When computing began, we used computers for complex calculations on individual machines. Gradually, we started connecting these machines through the internet, leading to the dot-com boom. This boom resulted in the creation of many websites like chat rooms and forums. To access these, you needed to identify yourself, which led to the use of the common username and password system we use today to create accounts. This username and password became a way to uniquely identify a person and their account on these sites, forming a type of digital identity.

Nowadays, some of the most common incidents we see are phishing scams, identity theft, socially engineered attacks, ransomware, and compromised or weak credentials. Most, if not all, of these are directly or indirectly related to our digital identity and how we access it. Therefore, we need to ensure we secure ourselves online.

How To Secure Yourself Online? 🙋

I will discuss one aspect of securing yourself online, which relates to digital accounts and how we access them. The most recommended strategy for that is:

1. Use a passwordless login method like Face ID, Fingerprint Login or Passkeys.

2. Use a password manager like BitWarden or 1Password for sites that still require a username and password.

3. Implement multi-factor authentication (MFA) to verify your identity. This can include a Time-Based OTP (TOTP) or a deep link verification through email.

Let me also share the strategy I use:

• I currently use 1Password as my password manager.

• I have TOTP or passwordless MFA implemented on most sites.

• I have removed most social logins and Single Sign-On.

• I regularly conduct a security audit to see who has access to my data.

• In the event of a data leak or hack, I immediately change my passwords.

• Passwordless account creation using passkeys is a recent improvement, and I will likely start adopting them soon.

But ... 🤔 I'm Still Confused. Why Should We Do All This?

Good question. Let's explore why we find password-based logins inefficient, inconvenient, and frustrating.

Let's start with a login screen. You see above the traditional username/password login or signup page and a few social logins. These are currently the most common methods of accessing an account. Let's examine how these methods contribute to feelings of inefficiency, inconvenience, and frustration.

Inefficient

1. We Create Terrible Passwords - Below are some of the most common passwords in the world. There are open-source lists of these passwords that hackers use. Simple passwords like these or those related to you are not secure at all. They can easily be guessed from the list or with a little social engineering.

1. We Reuse the Same Passwords - To make things easier, we often use the same passwords for multiple accounts. This is very insecure because if one account is compromised, a hacker can easily access other accounts.

2. Compromised Social Logins - While social logins are easier to use, they also present a single point of failure. If one social login is compromised, it can lead to other accounts being compromised as well.

3. SMS & Voice-Based Multi-Factor Authentication (MFA) Can Be Hacked - While MFA has improved security, hackers have adapted and found ways to intercept SMS or voice-based MFA. Therefore, these methods are no longer the most secure.

Note: If you visit the site haveibeenpwned, you can see which of your data has been compromised.

Inconvenient

1. Resetting Passwords is Not Easy - When we forget our passwords, we often have to go through multiple steps to regain access to our accounts.

2. Password Requirements Are Sometimes Hard To Remember - Creating a new password that meets all the security requirements, such as including uppercase letters, numbers, and special characters, can be difficult to remember.

3. Social Logins Might Not Work Sometimes - With recent downtimes of social media sites, your logins might also face interruptions.

4. Multi-Factor Authentication (MFA) Can Add Friction - MFA often requires an extra step and is linked to a device, which can complicate the process. Additionally, backing up and recovering MFA methods is not straightforward.

Frustrating

1. Remembering Different Passwords - Memorable passwords are easy for hackers to guess or crack. It's frustrating to have different passwords for various accounts and to remember each one.

2. Social Login Providers & Data Privacy - Some social login providers or websites may share or sell their user data to third-party entities. This means that when you use social logins, your personal information, browsing habits, and other data might be accessed by companies you didn't intend to share it with.

3. Multi-Factor Authentication (MFA) Not Working - SMS or voice calls containing the authentication code not being received, delays in receiving push notifications or Time-based One-Time Passwords (TOTP) can expire are a few examples. These issues can cause significant frustration and hinder the login process.

4. Multi-Factor Authentication (MFA) Abuse - There has been an increase in hackers abusing MFA to access accounts. They exploit MFA solutions that send sign-in approval notifications after account access attempts, knowing that people often get frustrated by a flood of messages. Hackers have breached Uber, Microsoft, and Cisco using this method.

Right, So Why Is The Recommended Strategy Better? 😅

Let's break down the recommended strategy:

Use a Passwordless Login Method

Passwordless methods are more secure than password-based logins. If you want to know why, you can read my article on How Does Face ID or Touch ID Work. In simple terms, passwordless methods like Passkey use biometric authentication along with device identifiers to enable multifactor authentication (something you are and something you have) instead of a password (something you know).

This approach is not only easier and more secure but also resistant to many of the issues we discussed earlier. Although still new, there has been a significant industry push to adopt this, especially with the rise of biometric authenticators in our devices.

Note: You can find a list of websites and apps that support passwordless login or MFA, along with instructions on how to set it up, at passkeys.directory.

Use a Password Manager for Sites That Still Require a Username and Password

While not every site has adopted passwordless logins, a better way to secure your accounts that still use passwords is by using a password manager like Bitwarden or 1Password. They help you create strong, unique passwords and remember them easily. Most password managers come with autofill features that make it easy to use across devices.

While they can be a single point of failure and might be a bit of a hassle to set up initially, the benefits far outweigh the drawbacks. Remembering just one master password to manage your accounts securely is much better than dealing with the issues mentioned earlier.

Note: 1Password (the password manager I use) has provided more details on what happens if they are hacked. While there have been recent hacking incidents, I am not aware of any compromised data.

Implement Multi-factor Authentication to Verify Your Identity

Multi-factor Authentication (MFA) is a security measure that requires users to provide more than one form of identification to access their accounts. This typically involves a combination of something you know, like a traditional password, and something you have, such as a one-time password (OTP) sent via SMS or email. By adding this extra layer of security, MFA significantly reduces the risk of unauthorized access, even if your password is compromised.

Implementing MFA is a crucial step in protecting your online accounts and personal information. It may take a bit of extra time during the login process, but the added security is well worth the effort.

Note: Most websites and services we use provide 2FA. You can check based on your use case at 2fa.directory.

Conclusion

This article explores common security threats and offers strategies to protect yourself online. Some recommendations include using passwordless login methods like Face ID or Passkeys, using password managers like 1Password, and implementing multi-factor authentication (MFA). These measures can greatly improve your online security and reduce the risk of unauthorized access to your accounts.

Hopefully, this article helps you understand why online security is important and enables you to stay safe on the internet.

Thanks for reading! I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I'm always interested to know your thoughts and happy to answer any questions you might have in your mind. If you think this post was useful, please like the post to help promote this piece to others.

If you want to read more of my articles, visit my blog.

Thanks again for reading! :)

P.S Do feel free to connect with me on LinkedIn or Twitter

• They are extremely annoying when we don't remember them and even harder to reset
• They can be quite insecure with the most common password being password or 123456
• Phishing attacks are commonplace in today's internet era and using this hackers can steal your passwords

Would it not be simpler to move towards a more passwordless login? A place where we don't have to remember or have to enter passwords to gain access to our accounts? One such passwordless solution is WebAuthn.

What is WebAuthn? 😅

The Web Authentication API (also known as WebAuthn) is an API that enables strong authentication with public-key cryptography, enabling passwordless authentication and/or secure second-factor authentication without SMS texts.

Let's break that down to quickly understand:

• Public Key Cryptography - So we use a key-based authentication (public and private key) to login and not a password. If you are not sure how it works I suggest watching this video.

• Passwordless Authentication - In this type of authentication we will not be using a password to login but will use some form of user interaction to verify and login. This uses a hardware authenticator like a fingerprint sensor on your device or a YubiKey.

• Secure Second-Factor Authentication Without SMS Texts - Two-Factor Authentication today is predominantly driven by SMS-based OTP but these are also susceptible to SIM swap. SIM swap is essentially taking control of someone’s phone number, and tricking a carrier into transferring it to a new phone. A two-factor authentication scenario-driven through a hardware authenticator using WebAuthn would be a safer solution to the above problem

It is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. Web Authentication works hand in hand with other industry standards such as Credential Management Level 1 and FIDO 2.0 Client to Authenticator Protocol 2.

How Does It Work? 🤔

So like every other login situation:

• A user would be prompted for a username to identify them.
• The browser would then prompt the user to use their hardware authenticator and verify themselves.
• On successful authentication, you would be logged into the system.

Now what we don't see is a lot of what goes on in the background to facilitate this process. Let me explain a little more.

Registration Flow

In this process, a new set of key credentials are created against the username entered by the user. This key credential is the crux of the process which enables us to make sure this authentication is in a passwordless manner.

There is a simple 8 step process that takes place:

1. A user clicks on the register button on a site on their browser (user agent)
2. The authenticating server (relying party) issues a challenge (a random set of data sent as an array) to the user's browser to be able to enable WebAuthn login
3. The browser sends this challenge to the authenticator device
4. The authenticator device then prompts the user to authenticate themselves. This would be different based on the device. e.g - Touch ID on a Macbook or touching a YubiKey
5. Once the user authorizes the authenticator device, the authenticator will then create a new key pair (a public and private key) and will then use the private key to sign the challenge
6. The authenticator device will then return the signed challenge, the public key as well as details pertaining to the process back to the authenticating server
7. The authenticating server will then confirm the authenticity of the private key by using the public key to ensure the challenge was signed by the private key
8. It will then store the received details against the username for future use and respond that the user is registered

Authentication Flow

Authentication is a similar process where the above-generated credentials are used to verify the user's identity by going through a signed challenge process again.

There is a simple 8 step process that takes place:

1. A user clicks on the login button on a site on their browser (user agent) and enters their username
2. The authenticating server (relying party) issues a challenge (a random set of data sent as an array) to the user's browser along with the saved private key ID registered with the username
3. The browser sends this challenge & private key ID to the authenticator device
4. The authenticator device then prompts the user to authenticate themselves. This would be different based on the device. e.g - Touch ID on a Macbook or touching a YubiKey
5. Once the user authorizes the authenticator device, the authenticator will then retrieve the generated key pair saved on it with the provided private key ID and will then use the private key to sign the challenge
6. The authenticator device will then return the signed challenge as well as details pertaining to the process back to the authenticating server
7. The authenticating server will then confirm the authenticity of the private key by using its saved public key to ensure the challenge was signed by the private key
8. It will then log the user in

That Sounds Awesome 😮

Absolutely. Let's quickly see some of the benefits:

• Private/Public Key Based Authentication - It's a more secure way to authenticate users compared to the current norm of password-based authentication as it uses asymmetric cryptography by default
• Phishing Resistant - WebAuthn is resistant to phishing attacks due to the domain name being stored on the authenticator. This makes it harder for hackers to be able to spoof websites and gain access to credentials
• Store Public Data in Your DB - Only public data is stored in the DB. No sensitive data such as passwords are required to be stored in this flow
• Fine-Grained Control - You can control what sort of user interaction you want as a part of the flow for example a specific hardware device
• Better UX - A user won't need to remember any password or such and will only need to use a hardware authenticator to be able to login to the device
• W3C Recommendation - This means it should be supported by all major browsers across devices

and lastly NO MORE PASSWORDS

All that being said it does have some issues which are still to be solved:

• User Credential Management - The user experience with respect to credential management is still in a very primitive state
• Cross-Device Credentials - Being able to pass credentials from one device to another is not very easy unless you use a roaming hardware authenticator like a YubiKey
• Lost/Stolen Authenticator Device Recovery - In case you don't have access or lose your roaming hardware authenticator, the fallback scenario is generally a password to gain access to an account but would need to be explicitly setup
• WebAuthn Might Replace Passwords - WebAuthn is still in a very early phase and is slowly being adopted and supported. It might replace password-based login in the future but it might be a while before we see that happening. Note - this doesn't replace things like token-based authentication flows like OAuth or OIDC as well as identity providers like Auth0, Okta, Google, etc

Conclusion

WebAuthn is a much more secure authentication flow that is phishing resistant and only stores public data on a database with most private data generally stored on the hardware authenticator only. It makes use of asymmetric cryptography to do a user check and provides a much better UX compared to the existing login flow.

Currently, WebAuthn is majorly being driven as a two-factor authentication or universal 2nd factor workflow but could possibly replace password-based login in the future.

Hopefully, this article enables you to understand what WebAuthn is and how it works.

Thanks for reading! I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I'm always interested to know your thoughts and happy to answer any questions you might have in your mind. If you think this post was useful, please like the post to help promote this piece to others.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn or Twitter

Appendix

The following have been great material that helped me write this article:

• Web Authentication (WebAuthn) Credential and Login Demo by Auth0
• WebAuthn Specification Doc
• WebAuthn Presentation by Sam Bellen
• Guide to WebAuthn
• Web Authentication API MDN Docs
• WebAuthn Is Great and It Sucks by Okta
• What is WebAuthn? by Okta
• What is WebAuthn: Logging in with Touch ID and Windows Hello on the web by Michelle Marcelline

What are Auth0 Actions?

Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. Actions are used to customize and extend Auth0's capabilities with custom logic.

Above you can see a sample flow where once the user logs into the system, you add a trigger to verify the user's identity using Onfido and then confirm consent using OneTrust before completing the login flow and issuing the token.

In brief, an action is a programmatic way to add custom business logic into your login flow.

Why use Auth0 Actions? 🤔

1. Extensibility - Built to give developers more tooling and a better experience in their login workflows.

2. Drag N Drop Functionality — The flow editor lets you visually build custom workflows with drag and drop Action blocks for complete control.

3. Monaco Code Editor — Designed with developers in mind, you can easily write JavaScript functions with validation, intelligent code completion, and type definitions with TypeScript support.

4. Serverless Environment — Auth0 host's your custom Action functions and processes them when desired. The functions are stored and run on their infrastructure.

5. Version Control — You have the ability to store a history of individual Action changes and the power to revert back to previous versions as needed.

6. Pre-Production Testing — Your personal Actions can be drafted, reviewed, and tested before deploying into production

How do I set one up? 😮

For the purpose of this demo, we are going to be creating an action to enforce Multi-Factor Authentication (MFA) for a specific role. I will take you through the process of:

1. Creating a role

2. Adding users

3. Setting up a demo application

4. Creating an Action to enforce MFA

5. Testing the code

Let's get started:

1) Login to Your Auth0 Account

The first step to secure your application is to access the Auth0 Dashboard in order to create your Auth0 application. If you haven’t created an Auth0 account, you can sign up for a free one now.

2) Create an Application

• Once in the dashboard, move to the Applications tab in the left sidebar.

• Click on Create Application

• Provide a friendly name for your application (eg - Test Actions App) and choose Single Page Web Applications as an application type.

• From the quick start tab choose React. Download the sample app. This will have most of the necessary details already in place.

• We also need to set up a few settings for this application. Choose the Settings tab (next to quick start). Add your localhost URL to the following places:

  • Allowed Callback URLs

  • Allowed Logout URLs

  • Allowed Web Origins

3) Setup Application

• Unzip the code we downloaded in a location of your choice.

• Open it in the code editor of your choice

• Cross verify that the details of your application are correctly configured in src/auth_config.json

• We will run this code locally so install the dependencies and run it in dev mode (so we have hot reload enabled). To do this npm install & npm run dev

• Once the application starts you should be shown a SPA like below. If you click on Log In it will take you to your login box.

4) Setup Users and Roles

• Click on the User Management tab in the left sidebar.

• Go to the Users tab and click on the Create User button. We need to create 2 users:

  1. Admin User

  2. Test User

Remember these credentials as these are the test users we will use for this demo.

• Go to the Roles tab and click on the Create Role button. Call the role Admin and once created go to the user tab and assign it to your Admin user.

• Once this is done go back to your locally running SPA and try logging in with one credential. You should be able to access a user portal like below.

5) Setup Actions

• Click on the Actions Tab in the left sidebar

• Go to the Flows category

• Select the Login Flow. This will run the flow of an action once the login process in your login box is complete.

• Click on the + button in Add Action and select Build Custom.

• Name it MFA for Role and leave the rest as is.

• Once Created you come to a screen as follows

• Add the below code into onExecutePostLogin function

  if (event.authorization != undefined && event.authorization.roles.includes("Admin")) {
      api.multifactor.enable("any");
  };

• On the left side you can see a play button. This is your testing environment inside the actions editor. You will find the event object in which you can test the actions flow by adding Admin to the authorization.roles array.

  When you add the Admin role you should see a response with MFA like below and when not present you should get an empty array.

• Click on save draft & deploy. Go to the flow now and click on the custom tab on the right and you should be able to drag and drop the MFA for Roles action into the flow. Click on Apply such that this new flow will work with your login box.

• You will also need to enable MFA on the Auth0 dashboard. Open the Securities tab and choose multi-factor auth. In the following screen enable One-time Password. This will enable users to use an application like Google Authenticator for a one-time password. There are other factors you can enforce as well like SMS or Email-based OTP etc but for this demo, we will be using just the one-time password.

  In the policies section leave everything as is and save your changes.

6) Testing With Your Application

Now when you go to login in on the locally running application we should be triggered to do a MFA for the admin user. So let's test that.

• Click on login and redirect to your login box. If you are logged in already, log out and then do the same.

• Enter your admin users credentials

• Once the login goes through as a success you will be prompted to authenticate with your preferred authenticator app. I used google authenticator and entered my OTP.

• You will then be asked to consent to share your user data with the application.

• Once you accept the above you should be logged in.

• If you try the same flow with the test user you will notice that you are directly logged in post the consent page and no MFA request was triggered. This is because in our actions code as shown below you can see we look to see if the user roles have the Admin role and if so then we ask Auth0 to trigger a MFA workflow with any of the enabled MFA use cases of the tenant.

  if (event.authorization != undefined && event.authorization.roles.includes("Admin")) {
      api.multifactor.enable("any");
  };

Conclusion

Congrats you have just created a custom Auth0 Actions flow and tested it. This was a simple example to enable you to understand what they are, how they can be built and used in your workflows. There are many more complex flows you can build for and can find some examples provided by Auth0 below. Just click on the trigger and you will find specific examples.

Sample Actions Code

Hopefully, this enables you to understand what actions are and how you can use them in your login workflows.

Thanks for reading! I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I'm always interested to know your thoughts and happy to answer any questions you might have in your mind. If you think this post was useful, please like the post to help promote this piece to others.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn or Twitter

Appendix

The following have been great material that helped me write this article:

• Introducing Auth0 Actions - Auth0

• Auth0 Actions - Auth0 Docs

Hey Hackers! I'm Rohit Mathew and I'm the Software Development Engineer at McAfee Enterprise.

First of all, a huge thank you to the HackerNoon community and staff for nominating me for a 2021 Noonies award! I've been nominated in the following categories please do check out these award pages and vote:

1. HackerNoon Contributor of the Year - authentication
2. HackerNoon Contributor of the Year - covid-19
3. HackerNoon Contributor of the Year - remote-teams
4. HackerNoon Contributor of the Year - remote-work

Post the COVID-19 pandemic, we have seen a significant shift towards remote work and cloud-based workflows. However, the task is to make sure they are well secured. We have seen multiple attacks like Colonial Pipeline, data breaches, and many more threats that have increased since the pandemic started. Cybersecurity as a whole has risen in importance and as someone in the software development and cybersecurity industry, I believe that advancements in this area are very exciting.

While my interests currently lie in the development of scalable solutions, DevOps, Developer Relations/Dev Evangelism as well as smart AI-based systems, I'm excited by almost anything in tech. Learn more about my thoughts and opinions as well as my journey in the tech industry via the interview below.

1. What do you do and why do you do it? (tell us your story)

I work at McAfee Enterprise as an SDE on their platform engineering team working on building SecOps products. I'm also an Auth0 Ambassador working on sharing knowledge, tips, and best practices on topics relating to identity, security, and authentication.

There are no secrets to my inspiration. It's just that I love what I do. The challenging and gratifying feeling you get when you see people use a product you helped build and something that brings value to their lives is what keeps me going. I also enjoy giving back to the community and hence I write articles and try sharing my knowledge as much as possible.

2. Tell us more about the things you create / write / manage / build!

At McAfee Enterprise, I work on building SecOps products and products to help enterprises better secure themselves. Outside my work at McAfee, I also spend time on a few personal projects that can be found on my Github. A few projects I've worked on in the past few years I'm proud to include are:

• readme.so: It is an online editor to help developers make readmes for their project.
• Templater: A GitHub App built with Probot that requests more info from newly opened Pull Requests and Issues that contain either default titles, whose description is left blank, or templates not followed.
• Vaccine Notifier: Slack Notifier for India's Vaccine Appointment. This checks the Co-WIN portal periodically to find vaccination slots available in the provided pin codes and for your age.
• Slack Jenkins Bot: It is a chatbot built on the Hubot framework to trigger Jenkins jobs and post status updates back to slack.

And last but not least, my blog that contains random bits and pieces of tech that I find interesting. I don't really have a set rule for what I write about. I usually get really curious about something and then go about finding out more about it, and once I've learned a bit about it, the ultimate test that I understand is whether I can explain it to someone simply enough for them to learn about it without any prior subject experience. This is where my writing comes in.

Outside of work you will find me generally creating a lot of music playlists. These can be found on my Spotify Profile. I also actively play Fantasy Premier League and managed to get a top 200k finish last year.

3. How did you end up on your current career path? Do you like it?

Since I was a child I have always been fascinated with puzzles & logical problems. I started programming in primary school with simple LOGO programs and then slowly went on to C, C++, and Java. I was also extremely interested in Technology and the advancements happening in it.

Thus I decided to pursue an undergraduate degree in Computer Science. During this time I went about pursuing internships as I am a staunch believer in understanding things both technically and practically. I managed to pursue 7 internships during that time. I started off with Android Development and worked on building multiple apps with friends in college as well as for companies. We even managed to participate in multiple hackathons and ended up coming Second in the Student Category in Save the Hacker conducted by Freshworks.

My final internship was at HackerRank. That internship helped shape a lot of things for me about technology, development, culture, what I like and dislike, etc. I worked as a full-stack engineer and that exposed me to engineering at scale. I was completely intrigued by this and it played into my childhood fascinations for puzzles and logical problems. This put me on a journey to become better at building products at scale which provide value to users.

After graduating I ended up joining a small Insuretech startup called Turtlemint. When I joined they were a small Series A funded startup with about 20,000 insurance agents on their network. Over the time I worked there the company grew 50x to 1 million + insurance agents and a growing SaaS business. Along with them, I grew massively. I was exploring things, building from scratch, and gaining so much real-world experience.

During my time there I was also exploring Developer Relations and joined the Auth0 Ambassador Program. This program gave me a platform to explore how I could give back to the community and share my knowledge better. It also exposed me to a lot of interesting new things in the domain of Cybersecurity.

Finally, here I am at McAfee Enterprise. With the onset of the pandemic and the uptick in cyberattacks, I felt that this would be a great sector to get into. Not only do I get to work on building products that help secure some of our everyday activities but general mass awareness about cybersecurity and privacy-related topics are very few. I wanted to thus also help people understand the need for it and share my knowledge about such practices.

Like Naval said in his iconic Twitter thread, How to get rich ( without getting lucky) - Specific knowledge is found by pursuing your genuine curiosity and passion rather than whatever is hot right now. I have pivoted many times in my short span of pursuing software development but I have learned a lot and believe I am going in the right direction.

4. What tech are you most excited or passionate about right now and why?

• Cybersecurity & Privacy
• Crypto

Being someone who is very conscious of his security and privacy, I do try to keep my eyes open for new advancements in that area. Crypto has been such a buzz for a while now and I have been making small inroads exploring it.

5. What tech are you most worried about right now and why?

• Cybersecurity & Privacy
• AI

I know both sound very cliche but with things becoming remote and online there is a growing risk of cyberattacks like Colonial Pipeline which could have major impacts on society as a whole. AI is another worry because technology can be used to improve or destroy peoples' lives, so the main problem here is how we will use it?

We have seen examples from the Cambridge Analytica scandal to the Facebook whistleblower story on misinformation, and even mental health problems which lead to the question of how both AI as well Cybersecurity & Privacy related issues if not properly regulated can see capitalistic companies and nation-states cause havoc.

6. If we gave you 10 million dollars to invest in something today, what would you invest in and why?

Considering this as a situation where I personally don't get the money but can decide on how I allocate the money I would focus on:

• Education - Coming from a country like India where rural infrastructure is not at par with developed countries, delivering education with access to the internet is difficult. I currently donate a lot toward this effort and would allocate money to upskilling the rural community and giving them access to technology and the internet.
• Climate Change - Climate change and the effects it's having on the Earth are very clearly seen around us. It's a cause I truly believe in and do my bit monetarily now as well, to save the environment. Hence this is another effort I would support.
• Startups - Having worked in multiple startups and seeing them disrupt multiple ecosystems I would allocate money to any interesting startup I find and would love to help them grow and scale.

7. What are you currently learning?

I generally learn about whatever makes me curious. Work-wise I am currently learning a few of these things:

• Golang
• Python
• DevOps Practices
• System Design & Architecture

I am also working on:

• Improving my marketing & social media outreach
• Converting some of my articles into talks
• I believe the world works in systems (systems thinking). I am hence always working on improving my current understanding of this
• Trying to implement some of Naval's wisdom in my life

Other than these I am always reading up on things I have mentioned before.

8. What's the best advice you've ever given someone?

Don't think about it, just start doing it. The more you think about it, the more reasons you'll give yourself to not do it.

9. What's the best advice you've ever received?

• How to get rich ( without getting lucky) - Naval Ravikant
• The Best Advice You've Ever Received - Sahil Bloom
• How to Make Smart Decisions Without Getting Lucky - Shane Parrish
• Self Improvement - Shane Parrish
• Systems design explains the world - Avery Pennarun
• The Product-Minded Software Engineer - Gergely Orosz
• Get your work recognized: write a brag document - Julia Evans

Thanks for reading!

Thank you for taking the time to check out this post. For more content like this, head over to my actual blog or my website. Feel free to reach out to me on Twitter, LinkedIn and follow me on Github.

About HackerNoon's 2021 Noonie Awards

The annual Noonie Awards celebrate the best and brightest of the tech industry, bringing together all who are making the Internet and the world of tech what it is today. Please be sure to check out our award categories, nominate, and vote for the people and companies who you think are making the biggest impact on the tech industry today.

The 2021 Noonies are sponsored by: bybit, Dottech Domains, and Avast. Thank you so much to these sponsors who are helping us celebrate the accomplishments of all our nominees.

First of all, it increases security and helps you ease out the management of encryption keys. But it's also a highly recommended pattern by PCI-DSS (Security Standard for Credit Card Processing) and results in much stronger data privacy and data protection of Personally Identifiable Information (PII).

When we think of data there are 3 places we can think of encrypting data:

• At Rest - On hardware storage devices like on a disk or in your devices
• In Transit - In moving data between different locations like server to server through API calls
• In Use - While it's being used by a server (New concept and still being researched)

We will be dealing primarily with encryption at rest and envelope encryption is a popular pattern recommended for it.

So What is Envelope Encryption? 🤔

This is a type of encryption that involves encrypting your data with a Data Encryption Key, then encrypting the Data Encryption Key (DEK) with a Customer Master Keys (CMK). You then store both the encrypted data and the encrypted DEK alongside each other in the database. This practice of using a wrapping key to encrypt data keys is known as envelope encryption.

Like mentioned there are 2 keys you need to understand first before we see how the encryption process takes place:

1. Customer Master Key (CMK)
2. Data Encryption Key (DEK)

Customer Master Keys/Root Keys/Key Encryption Keys (CMK)

These are symmetric keys used to encrypt, decrypt, and re-encrypt data. It can also generate Data Encryption Keys that you can use outside of the KMS system. They follow the below:

• Access to these must be restricted to the least endpoints
• Access to these should be secured through ACL
• These keys must be stored in a location that is secure like a KMS of a Hardware Security Module (to comply with FIPS 140-2)

In systems like Google Cloud Key Management Service, you have a hierarchy of keys as seen below with more information to be found here.

Data Encryption Keys (DEK)

Data keys are encryption keys you can use to encrypt data, including large amounts of data and other data encryption keys. Unlike CMK's, which can't be downloaded, data keys are returned to you for use outside of the KMS. Some of the best practices for DEKs:

• Generate DEKs locally
• When stored, always ensure DEKs are encrypted at rest
• For easy access, store the DEK near the data that it encrypts
• Generate a new DEK every time you write the data. This means you don't need to rotate the DEKs
• Do not use the same DEK to encrypt data from two different users
• Use a strong algorithm such as 256-bit Advanced Encryption Standard (AES)

Encryption Process

• API request is sent to KMS to generate Data key using CMK
• KMS returns a response with Plain Data key and Encrypted Data key (using CMK)

• Data is encrypted using Plain Data key
• Plain Data key is removed from memory

• Encrypted Data and Encrypted Data Key is packaged together as an envelope and stored

Decryption Process

• Encrypted Data key is extracted from the envelope
• API request is sent to KMS using Encrypted Data key which has information about CMK to be used in KMS for decryption
• KMS returns a response with Plain Data Key

• Encrypted Data is decrypted using Plain Data key
• Plain Data Key is removed from memory

How is Envelope Encryption Different From Other Encryption Patterns? 🤔

Every service you build requires encryption at some point. This could be passwords or PII in a database, credentials for an external service, or even files in a filesystem.

Configuration Files

You can easily handle some of these situations with a configuration file but they pose their own security risks like:

• Proper planning is needed to keep the data secure
• Multiple formats are present e.g - YAML, JSON and XML to name a few
• Exact storage locations may be hard-coded in the app, making deployment potentially problematic
• Parsing of the config files can be problematic.

Symmetric Encryption

You can encrypt data using a symmetric key but they suffer from a major issue which is Key Management.

You need to find a way to get the key to the party with whom you are sharing data and if someone gets their hands on a symmetric key, they can decrypt everything encrypted with that key.

Asymmetric Encryption

You can encrypt data using Asymmetric Encryption which is considered as a standard now a days. Some of the cons of it are:

• It is a slow process which makes its not suitable for decrypting bulk messages
• When you lose your private key, your received messages will not be decrypted
• If your private key is identified by an attacker, all of your messages can be read by him/her

Envelope Encryption

Some of the benefits offered by it are:

• A combination of benefits from symmetric and asymmetric encryption - The data is encrypted using a DEK which follows symmetric encryption. The DEK is encrypted by a CMK which follows asymmetric encryption. By using asymmetric encryption, encrypted DEKs can be shared and unencrypted only by those with access to the CMK, mitigating the key exchange problem of symmetric algorithms.

• Easier key management - Multiple DEKs can be encrypted under a singular root key and ease the management of keys in a KMS. You can also do more secure key maintenance by rotating your root keys, instead of rotating and re-encrypting all of your DEKs.

• Data key protection - Because we encrypt the data key with the CMK, we don't have to worry about storing the encrypted data key. Thus, we can safely store the encrypted data key alongside the encrypted data.

Key Management Systems & Why it Works at Scale? 🤔

The biggest reason for Envelope Encryption and KMSs working at scale is Performance. Like we mentioned before Asymmetric Encryptions are typically slow and Symmetric Encryptions are very fast but the management of keys is the issue.

So in Envelope Encryption for a large quantity of data, you quickly encrypt it using symmetric encryption using a random key. Then just the key is encrypted using asymmetric encryption. This gives the benefits of asymmetric encryption, with the performance of symmetric encryption.

Key Management Systems like AWS KMS, Azure Key Vault, and Google Cloud Key Management Service gives you a fully managed service to store and manage encryption keys. These use envelope encryption internally, and they’re used by default in a lot of services that support encryption in cloud infrastructure providers like AWS, GCP, Azure, and others.

An ideal key management system should be highly available, it should control access to the master key(s), it should audit the key(s) usage, and finally, it should manage key(s) lifecycle.

Thus by having the above characteristics and by using envelope encryption internally, Key Management Systems are ideal to handle encryption at scale.

Summary

Envelope Encryption is one of the most trusted application security design patterns used at scale. It is the default encryption method used in services like AWS S3, GCP, and others.

Hopefully, this enables you to understand how you can encrypt/decrypt a large amount of data using the envelope encryption method at scale in a more trusted setup.

Thanks for reading! I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I'm always interested to know your thoughts and happy to answer any questions you might have in your mind. If you think this post was useful, please like the post to help promote this piece to others.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn or Twitter

Appendix

This article leans heavily on the following material:

• Google Cloud Data Encryption - Jayendra's Cloud Certification Blog -
• AWS KMS concepts - AWS
• AWS KMS and Envelope Encryption - Manish Pandit
• Cloud Architecture Pattern: Envelope Encryption (or Digital Envelope) with Public Cloud Providers Part 1 - Nilay Parikh
• AWS KMS Envelope Encryption - Chirag Modi
• Protecting data with envelope encryption - IBM
• Envelope encryption - GCP
• Encryption at rest in Google Cloud - GCP

Why Oracle Cloud Infrastructure

Oracle offers an Always Free cloud services. You can see the details below:

Note: the workload of a container has to fit in the shape of this always free VM: VM.Standard.E2.1.Micro, 1/8 OCPU, 1 GB RAM and up to 480 Mbps network bandwidth (see docs). The boot volume offers just over 45GB of disk storage. In order for the container to be accessible, the ports mapped on the VM to container also have to be configured in ingress rules in the security list. We need to install Docker ourselves in the VM; it is provisioned with just an Oracle Linux image.

Lets get started

1) Get yourself a tenancy and create a VM

The first thing we ought to do is create a VM. If you've got a cloud tenancy then you probably already know how to create an instance. If you're new to Oracle Cloud then watch the below video and create an "always free" VM by signing up at https://cloud.oracle.com/free:

Note: Most of the details like availability zone, image details, networking options are already pre-filled by Oracle and kept but can be adjusted if you want something specific. I went ahead with the standard settings.

The VM will now be provisioned — as is indicated:

After a little while, the VM is up and running — and has a public IP address assigned to it:

The situation at this point can be visualized as is shown in the below figure:

2) Setup Ingress Rules in Security List for VM to open up the ports required for whatever container you want to run

The VM is associated with a public subnet in a Virtual Cloud Network. The security list(s) for this subnet should be configured with ingress rules that make the required traffic possible to the port(s) that will be mapped to the container image. Open the details page for the public subnet. Click on the security list (or create a new one)

We will run the Postgres container image. The port we will map in the VM to the Postgres container is one we can choose ourselves. Let’s pick 5432 which is the default port for Postgres. we need to configure an ingress rule as below:

Source CIDR is set to 0.0.0.0/0; along with Source Port Range left blank (i.e. All) this means that this rule applies to any client.

3) SSH into the VM, install Docker

At this point, we have a running VM instance with just a Linux Operating System but no Docker. Let’s SSH into the VM using this command:

ssh opc@public-id-address -i private-key-file

Replace the public-id-address with the public IP assigned to the VM. Replace private-key-file with a reference to the file that contains the SSH private key

Now to install Docker, execute these commands:

sudo yum-config-manager --enable ol7_addons 
sudo yum install docker-engine -y 
sudo systemctl start docker 
sudo systemctl enable docker

To run Docker as a non-root user, read these instructions.

Run Docker Container Image

With Docker installed, we can now run the Postgres container image.

Run the container image with this command. Don't forget to add a different password for POSTGRES_PASSWORD:

sudo docker run -d -p 5432:5432 --name postgres -e POSTGRES_PASSWORD=mysecretpassword postgres

Use sudo docker ps to verify if the container is running. The above command will start a PostgreSQL database and map ports using the following pattern: -p <host_port>:<container_port>. Port 5432 of our container will be mapped on port 5432 of our host or server.

Access the container on your host or server. We will create a database inside our Postgres container.

sudo docker exec -it postgres bash

Now you are ‘inside’ your container. We can access postgres and create the database.

root@12d48fde2627:/# psql -U postgres
psql (13.3 (Debian 13.3-1.pgdg100+1))
Type "help" for help.

postgres=# CREATE DATABASE testdb;
CREATE DATABASE
postgres=# \q

We are finished. You can exit your container (\q) and go to your local machine. Here you need some PostgreSQL Client tool installed like DBeaver or pgAdmin. Connect to the DB server by using the public IP as the host, 5432 as the port, postgres as the username, the POSTGRES_PASSWORD as the password and connect to the testdb. Save the connect and you should now be able to access your DB.

Congrats, you have now run a Postgres Docker Container on Oracle Cloud Infrastructure!

Thanks for reading! I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I'm always interested to know your thoughts and happy to answer any questions you might have in your mind. If you think this post was useful, please like the post to help promote this piece to others.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn or Twitter

Appendix

This article leans heavily on the following material:

• Run Always Free Docker Container on Oracle Cloud Infrastructure - Lucas Jellema

• Connect From Your Local Machine to a PostgreSQL Database in Docker - Lorenz Vanthillo

There obviously is more of a complex process involved in setting up a social login but for a user its as simple as clicking a buttons to log in. The ease of not having to remember an ID/password and just being able to signup/login through the click of a button is extremely beneficial to the user

What if I Told You This Was Way More Secure? 😉

Social logins really help us achieve a few things:

• Support for multiple devices
• Single Sign On
• Simple to implement
• The ability to share data for users without having to release personal information
• Ability revoke an active session i.e not allow a third party access to the login and data
• There is no long lasting credentials being exchanged

So What Drives This Technology? 🤔

The underlying protocol used is something called OAuth. It is defined as:

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.

Now I'm sure with the basic understand of social logins and the above definition we get some idea into this but let me use a simple example to explain how OAuth works.

I remember my friend Sumedh describing it with an interaction between a Mother, Father and their Son. Imagine that the mother wants some grocery from market and she wants the son to buy it for her.

Before I go into the conversation let me set some context.

Mother: The user of the application

Son: Third party client or in technical terms the OAuth Client

Father: The Social Account or in technical terms the OAuth Provider

The conversation could possibly be as such:

Mother: Hey son, go to market and bring me some coffee powder. Take the required money from your father.

Son: Okay.

Son (OAuth client) goes to father (OAuth provider)

Son: Hey dad, mom told me to take money from you since she wants some things from market.

Father (OAuth provider) asks mother (User) about the permission to give money to their son (OAuth client)

Father: Hey, shall I give him the money and how much?

Authorization of your application takes place here.

Mother: Yes, please give it to him.

Permission grant by mother (User)

Son (OAuth client) gets the required things from market and returns them to mother (User). Here returning things to mother (User) can be thought of redirecting the user (or logging him) to the third party site.

For a more technical understanding of how this works in code Richard Schneeman has this amazing video below to enable you to understand:

Now Lets Put This All in Context

Let's take the example of the DEV Community. If you wanted to create an account on the DEV Community using twitter what would happen:

• Basically if the Sign up with Twitter button exists then the initial setup between the OAuth Client (Dev.to) and the OAuth Provider (Twitter) is already done.

• The Client triggers a permission grant page of the OAuth Provider based on the credentials it received from the initial setup. This looks something like below

• Once you login and grant the permission the OAuth Provider redirects you back to the client and the client gets a token to access your information from the OAuth Provider. This access token enables the client to get specific data from the provider

• Based on that data the client then creates an account and logs you in

What Happens on the Successive Login?

Thats a good question. Now OAuth has multiple grant types and based on that we have different ways to get an access token from the OAuth Provider. For all subsequent logins the OAuth Client will hit the provider and generate a new access token to get access to the data and do the login.

Thus this enables us to achieve Single Sign On, the ability to share data for users without having to release personal information, ability to revoke access and the ability to not have long lasting credentials exchanged.

Conclusion

I hope this short blog post helps you understand why social logins are more secure than the traditional username/password. I will be writing about the different OAuth Grant types in the future and will be providing code examples as well.

Thanks for reading! I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I'm always interested to know your thoughts and happy to answer any questions you might have in your mind. If you think this post was useful, please like the post to help to promote this piece to others.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn or Twitter

Let me take you through the whole thing from scratch

Authentication vs Authorization

Authentication is basically what happens when users sign-in. We check the user's identity based on some credentials of their e.g username/password. Authorization, on the other hand, checks if the above-validated user is able to access a certain flow.

Now I am not going to dive into all the details of the authentication flow but a generic login form is the simplest example in which the client (e.g - browser) knows that this is an actual user and gets their details. It makes no sense to keep authenticating every single subsequent interaction of the user with a system as this will add extra processing time; and as the saying goes: time is money. Hence, we authenticate and then store specific data based on which we authorize the subsequent interactions.

The simplest solution to enable this authorization flow is session-based authentication. In this, the server will create a session for the user after the user logs in. The session id is then stored on a cookie on the user's browser. While the user stays logged in, the cookie would be sent along with every subsequent request. The server can then compare the session id stored on the cookie against the session information stored in the memory to verify the user's identity and sends a response with the corresponding state! This obviously is not an optimal solution when you scale the system and leads to a stateful implementation where we are dependent on a server to authenticate every request.

Sounds good. What does JWT have to do with this?

Good question. So token-based authentication like JWT is a much more scalable solution as JWT is stateless. That means the user state is never saved in the server memory but the state is stored inside the token on the client side itself. By transmitting these JWTs with requests to other parties, you can make those systems more secure too. Lets quickly run through the authentication and authorization flow:

1. First, the user logs on to the authentication server using an authentication key (it can be a username / password pair, or a Facebook key, or a Google key, or a key from another account).

2. The authentication server then creates the JWT and sends it to the user.

3. When the user makes a request to the application API, he adds the previously received JWT to it.

4. When a user makes an API request, the application can check whether the user is what he claims to be, using the JWT from the request. In this scheme, the application server is configured to be able to check whether the incoming JWT is exactly what was created by the authentication server (the verification process will be explained later in more detail).

Oh, interesting 🤔 So what does a JWT look like?

A JSON Web Token consists of 3 parts separated by periods.

header.payload.signature

Header

The header typically only contains 2 details: the type of token (JWT in this case) and the hashing algorithm used by the token such as RSA, HMAC, or SHA256. This generally uses HS256 by default.

{
 "alg": "HS256",
 "typ": "JWT"
}

Payload

The actual data pertaining to a user is what we call claims. These claims can be of 3 types:

• Reserved claims: These are some predefined claims which are not mandatory but recommended to use. These help the application judge the authenticity of the token. Some of them are iss (issuer), exp (expiration time), sub (subject), aud (audience), among others. The full list is available here

• Public claims: These can be defined at will by those using JWTs. To avoid issues they should be defined in the IANA JSON Web Token Registry. Here is some more information regarding public claims.

• Private claims: These are the custom claims created to share information between parties that agree on using them. Examples could be specific values such as employee ID and department name.

In the below code snippet you can see different types of claims being used where iss is a reserved claim, name is a public claim and admin is a private claim.

{
  [...]
  "iss": "https://rohitjmathew.space",
  "name": "Rohit Jacob Mathew",
  "admin": false
}

REMEMBER: Do not put large data in claim sets. Claim sets are meant to be compact. Also, do not put sensitive information, since JWT can be decoded easily.

Signature

The signature is the most important part of a JSON Web Token (JWT). It is calculated by encoding the header and payload using Base64url Encoding and concatenating them with a period separator, which is then run through the cryptographic algorithm.

// signature algorithm
data = base64urlEncode( header ) + "." + base64urlEncode( payload )
signature = HMAC( data, secret_salt )

So when the header or payload changes, the signature has to be calculated again.

Put Together

Thus the JWT looks like:

token = encodeBase64Url(header) + '.' + encodeBase64Url(payload) + '.' + encodeBase64Url(signature)

token = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3JvaGl0am1hdGhldy5zcGFjZSIsIm5hbWUiOiJSb2hpdCBKYWNvYiBNYXRoZXciLCJhZG1pbiI6ZmFsc2V9.ZOCcJAceq0Uq3fuIfWA0FVT_BLi5o-iPvyN4rhZgBuo

Securing JWT

I'm sure if you took the above JWT and checked on jwt.io you could see all the data in the token. This brings up the question of how is this secure?

It's absolutely crucial to know that JWT's are generally encoded and not encrypted. It is a mechanism by which you can verify that the data is not tampered with and has come from a trusted source.

A simple way in which you can ensure that JWT's are secure is by ensuring your requests are sent on HTTPS endpoints in which all data being passed in the request is encrypted.

Now, JWT uses two mechanisms to secure the information within it- signing and encryption. The two standards that describe these security features of JWT are JSON Web Signature (JWS) and JSON Web Encryption (JWE). Let me give you a rundown on them.

Signing

The purpose of a signature is to allow one or more parties to establish the authenticity of the JWT. Say I change the values in the payload above on jwt.io and try using it from my client. Well, that's where we can use JWS to sign the token and let it verify that the data contained in the JWT has not been tampered with.

Now if you remember the signature is basically the encoded header and payload concatenated with a period and then run through a hashing algorithm with a secret key. This signature attached at the end enables us to determine if the JWT has been tampered with because for any change in the data the signature will change. A signature, however, does not prevent other parties from reading the contents of the JWT. This is what encryption is designed to do.

Encryption

While signing a JWT provides a means to establish the authenticity of the JWT contents, encryption provides a way to keep the contents of the JWT unreadable to third parties.

An encrypted JWT is known as JWE (JSON Web Encryption) and, unlike JWS, its compact serialization form has 5 elements separated by dots. Similar to JWS, it can use two cryptographic schemes: a shared secret scheme and a public/private-key scheme.

Wow, 😮 That's so cool. So how do you use JWT at Turtlemint?

We predominantly use JWT to allow us to transfer data between multiple applications as well as between domains with greater security.

As we have multiple products across multiple domains, this results in us having to transfer data from one domain to another in a more secure manner. A common problem you will see when doing something like this is CORS issues. JWT tokens enable the sharing of these resources in small containers as a part of the API call while also enabling us to validate the data (to be authentic). We also have services that need to interact with each other over the internet and use JWT to pass user-related data between them more securely.

Additional Info

Use the ebook below to better understand JWT. This is provided by Auth0 one of the leading providers of authentication, security, and identity solutions.

[

2]1

I hope you were able to understand what JSON Web Token (JWT) is and a few instances where we use them at Turtlemint. As long as you understand the basic concepts behind it you should be able to use them across multiple scenarios to either authenticate or transfer data in a more secure manner. Do reach out or comment below interesting use cases you have used them in.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn and happy to answer any questions you might have in your mind.

Photo by 🇨🇭 Claudio Schwarz | @purzlbaum on Unsplash

I am sure that we have seen enough of articles on things to do and how to optimize yourself to work remotely during this pandemic. I don’t write this to tell you what to do, but rather, to run you through some of the things we have done to be productive during this remote work scenario.

Background

Let me begin by saying we were hardly a remote team but a distributed team sitting out of offices in Mumbai and Pune. We had a lot of our workflows structured around working in the office and nothing close to a proper async remote setup. We follow agile methodologies in our SDLC and have multiple teams working and interacting in our offices.

With the onset of the rising cases in Mumbai and Pune in March, management took the decision to move to a remote work setup. Obviously this was a huge deal and there were a lot of things that we changed to ensure we were able to function without much upheaval. Now approximately 5 months post the switch to remote work, we want to share the details of some of the things that helped us:

Communication

I think communication within the team and between teams is one of the biggest things to take a hit during the switch. Finding the balance between async text communication, instant messages over Slack, and video calls was the biggest experiment. Instant messaging is great but we also have to keep our colleague's mental health and situation at home in mind. Async communication is great too but also has its cons like turn around time for the conversation, making sure people understand and are referring to the same context, etc. Video calls are the new mode of communication but also have their own downside of syncing timings and not burdening the other members too much. Let's take each scenario:

Online Video Calls

The obvious one being the switch from being able to do meetings in-person to doing them digitally. We were used to just huddling in a room and figuring things out. This was a pretty big change for us and it took some time to find the balance between what worked and ensuring it was not too taxing on people. We found that finding a balance between keeping meetings casual as well as professional was essential. We made sure we try having the video switched on most of the time to ensure that we manage to see our colleagues. We don’t mandate it but its always nice to see our friends.

A few things to keep in mind, try having good connectivity as these are pretty heavy calls. If you cannot do a video call, try doing just an audio call. Making sure you are muted when you are not speaking and allowing others to complete is also important. Shared collaborative applications like Google Docs and even things like IdeaBoardz are great tools to consider

Instant Messages

Instant messages like Hangouts and Slack are also important parts of our workflow. That being said depending on an immediate reply or setting context to situations over them is difficult. It is important to not overload our colleagues with too many Slack messages or expect instant replies and resolution of conversations. However, we have found a great way to ensure that we are able to stay in context and focus on situations.

For most cross-team dependencies we try creating a common slack channel pertaining to the dependency. This ensures that we stay on context and our office huddle in a meeting room is slightly replicable. It's also essential that only things with priority and importance are kept on these instant messages. If you have a long detailed thing you want to bring up then communicating that over an email is much better than it getting lost in a chat.

Async Communication

Async communication over email was something that we were already practicing but now with the inability to meet in person and discuss, there came a certain impetus to overcommunicate and be able to describe situations better over emails. This has resulted in 2 situations:

1. Overcommunicate and be as detailed as possible in emails and documents pertaining to the email to ensure that respective stakeholders are able to get a better insight into the situation

2. When you feel the situation going out of hand or a big blocker in terms of understanding between the different parties, quickly move it into a video call to clear up misunderstandings as soon as possible.

It is essential that we keep emails to the context and not let it drag out into a discussion. A better solution would be to do a call, clear the situation, and share the minutes of the meeting over the email.

Be Considerate of your colleagues

I for one practice a zero inbox policy, paused notifications on slack in intervals, and try to regulate the number of video calls I have. Too much of any of these is just another anxiety attack waiting to happen. Thus it's important we don't burden anyone with too much communication and find the right middle ground.

With these, we were able to slowly and steadily scale up our communications in the organization across different levels.

Technical

Dev Box Testing

With the inability to interact in person, the need to ensure an agile process, and ensuring we do not overburden any teammate, we have switched to dev box testing. This has enabled us to not only identify bugs earlier in the SDLC life cycle but also speed up the time it takes us to develop a feature. This way all technical team members and the QA are testing the feature together before we push it onwards for a more holistic testing process.

Pair Programming

Doing pair programming by means of video calls we were able to help provide a shared context and also ensure that people were not overburdened. This massively helped us not only scale our development efforts but also helped us work quicker and better.

Culture

I think it's very important to discuss the cultural changes I have seen happen in the organization over time. Culture isn’t a foosball table, informal dress codes, play areas, unwind zones, and other perks. I don’t want to delve too much into what culture is or how to build and modify your culture for remote setups. I want to talk about a few keys changes that happened within the culture in our teams and the organization as a whole during this situation

Team Charter

Defining a team charter and modifying it based on situations is a key change for us. With a constantly growing team and new people injecting new ideas, team charter is one of the recent things we have adopted.

A team charter is a set of principles that the team lives by. It should be produced by the team, owned by the team, and be visible to not only the team but also all those who work with them. It defines who they are and how they like to work. In short, it’s the team’s rules of the game.

In this situation, I think it was of paramount interest to establish directives as well as well-defined boundaries. This has been cardinal in ensuring good mental health within the team, clearly defining what is expected from the team, etc.

Team/Domain Catchups

As we follow the agile methodology in our SDLC, we have regular retrospectives as a team to see what is working and hampering our sprints. With the switch to remote, we have also added team/domain based catchups to ensure we are able to understand the team morale as well as address specific pain points. This not only enables us to engage with teams and helps them find ways to improve their workflow but also gives us an opportunity to catch up with colleagues, share new things and be able to contribute to some extent to the water cooler talk.

Having a Casual and Professional Vibe

We have found that maintaining a casual vibe while also keeping things professional has allowed us to enjoy the little inside jokes and have fun as a team remotely. The use of custom emojis, gifs, etc in our team channels, as well as chats, is a nice little bright spot in a more digital world. The spam on a Friday about the weekend and the excitement for it (even with us all being remote and staying inside) can be seen on the channel :)

No Work Catchups

The sudden shift has had a massive effect on how we work and on interactions with our colleagues and teammates. We have done “No Work” catchups to ensure that we bond as a team and also have an opportunity to contribute to the missed water cooler talk. We have done things from having live performances, yoga sessions, random calls where we just sit and discuss how everyone is doing and even games like Skribbl.

These sessions have been a great way to keep the team morale up and the team engaged with each other.

Appreciate and Value our Colleagues

With the pandemic, multitudes of other natural and artificial things taking place around us, and even just being more conservative in our day to day lives it's important to appreciate our colleagues who have done a good job and to support them. I don't write this section with the intention that we don't do this enough but with everything going on, just hearing a few nice words from your colleagues can go a long way.

Monthly Town Halls

We have introduced monthly town halls over video calls where we have multiple perspectives shown. This ranges from management discussing the roadmap ahead or performance over the last month, senior leads discussing some of the recent developments in the company and how they have helped, etc.

Addressing the Change of Environment

I think it is important to highlight how we have put an emphasis on addressing mental and physical health as well as how this change in environment is a totally new thing that needed adapting too. We have made sure that anyone could take a day off if they wanted too, we ensured that leads checked in on their team to ensure that everyone was doing good and helped them settle into this ‘new normal’. We also organized meditation sessions, held other non-work-related fitness and musical performances, ensured teams and peers have non-work catchups to enable them to detach from work while also connecting with people they would interact with daily.

Conclusion

I want to stress the fact that this is not a guide to working remotely or any such thing. These are just a few things that have worked for us. That said, this process is still evolving and we can definitely improve in many places.

Excited to work with us? Knock at knock.knock@turtlemint.com for full-time roles and internship@turtlemint.com for internships.

Photo by Arian Darvishi on Unsplash

In a nutshell, when you’re branding yourself, you’re suggesting a unique promise of value that separates you from your peers — you are someone or do something that’s different than everyone else out there.

Just showcasing a resume isn’t helpful in today’s world. As a developer, it is important to have your own digital footprint which not only recognizes your skills but also adds credibility for the work you do. Don’t believe me? I’m sure you have heard of these people:

1. Martin Fowler

2. Dan Abramov

3. David Heinemeier Hansson (DHH)

4. Linus Torvalds

Here are my tips to build your digital brand as a developer as well a bunch of examples to help get you started

LinkedIn

The best way to raise your visibility among your peers and have a knockout profile is by creating a compelling personal brand for yourself on LinkedIn. While there’s a lot of advice out there on how to develop a personal brand, I would personally say it important to be authentic. Having a complete profile, with a good headline, summary, profile picture, and complete working history is essential. Don't forget to add any achievements, skills, and projects you have done.

In my opinion, one of the most important features in LinkedIn is Endorsements and Recommendations. This makes getting validation for your expertise straightforward — and of course, the more buy-in you have from others, the easier it is to get new buy-in.

Personal Website

A personal website allows you to customize everything just the way you want it. When someone finds you, they’ll have an instant, visual representation of who you are. By featuring work samples, sites you’ve worked on, articles you’ve written, whatever, your personal homepage can act as a digital portfolio of your online work and identity.

Not just the above. It also helps add a different dimension in terms of you getting a job and being able to redirect a recruiter or an interviewer to the correct place to find information pertaining to you.

GitHub

Artists use a portfolio to hold examples of their work. Similarly, the GitHub profile is a portfolio of your work as a programmer. A good Github profile can both make you more likely to pass resume screening and impress the interviewer. By looking at one’s Github repositories, you can almost immediately tell if he’s an expert or beginner of a specific field.

Make sure you have a profile picture, general information, repositories and a decent amount of contributions to look good.

Blogs

One of the most important lessons I learned pretty early is to contribute back to the community. I think blogs are one of the best ways to be able to give back. It not only helps you grow faster but also is a great way to showcase your skills.

Blogging is a great way for you to experiment with new technology, get a deeper understanding by teaching someone else about your learnings, expand your network and be exposed to more thoughts both around your topics and others.

Twitter

Let me just start by saying I do not have a twitter account as I try to reduce the number of social media accounts I have. That being said the standard reasons I have heard for the adoption of Twitter as a developer are: awareness, ability to maintain relationships, learning about new things and different strategies to anything.

To just touch little on each point, twitter helps you be aware of trends regarding the community you are part of, it gives you a platform to ask questions there and learn from experts, help you maintain relationships with others in the community while also being able to hear their thoughts and strategies in handling different scenario. Not just that, you get to also hear from industry experts on a regular.

Thus, as long as you have a healthy social media balance in your life I think twitter is a great place to join, be part of the community and help grow your USP.

Meetups & Conferences

Ever since the first GDG meetup I went too, I have never looked back. Both meetups and conferences are a great way to do most of what twitter helps you do but in person. I have personally been a big fan of attending meetups like GDG, Facebook Dev Circle, etc.

I find that even being able to give a talk on something you are passionate about is a great way to be able to not only help the community grow but also help you reach out and learn more from others

Podcasts, YouTube & Newsletters

Having your own podcast, newsletter or even a YouTube channel pertaining to a small part of what you would like to show the community is a great way to be able to share your ideas, expertise or even just thoughts on a regular basis. These are more of a regular stream of content, unlike a blog which could be occasional and varied.

Quick Summary

I am sure each person has their own unique way of how they want to build their personal brand and the above are a few ideas I mentioned. Do feel free to experiment and see what works for you. End of the day, only you know what your personal brand should look like.

Where to Go From Here

I have attached a few resources to be able to help you guys gain a little perspective:

LinkedIn

Personal Website

GitHub

Blogs

Twitter

Also adding a list to help you find someone in your community:

Meetups & Conferences

There is no better place to check out meetups than the meetup website

Here is a great site to find conference around the world

I also just search for communities & conferences on google and find a few.

Podcasts, YouTube & Newsletters

Here we have for you, some lovingly packaged chill. We're all frantic, let's breathe and chill a bit. How have you been? (feel free to text and reply)

S: I've been good, works interesting, U&I challenging and exciting and social battery feeling a little happier.

R: Works hectic but I have been doing a lot of gigs and music festivals recently so overall having a nice little fun month. Had the chance to go for Control Alt Delete 12, Mahindra Blues Fest (where I got to see the legendary Buddy Guy's breathtaking performance) and Watch Zakhir Hussain play with the Symphonic Orchestra of India ft. Shakar Mahadevan, Hariharan and Kelley O’Connor in the same month while doing smaller indie gigs also.

That's all for our quick updates but we are super excited to introduce y'all to these babies, they're - how to say - fab.

Playlist on Spotify • Playlist on YouTube

Deathcab - Ditty

Poetry Ceylon (2019)

If you haven't already heard this song as you're reading this, here is a little nugget you'll soon find out (as you're listening to this song that is) - Ditty is MAD talented. Aditi Veena - street name Ditty - is a Goa-based singer-songwriter. She is from Goa, so that makes her even cooler now. Not only did she make this mad track, but she does this as her after-work. She is an Urban Ecologist by day, and musician by night. What makes Ditty unique is the way she mixes her spoken word with an enchanting indie sound. The images her music brings to my mind is of a relaxed Sunday balcony, thoughts of brunch teasing my imagination. Her Album Poetry Ceylon plays like a conversation with the listener. The soothing indie tones seem to undercut her meaningful lyrics a little, though honestly, I can't claim I like her lyrics or sound more than the other. We're both looking forward to more from this wonderful artist!

Sheets - Sabu

Sabu (2019)

Rohit, seemingly a standard appearance at any gig playing in his city/vicinity (how does he do it?), was once at a house gig called LVNG. He was there for a Taba Chake (another artist on this list!) gig when he heard Andrew Sabu for the first time. Sabu came on to play a quick few tracks, one of which was this one, Sheets. This self-titled EP talks about mental health and the journey each person takes, unique that these journeys are. In this track, Sabu speaks of feelings of worthlessness and burning out, and the desire to excape everything that comes with them. He refers to sleep as an escape, sheets being the source of comfort drawn when the head is not such a kindly place to be. The acoustic background is incredibly mellow and complements the lyrics really well.

Thing About the Colour Blue - Cinema of Excess

Bring Back the Sound (2018)

The Bengaluru indie/acoustic trio featuring Anirudh Ravi, Bharath Kashyap, and Abheet Anand has been one of the few bands we have been tracking since their inception. Their tracks are easy-going (contrary to their quite hectic collab name) and filled with some great harmonies and vibes overall. Abheet provides a nice "thumpy" bassline for Bharath to just doodle some beautiful little grooves into while Anirudh mesmerizes us with that deep yet transcending voice. I keep turning to these homeboys on a lazy Sunday afternoon. Trust me! It's well worth it.

E L F L (Everybody Looking for Love) - Azamaan Hoyvoy

E L F L (2019)

So Azamaan Hoyvoy has been referred to as the Jamiroquai of India, and tbh, you can really see why that is true. This song has it all, that classic Funk meets Jazz meets R&B, it's a beast. This track live, over a fine drink in a smoothly lit bar, with a cutie by your side? That's a Saturday night you won't forget. There are banger basslines, sly synths, bedazzling beat and hats that are higher than a kite (excuse the illterate sounding alliteration). It's a sing along clap along kinda track, and those are quite special. Azamaan delivers his lyrics really uniquely, and that blends them smoothly with the funky instrumentals. If you find yourself not grooving please contact us at whyareyoulikethis@listenagain.com

Shaayad - Taba Chake

Bombay Dreams (2019)

That Ukelele right at the start tells you everything about the song that you need to know to continue listening to it - it's gonna be v nice. Rohit saw Taba playing at LVNG and is DAMN impressed with his tracks. Taba has some great range - he can sing in 3 languages, one of them being Nyishi, a tribal dialect from Nyishi in Arunanchal Pradesh. His tracks, like this one are upbeat and chilled out. A very refreshing sound overall. Cleanses the palate, so to speak. His lyrics are very impactful too! He sings of moving from a small village in Arunanchal Pradesh to Mumbai, and the struggles of a growing artist. 10/10 would recommend

Glitch Love - Soother

Colours (2020)

The drummer for the Revisit Project, Faridkot, and Parikrama, Abhijit Sood is now also adopting a new persona as an electronic artist with the stage name Soother. This track features a lot of downtempo beats and glitchy effects, which we've come to enjoy. You can find the vocals acting like another layer in the beats and overall you can see the stark contrast to traditional electronic music of just a drop and some bass. Great chill track to vibe too. Can't wait to hear more from him.

Green Tea - Curtain Blue, Komorebi

Green Tea (2020)

Komorebi (also goes by Tarana Marwah) makes some intense tracks, with even more intense beats. Absolute must check out, like, guarantee. Check here. This particular EP is the collaboration of Komorebi and Abhishek Bhatia (aka Curtain Blue), and together they create some very vibey synthwave sounds. The vocals have a nice way of blending into a slightly glitchy electronica type of a beat. With the promise of more tracks in the future, this is a definite on our 'to watch' list.

ABC - 박혜진 park hye jin

IF U WANT IT (2018)

I've really enjoyed what korean music I've heard, and Rohit is a little skeptical in general he says, but we both agree that 박혜진 park hye jin is kinda wack. This k-house track features super chill downtempto beats and some dreamy piano lines. The vocals are also super eclectic and awesome. There is a beautiful underground feel to her tracks, which mix hip-hop and house to make a Bop, or a very forward-thinking sound (-R). There is also a nice pop-y feel to it.

Also, she happens to be the only artists not of Indian origin on this whole playlist xD

Bright Eyes - Anoushka Shankar, Alev Lenz

Bright Eyes & In This Mouth

Oof, what a way to end. This song hits the gotdam soul, a deep reverberating tone right from minute 1. Anoushka Shankar, the genius, wrote this as a response to events in her personal life. It's portrayed in a brilliant and chilling manner. This track blends both Indian classical and western influences in a very interesting way, very unique. It is one of the most stirring tracks we've heard in a while. This blend of classical Indian vibes and instruments with the western-feel lyrics and storytelling is truly thrilling. Please, please check this one out.

No doubt you all like some more than others, that's perfectly understandable, but we hope you'll look up the ones you like and find more tracks to chill to!! Kick ya feet up, breathe in that delicious chai steam, and groove away. Send link our way if you find something particularly tasty ;)

As always, I'm sure you know this already, but Rohit and I love chai. It's great, in so many ways and yeah, try it out more if you don't already. But other drinks are good too, of course, so grab the drink of your choice and enjoy this edition of teamix! :D

Rohit & Suchet

Welcome back friends! We've been gone a while, and it doesn't feel like it has been 6 months, but Rohit says it has. Teamix has been on the backburner for a little bit, Rohit is busy as usual (always is, I'm not fully sure what it is that he is up to..?), and I've been finding my feet on these moon-surface Bangalore roads. We had a bit of a free Sunday today and decided why not? Let's get this show up and running again! I hope you've missed us as much as we've missed you!

Playlist on Spotify • Playlist on YouTube

Izehaar - Bawari Basanti

Album: Izehaar (2019)

Immediately starts off with that old school Bollywood vibe, which is quite enjoyable to be honest. But then 25 seconds in, we are introduced to Bawari, and what an introduction. She lays it down, switching flows like a madman auto driver dodging Outer Ring Road traffic. More importantly, she addresses a lot of important issues with this song, bringing attention to moral policing, curbing free speech of artists, and the issues women face in our society. I have only one problem with this song, it's just TOO DAMN SHORT! I want more, I want much much more of this gorgeous beat, much more of this flow, much of Bawari educating me and at the same time not letting my feet sit still.

Sharaabi - Madboy/Mink

Album: Union Farm (2015)

Would you like to know how to get everyone doing that 'head bobbing left and right' move, instantly, and without fail? Play Sharaabi by Madboy/Mink. It's that simple. If all of my memories were wiped, and I knew 0 dance moves or any sort of grooving steps, anything that would let me move my body in unison with a beat, and Sharaabi was played out loud? I'm fairly certain I'd still know how to bob my head to this beat. This beat would teach me how to do that one. It's just so catchy, and so bop-y, it's too enjoyable. I also kinda like how Mink says "mu-durr" for murder, it's very cute and the accent is spot on.

Floated By - Peter Cat Recording Company

Album: Bismillah (2019)

Rohit wants to say all sorts of music newsletter sounding stuff like the kind you'll find below since I didn't edit it, but I just want to add that PCRC sounds fab. That's why they're on here. They're incredibly enjoyable, you feel your mind, body, soul just take a collective breath and a deep exhale when Floated By plays. Now on to Rohit giving us the deets -

A much-anticipated album in the Indian Independent Music Scene. Their excellent 2016 release, ‘Portrait Of A Time’, put the band on the map with the old-school flair and nostalgic tones. Their new album is a mellow inward-looking one. They believe their songs are based on the philosophy behind living as both an individual and part of something larger. This song is about a love letter and the music video is shot at the singer's (Suryakant Sawhney) wedding. The song is easy to listen to, has some amazing horn sections and Suryakant's voice is just a gem in this beauty of a song. (Should play it in stressful situations, like giving birth or something -S)

Go! - Public Service Broadcasting

Album: The Race for Space (2015)

R - Every now and then Suchet and I happen to find these gem of an artist/band. These guys are one of them. We literally couldn't stop listening to them on loop for weeks. Part musical group, part performance-art outfit, Public Service Broadcasting is the innovative and geeky work of Londoners J. Willgoose, Esq. and Wrigglesworth. The two mix dance beats and electronics with old public-service messages and they also add some funky old video footage along with it. This song is based on the Apollo 11 landing on the moon and the scene in mission Control at NASA. Literally gives me chills every time.

S - What a concept! The chorus is just the flight controllers giving their confirmations as they are called around the room, laid over a trippy space-y beat. I was riding around Bangalore at 5:30AM this one day, and I had to travel a bit, so I put this album on and rode to it. It was just my bike, Public Service Broadcasting and I. This song came on when I was climbing a flyover, dogding the sparse traffic, arriving at the top, and at the zenith of the flyover, the chorus came to a close. That was a religious moment for me.

Also as a bonus, I (Rohit) just discovered this amazing 1-hour long concert of them playing the album at Royal Albert Hall, London in HD. If you loved the song, then trust me and watch the video.

Abraham - Miles Mosley

Album: UPRISING (2017)

I (Rohit) had the golden opportunity to watch Kamasi Washington live in Mumbai and the bass player that night was Miles Mosley. Man did he do some wild things with that double bass. His standout performance was when he played this track that night. By far, the funkiest track I have heard in a while. Its got a catchy piano melody and some incredible drumming (those ghost notes :o). According to Mosley, Abraham is a coming of age track for him where he shows the world his fancy new self.

This track is trip. It's so jazzy and I don't really have the words to explain what I'm feeling listening to it. It's got a very church choir but jazz band kind of vibe.

This was a start we believe, a start to another set of teamix episodes. We will be trying very hard to keep them coming. Badly quoting Smash Mouth - "The teamix start coming, and they don't stop coming" - We are teamix, and we are coming.

So! Find someone you like, or someone you just met, or a mirror if you don't have anyone, or no one if you don't want anyone, but you MUST have a cup of your favorite beverage (ours is chai, incase we haven't already made it obvious) and check out these tracks!

Please let us know what you think, and send more tracks you find our way! We just want to share music we love, and music we think you'll love, so help us :3

Regard,
Rohit & Suchet

This article documents how Turtlemint has been using Postman across teams in different locations to collaborate on development. Here is a website by Postman where they talk about what API collaboration is:

This should help you get a brief understanding of what Postman is and its basic use cases. Let us dive further into how we use it at Turtlemint.

Workspaces

At Turtlemint, we use multiple workspaces for different teams. These workspaces are a shared context for building and consuming APIs. You can find more details about them below

With roles and permissions being introduced by Postman, managing the access that teams have on their workspaces is also very helpful. This way, it’s easier to find APIs across the team.

Collections

Collections are groups of related requests and are the primary building block for all of Postman’s features. At Turtlemint, we have collections for each feature that we release. These are stored in their respective workspaces.

Documentation

Simple basic documentation of your API is automatically generated by Postman across the different requests in your collection. With every update to our API, the documentation automatically gets updated. We can easily publish these documents on a public site which can then simply be shared across the team.

At Turtlemint, we interact with multiple third-party clients and a backend developer cannot always be present to distill and share details of the different sorts of variables required and discuss the multiple use cases. In that case, API documentation comes in really handy.

Mock Servers

Mock Servers are for fast API integration. Delays on front-end or back-end make it difficult for dependent teams to complete their work efficiently. So without waiting for the back-end, we create a mock server and simulate each endpoint and its corresponding responses in the collection. This essentially means that workflow is not impacted due to a hold up at either end.

At Turtlemint, we interact with multiple third-party clients and these mock servers are also a great way for us to be able to provide simulated endpoints with which they can test the expected behavior across what they get.

REST & SOAP Requests

We work with many clients who work on both REST and SOAP. Postman is an effective API environment through which we can test and work with both REST API endpoints as well as SOAP endpoints.

Environments

We run APIs on multiple environments and provide different environments to our third-party clients as well. To easily handle switching between them, we make use of the environment in Postman to switch contexts and access the APIs

Future Endeavors

We intend on looking at implementing a few of the below features into our Postman workflow in the future.

API Test Script

We would like to look at working with API test scripts inbuilt to Postman to automate parts of our CI process.

Collection Runner and Newman

The above test scripts would be added to our CI pipeline by means of Newman and collection running to help enable a better backend driven CI pipeline.

OpenAPI Specification

Moving to a more standard API specification document based on which we build APIs in the company is a larger change and something that will take time. This is something we are exploring and look to implement in the near future.

Postman allows us to easily build APIs by means of OpenAPI Specification. Their new API workflow also allows us to manage all documentation, mock servers, and environments in a single interface.

The above post briefly mentions the Postman features that we at Turtlemint use. To better understand the features do go through the excellent documentation that Postman provides.

Excited to work with us? Knock at knock.knock@turtlemint.com for full-time roles and internship@turtlemint.com for internships.

In an interesting turn of events, I (Suchet) am back in Bangalore for good, so anyone reading this and in Bangalore, hmu and let's hang out again! In other news, Rohit is busy with work, so basically the same old news :P

This last week has been insane for a couple of reasons though. Champions league finals happened, and Liverpool won their first CL title since 2005. For newer (plastic, apparently is the right term) fans like me, that's an incredible event, but for those who've been fans for a while now, this victory was a HUGE thing and some of my friends got really emotional, it was damn wholesome :')

GUESS WHO WENT FOR SKRAT & THE F16S & MADBOY?? It was me, ya boy Suchet. And let me tell you one thing if it is the last thing you read here, it was mind-blowing. Rohit also went for Pineapple Express and I should probably leave it to him to talk about it. I'm still too psyked about the gig I went for to properly describe his experience. I also got a photograph with Sriram TT so I guess I can die peacefully now <3

While I (Rohit), happened to go watch Pineapple Express play at the Get Bent gig in Bombay and man was it good to see a Bangalore band after so long. Got to meet the band too and had a lot of fun that night. I also happened to discover a really cool game called Cards vs Sanskaar (Indian version of Cards against Humanity) which we keep playing at our house parties. I'm also going to be at Red Bull Spotlight this week to support my homeboy Vaibhav Somani in the finals. If anyone is in Bombay this Thursday and wants to have a good time, just buy a ticket and come on down.

Playlist on Spotify • Playlist on YouTube

Bandeh - Indian Ocean

Album: Black Friday (2004)

One of the greatest and oldest rock bands in India, this fusion folk-rock act out of Delhi is famous for not only being calm and enticing but also for having a very well educated bass player (St. Stephans, IIT Kanpur, and Cornell University, oof). This song was used as the title track for the movie Black Friday, as Indian Ocean has very strong protest-oriented themes behind their music. They blend rock, jazz, folk music and fusion with themes like spiritualism, activism, environmentalism and the futility of war and mythology. This song, in particular, is a request to humanity to stop its violence on any type. If you ever get a chance, go watch them live you will not be disappointed (We say this often don't we? XD But it's always true)

Chetana - Peepal Tree

Album: Chetana (2018)

This supergroup from Bangalore consisting of members from Bhoomi and The Raghu Dixit Projects and have been actively working together on independent projects for a while now before coming together to work on this one. This band tries to blend Kannada, Hindi, and Tamil with rock music and their experiences from Bhoomi and The Raghu Dixit Projects surely helps them achieve it. This song, in particular, is the opening track of their EP with the same title. It talks about letting your spirit be free and is inspired by a poem by the famous Kannada poet Kevempu. It features such a simple chorus that just sticks with you. You can also get the heavy influence of Carnatic musical elements in the song and overall it's just a beauty to enjoy. We apologize in advance if the chorus gets stuck in your head all day. - Rohit

The part about the chorus getting stuck in your head is really true, I've had it stuck in mine for a while now. It's an incredibly powerful line too, if you decide to translate it and check for yourself. Especially in the context of this track. The instrumental backing to it gives that ethereal feeling as well. - Suchet

Nannuflay - Tinariwen, Kurt Vile, Mark Lanegan

Album: Elwan (2017)

One of our favorite bands which I discovered off one of The Humming Tree gig posters. Another band I greatly regret missing out on live. This Tuareg bands play a very sub-Saharan rock-blue which communicates a variety of moods. The band from Mali has faced a lot of issues with political unrest back home but have always managed to overcome everything and put some amazing music out. This song is a shimmering blues track about the emptiness of the desert. You feel like you are in a trance, with the music and the call and respond vocals transporting you to a traveling caravan in the Sahara desert. The album in a whole speaks of a land that can no longer be found, with nostalgia for a joyous past and sadness for the tragic loss of territory. Personally, I am a huge fan of the band and cannot wait to go watch them live.

Que Beleza - Tim Maia

Album: Racional Vol. 1 (1974)

This artist is known for bringing the R&B flavor to Brazil and influencing the creation of African music influenced local stuff. He was always known as a heavy user of drugs which is evident in his slightly psychedelic music. Here he looks at just generally celebrating life and uses tropical brass sounds, some great percussion, and funky guitar licks. You can find a heavy samba-reggae influence in this song which is just an overall enjoyable track which makes you feel like being in the streets of Rio during the carnival time.

Lagan Laagi Re - Maatibaani, Mooralala Marwada

Album: The Music Yantra: Season 1 (2018)

Nirali Karthik and Karthik Shah together form this fusion act which happens to be one of the most exciting prospects in world and global fusion music. Their tracks generally have a very classical vocal background with a very jazzy, upbeat instrumental soundscape. This album in particular features artists from 20 countries. This song features artists who perform in the NYC subway and boy oh boy is it a treat to listen. True to their musical background it features a very Indian vocal soundscape filled with Jazz and upbeat instrumental landscape with the NYC subway as the background for it. Can't wait to listen to them live.

P.S. - If anyone is wondering what that insane odd whooshing/whistling instrument in the background is, or if you've watched the video and are wondering how the lady with the metal sheet is making music, check out this link! Apparently, it is called a Musical Saw, and the lady, Natalia Paruz is an absolute beast with it.

Teamix is something the both of us really enjoy doing and just find a little difficult to accommodate into our schedules but this isn't just about the two of us. We literally depend on your feedback to know how the newsletter is going and we'd love to hear what you think about it! Just take a few minutes of the endless Instagram scroll and just hit one of us up and tell us what you think or maybe even say hi? We are great people to chat with too :P Here are our Instagram handles: @rohit_mathew & @iyer.suchet!

If someone has not said this to you yet, we always recommend a comfortable chair, a nice buddy and a steaming cup of chai to pair with teamix, thank you all and see you in two weeks!

Rohit & Suchet

It's been 2 weeks already! It's been hectic as usual, it seems that's the start of all of our recent newsletters.. Still, there has been a whole bunch of fun stuff happening side by side! Rohit had another spectacular music week, getting the opportunity to watch Zakhir Hussain, Louiz Banks and Gino Banks playing Jazz live, and the Legendary Warren Mendonsa at a gig with Blackstratblues. All this and the new Taba Chake album. I mean, it's not fair how much music he manages to immerse himself in.

My saving grace these last couple weeks has been football. Liverpool annihilated Barcelona at home (4-0!!!!) to make it into the Champions League finals. That was an absolutely mind-bending journey, I've never been so stressed about football before. To the seasoned football fans/fanatics, this might be a familiar feeling, I just want you all to know I get y'all now. I feel that feeling, it really is a beautiful game.

Anyway, this is a music newsletter, not a football newsletter, so let's get to the music, shall we?

Playlist on Spotify • Playlist on YouTube

Rush - Mali

Album: Rush (2017)

Maalavika Manoj the Chennai born Mumbai based artist who goes by the moniker Mali has been on my playlist recently. She is part of Tejas Menon's record label, Kadak Apple Records. This album in particular talks about the constant change she faced in pursuing something she believed in and the rush she got out of it. The title track likens love to drugs and it sounds very easy going which generally isn't the case with love. Her voice is beautiful and pierces through the acoustic pop soundscape in a manner similar to the way a Floyd album sounds when you're like a kite, soaring, y'know? :P Personally I feel she resonates a very indie/folk vibe, especially with her latest song Play. I highly recommend you go catch this fantabulous singer if you can 'cause damn does she have a voice and can make you groove for sure.

What a Mess - Smalltalk

Album: Tacit (2018)

One of the bands I was very excited to watch live at Control Alt Delete and these groovy boys didn't disappoint at all. I have been after Suchet to listen to these guys for a while and when he finally heard it he loved it too (It's true, I procrastinated this track for the longest time, and then heard it like 6 times in the first day -S). I recently happened to meet their lead singer at a _lvng_ gig which made me remember them and got me to listen to their tunes again. This song is about going through a rough patch and accepting the situation and man, it really does hit you when you're feeling a little down. Their songs are inspired by multiple genres, which is quite evident with funk, jazz, soul, and R&B immediately striking you. I highly recommend you go watch them live and check out their latest track Tired. [

P.S also if you watch them live don't forget to shout out 'Cmon Linford!' between tracks.

Isoterra - Dualist Enquiry

Album: Doppelganger (2013)

Delhi Based Sahej Bakshi, more commonly known as Dualist Inquiry is this huge electronica artist I have been into for a long time. His recent return from a small hiatus to pursue film making lead to this amazing music video and some great tracks which I suggest you check out. His music is filled with open synth lines, a resonating kick backdrop with progressive guitar tracking and glitchy effect constantly making his musical landscape interesting. I have always found him more of an ambient artist than a dancefloor destroyer (that's the teamix stylez eh?), which is quite enjoyable. This track, in particular, has a very Indian touch to me and is one of my favourites. I happened to catch him live at NH7 Weekender 2018 and was right up in front (man can you feel that kick right up there) and ufffgh did I really groove to his setlist. Trust me, you will not regret going for his gig.

Flamingo - Kero Kero Bonito

Album: Flamingo (2014)

You know how accents are so weird? You live in a place and start talking like people from that place, and then when you try to speak a different language, having an accent makes learning to fluently speak a new language quite troublesome, because sometimes the words just don't sound right? Sarah Bonito shits on that feeling. This song is just SO catchy, and her voice, it's so easily switched between Japanese and English, it gives the song a really surreal feeling. I'm still not too sure what this song is about, though I've been listening to it all week, on loop. I think it's about acceptance? I mainly think about what would happen if I did eat too much shrimp, will I actually turn pink?? Smart people reading this please tell me what will happen if I eat too much shrimp, thank you very much friends.

Every Day's The Weekend - Alex Lahey

Album: I Love You Like A Brother (2017)

This alternative rock artist from Australia has been making huge waves (Good tide-ings to her XD) and Rohit says he has been a huge fan of her work for a while now. Her tracks are peppy and catchy and this track, in particular, has that excellent head-pumping punk feel so reminiscent of artists like Linkin Park. The really special part of her music is the lyrics though, and to fully enjoy her music it is suggested to pay extra attention to the lyrics. Every Day's the Weekend is about that feeling we have when we enter a new relationship, and sometimes throw everything else in our life aside to spend all out time with that person. The simple 4 chord progression and consistent thumping drums make you want to shake your hair out and let loose. Rohit says he is very excited to follow her growth and development, so I think it's safe to say she is someone we should keep our ears on.

Teamix is something that gives both Rohit and I lot of pleasure. We love going through music anyway, we both often have something or the other playing, though I'm likely a much more passive listener than Rohit. The process of picking 5 songs and writing our thoughts about them is also most interesting, we're always learning something new as we go about it.

But teamix isn't just about us. We write and send this newsletter to all of you, for your listening and reading pleasure, and we'd love to hear what you think about it! We have a few good ideas about how to do better, but we have to hear from you also, otherwise we'll just be stuck in our own little world. So tell us or just ping us on IG, here are our Instagram handles: @rohit_mathew & @iyer.suchet!

Tell us what you think, tell us what you like and what you don't, tell us if you have any ideas we should think about! (WE ALSO ABSOLUTELY LOVE SOME VALIDATION!!!!!! kthanxbiiii)

As always, we recommend a comfortable chair, a nice buddy and a steaming cup of chai to pair with teamix, thank you all and see you in two weeks!

Rohit & Suchet

Oof, we've been away for far too long ._. Times have been tough and there has been surprisingly little conscious appreciation of good music in our lives recently. Things came to a boiling point last week when Rohit had his projects come calling and my exams turned up outside my door screaming bloody murder. This week though, we just knew we had to stick ourselves back out there and give the howling hordes of fans what they so desire! So we put our shit aside (to some extent, as this is still two days off the usual) and got ourselves a list we were pleased with.

ROHIT not to mention has some INSANE gigs coming up, so if any of you are wondering what he is going to be doing over the next week, it's going to be him crooning in my digital ears how much of a blast he is having while I sit here forlornly waiting for Sofar to take me off their waitlist (v sad face). He is going for Zakir Hussain (!!!!!! lucky bitch), Taba Chake (another absolutely fantastic artist, superb happy vibes music) and also Blackstratblues and maybe Prabh Deep and other Indian rap artists. I mean, why? Why like this Robit?

Also, we wanna shout out @famitsnix who is always promoting the indie scene in multiple cities and if you ever wanna know what's happening in town check her feed. (famitsnix Suchet and I find your name damn cool. Now we want cool names ._. )

Anyways, bring on the tunes.

Playlist on Spotify • Playlist on YouTube

Gul Gulshan - Parvaaz

Album: Baran (2014)

Parvaaz, oh Parvaaz insert dreamy sigh what can we say about Parvaaz that will do justice to their sound? Spotify cruelly denied us of their music for a while, but now it's back, so rejoice! They're an Urdu/Kashmiri rock band from Srinagar/Bangalore, with this unmistakeable cinematic element. They are one of our favorites over the headphones, but to listen to them live? That's a real treat. The kind that makes you start prepping a week in advance, listening to all their tracks so you can sing along and yell out the names of your favorite songs. Their instrumental elements are superb, melodic guitar riffs with complementing drums and bass. But (in my opinion) their voice, Khalid Ahamed, just takes the cake. Both of us can gush on and on about Parvaaz, but we should probably move on to the next track XD Here is an extra little nugget - you have to watch this gig

Bottom Of The Deep Blue Sea - MISSIO

Album: Loner (2017)

This is one of those songs that sounds like it could be a soundtrack to a really great fantasy movie scene. Like the theme song of some ancient underwater god. The lyrics are mystical, and the instrumentals layer over it to enhance that ethereal effect. This is an excellent addition to a travel playlist, something you listen to when you're immersed in the landscape as it speeds by, the music lending the view with a background story in your head. That's how I (Suchet) listen to it anyway, often when I'm walking by the canal outside my apartment, feeling like I'm Poseidon, forgotten and waiting to be discovered again.

Ever Again - Robyn

Album: Honey (2018)

This beauty of a dance-pop track by this Swedish pop artist is her first after 8 years. This song is dreamy, filled with sweet synth, string and bass tones and Robyn mesmerizing vocals really take it to another level of chill. Robyn lets out on love and never feeling broken hearted ever again. We found this track to be an interesting and unique medium for the message that it speaks off. Not to mention it's HELLA groovy and we can't resist tippy tapping our feet to it.

still feel. - half.alive

Album: Single (2018)

This Pop/Indie trio from Long Beach, California definitely known how to make some hella groovy tracks, this one being our favorite so far. The vocals are layered and harmonized and it sounds absolutely fantastic over the instruments. It really does make you do that exact step that is shown on the album art above, with a couple of your buddies, dominating that dance floor. Their songs are powerful and energetic, and they stay away from being repetitive in a troublesome way, and to add to everything their music videos are great too! Definitely something to listen to when getting pumped for the weekend.

Shringara - Jatayu

Album: Chango Tales (2019)

Rohit found this beauty on Kappa TV and quick quickly came and showed me with claims that they blew his mind, and I had no choice but to agree. This incredible Jazz fusion band, and this stellar Carnatic + Rock fusion just kills it. Fantastic to just zone out to, and we gotsa to do that sometimes y'know? :P

This jam, in particular, has this East meets West feeling, with the way they've done the fusion, and it rocks. Rohit says they've been on his radar for a while (he is good for things like this) and we had to feature them and I cannot agree more.

cue classic final statement Anyways, we really hope you enjoyed this! Thanks a lot for reading it till the end, it means a lot to us! Do write back if you have suggestions/feedback/thoughts/music to share, or if you just want to say hi, here are our Instagram handles: @rohit_mathew & @iyer.suchet. We fuel up with feedback so filling out the form would be very helpful. kthankxbye.

Listen chimps and champs, that time of the year is nearly upon us! May the fourth be with you this year :D and as always, we recommend a comfortable chair, a nice buddy and a steaming cup of chai to pair with teamix, thank you all and see you (hopefully) in two weeks!

Rohit & Suchet

To better understand containerization and Docker, let’ use the example of the actual thing it is modeled after, Shipping Containers.

Why use Shipping Containers?

Well, shipping containers revolutionized the transportation industry by standardizing and making it simple to transport large quantities of goods. This could be over sea or land. Now with these standard containers, we are able to ship multiple things in one container or even ship large quantities of a single thing in multiple containers. Some of the key features here are:

• **Standardized: **These shipping containers were standardized and could all be shipped and moved across multiple continents and countries in the same manner regardless of what they contain or how they are transported.

• **Handling: **These shipping containers are standardized and hence could be handled in the same manner regardless of what’s in them or where they are.

• **Security: **These shipping containers are independent and separate from each other hence providing a barrier from external interference for the contents within.

• **Scalable: **These shipping containers can fit multiple things within or fit large quantities of a single thing. We can also get more containers based on the number of goods.

How does this work in Software Containerization?

Software Containerization works similarly as above. I’ll get into a little more detail later but we are able to achieve all the key features above in the following manner:

• **Standardized: **The container we build for our code is running independently of our local system. Therefore, we can easily run the same code on our personal laptops to production servers/cloud server while expecting them to have the same experience everywhere. We have hence standardized how we expect our code to behave in all our environments and removed the “works on my system” problem.

• **Handling: **These containers are standardized and hence we can easily deploy them as well as scale them when required. The scaling and management of these are handled by orchestration tools like Kubernetes or Docker Compose. Also, Docker can easily do anything on these containers due to a standard defined documents called Dockerfile.

• **Security: **These containers are immutable and thus any change produces a new container which provides a secure setup of code. The code is within the container and also harder to access and manipulate.

• **Scalable: **These containers can easily be scaled up or down based on criteria we have assigned for it. This is basically what an orchestration tool like Kubernetes or Docker Compose does. It is essentially able to spin up or shut down containers and handle the load on all of them.

How Does Containerization Work?

To explain this simply, I will use the shipping container example again. Each container we have has a manifest file which basically specifies the contents of the container, how to load and unload it etc. The *container *gets loaded based on the instructions of the manifest file and then the ***dock workers ***load/unload them based on instructions.

In the same way, we use two tools to do the above process with our code: Docker and Kubernetes. Docker is one of the most popular, open-source container technologies that allows you to build, run, test, and deploy distributed applications.

• **Dockerfile: **This file is similar to the manifest file in a shipping container. This file contains all the details of how our container will be made, what all have to go inside it and how to run it.

• **Docker Image: **This basically is sort of like an executable file of your code which when started will be run inside a container. This is a standard file and hence we are able to get the same execution on multiple instances (laptops/servers).

• **Docker Container: **When we run a docker image we can have multiple images running inside one container or a single image. The idea of a container is slightly complex and I suggest you refer to the below brilliant article by Preethi Kasireddy in freeCodeCamp

Great now you know a bit of the basic theory behind Docker and Containerization, let's dive into some code

Set up A Node.js Project

So I’m going to basically use an Express application that has a single API endpoint which I will test on the browser. I am not going to go into the details of the Express application but you can read through the README if you need help setting up the application and starting it. rohitjmathew/docker-node-example*An Express Application to Display how to Dockerize any node Application - rohitjmathew/docker-node-example*github.com

Set up Docker

We will first need to setup Docker. Use one of the links below.

Once you have logged into your account and have Docker Hub Setup we can progress to dockerizing our Node.js Application.

Writing the Dockerfile

We will need to make a new file called Dockerfile to help us set up our image and container. Below is the full Dockerfile which we will use. I will explain what every single line does.

FROM node:8-alpine

LABEL maintainer="Rohit Mathew"

# Sets environment variable
ENV NODE_ENV production

# Sets work directory
WORKDIR /usr/src/app

# Copy package.json
COPY ["package.json", "./"]

# Installs dependencies 
RUN npm install --production --silent

# Copy working files
COPY . .

# Expose port
EXPOSE 8081

# Starts run command
CMD node index.js

• **FROM node:8-alpine: **Here as we are running an Express application which is based on Node.js we pull the node version 8-alpine build from the remote Docker Hub. Docker keeps a set of base standard images which we can always reuse. The Alpine version is always recommended as they are lightweight and don't use much space, hence making our Docker Image as small as possible.

• ENV NODE_ENV production: Here we set the node environment variable to production.

• WORKDIR /usr/src/app: This sets the working directory inside the image that we will build.

• COPY [“package.json”, “./”]: When we build our Docker Image we have a clean image with nothing except the node:8-alpine version setup within. As a standard practice, we generally copy the package.json and install the dependencies and then copy the code in. This also helps as every command in the Dockerfile is cached and makes the build faster.

• **RUN npm install — production — silent: **This basically installs the production dependencies and in the background. This stage is cached (as explained before) so unless we have a change in the package.json this stage is never repeated and hence our builds are faster.

• **COPY . . : **Now we copy all the other files into the working directory.

• EXPOSE 8081: We make the service run on the port 8081. This basically exposes the port 8081 within the container and not outside the container.

• **CMD node index.js: **Finally, we set our main command which will execute the image on the container.

Now we have built our Dockerfile I recommend you also make a docker ignore file which is like a git ignore (It will ignore those files and not copy them into the image)

Building the Docker Image

We have now come to the stage of building the docker image. To do so we just type:

docker build -t docker-node-example .

This basically executes the docker build process with all the steps in the Dockerfile and can be seen on the terminal as shown.

If we want to check all the images we have we can type

docker images

and the resulting set of images can be seen as above

The -t flag basically tags the image or gives the image a standard name by which we can reference it.

Running the Docker Image

Now we need to run the docker image. To do that use the below command

docker run -p 8081:8081 --name docker-node-example -d docker-node-example

This command basically tells the Docker daemon to start a container with the image docker-node-example (tagged image name) where we ask it to name the container docker-node-example (tagging/naming the container) and ask it to run in the background (-d flag). The — name flag sets the name of the container and the image name is at the end of the command.

One of the important arguments here is -p. This basically is Port Mounting. So when we made the Docker Image we exposed the port 8081 within the container, but that port will not be accessible outside the container. You can run the above command without the -p flag and check. On trying to access http://localhost:8081/ you will not get a response. This flag basically allows you to expose the 8081 port inside the container outside.

We can also make the container expose another port outside and forward all requests to port 8081 inside the container. This can be done by changing the flag to an example ‘-p 8008:8081’ where 8008 is the port exposed outside the container, while it forwards requests on 8008 to 8081 port inside the container.

Now the container is up and running and we can test the service. Go to http://localhost:8081/ and you will see Hello World!

If you want to see the containers which are currently running just type:

docker ps

Congrats, you have now Dockerized your Node.js application!

If you guys are a little confused, then check out the following branch in the same repository. I have added the whole Dockerized application.

I have also added a Makefile to make it easier to run the Docker commands.

There is a lot of things you can look into now such as:

• Volume Mounting

• Docker Compose

• Kubernetes

• Docker Swarm or another Docker Repository

There are a lot of ways that you can use containers in your development, testing, and deployment processes. The strategy you choose will have to be determined by your current infrastructure, talent, and goals.

I really hope that you find this article useful. I invite you to participate in the discussion in the comments below, I’m always interested to know your thoughts and happy to answer any questions you might have in your mind.

Thanks for reading! :)

P.S Do feel free to connect with me on LinkedIn

Rohit and I have had slightly different weeks so far. Hectic working hectic twerking. Rohit went back to Bangalore for a little bit and seems to have chilled like mad with his family. Also, he sent me some AMAZING videos of him and his friends in a car singing and dancing along to music in traffic and its too funny (hit me up in secret if you wanna see, don't tell Rohit). Though it seems this last week he has been mad busy with the end of the financial year (big boy talks). I, on the other hand, tried RAMEN for the first time! It was soo good :') Rohit said he had expected me to have tried it already it seems, something about a slight south Asian obsession (I have no idea what he is on about ~desu) I also went for my first Sofar gig in the Netherlands and I am s h o o k. Please please please go to the Sofar website and check them out if you haven't done so already. They put up absolutely stunning gigs with excellent artists and we both have been going for them for a while now.

Now, on to the sauce, no ketchup.

Playlist on Spotify • Playlist on YouTube

San Francisco Street - Sun Rai (AKA Rai Thistlethwayte)

Album: Pocket Music (2013)

This track makes life seem simple, like a vacation. A little bit of pop and a little bit of funk and a healthy scoop of jazz, this is the perfect Sunday morning audio sundae. This US-based Australian artist has a nice soothing voice that doesn't jostle your ear and cuts through the instruments just right. Ain't nothing better than just sitting back and chilling and this is perfect for that.

Sowa - Fatoumata Diawara

Album: Fatou (2011)

This artist from Mali is a shining example of African women empowering other African women through music. Her music is based around her own experiences and speaks to her audience through it. This track is about adopted children and her personal experiences as an adopted child and her step-mother. She twists her music to convey the emotions of the story she is narrating and finds beautiful melodic ways of addressing difficult topics such as adoption.

Remind Me - Emily King

Album: Scenery (2019)

“This has to be one of my best finds recently. Emily King manages to perfectly blend 80s Pop with like a very rustic RnB sound. This song is all about reminiscing over something (anything) and the music seems to play perfectly into that. It starts off with these popular pop chords and then progresses into thumping dance beats with a lot of skillful vocal layering by Emily. This song will make anyone who is feeling down feel better for sure." - Rohit

"Rohit texted me this track link with a very excited set of messages asking me to check it out ASAP. Emily King has this sound that sticks to you, it starts off really chill and then picks up without being too energetic. I'll admit, this song took a little while to grow on me, but I really enjoy it now XD I'd suggest listening to it when walking around and add this to your wandering playlists." -Suchet

Manavyalakinchara (Mist of Capricorn) - Agam

Album: Manavyalakinchara (Mist of Capricorn) - Single (2018)

Agam is magnificent. Their sound brings together the best of Carnatic and rock music to make for an unforgettable live performance. They are very popular and well loved for their music that focuses on intricate classical melodies recreated on the guitar and complimented by Harish Sivaramakrishnan's grasp and control of classical vocals. This piece, in particular, is a rendition of Tyagaraja's piece with an Agam-esque rock twist. They even managed to bring in a choir in this one. If you can catch them live, absolutely go for it. Even being unable to understand the lyrics won't stop you from having a blast.

Stomp - Skrat

Album: The Queen (2014)

"High Octane Awesomeness" is what Rohit called Skrat in the comments he added, and that's easily the best way of describing them. This Chennai-based rock band is one of our faves from the city (others being The F-16s). Skrat has a way of putting a whole storyline across through their music, and all their albums have themes. First is a Samurai (Badass) with a thirst for beer, then comes a Queen and her iron handed reign over her company, and most recently a Bison General who comes to bring calm in the chaos after the Queen. They are fierce, ferocious and flamboyant and if there is anything you should take away from this piece is that they are an absolute treasure live. The energy just keeps coming man, makes you go wild and headbang like mad. Rohit was right when he said high octane, that's for sure.

Anyways, we really hope you enjoyed this! Thanks a lot for reading it till the end, it means a lot to us! Do write back if you have suggestions/feedback/thoughts/music to share, or if you just want to say hi, here are our Instagram handles: @rohit_mathew & @iyer.suchet. We fuel up with feedback so filling out the form would be very helpful. kthankxbye.

Someone great once said "Man's not hot". That just didn't sit right with us (considering we were in Chennai and fuckin hot). Not to mention the hot hot chai we were sippin, which is what you should be sippin with teamix #7. Also please bring back your friend and chair, because you'll need them as well.

That brings this letter to an end, we hope to see you soon :D

Rohit & Suchet

WHAT A WEEK. Rohit has been having the best week of his life it seems. He went to a Plini gig, the Control Alt Delete music festival, and Manchester United had a record-breaking game too, so he has been inconsolable. That's not to say I ('Suchu Boy' - Is what Rohit had the audacity to put my name down as in his comments) haven't had a banger of a week too. I came back to India for a bit, and goddamn was it good to be back. I saw a lot of faces I haven't seen in a while and balled up all my homesickness and threw it in the trash. Home is where the home is, is what my dad once told me I think, and he was fuckin right. Main Man Roghit couldn't come to meet me though, lots of work at office and gigs it seems. I'm not heartbroken at all.

*wet eyes* ANyway, let's get on with the music, shall we? Come check yourself, but don't wreck yourself since we need you back here for the next edition also.

Playlist on Spotify • Playlist on Youtube

Mahaul - Daira

Album: Itni Jurrat? (2018)

One of the psykest bands I heard at the Control Alt Delete festival last weekend. Their music over the headphones is fantastic, really upbeat and slightly psychedelic, but it's their signature live style that really got me hooked to them. They're quite theatric, and this really takes their live performances to the next level. You can see some of this in their music videos also. Their tracks are full of gripping vocals and repetitive riffs, perfectly matched with soothing drums. If possible, absolutely definitely check them out live!
(Don't they sound like an Indian version of Muse?! Let me know if you agree with me! -Suchet)

Busy Earnin' - Jungle

Album: Jungle

Jungle seems to make music that hits that perfect spot between laid back and soulful that makes you feel like you deserve to be lounging in some comfortable sofa somewhere, sippin something tasty. This track brings together their style really well, full of falsetto vocals and a relaxed modern take on 70's funk and pop. We rate this track 420/10 so make sure it finds its way into your playlist on those late night drives ;)

Mexican Standoff - Jay Pei

Album: CC129 (2018)

We're not any sort of learned amateurs in the field of techno, not delving into it as frequently as some other genres, but Jay Pei from Delhi seems to be doing some mad shit with this experimental techno genre. Deep and dark basslines and pulsing beats set your heart in pace and the synth-based atmospheric tunes add flavor to the world he creates. Not to mention, at 7 minutes in length, this track can really have an almost hypnotic effect with the way he has designed it, making you feel like it has been going on forever. He builds his soundscape using a mix of digital and analog instruments, which it seems he prefers as an artist.

Ottolenghi - Loyle Carner ft. Jordan Rakei

Album: Ottolenghi (2018)

This South London rapper almost seems to be in a different genre from rap, with his chill vocals. Extremely distinguishable from the mumble rap vibe that seems to be making rounds currently. The beat in the back makes it almost feel like you're in the room with the rapper, and the beat is gently playing in the background. Seemingly sets the perfect scene for the rapper to come on and spit bars about his life. It's that perfect song to play in the background when you want to just sit back and let life go by.

Here's To You - Easy Wanderlings

Album: As Written in the Stars (2017)

Rohit has this playlist called Indian Indie Scene on Spotify, which is his depository for music by Indian artists, and my little mystery box of amazing music. I found Easy Wanderlings on that playlist this week, and I honestly can't say that my life has been the same. They have this extremely chic 'Out of a French-themed romance movie' with the accordion and the base melody and it's extremely soothing. The lyrics themselves are in fact quite melancholic, and about missing a friend. Rohit added a little nugget for me to find when adding his notes for the description for this track and I thought it was too cute. I totally took over the narrative in this track but I wanted to add that little piece in because you should also read and have those nice feels :D

~This has got a very out of a French movie vibe with the accordion and melody but its actually a very melancholic song based around missing a friend. This really hit us as Suchet came home for a quick holiday and I was busy af and we couldn't meet. But we did manage to get on calls and chat with each other. Well, here's to you bro :P~ -Rohit

Anyways, we really hope you enjoyed this! Thanks a lot for reading it till the end, it means a lot to us! Do write back if you have suggestions/feedback/thoughts/music to share, or if you just want to say hi, here are our Instagram handles: @rohit_mathew & @iyer.suchet. We run on feedback so filling out the form would be very helpful. kthankxbye.

Somebody very wise once told all of us that with great power comes great responsibility. We have great power now, all you people coming here for fab music and cute descriptions, and we must hence exercise our great responsibility. So as curators of a newsletter born from tea sessions with the buddies, we suggest the same for you! Grab the nearest chair (even plastic will do, you're not likely to be bothered by it while you're here), the closest buddy (you know who you want to grab) and a sudda sudda cutting chai and have a great sesh. We'll see you in two weeks!

P.S. - "As promised, my two favorite artists from Control Alt Delete were Chabuk and Ladies Compartment" says Rohit, still gloating about his incredible weekend.

P.P.S - We did something sneaky this time around and if you're able to figure out what it is and ask us, @Rohit will give you exclusive access to something very very special! So make sure you look hard and text him if you find anything!

Rohit & Suchet

Well well, two exciting weeks have passed since the last time we met. University started again for me, and Rohit has had some interesting times at work (binge drinking bastard). Not to mention Valentine's day was a couple days ago! I did something very fun and sorted out a little Valentine's surprise for a couple people back in Bangalore ;) (+1 point for anyone who guesses correctly). Rohit was sad he didn't get any surprises, but he is aware I love him, still wants something tho.

We've got a very exciting set of songs for you this time! We had decided on two out of the five last time itself because we were so pumped to show them and we couldn't fit them in last time. We tried a little harder with the whole listen as a playlist thing this time, so let us know if it worked! It sorta builds slowly and then ends with a nice energetic track.

Come, let us begin.

Playlist on Spotify • Playlist on YouTube

Song For You - Rhye

Album: Blood (2018)

Canadian singer Mike Milosh started his own R&B group project in 2012, which was Rhye. Their latest album Blood released in 2018 has a very intimate feel to it, with the vocals that sound almost muted with a sorta dreamy/groovy feel mixed together in the album. This track - Song for you - is one of Rohit's favorite from the album. It's a really soothing and calming track and has a bit of romantic touch to it as well.

Electric Sunrise - Plini

Album: Handmade Cities (2016)

Picking up the pace a little with this track by Plini from his incredible album Handmade Cities. It builds beautifully, and then all of a sudden just wakes you up, like a sunrise. He has a fresh, engaging and beautifully unique sound that is unlike most others in the prog scene. It consists of multiple ascending and descending patterns and this song in particular showcases his technicality as well as an ability to grip the listener's emotions.

Also, there is this Plini gig coming up in Mumbai (Bangalore, Delhi, and Hyderabad too) and I wanted to share a track I've been listening to a lot to prep for the gig. I'm super excited to listen to him live! If you're gonna be in town and can make it, do come and say hi @Rohit!

Reconnaissance Mission - Blackstratblues

Album: The Last Analog Generation (2017)

Blackstratblues is the solo project of Warren Mendonsa (nephew of Loy Mendonsa of Shankar-Ehsaan-Loy). His name itself is massive, but this track and the album it is a part of - Reconnaissance Mission from The Last Analog Generation - shows that he is hectic af. It's heavy and exciting and for those who like that excellent rock feel, if you haven't heard this already, you've been missing out. This song, in particular, is more like a jam session where you got Warren just soloing along to Jai Row Kavi going batshit crazy on the drum and boy-oh-boy does it make me headbang every single time. Check it out for some great vibes to get you pumped for that evening at the bar after work.

Kal - Prabh Deep

Album: Class-Sikh (2017)

With the Gully Boy movie making rounds and its Indian vernacular rap-based soundtrack, I wanted to feature a rapper I'm not sure many people have heard of. Prabh Deep really blew my mind with his flow and sound. Definitely not the usual Honey Singh vibe and goddamn can he rap. With Sez on the Beat sorta coming up like India's Dr. Dre, this song just oozes swag, has a very aggressive and confident feel and makes me reminisce the original N.W.A. album. - Rohit Mathew

Fake ID - Kah-Lo, Riton

Album: Foreign Ororo (2017)

I'm not sure how I stumbled upon this track! I wanted to see if I had texted my journey of this discovery so I checked WhatsApp but all I found was a message I sent Rohit saying 'Fake ID is lit' and then a couple minutes of me trying to convince him that I had added it to our playlists and he should refresh to find it. For me, it was love at first listen, but Rohit was a little skeptical at the start. This incredible techno beat grows on you wayy too quickly though, you just cannot stop your body from moving to the beat, and that proved to be true as it was Rohit who suggested this track for this edition. It has excellent 'night out dancing with the crew' vibes and gets you pumped for that next cocktail of choice. - Suchet Iyer

Anyways, we really hope you enjoyed this! Thanks a lot for reading it till the end, it means a lot to us! Do write back if you have suggestions/feedback/thoughts/music to share, or if you just want to say hi, here are our Instagram handles: @rohit_mathew & @iyer.suchet. We also do love soon feedback so filling out the form would be very helpful. kthankxbye.

A comfortable chair, we recommend, a nice buddy and a steaming cup of chai to pair with teamix. Yeesssssss! Hmmmm! You all and see you in two weeks, thank!

P.S. - Star Wars fans if you didn't get it yet, we are

P.P.S - Rohit used a Yoda Translator for these last two sentences xD I fully lost it, but reading it in his voice has made it grow on me :3 Check it out and send some funny Yoda-voiced sentences our way!

P.P.P.S - Anyone who understands the subject reference, we love you all xD

Bye deers

Rohit & Suchet