DEV Community: Mukul Bindal

Sentiment Analysis using Azure AI

Mukul Bindal — Mon, 30 Sep 2024 10:35:52 +0000

What is Sentiment Analysis?

Sentiment analysis is a process in natural language processing (NLP) used to determine the emotional tone behind a body of text. It helps in understanding the sentiment (positive, negative, or neutral) of user opinions, social media comments, product reviews, etc. Companies leverage sentiment analysis to gauge customer feedback, monitor brand perception, and improve user experience.

Traditional Machine Learning Approach

Traditionally, sentiment analysis involves building machine learning models from scratch. This process requires several key steps:

Data Collection: Large datasets are needed to train the model. These datasets must be labeled with sentiment classes (positive, negative, or neutral).
Feature Extraction: Text data is transformed into numerical features through techniques like TF-IDF or word embeddings.
Model Training: Machine learning models such as logistic regression, Naive Bayes, or deep learning models like LSTMs are trained on the prepared data.
Evaluation and Tuning: The model needs to be evaluated and fine-tuned regularly for better accuracy.

However, this approach has its disadvantages:

High Computational Resources: Building and training models from scratch can be computationally expensive.
Need for Large Datasets: High-quality, labeled datasets are needed, which can be hard to obtain.
Time-Consuming: The model development process, from data preparation to tuning, is time-intensive.
Low Accuracy: Without a large dataset and correct model, accuracy is not good and often leads to less reliability.

Advantages of Azure AI Over Traditional Approach

Azure AI provides a robust, pre-trained sentiment analysis model as part of its Language Service. Key benefits include:

Scalability: Azure AI allows you to scale up your applications without needing your own infrastructure.
Pre-trained Models: No need for large datasets or model training—Azure’s pre-trained models are ready to use.
Cost-Effective: By using a cloud-based service, the need for high computational power and resources is minimized.
Faster Time to Market: Azure’s API can be integrated with your application easily, significantly reducing development time.

Prerequisites

Before using Azure AI for sentiment analysis, you will need:

An Azure subscription.
Azure AI Language Service enabled in your account.
Familiarity with Python or another programming language.

Steps to Implement Sentiment Analysis using Azure AI

1. Create Azure Language Service

a. Go to the Azure portal and create a Language Service resource.

b. Select your subscription, resource group, and region.

c. Once the resource is created, you’ll receive an endpoint and API key, which will be used for API calls.

2. Install Azure SDK

Install the azure-ai-textanalytics package:

pip install azure-ai-textanalytics

3. Connect to the Service

a. Go to your Language Service Resource > Keys and Endpoints and copy the credentials

b. Use the API key and endpoint from your Language Service resource to authenticate your requests.

4. Send Text for Sentiment Analysis

Pass the raw text you want to analyze to the API for sentiment detection, without any need of preprocessing.

Sample Code

Below is an example of how one can use Azure AI services for NLP:

#!/usr/bin/env python3

# Import required packages
from azure.ai.textanalytics import TextAnalyticsClient
from azure.core.credentials import AzureKeyCredential

# Add the Key and Endpoint (Should be in env variables)
KEY='YOUR_LANGUAGE_SERVICE_KEY'
ENDPOINT='YOUR_LANGUAGE_SERVICE_ENDPOINT'

# Create a text analytics client
text_analytics_client = TextAnalyticsClient(ENDPOINT, AzureKeyCredential(KEY))

# Load your data
documents = ["I am thrilled to announce that our team has exceeded all our quarterly targets!",
"I was really disappointed with the service at the restaurant last night",
"The meeting is scheduled for 3 PM tomorrow in the main conference room.",
"She couldn’t stop smiling after receiving the surprise gift from her friends.",
"He felt a deep sense of loss when he heard about the passing of his childhood pet."]

# Call the Azure Service to detect sentiment
response = text_analytics_client.analyze_sentiment(documents=documents)

# Print output
for i, resp in enumerate(response):
    print(f"Text: {documents[i]}\t Sentiment: {resp.sentiment}")

Output:

Text: I am thrilled to announce that our team has exceeded all our quarterly targets!    Sentiment: positive
Text: I was really disappointed with the service at the restaurant last night    Sentiment: negative
Text: The meeting is scheduled for 3 PM tomorrow in the main conference room.    Sentiment: neutral
Text: She couldn’t stop smiling after receiving the surprise gift from her friends.    Sentiment: positive
Text: He felt a deep sense of loss when he heard about the passing of his childhood pet.     Sentiment: negative

You can observe that this is a much simplified code than the traditional approach and with better accuracy and minimum time investment.

Conclusion

Azure AI simplifies sentiment analysis with its pre-trained, ready-to-use models. By removing the complexity of traditional machine learning approaches, Azure allows developers to focus more on delivering value to their applications without worrying about computational resources, data preparation, or model training. This makes sentiment analysis, or any other NLP task faster, scalable, and more accessible.

Understanding HTTP and HTTPS: How They Work and Secure Data Transmission

Mukul Bindal — Sat, 20 Apr 2024 07:02:30 +0000

HTTP (Hypertext Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure) are fundamental protocols for transmitting data over the web. They govern how information is exchanged between clients (such as web browsers) and servers. Let's dive into how HTTP and HTTPS work, using examples to illustrate their functionalities and security aspects.

HTTP: The Basics

Consider Alice as a user and Bob as a web server. When Alice accesses a website using HTTP, her browser sends a request to Bob's server, asking for specific content, like a web page. Bob's server then responds by sending the requested data back to Alice's browser.

HTTP operates over port 80 by default and transfers data in plaintext, making it susceptible to interception and tampering. Here's how a typical HTTP scenario might unfold:

Alice's Request (HTTP):
Alice's browser sends an HTTP request to Bob's server for a webpage (e.g., http://example.com).
Bob's Response (HTTP):
Bob's server responds to Alice's request with the requested webpage's content in plaintext.

Now here is the catch, suppose Bob wants to transmit a confidential information that only Alice should receive, he can not do so in this protocol. The request is hopped over multiple routers before it reaches Alice and vice versa for Bob. Any information provided in plain text, is vulnerable to cyber secruity attacks like phishing, man in the middle attack and replay attacks.

HTTPS: Enhancing Security

HTTPS addresses the security vulnerabilities of HTTP by adding an extra layer of encryption using SSL/TLS (Secure Sockets Layer/Transport Layer Security). Let's see how Alice and Bob communicate securely using HTTPS:

Alice's Secure Request (HTTPS):
Alice's browser initiates a secure connection with Bob's server by sending an HTTPS request (e.g., https://example.com).
SSL/TLS Handshake:
Alice's browser and Bob's server perform an SSL/TLS handshake to establish a secure encrypted connection. This involves exchanging cryptographic keys and verifying the server's identity.
Encrypted Data Transfer:
Once the secure connection is established, all data exchanged between Alice's browser and Bob's server is encrypted, ensuring confidentiality and integrity.
Bob's Secure Response (HTTPS):
Bob's server responds to Alice's HTTPS request with encrypted data, which Alice's browser decrypts for display.

This sounds simple when represented like above. But the main issue is, how do we ensure that the encrypted data is read properly by the receiver? We need a way to exchange the keys securely. If our keys are exposed, this protocol will become no better than simple HTTP.

Public key cryptography:

Public key cryptography is a very smart way of encrypting the data. Algorithms like RSA, DSA and Diffie-Hellman algorithms are used for public key cryptography.

These algorithms are capable for taking the plain text as input and generate two keys - one using which the data is encrypted, other using which we can decrypt the data. These 2 keys are called our public and private keys. Based on our applications, like Digital Signature, Encryption etc, we use them interchangeably.

Key Exchange in HTTPS

Client Hello:
When Alice's browser initiates an HTTPS connection to Bob's server, it sends a "Client Hello" message. This message includes supported cryptographic algorithms, random data, and other parameters.
Server Hello:
Bob's server responds with a "Server Hello" message. This message contains the chosen cryptographic algorithms, a server-generated random value, and the server's SSL/TLS certificate.
Certificate Exchange:
The server sends its SSL/TLS certificate to Alice's browser. This certificate contains the server's public key, information about the certificate issuer (Certificate Authority or CA), and the server's domain name.
Public Key Encryption:
Alice's browser uses the server's public key from the certificate to encrypt a "pre-master secret" and sends it to the server.
Master Secret Derivation:
Both Alice's browser and Bob's server use the exchanged pre-master secret and their respective random values to derive a "master secret." This master secret is used for symmetric encryption during the HTTPS session.

Server Identity Verification and Certificate Validation

Certificate Chain Validation:
Alice's browser checks the server's SSL/TLS certificate for validity. This includes verifying the certificate's expiration date, the issuing CA's signature, and ensuring the certificate hasn't been revoked.
Root CA Trust:
Alice's browser validates the server's certificate chain up to a trusted root CA (Certificate Authority) stored in the browser's trust store. If the chain is valid and trusted, the server's identity is considered verified.
Hostname Verification:
Alice's browser matches the server's domain name (e.g., example.com) with the domain name listed in the server's certificate (Subject Alternative Name or Common Name field). This ensures that Alice is connected to the intended website.

Certificate Handling and Renewal

Certificate Issuance:
Bob's server obtains an SSL/TLS certificate from a trusted CA. This certificate includes the server's public key and is digitally signed by the CA to establish its authenticity.
Certificate Renewal:
SSL/TLS certificates have expiration dates. Bob's server periodically renews its certificate before expiration to ensure uninterrupted HTTPS service. Renewed certificates undergo the same validation and issuance process.
Certificate Revocation:
If a certificate is compromised or no longer valid, it can be revoked by the issuing CA. Alice's browser checks for certificate revocation using Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) to ensure the server's certificate is still valid.

Browser Validation and Secure Connection

Secure Connection Established:
After successful key exchange, certificate validation, and identity verification, a secure connection is established between Alice's browser and Bob's server.
Encrypted Data Transfer:
All data exchanged between Alice's browser and Bob's server during the HTTPS session is encrypted using symmetric encryption keys derived from the master secret.
Trust Indicators:
Alice's browser displays trust indicators such as a padlock icon and "https://" in the URL bar, indicating a secure connection. Extended Validation (EV) certificates may display the organization's name for enhanced trust.

Advantages of HTTPS Over HTTP

Data Encryption: HTTPS encrypts data during transmission, preventing unauthorized access and interception.
Data Integrity: HTTPS ensures that data remains unaltered during transmission, preventing tampering by malicious actors.
Authentication: HTTPS verifies the identity of the server, protecting against phishing and man-in-the-middle attacks.
Trustworthiness: HTTPS builds user trust by indicating a secure connection through the padlock icon in browsers and "https://" in URLs.

Conclusion

HTTPS ensures secure data transmission over the internet by employing strong encryption, server identity verification through SSL/TLS certificates, and rigorous validation processes. Understanding the intricate steps involved in key exchange, certificate handling, and browser validation helps ensure secure and trustworthy web interactions for users like Alice and servers like Bob.

HTTP and HTTPS are critical protocols for web communication, with HTTPS offering enhanced security through encryption, data integrity, and server authentication. In the digital age, where privacy and security are paramount, HTTPS has become the standard for secure data transmission over the internet. Understanding the differences between HTTP and HTTPS helps users like Alice and servers like Bob ensure secure and reliable web interactions.

Configuring and Using Eureka Discovery

Mukul Bindal — Sun, 24 Sep 2023 08:51:18 +0000

Configuring and using Eureka Discovery Server in Spring Cloud is a fundamental step in building microservices-based applications. Below is a guide on how to set up and utilize Eureka in your spring boot application.

Step 1: Set Up a Spring Boot Project
Start by creating a Spring Boot project using your preferred IDE or Spring Initializer (https://start.spring.io/). Make sure to include the "Eureka Server" and "Eureka Discovery" dependencies.

Step 2: Configure Eureka Server
In your Spring Boot application, you need to configure it as a Eureka Server. Create a main class and annotate it with @EnableEurekaServer:

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.netflix.eureka.server.EnableEurekaServer;

@SpringBootApplication
@EnableEurekaServer
public class EurekaServerApplication {

    public static void main(String[] args) {
        SpringApplication.run(EurekaServerApplication.class, args);
    }
}

In your application.properties or application.yml, specify the server port and any other configurations:

server.port=8761
spring.application.name=eureka-server

Step 3: Configure Eureka Client(s)
Now, you'll create one or more Eureka clients, which are your microservices that register with the Eureka Server. In your microservice project(s), add the Eureka Client dependency.

<dependency>
    <groupId>org.springframework.cloud</groupId>
    <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>

In your microservice's application.properties or application.yml, specify the Eureka Server's location:

eureka.client.service-url.default-zone=http://localhost:8761/eureka

Step 4: Register Microservices
In each of your microservices, annotate the main class with @EnableDiscoveryClient:

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.cloud.client.discovery.EnableDiscoveryClient;

@SpringBootApplication
@EnableDiscoveryClient
public class YourMicroserviceApplication {

    public static void main(String[] args) {
        SpringApplication.run(YourMicroserviceApplication.class, args);
    }
}

Step 5: Test Eureka

Start your Eureka Server application.
Start your microservices (Eureka Clients).
Access the Eureka Server's dashboard in your browser: http://localhost:8761.

You should see your registered microservices listed in the dashboard.

Step 6: Load Balancing
Eureka also provides client-side load balancing. You can use the @LoadBalanced annotation with your RestTemplate or WebClient to make requests to other services registered with Eureka. For example:

import org.springframework.cloud.client.loadbalancer.LoadBalanced;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.client.RestTemplate;

@Configuration
public class RestTemplateConfig {

    @LoadBalanced
    @Bean
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }
}

Example Use Case:
Suppose you have a "ProductService" and a "UserService" as microservices. You can use the @LoadBalanced RestTemplate to make requests from the "UserService" to the "ProductService" without hardcoding the URL.

That's a basic guide on how to configure and use Eureka Discovery Server in Spring Cloud. You can extend this architecture to build complex microservices ecosystems with ease.

Data Storage in Cookies

Mukul Bindal — Thu, 27 Apr 2023 08:53:32 +0000

All of us doing web development might have come across the term 'Cookie' once in our journey. In this post, we will try to understand what is cookie exactly and how we can use it in Javascript.

What is cookie?

Cookie is just a small string that can be created by the host server and sent to the client (browser). Client can also manipulate it and send it back in the next request.

Server uses 'Set-cookie' in header to set the cookie
Browser uses document.cookie to read it using javascript
In the next request, browser automatically adds the cookie in the header

Reading Cookie

We can easily read cookie using the document.cookie object. It will return us all the key-value pairs.

Writing Cookie

In javascript, cookie object has built in set method to set the cookie. Cookie can not be so large, most of the browser supports only 4KB as the max size.

To write the cookie, we can simply use assignment operator:
document.cookie = 'key=value'

Note that it will append this new key/value pair to the cookie object and it will not overwrite it.

Cookie Options

Along with each key/value pair, we can pass some 'options' specific to that pair. We need to pass them as ';' separated strings.

Example:

document.cookie = 'user=admin;path=/;domain=myapp.com'

Some of the commonly used options are:

path: It is the current page by default, but we can restrict the access to this cookie by setting any different webpage path
domain: It is the domain in which this cookie is accessible.
expire, max-age: These options will mark the cookie as expired.
samesite: This option will prevent from XSRF attack.

What is XSRF Attack:

XSRF attack, aka Cross Site Request Forgery, is a common attack that uses cookie to perform Impersonation attack. Suppose we are using a site which uses cookie as the authentication method. Since cookies are sent in each request, if we login to our account and click on some third party link, if we do not use proper security, our login token will reach to the third party site which can be malicious.

To prevent this attack, most frameworks restrict to use XSRF token along with the forms. The samesite=strict option can also be useful to prevent such attacks. But there are better security mechanisms to prevent the XSRF attack nowadays.

Deleting a cookie:

We can not directly manipulate the cookie object due to its set methods. To delete a cookie, we can set the expire or max-age option to delete the cookie.

Example:

document.cookie = 'user=admin;max-age=-1'

Third Party cookie

You might have seen sites that use third party cookies. They ask for our consent before using the third party cookies. But what exactly is third party cookie?

A third party cookie is basically the browser's ability to send the cookie to third party sites. Browser has the ability to restrict it. But most of the sites use it to collect the data from users, generally to show ads.

For example, most of the sites use some third party services or functionality. They might request for some Javascript code while loading the page to use their services. Note that that request will consist of some cookie that is from that third party site. Next time we visit the third party site, this cookie will be sent along with our request. We can create many such scenarios here on how those 3rd party sites can use it to collect information on what kind of sites we are visiting and other stuff.

There is a regulatory in European countries that restrict the sites to use third party cookies without user's permission. This is known as GDPR and this is why sites need to take user's permission.

This is it in this post. We will try to see more storage types in next post.