Android Security related tools
A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
Following is a collection of few tools that I am aware of.
Continue Reading →
Book Summary: The Start-Up of You
The book tries to reflect on individual’s professional growth in contemporary era of fickle employment guarantees.
The best part about the book is that it tries to offer pragmatic (as opposed to principled advice) regarding career development and branding.
Following is my short summary of the same,
- Avoid complacency: The world changes really fast, Detroit use to be what Silicon Valley is today but then it became complacent and has been reduced to abandoned buildings. People who become complacent with their skill set, would realizes that, it has become outdated. The book emphasizes that one must update his/her skill set (hard as well as soft) regularly.
- Competitive advantage: The authors rejects the theoretical notion of “inherent passion” and “static world”.
Since the world is dynamic, one cannot expect a fixed plan to work, the plan has to evolve as the world changes.
What you have Assets (qualitative skills as well as quantitive money/real estate) alone are not sufficient unless someone is willing to pay for them.
What you aspire to be Aspirations, its good to have but they must be realistic.
One has to see assets, aspirations and market realities in conjunction with each other and realize that all of them will evolve with time.
The author recommends that one should look around for a good opportunity with less competition than a great opportunity with extreme competition. - Plan to Adapt: Flickr was originally a game (Neverending) but then its photo sharing feature became popular than game, so, it transformed itself to a photo sharing site.
Make plans – be ready to change them as market demands – don’t make random changes make planned changes.
ABZ planning: Plan A (what you are doing right now), Plan B (pivot from A when it feels it might be better than A), Plan Z (fallback, if both A and B fail).
All plans should be explicit in terms of time.
Prioritize learning over making money and try learning by doing.
Avoid immediate gratification.
Try making small reversible bets (eg. trying out FOSS project on side related to any idea you might have) - Network: Understand the importance of network, put aside some time and money specifically to meet people, when trying to meet someone say “what you can do for him/her”, occasionally send mails to maintain the contact.
Have some core allies (who defend you and you defend them) and then have weaker ties surrounding the core - Pursue Breakout opportunities: Keep an eye around for breakout opportunities (random but can have huge impact on career)
- Take Intelligent Risks: Think about whether you can face the worst case scenario, also, don’t conflate uncertainty with risk (uncertainty is fine, risk must be accounted for). Its good to take regular small risks to avoid end up taking a much larger one later (several small shocks are better than a big one).
- Network Intelligence: Use your network for guidance along general as well as specific questions, schedule lunches with friends/people ahead of you/people in another interesting industry. Such non-specific conversations can lead to serendipitous intelligence.
Note: A more comprehensive summary from the official website.
Vivek Wadhwa: “The next Trillion Dollar Opportunities”
(Opinions expressed here are my understanding of Vivek Wadhwa’s opinion)
“The next Trillion Dollar Opportunities” (in this decade)
China’s manufacturing and India’s call center business is saturated.
PC industry is dead, Laptop is flat and mobile is going up.
Next trilion dollar opportunities
- Proactive health care
Preventive care is much cheaper.
Expect sensors everywhere (in toothbrush, tiolet, mirror etc.) to give info based on spotted symptoms.
IBM Watson is being trained on medical data.
Soon, nanobot’s will go inside body for drug release/monitoring. - Manufacturing
Robotics taking over (Baxter - 22K robot – will cost 1-2 $ per hour of work after that).
Manufacturing coming back to USA.
America is being automated. - 3D Printing
Current 3D printers 200 (low end) -1500$ (high end).
Expect prices.to go down to 200$ for high end in 5 years => house hold goods can be printed at home. - Finance
Square-like mobile payments exploding
Bitcoin carries a negative image, expect government backed digital currency soon.
mPaisa in Kenya – 60% of transactions via sms now (25% of Kenya’s GDP). - Transportation
Robotics drone going to take over for deliveries
Self-driving cars are imminent. - Computing
Big data
Internet enabled devices augmented by high speed internet (Google Fiber)
New UIs – touch based interfaces, augmented reaility (Google Glass) - Synthetic Biology
We are taking exponential (and not linear) steps in technology and humans are not good at predicting impact of exponential changes.
Grand Problems
- Energy
Solar energy ~ 10, 000 times total human energy consumption.
97% fall in solar energy prices in 35 years and its still falling, in 10 years, it will be grid parity
(Its already disel parity in India) - Water Shortage
Energy is free => Water distillation is free.
Dean Kaeman’s slingshot purifies water (it consumes less energy than hair dryer) - Education
More education is accessible online now, tablets provide easier/better access. - “In vitro” meat
Two silicon valley companies working on that. - Connected world
Better flow of information.
Helped in social revolution.
Beyond Numbers: Dealing with terrorism in India
Lets start with a small exercise.
Trying searching for List of Sept 2011 victims or for List of London Bombing victims.
In each case, more than half of results on first page lead to a list of names along with the photos and life stories of those people.
Now, trying searching for List of Hyderabad blast 2013 victims, a few results like this and this list the names of the people but where are photos and their life stories?
Try another search fo List of Mumbai attack 2008 victims, what do you get? a partial list from Telegraph, another list of just names from two circles and mid-day.
One can try doing more such searches and the difference will be immediately obvious. As a nation, India has reduced the terror victims to numbers.
And that has lead to one of worst forms of desensitization towards terror attacks.
Few months back, women were on streets in New Delhi not because “one” women was gang-raped [such "one"s happen just too often in the country/world] but because they were able to relate to the [unfulfilled] life story of “a girl born in poor family whose father sold his land so that, she can study. And she dare break the New Delhi’s norm of women not venturing after sunset.” As humans we learn to relate to other humans based on their life stories.
Imagine this for a while, rather than reducing the deaths to numbers, what if media had instead wrote about the “engineer from a poor family background who got recently engaged” [yes, I am making this up but such a real story won't be impossible to find in say, Hyderabad blasts].
The lack of these stories acts as boon for anti-nationals like Arundhati Roy who write editiorials supporting Afzal Guru [hanged for 2001 Parliament Attack] – notice the implicit “life story” of Afzal Guru in the article.
These anti-nationals are able to create well articulated life stories of these victims to which [people claiming to be] liberal/open-minded/forward-looking relate to.
When victims are reduced to numbers, we don’t see them as humans any more, we don’t think about the difficulties their immediate family members have to bear. No wonder Narasimha Rao [ex-Prime Minister of India] once said “It seems in this country only terrorists have human rights”. As India loses the intellectual battle against terrorism, losing the battle on ground is a natural outcome.
This also hits back India in terms of diplomacy and international image since foreigners would know bad as well as [sometimes completely fictional] good life stories about the terrorists-who-were-hanged but the terror victims will be reduced to numbers and forgotten.
If Govt. of India or Indian media can start compiling life stories of these victims, it can target all the above issues simultaneously. Indians will become more sensitive towards terrorist attacks, anti-nationals will lose their clout and foreigners will know more about lives of who died.
Random Thoughts: Rape and The Indian Blame Game
After Delhi gang rape case, there has been a sudden upsurge in traditional as well as social media over rape in India.
As usual in such cases, the initial reaction is to find someone to blame.
And in this case the onus of the blame has been put on
- Patriarchal Indian Society – without realizing that more rapes happen in not-so-patriarchal USA [read below]
- Indian masculinity - “who feel threatened by women asserting their indentity” without realizing that rapes happen even with infants, senior citizens, visually challenged, mentally challenged and homely women in conservative villages of Haryana to Kerala.
- Indian Police - as if police officials are omniscient and should be present before the crime happens
- Honey Singh - I am expecting a petition against Vatsyayana next
This blog post is a collection of thoughts about the same.
Book Summary: Breakout Nations by Ruchir Sharma
The book provides a nice summary of economic events of recent past (~50 years) and builds upon the case for coming 10 years.
The book is divided in 14 different chapters covering emerging and frontier (less liquid and smaller than emerging).
Book Review: The Tangled web
Just completed reading “The Tangled web: A guide to securing modern applications” by Michael Zalewski.
The book is surprisingly small given the amount of information it covers about interaction of web browsers, web sites and client-side web technologies.
The book starts with the discussion of what a valid URL could look like (http://yahoo.com:80@google.com/microsoft.com – think which site is being connected to here) and then discusses several fundamental building blocks of the modern web (like cookies) as well as standard technologies (like Flash) in depth. The issue of same-origin policy and how it differs from DOM to cookie to pseudo-urls is explained with amazing clarity.
One of the best things about this book is that it makes regular references to RFCs for authoritative answers and the corresponding deviant [and undefined] behavior implemented by the browsers.
The book also covers new (HTML5) security features in detail.
While reading the book, occasionally I felt information overload but I think the “Tangled web” and not the book “Tangled web” is responsible for that.
I would strongly recommend this book for anyone who deals with web[site] security as well as parsing HTML.
Disclosure: We both work for [different teams under] Google Security.
Book Review: Steve Jobs by Walter Issacson
The book is 50% story of Jobs and 50% history of the Valley.
From the beginning of Apple to it becoming the world’s most valuable company, book covers everything in depth (and is a bit too long)
Some of the key things in the book are Steve Job’s fruitarian diet, journey to India, love for absolute minimalism, extreme (positive as well as negative) treatment of employees, relation with Bill Gates (and Microsoft), battle with Google, battle with cancer and a strong belief that normal rules simply don’t apply to him.
The book covers a few major ideas including iTunes store (which brought music online), making of Toy Story, development of iPhone and iPad in detail.
At several points author clearly illustrates that Apple’s designers and NOT engineers make the rules. (eg. during iPhone 4 antenna fiasco)
Overall, it was a nice read (specially when read immediately after In the Plex about Google)
Book Summary: In the Plex by Steven Levy
An amazing book which describes Google’s journey right from its beginning in the Stanford dorm. The author interviewed several top echelons of Google and presented several interesting insider anecdotes and stories of Google.
The book provides details of major projects like GMail, Google Desktop, Google News and Google Toolbar, Google Books and (failure of) Orkut. It also describes the process of acquisition of YouTube, Blogger, Docs, GrandCentral and Double Click.
Following are the few salient points (Note: the book has many more interesting anecdotes which I am forced to skip here)
Female Foeticide
The first episode of Aamir Khan’s show Satyamev jayate raised issue of female foeticide in Rajasthan. While the show asked for stringent laws, it missed a few major reasons behind the same.