O'Reilly Digital Media

Analyst Andrea Rice of Deutsche Banc. Alex. Brown in San Francisco spoke at the first day of the P2P Working Group meeting in Santa Clara today.

She was asked to share her insight as to how P2P companies should more effectively communicate their value in order to secure more funding.

Her answers were simple and possibly predictable, but extremely valid:

1. Have a solid business model
2. Have customers who are willing to pay for the product

She went on to describe that, although Deutche Banc is looking heavily at the P2P space, it to date has not made any investments or committments. She explained that the due diligence process would involve a lot of conversations with the prospective or existing customers of the company, questioning how much money those customers were really willing to commit to the P2P solutions.

Implicit in her discussion was that any financially successful business models were sales to the corporate sector (i.e. not to consumers.) She questioned whether P2P was a “new industry” and asserted it was more accurately an “extension of existing technology”.

She gave a somewhat useful analysis of potential revenue streams, basically listing all the models she was aware of being tried: licensing (per desktop or site), ASP model (per resource, per asset, per computer, per transaction), etc. She concluded that a per seat license was the most likely near-term model for enterprise clients. And then she honesly pointed out how few paying customers there were in P2P.

I agree with this sober analysis of P2P. It is a pity that P2P did not coalesce as a technology and a movement during a more excited and confident period of investment, as it would have given us more room to make mistakes as we experiemented.

I also think that it is useful to look at P2P from the perspective of an financial outsider: While they don’t have any particular passion for technology, they don’t want to be left out on the “next big thing.” To them, P2P seemed initially like the hotbed of new technology, but in the same way that “biotech” or “optical” or “wireless” might be- the interesting aspect was the potential revenues, not the interesting cultural phenomenon.

When you then put on your analysts hat and look at the financial indicators, the “vital signs” of a new industry, P2P looks awful- the complete lack of revenues throughout the new sector demonstrates that P2P is not yet adding value, and the erosion of intellectual property respect might be percieved as actively destroying value… which of course, is not particularly impressive to a financial analyst in their search for new areas to invest in.

Even the analysts understand that P2P is not merely hype, that it is a uniquely new category of innovation and technolgy, and that it has great potential. But they don’t grade on a curve and they don’t give any credit for effort. And they want to see substantial revenues, not baby steps and “look we made our first sale”.

We can prove that we’re great business people as well as great engineers by making our revenues just as massively scalable as our network technologies.

And if you don’t think you have the skills to write that business plan, go get a businessman who can. They’re available. And they’ve rolled back to running Business 1.0, a time-tested financial operating system. Apparently, Business 2.0 was buggy and crashed. :)

Is mentioning revenues and fiscal responsibility offensive and disgusting in a P2P collumn? Or was this data useful?

Related link: http://segfault.org/story.phtml?mode=2&id=3b150210-00f13b00

Well, maybe not. But it sure seems that they’ve sued everybody else involved in music technology after looking at the names that they have filed lawsuits against.

Most decentralized applications have the concept of community membership. A node is expected, or at least hoped, to obey certain rules. “Give to get” in Gnutella and Napster is one example, storing the file indices of others is another. What is different and compelling about Freenet is that the technology is designed to enforce global rules about behavior in a decentralized way: it is about citizenship rather than membership.

Freenet is built in these layers, in this order:

1.  Anonymity is good.
2.  The mixnet strategy can be used to game for anonymity.
3.  Any technology that helps the mixnet strategy is good.
4.  Any technology that does not compromise the mixnet strategy is acceptable.
5.  Participants in a distributed mixnet have a civic duty to support all of these rules.

The important thing is that the developers don’t want you in the community unless you agree with all of the above. Within the limits of their power you cannot attempt to undermine anonymity or the mixnet strategy. The web, Gnutella and Napster all define rules as whatever the parties are willing to tolerate. Seti@home et al define rules as whatever the master node is willing to accept. Freenet defines rules as civic duties. Either you are for anonymity via mixnets or you are not in the community.

Freenet is an implementation of the political ideal that there should be tightly integrated and highly disciplined societies. This is a lot more unusual than anonymity.

True?

Related link: http://www.eetimes.com/story/OEG20010522S0078

Wireless technology finally gets some good news, as Compaq’s Evo will bring 802.11b and Bluetooth as a standard feature to their laptops. According to EETimes.com, users can now slide in a newly developed wireless connectivity module, based on either 802.11b or Bluetooth, with antenna and radio in a single assembly, without concerns for RF interference. In related news, Starbucks stock looks to go through the roof upon Compaq’s announcement as web professionals start calling the coffee chain “their office.”

Related link: http://www.venturewire.com/story.asp?sid=28303

Groove is laying off 19 people, 8% of the workforce. The company will focus on larger companies, moving away from small- and medium-sized businesses.

For the record, I am at WWDC right now and they have smoothed out most of the bad user interface issues that plagued OS X last year.

My main pain was that, last year, Apple had clearly not thought out it’s new UI. It was basically a brand new port of OS 8 onto NextStep. It was a graphical mess, and painfully showed the breaking of many old user interface metaphors with no clear replacement.

A year later, this has matured greatly, and I am beginning to have a respect for how much the UI has matured, but mainly in that all the elements have been thought through.

The particular piece that sold me the most was Apple’s new developer tools- specifically,

Interface Builder. One of the coolest features of Interface Builder is it actually has the new user interface guidelines programmed in- so the designer constantly reminds you to “do the right thing” when it comes to button positioning, windowing, etc. And it takes care of the “pixel counting” tasks that make anal-retentive GUI design difficult for some.

I don’t mind a new metaphor, if it is well thought out. Aqua seems farily well thought out by now. I suppose I should delete my (fairly stale) weblog flaming Aqua, now that Aqua is starting to do a stable, consistent thing.

Related link: http://badblue.com/index.htm

Digital ecologies are populated via a variety of survival techniques. While ultracool projects like FreeWeb grab as much attention as as they can fit in their mouths, the ridiculously minimalist BadBlue goes the opposite direction.

BadBlue is a tiny web server - footprint 161K - that you can use to share files. Download, install and configuration take approximately nanoseconds. The official feature list, taken straight from the PR:

Yeah, well, whatever. It’s a web server — it’s not supposed to blow your mind. What I like is all the junk that’s missing.

My pal Jim Nachlin shares out files with a web server (Apache, not BadBlue) on his home box. It’s not indexed by anybody and there’s no domain name. If you meet him at a party he might scrawl the IP address on a scrap of paper for you. What else do you need?

IM is pretty much exactly what it has been for years. Web browsers haven’t moved far beyond Mosaic. Email is still ASCII, not HTML. There is a realistic chance that small, simple, unsexy web servers are the future of filesharing.

Remind me what the problem is with the web again?

Related link: http://www.openp2p.com/pub/a/p2p/2001/05/21/lawyers_intro.html

Vivendi Universal bought MP3.com, it was announced today for $372 million. The buy-out comes mere days after the two companies faced off at congressional hearings on music publishing rights. At the hearings, Real’s Rob Glaser demo’d MusicNet, the competing service to Universal and Sony’s Duet.

Open Source and P2P

Whatever investors think of open source, peer to peer developers have embraced it. The early success of Jxta shows why.

Sun’s open source business strategy for Jxta is boringly obvious: give away razors to sell blades. Free the platform and generate revenues on ancillary products like consulting, security, and payment. The problem with the razor strategy is that it sometimes amounts to unilateral disarmament. If the core product doesn’t reach a level of adoption that leads to demand for value-adds, then the company has lost the ability to charge for anything at all. With adoption comes free developer time, grassroots marketing, and a snowball effect. Without adoption there are fixed costs but no product.

For networking platforms the importance of adoption is magnified by Metcalfe’s law. Utility of the platform comes from users at least as much as software. Anything a company can do to encourage adoption is even more effective than normal; low adoption makes good technology superfluous. This is the reason why developers of collaboration software (like Magi and Uprizer) are more likely than many others to use open source: they live or die by adoption.

Jxta

In that context, open source has made Jxta a runaway success for Sun. There are currently 14 projects listed on jxta.org. There are ports underway by independent developers to C and C++, to the WinCE platform, to Linux on the iPaq. There already exists a chat tool based on Jxta, created at no charge by a third party. There is a reputation management project. There is much talk of payment mechanisms, and it is likely that these are under development in stealth mode. The main mailing list is high traffic and high quality. Clip2 is running a high availability rendezvous service, with the source open.

Less than one month from first release there is strong adoption.

Sun stands to gain a lot. Free developer time, of course, but also high quality developer time: killer programmers are plentiful in the open source world but scarce and expensive in the secret source world. Buzz is doing Sun’s marketing for free. The ideological appeal of open source is generating goodwill among developers who had been alienated by Sun’s predatory habits (for example, in appropriating without credit the Linux Java port by the Blackdown group). Network effects are magnifying Jxta’s value. The more attention a project gets, the more ego strokes are available for open source contributors, so Jxta’s success is sucking developers away from rival platforms.

Business and Investment

This is all happening in opposition to investors’ mach ten flight away from open source businesses like Eazel, Linuxcare and Red Hat. Since Sun’s ultimate goal is to sell servers, and they aren’t primarily seen as an open source company, investor psychology with regard to open source doesn’t affect them. They are free to use their own judgement.

Tech trends are cyclical. One of the first things to happen in the cycle is the founding of businesses devoted to that trend, for example open source businesses or P2P businesses. If the technology is successful it eventually gets adopted by businesses with other revenue streams. GPS road maps in automobiles; shared source by Microsoft; decentralized networking by the defense industry. By then investors are long gone, their attention spans exceeded years before. Now consider that Jxta is hosted at Collabnet, co-founded by Brian Behlendorf of the Apache group, and one of those open source businesses.

(Unauthorized distribution +

 open source +

 a far out technology platform) =

Real customers with real checkbooks?

Sometimes life is far too kind.

In the context of a web of trust, it takes linguistic gyration to make the word “trust” useful. The reason it does get used is historical — these ideas came out of the security community. But in a modern context the word “trust” is either is so vague that it’s useless or is outright misleading.

If you trust someone to do a particular thing or be a particular way, it means that you believe you have an acceptably good prediction. The idea breaks down into useful components:

1. You believe: Tit-for-tat interactions are based in the self. There is a You to profit, and in this case it does trust its own judgement.
2. in a prediction: The judgement is an analysis of existing data for the purpose of deciding whether some transaction will be profitable.
3. that you made: Nobody but you shares your self interest, but others do affect it. So you have a logical system based on induction. I extend the ability to affect me to parties that I directly interact with (the 0 step). Parties interacting with parties that have the ability to affect me have the ability to affect me (the n+1 step).

The only “trusting” going on is between you and your judgement — a hopelessly vague and unquantifiable interaction. All the useful action is in forming your judgement, which is not part of the trust action, so focusing on trust is misleading.

Rather than “I trust Alice to do foo because Bob trusts Alice,” I would say “I believe it is X% likely that Alice will take this action because Bob believes it is Y% likely and Bob’s prediction is Z% likely to be correct. X% is a high enough likelyhood that the risk of being wrong is acceptable.” The first statement is folk wisdom, the second is quantitative reasoning. One is fuzzy shorthand, the other is clean and utilitarian.

If your prediction is good enough to meet a threshold of acceptable risk, you decide to trust. That’s the only simple and binary thing here: do you do it or not?

Transitive Trust

In the context of webs of trust, you often hear discussions of whether trust is transitive. Someone might say “I don’t believe that trust is transitive.” Does trust transfer intact as it ripples through a a chain of relationships? Yes, if and only if every possible prediction is either 0% or 100%. But if any prediction is between those values, no. There is a transitive relationship, but it is not syllogistic, because syllogism is a purely boolean operation.

Transitivity and syllogism are not the same thing.

Related link: http://www.counterpane.com/crypto-gram-0105.html#3

In his Crypto-Gram today, Bruce Schneier writes that bits are inherently copyable. Trying to make them not so is like trying to make water not wet. “All digital copy protection schemes can be broken, and once they are, the breaks will be distributed…law or no law.” Want to learn more about DRM? Read Lucas Gonze’s DRM entry in the <decent> MemeBag.

From the UPnP IGD working group:

“Here is a high-level technical summary of NAT-related features in an UPnP
Internet Gateway Device (IGD):

• The ability to detect the presence of a NAT gateway and/or an RSIP
  server. RSIP control channel functions will be performed natively by RSIP
• Know if NAT is enabled or disabled on a particular connection instance
• The external (WAN) IP address assigned to NAT for a particular connection instance
• Add port mappings to enable forwarding of inbound connections to a
  particular client on the residential LAN. Parameters of each mapping entry
  allows you to specify the External host initiating the connection, the
  external port the gateway is listening on, the internal host waiting for an
  inbound connection, the port it is listening on and the protocol. Appropriate
  fields in this tuple can be wildcarded as needed. External and internal ports
  may or may not be the same. In addition, each mapping can be enabled or
  disabled. Mappings can be assigned a lease time to support the notion of
  static/permanent and dynamic/temporary mappings. Hosts in the mapping entry
  can be identified by IP addresses or DNS names. Mappings can also be assigned
  a description string for reference. Protocol types defined as TCP and UDP.
  Other protocol types must be added as vendor extensions.
• Delete port mappings previously added
• Enumerate one or all port mappings

Implementations that support a co-located firewall will perform necessary
operations to enable forwarding of connections.”

I am still waiting for the UPnP forum to publish the API or access methods for using these features. It is unfortunate that the UPnP forum is closed as it would be great if ipchains could be standardized to use this new method today. Then we could start making our P2P apps work right now through our NAT’s etc.

Given that the UPnP forum is heavily populated by Intel/MS, I am curious if Apple is following suit, i.e. will AirPort (an 802.11 & NAT device) comply with this standard and support UPnP?

Here’s another RSIP link.

And here is the IETF NAT charter with links.

I will keep researching this stuff and relay any data I get.

If you get a call from a friend of a friend who needs to sleep on your couch for the night, should you do it? It depends on who the friend is and what the friend says about the person.

The same issues apply to friend-of-a-friend relationships in computer networks. Maybe the node in the middle is undependable so you don’t trust any of its friends. Maybe the node in the middle is a mediocre judge of other nodes, and it gives a half hearted recommendation of some other node. How do you quantify this stuff?

In hopes of pinning down the concept somewhat, I wrote this chunky definition of transitivity in <Decent> MemeBag.

According to washtech.com, Roku is shutting down.

I am surprized. Roku had a plausible revenue model (selling software to the enterprise) and practical products (workgroup collaboration and serverless file sharing). Still, in burning through six million dollars in fourteen months, their spending followed old new economy patterns. Apparently the Napster stigma was a big problem for investors.

I wonder how this harsh economic climate will affect the growth of decent. software? Will it kill the baby, or will it just cause extremely hardy and profit-focused businesses to emerge?

Related link: http://news.cnet.com/news/0-1005-200-5921593.html?tag=tp_pr

Some of the leading file-trading software companies are bundling ad-serving software into their products in an attempt to turn a profit.

Many Macintosh users I know are actually Mac/Unix users… we use Mac OS 9 as our windowing environment, and everything else we do in the shell.

I KNOW that I’m late to the bag-on-OS-X-resist-change party but I have to make these comments for the record. Please indulge me.

All the criticisms of not having a pre-emptive multitasking OS didn’t faze us… because that isn’t a feature, it’s an implementation detail. Case in point: Palm OS vs. WinCE. Just like Palm OS, Mac OS gets out of the way and lets the apps app.

I attribute a lot of the success of Mac’s OS to the attention they paid to user interface design. Call it artsy, they worried details like “how many pixels of space between the font and the edge of the button”. (For an example of what happens when you don’t worry these details, just download a Tcl/TK application) Apple’s PDF’s of Human Interface Guidelines, also available on Amazon: Amazon’s listing

When I got OS X Developer Preview 2, we still had an OS 9 looking interface. It was truly surreal. A very comfortable, familiar windowing system… on top of unix. I opened a terminal window and stared at a prompt, not knowing what to do.

I was just in metaphor shock! I launch commands from Start->run in windows, I launch commands with TAB-completion in Unix, and I DOUBLE-CLICK in Mac OS.

Soon I became excited, and I realized what this could mean. The most seamless, truly plug-and-play windowing system, stitched around powerful, accessible underpinnings… now I could use my favorite apps, yet when I needed a driver for an obscure video card, I could just port the linux drivers!

At the time, I was working on an embedded GPS/MP3 player/WebCam for my car. The only barrier to using Mac hardware combined with Mac OS (voice control: built in! Airport 802.11: built in! etc, etc.) was a lack of drivers… which this would fix!

Then DP3 began to crush my dreams. My windowing system went away. Apple (God bless them) started crushing people who wanted to make skins to replace Aqua or copy Aqua. Aqua became an artistic statement that the artists refused to allow interpretation of.

Granted, that same harsh artistic control may have been what kept Mac OS 7, 8, 9 so pure and usable and cruft-free. That great specification, Apple Human Interface Guidelines, set the rules of the game, and every developer strived to make their app comply. Users could tell the difference in “feel” between apps and would reject apps that didn’t work hard to be intuitive and consistent with the guidelines. And the best apps feel just right.

But there is no such spec for Aqua. When I was at the Apple World Wide Developer Conference a year ago, it almost sounded like nothing had been thought of up front on the UI. “What about skinning?” people asked. “We’ll bring that up internally.” They answered. “What about the control strip? (a very convenient, built in control panel access method)” we asked. “We’ll get back on that.”

The application panel in OS X has changed enough that I know it wasn’t carefully studied to begin with. It’s as if they are telling you which shell extensions you can and cannot use. As a community, we had to fight to get our hard drive icons back on the desktop!

I didn’t realize how strongly I felt about this subject. I’m on OS 9 now, NiftyTelnetting SSH into my web server… just for a moment, I thought that my machine could BE that web server…

The whole Aqua interface seems designed around one main tenet: Keep cluttered Icons off the desktop because it looks messy.

How heartlessly arbitrary. I thought a messy desk was a sign of a brilliant mind or something… oh well.
They are starting to spec out the new User Experience.

And all we wanted was protected memory.

I guess if it ain’t broke, fix it.

Related link: http://www.tempel.org/joliet/

We’ve been waiting for aeons… Mac OS can finally read Windows CD long filenames… hurrah!

Related link: http://www.neurogrid.net/DecentChat-11-05-01.html

Discussing IP issues, Street Performer Protocol, etc.

RFC 2775, Internet Transparency
gives a great overview of most of the network problems inhibiting p2p and shows that prospects are not good.

If the Internet is going to completely evolve into an IPv4 + NAT world, where 90% of machines are using NAT to communicate, and everyone is behind a NAT firewall, network developers will have to code for NAT traversal
as the first feature of their apps, not an add on.

Part of the key for every app that gets written from now on is to ignore gethostaddress() because if your app really thinks it’s IP 192.168.0.1, no other hosts are going to talk to it :)

The best we can hope for seems to be that a new API will develop that abstracts some of these problems.

Related link: http://www.theregister.co.uk/content/4/18819.html

The Register’s take on the French telecom’s buy into Jabber suggests that presence is more important than chat.

UPNP is essentially plug-and-play discovery of network devices using XML over HTTP over UDP. It is relevant because it will be able to automatically open up incoming ports in NAT’s soon, which is relevant to the p2p community.

Check out UPNP Evangelism to learn about it.

I got this powerpoint file from http://www.upnp.org/resources.html and I tried to put it in a more usable html form. This is the evangelism document intended to get people excited about UPNP as well as educate them.

The powerpoint is also available UPnP_Device_Architecture_Generic_20000710.ppt

Related link: http://www.thestandard.com/article/0,1902,24279,00.html

Napster takes a wise step in it’s quest for legitamacy, while incorporating a key component for their July 1st subscription service launch.

Related link: http://news.cnet.com/news/0-1005-200-5816802.html?tag=mn_hd

Just as Napster users jump ship to alternative file-sharing networks, a new tool becomes available aimed to help music fans ignore bogus files by letting them rate and review downloads.

Damien Stolarz writes:

As some of you may know, I am on the p2p working group,
and I am working on a white paper on how p2p apps can work better with
NAT/Firewalls. The UPNP group,
has apparently been working on something that allows NAT traversal
automatically. I am excited to have the first press release on these lines.
You can “read between the lines” and try to figure out how they do it
technically, as some of the data requires membership in UPNP forum.

http://www.linksys.com/press/press.asp?prid=45&cyear=2001


“In addition to the overall advantages UPnP brings to its product line, one
compelling reason Linksys will include UPnP support in its Internet gateway
products is to ensure that applications traversing the Internet gateway
simply work. Network Address Translation (NAT) is an Internet Engineering
Task Force standard used in Internet gateways, such as cable and DSL
routers, to help service providers cope with the decreasing number of
available IP addresses. Some applications do not work well with NAT, which
creates customer satisfaction issues and high support costs. Using UPnP to
control the behavior of NAT, Linksys ensures these applications traversing
the gateway are enabled in a transparent fashion for the user. ”

I will forward more data on this issue as it comes out.

My hopes:

• UPNP NAT traversal techniques become public
• ipchains and other software NAT implementations get this same UPNP
  feature

• older NAT systems that have other front ends (web, telnet, SNMP) get
  compatibility libs that emulate the UPNP services and enable traversal in
  the same way

Related link: http://www.reuters.com/news_article.jhtml?type=technology&Repository=TECHNOLOGY_…

Webnoize reports that Napster downloads fell 36% in April; a mere 1.6 billion MP3s changed hands. That number was 2.8 billion in February.

Related link: http://www.zdnet.com/zdnn/stories/news/0,4586,2713742,00.html?chkpt=zdnn_rt_late…

The Cult of the Dead Cow — the folks that brought you Back
Orifice — plan to unleash a P2P-oriented program called Peekabooty at Defcon in July. Peekabooty is intended to allow users in repressive countries to access content that might otherwise be blocked by authorities. Content could be transferred between Peekabooty clients in an encrypted form. But it seems like systems like Freenet, Publius and Free Haven are already tackling the same space, so what does Peekaboot do that existing systems don’t? CDC members, drop us a line.