ChetanPatil Testing

Category: BLOG

  • Work From Anywhere

    Work From Anywhere

    Photo by Avi Richards on Unsplash

    There is no denying that COVID-19 is testing businesses based on how prepared they were to enable employees to Work From Anywhere. One of the key factors that drives Work From Anywhere culture is the resources an employee gets that allows him/her to be as productive (in many cases more productive than working from the office space) and connected as one would be when working from an office.

    Sure, there are companies whose business type doesn’t allow Work From Anywhere. For example warehouse management, restaurants, grocery stores and many more. But the major test for these types of businesses going forward is to adopt a business model that is more geared towards remote management that minimizes human interaction (without eliminating human jobs) and without sacrificing profitability.

    Businesses that can allow employees to Work From Anywhere also need to provide the right tools. Those who work at the software and hardware domain already have access to many tools and must have also observed that 90-95% of the tools they use can also be accessed from anywhere.

    The post-COVID-19 world is going to be slightly different. It might just give free hand to employees as to whether:

    • They want to work a day shift
    • They want to work a night shift
    • They want to work any shift from anywhere

    If the answer is any shift from anywhere, then one also needs the right tools all the time. These tools are a combination of software, hardware, and connectivity. Software and hardware are provided to employees by default in by any company that encourages Work From Anywhere. Also, if one looks at the way of working in software and hardware domains then most of the tools are at the remote locations that can be easily accessed with the click of a button.

    Below is the list of a few things that I believe every (not just high-tech companies that can afford)
    business needs to provide their employees with:

    Hardware

    This is 101 if companies want their employees to Work From Anywhere. Without the right hardware with enough computing resources, it will be meaningless to expect employees to be productive. Given how affordable many of the smart devices are, this should not be a big issue for many companies. For many whose, companies by default provide laptops to work with might take it for granted by considering that same is applicable for other companies too. But given that providing hard assets to 1000+ employees also require a dedicated IT team to manage, it makes it more difficult for many companies to let everyone have such take home assets. This raises the need for affordable asset management. It is not that all employees should get laptops. If the work responsibility is different, then companies can move from laptops to pads to smartphones. It all boils down to what hardware resources are right for the job the employee is expected to do.

    Software

    Right hardware also needs the right software. If you are in hardware designing, you need the right software that is mainly living on the remote server. If you are in software development, you need the right IDE to work that and it may or may not need remote execution. If you are working in customer support, you need telecommunication tools. For doctors, they need patient management and diagnosis tools. For the restaurant business, it can be efficient delivery of goods.

    Connectivity

    Whether the resources the employee is accessing requires VPN or not, by default VPN should be a must and that also means need for robust internet connection. This enables secure connection and minimizes the risk of hacking. As of today, it seems many employees are paying out of the pocket of connecting the tools to start Work From Anywhere, but it seems like paid healthcare future employees may also demand Paid Connectivity as a requirement in their offers.

    For those who work in the tech industry all this seems like “we are already used to this”, but one thing many people don’t understand is when millions of people lose their job due to the pandemic, it also raises the question about how many of these millions of people can work remotely and still be an asset to the company.

    In the end it is all about right people working anywhere with the right tools.

    Anecdote:

    A few days ago, I had to get my account details with the internet provider updated. To do so, I called the customer support and a lady answered my call. 5 minutes into the call while she was in the middle of taking care of my request, I heard the background voice of a baby crying. The lady promptly apologized for it and I was quick to tell her that I understand.

    This made me think strongly: Has it always been that customer support employees were Working From Anywhere OR it is just COVID-19 that has made more and more people work remotely OR is it just that this particular employee signed up with the internet provider for remote assistance service due to lack of resources during COVID-19? Something to wonder about.

    It all sounds like a cliché, but this is how it’s going to be in post-COVID-19 world: Work From Anywhere.

  • The Last Enemy – Total Information Awareness

    The Last Enemy – Total Information Awareness

    Photo by ev on Unsplash

    There is no denying that all online activities are being tracked. Either by the governments, or by companies. Data is the future oil, and the more companies have it the better their chances of survival.

    There are several factors as to why it is so easy for companies to get the data and make money out of it. Below are the reasons that I think contributes to easy leakage of data.

    People Do Not Care About Privacy:

    • This is true, people use technology for convenience and 99% of the products which provide solutions that customers (We The People) desperately needs, then they are willing to give up their privacy.
    • On top, if it’s free and provides with solutions that everyone needs then privacy word doesn’t matter.
    • There are tons of examples of where this scenario is applicable.

    Products Can Not Be Trusted:

    • All the software out in the market: You can’t trust them when it comes to privacy and tracking
    • Real Life Scenario:
      • On my smartphone, location is disabled
      • Specific apps don’t have permission to use location when not being used
      • Many times after I park my car and walk out, I get a notification “Why worry about parking hassle when you can take Lyft”
      • This just shows how I simply cannot trust both the hardware (smartphone) and software (apps)
      • Also, there is no way to solve this other that using a brick phone

    Data Logs:

    • Delete words doesn’t exists and doesn’t opposite of what it should in software data world
    • Google Maps, without an argument the most used location app and by default it knows where you have been, how long you have been, what route you took where you parked, whose home you went to etc.
    • Google does provide options to disable logging of such information.
    • However, can we really trust such features? Does delete really means deleted because it’s not visible to us?
    • What’s if after deletion of data, it’s still retained forever? Facebook does.

    Privacy Tools Do Not Work:

    • One of the most preached tool to protect privacy and fight tracking (after encryption) is VPN.
    • Problem with VPN is that it’s like giving your data after paying for a service.
    • Yes, arguments can be made that VPNs don’t log your data because they say so.
    • However, this is simply not true as VPNs may save you from hackers trying to steal data but VPNs provides in no way can gurantee they don’t use your data to make money out of it.
    • This basically means (at least to me) that VPNs are surveillance tools too, just that it’s one that people pay for.

    All the above helps create Total Information Awareness systems that companies and governments can build easily without much effort. It will be fair to say that any product you use, doesn’t matter whether it is hardware or software, is in itself a Total Information Awareness tool.

    If you are more curious about privacy and mass surveillance, then do watch The Last Enemy which showed how mass surveillance works in modern era well before Edward Snowden went public.

  • Moral Machines

    Moral Machines

    Photo by Denys Nevozhai on Unsplash

    In 2018, Uber self-driving car under test in Tempe, Arizona was involved in a crash which unfortunately leads to the killing of a pedestrian. Last week, National Transport Safety Board concluded that it was Uber’s self-driving software’s fault (apart from various non-technical valid issues), as the autonomous software was not programmed to react to pedestrians crossing the street outside of designated crosswalks. This flaw (which Uber seems to have fixed now) raises a question about situations in which software, when not programmed correctly, can lead to more severe crashes.

    This reminded me of Moral Machine, a project at Massachusetts Institute of Technology, that creates extreme scenarios (similar to trolley problem) to understand human perception. The data collected points to the fact that every individual has a different perspective to the same extreme situations.

    This is interesting, as self-driving cars are designed and programmed to do what humans have been doing for over a century: driving the car. If people have a different perspective about a hypothetical crash situation, then how will an autonomous car react to such situations? How does software considers this?

    For sure, the programmers writing code for autonomous cars are smart enough to take all this into account, but with Uber’s technical flaw it surely means that moral machine concepts cannot be overlooked. There will be scenarios when the software will follow specific rules, and that may be safe.

    Moral machines concept is something to think about, as the industry is still far away from providing technological solutions that will make self-driving cars hardware and software do what human brains can.

  • Crowd Sourced Private Mass Surveillance

    Crowd Sourced Private Mass Surveillance

    Photo by Bernard Hermant on Unsplash

    Crowd sourcing is not a new concept and the term was coined around 2005. In nutshell, it allows individuals to participate and complete tasks that are part of a bigger project. Contributing crowd may do it voluntarily or get paid for it. The concept of crowd sourcing is great, as long as it’s used for good cause. For example:

    However, if crowd sourcing leads to surveillance that too a private one then one should start questioning whether the intentions are good or bad. I came across one such example after landing on Cyberwire podcast and it opened many other details that were new to me.

    The podcast talks about how companies like Digital Recognition Network (DRN) (and many others) are using crowd sourcing to capture every license plate out on the roads. DRN has created a surveillance database of 9 billion license plate scans. More than the population of the world. This all is possible due to ubiquitous cameras, participation due to crowd sourcing and Automatic License Plate Recognition (LPR) libraries like OpenALPR, an automatic number-plate recognition library.

    Technological advancement is good as long as they are used for good intentions like: Finding stolen cars, car recalls, locating cars for finance recovery, amber alerts, unregistered cars on road etc.

    However, things start to go out of hand when same database starts acting like a surveillance tool and that too for private usage. Yes, cars are everywhere out in open, but that doesn’t mean anyone (except authorized authorities like Police etc. with a cause) should be able to simply enter license plate number to find where all this particular car has been during its life. The worse that can happen is such data base is exposed or hacked and then linked to vehicle registration databases, eventually creating an Open Graph about all car owners.

    Another example of crowd sourcing private surveillance is digital doorbells, where all the owners intentionally or unintentionally are contributing to the data base that allows private policing.

    The major reason to write about this was to look at the other side of it and raise concern about Crowed Sourced Private Mass Surveillance.

    Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

    Benjamin Franklin
  • Semiconductor Fabrication

    Semiconductor Fabrication

    Photo by Mathew Schwartz on Unsplash.

    Samsung’s technical blog has series of articles on semiconductor fabrication. It covers majors steps from tape out to packaging. All nine parts of the series are not linked together, so I thought of creating a list that may help those interested in learning about semiconductor manufacturing.

    All the images below are from respective part of the series linked in the title.

    Part 1: Creating the Wafer

    Picture By Samsung

    Part 2: The Oxidation Process

    Picture By Samsung

    Part 3: The Integrated Circuit

    Picture By Samsung

    Part 4: Drawing Structures in Nano-Scale

    Picture By Samsung

    Part 5: Etching A Circuit Pattern

    Picture By Samsung

    Part 6: The Addition of Electrical Properties

    Picture By Samsung

    Part 7: The Metal Interconnect

    Picture By Samsung

    Part 8: Electrical Die Sorting (EDS)

    Picture By Samsung

    Part 9: Packaging and Package Testing

    Picture By Samsung
  • Building A World Around Passwords

    Building A World Around Passwords

    Photo by CMDR Shane on Unsplash

    Microsoft has massive plans to let user access its services without having the need to use passwords. In the latest preview build of Windows 10 they have taken giant step towards doing so. As internet user and usage grows year on year, many companies are following the similar approach.

    After being an internet/system user for last two decades, I believe it’s nearly impossible to access systems without passwords. I will be super surprised if password less systems can be created for mass usage. More than creating password less systems, what is required is how to make systems more secured by creating easy to use tools around passwords that add second layer of authentication. It is also important to ensure that such additional authentication system don’t end up being too complex to use, otherwise user adoption will be slow.

    Based on personal tech usage experience, if multi-authentication mode of accessing system is complex like asking codes every time a user logs in, not getting the code due to network issue or locking user out completely for sure will not attract faster adoption. Troy Hunt has written an article on how second authentication mode should evolve around passwords. I do agree with most of his points, but it seems for now only big tech giants like Microsoft, Google, Apple, Amazon etc are able to implement such solutions for its users. It’s very critical to bring such solution across all the services irrespective of the size of business. This will also ensure faster adoption of multi-authentication mode.

    I am in strong favor of TPM that is embedded in the hardware. Companies need to find a way to store keys in these TPMs, which will ensure that user is able to access systems/services only from set of registered devices having TPMs. This may invite trouble but I think it will be more robust than software tokens and way better than asking users to use another hardware than can get easily lost.

  • Who Is Winning Facial Recognition Tech?

    Who Is Winning Facial Recognition Tech?

    Photo by Warren Wong on Unsplash

    The answer to above question is straight forward, it’s China. In this article, I want to summarize how China is doing by separating it into three categories: The Good, The Bad and The Ugly.

    The Good:

    China uses the facial recognition tech to provide citizen with services. For example, if you are running a marathon and need your pictures to be clicked, then you simply sign up for services that will facially recognize you and send all your digital copies at the end of marathon. This is very simple and at the same time very complex service where China scores. I have to say China scores instead of a specific tech company, as most of the big giants in China do have government backing, without which they can’t provide many services that requires digital tapping.

    Another example is easy access in and out of parking lot.

    The Bad:

    Social Credit System is reputation based system being developed in China to replace the Credit Reporting System to rate its citizens. Using this information, government can literally blacklist people from specific government services like driving license based on how you are driving!. This not only requires tapping into every aspect of citizen’s daily activity but also to bring together surveillance based data that usually will require facial recognition.

    This way China is able to bring two systems together to create very robust surveillance infrastructure. Such services are neither good nor ugly, but bad to those who aren’t going to be liability. This is exactly what even an episode of Black Mirror showed.

    The Ugly:

    The ugliest usage of facial tech in China is 24×7 surveillance. Whether you are a citizen or just a tourist in China, you are being watched 24×7, tracked and followed by cameras everywhere to ensure you aren’t a threat. Though it makes sense to do this in order to provide a safe environment, however the major issue with this is that privacy is no where to be found. Everything you do is being logged. Add all the digital traces in form of digital payments, internet activity etc, and you get a near perfect Total Information Awareness.

    On one hand China wants to provide services using facial tech and on other hand it also wants to tap into everyone’s daily activity? What do you think about this? I think India is also heading towards similar system.

  • Smart Speakers With Smart Processors

    Smart Speakers With Smart Processors

    Photo by Paul Esch-Laurent on Unsplash

    Hardware plays crucial role in product success as much as software does. Smart speakers are getting lot of traction and every big tech giant with smart assistant is fighting to get hold of this market share. Part of the reason is to get the services delivered using a different medium, however major goal is to get hold of the data that can be used to make algorithms better to provide much personalized services.

    Amazon Echo was one of the first devices to bring smart speaker solution. It kick started race and Big-5 (Apple, Amazon, Google, Microsoft and Samsung) started gearing up to get similar solution out. Amazon never had success in smartphone business, but it got good traction in smart speaker domain due to seamless connectivity to the e-commerce, video and music database it created over two decades. On other hand, other four of the Big-5 have strong hold on smartphone domain and they rely on it as a device that provides smart assistive services. Due to the potential business opportunity, rest of the Big-5 have also launched (some in process) similar hardware solution. Hence, I decided to take a quick look at what type of processors each of the devices from Big-5 is using with help from iFixit.

    Echo By Amazon

    Amazon Echo uses Texas Instrument’s DM3725CUS100 Digital Media Processor (marked in red), which provides a reliable low power ARM processor solution. It is a single core which I think is good enough for such domain specific device. Also many of the functionality used by Echo is voice based so it also helps to have a DSP.

    (Image by iFixit)

    Home By Google

    Google Home comes with Marvell 88DE3006 Armada 1500 Mini Plus (marked in red), which is a dual core ARM. As per iFixit it’s similar processor used in Google’s Chromecast device. This make sense as it is cheaper to port similar solution in another form factor as long as it does provides the solution required.

    (Image by iFixit)

    HomePod by Apple

    Apple recently announced HomePod smart speaker. As is the case with every Apple device this, it uses home designed solution Apple A8 APL1011 SoC. Similar to Google it’s re-used from other smart devices from Apple.

    (Image by iFixit)

    Harman Kardon INVOKE by Microsoft

    Microsoft hasn’t designed the hardware for INVOKE smart speaker by Harman Kardon, but they have powered it up using the Cortana virtual assistant. iFixit hasn’t done a tear down on it, so I will skip details on this device. I expect it to run ARM only, what else?

    Galaxy Home By Samsung

    The last on the list is Galaxy Home. It’s not out in the market yet, but Samsung has announced Exynos processors for smart speakers which they are hoping will not only be used by them but also by other companies in smart speaker domain.

    Conclusion

    At the end the form factor changes, but the processors inside them remains similar to smartphones. It will be good to see how the hardware aspect of smart speakers change as newer versions of new products mainly HomePod, INVOKE and Galaxy Home are launched.

    Samsung and Apple do have an advantage as they can use in house hardware design capabilities to make system more efficient and reliable. On other hand Google, Microsoft and Amazon have advantage on software side due to the huge data they have. It will all come doing to who uses the best of both software and hardware world for such a domain specific device.

    I am also expecting all the music hardware giants like Bose, JBL and Plantronics to follow smart speaker/device trend which eventually plays in hands of processor companies like TI, Marvell and Samsung.

  • Top Semiconductor Resources

    Photo by Alexandre Debiève on Unsplash

    If you are looking to keep track of semiconductor industry then here I am listing few resources that provide good insight into this industry.

    Top Semiconductor Resources:

    • The Linley Group:
      • Linley Group is the best resource to get 360 degree view of semiconductor industry. They publish semiconductor focused reports that cover range of products and domains. The only (big) caveat is that the reports they publish are too costly. So, unless your institute or employer provides access to you it will be very difficult to access it. But there are few resources that are open to all and can really help you gain insight into different semiconductor domains.
    • ChipDesign Mag:
      • Articles from ChipDesign Mag (CDM) are very technical written by leading domain experts. It really helps in understanding all products that are out in market and how they are enabling change. They are also part of some of leading technical conference that helps connect industry and academia. One thing I don’t like about this resource is the website design.
    • Solid State Technology:
      • If you want to learn about manufacturing aspect of the semiconductor then Solid State Technology (SST) is one of the best resource. They also back yearly The ConFab which connects industry experts in manufacturing. Manufacturing is costly and very important part of semiconductor and this is where SST can help you.
    • Semiconductor Manufacturing & Design:
      • SMD is part of SST but focuses more on technical aspect of manufacturing rather than how to of manufacturing. This will provide you good understanding about how design meets manufacturing.
    • Tech Design Forum:
      • Tech Design Forum (TDF) is very different from all above resources. They publish technically very accurate articles. You won’t find them on social media or any other places, but if you read the articles they have on Electronic System Design and Manufacturing (ESDM) then you will realize how good this particular resource is.

    Summary:

    If you want to learn about semiconductor manufacturing go with SST. Later, if you want to understand technology behind manufacturing of these products then read SMD. To gain insight into semiconductor products check CDM. For anything ESDM, TDF is best. Lastly, if you are from management side and into semiconductor go for The Linley Group.

  • Two Factor Authentication – Hardware vs Software

    Two Factor Authentication – Hardware vs Software

    Photo by NeONBRAND on Unsplash

    Two factor authentication (2FA) is a type of multi-factor authentication that allows users to secure any type of account using a second authentication apart from the regular password protection. 2FA has been around for a long time and received mixed reaction from security researchers.

    With growing number of internet and smart device users it is becoming increasingly important to take 2FA seriously. Let’s take a quick look at types of 2FA, which I have separated into hardware and software depending on where the second authentication code comes from.

    Software 2FA:

    • Software 2FA (S2FA) is straightforward. Any website which supports S2FA will first walk user through account creation which requires password (first authentication). Then it will provide three options:
      • First: Register cell number in order to receive unique code via SMS or a phone call whenever a login attempt is made. Only after entering this unique code user can access the account.
      • Second: Application will ask user to install smartphone app like Duo Security or Google Authenticator. Using the app scan the QR code shown on screen and this will register account with the app. On every login attempt this app will generate an unique code that needs to be entered after password authentication. This works even without internet connection.
      • Third: Skip both the options and have only single authentication mode i.e. password.
    • If the user has S2FA and doesn’t have cell network or smartphone with him/her during login attempt, then backup codes can be used.
    • These codes can be generated using account settings. Each backup up code expires as soon as it is used. For best practice, always generate and save new ones as soon as first one is used.
    • Below video explains above scenario:

    • Pros of S2FA:
      • Protects account from hackers.
      • Allows users to trust the website or application providing such service.
    • Cons of S2FA:
      • I personally think S2FA is very complex process for people who aren’t good with computers.
      • For Android devices SMS based 2FA (the easiest to setup for anyone irrespective of age or fluency in using smart devices) is most vulnerable due to the Android feature that lets any application read SMS stored in the messaging app. Thus allowing hackers a backdoor to these SMS codes.
      • Most likely this is the reason why banks don’t trust this option.

    Hardware 2FA:

    • Hardware 2FA (H2FA) is very similar to S2FA, however the 2FA is generated using a hardware rather than a software.
    • There different ways to setup H2FA:
      • First: Many laptops for long have provided finger print reader option. If fingerprint reader is available, then for the account with this feature user can register biometric to login as 2FA. This isn’t widely used for online websites, but mostly for logging into hardware devices like smartphone or PCs.
      • Second: From laptops to smartphones we have high resolution cameras. Many companies provide APIs that developers can use to access cameras as 2FA. For Apple devices there is Face ID. Microsoft provides Windows Hello. Face recognition for Android is under development. This option uses face as 2FA with help of camera.
      • Third: Security key is a piece of hardware that has electronic chip which has unique code inbuilt. Any application that supports 2FA using a security key will look for the registered key. If the key is found in USB port or via Bluetooth connection, then user will be allowed to access the application. Google strongly supports this option for enterprise based on their in house research.
    • If H2FA is setup and user doesn’t have access to 2FA devices, there is an option to use S2FA. Application for sure will force user to setup S2FA as a backup during H2FA setup.

    • Pros of H2FA:
      • Must more robust than S2FA.
      • Difficult to fish user as the hardware device has to be nearby.
    • Cons of H2FA:
      • Costly for regular user.
      • Many dislike carrying another hardware even though it can act as key chain.

    Future of 2FA:

    • I am in strong favor of H2FA. Instead of having to carry another piece of hardware, I would prefer if these keys can somehow find place in motherboard. This way applications can access and register keys using APIs. I understand this will not allow portability, but this idea can be improved.
    • Face ID is really good along with Windows Hello. With Google gearing up to bring face recognition to Android, it is fair to say that this is going to be the de-facto in near future when it comes to S2FA.