Aarogya Setu – Yes or No?

I almost decided to not post this blog. But on second thoughts I am posting it.

Date : 22nd May 2020.

Background :

Aarogya Setu has comeout as one of the most powerful tool that Government of India released to protect its citizens through “Contact Tracing”. While I do not directly know the source of inspiration for our government to do so, I believe that countries which are being respected for their ways of controlling COVID-19 spread, like – South Korea and Taiwan, have used such apps in their nations and given credit to the apps to be a successful tool in their fight against Corona virus.

Recently, there were tweets claiming how the app is dangerously exposing the privacy of Indian citizens.

For a typical app to fail in the market is neither a concern of mine personally, nor is it unheard of. While, it makes me curious to know more about the reality of the situation, my natural reaction in such cases is – these guys will figure it out; I don’t need to step in.

But when I looked at the flip side – the possible results of “Aarogya Setu” app failing due to privacy reasons, I got hugely concerned for 2 reasons –

  1. What if the app is really lacking privacy control? To put it in the terms of the “hacker” – what if it is truly exposing PII- Personally Identifiable Information of millions of citizens? In this case, the hacker claimed it to be 90million (number of downloads at the time of claim). This is simply NOT ACCEPTABLE.
  2. What if these claims were incorrect but the citizens do not adopt the app because of the fear and thus the country is unable to utilize a huge opportunity to protect its citizens. This would mean exposing the human lives all around to a massive danger, when we could have protected them. This is even more NOT ACCEPTABLE.

I wanted to do a deep dive, and therefore discussed the subject with some leading security professionals. Am capturing below – exactly the thoughts shared by them and the links they pointed me to. I wanted to hear from multiple professionals on their analysis on the subject beyond just my own observations.

Professionals mentioned in this blog are :

  1. Prashant KV (Involved in discussion)
  2. Swaroop Yermalkar (Involved in discussion)
  3. Nidhish Pandya (Referred)
  4. Harshit Agarwal (AppKnox) (Referred)
  5. Abhinav Sejpal (Involved in discussion)

Folks involved :

I reached out to few security test professionals including Prashant KV.  Prashant further added Abhinav Sejpal and Swaroop Yermalkar. When it comes to Security, one of the world wide recognized community is OWASP – Open Web Application Security Project . OWASP  is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security, by the way of setting Industry standards, organizing Conferences and Workshops. Their key focus areas are –  Web SecurityApplication Security, Vulnerability Assessment.

So it may be of interest of the readers to know that Prashant is an OWASP Chapter Lead for San Francisco Bay Area and is a Security engineer at a leading retail firm in the US. Swaroop is the OWASP iGoat Project Lead (Community Project dedicated to mobile security), Head of Cyber Security (India) for a leading cybersecurity firm. He is also the author of the book “Learning iOS Penetration Testing” and he is a well-known mobile bug bounty hunter. Abhinav Sejpal is also an OWASP chapter Lead, has spoken at – null, The Open security conference. He is currently the DevSecOps in a leading technology consulting firm.

PII :

And before I share with you the findings, let us understand what is PII?

PII – Personally Identifiable Information- is the information that can be used on its own or along with other information to identify, contact, or locate a single person, or to identify an individual in context.

Non-sensitive PII can be transmitted in unsecured form without causing harm to an individual. Sensitive PII must be transmitted and stored in secure form, for example, using encryption, hashing.

PII could include – direct identifiers – your Aadhar Number, Driving License, bank Account Number, Name, Phone number, Vehicle License number, Address, Mobile numbers, Email ID, Full face Photos, Biometric identifiers (Iris scan and finger prints), etc.

And then there are indirect identifiers – which can be used to identify a person, when used in combination with other information –like – Birthdates, languages spoken, Geographical Locations, Medical Insurance Plans, Medical conditions. These are not independently enough to identify an individual in a group of more than 1 person.

Discussion and Findings:

My conclusions are based on my analysis of the app and further discussions with my peers and going through all the detail analysis done by different people referred to me by my reputed peers.

Let me start with responses of the security engineers –

1. Prashant’s thoughts  :

To summarize :

Old version of app had a bug that could allow other apps to read files inside
the app sandbox using an exposed Activity and its intent filter. This issue was fixed.
App has jailbreak/root detection and ssl pinning. Both can be bypassed by
custom frida scripts. SSL pinning is not perfect in mobile implementation and can be bypassed.
In the latest version, app sends coordinate via headers to an endpoint and the
server returns information about how many are infected etc. The privacy issue being discussed is that anyone anywhere in the world can put in any coordinates in India and retrieve info about how many infected There are no names or any personal info leaked. Just number of people infected. The app is supposed to show these numbers based on your coordinates. Issues mentioned by the researcher might be of low risk based on that calling the app a disaster is not correct.
Much of the South Korea, Taiwan  and china’s success is attributed to a similar app.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Prashant also shared another tweet from October 2019 – where another hacker, called out the site that belongs to our attention seeker – Robert Baptiste aka Elliot Alderson , as vulnerable.

https://twitter.com/crackohacker/status/1182596471058681856?s=21

Furthermore, Prashant also shared a blog from another Security engineer – Swaroop Yermalkar, refuting Baptiste’s previous claims – https://blog.swaroopsy.com/2020/05/07/part-1-truth-behind-propaganda-against-maadhaar-security/amp/

Since Swaroop was part of the conversation, we will talk more about his view in the blog further.

Towards the end of our conversation, Prashant shared 2 more write – ups :

  1. https://medium.com/@N1gh7m4r3/explaining-exposing-imaginary-arogyasetu-privacy-issue-433a6dc7b76e

This is written by Nidhish Pandya, who is a cyber-security enthusiast. He has clearly called out the security issues raised by Baptiste as imaginary. His blog is full of pointers to various sources which prove his point.

  1. https://www.appknox.com/blog/is-the-aarogya-setu-app-safe-to-use

Appknox is a company that specializes in mobile app security. I found their analysis to be pretty detailed and conclusive. Hence, let me share the final word here from Harshit Agarwal , the CEO of AppKnox.


The Word 

There might indeed be certain security misconfigurations in the Aarogya Setu app, but none of which pose great threats. Into the bargain, we never found any evidence for the PII data breach in our security assessment.

We strongly believe Aarogya Setu app is the Indian government’s approach to providing the right information during the uncertain times of the COVID pandemic. Nevertheless, based on our findings, the following low and medium level safety issues of the Aarogya Setu can be rectified,

  • Implementation of ATS in iOS devices
  • Non-expiration of tokens
  • Usage of SSL Pinning instead of encryption
  • Using AES/CBC encryption instead of AES/ECB encryption

Yet, even without these rectifications, the application is still secure to use, and you don’t have to fear privacy intrusion.


Harshit’s blog also mentioned the below details as “Fact” against Baptiste’s claims.

Fact: 

The radius buffers have been limited to five values, as mentioned earlier. These standard values are posted with HTTP headers. Even if any user enters another value, the distance will be directed to the default value of 1km.

As asserted by the hacker, the user can indeed fetch data for multiple locations by changing the coordinates. Nevertheless, the API enforced in the Aarogya Setu application prevents such bulk calls from being processed.

So, there is absolutely no way for one user to procure the COVID-19 statistics by simply changing the coordinates.

That said, the claims of french researcher are futile. He was unable to prove the privacy risk of any user using the Aarogya Setu app. So, rest assured, you are safe. None of your confidential and sensitive information is out in the open, everything is secure.

2. Abhinav Sejpal

His recommendations were –

#1 Open source Aarogya Setu App Source code and Allow the honest feedback.

#2 Start the bug bounty via Hackerone or bugcrowd or whatever works for Indian gov

#3 Invite few security experts to review findings and crowd source overall triage process.

One may have to review these asks but it could be worth a look.

3. Swaroop Yermalkar

And our final specialist – who is a highly accomplished security professional – he wrote the following blog for his review of Aarogya Setu app –

https://blog.swaroopsy.com/2020/05/08/part-2-truth-behind-propaganda-against-the-aarogya-setu-app-security-the-real-story-of-success/

One can find his other blogs on security issues at: https://blog.swaroopsy.com/

In his words – clearly – “There were some security issues but NO Breach! No personal info of single user got leaked!

On probing further, he shared his interaction with Baptiste, who could not take being questioned on his false claims and Swaroop says – he got blocked therefore by Baptiste on twitter.

Incidentally , the day we were discussing this a news came in that someone from Bangalore hacked Aarogya Setu and I asked Swaroop, what does he think about that. He pointed me to his tweet that said –

 #mensxp Stop spreading misinformation! Have you performed verified analysis by security professionals? Validations can be bypassed at client side! Where is PII? Don’t make #infosec as #tiktok videos or #clickbait!

You can see his popular tweet at : https://twitter.com/swaroopsy/status/1260963165094834177

Major Highlights of Swaroop’s blog :

The list of vulnerabilities mentioned:

  1. Access to App’s Internal Files – LowSeverity
  2. Bypassing Root Detection Using Frida – LowSeverity
  3. Bypassing SSL Certificate Pinning – LowSeverity
  4. Finding Infected People In Any Area – Low/infoSeverity (It’s the app by design)

Final Conclusion: Vulnerabilities discussed didn’t disclose any PII / Personal Data / Age / Name of any COVID-19 Patients or Arogya Setu App Users. Forget about 90 millions but not even single user’s data got exposed! Bug Bounty Companies would pay USD 0 for these type of issues! Now you can decide, are these really security threats or just a publicity stunt?

In fact,  I would say the Aarogya Setu App is a success story! Millions of users downloading this app and helping people to get aware of nearby patients around them!

I also agree that government apps should have proper channels / bug bounty programs to receive security issues. India has one of the largest infosec community and can help government apps to get them more and more secure.


My observations :

  1. Much like all leading apps that different governments ( e.g : TraceTogether (Singapore), NHS (UK)) in the world have come up with , Aarogya Setu was also built in like 15 days.
  2. Technology stack looks similar to other such apps – AWS / SQLite / secure hosting/ rooted device detection.
  3. Interestingly – Aarogya Setu has implemented an additional layer of encryption (Lat / Long). Also, it stores data for a limited period of time both for COVID infected (60 days) and not infected people (45 days).
  4. I am NOT a reputed security engineer yet. But going by the take of so many of proven, experienced and reputed #InfoSec professionals – all claims made by Baptiste / someone in Bangalore (reported in menxp) – ARE TOTALLY FARCE AND ATTENTION SEEKING ACTIONS.
  5. Clearly there were some gaps in the previous version of the app, which have been fixed.

As a member of community of testing professionals – we like to believe that there is no software that is 100% defect free. After studying the app and comparable apps and usages across the globe, I find Arogya Setu to be a powerful tool made by the government to protect Indian citizens and one can download it and use it without any fear of security issues especially wrt what Baptiste claimed.


**Original blog ends here.



Further updates on Aarogya Setu –

The top demands from the security professionals across the world have been heeded to by the Aarogya Setu team.

As of today – the app has been open- sourced, and government has initiated a bug bounty program for the app.

Further updates from Swaroop.

Update 1 [May 26, 2020] – https://twitter.com/SetuAarogya/status/1265281058532016128
The #AarogyaSetuApp is now open source. Read the attached release documents to know more.

Update 2 [May 27, 2020] – https://twitter.com/SetuAarogya/status/1265353503221772288
Aarogya Setu Bug Bounty Program – Aarogya Setu Bug Bounty Program – call upon the developer community to join hands to help make Aarogya Setu more robust and secure. Those identifying vulnerabilities, bugs, or code improvement stand to get recognized and win cash awards too.



 

During lockdown, it may not have been important to use Aarogya Setu. But now that lockdown is getting lifted, and people are expected to move out and come in contact with more people beyond their immediate family and folks, IT IS MORE IMPORTANT TO USE AAROGYA SETU NOW. And I decided to publish this blog only with the purpose to reiterate the importance of the use of this app and to appeal more citizens to adopt it.

The success of the app is directly proportional to its adoption. More the number of people who use Aarogya Setu, better will be the information provided by the app.

Just Half A Glass of Water

Image result for Glass of water in nature

I was once watching a show where the comedian attributes his being fat to the African children. The basis being  the constant reinforcement of the thought, in his childhood- Don’t leave any food uneaten – remember there are kids in Africa who go hungry without food for days. I got his humor and smiled. There was no point judging him – he (now a grown up adult) had a valid point – his not eating actually would not help African kids – as he rightly asked – how have we truly contributed to the concern.

While the focus was on food, I do see a growing concern on drinking water too today. But the issue seems more serious because it is not “just an African issue”. We are all aware of the epidemic situation of water scarcity in Cape Town. We are all headed to the same.

Drinking water is in shortage and is increasingly becoming a more precious commodity across the globe including my nation India once where the civilization started on the banks of river Indus.

Related image

I do see citizens, travellers , kids – all concerned about it and lot of practical tips are being included in one’s daily routine. We ourselves have moved to bathing with Bucket and Mug instead of showers. We have sensors in water tank , pretty effective in stopping overflowing of consumable water. We measure the water we use and misuse too.

But when it comes to offering water to others, we get more generous. It is always a full glass of water. We never think twice if it is going to be consumed all or not. At a personal home setup the wastage may not appear huge because it is mostly 1-2 guests at a time. The whole idea of this blog came to me when I was having multiple lunches and dinners at different restaurants this past week with huge numbers of family and friends – most of whom did order additional drinks and never bothered to finish water in their glasses. The thought stayed with me – why couldn’t the service men offer half a glass of water and offer more when asked for.

Offering a glass of water is the basics of serving the guests and in a country like India – where we treat Guests as Gods ( Atithi Devo Bhava) , it may feel a bit uneasy to offer only half a glass of water but as guests if we can handle it without getting offended, maybe we can save some serious amount of potable water, daily – considering we have millions of eateries, serving multi million people globally.  Think about it.

Next time when you visit an eating joint – specifically ask for #justhalfaglassofwater to be served. Maybe we start the revolution and save some water for our grandchildren.

Image result for Serving Half a glass of water

Glasses with illusions – get creative!!

Restaurants can get creative with their serving glasses if needed.

Quick side note – I do see bottled water as a very good alternative, as it can be carried and consumed without being wasted but unless I see a bottle that’s not plastic, I find its use as dangerous and hence not promotable – it shall have counter effects.

 

What a Sunday!!

Monday morning – absolutely the most wrong time to write a blog. The moment this one is published, my CTO friend is going to call me to say those 3 magical words – What The Heck!!! I have so much work pending on me to do and yet I am typing this up because I feel compelled to do so.

This past Sunday on 16th April’17 , I over committed my time with a couple of events on a weekend – a time which is exclusively owned by my kids otherwise. I was afraid I will feel guilty at the end of it.

I had been invited earlier to this event that was coming up but couldn’t make it then; And since it had a very interesting name – FeministMohalla, I was curious to try it out atleast once. Add to it – it was an initiative by a dear friend Swarnima Bhattacharya and her partner Rachel – So I had to do it!

As I reach the Humayun Tomb, which is a recognized World Heritage Site – I did not really know what to expect. I saw a group of people surrounding lovely Swarnima in yellow- the storytelling had already begun – yes I was late by few minutes.
Image may contain: 8 people, people standing and outdoor

The discussion started with the real meaning of a harem and went on to de-mythify a lot of our impressions about the status of royal and ordinary women and their role in the administration and ruling of various lands -in those times. I had heard of Humayun, Babur and Akbar but I had never heard much about the women around them.

The first lady I heard of, was Aisan Daulat Begum – Babur’s maternal grandmother. She was wife of Yunus Khan of Moghulistan (in today’s Afghanistan). A sternly bought up woman herself- she had tremendous influence on Babur’s bringing up and his rule across and thats how the entire lineage was called Moghuls here in India.

There after, we heard of many names, many of them unheard of before.

1. Aisan Daulat Begum- Babur’s maternal grandmother
2. Gulbadan Begum- Humayun’s sister
3. Bega Begum- Humayun’s chief queen
4. Hamida Banu Begum- Humayun’s wife -Akbar’s mother
5. Mahchahak Begum -Humayun’s wife and governor of Kabul
6. Jahanara- Shah Jahan’s eldest daughter

Each of them had such beautiful stories of courage, love, loyalty and a display of tremendous talent and amazing administration abilities to their credit. The one that stayed with me was Mahchahak Begum (incorrectly known as MahChuchak Begum)- threw out the then Naib Subadar and ruled Kabul on her own. She lead her army in person and defeated Munim Khan at Jalalabad. She chose to rule in her own name not in the name of her 3 year old son Mirza Muhammad Hakim (whom Humayun had appointed as the governor) – a clear sign of courage to oppose blind patriarch.

Image may contain: 22 people, people smiling, people standing

Besides the women warriors, rulers and queens , I also understood a few things about Mughal architecture. It never occurred to me that the water bodies around every monument could be there for any reason beyond beautification. And then there was light thrown on the fact that the people who came from the deserts had a thought that  heaven is a place where there is water in abundance and hence the water fountains and water columns around the monuments. This made sense.

I thoroughly enjoyed my visit to the monument and the story telling. A very honest attempt to dig out genuine details of history. Well done team! I am absolutely sure, I am registering for the next event asap. Follow the #FeministaMohalla on twitter for more updates!

I had to miss the concluding story and rush back to my place since there was another event I had to go to and in between had to pick my daughter / get my son going for his studies for the Monday test.
Started back for Innov8 for the  Google Women TechMakers event being held in conjunction with the Google Developers Group, New Delhi for International Women’s Day. I did expect some tech enthusiasts and knowledge sharing. But the energy I felt there was unmatched to any tech event I have attended before. A group of 40-50 odd college going young girls and a couple of trail blazers like Neha from JSLovers and Sanya Khurana. What energy and passion at show!! So many technical resources and forums discussed and bought to the front for both young men and women to learn technology. They had so many questions and all they wanted was to build something meaningful and reach their dreams!!

So proud of each of the girls in the event. True gems – precious ones. I am so looking forward to see each of them build a legacy for their self and the world.

Image may contain: 4 people, people sitting

Image may contain: 17 people, people sitting, crowd and indoor

 

 

 

 

 

Image may contain: 29 people, people smiling, people sitting, people standing and indoor

I was lucky to have as enthusiastic co-panelists like Dolly Bhasin, Tarusha Mittal, Ankita Gulati and Rohini! We had some awesome time – getting to know each other and sharing our experiences.

As I was heading back home from the event – I couldn’t get over the fact that since history,  women have had  active careers and yet, we were still struggling to accept that women are able decision makers and still dont allow them the freedom of choice. Though we need a lot more societal changes for that day when its just a TechMaker event and we dont need a Women Tech Maker event – a lot is happening and changing and until it does happen as we want it to be – our salute to all the resilient women out there. Keep going. And our dearest men – thank you. Thank you for being by our side and fighting it out together.

Happy Sunday for me- it was worth it, out and out. And a Happy Successful life to all of us!!

Continue, Change or Let it go…

continue-change-or-let-it-go
I often hear my daughter sing – Let it go (the Frozen song) and I enjoy it as a beautiful song in young voice. And she truly enjoys singing it.
Recently I saw an update from a dear friend and a professional who has my truest respect – Pradeepa Narayanaswamy. Her update had her site that mentioned her aspirations and achievements so far, as a life coach. That got me interested, because the Pradeepa I knew, was more of a technology person, teaching teams to work together and getting truly agile. On going through her work, I landed on her blog post Let it go, Let it go…
That article talks about letting go of those relationships that end for reasons you may not fully accept or understand. And it got me thinking about work and personal relationships all around us. Yes, when the relationships end – you have less choice but to accept it. And even though it may be a bitter end or unexplained, its in your interest to let it go. It made me think of relationships that have not ended but have lost its original sheen and meaning. Relationships that give you more pain than pleasure.
What do we do when it is simply not working out between the 2 and its becoming a daily nightmare to carry on with it? And neither of the party is giving up either. What does it truly mean? And think about it in terms of not only husband-wife, girl friend – boyfriend, or with ones in-laws but also between and with co-founders, investors, advisors, team, managers – why is the relationship so difficult?

More often than not, when money or kids are involved- it could offer a very straight forward insight into why the painful relationship still exists. However, let’s also get this understanding – that in such cases, though the official name of the relationship still remains what it used to be- the relationship has now evolved into meaningless forced bond.

At first, a relationship is conceived because 2 individuals or entities found something in each other  they needed. It continues to be pleasurable if they are happily deriving what they need and are happy to give what the other needs. Its universal truth hidden from none that you can’t have everything in the world and that forces one to have their priorities clear. Because very often one has to trade off 1 benefit for another. Now if both the parties have the same priorities for the benefits and willing to do the required trade offs – the relationship continues to work. Occasional hiccups are a sign of a healthy relationship – exceptions prove the theory.

is-it-the-relationship_

But when the priorities of the 2 parties are not clearly defined or do not sync , then how difficult the relationship will be shall depend upon how far are the trade offs and core objectives of either one, from each other.
If you find yourself constantly misunderstood, having trust issues, backstabs and constant complaints of not doing enough in the relationship, then you probably are going through this. Specially more, if you feel helpless in getting your point across and for others to not see your point of view. And, if you do find yourself stuck in such a situation – what are your ways out?
1. Continue – until you physically give up and your body shows signs of ageing and being sick . And one day either of you will be dead. And so will the fight. But it won’t keep you from feeling incomplete and having tons of ugly memories to live with. And substantial loss of reputation (for all the things you do to show the world a perfect picture). In a way, this is easiest to do and pretend like all is well, when everything inside you is breaking and crying for help – because it keeps you in your comfort zone wrt the outer world. This is very draining emotionally, everyday. Keeps you from achieving your true potential in life.
2. Try something new. Change your stand, if you can. If you are going to apply the same solution to the problem over and over , and it didn’t work for so many times why do you think it would work now? Can you try changing your stance and giving in and if the relationship is truly worth, can you realign your priorities to the other party and see if that brings you closer to the larger goals. It may not be a perfect win-win situation but it will save your relationship and maybe, just maybe – you realize that for the longest time you were holding on to something non-critical, just for the heck of it. Weigh in your trade offs and priorities.
3. Let it go – Now, this is the toughest part. Not only because the world sees it and that makes you uncomfortable with “what the world would think of this”. But also if we are insecure and having difficulty imagining the other individual or entity in another relationship or yourself living by just your own self (technically single). If having the possession of the relationship is more important to you than the relationship itself – you could very well be trapped here. But when you are in a situation where you can’t continue anymore or have tried everything you can to realign in order to keep it, then it’s officially the time to “let it go”. Keep in mind that the same body (as sick it may be) feels heavier post death. And the longer you carry a weight , the heavier it begins to feel.

Choose the way forward carefully – pause, get your head and heart sorted and then charge ahead – remember – being happy and healthy is most important!! Focus on leading a meaningful life that matters.

Buy from your friends

Yes – thats what I said. BUY from your friends. I say so because I saw a marked difference in the way my business grew when my friends decided to support it.

Dont limit your support to good wishes and motivational talks and FACEBOOK LIKES. Your friend is certainly a motivated person – why else would she decide to be an entrepreneur to begin with. Surely, she has a plan, a strategy , business objective and tons of self – motivation. Help her spread the word out about her work.

buy-fromyour-friends-canva

Something you may not know is everytime she goes to an investor , they tell her – her first few hundred customers would come from friends and family. And surely, investors are not bluffing it. They have seen the trend and they know this is how it goes. Why should your friend not get the same level of support from you that quite few  entrepreneurs around the globe are getting from their friends.

Generally, its our tendencies to expect discounts and benefits from our friends if they own the business for the products  / services we are interested in.  And its not bad. Ask for discounts from your friends. Ask them for customizations you need. Chances are they are in a better position to serve you in those ways.

Frens business

Lot of times the situation gets comparable to elections, where lot of good people don’t vote thinking either they cant make a difference or they think someone else is taking care of it for them. Instead of not doing business with your “startup” friends – for any of such reason, do it for the SIMPLE one – You want your friend to succeed and if friends around the globe are making difference in successes or not of startups , then you dont want to be on the other side of the fence wishing you should have done all you could to support her in time.

Friends Business

Word of caution : If you think the product / service is truly something that you dont see much use of – walk upto her and tell her. Help her see your perspective. This is as important for her to know.

Happy Supporting!!

Getting in the Zone.

Media Pic 2

So – my bags are packed and all done. Am all set for my travel in the morning. I am tired but not sleepy.  This is the first time I am going to Mumbai  with a purpose  – a purpose to find all the support, guidance, help and solutions I need to scale up my PoolWallet.

I have worked hard to get PoolWallet to get some attention and finally today I feel like it was all worth  (thanks to Zone Start ups for their EmpowerZone Me program)– ofcourse if there were investors to lap me up I would feel even better but I think I am moving in the right direction. I think that will happen soon too.

Looked at the mentors list – cant wait to meet each of them and learn from them and tell them how cool PoolWallet is and what all I wish to do with it and if they support me , how far I can go with it. Even the list of start-ups participating – the 14 stars (excluding me) – they seem so cool – I am so eagerly waiting to meet them all.

Incidentally, today I also heard the song – Yeh hai Bombay meri Jaan Just listening to the song made me realize, what respect this city commands…I can’t tell the number of movies I have seen where going to Bombay meant – having a goal in life, being ambitious enough to fight for it and having faith in heart that whatever I want , I will go and get it in Bombay – the city of dreams.

Tonight – I feel that emotion. I feel bold enough to take charge of my future and I want the whole universe to conspire to get me what I so desperately want.

My kids asked me – there will be so many Cine Stars in Mumbai – Are you going to meet any?  Thinking of the place’s reality, that its home to majority of our favourite actors, does make me have butterflies in my stomach too.

Do I want to meet  them all – No. Not all.

If someone influential is reading my blog – while I am in Mumbai – I would love to meet Mr. Ratan Tata (Industrialist)and Mr.Dilip Kumar (actor).  If you can make it happen for me, please help me.

Media pic

Thanks Empowerzone for seeing something in me that has been hidden until now. Thanks for all the support and kindness you have shown. Thanks for selecting me and giving me this opportunity.  It would be so wrong to not mention a few of my friends who have stood by me always and who have believed in my abilities more than me – Thanks Shikha Suman(Medimojo), Ishita Anand(BitGiving), Sairee Chahal (Seroes), Sandy Carter (IBM) , Kanika Tekriwal (JetsetGo)Geetika Dayal(TiE),  Upasana Sharma (TiE) , Rashmi Jain and Peggy Libbey.

Wanted to say thanks to few special men too – who went out of their ways to shine light on me and make me my best version – a confident one –  Mike Lyles , Keith Klain, Matt Heusser,  Akash Srivastava, James Bach, Aman Jain, Anit Jha, Priyank Sharma, Ravi Gururaj, Pankaj Jain ( My investor in future, Yes Pankaj  – someday it will happen 🙂 )  and Mukund Mohan….many many more.

Please note –   its not a full list, and please dont be upset if you dont see your name in it. These are just on top  of my head.

I will sleep now and stop my rambling – have a morning flight to catch. But before I go , I want to say thanks to my family for bearing with me –special thanks to my husband and kids for understanding all the times I am not there for them because I am working. Thanks to my dad for bringing me up as he did. Want him to know I am grateful to him for all the big and small sacrifices he made to make me who I am today.

I wish I could first visit Haji Ali Dargah and Mahalaxmi temple before I went for the big day at the BSE building. But it wont be possible. However, I still feel the blessings and prayers.

See you soon Bombay!!! Thanks Empowerzone!!

Rahul..naam toh suna hoga?

“Rahul..naam toh suna hoga?” – This is what I related the most with the name Rahul besides having a very quiet and simple friend by that name at my work (Not Mr. Narvekar). So for a very long time I had Rahul Narvekar on my Facebook as a “friend” and had interacted a few times – always when Rahul seemed occupied and my ping seemed like an interruption. And so, being the kind of person I am , I would not want to “bother” someone who is busy. And so we never spoke much.
rahul - naam toh suna hoga

But I knew Rahul was the kind of entrepreneur I wanted to speak to and he probably had answers to most of my questions. And when I say answers – I firmly believe no one can solve one’s business issues better than they themselves. But speaking to a hands on person who has experience of failing and succeeding in ventures, can give you meaningful insights to what options had better probability of working and also at times the wisdom and strength to apply brakes / change direction / press gas pedal – as the need be.

So thanks to Sahiba Sethi of HelloMeets and our facebook chats where she understood my need to meet new entrepreneurs to introduce them to Poolwallet and she invited me to her series of GrowthTalks. And since Rahul Narvekar happened to be the key speaker – I decided to pounce upon the opportunity to meet him and pour out my long list of questions and in my mind I was prepared to be shameless in asking his help.

20160221_195643

Tanmay was a wonderful, warm and energetic host. The ice breaking was done in the most traditional way of introductions but nothing was conventional about the details asked and any of the responses. All shared their passions and what they were upto these days and what bought them to Hello Meets.

As Rahul starts to speak, I am anxiously waiting for his stories about NDTV Indian Roots and Fashion and You. And we are half way through the meet and no mention of these yet. And yet, I don’t want the story telling to end. His humble beginnings, his entrepreneurial pedigree, his music channel Oxygen, significance of his birth date (1st Oct 1972), his first meeting with his now wife Pallavi Rao  (who was a rockstar RJ at Radio mirchi and is now heading the CSR there)….the story goes on and Rahul literally details out all the major milestones of his life.

He kept on sharing his step by step learnings and I was busy absorbing each of them. And he agreed that he realized it very early in life that he could entertain and that he also realized that one who can entertain will always be seeked by the folks around.I finally decided , this was not the day I could ask him for any discussion on PoolWallet. I wanted to talk more about his experiences. Wanted to learn as much as I can from his experiences.

Let me share my collection of learnings from the meet :

  • Perception Management – Whatever you are going through inside as a leader, as an entrepreneur – it should not show to your team unless its positive.
  • Never believe your own PR – I cant stress how important this is to keep one on the ground.
  • Wife / Mistress Syndrome of consumers – There are places we take things for granted and we treat it as a wife. We refuse to give premium for any service there. And then there are places we pay a premium because we want to be special there and we want to hold that attention at every cost. We are not sure if we are the only special ones so we do all we can to be one.
  • Don’t keep the baggage. Move on – For people and work in your life. Move on once you see things not working as desired. Don’t just keep the baggage and stay with it. When people change their attitudes based on your success / failure – don’t be bothered. Take it in your stride.This is how the world works – accept it. If you hold on to the grudges, its only going to pull you down.
  • Entrepreneurship is a lonely journey. You need to have faith and keep moving.
  • Sometimes its also about being in the right place at the right time or coming across that one key person who simply changes the entire game plan for you.
  • There are no templates to success.Things could work in your favor with some effort or not work for you even with all the efforts put in and management. External factors can’t be planned. An entrepreneur has to be ready to pivot really fast as the market factors change.
  • Investors don’t invest purely based on excel sheets. They invest on the person, on the team that is running the start-up. So build a great team that can handle situations when things don’t go as plan A. This ability to pivot also tells investors their money is more likely to be safe and growing with such teams. Be fundable as an individual.
  • Ask for help – people like helping others. They just do. Even without ROIs and having no agenda – there are many worthy and good people. Seek.

dont underestimate the power

As he explains how he went through the ups and downs of life and his career with Pallavi firmly by his side, in my mind I could see them both hand in hand sliding the sine curves – always smiling and having faith and keeping a brave face forward even when they are in the troughs. And that made me think of another Bollywood dialogue more apt for Rahul than the previous one – “Dont underestimate the power of the common man.”

ThinkTest 2015 highlights & acknowledgements

Finally – we did THINKTEST on 5th December 2015 that we were planning to do in 2013. I had so many emotions coming up through the entire month, that I purposely delayed writing the blog on ThinkTest , so I could give time for my thoughts to settle down and I only write what I truly mean . Frankly, this is not unlike me to get attached to my work but this event made me feel very different than my usual work.  I could be at risk of being called highly dramatic, but, I have to admit – the event almost felt like my third child – A feeling that probably Rosie Sherry or Peggy Libbey could share with me.

James + ThinkTest

One feeling that has not changed since the morning of 5th December 2015 though, is – ThinkTest 2015 was a resounding success!! Astounding and reverberating in every sense!!

Before I go further into my blog, I need to say this in bold & CAPITAL. THANK YOU JAMES FOR MAKING IT. I have seen your hotel bills and I have a fair idea of your travel costs too. And putting everything together, I know for sure, this was not a trip you did for commercial reasons. I am truly humbled by this respect and attention you have given me. I can’t thank you enough on behalf of the testers gathered here to meet you – they have loved your presence and your talks and would be so looking forward to seeing you here again.

full house - thinktest - james

Delhi, is typically known for being a little lazier than its other peers like Mumbai, Bangalore etc. However, the testers here broke the myth. We had the room full before James got onstage and that truly deserves a huge round of applause for the testers who made it all the way from Gurgaon / Faridabad / Ghaziabad / Noida and various far flung places in Delhi.  Besides the National Capital Region, we had testers from Chennai, Hyderabad, Bengaluru, Jaipur, Pune and Kolkata joining us. We also had 1 tester who flew all the way from Colombo ( SriLanka) – just for the conference and the RST class – in short – just for James Bach. There was a total gathering of 157 folks, of which we had a team of 5 organizers (including me), and 11 speakers (including James) and about 6 sponsor representatives. The rest were the awesome software testers. Thanks testers for making it in such numbers.

The day before – We worked with the hotel staff and the printing team all night until 5 am of 5th morning to get the stage up and the backdrop done. The sponsor booths were put up and the standees placed. The registration desk setup. Each chair and table checked for cleanliness – Audio / Visual equipments tested.

20151204_234026 20151204_234019

 

 

 

 

At Utpatang office – collecting the gift packs at 00:00 hrs on 5th December 2015.

20151205_02013820151205_024225

 

 

 

 

 

At the venue (Holiday Inn) at about 02:00 hrs on 5th December 2015 – setting up the “decorations” for the ceremony.

Had a quick nap from 5 to 6:30 am and the day started again. Our first attendees came in about 7:30 am. Thereafter they started to pour in at the registration desk as the 2 volunteers were hurriedly letting them in with their delegate tags. There were few walk-ins who had not registered. They were initially not allowed – frankly we had seating of 120 and were okay for 130-135 folks around but handling 15 – 20 more than the already 20 additional registrations, seemed difficult. But they stood patiently and we didn’t have the heart to turn them down. They were not charged but instead given complimentary passes and allowed because they showed their keenness to hear James and learn from him. From there on, the day went by smoothly – everything that was planned went better than planned. A few unplanned situations cropped in – which I talk about, under learnings- later in the blog.

James with other speakers and delegates

Before, I started to write this blog, I asked a few participants and organizing team members, as to what should we put as THE highlight of the event. Most of the participants couldn’t have enough of James, long after he left India and so I wasn’t surprised when they were raving about his inspiring Keynote “Testing is not Test cases” and also his latest new presentation the “Question Hospital” – a concept very well received by testers and something they would like for James to continue to build on, so we get more and more examples to go through. The keynote also happened to be the most and best rated by the testers; shortly followed by Santhosh Tuppad’s “Your data is no more ONLY your data”. All the feedbacks were collected at a survey done post event and the results shall be made public shortly.

DSC_0066

However, there was also a surprising/comic response to the highlights – one that was made by a member of organizing team – who said  – ‘I barely got inside the room, so I can’t say much what all went inside, but I can tell you that crowd outside was very interested in t-shirts and cups and all the goodies sponsors had’. Frankly – I myself couldn’t see much of the action at one place, as I wasnt stationery but kept moving due to multiple responsibilities on me on that day. But at one point, I did notice – when the lunch break had just started, that the queue for Saucelabs and Parasoft was longer than the queue for food. So, THANK YOU SPONSORS – truly – heartfelt thanks to all of you – Saucelabs, Parasoft, Software Test Pro (STP) and Srijan Technologies. I hope you do realize that it was because of your generous sponsorship that we could open our hearts to have complimentary and discounted tickets. Your contribution to the community is well respected. Our special thanks to the support sponsors – Test Insane and Moolya and PoolWallet, for supporting the event; Our diversity partner- Sheroes for promoting the conference amongst female technology enthusiasts ; Our community partner – Test Practitioner’s Club for promoting the event on all its avenues (FB / meetup/linkedin) to testing practitioners in the region; Our gifting partner – Utpatang, for making the meaningful giftpacks for our speakers and delegates; Our media partner Tea-Time with Testers for helping us spread the word amongst the right audience; and our supporters in Agile Testing Alliance and Discuss Agile Network and Unicom.

Long queue..

Testers

At this point, it’s imperative that I mention Anand Bagmar for mobilizing Thoughtworks team towards their significant presence at the conference and the RST class thereafter. Thanks Atulya Krishna Mishra and Anmol Bagga for working on almost war footing to ensure the word reaches every nook and corner of the region, covering every interested tester. Thanks Saket Bansal and Sarabjit Singh Bakshi for guiding me with pointers and at times, simply handing me the solutions for what I needed- Thanks for taking my calls EVERYTIME I called, and answering with patience. Seriously guys – heartfelt thanks.

There is something more I need to mention, since I am thanking everyone involved in helping me towards making the event happen – I need to thank Pradeep Soundararajan. I need to thank him for various reasons but 2 important ones I will mention. 1. Thanks Pradeep for introducing India to James Bach and other global leaders, as a respectable community of testers. As much as I like my abilities – I probably couldn’t have done it better than you. 2. Thanks Pradeep for silently supporting us with sponsorship and saying – “I may not give much of money. But I don’t want anything in return. I am doing this because I have hosted James earlier and I know how it is”. I am not sure if you would have wanted me to quote you here, but I needed to express my gratitude and tremendous respect for you. Every drop counts and you knew it better than me. Your thoughtfulness for the community deserves our sincere respect.

I am consciously stopping the thanks here – apologies for missing out anyone who thinks she / he should have been mentioned here. I truly thank everyone including the hotel staff at the venue for their bit of contribution in our success. I need to move on to other aspects 🙂

James with testers -STP

Coming to the learning part of the event – every session by James was very well received. Attendees would hog on every available minute with him. There were tons of amazing conversations held by the thinking testers and curious testers and those who had the potential to be one and were on their path to transformation. James was loving the talks as much as the testers around him. Amongst the other speakers – every speaker did fantastic job – Anand Bagmar , Kapil Saxena, Tarun Lalwani, Santhosh Tuppad, Ajay Balaurugaudas, Shrikant Vashishtha, Charu Jain, Sachin GoelSumeet Gupta, and Rajdeep Varma. After James (all sessions) and Anand’s morning session –  Tarun’s session was most attended , closely followed by Charu’s session. Topics covered  at the conference were – “Testing beyond test cases”, context driven testing, test estimations, asking relevant questions (and the right way) as a tester,  Continuously delivery, automation frameworks, test data management, ATDD / BDD, Mobile apps testing, testing in agile teams, tester’s role and relationship with developers, data security and leadership. It was thrilling to watch the level of participation from attendees at various sessions. Testers as well as speakers enjoyed questioning and being questioned.

CSC_0471 CSC_0472 CSC_0465 CSC_0470

 

 

 

 

 

 

One name whose presence we missed, got her virtual presence – as James made sure her name resonated throughout the day in the room. We missed –  Parimala Hariprasad – or “A True Role Model” as James called her, at the conference. She holds my warmth as a friend and respect as a peer.

The day sDSC_0151tarted with lot of energy that DIDN’T decline through the day.  James’ intensity and passion to teach was consistent – though he spoke for most of the day. The time he was not on stage, he was answering testers, engaging with them and also getting interviewed by me. The day ended with James recommending Neha Asthana as the winner for the free seat at RST class, pulling lucky draws out of the fishbowl for 5 lucky winners who won online packages of selenium books and tutorials, courtesy: Saucelabs.

The very final episode was felicitating the respected speakers, graciously done by James Bach. Interestingly the gift packs were “black boxes” with some “white” on it – James almost made the speakers test these too.

DSC_0256   DSC_0311  DSC_0276

Presentations for all the sessions have been shared with the attendees. All the videos have been uploaded at youtube. You can subscribe to the channel Events Team to stay updated as more videos of future events are added. All official pictures of the event are uploaded at the QAZone’s facebook page .

How can an event of this scale happen without any learnings or disappointments at all? Well, honestly -The only 2 feedbacks that we got about something not going well were both about time keeping. Attendees felt they missed on some parts of their next sessions because of some track speakers over staying. I learnt my lesson to have better time checks in future.  May be having a track owner, who manages the time and A/V / Infra  needs of the speakers of that track, could help. Some other learnings threw me out of my comfort zone as an ethical entrepreneur – but I learnt that when someone comes with a surprise act and that thing bothers me and I want to say NO to that activity, I should say NO. Instead of giving into the pressure (of respecting guests) and then feeling resentful later.

DSC_0262DSC_0318

Atulya

 

 

 

Sometimes people surprise you with their lack of ethics and working in certain environment helps you see their strength of character more clearly. When working with immature / ignorant people, every detail should be in black and white, since they do not understand the common language of ethics, which defines what they can do but should not. Keeping it legal might help keeping the relationship strain- free. Speakers agreement and Sponsors agreement are good things to have – small but key learning.

The only disappointment I personally have is – not having enough women speakers. We tried to do everything we could, but we failed. We need to continue to work on this aspect.

Women Speakers@ThinkTest

With all the experience and learnings as a tester and organizer that this conference gave us, one thing that I could finally conclude as the highlight of the event , the best outcome of it, for all to notice – There are serious testers in the NCR region. Serious to make things happen. Serious to learn and grow. Serious to defy the law of gravity and move upwards in their career path and learning curve. Thanks to each tester who attended the ThinkTest 2015 with the intent to learn – YOU WERE THE HIGHLIGHT OF THE EVENT. KUDOS TO YOU – YOU MADE IT HAPPEN!!