08 February, 2016

Startup?

This is the story of the only venture that I tried to start up. Unfortunately I failed! But I learned a lot. I will probably try again, someday, in a better way. I am writing this because it might help someone. So, here it goes.

It was 2011, I was in the end of fourth semester of my engineering bachelors, an idea stuck me. It was not so novel, but it did give me vibes of a potential profitable business. The idea was to sell video lectures on DVDs and create a platform for delivery of educational (video/written) courseware offline through removable (optical) media.

The inspiration

In 2010, I had attended C programming language classes of a renowned professional in Nagpur. After the C language course ended, he handed all the students a CD with an activation key which contained a course for C++ programming. That one CD was free, but if I had to buy a new one, it cost 500+ rupees at that time (which was very costly). So I installed the courseware and activated it. I and my two friends got an idea to save money and we tried a lot to find vulnerabilities in his software and we did partially succeed in extracting the video lectures. I also wrote my own front end that played his videos and organized the index properly. Because of ethical reasons, we never distributed the material (and we did notify him about the problem in his software).

This is when I got the idea to create my own platform to deliver video courses offline. A platform which was more secure, that would have a proper process to distribute content over removable media. The courseware was supposed to be monetized, hence the security to prevent illegitimate copying. Plus, Internet connectivity in India was still very poor in India, and it is still one of the slowest.

Discussed with Chand and Vishal and we started off.

The Survey

We surveyed several students and asked them if such system would benefit them and got positive responses. The plan was to enable students a quick and easy way to get comprehensive material offline, and the authors to create high quality content and earn profit.

The Idea

The idea was not just to create a software that would lock video courseware to a computer of a person who has bought the course. The idea was to create an ecosystem where our company will act as a publisher. We would provide tools to create video courseware and to export them in a secure format. We would then create keys for the courseware and sell it on DVDs. The purchaser would have to activate the course (via phone or SMS or online) in order to use it. Then, we planned to have a system were the students would be able to come for doubt clearing sessions to the course creators. The focus was to enable this offline, because of slow Internet. 

The Action

The first step was to create a prototype platform. This was needed to earn the confidence of content creators to create the first content for us. We managed to create a prototype but failed to win the confidence of content creators. The content creators whom we targeted were college professors since the target buyers were engineering students. Every professor I talked to either asked me about the money first, and then about how difficult it is start a company. We promised more than 80% share of the revenue that we could earn form their courses. But no one agreed citing that there is no guarantee of earning money and the product to succeed. I think it was fair on their part, we weren't even a registered company with no funds (just our pocket money).

So, we decided to come up with our own content in order to bootstrap the first version and to gain confidence of content makers. But oh boy, creating high quality content is a mammoth task. First, you have learn a lot about the subject to the extent of becoming an expert, then there is recording, editing, and production work. But, I did record a C programming course. But the speed was very slow owing to my engineering studies and preparing for campus placements. We somehow lost focus.

By the time I almost ended producing the first course, it didn't turn out very high quality. More that 7..8 months had passed by, I got a job in Infosys and completely lost focus. We did improve the platform slightly, and managed to barely finish the first course. We had also purchased a domain name and hosting space to host our marketplace. But since we had lost focus and had wasted a lot of time, the market was occupied with other services. Services like Udacity, Udemy, Coursera had become famous. On the offline side, a few companies had already come up with similar ideas and were actually doing good.

The wrap up

We decided to wrap up the work and upload the videos to YouTube for free. But we did gain quite a lot of experience regarding this. Firstly, we became really good tutors. I actually got a job as a Lecturer at a polytechnic, and later recorded a full high quality course for a US based online company. Chand, my friend, moved to create other technical courses and is now quite famous on Udemy.

During the final days, while I was also working as a Lecturer, Chand started an Internship program for MCA students and I took care of the PHP training part. We also tried to start a small scale institute for computer programming training but did not manage to get enough students. Then, I had to leave Nagpur for Infosys. Chand managed with the institute for a couple of months.

Lesson learnt?

Yes. What we need is a proper focus and a determination to complete things at hand. I failed poorly to convince potential authors. Furthermore, we did not do the project on war-footing, it was like a side project. Also, I did not explore the idea further to improvise it. I could have gone to experienced people. I had no idea about funding and gathering talent to build stuff.


That was our logo :)
So, that was the story about "Smartsate Technologies". It still lives in our minds. We will revive it someday!

Have you tried to start up your venture? I would love to hear that. Do comment.

24 January, 2016

A same password for every service?

Do you have a same password for every service that you use? The same password for office and personal emails? The same for Facebook and Gmail? The same for www.some-forum-site.com?

Well, it seems you could land in deep trouble.

Having a single password is a single point of failure. If your password gets compromised, all of the services that use your password are no longer secure.

If you keep your password written on a piece of paper and keep it locked in a vault, it is still not safe if you use a 'one for all' password.

Why? Well, do not consider a password analogous to a physical key. A password can be copied easily once it leaves your system to the server. Physical keys can also be copied, but it is not so easy and you need special equipment to do that (and a locksmith).

When you enter your password in the login prompt, you enter it in "plain text" (even though it appears to you as * * * *). It is sent to the server in "plain text". If you don't use HTTPS, it is transfered over the network in "plain text". Even if you use HTTPS, the server decrypts it to "plain-text". The point I am trying to make is that the other side (i.e. the server) can read your password once you send it from the login prompt. Eventually, you have to trust the other side.

Now what they do with your password plays a major role in securing your account. Trusted companies like Google, Facebook, Twitter do not store your password in "plain text". What they store is called a "hash" of your password. So while signing in, they compare the hash of received password with the stored password. If it matches, Viola! You are logged in!

So trusted websites do not store your password. Do they? Well you trust them so OK.

But there are websites which are developed by amateur programmers, who happen to store the passwords in "plain text". Yes IT HAPPENS! Such websites are very vulnerable because beginner developers tend to turn a blind eye towards security.

Now, you might have heard reports of hacker groups releasing millions of passwords from hacked websites. Many times they get these passwords in plain-text and release them in public domain along with user details. Believe me, this is very common and there are several methods attackers use to get this information.

Now, you happen to have an account on www.some-forum-site.com which gets compromised. Your password is now in public domain. If you use that password everywhere, you are gone! I mean seriously gone!

Should you keep a one-for-all password? No! Now go change your passwords!