First off, let’s be clear. Efficiency is about using less inputs to gain the same amount of outputs.

Productivity is about achieving more outputs with the same input.

If you look at it with that understanding, you’ll immediately see why chasing efficiency is…. well, unproductive. Why save a few dollars, when you could leverage that to gain outsized value?

If you’re focused on reducing your inputs, and maintaining the same output, then you’re not growing. You’re maintaining your current position. You’re in the rat race, where you’re running faster and faster just to keep up. You’re stagnating. And that’s not a pleasant place to be.

LLM based AIs do not automatically result in improved efficiency.

The assumption that “having AI” increases efficiency shows a fundamental misunderstanding of how LLM based AI work. Investing in AI to “save time” is a trap.

Just because AI can automate things, and thus reduce the time needed to do things, that doesn’t mean its increasing efficiency. It’s just another form of created automation that improves efficiency on some things, but inevitably leads to a new asset that needs to be maintained.

LLM based AI by itself cannot find efficiencies. It is not creative, it can’t think, it can’t understand the big picture. Years of research have proven that creativity is needed to find new efficiencies in problem spaces — LLM based AI does not have that creativity.

So what CAN it do?

LLM based AIs are an enabler to increase productivity.

They enable you to get drudgery done faster so that you can move on to the actual value generating work. This is especially obvious in the software development world where there are big impacts being seen everywhere.

LLM based AI are extremely good at extracting context out of something that exists and generating more things within that context. Which is fundamentally what writing code is about (cue the angry gnashing of teeth).

Developers & the Innovation Tax

When developers are told to go build something that will generate value, they can’t just go and do it. They’ve suddenly got to deal with a wave of overhead.

In the pursuit of efficiencies, they need to:

• ensure the new system & features comply with policies
• find the company approved tools, generators, and patterns and then figure out how to use them
• utilise scaffolds and leverage frameworks that support good development practices
• use modern deployment methods that result in additional code for testing and infrastructure
• document everything to support ongoing operations & knowledge transfer

So time passes as the developer aligns with generators, guidelines and guardrails before they can really progress on the new features.

And those generators that might have helped the developers get started faster? Those are another asset that the company has to maintain.

Engineers! Not Developers

Here’s the thing. Software Engineers want valuable outcomes. Software Developers just write code. For the first time, it’s actually easy for engineers to focus on engineering and deliver outcomes. For too long, they’ve spent more time discussing the appropriate way to do things and writing code, rather than just delivering on those valuable outcomes.

These LLM based IDEs make that possible by getting the repetitive, statistically similar tasks out of the way.

That enables your engineers to actually shine and to be PRODUCTIVE. They won’t need to seek ways to be efficient so they can get to the things that deliver value. They can just step straight to engineering solutions that deliver value.

Speaking of (over) delivering on value…

Which brings me back to my byline. SRC Innovations — using its Augmented Intelligence Delivery Model — had a 9 week project to build a client an MVP application that required many typical e-commerce functionalities, as well as integration with on-device hardware.

We completed their MVP in about 5 weeks, and kept on giving them MORE features so that at the end of that 9 weeks, they’d gotten ~67% more revenue generating features than they’d planned for in their MVP.

It meant some of their musings about “if we had this, we could do real world marketing campaigns”, became “Hey! We now have this feature that we can use for this style of marketing AND to make money!”

SRC delivered improved productivity which led to faster revenue generation.

What else more is there to say?

Talk to us

(Actually I’ve been told that there is one more thing to say) If you wanted to increase your PRODUCTIVITY. If you want a significantly faster path to value. If you wanted to use your current resources to get more value. Talk to us.

Our methodology is proven and has over delivered in the real world.

Originally published at https://blog.srcinnovations.com.au on March 18, 2026.

The Economy demands Productivity, not Efficiency was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

By now, a lot of people would have heard how an MIT report says that 95% of AI initiatives have failed. Looking purely at that headline, it looks like AI is a bad ROI, and people should stop trying to get it going in their organisations.

This is the furthest thing from the truth: Now is not the time to disengage from AI tech.

However, it IS time to properly understand what AI offers, when to leverage it, where to deploy it, and how to secure it.

It’s a huge topic, so let’s cover some of that in the rest of this blog!

“What Normalisation Are You Referring to?”

The “AI bubble” is not like the Dot Com bubble, nor any other bubble.

It’s not running on debt, hype-coins, or subprime mortgages. The major players — Microsoft, Google, Meta, Amazon — are all profitable through multiple revenue streams. Even the pure AI operators like OpenAI & Anthropic are being funded by deep-pocketed investors, not by banks handing out risky loans.

It’s not a bubble at all, and therefore not going to pop. It’s more like an overfilled helium balloon and it will instead calm down, deflate a little, and continue to exist in the background, hovering in the corner of a giant room after a child’s birthday party…

The normalisation that is going to happen is when people realise that their prior excitement about LLMs as the replacement of all things and greatest revenue driver of all time actually isn’t true. They’ll flip the lens around to examine AI, LLMs & GenAI as productivity enhancers instead, and then the new initiatives are going to be heaps more successful, and start being treated as just another tool that effective workers will be using to drive productivity.

About GenAI, LLMs, and Productivity Growth

Here’s another thing about GenAI, and LLMs in particular: They are a statistical machine designed to use historically trained data to predict what’s going to happen next. It’s a giant well of un-lived experience and a “knowledge” base that has been carefully curated based on previous learnings.

One day, I really need to do a post about the difference between “information” and “knowledge”, and how the concept of a website called a “knowledge base” is just fundamentally wrong…

If it helps, think of librarians in a closed stack library… Closed stack libraries don’t let you walk in and pick up any item you want. Instead, they have librarians that know enough about the books in the stack to give you an overview on any related topic, and maybe to even loan you the actual book. These librarians make your search faster, but it is still you who needs to do the reading, the deep thinking, and the application of this knowledge. All that execution is still your job.

LLMs (and all AI) are similar. They should be leveraged as a new tool to speed up information gain, knowledge creation & execution. It’s about productivity growth, eventually leading to revenue growth.

“Great, Show Me How”

Sure! Here’s 3 steps to normalising AI

1. Flip the Narrative

Stop doomsaying and nay-saying on AI. It isn’t here to replace people, and LLMs being a statistical machine isn’t a bad thing. AI is here to offload execution so humans can focus on what we do best: Assessment, Critical Thinking, and Creativity.

Nobody shames a plumber for using a pipe-bending wrench, they just appreciate the job was done faster and cheaper.

2. Identify where it helps

A recent (Feb 2025) analysis of Claude conversations found that

57% of usage suggests augmentation of human capabilities while 43% suggests automation

Find those areas of automation & augmentation in your organisation through curiosity driven exploration. Don’t guess or dictate. Actually map out where your people spend time and effort. Then you can pick the right tool to support it.

LLMs are good at turning messy human processes & information into structured, codified, units of execution. So focus on use cases where those pre-requisites exist.

Other times, your AI needs aren’t ChatGPT or Claude. Sometimes your AI needs are classical models, or ML solutions like classifiers.

The real skill isn’t in using AI everywhere — it’s in knowing where, how, and when to use it.

3. Start small, prove value

Don’t force workflow overhauls. If people are forced to change the way their work before they see value, they’ll resist the change.

Instead, meet your people where they hang out and show quick wins. Slip AI into existing tools and workflows and show value that make their current habits easier.

Small iterative improvements compound over time, just like interest in a savings account. That always results in longer term gains.

In Closing

I have intentionally not discussed why others have stumbled — that wouldn’t be flipping the narrative.

Instead, I’ve shared a proven 3 step playbook that will help normalise the use of AI in your organisation: Shift the conversation, find where it will actually help, and finally prove value with small, compounding wins.

If you’re on this journey — or if you like help spotting where AI can deliver real impact — reach out. Whether it is brainstorming quick wins, or sharing what we’ve already deployed, SRC Innovations has a library of proven & in-production AI solutions that fit into real workflows.

Let’s not look to disrupt for the sake of disruption. Instead let’s look for how we can leverage new tools to deliver value & productivity — quickly and consistently.

Originally published at https://blog.srcinnovations.com.au on September 10, 2025.

A Normalisation on AI Initiatives was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

SRC Innovations has successfully run a Product Catalogue Search Engine as a SaaS solution for a number of years now. It serves a range of Australian clients, serving search traffic using a mix of modern ML as well as classical AI methods.

I’d attribute part of our success to our use of the Google Cloud Platform (GCP) and it’s Google Kubernetes Engine (GKE) simply because it is very nicely integrated, whilst at the same time giving us the flexibility that is so desired where cloud deployments are concerned.

In this blog, I’m going to give a quick overview of our stack so you can see how we’re benefiting from GCP and their cloud platform.

The Srchy Stack

The bulk of Srchy’s services — both stateless microservices & stateful applications — sit within Google Kubernetes Engine. Over the years, within those GKE clusters, we have run:

• various Java based stateful search engines — backed by GCE’s “Balanced drives” for a mix of cost effectiveness and “good enough” disk IO
• MongoDb servers
• at least 2 RNN based Neural Network (mapped to a node with an attached GPU — of course)
• about 45 (currently) different microservices mostly using NodeJS
• several — more recent — LLM powered services
• a lot of batch jobs
• and one of my favourites… GCP’s Config Connector

All of these sit on a stack of GCE nodes underneath, efficiently sharing CPU + Memory resources during quiet times, and then scaling additional nodes when things get busy, and more instances are required so more compute resources are available.

About Config Connector

Config Connector is Google’s answer to “can we get a kubernetes based declarative mechanism to build GCP resources?”

In short, it lets you define GCP resources by using YAML from within a GKE cluster. If you’re already using Kubernetes, then you’d be very well versed in the approach, and you’ll appreciate how it works.

Config Connector vs Terraform vs gcloud CLI

Approach

• Config Connector: Declarative, eventually consistent
• Terraform: Imperative + with drift recovery mechanism
• `gcloud` CLI: Purely imperative

Runs

• Config Connector: Only in Kubernetes, only for GCP
• Terraform: Multi-cloud, dev laptop or pipeline, needs hosted solution for sharing state
• `gcloud` CLI: GCP only, can run from dev laptop or pipeline

Resource Drift

• Config Connector: Constant reconciliation with YAML
• Terraform: Checked on command
• `gcloud` CLI: No drift detection

Example Config Connector manifests

Below I provide two sample Config Connector manifests. These are actually part of our Helm charts ensuring that our microservices that may rely on things like Storage Buckets and their associated storage notification events can be co-deployed together, ensuring that their dependencies are met as per the good practices espoused by full stack Infrastructure As Code principles.

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageBucket
metadata:
  annotations:
    cnrm.cloud.google.com/force-destroy: "false"
  labels:
    helm.sh/chart: catalog-import-extract-monitor-0.1.17
    meta.srchy.ai/app: catalog-import-extract-monitor
    meta.srchy.ai/client: srchy
    meta.srchy.ai/client-env: prod
    meta.srchy.ai/client-brand: srchy
    app.kubernetes.io/name: catalog-import-extract-monitor
    app.kubernetes.io/instance: demo
    app.kubernetes.io/version: "0.0.17"
    app.kubernetes.io/managed-by: Helm
  name: srchy-monitored-bucket
  namespace: config-connector
spec:
  location: australia-southeast1
  storageClass: STANDARD
  lifecycleRule:
    - action:
        type: SetStorageClass
        storageClass: COLDLINE
      condition:
        age: 30
        withState: ANY

As you can see above, the storage bucket has — as part of its manifest declared a storage class of coldline after 30 days, and the Storage Notification — displayed below — even specifies the objectNamePrefix.

apiVersion: storage.cnrm.cloud.google.com/v1beta1
kind: StorageNotification
metadata:
  name: srchy-monitored-bucket-0
  namespace: config-connector
  labels:
    helm.sh/chart: catalog-import-extract-monitor-0.1.17
    meta.srchy.ai/app: catalog-import-extract-monitor
    meta.srchy.ai/client: srchy
    meta.srchy.ai/client-env: prod
    meta.srchy.ai/client-brand: srchy
    app.kubernetes.io/name: catalog-import-extract-monitor
    app.kubernetes.io/instance: demo
    app.kubernetes.io/version: "0.0.17"
    app.kubernetes.io/managed-by: Helm
spec:
  bucketRef: 
    external: srchy-monitored-bucket
  payloadFormat: JSON_API_V1
  topicRef:
    name: srchy-monitored-bucket-topic
  objectNamePrefix: upload/
  eventTypes:
    - "OBJECT_FINALIZE"

We have found this to be a significantly easier and more repeatable manner of deploying GCP resources.

About Google’s AI Services — Gemini & AI Studio

Google’s Gemini is acknowledged as a capable LLM and drives many systems — including OpenText’s own Aviator platform — and its API integrations with the rest of the Google ecosystem is pretty sweet. It’s AI Studio is also a very nice piece of developer kit, and makes it really easy to explore the quality of LLM prompts across different models at the same time.

This isn’t the right place for a full run down of Google’s AI services compared to others providers, but I do have some quick comments based on our experiences. The way that Google has integrated access to AI systems of all types — both modern neural network styles, as well as classical models — and made the necessary hardware also available via standard VMs and also via GKE is pretty impressive, and should make it a good pick for anybody who is interested in deploying AI at scale in this modern world.

Other GCP Resources

Before you get the impression that we only use GKE, I’ll also touch now on the other GCP resources.

Cloud Storage Object Buckets

Because, let’s face it, are there any cloud based implementations out there that haven’t benefited from cheap and plentiful object storage?

PubSub

GCP actually has a comprehensive and fully-managed PubSub offering in a single service that provides the typically desired message queueing, streaming, and pub-sub functionalities desired for eventing use cases.

This is — especially from an architecture and developer perspective — neater than some other cloud platforms’ combinations of 2 services to achieve almost the same thing.

We use it to — as mentioned above — identify when clients have provided their latest product catalogues so that we can ingest and run our ML workloads across them for search-related product enrichment before shipping them to our search engines.

Platform Security & Access Control — i.e. Artefact Registry, Secrets Management, and Service Accounts!

As you may have inferred, we run fairly swish DevOps pipelines, which includes a bunch of deployment pipelines. This means that we know we need to have stable deployment packages, without secrets committed to git, and with using service accounts that have really tightly controlled IAM policies.

Service Accounts & their associated IAM policies are all quite feasible as well via the Config Connector resources. We’ve had to do a nice little script separately to bridge the “We have a secret, how do we get it into Secrets Manager AND into Kubernetes” gap, but otherwise, Config Connector continues to be a good way to declaratively define GCP resources.

Observability — i.e. Logs Explorer, Log Based Metrics, and Alerts

You may have noticed that we use Istio as a service mesh in our clusters. This has made it very easy for us to set up our microservices to output access logs, which GKE then easily ingests into its Logs Explorer suite. We can then set up Log Based metrics so we can monitor things like HTTP traffic to our services, as well as other metrics. On top of that, we can turn GCP’s log based metrics into alerts based on thresholds, and have them integrated with Slack and our other alerting routing systems!

GCP also have a very nice query language for their Logs Explorer where it is straightforward for anybody to pick up and quickly understand how it works. This is a far cry from other logging solutions where their DQL tends to require a bit of effort to fully comprehend.

Observability — GKE Dashboards

I really want to give a special callout to GCP on how brilliant their out-of-the-box GKE dashboards are. We initially used a lot of prometheus + grafana, but we dropped most of it when GCP released their OOTB GKE dashboards as they give you everything you could ever need. Pod and node resource usage, filtered by namespaces, and even better, interactive playbooks about how to investigate and resolve cluster problems!

The Wrap Up

In a complex and varied landscape of multiple cloud providers, Google’s GCP has proven its functional strength and reliable infrastructure, combining to make our lives easy.

Their AI offerings especially from within their Cloud are superbly developer friendly and effective, streamlining our innovation without compromising depth.

For us as a consulting and product company, these efficiencies mean we can focus on delivering business value and engaging with the technical details that matter, rather than being slowed down by unnecessary hurdles.

Put simply: we like GCP, we’ll continue to trust it as part of our multi-cloud mix, and we’ll keep turning to it when it makes sense!

If you had questions about GCP, GKE, or how Google’s AI offerings can help your business drive real business value quickly, please reach out at https://www.srcinnovations.com.au/contact.

Originally published at https://blog.srcinnovations.com.au on August 26, 2025.

A Tale of GKE, GCP, and Product Catalogue Search was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

Artificial intelligence is rapidly transforming our world. From facial recognition technology to self-driving cars, AI is automating tasks, streamlining processes, and fundamentally changing the way we interact with technology. However, alongside the undeniable benefits come ethical considerations that developers and users alike must carefully navigate. From bias and discrimination to privacy violations and lack of accountability, the ethical pitfalls of AI are numerous if not implemented responsibly.

Data Privacy

The incredible power of AI is fuelled by access to massive datasets, including sensitive personal information of individuals. There are valid fears about privacy violations and lack of consent if this data is not properly safeguarded for appropriate use. According to surveys, data breaches and exposures are rampant across industries due to insufficient data governance practices.

Resolution Strategies

• Enforce principles like data minimisation to only collect what’s truly needed.
• Implement robust data protection measures, including encryption, access controls, and data masking techniques.
• Require opt-in consent and give customers control over their data use there by earning their trust.
• Conduct regular audits and assessments of AI systems and data practices to identify and mitigate security vulnerabilities and ethical risks.

Algorithmic Bias and Fairness

AI algorithms are only as good as the data they’re trained on. Unfortunately, biased data can lead to biased algorithms, perpetuating social inequalities in areas like loan approvals, hiring decisions, and even criminal justice. If the training data used to build an AI model reflects historical biases around race, gender, age or other protected characteristics, the model can simply perpetuate those human biases at machine scale.

Imagine a scenario where an AI system consistently denies loan applications from a certain demographic group or an AI recommendation engine not showing some of the opportunities to specific class of people in our society. We can talk about multiple examples like this which can lead to discriminatory outcomes in decision-making, resource allocation, or customer interactions.

Resolution Strategies

• Use tools to scan training data for representational biases and skews.
• “Test, Test, Test !” Test your models from different perspectives and dimensions such as technical, ethical, legal, social etc. Also you could measure the false positives rate, equal opportunity, individual fairness etc of the model for different groups and individuals.
• Test Models against benchmark datasets to check for discriminatory outputs.
• Set acceptable thresholds and guard-rails for allowable bias levels.

Transparency and Explainability

Many AI systems operate as complex black boxes, making it difficult to understand how they arrive at certain decisions. This lack of transparency can erode trust and raise concerns about accountability.

By understanding the reasoning of AI models we can get insights that we not apparent before which can lead to improved decision making and outcomes. This is also crucial in debugging problems and fixing incorrect predictions.

Resolution Strategies

• Use Explainable AI (XAI) techniques like Feature Importance, decision trees, counterfactual explanations etc.
• Allow user inputs to explore “what-if” scenarios to see how outputs change.
• Caution about the AI ability and scope. Provide clear notice and get consent from users when AI is involved and use simple non technical language to describe the functionality. For example how a specific product was recommended to the user while placing an order.
• Provide users a way to override AI generated outcomes when possible.

Human Oversight and Accountability

While AI automates tasks and streamlines processes, the human element remains crucial. There need to be clear processes for monitoring AI actions and enforcing guidelines around fairness, transparency and human values.Without mechanisms to audit decisioning processes and enact course corrections, AI could make critical mistakes or unethical choices while lacking true accountability.

Resolution Strategies

• Implement a Human-in-the-Loop (HITL) Approach. For example, design workflows where humans can validate or approve high stake decisions.
• Establish an AI ethics review committee. Establish clear governance framework and review the policies/guidelines regularly.
• Provide comprehensive training of employees. Educate decision makers on AI capability, limitations and potential risks.
• Develop contingency plans. Create protocols to quickly disable AI systems, have human based backup ready in cause of AI failure.

As AI transforms business operations, it’s important to prioritise data privacy and security. By implementing strong protection measures, being transparent, addressing algorithmic biases, and promoting ethical AI use, businesses can navigate the ethical challenges of AI with integrity. Embracing ethical AI principles goes beyond meeting regulations; it’s a commitment to safeguarding data privacy, establishing trust, and fostering a secure and ethical business environment for all stakeholders.

Whether you’re aiming to enhance your AI systems or seeking guidance on ethical AI implementation, our expert team is ready to assist. Contact us at hello@srcinnovations.com.au to embark on your journey towards AI excellence and ensure a future defined by trust and innovation.

Originally published at https://blog.srcinnovations.com.au on July 23, 2024.

Ethical Guardrails for AI Revolution was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

Static Sites aren’t anything new and go back to the very beginning of the world wide web so in this article we explore why many companies are giving static sites a second go as well as talk about the most popular tools for creating modern static sites.

A brief history on static sites

Traditional static sites were the only websites on the early internet even the Original Homepage of the World Wide Web was a static website. Essentially the web itself was static. But as technology became more sophisticated and business and consumer needs grew the limitations of the static web were exceeded. Around the same time SQL powered relational-databases were hitting the mainstream so business moved towards using databases to store and manage their content. This in-turn bought about the age of the web where new CMS products (content management systems) such as WordPress, Drupal and Joomla surged to prominence and the web as we know it today took shape. These new dynamic websites were able to de-couple the design of a website and the content making it possible to simplify websites as a collection of templates or partial templates i.e. headers / footers and stitch them together with the content upon request of the user. This lead to the rise of user-generated content or Web 2.0. The increasing complexity of the modern web hasn’t come without some drawbacks namely:

• Higher hosting costs — Dynamic sites are complex and have many components all of which require configuring and hosting.
• Lower performance — Each request requiring another code execution from the server.
• Lower security — Mass adoption of prominent CMS products luring cyber criminals to find and share common vulnerabilities.

Modern static sites over-come the limitation of their primitive predecessors as well as addresses the downside of dynamic websites with the advent of Static Site Generators (SSGs).

What is a Static Site Generator?

A Static Site Generator (SSG) is a library or framework which takes code files as input and compiles it to make static HTML documents that can be hosted directly on the Internet. Modern SSGs are an excellent choice for marketing websites, blogs, portfolios and even e-commerce sites. Modern SSGs have the following advantages:

• Templating — reusable UI elements and layout decoupled from content.
• Common content syntax — The advent of markdown has lead to a content authoring revolution.
• Lower hosting cost — Only requires the hosting of static HTML files.
• Lighting fast performance — very low latency from server requests thanks to lightweight output from SSGs.
• Better SEO — Improved performance of static sites means they rank higher than their heavier competitors.
• Improved security — Static sites have no backend for would be cyber criminals to exploit.
• Improved developer experience through modern tooling and logical architecture.

Top Static Site Generators

Now that we know what static site generators are lets talk about some of the most popular Static Site Generator frameworks.

Next.JS

Next.JS is arguably the most popular of this list but Next.JS is not limited to only being a static site generator it can also be used to create complex web applications offering Server-Side Rendering (SSR), Client-Side Rendering (CSR) all powered by React. Developers are able to control the level of SSR / CSR on a per-page level which makes Next.JS extremely powerful for a wide range of projects.

Features:

• Powered by React.
• Server-Side (SSR) & Client-Side Rendering (CSR).
• Incremental Static Rendering.
• Dynamic HTML Streaming.

Gatsby

Gatsby is another React powered static site generator it also supports deferred static generation (DSG), and server-side rendering (SSR) and boasts an excellent developer experience. As of version 4, Gatsby now gives developers the power to do static site generation at a per-page level allowing for more granular control of your project.

Features:

• Powered by React.
• Server-Side (SSR) & Client-Side Rendering (CSR).
• Deferred static generation (DSG).
• Static site generation (SSG) on a per-page level.

Hugo

Hugo is a popular static site generator which is powered by Go. Hugo boasts lightening fast performance claiming its build process takes less than 1 millisecond per-page. Hugo also claims to be a “content strategist’s dream” with unlimited content types, taxonomies, menus, dynamic API-driven content and extends traditional markdown with Hugo shortcodes to add even more flexibility for writing and managing content.

Features:

• Powered by Go.
• Lightweight and lightening fast performance.
• Markdown support.
• Pagination.
• Taxonomies.
• Internationalisation (i18n).
• Integrated Google Analytics support.
• Over 300 themes.

SvelteKit

Powered by Svelte SvelteKit is similar to NextJS in that its usefulness as a framework isn’t limited to only static site generation it can also be used for complex web applications featuring server-side rendering, client side routing and a number of adapters for different deployment targets e.g., Node.js, Vercel, and more to make deployments simple.

Features:

• Powered by Svelte.
• Dynamic Server-Side Rendering.
• CSRF protection.
• Client side routing.

Astro

Astro is a JavaScript UI Framework agnostic content driven web framework meaning it can be combined with a UI framework of your choice or leverage Astro components which are template components which render plain HTML so no client side JavaScript improving performance to the end user.

Features:

• Super light weight.
• Excellent documentation and developer quality of life.
• Beginner friendly.
• Server-Side Rendering as default
• No JavaScript by default — improving performance and saving devices of the client.
• Lightening fast performance.
• JavaScript library / framework agnostic — write components your way.
• Improved performance with the utilisation of component islands.

Eleventy

Eleventy is a relatively newcomer to the SSG space but is gaining popularity due to its excellent developer experience and impressive performance. Elleventy is built using vanilla JavaScript and Node.JS so is considered fairly easy for beginners and keeps the project lightweight compared to its competitors.

Features:

• Lightweight.
• Beginner friendly.
• High performance.
• Independent template languages.
• JavaScript library / framework agnostic.

Choosing a Static Site Generator

When it comes to selecting which Static Site Generator is right for your particular project there is a few considerations to keep in mind.

• Programming Language: Arguably the most important aspect to consider is the programming language the Static Site Generator is built on. Ideally you should choose a SSG that aligns with your existing skill-set.
• Required Features: The features required for your selected project could heavily influence your decision. For example for a simple portfolio or blog site Hugo or Eleventy would be more suitable but if your project requires something more complex you might be better off selecting Astro, Gatsby or Next JS.
• Developer Experience and Community Support: This depends on your level of experience but if you’re somewhat of a beginner you might be better off selecting Astro or Eleventy as both of these project have excellent documentation, community support and developer quality of life. Also worth considering that projects that lack community support might also have a shorter life span than their more popular counterparts.

Putting it all together

So in this article we’ve learned a brief history of the web. We learned about Static Site Generators, their use, and their advantages. We learned about the top frameworks for creating modern static websites and lastly we highlighted the considerations to be made when selecting which Static Site Generator you should use.

Modern Static Generators offer unique advantages when they are applied to the correct application. If you’re planning on making your project static and you’re still unsure of what to choose or you’d rather leave the selection process to the experts. Reach out to us as at SRC Innovations, we are more than happy to help.

Originally published at https://blog.srcinnovations.com.au on June 30, 2024.

Save money on hosting, enhance security and improve SEO with Static Sites | SRC Innovations was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

As technology continues to revolutionise and disrupt many industries, aviation is in the early stages of some exciting and profound changes in areas such as efficiency, safety, and passenger experience. In-flight medical events can be challenging for airlines to handle efficiently, as traditional methods often lack real-time support and coordination between airline crews and medical professionals.

SRC provided technical expertise to support Flightcare Global’s development of a revolutionary technology platform offering aviation medical solutions — Pre-Flight, In-Flight & Crewcare. The Flightcare Global technology platform provides a unique level of care and service to passengers, crew and airline operations.

This case study illustrates how this was all made possible with the agile and collaborative approach of SRC experts working closely with Flightcare Global.

Overview

• Client: Flightcare Global
• Industry: Aviation
• Key business functions:
• Passenger medical support
• Airline staff assistance
• Medical case management
• Location: Global
• Goal or Objective: Addressing the gap in the market for real-time medical support during flights, opening doors to additional components that enhance medical assistance for both passengers and crew members at every stage of their travel.
• Services: An advanced platform developed by SRC and Flightcare Global that facilitates instant healthcare communication and management.

How We Made It Happen

Throughout the engagement, we adopted a 3-phase approach to minimise costs and increase agility and value.

1. Prototype Development: An initial phase focused on crafting a compelling prototype to secure investments and ensure project sustainability.
2. Capability Expansion and Client Acquisition: With the prototype in place, phase 2 involved expanding system capabilities and acquiring clients, marking a significant shift towards market engagement.
3. Ongoing Development Model: As we onboarded new airlines, we began an ongoing development phase which maintains a responsive model that adapts to evolving clients and industry demands, thus ensuring the system’s relevancy and efficacy.

Our commitment to open and ongoing communication fostered an environment where ideas flowed freely and any concerns, changes in priority and new requirements, were promptly addressed. Our flexible team was capable of meeting client’s changes in vision, delivering on-time and under-budget solutions at each phase of the project, ensuring a seamless and efficient project progression.

I was already aware of SRC and the work they do, and after an initial conversation I felt comfortable they were the right partner. SRC felt like a safe pair of hands. Their breadth of experience, technical expertise and ability to work in an agile way drove our product’s success from the prototyping phase to the full-scale development.

- Micheal Monaghan, CTO at Flightcare Global

Depending on the evolving phases and tasks, we adapted our methodology to meet the client’s needs, providing an agile team responsible for the delivery of the user experience, technical design, web and app development, leveraging modern technologies on the cloud.

We developed a robust and scalable solution that can be adapted and enhanced across iOS, Android and web platforms to support their clients’ needs and evolving industry regulations. This is what makes Flightcare’s solution truly innovative.

- Vith Visagathilagar, General Manager at SRC

At SRC, we believed so strongly in the Flightcare product that we invested equity in the business, reflecting our dedication to its success and growth.

Key Success Criteria

• Working with a startup business like Flightcare Global, it was crucial to adopt an agile and collaborative approach. This methodology facilitated adjustments and allowed us to accommodate the evolving needs of the client.
• Through every phase of the project, challenges were identified and effectively addressed, leveraging SRC’s flexibility as a key asset. We responded to changing priorities and budget constraints by strategically adjusting our team size, broadening our skill set across technologies and ensuring that we continued to meet project deadlines effectively.

Conclusions

Flightcare Solution’s transformative impact on the aviation industry showcases the power of technology-driven solutions in enhancing safety and operational efficiency. By connecting airline crews with medical experts, passenger and personnel safety and well-being have been elevated at every stage of their journey.

Michael Monaghan added that:

The system performed well and achieved the scalability goals we had for the platform. Our customers have been delighted with the products and the intuitive interfaces across our service channels. SRC have been invaluable in realising our vision for the Pre-Flight, In-Flight & Crewcare products.

SRC’s responsiveness and commitment, enabled the delivery of a high-value product that filled a critical market gap and can be leveraged with numerous clients.

I knew SRC was able to deliver, and I had faith they would come through at every stage. We’d like to continue the partnership to keep adding features and deliver to client’s expectations.

I would definitely recommend working with them for their technical skills, flexibility, ability to deal with the demands of a startup and deliver a solution that scales up with enterprise customers.

- Micheal Monaghan, CTO at Flightcare Global

Contact us

Reach out to SRC Innovations for bespoke technology solutions that can transform your business.

Our team of experts is dedicated to working closely with you to develop and integrate innovative solutions tailored to your unique needs to help you gain the competitive edge required to stand out in your industry. Browse our site to read more about us or reach out on hello@srcinnovations.com.au to discover how we can assist you in achieving your strategic goals.

SRC Innovations: Flexible. Focused. Effective.

Originally published at https://blog.srcinnovations.com.au on May 6, 2024.

Transforming Travel Safety with Flightcare Global — A Case Study was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

Single sign-on (SSO) is a centralised authentication process that allows a user to access multiple applications or services with one set of login credentials (such as username and password).

AWS Cognito User Pools is one such service that facilitates your user authentication, authorisation and user management for web and/or mobile applications that can integrate with Federated Identities to support Single Sign-On capabilities.

If you are trying to get started with AWS Cognito, then keep on reading!

It explains how to enable SSO in AWS Console with AWS Cognito’s Hosted UI with SAML Identity Provider.

Wonder what the default AWS Cognito Hosted UI could look like?

Sign-in flow:

The diagram below shows a standard login flow using AWS Cognito Hosted UI which has been configured with a SAML Identity Provider.

Too Long Didn’t Read (TLDR) Version The TLDR version:

1. Have an Identity Provider (IdP) SAML2 file for SSO. Examples of an IdP are Azure, Google, Facebook and Apple.
2. Through AWS Console, navigate to your AWS Cognito Userpool and add an Identity Provider via Sign-in experience tab under the heading Federated identity provider sign-in.
3. In App Integration tab, under the Domain Panel, you either create a Cognito domain or a custom domain.
4. Still in App Integration tab, under the App clients and analytics Panel, select your App client. Here you will update the following Hosted UI configuration and Host UI customisation (optional).
5. Once these are configured for your AWS Cognito Userpool, configure your Identity Provider and prove them with an assertion consumer endpoint.

• e.g.: https://<Your user pool domain>/saml2/idpresponse
• With an Amazon Cognito domain: https://<YourDomainPrefix>.auth.<region>.amazoncognito.com/saml2/idpresponse
• With a custom domain: https://<Your custom domain>/saml2/idpresponse
• For some SAML identity provides, you also need to provide the service provider (SP) urn / Audience URI / SP Entity ID. e.g., urn:amazon:cognito:sp:<yourUserPoolID>

6. Once the above are done, you can access the hosted UI via the url: https://<cognito-or-custom-domain>/login?response_type=<response-type>&client_id=<userpool-app-client-id>&redirect_uri=<redirect_uri>

• response_type could either be code or token

7. Your application will have to be modified to handle the trigger logic of the Hosted UI URL and the redirect URL behaviour to use the tokens provided by AWS Cognito Hosted UI flow.

The “Ok, I need a bit more info & pictures” version:

Firstly, have an Identity Provider (IdP) SAML2 file for SSO.

• Examples of an IdPs are Azure, Google and Facebook
• This could be a metadata document (typically an XML file) or a metadata document endpoint URL

Then, through AWS Console, navigate to your AWS Cognito Userpool and add an Identity Provider via Sign-in experience tab under the heading Federated identity provider sign-in.

When creating an identity provider we have to take into consideration what we want to display as the Identity Provider Name and how the hosted UI will dynamically select the appropriate identity provider (if there are more than one identity providers).

To allow the Hosted UI logic to dynamically select the appropriate identity provider when inputing a corporate email, we need to provide a Provider name as the corporate domain e.g., corporation.com. Identifiers needs to also be configured with the corporate domain as this will help Cognito determine which identity provider to use when Hosted UI asks for a corporate email.
For more information about this, have a further read HERE.

Add sign-out flow should also be configured.

One last thing that needs to be configured properly before creating the provider is the Map attributes between SAML provider and your user pool. Will need this mapping to provide AWS Cognito the appropriate user pool attributes to successfully authenticate.

Once the identity provider has been created, in App Integration tab, under the Domain Panel, you either create a Cognito domain or a custom domain.

Things to consider when deciding to use Cognito domain or a custom domain.

1. Branding and User Experience: Custom domains allow you to maintain brand consistency throughout the authentication process. Instead of displaying AWS Cognito URLs to users, you can use your own domain, which enhances trust and provides a seamless user experience.
2. Security and Trust: Utilising a custom domain can increase trust among users. When users see a familiar domain during the authentication process, they are more likely to trust the application.
3. Ease of Use: Setting up a custom domain in AWS Cognito is straightforward and well-documented.

Still in App Integration tab, under the App clients and analytics Panel, select your App client. Here you will update the following Hosted UI configuration and Host UI customisation.

In the Hosted UI configuration shown above, you will have to update Allowed callback URLs, Allowed sign-out URLs and add the newly created identity provider in the Identity Providers section.

Hosted UI customisation allows you to modify the css of the hosted UI. More information HERE.

Once these are configured for your AWS Cognito Userpool, configure your SAML Identity Provider and prove them with an assertion consumer endpoint. More information can be found HERE. Below shows the possible endpoints to configure at your SAML Identity Provider.

https://<Your user pool domain>/saml2/idpresponse

With an Amazon Cognito domain:
https://<YourDomainPrefix>.auth.<region>.amazoncognito.com/saml2/idpresponse

With a custom domain:
https://<Your custom domain>/saml2/idpresponse

For some SAML identity provides, you also need to provide the service provider (SP) urn / Audience URI / SP Entity ID.
e.g., urn:amazon:cognito:sp:<yourUserPoolID>

Once the above are done, you can access the hosted UI via the url:

https://<cognito-or-custom-domain>/login?response_type=<response-type>&client_id=<userpool-app-client-id>&redirect_uri=<redirect_uri>

response_type could either be code or token

The response_type value will depend on the implementation of the application to integrate AWS Cognito's Hosted UI.

When code is used as a response_type, an extra step is required to be done by your application. response_type code returns a code as a parameter that's appended to your redirect URL. Your application needs to make a request to the authorisation endpoint to retrieve the identity/access token from Cognito.

Whilst token appends the identity and access tokens as parameters to the redirect URL.

With this, your AWS Cognito is configured to support SSO.

Sample Implementation

As mentioned above, depending on how you integrate Hosted UI into your application will help determine if you will be using response_type value of code or token.

Below will show an example of how you can use AWS Amplify to integrate AWS Cognito Hosted UI to your application. These examples will use Javascript as the programming language with React as the framework of a web application. This example will use a response_type value of token.

Install aws-amplify

npm i aws-amplify

Once installed, we have to configure aws-amplify.

The file below will setup the configuration required by aws-amplify.

// authConfig.js file which help configure AWS Amplify
const awsConfig = {
  Auth: {
    // REQUIRED - Amazon Cognito Region
    region: <region>,
    // OPTIONAL - Amazon Cognito Federated Identity Pool Region
    // Required only if it's different from Amazon Cognito Region
    identityPoolRegion: <AWS_REGION>,
    // OPTIONAL - Amazon Cognito User Pool ID
    userPoolId: <USER_POOL_ID>,
    // OPTIONAL - Amazon Cognito Web Client ID (26-char alphanumeric string)
    userPoolWebClientId: <CLIENT_ID>,
    // OPTIONAL - Hosted UI configuration
    oauth: {
      domain: <USER_POOL_DOMAIN>,
      scope: [
        "phone",
        "email",
        "profile",
        "openid",
        "aws.cognito.signin.user.admin",
      ],
      redirectSignIn: <REDIRECT_SIGNIN_URL>,
      redirectSignOut: <REDIRECT_SIGNOUT_URL>,
      responseType: "token", // note that REFRESH token will only be generated when the responseType is code
    },
  },
};
export default awsConfig;

Now that you have a function to set the configuration for aws-amplify, the code below shows you how you would use the function. On your main app file, import aws-amplify and configure.

// App.jsx
import { Amplify, Auth, Hub } from "aws-amplify";
import awsConfig from "./utils/authConfig";
Amplify.configure(awsConfig);

The following function ssoCognito will trigger the Hosted UI flow when function is called.

// src/api/ssoCognito.js
import { Auth } from "aws-amplify";

export const signInWithSSO = () => {
  // eslint-disable-next-line no-async-promise-executor
  return new Promise(async (resolve, reject) => {
    try {
      const user = await Auth.federatedSignIn();
      resolve(user);
    } catch (e) {
      reject(e);
    }
  }).catch((err) => {
    throw err;
  });
};

The following code snippet displays a sample usage of the signInWithSSO function in React.

// src/pages/login.jsx
import { useEffect } from "react";
import { useState } from "react";
import { signInWithSSO } from "~/api/ssoCognito";
import { Button } from "~/components";

export const Login = () => {
  const [error, setError] = useState("");

  const signInSSO = async () => {
    try {
      setError("");
      await signInWithSSO();
    } catch (err) {
      setError(err.message);
    }
  };

  return (
    <div>
      <p>Sample Text</p>
      <Button onClick={signInSSO}>"Sign in"</Button>
      <p>{error}&nbsp;</p>
    </div>
  );
};

When Hosted UI flow is complete and redirects the user, you will need to have a way to handle the Cognito session, the following code snippet shows an example of how to handle Cognito sessions via useEffect.

// App.jsx
import { Amplify, Auth } from "aws-amplify";
import { useEffect } from "react";
import { useNavigate } from "react-router-dom";
import awsConfig from "./utils/authConfig";

Amplify.configure(awsConfig);

const App = () => {
const navigate = useNavigate();

useEffect(() => {
  async function handleSession() {
    // Handle the Cognito session
    try {
      await Auth.currentSession();
      // You can also access user information like this:
      await Auth.currentAuthenticatedUser();
      // Redirect to the appropriate page if the session is valid.
      navigate("/sample");
    } catch (error) {
      console.warn("No valid session");
    }
  }

  handleSession();
}, []);

return (<div>Sample Code</div>)
};

export default App;

When the Cognito session is valid, it will redirect the user to the appropriate page. From here, application should continue as normal.

Advantages/Disadvantages Advantage:

• Easy Integration: straightforward way to integrate user authentication without having to build a custom authentication system from scratch.
• Support for Social Identity Providers: AWS Cognito supports integration with social identity providers
• Scalability
• Customisation: Allows the customisation of the look and feel of the UI to some extent. e.g. colours, logos and some aspects of the user interface.

Disadvantages:

• Limited customisation: customisation may not meet the specific design requirements of all applications.
• Vendor Lock-in: you are tying your application to the AWS ecosystem. Migrating away from AWS Cognito to another authentication solution may require significant effort and resources
• Learning Curve: integrating and configuring AWS Cognito, including the Hosted UI, may require a learning curve, especially for developers who are new to AWS services or identity management concepts
• Reliability on AWS Services: Your application’s authentication functionality relies on the reliability and availability of AWS infrastructure

Last Words

I hope that this one has helped you figure out how to configure AWS Cognito to use Hosted UI to enable Single Sign On (SSO) capabilities and get an idea on how you can integrate it to your application.

This is a basic way to do it. If you need help, OR wanted to discuss the right solution for you, contact us HERE.

References:

• Cognito App Client Configuration: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-configuring-app-integration.html
• Viewing Cognito’s Hosted UI: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html#cognito-user-pools-app-integration-view-hosted-ui
• List of Identity Providers: https://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html
• Cognito with SAML: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html

Originally published at https://blog.srcinnovations.com.au on April 3, 2024.

Single Sign On (SSO) with AWS Cognito’s Hosted UI was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

Reactivity is a programming technique that implies reacting to the changes in a declarative manner and this has transformed the way modern web and mobile applications are built.

Like its competitors such as React, and Angular, the reactivity system is one of the significant features of Vue.js. As the name suggests, at a very high level, it is related to reacting to the component’s data/state changes and updating views dynamically. When any of the data of the component’s state changes, it updates the view by re-rendering with the latest changes.

This blog aims to give you a high-level overview of how to implement reactivity system in Vue 3 using Options and Composition API.

Glance at Options and Composition API

There has been a lot of discussion about Options API vs Composition API since Composition API was introduced as part of Vue 3. So before we start with the reactivity system, let’s understand Options and Composition APIs.

Options API

Options API is a traditional way of declaring components in Vue.js. It consists of building blocks such as data, methods, computed properties, props etc. Options API is easy and simple to understand and is a good choice for beginners. However, it could lead to spaghetti code and fragmentation as codebase and complexity increase. Also, it does not provide reusability unlike the Composition API.

Given below is the example of the structure of the Options API.

Composition API

Composition API is a newer way of declaring Vue component introduced in Vue 3 to address the shortcomings of Options API. In the Composition API, everything from component data to methods to computed properties is declared in the setup hook. The main advantage of the Composition API is that you can abstract the functionality into its components. It can be reused in different components using a concept called Composable. Composable is a function that leverages Composition API and encapsulates stateful logic which then can be re-used in different Vue components. Here is the official documentation of the Composable https://vuejs.org/guide/reusability/composables.

The use cases of Composables are mainly renderless components (components without a template) from functional utilities to API handlers to fetch data, process and return with data and/or errors if any.

Given below is an example of the structure of the Composition API.

Here is the quick comparison between both the APIs

Reactivity using Options API

In Options API, all the properties declared under the data functions are reactive by default. Vue calls the data function while creating a component instance and makes all the properties reactive. However, unlike Vue 2 reactivity, the Vue 3 reactivity system uses Javascript proxies under the hood to create a reactive state of the component.

When declaring reactive properties to the component, make sure to declare those in the data function as those properties are added only when an instance gets created for the first time. You can still add the instance properties to the component outside of the data function but those properties won’t be able to trigger reactive updates.

For example, Let’s say we have a component ComponentA that uses options API and we have 3 instance properties declared. And we are rendering the title.

Initially, this will display Default title. Now when a user clicks on the button, it will update the instance property as you can see in the above screenshot and it re-renders the view dynamically. So now, the component would render Title A instead.

Vue also supports deep reactivity which means, in case of mutating nested objects or arrays, it will also trigger reactive updates.

Now, when a user clicks Update the suburb button, it should update the DOM with Suburb B.

This is a high-level overview of the reactivity in Vue 3 using Options API. To explore more about reactivity using options API, please refer to this documentation https://vuejs.org/guide/essentials/reactivity-fundamentals.html (and make sure to select Options API from toggle).

Reactivity using Composition API

You can declare reactivity in 2 ways: Ref() and Reactive() functions. The following section explains how to declare reactive values using both the ways and its limitations below.

Ref() function

You can declare reactive variables using the ref() function which takes a value as an argument and returns the Ref object where a value that is passed in as an argument gets wrapped with value object. As you can see in the example given below, the variable count is a reactive variable and then you can return it from the component so that templates can refer to those for rendering.

However, as you noticed, there is no need to refer to the variable count using .value in template syntax as Vue unpacks the value while rendering.

You can also update the reactive variable and to mutate the variable, you need to declare a function as part of the setup function and return that function just like a reactive variable.

As you can see in the below example, the increment function is defined in a top-level setup function and is returned so that the template can access it for event-handling purposes etc.

Under the hood, a dependency-based tracking reactivity system makes reactivity work where it creates tracks of every reactive variable at the time of first render and when any of the variables mutate, it triggers the re-rendering of part of the component that is tracking it.

Ref() function also supports deep reactivity where if any of the nested properties of the complex structures such as an array of objects etc are changed, it triggers re-rendering of the DOM. However, you can opt out of the deep reactivity as well where it would only track .value access using Shallow Ref. More on shallow reactivity can be found here https://vuejs.org/api/reactivity-advanced#shallowref.

Reactive() function

You can also define reactive variables using reactive() function which accepts argument but unlike ref() function where it returns a Ref object, it returns an object that itself is reactive using the proxy method. Hence, while accessing the variable in functions or templates, you do not need to use .value.

As reactive() function uses javascript proxies, it returns the same object when you call the method reactive on the same object or call reactive on the existing proxy.

However, there are a few limitations to using reactive() function

1. You can use reactive() only with object types such as object, array, map, and sets but not with primitive types such as number, string etc.
2. Replacing an existing reactive object would not work as “replace” destroys the reference to the previous reactive object.
3. It is not destructure friendly as destructuring primitive values of an object into variables or passing it to function would eliminate reactive linkage.

This is a high-level overview of the reactivity in Vue 3 using Composition API. To explore more about reactivity Composition API, please refer to this documentation https://vuejs.org/guide/essentials/reactivity-fundamentals.html (and make sure to select Composition API from toggle)

Seamlessly Transition with SRC Innovations

Whether you’re looking to migrate from the Options API to the Compositions API or from Vue 2 to Vue 3, remember that SRC Innovations is here to assist you at any time. We have skilled and experienced developers who are more than willing to assist you with these tasks.

Please don’t hesitate to contact us here.

References

• Reactivity Fundamentals: https://vuejs.org/guide/essentials/reactivity-fundamentals.html
• Reactivity in Depth: https://vuejs.org/guide/extras/reactivity-in-depth.html
• Composition API FAQ: https://vuejs.org/guide/extras/composition-api-faq.html
• BBEdit: https://apps.apple.com/au/app/bbedit/id404009241?mt=12

Originally published at https://blog.srcinnovations.com.au on February 26, 2024.

At SRC, we are at the forefront of empowering businesses of all sizes to gain a competitive edge in their industries. Visit our site to learn more about us and get in touch to discover how to transform your business through innovative and tailored technology solutions.

Reactivity in Vue 3 was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

We’ve had people suggest several things about Large Language Models (LLMs) that we felt was worthwhile touching on as we begin a new year, especially the comments like these:

“ LLMs are the way forward! “

and

“Who cares anymore about the other text based ML architectures?!”

LLMs are actually really complex

You might have heard similar statements too, implying that LLMs are all that businesses should now care about.

Proponents of those styles of statements tend to give the examples of:

• they can write code better than some of my junior developers!
• they can summarise big complex documents SO easily!
• they have replaced my call centre online chat team and none of my customers have realised!

Whilst LLMs are without a doubt pretty damned cool, and some of the above reasons ARE valid — and at least one feels mildly unethical — there are also multiple reasons why they aren’t the be-all and the end-all in ML systems.

LLMs are big & complex. Whilst it is hard to find verified data about how much has gone into OpenAI’s ChatGPT models, the general estimates and sourced data tends to be:

• 10–45tb of data
• 140+ billion parameters
• Enough parallel processing for training to be equivalent to 355 years of compute time

This has a whole bunch of implications. It immediately becomes something that only the bigger companies with deep, deep pockets can easily train for their own custom purposes. You COULD take one of the existing LLMs and — with its owner’s permission — additionally train it on your domain specific knowledge, but that’s still not going to be your LLM.

Google’s parent company has also gone on record to say that the costs of using a LLM to replace their current searches could increase costs by 10 times. Given they earn $60b a year, and are worried about the increased expenditure, you can see why it’s something only the biggest enterprises can afford it.

Those 140 billion parameters also require a lot more memory. That training data also requires a lot more storage and incurs more network costs.

As complexity of ML models increases, so do the costs. Quite simply, not everybody can afford building their own, and “renting” one isn’t always appropriate, nor realistic.

LLMs aren’t infallible

The whole hallucination thing has had a lot of coverage already so I’m not going to go into detail about it, but the fundamental thing is that you can’t trust ALL of the information you get from an LLM, therefore, it’s still not a 100% viable replacement for some things. And if you’re spending that much money on building your own… you’d probably want something a lot more infallible. Or if you’re using another company’s LLM, you probably already had some reservations & were (or plan to) carefully examine its limitations — just like you’d do for all SaaS. Right?

Those copyright issues…

As mentioned above, OpenAI’s GPT models were trained on an estimated 45tb of data that OpenAI got from various places. Several major content generation companies, like the BBC, and the New York Times, have alleged that part of the data was from their copyrighted content, and are pushing for an overhaul of the legal landscape related to the use of their copyright content that companies like OpenAI are using to generate revenue.

This makes the use of OpenAI’s stuff in a real production environment a minor item of concern… If the LLM that you are relying on suddenly gets shuttered/suspended/crippled due to legal issues, what is that impact to you?

There are several companies that are attempting to create LLMs that have a clearer chain of ownership with regard to training data, but they have yet to succeed to the level that OpenAI’s GPT models have. It’s also arguable if they can reach the same level of capabilities when they have less data to train on.

That said, OpenAI and other LLM owners are already working on ways to better separate copyrighted content from their training data, so this is definitely a space to watch.

The Alternatives

There are alternatives to LLMs that avoid some of the above problems. One of the ones that we’re using — for various reasons — within SRC Innovations are Recurrent Neural Networks (RNNs) utilising Long-Short-Term Memory (LSTMs) models. These are well known to generate short strings of text based on data, and have also been used in recent years to generate chatbots — albeit with a much more limited data set, and not anywhere near as chatty. But, it become well versed in domain.

We like these because we can train these much faster, and effectively, and with a set of data whose provenance we can be very clear on, and sometimes even on data that we can generate. Much more feasible for a medium sized company like us!

I’ve provided below a table that shows some of the more common text related deep learning models, and also order of magnitude estimates on the amount of data required all the listed text models

And don’t forget… Every increase in data, leads to a corresponding increase in training time!

Or even better: Combine them!

There are also no reasons why LLMs couldn’t be combined in their usage with other ML systems. Or to even mix LLMs with algorithmic systems.

For example, you could have a text based CNN that has been trained on your internal document corpus, and categorises them by information architecture & classifies them based on your security groups. And then let a LLM provide the results to a user, and then accept further input from the user to finalise the discussion!

Or use an RNN to process a series of time-based metrics regarding visitor traffic to your systems, and then an LLM to provide external contextual information regarding events that may be causing the trends that are seen in the visitor traffic.

Regarding how AI might replace human jobs fully…

I’m going to go on the record now and say that this isn’t going to happen in 2024. [Editor’s note: There’s some dissent within SRC Innovations about whether this COULD occur in 2024, but this is JT’s blog post, so I guess I could let him make this statement… 😉] It might many, many years in the future, but that won’t be in 2024.

What will happen, is that people might get replaced by other people that are better at using AI to help them perform their job.

Think of AI as another tool in your toolkit. If an experienced plumber is looking to hire another plumber, they’re gonna pick the one who is more handy with a wrench. Same story. In 2024 — and the years to come — businesses & people are gonna accomplish more if they properly utilise the tool that AI is, and competitors that don’t, are gonna fall by the wayside.

Sidebar: An example of how LLMs are not yet ready to replace people

Here’s an article where products on Amazon are turning up with names that have CLEARLY been generated by Chat-GPT. This is an example of AI being used poorly.

https://arstechnica.com/ai/2024/01/lazy-use-of-ai-leads-to-amazon-products-called-i-cannot-fulfill-that-request/

As I’d mentioned… People can’t be replaced by AI in 2024, but if these same people had used their AI properly, they’d be able to get more done, faster.

In Conclusion

Learn to use AI as a tool, and pick the one that is appropriate for what you’re trying to accomplish.

If you would like SRC Innovations to discuss what’s appropriate for your AI needs, please reach out via our website: https://www.srcinnovations.com.au, we’re very ready to help. 😀

We’re also contemplating a flowchart about how an organisation should approach the use of AI, please let us know if you’d be interested in that as a follow-up post. 😀

A note about the Images

Yes, those images are created by DALL-E, because I have 0 talent for art, and I didn’t want to bug my actual artistic crew (who are busy on something else) for a whole bunch of images. I did also put each of the generated images through Google Images to see if it looked like anything else that already existed. There are definite similarities in style, but nothing that looked exactly the same.

I hope you enjoyed my use of an AI tool to add some colour and whimsy to my post!

More importantly, I hope you found the overall post enlightening and helpful for your AI intents for 2024. Feel free to reach out if you wanted an opinion, guidance or even just with comments!

Happy 2024!

Originally published at https://blog.srcinnovations.com.au on January 15, 2024.

Entering 2024 with thoughts regarding Large Language Models & their limitations | SRC Innovations was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.

We stand at the threshold of a new era — a world powered by AI systems. It’s a world that promises increased productivity, efficiency, safety, transformation, and personalisation. We’ve all experienced the remarkable capabilities of technologies like ChatGPT and Mid-Journey, but amidst the excitement lies a darker side that may be as detrimental as it is beneficial.

Current Risks

Concerns such as deep fakes, mass surveillance, discrimination, privacy breaches, accountability, and job security pose tangible risks in this environment. To navigate these dangers, it is crucial to establish safeguards against misuse and address inherent software flaws.

These are the biggest concerns around AI systems (as identified by Forbes):

1. Lack of transparency
   The degree of openness and clarity in understanding how the AI system functions, makes decisions, and processes data. See Lack of transparency could be AI’s fatal flaw.
2. Bias and discrimination
   The potential for AI algorithms and models to exhibit unfair or prejudiced behaviour, leading to unequal treatment or negative impacts on certain individuals or groups based on their characteristics, such as race, gender, ethnicity, age, or other protected attributes. See Twitter taught Microsoft’s AI chatbot to be a racist asshole in less than a day.
3. Privacy
   The protection and control of individuals’ personal information and data. See Why artificial intelligence design must prioritise data privacy.
4. Ethical dilemmas
   This covers issues such as their autonomous nature, their potential impact of their decisions on individuals or society, and their involvement of sensitive data. Watch video on the self-driving car dilemma. → https://hls.ted.com/project_masters/4597/manifest.m3u8
5. Security risks
   Like any other software or technology, are susceptible to security breaches, attacks, and exploits if not adequately protected. See FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy.
6. Concentration of power
   The accumulation and centralisation of decision-making authority, control, and influence within a small number of entities or organisations that possess advanced AI capabilities. See How to solve AI’s inequality problem.
7. Job displacement
   The risk of automation and AI technologies to replace or eliminate certain job roles traditionally performed by humans. See AI and robots fuel new job displacement fears.
8. Dependence on AI
   The level of reliance of individuals, organisations, or society as a whole on artificial intelligence technologies for various tasks, decision-making processes, and functions.
9. Economic inequality
   The disparity in wealth, income, and economic opportunities that can be exacerbated or perpetuated by the adoption and deployment of artificial intelligence technologies.
10. Legal and regulatory challenges
    The complex legal and regulatory issues that arise due to the rapid advancement and widespread adoption of artificial intelligence technologies.
11. AI arms race
    The competition among countries, organisations, or entities to develop and deploy advanced artificial intelligence technologies for strategic, economic, or military advantage.
12. Loss of human connection
    The potential decrease or erosion of genuine emotional or social interactions between individuals due to increased reliance on artificial intelligence and technology for communication and engagement. See My Weekend With an Emotional Support A.I. Companion .
13. Misinformation and manipulation
    The potential for, particularly in the context of social media and information dissemination, to spread false or misleading information and to be exploited for nefarious purposes. See How AI will turbocharge misinformation — and what we can do about it.
14. Unintended consequences
    The unforeseen outcomes or effects that arise from the deployment and use of artificial intelligence technologies.
15. Existential risks
    The potential threats that advanced artificial intelligence technologies could pose to the continued existence of humanity or to the preservation of civilisation as we know it. This issue is captured in sci-fi movies like 2001: A Space Odyssey, West World and I, Robot.

Governments worldwide are racing to create legal frameworks that regulate AI to mitigate potential risks. Leading this effort, the European Union (EU) stands at the vanguard. In April 2023, they finalised a proposed framework that will undergo refinement and become law by year-end, setting the stage for responsible AI regulation.

By proactively addressing these challenges and implementing effective protection, we can ensure that the benefits of AI are harnessed responsibly, safeguarding our society and shaping a future where technology thrives hand in hand with human well-being.

—

The EU Proposal

The goals of the EU framework is to ensure AI systems are safe, transparent, traceable, non-discriminatory and environmentally friendly. Additionally they want AI system to have human oversight as a preventative measure to prevent harmful outcomes.

The EU’s regulatory framework adopts a risk-based approach, categorising AI systems based on the level of risk they present to users: unacceptable risk, high risk, limited risk, and minimal or no risk. Each category is subject to corresponding regulations, with higher-risk systems facing more extensive oversight and control.

Unacceptable Risk

AI systems deemed as posing an unacceptable risk are those considered to be dangerous to individuals and will be prohibited. Such systems include:

1. Cognitive behavioural manipulation of individuals or vulnerable groups, like voice-activated toys that encourage unsafe conduct in children.
2. Social scoring, involving categorising people based on behaviour, socio-economic status, or personal traits. For example, this is to avoid similar state control like the Chinese city that rated aspects of residents’ behaviour.
3. Real-time and remote biometric identification systems, such as facial recognition.

Certain exceptions may be permitted. For instance, “post” remote biometric identification systems, wherein identification occurs after a considerable delay, may be allowed for prosecuting serious crimes, but only with court approval.

High Risk

AI systems categorised as high risk, are those that have adverse impacts on safety or fundamental rights. These high-risk systems will be further divided into two distinct categories:

1. AI systems within the scope of the EU’s product safety legislation. This includes products such as toys, aviation equipment, automobiles, medical devices, and elevators.
2. AI systems falling into eight specific areas that will have to be registered in an EU database:

• Biometric identification and categorisation of natural persons
• Management and operation of critical infrastructure
• Education and vocational training
• Employment, worker management and access to self-employment
• Access to and enjoyment of essential private services and public services and benefits
• Law enforcement
• Migration, asylum and border control management
• Assistance in legal interpretation and application of the law.

Limited Risk

This largely refers to generative AI, like ChatGPT and Mid Journey. These systems would have to comply with transparency requirements:

• Disclosing that the content was generated by AI
• Designing the model to prevent it from generating illegal content
• Publishing summaries of copyrighted data used for training.

Minimal or No Risk

Limited risk AI systems must adhere to minimal transparency requirements, enabling users to make informed decisions. After interacting with the applications, users can choose whether to continue using them. Users must be informed when they are engaging with AI, including systems that generate or alter image, audio, or video content, such as deepfakes.

—

Alternative Approach

The UK government is pursuing a pro-innovation approach to legislation and regulation. Given the fast evolution of AI systems they want an agile and iterative development to react to the rapidly changing advancements in the field. Industry has praised this pragmatic and proportionate approach.

The approach is defined by five principles to promote responsible development and usage of AI systems:

1. Safety, security and robustness
   AI systems in the UK need to have been trained and built on robust data.
2. Appropriate transparency and explainability
   The users should be able to understand how the system operates.
3. Fairness
   AI must not compromise the legal rights of individuals.
4. Accountability and governance
   There should be adequate oversight and clear lines of accountability for the usage of AI systems.
5. Contestability and redress
   It is essential to have mechanisms for seeking redress in case an AI system causes harm.

This approach is designed to allow AI system development to flourish while putting in safety guardrails for the public.

The EU and UK have both defined their objectives clearly (“what”), but they are yet to determine the specific methods (“how”), which presents a more significant challenge for the lawmakers.

—

The Challenges

There are numerous challenges facing governments in framing an effective legal and regulatory framework in striking a balance between promoting innovation and protecting its citizens.

The most pressing challenges are:

• Clear definitions and terminology
• Adaptable regulations that can keep pace with technical advancements
• Auditing and certifications
• Effective enforcement
• Defining ethical guidelines and impact assessments
• Ensuring transparency through full disclosure of training materials and methodologies
• Creating accountability mechanisms for handling complaints or appeals
• Interoperability and consistency across international borders

—

Australia

In 2018, Australia unveiled a voluntary ethics framework. Since then AI systems advancements have snowballed and now Australia faces the real challenge to put in place proper legislation and regulation.

On, 1 June 2023, the Australian government published a consultation paper as a first step on this path.

Ed Husic, the industry and science minister, said “People want to think about whether or not that technology and the risks that might be presented have been thought through and responded to in a way that gives people assurance and comfort about what is going on around them. Ultimately, what we want is modern laws for modern technology, and that is what we have been working on.”

At the time of writing this the government have invited public feedback on how to mitigate any potential risks of AI and support safe and responsible AI practices (closes 26 July 2023).

No official time frame has been put on enacting legislation and regulation.

AI in the Lawmakers’ Cross-hairs

Already in 2023 there have been several major incidents that is turning the attention in global law makers. Here are two of the biggest stories.

ChatGPT and Privacy

In April 2023, the Italian government briefly banned ChatGPT over privacy concerns. Italy threatened to investigate whether ChapGPT complies with the General Data Protection Regulation (GDPR). The GDPR governs the way in which personal data can be used, processed and stored.

The tipping point for the Italians (and organisations like Samsung) was an incident on 20 March that the app had experienced a data breach involving user conversations and payment information.

Other nations, Ireland and Germany among them, are watching events in Italy closely to determine if they should also ban ChatGPT on similar grounds.

The Italian Data Protection watchdog disapproved of the “mass collection and storage of personal data to train algorithms” in the platform, citing no legal basis, and expressed concerns about exposing minors to inappropriate content due to lack of age verification.

The ban has since been lifted after Open AI (ChatGPT’s owner) introduced several privacy-related changes, including making it clearer to European users about how they can delete their personal data from the chatbot program.

Read more:
Italy orders ChatGPT blocked citing data protection concerns Samsung bans use of generative AI tools like ChatGPT after April internal data leak

Stable Diffusion v Getty Images

In February 2023 Getty Images brought a lawsuit against Stability AI, accusing the company of using 12 million images without authorisation or compensation to train its AI model.

Not only are the generated images a strong likeness they even apply the Getty Images watermark in a brazen trademark infringement.

Read more on this story: Getty Images lawsuit says Stability AI misused photos to train AI.

—

AI and SRC

At SRC, our Srchy product, an eCommerce product catalog search service, uses machine learning to personalise search results based on a customer’s behaviour. In our usage of AI our data collection is anonymised so that collected information has been stripped of any identifiable characteristics, making it impossible to link the data to specific individuals. This practice is common where organisations seek to analyse trends and patterns without compromising individuals’ privacy or identities. Customers receive the full benefit of AI without any risk to their privacy.

—

Forewarned is Forearmed

There are serious concerns raised over the risks AI poses to society and humanity.

One is a letter issued by the non-profit Future of Life Institute and signed by more than 1000 people including Musk, Apple co-founder Steve Wozniak. In the letter they call for a pause on advanced AI development until shared safety protocols for such designs were developed, implemented and audited by independent experts.

Another statement, issued by the the Centre for AI Safety and signed by the likes of the heads of OpenAI and Google Deepmind warn of the existential threat to humanity.

Could this be exaggeration driven by insincere motives? Is this just another Y2K-like hysteria? Maybe. But given the importance of the people in the technology field endorsing these letters it’s probably to our advantage to pay heed and tone down any scepticism, because what if they’re right? Can the risk be ignored?

Effective legislation and regulation is a countermeasure to the risks. At the rate AI technology is evolving governments must act soon in an effective and maintainable approach, lest we push all innovation offshore.

Originally published at https://blog.srcinnovations.com.au on August 4, 2023.

Fair Use — A New Beginning | SRC Innovations was originally published in SRC Innovations on Medium, where people are continuing the conversation by highlighting and responding to this story.