On magic numbers, and tripping in the dark.

I have a habit of showing off. To anyone who has been around me for a while, this shouldn’t be a surprise. So when I tweaked and tuned my mobile to my usage patterns, people asked about it when they noticed crazy things and I gave many a short tour.

To any experienced android enthusiast, my customizations would be elementary. Rooted stock android on a Moto G 1st gen, Xposed, plus a bunch of nice Xposed mods ( special mention to Gravitybox ) , Greenify (Donation pack with extra goodies like patched GCM) , Nova Launcher (Prime) , Tasker, carefully selected themes and apps all make it look and behave very different from stock android. Giving up my warranty on day 1 was totally worth it. I spent few weeks making my mobile a very personal device.

One particular feature I love showing off is a simple gravitybox tweak, timed torch bound to volume down long press. There’s a dark unlit path I use regularly, which takes approximately 120 seconds for me to cross, and the torch is set to switch off 120 seconds after activation. Practically everyone found it cool. But there was one person who said it is stupid. There’s a CS professor who also happens to be a good programmer ( No, one does not imply the other. ) who said I should instead use ambient light sensors or GPS to detect when I crossed that patch and then switch off the torch. He says he is forced to use magic numbers in server monitoring scripts but that is sub optimal. He was concerned I would trip in the dark if I walk slowly and the light goes off sooner. I had to explain my device had a shitty ambient light sensor and the GPS resolution is often not very fine and takes time, so I will probably achieve similar results with added battery drain.

Today, the light went off when I was in the middle of the path. It has been doing that consistently for the past few days, probably because I walk slower these days. Time to tweak the timeout, and to consider the ambient light sensors more seriously. Unfortunately, I won’t be able to cook up an app anytime soon, since there are more important tasks that keep me busy. Another idea added to my ever growing list of nice-to-have-awesome-features-that-not-many-need.

You can haz time?

To anyone reading this who has the time and likes me enough to invest their time for me, please cook up an xposed mod or a tasker plugin and I’ll take you out for lunch/dinner. It should take a couple of days at most, but beware, I’ve a reputation for underestimating time lines. Following my rule of thumb and multiplying initial gut feeling by 3-5, 6-10 days is a pretty safe bet.

Twenty Questions, and more

Have you heard of the game Twenty Questions? I played it today with a bunch of faculty and students over dinner, thanks to Student Teacher Interaction Council (STIC). STIC organized a dinner today and I popped in for a while.

We were a group of about 20 and played two rounds. Prof. Turbo Majumder was the answerer for the first round and I volunteered for the second. And I have chosen Paul Graham of Hacker News and Y combinator fame. It turned out many people at the table were not aware of him.

Had I never encountered a reference to YC,HN or him anywhere, I would have missed a lot. That made me think, how many people whose ideas or works I am/would be interested in am I missing?

Many things I had studied a couple of years ago when they were state of art are considered mediocre today, things are constantly changing at a faster pace than I can assimilate them. Sherlock Holmes wouldn’t have been able to become as famous as the books depict, or I doubt even survive decently in today’s world. As we automate most things, the jobs that will be available will end up demanding increasingly better skill set, the barrier to employment is raising steadily.

Will we reach a point where we have automated everything and the tasks that are not yet automated require skill that an average person can not acquire in their lifetime? What would happen to the average populace then? Will it happen in my lifetime? The thought is both scary and exciting.

I know not if it will happen in my lifetime, but I know one thing. I do not want to be an average person if and when that happens.

If you are planning to start your own startup, go read his essays on startups. If you are interested in programming and can code in atleast one language, read about lisp and then his essays on lisp. I follow HN, Reddit & Twitter, and recommend you do too.

On completing my first online course

If you’re around me long enough, you’ll know that I love exploring, tinkering and learning stuff. With the advent of MOOCs, I suddenly had access to a lot of courses that present subtopics in a structured way. I tried many times previously, but due to various valid and invalid reasons, I couldn’t complete any courses.

Today, I completed my first online course. By completing I mean following through the course schedule and doing assignments on time. It was Cryptography-1 by Dan Boneh from Stanford on Coursera, and it was good. I used to read a lot on crypto but never did a structured course. Due to my own reasons, I couldn’t take up a crypto course at my university, now I’ve done the first part of a two part course that is structured and is reasonably detailed.

If you are interested in cryptography, and are a beginner, do check it out. The course will repeat next month, and you can take it for free. Actually, if you are an average internet user, I believe you should understand how security in the modern digital world is engineered and implemented. In my first year at IITD, I was made to work hands-on on carpentry, sheet metal work, casting, forging, black  smithy, welding, and lathe machining. That taught me to appreciate the work. I’ll certainly remember how challenging and physically straining the work was if I ever have to bargain with a carpenter or welder, for instance. Similarly, if someone studies the crypto primitives and tries to understand the basis of modern digital security, they will be able to appreciate the inner workings and would respect the engineers and computing devices.

My thanks to Prof. Dan Boneh, for the excellent course, and Stanford university and Coursera for making it possible.

Aside: I never recommend anything unless I try it myself. When people ask me to recommend someone to program their stuff, I decline unless I have worked directly or have reviewed the work of someone in that field. I never recommend a software or a particular technology unless I get my hands dirty with it. Considering that most freshers at IIT Delhi are not familiar with Linux, and will need to be familiar with it for their study here, I have considered recommending Introduction to Linux by The Linux Foundation on Edx. Though I should trust LF on all matters linux implicitly, owing to my habit, I’m trying the course. Just started it and if time permits, I should be done by tomorrow and will post a follow up recommending it.

Update: Took me much longer than expected to finish the course since I was busy and lazy (a terrible combination btw). It covers just the absolute basics, but I’d still recommend it. Takes not more than a few hours to go through it all; and after completing it, you’ll at least know how to find your way around.

Pentadactyl – My secret firefox superpower

I always hated having to move my hands off keyboard to get things done. I love key bindings. After having tried many extensions, I stumbled upon vimperator. It was simply awesome, all I wanted and some more. Unfortunately, it was a bit buggy and I had to abandon it. I missed it for long, until recently, I stumbled upon its fork, pentadactyl, almost by accident.

Pentadactyl uses vim key bindings in firefox, gets GUI rid of all clutter, gives me an extremely powerful scripting interface, and works without a glitch. Everything is customizable, as it should be. I was a fan of vim since long. The composable commands, scripting interface, and a vast collection of plugins made it my favorite editor. I am obsessed with vim. I emulate it everywhere I can. tmux for terminal session management, vimpc for music, and pentadactyl in firefox, vi emulation in eclipse, the list goes on.

For those of my friends who marveled at my firefox use, navigating everywhere with lightning speed, using a command line interface or succinct key bindings for all operations, for those of you obsessed with the simplicity and power of vim, here’s my secret superpower. Pentadactyl. If you are a regular vim user, it should take you just a few minutes to get the ball rolling, you can thank me later.

I’ve started building my .pentadactylrc file very recently. Any tips are most welcome.

On a semi related side note, if you do any serious programming, you need to learn how to use a decent editor. I prefer vim, but emacs is perfectly fine too. If you are thinking of notepad, get away from me before I hit you hard.

Blame the browser, not OCSP

Let us talk about OCSP. If you do a little background reading, you’ll discover that almost all implementations do a soft-fail by default, and soft-fail is worse than not having OCSP at all, since it gives a sense of false security. Adam Langley from google discusses the absurdity of soft-fail in this blog post nicely. However, I refuse to accept his claim that CRLset is a good idea and that chrome does it better. Firefox allows me to enable OCSP hard-fail, something that I can not do in Chrome, and hence I abandoned chrome.

What if the browser enabled OCSP by default, and in case of a failure, prompts the user with a warning that says something like “I am not absolutely sure that the connection can be trusted.”, provides a link “More Details” that shows the technical details, and allows the user to choose if he/she wants to proceed. Or highlight the address bar in yellow or something for failed OCSP. Or show a unobtrusive notification .

OCSP is not the magic bullet, agreed. It is a convoluted solution to the revocation problem that demands compromise in one way or other. But if browsers had adopted it in better ways instead of defaulting to soft-fail, the web would have been a much secure place. And I believe compromising a lot of security for little convenience is a bad gamble.

People talk of single point of failure if OCSP hard-fail is enabled, that OCSP servers would be overloaded, and stuff. A compromise between soft-fail and hard-fail as default should work, and I’m sure we can come up with solutions to mitigate the SPOF if enough thought is given to it.

On a related note, I hope OCSP stapling gets more widely adopted. It solves many issues with current implementations, avoids the absurdities of soft-fail and SPOF concerns of hard-fail. Coupling it with a warning notification of the sort discussed above in major browsers will increase its adoption rates.

This post was triggered by a OCSP hard-fail notification for bugs.launchpad.net few minutes ago. I get a OCSP failure very very rarely. I suggest you switch to firefox and enable it for better security. To enable OCSP hard-fail on Firefox, go to Preferences > Advanced > Certificates > Validation and tick both the options.

Related articles:

My first adventure with phusion passenger

I spent more than a day stuck with using phusion passenger for a production deployment of an app I made for a client. This is a short note to remind myself of it in future and to help anyone stuck with the same.

The symptoms were pretty bad. Phusion passenger “simply did not work” with nginx. The standalone mode works like a charm, but nginx integration mode gives me directory listings, serves files in public, but does not start the app at all. Nothing in nginx logs to help. The server config is perfectly fine, checked it a hundred times, and tried a bazillion variations.

The problem: A missing passenger_root directive in http block of nginx.conf. I haven’t found anywhere that it is necessary, and given that I used phusion passenger’s repository to install nginx and passenger, I expected the setup to work out of the box.

If your passenger-deployed app doesn’t seem to start at all, just check if your http block has the passenger_root directive. In my case, it had to be set to /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini.  It might be different in your case, just do a locate phusion_passenger/locations.ini to get the appropriate path.

After two days of scratching my head, reading through nginx and passenger docs a dozen times, just added it on a whim and it now works! I can now sleep in peace.

Also, look at passenger_nodejs if you use nvm. You don’t need system-wide node if your passenger_nodejs points to the proper node binary.

This post also highlighted the need for better config If I intend to blog about code. Not being able to visually distinguish code-snippets and inlined commands is a big bummer.

Student mentorship Program, IIT Delhi

What do we do as MRC?

At IITD, my tenure as a mentorship coordinator is nearing its end. And now, our team is faced with the task of selecting the next MRC. I have a very mixed feeling about this. I loved working with my team. At the same time, it has been very challenging. I remember the night-outs, being sleepless during mentor allotment, freshmen orientation, while designing the survey, prolonged and heated discussions on what to do next and how. I have absolutely no idea how our team pulled it off.

And now when the time comes to select the next MRC, we realized that many are unaware of our activities. Many had queries on what we do, and how. I will make an attempt at answering those questions.

Prince Dhawan, our super senior, called together a bunch of his friends, and convinced the then president of BSW, Prof. G.S. Visweswaran, that IIT Delhi is in need of a structured student mentorship program. A team of students, hand-picked by him, formed the first Mentorship Review Committee. They selected mentors, assigned them to incoming freshmen, and tried to make a dent in the universe, so to say. That was the birth of SMP at IITD. Atleast that is what I consider it to be.

Three years down the line, I applied to be a student mentor. Deepak Vasisht and his team was the incoming MRC that year. In these few years, MRC has established itself as a recognized student body and it retained complete autonomous control over all its decisions. One fellow mentor, Sidhant Sachdeva found the existing orientation boring. A proposal for redesigning the freshmen orientation was put forward. It took a lot of effort, but we made it.

The freshmen orientation was redesigned, from boring lectures in our iconic Dogra Hall that I don’t think many paid any attention to, to be a tour of stalls that introduce freshmen to all student activities at IITD. I worked closely with the MRC during the orientation and throughout the year. That year, I was overjoyed to receive awards for the best student mentor and outstanding contribution to the program. Sidhant was awarded outstanding contribution to the program, for his efforts in redesigning the orientation. MRC had its constitution inked out, added as an annexure to BSW constitution. We got a faculty coordinator. In other words, the institute acknowledged the MRC.

And I made it into the next MRC. Vatsal, Isha, Sidhant, Tapas, Rohit, and myself. MRC 2013-14.

Also, Mentorship Review Committee was renamed to Mentorship Committee. But we stuck to the abbreviation MRC because MC in a Hindi-speaking community would have been slightly awkward.

Activities of MRC

We had some initial wave of meetings, and we got down to work.

We had to select our team. One mentorship secretary, and about 150 mentors. It was about two weeks before majors. I have absolutely no idea how we managed that. But after two rounds of interviews, and an intermediate round of peer review and background checking, and a final heated discussion that lasted an entire night – no breaks – we selected Ankit to be our mentorship secretary. Once we narrowed down the choice to last three, we had absolutely no way of picking one among them. Finally, sinceit is a purely managerial role, and this guy is known to have tricks up his sleeve that can get work done in our tight deadlines, we picked him.

We had to interview mentors, about 400 applications were received, and we interviewed every single one of them. Then did a background check on every potential candidate. We came out with a short list. The majors were near. Very near. And we had night-outs every day. It was when I invited people for a party, on my own, perhaps for the first time in my life. On a friend’s birthday.

We had estimates of how many students are going to be admitted, and what the hostel distribution is roughly going to be. And we spent about a month allocating mentors. And then the institute bombed us. Almost literally, with the actual allocation. More than 150 students in two new hostels, where there are no senior undergraduates. Our plans were screwed up, and we had to redo it all. And this was a bigger challenge. Cross hostel mentoring is known to be very tough. It had terrible feedback in all previous years. Isha managed to do a good job, though. Both while allocating, and in the previous year as a cross hostel mentor.

I set up a freshmen forum at our then-active domain discourse.smpiitd.org. It received an overwhelming response, and I was billed Rs.4000 for the server utilisation. I found it too heavy for my pocket with zero income, and so had to take the service down after orientation. I have later added it to our group expenses, and we are yet to settle it among ourselves, by the way.

Who is better suited at handling the orientation than its architect? Sidhant was the unspoken incharge of the team during the orientation. We had rains, unexpected delays, tight deadlines, and I have no idea how we managed it. Sidhant did an excellent job. We had tour of stalls, street play, and departmental Q&A sessions. And we had to handle parents who were angry at the infrastructure, who were angry at us, student volunteers. Oh and I got calls from parents asking which gate to use to enter IIT. You know what? Publishing your mobile number as a first point of contact has its perks. (Hope you get the sarcasm.)

Isha and Tapas worked on mentorship code of conduct and mentoring handbook. Rohit worked with Mrs. Rupa Murghai, our student counselor, and designed the mentor orientation and training. It was good, but in hindsight, the process should have been actively extended throughout the year. The initial sessions were not totally enough in my opinion.

Our team visited all hostels to meet with freshers and identify any potential issues. We conveyed the messages to the respective channels, and they were dealt with appropriately.

Language sessions were organised. Tapas handled english classes. An instructor was appointed by the institute for the classes, and they received a good response. I handled hindi classes, and that wasn’t as good. When the winter chills set in, all of them being new to such weather, completely bailed out.

We collected mid semester and end semester feedback. And I had to replace a couple of mentors who weren’t doing their job well.

Whoa! I barely covered major events of first semester. And people ask, what does MRC do at all? Maybe we should do better publicity.

Then we had a curious case of mass copying. I really don’t want to discuss it, but it should suffice to say that almost all of us spent a lot of time on that. We had another round of mentor self evaluation and feedback. It is being analysed. We had organised an all day long gender sensitisation event titled Jamaavda, followed by a discussion on the same. We had also organised a couple of career talks.

I personally toured all hostels with BSW secys and SAC and CAIC Gsecs, to discuss code of conduct and the general outline for the meeting with director. It was postponed due to an unfortunate accident that claimed the lives of four of our final year students.

Vatsal got a initial draft of survey questions designed, and myself and Vatsal worked for a couple of days and nights and published our annual assessment and feedback. Responses are being collected as I write this. We will analyse the results and present them as a part of our annual report. The anonymised responses will be made available for the entire IITD community to analyse for themselves.

We are still working on our recommendations to the institute, which will be included as the final section to our annual report. It is going to be slightly bulky. Just a review of our activities is upwards of 50 pages as of now.

We still have to select the next MRC, and join the advisory board of MRC. I just made that name up. All past members of MRC are still in contact with each other through a online community, and we regularly discuss our plans and ask for advice when necessary. Why not give it a good sounding name as well?

About the team:

The team consists of six coordinators, one of whom will act as the overall coordinator. We have a very flat structure, everyone is an equal. The OC is a little shiny tag that carries the massive responsibility of representing MRC to the institute. Also, an unwritten rule states that OC pays for all parties. By the way, MRC runs on a strict zero budget. We handle not a single rupee from the institute. We don’t want to.

Everyone takes up responsibility for some specific task they are good at. I was already moderately famous (infamous?) at IITD, and I managed to do a hopefully-not-so-bad-job of interacting with freshmen batch of 2012, so I took up outreach as my primary responsibility.

Primarily, Isha handled feedbacks, Rohit handled student counseling services, Tapas worked on language classes, Sidhant was incharge of orientation, and Vatsal managed all our activities. Most other activities were shared by two or three of us.

What do we do? We manage mentoring. And in short, if something concerns first yearites, MRC probably can do something about it. We just restrict ourselves to make the work manageable. I’m not really good at explaining stuff, but feel free to ring up any of us if you still don’t have a clear picture of what MRC does. Unless your query is “How did you manage to do all that”? For that, I have no answer. I have absolutely no idea how we made it this far. All I remember is it took us some effort.

It has been a great experience. Looking forward to the next team.

If you want to join the team and make a dent in the universe, so to speak, apply to be a part of the next team.