Having been in fintech for a while, I’ve noticed something in common between the many new startups that come and go. They all require access to personal information. A specific example that comes to mind is the Plaid-like solution we developed while working on amal. We’d ask customers for their bank credentials[ajy] and then proceed to login on their behalf in order to share the resulting account information with the 3rd party application they are using (e.g. for transferring money, tracking their spending, etc). I’ve noticed similar things with companies that try to optimize the checkout experience – almost always by becoming the interface layer that users use, necessarily being exposed to sensitive cardholder information like the card number, CVC and even PIN number in some instances[axo]. The problem in all of these situations is that these apps require users to trust them, but provide no means for verification that this trust is not misplaced. “Trust, but verify” — Russian proverb Is there a better way? Some Assumptions Many throw their hands in the air and point to the protectionist practices of financial institutions that prevent data sharing — without APIs, the only real option for authenticating users is with the same credentials they use themselves. To explore better ways forward, let’s make a few assumptions (and eliminate thorny edge cases that frontload a lot of complexity): The application handles sensitive data It performs a deterministic task (i.e. same inputs result in the same output) It does not rely on state The application doesn’t keep logs (or retains anonymized and desensitized logs to aid in debugging) What we’re after Let’s be clear about what we’re after. If an app holds the assumptions we set earlier, then we should be able to use that app in a way that allows independent third parties to verify that the app is doing exactly what it says it’s doing. In the case of a checkout app for instance, we should be able to verify that it’s not stealing customer’s card details and siphoning them off to the Russian mafia. Front-end applications This is simple-enough to do, to some extent, on front-end applications – because we can inspect the code ourselves (albeit, obfuscated code to an increasing degree). Still, worst case we’d still be able to track network requests being made from the application – as well as any usage of local storage to ensure there’s nothing fishy going on. Backend But what about the backend? They are completely opaque to anyone outside the server; true black-boxes, where only the inputs and outputs can be observed, but not what’s performed inside. This is exacerbated by the fact that front-ends are also the front-lines of the war against all sorts of user-side attacks (CSRF, poisoning, etc). This has resulted in things like CORS, that prevent clients from making HTTP requests that would otherwise work completely fine on backends. Options For Greater Transparency 1. Fatter front-end’s for security [ajy] It’s so sad that it’s come to this. Sharing bank credentials with 3rd parties should never be ok, and yet it seems to be the only practical way that third party apps can communicate with financial institutions.

Optionality’s one of those things you don’t really think about. People don’t generally wake up one morning thinking “Why, it appears I’ve spent the past several decades of my life optimizing for optionality. Perhaps I should figure out why?”. Most don’t even recognize the term – until it’s already explained to us. If you’re one of those people, this could well be the most important posts you read this year. What Is Optionality? Optionality has been drilled into our heads ever since we were young. No one calls it that, but every one of us has heard the advice to follow opportunities that “open up doors” or “unlock opportunities” down the road. Now that’s all fine and dandy when you’re 12, but our generation is increasingly becoming crippled by the abundance of choices – making it damn near impossible to decide on anything of significance anymore. That’s tragic because optionality is also a privilege. And this disease has a tendency to afflict the most privileged among us – rendering them hollow. In this post, we’ll run through how optionality has pervaded our entire livelihood, why it can unconsciously derail entire careers, and what you can do about it. Let’s dive in! The Obsession With More (Options) We’ve been taught to seek out options that open up horizons, unlock doors and unleash possibilities. This expansive approach to life works great early on, enabling us to have more choices about what we’d like to ultimately do. The trouble is that last bit “(what we’d like) to ultimately do” – opening doors is a means to an end, not the end itself. By the time we’re young adults, we’ve had this idea of optionality engrained into our heads – and we don’t stop to reconsider what we’d actually like to ultimately do. We keep opening doors like it’s nobody’s business – resulting in so many unlocked doors that it’s crippling to pick just one. This phenomenon seems to have existed for a while, but has become increasingly prevalent in recent years. You see it in students choosing varied majors/minors, to people choosing to rent instead of buy. We crave choice, and are horrified of its opposite: commitment. Why this deep seated aversion to risk? I believe it originates from two human afflictions: Fear of missing out (FOMO): What if the choice I make is the “wrong” one, and the other choices somehow diminish in value. Fear of failure: There’s something scary about committing to an idea; that decision can bring about the possibility of real failure. It’s easy to see the allure of deferring the decision, in favor of collecting more and more safety nets to soften a (potential) fall down the road. Unlike their financial brethren, amassing a portfolio of choices is actually pointless beyond a point. An individual option is useless unless nurtured through the dedication of time and effort – and there’s only so much we can do in one life. But there’s more to it than that. Let’s take a deeper look at the downsides of optionality, and what we can do about it. Why Optionality Is Bad 1. The Opportunity Cost Our net output is the result of focused effort; and optionality is the exact opposite of focus. Rather than exploit any single option, we defer it for some undefined later – a later that often never materializes. This is akin to someone, in the early 90s having the ideas for Facebook, Google and Amazon all at once – and pursuing none of them in favor of unlocking more doors as a business consultant. Over 1,000 octogenarians (those aged 80 and above) were asked about their single biggest regret in life. The most common answer by a landslide was this: they regret the risks not taken. You can bet that’s what our fictional character from the previous paragraph would say too. “Oh, I had that idea years ago” means nothing if you chose not to do anything about it. 2. The Paradox of Choice More options make it harder to choose later, not easier. That’s unintuitive; you’d think more is better, but it’s leads to all sorts of strange side-effects. In his book “The Paradox of Choice” (find an example of the paradox of choice – jam, watches, etc) …. The trouble with accumulating options is that, like money, you can never have enough. You postpone your dreams, stuck in a continuous loop of preparation that’ll never end. And if you do ultimately stand to pick between the options, you’re less satisfied overall – the sheer number of choices makes you second guess your decision, and ultimately leads to a less fulfilling life. 3. It Changes How You Think Finally, and worst of all, the pursuit of optionality changes you. It turns you into a dreamer, always amassing options but never executing on any of them. It shares plenty in common with wantrepeneurs, the variety of entrepreneurs that never get started – always waiting for the perfect circumstances to unfold (which, they never do). The Cure To Optionality Addiction Now that we realize the grave downsides to optionality, we’re ready to talk solutions. The first one should be clear: commit. That means picking a single course of action that you would like to pursue – picking one option of the portfolio that you’ve amassed. You should take your time to study the options, deliberate, and find the one that makes the most sense for you. But once you’ve decided, there should be no looking back. To assist you in making sure that you don’t turn back halfway, consider publishing this commitment publicly. Tell your friends, write a blog post, publish it to LinkedIn. Sharing this commitment with others can provide the social pressure necessary to continue, despite the internal urge to resist. Also, as you exercise your option, ignore all the others. Focus solely on the task at hand.

Been having a hard time lately focusing. It’s like whenever I start doing anything of any significance I get derailed, and fall into this spiral of thought where I reconsider whether what I’m about to do matters, why it would, and whether I could be doing something else that would be more “productive”. The end result is that I end up doing nothing (no, the irony is not lost on me). This is a strange state for me to be in, because it isn’t one I recall having gone through before. I’m usually able to operate at a high cadence, get stuff done and just generally apply myself to projects with high autonomy and little structure. I think it may have something to do with the overall situation around COVID, and that I’ve been effectively operating indoors for the past 9 months (!). Cafes, restaurants and most public places are still take-out only, so this makes it difficult to hang out in person (if you’re not working at an office). I don’t know if these are symptoms of depression, or if they are just general apathy resulting from severely diminished social contact. Maybe it’s a bit of both? Again, don’t recall ever having going through a “proper” episode of depression before, so I’m unsure it is in fact that. I was reading about it on Wikipedia yesterday and came across an article describing negative self-talk, something I definitely encounter alot more as of late. The article suggested Cognitive Behavioral Therapy (CBT) as a solution (in addition to exercise, which I do a few times a week already). CBT is a program often run by a counselor (in-person) and involves examining the Behavior, Thoughts and Feelings of a subject in order to pinpoint the specific behavioral pattern that needs to be changed (either intensified, or diminished). This all sounds great in theory, but finding a therapist that I trust to do this sounds like a real chore - especially in Bahrain. I’ve found online providers that delivery virtual therapy; I’ve also read that CCBT - Computerized CBT (delivered primarily via apps) can be effective if used consistently. And so that’s what I’m doing now - using an app called MoodKit (iOS only) that sends me occasional triggers to jot down what I’m thinking, and walks me through the process of assessing my thoughts to see if they’ve fallen victim to “distortions” (yes, you bet they have!). I’ll report back once I’ve had at least a few weeks of experience with it and let you know how it all went. Of course, I don’t plan to just sit around all day while I wait to get better. I want to apply myself, to express myself creatively, and make something useful. But that’s the operative word: “something”. Like, “one thing”. Not 500.

It used to be that you needed to know Kotlin and Swift to develop apps for both Android and iOS, but those days are long gone. Even the fundamental reasons for doing so have changed — some sort of compromise between performance and speed to deployment. React Native apps were kinda slower than native apps by a smidge, but with the introduction of Flutter — that difference was wiped out almost entirely. With Flutter, you get native app performance because you leave HTML and JS behind. Getting the Basics Flutter has an excellent reference for web developers that I found more useful than alot of the intro guides out there. I don’t need to know what a variable or for loop is — just tell me the concepts I need to hit the ground running. Coupled with this brief high level overview it’s pretty much all you need to understand Flutter conceptually. Getting up and running with Flutter, quickly A great place to start was to quickly paste snippets from the web developer article I mentioned above into DartPad and see the results immediately. This gave me a feel for how things works in Flutter land, without fretting too much about setting everything up locally. A+ Resources Build a sick planet app from scratch. No fluff, all goodness. Loved recreating this myself. Flutter Layout cheat sheet Build a functional Startup Name Generator, start to finish, from scratch Comprehensive reference for more great resources on Flutter 👉 Stay tuned for my first app on Flutter, in a future post!