Purpose of Life

I am writing my blog for the 1st time in 2022. After more than an year. I have been thinking to write some but sometimes I am short on time and other times, short on thoughts. Work and life kept me busier than ever these last few months.

But today is a perfectly balanced day it seems – I have sometime to reflect and I happen to come across something on my timeline that made me want to share mine as well as the borrowed thoughts from the post.

So, I came across Ravi Venkatesan‘s tribute to Ms. Ela Bhatt, as she passed away. Ela founded SEWA Bharat and as righty pointed out by Ravi – she was a natural force, where we see the impact not the force. Ravi is a force himself and one of the leaders I look up to and aspire to imbibe his qualities.

You can read his post here.

What caught my attention was the following paragraph, said by the Late Prof. Jim March of Stanford :

“In the end, you know, we are very minor blips in a cosmic story. Aspirations for importance or significance are the illusions of the ignorant. All our hopes are minor, except to us; but some things matter because we choose to make them matter. What might make a difference to us, I think, is whether in our tiny roles, in our brief time, we inhabit life gently and add more beauty than ugliness.”

There is no doubt Ms. Ela left the world a more beautiful place than she found it. And I wonder how she would have chosen her purpose – what drove her to THE decision of building SEWA Bharat or what would have been her chain of actions that led her to this noble purpose. The impact of her purpose is significant and visible.

And Professor Jim’s statement made me think, this may be the north star we need to follow – are we working towards making the world a better place and in a gentle way. In a way which spreads kindness, generosity and builds abundance.

The more I read the post and the paragraph, the more it felt that the idea behind the thought seemed familiar. And then I looked up what Gandhiji had to say about purpose.

To a friend, who was in doubts about how to decide the right action, Gandhiji wrote a letter. The letter was mislaid, but on a later occasion the words were recalled to memory and transcribed. The following is believed to be the text of the letter:

“I will give you a talisman. Whenever you are in doubt, or when the self becomes too much with you, try the following expedient:

“Recall the face of the poorest and the most helpless man whom you may have seen and ask yourself, if the step you contemplate is going to be of any use to him. Will he be able to gain anything by it? Will it restore him to a control over his own life and destiny? In other words, will it lead to Swaraj or self-rule for the hungry and also spiritually starved millions of our countrymen?

“Then you will find your doubts and yourself melting away.”

Every time when I look at my decision of adding further to my work in tech, by expanding my horizons and pursuing Sustainability, I have felt content – not because of our impact, which is not so significant yet – but because my purpose aligns with the idea of making the world a better place. I get asked a lot on why I chose to work on the SDGs so heavily and each time I answer them with all sincerity : The SDGs chose me. I did not choose them.

As Akiroq Brost rightly said — ‘You don’t choose your purpose, it chooses you.’

And I believe – someday our purpose at Fandoro will move the needle. Someday there will be a world aligned with our vision – a world where every business will be planet positive. Where society will take away the social license to operate from such businesses which may/may not be commercial success but are sickening for the planet and its inhabitants. Where it will not be limited to handful of folks to decide which businesses should grow. Where the entrepreneurs and investors pledge to be responsible at every step.

Here is me closing this blog with big cheers to our purpose in life- may your purpose choose you too, may we all feel content in the end, that we mattered while we lived and that our purpose has a chance to outlive us.

Act, while you still can!

With too many things going on in life one is constantly forced to prioritize. And the best story that I can think of, about priorities in life is “The jar of life — Rocks, Pebbles, and Sand” story. Many of us must have read it. If you have not, here is a quick refresher.

The original story

A philosophy professor once stood before his class with a large empty jar. He filled the jar with large rocks and asked his students if the jar was full.

The students said that yes, the jar was full.

He then added small pebbles to the jar and asked again, “Is the jar full now?”

The students agreed that the jar was indeed full.

The professor then poured sand into the jar and asked again.

The students then agreed that the jar was finally full.

The professor went on to explain that the jar signifies one’s life.

The rocks are equivalent to the most important things in your life, such as family, health, and relationships. And if the pebbles and the sand were lost, the jar would still be full and your life would still have a meaning.

The pebbles represent the other things that matter in your life, such as your work, school, and house. These things often come and go, and are not permanent or essential to your overall well-being.

And finally, the sand represents the remaining small stuff and material possessions in your life. These things don’t mean much to your life as a whole and are likely only done to waste time or get small tasks accomplished.

The metaphor here is that if you start with putting sand into the jar, you will not have room for rocks or pebbles. This holds true for the things you let into your life too.

If you spend all of your time on the small and insignificant things, you will run out of room for the things that are actually important. So in order to have a more effective life, you should prioritize important things in your life and then worry about pebbles and sand at a later time. (Story referenced from : https://medium.com/@adityakothadiya/another-side-of-the-rocks-pebbles-and-sand-story-9e26a6cc0af)

The twist in the story

While I am in full agreement of the story, few experiences of my life made me realize that there is a twist to the story. When I first read the story, I realized the importance of prioritizing the big rocks in life. But since I am at a stage in my life where I have already filled my jar atleast half or maybe more. I can look back and check if I filled them with rocks or sand.

And frankly speaking everyone can do so. A quick review – whether we have our priorities right? If we have filled the jar so far with sand, then maybe we stop doing that and here onwards, start filling the jar with the big rocks that should have been our key priorities from the start. Simple, isn’t it? Actually not.

It is not simple because when we imagine this story, we keep all the big rocks, pebbles and sand – constant with time in our private boundaries. We forget we live in public domain and we can’t control everything. What we don’t imagine is – that as time passes on, maybe few of the big rocks are no more available for us to fill in our jar. Maybe someone else filled their jars with the big rocks and pebbles that you overlooked.

In Seths.blog , there is a piece that says – “Perfect or we’re not going”. It states this escapism mentality very clearly. More than procrastinating it is the lack of clarity in mind on the decision. Or as he says – people say they want a decision to be taken in the most perfect way -only to cover their inaction. It is a way for inaction without saying no explicitly. So, when I have people telling me that they are looking for the best way to take action – specially over long duration of time – I stay interested in seeing how perfect they make the action when they do take it.

It has happened with me multiple times. I have on occasions not acted urgently to do what I really wanted to. Finding the perfect moment and the “right” way to do it is easy excuse I give myself. I have postponed interviewing people I valued most, who are no more. I have not thanked my uncle (my father’s eldest brother) for dedicating his life in building us up. He is no more. There are things I realize I never did with my kids, when they were younger and I really wanted to. I was busy attending something or someone that seemed more important back then. Now my children are teenagers. I can still attend to those items at work or other people. But I cannot go back and live those moments with my children.

And on this day – I have 3 choices. One is – Cry over spilled milk and be angry with myself and the world for all the sand I filled in my jar without focusing on the big rocks and pebbles. Another is – Continue to think I will do all I want someday and continue to wait to fill my jar with the big rocks and pebbles because the perfect way has not yet been planned. The most productive way forward would be – forgive myself for the overlook. Take charge. Re-look at my priorities. And start acting on them without delay. Pick up the big rocks and pebbles quickly and fill them in my jar and the sand can continue to be filled in. But atleast the right things got their place, first – and easily.

You can do so too – Just blatantly stop living the “confused and lost” way. Without any explanations to anyone. It is your right to do what is urgent to you in the one life you have. Pick your big rocks before they fill someone else’s jar and/ or you lose them forever.

Act, while you still can.

#YoIndiaSoSustainable

Day before yesterday (on 18th Aug), I accidentally came across a trending hashtag – #YoKamalaSoIndian  – maybe because I am an Indian or maybe because I followed the lady a day before. The debate is on whether she relates herself as an Indian or Hindu or a Black woman. Frankly, it matters less to me – what she relates herself as – that I believe is her personal choice. Clearly, she is a proud American by citizenship for sure.

But Ms. Kamala’s story is less intriguing to me – than that of her mother – Ms. Shyamala Gopalan. Born in a pre-independence era – An Indian woman – studies science (Ph.D) and becomes a biologist. At a young age of 19 – goes alone to the US in the later 1950s and joins Black Civil rights movement much before she met her soon to be husband- Mr. Donald J Harris. She fought for Black people rights, when she wasn’t one. And her nation had just come out of 360 degrees draining clutches of British. And today her ashes are floating in the Indian Ocean – close to Chennai – her homeland.

A lot to learn from a woman who dedicated her life in isolating and characterizing the progesterone receptor gene that stimulated advances in breast biology and cancer. And who in her death – requests that donations be made to the organization Breast Cancer Action in lieu of flowers sent on her funeral.

However, the purpose of the blog is not Ms. Kamala Harris or her much respect mother. It is the tweets that people put out there – mentioning all the Indian habits under the trending hashtag #YoKamalaSoIndian.

The reason I am forced to write a blog on this is because while the world found lot of these tweets amusing and most of them have been written with a good sense of humor – I found many of them very interesting and very insightful – giving insights into a lot of funny truths, truths that Indians should be proud of and some sad truths too.

I have categorized them in certain categories defined by my own sense of judgement and decorated with a pinch of reality.

Lets see few of the tweets I could pick   :

1. Funny but True

 

I have no idea why this happens – but I have gone through this exact life. And I do it now – EACH of these.

2. Proudly True

 

Yes – we reuse, until it can be reused no more. Read a tweet about Diwali dress – multi-level reuse at its best – almost implementing circular economy within the fence of a household.

Yes – we eat home made more than market food or ready made meal. And we eat fresh food more than pre-cooked items.  We make our papads too 🙂

Yes- we don’t like to waste – neither toothpaste nor any boxes we get for free. I saw a tweet about a plastic bag full of used plastic bags that we reuse and don’t throw) – I could not find it again. But I don’t see what is wrong there if we are anyways using plastic. Our age old habit of carrying a thaila (cloth bag) to the market is simply awesome!

Yes- we ask the vegetable vendors to give us more (used to be free in past) – dhaniya (Coriander leaves) and kadhi patti (Curry leaves) and mirchi (Green Chilli) – firstly they are our source of iron and secondly – we love them in most food we eat.

   

3. Sad but True

Clearly – Poverty is a big problem that we need to solve. Poverty led illiteracy, poor quality of life, unclean and unhygienic surroundings, ignorance of hazardous aspects of plastic or any other item of daily use – all need to be dealt with and improved on. While we are headed towards the 4th industrial revolution, so many are yet to receive benefits of 2nd and 3rd revolutions. As simple as access to clean water has remained a challenge in many parts of the nation. And here we are headed to scarcity of water already, without even reaching all. #SustainableDevelopment is the only way out. Every individual, every business, every nation will have to chip in.

Some issues I could think of, looking at the tweets.

Cleanliness

Ignorance towards hazards of re-using Single use plastic

Unsafe practices due to ILLITERACY

Poverty

Poverty led mal practices and trust deficit

Women Ignoring self health

Disconnect from civic responsibilities

        

 

India needs to accelerate the speed of growth. Our Urban development is happening at 0.2 percent point compared to 2% point of the world.

Wishing goodluck to Ms. Kamala Harris for her upcoming elections. Indian or not- Black or not – you have a glorious history and a big future awaiting. Make it worth – like your mom.

Aarogya Setu – Yes or No?

I almost decided to not post this blog. But on second thoughts I am posting it.

Date : 22nd May 2020.

Background :

Aarogya Setu has comeout as one of the most powerful tool that Government of India released to protect its citizens through “Contact Tracing”. While I do not directly know the source of inspiration for our government to do so, I believe that countries which are being respected for their ways of controlling COVID-19 spread, like – South Korea and Taiwan, have used such apps in their nations and given credit to the apps to be a successful tool in their fight against Corona virus.

Recently, there were tweets claiming how the app is dangerously exposing the privacy of Indian citizens.

For a typical app to fail in the market is neither a concern of mine personally, nor is it unheard of. While, it makes me curious to know more about the reality of the situation, my natural reaction in such cases is – these guys will figure it out; I don’t need to step in.

But when I looked at the flip side – the possible results of “Aarogya Setu” app failing due to privacy reasons, I got hugely concerned for 2 reasons –

1. What if the app is really lacking privacy control? To put it in the terms of the “hacker” – what if it is truly exposing PII- Personally Identifiable Information of millions of citizens? In this case, the hacker claimed it to be 90million (number of downloads at the time of claim). This is simply NOT ACCEPTABLE.
2. What if these claims were incorrect but the citizens do not adopt the app because of the fear and thus the country is unable to utilize a huge opportunity to protect its citizens. This would mean exposing the human lives all around to a massive danger, when we could have protected them. This is even more NOT ACCEPTABLE.

I wanted to do a deep dive, and therefore discussed the subject with some leading security professionals. Am capturing below – exactly the thoughts shared by them and the links they pointed me to. I wanted to hear from multiple professionals on their analysis on the subject beyond just my own observations.

Professionals mentioned in this blog are :

1. Prashant KV (Involved in discussion)
2. Swaroop Yermalkar (Involved in discussion)
3. Nidhish Pandya (Referred)
4. Harshit Agarwal (AppKnox) (Referred)
5. Abhinav Sejpal (Involved in discussion)

Folks involved :

I reached out to few security test professionals including Prashant KV.  Prashant further added Abhinav Sejpal and Swaroop Yermalkar. When it comes to Security, one of the world wide recognized community is OWASP – Open Web Application Security Project . OWASP  is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security, by the way of setting Industry standards, organizing Conferences and Workshops. Their key focus areas are –  Web Security, Application Security, Vulnerability Assessment.

So it may be of interest of the readers to know that Prashant is an OWASP Chapter Lead for San Francisco Bay Area and is a Security engineer at a leading retail firm in the US. Swaroop is the OWASP iGoat Project Lead (Community Project dedicated to mobile security), Head of Cyber Security (India) for a leading cybersecurity firm. He is also the author of the book “Learning iOS Penetration Testing” and he is a well-known mobile bug bounty hunter. Abhinav Sejpal is also an OWASP chapter Lead, has spoken at – null, The Open security conference. He is currently the DevSecOps in a leading technology consulting firm.

PII :

And before I share with you the findings, let us understand what is PII?

PII – Personally Identifiable Information- is the information that can be used on its own or along with other information to identify, contact, or locate a single person, or to identify an individual in context.

Non-sensitive PII can be transmitted in unsecured form without causing harm to an individual. Sensitive PII must be transmitted and stored in secure form, for example, using encryption, hashing.

PII could include – direct identifiers – your Aadhar Number, Driving License, bank Account Number, Name, Phone number, Vehicle License number, Address, Mobile numbers, Email ID, Full face Photos, Biometric identifiers (Iris scan and finger prints), etc.

And then there are indirect identifiers – which can be used to identify a person, when used in combination with other information –like – Birthdates, languages spoken, Geographical Locations, Medical Insurance Plans, Medical conditions. These are not independently enough to identify an individual in a group of more than 1 person.

Discussion and Findings:

My conclusions are based on my analysis of the app and further discussions with my peers and going through all the detail analysis done by different people referred to me by my reputed peers.

Let me start with responses of the security engineers –

1. Prashant’s thoughts  :

To summarize :

Old version of app had a bug that could allow other apps to read files inside
the app sandbox using an exposed Activity and its intent filter. This issue was fixed.
App has jailbreak/root detection and ssl pinning. Both can be bypassed by
custom frida scripts. SSL pinning is not perfect in mobile implementation and can be bypassed.
In the latest version, app sends coordinate via headers to an endpoint and the
server returns information about how many are infected etc. The privacy issue being discussed is that anyone anywhere in the world can put in any coordinates in India and retrieve info about how many infected There are no names or any personal info leaked. Just number of people infected. The app is supposed to show these numbers based on your coordinates. Issues mentioned by the researcher might be of low risk based on that calling the app a disaster is not correct.
Much of the South Korea, Taiwan  and china’s success is attributed to a similar app.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Prashant also shared another tweet from October 2019 – where another hacker, called out the site that belongs to our attention seeker – Robert Baptiste aka Elliot Alderson , as vulnerable.

https://twitter.com/crackohacker/status/1182596471058681856?s=21

Furthermore, Prashant also shared a blog from another Security engineer – Swaroop Yermalkar, refuting Baptiste’s previous claims – https://blog.swaroopsy.com/2020/05/07/part-1-truth-behind-propaganda-against-maadhaar-security/amp/

Since Swaroop was part of the conversation, we will talk more about his view in the blog further.

Towards the end of our conversation, Prashant shared 2 more write – ups :

1. https://medium.com/@N1gh7m4r3/explaining-exposing-imaginary-arogyasetu-privacy-issue-433a6dc7b76e

This is written by Nidhish Pandya, who is a cyber-security enthusiast. He has clearly called out the security issues raised by Baptiste as imaginary. His blog is full of pointers to various sources which prove his point.

2. https://www.appknox.com/blog/is-the-aarogya-setu-app-safe-to-use

Appknox is a company that specializes in mobile app security. I found their analysis to be pretty detailed and conclusive. Hence, let me share the final word here from Harshit Agarwal , the CEO of AppKnox.

---

The Word 

There might indeed be certain security misconfigurations in the Aarogya Setu app, but none of which pose great threats. Into the bargain, we never found any evidence for the PII data breach in our security assessment.

We strongly believe Aarogya Setu app is the Indian government’s approach to providing the right information during the uncertain times of the COVID pandemic. Nevertheless, based on our findings, the following low and medium level safety issues of the Aarogya Setu can be rectified,

• Implementation of ATS in iOS devices
• Non-expiration of tokens
• Usage of SSL Pinning instead of encryption
• Using AES/CBC encryption instead of AES/ECB encryption

Yet, even without these rectifications, the application is still secure to use, and you don’t have to fear privacy intrusion.

---

Harshit’s blog also mentioned the below details as “Fact” against Baptiste’s claims.

Fact: 

The radius buffers have been limited to five values, as mentioned earlier. These standard values are posted with HTTP headers. Even if any user enters another value, the distance will be directed to the default value of 1km.

As asserted by the hacker, the user can indeed fetch data for multiple locations by changing the coordinates. Nevertheless, the API enforced in the Aarogya Setu application prevents such bulk calls from being processed.

So, there is absolutely no way for one user to procure the COVID-19 statistics by simply changing the coordinates.

That said, the claims of french researcher are futile. He was unable to prove the privacy risk of any user using the Aarogya Setu app. So, rest assured, you are safe. None of your confidential and sensitive information is out in the open, everything is secure.

2. Abhinav Sejpal

His recommendations were –

#1 Open source Aarogya Setu App Source code and Allow the honest feedback.

#2 Start the bug bounty via Hackerone or bugcrowd or whatever works for Indian gov

#3 Invite few security experts to review findings and crowd source overall triage process.

One may have to review these asks but it could be worth a look.

3. Swaroop Yermalkar

And our final specialist – who is a highly accomplished security professional – he wrote the following blog for his review of Aarogya Setu app –

https://blog.swaroopsy.com/2020/05/08/part-2-truth-behind-propaganda-against-the-aarogya-setu-app-security-the-real-story-of-success/

One can find his other blogs on security issues at: https://blog.swaroopsy.com/

In his words – clearly – “There were some security issues but NO Breach! No personal info of single user got leaked!”

On probing further, he shared his interaction with Baptiste, who could not take being questioned on his false claims and Swaroop says – he got blocked therefore by Baptiste on twitter.

Incidentally , the day we were discussing this a news came in that someone from Bangalore hacked Aarogya Setu and I asked Swaroop, what does he think about that. He pointed me to his tweet that said –

 #mensxp Stop spreading misinformation! Have you performed verified analysis by security professionals? Validations can be bypassed at client side! Where is PII? Don’t make #infosec as #tiktok videos or #clickbait!

You can see his popular tweet at : https://twitter.com/swaroopsy/status/1260963165094834177

Major Highlights of Swaroop’s blog :

The list of vulnerabilities mentioned:

1. Access to App’s Internal Files – LowSeverity
2. Bypassing Root Detection Using Frida – LowSeverity
3. Bypassing SSL Certificate Pinning – LowSeverity
4. Finding Infected People In Any Area – Low/infoSeverity (It’s the app by design)

Final Conclusion: Vulnerabilities discussed didn’t disclose any PII / Personal Data / Age / Name of any COVID-19 Patients or Arogya Setu App Users. Forget about 90 millions but not even single user’s data got exposed! Bug Bounty Companies would pay USD 0 for these type of issues! Now you can decide, are these really security threats or just a publicity stunt?

In fact,  I would say the Aarogya Setu App is a success story! Millions of users downloading this app and helping people to get aware of nearby patients around them!

I also agree that government apps should have proper channels / bug bounty programs to receive security issues. India has one of the largest infosec community and can help government apps to get them more and more secure.

---

My observations :

1. Much like all leading apps that different governments ( e.g : TraceTogether (Singapore), NHS (UK)) in the world have come up with , Aarogya Setu was also built in like 15 days.
2. Technology stack looks similar to other such apps – AWS / SQLite / secure hosting/ rooted device detection.
3. Interestingly – Aarogya Setu has implemented an additional layer of encryption (Lat / Long). Also, it stores data for a limited period of time both for COVID infected (60 days) and not infected people (45 days).
4. I am NOT a reputed security engineer yet. But going by the take of so many of proven, experienced and reputed #InfoSec professionals – all claims made by Baptiste / someone in Bangalore (reported in menxp) – ARE TOTALLY FARCE AND ATTENTION SEEKING ACTIONS.
5. Clearly there were some gaps in the previous version of the app, which have been fixed.

As a member of community of testing professionals – we like to believe that there is no software that is 100% defect free. After studying the app and comparable apps and usages across the globe, I find Arogya Setu to be a powerful tool made by the government to protect Indian citizens and one can download it and use it without any fear of security issues especially wrt what Baptiste claimed.

**Original blog ends here.

---

---

Further updates on Aarogya Setu –

The top demands from the security professionals across the world have been heeded to by the Aarogya Setu team.

As of today – the app has been open- sourced, and government has initiated a bug bounty program for the app.

Further updates from Swaroop.

Update 1 [May 26, 2020] – https://twitter.com/SetuAarogya/status/1265281058532016128
The #AarogyaSetuApp is now open source. Read the attached release documents to know more.

Update 2 [May 27, 2020] – https://twitter.com/SetuAarogya/status/1265353503221772288
Aarogya Setu Bug Bounty Program – Aarogya Setu Bug Bounty Program – call upon the developer community to join hands to help make Aarogya Setu more robust and secure. Those identifying vulnerabilities, bugs, or code improvement stand to get recognized and win cash awards too.

---

---

 

During lockdown, it may not have been important to use Aarogya Setu. But now that lockdown is getting lifted, and people are expected to move out and come in contact with more people beyond their immediate family and folks, IT IS MORE IMPORTANT TO USE AAROGYA SETU NOW. And I decided to publish this blog only with the purpose to reiterate the importance of the use of this app and to appeal more citizens to adopt it.

The success of the app is directly proportional to its adoption. More the number of people who use Aarogya Setu, better will be the information provided by the app.

What can you do for earth?

Just had quick thoughts exchanges with a fellow group member on my facebook group – “Common Sense Meets Sustainability” basis climate situation in Australia. It seemed to me, that he is overwhelmed due to the size of the problem.

Let me share some tips with you, so you still have hope and you dont give up. Because things will only change if every single one of us is committed.

Remember – there is no planet B. No one else is working somewhere in some corner who will suddenly save us from the devastation. We have to save our planet. Everyday. In every act of ours.

Here are some tips for you – first and foremost, learn about sustainable development goals. Agenda 2030 is a beautiful framework which if we achieve, our planet will be on the path of course correction. Try and follow these –

1. Measure your carbon footprint and water footprint and optimize them. And what you cannot reduce, then, offset carbon emissions appropriately.

2. Be consistent and start giving towards a specific SDG. Not just random donation. Find a good non profit or social initiative that is doing good work. Support them by giving your time, in kind, cash….any help they need and that you can give.

3. Measure the space. Watch the growth. Know what will make an impact. How much will make an impact. Mobilize your resources and people in your network to also work on some SDG in a focused way.

4. Be mindful of little nuances. Packaging, sourcing, disposal, end of product lifecycle….support responsible businesses.

Hope this helps. If there is any doubt in your mind, I am willing to help. Even for individual cases. You can reach out to me at sm@fandoro.com to understand how you can bring a change.
Look at the volunteer calendar at Fandoro.com and contribute your time and effort to these initiatives.

Hope this helps… remember this is our only  home and our chance.

Know what you are looking for.

Metal detectors and baggage scanners (X-Ray machines for luggage) are a common sight at public places in India – whether you go to sports stadium, a Mall, a hotel, a government office or for that matter even private offices and Business Centers. Airports are where I sight them globally.

However, I get a feeling of thoroughness only with the airports officials at these security check points. At most places, I notice, the officers sitting on the screens of the baggage scanners are not even looking at the screens – which makes me feel uneasy (Will refer to this later again as Experience 1). I don’t like being frisked multiple times a day, but when I pass through a security check and I know I have not been frisked properly – I know the danger I am entering into (Will refer to this later again as Experience 2).

The routine is different for different places. Mostly – my car’s boot space gets checked, there is a mirror pushed under my car’s bonnet to check if there is anything stuck under the car (Exp 3)- and then I am asked to give my luggage and even phone away before passing through the metal detector and then my luggage is handed over to me with a warm smile (Exp 4).

These officers seem to be trying to do a thorough check. And these ones (Exp 3 and Exp 4) interest me. The ones that were mentioned in cases Exp 1 and Exp 2 seemed totally hopeless – I absolutely have no respect for a person, who don’t do their work properly. As they say – you had one job.

But at this point – I am thinking – do any of these 4 set of folks know what their job is. So I talk to them – the response is same everywhere – we are looking for items forbidden to carry. Okay – and what could that be. Well, they are obvious ones – Guns, bombs, knives, Liquids etc.

My next question to them is – do you know what a bomb looks like? or a dismantled gun looks like? They start to smile – because obviously, none of them have ever seen a real bomb. I don’t want to come across as a depressed or a lunatic who is planning something so I don’t ever ask more than 1-2 questions at a place and move on. Now, after so many experiences, I ask just 1 question  – do you know what you are looking for? The answer is mostly a smile or “kya madam” (which in my English translates best to “C’mon Mam”)

At most airports – I find officers almost intimidating – their process being more lengthy and apparently rigorous – a bit black box kinds too. One doesn’t easily get to see the scanned images – the officers are glued to the screen – And to their credit – they sure find things every once in a while. But the investment is huge. The process again remains standard – not intelligent all the time. Makes me want to say an overkill sometimes, but concerned folks say – when it is about safety better safe than sorry. Not sure, if they are even looking for an optimum solution.

As I kept probing on my own uneasiness with the fake security check I get at most places and on the other side –  overwhelming & intimidating security checks at the airports and slowly I begin to feel, this is so similar to my world of Software Testing. Do testers know what they are looking for? More importantly, can they identify a risk if it is not shaped as they are expecting it to be (mostly in their limited/fixed test cases).

• Most testers perform testing as a ritual they have to execute, in certain order
• More often than not Testing is in place only to put a check and say – yes we do it
• When Automation comes into play – most testers don’t know how to make the best use of it
• Mindless automation – again as a “must do” procedure is applied. No one is looking at the scanner screen.
• Garbage in Garbage out Automation keeps continuing. EVERY LUGGAGE should pass through the scan. But the story ends there.
• The regular beeping through the metal detector or not beeping at all – doesnt ring a bell to the executives. Because of so many false positives – no one bothers to check eventually. The need is to continuously upgrade the system – but it is so much of work each time that they just let it go.

Comparisons could go on…

This is where I feel hopeful about software testing more than the physical security check world – because we seem to be adopting “AI”  to keep training our systems to understand how to segregate defects from those that are not. As we begin to use more artificial intelligence in our automation and we train our verification scripts to update as per the changes in the applications, our overhead for maintenance shall reduce to minimal.

Dont get me wrong – there will ALWAYS be a need to humanly explore the unknowns but our effectiveness in distributing the knowledge of the newly explored unknown, into the whole system quickly and making it a known quantity to our testers and application owners will bring a significant success to the business owners in terms of reduced risks and reduced time to market with minimum investment.

If you wish to learn more about what you should be looking for in software and how you can reduce risks in your application without creating huge technical debt in automation and yet reducing time to market (incrementally), you could do these:

1. Talk to me at smita.mishra@qazone.in
2. Study testing, learning critical thinking and uncovering risks at http://www.satisfice.com/ and http://www.developsense.com/  — Infact try registering in one of their classes.
3. Explore test tools like test.ai, testim.io, saucelabs, applitools, tricentis.
4. Explore training and webinars with SoftwareTestPro.com and MinistryofTesting.com . They also have some of the best conferences and meetups – full of latest trending content.

These are absolute top ones that come to my mind as I am typing. This wasn’t how I had planned to end the blog, hence a very limited list.

If you explore, you will find many more leaders and platforms. What is important is – to learn. So you know what you are looking for.

And I thought I had time….

I have forever been intrigued with the ways Jerry Weinberg’s thought. James Bach introduced his existence to me. I looked up his name. I got impressed. End of story.

Every now and then I would read his work. And feel a pull to his ways of thinking. People in testing world specially, quote him left, right and center.  Let me tell you something about me, before I go further in my story – I love talking to creative and sharp minds. Minds that are so logical that nothing can beat them and yet humane in their own way – I feel instantly connected with them in some karmic ways. And then I just want to talk to them, know them more and learn from them.

As destiny would have it – Over the next few years, his name just grew on my mind. I saw his mention and work so much all around that I decided to meet him. (More so, because most of his work can not be defeated by some anti – theory). When I started to make my bridge towards him, people all around told me – he doesn’t travel around anymore for health reasons. But I wanted to see him in real like face 2 face and interview him- not just hear him like I hear him on some youtube video. I wanted to watch how his eyes move, how his expressions change, when he smiles, what raises his brows. In short – Wanted to understand him in my own unique way.

So I reached out to him, asking if I could do a video call with him- that was in May 2016. He immediately said yes and infact said that he would love to do it. Being in different time zones, our times would never match – he was old (sleeping and waking hours thing) and I am a working mother of 2 growing kids. After some tries of different permutation ad combination on timings, I got busy with more bread n butter related work and my desire to do the video call with Jerry got pushed towards rear in the ever humongous queue of my to-do.

A couple of days later – I receive an email from Jerry, saying – Did you recv my response about possible times for a call? I didnt hearback from you.

Ahhhh….I was like – ooopppsssss- told him, I was still struggling with a match for our times and that I will figure out something soon.

Later that day – he mentioned the time and date best for him. I was very happy that day – because firstly it seemed a leader like Jerry was interested in talking to me and secondly, he did take time out of his busy schedule and inform me. So, I was all set. Technically, nothing was pending for this call to happen. But it didnt.

I spent another month or so before I remembered I had to schedule this. Towards end of July, when summer vacation for my kids were over and I could work more hours, I again wrote to him that maybe we could do the call now.
He responds back a day later – says, he is hoping we can do it and that he is looking forward to it.

And it again didn’t happen. I had the go ahead, available time-slots known but I still didn’t schedule it right away. As it happens to every one – it happened to me too – I got immersed into 20 other “critical” work. Every now and then the thought would come to me and I used to think – its fine, I will do it soon. I HAVE TIME.

For almost 2 yrs. 7/22/2016 to 8/7/2018 I thought I had time, only to realise today, that I dont have Jerry now. With all the time that I have for the rest of my life, I wont get to do something that was so close to my heart.

Jerry – I will miss you and your ways. But like a true teacher, even when leaving us, you taught me a lesson in it.

I realized today I DON’T HAVE TIME.

The places I need to see on this planet – needs to be done today. Atleast get started with the list of places and timelines and plans to visit them.

The People I need to meet, hug, interview, know better, be friends with, click selfies with – has to happen today  – whatever little we can begin with. Whoever I can start with.

The money I wish to make – has to be made today. Atleast I need to start making some of it today.

The Fame I want through the influence / impact I shall have, need to be to built today. Atleast the beginning of it.

I have always wanted to make world a better place. I started Fandoro, with that thought in my mind. I encourage people to perform  Individual Social Responsibility through meaningful gifting on our platform. On an average 2-3 new NGOs register daily on this platform . But the need for help and support is too high. And I need to add more enterprises in my kitty per day, whose employees contribute towards these NGO needs and make this world a better place. I havent been doing it with utter sincerity. But I do dream of a successful  startup – Fandoro Technologies Pvt Ltd- EVERYDAY.

All of my procrastination ends today with Jerry’s last teaching to me – There is no time to do all I wish to in this life. I need to work on NGOs and Enterprises – EVERYDAY.

We will miss you Jerry. But your teachings will forever enlighten our mind and guide our paths.

Just Half A Glass of Water

I was once watching a show where the comedian attributes his being fat to the African children. The basis being  the constant reinforcement of the thought, in his childhood- Don’t leave any food uneaten – remember there are kids in Africa who go hungry without food for days. I got his humor and smiled. There was no point judging him – he (now a grown up adult) had a valid point – his not eating actually would not help African kids – as he rightly asked – how have we truly contributed to the concern.

While the focus was on food, I do see a growing concern on drinking water too today. But the issue seems more serious because it is not “just an African issue”. We are all aware of the epidemic situation of water scarcity in Cape Town. We are all headed to the same.

Drinking water is in shortage and is increasingly becoming a more precious commodity across the globe including my nation India once where the civilization started on the banks of river Indus.

I do see citizens, travellers , kids – all concerned about it and lot of practical tips are being included in one’s daily routine. We ourselves have moved to bathing with Bucket and Mug instead of showers. We have sensors in water tank , pretty effective in stopping overflowing of consumable water. We measure the water we use and misuse too.

But when it comes to offering water to others, we get more generous. It is always a full glass of water. We never think twice if it is going to be consumed all or not. At a personal home setup the wastage may not appear huge because it is mostly 1-2 guests at a time. The whole idea of this blog came to me when I was having multiple lunches and dinners at different restaurants this past week with huge numbers of family and friends – most of whom did order additional drinks and never bothered to finish water in their glasses. The thought stayed with me – why couldn’t the service men offer half a glass of water and offer more when asked for.

Offering a glass of water is the basics of serving the guests and in a country like India – where we treat Guests as Gods ( Atithi Devo Bhava) , it may feel a bit uneasy to offer only half a glass of water but as guests if we can handle it without getting offended, maybe we can save some serious amount of potable water, daily – considering we have millions of eateries, serving multi million people globally.  Think about it.

Next time when you visit an eating joint – specifically ask for #justhalfaglassofwater to be served. Maybe we start the revolution and save some water for our grandchildren.

Glasses with illusions – get creative!!

Restaurants can get creative with their serving glasses if needed.

Quick side note – I do see bottled water as a very good alternative, as it can be carried and consumed without being wasted but unless I see a bottle that’s not plastic, I find its use as dangerous and hence not promotable – it shall have counter effects.

 

Remember the Roses

I am not an avid reader and my confession is not going to reflect highly on me , specially since I am trying to make it in a knowledge era. Don’t mistake this for – I never read. I am more of an experiential learner. However, the books I read, the stories I love – stay with me, word by word , feeling by feeling forever.

One such story I read, was – Remember the Roses. I read it more than 22 years back(Proves my point that I love reading sometimes). Written by Avery Taylor, a British author, published originally in 1967 (I wasn’t born then). Will quickly brief the plot for you:

” During the Second World War, Robert, an English agent, comes to rescue Paul Renard, a key member of the French Resistance, who has been taken by the Gestapo and is being held in a prison in Rouen, France. Robert parachutes into a field near Rouen. When he tries to make a contact with a member of the Resistance, Robert is almost captured by the Nazis. A young girl called Jehane le Brun rescues him and helps him to locate and free Renard. When Robert returns to England, no one believes his account of how he returned with Renard.

But when they all inspect the evidence, Robert finds that Jehane could have been none other than the legendary Maid of Orleans, Joan of Arc, who had fought for France in 1429.”

Second world war was fought in the years 1939-45. The story of the girl’s bravery never left me. And it has forever inspired me.

The reason I write this – I would so love to meet the author and I am unable to find her on any social media.

Humble appeal to anyone who reads this blog – if you can find the author – Avery Taylor, can you please tell her I am so inspired by her writing and if possible, get me her contact details – reach me here or on my twitter @smitapmishra.

Thanks for your time!! Keep reading lovely books and stories!! Keep inspiring and getting inspired!!

 

Inspiring meetup, but with -1

Test Practitioners Club is a Testing Meetup based mostly in National Capital Region , India. We have been in existence since January 2014, that’s when we hosted our first meetup.

We started with 8 subscribers to the thought and all of them attended.

And I was the only woman and I was a bit disappointed at this but not disheartened. I was determined to change this and I knew how to. Little did I know back then, that I am not thinking right.

We now have 943 members on the meetup group alone (excluding FB page followers)and at our latest meetup we had over 40 members join us. We try to do the meetup as frequently as possible. We would love to do it once a month but we are unable to. Regular members of the meetup are now stepping up to take more initiatives and sometimes they host the event at their venue, and find speakers too. That kind of leadership helps a lot to continue organizing the meetup.

Test Practitioners Club April 2018 meetup was held at Oracle office thanks to Manoj Jain, the Director (Software Development). Among the speakers were a few regular attendees and core team members (Gaurav Bansal (Snapdeal) / Nitin Mukhija (PayUMoney) / Omkar (Naukri), some from Oracle –  Amit Vashishtha and one surprise speaker – Siddharth Taneja (Make My Trip).

 

Siddharth Taneja came out to be a very special story. He is braving Cerebral Palsy .

He works as a FTE at MakeMyTrip and he is not just surviving there on compassionate grounds but is winning as one of the best performers in his team. A glimpse of his story can be seen at : https://www.youtube.com/watch?v=P600zzicDZc

 

He set us thinking that there can be no limitation too big to learn, if there is a strong will and desire to learn. When asked what he wanted to do – he said “I want to make a dent on the world“. He wants to be someone who is taken note of when he leaves.

With the overwhelming execution of the current meetup in April 2018 – we feel very successful in being able to mobilise the testers to a point where community learning is being enjoyed and looked forward to. We have consistently had over 40 members attendance and atleast 35-40% women testers participating as attendees.

But there is one aspect that has made us feel a bit like failure. Infact, not just a bit, but more like a big embarrassing failure.  Personally, being someone who has participated in different capacities in so many initiatives for including more women in technology and being a very known enthusiast for leading such initiatives, it feels like a big MINUS ONE when I am unable to bring women speakers to our meetup.

It gets even more disturbing to me when we are seeking women speakers from the best of the organizations in the region and we don’t get even ONE submission or interest from them. Occasionally we have had women speakers from “Srijan Technologies” thanks to our evangelist Anil Chandana there. But that’s about it.

Not sure where we are going wrong. I am going to continue tryng to fix it going forward. Our next meetup is in May 2018. And we are going to organize meetups as frequently as possible – hopefully once a month.

If any tester is interested in speaking at the meetup , please email me directly at smita.mishra@qazone.in or reach out to us at our Meetup page or Facebook Page.

My humble appeal – If you are a women tester or technology enthusiast, and wish to speak or know of some such women technocrats – please reach out to us. We will also support them in getting mentored on how to present if they have never done Public Speaking before. Point to note here – This doesn’t stop men from reaching out to us to get the same support.

Looking forward to having women speakers at our meet-ups.