Harry's Tech Space

Read my experience with different products and technologies.

Things to read for this weekend

Personal Finances and Investing

  • Investing in shares HURT badly – Subramoney – Explains the churning one must go through to be an equity investor. The pain one encounters in holding off and selling equities. Remember in equities no pain means no gain.
  • Women wake up! – Subramoney – Article focuses on what all needs to be done by other half of personal finances. This covers the basic ground of what needs to be taken care by men as well as women when planning for their finances (PS: Its applicable for both.).
  • What You Need to Succeed in Investing (Hint: It’s Not Genius Brain) – Safal Niveshak – A discussion kind of setup to explain basics of investing. Explains why investing is a marathon not a sprint.


  • Why do Hindus prefer birth anniversaries to death anniversaries? – Devdutt Pattanaik – It tells about religious underpinnings why birth matter more than death. the memory of death inhibits progress, and idea of moving on, hence death is considered as inauspicious. The auspicious direction is the east (purva) from where the sun rises. The auspicious orientation is the north (uttar) where stands the still and permanent Pole Star.

Analytics, Social Media, Marketing


Social Media Marketing: The Art of guerrilla selling

Social Media Marketing: Guerrilla Selling

We come across people trying to sell us various things. Since every organization survives on its goods being sold, marketing and sales become very important parts of an organization. As sales become important for survival, it also poses a moral hazard. The hazard is of people trying to sell the products at any cost. Here in the dark part of marketing too comes into picture. This article is my attempt at focusing on dark part of social media marketing I encountered recently.

As the social media is ubiquitous, a marketer would be tempted bring brand awareness about client by posing in as a normal customer asking questions just to find loophole to slip in his product recommendation. I call this as guerrilla selling(term coined by me) because It uses trust posed by fellow members on the marketer. This mild cheating tactic of social media marketing is used to build awareness and is not for getting a conversion.

Marketing: What it is?

3 Things are important in measuring effectiveness of Marketing campaigns. They are reach, engagement and conversion. So a company based on its campaign goals tries to maximize one of the above 3 things. If a company wants awareness to be built it will focus on maximizing reach and engagement. If sales is important then conversion process is made smooth, and reach and engagement are made to feed into conversion. So in totality its the campaign goal that defines even the medium for campaign and what needs to be done.

After the goal is set, the medium comes into play. It can take the form of Social Media Marketing Campaigns, or Search Engine Marketing Campaigns, Display Advertising Campaign etc..All these campaigns have different characteristics making them suitable for different goals. Guerrilla Selling is dark part of social media marketing campaign.

(See Also: What is guerrilla marketing – wikipedia.)

Bad Social Media Marketing:

The guerrilla selling is part of unethical practices of marketing. This tactic leverages the trust placed on members to misuse them for promotions. For example, Deliberately asking questions on ULIPs in personal finance groups when intention is to bring awareness about the product.

Leveraging the Trust Dynamics

In social media groups formed with particular themes, there will be a captive audience receptive to particular message. In case of personal finance groups it will be receptive to financial products. The marketer deliberately asks questions so as elicit views from the members about the particular problem. Once views starts pouring in, the marketer will go though it engaging the members and slowly planting the seeds of message he needs to put.

Since the members when sharing the view consider other person as another member and give honest reccos. Whereas marketer in member clothing is more interested planting seeds of his message. This leads to conflict of interest as the marketer is expected to be unbiased.

The bright side:

Since marketer is posing in member clothing, if he is not caught out he will be able bring awareness about the product at much cheaper costs compared to costly advertising practices. Also due to involvement of members it leads to increased engagement. This marketing mechanism treads the path of unethical behavior hence keeping the cover intact is important. The intact cover also helps in increasing the reach as members may view message at later point of time.

The Prey:

The idea of planting message without cover being blown is very old tactic and also reason behind growth of religions around the world. The major shield for the victim will be his own awareness about the thing. With Internet being wide and big, its better to increase the awareness constantly with the help of it. Its also better to build pipeline to feed oneself with conflict of interest free knowledge to guard against newer threats.

The next line of defense to protect him will be in the company of real “conflict of interest” free experts. The experts will guard the person from smaller ignorances he might be harboring. So as a human, our best advise is to spend in th “society” of experts. If a marketer does DNS Poisoning kind of moves in social media, this society of experts will call the bluff quickly to thwart the attack.

Hope you enjoyed the article. Stay safe by investing in your own awareness.

The dawn of new era in SKDRDP website


Change is only constant in this world. Till 19th April 2017 the SKDRDP site was in its fresher university graduate version with HTML structure. The only professional feature in was that it was built on Twitter’s bootstrap framework to give proper mobile and tablet optimized view. Compared to its predecessor website this one didn’t set meta viewport with fixed width. The viewport sets the width of the web page it is supposed to be rendered. Since viewport is not set the site can ask width from the browser and render itself according that dimensions. This along with HTML 5 tech made the site much more bearable than its previous ones as it rendered according to device. Despite the major professional feature, the site still felt lacking more power. Also I hated the idea of using FTP client to push the local draft to the server every time a change was made.

(Read moreHow I built SKDRDP site from scratch. A Chronicle on bootstrap version of site.)

The site due to its professional bootstrap framework helped me in running it from Diwali of 2014 till April without much hiccups. Unlike codecademy course that tipped me in building it, this time it was sites of our subsidiary Jana Jagruthi and Bhajana Kammata that blazed the path for the CMS powered site. Also my personal experience in running my own WordPress site and SKDRDP’s blogs gave me an idea about what to expect from the CMS’s. Compared to HTML I did  find these CMS’s to be more restrictive, but they also opened the world of plugins and widgets which could accomplish complex things effortlessly without requiring extra coding knowledge.

For me the site’s journey can be split in 3 time zones. The prologue gave important learning which has lots of bearing on the current site. The present chronicles the capabilities of the site, and current trends. The future projects the trend to tell where the site should go.

1. The prologue:

Every site has 3 levers that control it. The first one is its domain panel where you set parameters regarding name servers, domain records and other domain management things. The 2nd lever is site’s cPanel. This one manages server’s hosting environment. The 3rd lever is of site’s CMS system. If it doesn’t have CMS then it will be FTP controls.

In the initial years due to my own inexperience the cPanel and domain controls were not accorded much importance. With building of website of Bhajana Kammata in  month’s time, I came to know what all can be done if one controls all the 3 things. Domain controls security aspects of site too, as one needs to order for Static IP for SSL certificate from here only. cPanel is place where one installs certificate after its issued. After these 2 only one can enable SSL on his CMS. Similarly lot of things like CDN, Caching require one to use these 3 things excessively.

(Read moreThe levers that control your website. Explanation of above concept.)

1.1 Website’s Data Era: Analytics

The next thing after taking control is setting up of monitoring systems. The monitoring system of site visitors is called as Analytics. Google is one of the famous provider of that service. Analytics helps webmasters like me to  understand visitor dynamics over various metrics and dimensions. In short metrics are numbers like bounce rates, visitors, time on site etc… Whereas dimensions are context specific and shows based on report. In case of geography report various dimensions will be different countries a visitor belongs too. In case of traffic source report dimensions will be referrals, social, search, direct etc.. Analytics requires one to place the tracking codes on each page of the site. Since CMS have powers to create pages on the fly, plugins are needed to make this easier.

(Read moreDecision Making and Google Analytics. Explains various features of this profound tool)

1.2 Social Era: Building Social Media Infrastructure

Once analytics is set up and running properly the next one to come is communities and followers of the website. For this a social media strategy needs to be in place. For that website content need to be made shareable. Which  means images must be of higher quality. There has to be compelling headline and some excerpt accompanying article, which would display on social media sites and search engines. And not to mention role of share buttons play in this regard. This sets basic social infrastructure on the website.

The social media picks image called featured image for display on their sites. This image is the representative image for the article, hence it has to be appropriate. One can use high quality stock images too for this featured image. Since its featured image, the resolution and quality of image cannot be skimped at all. In an article, first impression is always made by image featured and the title of story. This quality constraint of website means images shared on whats app or ones pasted in word document will always become low quality images to be featured images. This also results  click not happening at all despite compelling headline and excerpt.

After the image and headline it will be excerpt that decides whether user wants to read or not. Hence its worth while to get the first impression right by featuring a high quality image, a compelling headline and a custom drafted excerpt for the article. Note that Yoast SEO plugin allows custom excerpts for the different networks like Facebook, Twitter and Search Engines. Once can write custom excerpts for article by using excerpt dialog box in WordPress. if its not displaying then use screen options drop-down in new article window to display this box.

2. The present:

As described in previous sections. The major learning were controlling 3 levers, analytics and sharing friendliness. All these things were present in past site too. The presence of above 3 factors aided in brand building of SKDRDP. The current site now shows off a full sized images, sharing is easy for blog articles and success stories. All these things have some underpinning for being there. Without further ado lets dive into rationale for larger images, call to actions etc..

2.1 Role of Websites and Analytics

Many companies view website as dummy information source, a white elephant, expense center. But in reality, its an asset in social terms. If a company needs to build its credibility its expected to have its own up to date website. In internet world website is the face of the company. Social Media add digital marketing arm to a company along with website. Websites having blogs are considered as engaged in content marketing, and shows off soft-skills a company has.

Since website is part of marketing campaign, like every marketing campaigns it should be tracked for effectiveness. And in tracking the things that play important role are the campaign reach, campaign engagement and campaign conversion. Likewise a grand purpose every campaign has relative importance given to reach, engagement and conversion metrics. For example, if campaign wants online sales to be maximized it needs to focus on conversion numbers. If building awareness about the company is important then reach has to be higher. The tool used for measuring these is analytics package. But the first thing is defining problem statement – what you want to achieve.
In case of SKDRDP website, It was set way back in March 2014 to increase the reach.

Reach of website and that of company grows only if it gets visibility in mediums that have larger audiences. The mediums can be paid mediums, owned mediums or influencing mediums. Example of paid medium is advertising medium. Owned medium can be blogs, news letters etc… Social media is type of influencing medium, even search is another influencing mediums. Apart from medium it needs to be focused that awareness building requires retention of the user on the site. So the analytics is used to make things friction free for the user.

2.2 the game of Images, CTA’s

Analytics can help you tell about friction points in user experience. But there is one such thing which is always visible and done very badly by novices. That mistakes happen in images and call to action aspects. In a quest to reduce image sizes novices reduce the resolution to such an extent that microscope is needed to view the image. Also novices totally ignore the Call to Actions on images which is the thing that generates all the engagement on the site.

apple website

If one observes all the big websites be it of apple, or amazon or others. The first thing they see is a large image covering the face of website. The image contains a small Call to action to get the person act on it. This CTA and large images have set themselves as standards for websites. If an image is too small, it will look ugly and pixelated on larger screens. Images sent from whats app and MS word suffer from this problem. To manage the size of images, these programs chop off the quality. The site image must not fall below Full HD resolution i.e. 1920 x 1080 which is impossible to get on apps like whats app, MS word.

2.2.1 Image thumb rules:

To aid people here is list of thumb rules to be observed with images:

The images sent has to be directly taken from camera and editing must be done by person supposed to post it to the site or his team.

The person taking image must only ensure image being taken is not shaken up badly making restoration of it difficult. This rule doesn’t apply for professional photographer.

Images are better shared to the web manager via dropbox, google drive or by mail attachments. Things like Facebook, Whats App, MS Word should not be used at all. Internal company tools for sharing are most preferred if they don’t alter the images.

Facebook, whats app, flickr, google photos,twitter are better mediums to reach end consumers of images and data.

Whenever images goes thorough a conversion it always loses some quality. hence its best to avoid conversion of image into other forms in inner works and transfers. Some image conversions are – image file to website image, image file to printed photo, image file to whats app photo(highest loss of quality), printed photo to scanned image.

2.2.2 Call to Action (CTA):

The CTA is also an integral part of website. It can be used to inform the visitor, or make him buy your product on your site, and many more. Every professional website has it, and every novice website doesn’t have it. If site is for information purpose then CTA will normally be embedded in the image itself. If site wants to drive an action on the site itself, then the CTA will be separate from the image and highlighted – to make the user conduct the action. And as quoted earlier the CTA to put comes from what one wants to achieve with the site i.e. vision statement.

3. The future:

In the previous section I explained about role images, CTA and analytics play in the website. These things lay a solid foundation for engaging the visitors of the site. But often times we want our site to advertise and sell our products too. The roles of advertising and e-commerce will bring out additional complexities in site design. The pre-requisite for e-commerce is HTTPS being enabled by default. It also helps in getting the site being HTTP 2 compliant leading to faster site. Advertising and e-commerce being more important branches, even analytics focus on these aspects too. The Goal tracking is an analytics feature which is used for digging deeper into e-commerce sales funnel.

3.1 The advertising play:

The advertising has 3 players in the fray. The Advertiser, The Publisher and Ad Network. In case of company blogs they do not carry advertising but they might be keen to host images of products of their on their sites side bars and related content etc.. to boost visibility. So in case of company blogs, the advertiser and publisher will be the same, hence they wont be needing an external ad network. If the above 2 are different then only ad network is needed. One such example of ad network is Google Ads. Under Google’s Adsense program a publisher can allow google ads on his site. Google in that case will manage ads on that site by displaying ads of advertisers who have signed up on it ad network via its AdWords program. Similarly sites like Bing, Facebook, Twitter too have their own ad networks to manage ads.

The billing of of ad networks also varies a lot. Some charge for every click received on the ad called as Pay Per Click (PPC) model. Some bill based on impressions i.e. displaying of the ad. Its called as PPM – Pay Per 1000 Impressions. M in PPM is based on roman letter for the number 1000. Since these ads require one to pay for acquiring the customers this falls under purview of Paid Media. Also this paid media which is accessed by an ad network also has really good click through rates, making it ideal for e-commerce sellers. Ads on these networks are categorized as Text ads and Display ads(image ads). Normally text ads have PPC billing and Display ads have PPM billing.

Normally companies advised to be signed up as advertiser on ad networks despite having their in-house content marketing platforms. Its so because the digital advertising provides a much better click though rates.

3.2 The commerce on internet – e-Commerce:

Before beginning on e-commerce, its important for the sites to implement a robust security infrastructure for the website as it involves real money being used in transaction. Its recommended for e-Commerce sites to have HSTS and HTTPS enabled to prevent troubles. HSTS stands for HTTP Strict Transport Security which enhances security level of HTTPS protocol. The word HTTPS stands for Hyper Text Transfer Protocol Secure. With these 2 implemented, an e-commerce seller could go knocking on doors of payment gateway.

(Read More: Website loading: Basics of Authentication and Encryption – Part 2. Explains about security)

The work of payment gateway is to link the e-commerce seller to the customer’s bank. And this entire process of making 1 transaction happen is a series of handshakes, and the entire transaction would fail if one of handshake fails. To visualize this process, when a customer enters his bank details and checks out the seller first sends the bank details to payment gateway. Then payment gateway redirects customer to bank’s server for customer to log in. After logging in transaction processing server processes the transaction and gives transaction confirmation message which is passed all the way back to the seller. If one has experienced e-commerce transaction he would know a timeout or error any 1 of this step would lead to entire transactions being failed. For this service the PG’s charge money for transactions routed by them to sellers.

3.2.1 Goals and conversions:

Since the transaction process happens on external websites, analytics will focus a lot on check out and thank you pages for goal tracking. These pages mark the end of sales funnel and carry a monetary value for each transactions. Its also considered as successful conversion as session which started by logging in to the website ended in converting into sales. In this regards analytics packages help one to identify hard and soft conversions.

When a user is supposed to be made aware of product in marketing terminology its called as generation of lead. soft conversions measure these leads. Events or URL tracking can used for soft conversions. Its also ideal to assign a value for soft conversion called as goal value. Some soft goals can be signing up for news letter, using a promotional voucher etc…

A hard conversion is like actual sales which is supposed to have a direct financial impact. In case of banks this goal will be of closing loan account by paying off last EMI rather than loan disbursal. In case of e-commerce seller it will be thank you page which is loaded after transaction is completed. The value attached to successful sales is normally set to be the sales amount of transaction. Also a hard conversion can have a sales funnel to track how users are proceeding with the sales process. In this each step of the process will have a goal attached to it.


In this we read about making sites mobile friendly, analytics, role of social media, the game of images,CTA, advertising, and e-commerce. All these are considered as basic building blocks of a site. Unfortunately these things are not part of university curriculum. Hope you enjoyed reading through this huge article which gives the bird’s eye view on the world of websites.

AIFW Personal Finance Planning Steps

Here is Personal Finance Planning steps that would help you in managing your finances. These Personal Finance Planning Steps are from the Personal Finance Guru Ashal himself.

How many of you do agree that your personal finance life is cluttered, complex, aimless?
Answer in only one word.Either Yes or No.
Thanks to everyone who answered.
Congratulations to all who answered ‘NO’. You people are having control of your financial life. Congratulations to all, who answered ‘YES’. Thanks for accepting that you need to take actions to control your financial life.
Action plan. Here it goes. It’s not only for YES, even NO can fine tune their lives. Now here are steps to get control of your finances.

  1. Make a list of all your investment and assets and liabilities. Once it’s done, reply in your own YES.
  2. Step 1 was about knowing, where do you stand today in terms of your assets , investments and liabilities. Are you having a positive net worth or a negative net worth?
    Here goes, Step 2.
    If not listed already, list down all your bank accounts and decide to cut down your total no. of Bank accounts. Once identified, mark the activity as 2. Done.
  3. Here comes the step no. 3. Identify your emergency corpus is in place or you are working on it with a plan. Say having 6-9-12 months’ expenses equal money to be kept as Emergency corpus. Mark your step as 3.
  4. Here comes step no. 4. Write down all your future goals. Put them in different time frames say, 0-2Y, 3-5Y, 5-10Y, 10Y and beyond. Put value for each goal, assuming if this goal is yo be done in 2017. Compare the combined number of all goals with your net worth, calculated in step 1.
    Now inflate your numbers for actual consumption years like 2020, 22, 25, 30 & so on.
    Mark this activity as step 4.
  5. From the comparison of your net worth and current cost as well as future cost of goals, you are aware now that there is a shortfall of money. This short fall is to be filled by your Term Plan. Identify your term plan need and purchase adequate term plan, if not done already. Marked your step as 5.
  6. Here comes the next step. Step no. 6. Please identify your health insurance need and make sure your personal policy(ies) covering you, your family and parents is(are) in place. If not purchased already, sort out your insurer today and purchase. Mark it as 6.
  7. Here comes Step no. 7. Go back to your goals counted in step 3, calculate, how much do you need to invest on monthly basis for each individual goal, at different rates. Say 4% rate for a 0-2Y goal. 5-6% rate for 3-5Y goal. 6-8% rate for 5-10Y goals and 8-10% rate for 10+Y goals. Mark your step as 7.
  8. Now moving to Step 8. Based upon your goals, decide your asset allocation between Debt, Eq and cash. Select investment instruments accordingly. Mark your step as 8.
  9. Here is the step no. 9. Write down your Will. Mark it as 9. Done.

So here is list of steps you can take to plan your personal finances.

For any instrument safety is determined by knowledge of underlying risk.

-Pattu Sir, Freefincal

Headlamp types and Portfolio Types

Portfolio Types like Headlamp Types

(Image Credits: Team BHP)

The headlamps of vehicles come in 2 varieties, one is reflector types and other one is projector type. In reflector type the reflector reflects light falling on it, by light source. The light source is infront of it, and reflector arrangement is nothing but concave mirrors sitting behind the light source. They reflect light falling onto road, giving illumination for the rider. In case of projector beams they instead of reflecting, concentrate the beam onto road. Here instead of mirror a lens is used. The lens makes it important for the light source to be behind it. These 2 are major lighting techs we have.  Similar to these lighting types we do have portfolio types mimicking them. You can call these as diversified folio and other as concentrated folio.

Portfolio Types: Diversified Folio

Like the name suggests, In diversified type portfolio each stock you select has bearing on performance of the folio. Like reflectors which is nothing but set of mirrors aligned in particular fashion, each selected stock has its impact on folio.  In reflectors placement of mirrors has bearing on where light will fall. Similarly individual weights matters in diversified folio. The diversified folio places too much emphasis on selecting a stock and weight assigned to it. If one is able to get good set of stocks and able to assign proper amount of weights to it, he will be able to get decent gains from this folio. Failing it – will make a subject of mimic in office. Most investors normally fall in this category, and fail it too. And by far this is very difficult thing to do also as one needs to keep a close eye on weights of all the stocks.

Portfolio Types: Concentrated Folio

In this folio, you select the universe/market/index first. In a projection beam its the light source which is chosen first. Once the universe is chosen, you run a formula on it based on your criteria. In a projection beam where it is focused matters most. Similarly what kind of theme you are focusing matters most for the formula. If the lens is small, and shortlisting criteria is too tight, then lesser light is coming out, hence lesser stocks to invest is coming out. If lens is too large, then out coming light is spread too thinly. Similarly if formula is too lenient, it will throw out a large number of stocks, which wont have any meaningful concentration in portfolio performance.

A simple thumb rule to know folio type is, if you are able to define theme of a portfolio with ease, then the folio constructed by you is concentrated one. For example, if one is constructing folio on faster growth sectors of past 2 years then that list will not include HDFC Bank, as banking sector has lots of duds which bring its performance down compared to other 4 growth sectors namely FMCG, Auto, Pharma and IT (PS: Sectors referred here are lifted from Nifty Growth Sector Index, which is an index which focuses on fastest growing sectoral indices and picks top 4 sectors).


Here I have explained to you the 2 broad ways to select stocks. The thing with both is, they are mutually exclusive. If you are picking stocks individually then your folio is a diversified one, if you are using screener with a formula then your folio is a concentrated theme based folio. Failed diversified folio are called as Dhobi list folios. Failed concentrated folio ca be called as burnt theme. Hope you have done proper homework while investing otherwise you can share your investment experience on AIFW, serving as reminder of being a pig.

How to wolf down a laddoo and financial emergency.

Financial Emergency and Laddoo

(credits: Manjula’s Kitchen)

Financial Emergency is like a laddoo, if swallowed like a novice, its going to be your undoing. Thats why you normally get gyany responses like “bite only as much as you can chew” etc.. To get rid of half gyan you have accumulated through the years this post tells you “how to wolf down a laddoo”. The principles are applicable for financial emergencies too 😉 .

Steps to wolf down laddoo and financial emergency:

First, be aware of your limitations. If you dont have large mouth, then you cant wolf down a whole laddoo. Similarly if you dont have large emergency corpus, you cannot say “Its clobbering time!!!” to a financial emergency. There will be numerous thumb rules on this,  Some will be stating  3 month income, some may tell based on health insurance covers etc.. After all people have multiple thumbs then their thumb rules is expected to be plural. Hence the factors to follow will be. Bigger the corpus is better. Life experience determines the size of corpus.

Your life experience determines the size of your emergency corpus.

Second, Swallow it whole if you can. If the laddoo is smaller than than area available in your mouth, you can swallow it whole, if bigger then you need to chew a part of it. One of the caveat here is that a laddoo cannot occupy the whole space available in your mouth, that would not leave any room for it to be crushed. Same way go for a credit if financial emergency is bigger than your emergency corpus, otherwise swallow it whole. The thing to be noted here is that, minimum balance restrictions should not get broken in process of doing so.

Third, Crush it. Many people often get into josh and leave the laddoo as it is, and try swallowing. A whole laddoo is bigger than food pipe hence it does cause trouble if left as it is. So  go and crush it with impunity.  Similarly a financial emergency should be crushed into smaller chunks.

Finally, slowly digest it over the course of time. Once laddoo is crushed in mouth you can slowly relish it. Similarly after financial emergency is over, the corpus too needs to be restored back into shape.

Website Loading: Basics of Authentication and Encryption – Part 2

Website Loading

(Credits: Flickr, patriziasoliani)

In the previous part of Website Loading series, I explained about application layer, the protocols that operate in it. That article told the basic grunt of work done by HTTP and DNS system. This article is to dispel doubts about whether the website loaded is secure or not. How will the website authenticate you?, Is your password under threat?, etc. All these things come under the domain of encryption and authentication.

Once a communication line is established with server during website loading, its necessary to ensure that communication line is not tampered with midway. This tunneling is ensured by using encryption.

While building communication with server – the client needs to prove his legitimacy. This proving of legitimacy is job of authentication. [Read More: Here is various authentication techniques explained.]

The security of system has 2 sources of attack hence 2 techniques are used. One source is false individual acting on your behalf (its impersonation at end points). Other one is person on network snooping on your communication (its eavesdropping). Encryption prevents eavesdropping. Authentication prevents impersonation.  Lets get on with authentication first.

Authentication: identifying correct user

In case of real word, we use names to identify a person. Yet we often hear cases where a person misusing name to get his work done. In case of banks they go one step ahead and use signatures to identify individuals. Incase of computers there are 4 things used to identify individuals. (Read More: Authentication  Techniques for mortals for knowing computer authentication models).

The computers use unique user names to identify individuals. Similarly we have names in real life to identify individuals. But username alone is not sufficient to identify as it can be misused. To help in this aspect passphrases were introduced. The passphrase is set when you first approach an organization to become its client. When you sign up for a service like mail, you are asked to set password, its asked to set a reasonable difficult password because, org doesn’t want your password to be easily guessable. The user name combined with passphrase identify an individual. If some one wants to  impersonate you, he needs to identify your username and passphrase.

The system merges username and passwords together and creates a string containing both. and this string is then hashed i.e.1- way encrypted and sent to server. The server then matches this encrypted string with its own credentials generated during sign up time to log you in. Due to one way encryption (aka hashing) the server doesn’t know your password, hence it is safe from misuse by server administrator too.


The passphrases is called by various names like passwords, PINs, OTP’s, etc. Even the passphrases can be generated on the fly by RFID Cards, Finger Prints, retina prints too. In short its the passphrase which identifies you uniquely. This pass phrase can be something you remember(password, PIN), or something sent to you(OTPs), or some thing you have(Key Gen App, RFID Card), or something you are (your fingerprint or retina print). All these things passwords, pins, OTPs, fingerprints, keygen codes at the end gets converted into an alpha numeric string hence the term passphrase. This passphrase is compared by computer to identify.


But as we know there are really idiotic/gullible users who share their passphrases, to overcome their idiocy/gullible nature another layer of passphrase was added. This system of username and 2 passphrases is called as 2 factor authentication. Often times this 2nd layer password is freshly generated and sent to user like OTP’s. This 2nd layer works on “what you have” principle than “what you know” principle used often for passwords. Also a device/app is given to user to generate these passphrases too like Keygen. OTP and RNG grids are what you have things as they are on your device and freshly generated. Even RFID can be used for this purpose but RF readers are not prevalent.


In case of bio-metrics, your finger print is used to generate a random alpha numeric string which is matched with server to identify you. Since bio-metrics are unique to individuals, a separate user name is not required. The encrypted alpha numeric string is used as credentials on server whereas the bio-metric aspect be it fingerprint or retina print becomes unique user and password combo. The process of converting this bio-metric info to alpha numeric sting is equivalent to encryption, and another one way encryption of this string prevents misuse at server side. To impersonate bio metrics, one is supposed to have same fingerprint or retina print which is impossible.

Encryption: Secured Website Loading

In real world, we use coded language to pass on the secrets(often used by 11th and 12th std. boys). All these coded language are essentially a form of encryption. The role of encryption is to prevent the unauthorized person in the middle snooping on you. In case of code words, the words are pre decided by friends at college, and they use it whenever possible. But the code words would not be decipherable by nosy neighbor of yours because, he will not be knowing the hidden meaning of them. Encryption also does the same. It converts your information into gibberish string, which can be decoded only by the intended recipient.

In encryption there are 3 types of it. Symmetric, Asymmetric and Hashing. The coded language in above example was of symmetric encryption.

Symmetric Key Encryption:

In symmetric key encryption, the encryption and decryption happen based on inputting a passphrase. In case of encrypting hard drives, a encryption algorithm asks for a password to be set while encrypting the drive. When the drive has been encrypted, same password is needed to decrypt the drive. Since the keys used for encryption and decryption are same, its called as symmetric key encryption.

Even case of coded language in above mentioned example, the code words are established by friends. Hence decoding of them is by friends only. Third party doesn’t know the code, hence unable to decode the meaning. This type of encryption is used to encrypt your mobile contents.

The main drawback with Symmetric Key encryption is, compromise of the passphrase, compromises you. Once passphrase is known, anybody can  decrypt and view your content. For this reason, symmetric key encryption is not used for securing web communication, but used for securing your device. For web another tech was created to over come this problem, It was called public key encryption.

Asymmetric key / Public Key Encryption:

To overcome the problem of key getting compromised. This dual key encryption was created. Here the keys required for encrypting and decryption are different. The server will send the public key to client. Client encrypts the content via public key. Then sends the ciphertext (the security parlance name for encrypted content) to server. Then server uses its private key to decrypt the ciphertext and retrieve the decrypted plaintext message. Since 2 keys are used its called as public key encryption.

With public key encryption one may feel secure, but this method is vulnerable to man in the middle attacks. In this attack an attacker would keep the public key sent by server to himself and send you a fake public key to you. You will send the message to attacker, thinking him to be safe server. The attacker will now have your credentials data to compromise you. To over come the problem, a reverse version of the same public key encryption is used.

In the reverse version of public key encryption, the server sends its public key generated by it as well as certificate containing public key issued by certifying authority. You receive both together. Once it  reaches you. The private key you already have (this key is given to you along with your operating system) is used to verify the certificate. Once the certificate is verified to be genuine, its validity period is matched with your computer’s date ( a warning is shown if your computers date is wrong as it fails the matching). After it only Website Loading works continue.


Many purists dont consider hashing as part of encryption. In hashing a variable length string is taken and mapped to a fixed length string. The specialty of this technique is, mapped string called as hash is totally different even if you change 1 character. So a thief cannot guess the username password combo by going through the hash.(PS: some have done so already with weaker hashes) As it was referenced earlier in password section, the hashes are stored on server to authenticate you. and hash is sent to server by using public key encryption. In case of online storage services like dropbox, its this kind of hash used to encrypt the contents you store on their service with symmetric key encryption.

Here are some myth busters:

  • Entering ATM PIN in reverse alerts the police.
    The Card Number and PIN are combined and its hash is matched by ATM before doing transaction, if the PIN entered is wrong then its hash will be totally different hence transaction fails. The server can only respond correct match or wrong match only.
  • Why login failure says ‘either username or password wrong’?
    While logging in servers take hash of both username and password combined. Even if there is 1 character defect in either, it causes hash of it to be different, hence server to be more user friendly flags it off as failure of either username or password as it doesn’t know the both.
  • Why does newer card request need new PIN too?
    When you change PIN on ATM machine, the machine already knows the card number. When PIN is changed, the ATM merges card number and new pin and its hash is stored on bank server. In case of newer cards the bank doesn’t know your pin, hence it replaces its old hash with new hash of new card number and freshly generated PIN.
  • Can bank misuse my PIN and impersonate me?
    No, the PIN mailer sent to you is generated by a RNG (a random number generator). The hash of composite key is stored on server. Hence no machine or humans know your PIN. It is also for that reason, a new PIN is generated when when lost instead of giving you old pin.

If this has aroused curiosity, dont hesitate to do a coursera course called “Internet History, Technology, Security” which digs deeper in this field.

Tax Saving is icing on the cake, not the cake in itself.

-Ashal Jauhari (Asan Ideas for Wealth)

Website Loading: What happens when you type www.google.com – part 1

Website Loading

(Credits: Flickr, patriziasoliani)

Whenever a person types in www.google.com in his address bar, behind the scene lots of works happen to load the website of Google. The the very act of website loading requires proper functioning of various elements of technology stack. There is DNS System helping to connect with the server. one needs to know about lots of lower level protocols to actually transmit the data. Also one needs to be mindful of downloading the images and all required assets for proper website loading.

Since the internet was a very complex project, it was split into independent layers to help technologists build various complex aspects of it. These layers combined together is called as “Internet Protocol Stack“. The protocol is just a set of rules, which needs to be followed by the software implementing it. The top layer protocols work independently of bottom layer protocols. All the layers are given a predefined responsibilities to perform.  The various layer of stack and their responsibilities are listed below.

Layers of Internet Protocol Stack:

  1. Application layer: This is topmost layer of internet protocol stack. This layer is tasked with interacting with the user. A Web Browser works in this layer. The Domain Naming System (which is helper system for name resolution) is also an application layer protocol. Various services like web browsing, e-mail, file sharing, are done by protocols of this layer itself.
  2. Transport layer: Transport layer provides various services to application layer via ports. This layer abstracts host to host services. (A server and clients computers are called as hosts). This layer provides connection oriented/connection less tunnel like reliability services by subdividing the data for easy transmission and sequencing of data at end host to be presented to topmost layer. This layer also ensures traffic congestion doesn’t happen between the hosts.
  3. Internet layer: Internet layer provides the end to end routing services to transport layer. Each computer/router is identified by an unique IP address, to help in routing. Also to help transmit a packet efficiently the routers shares their data with other routers via various routing protocols.
  4. Link layer: Link layer’s job is to transmit the packet from one node on a network to another node on network. (The nodes are various internet devices like routers, switches, computer’s network cards etc.) Here another addressing scheme called Media Access Control (MAC) is used for transmitting the data between 2 network nodes. The physical transmission protocols like WiFi, Ethernet etc are done in this layer. Also to establish routes protocols like OSPF, ARP, RARP, NDP is used. This layer is tasked with actual transmission of data between 2 IP Addresses.

These are 4 layers of TCP/IP Stack.

Website Loading: Players of Ecosystem

The world wide web is built on protocol called HTTP which stands for Hyper Text Transfer Protocol. Thats the main reason why websites show http:// in the beginning. The HTTP is application layer protocol designed to send HTML (Hyper Text Markup Language) documents which display a web page. Computers which understand the HTTP requests are called as Servers. Client is the computer, which requested the HTML resource by sending HTTP request. Browser is the program which interprets the HTML doc and displays it. The URL(Uniform Resource Locator) is addressing scheme used to identify web resource.

When Sir Tim Berners Lee introduced web for the first time, he designed all the components of ecosystem. They are – browser program, server program, HTTP protocol, HTML mark up language, URL addressing scheme. Below is some facts about the WWW ecosystem.

  • The first browser was called World Wide Web. Later renamed as Nexus.
  • The first server was called CERN HTTPd (CERN Hyper Text Transfer Protocol Daemon).
  • The first website was info.cern.ch.
  • The first URL was http://info.cern.ch/hypertext/WWW/TheProject.html.

Website Loading: Work done at Application Layer

When you type the site name in browser’s address bar, the browser first establishes connection with the server. The Server Address is obtained by querying the DNS. Destination Server address obtained via DNS is then embedded in transport layer’s destination address field. The HTTP request is prepared and given to transport layer in data field. (Note: HTTP uses Transport Layer protocol called TCP – Transmission Control Protocol for its communications.)

Website Loading Request:

The HTTP request consists of 3 main sections  at the top request line. The request line is like this.

<Method> <URL Path> <HTTP Version>

Ex: GET /index.html HTTP/1.1

The GET is request to server requesting it to give it give resource identified at given path. and HTTP Version its using. Below the request line other additional parameters are sent. These additional parameters are called as Header fields. Some header fields are mandatory and others are optional. (Refer to this wiki for details on header fields.) One has to note that Browser type is also one of the header field called with name user-agent:.

Server Response:

Once the query is made to server, the server searches in its resource pool and gives the response. Like request the HTTP response also starts off with status line. Below status line the usual headers follow. One has to note that Server also identifies itself in a header field called server:. After a blank line the response body begins containing HTML code.
The HTML response like request has 3 main sections in its status line. The status line is like this.

<HTTP Version> <Status Code> <Response Phrase>

Ex: HTTP/1.1 200 OK

The headers follow the status line followed by body containing resource requested. The status codes are subdivided various series.( Refer to this wiki article for list of all the status codes.)Remember that 400 series status are because of client i.e. browser made mistakes. 500 series errors are because of server problems. 300 series requires client browser to take additional actions. The famous 404 error means client requested resource which doesn’t exist, hence its client side mistake. Error 500 which is bloggers like me encounter a lot, means server has gone kaput for some sort of mis-configuration, means mistake is at server side.

DNS resolution:

The work of DNS is to fetch the IP address of the server, only after this browser can continue its website loading works. (Note: DNS uses Transport layer protocol called UDP – User Datagram Protocol for communications.)

Whenever you browse a website, its IP address (aka A record) is stored by your operating system in DNS cache for later use.  When a website’s IP address / A record is not available in DNS cache of the OS, a DNS query is automatically sent to your ISP’s(Internet Service Provider) Recursive Resolver. If recursive resolver doesn’t has A record (PS: often times it has) it keeps you waiting and asks the Root Nameserver for it.(PS: there are only 13 root nameservers. They have links to all the TLD’s) Root nameserver forwards the query to appropriate TLD nameservers. (E.g. query to www.google.com will get forwarded to .com TLD nameserver.) The TLD nameserver forwards the query to authoritative nameserver which gives the A record. Once recursive resolver fetches the A record, it keeps a copy with it and sends the record to you.


The above mentioned steps are done during website loading. The activities of all these protocols is done at application layer, which sits atop Transmission, Internet and Link layers which in turn do lot more work to keep the internet running. So its worth while to consider the WWW as a public web with decent gentlemen doing the background work. If you have noted the header fields, servers do have lots of information to identify a computer. Its because of that efficient communications happen. If you want to take cue about privacy from above explanation of headers, understand that WWW is public. Only thing stored in your computer or encrypted content is private.

Scientific Research Process: what it is?

Scientific Research Process
(Source: flickr)

Many times traders used to tell their process of setting up the trade as scientific and blah blah blah. But to call something as scientific, every technique has to go through a proper scientific research process. It also has to stand its ground to rigorous review by a tough human being and also the process is subjected to tough acid bath of statistics. The scientific research process unlike an algorithm of computers is a linear one. Here is steps to follow in scientific research process.

Steps in Scientific Research Process:

  1. Problem Definition
  2. Review of previous works related to the problem.
  3. Setting up of research apparatus and Formulation of Hypothesis..
  4. Running the research and collecting the data.
  5. Analysis of Data collected and validation of hypothesis.
  6. Presentation of the result and expert review.

The above list is how a research happens. These steps can also be seen in different mythological context too. The 6 steps corresponds to What How and Why’s of a thing (Also read: what how and why framework here.).

Step 1: Problem Definition:

The first step in research is definition of the problem. The problem is nothing but an telling of whats really happening in the environment. Problem definition can be like “Why sales of sunfeast biscuits is so low in city of Dharwad?”. The problem can also be “how to measure oversoldness of a stock” etc. In short whatever the so call pundits call as scientific can be considered as problem definition. The key criteria of good problem definition is the problem should entirely based on subject and should not have any reference to statistics.

Step 2: Review of Previous Works:

The review of previous works sounds more odd as many feel that their works is unique and will not be covered by previous researches. When a review is done it sheds light on variables and the interplay between them which can also have bearings on your research. Also the review sheds light on biases that may creep in. If you haven’t read on efficient market hypothesis and started off with your research on trading techniques, its expected to be one sure fire biased work. Its the review works which can differentiate a good researcher from a bad one. Review also helps in understanding the subject properly, and help in forming hypothesis (its obtained by subdividing the problem statement into small measurable chunks).

Step 3: Setting Up and Hypothesis formulation:

In this phase we set up the research process apparatus i.e. deciding on things to measure, how to measure etc…

First step of it – the problem statement is subdivided into chunks called hypothesis. The hypothesis is a set of  2 statements which describe small set of problem . One of the hypothesis is called as Null Hypothesis and other one is called Alternate Hypothesis. Null hypothesis states that there is no relation between the variables, where as alternate states there is relation between the variables.  And every hypothesis is made of variables which are measured to know the validity of the which of the hypothesis holds true. The main feature of hypothesis is that only one of them can be true.

Apart from preparing hypothesis you are also supposed to identify the proper audience also called as sample. (sample is the set of people on whom the research is done, Sample is selected from population hence its subset of population.) The process of selecting sample is called sampling and is decided in this step itself.

You must also decide how go about collecting data without letting bias to creep in. You are segment sample to allow pure randomness, so that biases due to concentration doesn’t creep in while collecting data. Bias can also question the validity of research hence one needs to be careful about it. You can call this step of sampling, and prep work as preparation of statistical model, as it lays out model for data collection. Only after proper model is setup one can go about data collection.
(Know more on statistical hypothesis testing on wikipedia, it explains about model too)

Step 4: Data Collection:

Data collection is the smallest step of the research process. Here the research is conducted and data gathered. In case of research related humanities subject often times the questionnaire is submitted to people to answer. There are other types of experiments to collect data like focus groups, blind tests etc. for human participants. For non humanities subjects like physics etc, the research is ran on machines and data is captured. The machine on which experiment is conducted is part of experimental set up. The data collected from it is called as sample. The data analysis step follows the data collection.

Step 5: Data Analysis:

This is the step where acid bath of statistics happens. This is one of longest and important step of scientific research process. Here the statistical analysis of codified data happens. Based on the statistical analysis the results are published.

Once the data is collated from questionnaire, it needs to cleaned and be made machine ready. For example if questionnaire had rating scales then the answer would be like strongly agree to strongly disagree. These kind of likert scale answers  cannot be fed into machines directly hence they need to codified like strongly agree = 5 and strongly disagree = 1. (One has to note that the coding strategy is pre-decided in research set up phase, here only its implemented based on it.)

After the coding and data entry is over Software like Matlab, SPSS, SAS are are used by researchers to run the various statistical analysis on the data. Things regression testing, factor analysis are done in this phase to validate hypothesis. The analysis is called as hypothesis testing, since these analyses are done to validate which hypothesis is true. Based the result spewed out by the software which hypothesis is valid is determined.

Step 6: Results & Review:

The final step is of publishing the results and its subsequent review by an expert. Based on the experiment conducted the valid hypothesis is collated and result is published. If one can recall, the data collection of gravity waves ended way back in September of 2015 still it took a lot of time to run the analysis and publish the results. Once the results are published it has to go through a panel which vets whether the research was done in unbiased way, once its fairly confident of absence of biases then the research is published.

There are some caveats in this scientific research process. In the above mentioned scientific research process, the researcher does the experiment to confirm his gut feeling. For example the discovery of gravitational waves was to confirm whether the gravitational waves exist or not.This kind of confirmation of gut feeling is called as confirmation research. There also another branch of research called as exploratory research, it follows a different scientific research process but instead of hypothesis testing it just measures the variables and tries to build relation ship between the variables. This research falls under the realm of big data.


The above said steps describe the scientific research process. All the statisticians in a company follow the above mentioned steps when they do their market research or other kinds of R&D works in a company. To know more the above mentioned scientific research process in depth you can read a book by Thomas Davenport called as “Keeping Up With Quants”.
Here is amazon links to its hardcover and kindle editions.

If you are trader then remember that trading is art, its not science. Its so because the first rule of trading is “Be Flexible” and science is never flexible. Since the above steps are very laborious, dont call every one of your gut feeling as scientific, you can call your project in MBA as scientific though. ;).


Animals of Stock Markets

In context of stock markets you would have heard the presstitutes talking about Bulls, and Bears. But the 2 of them are not the only animals of the stock markets. There are lot more and have associated behavior with them. This post is to show you the classic behavior shown by these animals of stock markets, your fate will end up like these if you copy them.

  1. Bulls: This famous animal is said to cause the prices to rise. The attack strategy of this animal i.e. throwing up with horns, is also the reason to give that name. When a stock is in bull run its prices rise rapidly. Here the person who is bullish expects the price to rise in future, hence he buys now with intention of selling it at later date with decent profit. During bull run its better to have a deep look at market’s expectation and fundamentals. If you are a trader then a definitive signal bull run like bullish engulfing pattern, hammer pattern must be expected.In bull markets its the greed which is at play.
    Bulls normally go Long, raising prices. But important aspect to note of these bulls are – they sell when their streak is broken i.e. when bears take charge.
  2. Bears: This is another famous animal which swipes down the price. Its rumored that the name bear came from Bear Skin Jobbers who sold the hides before they had possession of it. The bear indulges in activity called short selling. They sell the shares first in expectation that prices will decline, and cover their position when prices drop, making decent profit for themselves. Here the person doing short selling is said to be bearish in his outlook. In bear market a look at fundamentals throws up lots of opportunities for investors as prices are cheap in this market. For traders good signals like shooting star, bearish engulfing are supposed to be seen. In bear markets its unrestricted fear is at play.
    Bears always work with definitive strategy as they are predator class animals. Since bears sell even before they have requisite stock with them, they have to cover their position by trading day’s end if they are doing intraday, or before date of expiry. This covering of positions by bears cause small rally, which is explained next.
  3. Dead Cat Bounce: This is a metaphor to short covering rally. if you pick a dead cat and throw it against a surface, it will bounce but still its dead. This small up surging rally is also called as sucker rally, as pigs gets on board.
  4. Pigs:This animal is classic. Investors of this behavior are major revenue sources of bulls and bears. Pigs go overboard with their risk appetite and embrace risk with both hands. Pigs often times become impatient, and greed / fear overruns their decisions . These people invest without doing any due diligence, and invest on hot tips. They also throw statements like “Equities are for the long term” and many times sell it after a year of purchase. Pigs are those who mistime or totally ignore their sell calls, often times disregard their asset allocations, and don’t have proper controls over their portfolios. For that reason only there is quote dedicated to these in wall street.

    Bulls make Money, Bears make Money, but Pigs get slaughtered.

    Pigs normally watch business news channels, sites for hot tips. They often times enter market either during bull run or sucker rallies (a.k.a dead cat bounce). Their exit is often at start of a bull run or in the bear attacks after getting bruised badly or becoming impatient.

  5. Chicken: This animal is opposite of pig. pigs embrace risk whereas chickens are so afraid of risk of volatility, they put all their money in debt instruments, Bank and Corporate FD’s. Their overarching need for capital protection makes them totally overlook the threat of inflation and also the need to make profits. Its because of their fear, chickens get fried.
  6. Ostriches: Ostriches buries their heads in sand when it senses danger. Similarly investors stop looking at their portfolio and ignore any news about it during bad times and hope that their portfolio hasn’t been hit badly. Since these investors dont have any mechanism to get news, they are not able to take advantage of the situation. Though this behavior works out well in bear markets making this as habit will be detrimental to their portfolios if markets are infested by predators.
  7. IPO Stag: This animal doesn’t care about bulls and bears ruling markets. They buy into shares during IPO’s and sell it immediately when trading commences to make a quick profit by way of rising stock prices. This process is called as staging, flipping, and the traders who do this are called as stags. Stags have one major risk that is – they get predated if the stock instead of rising on day 1 starts falling.
  8. Wolves: This animal is out right predator. The name is given to those powerful individuals/group of individuals who resort to clearly unethical and criminal means to make money. Some examples for these are Jordan Belfort on whom wolf of wall street movie was made, Harshad Mehta, Ketan Parekh. Their tactics can be like wolf-hunting to drive the company’s share price to 0. Whenever a stock fraud comes into light we often see such rapacious and ferocious individuals behind it.
  9. Dogs and Cats: This name is used for stocks which clearly speculative in their profits and margins, sales etc..  Its also metaphor to stocks which fall under dog quadrant BCG matrix. Often times analysts say “in bull run even dogs and cats are going up” which means worthless stocks are also going up. This metaphor implies not to be confident of our stock picking skills as everything is in profit. These stocks can also be categorized as “Shit Cap“.
  10. Hound Dogs: This distinction is given to people who’s investment methodology revolves around dividends. Dogs of Dow is one such investing methodology where stocks are purchased based on their top 10 dividend paying companies. Dog is also said to be stock which falls under dog quadrant of BCG matrix, but it also get mixed with cats. May be NSE’s Dividend Opportunities Index tracker can be given this distinction too as its list of top 50 dividend paying stocks.
  11. Lame Duck: A Trader who is poor trader and has accumulated  lots losses or a trader who has defaulted on his loans by not covering his positions is called as Lame Duck. In wild, ducks which fall out of of their group because of being slow waddle and dont know what to do. An investor or trader who has no idea about his portfolio, where its going, is called as lame duck. This kind of investor says “Equities are for long term” and hold suzlon.

These are various animals of stock markets and classic behavior associated with them. Its not a bad thing if you had been like any of these animals and shown classic behavior of them. Its only wrong, if you are stuck in that mindset and not willing to grow. So learn and grow.

« Older posts

© 2017 Harry's Tech Space

Theme by Anders NorenUp ↑