 The current DDoS problems that have been caused by cheaply developed IoT devices, so the last six weeks we've seen the record-sized DDoS attacks broken, and they're broken again, and they're broken again. And the dim one two weeks ago took out a big chunk of the agency board of the US and went for most of a day. Earlier last week the same botnet, not as a DDoS, just as part of its probing and scanning to recruit more machines, accidentally took a million subscribers in Germany offline. Like, you're dealing with a serious threat when your accidental collateral damage is disrupting communications to hundreds of thousands of almost a million people. So this is sort of like what can we do? What if anything? I am attached loosely to a group called the Online Trust Alliance, which operates out of the US by my name Craig Spiesel. It deals on a whole lot of fronts. We're building more trust for the infrastructure, the internet, basically. So browsers, advertising, email practices, email medication, but also now IoT. And I will not attempt to cite this from memory, so I actually loaded my browser, which I now can't find. But the framework that was produced, and I was loosely involved in this, recognised that there are at least five major groups of actors. It's not something that any one group can tackle. So the idea that the LGA manufacturers are entirely at fault is tempting, but it sort of misses the broader context. Developers, certainly, and a really big one is that programmers are not security engineers. If you haven't spent years of your life breaking into computers, you do not have the expertise to secure them, even if it seems like you should have it. If you really haven't done it for real, then you are not capable of defending the must-findest you can. That's the biggest problem. There are millions of these cameras built by people who knew nothing about security, but imagine they did. So they built systems that were vulnerable and that are now being turned into waiting spaces. There's a bunch of algorithms like best practices, but the big one is start by assuming you don't know what you're doing. The supply chain stuff, so retailers, distributors who only sell reputable stuff don't sell El Chippo crap, because for sure, you'll get bitten if you do. ISPs love, like, hey, this is not our problem, we just carry traffic. We don't want to get involved. If our customers have infected machines and they're spewing garbage, that's not our problem. Yes, it is. That requires regulatory change, but it's an area where ISPs are currently freeloading because they don't have to fix it, so they're not incurring the costs of containing customers who have compromised equipment. And then finally, the regulatory stuff to support that. So this was part of a much longer talk, trying to pack in two minutes or three minutes, but to make the point that there's no sortable here, but there are a whole lot of initiatives that are possible and or already in progress to strengthen the environment and to hopefully, over the next couple of years, turn the tide the other way. It's happened a few times with the film we've gotten this big. There's some course of hope with IoT, particularly I'd suggest for people who produce tools for IoT. If you produce complete systems that are already R-secure, that are sort of like Spark Core versus Arduino, we'll take Arduino, build our network stack, they're inviting attack. Start with a device that assumes that it can't defend itself and that depends on cloud service to do so, you've got a fighting chance. There are things that can happen at the engineering end, but there's a bunch of other sort of commercial government events that can happen. So that was the compressed version of topic one, which got an awful lot of ticks. Any questions on that? I have it and it's almost certainly not useful because it's quite difficult to react. If you've got intelligence about deployed machines and you're like, oh, they're vulnerable and the vulnerability is in the bit of the firmware that you can't upgrade remotely, then congratulations. You've put more plague devices out in the world to help criminals attack the rest of the network. So it's more, I feel technically the thing is to move towards platforms that assume that IoT devices which are computationally constrained and often power constrained aren't capable of defending themselves on the open internet because they should have tightly controlled communication channels to a back-end service that deals with the real problem. And this is the spark or political approach. You don't bring a knife to a drone fight. That's the deal. You're up against a botnet with something in the vicinity of a hundred million devices on it. You can't win if you fight. The best you can do is to narrow the attack surface so that you're never ever, at least low-power devices, so it's that different way of thinking about the problem. I'll jump briefly to the other one, which is ham radio, which we're almost as many ticks. And so this was actually a question for the audience, is what do you know about ham radio? Do you have interest in it? Do you see use food in Singapore? My personal interest is space because that's somewhere that the telcos don't go. But the biggest issue in Singapore is always, well, we've got 3G and smartphones everywhere. Why is ham radio interesting? Particularly for those who've taken the box, any comments, thoughts, questions, ideas, answers? Zombie apocalypse. Yeah, so, okay, so that's not quite as crazy as it sounds in the sense that in areas which are much more thinly populated, telcos cannot profitably run networks that are as dense and as run over Singapore's. So in large chunks of Australia, the U.S. and some parts of Canada, you really do have situations where you've got major events that are run beyond the range of mobile networks. So logistics where you can't phone someone or get them on your phone, and your chat app is a bit alien to most people now. At that point, ham radio gear becomes appropriate because volunteers can just build networks and get operating. Then the other is, yeah, floods. So a flood arrives. The telco, the Bontau goes out because both grids feeding it around the water simultaneously. Engineers can't get to the tower to fix it and even if they could, they've got to wait for both grids to come back and they've got to wait for the roads to not be underwater. And so the scope in those sorts, not so much the zombie apocalypse, but certainly floods and fires and earthquakes and those sorts of things. The scope, again in Singapore, the place is so dense and so well managed. I'd be surprised if there was ever scope in order to do better than telcos under the watchful eyes of INDA. Things will go wrong. And I understand during today's thing there's been some major fire outage in Singapore. So certainly stuff goes wrong, but the recovery time is extremely short. It's measured in hours and many days, not months. Whereas in, say, Haiti or the Philippines last year or even Louisiana where major floods take out communication infrastructure for weeks or months. Yeah, I don't think that problem exists in Singapore. So I'm still interested in Singapore, Maria, but I'm looking at where people have other interests. Are radio equipment vulnerable to electromagnetic pulse? Pretty much by head and mission, yes. Yeah, so maybe pulse is just a radio transmission on every frequency something. It's like with a lot of energy behind it. So it is possible to make hub and devices, but it's difficult. Yeah, an EMP device would sort of revert almost any advanced city to the stone ages. Yeah, right, yes. But if it's connected to an antenna at the time, that's okay. So you're going to have reserve gear in... I mean, the protection's not difficult. It's just a steel box. But it's got to be in that situation and not connected to an antenna at the time or it's useless. So that's the trade-off. Okay, I should now yield the floor to the other lightning speakers if they're around. I'm starting to smile at this. Anyone else who wants to speak? Yeah, you can go for any talk. Followed by a travel ride. How was your day? Is any first time to see you? Do you want to share your questions? Or what do you want to do? What work would you do? A little bit about my project. Oh yeah, I forgot to thank Michael and... Hello, my name is Kevin. I come from the U.S. I'm working on a project in Payaleba. It's a mixed-use development project. That's... What that means is it's a property development that has many different property types in it. So we have a retail shopping mall. We have three office towers and we have three residential buildings. It's positioned to be the next CBD, the Eastern CBD, per se. A company that I work for actually developed the Western CBD in Journal East. So we're looking to repeat, but also upgrade the precinct, what we call it, the whole master plan as well. We have 12 hectares. We have four hectares. So there's a lot of opportunities for all the technology to get involved. Anything that requires spatial infrastructure, management, and user experience. I heard someone talked about drones earlier on. Vanessa talked about ultimately reality that can enhance our retail experience. I'm actually looking... I was really focused on the infrastructure piece on the fiber optic network at HET net. If you guys are familiar with some of Singapore government's new initiatives in Journal Big East, we're looking to migrate some of that high-tech, high-end with never seamless technology to us. We're looking to operate Wi-Fi in a campus style, kind of like Google campus or Facebook campus. If you guys have been one wireless, one code instead of walking into a shopping mall that you see probably 20-year or page two lists that really impacts on your experience. So the chain here has done a very good job. And then the one is really Telco. We're looking to work with Telco to bring in the best fiber lines to our residential condos. Really, there's quite a bit happening in this mixed use precinct. So if anyone has good ideas on what they can do to improve space from safety, security, from using drones to survey our building, whether there's any cracks or energy monitoring helping us to reduce energy. We actually work very closely with the IMDA. We have an MOI with them that was signed in September to encourage startups to work with us. The company is called LEMLEASE. It's actually an Australian company, but very fairly international headquarters in New York and London and here in Asia Pacific, the headquarters is in Singapore. So we're looking to really tie that in with Smart Nation. And those Smart Nations, for some of us Westerners coming here as big brother, but I actually think Singapore does a very good job governing its country. It's not like other countries where the election is a bit contentious. But yeah, we're really looking to utilize this Singapore as a testbed to scale to other parts of our operations worldwide. But for now, LEMLEASE is actually just known for shopping mall operators. So we run 313 Somerset. I run Drone Eastmore and we're on corporate parade. And the next one is Allen Mark Porter, which is the project that I'm working on. So thanks very much. Just got a quick project. I'm working on that to share with everyone. So briefly, right, what I do is that I'm currently community manager for NIMS. And NIMS is Asian's WebMD. That's how WebMD before. Yeah, WebMD is a place where you can look for drugs. Drugs.com, Metscape, all these drug farmers will go with it. So NIMS is a place where we write drug reference data to hospitals, clinics, and patients, nurses, GPs to 13 markets for the past 50 years. Numbers, numbers, numbers. Alright, so this is our page. So I've been given a challenging problem. So the problem here is that currently we have 14,000 active doctors on our network. And we are looking to engage them. The engagement rate is probably like 5% or even less than that. Of doctors that are on the platform that's engaging each other, talking to each other, like doctors that is having this open source culture, this bar camp, this kind of concept that we are working on here. The thing is that doctors are a relatively hard market to share their ideas and share what they have in mind and collaborate with each other. They're pretty closed. So just open up to everyone. If you're not of any doctors that's in the market and project an idea or something that you really want to work with, they're passionate about. They want to work with people who are industry partners. And you want to get funding and things like that. They can come and speak to me. And I think this is something that we want to open source medical communities. That's something that we want to do. And that it's tough and we're trying to bring them to the market. Thank you. What do you want? Our platform is community.mames.com community.mamesmims.com Just a quick question. Who are the target audience? The target audience here is medical healthcare professionals in four markets. Singapore, Malaysia, Indonesia and Philippines. Thailand and Philippines. So it looks fancy learning page but to be honest we're still looking for more people to come in and discuss. But we are at the end of the day trying to see how we can get this on the grassroots level to talk to people and really understand how doctors can come together. So it's not really about webpage. Web page to me is it's just something that is a tool. It's not a platform. The real platform is people on the ground talking about projects being really invested into it. To me, that's a real platform. What's the website? If I had to compare and I think for doctors what they care about is the internet quality. Like for those of us who are doctors there are a lot of options to deal with. So you guys have ideas that is open for all but that doesn't need that time to execute it. So there's always a disarmament between people because you actually go looking for the actual name. It's like I'm assuming perhaps you want it by that age but you need like that open for the first time to deal with it. So if you want anyone to give you a thing thank you so much. The gentleman just now mentioned smart nation. One of the interesting things is actually and I have to talk to my talk about Nobel Prizes. Smart nation, great. But intelligence and creativity actually two different things. I think most of you agree with me on that. Let me give you an example. And I'll reference AI and do you know who's and what book is Ender's Game? Orson Scott cards? Ender's Game? Okay. Now there are two scenes in Ender's Game which I think actually quite relevant here. One is where major if you can visualize this, right? How do you figure out which one was a mothership? It was a pattern recognition problem wasn't it? It's a pattern recognition where you see all the ships. The mothership was not in the middle of all the Ender's spaceships. It was to the site. So major record was only one who figured it out. Pattern recognition. Intelligence, AI specifically is primarily pattern recognition if I'm not mistaken. You know there are some extension to it but for right now let's just assume that intelligence is primarily pattern recognition. So in Ender's Game major record was intelligent. He saw a pattern he took advantage of it he launched his missile at the mothership and obviously killed the hide essentially, right? So that's intelligence pattern recognition. Then in the situation where Ender was entering the wall, right? Okay. So what did every other platoon did when they walk in? They have gravity they're cat walking in. The mental assumption they were physically constrained by the fact that they had gravity they walked in, no gravity but mentally they're still constrained by gravity. What did Ender do? There's no doubt. Space has no doubt. So in this case his creativity allowed him to break the pattern of we are still constrained by gravity, right? Intelligence pattern recognition creativity breaking patterns. In this case, pattern of thought. So the reason I came up with that is because one day I was actually talking to a computer science professor of Ender's Game and I asked him, what are your lessons from Ender's Game? He said he's in all solos. I said, AI, intelligence versus creativity and imagination. He looked at me and said, that's actually pretty good. He was the number two guy in the computer science department at MIT by the way. He was actually quite taken by that. I said, next time you go to MIT please visit me. So Singapore is very focused on spot nation. That's intelligence. What is Singapore doing with respect to creativity? Anyone? Any ideas? They're doing what everyone else is doing. Hire the best experts in creativity send them out there. But what kind of educational culture do we have here? In Singapore? Last exams. In my novel talk, right? In my talk about Nobel prizes what was the motto of MOE? To mold the future of the nation. Mold. Stick to a mold. A mold assumes that, you know what? It's needed. Where is that room of freedom for creativity? Freedom of expression. Freedom of thought. I'm in trouble. Any IoT devices here? Oh my god. But that's a question for Singapore because I remember reading Vivian Valokrishnan saying something to the effect that smart nation will get us for the next few decades. What's that? What's after that? Does he know? No one knows. No one knows because they're still very much stuck in with smart people. By the way, Singapore actually has the highest IQ of any nation in the entire world. It's about 108 by the way. Because IQ tests are normed against basic calculations. US if I'm not mistaken. So US is basically 100. Singapore is 108. By ethnicity I believe the Jewish is about 112. So it's just interesting. I've seen essentially. So Singapore has a challenge of being able to break out of the mindset that intelligence is going to be the key. It's actually not. It's creativity. It's innovation. How do you nurture that? How do you sustain that? How do you bring that up? In the midst of education culture that says what? Passing exams. Old test papers. The MOE itself says more of the future of the nation. So the challenge is how do you share from intelligence to imagination? There was a recent Nobel Prize winner who unfortunately passed away. Actually an American guy by ethnic Chinese, Roger Sien, T-S-I-E-N. It was based, I believe, UCSD, University of California at Santa Barbara. If I'm not mistaken, San Diego, I don't remember which. But the dean of the department says the smartest people are not the most creative. To be creative, you need to take risks. If you're a conventional thinker you do the traditional thing. Thank you. Thank you very much for having me. It's my first time to have such a fascinating broad audience. So I'm very happy to be here. A very concrete thing. I'm recruiting for three things. So I came here to sing for this year. And I work in the one-off tech hub in the corporate side of things. So just to pick up on what people have been saying. It's very hard to fight this whole groundswell of people defining success and work in intelligence in a way. And we are, I guess, at the point here of trying to swim against the tide to kind of make creativity work and profitable. So I work in MSc, a pharmaceutical company, in the data science unit. And I'm looking for both an intent as well as a full-time person. We have a team of about 23 going to 25. And so of course, philosophically, we don't believe in just grades. So come and talk to me. I believe very strongly that people should not be reduced to grades or IQ or because there's only a very narrow representation of the complexity of a person. So we will set you things like a task that will approximate what you do at work and you will just meet people that you really will work with. And that's our approach. It's very, very slow and it's not scalable, but I don't really care. And so please come and talk to me if you have a data science background, both on the experimental science side as well as the blockchainization engineering side. Open to both. We'll take you as your case-by-case basis, number one. Number two, I'm involved with a group called TND. It goes for the next billion. And I think it's a nice clear on the words. It's not just the next billion, but also helping people here in Asia, the next billion people as they move into the middle class. We think, you know, we can let Silicon Valley go and solve the top 1% or 0.1% extra kind of problems, but we really want to solve the real problems for a billion people here in Asia. And the team of the fund is data. I'm very much a data person, and in my single, you know, bias sample size of one, lots of tech is data. The three teams are IoT, AI and AR, VR. So we just see IoT as the future of data collection. AI is the future of data processing and VR is the future of data interaction. So I know I'm actually true-haunting a little bit to make it fit this nice little three words, but then it's a data play. So if there are data people there, companies in the space, please come and talk to me. Finally, my younger brother, he has a nine-to-five as a data architect in DBS, and his fight tonight is he has an IoT company. So we are in this together, and it's also a problem. For the IoT company, it's called Loretta.io, like, you know, Loretta and the bonds, Loretta.io. And we're looking for UI, UX, front-end, so recruiting for these three things, data science people in terms of full-time, startups in there, IoT, AR, AI, and number three, looking for a UX person. If any of these three things appeal to you or your friends, please come and talk to me. Thank you. Yeah, talk about technology again. Sorry, if any of you are my coding, character in coding talk is very, very much on your own. So any of you here have heard of GraphQL, right? That's the first thing I'm going to talk about, I guess. So this thing is developed by Facebook, and then any of you here have heard about API? Yeah. Right. So GraphQL is essentially API. It's a way of building API. So then, you know, I'm just like, dummy it down until I get a common ground. Any product manager here? No product manager? Oh, yeah, you're a product manager. Next time if you're in like a developer meeting, just throw in GraphQL just for fun, just for kicks. To annoy the developers. I'm a developer myself. So GraphQL, so you must have heard of like APIs and like RESTful APIs, right? The idea of RESTful APIs, you know, you have create, update, get, and then delete. You know, these are the actions. But the problem is that API discovery is around, and then API is also not flexible enough. When you get, you get, you know, the whole list of entities and objects and the fields are predefined based on API destination or schema of your database or whatever. And then that's why API has to be versioned. And then that's just a whole lot of hassle going there. And then you have to know what to query in order to get what you want. And then in order to filter data, the API has to allow you to filter data. You can say like question mark, you know, wireless fields, and these are only the fields that I want. And then with GraphQL, all these are built in GraphQL's definitions. So the idea of GraphQL is that you can query an API with something like, let's say you want, I actually don't know the, let's say, you're calling for, let's see, I don't know, a customer object. And then for a customer object, you only want customer ID, sort of name. And that's it. So that's, the customer table might be super huge, but, you know, you only want the two fields. And then you can query it in this way so they only get this. But then at times, you also only want customers with ID in five. And in this case, you can filter the data as well as slicing the data. So GraphQL gave you this flexibility. You can just forget or list that request. So you also have ways of putting and updating your data. So that's what GraphQL is. And then, but I want to introduce not just GraphQL, GraphQL is great, and then you can want to look into it as like, I feel like that's the future of API. And then there's also this thing called protocol buffer. Have any of you here heard of protocol buffer? Right, protocol, have any of you here heard of JSON? No. XMLJ is not, these are like data formats you use for transferring data, right? So, and then protocol buffer, protocol buffer. Protocol buffer is similar. It's in a similar kind of glass of things in the data format. So then you use it to define data schema. So if you marry GraphQL with protocol buffer, it's a great world out there. I mean, I'm not going to elaborate too much, but think about it. This defines schema. This defines your API. Schema marries API, you have everything you need. I'm just going to leave that out there. And then I implemented this for my company Hackathon. It was in Python. So I pretty much did some like met up programming in Python to just like marry this too. And it was great. I won third prize. That speaks to how good this thing is. And then unfortunately, you know, my company has open source policy, so it's not open source yet. But it will be at some point, hopefully. But this idea is free. Anybody can just take it and go around with it. And then, so any programmers out there, you will be taken. That's it, thank you. I think we are done. Everybody hungry? Yes. So I think if you're keen, we can find some people and go and get some coffee or something. That's the last time for coming.