On completing my first online course

If you’re around me long enough, you’ll know that I love exploring, tinkering and learning stuff. With the advent of MOOCs, I suddenly had access to a lot of courses that present subtopics in a structured way. I tried many times previously, but due to various valid and invalid reasons, I couldn’t complete any courses.

Today, I completed my first online course. By completing I mean following through the course schedule and doing assignments on time. It was Cryptography-1 by Dan Boneh from Stanford on Coursera, and it was good. I used to read a lot on crypto but never did a structured course. Due to my own reasons, I couldn’t take up a crypto course at my university, now I’ve done the first part of a two part course that is structured and is reasonably detailed.

If you are interested in cryptography, and are a beginner, do check it out. The course will repeat next month, and you can take it for free. Actually, if you are an average internet user, I believe you should understand how security in the modern digital world is engineered and implemented. In my first year at IITD, I was made to work hands-on on carpentry, sheet metal work, casting, forging, black  smithy, welding, and lathe machining. That taught me to appreciate the work. I’ll certainly remember how challenging and physically straining the work was if I ever have to bargain with a carpenter or welder, for instance. Similarly, if someone studies the crypto primitives and tries to understand the basis of modern digital security, they will be able to appreciate the inner workings and would respect the engineers and computing devices.

My thanks to Prof. Dan Boneh, for the excellent course, and Stanford university and Coursera for making it possible.

Aside: I never recommend anything unless I try it myself. When people ask me to recommend someone to program their stuff, I decline unless I have worked directly or have reviewed the work of someone in that field. I never recommend a software or a particular technology unless I get my hands dirty with it. Considering that most freshers at IIT Delhi are not familiar with Linux, and will need to be familiar with it for their study here, I have considered recommending Introduction to Linux by The Linux Foundation on Edx. Though I should trust LF on all matters linux implicitly, owing to my habit, I’m trying the course. Just started it and if time permits, I should be done by tomorrow and will post a follow up recommending it.

Pentadactyl – My secret firefox superpower

I always hated having to move my hands off keyboard to get things done. I love key bindings. After having tried many extensions, I stumbled upon vimperator. It was simply awesome, all I wanted and some more. Unfortunately, it was a bit buggy and I had to abandon it. I missed it for long, until recently, I stumbled upon its fork, pentadactyl, almost by accident.

Pentadactyl uses vim key bindings in firefox, gets GUI rid of all clutter, gives me an extremely powerful scripting interface, and works without a glitch. Everything is customizable, as it should be. I was a fan of vim since long. The composable commands, scripting interface, and a vast collection of plugins made it my favorite editor. I am obsessed with vim. I emulate it everywhere I can. tmux for terminal session management, vimpc for music, and pentadactyl in firefox, vi emulation in eclipse, the list goes on.

For those of my friends who marveled at my firefox use, navigating everywhere with lightning speed, using a command line interface or succinct key bindings for all operations, for those of you obsessed with the simplicity and power of vim, here’s my secret superpower. Pentadactyl. If you are a regular vim user, it should take you just a few minutes to get the ball rolling, you can thank me later.

I’ve started building my .pentadactylrc file very recently. Any tips are most welcome.

On a semi related side note, if you do any serious programming, you need to learn how to use a decent editor. I prefer vim, but emacs is perfectly fine too. If you are thinking of notepad, get away from me before I hit you hard.

Blame the browser, not OCSP

Let us talk about OCSP. If you do a little background reading, you’ll discover that almost all implementations do a soft-fail by default, and soft-fail is worse than not having OCSP at all, since it gives a sense of false security. Adam Langley from google discusses the absurdity of soft-fail in this blog post nicely. However, I refuse to accept his claim that CRLset is a good idea and that chrome does it better. Firefox allows me to enable OCSP hard-fail, something that I can not do in Chrome, and hence I abandoned chrome.

What if the browser enabled OCSP by default, and in case of a failure, prompts the user with a warning that says something like “I am not absolutely sure that the connection can be trusted.”, provides a link “More Details” that shows the technical details, and allows the user to choose if he/she wants to proceed. Or highlight the address bar in yellow or something for failed OCSP. Or show a unobtrusive notification .

OCSP is not the magic bullet, agreed. It is a convoluted solution to the revocation problem that demands compromise in one way or other. But if browsers had adopted it in better ways instead of defaulting to soft-fail, the web would have been a much secure place. And I believe compromising a lot of security for little convenience is a bad gamble.

People talk of single point of failure if OCSP hard-fail is enabled, that OCSP servers would be overloaded, and stuff. A compromise between soft-fail and hard-fail as default should work, and I’m sure we can come up with solutions to mitigate the SPOF if enough thought is given to it.

On a related note, I hope OCSP stapling gets more widely adopted. It solves many issues with current implementations, avoids the absurdities of soft-fail and SPOF concerns of hard-fail. Coupling it with a warning notification of the sort discussed above in major browsers will increase its adoption rates.

This post was triggered by a OCSP hard-fail notification for bugs.launchpad.net few minutes ago. I get a OCSP failure very very rarely. I suggest you switch to firefox and enable it for better security. To enable OCSP hard-fail on Firefox, go to Preferences > Advanced > Certificates > Validation and tick both the options.

Related articles:

My first adventure with phusion passenger

I spent more than a day stuck with using phusion passenger for a production deployment of an app I made for a client. This is a short note to remind myself of it in future and to help anyone stuck with the same.

The symptoms were pretty bad. Phusion passenger “simply did not work” with nginx. The standalone mode works like a charm, but nginx integration mode gives me directory listings, serves files in public, but does not start the app at all. Nothing in nginx logs to help. The server config is perfectly fine, checked it a hundred times, and tried a bazillion variations.

The problem: A missing passenger_root directive in http block of nginx.conf. I haven’t found anywhere that it is necessary, and given that I used phusion passenger’s repository to install nginx and passenger, I expected the setup to work out of the box.

If your passenger-deployed app doesn’t seem to start at all, just check if your http block has the passenger_root directive. In my case, it had to be set to /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini.  It might be different in your case, just do a locate phusion_passenger/locations.ini to get the appropriate path.

After two days of scratching my head, reading through nginx and passenger docs a dozen times, just added it on a whim and it now works! I can now sleep in peace.

Also, look at passenger_nodejs if you use nvm. You don’t need system-wide node if your passenger_nodejs points to the proper node binary.

This post also highlighted the need for better config If I intend to blog about code. Not being able to visually distinguish code-snippets and inlined commands is a big bummer.

Student mentorship Program, IIT Delhi

What do we do as MRC?

At IITD, my tenure as a mentorship coordinator is nearing its end. And now, our team is faced with the task of selecting the next MRC. I have a very mixed feeling about this. I loved working with my team. At the same time, it has been very challenging. I remember the night-outs, being sleepless during mentor allotment, freshmen orientation, while designing the survey, prolonged and heated discussions on what to do next and how. I have absolutely no idea how our team pulled it off.

And now when the time comes to select the next MRC, we realized that many are unaware of our activities. Many had queries on what we do, and how. I will make an attempt at answering those questions.

Prince Dhawan, our super senior, called together a bunch of his friends, and convinced the then president of BSW, Prof. G.S. Visweswaran, that IIT Delhi is in need of a structured student mentorship program. A team of students, hand-picked by him, formed the first Mentorship Review Committee. They selected mentors, assigned them to incoming freshmen, and tried to make a dent in the universe, so to say. That was the birth of SMP at IITD. Atleast that is what I consider it to be.

Three years down the line, I applied to be a student mentor. Deepak Vasisht and his team was the incoming MRC that year. In these few years, MRC has established itself as a recognized student body and it retained complete autonomous control over all its decisions. One fellow mentor, Sidhant Sachdeva found the existing orientation boring. A proposal for redesigning the freshmen orientation was put forward. It took a lot of effort, but we made it.

The freshmen orientation was redesigned, from boring lectures in our iconic Dogra Hall that I don’t think many paid any attention to, to be a tour of stalls that introduce freshmen to all student activities at IITD. I worked closely with the MRC during the orientation and throughout the year. That year, I was overjoyed to receive awards for the best student mentor and outstanding contribution to the program. Sidhant was awarded outstanding contribution to the program, for his efforts in redesigning the orientation. MRC had its constitution inked out, added as an annexure to BSW constitution. We got a faculty coordinator. In other words, the institute acknowledged the MRC.

And I made it into the next MRC. Vatsal, Isha, Sidhant, Tapas, Rohit, and myself. MRC 2013-14.

Also, Mentorship Review Committee was renamed to Mentorship Committee. But we stuck to the abbreviation MRC because MC in a Hindi-speaking community would have been slightly awkward.

Activities of MRC

We had some initial wave of meetings, and we got down to work.

We had to select our team. One mentorship secretary, and about 150 mentors. It was about two weeks before majors. I have absolutely no idea how we managed that. But after two rounds of interviews, and an intermediate round of peer review and background checking, and a final heated discussion that lasted an entire night – no breaks – we selected Ankit to be our mentorship secretary. Once we narrowed down the choice to last three, we had absolutely no way of picking one among them. Finally, sinceit is a purely managerial role, and this guy is known to have tricks up his sleeve that can get work done in our tight deadlines, we picked him.

We had to interview mentors, about 400 applications were received, and we interviewed every single one of them. Then did a background check on every potential candidate. We came out with a short list. The majors were near. Very near. And we had night-outs every day. It was when I invited people for a party, on my own, perhaps for the first time in my life. On a friend’s birthday.

We had estimates of how many students are going to be admitted, and what the hostel distribution is roughly going to be. And we spent about a month allocating mentors. And then the institute bombed us. Almost literally, with the actual allocation. More than 150 students in two new hostels, where there are no senior undergraduates. Our plans were screwed up, and we had to redo it all. And this was a bigger challenge. Cross hostel mentoring is known to be very tough. It had terrible feedback in all previous years. Isha managed to do a good job, though. Both while allocating, and in the previous year as a cross hostel mentor.

I set up a freshmen forum at our then-active domain discourse.smpiitd.org. It received an overwhelming response, and I was billed Rs.4000 for the server utilisation. I found it too heavy for my pocket with zero income, and so had to take the service down after orientation. I have later added it to our group expenses, and we are yet to settle it among ourselves, by the way.

Who is better suited at handling the orientation than its architect? Sidhant was the unspoken incharge of the team during the orientation. We had rains, unexpected delays, tight deadlines, and I have no idea how we managed it. Sidhant did an excellent job. We had tour of stalls, street play, and departmental Q&A sessions. And we had to handle parents who were angry at the infrastructure, who were angry at us, student volunteers. Oh and I got calls from parents asking which gate to use to enter IIT. You know what? Publishing your mobile number as a first point of contact has its perks. (Hope you get the sarcasm.)

Isha and Tapas worked on mentorship code of conduct and mentoring handbook. Rohit worked with Mrs. Rupa Murghai, our student counselor, and designed the mentor orientation and training. It was good, but in hindsight, the process should have been actively extended throughout the year. The initial sessions were not totally enough in my opinion.

Our team visited all hostels to meet with freshers and identify any potential issues. We conveyed the messages to the respective channels, and they were dealt with appropriately.

Language sessions were organised. Tapas handled english classes. An instructor was appointed by the institute for the classes, and they received a good response. I handled hindi classes, and that wasn’t as good. When the winter chills set in, all of them being new to such weather, completely bailed out.

We collected mid semester and end semester feedback. And I had to replace a couple of mentors who weren’t doing their job well.

Whoa! I barely covered major events of first semester. And people ask, what does MRC do at all? Maybe we should do better publicity.

Then we had a curious case of mass copying. I really don’t want to discuss it, but it should suffice to say that almost all of us spent a lot of time on that. We had another round of mentor self evaluation and feedback. It is being analysed. We had organised an all day long gender sensitisation event titled Jamaavda, followed by a discussion on the same. We had also organised a couple of career talks.

I personally toured all hostels with BSW secys and SAC and CAIC Gsecs, to discuss code of conduct and the general outline for the meeting with director. It was postponed due to an unfortunate accident that claimed the lives of four of our final year students.

Vatsal got a initial draft of survey questions designed, and myself and Vatsal worked for a couple of days and nights and published our annual assessment and feedback. Responses are being collected as I write this. We will analyse the results and present them as a part of our annual report. The anonymised responses will be made available for the entire IITD community to analyse for themselves.

We are still working on our recommendations to the institute, which will be included as the final section to our annual report. It is going to be slightly bulky. Just a review of our activities is upwards of 50 pages as of now.

We still have to select the next MRC, and join the advisory board of MRC. I just made that name up. All past members of MRC are still in contact with each other through a online community, and we regularly discuss our plans and ask for advice when necessary. Why not give it a good sounding name as well?

About the team:

The team consists of six coordinators, one of whom will act as the overall coordinator. We have a very flat structure, everyone is an equal. The OC is a little shiny tag that carries the massive responsibility of representing MRC to the institute. Also, an unwritten rule states that OC pays for all parties. By the way, MRC runs on a strict zero budget. We handle not a single rupee from the institute. We don’t want to.

Everyone takes up responsibility for some specific task they are good at. I was already moderately famous (infamous?) at IITD, and I managed to do a hopefully-not-so-bad-job of interacting with freshmen batch of 2012, so I took up outreach as my primary responsibility.

Primarily, Isha handled feedbacks, Rohit handled student counseling services, Tapas worked on language classes, Sidhant was incharge of orientation, and Vatsal managed all our activities. Most other activities were shared by two or three of us.

What do we do? We manage mentoring. And in short, if something concerns first yearites, MRC probably can do something about it. We just restrict ourselves to make the work manageable. I’m not really good at explaining stuff, but feel free to ring up any of us if you still don’t have a clear picture of what MRC does. Unless your query is “How did you manage to do all that”? For that, I have no answer. I have absolutely no idea how we made it this far. All I remember is it took us some effort.

It has been a great experience. Looking forward to the next team.

If you want to join the team and make a dent in the universe, so to speak, apply to be a part of the next team.

Recursion in livescript

I have been looking at JavaScript, and languages that compile to JS. Coffeescript was my first love in this domain, and I have very recently transitioned to LiveScript, just a few months ago.

Until now, I was not faced with a problem for which recursion is the most natural solution. A couple of days go, when I was writing this program to test for a palindromic number, a recursive implementation seemed the most sensible approach. LiveScript being my new found love, I fired up vim, and… blank.

I tried searching on google, but it turned up nothing useful. I spent almost half an hour reading livescript and prelude, to find these two solutions. Turns out that you can use the keyword function to create named functions, which get hoisted as usual with javascript.

function fib x
   if x<0 then throw new Error
   if x<3 then x
   else fib(x-1)+fib(x-2)

Or, you can use the fix function from prelude to do anonymous recursion. This is the first time I saw the beautiful Y combinator being used this way. And I had to read my old notes on Y combinators and Javascript call and apply to understand the magic of what is happening.

require! 'prelude-ls'.fix

fib = fix (fib) ->
   (x) ->
       if x < 0 throw new Error
       if x < 3 then x
       else fib(x-1) + fib(x-2)

Looks similar? Nope. Here, fix takes a function that returns a function as an argument, and returns a function that is the inner function, with the outer argument referring to the inner function itself. Did that make any sense? :D

The beauty of this approach is that the function fib doesn’t get hoisted, it is just an ordinary variable assignment, not a named function, and we just did anonymous recursion!

Don’t know if the sound of it excites you, but I sure am excited. Recursion in an anonymous function? Isn’t that cool?

Actually, looks like one of the common applications of Y combinator is to do anonymous recursion, but I didn’t think of it earlier.

Detective Case study competition by STREE, an initiative of NSS IIT Delhi

Hello everyone. Just wanted to publicise a mailer I received. Find its full text below.
Inline images 1     Inline images 3
STREE, an initiative of NSS IIT Delhi
presents
DETECTIVE Case Study Competition
On the occasion of International Women’s Day (8th March, 2014), STREE, an initiative of NSS-IIT Delhi brings to you a one-of-its-kind competition that lets you go through the complex process of analysing a case of sexual harassment. The competition aims at sensitising the participants to the subtle issue of sexual harassment at workplace through a fun-filled detective case study game.
Did you know that according to the The Sexual Harassment of Women at Workplace Act, 2013, every workplace is supposed to have a Sexual Harassment Complaints Committee to handle case of harassment. Moreover, the Committee is required to complete the inquiry within a time period of 90 days and send the report. Also, the employer or the District Officer are mandated to take action on the report within 60 days.
If these questions interest you, participate in the competition to explore this issue to the core.
 
Register in Teams of 3 at http://iitd.info/streecasestudy

(There are no restrictions on age, sex or institution on the team, though we prefer participation from college students)
  • Pre-seen material will be provided to the teams in bits and pieces starting from 6th March. (you may register later as well)
  • After going through the case study material, participants get an option to have a live chat with the characters in the case study with some restrictions, to be declared at the time of chat) on 8th of March. More details on this will be sent to the registered teams one day in advance.
  • The registered teams need to submit a short report of not more than 1000 words which contains their conclusion from the material and the chat session and also their recommendations.
    Deadline: 9th March, 2014 5:00 pm.
  • The participants will be judged on the basis of the way they investigate the case and also how sensitive they are towards the issue of Gender Equality and Sexual Harassment (which will be clear from the questions they ask during the chat session and also the report they submit).
Attractive Prizes to be Won
 
For more details, contact:
Stree Team
9818399544
9868857566
 –

www.nssiitd.in | nssinbox@gmail.com | www.facebook.com/NSSIITDelhi