Saturday, 16 September 2017

Micro-loans for funding small enterprises

Swami Gulagulaananda said:
"It is amazing that a tiny seed can grow into an enormous tree"

India lives in its villages - We have heard this many times. And while steps are being taken to 'Make in India', India is not considered to be a manufacturing hub yet - especially when compared to her giant neighbour, China.

Manufacturing is a challenge, and for that matter, entrepreneurship is a challenge. While there are many challenges in starting and building your own enterprise, from hiring and retaining good people, purchasing raw materials and paying for other overheads, the challenges generally have one common denominator - Money.

You need money to hire people, money to purchase raw materials, money to pay bills etc. And getting money is the biggest challenge. Once you have a certain amount of money, that money can be put in to generate more money through the business - use a bit of it for operations, a bit of it for purchasing more equipment or hiring more people that generates more revenue subsequently and so on (The usual CapEx and OpEx).

The main question, however, is - How do you get that initial seed money? This is especially a problem when you are not well connected. There are many people from villages and tier 3 cities who are interested in developing small scale industries. Villagers and uneducated people find it very hard to raise funds. They may have the entrepreneurial drive but without a certain amount of credit rating and connections, raising funds becomes impossible considering that they are also from poor backgrounds.

Another interesting aspect to notice is the amount of money that these people usually require. The amounts are generally under Rs 50,000 with many people needing around Rs 10,000. These amounts are not very high when you compare it with the salaries of IT Professionals in tier 1 cities, for instance. Single outings to an upscale restaurants cost about the same.

This is where crowd funding comes into picture. Lenders who have a certain amount of surplus money can pump it into this system. Entrepreneurs who are interested can sign up with this system. This money is not charity. The money from the lenders are given as loans to the entrepreneurs. This money is divided into a large number of small amounts and each chunk is given to an entrepreneur. The entrepreneur is able to raise the requisite amount of money and utilise it for their business. Every month, they repay a small amount of money to the crowd funding organisation.

The crowd funding organisation can then repay the money to the lender who can choose this chunk to further invest in another entrepreneur. Remember, this is a loan - and the lender is expected to get his principal amount back. Think of it as a 0% loan - So, the only charity that you are losing is the interest.

And since a very small chunk of your money is going to each entrepreneur, a default is going to impact you very little. All your eggs are not in the same basket.

This is where I would like to introduce Milaap - Milaap is an online crowd funding platform that bridges the gap between lenders and people who seek money for various causes; entrepreneurs, medical, education, etc.

About a year ago, I invested a very small amount of Rs 2500 into it since I was not very confident of the platform. I had lent the money to some small scale village entrepreneur. As time progressed, I started receiving notifications that my amount was repaid. I had signed up for 'Auto Lend', and this repaid money started getting circulated to other entrepreneurs. Though it was just Rs 2500, the total money that got lent after repayment became over Rs 8500 and more.

I have now pushed in some more money into the system; because some small pieces of statistics had a pretty nice impact on me. Their dashboard showed me that they had made 28 loans and impacted 432 lives. They have also provided information about all the people to whom the money was lent.

Of course, there is an amount of risk involved here. I am trusting Milaap and their associated organisations to ensure that my money is not swindled and lost. There is a certain amount of faith that you need to have, and a certain amount of risk that you have to be willing to assume. But if it works out - There is a huge satisfaction of having played a role, however minuscule, in improving small scale industries in India.

Remember, you can pull out your money at some point in the future and this is a loan. So, please take a moment out of your busy schedules and explore Milaap or any equivalent organisation. Or if you have more time, try to invest in some small scale industry.

After all, Sab ka Saath, Sab ka Vikas should be applicable across the board. What is the point of growing alone - We should be taking everyone along and grow together...

Jai Hind!

External Links
Visit Milaap - https://milaap.org/

Click on this image to view a larger version


Monday, 14 August 2017

Ethical Machines

Swami Gulagulaananda said:
Teaching ethics to a human being is hard. I wonder if machines are easier"

There is an old psychology question that we used to ask as kids:
There is a railway track on which trains typically pass on, and another track on the side that is not supposed to be used. There is a sign that indicates walking on the main track is dangerous. Walking on the side track is not a problem because trains are not expected to pass on it. A group of ten young boys are playing on the main track while a lone boy is playing on the side track. You notice the train approaching rapidly and are standing beside a lever that can be used to control whether the train continues on the main track, or switch it to the alternate track. Assuming that the side track is not risky for the train and that you cannot shout to shoo the kids off the tracks because they are too far away from you or do anything else - and given only the two following choices, which would you go for?
- Let the train continue on the main track and allow the ten kids to die?
- Or send the train on the alternate track and let only one kid to die?

The reason this question is interesting is because it allows us to choose between saving many lives versus a single life, but at the same time between saving the lives of those who broke the rules versus the one who followed the rules. While you can save many lives, you are making the rule follower pay the penalty for following rules. Or let many people die… Which would you go for?



Now, imagine that a program had to answer this question. I remember seeing a similar question on Twitter long back, though I don’t remember the source - where self driving cars have a similar dilemma. Imagine a self driving car in which you are seated. It’s driving rather fast down an empty street when suddenly some boy comes running across the street. It’s too late to stop the car. The car can do one of three things:
- Continue going straight and run over the kid
- Swerve left into a group of five boys
- Swerve right into a pole that may kill you

What should the car do?

Whose life is more valuable? How do you measure the value of life? Are all lives equally valuable? What if it is between the lives of an old man versus that of a child? Can we say that the child should live since the old man has already lived most of his life? These are very hard problems to solve.

Person of Interest is a wonderful TV series, a fast paced action filled show that has machine learning at its core. At one point of time, the machine (the central computer that uses ML is called ‘The Machine’ in the show) decides that a key politician has to be eliminated for peace. This is when the creator of the machine ponders over this decision. Is a machine equipped to take decisions that humans find hard to take? If the death of a single person can bring peace, should that single person be killed? The answer may seem simple - Yes, kill Hitler, save thousands of Jews… But can a machine reach that level of human thinking? As the creator continues, “What if the machine indicates that a large number of people have to be killed in order to reduce world hunger?” Of course, if there are no people, then there cannot be hungry people - Simple logic for the machine.

The idea of teaching ethics to a machine seems to be very interesting to pursue. I wonder if this can be taught. Perhaps then, we may not have to worry about Skynet… #GoAsimov

Sunday, 13 August 2017

The Censorship Dilemma

Swami Gulagulaananda said:
(this quote has been censored)

A couple of days back, the chairman of Central Board of Film Certification (CBFC), Pahlaj Nihalani, was sacked and replaced by another person. It seems that a section of Indian film industry and media celebrated this fact. It turns out that Nihalani was branded ‘Sanskaari’, an of late derogatory word, often used to represent a person with a 'regressive mindset'. The reason? The official reason for his sacking was that he was muzzling the creative and artistic freedoms of cinema. Basically, he denied U/A certifications to movies that had scenes and language that was deemed inappropriate.

The official reason mattered because the incumbent government formed by the BJP has been accused by leftist liberals and the so called intelligentia (I have lost respect for that word now because leftist liberals and intelligentia are associated together) of imposing Hindutva on ‘minorities’. While there is a lack of a shred of evidence of this, any indications in this direction will be pounced upon by this group. So, sanskaari Nihalani had to go from the official standpoint. He also claimed that an influential lobby was behind it.

Of course, the above paragraph seems to acquit Nihalani of all wrong doing. Is he truly a victim of circumstances? For some time, let’s forget if he actually watches movies before requesting for edits (he claimed he doesn’t). On Arnab Goswami’s Republic, there was an interview with Nihalani where Arnab said that we were going into a regressive world and bullied Nihalani to say the word ‘intercourse' on live TV. Nihalani was visibly embarrassed and refused. Arnab went on to say the word ‘intercourse' repeatedly and insisted that Nihalani say it, and if not, justify it - "Do you feel you will get polluted? Why wouldn’t you say it?"

And this brings me to the central question, a question that I have asked previously as well - Where do you draw the line? Today, not allowing kissing scenes on screen is considered regressive. "All the western movies allow it. Therefore we should also allow it because it is a global standard." First of all, who made the West, the paragon of freedom? Why can’t we think of things by ourselves? Why can’t we set standards? Second, TV shows like Game of Thrones, Rome, Spartacus etc. have a lot of nudity and simulated sex scenes. So, should we let that happen as well? If yes, then why not go to the full length and show ‘tasteful’ porn on TV as well? Or why tasteful? Why not brutal porn that depicts rape? This seems like a slippery slope. Where do you draw the line and on what basis do we conclude that something is allowable and something is not?

Interestingly, there is another TV show doing rounds on social media at the moment. Pehredar Piya Ki, is a series about a 10 year old boy who gets married to a 19 year old girl (woman?) Apparently, someone in the show tells the bride “I don’t know when he will be able to satisfy you” (nudge nudge wink wink, I hope you can wait...) Now, while child marriage is illegal, it still happens in some places and this is a story of one fella, a fella in love. However, there is a petition requesting a ban of this show on change.org. Should we allow this show to run or should we ban it? Funnily, there is another petition to not ban the show on change.org. Some people who are requesting the ban are calling the show regressive - So according to cinematic freedom, should we allow to run a regressive show or should we be regressive and censor it? Either way, someone is being regressive.

In yesterday’s news, I read about a girl who is a prostitute by choice. She chose to become a prostitute because she desired expensive things and her regular job couldn’t provide it. She claims to be a high class escort, someone who is well read and speaks fluent English. She was recently taken on an all expenses paid foreign trip by a client who introduced her as his girlfriend. “We live in an intolerant society where people are killed for food habits. That’s why I can’t tell others that I am a prostitute”, she said. “You sell your brains, we sell our bodies. There’s nothing wrong with that”, she added. Buddha, the enlightened one, asked us to curb our desires because ‘Desire is the root cause of all evil’. Then there is this enlightened prostitute who said - ‘Meh! Why curb desires when you can whore around and make more money’ After all, the ends justify the means, doesn’t it?

Recently, a Google engineer wrote an essay with his opinion on why there are more men than women in the tech industry. Now, factually, there are more men than women in the tech industry. This Google engineer got fired for his reasons - They said that his essay propagates gender stereotypes. Is this muzzling of free speech? If his reasons were not true, Google can prove it otherwise, with data. But rather than that, they fired him. Is this censorship?

In the end, it comes down to these questions - What is morality? Who decides what is moral and what’s not? Is morality an antiquated topic? What comes under morality? And what should we censor?

The Censorship Board’s job is to censor things that it doesn’t think is appropriate. If you oppose every decision that it takes, then do we even need a censorship body? If you think no, then read the paragraph about Pehredar Piya Ki where there is another set of people screaming for censorship.

My primary request to people is to drop using words like regressive, intolerant, etc. and to think of more constructive ways of solving issues. Rather than hollering from the rooftops, create campaigns and polls and show it with data. Opinion based problems are very hard to solve. One approach could be to use technology to block specific channels at specific times with control lying in the hands of adults of the house to prevent impressionable children from finding it. Of course, this means that the adult should be aware of what ‘objectionable’ shows play at what times. A simpler solution is to make it rule based so that objectionable shows get blocked by default unless allowed explicitly by the end user - Ah, but who tags shows as objectionable or otherwise? A central board like the censorship board? Let’s start all over again... :)

Saturday, 5 August 2017

Ultimate Tic Tac Toe

Swami Gulagulaananda said:
"You can always make a mundane problem interesting by thinking about scaling it"

Tic Tac Toe used to be one of the standard games played by us in school along with Dots and Bingo. The problem with Tic Tac Toe is the frequent draws you end up with once you are familiar with the game. Eventually, it gets really boring and you stop playing the game.

One day, I stumbled upon a blog post at Math With Bad Drawings, called Ultimate Tic Tac Toe. The post discusses this problem of Tic Tac Toe and comes up with a very interesting approach. In this post, I have provided an implementation of their idea for you guys to play.

While you can read the entire content in that post, I will summarise it here.

Rules:
  • You are provided by a 3x3 board of Tic Tac Toe boards. That's 9 boards.
  • The first player can make his move in any square.
  • The next player has to make his move in the board depending on the square in which the previous player made his mark. For example, if the previous player chose the top left square in any board, the next player has to make his move in the board that is in the top left.
  • This constraint makes it pretty fun because you have to think of maximising your points while being careful about where you are driving your opponent
  • The goal is to win most number of boards. Whoever wins 5 boards wins



On Interfaces

Swami Gulagulaananda said:
Every person is the same from the outside, and the insides are merely implementation details"

A long time ago, I was introduced to an interesting concept called The Black Box. A box that takes something in and gives something out - and what it did to convert the input to the output is not something that we are supposed to be concerned with… It is a black box, and its insides are opaque to us.

The black box paradigm can be used in a multitude of places and is very useful to simplify flows of thought processes. You move away from the so called 'Implementation Details’, the nitty-gritty details, the brass tacks if you will and assume that whatever is inside performs its duty.


In our electronics course, a cell was often connected to a load. The cell didn’t really care about the load - it’s job was to supply voltage and current. The consumption was the load’s job and not the headache of the cell. The load itself could have been a bulb that could glow, a motor that could turn or a buzzer that could make some noise… The load is a blackbox as far as the cell is concerned. Similarly, if you add a switch to this circuit, the switch itself can be treated as a blackbox. The ‘switch’ in this case need not be a mechanical switch that our minds immediately went to - Rather, a switch is a device that can be used to complete or break the circuit. The switch, thus, could be an LDR (Light Dependent Resistor) that could complete or break the circuit depending on the intensity of light falling on it, a push switch, a toggle switch, etc.

This way of thinking is interesting because the only aspect defined at the beginning is the behaviour. We can develop modules in this manner and stitch them together. Google’s ambitious project, Ara (is it dead yet or still alive?) is a great example of the blackbox idea. The phone has slots for you to add or remove pieces - camera, another screen, a larger battery - You could remove one piece to add a different one.

Amazon Web Services (AWS) has made good use of this concept in their data pipelines offering. Read data from a source, transform it and save it to a destination location. The source could be a database like Oracle, an S3 bucket, DynamoDB etc. and the desination could be… well, Oracle, an S3 bucket, DynamoDB etc. This means, you can read from Oracle and save to Dynamo, read from Dynamo and save to S3 etc. The source and sink are treated as blackboxes as far as we, the end users are concerned and the ETL happens internally by itself.

This kind of pluggable architectures makes engineering very easy. When we were in college, using an Atmega 16 microcontroller was a big deal. We had to solder together the IR LED, sensor, resistors and capacitors to create an IR sensor module, burn code into the chip, and do a whole lot of work ourselves. Now, all these sensors and other useful devices come as modules or shields. You just plug them together and they just work. You can swap one out and swap in a different one without any issues.

This concept is of course not new. In the world of programming, this is called an Interface.

By building standards, everyone should be able to make their products work well with one another. For example, a micro USB phone charger can charge a variety of phones irrespective of manufacturer (except Apple, of course) This brings down the cost of devices and spare parts and also opens up a world of choice. If I don’t like Company A’s camera lens, I can swap it for Company B’s lens in my phone. Imagine having Honda’s engine in a Hyundai body.

It introduces some limitations, but also opens up some opportunities… Do you think that such a world is possible? Do you see any immediate pitfalls?

Saturday, 29 July 2017

Spatial Memory Game

Swami Gulagulaananda said:
"Our short term memory is only as good as... uh oh, I think I lost my train of thought"


We have two types of memory - Long Term Memory, which like our hard disks allow us to remember things for a longer duration, like names, faces, places and other memories; and Short Term Memory, which is like cache, used to remember things for a brief moment, like the OTP that we get on our phones. We remember that OTP long enough to enter into our computers and then a minute later - *poof* it's gone!

This is a simple game that shows you a grid and highlights a bunch of squares randomly for a short period of time. You have to remember the highlighted squares and select them. See how far you can go! Click on Start Game below

You may also be interested in The Knight's Tour.


Friday, 28 July 2017

On Hindi-fication of India

Swami Gulagulaananda said:
I wonder how many things, among the ones that we say out loud vehemently, we truly believe in"

A couple of days ago, a pro-Kannada activist group smeared paint over all Hindi sign-boards of all Bangalore Metro stations. They also insisted that Hindi messages should be eliminated from the Metro Trains. As of now, the announcements in Bangalore Metro trains are in three languages - Kannada, English and Hindi.

Why do they have a problem with Hindi? The pro-Kannada supporters don’t hate Hindi - They oppose the choice of Hindi. They question “Why Hindi specifically? Why not Telugu or Tamil?” They feel that Hindi is being thrust on the locals. It would make sense, perhaps, if the Hindi population is large enough to warrant Hindi. However, it appears that the Telugu and Tamil populations outnumber the Hindi populace in Bangalore by a significant number.

Ah, but isn’t Hindi the national language of India? It turns out that India has no official national language and all languages are to be treated equally.

When I look at India as a country, I prefer comparing India to the European Union rather than China or the USA. While China is mostly homogeneous, a lot of people feel that the USA is rather heterogeneous, what with the melting pot and all that rot. The USA may have a large population of mixed races of people from various countries, but in the end, they speak a common tongue - English. Even outsiders, Indians included, speak in English in the US. Perhaps California is an outlier, considering the large population of Hispanics there. California has signboards in English and Spanish. But the rest of the US is rather homogeneous in this regard.

European Union on the other hand is comparable to India where each country of the EU is like a state of India. They've various languages like English, French, German, Italian and others just like India’s Hindi, Kannada, Tamil, Telugu, etc. Their cuisines vary across countries, just like Indian cuisines vary across states. In fact, North Karnataka cuisine is a lot different from South Karnataka...

Given these many differences, it is truly amazing that India is still one single country - It’s indeed a sub-continent. It’s fantastic that we all work well with one another despite our differences.

Ideally speaking, we should cherish these differences and continue living as one. However, differences prevent us from truly being one. In reality, people like to bond over things that they have in common. Differences make the world colourful, but people generally don’t like changes and differences. People like to bond with similar people. If you are a hardcore nerd who likes to read, you are less likely to hang out with jocks who like to play football. You would rather discuss the next best book to read with a fellow nerd. This is the way we are.

So despite all the ideal talk about unity in diversity, people bond with similar people better. That doesn’t mean that a Hindu and Muslim, a North Indian and a South Indian, etc. cannot be friends. The amalgamation of similar types is better.

When a North Indian and a South Indian have to converse, they end up picking a common language to communicate with each other; and more often than not, that common language ends up being English. Even a Tamilian and a Kannadiga talk in English. Let’s accept the fact that English is the universal global language, and also the language that has given India a signficant edge over China.

Personally, and sometimes I am embarrassed to admit, English happens to be my strongest language. I am pretty sure, though I have never tested myself, that my English vocabulary is several times better than Kannada (local language) or Konkani (my native tongue). I can confidently speak English without any foreign loan words, but end up mixing English words while speaking other languages. That doesn’t mean that I am bad at other languages - I just happen to be better in English.

It is very rare for a Hindi person to speak in Kannada (however broken) in Bangalore. They speak in Hindi or English. The locals, on the other hand, respond in broken Hindi most often. I love Bangalore for this - Try doing this in Tamil Nadu :P

But should we pick English as the common language? Wouldn’t it have been better if we had a common Indian language to talk in?

In my opinion, India needs a common Indian language - and I believe Hindi should be that language. Hindi has the highest number of speakers in India and is most widely spread. While Bengali comes second, Bengali is a very localised language, while Hindi covers a larger geography. Hindi also happens to be the language known by most of us - I am sure that a majority of Indians reading this post are also avid Bollywood fans who can speak passable Hindi. To summarise, more non-native speakers of Hindi know Hindi than non-native speakers of any other language knowing a third language.

I am not, of course, asking for Hindi as a replacement to local languages; neither do I subscribe to pushing it down our throats. But I strongly feel that we as Indians need more unifying - and if a common language can play a role in it, that language, in my opinion, is Hindi.

I am interested to know the opinions of others though - Do you feel that Hindi should be the unifying language? Or should it remain English?

Counter Argument
The following is a counter argument by my friend, Lokesh Acharya. He has quoted famous poet D.V.G.
This is the link to his original tweet.

Of Artificial Intelligence

Swami Gulagulaananda said:
Learning from experiences is supervised learning… Guessing by yourself and being right is pure bliss"

In an eCommerce company, a digital marketer typically creates ads on social media websites such as Facebook. These ads are paid, and the charges are based on the number of times ads are displayed to visitors (called impressions) or by the number of times that a user clicked on these ads (called clicks). Eventually, if I have to understand the performance of an ad, I will measure it against the total sales and revenue generated by that ad. While the social media website gives me metrics such as impressions and clicks, it cannot give me the sales and revenues realised because that is happening outside their realm (in my realm, my website). So, if I have to measure the true efficacy of a campaign, I have to collate data such as number of impressions and clicks from the social media website with data that I collect on my eCommerce website such as views of target page (product page), add to carts and checkouts. This allows me to measure conversion rates.

Now, the digital marketer’s job is to observe this data and take some decisions. If an ad is performing well - that is, if it is sending a large number of people to my website, then, I will push more money into that ad so that it reaches even more people. On the other hand, I’ll probably reduce money into an ad that’s tanking. A software developer who looks at this scenario can quickly observe that there is an opening for some automation here. Since a program can read all of this data, a program can also be coded to arrive at decisions. Simplistically, you can add certain thresholds to add money or remove ads. However, in today’s world which is replete with buzz words such as big data and machine learning, one can build a truly sophisticated system that considers a host of external data such as determine the quality of ad based on the graphic (by performing an image analysis), text (by performing text analysis) and external factors such as time, geography, interests, past performance etc.

Cutting down on the technobabble, it is perfectly possible to replace that digital marketer with a program. This seems fantastic, but is definitely doable. This program that you use will be significantly better than the person because it has a huge amount of data based on which decisions are arrived at. Let’s look at a few more examples where machine learning (ML) and artificial intelligence (AI) could be used. Self driving cars are already making news all over the world. Doctors could potentially be replaced because most doctors, at least in the Western world, rely heavily on tests and scans (watch House MD if you don’t believe me). We could have a machine which can scan our body, vital statistics such as temperature, BP etc., extract a few drops of blood and run a bunch of scans and then run the numbers against a huge database that it has built from data worldwide and arrive at the diagnosis. This diagnosis will be more reliable, perhaps, than doctors because of sheer volumes of data that is used.

Taking it a step further, ploughing a farm and planting seeds is not that complicated once you are able to build self driving cars.

You see, most of the jobs can be automated in the long run. The question that we need to be thinking about is - Should we let this happen?

On the one hand, it seems obvious that this should be the way forward. The technology will be top notch, cheaper, far less error prone, the experience will be significantly higher than any individual, etc. All of this makes it seem like this is the future. However, there are cons. Think about all the people who are going to be losing jobs. Let’s take one example of drivers. In India, professional drivers are the ones who drive buses, trucks, minivans to transport smaller quantities of goods, autorickshaws, taxis like Ola and Uber, school vans etc. If we automate these jobs, what are they going to do? Surely find other jobs, you say?

When I had been to the US, a toy drone that I wanted to purchase cost me one third on Amazon than in a brick & mortar store. When I asked the salesman why it was priced three times higher, he told me about electricity, salary and other overheads. It immediately made sense why people bought on Amazon and why their flywheel model works so well in the US. This salesman will be fired eventually because his company cannot compete with Amazon. What will he do?

It appears that most of the jobs that they can pick can eventually be automated… If automation and companies like Amazon & Flipkart rule the world, we get a lot of advantages. But there are also a large number of corresponding job cuts. If all the mom and pop stores, our friendly local department stores get closed, we will have a large number of jobless people.

A counter argument is - Well, when these companies grow, they will hire more people, won’t they? Automation is simply transferring jobs from one place to another. While this is true, the number of jobs created is different. 500 people may lose their jobs for 50 new jobs created for fulfilment.

What if all these jobless people start resorting to crime to fill their stomachs? We have already been reading news about disgruntled drivers kidnapping people to take revenge on ride aggregation companies and others following Silicon Valley employees and heckling at them… Will our society spiral towards its doom?

A good thing about eCommerce companies like Amazon and Flipkart, in India at least, is that they are playing nice with third party sellers who are benefiting a lot from an additional channel of sale. Similarly, Ola and Uber are giving a lot of structure and business to cab drivers. Our country and society can grow only when we all grow well together. Automation should not be shunned and technological progress should not be stopped - But before implementing them blindly, we need to consider a lot of things - such as their impact on society.

I thought about this recently because of a news item about the government’s decision of not having driverless cars in India. I remembered this video that I had watched long back titled “Humans need not apply”. I have attached it here for your viewing pleasure:

Thursday, 22 June 2017

Hardware OTP Tokens

Swami Gulagulaananda said:
"Security by obscurity is an interesting notion - for we all fear what we don't understand"

A long time ago, I saw a friend of mine holding a small hand-held device. It hand a single button and a small screen. I asked him what it was. "Oh, I have an account with HSBC Bank. This is an OTP generator, it is for additional security", he replied. "How does it work?", I asked him. "I don't know man, they ask me to enter it while signing in. I press the button, some number comes up and I enter it", he replied

I tried it. Each time I pressed the button, a seemingly random number appeared on the screen. However, once a number appeared, it didn't change and remained on the screen. It didn't change even if I pressed it. It would remain for some time, perhaps a minute and then disappear. I pressed the button again and another number would appear.

This was pretty interesting. But I soon forgot about it. A few years later, I was signing up on some MongoDB website which required two-factor authentication. It required me to use an authenticator app - Google Authenticator (Although I distinctly remember using Microsoft Authenticator as I had a Windows phone). This also worked in a very similar manner. Apparently these new passwords are used to prevent problems due to key-loggers and man-in-the-middle attacks.

It turns out that both require some kind of registration with the server - A one time registration. Subsequently, there is no connection between the server and the device (app can be run without internet connection, and the small HSBC device is not a 'smart' device)

So now the question is - How does this work? The real thing probably works using either Time Based One time password algorithm or HMAC based one time password algorithm described here. But I was thinking if I could come up with a relatively simple mechanism.

I remembered Pseudo Random Numbers. The reason pseudo random numbers are "Pseudo" is because they are not really random numbers. In fact, these random numbers have a seed. A seed is a number that we provide to the PRN generator in the beginning. Subsequently, the function returns some numbers. The beauty is that this is repeatable. It means, if I started with a seed 10 and generated 5 random numbers and told you that my seed was 10, and you generated 5 random numbers using that seed, the 5 numbers that you have are exactly the 5 numbers that I have.

Here's a sample Python program for you to try out. Try running this in different terminals.
>>> import random
>>> random.seed(5)
>>> random.random()
>>> random.random()
Now obviously the question is - How do these PRN generator functions work? One of the ways could be to use a standard function like Sine or Log. For example, sin(x) will always be the same for the same value of x. So the seed is the first value of x. Each time you call the function, it will give you sin(x) and increment x. This is, of course, just an example.

So, now, these HSBC tokens have the 'x' value burned into it. The HSBC tokens also have a unique identifier. The security servers know the mapping between identifier and the seed value burned into it. Therefore, the two independent devices are capable of producing the same output. When you register the device, the server associates the token against you. Now, when you press the button, it probably uses the current time along with the seed (say concatenates or adds) and passes it into the function. It may use time till the minute level. Now whatever value is generated is typed by you. When you submit, the server looks at who submitted the value, gets the seed against him and the current time, and passes it into the same function - The result should be the same value if everything is okay. Otherwise there is something wrong...

Note that I have not used any fancy algorithms here - Do you think this is vulnerable? What problems do you see with this approach? Let me know in the comments.