I need a help about distinguish similar entities.
In my case I have one entity called '#agent' with some entries, two of them is 'Iago Campos' and 'Iago Coutinho'. I have an intent called 'transfer' that is triggered when user says that want to talk to someone. When user says 'I want to talk with Iago' dialogflow doesn't match any of the 'Iago'
I want to know if it's possible to make dialogflow ask to user if he wants to talk with Iago Campos or Iago Coutinho. I was looking aboult Fulfillment, but for many reasons I'm not confortable using webhook to just distinguish agents...
#Agents entries
Dialog Flow doesn't match any of the “lago” because it does not know what decision it has to take since it found 2 matches “lago Campos” and “lago Coutinho”.
If you proceed to say “Campos” dialog flow will find only one match “lago campos” and it will return it. It would be ideal to remove the world “lago” since it causes redundancy in your system.
On the other hand a fast solution would be to create another Intent specifically for when the user enters the word “lago” and that it is linked with a trigger that replies what “Lago” is it referring to. Here the final user can choose one “lago” or another.
So here I could suggest creating this behavior using a Fulfillment webhook in that way you can use it from the same intent
I am designing a bot with wit.ai and encounter a conflict issue.
In my story the user wants instructions to access a service. I've created an entity service.
There are 2 services available "mailing" and "chat channels" but I want the user to be able to ask instructions for both at once.
Therefore, my entity service has "keywords" for search strategy and "mailing", "chat channels" and "both" as values.
But when I branch the story after the question the bot asks "to which I've added quick answers "mailing", "chat channels" and "both", but at this point I have a conflict between the branches.
When I test the bot on wit.ai, whatever my answer he goes to the "both" branch.
I'm struggling to find out why there is a conflict between the keywords, if someone could help me it would be great.
I've tried to train the bot with small variations of each answer but this doesn't solve my issue.
Here is the solution we came up with for this issue:
instead of creating a new story, start by creating the entityof type traitin the understanding tab
enter all possible values in the understanding tab
once the entity has been properly created, you can use it in a story
I have set up two referral credit rules.
All acting users get 7 default credits every time they trigger the event mq_app_open
Referred acting users get 10 default credits every time they trigger the event mq_app_open
mq_app_open is a custom event that I am recording on app open.
I can see that rule 1 is getting applied but can never get rule 2 to be applied.
What actually does "Referred acting users" actually mean?
I think the issue probably relates to the fact that when I open the app from a (universal) deeplink I see two events
open
mq_app_open
For each of Session Referring Branch Link ID, Session Referring Click ID and Session Referring Link URL are all null.
Oddly, when I let the app go into the background and then the foreground again I see the following events
open
referred session
For these two events Session Referring Branch Link ID, Session Referring Click ID have values but Session Referring Link URL is null.
I am not sure why any of these values are null when it would seem they should all reference back to the link url that was clicked on.
Alex from Branch.io here:
Referred acting users is a rather confusing way to say 'users who take action and open the app after clicking on a Branch link'. We should probably adjust our terminology to make this a bit clearer. For most purposes, you can think of this as Referred users.
I am actually not certain why rule 1 is working but rule 2 is not. Possibly there is some conflict with having two rules applying to the same user from the same event — you could try refactoring the rules so that Referring users get 7 points and Referred users get 17.
Those session parameters should be coming back with values, assuming a link was clicked. We probably need to do a bit more debugging to see what's going on — would you mind submitting a ticket to the Branch integrations team so that we can dig into the code and the backend config of your specific app?
I know this has been asked several times may be, but most (if not all) solutions I've seen were involving a javascript solution or disabling form/submit button, which I'm not preferring.
I have couple of huge forms that may take some time to complete submission which may let the user to re-submit many times during the first submission, which eventually will cause for many records in the database.
Proposed solution:
A proposed solution is to have a generic method that have an array including all submitted forms IDs, each time a user submit a form, it's ID will be added to that array if it's not already existed, after the submit complete the ID will be popped out the array. A drawback can be counted on this solution in case a user opened two or more pages of the same form and submit them synchronously, but that can be worried about later.
My question is how feasible is my proposed solution and how good it can be? and how can I implement that generic method?
I understand that Apache Struts 2 framework has some solution to prevent such thing (Token Interceptor), how to do that in MVC 4?:
Just add a GUID field to the ViewModel the view is bound to (You are using ViewModels right?) and every time the empty form is asked for, generate a new GUID (solves the issue of downloading two or more copies by same user) for it and have it included in the view as a hidden field (string representation of it). Then you can implement the array solution you are talking about in a session variable or even a database based solution in which all processed GUIDs are saved in a table that gets cleared every so often, a text file that contains the list of GUIDs, etc. kind of hard to pick a complete solution based on just what you provide. But the above should provide you with all the requirements you have outlined.
As per the title really, just what can be done to defeat key/keystroke logging when authenticating access?
I have just posted a related question (how-to-store-and-verify-digits-chosen-at-random-from-a-pin-password) asking for advice for choosing random digits from a PIN/password. What other reasonably unobtrusive methods might there be?
Any and all solutions appreciated.
One solution to defeat keyloggers is to not care if they capture what you type.
One time passwords (search: "OTP") are one solution. Smartcard authentication is another.
A hardware-based keylogger will not be fooled by any solution that requires the use of a keyboard. So, to bypass those you will need to have input through the mouse only. But software-based keyloggers can be stopped by adding a keyboard hook in your own code which captures the keys and which does not call the next hook procedure in the hook list. But keyboard hooks tend to trigger antivirus software if used incorrectly and will cause bugs if you use them in any dynamic library with the wrong parameter.And basically, a keylogger will use a keyhook to capture keystrokes. By adding your own keyhook on top of the malware keyhook, you'll disable the keylogger.However, there are keyloggers that hide deeper in the kernel so you'd soon end up with a keylogger that will bypass your security again.Don't focus too much on the danger of keyloggers, though. It's just one of the many methods that hackers use to get all kinds of account information. Worse, there's no way that you can protect your users from social engineering tricks. Basically, the easiest way for hackers to get account information is by just asking their victims for this information. Through fake sites, false applications and all kinds of other tricks they could just collect any information that you're trying to protect by blocking keyloggers. But keyloggers just aren't the biggest dangers.
One suggestion was to use pictures of cute kittens (or puppies) for the user to click on. What you could do is use a set of 10 pictures and let the user pick four of them as their "pincode". Then, whenever the user needs to enter their code, display the pictures in any random order so hackers have no use for it's location. If it's a web application, also give the pictures a random name, and just let the server know which is which. To make it even more complex, you could create 10 sets of 10 pictures, where every picture displays a single object but from a slightly different perspective, different angle or in a different color. Set 1 would be a chair, set 2 a table, set 3 a kitten, set four a puppy, etc. The user then just needs to remember: Table, kitten, chair, puppy. (Or puppy, chair, chair, table. Or kitten, puppy, puppy, puppy...)
You could have a clickable image with the letters on it. Your users will be pretty mad though...
You can allow to use only on-screen keyboard to enter password.
Or you can write module (on flash for example) for handwriting (via mouse or stillus) passwords recognition.
The only real way is a proper second factor authentication: Either something the person is: fingerprint, iris scan. Or something they have: one-time password list/generator; crypto-generator.
Assuming that only keyboard, and not mouse input is captured, you could type the password out of order moving the cursor with the mouse.
I really like the one time approach better, though.
How about a variation of standard password. For example you could have a list of words and have program leave out random letters from each word. In addition to that it would leave out one word from the list which user would have to remember and type it out.
If the words form a sentence, it would be easier or users to remember it but on the other hand creation of the sentence would be more difficult because you'd need to use words which can't be guessed from sentence's context.
Another variation of this could be to have program at random ask user to replace all letters i with 1 or a with 4 or to place say letter R after every third letter A or something similar.
Basically have a password which would be modified at random and have it instructions displayed to user how to modify the password.
Now that I think of it, I'm not sure how unobtrusive my ideas are...
The online banking portal of my bank has a nice way that I find very unobtrusive. When creating the account, you define a 6 digit PIN (additional to a normal password). After entering your password, you're asked for 2 digits of the 6 digit PIN at 2 random positions. For example, if your PIN is 654321, it'll ask your for digits 2 and 5 and you'll click on 5 and 2 (it has a numpad with digits to click on). Even if you'd enter the digits with your keyboard, it would still be kind of safe because the attacker won't know which digits you've been asked for (unless he captures the screen as well, maybe using tempest).
So, short answer: Ask only for some parts of the password/PIN, in random order. Having the user use the mouse increases security.
One more idea: If you have a PIN (numerical password), ask the user for modifications of certain digits, e.g. "2nd digit plus 3, 4th digit minus 1".