First of all commitment. Learning anything well enough requires time, patience, dedication. Make sure you have all three.

The best learning often is by listening. As suggested, find a good community and get a start from there on. A reputed source is www.Sans.org - [Look under the Resources tab]. They have an excellent reading room. You might also want to search for forums. The learning that you will get from forums, perhaps cannot be matched anywhere else.

Observe, Google newbie/noob terms, read definitions and absorb all you can for a couple of weeks in forums. Learn to differentiate who is an expert and who is a troll. Avoid the “Me too!” (or nowadays +1) type posts.

If you are going to ask a question, make sure you have made the effort before, to try to find the answer before asking your question. Make your Question and your time count.

You would need to do a lot of reading. This is a must. So make sure you have a lot of ‘My-time’ available to you. The less the distractions, the better they are.

I will be brutally honest, you can torrent for a lot of these security books, there are literally 1000s of them.

You will need a small network and spare computers to practice on. Old machines will fair well, plus it also helps to have a machine powerful enough to run a VMware/Xen Server, so that you can run various OS in virtual environments.

An old Cisco router and preferably a managed Layer 2/3 switch will definitely help. An old machine to be made into a firewall (Linux) will also help.

Don’t try to recreate the lab as seen on Fringe! You can only work on a single keyboard at time.

Don’t be overwhelmed and try to do everything at once. First goal, it to be a ‘tiny’ Jack of all Trades, i.e. know about all the different niches/verticals within the Computer/Network Security umbrella.

Your proficiency in networking, switching and OS (Linux, Windows) will need to be polished for sure. We all assume that we know it all, but we don’t. There is no shame going over the basics all over again, for purposes of a refresher and to get some slipped concepts clear.

YouTube has quite a few 1000s tutorial on various aspects, facets and specific micro-niches pertaining to computer/network security. They come in helpful many-a-times. Same goes for basic learning, YouTube can come in really handy when you want a quick visual description of say “What is a Layer 2/3 switch?” – when you want someone to explain it to you in 2-5 minutes.

You would definitely need to be organized. Both with time (devote only so much to training, so much time for lab work and so much time towards reading). You would also need to be highly organized with the digital side. Book marking every website you come across on security is fine, but organize it, classify it and then save it. Don’t just go on a spree on collecting all the programs/apps, eBooks or white-papers if they will just be collecting digital dust in your computer. It is great to save them, but it is very easy to be overwhelmed and lose concentration/direction.

Mentors are the biggest assets. You definitely want to find them in your area of specialty. Follow them on Twitter, Facebook, on Forums, and try to interact with them. Give respect and you gain much more in return.

Needless to say, if opting for Computer/Network security, a great command over ethics is also required. Be sure to understand the ethics side of this field, as well as (if you can spend sometime on it) the legal aspects of this field and its repercussions, etc.

And since I have touched upon Ethics, I find it important to spell it out, do not do anything on a network/computer that you do not ownphysically (including the route to it). Just because you have a server co-located at a datacenter – the route and networking gearing to the server are not owned by you. Do not do anything that can spell trouble for you later on. In the security arena, there is a saying:

- When in doubt – Don’t!
- When in doubt – Ask!

Doing any sort of computer or network activity outside a network and computer system you physically own, can cause a lot of serious legal trouble for you. Oblivious to the laws would not be an excuse. So, please do not do anything silly/stupid or even ‘educational’ on public or semi-public networks.

Many people (specially professionals) delve into the security field, without understanding truly the time and patience it requires to be someone worthy to make a decent/significant living off it. Reputation building is also a very important criteria. Do keep that in mind.

Whatever area you do choose, many will be compelled by policies or perhaps even something as crude as ‘because everyone does it this way’ – - – they will require that you have some form of a professional qualification in your area of speciality. Certifications are immensely important (that is despite the fact that you agree with having a piece of paper or not, that says you are qualified). What matters is that the person who wants to write you a paycheck every month, deems certification an extremely important document.

You need to time, measure and pace yourself and your study towards a goal of certification. There is no shame in trying for an exam only not to pass it. This is not life or death. Its just a test. Practice, Practice, Practice, and try again. Certifications can get expensive, so you will need to take that into consideration.

Finishing off, I’d like to give you my experience of how much time it will take. To be professionally qualified, spending 3-4 hours a day and to build your reputation, have an association with mentors or other professional colleagues who can act as reference for you, etc. you are looking at 18-24 months.

Hope the information was helpful.

First of, its not by eating a whole lot of baked beans, though I can see what that would yield to!

On a serious note, individual investment into a wind farm can often be too costly, and a point of envy for the neighbors. A great was to get started on a personal wind farm is to involve the neighbors. For reasons that would immediately be understood by you, however, let me amplify.
(a) Start with education. You can contact your neighbors and ask them to attend a voluntary educational get together you are doing on ‘alternative’ energy (don’t just stick to Wind farm, just as yet). This is perhaps the hardest part. You will meet resistance, you will have no shows and you will need to shampoo-rinse-repeat many times over. But do not worry. Your delivery pitch will only get better. You will learn revise your presentation and also you will learn to document and research the areas in alternative energy better.
(b). Your education process will be a long one. Do it over a Bar-BQ, or drinks, or a visit to each household on the weekend with your laptop and do a 30 minute presentation. If your presentation invokes an interest (which it should), these neighbors of yours will also be compelled to learn/read about alternative energy.

(c). Your next goal is to make them ‘game’ of “How about we all pitch in and setup something?” A farm of anything (solar, wind etc.) will require permits (perhaps), cooperation from neighbors, and land. The more the merrier, but do not make the project too big. Make a small committee (people love being on a committee, and give assignments and titles). It just makes the whole cause more legit and serious.

(d) When you make an effort on a community level (30-50 houses), you will be taken more seriously by financial institutions and the companies that deliver wind farms, etc. (usually they have a mechanism to fund you as well – depending on the geography you are operating on).

(e) The goal should be ‘small’ to start off with, something where say A porch light in all the houses can be started (bad example, but nothing better is coming to mind right now). You can divide the costs amongst the 20, 30 or 50 households, it will be very much affordable and provide great insight on how to get started with your experimental project (and that is what it should be termed as). An experimental project. So if things don’t work out, everyone is in agreement, its no biggie.

(f) Contact some commercial vendors in this field and ask them to come around and make presentations. The numbers they will throw at you (depending on the salesmen) will vary. It could be horrendously expensive or too cheap-too-good-to-be-true. Either way, you goal is to have many of them visit, do a survey and propose some solution. Let the companies work and find a solution for you.

(g) Once you have a solution in place and financials, see which is the most appropriate one and have your committee vote on it – or make a decision and go with it.

One area I would definitely recommend you research is Vertical Axis Wind Turbines – which is a preferred design for small wind farms and the designs have improved a lot.

Your best approach is to take your neighbors into consideration, as the economies of scale and the sanity of the project will be in your favor. There is guaranteed not to be any NIMBY (Not-In-My-Backyard) people. Green technology everyone loves and promote. It is being taught all around from children to adults and everyone knows this is the right thing to do.

Good luck.

Often the question is asked, how does the processing of credit cards actually work. For example, how does Authorize.net or Card Service International or Bank of America process credit card transactions.

Well, they essentially, use their economies of scale, to process transactions for you. Companies like Authorize.net et. al. setup elaborate system, networks, infrastructure, etc. to connect to all the Card networks like VISA, Mastercard, AMEX, Discover and others. Comply with their very strict security requirements and auditing requirements (fraud management, KYC, AML, SAR, etc.) I’m not sure if they connect to ACHs (in case of Authorize.net) but some payment gateways do connect to them.

They then provide you with their platform to conduct a credit card transaction (online/offline), i.e. when your customer wants to do a transaction they take the card details, connect to the requisite network, validate the transactions and then process it. In doing so, they also do the accounting that is required of it, to make sure if the transaction was successful, to minus the balance, credit the merchant, provide the relevant transaction records to all parties concerned for a successful settlement and in doing so, make money off it.

All this translates to a very economical system for you (the merchant) to use. When you have 10,000s of merchants using a system like this, it become inherently a great B2B model for companies like Authorize.net, etc. to be able to provide you with a service, with low up-front fees, etc.

The transaction fees for every transaction you are processing is distributed amongst various players, the card network, the payment processor, you the merchant (if you have a markup), the issuing bank, etc.

You could in some way some it up, that these payment processors are credit card transaction brokers.

In addition to big sign that says - Save Money! (could not have hammered the point better in my opinion), here are a couple of reasons why we moved from a very highly invested server farm to cloud servers.

Firstly, we had the option of using www.Rightscale.com to manage our cloud infrastructure – the management of it all via Rightscale helped us a lot. Cannot stress this fact (especially if you have a multi-tiered/complex server deployment architecture).

One of the most important point was the ability to ‘transition’ your cloud server from one provider to another (which is a feature though used less, but can save 100s of hours if migrations are to be an issue or something you do frequently). If a Cloud provider X for some reason terminates your server – say due to a DDoS attack or whatever reason, you can easily migrate that virtual server to another Cloud provider Y very easily.

Another example that is more pragmatic is costs, if costing on Provider A is higher and you want to migrate to Provider B, the migration/transitioning between cloud providers is a god send no less.

By having a large physical server farm, we were wasting lots of CPU cycles, Hard Disk space and memory (RAM). When we moved to the cloud, we start with average or minimal sizes, and looked at the performance metrics of our virtual servers (again something easy to do with all the various cloud tools out there on a single desktop screen). We then adjusted our cloud server sizes to match optimal server size and saved over 45% (vs the physical servers) and this was a cost saving of over 60% (if you believe it).

CPU and Storage are two of the greatest elements that are wasted, and by shrinking it down, the savings were tremendous.

One definitive advantage of the cloud was the ability to quickly deploy more machines as and when required (on-demand) and release them – once the demand subsided (this was true in a very few cases, but important nonetheless). Elastic computing in its truest sense.

Server images are another huge plus. You can take a server image literally by a right click and save it on cloud storage for future use. We also found that building a ‘template’ of a server is a great time saving exercise. For example if you will deploy a Linux Server and then put on Squid Server on it, etc. you can simply do this exercise once and then save it as a template, should you ever want to deploy the same server again, just deploy off the template, and your server + apps are ready to do. Only an IP change is required in the .config files and you are up and running in a jiffy.

Most of the cloud providers provide features like on-demand load-balancers, firewalls, IDS, additional storage, that can be deployed instantaneously. Can’t do that with the physical server world. And all these instantaneous deployments will have little or no impact on your service offering in terms of downtime, etc.

OS reloads is something you will love on cloud servers. Don’t like the OS, or messed up, simple reload again and in a few minutes (15-30 minutes) your new OS is up and running again, again, a huge advantage over traditional server offering.

IaaS/PaaS have achieved an economies of scale, where by every CPU core or memory is sold, as their are mostly likely a buyer for it out there. This results in excellent pricing model and allos you to save up a lot.

3rd party apps for monitoring, server management, quick/rapid deployments, etc are now plenty out there. The image libraries have improved drastically. For example if you were to take a traditional LAMP environment and strap on WordPress on it and then configure it with cPanel, etc. it can take quite a few hours to have this up and running. Many providers (especially Amazon) have an image that will take care of this and you will be up and running with a LAMP server, running cPanel/WordPress in under 30 minutes.

Do not be concerned that the virtual/cloud environment is exclusively for the Linux platform. Windows offering on the cloud is plenty and runs very smoothly. Most Window instances will sometimes even run on a single core, with 1.5GB of RAM – without issues (this all depends on what you run on the server itself).

Now, even providers like Amazon and Softlayer, do not charge you for incoming bandwidth (its free), so you now have additional cost savings. Albeit, the only drawback with Cloud providers is for people who want “unmetered” servers. No such thing as unmetered on cloud servers yet.

As with Aamzon, Rackspace and Softlayer, their cloud offerings tie in seamlessly with their Cloud Storage offering and their CDN (Content Delivery Network) offering.

Here is a question I answered on Quora.

First of all commitment. Learning anything well enough requires time, patience, dedication. Make sure you have all three.

The best learning often is by listening. As Kurt Wismer suggested, find a good community and get a start from there on. A reputed source is www.Sans.org - [Look under the Resources tab]. They have an excellent reading room. You might also want to search for forums. The learning that you will get from forums, perhaps cannot be matched anywhere else.

Observe, Google newbie/noob terms, read definitions and absorb all you can for a couple of weeks in forums. Learn to differentiate who is an expert and who is a troll. Avoid the “Me too!” (or nowadays +1) type posts.

If you are going to ask a question, make sure you have made the effort before, to try to find the answer before asking your question. Make your Question and your time count.

You would need to do a lot of reading. This is a must. So make sure you have a lot of ‘My-time’ available to you. The less the distractions, the better they are.

I will be brutally honest, you can torrent for a lot of these security books, there are literally 1000s of them.

You will need a small network and spare computers to practice on. Old machines will fair well, plus it also helps to have a machine powerful enough to run a VMware/Xen Server, so that you can run various OS in virtual environments.

An old Cisco router and preferably a managed Layer 2/3 switch will definitely help. An old machine to be made into a firewall (Linux) will also help.

Don’t try to recreate the lab as seen on Fringe! You can only work on a single keyboard at time.

Don’t be overwhelmed and try to do everything at once. First goal, it to be a ‘tiny’ Jack of all Trades, i.e. know about all the different niches/verticals within the Computer/Network Security umbrella.

Your proficiency in networking, switching and OS (Linux, Windows) will need to be polished for sure. We all assume that we know it all, but we don’t. There is no shame going over the basics all over again, for purposes of a refresher and to get some slipped concepts clear.

YouTube has quite a few 1000s tutorial on various aspects, facets and specific micro-niches pertaining to computer/network security. They come in helpful many-a-times. Same goes for basic learning, YouTube can come in really handy when you want a quick visual description of say “What is a Layer 2/3 switch?” – when you want someone to explain it to you in 2-5 minutes.

You would definitely need to be organized. Both with time (devote only so much to training, so much time for lab work and so much time towards reading). You would also need to be highly organized with the digital side. Book marking every website you come across on security is fine, but organize it, classify it and then save it. Don’t just go on a spree on collecting all the programs/apps, eBooks or white-papers if they will just be collecting digital dust in your computer. It is great to save them, but it is very easy to be overwhelmed and lose concentration/direction.

Mentors are the biggest assets. You definitely want to find them in your area of specialty. Follow them on Twitter, Facebook, on Forums, and try to interact with them. Give respect and you gain much more in return.

Needless to say, if opting for Computer/Network security, a great command over ethics is also required. Be sure to understand the ethics side of this field, as well as (if you can spend sometime on it) the legal aspects of this field and its repercussions, etc.

And since I have touched upon Ethics, I find it important to spell it out, do not do anything on a network/computer that you do not ownphysically (including the route to it). Just because you have a server co-located at a datacenter – the route and networking gearing to the server are not owned by you. Do not do anything that can spell trouble for you later on. In the security arena, there is a saying:

- When in doubt – Don’t!
- When in doubt – Ask!

Doing any sort of computer or network activity outside a network and computer system you physically own, can cause a lot of serious legal trouble for you. Oblivious to the laws would not be an excuse. So, please do not do anything silly/stupid or even ‘educational’ on public or semi-public networks.

Many people (specially professionals) delve into the security field, without understanding truly the time and patience it requires to be someone worthy to make a decent/significant living off it. Reputation building is also a very important criteria. Do keep that in mind.

Whatever area you do choose, many will be compelled by policies or perhaps even something as crude as ‘because everyone does it this way’ – - – they will require that you have some form of a professional qualification in your area of speciality. Certifications are immensely important (that is despite the fact that you agree with having a piece of paper or not, that says you are qualified). What matters is that the person who wants to write you a paycheck every month, deems certification an extremely important document.

You need to time, measure and pace yourself and your study towards a goal of certification. There is no shame in trying for an exam only not to pass it. This is not life or death. Its just a test. Practice, Practice, Practice, and try again. Certifications can get expensive, so you will need to take that into consideration.

Finishing off, I’d like to give you my experience of how much time it will take. To be professionally qualified, spending 3-4 hours a day and to build your reputation, have an association with mentors or other professional colleagues who can act as reference for you, etc. you are looking at 18-24 months.

For many years now – I have been writing to the CEO/President of PayPal and their parent company Ebay, asking then why they are not present in Pakistan. Despite all the communication via email, faxes, and letters that I dispatch every year, I have never managed to solicit a reply from them. Not even a squeak.

Today, many campaigns are afoot on the Internet in the hopes of getting PayPal’s attention and getting them to come to Pakistan.

Some people are supposedly even in touch with PayPal through their Far East office, London office or US office. Some have claimed to have met them, each vying to bring PayPal to Pakistan. In some minor cases, some of these elements are just not playing fair and present a fair picture to PayPal. They do so because they want to do business with PayPal and get paid for it (hint: law firms), others want accolades, etc. Just for the record, I want none. I just want them to be here.

Today, people fly to Singapore,Dubai, London and even the US to open a bank account just so that they can have a PayPal account.

Most of the activity that is done on PayPal on behalf of Pakistan is done so by what I call Acquaintance-PayPaling! – i.e. using the PayPal account of your brother, sister, uncle, niece, cousin, friend, relative, associate, etc.

Coming back to topic – the present situation is – we still do not have PayPal in Pakistan. Rumor mills are abound with the reasons why PayPal is not in Pakistan. I will not go there, but perhaps try to address what in my opinion I believe is stopping PayPal from coming to Pakistan.

PayPal as you know operates in quite a few countries. In our immediate region, i.e. South Asia, large economies like Pakistan, Bangladesh, Sri Lanka, etc. do not have PayPal, yet countries like Rwanda, Botswana, Fiji, Panama, Sierra Leone, Tonga and Zambia have access to PayPal.

Even Yemen and Somalia have access to Paypal.

Is this fair? Certainly not!

PayPal’s reluctance to operate in Pakistan is due to Anti-Money Laundering and Terrorist activities.

It is also rumored  (I cannot confirm this), that there  is a strong Indian lobby, that very tactfully yet and with sane reasoning positions Pakistan as a country which PayPal best avoids, despite the numbers that work in favor for PayPal to operate here.

No one – on their own wants to take ownership within PayPal and convince the New Business Development Department and the Legal team that Pakistan holds the potential of a very strong market for PayPal.

Having said this, there are some genuine people in PayPal who are literally fighting a case for Pakistan. I wish them good luck and request that they read on what I have written below.

So to summarize:

1. PayPal wants to do business in Pakistan, but are hesitant due to AML and for it (PayPal services) to possibly be used for terrorist activities.
2. People in Pakistan desperately want PayPal.

There are three concerning bodies in Pakistan that PayPal needs to get in touch with:

1. State Bank of Pakistan (the central bank of Pakistan)
2. Pakistan Remittance Initiative – a semi-autonomous body within SBP that is focused on inward remittances and how to legalize them, and provide better KYC, etc.
3. FMU – Financial Monitoring Unit – the AML arm of SBP.

In an unofficial capacity I can state, that all three are willing to talk to PayPal and pacify and address their concerns which prevents them from operating in Pakistan.

Especially PRI – the folks at PRI are more than willing to sit and listen to PayPal and advice them of our laws that we have in place and to correct any misconceptions that they might have with respect to Pakistan.  They can help you get PayPal services rolled out at a National level – and under a one-window operation for PayPal.

PRI is the most pertinent body that can help PayPal and will guide you if you need a banking license or a money-exchange license, how to get incorporated (if required by SECP) how to get integrated with the two ATM switch operators in Pakistan: 1Link and MNet – I’m very sure PRI will also help PayPal with any Tax related issues / consultation with the Tax Authorities (i.e. FBR).

Sitting in a cubicle in California – things are a whole lot different when Pakistan is viewed as a potential country to do business with. It would be conniving of PayPal not to get in touch with PRI / SBP / FMU – all three which operate under the auspices of Ministry of Finance and have the hurdles addressed.

Sitting in Pakistan, you cannot fathom our disbelief that we are blatantly being ignored by PayPal  -  the silence to all the communication/campaigns is deafening.

10+ years of PayPal and no service in Pakistan is just not fair to the 20 million internet users here. We are NOT a camel country! We don’t have sand dunes and people sitting in huts squatting flies. We are not running around naked in sewers begging for water. We do have almost all the conceivable luxuries and infrastructure that is prevalent out in the West. Especially digital infrastructure.

For god’s sake, stop being obtuse PayPal and open your eyes!

For good order’s sake – study us, and do your homework. We are the largest Non-Nato partner for the US in this war against terror. You really think that terrorist networks are only existing in Pakistan? they are all over the world – including UK, Germany, France, Somalia, Yemen, Rwanda, South Africa, Canada, countries where you operate. And please, do not associate the word terrorist with “Islam” or “Muslim” god knows how many home grown terrorist organizations are out there. Juxtaposing such labels on Pakistan is unfair, uncalled for and plain myopic business attitude. Radical white supremacist are gaining numbers everyday in Germany and Austria and UK, do you not consider them when you do business there? India has its own share of problems as far as terrorist organizations are concenred – including the Indian Maoist movement known as the Naxalites, but that does not stop PayPal from operating there now does it? So please think rationally when it comes to Pakistan and stop generalizing and compartmentalizing us.

Pakistani individuals and small businesses are making great strides on freelancing portals (like Elance, oDesk, RentaCoder, etc.) and other web outsourcing platforms where they deliver fantastic services.

Users here are forced to pay hefty fees associated with bank wire transfers, Western Union, 2Checkout, Liberty Reserve, Moneybookers, etc. to get paid.

The very least PayPal can do – is to get in touch with the right institutions here in Pakistan and work with them to have their issues addressed. Until and unless PayPal will not take the first step, the Government of Pakistan and its institutions are helpless, not to mention the 20 million Internet users and the nearing 100 million cellphone users. We as citizens can only do our digital protest in the hopes we get your attention – the walk you must walk!

If anyone in PayPal is reading this, please get in touch with myself, at fk (at) faisalkhan (dot) com and I shall duly put you in touch with the three institutions I mentioned. I do with without any self-servicing agenda or motive. I too like everyone else would like PayPal to be present in Pakistan.

Its been too long for us not to have PayPal and you have it within yourselves, the power, the will and determination to change that for the 20 million Internet users in Pakistan.

"Hope is not a dream but a way of making dreams become reality."

- L. J. Suenens

If you’ve ever run a web designing company – like we have in the past, then this sounds all too familiar.

http://theoatmeal.com/comics/design_hell

I read an interesting piece of news today:

FIA directed to probe piracy of imported movies

ISLAMABAD: Interior Minister Rehman Malik on Saturday ordered the Federal Investigation Agency (FIA) to probe into the piracy, rental and sale of movies having been imported legally. The directions came on the request of legal movie operators in Pakistan. The Minister for Interior made it clear that anybody who was found dealing in the sale, rental and airing of legally imported movies on cable would be dealt with severely under piracy law. staff report

Source: Daily Times

Now, I’ll address the lack of technical capabilities of FIA in handling something like this later, but first their seems to be  an issue. Does piracy come under the umbrella of FIA or the regulator – which in this case would be PEMRA.  The news article itself was hilarious…

“… anybody who was found dealing in the sale, rental and airing of legally imported movies on cable would be dealt…”

Now, first of all, who the heck actually imports a movie legally. Times have changed. Torrents anyone?

Secondly, who would “rent” a movie to a cable-wala? Duh!

Third, is FIA itself. Here is an organization that is best suited for working on anything BUT cyber crime / digital crime.

Highly inept organization, when it comes to the ‘digital’ world. Having dealt with them on this front, FIA and its Cyber Crime Division called: National Response Center for Cyber Crimes. I mean if you want to tackle the issue of piracy, why not stop the distribution channel, rather than the users?

If you have a drug problem, do you try to make the addicts kick the habit or do you stop the flow of drugs (the source). I would assume major effort would go towards the source problem.

In case of illegal or “legal” movies, the issue is torrents. You cannot stop torrent, and asking FIA to stop it? Bloody joke. They could not even stop their website from being defaced, and you expect these folks to stop torrents. Sure!

Having dealt with FIA (especially the Cyber Crimes Division) in the past, its a farce believe me. They are amateurs, armed with theoretical knowledge, have no proper investigative skills, most of them have never even been trained in forensic sciences (for the digital world), totally wet behind the ears and above all, you should see them all working together – its down right hilarious.

To tackle the issue of piracy – with respect to say torrents, you will have very limited success. To handle it via-a-vis cable operators to stop airing – how many cable operators will you stop? How many will actually get reported, etc. How many will actually comply?

Case in point, you don’t fight the bear – you learn to dance with it.

We send invoices. Lots of them.

We use a local courier firm to have them delivered all across the country. The invoices themselves reside in digital format, and we use a software to print them out to paper, stuff them into letters. Have the courier company come in the evening and pick them up and give us a receipt for it.

Presumably the courier company will take them to the collection center in Karachi, where these invoices will be sorted out, bagged with other letters / parcels and each bag will find its way on the conveyor belt destined for the cargo hold of the evening flight.

After a few hours (assuming no delays, etc), the flight would land at its destination, the bag collected, and de-sorted. Next morning, courier riders would collect their deliveries and hopefully if all goes well, my invoice is delivered to the customer by mid-day.

Now I could have saved myself the trouble of sending this invoice physically in the first place – by simply emailing it. However, customers who have to pay bills are very clever. They will cite mysterious reasons, email not received, the spam filter ate it, etc. etc.

They will receive all my other emails, except the one that carries the invoice.

So – novel times – call for a novel approach.

What if I simply were to email (or upload) the PDF file (which represents the invoice) to the Courier company’s server. Let us assume I have to send an invoice to a client in Islamabad. I email the invoice before say 1400 Hours, and the office in Islamabad will print it out. Print the delivery label. Stuff it into an envelope and deliver it the same day! And I get what I want – no – not convenience (that much is given), but what I want is the proof of delivery receipt; so now my customer cannot complain that he/she does not have a copy of the invoice.

If this service were to be launched, I am sure, there exists a great market for it. People may cite ‘confidentiality’. Strictly speaking, for our case, there is nothing confidential in the invoice that the courier company or its employees can ‘steal’. For non-confidential correspondence that needs to be delivered ASAP, I think this represents an excellent medium of choice for those who would like to reduce the carbon footprint of their letter (ideally we should just be emailing, but something don’t change).

Sure there are kinks and ifs and buts in this scenario – but nothing that cannot easily be solved if one were to put their mind to it.

Its lectures like these that make me want to go back and continue to study my first love, which is electromagnetics.

I’ve been reading a lot about how one company or another in Pakistan is going to be bringing e-commerce – specially internet payments or even mobile payments. How we will be able to have our own eBays-look-a-like and our own Amazons and god knows what else.

Various efforts have been done, but then seriously think about it – are you using it? On the top of my head if there are any Pakistani websites where I have used my credit card – it is undoubtedly www.libertybooks.com and www.airblue.com – I have not used my credit card anywhere else on a Pakistani website.

If one were to take the days of Digicom (now long gone) when it started its ISP operations in Pakistan as a benchmark date as to when the web was born (1995) here in the sub-continent, then 13 years later – we have to gauge ourselves from a consumer / commercial point-of-view – where are we standing? Pretty much in the same place… nowhere!

As much as we think about the ingenious ideas about payments, the mass appeal has still not kicked in. Is it our timings? I highly doubt that (read my article on TCS Listen Up!).

Are the payment solutions themselves immature (my opinion is hardly).

Are the banks to blame which can push the much needed traffic towards e/m commerce? ( a definitive yes!)… but there is something else that is missing. Government? (who care would be my answer).

There is surely something that is stopping us from using digital money. Wouldn’t you agree?

Let me digress for a few minutes… consider the following… An analogy is voice-mail.

Used everywhere in the world, but not in Pakistan, India, UAE, Bangladesh, and most of the Asia-Pacific countries. Voice-mail is used very heavily in Europe and Americas, but why not here? To be honest, I don’t have an answer to this question, but it does beg to ask another – is what is impeding our growth have something to do with culture / people rather than technology? I for one say – maybe yes, this could be anomaly in the whole equation of electronic/mobile commerce in Pakistan.

Craigslist is now also in Pakistan (Mr. Craig even left a comment on the blog). So why aren’t we a nation that is plugged into online classifieds? Why is it that WorldCall forums are selling stuff – but only limited to those who are on those Go4B.net forums. Even if we had the payment methods – we are still shy about using them.

I feel trust is an issue. I know I can trust Air Blue and Liberty Books (well I really don’t trust Liberty Books, but then what the heck, every now and then you gotta take risks). But UBL’s Orion – I wonder and ask myself why I haven’t bothered signing up on Orion? Why isn’t everyone else using Orion? Lootmar which is an up and coming start-up hoping to make it big into the auction space in Pakistan – has a long way to go, but it’s a start – but then again, why aren’t we all using it? (I’m sure Lootmaar would have a long list, but that’s not the point). The point being – we have everything, but stimulus (for lack of a better word) is stopping us.

On Orkut and Facebook, Pakistanis are clicking away-a-plenty. Same goes for Blogs. We novices have even mastered the art of cut-and-pasting Google AdSense campaign code into our blogs but yet, when it comes to buying online, we are very shy.

My definitive arguments and conclusions are at the end of this post, but very quickly I too want to pitch in an idea.

Almost everyone has a mobile phone and a bank account. So here is the gist of my proposition:

• Go to the bank – get your mobile phone registered to your bank account
• So I go to this website and I like this USB stick. Its for Rs. 2,000, I place it in my cart and proceed to checkout
• The website owner is also registered with the bank and had a mobile account associated with its bank account
• So upon check out the website gives me a total: Rs. 2,000 and its merchant number and transaction number
• I from my mobile send an SMS to my bank – entering the transaction number and the amount
• My bank checks my account balance and since I’ve linked my mobile to make transactions on my account it (the bank) will provide me be back with a 10 digit code via SMS (valid for 30 minutes)
• This code will ONLY make payment to the defined Merchant Account that I had sent and for Rs. 2,000 only
• This code will not make sense or be of any use to anyone should my mobile get stolen
• You are probably going to ask if a PIN is used and if so, when a mobile is stolen wouldn’t the PIN be in there – the answer is no PIN is used and if your mobile is stolen I am pretty sure you will be letting your cellphone company know of this, which in turn will stop it from transmitting any SMSs to your bank account for any transactions.
• I place the code on the website and hit ‘Submit’ and the website will verify the transaction – and complete
• In either case of data-snooping, cellphone theft, etc. No information is compromised.

Whilst it may seem mundane and boring, but the simplicity element and security are paramount in this setup. The merchant will never know my mobile number (rather does not need to know), its unique one SIM to a Bank account – but it does require a clearing house at the bank’s end (interfacing).

Before you shred this idea to million pieces… let me assure you, its not the idea that I want to emphasize here. Like I cited, ideas that can work are many. It’s the adaptability that is missing.

We are ‘carry-thy-wallet-to-the-merchant’ nation. We physically want to be present. We are a Cash-on-Delivery based economy. For larger ticket items – we believe in going to the store ourselves. Our ground and overnight shipment can still be improved but companies like DHL, Fedex, TCS are still not up to the mark. I mean for crying out loud, if I need bubblewrap – TCS cannot deliver it to me (to be fair, neither can the others). Packaging material like (airbags of space utilization, Styrofoam peanuts and bubblewrap) are all absent.

Tracking options are slowly being improved upon. There has not been a concerted effort by the banks to push electronic or mobile commerce in Pakistan. This is a fact. There is an old-school management in place who still don’t dwell very well upon such ideas. The new breed might (and we would have to wait 2-5 years for them to take over) who would probably then instill such ideas into a bank’s business plan.

The government has been a silent spectator of sorts. Promised were the days of automated systems and this and that, well frankly I haven’t seen it. For a country that still uses Hotmail and Yahoo! as official addresses – I don’t pin much hope siding with them.

What we can do and the picture is not so bleak, is promotion! It’s the only tool we have left out for the masses. If we all promote such businesses like Lootmaar and other Pakistani merchants who are trying to sell online (Beliscity www.beliscity.com and Makarts www.makarts.com) we can make a difference.

The Start-up Initiatives taken by P@SHA – are also a great place to take relatively new start-ups and give them support – give them hope. Incentive based programs can be drawn by these merchants to bring traffic towards them. They can promote themselves with bloggers and need to have viral and word-of-mouth advertising maximized. They need to quickly go from Version 1.0 to Version 2.0 and so on and so forth. But not at the expense of quality, security and breaking-what-was-working-already!

Side-lookers like banks, mobile companies, ground shipping and handling companies, credit card companies, ATM owners, consumer marketing companies, merchants-in-waiting, all are looking at us, so you can chin-up and rather than just moving on to the next blog read, perhaps you too can contribute towards the local start-ups who are trying to make a difference. After all, we only have ourselves to blame.

Recently I had some colleagues of mine visit from Singapore – at our Khayaban-e-Itthehad office, there is a café right next to us, called “The Second Floor” (its an amazing place, I highly encourage everyone to visit it).

Most of the time – my esteemed colleagues preferred spending their time in the café, due to three factors (a) coffee (b) ambience and (c) free Wifi.

Its the free Wifi issue that irks me a lot. Why is it that in Karachi we have not been able to have more and more free Wifi spots?
Why is it that no one has taken initiatives for establishing even municipal wifi communities?

Everybody is protecting their bandwidth so feverishly – and rightly so – there are plenty of bandwidth pirates who would want to hijack or piggyback on your wifi connection. But bandwidth is getting cheaper by the day – could anyone here have imagined paying Rs. 5,000 for a 2MB connection? I certainly did not. I was a very happy camper when the Rs. 5,000 for 1MB deal came out.

The 2MB upgrade simply was not on my radar.

In the days to come, I am sure, bandwidth will get more cheaper… so if that is the case, how come we still have very few wifi hotspots around. I first assumed that there wasn’t any wifi available at Karachi airport, but then found out Cybernet does indeed operate over there, but you either need an account or as some have sworn, that its free. I tried connecting to it – to no avail.
But what about other places? No – not coffee shops – that’s pretty much a given. What about buildings? None of the buildings have it – not that you can find a building to sit in/under. The hotels charge Rs. 100 per hour for wifi – that still sucks!!! What is even more amazing, almost none of the hotels in Karachi have in-room wifi (to be equally fair, many hotels outside of Pakistan also don’t have wifi in the rooms)

Sea View flats, or other flats in Gulshan or Clifton, or PECHS – no one seems to be offering wifi. There is no free wifi in any of the malls. Which really sucks!

What does it take to share bandwidth? Meraki came out with the answer. Go to their website and read more about it – I just feel, if we were to invest on a small community / municipality level to build wifi networks, we will see a whole new market developing.