DCSIMG
September 2007 - Posts - Simon Chulsky's Blog

September 2007 - Posts

Monday, September 24, 2007 11:41 PM

Artificial Intelligence Systems are coming, Welcome SILVIA!

AIArtificial Intelligence is my favorite topic in technologies world and it have all chances and potential to be the next revolution step in IT world. Few days ago I discovered Cognitive Code company at Engadget and decided to write this post. Cognitive Code is the developer of SILVIA (Symbolically Isolated, Linguistically Variable and Intelligence Algorithms). SILVIA platform helps derive context and meaning from user inputs, via speech, text, or other methods, so you can communicate with the platform as if it were another person.

Personally, I'm a little skeptical about SILVIA abilities, because from my point of view, today machine can successfully learn and become as integral part of limited digital environments only. I think that machine can't associate the speech or text about smells with real operation, because it has no sensors which can react to this sense. In other words Machine will be able to understand human inputs, via speech or text only when it will have quality enough sensors for four human basic senses. The second very important aspect of machine learning is the ability to execute operations into the intellectual environment, for the sample why the dog evolution level is lower then the human one, if it has all four necessary senses? The answer is simple the building of dog body not allows it to execute complex operation that human can. So the body structure of creature is the second and very important variable. The resolution is the follow, the ability to derive context and meaning from user inputs, via speech and text may be real only when the robot will hold the sensors and the body close to human one ore better, but today's computer technologies is to far from this.

So, when AI systems can real work today? The answer is the digital environments with limited number of operations when humans interacting one each others. The best sample for this kind of environment is a Stock Market and specific the derivatives trading. Stock Market have very limited number of operation like buy, sell etc. and the human interact one each other by executing those commands only. Machine can easily learn the patterns and to associate commands in those kinds of digital environments and I think the next punch in stock markets will come from Artificial Intelligence System.

In last paragraph I want to introduce my experience in Machine Learning and Artificial Intelligence technologies. Last 4 years I hold in my mind some unique theory of Machine Learning implementation, few years ago I started to implement it, and run a startup company named AIMech (Artificial Intelligence Mechanisms) but it was freeze year ago, because my commitment and responsibility to KCS, the startup company I work at present and because the resources missing to implement and to commercialize it. But I absolutely sure, that the next my long run project will be the implementation of AIMech machine learning engine.

 

 

 

Posted by Simon Chulsky | 1 comment(s)
תגים:, , ,
Monday, September 24, 2007 4:21 PM

6 Simple steps to secure your Web Application

 

How to pass security tests for customers like Banks?

One of KCS customers is a big commercial bank. When bank valuating your product or any other one, IT Security issues taking the first priority. I think, only the customers from defense industry prioritizing the Security issues so high. This post will describe the interesting parts of the process I passed and the technological tips for anybody who preparing to come over the same process.

Usually banks and other enterprise customers use outsourcing services to test product security risks. Commonly Security tests include interviews, simulation of attacks and penetration tests on follow tiers

  • Computers
  • Communication
  • Installations
  • Applications to pinpoint vulnerabilities

So let's start with few steps to secure your Web Application.

Step - 1 - Daily Programming rules

  • Always validate user input it is necessary to isolate your system from attacks like SQL Injection, XSS, Buffer overflow, etc.
  • Don't store any passwords and user names on disk or in memory in plain text.
  • Don't keep any secured information in your code; it can be easy stolen by reverse engineering.
  • Do not write any business information to server file system, only to the database.
  • Don't hold security sensitive information in IIS Session or cache.
  • Do not use ActiveX controls, if it possible.

Step 2 - Web Server Session Management

  • Set your IIS session time out to 30 minutes
  • Add "Sign Out" button on each web page. When user will click on this button IIS Session will be closed.
  • Close IIS session on web browser close event.
  • Close IIS Session when user navigates to other web site by handling Page Upload event is it possible.

Step 3 - IIS & Web Site configuration

  • Uncheck anonymous access checkbox on your web site. This recommendation relevant for enterprise software and not for public web sites.
  • Use .NET DPAPI library to encrypt Connection String to database, it is very important; don't write an encryption key in code, to defense your system from Reverse Engineering. Store the key into the Registry.

Step 4 - Web Browser Settings

  • Disable browser automatic Caching and History functionality. This allows to unauthorized user search business content in Temp directory on client PC. Do it by using HTTP Meta tags:
    <META HTTP-Equiv = "Expires" Content = "now"<
    <META HTTP-Equiv = "Pragma" Content = "no-cache">
  • Disable automatic AutoComplete browser functionality. Do it using HTTP Meta tags:
    <FORM AUTOCOMPLETE = "off">

Step 5 - Authentication

  • Use strong authentication on any connection between system modules.
  • Use only Windows Authentication when you establishing connection to the database server.

Step 6 - Networking Protocols

  • Use SSL V3 protocol for Client Server communication.
  • If Web Application calls to methods in Web Service, use WSE 3.0 to secure the SOAP protocol.

So good luck! And keep free to ask me how to implement any step in this short manual.

Posted by Simon Chulsky
תגים:, , , , ,
Thursday, September 20, 2007 5:42 PM

Micro Content Management and MS Office - Step 1

Few days ago I met a new and very interesting buzzword "Micro Content Management" by reading the article named Smart Content Objects Management (Hebrew only) from Mr. Yair Dembinsly, VP Project Manager of Byon IT Solutions.

The best definition I found into the internet is the follow, Micro Content Management Systems designed to extract the maximum potential value from the content.

Zoom Doc

But what means the maximum potential value, in case of MS Word document – the worldwide dominant unstructured content environment and how to get this value?

Let's start with a little sample, when I receive the document from the customers with functional requirements, I'm starting the regular process which includes writing solution and estimation for each requirement. The results will be found in different information environments, like other documents, mails and professional systems.  At this point organization starts loose the money.

 The only right way to run requirement processing correctly, is when the both sides, the customer and the supplier will stay working on the source requirement paragraph into the source content environment. This way will guarantee to reduce critical data looses and human mistakes and will really extract and increase the value of the content or the part of the content. 

Today, MS Word and Google Docs haven't this ability out of the box, but I think it will be the next step of the content editors' evolution. This will upgrade the document from content container to integral part of professional systems like requirements management, compliance, auditing & reporting, contracts & legal and other professional systems. 

In  Mr's Dembinsky article we can read that Micro Content Management concept implemented in Israeli IDF project named "Bina va dat", when KCS with its Generica Pro product  taking an active part.

 
Posted by Simon Chulsky
תגים:, , , , ,
Thursday, September 20, 2007 3:22 PM

First Post!

Hi All,

It took me a lot of time to start posting, but I decided that this is very important step, which provides win-win situation for you and me. I hope this blog will be interesting to all Hi-Tech\ Enterprise sectors.

I will try to post the most interesting issues and events that took place in my professional life. Today I'm working as VP & CTO at KCS (Knowledge Control Systems) Startup Company, which exponential growing at last few years.

 This blog will contain interesting technological issues, MS Office issues, commercial and marketing content with my analysis and opinion.

So, Good Luck for this blog, when the luck will be measured by your feedbacks and visits to this blog.

 

Posted by Simon Chulsky | 3 comment(s)
תגים:,