tag:browndroppings.co,2014:/feedShit Ezra Says2023-09-02T11:00:44-07:00Ezra 'God' Olubi.http://browndroppings.coSvbtle.comtag:browndroppings.co,2014:Post/brunch2023-09-02T11:00:44-07:002023-09-02T11:00:44-07:00The origin and evolution of my Sunday brunches<p>Every Sunday, you’ll likely find my friend Tolu at brunch somewhere. She might be at Eric Kayser alone, catching up with a former colleague at Pitstop, or hosting close-knit friends at her apartment in Victoria Island. It was no surprise that when she came to spend the weekend at mine sometime in February 2021, she was itching for us to go out to brunch on Sunday. Another friend of mine was around at the time, and we collectively agreed to spend our Sunday morning at Orchid Bistro, Ikeja GRA.</p>
<p>We spent the time talking about anything and everything, catching up on our individual travails, and running commentary on the food. A colleague of mine was scheduled to visit me that day, so she joined us at Orchid Bistro instead. I appreciated how chill and relaxing the outing went and commented on how I’d love to experience it more often. The only problem was that regularly leaving my house wasn’t something I was keen on doing. Tolu pointed out that I could make it work in my space and I just needed to figure out the food. I reached out to my assistant, Chinelo, and the hunt for a chef began. </p>
<hr>
<p>Pre-pandemic Paystack encouraged <a href="https://twitter.com/0x/status/1688634868366815232">Stacks</a> to live close to the office, including offering housing grants to assist anyone who chooses to move to a place within a certain distance from the office. Just before the COVID lockdowns commenced in 2020, we had two apartments ready within the vicinity for those who would like to move in, knowing fully well that most people likely didn’t have their spaces adequately set up for remote work, especially when it comes to internet connectivity and power. By the time the lockdowns took effect, a decent number of Stacks (including me) lived within walking distance from each other.</p>
<p>As the lockdowns eased up, my space slowly became a hub of sorts, with friends and colleagues sometimes choosing to come work from mine, convene for an evening stroll, or hang out with other colleagues. This helped in a number of ways, including helping to foster camaraderie at a time when most of the world was for all intents and purposes, lonely.</p>
<p>As the world continued to open up in 2021 and people returned to their regular lives, average foot traffic at my place remained greater than in pre-pandemic times, and a glaring benefit of hosting brunch once a week at mine meant that I was able to intentionally concentrate all my people-ing to that day.</p>
<hr>
<p>With the help of Chinelo and several chef trials later, we settled on one and <a href="https://twitter.com/0x/status/1694067080083951823">kicked things off on the 22nd of August, 2021</a>. It was quite the large group. Eight people, all of them colleagues except one. Given that it was my first, I winged it. There were some fundamentals established from day one, however, that have stayed the same. Brunch starts at 11 am. It’s a four-course affair (breakfast, small bites, lunch, and dessert). Bottomless mimosas!</p>
<p>My preference for punctuality meant I actively noted when guests arrived and prioritized those who came on time for future invites. When I moved to my new place and had a “proper” dining area, the TV stayed off during brunch to encourage more interpersonal activity. Eventually, I also deprioritized games as I felt they were a lazy crutch often relied upon to fill the silence when an inherently diverse group of people could instead engage in enriching conversations, share experiences, and learn from each other.</p>
<p>Over time, I’ve also learned to be aware of and appreciate the little things that come together to make the overall experience unique.</p>
<ul>
<li><p><strong>Swapping footwear for socks at the door and washing hands</strong>: Sometime in 2019, a friend invited me to a small get-together at her place. When I arrived, I was offered a pair of socks so that I wouldn’t have to walk barefoot on possibly cold tiles after taking off my shoes. I thought that was cool, and I started looking for ways to incorporate the same in my space. I like to casually sit on the floor in my house without giving thought to whether there’s a shoe stain to avoid or not. Eventually, the socks policy went into full effect for everyone with a reason to be in my space - friends, artisans, staff, etc. Requiring guests to wash their hands before interacting with the space is a holdover from the COVID-19 pandemic and is one I don’t intend letting go of soon. Over time, I realized that this ritual helped create some shared baseline amongst guests such that at its completion, it lowered the anxiety barrier to interacting with everyone else, especially when it’s the person’s first time in the same room with them.</p></li>
<li><p><strong>Rewarding guests with an album of shots from their visit</strong>: Mid last year, I decided to get back to being intentional with my photography. I work well with routines, and what better routine is there to practice the craft for someone who’s almost always at home? Brunch, of course. I try to capture moments of guests interacting with themselves and having fun. Once brunch is over, I quickly export the pictures to my laptop and fire up Lightroom to sort through the ones I like. I then edit, export, and upload to a Google Photos album, which I share with the guests. Not only do you get to come over and chill with interesting people, you also get to keep an album of memories. On my part, I get better at framing shots, learn a new trick or two about using Lightroom, and get to relive the day’s activities from looking through the shots. Recall my friend Tolu from the start of this piece - she emigrated earlier this year, and this is a group shot from her last Sunday in Lagos.</p></li>
</ul>
<p><a href="https://svbtleusercontent.com/qoavVXXigSfTkFxPHCLHeT0xspap.jpg"><img src="https://svbtleusercontent.com/qoavVXXigSfTkFxPHCLHeT0xspap_small.jpg" alt="20230402-20230402-5X1A4764.jpg"></a></p>
<ul>
<li><p><strong>Chef’s menu introduction</strong>: After breakfast is served (usually by noon), the Chef comes out of the kitchen to address the room and go over the day’s menu as well as talk about the concessions or substitutions that have been made to account for dietary constraints, if any.</p></li>
<li><p><strong>House tours</strong>: First-time guests are treated to a tour of the entire space, delivered by a fellow guest. They get a walkthrough of my thought process behind the overall design and layout and also get introduced to my art collection. There’s a whiteboard in my study that has been hijacked by guests signing their names on it. This usually happens on the tour cos when they get to the study, it’s right there, begging to have their names added to it. </p></li>
</ul>
<p><a href="https://svbtleusercontent.com/2Lx7MCLVJ1qjcK4XYNBbf50xspap.jpg"><img src="https://svbtleusercontent.com/2Lx7MCLVJ1qjcK4XYNBbf50xspap_small.jpg" alt="IMG_4982.jpg"></a></p>
<ul>
<li>
<strong>Cats</strong>: Do I need to give more context to this one? Luci’s babies were <a href="https://twitter.com/0x/status/1280789828238487553">born mid-2020</a>, and given that they were raised at a time of heightened foot traffic at mine, as expressed earlier, they got used to being around people and enjoy coming to play with guests, or participating in the conversation by sitting on the table (side eye to <a href="https://twitter.com/whitesandtabby">Stripe</a>).</li>
</ul>
<p>The conversations we have are <a href="https://x.com/0x/status/1599336779735502849">largely spontaneous</a>, and each Sunday touches on a variety of topics. The flow is dependent on the people in the room and what they feel like discussing or debating at the time and it’s almost impossible to predict how each instance will go. In a recent gathering, someone touched on the subject of porn addiction - a topic eerily reminiscent of <a href="https://x.com/kolamide/status/1694070099114623350">this tweet</a>, which while uncalled for, earned itself a pile-on that presented an interesting case of <a href="https://x.com/0x/status/1622924543290486787">context collapse</a>.</p>
<hr>
<p>In the months after <a href="https://paystack.com/blog/company-news/paystack-joining-stripe">Stripe’s acquisition of Paystack</a> closed, Shola sometimes asked me in our one on ones, if I have found a way to translate money into happiness. I think this is it.</p>
tag:browndroppings.co,2014:Post/the-journey-to-a-10gbps-home-network2023-04-30T09:00:40-07:002023-04-30T09:00:40-07:00The journey to a 10GbE home network<p>My first memorable experience with a well-designed and functional network was in 2009 at the African University of Science and Technology (Abuja). My friend, <a href="https://twitter.com/bigbrovar">@bigbrovar</a>, designed and built the network, and was its sole administrator.</p>
<p>Speaking of the network being very functional, I am referring to the breadth of services running within the network that needed to be kept alive. The university assigned laptops to students. These laptops ran a custom Linux distro (also put together by my friend) and, at some point, loaded the user’s home directory off the network, making it possible for students to login to their desktop profile on any school-issued computer they can find. There was also some caching setup in place such that any HTTP download is done once over the internet and subsequently on the network, dramatically cutting down bandwidth requirements for system updates, etc. I used to run Ubuntu on my primary laptop at the time and happily stopped by the school on weekends to keep my packages up to date.</p>
<h1 id="my-first-home-network_1">My first home network <a class="head_anchor" href="#my-first-home-network_1">#</a>
</h1>
<p>In 2013, as the new wireless standard (802.11ac) started making it into consumer devices and routers, I decided to get serious about setting up a home network. Before then, wireless routers from ISPs stuck at 802.11n made it frustrating to do anything serious on the network outside of normal internet connectivity. File transfers? Time machine backups? Just forget it unless painfully slow transfers are a kink. The promise of moving data at speeds up to 1.3Gbps led me to get my first Linksys router (EA6900) and hook it up to my ISP’s modem. </p>
<p><a href="https://svbtleusercontent.com/5LY2UMaYRJF5Zo8xArEsX60xspap.jpg"><img src="https://svbtleusercontent.com/5LY2UMaYRJF5Zo8xArEsX60xspap_small.jpg" alt="My Lynksys router, sitting alongside my 4TB WD NAS and my ISP's modem"></a></p>
<p>Over time, I added utility to my shiny new home network. I got my first <a href="https://en.wikipedia.org/wiki/Network-attached_storage">NAS</a> - a self-contained single-drive Western Digital device. I was able to run time machine backups to it over the network. Wireless connectivity often topped off at about 700Mbps, so I found myself using a cable for the most part when I wanted to perform transfers at full speed. I also set up <a href="https://www.plex.tv">Plex</a> on a spare laptop and had it index my media collection stored on the NAS. This was a small house, and my TV wasn’t smart, so I connected the laptop directly to the TV and got a small Logitech keyboard to use as a remote. My basic home entertainment setup was good to go!</p>
<h1 id="doing-more-with-a-bigger-space_1">Doing more with a bigger space <a class="head_anchor" href="#doing-more-with-a-bigger-space_1">#</a>
</h1>
<p>In January 2017, I moved to a new apartment. This one was slightly larger than the previous one - two bedrooms instead of one. The layout was also such that the spot where I intended to set up my desk wasn’t necessarily a good place to situate my wireless router, so I had to run a Cat6 cable from my bedroom to the living room (via the ceiling) where I placed the router. IPNX fiber to the home had also become a thing, and I got on a 50Mbps plan. At my desk, the cable from the living room ended up in a small 8-port switch from which I could connect my NAS, my desktop, and any other devices that needed to be hardwired to the network for guaranteed availability. </p>
<p>The service I got from my ISP guaranteed the quoted speed in both directions (uplink/downlink) and assigned me a dedicated IP address. This encouraged me to take things up a notch and set up my Plex server to access it outside my home. I also decided to set up a bigger NAS. The previous one had a capacity of 4TB. I got a Synology DS916+ enclosure which offered four hard drive bays, and I got four 8TB HGST drives to go with it. I eventually moved routing responsibilities away from my Linksys router to a single-board computer on which I had set up <a href="https://en.wikipedia.org/wiki/PfSense">pfSense</a>. This was an attempt to own my network stack further and be able to do stuff like setting up <a href="https://en.wikipedia.org/wiki/Squid_(software)">Squid</a> to serve as a caching and forwarding proxy. Remember my experience with this at my friend’s school, as described at the start of this article? That’s what I was trying to replicate. Unfortunately, most websites at this time were beginning to move to HTTPS as a default mode of transport, making it such that transparent caching and forwarding required some extra man-in-the-middle hacks. This wasn’t necessarily “transparent” to a new device joining the network as it required manual intervention to suppress certificate errors that would unfailingly show up. Oh well.</p>
<p><a href="https://svbtleusercontent.com/sDUD9tYCzFnewHAvnwCoAR0xspap.jpg"><img src="https://svbtleusercontent.com/sDUD9tYCzFnewHAvnwCoAR0xspap_small.jpg" alt="The single-board computer I had running pfSense"></a><br>
<a href="https://svbtleusercontent.com/ioTb7YGKxWtkYTbFJWjYkD0xspap.jpg"><img src="https://svbtleusercontent.com/ioTb7YGKxWtkYTbFJWjYkD0xspap_small.jpg" alt="My first Synology NAS setup. 4x8TB"></a></p>
<hr>
<p>Considering how well IPNX worked for me at home, I quickly figured it made sense to adopt the same setup at work. Stable and reliable internet connectivity isn’t something I joke with, and we ultimately relegated our existing Tizeti setup to the background. Given my tendency to be hands-on - a trait shared by my engineering colleagues at the time, we set out to design what the office network should look like. The size of the space meant that the wireless setup wasn’t going to be as simple as just dropping a wireless router in the space and hoping for the best. This was how I got introduced to the world of setting up <a href="https://ui.com">Unifi</a> access points.</p>
<p>I know you are here to read about my eventual 10GbE home network setup, but let me make a slight detour and walk you through another opportunity I had at work to design and set up our office network at a new location. This also presented my first practical foray into 10GbE networking, as the location was a large compound with two buildings. I decided to go with a layout that connected both via a 10Gbps link over fiber. There was a need to ensure the entire premises was blanketed with WiFi and video surveillance. For the latter, I was convinced we could get a better setup than the one a third-party vendor installed at our previous office location. I mean, it’s 2019, and a custom IP camera setup has the potential to provide better flexibility and overall more ROI compared to the basic CCTV setup most Lagos installers are famous for. As part of fact-finding, I ordered two Reolink cameras to test with Synology Surveillance Station on my NAS at home. The setup was quite straightforward, so we went ahead and purchased enough to install around the premises. </p>
<h1 id="my-10gbe-home-network_1">My 10GbE home network <a class="head_anchor" href="#my-10gbe-home-network_1">#</a>
</h1>
<p>After I secured the lease to my new home in mid-2021, I started mapping out what the network layout would look like. The guiding principle was to guarantee future-proofing. This meant I had to run cables from the location I intended to use as my network hub to everywhere I might need to have a stationary device hardwired to the network. All wall points will also be capable of 10 GbE speeds. The future may be wireless, but bleeding edge high bandwidth connectivity will always be wired, and I would like to experiment with or leverage devices that require such in my home. </p>
<p>One of the random challenges I ran into while setting up the network was how unnecessarily expensive 10GbE networking equipment was. When I was planning the setup, Ubiquity didn’t have reasonable options for 10GbE switches, and I was stuck with a <a href="https://store.ui.com/collections/unifi-network-switching/products/us-xg-6poe">6-port POE</a> one, which only had four RJ45 ports with two SFP ports. I got four of these since my plan required 15 10GbE-capable wall points. Thankfully, by October 2021, Ubiquity released a single <a href="https://store.ui.com/collections/unifi-network-switching/products/switch-enterprisexg-24">24-port 10GbE switch</a>. I wasted no time <a href="https://twitter.com/0x/status/1488985277792231429?s=61&t=231AbYIMWr9aKlAHkaEFDQ">purchasing that instead</a> and gave out three of the smaller switches I got previously.</p>
<p><a href="https://svbtleusercontent.com/mb9LhhUzxmmrBBxDKwTuhP0xspap.jpg"><img src="https://svbtleusercontent.com/mb9LhhUzxmmrBBxDKwTuhP0xspap_small.jpg" alt="Contents of my rack, showing my Synology NAS, pfSense router, and two switches"></a></p>
<p>My early shopping list looked like this:</p>
<ul>
<li>a 500ft roll of CAT7 cable (to run from my patch panel to wall plates)</li>
<li>a 1000ft roll of CAT6 cable (to run from my patch panel to the various spots I intend to place access points)</li>
<li>access points. U6-Pro/Lite for indoors, and U6-Mesh for outdoors.</li>
<li>a 24-port poe switch (12 ports @ 1GbE, 12 ports @ 2.5GbE)</li>
<li>a 24 port 10GbE switch</li>
<li>a 48-port patch panel</li>
<li>a 48u server rack (I didn’t want to constrain myself by what I thought I needed at the time. Again, future-proofing, haha)</li>
<li>a lot of RJ45 connectors and strain relief boots</li>
<li>a direct attached copper cable to connect both switches using their SFP+ ports</li>
<li>a 6-port Intel-based single-board computer to use as a firewall/router </li>
<li>an Intel NUC to host my Unifi controller and other “essential” software such as pi-hole and homeassistant in virtual machines</li>
</ul>
<p>My choice of U6-Lite access points was influenced by wanting wireless devices to be within a reasonably short distance from the closest access point at all times without necessarily having to deal with signal interference issues. My primary connection to the internet offers 1Gbps of bandwidth which means the TX rate wifi-connected devices are able to maintain will be their bottleneck. The idea was to maximize that as much as I reasonably could. I eventually had to switch out three of these access points to Pros. This was <a href="https://twitter.com/0x/status/1628852505961541633?s=20">to address three dead zones</a> I discovered.</p>
<p>I hate power outages and would hate for my network equipment to be subject to unexpected power failures, so I put multiple redundancies in place on that front. I had the electrical wiring of my home redone to split the space across two distribution boards, with one of them prioritized and configured to be the only one powered in the event of a power outage that sees my bank of lithium-ion batteries drained to 50%. The spaces covered by priority db include the workshop (the base of my home network). In addition, there is a rack-mounted APC UPS capable of keeping devices in the rack powered for well over an hour in the event of an inverter shutdown. </p>
<p>I am still making updates to the network, and I recently added Starlink to provide upstream redundancy. I am also putting together components to <a href="https://twitter.com/0x/status/1635760389899051008?s=20">build a new NAS</a>, which alongside <a href="https://twitter.com/0x/status/1609172743160795136?s=20">the desktop I built over the holidays</a>, will take full advantage of the 10GbE network.</p>
<p><em>Thanks to <a href="https://twitter.com/bigbrovar">@bigbrovar</a>, <a href="https://twitter.com/timmmms_">@timmmms_</a>, <a href="https://twitter.com/twisted_myk">@twisted_myk</a>, <a href="https://twitter.com/eeyitemi">@eeyitemi</a>, <a href="https://twitter.com/tomiadesina_">@tomiadesina_</a> and <a href="https://twitter.com/couth__">@couth__</a> for reading drafts of this.</em></p>
tag:browndroppings.co,2014:Post/folding-home2022-10-01T11:22:57-07:002022-10-01T11:22:57-07:00Leveraging spare computing power for science<p>My earliest participation in distributed computing systems was installing <a href="https://en.wikipedia.org/wiki/SETI@home">SETI@home</a> on my computer in the early 2000s. Short for “search for extraterrestrial intelligence”, SETI@home at the time was essentially a screensaver that leveraged idle computing power to analyze data captured from the <a href="https://en.wikipedia.org/wiki/Arecibo_Telescope">Arecibo Telescope</a> to detect signs of intelligent life outside our planet. </p>
<p>The project failed to detect evidence of life outside earth. However, it proved that it is possible to leverage volunteer computers worldwide for scientific research, giving researchers more options beyond buying time on specialized supercomputers for their work. SETI@home also evolved from a single-purpose screensaver into the <a href="https://en.wikipedia.org/wiki/Berkeley_Open_Infrastructure_for_Network_Computing">Berkeley Open Infrastructure for Network Computing (BOINC)</a>. This system matched volunteer computers with various projects that could use the spare compute.</p>
<h1 id="enter-foldinghome_1">Enter Folding@home <a class="head_anchor" href="#enter-foldinghome_1">#</a>
</h1>
<p>Like SETI@home, <a href="https://en.wikipedia.org/wiki/Folding@home">Folding@home</a> (or FAH) leveraged spare CPU and GPU resources on volunteer computers to run protein simulations to discover new drugs or therapies that can help combat diseases such as cancer, Alzheimer’s, Parkinson’s etc. It doesn’t run on BOINC because it was developed separately (the initial release was a year before BOINC), so you have to install its client to participate.</p>
<p>At the height of the <a href="https://en.wikipedia.org/wiki/COVID-19_pandemic">global lockdowns</a> in March 2020, FAH amassed enough volunteer computers on its network to become the world’s first exascale computing system. It was many times faster than the fastest supercomputer at the time until HPE’s <a href="https://en.wikipedia.org/wiki/Frontier_(supercomputer)">Frontier</a> reached full capability in June 2022. </p>
<p>I had been on and off with <a href="https://stats.foldingathome.org/donor/name/0x">my contributions to Folding@home</a> until early 2020 when I decided to take it seriously. My cause preferences were Cancer and Alzheimer’s. The FAH team also temporarily redirected all resources to Covid-19 research projects, ultimately contributing to the unprecedented scale of scientific collaboration that got us vaccines in record time. I have since had the FAH client running on every always-on computer in the house, besides my router and NAS. I am currently a top 0.4% donor.</p>
<p>Today marks the first anniversary of my last PC build, the current most significant contributor to FAH of all the devices I own. I built it with Loknan, a colleague of mine, with honorary participation from two other friends. More about the components <a href="https://pcpartpicker.com/list/NjD6Cz">here</a></p>
<p><a href="https://svbtleusercontent.com/dwNC98SyyumpEfXHP9M1Yk0xspap.jpg"><img src="https://svbtleusercontent.com/dwNC98SyyumpEfXHP9M1Yk0xspap_small.jpg" alt="IMG_1189.jpg"></a></p>
<p>AMD recently announced their next gen processors and I can’t wait to build a new rig based on the 7950x. Update: <a href="https://twitter.com/0x/status/1609172743160795136">done!</a></p>
tag:browndroppings.co,2014:Post/the-weak-link2020-05-09T13:15:37-07:002020-05-09T13:15:37-07:00The weak link<p>Ever since I had my Twitter handle changed to @0x back in January of 2010, I have been no stranger to attempts at stealing the account off me. First, it was seemingly lame password reset attempts - I got the emails, and simply ignored them, and then it escalated to straight up demands to surrender the address via subtle threats in my DMs. </p>
<p>Sometime in 2018, someone succeeded in breaching my old and abandoned yahoo email account and then emailed me from the address, asking me to change my Twitter password to a specific text, along with what to set the new email address on the account to. I didn’t respond - he later reached out via DM threatening to leak compromising pictures he had in his possession from the breach. </p>
<p><a href="https://svbtleusercontent.com/72nYVzrnjHj92bNzYjoEr20xspap.png"><img src="https://svbtleusercontent.com/72nYVzrnjHj92bNzYjoEr20xspap_small.png" alt="blackmail screenshot"></a></p>
<p>I didn’t think I had anything to be worried about. My security sense is definitely not fort knox level but at least, I had all the bases covered - I use a password manager, and I have 2FA setup everywhere that mattered - or so I thought. I woke up on the morning of the 25th of May 2019, realizing how monumentally wrong I was.</p>
<p>About two months prior, I flirted with the idea of migrating my phone number from T-Mobile to Google Fi. I didn’t - choosing to leave it till later. At the time, I saw it as a vanity act I could get to at a later date. I got to it eventually - but not before my line got <a href="https://www.vice.com/en_uk/article/3kx4ej/sim-jacking-mobile-phone-fraud">SIM-jacked</a> and paved way for a complete theft of my online identity.</p>
<h1 id="how-it-unfolded_1">How it unfolded <a class="head_anchor" href="#how-it-unfolded_1">#</a>
</h1>
<p>The domain name I use with my personal email address was bought on GoDaddy back in 2007 and has been on that account ever since. I manage the DNS using Cloudflare and as such, only login to my GoDaddy account about once in two years to renew the name alongside other domain names I have bought over the years. </p>
<p>Sometime in the third week of May 2019, my T-Mobile line lost cell service. I am not sure of the exact date as I used the line early in the week to make some calls but ignored it afterwards. I was in Nigeria at the time and wasn’t making regular use of the line. </p>
<p>My attacker (let’s call him Jeff) proceeded to reset my GoDaddy password by convincing the support personnel that he had lost access to the email address but could have his identity verified using my phone number. I didn’t have 2FA setup on my GoDaddy account so this was relatively frictionless. Jeff eventually got into my account around 11:34PM WAT on the May 24.</p>
<p>Now in control of my GoDaddy account, Jeff proceeded to change the email address on the account to <a href="mailto:xssvuln@protonmail.com">xssvuln@protonmail.com</a> and setup 2FA. He then modified the nameservers for the domain name from Cloudflare’s to GoDaddy’s after which he bought an Office365 addon (using my saved credit card details no less) with the intention of setting up a mail service he could use to impersonate me. Seeing as he was now in control of my DNS records, he was able to setup new MX records and just like that, all mails intended for me ended up in his new inbox, completely bypassing my G Suite account.</p>
<p>Now in possession of my phone line and my email address, he proceeded to reset everything he could lay his hands on. Well, as much as he could before I woke up. </p>
<p>On the morning of the 25th, I launched my Twitter app around 10AM only to be told I had to login. I wasn’t sure what was wrong at the time but after looking up my account in incognito and saw that it was locked, I promptly checked my mailbox and saw a password reset attempt on my Instagram account around 11:58PM WAT the previous day (the new MX records probably hadn’t been fetched by Facebook at the time) and absolutely no new emails from about two hours later. Quickly, I typed my domain name into a browser and was greeted by a default GoDaddy “success” page. That was when I realized what was going on. </p>
<p>Fuck.</p>
<p>I couldn’t login to my GoDaddy account. I discovered that my T-Mobile line was essentially a dud. My work email was still working and nothing work related appeared to be compromised yet. I quickly went to the account settings of my work email and removed all ties to my personal email address, starting with recovery options. I called Loknan, our Infrastructure and Security Lead and told him I had been compromised, directing him to immediately revoke all my access to company resources. A member of his team, Eyitemi was briefed and everyone was on high alert. Eyitemi handled communication to the company to let everyone know to ignore any form of communication from me until further notice.</p>
<p>I created a ProtonMail account and began resetting my identity on important services such as my password manager, financial apps, my bank accounts, etc. My Amazon account, Facebook/Instagram accounts, were already in Jeff’s hands at this point. All of these, including my Twitter account had (authenticator-based where possible) 2FA setup but that was not enough since they all also had my now compromised phone number.</p>
<p>Some services such as Coinbase insisted on sending a mail to the current email address before allowing an email change. Sounds good on paper, but in the face of what I was up against, it wouldn’t work. I will succeed in alerting Jeff to the account and then he’ll just compromise it anyway. Oh wait, some of the services whose email addresses I changed sent Jeff one final email confirming the address change so he had already been alerted anyway. He attempted a few password resets, including incessantly trying to get into my Coinbase account. Thankfully, it was my Nigerian phone number on that one so I kept getting text messages. For the rest of the day, with change to spare for the next day. No kidding.</p>
<p>Just when I thought it couldn’t get worse, my internet connectivity slowed to a crawl in the evening and when I looked up traffic data on my router, this was what I saw.</p>
<p><a href="https://svbtleusercontent.com/bjDn8W9ovhbUkLn8Uk62au0xspap.png"><img src="https://svbtleusercontent.com/bjDn8W9ovhbUkLn8Uk62au0xspap_small.png" alt="Screenshot 2019-05-25 20.09.00.png"></a></p>
<p><a href="https://svbtleusercontent.com/eavy5Z3MkwPMRecmN8YjFq0xspap.png"><img src="https://svbtleusercontent.com/eavy5Z3MkwPMRecmN8YjFq0xspap_small.png" alt="Screenshot 2019-05-25 20.10.07.png"></a></p>
<p>I was being DDoS’d. It was surreal. I tightened my firewall rules and disabled port forwarding to services I hosted within my home network.</p>
<p>The timing couldn’t be more inconvenient. Monday the 27th of May was Memorial Day in the US and as such, most people had gone to see their family for the long weekend. Attempting to recover my GoDaddy account wasn’t going to be a straightforward process given my situation. Eyitemi managed to reach the VP of Engineering at GoDaddy who was helpful with escalating internally. I spent that night and the next day going through a fairly rigorous vetting process to establish my legitimacy. By noon on the 27th, I regained control of my GoDaddy account and in turn, my domain name. </p>
<p>In parallel, I had reached out to Twitter with regards to the locked account which it said was closed due to suspicious activity. I was asked to submit an ID to prove that I was 18 when I opened the account. To my surprise, they happily released the account afterwards. To Jeff. </p>
<p>I wasn’t so unfortunate with the other compromised services though. By Tuesday evening, I had regained control of them all. Of interest was my Amazon account which even though the rep that helped me tried to purge it of activities performed on it by Jeff, a few breadcrumbs were left. These helped me establish the fact that he had claimed a gift card worth $528.94 on my account and used it to make a bunch of purchases - to an Amazon Locker. I imagine Amazon’s process of validating CVV when you’re placing an order to a new shipping address made it impossible to use any of my cards on file. Thanks Amazon. </p>
<h1 id="my-twitter-account_1">My Twitter account <a class="head_anchor" href="#my-twitter-account_1">#</a>
</h1>
<p>I was worried that my account’s DMs were now in the hands of a hostile party at this point. He was posting weird stuff on the account, presumably to prove to his Discord friends that he was indeed in control of the account.</p>
<p>I opened a new support request, explaining my predicament to what seemed like a robot run operation. On the off chance that a request seemed like it was reaching a resolution, my email address got added to the account at which point I was able to reset the password to the account. However, upon logging in, I had to go through an extra confirmation step to have my email address supplant Jeff’s. Unfortunately, I never received these emails. Eventually, Jeff would realize I had changed the password to the account and will just change it back, locking me out and leaving me to start all over again.</p>
<p>By mid June, he had reached out to the people behind the cryptocurrency, 0x (<a href="https://twitter.com/0xProject">@0xProject</a>) with the intention of selling the account. Thankfully, a member of the 0x team reached out using my work email address to inform me of this and to “make sure it wasn’t stolen from” me. I thanked them for reaching out and explained that I was indeed compromised and they should not humor the seller as I had every intention of getting my account back. For context, someone from the team had reached out earlier to me expressing their interest in the account. I had politely declined. I’m guessing that was when they had established who I was and knew to reach out to me when it seemed the circumstances had changed.</p>
<p>I grew more and more bored of creating new support tickets over time as the play was always the same. It didn’t help that on occasion, the rep just assumes I am the one trying to steal the account and closes the ticket.</p>
<p>I eventually gave it a try again two weeks ago with the help of my cofounder and a couple of people from our network and here we are today. I was connected to an insider within Twitter who helped with the process, including not just adding my email address back to the account, but also deleting Jeff’s. I also got around the problem I had with not receiving confirmation emails by deleting my email address and adding it back to the account.</p>
<p>I now have the last piece of the puzzle in place. 1 year later.</p>
<h1 id="lessons-learned_1">Lessons learned <a class="head_anchor" href="#lessons-learned_1">#</a>
</h1>
<p>SMS-based 2FA is a joke. No, seriously. Use an authenticator app wherever possible.</p>
<p>Your security is only as strong as your weakest link. Mine happened to be the lack of 2FA on my GoDaddy account.</p>
<p><em>Thanks to Loknan Nanyak, Cynthia Ndeche, and Oiza Jagun for reading drafts of this.</em></p>
tag:browndroppings.co,2014:Post/candid2016-04-28T19:40:33-07:002016-04-28T19:40:33-07:00Candid<p>It’s amazing how I have managed to garner a reputation for always being angry in certain social circles. Particularly on <a href="http://radar.techcabal.com">Radar</a>, I have been referred to as a terrorist, someone who prides in mindlessly bullshitting (or attacking) other people’s ideas, amongst other things. I have in not so many words been blamed for some people abstaining from sharing their thoughts or products for fear of being judged. Some have even gone as far as looking forward to the failure of things I lay my hands on just so they can have a good laugh - I know this because this sentiment has been expressed to people who happen to be friends of mine.</p>
<p>Wow.</p>
<p>Sometime in 2009, I wrote a casual blog post titled <a href="https://browndroppings.co/celebrating-mediocrity">Celebrating Mediocrity</a> which basically expressed my disgust with the low ambitions of most web services created by Nigerians. This sentiment hasn’t changed much. What has become even stronger is how much people are willing to defend their shitty products or weird processes online, sometimes questioning the intelligence of the same people who are supposed to be consumers of their offerings. This post is not an attack on anyone in particular but I will be giving a couple of very specific instances. </p>
<p>Sometime in December of 2014, my friend and colleague at the time posted a tweet complaining about the fact that Konga keeps sending her emails she can’t unsubscribe from. Now, unless you absolutely love spam, we must have all tried unsubscribing at some point. I know I did, back in 2012 - I’m not sure I was even a registered user at a time, but I got mails from them anyway. The first time I tried to, the unsubscribe functionality was broken and threw errors instead. I tried again a few months after and it worked… except that it didn’t. I still got the emails. Unfortunately, some smart ass working at Konga thought it was best to reply with this.</p>
<blockquote class="twitter-tweet">
<p lang="en" dir="ltr"><a href="https://twitter.com/OnyekaAg">@OnyekaAg</a> u probably missed this <a href="http://t.co/lbBWBj9ho8">http://t.co/lbBWBj9ho8</a> Please explain the Hot Mess Part. Thanks</p>— Kessy Asuamah™ (@kessyswagga) <a href="https://twitter.com/kessyswagga/status/540078485331783680">December 3, 2014</a>
</blockquote>
<p>I’m not kidding that link in his tweet was pretty much a screenshot of one of Konga’s spam mails, with the unsubscribe link circled complete with an arrow pointing to it - just in case she didn’t know how to use computers. Oh, and in case the tweet gets deleted - <a href="http://postimg.org/image/xj3airymp/">http://postimg.org/image/xj3airymp/</a> & <a href="http://postimg.org/image/boop5igpd/">http://postimg.org/image/boop5igpd/</a></p>
<p>Subsequent discussion around that, particularly remarks from some Konga developers I met with later that week was amazing. They had basically decided to take any instance where deficiencies in their platform is pointed out to mean a personal attack and were going to fight back, rather than reflect and fix what is wrong. I considered writing about it at the time, but I was able to resist the temptation of a knee jerk reaction.</p>
<p>One thing I cannot do is observe this, amongst the rest of the madness that surrounds us in terms of service delivery and product development without calling people out on their bullshit. I was having a conversation with a friend from Uganda the other day where we expressed our collective disdain for this pervasive mediocre mindset. Its almost as though we have set the bar low for ourselves so we can beat our chests and stand tall after basic accomplishments. I’m sorry but no progress is made that way.</p>
<p>Some people however have taken this demeanor of mine too far, and immediately take up a defensive stance whenever I point something out where they are concerned. A recent example is this little quip I tweeted earlier this month.</p>
<blockquote class="twitter-tweet">
<p lang="en" dir="ltr">They say imitation is the sincerest form of flattery. Thank you SimplePay. <a href="https://t.co/EMFweNwkaV">https://t.co/EMFweNwkaV</a><a href="https://t.co/fxswbsh7qz">https://t.co/fxswbsh7qz</a></p>— Ezra ‘God’ Olubi. (@0x) <a href="https://twitter.com/0x/status/718700556546486272">April 9, 2016</a>
</blockquote>
<p>Someone called my attention to the copy of Simplepay’s pricing page and how it was an almost 1-1 replica of Paystack’s. Now I understand we are in the same business and there’s a limit to how much you can write things differently to not appear like you’re copying the other guy.. but come on. I found it amusing, and it particularly reminded me of how VoguePay came into the scene back in 2012 with a website that essentially lifted Eyowo’s copy, along with some of the assets. Too poor, but flattery alright. Next thing I know, someone who I will assume is affiliated with SimplePay launched a tirade of tweets at me. Okay, just two.</p>
<blockquote class="short">
<p>@0x @paystack hello Ezra there is not need to fight dirty.</p>
</blockquote>
<p>I wasn’t not even fighting.</p>
<blockquote class="short">
<p>@0x @paystack just saw this site…<a href="http://www.stripe.com">www.stripe.com</a> kind of looks like @paystack ???? No??? They are copying you guys right?</p>
</blockquote>
<p>Uh oh, now who is fighting? He must have realized the irony because he deleted the tweets the next day or something. Unfortunately, I think he is still angry at me because a few hours ago, I made a light hearted response to him <a href="http://radar.techcabal.com/t/an-analysis-of-hotels-ng-2012-pitch-that-was-sent-to-rocket-internet/5422/19?u=xolubi">on this thread</a> and things just went downhill from there.</p>
<p>This isn’t the first instance I’ve been misunderstood and hastily judged out of context because of some comment I’ve passed in the past and whatever unwavering impression people have come to hold about me, and it definitely won’t be the last. I can get used to this, and I will still call bullshit when I see it.</p>
<p>Next time I call your product or process out for being unimaginative, don’t take it personal. It’s really because I know you can do better. Okay, fuck that. You probably can’t.</p>
tag:browndroppings.co,2014:Post/that-night-on-santana-row2016-02-06T23:36:36-08:002016-02-06T23:36:36-08:00That night on Santana Row<p>So I had been home for at least 7 days straight now, besides going out for the obligatory Tuesday evening dinner. Now this can be considered awesome. Working from home with only three destinations to really be bothered about - the bed, the desk, and the kitchen. Okay, maybe occasional trips to the bathroom. However, things can get a little awry quickly. Like running mad from all the monotony. It doesn’t help matters that I live in a secluded part of town.</p>
<p>A couple of weeks back, while in a little conversation with the lady driving the uber I was in, I asked about what fun stuff to do in town and she mentioned this outdoor mall in San Jose with a number of bars and outdoor happenings in the evenings. This sounded great. Afterall, It’s high time I started making friends around here. Ope and I decided to head there last night. The plan was simple - relax, have fun, and knock ourselves out. Below is a story of how we did exactly that.</p>
<p>Early spoiler: I danced.</p>
<p>Wait what? I danced? I’m surprised myself. When we got off the uber, we took random strolls, walked past a little open air performance, continued a conversation we had earlier on social mobility and what not, and then wandered into the first bar we saw. A long island and a mai tai after, we decided to go somewhere else. The night was still young and we would be doing ourselves a disservice letting that place form our definition of the Row. The kind uber driver who told us of this place mentioned somewhere called Vbar and encouraged us to try it out. She must have had fun times in her youth, and I’m thankful for that. We inched towards Hotel Valencia whose rooftop served as the bar’s home. Unfortunately, there was a crowd on the pavement, and a couple of cops putting up tapes. Welp. Somewhere else then. We went around the corner and came upon Yard House. Ope had read a couple of reviews about it earlier so we happily dived in</p>
<p>Random fact: I drink beer now.</p>
<p>Okay, more like I can stand beer now. I don’t even know how that happened. I tried to taste a friend’s heineken back in Lagos some years ago and I thought it was reminiscent of pee. I never tried again. Until some weeks back. The full induction story is for another day. For now, let’s get back to the fact that I asked for a cherry wheat. I swear there was probably more than 100 beers on tap to choose from. When we were done with our drinks, I was in the mood to go explore more places. </p>
<p>We step out and what did we see? The cops and their tapes were gone. Yes. Let’s do this. We showed our IDs at the door and got into the elevator. Two much older couples rode with us. I was already worried it was going to be mostly much older people. I was wrong, and I like that I was. We headed straight for the bar and took shots to warm up. A couple of people were weird slow jamming on the dancefloor to what was supposed to be EDM. White people are weird. I thought it was still too early to not enjoy the evening to its fullest so I took a break from cocktails and got myself a red bull. We still haven’t made friends yet. We decided to talk to the first black guy to inch his way towards the bar and he turned out to be Nigerian. Ehis. Lol. Okay. According to him, he went to school with the hot bartender who would now be the one to attend to our tab that moment on. She’s half Nigerian, half French, 10/10 hot. </p>
<p>I took my red bull and headed for the dancefloor. Thankfully, some lady who knew what’s up was there as well swaying weirdly to the music and just generally inebriated and ready to dance. She came up to me. Here’s the thing. I’m not a good dancer. In fact, I don’t know any moves. However, seeing white people dance without giving a flying fuck as to whether their motions make any form of sense boosted my dance-fu. Next thing, I was <em>giving them</em>. We got joined by another couple, and another couple, and another couple, and the floor was basically lit. Opemipo was there too, all smiles and stuff and trying to tone down his dance skills to not outdo us learners. </p>
<p>Okay now that we have the knowledge of fact that I danced over with, let’s get back to the people we met. Weirdest of all was some guy who I encountered at the bar at first and was asking me about the accessories in my hair plus teasing me about my choice of drinks. I ran into him much later. Made small talk, and got to know where we both work. He works at Google - network security according to him, but his LinkedIn says business developer. After I told him I work in online payments and showed him our website, I got the strangest straight faced reply - “so you steal money?”. No sir. We facilitate online payments in Nigeria. “You can talk to me. Everyone is here for the hustle. I’m cool. I’m not a cop.” and proceeded to show me a wrap of wait for it… cocaine that he had in his jacket. No please! Not sure why but he asked that we exchange contacts and we ended up exchanging everything with the exception of Facebook and Twitter. I’m not kidding. Snapchat was exchanged too. He searched for me on LinkedIn as we were there and when he saw the heading “Cofounder and CTO”, he looked at me, repeated it, and made this knowing look of “Yea right. Nice cover, bro”. At that point, I realised I owed him no explanation whatsoever besides telling him no the multiple number of times he would pause to ask what my “real criminal intent” in the US was. I should be disgusted, but I was amused instead. And while expressing the right emotions could probably lead me to get him fired from his job, I would keep his name private because I am a good guy.</p>
<p>Soon, it was time to leave and we headed out. Just when we thought our share of weird encounters for the night was over, some guys in the elevator invited us to come smoke weed with them around the corner. We bumped fists with them and thanked them for the offer, called our uber, and called it a night.</p>
tag:browndroppings.co,2014:Post/going-live2016-01-12T23:10:55-08:002016-01-12T23:10:55-08:00Going live<p>As a developer, the most exciting moment about your product can easily be when people start making use of that shiny new code you pushed, and everything hums along just fine. Or not. For some reason, I tend to prefer the latter, because you see the problems right away, and get to work fixing them which eventually culminates in that additional sense of pride in your work.</p>
<p>We promised the world we would move Paystack to public beta back in December. As a matter of fact, we raced towards making this happen between December 7 and 11. Rhyme not intended. These were nights without sleep for me, well partly because my clock also hadn’t fully adjusted to Nigerian time as I found myself sleeping more between the hours of 11am and 6pm. Then the slow downs began. It was like finishing 98% of the work, and then taking your sweet time to do the remaining 2%. There was one excuse or the other for not finishing up. Random retouches to parts of the already completed 98%, and occasional implementation that go on a tangent and actually belong to a different sprint altogether. I had dreamed and visualized a go live post on the 1st of January, but oh well.</p>
<p>Eventually, we decided the second weekend in January would be it. And boy, did we look forward to it. It was also the weekend my cofounder and I would be moving to our new apartment in Sunnyvale - a post on this later. Saturday came and yes we knew it was going to be a long day. What we didn’t realise early enough was that we were not going to touch one line of code the entire weekend. People still reached out to me to confirm if we were going live on Sunday as earlier promised (that is supposed to be Saturday night over here) and sure I kept reassuring them. Then of course reality did what it does best and I didn’t make it back home till around 11pm, after a long day at IKEA getting furniture (bed frames, mattresses, tables, and chairs) and Walmart shopping for groceries. Nobody told me moving into a new house in a strange land was going to be that stressful.</p>
<p>Then came Sunday and furniture assembly. By the time I was done putting my bed together, I had already spent a little over two hours on the matter. And it was 9pm. Of course that meant only one thing. We had to disappoint everyone again. I went quiet and didn’t as much as whisper on social media, before someone calls me out and goes hey dude, where’s Paystack? First thing I did on Monday morning was to begin running logical end to end tests to make sure nothing critical was broken with the new system. I mean, we were switching from the current private beta which is fraught with a lot of hand-holding to something more self service, just like online payments was intended to be. It wouldn’t be a good look to have mundane issues we could have sorted out before exposing our asses to the public be in the picture, plus we needed to ensure our current merchants transition smoothly with little to no hitch.</p>
<p><em>If you are reading this, you are seeing what has come to replace the paragraph that used to be here. Sorry, but it’s not much. Something about me doing the… haha, you almost got me!</em></p>
<p>The next morning, Shola and I went over what we had, brooded over a couple of stuff regarding presentation, developer experience with the documentation and what not. Eventually, we reached a “fuck it” moment and made the switch. It was 6pm. Well, 3am in Nigeria, which was a perfect time. Worst case scenario, people would wake up to issues in another four hours and we would be there to sort them out.</p>
<p>Yes, someone woke up to issues, and it didn’t take them 30 minutes after we “went live”. Lol. I’m not even sure I know exactly what was wrong at the time but I’m going to blame it on a rogue caching problem for now pending further investigation. The developer was trying to do an integration with his website and couldn’t make a change on the new dashboard. Random CORS issue from hell. At the same time, the deployment on AWS kept going into an unstable state and all sorts of mails were coming in. This didn’t fucking happen on the test environment which has been running for several weeks now, and what we did code wise was basically merge our development environment into production and deployed. Satan? I took a little “fuck it” break and decided I would look at it later. Then I randomly picked up my phone about an hour later to see if the problem persisted, only to see it had stopped an hour ago. Like I said, pending further investigation.</p>
<p>Long story short. Our self service is now live and we have essentially graduated to the status of “public beta”. Gotta love labels, right? Anyway, give Paystack a try. I am still putting finishing touches to the documentation and stuff, but that should be up in another 24 hours. In the meantime, the time is 23:10 and I’m off to watch some Netflix.</p>
tag:browndroppings.co,2014:Post/crudcast-a-holiday-special2016-01-01T20:19:02-08:002016-01-01T20:19:02-08:00Crudcast: A holiday special<p>I did promise I would publish my writings more frequently in the new year, but perhaps writing a new post immediately after the last is only going to raise expectations. I’m fine with that. :)</p>
<p>Earlier today, we recorded a new episode of the show. The concept was put together less than 24 hours before the recording began, and the unintended guest only 3 hours prior. I had a brief Skype conversation with Tolu earlier today where she was forming Spanish babe - a language she has been forced to learn due to her ongoing sojourn in Chile. I told her about the episode and what we had planned for it and that was it.</p>
<p>I have to say, it wouldn’t have turned out to be as fun as it did without her on the show, and I’m glad we had that call. We played a game around places we have been to, companies we have worked with, and programming languages we have written in. Uzo’s choice to marry PHP still beats me, but as long as he fucks with Javascript, I guess I’m okay. Nobody cares about the old hag back at home, right?</p>
<p>I experimented with having background music throughout the episode and I think that turned out great. If I am to make any new year’s resolution, it would be to be more committed to making new episodes of the show, when we should. No more skipping weeks like we did in December. I sincerely apologize for that. Also, we will be seeing more of Tolu on the show. I believe we all made a great team and this decision would make for exciting episodes in the future. For the politically correct crowd, this would mean we are working on our gender diversity but fuck that.</p>
<p>You can listen to the episode here. Our longest so far, but I promise you recording it was an absolute blast, and so would listening.</p>
<iframe width="100%" height="200" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/240013387&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe>
<hr>
<p>We are very much open to feedback and look forward to engaging better with the community moving forward. Please share your thoughts on Twitter or anywhere else you see fit. The show is on Twitter as @<a href="https://twitter.com/crudcast">crudcast</a>, I can be reached at @<a href="https://twitter.com/0x">0x</a>, Uzo at @<a href="https://twitter.com/akamaozu">akamaozu</a>, and Tolu at @<a href="https://twitter.com/tolularaa">tolularaa</a>. </p>
<p>Stay happy and <a href="https://thisisl.com/">use a condom</a>.</p>
tag:browndroppings.co,2014:Post/2015-roundup2015-12-31T10:27:30-08:002015-12-31T10:27:30-08:002015 roundup<p>I’m not much for reflection, but I feel compelled to write something this time around. Maybe it’s from the need to write more often in the coming year and beyond, or just plain boredom. Or maybe I am actually amazed at how far I have come in the past few months, who knows?</p>
<p>In many ways, this was probably my worst and most depressing year ever. Personally, I was a mess. My financials was pretty much below zero. My career was as good as non existent. Physically, I was withdrawn from almost everyone. I think I also got a little angrier than normal. There were days I would be driving home from work and literally just start shedding tears. I didn’t want anybody to tell me it would be alright. No. I just wanted everyone to stay clear, and in more appropriate terms, fuck off.</p>
<p>My fantasies became my escape. I love gadgets. But I couldn’t afford to buy myself the things I wanted. I could only dream. And I preferred to continue living in the dreams. Reality was a bitch, and there was absolutely no reason to wake up to it. In my depression, I tried to maintain a somewhat positive outlook. I watched tons of TV shows. I smoked a ton of cigarettes. I was almost always stoned. And I accomplished little.</p>
<p>I took to writing, but I didn’t publish them. Maybe I was scared. Maybe I wasn’t just in the right frame of mind. Of course I wasn’t in the right frame of mind. For the most part of the year, I lived in constant fear of being kicked out of my house, because I couldn’t pay my rent. My cats felt the pinch too, as they became bony caricatures of their former selves. You may wonder why? What happened? Oh well. I wrote about it back in October. In third person. I didn’t publish it of course, but I gave a friend of mine to read. He told me it was the most depressing thing he had ever read. I may end up posting it sometime, but I can give a deserving summary here. The company I joined in 2014 - Delivery Science - was in dire straits. Mostly due to a string of bad business decisions over time. The word ‘bad’ being my opinion, because if the other partners all agreed it that, we could have course corrected a long time ago. This wouldn’t be the first time I would be a part of a company and end up just being a name on paper. The difference is I tried to avoid it this time. I spoke to Lanre in confidence late 2014 to tell him this. I would rather be concerned about the actual work, and leave paper concerns to those who are skilled in that regard. I want to be sure that my back is being taken care of. I was never concerned with how much stake I had on paper, as that shouldn’t affect my output anyway. As long as I make enough to get by, I really don’t care.</p>
<p>It so happened that later on, Toyin (another partner at Delivery Science, and now a very close friend) discovered a secret agreement between Lanre and Chuka post incorporation. An agreement that effectively rendered the company indebted to them for the foreseeable future. I suggested we call a meeting to address this. We were already owing members of staff about 4 months in salaries, the rest of us even more. We had projects we were looking forward to come through, oblivious of the fact that only a meager percentage of the prospective revenue was for the company. The reasoning behind this agreement was dubious at best. They could make so much more individually doing technology consulting, so they created some form of insurance for when the company makes money off consulting as against our primary product. Did I mention that staff were being owed? A friend of mine worked with us for four months from April to July before she had to leave for the US to finish her MBA. She is still being owed two months’ pay. No, we are not talking heavy pay here. It’s 100k. Per month. Yes, she still hasn’t been paid. My take away from that meeting was singular. I had been conned. I thought we were in this together. An impression I had gone on to express by deferring my salary at some point so another partner could make his rent and the company’s account wouldn’t be in the red.</p>
<p>We didn’t have a constant revenue stream, yet we took out a loan to splash on a former bank’s building in Yaba. We were going nowhere with the development of our product, as we kept waking up to Chuka’s knee jerk reactions on architecture, and tirelessly rewrote code. I already had a conversation with Lanre a year prior on the duplicity of roles involved in having us both on the team. I got a string of English words I could not quite place as a response. Looking back, that should have been my cue. We were too big, too early. A lot was bound to go wrong. I objected to certain decisions, but all I got was now famous “I hear you, but this is not a democracy” response. Another cue? Yes fuck me. I was naively committed to the cause. Why are we hiring towards money we don’t have yet? But all that fell on deaf ears.</p>
<blockquote>
<p>I still work at Delivery Science, and I am at that point where I am beginning to question whether I can trust myself with my own life decisions.</p>
</blockquote>
<p>That was the closing quote from the essay I wrote in October. I am glad I don’t have to end this one with that. Not because I no longer work at Delivery Science, but more because I am beginning to trust myself once again. </p>
<p>Most of my career as a developer has been spent trying to combat the shitty state of online payments in Nigeria. I believed it could be better, and a lot of people agreed. My first foray into online payments was with SoftPurse in 2007. My second was with Eyowo in 2010. <a href="http://radar.techcabal.com/t/uber-killing-our-local-startups/2267/134">I wrote about these two on some forum earlier.</a> Yes, that was my first time of mentioning Paystack publicly. At the time, I was yet to be a part of the company, but I had been involved to some extent in testing and giving feedback. Barely a month after, my friend called me up to know if I would like to join the company as a cofounder and take over the technology function. I saw a glimmer. I was about to be a part of something again. This time, something I truly loved. Something I am passionate about fixing. Something fundamentally significant. I said yes, and got a chance to a fresh start.</p>
<p>We applied to Y Combinator for their W16 batch, and we got accepted. This part is still very much low key at the moment, as the press bit is still being coordinated “professionally”.</p>
<p>In the last three months, I met Uzo Olisemeka. We quickly realized we shared similar tastes in humour, and decided to extend it into something I have always wanted to do. Start a podcast. Technology focused, but with the use of crude humour as a device to stand out. Personally, I don’t believe anyone is beyond reproach, and I adhere to that mantra on the show. We thought we would only cater to a niche crowd of maybe 10 listeners, and that was totally fine. I just wanted to talk, and know someone somewhere was listening. We have 10 episodes till date, and have managed to amass more listeners than we ever imagined. What’s more? We have a long list of volunteering guests lined up for future episodes. We will be recording our first double digit episode today, which will be a holiday special of some sort.</p>
<p>I would like to thank everyone who stayed with me at my darkest moments. They supported me emotionally and financially. The reason I didn’t slit my wrists at some point can be highly attributed to them. <em>Tolu</em>, my best friend. She was there every moment of the way. <em>Seike</em>, my assistant. She showed up at my house one morning with food stuff and made me a mean meal. <em>Onyeka</em>, my very good friend. She kept me strong even much more than she would realize. <em>Loknan</em>, my colleague. He is also a wonderful friend. <em>Toyin</em>, my co partner. We bonded strongly over being in the same shoes for too long and helped encourage each other. I wish her all the best. So many others as well but these individuals stand out. Thank you, and cheers to many more wonderful moments in the new year.</p>
tag:browndroppings.co,2014:Post/you-shall-not-pass2015-01-13T07:19:38-08:002015-01-13T07:19:38-08:00You shall not pass!<p>Eyowo was a service that made it easy for people to accept payments online. Its appeal, and primary unique selling point at the time was that it managed to consolidate the various possible means of electronic payments run by different companies into one interface. This greatly reduced the barrier of entry for potential e-commerce players in terms of cost and ease.</p>
<p>Soon enough, we identified opportunities to do interesting things with the service. We could determine people’s spending patterns based on what they buy, websites they buy from, and how often they shop online. Best of all, we can have this information available to the shopper. A bonus surely wouldn’t hurt. Right? Thing is the users had to login to view this information. How do we get them to set their passwords? An early implementation of the Eyowo payment page had a login/register interface that comes up before payments (the crux of why they got there) can be made. This was quickly thrown out of the window as a potential drop-off point and we settled with asking shoppers to provide their email address with every transaction - they could finish their registration later, if they wanted. No pressure.</p>
<p>This worked out pretty well - not the fact that people registered eventually to view their transaction history and other statistics, but that they didn’t have to. The last estimate of people who eventually did register was way less than 10%, but we ended up being praised for the friction-free checkout process. Another win for lowering entry barriers.</p>
<p>Now to typical new user registration processes. At the bare minimum, the job of the registration form is to collect information that will help identify and (authorize) the user to your website at a later date. What is important to you however, and the user is the use of your service itself. If we could junk the registration/login process and still be able to keep user data, roles, permissions, etc organized, why wouldn’t we? But we can’t - that’s <a href="http://blog.codinghorror.com/the-god-login/">a job for God</a>. How can we make this process friction free however? That’s a noble and worthy goal.</p>
<p>Most user on-boarding processes on the web today can be put into any of the following categories:</p>
<ol>
<li>Fill a sign up form > Wait for email with verification link > Click verification link > Login > You’re in.</li>
<li>Fill a sign up form > Login > You’re in with reduced functionality > Verify later at your convenience.</li>
</ol>
<p>With the first, the user has to jump through hoops before they can see what your website, service or whatever has to offer. Eyowo registration process took this form. There are 3 drop off points in that scenario. A percentage of signups will close your page and not come back after filling the form. Another percentage of those who think ok, its fine.. I’ll click the verification link later will forget to do so. Yet another percentage will not enter their usernames and password at the login page that comes up after they click the link. These numbers might not be significant. Truth is, I have no idea what the average is and I will not pretend to do so. But was it your plan to drop potential users before they even had the chance to see your application? No? Ok. Let’s fix this.</p>
<p>First, I believe the login requirement at any point after the registration process is unnecessary. It’s simply an inconvenience. There are arguments that its an confirmation that the user still remembers the details they just set, but didn’t they just set it? Some of them are forgetful? Implement a forgot password feature.</p>
<p>Secondly, having to wait for a verification link is essentially putting a step in the on-boarding process in the user’s court. You can’t transition around it. The only thing you can do is tell them to check their inbox. The flow isn’t smooth. They have to use an entirely different application to move on. Why? The reason they were on the sign up page in the first place was to try out (and perhaps eventually use) your application, remember? Never forget that.</p>
<p>That brings us to the third category:<br>
Fill a sign up form > You’re in with reduced functionality > Verify later at your convenience.</p>
<p>This is as easy as it gets and it’s a good thing a number of developers already employ this strategy. Services like Stripe, Twitter, Amazon, PayPal, readily come to mind. Some try to meld Category 1 into Category 3 by requiring you to verify your Identity via a phone call, which is fine as the user remains on the page for the duration of the confirmation. Let’s called this Category 4. The only problem with this is the the phone call might not come in delayed for whatever reason, at which point the user may have closed the page and moved on. I went ahead to do a quick survey of twenty websites I could think of and here’s what I found:</p>
<h6 id="category-1_6">Category 1 <a class="head_anchor" href="#category-1_6">#</a>
</h6>
<ol>
<li>Microsoft Azure - The flow was botched. I had to start over after the email confirmation as the page that opened was simply an acknowledgement.</li>
<li>Xero</li>
<li>Slack</li>
<li>Heroku</li>
</ol>
<p>Note: None of these sites required the extra login step after clicking the confirmation link.</p>
<h6 id="category-2_6">Category 2 <a class="head_anchor" href="#category-2_6">#</a>
</h6>
<p>NONE. Thankfully, people are getting less stupid.</p>
<h6 id="category-3_6">Category 3 <a class="head_anchor" href="#category-3_6">#</a>
</h6>
<ol>
<li>Stripe</li>
<li>Twitter</li>
<li>Amazon*</li>
<li>PayPal*</li>
<li>Tumblr</li>
<li>Pipedrive*</li>
<li>Boundary*</li>
<li>Cloudflare*</li>
<li>IMDb</li>
<li>Bitbucket</li>
<li>Trello</li>
<li>Devcenter.co</li>
<li>Evernote*</li>
<li>Digital Ocean - So crippled its mostly unusable, but you’re logged in, which is something.</li>
</ol>
<h6 id="category-4_6">Category 4 <a class="head_anchor" href="#category-4_6">#</a>
</h6>
<ol>
<li>Amazon Web Services - My phone didn’t ring in the first 15 minutes. It was instant on the second try.</li>
<li>GMail</li>
<li>Twilio</li>
<li>Callbase.co</li>
</ol>
<p>Examining ~20 websites doesn’t make a great survey by any strech, but it gives you the idea. Businesses are beginning to realise the less the friction of on-boarding, the better for everyone.</p>
<p>*<u>These sites completely skipped the verification process. Evernote was extreme. The registration and login form are the same save the buttons, and registration takes you straight to your first note.</u></p>