Thus Spaketh Idd Salim

Mpesa : Well thought!

Well, I always am up for a big challenge. Ask all the neighbor’s daughters in my estate and they will testify. So, over the last week, since the inception of the pZ gateway, I have been privileged to have a-lot of Spare time to study the internal aspects of Mpesa, especially the IIS-based (cringe!!) web interface.

Mpesa is a VERY secure system. Well-thought and very polished.

But that is just for the average hello-world pinging -t and script-kiddie hackers we see around here.

There are 2 types of hacks I have discovered for the Mpesa system, especially the web interface.

• Constructive Hacks – That can help you as a C2B or B2C client use m-pesa better and more effectively. I will share these mostly ont his blog.
• Destructive Hacks – Hacks that can make you vulnerable to fraud based on some small details over-looked by Mpesa developers. I won’t share these, of-course, due to my moral and societal obligation as a WhiteHat.

Hack 1 of 4 – Porting Mpesa to Mozilla Firefox.

One of the biggest headaches about Mpesa Web interface is that it works *only* on IE6/7/8 and on Windows XP only. Not Opera. Not Firefox. Not Unix. I have visited alot of client sites where they have a spare Mpesa PC. How sad!

Well, the good news is that this cannot be further from the truth! Mpesa can work on VISTA. Mpesa can work on Firefox. Mpesa can work on Ubuntu and even on Lynx.

“Share, Salim!! How do we make Mpesa work on Firefox!! Please Share!!”, I hear you shouting. Relax. I will share. For Free.

Step 1 – Get your certificate from Voda

Go to https://vmtke.ca.vodafone.com/certsrv/ via your IE and login.

Get your cert

Important : Mark the SSL Certificate Keys as Exportable.

After 24 hours, come back to this site and INSTALL the keys to your IE browser.

Step 2 – Export the Keys from IE to a File

Click on :

• Tools [menu]
• Options [menu]
• Content [tab]
• Certificates [button]
• Select the ‘Vodafone MT KE 2009′ Certificate and click on Export
• Click Next
• Select ‘Yes, Export the private Key’ – Click Next
• Select PFX, Enable strong Encryption – Click Next
• Enter a password and confirm it. Important, save this password nowhere! Memorize it. – Click next
• Browse for file and save the Certificate + Key Combo. – my_mpesa_cert.pfx

Step 3 – Import the Key to Firefox. Any OS, Any PC

Open Firefox and follow the following steps

• Open Mozilla Firefox.
• Click Edit in the top menu, and select Preferences from the drop-down menu.
• Click the Advanced icon.
• In the Certificates section, click Manage Certificate.
• Click Import, and choose the text file containing the client certificate.
• Supply the token password if prompted. Same password you used during Export.
• Click OK. The new certificate is listed in the Your certificates tab.
• Restart Firefox, and Open : https://www.m-pesa.com/ke/ and Walla!!

I can see Kasomo and Alitsi smiling because I have just un-masked one of the biggest security PLUSES of Mpesa is that it thrives through security. Words like FireBug and Firefox WebDevToolbar come to mind. But be nice. Be positive.

Have fun!

Back to code kiasi.

Share on Facebook

Hello, we are Google! Who are you?

Well, blame my exclusive ownage of the words ‘idd salim‘ on google, my rich CV and list of systems done and out there, or just plainly the references I have, but a week after my 28th Birthday, google came calling…

Their main point of reference was my Xing Profile.

Alot of my facebook, gmail, symbiotic, redtape, Qz and PLG buddies have requested me to blog about the google Interview process. What they require. How to prepare.. yaddayadda.

I could not refuse. Who am I to refuse?

Their initial point of contact was an email below:

Hi Idd,

SRE are an elite group of circa 350 engineers in Google. This is obviously a very small group of the overall organization.
Technically this team consists of both Systems Admins and Software Developers.

Sys Admins are expert Linux admins with kernel level hacking experience. They also tend to have exceptional scripting experience and some networking knowledge. Developer tend to come from a C++, Python, C or Java background with exceptional Design and algorithms and data structures experience.

The team has a large number of industry leaders and industry technical pioneers especially in the area of Linux and Python.

SRE work on all of the major internal and external Google systems. Gmail, Search, Maps, Earth etc etc
They are responsible for the Scalability, Reliability and Efficiency of all of the systems from both a software and hardware perspective.
This is not an operations team (we have one of them!) but rather an internal consultancy type group.

The job specs are below:

http://www.google.ie/intl/en/jobs/dublin/swe/software-engineer-google-com-eu-headquarters/index.html

http://www.google.ie/intl/en/jobs/dublin/engops/opsit/unix-system-applications-administrator-google-com-eu-headquarters/index.html

We have these roles available in Dublin, London, Zurich, US and Sydney.

If you are interested, send me back your updated CV and we can arrange a time to discuss

Kind Regards,

I sent them my CV and then Google sent me a self-evaluation test:

Hi Idd,

Thanks for your reply and the updated Resume.

Can you complete the skills assessment below as accurately as possible and return it to me.

Self Evaluation Guide:

10          = you literally have written a book
7,8,9      = expert, go-to person on this technology
5,6         = solid daily working knowledge. Highly proficient.
3,4         = comfortable working with this, have to check manual on
some things.
1, 2        = have worked with it previously but either not much, or rusty
—————————————————————————

TCP/IP  Networking (OSI stack, DNS, etc.)(  )
Unix/Linux System Administration tasks(  )
Unix/Linux internals(  )
Algorithms & Data Structures(  )
SQL and / or Database administration(  )
C(  )
C++(  )
Java(  )
Perl(  )
Shell Scripting (sh, bash, ksk, csh)(  )
Python(  )

Whats days and times this week would be suitable for us to discuss.
I would like to call you and discuss your Resume, give you more information regarding the roles that we have available and also ask you a number of technical questions.

Kind Regards,

I responded as honestly as I could. We set a date to a week later via email for a phone interview. So I spent a week brushing up on my skills on things like as Trees, Calculus I and II, Algebra V, Discreet maths, Big-O, Data Structures, Algorithms and the full unoma shebang.

And so, the big day came. Google was to call at 5pm. I was the young Salim again. I now could speak-out the code to do a heap-sort, merge-sort, Dijkstra’s Algorithm, TSP, Graphs etc, in C and Java.

At 5:07pm. Google Calls. The callers accent was somewhat faster than I could decipher, but after a verbal interview on what languages I know, about systems and databases, started.  The following some of the few questions I can remember:

1. How many bytes are there in a MAC Address?
2. Explain the 3 way HTTP TCP handshake.
3. Explain, in detail, the sticky bit flag on Unix directories.

Not surprisingly, this is all I can remember as I blog this. As I give them space to get back to me (not holding my breath of-course), the hassle continues.

Benefits from this exercise

After the Google contact forced be to revisit things that I had completely ignored or postponed like the books of Knuth, the Dijkstra’s algorithm, B+Trees… It made me a better optimizer. I now look at my YU and Orange projects with optimism as the systems will perform better. Ramadhan period locks me indoors and I can only improve.

Google job or no Google job, I am now a better coder, thanks to the contact.

Wazi, back to Dijkstra!

Share on Facebook

2Go is Good 2Go

Well, let me just say, Chema Chajiuza, kibaya chajitembeza. It is rare I blog about a non-Kenyan product of any stature, but Good code is Good code. Give credit where it’s due. I am not an Anti-Mxit person as I admire anything Java, but The fact that Even After about 100 pages of Full-page Ads in Kenya it never really picked up, I knew there was some issue with it.

And so, I got a comment on this post about mXit and, as usual, I took it as spam and with a pinch of Zulu salt. The I decided to Install 2Go and give the biatch a test-run. I never looked back! Once you go 2Go, you never go back!

2Go at a glance

Well, you can read all about it here, on 2Go’s official website.

The post-Facebook Era

Facebook ‘Mobile App’ (read – Mobile widget – ok.. or APP for people who consider kindergarten quick-hack wizard-generated hello-world apps like AfroHotOrNot or Wazzup! Apps REAL apps) has received  75,792,183 downloads as at this second. This means 75,792,183 Java users went there all expectant and got egg-faced. Facebook has NO J2ME app. Just a Bookmarklet.

Step in 2Go!!

The most interesting thing about 2Go is the ability to contact ALL your 2Go, mXit and Facebook users from one Small, Sexy, Fast App. The data compression they use is out of this world. I would give my left nut just to see tail -f of the 2Go server logs.  Must be orgasmic. This Agnostic model is one of the real killer features in 2Go.

If 2Go was a Female App, she would already be pregnant with my twins.

I am building a Stock Exchange Social Network for the NSE. You can guess whose Model I will adapt, but I ain’t giving out any prizes.

I would not mind consulting to handle a local deployment of 2Go for Kenyan users. Also, 2Go would really benefit from the Pay.Zunguka Mobile payments solutions, to essentially go where Mxit did not in terms of virtual currency.

Share on Facebook

In my study of Calculus, I delved a bit into the pre-calculus era and I came across a very interesting concept by Zeno of Elea.

The most famous of Zeno’s paradoxes is a race between a tortoise and the legendary Achilles called, appropriately, the Achilles. Zeno contends that if the tortoise has a head start, no matter how small, Achilles will never be able to close the distance. To do so, he’d have to travel half of the distance separating them, then half of that, ad nauseum, presenting the same dilemma illustrated by the Dichotomy.

No matter what!

A (above) fractal used to explain the paradoxes of Zeno of Elea — a movement can become impossible if its distance is recurrently divided into smaller pieces. The girl is assumed to walk three times as fast as the turtle, but whenever she turns a corner the turtle will, too. Even though she is faster, she will not see the turtle within a finite number of turns.

The Kenyan Coder’s Paradox

As we strive to make it to MkwanjaVille via code, we face a path that is finite, buy has infinite snooker points. As with any journey one takes, Before one can get there, he must get halfway there. Before he can get halfway there, he must get a quarter of the way there. Before traveling a fourth, he must travel one-eighth; before an eighth, one-sixteenth; and so on.

In essence, the journey can never ‘really’, get started!

Every step has a snooker

A client will not give you a job until you propose in their desired format, even if you have the right solution. The proposal will not be accepted until the price is right (favoring the client), the price is right and the proposal is OK, but you must ona mtu kando or kiss the deal goodbye. You have betrayed your anti-corruption mantra and done that evil thing but you now must wait for 1 month for a response. After one month, your well-research proposal is given to a competing company whose MD is a friend of a friend of the project managers.

If you get the deal, you must wait for 60 days to be paid, if you are lucky. The clients never have any qualms authorizing the job but GOD help you if you dare suggest you might need to be paid. And then what? Downpayment? Are you nuttz?

And the best goes on.

More Info on Zeno here.

Share on Facebook

Increase your SMS revenue to 155%.

Recently, the revenue share model for SMS services running on short-codes was revised and, as always, it anti-enterprenural.

As hot girls might tell you, I don’t like beating around their bushes and I always dive right to the meat of the moment and this being a weekend post, i will make it straight to the point, like me.

So, I will share model 1 of 3 and hopefully, it will be of use to someone.

The Locus Standi

The current revenue share model for Kenya is like this:

SMS Service on Safaricon

Government – 26% (16% vat + 10% excise),

SAF 50% (of what remains after tax) – if your traffic is less that 1M smses or 40% if it is more.

PRSP 20% (of your 100%, which is 50% of the after-tax value.)

You – A hefty 80%, from which you must the government another 5% with-holding tax.

So for an SMS service charging the client 10 bob per response, The share will be:

Govt : 2.6, Saf : 3.7, PRSP : 0.74, You: 2.96 (less 5% W/h tax : 2.812)

Same applies to other operators, give or take 5% from their share. or yours.

So, for you to make something sensible, e.g. 5 Bob per SMS, you must charge at least 20 bob.

The Solution

When I designed the Easy Hisa System for Standard Investment Bank (SIB) as an adaptation of our Mobile Stock Trading and tracking suite, we decided to try a different revenue model. Today, I will share with you the revenue model, so that you can use it to maximize on SMS revenues.

This model is simple and is applicable to banks, insurance companies, stock brokerage houses, bars and clubs etc. Think outside an in-existent box, and the possibilities are unlimited.

Success Story: How SIB is doing it

SIB Opted for a model that is simplistic and traffic independent. The profits are always HIGH and fixed. Client gets charged normal SMS rates to access the system, e.g. 1 bob for YU and 2 bob for Zain.

At SIB, I have setup a MODEM pool with SIM cards for all operators. All lines are the same e.g. 0711/0751/0734 (900009) and clients just need to SAVE their network number to their SIM as SIB.. or Broker.

Anytime a client needs to check the status of their shares order, balance etc, they just send a normal-rated SMS to SIB on their address book and we receive the SMS, process it and respond. Mara iyoiyo… Cost on their Airtime, 2 bob. Needless to say, SMSes come to the client using out TumaSMS gateway and are masked as the broker sees fit.

Now comes the big question. How does the broker make money?

The clients have been educated to see this as a convenience service and looking at the kawaida cost of going to your broker of KSHS 100+ coz of transport etc and the time wasted because of Jam etc not forgeting akina morio, they gladly pay the 10 bob SIB charges as a service fee for this service.

EasyHisa passes a journal to the internal brokerage system and charges the client’s trading account 10 bob, a revenue stream from which SIB keeps 100% profits. 10 outta 10.

So here, the client pays 12 bob to get information that would have cost them 100 bob. In 5 seconds when it would cost them 1hour+. SIB keeps 100% profit as opposed to 28.2%. Simple, Easy, Neat!

Jidosishe mzee, dont dosisha wadosi.

Back to code.

Share on Facebook