Emochain and Statistchain

[Note: The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise]

Why open/permissionless and closed/permissioned terminology has become a muddled red herring of totems

It is common to see startups, enthusiasts, and advocacy groups boast how they support “open,” “public,” and “permissionless” innovation.  Their lollipops and rainbows narrative can be found on a multitude of websites, social media accounts, and on panels at conferences.

Similarly several well-to-do consultancies and buttoned-up fintech companies use stoic marketing terms like “permissioned,” “trusted,” and “private” to describe their platforms to what are assumedly monocle-wearing, high-brow clientele.

But very little long-form has been spent explaining what these actually mean beyond superficial warm feelings either side is trying to engender.

Both are at fault for taking a page from the politically charged play book of terms like “pro-choice” and “pro-life” — I mean who wants to be labeled as anti-choice or anti-life?  Or in this case, who would want to be known as anti-open and anti-permissionless?    Or as John Oliver might say, who wants to hang out in intranet sandboxes all day when there is a big fat thing called “The Internet” you can troll on all day instead?

Aside from the fact that “The Internet” is just a bunch of highly regulated, permissioned intranets tied together with KYC and peering agreements, let’s de-escalate and take a quick step back for a moment to focus on two diametrically polar opposites: anarchic and archic networks.1

Why?  Because that’s ultimately what these two camps are fighting a war of words and hashtagged rhetoric about.

Defining definables

There are some general commonalities between anarchic and archic chains but before getting there, what does anarchic mean in this context?

An anarchic network — in this case an anarchic blockchain — simply means a chain that purposefully lacks any ties to legal institutions and nation-state infrastructure.  That is to say, the architects of an anarchic chain set out to create an extralegal virtual-only entity that is divorced from governments and regulators; entities that could censor data transfers and on-chain activities.   Currently, anarchic chains are euphemistically called “public blockchains” to have better marketing varnish at cocktail parties in DC.

There have been multiple attempts to build anarchic-types of networks in the past (such as Tor); perhaps the most popularly known anarchic blockchains in use are Bitcoin and Ethereum.

Anarchic can also mean that a chain, or a network layer, has no formal or de jure governance process for handling disputes.  In this case, both Bitcoin and Ethereum (among others) are double-fisting anarchy.

I am a millennial, is there another way of saying all of this in less than 140 characters?

Not that there is an official marketing slogan but:

  • Bitcoin is supposed to be an unstoppable payment processor (title and abstract of the whitepaper)
  • Ethereum is supposed to be an unstoppable computer that can run and execute untrusted code (motto from Foundation’s website)

In contrast, as can be expected from its name, archic chains and networks explicitly tie into traditional legal infrastructure, into the ‘old world’ laws of physical nation-states.  In addition, many archic chain creators attempt to bake-in and enable on-chain dispute mechanisms and methods for handling disputes off-chain in the event there is a problem.2

Boring laws and wet oppressive code, right?

But wait, there’s more.

I think my favorite tweet last year was along the lines of: sometimes my browser crashes, occasionally I have to restart my phone, but gosh darnit my self-driving car will always work without a hitch!

And that naïve thinking pervades a lot of the development teams in the fintech space.

Sure it’d be cool if you can automate all of the value transfer processes globally with cryptographically assured, tamper-evident mechanisms — but in case something screws up or a governance dispute occurs, you have to design for the fact that somewhere Edward Murphy is in your system with Chaos Monkey.3 And so too it will be with magic internet chains.  Without explicit governance and dispute-resolution mechanisms we will just revert back to our lowest common denominator: arguing on reddit with memes.4

Common ground

By their nature these two worlds are polar opposites in terms of network designs, assumptions, and goals.

With that in mind, below are three commonalities that both types of networks have but each of which is handled differently:

(1) Both have permissioning

(2) Both have cryptographic-linked data structures

(3) Both use ‘other peoples computers’

What does each of these mean?

For anarchic networks like Ethereum and Bitcoin, permissioning — that is to say, deciding who gets to change and update the log of records, or in this case digitally sign blocks, is usually handled via proof-of-work.5

Permissioning in this specific case has nothing to do with what kind of applications can be used on it, who can look at the code, who can modify the code, who can send transactions, etc.  These are all tangential to the key foundational question of who gets to digitally sign and update the log of history in the first place.  After all, the Bitcoin whitepaper wasn’t an exegesis on cloning software libraries and GPL versus MIT licensing maximalism now was it?6)  In fact, to-date several vendors have released open-sourced versions of “private” gated chains — so you can have one without the other.7 Nor did KYCing internet access kill innovation on the internet.

While some promoters like to use terms like “dynamic” to describe the log signing / block validation process on the Bitcoin network, in practice there are roughly 15-20 ‘permissioned’ block makers / log signers on the Ethereum and Bitcoin networks at any given time.8

That is to say, the entire “membership pool” of block signers at any day of the week is fairly static.  Some come and go over time but in general there is a quasi-static membership pool of block signers; and the operators of these membership pools is generally known and no longer identity-less (pseudonymous).  They even sit on stage at public conferences and pose for pictures and… bring photo journalists to their actual data centers.9  There is a joke about the first two rules of Fight Club in there somewhere.

This creates some fundamental problems surrounding the goals of achieving censorship-resistance as well as the goals of routing around regulatory regimes.  Recall that neither Bitcoin nor Ethereum were designed to interface with the traditional legal system which compels validators, payment processors, custodians, and financial intermediaries to comply with a bevy of identity management and consumer protection requirements.

In fact, anarchic chains were designed to do just the opposite and instead maintain a network that enables identity-less participants to move data peer-to-peer without complying with a list of external rules and governance processes. As noted above, anarchic chains set out to be their own sovereign entity, a type of virtual nation-state divorced from traditional legal infrastructure altogether.

And to achieve their objective of enabling identity-less participants to transfer data from one to another without having to be vetted by a party capable of censoring the movement of data, the network designers believed they could make their network of validators and block makers — the cloud of machines processing payments and providing digital signatures — decentralized to the extent that the overall network could maintain reliable uptime in the face of network splits as well as malicious activity from governmental and Byzantine actors.

So in summation, anarchic chains:

(1) typically achieve permissioning and log appendation by requiring (originally) identity-less participants to submit proofs-of-work that consume and irreversibly destroy real economic value (e.g., fossil fuels);

(2) the log of history and payments therein is appended via a digital signature controlled by a nominally identity-less, quasi-static participant who is able to propagate the proof-of-work first across the rest of the network;10

(3) this log of history — in both theory and practice — is propagated to other people computers in other countries in order to attempt to achieve uptime in the face of network partitions and adversaries.

In other words, checkmate statists!

Law maximalism

So what about that cold, heartless world of closed, walled-off gardens managed by intranet builders and training wheel makers?  After all, anarchic chains are supposedly too woolly for regulated institutions like banks and according to random people on social media who talk to other random people on social media about financial infrastructure in 140 characters, banks now have decided to reinvent databases… But With Blockchain™.  Because banks — which collectively have built and operate the largest IT infrastructure globally — don’t understand technology and have just rebranded SQL databases to get some easy softball press releases.  Right?

It’s hard to talk about archic chains in the same snarky depth as anarchic chains because there are so many different ones under development that are taking different tact’s and approaches to solving who knows what.  But challenge accepted.

As Ian Grigg explains, part of the problem entrepreneurs are facing is that “permissionless” can be defined, sort of, but the opposite of permissionless is harder to define.  If we accept it means “with a permission” then we could ask, what permission?  How many?  When, where, who, etc.

Are we talking about permission to enter (walled garden), permission to make any transaction (identified keys not pseudonyms), permission to act (approved by regulator in each instance), permission to put money in, permission to take money out?  All of these permissions have regulatory, architectural, societal, and marketing success implications so it isn’t really plausible to talk about a permissioned system as a thing, it’s more an anti-thing.11

With the private/permissioned world of buzzword bingo, a lot of the platforms are ill-conceived forks of cryptocurrencies that weren’t customized at all for capital markets.

Satoshi wasn’t trying to solve for frictions in the post-trade world of clearing and settlement of regulated institutions.  And Vitalik didn’t wake up 3 years ago and say, “Holy hell the $65-$80 billion in post-trade reconciliation processes could be significantly reduced tomorrow if I build an unstoppable computer program replicated across thousands of nodes!”12

So simply forking Bitcoin and gutting the PoW mining apparatus to move pre-IPO cap tables around or track airline points cannot really be called “fit for purpose” especially since it seems that you can pretty much do the same exact thing with existing off-the-shelf technology.

What can’t be done with an extant databases?

That’s a good question, and one a lot of reporters miss because they aren’t interviewing IT managers at banks — who cares what some social media app designer or Bitcoin API developer thinks about back-offices at banks, talk to actual core banking architects.

The fundamental reason that regulated financial institutions have all collectively done steeplechase into magic internet chains track & field is this: there is no such thing as an off-the-shelf system that allows them to move value from their own internal ledgers to outside of their organization without having to rely on a cornucopia of 3rd parties.  There is no such thing as a global shared ledger standard designed around their operating requirements.   For instance, the aggregate reconciliation process and back-office operations that exist today doesn’t make sense to those used to Gmail swiftness or HFT speeds as seen in the front-office activities of trade.

Banks (and other institutions) are looking for novel, secure solutions to reduce certain legacy costs and have been looking at an army of different technology vendors for years to do so.  But as I have pointed out before, there is no such thing as a fit-for-purpose distributed ledger that can provide the type of back-office utility (yet).13

What does that mean?

Fit-for-purpose means that some team of geeks sat down with other teams of geeks at banks to talk about super unsexy things for months and years on end to solve specific issues based on a set of explicit functional and non-functional requirements at said bank.

If your team didn’t do that massively boring requirements gathering process then you’re gonna have a really bad time going to market.

If you simply just start building a blockchain app for blockchain app sake, you will likely end up like BitPay or ChangeTip.  At least with anarchic chain architects themselves, to their credit, are often attempting to solve for a specific problem-set: how to enable censorship-resistant activities in the face of censorable mandates.

On the other hand: if Bitcoin or Ethereum could do the zillions of things that Bitcoin or Ethereum proponents claim it can do, then of course everyone might use it.  It doesn’t, so unsurprisingly many companies and institutions don’t.  And before getting all high and mighty about “not giving little poor Bitcoin a chance” — financial institutions globally have done over 200 PoCs on forks of cryptocurrencies or even cryptocurrency networks themselves.  They discarded nearly all of them because — spoiler alert — anarchic chains were not built for the requirements that regulated banks have.

Archic chains are not a panacea to everything and they are certainly not the most exciting thing since the invention of the Internet: OxiClean was, and you could only originally get it by calling a 1-800 number.14

The tldr for archic chains is that they:

(1) typically achieve permissioning and log appendation by gating and white-listing the operators of the validation process; this usually involves drawing up a legal contract and service-level agreement specifying the terms of services, quality of service, and how disputes are handled.  Because validators are known and legally accountable, proof-of-work is unneeded and marginal costs actually remain marginal (as opposed to MC=MV relationship in PoW networks)15

(2) the log of history and payments therein, is appended via a digital signature controlled by a known, identifiable potentially-static participant who is can propagate the transaction and block to the rest of the participants whom are permitted to interact with the transaction

(3) this log of history — in both theory and practice — is propagated to ‘other people computers.’  In the archic case, it may be a regulated cloud facility (e.g., sovereign cloud) that complies with all of the regulated data requirements of a specific jurisdiction.  (This may sound like an unimportant area of interest, be sure to look at this presentation.)

Or in short, with archic chains: validation and block signing is handled by known, identifiable parties whom have the appropriate licenses to handle regulated data in the jurisdictions they operate in.

Because of laws like the General Data Protection Regulation (GDPR), replication of regulated data to everyone everywhere ends up in Bad News Bears territory pretty quickly.

Conclusions

I purposefully tried not to use the word “immutability” because the term has been bludgeoned by totem warriors on all sides this past year.  It’s to the point where some cryptocurrency advocates sound like Luddites because they do not acknowledge that immutability is simply achieved by running data through a hashing algorithm, that’s it.  It’s one-way and irreversible and has nothing to do with proof-of-work.  All PoW effectively does is delegate who can append a log in an untrusted network.

As a matter of fact, there is oodles of immutable data that predates cryptocurrency networks like Bitcoin, housed on a sundry of databases worldwide.  And on the other hand, you have consultancies wearing out the word “immutability” as if it about to go out of fashion and they get a year-end bonus for saying it three-times fast.

We are nearing the end of year two of the grand totem wars, of the nonsensical permissioned versus permissionless wannabe debate.  There is no versus.  Fundamentally Sams’ Law is empirically valid:  anything that needs censorship-resistance will gravitate towards censorship-resistant systems and anything that does not will gravitate towards systems that can be censored.16

There are ironclad trade-offs: a network cannot simultaneously be censorship-resistant and tied into legal infrastructure.  A chain cannot be both anarchic and archic.  One set of utilities has to have a priority over the other (e.g., definitive settlement finality versus probabilistic finality) otherwise it all begins to look like the chimera that is the permissioned-on-permissionless ecosystem.17

As a consequence, anarchic chains continue to act as testnets for archic chains.  That is to say, both the Bitcoin and Ethereum ecosystems are effectively providing free R&D to network designers who will learn from the mistakes and incorporate the relevant solutions into their own future systems.  After all, why use an anarchic chain in which governance is handled by anonymous eggs on Twitter and (ironically) censorship-happy moderators on reddit?  Perhaps things will change and the great expectations promised by anarchic chains will come to fruition.  In fact, if Boltzmann brains can exist then that is always in the realm of possibilities.

In the meantime, it’s worth reflecting on what Dave Birch recently pointed out: there is no such thing as a cloud, just other people’s computers.18  And each jurisdiction regulates the activities of what can and cannot be processed and serviced on certain machines.  Perhaps those laws will change, but they might not.  It will be worth checking in on the Emochain and Statistchain caricatures in the coming months: maybe the State will wither and die like Zerohedge has predicted 7,934 times in the past.  Or maybe Panoptichain will be built instead.  Or both simultaneously as the consultants behind Schrödingerchain would have you believe.

Immutability!  Immutability!  Immutability!

Endnotes

  1. Archy and Anarchic Chains []
  2. Smart Contract Templates: foundations, design landscape and research directions by Clack et al. []
  3. Edward Murphy is the namesake of “Murphy’s Law.”  See also: Netflix attacks own network with “Chaos Monkey”—and now you can too from ArsTechnica []
  4. Code is not law []
  5. Why does Ethereum plan to move to Proof of Stake? from StackExchange []
  6. “We were successful exactly because we were *not* maximalists.” – Linus Torvalds (source []
  7. See the Hyperledger github repo []
  8. The term “dynamic-membership multi-party signature” was used in the Blockstream whitepaper []
  9. Self-doxxing, dynamic block making and re-decentralization of mining []
  10. It’s actually not necessarily the first — as blocks can become orphaned — but rather which block ends up being built on by other block makers []
  11. “So maybe the debate is over comparing an apple to a citrus fruit – mandarins, tangerines, grapefruits, lemons etc, and everyone is assuming their particular flavour.” Many thanks to Ian Grigg for this passage. []
  12. Blockchain: Back-Office Block-Buster from Autonomous Research []
  13. Designing a Global Fabric for Finance (G3F); Blockchain, Bitcoin and the rise of banks as shared ledger providers; Explore the Blockchain, Ignore the Bitcoin Maximalists []
  14. OxiClean []
  15. See Some Crypto Quibbles with Threadneedle Street and Bitcoins: Made in China []
  16. See slide 13 []
  17. What is permissioned-on-permissionless?; Settlement Risks Involving Public Blockchains []
  18. Dave Birch, September 20, 2016: Source []

What has been the reaction to permissioned distributed ledgers?

About 3 weeks ago I published the “Consensus as a service” report.  What has the fallout been over it?

The specific, public comments broadly fall into 3 groups:

  • those that think Bitcoin is the only blockchain that can and does matter and everything else is a worthless unholy “Frankenstein” ledger
  • those that think cryptocurrency systems as a whole are superior to non-cryptocurrency distributed ledger networks
  • those, like Nick Williamson, who are open to building technology for specific customers and use-cases

As of this writing, the majority of views on /r/bitcoin and Twitter seem to take the maximalist, one-size-fits-all approach: that Bitcoin is the only way, the truth and the light.

In contrast, the target audience for the report are decision makers and developers within the financial services industry.  These individuals, based on months of conversations, are more interested in permissioned ledgers for their business needs because all of the parties involved in the transactions are known, have real-world reputations to maintain, have responsibilities which are expressed in a terms-of-service that is contractually binding and are ultimately legally accountable for actions (or inaction).

Cryptocurrency networks like Bitcoin, a public good that purposefully lacks a terms of service or accountable validators, were specifically designed not to interface with these organizations and institutions — and intentionally created an expensive method to route around all entities (via proof-of-work).  Thus in practice, it makes some sense that financial institutions may not be interested in Bitcoin as-is.

This may be a problem to maximalists, who have come to create and control a narrative in which Bitcoin can and will disrupt anything and everything that deals with finance and have invested accordingly.  Perhaps it will, but then again, maybe it will not.

While there were a number of interesting comments elsewhere, I think the most objective was — independently — an interview earlier this week in Institutional Investor with Blythe Masters (formerly JPMorgan, now over at DAH):

Q: Everyone talks about the enormous potential of alternative currencies and their underlying technology.  But the whold world of Bitcoin and other currencies was set up to resist centralization and intermediation.  It didn’t want to be part of the organized financial industry; it was openly scornful of it, and there’s still a strong libertarian, antibank strain to much of the sector today. Do you think these worlds want to be bridged?

Blythe Masters: I would say that your general characterization of some in the space is correct. But if you had a really good idea about how to build a better tire for an automobile, you would probably be really interested in talking to the auto companies because they are the people that ultimately are going to make use of your technology. You could think that maybe, because of the power of your tire, there might emerge a whole new brand of auto companies that supplant the General Motors of the world because the incumbents never really got the whole concept of what a good tire should be all about. But I’m not sure that would be a good move.

Why do I think this tire analogy is apt?

Because each month at conferences, Bitprophets claim that financial institutions in New York, London and other global centers where capital resides, will fall to the wayside very soon.

Perhaps this prophecy will come true, but it is unlikely for the reason Masters points out: most of the funded Bitcoin companies thus far seem to act like tire companies.

A few entrepreneurs are hoping that newer, different car companies will not only adopt their tires but simultaneously replace older car companies that already provide the same product lines.  While these startups are likely capable of providing utility and usefulness to someone, this overall narrative is probably wishful thinking.  Why would Toyota or General Motors disappear and be completely replaced by new automobile companies in the coming years because someone created a new tire?  Perhaps these existing car manufacturers will indeed disappear due to changes in consumer preferences or safety concerns but probably not because of a new tire.

Furthermore, characterizing the 8 different projects discussed in the report as Frankenstein ledgers is funny as those writing the comments seem to have forgotten how tech iteration works.

For instance, according to Gwern Branwen, the key moving parts that Bitcoin uses are actually a bit old:

  1. 2001: SHA-256 finalized
  2. 1999-present: Byzantine fault tolerance (PBFT etc.)
  3. 1999-present: P2P networks (excluding early networks like Usenet or FidoNet; MojoNation & BitTorrent, Napster, Gnutella, eDonkey, Freenet, etc.)
  4. 1998: Wei Dai, B-money5
  5. 19986: Nick Szabo, Bit Gold
  6. 1997: HashCash
  7. 1992-1993: Proof-of-work for spam7
  8. 1991: cryptographic timestamps
  9. 1980: public key cryptography8
  10. 1979: Hash tree

Would projects like git, which use a few of these parts, be considered “Frankenchains”?

The reaction that a few have had the past couple of weeks makes one wonder as to how they would initially react if alternative airplanes, automobiles and boats were invented: “But a monoplane cannot work as it is missing essential features from the original biplane!”

Taking a step back, calling one of the 8 projects in the report “Frankenledgers” would be like calling:

  • non-Mercedes vehicles, Frankencars
  • non-Wright Brothers heavier-than-air contraptions, Frankeplanes
  • any non-Unix operating system, FrankenOSes (which is ironic since Unix was itself a FrankenOS relative to Multics)
  • any non-Motorola cell phone, Frankenphones

Maybe none of the projects in the report will ultimately succeed.  Maybe in five or six years they fail to gain traction.  Maybe future ledgers and projects add additional “moving parts” to whatever they ultimately call their chain.

Yet we cannot command customer-driven technology to follow one specific narrative anymore than the previous pioneers of technology.  Just ask Alfred Nobel or other inventors over the past few centuries.  Furthermore, building ever larger quantities of a product without figuring out if there is a product-market fit seems to be how the Bitcoin community has attempted to operate over the past several years.  Perhaps this “marketing myopia” will pay-off, maybe the Kevin Costner syndrome (build it and hope they come) will be avoided.  Or maybe not.

Owning coins without disclosing they do

“It’s about the coin, you cannot downplay the coin!” was another common response.

To me the question of coins or no-coins is a red herring.  Perhaps organizations find them useful or maybe not.  Ultimately however, the target market for the report were organizations who need products that:

1) Create additional financial controls (removing the ability for one administrator to abuse the system because the information and state is distributed and shared)

2) Provide additional transparency for their risk management and capital management teams (such as reducing duplicative effort in Transaction Reporting)

Or in short, this variation of shared, replicated ledgers helps financial institutions to securely reduce costs.  That may sound mundane and unsexy, but reducing IT costs at some banks can mean tens of millions in savings.  As a result, some financial institutions (and likely other industries), are looking to take parts of the toolkit, portions of the 10 moving parts above and develop a new developer stack, just as LAMP did 15 years ago.1

How do validators fit in with this again?

The tl;dr of the report is that permissioned ledgers use known validators whereas permissionless ledgers intentionally use pseudonymous validators.  They each have different cost structures and are targeting two different groups of customers.

Why are known validators important?  Because in the event a chain forks, is censored or transactions are double-spent, there is no legal way to hold pseudonymous validators accountable because there is no terms of service or contractual obligation.  Or more to the point, as a public good, who is responsible for when a block reorg take place?  Apparently no one is.  This is problematic for financial institutions that want to be able to reliably transfer large amounts of value.

If pseudonymous validating nodes and mining pools are required to doxx themselves (or the current euphemism, “trusted transparency”), they lose the advantage of being censorship resistant.  Users might just as well use a permissioned ledger.

Why?

In the event such a fork, censored transaction or double-spending occurs with permissioned ledgers, the validator can be held legally accountable because they are known.  Proof-of-work is no longer needed and entities that are doing the validating are held accountable to specific TOS/EULA.

The main reason that block reorgs do not occur more frequently, like what happened in March 2013, is that it is just not worth the effort right now relative to the amount of value being transacted on the Bitcoin network.  Yet if there were billions or trillions USD in financial instruments like derivatives moving across the network, there would be an more incentives to attack and reverse transactions (this is one of the problems with watermarked coins as they create a disproportional reward delta).  No financial institution is going to put this type of value on a permissionless chain if they cannot claim damages in the event of censorship or reversal.

bitcoin is not useful

Source: Matt Corallo

“But you cannot have a secure ledger without coins,” is a common response.  Isn’t owning bitcoins the most important part of this equation?

Under Meher Roy’s classification chart, this is only true if hyperbitcoinization takes place, which it probably will not (recall: that which can be asserted without evidence, can be dismissed without evidence).

Then why is this continually promoted?  Probably because the company they work for or their personal portfolio includes bitcoins as part of their retirement plan and hope the demand for bitcoins by financial institutions and other organizations launches the price to the moon.  This is not to say that Bitcoin is bad or worthless as a network (or as an asset, it may even have another black swan or two upwards), but neither the UTXO or network (as-is) is a solution to a problem most banks have.

Maybe as Matt Corallo (who shared the picture above) is right: perhaps in the long-run historians will look back at these permissioned, distributed ledgers and declare them non-blockchains.  Maybe they will be called something else?  However, as it stands right now, even with cryptocurrencies, Bitcoin is not the only way to skin a cat.  The wheels (or tires) comprising Bitcoin and its nascent ecosystem can and will be interchanged and removed due to their open source nature and differing business requirements for each organization.

Keeping fees or be altruistic?

Are there any recent examples of doxxing of validators?  Yesterday a bitcoin user (someone who controls a privkey) made a mistake and accidentally sent 85 bitcoins to a miner in the form of a fee.  At ~$228 per BTC (at the time it was sent) this amounted to a $19,380 fee.  After several hours of debugging and troubleshooting, the problem was identified and fixed.

Along the way, the block maker (the pool) was also identified and notified, in this case it was Bitmain (which operates AntPool) based in China who said they would return the fee.

tx fees in USDThe chart above covers the time frame over the past two years, between April 2013 – April 2015.  It visualizes the fees paid to miners denominated in USD.

As we can see, in addition to the large fee yesterday, there are several outliers that have occurred.  One that is publicly known took place on August 28, 2013 when someone sent a 200 bitcoin fee that was collected by ASICMiner.  At the time the market value was $117.59 per BTC, which meant this was a $23,518 fee.  It is unclear who originally sent the fee.

This raises a couple of questions.

The network was originally designed in such a way that validators (block makers) were pseudonymous and identification by outside participants was unintended and difficult to do.  If users can now contact validators, known actors, why not just use a distributed ledger system that already identifies validators from the get go?  What use is proof-of-work at all?

Yet a trend that has actually occurred over the past four years is self-identification.

For instance, I reached out to Andrew Geyl from Organ of Corti and he provided two lists.

Below is a list of the first time a pool publicly claimed a block:

Pool  |  Height
1:  Slush  97838
2:  bitcoinPool 110156
3:  DeepBit 110322
4:  Eligius 120630
5:  BTC Guild 122608
6:  MTRed 123034
7:  EclipseMC 129314
8:  Polmine 131299
9:  Triplemining 134362
10: BitMinter 134500

And a list of the first time a pool signed a coinbase transaction:

Pool  |  Height
1:  Eligius 130635
2:  BitMinter 152246
3:  BTC Guild 152700
4:  Nmcbit.com 153343
5:   YourBTC 154967
6:   simplecoin.us 158291
7:   Ass Penny pool 161432
8:   btcserv.net 163672
9:   Slush 163970
10:  BitLC 166462

A little history: Slush began publicly operating at the end of November 2010.  Eligius was announced on April 27, 2011.  DeepBit publicly launched on February 26, 2011 and at one point was the most popular pool, reaching for a short period in July 2011, more than 50% of the network hashrate.

Why did they begin to identify themselves and sign coinbase transactions?  Geyl thinks they initially did so to help with miner book keeping and that community pressure towards transparency did not happen until later.  And as shown by the roughly ~20% of unknown block creators on any given day, if a block maker wants to remain unknown, it is not hard to do so.

The other question this raises is that of terms of service.  As noted above, since the Bitcoin network is a public good (no one owns it) there is no terms of service or end-user license agreement.  Coupled with a bearer instrument and pseudonomity it is unclear why pools should feel obligated to refund a fee; Bitmain did not steal it and in fact, did nothing wrong.  The user on the other hand made a mistake with a bearer instrument.

This type of altruism actually could set a nebulous precedent: once block rewards are reduced and fees begin to represent a larger percentage of miner revenue, it will no longer be an “easy” decision to “refund” the user.  If Bitmain did not send a “refund” it would serve as a powerful warning to future users to try and not make mistakes.

In addition, why do elements in the community think that 85 BTC is considered refundable but are unconcerned with any fee sent above 0.0001 BTC (0.0001 BTC is considered the “default” fee to miners)?  This seems arbitrary.

And this is a problem with public goods, there are few mechanisms besides social pressure and arbitrary decision making to ration resources.  As described by David Evans, since miners are the sole labor force, they create the economic outputs (BTC) and security it is unclear why they are under any expectation to return fees.

This is probably not the last time this will occur.

Conclusion

Public goods are hard to fund as they typically fall victim to tragedy of the commons.  And development, maintenance and security of Bitcoin is no exception.

While it did end up dominating the embedded systems space, despite similar rhetoric 20 years ago by passionate FOSS developers, Microsoft was not killed by Linux.2  Prophetic claims that desktop Linux would bankrupt incumbents and a GNU (and GPL “maximalism”) world order would take over the software industry never materialized: the fact of the matter is desktop Linux became a niche with no more than 1% of marketshare.  Incidentally, some vocal promoters insisted each year, that 200X would be the year of mass adoption for desktop Linux (it even saw a funding boom-bust such as the VA Linux IPO).3

Instead, many of the ideas and libraries were forked and integrated by enterprises such as IBM into other organizations and institutions, such as banks.  The only multi-billion dollar open source company that arose from this time period was Red Hat, yet even the inroads it made with Linux and FOSS is arguably overshadowed by the biggest kernel user: Android, another corporate sponsored “distro.”45

While past performance does not guarantee future results, IBM is once again back and has been looking into blockchain tech (through ADEPT), many of the major tech companies that arose in the ’90s (such as Amazon and Google) have payment solutions and customer usage of Bitcoin — like desktop Linux before it, despite enormous awareness and interest — still remains very niche, perhaps roughly 300,000 that actually control a privkey.

Maybe this will change over time.  Or maybe the buzz with this hot space will cool down in a few years and all the Young Turks will find something new to work on, leaving Bitcoin to fend for itself like Gnu Privacy Guard and many other forgotten public goods.6  Maybe they will move on to permissioned distributed ledgers which have known use-cases and customers, or maybe onto something else entirely.

Update: be sure to see some critical feedback from Peter Todd

End notes:

  1. According to L.M. Goodman, who created Tezos, a better example would be HTTP, not LAMP: “The value of distributed ledgers is in protocols and networks, not software or “stacks”.” []
  2. Linux certainly did change the infrastructure landscape.  Embedded Linux now pretty much dominates inside many devices (e.g. routers, switches), while it also dominates much of the Internet server ecosystem. The key to both of these was that it solved very specific commercial problems; the adoption was frictionless.  In embedded systems Linux was up against quite expensive proprietary RTOS and embedded OS designs.  The smaller ones were not as feature rich, while the larger ones could not compete in markets where gross margins became very tight. In the server space commercial Unix and Windows servers had expensive OS software and Linux could run on smaller, resource constrained, systems very effectively.  Early adopters could often get their hands on hardware but not the software and startups could readily tweak the software for special purposes. Now Linux dominates these spaces because it is actually really efficient for building things like network servers (they can run better on Linux in many cases).  Thanks to Dave Hudson for this insight. []
  3. Mike Hearn made a similar observation a year ago during a presentation: Mike Hearn, Bitcoin Core Developer NBC2014 from Bitcoin Congress.  See also: What Killed the Linux Desktop by Miguel de Icaza, Linus Torvalds on the Linux desktop’s popularity problems from ZDNet, Desktop Linux: The Dream Is Dead from PCWorld and Windows’ Endgame. Desktop Linux’s Failure from ZDNet []
  4. Google has purposefully avoided using almost all other Linux software and particularly GPL’d software. The entire application framework for Android is different than other distributions like Fedora. They only adopted the kernel possibly because of onerous GPL requirements. []
  5. Incidentally parts of Mac OS X are based off of FreeBSD. []
  6. I would like to thank Christopher Allen for this analogy. []

Evolution of the cloud

Spent several days earlier this week with some brilliant software engineers who not only were domain experts but were very articulate about topics beyond the sci-tech world.  I posted a couple of tweets (here and here).  I’d like to thank Matthew Wilson for arranging the brainstorming sessions as well as Patrick Michaud, Larry Wall, Jonathan Worthington and Ingy for their hard work and creative collaboration.

Some of the topics and projects we discussed:

  • Firebase
  • Hadoop ecosystem
  • CaaS/SaaS/PaaS/IaaS (OpenStack, Docker, CloudFoundry, Stackato)
  • Intentional Software
  • Semantic Web, Programmable Web
  • Git
  • Domain-driven paradigm (Eclipse Xtext/DSLT, OMeta, Colm)
  • Joyent Manta
  • Rackspace ZeroVM
  • Meteor
  • Reactive paradigm
  • Cloud Haskell, Persistent Haskell

For those interested, if you really want to know about the hottest trends and innovations in software, be sure to look at the upcoming FOSDEM conference schedule.

Cryptocurrency in the news

Thanks to Vijay and Isaac (@aniceberg) for some of these stories.

Windows 8 first impressions

My other laptop has been whimpering a slow death so I grabbed a Lenovo Y500 from Amazon.com (a friend recently brought it back from the US).

The new Metro tile UI is very beautiful, very modern and very useless unless you have a touchscreen or tablet.  I tried, in vain, to only use the Metro skinned theme without cheating or reverting to the classic pre-8 look.  However this was just too unproductive and unintuitive.  After a few days of trying to find useful apps (small selection in the marketplace), waiting for apps to load and figuring out how to close them (not intuitive), I finally stooped to the lowest of lows and got a start menu replacement (IObit StartMenu8).  One positive note is that the sleep/start process is incredibly snappy and the Task Manager is very informative (and detailed).

The machine itself is pretty good thus far, although I haven’t really pushed its insane specs (dual GPUs, 16 GB RAM, i7).  The trackpad is horrible, probably the worst one I have used.  In fact, I wrote my entire book on a Toshiba Satellite L510, without a mouse (just the trackpad).  In comparison, the trackpad on the Y500 is slow, unresponsive and inaccurate.

Chapter 13 – IT and software services

[Note: below is Chapter 13 from Great Wall of Numbers]

At the various schools, colleges and organizations I have worked at on the mainland, each facility was staffed by employees with a diverse range of technical abilities.  In addition, the equipment ranged from slightly dated to cutting edge.  While I have had the chance to work on a SugarCRM and Drupal wire frame development project domestically, I think some general statistics will give you a better idea of the size, scope and marketshare of the software and IT service industries in China.

According to their 2012 annual report, the Ministry of Industry and Information Technology estimated that China’s software and information services in 2011 had an output of $60 billion, “up nearly 40 percent year-on-year.”1 IBISWorld estimates that the entire software and IT industry in China “generated revenue of $284.02 billion in 2011, up 35.1 percent from 2010.”2

For perspective, India’s business process outsourcing and IT industries generated $100 billion in revenue in 2011.3

In terms of BPO growth – which is commonly called offshoring in the West – NASSCOM estimates that Indian firms generated $11 billion in BPO revenue in 2008 and $32 billion in 2012.4 In comparison, by one estimate the Chinese BPO sector “generated revenues of US$3.52 billion in 2009.”5 Another estimate, by XMG Global, shows that Chinese outsourcing firms generated $43.1 billion in revenue in 2012 (compared with $63.2 billion in India).6

Since its humble beginnings as an importer of DEC computers in the late 1970s (e.g. the PDP-7 minicomputer) China’s software development and IT services industry have grown dramatically and by one optimistic estimate, could generate $635 billion by 2015.7

Yet for perspective, the US software industry generated $261 billion in 2007 and the ten largest US software companies alone generated over $235 billion in 2010.8 Furthermore 63 of the world’s largest software companies are headquartered in the US compared with 2 in China.9

Big numbers, big opportunities

What this means is that for US-based firms, there are numerous opportunities to provide both software and related-services to the Chinese market.  And while market access and intellectual property (IP) infringement issues continue to dominate bilateral forums, there is still potential for foreign firms – especially those that focus on services – to gain substantial market share.

For example, in November 2012 I spoke with Larry Chang, the CEO of Pro-Lambda Solutions which specializes in Computer Aided Engineering (CAE) solutions and provides CAE software packages.10 Chang is originally from Taipei and had spent 25 years working in the CAE industry including in the US.  After conducting due diligence, he created a startup in Shanghai five years ago based on some surprising market research: there is no domestic CAE software company that actually develops and sells its products abroad (yet).  Or in Chang’s words, “zero engineering software products that are made in China are sold outside of China.  As a consequence everything is by-and-large still imported from other countries.  Obviously, something is missing here; if and when we can provide this missing part to the society, the economic payback will follow.  That is the opportunity we see and value.”

This is not to say that Chinese individuals and software companies do not make innovative or exportable software.  For example, Kingsoft (金山软件) is a Chinese developer that develops antivirus software and a office productivity suite called WPS.  It has 50 million monthly active users globally.11 Internet giant Baidu recently invested in the firm as well.12 Similarly, local software engineers like Ni Chao, a developer in Beijing, can and do create innovative solutions to large-scale problems such as purchasing train tickets during peak hours.13 Innovation takes place outside of the computer world as Reuters recently aired a story about various inventions used by migrant workers on their long journey home during Spring Festival, such as a local designed “seat sleeper” that enables passengers without beds to sleep on a mobile tray that can be leaned on.14 And in another fulfillment of Plato’s dictum “necessity is the mother of invention,” The Telegraph discovered a Chinese man of modest means who hand-built a working dialysis machine that has kept him alive for the past 13 years.15

Yet Arthur Kroeber, founder of the research firm Dragonomics sees scalability issues even with this promising amount of creativity.  In March 2013 he told a literary panel in Beijing that, “What’s sad is the amount of creativity you see in China is phenomenal but it’s not always directed in ways that are ultimately productive.”16 He likened it to figuring out how to create homemade solutions to a car whose parts are no longer on the market, yet running into problems trying to create “innovative solutions which are scalable throughout the entire world.”

As a consequence, Chang’s long-term vision is to become the first mover, to build and design engineering software in China which is then exported abroad.  There is a small twist to his strategy.  One of the problems he (and others like David Veksler cited later) have noted is that if you build and try to sell a product in China, most Chinese consumers will consider the quality is of lesser value.  That a product is perceived to be “better” if it originated from a foreign country is a stigma that Chang is hoping to reverse.  Thus in August 2012, Pro Lambda began selling its software solutions to the international market with the intention of giving his team experience, credibility and real-world feedback, before they attempt to sell directly on the mainland.

While traditional software solutions may be a risky business, services also have its share of challenges.  According to Chang, “one of the problems with the service industry as a whole and the software industry in particular is that this value added service is relatively unknown – and quite a suspicious concept to most Chinese consumers and businesses.  For example, upon buying your software they often think ‘why do we have to pay for your services since we just bought your software?  You owe me, not the reverse.’  Thus, this is a long-term challenge but I think enterprises and developers have begun making inroads as a younger generation of consumers has begun to understand the importance and value of this business model.”

There are also a few reasons why this lack of engineering software exports exists.  Yet according to Chang, this absence presents an opportunity for those willing to do the training needed.  For example, he notes that “software architects continue to live and work outside of China as do nearly all software product managers and development facilitating teams.  As a consequence, what has moved to China in the past decade is the ‘digital assembly line’ – coders and programmers are pretty much all that currently exists.  These coders and programmers are overseen by a project manager who coordinates with the foreign-based research and development office.  Yet, there is no facilitating team and no product team for engineering software on the mainland.”  Chang’s comment about a dearth of software architects was recently echoed by Ji Yongqing.  Ji is a technology author on the mainland who noted that while there are many programmers in China, relatively small amounts of resources are put into long-term projects to generate high-end skills, ideas and fundamental software research.  In his words, “Even now in the internet industry, everyone talks about product managers and no one talks about software architects, but in truth the two are equally important.”17

Furthermore, there are at least two systemic issues for this phenomenon as David Veksler (see below) and Chang both note: the first is that most Chinese students typically did not participate in team-based activities throughout school.  Thus when they are required to work as a team on larger scale projects, they often have difficulties adjusting to cooperation-based tasks – because they have been culturally raised to always compete and silo off information that can be traded and exchanged like currency.  Or in other words, whereas many Western education systems encourage teamwork and cooperation, older generations in China were taught a different style which relies more on trust networks (e.g., only share information with those you know, with whom you have guanxi) instead of “being a team player.”

Another key issue which is being addressed and discussed at every level and corner of Chinese society is fostering innovative thinking and creativity – taking the initiative to “think different” (see Chapter 20 too).  Yet there is a Chinese phrase that describes and explains why this same phenomenon is being repressed (and one that many Westerners are familiar with): 树大招风、枪打出头鸟or in English, “the stake that sticks up gets hammered down.”18 There are numerous requirements to build a “creative class” – yet there are also numerous cultural and institutional hammers that prevent this from germinating and blossoming on the mainland.  And while rote memorization and a lack of institutionalized ‘free thinking’ (e.g., ‘free expression’) are typically cited as the two main reasons, there are a number of additional factors that explain the constraints on domestic creativity, those would fill volumes if fully discussed.

Yet to be even handed, this is not to say that Chinese people are not creative or innovative.  For example, there is an entire industry of shanzhai (山寨) products such as customized smartphones which are cobbled together in a MacGyver-like fashion (though some segments are being shut down).1920 Similarly, web services such as Sina Weibo actually made it very easy to find and maintain trackbacks which illustrates indigenous ingenuity.  On that point, Gary Wang, founder of Tudou (a video streaming site that merged with Youku last year) recently told The Wall Street Journal that Chinese incubators, app-makers and innovators actually have cutting-edge, top-quality ideas comparable to those in Silicon Valley.21 However in his view they fall short due to a lack of experience and skills because of “the educational system and shorter start-up culture.”  Thus there is long-term potential as Larry Chang noted, for utilizing and training local talent for research and development.

Proprietary leakage

Later on in this chapter I discuss trade secrets and IT security issues, but one real-world case study that entrepreneurs should be aware of is what Chang himself faced several years ago.  His sales team abruptly left and took corporate proprietary information with them and as a consequence his sales bottom line was “burned.”

Instead of offering higher pay and enforcing stricter rules, he simply showed the predicament of the start-up company to his employees.  What he does is explain to each employee that while they could become temporarily richer by leaving and selling proprietary information, if they stayed and continued to build the company the results and rewards would be substantially larger in the long-run.22 Thus he considers his employees as partners, not employees – continuously trusting them with vital information while painting a picture of the future in which they are compensated significantly more than they might have otherwise in the immediate short-run.  As a consequence, Chang figuratively keeps the door open for all staff and is certain that any proprietary information that does leave would find little market value due to his focus on branding (i.e., why buy a pirated copy of software for the same price as the legitimate software?).

And while it remains a challenging market, as he also noted that “while a younger generation of engineers are willing to buy some types of software and government institutions are required by law to stymie digital piracy, many of the top enterprises, institutions and organizations on the mainland still typically use pirated copies and do not feel bad about it.  This presents an opportunity though and I do not begrudge them,” Chang said, “for example, in order to export a product domestic firms will have to eventually benchmark it with a legitimate copy of the software in order for foreign customers to trust its quality.  As it stands now, piracy is a form of free marketing and advertising.  As subsequent generations of users adopt and use the software they will begin to trust the product and eventually buy both the product and support services.  Take Hollywood films for example.  If copyright enforcement and penalties had been very strict, it is highly likely that no one would have watched the films to begin with.”  This last point is germane to the rapid growth of video stream sites like Youku, who arguably would not have gained preeminence if they had not stored and streamed copies of Hollywood films (Youku has now signed agreements with every Hollywood studio, see Chapter 14 for more).23

As a consequence, after hiring his first software architect five years ago, Chang’s firm now has about 30 employees, with growth rate targets of 30% annually, the profit of which is recycled and reinvested back into the company.

Services

In December 2012 I spoke with Richard Qi, the director of SR Force Consultants, a Brisbane-based software consulting firm that focuses on providing SugarCRM solutions to the Chinese marketplace – specifically to joint-ventures and foreign-owned firms.24 CRM stands for customer relationship management; it is a type of organizational and productivity software that creates a streamlined method for tracking, converting and managing leads and is used at nearly every large enterprise in Western countries.  Qi is originally from Dongbei (中国东北) and worked in Australia for 10 years before returning to the mainland two years ago.  According to him, “while there is a lot of growth potential, one of the challenges to providing technical services and solutions is that many local firms simply have not done the necessary due diligence to implement and fully utilize a lot of the software and services they purchase.  For example, SAP implementations have a roughly 70% failure rate on the mainland (e.g., initial production goals were unmet) because local customers and decision makers typically do not know what to do after the software is installed and integrated.”

Thus one of the reasons why Qi caters to joint-ventures and foreign firms is that, “they usually have detailed operational meetings and specific milestones providing both their internal IT team and external contractor with the necessary requirements gathering to build and use the functionality of the system.  They know what they are getting into.  In contrast most domestic customers are not fully cognizant of the limitations and features of their IT department let alone something more complex like a CRM system.  They may know how to run and synch a Windows server with Outlook yet they typically do not have the necessary enterprise management skill base to utilize some of the more complex packages and projects that are initially funded and installed.”

Thus in his mind, one opportunity that service firms such as his provides is “filling in the blanks with locally sourced expertise.  We hire all of our consultants locally based on both bilingual abilities and technical proficiency.  Yet services such as ours do not have to be strictly focused on CRM; business consultancy in general is about delivering value to customers and not necessarily every functionality imaginable.”  Yet one of the challenges is that “many local businesses are family managed so they typically do not have the training necessary to make long-term strategic growth plans – they are focused on immediate short-term profits that result in millions of different business paths that are often counterproductive.  In the past when we have provided solutions to these local firms, the initial service requests typically involve functionality issues (“do you have a PDF convertor”?) rather than strategic long-term issues (“how to distinguish a lead from a contact?”).  As a consequence, a challenge that other service firms will face is that if they focus solely on domestic companies, your firm may become part of an endless feature-focused loop that prevents your firm from growing and keeping pace with your international peers.”

Another issue that Qi explained and is not necessarily endemic to China is budgeting constraints.  Often time because enterprise software implementation is new to most domestic firms, the allocated budget is usually not adequate.  For example, in projects like implementing a CRM typically for every $1 spent on software, $2 needs to be spent on services just in case new modules need to be added or modified or technical support issues crop up.  Yet due to aggressive timelines, many firms face budget overruns that can prevent the systems from working efficiently or providing value to the end-user.

Cloud services

Another challenge for software makers in general is that, irrespective of trade secret issues, a large portion of traditionally developed software (e.g., shrink wrapped packages) has already been emulated, copied and installed at Chinese enterprises.  For example, one estimate of the bootleg rate in China is 77% (down from 92% in 2003).252627

So where does that leave your firm?

Perhaps your company can build out cloud computing on the mainland.  For instance, according to IDC, $286 million was spent on cloud-computing specific infrastructure in China in 2011 and this is expected to increase to $1 billion by 2016.28 There are currently 430,000 data centers and more than 5 million servers on the mainland.29 Furthermore according to IDC, over the next five years the cloud computing data center market as a whole on the mainland “is valued at 2 trillion RMB ($320 billion).”30

In terms of specific build outs, Jingdong Century, owners of 360buy.com (a leading e-commerce site on the mainland), recently invested 4 billion RMB ($750 million) building two new datacenters and in January 2013 opened a new cloud R&D facility in Beijing.3132 In September 2012 Baidu announced that it is investing $1.6 billion in building a cloud computing center.33 In March 2013 EMC, an information management company, said that it expects to land 1,000 projects over the next five years by focusing on niche segments like healthcare and education in over 300 cities on the mainland.34 Also in March, the Weather Company International, producers of the Weather Channel, announced that it would further expand its cloud and data services on the mainland where it already has more than 35 clients.35 And in addition to the Kyocera’s newly launched cloud-based network security services other firms like the Alibaba Group (Taobao, Tmall, Alibaba) are already among the leading local cloud service providers as its sites host tens of thousands of storefronts for SMEs.3637

During my interview with Eric Azumi, vice president of information services at EF (see Chapter 9) he noted cloud computing as one area on the mainland ripe for opportunities primarily because local players are still largely fragmented, inexperienced and unfamiliar with international ‘best practices.’  For example, due to various legal issues (see below) it is difficult for foreign companies to set up and directly own a data center on the mainland.  Thus Salesforce.com built a new center in Japan and Europe because according to Azumi, “there is no big money for the cloud China for the largest international participants at this time but there probably will be in the future.”  Yet concurrently he sees abundant openings for experienced foreign firms to still come in and train and provide other ancillary services to this segment.

One word of caution however, “[f]oreign companies that wish to operate cloud service in China must have governmental license.”38 As a consequence, Microsoft actually leases room in a China Telecom’s data center and outsources data management to a local firm, 21Vianet.  And Amazon recently suspended their cloud rollout due to these regulatory requirements.  Thus foreign firms specializing in cloud services should investigate the necessary legal requirements before entering this segment as well.

While moving to the cloud is increasingly popular, another area where US expertise and experience still thrives and cannot be easily copied is support services.  For example, Gartner forecasts software-as-a-service (SaaS) reached $14.5 billion globally in 2012, with US-firms taking the lions share at $9.1 billion.39 And Parks Associates estimates that the US tech support industry will “grow from $9.6 billion in 2011 to more than $20 billion by year-end 2015.”40 Can you or your company provide such services?

There is an app for that

Another potential area for US and foreign software companies is modifying their iOS and Android apps for the Chinese market.  As I mentioned in Chapter 6, China is now the world’s largest smartphone market, overtaking the US this past summer.  In addition, there are certain demographic groups, such as the elderly (aged 55+) that have been thus far overlooked for targeted apps, specifically games.41

What is the breakdown for app ecosystems?

While iOS remains relatively popular within China at more than 17% market share as of Q2 2012, more than 80% of all smartphones sold within China were Android-based.42 And in Q3 2012 Android marketshare on the mainland reached 90.1%.43 This mirrors global adoption rates, as of November 2012 Android-based devices now account for 72.4% of the global market (iOS is 13.9%).44 Unsurprisingly this has brought the total Android ecosystem to more than 50% total market share in China.45 This has also led Eric Schmidt, chairman of Google, to actively woo Chinese developers to the Android ecosystem.46 Yet despite this huge potential market, nearly all of these Android phones have been stripped of Google ad-supported services as well as Google Play – replaced by custom 3rd party applications and app stores.4748 In fact, 80% of Android phones in China use a preinstalled version of the Baidu-powered search tool instead.49 Or in other words, modern smartphones with Chinese characteristics.

What this means is that for US app developers, there are some opportunities to port and translate their apps and games to the Chinese market.  For example, as I also mentioned in Chapter 6, in terms of smartphones and tablets, less than 10% of the Chinese user base are older adults (55+).  This same demographic group comprises 7.1% of gaming and entertainment app users compared with substantially larger percentages in the US.50

How much larger in the US?  For instance, while a Pew Internet study found that only 13% of those ages 65+ in the US had a smartphone, Nielsen reported in May 2012 that in the US, “more than 50% of those who play FreeCell, Solitaire, and Hearts are over the age of 55.”5152 And a June 2012 study from Forrester research found that 44% of US seniors play solo games online.5354

In contrast, according to their 2010 report from IDC, only 7.1% of those aged 50+ in China played games.  More specifically, in terms of online chess gamers and mobile gamers, those older than 50 comprised 5.7% and 2.4% of all players respectively.55 Or in short, your grandparents and their peers frequently play computer games yet few software firms design games specifically for them, let alone for their Chinese counterparts.

While there may be cultural reasons for such a dramatic difference (7.1% in China versus 50% in the US), in my own anecdotal experience of walking through the parks and streets throughout the cities I have lived in, elderly Chinese seem just as apt to play memory games, dominoes (mahjong) and poker-style games as their Western counterparts.  And according to China Daily, “the turnover of China’s mobile gaming market is soon going to hit 5.2 billion yuan ($835 million) as the number of players reach 270 million.”5657 Thus in the long run even if the adoption and penetration rate remains relatively low for the elderly demographic group, 7.1% of 202 million (the number of elderly currently in China, see Chapter 18) is a potential niche market for future growth.

And as I mention in Chapter 6, in general, developers looking to port their apps and games over to Chinese markets should consider modifying the games to include Chinese traditions, symbols and cultural tie-ins – or in other words ‘Western video games with Chinese characteristics.’  For example: the color red, number 8, and the Chinese knot (Zhōngguó jié) are all considered lucky.  Perhaps creatively integrating these symbols into your game would prove popular, just as Kung Fu Panda was (see Chapter 14).  And since Macau now generates more than six times as much as gambling revenue as Las Vegas (Macau overtook it in 2007) maybe there is a legal way to capture this market.58 Or rather, because gambling is popular across all demographic groups perhaps designing a social gambling game or non-monetary betting app would find success across the mainland.59

Based on the wide variety of demographic groups playing games on the subway in Shanghai and Guangzhou and standing in line at restaurants, casual games such as those from PopCap (e.g., Peggle, Bejeweled, Plants vs Zombies), Imangi Studios (Temple Run), ZeptoLab (Cut the Rope), Halfbrick Studios (Fruit Ninja) and Rovio (the Angry Birds series) are also popular.  In fact, “Cut the Rope” has more daily users in China than any other country and according to the Financial Times, “around a quarter of all Angry Birds downloads are conducted in China.”60 It is so popular in fact that Rovio recently turned Shanghai’s skyscrapers green to market their new product and simultaneously launch a native version for the Chinese market.61

Another advantage US-firms currently have in porting their apps to the Chinese marketplace: English is the 2nd largest language in the Chinese iOS app store.62 And this presents an opportunity for Western developers: in their September 2012 report, Distimo found that after introducing a native language app, their “download volumes on the iPhone [increased] by more than 128 percent during the next week that followed.”  And sales revenue increased by 26 percent in the same week.  Either way you look at it, even if your company does not create a Chinese-version of its apps, the potential competitive marketshare even in English remains in reach of your company.

Understanding the market

You might be asking yourself, how does the app store function in China?  Are they run by Apple and Google and are they censored?

Apple opened its first official app store in China on October 27, 2010.63 By June 2011, China became the second largest source of app downloads for Apple.6465 And China sales for Apple products and services now accounts for 15% of Apple’s total revenue, $23.8 billion in fiscal 2012.66 In fact, Apple is actively courting Chinese developers by translating their tools and guides into Chinese.67 In addition to the large Android userbase, there are more than 70 Android app stores in China, which is estimated to eventually consolidate down to 10 within the coming years.6869

In terms of censorship, as reported by the New York Times, Apple has been selectively censoring applications in its app store based on requests by the government.70 And because of Google’s on-again-off-again legal fights with Chinese regulators, it is oftentimes unclear of what is being censored in the Android marketplace.  For instance, in the fall of 2011 there was a week-long period in which both the Android marketplace and Gmail application worked intermittently.71 This occurred once again in the early parts of the summer and fall of 2012 yet service was restored in both cases.72

This also raises another visceral point.  Despite its off-and-on wrestling with Chinese regulatory authorities, with a mere 4.72% search marketshare, Google’s revenue in “China’s mobile-app ad market will probably more than double to about 1.8 billion yuan ($283 million) this year [2012], exceeding the 1.2 billion yuan from mobile-search queries.”7374 In fact, despite these ongoing disputes with Chinese regulators, Google is “still the 3rd largest advertising revenue generator in that country doing $640 million a year (annualized).”75  And despite being hard to access at times Google has roughly 15% of the search engine market on the mainland.76 If they can achieve this in the face of never ending challenges, then your firm has potential as well.77

An app that helps find customers

Over the past 18-months Windisch-based coresystems has been working on a cloud-based digital assistant called Mila (an app) that was a finalist in the GMIC G-Startup competition held in October 2012.78) Mila allows entrepreneurs and SMEs to create an online assistant and unified online store front which is hosted on the cloud for free.  The assistant (Mila) can then search social media sites like Twitter to look for potential customers based on what your company provides as services.  And once a match is found, it then guides you through a streamlined sales process including invoicing using a smartphone.

In October 2012 I spoke with Andrea Chang, the marketing manager for Mila’s branch in China.  According to Chang, in their effort to localize the brand on the mainland, Mila has partnered with China Unicom (the second largest telecom company in China).79 Together they have modified Mila to integrate with Sina Weibo (which I noted in Chapter 12 is the world’s 2nd largest microblog site) and Alipay (the largest online payment provider on the mainland).  According to Chang, “the process of opening an online shop is one of the easiest and cheapest ways to generate leads and do business in China.  Using an integrated chat feature that allows customers and business to speak directly to one another, Mila not only communicates directly with your customer but also conduct all transactions, including invoicing.”

Chang also noted that because of the wide proliferation of smartphones and social media in China that one of the advantages of using Mila is that its cloud based transaction model substantially lowers the sales cycle costs (e.g., locating potential customers) while simultaneously providing customer service (e.g., by storing customer contacts).  This in turn allows entrepreneurs and SMEs to compete more on service instead of spending resources on search-engine optimization (SEO) or virtual store fronts.

So how does this help foreign companies wanting to do business in China?

Again, as mentioned in Chapter 12, before your company even establishes a physical presence on the mainland, you can use Mila and other services like Wildfire to search and discover the potential customer base for your company’s products and services.  And as I mentioned in Chapter 12 as well, because Facebook and Twitter are currently blocked on the mainland, you will need a way to localize your customer search to Chinese web services.  Solutions like Mila and Wildfire makes the process easier for your team, even if you are unfamiliar with Chinese customs and culture.

Securing your network

Cybersecurity is a sub industry that is often overlooked and dismissed by many businesses in China.  It has not helped that some media outlets resort to hyperbole to describe the real – and sometimes imagined – dangers for all firms with insecure IT networks.  For example, in July 2012, General Keith Alexander director of the NSA announced that up to $1 trillion in cybercrime damage was done globally each year.  This figure was later debunked.80 Yet determined hackers – both domestic and foreign – can and will compromise trade secrets and other proprietary assets typically without being caught.  Because a lot of theft and digital espionage goes left unnoticed it is very difficult to guess how much damage cybercrimes create.81 However in September 2012, Symantec released arguably one of the most extensive studies related to cybercrime and estimated the damage to be $110 billion a year globally.8283

How does cybercrime affect China, Chinese business and foreigners doing business in China?

In March 2012, Businessweek published a widely circulated report about corporate espionage of a US wind turbine supplier (AMSC) conducted by its Chinese client, Sinovel.84 In short, while AMSC attempted to isolate its trade secrets and proprietary software code outside of China (using an ‘air gapped’ facility), Sinovel still managed to use social engineering (e.g., bribery) to lure one of AMSC’s key Austrian-based programmers to China.  An ‘air gapped’ facility in their case meant the proprietary code – “secret sauce” – was only accessible at a workstation that was not connected to the internet.85 Using the ‘defense in depth’ IT security strategy (e.g., multiple firewalls and secure zones nested within one another) AMSC purposefully built this facility with the sole intention of building a physically isolated silo that could not be easily compromised.  While the case is still being fought in court, this is not an isolated instance.86 According to Akamai, a leading content-delivery network provider, in Q3 2012 one third of all cyberattacks originated from China (the US was second with 13%).87 All told, since 2007 the FBI and the Justice Department have opened more than two dozen cases involving trade secret, economic espionage and embargo circumvention restrictions involving Chinese contractors and individuals.88

One solution – a drastic solution – was detailed by the Washington Post in 2011.89 They interviewed several American executives who frequently traveled between the US and China each year for a variety of meetings.  A few of the executives had a straight forward security solution: buy a new iPad before flying to China, download all of the needed information from the cloud and then never use it again (e.g., throw it away).  Another simple low-tech, yet increasingly popular solution is to simply no longer provide external media outlets like a USB in a terminal with access to sensitive information.  In fact, in some IT security circles, one nickname for the USB is now “Ubiquitous Security Backdoor” due to this chronic problem – the ease in which sensitive information can be removed with a flash drive or in which malware can be conveniently installed, such as Stuxnet and Flame.909192

But what if the hackers simply move and setup shop overseas in your hometown?  In May 2010, NetworkWorld ran a story about an ongoing espionage attempt by unknown Chinese operators and a large US firm in the Midwest.93 Similarly, according to a recent Bloomberg story, right before its attempted $2.4 billion acquisition of Huiyuan Juice Group fell through, Coca-Cola was hacked in 2009 by a Chinese hacker group dubbed Comment Crew.949596 While it is unclear whether either of the espionage activities was successful, the threat of domestic and foreign hacking should motivate your company into proactive risk assessment – even if it does not plan to operate overseas.

Yet it is not just US firms that are on the losing end of cybercrime.  According to the same McAfee study above, malware and phishing attacks cost Chinese consumers $46 billion in 2011, twice as much as the US.97 The Ministry of Information Technology and Industry published a report that said “in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.”98 In fact, according to the Anti-Phishing Alliance of China (APAC) between January and November 2012 there were 24,535 phishing websites and scams targeted specifically at China’s online populace.99 In addition, in just a matter of weeks into 2013, a new virus called “Bill Shocker” has already impacted 620,000 users in China targeting the popular QQ messenger (see Chapter 12).100 In another instance, there was a 47% month-to-month phishing surge during Single’s Day (11-11) in November 2012.  This is the biggest online shopping day of the year as mentioned in the previous chapter.  Furthermore, Rising Information Technology, a web security company located in Beijing, estimated in a January 2013 report that nearly 200,000 Chinese websites were hacked in 2011 and at least 60% “of the attacks targeting China’s large companies, government, and scientific research institutions come from overseas.”101 According to Rising’s report, because Internet security typically is overlooked “[a] growing number of Chinese companies are turning to overseas Web security companies for protection, a move which still leaves them vulnerable to attacks.”

However with these challenges come opportunities for foreign security experts such as David Veksler, CEO of CryptAByte based in Shanghai.102 In October 2012 I had a chance to talk with him regarding some of the key opportunities in China’s nascent security industry.  He noted that “Chinese companies and foreign firms doing business on the mainland are equally in need of information protection.  Since retooling and retraining in business is increasingly based on software, losing proprietary information and trade secrets to any competitor, irrespective of physical location, can lead to losing your competitive advantage in innovation.”  Later in Chapter 20 he explains several other challenges and opportunities, but according to him, there are numerous possibilities for security experts since SMEs on the mainland are typically unaware of IT vulnerabilities such as zero-day exploits.  Zero-day exploits (or day zero) are threats and attacks that take place on the first days of a discovered vulnerability, before a developer patches the hole(s).  Thus according to Veksler, security consultants can help train mainland-based IT departments on ‘best practices’ and preventive measures that Western firms have learned the hard way with.

How does this work in practice?  For example, the world economy is shifting from capital intensive retooling which typically involved heavy machinery, to rapid prototypers and 3D printers (see Chapter 7).  This means that capital tools are now software.  Thus if you want to steal a new factory in the 21st century, all you really need to do is pilfer software.  As a consequence, the theft of entire industries could conceivably take place, allowing perpetrators to simply take the data to the cheapest country (e.g., based on land and labor costs) and eat into the marketshare of the original innovator.

This cloak-and-dagger industrial espionage is in Veskler’s words, “actually becoming a prime motivator for innovation.  While competitors could learn trade secrets through hiring former employees or reverse engineering, because you are never quite sure if someone has hacked into your systems or used social engineering – like Kevin Mitnick did – to gain access to proprietary information, every incumbent must now continually innovate.  Otherwise their competition could use a stealth startup and out-maneuver you with your own confidential information.”  In economic theory, when a firm is successful it sends profit signals out to the marketplace (e.g., by satisfying consumer demand you become profitable and other participants take notice).  As a consequence, because the firm realizes it will eventually draw competition with these “signals of success” it has to always keep striving to improve and innovate.

Kevin Mitnick was a hacker in the 1980s who used social engineering (e.g., manipulating secretaries to give him secure access) to compromise corporate networks such as DEC and Motorola.103 Samuel Slater, known as the father of the Industrial Revolution in the US, was born in the UK.  He was an originally an apprentice at a cotton mill based on Richard Arkwright’s design near Cromford Mill in England.  When he immigrated to the US, he later used a design similar to Arkwright’s to kick-start the American Industrial Revolution.  This a common risk noted Kent Kedl of the consultancy Control Risks, who recently told The Economist that, “The easiest way to get intellectual property from a firm is by buying or renting an employee inside it.”104 Thus, a stealth startup today could conceivably appropriate proprietary information (e.g., CAD models, engineering designs) via social engineering, hiring or hacking, build a warehouse in a developing country where resources costs are relatively low, and fill the warehouse with 3D printers.  Then in turn, export the products to world markets.  Some of the practical issues involving VPNs for corporate environments, such as preventing industrial espionage, are discussed later in Chapter 20 as well.105

During my February 2013 interview with Shaun Rein, founder of China Market Research, he noted that “for any company in the world, internet security is an increasingly important issue.  And especially in China I think a lot of MNCs are continuously worried about protecting IP.  As a matter of fact, our firm recently received an RFP [Request for Proposal] from a very large internet company building a marketing expansion strategy on the mainland.  As part of the proposal we are supposed to disclose our firm’s security issues to make sure we are a reliable partner to work with.  In other words, to prevent any proprietary information from being leaked by a vendor they are modifying their risk management to hedge against the possibility of being hacked.  The flip side of this is that there are currently no large barriers to entry for doing internet security consulting because the government is very supportive of intellectual property transfers at this level.  At the same time, it may be more difficult selling antivirus software directly because then you would be competing with domestic forces and local firms like Kingsoft.  But services such as IT security are quite open.”

In January 2013, internet giant Baidu announced that it was investing in Kingsoft, makers of antivirus software (and an office productivity suite).106107 At the beginning of this year, several media outlets such as Businessweek have released additional reports covering Comment Crew (see above), also known as ATP1 (which may be the same as PLA Unit 61398) which has purportedly hacked into nearly 150 companies and organizations in more than a dozen countries over a period of 7 years bringing this IT security issue to the attention of more stakeholders such as MNCs.108

And with all of these local and international security issues laid bare, for another perspective one should also consider the comments from General Electric Vice Chairman, John Rice who recently explained that, “Despite hacking and other issues in China, foreign companies need to be there, due to the country’s potential as the world’s biggest marketplace.  The greater risk lies in staying away.”109 Without going into details, GE is purportedly “improving how it handles threats to its information.”  Thus eternal electronic vigilance may be the new normal but it is something that your competitors (both domestic and foreign) will probably have to overcome as well.

Takeaway: The software development, IT support and security services industry is both alive and growing at a fast pace in China.  US firms relying on traditional revenue models such as selling shrink wrap packaging will need to modify their business model for entry into China.  This may come in the form of cloud computing and software-as-a-service.  Yet either way their expertise and quality management – even at higher costs – are still marketable within China.  In addition, US firms specializing in developing apps have yet another revenue stream they can tap into if they are able to modify and translate their applications for Chinese consumption – the world’s 2nd largest app market.  Furthermore, IT security firms also have potential opportunities to secure and optimize the networks of Chinese enterprises and SMEs whom suffer billions in economic losses each year.


Endnotes:

  1. Software outsourcing on upward curve from China Daily []
  2. Chinese Software Industry to Grow 25% Through 2016: Report from eWeek []
  3. Indian IT-BPO Industry from NASSCOM []
  4. Ibid []
  5. 5 Reasons Why China Will Dominate Business Process Outsourcing from Right Site []
  6. China, not PH, eroding India’s BPO leadership, says consulting firm from InterAksyon []
  7. See The Emerging Market of China’s Computer Industry by Jeff Zhang and Yan Wang and Chinese software, IT revenue to touch $635bn from Times of India []
  8. Software Industry Facts and Figures from Business Software Alliance []
  9. Global Software Top 100 Edition 2011: The Highlights from Software Top 100 []
  10. See Pro-Emfatic and Pro-Lambda Software []
  11. Kingsoft Boasts Over 50 Million Monthly Active WPS Users from China Tech News []
  12. Baidu Invests in Kingsoft, Moves Into Web Security, Qihoo’s CEO Calls it a “Big Joke” from Tech in Asia []
  13. See Train ticketing software highlights China’s innovation paradox from Xinhua and China Train Ticket Site Cost Nearly $100 Million, Seems to Be Harassing Programmers, And Might Be Broken Again from Tech in Asia []
  14. Rubber chickens, ostrich heads ease China’s rough ride home from Reuters []
  15. Chinese man kept alive by self-built dialysis machine from The Telegraph []
  16. Economist: China Plenty Creative, Just Not in Right Ways from The Wall Street Journal []
  17. Why China Can’t Make Its Own Mobile OS from Tech In Asia []
  18. It is a cultural characteristic of many regions in East Asia.  For example, the Japanese equivalent is 出る杭は打たれる. []
  19. See also hackerspaces in Chapter 7.  See Bandit phone king has the last laugh from Financial Times, Imitation Is the Sincerest Form of Rebellion in China from The Wall Street Journal and In China, Knockoff Cellphones Are a Hit from The New York Times []
  20. Number’s up for fake cell phones from Shanghai Daily []
  21. Chinese Companies Getting Good at Attracting Talent from The Wall Street Journal []
  22. The economic term for short versus long-term time horizons is “time preference.” See Chapter 18 in Human Action by Ludwig von Mises. []
  23. Similarly, Hearst president David Carey recently noted that Apple and Steve Jobs “taught people how to buy digital content.”  See Hearst president David Carey: Apple taught people ‘how to buy digital content’ from Engadget []
  24. SRForce []
  25. Microsoft’s newest weapon in China piracy fight from Reuters and Report: China’s software piracy rate falls to new low — of 77% from ZDNet []
  26. To combat piracy of Windows 8 in China, Microsoft will not sell a shrink wrapped package – users can only get it pre-installed by OEMs or by downloading it.  With the release of Office 2013 on the mainland, consumers can still purchase traditional packages via Microsoft’s online store.  See Microsoft Cancels Packaged Windows 8 For Chinese Market from China Tech News and Microsoft Commences Office 2013 Software Sales In China from China Tech News []
  27. One other partnership area could be to pursue a joint-venture such as the kind that Microsoft and Suning (a large mainland retailer) have recently announced.  See Suning, Microsoft Ink Multipart Retail Deal For China from China Tech News []
  28. Cloud computing investment ‘to hit $1b’ from China Daily []
  29. Ministry to set up cloud computing data centers from China Daily []
  30. Ibid []
  31. Tech Bytes: 4 Billion Yuan from China Daily []
  32. China’s 360buy.com Launches Cloud Computing R&D Center In Beijing from China Tech News []
  33. Baidu Shares Plunge on Worries over Mobile Monetization from Caijing []
  34. EMC China’s Growth Focuses On Big Data, Cloud Computing from China Tech News []
  35. Cloudy Days Ahead As Big Data Comes To Chinese Meteorological Administration from China Tech News []
  36. Cloud-based Network Security Suite Launched By Kyocera In China from China Tech News []
  37. Alibaba’s Cloud Computing Platform Combines Storage Services from China Tech News []
  38. Amazon’s cloud service aborted in China, launch of Kindle delayed from Morning Whistle []
  39. Gartner Says Worldwide Software-as-a-Service Revenue to Reach $14.5 Billion in 2012 from Gartner []
  40. Tech Support Industry Webcast Will Examine Opportunities in $9 Billion Market from Parks Associates []
  41. It is highly recommended that game developers and digital entrepreneurs read Digital Game Design for Elderly Users from Association for Computing Machinery.  The study noted a similar finding, including one that I also point out: “the growing 65+ demographic is currently not well served by the majority of commercial games on the market, creating a significant potential niche market for game developers.” []
  42. China’s smartphone market grows 164%, Apple’s iOS takes 17.3% from Apple Insider []
  43. Report: Android Rises to 90% of Smartphone Market in China from Tech In Asia []
  44. Gartner has published two others estimates which put Android marketshare globally at 68.4% in 2012 compared with 19.4% for iOS and later with Android at 69.7% and iOS at 20.9%.  See Strategy Analytics: Android claimed 70 percent of world smartphone share in Q4 2012 from Engadget, Gartner Says Worldwide Sales of Mobile Phones Declined 3 Percent in Third Quarter of 2012; Smartphone Sales Increased 47 Percent from Gartner and Gartner Says Worldwide Mobile Phone Sales Declined 1.7 Percent in 2012 from Gartner []
  45. See Android is winning – if you’re writing apps for China. Elsewhere, though… from The Guardian and Alternative app stores and platform branches: Is Android too open? from Android Authority []
  46. After North Korea trip, Google’s Eric Schmidt swings by China to woo Android developers from The Next Web []
  47. Google is beginning to try and take action to purportedly prevent further fractures and forking of the Android ecosystem.  See The Acer/Google/Alibaba tussle: It’s not about open Android from ZDNet and Acer Apparently Reconciles With Google from Forbes []
  48. While there has been a lot of discussion over the past year over whether or not it is profitable for developers to make Android apps for the Chinese marketplace, there is at least one success story that could be used as a case study: CocoaChina which makes a popular game called Fishing Joy.  See How CocoaChina proved it’s possible to make money on Android in China (to the tune of $2m a month) from The Next Web []
  49. See 80% of Android phones in China will have its default search set to Baidu from The Next Web and Android Takes Off in China, But Google Has Little to Show for It from Forbes []
  50. See Table 3, p. 9 China Gaming Market End-User Survey, 2010 from IDC []
  51. Nearly half of American adults are smartphone owners from PewInternet []
  52. Vintage PC Video Games Still Thrive in World of App from Nielsen []
  53. The Data Digest: Digital Seniors from Forrester []
  54. While unrelated to gaming see also, For the first time, half of adults ages 65 and older are online from PewInternet []
  55. Gamers in a sample size of 29,392.  Online chess gamers in a sample size of 3,050.  Mobile gamers in a sample size of 1,519.  See China Gaming Market End-User Survey, 2010 from IDC []
  56. Internet gaming: ‘A winning gamble’ from China Daily []
  57. Mobile payments are also expected to rise markedly over the next 3-5 years, hitting $112 billion by 2015.  According to Alipay (the largest domestic online payment service), in 2012 the number of people who used mobile payment increased by 223% and “over 4.3 million people spent more money via mobile phones than PCs.”  See China’s Mobile Payments Will Reach Over CNY700 Billion By 2015 from China Tech News and China’s Alipay Reported 546% Wireless Payment Growth In 2012; Tibetan City Tops Ranking from China Tech News []
  58. Revenue hit $38 billion in 2012 and is expected to reach $44 billion in 2013.  See Rolexes Pawned in Macau Signal Further Gains for Casinos from Bloomberg, Macau gaming revenues hit $33.5 billion in 2011, no slowing seen from Las Vegas Review-Journal, Broken Tooth and New Macau from Foreign Policy and Door is about to slam shut on high-rolling holidays to Macau from The Times []
  59. Despite initial reports that suggested a new pilot program was starting at a casino in Sanya, Hainan province (called Jesters), gambling on the mainland is currently banned.  Macau is the only nearby domicile where this is allowed.  Mainland residents must still apply for an entry visa in order to travel to Macau and are typically only allowed to visit it a few times a year.  There are exceptions, for example, if you live nearby in certain cities of Guangdong or if you have relatives living in the SAR.  See Sanya Says It Never Licensed Any Form of Gambling Activities from Caijing, Chinese authorities close cashless casino bar in island resort from Reuters, Macau Casinos Decline on Visa, Credit Limit Concerns from Bloomberg, Macau’s Casino Revenue Reaches Record After Holiday Week from Bloomberg and China Tightens Reins on Macau from Bloomberg []
  60. See For App Makers, China Is Untapped and Untamed from The Wall Street Journal and China: lots of three kingdoms, not enough Angry Birds from Financial Times []
  61. Rovio announces Angry Birds book app: Live from Frankfurt Book Fair from paidContent and Bad Piggies and Angry Birds Hit the Road in China, Turn Shanghai Skyline Green from Tech In Asia []
  62. According to Distimo, “Applications with Chinese as a language in the top 200 were responsible for the largest share of the free downloads in China at 73 percent. English was responsible for only 69 percent of the free downloads among the top 200 in China.” See App Distribution Becomes A Global Game: The Shift Of Power & Impact For Developers from Distimo []
  63. Apple Opens Chinese App Store from The Wall Street Journal []
  64. China Now Apple App Store’s Second Biggest Market from PcMag []
  65. Apple’s App Store made big gains in China in 2011 from GigaOm []
  66. In a January 2013 interview, Apple CEO Tim Cook predicted that China will become the biggest market overall for Apple.  See iPhone 5 launch results in new weekend record for Chinese market from ArsTechinca, Tim Cook: China Accounts for 15% of Apple’s Sales, Will Get iPhone 5 in December from Tech In Asia and iPhone 5 hits China as Apple market share slips from Reuters, Interview: Apple CEO expects China to become biggest market from Xinhua and Apple’s China dilemma: market share or cachet? from Reuters []
  67. Apple is also opening up an R&D center in Shanghai.  See Apple courting Chinese developers to strengthen iOS in China from ArsTechnica and Apple Shanghai R&D center confirmed for summer 2013 from Apple Insider []
  68. See China Has 70 Android App Stores, But That Could Soon Whittle Down To 10 from paidContent and For App Makers, China Is Untapped and Untamed from The Wall Street Journal []
  69. One problem with this fragmentation is that applying security patches is a much longer process and sometimes never occurs, leaving consumers open to fraud schemes such as ‘smishing’ (sending phony text messages).  See ‘Fragmentation’ leaves Android phones vulnerable to hackers, scammers from The Washington Post []
  70. Far-Ranging Support for Google’s China Move from The New York Times []
  71. China Cripples Android With Fitful Blocks of Gmail, Market Apps from paidContent []
  72. Similar blockages have occurred in November during the leadership transition.  Readers may be interested in the developments with GitHub as well.  See What is going on with GMail in China, and how to get around from GreatFire and China, GitHub and the man-in-the-middle from GreatFire []
  73. Google Finally Leads in China – in App Ad Sales from Bloomberg []
  74. Google decline in China continues as its search share falls to 4th place, maps to 6th from The Next Web []
  75. Google Still Does $640 Million In Annual Revenue In China from Forbes []
  76. China Search Engine Market Share in 2012 from China Internet Watch []
  77. According to one recent report, sometime at the beginning of December 2012 Google acquiesced and removed “a feature which had previously informed users from China of censored keywords” and “at the same time, they deleted the help article which explained how to use the feature.”  Yet according to another source “the opportunity to capitulate was lost forever when Google gave the middle finger and left.”  See Google Bows Down To Chinese Government On Censorship from GreatFire.org and Mr Kim, tear down that wall; Mr Xi, carry on from The Economist []
  78. Mila from coresystems can be downloaded from Google Play and Apple’s App Store (WoStore is China Unicom’s equivalent []
  79. China Unicom has its own marketing channel which Mila uses. []
  80. Does Cybercrime Really Cost $1 Trillion? from ProPublica []
  81. Pentagon Warns: ‘Pervasive’ Industrial Spying Targets U.S. Space Tech from Wired []
  82. In February 2013 Microsoft researchers published a report discussing reasons and variables for why certain geographic regions and areas are more or less prone to cybersecurity holes and abuse.  Unsurprisingly economic stages of development played a big role (e.g., wealthy countries have lower rates of malware infection compared with developing countries).  See Wealthy Countries Better At Protecting Citizens…From Malware from The Security Ledger []
  83. 2012 Norton Study: Consumer Cybercrime Estimated at $110 Billion Annually from Symantec []
  84. China Corporate Espionage Boom Knocks Wind Out of U.S. Companies from BusinessWeek []
  85. FAA: Boeing’s New 787 May Be Vulnerable to Hacker Attack from Wired []
  86. China Court to Weigh Corporate-Spy Case from The Wall Street Journal []
  87. China Source of Most CyberAttacks, Says Akamai from PC Magazine []
  88. Summary of Major U.S. Export Enforcement, Economic Espionage, Trade Secret and Embargo-Related Criminal Cases from Department of Justice []
  89. In China, business travelers take extreme precautions to avoid cyber-espionage from Washington Post []
  90. Ubiquitous Security Backdoor from SANS Institute []
  91. This security issue is not endemic to China.  For example, over the past two years, a school in Virginia and a hospital in Oregon accidentally lost USB drives which contained sensitive information.  See OHSU says stolen USB drive contained some patient data from KATU and Students’ personal data exposed after USB drive stolen from SOPHOS []
  92. See Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload from Wired and Resource 207: Kaspersky Lab Research Proves that Stuxnet and Flame Developers are Connected from Kaspersky Lab []
  93. See Black duck eggs and other secrets of Chinese hackers from NetworkWorld and Michigan Couple Stole GM Secrets for Chinese, U.S. Says from Bloomberg []
  94. Coke Gets Hacked And Doesn’t Tell Anyone from Bloomberg []
  95. Comment Crew (also known as APT1) is also suspected of hacking into other firms (both foreign and domestic) including a high-profile case involving Solid Oak Software, a California-based firm that specializing in developing internet filtering software.  Two other large hacking organizations are the collective known as ‘Beijing Group’ and the PLA’s Unit 61398 whom are suspected of conducting economic espionage (APT1 and 61398 may be one in the same).  See China Mafia-Style Hack Attack Drives California Firm to Brink from Bloomberg, A Chinese Hacker’s Identity Unmasked from Businessweek, Mandiant, the Go-To Security Firm for Cyber-Espionage Attacks from Businessweek and Mandiat APT1 Report from Mandiat []
  96. The New York Times has repeatedly been hacked since October 2012 as have the servers of The Wall Street Journal and The Washinton Post as well.  The perpetrators of all three are purportedly located in China.  See Hackers in China Attacked The Times for Last 4 Months from The New York Times, Chinese Hackers Targeted Wall Street Journal Computers from The Wall Street Journal, The People’s Republic of Hacking from Foreign Policy, A Chinese Hacker’s Identity Unmasked from Businessweek and Chinese hackers suspected in attack on The Post’s computers from The Washington Post []
  97. Chinese lost US$46 billion to cybercrime last year from Shanghai Daily []
  98. U.S. Ready to Strike Back Against China Cyberattacks from Associated Press []
  99. Phishing scams target China’s growing online population from Xinhua []
  100. Malware controls 620,000 phones, sends costly messages from Help Net Security []
  101. Nation under increasing threat from hackers from China Daily []
  102. CryptAByte []
  103. See The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick and Takedown: The Pursuit and Capture of Kevin Mitnick by Tsutomu Shimomura []
  104. Who needs cyber-spying? from The Economist []
  105. Domestic Chinese firms are also investing into this segment.  See Baidu Invests in Kingsoft, Moves Into Web Security, Qihoo’s CEO Calls it a “Big Joke” from Tech in Asia []
  106. Baidu Invests in Kingsoft, Moves Into Web Security, Qihoo’s CEO Calls it a “Big Joke” from Tech In Asia []
  107. In 2002, foreign firms such as Symantec, Trend Micro and Network Associates were required to give code samples (e.g., viruses, rogue wiretaps) to the security ministry in order to receive approval for access to the mainland consumer market.  In addition to Kingsoft, domestic firms now include Qihoo 360 and Rising.  As of Q3 2012, Qihoo 360 had 442 million monthly active users and the enterprise version reached 420,000 users (representing millions of computers).  See China Is Asking Software Firms To Provide Samples of Viruses from The Wall Street Journal and Qihoo 360 Acquires Chinese Web Log Analysis Platform from China Tech News []
  108. See A Chinese Hacker’s Identity Unmasked from Businessweek, Mandiant, the Go-To Security Firm for Cyber-Espionage Attacks from Businessweek and Mandiat APT1 Report from Mandiat []
  109. Being in China Is Less Risky Than Not Being There from The Wall Street Journal []