Posted on: Wednesday, May 27, 2015 by Rajiv Popat
(And the Art Of Keep Sending Them Up)
Anyone who practices their craft fails. We'd all love to learn from other people's mistake, but when you become really good at something you slowly start experimenting with the basic laws of the field. The laws that not many before you have broken. Suddenly, you are in unchartered territories. The mistakes you make now are not mistakes that a lot of others have made; and there are not many examples to learn from. Your only option is taking small baby steps of experimentation and embracing failure when it shows up.
Awesome organizations and companies usually become awesome by embracing craftsmen who have the courage to charter into this unchartered territories, take calculated risk, sometimes fail and then look back and learn from the stories of these failures.
Most organization obsessed with the line of best fit may not directly fire someone for failing in a venture or a project, but penalties of failures are usually high in these cultures.
Fail a project once and see how your company quietly removes you from the next mission critical project the organization is going to take up. Go through a rough time in your personal life, slip up on a couple of tasks and see how the next collection of mission critical tasks are quietly and politely passed on to someone else.
Embracing failures and putting your trust on the best of your team members is not something that requires deep intellectual and philosophical conversations. Most of the times, a simple mind-set of "keep sending him up" is good enough:
Trust in the best of people you work with isn't conveyed by delivering talks of embracing failure in company get together and all-hands-meetings. This trust is often tested by how much responsibility you give to the best of your builders when they have failed colossally. The story Pixar and how Steve Jobs, Yet Catmull and John Lesseter put their faith in Brad Bird is a classic story of this trust rightly placed. Author Peter Sims tells the story in his book, Little Bets - How breakthrough ideas emerge from small discoveries. Peter explains:
Perhaps no story I heard about Pixar exemplifies the growth mind-set at the company as clearly as that of the making of The Incredibles. When Pixar recruited Brad Bird as a director, Bird was coming off directing a Warner Brothers film called The Iron Giant that was a box-office disappointment. Pixar, meanwhile, already had three big hits. Yet Catmull, Steve Jobs, and John Lasseter (Pixar’s creative lead) told Bird, "The only thing we're afraid of is complacency — feeling like we have it all figured out.
We want you to come shake things up. We will give you a good argument if we think what we’ re doing doesn't make sense, but if you can convince us, we'll do things in a different way , "Bird told Stanford professors Robert Sutton and Hayagreeva Rao. "For a company that has had nothing but success to invite a guy who had
just come off a failure and say , 'Go ahead, mess with our heads, shake it up'; when do you run into that?"
And this trust is not just about words and tag lines like 'shake it up'. It is about empowering your builders. And so when you do place this trust in your builders, they will in return expect that you put your money where you mouth is; just what Bird expected from Pixar:
Bird would soon test that invitation with his ambitious ideas for The Incredibles. His vision for the film had so many characters and sets that members of Pixar’s technical team believed it would take ten years and cost $500 million to make. "How are we going to possibly do this? " they asked.
But continue this trust and it is contagious. It even helps you find the rebels and the troublemakers in your own organization who have the potential to produce outputs your organization has never ever produced before. How the story of making of Incredibles ends is a classic example of this:
A determined Bird implemented a number of changes in Pixar's process in order to do so, from which Pixar learned a great deal. In order to help shake things up, one thing Bird did was to seek out people within Pixar whom he described as black sheep, whose unconventional views could help find solutions to the problems. "A lot of them were malcontents because they saw different ways of doing things," Bird said. "We gave black sheep a chance to prove their theories, and we changed the way a number of things are done here."
Among those changes, they altered the approach to storyboards and computer graphics standards. For example, they created what Bird called super elaborate storyboards that emulated camera movement to show which parts of the images of scenes needed to be perfect (e. g. , have fine-grained detail) and which ones didn't. This allowed the animators to focus their efforts more on the aspects of the movie that required the most attention, such as the action scenes, which were the primary drivers of the film's plot.
They eventually made the film for less money per minute than Pixar's previous movie, Finding Nemo, despite significantly more complexity, including three times as many sets.
"You want people to be involved and engaged," Bird said. "What they have in common is a restless, probing nature: 'I want to get to the problem. There's something I want to do. ' If you had thermal glasses, you could see heat coming off them.
The story is inspirational and like most stories of genuine builders it's not made up of deep philosophies. Just a simple idea of placing your trust in people who deserve your trust and empowering them to make a difference and then if they fail once in a while - keep sending them up there.
How does that stack up with your organization? How does that stack up with your own personal management style? How do you deal with otherwise immensely talented and hard working people in your team who are having a rough time in their lives or have just been hit by a colossal failure?
Do you write them off and in an attempt to replace them like a cog in a machine slowly hand over their responsibilities over to other cogs, or do you place your trust in them? Do you see them as losers or do you see them as individuals who are capable of listening to the stories of their own failures and learning from these stories?
In really simple words - do you keep sending them up there?
Because if you don't the loss is all yours - Your best builders are what makes or breaks your organization. Of course they can recover from failures, but when you start seeing them as losers because of a failure or two... eventually, both you and your organization loose.
Posted on: Monday, May 25, 2015 by Rajiv Popat
We live in a culture that celebrates success.
If you want to understand how biased we are towards success, ask a few candidates you interview these two questions and watch their enthusiasm take a nose-dive after sky-rocketing as they go from answering question one to answering question two:
- What were your three biggest achievements in your current organization?
- What were your three biggest failures in your current organization?
There is nothing inherently bad or demeaning about failing and yet every time people have to talk about their own failures they either go completely silent or go out of their way to sugar coat their responses. They edit the stories of their failures to either end with it wasn't my fault - or end with - things were out of my control.
But as a culture are we undermining the art of failing and in doing so missing out the remarkable outcomes well planned timely failures can create?
In his book Little Bets - How Breakthrough ideas Emerge from Small Discoveries, Peter Sims talks about the art of failing and why the art is so important:
Chris Rock has become one of the most popular comedians in the world and, while there is no doubt he has great talent, his brilliance also comes from his approach to developing his ideas. The routines he rolls out on his global tours are the output of what he has learned from thousands of little bets, nearly all of which fail.
Peter goes on to describe how Chris picks local small comedy clubs to practice his routines when he starts working on material for a new show. Peter describes how Chris goes from one local comedy club to another trying out new ideas and jokes most of which fall flat on their face and fail miserably:
In sets that run around forty-five minutes, most of the jokes fall flat. His early performances can be painful to watch. Jokes will ramble, he'll lose his train of thought and need to refer to his notes, and some audience members sit with their arms folded, noticeably unimpressed. The audience will laugh about his flops laughing at him, not with him. Often Rock will pause and say, "This needs to be fleshed out more if it’s gonna make it" before scribbling some notes.
He may think he has come up with the best joke ever, but if it keeps missing with audiences, that becomes his reality. Other times, a joke he thought would be a dud will bring the house down. According to fellow comedian Matt Ruby, "There are five to ten lines during the night that are just ridiculously good. Like lightning bolts. My sense is that he starts with these bolts and then writes around them."
What Chris Rock is doing is practicing the art of arriving at success through failure. Chris is failing early and he is failing often so that he would not have to fail on the big event in front of millions of people. Chris like most others who are really good at what they do has mastered the art of dissecting and analyzing his failures. Chris has mastered the art of listening to the stories his failures tell him and learn from those stories.
In his article Malcolm Gladwell talks about a similar method to find out how good surgeons really are:
Charles Bosk, a sociologist at the University of Pennsylvania, once conducted a set of interviews with young doctors who had either resigned or been fired from neurosurgery-training programs, in an effort to figure out what separated the unsuccessful surgeons from their successful counterparts.
He concluded that, far more than technical skills or intelligence, what was necessary for success was the sort of attitude that Quest has—a practical-minded obsession with the possibility and the consequences of failure.
"When I interviewed the surgeons who were fired, I used to leave the interview shaking,” Bosk said. “I would hear these horrible stories about what they did wrong, but the thing was that they didn't know that what they did was wrong. In my interviewing, I began to develop what I thought was an indicator of whether someone was going to be a good surgeon or not. It was a couple of simple questions: Have you ever made a mistake? And, if so, what was your worst mistake?
The people who said, 'Gee, I haven't really had one,' or, 'I've had a couple of bad outcomes but they were due to things outside my control'—invariably those were the worst candidates.
And the residents who said, 'I make mistakes all the time. There was this horrible thing that happened just yesterday and here's what it was.' They were the best.
They had the ability to rethink everything that they'd done and imagine how they might have done it differently.” - What this attitude drives you to do is practice over and over again, until even the smallest imperfections are ironed out.
The interview question isn't just for surgeons. It works for programmers (and most other fields) too. The old proverb that 'failures are pillars of success' is such a cliché. Your failures by themselves say nothing about your success; but they do tell a story that can take your life from the bad side of the line of best fit to the side where amazing outliers sit.
How intently you listen to the story of your failure and learn from it, decides which how quickly you shape a successful story of your work-life. So go on, fail early, fail often. Then reflect on and listen to the stories of your failures (both big and small) and use these to write the story of your success.
Oh and the next time you have to tell your stories of failure, be bold, be open, be unashamed and be elaborate because that will tell us that you're intently listening to and learning from the stories your failures tell you and that, is a good thing.
Posted on: Friday, May 22, 2015 by Rajiv Popat
While I was growing up, I was often called and classified as an introvert. Growing up as an introvert can be hard. You're constantly struggling with the rest of the world's pre-conceived notion of what smart means and bewildered by how the world confuses 'loud' for 'smart'.
I was that typical nerd, who enjoyed the company of a very select group of friends, intellectual conversations and solitude. Back then, I was also trying to fit in with the world's definition of a healthy teen who is loud and has a lot of equally loud friends. Those were difficult times and I have few fond memories from my school life back from those days.
But then something completely magical happened.
My dad got me a computer.
Like most geeks and programmers I fell in love with the machine the second I laid my hands on it. Jeff Atwood's description of what attracts programmers to lure of code more than articulately describes why I was attracted to the world of programming.
Like many programmers, I was drawn to computers as a child because I was an introvert. The world of computers – that calm, rational oasis of ones and zeros – seemed so much more inviting than the irrational, unexplainable world of people and social interactions with no clear right and wrong. Computers weren't better than people, exactly, but they were sure one heck of a lot easier to understand.
For me code was a way to exercise my brain in solitude without worrying about the complications of social interactions. Code for me, was also a way to connect to fellow introverts who were interested in a language / means of communication that relied on productive outputs more than it relied on emotions.
Code for me; was a platform that allowed you to go into your cave, practice your craft without the fear of hurting someone or rubbing someone the wrong way. You could be wrong as many times as you wanted to and the compiler would neither laugh at you nor judge you. And then when you were right and done; and had something cool to share you could come out and connect to other fellow introverts and get their complete undivided attention.
Suddenly, what you lacked in talent, smartness, or loudness - you could make up for with intensity and hard work. In a GW-Basic compiler I found my first experiences of flow and in other fellow Geeks and Programmers I found a sense of community.
Not to mention that same code allowed me to connect to extroverts too. Extroverts (the 'distant relatives', that cool acquaintance, the 'business guys' and the MBA's) who wanted things built but didn't have the time, or the patience, or the intensity to sit and interact with a compiler for hours or quietly read a book on computer programming for days to pick up a new programming language. I was their go-to-geek for getting things built (and I even fixed their computers for free).
In the end it all worked out well and I was fortunate enough to land in the right profession and find my true self through the work that I do. I like to think of it as divine intervention - and make no false pretenses of having a plan to chase my passion. But in the end, in spite of being an introvert at heart I was able to be in a field of work that I love, have a community of very close friends, travel around the world, meet and work with really smart programmers in different cultures, connect with really smart people and speak at multiple programming events around the globe.
Years later, going through Susan Cain's book and her TED Talk was like a flashback of my own confused childhood. She narrates a story that most introverts would be able to connect to and relate with:
When I was nine years old, I went off to summer camp for the first time. And my mother packed me a suitcase full of books, which to me seemed like a perfectly natural thing to do. Because in my family, reading was the primary group activity. And this might sound antisocial to you, but for us it was really just a different way of being social. You have the animal warmth of your family sitting right next to you, but you are also free to go roaming around the adventure land inside your own mind. And I had this idea that camp was going to be just like this, but better. (Laughter) I had a vision of 10 girls sitting in a cabin cozily reading books in their matching nightgowns.
Camp was more like a keg party without any alcohol. And on the very first day, our counselor gathered us all together and she taught us a cheer that she said we would be doing every day for the rest of the summer to instill camp spirit. And it went like this: "R-O-W-D-I-E, that's the way we spell rowdie. Rowdie, rowdie, let's get rowdie." (Laughter) Yeah. So I couldn't figure out for the life of me why we were supposed to be so rowdy, or why we had to spell this word incorrectly. (Laughter) But I recited the cheer. I recited the cheer along with everybody else. I did my best. And I just waited for the time that I could go off and read my books.
Susan goes on to describe how our culture went from giving a lot of importance to Character, to giving a lot of importance to personality and how our self help books went from having titles like "Character, the Grandest Thing in the World." to having titles like "How to Win Friends and Influence People." - in other words, how we moved from being a culture that appreciates depth to being a culture that appreciates loudness and salesmanship.
Both in her book and her talk Susan busts the typical stereotypes that surround Introverts; the biggest one being that introverts don't have a lot of friends. She explains:
My grandfather was a rabbi and he was a widower who lived alone in a small apartment in Brooklyn that was my favorite place in the world when I was growing up, partly because it was filled with his very gentle, very courtly presence and partly because it was filled with books. I mean literally every table, every chair in this apartment had yielded its original function to now serve as a surface for swaying stacks of books. Just like the rest of my family, my grandfather's favorite thing to do in the whole world was to read.
But he also loved his congregation, and you could feel this love in the sermons that he gave every week for the 62 years that he was a rabbi. He would take the fruits of each week's reading and he would weave these intricate tapestries of ancient and humanist thought. And people would come from all over to hear him speak.
But here's the thing about my grandfather. Underneath this ceremonial role, he was really modest and really introverted -- so much so that when he delivered these sermons, he had trouble making eye contact with the very same congregation that he had been speaking to for 62 years. And even away from the podium, when you called him to say hello, he would often end the conversation prematurely for fear that he was taking up too much of your time. But when he died at the age of 94, the police had to close down the streets of his neighborhood to accommodate the crowd of people who came out to mourn him.
In her book Susan illustrates how a lot of such stereotypes about introverts are completely untrue and baseless. Another point she makes may sound simple but is a rather compelling one - While our culture celebrates the extroverts, we need to realize that there is no correlation between being the best talker and having the best ideas.
The extroverts may get the most attention of the teachers but research seems to show that the introverts get better grades. In a world where one third to a half of the population consists of introverts, instead of trying to train our introverted kids to pretend like extroverts in summer camps we may be better of training them how to embrace their own introverted natures, go out into their own caves, work on their ideas and then let them share those with the world when they are ready and comfortable.
She ends the talk with three calls to action which every school, company and manager should take a note of:
Number one: Stop the madness for constant group work. Just stop it. (Laughter) Thank you. (Applause) And I want to be clear about what I'm saying, because I deeply believe our offices should be encouraging casual, chatty cafe-style types of interactions -- you know, the kind where people come together and serendipitously have an exchange of ideas. That is great. It's great for introverts and it's great for extroverts. But we need much more privacy and much more freedom and much more autonomy at work. (In) School, (we need the) same thing. We need to be teaching kids to work together, for sure, but we also need to be teaching them how to work on their own. This is especially important for extroverted children too. They need to work on their own because that is where deep thought comes from in part.
Number two: Go to the wilderness. Be like Buddha, have your own revelations. I'm not saying that we all have to now go off and build our own cabins in the woods and never talk to each other again, but I am saying that we could all stand to unplug and get inside our own heads a little more often.
Number three: Take a good look at what's inside your own suitcase and why you put it there. So extroverts, maybe your suitcases are also full of books. Or maybe they're full of champagne glasses or skydiving equipment. Whatever it is, I hope you take these things out every chance you get and grace us with your energy and your joy. But introverts, you being you, you probably have the impulse to guard very carefully what's inside your own suitcase. And that's okay. But occasionally, just occasionally, I hope you will open up your suitcases for other people to see, because the world needs you and it needs the things you carry.
So every now and then, when you come across an article or two that tries to convince you that One is the loneliest number - also realize that sometimes, there is nothing wrong with going into the wilderness to practice your craft - as long as you eventually come back and share your new found insights with your tribe in your very own soft introverted voice. After all, you don't always have to be loud to be heard.
Posted on: Wednesday, May 20, 2015 by Rajiv Popat
What's the most common career advice that most middle aged successful individuals dispense out to their younger generations today? Find what you love doing and start doing it (even if that involves dropping everything else you are doing).
In 2005, when Steve Jobs took the podium at Stanford to give his commencement speech he offered similar advice to hundreds of young students gathered there to listen to, cling on to and learn from each word Jobs spoke. Jobs concluded his remarkable speech with the ending:
You’ve got to find what you love…. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking, and don’t settle.
The video went viral on YouTube and while the most of us (me included) were clinging on to every word of the speech Jobs gave, following his advice, Cal Newport was actually questioning Steve's advice and the passion hypothesis.
In his book So Good They Can't Ignore You Newport explains the basic idea behind Passion hypothesis and how it's a de facto career advice in today's world. He explains:
The key to occupational happiness is to first figure out what you’re passionate about and then find a job that matches this passion.
This hypothesis is one of modern American society’s most well-worn themes. Those of us lucky enough to have some choice in what we do with our lives are bombarded with this message, starting at an early age. We are told to lionize those with the courage to follow their passion, and pity the conformist drones who cling to the safe path.
If you doubt the ubiquity of this message, spend a few minutes browsing the career-advice shelf the next time you visit a bookstore. Once you look past the technical manuals on résumé writing and job-interview etiquette, it’s hard to find a book that doesn’t promote the passion hypothesis.
These books have titles like Career Match: Connecting Who You Are with What You’ll Love to Do, and Do What You Are: Discover the Perfect Career for You Through the Secrets of Personality Type, and they promise that you’re just a few personality tests away from finding your dream job. Recently, a new, more aggressive strain of the passion hypothesis has been spreading—a strain that despairs that traditional “cubicle jobs,” by their very nature, are bad, and that passion requires that you strike out on your own. This is where you find titles like Escape from Cubicle Nation, which, as one review described it, “teaches the tricks behind finding what makes you purr.”
These books, as well as the thousands of full-time bloggers, professional counselors, and self-proclaimed gurus who orbit these same core issues of workplace happiness, all peddle the same lesson: to be happy, you must follow your passion. As one prominent career counselor told me, “do what you love, and the money will follow” has become the de facto motto of the career-advice field.
What I really like about Cal Newport's writing is is ability to ask questions. When all of us are swayed with the herd mentality of following well meaning advice provided by a legend like Jobs, Newport is asking more fundamental questions like - Did Jobs really become famous by what he is asking us to do, or was there more to his success than finding what he loved doing and not settling? Newport explains:
If you had met a young Steve Jobs in the years leading up to his founding of Apple Computer, you wouldn’t have pegged him as someone who was passionate about starting a technology company. Jobs had attended Reed College, a prestigious liberal arts enclave in Oregon, where he grew his hair long and took to walking barefoot. Unlike other technology visionaries of his era, Jobs wasn’t particularly interested in either business or electronics as a student. He instead studied Western history and dance, and dabbled in Eastern mysticism.
Jobs dropped out of college after his first year, but remained on campus for a while, sleeping on floors and scrounging free meals at the local Hare Krishna temple. His non-conformity made him a campus celebrity—a “freak” in the terminology of the times. As Jeffrey S. Young notes in his exhaustively researched 1988 biography, Steve Jobs: The Journey Is the Reward, Jobs eventually grew tired of being a pauper and, during the early 1970s, returned home to California, where he moved back in with his parents and talked himself into a night-shift job at Atari. (The company had caught his attention with an ad in the San Jose Mercury News that read, “Have fun and make money.”)
During this period, Jobs split his time between Atari and the All-One Farm, a country commune located north of San Francisco. At one point, he left his job at Atari for several months to make a mendicants’ spiritual journey through India, and on returning home he began to train seriously at the nearby Los Altos Zen Center.
Calport's point is a rather compelling one. Steve Jobs didn't start apple with the passion of changing the computer industry for ever or as he was so often known to say - 'make a dent in the universe'. Jobs saw an opportunity and placed a small bet. As Calport explains:
I tell this story because these are hardly the actions of someone passionate about technology and entrepreneurship, yet this was less than a year before Jobs started Apple Computer. In other words, in the months leading up to the start of his visionary company, Steve Jobs was something of a conflicted young man, seeking spiritual enlightenment and dabbling in electronics only when it promised to earn him quick cash.
It was with this mindset that later that same year, Jobs stumbled into his big break. He noticed that the local “wireheads” were excited by the introduction of model-kit computers that enthusiasts could assemble at home. (He wasn’t alone in noticing the potential of this excitement. When an ambitious young Harvard student saw the first kit computer grace the cover of Popular Electronics magazine, he formed a company to develop a version of the BASIC programming language for the new machine, eventually dropping out of school to grow the business. He called the new firm Microsoft.)
Jobs pitched Wozniak the idea of designing one of these kit computer circuit boards so they could sell them to local hobbyists. The initial plan was to make the boards for $25 apiece and sell them for $50. Jobs wanted to sell one hundred, total, which, after removing the costs of printing the boards, and a $1,500 fee for the initial board design, would leave them with a nice $1,000 profit. Neither Wozniak nor Jobs left their regular jobs: This was strictly a low-risk venture meant for their free time.
From this point, however, the story quickly veers into legend. Steve arrived barefoot at the Byte Shop, Paul Terrell’s pioneering Mountain View computer store, and offered Terrell the circuit boards for sale. Terrell didn’t want to sell plain boards, but said he would buy fully assembled computers. He would pay $500 for each, and wanted fifty as soon as they could be delivered. Jobs jumped at the opportunity to make an even larger amount of money and began scrounging together start-up capital. It was in this unexpected windfall that Apple Computer was born. As Young emphasizes, “Their plans were circumspect and small-time. They weren’t dreaming of taking over the world.”
Where Steve Jobs excelled however, was in the sheer amount of determination, hard work (and maybe even) passion that he threw at that bet when he saw just how huge a potential the small bet had. But Steve Jobs didn't start with passion and didn't go around looking for a field of work that would check-off all items on his passion checklist. If he did, he wouldn't have founded Apple computers.
Job's life, at that time, resembled the life of a young conflicted seeker trying out lots of things rather than a man with a passion for one thing and a plan to execute that passion.
In the book Newport also talks about the perils of this passion mindset. Entrepreneurs who listen to the whole "follow your passion" and "be courageous" advice and leave their jobs too early and half prepared only to follow their passions often tell a similar story. The story in most of these cases has a tragic end. The book tells a few of these stories and then offers really solid advice that teaches you to learn from what Steve Jobs and other successful masters of different professions do and not what they say you should do.
There are deep ideas in the book. Ideas of how you can gather career capital in your own craft by thousands of hours of deliberate practice and become so good at it that the rest of the world cannot ignore you. Ideas of how you try out different passions and place lots of small bets. The book also covers some basic laws like:
The law of financial viability, which says you should only pursue a bid for more control if you have evidence that it’s something that people are willing to pay you for.
The book is a must read for anyone who has ever thought of, or is thinking about going on their own, getting more control of his / her work life and anyone who has had that urge to follow-their-passions and muster-more-courage to take the plunge.
The take away? Passion is overrated and dreams that materialize have many more secret ingredients than just having the courage to follow your passion. And in today's world these ingredients are just as important as passion even when no-one seems to be talking about these ingredients.
Go read the book. If you're not a reader, you can see Newport's Video on the topic where he talks about how you should learn from What Steve Jobs did, not what he said. Maybe it's about time you stop listening to de facto career advice every time you are offered a single, one size fits all, recipe for success. Maybe it's time you grabbed a copy of the book. Maybe it's time you started asking your own questions every time a self help guru tells you about the virtues of having the courage to follow your own passion. Maybe it's time to stop worrying so much about passion and focus on becoming so good that the world literally cannot ignore you.
Posted on: Monday, May 18, 2015 by Rajiv Popat
In my book I talked about just how different reality is from what we see on screens and television. Television pushes drama which sells over-priced pop-corns in theaters but doesn't make awesome careers.
I've written about that in a post too.
Today's post is about Hackers and how real life ethical hacking is different from the hacking you see on Television.
The stories we tell in Television often end with the hacker flipping keys at a couple of hundred wpm's and then raising his arms in glory when he yells "YES!" - he is in the system - he has broken the code.
And he lives happily ever after basking in the glory of new found fame and money.
In the real life however, most complications in our industry begin at precisely the point when our movie hero waves his hand in the air and yells "yes!" - especially if you are a hacker who has an ethic and wants to do the right thing.
Shubham discovered this hard reality with his experience with Ola Cabs - one of India's biggest startups:
I was working on a small side project in which I was monitoring my phone traffic. For this purpose I used MITM Proxy, which is a very light console based proxy server. As I was booking my cab I saw Ola API calls. The structuring of the API calls attracted my attention. Something was amiss here.
These calls were simple HTTP requests without any OAuth token mechanism or any other encryption to guard the APIs. One can easily replicate these calls from a console or by simply using Chrome.
The approach that Subham describes in his article is straight and simple. Interception and then impersonation of calls that you can do with any proxy of your choice. It's not the super intelligent hack that takes a Hacker sleepless nights to solve. Ola's systems were wide open waiting to be hacked literally inviting anyone who had the time and the most elementary tools for fiddling with HTTP Calls. All Shubham had to do was accept the invitation.
Shubham did experience his first rush of adrenaline after breaking into Ola's systems:
In few seconds I received a message on my phone, confirming the recharge and I was like YESSSSSS……..its done!!! I just cannot express what it was like. I just fooled one of the biggest startups with millions in funding.
But the rush soon wore off and like a responsible Hacker Shubham reported the whole episode to Ola, only to receive a "canned" response from the Ola Security Team:
We would like to take this opportunity to "Thank You" for doing a Responsible Disclosure of the bug you found to Ola.
We appreciate the concern and will try to get the bugs fixed ASAP and will keep you posted for the same.
No bounties, no recognition. If this was a movie it would end with the hero raising his hands in the air and going "Yes!" - In the real world, when Shubham tried to do that, Ola basically turned to him and said, "So What? Big Deal!".
Shubham explains his frustration with the entire episode of trying to push Ola to close a potential security threat in their own system:
1,2,3….7 days i.e. one week was over and there was no response, maybe they were busy talking to cabbies. I talked to my senior management and told them about this. They were very supportive and professional about this episode. They helped me report this issue to the management of Ola and even sent a mail to the CEO with all the details and findings of that hack (not boasting but it was a hack).
A few days later, one of their security people replied. It went something like this:
Thanks for reporting this issue to us, we will fix this and will keep you updated.
Almost a month and a half month later, I’m still waiting for a reply or an acknowledgement.
Shubham had figured out a way of hacking one of the biggest startups of India and literally steal money for cab rides. For someone who is not a professional hacker this was huge. He had gone to Ola and had reported the hack like a responsible law abiding citizen. In return Shubham was getting nothing. No Bounties, No real appreciation. No acknowledgement of just how open their systems are!
If you think Ola's cold response to people who report security hacks is reflection of how Indian companies react to security, Kamil Hismatullin bagged a mere 5000$ + 1337$ for reporting a security hole in YouTube that would have given the hacker the rights to delete any YouTube video. The only bright side of the story in this case however was that Google fixed the issue in a matter of hours. Kamil writes off the entire episode and his mere bounty with a humorous remark:
"I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post. "Luckily no Bieber videos were harmed."
Bounties were a little larger in case of Facebook though which rewarded the hacker 12,500 dollars for reporting a hack that would allow anyone to delete any picture from any face-book profile.
While some choose to turn a blind eye to security, others pay out small bounties, but the actual rewards of ethical hacking seem nowhere close to what should be paid out for these vulnerabilities; both in terms of recognition and price; even if you manage to hack an Ola, a Google or a Facebook!
The point? While ethical hacking can be fun and maybe the best in the world can afford it - but generally, the importance we as an industry give to security vulnerabilities in our code, makes ethical hacking more of a life-style than a career.
To put it simply, our systems are secure, not because the code that we, as an industry, write is secure but because the effort to break our systems just happens to outweigh the rewards we are willing to give out for breaking our systems.
Is that true security? Or is that just an illusion of security? And if it is just an illusion of security, isn't that far more dangerous than no security at all?
Posted on: Monday, May 11, 2015 by Rajiv Popat
You've worked hard. You've put in the hours, the sweat and the blood. You crossed the 80% mark with relentless effort and you shipped like an artist. You even went and hired the Marketing Weasels who tried to manipulate your customers. But your sales are barely trickling in.
You're starting to learn the hard hitting reality of life - No-one cares about you or your product.
Ash Ambirge explains this very articulately in her rather interesting blog with an equally interesting name :
When you’re selling yourself, it’s easy to think that your name is what matters to the customer. You tell prospects all the things that YOU’VE done and all the things that YOU think and all the things that YOU suggest and all the reasons why YOU are the best.
But guess what? Nobody gives a shit about you. What they care about is themselves–because we’re human, and that’s what humans do. And therefore, the most important thing to them is THEIR OWN NAME. How is your product, your service, your widget…going to help them make their name?
Whatever story you tell, it should never be yours – it should be theirs.
She goes on to explain this using a Nike Advertisement and why Nike makes an Ad that looks like:
And not like:
In the end Ash leaves you with an action item:
Your homework: Look at whatever you’re selling. Print out your sales page, your description, your whatever you’ve got. Go through the print out with a big red pen, and circle every place that you use the words our, my, mine, us, we, me, I.
So go on, crawl your corporate website and see if you can replace words like our, my, mine, us, we, me and I with a 'you' or 'your' - or better still, weave a remarkable true story of how your product helps your users and how it changes, transforms or simplifies their lives.
The next time you copy write for a new product, take a note of how your brain tempts and tricks you into telling your own story instead of making it their story.
Give in to that temptation and you'll realize why even if you build it, they won't come.
Fight that temptation and they may still not come, but being able to tell 'their' story will actually help you build a better product, a better story, a better team and a better organization that truly cares about it's customers.
After all, they are your allies and if they win, you do too.
Posted on: Friday, May 08, 2015 by Rajiv Popat
Shawn Achor, in his witty, compelling, funny and engaging TED talk demonstrates this completely made up chart:
One of the first things we teach people in economics, statistics, business and psychology courses is how, in a statistically valid way, do we eliminate the weirdos. How do we eliminate the outliers so we can find the line of best fit? Which is fantastic if I'm trying to find out how many Advil the average person should be taking -- two. But if I'm interested in your potential, or for happiness or productivity or energy or creativity, we're creating the cult of the average with science.
The study of that one Outlier on either side of "the average" always tells a valuable story and provides deep insights.
Want to track the performance of your IT support team? The fact that 99% of your support tickets meet an SLA tells you nothing. That one ignored ticket that sat unattended for 3 months shows you bottlenecks in your department.
Want to improve your development practices? The fact that 99% of your customers did not have any escalation last month means nothing. That one team that's quietly shipping remarkable products that customers love deeply year-after-year may have something the rest of your organization can learn from.
Most so called leaders out there like to wear suits, get on stages and talk about the 99 percent that confirm to the line of best fit. But real change happens when you take off those suits get down in the trenches and analyze that one extreme Outlier on either side of average.
The question isn't if these outliers provide you new insights and bring you stories you should be paying attention to. The question is, do you even care about these outliers or do you seek comfort in the cult of the average?
Posted on: Saturday, April 04, 2015 by Rajiv Popat
I recently wrote a book on how we as professionals need to stop whining and start focusing on developing our skills.
One data point that I obtained for the book (but didn't quite include in the book because it was too programmer centric) was based on 22 job interviews for programming positions I conducted for one of my clients over a period of two months.
Though this is hardly a considerable sample size, it did reveal some interesting facts about programmers. There were two seemingly disconnected questions that we asked at completely different moments of time during the interview:
- Talk about a few things in your current organization or manager that you don't like / aren't happy with.
- Solve a simple programming problem (one that was much easier than the famous Fizz Buzz problem).
The goal was to study the correlation between whining and coding abilities. Here's a subset of the data we collected (of course I wasn't carrying stop watches in the interviews so the minutes have been rounded up to an interval of 1):
Even though there are some exceptions in the above data set if you look at the graph what's evident is that there seems to be a strong co-relation between whining and being able to solve ridiculously simple programming problems.
That was interesting. But what was even more interesting was the actual program the candidates were being asked to solve. If Jeff Atwood wonders why programmers can't program, when they can't solve Fizz Buzz; here's a problem that is much more easier than Fizz Buzz and yet:
- About 14% just couldn't solve the problem in less then 10 minutes - which is when we moved on to the next question.
- About 40% took more than 5 minutes to solve the problem and / or had to be corrected more than once.
- Only about 14% could solve this problem in 2 minutes or less.
- About 82% had to be corrected at-least once before they solved the problem. (which means they actually got it wrong the first time around!)
And the problem they were solving?
Print 100 to 1.
That was the question.
You need to start with "for(int i=0;" and continue from there - you cannot write anything before "for(int i=0;" and you can't use two loops.
[Update: This is supposed to be a code snippet which already exists inside a function, so you can safely assume that inclusion of headers and declaration of the functions etc. is already done for you and you don't need to worry about that.]
Go ahead. Try it out. The answer really won't take you more than 2 minutes and should not take more than 4 lines of code including the curly braces but you can write as many lines as you want.
If you get the right output without mistakes in a reasonable amount of time we consider the answer correct.
Go on. Try it. And once you've solved it - go on and make it a part of your interview process and see countless programmers fumble, take really long pauses, struggle and even give up on the question.
Personally, I came across two programmers who said they could not do it because the question was too complicated after over 10 minutes of struggling with the problem.
While this little experiment establishes correlation between whining and skills it doesn't establish any causation. In other words the data doesn't really tell us if programmers whine because they just don't have the skillsets to do their job, or programmers don't have the skillsets to do their job because they whine.
Maybe our programmers are not skilled because they whine a lot or maybe they whine a lot because we've lowered our bars of what we expect from our programmers and don't demand or challenge them enough to even practice the most basic programming skills.
Either ways the sad reality of where the IT industry stands today is that you don't even need Fizz Buzz to differentiate a
bad non-programmer from a good one - Just asking them to print 100 to 1 is usually good enough.
[Update: A lot of folks seemed to get an idea that this is a black and white question and that you can make a hiring decision based on this. It's not. But it does give you an important data point to evaluate someone. For example, if someone clears this question and then fumbles at other basics it might be a reason to not hire him / her. At the same time if someone doesn't answer this and go on to answers other complex algorithmic questions really well, you may decide to hire him / her. Putting the candidate at ease is also important here. The candidates should not be asked or pushed to solve the question in less than 2 minutes. The goal here isn't to stress out the candidates. The goal is to watch them think about and solve a simple problem. Merely present the problem to them and watch their approach and time taken. Couple that up with their tendency to whine and the question provides some very useful insights about a person's approach towards solving problems and their ability to ship.]
[Update: Thanks to the folks who were rightly annoyed by the confusing visualization / chart done in the original post and pointed out how confusing that data visualization was. Special thanks to Jacob for creating the scatterplot using the same dataset. Post updated with the scatterplot.]