Laravel Forge: Preventing Queue Contamination In Shared Redis Queues

Laravel queued jobs are one of the many things that make developing with Laravel a breeze. If you use Forge, things get even easier as you get a pretty UI to configure your queues.

This works quite well if you have only one instance of an app running on the server. Most applications run this way, with a dedicated instance powering a single staging or a production environment.

In such situations, the queue names are of no great consequence as the production server will contain only production data, staging servers contain only staging data and so on and so forth.

The trouble starts when you have a shared instance that hosts both production and staging. In such a scenario, if you add jobs to the ‘default’ queue, it may wind up causing two different problems.

  1. The model ID that you are working on may not exist if the worker that processes the job is from the wrong instance. This will cause the job to fail.
  2. The model ID may overlap with an existing model ID on the wrong instance and you may wind up performing actions on the wrong model. This problem is far more dangerous.

Laravel Forge has an ‘environment’ option in the worker configuration screen, but I have not been able to figure out what that actually does. Additionally, I feel safer having different dedicated queues for each environment than handle the context within the worker.

The easy workaround is to have the queue names set as environment variables and then set up the workers with the correct queue names, depending on the environment.

When you dispatch the job, you will call the queue name from the environment value:

CreateJobsFromMasterQueue::dispatch($this)->onQueue(env('APP_QUEUE_JOBSMASTER'));

The queue name is defined in the .env file. This allows us to have different queue names for different environments.

APP_QUEUE_JOBSMASTER=localJobsMaster

You do have to keep in mind that libraries may choose to fallback to the ‘default’ queue. Spatie’s Laravel Medialibrary does this. In such scenarios, you have to publish the configuration file to override the default and provide the correct queue name for it.

Update: May 16, 2019

To work around the problem of the default queue being used by most code. You have to edit the config/queue.php file.

'queue' => env('APP_QUEUE_DEFAULT', 'default')

The above change allows for default queues to be customized.

Filed under: TechnologyTagged with:

The Best Jack Dorsey Interview

As a Twitter user now of over a decade, the platform and how it is run is something that interests me tremendously and, as a consequence, what the CEO of the company @jack has to say about it matters a lot. Unfortunately, most interviews of Jack wind up being done from a perspective of the business (how do they intend to compete with Facebook) or the political aspects of it. 
I’ve been a listener of Sam Harrispodcasts for a while now. They are long, ruminative and opinionated in a manner that makes you want to find out more as a means to making yourself better informed. Which also means that there is much to disagree with Sam; while agreeing with and learning a lot from other parts of what he says. And his podcast with Jack Dorsey (or, ‘interview’ as the old timers like me would call it), is a one of the best I have heard on Twitter. Strangely, Sam says at the beginning of the podcast that he thinks it could have been a lot better and I do disagree with him there.
The conversation shines a light on some of the mysterious aspects of Twitter, the most controversial of which is shadow-banning, which all sides of a divide in an argument believes to be biased against them. In the interview, Jack elaborates a bit on that specific action and clarifies that doing that to someone is the outcome of a series collection of actions made by the offending account rather than it being a case of a solitary action that resulted in the shadow-ban.
There is a also a fair bit of time spent on acknowledging how these platforms help create the dangerous filter bubbles and how they do not yet have the means to fix it.
I don’t really think that we can fix filter bubbles with existing technology. Particularly, because the tech often tries to mimic what we do otherwise; just that it does the filtering far more efficiently than we can accomplish on our own.
Listen to the entire episode for quite an interesting conversation.
 

Filed under: Internet, Social, Technology

Alternative Way To Create Multi-Site Setups With Laravel With A Single Codebase

Even though you can easily point multiple domains at a Laravel installation, sometimes you want the sites to share different routing and controller logic, depending on the domain name the application is being served from.
One obvious way to do this would be to use middleware to examine each request and handle the logic according to your needs, but that can get tedious.
The other, simpler way, is to modify the app/Providers/RouteServiceProvider.php file and change the logic for mapApiRoutes() and mapWebRoutes().
You will need to fetch the hostname for the request from the request() helper  and include the appropriate route for that.
$http_host = request()->getHttpHost();
This can create a two inter-related issues:

  1. Named routes are not shared in the application. So, if you have a named route called ‘blogs.index’ in one route mapping and it is missing in the other, you will not be able to call the ‘blogs.index’ route from the latter. This will lead to a bit of duplication of route names where it is needed, but it is worth the trade off.
  2. As a consequence, if you use an accessor with a named route in a model (example: $post->url which is the getUrlAttribute() method in the Post model), you have to make sure either the route names are duplicated between the routes or check for the host name to see which name to call.

 

Filed under: TechnologyTagged with: ,

Paper Summary: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos

Attempting something different here. I’ll try to summarize research papers once in a while.
Caveats:
1. I’m not on an expert on anything. So form your own conclusions.
2. These papers are often studies that have very narrow, clearly defined scopes. Don’t automatically apply the same conclusions over wider scopes.
3. I’m presenting my point of view. Don’t mistake them for anything else.
Today’s Paper: Defeating Face Liveness Detection by Building Virtual Models From Your Public Photos by Yi Xu, True Price, Jan-Michael Frahm, Fabian Monrose from the compsci department at Chapel Hill, NC.
The findings has a lot of relevance on Aadhaar’s Face Auth, but it is not about Aadhaar itself.
Key takeaways:
1. If possible, do not post high resolution photos of your face online. Images above 100 px in height posted online are particularly susceptible.
2. Easy accessibility to matched photos considerably increases risk of fraud.
3. Some of the systems have a high rejection rate when the capture is done in poorly-lit conditions.
4. Liveness detection is broken without too much trouble.
5. Using infrared cameras is a good workaround that works around most of the problems above.
6. Hardware quality is a problem. Face detection using web/mobile camera output should be avoided.
Impact on Aadhaar.
1. There is no mention of IR in the Face Auth development as of now. I guess they will work it in once the current version gets worked around a lot.
2. It is extremely risky to ask the authenticating agencies to keep a copy of the images with them. This is terribly insecure a practice.
3. To make Face Auth work, they will rely on any webcam/hardware. This will ensure there are a lot of failures.

Filed under: Aadhaar, Biometrics, India, Security, TechnologyTagged with:

Can You Be A Single Non-Technical Founder?

As someone who works a lot with technology, the title of this post is a question that I keep encountering in life with unfailing regularity. Recent years has seen a growing role of technology in every aspect of business, even when the business is a non-technical one.
Technology used to be at the peripheries of business operations a-decade-ago. The exposure of most organizations were limited to email, invoicing etc. But the past 10-years has seen highly-integrated systems spread deeper and wider into organizations, putting technology increasingly at the core of business operations.
To give you an idea, a typical business now has to deal with some or all of the following these days:

  1. Communication: Email, chat.
  2. Online presence: Website, Blog, Social Media, Domain-related (DNS, white-listing), encryption.
  3. Business: CRM, Order/Inventory Management, Invoice Management.
  4. Mobile: Native/Hybrid applications, PlayStore/App Store management.

This list above is a very quick-and-dirty one. Real life scenarios tend to be far more complex with numerous other factors that make it mostly more difficult.
It is in this background that the question gets asked and it is quite a valid one. It is very much possible to spend vast amounts of energy, time and money in getting into a quagmire trying to work with technology in any organization when you do not have any background in it.
On the other hand, it is also far too common a scenario where even having a dedicated technology team does not make things easier or better; in fact, a lot of times they can be worse than doing technology on your own.
Coming back to answering the question in a simple manner, it is ‘yes’, you can build a company as a single non-technical founder as long as the core business of the company is not technology itself. For example, you cannot build a database technology business, on your own if you do not have a background at least in using databases.
Short of that, running a business that leverages technology is something anyone can do, with a little bit of time spent on learning and understanding the concepts and platforms. This is not strictly necessary,  but having that knowledge does help in understanding complexities and costs involved a lot better.
There are also other options where you can hire entire product development and digital transformation teams to get you going in the early stage. This can often be much more cost-efficient as long as you get to work with a good team.
If you have any specific questions about how to do this, drop me a line. I’ll be happy to help.

Filed under: Business, Start-ups

Chaotic Crypto Butterflies

The world is a chaotic place at the moment, and it is rife with signs that we are nowhere close to the top of the curve when it comes to the chaos. My personal disappointments aside (I was hoping, rather naively, that with the major conflicts of the previous century out of the way, the world will change its attention to bettering the human condition everywhere), this is not something we had foreseen. 
Chaos of this type is normally not fermented from the top-down. Most popular movements that work in a similar way, normally work from the ground up, with the express intention of blowing everything up as a reaction to their perceived failure of everything. It is rare for such a sentiment to be pushed from the top, as it is difficult to control these things once set into motion, and, often those at the top have as much to lose as everyone else, should things not work out well.
The big difference right now is that the current chaos is being fermented from the top-down. With the help of filter bubbles and over-amplification on social media, this kind of chaos provides a rich vein of discontentment for a new generation of leaders to tap into. At the same time, it is impossible to control this kind of a movement and it has the potential to turn into ashes countries, financial systems and nearly every pillar of the modern society that we often take for granted.
One of the obvious beneficiary of this chaos is the cryptocurrency market. Granted, it is not the only thing that is driving the value of those things in a staggering fashion, but the fact that normal markets, trade and most financial instruments look a lot more exposed to the vagaries of this chaos makes crypto, even with the current levels of volatility, a much more safer a bet. It says a lot about the state of the world when a billion dollars seem a lot more secure hidden away in a USB drive somewhere, compared to keeping it in some of the financial institutions in the world.
In pursuing this risky, chaotic mode of operation in the political world, the leaders who are attracted to it are probably not recognizing that they will potentially wind up reshaping the system into a place that can eventually bring into place a new system where the power, wealth and influence are transferred to a different group of entities from what has normally been the case. 
Historically, any sort of crypto-style currency, or any sort of parallel currency, is not allowed to grow beyond a curiosity due to the risks it poses to the traditional systems. Looking at how much crypto has grown in the past 5-years, it is easy to imagine that the risk of the collapse of the old system, and the volatility of the new one, has been priced into crypto’s growth.
This seems to be a point that not many are paying attention to closely.
It is not that crypto is not without its flaws and once the dust settles down, it is very likely that a handful of entities will control a significant chunk of it, making it a new system with all the problems of the old, run by somewhat different people. But the agents of chaos, unless they are directly invested into the new order, probably won’t see it coming and how quickly all this can change into something else.
People often forget that all systems work on the basis of consensus. That consensus is driven by assurances of predictability. The current chaos risks breaking that predictability. It is introducing a factor of unpredictability that can break the consensus, while a new crypto-based consensus is forming up rapidly on the side. If people are not careful, it is well within the possibility for a swap.
Now, that is a scary prospect.

Filed under: Social

Communication And Programming

One of the most important changes in how software development happens these days is that developers also have to be reasonably competent at communication. The days where software development used to be an isolated/sheltered activity is going away and not being good at communicating yourself well will increasingly become a handicap for good developers.

  1. A lot of learning now comes while a framework or a platform is being used. You need to know how to raise an issue and public/OSS projects often require developers to meet standards for reporting issues.
  2. The project manager as a layer of defense is also an increasingly unreliable one. Developers are now more exposed to clients or management a lot more and they need to have the ability to both articulate what they think and also comprehend well enough what the client/manager is trying to say.
  3. There are real costs associated with developers being unable to comprehend what is required and communicate what they are trying to do. The direct cost is a lot of frustration and delayed deliveries. The indirect cost is that effort is spent on trying to fix the fundamentals where as the same effort could have been spared for improving the product a lot more.
  4. Development is a lot more distributed these days, which means you should know how to write better commit logs, better comments in code. From things that were at the fringes of the software development world these factors have now moved to the core.

Unfortunately, the computer science education frameworks have not kept up with this change and it will cost a lot of otherwise great developers good opportunities.  A developer who is familiar with a distributed mode of working will find it easier to find better work and fit in also better. 
It is not very difficult to train yourself for this. There are thousands of open source products/frameworks that are developed in the open. Even with zero experience, you can start contributing to them and start learning the tools of the trade, beyond what is normally covered in a typical software development course or a computer science degree.

Filed under: Technology

2017 Review

The year was meant to be one that started with major change that were to happen, but it did not come together in the end. It was the year I felt most disconnected with the domains that I work in (media, healthcare, mobile) and it was also the year where I felt for the first time what it was like to be an old person in the working world. It was also the year where I felt it was absolutely necessary to take a firm stand against the blind use of technology in places where humanity matters a lot. It was the year where I felt that calling technology ‘neutral’ is problematic because all technology is eventually applied into various scenarios and that application is never neutral.
People First
The past decade has been nothing short of revolutionary for the tech industry. Every aspect of it — mobility, data analysis, data consumption — has undergone changes that were unthinkable when the new millennium rolled into view. The scale and quality of what has happened, which was previously only available as an expensive option to the really major companies, has meant how we use, perceive and get impacted by technology has changed.
The downside of this commoditization of high-quality technology at scale is that the rights of the citizens have been left far behind as important factor that governs the use of all of this technology. Everywhere in the world, both companies and governments are racing down the road to use the data generated by all this technology in ways that keep the human factor out of the consideration. 
Without the safeguards that protect the people against data-driven prejudice, we will widen rifts in the society and bring about a scenario where we will further reduce the opportunities available for the poorer parts of the society to move upward. They are, to start with, too poor to generate enough data and the data they generate will, in any case, point to them as not worth any consideration. This will lead to a scenario where the discrimination will compound (often silently & without the affected even being aware of it) and eventually take us back 50-60 years in time where social justice and fairness is concerned.
Algorithmic Apartheid
It was at an excellent Medianama event (#NAMAprivacy: AI, Internet of Things and Consent) that I first heard the idea that algorithms have bias built into them. If my memory serves me right, it was a point made by Beni Chugh that this warrants regulations or guidelines for how algorithms are implemented to ensure that the bias is not discriminatory. My first reaction to the concept was this was preposterous. How can an algorithm be biased by itself?
But, as I thought more about it, it began to make a lot of sense. Algorithms are nearly never written to ensure a level playing field in practice. Almost every implementation of any algorithm is designed to nudge a person into a particular activity channel or it aims to separate the wheat from the chaff. It is nearly never that you will see an algorithm that aims to see everyone as equal. An algorithm by itself is an inert entity. It does nothing. An algorithm that is implemented is no longer inert. 
If you take such an outcome-driven look at algorithms, it is not too difficult to make the shift that the implementation is the algorithm. And the implementations have far-ranging effects beyond missing out on a special discount in real life. When this is rolled out into technology that affects public policy, it affects lives of real people and their ability to live in a decent manner. Algorithmic exclusion and discrimination in our time is a major problem as customized experiences isolate people from having a shared knowledge of what is on offer.
The solutions are not easy for it, especially in the domain of private companies. But I do believe, that at least in the domain of public policy, we should have provisions for anti-discriminatory safeguards built into algorithms. Even though a popular theme these days is that governments should be run like businesses, I believe that is an entirely wrong notion. The goal for a business is to attain profitability and maximize it. For a government, the goals are to serve its citizens well and ensure that they get a fair shot at doing really well in life, while having a safety net for those who are unfortunate enough to not have the means/ability to do better.
Crypto
Even if you have been living under a rock, the odds are that you would have encountered the crypto currency storm in some format. The speed and scale at which that world has grown continues to amaze both the believers and non-believers alike. There is a lot of truth in saying that the growth is supported by an erosion in faith that people have in the traditional stores of value and manner in which that value is transmitted and exchanged. There is a lot of truth is saying that a lot of the growth is driven by fraud and sheer speculation.
The truth, as ever, is a mix of all that and the fact is that crypto is here to stay, in spite of its numerous problems with slow transactions, high transaction fees and extreme volatility. The technology that powers it is emerging at breakneck speed and it is not easy to grasp at all, and the conceptual frameworks require a fair degree of understanding of cryptography, advanced economic theory advanced computer science and sociology. 
I do not understand it well enough to even wager a prediction about the direction in which crypto will be headed. But it does not need a lot of expertise to predict that unlike previous attempts at something similar this one is here to stay and nobody can ignore it anymore.
Four Decades
With another year to go before I turn 40, it has not been easy finding my place in the natural order of things in the industry. An ill-fated attempt at rejoining the workforce as an employee did not work out too well. It is worth it trying to find the right team/organization to work with as the damage caused by the wrong one is long-lasting and in the end, everyone winds up being really unhappy about it. Thankfully, other than an exception or two, since 2008 I have been lucky to work with good people. The latest exception, though, has put me off working a regular job anymore for good.
So, it is back to a mix of consulting, working on a couple of projects and building products on the side again for me. But it is a puzzling though, that there is a lot I am able to contribute (pure technology, product, business etc.), but I cannot seem to find the right kind of people/projects to work on. Perhaps, it is the fact that over the past few years I have become the consummate outsider in the industry and outsiders do not form part of the network that is so important to be a part of, if you are to surface enough of these opportunities.
2018?
After the chaos of 2017, my only plans for 2018 are to keep up a steady pace of work and find interesting projects to work in. The domains are likely to continue as healthcare, mobile and maybe a bit of a poke at crypto. I would love to hear from you if you are doing anything in any of these domains.
The last couple of years have been hard on health, with an older body not taking too well to it being abused as well as the younger version used to. Health has become a worthwhile investment the last 4-5 months and I intend to continue that in the year to come.
2018 will also, hopefully, see more time outside of regular work that I can spend. With age, I do not particularly enjoy the line “I burnt myself out working hard” anymore. Good companies, products and businesses are made working at a steady, sustainable pace. Or at least that is what I want to do than chase hockey sticks. 
Here is wishing you all a lovely 2018.

Filed under: Frontiernxt, Technology

Aadhaar Notes – Part I: Some Quick Fixes

The Aadhaar (TARGETED DELIVERY OF FINANCIAL AND OTHER SUBSIDIES, BENEFITS AND SERVICES) Act 2016 aims to provide for, as a good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services. While the objectives for the Act are noble, the manner of implementation has been shoddy and it often accomplishes the opposite of what the Act attempts to do.
Much of the debate around Aadhaar and UIDAI often finds the participants occupying extreme ends of the spectrum, calling either for its dismantling it or a flat out refusal to discuss its flaws. This post is an attempt to find a middle ground and discuss concrete steps that can potentially weed out some of the flaws and work towards a more citizen-friendly version.
The Rationale
Systems can be used (independent of the design or intent) in ways that includes or excludes the participants. The primary objective of a welfare program is to ensure that the deserving must get their benefits and, secondarily, it should eliminate, fraud and wastage. A truly inclusive program will not deny the deserving, while working in parallel to eliminate the non-deserving. A program that excludes as a default will result in a lot of the deserving being excluded from the benefit in the pursuit of efficiency over fairness.
As it stands now, the social contract that Aadhaar sets up between the government and the citizens is one where the state considers the citizen an adversary looking to unfairly benefit off it, till proven otherwise, solely on the basis of the existence of an Aadhaar number. This stems from approach that Aadhaar is the solution to a multitude of problems.
Solving problems of identity, authentication, efficiency and transparency require multiple tools and not a single tool. Some of these problems are completely unrelated to the issue of identity. It is more than possible to have a population tick all the boxes to certify efficiency, identity and transparency and still have a lot of the problems remain unfixed even with 100% Aadhaar coverage.
The Crucial Design Flaw
The UIDAI projects the zero-knowledge nature of the core Aadhaar services as a key facet that allows it to guarantee a high level of privacy. This is absolutely correct if you look at it solely from the perspective of the services that UIDAI provides. The flaw is that a service that only authenticates identity cannot guarantee things like efficiency, good governance etc.
Aadhaar alone does nothing to enable this; it depends on the larger ecosystem to provide this, which may or may not be possible using Aadhaar. Thus, claim that Aadhaar in its current avatar will enable it all is incorrect.
Let us take an example of how this works in real life:
Sita is a bank account holder with Example Bank. Bank wants to authenticate if Sita is who she claims to be. They collect and send Sita’s Aadhaar number and verifies it with biometric or SMS OTP to validate that it is indeed Sita who the bank is interacting with.
This is all what Aadhaar provides within the realm of identifying someone. It does not tell the bank if Sita is a great person. It does not tell if Sita can be trusted to pay back her loans etc..
What happens after this between the Sita and Example Bank is of no concern to UIDAI. This design allows UIDAI to not have to deal with what happens further in the loop. They call it the “zero knowledge” interaction. But, at the same time, UIDAI claims that just by its existence the Aadhaar number makes things more efficient and transparent without having any interest or say in how that is being done.
This flaw is glaringly obvious when things do go wrong, as it has happened in the recent spate of data disclosures by service providers across the country. UIDAI washes their hands off these problems as not theirs to solve. The resulting scenario is one where there is a distinct lack of ownership of the data that is collected by service providers.
The service providers only know they need to collect the Aadhaar number of their users. UIDAI will have nothing to do with how the data is collected, how it is used and how it is disseminated. The beneficiaries are left in a situation where, should a problem arise with the seeding where it is mandatory, they risk losing access to services that they were previously legitimately entitled to with no clearly mentioned redressal mechanisms.
Another problem in taking this “Aadhaar will fix everything” approach is that it cannot fix everything.
Let us go back to Sita to see how this can play out.
Assuming Example Bank has already seeded Sita’s Aadhaar number, without any further authentication, they can still provide services in Sita’s name and it will look perfectly legitimate if the service requires only Aadhaar as the key identifier. This is precisely kind of fraud that is most prevalent in India and it is one that Aadhaar, with its zero knowledge model, cannot solve.
On the other hand, it is very much possible that during an audit where Sita’s use of the services are crosschecked with another data source and found to be fraudulent. Based on this alone Sita can be denied services for no fault of hers and there will be little recourse available for her to prove that this is not true.
Lastly, not having an Aadhaar number can result in the denial of a service that Sita is legitimately deserving of otherwise and probably has the documentation to support too. This fails all of the stated goals of Aadhaar and also fails the fairness principle. In effect, you suddenly denying people who are perfectly legitimate and should receive the benefit.
As it stands, the entire process of seeding and how that data is further used is flawed and a growing mess. It needs to be rethought and re-calibrated to address the crucial flaws. Some of the ways in which this can be done:
1. Halt the seeding until a framework is established to ensure all stakeholders are properly educated about how to handle Aadhaar data. Currently, very few people know the entire picture. Even fewer people know what is the correct picture.
The way in which it is being done right now carries the risk of putting the service provider DBs in a state from where it will be difficult to get a clear picture of the linkage between the internal ID and the Aadhaar number. This is a hard problem to solve and needs to be done in a measured manner; unlike the breakneck speed at which it is being attempted.
2. Stop denying services on the basis of no Aadhaar if there are other documents that provide identity. Even the Aadhaar Act itself stresses on the this aspect where people should not be denied access to services if they can prove who they are with other documents.
3. Appoint an external auditor for auditing both UIDAI and the service providers. The idea originally was proposed in this excellent technical paper on Aadhaar: http://www.cse.iitm.ac.in/~shwetaag/papers/aadhaar.pdf
4.  For the current service providers who have seeded with Aadhaar data, audit them to ensure compliance. A good place to start from would be to enforce the AUA checklist for service providers: https://authportal.uidai.gov.in/static/AUA%20Compliance%20Checklist.pdf
5. Set up comprehensive processes and documentation for service providers to ensure that seeding is handled properly. Make it mandatory for seeders to explain in clear terms what is being collected, what happens in the backend and how the data will be used.
6. Publish granular stats in a voluntary manner about state/district/taluk level about Aadhaar(enrolment, auth attempts, auth failures). If the government truly believes in data, then embrace it and use it to better services. Take the ambiguity out of understanding how well is it working. The data is already there: need to make this searchable easily visusalized.
This is a good start, but it needs a lot more of work: https://data.uidai.gov.in/uiddatacatalog/dataCatalogHome.do
7. Have a single location that lists information about valid service providers and the reasons why they are performing Aadhaar seeding. Provide a simple mechanism (email/SMS/toll free number) by which people can verify the details regarding a service provider who is performing the seeding.
8. Initializing seeding should be a clearly defined process. This should be done with a circular from the service provider first, followed by a verification message from the UIDAI that a particular entity has been cleared as a valid seeding partner.
9. Provide a simple means by which an Aadhaar registration center/AUA/ASA can be looked up and validated.
10. Establish guidelines for making Aadhaar mandatory for something. You should not be able to randomly point at something and say, make Aadhaar mandatory for it. Establish SLAs for a region or a service before it can be brought under consideration as a mandatory thing.
11. Introduce penalties for SLAs not being met in Aadhaar-mandatory environments. Make it non-mandatory till the SLAs are not met again.
12. Ensure that service providers are given service specific tokens than just yes/no. Make it illegal to store Aadhaar numbers in any manner outside the CIDR. Ensure they are periodically audited for compliance in storage and dissemination.
13. Educate the customer how enrollment is done, de-duplication is done, auth is done.
14. Educate the customer about their rights. How to ask questions, what to ask questions about. They are completely in the dark right now. So much so that the likelihood that anyone asking for Aadhaar right now will get it easily from the people because they are used to giving it out for everything.
15. Educate the user about consent: at enrollment, authentication.
16. Make the user part of the de-duplication process. There is no visibility the user has in this at the moment.
17. Make the Aadhaar documentation better. There are numerous formats/versions floating around. There is no consistent way of versioning docs, naming them or having a clear location from where you search them, access them or find versions properly.
18. Don’t lose control of domains (uidai.net that used to host services is no longer with UIDAI).
19. Have a comprehensive redressal framework in place.
Edit: Added one crucial point from @kshashi:
20.  Be more open to criticism and researchers studying the underlying technical and policy framework. There are a good bunch of people who work on the right side of the law researching these things. Have them on your side working with you.

Filed under: Aadhaar, India

Values

Now that I am officially off the gig that I was busy with the last year and a half, I have been pondering what is to come next? There are a couple of ideas that I have been playing with and a few interesting conversations, but I figured it would be a good idea to write down the broad contours of how I would like to work in the years I have left.

  1. Ethics: In the world where growth-at-any-cost is the popular, investor-friendly option, ethics often go for a toss. Doing the correct and decent thing is not often highly rated. I am actively trying to stay out of environments like these. The environment produced by such companies are toxic and it has an adverse impact on everything important to me.
  2. Remote-friendly: We are in an age where we at least the newer companies should actively try to shut down daily commute to the workplace. You need not create a workplace that is purely virtual. You can easily keep an office, but you can require your employees to come in only on select days when everyone is guaranteed to be in the office. Otherwise, build a culture that encourages and thrives on remote work.
    Of course, this is not going to be easy and culturally it is nearly-impossible to retrofit this once a non-remote culture has really set in. But the modern commute really has to die or reduce drastically. It makes our cities crowded, more polluted, adds stress that produces nothing additional and cuts time that can easily be used for more positive things.
  3. Good people: Find smart, good people to work with at all levels. From co-founders to co-workers it is important find the right kind of people to work with. It is worth it investing in both finding and training the right sort of people to form the core of the company. The right ones tend to stay longer with you, work better and keeps everyone happier.
  4. Make it better: For the customers you serve, the employees you work with and the industry you work in. This results in happier people and better output all around.
  5. Work is not everything: Allow people to explore other things when time permits. If times does not permit (for years in a row), you are not planning it right. 
Filed under: Frontiernxt, Misc