Leveraging user and device data during user login to fight against

  1. ATO (account takeovers)
  2. Botnet attacks

ATOs ranking from easy to hard to detect

  1. from single IP
  2. from IPs on the same device
  3. from IPs across the world
  4. from 100k IPs
  5. attacks on specific accounts
  6. phishing and malware


Semi-supervised learning = unlabeled data + small amount of labeled data

Why? better learning accuracy than unsupervised learning + less time and costs than supervised learning

  • K-means: not good
  • DBSCAN: better. Use labels to
    1. Tune hyperparameter
    2. Constrain


  • Manual feature selection
  • Feature evolution in adversarial environment
  • Scalability
  • No online DBSCAN


Anti-fraud Query

Anti-fraud Featuring

Production Setup

  • Batch: 7 days worth of data, run DBSCAN hourly
  • Streaming: 60 minutes moving window, run streaming k-means
  • Used feedback signal success ratios to mark clusters as good, bad or unknown
  • Bad clusters: Always throw
  • Good clusters: Small % of attempts
  • Unknown clusters: X% of attempts

Ads Ecosystem

  • Brand / Advertiser: individuals or organizations who want to publish advertising messages to the customers.

  • Agency: they help the brand to interact with the rest of the ecosystem and manage the whole lifecycle of the advertising messages, including planning, creating, and distributing ad campaigns.

  • Trading Desk: It streamlines the media buying process.

  • Demand-side Platform (DSP): it automates online ad inventory and buying, helping agencies to manage accounts across different accounts and campaigns through one platform.

  • Data-management Platform (DMP)

    1. Ads-based Analytics: attrition, targeting, profiling, session replay, and more.
    2. Anti-fraud
    3. Market-based Analytics
  • Ad Exchange / Real-time Bidding (RTB): It matches ads suppliers with buyers.

  • Ad Network: It aggregates publisher inventory and sells it to advertisers.

  • Supply Side Platform (SSP): It monitors the entire ads inventory and suggest prices for ad space.

  • Publisher: Ad-space owners like website operators.

Andy Grove emphasizes that a manager’s most important responsibility is to elicit top performance from his subordinates..

Unfortunately, one management style does not fit all the people in all the scenarios. A fundamental variable to find the best management style is task-relevant maturity (TRM) of the subordinates.

TRM Effective Management Style
low structured; task-oriented; detailed-oriented; instruct exactly “what/when/how mode”
medium Individual-oriented; support, “mutual-reasoning mode”
high goal-oriented; monitoring mode

A person’s TRM depends on the specific work items. It takes time to improve. When TRM reaches the highest level, the person’s both knowledge-level and motivation are ready for her manager to delegate work.

The key here is to regard any management mode not as either good or bad but rather as effective or not effective.

What is change aversion?

By and large, anytime you change what people regularly use in a product, they will always throw an uproar. This happens to almost every release of products like Gmail, YouTube, iPhone, etc.

How to avoid or mitigate change aversion?

  1. Let users understand, in advance and afterward. Warn them about the significant changes early and communicate why those places changed. Provide transition instructions afterward.
  2. Let users switch. Don’t shut the door and leave them alone in the helplessness.
  3. Let users give feedbacks and follow through.

Change Aversion isn’t an Excuse

The product changes may turn out to be good or bad ones.

change aversion patterns

Why bother with architecture?

Answer: for reducing human resources costs per feature.

Mobile developers evaluate the architecture in three dimensions.

  1. Balanced distribution of responsibilities among feature actors.
  2. Testability
  3. Ease of use and maintainability
Distribution of Responsibility Testability Ease of Use
Tight-coupling MVC
Cocoa MVC ❌ VC are coupled ✅⭐
MVP ✅ Separated View Lifecycle Fair: more code
MVVM Fair: because of View’s UIKit dependant Fair
VIPER ✅⭐️ ✅⭐️

Tight-coupling MVC

Traditional MVC

For example, in a multi-page web application, page completely reloaded once you press on the link to navigate somewhere else. The problem is that the View is tightly coupled with both Controller and Model.

Cocoa MVC

Apple’s MVC, in theory, decouples View from Model via Controller.

Cocoa MVC

Apple’s MVC in reality encourages massive view controllers. And the view controller ends up doing everything.

Realistic Cocoa MVC

It is hard to test coupled massive view controllers. However, Cocoa MVC is the best architectural pattern regarding the speed of the development.


In an MVP, Presenter has nothing to do with the life cycle of the view controller, and the View can be mocked easily. We can say the UIViewController is actually the View.

MVC Variant

There is another kind of MVP: the one with data bindings. And as you can see, there is tight coupling between View and the other two.



It is similar to MVP but binding is between View and View Model.



There are five layers (VIPER View, Interactor, Presenter, Entity, and Routing) instead of three when compared to MV(X). This distributes responsibilities well but the maintainability is bad.


When compared to MV(X), VIPER

  1. Model logic is shifted to Interactor and Entities are left as dumb data structures.
  2. UI related business logic is placed into Presenter, while the data altering capabilities are placed into Interactor.
  3. It introduces Router for the navigation responsibility.

Tian Pan's Notes

Software Engineering and Startup
© 2010-2018 Tian
Built with ❤️ in San Francisco