diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..778edc5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +/.sass-cache +/_site +/_story_photo_ideas + +# Ignore OSX files like: +.DS_Store + + +### JetBrains template +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm + +*.iml + +## Directory-based project format: +.idea/ + diff --git a/.ruby-gemset b/.ruby-gemset new file mode 100644 index 0000000..2a83d38 --- /dev/null +++ b/.ruby-gemset @@ -0,0 +1 @@ +myjekyllblog diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000..eca07e4 --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +2.1.2 diff --git a/2012/02/25/eight-months-at-tw-pune.html b/2012/02/25/eight-months-at-tw-pune.html new file mode 100644 index 0000000..45fcb61 --- /dev/null +++ b/2012/02/25/eight-months-at-tw-pune.html @@ -0,0 +1,196 @@ + + + + + + 8 months at ThoughtWorks Pune — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +1 min read +
+

8 months at ThoughtWorks Pune

+

The place I now call my home

+
+ +
+

I joined ThoughtWorks, Pune in June 2011. 8 months ago. +Previously I had worked with Persistent Systems, IBM Software Labs and Performix (a start-up). +I would like to pen down my ThoughtWorks journey so far. Correction. Incredible journey.

+ +

For sake of readability, let’s list down the things I feel are awesome and different about ThoughtWorks, +and why I catch myself wondering why the hell did I not apply to ThoughtWorks earlier. For the record, +I joined ThoughtWorks as a Senior Consultant, and my role here is Programming, Programming and yeah Programming. :) +Lets see.. what this means.

+ +

Read the full blog on my older site: +8 Months at ThoughtWorks Pune

+ + + + +
+ + +
+
+ + + + + + diff --git a/2012/04/29/understanding-web-vulnerabilities-cookies.html b/2012/04/29/understanding-web-vulnerabilities-cookies.html new file mode 100644 index 0000000..370ce98 --- /dev/null +++ b/2012/04/29/understanding-web-vulnerabilities-cookies.html @@ -0,0 +1,202 @@ + + + + + + Web Vulnerabilities - Phishing, Cookies, XSS and CSRF — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +1 min read +
+

Web Vulnerabilities - Phishing, Cookies, XSS and CSRF

+

A basic overview of common web vulnerabilities

+
+ +
+

Last week I gave a presentation on “Web Application Vulnerabilities” as part of our weekly Dev meetup at ThoughtWorks. +The presentation was aimed at covering some vulnerabilities and risks that plague Web based applications, +and to make folks aware of risks and possible mitigation options. In specific, topics covered were Phishing, +Social Engineering, Cookies and Cross Site Request Forgery (CSRF or XSRF).

+ +

As a continuation to the presentation, I felt that writing a blog on it would crystallize the information +I had collected and make it available to a larger audience.

+ +

Read the full blog on my older site: +Web Vulnerabilities - Phishing, Cookies, XSS and CSRF

+ + + + +
+ + +
+
+ + + + + + diff --git a/2012/07/22/poke-yoke-mistake-proofing-software.html b/2012/07/22/poke-yoke-mistake-proofing-software.html new file mode 100644 index 0000000..8898cef --- /dev/null +++ b/2012/07/22/poke-yoke-mistake-proofing-software.html @@ -0,0 +1,202 @@ + + + + + + POKA YOKE - Applying Mistake Proofing to Software — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +1 min read +
+

POKA YOKE - Applying Mistake Proofing to Software

+

A technique for reducing mistakes in software

+
+ +
+

Note: This has been one of my highest read blog posts ever with over 100,000 views. I am humbled. Thank you!

+ +

For years, automobile companies have utilized “Mistake Proofing” as a technique for ensuring high quality, +high speed manufacturing – especially in cases of mass scale production. +This is also known as Poka-Yoke (in Japanese) and was adopted and formalized as part of the Toyota Production System. +This blog attempts to raise awareness (with examples) for the need of Poka Yoke in Software Design and +within the Software Development process.

+ +

Read the full blog on my older site: +POKA YOKE – Applying Mistake Proofing to Software

+ + + + +
+ + +
+
+ + + + + + diff --git a/2012/07/29/recommended-reading-for-devs-thoughtworks.html b/2012/07/29/recommended-reading-for-devs-thoughtworks.html new file mode 100644 index 0000000..c81a665 --- /dev/null +++ b/2012/07/29/recommended-reading-for-devs-thoughtworks.html @@ -0,0 +1,209 @@ + + + + + + Recommended Readings for Lateral Dev Hires at ThoughtWorks -- An Unofficial Opinion — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +1 min read +
+

Recommended Readings for Lateral Dev Hires at ThoughtWorks -- An Unofficial Opinion

+

Suggested reading for experienced developers

+
+ +
+

Quite often experienced folks joining ThoughtWorks have a common set of questions: What should I read to prepare +myself for ThoughtWorks? What kind of technologies does ThoughtWorks work on? Will I go on a Ruby or Java or Mobile project?

+ +

I doubt there is any good and precise answer to these questions. But, there certainly are some practices +that I feel our in the DNA of ThoughtWorks. Agile & Extreme Programming practices drive most of this. +Unfortunately, Agile means totally different things to different people outside ThoughtWorks. And, quite often, +nothing will prepare you for the radical changes that are going to come to your way of working at ThoughtWorks.

+ +

So, I thought, why not try come up with some recommended readings for Dev Lateral hires (experience range of 3 - 10 years), +to introduce them to some of our development practices, coding styles, unit testing beliefs, etc. I asked a few of my colleagues +- namely Unmesh, Chirag, Sunit and Aman on what they felt should be the minimum recommended reading list for Lateral ThoughtWorkers. +This is what we all came up with.

+ +

I may have used my discretion to sanitize the final list, therefore if you don’t like the list – blame me!

+ +

Read the full blog on my older site: +Recommended Readings for Lateral Dev Hires at ThoughtWorks – An Unofficial Opinion

+ + + + +
+ + +
+
+ + + + + + diff --git a/2012/12/16/vagrant-an-interesting-approach-dev.html b/2012/12/16/vagrant-an-interesting-approach-dev.html new file mode 100644 index 0000000..7331a27 --- /dev/null +++ b/2012/12/16/vagrant-an-interesting-approach-dev.html @@ -0,0 +1,201 @@ + + + + + + Vagrant: An interesting approach to setup development environments FAST! — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +1 min read +
+

Vagrant: An interesting approach to setup development environments FAST!

+

Understanding the popularity behind Vagrant

+
+ +
+

If you have never heard of Vagrant, or are interested in understanding what is Vagrant, then this blog should be useful to you.

+ +

Setting up a development environment for many projects now-a-days isn’t a matter of simply running a script or downloading +a piece of software. On most projects, the average setup time to get all up and running is usually a day, and sometimes more. +Most often, time is spent on setting environment variables, handling software version conflicts, or general configuration. +Not to mention, that once you are done, doing this for the next project would be even more challenging.

+ +

Read the full blog on my older site: +Vagrant: An interesting approach to setup development environments FAST!

+ + + + +
+ + +
+
+ + + + + + diff --git a/2014/01/10/using-capybara-and-rspec.html b/2014/01/10/using-capybara-and-rspec.html new file mode 100644 index 0000000..1d72402 --- /dev/null +++ b/2014/01/10/using-capybara-and-rspec.html @@ -0,0 +1,198 @@ + + + + + + Using Capybara and Rspec assertions in Page Objects — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

Using Capybara and Rspec assertions in Page Objects

+

Writing well encapsulated tests in Rails with the Page Object pattern

+
+ +
+

On my Rails project, I am using RSpec and Capybara to write functional tests.
+I did not want to specify any HTML elements in my Capybara feature files, since that makes the +feature files brittle to HTML / CSS changes. It also violates the DRY principle and basic code hygiene.

+ +

Read the full blog on my older blog site here: +Using Capybara and Rspec assertions in Page Objects

+ + + + +
+ + +
+
+ + + + + + diff --git a/2014/07/26/scala-diff-between-sort-methods.html b/2014/07/26/scala-diff-between-sort-methods.html new file mode 100644 index 0000000..008bfde --- /dev/null +++ b/2014/07/26/scala-diff-between-sort-methods.html @@ -0,0 +1,240 @@ + + + + + + Difference between sorted, sortWith and sortBy in Scala — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +3 min read +
+

Difference between sorted, sortWith and sortBy in Scala

+

Understand which sort method to use in what situation.

+
+ +
+

Scala collections provide you three options for sorting: sorted(), sortWith() and sortBy(). Here is a simplified explanation:

+ +

sorted

+

Will sort the list using the natural ordering (based on the implicit Ordering passed)

+ +

sortBy (an attribute)

+

Sort by a given attribute using the attribute’s type. +e.g. given a list of Person objects, if you want to sort them in ascending order of their age +(which is an Int), you could simply say:

+ +
1 personList.sortBy(_.age)
+ +

sortWith (a function)

+

Takes a comparator function. Useful when you want to specify a custom sorting logic. +e.g. if you want to sort by age descending, you could write this as:

+ +
1 personList.sortWith{(leftE,rightE) =>
+2      leftE.age > rightE.age
+3 }
+ +

Or, more simply:

+ +
1 personList.sortWith(_.age > _.age)
+ +

A full example

+ +
 1 // Sequence of numbers
+ 2 val xs = Seq(1, 5, 3, 4, 6, 2)
+ 3 
+ 4 // Sort using Natural ordering as defined for Integers in Scala Library
+ 5 xs.sorted //1,2,3,4,5,6
+ 6 
+ 7 // Sort 'with' a comparator function
+ 8 xs.sortWith(_<_) //1,2,3,4,5,6
+ 9 xs.sortWith(_>_) //6,5,4,3,2,1
+10 xs.sortWith((left,right) => left > right) //6,5,4,3,2,1
+11 
+12 // Create a Person class
+13 case class Person(val name:String, val age:Int)
+14 
+15 // Define a list of Persons
+16 val ps = Seq(Person("John", 32), Person("Bruce", 24), Person("Cindy", 33), Person("Sandra", 18))
+17 
+18 // Sort People by increasing Age (natural ordering of Int will kick in)
+19 ps.sortBy(_.age) //List(Person(Sandra,18), Person(Bruce,24), Person(John,32), Person(Cindy,33))
+20 
+21 // Sort People by decreasing Age, using a comparator function
+22 ps.sortWith(_.age > _.age) //List(Person(Cindy,33), Person(John,32), Person(Bruce,24), Person(Sandra,18))
+ + + + +
+ + +
+
+ + + + + + diff --git a/2014/11/28/Way-to-a-new-project.html b/2014/11/28/Way-to-a-new-project.html new file mode 100644 index 0000000..0da2246 --- /dev/null +++ b/2014/11/28/Way-to-a-new-project.html @@ -0,0 +1,218 @@ + + + + + + Way To A New Project — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
On top of Mt Billing in Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +3 min read +
+

Way To A New Project

+

Tips on becoming effective quickly on joining a new project

+
+ +
+

You move to a new project. Its exciting. It holds promise of something awesome (usually). You are ready to dive. You want to learn things fast. You want to contribute. You want to become effective. You want to be welcomed. And then maybe, become invaluable.

+ +

There are some tips I have learnt on how to navigate new projects effectively. I would look forward to hearing what you have to say about yours. And, I suspect there will be more.

+ +
    +
  1. The more experience you get on multiple tools and technologies, the easier it is to move to newer projects with newer tech stacks.
    2. +
  2. The more you master one programming language, the more difficult you find adopting another language. Especially if you are a perfectionist.
    3. +
  3. The more you expose yourself to various languages, the better you program in all previous languages.
    4. +
  4. The quicker you understand the domain of the project, the quicker you understand the code of your project (unless people in your team like naming everything as “data” or “temp” or “value” or “count”, in which case you are doomed, and you should quit).
    5. +
  5. Understand the database of your project. The database brings insights into relationships between entities. These relationships will remain permanent for a very long time, while the code on top that manipulates the data, will keep getting refactored. Once you get a handle on the data, the code becomes much easier to understand.
    6. +
  6. Pair with QAs. Perform testing. You will understand the domain, and the inter-dependencies quickly.
    7. +
  7. Ask questions, write notes, and volunteer to take sessions on project topics / technologies. Nothing teaches us faster, than the pressure to not look foolish.
    8. +
  8. Try and understand the reasoning behind why features are being built, because 60% of the features in all software products are built for the same purpose — each using a different technology or tool. For instance, every corporate website has Search, Page Analytics, Splunk Style Logging, Meta-Tagging for SEO, JS/CSS optimizations for performance, Device & Browser Detection and Cookie Manipulations for Personalization, Responsive design, REST based integration, SSL, etc.
    9. +
  9. Follow a user journey in code — to understand all the layers involved, and how they interact. A decent codebase, usually has a few patterns that are repetitively used.
    10. +
  10. Use a good IDE for navigating code. They will help you understand code paths, callers, implementers, etc very quickly. I use IntelliJ (Cmd+Alt+F7), and Sublime.
    11. +
  11. Read the unit test to understand the class. Of course, I work at ThoughtWorks, and therefore have the luxury of seeing self documenting unit tests. And this means, I am indebted to ensure that readers of my code also see good unit tests.
    12. +
  12. Hunt out for project documentation — especially those which pertain to large scale features, architecture, etc — as they summarize information quite well.
    13. +
  13. Sign up for devops tasks. They will help you understand the inter-dependencies between systems very quickly.
    14. +
  14. Find out who’s who on the project (customer side), so that you know whom to reach out to, for what insight.
    15. +
+ +

Have patience. It takes a minimum of 3 months to “feel” effective. And then another 3 to be “one-with-the-project”.

+ +

I know. It’s not a shortcut. It’s a path.

+ +

Originally published on my older blog here.

+ + + + +
+ + +
+
+ + + + + + diff --git a/2015/02/14/building-apps-for-multiple-countries.html b/2015/02/14/building-apps-for-multiple-countries.html new file mode 100644 index 0000000..615d043 --- /dev/null +++ b/2015/02/14/building-apps-for-multiple-countries.html @@ -0,0 +1,199 @@ + + + + + + Building Applications for Multiple Countries and Languages — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near Chinatown street in Singapore
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

Building Applications for Multiple Countries and Languages

+

A checklist of things to bear in mind while developing applications for the global audience

+
+ +
+

I have worked on a couple of projects where we had to make the application multi-country savvy, +and I think it would be good to pen down various areas we considered, and the tools we used. +Note that, these practices are from the perspective of a Java/Scala project, but can easily be +adapted to other platforms too – since the basic requirements are similar.

+ +

To read my full blog, please go here: +Building Applications for Multiple Countries and Languages

+ + + + +
+ + +
+
+ + + + + + diff --git a/2015/08/16/gocd-on-digital-ocean.html b/2015/08/16/gocd-on-digital-ocean.html new file mode 100644 index 0000000..62b8890 --- /dev/null +++ b/2015/08/16/gocd-on-digital-ocean.html @@ -0,0 +1,197 @@ + + + + + + Installing ThoughtWorks GoCD Server and Agent on a Digital Ocean Droplet — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

Installing ThoughtWorks GoCD Server and Agent on a Digital Ocean Droplet

+

Quick experimental setup on the cloud

+
+ +
+

Today I experimented with installing ThoughtWorks GoCD Server and agent on a Digital Ocean CentOS droplet. +Note that you will need to ensure that you setup swap space on your digital ocean droplet, +before proceeding with installing GoCD.

+ +

Read the steps here on my old blog: Installing ThoughtWorks GoCD Server and Agent on Digital Ocean Droplet.

+ + + + +
+ + +
+
+ + + + + + diff --git a/2015/10/03/understanding-vagrant-boxes.html b/2015/10/03/understanding-vagrant-boxes.html new file mode 100644 index 0000000..f9a53d5 --- /dev/null +++ b/2015/10/03/understanding-vagrant-boxes.html @@ -0,0 +1,203 @@ + + + + + + Understanding Vagrant Boxes and VMs — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +1 min read +
+

Understanding Vagrant Boxes and VMs

+

Clearing the confusion around Vagrant boxes

+
+ +
+

Vagrant is an awesome tool for developers to get their own sandboxed environments to play with. +To understand more about Why Vagrant, you could read my earlier blog post: +Vagrant: An interesting approach to setup development environments FAST. +But, because Vagrant does a lot of things auto-magically under the hoods, most of the times people are left confused +when they want to delete or add boxes or VMs. I will try and explain the relationships between Base Boxes, VMs, Virtual Box +Instances, etc in this post.

+ +

Note: The term box is loosely used by many people, and hence the confusion has risen even further.

+ +

Read the full blog on my older site: +Understanding Vagrant Boxes and VMs

+ + + + +
+ + +
+
+ + + + + + diff --git a/2015/11/01/I-moved-to-Jekyll.html b/2015/11/01/I-moved-to-Jekyll.html new file mode 100644 index 0000000..21d06f7 --- /dev/null +++ b/2015/11/01/I-moved-to-Jekyll.html @@ -0,0 +1,199 @@ + + + + + + I moved to Jekyll — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Tibetan artists in Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

I moved to Jekyll

+

More control. More elegant. My new blog.

+
+ +
+

My blog on Google Blogspot techie-notebook.blogspot.in hit the 100,000 views mark. +I am super excited. But, I didn’t really like the way my blog looked. I wanted it to be simple. I wanted it to be +elegant. I wanted to render code, like it should. I wanted the programmer in me, to be in control. So I moved to +Jekyll.

+ +

Moving forward, I will write my lessons, and thoughts here; and life-lessons.in will its home. +I hope my blog readers will appreciate the move.

+ + + + +
+ + +
+
+ + + + + + diff --git a/2015/11/15/podcasts-i-love.html b/2015/11/15/podcasts-i-love.html new file mode 100644 index 0000000..8218967 --- /dev/null +++ b/2015/11/15/podcasts-i-love.html @@ -0,0 +1,234 @@ + + + + + + Podcasts I Love — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +3 min read +
+

Podcasts I Love

+

A list of podcasts to bookmark and listen

+
+ +
+

Driving in India is a test of patience. And a waste of time.

+ +

A few months ago, I decided to try an experiment while driving to office (about a 30 minutes ride one way). +Podcasts.

+ +

Turns out, I had uncovered something amazing. Podcasts made me forget the time I spend on the road, and instead opened a window to a world I didn’t know existed. +I now found an opportunity to hear interviews and stories, of lives of people, in far away places. +People, whose stories, I would otherwise never have heard.

+ +

He is a list (I plan to keep up-to-date), with a list of podcasts I really enjoyed, or were super thought-provoking. If you like these, please bookmark this post.

+ +

Podcasts

+ +

List of Podcasts

+ +
    +
  1. [Tim Ferris Interview] Pavel Tsatsouline on the Science of Strength and the Art of Physical Performance: +Fundamentals of Strength training, kettle bell, no-nonsense, fitness, and many things under the world.
    2. +
  2. [Tim Ferris Interview] General Stan McChrystal on Eating One Meal Per Day, Leadership in the Military, +Special Ops, and Mental Toughness: An interesting interview on Leadership challenges in the military +and what can we learn from them, for navigating the civilian world.
    3. +
  3. [Tim Ferris Interview] The Scariest Navy SEAL Imaginable…And What He Taught Me: An interview with Jocko Willink +about training for jiu-jitsu, managing fear, leadership in SEAL teams, fitness and discipline.
    4. +
  4. [NPR TED Talk] Courage: Understanding courage in people – talks by some remarkable people, with remarkable +achievements.
    5. +
  5. [NPR TED Talk] Keeping Secrets: Secrets in the world.
    6. +
  6. [NPR TED Talk] Quiet: A Man who did not speak for 17 years. And the importance of Quiet.
    7. +
  7. [NPR TED Talk] Unstoppable Learning: A fantastic experiment on how children can learn without any teachers.
    8. +
  8. [Stuff You Should Know] How the Berlin Wall Worked: The amazing history of the wall that divided East +and West Germany for 28 years.
    9. +
  9. [Stuff You Should Know] How Black Boxes Work: An understanding of black boxes on the planes, and their history. Very fascinating.
    10. +
  10. [Stuff You Should Know] Does Owning a Gun Change your Behavior: Gun Control, and the psychological impact of owning a gun. +It isn’t what you think it is.
    11. +
  11. [Stuff You Should Know] How Bitcoin Works: An explanation of Bitcoin.
    12. +
  12. [Stuff You Should Know] Can you test a Nuclear Weapon without a Fallout?: A history of the various nuclear weapon tests conducted on Planet Earth, and their repercussions.
    13. +
  13. [NPR Hidden Brain] Tribes & Traitors: What Happens When You Empathize with the Enemy?: The more trauma an individual or a group has experienced, the harder it can be to acknowledge the suffering of the other side. A look into the life of a former Israeli paratrooper and a Palestinanian professor who empathized with the other side.
    14. +
  14. [NPR Hidden Brain] In Praise of Mess: Why Disorder May Be Good For Us: In this episode of Hidden Brain, economist and writer Tim Harford talks about how an embrace of chaos is beneficial to musicians, speechmakers, politicians – and the rest of us.
    15. +
  15. [Farnam Street] Interview with Naval Ravikant: Words of wisdom on life, decision making, the importance of reading, meditation and a lot of other topics. This is one of the best podcasts I have heard. You can also read the audio transcript here.
    16. +
+ +

I usually listen to podcasts on the Iphone podcast app.

+ + + + + +
+ + +
+
+ + + + + + diff --git a/2015/12/25/The-Velocity-Conundrum.html b/2015/12/25/The-Velocity-Conundrum.html new file mode 100644 index 0000000..5067bd0 --- /dev/null +++ b/2015/12/25/The-Velocity-Conundrum.html @@ -0,0 +1,277 @@ + + + + + + The Velocity Conundrum — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near Chinatown street in Singapore
+ + +
+ +
+
+
+ By
— + — + +6 min read +
+

The Velocity Conundrum

+

Pitfalls in measuring velocity of high performance teams

+
+ +
+

Velocity! It’s a term that has potentially confounded, frustrated and perhaps amused Agile practitioners and customers alike at some point. It’s a concept that can be quite helpful though, when used accurately as a planning & estimation tool.

+ +

Velocity is a measure of the number of story points delivered in an Iteration. The word delivered here means - dev & test complete, and +ready for Production. Depending on your organizational maturity it could also mean – in Production.

+ +

Velocity as a Guide

+ +

Let’s take an example of how one uses velocity as a guiding metric.

+ +

For instance, in Iteration-1 (I-1), if a team completes 12 story points, then the velocity of the team is 12. It means that, in next iteration you can assume the team will be able to deliver about 12 points worth of features. Another way of saying this, is that yesterday’s weather is 12.

+ +

In I-2, if the team delivers 15 points, then for I-3 you can plan for approx 13 (avg of I-1 and I-2). On the other hand, if the team delivers say 10 points in I-2, then next time you plan for 11 (avg of I-1 and I-2).

+ +

In general, you average the velocity of the last three iterations, and use that as yesterday’s weather to arrive at what you should expect as velocity for the next iteration.

+ +

Low Velocity

+ +

If the team achieves lesser points in an iteration than what you expected, should you be concerned? The answer is: It depends. You should try +and find out the possible cause, and then decide whether you should be concerned or not. The aim is to reach a sustainable cadence +that allows for healthy team productivity and greater customer satisfaction.

+ +

A retrospective meeting at the end of an iteration, is a practical way to discuss potential reasons for drop (or increase) in velocity. Some possible reasons for a drop in velocity are:

+ +
    +
  1. The features being developed were more complex than estimated (or expected).
    2. +
  2. High technical debt in certain parts of the system is causing development to be slower than expected. Think of tech debt as hurdles on your way. The more the hurdles, the higher the friction, the slower you will move.
    3. +
  3. Other factors like too many red builds, flaky acceptance tests, network issues, unnecessary meetings, bugs from previous iteration or holidays, could have sucked away precious time from the team – and hence they could not work on feature development as much as they otherwise would have.
    4. +
+ +

Usually a drop in velocity is due to a combination of the above factors. You may be able to remove some hurdles and mitigate some challenges. Or, maybe you can’t do anything about some of the reasons. You note them down, voice them, and remember to account for them in future iteration plans where applicable.

+ +

The “Upper Management” Effect

+ +

Many teams (and managers) don’t want to show a velocity drop. Because upper management will frown upon them as an indicator of slacking +and under achievement.

+ +

This leads to people coming up with various ways of showing that their velocity is the same as before. +For instance, claims like: “We were busy refactoring the service layer, so, we should claim 2 points for that”. Or, “We were blocked due to +network issues, and hence we claim 1 point for that”. So now, with these deviations, total velocity is shown to be:

+ +

9 (actual for feature development) + 2(for refactoring) + 1 (for network issues) = 12 (hey.. this is 1 point better than usual! All is good!)

+ +

This velocity adjustment for upper management’s sake is a recipe for disaster. Instead of fixing organizational, technical and business issues, we have made everything look “OK” and reached a status-quo.

+ +

The fixation for treating velocity as a productivity measure, has led to a loss of agility and muddled priorities.

+ +

High Performance Teams & Trust

+ +

Agile practices only work when you trust the team. Trust can only be developed, when you hire the right people for the job. The right people for the job are people who care about their work, and are good at what they do. Organizations have a duty to hire the best, and then get out of the way, whilst providing periodic and necessary support.

+ +

Velocity as a metric, will be useful only if the team is passionate about delivering and improving their own productivity. If the team is looking at answering the question - “How can we do better?”, then velocity can help the team to inform them if they are on the right track.

+ +

But, depending ONLY on velocity as a measure of your improvement is wrong. You may see a drop in velocity due to many external factors, even when the team is taking the right steps to improve the quality of the system. It is analogous to seeing weight as the only measure of improving health.

+ +

Conclusion

+ +

Velocity should be treated as a guide using which you plan the next iteration and measure the impact of your adjustments or fixes. Velocity also acts as an approximate tool to provide visibility into when certain features will make it into the release.

+ +

Velocity is NOT a measure of the quality of the work being done by the team or of the productivity of the team.

+ +

Further Reading

+ +
    +
  1. +

    Velocity is killing agility (Jim Highsmith)

    + +

    Over emphasis on velocity causes problems because of its wide use as a productivity measure. The proper use of velocity is as a calibration tool, a way to help do capacity-based planning…

    +
    2. +
  2. +

    XpVelocity (Martin Fowler)

    + +

    Velocity is a tool for calibrating estimations for YesterdaysWeather, it is not a measure of productivity.

    +
    3. +
  3. +

    Technical Debt (Wikipedia)

    + +

    If the debt is not repaid, then it will keep on accumulating interest, making it hard to implement changes later on. Unaddressed technical debt increases software entropy.

    +
    4. +
  4. +

    How To Not Destroy your Agile Team with Metrics (InfoQ)

    + +

    The streetlight effect is our human tendency to look for answers where it’s easy to look rather than where the actual information is.

    +
    5. +
+ + + + + +
+ + +
+
+ + + + + + diff --git a/2016/02/03/every-single-retro.html b/2016/02/03/every-single-retro.html new file mode 100644 index 0000000..11cdb13 --- /dev/null +++ b/2016/02/03/every-single-retro.html @@ -0,0 +1,193 @@ + + + + + + Every Single Retro — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

Every Single Retro

+

When was the last time you attended a retro. Did you encounter these things?

+
+ +
+

EverySingleRetro

+ + + + +
+ + +
+
+ + + + + + diff --git a/2016/03/03/money-in-way-of-life.html b/2016/03/03/money-in-way-of-life.html new file mode 100644 index 0000000..252a4fe --- /dev/null +++ b/2016/03/03/money-in-way-of-life.html @@ -0,0 +1,194 @@ + + + + + + When Money gets in the way of Life — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

When Money gets in the way of Life

+

My anger at the state of health care in most countries

+
+ +
+

I wrote this blog on Bahmni Community Blogs on Medium. Read the full blog here: +When Money gets in the way of Life - Bahmni Blogs

+ + + + +
+ + +
+
+ + + + + + diff --git a/2016/04/24/mars-rover-problem-in-scala.html b/2016/04/24/mars-rover-problem-in-scala.html new file mode 100644 index 0000000..a80ca83 --- /dev/null +++ b/2016/04/24/mars-rover-problem-in-scala.html @@ -0,0 +1,200 @@ + + + + + + Mars Rover Problem in Scala — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + + < 1 min read +
+

Mars Rover Problem in Scala

+

Companion code to Priyank's blog

+
+ +
+

Priyank Gupta, a respected ex-ThoughtWorker from the Pune office, wrote an excellent blog series in 2014 titled: +Decoding ThoughtWorks Coding Problems.

+ +

In this blog he explains what constitutes good code & design, using the now decommissioned Mars Rover problem as an example. +His code is in Java. I decided to showcase the same design in Scala, using only “the good parts” of Scala, with an aim of keeping +the solution easy to understand, and enhance.

+ +

My implementation can be seen on Github here: mars-rover-scala.

+ + + + +
+ + +
+
+ + + + + + diff --git a/2016/09/05/reduce-eye-strain-with-flux.html b/2016/09/05/reduce-eye-strain-with-flux.html new file mode 100644 index 0000000..3c8fc1d --- /dev/null +++ b/2016/09/05/reduce-eye-strain-with-flux.html @@ -0,0 +1,220 @@ + + + + + + Reduce Computer Eye Strain with F.lux — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Near the Norbulingka Institute, Dharamshala, India
+ + +
+ +
+
+
+ By
— + — + +2 min read +
+

Reduce Computer Eye Strain with F.lux

+

An application I have been using for over 3 years

+
+ +
+

f.lux

+ +

About 3 years ago, one of my colleagues in ThoughtWorks, Sam Gibson, suggested I try out f.lux.

+ +

f.lux changes the Color temperature of my mac screen in the evening, so that the blue light from the screen is removed, and +instead a nice warm set of colors are emitted from the screen. This drastically reduced the strain that I felt on my screen +at night. It felt weird, the first 3 or 4 days, when my screen colors changed in the evening. But then soon enough, I +even stopped realizing when f.lux changed the colors. It would only be a passerby, who would look at my screen, and wonder: +Hey what happened to your screen?

+ +

Over the last few months, I have recommended this app to many friends. One of whom used to get a headache by evening +working on the computer, and had resigned to the fact that such is life. After trying out f.lux, his incidences of headaches +have drastically reduced!

+ +

As the f.lux website says: “f.lux makes your computer screen look like the room you’re in, all the time. +When the sun sets, it makes your computer look like your indoor lights. In the morning, it makes things look +like sunlight again.

+ +

I would recommend you to try (please note, I am not a doctor!). f.lux sits happily in your menu bar, and you can toggle it +temporarily off (for an hour) when you feel the need to switch back to normal color mode, say for doing some photoshop or color +editing, etc. f.lux is also available for Windows, and I think similar apps are now available for tablets & phones too.

+ +

Besides f.lux, I am also using Awareness, to help +remind me how long I have not taken a break on the computer, and the +Pomodoro timer, +to help me focus on a specific task at a time.

+ +

Do try out these apps.

+ + + + +
+ + +
+
+ + + + + + diff --git a/2017/02/18/open-source-explained.html b/2017/02/18/open-source-explained.html new file mode 100644 index 0000000..a8630d2 --- /dev/null +++ b/2017/02/18/open-source-explained.html @@ -0,0 +1,288 @@ + + + + + + Understanding Open Source Software — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
My acoustic guitar - Greg Bennett
+ + +
+ +
+
+
+ By
— + — + +12 min read +
+

Understanding Open Source Software

+

My thoughts and findings about questions concerning Open Source Software

+
+ +
+

I have been contributing to Open Source Software (OSS) for over 3 years now, at ThoughtWorks. Many people seem to have some misconceptions about OSS, or don’t fully realise the implications and impact of OSS. In this blog, I have shared a few of my learnings and thoughts on this topic. If you are technologist – who has some familiarity with OSS, then it’s likely that this article will be helpful.

+ +

Just because the source code is available does not mean it is Open Source

+ +

Most people explain Open Source Software (OSS) as — a software that has made its source code available publicly. That is an incomplete and incorrect definition of the term Open Source Software.

+ +

An Open Source Software is software where the code is not only freely available to view, but also to modify, redistribute, and has an associated license that allows for this to happen. This is how Wikipedia defines Open Source Software (OSS):

+ +

Open-source software (OSS) is computer software with its source code made available with a license +in which the copyright holder provides the rights to study, change, and distribute the software to anyone +and for any purpose.

+ +

Irrespective of the OSS license being applied, the above conditions should be true for a software to call itself Open Source.

+ +

A more precise, easy-to-understand and widely referenced definition of Open Source Software is maintained and managed by the Open Source Initiative (OSI) on this page: Open Source Definition. It mentions ten criteria that should be satisfied by the distribution terms of the software license for it to be accepted as Open Source. Some of these criteria are: free redistribution, must have easy access to un-obfuscated source code, should allow modifications and distribution of these modifications, should be free of discrimination against people/geographies/groups/field of endeavour/technology stack, etc.

+ +

So – just having access to source code isn’t Open Source. It’s a much broader term, associated with greater freedom.

+ +

So then what is the deal with the different licenses – GPL, MPL, Apache, etc?

+ +

Note: I am not a lawyer. Please consult a qualified lawyer when you are inspecting / figuring out an OSS License for your company or software. My advice here is informal. Licenses are a complex beast – especially when softwares containing different licenses are put into the mix.

+ +

There are many available OSS licenses publicly recognized to make it convenient for you to choose the one that suits your needs. The Open Source Initiative (OSI) maintains a list of approved licenses here for you to choose from.

+ +

All these licenses are recognized as Open Source Licenses, and hence should provide the same freedom as mentioned above while explaining what does OSS mean – but there is always something unique about each license that makes them stand apart. This is why you need legal counsel. Your motivations and business model will affect the choice of license.

+ +

Licenses like the GPL license are called Copyleft licenses which are protective in nature. If you use a GPL Licensed software library in your software you will require to make your own software freely available under the GPL License. If you are a commercial / proprietary software team, you most likely do not want to open source your proprietary software, and therefore won’t be able to include libraries licensed under GPL. Do check out: Can I use GPL software in a commercial application? As an example – iText is a library for generating PDFs which is provided under an AGPL license (free) and also under a commercial license that allows you to include it in programs that are released under a license of your choice (paid). You will not be able to include its free version in the source code to closed-source software for the same reasons articulated above. Read about iText License implications here.

+ +

Interesting articles to read: The Decline of GPL? +and Can I use MongoDB for a commercial web based service?

+ +

Important Notes:

+ +
    +
  1. I work on an open source hospital system called Bahmni, for low-resource environments. This software is licensed under AGPL license. Distributing the software under the AGPL means that any modifications or improvements done for Bahmni must be made available to all for free. In this way, the choice of license helps to ensure that the software will remain a public benefit to humanity and no one can capture it for their private gain. Read more about some problems with commercial EHR here: Obama and Biden Blast EHR Vendors for Data Blocking.
    2. +
  2. Linux is licensed under GPLv2. For good reasons. From this article, Linus Torvalds says: “The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that’s a big deal for community management.”
    3. +
  3. Do you know the differences between Red Hat Enterprise Linux RHEL (paid) and CentOS Linux (free)? You might be surprised to know that the code of CentOS Linux is created from RHEL source code with all Red Hat trademark information removed – because Red Hat invests/pays for the trademark and logo, but the underlying Linux and its modifications are required to be made freely available as source code – which allows the creation of CentOS. This is why so many companies use CentOS – because they believe they get the same quality for free! Amazing. Isn’t it? Read more here: Wikipedia/CentOS and here: Wikipedia/RedHatDerivatives.
    4. +
+ +

But some OSS would prefer to focus on getting lots of people to adopt them quickly and easily, especially software platforms and libraries – because the wider the adoption of a software, the more chances are that its bugs will surface quicker, it will become more stable, it will have more impact, and more people will contribute to it. Once a company or a team invests in a software stack, it’s unlikely that they would want to throw it away on the slightest excuse! This is why many Open Source Software projects choose a more permissive license which allows you to ship and use them in commercial packages. Think of Angular.js, React.js, Postgres, Spring Framework, Ruby Language, jQuery, Tomcat Server and other softwares from Apache, Nginx, Selenium Test Framework, jUnit and many other libraries, tools and software which we all use in proprietary software – are all Open Source! They are licensed in a manner that allows others to benefit off them. Isn’t that awesome! So – have you given them back something? Have you helped making them better or popular?

+ +

So do people make any money with Open Source Softwares?

+ +

I think it’s important to separate this question into two areas – one for the company and the other for an individual.

+ +

So, let’s ask the first question: As a company, if I open source my software - can I make money? The answer is: Unlikely. The software after all is free, and hence you can’t really make money from it. But it might make long term business and financial sense to still do it – for reasons like adoption and maintenance. Platform products like Android and OpenStack are open source so that people can use them widely and build commercial models on top of them. The more people adopt Android for instance, the more people use Google Search and related services. That drives revenue and profits for Google. Open sourcing their platform, helps companies stay relevant.

+ +

For instance in this article on Tech Radar (The reasons behind Microsoft’s drive for open source) Wes Miller, Vice President at analyst group Directions on Microsoft points out: +“Much like Apple and Google, whose open source projects may be strategic to a degree of mindshare (but not revenue), the projects that Microsoft has chosen to open source are intended to help build community/collaboration and mindshare. The areas of the company that are still breadwinners are not open source, nor do I believe we should expect them to be anytime soon”.

+ +

This is not to say that companies are not making money from Open Source software. There are 15+ business models with OSS mentioned on Wikipedia. The obvious ones are Support and Professional Services around the software package, but people can do a lot more including writing paid add-ons, software-as-a-service, advertisements, trainings, etc.

+ +

For good examples of businesses that rely on Open Source Software, and the associated struggle, I would recommend reading this article by TechCrunch (Money in Open Source Software). It says: “Despite the growing popularity of open-source software, though, many open-source companies are not financially healthy. Just like eyeballs didn’t translate into actual online purchases during the first dot-com era in the late 1990s, millions of free-software downloads do not always lead to sustainable revenue streams.”

+ +

Now - lets ask the second question: As a developer or a technologist - can I make money by working on Open Source Software? The answer is: Pretty Likely – if you are good at what you do and your chosen OSS is in-demand. Developing and maintaining good software is hard - especially if it’s being used by multiple customers.

+ +

With Open Source, the advantage is that there are very few geographical barriers for team members – since the code and software is available online easily. So, people from across cities can contribute to the project, and be paid to consult, maintain, develop and deploy softwares. This can also help the individual build their brand, connect with other like minded people around the world, and be called upon for important gigs. Plus, once a company has already invested in a particular open source stack, they would be compelled and happy to pay for its evolution – to keep their own systems up-and-running, or even to beat the competition.

+ +

But most contributors worldwide contribute to Open Source software for free. Because the returns themselves are worth it.

+ +

This sounds very interesting. Should I participate in a particular Open Source software?

+ +

If you are a developer, a QA, a BA, a technologist – you have very little excuse to not be involved in some Open Source Software. Why should you limit your exposure, experience and learnings to only the project you are on? Why not contribute and learn from the zillions of OSS that are out there? Most of these softwares are looking for technical contributions and to make greater impact.

+ +

Pick a topic that you love. Or a software you would be interested in. Do you like Security, Music, Medicine, Programming Languages, Painting, Maths, Teaching, Kids, Criminology, Guitar, Sports, Gym, FILL-IN-THE-BLANKS? Find an OSS in your chosen area, whatever motivates you, and jump in. Projects need help on everything under the sun – from developing small/large features, to writing unit/integration/functional tests, to setting up CI/CD servers, to documentation, to creating stories, to fixing bugs, to creating presentations, to publishing videos, to organizing events, to evaluating libraries, to helping in rollouts and implementations of their softwares, to…. you get it. Whatever you do in your organization on your project; the OSS also needs that to be done. Plus, you can be a QA contributing to Development tasks, or a Dev contributing to recording videos, and so on.. because no one cares what “role” you come from – it’s what you want to do!

+ +

Most OSS projects will have a chatroom on IRC/Slack/etc, a mailing list, a public version control repository (likely Github), a public task management system (like JIRA, Github Issues, Trello, etc), and periodic virtual meetings. If you go in with sincerity, and resolve — your work will be highly appreciated.

+ +

A list of Open Source Projects you might consider

+ +

A short list of suggestions from my side. It’s a drop in the ocean. The important thing is to choose a project you want to contribute to. Find your holy grail.

+ + + +

The Open Source Software movement is big. It’s time to jump in. Give back. Learn. Soak. Become part of alternative communities, across multiple countries. You will be welcomed.

+ +

Podcast on Open Source Myths - With Karl Brown

+ +

If you liked this article, you may also like this podcast I recorded with Karl Brown from ThoughtWorks +where we talk about Myths & Truths in Open Source Software.

+ +

Further Reading on Open Source

+ + + + + + +
+ + +
+
+ + + + + + diff --git a/2017/04/12/app-security-learning.html b/2017/04/12/app-security-learning.html new file mode 100644 index 0000000..09ca81e --- /dev/null +++ b/2017/04/12/app-security-learning.html @@ -0,0 +1,332 @@ + + + + + + 12 Things I Learnt While Teaching Application Security — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Turkey
+ + +
+ +
+
+
+ By
— + — + +12 min read +
+

12 Things I Learnt While Teaching Application Security

+

Fascinating stuff I stumbled upon while preparing for security training

+
+ +
+

Introduction

+ +

ThoughtWorks runs an Application Security 101 training for people not very familiar with common security topics. The training curriculum covers topics like Threat Modelling, Same Origin Policy, CSRF, Secret Management, Library Vulnerabilities, STRIDE among many others.

+ +

I was a trainer for one of the recent batches in ThoughtWorks Pune, and in researching some of these topics, I came across many interesting links, videos and information. I decided to write a blog outlining them as a reference for my ‘students’. I hope that my technologist friends out there will also find this information fascinating.

+ +

Topic 1: Continuous Authentication / Typing pattern detection

+ +

Technology now exists that can detect if the person who is typing on the keyboard is actually YOU or someone else. It is marketed as Continuous Authentication – where the system is continously checking if the person using the system or the website is the one who is an authorized user, or is someone else impersonating the user. See demos here:

+ +
    +
  1. KeyTrac online demo
    2. +
  2. TypingDNA online demo (YouTube Video)
    3. +
  3. BehavioSec: Uses keyboard and touch gestures to identify you!
    4. +
+ +

Topic 2: How NOT to store passwords

+ +

In this video How not to store passwords, Tom Scott (Computerphile) explains how websites and application might incorrectly store passwords. And no, encryption isn’t a good idea. He explains how hashing with a random salt is the way to go as far as password storage is concerned.

+ +

Topic 3: Has my email ID been leaked?

+ +

Go to this link Have I been Pwned? to check if any of your Email IDs, and associated credentials, have ever leaked on the internet. If so, it tells you which source got compromised (Adobe, LinkedIn, etc) and what information got leaked. So, for instance if your email id and credentials have been leaked, then you better not only change your password for the compromised website, but you should also change your password in EACH AND EVERY account where you re-used the same password!

+ +

This is why you should not ever re-use passwords across applications, websites and services. Instead, use a strong password manager and generator like KeePassX or 1Password.

+ +

Topic 4: Creating strong passwords & Dice-Ware

+ +

A strong password is one that is very difficult to predict, and cannot easily be brute forced. See this website for examples of extremely strong passwords: Password Creator. The good thing about this website is that it runs fully in your browser (so you can go offline and then ask it to generate password recommendations).

+ +

Whenever you use an ONLINE Password CHECKER, or GENERATOR you run the risk of actually leaking your password to the internet. That is why you would want to use OFFLINE tools to generate your passwords, and most good password managers are a safe bet.

+ +

Diceware passwords are a simple and strong option for creating your passwords. An example of a diceware password is: “edwin curse clue bose axes bandy”. The idea of diceware was to:

+ +
    +
  1. Provide very strong passwords.
    2. +
  2. Make it easy to type on a phone (no capitals, no special characters, etc).
    3. +
  3. Make it easy to remember.
    4. +
+ +

You randomly choose five or six (or more) words from a list of 7500+ pre-defined word list. Selecting words from the list is done by throwing a dice a pre-defined number of times per word. Read more about what makes Diceware so strong here: If someone knows that I am using Diceware, can’t they just use the word list to search for my passphrase?

+ +

Topic 5: Creating Fake Webpages for Phishing Attacks

+ +

There are many easy-to-use tools available that allow you to create an exact copy of the website you wish to impersonate, so that you can trick a user into entering their credentials into a website that looks exactly like the original. See this video which explains how one can use a simple tool called SuperPhisher to create a fake Gmail login page.

+ +

Topic 6: Understanding Same Origin Policy

+ +

When a web-page fires an HTTP Request to a different origin (URI Scheme + hostname + port combination), the request will reach the server, but the response will be blocked by the browser (unless authorized by the server using a CORS header). Read more on this here: Wikipedia/Same-origin-policy. The same is true for Javascript in a browser not being allowed access to elements created in another “origin”.

+ +

Broadly, one origin is permitted to send information to another origin, but one origin is not permitted to receive information from another origin. The prohibition on receiving information is intended to prevent malicious web sites from reading confidential information from other web sites, but also prevents web content from legitimately reading information offered by other web sites.

+ +

The restrictions on reading information received from other origins is also somewhat subtle. For example, the HTML <script> element can execute content retrieved from foreign origins, which means web sites should not rely on the same-origin policy to protect the confidentiality of information in a format that happens to parse as script. You need this to happen so that you can load Javascripts hosted on CDNs like for instance JQuery.

+ +

This is also true for the <img> tag which can fire GET requests for loading images, but someone may use them for firing any GET request (and if this GET request modifies data, then a CSRF attack becomes possible). Read more on preventing CSRF here: OWASP CSRF Prevention Cheat Sheet

+ +

In other words, the SOP does not prevent attackers to write data to their origin, it only disallows them to read data from your domain (cookie, localStorage or other) or to do anything with a response received from their domain.

+ +

Watch this video to grasp the details: +HTML5 Security Part 1/3 - Same Origin Policy Basics

+ +

Topic 7: How can MD5 Hashes be broken using non-secure passwords

+ +

This article by Jack Singleton on Martin Fowler’s website One Line of Code that Compromises Your Server shows how easy it is to use a dictionary attack using something like the CrackStation Lookup tables.

+ +

To quote from CrackStation itself:

+ +

Crackstation’s lookup tables were created by extracting every word from the Wikipedia databases and adding with every password list we could find. We also applied intelligent word mangling (brute force hybrid) to our wordlists to make them much more effective. For MD5 and SHA1 hashes, we have a 190GB, 15-billion-entry lookup table, and for other hashes, we have a 19GB 1.5-billion-entry lookup table.

+ +

To quote from Jack’s article:

+ +

Wow! In just 43 seconds we blasted through over a billion hashes and, 85.34% of the way through the list, correctly guessed ‘super secret’.

+ +

So in essense, if a password created by you or by someone else in the world, ever leaked somehow on the internet, it has most likely reached a dictionary or a password list like CrackStation. You better not re-use it. It’s just simply easier to generate a new password for each usecase, using a strong password generator.

+ +

Related reading: Strong passwords and Rainbow Tables

+ +

Topic 8: Easy hacking via Social Engineering

+ +

Watch this video to see how easily sometimes people can hack into a person’s account by fooling a call center employee to believe them: Hacker on Call in DEFCON. This technique of tricking people into performing an action they don’t really want to, or reveal information that shouldn’t be, is called Social Engineering.

+ +

Accidental disclosure of information can happen even with SMS based Two Factor Authentication. For instance, if you have SMS preview enabled (which is common nowadays for mobiles), and if the OTP password is present in the first few characters of the SMS, then anyone can see your OTP SMS even if your phone is locked. This is dangerous, and that is why smart implementations of OTP SMS will always put your OTP password at the end of a slightly long SMS message so that message previews don’t accidentaly give away the password to snooping eyes.

+ +

Topic 9: The danger of using fingerprints for authentication

+ +

Fingerprint based authentication is becoming quite common nowadays, with phones and laptops allowing you to swipe a finger, or register multiple fingers for quick access. There are two issues at play here:

+ +
    +
  1. +

    Your fingerprint cannot be modified. Once its lost, or compromised, you pretty much cannot do anything about it. You can’t change your fingerprint! For this reason you need to be very careful of where you give your fingerprint information. You don’t want someone storing your fingerprint in a database which eventually gets compromised. For this reason the recommendations for fingerprint security implementations is to store some representation of the fingerprint, rather than the fingerprint itself, so that in case of a compromise, the original fingerprint information is still safe. Read more about this here: Apple Fingerprint Security

    +
    2. +
  2. +

    Your fingerprint works even when you are sleeping or unconscious. So, if someone whacked you, they can use your fingerprint to access any device by just touching your hand to the device. The same is true if you passed out after a heavy bout of drinking. Think about it.

    +
    3. +
+ +

Topic 10: Understanding HTTPs / SSL / TLS

+ +

To understand HTTPs, one needs to understand the following concepts:

+ +
    +
  1. +

    Asymmetric Encryption, which uses a public/private key pair in which the private key remains private and secret, while the public key is shared. This helps in ensuring that data sent to the server (or bank website) which has been encrypted using the server’s public key can only be decrypted using the server’s private key (and not by anyone snooping in between). Also, data sent by the server by encrypting with the private key can only be decrypted by using the public key which guarantees that the message was indeed sent by the trusted server (proving its identity).

    +
    2. +
  2. +

    Symmetric Encryption, which uses a single shared key, is faster than Asymmetric Encryption. Hence the Asymmetric Encryption method is used only for initial handshake, verification and then a random session key is generated to be used for further communication between the client and server for faster and secret communication. Of course, the session key is also sent encrypted using the Asymmetric Encryption mechanism for safe delivery, before switching over.

    +
    3. +
+ +

Related links to grasp HTTPs better:

+ +
    +
  1. +

    Watch this video to get a good high level understanding of HTTPs/SSL/TLS: What is HTTPs? (11 mins)

    +
    2. +
  2. +

    An excellent explanation of HTTPs: How does HTTPs actually work - by Rob Heaton

    +
    3. +
  3. +

    How does verification with Root CA Work: … mathematically computed against the public part of the CA to verify that the private part of the CA actually signed the cert.

    +
    4. +
+ +

Topic 11: Evercookie: Hard-to-delete cookies

+ +

Evercookie is a Javascript API, created by Sam Kamkar (of the Samy worm fame!) that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

+ +

This is accomplished by storing the cookie data into as many browser storage mechanisms as possible. If cookie data is removed from any of the storage mechanisms, evercookie aggressively re-creates it in each mechanism as long as one is still intact.

+ +

It is totally NOT recommended to use Evercookie, but it is a good idea to understand how they work, so that you can understand how you might be tracked!

+ +

Read more about it here on Github/smayk/evercookie, and play with a demo here on Samy’s website Try Evercookie.

+ +

Topic 12: Vulnerability Checker for NPM Libraries - Bithound

+ +

Check out bithound.io to see how a Node.JS project can use a static code analyser and dependency checker to identify components in your project which may have known vulnerabilities. bithound.io is free for Open Source projects, so you should be able to plug it in your public Github projects. See the most popular libraries like Angular.JS and d3 reports on bithound here: Popular Bithound Projects

+ +

Conclusion

+ +

Teaching is a great way to learn. Just as I did, hopefully you found some of above topics and links fascinating. The field of security is always growing and while new attacks are being uncovered everyday, so are new counter-measures being designed.

+ + + + +
+ + +
+
+ + + + + + diff --git a/2018/03/31/art-of-story-telling.html b/2018/03/31/art-of-story-telling.html new file mode 100644 index 0000000..afaa5c3 --- /dev/null +++ b/2018/03/31/art-of-story-telling.html @@ -0,0 +1,297 @@ + + + + + + Are You Telling A Story? — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
My Martin Backpacker
+ + +
+ +
+
+
+ By
— + — + +6 min read +
+

Are You Telling A Story?

+

Harness the art of story telling to make presentations memorable

+
+ +
+

Student: I am giving my first talk in 6 weeks.
+Teacher: Excellent.

+ +

Student: When would you call a presentation a success?
+Teacher: The audience vividly remembers it 3 days after you presented it.

+ +

Student: How can I make this happen?
+Teacher: By telling a compelling story, instead of stating the facts.

+ +

Student: Why is a story important?
+Teacher: Imagine this. You are sitting for lunch with your team, and you suddenly remember that one of your colleagues attended the XP conference yesterday. You ask him, about the conference. He answers with one of the following answers:

+ +

Answer 1: There was a talk where a Tech Lead from ThoughtWorks told a story about how she ended up receiving a huge invoice bill to her ThoughtWorks email from an airline because an automated test did bookings during Christmas season.

+ +

Answer 2: There was a talk where a person from ThoughtWorks spoke about how testing happens in the airline industry.

+ +

Which of the above talks do you wish to know more about? I would love to hear more about the Christmas fiasco. Won’t you? People want to hear stories. People like to tell stories. People remember what they tell. So, give them stories to talk about.

+ +
+

“People want to hear stories. People like to tell stories.”

+
+ +

Student: That makes sense. But not every talk can have a story. How do I create a story on Docker Networking?
+Teacher: A story has the following five parts:

+ +
    +
  1. The Characters (people)
    2. +
  2. The Setting (context)
    3. +
  3. The Plot
    4. +
  4. The Conflict (problem)
    5. +
  5. The Resolution (ending)
    6. +
+ +

You find a story by asking a series of questions which connect why, who, how, what, etc. These will ultimately lead you to a story. For instance:

+ +
    +
  • Why do I want to speak about Docker networking?
    • +
  • Why does it matter how Docker does networking?
    • +
  • What really is Docker?
    • +
  • Who uses Docker?
    • +
  • How did people work before Docker?
    • +
  • Which project do I know that uses Docker?
    • +
  • What is the project about?
    • +
  • What problem is the project solving?
    • +
  • Who is the client?
    • +
  • What is so difficult about that project?
    • +
  • Who is happy if the software in the project works fine?
    • +
  • What would happen to this happy person if Docker networking stopped workin while the system was running?
    • +
+ +

As you keep asking such questions, you will uncover a story. Or you can invent one.

+ +

Here is an example of a Kubernetes Networking story: Climbing The Sawtooth - A classic production puzzle - by Girish Verma from ThoughtWorks.

+ +

Student: What else can I do to make my presentations effective?
+Teacher: Connect with the audience, provide metaphors that they can relate to. A good metaphor is one that people remember. A bad metaphor is one that might be accurate but no one can recall.

+ +

Student: How do I know what metaphors are good for the audience? For instance, in a conference, I don’t really know who my audience is?
+Teacher: That’s not so difficult. You ask them questions, and they answer with a show of hands. For instance, if I was going to give a talk on Microservices & Kubernetes I would ask:

+ +
    +
  • How many of you have worked with Kubernetes?
    • +
  • How many of you are on a project where Microservices are being used?
    • +
  • How many of you feel Microservices are awesome?
    • +
  • How many of you feel Microservices are dangerous?
    • +
  • How many of you have worked on Monoliths, but now want an opportunity to try Microservices?
    • +
  • How many of you have worked on Banking projects?
    • +
  • How many of you have worked on Aerospace projects?
    • +
  • How many of you have worked on Retail projects?
    • +
  • How many of you who have worked on Microservices & Kubernetes, have more than 60 services in production?
    • +
+ +

Answers to such questions will quickly help me understand my audience’s opinion, exposure, interest, and capability. This allows me to know which parts of the talk I should stress on, which parts of the talk I can glide quickly through. It gives me a pulse of the audience.

+ +
+

“It gives me a pulse of the audience.”

+
+ +

If I see someone who raises her hand for the last question on my list (60+ services in production), I know she will likely have as much knowledge on this topic, as I do. So, I will ask her opinion or request her to share her experience at relevant points in my talk. This will help us all in harnessing the knowledge of the audience, and make the time more worthwhile for everyone. And it will also help me ensure that the most knowledgeable person in the audience goes back “happier” because I gave her a platform to share her point of view on the topic.

+ +

Usually, the opinion of the experts in the audience matters a lot to the peers.

+ +

Dilbert 13-June-2012 +(c) Scott Adams. http://dilbert.com/strip/2012-06-13

+ +

Once you know how your audience is segmented, what background they are from, you will find it easier to give appropriate metaphors and anecdotes. As an extreme example, imagine, if everyone in the audience was a kid, won’t you give appropriate anecdotes once you knew that.

+ +

Student: I like that. I will try that the next time I present. Do you have any other tips for me?
+Teacher: Yes, one more. A good image is a powerful anchor, and a great canvas to speak on. Use a photograph, or a screenshot, or a diagram, or a sketch, or a portrait, or even a video as a backdrop for your slides. Narrate your story as a sequence of images. Avoid slides which are text heavy. Keep them light. Keep them pretty. Or keep them funny. In most of my talks, a picture usually speaks 300 words.

+ +

Student: So a story, understanding the audience, using connecting metaphors and images. 4 elements of success.
+Teacher: That is one way to put it.

+ +

Student: Thank you! This was a good story. Do you have another one?
+Teacher: Once upon a time…

+ +

Calvin 23-May-1992 +Comic from: http://www.gocomics.com/calvinandhobbes/1992/5/23

+ +

Further Reading:

+ + + + + + + +
+ + +
+
+ + + + + + diff --git a/2018/05/12/i-know-nothing-socrates-paradox.html b/2018/05/12/i-know-nothing-socrates-paradox.html new file mode 100644 index 0000000..e42cbf3 --- /dev/null +++ b/2018/05/12/i-know-nothing-socrates-paradox.html @@ -0,0 +1,338 @@ + + + + + + I Know That I Know Nothing — life-lessons.in + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + +
+ + +
Beach side in Colombo, Sri Lanka
+ + +
+ +
+
+
+ By
— + — + +14 min read +
+

I Know That I Know Nothing

+

A model for helping us deal with the Socrates Paradox

+
+ +
+

Introduction to the Model

+ +

Some months ago, while attending a ThoughtWorks Leadership training program, I encountered a very fascinating awareness model (** It’s inspired from the Johari Window model. See notes at the end of the blog). I was captivated by its implications.

+ +

This is how it looks:

+ +

The Awareness-Knowledge Model

+ +

You interpret this model as follows:

+ +

Quadrant 1: I know what I know (or, I am aware of what I know)

+ +

Quadrant 2: I know what I don’t know (or, I am aware of what I don’t know)

+ +

Quadrant 3: I don’t know what I don’t know (or, I am unaware of what I don’t know)

+ +

Quadrant 4: I don’t know what I know (or, I am unaware of what I know)

+ +

Let us simply call this the Awareness-Knowledge Model.

+ +

I find this model to be a very fascinating introspection & risk management tool. In the following sections, let us apply this model first to Domains and then to Projects, and see what we might be able to learn.

+ +

Awareness-Knowledge Model applied to Domains

+ +

One can apply this model to any body of knowledge, or area of expertise, like Computer Science, Medicine, Political Science, Movies, Jazz Music, Computer Games, etc. One can choose to be narrow, and just apply it to Artificial Intelligence or Weight Training, or one can choose to be broad, and apply it to Spirituality or Arts.

+ +

As an example, let’s apply this model to my knowledge in the domain of “Computer Science / Programming”, and see how it works.

+ +

Quadrant 1 (IK-what-IK): I am mostly aware of what I know – I know Java programming, I know React.js, I know Postgres, I know the importance of clean code and how to refactor, I know what is a CPU, a RAM, and what is Computer Architecture, and REST, and so on. This affirms a sense of confidence for me, and helps me in estimating how long certain things will take, or how complex they might be. This is what I know I know.

+ +

Quadrant 2 (IK-what-IDK): It is said, that “the more experience one gains, the less knowledgeable one feels”. I believe this happens because over time as I encounter new problems, and stumble upon inexplicable bugs, I start realising that there are nuances within many topics and areas that I don’t really understand. I also encounter people who are experts in certain tools, techniques, systems or platforms, and realise how much I don’t know. This awareness helps me remain humble, and also motivates me to learn and explore. So, I search on google for things like: “How does Two phase commit work?” or “What is the difference between Non Blocking IO and Asynchronous IO?”, or “What is a Promise?”, etc. I know what I don’t know, and I spend time reading blogs and books in those areas to help me gain a better understanding.

+ +

One could argue, that being “in the grip of” Quadrant 2, is one of the reasons people experience the Imposter Syndrome. I experience this myself from time and time, and I discovered a rather cheeky yet meaningful lens through which to alleviate the discomfort (see tweet below):

+ +

Imposter Syndrome Tweet

+ +

Source: https://twitter.com/ThisIsJoFrank/status/988048711937748992

+ +

Quadrant 3 (IDK-what-IDK): This one is interesting. I don’t know what I don’t know. Another way to look at this is What are my blind spots? This one is very tricky. I may believe that after having seen so many microservices based projects, I am good at identifying when to introduce a new microservice, or when to update an existing one – but in reality, I might still be poor at it. I might not know that I am actually not proficient at detecting the right Microservices split. It’s possible that I have a blind spot in this scenario. But the moment I acknowledge this fact, this moves into Quadrant 2, and then I can work on it. And that’s what is fascinating about this quadrant. Things in this quadrant are out of grasp. The moment you grasp them, they move to Quadrant 2!

+ +

It’s also quite likely that in my case, 95% (a significant chunk), of all Computer Science knowledge is in this quadrant — i.e. the knowledge whose existence itself I am unaware of. For instance: What did all the folks in the world who did a PhD in Computer Science related areas, really uncover and write about? I have no idea!

+ +

The size of Unknown

+ +

How do I deal with this situation? What measures do I take to mitigate the risk of not being aware of my blind spots - my knowledge black holes? How do I become aware of what I don’t know? And more importantly, which blind spots do I need to focus on? Which ones are relevant?

+ +

The hope is that once we become aware of what we don’t know, we move that piece of knowledge into Quadrant 2 (IK-w-IDK), and from there we can learn more about the relevant pieces, and move into Quadrant 1 (IK-w-IK).

+ +

So what do I do? I read books on broad topics, listen to podcasts - software related and non-software related, have random conversations with colleagues, subscribe to twitter feed of experts and luminaries in various areas, etc. This exposes me accidentally to information that tells me what I don’t know. This uncovers the unknowns, and that helps me identify what needs to go into Quadrant 2.

+ +

As an example, when I signed up as an instructor for the Tech Lead training program, that’s when I got introduced to the Butterfly Model for a well rounded Tech Lead while preparing for the sessions. Until then, I didn’t know that such models existed for Tech Lead roles.

+ +

Another example: a google search for “Top Kubernetes Tips” or “Top Git Tips”, etc will uncover suggestions and tips that you don’t know about Kubernetes or Git respectively. This is another way to stumble upon things you may not realise exist, but can be very helpful to you. A move from Quadrant 3 to Quadrant 1.

+ +

Moving across the quadrants

+ +

You can do the same while taking an interview for a potential hire. Instead of focussing only on “What they know” and “What they don’t know”, you can focus on “What do I not know?”, and “how can this discussion help me know something I don’t know, yet allow me to also get to know the candidate”. One way to do this is ask them to explain the architecture of their current project, or a topic they love, and then ask them well thought out WHY questions to dig into things that YOU don’t know or don’t understand, and see if the candidate enlightens YOU. That is a win-win interview!

+ +

Quadrant 4 (IDK-what-IK): I don’t know what I know! To some people, this quadrant might seem counter-intuitive. At first glance, this sounds like a spoiled brats’ response. But, in fact this is an important quadrant. The questions to ask here are: What skills and knowledge do I bring to the table that I am unaware of? What am I good at or have an intuition of, but am unaware of? What activities can I sign up for without worrying about whether I will be good at them? What is it that other people notice about me, but I am not cognizant or appreciative of?

+ +

This is where people underestimate what skills and knowledge they bring to the table. Having a (respectful) feedback culture in an organisation can help uncover this for individuals. This is also a by-product of long periods of contemplation and hard work, coupled with past events and exposure to different environments & cultures. Part of this is also what people sometimes call: “Expert Intuition” or “Expert Knowledge” or “Gut feeling”. Something that experts find hard to explain.

+ +

An example of this in the programming world is called a “Smell”. I can’t describe it, but I can smell it – there is something “not nice” about this piece of code, or the design of this set of classes, etc.

+ +

Andrew Ng, one of the most influential Computer Scientist in Artificial Intelligence and Deep Learning, who led Google Brain and was a former VP & Chief Scientist at Baidu had once tweeted this:

+ +

Moving across the quadrants

+ +

Source: https://twitter.com/andrewyng/status/793107879557345280?lang=en

+ +

The more you read, the more experiences you collect, the more time you spend in reflection and honest discussion, the more you know even if you don’t realise it yet.

+ +

A Classroom Joke

+ +

Economics Professor: Dear Class, now that you have heard a 45 min summary on the complex area of trade surplus and deficit, how many of you feel that you have understood this topic?

+ +

The class is very silent. The Professor patiently waits for someone to speak up…

+ +

One Student: Mam, I fear that I don’t know whether I have understood exactly what you wanted us to understand, but I did like it a lot!

+ +

Awareness-Knowledge Model Applied to Projects

+ +

One can also look at a new project, or a new program of work, and try to apply this model to it. For instance, here are some questions and thoughts that one can have while walking through each quadrant for a particular project:

+ +

Quadrant 1 (IK-what-IK):

+ +
    +
  1. What is it that we know for sure? If so, can we confirm this with our clients to ensure that our understanding is correct.
    2. +
  2. Is that piece of information squarely in Quadrant 1? Or does it have parts that we don’t realise?
    3. +
+ +

Quadrant 2 (IK-what-IDK):

+ +
    +
  1. What are the areas that we are not sure of?
    2. +
  2. What spikes should we play to better understand that area?
    3. +
  3. What PoCs need to be built to better understand what we don’t know?
    4. +
  4. Which stakeholders should we talk to to better understand a certain API that we will need to integrate with?
    5. +
  5. We need to highlight certain known risks and follow up on them earlier in the lifecycle of the project to mitigate those risks. We must ensure that we report them periodically.
    6. +
+ +

Quadrant 3 (IDK-what-IDK):

+ +

This can be a very tricky one, and requires careful consideration. Here are some possibilities:

+ +
    +
  1. How do we validate that we have received all the right information about what is needed to be built?
    2. +
  2. Is it possible that there is a security related activity, or compliance related activity that we aren’t aware of, but it might come back later to bite us, and delay our project?
    3. +
  3. How do we mitigate the risk of what we don’t know? This is an example of the risk with “handover” of pre-created requirement documents during the start of an engagement. How do we know what has been completely missed in the requirements? As an example, at ThoughtWorks, we run inceptions at start of engagements to mitigate the risk that we aren’t building something no one wants, or we aren’t forgetting an important stakeholder or an important compliance step in the process. We don’t know, what we don’t know – and we need to take steps to uncover it early!
    4. +
+ +

Quadrant 4 (IDK-what-IK):

+ +
    +
  1. Are we adding too much buffer to our estimates?
    2. +
  2. Are we playing spikes / PoC unnecessarily, when we can easily reach out to someone within our organisation, and get the answers quickly?
    3. +
  3. Are we under-estimating our teams abilities?
    4. +
  4. Have we created a team that can together solve most problems we throw their way, in a creative, efficient and cost-effective manner - even if they don’t have any clue right now about it?
    5. +
+ +

A unit test is an example of something we write based on what we know, to catch errors and situations that can arise based on changes in the future that we don’t know or can’t anticipate, but we know that will likely happen.

+ +

Teams that follow mature QA practices will usually ensure that any bugs that are uncovered in production, and are likely to therefore occur again, will be automatically detected in the future via automation. We now know about them. Customers will rarely be forgiving to the same bugs occurring repeatedly in production. QAs will also focus their manual efforts towards exploratory testing, so that bugs (requirement, design or implementation bugs) that we don’t know exist are uncovered, since automation can only test for known behaviors.

+ +

A Threat Modelling exercise is an attempt to build a shared context to uncover what we don’t know, and then use the new knowledge to prioritise security threats, create Attack Trees, identify possible countermeasures, etc. The Rugged manifesto has a statement that I think is pertinent to this discussion: “I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended”.

+ +

The philosophy of Agile is rooted in embracing change. It acknowledges that new information is uncovered gradually, and we know that we don’t know a lot, and iteratively we will discover it.

+ +

At ThoughtWorks we try to establish high performing, cross-functional teams comprised of smart, passionate and diverse technologists; whilst supporting them with a respectful environment and a learning culture. The hypothesis is, that this will help our teams to be capable enough to deal with unexpected situations (Quadrant 3); humble enough to recognise & address gaps in their knowledge (Quadrant 2 & Quadrant 1); and diverse enough to discover what they already know but don’t realise right now that they do.

+ +

Machine Learning has recently become a mainstream conversational topic because it apparently promises that given large datasets, it will likely be able to find insights that will be useful for us, but we don’t know what these insights will likely be.

+ +

In Conclusion

+ +

I hope you found the Awareness-Knowledge model fascinating. It can help you decide how confident you feel about a domain, area of expertise or project by brainstorming & introspecting on each of the four quadrants. You can put in mitigation strategies to help shape events and unknowns eventually towards Quadrant 1.

+ +
+

“I know that I know nothing” — Socrates Paradox.

+
+ +

Calvin & Hobbes bridges strip

+ +

(c) Calvin and Hobbes. Source: https://www.pinterest.com/pin/155374255872428173/

+ +

Notes:

+ +
    +
  1. I came across a variation of this model recently in Chapter 3. of Sriram Narayan’s excellent book: Agile IT Organisation Design, where he wrote about Software Development being a learning journey, and how software development teams encounter Unknown Unknowns that can surprise them and often invalidate existing estimates.
    2. +
  2. Some people may point out that this model is likely the same as Johari Window for self-awareness in the field of cognitive psychology. But I felt its explanation & application is quite different from how I perceived it above. I am happy to be told otherwise, as I am no expert in the field of psychology. The whole field of psychology is definitely in my Quadrant 2 and Quadrant 3. I know nothing about it!
    3. +
  3. Read more on the Socates Paradox here.
    4. +
+ +

Disclaimer: All thoughts and opinions in this blog are my own, and do not represent the stance or opinion of my employer (ThoughtWorks).

+ + + + +
+ + +
+
+ + + + + + diff --git a/404.html b/404.html new file mode 100644 index 0000000..543a88a --- /dev/null +++ b/404.html @@ -0,0 +1,102 @@ + + + + + + life-lessons.in — Adventures in Software and Life + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+

404 - Sorry, nothing here.

+

Get back to the blog

+
+ + + + + diff --git a/CNAME b/CNAME new file mode 100644 index 0000000..bf25494 --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +life-lessons.in \ No newline at end of file diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..5616cd9 --- /dev/null +++ b/Gemfile @@ -0,0 +1,6 @@ +source 'https://rubygems.org' + +gem 'jekyll' +gem 'jekyll-assets' +gem 'rake' +gem 'uglifier' diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..b3b7f53 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,104 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.3.8) + blankslate (2.1.2.4) + celluloid (0.16.0) + timers (~> 4.0.0) + classifier-reborn (2.0.3) + fast-stemmer (~> 1.0) + coffee-script (2.4.1) + coffee-script-source + execjs + coffee-script-source (1.9.1.1) + colorator (0.1) + execjs (2.5.2) + fast-stemmer (1.0.2) + fastimage (1.6.8) + addressable (~> 2.3, >= 2.3.5) + ffi (1.9.8) + hike (1.2.3) + hitimes (1.2.2) + jekyll (2.5.3) + classifier-reborn (~> 2.0) + colorator (~> 0.1) + jekyll-coffeescript (~> 1.0) + jekyll-gist (~> 1.0) + jekyll-paginate (~> 1.0) + jekyll-sass-converter (~> 1.0) + jekyll-watch (~> 1.1) + kramdown (~> 1.3) + liquid (~> 2.6.1) + mercenary (~> 0.3.3) + pygments.rb (~> 0.6.0) + redcarpet (~> 3.1) + safe_yaml (~> 1.0) + toml (~> 0.1.0) + jekyll-assets (0.14.0) + fastimage (~> 1.6) + jekyll (~> 2.0) + mini_magick (~> 4.1) + sass (~> 3.2) + sprockets (~> 2.10) + sprockets-helpers + sprockets-sass + jekyll-coffeescript (1.0.1) + coffee-script (~> 2.2) + jekyll-gist (1.2.1) + jekyll-paginate (1.1.0) + jekyll-sass-converter (1.3.0) + sass (~> 3.2) + jekyll-watch (1.2.1) + listen (~> 2.7) + json (1.8.2) + kramdown (1.6.0) + liquid (2.6.2) + listen (2.10.0) + celluloid (~> 0.16.0) + rb-fsevent (>= 0.9.3) + rb-inotify (>= 0.9) + mercenary (0.3.5) + mini_magick (4.2.3) + multi_json (1.11.0) + parslet (1.5.0) + blankslate (~> 2.0) + posix-spawn (0.3.11) + pygments.rb (0.6.3) + posix-spawn (~> 0.3.6) + yajl-ruby (~> 1.2.0) + rack (1.6.0) + rake (10.4.2) + rb-fsevent (0.9.4) + rb-inotify (0.9.5) + ffi (>= 0.5.0) + redcarpet (3.2.3) + safe_yaml (1.0.4) + sass (3.4.13) + sprockets (2.12.3) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-helpers (1.1.0) + sprockets (~> 2.0) + sprockets-sass (1.3.1) + sprockets (~> 2.0) + tilt (~> 1.1) + tilt (1.4.1) + timers (4.0.1) + hitimes + toml (0.1.2) + parslet (~> 1.5.0) + uglifier (2.7.1) + execjs (>= 0.3.0) + json (>= 1.8.0) + yajl-ruby (1.2.1) + +PLATFORMS + ruby + +DEPENDENCIES + jekyll + jekyll-assets + rake + uglifier diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ea5d8e9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,27 @@ +The following directories and their contents are Copyright (c) Gurpreet Luthra. + +_posts/ +images/ + +For everything else: + +The MIT License (MIT) + +Copyright (c) 2015 Gurpreet Luthra. + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..934c506 --- /dev/null +++ b/README.md @@ -0,0 +1,72 @@ +## Introduction + +This is a [Jekyll](https://jekyllrb.com/) based blog of Gurpreet. + + +## Ruby and RVM + +This project already contains a `.ruby-gemset` and `.ruby-version` file, +to ensure that if you have RVM installed, then it will install gems +in the right directory, and give you a unique gemset. + +## Installation & Usage + + bundle install + + # See blog locally on port 4000 + bundle exec jekyll serve + + # See blog locally on port 4000 (with drafts) + bundle exec jekyll serve --draft + + # Command used by Github to build. Use this to verify if there are any errors + bundle exec jekyll build --safe + +## Publish to Github Pages + + # Create a local gh-pages branch which contains only the assets that need to be published + JEKYLL_ENV=production bundle exec rake site:publish + + # Switch to this new branch + git checkout gh-pages + + # FORCE Push the gh-branch to MASTER branch of your github.io repository assuming the remote name is 'website' + git push website gh-pages:master --force + + # Once successfully published, tag the current branch + git checkout -b gh-pages-rel-x + + # Delete the local gh-pages branch.. since we don't need it anymore + git branch -D gh-pages + + # Push backup to github + git push origin gh-pages-rel-x + + +## Jekyll Related Links + ++ [Jekyll From Scratch - Getting Started] (http://pixelcog.com/blog/2013/jekyll-from-scratch-introduction/) ++ [Jekyll Configuration options] (http://jekyllrb.com/docs/configuration/) ++ [Configuring Go Daddy with your domain to point to Github pages] (http://andrewsturges.com/blog/jekyll/tutorial/2014/11/06/github-and-godaddy.html) ++ [Understanding difference between master and gh-pages](http://octopress.org/docs/deploying/github/) + + + +## Thanks + +[Gurpreet] This blog was forked from [https://github.com/willkoehler/](https://github.com/willkoehler/). Thank you! + + +[Original] This blog was forked from https://github.com/kippt/jekyll-incorporated. Originally built for +[sendtoinc.com](https://sendtoinc.com), your workspace for sharing and organizing knowledge. +Original template built by: + +**Karri Saarinen** + ++ [http://twitter.com/karrisaarinen](http://twitter.com/karrisaarinen) ++ [http://github.com/ksaa](http://github.com/ksaa) + +**Jori Lallo** + ++ [http://twitter.com/jorilallo](http://twitter.com/jorilallo) ++ [http://github.com/jorde](http://github.com/jorilallo) \ No newline at end of file diff --git a/Rakefile b/Rakefile new file mode 100644 index 0000000..750658d --- /dev/null +++ b/Rakefile @@ -0,0 +1,35 @@ +require "rubygems" +require "tmpdir" +require "bundler/setup" +require "jekyll" + +namespace :site do + desc "Generate blog files" + task :generate do + Jekyll::Site.new(Jekyll.configuration({ + "source" => ".", + "destination" => "_site" + })).process + end + + desc "Generate and publish blog to gh-pages" + task :publish => [:generate] do + Dir.mktmpdir do |tmp| + system "mv _site/* #{tmp}" + if system "git show-ref --verify --quiet refs/heads/gh-pages" + system "git checkout gh-pages" + else + system "git checkout --orphan gh-pages" # create new branch with no history + end + next if $?.exitstatus != 0 # abort if checkout failed + system "rm -rf *" + system "mv #{tmp}/* ." + message = "Site updated at #{Time.now.utc}" + system "git add --all ." + system "git commit -am #{message.shellescape}" + # system "git push website gh-pages --force" + # system "git checkout master" + puts "Site branch created successfully." + end + end +end diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..e3d3fe6 --- /dev/null +++ b/TODO.md @@ -0,0 +1,7 @@ +## My TODOs + ++ Put timezone in config.yml ++ Figure out how to use variables so that I don't need to copy-paste same stuff across blogs ++ Put a list of PodCasts ++ Insert my Twitter stream ++ Add my snap on AboutMe page diff --git a/about.html b/about.html new file mode 100644 index 0000000..2268e49 --- /dev/null +++ b/about.html @@ -0,0 +1,208 @@ + + + + + + life-lessons.in — Adventures in Software and Life + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+
+
+

life-lessons.in

+

About me

+ + + + + + + + + + + +
+
+
+
Learning Pottery in Dharamshala, India
+ +
+
+
+ +

Gurpreet Luthra

+
+

+ I work at ThoughtWorks - + an amazing, vibrant and fun place. +

+ +

+ + As a software craftsman and technical consultant I help teams and organisations + apply principles of Continuous Delivery and Extreme Programming (XP) to solve problems and delight customers. +

+ +

+ + Earlier, I was also the Product Manager & Community Lead for Bahmni - + an Open Source Hospital Management system created by ThoughtWorks. + In this role, I worked towards helping shape the roadmap for Bahmni and evangelising Open Source software + for humanitarian purposes. + +

+ +

+ Within ThoughtWorks I have worked on large-scale Web projects in Travel, Health, Retail and Consumer Electronics domains. + I am passionate about product development, tech writing, teaching and using technology for social good. +

+ +

+ Some folks say that I do have a rather curious knack to make connections between the programming world and + the one we physically inhabit. I think they might be right. +

+ +

+ I also enjoy drawing comics on life, health and work. Check them out on my instagram page here: insta.g9. +

+ +

Expertise

+ +
    +
  • Product Development
    • +
  • Open source software & ecosystem
    • +
  • Java, Scala, Ruby, Javascript and Web Development
    • +
  • Continuous Delivery, Devops & Extreme Programming (XP)
    • +
+ +

History

+

+ I've been writing software professionally since 2001. I have worked in start-ups, and medium to large MNCs. + Some of my projects have been: +

+
    +
  • Manufacturing Execution System - Performix xMES
    • +
  • Open Source products like Bahmni, OpenMRS, MifosX, etc
    • +
  • Large Scale Websites for Retail, Health, Electronics and Travel Industries
    • +
+ +

Get In Touch

+

+ I am always happy to help people figure out how can they do better with Technology. + + Do feel free to reach out about ThoughtWorks, + Bahmni, + Continuous Delivery, + XP/Agile + or anything else that's on your mind. + Email me at gsluthra@gmail.com. +

+ +

+ Some time in the future I plan to work as an independent consultant, so if you have ideas, I am happy to hear. +

+ +

+ + View Gurpreet Luthra's profile on LinkedIn + + +

+ +
+
+
+ + + + + + + diff --git a/assets/app.css b/assets/app.css new file mode 100644 index 0000000..fb31d2b --- /dev/null +++ b/assets/app.css @@ -0,0 +1 @@ +/*! normalize.css v3.0.1 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace, monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}input[type="number"]::-webkit-inner-spin-button,input[type="number"]::-webkit-outer-spin-button{height:auto}input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid #c0c0c0;margin:0 2px;padding:0.35em 0.625em 0.75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:bold}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}*,*:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html,body{height:100%;max-height:100%}body{margin:0;border:0;font-family:Helvetica, Arial, sans-serif;color:#21272d;-webkit-font-smoothing:antialiased;text-rendering:optimizelegibility;font-size:18px;line-height:1.428571429}img{vertical-align:bottom}p{margin:0 0 10px}h1,h2,h3,h4,h5{font-family:Helvetica, Arial, sans-serif;font-weight:600;color:#263c4c;line-height:1.1}h1{font-size:2.1em;margin:0.5em 0 1em}h2{font-size:1.5em;margin:0.5em 0 1em}h3{font-size:1.3em;margin:0.5em 0 1.1em}h4{font-size:1.2em;margin:0.5em 0 1.2em}a{color:#2077b2;text-decoration:none}a:hover{color:#1a608f;text-decoration:none}iframe{border:none}.muted{color:#848484}.smaller{font-size:70%}.avatar{border-radius:100px;width:150px;margin:0 auto;display:block}.profile-name{text-align:center;font-style:italic;color:saddlebrown;font-family:Futura,"Trebuchet MS",Arial,sans-serif}.button{color:#fff;font-weight:bold;font-size:0.8em;padding:0.6em 1.2em;display:inline-block;position:relative;border:0;text-align:center;text-decoration:none;font-style:normal;font-weight:600;cursor:pointer;border-bottom:1px solid rgba(0,0,0,0.1);vertical-align:bottom;text-rendering:optimizeLegibility;border-radius:2px;vertical-align:middle;border-radius:2px;background:#2077b2;border:2px solid #2077b2;border-radius:3px;text-transform:uppercase;white-space:nowrap}.button:hover{background:#185a87;border-color:#185a87;color:#fff}.button:active{box-shadow:none}.button.outline{background:none;border-radius:4px;font-size:0.8em;color:#1c699c}.button.outline:hover{border:2px solid #1c699c;color:#185a87;background:none}.icon{display:inline-block;vertical-align:top;background-repeat:no-repeat}.icon-rss{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAACgCAYAAACbg+u0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1RDg2M0E2QzE5OTgxMUUzQjlGQkJERENBQjc5RjE3RiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1RDg2M0E2RDE5OTgxMUUzQjlGQkJERENBQjc5RjE3RiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjVEODYzQTZBMTk5ODExRTNCOUZCQkREQ0FCNzlGMTdGIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjVEODYzQTZCMTk5ODExRTNCOUZCQkREQ0FCNzlGMTdGIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ExC8SAAADDVJREFUeNrsXQ+QVlUVv9/uhoKAq7awS7mCMIUb4GhKf6hpYxtJKyEsEZLK/kJqidEsjP8qx5EZwFolhgSMDInIwKTUUSAYRaJEApFdApE0wNiFFlgiEHY7v9559s3XLrx7z7nvfd/6zsxvcJxv99zvt/fde87vnHdvpo3MBHaM8G/Cvwj7Cfv43zcIOwm7+N8d/JnUyDJZBEa1VsIrhM2ETYQ/EdYRDqUEulsrE7qW8DRhJeFISqC7HSc8S/gdYQlhT0qgu7XxzFxE+DWhKSVQNjN/Q5hLWM3kpgQ6GnbzHxMeIhxNCXQ3hEqzGE0pge6GXXsm4UeE5pRAdwN50wh1HNinBDoaMp/vEpamBMpsFeFGQkNKoLshT/8BYTrhREqgu20k3MA5eEqgYDbWEu7Ph0C8EAkM7QmejfuSJrCU/7sr4SzCeYzehAsIfQkXEgYTSvOMxL8TrjGBpJYYgTafP59wMeFDhGGEoUx8kob8+luE+YVAYK51IXyEcBXhSkJVgkRiTbyVcLKQCMy1gYRxhDGE9yRA4mOEL5gYSw4Zj3vIRwnfIHyecEaMJK4nfIbQWOgEhoYNaSLh24SymEjcQvgE4R+dgUCTtct/iXAnoSIGfyh8VfNO3SkIzCZyAuF2wrmFTmImwTj6HMIP+fEu9uhnG6/HjZ2NwNAGEeYRPuDRx194Jh70lYmgKN6aIImYgTcT7iF08+TjOUINB97ecuEDJqhRYLq/agJRs4HVD/z7pmciETv+knCpp9//CGG8pghhIybgL/eCCQrmfyCsMX4k9y48Eyd7IhFRwN35oMagFIkWDnQePO5hffks4WFCdw8kQoBYmjSBubMTadSDJpDgtR6RKv7j9Fcm8DDhMsJf84XAbMOgZhB+ofSII3v5rQkUIE17mXd+WRNUmz/bS7iFcAb+RkJ0IyzzMMZ50rH5JDC01wjjCRnhYIsJj3gY32jJuOKU9P9ogvLki8J4cT7n1FqGsA1q+958e4TbsxOEewlnCmfiIuVxLS+EGZhtWwljTdDV6horPsq6n5ZdR/hVPuzCUQ3lyVsIcxx/vhsH9EOVxgPtEIp6c6EQGNrPWd5yCXlQOYQCfYHSWH7KYykoAmHo8h/pKDkN4g3qLIVxQFC5xGZpyafCOjpWP8kiqK2NY6FAw1axalNwBMJ2m6CW4dKJ9QDhJqVxjOQUMhKB6FMuMv/rSKg0QTdCUgVztPl+3ASFIRtD5e/PHNNJrZ6XhtYoBLb7/03QzoH14MOs5l4S80ys5sfaxoYwiV0UxoAwa3GUQDoqygkTCGtiCrp3EHo5BLe1Sv63Eoqi5MIuGECYSTjkmcR1DllLCWGTkv9rfREYopRwF6HZI4kLHcZ1OaFVwfd63wSGOI8wm3NdH3aTw5jmKvkedrpcWHPxh8r7kNJOmG0oZn3QUskpJ2xXKAng1bTPaWwiUdGFMMPDLKxnYdVmLLcpKUgVvh/h9nA14aAyiXWWY+hOaFLwOzUJAoGLCLsUCTxJGGo5hilKIVUmjjWwo7XoGY7sNQyJPgrvUTtRsQb+zcgbmZAdrc79n0UxZBU4tGK4Q2p2qmzjaxafbxFojrmCa+RUzoehPPk8YYDC72rkVLMl4uf7mKBN5R1CnxW5M7/IxGcYwAij804w/hi3Wnx+D5cApD6rk3iEs20nx1QanfQg0Oa9FY3XIEbGEQdGwWSlXbnWwieWq51Cf9tsduHerPReQXgf72In+HF4gQVHwKXfLsM7c41wRuzmtTDqGNCVdbvQZ39+kjqcgT0J9xGORuw6uN5xFlYSDivMwrEWPgcr+Jt4qkC6irDd4ZcuJnR1IHGSwhdaaemzQehvSUcEgrxGwS9ewXmwrXZXr0BiPwuf04S+drdHYA9OV6Q2y2EWjlLwO8XCX7WCv8pcAusU89VhlgRiI9so9LnBUi06rLXuFnGuOkEx1rPtP0YYME3o81KuJEYx7NjPKfh7K5Aer1TFyk66+zmIltK3ia60+OzzQl+Dswm8wkPGMcLy84gvFwh92nyPtVoEYv1p4oK6ps02QTOlbYC6Q+BzP+erUdSRnkb+VgE4O1DkgTxj3N7GfMXIulfxPd4b8bOHWCOU2ACfYkLG8ed+L/Rr877dZqGvviGB//QkorrYUwpia1Sr1yLQxylAruozRArJuyU25dRXtQh82gOBrr/zuHAdtFG7dwm/Y6+QwIVG9y1MhAjbBT8veSJwrk1xTASWhQS+boJuAi27S/jzkrWpxCIC2K8Qxry1C09lIqWGYHilguwvsfKInzugSSB24lFGdpz7OofguT2TpnRR678nhcF019w4EIv3cJbJbe0JTt80TgySVu16WHy2WZNA2AYTHC4230SrnGEdQWP3p03wDq6GHYmRQIl1CXPhjj4AReWLnKQP4vzR8AwNi0p4W73Fw8COCX7+BgthosEi/Ws348pkJd/pfSKW9t+yprF/PT+9T0RIYEekvu3uEwmXvzYPwHKwwgRvY/ZJCZQBsxNnzeCMrHemBMpnJi5mQd0kkxIow3bOXLqmBMqAzOP7hfh45wuBIRCQ47z80pRAGSBs4Kj3M1MCZYDkPjolUA4E5QNTAmVAjg7RtyQlUIYXWW5LCRTOxu/kQyBeqASGQBdDr3xQY9L7RIQz0MZQd4V8j0NiV7OwmvRMRH791UIhMNcgv6MQhSM/X06YSFzkV1xoBOYa4jUc774tIRKXGX8HecdCYLbh/PrwINo4ScRBZGWdgcDQsCHh9ap9MZL4Em+CnYJAk7XL422APTGRiOrhuzsTgdlETjJBybSgSUz64DvcJ4Ij6054JrHB15qYLycHhidQ+iQRd3Ke7YtAZBdFCZOI+A0l0CMeSXzW6L5Q1G5hPb1PxKOYgJQJnQd4r22ER8kds2S6x5l4R76oMciDl/Nf9GwPROI+kcOeSBydDwTmzk6cAl6jrNNVcSiiTeAho3B1pS89EHnw1xUf8fDAHu1xbjHCs6d9C6p7eWfVuFezGwsF2mOcVwiK9Gu8Tkof7WLeRfNmPYxb0l+nEJ6AxAVGv7WkohAIbOO07V7h+ggSFymPa3mhEBgC6vUQAYmIFR9XHtOYQiIwLE9OEG4s6xXH84axLJrlS1lzgeCR7s3pptZY5hQigW0c57lKTlBzWpTGcdJmacm3wjo6Vl1vMBynOI6VhUoggEK5ayfWA4rjuNpGzkrvE/l/i3SfyKkU6Qw/Tjiu8z4TdEXFPRNdDqsdwsKGxhiu05b0wzO21sRYVXNpHqpV8r/1dEq9pCaC2TGTZSHf6Z9tiFPCCrqG/2t9F5UQeOKMhGaPJC50GNflvH5Jfa+PqyqHzWe28VeidLmta66S72FxEBga7hPZ7IHA4w5KTrlSSeDROAkME/0ZHkisN/adV7cpKUgVcRIYGoLRg8ok1lmOoTvHlVK/U5MgEHaRcrKPXNX2NtcpSiFVJgkCw7XoJUUSNxm7TlTMQo1GpuqkCAwra5okftPS/z0+pK64m4vKWHHRIHCfsbutqw/v5FKfxUkSCMPrEo1KJN5p6VujjlKTNIGwjykF3M2WEnyNgs/784FA2GSlWVhr4RO76E6hv202BKLegFbcJ01QHG/hvzpUiodZ6nLtt8OXWaEke9mM4W4FnxeejsCerAEeNdG6Dq53JLFSKdUaa+FzsIK/iacisMpxp1zsqGBPirOGwdYg9LekIwKrhDvkCodHuoRzXCmJNmf3TxP62t0egT2MTh/eLIdZOErB7xQLf9UK/ipzCaxTzBKGOWwoG4U+N1iqRYc11t2QwHLFQgywymEWjlHw29fC35NCX9OzCfyeB+2un8Na+LrW7hjB7hD6eiqbwGc8EOjSNCSN0ZZZ+BqusZGEBDZ5IPAnDgT2F/psMtG7YHsqfMdzfbZ2LHUMrjcI/dq0hUiF3qHhpVQ+LL1PRGjpfSJCS+8TEdrb5j4R2PkKcnc2pJfezRb4ftOi4DRQ+D3XZKdycxQJlN4ZfLPQf9RX/MuEfrZkE3gOa3tS8n6m8Ph/SjiGyyL6KRb62ZsrZ6H3RNJJgEZxjUNvLhZ+MZsbDiVdZc3tCarvZ5nc5SQ1rWso3iUk8JqYguljHUn6aFWbF7FyhvTpRqP7jnCpkMAvx5WNnK6oBEUFzZNrcx5tzNDHCF8xdsVtG70uLgIbpAT+R4ABAL8P2MvqA1AXAAAAAElFTkSuQmCC);background-size:11px;background-position:1px 0px;width:12px;height:12px;margin-top:4px}.icon-twitter{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAACgCAYAAACbg+u0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDoxRkI1NzUxQjFDRjYxMUUzQTkwOUYxQTg5MkMxODlCQiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDoxRkI1NzUxQzFDRjYxMUUzQTkwOUYxQTg5MkMxODlCQiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjFGQjU3NTE5MUNGNjExRTNBOTA5RjFBODkyQzE4OUJCIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjFGQjU3NTFBMUNGNjExRTNBOTA5RjFBODkyQzE4OUJCIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+0z6P1QAACZxJREFUeNrsXQlsVUUUnbZoWTVIkCUEoiJYQFREFhWMWmUR3EFBZdGi4AYRgwpuZRNLgwoYVGQRLEFEqwEUQRvDKrUFFFk0LAUVESqLFqnw7fde3v3h5fn+//PWmff+nOSE0v+W6fnzZu69c+fdtGg0ykKCWsBLgdcBGwLrAzOAJ4CHgD8B1wJ3uHnTaiEQrj1wIPBWYFOO40uAi4HzgL/ZuF91YEfgamAVwx4YUDYBzonaRzlwDDDDwj17AcuAU2K/i3dgd2A9icUbADwcdQcbgK0S3KsGsD+wSHdOo0QCZtJByyUVb1zUfVQAu+nuUQ2YDcwD7jUcm69vj1kDc3QHj5VMvPyot8gFzjYRLYZj1CMTCrjGcNIoScQbEhWPnsZ2GRtZHxgxOXG4YPGyJBAv16xtRjPmarKdjHgdmAnME2SqzBdsKk0DvqT7fzpwGPBco4DNE1zkVeD5wKd9bnxv4JWChNsPHE52I+Jm4PXAPsCL8P9GARsmueBIOrEfsNKnP+IFQeKhB/M18GzgR8AOwCa6zwcAVxqf6bmc48EWYDsfxr4WAse8k8CqOJ9NirUx3aD6Kc5vpw2wGPikx73gboHj3lnANJPfLwA+qx8M9Tho4QY42bwB/Iweay/QWTK/uxB4HzPMJnr8auOiPYCbgM/TeOEmWkkk3ofAO42/NAq4xebF6wDHkZCDXGrwOcDzJBEPzbi+pp8YBu2a5K44RQk54OkOJ5CIYOO5gjyguO009sC/gV+48I2h3VYA3Aock8S+TDTGpgvueZuBMxMdYNbAd1xswCXA8cAfgZ8CBwMv5Dy3HFghWMCqZAekxQnpbwNmeWigYmh9A3AVhdj3xTl2p4czPA/WAa+xI2D2aSvbHxyj9Yp99MjvAh6lcPt08gBEoZjC95YFZLRm8IDgR+gfCmKIQhHwRqtjYAw59AiJRKbg+5cnOyDdMOt10LkvJ4GdJBBRJI5aERBnnDdp6h5CkYc/gBcDl1nwk8OE/VYExMGwDNiWTJnvgZ8DR9CE8nsKCrgv2QHGeGCZ7ue6wO5ELpsohNhtpQcifrA54YQR2GG2WxVwFVOIAQ38g1YF3AP8Tml3GqU8B3ntCwcZ63gOMvNEapEbVSfFBWxDrqXlHngcOCrFxdvDI16imfUt4DcpLOBS3gMTmSZ9eFyZkGIx74FpSVJ8MfsTMzGrp5B4e4EXkGfmqAciMB02O8V64kJe8Xh6YAwtgXOZFp0JOzB4wh2B4nXPcE2jMwUWwhxUWMkshu94e6ARuMB8L7AdE7tm4TYw+lxk5QSebQ44gTxEfuEe6oG4gF6DaeluYRFws1XxeHtgOvmFl4d87LuFaXk+lsAzBmJY57mQi7fRjnhWx8BSGvPCiM52PS8rQdJHQireB07cVisColE9MWTiYeBkqJMLWA3TY6LQshAJONSpl2XHDkTRV7AkK/YBwCfAO5xexK4hjYvvmL7WL6DiHaKAwXGnF7K70oaq96dH4EgABezlhnhOBIzhbTKwMQD7V0DEw6yLYrcuZvcRNkNjpu0a78a0rfeYGoKbcWoz8+1jIjCRJkImo4BGYJL4y8AnmByvFphNPr2r8DLb4EEaJ2UQ730vxGMe/XEYwc4HXibJY4uJogO9uribPbATuUUrJRJvspfiudUDcQvow8C7JJttceyd7vVN7AqIUZkeJNoVkgmH29UGM5+S5FHAZkyLMpvt/8Udiw3IasfIM74VqC2TN6yFmwGHMR/XbVBA3Awzi/7FUD3u42hIn+FeNQzb15XcOMblhhfJsPcVMTsQexbuKLo2gG4Zfvm4U/SAiJsbDWl8H8BT5CvKDgyr4XscVotsRDxPpCvTItB9mVwvKIswbd/uDNHC8bpyuOH5HqYlGmUJbOcOEg7tzK0yPQa8vnAGPd630zjph6GMK2WYJbqEaeu1ERnHEbvBhKuYtgmvPfVMzOas6aAduK0V96VgVjyuvaxnAcnVdisa04hp4awW9DOaPrXJDPpX5zZGyOSoJIMXZ07MRSkXNYvKImDKIl1JoARUAioBlYAKSkAloBJQCaigBFQCKgGVgApKQCWgElAJqKAEVAIqAZWACkpAJaASUAmoEB9pIfpbhBQnDQMwwQmrbuErm6Ic/Bb4DNNyeOygOn1JgX96cS/eHE7RzIgJTWOYtX18mLlbBpyS7EB8c289icXDilqHHYinJxZFSFQ5B9+Pg1vWinTnJOy9mXTQcknFG+eScHpifmI33T0wrRm3rOWZDA35yRqYozt4rGTi5Xsgnp65TNvVGW88PUY9MiHWGE6S5XWgQzwWj4c9kzUSp/6IyYnDBYuXJYF4uTwNvS3BBUT2xBLB4k01cUAeA442NnRkkgvlCxCvt0DhMI9bX10Rd6a+wrS8bvz8JmNjJ3NctJD5+07VYkHiYYWzAjJhsDjpz4bPTav9zOW8OBbw82PHZguBvQ8L0lTF+WxSvAbPtHADnGy8Lk46WoLJw8iCRA2eYOOCXhYnXSKZeB8na/CjNi/8J/OmOOkuicRbxNPgLg5vghsBB7kkHr535ogk4r3G2+ia5K44vWEJzV7pDieQiGDhKsgDsoRFLjZgO7NfnDQrwSzoF9fY+eazPWgIbji0Wpy0Po2tIgW0XSJpm8cGKr6SZDxZ9k0TtGOnYAHX2l0TUcVJz3hBHe2ePE+C2a9S8P2/SiaSKk6aGKo4qUOo4qQOoYqTOoQqTuoQqjipA6jipA6hipM6hCpO6hDr7J5YSwInXga2dqL+0BQXb7cbXXh9Cgs41Q0B0RM5kqICdnVrIMXszxMpJl4Zs5D6rIqT/h+WipPyomUKjYnNvfx2MM3tQIjFW+FXN8fipIuY+DULt3mDVSFUcdIzsFWclHei2ZQCY19PL7+d7iEXr9SPLl4aYgF9KX3ePqTiLXQiipVtTrjAgulrXUJkNB+nmbfSz5suDVHvu1/Et4az8pchEK9QZNdHZ3tBgMU7SIFj4cCaI4cDKGAHmQZiTE+bEaBlgBxZZ7TGtBRQSD5yJYXBIhKJNyFIJgImiePO7lOSiDcraDbWCIlCX/ODJFw2RTZkeWzfC4pwseKkMk0YeUEQDhPFF0s42z4us2i4UxP3f2yUULhfmMk+Xi/RjMXf/4vFSZtQAGEQ097TInNYCzcDNvBTPFWc1CXgq4xWB9SvfZe+cCmA1QuXBES4pTLHJjE3pEAiLyLGUxQFCkxQF98phe9L2SZYOMxVxrcotWYBRQZ5GNN99DJwtp9GdmY1WYWx+wJGVZzUoYBGpGxx0v8EGAB1uN9ASwlo+gAAAABJRU5ErkJggg==);background-size:14px;background-position:1px 1px;width:15px;height:15px;margin-top:3px}.icon-github{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAADqCAYAAABpyoGaAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAIGNIUk0AAHolAACAgwAA+f8AAIDpAAB1MAAA6mAAADqYAAAXb5JfxUYAABi1SURBVHja7J17lFVl+cc/5wASzmAKnXMIURHCEC8ooNysTKwEI9SKTFCjLPJnq6WCtirq5wqjtVK7W63KzARjpaV5g1+GLgO5BRqQgijETWvvLYjADIyM7N8fzzNwZphzZu9z9rv3OWfe71pnyYxn3svz3e9+b9/neVK+71MD6AucDbwPGAD0B/oAvfVTD3Rv8zdNwD5gp37+C2wBNgOvAmuB16vdMKkqJPhYYDQwVj8jgF6G6toFrAKe088yoNESHD1OBq4AxgMfamc0xoUm4FlgAfAwsNUSXDqywBTgM8DICm3jCuCPwFzAtQQHwzhgOnAZ0K1K3oQHgb8AvwQWWYKPRlfgSuAWXSxVM9YCdwDzgebOTnBXYCowCxhIbWETcLu+vps7I8GXAncCg6ltvAzMAJ7oLASfBvwYuITOhYXAjUp4bEjHWFc34Bs6R3U2ctE+r1EbdKu1ETwEeAAYigVK9FXAS9U+glPADcBqS24rDFWbfEVtVJUjuB74LfBpy2dRPARMQ87Fq4bgQcAj+mq26BjrgUnAK9Xwir4AWG7JDYXT1WYXVDrBk5Gjul6Ws9DopbabXKkETwP+ABxjuSoZx6gNP19pBF+vC6q05SgSTu5Rm1bEImuakmsRPb5Qrm3LJXiyvlLsyDWDQ8BnkTvn2Am+QBcFds41i7eRO/IlcRI8SJf1drUcD3YBo0rZJ5dCcD2wUvduFvFhPXA+IU+8ws6dKeBeS24iOF1tnzJJ8A3Ap8ps6G7koH2d/rvWsVv7uhp4q8yyPqUcGHlFDwGep3zJ6sdprW7op4uIS5Dz2B5VTuh+RIC3UBehO/L+30Tg0TLLbwKGAy9GSXA34B+Uf+W3C/E4OFjg/x+HaLSmU33iu3WIqnIusKeIHR3ghDLrWgOcV8SOoV/RtxLNfe6CDhq1B/i51jUe0R1XOlZqW8/Wtu8p8t2DaoNyMRT4WlRz8PuBb0VkjL+H+O5CxEXlk4i/UKVhs86Jo7StQbE4ovpnKTdlv6L/D/hoRI0arvN4WHQHZuqDVmgNsFXnpQ3Aa4jj2OuIY1mDzo1NeeX1AOoQ57S++jkRUXmeAZxSZA6cA3wfOFCiDVZFZM+/Ah8rh+BLgccjasxBNejBMsoYhBzEnwks1TfCYp3/olZE1ANnISd2H0Qc3V4ErqM8ZWQ3feCiEt61XbQGJrirdui0iBqyrcioCLsXTyHntHGiZTqLot7tunuIAq/oDqc57Bw8NUJyQfxvo4CfALktxEZV738ibNcg5SrUIqubTuJR7w8tBFH7GM+iwKVPIYKvpPZ8hWoZAxE328AEzzTQiHdZHg7DxGndLUEJvhgzp0inWF4P42QDZZ6l3HVI8JcNdSoH9LTc0lNtYQLXd0RwFviEocpTwDDLL8Mw564yUTksSPBUzHq+XWz5NWqDbm23TG0Jnmy4cxMtv8ZtMLkQwQMwH83mdsuvcRuMzN/i5hN8meGKZyOedJ0dDwHfMVzHpPYIHm+wwuUxdKqaMFttYgoTDq9s9bLhWERtYSKC3Du6R1tveW2FwcgtWFcDZTchkubGlhE8FnPhAe+25LaLDWobE+iunB5+RY8xVNEB4LuWy4KYQ2migSAYk0/wWEOV3E+FxnCsELhqIxMYmz8H78SMG8pIRJRmURjnY0ZcuAvonfJ9/0Raa3ejwmbslWNQbNJziKjRL405/fGTlrfAWGCo3LPTiOTDBJZY3hK31aA0kt/ABOzcm7yt+psi+CCiorQIhm2YCTncP434CkWN7cgJlkUwNCNi/ajRJ40o+6PGXstZaOw2UGZvUwS/ZfkKjX2mCDahk+pi+QoNE5cOPdOYiZJTb/kKDROy4mNMxbeqs3yFxnEmCjVFsI2dVSE2S/lmAka/ra8c3/IWeKAdwICiNW1og30M4lBtEQx9MSNXbk4b3NKcankLjAGGyn0rjblYVQMsb4kPht1pwDNU+AjLW2CcZ6hcL42ZM1Awp/OqRZiy1WsmCT4HkeNadHxmcLZJgl81VHgX4CLLX4e4CHNHu6+mgY0GG3+F5a9DXG6w7I0p3/f7Ife3JrAXuW9utDy2i2OR6EOmHONPSiOKyp2GKugJTLE8FsQUg+TuAna0nEWvNtiJm7FJO9pDV7WNKawiz/BLDVY0GLjW8nkUrsZs9vNl+QQ/Z7gzczB0HValOE5tYhJL8glewpFIrCbQB/iB5fUwfoQZsWMLmtoSfIDo4hgXwheQrNedHVORbHEmsVg5bbX4eSyGzv0GCfLdWTEW+FUM9RwOAZ0fTvgUYEsMle9BAoyv6GTkjkQCeMexFumPBEhvNYK3Eo+7yXHa0Y92InLHA0/FRO7KFnJpZ386L8ZV5ALgNmpbYtsFCZv0BPGFcXwg/4e2Ed8zyO1StxiN8ByS7GlNjZE7DMnCMjLGOg8ikeTdQiPYAx5JYOGxGvgZZqKwxo1TgV8jJ0kjY677EdqEzGgvZ8OFwDMhCl2mqzYXyVoyBrkC61riEzgP+AXV5X6aAj6AROqdnOC0c1Fb7gol5XgeODdAgQ3AuznakzAD3ATMoHS973pgvj48L1B5EtwuuuWbgETIT1pkuAYRWRCE4KkEj/7yDeB77Wy0lwC/1xF5bpmNd5AUOsuQFHv/Iv7Elv2QdD4j9C01Gji+gh64q5G0eoEI7ooE6goaROXHSKq1prw9Xy9dKdchKconRNyhHUjwkhXA14k+E0s34CfalwH6pqpUbEIuLo7WuPu+X+hzrR8O633fP7dNGZf7vv+s7/vv1f9GjX3t1BnlZ7jv+wf8ysfnCvWhWOfSvu+vDVlRo+/7H8sr4wzf9z3f98f7vt/b9/3tEXdsukFyWz5frXBy1ylX7ba/o9R24wkfDmk/EtW8vTvmCRRJw1bComIY5pNkdUGChlZq1vMJFAnD1JHSYgHhcxf2AP5E69wBdXpU1wzcF1HH7iCeDGjvIIkoKxFP0kGMrSDZRwciOQzDRqN9jCMJPo7VRdErSLbM5QRIjVoEe5HMJXFlU6vXQ6BKyv3UhGRJ3VTsS0G0UpuAb5fQgIl5K+dGPbG6Vbc3EylPcP808abK26d1VhJu64jcoASDqDFKyXl7V14d64Fn9XU9Akld+1KJnVuagEErKXLfauDOIF8MSnCzHn6EHTWDOTrLyAXIjcdPEaeruxCH8aDYiFw3xo1KCWq+X7lojpJgkKTIN5XQoBltfv4bouzYr6/umXrM903kZqmtSP4NPRmbjaRTHwz8MwHDbqkQgm/SQ6hgKGFfOLeEvdroIuWd6vv+U77v/9T3/Xfp707wff9k3/d75n1vhO/7d/q+/6EY9r7tffpXwJ53Xth2l9LROt/314Rs2DLf97sUKG+A7/tv6PeG6+8+qL97ScnG9/3n9TtzEyL4PQmTu9b3/fqw7S7F46BBtz9hHMdH6aqvPWwGTkJkpKvz5pltwL/zzrcnAZcAn0/o1dic4Gv5DbV56Gh4QfbBhTAaWES4XLg3ICqHasTxwJsJLaouLnXnUI7P0DLkHjTMadLdurzvVoUEJ9HmQ4iWvORtYblOYY8C14QkeQYiKPhIlRFclwC511CmhCoKr795Oi+GIflM3cuuQGQuYdw43kvtBzs9BEwnApVrOXNwW0xBFBylPjSbEKXGFj3ObES0Tr2Ri4v+SIq8XsAJxK/o6K+LvrhGbiQS5ihD2M5Dgqr9MeTCqwUDCa4g6V6jI3e/rmsejarAqB2zHwc+jPlsZz1qkFwXGBcluSYIRufV8xM6TqxWrFWbLYu6YFOhFbYilwr3We46xP2ISnOricJNxs5oAD4HXKf/tjjaPl/UBZUx+8QRHOUeRJC9wnLaahobhtyqGUVc0W9eRRQdNxOvEqMSV8kz1RYb46gwzvBG7wA/RNSJD3dCch8GhiACh9iShiURv2orEuJwHHJkWet4ATmWvYIERANJBih7GtFmfZbwcphqCMm0Xvs2AlGxJIKkI9D5iAfhmYjb5fKAf7crgbYGDTO1QvtypvbtUJIGjvIsOiqM4oifbXsnVqtJLpr8KmB4AfIfRPyal1aSMSuR4BYcD3waucQYjVw8PAN8ydShQAD0R7z3L9SRuRw5g3+QZMQAHRNcC6uYXCbbF4ma/j7E1bM/cgXZWz/1HH1B0YRIYHbq57+6CNqs27q1jue+Xu22SVUhmcfqiB6rnxHIFaIJ7NLX8nP6WeZ4bqMlOHpST9ZtxnjgQyR3XdiEeGcsAB52PHerJbh0UrM6/36G+KPVBMUK5P57ruO5riU4GLHjELnKZVSPOO8g8Bfgl47nLrIEH01qV0TJcAvmUszEhbWI7/J8x3ObOzXBSuxUYBbB5TrVgk1IGMO5SRKdSpDcSxGN9GBqGy8DMxzPfaJTEJzLZE9Dwi5dQufCQuBGx3NfrkmCc5lsN51jv03tqiKDbLO+A9zheO7BmiE4l8kOQZy+h2IBEiHoKsdzX6pqgnOZbAr4H51r32V5bYUD+ka72/Fcv+oIzmWy9cBvkQsDi8J4CJjmeO6+qiE4l8kOQpymhlj+AmE9MMnx3FcqnuBcJnsBcqrTy/IWCruU5Eij+aQjJncy4hRuyQ2PXsAitWFk6BIhudMQ78Kulquy+PhkfV3djobGhhcqhuBcJns9kvApZTmKZNqcVF9X5zY0NqxKnGAdub+yvESOS+vr6raXO5K7lEnuZH0t25FrBhPr6+o2NDQ2vBj7KlpXy4soPemGRTC8DYwrdXWdKpHcQYii0K6W49tCjSpln5wqgdx6JKfR6dbusWI9cH7YE690SHJTwL2W3ERwOnCvcmBmkVVfV/cVxP2xHOxGIsjvRK4Na/0SYjcS6X4HEmurnP4OAd5oaGwInBUuFWL0DkG8Acu9y/14vrohl8n2QzwNL0HiUVZ7gJX9yFHtQmCR47k78vo6kfKDrDQBwx3PfTEygvWy/h+Uf5+7C+hT6LI7l8keh2i0plN94rt1wC8RDdaeInZ0kDhf5WANcF4Q0UDQOfhWormsX1CsUY7n7nE89+eO5w5FRO7VEPZhJTDe8dyzte17ivTvIB1kSQmIoUimufIXWblM9v3AtyIyxt+DftHx3IWIi8onEX+hSsNm4FO6fVkY4u8WR1T/LOWmKIJcDPyE6DRUoc5WVenw51wm+4Qu7r5VpC1bdfG2Acno8rp+diJRbPZzxMe3u871dYhzWl/9nIioPM8ATikyB84Bvu947oESbPCPiGzZXbn5WMlzsEpbH4+oQQeBunLEZnrAcg/iXL1U3wiLgXVRKyJ0v38WEu/rg4ij24vAdeUoI3UebiA6r42PF5Pkpoo0pKt26LSIGrLN8dxTIjB8Ckg5nhur53wuk03rW+VQBGVtR9LVRoFXgCGFxPXFXtFTIyQXxP+2bOhrO3av9YgfqP9ESPAg5ep3gRdZ+hqZZWB/aCGI2sd4Vi6TPSbMKvpKas9XqJYxEHGzDUzwTAONsLroIzBxWndLIIJzmezFmDlFOsXyehgnGyjzLOWuwxH8ZVML0Vwm27OzM6s2yBkq/vqiBGvYhE8YqjyFRFjt7BiGOYnTROWw4AieitmwCRdbfo3aoJtyWJDgyYY7N9Hya9wGk9slOJfJDsB8NJvbLb/GbTAyl8kObG8EX2a44tmO5z7U2dlVG3zHcDWT2iN4vMEKl8fQqWrCbIJH1i0FE/JXti3hAXdhJrTCO8BZjueut7y22rEMRlQgJny5moBejuc2tozgsZiLm3G3JbfdV/UGJBurCXRXTg+/oscYqugA8F1LZ0HMURuZwJh8gscaquT+So3hWCGj2EUSY5lAqxE83FAlv7E0Jmaj4QCpXCZ7IiLKjhqbHc+1V47BFlybkEDmUaNfGnP64yctdYGxwFC5Z6cRyYcJLLG8JW6rQWkkv4EJrLS8JW6r/qYIPghss7wFxjag2RTBfQwUvN3x3Hcsb4G3S82IWD9q9Ekjyv6osdfSFhq7DZTZ2xTBb1m+QmOfKYJN6KS6WL5Cw8SlQ880ZqLk1Fu+QsOErPgYU9lH6yxfoWEkZa4pgm3srAqxmSmC+4SNBtOZoZ6LWVMENxt6Gvta6gKjL2bkys1pg1uaUy1vgTHAULlvpQ1tsE02uhZhajDsTgOeocJHWN4C4zxD5XppzJyBgjmdVy3ClK1eM0nwOSrHtSi+gq7DnOjitTSSr94EugAXWQo7xEWYO9p9NQ1sNNj4Kyx/HeJyg2VvTGkw0O2GKtiLxKZstDy2+3o+Fok+ZMox/qS0RkPdaaiCnsAUS2VBTDFI7i7Hc3e0HFWuNtiJm1uCiFm0Gr1dgZsNVrEKjpxFLzVY0WDgWkvpUbgas9nPl+UT/JzhzszRWNAWHI6LPcdwNUvyCV7CkUisJtAH+IGl9jB+hBmxYwuaWhGsYXEXG+7UF3KZ7FV29GanAtMMV7O4JdRx/uLnsRj695tcJju6E5M7lnjSAB4OAZ1P8F9iqLgHsDCXyY7shOSORPy14kg68shRBDueu5V43E2OA/6ay2Q/2onIHQ88hSHdVRusVC6PGsEA82Lq83HAglwme1suk+1Sw8R2yWWytwNPGDzQaIsH8n9oS/AfEL+iOJAG/hd4NpfJDq1Bcofp9vObxJed9aBy2D7Bjud6+e/vmDAWWJ3LZH+Wy2RPrgFiT81lsr9GTpLiXms80jZkRqqdBl4IPBPyxORxwEWyloxBrsC6lvgEzgN+4XjuyioiNQV8AInUO5nkPDsucjz3maIEa4OfB84NUGAD8O62noS5TDYD3ATMoHS973pgvj48L2iuhoqaX5G8ThOQCPlJiwzXOJ57TttfpopsxoNGf/mG47nfa/P3i/Uk5fc6Is8ts/EOkkJnGZJ36F+O5+6OmdB+SDqfEfqWGg0cX0HP3NWO584NSnBXJMFU0CAqPwa+5nhuU96er5fjuQtUkvJH8sLrRYQdwCYk/d3Xo06zo4lJfqLz6ADg3RU8S2wCBreXWqdY3qRrKZCqpQA2AFc5nvtCXhmXAzfqK2w+kmAqSjQAH8ivM2KSh+tKuDuVjWmO5/6u0FalEO5HYikGxWDguVwmm59qbSOS8/YcRL4TdbimGabI1V3FaiQxZyXjXzoVtouOUtuNJ3w4pP3AxY7nLm2nvAm66Y9kUQEMM50BTRdT66jcrOcTHM9dUOywodgTvIDwuQt7AH/Kzx2Qy2TrcpnsU4gf1H0RdeyOONLb6Q7h+xVK7pPFyO2QYMWNhL8r7kPrEH0+Elpvtpb3cpkd2wv8OUZDPoS5oKGlogn4akdfSgd4gjcB3y6hARP1lYyqKscCt+r2ZiLlCe6fdjw3tlR5mtn06Qoj+DblhnJHMIgaY1UJjbgrL2vnesdzn9Vt0wjgUuClEju3NAGDVlLkvtXAnUG+mA74BDcj6VrCjprBHJ1l5ALkxuOniNPVXcDbIcrcCPw1AaNWSlDz/cDUQulkSx3BaFLkm0rZyrT5+W86P+93PLfR8dyZyDHfN3XP2VYk/wYiJ5oNjNIN/T8TMOyWCiH4Jo0WHwihr7FymexcwovZxzieu6xAeaciMpYNwC2O5x7IZbInIPenbzqeu1e/N0IPTB5zPPfZuK2ay2T7A/9OmNwHHM8NZftSBOnTgbUh/+YHRS72U8hZ9VeAM/R3ZwHPAyuUbPQhmAF8MSHj7kuY3HVqe4wS7HhuA5LfMIzj+CjgtgLlbQZOQnyYVufNM9t0xLRs0SYBlwCfT8jAzQmS+wbwCV3Nh0LJSgNVRy4inIjsBsdzf04VIpfJHg+8mdCiqt2TQVOv6JaRt0znxDCnSXfnMtk79aam2pBEmw8hFzglbwvLcgpzPPdR4JqQJM8Ans9lsh+pMoLrEiD3GsdzHymnkEjEYHq1+NsSHpiVwL2Ilui/Aet6L+DGHY865lX0IWC647llZ2RJRWiAKci1ValvhU3I1dcWJLRTo7avNxIFrr+urnsBJySg6IiL4JaRG4mEObIQto7nzstlsm8h6o1S1PsDCa4gqfQL+HIWVFfq1BcJInXMdjz3ceDDiMLSJHrUILkuMC5KciMnWEleAZwP/BOLoFgLnF/otK+iCFaStyKXCvdZ7jrE/chR7lYThRuLneF4boPjuZ8DrkPEcRat0QB80fHca/R0kKoiOI/oexDR3QrL6WGsQPRkxpN3xhL9xvHcVxFFx82Ev1OutVXyTGCs47kb46gwtvBGjue+43juDxF14sOdkNyHgSGO594V5yFN7PGrHM/d6njuFcA45Eqw1vEC8BHHc69wPHdL3JUnFqDM8dynEW3WZwkvh6mGkEzrtW8jHM/9W1KNSDQCneO5vuO58xGnrsnA8oB/uiuB5gaVDq/QvpzpeO78OLTbxVBxmVFymewojvjZtnditdrx3BEJtW0Vmjq9HfIfRPyal1aSPSs29Y1esH8a0X+N1rY+A3zJ1KFAgDb1B34NXIhcCixH3GMfdDz3zUq04/8PACh1QPIJ6blcAAAAAElFTkSuQmCC);background-size:20px;background-position:0 0;width:20px;height:20px;margin-top:0px}.icon-facebook{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAACgCAYAAACbg+u0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDoyNzI3RUZFOTE5QUMxMUUzQjlGQkJERENBQjc5RjE3RiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDoyNzI3RUZFQTE5QUMxMUUzQjlGQkJERENBQjc5RjE3RiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjI3MjdFRkU3MTlBQzExRTNCOUZCQkREQ0FCNzlGMTdGIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjI3MjdFRkU4MTlBQzExRTNCOUZCQkREQ0FCNzlGMTdGIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ExBpwAAAA0JJREFUeNrsnTFrFEEYhndF0GA8MZg+BkXERhuN+gustLRMI/4FLbSysFdEwc7GMpAiSqwsLEyjhViqhWCboOilWd+5G9Ts3u3ezGfudnLPA2+VzeXyMLczs7fsmxdFkUE8+1CAwNYJPKOsKV2lID0Pa95Lhbx0DnQHvVE6jK0KW8ol5UPdCLyPvKF0vJ/aEfhLOYCrobiP88E6gaxpmsmZhVnGIBCBgEAEtoH9e+z/+ai8Vt4rX5QfPrP+524Nd0g5oswrx5SLyuVpFugW/0+VR15gKMvTLPClctOPNs6BgdxTrkxSXsoj0Mm7wywch7s2d5dlTBw/lRtZiy56pCbwofKVhXQchV+qsBOJZEP5zE4knleRv3dSOaccVWYG/Pz8tAh8G3j8CeWZssQI7PMp4NgZv0tZ5Bz4l5DZ9+o45KUmsBtw7NK43lRKAr8HHDuHQBsdBCYCAhGIQAQiEKJpw91ZT5THIxz3LuA1j2f9ry5H4blyKsRZ2/bC3wLl/O998zwfYduCew6B8SwwiSBwoiwikBGIQARyDkRgDG79d9j6Im3YiVxXzo5w3LWA17ytXGg4Znav7IWj9qANrGT9b+Z2/X1wNYZzIAIRiEBAIAIRiEBAIAIRiEBAIAIRiEBAIAIRiEBAIAITE9hFSS3dJoHrOKplvUngraz/uF+osuX91Ap0z0h2z0p+oWzjrMe291F5hrQjp4yAWRiBCEQgIHBSuFn432T0iQztEym76vkaIG8TaQOzOUhiWeAqomqzWha4YyGd5zl9Ig0XE+RreJ+IBLItaZ4zuEufZQwCEQgIRGAroE/E2CdS3omkuDtwj4d/oJyOVLAc8vfKOxH6RKb4HEifiFEefSKR0CdigD4RI/SJGKBPxAh9IkboEzFCn4gR+kSM0CdihD4RI/SJjBH6RFIBgQhEIAIRCNG04e6spPpEyndn0SdCn4h5wU2fiIEFJhEEThSepc8IRCACOQciMAr6RGoYW59ISneohrCyW++jfIcqV2M4ByIQgQgEBCIQgQgEBCIQgQgEBCIQgQgEBCIQgQgEBCIwMYH0idRDn4gR+kQMNPeJFEVBn0iVP30i3s8O6BNhFkZg0vwWYACVpaAuJblZHgAAAABJRU5ErkJggg==);background-size:14px;background-position:0 0;width:14px;height:14px;margin-top:3px}article{background:#fff;padding:60px 0}article .container{max-width:820px;margin:0 auto}article .container>header,article .container>section,article .container>footer{margin-left:3.5em;margin-right:3.5em}article .social{height:40px;padding:10px 0}article .social>div{display:inline-block;width:100px}article .social>div img{vertical-align:baseline;margin:0}article .social>div.reddit{position:relative;top:-1px}article .social>div.google{width:85px}article .social>div .fb-like>span{vertical-align:baseline !important}article .social>div .fb-share-button>span{vertical-align:baseline !important}article .post_summary .title{margin:0em 0 0.4em}article header .title{margin:0.2em 0;font-weight:bold}article header .subtitle{font-size:1.4em;margin:0.2em 0;color:#848484;font-weight:300}article header:after{content:" ";display:block;width:1.5em;height:0.2em;background:#DDD;margin:1em 0}article footer{margin-top:1.0em}article footer address{font-size:0.9em;border-top:1px solid #DDD;border-bottom:1px solid #DDD;padding:1em 0;white-space:nowrap;overflow:hidden;margin-bottom:1.5em}article footer address p{margin:0;white-space:normal;display:inline-block;padding-right:84px;vertical-align:middle}article footer address img{border-radius:54px;width:64px;height:64px;margin:0 20px 0 0;vertical-align:middle}article footer section p{margin:0;white-space:normal;display:inline-block;vertical-align:middle;font-size:13px;font-style:italic}article .meta{color:#848484;font-size:13px;text-transform:uppercase;letter-spacing:1px}article .meta time,article .meta address{display:inline}article .meta a{color:#848484}article p{font-size:1em;line-height:1.5;color:#21272d;font-weight:400;margin:0 0 1.5em}article ol,article ul{font-weight:600;margin:0 0 1.5em;padding:0;list-style-position:outside;padding-left:1.5em}article ol li,article ul li{font-weight:400;margin-bottom:0.5em}article ol li p,article ul li p{margin-bottom:0}article blockquote{border:0;margin:1.5em -3em 1.5em 0;padding:0}article blockquote p{margin:0;font-size:30px;line-height:1.1;color:#2077b2;font-weight:600}article hr{margin:2em 0;border:0 none;border-top:1px solid #DDD}article .highlight{margin:1.85em -3.5em 1.85em 0}article .highlight pre{border:0;padding:1.5em 1.5em;background:#F5F5F5;border:0;border:1px solid #e0e0e0;width:100%;font-size:0.8em;overflow-x:auto;display:block}article .highlight pre code{font-size:0.8em;border:0;padding:0}article .full{margin:1.5em -3.5em}article .full img{max-width:100%;margin:0;transition:0.5s all ease}article .full.shadow{margin-top:2em;margin-bottom:2em}article .full.shadow img{box-shadow:0px 0px 20px #888}article .full.rounded img{border-radius:6px}article .full.border img{border:1px solid #DDD}article .full.zoomable img{cursor:-webkit-zoom-in}article .full.zoomable img.zoom{cursor:-webkit-zoom-out}article .full.zoomable img.zoom{-webkit-transform:scale(1.2);transition:0.4s all ease;box-shadow:0 2px 5px rgba(0,0,0,0.5)}article .full.map_container{margin-bottom:2em}article p>img,article .full>img,article .full>iframe{margin:.4em 0}form.contact{width:65%;margin:0 auto}form.contact input,form.contact textarea{width:100%;font-size:14px;padding:10px;margin-bottom:15px;border-radius:5px;outline:none;border:1px solid #ccc;-webkit-appearance:none}form.contact input:focus,form.contact textarea:focus{border-color:#2077b2;background-color:#F8FCFE}form.contact input[type=submit]{background-color:#2077b2;color:#fff;height:50px}::-webkit-input-placeholder{color:#AAA}::-moz-placeholder{color:#777777}:-ms-input-placeholder{color:#AAA !important}.highlight{background:#ffffff}.highlight .c{color:#999988;font-style:italic}.highlight .err{color:#a61717;background-color:#e3d2d2}.highlight .k{font-weight:bold}.highlight .o{font-weight:bold}.highlight .cm{color:#999988;font-style:italic}.highlight .cp{color:#999999;font-weight:bold}.highlight .c1{color:#999988;font-style:italic}.highlight .cs{color:#999999;font-weight:bold;font-style:italic}.highlight .gd{color:#000000;background-color:#fdd}.highlight .gd .x{color:#000000;background-color:#faa}.highlight .ge{font-style:italic}.highlight .gr{color:#a00}.highlight .gh{color:#999}.highlight .gi{color:#000000;background-color:#dfd}.highlight .gi .x{color:#000000;background-color:#afa}.highlight .go{color:#888}.highlight .gp{color:#555}.highlight .gs{font-weight:bold}.highlight .gu{color:#aaa}.highlight .gt{color:#a00}.highlight .kc{font-weight:bold}.highlight .kd{font-weight:bold}.highlight .kp{font-weight:bold}.highlight .kr{font-weight:bold}.highlight .kt{color:#445588;font-weight:bold}.highlight .m{color:#099}.highlight .s{color:#d14}.highlight .na{color:teal}.highlight .nb{color:#0086B3}.highlight .nc{color:#445588;font-weight:bold}.highlight .no{color:teal}.highlight .ni{color:purple}.highlight .ne{color:#990000;font-weight:bold}.highlight .nf{color:#990000;font-weight:bold}.highlight .nn{color:#555}.highlight .nt{color:navy}.highlight .nv{color:teal}.highlight .ow{font-weight:bold}.highlight .w{color:#bbb}.highlight .mf{color:#099}.highlight .mh{color:#099}.highlight .mi{color:#099}.highlight .mo{color:#099}.highlight .sb{color:#d14}.highlight .sc{color:#d14}.highlight .sd{color:#d14}.highlight .s2{color:#d14}.highlight .se{color:#d14}.highlight .sh{color:#d14}.highlight .si{color:#d14}.highlight .sx{color:#d14}.highlight .sr{color:#009926}.highlight .s1{color:#d14}.highlight .ss{color:#990073}.highlight .bp{color:#999}.highlight .vc{color:teal}.highlight .vg{color:teal}.highlight .vi{color:teal}.highlight .il{color:#099}.highlight .lineno{color:#ccc;display:inline-block;padding:0 5px;border-right:1px solid #ccc}.highlight pre code{font:13px Menlo, Monaco, Consolas, "Courier New", monospace;display:block;white-space:pre;overflow-x:auto;word-wrap:normal}.map_container{position:relative;padding-bottom:89%;height:0;overflow:hidden}.map_container .overlay{position:absolute;height:100%;width:100%;z-index:1}.map_container iframe{position:absolute;top:0;left:0;width:100% !important;height:100% !important}.blog-cover,.article-cover{max-width:100%;margin-top:0;position:relative;overflow:hidden;background:#eee;height:53%;max-height:480px;background-color:#111;background-size:cover;background-position:center center}.cover-caption{text-align:right;font-size:12px;font-style:italic;color:#BAB8B3;margin-right:.5em}.cover-caption a{color:inherit}.blog-cover{height:320px}.blog-cover .cover_overlay{text-align:center;position:absolute;left:0;right:0;top:0;bottom:0;background-color:rgba(0,0,0,0.2);background-image:linear-gradient(bottom, rgba(0,0,0,0.1) 0%, transparent 100%);background-image:-o-linear-gradient(bottom, rgba(0,0,0,0.1) 0%, transparent 100%);background-image:-moz-linear-gradient(bottom, rgba(0,0,0,0.1) 0%, transparent 100%);background-image:-webkit-linear-gradient(bottom, rgba(0,0,0,0.1) 0%, transparent 100%);background-image:-ms-linear-gradient(bottom, rgba(0,0,0,0.1) 0%, transparent 100%);z-index:10}.blog-cover .cover_overlay:before{content:'';display:inline-block;height:100%;vertical-align:middle;margin-right:-.34em}.blog-cover .cover_overlay .content{display:inline-block;vertical-align:middle;padding:0 1em}.blog-cover .cover_overlay .content h1{font-size:45px;line-height:1.4em}.blog-cover .cover_overlay .content h3{font-size:22px}.blog-cover .cover_overlay .content h1,.blog-cover .cover_overlay .content h3{color:#fff;margin:0;font-weight:600}.blog-cover .cover_overlay .content a:last-child{margin-right:0}.blog-cover .cover_overlay .content a{color:#fff;border:0;width:36px;height:36px;border:2px solid white;display:inline-block;padding:6px 0;border-radius:42px;margin:1.5em 1em 0em 0;line-height:0px;text-align:center}.blog-cover .cover_overlay .content a:hover{background:#fff}.blog-cover .cover_overlay .content a:hover .icon-rss{background-position:1px -11px}.blog-cover .cover_overlay .content a:hover .icon-twitter{background-position:1px -16px}.blog-cover .cover_overlay .content a:hover .icon-facebook{background-position:0px -14px}.blog-cover .cover_overlay .content a:hover .icon-github{background-position:0px -19px}.pagination{overflow:hidden}.pagination .older{float:left}.pagination .newer{float:right}.site-header{background:#fff}.site-header nav{padding:22px 30px}.site-header nav>a{color:#444;margin-right:1.8em;font-weight:600;font-size:15px}.site-header nav>a:hover{color:#2077b2}.site-header nav .brand img{height:40px;margin-top:-2px;vertical-align:middle}.site-footer{padding:5em 5em;background:#F5F5F5;color:#aaa;font-size:13px}.site-footer .container{max-width:694px;margin:0 auto}.site-footer .container a{color:#999}.site-footer .container a:hover{color:#222}.site-footer .container nav{display:inline-block;margin-left:.5em}.site-footer .container nav a{color:#777;margin:0 0.3em}.site-footer .container .social{float:right}.site-footer .container .social a:last-child{margin-right:0}.site-footer .container .social a{color:#000;border:0;width:36px;height:36px;border:2px solid black;display:inline-block;padding:6px 0;border-radius:42px;margin:0 1em 0em 0;line-height:0;text-align:center;opacity:0.3}.site-footer .container .social a .icon-rss{background-position:1px -11px}.site-footer .container .social a .icon-twitter{background-position:1px -16px}.site-footer .container .social a .icon-facebook{background-position:0px -14px}.site-footer .container .social a .icon-github{background-position:0px -19px}.site-footer .container .social a:hover{opacity:0.9}@media (max-width: 720px){body{font-size:16px}h1{font-size:2em}h2{font-size:1.4em}article{padding-top:50px}article .container>header,article .container>section,article .container>footer{margin-left:2em;margin-right:2em}article .highlight{margin-left:0em;margin-right:0em}article .highlight pre{padding:1em}article .full{margin-left:0;margin-right:0}article blockquote{margin-right:0}article blockquote p{font-size:1.2em}article hr{margin:1.5em 0}.blog-cover,.article-cover{height:200px}.blog-cover .cover_overlay .content h1{font-size:25px}.blog-cover .cover_overlay .content h3{font-size:17px}.blog-cover .cover_overlay .content a{margin:1em .5em 0em 0}.site-header nav{padding-left:15px;padding-right:15px}.site-header nav>a{margin-right:1em}.site-footer{padding:2em 0}.site-footer .container{text-align:center}.site-footer .container nav{display:block;float:none !important;margin:1.2em 0}form.contact{width:100%}form.contact input,form.contact textarea{font-size:16px}}@media (max-width: 400px){.blog-cover .cover_overlay .content a{display:none}article .container>header,article .container>section,article .container>footer{margin-left:1em;margin-right:1em}article footer address img{margin-right:10px}} diff --git a/assets/app.css.gz b/assets/app.css.gz new file mode 100644 index 0000000..4c26583 Binary files /dev/null and b/assets/app.css.gz differ diff --git a/assets/app.js b/assets/app.js new file mode 100644 index 0000000..e4f1b4e --- /dev/null +++ b/assets/app.js @@ -0,0 +1 @@ +(function(){var n,o,t;$(function(){return screen.width>=768?t():void 0}),t=function(){return $(".map_container .overlay").click(n)},n=function(){return $(".map_container .overlay").hide(),$("body").one("mousemove",o),!1},o=function(){return $(".map_container .overlay").show()}}).call(this),function(){$(function(){return $(".full.zoomable img").click(function(){return $(this).toggleClass("zoom")})})}.call(this); \ No newline at end of file diff --git a/assets/app.js.gz b/assets/app.js.gz new file mode 100644 index 0000000..69c3a4f Binary files /dev/null and b/assets/app.js.gz differ diff --git a/atom.xml b/atom.xml new file mode 100644 index 0000000..d03993f --- /dev/null +++ b/atom.xml @@ -0,0 +1,766 @@ + + + + life-lessons.in + + + 2018-09-23T07:54:21+05:30 + http://life-lessons.in/atom.xml + + Gurpreet Luthra + http://life-lessons.in + + + + + I Know That I Know Nothing + + 2018-05-12T00:00:00+05:30 + 2018-05-12T11:00:00+05:30 + http://life-lessons.in/2018/05/12/i-know-nothing-socrates-paradox + <h2 id="introduction-to-the-model">Introduction to the Model</h2> + +<p>Some months ago, while attending a ThoughtWorks Leadership training program, I encountered a very fascinating awareness model (** It’s inspired from the Johari Window model. See notes at the end of the blog). I was captivated by its implications.</p> + +<p>This is how it looks:</p> + +<p><img src="/images/general/AEModel_The_Model.png" alt="The Awareness-Knowledge Model" style="width: 800px;" /></p> + +<p>You interpret this model as follows:</p> + +<p><strong>Quadrant 1:</strong> <em>I know</em> what <em>I know</em> (or, I am aware of what I know)</p> + +<p><strong>Quadrant 2:</strong> <em>I know</em> what <em>I don’t know</em> (or, I am aware of what I don’t know)</p> + +<p><strong>Quadrant 3:</strong> <em>I don’t know</em> what <em>I don’t know</em> (or, I am unaware of what I don’t know)</p> + +<p><strong>Quadrant 4:</strong> <em>I don’t know</em> what <em>I know</em> (or, I am unaware of what I know)</p> + +<p>Let us simply call this the <strong>Awareness-Knowledge</strong> Model.</p> + +<p>I find this model to be a very fascinating introspection &amp; risk management tool. In the following sections, let us apply this model first to Domains and then to Projects, and see what we might be able to learn.</p> + +<h2 id="awareness-knowledge-model-applied-to-domains">Awareness-Knowledge Model applied to Domains</h2> + +<p>One can apply this model to any body of knowledge, or area of expertise, like Computer Science, Medicine, Political Science, Movies, Jazz Music, Computer Games, etc. One can choose to be narrow, and just apply it to Artificial Intelligence or Weight Training, or one can choose to be broad, and apply it to Spirituality or Arts.</p> + +<p>As an example, let’s apply this model to my knowledge in the domain of “<em>Computer Science / Programming</em>”, and see how it works.</p> + +<p><strong>Quadrant 1 (IK-what-IK):</strong> I am mostly aware of what I know – I know Java programming, I know React.js, I know Postgres, I know the importance of clean code and how to refactor, I know what is a CPU, a RAM, and what is Computer Architecture, and REST, and so on. This affirms a sense of confidence for me, and helps me in estimating how long certain things will take, or how complex they might be. This is what I know I know.</p> + +<p><strong>Quadrant 2 (IK-what-IDK):</strong> It is said, that “<em>the more experience one gains, the less knowledgeable one feels</em>”. I believe this happens because over time as I encounter new problems, and stumble upon inexplicable bugs, I start realising that there are nuances within many topics and areas that I don’t really understand. I also encounter people who are experts in certain tools, techniques, systems or platforms, and realise how much I don’t know. This awareness helps me remain humble, and also motivates me to learn and explore. So, I search on google for things like: “How does Two phase commit work?” or “What is the difference between Non Blocking IO and Asynchronous IO?”, or “What is a Promise?”, etc. I know what I don’t know, and I spend time reading blogs and books in those areas to help me gain a better understanding.</p> + +<p>One could argue, that being “<em>in the grip of</em>” Quadrant 2, is one of the reasons people experience the <a href="https://en.wikipedia.org/wiki/Impostor_syndrome">Imposter Syndrome</a>. I experience this myself from time and time, and I discovered a rather cheeky yet meaningful lens through which to alleviate the discomfort (see tweet below):</p> + +<p><img src="/images/general/AEModel_Imposter_Syndrome_Tweet.png" alt="Imposter Syndrome Tweet" style="width: 500px;" /></p> + +<p>Source: <a href="https://twitter.com/ThisIsJoFrank/status/988048711937748992">https://twitter.com/ThisIsJoFrank/status/988048711937748992</a></p> + +<p><strong>Quadrant 3 (IDK-what-IDK):</strong> This one is interesting. <em>I don’t know what I don’t know.</em> Another way to look at this is <em>What are my blind spots?</em> This one is very tricky. I may believe that after having seen so many microservices based projects, I am good at identifying when to introduce a new microservice, or when to update an existing one – but in reality, I <em>might</em> still be poor at it. I <em>might not know</em> that I am actually <em>not</em> proficient at detecting the right Microservices split. It’s possible that I have a blind spot in this scenario. But the moment I acknowledge this fact, this moves into Quadrant 2, and then I can work on it. And that’s what is fascinating about this quadrant. Things in this quadrant are out of grasp. The moment you grasp them, they move to Quadrant 2!</p> + +<p>It’s also quite likely that in my case, 95% (a significant chunk), of all Computer Science knowledge is in this quadrant — i.e. the knowledge whose existence itself I am unaware of. For instance: What did all the folks in the world who did a PhD in Computer Science related areas, really uncover and write about? I have no idea!</p> + +<p><img src="/images/general/AEModel_Knowledge_size.png" alt="The size of Unknown" style="width: 900px;" /></p> + +<p><strong>How do I deal with this situation?</strong> What measures do I take to mitigate the risk of not being aware of my blind spots - my knowledge black holes? How do I become aware of what I don’t know? And more importantly, which blind spots do I need to focus on? Which ones are relevant?</p> + +<p>The hope is that once we become aware of what we don’t know, we move that piece of knowledge into Quadrant 2 (IK-w-IDK), and from there we can learn more about the relevant pieces, and move into Quadrant 1 (IK-w-IK).</p> + +<p>So what do I do? I read books on broad topics, listen to podcasts - software related and non-software related, have random conversations with colleagues, subscribe to twitter feed of experts and luminaries in various areas, etc. This exposes me <em>accidentally</em> to information that tells me what I don’t know. This uncovers the <em>unknowns</em>, and that helps me identify what needs to go into Quadrant 2.</p> + +<p>As an example, when I signed up as an instructor for the Tech Lead training program, that’s when I got introduced to the <a href="http://www.engineeringandcareering.co.uk/2013/05/the-well-rounded-technical-lead-model.html">Butterfly Model for a well rounded Tech Lead</a> while preparing for the sessions. Until then, I didn’t know that such models existed for Tech Lead roles.</p> + +<p>Another example: a google search for “<a href="http://google.com/#q=top+kubernetes+tips">Top Kubernetes Tips</a>” or “<a href="http://google.com/#q=top+git+tips">Top Git Tips</a>”, etc will uncover suggestions and tips that you don’t know about Kubernetes or Git respectively. This is another way to stumble upon things you may not realise exist, but can be very helpful to you. A move from Quadrant 3 to Quadrant 1.</p> + +<p><img src="/images/general/AEModel_Moving_across_the_quadrants.png" alt="Moving across the quadrants" style="width: 800px;" /></p> + +<p>You can do the same while taking an interview for a potential hire. Instead of focussing only on “What <em>they</em> know” and “What <em>they</em> don’t know”, you can focus on “What do <em>I not</em> know?”, and “how can this discussion help me know something I don’t know, yet allow me to also get to know the candidate”. One way to do this is ask them to explain the architecture of their current project, or a topic they love, and then ask them well thought out <em>WHY</em> questions to dig into things that <em>YOU</em> don’t know or don’t understand, and see if the candidate enlightens <em>YOU</em>. That is a win-win interview!</p> + +<p><strong>Quadrant 4 (IDK-what-IK):</strong> <em>I don’t know what I know!</em> To some people, this quadrant might seem counter-intuitive. At first glance, this sounds like a spoiled brats’ response. But, in fact this is an important quadrant. The questions to ask here are: <em>What skills and knowledge do I bring to the table that I am unaware of? What am I good at or have an intuition of, but am unaware of? What activities can I sign up for without worrying about whether I will be good at them? What is it that other people notice about me, but I am not cognizant or appreciative of?</em></p> + +<p>This is where people underestimate what skills and knowledge they bring to the table. Having a (respectful) feedback culture in an organisation can help uncover this for individuals. This is also a by-product of long periods of contemplation and hard work, coupled with past events and exposure to different environments &amp; cultures. Part of this is also what people sometimes call: “Expert Intuition” or “Expert Knowledge” or “Gut feeling”. Something that experts find hard to explain.</p> + +<p>An example of this in the programming world is called a “Smell”. I can’t describe it, but I can smell it – there is something “not nice” about this piece of code, or the design of this set of classes, etc.</p> + +<p>Andrew Ng, one of the most influential Computer Scientist in Artificial Intelligence and Deep Learning, who led Google Brain and was a former VP &amp; Chief Scientist at Baidu had once tweeted this:</p> + +<p><img src="/images/general/AEModel_AndrewNG.png" alt="Moving across the quadrants" style="width: 500px;" /></p> + +<p>Source: <a href="https://twitter.com/andrewyng/status/793107879557345280?lang=en">https://twitter.com/andrewyng/status/793107879557345280?lang=en</a></p> + +<p>The more you read, the more experiences you collect, the more time you spend in reflection and honest discussion, the more you <em>know</em> even if you don’t realise it yet.</p> + +<h4 id="a-classroom-joke">A Classroom Joke</h4> + +<p><strong>Economics Professor:</strong> <em>Dear Class, now that you have heard a 45 min summary on the complex area of trade surplus and deficit, how many of you feel that you have understood this topic?</em></p> + +<p>…<em>The class is very silent. The Professor patiently waits for someone to speak up…</em></p> + +<p><strong>One Student:</strong> <em>Mam, I fear that I don’t know whether I have understood exactly what you wanted us to understand, but I did like it a lot!</em></p> + +<h2 id="awareness-knowledge-model-applied-to-projects">Awareness-Knowledge Model Applied to Projects</h2> + +<p>One can also look at a new project, or a new program of work, and try to apply this model to it. For instance, here are some questions and thoughts that one can have while walking through each quadrant for a particular project:</p> + +<p><strong>Quadrant 1 (IK-what-IK):</strong></p> + +<ol> + <li>What is it that we know for sure? If so, can we confirm this with our clients to ensure that our understanding is correct.</li> + <li>Is that piece of information squarely in Quadrant 1? Or does it have parts that we don’t realise?</li> +</ol> + +<p><strong>Quadrant 2 (IK-what-IDK):</strong></p> + +<ol> + <li>What are the areas that we are not sure of?</li> + <li>What spikes should we play to better understand that area?</li> + <li>What PoCs need to be built to better understand what we don’t know?</li> + <li>Which stakeholders should we talk to to better understand a certain API that we will need to integrate with?</li> + <li>We need to highlight certain known risks and follow up on them earlier in the lifecycle of the project to mitigate those risks. We must ensure that we report them periodically.</li> +</ol> + +<p><strong>Quadrant 3 (IDK-what-IDK):</strong></p> + +<p>This can be a very tricky one, and requires careful consideration. Here are some possibilities:</p> + +<ol> + <li>How do we validate that we have received all the right information about what is needed to be built?</li> + <li>Is it possible that there is a security related activity, or compliance related activity that we aren’t aware of, but it might come back later to bite us, and delay our project?</li> + <li>How do we mitigate the risk of what we don’t know? This is an example of the risk with “handover” of pre-created requirement documents during the start of an engagement. How do we know what has been completely missed in the requirements? As an example, at ThoughtWorks, we run <a href="https://martinfowler.com/articles/lean-inception/">inceptions</a> at start of engagements to mitigate the risk that we aren’t building something no one wants, or we aren’t forgetting an important stakeholder or an important compliance step in the process. We don’t know, what we don’t know – and we need to take steps to uncover it early!</li> +</ol> + +<p><strong>Quadrant 4 (IDK-what-IK):</strong></p> + +<ol> + <li>Are we adding too much buffer to our estimates?</li> + <li>Are we playing spikes / PoC unnecessarily, when we can easily reach out to someone within our organisation, and get the answers quickly?</li> + <li>Are we under-estimating our teams abilities?</li> + <li>Have we created a team that can together solve most problems we throw their way, in a creative, efficient and cost-effective manner - even if they don’t have any clue right now about it?</li> +</ol> + +<p>A <em>unit test</em> is an example of something we write based on what we <em>know</em>, to catch errors and situations that can arise based on changes in the future that we <em>don’t know</em> or can’t anticipate, but we know that will <em>likely</em> happen.</p> + +<p>Teams that follow <a href="https://martinfowler.com/articles/practical-test-pyramid.html">mature QA practices</a> will usually ensure that any bugs that are uncovered in production, and are likely to therefore occur again, will be automatically detected in the future via automation. We now <em>know</em> about them. Customers will rarely be forgiving to the same bugs occurring repeatedly in production. QAs will also focus their <em>manual efforts</em> towards <em>exploratory testing</em>, so that bugs (requirement, design or implementation bugs) that we <em>don’t know exist</em> are uncovered, since automation can only test for <em>known</em> behaviors.</p> + +<p>A <a href="https://www.owasp.org/index.php/Category:Threat_Modeling">Threat Modelling</a> exercise is an attempt to build a shared context to uncover what we don’t know, and then use the new knowledge to prioritise security threats, create <a href="https://en.wikipedia.org/wiki/Attack_tree">Attack Trees</a>, identify possible countermeasures, etc. The <a href="https://www.ruggedsoftware.org/">Rugged manifesto</a> has a statement that I think is pertinent to this discussion: “<em>I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended</em>”.</p> + +<p>The philosophy of Agile is rooted in embracing change. It acknowledges that new information is uncovered gradually, and we know that we don’t know a lot, and iteratively we will discover it.</p> + +<p>At ThoughtWorks we try to establish high performing, cross-functional teams comprised of smart, passionate and diverse technologists; whilst supporting them with a respectful environment and a learning culture. The hypothesis is, that this will help our teams to be capable enough to deal with unexpected situations (Quadrant 3); humble enough to recognise &amp; address gaps in their knowledge (Quadrant 2 &amp; Quadrant 1); and diverse enough to discover what they already know but don’t realise right now that they do.</p> + +<p>Machine Learning has recently become a mainstream conversational topic because it <em>apparently</em> promises that given large datasets, it will likely be able to find insights that will be useful for us, but <em>we don’t know</em> what these insights will likely be.</p> + +<h2 id="in-conclusion">In Conclusion</h2> + +<p>I hope you found the Awareness-Knowledge model fascinating. It can help you decide how confident you feel about a domain, area of expertise or project by brainstorming &amp; introspecting on each of the four quadrants. You can put in mitigation strategies to help shape events and unknowns eventually towards Quadrant 1.</p> + +<blockquote> + <p>“I know that I know nothing” — Socrates Paradox.</p> +</blockquote> + +<p><img src="/images/general/Calvin_Bridge.jpg" alt="Calvin &amp; Hobbes bridges strip" style="width: 400px;" /></p> + +<p>(c) Calvin and Hobbes. Source: <a href="https://www.pinterest.com/pin/155374255872428173/">https://www.pinterest.com/pin/155374255872428173/</a></p> + +<h4 id="notes">Notes:</h4> + +<ol> + <li>I came across a variation of this model recently in Chapter 3. of Sriram Narayan’s excellent book: <a href="https://www.amazon.com/Agile-Organization-Design-Transformation-Continuous/dp/0133903354">Agile IT Organisation Design</a>, where he wrote about Software Development being a learning journey, and how software development teams encounter Unknown Unknowns that can surprise them and often invalidate existing estimates.</li> + <li>Some people may point out that this model is likely the same as <a href="https://en.wikipedia.org/wiki/Johari_window">Johari Window</a> for self-awareness in the field of cognitive psychology. But I felt its explanation &amp; application is quite different from how I perceived it above. I am happy to be told otherwise, as I am no expert in the field of psychology. The whole field of psychology is definitely in my Quadrant 2 and Quadrant 3. I know nothing about it!</li> + <li>Read more on the Socates Paradox <a href="https://en.wikipedia.org/wiki/I_know_that_I_know_nothing">here</a>.</li> +</ol> + +<p><em>Disclaimer: All thoughts and opinions in this blog are my own, and do not represent the stance or opinion of my employer (ThoughtWorks).</em></p> + + + + + Are You Telling A Story? + + 2018-03-31T00:00:00+05:30 + 2018-03-31T11:00:00+05:30 + http://life-lessons.in/2018/03/31/art-of-story-telling + <p><strong>Student:</strong> <em>I am giving my first talk in 6 weeks.</em> <br /> +<strong>Teacher:</strong> Excellent.</p> + +<p><strong>Student:</strong> <em>When would you call a presentation a success?</em> <br /> +<strong>Teacher:</strong> The audience vividly remembers it 3 days after you presented it.</p> + +<p><strong>Student:</strong> <em>How can I make this happen?</em> <br /> +<strong>Teacher:</strong> By telling a compelling story, instead of stating the facts.</p> + +<p><strong>Student:</strong> <em>Why is a story important?</em> <br /> +<strong>Teacher:</strong> Imagine this. You are sitting for lunch with your team, and you suddenly remember that one of your colleagues attended the XP conference yesterday. You ask him, about the conference. He answers with one of the following answers:</p> + +<p>Answer 1: <em>There was a talk where a Tech Lead from ThoughtWorks told a story about how she ended up receiving a huge invoice bill to her ThoughtWorks email from an airline because an automated test did bookings during Christmas season.</em></p> + +<p>Answer 2: <em>There was a talk where a person from ThoughtWorks spoke about how testing happens in the airline industry.</em></p> + +<p>Which of the above talks do you wish to know more about? I would love to hear more about the Christmas fiasco. Won’t you? People want to hear stories. People like to tell stories. People remember what they tell. So, give them stories to talk about.</p> + +<blockquote> + <p>“People want to hear stories. People like to tell stories.”</p> +</blockquote> + +<p><strong>Student:</strong> <em>That makes sense. But not every talk can have a story. How do I create a story on Docker Networking?</em><br /> +<strong>Teacher:</strong> A story has the following <a href="http://www.katiekazoo.com/pdf/KK_FiveEssentialElements.pdf">five parts</a>:</p> + +<ol> + <li>The Characters (people)</li> + <li>The Setting (context)</li> + <li>The Plot</li> + <li>The Conflict (problem)</li> + <li>The Resolution (ending)</li> +</ol> + +<p>You find a story by asking a series of questions which connect why, who, how, what, etc. These will ultimately lead you to a story. For instance:</p> + +<ul> + <li>Why do I want to speak about Docker networking?</li> + <li>Why does it matter how Docker does networking?</li> + <li>What really is Docker?</li> + <li>Who uses Docker?</li> + <li>How did people work before Docker?</li> + <li>Which project do I know that uses Docker?</li> + <li>What is the project about?</li> + <li>What problem is the project solving?</li> + <li>Who is the client?</li> + <li>What is so difficult about that project?</li> + <li>Who is happy if the software in the project works fine?</li> + <li>What would happen to this happy person if Docker networking stopped workin while the system was running?</li> +</ul> + +<p>As you keep asking such questions, you will uncover a story. Or you can invent one.</p> + +<p>Here is an example of a Kubernetes Networking story: <a href="https://www.youtube.com/watch?v=v50uJMCLQP4">Climbing The Sawtooth - A classic production puzzle</a> - by Girish Verma from ThoughtWorks.</p> + +<p><strong>Student:</strong> <em>What else can I do to make my presentations effective?</em> <br /> +<strong>Teacher:</strong> Connect with the audience, provide metaphors that they can relate to. A good metaphor is one that people remember. A bad metaphor is one that might be accurate but no one can recall.</p> + +<p><strong>Student:</strong> <em>How do I know what metaphors are good for the audience? For instance, in a conference, I don’t really know who my audience is?</em> <br /> +<strong>Teacher:</strong> That’s not so difficult. You ask them questions, and they answer with a show of hands. For instance, if I was going to give a talk on Microservices &amp; Kubernetes I would ask:</p> + +<ul> + <li>How many of you have worked with Kubernetes?</li> + <li>How many of you are on a project where Microservices are being used?</li> + <li>How many of you feel Microservices are awesome?</li> + <li>How many of you feel Microservices are dangerous?</li> + <li>How many of you have worked on Monoliths, but now want an opportunity to try Microservices?</li> + <li>How many of you have worked on Banking projects?</li> + <li>How many of you have worked on Aerospace projects?</li> + <li>How many of you have worked on Retail projects?</li> + <li>How many of you who have worked on Microservices &amp; Kubernetes, have more than 60 services in production?</li> +</ul> + +<p>Answers to such questions will quickly help me understand my audience’s opinion, exposure, interest, and capability. This allows me to know which parts of the talk I should stress on, which parts of the talk I can glide quickly through. It gives me a pulse of the audience.</p> + +<blockquote> + <p>“It gives me a pulse of the audience.”</p> +</blockquote> + +<p>If I see someone who raises her hand for the last question on my list (60+ services in production), I know she will likely have as much knowledge on this topic, as I do. So, I will ask her opinion or request her to share her experience at relevant points in my talk. This will help us all in harnessing the knowledge of the audience, and make the time more worthwhile for everyone. And it will also help me ensure that the most knowledgeable person in the audience goes back “happier” because I gave her a platform to share her point of view on the topic.</p> + +<p>Usually, the opinion of the experts in the audience matters a lot to the peers.</p> + +<p><img src="http://assets.amuniversal.com/28a75140e4f3012fed51001dd8b71c47" alt="Dilbert 13-June-2012" style="width: 800px;" /> +<a href="http://dilbert.com/strip/2012-06-13">(c) Scott Adams. http://dilbert.com/strip/2012-06-13</a></p> + +<p>Once you know how your audience is segmented, what background they are from, you will find it easier to give appropriate metaphors and anecdotes. As an extreme example, imagine, if everyone in the audience was a kid, won’t you give appropriate anecdotes once you knew that.</p> + +<p><strong>Student:</strong> <em>I like that. I will try that the next time I present. Do you have any other tips for me?</em> <br /> +<strong>Teacher:</strong> Yes, one more. A good image is a powerful anchor, and a great canvas to speak on. Use a photograph, or a screenshot, or a diagram, or a sketch, or a portrait, or even a video as a backdrop for your slides. Narrate your story as a sequence of images. Avoid slides which are text heavy. Keep them light. Keep them pretty. Or keep them funny. In most of my talks, a picture usually speaks 300 words.</p> + +<p><strong>Student:</strong> <em>So a story, understanding the audience, using connecting metaphors and images. 4 elements of success.</em> <br /> +<strong>Teacher:</strong> That is one way to put it.</p> + +<p><strong>Student:</strong> <em>Thank you! This was a good story. Do you have another one?</em> <br /> +<strong>Teacher:</strong> Once upon a time…</p> + +<p><img src="/images/general/calvin-going-into-future-for-a-story.png" alt="Calvin 23-May-1992" style="width: 800px;" /> +<a href="http://www.gocomics.com/calvinandhobbes/1992/5/23">Comic from: http://www.gocomics.com/calvinandhobbes/1992/5/23</a></p> + +<h3 id="further-reading">Further Reading:</h3> + +<ul> + <li><a href="https://hbr.org/2014/07/how-to-tell-a-great-story">How to Tell a Great Story (HBR)</a></li> +</ul> + + + + + + 12 Things I Learnt While Teaching Application Security + + 2017-04-12T00:00:00+05:30 + 2017-04-12T12:00:00+05:30 + http://life-lessons.in/2017/04/12/app-security-learning + <h2 id="introduction">Introduction</h2> + +<p>ThoughtWorks runs an Application Security 101 training for people not very familiar with common security topics. The training curriculum covers topics like Threat Modelling, Same Origin Policy, CSRF, Secret Management, Library Vulnerabilities, STRIDE among many others.</p> + +<p>I was a trainer for one of the recent batches in ThoughtWorks Pune, and in researching some of these topics, I came across many interesting links, videos and information. I decided to write a blog outlining them as a reference for my ‘students’. I hope that my technologist friends out there will also find this information fascinating.</p> + +<h2 id="topic-1-continuous-authentication--typing-pattern-detection">Topic 1: Continuous Authentication / Typing pattern detection</h2> + +<p>Technology now exists that can detect if the person who is typing on the keyboard is actually YOU or someone else. It is marketed as Continuous Authentication – where the system is continously checking if the person using the system or the website is the one who is an authorized user, or is someone else impersonating the user. See demos here:</p> + +<ol> + <li><a href="https://www.keytrac.net/en/tryout/authenticate">KeyTrac online demo</a></li> + <li><a href="http://typingdna.com/demo-api.html">TypingDNA online demo</a> (<a href="https://www.youtube.com/watch?v=yH2CqAiY4KA">YouTube Video</a>)</li> + <li><a href="https://www.behaviosec.com/features/#how-it-works">BehavioSec</a>: Uses keyboard and touch gestures to identify you!</li> +</ol> + +<h2 id="topic-2-how-not-to-store-passwords">Topic 2: How NOT to store passwords</h2> + +<p>In this video <a href="https://www.youtube.com/watch?v=8ZtInClXe1Q">How not to store passwords</a>, Tom Scott (Computerphile) explains how websites and application might incorrectly store passwords. And no, encryption isn’t a good idea. He explains how <a href="https://www.youtube.com/watch?v=b4b8ktEV4Bg">hashing</a> with a random salt is the way to go as far as password storage is concerned.</p> + +<h2 id="topic-3-has-my-email-id-been-leaked">Topic 3: Has my email ID been leaked?</h2> + +<p>Go to this link <a href="https://haveibeenpwned.com/">Have I been Pwned?</a> to check if any of your Email IDs, and associated credentials, have ever leaked on the internet. If so, it tells you which source got compromised (Adobe, LinkedIn, etc) and what information got leaked. So, for instance if your email id and credentials have been leaked, then you better not only change your password for the compromised website, but you should also change your password in EACH AND EVERY account where you re-used the same password!</p> + +<p>This is why you should not ever re-use passwords across applications, websites and services. Instead, use a strong password manager and generator like <a href="https://github.com/keepassx/keepassx">KeePassX</a> or <a href="https://1password.com/">1Password</a>.</p> + +<h2 id="topic-4-creating-strong-passwords--dice-ware">Topic 4: Creating strong passwords &amp; Dice-Ware</h2> + +<p>A strong password is one that is very difficult to predict, and cannot easily be brute forced. See this website for examples of extremely strong passwords: <a href="https://passwordcreator.org/#amazing">Password Creator</a>. The good thing about this website is that it runs <em>fully in your browser</em> (so you can go offline and then ask it to generate password recommendations).</p> + +<p>Whenever you use an ONLINE Password CHECKER, or GENERATOR you run the risk of actually <em>leaking</em> your password to the internet. That is why you would want to use OFFLINE tools to generate your passwords, and most good password managers are a safe bet.</p> + +<p><a href="http://world.std.com/~reinhold/diceware.html">Diceware</a> passwords are a simple and strong option for creating your passwords. An example of a diceware password is: “edwin curse clue bose axes bandy”. The idea of diceware was to:</p> + +<ol> + <li>Provide very strong passwords.</li> + <li>Make it easy to type on a phone (no capitals, no special characters, etc).</li> + <li>Make it easy to remember.</li> +</ol> + +<p>You randomly choose five or six (or more) words from a list of 7500+ pre-defined word list. Selecting words from the list is done by throwing a dice a pre-defined number of times per word. Read more about what makes Diceware so strong here: <a href="http://world.std.com/~reinhold/dicewarefaq.html#someoneknows">If someone knows that I am using Diceware, can’t they just use the word list to search for my passphrase?</a></p> + +<h2 id="topic-5-creating-fake-webpages-for-phishing-attacks">Topic 5: Creating Fake Webpages for Phishing Attacks</h2> + +<p>There are many easy-to-use tools available that allow you to create an exact copy of the website you wish to impersonate, so that you can trick a user into entering their credentials into a website that looks exactly like the original. See this <a href="https://www.youtube.com/watch?v=RMCUIQaqw6E">video</a> which explains how one can use a simple tool called SuperPhisher to create a fake Gmail login page.</p> + +<h2 id="topic-6-understanding-same-origin-policy">Topic 6: Understanding Same Origin Policy</h2> + +<p>When a web-page fires an HTTP Request to a different origin (URI Scheme + hostname + port combination), the request will reach the server, but the response will be blocked by the browser (unless authorized by the server using a CORS header). Read more on this here: <a href="https://en.wikipedia.org/wiki/Same-origin_policy">Wikipedia/Same-origin-policy</a>. The same is true for Javascript in a browser not being allowed access to elements created in another “origin”.</p> + +<p>Broadly, one origin is permitted to <strong>send</strong> information to another origin, but one origin is not permitted to <strong>receive</strong> information from another origin. The prohibition on receiving information is intended to prevent malicious web sites from reading confidential information from other web sites, but also prevents web content from legitimately reading information offered by other web sites.</p> + +<p>The restrictions on reading information received from other origins is also somewhat subtle. For example, the HTML &lt;script&gt; element can execute content retrieved from foreign origins, which means web sites should not rely on the same-origin policy to protect the confidentiality of information in a format that happens to parse as script. You need this to happen so that you can load Javascripts hosted on CDNs like for instance <a href="https://code.jquery.com/">JQuery</a>.</p> + +<p>This is also true for the &lt;img&gt; tag which can fire GET requests for loading images, but someone may use them for firing any GET request (and if this GET request modifies data, then a CSRF attack becomes possible). Read more on preventing CSRF here: <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern">OWASP CSRF Prevention Cheat Sheet</a></p> + +<p>In other words, the SOP does not prevent attackers to <strong>write</strong> data to their origin, it only disallows them to <strong>read</strong> data from your domain (cookie, localStorage or other) or to do anything with a response received from their domain.</p> + +<p>Watch this video to grasp the details: +<a href="https://www.youtube.com/watch?v=jDE0cntjOq8">HTML5 Security Part 1/3 - Same Origin Policy Basics</a></p> + +<h2 id="topic-7-how-can-md5-hashes-be-broken-using-non-secure-passwords">Topic 7: How can MD5 Hashes be broken using non-secure passwords</h2> + +<p>This article by Jack Singleton on Martin Fowler’s website <a href="https://martinfowler.com/articles/session-secret.html">One Line of Code that Compromises Your Server</a> shows how easy it is to use a dictionary attack using something like the <a href="https://crackstation.net/">CrackStation Lookup tables</a>.</p> + +<p>To quote from CrackStation itself:</p> + +<p><em>Crackstation’s lookup tables were created by extracting every word from the Wikipedia databases and adding with every password list we could find. We also applied intelligent word mangling (brute force hybrid) to our wordlists to make them much more effective. For MD5 and SHA1 hashes, we have a 190GB, 15-billion-entry lookup table, and for other hashes, we have a 19GB 1.5-billion-entry lookup table.</em></p> + +<p>To quote from Jack’s article:</p> + +<p><em>Wow! In just 43 seconds we blasted through over a billion hashes and, 85.34% of the way through the list, correctly guessed ‘super secret’.</em></p> + +<p>So in essense, if a password created by you or by someone else in the world, ever leaked somehow on the internet, it has most likely reached a dictionary or a password list like CrackStation. You better not re-use it. It’s just simply easier to generate a new password for each usecase, using a strong password generator.</p> + +<p>Related reading: <a href="https://security.stackexchange.com/questions/60691/length-of-passwords-that-are-rainbow-table-safe">Strong passwords and Rainbow Tables</a></p> + +<h2 id="topic-8-easy-hacking-via-social-engineering">Topic 8: Easy hacking via Social Engineering</h2> + +<p>Watch this video to see how easily sometimes people can hack into a person’s account by fooling a call center employee to believe them: <a href="https://www.youtube.com/watch?v=lc7scxvKQOo">Hacker on Call in DEFCON</a>. This technique of tricking people into performing an action they don’t really want to, or reveal information that shouldn’t be, is called Social Engineering.</p> + +<p>Accidental disclosure of information can happen even with SMS based Two Factor Authentication. For instance, if you have SMS preview enabled (which is common nowadays for mobiles), and if the OTP password is present in the first few characters of the SMS, then anyone can see your OTP SMS even if your phone is locked. This is dangerous, and that is why smart implementations of OTP SMS will always put your OTP password at the end of a slightly long SMS message so that message previews don’t accidentaly give away the password to snooping eyes.</p> + +<h2 id="topic-9-the-danger-of-using-fingerprints-for-authentication">Topic 9: The danger of using fingerprints for authentication</h2> + +<p>Fingerprint based authentication is becoming quite common nowadays, with phones and laptops allowing you to swipe a finger, or register multiple fingers for quick access. There are two issues at play here:</p> + +<ol> + <li> + <p>Your fingerprint cannot be modified. Once its lost, or compromised, you pretty much cannot do anything about it. You can’t change your fingerprint! For this reason you need to be very careful of where you give your fingerprint information. You don’t want someone storing your fingerprint in a database which eventually gets compromised. For this reason the recommendations for fingerprint security implementations is to store some representation of the fingerprint, rather than the fingerprint itself, so that in case of a compromise, the original fingerprint information is still safe. Read more about this here: <a href="https://support.apple.com/en-us/HT204587">Apple Fingerprint Security</a></p> + </li> + <li> + <p>Your fingerprint works even when you are sleeping or unconscious. So, if someone whacked you, they can use your fingerprint to access any device by just touching your hand to the device. The same is true if you passed out after a heavy bout of drinking. Think about it.</p> + </li> +</ol> + +<h2 id="topic-10-understanding-https--ssl--tls">Topic 10: Understanding HTTPs / SSL / TLS</h2> + +<p>To understand HTTPs, one needs to understand the following concepts:</p> + +<ol> + <li> + <p>Asymmetric Encryption, which uses a public/private key pair in which the private key remains private and secret, while the public key is shared. This helps in ensuring that data sent to the server (or bank website) which has been encrypted using the server’s public key can only be decrypted using the server’s private key (and not by anyone snooping in between). Also, data sent by the server by encrypting with the private key can only be decrypted by using the public key which guarantees that the message was indeed sent by the trusted server (proving its identity).</p> + </li> + <li> + <p>Symmetric Encryption, which uses a single shared key, is faster than Asymmetric Encryption. Hence the Asymmetric Encryption method is used only for initial handshake, verification and then a random session key is generated to be used for further communication between the client and server for faster and <em>secret</em> communication. Of course, the session key is also sent encrypted using the Asymmetric Encryption mechanism for safe delivery, before switching over.</p> + </li> +</ol> + +<p><strong>Related links to grasp HTTPs better:</strong></p> + +<ol> + <li> + <p>Watch this video to get a good high level understanding of HTTPs/SSL/TLS: <a href="https://www.youtube.com/watch?v=JCvPnwpWVUQ">What is HTTPs?</a> (11 mins)</p> + </li> + <li> + <p>An excellent explanation of HTTPs: <a href="http://robertheaton.com/2014/03/27/how-does-https-actually-work/">How does HTTPs actually work - by Rob Heaton</a></p> + </li> + <li> + <p><a href="https://stackoverflow.com/questions/589622/ssl-question-how-does-a-root-ca-verify-a-signature">How does verification with Root CA Work</a>: <em>… mathematically computed against the <strong>public</strong> part of the CA to verify that the <strong>private</strong> part of the CA actually signed the cert.</em></p> + </li> +</ol> + +<h2 id="topic-11-evercookie-hard-to-delete-cookies">Topic 11: Evercookie: Hard-to-delete cookies</h2> + +<p>Evercookie is a Javascript API, created by Sam Kamkar (of the <a href="https://samy.pl/popular/">Samy worm</a> fame!) that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.</p> + +<p>This is accomplished by storing the cookie data into as many browser storage mechanisms as possible. If cookie data is removed from any of the storage mechanisms, evercookie aggressively re-creates it in each mechanism as long as one is still intact.</p> + +<p>It is totally NOT recommended to use Evercookie, but it is a good idea to understand how they work, so that you can understand how you might be tracked!</p> + +<p>Read more about it here on <a href="https://github.com/samyk/evercookie">Github/smayk/evercookie</a>, and play with a demo here on Samy’s website <a href="https://samy.pl/evercookie/">Try Evercookie</a>.</p> + +<h2 id="topic-12-vulnerability-checker-for-npm-libraries---bithound">Topic 12: Vulnerability Checker for NPM Libraries - Bithound</h2> + +<p>Check out <a href="https://www.bithound.io/">bithound.io</a> to see how a Node.JS project can use a static code analyser and dependency checker to identify components in your project which may have known vulnerabilities. <a href="https://www.bithound.io/">bithound.io</a> is free for Open Source projects, so you should be able to plug it in your public Github projects. See the most popular libraries like <a href="https://www.bithound.io/github/angular/angular.js">Angular.JS</a> and <a href="https://www.bithound.io/github/d3/d3">d3</a> reports on bithound here: <a href="https://www.bithound.io/popular">Popular Bithound Projects</a></p> + +<h2 id="conclusion">Conclusion</h2> + +<p>Teaching is a great way to learn. Just as I did, hopefully you found some of above topics and links fascinating. The field of security is always growing and while new attacks are being uncovered everyday, so are new counter-measures being designed.</p> + + + + + Understanding Open Source Software + + 2017-02-18T00:00:00+05:30 + 2017-03-12T12:00:00+05:30 + http://life-lessons.in/2017/02/18/open-source-explained + <p>I have been contributing to Open Source Software (OSS) for over 3 years now, at ThoughtWorks. Many people seem to have some misconceptions about OSS, or don’t fully realise the implications and impact of OSS. In this blog, I have shared a few of my learnings and thoughts on this topic. If you are technologist – who has some familiarity with OSS, then it’s likely that this article will be helpful.</p> + +<h2 id="just-because-the-source-code-is-available-does-not-mean-it-is-open-source">Just because the source code is available does not mean it is Open Source</h2> + +<p>Most people explain <em>Open Source Software (OSS)</em> as — a software that has made its source code available publicly. That is an incomplete and incorrect definition of the term <em>Open Source Software</em>.</p> + +<p>An Open Source Software is software where the code is not only freely available to view, but also to modify, redistribute, and has an associated license that allows for this to happen. This is how Wikipedia defines <a href="https://en.wikipedia.org/wiki/Open-source_software">Open Source Software (OSS)</a>:</p> + +<p><strong>Open-source software (OSS) is computer software with its source code made available with a license +in which the copyright holder provides the rights to study, change, and distribute the software to anyone +and for any purpose.</strong></p> + +<p>Irrespective of the OSS license being applied, the above conditions should be true for a software to call itself Open Source.</p> + +<p>A more precise, easy-to-understand and widely referenced definition of Open Source Software is maintained and managed by the Open Source Initiative (OSI) on this page: <a href="https://opensource.org/osd-annotated">Open Source Definition</a>. It mentions ten criteria that should be satisfied by the distribution terms of the software license for it to be accepted as Open Source. Some of these criteria are: free redistribution, must have easy access to un-obfuscated source code, should allow modifications and distribution of these modifications, should be free of discrimination against people/geographies/groups/field of endeavour/technology stack, etc.</p> + +<p>So – just having access to source code isn’t Open Source. It’s a much broader term, associated with greater freedom.</p> + +<h2 id="so-then-what-is-the-deal-with-the-different-licenses----gpl-mpl-apache-etc">So then what is the deal with the different licenses – GPL, MPL, Apache, etc?</h2> + +<p><strong>Note: I am not a lawyer. Please consult a qualified lawyer when you are inspecting / figuring out an OSS License for your company or software. My advice here is informal. Licenses are a complex beast – especially when softwares containing different licenses are put into the mix.</strong></p> + +<p>There are many available OSS licenses publicly recognized to make it convenient for you to choose the one that suits your needs. The Open Source Initiative (OSI) maintains a <a href="https://opensource.org/licenses/alphabetical">list of approved licenses here</a> for you to choose from.</p> + +<p>All these licenses are recognized as Open Source Licenses, and hence should provide the same freedom as mentioned above while explaining what does OSS mean – but there is always something unique about each license that makes them stand apart. This is why you need legal counsel. Your motivations and business model will affect the choice of license.</p> + +<p>Licenses like the GPL license are called <a href="https://en.wikipedia.org/wiki/Copyleft">Copyleft licenses</a> which are protective in nature. If you use a GPL Licensed software library in your software you will require to make your own software freely available under the GPL License. If you are a commercial / proprietary software team, you most likely do not want to open source your proprietary software, and therefore won’t be able to include libraries licensed under GPL. Do check out: <a href="https://softwareengineering.stackexchange.com/questions/47032/can-i-use-gpl-software-in-a-commercial-application">Can I use GPL software in a commercial application?</a> As an example – iText is a library for generating PDFs which is provided under an <a href="http://www.affero.org/oagf.html">AGPL license</a> (free) and also under a commercial license that allows you to include it in programs that are released under a license of your choice (paid). You will not be able to include its free version in the source code to closed-source software for the same reasons articulated above. Read about <a href="http://itextpdf.com/legal">iText License implications here</a>.</p> + +<p>Interesting articles to read: <a href="https://opensource.com/article/17/2/decline-gpl">The Decline of GPL?</a> +and <a href="https://softwareengineering.stackexchange.com/questions/226111/can-i-use-mongodb-for-a-commercial-web-based-service">Can I use MongoDB for a commercial web based service?</a></p> + +<p><strong>Important Notes</strong>:</p> + +<ol> + <li><em>I work on an open source hospital system called <a href="http://bahmni.org">Bahmni</a>, for low-resource environments. This software is licensed under AGPL license. Distributing the software under the AGPL means that any modifications or improvements done for Bahmni must be made available to all for free. In this way, the choice of license helps to ensure that the software will remain a public benefit to humanity and no one can capture it for their private gain. Read more about some problems with commercial EHR here: <a href="http://www.openhealthnews.com/blogs/ramaduro/2017-01-19/obama-and-biden-blast-ehr-vendors-data-blocking">Obama and Biden Blast EHR Vendors for Data Blocking</a>.</em></li> + <li><em>Linux is licensed under GPLv2. For good reasons. From this <a href="http://www.zdnet.com/article/linus-torvaldss-love-hate-relationship-with-the-gpl/">article</a>, Linus Torvalds says: “The GPL ensures that nobody is ever going to take advantage of your code. It will remain free and nobody can take that away from you. I think that’s a big deal for community management.”</em></li> + <li><em>Do you know the differences between Red Hat Enterprise Linux RHEL (paid) and CentOS Linux (free)? You might be surprised to know that the code of CentOS Linux is created from RHEL source code with all Red Hat trademark information removed – because Red Hat invests/pays for the trademark and logo, but the underlying Linux and its modifications are required to be made freely available as source code – which allows the creation of CentOS. This is why so many companies use CentOS – because they believe they get the same quality for free! Amazing. Isn’t it? Read more here: <a href="https://en.wikipedia.org/wiki/CentOS">Wikipedia/CentOS</a> and here: <a href="https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux_derivatives">Wikipedia/RedHatDerivatives</a>.</em></li> +</ol> + +<p>But some OSS would prefer to focus on getting lots of people to adopt them quickly and easily, especially software platforms and libraries – because the wider the adoption of a software, the more chances are that its bugs will surface quicker, it will become more stable, it will have more impact, and more people will contribute to it. Once a company or a team invests in a software stack, it’s unlikely that they would want to throw it away on the slightest excuse! This is why many Open Source Software projects choose a more permissive license which allows you to ship and use them in commercial packages. Think of <a href="https://github.com/angular/angular.js/blob/master/LICENSE">Angular.js</a>, <a href="http://react-etc.net/entry/your-license-to-use-react-js-can-be-revoked-if-you-compete-with-facebook">React.js</a>, <a href="https://www.postgresql.org/about/licence/">Postgres</a>, <a href="https://en.wikipedia.org/wiki/Spring_Framework">Spring Framework</a>, <a href="https://www.ruby-lang.org/en/about/license.txt">Ruby Language</a>, <a href="https://github.com/jquery/jquery/blob/master/LICENSE.txt">jQuery</a>, <a href="https://tomcat.apache.org/legal.html">Tomcat Server and other softwares from Apache</a>, <a href="https://en.wikipedia.org/wiki/Nginx">Nginx</a>, <a href="https://en.wikipedia.org/wiki/Selenium_(software)">Selenium Test Framework</a>, <a href="https://en.wikipedia.org/wiki/JUnit">jUnit</a> and many other libraries, tools and software which we all use in proprietary software – are all Open Source! They are licensed in a manner that allows others to benefit off them. Isn’t that awesome! So – have you given them back something? Have you helped making them better or popular?</p> + +<h2 id="so-do-people-make-any-money-with-open-source-softwares">So do people make any money with Open Source Softwares?</h2> + +<p>I think it’s important to separate this question into two areas – one for the company and the other for an individual.</p> + +<p>So, let’s ask the first question: <strong>As a company, if I open source my software - can I make money?</strong> The answer is: <strong>Unlikely</strong>. The software after all is free, and hence you can’t really make money from it. But it might make long term business and financial sense to still do it – for reasons like adoption and maintenance. Platform products like Android and OpenStack are open source so that people can use them widely and build commercial models on top of them. The more people adopt Android for instance, the more people use Google Search and related services. That drives revenue and profits for Google. Open sourcing their platform, helps companies stay relevant.</p> + +<p>For instance in this article on Tech Radar (<a href="http://www.in.techradar.com/news/software/The-reasons-behind-Microsofts-drive-for-open-source/articleshow/51512501.cms">The reasons behind Microsoft’s drive for open source</a>) Wes Miller, Vice President at analyst group Directions on Microsoft points out: +<em>“Much like Apple and Google, whose open source projects may be strategic to a degree of mindshare (but not revenue), the projects that Microsoft has chosen to open source are intended to help build community/collaboration and mindshare. The areas of the company that are still breadwinners are not open source, nor do I believe we should expect them to be anytime soon”.</em></p> + +<p>This is not to say that companies are not making money from Open Source software. There are <a href="https://en.wikipedia.org/wiki/Business_models_for_open-source_software">15+ business models with OSS</a> mentioned on Wikipedia. The obvious ones are Support and Professional Services around the software package, but people can do a lot more including writing paid add-ons, software-as-a-service, advertisements, trainings, etc.</p> + +<p>For good examples of businesses that rely on Open Source Software, and the associated struggle, I would recommend reading this article by TechCrunch (<a href="https://techcrunch.com/2016/02/09/the-money-in-open-source-software/">Money in Open Source Software</a>). It says: <em>“Despite the growing popularity of open-source software, though, many open-source companies are not financially healthy. Just like eyeballs didn’t translate into actual online purchases during the first dot-com era in the late 1990s, millions of free-software downloads do not always lead to sustainable revenue streams.”</em></p> + +<p>Now - lets ask the second question: <strong>As a developer or a technologist - can I make money by working on Open Source Software?</strong> The answer is: <strong>Pretty Likely – if you are good at what you do and your chosen OSS is in-demand</strong>. Developing and maintaining good software is hard - especially if it’s being used by multiple customers.</p> + +<p>With Open Source, the advantage is that there are very few geographical barriers for team members – since the code and software is available online easily. So, people from across cities can contribute to the project, and be paid to consult, maintain, develop and deploy softwares. This can also help the individual build their brand, connect with other like minded people around the world, and be called upon for important gigs. Plus, once a company has already invested in a particular open source stack, they would be compelled and happy to pay for its evolution – to keep their own systems up-and-running, or even to beat the competition.</p> + +<p><strong>But most contributors worldwide contribute to Open Source software for free. Because the returns themselves are worth it.</strong></p> + +<h2 id="this-sounds-very-interesting-should-i-participate-in-a-particular-open-source-software">This sounds very interesting. Should I participate in a particular Open Source software?</h2> + +<p>If you are a developer, a QA, a BA, a technologist – you have very little excuse to not be involved in some Open Source Software. Why should you limit your exposure, experience and learnings to only the project you are on? Why not contribute and learn from the zillions of OSS that are out there? Most of these softwares are looking for technical contributions and to make greater impact.</p> + +<p>Pick a topic that you love. Or a software you would be interested in. Do you like Security, Music, Medicine, Programming Languages, Painting, Maths, Teaching, Kids, Criminology, Guitar, Sports, Gym, FILL-IN-THE-BLANKS? Find an OSS in your chosen area, whatever motivates you, and jump in. Projects need help on everything under the sun – from developing small/large features, to writing unit/integration/functional tests, to setting up CI/CD servers, to documentation, to creating stories, to fixing bugs, to creating presentations, to publishing videos, to organizing events, to evaluating libraries, to helping in rollouts and implementations of their softwares, to…. you get it. Whatever you do in your organization on your project; the OSS also needs that to be done. Plus, you can be a QA contributing to Development tasks, or a Dev contributing to recording videos, and so on.. because no one cares what “role” you come from – it’s what you want to do!</p> + +<p>Most OSS projects will have a chatroom on IRC/Slack/etc, a mailing list, a public version control repository (likely Github), a public task management system (like JIRA, Github Issues, Trello, etc), and periodic virtual meetings. If you go in with sincerity, and resolve — your work will be highly appreciated.</p> + +<h2 id="a-list-of-open-source-projects-you-might-consider">A list of Open Source Projects you might consider</h2> + +<p>A short list of suggestions from my side. It’s a drop in the ocean. The important thing is to choose a project you <strong>want</strong> to contribute to. Find your holy grail.</p> + +<ul> + <li><a href="http://bahmni.org">Bahmni</a>: Open Source EMR &amp; Hospital System (or <a href="http://openmrs.org">OpenMRS</a>)</li> + <li><a href="https://pixelated-project.org/">Pixelated</a>: Encrypted/Private/Secure Web based email</li> + <li><a href="https://moodle.org/">Moodle</a>: Free Learning Management System</li> + <li><a href="https://www.bugzilla.org/">BugZilla</a>: Task Management and Issue Management System</li> + <li><a href="https://www.ushahidi.com/">Ushahidi</a>: Real time, crowdsourced crisis management and mapping tool</li> + <li><a href="https://github.com/audacity/audacity">Audacity</a>: Digital Audio Editor</li> + <li><a href="https://en.wikipedia.org/wiki/List_of_free_and_open-source_software_packages">Wikipedia/List of Open Source Softwares</a>: Huge list of Open Source softwares by category</li> +</ul> + +<p>The Open Source Software movement is big. It’s time to jump in. Give back. Learn. Soak. Become part of alternative communities, across multiple countries. You will be welcomed.</p> + +<h2 id="podcast-on-open-source-myths---with-karl-brown">Podcast on Open Source Myths - With Karl Brown</h2> + +<p><strong>If you liked this article, you may also like this podcast I recorded with Karl Brown from ThoughtWorks +where we talk about <a href="https://www.thoughtworks.com/insights/blog/podcast-open-source-myths-and-truths">Myths &amp; Truths in Open Source Software</a>.</strong></p> + +<h2 id="further-reading-on-open-source">Further Reading on Open Source</h2> + +<ul> + <li><a href="https://www.howtogeek.com/howto/31717/what-do-the-phrases-free-speech-vs.-free-beer-really-mean/">Free as in Beer, or Free as in Speech – Understanding the difference</a></li> + <li><a href="http://twiki.org/cgi-bin/view/Blog/BlogEntry201207x1">Difference between Open Source License vs Copyright vs Trademark</a></li> + <li><a href="http://www.amazon.in/Success-Open-Source-Steven-Weber/dp/0674018583">Book: The Success of Open Source by Steven Weber</a></li> +</ul> + + + + + Reduce Computer Eye Strain with F.lux + + 2016-09-05T00:00:00+05:30 + 2016-00-05T12:00:00+05:30 + http://life-lessons.in/2016/09/05/reduce-eye-strain-with-flux + <p><img src="/images/general/flux-logo.jpg" alt="f.lux" /></p> + +<p>About 3 years ago, one of my colleagues in ThoughtWorks, <a href="https://www.thoughtworks.com/profiles/sam-gibson">Sam Gibson</a>, suggested I try out <a href="https://justgetflux.com/">f.lux</a>.</p> + +<p>f.lux changes the <a href="http://www.eizo.com/library/basics/color_temperature_on_an_LCD_monitor/">Color temperature</a> of my mac screen in the evening, so that the blue light from the screen is removed, and +instead a nice warm set of colors are emitted from the screen. This drastically reduced the strain that I felt on my screen +at night. It felt weird, the first 3 or 4 days, when my screen colors changed in the evening. But then soon enough, I +even stopped realizing when f.lux changed the colors. It would only be a passerby, who would look at my screen, and wonder: +Hey what happened to your screen?</p> + +<p>Over the last few months, I have recommended this app to many friends. One of whom used to get a headache by evening +working on the computer, and had resigned to the fact that such is life. After trying out f.lux, his incidences of headaches +have drastically reduced!</p> + +<p>As the f.lux website says: “<em>f.lux makes your computer screen look like the room you’re in, all the time. +When the sun sets, it makes your computer look like your indoor lights. In the morning, it makes things look +like sunlight again.</em>”</p> + +<p>I would recommend you to try (please note, I am not a doctor!). f.lux sits happily in your menu bar, and you can toggle it +temporarily off (for an hour) when you feel the need to switch back to normal color mode, say for doing some photoshop or color +editing, etc. f.lux is also available for Windows, and I think similar apps are now available for tablets &amp; phones too.</p> + +<p>Besides <a href="https://justgetflux.com/">f.lux</a>, I am also using <a href="http://iamfutureproof.com/tools/awareness/">Awareness</a>, to help +remind me how long I have not taken a break on the computer, and the +<a href="https://itunes.apple.com/us/app/pomodoro-time-focus-timer/id953426154?ls=1&amp;mt=8">Pomodoro timer</a>, +to help me focus on a specific task at a time.</p> + +<p>Do try out these apps.</p> + + + + + Mars Rover Problem in Scala + + 2016-04-24T00:00:00+05:30 + 2016-04-24T12:00:00+05:30 + http://life-lessons.in/2016/04/24/mars-rover-problem-in-scala + <p>Priyank Gupta, a respected ex-ThoughtWorker from the Pune office, wrote an excellent blog series in 2014 titled: +<a href="http://priyaaank.tumblr.com/post/95095165285/decoding-thoughtworks-coding-problems">Decoding ThoughtWorks Coding Problems</a>.</p> + +<p>In this blog he explains what constitutes good code &amp; design, using the now decommissioned Mars Rover problem as an example. +His code is in Java. I decided to showcase the same design in Scala, using only “the good parts” of Scala, with an aim of keeping +the solution easy to understand, and enhance.</p> + +<p>My implementation can be seen on Github here: <a href="https://github.com/gsluthra/mars-rover-scala">mars-rover-scala</a>.</p> + + + + + When Money gets in the way of Life + + 2016-03-03T00:00:00+05:30 + 2016-03-03T12:00:00+05:30 + http://life-lessons.in/2016/03/03/money-in-way-of-life + <p>I wrote this blog on Bahmni Community Blogs on Medium. Read the full blog here: +<a href="https://medium.com/bahmni-blog/when-money-gets-in-the-way-of-life-5162466a5c83#.iasyzsjru">When Money gets in the way of Life - Bahmni Blogs</a></p> + + + + + Every Single Retro + + 2016-02-03T00:00:00+05:30 + 2016-02-03T12:00:00+05:30 + http://life-lessons.in/2016/02/03/every-single-retro + <p><img src="/images/general/EverySingleRetro.jpg" alt="EverySingleRetro" style="width: 500px;" /></p> + + + + + The Velocity Conundrum + + 2015-12-25T00:00:00+05:30 + 2015-12-25T12:00:00+05:30 + http://life-lessons.in/2015/12/25/The-Velocity-Conundrum + <p>Velocity! It’s a term that has potentially confounded, frustrated and perhaps amused Agile practitioners and customers alike at some point. It’s a concept that can be quite helpful though, when used accurately as a planning &amp; estimation tool.</p> + +<p><em>Velocity is a measure of the number of story points delivered in an Iteration</em>. The word <strong>delivered</strong> here means - dev &amp; test complete, and +ready for Production. Depending on your organizational maturity it could also mean – <strong>in Production</strong>.</p> + +<h3 id="velocity-as-a-guide">Velocity as a Guide</h3> + +<p>Let’s take an example of how one uses velocity as a guiding metric.</p> + +<p>For instance, in Iteration-1 (I-1), if a team completes 12 story points, then the velocity of the team is 12. It means that, in next iteration you can assume the team will be able to deliver about 12 points worth of features. Another way of saying this, is that <em>yesterday’s weather</em> is 12.</p> + +<p>In I-2, if the team delivers 15 points, then for I-3 you can plan for approx 13 (avg of I-1 and I-2). On the other hand, if the team delivers say 10 points in I-2, then next time you plan for 11 (avg of I-1 and I-2).</p> + +<p>In general, you average the velocity of the last three iterations, and use that as <em>yesterday’s weather</em> to arrive at what you should expect as velocity for the next iteration.</p> + +<h3 id="low-velocity">Low Velocity</h3> + +<p>If the team achieves lesser points in an iteration than what you expected, should you be concerned? The answer is: <em>It depends</em>. You should try +and find out the possible cause, and then decide whether you should be concerned or not. <em>The aim is to reach a sustainable cadence +that allows for healthy team productivity and greater customer satisfaction</em>.</p> + +<p>A retrospective meeting at the end of an iteration, is a practical way to discuss potential reasons for drop (or increase) in velocity. Some possible reasons for a drop in velocity are:</p> + +<ol> + <li>The features being developed were more complex than estimated (or expected).</li> + <li>High technical debt in certain parts of the system is causing development to be slower than expected. Think of tech debt as hurdles on your way. The more the hurdles, the higher the friction, the slower you will move.</li> + <li>Other factors like too many red builds, flaky acceptance tests, network issues, unnecessary meetings, bugs from previous iteration or holidays, could have sucked away precious time from the team – and hence they could not work on feature development as much as they otherwise would have.</li> +</ol> + +<p>Usually a drop in velocity is due to a combination of the above factors. You may be able to remove some hurdles and mitigate some challenges. Or, maybe you can’t do anything about some of the reasons. You note them down, voice them, and remember to account for them in future iteration plans where applicable.</p> + +<h3 id="the-upper-management-effect">The “Upper Management” Effect</h3> + +<p>Many teams (and managers) don’t want to show a velocity drop. Because <em>upper management</em> will frown upon them as an indicator of slacking +and under achievement.</p> + +<p>This leads to people coming up with various ways of showing that their velocity is the same as before. +For instance, claims like: “<em>We were busy refactoring the service layer, so, we should claim 2 points for that</em>”. Or, “<em>We were blocked due to +network issues, and hence we claim 1 point for that</em>”. So now, with these deviations, total velocity is shown to be:</p> + +<p><strong>9</strong> (actual for feature development) + <strong>2</strong>(for refactoring) + <strong>1</strong> (for network issues) = <strong>12</strong> (hey.. this is 1 point better than usual! All is good!)</p> + +<p>This velocity adjustment for <em>upper management’s</em> sake is a recipe for disaster. Instead of fixing organizational, technical and business issues, we have made everything look “OK” and reached a status-quo.</p> + +<p>The fixation for treating velocity as a productivity measure, has led to a loss of agility and muddled priorities.</p> + +<h3 id="high-performance-teams--trust">High Performance Teams &amp; Trust</h3> + +<p>Agile practices only work when you trust the team. Trust can only be developed, when you hire the right people for the job. The right people for the job are people who care about their work, and are good at what they do. Organizations have a duty to hire the best, and then get out of the way, whilst providing periodic and necessary support.</p> + +<p>Velocity as a metric, will be useful only if the team is passionate about delivering and improving their own productivity. If the team is looking at answering the question - “How can we do better?”, then velocity can help the team to inform them if they are on the right track.</p> + +<p>But, depending ONLY on <em>velocity</em> as a measure of your improvement is wrong. You may see a drop in <em>velocity</em> due to many external factors, even when the team is taking the right steps to improve the quality of the system. It is analogous to seeing <em>weight</em> as the only measure of improving health.</p> + +<h3 id="conclusion">Conclusion</h3> + +<p>Velocity should be treated as a guide using which you plan the next iteration and measure the impact of your adjustments or fixes. Velocity also acts as an approximate tool to provide visibility into when certain features will make it into the release.</p> + +<p>Velocity is <em>NOT</em> a measure of the quality of the work being done by the team or of the productivity of the team.</p> + +<h3 id="further-reading">Further Reading</h3> + +<ol> + <li> + <p><a href="http://jimhighsmith.com/Velocity-is-killing-agility/">Velocity is killing agility (Jim Highsmith)</a></p> + + <p><em>Over emphasis on velocity causes problems because of its wide use as a productivity measure. The proper use of velocity is as a calibration tool, a way to help do capacity-based planning…</em></p> + </li> + <li> + <p><a href="http://martinfowler.com/bliki/XpVelocity.html">XpVelocity (Martin Fowler)</a></p> + + <p><em>Velocity is a tool for calibrating estimations for YesterdaysWeather, it is not a measure of productivity.</em></p> + </li> + <li> + <p><a href="https://en.wikipedia.org/wiki/Technical_debt">Technical Debt (Wikipedia)</a></p> + + <p><em>If the debt is not repaid, then it will keep on accumulating interest, making it hard to implement changes later on. Unaddressed technical debt increases software entropy.</em></p> + </li> + <li> + <p><a href="http://www.infoq.com/articles/not-destroy-team-metrics">How To Not Destroy your Agile Team with Metrics (InfoQ)</a></p> + + <p><em>The streetlight effect is our human tendency to look for answers where it’s easy to look rather than where the actual information is.</em></p> + </li> +</ol> + + + + + + Podcasts I Love + + 2015-11-15T00:00:00+05:30 + 2015-11-15T12:00:00+05:30 + http://life-lessons.in/2015/11/15/podcasts-i-love + <p>Driving in India is a test of patience. And a waste of time.</p> + +<p>A few months ago, I decided to try an experiment while driving to office (about a 30 minutes ride one way). +Podcasts.</p> + +<p>Turns out, I had uncovered something amazing. Podcasts made me forget the time I spend on the road, and instead opened a window to a world I didn’t know existed. +I now found an opportunity to hear interviews and stories, of lives of people, in far away places. +People, whose stories, I would otherwise never have heard.</p> + +<p>He is a list (I plan to keep up-to-date), with a list of podcasts I really enjoyed, or were super thought-provoking. If you like these, please bookmark this post.</p> + +<p><img src="http://englishminds.co.uk/wp-content/uploads/2014/06/Podcast.jpg" alt="Podcasts" style="width: 200px;" /></p> + +<h3 id="list-of-podcasts">List of Podcasts</h3> + +<ol> + <li><a href="http://fourhourworkweek.com/2015/01/15/pavel-tsatsouline/">[Tim Ferris Interview] Pavel Tsatsouline on the Science of Strength and the Art of Physical Performance</a>: +Fundamentals of Strength training, kettle bell, no-nonsense, fitness, and many things under the world.</li> + <li><a href="http://fourhourworkweek.com/2015/07/05/stanley-mcchrystal/">[Tim Ferris Interview] General Stan McChrystal on Eating One Meal Per Day, Leadership in the Military, +Special Ops, and Mental Toughness</a>: An interesting interview on Leadership challenges in the military +and what can we learn from them, for navigating the civilian world.</li> + <li><a href="http://fourhourworkweek.com/2015/09/25/jocko-willink/">[Tim Ferris Interview] The Scariest Navy SEAL Imaginable…And What He Taught Me</a>: An interview with Jocko Willink +about training for jiu-jitsu, managing fear, leadership in SEAL teams, fitness and discipline.</li> + <li><a href="http://www.npr.org/programs/ted-radio-hour/368757408/courage">[NPR TED Talk] Courage</a>: Understanding courage in people – talks by some remarkable people, with remarkable +achievements.</li> + <li><a href="http://www.npr.org/programs/ted-radio-hour/377505449/keeping-secrets">[NPR TED Talk] Keeping Secrets</a>: Secrets in the world.</li> + <li><a href="http://www.npr.org/programs/ted-radio-hour/357846020/quiet">[NPR TED Talk] Quiet</a>: A Man who did not speak for 17 years. And the importance of Quiet.</li> + <li><a href="http://www.npr.org/2013/04/25/179010396/unstoppable-learning">[NPR TED Talk] Unstoppable Learning</a>: A fantastic experiment on how children can learn without any teachers.</li> + <li><a href="http://www.stuffyoushouldknow.com/podcasts/how-the-berlin-wall-worked/">[Stuff You Should Know] How the Berlin Wall Worked</a>: The amazing history of the wall that divided East +and West Germany for 28 years.</li> + <li><a href="http://www.stuffyoushouldknow.com/podcasts/black-boxes-work/">[Stuff You Should Know] How Black Boxes Work</a>: An understanding of black boxes on the planes, and their history. Very fascinating.</li> + <li><a href="http://www.stuffyoushouldknow.com/podcasts/owning-gun-change-behavior-2/">[Stuff You Should Know] Does Owning a Gun Change your Behavior</a>: Gun Control, and the psychological impact of owning a gun. +It isn’t what you think it is.</li> + <li><a href="http://www.stuffyoushouldknow.com/podcasts/bitcoin-works/">[Stuff You Should Know] How Bitcoin Works</a>: An explanation of Bitcoin.</li> + <li><a href="http://www.stuffyoushouldknow.com/podcasts/can-you-test-a-nuclear-weapon-without-a-fallout/">[Stuff You Should Know] Can you test a Nuclear Weapon without a Fallout?</a>: A history of the various nuclear weapon tests conducted on Planet Earth, and their repercussions.</li> + <li><a href="http://www.npr.org/2017/03/06/518786831/tribes-traitors-what-happens-when-you-empathize-with-the-enemy">[NPR Hidden Brain] Tribes &amp; Traitors</a>: What Happens When You Empathize with the Enemy?: The more trauma an individual or a group has experienced, the harder it can be to acknowledge the suffering of the other side. A look into the life of a former Israeli paratrooper and a Palestinanian professor who empathized with the other side.</li> + <li><a href="http://www.npr.org/2016/11/29/503594516/in-praise-of-mess-why-disorder-may-be-good-for-us">[NPR Hidden Brain] In Praise of Mess</a>: Why Disorder May Be Good For Us: In this episode of Hidden Brain, economist and writer Tim Harford talks about how an embrace of chaos is beneficial to musicians, speechmakers, politicians – and the rest of us.</li> + <li><a href="https://fs.blog/naval-ravikant/">[Farnam Street] Interview with Naval Ravikant</a>: Words of wisdom on life, decision making, the importance of reading, meditation and a lot of other topics. This is one of the best podcasts I have heard. You can also read the audio transcript <a href="https://www.fs.blog/wp-content/uploads/2017/02/Naval-Ravikant-TKP.pdf">here</a>.</li> +</ol> + +<p>I usually listen to podcasts on the <a href="https://itunes.apple.com/in/app/podcasts/id525463029?mt=8&amp;ign-mpt=uo%3D4">Iphone podcast app</a>.</p> + + + + + + \ No newline at end of file diff --git a/favicon.ico b/favicon.ico new file mode 100644 index 0000000..6efbb64 Binary files /dev/null and b/favicon.ico differ diff --git a/images/LL-logo.png b/images/LL-logo.png new file mode 100644 index 0000000..7380dbd Binary files /dev/null and b/images/LL-logo.png differ diff --git a/images/general/AEModel_AndrewNG.png b/images/general/AEModel_AndrewNG.png new file mode 100644 index 0000000..8cdd448 Binary files /dev/null and b/images/general/AEModel_AndrewNG.png differ diff --git a/images/general/AEModel_Imposter_Syndrome_Tweet.png b/images/general/AEModel_Imposter_Syndrome_Tweet.png new file mode 100644 index 0000000..5f187fc Binary files /dev/null and b/images/general/AEModel_Imposter_Syndrome_Tweet.png differ diff --git a/images/general/AEModel_Knowledge_size.png b/images/general/AEModel_Knowledge_size.png new file mode 100644 index 0000000..05dfc09 Binary files /dev/null and b/images/general/AEModel_Knowledge_size.png differ diff --git a/images/general/AEModel_Moving_across_the_quadrants.png b/images/general/AEModel_Moving_across_the_quadrants.png new file mode 100644 index 0000000..897c929 Binary files /dev/null and b/images/general/AEModel_Moving_across_the_quadrants.png differ diff --git a/images/general/AEModel_The_Model.png b/images/general/AEModel_The_Model.png new file mode 100644 index 0000000..874e8c6 Binary files /dev/null and b/images/general/AEModel_The_Model.png differ diff --git a/images/general/Calvin_Bridge.jpg b/images/general/Calvin_Bridge.jpg new file mode 100644 index 0000000..8c6df21 Binary files /dev/null and b/images/general/Calvin_Bridge.jpg differ diff --git a/images/general/EverySingleRetro.jpg b/images/general/EverySingleRetro.jpg new file mode 100644 index 0000000..275322c Binary files /dev/null and b/images/general/EverySingleRetro.jpg differ diff --git a/images/general/Gurpreet_Sign.png b/images/general/Gurpreet_Sign.png new file mode 100644 index 0000000..cd0cb90 Binary files /dev/null and b/images/general/Gurpreet_Sign.png differ diff --git a/images/general/artists.jpg b/images/general/artists.jpg new file mode 100644 index 0000000..ac5299b Binary files /dev/null and b/images/general/artists.jpg differ diff --git a/images/general/calvin-going-into-future-for-a-story.png b/images/general/calvin-going-into-future-for-a-story.png new file mode 100644 index 0000000..2be65d1 Binary files /dev/null and b/images/general/calvin-going-into-future-for-a-story.png differ diff --git a/images/general/colombo_beach_image_small.jpg b/images/general/colombo_beach_image_small.jpg new file mode 100755 index 0000000..8e0e445 Binary files /dev/null and b/images/general/colombo_beach_image_small.jpg differ diff --git a/images/general/flux-logo.jpg b/images/general/flux-logo.jpg new file mode 100644 index 0000000..f884100 Binary files /dev/null and b/images/general/flux-logo.jpg differ diff --git a/images/general/gp-openmrs-conf.jpg b/images/general/gp-openmrs-conf.jpg new file mode 100644 index 0000000..ad8d8d7 Binary files /dev/null and b/images/general/gp-openmrs-conf.jpg differ diff --git a/images/general/gp-profile.png b/images/general/gp-profile.png new file mode 100644 index 0000000..f08de96 Binary files /dev/null and b/images/general/gp-profile.png differ diff --git a/images/general/gp-rect.png b/images/general/gp-rect.png new file mode 100644 index 0000000..6cf82de Binary files /dev/null and b/images/general/gp-rect.png differ diff --git a/images/general/gp-square-v.jpg b/images/general/gp-square-v.jpg new file mode 100644 index 0000000..b7e692c Binary files /dev/null and b/images/general/gp-square-v.jpg differ diff --git a/images/general/gp-square.jpg b/images/general/gp-square.jpg new file mode 100644 index 0000000..43fa485 Binary files /dev/null and b/images/general/gp-square.jpg differ diff --git a/images/general/gp-tint-square.png b/images/general/gp-tint-square.png new file mode 100644 index 0000000..346e275 Binary files /dev/null and b/images/general/gp-tint-square.png differ diff --git a/images/general/guitar.jpg b/images/general/guitar.jpg new file mode 100644 index 0000000..cdca6c0 Binary files /dev/null and b/images/general/guitar.jpg differ diff --git a/images/general/martin-backpacker-guitar.jpg b/images/general/martin-backpacker-guitar.jpg new file mode 100755 index 0000000..b45f585 Binary files /dev/null and b/images/general/martin-backpacker-guitar.jpg differ diff --git a/images/general/orange-evening.jpg b/images/general/orange-evening.jpg new file mode 100644 index 0000000..90fece9 Binary files /dev/null and b/images/general/orange-evening.jpg differ diff --git a/images/general/pottery.jpg b/images/general/pottery.jpg new file mode 100644 index 0000000..1dcc92a Binary files /dev/null and b/images/general/pottery.jpg differ diff --git a/images/general/pray-bells-2.jpg b/images/general/pray-bells-2.jpg new file mode 100644 index 0000000..34b9c27 Binary files /dev/null and b/images/general/pray-bells-2.jpg differ diff --git a/images/general/pray-bells.jpg b/images/general/pray-bells.jpg new file mode 100644 index 0000000..b2da7cf Binary files /dev/null and b/images/general/pray-bells.jpg differ diff --git a/images/general/singapore-street.jpg b/images/general/singapore-street.jpg new file mode 100644 index 0000000..e8b5717 Binary files /dev/null and b/images/general/singapore-street.jpg differ diff --git a/images/general/snow-jeep.jpg b/images/general/snow-jeep.jpg new file mode 100644 index 0000000..2c63a62 Binary files /dev/null and b/images/general/snow-jeep.jpg differ diff --git a/images/general/thoughtworks-badges.jpg b/images/general/thoughtworks-badges.jpg new file mode 100644 index 0000000..edb96a3 Binary files /dev/null and b/images/general/thoughtworks-badges.jpg differ diff --git a/images/general/turkey-ocean-1.jpg b/images/general/turkey-ocean-1.jpg new file mode 100755 index 0000000..852169b Binary files /dev/null and b/images/general/turkey-ocean-1.jpg differ diff --git a/images/general/turkey-water-share.jpg b/images/general/turkey-water-share.jpg new file mode 100644 index 0000000..56d6496 Binary files /dev/null and b/images/general/turkey-water-share.jpg differ diff --git a/images/general/turkey-water.jpg b/images/general/turkey-water.jpg new file mode 100644 index 0000000..3accbb9 Binary files /dev/null and b/images/general/turkey-water.jpg differ diff --git a/images/incorporated.jpg b/images/incorporated.jpg new file mode 100644 index 0000000..ff471dc Binary files /dev/null and b/images/incorporated.jpg differ diff --git a/images/ks.png b/images/ks.png new file mode 100644 index 0000000..c4edf48 Binary files /dev/null and b/images/ks.png differ diff --git a/images/logo.png b/images/logo.png new file mode 100644 index 0000000..9936737 Binary files /dev/null and b/images/logo.png differ diff --git a/images/social-icons-after-tweaks.png b/images/social-icons-after-tweaks.png new file mode 100644 index 0000000..65a874c Binary files /dev/null and b/images/social-icons-after-tweaks.png differ diff --git a/images/social-icons-before-tweaks.png b/images/social-icons-before-tweaks.png new file mode 100644 index 0000000..05a3936 Binary files /dev/null and b/images/social-icons-before-tweaks.png differ diff --git a/index.html b/index.html new file mode 100644 index 0000000..e603c46 --- /dev/null +++ b/index.html @@ -0,0 +1,371 @@ + + + + + + life-lessons.in — Adventures in Software and Life + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+
+
+

life-lessons.in

+

Adventures in Software and Life

+ + + + + + + + + + + +
+
+
+
Istanbul, Turkey
+ +
+
+ +
+

I Know That I Know Nothing

+

In this blog I introduce a model for helping us articulate unknowns in our knowledge and in projects.

+
+
Gurpreet Luthra
— + — + +14 min read +
+
+
+ +
+

Are You Telling A Story?

+

In this blog I share a few insights on how one can make presentations more memorable by harnessing the art of story telling.

+
+
Gurpreet Luthra
— + — + +6 min read +
+
+
+ +
+

12 Things I Learnt While Teaching Application Security

+

In this blog I share some fascinating learnings and resources I stumbled upon while being a trainer for Application Security 101 at ThoughtWorks.

+
+
Gurpreet Luthra
— + — + +12 min read +
+
+
+ +
+

Understanding Open Source Software

+

In this blog I explain what Open Source Software (OSS) means, a little about licenses, business models around OSS and why developers should contribute to OSS. In the end I provide a link to a podcast on Myths and Truths in Open Source Software.

+
+
Gurpreet Luthra
— + — + +12 min read +
+
+
+ +
+

Reduce Computer Eye Strain with F.lux

+

I have been using f.lux for over 3 years. This blog explains how and why I use this application to help reduce computer related eye strain.

+
+
Gurpreet Luthra
— + — + +2 min read +
+
+
+ +
+

Mars Rover Problem in Scala

+

Priyank Gupta wrote an excellent explanation on decoding ThoughtWorks coding problems with Mars Rover in Java as a sample. I re-wrote the solution in Scala.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

When Money gets in the way of Life

+

A dialog between a Human and a Doctor goes like this in most parts of the world.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

Every Single Retro

+

The definition of a retro can be captured easily by this poster.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

The Velocity Conundrum

+

Velocity! It's a term that has potentially confounded, frustrated and perhaps amused Agile practitioners and customers alike at some point. It's a concept that can be quite helpful though, when used accurately as a planning and estimation tool.

+
+
Gurpreet Luthra
— + — + +6 min read +
+
+
+ +
+

Podcasts I Love

+

This post is a list of podcasts I have really liked. I will update this post as I find more podcasts I like, so do consider bookmarking it.

+
+
Gurpreet Luthra
— + — + +3 min read +
+
+
+ +
+

I moved to Jekyll

+

My earlier blog on Google Blogspot hit a 100,000 mark. But I didn't like the way my blog looked. So I moved to Jekyll.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

Understanding Vagrant Boxes and VMs

+

Vagrant does a lot of things auto-magically under the hoods, and most of the times people are left confused when they want to delete or add boxes or VMs. I will try and explain the relationships between Base Boxes, VMs, Virtual Box Instances among other things, in this post.

+
+
Gurpreet Luthra
— + — + +1 min read +
+
+
+ +
+

Installing ThoughtWorks GoCD Server and Agent on a Digital Ocean Droplet

+

Pretty simple steps for installing GoCD on a Digital Ocean CentOS droplet.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

Building Applications for Multiple Countries and Languages

+

In this blog I attempt to explain the various practices I have found useful while developing applications which are i18n enabled.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

Way To A New Project

+

You move to a new project. Its exciting. It holds promise of something awesome (usually). You are ready to dive. You want to learn things fast. You want to contribute. You want to become effective. You want to be welcomed. And then maybe, become invaluable.

+
+
Gurpreet Luthra
— + — + +3 min read +
+
+
+ +
+

Difference between sorted, sortWith and sortBy in Scala

+

Scala collections provide you three options for sorting: `sorted()`, `sortWith()` and `sortBy()`. This blog explains the differences.

+
+
Gurpreet Luthra
— + — + +3 min read +
+
+
+ +
+

Using Capybara and Rspec assertions in Page Objects

+

In this blog I explain how using Capybara and Rspec, one can implement the page object pattern in Rails.

+
+
Gurpreet Luthra
— + — + + < 1 min read +
+
+
+ +
+

Vagrant: An interesting approach to setup development environments FAST!

+

If you have never heard of Vagrant, or are interested in understanding what is Vagrant, then this blog should be useful to you.

+
+
Gurpreet Luthra
— + — + +1 min read +
+
+
+ +
+

Recommended Readings for Lateral Dev Hires at ThoughtWorks -- An Unofficial Opinion

+

I asked a few of my colleagues on what they felt should be the minimum recommended reading list for Lateral ThoughtWorkers. This is what we all came up with.

+
+
Gurpreet Luthra
— + — + +1 min read +
+
+
+ +
+

POKA YOKE - Applying Mistake Proofing to Software

+

For years, automobile companies have utilized 'Mistake Proofing' as a technique for ensuring high quality, high speed manufacturing. This is also known as Poka-Yoke (in Japanese). This blog attempts to raise awareness (with examples) for the need of Poka Yoke in Software.

+
+
Gurpreet Luthra
— + — + +1 min read +
+
+
+ +
+ + ‹ Older + + +
+
+
+ + + + + + diff --git a/page2/index.html b/page2/index.html new file mode 100644 index 0000000..79961cc --- /dev/null +++ b/page2/index.html @@ -0,0 +1,157 @@ + + + + + + life-lessons.in — Adventures in Software and Life + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+
+
+

life-lessons.in

+

Adventures in Software and Life

+ + + + + + + + + + + +
+
+
+
Istanbul, Turkey
+ +
+
+ +
+

Web Vulnerabilities - Phishing, Cookies, XSS and CSRF

+

Helping you understand the basics of phishing, cookies, XSS and CSRF vulnerabilities

+
+
Gurpreet Luthra
— + — + +1 min read +
+
+
+ +
+

8 months at ThoughtWorks Pune

+

I joined ThoughtWorks, Pune in June 2011. 8 months ago. Previously I had worked with Persistent Systems, IBM Software Labs and Performix (a start-up). I would like to pen down my ThoughtWorks journey so far. Correction. Incredible journey.

+
+
Gurpreet Luthra
— + — + +1 min read +
+
+
+ +
+ + + + Newer › + + +
+
+
+ + + + + + diff --git a/presentations.html b/presentations.html new file mode 100644 index 0000000..9e4c911 --- /dev/null +++ b/presentations.html @@ -0,0 +1,225 @@ + + + + + + life-lessons.in — Adventures in Software and Life + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ +
+
+
+

life-lessons.in

+

Presentations

+ + + + + + + + + + + +
+
+
+
Prayer Bells, Dharamshala, India
+ +
+
+
+

+

Public Speaking and Sharing...

+ I enjoy sharing information on things I learn and do. Listed below are some of my recent presentations on + various Technical and Open Source topics. Most presentations need a voice over, since I am big + on visuals and keeping slides clutter free. If you have any questions about these topics, or + would like me to present them at your office, or a conference, I would be very glad to help out. +

+
+

+ +

Lessons from Deploying an EMR + in Rural India from Gurpreet + Luthra
+

+ +

+ +

Harnessing + The Power of CDNs from Gurpreet + Luthra
+

+ +

+ +

Poka yoke: The + Science of Mistake Proofing in Software from Gurpreet + Luthra
+

+ +

+ + +

Recipes for Continuous Delivery (ThoughtWorks Geeknight) from Gurpreet Luthra
+

+ +

+ +

Product management for open source software - Nandini Ravi and Gurpreet Luthra + from baconfblr
+

+ +

+ +

Humanitarian Open Source Software + from Gurpreet Luthra +
+

+

+ +

Web Vulnerabilities + - Building Basic Security Awareness from Gurpreet + Luthra
+

+ +

+ +

Bahmni - an open source hospital + system from Gurpreet + Luthra
+

+ +
+
+
+ + + + + + + diff --git a/publish-to-github.sh b/publish-to-github.sh new file mode 100755 index 0000000..62051ab --- /dev/null +++ b/publish-to-github.sh @@ -0,0 +1,6 @@ +JEKYLL_ENV=production bundle exec rake site:publish +git checkout gh-pages +git push website gh-pages:master --force +git checkout master + + diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..a6d647b --- /dev/null +++ b/robots.txt @@ -0,0 +1,3 @@ +# Comment the lines below to enable search engine indexing +# User-agent: * +# Disallow: / diff --git a/run-blog-locally.sh b/run-blog-locally.sh new file mode 100755 index 0000000..b8f6203 --- /dev/null +++ b/run-blog-locally.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +bundle exec jekyll serve