MODS 2017 vignettes – Day 2

Alright, here I am, attending MODS 2017 day 02. Checkout my post on MODS day 01 experience here (for those who don’t know about MODS check it out here). Yesterday was a blast, MODS 2017 day 1 was so overwhelming it scared me a little bit. I learned more than I thought I would, I got to know about a lot of new tech and trends. My expectations today are off the charts. Can’t wait to attend the sessions. Like yesterday, I am gonna do a live blogging about my experience. Here it goes, first session is on AI.

Data is the new oil, but that oil is AI. Mr. Ajit Jaokar needs no introduction. (for sake of completeness here is a brief intro) Ajit is well-known personality in the field of AI and machine learning, teaches data science for IoT at Oxford and more. Ajit explains about AI and future of AI, progress is inevitable, machines will lie and cheat in the future if needed. A very good intro of deep learning, Top-down and bottom down approach and related challenges. Bottom up approach has no rules. In 4 -5 years market will be more vibrant and organised, this is the best time to learn AI and Machine learning. One of the most curious questions “Types of problems that AI can address”, few examples are: Complex planner: tasks which require planning, better communicator (chat bots, remember that racist Microsoft bot), new perception, Enterprise AI, ERP and data warehousing, super long sequence pattern recognition etc. AI can be anywhere, I mean can you think of using AI for cucumber farming ??? to sort good and bad cucumbers, applications and area are limitless, not even sky is the limit (probably not even milky way galaxy is the limit with AI). Data is the new oil indeed, no data, no training. AI will impact almost everything soon. Machines training machines is happening as we speak. Great insights on AI and deep learning. Thank you Mr. Jaokar. Cannot think of any better way to start #mods17 day 02.

Short session (15 minutes) on Karnataka start-up policy. Mr. Aniket Vaidya is the speaker. Karnataka’s vision is to create the best ecosystem for startups in the capital. There are 4000+ startups in Bengaluru itself. Govt is taking several steps in making business for startup easier. Aniket makes audience aware of the benefits and conditions provided by Karnataka govt for tech startups. Get funded by the Karnatka govt. Neat initiative and a great push towards make in India.

Next up is Building a BFF (Backend for Frontend) with swift on server by Mr. Pushkar Kulkarni. If you have followed my blog for #mods17, you know I love swift. No surprises that this session sounds very lucrative to me. A general purpose API (monolith or microservice) may not be apt for mobile clients. The thought provoking question here is “Is one backend for several clients right and peaceful?”. The solution is one backend per experience. Speaker clearly communicated swift history and evolution. Swift is already available on Darwin platforms, a great many frameworks (Kitura, Vapor, perfect) and support for swift on linux. Thanks to the swift on web session by Joshua Smith yesterday, this all makes sense and looks very promising. Swift on server is comparable to java when it comes to performance, memory wise swift performs 2x better than java. Swift is fast, swift is ideal for cloud. Swift is ideal if your client is iOS. One language for client and server greatly increases productivity. An amazing follow up after yesterday’s swift for web. Very well organised session, I clearly understood the basics, benefits and proposed architecture. Thanks Mr. Pushkar.

This one is on Data science. Become an expert data scientist by Mr. Rajesh K Jeyapaul. Great start with basics. Deep learning is part of machine learning, which is a part of artificial intelligence (think Venn diagram). High computational power is needed as we need to deal with a large number of data sets. Machine learning, Natural language processing (NLP), vision etc are all part of artificial intelligence. Great video of Robo speaking conversing with human #AIChronicles, looks like stuff from Mission Impossible movie, can’t believe that was real. For Deep learning and machine learning, multi skills are needed, collaboration is the key. PCA or principle component analysis help select data that is right for training and reject rest of the data. Mr. Rajesh makes us aware of various libraries for machine learning and how to reduce dimensions and how to ultimately predict better. I am no data scientist, but now I know the basics, the libraries and algorithms to use (scikit, pandas, PCA) and where to go from here. Great thought provoking session. Thanks Rajesh.

Next one is from mobile domain. Architecting mobile app security development using OWASP top 10 by Mr. Rohit Bhardwaj. This session is of a great importance to me as I am a mobile app developers. 84% of all cyber attacks happen in application layer. Rohit has clearly communicated the threats and their seriousness and how it affects us globally. Threats in mobile browser: phishing, Framing, Man-in-the-middle etc. Mobile is vulnerable from browser, malware app, WiFi/GSM, App memory. Minimize surface attacks, use ports 80 and 443 only, change all the defaults (like 22 for SSH). Defensive programming should be used. Separation of duties, separate privileges for separate roles is another way to protect. Another way is to fix security issue correctly, fix it and test it. Rohit explains the changes in OWASP top 10 list from 2013 to 2017 and how to tackle it. A live example of SQL injection was shown, very interesting to actually view it live. Prepared statements is how you prevent SQL injection. Another live example of session hijacking by script injection in search. Cross site scripting attack can be avoided by not including user provided input in output page. Avoid insecure direct object references. Security misconfiguration is another vulnerability, encrypt sensitive data. To avoid cross site request forgery (CSRF) adda secret key and add it while calling the APIs. Unvalidated redirects and forwards is another way an attacher can misuse data, restrict that. For mobile take these into consideration: Insecure communication, poor authorization and authentication, unintended data leakage, treat geolocation data carefully (don’t store is not required), implement OAuth2 or JWT (web token), Reduce run time manipulations use (c/c++ libs in iOS and JNI in android), securely store the sensitive data in RAM. Perform threat modelling for security. checkout securecoding.cert.org, greenbone, twit.tv, cybray. One of the best sessions of #mods17. Thanks Rohit.

I haven’t attended any of the deep dive sessions of MODS 2017. I am not gonna miss the last deep dive session. Unit testing iOS applications part 1, 2, 3 by Mr. Steve Scott (Scotty). This part 1, 2 and 3 is a 180 minutes session, this paragraph is gonna be very long. I have been learning iOS app development for about 4-5 months now and learning unit testing seems pretty normal for me. I am sure Learning unit testing iOS apps will enable me to do a lot more (like say Test Driven Development (TDD)). Scotty clearly stated why unit test apps. There are tons of benefits. Unit testing makes us think how to write testable code, how to manage code, and that I believe is a beautiful code (like poetry). Tests are not there to prove what you have written is right, tests are there to show what might break later on. Write @testable import target to access internal properties and functions. There can be classes inside functions, with visibility inside function body. Test expectation can be used for asynchronous and dependent code testing. Scott shows simple and complex examples of iOS unit testing. Scotty explained how to mock network layer and data and why mocking is needed and why data consumers need not care where data is coming from. Tell the component what to use (default or custom properties) don’t let the component ask what to use, key to testable code. This is just 120 minutes of the session, I have an early flight and will have to leave in mid of session part 3. I am sure Scotty is gonna present more advanced and pragmatic testing features. It was great to attend iOS unit testing deep dive Scotty, thank you. And apologies I am not including part 3 of the deep dive

Alright with this I am out of sessions to write about today. I wish MODS was a week long conference. I have learned so much, all the sessions I attended were thought provoking. Makes audience think about various paradigms and approaches. Thank you salt march team for such a wonderfully organised hand crafted event.

Can’t wait for MODS 2018.

Kaushal signing off from #mods17

Kaushal Dhruw (@drulabs github/twitter/stackoverflow)