## P≠NP - A Definitive Proof by Contradiction

Following the great scholarly acceptance and outstanding academic success of "The Clairvoyant Load Balancing Algorithm for Highly Available Service Oriented Architectures, this year I present P Not Equal to NP - A Definitive Proof by Contradiction.

## LyX/LaTeX formatting for the C# code

If you are googling trying to find a good way to insert C# code in LyX, this is where you'd probably end up. MaPePer has provided a very good solution; I have modified it slightly (hiding tabs and removing comments) and following is illustration on how to use it in LyX.

First thing you'd need is a Lyx document (LyxC#CodeListing.lyx). Empty one works well.

Add the following to Preamble (Document-> Settings-> LaTeX Preamble)

\usepackage{color}
\usepackage{listings}

\lstloadlanguages{% Check Dokumentation for further languages ...
C,
C++,
csh,
Java
}

\definecolor{red}{rgb}{0.6,0,0} % for strings
\definecolor{blue}{rgb}{0,0,0.6}
\definecolor{green}{rgb}{0,0.8,0}
\definecolor{cyan}{rgb}{0.0,0.6,0.6}

\lstset{
language=csh,
basicstyle=\footnotesize\ttfamily,
numbers=left,
numberstyle=\tiny,
numbersep=5pt,
tabsize=2,
extendedchars=true,
breaklines=true,
frame=b,
stringstyle=\color{blue}\ttfamily,
showspaces=false,
showtabs=false,
xleftmargin=17pt,
framexleftmargin=17pt,
framexrightmargin=5pt,
framexbottommargin=4pt,
morecomment=[l]{//}, %use comment-line-style!
showstringspaces=false,
morekeywords={ abstract, event, new, struct,
as, explicit, null, switch,
base, extern, object, this,
bool, false, operator, throw,
break, finally, out, true,
byte, fixed, override, try,
case, float, params, typeof,
catch, for, private, uint,
char, foreach, protected, ulong,
checked, goto, public, unchecked,
const, implicit, ref, ushort,
continue, in, return, using,
decimal, int, sbyte, virtual,
default, interface, sealed, volatile,
delegate, internal, short, void,
do, is, sizeof, while,
double, lock, stackalloc,
else, long, static,
enum, namespace, string},
keywordstyle=\color{cyan},
identifierstyle=\color{red},
}
\usepackage{caption}
\DeclareCaptionFont{white}{\color{white}}
\DeclareCaptionFormat{listing}{\colorbox{blue}{\parbox{\textwidth}{\hspace{15pt}#1#2#3}}}
\captionsetup[lstlisting]{format=listing,labelfont=white,textfont=white, singlelinecheck=false, margin=0pt, font={bf,footnotesize}}



In the preamble (Document-> Settings-> LaTeX Preamble)

Now add a program listing block. Hopefully you have the listing package installed otherwise you can always use the listing MikTeX update.

Now add the code to the listing block.

and then Ctrl-R

Happy Lyxing

## Machine Learning - On the Art and Science of Algorithms with Peter Flach

Over a decade ago, Peter Flach of Bristol University wrote a paper on the topic of "On the state of the art in machine learning: A personal review" in which he reviewed several, then recent books, related to developments in machine learning. This included Pat Langley’s Elements of Machine Learning (Morgan Kaufmann), Tom Mitchell’s Machine Learning (McGraw-Hill), and Data Mining: Practical Machine Learning Tools and Techniques with Java Implementations by Ian Witten and Eibe Frank (Morgan Kaufman) among many others. Dr. Flach mentioned Michael Berry and Gordon Linoff’s Data Mining Techniques for Marketing, Sales, and Customer Support (John Wiley) for it's excellent writing style citing the paragraph below and commending "I wish that all computer science textbooks were written like this."

“People often find it hard to understand why the training set and test set are “tainted” once they have been used to build a model. An analogy may help: Imagine yourself back in the 5th grade. The class is taking a spelling test. Suppose that, at the end of the test period, the teacher asks you to estimate your own grade on the quiz by marking the words you got wrong. You will give yourself a very good grade, but your spelling will not improve. If, at the beginning of the period, you thought there should be an ‘e’ at the end of “tomato”, nothing will have happened to change your mind when you grade your paper. No new data has entered the system. You need a test set!

Now, imagine that at the end of the test the teacher allows you to look at the papersof several neighbors before grading your own. If they all agree that “tomato” has no final ‘e’, you may decide to mark your own answer wrong. If the teacher gives the same quiz tomorrow, you will do better. But how much better? If you use the papers of the very same neighbors to evaluate your performance tomorrow, you may still be fooling yourself. If they all agree that “potatoes” has no more need of an ‘e’ then “tomato”, and you have changed your own guess to agree with theirs, then you will overestimate your actual grade on the second quiz as well. That is why the evaluation set should be different from the test set.” [3, pp. 76–77] 4

That is why when I recently came across  "Machine Learning The Art and Science of Algorithms that Make Sense of Data", I decided to check it out and wasn't disappointed. Dr. Flach is the Professor of Artificial Intelligence at the University of Bristol and in this "future classic", he left no stone unturned when it comes to clarity and explainability.  The book starts with a machine learning sampler, introduces the ingredients of machine learning fast progressing to Binary classification and Beyond. Written as a textbook, riddled with examples, foot-notes and figures, this text elaborates concept learning, tree models, rule models, linear models, distance-based models, probabilistic models to features and ensembles concluding with Machine learning experiments. I really enjoyed the "Important points to remember" section of the book as a quick refresher on machine-learning-commandments.

The concept learning section seems to have been influenced by author's own research interest and is not discussed in as much details in contemporary machine learning texts. I also found frequent summarization of concepts to be quite helpful. Contrary to it's subtitle and compared to it's counterparts, the book however is light on algorithms and code, possibly on purpose. While it explains the concepts with examples, number of formal algorithms are kept to a minimum. This may aid in clarity and help avoiding recipe-book-syndrome while making it potentially inaccessible to practitioners. Great at basics, the text also falls short on elaboration of intermediate to advance topics such as LDA, kernel methods, PCA, RKHS, and convex optimization. For instance, in chapter 10 "Matrix transformations and decompositions" could have been made an appendix while expanding upon meaningful topics like LSA and use cases of sparse matrix (pg 327). It is definitely not the book's fault; but rather of this reader expecting too much from an introductory text just because author explains everything so well!

As a text book on On the Art and Science of Algorithms, Peter Flach definitely delivers on the promise of clarity, with well chosen illustrations and example based approach. A highly recommended reading for all who would like to understand the principles behind machine learning techniques.

Materials can be downloaded from here which generously include excerpts with background material and literature references, full set of 540 lecture slides in PDF including all figures in the book with LaTeX beamer source of the above.

## Hacktivity - Software Threat Modeling by Shakeel Tufail

Threat modeling and diversion tactics; a good high level overview on software security.

There are only a handful of threat modeling approaches in the industry which are difficult to implement due to the subjective guidelines. Our training session will focus on best practices and a hands-on approach that will provide attendees a better understanding of how to conduct threat modeling in their organization. Most threat models focus on attackers, we will look at the threat model using trust zones, identifying assets, indirect threats, and ambiguity analysis. We will also speak about secure design concepts and best practices for securing software architecture.

Learning Objectives: At the end of this workshop, participants will be able to:

• Understand the basics of threat modeling software applications
• Understand the meaning of threats, attack vectors, and trust zones
• Learn about secure design concepts
• Learn best practices for securing software architect

## Architectural Frameworks– Is Kruchten's 4+1 Still Relevant in an Agile World

“The first matrix I designed was quite naturally perfect…. a triumph equaled only by its monumental failure. I have since come to understand that the answer eluded me because it required a lesser mind, or perhaps a mind less bound by the parameters of perfection.”

-The Architect. The Matrix Reloaded (Wachowski & Wachowski, 2003)

A lot has been changed in the world of architectural frameworks since the 1995 IEEE software (Volume:12, Issue: 6 ) paper by Philippe Kruchten on  Architectural Blueprints — The “4+1” View Model of Software Architecture was published.  Various other viewpoint and perspectives have been emerged including but not limited to RM-ODP, Siemens, SEI's Views and Beyond, Garland and Anthony (UML), Integrated architecture framework (IAF), Zachman, E2AF, Geram and TOGAF.

Architecture frameworks are the design methodologies used in architecture modeling. These frameworks provide a structure, organization and system to help design complex systems in an effective manner. The relevance of software architecture in agile world is a highly contested topic and it is hard to cover in a blog post. Simon Brown’s Coding the architecture is a great place to start understanding the place of architecture in an agile world. An excellent paper on Agility and Architecture—Can they coexist?  Software, IEEE  (Volume:27 ,  Issue: 2 ) also provide a good comparative analysis of pros’ and cons related to architecture in an agile space.

Abstract: Software architecture is taking a bad rap with many agile proponents; big up-front design, massive documentation, smell of waterfall, it is pictured as a non-agile practice, something we do not want to even consider; though everybody want to be called an architect. However, certain classes of system, ignoring architectural issues too long “hit a wall” and collapse by lack of an architectural focus. Agile architecture: a paradox, an oxymoron, two totally incompatible approaches? In this paper we review the real issues at stake, past the rhetoric and posturing, and we suggest that the two cultures can coexist and support each other, where appropriate.

Since 4+1 View Model was published, it has been a widely accepted idea in the architectural community that there is no single view of software architecture. Regardless of where you find yourself on the software-architecture-spectrum-battler, there are always various concurrent views, each of which addresses a specific set of concerns. The purpose of an Architects (albeit a coding one) is to capture the design decisions in multiple views and use the stories to illustrate and validate them. Considering the 4+1 model,

...the logical view describes the design's object model when an object-oriented design method is used. To design an application that is very data driven, you can use an alternative approach to develop some other form of logical view, such as an entity-relationship diagram. The process view describes the design's concurrency and synchronization aspects. The physical view describes the mapping of the software onto the hardware and reflects its distributed aspect. The development view describes the software's static organization in its development environment.

Happy coding!

References

Architectural Blueprints—The “4+1” View Model of Software Architecture

A comparative analysis of architecture frameworks

Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives

Alignment in Enterprise Architecture: A Comparative Analysis of Four Architectural Approaches

## Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services

My recently published IEEE Paper

Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities

Service oriented architecture is fast becoming ubiquitous enterprise software architecture standard in public and private sector alike. Study of literature and current attacks suggests that with the proliferation of Web API and RESTFul services, the attack vectors prioritized by OWASP top 10, including but not limited to cross site scripting (XSS), cross site request forgery (CSRF), injection, direct object reference, broken authentication and session management now equally apply to web services. In addition service oriented architecture relies heavily on XML/RESTFul web services which are vulnerable to XML Signature Wrapping Attack, Oversize Payload, Coercive parsing, SOAP Action Spoofing, XML Injection, WSDL Scanning, Metadata Spoofing, Oversized Cryptography, BPEL State Deviation, Instantiation Flooding, Indirect Flooding, WS-Addressing spoofing and Middleware Hijacking to name a few. In this paper, we review various such security issues pertaining to service oriented architecture. These and similar techniques, have been employed by Anonymous and other hacktivists, resulting in denial of service attacks on financial applications. While discussing the national security perils of hacktivism, there is an excessive focus on network layer security, and the application layer perspective is not always part of the discussion. In this research, we provide background information and rationale for securing application layer vulnerabilities to facilitate true defense in depth approach for cyber security.

Date of Conference: 12-14 Nov. 2013

@INPROCEEDINGS{6698966,
booktitle={Technologies for Homeland Security (HST), 2013 IEEE International Conference on},
title={Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services},
year={2013},
pages={1-6},
keywords={Availability;Data security;Information security;Information systems;SOA;Service oriented architecture;Web services;cyber security;secure design;secure software development;security assessment;security awareness},
doi={10.1109/THS.2013.6698966},}

Pretty cool eh!

## The Mother of All Demos, presented by Douglas Engelbart (1968)

Speaking of intelligence and foresight....

The Mother of All Demos is a name given retrospectively to Douglas Engelbart's December 9, 1968, demonstration of experimental computer technologies that are now commonplace. The live demonstration featured the introduction of the computer mouse, video conferencing, teleconferencing, hypertext, word processing, hypermedia, object addressing and dynamic file linking, bootstrapping, and a collaborative real-time editor.

Go to Top