October 6th, 2011 §
Much has been written about Steve Jobs in the last couple of days. People throughout the world have showered their love and affection for the public figure of Steve Jobs. Apple’s products showed that their creator must be a force to reckon with. For people here in the valley, especially enchanted with products, design and innovation, Steve was a legend way before his death.
I never met the man, and only knew of him through his products, and his public appearances and quotes. Most people, like me, knew Steve Jobs only this way. So why is it that we all feel so overwhelmingly sad at his demise? Is it because he was a great man of our times who brought the future to the present? Is it because he showed us what beautiful products look like? Is it because that he reminded us that true beauty is, in fact, universal? Is it because we all know that products in the future will just not be the same anymore without the guiding force of superior design?
It is all of the above and much much more. Most people say that Steve’s brilliance lies in the fact that he really knew what customers wanted. I think that’s totally incorrect. I don’t think he cared about what other people wanted. But I think he did care immensely himself. He was just trying to make the best thing he could given the technology of our times. Steve wanted more, because he knew that more was possible. The main difference between him and other innovators has been that he went much further in trying to solve a problem. Most people would stop at a very very very good product. But not Steve. He wasn’t trying to be perfect, but he was making the best thing that appealed to him. And because he was incessant in his quest to find the thing that truly appealed to him, it actually appealed to the masses as well.
Yes, Steve inspired us all to make beautiful things. And yes he did inspire us to design things well. But the reason we really miss him is because he showed us that we should do something wonderful that we want to do, and not because someone else demands it. Steve showed us a way to live our life which breaks all traditional and cultural norms. He showed us that we should stop worrying about what other people (including customers) think, and instead worry about whether we are being true to ourselves in building what we can. He showed us that it’s important to have taste, good or bad, and bring it to what we do. He showed us that good enough just isn’t good enough.
Steve taught us that it’s important to do the best you can with whatever is available and not give up too soon. Not because we should satisfy other people’s cravings, but for our own sake. Because, after all, this is our life we are talking about. Noone else teaches us that lesson. Only the people, like Steve, who have lived their life by that code can inspire us to attempt to do the same. And they teach us that the purpose of our life is not to earn great riches or to have huge impact or build things that others want, but simply to do something wonderful.
And for a reminder of that lesson, I thank you Steve, and may you rest in peace.
February 9th, 2010 §
A few days ago, I bought some software for a friend. He lives in Los Angeles, so payment was obviously an issue. I had the software shipped to him directly from the vendor and paid for it myself (it had to be my credit card). We both thought that using PayPal would be super easy, and I would get payment easily enough.
I remembered that many months ago another friend of mine had sent me an invoice and I got charged a fee. Not wanting to pay any fee, I decided to send the invoice to this friend as well, but I still got charged a hefty fee. On a $96.08 transaction, PayPal charged me a fee of $3.09. This is ridiculous. The worst part is that it is not clear at all where and who gets charged a fee. Only recently have PayPal made their fee structure clear and easy to find on their website.
In either case, I don’t think I will be using PayPal anytime soon to ask my friends for money they owe me. A cheque is not too much trouble. It arrives in the mail, and I can deposit it the next time I go to withdraw some cash from my nearby ATM machine.
February 3rd, 2010 §
AT&T sent me a notice detailing that the old ETF is no longer in effect. If you remember, AT&T charges an early termination fee (ETF) of $175 if one cancels the 1-year or 2-year contract with them which was initially used to get a larger subsidy on the cost of the phone. For people who have paid full price for the phone, like me, this was never a good idea and one of the reasons AT&T managed to keep their tentacles hooked into me.
According to the notice, AT&T wireless and Cingular customers who’ve had service any time after January 1, 1998 may be in line for their share of a $18 million cash and “cash benefit” settlement. AT&T also notes that this settlement is for their “old” ETF program, and not for the new pro-rated ETFs that they introduced in 2008.
“We strongly deny any wrongdoing, and no court has found AT&T Mobility committed any wrongdoing regarding these fees. However, we have agreed to settle to avoid the burden and cost of further litigation.
It’s important to note that the litigation involves old early termination fee policies of the old AT&T Wireless and Cingular. In 2008 we introduced a new, more flexible early termination fee policy, in which we pro-rate the ETF if you are a new or renewing wireless customer who enters a one- or two-year service agreement.”
With AT&T’s shoddy coverage in the San Francisco area, I am seriously considering breaking my contract and going towards greener pastures.
December 24th, 2009 §
So my gmail account got hacked. Yes, painful, but also very instructive. Firstly, I still do not know exactly how it got hacked. I don’t use any public computer. In fact, I haven’t used any other machine besides my own laptop (Mac) and my iPhone in a very very long time. I don’t sign up for any offers on the internet, and do not install any crap software. Besides, isn’t the Mac supposed to be very safe?
Anyhow, I got hacked and that’s that. The hacker then started sending emails from my account to everyone I have ever communicated with asking for money. The amazing thing about this story is that all the emails sent are very very impersonal, don’t salute the recipient in any way, and are full of grammatical and spelling errors. Yet, the content matter is so sensational (being robbed at gunpoint in some foreign country), that everyone gets worried about my safety. If I received a similar letter, I wouldn’t sit and analyze this, and would fall for it as well. So far, they have preyed on the emotions of their victims through me as the medium.
During the course of trying to get my account back, I ran into some of the issues and got a sneak peak about exactly how these hackers then try to exploit the system, GMail in particular. I had my Yahoo account set up as the secondary email in case of emergencies, or verification. The hacker was quick to change the secondary account first. Gmail has a system of sending verification to a mobile device. This too got changed quickly to some mobile number in Nigeria. During this time, I tried in vain to gain control by asking Gmail to reset my password and send me the password reset code. Gmail only shows that they sent the reset code to firstname.lastname@example.org, but not the username at the yahoo.com address. So while I was waiting for my password reset code to arrive at my yahoo.com address, the hacker was seeing password reset requests come in to the temporary yahoo address he had set up. I am sure he was laughing at my stupidity and the fact that I sent in multiple requests when the first one failed.
Ok, I was baffled. So I went through the GMail system to report that my account has been compromised. I had to fill in multiple details, including when my account was first started, and the invitation code I used to join (if at all). Obviously, I didnt have any of these, but I made best guesses, and lo and behold, GMail returned my account back to me. I was able to reset my password, and rejoice.
Alas, too soon!
After proclaiming victory, I tried to send a few emails, etc. and it all worked fine. I promptly sent emails to a huge list of people warning them that I had been hacked, and to ignore requests from me for money. There were a few people in the list that I wouldnt have minded getting some money from, but this had to be done.
The hacker, during this time, had very smartly set up a forwarding rule so that he was getting all the emails that I was receiving on my account. This, by itself, is not much. But here comes the most amazing part of how Google engineers missed seeing this as a threat, but these hackers have managed to exploit it. Before I explain what the flaw is, a little diversion into the background.
GMail allows one account to send emails while masquerading as another account. This was designed primarily so that I can have multiple gmail accounts (including Google Apps email accounts like I have a @gmail.com and a @gigzee.com account), and still be able to use one primary account and send emails from it for all the different accounts. Great idea, and I love it. All this takes to set up is a simple verification email. So, say you have email@example.com and firstname.lastname@example.org. If you want email@example.com to be able to send emails and still show up as firstname.lastname@example.org, you can go to your settings, set up another email address and this will send a verification email to email@example.com. After clicking on the verification link and entering the code, firstname.lastname@example.org can now send as email@example.com. If you delete the verification email from the a1 account, there is NOTHING in the settings or account panel of firstname.lastname@example.org that shows that b2 is still sending emails as a1.
This is exactly what the hacker has done. He has set up another gmail account, and is sending emails on behalf of my gmail account. During this time, he is also receiving the auto-forwarded emails of my account. So even though I have changed my password, and declared victory, he can still receive and send emails just as if he were in full control.
So, step 1, I removed the forwarding rule. Ok, now he cannot get any emails sent to me. Yayyy!
What about his ability to send emails? Turns out that there isn’t any additional verification after the initial verification. What’s more, there is no indication anywhere on my account settings that shows me how many other people can send emails as me. This is terrible. So while I have full control with brand new passwords, the hacker can simply keep sending emails to anyone he likes pretending to be me, ruining my reputation in the process.
GMail – I am not sure how you could have missed this in one of your threat model analyses. But please add an option in account settings where I can control who all can send emails pretending to be me. Meanwhile, the hacker has a field day in sending emails from my account, and can do so as and when he pleases. I am writing a letter to GMail as well so that they can fix this, but if you get any email from me asking for money (personal or not), please don’t wire it to somewhere in Europe. Now, if you want to hand over some cash to me in person, feel free to give me a call!
November 19th, 2009 §
When I was in graduate school, one of my roommates asserted that he planned to go through life without getting a speeding ticket. I met him a couple of months ago, and I asked him how he was doing on that plan. He had got one speeding ticket! Amazingly, even though I had never made my intentions public, I also planned to go through life without getting a parking ticket. Yet, despite my best intentions, I too got a ticket a few years ago.
I know what you are thinking. Clearly, both my friend and I should have been more careful sticking to the posted signs on the limits. And for the most part, we do. The trouble is that there is no well-defined boundary about where we are breaking the law. It is more like a gray area. If the posted speed limit is 60 mph, then the boundary lies at 60mph. If you go faster than 60mph, you are speeding and must get a parking ticket. The trouble is that most of the traffic travels at a speed greater than 60 (typically somewhere between 65 and 70mph – the “accepted” 5-10mph above the limit), making it an illegal-but-acceptable zone of 5-10mph.
This zone exists for a variety of reasons. First and foremost is the technicality of the margin of error of speed checking guns or various other devices, the calibration errors. etc. Smart lawyers try to get their clients off based on such technicalities. So, the police try to catch people outside this range of error. But this is not always so. Sometimes, the cops will catch you even if you are going only 4 mph above the posted limit (say 64 in a 60 zone). Why this discrepancy?
One way to deal with this is to always follow the posted speed limit. If the general traffic is going faster, then not only will you be the slowest car on the road, but you might also be holding up some traffic, thereby causing a more potentially dangerous situation. Furthermore, if you were following the posted limit, why should you be the one to be punished by having to spend more time for the same task that everyone else does in a shorter period of time? Law-abiding citizens should be rewarded, and not disadvantaged. If someone is traveling above the posted limit, it is the duty of the police officer in charge to issue a ticket. Every time the police officer neglects to perform his duty, he is abetting a misdoing.
I have been asking all my friends who have been driving for more than 5 years, and so far, every single one has got a speeding ticket. Some people are habitual speeders, but even the more cautious, gentler drivers have managed to be caught speeding at least once.
Do you know anyone who has been driving for a long time without ever getting a speeding ticket? Please add it in the comments, I would love to know.