There was an error in this gadget

Wednesday, June 30, 2010

A True Inspirational Woman and Loyal Friend - Aradhana Prakash Gupta

A glimpse of Rathore-Ruchika episode in own words and my take on it.


A Dutch courage is not needed for undeterred people in reaching their target. When life traverses through a bumpy path, we need to get enough nerve up for accomplishing the task. Here is one such women who had silently made her mark in the cacophonic world. The parallel to Ruchika Girothra case, The friend indeed, who stood through 19 years, 40 adjournments and more than 400 hearings against the vicious circle of system, The sole witness in the Molestation tragedy –Aradhana Prakash Gupta. The woman with nerves of steel, who stood, survived and struggled through the tragedy of her 14 year old friend being molested, tortured, who put with the politicians and its associated nexus.

Though India celebrates the past history with Triumph and pours accolades for current path breaking accomplishments, it does have incidents which smashed the ideas and aspirations of command man and left culprits unpunished due to lack of sections in the judicial system and making a foul play of the system itself.

Aradhana was a best friend of Ruchika, a promising Tennis player from Haryana. Both of them were classmates and found a nice time sharing their ideas, watching movies and lawn tennis matches. The nightmare began in 1990, when Rathore, then Inspector General of Police had molested the 13 year old Ruchika in his office. Aradhana was the sole witness of this incident, played a major role in filing the complaint against the shameless cop. And with it began the machinations of a government that strived to protect its own. Goons followed their families, intimidating them with threatening calls. Ruchika was expelled from school, her father S.C. Girothra, a bank manager, was forced to resign and her younger brother Ashu was arrested and illegally detained on false charges. He was later tortured and paraded semi-naked in front of Ruchika. Though brave enough to take on anything, but couldn’t see him like that and a few days later she committed Suicide. Things weren’t easy for Aradhana and her family. Her father was demoted and threats increased, cases were filed against Aradhana at the age of 13. The same incident has changed her lifestyle either. A promising tennis player almost led a reclusive life, hardly socializing with people and making friends. Always wept for what has happened to her best friend, tirelessly attending all the hearings in the court, fought for justice knowing her safety is in stake.

As life passed on, Aradhana got married to an understanding husband and now a mother of two daughters had recently flew from Australia to attend the final hearing of Ruchika’s case which continued for 19 years, where the convicted SPS Rathore was sentenced for 6 months of Jail with Rs.1000 fine for finding himself guilty to the probe ordered. Stating this was not commensurate for the cost of Ruchika’s life, Aradhana started raging the hue and cry against the verdict. Along with Public support and untainted family support she made all the cases re-visited and filed new FIR’s against the deadly cop.

A strong civil society – ever vigilant mass media, NGOs, pressure groups, professional organizations and public spirited individuals etc. joined Aradhana lending their voice against system and trying to provide new, firm and sustained initiatives. But unfortunately, politicization, criminalization and inefficiency of the police are overshadowing the efforts made by some voluntary organizations and well-meaning officers to introduce reforms in the system and, the law and order machinery.

Aradhana brings our her heart burn citing though she cant get her friend Ruchika back, the justice to her reaches out to common woman who is also victim of the system, frustrated at the state of affairs while not knowing how to Change the system. There was a huge ruckus in our Parliament against punishment to Rathore, stating this law offender should be hanged till death and cite this as an example for any such official who misuses his power . Though we see women reaching to stars, there are still tribal illiterate woman existing in our country, who are victims of such malicious men in every walk of life. But surely it seems that the people have to be in the forefront of the fight against corruption, communalism, illiteracy and criminalization of politics and life in the country.

With the resolve that in order to have a great nation that we can be proud of, we all need to get involved in the nation building process. So, let’s roll up our sleeves to fix the system we do not like. I salute Aradhana for her unwearying determination for the justice to her friend, above all for being a true inspiration for all the citizens to fight against the guilty.

feedback@ duvvurusandeep@gmail.com

When order breeds monotony, chaos breeds life !!!

Processes: The same old word which has created the most efficient corporations of this world. Organizations which are believed to be lean, agile and dynamic to respond to any change in the business environment. And they seem to have built this through a strong focus on standardization, one that has created a huge network of replicable (or replaceable) products, systems, technology and even people…!!!

Though we all recognize the fundamental strengths that order of any form can bring to life, what we will try to explore here is exactly the opposite: What lack of order can create for us. We have all heard stories of the greatest pieces of art (poems, painting, novels etc.) being created at airports (when flights are delayed), in war zones (where people are fighting to survive), in famines / earthquakes etc. Take the example of Vincent van Gogh…the genius (but completely unorganized and eccentric) Dutch painter…a person who defied all order, exhibited little monotony and created masterpieces in complete chaos.

Chaos fosters new learning…opens avenues to dimensions usually neglected under the assumption that the best solution always rests in an orderly display, a structured approach and (apparently) logical thinking. Innovation is so often linked with burning the bridges (in an attempt to force people to think differently), but the next step would be to create chaos. And controlled chaos would be the best stimulant for generating a non-linear approach to viewing, understanding, analyzing and implementing solutions…

With this as the base on chaos, lets try to understand what this chaos can do for the industry that we operate in, i.e. IT or more accurately IT services. We all believe that innovation is a key enabler to success in this industry. Our processes have delivered the order and certainty our customer desire. The key here is to strike the balance between the two. Now think of all the chaos creating elements in IT…can be everything which can, potentially, in our opinion make systems fails. List down all such enablers (yes, I call them enablers here because it is this fundamental chaos that will be used), their attributes and impact areas. For example, a bug in the code has an impact on the failure of the program / procedure. Create a detailed list of such chaos elements at different levels…at technology level, architecture level, methodology level, approach level etc. Now categorize these chaos elements into different categories in which they can create problems. The next step is very crucial. Try to check if a chaos element is introduced in one layer / category, can we come up with another chaos element in another layer to counter this chaos element (this is like two negatives lead to a positive)…and bingo, you have another way to get the same thing done, by creating chaos in a well defined process (oh, are we back to our good old processes!!!)…are we onto some innovation now??? Let’s call this form a inter chaos counter approach.

Another way to look at chaos elements is even simpler. Try to introduce a chaos element, and try to find out a way to counter the chaos element without using any other chaos element or an existing process to counter such elements. For example, try to introduce a bug in the system, and debug it without using a debugger, which is a standard processes when such tools are available. Using a tool is nothing but following a well set process for solving a problem, usually associated with a chaos element. This approach will lead us to the second form of innovation which I would call constrained chaos counter approach.

This post may seem chaotic, confusing and unorganized…but it is intended to be that way… :-)…new insights usually emerge from the least sought after sources, and typically when they are least expected…the idea is to create such conditions…!!!

Wanna write to me @ duvvurusandeep@gmail.com

You can run, you can hide, but you can’t escape it!





We have been celebrating “Innovation” the world over, and speaking volumes on the possible benefits, dangers of ignorance, and more. Businesses, nations, thinkers have been writing and speaking meaningful words of wisdom on the “why” and the “wherefore” of it.


While all of us have been ‘immersed’ in this, we have also tried to align, everything we do to this ‘way of thinking’!


Innovation is ubiquitous- be it introducing new ways to serve our customers (some prefer to call it ‘butlering’), finding novel nuances to ‘engage’ them, or spawning an entirely never-seen-or-heard-before service. Each time we serendipitously bump into something this world has not known before, or purposefully build upon an ingenuous idea, we innovate.


As I welcome any such insightful ideas, sources, stories from all of you, I pick a topic that not many are comfortable discussing. Death, it is.


I remember working on an assignment on ‘funeral services’ as a student- defining the elements of the ‘service’ involved. The idea of ‘repeat customers’ for such services was quite out-of-the-box I thought at that time, only to read in the papers an article titled “Different Jobs”, that there are positions/roles of a ‘funeral director’ who manages such services. While this was an augmentation to what I had learnt during that assignment, what I learnt a few days back was quite a different mix altogether.


Services that let one ‘insure’ her information send ‘last words’ and ‘unspeakable secrets’ to her close friends and family, and more. They come with by-lines that coax you to do what you usually don’t.


Pause, and take a look.


Bridging Mortality and Who would know if something happened to you? are some such sample taglines. Make you ‘think’, even if for just a minute.


They have quite rational services on offer:


- Information insurance
- Last words and secrets
- Passwords: accounts, email, web accounts, and more
- Directions, advice and more
- Send messages to your friends, online acquaintances/friends (much sought after owing to increasing interest levels in FB and the likes! Friends we have not even me.
- Intimation at the time of crisis, eventuality or death


These are “not” legal death notification or will services, mind you. What is interesting about them is that they tap you at the right places. They tap the very ‘need’ of people like us who have found themselves in the midst of an information revolution, only to be boggled by more of technology and evolutionary communication possibilities that hit us at lightning speed. Like traditional insurance sellers they educate us about the ‘need’ and then suggest ways to pre-empt the unforeseen, in what little ways we can.


This to me is intelligent marketing and an innovative way of not only basic information security, but is also an offshoot of the Internet/Information/ICT revolution.


You can run, you can hide, but you can’t escape it!


Feedback@ duvvurusandeep@gmail.com

Eavesdroppers!.. Some Management Fundas !!

We’re hearing Voices.


And no, we haven’t gone crazy.

We’re just listening.

Over recent months, we’ve been listening people talking to each other. We (the Listening team) come to office and eavesdrop on conversations about airlines, cars, cosmetics, drugs, green tea, hotels, and insurance, the IPL, pharmaceuticals, soap operas and water filters.

Oh, and Shilpa Shetty.

Nice job? You bet. And why are clients paying us to do it? Why are businesses across the world increasingly keen to know what people are saying about them, and to understand why they’re saying it?

Because Voices are driving the market.

Word-of-mouth has always been the most powerful influencer - the first-hand experiences of a fellow consumer have a credibility that advertising finds hard to match.

And now that social media has taken over the world, a person doesn’t even need to ask for opinions – chances are that other people have already have posted all the answers he’s looking for. At any time, in any place, he has access to a myriad first-hand experiences and opinions. And these peer opinions shape his decisions…decisions on which phone/car/laptop to buy, which company to join, where to holiday, which hotel to stay at, which movie to watch…

So, by analysing conversations on social media, companies can get amazing insights into The Mind of the Market.

And that’s what IT Companies brand new Listening Solution does. It scans conversations across millions of posts, picks out the relevant comments, makes sense of them using sophisticated Natural Language Processing, sorts the data, extracts sentiment, analyses it, and represents it graphically, so that it’s easy to understand.

And all that is only what the basic automation does. After that, there’s in-depth analysis to get actionable insights. But that’s another story…

Some other time, maybe.

Meanwhile, what do you think - what kind of brands or businesses most need to Listen? Any examples that come to mind? Who could benefit most from understanding what people are saying about their offerings, their advertising, their reputation, and their competition? Do comment

write to me @duvvurusandeep@gmail.com

Inviting business ideas to save our planet

This piece is inclined towards culture, society, science, mathematics and social cause.


Day in and day out we often think about iPhone, Ferrari, Google and so on as the biggest inventions/engineering man has ever made. We consider these as ‘Rocket Sciences’. Of course these are some which disrupted the industry, created new business models. But more often we forget about the problems our society/community faces (or) problems which needs to be solved that could make the world a measurable more livable place for everyone.

Harvard Law school and Duke University professor Vivek Wadhwa who writes in Techcrunch as ‘Guest Author’ and former Intel chairman/CEO Craig Barrett recently debated about tech education on Techcrunch. It’s an interesting readwhich tells why US need more engineers/scientists who graduates from colleges /universities with science, technology, engineering and mathematics degrees.

While Vivek makes a point stating better incentives is needed for American children to study mathematics and science in addition to teaching about world culture, geography and global markets, Craig states to improve Science, Technology, Engineering and Mathematics (STEM) education and K-12 education. Vivek went on to state that we need to create the excitement about science and engineering at the national level and make it worthwhile financially for the people who are graduating with science degrees to solve the problems facing our planet.

My triggering point for this post was a post by Vivek who asks “What’s better: Saving the world or Building (yet) another Facebook App”? In one of the hackathon event in UC Berkeley, students were asked to build applications. After working non-stop for 18 hours, 32 teams showcased various applications they developed which ranges from server side rendering of games to analyzing of twitter streams to building a gaming interface for a neural headset. But none of the team (except one) developed applications which can change the way we live (or) build businesses that do well for the planet. And to make the matters worse the judges awarded the grand prize to one team who developed a polling technology for university classrooms and for conferences.

So what if we challenge the students and the Silicon Valley to build business that do good for the planet. But the problem Vivek tells is that Students and Silicon Valley really don’t know what problems need to be solved and what they can do to solve them. Even VC’s really dont know about that. To justify this if you happen to read the latest Emerging Technology trends report you can know where the investments from Angel investors are going (Social Media, Gaming, and Virtual Worlds as hot upcoming).

What are the challenges which are facing our planet? In 2008, Charles Vest, the president of the National Academy of Engineering brought together a group of prominent deans of engineering schools from around the country to create a list of Grand Challenges that can be solved by engineers, in our lifetime. He believed that engineers will seek ways to put the knowledge they acquired into practice and meet these challenges which will lead to a better quality of life.

Here is the list of 14 grand challenges the deans of engineering schools created. Let me explain each in a shorter format. For detailed study of the challenges you may want to visit the site engineering challenges.

#1 – Make solar energy economical: This challenge discuss the growing importance to use solar energy as day-by-day oil, natural gas and coal becomes extinct. It highlights why solar energy is important and ways with which we can store solar energy, how we can achieve greater efficiency using nanocrystals approach and the costs involved in doing the same.

#2 – Provide energy from fusion: It throws lights on the challenges in generating energy using nuclear reactors and what are the problems which needs to be addressed to make the fusion process efficient, economical and environmental friendly.

#3 - Develop carbon sequestration methods: You may have heard about greenhouse gases, ozone layer, global warming. Co2 emissions are the prime contributor towards global warming which needs to be addressed. One challenge engineers are working is to find smart ways to capture and store excess carbon dioxide to prevent global warming.

#4 - Manage the nitrogen cycle: It’s closely related to the above. We need to find smart ways in waste management, improved fertilization techniques to control excess nitrogen which can cause major problems in rivers and coastal waters.

#5 - Provide access to clean water: While we may use TATA swach, much parts of the world remain isolated from accessing clean water to drink. How do we reduce the cost incurred in desalination of water (i.e. extracting salt from sea water and provide drinking water), recycling of wastewater etc.

#6 - Restore and improve urban infrastructure: It discuss the growing needs to provide better infrastructure through integrated transportation systems, removing the manual work involved in construction industries through advancement in computers and robotics. For example in Hong Kong, several transportation services are linked in a system that allows a single smart card to be used to pay for all the services, including gas and parking.

#7 – Advance health informatics: Electronic Health Records for everyone by 2014 is one of the major reforms Obama administration has laid out in the Healthcare reform for which the bill is passed recently. The present day healthcare facilities are very costly and does not cover all the people especially those who are un-insured. While there are movements like Health 2.0 to address the challenges, there is a lack of sophisticated health information systems. How do we improve health information systems?

#8 -Engineer better medicines: One engineering challenge is developing better systems to rapidly assess a patient’s genetic profile; another is collecting and managing massive amounts of data on individual patients; and yet another is the need to create inexpensive and rapid diagnostic devices such as gene chips and sensors able to detect minute amounts of chemicals in the blood.

#9 - Reverse-engineer the brain: How do you create computers which are capable of emulating human intelligence (i.e. to emulate our brain)?

#10 - Prevent nuclear terror: Challenges include: (1) how to secure the materials; (2) how to detect, especially at a distance; (3) how to render a potential device harmless; (4) emergency response, cleanup, and public communication after a nuclear explosion; and (5) determining who did it. All of these have engineering components; some are purely technical and others are systems challenges.

#11 - Secure cyberspace: As more people turn to internet there is a growing need to protect critical systems like banking, individual identities. Some challenges in these areas is to include by providing better security for data flowing over various routes on the Internet so that the information cannot be diverted, monitored, or altered. Current protocols for directing data traffic on the Internet can be exploited to make messages appear to come from someplace other than their true origin.

#12 - Enhance virtual reality: True virtual reality creates the illusion of actually being in a difference space. It can be used for training, treatment, and communication. Rendering of a virtual human that can purposefully interact with a real person — for example, through speech recognition, the generation of meaningful sentences, facial expression, emotion, skin color and tone, and muscle and joint movements — is still beyond the capabilities of real-time computer graphics and artificial intelligence.

#13 -Advance personalized learning: When we are young we often learn word-by-word (or) using phonics (i.e. read letter by letter to grasp the word). This varies from person to person as learning is personal. But the current systems in place are not helpful for everybody as the ability to learn varies. This challenge is to find ways to develop computing systems in place which can aide personalized learning.

#14 - Engineer the tools of scientific discovery: There are many unanswered questions of nature for which research is going. The problem is availability of tools, instruments, and systems that make it possible to acquire new knowledge about the physical and biological worlds. How do we engineer tools, instruments and systems which can aide in solving unanswered questions of nature?

Any comments??? write to duvvurusandeep@gmail.com

Writing passwords can be helpful sometimes!!

“Do Not write passwords” is a well known sentence for regular computer users.

But writing the passwords can increase the security too.

“The Virtual Keypad with its dynamic keys minimises the risk of malicious codes capturing your keystrokes. Use Virtual Keypad and enjoy the convenience of online banking with complete security.” is a text I found in a famous bank website.

I feel virtual keyboard may not be the correct alternative to secure passwords from key loggers. While searching for the methods to hack virtual keyboards, I found many different ways. I accept that almost every software can be hacked but only the time taken and effort needed matters.

A Keylogger can either be a software or a hardware. Virtual keyboard can secure us from hardware keyloggers. Coming to the software, I can say no. Implementing a keylogger needs a deep technical knowledge as it runs at low level of Operating System. Current anti-virus programs can easily detect those programs. Where as to get the password from a virtual keyboard is comparatively easier as any program can get the screen shots. And the anti-virus will not treat these type of programs as a virus because capturing screen is a common activity.

Keyboard will be shuffled every time when a key is pressed in the virtual keyboard. The time taken to shuffle is very high when compared to the time taken to capture the screen. The image below is the result of the program I wrote to get the password information from the virtual keyboard.

Code snippet “creating an screenshot image related to the mouse position” in Mighty gives the basic idea of the hack.

I have an idea which can work better than the virtual keyboard.
When we copy and paste the text into the password field, keyloggers cannot get the data.
But getting the data from clipboard is very easy(I will come to this point later).

In the proposed login process, we have two password fields one is the traditional password field and the other is the one in which the user need to paste the password(say ’safeLogin password’) from clipboard. We will send the safe login password to the user’s e-mail address so that user can copy from there and paste in the respective password field.

Now this combination is similar to the public & private keys in encryption. The keyloggers cannot know the safeLogin password and the active attacker(may be the persons who share the computer with the user) cannot know the traditional password.

User needs to remember only one password as the other needs to be taken from the e-mail or from the text file.

As we can access the clipboard, when the user opens our website, the script will send some random data with the same length of the safeLogin password to the clipboard in regular intervals. If there is any difference in the clipboard data, then we will store that. When the user tries to paste the safeLogin password, we will take the last password user sent to the clipboard. As we generate the random data, we can differentiate which one is the password and which one is the random data. Where as the attackers cannot recognize which one is the password and which one is not as all are similar and random.

We can make even complex with three safeLogin passwords.

Registration:

• The user requests the bank for the net banking facility.
• Bank sends an e-mail to the user with user id and temporary password.
• User changes the temporary password.
• Bank sends another e-mail with three passwords highlighting one of them.

first e-mail content

user id: abcd
password : #a52@G9$
second e-mail content

safeLogin passwords:

pot^top
sun@west(check this)
kick/dad

Login process

The login screen contains two password blocks. One contains the traditional password field. and the next block contains three safeLogin password fields and three radio buttons corresponding to each password field.

steps user will follow to login:

• types the user-id (abcd) and password(which user selected).
• copies the three safeLogin passwords one by one and pastes in any of the three password fields.
• clicks on the radio button corresponding to the password with (check this) in the e-mail.

How can we say this process safer?

The first password is a secret the user needs to type the password using the keyboard. Attacker can get this password with the help of keylogger.

As the safeLogin passwords are copy-paste, keylogger will not work here. As the programs can read the clipboard data easily, we use three passwords and select one.

Even the program collects all the three passwords, attackers needs to know which one must be selected.

Along with this, we can send random data to the clipboard at equal intervals and this will increase the security further.

Please help me if I am walking in a wrong path. write to me @duvvurusandeep@gmail.com

Web 2.0 - where is the money?

I’m an Entrepreneur in Residence (in action really!). I’m keenly interested in the intersection of technology and business. Looking forward to engaging conversations on themes such as technology adoption, technology monetisation, new business models etc.


Past few weeks have been a lot of fun for me. First we had the ideastorm where the sheer volume and enthu levels were overwhelming. Then we had the barcamp Mumbai 2 where the turnout exceeded all our expectations. And then came the launch of CTO blog. The number of comments on Ananth’s post is amazing. All these goes to show that web 2.0/social is very strong right around us.

This is fun but is there money in it?

Theresa Wise, Global Director at Accenture’s Digital Media practice, certainly thinks otherwise.

“There is no evidence that these sites are monetizeable.”

I find it hard to agree with her given actual data. There is certainly money in Myspace - $ 300 Mil of it. Blogs make money - not all but some do. The best Indian example is that of Amit Agrawal who makes a decent amount of money - all by just blogging. Also, I can post content on Youtube and get a share of the ad revenue. In spite of the ill founded conclusions, she does raise a valid question: Is there any new business model?

Let’s look at this in a more structured manner. Any web 2.0 site has the following constituents:

1. Platform for the interaction: Orkut, facebook, Blogspot, wordpress, youtube, flickr etc

2. An Author - You are an author when you blog or when you upload to youtube, flickr etc

3. Respondent - You consume the content posted by the author and respond via comments

The dominant business model is to produce content, get eye balls and then sell them to advertisers. A simple model that has been around almost as long as newspapers. It has different variants -

1. Platform keeps all the money - Orkut. Orkut decides what Ads come on which page and makes money from it

2. Author keeps all the money - Blogging world has adopted this model

3. Share between Platform and Author - Youtube has this model. Interestingly, in this case, protests from authors led to sharing of revenue.

Obviously the respondent never makes any money. S/he only spends money with the ISP. This is very interesting since the value lies in the discussion itself and not in just getting people together on a site. The repondent is also adding value but getting no reward. It’s platform first and then author. Its a funny situation for web 2.0 which prides on “participation”. I wonder if other business models have any play here.

Here’s an idea. Just the way we have a Digg button against each post on a blog, why not have a “pay” button against each profile on any Web 2.0 profile? If the post or comment helped me, I can press the button and make a micro-payment - say 10 cents - $ 1.00. This wouldn’t have worked in the early days of web 2.0 where getting people on board was more important. But now that there are many on board and the emphasis is on quality, this may just work.

Think this is new? Then think again. Wikipedia raised money for survival through folks who though wikipedia added value. This is just the same as the idea above except that I’m suggesting a payment infrastructure integrated with web 2.0 rather than as an after thought. Not everyone will pay but then not everyone clicks on Ads either. The clickthrough rate is as low as 1%!

What do you guys say? Will this work?

Feedback@ duvvurusandeep@gmail.com

Inculcate a GREEN culture

“GREEN” is the most talked-about topic of discussion these days. Companies are spending hefty amounts to find various ways for reducing their carbon footprints. Governments also are equally concerned about the environmental crisis and are taking all probable steps to reduce the carbon emissions from the industrial sector. However all these brilliant efforts of reducing the carbon footprint are concentrated on Industrial sector completely ignoring the fact that individual contribution towards the CO2 emission is also substantial?


I believe that “Thinking green” and “embracing green” are two completely singular concepts. Today we are taking all possible pains to reduce emissions from the industries which I agree is very important. But have we really embraced a “green way of living”? We all should pause for a while here and think hard on this issue. Is it the case that the moment we step out of our company premises we completely forget about the “Think green” motto?

After all who wouldn’t like to travel in an AC car, sleep comfortably in an AC room, document hard copies for quick reference, light up all the rooms, watch movie in an AC Theater, exercise in an AC gym, etc? Given a choice we all would love to have a relaxed and easy life. We earn so as to be able to afford these luxuries. But have we ever thought about the price that we actually pay to have all these extravagance?

Human being is considered to be the most intelligent of all the species on this planet. But look at what are we doing to our own habitat!!

We are mindlessly using the free resources available to us without giving a second thought about the purpose their use serves us. As an rightly quoted by an anonymous:-

Only after the last tree has been cut down,
only after the last river has been poisoned,
only after the last fish has been caught,
only then we will realize that money cannot be eaten….

It will not be an exaggeration to say that this mass exploitation of our environment is soon going to put all of us in grave danger or should I say that we already are? That time is near when mere existence will be a problem. Dearth of basic resources will spawn various social problems, thus violence.

Only by “embracing green” in our lifestyles can we reduce this senseless misuse of the wealth gifted to us by mother earth. Governments need to take initiatives to encourage the masses for opting greener ways of living.

Reducing Industrial emissions is a mass endeavor which depends on several entities and various factors many of which are totally beyond our scope of control.

But we have complete power on our own choices and thus our carbon emissions. We can contribute in saving the environment by consciously making choices that are “green”.

Like preferring a bicycle over car/bike to go to a nearby place or best, walking over, reducing the use of air conditioners at our homes, pooling for cars, choosing e-paper instead of a hardcopy for any financial transaction etc. This list is endless. I for one have started avoiding the use of vehicles as much as possible. I prefer to walk over to the places that are in and around 3 kms of my house. And encourage my family members to do the same. Initially it was a little painful because we are so much used to the comfort of riding a vehicle that even the saying “where is a will there is a way” also fails. Body simply refuses to cooperate. But gradually the stamina increases. To my surprise walking down to the nearest store was quite a pleasant experience. Not only did I get a break from the fast life of Mumbai but also got enough the time to notice many small things on my way. Like a household garden with varieties of beautiful flowers and veggies which is a rare sight in Mumbai. Earlier I never paid attention to these minute details as speeding vehicle never gives sufficient time to notice anything except maybe for the patches on the road. I have also planted a few trees back at my hometown. My parents take care of them. In Mumbai space is a major constraint to even think of having potted plants.

They say there are three kinds of people:-

“People who learn by observation, and there are the few who learn by experimentation. And then there are those who actually TOUCH the fire to see if it’s really hot.”

In the case of “global warming” none of us would like to actually live in an ecologically imbalanced world and experience the dread and fatality to believe in it. Imagine how difficult it would be to actually survive in scarcity of basic resources like drinking water, food or oxygen to breathe!!!!!

Struggling for basic resources on daily basis is not what any of us will like to do.

So our individual contribution towards having a green planet is what we need to concentrate on at this point of time. Only when we imbibe nature in our lives will we be able to really help in reducing industrial emissions also. “Green” should be a culture and not a mere thought.

All we have to do is make tad bits of changes in our lifestyles leading towards a green society. These ways may initially need conscious efforts but once we start making those they will come to us naturally. Living the “natural way” will become our habit.

As famous English novelist “George Eliot” has said “What do we live for, if it is not to make life less difficult for each other?” Let us all join hands and go the green way. Share how you make intelligent green choices in your daily lives.

Feedback @ duvvurusandeep@gmail.com

My take on - ‘Empowerment through Education'

Since mankind’s incipient stages, the ability to read and write as the primary means of communicating and understanding history, cultural traditions, political and social philosophy and the news of the day has been valued. In more recent times, traditional literacy skills ensured that individuals could participate fully as engaged citizens and functioning adults in society. Today families, schools and all community institutions share the responsibility for preparing young people for living and learning in a global culture that is increasingly connected through multi-media and influenced by powerful images, words and sounds.

On one hand where the elite society is putting education to its best use through sophisticated devices like palmtops and business phones to gain access to the latest information, the underprivileged do not have access to something as basic as books. This is so unfortunate, especially in a country like India where the founding principles of our constitution are democracy, secularism and equality among all. Being citizens of this country, if we are entitled to freedom of speech and expression, freedom of religion etc then why is it that a multitude of us are still deprived of education and below poverty line? Each individual has the right to attain at least a secondary school education if not that of high school. This would benefit not only the individual but also be in the best interest of the country. It would be really heartening to see schools coming up for street children, the illiterate and for women who are denied the right to education.

Education is an essential element of the empowerment of an individual. A good quality education, designed on the basis of an individual’s immediate and strategic needs, builds his/her capacities and prepares him/her to seize opportunities in the public and private domains. Similarly, empowerment through education of underprivileged children would be instrumental in shaping their development as able persons who could put themselves to better use to the society. Since their education would eventually lead to their employment, it would be a better world to live in with the crime rates coming down and other vices like drug abuse, female feticide and child marriage taking a back seat.

It’s a very relieving feeling to see organizations like UNFPA working day and night to go at lengths in undertaking the responsibility of educating the youth. Particularly UNFPA works with ministries of education on teacher sensitization and training and curriculum development. It employs participatory and interactive methodologies, including role-playing and other theatre techniques, exploration of feelings, analysis of gender stereotyping, training in negotiation skills, and question and answer sessions thus, not only imparting information, but also fostering critical thinking, problem-solving and interpersonal communications skills that results in an all round development that leads to informed, responsible and voluntary decisions. This has been successful in enabling young people to challenge harmful gender norms and resist peer pressure. This helps them to navigate safely through the passage to adulthood.

However, it is important to realize that it is not enough to enrol children and women in education and training programmes. It is equally important that the education they receive, at each step, is of high standard in order to ensure appropriate learning outcomes that form the basis of lifelong learning, and provide knowledge, skills and attitudes for an active citizenship. It is on this basis that education leads to personal development and allows one to manage one’s life. Thus, in sync with a prior statement about equality that I made, I would also like to state that there is no quality education without equality. Education must challenge existing power relations and be a basis for attitudinal and behavioral change of both girls and boys, and women and men.

To sum up, education appears to have tremendous scope to enhance poor people’s opportunities. These opportunities are usually translated in the form of access to jobs. Provision of subsidized education could, therefore, be a major source of empowerment of people – especially those belonging to the socially and economically backward segment in a developing country like India. Education is important as it teaches one the right behavior and good manners and equips him with all that one would need to make to realize his dreams and in the long run it is important for the economic growth of the nation. I am a part of the VMS blind school initiative by TCS-Maitree and it is a very fulfilling feeling and it would be very encouraging to see many more individuals contribute towards the society by ‘empowering through education’.

Feedback @ duvvurusandeep@gmail.com

Mobile! More than a device for communication!!

We have had many posts stressing upon the advantages of a mobile, I share some more ideas. Though a few of the ideas which I have written about below currently exist on a piece by piece basis, a complete implementation of these ideas is yet to happen in the markets.


Have you ever thought of an application on your mobile through which you can do banking, access your company e-mails, pay your bills, fix an appointment with your doctor, pay your child’s school/college fees, book your tickets, and more? All these facilities together in a single application on your mobile?

Yes, the day has come! Without the pain of registering on different sites, without much of GPRS charges and with the facility of offline access to your details JAVA ME has made this possible. And the day when you use your mobile as a remote to open and shut doors, swipe it before a reader in a shop to buy a ring for your loved ones, or use it to buy vegetables in vegetable shop, is very near! The day will mark the complete evolution of Golden M-Commerce era with the support of JAVA ME.

What is JAVA ME?

Java Platform, Micro Edition (Java ME) provides a robust, flexible environment for applications running on mobile and other embedded devices—mobile phones, personal digital assistants (PDAs), TV set-top boxes, and printers. Java ME includes flexible user interfaces, robust security, built-in network protocols, and support for networked and offline applications that can be downloaded dynamically.

The Java ME technology is based on three elements;

a configuration provides the most basic set of libraries and virtual machine capabilities for a broad range of devices,

a profile is a set of APIs that support a narrower range of devices, and

an optional package is a set of technology-specific APIs.

Over time the Java ME platform has been divided into two base configurations, one to fit small mobile devices (Connected Limited Device Configuration )and one to be targeted towards more capable mobile devices like smart-phones and set top boxes (Connected Device Configuration). The MIDP specification was defined through the Java Community Process (JCP) by an expert group of more than 50 companies, including leading device manufacturers, wireless carriers, and vendors of mobile software. MIDP 1.0, MIDP 2.0, MIDP 2.1 mobiles are currently available world wide. MIDP 3.0 devices are yet to be released in the market.

Why is JAVA ME world’s popular Development Environment?

Rich User Interface Capabilities: MIDP applications provide the foundation for highly graphical and intuitive applications. The graphical user interface is optimized for the small display size, varied input methods, and other native features of modern mobile devices. MIDP provides intuitive navigation and data entry by taking full advantage of phone keypads, extra buttons such as arrow keys, touch screens, and small QWERTY keyboards. MIDP applications are installed and run locally, can operate in both networked and unconnected modes, and can store and manage persistent local data securely.

Extensive Connectivity: MIDP enables developers to exploit the native data network and messaging capabilities of mobile information devices. It supports leading connectivity standards, including HTTP, HTTPS, datagrams, sockets, server sockets, and serial port. MIDP also supports the Short Message Service and Cell Broadcast Service capabilities of GSM and CDMA networks, through the Wireless Messaging API (WMA) optional package.

Multimedia and Game Functionality: MIDP is ideal for building portable games and multimedia applications. A low-level user-interface API complements the high-level UI API, giving developers greater control of graphics and input when they need it. A game API adds game-specific functionality, such as sprites and tiled layers, which take advantage of devices’ native graphics capabilities. Built-in audio provides support for tones, tone sequences, and WAV files. In addition, developers can use the Mobile Media API (MMAPI) optional package to add video and other rich multimedia content to MIDP applications.

Over-the-Air-Provisioning: A major benefit of MIDP is its capability to deploy and update applications dynamically and securely, over the air.

End-to-End Security: MIDP provides a robust security model that complies with open standards and protects the network, applications, and mobile information devices. HTTPS support enables applications to use existing standards such as SSL and WTLS to send and receive encrypted data.

Challenges in JAVA ME Business Application Development

1.Wide range of mobile models manufactured by different companies with different technologies.

2.Non-compliance of few mobiles to the MIDP standards with few documented bugs related

to the execution of the executables on mobiles.

3.Restriction in JAR size, Runtime memory size, processor speed in the mobile devices.

4.Security of the details stored on the mobile device, details transmitted through the air.

5.Risks in case of mobile being stolen/lost.

6.Not supported commonly in CDMA mobiles.

Ways to overcome the hurdle

1.Applications are to be developed after market analysis of the devices and the kind of API or executables which they can support. Since Symbian leads the World markets, developing applications for Symbian devices can be our first target. Blackberry devices require few changes for the execution of the same application.

2.Security of the details stored/transmitted can be enhanced by usage of customized encryption algorithms.

3.Implementation of TWO factor authentication.(For authentication of the registered user -RBI guideline for Mobile Banking)

4.Securing the application on the mobile with password. So that even in case of theft of the mobile the application cannot be misused.

The other good news is that most of the recent devices released by the manufacturers like Nokia, Sony Ericson have JAVA ME support (unlimited or increased JAR,Memory Heap sizes)and GPRS connectivity which has made JAVA ME available in the hands of every common man.

Also the capability for establishment of the HTTPS connection through JAVA ME applications has made it have a clear edge. JAVA ME based applications can perform equally good to the traditional computer based internet applications

What Next?

The introduction of the Unique Id concept and the existing PAN for every individual have brightened the path for the development of the JAVA ME based Mobile solutions. The Mobile Banking guidelines released by the Central banks (In India RBI has released the guidelines in 2008 and notifications regarding the same in 2009) also has made the path clear for development. A person’s Mobile number, PAN, Unique id can be linked for developing a secure M-Commerce system.

Banking solutions: User can perform the normal enquiries/transactions done through internet banking. User must register his Mobile number for this service. Since funds transfers are covered by the Banking guidelines the activation of the banking services forms the fundamental step for the usage of M-Commerce solutions.

Payment Solutions: Payment based services can replace the concept of credit/debit cards with M-Wallet. JAVA ME devices with bluetooth and NFC API’s can replace the cards and transactions can happen through the NFC API’s in them which will communicate to the access points/readers placed at the shops,hotels,cinema halls. In future devices supporting bio-metric features will be easily available and these transactions can be made more secure with the following factors.

What he knows?(Passwords)

What he has? (Mobile/SIM ,GRID cards, NFC cards)

What he is? (Bio-metric solutions)

Insurance solutions: Insurance based solutions can be provided through which the user can perform the payment of premiums and can register the claims. (IRDA rules if any must be followed)

Mutual fund solutions: Mutual fund based solutions can be developed which can help the user to check the status and also invest in the funds by transfering from his registered bank accounts. The present plan of introducing Super ATMs by SEBI will be a boost to the mutual fund industry and the introduction of such a mobile based solution will help them reach common man in all regions of the country.

Mail: Mails from the server can be synchronized with the mobile application and the contents can be accessed easily.

Ticket booking: Booking of tickets for cinemas,trains,flights can be made easy and the usage will appear similar to the internet based booking.

The guidelines for the mobile based stock trading are expected very soon from the SEBI and development of successful Mobile based trading solution requires the support of JAVA ME for development of the client application running in the mobiles.

JAVA ME also known as J2ME has great potential of developing business solutions for Mobiles.

The success of the application depends on the way how we tackle the hurdles before us.

Facts to be remembered

1.There are 2.7 billion number of mobile users in the world .

2.India ranks second in mobile phone usage to China, with 506 million users as of November 2009.

Rich User Interface Capabilities,Extensive Connectivity,Multimedia Functionality,Over-the-Air-Provisioning,End-to-End Security(capability of establishing SSL connection) have made JAVA ME a brilliant technology for the development of Mobile based business applications. Recognising the importance, popularity of JAVA ME Mobile manufacturers are also launching mobiles with >75% of models supporting JAVA ME.(Approximately mobiles costing >Rs.3000 have JAVA ME supported.)

Friends! please share your views regarding my above write up. Also you are invited to share your thoughts regarding the advancements in M-Commerce.

Human Computation - Could it be the next phase in the evolution of computing?

This post is on another aspect of computing - Human Computation. I will start with presenting two scenarios.


Scenario 1¬¬#

Circa 2110. Technology has crossed all barriers – there are robots, humanoids and complicated but intelligent systems everywhere. We can see nuclear factories and giant machines all around us. There are humans as well but slightly different or I would say “evolved” in their looks – with bulkier bodies and smaller heads. The size of the head has shrunk as it is on the verge of becoming a near-vestigial organ; and the only purpose it serves is to feed inputs, that come from the human senses, to the artificially super-intelligent systems (machines) that take care of everything else that’s going around. Gone too far? Let’s come back to the present.

# It is my vision of the future. It may not be correct and you are free to disagree with me.

Scenario 2

Year 2010. We have a group of people who are really trying their best to develop AI (Artificial Intelligence) in machines – using machine learning, pattern recognition, computer vision, etc. Another group of people, the netizens, are getting addicted to computers and a person (from this group) spends (or I will say mostly wastes) hours doing adrift-surfing and playing on-line games.

So what’s the message hidden in the two scenarios?

Scenario 1: The problem of developing the sense-related aspects in machines is difficult.

Scenario 2: Large amount of time is being spent on aimless internet surfing and on-line games.

So, why not utilize the time spent (in scenario 2) in solving the problems (of scenario 1). In other words, channelize the interest of these surfers/gaming enthusiasts to help in answering some of the issues which are unanswerable using AI based approaches. This is what the idea behind “Human Computation” is. Using human computation, researchers are trying to utilize the human cycles (time spent by humans just like the machine cycles) to answer some of the problems that are hard (I would say near-impossible), as of now, for the computers to solve.

Some uses of Human Computation

1. What’s the purpose of the images (given below) that we often see in popular websites?

Captchas

These are called CAPTCHA. The term CAPTCHA (for Completely Automated Public Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University. These are found in on-line form where it serves the purpose to verify that the entity that is filling the forms is not a computer program but a human. It’s able to do that because computer programs are not able to read the distorted texts presented in the CAPTCHAs like humans.

How are they using human cycles? They are not utilizing any. So, Luis von Ahn and team came up with reCAPTCHA which is a combination of two such visually deformed words. This is used to digitize old text artifacts where normal OCR (Optical Character Recognition) engines fail or are partially successful. In reCAPTCHA, one of the words is a known word which serves the purpose of a CAPTCHA and the second word is a word from the list of unknown words to be digitized. The same unknown word is given to several users and the most common answer is selected to be the digitized word for it. The unknown word estimation uses the human cycles to solve the problem that machines fail to complete.



Recaptcha being used for security check of a site

2. Another interesting example. Games like the ESP game are steps towards creating games that will help in assigning and labeling objects present inside images, which is an impossible task using the best computer vision techniques available today. Another such game is Verbosity that allows users to play and in the process enter facts related to common dictionary words and help to create the semantics around the words. Many such games are available on the site gwap.com.

So, now that we have seen the potential uses, let us see where we are heading.








What the future may hold?

In the “Computing Research that Changed the World” March 2009 symposium, Luis von Ahn claimed that reCAPTCHA was digitizing 35 million words per day and was expecting to complete the digitization of the complete New York Times archive (from the year 1851 to 1980) in a matter of 10-12 months. The ESP game is claimed to have the potential of labeling all the pictures in Google image search in 2 months with only 5000 players playing at a time. We are talking about a huge computational power here.

Now that we see that it is possible to utilize the human computation power to solve the problems that are unsolvable using the latest state of the art computers and systems available to us, what needs to be done? I think it’s very important to create systems with a human-in-the-loop at least till the time we don’t have completely tested AI systems for the purpose. Creative ways of building such games, to solve complex problems utilizing the human cycles, can be seen more in the future with researchers spending time in designing concepts to modify complex problems into interesting activities (not always games). But some people may think this is in a way exploitation of the people who actually indulge in these games or activities. I think it’s not, since the purposes of these games are specified to the players before hand. And anyways the player is in search of an interesting game. So, if not these games then some other game, but some game for sure. People can debate on this topic for long.

So, can we create few such games and include them in platforms like Mindworks? By doing so, we may come up with some interesting ways to solve complex problems while creating activities which will be intellectually challenging to our associates. This way we can “make gain (& game) out of pain”. But I agree that it will require good amount of effort to identify suitable problems and to create innovative approaches to create interesting activities for solving them. You may also say that this can attract/make our employees to play for longer periods. If we can create such alluring games then that’s a big achievement for our creative quotient. And anyways we can keep a time monitoring system and a fixed (daily or weekly) time limit for each player to prevent over-indulgence.

Now that we have discussed a lot about the human computation, I have a question. Can Artificial Intelligence be developed to such a level that it may replace human intelligence? I have my doubts, but I would love to see and if possible make such systems.

For the time being, however smart AI systems we built with whatever sophistication and intelligence, I think human computation has a crucial part to play in them. What do you say? Could it be the next phase in the evolution of computing?

Disruptive innovation - Dare to Dream

Being a mechanical engineer I would like to start my blog on my passionate area - Cars… not about the animation film ‘cars’ by Disney - Pixar studios… but the real cars…


In this year’s Geneva auto show there was lot of attention on India and specially on Ratan TATA ..as nano is planning to enter into Europe with a high end version of the car called Nano Europa…there were lot of hope, hype and suspicion everything on the same place by the western media…..

Even two years before, I bet none would have even thought that there is a segment exists where such a low priced car will be welcomed all over the world and it is even possible to create a car for that price.. but TATA proved it.. and now the whole world is looking this as an example for distruptive innovation*…

At the same time there was display of our sister companies Jaguar and LandRover who are capturing the world on high end cars… ( should I call brother companies?..hmm, I leave it to you ).. One good thing to notice is that, Even amidst these economic situation, the whole automotive industry is looking optimistic that they will see green pastures by 2010 or at the latest early 2011. so they are betting their bets on right products which could sweep the market while it opens up…

Let me come back to nano… how does it fit in europe condition?.. there were lot of comments about that.. but my honest opinion is that, it is an ideal product for europe customers now.. being spent last few years in Europe, I would say that nano is getting well placed for the city drive segment.. people own volvo, saab, bmw etc for their long drives.. but inside the city, everyone is bugged by traffic, car parking issues.. mostly they park their car in some car parking areas and use the local transport to go around the city… think about someone who is working in the city? … he prefers bicycle now :)..

Daimler’s smart car has been a relief for city drivers for its size and similarly Suzuki’s swift has been popular in denmark… so nano is set to break in to this segment… even if it is priced 5000 euros, it is a good car for the city lovers… can TATA make it green nano.. it will be a hotcake for all over the western world.. the point to make here is, have anyone thought about this possibility two years before when TATA announced the ’nano’ release date?.. the answer is no.. but now no one stop thinking about it.. thats disruptive innovation*.. where the whole market has been shaken by an innovative product which changes the rules of the game.. because those 200 engineers have put their passion into this.. and have been asked not to limit their imagination…

I am not sure how many of us knows about this quote - ‘Cars - four wheeled laptops’ this has been shared by one of my customers to me.. you would agree with him if you see the developments in this space.. there are two areas which are more prominent now on cars.. one on fuel efficiency, green etc.. another one on electronic contents in a car.. the whole world is spending money in developing systems to enable the driver or the owner to enter into a car automatically, waking up a driver if he is dizzy or not in a condition to drive, drunken driver alert, collision avoidance, driving through narrow streets automatically, etc.. it might be a surprise for few of you that in TCS we do design some of these futuristic products, systems for our customers.. Our engineers from EIS Automotive embedded systems team in pune and bangalore would love to talk about them…. Can we say they are part of sustaining innovation* for Automotive industry? .. I strongly say ’yes’…

Think of a scenario where the car door automatically opens when you are near the car, asks for an address to go and take you there without any driver.. it recognizes your voice, navigates through GPS, finds the location and takes the best possible traffic route and takes you there at the exact time when you want.. if you are hungry on the way, it can drop you in the restaurant on the way… sounds like a futuristic car in next james bond movie? Dont be surprised if you see such a car in 2015 Geneva auto show .. Will it be possible to have it next to TCS billboard ?……..

*please refer http://en.wikipedia.org/wiki/Disruptive_technology for definitions and more details

Courtesy: TCS Portal

Is IPTV Doomed to Fail?

IPTV (Interactive TV) has been a buzz word for the past 10 years or so. The total no of IPTV subscribers hover around the 20 Million mark at the end of 2008. France has 6 Million subscribers which is more than a quarter of the world’s IPTV subscriber base. U.S has 3million subs, while China accounts for 2 million. India probably has no more than 30,000 subscribers (estimate by author).

So why hasn’t IPTV taken off especially in India. The challenges faced by IPTV operators (Telcos) are many: Acquisition of content, Quality of Service , Network capacity and last mile access to the home. The IP backbone, video headend, set top boxes and access networks required for IPTV are greenfield deployments and an expensive proposition. Moreover, advertisers are not willing to advertise on a medium which reaches fewer subscribers. IPTV can reach the home via any broadband pipe, ADSL line, cable, fibre or even satellite broadband. IPTV is heavily dependant on broadband penetration and unless broadband permeates in our rural areas IPTV will not mature.

However, there is hope. In Indian rural areas satellite TV (DTH) was once the preferred choice but to compete cable operators have crisscrossed cable to small villages and offer 70 odd tailored TV channels for a small fee affordable by the rural masses. Now with the release of DOCSIS 3.0 specs cable operators worldwide are upgrading their cable networks to this standard to compete against fibre deployments by Telcos. The DOCSIS 3.0 specification will enable new features and benefits for the Cable industry. Data downstream speed of 150 Mbps has been demonstrated. It’s just a matter of time before the cable operators in India upgrade their plant to DOCSIS3.0, especially in the rural areas and make their cable plants ready for handling both upstream and downstream capability.

Probably BSNL has also recognised this threat from cable operators. BSNL is planning IPTV services in rural A.P. and subsidising the cost of the Set Top Box. The plan is to use the STB as a micro computer so subscribers in rural India can use their TV for email and internet browsing. The time is near when Cable operators, Telcos will compete for the entertainment segment based on interactivity benefitting the common man. The DTH operators will have to rethink their strategy.

Feedback@ duvvurusandeep@gmail.com

Media Process Outsourcing

There has been a noticeable change in the field of entertainment media. Improved connectivity coupled with the availability of high-speed Internet access has formed a business strategy that has sparked off publisher’s interest. Increased broad brand penetration is serving as a gateway to effective content delivery. There is a continuing movement from the existing analog service towards Digital TV, IPTV, Digital terrestrial television (DTT) etc.



Are we heading for an evolution in entertainment media?


It seems so; at present with the host of value added services such as on demand entertainment, online gaming the broadcasters are armed with a wealth of content availability. This evolution snowballed into content management area with the advent of efficient media asset management systems. Now broadcasters like BBC, CNN etc attain greater efficiencies by eliminating multiple copies of unnecessary content assets. These developments lend themselves to a viable outsourcing opportunity.


The other area of attraction for media outsourcing lies in digital program insertion (DPI) and addressable advertising. DPI enables broadcasters to push forward relevant advertising based on user demographics and behavioral patterns. To cater this new demand of behavioral targeting broadcasters need to bank upon the capability of media outsourcing companies. It seems to be a time where more action is just waiting to happen in entertainment media.


Is Media outsourcing a serious business to care about or just another buzz?


A few examples of understated plays from technology companies seems to be very interesting.. Microsoft leading the way through inorganic route has acquired Israel start up company YaData to exclusively focus on behavioral targeting. In fact through successive strategic implementation Microsoft has made significant in roads to advanced analytics for the online media. It has sophisticated methods like Engagement mapping to manage and measure online ad campaigns. Apple on the other hand has launched Final Cut server to place itself firmly in media asset management.


Beyond technology companies the traditional media agencies like WPP, Publicis group etc. are leaving no stone unturned in their quest to unlock maximum value. WPP has set up an offshore production arm on a shared basis to build web assets at a lower cost for their global ad network. The new arm named as WPP Deliver will operate across Asia, Eastern Europe, Latin America and South Africa respectively. In similar lines Publicis group has set up Prodigious worldwide. To cut the long story short we can safely infer from the actions of these big boys that Media outsourcing is indeed a serious business.


The (ever) growing world of SMO and SEO…


Social media outsourcing (SMO) is currently catching up in trend with more and more companies showing inclination towards getting it outsourced. The various outsourcing avenues being actively looked upon in of this area are;


• Content
• Site Building
• Social Bookmarking & Networking
• RSS Feeds and Videos


Search Engine Optimization (SEO) is a way of increasing page rank of the particular website in the organic search results. Various companies in Asia offer this service and they claim to save around 35% of the present cost compared to what the companies doing it on their own.


BPO, KPO – Is it now time for Media Process Outsourcing?


Some of the major advertisers already set the ball rolling in the outsourcing space. The story begins from India with the decision of Lenovo to outsource its entire global advertising portfolio to O&M a WPP group company. Named as Lenovo hub O&M will handle Account planning, servicing and creative work from its Bangalore branch. The other big brands actively trying to integrate and outsource their ad accounts are Visa, Dell, Lenovo, HP and many more to follow.


Hewlett-Packard is actively considering the agency consolidation process for all its advertising, direct marketing, search-engine marketing and interactive campaign needs. Dell entangled in traditional agency relationship has decided to consolidate and create one multi disciplinary agency named Da Vinci in association with WPP. It has also decided to co invest $4.5bn towards the development of advanced analytics tool. As per adweek Visa is looking at its current global agency partnership model with a dozen of companies. They want to consolidate it to an one stop shop which will ensure a better creative synergy combined with cost efficiency.


Looking at these recent happenings in the world of media certainly we can not remain a silent spectator any more.

Keep posting any new details in my comments and do provide feedback @ duvvurusandeep@gmail.com

The web of deception

Just before we start with the post, I would like to tell some statistics (estimates)



• Number of known computer viruses - More than 11,22,000 (update from BBC news)

• Number of spam emails sent - More than 100 billion per day

• Number of websites defaced in an year - 4, 80,905 (reported to zone-h in 2007)



Major services with known security bugs in 2007



• Hotmail/Windows Live Mail

• Yahoo Mail

• Facebook

• Gmail

• Orkut

• Rediff



If you’ve noticed, I’ve named almost all the major web sites you’ve been using in your day to day life. Well, the stats and facts make it obvious that most of the services are not very secure and they’ve had atleast one security bug last year. By the way, thats not the topic of the post. At the end of they day, they are just some websites providing some service and in word word they are nothing but “software”. There is a famous quote among security enthusiasts - Software can be patched but “No patches for human stupidity”.



This post is about us, humans. The major ’silly’ mistakes we do and the minor ‘cares’ we don’t take while surfing internet which can turn out us from ‘computer users’ to security incident ‘victims’. This post is about a list of “ToDos” and “!ToDos” while surfing internet. I might miss some important points or mis-interpret some points, so since this is a blog, please feel free to update/correct me when you find errors or some important points I may have missed.



Here we go. By the way, some of them are very silly. You might think that you very rarely do some of the items on this list. Yeah, you are right, but “rarely” != 0% and you ‘might’ get hacked even if you do it ‘just’ once.



1. “Remember me” option while using public Computers



Well, believe me. This is one mistake which is done by most of us. We use public computers at



• Libraries

• Cybercafes/Browsing Centres

• Computers at other’s homes


and login to our emails check them and when we are leaving in a hurry, we forget to logout and just close the browser. Closing browser might work with our Ultimatix but, it wont logout you out of your Yahoo Mail/Gmail when you’ve checked “Remember me” option. All of you who have used public computers might have seen others logging in and leaving it without logging out atleast once in your life. Well, it might not happen a lot with Webmails, but certainly happens a lot with Instant Messengers (as they will remember the password even if you logout and exit)



2. Not clearing the history/cookies/remembered passwords before leaving the public computer



This mistake is similar to the above mistake. All the major browsers have an option of remembering username/passwords when you login to a website. And, yeah, most of us have habit of pressing ‘Yes/No’ to the questions the browser ask. If you are not in a hurry, well, you might read and press no to remember the password. But when you are in a hurry, you ‘might’ press Yes and in that case, your browser will remember the passwords. And if you don’t clear them, a ‘bad guy’ can extract them without any difficulty.



3. Using outdated browser software



Using an outdated browser or browser plugins can get you in trouble more easily than any thing else. It can get you ‘free’ malware, spyware, viruses on your machine as well, can get you hacked. When I tell outdated browser, it can be so called “most used browser” Internet Explorer or so called “most secure browser” firefox or so even called “World’s best browser” Safari.



Trivia: In the latest Pwn To Own contest, A macbook air was owned/hacked was hacked within 2 minutes using a bug within its default web browser, Safari 3.1. And Microsoft Vista was owned by using a bug in the Adobe Flash player plugin. The only laptop remained un-hacked was the laptop running Ubuntu Linux 7.10. If you see, the so called world’s best OS was hacked because of its browser and ahem, Vista was hacked because of a bug in the plugin used by its default browser.



4. Clicking links on emails and opening any/all attachments



You would be a getting a lot of emails every day. And a lot of emails might have attachments. By clicking on links from unknown people, you might be doing a mistake like - confirming a spammer that your email is active. Let me explain this in simple words, if the link you clicking is - http://spammer.domain.com?email=karteek.e@tcs.com you are doing nothing but going to his web application and confirming that the email is active and been used. Well, links wont be so obvious in your mails, so avoid clicking on links in emails from unknown. And also, don’t try to opt out of mailing lists you’ve never signed in, which is same as above trick used by spammers. This is a standard trick to confirm email addresses for spamming purposes and also a potential phishing threat.



And, about opening any/all attachments. If you remember love bug, it was a VBScript which use to come from only “known” and “trusted” people and use to infect only people in your address book. It caused a damage about 5.5 billion $. The Pentagon, CIA, British Parliament and large corporations had to shut down their email systems to get rid of the worm. I guess, you don’t need more explanation why NOT to open any/all attachments without thinking. Ofcourse, you can open your attachments after a virus scan. When opening office documents, its always better to disable macros from untrusted sources.



5. Not using ANTI VIRUS !!! or Anti Spy-wares, Firewalls



Well, I know. This is the most silly tip one can give to the best of breed software engineers. This is a tip based on my experience. I’ve seen that most of my friends have anti-virus installed on their machines BUT - they are either disabled because, they make to many nagging questions or they are just outdated because these people are too lazy to upgrade the virus definitions. Seriously, what is the use of an anti-virus software installed on the computer but disabled or running with virus definitions which are an year old ?



And No. Antivirus need not be able to remove all the spy-wares. Spywares can be more dangerous than viruses when it comes to your security. Spywares can send your information to web periodically. And the information can vary from applications you use to all the websites you visited, login credentials at those websites and even EVERY KEY you’ve pressed while using the infected computer. So, install a good anti spy-ware app too.



And do remember, cybercafes can be dangerous not just with viruses, but with keyloggers. The admin guys in cybercafes can install keyloggers on those machines and spy on their customers. So, access internet at only trusted cybercafes and avoid banking there ;).



And, the inbuilt firewall of your OS is not sufficient. The firewall which comes with your OS might be one-way (which will guard you only from incoming attacks) and need not be two-way (which will guard you from incoming attacks and save you from spywares sending valuable information to web). And, best of the breed Anti-virus, Anti Spyware and Firewalls are available for free to home-users. And there is even better option to avoid viruses, and it is called Linux



6. Not applying security patches



Just like, an outdated anti-virus not able to detect all the new viruses, all the software with security holes cannot be secure. So, keep a track of all the software you use and their security issues. Easiest solution could be, just ensure that you are running the latest stable versions of all the software you are using. And give some special interests on all of the softwares which are in beta as they are more prone to security vulnerabilities.



7. Using simple passwords



Almost all the services you use online require the usage of username and password. Believe it, most of the servers hacked are not because they are insecure, but because they’ve used default passwords or easy-to-guess password. I’m sure that atleast some of us must be using the default password for the webmail, well, if not default, it might be their date of birth, or might be their mother’s name or girl friend’s name, or even dog’s name or atleast a dictionary word in English or French or some language. Using an easily guessable password is as big mistake as using a dictionary word as password or a default password. So, one has to understand that, password should be complex and should contain Alphanumeric characters as well as symbols.



Trivia: The most commonly used password is “password” (Yeah! the word password)By the way, when choosing a complex password, don’t chose something so complex that even you can’t remember it. Well, I will tell you one of my passwords which I used around 5 years ago. Its complex, hard to brute-force and yet simple to remember. th!S!SmYp4ssw0rD. This password is big (16 characters), it contains alphanumeric characters as well as symbols. And remember this was simple. All words end in Capital letter, all ‘i’s are made into ‘!’ and ‘a’s are made into ‘4′ and ‘o’s are made into ‘0′. Don’t try to login to my webmail/ultimatix using this password its different now. By the way, Tata@1234 is NOT an example for good password even though it contains Alphanumeric as well as special characters. Its an obvious guess within company



8. Giving passwords to third party sites



Giving your primary email’s username and password to thirdparty websites just to invite your friends there or even enable you to chat with them. Yeah, the third party site claims that its not going to remember username and password, but it will just use it to get your address book and invite them here. Well, no matter what they claim, don’t trust such applications. If its a good service, there will be an option of uploading your address book or email list manually (say, linked in), there its always good to upload your address book rather than giving it your password.



Well, these are the silly things one ‘might’ do while using internet. By doing these, you are ‘letting’ someone hack you. But, what should you do if someone wants to hack you ? Ever heard about ‘Identity Theft’ ? What happens with XSS ? What about XSRF ? How does an MITM attack happen ? So here is a (non-exhaustive) list of hacker methods that I think you ought to know about and understand



1. Identity Theft



A bad guy can use your name to



• buy goods and services

• live with your name

• take a credit card on your name and use it and etc.,



Well, all of these really sound scary and when you are not careful online, you can actually become a victim of Identity theft. Let me tell you an example of identity theft. One girl ‘A’ uses the service orkut which is quite famous among youngsters (and now, us cyber folks too) One day the bad guy ‘B’ hacked her account and changed her password. The girl had no clue what happened with her password but, later she came to know that her male friends are getting indecent scraps from her id. All the communities she owned were deleted by someone. Then, the nightmare started for that girl when she saw that her Picasa web albums were made public and links to them were posted in some other communities. All her female friends blamed her for keeping their photos in her web album. All, her online image was spoiled by the bad guy ‘B’ by just hacking her password. By the way, this is real life incident and the nightmare turned out to be a happy ending when she lodged a complaint at cyber crime cell and they got her account blocked for ever.



All the time, she had one doubt, who hacked her account ? And how was it hacked ? Even I don’t know how it was hacked, but I can assure that by the end of this post, you would be knowing how to avoid this awkward situation of losing identity.



2. Phishing



According to Wikipedia, Phishing is “An attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication”. Well, its a simple definition one can understand, even then, I will explain you in simpler example.



There is a good friend of mine ‘S’, who is a facebook user. Once, he was chatting in an IRC (Internet Relay Chat) and one of the guys in the room gave him a URL telling him that it got links to loads of facebook apps. My friend clicked on it and it redirected him to a facebook login page and he logged in and he saw some links there. After a while, the guy who gave him the URL messaged him the exact password. My friend was shocked and later he came to know that he just entered his details on a fake login page. Just, its lucky that the attacker wasn’t a bad guy but just wanted to play a prank on him.



Don’t try the URL. Told you already, its fake. If you see the url, its not the Google’s URL. And don’t sign in to any IP using username and password of some website. Most probably it will be fake. And, there is one more thing you need to take care about - Server Identity. Yeah, almost all major websites use signed certificates to ensure their identity. If you get an error from browser that certificate is invalid, DO NOT do what you do regularly and hit yes, check the identity twice, if needed, open the web site manually rather than clicking on the given URL. Sadly, we are so much used to hit yes because of Ultimatix’ invalid certificate



3. MITM



Man In the Middle Attack. Everything is in the name itself. There will be an attack. And there will be a ‘bad’ Man in middle who is performing the attack. In this attack, the attacker intercepts the communication between the Victim and the server and acts as a proxy and thus enabled to read, insert and modify the data in the intercepted communication.



The attacker can not only read the usernames and passwords but also can completely change the information which server has sent to the victim. In short words, taking net-banking as example, the attacker can hack victim’s username and password, clear his balance and can even show that bank balance is full whenever the victim logs in. He can make sure that victim will never get a doubt till he finds out the fact from some other service.



Here also, the day can be saved by certificates. Server certificate can not only have identification information but also the encryption/decryption keys. In this case, attacker will be left with no other alternative than giving a fake-certificate to the victim, which will be alerted by the browser on victim’s computer. If victim is in a hurry and presses Yes as he presses yes for Ultimatix, he will be big trouble. The saved day by certificate will be spoiled again by the victim’s stupidity. And, about un-encrypted traffic, user can never find out whether its being intercepted or not. So, its always safe to avoid logging in to websites without SSL when on a proxy. By the way, Proxy is nothing but an example for having a Man in the middle, but a good proxy wont intercept data and hence its not an attack.



Here, there is a small advantage that attacker has to change the proxy settings on the victim’s browser in order to hack him. But, there is more evil version of MITM attack and it is called ARP spoofing or ARP poisoning or ARP Routing. In this method, all hacker attacks at level of MAC addresses and IPs and its not every easy to do this as most of the hardware vendors like Cisco etc., have implemented methods to detect and stop it.



4. XSS



Cross Site Scripting is the hottest tool for hackers to hack in this generation of Web 2.0 and Ajax rich applications. Here, the victim is really innocent and the programmer of the web application is the real culprit. There is a rule followed by all the browsers. Same origin policy, which ensures that script loaded from origin CANNOT get or set properties of a document from different origin. Here in this method, the hacker by passes the Same origin policy and will be able to do powerful phishing attacks on the user.



Let me explain this in simple terms. Let http://gooddomain.com/script.js and http://evildomain.com/evil.js be two scripts. Here, script.js can access all the properties of documents originating from gooddomain.com, but evil.js cannot access them because of Same Origin Policy. But, when evil.js is loaded from gooddomain.com.



I’m sure that you want to know how can evil.js be loaded from gooddomain.com. Well, if we consider orkut application as an example. There, one can scrap each other. Scrapping is nothing but, sending some text information, which will be shown to the user when he signs in again. If the text is “Hello buddy”, its fine. But, what if the text is “ ” ? The victim browser will simply get the script and make run it. Typically, a good programmer would sanitize the text and make > and < as & gt; and & lt; which will stop browser from thinking that its a referenced javascript. But, when the programmer doesn’t sanitize, the application is said to have XSS vulnerability. Which means, that evil.js is up and running. And it can access all the properties like cookies (which include sessions) etc or atleast do something “Phishy”. Well, when evil.js itself is inserted, only Phishing can be done (as Same origin policy will be enforced and evil.js is not from gooddomain), where as when the content of evil.js can be inserted, Cookies can be stolent. Uhmm, yeah, you heard it correct. Cookies/Sessions. They are the reason for your credentials on the site. Which means, by stealing you cookies, the hacker can steal your credentials on the site.



Now, the doubt is “how can he steal my credentials ?”, yeah, coming to that, whenever an input is given to the web application, the application should sanitize the input (remove all the dangerous vectors) and give the output back to the browser. But, sometimes, programmer might miss the sanitizing part and end up in making the application vulnerable to XSS and thus creating all the troubles to the users. If you see the above screenshot, its an example where (say, contents of evil.js) are inserted and the hacker can access the cookie details.



Trivia: If you remember the great chaos of Orkut communities getting stolen in 2006, it was because of the XSS vulnerability in orkut. There, the hackers use to steal the sessions of the community owners and the make themselves owners of the communities. XSS is quite common and dangerous. There were XSSes in Google, Microsoft, Yahoo, Rediff and even on TCS.com. Well, of course, they all are fixed now.



Well, you can avoid XSS almost all the time by using Firefox + NoScript addon for it. This combination is considered as the best when it comes to security. Let me know if any of you IE fanboys know a method to make IE more secure than this combination.



5. XSRF



XSRF or CSRF is Cross Site Request Forgery is nearer cousin of XSS. This is also out come of mistakes by the web-programmer. This is not a very famous method of exploiting websites but, is certainly good enough to reach tops when a vulnerable web application is found. Its a sleeping giant when it comes to web application vulnerabilities. Here, the hacker transmits unauthorized commands from user’s browser the vulnerable website.



An example can make you understand easily. Lets consider a website on to which the victim is logged on. And lets assume that the website is gambling website. If, the gambling website has an option of transferring credits from one user to another user when requested, and let the request be a page




When the victim opens that page, victim’s browser will try to get the src of the image (thinking that its really an image) and thus requesting the gambling-site to transfer 10000 points from Victim’s account to the hacker. The gambling-site will accept the request as the request is already logged in, and it got his credentials from the browser.Well, most of the XSRF’s can be avoided when the application designer uses CAPTCHA. Its always better not to open some untrusted sites when doing important transactions over web.



6. Copy-paste-Javascript and Hit Return key and Untrusted Greasemonkey scripts



These days, I see that many of my friends on orkut, are sending scraps to everyone using some Javascript. Well, it can be a good javascript too, and the same time, it can be malicious one too. Well, you might have seen in some communities that copy paste this javascript onto URL bar, and press enter key to increase your cool/hot stats or which will reveal who has crushes on you. Well, they all are malicious. Javascript is a simple client side browser language, but it has one big thing in its hand on the browser. It can access your session/cookie information too, and it can send them to hacker too. So, when you see some script that your friend asked you to copy on to your URL and hit enter key, its better to read it, if you can’t understand what it does, its better not to execute it.Same is the case with Greasemonkey scripts. Some of the advanced users here, would be using Firefox and Greasemonkey combination here. Greasemonkey is a great addon available and it will add some great features for the browser. But, at the end of the day one has to remember that Greasemonkey is nothing but Javascript. And its executed by the browser on the given website. As it is javascript it can absolutely access your session variables and send them to hacker. By the way, folks who used the good old Webmail Greasemonkey script, If you’ve read the code, I’m saving all your passwords ! Just kidding, don’t worry, I’m not an evil hacker, just a security enthusiast.



Hope these tips help your online presence safer. A closing quote for long blog post - “The only secure computer is one that’s unplugged, locked in a safe, and buried 20 feet under the ground in a secret location… and I’m not even too sure about that one” by Dennis Huges.



This is a never ending search and Keep posting any new details in my comments and do provide feedback @ duvvurusandeep@gmail.com