Every year, for the past four years, I have been doing something in January, I write to Pakistani banks, via their websites (online) and gauge them on their response and customer service. Whilst for the past four years I was doing it purely out of curiosity, this year I decided to test our online banks and see how responsive (or lack thereof) they are to online customer queries.

The goal is simple:

• I have three questions that I shall be asking them, during different times of the week.
• All three questions are different.
• All the emails will go out from Gmail and Yahoo (so they cannot claim, that they never received it)
• I will gauge the banks on the following:

• Average time to reply
• Was the Question answered (Yes/No)
• Was there the response adequate
• Professionalism in their reply
• and other ancillary information that I will post (but not yet). Don’t want to give the whole thing away.

The report would be placed online, here on my blog as a downloadable PDF. It would be interesting to see how this detailed experiment of mine goes.

Stay tuned.

Ever wondered how major submarine cables are laid down in the ocean?

Submarine cables are laid down by using specially modified ships (sometimes even purpose built ships) that carry the submarine cable on board and slowly lay it out on the seabed as per the charts/plans given by the cable operator. The ships can carry with them up to 2,000 kilometers length of cable.

The ships are commonly referred to as cable-layers or cable-ships.

The cables are specially constructed for submarine operations as they have to endure harsh conditions as well as pressure.

Cable Dissection

Here is what a typical 3-D Cross-sectional cut-out of a submarine cable looks like:

1. Polyethylene
2. “Mylar” tape
3. Stranded metal (steel) wires
4. Aluminum water barrier
5. Polycarbonate
6. Copper or aluminum tube
7. Petroleum jelly
8. Optical fibers

In real-life the cable would look like this:

Here is another look…

Submarine cable laying process starts from the Landing Station, where a long cable section is attached (connected) to the landing-point and then extended out to a few miles in the sea. This end is connected to the cable on the ship and then the ship starts its cable laying process (a simple representation of this process can be seen/read here: http://www.k-kcs.co.jp/english/s…).

This is how the cable approaching the landing station looks like:

Depending on the geography of where the cable is laid out, the cable coming in from the ocean to the landing station might be advertised or not. Most of the time, it is buried as much as it can be and warning signs are placed so as to inform everyone that a submarine cable is landing ashore. Most of the time cable consortium companies try to hide the cable as much as they can, so that only those who need to know, are informed of the exact route of the cable. This would include municipalities, port authorities and shipping companies.

The market for submarine cables is dominated by Europe (UK, Italy, France, Germany) and a bit by Japan. US is overall a small player when compared to the others, as US itself did not have much need to expand cables to other countries, as much as the other countries had a need to connect to the US.

The ships, which are specialized, are almost all owned by the submarine cable consortium or manufacturers. These ships are station at various points along where the cable extends to ensure that in the event of a cable-cut, the ships can set sail immediately for cable repairs.

A cable laying ship at port

Cable coiled up in the cargo-hold (the coiling of 100s of miles of cable in the cargo hold is a proces that can take between 3 to 4 weeks to complete.

Another submarine cable laying ship at port

The portion of the ship from where the cables are lowered into the sea

A cable laying ship at sea. Notice the cable being lowered onto the sea bed, on the right hand side (starboard) (white portion) at the rear end of the ship.

Here is a photograph of a repeater being launched into the sea (which is placed every 40-60 kilometers) to fix and strengthen the fiber-optic signal and to amplify it, etc.

A submarine cable diver, inspecting a submarine cable.

When cables are damaged, either divers or specialized small sized submersible submarines with cameras and lights are sent down to the seabed to investigate where the cuts are. Then either divers of with the use of the robotic arms of the submersible ring the two ends of the cable onto the surface, where they are re-spliced and joined again.

Different cable types (by Alcatel)

Two informative videos regarding submarine cables and the technology & infrastructure behind them are below:

Undersea Cable

NTT Submarine Network Video

References:

• Cable Ships
• Submarine Communications Cable
• Installation Method
• eMarine Services Cable Photographs
• Subcom – the only US company that does underwater (submarine) cables
• Aboard Alcatel undersea cable ship (photos)

Many people don’t know who Keith Tentlinger and Malcom Mclean are. Their combined contribution to the 20th century was one of the most important one, that revolutionized trade and commerce around the world, set the pace for globalization, and as an unintended by-product created a new field of living (read: habitats) and revolutionized today computer’s datacenters.

No, they did not invent or formulate any new field in economics or founded a stock exchange etc. Their invention was that of the modern standardized shipping container, better known technically as an intermodal container (a container designed to be moved from one mode of transport to another without unloading and reloading).

It is indeed a big feat to have ‘standardized’ something in as vast as trade & transportation of that trade. If you imagine us not having the shipping container in place, just think how disorganized everything would be today.

Malcom Mclean – Father of the modern shipping container

Keith Tentlinger: Co-Inventor of the modern shipping container

Containers essentially come in two sizes: 20-foot equivalent, and 40-foot equivalent.  In the field, cargo is referred to as TEU (Twenty Foot Equivalents), i.e. how many 20 foot containers were moved. If say 10 x 40-Foot containers were moved, this would equate to 80 TEUs were moved.

A standard 40-foot container

A standard 20-foot container

A detailed overview of the various components of a standard container

A view of the container’s door and its components

 The advent of a standardized shipping container meant that regardless of the system the host country was using, regardless of the geography or ship (vessel) type, there was now a singular unit for shipping cargo. In its true sense, one-size fits all.

Moving cargo before the standardization of the shipping container was messy to say the least. Various charges were levied for load and off-loading and reloading of cargo. All this hassle was wiped out when a standard unit was introduced. Ships could not stack these containers with absolute certainty and ease. A whole new industry spawned out of the container.

Shipping containers stacked-up on M.V. Colombo Express 16 across

The rapid rise of short-cargo handling times, meant, goods could be packed,shipped and offloaded to their destination much faster than was previously possible. Trade increased and the infamous 20-foot or 40-foot container being hauled on at the back of an 18-wheeler could be seen world over.  Before the era of the shipping container, derricks were seen hauling off/on cargo for days. Nowadays a regular sized container ship can be on/off loaded in as little as 24 hours (averaging 18 hours).

The container itself is so robust and well constructed (considering almost every imaginable type of cargo moves in them, that it was only a matter of time, someone would think of alternative usage for these 20/40 foot steel boxes.

The first major usage of shipping containers was that of habitats. Originally used at construction sites around the world as field offices, they would over time evolve to much more than rooms for construction foreman.

Here are some innovative examples:

The above is part of a container city (more like a city-block).

Waiting room of some sorts (perhaps at a golf course, etc).

Something I would like at the far end of my garden.

Now I could sit here and Quora all day!

Student Dormitory in NL.

A mini studio in TX.

Residence in Quebec made entirely from containers.

An office in California (using containers in a warehouse for offices & kitchen).

A house in Wellington (NZ) made from containers.

Freitag Flagship Store made with 17 containers.

In recent years, the computer industry has gone at great lengths to utilize the container as datacenters for servers & networking gear. Here are some examples:

]]> http://www.faisalkhan.com/2011/10/21/keith-tantlinger-malcom-mclean-shipping-container/feed/ 2 http://www.faisalkhan.com/2011/10/20/how-will-the-mobile-payment-shape/ http://www.faisalkhan.com/2011/10/20/how-will-the-mobile-payment-shape/#comments Thu, 20 Oct 2011 03:44:04 +0000 Faisal Khan http://www.faisalkhan.com/?p=1109

Interesting question, an answer to which almost every payment company associated with the mobile space is trying to answer.

Here are some thoughts on how the playing field may shape out in the near future from the players point of view, rather than any specific infrastructure or hardware point of view.

Mobile Carriers
The notion that the payment space would be controlled by the mobile carriers, is out the door. This could have been true in the SMS era where security was a concern and mobile carrier had a part to play, certainly is not applicable any longer.

Mobile carriers have can certainly serve as a launch partner, but even in this day and age, carrier exclusivity with a payment system would be looked down upon. It makes no business sense in the long run for a payments space company to have any sort of exclusivity with a mobile carrier for the long haul.

The only short-haul advantage is traction, and that too seems to be a losing argument (proposition) when you look at the playing field and how new ventures being rolled out are neutral to the idea of an exclusive tie-in with a carrier. This was different a few years ago with product launches like that of Apple, etc, but the market dynamics are very much against any sort of exclusivity.

In short, carriers have missed out.

Their only advantage today remains their customer numbers, and it would be a very hard sell for a carrier to convince a payments company that tying up with them has an inherent market advantage and revenue value (in the long run).

The tables have turned. Carriers are now themselves looking how they can provide a service to companies in the payments space (not an easy sell mind you).

Big Names in the Payments Space
Large payment space companies, read: Visa, Mastercard, American Express, PayPal, AliPay, etc. have all based their solution which by-passes the infrastructure as a mandatory part of a roll-out mechanism. The common denominator for these large companies is not the carrier by any way or means, but the underlying application that they need to run on a mobile device (i.e. the mobile OS and apps).

Five to ten years ago, it was assumed that some sort of inter-dependency would be in play with the carrier. Fast forward to present day, that is no longer true, and the common denominator is no longer the infrastructure, but the OS, vendor acceptance, traction with users and connectivity to other payment systems (for purposes of loading and off-loading money).

The mega players it seems have all discovered one thing for sure, it will not be easy being a dominant player in this field. The game changing equation introduces a few elements of surprise, namely:

• Competition from the likes of Google, Apple, Amazon, Facebook and Microsoft (a threat vector that simply cannot be ignored)
• P2P payment systems like PayPal and AliPay (in the case of the latter, you have to read up on the traction and user base AliPay is accquriing on a daily basis. Mind boggling numbers).
• Regional or domesticated payment systems: For example, in Kenya M-PESA is a dominating payment system, and in Pakistan, it is EasyPaisa, in Philippines it is G-Cash. Breaking into these markets as a competitor may not be the easiest thing to do, however, partnering up with them, would make a lot of business sense (if you an digest revenue sharing).
• Banks are not sitting idle either. At the end, your money is parked in a bank account, and banks (with their large acquiring networks, and connectivity to merchants/businesses and individuals) pose a serious barrier to entry
• Local Regulators: Banking and financial regulators see additional payments systems as a nightmare for reporting and proper correlation of funds being channeled. In countries like India, Thailand, Vietnam, UAE, Saudi Arabia, etc. the regulators are very careful (read: extreme inertia required to move into their market), when it comes to acceptance and granting rights to an external payment systems.

Banks
Banks are eyeing the mobile payment space very acutely. The biggest advantage banks have, are that they are the regulated custodian of money. Be this on the on-load side (loading or debiting payments) or off-loading (crediting payments). Any system where the money stays out of the banking circle represents a threat to the banks (hence a very strong lobby exists with the financial regulators to ensure that banks cannot be by-passed).

Banks are not oblivious to the growing segment of P2P andP2B payments that is slowly but surely growing in numbers. Most banks simply do not have the bandwidth or the reach to roll-out their own payment systems. Hasn’t happened in the previous years – I cannot think of a single banking payment product that is somewhat global and exists outside an immediate banking network or geographic region.

What will happen as far as banks and mobile payments is concerned? Banks will either partner up with the traditional players (Visa, Mastercard, etc.) and their regional mobile carriers to have a trifecta win or lose out.

Very few banks will actually experiment with new (mobile) payment providers as their main horse. Another possible alliance banks see, which they already have a working relationship with is with MSB (Money Service Bureau) businesses like Western Union, Moneygram (see below).

Western Union, Moneygram, Xoom, Et. Al.
The money transfer businesses are also not standing still. They are alreadyactively using the mobile space to facilitate their payments using the mobile phone. Their next venture (or goal) is to be able to route it completely over the mobile network. Do note, in some instances like Easy Paisa (Pakistan), M-PESA (Kenya) G-Cash (Philippines) this is already happening.

The latter step above, can shape out as follows:

• MSB businesses are using the banks to be able to on-load / off-load money on to their (MSB’s platform)
• Use the mobile carriers to facilitiate the payments (acknowledgment, rates, transaction status, etc.)

These players have a unique ability to become big in the mobile payment space because of the following factors:

• They operate in almost all the countries (just the feedback and intelligence they have on the local market’s financial system, regulators and money statistics is an advantage as it is).
• They have experience / working-relationship in interacting with the local regulators (DFIs), mobile carriers and banks
• They represent a very significant branch of money (payments) business cycle that cannot be ignored
• They representa a perfect platform to launch pilots from in different geographic regions and then be able to roll-out services globally (based on the results of the pilot)
• Mobile carriers are already interfacing with WU, Moneygram, etc. so further roll-outs or enhancement in the payment system, ought not to be a problem.
• With banks utilizing branchless banking for the non-banked, likes of WU, Moneygram, etc. represent an ideal platform in being able to channel remittance money from one city to another, over the mobile network.

Individual Mobile Payments Companies
There are 1000s of small payment companies (small with respect to the market share they can capitalize on realistically speaking) who are already deploying very innovative solutions in the mobile payment space. Companies like Square & Swipe which have just jettisoned based on a very simple yet novel idea. They are certainly disrupting the mobile payments space whilst at the same time, working with the banks, Visa/Mastercard, etc.

Any of these smaller companies, have in themselves the potential to be become the solution of choice for the larger players. For example, imagine if Google were to acquire Square and go global with it. What would happen? In my opinion, it is this segment, these small companies from where we will truly see our emerging mobile payment space and the innovations in it. I say this because of the fact, they are more tuned to the ground realities and are much more flexible when it comes to adapting their business models to the ever changing landscape.

There is an imminent threat that the ideas of these small companies would bestolen (for lack of a better word), amplified with one of the larger carriers and rolled out.

In conclusion, it seems everyone is vying at this lucrative segment. Some will get acquired, some will go out-of-business, many will just plain quit. Most will stay and try to rough it out, go back to the drawing board many times over. Each vying for its own geographic territory and/or niche and game plan (read: business model).

The players are plenty and the market size plentiful.

The LOTR one ring to rule them all law will not apply here. You will not see any one player become the de facto mobile payment system in the world. That will just not happen, the market dynamics are against such an idea and equilibrium.

First of all commitment. Learning anything well enough requires time, patience, dedication. Make sure you have all three.

The best learning often is by listening. As suggested, find a good community and get a start from there on. A reputed source is www.Sans.org - [Look under the Resources tab]. They have an excellent reading room. You might also want to search for forums. The learning that you will get from forums, perhaps cannot be matched anywhere else.

Observe, Google newbie/noob terms, read definitions and absorb all you can for a couple of weeks in forums. Learn to differentiate who is an expert and who is a troll. Avoid the “Me too!” (or nowadays +1) type posts.

If you are going to ask a question, make sure you have made the effort before, to try to find the answer before asking your question. Make your Question and your time count.

You would need to do a lot of reading. This is a must. So make sure you have a lot of ‘My-time’ available to you. The less the distractions, the better they are.

I will be brutally honest, you can torrent for a lot of these security books, there are literally 1000s of them.

You will need a small network and spare computers to practice on. Old machines will fair well, plus it also helps to have a machine powerful enough to run a VMware/Xen Server, so that you can run various OS in virtual environments.

An old Cisco router and preferably a managed Layer 2/3 switch will definitely help. An old machine to be made into a firewall (Linux) will also help.

Don’t try to recreate the lab as seen on Fringe! You can only work on a single keyboard at time.

Don’t be overwhelmed and try to do everything at once. First goal, it to be a ‘tiny’ Jack of all Trades, i.e. know about all the different niches/verticals within the Computer/Network Security umbrella.

Your proficiency in networking, switching and OS (Linux, Windows) will need to be polished for sure. We all assume that we know it all, but we don’t. There is no shame going over the basics all over again, for purposes of a refresher and to get some slipped concepts clear.

YouTube has quite a few 1000s tutorial on various aspects, facets and specific micro-niches pertaining to computer/network security. They come in helpful many-a-times. Same goes for basic learning, YouTube can come in really handy when you want a quick visual description of say “What is a Layer 2/3 switch?” – when you want someone to explain it to you in 2-5 minutes.

You would definitely need to be organized. Both with time (devote only so much to training, so much time for lab work and so much time towards reading). You would also need to be highly organized with the digital side. Book marking every website you come across on security is fine, but organize it, classify it and then save it. Don’t just go on a spree on collecting all the programs/apps, eBooks or white-papers if they will just be collecting digital dust in your computer. It is great to save them, but it is very easy to be overwhelmed and lose concentration/direction.

Mentors are the biggest assets. You definitely want to find them in your area of specialty. Follow them on Twitter, Facebook, on Forums, and try to interact with them. Give respect and you gain much more in return.

Needless to say, if opting for Computer/Network security, a great command over ethics is also required. Be sure to understand the ethics side of this field, as well as (if you can spend sometime on it) the legal aspects of this field and its repercussions, etc.

And since I have touched upon Ethics, I find it important to spell it out, do not do anything on a network/computer that you do not ownphysically (including the route to it). Just because you have a server co-located at a datacenter – the route and networking gearing to the server are not owned by you. Do not do anything that can spell trouble for you later on. In the security arena, there is a saying:

- When in doubt – Don’t!
- When in doubt – Ask!

Doing any sort of computer or network activity outside a network and computer system you physically own, can cause a lot of serious legal trouble for you. Oblivious to the laws would not be an excuse. So, please do not do anything silly/stupid or even ‘educational’ on public or semi-public networks.

Many people (specially professionals) delve into the security field, without understanding truly the time and patience it requires to be someone worthy to make a decent/significant living off it. Reputation building is also a very important criteria. Do keep that in mind.

Whatever area you do choose, many will be compelled by policies or perhaps even something as crude as ‘because everyone does it this way’ – - – they will require that you have some form of a professional qualification in your area of speciality. Certifications are immensely important (that is despite the fact that you agree with having a piece of paper or not, that says you are qualified). What matters is that the person who wants to write you a paycheck every month, deems certification an extremely important document.

You need to time, measure and pace yourself and your study towards a goal of certification. There is no shame in trying for an exam only not to pass it. This is not life or death. Its just a test. Practice, Practice, Practice, and try again. Certifications can get expensive, so you will need to take that into consideration.

Finishing off, I’d like to give you my experience of how much time it will take. To be professionally qualified, spending 3-4 hours a day and to build your reputation, have an association with mentors or other professional colleagues who can act as reference for you, etc. you are looking at 18-24 months.

Hope the information was helpful.

First of, its not by eating a whole lot of baked beans, though I can see what that would yield to!

On a serious note, individual investment into a wind farm can often be too costly, and a point of envy for the neighbors. A great was to get started on a personal wind farm is to involve the neighbors. For reasons that would immediately be understood by you, however, let me amplify.
(a) Start with education. You can contact your neighbors and ask them to attend a voluntary educational get together you are doing on ‘alternative’ energy (don’t just stick to Wind farm, just as yet). This is perhaps the hardest part. You will meet resistance, you will have no shows and you will need to shampoo-rinse-repeat many times over. But do not worry. Your delivery pitch will only get better. You will learn revise your presentation and also you will learn to document and research the areas in alternative energy better.
(b). Your education process will be a long one. Do it over a Bar-BQ, or drinks, or a visit to each household on the weekend with your laptop and do a 30 minute presentation. If your presentation invokes an interest (which it should), these neighbors of yours will also be compelled to learn/read about alternative energy.

(c). Your next goal is to make them ‘game’ of “How about we all pitch in and setup something?” A farm of anything (solar, wind etc.) will require permits (perhaps), cooperation from neighbors, and land. The more the merrier, but do not make the project too big. Make a small committee (people love being on a committee, and give assignments and titles). It just makes the whole cause more legit and serious.

(d) When you make an effort on a community level (30-50 houses), you will be taken more seriously by financial institutions and the companies that deliver wind farms, etc. (usually they have a mechanism to fund you as well – depending on the geography you are operating on).

(e) The goal should be ‘small’ to start off with, something where say A porch light in all the houses can be started (bad example, but nothing better is coming to mind right now). You can divide the costs amongst the 20, 30 or 50 households, it will be very much affordable and provide great insight on how to get started with your experimental project (and that is what it should be termed as). An experimental project. So if things don’t work out, everyone is in agreement, its no biggie.

(f) Contact some commercial vendors in this field and ask them to come around and make presentations. The numbers they will throw at you (depending on the salesmen) will vary. It could be horrendously expensive or too cheap-too-good-to-be-true. Either way, you goal is to have many of them visit, do a survey and propose some solution. Let the companies work and find a solution for you.

(g) Once you have a solution in place and financials, see which is the most appropriate one and have your committee vote on it – or make a decision and go with it.

One area I would definitely recommend you research is Vertical Axis Wind Turbines – which is a preferred design for small wind farms and the designs have improved a lot.

Your best approach is to take your neighbors into consideration, as the economies of scale and the sanity of the project will be in your favor. There is guaranteed not to be any NIMBY (Not-In-My-Backyard) people. Green technology everyone loves and promote. It is being taught all around from children to adults and everyone knows this is the right thing to do.

Good luck.

Often the question is asked, how does the processing of credit cards actually work. For example, how does Authorize.net or Card Service International or Bank of America process credit card transactions.

Well, they essentially, use their economies of scale, to process transactions for you. Companies like Authorize.net et. al. setup elaborate system, networks, infrastructure, etc. to connect to all the Card networks like VISA, Mastercard, AMEX, Discover and others. Comply with their very strict security requirements and auditing requirements (fraud management, KYC, AML, SAR, etc.) I’m not sure if they connect to ACHs (in case of Authorize.net) but some payment gateways do connect to them.

They then provide you with their platform to conduct a credit card transaction (online/offline), i.e. when your customer wants to do a transaction they take the card details, connect to the requisite network, validate the transactions and then process it. In doing so, they also do the accounting that is required of it, to make sure if the transaction was successful, to minus the balance, credit the merchant, provide the relevant transaction records to all parties concerned for a successful settlement and in doing so, make money off it.

All this translates to a very economical system for you (the merchant) to use. When you have 10,000s of merchants using a system like this, it become inherently a great B2B model for companies like Authorize.net, etc. to be able to provide you with a service, with low up-front fees, etc.

The transaction fees for every transaction you are processing is distributed amongst various players, the card network, the payment processor, you the merchant (if you have a markup), the issuing bank, etc.

You could in some way some it up, that these payment processors are credit card transaction brokers.

In addition to big sign that says - Save Money! (could not have hammered the point better in my opinion), here are a couple of reasons why we moved from a very highly invested server farm to cloud servers.

Firstly, we had the option of using www.Rightscale.com to manage our cloud infrastructure – the management of it all via Rightscale helped us a lot. Cannot stress this fact (especially if you have a multi-tiered/complex server deployment architecture).

One of the most important point was the ability to ‘transition’ your cloud server from one provider to another (which is a feature though used less, but can save 100s of hours if migrations are to be an issue or something you do frequently). If a Cloud provider X for some reason terminates your server – say due to a DDoS attack or whatever reason, you can easily migrate that virtual server to another Cloud provider Y very easily.

Another example that is more pragmatic is costs, if costing on Provider A is higher and you want to migrate to Provider B, the migration/transitioning between cloud providers is a god send no less.

By having a large physical server farm, we were wasting lots of CPU cycles, Hard Disk space and memory (RAM). When we moved to the cloud, we start with average or minimal sizes, and looked at the performance metrics of our virtual servers (again something easy to do with all the various cloud tools out there on a single desktop screen). We then adjusted our cloud server sizes to match optimal server size and saved over 45% (vs the physical servers) and this was a cost saving of over 60% (if you believe it).

CPU and Storage are two of the greatest elements that are wasted, and by shrinking it down, the savings were tremendous.

One definitive advantage of the cloud was the ability to quickly deploy more machines as and when required (on-demand) and release them – once the demand subsided (this was true in a very few cases, but important nonetheless). Elastic computing in its truest sense.

Server images are another huge plus. You can take a server image literally by a right click and save it on cloud storage for future use. We also found that building a ‘template’ of a server is a great time saving exercise. For example if you will deploy a Linux Server and then put on Squid Server on it, etc. you can simply do this exercise once and then save it as a template, should you ever want to deploy the same server again, just deploy off the template, and your server + apps are ready to do. Only an IP change is required in the .config files and you are up and running in a jiffy.

Most of the cloud providers provide features like on-demand load-balancers, firewalls, IDS, additional storage, that can be deployed instantaneously. Can’t do that with the physical server world. And all these instantaneous deployments will have little or no impact on your service offering in terms of downtime, etc.

OS reloads is something you will love on cloud servers. Don’t like the OS, or messed up, simple reload again and in a few minutes (15-30 minutes) your new OS is up and running again, again, a huge advantage over traditional server offering.

IaaS/PaaS have achieved an economies of scale, where by every CPU core or memory is sold, as their are mostly likely a buyer for it out there. This results in excellent pricing model and allos you to save up a lot.

3rd party apps for monitoring, server management, quick/rapid deployments, etc are now plenty out there. The image libraries have improved drastically. For example if you were to take a traditional LAMP environment and strap on WordPress on it and then configure it with cPanel, etc. it can take quite a few hours to have this up and running. Many providers (especially Amazon) have an image that will take care of this and you will be up and running with a LAMP server, running cPanel/WordPress in under 30 minutes.

Do not be concerned that the virtual/cloud environment is exclusively for the Linux platform. Windows offering on the cloud is plenty and runs very smoothly. Most Window instances will sometimes even run on a single core, with 1.5GB of RAM – without issues (this all depends on what you run on the server itself).

Now, even providers like Amazon and Softlayer, do not charge you for incoming bandwidth (its free), so you now have additional cost savings. Albeit, the only drawback with Cloud providers is for people who want “unmetered” servers. No such thing as unmetered on cloud servers yet.

As with Aamzon, Rackspace and Softlayer, their cloud offerings tie in seamlessly with their Cloud Storage offering and their CDN (Content Delivery Network) offering.

The questions that everyone wants an answer to. I have been writing to PayPal for 10+ years to solicit a reply from them – as to why they are not here in Pakistan (you can read that correspondence onwww.faisalkhan.com)

PayPal operates in various countries but a few countries like Pakistan, Bangladesh, (amongst the larger ones) are missing. When countries like Somalia, Yemen and Rwanda are included in the list of countries where PayPal is available, one begins to wonder why Pakistan is not included.

It is not primarily about market size, I am sure Pakistan’s market size is a whole lot larger than many countries (combined) where PayPayl currently operates in.

The issue is country risk. <- I cannot sum it more accurately.

A financial institution like Paypal does risk assessment in their own way to assess which country it should and should not do business with. PK, whilst a large market size (compared to say Sri Lanka or Yemen or Rwanda) still poses a high-risk due to the factors like:

• KYC (Know Your Customer)
• AML (Anti-Money Laundering)
• OFAC (Office of Foreign Assets Control)
• SAR (Suspicious Activity Report)
• Beneficiary Information

The above (IMHO) are the major issues that PayPal faces, not being able to accurately gauge the above, is a risk that PayPal does not want to take.

They, PayPal can be penalized by the financial regulator in the country they operate FROM (not To), and the risk of account freezing, etc. All these factors they have to weigh against how much money they can earn (and they have a pretty good estimator for this). The risk vs the income – makes them conclude that PK is a risk country as far as business is concerned.

In addition to this, a small group with PayPal is trying to convince their management to look into Pakistan, whilst a large portion of members within the PayPal corporate world are literally biased and oblivious towards Pakistan as well (this is not an empty statement, but the ground reality within PayPal). PayPal itself is not entirely ‘clean or fair’ in its efforts. The ruckus that Pakistan is a money laundering country, etc. fails and pales in comparison to the amount of money laundering done in the US, and Latin America. As with every Pakistan/Indian issue, there are bigoted people within PayPal who are still harboring the animosity towards each other, is also another unsaid reason why Pakistan and Bangladesh have not gotten PayPal.

There is absolutely NO written notification and/or official circular from the US Government or Federal Reserve that ‘prevents’ Pakistan from having PayPal or tells organizations PayPal to discourage the Pakistani market. This myopic stance within PayPal is biased and unfair.

As previously speculated on many forums, it has NOTHING to do with SECP, SBP, FBR, etc. – - – that is not the issue (nor ever was).

A lot many forums and discussion boards have proposed that if PayPal cannot come to Pakistan, we should have our own payment system for the world to accept and adopt.

If you track payment systems, there are currently over 250+ payment system, after discounting the top 10-15 payment system, the rest of them COMBINED together probably do not do more than say #14 or #15 on the list. Having a payment system is one thing, having it adopted and be utilized and accepted by others is another matter entirely — and in some cases the key.

Lets talk about inward micro-payment options (barring PayPal) – you have none. No other micro payment system exists currently other than Paypal (sub $1 payments notwithstanding) that is worth mentioning or worth trading or transacting on. Even if you will make one, do you actually think your buyers in the international arena will adopt it? (I dont think so). Even some famous ones are having issues adopting.

The same can be applied for outward settlement. The fees structure for settling payment outside of Pakistan is quite complex. Daily reporting on transactions, along with the KYC and AML needs to be reported to the PRI division of SBP.

Without having any a priori information on the subject matter, people can comment and propose all they want, but seriously ask your self a question, how many hours? days? week? months? or years? have you applied towards the understanding of various payment systems that exist today? Have you ever spoken to them? Understood the back-office and legal issues, met with them in a seminar, etc.

So proposing that Paypal do this or that — is frivolous, (they are way more informed than you and I – combined).

Also – proposing an alternate payment system – how will that fair, if say tomorrow Google checkout becomes a micro-payment system, or the same were to happen with Twitter, or what many consider the inevitable, that Facebook launches either itself or in partnership with someone else, launches an payment/virtual-currency, that allows cross-border settlement and micro-payments? How will you payment system work.

Also remember, Paypal does not allow external payment system to integrate with them.

I do not mean to stomp the idea, but believe me, I have spent many years reading this all and do not make a statement just on heresay, but one that is based on hard statistics, fact and a whole lot of communication.

We may be #3 or #2 on some freelancing project network site, but what are we processing in terms of real-$-value per day? Do we do $30 Million a month – if not – we’re nothing as far as the financial transaction settlement world is concerned – an average ACH in the US transaction more than the $1 Trillion per day (yes, that’s is correct 1 Trillion, and no its not a typo). US ACHs transact more than $30-$45 Trillion per day, depending on the day of the week.

So, swallow your pride and understand and live with what we have. In the fiscal world as far as income – we are NOTHING. Accept that. In the world of RISK, believe me when I say we are almost #1. If people (rather financial institutions are NOT willing to do business here), then there is nothing you can do about it – Government or No-Government Pressure!

Let me give you an analogous example, please bear with me on the humor. The mangoes export of this country is FAR greater in number ($-wise) than say the inward and outward money combined from freelancing. Yet, the US chooses that we cannot export mangoes to the US, and there is NOTHING we can do about it. This has been true for over 25 years. Now – if we cannot export mangoes to the US, then what comical sense do we bring to the table asking Paypal to come here, because we are #2 or #3 on some work portal. [Yes, as an update, I know of the recent mangoes export to the US  -  for the first time.]

At one time, record stores and CDs were plentiful and everywhere. You could not possibly fathom that they would go out of business so fast (actually the CD had a shorter lifespan than the vinyl record). The basic goal of the modern day MP3 player is still the same, for you to listen to music. The experience is no less. Its now all about convenience and portability.

The publishing industry is going to go through the same thing. Very large book chain stores will find it inherently very hard to compete. The profit margins have dwindled, the cost of utilities is going up, real-estate rates are still high, it takes a lot of money to hire people and pay for bills. So Borders though 10 years ago was a phenomenal success, but rightfully so, they should have seen it coming. Somethings are inevitable.

When Borders or the large Barnes and Noble stores came into existence, many small book stores had to close down. Remember the movie You’ve Got Mail!(http://en.wikipedia.org/wiki/You…) – in which the Fox Books drives the small book store out of business. Well the 90s saw a lot of that, and whatever little was left, the early/mid 2000 closes those small shops as well.

Who survived? Those who carved a niche. I personally (emphasis supplied) do not know of a single used bookstore that went out of business. Others reinvented themselves, by catering to a very specific vertical (like Old and Rare books), etc. and survived.

With the eminent closing of Border, the book industry has slowly been morphing its business model. As more and more digital devices are sold, electronic books are taking a hold of us. You will see less and less people reading a book on their couches, and see more of them using their iPads. Sign of times (that are evolving).

More and more colleges and universities are preferring to distribute syllabus and reading in digital format, books though recommended (college professors would be without a job if they did not recommend books), are available in digital format now-a-days.

At some point in time, even the physical paper book will be threatened. No one can predict when – but it will happen. The newspaper industry has already seen that happen. 10-12 years ago, no pundit could accurately predict the fall of Borders, and look what happened today. Who knows, a cataclysmic change for the worse could happen to the book/publishing industry, in way we did not fathom (at present)…. only a few years from now.

The amount of physical books published will continue to circulate in and be sold in secondary markets (used book stores, etc.). Bookshelves still look beautiful in any settings and in some ways you are identified by the books you have.

In today’s ever evolving digital economy, carrying 10 books with you in a backpack is just not preferred. Why you could have a 100 books in your Kindle or iPad, and no trees were cut-down. No fuel wasted in transporting them to various book stores, much more cleaner and greener industry.

In the coming years, the physical book would be totally cease of exist (though I find that difficult to come to terms with), however, it could see a very large reversal of fortune for sure (this much I am sure of). Only question is when? To which some may answer – its now – its happening as we read.

The questions about Borders are plentiful. One of the best answers to “Why did Borders fail” is given on Quora. Be sure to go through the answers and comments. Makes a great mini-case study.

Here is a question I answered on Quora.

First of all commitment. Learning anything well enough requires time, patience, dedication. Make sure you have all three.

The best learning often is by listening. As Kurt Wismer suggested, find a good community and get a start from there on. A reputed source is www.Sans.org - [Look under the Resources tab]. They have an excellent reading room. You might also want to search for forums. The learning that you will get from forums, perhaps cannot be matched anywhere else.

Observe, Google newbie/noob terms, read definitions and absorb all you can for a couple of weeks in forums. Learn to differentiate who is an expert and who is a troll. Avoid the “Me too!” (or nowadays +1) type posts.

If you are going to ask a question, make sure you have made the effort before, to try to find the answer before asking your question. Make your Question and your time count.

You would need to do a lot of reading. This is a must. So make sure you have a lot of ‘My-time’ available to you. The less the distractions, the better they are.

I will be brutally honest, you can torrent for a lot of these security books, there are literally 1000s of them.

You will need a small network and spare computers to practice on. Old machines will fair well, plus it also helps to have a machine powerful enough to run a VMware/Xen Server, so that you can run various OS in virtual environments.

An old Cisco router and preferably a managed Layer 2/3 switch will definitely help. An old machine to be made into a firewall (Linux) will also help.

Don’t try to recreate the lab as seen on Fringe! You can only work on a single keyboard at time.

Don’t be overwhelmed and try to do everything at once. First goal, it to be a ‘tiny’ Jack of all Trades, i.e. know about all the different niches/verticals within the Computer/Network Security umbrella.

Your proficiency in networking, switching and OS (Linux, Windows) will need to be polished for sure. We all assume that we know it all, but we don’t. There is no shame going over the basics all over again, for purposes of a refresher and to get some slipped concepts clear.

YouTube has quite a few 1000s tutorial on various aspects, facets and specific micro-niches pertaining to computer/network security. They come in helpful many-a-times. Same goes for basic learning, YouTube can come in really handy when you want a quick visual description of say “What is a Layer 2/3 switch?” – when you want someone to explain it to you in 2-5 minutes.

You would definitely need to be organized. Both with time (devote only so much to training, so much time for lab work and so much time towards reading). You would also need to be highly organized with the digital side. Book marking every website you come across on security is fine, but organize it, classify it and then save it. Don’t just go on a spree on collecting all the programs/apps, eBooks or white-papers if they will just be collecting digital dust in your computer. It is great to save them, but it is very easy to be overwhelmed and lose concentration/direction.

Mentors are the biggest assets. You definitely want to find them in your area of specialty. Follow them on Twitter, Facebook, on Forums, and try to interact with them. Give respect and you gain much more in return.

Needless to say, if opting for Computer/Network security, a great command over ethics is also required. Be sure to understand the ethics side of this field, as well as (if you can spend sometime on it) the legal aspects of this field and its repercussions, etc.

And since I have touched upon Ethics, I find it important to spell it out, do not do anything on a network/computer that you do not ownphysically (including the route to it). Just because you have a server co-located at a datacenter – the route and networking gearing to the server are not owned by you. Do not do anything that can spell trouble for you later on. In the security arena, there is a saying:

- When in doubt – Don’t!
- When in doubt – Ask!

Doing any sort of computer or network activity outside a network and computer system you physically own, can cause a lot of serious legal trouble for you. Oblivious to the laws would not be an excuse. So, please do not do anything silly/stupid or even ‘educational’ on public or semi-public networks.

Many people (specially professionals) delve into the security field, without understanding truly the time and patience it requires to be someone worthy to make a decent/significant living off it. Reputation building is also a very important criteria. Do keep that in mind.

Whatever area you do choose, many will be compelled by policies or perhaps even something as crude as ‘because everyone does it this way’ – - – they will require that you have some form of a professional qualification in your area of speciality. Certifications are immensely important (that is despite the fact that you agree with having a piece of paper or not, that says you are qualified). What matters is that the person who wants to write you a paycheck every month, deems certification an extremely important document.

You need to time, measure and pace yourself and your study towards a goal of certification. There is no shame in trying for an exam only not to pass it. This is not life or death. Its just a test. Practice, Practice, Practice, and try again. Certifications can get expensive, so you will need to take that into consideration.

Finishing off, I’d like to give you my experience of how much time it will take. To be professionally qualified, spending 3-4 hours a day and to build your reputation, have an association with mentors or other professional colleagues who can act as reference for you, etc. you are looking at 18-24 months.

After years of writing to PayPal to solicit a reply, which they eventually did (via unofficial channels), I decided to buy a domain called PayPalAlternatives.biz to highlight the alternative payment systems that users can opt for in countries where either PayPal is not available or restricted.

Here is the test of the letter I received:

from ip@ebayenforcement.com reply-to ip@ebayenforcement.com to babushka99@gmail.com date Sat, Jun 25, 2011 at 12:30 AM subject Your Domain Registration – paypalalternative.biz [Case #49847] mailed-by ebayenforcement.com

Header Credentials

Now, whilst I really wanted to comment on it, both my US and Pakistani Legal Council has requested I do not do so.

Here was my reply to this email:

Dear Edith,

I intend not to be bullied by eBay / PayPal. Both these organization have a lot of explaining to do, and chose to do so, only when they feel its there time to do so. 1,000s of people suffer by the injustice done to their PayPal account everyday  - it is not even funny. If you visit websites like paypalsucks.com, screwpaypal.com and many others, you will get an idea of what I am talking about.

I have full intentions of publishing a personalized blog that highlights the various payment systems, that pose as an alternative to PayPal. If the domain is ever snatched away from me, believe me, a very befitting reply in the form of a large scale campaign against PayPal would be made by me.

I was (and perhaps still am) an ardent lover/fan of the PayPal money system and keep wondering why they continue to shun Pakistan, but when they stoop down to dirty legal arm-twisting like this – rest assured, I too shall twist their arm in return.