Friday, August 31, 2007

Security flaw on Webex

I was starting a meeting the other day on webexone and to my shock and amazement as soon as I gave the name of the meeting and clicked on "Start Meeting Now", I looked at the URL and I found my password there for all to see. Being an administrator of the account anyone getting this password could have pretty much done anything with the account.

This is quite a serious security flaw in webex and I hope they fix it soon.

Thursday, August 30, 2007

Summer internship

We at Inforica had an interesting summer this year. Three students had to do a summer project and I had a project that needed to be done for a local church.

As a first step a senior developer along with myself sat down and decided what the requirements, design and scope of the project should be. We then interviewed these students and realised that they did not know C# but they had an aptitude to compute. So we first gave them some assignments in C# which they quickly learnt and completed. We then trained them on the design of the application and gave them a sample page that made use of the design. We then asked them to code all the pages similar to the sample. We then told them to code pages that were a little different from the sample and in the end we asked them to code completely new stuff.

What was interesting and a great learning experience was that how 3 students who did not know C# were able to develop a production application in 6 weeks. You can read their blog Summer at Inforica to understand a little more about what they went through. Some of the learning's we took away are
  • It is very important to have very clear requirements and scope defined for the project. We did the mock ups of the pages using an application called axure and we wrote the help for the application explaining the flows and the fields using Html Help Wizard from Microsoft which comes bundled with Visual Studio 2005. This ensured that the requirements and the scope of the project was very clearly documented.
  • The architecture, both application and database should be documented with a sample application to show that it works and meets all the requirements. We did a prototype using the architecture and we developed the database architecture and gave it to them. This set a clear direction in how things had to be done.
  • Take them one step at a time through the initial pages. We used to have one hour sessions with them where we used to show them how each feature needed to be developed and then they would go and work on it themselves thus ensuring that they clearly understood how and why things were done that way. As they progressed in the project
  • Constant interaction and mentoring is needed to ensure that they are going in the right direction. To ensure this we used to have a one hour technical meeting almost everyday that ironed out any technical issues and we used to ask them to blog about the status they made each day and the issues that they were facing so that we could address them and this seemed to have worked very well.

On the whole it was an excellent learning opportunity for all of us to try out new things. We have already incorporated a lot of these learning's in the projects that we are currently doing and we can already notice the improvements in quality and delivery. Kiran the senior developer has blogged some of his experiences in his blog.

Wednesday, August 29, 2007

Bomb blasts again !!!

I was sitting at home watching a movie when I got a call from one of my friends asking me if I had heard the news about the bomb blasts. I was shocked when I heard it since Lumbini park would have been the kind of place I might have visited on a saturday evening (had it not rained) to go for a boat ride or to just hang around.

What I don't understand is, what do these terrorists have in mind? I believe every action has an intended goal or perceived benefit, but in this case I see none of it. When you bomb a religious site you are targeting a community, when you bomb a financial center you want to bring down the economy and so on. But when you bomb a park that most probably the terrorists themselves will visit with their family I am not sure what message they are trying to send and to whom. If the goal is to dissuade investors - then I don't think this bomb blast would have achieved that since they did not hit at where the investment is happening.

It is sad what they have done, they have made everyone very nervous to go anywhere or do anything. I was driving to office yesterday morning and I was thinking at the traffic signal - for all I know there might be a bomb here. The reason for this paranoia is because of this mindless blast. All they achieved is to make every single individual nervous and ensured that everyone will think twice before they visit a place that they want to have fun at.

This is a wake up call to our police to get out of the "kuch bi chalta hai" attitude and get a little more serious about our security. It is sad to see that out of a police force of 70000, 30000 of them are used for the security of our politicians - 296 MLAs and 92 MLCs (i don't even know why we have the MLCs) and the rest are to protect the population from such attacks. It is high time that they seriously look at this lop sided approach to security. Terrorism is here to stay and we have to live with it but if the police force does not instill a sense a confidence in dealing with such incidents then in the long run there is a price to pay.

Another sad thing that I watched is how the injured were treated. Why don't people understand that by standing around and watching all that they are doing is obstructing the injured from getting timely help. Why can't people who are not involved or related to the incident just leave? Why can't the police just clear out the effected area and make sure the right people are given access? Our police force needs to become more professional at handling these situations. They should learn to get to the crime scene quickly and secure the area. I saw no evidence of this. It took them almost an hour to achieve this from what I read in the papers and this is absolutely pitiful as I am sure we would have lost a lot of evidence and the injured also would not have got timely help.

Another sad thing that I read is about a man whose head was totally destroyed in the blast was made to wait for 2 hours on oxygen before the doctors attended to him in Osmania General Hospital. Osmania is the premier state run hospital in Hyderabad and they should know that the first few minutes after any injury is the most crucial time. It was sad that this lack of attention caused the man to pay a big price - his life.

Do we take life for granted in India? Are there so many people in India that live in poverty and hunger and dying of disease each day made us so unconcerned about death? If this is the situation then its a sad situation as a life is a life as precious as your own.

I hope and pray the following will happen
  1. We catch the criminals that did this - more for answers and closure to the whole thing.
  2. The police take protecting the citizen as important as protecting the politicians and are trained to handle crime scenes in a better manner.
  3. Our hospitals wake up to the reality of dealing with mass emergencies and providing quality health care as soon as possible.

Am I hoping for too much. I hope not !