Talk to the real customer and listen carefully…

As an architect one has to interact with different stakeholders. An architect interacts with developer, tester, requirement engineer (our internal customer), fellow architect, designer and the real customer. Out of all this interaction, I feel the interaction with the real customer always fascinates me a lot. I will share one such instance here. In the recent times I visit a hospital regularly for my kid’s vaccination. The regular pattern is like we call the hospital and book an appointment. The appointment itself doesn’t contain a time slot or any waiting list number (token number). After this we need to physically visit the hospital, pay the consultation fees and get a waiting list number. Then we wait for our turn. This waiting is a painful one for all the visitors. The hospital has a nice IT system that helps them in patient management, billing, consultant management and employee management. Being a software solution provider I thought this is great opportunity. Add a module that can provide automated online appointment management (web based/mobile based). The visitors need not waste their precious time and still gets to meet the consultant on time.

I got a chance to meet the hospital head and mentioned this solution. Also I elaborated how easy it is to add such a module. He listened carefully and then uttered the following

“I know it is easy to add online appointment management to our system. But in our locality people still judge the popularity of a hospital by the amount of crowd waiting for consultation. If I reduce the crowd by introducing such a system, then it will bring down the popularity of the hospital. So having a manual appointment management system is a conscious business decision.”

I learned the reason and thanked him for the clarification. As I stated in the beginning interacting with a real customer is always fascinating.

Internet of Things, Black Magic and Humans

In the recent times I read a lot about IoT(internet of things). And the way they are going to improve our lives in so many ways. For example the story goes like

  • By the time you reach home the thermostat will start the AC or the heater and setup a pleasant temperature
  • The new age LED lights are connected to internet and switch on/off based on your location pattern
  • The fridge finds out, there is no milk and adds a to-do entry to your to-do list to get the milk
  • There will be sensors everywhere. Based on the data they will decide and act intelligently

Yes. All of this is well and good. But among all this intelligent set of things there is a dump thing mixed in. It is none other than the HUMAN. At times I feel scary how this billion of IoT is going to handle the human. I will quote one of my own examples here.

  • At our home we have 2 iPods a nano(8GB) and a touch(32 GB)
  • My father used the nano while I used the touch

I load the songs into the iPod using the following routine (Because of the difference in the iPod memory size)

  • Remove all the songs from iTunes
  • Connect the iPod to the PC
  • Add the songs based on the need into iTunes
  • Run the iTunes sync
  • Disconnect the iPod

Sometime back I was travelling to USA for a long term. As a part of the travel preparation I made sure I loaded my entire music library into my iPod touch. One check list item done and ticked. My father requested me to load some of his personal favorites into his iPod nano. I did my regular routine and gave the iPod back to him. He thanked me and verified all his songs were loaded. I felt happy that in between the travel preparation, I could get this small job done.

I packed my bags and reached USA. After a week I thought of listening to some of my favorite music. I took my iPod touch, charged it and connected my headphones to it.

SURPRISE!! SURPRISE!!

I hear some old song that was my father’s favorite. I thought maybe I added that by mistake. I shake the iPod for a shuffle. Again another old song. After lot of shake I found my entire music is missing and is filled with my father’s collection. I am wondering what has happened? I didn’t touch my iPod after the last sync. I clearly loaded all the songs myself. That was the first step in the travel preparation. I was wondering what sort of black magic has happened?

Then I found out, I turned on itunes wifi sync by mistake sometime back. So when I was loading the songs to my father’s iPod, my iPod touch found that out, intelligently wiped all the songs from its library and loaded all my father’s songs into it over wifi automatically. From the iPod touch point of view this is perfectly fine and intelligent doing all this in the background. But the outcome was a disaster from my point of view.

The problem is humans have a tendency to forget things. Until now it was my PC, internet and the so called Smartphone that has to deal with this situation. Now I am not sure how this billion IoT is going to handle this situation.

–Ferose

Using an Elephant for Begging

This is a short post that I wanted to write for a long time. It is based on an example that I mention in majority of my training sessions. Let me get to the point quick. In India there is a common practice. If you roam around in the small towns, villages and in some cities too, you can see elephants in the road accompanied by the mahout. On seeing the huge animal everyone gets excited. Especially the children gets excited and frightened at the same time. And the routine is the same everywhere. The mahout will bring the elephant near each of them and it will bless the person by putting its trunk on top of the head. Then it will beg for money using the same trunk. We pay the elephant some money which it hands over to the mahout.

In India elephant is seen as a representation of the Hindu GOD Ganesh. So people taking blessing from it is fine. But one thing that I always wonder is, the effort the mahout put in training the elephant to beg and using that huge animal only for that purpose. You may be wondering why am I suddenly writing about elephants in India. No I did not quit my software job and started learning about elephants. In the software development industry I have often seen a team asking for a costly tool (Visual Studio 2XXX, Enterprise Architect, Rational Suit etc.,). The company looks at the cost and benefit. Finally it decides to buy the costly tool.

Now once the tool is bought and handed over to the teams, I have seen lot of teams using hardly 5% of the features provided by the tool. For eg

  • Use Visual studio only as a text editor with syntax highlighting.
  • Use the enterprise architect to draw UML diagrams

This is synonymous to using an elephant for begging. One of my major endeavor is to use the elephant for doing things that it is meant for.

Always spend time for learning the tool and use it to its full potential.

Target of vishing and credit card fraud

On Saturday evening 31 Jan 2015, I was the target of a vishing attack. Some smart set of people tried to steal my credit card details. The following things saved me from the fraudsters

  • Knowing some basics of credit card (card#, dates, CVV, 3D secure PIN etc.,)
  • Knowing the basics of telephone SMS
  • All those articles regarding fraud in arstechnica.com
  • Social engineering training from siemens

Here is how the whole thing went through. I am going to list the phone conversation here between myself and the fraudster. I have reduced the transcript here for the sake of brevity. The call went close to 20 mins. All of them were very polite and had nice fluency over English. The accent was north Indian.

(lady 1) Fraud: Hello. Am I speaking to Ferose Khan saab. (in hindi)

Me: Yes

(lady 1) Fraud: We are calling from icici bank credit card section. It seems one of your credit card’s 8000 reward points are expiring.

(This is a coincidence that made me trust her. I have 2 ICICI cards and one expired recently. May be that card’s points are expiring with it. Also I had close to 8000 points.)

Me: Yes. I have an icici platinum credit card. is it related to that card?

(lady 1) Fraud: Yes. We will redeem the points for you and send the coupons to your address and credit 5000 reward points since you are our platinum customer.

Me: Okay. But I have changed my address recently. So I am not sure whether that request went through?

(lady 1) Fraud: I will have to transfer you to another agent who deals with address change also.

Me: Okay.

(lady 2) Fraud: Hello sir. It seems you have requested an address change.

Me: Yes.

(lady 2) Fraud: To check that I need to verify your credentials. Can you tell your card number.

Me: 1234 5678 1234 5678

(lady 2) Fraud: Can you tell me the date of expiry?

Me: 11/11

(lady 2) Fraud: To verify your phone number I am going to send an OTP to your mobile and email. Tell me the OTP.

Me: I get an SMS from VM-ICICB “One time password (OTP) for IVR transaction for your card ending with xxxx xxxx xxxx 1234 is 123456.”

(lady 2) Fraud: Can you tell me the OTP.

Me: Yes its 123456. I am a bit confused. Why are you redeeming the points for me. I will be back tomorrow. I can do this on my own.

(lady 2) Fraud: No sir this has to be done now.

Me: Okay. What are the coupons that you are going to send me?

(lady 2) Fraud: Some travel coupons, gift coupons, a free wrist watch, Belt and a branded shoes.

Me: Don’t send those travel coupons. I am not interested in them. There will be a coupon from shopper stop. Can you look it up. That’s what I order normally.

(lady 2) Fraud: (she fumbles a bit and could not answer). Sir actually I am from the verification department. The other department will handle the gift details.

Me: Okay

(lady 2) Fraud: At the back of your card there will be a 7 digit number starting with 1234. Can you tell that number?

Me: But that is my cvv number. Why do you need that?

(lady 2) Fraud: I need that for verification.

Me: No I am not going to give that over phone.

(lady 2) Fraud: So I will transfer the call to my superior.

Me: Okay

(guy 1) Fraud: Hello sir.

Me: I am really irritated now. If my points are expiring why didn’t you call me last month?

(guy 1) Fraud: I am sorry for the inconvenience caused. we tried calling but couldn’t reach you sir.

Me: Okay

(guy 1) Fraud: Are you interested in this automatic redemption service.

Me: yes. do it.

(guy 1) Fraud: Can you verify the card valid from date

Me: 01/01

(guy 1) Fraud: Can you turn your card back and tell me the 7 digit number.

Me: Yes. There is a 7 digit number. But that is the cvv number. I am not going to give that.

(guy 1) Fraud: Sir I am not asking any confidential details here. As per icici your date of birth, mothers maiden name and 3D secure pin are the confidential details. kindly tell me that number

Me: If I give that number then you can go and make a purchase. Its as good as giving my card to you.

(guy 1) Fraud: But that will require your 3D secure pin sir.

Me: But if the store is from out of india for eg amazon.com. You can make a purchase without that PIN.

(guy 1) Fraud: Sir you received an OTP from VM-ICICB just now right. Are you doubting us?

Me: Anyone can send such a message with “from number” being VM-ICICB

(guy 1) Fraud: No sir its not possible.

Me: It is possible. give me a number I can send a similar message.

(guy 1) Fraud: Sir are you interested in this service from us?

Me: Yes I am interested.

(guy 1) Fraud: Then kindly provide that number. Without that I cannot update the system. I will increase your credit limit to X mount sir.

Me: But my credit limit is already more than X.

(guy 1) Fraud: In that case its okay. To send the free gift kindly tell me the number sir.

Me: No I am not going to give that number to you.

(guy 1) Fraud: Sir you are not listening to me sir. That number is cvv “customer verification value”. It is used to verify the customer. Also when you give the card at any merchant location it is visible to all. You need not worry.

Me: No it is a secure information. In my card I have even scrapped that number. I am not going to give that number over phone. If my points will be lost because of that, then let the reward points go to bin. I will cancel the card this monday.

(guy 1) Fraud: Sir. No sir. please don’t do like this. you are an esteemed customer based on your transaction. Kindly allow us to provide this service. Are you interested in this service?

Me: yes

(guy 1) Fraud: Then let me know the cvv number.

Me: No.

(guy 1) Fraud: Thank you sir. Nice talking to you.

(call disconnected.)

There are couple of things that triggered my doubts.

  • When I was telling the card number. Typically icici would have this so they don’t repeat them. But in this case she was repeating the number orally. And I felt something wrong.
  • Sending an sms from VM-ICICIB can be done very easily with the internet based sms clients. I have done it myself. It doesn’t prove that they are from icici.
  • Typically if I don’t provide an information. Icici customer care will cut the call. But here the guys were persistent.
  • When I asked for the shopper stop coupon. she fumbled. This too made me think about the genuineness of the call.
  • That cvv is not a confidential information.
  • They transfer the call suddenly without any need.
  • The credit limit stated was less than my current limit.

Mistakes that I did

  • I gave the card number to one agent. (they used last four numbers in formatting an OTP)
  • To different agents I gave different information. (credit card #, From, To)
  • I should have told them to send an email and cut the call.
  • I took the call at a wrong time (when we are packing our stuff to return and there are lot of guests returning back). So I was not prepared for it.
  • Whenever I ask them some tough question they transfer the call and start over altogether.This irritated me and also made me loose focus.

Some basics

  • The information that is printed at the back of the card is secure. Once you get the card memorize the cvv and scrap it.
  • In case if someone demands a crucial information over phone. Ask them to send a mail.
  • Ask them some questions like your name, address etc and verify them.
  • Don’t be in answering mode. This is not a quiz rapid fire round. And if someone calls you you need not validate your identity. It is them who has to validate their identity.
  • You won’t know when you will get such a call. Be prepared for it.
  • A bank will never take responsibility for such mistakes from your side.
  • 3D secure PIN is only for india. So any foreign currency purchase can be done without that.
  • cvv is card verification value. This is used to make “card not present” transactions. In places where you cannot enter PIN number this number will be asked for. And the merchant is not suppose to store the cvv number as a part of transaction. That way the card will not be compromised if this data is stolen.
  • Some purchases don’t show up in the statement immediately. Also be cautious and check the alert sms sent by banks.

Wish you all safe banking.

–Ferose

Working with Germans

I am working for software wing of Siemens, Bangalore for the past 8 years. During this time frame I have travelled 4 times to Germany and have worked in Germany for a year. As a part of the work I have to interact with my counterparts in Germany regularly.

As a regular practice I under went the intercultural training regarding Germany. It was a big eye opener and I learned couple of things while working day to day with the German counterparts.  I will share them here. Since I am an Indian, the points may also reflect to some extent what Indians observe.

Communication

The German communication is mostly straight forward. If something is right they say it as right. If something is wrong they say its wrong. If there is a bad news they say it on the face. For eg if a German is not happy with you for some reason then he would say it directly on the face “I am not happy with the way you are doing this”. Also I have seen that they expect similar kind of communication back. And if someone does the round about communication beating about the bush they get annoyed. Being black and white is always appreciated.

Value of Time

The Germans are known for their punctuality. One thing that I have learned is they value other’s time a lot. If a German arrives late for a meeting the first thing he does is apologize. The next part of it is Germans value their own time a lot. For example if a German wants to work on a particular topic with full focus (undisturbed) he will block his own calendar and mark it as busy. And if the calendar says the time is free then really the German is available. One can send a meeting request. They balance the time needed for personal & professional activities well.

Inexpressive

The German people are mostly inexpressive. This is what the trainer said during the intercultural training. This description is given because most of the time the Germans look too serious and focused. In the office this is a routine one can note. Every morning once a German enters the office he will greet with “Morgan” meaning “Morning” and then starts his work. There is no gossiping, chitchat and in the evening “Tchuss” meaning “Bye”. When I was working in Germany I normally used to hear songs during work (with my earphones on) and sometimes I used to hum the song. Once a colleague of mine complained that it disturbed his attention.

But this description of Germans is not true always. I have seen them angry, depressed, happy, humorous & satirical lot many times. What matters is majority of the time they look serious.

Long term Planning

Germans are known for their meticulous long term planning. This is quite evident from the kind of projects they execute successfully across the globe. They are masters of long long (10+ years) planning. I have seen lot of initiatives when they reached me were planned, started & executed lot many years earlier. They don’t bother about immediate results. They really value long time benefits. That is the reason they plan, start, execute and reap the benefits in the end.

Documentation

The one attribute that I envy most is their ability and commitment towards documenting things. The documentation is not done just for the sake of process. It is done so that tomorrow it helps someone out when the author has moved on. And this shows when a German reads the document. He will read it with full attention (not skimming through) and trust the information. Also whenever some information is required Germans always look for a written document rather than running around people and pestering them.

Individual & Contradiction & Conflict

This is another attribute which I learned by experience. Majority of the Germans like to be individualistic than be part of a group. For example in a meeting when all the participants agree and one German disagree at the end of the meeting, everyone accepts that one among them disagreed. No one forces him to agree to the group. The individual who is disagreeing also never agrees due to peer pressure. Each one of them express ones own opinion.

Slow

At times I have felt that Germans are slow. Because they approach  everything very systematically. Don’t skip unwanted things. They don’t take shortcuts. They also don’t bother to rush through things. This all activities will definitely slow down things. But the outcome in the end is always fruitful.

This is a topic where people write books. A blog post is too short a space for such topic. But I just collected the most important ones that I could get.

Installing windows 7 from USB stick

Its long time I posted something to my blog. I thought of posting something useful. Like every one else I was following up with the Windows 7 development at http://blogs.msdn.com/e7/. And I was pretty sure that the windows team is going to come back with a great OS after Vista. It has happened in the past like XP after Windows ME. Once I heard there is a beta version available I wanted to get my hands dirty with the new OS fresh from the lab.

I have a Dell latitude D810 which is a capable laptop. But I don’t have a DVD burner so that I can burn the image and install it straight forward. So the only available option was to get it installed somehow through an 4GBUSB stick. Already I had tried Fedora  10 with the same USB stick so the boot sector was filled with syslinux. Here are my steps.

Steps

  • I already had 3 NTFS partition. I cleaned up one partition with 20GB and backed up all the data.
  • First format the USB stick as FAT32(which will wipe the entire data.)
  • Extract(I used winrar) all the files in the installation iso file to the USB stick.
  • Now stick is ready It has to be made bootable.
  • I am more comfortable with grub since its pretty simple. Follow the steps 1 to 4 given in Hiren bootcd http://www.hiren.info/pages/bootcd-on-usb-disk.
  • In the USB stick open the menu.lst file and add an entry for the windows 7 as follows.  menu
  • Now USB stick is ready. Put the usb stick in to an usb port and reboot the machine.
  • While booting enter the boot menu and set usb device as the first device.
  • Now once you save and exit. The machine boots to the grub screen.
  • Choose the windows 7 option. The setup starts. After copying all the setup files it will ask for a reboot. Now the usb stick is no more required.
  • Remove the stick and reboot the machine. The windows 7 installation is a breeze. It will go through without a hitch. i installed the OS in the empty NTFS partition(Since we cannot install the OS on a USB stick).
  • After installation once you enter into windows goto Control Panel > System and Security > Windows Update and enable auto update.
  • The wireless, ATI graphics and sound card drivers were downloaded and installed by the windows update automatically.
  • The only problem reported was with my microsoft VX1000 webcam. I downloaded and installed the vista driver but it somehow crashes the OS.
  • That’s it windows 7 is ready. Goto microsoft.com and register your copy by participating in the beta program.w7
  • Hope this helps somebody.
    Technorati Tags: ,