#YoIndiaSoSustainable

Day before yesterday (on 18th Aug), I accidentally came across a trending hashtag – #YoKamalaSoIndian  – maybe because I am an Indian or maybe because I followed the lady a day before. The debate is on whether she relates herself as an Indian or Hindu or a Black woman. Frankly, it matters less to me – what she relates herself as – that I believe is her personal choice. Clearly, she is a proud American by citizenship for sure.

But Ms. Kamala’s story is less intriguing to me – than that of her mother – Ms. Shyamala Gopalan. Born in a pre-independence era – An Indian woman – studies science (Ph.D) and becomes a biologist. At a young age of 19 – goes alone to the US in the later 1950s and joins Black Civil rights movement much before she met her soon to be husband- Mr. Donald J Harris. She fought for Black people rights, when she wasn’t one. And her nation had just come out of 360 degrees draining clutches of British. And today her ashes are floating in the Indian Ocean – close to Chennai – her homeland.

A lot to learn from a woman who dedicated her life in isolating and characterizing the progesterone receptor gene that stimulated advances in breast biology and cancer. And who in her death – requests that donations be made to the organization Breast Cancer Action in lieu of flowers sent on her funeral.

However, the purpose of the blog is not Ms. Kamala Harris or her much respect mother. It is the tweets that people put out there – mentioning all the Indian habits under the trending hashtag #YoKamalaSoIndian.

The reason I am forced to write a blog on this is because while the world found lot of these tweets amusing and most of them have been written with a good sense of humor – I found many of them very interesting and very insightful – giving insights into a lot of funny truths, truths that Indians should be proud of and some sad truths too.

I have categorized them in certain categories defined by my own sense of judgement and decorated with a pinch of reality.

Lets see few of the tweets I could pick   :

1. Funny but True

 

I have no idea why this happens – but I have gone through this exact life. And I do it now – EACH of these.

2. Proudly True

 

Yes – we reuse, until it can be reused no more. Read a tweet about Diwali dress – multi-level reuse at its best – almost implementing circular economy within the fence of a household.

Yes – we eat home made more than market food or ready made meal. And we eat fresh food more than pre-cooked items.  We make our papads too 🙂

Yes- we don’t like to waste – neither toothpaste nor any boxes we get for free. I saw a tweet about a plastic bag full of used plastic bags that we reuse and don’t throw) – I could not find it again. But I don’t see what is wrong there if we are anyways using plastic. Our age old habit of carrying a thaila (cloth bag) to the market is simply awesome!

Yes- we ask the vegetable vendors to give us more (used to be free in past) – dhaniya (Coriander leaves) and kadhi patti (Curry leaves) and mirchi (Green Chilli) – firstly they are our source of iron and secondly – we love them in most food we eat.

   

3. Sad but True

Clearly – Poverty is a big problem that we need to solve. Poverty led illiteracy, poor quality of life, unclean and unhygienic surroundings, ignorance of hazardous aspects of plastic or any other item of daily use – all need to be dealt with and improved on. While we are headed towards the 4th industrial revolution, so many are yet to receive benefits of 2nd and 3rd revolutions. As simple as access to clean water has remained a challenge in many parts of the nation. And here we are headed to scarcity of water already, without even reaching all. #SustainableDevelopment is the only way out. Every individual, every business, every nation will have to chip in.

Some issues I could think of, looking at the tweets.

Cleanliness

Ignorance towards hazards of re-using Single use plastic

Unsafe practices due to ILLITERACY

Poverty

Poverty led mal practices and trust deficit

Women Ignoring self health

Disconnect from civic responsibilities

        

 

India needs to accelerate the speed of growth. Our Urban development is happening at 0.2 percent point compared to 2% point of the world.

Wishing goodluck to Ms. Kamala Harris for her upcoming elections. Indian or not- Black or not – you have a glorious history and a big future awaiting. Make it worth – like your mom.

Aarogya Setu – Yes or No?

I almost decided to not post this blog. But on second thoughts I am posting it.

Date : 22nd May 2020.

Background :

Aarogya Setu has comeout as one of the most powerful tool that Government of India released to protect its citizens through “Contact Tracing”. While I do not directly know the source of inspiration for our government to do so, I believe that countries which are being respected for their ways of controlling COVID-19 spread, like – South Korea and Taiwan, have used such apps in their nations and given credit to the apps to be a successful tool in their fight against Corona virus.

Recently, there were tweets claiming how the app is dangerously exposing the privacy of Indian citizens.

For a typical app to fail in the market is neither a concern of mine personally, nor is it unheard of. While, it makes me curious to know more about the reality of the situation, my natural reaction in such cases is – these guys will figure it out; I don’t need to step in.

But when I looked at the flip side – the possible results of “Aarogya Setu” app failing due to privacy reasons, I got hugely concerned for 2 reasons –

  1. What if the app is really lacking privacy control? To put it in the terms of the “hacker” – what if it is truly exposing PII- Personally Identifiable Information of millions of citizens? In this case, the hacker claimed it to be 90million (number of downloads at the time of claim). This is simply NOT ACCEPTABLE.
  2. What if these claims were incorrect but the citizens do not adopt the app because of the fear and thus the country is unable to utilize a huge opportunity to protect its citizens. This would mean exposing the human lives all around to a massive danger, when we could have protected them. This is even more NOT ACCEPTABLE.

I wanted to do a deep dive, and therefore discussed the subject with some leading security professionals. Am capturing below – exactly the thoughts shared by them and the links they pointed me to. I wanted to hear from multiple professionals on their analysis on the subject beyond just my own observations.

Professionals mentioned in this blog are :

  1. Prashant KV (Involved in discussion)
  2. Swaroop Yermalkar (Involved in discussion)
  3. Nidhish Pandya (Referred)
  4. Harshit Agarwal (AppKnox) (Referred)
  5. Abhinav Sejpal (Involved in discussion)

Folks involved :

I reached out to few security test professionals including Prashant KV.  Prashant further added Abhinav Sejpal and Swaroop Yermalkar. When it comes to Security, one of the world wide recognized community is OWASP – Open Web Application Security Project . OWASP  is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security, by the way of setting Industry standards, organizing Conferences and Workshops. Their key focus areas are –  Web SecurityApplication Security, Vulnerability Assessment.

So it may be of interest of the readers to know that Prashant is an OWASP Chapter Lead for San Francisco Bay Area and is a Security engineer at a leading retail firm in the US. Swaroop is the OWASP iGoat Project Lead (Community Project dedicated to mobile security), Head of Cyber Security (India) for a leading cybersecurity firm. He is also the author of the book “Learning iOS Penetration Testing” and he is a well-known mobile bug bounty hunter. Abhinav Sejpal is also an OWASP chapter Lead, has spoken at – null, The Open security conference. He is currently the DevSecOps in a leading technology consulting firm.

PII :

And before I share with you the findings, let us understand what is PII?

PII – Personally Identifiable Information- is the information that can be used on its own or along with other information to identify, contact, or locate a single person, or to identify an individual in context.

Non-sensitive PII can be transmitted in unsecured form without causing harm to an individual. Sensitive PII must be transmitted and stored in secure form, for example, using encryption, hashing.

PII could include – direct identifiers – your Aadhar Number, Driving License, bank Account Number, Name, Phone number, Vehicle License number, Address, Mobile numbers, Email ID, Full face Photos, Biometric identifiers (Iris scan and finger prints), etc.

And then there are indirect identifiers – which can be used to identify a person, when used in combination with other information –like – Birthdates, languages spoken, Geographical Locations, Medical Insurance Plans, Medical conditions. These are not independently enough to identify an individual in a group of more than 1 person.

Discussion and Findings:

My conclusions are based on my analysis of the app and further discussions with my peers and going through all the detail analysis done by different people referred to me by my reputed peers.

Let me start with responses of the security engineers –

1. Prashant’s thoughts  :

To summarize :

Old version of app had a bug that could allow other apps to read files inside
the app sandbox using an exposed Activity and its intent filter. This issue was fixed.
App has jailbreak/root detection and ssl pinning. Both can be bypassed by
custom frida scripts. SSL pinning is not perfect in mobile implementation and can be bypassed.
In the latest version, app sends coordinate via headers to an endpoint and the
server returns information about how many are infected etc. The privacy issue being discussed is that anyone anywhere in the world can put in any coordinates in India and retrieve info about how many infected There are no names or any personal info leaked. Just number of people infected. The app is supposed to show these numbers based on your coordinates. Issues mentioned by the researcher might be of low risk based on that calling the app a disaster is not correct.
Much of the South Korea, Taiwan  and china’s success is attributed to a similar app.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Prashant also shared another tweet from October 2019 – where another hacker, called out the site that belongs to our attention seeker – Robert Baptiste aka Elliot Alderson , as vulnerable.

https://twitter.com/crackohacker/status/1182596471058681856?s=21

Furthermore, Prashant also shared a blog from another Security engineer – Swaroop Yermalkar, refuting Baptiste’s previous claims – https://blog.swaroopsy.com/2020/05/07/part-1-truth-behind-propaganda-against-maadhaar-security/amp/

Since Swaroop was part of the conversation, we will talk more about his view in the blog further.

Towards the end of our conversation, Prashant shared 2 more write – ups :

  1. https://medium.com/@N1gh7m4r3/explaining-exposing-imaginary-arogyasetu-privacy-issue-433a6dc7b76e

This is written by Nidhish Pandya, who is a cyber-security enthusiast. He has clearly called out the security issues raised by Baptiste as imaginary. His blog is full of pointers to various sources which prove his point.

  1. https://www.appknox.com/blog/is-the-aarogya-setu-app-safe-to-use

Appknox is a company that specializes in mobile app security. I found their analysis to be pretty detailed and conclusive. Hence, let me share the final word here from Harshit Agarwal , the CEO of AppKnox.


The Word 

There might indeed be certain security misconfigurations in the Aarogya Setu app, but none of which pose great threats. Into the bargain, we never found any evidence for the PII data breach in our security assessment.

We strongly believe Aarogya Setu app is the Indian government’s approach to providing the right information during the uncertain times of the COVID pandemic. Nevertheless, based on our findings, the following low and medium level safety issues of the Aarogya Setu can be rectified,

  • Implementation of ATS in iOS devices
  • Non-expiration of tokens
  • Usage of SSL Pinning instead of encryption
  • Using AES/CBC encryption instead of AES/ECB encryption

Yet, even without these rectifications, the application is still secure to use, and you don’t have to fear privacy intrusion.


Harshit’s blog also mentioned the below details as “Fact” against Baptiste’s claims.

Fact: 

The radius buffers have been limited to five values, as mentioned earlier. These standard values are posted with HTTP headers. Even if any user enters another value, the distance will be directed to the default value of 1km.

As asserted by the hacker, the user can indeed fetch data for multiple locations by changing the coordinates. Nevertheless, the API enforced in the Aarogya Setu application prevents such bulk calls from being processed.

So, there is absolutely no way for one user to procure the COVID-19 statistics by simply changing the coordinates.

That said, the claims of french researcher are futile. He was unable to prove the privacy risk of any user using the Aarogya Setu app. So, rest assured, you are safe. None of your confidential and sensitive information is out in the open, everything is secure.

2. Abhinav Sejpal

His recommendations were –

#1 Open source Aarogya Setu App Source code and Allow the honest feedback.

#2 Start the bug bounty via Hackerone or bugcrowd or whatever works for Indian gov

#3 Invite few security experts to review findings and crowd source overall triage process.

One may have to review these asks but it could be worth a look.

3. Swaroop Yermalkar

And our final specialist – who is a highly accomplished security professional – he wrote the following blog for his review of Aarogya Setu app –

https://blog.swaroopsy.com/2020/05/08/part-2-truth-behind-propaganda-against-the-aarogya-setu-app-security-the-real-story-of-success/

One can find his other blogs on security issues at: https://blog.swaroopsy.com/

In his words – clearly – “There were some security issues but NO Breach! No personal info of single user got leaked!

On probing further, he shared his interaction with Baptiste, who could not take being questioned on his false claims and Swaroop says – he got blocked therefore by Baptiste on twitter.

Incidentally , the day we were discussing this a news came in that someone from Bangalore hacked Aarogya Setu and I asked Swaroop, what does he think about that. He pointed me to his tweet that said –

 #mensxp Stop spreading misinformation! Have you performed verified analysis by security professionals? Validations can be bypassed at client side! Where is PII? Don’t make #infosec as #tiktok videos or #clickbait!

You can see his popular tweet at : https://twitter.com/swaroopsy/status/1260963165094834177

Major Highlights of Swaroop’s blog :

The list of vulnerabilities mentioned:

  1. Access to App’s Internal Files – LowSeverity
  2. Bypassing Root Detection Using Frida – LowSeverity
  3. Bypassing SSL Certificate Pinning – LowSeverity
  4. Finding Infected People In Any Area – Low/infoSeverity (It’s the app by design)

Final Conclusion: Vulnerabilities discussed didn’t disclose any PII / Personal Data / Age / Name of any COVID-19 Patients or Arogya Setu App Users. Forget about 90 millions but not even single user’s data got exposed! Bug Bounty Companies would pay USD 0 for these type of issues! Now you can decide, are these really security threats or just a publicity stunt?

In fact,  I would say the Aarogya Setu App is a success story! Millions of users downloading this app and helping people to get aware of nearby patients around them!

I also agree that government apps should have proper channels / bug bounty programs to receive security issues. India has one of the largest infosec community and can help government apps to get them more and more secure.


My observations :

  1. Much like all leading apps that different governments ( e.g : TraceTogether (Singapore), NHS (UK)) in the world have come up with , Aarogya Setu was also built in like 15 days.
  2. Technology stack looks similar to other such apps – AWS / SQLite / secure hosting/ rooted device detection.
  3. Interestingly – Aarogya Setu has implemented an additional layer of encryption (Lat / Long). Also, it stores data for a limited period of time both for COVID infected (60 days) and not infected people (45 days).
  4. I am NOT a reputed security engineer yet. But going by the take of so many of proven, experienced and reputed #InfoSec professionals – all claims made by Baptiste / someone in Bangalore (reported in menxp) – ARE TOTALLY FARCE AND ATTENTION SEEKING ACTIONS.
  5. Clearly there were some gaps in the previous version of the app, which have been fixed.

As a member of community of testing professionals – we like to believe that there is no software that is 100% defect free. After studying the app and comparable apps and usages across the globe, I find Arogya Setu to be a powerful tool made by the government to protect Indian citizens and one can download it and use it without any fear of security issues especially wrt what Baptiste claimed.


**Original blog ends here.



Further updates on Aarogya Setu –

The top demands from the security professionals across the world have been heeded to by the Aarogya Setu team.

As of today – the app has been open- sourced, and government has initiated a bug bounty program for the app.

Further updates from Swaroop.

Update 1 [May 26, 2020] – https://twitter.com/SetuAarogya/status/1265281058532016128
The #AarogyaSetuApp is now open source. Read the attached release documents to know more.

Update 2 [May 27, 2020] – https://twitter.com/SetuAarogya/status/1265353503221772288
Aarogya Setu Bug Bounty Program – Aarogya Setu Bug Bounty Program – call upon the developer community to join hands to help make Aarogya Setu more robust and secure. Those identifying vulnerabilities, bugs, or code improvement stand to get recognized and win cash awards too.



 

During lockdown, it may not have been important to use Aarogya Setu. But now that lockdown is getting lifted, and people are expected to move out and come in contact with more people beyond their immediate family and folks, IT IS MORE IMPORTANT TO USE AAROGYA SETU NOW. And I decided to publish this blog only with the purpose to reiterate the importance of the use of this app and to appeal more citizens to adopt it.

The success of the app is directly proportional to its adoption. More the number of people who use Aarogya Setu, better will be the information provided by the app.

What can you do for earth?

Just had quick thoughts exchanges with a fellow group member on my facebook group – “Common Sense Meets Sustainability” basis climate situation in Australia. It seemed to me, that he is overwhelmed due to the size of the problem.

FB_IMG_1575885953098

Let me share some tips with you, so you still have hope and you dont give up. Because things will only change if every single one of us is committed.

Remember – there is no planet B. No one else is working somewhere in some corner who will suddenly save us from the devastation. We have to save our planet. Everyday. In every act of ours.

Here are some tips for you – first and foremost, learn about sustainable development goals. Agenda 2030 is a beautiful framework which if we achieve, our planet will be on the path of course correction. Try and follow these –

1. Measure your carbon footprint and water footprint and optimize them. And what you cannot reduce, then, offset carbon emissions appropriately.

2. Be consistent and start giving towards a specific SDG. Not just random donation. Find a good non profit or social initiative that is doing good work. Support them by giving your time, in kind, cash….any help they need and that you can give.

3. Measure the space. Watch the growth. Know what will make an impact. How much will make an impact. Mobilize your resources and people in your network to also work on some SDG in a focused way.

FB_IMG_1578252114457

4. Be mindful of little nuances. Packaging, sourcing, disposal, end of product lifecycle….support responsible businesses.

Hope this helps. If there is any doubt in your mind, I am willing to help. Even for individual cases. You can reach out to me at sm@fandoro.com to understand how you can bring a change.
Look at the volunteer calendar at Fandoro.com and contribute your time and effort to these initiatives.

Hope this helps… remember this is our only  home and our chance.

Know what you are looking for.

Metal detectors and baggage scanners (X-Ray machines for luggage) are a common sight at public places in India – whether you go to sports stadium, a Mall, a hotel, a government office or for that matter even private offices and Business Centers. Airports are where I sight them globally.

However, I get a feeling of thoroughness only with the airports officials at these security check points. At most places, I notice, the officers sitting on the screens of the baggage scanners are not even looking at the screens – which makes me feel uneasy (Will refer to this later again as Experience 1). I don’t like being frisked multiple times a day, but when I pass through a security check and I know I have not been frisked properly – I know the danger I am entering into (Will refer to this later again as Experience 2).

The routine is different for different places. Mostly – my car’s boot space gets checked, there is a mirror pushed under my car’s bonnet to check if there is anything stuck under the car (Exp 3)- and then I am asked to give my luggage and even phone away before passing through the metal detector and then my luggage is handed over to me with a warm smile (Exp 4).

These officers seem to be trying to do a thorough check. And these ones (Exp 3 and Exp 4) interest me. The ones that were mentioned in cases Exp 1 and Exp 2 seemed totally hopeless – I absolutely have no respect for a person, who don’t do their work properly. As they say – you had one job.

But at this point – I am thinking – do any of these 4 set of folks know what their job is. So I talk to them – the response is same everywhere – we are looking for items forbidden to carry. Okay – and what could that be. Well, they are obvious ones – Guns, bombs, knives, Liquids etc.

My next question to them is – do you know what a bomb looks like? or a dismantled gun looks like? They start to smile – because obviously, none of them have ever seen a real bomb. I don’t want to come across as a depressed or a lunatic who is planning something so I don’t ever ask more than 1-2 questions at a place and move on. Now, after so many experiences, I ask just 1 question  – do you know what you are looking for? The answer is mostly a smile or “kya madam” (which in my English translates best to “C’mon Mam”)

At most airports – I find officers almost intimidating – their process being more lengthy and apparently rigorous – a bit black box kinds too. One doesn’t easily get to see the scanned images – the officers are glued to the screen – And to their credit – they sure find things every once in a while. But the investment is huge. The process again remains standard – not intelligent all the time. Makes me want to say an overkill sometimes, but concerned folks say – when it is about safety better safe than sorry. Not sure, if they are even looking for an optimum solution.

As I kept probing on my own uneasiness with the fake security check I get at most places and on the other side –  overwhelming & intimidating security checks at the airports and slowly I begin to feel, this is so similar to my world of Software Testing. Do testers know what they are looking for? More importantly, can they identify a risk if it is not shaped as they are expecting it to be (mostly in their limited/fixed test cases).

  • Most testers perform testing as a ritual they have to execute, in certain order
  • More often than not Testing is in place only to put a check and say – yes we do it
  • When Automation comes into play – most testers don’t know how to make the best use of it
  • Mindless automation – again as a “must do” procedure is applied. No one is looking at the scanner screen.
  • Garbage in Garbage out Automation keeps continuing. EVERY LUGGAGE should pass through the scan. But the story ends there.
  • The regular beeping through the metal detector or not beeping at all – doesnt ring a bell to the executives. Because of so many false positives – no one bothers to check eventually. The need is to continuously upgrade the system – but it is so much of work each time that they just let it go.

Comparisons could go on…

This is where I feel hopeful about software testing more than the physical security check world – because we seem to be adopting “AI”  to keep training our systems to understand how to segregate defects from those that are not. As we begin to use more artificial intelligence in our automation and we train our verification scripts to update as per the changes in the applications, our overhead for maintenance shall reduce to minimal.

Dont get me wrong – there will ALWAYS be a need to humanly explore the unknowns but our effectiveness in distributing the knowledge of the newly explored unknown, into the whole system quickly and making it a known quantity to our testers and application owners will bring a significant success to the business owners in terms of reduced risks and reduced time to market with minimum investment.

If you wish to learn more about what you should be looking for in software and how you can reduce risks in your application without creating huge technical debt in automation and yet reducing time to market (incrementally), you could do these:

  1. Talk to me at smita.mishra@qazone.in
  2. Study testing, learning critical thinking and uncovering risks at http://www.satisfice.com/ and http://www.developsense.com/  — Infact try registering in one of their classes.
  3. Explore test tools like test.ai, testim.io, saucelabs, applitools, tricentis.
  4. Explore training and webinars with SoftwareTestPro.com and MinistryofTesting.com . They also have some of the best conferences and meetups – full of latest trending content.

These are absolute top ones that come to my mind as I am typing. This wasn’t how I had planned to end the blog, hence a very limited list.

If you explore, you will find many more leaders and platforms. What is important is – to learn. So you know what you are looking for.

And I thought I had time….

I have forever been intrigued with the ways Jerry Weinberg’s thought. James Bach introduced his existence to me. I looked up his name. I got impressed. End of story.

Every now and then I would read his work. And feel a pull to his ways of thinking. People in testing world specially, quote him left, right and center.  Let me tell you something about me, before I go further in my story – I love talking to creative and sharp minds. Minds that are so logical that nothing can beat them and yet humane in their own way – I feel instantly connected with them in some karmic ways. And then I just want to talk to them, know them more and learn from them.

As destiny would have it – Over the next few years, his name just grew on my mind. I saw his mention and work so much all around that I decided to meet him. (More so, because most of his work can not be defeated by some anti – theory). When I started to make my bridge towards him, people all around told me – he doesn’t travel around anymore for health reasons. But I wanted to see him in real like face 2 face and interview him- not just hear him like I hear him on some youtube video. I wanted to watch how his eyes move, how his expressions change, when he smiles, what raises his brows. In short – Wanted to understand him in my own unique way.

So I reached out to him, asking if I could do a video call with him- that was in May 2016. He immediately said yes and infact said that he would love to do it. Being in different time zones, our times would never match – he was old (sleeping and waking hours thing) and I am a working mother of 2 growing kids. After some tries of different permutation ad combination on timings, I got busy with more bread n butter related work and my desire to do the video call with Jerry got pushed towards rear in the ever humongous queue of my to-do.

A couple of days later – I receive an email from Jerry, saying – Did you recv my response about possible times for a call? I didnt hearback from you.

Ahhhh….I was like – ooopppsssss- told him, I was still struggling with a match for our times and that I will figure out something soon.

Jerry

Later that day – he mentioned the time and date best for him. I was very happy that day – because firstly it seemed a leader like Jerry was interested in talking to me and secondly, he did take time out of his busy schedule and inform me. So, I was all set. Technically, nothing was pending for this call to happen. But it didnt.

I spent another month or so before I remembered I had to schedule this. Towards end of July, when summer vacation for my kids were over and I could work more hours, I again wrote to him that maybe we could do the call now.
He responds back a day later – says, he is hoping we can do it and that he is looking forward to it.Jerry2

And it again didn’t happen. I had the go ahead, available time-slots known but I still didn’t schedule it right away. As it happens to every one – it happened to me too – I got immersed into 20 other “critical” work. Every now and then the thought would come to me and I used to think – its fine, I will do it soon. I HAVE TIME.

For almost 2 yrs. 7/22/2016 to 8/7/2018 I thought I had time, only to realise today, that I dont have Jerry now. With all the time that I have for the rest of my life, I wont get to do something that was so close to my heart.

Jerry – I will miss you and your ways. But like a true teacher, even when leaving us, you taught me a lesson in it.

I realized today I DON’T HAVE TIME.

The places I need to see on this planet – needs to be done today. Atleast get started with the list of places and timelines and plans to visit them.

The People I need to meet, hug, interview, know better, be friends with, click selfies with – has to happen today  – whatever little we can begin with. Whoever I can start with.

The money I wish to make – has to be made today. Atleast I need to start making some of it today.

The Fame I want through the influence / impact I shall have, need to be to built today. Atleast the beginning of it.

I have always wanted to make world a better place. I started Fandoro, with that thought in my mind. I encourage people to perform  Individual Social Responsibility through meaningful gifting on our platform. On an average 2-3 new NGOs register daily on this platform . But the need for help and support is too high. And I need to add more enterprises in my kitty per day, whose employees contribute towards these NGO needs and make this world a better place. I havent been doing it with utter sincerity. But I do dream of a successful  startup – Fandoro Technologies Pvt Ltd- EVERYDAY.

All of my procrastination ends today with Jerry’s last teaching to me – There is no time to do all I wish to in this life. I need to work on NGOs and Enterprises – EVERYDAY.

We will miss you Jerry. But your teachings will forever enlighten our mind and guide our paths.

Just Half A Glass of Water

Image result for Glass of water in nature

I was once watching a show where the comedian attributes his being fat to the African children. The basis being  the constant reinforcement of the thought, in his childhood- Don’t leave any food uneaten – remember there are kids in Africa who go hungry without food for days. I got his humor and smiled. There was no point judging him – he (now a grown up adult) had a valid point – his not eating actually would not help African kids – as he rightly asked – how have we truly contributed to the concern.

While the focus was on food, I do see a growing concern on drinking water too today. But the issue seems more serious because it is not “just an African issue”. We are all aware of the epidemic situation of water scarcity in Cape Town. We are all headed to the same.

Drinking water is in shortage and is increasingly becoming a more precious commodity across the globe including my nation India once where the civilization started on the banks of river Indus.

Related image

I do see citizens, travellers , kids – all concerned about it and lot of practical tips are being included in one’s daily routine. We ourselves have moved to bathing with Bucket and Mug instead of showers. We have sensors in water tank , pretty effective in stopping overflowing of consumable water. We measure the water we use and misuse too.

But when it comes to offering water to others, we get more generous. It is always a full glass of water. We never think twice if it is going to be consumed all or not. At a personal home setup the wastage may not appear huge because it is mostly 1-2 guests at a time. The whole idea of this blog came to me when I was having multiple lunches and dinners at different restaurants this past week with huge numbers of family and friends – most of whom did order additional drinks and never bothered to finish water in their glasses. The thought stayed with me – why couldn’t the service men offer half a glass of water and offer more when asked for.

Offering a glass of water is the basics of serving the guests and in a country like India – where we treat Guests as Gods ( Atithi Devo Bhava) , it may feel a bit uneasy to offer only half a glass of water but as guests if we can handle it without getting offended, maybe we can save some serious amount of potable water, daily – considering we have millions of eateries, serving multi million people globally.  Think about it.

Next time when you visit an eating joint – specifically ask for #justhalfaglassofwater to be served. Maybe we start the revolution and save some water for our grandchildren.

Image result for Serving Half a glass of water

Glasses with illusions – get creative!!

Restaurants can get creative with their serving glasses if needed.

Quick side note – I do see bottled water as a very good alternative, as it can be carried and consumed without being wasted but unless I see a bottle that’s not plastic, I find its use as dangerous and hence not promotable – it shall have counter effects.

 

Remember the Roses

Image result for remember the roses story joan of arc avery taylor

I am not an avid reader and my confession is not going to reflect highly on me , specially since I am trying to make it in a knowledge era. Don’t mistake this for – I never read. I am more of an experiential learner. However, the books I read, the stories I love – stay with me, word by word , feeling by feeling forever.

One such story I read, was – Remember the Roses. I read it more than 22 years back(Proves my point that I love reading sometimes). Written by Avery Taylor, a British author, published originally in 1967 (I wasn’t born then). Will quickly brief the plot for you:

” During the Second World War, Robert, an English agent, comes to rescue Paul Renard, a key member of the French Resistance, who has been taken by the Gestapo and is being held in a prison in Rouen, France. Robert parachutes into a field near Rouen. When he tries to make a contact with a member of the Resistance, Robert is almost captured by the Nazis. A young girl called Jehane le Brun rescues him and helps him to locate and free Renard. When Robert returns to England, no one believes his account of how he returned with Renard.

But when they all inspect the evidence, Robert finds that Jehane could have been none other than the legendary Maid of Orleans, Joan of Arc, who had fought for France in 1429.”

Second world war was fought in the years 1939-45. The story of the girl’s bravery never left me. And it has forever inspired me.

The reason I write this – I would so love to meet the author and I am unable to find her on any social media.

Humble appeal to anyone who reads this blog – if you can find the author – Avery Taylor, can you please tell her I am so inspired by her writing and if possible, get me her contact details – reach me here or on my twitter @smitapmishra.

Thanks for your time!! Keep reading lovely books and stories!! Keep inspiring and getting inspired!!

 

Inspiring meetup, but with -1

Test Practitioners Club is a Testing Meetup based mostly in National Capital Region , India. We have been in existence since January 2014, that’s when we hosted our first meetup.

We started with 8 subscribers to the thought and all of them attended.

And I was the only woman and I was a bit disappointed at this but not disheartened. I was determined to change this and I knew how to. Little did I know back then, that I am not thinking right.

We now have 943 members on the meetup group alone (excluding FB page followers)and at our latest meetup we had over 40 members join us. We try to do the meetup as frequently as possible. We would love to do it once a month but we are unable to. Regular members of the meetup are now stepping up to take more initiatives and sometimes they host the event at their venue, and find speakers too. That kind of leadership helps a lot to continue organizing the meetup.

Test Practitioners Club April 2018 meetup was held at Oracle office thanks to Manoj Jain, the Director (Software Development). Among the speakers were a few regular attendees and core team members (Gaurav Bansal (Snapdeal) / Nitin Mukhija (PayUMoney) / Omkar (Naukri), some from Oracle –  Amit Vashishtha and one surprise speaker – Siddharth Taneja (Make My Trip).

 

Siddharth Taneja came out to be a very special story. He is braving Cerebral Palsy .

He works as a FTE at MakeMyTrip and he is not just surviving there on compassionate grounds but is winning as one of the best performers in his team. A glimpse of his story can be seen at : https://www.youtube.com/watch?v=P600zzicDZc

 

He set us thinking that there can be no limitation too big to learn, if there is a strong will and desire to learn. When asked what he wanted to do – he said “I want to make a dent on the world“. He wants to be someone who is taken note of when he leaves.

With the overwhelming execution of the current meetup in April 2018 – we feel very successful in being able to mobilise the testers to a point where community learning is being enjoyed and looked forward to. We have consistently had over 40 members attendance and atleast 35-40% women testers participating as attendees.

But there is one aspect that has made us feel a bit like failure. Infact, not just a bit, but more like a big embarrassing failure.  Personally, being someone who has participated in different capacities in so many initiatives for including more women in technology and being a very known enthusiast for leading such initiatives, it feels like a big MINUS ONE when I am unable to bring women speakers to our meetup.

It gets even more disturbing to me when we are seeking women speakers from the best of the organizations in the region and we don’t get even ONE submission or interest from them. Occasionally we have had women speakers from “Srijan Technologies” thanks to our evangelist Anil Chandana there. But that’s about it.

Not sure where we are going wrong. I am going to continue tryng to fix it going forward. Our next meetup is in May 2018. And we are going to organize meetups as frequently as possible – hopefully once a month.

If any tester is interested in speaking at the meetup , please email me directly at smita.mishra@qazone.in or reach out to us at our Meetup page or Facebook Page.

My humble appeal – If you are a women tester or technology enthusiast, and wish to speak or know of some such women technocrats – please reach out to us. We will also support them in getting mentored on how to present if they have never done Public Speaking before. Point to note here – This doesn’t stop men from reaching out to us to get the same support.

Looking forward to having women speakers at our meet-ups.

What a Sunday!!

Monday morning – absolutely the most wrong time to write a blog. The moment this one is published, my CTO friend is going to call me to say those 3 magical words – What The Heck!!! I have so much work pending on me to do and yet I am typing this up because I feel compelled to do so.

This past Sunday on 16th April’17 , I over committed my time with a couple of events on a weekend – a time which is exclusively owned by my kids otherwise. I was afraid I will feel guilty at the end of it.

I had been invited earlier to this event that was coming up but couldn’t make it then; And since it had a very interesting name – FeministMohalla, I was curious to try it out atleast once. Add to it – it was an initiative by a dear friend Swarnima Bhattacharya and her partner Rachel – So I had to do it!

As I reach the Humayun Tomb, which is a recognized World Heritage Site – I did not really know what to expect. I saw a group of people surrounding lovely Swarnima in yellow- the storytelling had already begun – yes I was late by few minutes.
Image may contain: 8 people, people standing and outdoor

The discussion started with the real meaning of a harem and went on to de-mythify a lot of our impressions about the status of royal and ordinary women and their role in the administration and ruling of various lands -in those times. I had heard of Humayun, Babur and Akbar but I had never heard much about the women around them.

The first lady I heard of, was Aisan Daulat Begum – Babur’s maternal grandmother. She was wife of Yunus Khan of Moghulistan (in today’s Afghanistan). A sternly bought up woman herself- she had tremendous influence on Babur’s bringing up and his rule across and thats how the entire lineage was called Moghuls here in India.

There after, we heard of many names, many of them unheard of before.

1. Aisan Daulat Begum- Babur’s maternal grandmother
2. Gulbadan Begum- Humayun’s sister
3. Bega Begum- Humayun’s chief queen
4. Hamida Banu Begum- Humayun’s wife -Akbar’s mother
5. Mahchahak Begum -Humayun’s wife and governor of Kabul
6. Jahanara- Shah Jahan’s eldest daughter

Each of them had such beautiful stories of courage, love, loyalty and a display of tremendous talent and amazing administration abilities to their credit. The one that stayed with me was Mahchahak Begum (incorrectly known as MahChuchak Begum)- threw out the then Naib Subadar and ruled Kabul on her own. She lead her army in person and defeated Munim Khan at Jalalabad. She chose to rule in her own name not in the name of her 3 year old son Mirza Muhammad Hakim (whom Humayun had appointed as the governor) – a clear sign of courage to oppose blind patriarch.

Image may contain: 22 people, people smiling, people standing

Besides the women warriors, rulers and queens , I also understood a few things about Mughal architecture. It never occurred to me that the water bodies around every monument could be there for any reason beyond beautification. And then there was light thrown on the fact that the people who came from the deserts had a thought that  heaven is a place where there is water in abundance and hence the water fountains and water columns around the monuments. This made sense.

I thoroughly enjoyed my visit to the monument and the story telling. A very honest attempt to dig out genuine details of history. Well done team! I am absolutely sure, I am registering for the next event asap. Follow the #FeministaMohalla on twitter for more updates!

I had to miss the concluding story and rush back to my place since there was another event I had to go to and in between had to pick my daughter / get my son going for his studies for the Monday test.
Started back for Innov8 for the  Google Women TechMakers event being held in conjunction with the Google Developers Group, New Delhi for International Women’s Day. I did expect some tech enthusiasts and knowledge sharing. But the energy I felt there was unmatched to any tech event I have attended before. A group of 40-50 odd college going young girls and a couple of trail blazers like Neha from JSLovers and Sanya Khurana. What energy and passion at show!! So many technical resources and forums discussed and bought to the front for both young men and women to learn technology. They had so many questions and all they wanted was to build something meaningful and reach their dreams!!

So proud of each of the girls in the event. True gems – precious ones. I am so looking forward to see each of them build a legacy for their self and the world.

Image may contain: 4 people, people sitting

Image may contain: 17 people, people sitting, crowd and indoor

 

 

 

 

 

Image may contain: 29 people, people smiling, people sitting, people standing and indoor

I was lucky to have as enthusiastic co-panelists like Dolly Bhasin, Tarusha Mittal, Ankita Gulati and Rohini! We had some awesome time – getting to know each other and sharing our experiences.

As I was heading back home from the event – I couldn’t get over the fact that since history,  women have had  active careers and yet, we were still struggling to accept that women are able decision makers and still dont allow them the freedom of choice. Though we need a lot more societal changes for that day when its just a TechMaker event and we dont need a Women Tech Maker event – a lot is happening and changing and until it does happen as we want it to be – our salute to all the resilient women out there. Keep going. And our dearest men – thank you. Thank you for being by our side and fighting it out together.

Happy Sunday for me- it was worth it, out and out. And a Happy Successful life to all of us!!

Continue, Change or Let it go…

continue-change-or-let-it-go
I often hear my daughter sing – Let it go (the Frozen song) and I enjoy it as a beautiful song in young voice. And she truly enjoys singing it.
Recently I saw an update from a dear friend and a professional who has my truest respect – Pradeepa Narayanaswamy. Her update had her site that mentioned her aspirations and achievements so far, as a life coach. That got me interested, because the Pradeepa I knew, was more of a technology person, teaching teams to work together and getting truly agile. On going through her work, I landed on her blog post Let it go, Let it go…
That article talks about letting go of those relationships that end for reasons you may not fully accept or understand. And it got me thinking about work and personal relationships all around us. Yes, when the relationships end – you have less choice but to accept it. And even though it may be a bitter end or unexplained, its in your interest to let it go. It made me think of relationships that have not ended but have lost its original sheen and meaning. Relationships that give you more pain than pleasure.
What do we do when it is simply not working out between the 2 and its becoming a daily nightmare to carry on with it? And neither of the party is giving up either. What does it truly mean? And think about it in terms of not only husband-wife, girl friend – boyfriend, or with ones in-laws but also between and with co-founders, investors, advisors, team, managers – why is the relationship so difficult?

More often than not, when money or kids are involved- it could offer a very straight forward insight into why the painful relationship still exists. However, let’s also get this understanding – that in such cases, though the official name of the relationship still remains what it used to be- the relationship has now evolved into meaningless forced bond.

At first, a relationship is conceived because 2 individuals or entities found something in each other  they needed. It continues to be pleasurable if they are happily deriving what they need and are happy to give what the other needs. Its universal truth hidden from none that you can’t have everything in the world and that forces one to have their priorities clear. Because very often one has to trade off 1 benefit for another. Now if both the parties have the same priorities for the benefits and willing to do the required trade offs – the relationship continues to work. Occasional hiccups are a sign of a healthy relationship – exceptions prove the theory.

is-it-the-relationship_

But when the priorities of the 2 parties are not clearly defined or do not sync , then how difficult the relationship will be shall depend upon how far are the trade offs and core objectives of either one, from each other.
If you find yourself constantly misunderstood, having trust issues, backstabs and constant complaints of not doing enough in the relationship, then you probably are going through this. Specially more, if you feel helpless in getting your point across and for others to not see your point of view. And, if you do find yourself stuck in such a situation – what are your ways out?
1. Continue – until you physically give up and your body shows signs of ageing and being sick . And one day either of you will be dead. And so will the fight. But it won’t keep you from feeling incomplete and having tons of ugly memories to live with. And substantial loss of reputation (for all the things you do to show the world a perfect picture). In a way, this is easiest to do and pretend like all is well, when everything inside you is breaking and crying for help – because it keeps you in your comfort zone wrt the outer world. This is very draining emotionally, everyday. Keeps you from achieving your true potential in life.
2. Try something new. Change your stand, if you can. If you are going to apply the same solution to the problem over and over , and it didn’t work for so many times why do you think it would work now? Can you try changing your stance and giving in and if the relationship is truly worth, can you realign your priorities to the other party and see if that brings you closer to the larger goals. It may not be a perfect win-win situation but it will save your relationship and maybe, just maybe – you realize that for the longest time you were holding on to something non-critical, just for the heck of it. Weigh in your trade offs and priorities.
3. Let it go – Now, this is the toughest part. Not only because the world sees it and that makes you uncomfortable with “what the world would think of this”. But also if we are insecure and having difficulty imagining the other individual or entity in another relationship or yourself living by just your own self (technically single). If having the possession of the relationship is more important to you than the relationship itself – you could very well be trapped here. But when you are in a situation where you can’t continue anymore or have tried everything you can to realign in order to keep it, then it’s officially the time to “let it go”. Keep in mind that the same body (as sick it may be) feels heavier post death. And the longer you carry a weight , the heavier it begins to feel.

Choose the way forward carefully – pause, get your head and heart sorted and then charge ahead – remember – being happy and healthy is most important!! Focus on leading a meaningful life that matters.