Howdy folks, first of all, wishing you a very happy new year. It has been a long year, in a purely poetic sense. Life went through some major ups and minor downs, but all in all, it was a great year. I would be summarizing few of the great moments that I remember in the following paragraphs.

The year started with a lot of confusion. I was going great with Python, but something felt missing. I missed C. I knew C was not the right thing for me, and C++ looked intimidating. I needed something that would back me well for the code competitions I participated in, so C++ or Java seemed to be the only way out. I choose C++, for it looked similar to things I already knew.

C++ was a great choice. I got going with it quite smoothly. I learnt the fairly advanced concepts in it, and implemented some algorithms and applications using it. But the results of the coding events I participated in didn’t change much. I really sucked at them, sometimes unable to solve even 1 of the 8 problems given to be solved in the 8 to 24 hour time limit. Felt ashamed.

During march, we had our college technical festival, a.k.a. Technitude. All of a sudden, I and my mate Aditya found ourselves handling two of the technical events namely ‘Code Wars’ and ‘Debugging’. The events were just what they sounded like and it went fairly well. I had never before been the responsible person for any such event in the past, and executing it successfully was something I was proud of. I even made great contacts with my seniors at the same time, who later became the people who guided my with many important decisions.

The Technitude was great, and tiresome. The committee members and we, the volunteers, worked hard to make it work. Things concluded with the afterparty, which sadly, I wasn’t a part of. Anyways, things went pretty fast after the technitude. Fourth semester came and went in no time. I cleared it, marginally. C++ was still on, in the background. I bought ‘The C++ Programming Language by Bjarne Stoustrop’ and started to read it.

In the post-semester holidays, there were a couple of other competitions, which I failed, yet again. The C++ learning wasn’t helping me with the competitions as much as I expected. Probably because algorithms was what I lacked, and not a language.

Around in June, the startup fever took over. More than a startup, it was for refreshing my Python skills, learning a web framework called Django, and creating my first serious RESTful application. It took about a month for me to realize that a social networking backend was not really a one man business, at least not if I wanted to build it up in under a year. I deserted that ship, and started with another application along with my friend, this time entirely in Javascript. That was when the love for Javascript took over. I realized that after all these languages I have learnt, Javascript was something different. It required my to completely empty my brain of existing rules and guidelines, and start afresh. My love for Javascript will take up an entirely new article, so I am leaving it here.

In around late August or September, we had our committee elections. I was elected the Technical head, and then our committee went further to deliver an amazing Engineers’ day. Javascript and my new startup were in the making. Later, we got Rajashree in our team, who looked at the frontend and UI stuff. We got Nikhil, who joined the frontend team. Harshal, a budding lawyer, joined us later in November. We are five now, and while we don’t work as consistently these days, we still call ourselves the Cherrylogs Dev Team, which is nice.

In the first week of October, I got the chance to develop the website of FabIndia’s Cooltobeindian initiative. Although I and Rajashree did all that we could, they were not satisfied, and we did not get paid. Anyways, I will leave that for a separate article as well. That incident taught me a lot of things, especially to say ‘No’. Now, I am much comfortable in saying No to people and things that I know are not going to be worth the efforts. Result? I get much more time for things that actually make me happy, the ones that are worth it, the 20% that matters.

Then there were submissions, practicals and examinations. I got a Laptop in late October, which was generously given to me by Vijutai, my aunt and my mom. The post-semester holidays were spent on Javscript and Cherrylogs. I and Kunal did some work, but not a lot of it. On 23rd December, I left for Murdeshwar, Karnataka. An awesome place to spend a day or two. Then I came back to my native, Karwar, and now I am here writing this post, sitting in the hall room, thinking about the wonderful year that I have just passed.

Wish you all a very happy new year, yet again.

I really took long to write this story. I didn’t feel like it was anything worth the time or the efforts to write one. But I really felt something recently. I got called up by a passed out senior from my college. He wanted me to work on a project he initiated. Although the project was fine, I didn’t actually have the time to do it. I said ‘No, I don’t think I would be able to make it’.

I never responded in negative with people who came to me with any tasks. That is the way I was. I just wanted to get all the experience I could, no matter how inconvenient it was for me. Mom always said, ‘but you must see if you are free before accepting some work’, I would be like, ‘Chill, I am learning’. I continued that way, because maybe, I never actually had to sacrifice anything for this ‘extra work’.

This was to change on 30th September this year. I got a call from a senior at night at around 10. He asked if I was willing to do web development for a company, and those guys were willing to pay too. I replied with a yes, after which I was asked to visit their office the next day, some 80KMs from my house. I even went there, to learn something about the task and quickly went on to make a rough skeleton. Pretty easy it was.

I came home and started working towards the final layouts as shown in the PSD file that I was given, extracting layers and cropping graphics, linking them in the one page application. Things were not as neat as it was expected from us, me and my design partner, Rajashree. The backend was finalized by 3rd October, my birthday. I didn’t enjoy or celebrate a single second on that day, even though I had relatives arrived at my house. It was really stressful time. I was still trying to finish things up by 5th, working from 8am in the morning to 1-2am at night, constantly receiving calls from the guys to improvise, make changes and add features.

By 6th, I was done. Those were really stressful 5 days. I hadn’t looked at myself in those days properly. I had submissions and exams coming up, and I wasn’t a cent prepared. And it was not just about me, I had Rajashree taking up equal or in fact, even more efforts, facing similar situations. Finally, I gave up. Mailed them that I couldn’t keep up any longer. We did not get paid, and that can either be justified or not depending on how you see it. Anyways, it was a great experience.

From a technical perspective, I didn’t learn much. But somewhere I learnt what to value. Myself and my time. It is pointless to try to do everything. You just can’t. No one can. A much better approach would be to give 100% to the few things that matter the most. This was a lesson for a lifetime. Now it is just me and the things that matter. Cheers!

Starting with the update, I finally made myself some money with my first ever bug bounty. It was a simple logical flaw that was rewarded. I was, of course, very happy. I had dinner with my parents in a good restaurant, bought a backpack for my new laptop computer, kept some of the cash and gave rest to my mom and dad, equally.

Bug bounty isn’t new to me. I have been living in a community where it was not uncommon to read some or the other friend getting rewarded a bounty, every other day. As far as I remember, things were not like this in my early days. I started interacting with people in cyber security in early 2011. At that time, there were no bug bounty hunters. Some of us were into defacing websites and getting root of web servers for the fun of it. Others were more into blogging about the same. Blogs written on hacking tutorials, news updates and tool guides were dime a dozen. In fact, that was the only way in which most of the amateur pentesters could make some money out of their knowledge (see Adsense and link exchange).

I miss the old friends, the ‘Killerz Hackerz Zone’ group we had on Facebook, where we had some helpful people, who used to guide everyone when needed, and were excellent people to talk to. A particular friend I remember had the handle ‘Dexter India’. He was virtually my brother. There were others too, teaching and learning from each other. After a while, I was made admin of that group, which was, for me, something extraordinary. I learnt a lot from people there, about what a hacker really is, and most important of all, how to keep digging to get what we want. There was this thing written in the group’s description that read “Don’t be smart, be sincere. Then you’ll become a hacker”. A simple statement, but how true that was. It was from that time on, sincerity towards self that became a goal in my life. Learn, not for family, nor friends, nor in the least for society, but for yourself.

Then there were cyber wars, defacements of thousands of sites which included the top government ones. My group vanished. Friends, whom I knew by their handles, fell off the grid. I never got to hear from them again, till date. At some point in around late 2012, everyone realized at once that these cyberwars ain’t helping anybody. It stopped, and the age of hunting bugs for bounty and hall of fame began. It was something new altogether. Spend your time and skills finding bugs and shortcomings in sites that offer to pay for the bugs you report them. The payouts are usually quite high, and if done consistently, much higher than what the average engineering and business school joe gets as a salary.

This triggered a race between researchers, which for most of them, somehow got converted from finding the deepest flaws to finding the hidden low hanging fruits that make a quick buck and take less time to find. Suddenly, it wasn’t about the skills one had. It was all about who gets it first, that gets the bounty. And when a simple bug gets you around 500 in US$s, critical ones going well over few thousands, there was no reason to not invest time in this new business.

But I didn’t. I simply lacked the guts and determination to test an application thoroughly. Maybe it was the skills that I didn’t have. Whatever it was, I used to always get excited to read about bounties. It was raw money, for your time. I had, at times, tried to test an application, but never succeeded. Maybe that’s why I moved from web security to web development. Right down my alley.

Then later in July this year, my mate Kunal got rewarded for a cross site scripting bug he found in a popular social network. It was a respectable sum of money, which he used to build his own PC. You know the thing with money? You don’t fall for it’s greed until you see the possibilities that arise from having good sum of money in your pocket. No one wants to just have loads of cash. It is the things that you can do with it, makes you want it. Similar was the case with me. I needed funds to fulfill some of my long term materialistic dreams. That was the sole motive behind ‘researching’. No, it wasn’t to learn or anything, or test my skills (giggles), it was just the pure greed, that I have now tasted. Although not an awful lot, it was enough to get me a few things. Now I crave for more. Suddenly, the needs have increased. Branded bag, a prestigious phone, ultrabook. Damn.

The quote is still stuck on my mind. I miss those days badly.

Don’t be smart, be sincere. Then you’ll become a hacker