late, and the day was raining. This is not my exact idea of fun, I told myself. I was preparing to meet my ex-secondary schoolmates ( dubbed 5A99), meeting schoolmates can be fun, if the gathering can ignite the sense of kinship that bonded everyone in the first place. But it can be boring or even downright embarrassing if everyone is staring in (or past) everyone's presence, not knowing what to say. A bad weather and a-friend-late-on-time seemed like a bad omen for the thing to come. 

Finally, he came, so I followed his car to the destination. Kuching was moving up a lot since the days when I moved away from it. That place was a new restaurant that didn't exist ten years ago. As we parked our car and walked into the restaurant, I took a look at my watch. 7.20pm, 10 minutes to the dinner. Standing in front of the door was a handsome young man. He was Tze Siang, after years, he still looked as boyish as before. 

Suddenly, everyone seemed to appear at the same time, we enthusiastically exchanged handshakes, meeting old pals was good, but the atmosphere was a bit tense. We started to chit-chat, the conversation was a bit formal. And there were long pauses between conversation. Were we at lost of words to say to each other because of long-time-no-see? I wondered.

However, when we found a place to sit down, suddenly the atmosphere was heating up. First, a few crackers of chuckles, then, the voice volume rose, and crackers of chuckles gradually evolved into burst of laughters, from every corner of the room. 

We were exchanging our life-experience and jokes. We told one another of our experience from our walks of life, our friends listened attentively, sometimes added a few interesting remarks that set us all into laughters. The way we shouted across the table, it felt so much like the way when we shouted across the classroom. Our exaggerated facial expression when telling stories, those were the faces that we were when we were studying together. For a moment we traveled back in time, being our old gun-hoo self, resumed our innocent and carefree attitude.  There was never a moment in my life when I felt more 5A99 then now. 

The only difference was, the ladies were much more pretty and urbanized then ten years ago, and the men were more handsome, slickly dressed then before. 

To be sure, we are never the same again after started working. Our work and our commitment have taken a toll on us. We can no more make friends as heartfelt as we were ten years ago. There are times when we have to wear a mask when dealing with people. And sometimes I wonder whether earning money and recognition in exchange of innocence and genuine friendship is a good bargain.

But tonight's gathering reminded me of how precious and enduring the friendship forged since young is. We may only see each other once a year, or maybe less. And the time may come when we busied ourselves with our families, but deep inside my heart, I would never forget that at one point of time I studied together with 5A99, and tonight shall go down as one of the most memorable days in my life. Of course, we didn't befriend with each other because we wanted to get projects or benefits, that's the point I cherish most.

Thanks, 5A99. Love you all, always.

Face.com

Ever since I joined facebook I was overwhelmed by a large number of photos and photo albums created by my friends ( you know who you are :)). With a gazillion number of photos, photo browsing, finding and tagging became an addictive activity, and a consuming one.

For a long time I wished that facebook would  just import the picasa's ability to auto-recognize the faces and auto-tag them appropriately. I reckon that facial recognition technology shouldn't be so difficult that only Google can do it, and should be important enough for any photo-sharing-intensive sites to have it. Or else how can the users manually identify every single one of their friends in the photos?

So, I was thrilled to learn that face.com has finally taken the challenge to autotag the faces in facebook photos. The marketing material says that face.com employs "the most advance face recognition technology on earth". Although I can't verify the claim, but from my experience it is a very useful application that actually saves your time tremendously, unlike other pointless time-waster applications that suck away your time and serve absolutely no purpose at all ( I'm looking at you, SuperPoke! and MarketPlace). 

So, if you have facebook account, why don't you just head over to face.com, and lets it tags you and your friends photos. I'm sure you will find it as useful as I do. 

Stupid Support Emails from Malaysia

Ayende just posted the stupidest support email on his blog. I took a look at the email content, and had to agree with him. Really, the email lacked even basic netiquettes, was poorly written, and was asking for heavens and earths from someone he doesn't know personally.

What a shame.

What is more embarrassing to me is that the author of that email comes from Malaysia. Yes, It is from Malaysia, my country.

It must be a gigantic failure for Malaysia's education system to produce graduates who don't even know how to ask questions. It's a bigger failure for the system to produce graduates who don't appreciate the amount of free time open source contributers have and ask for a detailed A-Z tutorial when the they can just google up the information themselves. Maybe I shouldn't be too surprised by the entire episode. I mean, what can you expect a spoonfeeding-education system to produce? An Einstein?

Just to let you know that I was a victim of Malaysia's education system as well. I couldn't forget the time in secondary school when I had to memorize all the facts in order to pass my exams and to booked a seat in college. Even in the university I crushed through the subjects by sheer memorization. The effect of regurgitation and force memorization crippled our creativity, made us unable to think for ourselves because we were trained and told that there was only one answer in the world and unless you get that answer right you are dead and that answer is the correct one and there shall be no debate on it.

This kind of spoonfeeding system has a more deleterious effect on other students, I afraid. A lot of top grade students do not know anything besides their books. And it isn't clear that they really understand the knowledge taught. I mean, even for maths and physics and engineering and computer science subjects you can score an A without understanding the material, isn't it? All you have to do is to memorize everything, leave no stone unturned. So, when it comes to the time when they are expected to do their own research, or get things done without to- to-bottom command from their superior, they flounder. Or when they are asked to solve real world problem on their own, they are stumped. Even a simple act of asking help from appropriate person in an appropriate manner is too difficult for many of them, as demonstrated above.

What a pity.

Edit: Thanks to our broken education system, the Power Distance Index (PDI, the higher the index is, the more submissive a person is to authority) for Malaysia is the highest.

Me, At the SiteMap of StackOverflow

It's flattening to see my account at the sitemap of StackOverflow, according to Google.

Thanks to Chris who brought this to our attention!