Tuesday, September 25, 2007

Kids, leave the teachers alone

I've had the misfortune of having some very terrible teachers. Despite being a very privileged child, who attended some of the nicest schools possible, I still had to suffer through some crazy people.

One in particular was a fat, heartless shell of a human being. She taught a completely pointless subject called Socially Useful and Productive Work (SUPW). That was a glorified arts and crafts kind of class, where it is nearly impossible to have objective standards anyway. Really, how do you judge a 12 year old on his hour-long craft work? So grades meant nothing. But that didn't stop this heartless woman from being rude, belittling the work of kids, and expressing her strong disapproval at 90% of the students.

At the time I thought she had something personal against me, but now I realize that she was equally scathing to nearly everyone. I disliked her weekly class enough that I even considered being ill regularly on that day. My brother and I knew where she lived, and we concocted elaborate plans involving her walk from the bus-stop to her house... and hockey sticks. Too bad we were too cowardly to actually do anything. Sadly, we didn't even own hockey sticks, and took no interest in the sport either.

As a child, it is difficult to appreciate how useful and valuable you are. Teachers like her shatter any feeling of self-worth that might have grown in the child. This, I feel, is a terrible loss. Children should be told at every step of the way that they are valuable and special. And no teacher should be allowed to shatter this belief. If the child is to be fed a delusion, I prefer a delusion that allows them to experiment, to feel powerful and capable rather than a delusion that they are worthless.

It is easy to think that school is the entire world, when you are 12 years old. School is all you have seen, after all. Your life revolves around it. Contact with the outside world is extremely limited, and it is difficult to get a perspective of the school's role. Students don't realize that the teachers are actually employed by the students (the students' parents, really) and are paid to teach. Even in Government schools, the state (through taxes paid by the citizens) pays the teachers. The position of power is actually in the student body. In the case of minors, the position of power is with the parents' collective. They can force the management of a school to discipline teachers.

But no teacher wants to tell the students this. After all, a collection of 30 students vastly outnumbers (and outranks) the teacher. If everyone complains, the teacher is headed for trouble.

So here is my delayed advice to my younger self (or my timely advice to the younger generation):

Suffer through no teacher. Get together, and discipline that bad teacher, because that person is working for you. Preserve your self-worth and know that you're headed to make a significant impact on the world around you. Unlike that bad teacher.

And in case not much action can be done, ignore the teacher. Find another way to learn the subject. There is little impact to skipping class when the teacher is horrible. I speak from experience! You will walk away with a better appreciation of the subject if you don't let someone butcher the topic first.

Leave the bad teachers alone, to wallow in their own misery. You have the whole world to explore.

Sunday, September 23, 2007

Bangalored: The Expat Story

It is after a long time that I've read a book about India that had me enthralled. Eshwar Sundersan's book, "Bangalored [the expat story]" is about expatriates who live in Bangalore. He meets with various people who are expatriates in Bangalore, and talks to them about their reasons for being in India, their experiences. It sounds quite watery when I put it this way, but it is a very persuasive book.

I feel one learns a lot about their own country by seeing other countries. You finally start questioning long-standing beliefs. Meeting foreigners who are visiting your country is very similar. Since they are new to a lot of customs, they question the establishment a lot more. They have a perspective which forces one to think, and justify a lot of our actions.

Bangalored brings this out very clearly. You see people struggling with Indian concepts that are quite pointless in reality. You see people actually solving problems that most Indians are quite content to complain about. Arranged as a collection of informal meetings, Eshwar does a wonderful job of transcribing thoughts and letting the people tell their story.

As a bonus, Eshwar has taken the time to write a historical perspective on the expatriate phenomenon. The bibliography lists many pointers for the eager reader. This book could not have been arranged better.

And if humour is what you seek, read it to find out why the Bangalore Electric Supply Company is mentioned in the acknowledgements.

Definitely worth reading, for every Indian who wants to understand India better.

A short interview and review by the Hindu on the book is also available online.

Update: Changed ex-patriot to expatriate (thanks, Vlad)

Saturday, September 01, 2007

The need for a single timezone for India

Pierre Fitter has an article in Business World on two timezones for India. My view in the article is against timezones and DST.

Ajay Shah blogged about this recently.

Viral Shah and I wrote a small paper about the need for a single timezone in India. We argue that a single timezone is a convenience, technically sound, and a great proposition in terms of nation building. I would appreciate comments on the paper, either on this blog, or at vikram@mayin.org.

I have been told that there are studies of cost savings due to DST or time zones. If you know of any, I would appreciate links or full text PDFs.

Bank of India, compromised!

The website of the Bank of India at www.bankofindia.com has been compromised. You can read about the attack on the Bank of India site at the SunBelt Blog. This is a fairly big issue, and if you have money at the Bank of India, I would seriously recommend you to withdraw it (in cash) and close your account immediately.

This is what happened. The website has a hidden page element that forces you to visit a malicious website. While you cannot see the page element (since it is hidden), you cannot notice it. But in the background, it downloads a long list of malicious programs. These programs are designed to take over your computer (rootkits) and allow the attacker to have complete control over it. Many of these rootkits allow the hacker more control over your computer than you do. The least destructive end goal is to use your computer as a spam host. Since this is linked from a bank's website, my guess is that the intended goal is to steal personal, financial information and use it to withdraw money or steal identities, or a variety of other creative pursuits.

If you still don't get it, it is the equivalent of having your house keys copied, and the thief has your check book and PAN number, and passwords to all the websites you visit. Not only is this a liability to your Bank of India account, but also to other accounts you have (financial and service websites), and legal documents on your computer.

If you have visited the Bank of India website in the past two or three months, I would highly recommend copying your sensitive documents, and formatting your hard-disk and re-installing your Operating System.

This is interesting for a variety of reasons
  1. The abysmal security of Indian financial websites is being noticed internationally. I wrote about this earlier, when I said that it was only a matter of time before this is noticed, and exploited. When a bank puts a website online, it should be prepared to match wits with some of the most devious minds. I am sure that in the months to come we will see a lot more of such attacks, directed primarily towards poorly designed Indian websites, of which there are plenty.
  2. The possibility of destruction that this attack aims at. While being a spam host is a bad thing, the worst possible outcome is having your bank account emptied. There are 22 pieces of malware that this attack installs, and there is bound to be many computers where a lot of them will stick.
  3. Shockingly sad security of Windows, affecting the customer directly. A fully patched system should be unaffected, but how many Windows systems in India are fully patched, especially if they are attached to a slow dial-up? The worse the connectivity, the lesser the likelihood of the system being up to date. Notice that the attack requires a Windows machine. On every other platform (including every possible Linux version), the attack will fail.
  4. Trust brokers are broken. Mc Afee site advisor did not report any problem with the website. Neither did Google's extension, or any other system that Sunnet Beskerming Pvt. Ltd. checked. So if you rely on a website to certify that your bank's website is hacker proof, you would be misled. Trust brokers are not trustworthy.
Clearly, Bank of India's website team is to be blamed here. They have failed terribly at their job of ensuring secure access to their customers. Bank of India customers should move to another bank for this reason alone. Money earns interest in nearly every bank. We choose banks either on convenience or on the perceived security of our money.

The larger blame is to be placed on all of us. We regard security concerns with ambivalence. When evaluating a financial service, we should expect them to provide a competent web interface. What good is an extra 2% rate of interest if the money is going to sit in some Russian's bank account?

I would highly recommend keeping your system up to date, and patched. While I realize that this is often difficult, it is critical if you are running Windows. As a larger argument, I would suggest not using Windows to access critical financial services. If Microsoft is not held accountable for its security flaws, then such attacks will continue. I would highly recommend using a Macintosh or a computer running Linux. For the attack to be successful, the Bank of India website has to be compromised, and your computer must be riddled with security holes. Once the website is compromised, you're on your own, and having Windows leaves you completely defenceless.

I visited the attacked website, and it is currently down right now. The malicious code has been removed, and there is no mention of it on the website. It says instead that "This site is under temporary maintenance till further notice. Kindly bear with us." If the maintenance is until further notice, how do we know it is temporary? Clearly they brought it down in response to the malicious code.