Assorted Links (Economics)

By On 19/03/2012 · Leave a Comment · In links
  1. Cartels are also an emergent phenomenon
  2. Excellent dashboards: What kind of revenue does it take to go public? and Do Tech IPOs Always Fall?
  3. Lack of profitability limited the early distribution of the barcode scanner
  4. Customer Lifetime Value techniques: ARPU-based, cohort-based,  and Bayesian-based methodologies
  5. Institutions and Technology: Law, as Much as Tech, Made Silicon Valley
  6. When Theory Matches Reality: AMD goes fabless as they don’t spur Intel to innovate more
 

Towards Optimal Software Adoption and Distribution

By On 18/03/2012 · Leave a Comment · In market shares, tech history, venture capital

Since the very beginning of software industry, it’s always been the same: applying the most innovative ways towards lowering the friction costs of software adoption is the key to success, especially in winner-takes-all market and platform-plays.

From the no-cost software bundled with the old mainframes to the freeware of the ‘80s and the free-entry web applications of the 90’s, the pattern is clear: good’n’old pamphlet-like distribution to spread software as it were the most contagious of ideas.

It comes to the realization that the cost of learning to use some software is much higher than the cost of software licenses; or that it’s complementary to some more valuable work skills; or that the expected future value from owning the network created by its users would be higher that selling the software itself. Never mind, until recently, little care has been given to reasoning from first principles about the tactics and strategies of software distribution for optimal adoption, so the only available information are practitioner’s anecdotes with no verifiable statistics, let alone a corpus of testable predictions. So, it’s refreshing to find and read about these matters from a formalized perspective:

The most remarkable result of the paper is that, in the case of a very realistic scenario of random spreading of software with limited control and visibility over who gets the demo version, an optimal strategy is offered with conditions under which the optimal price is not affected by the randomness of seeding: just being able to identify and distribute to the low-end half of the market is enough for optimal price formation, since its determination will depend on the number of distributed copies and not on the seeding outcome. But with multiple pricing and full control of the distribution process (think registration-required freemium web applications) the optimal strategy is to charge non-zero prices to the higher half-end of the market, in deep contrast with the single-digits percentage of the paying customers in real world applications, which suggest that too much money is being left on the table.

 

Assorted Links (Theory)

By On 12/03/2012 · Leave a Comment · In links
  1. John Nash’s Letter to the NSA (in the same premonitory spirit of Gödel’s letter)
  2. Computing 10,000x more efficiently
  3. Superexponential long-term trends in technological progress
  4. Superb discussions on the practical feasibility of quantum computing while IBM deeps into the future: Perpetual motion of the 21st century?, Flying machine of the 21st century?, Nature does not conspire and The Quantum Super-PAC
  5. Consensus Routing: the Internet as a Distributed System
  6. 30 years since the BBBW protocol, the first quantum cryptographic protocol, and 4093 patents later.
 

Book Recommendations

By On 11/03/2012 · Leave a Comment · In books

Cryptanalysis of RSA and it variants. It’s always fascinating how even a simple set of equations can give rise to some many cryptanalytic attacks, and just by looking for some corner cases: small public and private exponents, combined with the leakage of private parameters and instantiations sharing common modules or private exponents. To prevent these attacks, variants were also invented: like using the Chine Remainder Theorem during the decryption phase; or using modulus of special forms or multiple primes; plus choosing primes p and q of special forms or the dual instantiation of RSA. If I wouldn’t have read the hundreds of papers covering these topics, I would have loved to start with his book.

The Tangled Web. The web is the biggest kludge ever: a chaotic patchwork of technologies with security added as an afterthought. Understanding the details and motivation behind each security feature is no small feat whatsoever, an effort that can only be carried out by someone, like the author, well battled on exploiting them through the years. Reviewing the entire browser security model through its history it’s the only way to get a full understanding of how things have come to be the way they are, and this is the definitive guide to understand how complexity quickly builds up in security front when it’s not been planned since the beginning.

 

Assorted Links (Crypto)

By On 27/02/2012 · Leave a Comment · In cryptography, links
  1. NaCL: Crypto Library Secure Against Side-Channel Attacks
  2. General Number Field Sieve in Fortran 90
  3. Satellite ciphers, GMR-1 and GMR-2, have been broken
  4. Is Cryptographic Theory Practically Relevant?
  5. There always will be people picking bad RSA keys and ciphertexts leaking information via their length
 

The Newly, Unknown Cryptography

By On 26/02/2012 · Leave a Comment · In computer security, cryptography

The first electronic and programmable computer, Colossus, was created to break the Lorenz cipher as implemented by Enigma machines. Since then, the exponential growth in the computational performance of integrated circuits has given rise to a cryptographic arms race in which safer encryption methods are conceived to protect information from the most recent and powerful crypto-analytic attacks. This competition with no end in sight was the key behind the development of cryptography as an academic discipline in the 70’s, a key turning point that left behind methods that resemblings those of pre-scientific periods: the dawn of the classical epoch of cryptography saw the invention of the well-known algorithms Diffie-Hellman-Merkle and Rivest-Shamir-Adleman, now fundamental for electronic commerce in the Internet era.

But in the last decade, the greater emphasis on models, formalization and the building of provable secure protocols transformed the discipline in a transcendental way: however, many of these results are yet to be implemented. Next, some of the most interesting constructions, that only appear on the academic literature and are not yet published in textbooks:

  • Identity Based Encryption: public cryptography reduced the problem of information security “to that of key distribution” (Martin Hellman) and IBE schemes are the next step forward, because they enable the use of any string as the public key. This way, the recipient’s email address could be used as the public key, even if he didn’t requested a certificate for it, removing the need to pre-deploy a Public Key Infrastructure and their cumbersome costs. Later variants even allow for the use of biometric identities with the introduction of a margin of error in the definition of the public key, or for the efficient revocation of certificates.
  • Attribute-Based Encryption: embedding a Role-Based Access Control model in public key cryptography, so every private key gets associated with a set of attributes representing its capabilities and every ciphertext could only be decrypted by those users complying with a prefixed set of attributes (vg. only “NATO officials” with an authorization level of “Cosmic Top Secret” are able to decrypt an important document). Later variants develop advanced features, like doing without a centralized authority.
  • Predicate Encryption: generalizes and extends the previous IBE and ABE schemes, allowing for the encryption of the attributes and the decryption policy itself, and for far more granular policies.
  • Signcryption: as the name implies, performs the encryption and signing at the same time, with lesser storage and computational costs than if the operations were individually carried out.
  • Post-quantum cryptography: after Shor’s algorithm for efficiently integer factoring, new public key encryption algorithms are required, resistant to cryptanalytic methods enabled by quantum computation, like NTRU.
  • Proofs of retrievability, ownership and work: a must in the cloud computing world, they respectively allow checking the integrity of remotely storaged files, without the need to keep a local backup of them; and storing only one copy of the same encrypted file (both proofs can be joined in just one proof of storage); or to proof that a costly computation has been carried out, a very useful primitive to fight spam and the basis of Bitcoin.
  • Zero-Knowledge Protocols: This fascinating idea, initially contradictory, has become a fundamental building block of modern cryptography as the basic primitive for authentication and secure computation, among others. They allow proving the truth of a statement to another party, without revealing anything but the truthfulness of said statement, or in other words, to proof that the solution to a problem has been found, but without having to show the result to prove it.
  • Commitment schemes: one party commits to a value, but keeps it hidden with the option to reveal it later. Intimately related to the previously described zero-knowledge protocols, they also are a fundamental primitive for more complicated protocols, in practice and in formal proofs.
  • Private Information Retrieval: this family of protocols enables to privately query a database with very little overhead, without revealing to the server the exact information that is being search for. For example, a modern implementation of PIR-enabled MapReduce only introduces an overhead of 11%.
  • Threshold cryptography: a set of modifications to common encryption schemes to share keys within a group, so at least a set of parties over a threshold are needed to decrypt the secrets. Their equivalents for signing schemes are ring signatures or group signatures.
 

More on Software Patents

By On 30/01/2012 · Leave a Comment · In finance, venture capital

As a follow-up to my previous post on software patents, this very interesting and recent survey on the economics of patents:

 

Assorted Links (Cloud Computing)

By On 29/01/2012 · Leave a Comment · In links
  1. The Magellan Report, or how the cloud is not yet ready for HPC
  2. The Jungle of Hardware Heterogeneity, the cloud as a consequence of hitting the limits of Moore’s Law
  3. Unconditionally secure cloud computing: an experimental demonstration of Blind Quantum Computing
  4. Vanishing margins in cloud computing: the case of Netflix
 

How Boundaries in Software Rise and Change

By On 28/01/2012 · Leave a Comment · In tech history

There is no complete theory of what features should be included within a software product, or what features should be left out. It’s more of a question of complex technical trade-offs and product-roadmap decisions taken in response to market competition, a mixture of interests and consequences that sets the present boundaries of software products. For instance, the detailed analysis of the evolution of operating systems reveals a rich history of shifts and reversals: on one hand, the operating system supplier must offer equal and free access to as much services as possible to the ecosystem of software developers, with the intent to avoid code redundancies for basic functionalities, so the platform benefits from the various network effects (two-sided, direct and indirect), but also taking into account that bloating the kernel with too much code may perhaps increase maintenance and support costs to extraordinary degrees; but on the other hand, a too small kernel also reduces lock-in. The best starting point for understanding the different forces and interests that came into play is the following paper:

Download (PDF, 312.26KB)

Another, and less strategic viewpoint, considers the answer of the correct place for a given functionality (exact processor ring, kernel/user mode and/or if it should be a library provided by the OS) a matter of custom and efficiency: for example, the need to get rid of the latency from user-mode calls to the kernel has always pushed more functionality into it, together with satisfying the demand of a basic security model. But these are just examples of the multiple balances that have to be struck, and what’s really interesting is to search for the non-obvious trade-offs and how they have given rise to different cultures of computing. Consider the case of the graphical interface and the window system: in the Unix tradition, a minimalistic approach was taken in that most of it is taken out of the kernel and even relegated to third parties (X Foundation), but the Windows tradition opted for the opposing approach, so it includes the Windows Manager and the GDI framework in kernel space; the consequences are long and lasting, even disastrous in the security space,  like how any X client can dump the content of an arbitrary window, including the ones it did not create. Also note that the precise breakdown of the barrier of user and kernel mode varies over time: traditional kernel-mode components are being moved into user-mode processes, like the User-Mode Scheduling for threads and the User Mode Driver Framework. But at the end, the truth is that the forces shaping the design of operating software tend to be more of economic than technical nature, as exemplified in the discussions collected in the following paper:

Download (PDF, 482.72KB)

 

Assorted Links (Data Processing)

By On 16/01/2012 · Leave a Comment · In links
 

Software Patents: Just Use Them Well

By On 15/01/2012 · Leave a Comment · In finance, tech history, venture capital

Holding a contrarian view could carry out great benefits: there has always been a need for a procedure to protect any innovative software from reverse engineering that at the same time allows for its appropriation and exclusionary use, as well as it precludes any imitation of its functionality, implementation details aside. This procedure really exists, it’s the proverbial patent: a negative right, temporal and exclusionary, to protect any novel intellectual property in exchange of publishing enough information to replicate it. In some sense, it’s the only open window for the ordinary citizen to introduce its own personal legislation, a strong general purpose tool, however double-edged it may be.

The frontal and so popular opposition to software patents transcends the software world: indeed it can be found in past centuries and for other technologies; for example, the most cited case, and therefore so full of hyperbole, is the decades-long delayed adoption of the vapour machine due to the machiavellic use of the rights conferred by one of its patents.

Regarding current practices, a detailed study of the descriptive statistics of the use of software patents shows that they have been the fastest growing category for decades, though software companies have not been granted many of them because the biggest appliers are other industries similarly intensive in their use of IT capital but also with a strong record of filing for strategic patents. Note also that in the absence of strong patents rights, custom and common sense have required the use of copyright protection (which also does not need to give up any source code) even if it’s a far weaker protection: in fact, both of them are complimentary, but their actual use is substitutive, because whenever one of them is weakened, the other gets used much more.

From a purely economic point of view, studies show a statistically significant increase of the stock value of the software patent-owning companies and they happen to be a mandatory prerequisite to enter markets in which the incumbents already own strongly interdependent patent portfolios. And contrary to general opinion and practice, their use in software start-ups is, overall, positive: they increase the number of rounds and their amount, as well as survival and valuation in case of acquisition. From a strategic point of view, software patents raise barriers to entry acting as a deterrent mechanism to the kind of competition that just follow profits without investing in any kind of sunk costs in the search of technological advances: in short, an increase of 10% in the number of patents entails a reduction in competition between 3 and 8 per cent. And even if their valuation is a very complex matter, the intrinsic value of software patents is higher than that of the rest of patents.

In practice, the biggest burden in their granting and defence is the search of prior art: that is, even under the assumption that the inventor is operating under the principles of good will and full coöperation, he can’t get access to the full prior art because most software is developed internally for companies and never sees the public light. This gives rise to a great number of non-innovative and trivial patents, and others that ignore the prior art on purpose, a matter which sometimes can be difficult to settle (vg. Apple Multi-touch, Amazon 1-click). Fortunately, malicious uses don’t fare well in the Courts of Justice: the strategies of the so-called patent trolls aren’t successfully long-term, that is, those who are operating within the letter of the law but against its spirit, and are using the patent system to extract rents from others that are using them for productive purposes, a problem that carries a very high economic cost. Only their fair use brings a true premium to business valuations, that is, building a good patent portfolio that does not enter into practices of dubious ethics like filing for patents that only pursue the cross licensing with competitors to avoid paying them for their intellectual property.
The fastest way to begin to learn how to write software patents is to start with this set of documents. And since real learning only happens from the best sources, there are lots of noteworthy software patents, examples to follow for their high degree of inventiveness and the business volume that they backed and helped generate:

  • The first practical algorithm to solve linear programming problems.
  • DSL, the technology that allowed for the cheap diffusion of broadband connectivity.
  • Pagerank, the famous patent that laid out the foundations of Google; it also takes into account the method to quickly compute the rankings of indexed pages.
  • Lempel-Ziv-Welch, the well-known algorithm for lossless data compression.
  • In the cryptography field, the RSA and ECC algorithms, at the core of public key cryptography.
  • The beginnings of digital sound would not have been possible without the DPCM method or FM sound synthesis, and the patents of MP3 compression are dispersed across many companies.
  • In the storage field, it’s curious how RAID was invented a decade before its definition as a standard.
  • Regarding hardware, we shall not forget the patents awarded to the transistor (Shockley and Bardeen) and modern magnetic storage enabled thanks to the GMR phenomenon.