Bubba Murarka

Today is my last day as a Microsoft Employee.  I originally joined MSFT out of college, left to do a startup / finish my master’s thesis, and then re-joined almost four years ago.  The relationships, products, and skills I developed while at MSFT are invaluable and I am very thankful for how the company grew me.  The unique opportunity to get involved with various internal efforts over the past 2 years was both enlightening and fun.  Ultimately I learned that Microsoft is an incredibly complex organisation that has many understated positives and well discussed negatives.  It’ll always hold a place in my heart and I’ll keenly follow how the company navigates the competitive & cultural challenges it faces nowadays. 

Tomorrow I start my next gig as a full time entrepreneur.  For as long as I can remember I have had the aspiration to start a company (even after learning how difficult it was when I first tried in 2002 - we closed shop in 2003).  The desire to start one again has been growing over the past few months and I decided to jump in head first two weeks ago.  There is no time like now…especially since I don’t have a mortgage, marriage or mini-me(s). 

The upcoming few months will be exciting and a bit of a roller coaster.  I’m planning to write about what I learn and experience as a San Francisco based entrepreneur on this blog.  I suspect there are a few blogs focused on this out there so I’ll try to differentiate in a way that brings you back.  Let me know if you have any suggestions to help do that. 

My relationship with Wells Fargo is one of love and hate.  They bought Crocker Bank back in the day and thus I’ve been a customer since I was 11 years old (give or take a year).  I have every possible number for them memorized and know people at several branches so I get personal service.  On the other hand I agree with Omar that they are a “nickel and dime” shop and not prevalent enough outside of the West Coast for my needs.  Thus I had finally decided to open an account elsewhere.  But of course as I’m putting this plan into motion Wells Fargo goes and does something pretty neat.  Rat finks!

I was using the ATM at the MSFT SVC Campus one last time and went to look for an envelope to stuff my roommates’ rent checks in.  You see, over the years, a habit has developed to deposit checks at MSFT ATM location which is behind the badge reader in the cafe.  It always has envelopes to put my checks in.  Near my house in the Mission District of SF I can never find envelope at any of the atms (go figure). 

Friday was different.  For the first time ever there were no envelopes at the ATM.  I freaked out!  But then I read the signage (who would have thunk that RTFM could apply to ATMs).  Lo and behold, this is a brand spanking new ATM that features “envelope less” check / cash deposits!  I follow the directions and decide that…

THIS IS JUST AWESOME!

You put the stack of checks (or cash) into the loader with out having to enter the total deposited or other nonsense.  It scans each check, automatically sums them, and then lets you view each one with the amount detected for accuracy (optional).  And then you can get a print out of each scanned check on your ATM receipt…for free (yes, I was expecting them to charge for this)! 

I never even thought I needed this feature, but after one use I am hooked.  This saves me time (math…hah!), frustration, and impresses my inner geek.  Handwriting recog, UX design, Customer pain points all come together for a little party at the MSFT ATM from now on.  Nice job Wells Fargo…but why do you have to make this break up so hard?  

This morning I ran the Koman Race for a Cure in San Francisco with a bunch of friends.  It was a short 5K race where the top finishers were almost done before I had even gotten past the starting line (whoops…should have paid more attention to the announcer). 

Needless to say, it was more fun than race for me.  Now I am a competitive person, but I don’t run all that fast.  So what has kept me into running since I did a marathon a few years back , besides the philanthropic aspects of charity runs and my need to lose some pounds, has been a mystery to me.  Logically, it would be easier to donate directly to the causes and work with a personal trainer to shape up. 

This morning I solved the mystery for myself.  It is fun to run / race because of the people you run / train with, the people watching during the race, and the concreteness of having something to work towards that you believe in doing (e.g. training for and finishing a race). 

What startled me the most about this insight was that I think it applies to why people work where the do.  Well at least the folks I know who are excited about their careers and companies. 

I’m glad everyone is excited about social graphs and people search on the internet, but can someone seriously help me with the “Too Many Usernames & Password” problem I face everyday? 

You know what this is(apparently for a long time now) and probably have it yourself if you use the internet. 

Almost no sites / services I use have implement open id  and I am not sure if they ever will so it is not viable for me right now.  The only real solutions I know of today are to use an automatic form filler or encrypted password database that is desktop based.  That doesn’t cut it for me since I access my stuff from 3 different PCs + 2 different mobile phones + unlimited number of “kiosks”(never mind that there 4+ different OSes running amongst all that hardware…not all of which are supported). 

Last weekend I designed a solution for my needs.  It is a rote password generation approach that minimizes the cognitive recall work I have to do when logging on to an arbitrary website.  My goal was to make it so I didn’t have to remember anything unique except for the site’s url (thus I could logon from anywhere) and with that be able to logon in less then three attempts assuming I have an account on it.  In theory the sites I use frequently would become part of muscle memory and only need one logon attempt. 

This is what I did to build my solution:

1. A brain dump in Excel of all of the major sites / services I use.  My list hit 37 services (on a weekly basis)
2. Grouping them by similarity (e.g. financial services, shopping sites, communication services, ones I don’t really care about)
3. Normalize the logon names which where typically a self chosen nickname or my email address.
4. Creating a password generation algorithm that I can perform mentally. Inputs are a private key per grouping and the domain name as a salt for the password generation algo. Manipulation constructs I used were char offsets, capitalization constants, and punctuation substitutions. 
5. Now, I can always recreate password based without having to memorize more then a few keys & password gen algorithms.  This is effectively 1 / 10 th the amount of memorization given the number of groupings and sites I have.  Close enough for my goal. 

Once you do this you actually have to logon and change all the passwords.  Remember the goal was to make it so all I have to remember was the url & then be able to login within three attempts of some username / password combos from any logon environment.  So when I actually went and changed the passwords and tried to update abnormal usernames (another whole rant) I hit some painful rubs with this solution:

• Every site has a different userid syntax & some don’t even let you choose them.  In extreme cases you have another thing to remember that can’t just be derived when you arrive at the site.  These sites pretty much represent a brickwall for the goal I have.  My solution at this point is to create a private online list of my usernames for reference (private google doc or something).  Not ideal, but workable since many of the sites that exhibit this behavior I rarely logon to, or will eventually move the id into muscle memory.
• Every site has a different “strong password” requirement.  This just sucks. Can’t we just define this once?  I vote for letting people use 2 out of the three of capitals, functions, and numbers.  Easy, secure, and I thought standard.  Luckily, I can  fudge my way past this by just figuring out the lowest common denominator for my set of sites and bake it into my password generation algo. 

So stepping back, is all of this work worth it?  I think so for the following reasons:

• The solution is device independent and I can logon from anywhere
• I don’t have a copy of my usernames / passwords on disk anywhere
• It is easy to change my password for a class of services (e.g. financial because of identity theft) by just changing the private key or the password generation.  This is significantly less “cost” for me as an end user. 
• If something unfortunate happens to me, it’ll be easy for folks to logon to all of my accounts with simple bit of knowledge that I leave in my safety deposit box (admittedly morbid). 
• It gave me something to blog about and talk about with a few friends this week for reactions. 

How do y’all handle this problem? Is there a better software based solution I can replace the above with (requirement: it has to have shipped)? What are the holes / risks with this approach (other then proving I have too much time on my hands)? 

In keeping with the cs traditions of old this is the first post on murarka.com after installing wordpress, picking starter theme, and deciding not to use the hosted wp service (we’ll see if I end up regreting that).  Here are my todos:

1. Write an about page & setup my blogroll (min bar to make this feel like home) 
2. Import all old blog content from across the web (blogger, spaces, neelbubba, bubbablogger, etc)
3. Play with widgets & themes, create a cool header image, and generally explore wordpress so I can “pimp my ride”

Off I go…