Yes, You Can Build a Web Company in India. Here’s How.

Silicon Valley and India have a cozy relationship, but a big question has resulted in friction, failed companies and millions in losses: When will the Internet catch on in India in a big way?

A few companies have done well and a few more are coming up, slowly but surely. But there are hardly any true breakout hits.

RedBus is pretty close. It’s essentially an Expedia for bus tickets in India. It sells about 3,500 bus seats per day, is the fourth most-trafficked Web site in India and has at least tripled its revenues year-over-year. The company sells seats for roughly half the bus operators in India, and that’s saying something: This is an insanely fragmented market that had next to zero centralization just a few years ago.  All of this has been built in three years on about $1 million in venture funding. (The company raised another $1.3 million in 2008, but it’s still in the bank. Investors include Helion, Inventus andSeedfund.)

I can vouch for the company being cheap. Having spent my morning in the plush eight-acre Infosys headquarters, the offices of RedBus were a marked contrast. They are split among two buildings located in one of those very chaotic Indian neighborhoods where vendors are shouting, cows are wandering and smell of open sewers is not too far off. It feels far from the sanitized, steel-and-glass rows of multinationals.

None of this is intended as an insult– co-founder and CEO Phanindra Sama is proud of his cheapness. (Sama is pictured above, sorry it’s so blurry. My camera was having issues.) We met in a no-frills, un-airconditioned conference room. He didn’t turn on the air conditioning for famed Silicon Valley Indian entrepreneur Kanwal Rekhi, when he visited last month either—and Rekhi is an investor in RedBus.

Despite the sweat trickling down my forehead, arms, legs and back throughout the interview, I didn’t want to leave. What Sama and his two founders have pulled off in a short period of time with little funding in India is impressive.

Background for Americans: There are two kinds of buses in India—those that make stops and have ticket-takers on board and that go to one destination only and sell pre-paid tickets only. There are some 3,000 operators of the latter category and, before RedBus, there was no way to contact them directly. To get a bus ticket, you went to an agent. That agent only had inventory from a few bus lines. To book the ticket, he or she would call one person who was in charge of booking every seat on that particular route. There was a long wait time, and frequently the routes the agents knew about were sold out – meaning you had to change your travel plans, or find another agent who had different sources. Meanwhile there was no standardization on pricing and commissions. The agent simply wrote the cost on a piece of paper and if you wanted to ride, you paid it.

Now, RedBus has a central database that gets seats from half of India’s bus operators. It has done so well that it powers the bus ticket applications for most of India’s more general travel sites like MakeMyTrip.com. It also sells an OpenTable-like software-as-a-service product to help bus companies manage their own inventory and better integrate their inventory with RedBus. In terms of seats, it sells less than 1% of the 750,000 rides taken daily, but with several channels and few other easy options, there’s a ton of room to grow a big company.

Sama didn’t set out to build a company. I know that’s a cliché with startups these days, but it’s a rarity in Bangalore where the glamor of being a Web entrepreneur runs high and plenty of TechCrunch-reading kids save up money, quit for a year, try to start a company, and go back to a multinational if it doesn’t hit quickly. When RedBus’s mentor first suggested the company raise $1 million, Sama gasped. He hadn’t even thought in those amounts. His only immediate thought was: “If I had $1 million, I’d put it in the bank and make interest.”

That mentor was Sanjay Anandaram formerly of Neta, Wipro and other ventures known between the Silicon Valley and Indian entrepreneur communities. Sama met Anandaram throughTIE’s JumpStartUp program. Despite the reach, influence and press of TIE—the uber-Indian networking organization started in the Valley— Sama is the first entrepreneur I’ve met in India who gives it this much credit for his company’s survival.

Specifically, he cites Anandaram’s advice. When RedBus was trying to sell software to the bus lines, it was Anandaram who said: Don’t keep trying to sell the same thing, ask what they need and build that. The bus lines needed to sell seats. So RedBus built a site, and bought the inventory itself from the bus lines to list on the site. Once it proved it could move seats, the operators were happy to pay the company a percentage of seats sold.

Once the company could prove results, it was Anandaram who warned them to undersell expectations: Tell an operator you can sell one seat for them a month, even if you think you can sell fifty. If you sell two, you’ll be a hero, not a disappointment. RedBus has carried that over to fundraising, admittedly forgoing higher valuations because it didn’t want to oversell and under-deliver.

That’s harder than it sounds for an entrepreneur, who is usually the single most bullish person on his company. And it is absolutely shocking in India’s startup culture. I had a blog network tell me on my last morning in India – with a straight face – that it would be doing double the revenues of Gawker in a few years. I like to give entrepreneurs the benefit of the doubt, but I also know the media business. Forgive the generalization, but Indians just love to over-sell. It’s deep in their trader heritage. “You have to sacrifice your ego,” Sama says.

But, especially for a startup in India, the most important piece of advice Sama and his co-founders got from Anandaram might have been this: You are not an Internet company.Because the Internet isn’t more widespread in India, there has to be a core mindset that the Net is an important channel, but just a channel. Just under 50% of RedBus’s business comes from the Net, much of the rest is via mobile phones.

And the company invested early in two expensive ways of skirting that Web limitation. The first was building its own network of bike couriers to deliver tickets and take payments, ala the hugely successful Chinese online travel company, CTrip. The second was investing in seven different call centers throughout India, not one central call center. Says Sama, if you don’t localize a call center to local slang, languages, and customs the customer service won’t work.

Seriously? An Indian in Bangalore arguing a centralized, remote call center can’t give good customer service? That has about as much globalization-irony as China’s BYD refusing to outsource any of its manufacturing.

For Anandaram’s part he noted the founders’ willingness to listen and learn from someone who’d been there. He says the biggest mistakes he sees Indian startups making are not seeking advice, being too obsessed with retaining control and not valuing sales, marketing and partnerships.

The RedBus story squares with something I’ve been noticing more in my travels to emerging markets—frequently when entrepreneurs complain about a lack of angel investing or venture capital, what they are really lacking isn’t just the money, it’s the mentorship. This came up inmy recent conversation with Pierre Omidyar, whose philanthropic effort, the Omidyar Network, seeks to fund both non-profit and for profit entrepreneurs specifically those in the poorest areas of the world. Omidyar Networks has money it can gives these entrepreneurs, thanks to eBay and the dot com boom—lots of money. But what the organization is increasingly finding so lacking is that horrible buzz word “human capital.”

In Omidyar’s own experience, eBay never touched the $3 million it raised from Benchmark in 1996. But the mentorship he got was well worth giving up 25% of the company. “That’s what is so hard to find around the world,” Omidyar says. “We’re increasingly looking at whether $500,000 worth of human capital could help more than $500,000.”

I know that the idea the VCs bring more than money is ridiculed by most entrepreneurs today, but those are usually entrepreneurs operating in a scene that has had an explosion of startups—both failed and successful ones—in the last fifteen years. Even the shiest, most awkward or most unconnected entrepreneurs in the Valley can find a mentor with little effort. Sometimes we take for granted that that’s not the case in much of the rest of the world.

Lucky for RedBus’s founders, they were an exception.

18 DAYS: THE MAHBHARATA RETOLD (CONCEPT NOTES by GRANT MORRISON)

This new version of the Mahbharata is set in fantastic, mythic time, at the end of the Dwapara Yuga (Copper Age) and the beginning of the fallen, corrupt Kali Yuga, the Age of Iron.

Although historically, the epic is generally thought to refer to events occurring as recently as 9 BC and as long ago as 15 BC (depending on which account you favour), I’d like to place the action much further back into a more fantastical Indian past so that we can take full advantage of the possibilities for action and spectacle on a scale rarely scene. This is like a psychedelic The Lord of the Rings with Star Wars technology.

BHARAT

In this cosmic, symbolic version of events, Bharat is the primordial landmass – the single continent, also known as Pangaea, said to exist before continental drift created the shapes we’re now familiar with. As we’ll learn here, it wasn’t continental drift that split mighty Pangaea but the descendants of King Bharata.

Bharat is home to the mighty kingdoms of the Kauravas, who come to represent the world of blind, ignorant matter, and the Pandavas, who stand in for the world of spirit and understanding and personify the clash between the impulse to participate in the restless material sphere and the impulse to transcend it.

On the ninth day of the 18 Days War, the geology of Bharat is split apart by the ferocity of the conflict, the Flood occurs, and the dreaded Iron Age we currently live in begins.

This is not a strictly accurate historical portrayal of events but a poetic, fantastic interpretation of the original text.

Some of these descriptions are so convincingly reminiscent of the precise effects of tactical atomic weapons and laser beams it seems a shame not to take them at face value and imagine a culture with access to its own versions of such weaponry.

Watch the Teaser Here: http://www.18-days.com/teaser.html

Kerberos: Highly Secure,Single Sign-on Authentication in Mac OS X

A strong, secure network authentication protocol is crucial to all modern computing infrastructures. Whether you are sending login information over the Internet, a corporate intranet, or wireless LAN, opportunities for malicious users to gain access to protected data must be carefully considered. To address this risk, Mac OS X implements Kerberos, an open-source, single sign-on authentication protocol developed and maintained at the Massachusetts Institute of Technology (MIT).

This article discusses Kerberos in Mac OS X and how the protocol is used for secure Single Sign On authentication. The importance of this secure, standards-based methodology will be discussed from both a system administrator and developer perspective.

What Is Kerberos?

Picture walking into the local county fair, and you are given two choices. You can either use your credit card at the entry of every ride or you can use it once at a booth, which grants you a ticket that you can use for the remainder of the day. It's a pretty simple choice if you're concerned about the security of your credit card information and want to have a hassle-free day at the park.

This is exactly what Kerberos accomplishes in its implementation of Single Sign On in network environments. At the beginning of the workday, a user enters his/her password into the system once; this action decrypts a ticket from a server running as a Kerberos Key Distribution Center (KDC). The ticket holds a set of encrypted keys, which are used throughout the day to authenticate user access without exchanging sensitive password information. It expires after a given amount of time (typically one day), so even if a would-be intruder sniffs it out and decrypts the information, the user-access information remains safe in the long term.

Brief History of Kerberos

Researchers at MIT took early notice of the problems inherent in sending sensitive data across computer networks. The basic tenet is the assumption that all data transmitted across a network—whether behind a firewall, on an intranet, or across the Internet—should be secured through a third-party authentication process and strong cryptography. After working through internal versions at MIT, the first public version of Kerberos (version 4) was released to the public in 1987.

A robust development cycle has continued since then, working under the version 5 specification since 1993. The latest Kerberos is version 5, release 1.5 (in Mac OS X, it's often referred to as Kerberos 5.5).

How Kerberos Works

Here's a brief description of how Kerberos works.

Kerberos uses three major components to implement secure authentication:

1. Kerberos KDC: Kerberos is integrated into Open Directory in Mac OS X, thus the Open Directory Master runs the KDC for Kerberos. Active Directory can also be used as a KDC for Mac OS X clients.
2. Kerberized Service: A Kerberized service is an application that can use Kerberos to grant access to users (e.g., Apple Mail, SSH).
3. Kerberos Client: A Kerberos client is the user who is requesting access to a Kerberized service.

Whereas the KDC holds everything together, Kerberos' purpose is to authenticate client-service access, so the client and service are referred to as Kerberos principals and the KDC is referred to as the third party.

Each principal has a unique encryption key known only to the principal and the KDC. The KDC also has its own unique encryption key. The basic concept relies on the KDC to issue session keys inside Ticket Granting Tickets (TGTs) to clients and services, authenticating services without transmitting passwords or allowing each principal access to any private key other than its own. Instead, the KDC issues a TGT, which holds client information and the session key that expires after a period of time (typically 10 hours).

Understanding the session key is critical to understanding how Kerberos works. The process is roughly equivalent to passing an encrypted password over the network (which is what Kerberos avoids), with the critical advantage of an expiration time. In other words, if someone does sniff out and decrypt the information in a TGT, the breach will be limited to the current session.

From a network security standpoint, the advantages of this strategy are similar to users changing their passwords every 10 hours (the default session time), which every system administrator knows is an unrealistic expectation.

Kerberos in Mac OS X

Kerberos is Apple's choice for a system-wide Single Sign On technology, and Mac OS X continues to enable applications for Kerberos. It was first introduced in Mac OS X v10.2 Jaguar. In its first Mac OS X release, enabling Kerberos required a manual configuration process. Since the release of Mac OS X v10.3 Panther, Kerberos authentication has been integrated into Open Directory, which makes the setup process much easier. Setting up an Open Directory master will automatically enable that server as a Kerberos KDC.

You can check to see if Kerberos is running by connecting to the Open Directory master with Server Admin and selecting Open Directory from the Services list.

In Mac OS X v10.4 Tiger, WebDav and VPN access became Kerberized, which means they each can use Kerberos for single sign-on authentication. Kerberized utilities in Mac OS X now include Safari, SSH, SMB, Mail, Telnet, VPN client, and the Apple Filing Protocol (AFP) client. Mac OS X also includes Kerberos.app, which is a GUI-based Kerberos ticket-granting application designed specifically for Mac. You can find Kerberos.app in /System/Library/CoreServices/. Kerberos.app is a system utility that can be used to explicitly request and retrieve a ticket from a Kerberos KDC if a user's Mac OS X login isn't set to do this automatically with Open Directory. Kerberos.app is typically used by administrators; general purpose use of Kerberos is transparent to the user. To add support for additional applications, such as Eudora and Fetch, users can download Mac OS X Kerberos Extras from the MIT project page.

Kerberos for Mac OS X System Administrators

A system administrator who is new to Kerberos might wonder what problem Kerberos really solves. Many system administrators and developers are comfortable implementing secure applications with standard passwords, SSL, and certificates. The key unique features of Kerberos are Single Sign On and third-party authentication, each of which adds significantly to both security and an efficient user-level login process.

Single Sign On contributes to a secure network environment by giving users a single username and password with a standardized security profile across all Kerberized applications. Remembering this password and changing it according to your organizations security guidelines is simplified because it is done in just one place.

The third-party authentication system in Kerberos is a significant advantage over many other security protocols because passwords not only don't cross the network in clear text—Kerberos keeps passwords off the network altogether.

A downside of third-party authentication is the reliance on the KDC to be up and running for users to get access to services. In enterprise and mission-critical environments, it's important for system administrators to create at least one fail-over KDC. In Mac OS X, this can be implemented with an Open Directory Replica that runs alongside an Open Directory Master. This fail-over KDC can be configured in Server Admin.

Kerberos for Mac OS X Developers

Kerberos is compelling from a developer standpoint, as it allows applications to authenticate users with a standards-based, open-source process that's deployed across a variety of operating systems. Most versions of UNIX, Linux and Windows have built-in Kerberized features. Kerberos is a wise choice for authentication in general, but applications designed for multiplatform use are especially well suited to be Kerberized.

The Kerberos Framework in Mac OS X includes:

• Kerberos v5 
  
  
  This is the latest version of Kerberos, version 5, release 1.5 (in Mac OS X, it's often referred to as Kerberos 5.5).
• Generic Security Service Application Program Interface (GSS-API)
  
  
  The definition of GSS-API (which is used in the Mac OS X implementation of Kerberos) is basically equivalent to Kerberos v5, but is used to denote the application interface for developers. *
• Login Library
  
  
  This part of the API gives developers the tools to automate login for Kerberized applications (i.e., SSO)
• Kerberos v4
  
  
  Some older Kerberized applications still use the Kerberos v4 spec, so it's important that this is included in any Kerberos framework.
• KClient
  
  
  KClient provides an application programming interface (API) for Kerberos v4 services.

* Some implementations, such as the Windows implementation of Kerberos, use proprietary forks of the API with different names. The Windows variant is called Security Support Provider Interface (SSPI). It has proprietary elements but is generally considered similar enough to create comparable ports and interoperability between the two platforms.

Mac developers who stick to the Kerberos v5/GSS-API can be confident they won't have to significantly rewrite code as they move applications across platforms and upgrade to new versions. The GSS-API is an Internet Engineering Task Force (IETF) standard that can be used for a wide variety of security purposes but is most often found in Kerberos-related codes. GSS-API assumes a client-server architecture and standardizes the authentication process between two systems. The idea is to allow developers to work with a single API, regardless of which security system is implemented. This allows varied security systems to build in interoperability with Kerberos by using the API; for instance, packages such as OpenLDAP, SSH, and CVS all have been Kerberized by utilizing GSS-API calls in their code.

The development community is highly active, both on the open-source side and in the development of proprietary solutions associated with Kerberos. Developers of applications that operate in network environments can and should take advantage of the open platform Kerberos is based on. Both the user base and the application developers benefit from Kerberized applications. Users get Single Sign On and the confidence of secure authentication. Developers get to leverage a proven infrastructure for secure authentication without having to reinvent the wheel, while retaining the flexibility of developing custom codes by working directly with the open-source API.

Continued Improvements

As the MIT Kerberos Development Team continues to work closely with Apple, each version of Mac OS X adds new features and security based on Kerberos. In Mac OS X v10.4 Tiger, Kerberos for Macintosh 5.5 added an Apple-designed Kerberos authentication dialog and a new version of the Kerberos application (Kerberos.app) that includes a graphical realms editor and is Cocoa based.

Nintendo 3DS: The Details

Nintendo Japan has announced that they will present the newest portable console, theNintendo 3DS, in June. The new handheld will offer 3D viewing without glasses. Here's all the information we have gathered so far:

• With the announcement slated for E3 in June, Nintendo's shooting a bit early in their Japanese press release by saying it will go on sale sometime between April 2010 - March 2011.

• You won't need to wear 3D glasses to enjoy the 3D effects. This may work like Rittai Kakushi e Attakoreda, the Nintendo DSi game that uses the frontal camera to track the viewer eyes. By tracking the user's eyes—a trick first shown by Johnny Chung Lee's Wii hack—the machine can alter the perspective in the game to make it look as if the player is looking into a 3D virtual space.

• It's unclear if this would be the only 3D element in the console.

• Backwards compatibility will be incorporated for DS and DSi games support.

• It may have an accelerometer for tilt-controls with motion-led gaming, just like the iPhone/iPod Touch.

• The screen might be higher-res than anything we've seen from Nintendo before, maybe reaching 720p—and measuring around the same size as the DS.

• It'll have two screens just like previous portables, but they'll be used in conjunction as one giant screen, according to RPAD.tv, who convinced developers to talk to them at GDC.

• A Tegra chip could be powering it.

• Nintendo might put a 3G sim in, for over-the-air downloads.

• Those over-the-air downloads might include ebooks, something already seen on the DSi XL.

UPDATE

• It'll include two cameras (one backwards-facing, one forward-facing), just like the DSi—for DSi backwards compatibility support.

• The Japanese publication Asahi is claiming it'll use one of Sharp's parallax barrier LCDs.

• 3D control sticks may help with gaming,  the 3DS itself could vibrate like an old Rumble Pak.

India's Got Some Outsourcing Competition

In the world of outsourcing, it's not same-old, same-old any longer.

Dramatic cost savings are dwindling and companies are seeing improved labor quality in emerging nations, two forces that seemed to drive a shift in outsourcing delivery preferences in 2009, according to the latest report by global management consulting company A T Kearney.

The firm's Global Services Location Index (GSLI) recently ranked the top 50 outsourcing destinations worldwide. Although India is still number one, other countries are gaining ground, and some perennial favorites are losing appeal.

The GSLI report found that companies are re-assessing their outsourcing choices, evaluating them based on political and security risks, labor arbitrage and skills requirements. In addition, businesses are looking to spread out outsourcing locations to protect global delivery, and are increasingly interested in nearshore and sameshore options. Some Latin American and Caribbean countries are profiting from the growing nearshoring trend and are thereby strengthening their positions as attractive alternatives to India.

Chile placed highest among countries from the region, ranking eighth on the strength of its political stability and favorable business environment. Clearly, the recent earthquake in that country will affect Chile's near-term ability to do business. Other popular choices include Mexico (ranked 11th) and Brazil (12th).

The report also indicated some US cities—such as San Antonio (14th)—were profiting from onshoring. Skilled local workers and lower wages (compared with other US cities), combined with the falling dollar and government pressure to create domestic jobs have resulted in the city's growing popularity as an IT services provider.

Poland, Czech Republic and Hungary fell in popularity because of increased costs and wage inflation.

Capitalizing on their loss were Romania (which moved from 39th to 19th), Russia (37th to 33rd) and Ukraine (47th to 42nd). According to the report, the residents' strong educational background and the countries' engineering base along with high language competence and geographical proximity make those countries attractive nearshore options for Western European clients. 

An Open Letter to Steve Jobs Concerning the HTC Lawsuits.

Enforcing patents is wrong. You’ve famously taken and built on ideas from your competitors, as have I, as we should, as great artists do. Why is what HTC has done worse? Whether an idea was patented doesn’t change the morality of copying it, it only changes the ability to sue.

But when you sue someone for doing something you do yourself, you become one of the bad guys. Can you name a company you admire that spends its time enforcing patents, instead of innovating? Remember the pirate flag you flew over Apple's headquarters when you were building the Mac? Is Apple part of the Navy now?

And the iPhone needs competition to stay awesome. HTC won’t hurt your sales much, anyway — you know the iPhone’s success is because of the art in each of its million details, not because of a handful of tech patents. Who will want a pale imitation when they could have the original?

I always thought of you as a guy who’d say, “Well, copy me if you can, because you’re copying what I did years ago, and what I’m working on now is EVEN cooler!” I like it when competitors copy me because it means they aren’t about to leapfrog me: they’ll always be playing catch-up.

If Apple becomes a company that uses its might to quash competition instead of using its brains, it's going to find the brainiest people will slowly stop working there. You know this, you watched it happen at Microsoft. Enforcing patents isn't a good long-term play: it's the beginning of the end of the creative Apple we both love.

What's the WURFL?

  WURFL = Wireless Universal Resource File

The WURFL is an "ambitious" configuration file that contains info about all known Wireless devices on earth. Of course, new devices are created and released at all times. While this configuration file is bound to be out of date one day after each update, chances are that the WURFL lists all of the WAP devices you can purchase in the nearest shops.

If you have browsed this site this far, you are probably looking for answers to the following questions:

• Why do WAP developers need a resource file like the WURFL?
• Why isn't someone providing WURFL like functionality for money?
• How do I use the WURFL?
• Which features of which phone are listed in the WURFL?
• Who endorses and supports the WURFL?
• ...and probably more.

If you read on, you will find answers.

WAP and the Need for Resource Files
The WAP standard was a great idea. All the major players in the mobile telephony industry got together in 98 and created a consortium (WAP Forum, now OMA) to establish a worldwide standard called WAP, Wireless Application Protocol.

While the protocol is supported by all device manufacturers and network operators, in practice phone and browser manufacturer have been eager to differentiate while abiding by the letter of the specs.

The consequence of this is a plethora of devices which makes it real hard for developers to build WAP and Wireless services which work acceptably well for the owners of those devices.

The message from the WAP Forum is to wait for implementations to converge and deliver developers from the problem.
Thank you, honey...but we can't wait. As developers, we need solutions, we need them quick, we need them good and, sometimes, we need them cheap too!

What developers need are means to:

• programmatically abstract away devices differences
• avoid that we need to modify applications whenever a new device ships
• avoid that we need to track new devices that ship (particularly those in uninteresting markets)

the WURFL is the starting point to fix all of that. You can think of the WURFL as a global database of all devices and their capabilities.
Of course, the wurfl is not all that there is to it. What you also need is a way to efficiently read the info from the database and use it in your applications to dynamically customize your apps for families of devices.
For this reason, this project is on the lookout for programmers who can provide new smart utilities that exploit the WURFL and for porting existing utilities to different platforms.