We Need More Alternatives to Facebook

About 10 years after TVs began to be ubiquitous in American homes, television broadcasting was a staggering financial success. As the head of the Federal Communications Commission observed in a 1961 speech to broadcast executives, the industry’s revenue, more than $1 billion a year, was rising 9 percent annually, even in a recession. The problem, the FCC chairman told the group, was the way the business was making money: not by serving the public interest above all but by airing a lot of dumb shows and “cajoling and offending” commercials. “When television is bad, nothing is worse,” he said.

That speech would become known for the pejorative that the FCC chairman, Newton Minow, used to describe TV: he called it “a vast wasteland.” It’s a great line, but there are other reasons to revisit the speech now, about 10 years after the emergence of another communications service—Facebook—that has become ubiquitous in American homes, a staggering financial success, and a transmitter of a lot of pernicious schlock. What’s striking today is why Minow said the vast-wasteland problem mattered—and what he wanted to do about it.

Personal note: Unfortunately, pop culture is characterized by dumb shows and other meaningless stuff. No exception.

As for why it mattered, Minow told the TV executives:

“Your industry possesses the most powerful voice in America. It has an inescapable duty to make that voice ring with intelligence and with leadership. In a few years, this exciting industry has grown from a novelty to an instrument of overwhelming impact on the American people. It should be making ready for the kind of leadership that newspapers and magazines assumed years ago, to make our people aware of their world.”


On that point in particular, Mark Zuckerberg apparently would agree. “Are we building the world we all want?” he wrote in February, in a 5,700-word manifesto that reflected on the sometimes dubious role Facebook has been playing in civic life. Referring to its propensity to turbocharge hoaxes and to the way it tends to make news feel sensational, he wrote that Facebook’s goal “must be to help people see a more complete picture” of the world.

But how to make a mass communication medium better for us? In 1961, Minow had a clear answer: “I believe that most of television’s problems stem from lack of competition.” He said he looked forward to seeing more channels becoming available through new technologies, such as UHF frequencies, pay TV, and international broadcasts. And he said he would look for ways to strengthen local stations that could best serve local communities. “I am deeply concerned with concentration of power in the hands of the networks,” Minow said.

That’s where Mark Zuckerberg would probably get a little uncomfortable. Because Facebook is all about concentrating power in one network—his, which he calls “a global community.” If in reality Facebook tends to promote polarization and tribalism, Zuckerberg seems to believe that can be fixed with a few tweaks. In his February letter he said Facebook would try to reduce sensationalism on the site and take other steps to help make people better informed and more engaged in democracy.

Zuckerberg doubtless means well, but the problem is not that we need a slightly better Facebook. It’s that Facebook—a company worth $400 billion because it vacuums up information about our tastes, our shopping habits, our political beliefs, and just about anything else you might think of—is too powerful in the first place. What we need is to spend less time on Facebook.


In his February letter, Zuckerberg essentially acknowledged what was obvious to anyone who had a Facebook account during the 2016 election: the social network has not exactly enhanced our democracy. The News Feed, the main scroll of posts that you see when you open Facebook, fueled hoaxes (which were overwhelmingly “tilted in favor” of Donald Trump, according to an analysis by Hunt Allcott of New York University and Matthew Gentzkow at Stanford), and it overfed people stories and memes that fit preconceived notions. On social media, “resonant messages get amplified many times,” Zuckerberg wrote. “This rewards simplicity and discourages nuance. At its best, this focuses messages and exposes people to different ideas. At its worst, it oversimplifies important topics and pushes us towards extremes.”

To try to counteract the fake-news problem, Facebook is now flagging hoax stories that are shared on the site with a warning that third-party fact checkers have declared them to be false. And in hopes of promulgating fewer stories that are apparently true but nonetheless uninformative, the company has adjusted the News Feed to give more weight to stories that people share after reading (or at least opening) them, rather than the ones they share after only seeing the headlines. The thinking is that a story shared largely based on the headline alone is less likely to be what Zuckerberg calls “good in-depth content.”

Good for Facebook for trying these strategies. They fit with other civic-minded steps the company has taken in the past, such as encouraging people to vote and urging them to donate to the victims of floods and earthquakes. But the latest efforts probably won’t do much to help create what Zuckerberg calls a more “informed community.” The structure of Facebook works against that.

Facebook is fundamentally not a network of ideas. It’s a network of people. And though it has two billion active users every month, you can’t just start trading insights with all of them. As Facebook advises, your Facebook friends are generally people you already know in real life. That makes it more likely, not less, to stimulate homogeneity of thought. You can encounter strangers if you join groups that interest you, but those people’s posts are not necessarily going to get much airtime in your News Feed. The News Feed is engineered to show you things you probably will want to click on. It exists to keep you happy to be on Facebook and coming back many times a day, which by its nature means it is going to favor emotional and sensational stories.

Why else would Facebook be increasing the prominence of video? In fact, one of its executives has suggested that within a few years the News Feed could be “all video.” Surely some of the videos you’ll see on Facebook will be in-depth documentaries, live feeds from news events, and other substantive material. But in general, showing us much more video from around the Internet does not feel like a way to promote more reasoned discourse.

As Zuckerberg himself noted in his February letter, most of what people come to Facebook for is ultimately social—“friends sharing jokes and families staying in touch across cities,” or people finding support groups for everything from parenting to coping with a disease. For Facebook to be all that as well as a modern-day agora, a place of enlightened civic and political engagement, seems like a mismatch.

If you need a reminder that Facebook’s primary reason for existence is not to enlighten you, consider the fact that the company catalogues a huge amount of information about you.

The behavior is not surprising—Zuckerberg claimed years ago that privacy was no longer a social norm—but the scale still astonishes. Last summer the Washington Post listed 98 of the data points that Facebook captures about its users. For example, by cross-referencing your behavior on Facebook with files maintained by third-party data brokers, the company gathers data on your income, your net worth, your home’s value, your lines of credit, whether you have donated to charity, whether you listen to the radio, and whether you buy over-the-counter allergy medicine. It does this so that it can give companies an unprecedented ability to post ads that are presumably likelier to appeal to you. (I asked Facebook whether anything has changed to make the Post’s report no longer accurate; the company had no comment.)

This system may or may not work for advertisers, but it works very well for Facebook, which chalked up a net income of $10 billion on $28 billion in revenue last year. Does it work well for us? As Sue Halpern wrote in the New York Review of Books, the services that we get from Facebook are requiring us to give up something that is very hard to ever get back:

Many of us have been concerned about digital overreach by our governments, especially after the Snowden revelations. But the consumerist impulse that feeds the promiscuous divulgence of personal information similarly threatens our rights as individuals and our collective welfare. Indeed, it may be more threatening, as we mindlessly trade ninety-eight degrees of freedom for a bunch of stuff we have been mesmerized into thinking costs us nothing.

When you look at Facebook that way, it’s hard to root for the company to find ways to be a platform for more civic engagement. In fact, unless we think people should be required to shoulder whatever privacy costs Facebook decides to impose, it probably should not be the main place we go to find groups that, in Zuckerberg’s words, “support our personal, emotional, and spiritual needs.” Ideally, people would be able to form robust online communities and engage in the public square without letting any single company build a comprehensive dossier on them.

Lots of niches

What if we followed Minow’s reasoning with TV in 1961 and decided that we ought to have many more powerful networks for disseminating ideas and shaping public discussions?

The first step would be to acknowledge that even with the seemingly limitless competition that already exists on the Internet, Facebook has an outsize role in our society. Sixty-eight percent of all American adults use it, according to the Pew Research Center. That compares with 28 percent for Instagram (also owned by Facebook), 26 percent for Pinterest, 25 percent for LinkedIn, and 21 percent for Twitter. And none of these other sites aspire to be as many things to as many people as Facebook does.

One of the interesting things about Minow’s “vast wasteland” speech is that his encouragement of more competition helped inspire the expansion of public broadcasting in the United States. And perhaps it’s time for similar efforts today, to support more varieties of social media.

These noncommercial alternatives would not have to be funded by the government (which is fortunate, given that government funding for public media such as PBS is in doubt these days). Ralph Engelman, a media historian at Long Island University who wrote Public Radio and Television in America: A Political History, points out that the creation of public broadcasting was led by—and partially funded by—prominent nonprofit groups such as the Ford and Carnegie Foundations. In the past few years, several nonprofit journalism outlets such as ProPublica have sprung up; perhaps now their backers and other foundations could do more to ensure the existence of more avenues for such work to be read and shared.

High-minded alternatives to Facebook have been introduced before. A now-defunct discussion site called Gather once got investment from American Public Media, a producer of public-radio programs. Among the platforms that still exist, Diaspora gives people ways to socialize without relinquishing control of their data. Parlio, now owned by Quora, was cofounded by a leading figure from the Arab Spring in Egypt to promote online discussions with “thoughtfulness, civility, and diversity.” But we still could use more options that collectively counteract Facebook’s enormous reach and influence and bring out more of social media’s most constructive qualities—the way it connects us to far-flung people, information, and ideas.

Because noncommercial alternatives would be free of the imperative to capture as much information about your interests as possible, they’d be likelier to experiment with new ways of stimulating interactions between people. Maybe they would do away with the News Feed model that rewards virality more than importance. Perhaps some would be more reliant on algorithms to serve up stories and ideas, while others would rely on human curators to elevate discussion and eliminate abuse by booting trolls or deleting hoaxes.

Competitors to Facebook that harnessed the powers of social media only in an effort to make us wiser would probably be niche services, like National Public Radio and PBS. “Most people aren’t that fussy,” says Jack Mitchell, a journalism professor at the University of Wisconsin and the author of Listener Supported: The Culture and History of Public Radio. “PBS’s market share is not that high. Public radio is a little higher. It’s a minority taste.”

But having many more niche alternatives to Facebook could be exactly what we need. Even if none stole a significant chunk of Facebook’s users, it might be enough to remind people that even as Facebook becomes more powerful than ever—rolling up massive profits and preparing to beam down Internet access to offline corners of the globe—other options are possible, and vital.

Why are we finally now in what’s often called a golden age of television, with culturally influential, sophisticated shows that don’t insult our intelligence? It’s not because broadcasters stopped airing schlock. It’s because the audience is more fragmented than ever—thanks to the rise of public broadcasting and cable TV and streaming services and many other challenges to big networks. It required a flourishing of choices rather than a reliance on those huge networks to become better versions of themselves. As Zuckerberg wrote in February, “History has had many moments like today.”



Uber CEO Travis Kalanick has resigned due to investor pressure, and a search for a new leader is on

Uber CEO Travis Kalanick has resigned in response to demands from key investors for a change in leadership, Recode has confirmed.

 It’s about time.

Kalanick had become a giant liability to the car-hailing company for a growing number of reasons, from sketchy business practices to troubling lawsuits to a basic management situation that was akin to really toxic goat rodeo.

Thus, he had to go, even though some sources said he had the voting power to stay.

But big investors also have leverage and a big enough group of them joined to use it. Those investors include Benchmark, Fidelity and Menlo Ventures, all of whom sent Kalanick a joint letter called “Moving Uber Forward” on Tuesday afternoon. Interestingly, Google Ventures was not among the group, even though its parent company Alphabet is now in a major lawsuit with Uber over the alleged theft of self-driving car technology from its Waymo unit.

While a lot of the focus at Uber has been on pervasive sexism and sexual harassment — due to an explosive blog post by former Uber engineer Susan Fowler (kudos to her, by the way) — many think the Waymo litigation is a bigger threat to Uber.

Uber will now be searching for a new leader to replace Kalanick, which should greatly widen the pool of candidates from its COO search — many of those people did not want to be the No. 2 to the volatile Kalanick. Among the names who had been considered: Former Disney COO Tom Staggs, CVS’ Helena Foulkes and a range of media and transportation execs.

In addition, many expect Uber will need to raise more cash soon. It has already raised over $12 billion at a nearly $70 billion valuation, but it has heavily spent to expand globally and loses enormous amounts of money in the process.

Now, it will have to move on without key employees like Kalanick and his closest confidante Emil Michael, who was also forced to resign last week. Uber also does not have a CFO, CMO, head of engineering and attrition is increasing dramatically with all the scandals and investigations.

In a statement Kalanick provided to the New York Times, he wrote “I love Uber more than anything in the world and at this difficult moment in my personal life I have accepted the investors’ request to step aside so that Uber can go back to building rather than be distracted with another fight.”

Fights that Kalanick largely started, an unfortunate attribute of his pugnacious leadership style.

But Kalanick has yet to tell Uber employees about his departure, which seems to put a perfectly awful end point to his rocky tenure.

Uber confirmed the resignation, and the company’s board issued a statement that said, in part: “Travis has always put Uber first. This is a bold decision and a sign of his devotion and love for Uber.” (For those who don’t speak fluent tech director, there are four things in those two sentences that are not true.)

That board includes Benchmark’s Bill Gurley, who had grown weary of the growing range of troubles at the company, and of Kalanick.

Still, Gurley managed to dance the classic Silicon Valley two-step when he tweeted tonight about Kalanick. (For those who do not know it — you kill someone far later than you should have and then praise them.)

Kalanick’s supporters on the board included Arianna Huffington and Uber co-founder Garrett Camp.

Whether there will be a board shake-up due to the Kalanick departure is also a good question to ask right about now. That is because, in the end, the entire board of Uber has been complicit in this mess that has manifested itself over years. The directors coddled Kalanick’s antics — part of a founder-above-all ethos in tech — and looked the other way as evidence of trouble continued to grow.

Kalanick announced that he was taking a leave of absence last week, as the company revealed the findings of an investigation into what many call a broken culture and a deeply dysfunctional management. Kalanick — who wrote in an email to staff announcing his leave that he intended to return to the company as “Travis 2.0” — will remain on the board of the company.

Many inside and outside the company did not agree with this move, noting the many legal and ethical messes that had been created under Kalanick’s leadership, and that he had not paid the price for them and had become too radioactive to stay.

Well, now that Kalanick is gone, Uber can close a chapter and presumably start building a fresh start to its uncertain future.

No, Peter Thiel is not harvesting the blood of the young

Peter Thiel has some wild ideas, but transfusing teen blood into his own body might not be his bag.

Update: Correction below

Stories of countesses bathing in virgin blood, or vampiric nobles sucking the juice out of the young, have captured our attention for centuries. But when stories started coming out that tech billionaire Peter Thiel was interested in transfusing teen blood into his own body, it sent Silicon Valley into a fever dream. Peter Thiel, the vampire!

Thiel has been alleged to have a lot of crazy ideas — like that women shouldn’t have been given the vote or that we should create lawless floating nations to solve society’s problems. The coup de grâce appeared to be Thiel’s role in toppling Gawker 10 years after the media company wrote openly about his sexuality.

Then, of course, he joined Trump, a pariah in the tech world. No wonder everyone was quick to believe that Thiel would be willing to suck the blood of the young if it added a few more years to his own life.

Inc. wrote that Thiel was so afraid of dying that he was looking at “having younger people’s blood transfused into his own veins.” The story reported that Thiel Capital medical director Jason Camm (who is also an angel investor) had even contacted a startup called Ambrosia that was harvesting the blood of teens.

In short order, Vanity Fair, Gawker and numerous other media sites repeated the story. Ambrosia received so much press attention that founder Jesse Karmazin was even invited to talk about his work at Recode’s recent Code Conference. Meanwhile, an episode of HBO’s “Silicon Valley” poked fun at the unsettling idea.

But the story that took shape, that Thiel was looking to harvest the blood of the young, simply isn’t true, according to Karmazin. “I wish I did know Peter Thiel,” he said. “He’s not even a patient. If he were, I would have to say ‘We can’t disclose that information.’ But he’s not even a patient so I can tell you, he’s not a patient’.”

Unquestionably, Thiel has been interested in cheating death for several years. He told Business Insider back in 2012, “Death is a problem that can be solved.” He’s also investing in life extension research, funding Cynthia Kenyon, Aubrey de Grey and a number of other researchers who are focused on anti-aging. Last fall, the life extension startup Unity Biotechnology also raised an enormous round of funding from Thiel and other Silicon Valley billionaires interested in the prospect of humans living much longer lives.

Ambrosia — which takes donated teen blood and pumps it into anyone age 35 or older for $8,000 a pop — seems like just the type of wild startup that would interest Thiel.

As questionable as the idea sounds, blood from the young is not new. The process, known as parabiosis, has at least been successful in mice. Karmazin also says he’s seen his own patients’ hair return from gray back to its original color, and he says he has noted a remarkable difference in pep in the 600 or so people now going through treatment in his facility.

Contrary to the depiction in “Silicon Valley,” however, Ambrosia cannot directly hire the teens. Due to fairly strict regulations, people can’t be compensated for their blood, so the startup relies heavily instead on donor facilities.


It’s also a very experimental procedure for humans at this point, with repeated sessions needed to keep up the effects, Karmazin says. (“You don’t look like you are 20 after one treatment,” he tells me.)

That’s saying nothing of the fact that the process can be duplicated. Anyone with a certain medical understanding could set up their own shop and charge people for the same service. Asked about the challenge, Karmazin says Ambrosia is by design “not structured as a money-making operation.”

The risks associated with blood transfusions also sound pretty risky and the pay-to-play aspect of Ambrosia has drawn criticism in the science world. Others have called into question the idea of filling old people’s veins with teen blood as an anti-aging solution.

Still, Karmazin is hopeful he’ll have some good results from a preliminary human trial in the next year. As for the media frenzy, Karmazin says the old adage that there’s no such thing as bad press is true, and that all the wild stories have led to a lot of inquiry.

“It’s amazing how many journalists just repeat what they’ve read,” he says.

Update: An earlier version of this story misrepresented reporting of Inc. by stating that Thiel Capital was looking to invest in Ambrosia. In a story titled, “Peter Thiel Is Very, Very Interested in Young People’s Blood,” Inc reported instead that a Thiel associate expressed interest in what the company was doing. Ambrosia Jesse Karmazin maintains this was never the case.



Uber CEO to leave post















7年前的夏天,一个叫特拉维斯•卡兰尼克(Travis Kalanick)的美国小子用一款软件颠覆了地球人的出行。当时,他才33岁。










如今,哥们已是不惑之年,Uber也已进入70多个国家450多个城市,估值接近700 亿美元,但这家伙,始终没把自己修炼成国际公司掌舵人该有的样子。


今年1 月,纽约出租司机联合会呼吁包括Uber在内的全体出租车罢工,抗议特朗普“穆斯林入境禁令”,但Uber当地主管在推特上宣布照常营运。



进入2 月份,Uber一名女工程师在社交平台曝料,自己工作时遭到性骚扰,人力部门却袒护男性同事。已经了解这一事件的小卡同学至少应该说点对不起什么的吧,但他却兴高采烈地参加奥斯卡派对去了



紧接着,Google 母公司旗下的自动驾驶公司Waymo,也对卡同学发起挑战:向法院起诉Uber利用从原告处挖走的技术高管,盗窃其无人驾驶技术的关键部分。







近5个月来,除了实施性骚扰和涉嫌窃取Waymo公司机密的两位高管离开外,已相继有7位重要高管离职,其中包括仅次于卡兰尼克的二号人物Jeff Jones总裁。



















甚至记者,也都成了Uber攻击的对象。Uber的一位前高管曾对媒体动不动就做关于Uber的负面报道相当不满,他的解决办法之一是:悬赏100 万美元,去挖掘曝光那些不友好的记者的隐私。

















































Uber“jerk culture(混蛋文化)”的罪魁祸首正是卡兰尼克本人,如果他还继续在CEO的位置待着,Uber能和这种文化说再见吗?







Facebook/M8 bet on AR/VR

每年的 F8 大会是 Facebook 公司全面展示其新技术、新战略和新想法的全球开发者大会,而刚刚过去的 2017 Facebook F8 大会也毫无疑问吸引了全世界开发者们的目光,人们都想从这家科技巨头身上看到他们对未来的展望和设想。

出乎大家意料的是,在今年的 F8 大会上,Facebook 将重头戏放到了 AR 技术上。作为一家以社交网络为主业的互联网公司,很多人都对 Facebook 做出这样的选择很不解,它背后的理念和逻辑是什么?为什么 Facebook 会做出这样的选择?这样的决策对于整个行业有着怎样的影响?

带着这样的问题,我们在美国 San Jose 与百度公司总裁、同时也是这个领域世界级专家的张亚勤先生进行了一场独家对话。通过他的解读,我们一方面能够更好地理解 Facebook F8 大会以及 Facebook 这家公司,同时也能对目前互联网科技领域的发展动向有一个更好的认知。

Facebook 的思路很清晰

对于 Facebook 来说,去年的 F8 大会为外界展示了他们的公司整体规划,尤其是十年的路线图,连通性(Connectivity)、AI、AR/VR 一字排开,构成了这家公司的三大板块。在张亚勤看来,Facebook 因为有了用户、应用和平台这三大基础要素,他们可以根据这些要素让自己的技术有具体的落地场景。「Facebook 很清楚的是,产品、技术是为我产品服务的。」这句话也许是他对 Facebook 这家公司最重要的解读。

张亚勤:去年的 F8 大会我也来了,扎克伯格在去年第一次讲到了 Facebook 这家公司的十年路线图,其实相当清晰。首先是连通性(Connectivity),然后是 AR、VR 作为一种新的交互方式,后面 AI 作为根本性的技术。这个思路很清晰。

Facebook 最大的优势是它拥有十大 APP 里面的四大 APP,这个很厉害,包括了 Messenger、Facebook、Instagram 和 WhatsApp。所以它在连通性上拥有最强的力量。

有了这个之后,它就可以上面加新的功能。因为社交最主要的就是需要有交互的方式,AR/VR 很重要,就是因为它真正增加了人们交互方式,它能让人们的交流方式更加丰富,沟通性更强。这是它的优势。

在技术上,Facebook 也有很强的实力。深度学习领域的大神 Yan LeCun 目前是 Facebook 人工智能实验室的领导者,他最大的发明叫卷积神经网络(CNN),目前主要用在图象识别、人脸识别等方面。Facebook 今天就讲了 R-CNN 和 Mask CNN 等技术,算是在这个上面又突破了一次,在情绪和风格上的理解能力更强了。

而他们的思路也相当清晰,先把目光对准 AR/VR,这里面 AR 更实际一点,而且只用一个 camera 就作为一个平台,不需要有新的东西。但是这里面用的很多是 AI 的东西,比如说你对一个场景的理解、计算,包括深度信息的计算,这些都是从 AI 这边来的。

而 AI 目前的主要问题是场景。但它的 AI 场景也是很清晰的,它的场景是通过我这四大 APP,让这四大 APP 本身在交互上变得更丰富,可以让开发者开发更多东西,而不仅仅是一个通讯工具。


还有 Facebook 做硬件也很厉害,不是说光做 Oculus Rift,Facebook 的数据中心技术也是做的相当牛。它要求很高,所以没办法用现在市面上的,因为它需要特别大的存储量,还包括了时时处理,众多图象的搜索等等,所以它必须自己去建大的数据中心。

因此它有一个项目叫 Open Compute Project,这个在美国也是很有名的,它等于把它的硬件公开,所有的设计,数据中心的设计,所有的这些公开。第二点,他让大家一块儿去设计,公开设计,找最佳方案,然后它全部公开,建的时候自己不建,让 ODM 去建,但是这个架构的设计是他的。


Facebook 对自我的定义和它的转型

而要理解 Facebook 这家公司,你必须搞清楚它做事的根本逻辑和对自我的定义是什么。如果你仅仅是用「微信」这样的国内产品来直接理解它就大错特错了。张亚勤认为 Facebook 有两点让他印象深刻,第一是它对自己的定义,第二就是它在转型过程中的决心和魄力。这些从根本上决定了 Facebook 在这几年所做出的变化和战略部署。

张亚勤:Facebook 这两年有两件事让我印象很深。

第一,它定义了「我是一群人(a group of people),不是一个人这个很不一样。

像百度或者 Google 它的基因是人和信息的交互;亚马逊是人和商品;而 Facebook 完全是人和人之间,它认为我所有的优化都是针对一个群组的商业逻辑,不是一个人;它所有的产品都是优化我们在一起怎么共享,怎么交流,而不是说我一个人会怎么样,它不是点对点的沟通和交流,是群组之间的交流。

所以这个和微信有很大的不同,因为微信是一个对象和另一个对象之间的信息传输,二者在刚开始的基因就不同。Facebook 更社区化,不像微信是从通信(communication)出发的,Facebook 是从分享(sharing)出发的,但它现在也有通信,就是 Messenger 开始的。但是 Facebook 它自己整体是「It’s all about social experience」

第二点我印象很深的是,有一次我和桑德伯格(Sheryl Sandberg)在四年前我还在微软的时候聊天。她说每个公司转型都很难,比如从 PC 转到移动端很难,当然 Google 有 Android。但是 Google 的搜索基本还是 PC+的体验。

但是 Facebook 是转移动最快最坚决的那一个,转的过程中主要就是扎克伯格自己决定的作用。最早在四五年前,他们还是「everything is by H5」,忽然有一天觉得不对了,就表示公司马上要 APP 化。决定了以后,他做项目审查(project review),如果你没有 mobile(移动) 的话,他不会让你做,就是他只做 moblie 部分的项目审查,因为在 Facebook 里面,对扎克伯格做项目审查是他们一个压力非常大的事,而且产品发布都是他要通过的,你要没有 mobile 的东西他是不让你发布的,而且后面很多东西都是「mobile only」

到了后面你看,从 PC+,然后到 mobile first,然后再到 mobile only,我觉得一个公司转型的时候,要有这样的魄力和决心。

手机 AR 的设想比较现实

接下来谈到了这次 F8 大会的具体内容,毫无疑问,AR 技术就是里面的重中之重。去年,尤其是下半年,不管是 AR 还是 VR,它们在中国似乎都进入了一个低潮期。这个在 2015 年风光无限的全新领域因为在技术上还不够成熟而遇冷,也陷入了大热之后的低估。不过 Facebook 却将重点放在了这上面,而张亚勤也认为其中有其合理性。同时,他本人也对这个领域未来的发展做了一些畅想。

张亚勤:就 AR/VR 而言,我觉得这个东西需要一点时间。国内往往是什么东西吹上天,第二年看不到结果就扔到地上,但可能那个时候才慢慢真正起来。

VR 设备需要全新的沉浸式体验,但是 AR 这个东西,它本身就可以用很简单的设备,因为本身是现实的场景,只是在现实场景中加一些增强的体验。增强的度数可以多也可以少,这个就看开发者到底有多少的想象力了。

第二点,它讲的几个事实都很容易体现,你的 camera 有深度信息,还有很清晰的地理信息、地图的信息,相对来讲比较容易入手,而且不需要新的设备,不需要新的任何东西,就像目前的眼镜一样已经可以来使用了,这样一步一步反而会容易一些。

像 Oculus、Hololens,或者 Meta 这个公司做的东西,相对来讲是跳了一步。如果跳到那步也挺好,不过到了那个时候,这个的内容和整个的开发者平台在最后还是可以移过去的。

我觉得 Magic Leap 他们的那种想法还需要很多的时间,因为手机目前还是最成熟的设备。你最后说我把手机的功能全集成到眼镜上面,人戴个眼镜,我觉得很怪,因为任何戴眼镜的这种非自然的方式都是比较奇怪的。Google Glass 其实后面功能也挺强的,为什么大家不愿意戴,其实是有一些障碍存在的。

所以,它这次的方案有几个优势:首先,手机发展很成熟;第二,大家都可以接受;第三,可以有 APP;第四,它可以有很清晰的开发者平台。所以手机这个东西在很长一段时间是消失不掉的。比如手表,像 Apple Watch,功能现在也很强了,还不是这个样子。


如此聚焦于 AR,是因为 Facebook 更想帮你「kill time」

即使 AR 技术很有发展前景,但问题就来了:为什么 Facebook 要将重点放在这上面?作为一家以社交网络为主业的公司,它为什么做出了这样的选择?张亚勤认为道理很简单,相比于提升效率或者生产力,Facebook 就是要用更丰富的手段让你通过社交网络获得乐趣,只不过 AR 技术是目前最合适、也相对成熟的一块。

张亚勤:这个东西(指 AR/VR)已经做了很多年了,在实验室里面已经做了有三十年了。我记得我在 Sarnoff 就做这个东西,专门做 AR/VR 的广告牌。比如一个足球赛,你可以时时地替代这个广告,比如看到了一个可口可乐,你可以替掉它也好,或者了解这些信息也好,这些东西其实已经做了很多年了。所以这也是一个生态系统,就像视频也好,它本身就是一个生态系统。

首先,作为 Facebook 来讲,很有意思的一点是:本来人们分享的东西,它就不是为了生产力,它是为了有趣、好玩儿。当然最终可能可以成为生产力工具,但是现在我先好玩儿。Facebook 它本来就是一个工具,现在使得大家更开心了,更有趣了,然后到哪一天可能就会更用有了。

我觉得先是 kill time,另一个是 save time,save time 是生产力,Google 和微软经常干这个事儿。Facebook 是说我先 kill time,让你更开心。你看微软做什么,它的 HoloLens 还是卖给企业用户。而 Facebook 是让你 kill time,这两种都需要。而且这个世界走走,觉得可能更需要 kill time。

人类现在有几大需求,首先要吃饱,满足最基本的生活,自己的生存。后面是人要竞争,早期的竞争是通过战争,现在则是推动商业。未来可能更多的不是通过商业,商业只有老板在乎,一般人通过游戏,通过比赛。大部分人不能参加体育比赛,比如,我没法自己打橄榄球,但我可以玩游戏,这也是一种人类的竞争,我觉得以后可能越来越是 kill time

还有一个,我们可以看到公司在不同时候的不同形态。美国大部分分两种情况,一种是进化式的,一种是跨越式的。除了几个公司之外,大部分公司一大了之后都不喜欢跨越,能跨越的都是小公司,这也是一种很自然的状态。包括微软那个时候,Windows 做大了,Office 做大了,他也不愿意去颠覆自己。Google 是一个不同的公司,但是你发现它做的那些技术,也没有几个真正成为主流的产品。最终大公司当你有危机的时候,你发现我要做一些不同的事儿,能颠覆自己的公司其实挺少的。

而 Facebook 从 PC 向移动的转换已经算是非常不容易的了,通过自己转型,也通过购买。它买了 Instagram,而且买了 WhatsApp 之后和 Facebook Messenger 还能保持共存,所以我觉得这个还是相当的不容易的。

而且它的技术和 Google 比也不弱,而且相当清晰,就是在图像里,就是 LeCun 带的团队,他的人也不是很多,但是十分厉害。

百度的 AI 思路也同样清晰

事实上,所有的大公司都对自己的未来有着清晰的整体战略部署。在讲完了 Facebook 之后,我们也和张亚勤交流了百度公司对未来的看法和自身的整体战略规划。就像之前已经透露的信息一样,已经决定「all in」在 AI 上的百度已经有了很清晰的思路和规划,不管是 AI 时代的操作系统还是自己积累很久的搜索功能,都是他们重点发力的方向。

张亚勤:AI 以后可能真的不需要什么界面了,完全是自然的,人到哪里去,你的脸就是一个很自然的东西,你讲话也不需要按个东西,把什么 APP 打开。那个芯片可能会到你的袖口里面,甚至可以嵌入到你的皮肤下面。


百度在这一两年的变化很大,现在我们的思路相当清晰,从 PC 互联到移动互联到 AI,这中间不可能一个东西忽然没了,再换一个东西,肯定是一个连续的发展。在这个 AI 时代我们要做三件事儿,第一个是打造一个 AI 实地的操作系统,就像 PC 时代是 Windows,移动时代是安卓和 iOS,那么 AI 也需要一个 OS,我们的度秘其实就是一个 AI 时代的操作系统。这个操作系统上面有我们的应用,也有第三方的应用。



搜索也会是一个全新的搜索,我把它叫 new search,这个搜索也是在 AI 的基础上面。这个 new search 有三个层次,一个就是目前的搜索更加 AI 化,比如语音搜索,图象搜索,人脸搜索,在目前的手机的入口就可以变的更加智能。

第二是场景越来越多,过去可能是在手机上面,现在可能是在家、车,都是你的入口。其实搜索还是一个和信息交互的方式,只不过到了 AI 的时代,它的规模会大很多倍


Retirement plans for small businesses

Understanding your options may help you save more for retirement and lower taxes.

As a small-business owner, you’re probably used to handling a lot of responsibility—everything from drawing up detailed business plans to creating a budget. So it should come as no surprise that funding your retirement will likely fall on your shoulders.

But what type of retirement plan is the right fit for your business? There are several types to choose from and the options can be confusing. For example, some small-business retirement plans are better for sole proprietors, while others may be more appropriate for businesses with up to 100 employees.

“Many small-business owners say they want to set up a 401(k) plan because that is the plan they are most familiar with,” says Ken Hevert, senior vice president, retirement products, at Fidelity. “However, after reviewing their situation, small business owners often conclude that perhaps another plan type, such as a SEP IRA or a Self-Employed 401(k), may be more appropriate.”

Basically, there are four types of retirement plans that small-business owners might consider:

  1. Simplified Employee Pension Plan (SEP IRA)
  2. Savings Incentive Match Plan for Employees (SIMPLE IRA)
  3. Self-Employed 401(k) plan
  4. 401(k) plan (better for larger companies given setup costs, administration, fiduciary responsibilities, etc.)

We will focus only on the first three, which are generally more suitable for very small businesses—typically, 10 employees or less. Each of these plans has different characteristics—such as the ability to cover employees, contribution limits, and administrative responsibility, to name a few. To choose the right plan for your business, you need to understand the nuances of these plans and match them to your priorities (e.g., higher contributions or simpler administration).

Understanding the differences in the plan types is an important exercise. If you have been operating a plan that doesn’t match your business needs, you could be missing out on important tax benefits, or possibly making mistakes regarding employee contributions.

Why have a small-business retirement plan?

Here are three very compelling reasons:

  • Your plan not only helps secure your future—it may be the primary way your employees can help secure theirs.
  • Offering a plan helps make your business competitive when it comes to attracting and keeping good employees.
  • There are potential tax benefits to offering a plan, because plan contributions for the business owner are deductible as a business expense.

Consider your options

Each of the three small-business retirement plans may offer certain tax advantages, including:

  • Tax-deferred growth potential, which allows contributions to grow without being reduced by current taxes
  • The potential to deduct employer contributions as a business expense
  • A tax credit of up to $500 for certain expenses incurred while starting and maintaining the plan each of the first three years, if this is your first time offering a plan

But this is where the similarities end, particularly about whether the plans cover employees and, if so, who is responsible for making contributions.

  • A SEP IRA is for self-employed people and small-business owners with any number of employees. Contributions are made by the employer only and are tax deductible as a business expense.
  • A SIMPLE IRA is for businesses with 100 or fewer employees and is funded by tax-deductible employer contributions and pretax employee contributions [similar to a 401(k) plan].
  • A Self-Employed 401(k) plan is a tax-deferred retirement plan for self-employed individuals that offers the most generous contribution limits of the three plans, but is suitable only for businesses with no “common law” employees, meaning any person working for the business who does not have an ownership interest.

Choosing the right plan takes careful consideration

“If you know what you are trying to accomplish with a retirement plan, it may be relatively straightforward to determine which plan is most appropriate for the business,” Hevert says. “For example, is ease of administration an important consideration? Is it critical that employees be able to contribute to the plan? Knowing what you want and need ahead of time is a key component, because each plan has its advantages and disadvantages.”

The chart below compares the three plans in detail.

Fidelity’s small-business retirement plans at a glance

Features SEP IRA Simple IRA Self-Employed 401(k)
Who it’s for
  • Self-employed individuals or small-business owner, including those with employees
  • Sole proprietors, partnerships, corporations, S corporations
  • Companies with 100 employees or fewer, that do not have any other retirement plan
  • Sole proprietors, partnerships, corporations, S corporations
  • Self-employed individuals or business owners with no employees other than a spouse (and no plans to add employees)
  • Sole proprietors, partnerships, corporations, S corporations with no common law employees
Key advantages
  • Easy to set up and maintain
  • No initial setup or annual maintenance fee
  • Salary reduction plan with less administration
  • Low-cost option of $25 per participant or $350 plan fee
  • Generous contribution limits
  • No initial setup or annual maintenance fee
Who contributes
  • Employer only (employee may make traditional IRA contributions to the account)
  • Employer and employee
  • Employer and employee (assuming the employee is the business owner or spouse)
Contribution limits
  • Employer contributes up to 25% of employee compensation or up to a maximum of $54,000 in 2017
  • Employer must contribute the same percentage to employee accounts in years he or she contributes to his or her own account
  • Mandatory business contribution of either: 1) 100% match on the first 3% deferred (match may be reduced to 1% in two out of five years) or 2) a 2% nonelective contribution on behalf of all eligible employees. No additional business contribution may be made.
  • Employee contributes up to 100% of compensation through salary deferral, not to exceed $12,500 for 2017
  • Catch-up contributions of up to $3,000 (2017) available for those age 50 or older
  • Employers may contribute up to 25% of compensation up to a maximum of $54,000 in 2017
  • Up to $18,000 in salary deferrals; $24,000 if age 50 or older
  • Total contributions to a participant’s account, not counting catch-up contributions for those age 50 and over, cannot exceed $54,000 for 2017
  • No Form 5500 filing
  • Employee notification of employer’s contribution, if made
  • No Form 5500 filing
  • Certain annual employee notifications
  • Annual Form 5500 filing after plan assets exceed $250,000
  • No initial setup or annual maintenance fee
  • Low-cost option of $350 plan fee or $25 per participant
  • No initial setup or annual maintenance fee
  • Immediate
  • Immediate
  • Immediate
Access to assets
  • Withdrawals at any time, which are subject to current federal income taxes and possibly to a 10% penalty if the participant is under age 59½.
  • Withdrawals any time. If employee is under age 59½, withdrawals may be subject to a 25% penalty if taken within the first two years of beginning participation, and possibly to a 10% penalty if taken after that time period.
  • Cannot take withdrawals from plan until a “trigger” event occurs, such as termination of service or plan termination. Withdrawals are subject to current federal income taxes and possibly to a 10% penalty if the participant is under 59½.

Matching a retirement plan to your business

As you consider the specific features of each plan, it’s important to remember that there are always trade-offs. Think very carefully about your priorities.

Here are some factors that may be helpful as you consider the right retirement plan for your business:

Covering employees
If you have no employees other than you and your spouse (or business partner) and want the highest possible contribution limits, consider a Self-Employed 401(k). If, however, additional employees are a possibility in the future, you may need to choose between a SEP IRA and a SIMPLE IRA, both of which can cover employees. Then it’s a matter of deciding whether you want to fund your employees’ accounts by yourself (SEP) or you want your employees to contribute (SIMPLE).

Contributions: how much and who pays?
Next, think about how much flexibility you want in terms of contribution limits and who is responsible for making such contributions.

A Self-Employed 401(k) plan offers the largest possible contributions because it recognizes that self-employed people wear two hats—as an employee and as an employer. In fact, as an employee, you can make elective deferrals of up to $18,000 for 2017. As an employer, you can make a profit-sharing contribution of up to 25% of compensation, up to a maximum of $54,000 for 2017. (Total contributions as employer and employee can not exceed $54,000 for 2017.) The plan also allows catch-up contributions of up to $6,000 for those who are age 50 or older in 2017. You are also eligible for added tax breaks. If your business is not incorporated, you can generally deduct contributions for yourself from your personal income. If your business is incorporated, the corporation can generally deduct the contributions as a business expense.

If you have a business with variable income and you want more flexibility, you might consider a SEP IRA. Just remember that, if you have employees in years you contribute, you have to contribute the same percentage for them as you contribute for yourself. As an employer, you can contribute up to 25% of compensation, up to a maximum of $54,000 in 2017. And you don’t have to contribute every year.

On the other hand, if you want your employees to help fund their retirement account, you may want to consider a SIMPLE IRA, available to businesses with up to 100 employees. With a SIMPLE IRA, employees can make salary deferral contributions of up to 100% of compensation, not to exceed $12,500 in 2017. You, as the employer, must also contribute to their accounts—you can either match the employees’ contributions dollar for dollar up to 3% of compensation (contributions can be reduced to as little as 1% in any two out of five years), or contribute 2% of each eligible employee’s compensation. The SIMPLE IRA also allows employees age 50 or older to make catch-up contributions of up to $3,000 in 2017.

Time and money
The good news is that all three of these plans are relatively low cost and easy to administer. Neither the SEP IRA nor the SIMPLE IRA requires annual plan filings with the IRS, just certain employee notifications. The Self-Employed 401(k) plan involves a little more effort, requiring an annual Form 5500 filing once plan assets exceed $250,000. To make the most of this retirement savings opportunity—both for yourself and your employees—make sure it’s the right plan for your small business before you set one up.

How RSA public key encryption works

RSA is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of them can be given to everyone. The other key must be kept private. It is based on the fact that finding the factors of an integer is hard (the factoring problem). RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described it in 1978. A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message.


RSA involves a public key and private key. The public key can be known to everyone, it is used to encrypt messages. Messages encrypted using the public key can only be decrypted with the private key. The keys for the RSA algorithm are generated the following way:

  1. Choose two different large random prime numbers  {\displaystyle p\,} and  {\displaystyle q\,}
  2. Calculate {\displaystyle n=pq\,}
    •   {\displaystyle n\,} is the modulus for the public key and the private keys
  3. Calculate the totient: {\displaystyle \phi (n)=(p-1)(q-1)\,}.
  4. Choose an integer {\displaystyle e\,} such that 1 <  {\displaystyle e\,} < {\displaystyle \phi (n)\,}, and {\displaystyle e\,} is coprime to {\displaystyle \phi (n)\,} ie: {\displaystyle e\,} and {\displaystyle \phi (n)\,} share no factors other than 1; gcd(  {\displaystyle e\,}, {\displaystyle \phi (n)\,}) = 1.
    •   {\displaystyle e\,} is released as the public key exponent
  5. Compute {\displaystyle d\,} to satisfy the congruence relation {\displaystyle de\equiv 1{\pmod {\phi (n)}}\,} ie: {\displaystyle de=1+k\phi (n)\,} for some integer  {\displaystyle k\,}.
    •   {\displaystyle d\,} is kept as the private key exponent

Notes on the above steps:

  • Step 1: Numbers can be probabilistically tested for primality.
  • Step 2: changed in PKCS#1 v2.0 to {\displaystyle \lambda (n)={\rm {lcm}}(p-1,q-1)\,} instead of  {\displaystyle \phi (n)=(p-1)(q-1)\,}.
  • Step 3: A popular choice for the public exponents is  {\displaystyle e\,} = 216 + 1 = 65537. Some applications choose smaller values such as {\displaystyle e\,} = 3, 5, or 35 instead. This is done to make encryption and signature verification faster on small devices like smart cards but small public exponents may lead to greater security risks.
  • Steps 4 and 5 can be performed with the extended Euclidean algorithm; see modular arithmetic.

The public key is made of the modulus  {\displaystyle n\,} and the public (or encryption) exponent  {\displaystyle e\,}.
The private key is made of the modulus  {\displaystyle n\,} and the private (or decryption) exponent  {\displaystyle d\,} which must be kept secret.

  • For efficiency a different form of the private key can be stored:
    •   {\displaystyle p\,} and  {\displaystyle q\,}: the primes from the key generation,
    •   {\displaystyle d\mod (p-1)\,} and {\displaystyle d\mod (q-1)\,}: often called dmp1 and dmq1.
    •   {\displaystyle q^{-1}\mod (p)\,}: often called iqmp
  • All parts of the private key must be kept secret in this form.  {\displaystyle p\,} and {\displaystyle q\,} are sensitive since they are the factors of  {\displaystyle n\,}, and allow computation of {\displaystyle d\,} given  {\displaystyle e\,}. If  {\displaystyle p\,} and  {\displaystyle q\,} are not stored in this form of the private key then they are securely deleted along with other intermediate values from key generation.
  • Although this form allows faster decryption and signing by using the Chinese Remainder Theorem (CRT) it is considerably less secure since it enables side channel attacks. This is a particular problem if implemented on smart cards, which benefit most from the improved efficiency. (Start with {\displaystyle y=x^{e}{\pmod {n}}} and let the card decrypt that. So it computes  {\displaystyle y^{d}{\pmod {p}}} or  {\displaystyle y^{d}{\pmod {q}}} whose results give some value  {\displaystyle z}. Now, induce an error in one of the computations. Then  {\displaystyle \gcd(z-x,n)} will reveal  {\displaystyle p} or q.)

Encrypting messages

Alice gives her public key (  {\displaystyle n\,} {\displaystyle e\,}) to Bob and keeps her private key secret. Bob wants to send message M to Alice.

First he turns M into a number  m smaller than  n by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext {\displaystyle c\,} corresponding to:

  {\displaystyle c=m^{e}\mod {n}}

This can be done quickly using the method of exponentiation by squaring. Bob then sends {\displaystyle c\,} to Alice.

Decrypting messages

Alice can recover  {\displaystyle m\,} from  {\displaystyle c\,} by using her private key  {\displaystyle d\,} in the following procedure:

  {\displaystyle m=c^{d}\mod {n}}

Given  {\displaystyle m\,}, she can recover the original message M.

The decryption procedure works because first

  {\displaystyle c^{d}\equiv (m^{e})^{d}\equiv m^{ed}{\pmod {n}}}.

Now, since

  {\displaystyle ed\equiv 1{\pmod {p-1}}\,} and
  {\displaystyle ed\equiv 1{\pmod {q-1}}\,}

Fermat’s little theorem yields

  {\displaystyle m^{ed}\equiv m{\pmod {p}}} and
  {\displaystyle m^{ed}\equiv m{\pmod {q}}}.

Since  {\displaystyle p\,} and  {\displaystyle q\,} are distinct prime numbers, applying the Chinese remainder theorem to these two congruences yields

{\displaystyle m^{ed}\equiv m{\pmod {pq}}}.


{\displaystyle c^{d}\equiv m{\pmod {n}}}.

A working example

Here is an example of RSA encryption and decryption. The parameters used here are artificially small, but you can also use OpenSSL to generate and examine a real keypair.

  1. Choose two random prime numbers
  2.  :  {\displaystyle p=61} and  {\displaystyle q=53}
  3. Compute  {\displaystyle n=pq\,}
  4.  :  {\displaystyle n=61*53=3233}
  5. Compute the totient  {\displaystyle \phi (n)=(p-1)(q-1)\,}
  6.  : {\displaystyle \phi (n)=(61-1)(53-1)=3120}
  7. Choose  {\displaystyle e>1} coprime to 3120
  8.  :  {\displaystyle e=17}
  9. Choose  {\displaystyle d\,} to satisfy {\displaystyle de\equiv 1{\pmod {\phi (n)}}\,}
  10.  :  {\displaystyle d=2753}
  11.  :  {\displaystyle 17*2753=46801=1+15*3120}.

The public key is (  {\displaystyle n=3233}, {\displaystyle e=17}). For a padded message  {\displaystyle m\,} the encryption function is:

  {\displaystyle c=m^{e}\mod {n}=m^{17}\mod 3233\,}.

The private key is (  {\displaystyle n=3233} {\displaystyle d=2753}). The decryption function is:

  {\displaystyle m=c^{d}\mod {n}=c^{2753}\mod 3233\,}.

For example, to encrypt  {\displaystyle m=123}, we calculate

  {\displaystyle c=123^{17}\mod 3233=855}

To decrypt  {\displaystyle c=855}, we calculate

  {\displaystyle m=855^{2753}\mod 3233=123}.

Both of these calculations can be computed efficiently using the square-and-multiply algorithm for modular exponentiation.

Padding schemes

When used in practice, RSA must be combined with some form of padding scheme, so that no values of M result in insecure ciphertexts. RSA used without padding may have some problems:

  • The values m = 0 or m = 1 always produce ciphertexts equal to 0 or 1 respectively, due to the properties of exponentiation.
  • When encrypting with small encryption exponents (e.g., e = 3) and small values of the m, the (non-modular) result of m e {\displaystyle m^{e}} {\displaystyle m^{e}} may be strictly less than the modulus n. In this case, ciphertexts may be easily decrypted by taking the eth root of the ciphertext with no regard to the modulus.
  • RSA encryption is a deterministic encryption algorithm. It has no random component. Therefore, an attacker can successfully launch a chosen plaintext attack against the cryptosystem. They can make a dictionary by encrypting likely plaintexts under the public key, and storing the resulting ciphertexts. The attacker can then observe the communication channel. As soon as they see ciphertexts that match the ones in their dictionary, the attackers can then use this dictionary in order to learn the content of the message.

In practice, the first two problems can arise when short ASCII messages are sent. In such messages, m might be the concatenation of one or more ASCII-encoded character(s). A message consisting of a single ASCII NUL character (whose numeric value is 0) would be encoded as m = 0, which produces a ciphertext of 0 no matter which values of e and N are used. Likewise, a single ASCII SOH (whose numeric value is 1) would always produce a ciphertext of 1. For systems which conventionally use small values of e, such as 3, all single character ASCII messages encoded using this scheme would be insecure, since the largest m would have a value of 255, and 2553 is less than any reasonable modulus. Such plaintexts could be recovered by simply taking the cube root of the ciphertext.

To avoid these problems, practical RSA implementations typically embed some form of structured, randomized padding into the value m before encrypting it. This padding ensures that m does not fall into the range of insecure plaintexts, and that a given probe, once padded, will encrypt to one of a large number of different possible ciphertexts. The latter property can increase the cost of a dictionary attack beyond the capabilities of a reasonable attacker.

Standards such as PKCS have been carefully designed to securely pad messages prior to RSA encryption. Because these schemes pad the plaintext m with some number of additional bits, the size of the un-padded message M must be somewhat smaller. RSA padding schemes must be carefully designed so as to prevent sophisticated attacks. This may be made easier by a predictable message structure. Early versions of the PKCS standard used ad-hoc constructions, which were later found vulnerable to a practical adaptive chosen ciphertext attack. Modern constructions use secure techniques such as Optimal Asymmetric Encryption Padding (OAEP) to protect messages while preventing these attacks. The PKCS standard also has processing schemes designed to provide additional security for RSA signatures, e.g., the Probabilistic Signature Scheme for RSA (RSA-PSS).

Signing messages

Suppose Alice uses Bob’s public key to send him an encrypted message. In the message, she can claim to be Alice but Bob has no way of verifying that the message was actually from Alice since anyone can use Bob’s public key to send him encrypted messages. So, in order to verify the origin of a messages, RSA can also be used to sign a message.

Suppose Alice wishes to send a signed message to Bob. She produces a hash value of the message, raises it to the power of d mod n (just like when decrypting a message), and attaches it as a “signature” to the message. When Bob receives the signed message, he raises the signature to the power of e mod n (just like encrypting a message), and compares the resulting hash value with the message’s actual hash value. If the two agree, he knows that the author of the message was in possession of Alice’s secret key, and that the message has not been tampered with since.

Note that secure padding schemes such as RSA-PSS are as essential for the security of message signing as they are for message encryption, and that the same key should never be used for both encryption and signing purposes.