Wednesday, February 10, 2016

Ruminating on Usage based Insurance

Many Auto Insurance firms have started launching usage-based insurance (UBI) products - i.e. based on how much you drive (miles) and how you drive. These are called as PAYD (Pay as you drive) and PHYD (Pay how you drive) respectively.

Insurance firms typically ask their members to plug-in an OBD device onto their vehicles. The OBD device then syncs the data wirelessly to the backend platforms of the insurance firm.

Allstate's Drivewise program is an example of this. It was enlightening to know the various parameters that are captured by the device and transmitted back to the servers. The full list of parameters is available here -

Some of the parameters are:
  • GPS trail
  • VIN and Odometer readings
  • Hard Braking Events
  • High Speed Events
  • Acceleration Events
  • Vehicle Error Codes
  • A comprehensive trip report - seconds in acceleration, seconds in deceleration, miles driven in each speed band, constant speed miles, varying speed miles, etc. 
With the help of these parameters, an insurance firm can assign a 'Safe Driver' score for all their members and reward members for safe driving. There was another interesting parameter that could indicate if hypermiling took place :) 
Besides the OBD device, auto insurance firms need to invest in creating a scalable cloud platform to process this vast amount of OBD data. Technologies such as Big Data Analytics, CEP, scalable messaging and event propagation engines, next best action modules are integrated together to build such a scalable and modular UBI platform.

Friday, January 22, 2016

Combining NLP with Machine Learning

SAS has published an interesting article titled - 'Your personal data scientist'.  I have always been a fan of virtual assistants such as Siri, Google Now and depend on them for most of my day-to-day task management. We have also built some cool use-cases around using NLP for self-service.

The idea of building an NLP wrapper on top of your Analytics engine is a cool one and can have a plethora of use-cases. For e.g. A business decision maker wants to know the top 10 sales talent; the sales in a particular geography last quarter, etc.

We need to build an NLP front-end that can intelligently convert natural language text to queries that can be executed against the machine learning engine.

Netty at Apple Inc.

I was pleasantly surprised to learn that most of Apple's cloud services run on Netty.

Norman Maurer had posted an excellent presentation on how Netty is being used at Apple and how many of the extreme performance requirements were met.

There are more than 400 thousand instances of Netty at Apple; handling millions of requests/sec. Netty powers all popular cloud services such as iCloud, iTunes, Siri, Apple Maps, etc.

Tuesday, January 12, 2016

UX vs. UI

Found the following good articles that lay out the difference between UX and UI.

Snippet from the article -
"The intrigue is that a UX can exist and work very effectively having a poor UI. For example, you can have an application with a stunning design that is hairy to use (good UI, bad UX). You can also have an application that has a poor look and feel, but is very intuitive to use (poor UI, good UX)."

I have always been a fan of sketching and we often brainstorm on the whiteboard. The following link highlights the importance of sketching -

You can also download printer-friendly grid-based templates for mobile sketches -

Thursday, December 24, 2015

List of Prototyping tools

Found a good list of prototyping tools on

Liked the way they have compared the tools on various parameters :)

Saturday, December 12, 2015

PhoneGap vs. Cordova

Many folks are still confused on the distinction between PhoneGap and Apache Cordova. There are so many articles on the web that further blur our minds :)

I found this blog post on the Ionic site to be the most accurate comparison of PhoneGap vs Cordova.
Jotting down some snippets from the blog.

"PhoneGap is Cordova plus extra Adobe stuff. At first, the differences between Cordova and PhoneGap were minimal. But Adobe always had plans to build out a proprietary set of services around the PhoneGap ecosystem, and has started to execute on that plan with PhoneGap Build."

Building cool hybrid mobile apps - Lessons from Basecamp

Basecamp has successfully utilized hybrid techniques for building their iOS and Android apps. The following links are worth a perusal to understand the techniques they used.

PhoneGap on its blog has made an interesting distinction between two types of Hybrid applications -

  1. Web Hybrid: This is the default approach that PhoneGap takes. You package your apps as HMTL5/CSS3 and then run the app in a thin native web view container. All the UI controls are HTML or JavaScript controls.
  2. Native Hybrid: In this approach, you build a native app and use native controls for navigation, menus, etc. But most of the content pages are HTML views rendered in a web view. The HTML content can come from the local store or the server. 

Friday, December 11, 2015

Apple enforcing HTTPS connections using TLS v1.2

In iOS 9, Apple has implemented a new security feature called as ATS (App Transport Security), which is enabled by default.

So what is ATS? In simple words, ATS enforces all HTTP requests to be made on SSH - i.e. any API call your app makes to the backend servers must be on HTTPS. If you want to make an unsecured HTTP call, then you have to explicitly list down those exceptions in your Infoplist file.

ATS also enforces the latest protocol version of TLS - i.e. Transport Layer Security version 1.2. This can cause issues if your server is using HTTPS, but an older version of TLS. In such cases, you have two options - either upgrade your server to use the latest TLS protocol or add an exception to your app for these URLs.

More details on ATS can be found here

Thursday, December 10, 2015

Git vs GitHub vs GitHub Enterprise

A lot of folks get confused over the differences between Git and GitHub and use the words interchangeably. Also when folks talk about GitHub, it is assumed that it is only available on the public cloud and cannot be hosted in-premise.

Git is essentially a distributed version control system. It is called 'distributed' because we can use it locally and disconnected from the internet and then push our changes to another centralized repository (such as GitHub, Team Foundation Server, CodePlex, etc.) as and when required.
For a good comparison of centralized vs distributed source control systems, please read this blog post.

GitHub is a hosted service (public cloud) that can host your repositories and allows you to access your repositories via a web based interface. It is possible to use Git without GitHub, but only on a local machine. Hence in order to collaborate and work in a team, we have to use GitHub.
In the free plans of GitHub, we can create any number of public repositories, with unlimited collaborators. In the paid plans of GitHub, you can create private repositories.

GitHub Enterprise is the on-premises version of GitHub, which you can deploy and manage in your own, secure environment (private cloud).

Tuesday, December 08, 2015

Ruminating on the UX Design Process

Centerline has published a neat infographic illustrating the UX design process. While there are a  lot of UX related infographics on the net, I liked the simplicity and clear thought process of this one :)

When we create compelling user experiences for our customers, we follow a similar process.

  1. Gain a deeper understanding of the customer and the industry segment the customer operates in. Who are their end-customers? What is the market positioning of their product? 
  2. Based on customer segmentation, create personas and user journey maps. 
  3. Create a high level information architecture
  4. Create low fidelity prototypes (mockups) using Visio, PowerPoint, etc.
  5. After review, create high fidelity dynamic prototypes using tools such as iRise, Axure, etc. Work with Visual/Graphic Designers during this phase. 
  6. Once the application is developed, do a usability test using tools such as TechSmith Morae. Create a feedback loop for UX changes that gets incorporated in the next agile release. 
  7. Make sure that your UX team and Web/Mobile Analytics teams are working in tandem to resolve all UX concerns and improve the customer experience. 

Monday, December 07, 2015

Markdown and Pandoc

Over the past decade, the simple Markdown text formatting syntax has gained a lot of popularity. Many bloggers and web writers have shifted to using Markdown, though a few still use word processors or WYSIWYG editors.

A good introduction to Markdown can be found here -

John Gruber, the inventor or Markdown gives the below explanation for creating Markdown -

"The overriding design goal for Markdown’s formatting syntax is to make it as readable as possible. The idea is that a Markdown-formatted document should be publishable as-is, as plain text, without looking like it’s been marked up with tags or formatting instructions."

This is the reason that Markdown has become popular for web writers who publish their content on to the web or other digital channels.

Markdown text can be converted to HTML or many other formats (e.g. PDF, Word, etc.) using tools such as Pandoc. There are also online editors for Markdown such as, that shows you the formatted HTML side-by-side. Blogging platforms such as Wordpress have also started supporting Markdown syntax. Even the Ghost blogging platform supports Markup.

But  there are limitations on what you can do in Markdown when it comes to complex formatting. Hence the format allows you to embed HTML code inline whenever you want some complex formatting.

It's important to understand that Markdown is good for creating content, but would not be a good fit to be used as a generic purpose web site creation tool . As John Gruber says in his philosophy:

"Markdown is not a replacement for HTML, or even close to it...The idea for Markdown is to make it easy to read, write, and edit prose."

Pandoc can also be used for reverse translation - i.e. to convert HTML, Word docx files to Markdown format. 

Ruminating on SSL and encrypted URLs

Recently, a colleague of mine asked an innocuous question that was quite interesting. We all knew that SSL protects the URL and hence it is not possible to snoop details out of the URL - for e..g GET params, resource path on server, etc.

But if the URL is encrypted by SSL, how does DNS work? How will the DNS server route the request to the right server?

The way it happens is as below:

  1. When a HTTP client (browser / API client) makes a request to a HTTPS URL, it only send the server name part of the URL to the DNS server. For e.g. if you are making a request to, then the HTTP client would only send '' to the DNS server for lookup. 
  2. The DNS server responds back with the actual IP address of the server. 
  3. The HTTP client then makes a call to the server using the IP address. What follows is the SSL handshake protocol and a secure connection is established with the server.
  4. Then the HTTP server makes a request for the actual resource on the secure pipe/tunnel. 

Quite simple actually, if you break down the steps :)

Whitepaper on APIs - Digital Glue in the new economy

Recently I coauthored a whitepaper on APIs and the important role they play in the digital economy.

Link -

Saturday, December 05, 2015

Orchestrating Microservices using Event Driven Architecture (EDA) paradigms

If you follow the microservices architecture style, you would have a bunch of services running in their own independent process space.

But how do you orchestrate services for a given business workflow? For e.g. a business transaction that spans multiple calls to microservices.
Point to point integrations would result in 'Dependency Hell'. If each microservice calls the other microservice directly over HTTP API calls, then very soon we have a spaghetti of API dependencies.

One simple design pattern to resolve this is by using the EDA (Event Driven Architecture) paradigm. Each microservices does its job and then publishes an event. Other microservices subscribe to the event and act on it as necessary.

This pub/sub model results in loose coupling between the services and makes the system much more maintainable. A good blog-post covering this paradigm in more details is present here

Wednesday, December 02, 2015

Ruminating on the 'Infrastructure as Code' paradigm

Setup (installation and configuration) of servers and other infrastructure components is a tedious process.

In the olden days, process-oriented teams created meticulous documentation on 'how to setup a server' - typically in a word document with screenshots and step-by-step instructions.
Folks then tried to automate some tasks using scripts - e.g. unix shell scripts/bash etc.

But today, in a cloud-first world, setup of servers and deployment of applications need to be completely automated. The whole premise of 'Infrastructure-as-Code' is to write code in a high level language (e.g. Java, Python, Ruby) or a DSL (domain specific language) to automate the provisioning of infrastructure and managing configurations.

So this goes beyond just writing simple scripts. You utilize all the best practices of agile development projects - i.e. version control, unit testing, iterative development, etc. The whole revolution happening in DevOps acted as a catalyst in promoting the concept of 'programmable infrastructure'. In DevOps, the core concept of 'You built it, You run it' promotes closer collaboration between the development teams and IT ops team.

Popular tools such as Ansible, Kubernetes, Puppet, Chef, etc. can be used to automate your complete deployment cycle and help you achieve Continuous Delivery. 

List of Microservices resources

PaweĊ‚ Pacana has compiled a long list of 72 useful resources to learn about Microservices  :)

The link to the list of resources is here -

It's important to understand that microservices is an architecture style and follows many of the best practices and principles of SOA. In fact, IMHO microservices is nothing but SOA done right! :)

Microservices is an architectural paradigm of building systems as a suite of independent services, each running in its own process space and communicating with each other using lightweight REST calls.

I found Martin Fowler's talk on Microservices an excellent source of information for beginners to learn about microservices.
The YouTube video is available here -

Tuesday, December 01, 2015

Weird laptop battery problems and ridiculous solutions

Laptops suffer from so many idiosyncratic battery problems and have their own ritual of try-n-test solutions that appear so weird !

Recently, I was facing a unique problem on my HP pro book 440. The charger was connected, but the battery was not charging. The status showed - "Plugged in, not charging". I tried multiple options to rectify this - by removing and plugging in the battery, by restarting the machine, but nothing worked.

The following steps posted on HP forum finally did the trick.

- While the computer in running, disconnect AC from the outlet
- Restart computer
- After loading, reconnect AC

Hope this helps someone in dire need :)

Wednesday, October 21, 2015

Classification of medical devices by FDA

In the US, the Food and Drug Administration (FDA) regulates any apparatus involved in diagnosing or treating disease.

While we were working on an IoT enabled Diabetes Management Solution, we learned that the FDA classifies all medical devices into 3 categories  - Class 1 / Class 2 & Class 3.

  • Class 1 devices are low risk devices and have minimum regulatory control. For e.g. dental floss, lancets, etc.  These devices must be listed in the FDA's medical device registry, but do not have a stringent approval process. 
  • Class 2 devices have higher risk and need stronger regulatory controls. For e.g. blood glucose meters, test strips, insulin pumps, etc. 
  • Class 3 devices have the highest risk and therefore have the highest level of regulatory control. For e.g. heart valves, continuous glucose monitors, artificial pancreas, etc. 

Monday, October 19, 2015

Digital in brick-n-mortar stores

While a lot of attention has been given to online experiences in digital transformation, there are a lot of opportunities in enhancing the in-store experience in brick-n-mortar stores.

Google has published some interesting stats on the use of smartphones within stores here -

Some interesting stats:

  1. 84% of customers use their mobile phone in stores to help them shop. 
  2. Customers spend an average of 15 mins using their smartphones inside stores.
  3. Customers use their smartphones for searching for products/services - 82% use a Search Engine, 62% use Store website, 50% use Brand website. 
Thus mobile has the power to transform the shopping experience in stores. Also beacons can be utilized to provide location context sensitive promotions to customers. 

SweetIQ has put up a neat infographic that illustrates how beacons can be used to enhance the in-store digital experience. 

Friday, October 09, 2015

Managing Database Versions in an Agile Project

Today we have a robust set of tools for code versioning, CI and release management - for e.g. Java, .NET, Ruby web or REST applications. Examples of tools are Github, Hudson, Jetkins, etc.

But what about the RDBMS? How do we manage it across the various environments - i.e. from development to integration to UAT to production. A good illustration of the typical challenges is given here.

Flyway is a tool to address these problems. Using simple techniques such as a schema-version table and automatically apply db scripts (that follow a naming convention for sequence tracking), the tool can help any Agile project in managing RDBMS instances across different environments. It would also be a nifty addition to your existing DevOps tools. 

Sunday, October 04, 2015

Service Discovery Mechanisms in Microservices

In a microservices based architecture, we would not know the number of instances of a server or their IP addresses beforehand. This is because microservices typically run in VMs or Docker containers that are dynamically spawned based on usage load.

So consumers would need some kind of service discovery mechanism to communicate with microservices. There are two options to design this -

a) Server-side Service Discovery - Here the consumers make a request to a load-balancer/service registry and then the request is routed to the actual service end-point. This paradigm is clearly explained on this blog here. Examples of this design pattern is the AWS Elastic Load Balancer.

b) Client-side Service Discovery - Here the consumers use a small library for making service calls. This library makes calls to the service registry and obtains the load-balanced actual service end-point. Netflix uses this approach and its service registry is called Eureka and its client library is called Ribbon.

Saturday, October 03, 2015

Handling failures and improving resilience in microservices

In a microservices architecture, one has to build services that can handle failures. For e.g. If a microservice calls another dependent microservice that is down, then we need to handle this using timeouts and implement the Circuit Breaker pattern.

Netflix has open-sourced an incredibly useful library called as Hystrix to solve such problems. Anyone building large scale distributed architectures on the Java platform would find Hystrix a boon. When you make a remote service call through Hystrix libraries, it does the following:

  1. If the remote service call does not return within a specified threshold, Hystrix times-out the call.
  2. If a service is throwing errors and the number of errors exceed a threshold, then Hystrix would trip the circuit-breaker and all requests would fail-fast for a specified amount of time (recovery period)
  3. Hystrix enables developers to implement a fall-back action when a request fails, for e,g returning a default value or a null value or from cache. 
The full operating model of Hystrix is explained in great details on Github wiki 

It was also interesting to learn that the tech guys at Flipkart have taken Hystrix and implemented a service proxy on top of it called 'Phantom'. Looks like the advantage of using Phantom is that your consumers do not have to code against the Hystrix libraries. 

Ruminating on SemVer

Semantic Versioning (aka SemVer) of components has become mainstream today. The official page laying out the guidelines is available here -

Following SemVer, each component has a 3 digit version in the format of 'Major.Minor.Patch' - for e.g. 2.3.23
  • You increment the major version, when you make incompatible changes. 
  • You increment the minor version, when you make changes but those changes are backward compatible.
  • The patch digit is incremented when you just make a bug-fix and it is obviously backward compatible.
  • With SemVer, pre-releases can be defined by appending a hyphen and the word 'alpha/beta' after it. For e.g. a pre-release for version 3.0.0 could be 3.0.0-alpha.1. 
Following SemVer is a boon in managing dependencies between components. So if component A is using version 4.2.3 of component B, then you know that as long as version B does not become 5.x.y, there would be no breaking changes. You can specify dependencies in the manifest file of a component.

While using SemVer for software components is fine, does it make sense to have the x.y.z version in the URL of public APIs?
APIs are the interfaces you expose to your consumers. Do your consumers really need to know about the bug fixes you have made? or the new features you have added? Maybe yes or no !
IMHO, just using a single version number in your API URL would suffice majority of real life business usecases. For e.g.

A good blog post by APIGEE on API versioning is available here. As stated in the blog - "Never release an API without a version and make the version mandatory."

Ruminating on Netflix Simian Army

A friend of mine introduced me to the a suite of powerful tools used at Netflix for testing the resilience and availability of their services. The suite of tools is called 'Simian Army', which essentially is a collection of tools such as 'Chaos Monkey', 'Latency Monkey', 'Security Monkey', etc.

I was aware that Netflix runs its entire IT infrastructure on AWS and was happy to hear that all the tools are available on Github here -

A good introduction to the genesis behind these tools is given on the Netflix blog here -

Another interesting blog on the lessons that Netflix learned after migrating to AWS is available here.

Wednesday, September 16, 2015

Ruminating on Apple's DEP

Apple's device enrollment program (DEP) makes it easy for enterprises to roll out the deployment of their apple devices to their employees, agents, partners, etc.

DEP helps in automating the registration of the app to a MDM (Mobile Device Management) platform. The enterprise can also streamline the initial set-up process and modify it to suit their needs.

For any organization embarking on a mobile strategy, it is worthwhile to check if the selected MDM platform has support for DEP. 

Tuesday, September 15, 2015

Advantage of using Story Points instead of hours

Using story points for estimating user-stories in helpful because it encourages us to use 'relative sizing' and estimating the 'size of work' and not the real effort required.

Mike Cohn has given a good analogy by relating this concept to running a trail. Two people can agree on the fact that the trail is 5 miles long, but one may take 30 mins and the other may take 45 mins.

During the Planning Poker game, each developer is given cards with numbers 1,2,3,5,8 on them. Then the Scrum Master and Product Owner take the effort sizing from all developers to arrive at a consensus.

The Fibonacci scale is quite popular for estimating the user-story or epic size, as there is sufficient difference between the numbers to prevent confusion. For e.g. If the scale is sequential, then there would be a debate around sizing of 6 or 7 or 8. But a Fibonacci scale, makes it easy to relative sizing. 

Do we need a dedicated Scrum Master?

The need for a full-time Scrum Master is often a topic of hot debate in many Agile projects. Based on the numerous agile projects that we have successfully executed, I would give the following recommendations -

  • If your team is adopting SCRUM for the first time, then it is better to have a full-time Scrum Master. He would be responsible for ensuring that all agile processes are followed and everyone understands the rules of the game. The Scrum Master essentially acts as an evangelist educating teams on all aspects on SCRUM.
  • Once the teams have become comfortable with SCRUM processes, then we can have a part-time Scrum Master. IMHO, the technical architect or tech lead is most suited to play this role.
  • One of the main functions of a Scrum Master is to remove all impediments that the team faces. To be successful in this role, you need someone who can understand the technical complexities, business drivers and has a good rapport with the product owner. Hence architects are a good fit for the role of a Scrum Master. 
  • The Scrum Master also facilitates the daily Scrum and weekly Scrum of Scrums to facilitate collaboration across teams. He also leads the retrospectives and facilitates combined learning. 

Static code analyzers for native mobile app development

Listing down the tools used by my mobility team for static code analysis of mobile apps.

For iOS, the most popular tool is Clang. The default IDE (Xcode) also comes with a static code analyzer in-built in the IDE.

Sonar also provides a commercial plug-in for Objective-C that can be very useful if you are already using Sonar for all other platforms. There is another open-source Sonar plug-in for Objective C available here -

For Android, the most popular static code analyzer is lint. Lint integrates very well with Eclipse and Android Studio.

Facebook recently released a open-source static code analyzer for Android and iOS called as Infer. Facebook uses Infer to detect bugs in its Android and iOS apps. 

Ruminating on Less and Saas

CSS has been a boon to all web developers and allows for the clear separation of presentation from HTML markup. But CSS comes with it own limitations. For e.g.
  • CSS does not have the ability to declare variables. Hence if you want a color to be used across multiple element types, you have to repeat the color. 
  • CSS does not support nesting of properties. Hence we end up repeating the code again and again. 
To counter these limitations, there are new languages that have propped up that are known as 'CSS-Extension' languages. These languages support variables, nesting, etc. and make it super-easy to define themes in CSS.

Two of the most popular extension CSS languages are Less and Saas. These languages can be compiled into pure CSS language before being deployed to production. 

Sunday, September 13, 2015

Ruminating on the timelessness of the Agile Manifesto

I had signed the Agile Manifesto a decade back (in 2005) and was amazed to realize, how relevant the principle tenets are even today!

It is imperative for any software development project to imbibe the following principles to succeed -
  1. Individuals and interactions over processes and tools
  2. Working software over comprehensive documentation
  3. Customer collaboration over contract negotiation
  4. Responding to change over following a plan