Nov 16 2023
Behind Microsoft CEO Satya Nadella’s push to get AI tools in developers’ hands

In San Francisco last week, everyone’s favorite surprise visitor was Microsoft CEO Satya Nadella. 

At OpenAI’s DevDay—the company’s first-ever event for developers building on its platform—Nadella bounded on stage to join OpenAI CEO Sam Altman, blowing the hair back on an already electrified audience. “You guys have built something magic,” he gushed. 

Two days later on another stage, in another venue, at another developers’ conference, Nadella made his second unannounced appearance of the week—this time at GitHub Universe. There Thomas Dohmke, GitHub’s CEO, was showing off a new version of the company’s AI programming tool, Copilot, that can generate computer code from natural language. Nadella was effusive: “I can code again!” he exclaimed. 

Today, Nadella will be onstage speaking to developers at Microsoft Ignite, where the company is announcing even more AI-based developer tools, including an Azure AI Studio that will let devs choose between model catalogs from not only Microsoft, but also the likes of Meta, OpenAI, and Hugging Face, as well as new tools for customizing Copilot for Microsoft 365. 

If it seems like Nadella is obsessed with developers, you’re not wrong. He’s making the rounds to tout all the ways they can use a new generation of AI-powered tools, like GitHub Copilot (Microsoft acquired GitHub in 2018) or the new suite of developer tools from OpenAI, a company in which Microsoft has reportedly invested some $13 billion.

Last week, Nadella took a 20-minute break from all of his onstage appearances to sit down with MIT Technology Review to talk about (you guessed it) developers. He repeatedly emphasized Microsoft’s longstanding focus on developers. But he also had a message: The way we create software is fundamentally changing. 

Nadella believes a platform shift is underway, one that will prove just as significant as the shifts from mainframe to desktop or desktop to mobile. This time, the transition is to natural language AI tools, some of which he argues will lower the barrier to entry for software development, make existing developers more productive, and ultimately lead to a new era of creativity. 

We present Nadella in his own words, below. His remarks have been edited and condensed somewhat for readability.  

ON THE RELATIONSHIP WITH OPENAI

One criticism of OpenAI is that its very business is only possible via Microsoft, which has given the startup billions of dollars and access to the resources it needs to power its computing-intensive language model. Yet Microsoft is also highly dependent on OpenAI’s technology to power services like GitHub Copilot, Bing, and Office 365. Altman even joked about the partnership onstage. We asked Nadella about this relationship.   

I’ve always felt that Microsoft is a platform-and-partner-first company, and this is not new to us. And so therefore, we both are effectively codependent, right? They depend on us to build the best systems, we depend on them to build the best models, and we go to market together. 

ON HIS MISSION TO GET IN FRONT OF DEVELOPERS

Nadella says this platform shift is different enough from previous ones that he feels the company needs to provide developers not only with tools, but also with a clear message about what it’s thinking and how devs can come along. 

Whenever you have a platform shift, the key thing is to make sure the platform is ubiquitously available for developers to build all kinds of new things. So to us, the most important task is to make the developer tools, the developer platforms, broadly available. 

The second thing is for us to also show the light, right? Whether it’s OpenAI building ChatGPT and then innovating on top of it, or us building Copilot and innovating on it. That will give developers an opportunity to distribute their applications. So the most important thing in any platform creation is to get the platform ubiquitously available, and then help developers reach [their] audience. 

Those are the two goals that we have across all of these [conferences].

ON WHAT IS DIFFERENT ABOUT THIS SHIFT AND PRODUCTIVITY

Productivity gains in the United States have been sluggish for the past 15 or more years. The last huge platform shift—the rise of mobile development—did little to achieve widespread prosperity. Nadella says this time will be different, largely because the shift to AI will fuel a creative revolution by making it easy for anyone to generate new work, including code. 

On the other hand, coding today is a highly skilled, well-paid job, and there’s some concern that AI could effectively automate it. Nadella argues that skilled programmers will remain in demand, but that their jobs will change and even more jobs will become available. Nadella has said he envisions 1 billion developers creating on its platforms, many of them with little to no previous experience with coding.   

Anytime you have something as disruptive as this, you have to think about the displacement and causes. And that means it’s all about upskilling and reskilling, and in an interesting way, it’s more akin to what happened when word processors and spreadsheets started showing up. Obviously, if you were a typist, it really drastically changed. But at the same time, it enabled a billion people to be able to type into word processors and create and share documents.

I don’t think professional developers are going to be any less valuable than they are today. It’s just that we’re going to have many, many gradations of developers. Each time you’re prompting a Bing chat or ChatGPT, you’re essentially programming. The conversation itself is steering a model.

I think there will be many, many new jobs, there will be many, many new types of knowledge work, or frontline work, where the drudgery is removed.

I think the mobile era was fantastic. It made ubiquitous consumption of services. It didn’t translate into ubiquitous creation of services.

The last time there was a broad spread of productivity in the United States and beyond because of information technology was the [advent of the] PC. In fact, even the critics of information technology and productivity, like Robert Gordon of Northwestern, acknowledged that the PC, when it first showed up at work, did actually translate to broad productivity stats changes.

So that’s where I think this is, where these tools, like Copilot, being used by a [beginner] software engineer in Detroit, in order to be able to write [code].… I think we’ll have a real change in the productivity of the auto industry. Same thing in retail, same thing in frontline work and knowledge work.

The barrier to entry is very low. Because it’s natural language, domain experts can build apps or workflows. That, I think, is what’s the most exciting thing about this. This is not about just a consumption-led thing. This is not about elite creation. This is about democratized creation. I’m very, very hopeful that we’ll start seeing the productivity gains much more broadly.

ON PROTECTING DEVELOPERS

Numerous intellectual property cases and class action lawsuits are before the US courts over issues of fair use. At least one singles out GitHub Copilot specifically, claiming Microsoft and OpenAI’s generative tools, which are trained on open source code, amount to software piracy. There’s a fear that people who use these tools could be subject to intellectual property claims themselves. Microsoft is trying to address these issues with a broad indemnification policy. OpenAI also announced its own indemnification policy, Copyright Shield, at its DevDay conference. 

Fundamentally these large models crawl and get content and then train on that content, right? If anybody doesn’t want their content to be crawled, we have great granular controls in our crawlers that allow anybody to stop it from crawling. In fact, we have controls where you can have it crawl just for search, but not for large language model training. That’s available today. So anybody who really wants to ensure that their content is not being taken for retraining can do so today. 

The second thing, of course, is I think the courts and the legislative process in some combination will have to decide what is fair use and what is not fair use.

We have taken a lot of control in making sure that we are only training models, and we are using data to train models that we’re allowed to and which we believe we have a legal standing on. 

If it comes to it, we’ll litigate it in the courts. We’ll take that burden on so the users of our products don’t have to worry about it. That’s as simple as that, which is to take the liability and transfer it from our users to us. And of course, we are going to be very, very mindful of making sure we’re on the right side of the law there.

Ecommerce MGMT 0 Comments
Nov 12 2022
Big Tech could help Iranian protesters by using an old tool

After the Iranian government took extreme measures to limit internet use in response to the pro-democracy protests that have filled Iranian streets since mid-September, Western tech companies scrambled to help restore access to Iranian citizens. 

Signal asked its users to help run proxy servers with support from the company. Google offered credits to help Iranians get online using Outline, the company’s own VPN. And in response to a post by US Secretary of State Antony Blinken on Iran’s censorship, Elon Musk quickly tweeted: “Activating Starlink …

But these workarounds aren’t enough. Though the first Starlink satellites have been smuggled into Iran, restoring the internet will likely require several thousand more. Signal tells MIT Technology Review that it has been vexed by “Iranian telecommunications providers preventing some SMS validation codes from being delivered.” And Iran has already detected and shut down Google’s VPN, which is what happens when any single VPN grows too popular (plus, unlike most VPNs, Outline costs money).

What’s more, “there’s no reliable mechanism for Iranian users to find these proxies,” Nima Fatemi, head of global cybersecurity nonprofit Kandoo, points out. They’re being promoted on social media networks that are themselves banned in Iran. “While I appreciate their effort,” he adds, “it feels half-baked and half-assed.”

There is something more that Big Tech could do, according to some pro-democracy activists and experts on digital freedom. But it has received little attention—even though it’s something several major service providers offered until just a few years ago.

“One thing people don’t talk about is domain fronting,” says Mahsa Alimardani, an internet researcher at the University of Oxford and Article19, a human rights organization focused on freedom of expression and information. It’s a technique developers used for years to skirt internet restrictions like those that have made it incredibly difficult for Iranians to communicate safely. In essence, domain fronting allows apps to disguise traffic directed toward them; for instance, when someone types a site into a web browser, this technique steps into that bit of browser-to-site communication and can scramble what the computer sees on the back end to disguise the end site’s true identity.

In the days of domain fronting, “cloud platforms were used for circumvention,” Alimardani explains. From 2016 to 2018, secure messaging apps like Telegram and Signal used the cloud hosting infrastructure of Google, Amazon, and Microsoft—which most of the web runs on—to disguise user traffic and successfully thwart bans and surveillance in Russia and across the Middle East.

But Google and Amazon discontinued the practice in 2018, following pushback from the Russian government and citing security concerns about how it could be abused by hackers. Now activists who work at the intersection of human rights and technology say reinstating the technique, with some tweaks, is a tool Big Tech could use to quickly get Iranians back online.

Domain fronting “is a good place to start” if tech giants really want to help, Alimardani says. “They need to be investing in helping with circumvention technology, and having stamped out domain fronting is really not a good look.”

Domain fronting could be a critical tool to help protesters and activists stay in touch with each other for planning and safety purposes, and to allow them to update worried family and friends during a dangerous period. “We recognize the possibility that we might not come back home every time we go out,” says Elmira, an Iranian woman in her 30s who asked to be identified only by her first name for security reasons.

Still, no major companies have publicly said they will consider launching or restoring the anti-censorship tool. Two of the three major service providers that previously allowed domain fronting, Google and Microsoft, could not be reached for comment. The third, Amazon, directed MIT Technology Review to a 2019 blog post in which a product manager described steps the company has taken to minimize the “abusive use of domain fronting practices.”

“A cat-and-mouse game”

By now, Iranian citizens largely expect that their digital communications and searches are being combed through by the powers of the state. “They listen and control almost all communications in order to counter demonstrations,” says Elmira. “It’s like we’re being suffocated.”

This isn’t, broadly speaking, a new phenomenon in the country. But it’s reached a crisis point over the past two months, during a growing swell of anti-government protests sparked by the death of 22-year-old Mahsa Amini on September 16 after Iran’s Guidance Patrol—more commonly known as the morality police—arrested her for wearing her hijab improperly.

“The world realized that the matter of hijab, which I myself believe is a personal choice, could become an incident over which a young girl can lose her life,” Elmira says. 

According to rights groups, over 300 people, including at least 41 children, have been killed since protests began. The crackdown has been especially brutal in largely Kurdish western Iran, where Amini was from and Elmira now lives. Severely restricting internet access has been a way for the regime to further crush dissent. “This is not the first time that the internet services have been disrupted in Iran,” Elmira says. “The reason for this action is the government’s fear, because there is no freedom of speech here.”

The seeds of today’s digital repression trace back to 2006, when Iran announced plans to craft its own intranet—an exclusive, national network designed to keep Iranians off the World Wide Web. 

“This is really hard to do,” says Kian Vesteinsson, a senior analyst for the global democracy nonprofit Freedom House. That’s because it requires replicating global infrastructure with domestic resources while pruning global web access.

The payoff is “digital spaces that are easier to monitor and to control,” Vesteinsson says. Of the seven countries trying to isolate themselves from the global internet, Iran is the furthest along today.

Iran debuted its National Information Network in 2019, when authorities hit a national kill switch on the global web amid protests over gas prices. During a week when the country was electronically cut off from the rest of the world, the regime killed 1,500 people. The Iranian economy, which relies on broader connectivity to do business, lost over a billion US dollars during the bloody week. 

While recently Iran has intermittently cut access to the entire global internet in some regions, it hasn’t instituted another total global web shutdown. Instead, it is largely pursuing censorship strategies designed to crush dissent while sparing the economy. Rolling “digital curfews” are in place from about 4 p.m. into the early morning hours—ensuring that the web becomes incredibly difficult to access during the period when most protests occur.

The government has blocked most popular apps, including Twitter, Instagram, Facebook, and WhatsApp, in favor of local copycat apps where no message or search is private.

“The messaging apps we use, like WhatsApp, have a certain level of protection embedded in their coding,” Elmira says. “We feel more comfortable using them. [The government] cannot have control over them, and as a result, they restrict access.”

The Iranian regime is also aggressively shutting down VPNs, which were a lifeline for many Iranians and the country’s most popular censorship workaround. About 80% of Iranians use tools to bypass censorship and use apps they prefer. “Even my grandpa knows how to install a VPN app,” an Iranian woman who requested anonymity for safety reasons tells me. 

To crush VPN use, Iran’s government has invested heavily in “deep packet inspection,” a technology that peers into the fine print of internet traffic and can recognize and shut down nearly any VPN with time.

That’s created a “cat-and-mouse game,” says Alimardani, the internet researcher. “You need to be offering, like, thousands of VPNs,” she says, so that some will remain available as Iran diligently recognizes and blocks others. Without enough VPNs, activists aren’t left with many secure communication options, making it much harder for Iranians to coordinate protests and communicate with the outside world as death tolls climb.

Domain fronting to beat censors

Domain fronting works by concealing the app or website a user ultimately wants to reach. It’s sort of like putting a correctly addressed postcard in an envelope with a different, innocuous destination—then having someone at the fake-out address hand-deliver it.

The technique is attractive because it’s implemented by service providers rather than individuals, who may or may not be tech savvy. It also makes censorship more painful for governments to pursue. The only way to ban a domain-fronted app is to shut down the entire web hosting provider the app uses—bringing an avalanche of other apps and sites down with it. And since Microsoft, Amazon, and Google provide hosting services for most of the digital world, domain fronting by those companies would force countries to crash much of the internet in order to deny access to an undesired app.

“There’s no way to just pick out Telegram. That’s the power of it,” says Erik Hunstad, a security expert and CTO of the cybersecurity company SixGen.

Nevertheless, in April 2018, Russia blocked Amazon, Google, and a host of other popular services in order to ban the secure-messaging app Telegram, which initially used domain fronting to beat censors. These disruptions made the ban broadly unpopular with average Russians, not just activists who favored the app. 

The Russian government, in turn, exerted pressure on Amazon and Google to end the practice.

In April 2018, the companies terminated support for domain fronting altogether. “Amazon and Google just completely disabled this potentially extremely useful service,” Alimardani says. 

Google made the change quietly, but soon afterwards, it described domain fronting to the Verge as a “quirk” of its software. In its own announcement, Amazon said domain fronting could help malware masquerade as standard traffic. Hackers could also abuse the technique—the Russian hacker group APT29 has used domain fronting, alongside other means, to access classified data.

Still, Signal, which began using domain fronting in 2016 to operate in several Middle Eastern countries attempting to block the app, issued a statement at the time: “The censors in these countries will have (at least temporarily) achieved their goals.”

“While domain fronting still works with domains on smaller networks, this greatly limits the current utility of the technique,” says Simon Migliano, a digital privacy expert and head of research at Top10VPN, an independent VPN review website.

(Microsoft announced a ban on domain fronting in 2021, but the cloud infrastructure that enables the technique is intact. Earlier this week, Microsoft wrote that, going forward, it will “block any HTTP request that exhibits domain fronting behavior.”)

Migliano echoes Google in describing domain fronting as “essentially a bug,” and he admits it has “very real security risks.” It is “certainly a shame” that companies are revoking it, he says, “but you can understand their position.”

But Hunstad, who also works in cybersecurity, says there are ways to minimize the cybersecurity risks of domain fronting while preserving its use as an anti-censorship tool. He explains that the way networks process user requests means Google, Amazon, or Microsoft could easily greenlight the use of domain fronting for certain apps, like WhatsApp or Telegram, while otherwise banning the tactic.

Rather than technical limitations, Hunstad says, it’s a “prisoner’s dilemma situation [for] the big providers” that is keeping them from re-enabling domain fronting—they’re stuck between pressure from authoritarian governments and an outcry from activists. He speculates that financial imperatives are part of the calculus as well. 

“If I’m hosting my website with Google, and they decide to enable this for Signal and Telegram, or maybe across the board, and multiple countries decide to remove access to all of Google because of that—then I have potentially less reach,” Hunstad says. “I’ll just go to the provider that’s not doing it, and Google is going to have a business impact.” 

The likelihood that Amazon or Google will reinstate domain fronting depends on “how cynical you are about their profit motives versus their good intentions for the world,” Hunstad adds. 

What’s next

While Fatemi, from Kandoo, argues that restoring domain fronting would be helpful for Iranian protesters, he emphasizes that it wouldn’t be a silver bullet. 

“In the short term, if they can relax domain fronting so that people, for example, can use Signal, or people can connect to VPN connections, that would be phenomenal,” he says. He adds that to move solutions along more quickly, companies like Google could collaborate with nonprofits that specialize in deploying tech in vulnerable situations. 

But Big Tech companies also need to commit a bigger slice of their resources and talent to developing technologies that can beat internet censorship, he says: “[Domain fronting is] a Band-Aid on a much larger problem. If we want to go at a much larger problem, we have to dedicate engineers.” 

Until the world finds an enduring solution to authoritarian attempts to splinter the global web, tech companies that want to help people will be left scrambling for reactive tactics. 

“There needs to be a whole toolkit of different kinds of VPNs and circumvention tools right now, because what they are doing is highly sophisticated,” Alimardani says. “Google is one of the richest and most powerful companies in the world. And offering one VPN is really not enough.”

So for now, seven weeks into Iran’s protests, internet and VPN access remain throttled, restrictions show no sign of slowing, and domain fronting remains dead. And it’s the citizens on the front lines who have to carry the biggest burden.

“The conditions are dire here,” Elmira tells me. The lack of connectivity has made massacres difficult to verify and has complicated efforts to sustain protests and other activism. 

“To counter the demonstrations, they cut off our access to the internet and social media,” she says. 

But Elmira is resolute. “I, myself, and many of my friends now go out with no fear,” she says. “We know that they might shoot us. But it is worth taking this risk and to go out and try our best instead of staying home and continuing taking this.”

Ecommerce MGMT 0 Comments