Electronic security - another perspective with the change in aspect of usage..

Data & transactional security is a key component in any application being exposed on the internet.

The usage statistics of consumers show a complete reversal of equation on the electronic versus physical means to complete a transaction in today's times, which has lead to changes in the way security compromise could happen with just a small 'unnoticeable' glitch in the application equation.

Let's illustrate this with an example which probably might resonate to some modern transportation network companies app in New York lately. The incident happened when a group of consumers boarded the transportation cab and asked the driver to change the destination address mid-way, in turn pushing the electronic device - in this case phone to be accessible to them, once they got hold of the phone - they changed the debit & payment in the app to redirect to their account in turn receiving complete earning for the cab driver into their account. 

Now's dissect this to understand what happened here.

Incident -- primarily classified as robbery or theft - earlier might have happened via attackers taking the physical money - if this was 20 years back.

Ownership - well, primarily the cab driver as he didn't setup a password for that app access - if this happened earlier - 20 years back - again cab driver as he didn't store the money securely(but risk would have been lower as that day's money would be affected).

Impact - both the cab driver, app usage and the transportation company - 20 years back - this might have been either the transportation company or insurance in turn affecting the transportation company.

So what changed above? Ease of access - both for the cab driver & the person stealing the money.

How can this be prevented in near future? 

- Key software changes to the app which don't allow the modifications to bank account to be done without any additional authentication.

- Any such event might need more monitoring & logging.

(theory of blame game above - if it was a hosted payment gateway - you could always put that gateway on the blame end but in the end - company image suffers).

How can this be prevented in future?

- Deploy security intelligence & agents on phone -  learning mechanisms of usage on the device & activating additional input captures to increase the transaction compromise levels.

for e.g. - activating camera, or scan if on iPhone devices to capture user image, key press, finger print capture, increasing authentication from 2 level to 3 levels.

The deep learning mechanisms sits on the phone and consistantly learns from user behaviours and then sets the contexts to a defined set of parameters on the usage pattern. 

Whenever it detects the pattern parameters exceeding the boundaries, it starts preparing for a defence of a compromise. A calculated risk level associated with the assessed limits boundary threshold would indicate the shaping of the defence compromise level which needs to be applied to the transaction. 

The theory is always to build a wall a 'bit' higher than you have for others but the only difference is the wall changes the height dynamically when needed leaving the person trying to cross it guessing most of the times!

Reference to the incident link(for anyone interested) - http://gothamist.com/2019/05/23/robbers_grab_lyft_drivers_phones_an.php

Eliminate the 'right' middleman to achieve transformational agility & prevent leaking costs..

Any industry be it Retail, Manufacturing, Healthcare, Education, Pharmaceutical, Mining, etc will have a middlemen in the whole process starting from procurement to consumption. Always there is a talk on eliminating the 'middleman' which just pertains to removing the layers and gaining advantages on costs.

Well, my discussion of today is on identifying the 'middleman' correctly - as 'middleman' can be a physical entity, a human interface or a 'thought process' which  seeps in and add costs, budget to the overall process expenditure.

Lets take a case in IT perspective (where commodity is software) - most of us get an opportunity to start small as a basic developer while coding for a particular product. Some of us also have an opportunity to sell the product & see it earn acceptance via a huge chunk of users but then why most of the organisations suffer to deliver a product quickly or adapt a change or transformation quickly, after all it's a bunch of developers working to flush out a change or product teams working to revise the process. Well, it's because of the 'middleman' & here it can be either the 'thought process' or that the talent which created the product and is no longer present.

You might think that a group or a bunch of people who work to create something exceptional might be rewarded to stay and shape it, well - may not be, as someone who creates a product understood by another might just be taken over by a 'middleman' posing as a creator to resell it back to the management to generate long term value. Insecurity of the middleman might be the reason for developer to not be rewarded or be completely swapped out & it's very common, the result - focus shift & cost to company at the end (but who cares), question is ---> How do you identify such a scenario - doesn't exist & it might have broader implications on long term costs/agility?

It's simple - ask for changes on the product and the cost generation quotient will start triggering. More people needed, learning curve, chaos, developers leaving the project/organisation, blame game. All these are costs to the company. A good pattern to visualise is when number of people entering and leaving a group is more or less - constant, changes to teams impact costs, value generation and loose the objective.

A creator always tries to enhance the first built product, a creator always has a roadmap, a middleman never has a complete roadmap or complete understanding of the product.

This is just one case, other case is when we are working in a particular setting our thought process resists change & hence we try to use the route we always travel. The creator would have a number of ideas in the mind but wouldn't share the same as they have always been questioned to follow the predefined route. This is where the stale thinking needs to go with taking small risks, identifying areas where a simple change might not be risky but be beneficial on a large scale, key is agility of the change and immediate inception & adoption rate. Benefits are new thought processes and team confidence, latest process/technology adoption and company adoption to stay ahead or compete with competitors.

Key factors enhancing this are automation at various levels, automation serves to build up maturity in processes and right analytics serves to build up long term product roadmap.

The biggest drawback to above synergy is the developed thought process via a group of people resisting change, this is where the management needs to step in to break that chain of thought.

Hence it's important to - eliminate the 'right' middleman to obtain technological success trend & process agility.

Simple text profile analyser using brain.js...simple ML

This post will cover - how to create a simple text analyser to classify text based on a training set data into one or another profile.

We will use 'brain.js' for the neural network used to train on the data.

This can be done in the following steps -

1. Create a profile for a particular type of text - provide adequate training data.
2. Create training data with input, output structure.
3. Write a script to injest data splitting in the input & output format & process training data.
4. Train the network to iterate with input & outputs.
5. Execute the algorithm with new input on the trained neural net.
6. Create an html to host the scripts which would be run on the browser console.

Sample training data

const trainingData = [

    {

        input: "Very well, thank you!",

        output: { at: 1 }

    },{

        input: "Inside my baby's room", 

        output: { a1: 1 }

    },

.

.

.

]

Html page - will host a call to script - can be named text-analyser.js - this will run the 'execute function and take an input text - for e.g. - 'my daily activity'.

   -- import js with training data

   -- import js with text-analyser

   -- import brain.js for the neural net.

Text-Analyser.js - this will host the code for - 

1. processing training data

function processTrainingData(data) {

    return data.map(d => {

        return {

            input: encode(d.input),

            output: d.output

        }

    })

}

2. train using the training data 

function train(data) {

    let net = new brain.NeuralNetwork();

    net.train(processTrainingData(data));

    trainedNet = net.toFunction();

};

3. execute the code with the training completed on new input

function execute(input) {

    let results = trainedNet(encode(input));

    console.log(results)

    let output;

    let certainty;

    if (results.at > results.a1) {

        output = 'Type A'

        certainty = Math.floor(results.at * 100)

    } else { 

        output = 'Type B'

        certainty = Math.floor(results.a1 * 100)

    }

    return "I'm " + certainty + "% sure that text was of  " + output;

}

All together below statements will execute the code when the - html page is opened up in browser and output will be visible in console.

train(trainingData);

console.log(execute("This is my sweet child!"));

Reference : my text..ai.

Few Google I/O 2019 highlights ... from a dev perspective!

Duplex Web 

 - Allows for booking appointments on website via assistant.

Next Gen Google Assistant

- Quickness - performance enhancement, opens & switches between apps very quickly.
- Enabling support for - 'how to' item sites, smart displays automatically loaded with right visualization
- How to template added to actions console.
- Voice based entry points from assistant into the app - health & fitness, finance, ride-sharing, food ordering.
    --> use your voice to start the run with nike run club  -  simple intent to deep link mapping to app.
    --> interactive canvas - full screen display - using voice, visual & touch - HQ trivia game updated with this experience.

ML enhancements

- ML transported to the site of consumption - handhelds, phones, smart phones - footprint of ML reduced to 0.5 gb via recurrent NN in ML kit.
- Vision -> landmark detection, image labelling, barcode scanning, face detection, Natural language - language detection, smart reply,  Custom - model serving.
- On device translation API for 59 language support.
- Object detection combined with product search API to search retail product effectively.
- AV, VR - apps like IKEA use the above APIs.
- Auto ML - can train accurate models on own data sets, Cloud AutoML tables - ingest & predict ML models.
- Video labelling & video intelligence to search & logically arrange the video content.
- Cloud TPUs reduce speed of training to significantly faster speeds - TPU pods.
- Open source tensor flow - researchers & business 2.0 launched - ML - intuitive models, javascript developers can use node js to deploy models to tensor flow out of the box, tensor flow lite installed - is very fast.
- Federated handoff

Firebase enhancements 

- build your app with fully managed backends, provide monitoring & provide better insights with FB & ML kit - auto vision image edge.
- upload images, click to train model & publish image.
- 1. Auto ML dataset creation, 2. upload of images, 3 train - latency, accuracy - how to train - select training time, once training is finished - evaluation provided with precision percentage & details.
- 4. step - publish the model, 5. push to app, 6. app will dynamically download the model and use it.
- Performance monitoring - startup time, responsiveness - expanded to web - available in beta instantly.

Web platform - Chrome enhancements

 -- reducing startup time - reduced by 50%, v8 - js engine, uses 20% less memory.
 - image lazy loading - add 'loading' attribute to the image - via checking for factors like connection speed, few kilobytes loads an image with a reduced size.
- lighthouse - budget enforced - like 200 kb size, target metrics - page load time - connects with servers to maintain the response within the budget.
- Google duo for web - progressive web app, light and can be used as an immersive experience.
- Google web search uses latest features behind the scenes.
- Web security - all traffic moved to https, private and secure cookies, easy private controls - tracking of sites from across web, anti-fingerprinting .
- web.dev - site created for building, help on web, optimisation on popular platforms like react.

Flutter enhancements

- Technical preview of flutter on the web.

- Write once and use on any device - android, iOS, mac, windows, web.. 

- Flutter sandbox unveils faster processing speeds.

Chromebooks

- Linus for chrome books available for devs - linux ready chrome books launched.

The social dilemma... need for some redesign...

Today almost everyone agrees and is able to comprehend the fact that the way top social sites are designed was to promote the user to spend more time within the site in order to achieve the goal of more hits to their usage.

Data is a key player when it comes to building something for a consumer & if you want to make sure that the consumer always contributes to a fair percentage of the sale, then getting the right data is very important.  Primary objective behind the above goal was to get as much data possible from the user & behind the scenes create an image of the user, like an avatar which has all the characteristics of the user and then experiment with the avatar for probabilistically favourable outcomes.

The means was simple, give the user something they would want so as to stay in the site - can be an image, a notification on a status update of a friend, relative or family member or a topic sensitive to the user at hand. Slowly it started getting out of control, which now leads to groups influencing decisions on individuals and minds.

The point about data leaking or being leaked is irrelevant as any data on the sites would be next to impossible 'to not leak' and still carry on with the incentive for user to come back without rapidly decreasing productivity.

The question is what needs to be done to make sure the social sites have sanity on the content created, & promoted within the realms of the social engine.

This is where machine learning and intelligence can help if used the right way but the fundamental architecture needs to change.

A simple paradigm is -- make it easy -- humans would use an interface to express their thoughts & perspectives and it is upto that interface to present them with the best possible way to do it.

Okay now you are confused what I am talking about... let me explain... 

Human uses an 'interface' --- here which is an 'intelligent assistant' and tell what they want to publish to the assistant -

For e.g. - I want to publish 10 photos, occasion is birthday party, post is to my close friends & title should be something exclamatory & energetic.

The 'assistant' looks at the content and gives back the suggestions on proposed layout and presentation, user either chooses it or makes adjustments to make sure it matches their creative insight behind the post.

Now what does this accomplish? 

Well, a few things -

1) Make the job of posting easy.
2) Reduces work of trying to find best combinations.
3) Goes behind the scenes and checks the content for security before considering it as eligible for posting.
4) Gives back to the engine feeds on creative redesign - this is the most interesting part - as human & machine minds are working together to create something new.
5)Also, encodes the communication via historic timeline using blockchain or crypto factor.

So, this is where the job would be much more simplified..

As of today, major social engineering sites are working to have behind the scenes machine learning algorithms scan content for predominently below key factors to make sure that the overall health factor and toxicity of communication doesn't degrade.

They monitor the below key points -

• Shared attention - how much?
• Shared reality - what kind?
• Receptivity - how much people are liking it?
• Variety of perspective - uniqueness factor, how much?

Then there are other facts like seeing trends or patterns, classifying communications as machine vs human generated and watching the trend of generation & propagation based on events, timeline & geographical regions where the communication initiated and followed thereafter. 

 These are like watchdogs which are already being pushed into the system to monitor, capture & notify when a given communication or channel poses to be an imminent problem. 

  Still I think there needs to be a lot done to make sure social sites are - safe, promote a healthy conversation and are not tools used by an exploiter to get information for money. 

  Also, a well engineered social platform would in turn incentivise the customer to give back the time spent on it via either a return program for any kind of monetary value or score so that the user gives a conscious effort to promote the right content.

With so much buzz about natural language processing, let talk about the core elements involved..

As of today natural language processing has taken various shapes and forms as a frequently used buzz word!

Before going into all the advantages or the 'hype' associated with it, let's talk about something 'core' - the framework or the main pieces involved here and how these work together.

The items that I am using for discussion here are mostly from leading players in conversational realm(like google, amazon, apple, df, microsoft & so on) - some pieces might have a different names but the idea is the same.

What is natural language processing?

Basically in simple words - an interface to which you feed in input in any given language which gets interpreted and processed to give back an intent or set of intents.

The language in natural form is called as 'utterance' and after processing, where most of the magic happens get transformed to intent or purpose.

There can be some processing applied to an 'utterance' before it is being submitted into the 'magic box' like spell checking if initiated from a chatbot or checking for commonly misused words which can lead to errors, early error detection.

Once the input is fed into the 'magic box' the result is compared with a given 'confidence factor' which can shift based on the maturity of the associated realm of context, if the result is within the confidence factor - well - the 'magic' worked and an intent is resolved. If the 'confidence factor' was too low then a 'fallback' intent is triggered.

The key here is to
       - A) understand how the 'magic box' works to interpret the utterances to intents.
       - B)  how can fallbacks be shaped into known intents during the course of time.

The part A) - is what is called as 'machine learning' - which can have any known learning engine to process the data to apply the algorithm or set of algorithms to get the output.

Some of these input factors work backwards like setting up 'entities' which can have synonyms or know inputs - which can give exact language parse mapping, but the core piece here is does the system posses intelligence?

If I feed the system with C & D today and tell it the formula to compute E, if there is a variation is the formula - will the system adjust and recognise the variation to process E correctly, that's the key - for the learning factor over a period of time.

How to do this? - unsupervised, supervised or re-inforcement - there are a number of ways.

part B) - is what is important in terms of identifying if what I am asking for is it
    - i) too complex? ii) in a different format? iii) or something with doesn't make sense.

most of the times it's i) or ii) but the process of getting there involves supervised learning and setting up the right labelling so that the system can recognise over a period of time how this works to make sense.

What tools to use? there are many - why not start with basic analytic tools and start working backwards.

This is just a very basic core framework - more specialised forms may include 'intent forecasting' - 'behaviour forecasting' and 'threat forecasting' using the core framework.

(For more details please refer to - google, microsoft or amazon conversational flow documentation)

In next post.. we'll try to cover another important topic ... 'data labelling'.