Category Archives: Thoughts

Effective Learning image

Thoughts on Effective Learning

ThoughtsPankaj Chanana
Learning – Reality!

Whether it is today or in the past, learning is inevitable. If you want to grow in whatever work/business you are in, learning has to be your primary focus all the time. Whoever you are as a professional – Physician, Lawyer, CA, Architect, Engineer, IT professional….. people who excel in their field of work are the ones who constantly indulge in effective learning. They make themselves disciplined, focused, and build their learning habits over time.

……………………………………………………………………………………………………

But what if one doesn’t have the urge to adapt to the changing needs and keep up the pace! Needless to say, more likely than not, they will have to deal with some harsh realities. But what is that reality in effective learning? It is this:

Development or Survival or Life for that matter will become more difficult for those:

Who stop growing and learning:

If you look around you will definitely see people who never make an effort to grow, at times they even think that they will grow automatically as time passes by. Such are the people for whom life is more difficult than it would have been if they were learning effectively and continuously. Imagine what would have happened if noble laureates had stopped learning and growing! And if famous scientists we know had done the same as well. I am sure you will agree this world would have been a very different place than what we are witnessing today. It just doesn’t matter how successful you are at the moment. If you stop effective learning, trust me, you are surely going down the road to failure.

Who don’t think effectively?

Have you ever wondered why one person succeeds more than the other, even if they had the same upbringing/schooling/academics/opportunities etc. The simple answer could be in the way a successful person thinks. It is really important how do we think – whether it is effective thinking or just some involuntary action. In learning, it is very important to think effectively. Your thoughts will determine whether you will be a successful person or just another guy. There is an age-old story, where 3 people were working at the construction site. When the supervisor came in and asked the first person about what he was doing, he said: “I am mixing material that is to be used by the other person”. The second guy responded saying “I am laying the bricks to create a wall”. The last person said, “ I am building a Mansion”. So although all 3 were doing something related to that construction, only one had a different perception. I am sure you must have read this story earlier as well. Your effective thoughts/vision holds true when it comes to succeeding or not succeeding. Learning also requires effective thinking. You should never think that only when a certain requirement or tech-stack is needed, that I will learn. That will never happen, my friend.

Remember this: it is always good to showcase what you know instead of “only saying” what you know 🙂

Who don’t face reality?

Facing and accepting reality is another crucial aspect of effective learning. People sound miserable when they keep saying that Someday I will do this or someday I will do that….and that day never arrives.

Author Alex Haley had remarked and I quote him here “Either you deal with what is reality, or you can be sure that reality is going to deal with you.”

In my opinion what a perfect quote. If you want to climb a mountain then it will never happen overnight or it will never happen without the proper training and conditioning that is needed to climb. But one has to be proactive in seeking them, and not postpone matters to a later time.

Isn’t it the same with learning? Learning MEAN or MERN or PWA or for that matter AI or Data Science or Blockchain all requires those steps and actions, otherwise it will always be a mountain that someday you will.

Who are slow to make proper adjustments?

This always reminds me of the stock market. How many times have we seen that people who don’t put stop-losses and make proper adjustments in their portfolio lose more consistently. Making proper adjustments with time always proves to be more effective. If you have accepted the reality and have begun taking the required action then the intent has to be to stay on the track and not let anything distract you. There might be situations that demand your attention. But those should only lead you to recalibrate your action plan. Your commitment to your goal should persist.

A perfect example would be – You are idle and you start learning how to climb a mountain in the form of Machine Learning (it could be anything though), but as you get more work, instead of adjusting to the same you get distracted and start telling yourself that when I get the time, I will resume… which may or may not happen. Overall a vicious loop to get into.

It doesn’t mean you focus on your learning only, client/works is always a priority, but adjusting your time to learn is equally important.

Who don’t respond correctly to challenges?

Challenges or adversities always provide an opportunity for growth. All great ideas emerge out of adverse situations or problems. People who ignore the problem don’t solve it, whereas those who face the problems by taking them head-on are the ones who more often than not come out of it successfully. How true with the context of learning. Isn’t it right that when you face a challenging /complex task you end up learning more from it than otherwise! What if you had never faced any complex or challenging situations ever? I am sure you would have been a rotten lemon, else you would have made lemonade out of the same already 🙂

……………………………………………………………………………………………………

So, go out and learn more, think effectively, face reality, make the right adjustments, and face the challenges. You will see a different person sooner than later. Don’t be a victim of your own mindset.

Quote: Victim mindset causes people to focus on what they cannot do instead of what they can do, it is a recipe for continued failure.

Happy Effective Learning.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions.  For over 20+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
The Impact of AR on Retail

The Impact of Augmented Reality on Retail

Software Outsourcing, Thoughts,

Augmented Reality (AR) is a technology that allows overlaying digital content like images, videos and 3D objects onto the real world, thereby give the illusion of being a part of it. One of the most famous examples of AR is Pokémon Go, which overlays a virtual Pokémon (a 3D cartoon character) onto the real world. AR also offers tremendous possibilities outside of the Gaming Industry, especially in Retail.

The adage “Customer Is God” is a golden rule. It isn’t surprising, therefore, that any business that solves its customer’s problems effectively, gets rewarded with the customer’s loyalty, money, and trust. AR is fast becoming an invaluable tool in the hands of Retail businesses that aim to constantly impress their customer base and stay ahead of the competition.

……………………………………………………………………………………………………

Let’s look at some of the issues that concern the customers of this industry.

Customer Problems

With Online Retail:

  • High Time Consumption – Let’s say you order cloth from an e-commerce website. Typically it will take a few days for the product to reach you. You then gauge it on all the parameters that matter – size, color, texture, etc. If the product does not meet your expectations, you are likely to exchange the item, triggering the cycle to repeat.
  • Return Costs – If the business doesn’t bear the shipment cost of returns, customers are likely to pay for it.
  • Problems with large items – It requires a very vivid imagination to see how a new couch would look in a room. Will it look good with the rest of the furniture? Or will it even fit in the first place?

With Offline Retail:

  • Too much work – It takes a lot of time and energy going around dozens of stores and looking for the right items and then trying various permutations and combinations to check if they look well together.

With both Online and Offline Retail:

  • Un-try-able Products – Some products can’t be tried on. For example, It’s hard to imagine how a particular hair color would look on you, or if that dragon tattoo would be too much for you to carry.
  • Un-personalized Shopping Experience – Currently the preferences of a customer are unknown to the business. Consequently, the suggestions given to the customers are un-personalized and work on a hit-and-trial basis.
  • Hygiene Issues – Whether you have germophobia or otherwise, there is always a risk of contracting a disease owing to the dress being tried on earlier by an infected person.
  • It ain’t fun – Going from store to store, from one website and mobile app to another and trying on or imagining how every product would look like on you is an exhausting experience and is not fun for most. And in online retail, even after so much effort, one can never know if the product will turn out to be expected.

……………………………………………………………………………………………………

Let’s look at some of the issues that concern the businesses of this industry.

Business Problems

With Online Retail:

  • Shipment Costs – The trade-off between bearing the shipment costs of product-returns vis-a-vis making the customers pay for it is a tough choice for any business.

Doing Offline Retail:

  • Compensation for salespeople – Since the whole process is very manual, from the salesperson showing the items to the customer to making the sale, a constant involvement is needed.

Problems common to Online and Offline Retail:

  • Conversion Rates – Due to a lack of personalized suggestions and ads, and a tiring shopping experience, conversion rates of businesses are lower than they can be.
  • Brand Awareness – Extensive marketing is needed for businesses to create awareness of their brands, and it is invariably a very expensive matter.
  • Customer Acquisition – Customer Acquisition costs eat up a big portion of a business’s profits. These are mainly un-targeted advertisements having low conversion rates.

……………………………………………………………………………………………………

How AR helps solve these problems

Try And Buy Functionality:  AR can overlay any item onto the real world to make it seem like it is a part of it. Powerful Machine Learning (ML) algorithms can detect the face and body of a person in an image or even in real-time. An application using a combination of AR and ML can allow its users to try on a virtual version of any item they would like to buy, from the comfort of their houses. Another possible feature is the placement of virtual 3D models of furniture inside a user’s house. Such features will reduce the number of returns the buyer makes which helps save time and reduce the return.

Saves User’s Time and Energy:  as now they have the whole inventory of products available to them and they can try anything on with a click rather than manually trying every item on.

Eliminate Hygiene-related Problems: Trying items in this new way is much efficient and can be made as aesthetically appealing as needed, making the whole process a joyous experience for the user.

Increase Brand Awareness: Users can click a picture of them trying on an item and can share it on social media. This will lead to free marketing and increased brand awareness.

Automated Processes: For offline retail, the need for a salesperson is heavily reduced. A user will enter a fitting room with a screen instead of a mirror and a camera attached to the screen. Users can touch and select their choice of clothing from the screen and can try a virtual version of it instantly. If they like the item they can ask to try the real item on. Hence the need for a salesperson is reduced considerably.

Attracting Customers and Increasing Conversion Rates: A screen mounted with a camera-enabled with AR can show how someone standing in front of the mirror would look like wearing a certain item. Such a setup outside a retail store will attract flocks of customers who after seeing them trying on a virtual item would want to buy it if it looked good.

……………………………………………………………………………………………………

Things To Know Before Introducing AR Into A Business

Accuracy: An AR experience that isn’t accurate will not be useful for the customers or the business. For example, a user won’t like if the sunglasses they’re trying on, fits on their forehead instead of eyes, or if the virtual couch they are trying to place doesn’t rest on the ground properly.

Speed: An AR experience must be fast and lag-free. Long loading time and high latency always drive the user away.

……………………………………………………………………………………………………

If you have any queries in this field, talk to Mindfire Solutions. For over 20+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
DevOps

The Impact of DevOps Adoption on Teams

Thoughts, ,

Companies operating in the field of software development have ushered into an era of stiff challenges and expectations, unprecedented till now. Possessing the qualities of agility, accuracy and speed simultaneously are becoming imperative for survival rather than a means of maintaining a competitive edge. Under the circumstances, a DevOps culture provides a flexible, efficient approach of standing up to the demands. It does so by following a model that delivers results leveraging the dependencies that exist between the software development and operations aspects of software delivery. It balances responsibilities more evenly than in a traditional waterfall model, where developers simply turn completed code over to those in charge of operations. DevOps also establishes procedures to ensure that all team members have insights into application performance, which provides benefits such as greater collaboration and engagement between team members.

……………………………………………………………………………………………………

Improved Collaboration

Traditional software development happens in phases. There are teams mapped to each phase and each team is entrusted with the responsibility of playing its part in the successful completion of the phase it is involved in or responsible for.  The result of this approach is that the ownership of a team gets too confined only to the successful execution of the part it deals with. Thus, each team tends to be most concerned with achieving its own objectives instead of meeting the organization’s ultimate business goals. As long as projects get executed successfully, the fissures that exist beneath do not come to the forefront. It is only in the moments of crisis that the lack of synergy becomes apparent and sometimes takes gigantic proportions resulting in the partial or complete derailment of projects.

DevOps neutralizes this possibility completely. The approach requires all team members to be equally dedicated in meeting the broad goals while also focussing on their individual ones. This leads to improving collaboration between people across the development and operations teams. This model eliminates the possibility of working in silos. Members across teams remain fully committed to the software throughout its development life cycle to ensure that their project’s overall goals are met. Accountability for successful delivery lies with all. This compels employees to get more involved in working together.

More Engagement

One of the primary goals of DevOps is to shorten the development life cycle while still delivering software that meets business objectives. The shorter development cycle essentially means a higher frequency of code releases followed by exposing these releases to scrutiny for the detection of bugs within the code, infrastructure and configuration. The pace at which things get done is brisk. There are no slack periods for teams anymore waiting for their phases to begin. All this brings about a high degree of engagement for all the members involved in a project. And it can be intense at times. The results are equally impressive. Industry reports have indicated that the failure rate of organizations with a DevOps culture is 60 times lower than those that don’t.

Higher Efficiency

DevOps uses a workflow that emphasizes on continuous delivery (CD) and continuous integration (CI). The efficiency that gets infused results in software getting delivered faster and with a higher frequency. Automated testing and integration tools are also key elements in DevOps practices. It makes the IT staff more efficient by eliminating the need for them to perform repetitive tasks. Developers no longer need to wait for code integration processes to complete, which can otherwise get quite time-consuming.

DevOps platforms offer opportunities for improving efficiency and increasing the predictability of cloud-based solutions like Azure and Amazon Web Services (AWS). These platforms use a scalable infrastructure to reduce testing and deployment times by increasing available hardware resources during this period. They also provide DevOps as a service, such as Azure DevOps. AWS also provides a set of services specifically intended to help organizations implement DevOps practices.

Exposure & Learning

Employees are generally happier and more productive under the DevOps model, largely because it focuses more on performance than anything else. There are fewer administrative obstacles and greater sharing of risk, which allows individuals to blossom. Members in both development and operations teams prefer DevOps because they get exposed to multiple roles, resulting in their getting a better understanding of project execution and the business as a whole. This experience is more rounded, fulfilling and increases job satisfaction considerably.

Better Results

The improved collaboration between teams and the ensuing efficiency has a direct impact on reducing the time needed to build software. Collaboration encourages a proactive approach amongst team members in putting their act together. All this eventually reduces the time needed to bring a product to market. This benefit is particularly important in competitive markets where the ability to deliver software on time has a direct impact on the revenue and market share. With the DevOps approach not only is the speed looked after but also the quality of the outcome. It also increases customer satisfaction when they receive a comprehensive product sooner than expected, with all the promised benefits delivered quality-wise. To achieve this end goal can be a highly fulfilling experience for all the members involved in giving shape to the software.

……………………………………………………………………………………………………

A DevOps culture improves the collaboration between groups with historically distinct roles, especially people in software development and operations. This practice provides many other benefits that generally result in the faster delivery of software. DevOps practices also improve the engagement of team members by making them responsible for projects throughout their entire life cycle, rather than a specific phase of the project. The increasing availability of tools is making it easier for organizations to implement DevOps practices, allowing team members to automate many of the tasks needed to develop, test and maintain code.

……………………………………………………………………………………………………

If you have any queries in this field, talk to Mindfire Solutions. For over 20+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
NLP Image

Impact of NLP on Healthcare Industry

Healthcare IT, Thoughts, ,

Natural language processing (NLP), along with machine learning, deep learning, computer vision, and image recognition, are all branches of artificial intelligence (AI). The goal of NLP software is to build computer systems that will accept input in the form of spoken or written language and will provide spoken or written output i.e. communicate as if the computer system were a human.

Thanks to devices and applications like Alexa, Siri, Google Assistant and Cortana, much of the world’s population has at least a passing familiarity with NLP. It is being used today to perform a wide range of tasks across many industries. Until recently though, healthcare organizations have lagged behind others in capturing the benefits NLP delivers. However, it’s beginning to catch up.

Here are several use cases for NLP in healthcare that are already enhancing the field. Each of these will contribute to the larger digital transformation of healthcare as technology continues to advance.

……………………………………………………………………………………………………

Medical Coding and Billing

NLP streamlines the way medical coders extract diagnostic, procedural and other clinical information. Rather than a coder reading documents and converting them to alphanumeric codes, NLP reads them and submits the codes to the coder for verification. This allows the human coder to work on documents that NLP cannot process accurately, and reduces the overall expense of coding medical information. In the end, more accurate and thorough coding results in more accurate and timely billing.

Virtual Nursing Assistants

The rise of virtual nursing assistants capable of communicating with patients using NLP is underway. Regular communication between patients and the nursing bot extends care beyond the walls of the clinic room without burdening existing resources. Adherence to the patient’s care plan can be monitored, and triggers can notify providers of issues that need human attention. Patients can receive round-the-clock access to support and answers, including help with medication. Researchers in this field estimate virtual nursing assistants will reduce U.S. healthcare costs $20 billion by 2026.

Robot-Assisted Surgery

Some surgical robots use AI to apply information obtained from prior surgeries to the current case, leading to progressively better outcomes. Beyond the many well-known advantages, robotic surgery delivers, adding an NLP component allows surgeons to query the system and to direct its actions verbally.

Reducing “EHR Burnout”

Recent studies have indicated that healthcare providers spend nearly half of each day updating electronic health records and doing other administrative work, which is a matter of concern. It leaves them with very less time to perform their core functions of examining and discussing clinical, diagnostic and treatment information with patients in a face-to-face environment.

Entering and managing patient information is a major contributor to physician burnout. More than half of physicians surveyed in a Physician’s Foundation 2018 study, reported entering data into the EHR reduces their efficiency and detracts them from their interaction with patients. Systems that use NLP allow physicians to enter notes into the EHR by speaking to it. This saves time versus having to type. Besides, it also allows patients to amend or correct what the doctor is entering into the EHR.

Other Important Use Cases

While improving the clinical value of EHRs and reducing physician burnout is one of the most pressing challenges among healthcare organizations, NLP is contributing to the digital transformation of healthcare in several other ways. For example, NLP is helpful in

While improving the clinical value of EHRs and reducing physician burnout is one of the most pressing challenges among healthcare organizations, NLP is contributing to the digital transformation of healthcare in several other ways. For example, NLP is helpful in

  • Comforting patients who become confused and anxious because they do not understand the data being presented to them through a portal website. For instance, NLP can explain the meaning of abbreviations and medical terminology. Rather than leaving the patient to worry or call the physician to explain the report, NLP can educate and possibly also calm the patient.
  • Offering summarized updates of key ideas, concepts, and conclusions contained in large volumes of clinical notes, journal articles and other narrative texts gives practitioners quick access to volumes of information that would otherwise require a lot of time to read through.
  • Easy extraction of data from free-form text and insertion into fixed-field data files, such as the structured fields in an EHR.
  • Handling a physician’s free-form spoken or text query, which is especially useful for queries that require gathering and organizing data from multiple sources.
  • NLP and other AI components can also accelerate the movement away from fee-for-service models and toward value-based healthcare by organizing unstructured health data derived from EHRs and other sources. Much of that “hidden” big data can shed light on health outcomes for entire populations of patients, which has been impractical until recently.

 

……………………………………………………………………………………………………

If you have any queries in this field, talk to Mindfire Solutions. For over 20+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Web Accessibility

Overlooking Web Accessibility

Full Stack Developers, Software Engineering, Thoughts, Web Application Development,

The Internet is an ever-increasing storehouse of knowledge. The web and the internet as a whole serve as an important resource in many aspects of our lives: education, employment, recreation, commerce and more. Web Accessibility simply means that the web is to be made accessible to everyone. And that includes people with special abilities too – an aspect generally overlooked in haste. 

The concept of Web Accessibility has been around for a decade, but it is unfortunate that true meaning in its entirety has been lost on many of us, the web developers. It’s time that we built ramps to our sites so that it benefits not only people with disabilities but also enhances the experience of all types of users as a whole.

……………………………………………………………………………………………………


Let’s see some examples:  When you are watching a video in a noisy environment and cannot perceive the audio correctly. Without being able to hear the audio, you have to guess what the whole video is about. It can be frustrating, right?


Let’s take another one:  If you have broken your arm in an accident and can’t use the mouse to explore the web. You have to remain cut off from the internet until you recover. Or find ways to manage to access it with difficulty, mostly through pain, or be at the mercy of people who would spare some time to assist you.

There are people out there who face these challenges at every instance of their attempts to access the Web. The true essence of Web Accessibility lies in addressing such concerns and ensuring that the Web is accessible by all, without any discretion. 

The World Wide Web Consortium(W3C) published a set of guidelines, Web Content Accessibility Guidelines or WCAG 1.0 in 1999, as an initiative to the Web Accessibility Initiative(WAI) project. The revised version, WCAG 2.0 was published in 2008, which is more technology-neutral, and therefore, is widely accepted by the developers to make their site more accessible.

It may seem like a huge task to accomplish at first, but in reality, it takes only small steps to make your website accessible to all. Steps that should be undertaken are 

  • Using alternative texts, and descriptions for the images.
  • Adding subtitles and transcripts for videos.
  • Ensuring that your site is fully and equally accessible by the keyboard.
    Making use of the Accessible Rich Internet Tags (ARIA) tags.
  • Having a good color contrast.

These are some tools which can help to make your website more accessible:

So, let’s look at the bigger picture and start taking the necessary steps towards building a platform that is more accessible and more usable, and fulfill our responsibilities as web developers. It’s high time we focused on the masses who might be unable to access the internet just like normal people can. The onus lies with us to take individual responsibility of the same and spread the awareness to others. The realization that mere oversight or negligence on our part can be the source of much trouble for others should guard us against it. 

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Image for Habit

What is a HABIT?

Thoughts

The easy definition would be something that you do daily without being forced or pushed. For e.g. as simple as brushing your teeth. But do you remember how tough it was when you were a small kid and learning to develop this habit, am sure that is not even a matter of thinking today.

Another good and simple example of a HABIT is cycling. Remember when you started cycling/biking the first day! That feeling of imbalance, falling off or getting hit with no hand-eye coordination and then slowly and steadily you become the cyclist in your neighborhood doing all kinds of stunts.

There are many such examples that happen in our daily lives where the beginning looked as difficult as climbing the Everest may be, but as you start taking those steps forward, it becomes simpler and later a maybe even a “cake-walk” to perform those.

……………………………………………………………………………………………………

Why I am talking about HABIT? Because as we grow older and get into our daily chores, we forget to adapt to new habits or develop new changes or even attempt to do something new, simply because we feel that we do not have the time, there’s always too much work in the plate, professional or personal. Whenever you think of doing something new, you always push it to a later date convincing ourselves that we will do it when we have the time for it.

My friend where is that time?…the fact of the matter is NOW is the time.

Remember, everyone has 24hrs in a day and utilizing the same, some became people like the Tendulkars, the Steve Jobs and the Bill Gates to name a few, and many are still searching for that time to begin.

Here I present the new definition of H.A.B.I.T – “[H]aving [A]bility [B]uild [I]ntense [T]ricks” – obviously this is not mine, taken up from the internet, but it very well fits our bill here.

What does it take to build a habit? Answer is “decision” and then taking “action” in the form of small steps daily at the same time every day for the next 21 days (an idea introduced by Dr. Maxwell Maltz ), but I will suggest, if you can do that for 1-Day and then repeat the same for the next 30 days, trust me you will be rolling. But the trick is it has to be continuous, if you break for 1-Day then the cycle has to begin again from Day 1 🙂 that is why its Intense Tricks ;).

So, go out and pick up that Guitar which is hanging in your bedroom and staring at you or start reading that new Tech Area or Buzz Word on which you always wanted to get your hands on and just do it for 1-Day and then repeat the same cycle for next 30-Days.

The exception is, there are still no guarantees of success. It all depends from person to person and on his or her burning desire to make something work. But it is much better than not having tried at all, isn’t it? Roger Bannister was the first man to run a mile in less than 4 minutes. It was his persistence and practice that enabled him to cross what had otherwise seemed like a barrier meant to stay forever until then.

Do put your comments, if you really got into a habit 🙂

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

How Bitcoin Solves the Double-Spending Problem?

Fintech, Thoughts, , ,

Many of us probably already have heard of Bitcoin. We know what innovation it has brought into this world – the blockchain technology. As of this writing, it has been almost a decade since its inception and it has long thrived without any central control over the network.

Bitcoin, a peer-to-peer electronic cash system, has inspired many other projects and can be seen as a pioneer of the underpinning blockchain technology. That said, it would be worth exploring how Bitcoin solves the double-spending problem. Instead of delving into theoretical exposition we will experience a transaction process in this pioneering innovation. We will be making a transaction on a real network and analyzing what a Bitcoin transaction looks like. A transaction in the Bitcoin network is a bit complex than a conventional digital transaction.

……………………………………………………………………………………………………

Comparison with Fiat Currency Transaction

In a transaction that involves currency notes, we can easily envisage two parties exchanging some goods or services in exchange for the money. One party receives the goods/services and the party pays in currency notes. Let us say the transaction was costing $50 and the payer has $100 currency note. The payer would pay $100 and would receive in change $50 (as shown below). Both the currency notes are legal tender that is supplied by a central bank. A Bitcoin transaction also involves paying and may too involve receiving back change and in this respect is quite similar to our day-to-day transaction.


Comparison with Conventional Digital Transaction

A conventional digital transaction, say the online transfer of money, involves two parties and a mediator (the bank). So, there is a “From address” (A/C No.), a “To address” (A/C No.) and the amount (value transfer). There is no concept of change in a conventional digital transaction. If you want to transfer $1050 then you can transfer the exact amount and this is a mere process of debiting from sender’s account and crediting to the receiver’s account with the help of the mediator who validates the transaction. However, a Bitcoin transaction may involve multiple From addresses and multiple To addresses without any mediator. We will explore how this is possible.

As it is with any traditional transaction, ours will have the following attributes: a “From entity”, a “To entity” and the value to transfer. Let us send an amount of 0.1 BTC to a Bitcoin user as follows:

From: n2FSwa6DsMsbJgNknB64ThR3pHPUQ79bxL
To: msqdPeF7KeEqcWUNAFMm8JQijVB3cnLi4N

Amount: 0.1 BTC

The transaction has been done and the transaction details can be seen here

Bitcoin Transaction

Now, what looks legitimate is the From address (left) and the one of the To addresses with 0.1 BTC sent. However, two things look contradictory. Firstly, we sent 0.1 BTC but it says 1.0 BTC being transferred. Secondly, there is one more To address to which some amount has been sent.

Is something wrong with this transaction? Not really! You can check the above transaction in block explorer and verify yourself that it is indeed the same transaction. But this is the way Bitcoin works. Let us explore.

What is a Bitcoin Transaction made up of?

A transaction in Bitcoin consists of inputs and outputs. The input is like a “From address” which is in Bitcoin terms an unspent transaction output. When you want to make a transaction you will always spend an unspent transaction output as a whole. That said, you end up paying the entire amount. However, you receive the remaining amount in a different address called change address. This change address is your own address where you collect the change, which in turn is an unspent transaction output. This is quite common in Bitcoin transactions. For instance, someone sent you 1.0 BTC. Now you want to send 0.5 BTC to your friend. You cannot break the 1.0 BTC but you will spend the entire 1.0 BTC in a transaction and get the change in your change address.

Transaction Fee

Back to our transaction. Now, let us verify that the amount in input and outputs are balanced. So, 1 BTC – (0.1 BTC + 0.89432145 BTC) should be 0. But it turns out to be 0.00567855. So, where did this amount go?

Well, this is the transaction fee that is paid to the miner who helped you in validating the transaction, adding it into a block, mining the block, and broadcasting to the network. The miner is given this amount as a mining fee for the work he has done.

The mining fee is charged in satoshi per byte. Our transaction has a size of 225 bytes and we were charged 2523.8 satoshi per byte. So, 2523.8 x 225 = 0.00567855 BTC.

The Concept of UTXO

Note that the two outputs here are mentioned as “unspent”. This is how bitcoin keeps track of balances. The sum of all unspent transaction outputs is what constitutes your balance. Bitcoin network does not have any database or global state of balance amount rather it uses the concept of UTXO.

So, how is a UTXO represented in the bitcoin protocol? Perhaps in the bitcoin protocol, there is no concept of “From address”. Yes, there is no concept of From address in Bitcoin. The Bitcoin addresses are used to receive payments. A transaction in Bitcoin never encodes a From address but only has a reference to a previous unspent transaction output. That said, the input of a Bitcoin address is actually a previous unspent output. Bitcoin refers to a previous unspent transaction output using a combination of transaction ID (or transaction hash) and an index. Once an unspent transaction is spent you cannot spend it again and thus prevent the double spending.

A Transaction with Multiple Inputs

So, how will a Bitcoin user transact an amount for which he has no unspent transaction output equal to or above that value? Say, a user wants to transfer 5 bitcoins but none of his unspent transaction output has that much amount although the user has multiple unspent transactions that add up to a value greater than 5.  Bitcoin allows you to combine unspent transaction outputs. A transaction with multiple inputs would sound new to a person doing a conventional digital transaction. This is because a conventional digital transaction always has only one sender (or From address). Let us analyze a bitcoin transaction with multiple inputs. In this case, the Bitcoin user wants to send 1.02 bitcoins but he has no unspent transaction outputs of that value. So, the user combines two inputs and then transacts (see below).

Bitcoin Transaction

The above transaction (ac194c19201a20cdd26bbb8d696588370c06261148fd20a96b3330b0bcb03207 ) has two inputs and two outputs and it is absolutely a valid transaction in Bitcoin. The total amount of BTC of these two inputs, which is 1.04997424 BTC, is sufficient to send a transaction of 1.02 BTC. And the remaining value has been collected in a change address with 0.02997013 BTC.

……………………………………………………………………………………………………

How are transactions validated in Bitcoin?

Let us take an example of a transaction that involves one input and one output (as below). Here,  the input is a reference to a previous unspent transaction at index 0. The previous transaction is referred by a transaction hash: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
The output sends 50 bitcoins to a bitcoin address. When the recipient wants to spend this 50 bitcoin he will reference output 0 of this transaction as an input of his own transaction.

Input:

Previous tx: f5d8ee39a430901c91a5917b9f2dc19d6d1a0e9cea205b009ca73dd04470b9a6
Index: 0
scriptSig: 304502206e21798a42fae0e854281abd38bacd1aeed3ee3738d9e1446618c4571d10

90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501

Output:

Value: 5000000000

scriptPubKey: OP_DUP OP_HASH160 404371705fa9bd789a2fcd52d2c580b65d35549d

OP_EQUALVERIFY OP_CHECKSIG

Bitcoin uses a scripting system to verify a transaction. There are two script components that can be seen in the above transaction: scriptPubKey and scriptSig. So, the scriptSig refers to the sender’s signature and the public key. The scriptPubKey is the script that will be evaluated using bitcoin protocol and if the execution of the script returns true then the transaction is valid.

scriptSig: <sig> <pubKey>
scriptPubKey: OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG

Let us see how this script is executed on the stack:

Step 1: Combine scriptSig and scriptPubKey in that order
Step 2: Push <sig> and <pubKey> to stack
Step 3: Execute the operation OP_DUP which will duplicate top item, which is <pubKey>
Step 4: Execute the operation OP_HASH160 which will create hash of the <pubKey> and this hash will be pushed to the stack.
Step 5: Execute the operation OP_EQUALVERIFY to ensure the hash generated matches with the <pubKeyHash>
Step 6: Execute the operation OP_CHECKSIG for the two hashes on the stack.

In summary, a Bitcoin transaction involves one or more inputs and one or more outputs, has no concept of From addresses in its protocol, uses a concept of unspent transaction output, and verifies the transaction using a scripting architecture.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
WordPress Malware Infection

What is WordPress Malware Infection? How do you deal with it?

Security, Thoughts, , , ,

WordPress is the most popular content management system on the web. Besides the popularity, it has many advantages. But unfortunately, it comes with certain downsides as well. if you go by statistics, more than 70% of WordPress installations are vulnerable to hacker attacks.

In WordPress websites, we generally install third-party plugins/themes for integrating additional features. But most of the time, we are not aware of the inherent security vulnerabilities of these plugins/themes which act as critical loopholes that are targeted by hackers/malware botnets, etc. Some plugins provide regular updates for patching those issues. But if we fail to do them, it leads to the exploitation of the vulnerabilities and severe malware infection.

……………………………………………………………………………………………………
Why secure WordPress websites before enabling SEO?

We know that bots crawl websites. But nowadays, bots make more visits to websites than human traffic. Malware Bots attack by trying a set of tentative URLs on websites. If a website has a vulnerability, and it gets figured out by the malware through this approach,  the website becomes a candidate for exploitation. So, before enabling SEO on a website, we need to make sure that the website is secure; otherwise, you are at the mercy of bad bots which will take advantage of it. In some cases, malware can damage a site’s relationship with leading search engines by injecting malicious contents.

Effects of Malware Infection:
  • WP-admin will not be accessible due to unwanted 302 redirects to third-party malicious websites.
  • .htaccess file content will be changed even though it has proper file permission.
  • Files with extension .php.suspected will be created along with many duplicates of stylewpp.php.
  • Random posts will be created in WP DB.
  • Unknown admin users may have been created.
Steps to prevent Malware Infection :
  1. Take a regular backup of codebase and database.
  2. Restore content of .htaccess file and set proper file permission.
  3. Check crontab for any suspicious entries.
  4. Kill suspicious processes on the server.
  5. Check the access log and find suspicious HTTP calls.
  6. Block suspicious IPs which are making malicious attacks.
  7. Most core WordPress files should never be modified. You need to check for file integrity issues in the wp-admin, wp-includes, and root folders. Remove unknown files & folder with cascade delete [Suspected from access log]
  8. Analyze malicious PHP code which is injected into WP folders. It would be great if you can analyze malicious PHP script and decode their intention which will help you to remove infection easily.
  9. Prevent random article creation. We found “content-main.php” file to be executed by malware botnet from access log. It was injected in path “/wp-content/content-main.php”.
  10. Remove suspicious admin users
  11. Update WordPress to the latest version
  12. Change all credentials of cpanel , FTP and DB.
  13. Stop the brute force attack. Even if you will remove all files, folders, kill all malware processes & change passwords, malware will never sit idle. Because it has already entered your site domain name, IP & malware file locations in its database. So it will try to make continuous HTTP calls to malicious PHP script locations which will return 404 error which is fine. You also cannot block all IPs of malware botnet because it keeps on changing IPs.
    It tries the bruteforce login page with breached admin user names against a global database of pawned passwords.
  14. Block xmlrpc
  15. Prevent bad bots
    Modify the robots.txt file to prevent crawling core directories along with themes/plugin directories. Also, identify bad bots and prevent them from crawling website pages.
  16. Use SFTP instead of FTP
  17. Change default wp-login, wp-admin, wp-content urls. Below are some of the WP plugins which you can use for changing url of wp-login, wp-admin, wp-content, plugin urls.
    WPS Hide Login
    Protect Admin
  18. Install any of blow WP security plugins.
    Securi
    Quttera Web Malware Scanner
    Wordfence
  19. Add proper file & folder permissions.
  20. Check for known vulnerabilities in existing installed plugins.
    https://wpvulndb.com/
……………………………………………………………………………………………………
Conclusion

Nowadays, malwares are getting injected by botnets instead of humans. They crawl for vulnerable urls and exploit them one by one.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author. Lakin enjoys sharing his thoughts on computing and technology in his personal blog.
To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
ISO 8583

Why does ISO-8583 Score Over Other Standards

Thoughts, ,

Of course, it is one of the many financial transaction standards describing how to pack certain data fields such that it could reliably be unpacked as well. However, the distinguishing factors that the standard possesses are :

  • It uses web sockets for communication which is very efficient.
  • This standard helps the electronic system which reads the card number, the transaction amount and other relevant data fields to pack it all up so that it could be transmitted electronically to a transaction processing system where it could then be unpacked back into individual data components and then processed.
……………………………………………………………………………………………………

Where do the Others Lack?

There exist numerous methods for packing and unpacking data. It could be as simple as comma separated fields. Eg: I could choose to send the transaction information as simple comma separated values as:

“1234123412341234,1000, INR,987” (Card Number, Amount, Currency, Merchant ID).

The issue with such a simplistic model of data packing is that it lacks meta information i.e. the message itself does not contain any information on what exactly is being packed in it. Not that it could not have been overcome even with a comma-separated version- just that it could get cumbersome

……………………………………………………………………………………………………

Principles that drive this Standard

The ISO 8583 message is based on the principles that:

– In a transaction message, you only get to pick the number of fields from a predefined set of fields. So, if you need a field called ‘My girlfriend’s phone number’, sorry, ain’t possible.

– The meta information of which fields are present in the message is also a part of the message payload in a data structure called the ‘bitmap’.

Structure

– Most implementations contain a few bytes dedicated to a fixed header (eg: ^A^TISO016000010) after which the actual ISO 8583 message starts.

– In one of our projects, the header we used was of 14 bytes

MTI – The Message Type Indicator.

The first 4 bytes describe the message type.

Eg: 02 00, which tells that the message is actually a financial transaction request. (The response to this request would also be in ISO 8583 and would carry an MTI: 02 10). Various MTIs exist and can be found on the web.

Bitmap

It is almost a visual representation of which fields are actually present in this message and which fields are not.

Eg: F2 38 80 01 08 E0 80 0F

11110010 00111000 10000000 00000001 00001000 11100000 10000000 00001111
(all the bit positions that are 1 implies the corresponding fields are present)

Hex Binary (Positions that have 1)
F2= 11110010 -> (1,2,3,4,7)
38= 00111000 -> (11,12,13)
80= 10000000 -> (17)
01= 00000001 -> (32)
08= 00001000 -> (37)
E0= 11100000 -> (41,42,43)
80= 10000000 -> (49)
0F= 00001111 -> (61,62,63,64)

We’ve just read the map! Therefore the fields that will be present in this message are field numbers: (1,2,3,4,7,11,12,13,17,32,37,41,42,43,49,61,62,63,64)

Note the first bit. Field 1 is a special field which indicates the presence of an extended bitmap. Since this sample message contains 1 on the 1st position, it means that this message contains another bitmap with another 64 bits.

Extended bitmap, Binary 64 bits

80 00 00 00 00 00 00 00
(=hex .extended bitmap field)
(80)10000000 -> (position 64+1=65)
This extended bitmap shows that field number 65 is also present in this message.

Data Elements

Immediately after the bitmap, the data elements start serially. From the bitmap, we know that fields 2,3,4,7 are present one after the other. All that we need to do is to read them one by one. Each field number has a predefined type in the ISO 8583 definition and has a predefined length. Some fields have a variable length in which case the first N bytes provide the length of the field.

Example:

Data Element 2. Length 16. Value : 0000011319353459 = Primary account number
Data Element 3. Length 6. Value : 011000 =Processing code. 011000 = cash withdrawal
Data Element 4. Length 12. Value : 000000020000 =Amount 200.00
Data Element 7. Length 10. Value : 0804030013 =DateTime DDMMhhmmss
Data Element 11. Length 6. Value : 051028 =Systems Trace number
Data Element 12. Length 6. Value : 083013 =Time, hhmmss
Data Element 13. Length 4. Value : 0804 =Date, MMDD
Data Element 17. Length 4. Value : 0804 =CaptureDate, MMDD
Data Element 32. Length 6. Value : 123456 =Acquiring institution ID code 123456
Data Element 37. Length 12. Value : 192165102801 =Retrieval Ref. No.

……………………………………………………………………………………………………

Isn’t ISO 20022 the new standard?

ISO 8583 will be a difficult one to get rid of anytime soon and hence one way or the other, in the financial industry ISO-8583 is here to stay.

……………………………………………………………………………………………………

The views and opinions expressed in this article are those of the author.
To know more about our company, please click on Mindfire Solutions. 

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Overcoming pain points in offshoring software development

Overcoming the Critical Offshoring Pain Points in Software Development

IT Outsourcing, Thoughts, , ,

It is imperative for businesses today to leverage the effectiveness of software in order to get ahead in the market. This is not limited to the enterprise software pieces they use as part of their day to day operations, but it also relates to the proprietary pieces they offer to their users, clients, and partners.

But developing proprietary software is a serious undertaking, and one which might be beyond the reach of the average small or medium-sized business – in terms of cost effectiveness and also the general skill and expertise needed to truly deliver. So what is the answer for SMEs in the market?

Offshoring software development represents a viable solution. This concept in software design refers to hiring a third party team in a different country to handle the development process. This approach to development brings with it immense benefits, as well as significant challenges. So what are the key pain points, and how can businesses navigate through them. Let us look at the critical ones :

……………………………………………………………………………………………………

Difficulties Commonly Associated with Offshoring Software Development?

Breakdown in communication between teams

Offshoring means a team operating in a different country or territory – which in turn means potential time zone clashes and a heavy reliance on digital communication tools. There is also the very critical factor of cultural differences existing between the in-house and outsourced teams, leading to communication breakdowns.

Quality not guaranteed

This is a familiar source of anxiety for any businesses working with an outsourced team – How to ascertain the quality of the outcome? There is no guarantee here, but, if the services of a company are hired purely on the basis of low rates, there is a strong likelihood of low quality turning out to be the byproduct. No good service comes cheap.

Sensitive data risk

We are in the beginning of the digital era. Data has already started making the business world go round. This makes outsourcing something of a minefield. On one hand, the team needs the requisite data to do the job and to do it well, while on the other, the companies outsourcing are always going to be nervous about how much access to sensitive data would they be giving away. The risk of data breach, either accidental or malicious, is always high and the ensuing penalty could be significantly detrimental.

……………………………………………………………………………………………………

Overcoming the Pain Points

Deployment of digital communication tools

Outsourced teams – both on and offshore – are introducing businesses to a whole new world of flexibility and agility. This is being supported by a wealth of different communication tools which allow collaboration and communication between teams across the globe in real time. With so many high-quality software tools and platforms available, communication breakdowns can be completely eliminated.

Progress reports and regular project appraisals

When a contract is drawn up with an offshore team, regular appraisals and reports have to be included in it to keep a tap on work progress. The result will be a process which is far more streamlined, one unlikely to get hung up or face too many unexpected pitfalls. It enables both the teams to stay on course and make required modifications whenever it is deemed necessary.

Temper cost reduction with a quality-oriented focus

Reducing costs and achieving better resource management are certainly two important and obvious factors for a company when it comes to outsourcing their software development work. What should also be given equal importance is the quality of work. Everything fails otherwise. Clarity is required on two fronts here. Firstly, knowing the impact the quality of the outsourced work will have on the end result. Secondly, having established evaluation criteria to identify the right partner to engage with.

Develop an in-house data security plan, Extend it to outsourced teams

A business should first understand that it is not immune to data breaches from within, and thus, should begin by drafting a high-level data security plan that covers all potential vulnerabilities.With the required processes in place the approach can then be extended to include the offshore partner. Providing them with a copy of one’s data security policy, and ensuring that the same is ratified and agreed upon before the final contract is signed would clearly underline the importance the company puts on the matter.

……………………………………………………………………………………………………

If you have any queries in this field, talk to Mindfire Solutions. For over 19+ years now, we have been the preferred Software Development Partner of over 1000+ Small and Medium-sized enterprises across the globe.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •