Worst Programs Ever

Worst Build Tool: Maven
Worst IDE: IntelliJ
Worst Document Editor: MS Word

Posted in Software | Leave a comment

Visitor Insurance Compile


  • Atlas America: Please stay away from ATLAS INSURANCE FROM HCC MEDICAL INSURANCE . This is the worst insurance i have seen and this is my first insurance for my parents who are listed from India .My Mother Visited ARC Hospital in Austin In July 2014 for her severe stomach pain and Dr. Examined her and then prescribed Medicine for Diverticulitis .After that HCC has sent a claim form which i have filled and sent back to then and now HCC has sent an Explanation of Benefit for Claim saying saying Reason Code # 86 which mens This file has been closed due to lack of requested information from our Provider .I was searching other websites like IMMIHELP,INSUBUY and saw the same review like HCC MEDICAL INSURANCE always deny customers claims even though we provide all information . It is like they will always try to harass us wherever possible .My sincere request from my experience is that , don’t buy this insurance and also don’t buy this from INSUBUY who acts as an agent who will not support when you are in need .source
  • Patriot America: Folks, I took 100K coverage with IMG through the agent insubuy.Unfortunately one week before my dad left, I had to take him to ER as he had an attack. The bills came out to 50K+, the insurance company denied all claims saying it is pre-existing. The hospital and the doctor who attended him at ER as well as the hospital gave me a letter saying it is not pre-existing. But insurance company will not accept it.The guy at the agent, talks nicely but he says we cannot do anything, just go in understanding with the hospital and pay it in installments. He also says do not file any law suit it is not useful.All this is total scam, i did pay a huge premium but now i have lots of bills to pay.So i agree with others, please do your research properly. And do not believe sales guys or agents, they will talk very nicely but when it comes to claims you are on your own… source
  • Beacon:Azimuth were absolutely terrible. Poor quality lines when you call them with the line constantly breaking up and lack of help of which provider to visit. Azimuth 24 hour service were equally poor with every detail having to be repeating multiple times over, even when they should have the basic details such as policy number or name.Azimuth also claimed that my policy did not cover pre-existing conditions, something that was covered in my policy and clearly noted in it’s own section. If this becomes an issue we will pursue legally and request a full refund for this aweful policy. Waste of money? Yes. source Until last month I was a customer with this company for two years, but I never had a claim until midway through last year. I have never had such poor service from an insurance company in my life, and everyone expects insurance companies to be difficult to deal with. Communication and customer service were terrible and 7 months on I’m still having to file complaints with Lloyd’s of London, the State Insurance commissioners office and Better Business Bureau, to try and get them to resolve the problems. Some are as simple as faxing doctors a piece of paper. They have major administrative problems! I whole heartedly do NOT recommend this company. source
  • KVRao: Try from american company. One of my friend had problems with claims when bought insurance from K.V Rao.Any insurance is fine if you are not claiming. The real trouble comes, when you need to use the insurance and claim money back.No insurance covers pre-existing condition source
  • Trawick International (Safe Travels):We received the policy before our trip with all exclusions. Appendicitis was not among them. In the middle of the trip I suffered an acute appendix and ended up in the hospital for nearly 3 weeks. I was in constant contact with the company, as was the hospital, and nothing seemed amiss. Two days before I was discharged, I was told by Trawick that I was no longer covered by the policy (the agent had confused period of coverage with period of benefits), and I was send a NEW and DIFFERENT policy which listed appendicitis among the exclusions. I consider this completely fraudulent and unacceptable, and the hospital as well as I, will be taking legal action if my claim is not paid. When my wife called Squaremouth for clarification, they were complete unhelpful, and an irate letter from her to Trawick and Squaremouth has, as yet, gone unanswered source
  • Seven Corners (Liasion):STAY AWAY FROM SEVEN CORNERS!!I filed for reimbursement on March 22nd 2015. Today it has been almost two months and my claim has not been paid yet. I must have sent at least 10 emails and also called a few times. It is so frustrating to deal with them.They have agreed that my claim is valid but sometimes they tell me that my claim has been paid. Sometimes they tell me that the claim would be paid soon. If you call customer service they always say that they have to follow up with the funding department and would get back in a few days. But no one ever follows up. I have not received anything in my bank account.I am going to give them till the end of this week, otherwise, I am planning to initiate legal action against them. I also plan to file a complain at BBB and write to my senator/congress rep. IMO this company is a fraud and people should never ever buy from them. source
  • patriot america plus: Sharing my personal experience which will hopefully save folks some money. I purchased the patriot america plus plan for my parents (indian citizens) visiting USA (have been doing for past several years). I bought that plan as it was comprehensive, had PPO network and covered “acute onset” of pre-existing conditions. My mom had no “pre-existing” condition and she always got a full medical checkup and a clean bill of health from one of the best hospitals in India before visiting US. This time unfortunately, she had a a cardiac arrest while in US and had to under go emergent bypass surgery. I had a horrible experience working through IMG and seeing the ugly side of american healthcare system. First they denied the “pre-approval” for surgery which takes a whopping 5 days to process. So you’ve already had the surgery by the time they decide on even the pre-approval. The reason for denial was “pre-existing” condition. They also denied all the claims after the fact as “pre-existing” as well. No explanation for how they came to that conclusion. Just the 2 words – “pre-existing”. I went through their appeal process and submitted mom’s comprehensive medical records for last 3 years which showed all her vitals, labs in green. They finally gave me an answer that heart conditions are considered chronic. Even if the patient didn’t know about it, and none of the tests showed it, artery blockage doesn’t happen overnight. Wow.. Human bodies deteriorate over time. So from that perspective everything (short of an accident) in the world is pre-existing. I have given up on the fight with IMG and patriot america. Hopefully this review will help people save some money or at least be informed of the risks. My recommendation would be to never invite parents over unless you can buy a comprehensive plan which covers pre-existing conditions for travelers. And that does not exist to the best of my knowledge. source.
  • safe travels usa: I won’t make the mistake to get a visitor travel insurance from this company again in my entire life. I will cancel my entire travel plan if need be, before even thinking about getting an insurance from them. I bought visitors safe travel insurance for my in-laws when they came to visit us in the US from India. They were above 60 years old, so I was confused what insurance I should get. The customer service provided me a list and I selected the plan from this list. When my in-laws arrived, my mother-in-law had an episode of mini-stroke, so we rushed her to hospital in Emergency care. We got pre-authorization from GBG as was suggested. The hospital decided to admit her after some initial tests. They released her the next day. Since the hospital was under PPO scheme with the insurance company, the hospital directly sent them the bill. The struggle started at this point. There was no update on reviewing the claims in 2 months until I called them for updates. It is at this point that GBG wanted me to fill up some forms and email them whereas I understand that they should have reached out to me if they needed any information. So I sent them all the requested documents and again for another month there was no update. I had been receiving emails about renewing the insurance but no update on the submitted claims. I called them again. At this time they wanted me to send them the same documents again, but this time by post. In the meantime, the bills were outstanding as three months had passed since the bills were issued. Finally in another two months, i.e. in total 5 months the Insurance company decided they would give me a vague one line explanation as to why they won’t pay a single penny towards the hospital bill. At this point I was dejected enough not to give them a call again to let them know how grateful I was for their cooperation. I was utterly frustrated with the entire experience and the mental pressure over this. Not only that they didn’t pay anything towards the bill but also delayed it so much in vain. I will strongly reccomend to anyone who is looking for a visitor travel insurance: DO AVOID THIS COMPANY. Dealing with this entire process with GBG was the worst experience I had in literally anything in my entire life. source

2 Pre-existing conditions

  • Beacon:Preexisting Conditions – Except for Sudden Onset of Pre-existing Condition, charges resulting directly or indirectly from or relating to any Pre-existing Condition are excluded from coverage under this insurance.

Have a story to share? Send it to me using the contact form and I will post it anonymously.

Posted in Travel | Leave a comment

Hyperledger Fabric: Running fabric-ca-server with LDAP


Fabric-ca-server’s main purpose is to act as a CA (certificate authority) that can be used to obtain X509 public cert and private key – something needed in order to write records to fabric ledger. Why? because every entry is signed by the author and provides attestation (think about paper records and statements that require a signature to prove authenticity). The public cert and private key-pair is obtained by making an enroll call against the fabric-ca-server. But before a user can be enrolled, they need to exist in the first place. This is done by making a register call against the fabric-ca-server (when running in non-LDAP mode) which does the same thing as when a user signs up to use a service like Facebook – a record is created in a database with their username and password.

Although fabric-ca-server can be used to register users, that is not its main purpose. LDAP is a more commonly used technology to register users. In addition to user registration, LDAP also provides user authentication; this is something fabric-ca-server does not provide and hence the motivation for running it with LDAP.

Why run Fabric-ca-server with LDAP?

Fabric-ca-server can be run without using LDAP – in fact that is the default setting as it is simple and avoids dependency. In that case it creates a sqlite3 db by default as a store of usernames and passwords. The db can be changed to mysql or postgres. However, the problem running in this mode is that the fabric-ca-server does not provide any API for user-authentication. In any practical application, there would be a web frontend through which chaincode invocations would happen. This web-frontend would require user-authentication [1]. There are various ways to achieve the authentication:

  • one could keep on using the sqlite3 db of fabric-ca-server and build an API on top of the sqlite3 db that the web app can call for authenticating users. sqlite3 by itself does not come with such an API. In fact sqlite3 db stores data in a local file. It does not provide any server. Also it has no support for multi-threading and data corruption will happen if db is accessed concurrently from multiple threads. What if we are running not one but two (or three) fabric-ca servers? Each server will need its own local copy of the db. The usual issues creep in – copies need to be in sync etc. sqlite3 db has no support for any of these.
  • so at minimum it looks like one would need to replace sqlite3 db with MySql or Postgres that provides a server that both fabric-ca as well as the web app could use for authentication.
  • yet another alternative is to store usernames, passwords and other user-metadata (emails, full name, etc.) in a LDAP server. This server would be used by both the web-app as well as the fabric-ca server(s) for user-authentication. One advantage of using LDAP vs. MySql or Postgres is that LDAP comes with standardized APIs for IAM.

Below are some tips to help you run fabric-ca-server with LDAP:

  • Use openssl CLI to generate ID certificate(s) (single cert if using self-signed) for your fabric-ca-server and TLS certificates:
    • LDAP server will need a TLS key-pair and a trusted CA file if clientauth is enabled
    • fabric-ca-server will need 2 key-pairs. One when its acting as a server (when fabric-ca-client connects to it) and another one when its acting as a client (when it connects to OpenLDAP). It will also need trusted CA file if clientauth is enabled
    • one key-pair will be needed for fabric-ca-client if clientauth is enabled
    • it is possible to re-use the same key-pair and trusted CA file
  • you have to choose an LDAP server. OpenLDAP is free. Use the dockerized version available here. It is based on alpine. we found it better than the more popular osixia/docker-openldap image.
  • Fix the docker image above so that it stores hashed passwords [1]. This is done by enabling the ppolicy overlay and setting olcPPolicyHashCleartext: TRUE. The olcPasswordHash setting just controls the format in which password will be hashed. It is an important setting but it will have no effect unless password hashing is enabled in the first place which is done by setting olcPPolicyHashCleartext: TRUE. More on password hashing [2]
  • Follow steps here to initialize the database
  • set GODEBUG=netdns=go when running fabric-ca-server to avoid SIGSEGV
  • configure fabric-ca-server to use LDAP by setting ldap.enabled to true [3]
  • The node sdk for Hyperledger Fabric does not support connecting to a fabric-ca-server that has clientauth enabled [5] (another example of many bugs with HL fabric). because of this we need to set --tls.clientauth.type to noclientcert otherwise bad things gonna happen. when the issue with node-sdk has been addressed (if it does), then change it to requireandverifyclientcert which is the most secure setting.
  • in this mode, no bootstrap user:password needs to be given to fabric-ca-server (the -b option)
  • in this mode, you will never run fabric-ca-client register. Instead users will be registered in the LDAP server using ldapadd or ldapjs from a node app.
  • if your CA server is an ICA, no parent server URL needs to be given (the -u option). You provide the complete chain of certificates from your CA server to the root via the --ca.chainfile option.
  • fabric-ca-server will not be able to establish TLS connection on port 389 using starttls (the recommended way). So to use TLS we have to use port 636. [4]
  • the fabric-ca-server-config.yaml file is needed to solve following issue
  • the sqlite3 db is still needed by fabric-ca-server to store the certificates
  • Use promised-ldap to communicate and interact with the openldap server from your node based web app

Posted in Software | Leave a comment

The Essence of Quantum Mechanics

ना था कुछ तो खुदा था

 कुछ ना होता तो खुदा होता

 डुबोया मुझ को होने ने

 ना होता मैं तो क्या होता  

Posted in Uncategorized | Leave a comment

Troubleshooting OpenLDAP errors

5cbe470e conn=1024 op=1 MOD dn="cn=config"
5cbe470e conn=1024 op=1 MOD attr=olcTLSCipherSuite olcTLSCACertificateFile olcTLSCertificateFile olcTLSCertificateKeyFile olcTLSDHParamFile olcTLSVerifyClient
5cbe470e conn=1024 op=1 RESULT tag=103 err=80 text=
5cbe470e conn=1024 op=2 UNBIND
5cbe470e conn=1024 fd=12 closed
ldap_modify: Other (e.g., implementation specific) error (80)
modifying entry "cn=config"

  1. Check your TLS certificates exist

in my case the error was caused due to Version 1 in TLS certificate

WITSC02X6385JGH:temp sjain68$ openssl x509 -in abcl.pem -text -noout
        Version: 1 (0x0)
        Serial Number: 14676524023181422786 (0xcbad7cd6eb3730c2)

Once I fixed the certificate so that it had Version 3 the error went away. To get a version 3 certificate, make sure you add the -extensions option to openssl ca command if you are using openssl ca to generate the certificate.

Posted in Software | Leave a comment

What is a tech company after all?

I used to wonder why Amazon is called a tech company and not a retail company?
Why is Uber called a tech company and not a taxi company?
Why is AirBnB called a tech company and not a hotel company?

The answer is because these companies view technology as the core of their business. Instead of outsourcing software development to Infosys, Wipro etc. or relying on 3rd party services, they hire FTEs and build huge engineering teams to develop the necessary technology in-house to power the business.

Example: Uber could have (or maybe they still are) used Google Maps to power their business – driving directions, location search, ETA etc. But they bid $3B (yes 3 billion) to try to acquire Nokia Maps [1]. Keep in mind this was just the acquisition cost. Imagine the YoY cost of just the resulting headcount itself – how would that compare to what Uber was/is paying YoY to Google Maps? [2] Another and even more audacious example: we know there will be self-driving cars in the future. Making cars is a car manufacturers job. All major car manufacturers will make autonomous driving cars in future. So why does Uber have to build a self-driving car in-house? Can’t they just buy self-driving cars when they hit the market as they undoubtedly will at some point? Tesla’s self-driving abilities are already impressive. Next step, after building out self-driving technology, is Uber also going to manufacture the cars themselves? Uber ATG reportedly costs the company $20M+ per month [3, 4].

Why do tech companies invest in technology so heavily when they could buy the thing from a vendor at presumably lower cost?

Posted in Software | Leave a comment

Hyperledger Fabric Consensus Explained

What is consensus?

Definition: Consensus is the mechanism that ensures all copies of a distributed ledger are the same i.e., at all times I will have exactly the same copy of the ledger as you. This is critical – imagine my copy of the ledger saying you owe me $100 bucks whereas your copy of the ledger saying I owe you $100 bucks – and the ensuing mess.

Consensus is not a new thing that was invented with blockchain technology. It is an essential component of any distributed database (a distributed database is a database in which multiple copies of the database exist on multiple computers, referred to as nodes in literature) and algorithms for establishing consensus (Paxos, Raft, BFT, etc.) were developed in distributed systems literature way before blockchain was invented.

How does Hyperledger Fabric achieve consensus?

Hyperledger Fabric achieves consensus through its ordering service. This service establishes a total order on the transactions submitted to the network.

This is best illustrated with the WhatsApp analogy. Have you ever used WhatsApp, Slack, Teams, HipChat, RocketChat or another chat application where you received messages out of order? What do we mean by out of order – it means the order in which you received the messages was not the same as the order in which messages were sent. It happened to me once when I was using the built-in chat in OfferUp to communicate with a buyer. I sent two messages and the buyer received the one I sent later first, followed by the one I sent first later. So the order in which I sent messages was (A, B) but the receiver received the messages as (B, A).

Why does it happen? Imagine a chat room with one hundred or a thousand participants. Messages are being generated at a fast rate – lets say more than 10 per second. There are two architectures possible: 1) an architecture in which there is a backend server to which messages are submitted; this server then announces availability of new messages to the receivers (known as a broadcast) followed by the receivers pulling the new messages from the server. 2) Another way to architect the system is to implement a p2p network in which there is no central server.

Lets try to understand what happens in both cases. In case of the central server, because of network latency it is possible that the order in which the server will receive the messages is not the same as the order in which messages were sent e.g., if a computer is geographically close to the server, its message may arrive earlier than a computer who generated the message first, but whose message has to travel a greater distance. This is not the only factor. Its possible that the first computer may be on a higher bandwidth connection than the second. Then, in practice if we consider a large-scale system, there will not be a single backend server – the backend server software would be running on multiple computers to divide and conquer the flood of incoming messages. You might think that the problem can be avoided by having a timestamp as part of the message when its generated on the client – then the server can unambiguously determine which message came first. But think about what will happen in practice. Lets say the server got a message A with timestamp 12:00:00 and it broadcasted it to all the receivers. Then 3 minutes later it got a message B with timestamp 11:57:00. It knows that B should come before A but now it cannot undo the broadcast that has been done – it cannot ask receivers to undo all the actions they may have taken as result of the broadcast of A. To push it even further, in practice it is possible that the clocks on different clients in different geographies and time zones won’t be in sync with each other so one cannot rely on timestamps in messages to establish chronological order of messages. And let’s not even involve this guy (nevermind if you don’t get the prank).

In the other case of p2p network, the messages spread using a gossip protocol. Here it is even more likely that messages can arrive in different order on different nodes since the gossip involves periodic, pairwise, inter-process interactions with some form of randomness in the peer selection. Btw in case you didn’t notice, this is a new problem; in previous paragraph we were discussing messages arriving out of order on the server, but now we have switched to messages arriving in different order on different nodes.

In fact, this phenomenon of messages arriving in different order on different nodes happens with Bitcoin also. Bitcoin protocol ensures that blocks are generated every 10 minutes or so with some spread. But still its possible for two blocks to be generated very close to each other in (terms of time) and when that happens depending on which block reaches a node first, there are temporary forks in the blockchain (also known as branches, illustrated graphically in this article). But then bitcoin protocol ensures that only one branch will survive – the way it does this is by mandating that in the presence of competing branches, all nodes have to select the longest branch. And due to the nature of the system, it is guaranteed that a longest branch will emerge eventually – read the probabilistic calculations in this article for details. This is how Bitcoin achieves consensus. And also Ethereum.

Hyperledger Fabric achieves consensus in a different way. It relies on a backend service (known as the ordering service) that intermediates the messages between senders and receivers. This backend service will ensure that all receivers will see messages in same order – it follows that if all receivers see messages in same order, they will perform the same actions/commits etc. Voila! consensus is achieved. How does it do this? By using Apache Kafka, a widely used open source pubsub service developed much before blockchain was invented. In fact I believe it is also used by applications like WhatsApp, Slack, Teams etc. just for this very purpose – so that all clients see messages coming in the same order and forms the backbone of these applications on the backend. In case of applications like WhatsApp, its not a big deal if some messages arrive in different order on different peers but it makes a big difference in case of a blockchain where it can cause the ledger to fall out of sync between peers.

The consensus mechanism is one of the key ways in which Hyperledger Fabric is different from other blockchains such as Bitcoin or Ethereum and its important to understand what it is and what it is not. For sometime I thought Fabric doesn’t really come with a consensus mechanism but that is not true. Fabric is using the intermediate server architecture we covered above where messages are sent to a server which then broadcasts the messages to receivers ensuring that all receivers will see the exact same order of messages. Btw, note that this order need not be the chronological order – in fact as we have seen above the concept of chronological order is not very well defined in a distributed system. It just needs to be a order – the simplest way to order messages is to order them in the order in which they are received on the server and this is exactly what the Solo orderer does. The Solo orderer is called so because it runs a single instance of the orderer and in this case it is trivial to establish a total order on messages. In practice in a production system, we don’t want a single point of failure and thus want to have more than one ordering node – that is where Apache Kafka is used. As explained in this article: “In Kafka, only the leader does the ordering and only the in-sync replicas can be voted as leader. This provides crash fault-tolerance (CFT) and finality happens in a matter of seconds. While Kafka is crash fault tolerant, it is not Byzantine fault tolerant, (BFT) which prevents the system from reaching agreement in the case of malicious or faulty nodes”. What it is saying is that there is a master node which does the ordering and if the master node fails, someone else is available to take over. This is known as crash fault tolerance. There is another, much more difficult, type of fault that is studied in distributed database replication – known as the Byzantine Fault. Kafka does not protect against that. For more details on Byzantine Fault refer to here and here.

Whereas Bitcoin and Ethereum use the p2p network without any intermediating service in between who is in charge of establishing a total order on the transactions. Incidentally this means the temporary forks in Bitcoin will never happen with Hyperledger Fabric – a desirable property in enterprise applications I think. With Bitcoin a seller has to wait for 6 blocks or 1 hour as a rule of thumb to be sure that the payment made to them will end up in the blockchain [ref].

The ordering service is completely agnostic to the contents of the messages – it does not look into the message to see what it is. Thus it does not look or analyze in any way the read-write set produced by the endorsing peers. Its sole purpose is to establish total order on the messages. Messages could be thought of as events. Messages, transactions, events are all synonymous in this discussion.

Few concluding notes: you may encounter articles on the web saying HL Fabric uses BFT or PBFT for consensus but that is not true and a result of people copying and pasting something they read on the internet without verifying the facts. As of this writing, Fabric (v1.4) uses Kafka for consensus. Kafka in turn uses Zookeeper. Upcoming versions of Fabric will replace Kafka with Raft – another protocol to achieve consensus. The work is being tracked here. Also read ordering-faqs. Also some articles on the web will state Fabric’s consensus protocol is pluggable – while this is not incorrect, it is easier said than done. If you want to use a protocol other than Solo or Kafka, you will have to write your own plugin and compile your own custom binary of fabric-orderer. For details refer to the question titled “I want to write a consensus implementation for Fabric. Where do I begin?” in the orderer-faqs.

Posted in Software | Leave a comment