« December 2003 | Main | February 2004 »
January 31, 2004
Digital image verification
Via Slashdot, this announcement from Canon on digital image authenticity verification.
Canon today announced the latest version of its Data Verification Kit, the DVK-E2 kit is designed to deliver validation of an unmodified original image from a single camera body. This kit is aimed at law enforcement, insurance, news and other such agencies and can detect single bit discrepancy in modification of an image since it was taken. The new kit is much smaller than the old and uses a unique SM (secure mobile) card which is the same size as a Secure Digital card. The card reader connects to a computer USB port (only Windows 2000/XP compatible at the moment).Designed to work with the EOS-1Ds and new EOS-1D Mark II D-SLR cameras, the DVK-E2 provides the facility to prove that images taken with the EOS-1D Mark II have not been altered, tampered with or manipulated in any way... Recent well-publicised cases involving image-tampering by news agencies have identified a strong need for a system capable of verifying the originality of digital photographs. Without such a kit it is impossible for an agency to identify whether or not a given image has been enhanced or manipulated.
In a world of digital media that can easily be manipulated and modified, verification of authenticity becomes important , especially in certain niches such as law enforcement. Canon's solution is to embed software into the camera that computes a checksum on the image file and embeds it on the flash card. If the image is subsequently modified, the reader software (on the PC) detects that the checksum does not match.
What I like about this solution:
* It addresses a real need within a target niche
* The technology involved is really simple
* It's low cost to implement - involves only software
* Creates a differentiator in a rapidly-commoditizing space
* Creates lock-in
Obvious extensions of this idea - surveillance video cameras, digital voice recorders, document integrity, etc.
Posted by Narasimha Chari at 06:00 PM in innovation, Product Management, security | Permalink | Comments (0) | TrackBack
January 22, 2004
Extremeness aversion and Goldilocks pricing
The traditional product segmentation is to offer two versions: a high-end version and a low-end version. However, in some circumstances, it is preferable to offer three versions: low-end, mid-range and high-end. The rationale is that people tend to exhibit “extremeness aversion” and will tend to choose the mid-range offering. Consider the following experiment (from Hal Varian's paper on Versioning Information Goods):
Simonson and Tversky [1992] describe a marketing experiment in which two groups of consumers were asked to choose microwave ovens. One group was offered a choice between two ovens, an Emerson priced at $109.99 and a Panasonic priced at $179.99. The second group was offered these ovens plus a high-end Panasonic priced at $199.99.By offering the high-end oven, Panasonic increased its market share from 43% to 73%. More remarkably, the sales of the mid-priced Panasonic oven increased from 43% to 60% apparently because it was now the “compromise” choice. According to Smith and Nagle [1995], “Adding a premium product to the product line may not necessarily result in overwhelming sales of the premium product itself. It does, however, enhance buyers’ perceptions of lower-priced products in the product line and influences low-end buyers to trade up to higher-priced models.”
In other words, adding a “premium” version to the product line actually boosts the sales of the mid-priced version. The newly-introduced premium version steals market share from the mid-range version, but this is more than offset by the market share that the mid-range version gains at the expense of the low-end version - this is the Goldilocks effect. Note that this is purely the result of a cognitive bias – there is no objective rationale for such trading-up.
This may explain the tall/grande/venti segmentation: even though few will order the venti, its mere presence on the menu will induce some buyers to trade up from the tall to a grande. Similarly, it makes sense to add expensive wines to the wine-list that realistically no one is going order.
Posted by Narasimha Chari at 10:19 PM in marketing, Product Management | Permalink | Comments (9) | TrackBack
Paul DePodesta
Paul DePodesta (remember MoneyBall?) of the Oakland A's gave a talk at the CSFB Thought Leader Forum on 'The Genesis, Implementation, and Management of New Systems'. Really good talk - definitely worth a read (link via Joho the Blog). Here he points out the importance of asking the naive question:
The A's like everybody else in baseball had ceased to do one very critical thing—to ask the naïve question: “If we weren't already doing it this way, is this the way we would start?” Management guru Peter Drucker introduced this simple test decades ago and yet our public and private institutions are replete with things as they are because that's pretty much the way things have always been. Why is the workday 9—5? Why do we have the Electoral College? In baseball, why do people still believe that trying to bunt and steal bases helps in scoring runs?Jim Pinkerton wrote a book called What Comes Next, and in it he wrote, “It's human nature to stick with traditional beliefs, even after they outlast any conceivable utility.” It was as if he were writing this specifically for baseball... Pinkerton also wrote, “systems of any kind tend to degrade over time. Bugs accumulate, people figure out how to cut corners, and eventually they go through the motions and a lowest-common-denominator mentality prevails. And as the original purpose is forgotten, reflexive self-perpetuation becomes the only goal.” This is the world of player evaluation in three sentences.
He also has some interesting thoughts on the myopia that results from outcome-based thinking and how he was able to put this cognitive bias to use - in selling his system:
Many of us share a common psychological deficiency. We judge decisions based on the outcome instead of the time and the circumstances under which they were made. This happens all the time in baseball. They make trades and say things like, “we'll see in three or four years if it was a good decision.” That doesn't work for me because you can't go back and learn from the decisions because of all the variables that occurred in the intervening time. It makes replication of an outcome impossible.I was in Las Vegas for a weekend playing blackjack. A person at the table to my right had 17 and said they wanted a hit. The whole table stopped and even the dealer asked if he was sure he wanted a hit. Finally he said he wanted a hit. The dealer deals the card and of course it was a four. What did the dealer say? “Nice hit.” But I'm thinking, you're kidding me. It was a terrible hit. Even though it ended up working out, it wasn't a good decision.
Outcome-based myopia actually gave us an opportunity in selling our concept that we could take advantage of. I realized that all we really needed to do was win some games and find a way to get into the playoffs. Then we could leverage this success by introducing all of these changes in our systems. We wouldn't need to go into in-depth analysis of how we came to all of our conclusions. If we won, people would buy into it. This is how the game had operated for 100 years.
He concludes with:
Being innovative doesn't mean searching for upgrades over inefficient systems. It means searching for entirely new ways of doing things. We don't spend a lot of energy tweaking current systems that are inefficient. Thomas Kuhn wrote, “the proliferation of competing articulations, the willingness to try anything, the expression of explicit discontent, the recourse to philosophy and to debate over fundamentals, all these are symptoms of a transition from normal to extraordinary research.”
Update: CSFB pulled the piece from their website, but it's archived and available at kottke.org here.
Posted by Narasimha Chari at 09:30 PM in management | Permalink | Comments (9) | TrackBack
January 18, 2004
Kazaa as virus vector
Wired reports that Kazaa is being widely used as a delivery mechanism for viruses.
Forty-five percent of the executable files downloaded through Kazaa, the most popular file-sharing program, contain malicious code like viruses and Trojan horses, according to a new study. About 3 million users are logged onto Kazaa at any one time. Hughes said this has made the file-sharing network increasingly attractive as a channel for distributing malware.
This study only looked at executable files. The article also links to an earlier (c. 2002) piece reporting Windows XP and Winamp vulnerabilities that could be exploited to create malicious MP3 files.
"The ubiquity of file-swapping services makes it the perfect attack vector for a malicious MP3 file," Foundstone CEO George Kurtz said.
Posted by Narasimha Chari at 04:04 PM in security, software, technology | Permalink | Comments (0) | TrackBack
January 17, 2004
GPL compliance
An important barrier to the broader adoption of open source software by vendors is the complex of issues surrounding intellectual property, compliance with open source licensing terms and the whole-product ramifications of these. And I'm not just referring to the SCO bullshit. This issue will become increasingly important as traditionally proprietary software increasingly intersects with the world of open source and as systems vendors increasingly incorporate open source software components into their products. Look at Linksys as an example - their WiFi AP runs on a Linux platform. Note also that as offshoring/outsourcing increases, these monitoring and compliance costs directly increase.
This Infoworld article references a software startup that recognizes some of these issues and is attempting to address them. Black Duck Software is developing a software package that allows companies to manage and mitigate intellectual property risks associated with reusing software code. It appears to integrate into the product development cycle and allows the vendor to manage compliance with open source licenses in situations where open source components are used.
Black Duck Software develops software solutions that manage and mitigate the intellectual property risks of reusing software code. Black Duck tools automatically detect proprietary and Open Source code, provide OSS license validation and management and ease the software auditing process.Black Duck Enterprise Edition is an essential tool for Software IP Risk Management. Geared towards multifunctional teams, the Enterprise Edition integrates into the software development cycle from conceptualization, through code development and review, to publishing or distribution, and when software is audited.
Here are some of the challenges and complexity encountered by companies thinking about integrating open source software into their product:
* various different OSS licenses exist (BSD, GPL, etc.), each with unique requirements
* the implications of using or integrating OSS code are not necessarily obvious to software managers or to developers (for instance, if you create a loadable kernel module for Linux from scratch, are you required to contribute it back to the kernel? I've heard differing opinions on this one)
* intellectual property issues around integration of open source and proprietary software
* when development is outsourced (as a lot of it is these days), it becomes harder to monitor or detect whether open source software has crept into the product and what this might imply
* risk of non-compliance. For instance, there was a lot of (negative) online buzz about Linksys and whether they had fully released all their Linux kernel modifications back to the OSS community. Here's more on the Linksys flap:
"This is not really Cisco's fault," Perens explained. "The GPL violation did not originate at Cisco, or Linksys. An off-shore subcontractor supplied Linux as part of the device."... According to Perens, the problem originated with a subcontractor who designed a Linux-based product for Linksys, which was subsequently acquired by Cisco. "Subcontractors in general are not doing enough to inform clients about their obligations under the GPL," Perens said, noting that the problem can be exacerbated when the subcontractor is small, or based off-shore.Perens says embedded system developers can be especially susceptible to GPL violations. "Often, engineers at smaller companies are left to interpret the GPL, since they may not have lawyers who are conversant with software law as it is excercised in the United States. Contractors will think 'this is embedded, no one can change the source -- so the GPL must not really apply to us.'"
Black Duck just launched and they're going to be at LinuxWorld next week. The management team looks pretty credible and my guess would be that they're going to try to raise venture money. It would be interesting to see how they do. Also, in a similar vein, check out the following (based on some limited googling): MetroWerks' GPL Compliance Toolset.
It occurs to me that what is also missing is a central certification body that a vendor can turn to to certify compliance with various OSS licenses. For WiFi compliance you have the WiFi Alliance, for 802.16 certification you have the WiMax body, for FIPS (Federal Information Product Security) compliance you have a number of certification agencies that will conduct product audits and assessments. I understand FSF does some GPL enforcement but I'm unaware of any structure or organization that assesses and certifies compliance with OSS licenses such as GPL. Anyone have any info on this subject?
Posted by Narasimha Chari at 09:01 PM in innovation, open source, Product Management, software, ventures | Permalink | Comments (1) | TrackBack
Similarities between biological and computer viruses
Slashdot linked to this CNet article on the similarities between computer viruses and their biological brethren. Drawing on a botanical analaogy, the article makes the argument that the existence of "digital monocultures" increases the risk of emergence and proliferation of malware:
Computer security experts see similarities between the way a disease can devastate agricultural crops and the way a virus can attack Internet infrastructure. The reliance on one type of technology, software or protocol has created digital "monocultures," a phrase borrowed from botany that refers to ecosystems vulnerable to disastrous harm from a single disease... Just as biologists advise farmers to diversify their plantings, computer researchers believe that developers should be given tools to vary characteristics of the same program so that not all would be hobbled by a virus written for a specific version... "You only get epidemics when your target populations are alike enough that they can all get the same disease," said Dan Geer, chief scientist at information security firm VerdasysObvious examples of digital monocultures: predominance of Windows at the OS level, of Outlook at the application level, of SNMP at the protocol level, etc.
Also interesting is this letter Contagion on the Internet to a journal titled 'Emerging Infectious Diseases' that draws parallels between biological and computer viruses in terms of their emergence, mutation, propagation and mode of action. It also suggests ways in which computer security can learn virus control strategies from the immune system and from immunology. Here are some of the lessons:
* Good hygiene helps: periodically back up data, avoid installing suspicious software, etc.
* Avoid monocultures if at all possible: use a Mac rather than a PC, for instance. Somewhat infeasible as a strategy.
* "Pathogens do not reinvent the wheel. Virulence genes are constantly “stolen” and reused." Self-evident - as soon as a vulnerability is discovered, it should be plugged, regardless of the contagiousness or deadliness of the worm/virus that exploits it.
* R&D ideas: adaptive immunity software that learns from exposure, "“virtual vaccines” that are beneficial to the computers carrying them (e.g., by blocking preferred sites of entrance for viruses or repairing viral damage automatically) and let these “good” microbes circulate on the Internet just as malignant viruses do."
Posted by Narasimha Chari at 08:20 PM in biology, security, software | Permalink | Comments (26) | TrackBack
January 11, 2004
Lead users and user innovation networks
Umair recently pointed me to a very interesting paper by Eric von Hippel -'Horizontal innovation networks - by and for users'. I finally got around to reading it and I'll write a post about it soon.
One of my big takeaways from this paper was the idea of lead users – users whose needs significantly anticipate requirements of the broader market well in advance and who create innovation around the existing product to satisfy their unique requirements. This class of users falls outside the traditional technology adoption life cycle taxonomy of Innovators, Early Adopters, Pragmatists and Laggards – in a sense these are Pre-Adopters, adopters in advance of a product. An important distinguishing characteristic of this user group is that they show a propensity to experiment with existing products, tweaking/modding them and often creating new product innovations.
Empirical studies find that innovation by users tends to be concentrated among “lead users” of those products and processes. Lead users are defined as users of a given product or service type that combine two characteristics: (1) lead users expect attractive innovation-related benefits from a solution to their needs and so are motivated to innovate, and (2) lead users experience needs that will become general in a marketplace, but experience them months or years earlier than the majority of the target market (von Hippel 1986). Note that lead users are not the same as early adopters of an innovation. They are typically ahead of the entire adoption curve in that they experience needs before any responsive commercial products exist – and therefore often develop their own solutions.
It is lead users who are behind movements like Linux and open source generally - as has often been noted, OSS developers also tend to be OSS users. von Hippel's point is that the notion of lead users extends beyond just software or high tech products. He finds the same dynamic at work in high-performance windsurfing, for instance.
It pays a firm to cultivate this group as they can serve as a bellwether of trends to come. By creating and tapping into user innovation networks, a firm derives (at least) the following benefits: (1) advance warning of the evolving needs of the broader market, (2) opportunity to leverage innovations stemming from this group and feed them back into the product, (3) ability to leverage this network to maintain competitive lead and stay ahead of the competition.
Creating effective and sticky relationships with this group would entail (1) facilitating the formation and gatherings of communities of such users (through newsgroups, user groups, new product expos), (2) exposing APIs to the product to allow such users to tweak or otherwise customize or modify the product, (3) making early prototypes and alpha versions of future product versions available to these users, (4) maintaining a strong involvement with this community/network to tap into emergent trends as well as innovations, (5) leverage this early warning system as a way to innovate faster than competitors.
Executed well, this strategy can be a powerful source of sustainable competitive advantage through leveraging of exogeneous innovation. Amazon seems to be executing well on such a model through its web services API.
Posted by Narasimha Chari at 06:26 PM in innovation, marketing, open source, Product Management | Permalink | Comments (20) | TrackBack
Modularity and Arthur's Third Law
Via the NYT comes this link to Edge's Annual Question. This year Edge called for submission of natural or psychological laws named after their discoverers. Here's one of physicist John Barrow's submissions, Barrow's Second Law:
All difficult conjectures should be proved by reductio ad absurdum arguments. For if the proof is long and complicated enough you are bound to make a mistake somewhere and hence a contradiction will inevitably appear, and so the truth of the original conjecture is established QED.
On a less frivolous note, also interesting was Brian Arthur's contribution, Arthur's Third Law:
The modularization of technologies increases with the extent of the market.Just as it pays to create a specialized worker if there is sufficient volume of throughput to occupy that specialty, it pays to create a standard prefabricated assembly, or module, if its function recurs in many instances. Modularity therefore is to a technological economy what the division of labor is to a manufacturing one—it increases as the economy expands.
This observation seems parallel to and evocative of Clayton Christensen's thesis that industries tend to evolve (along the trajectory of technology improvement) from a phase of not-yet-good-enough (characterized by integrated, highly interdependent architectures) to a phase where the performance is better than good enough, at which point there is an industry-wide shift to a more modular architecture. So which is the fundamental driver for the migration from integrated to modular architectures - growth in size of the market or technological advancements?
Posted by Narasimha Chari at 02:59 PM in technology | Permalink | Comments (0) | TrackBack
New TiVo features
This PC World article reports on new TiVo features announced at the CES:
Owners of the TiVo Series 2 hardware who have networked the device with the $100 Home Media Option will be able to transfer recordings to a PC to view or burn to DVD disc, says Mike Ramsay, TiVo CEO. The new "TiVo to Go" service bundle will include hardware and software components, both due this fall... The TiVo Content Security Key is the hardware portion. TiVo designed it to ensure recorded content stays secure--which means you can't share it over the Internet, Ramsay says. The key is a small, USB-based device. To access TiVo content on a PC, or to burn it to disc, you must insert the key into the PC. DVDs you burn using the PC will play in any DVD player or PC and do not require the key.[TiVo also announced] the ability to access satellite radio through TiVo. Scheduled to be available in the second half of 2004, this new feature can be used by subscribers to the XM Satellite radio service who listen through their computer via the company's PC Radio device. TiVo users will be able to access XM's numerous radio feeds using the TiVo remote and interface. The PC streams audio to the TiVo over a home network.
TiVo needs to maintain its innovation lead through features like these, especially as the cable and satellite guys get into the PVR space. The XM feature is nice, but the Tivo To Go is the more interesting. It demonstrates that TiVo gets the fact that content such as stored TV shows is most valuable when it is stored in open formats and accesible on a variety of platforms.
Posted by Narasimha Chari at 01:24 PM in communications, innovation, Product Management | Permalink | Comments (0) | TrackBack
TeleFlip
Via MobileWhack, this cool service called TeleFlip:
Do you own a cell phone? If so, chances are you have the ability to send and receive email, short text messages, SMS, and who knows what else. But do you know your cell phone’s email address? Do you even know how to “access” these high-tech features? Chances are, you don’t.Teleflip™ started when the founder became increasingly frustrated at his inability to send text messages to friends' cell phones from his PC. It was of course possible, but you had to know the cell phone provider, the correct domain name and the correct syntax for the email address. There had to be an easier way....Teleflip™ was born.
It's free, requires no registration to use and works like a charm. Just send email to yourcellphonenumber@teleflip.com.
Posted by Narasimha Chari at 11:25 AM in communications, innovation, technology, ventures | Permalink | Comments (31) | TrackBack
