Like in a Petri dish, I keep observing how the iPhone single-handedly pulls the roadmap of a telco infrastructure. Both iPhone and AT&T wireless infrastructure are expanding at torrid pace and beyond the wildest imagination (to an outside observer like me at least). The reaction is amplified by Apple’s single-track mind to perfect a user experience and their exclusive deal with a carrier - in short, a monoculture. No ounce of pull force gets lost. The 1-2 jolt that has developed from Apple to AT&T is a new baseline for textbooks.

A recent report confirms that AT&T has done good in its intent to improve its 3G download/upload throughput. Improvements stem from the roll-out of HSPA 7.2 (besides the sheer new capacity thrown at the problem). Broad technology advances in beamforming, multiple-input multiple-output communications (MIMO) and orthogonal frequency division multiplexing hint that there’s quite a headroom for further scale-outs over the next 3-5 years.

I’ve sampled the AT&T improvements directly using the excellent, free Xtreme Speedtest application. For extra credit, I can go multi-platform and run this same application at the same place and time on both my iPhone/AT&T and Droid/Verizon. The speed of a web browsing session would otherwise be highly subjective and dominated by the browser’s own effectiveness.

In a previous blog, I described the “wheel of innovation” looping over the following steps:

1. New infrastructure build-outs
2. Leading to faster/broader connectivity
3. Making it a breeding ground for new applications
4. Some of them reaching viral spread, network effect, etc. resulting in larger addressable markets
5. Thus creating demand for more/different infrastructure

(loop back to 1.)

We have gone from step 5 to steps 1 to 2 (even though I have no basis to comment on coverage – I will steer clear of blue vs. red maps…) Now that the infrastructure shortcomings are beyond us, along with troubling rumors of usage tarifs, I’m eager to see a new breed of applications (steps 3 and 4).

In a subsequent post, I will share my wish list on what iPhone and smartphones in general can and should pull through in software infrastructure.

Ever since I moved to the left coast, UC Berkeley has become the most frequent destination of my research outings (it used to be MIT when I lived in Boston). I’m a regular guest at their RADlab retreats. Yesterday, I joined the 1-day Berkeley EECS Annual Research Symposium (BEARS). The morning was packed with four first-rate keynotes and a panel:

The future of devices, Elad Alon. Nano-electromechanical relays are a promising alternative to CMOS-based technologies and their unavoidable energy leakage. Like any other relay, nano-relays are leakage-free albeit much slower than CMOS and not as reliable. To mitigate these side effects, Elad is looking into more complex logic circuits and the opportunity to exploit parallelism (like in a N-bit adder or an ADC/DAC).

The future of computation, Kurt Keutzer. Deeper pipelining is not sustainable, parallelism is the saving grace. For this, Intel Larrabee and Nvidia Fermi are hugely exciting new processors. But how do we change the code to leverage the new silicon? There is early indication that algorithm/code conversion pays off with up to 100x improvements to time-to-result (teams started off from commodity software, like public domain support vector machines libraries - libsvm). Kurt did a great job at describing the whole ecosystem of parallel and show why/how it’s labor intensive. We need more/better frameworks to absorb these costs.

The future of Mobile, Eric Brewer. iPhone has converged dozen gadgets into just one (and more so every day). Inside, there are many discrete HW components taking up space and power, hinting that smartphones can either shrink further or carry more logic into them. Access is the smartphone’s killer app. Increasingly, mobile is a key factor in developing countries. There, it can save lives (e.g, a cellphone “microscope” contraption to detect malaria in the field; a diagnostic device connecting heart monitor and other sensors via the headset jack). The SIM card may become a good, universal place to store a private key. In developing countries, this setup actually works quite well because it’s already common practice for folks to own a SIM card and share a physical phone. Within every country, there’s a growing digital divide between urban and rural connectivity, with impact to just as many aspects of life as mobile touches.

The future of the Cloud, Michael Franklin. Cloud momentum will continue to be fueled by these value props: variable cost, cost associativity (1000 CPUs for 1 hr same as 1 CPU for 1000 hrs), risk transfer, and get the IT gatekeepers out of the way. There will be more devices and more virtual resources joining the cloud, including mechanical turks seamlessly blended in. Quite fittingly, there will be a new program at UCB to best harmonize Algorithms, Machines, People (AMP). It will launch in Jan 2011 when RADlab wraps up.

Energy panel hosted by Greg Papadopoulos. Can we innovate in energy the same way we innovated in technology? Three principles that served us really well in EECS and are worth cross-pollinating into energy are: a) layer decoupling, b) distributed innovation, and c) best equip for en-masse customization. A smart power grid is a dumb grid with many different smart endpoints. Some food for thoughts: Make solar panels become as cheap as a sheet of glass; Do nothing well (i.e., energy proportionality); Don’t recycle, up cycle.

The day was nicely complemented by open houses in the various departments, with plenty posters and demos. For ease of tech transfer to my children, I single out the demo of the software-intensive Starmac quadrorotor flying machines by the Berkeley Sensor and Actuator Center (see really cool videos 1, 2, 3 … heck, thou shalt see cool toys, green grass and the blue sky, once you’ve survived those pesky 3D Fourier transforms

This week, slashdot called my attention to EFF’s effort to level set the community on web tracking — how unique (and traceable) does my browser make me look when I visit a web site?  This new EFF site returns my overall score along with the break down of its factors (like plugin details, screen size, system fonts, cookie handling). For instance, it tells me that the Safari fingerprint generated off of my Mac is still unique among the half-million fingerprints on file at the EFF.

This is a great example of crowd-sourcing at work. The more participants, the better the study. EFF’s work gets a huge boost from being slashdotted. Moreover, EFF is no .com and doesn’t  have the halo of big-brother or world domination.

How does one know when the samples have hit a critical mass leading to a reasonably accurate model? It’s a recurring conundrum for both frequentists and Bayesians.

I agree with EFF’s view that a smartphone’s browser is due to show lesser entropy. That kind of browser is less likely to veer from stock config. To witness, my iPhone browser scored 1 in 1,442 uniqueness (10.49-bit entropy) and my Android browser scored 1 in 8,513 uniqueness (13.06-bit entropy). To the previous point, it’s unclear how many smartphones have hit the EFF site altogether.

This smartphone/browser early conclusion should not be generalized to native apps running on a smartphone. These native apps can yield the richest fingerprint features yet. They can draw upon some sophisticated UUID and TPM schema in system software, with the SDKs exposing programmatic access, resulting in stronger software/hardware linkages than their desktop/laptop equivalents. Today, the limiting factors here have to do with policy – e.g., a vendor’s authorization to export off-device the UUID material that is key to its own DRM.

The word generativity jumps at me while I’m reading Jonathan Zittrain’s new book, “The Future of the Internet – and How to Stop it”. Zittrain defines generativity as  a “system’s capacity to produce unanticipated change through contributions from broad and varied audiences”. Internet, PC, wiki/wikipedia best exemplify generativity. It’s “generativity” what I had in mind and tried to say when I wrote about Internet’s virtuous wheel of innovation.

Generativity hits home. It’s the reason why I’m so genuinely interested in the Android platform (I got to carry one such phone alongside my iPhone). It’s why I put my TV set in early retirement and replaced it with an Internet-enabled one equipped with widget SDK – a generative TV in the making, hopefully. I know that I have given and will be giving my 150% in those jobs that have to do with generative artifacts (luckily, I have had a few of those jobs throughout my career).

Generativity is quite a litmus test for new directions in technology. Take cloud computing. Does it mark a new epoch in generativity? Or is this a mere TCO optimizer?

For sure, security, regulations, net-neutrality pose some great challenges to our collective journey in generativity. I look forward to reading the second half of Zittrain’s book and learning about his proposed solutions.

Zittrain came to visit us at eBay and gave an excellent lecture on “Minds for Sale” — an eye opener on both the positive and negative outcomes of long-tail participation in cyberspace.

In my monthly CACM issue, I found a delightful and somewhat unusual article on “Scratch“. With Scratch, Mitch Resnick et al.  at the MIT Media Lab have created a programming environment with the lowest up front investment for children and teenagers. As you would expect in a platform that speaks to digital natives, Scratch comes with a host of rich media and social networking components built in.

My children love Scratch. They were able to program in Scratch and do things that appealed to them from the very first session. I like them to spend time with Scratch because it lifts the curtain on how computer games and digital entertainment work. It stimulates their creativity and a can-do attitude towards technology.

In the mid ’90s, I had the fortune to meet Mitch Resnick at the Media Lab. My company back then was a top tier sponsor. I saw the first prototypes of what became Lego Mindstorms (whose programming user experience put the early seeds for Scratch). It’s fascinating how Resnick repeatedly gets it. He might as well be the Steve Jobs of under age computer human interface.

With a landmark decision, AT&T will let me and some other 4+ million users initiate Skype calls from the iPhone without being limited to Wi-Fi hotspots.

I expect that other carriers will follow suit. It’s a tipping point for the mobile Internet. It’s a boon for the smartphone segment.

In turn, some new applications will soon come out and seize the opportunity. I recently blogged about the wheel of innovation. Today, I saw that wheel turning a notch.

UPDATE. Make that two notches with the announcement of the strategic Android partnership between Verizon and Google.

Although I’m not a big fan of video clips, there’s something that I really like in this video produced by my PayPal colleagues. It conveys a powerful vision. It does so in terms that are easy to relate to.

Clearly, these folks were not blindsided and timely anticipated a connected world that is no longer centered around the desktop/laptop experience. They spun the “Internet of Things” into a promising new vehicle for payments.

To walk their talk, they have put out some additional material on http://x.com (no joke, what a great domain name this is) and announced a SDK that realizes a rich payment platform (formal unveiling at a conference in early November)

The Internet is a late-bloom gift from the 60s — the decade that gave us so many things in the way of technology innovations and social advances. It now feels as Kleinrock & C. were prescient of the 60s legacy and wanted to squeeze their pioneering proof of concept in, not too long past the moon shot and shortly before that wonder decade was over.

It took quite a long incubation before the Internet grew out of ARPA’s sugar daddy support (today, we got no patience for anything…). Back in the days, one could hardly think of the Internet as a global innovation engine. OK, you will end up with a better/cheaper version of SNA LU6.2, what else. It would have stayed within geekdom longer if it wasn’t for Sir TBL and the Mosaic browser. The Web was a sumptuous killer app and the wheel of innovation began spinning ‘round and ‘round to benefit just about every cause:

1. New infrastructure build-outs
2. Leading to faster/broader connectivity
3. Making it a breeding ground for new applications
4. Some of them reaching viral spread, network effect, etc. resulting in larger addressable markets
5. Thus creating demand for more/different infrastructure

[ loop back to 1 ... ka-ching at every step ]

To celebrate Internet’s 40th in style, the latest spin of this virtuous wheel has brought us the unbundled wireless handheld. Take, for instance, community video applications running on top of open-source Android hosted on one of several smartphone hardware platforms, with choice between GSM cell and Wi-Fi connectivity. This was unthinkable just a few years ago. There’s no slowing down of the innovation wheel. Thank you, Internet.

I’m increasingly involved in security and thus managed to make a brief appearance at the Black Hat 2009 Briefings in Las Vegas.

I enjoyed the program. Hereafter some of my personal take-away and favorite sound bites.

Smartphones. There will be exploits:

• Target volumes and personal data becoming interesting, really interesting
• Hordes of 1st-time programmers writing code … which raises the significance of application/system separation that one can depend on
• Also, some seasoned engineers who built highly reliable telco protocols (e.g., SS7, SMS) are now asked to operate in a hostile open world … the price of convergence
• To witness, at Black Hat some folks gave a public account of an iPhone vulnerability exposed with a SMS attack vector. Before Black Hat was over, Apple issued the v3.0.1 patch release (though they had been given a few weeks lead on this exploit)

Smartphones. There will be patches:

• What’s a reasonable time-to-patch benchmark given gazillion of units in the field?
• Apple’s “monoculture” can play out as a strength (homogeneous field, iTunes-centralized lifecycle for patches) and a weakness (magnet for new targeted exploits)
• Others will have to ripple their patches through OS release cycles, hardware manufacturers, providers’ security policies, and the various QA cycles therein

Smartphones. There will be tussles:

• The Apple/Google one is already capturing the news
• Microsoft and Nokia won’t let it go by without a fight
• Android’s licensing model (Apache style, no permission to use) is due to make wave in the whole mobile OS segment (some impressive uptake numbers reported by presenters)

Cloud Computing:

• Hackers/rootkiters have taken notice of the Cloud but are still struggling to figure out the new implications (New attack vectors? Is everything Cloud Computing?). Just like everyone else!
• SaaS/PaaS exploits: any new “Cloud” material here other than the OWASP10 vectors!?
• IaaS exploits: any new “Cloud” material here other than VM attack vectors (like device drivers flaws or pseudo-random generation)!?
• A presenter talked about legal and regulatory implications (e.g., data is subpoenaed and then what) — this was distinctively “Cloud”

Miscellaneous:

• Bruce Schneier provided some excellent food for thoughts on the psychology of security (ref. to his essay)
• The traversal of x.509 certs is still a weak spot after all these years… Basic constraints are not enforced properly and OCSP is easily subverted by toggling a return code, which is inexplicably left out of signature (I haven’t had a chance to validate this claim). Net out, end-to-end SSL is less secure than we think…
• According to a presenter, the hacker-proof shield of Cisco IOS stems from the 250,000+ different images of IOS that resulted from just as many release trains since inception. To hackers’ detriment, each release scrambles waymarks and other reference points thus making it virtually invulnerable
• I wrote about my serendipitous Mach OS encounter in an earlier post

Black Hat 2009 material is here.

I know that I’ve worked on a technology that stands the test of time if, after some 20 years, there’s still some buzz around it at a conference.

This is obviously the case of Unix.

It must be the case of Mach as well. This week, I made an appearance at Black Hat 2009 and stumbled upon a session entirely dedicated to Mach-based rootkits for Mac OS X. The presenter, Dino Dai Zovi, did a good job at describing Mach. Why would someone hack Mach nowadays? Because it’s possible and is a fun thing to do It turns out that Mach is a fairly obscure piece in the Mac OS X ensemble and makes a hacker’s maneuvers a lot less likely to be detected.

Among things, Dino talked about MiG stubs (I did a total overhaul of MiG in 1993) and Mach-O. He recreated a sort of NetMsgServer (which has never been adopted by Apple Inc. as far as I can tell) with which he can siphon or inject Mach IPC messages. In my last Mach endeavor, I created a NetMsgServer that could work over INET.

Back in the days,  Rick Rashid opened Mach conferences by saying that the Mach crowd used to fit inside an elevator.  Twenty some years later, a couple hundred people still crowd a conference room for a solid Mach speech.

I’ve had the fortune to hone my system skills on Mach 3.0 along with a terrific team at the Open Software Foundation and the proxies into the team at CMU.  I’m obviously very pleased that Mach still beats inside my home desktop, laptop, and smartphone. I believe that Dino’s public contribution makes a compelling case for code hardening and pen-testing of the venerable Mach (which I surely hope it will happen on time for Snow Leopard!).