Open office 3.0 preview

The 3.0 beta version of the most popular open source software, OpenOffice has been releasedrecently.  It remains the only document editor that I use to produce Word files. 

 The most significant added feature of this new release is the native support for Mac. Don't know how they did it, but it looks (and really is) just another cool Mac applications. It means no need to run X11 before using the older version of OpenOffice with my new shinny, white Macbook. Here are some snapshots, of the new OpenOffice center and look of the Spreadsheet program:

The biggest disappointment, still, is the problem with multiple, in consecutive copy and paste feature with the Spreadsheet. For instance, your data is in A1-A100. You want to select A5,A10,A15... to make another table. It's not possible with OpenOffice, as a lovely window popping up saying that Multiple Selection is Not Possible. This feature has been request from version 1.x, but no one seemed to pay attention. As far as I am concerned, this is the one that hold me back from completely abandon Microsoft Office suite.  And don't tell me Visio is the best drawing program out there. The truth is, it's totally inferior to xFig regarding producing quality EPS pictures, which can be bring straight to laTex documents. 

It is a smart move from OpenOffice to have native support for Mac. However, interesting questions were raised on how much the Mac community going to contribute to the development of the OpenOffice, or the Linux open source community in general. The common perception is that Mac developers are not as open as their fellows on the Linux world. For one thing, they are not very keen make the applications cross-platform compatible. 

Vietnam mentioned in a Firefox - virus related news

It is the very fist time I read an article in Slashdot mentioning Vietnam. My beloved country drew attention from Firefox, as an user discovered Trojan in the Vietnamese language pack for the infamous browser.

The reporter, named Hai Nam Nguyen posted the news which was quickly confirmed by Firefox. A high-school friend of my is called Hai Nam Nguyen as well. He came to the national University, studying computer science. It could be him, I wonder. But of course, this is a very common name in Vietnam, and I haven't got hold of him to ask.

The Trojan, very likely written by a Vietnamese hackers, is essentially an ad generation. It does not seem to do other more malicious activities, but could well make Firefox open to more exploits. Now Firefox pulled the add-on off the website, but it has already raised some eyebrows. Yes, the idea of open sourced, free software is that everybody can hunt for malicious or buggy codes. And Firefox is undoubtedly the most successful open source software out there, but the software must go through a Quality Assurance process before officially release. However, all the plug-ins and add-ons for Firefox, as well as other less popular software, they did not catch much attention and there weren't clear QA or auditing process for them. Malwares might as well be abundant. Well, but that's is the risks that many (including I) are willing to take. At the end of the day, 0.01% of the users caring and reading the source codes can make big differences.

Hierarchical structure of network discovered

Published in the Nature journal, the work from a group a researcher from Santa Fe Institute (SFI) reveals that for a complex network, there is an underlying hierarchical structure regarding the connectivity among nodes.  Graph cluster could be one form of hierarchical network, where small clusters make up a bigger ones that make up the network. The same can be said for modules in biochemical networks or communities in social networks. 

The full paper, which can be found here, is quite long to read. Basically, the hierarchy in the network can be represented by a (probabilistic) tree. The details are not yet very clear for me. Results from the paper say that the construction of such tree can be automated, impact of which can be very significant. First of all, given incomplete data from a network, one can reconstruct the missing links with high accuracy. Secondly, this can be another way to construct popular type of networks such as power-law or small-world. 

The number 43

 I've happened to bump in to this number 43 a number of times recently. Wikipedia did not have much information about this mysterious number. After all, it's not mathematicians who bring all the good stories. Here are my 2 cents.

Most nerds must be familiar with number 42, as the answer for everything. The number that takes an alleged super computers years to come up with. Well, 43=42+1, doesn't it imply something? Perhaps and  answer for everything that will happen in the future.

43 = 12 (months) + 31 (days). Recently, it appeared in the Getting Things Done (or GTD) culture.  Started by David Allen, this action and time management framework or concept successfully convinced quite a number of followers.  A quick look at Wikipedia will bring out more details. In his work, David suggests to organize tasks into 43 folders, labelled with 12 months and 31 days of the month. Tasks are put onto these day folders, which in turn are put into the month folder. One would review, process, update and reorganize these folders frequently as tasks are acted upon or added.  Nowadays though, these all can be done via free or commercial software. For Mac, iGTD is the top choice. This denotionware is very well designed, as I found it's extremely to add tasks and create the infinitely long list of things that I am supposed to do (and finish some day). Strangely, it somehow makes me to review the tasks seriously and actually act on them.

The 43 things, a social network that has a substantial number of users. Basically, one lists his or her goals, from the most trivial and ridiculous to the dead serious ones. The network links people with similar goals together, so that can cheers each other on. The philosophy behind this, said in the Website, is that people get inspired by other's goals, discover new goals; and more importantly, they get focus and momentum when working towards the listed goals when connected to ones with similar interest. There is no explanation on the Website why it is named the 43 things, but not any other number. I sense a very vague connection between the purpose of this site and the iGTD concept: you working all year round (12 months a year and 31 days a month) to reach a set of goals.  Still, my biggest question with this social network is the real fundamental drive behind its success, i.e. what is accountable for that big number of users. In deed, it's already a new task on my iGTD, marked as "some day". 

Another Mac vs PC story

 Yes, just another story of Apple vs Microsoft. Blah, blah, blah ...

Just to set the background, I was reading some stories with my newly acquired, blindly shining white Macbook, then I stumbled on the recent cover story on Business week, titled The Mac is in the Gray Flannel suit. It lays out an interesting and insightful discussion of the war between Mac and PC, from a business perspective. To be more precise, the business people did not call it war, as most geeks would address the matter.  They have it right this time, since how can it be a war when there is no evidence of competition. 

 Basically, the article correctly points out the fundamental difference in the business strategies of Apple and Microsoft. When he took over Apple in 1997, Steve Jobs commits to a business model targeting the consumer market, i.e. individual buyers, who pay for the machines from their own pocket. Since then, there has been no attempt from Apple to set up a massive support, sales, accountant, PR teams for corporate customers. They rely on hundreds of Apple stores and mostly one-to-one support to customer.  There is also no sign of Apple licensing their software/hardware to other vendors.

 Microsoft and PC vendors, in general, are started with long term strategies targeting corporate customers. They are evidenced through the well-funded sale, marketing, support, PR teams. Furthermore, PC hardware are total open, making it easy for third party vendors to produce compatible products. This proves a big advantage for organization-scale deployment, because it would be easy to administrate, find hardware replacements and a large range of software.

 This difference in culture of the business model has once have Mac and PC living happily in their own niches. The recent popularity of iPod, iPhone and increase in popularity of Macbook and its siblings, thanks to the Intel infrastructure, suggested that employers are forced to make real consideration of adopting Mac in their organization. In addition, the Microsoft current best thing, i.e. Vista, seems like a big failure, and it sparks enormous resentment from employee when forced to abandon XP. 

 The article has given an interesting verdict for the future, saying that such competition between Mac and PC will be irrelevant in the next decades or two. The reason is that the computing platform will be moved to the cloud, as the software-as-a-service model proliferate. All the ordinary tasks, including entertainments will be moved to the Web, which then be accessed in form of Web applications.  Thus, the market is unified, as all support needed is for the Web browsers. 

 In summary, it is now down to Jobs to decide whether he wants to take up the challenges in the corporate market or not. Either way, let's have our finger cross that the current culture will not be deteriorated. In particular, we should still be able to get our broken Macbook repaired within hours.  Until then, this shinny Macbook is still the best laptop I've ever had. 

Kraken worm dissected

 Kraken were recently believed to be twice as big as the infamous Storm worm. There are debates on its estimated size, but it should have the army of at least several hundreds of thousands of zombie to take up such big headlines. 

 I blogged about Storm worm being a hot research topic not very long time ago. It found the way to some of the most prestigious conferences, NDSI for example. As revealed, Storm's army of zombies are organized into a structured P2P overlay, namely Kademlia. Controls can be initiated from any bot in the network and more importantly, such structure enables the bot-net to scale seamlessly.

 Now, not long after taking over the headlines from Storm, Kraken (I really struggle with being in constant awareness of not typing this name as Karen !) was hacked. A more general, statistical analysis is present here, while all the ugly details are hidden elsewhere.  In summary, Kraken works as follows:

• The bot-net relies on dynamic DNS.  Essentially, the DNS server allows the DNS records to points to dynamic IP addresses. It means users can change the record to point to a total different host as frequently 5 to 10 minutes.  The bot-net owner, whoever he is, further depends on free DDNS providers, from whom he acquires a large numbers of DDNS records. As far as I know (and read), there is no evidence suggesting that he can have an arbitrary number of such records.
• Now once downloaded and ran, the Kraken worm resolves a random DDNS record and contact the zombie that is pointed by that record.  The random seed is hard coded into the binary. The worm's download from the remote zombie could be another binary, or just commands to perform some illegitimate activities. Remember that the DDNS record is changed frequently, plus the worm can download update that generates new set of DDNS records. In other words, it is almost impossible to trace down the one masterminds the whole bot-net

One crucial component of this bot-net is the DDNS provider. Unless the zombies run some sort of DNS servers themselves, in my humble opinion, this bot-net is not on Storm's league, as far as the system's scalability is concerned. In particular, the DDNS provider presents the single point of failure. Had the bot-net reached a critical point and the damage caused were substantial, the DDNS provider would be forced to shutdown, even if he is living in China. 

On a non-technical note, the research group that hacked Kraken put forward a so-called social dilemma. Basically, they successfully infiltrated the bot-net and claimed to have control of a substantial number of zombie in the bot-net. They could either shut them down all together and potentially collapse the entire bot-net, or just sit back, relax and enjoy. At first thought, there seems to be only one rational answer: shut them down.  The argument against it, as said on the website, is that doing so may be life-threatening, especially for zombies that also run some sorts of life support software in the hospital. Well,  this is far from convincing, but I can imagine how they could get into troubles if they now just go and shut down thousands of bots all at once

• It seems to be illegal to tamper with (not even control) a stranger's machine without his or her consent. After all, it is the same as breaking in someone's house and nick his stuff. I believe before using the AntiVirus software, you must have click Yess/I Agree on some obscure document/agreement, which should contains a statement saying that you agree for the software to delete files on your PC. 
• That being said,  if they did it without letting the user knows, there would probably be no consequences at all, since the user doesn't even know that his PC is a zombie at the first place. However, now that they have published the dilemma on the Website, the whole world are informed. A wise move now would be to get the user's consent first, before doing anything. For example, have a pop-up or send emails saying that their machines are infected, then show them where to delete the file. But hang on a minute, many people have bumped into such pop-ups and emails before, and following the instruction surely cause them anything but troubles. In deed, spam filters are smart enough to put those email straight to the Spam folders. 

Any who, if I were them, I would wait before doing anything. But while waiting, try to see if there is a way to efficiently knock down the entire bot, to its root. It's also nice to catch the one behind this whole thing, it seems no longer impossible, since they are now in control of many insiders. Use them. 

Code of honor for the malware market

 Laugh of the day for me ! The creator of the Zeus malware added the End User License Agreement (EULA) to his intellectual property.  This is just a next, rational move for any emerging, profitable market of selling virus, malware online. 

 The basic restrictions are: no redistribution to any other business and no submission to anti-virus company. Catch 22 here. Why would a malware buyer turn himself in to the authority ? The consequences, stated in the EULA, of course do not at all involve the court. Basically, the vendor would cut off technical support, and the binary will be submitted to the anti-virus vendor, rendering the purchase completely useless. As far as I concerned, all these are quite cleverly thought out, i.e. there would be very little holes for exploitation. 

 Last but not least, the EULA effectively locks the buyers in with the product, by making the user agree to pay fees for updates and fixes regarding the product. Microsoft would love this business model so much. 

Donald Knuth voiced his thought on programmings

 Just in case the name does not ring a bell to you, Donald is the author of the infamous books The Art of Programming Language.  And some may have known, he also invented the TeX language that powers our beloved, amazing LaTex.

 He was recently interviewed and the rather long script are published here. Credits to the Slashotter who found this.  Here are my personal best bits:

1. He obviously has public another volume of his book, The Art of Programming Language, volume 4 to be more specific. The days being undergraduate suddenly returned. This is admittedly one of the first book that I borrow from the library. Don't remember who told me to pick it up or just because of its slick cover and attracting name. Well, I think it lasted about one week on my book self, and sadly never return.  It probably would not have been the best book I ever read, despite people saying it being the programming bible.  Or maybe I should really give it another go, quite cheap in Amazon.co.uk for a neatly packed box with 3 volumes inside.

2. His opinion on the current trend of parallel programming is somewhat shocking. Put it simply, he doesn't like it very much.  Having been programming sequentially since the dawn of computers, he certainly has a reason. As much as I respected him as being one of the fathers of computer science, his comment that hardware vendor adding multiple cores to processors just because they are running out of idea comes as total surprise to me. Apart from being quite unreasonable on those hardware people,  he somehow underestimates the good that the multi-core infrastructure as well as parallel program could bring to us. Learning parallel, multi-threaded programming is not just about writing games or other personal utilities. It novelty really shows in Grid, Internet-scale distributed system programming.  And it's the strong belief that this is the way we are, and should be moving forward.

3. There is an interesting concept mentioned in the interview, called literate programming. Reading the first few lines in Wikipedia gave me the (wrong) impression that it is just a fancy name for a well-documented style of  programming. Only a bit later did I realize that is not it. Traditional programming is the one that we code, then we put comment next to those codes and hoping other guys would not have to kill himself trying to understand our programs. Literate programming is different fundamentally in the approach of writing program. The whole sheebang is written in human-comprehensible language,  both source code and the documents, so that our grandparents can just read it like a science fiction novel. Then, it will be compiled, results in a binary, runnable source code and a perfect documentation.  Honestly, the only difference I can see here is that programmer are forced to document and code at the same time, as opposed to the way most of us doing it today (code, test, then comments).

The question is why hasn't it taken the world by storm. It seems to be a good idea. On the other hand, it was first proposed in the early 90s, but I'm still struggling to find a working example on the Web.  Enough said! It could probably wake up someday and really takes the world by storm. The only big project using this paradigm up to is Donald's MMIX something. It alone is not enough to convince the rest of the world. 

4. He mentioned some other things as well, but the script is quite long to remember what you just read 5 lines before.