![](\"/assets/files/eraofexp.png\")
I recently read a beautiful chapter from the unpublished book “Designing an Intelligence” by David Silver and Rich Sutton. It’s titled “Welcome to the Era of Experience” and you can read it here. The basic gist is this: current LLMs, trained on the sum of human knowledge, are approaching a ceiling. High-quality human data is a finite resource, and these models can only reproduce human capabilities, not truly surpass them.
If you trained an LLM 300 years ago, it might reason using Newtonian mechanics. If you trained it 1000 years ago, it might reason in theistic terms. Today’s models inherit our blind spots. They’re sophisticated echo chambers of whatever worldview was baked into their training data. An LLM can give you brilliant answers about quantum mechanics, but it can’t discover the next paradigm shift in physics. It’s like asking a master librarian to invent new science. They can tell you everything that’s been written, but they can’t run the experiment that proves everyone wrong.
The authors argue that for AI to accelerate beyond our current school of thought, it needs to interact with the world. It needs to form hypotheses, run experiments, observe the results, and update its understanding. It must be grounded in reality to overturn our flawed assumptions. Without this grounding, an agent, no matter how sophisticated, will just be an echo chamber.
The next wave of AI agents will learn by doing. This is similar to how AlphaGo played millions of games against itself to surpass human Go masters. This new era of training will be defined by a few key characteristics: ongoing streams of experience instead of short, disconnected sessions; autonomous actions in the real world, not just text responses; and rewards grounded in real-world outcomes, not just human preferences.
The bitter lesson from decades of AI research is that the winning models are the ones that scale best with compute and data, not those with clever, human-designed rules. This is Tesla’s bet in a nutshell: no LiDAR, no hard-coded rules, just vision and a learning model fed by fleet data. It’s also why OpenAI and others shifted from small, curated datasets to massive reinforcement learning loops.
But before these brute-force models got good enough, everyone needed high-quality, structured data from labeling, RLHF, and safety tuning. This was the labor-dependent middle layer of the stack. If the future is fully self-supervised learning in real or simulated environments, then data labeling companies start to look like bad long-term bets. Infinite labeling doesn’t scale past a certain quality threshold.
Part of my job is to figure out where value will be created in this new paradigm. If OpenAI, Anthropic, and xAI can brute-force general intelligence with their compute, what can a startup possibly build that they can’t just replicate? What can we build that Sam Altman and Sundar Pichai cannot?
The Silver & Sutton paper suggests that compute plus environment beats compute plus labels. If that’s true, the game isn’t just about who has the most GPUs. It’s about who controls the richest streams of experiential data.
While the big labs can throw infinite compute at general intelligence, they can’t be everywhere at once. They can’t own every workflow, every sensor, every domain-specific feedback loop. That’s where the opportunity lies.
Remember how Tesla’s real moat isn’t just their AI team but their fleet? Every Tesla on the road is a data collector, experiencing edge cases that can’t be simulated. The winners in the era of experience won’t just build better models; they’ll build proprietary environments where agents can learn things no one else can.
Take construction sites. A startup could deploy cheap sensors across projects to track worker movements, equipment usage, material flow, and safety incidents. An agent learning in this environment could discover patterns humans miss, like noticing that accidents spike when certain equipment configurations are used together. The construction companies can’t build this themselves, and OpenAI can’t access this data without a physical deployment.
Or consider hospital emergency rooms. A startup could build the connective tissue between EMR systems, vital sign monitors, and patient flow systems. The agent would experience the ER in real-time, learning which triage decisions lead to better outcomes months later. Google can train the next big model, but they can’t access your hospital’s real-time sensor feed.
For non-hardware domains, legacy tech companies might have an edge. They already have a wealth of simulation data from their users and are best positioned to train these agents. Here is an excerpt from the Pleias.fr blog on training LLM agents.
![](\"/assets/files/rlphoto1.png\")
What else to build:
Industrial automation agents that learn from real-world factory floor data, like an agent that watches CNC machines 24/7 to predict failures from sound patterns or optimizes cutting paths through trial and error.
Agricultural yield agents that use sensor data from greenhouses to control variables like temperature and nutrients, learning directly from which actions produce better crops.
The key is proprietary access to environments where cause-and-effect cycles play out. No amount of compute can simulate what happens when you change the fertilizer mix in a specific greenhouse.
In the current paradigm, everyone is obsessed with prompt engineering. In the Era of Experience, the money will be in reward engineering.
Let me explain. Say you’re building an AI sales assistant. OpenAI’s version might optimize for user satisfaction scores. But what if your reward function is a composite: 30% close rate, 20% customer lifetime value, 20% time-to-close, and 30% post-sale NPS score measured six months later? Suddenly, your agent learns completely different behaviors. It might discover that slowing down the sales process for enterprise clients actually increases LTV.
These reward functions become proprietary knowledge. You’re programming business strategy directly into the agent’s learning process. A competitor can copy your UI, but they can’t copy the years of refined reward engineering that makes your agent act like a senior enterprise sales rep instead of a chatbot.
More examples:
Negotiation agents for B2B contracts: Define rewards based on a mix of deal closure rate, contract value, and long-term relationship health, measured by whether the client renews their contract a year later.
Therapy companion agents: Instead of optimizing for “did the user like this response?”, rewards are based on validated mental health metrics tracked over months with real therapists.
Code review agents: Optimize for a composite reward of “bugs caught before production,” “developer learning,” and “team velocity”—a mix no generic coding assistant will target. I’ve heard both Cursor and the Gemini team are working on this.
We’re already seeing early versions of this. Harvey, the legal AI, is supposedly building environments where agents practice contract negotiations with rewards based on deal outcomes months later. Chemistry VC also wrote a great post on this about RLaaS (Reinforcement Learning as a Service) companies, which you can find here.
The real-world impact of this approach is exemplified by a case from Veris AI: an agent trained with RL to automate the complex, hours-long process of supplier negotiations. By training on realistic simulations of Slack and email conversations—complete with sensitive data—the agent learns optimal tone, questions to ask, and search strategies, dramatically outperforming prompt chaining or one-shot LLM attempts.
![](\"/assets/files/rlphoto2.png\")
This one is subtle. The big labs will build general intelligence, but someone needs to own the last mile, the surfaces where agents interact with humans and systems.
Think of a Figma for AI Agents. Figma didn’t invent vector graphics, but they owned the interface where designers work. We need dashboards where product managers can spin up agents, define reward functions with visual tools, and monitor long-running workflows.
What to build:
Legal research terminals embedded in law firms that learn from which cases lawyers cite and which arguments actually win in court
Developer environment agents that live in your IDE and learn from your entire team’s workflow over months, going beyond simple coding assistants. Cursor and Windsurf are early examples.
Financial planning platforms where agents manage real portfolios and adapt to market movements and client life events—essentially, robo-advisors without fixed rules. These likely already exist inside hedge funds and prop trading shops.
Or take enterprise software. Salesforce might be disrupted by someone who builds the connective tissue that lets agents operate across CRM, email, calendar, and analytics tools. The moat is owning the interface where humans supervise and direct these agentic processes. This is where companies like Julep.ai are trying to build, though the monitoring and dashboard layer is still nascent.
The next generation of training data will also come from synthetic environments designed to train agents for specific tasks.
Imagine you’re training an agent for supply chain optimization. Instead of waiting for real disruptions, you build a high-fidelity simulation with weather patterns, geopolitical events, and port congestions. Your agent can experience a thousand supply chain crises before breakfast, learning strategies no human has ever tried. Lyric.tech is one company I know of building these kinds of causal inference models.
More synthetic world opportunities:
The key insight is that OpenAI won’t build a niche supply chain simulator. But for a focused startup, that simulator becomes a data factory, churning out experience that’s worth more than all the text on the internet for that specific domain. ChemistryVC has another great post on this topic here.
What’s remarkable is that these agents are beginning to converge on human behavior, in some cases more accurately than traditional surveys when compared to real-world outcomes. Corporations and governments routinely spend hundreds of thousands of dollars and wait months to gather data from human panels. Synthetic research offers a faster, cheaper alternative—with the potential for a continuous stream of insight rather than discrete snapshots in time. Imagine being able to assess how much people would pay for your product, anticipate the impact of a new tax, or even predict election outcomes—in real time. This could fundamentally reshape how decisions are made across industries.
The big labs are constrained by their visibility, regulation, and cultural commitments to safety. There’s a whole frontier of capabilities they won’t touch for years like stuff which operate in the gray zones.
A startup building “uncensored therapy agents” for specific populations might discover interaction patterns that actually help people more than our current “always honest, always safe” approach. Maybe the agent learns that for certain personality types recovering from addiction, a small tactical lie about recovery statistics prevents relapse better than brutal honesty.
So, what should you do?
Secure the telemetry monopoly now. Find a niche where you can instrument everything. Every action, every outcome. This data exhaust becomes your moat. A friend’s startup put sensors in commercial kitchens - they now know more about restaurant operations than anyone. While they are still figuring out what to do with this data, I am pretty sure this will become their moat in the long run.
Build reward engineering tools. The next TensorFlow but for reward function composition. Let domain experts define complex objectives without writing code.
Go full-stack on agents. Don’t build thin wrappers around GPT-5. Build the entire loop: perception, action, outcome measurement, and model update. Own the whole cycle.
Instrument for safety from day one. When your agent runs for months unsupervised, you need audit trails, rollback mechanisms, and kill switches. The first startup to make “safe autonomous agents” easy will win enterprise contracts.
The Era of Experience is a redistribution of power from the compute-rich to the data-rich. OpenAI has the GPUs, but you can own the environments. They have the models, but you can engineer the rewards. They have general intelligence, but you can own specific workflows.
If I had to place bets, I’d put chips on vertical-specific agent platforms that own the entire learning loop, and on the agent ops infrastructure that will be the Datadog for this new world.
The path forward is clear: Find a domain where experience matters. Instrument the hell out of it. Define rewards that align with real-world outcomes. Deploy agents that learn continuously.
The future isn’t just about bigger models eating more of the internet. It’s about smarter agents learning from richer experiences. They’ll build the intelligence. We’ll build the worlds it lives in.
If you are building anything relevant to what you read above, please reach out to me.
", "url": "https://rnikhil.com/2025/07/30/era-of-experience", "date_published": "2025-07-30T00:00:00+00:00", "date_modified": "2025-07-30T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/07/10/ai-investing-framework", "title": "AI Investing frameworks", "summary": null, "content_text": " Compiled AI investing frameworks from Nabeel (Spark), Victor (Benchmark), and Sarah (Conviction) based on Twitter posts for personal reference.What happens when the underlying model becomes 10x better? Is the revenue durable? If the model becomes 10x better, what happens to the product? Lot of thin wrappers get folded inside the model and become part of their capability Track benchmarks where model is improving very rapidly Its a given that models improve fastest on domains where the output can be objectively measured. Stuff like code (where you can compile and test) and text based filed where output is verifiable (law, medicine etc) Then ask yourself on whether those rapid model improvements(on these domains) make the business more durable or less durable?What happens when you call collect customer data or talk to customers at scale? How do you build if you had an army of compliant infinitely patient knowledge workers? Instead of talking to top 5% customers, what happens if you can talk to everybody? What does this unlock?3 ways to bucket startups Adaptation Make the old thing again but + AI this time. In mobile revolution, it was social network on web became social network on phone. Adobe firefly, Spotify DJ, Canva Create, Figma Make, Airtable Omni are all adaptations of the existing product. Usually done by incumbents using their existing distribution and tech advantage. Evolution Because of new tech wave, the user behavior changes and a new workflow is created/invented. Its not the same workflow using AI tools. How people shared photos in the Flickr era vs how they share photos in the Instagram era (example of the mobile evolution). Similarly with the AI wave, its how people do software development (CHOP by Steve Yegge), Descript for video editing etc. This is not AI slapped on existing incumbent’s UI but rather entirely new workflows itself Revolution This is an entirely new way or platform that only exists because the new tech exists. Uber and mobile is a good example here. What are the examples in AI for this? ", "content_html": "Compiled AI investing frameworks from Nabeel (Spark), Victor (Benchmark), and Sarah (Conviction) based on Twitter posts for personal reference.
What happens when the underlying model becomes 10x better?
What happens when you call collect customer data or talk to customers at scale? How do you build if you had an army of compliant infinitely patient knowledge workers? Instead of talking to top 5% customers, what happens if you can talk to everybody?
3 ways to bucket startups
When Zapier was exploding in the 2010s, everyone saw the obvious opportunity: no-code automation connecting SaaS tools. Lead comes into Gmail, add to spreadsheet. Stripe payment triggers Slack message. Simple workflows for non-technical users who just wanted things to work seamlessly.
But n8n took a completely different approach. Instead of building another business-user-friendly automation tool, they went straight after developers and technical teams. And it’s working incredibly well. If you want to read how n8n counter positioned vs Zapier, read my friend Manas’s blog here. This post is about the difference in technical capabilities of each platform, what each platform actually does well and their concrete limitations and specific use cases where each platform wins.
Zapier owns the simple automation space. 7,000+ app integrations, dead simple interface where non-technical users can build workflows in minutes. One trigger, then a series of actions, all configured with plain-language fields. It’s perfect for straightforward workflows like “when a new lead comes in from a webform, add a row to Google Sheets and send an email.”
The limitation is that Zapier is fundamentally designed for simplicity. Linear workflows, limited customization, and everything runs in their cloud with per-task pricing that gets expensive fast at scale.
Workato is enterprise integration on steroids. This isn’t really competing with Zapier - it’s more like competing with MuleSoft and Boomi. Their buyers are CIOs and IT architects who need to connect both cloud and on-premise systems at massive scale.
Workato has 1,000+ connectors including enterprise databases and legacy systems. You can sync Salesforce with SAP and an on-prem SQL database, with proper role-based access control, versioning, and audit logging. But this comes at enterprise prices - often five-figure or six-figure annual contracts with custom pricing based on your needs.
Tray.io is positioning itself as the modern alternative to Workato. They’re going after similar enterprise customers but with a more contemporary approach. Tray’s betting big on AI with an AI-powered workflow builder and chat-based automation interface.
The difference is Tray appeals more to revenue ops teams, marketing ops, and product teams at high-growth companies rather than traditional IT departments. They let you publish workflows as APIs and they’re targeting organizations that want cutting-edge AI capabilities. But they have a smaller connector library (~500) and still use enterprise pricing starting around $2,500/month.
n8n went after the developers that everyone else ignored. Self-hostable, open source, with the ability to write JavaScript and Python directly in workflow nodes. You can integrate with internal APIs, connect to databases behind firewalls, and run unlimited workflows without per-task fees eating into your budget.
The cost advantage is massive for high-volume use cases. When AI startup Lindy was choosing platforms, they specifically picked n8n to avoid Zapier’s linear costs scaling with each user and action. With n8n, they negotiated a fixed support fee and handle unlimited executions. Processing 10,000 records monthly on Zapier could cost $500+, while n8n self-hosted is just infrastructure costs.
The technical flexibility is unmatched. In Zapier, if you need a code step, you get basic JavaScript with time limits and no external library imports. Workato has a Connector SDK but it requires enterprise-level implementation. n8n treats coding as a first-class citizen - you can import libraries, write complex data transformations, and build workflows with multiple triggers, branches, loops, and parallel processing.
Lindy actually embedded n8n’s npm package directly into their AI product rather than making external API calls to Zapier. This eliminated latency entirely and gave them complete control over the automation logic.
The developer community is driving rapid innovation. Over 70,000 GitHub stars and growing. The open source model means anyone can contribute new integrations or features. When new AI models or APIs emerge, the community often adds support within days rather than waiting for the company to prioritize it on their roadmap.
The timing with AI workflows has been perfect. n8n’s revenue grew 5x after adding AI features in 2022. While other platforms had to retrofit AI capabilities into their existing business-user-focused interfaces, n8n’s developer-first approach made it natural to integrate with any AI API or model. You can connect to local AI models, custom ML pipelines, or chain multiple AI calls with full control over the logic.
Data engineering pipelines: n8n workflows can periodically gather data from various sources, transform it, and push to a data warehouse - effectively replacing lightweight ETL tools. Try doing that cost-effectively on Zapier’s per-task pricing.
Internal system automation: Because n8n runs on your infrastructure, it can directly connect to internal databases, legacy systems, and private APIs without exposing them to external cloud services. Workato offers on-premise agents, but n8n is natively on-premise.
Product automation engines: Some companies embed n8n directly in their products to provide automation features to their users. This white-labeling approach isn’t possible with Zapier’s cloud-only model, and Workato’s embedding offering is a paid enterprise partnership.
Complex workflow orchestration: Multiple triggers in a single workflow, parallel processing branches, custom error handling logic, retry mechanisms with exponential backoff. These patterns that are standard in software development but impossible or expensive in traditional automation tools.
n8n is now a serious business. $7M+ ARR in 2024 (up from $0.6M in 2020), €55 million Series B funding from Sequoia and Felicis, and 3,000+ enterprise customers. Many of these enterprises are running self-hosted deployments specifically because they need the data control and customization that cloud-only platforms can’t provide.
Each platform is winning in their segment. Zapier continues to dominate simple business user automations. Workato and Tray fight for enterprise integration budgets, with Workato as the proven choice and Tray as the AI-forward alternative. n8n owns the developer automation space that was completely underserved before.
The fragmentation makes sense. A marketing manager wanting to connect their lead forms to their CRM has completely different needs than a data engineer building internal pipelines or an IT architect integrating enterprise systems. One size doesn’t fit all, and n8n recognized that developers were getting ignored.
n8n’s growth is accelerating while incumbents face constraints. Zapier can’t easily drop their per-task pricing without destroying their business model. Workato and Tray can’t go fully self-hostable without undermining their enterprise service model. Meanwhile, n8n keeps expanding their integration library, improving their developer experience, and riding new technology waves like AI.
The open source community creates a compounding advantage. Every new integration or workflow template that someone contributes makes the platform more valuable for everyone else. Bug fixes come from the community. Feature requests get implemented by users who need them most.
The enterprise adoption is the real validation. When companies with serious compliance and security requirements choose to run n8n in production, it signals that this isn’t just a hobbyist tool. These organizations have the budget for Workato or enterprise Zapier plans, but they’re choosing n8n because it gives them something the others can’t: complete control over their automation infrastructure.
n8n proved that even in a crowded market with dominant players, there’s always room for a different approach that serves an underserved segment better than anyone else. If you are building in this space, reach out to me.
", "url": "https://rnikhil.com/2025/07/06/n8n-vs-zapier", "date_published": "2025-07-06T00:00:00+00:00", "date_modified": "2025-07-06T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/06/28/airtable-omni-review", "title": "Airtable \"Omni\" app builder review", "summary": null, "content_text": "Airtable recently launched “Omni” which is their conversational agent that can spin up full Airtable apps like tables, interfaces, automations and then keep working inside them as an analyst or workflow bot. All paid and free plans now ship with bundled AI credits, and Airtable positions this as an app builder,” replacing drag-and-drop with vibe-coding that’s backed by production-grade components. I am personally interested in this because a lot of our portfolio companies here at Accel are in various stages of getting into the vibe coding space and I wanted to see what a $10B company could come up with here. Its extra interesting because Airtable already owns the data and the kind of products they can build should technically be 10x better than a chrome extension running on top of your Google sheets. The CEO calls it a refounding moment and you can read the launch blog post here.The main pitch is this: Omni is better than off the shelf vibe coding tools: Instead of 0->1 new software which are buggy, Airtable promises to use production ready components Chain multiple workflows at scale: Do data editing, email automation, data analysis, extracting/summarising insights, generating images for campaign concepts, doing web search for data enrichment, etc all while respecting the existing user permissions and roles. Lot of the AI governance and compliance features come out of the box. From their docs, here is a sample of Omni’s capabilities: Some example usecases from their announcement: A VC can paste their meeting notes from a startup pitch meeting and Omni automatically creates an entry into the investment opportunity tracking database Generate campaign concept images from briefs and put them into your marketing database Research the attendee list online(media mentions, linkedin search etc) from your database to personalise your offline events betterNow that we have set the context for what the product is, lets dive into figuring out how to evaluate this product. To add some structure, here are 3 ways we can do this: Generation quality and reliability Does Omni create the right schema, interaces and automations on the first try? How often do we have to manually fix things? I am basically trying to see whether the “text to app” thing actually works or just moves work downstream Editability After generation, can a non-technical editor easily inspect and tweak every layer (data, logic, UI)? Can people build more complex apps on top of this tool. Workflow and Agent depth Can Omni chain multi-step processes (e.g., scrape → classify → notify) and run them at scale without rate-limit? A lot of the value of these products comes when these AI agents can run continuously in the backend and not just at build time. I am intentionally ignoring evaluating the product on price, governance, security, permissions and if existing Airtable user roles can cleanly extend to AI actions and whether admins can audit what Omni did. I am not an enterprise user and the bundled AI credits seem to be enough for my personal workload. Since these introductory pricing details tend to change, I am not evaluating what happens to cost when you scale users, runs or agents. All users get 500 free credits monthly, while the paid add-on provides 3,500 credits. Airtable AI’s pricing works on a credit system where complexity determines cost. A quick sentiment analysis might use just 1 credit, while generating a complete 750-word blog post could consume around 15 credits.Next, lets look at how we will go about this. I am short on time today so don’t come after me if this section isn’t testing some key features Generation quality & reliability Prompt used Here’s an Excel file of angel investors (columns include Name, Description, Email, LinkedIn URL, Popular AI Investments). Create a new base called ‘Angel CRM’ that: imports all rows, sets appropriate field types (text, long-text, single-select). Add a checkbox ‘AI Flag’ that turns on if the Popular AI Investments cell is not blank. Automatically run an automation to fetch each investor’s firm logo into an Attachment field called ‘Logo’. Show me the finished base. We are trying to check: Were all rows imported? Do column names and types look right? Does AI Flag evaluate correctly? Did the logo-fetch automation get created? Rating: 3 = Everything correct first try, ≤2 minor fixes (e.g. a wrong field type) 1 = major issues (missing columns, broken automation) Editability Prompt used. (We will run each in a separate prompt so we can time / observe Omni’s response) Rename the field Description to Bio. Create a Kanban view called ‘By AI Flag’ and group cards by the AI Flag checkbox. Update the AI Flag rule so it also turns on when the word ‘GenAI’ appears in Description. We are trying to check: Did Omni act on the very first prompt, or ask clarifying questions? How many clicks/prompts did you need? Could a non-technical friend follow the UI changes easily? Rating: 3 = All three edits done in < 2 min each, no confusion. 2 = Some hunting around or extra prompt needed. 1 = Got stuck / required manual rebuild Workflow & Agent depth Prompt used Every day at 9am IST, look up each investor’s or their fund’s name or the AI investment on news.ycombinator.com; if mentioned, check a HN_Mention box and post a Slack DM to me with the link. Generate a 20-word summary of each Popular AI Investments cell and store it in a new long-text field called AI_Summary. Run it now. (after i delete the “Popular AI investment” field). I will rerun the above prompt again We are trying to check: Does the scheduled job fire on time?. Does Omni finish without timing outs? When you deleted a field, did Omni show a clear error and resume automatically once fixed? Rating: 3 = Runs on schedule, scales to big sheets, auto-recovers 2 = One retry or manual nudge needed 1 = Missed run, stalls at scale, or cannot recover Results First off, their local file upload flow is a bit buggy. It took multiple tries to get my excel file uploaded and it refused to recognise xlsx as a suitable file format in the first couple tries. The overall fit and finish of the product is top notch though and I really enjoyed interacting with it. Generation quality and reliability The import worked flawlessly. All the rows showed up, the column names and types were correct. A new Angel CRM base was created. The AI flag worked correctly. The logo fetch didn’t work though. It didn’t create a logo fetch automation and all I saw in the interface were a couple placeholder images. I tried prompting it again asking it to fetch the logos, but it errored out after going at it for a couple minutes. It unnecessarily did a logo analysis though (describing the logo elements and branding details which I didn’t ask for) Overall result: 1.75/3 It currently doesn’t support updating attachments and it went off on a tangent trying to describe logos. Although the official announcment said it can enrich the data from online search, it apparently cannot fetch logos. It did however create a new sheet for me to upload the logos. I have seen other people successfully fetch images to enrich their databases but I am not sure why it failed for me Editability There were some duplicates in my document. However, today Omni doesn’t have the capability to delete rows or remove duplicates which sucks. The field update worked well (needed user confirmation). The kanban view isn’t currently supported by Omni and it ignored the “AI Flag” rule change I asked it to. I had to ask it again but it didn’t give me any response and just errored out. Overall result: 1.25/3 This one is tricky. It did work after multiple attempts and its not fair to judge the product when it clearly doesn’t support certain flows. However, this is a point in time evaluation and I am just judging it based on what works today. The AI flag rule changes seem to work after a couple attempts but I deducting some points for the lack of reliability here. Workflow and Agent depth The automation and slack integration was created perfectly. I was actually surprised it worked on the first try (maybe I was prompting it wrong before). But after creating the automation, it just errored out saying “Assistant took too long to respond, please try again.”. I tried deleting the “AI flag” and “Popular AI Investment” field and see whether it handles edge cases and it recognised the problem well. When I asked it to create an “AI summary” column based on online search, it gave me “Run agent” button for each row to do this manually. When I asked it run all the agents and generate the summary, it errored out again and asked me to refresh the page. Upon refresh, I found that it did actually run the agent for 10 rows which is good. I see the potential of these features but unfortunately they haven’t been properly eval-ed. There were some obvious mistakes in the summary though. Overall result: 2.75. If the agent didn’t error out so many times, I would have rated it a full 3/3 Overall impression Overall result: 5.75/9 Its a slick looking product which works for the basic flows. Its not yet fully integrated with the Airtable ecosystem(feature set is limited) and the chatbot is a bit buggy at the moment. It forgets to respond, ignores instructions and sometimes just errors out after attempting a task for a couple seconds. This compares more to the Gemini copilot(which is also limited and buggy) running on top of Google sheets and its decent for making interfaces/dashboards on top of existing data. Its not ready to be called an “App builder” yet though. The automation support and online research are in alpha and needs more work to be production ready. While I don’t expect a 1 week old product will be super perfect out of the box, I at least expect the chatbot to be 1) telling me if something is doable or not 2) tell me why the error happens and 3) fail more gracefully while doing long running tasks. Overall, I am quite excited to see how this generation of data copilots pan out.", "content_html": "Thanks claude for co-writing this.
Airtable recently launched “Omni” which is their conversational agent that can spin up full Airtable apps like tables, interfaces, automations and then keep working inside them as an analyst or workflow bot. All paid and free plans now ship with bundled AI credits, and Airtable positions this as an app builder,” replacing drag-and-drop with vibe-coding that’s backed by production-grade components. I am personally interested in this because a lot of our portfolio companies here at Accel are in various stages of getting into the vibe coding space and I wanted to see what a $10B company could come up with here. Its extra interesting because Airtable already owns the data and the kind of products they can build should technically be 10x better than a chrome extension running on top of your Google sheets. The CEO calls it a refounding moment and you can read the launch blog post here.
The main pitch is this:
![](\"/assets/files/airtableomni.png\")
Some example usecases from their announcement:
Now that we have set the context for what the product is, lets dive into figuring out how to evaluate this product. To add some structure, here are 3 ways we can do this:
Next, lets look at how we will go about this. I am short on time today so don’t come after me if this section isn’t testing some key features
Overall impression
I attended the AI.engineer conference held in the first week of June at San Francisco. It was the largest technical AI conference of the year, bringing together over 3,000 engineers and leaders building with AI. The event featured 18 specialized tracks with 150+ sessions running simultaneously plus an expo with 50+ companies across the AI engineering landscape.
Key Participants: Major AI labs (OpenAI, Anthropic, DeepMind, Cartesia), infrastructure platforms (Modal, Baseten, Temporal, Vapi, Daily), GPU leaders (NVIDIA, Cerebras, Groq), and a ton of other AI startups. You can find the entire list of companies here. Unlike theoretical AI conferences, this event focuses on engineers building and deploying AI systems. Sessions emphasized practical implementation, live demos, and real-world technical challenges rather than speculative discussions. They also had an online track with about 70 lectures. You can find them here. You can watch some of the live streams from the conference here. I personally liked the keynotes from Greg Brockman and swyx.
Some key trends:
Multi-Agent Orchestration
The biggest technical shift is from single agents to “agent swarms.” OpenAI’s Greg Brockman articulated the future as “not one big AI in the sky, but a panel of specialized agents working together.” Google Labs demonstrated “Jules” - their parallel coding agent that requires developers to orchestrate multiple agents simultaneously. Microsoft showcased Project Amelie - an autonomous ML engineering agent that can be @mentioned in GitHub to analyze codebases and generate ML models(like Automl copilot). We did multiple workshops where we had to play the role of an “AI agent manager” just orchestrating and prompting agents to get some work done which was a lot of fun.
Investment takeaway: Multi-agent infrastructure is the next platform for AI opportunity. (think Kubernetes for AI agents). Early winners will build orchestration frameworks handling agent communication/coordination, task delegation, and context management, latency optimisation and cross agent memory management. Winners here will have deep tech expertise and strong evaluation frameworks for their domain specific agent workflow.
MCP Protocol Standardization
Every AI startup has adopted MCP. Technical advantages include dynamic tool discovery, sampling (agents requesting LLM completions through clients), and bidirectional communication via streamable HTTP. Anthropic issued an explicit “Request for Startups” seeking MCP servers in sales, finance, legal, and education verticals.
Investment takeaway: MCP creates a massive platform play similar to early mobile app stores. First-mover advantage goes to teams building vertical MCP servers (collapsing domain expertise like legal, accounting etc into standardized tools) and horizontal infrastructure (automated MCP generation, enterprise hosting, security and observability). Security focused MCP infrastructure is pretty hot too since enterprises demand compliance and auditability.
Evaluation as Competitive Moat
Traditional generic benchmarks(like MMLU, GSM8k etc) fail to capture real-world AI application performance for your particular AI company in a specific domain. New approaches include hierarchical evaluation models, AI-assisted manual evaluation, and some complex LLM as judge rubrics fine tuned for your specific domain and task. Pi Labs (our portfolio) demonstrated breaking AI outputs into 300+ distinct signals - similar to Google’s search ranking. Each signal gets automatically scored, then weighted into overall quality scores. The companies with robust eval pipelines can iterate faster and deploy more confidently. The biggest most for most of these companies has become their eval pipeline.
Investment takeaway: Evaluation tooling represents critical infrastructure spending as AI moves to production. However, out of the three components of an eval tooling startup (datasets, platforms, judges), the central platform component has commoditized. It’s all mostly a dashboard to do prompt management and define your scoring metrics. We should be looking for startups building generation pipelines for proprietary evaluation datasets, domain-specific metrics, and proprietary judging mechanisms.
I would personally start checking if AI startups(across domains/verticals) can articulate their eval strategy in the pitch meetings. This is such an important part of building with LLMs.
Development Parallelization
Multiple teams (Dagger, Morph Labs, Google, Factory AI) demonstrated development parallelization: AI agents exploring multiple solution paths simultaneously. Engineers are moving from sequential coding into orchestrating parallel agents. Technical architecture enables spinning up isolated environments to test variations (code architectures, product features, bug fixes) in parallel, then merging successful approaches. Windsurf demonstrated their “shared timeline” between human and AI, handling everything from code generation to API provisioning to deployment.
Investment takeaway: Parallelization infrastructure will become as foundational as CI/CD, but technical challenges around merging, arbitration, and cost control still exist. Market parallels the early containerization wave : Docker-equivalent opportunities for AI parallelization(the Docker CEO itself is building in this space). We should look for vertical coding agents (e.g., infrastructure, mobile, ML pipelines, or any specific domain) and agent orchestration tools for development teams.
Tiny Teams Revolution
The emerging success metric: companies with “more millions in ARR than employees”. Met some VC’s who are using this to judge companies. Companies like Gumloop, Gamma, Harvey, HeyGen, Windsurf spoke about their “path to 10-person unicorn” via AI-leveraged teams. These teams achieve extreme capital efficiency by building AI-first from day one rather than retrofitting traditional operations.
Investment takeaway: Massive opportunity for B2B automation tools that enable tiny teams to punch above their weight. We should look for companies where AI handles the “middle management” layer - orchestrating work between human experts rather than replacing them entirely. The key differentiator is execution speed, not defensible IP. First-mover advantage matters more when you can build 10x faster than incumbents can respond.
There were also tracks like GraphRAG, PMs in the time of AI and agent reliability which were also quite popular. Also, please reach out to me if you want to learn more about any particular topic or if you want the slides/workshop material.
", "url": "https://rnikhil.com/2025/06/16/ai-engineer-world-fair-takeaway", "date_published": "2025-06-16T00:00:00+00:00", "date_modified": "2025-06-16T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/05/18/how-to-reduce-latency-voice-agents", "title": "How to optimise latency for voice agents", "summary": null, "content_text": "Over the last week, I have been researching and reading about different horizontal platforms like Vapi, Retell and Bland to understand how they work behind the scenes. My main motivation was to 1) figure out the voice agent stack 2) see if there are any unsolved problems in the space and 3) look for interesting companies which I can then take up with my team at Accel for investing. Along the way, I learnt a fair bit about the importance of latency in building voice apps and how important is to achieve a sub ~800ms latency for end to end setups. It really makes or breaks the voice agent experience along with other things like interrupt and turn detection, mid-sentence redirection, etc and this posts looks at the all these considerations from a latency POV(and suggests tips) to build a kickass voice agent. To see how important is latency is in building voice applications, I vibe coded a small application to simulate how the user experience is for different latency configurations. You can play with it at comparevoiceai.com .Most voice AI apps follow the below pattern. The user speaks into the microphone. THe audio is processed client side (noise compression, speaker isolation etc) and then piped with WebRTC (e.g., Daily) to a server, then Speed to Text (STT) models (like Deepgram) transcribes speech to text. The Dialogue/LLM layer turns that text into an appropriate reply transcript(probably calling other LLMs, function calls etc), which Text-to-Speech (TTS)—providers like ElevenLabs render as audio. A second WebRTC hop streams the audio back to the user, with each leg adding latency and failure points that orchestration must hide.Achieving human-like responsiveness requires optimizations at every layer of this pipeline, especially in how we manage LLM context and system architecture. In the first section, we will look at all the methods we can use to cut latency on the central LLM block. If you want to learn more about choosing the right LLM provider for building your voice agents, you can read more on the blog post I wrote on the comparevoiceai.com website.Link: Which LLM to choose for voice agents.Semantic caching Semantic caching stores previous queries and LLM answers so that semantically similar prompts can reuse results without a full model call. Unlike traditional key-value caching (which hits only on exact string matches), semantic caching uses embeddings to match queries by intent, not exact wording. For example, “What’s the home loan policy?” and “How does your company handle home loands?” have the same intent; a semantic cache would recognize their similarity and return a cached answer if available. The system first converts an incoming prompt into a vector embedding that captures its meaning. It then performs a similarity search in a vector database (e.g. FAISS, Pinecone, Chroma) of past query embeddings. If a cached query with high similarity is found above a threshold, the system returns the stored answer instead of calling the LLM. On a cache miss, the entire voice pipeline is run normally. You will do make the LLM generate a response normally, and the new query+answer are added to the cache (storing both the text and its embedding for future comparisons). This approach turns LLM calls into a search problem. One good thing for us is that Voice agents often faces repetitive or similar user requests (think FAQs or common dialogues). Semantic caching can dramatically cut response times for these cases. For instance, if a caller asks “When can I bring my car for servicing?” and later another caller asks “When is your car wash generally open?”, a semantic cache would detect the repetition and instantly serve the cached answer. This is especially useful for IVR or customer support bots. Moreover, caching can include multimodal artifacts ex. storing a generated TTS audio file along with the text. Production systems do this to skip TTS on repeats: on a cache miss you generate the text and audio, store both, and on a hit you return the cached text and a URL or ID for the prerecorded audio. The next time someone asks that question, the voice agent can play the pre-synthesized audio immediately instead of regenerating speech, saving hundreds of milliseconds. Hitting the cache is far faster than a full LLM run. A self-hosted semantic cache can answer in ~50 ms (or ~200 ms via an API call) versus an LLM which might take seconds. This translates to a snappier dialogue and lower compute cost. In practical terms, even moderate reuse can yield big savings. Each cache hit avoids LLM token generation latency and also ensures consistent answers (the same question gets the same response every time ). Doing this in a very contextual manner is not easy. You don’t want to hit the cache for every related question and you want to give a personalised answer to the user. Here is the CTO of Hyperbound AI talking about choosing Vapi because of its great semantic caching abilities. (ignore the typo from the Tegus screenshot. Their STT is bad) Semantic caching has become a standard optimisation and an “easy win” these days though. Every horizontal provider gives the capability and even agent orchestration frameworks like Langchain give OOTB tooling for adding semantic caches to your tool calls. It’s important to scope the cache to each context or persona: e.g. maintain separate caches per voice agent or client to avoidmixing answers between different domains. It is generally recommended to filter personal data out of cached content and implementing cache invalidation rules (e.g. time-based eviction or manual resets for stale answers)Prompt Optimisation TechniquesFeeding long conversation histories or verbose prompts into an LLM is a major source of latency. The more tokens the model must process, the longer it takes to produce a response. In this section, we will look at some tricks to minimise the prompt and complexity per request while making sure the context and functionality isn’t lost. Prompt distillation and summary: Rather than resending the entire chat history each turn, distill older turns into a concise summary. For example, after a few exchanges, a voice agent can replace the detailed transcript of earlier dialogue with a one-sentence summary or extracted facts. This compresses memory so the prompt stays within a small window. The LLM only seesthe essential bits of prior context, reducing token count. Automated recursive summarization of previous interactions (possibly using a smaller model or a background batch job) can maintain context implicitly. Another thing you can do it implement a rolling context window. A simple heuristic is to include only the last N turns of dialogue verbatim, and omit or summarize older turns as above. This creates a sliding window that “forgets” distant history except for a synopsis. Developers often keep the most recent user question and agent answer in full (since they’re directly relevant), and progressively trim earlier content. This dynamic prompt trimming ensures the prompt doesn’t grow past the model’s context length. It also helps latency: processing 500 tokens of relevant text is a lot faster than re-processing 5000 tokens of entire history every time. For open ended voice applications, in real time, the system can decide what to include based on importance. For instance, if a user’s new query is on a new topic, the agent might drop irrelevant past context altogether. If the user references something from earlier, the agent can retrieve just that piece. You can do this with a RAG and maintening an index of the conversation history and fetch only the portions semantically related to the latest query (a form of hybrid dense/sparse retrieval for context). By combining keyword search (to catch explicit references) and embedding similarity (to catch topical relevance), the agent can cherry-pick which past utterances to feed the LLM. This hybrid retrieval ensures important context is present but extraneous chat is omitted. When conversations get very long, another trick is to periodically inject a “summary memory” back into the prompt and clear out raw dialogue. For example, after 10 turns, the system might insert: “Summary: [brief summary of discussion so far]” as a system or assistant message, then start a fresh context window with that summary plus the last Q&A. This compacts the state. Some systems maintain multiple summaries at different granularity (e.g. a running short-term summary updated every turn, and a more detailed long- term summary updated less frequently). Breaking context into chunks and summarizing each chunk can help the model recall older info without processing it repeatedly. These summaries themselves can be stored and retrieved when relevant (like notes). Streaming and Overlap of STT, LLM, and TTSTraditional voice agents operated in a strictly turn-based fashion: the user speaks, the system waits for them to finish, then processes the query, and finally speaks the response. This results in noticeable dead air while the user waits for the agent’s reply. Modern real-time architectures instead use streaming at each stage, overlapping tasks to eliminate idle gaps. The goal is to make the conversation feel fluid, as if the agent is listening and formulating a response almost simultaneously. Streaming STT: Rather than buffering the entire user utterance, streaming speech-to-text transcribes audio on the fly. As the user speaks, partial text hypotheses are produced every tens of milliseconds. This allows the system to get a head start on understanding the query. By the time the user finishes speaking (or even before they finish), the agent may already have most of the text. For example, with a capable streaming STT, an utterance might be recognized with only ~200 ms delay from speech. Real-time voice agents use this to overlap listening and thinking: the LLM can start working as soon as it has enough of the utterance to guess the intent, without waiting for a full stop. I still remember watching Google’s Duplex demo in some I/O event. They were injecting “uh-huh” while still transcribing, to show the user they’re listening and make the overall experience very natural. Link: How to choose a STT model for your voice agent Nearly all modern LLM services (OpenAI, Anthropic, etc.) support streaming output, meaning the model generates tokens incrementally and sends them as they’re ready. This is crucial for latency – the user doesn’t need to wait for the entire answer to be formulated. My biggest gripe with this is that they don’t have any atomic methods to stream the function calls. You sometimes have to wait for the entire function block to stream before making the tool call which adds unnecessary latency. If your voice agent company has found a workaround around this, please reach out to me. Time-to-First-Token(TTFT) is a key metric here. Ideally, the LLM should emit the initial word of its answer within a fraction of a second so the TTS can begin. Streaming text-to-speech (TTS) is the counterpart to streaming STT. Instead of waiting for the full generated sentence, advanced TTS systems can start synthesizing audio from the first chunk of text and continue as more text comes in. This means as soon as the LLM produces a few words, the agent’s voice can start speaking them. The overlap of LLM and TTS is crucial: if the model streams at (say) 20 tokens/sec and the TTS can synthesize just as fast, the spoken output will closely trail the model’s generation. Some architectures even interleave these so tightly that the end-to-end latency is basically TTFT + a small TTS buffer. In practice, many voice AI platforms (Retell, Bland, etc.) achieve extremely low response delay by pipelining in this way – e.g. Retell AI advertises ~600 ms end-to-end latency for a response. This likely includes a few hundred ms for STT, a couple hundred for LLM to start streaming, and another couple hundred for TTS to produce the first audio. By comparison, a non-streaming system might take 2–3 seconds before it even begins speaking(believe me, I vibe coded a dumb voice system last weekend). Streaming cuts that dramatically. One design pattern is to generate an answer sentence-by-sentence: as soon as the modelhas the first sentence, send it to TTS while the model works on the second sentence, and so on. Time-to-First-Byte(TTFB) is the key metric here. Ideally you want the TTS model to start speaking ASAP as soon as it receives the test How to choose a TTS model for your voice agent Concurrent STT and response formuation: Real-time architectures strive for full-duplex interaction. The agent doesn’t strictly wait for the user to finish talking to begin its own processing. In fact, with the right design, an AI agent might even start responding before the user has finished their sentence (as humans sometimes do). Experimental systems (e.g. Meta’s Speech ReaLLM research aim to make LLMs proactive – generating partial responses while input is still streaming in. In practice, most current voice agents are half-duplex with barge-in: the agent won’t talk over the user (except maybe to interject a short acknowledgment), but it will listen and prepare in parallel so it can reply immediately once the user stops. Achieving true full-duplex (both talking at once) is still an active research problem, but the trend is moving toward agents that feel less turn-based. For instance, one can simulate a bit of full-duplex by having the agent produce brief backchannels (“I see”, “mm-hmm”) during a long user monologue to show it’s engaged – this requires very low latency understanding so as not to mis-time these cues. As latency gets pushed down, these natural conversation behaviors become feasible. An effective pattern is staged processing: 1. While user speaks, stream audio to STT and buffer text. 2. Immediately on end-of-speech, send the accumulated text (or even the partial text before the end) to the LLM, which starts generating. 3. As soon as the first tokens are out, begin TTS. 4. If the user starts speaking again (barge-in), detect it and cut off TTS (more on that in the next section). Startup and Warm up Latency MinimisationLatency isn’t only about how fast the model generates tokens; it also includes any delays in starting up the model or service. In real-time voice interactions, even a one-time delay (like a cold start) can ruin the user experience on the first query. Therefore, systems must minimize initialization overhead and avoid cold starts during a session. Warm prompting / priming: If using an API-based LLM (like OpenAI), the very first request in a session may incur extra latency (due to loading the model or caching the prompt). One trick is to send a lightweight “warm-up” query in advance. For example, some developers issue a dummy prompt (e.g. “ping”) to the LLM when a call begins or even periodically during idle times, just to keep the model instance warm. This can reduce latency for the real user queries that follow, since the model’s context cache is already initialized on the server. Essentially, you pay a tiny cost upfront to avoid a bigger delay later. Similarly, with on-prem models, doing a dry-run through the network and model path at startup (e.g. generating an empty response) can load weightsinto memory. Many open-source inference servers allow you to maintain a session state between queries. If a voice conversation is ongoing, you can reuse the LLM’s internal cache of key/value attention states for the next turn instead of recomputing from scratch. You can feed the conversation as it grows and carry over the past_key_values to the next generate call. This means the model doesn’t have to re-encode the entire history each time – it incrementally continues generation. In a long back-and-forth dialogue, this can save significant time (the initial prompt is encoded once, then only new user input is encoded subsequently). Some inference engines (like vLLM) even support prefix caching: if you have a static system prompt or persona description at the start of every query, the engine can precompute its vectors and reuse them, rather than encoding that prompt text for every request. All these techniques reduce duplicated work on repeated or continuous queries, shaving offlatency. Avoid cold starts with warm pools: In a serverless or autoscaling scenario, cold start latency (loading a large model into RAM or spinning up a new GPU container) can be 10–30 seconds – obviously unacceptable for real-time voice. To combat this, ensure at least one instance of your model service is always running (a warm pool of instances). Cloud providers and frameworks allow configuring a minimum number of warm workers. Even if load is zero, keep one hot. This way the first request doesn’t pay the full load cost. Retell for example suggest using a high- priority pool or reserved capacity for low latency if your response times are creeping us. It’s better to incur a bit more cost keeping resources alive than to have a caller wait awkwardly while a model loads. Fast model loading and lightweight models: Choose models and serving frameworks that start quickly. Smaller models (or quantized models) not only run faster, but also load faster from disk. For example, a 7B parameter model can be loaded in a couple of seconds on my macbook (24GB RAM M4 Pro), whereas a 32B model takes 10+ seconds to initialize. If you require a large model for quality, one idea is to defer using it for a second or two and initially use a smaller model for the very first reply. For instance, a voice assistant might use a fast 1.3B model to say a greeting like “Hello, how can I help you today?” instantly, while in the background loading the 13B model that will handle the actual query. The user hears the greeting (which buys time), and by the time they ask their question, the heavy model is ready. This kind of staged startup can mask latency by doing useful work (like greeting or collecting the user’s name) while loading the main model. Connection keep-alive and efficient transport: Ensure that the overhead of making requests to the model is minimized. For example, use persistent connections or gRPC streaming to avoid HTTP setup latency for each request. If your voice agent architecture has separate services (STTservice, LLM service, TTS service), make sure they are long-lived and reuse connections so you’re not negotiating new network handshakes each time. In practice, gRPC with bidirectional streaming is a popular choice for voice pipelines because it allows audio, text, and tokens to flow with low overhead continuously, rather than a start-stop HTTP pattern. ", "content_html": "Over the last week, I have been researching and reading about different horizontal platforms like Vapi, Retell and Bland to understand how they work behind the scenes. My main motivation was to 1) figure out the voice agent stack 2) see if there are any unsolved problems in the space and 3) look for interesting companies which I can then take up with my team at Accel for investing. Along the way, I learnt a fair bit about the importance of latency in building voice apps and how important is to achieve a sub ~800ms latency for end to end setups. It really makes or breaks the voice agent experience along with other things like interrupt and turn detection, mid-sentence redirection, etc and this posts looks at the all these considerations from a latency POV(and suggests tips) to build a kickass voice agent. To see how important is latency is in building voice applications, I vibe coded a small application to simulate how the user experience is for different latency configurations. You can play with it at comparevoiceai.com .
![](\"/assets/files/latencybreakdown.png\")
Most voice AI apps follow the below pattern. The user speaks into the microphone. THe audio is processed client side (noise compression, speaker isolation etc) and then piped with WebRTC (e.g., Daily) to a server, then Speed to Text (STT) models (like Deepgram) transcribes speech to text. The Dialogue/LLM layer turns that text into an appropriate reply transcript(probably calling other LLMs, function calls etc), which Text-to-Speech (TTS)—providers like ElevenLabs render as audio. A second WebRTC hop streams the audio back to the user, with each leg adding latency and failure points that orchestration must hide.
![](\"/assets/files/voiceaiflow.png\")
Achieving human-like responsiveness requires optimizations at every layer of this pipeline, especially in how we manage LLM context and system architecture. In the first section, we will look at all the methods we can use to cut latency on the central LLM block. If you want to learn more about choosing the right LLM provider for building your voice agents, you can read more on the blog post I wrote on the comparevoiceai.com website.
Link: Which LLM to choose for voice agents.
Semantic caching stores previous queries and LLM answers so that semantically similar prompts can reuse results without a full model call. Unlike traditional key-value caching (which hits only on exact string matches), semantic caching uses embeddings to match queries by intent, not exact wording. For example, “What’s the home loan policy?” and “How does your company handle home loands?” have the same intent; a semantic cache would recognize their similarity and return a cached answer if available.
The system first converts an incoming prompt into a vector embedding that captures its meaning. It then performs a similarity search in a vector database (e.g. FAISS, Pinecone, Chroma) of past query embeddings. If a cached query with high similarity is found above a threshold, the system returns the stored answer instead of calling the LLM. On a cache miss, the entire voice pipeline is run normally. You will do make the LLM generate a response normally, and the new query+answer are added to the cache (storing both the text and its embedding for future comparisons). This approach turns LLM calls into a search problem.
One good thing for us is that Voice agents often faces repetitive or similar user requests (think FAQs or common dialogues). Semantic caching can dramatically cut response times for these cases. For instance, if a caller asks “When can I bring my car for servicing?” and later another caller asks “When is your car wash generally open?”, a semantic cache would detect the repetition and instantly serve the cached answer. This is especially useful for IVR or customer support bots. Moreover, caching can include multimodal artifacts ex. storing a generated TTS audio file along with the text. Production systems do this to skip TTS on repeats: on a cache miss you generate the text and audio, store both, and on a hit you return the cached text and a URL or ID for the prerecorded audio. The next time someone asks that question, the voice agent can play the pre-synthesized audio immediately instead of regenerating speech, saving hundreds of milliseconds.
Hitting the cache is far faster than a full LLM run. A self-hosted semantic cache can answer in ~50 ms (or ~200 ms via an API call) versus an LLM which might take seconds. This translates to a snappier dialogue and lower compute cost. In practical terms, even moderate reuse can yield big savings. Each cache hit avoids LLM token generation latency and also ensures consistent answers (the same question gets the same response every time ). Doing this in a very contextual manner is not easy. You don’t want to hit the cache for every related question and you want to give a personalised answer to the user. Here is the CTO of Hyperbound AI talking about choosing Vapi because of its great semantic caching abilities. (ignore the typo from the Tegus screenshot. Their STT is bad)
![](\"/assets/files/semanticcaching.png\")
Feeding long conversation histories or verbose prompts into an LLM is a major source of latency. The more tokens the model must process, the longer it takes to produce a response. In this section, we will look at some tricks to minimise the prompt and complexity per request while making sure the context and functionality isn’t lost.
Prompt distillation and summary: Rather than resending the entire chat history each turn, distill older turns into a concise summary. For example, after a few exchanges, a voice agent can replace the detailed transcript of earlier dialogue with a one-sentence summary or extracted facts. This compresses memory so the prompt stays within a small window. The LLM only seesthe essential bits of prior context, reducing token count. Automated recursive summarization of previous interactions (possibly using a smaller model or a background batch job) can maintain context implicitly.
For open ended voice applications, in real time, the system can decide what to include based on importance. For instance, if a user’s new query is on a new topic, the agent might drop irrelevant past context altogether. If the user references something from earlier, the agent can retrieve just that piece. You can do this with a RAG and maintening an index of the conversation history and fetch only the portions semantically related to the latest query (a form of hybrid dense/sparse retrieval for context). By combining keyword search (to catch explicit references) and embedding similarity (to catch topical relevance), the agent can cherry-pick which past utterances to feed the LLM. This hybrid retrieval ensures important context is present but extraneous chat is omitted.
Traditional voice agents operated in a strictly turn-based fashion: the user speaks, the system waits for them to finish, then processes the query, and finally speaks the response. This results in noticeable dead air while the user waits for the agent’s reply. Modern real-time architectures instead use streaming at each stage, overlapping tasks to eliminate idle gaps. The goal is to make the conversation feel fluid, as if the agent is listening and formulating a response almost simultaneously.
![](\"/assets/files/streamoverlap.png\")
Streaming STT: Rather than buffering the entire user utterance, streaming speech-to-text transcribes audio on the fly. As the user speaks, partial text hypotheses are produced every tens of milliseconds. This allows the system to get a head start on understanding the query. By the time the user finishes speaking (or even before they finish), the agent may already have most of the text. For example, with a capable streaming STT, an utterance might be recognized with only ~200 ms delay from speech. Real-time voice agents use this to overlap listening and thinking: the LLM can start working as soon as it has enough of the utterance to guess the intent, without waiting for a full stop. I still remember watching Google’s Duplex demo in some I/O event. They were injecting “uh-huh” while still transcribing, to show the user they’re listening and make the overall experience very natural.
Nearly all modern LLM services (OpenAI, Anthropic, etc.) support streaming output, meaning the model generates tokens incrementally and sends them as they’re ready. This is crucial for latency – the user doesn’t need to wait for the entire answer to be formulated. My biggest gripe with this is that they don’t have any atomic methods to stream the function calls. You sometimes have to wait for the entire function block to stream before making the tool call which adds unnecessary latency. If your voice agent company has found a workaround around this, please reach out to me.
Streaming text-to-speech (TTS) is the counterpart to streaming STT. Instead of waiting for the full generated sentence, advanced TTS systems can start synthesizing audio from the first chunk of text and continue as more text comes in. This means as soon as the LLM produces a few words, the agent’s voice can start speaking them. The overlap of LLM and TTS is crucial: if the model streams at (say) 20 tokens/sec and the TTS can synthesize just as fast, the spoken output will closely trail the model’s generation. Some architectures even interleave these so tightly that the end-to-end latency is basically TTFT + a small TTS buffer. In practice, many voice AI platforms (Retell, Bland, etc.) achieve extremely low response delay by pipelining in this way – e.g. Retell AI advertises ~600 ms end-to-end latency for a response. This likely includes a few hundred ms for STT, a couple hundred for LLM to start streaming, and another couple hundred for TTS to produce the first audio. By comparison, a non-streaming system might take 2–3 seconds before it even begins speaking(believe me, I vibe coded a dumb voice system last weekend). Streaming cuts that dramatically. One design pattern is to generate an answer sentence-by-sentence: as soon as the modelhas the first sentence, send it to TTS while the model works on the second sentence, and so on.
Concurrent STT and response formuation: Real-time architectures strive for full-duplex interaction. The agent doesn’t strictly wait for the user to finish talking to begin its own processing. In fact, with the right design, an AI agent might even start responding before the user has finished their sentence (as humans sometimes do). Experimental systems (e.g. Meta’s Speech ReaLLM research aim to make LLMs proactive – generating partial responses while input is still streaming in. In practice, most current voice agents are half-duplex with barge-in: the agent won’t talk over the user (except maybe to interject a short acknowledgment), but it will listen and prepare in parallel so it can reply immediately once the user stops. Achieving true full-duplex (both talking at once) is still an active research problem, but the trend is moving toward agents that feel less turn-based. For instance, one can simulate a bit of full-duplex by having the agent produce brief backchannels (“I see”, “mm-hmm”) during a long user monologue to show it’s engaged – this requires very low latency understanding so as not to mis-time these cues. As latency gets pushed down, these natural conversation behaviors become feasible.
Latency isn’t only about how fast the model generates tokens; it also includes any delays in starting up the model or service. In real-time voice interactions, even a one-time delay (like a cold start) can ruin the user experience on the first query. Therefore, systems must minimize initialization overhead and avoid cold starts during a session.
Warm prompting / priming: If using an API-based LLM (like OpenAI), the very first request in a session may incur extra latency (due to loading the model or caching the prompt). One trick is to send a lightweight “warm-up” query in advance. For example, some developers issue a dummy prompt (e.g. “ping”) to the LLM when a call begins or even periodically during idle times, just to keep the model instance warm. This can reduce latency for the real user queries that follow, since the model’s context cache is already initialized on the server. Essentially, you pay a tiny cost upfront to avoid a bigger delay later. Similarly, with on-prem models, doing a dry-run through the network and model path at startup (e.g. generating an empty response) can load weightsinto memory.
Many open-source inference servers allow you to maintain a session state between queries. If a voice conversation is ongoing, you can reuse the LLM’s internal cache of key/value attention states for the next turn instead of recomputing from scratch. You can feed the conversation as it grows and carry over the past_key_values to the next generate call. This means the model doesn’t have to re-encode the entire history each time – it incrementally continues generation. In a long back-and-forth dialogue, this can save significant time (the initial prompt is encoded once, then only new user input is encoded subsequently). Some inference engines (like vLLM) even support prefix caching: if you have a static system prompt or persona description at the start of every query, the engine can precompute its vectors and reuse them, rather than encoding that prompt text for every request. All these techniques reduce duplicated work on repeated or continuous queries, shaving offlatency.
Avoid cold starts with warm pools: In a serverless or autoscaling scenario, cold start latency (loading a large model into RAM or spinning up a new GPU container) can be 10–30 seconds – obviously unacceptable for real-time voice. To combat this, ensure at least one instance of your model service is always running (a warm pool of instances). Cloud providers and frameworks allow configuring a minimum number of warm workers. Even if load is zero, keep one hot. This way the first request doesn’t pay the full load cost. Retell for example suggest using a high- priority pool or reserved capacity for low latency if your response times are creeping us. It’s better to incur a bit more cost keeping resources alive than to have a caller wait awkwardly while a model loads.
![](\"/assets/files/retelllatency.png\")
Fast model loading and lightweight models: Choose models and serving frameworks that start quickly. Smaller models (or quantized models) not only run faster, but also load faster from disk. For example, a 7B parameter model can be loaded in a couple of seconds on my macbook (24GB RAM M4 Pro), whereas a 32B model takes 10+ seconds to initialize. If you require a large model for quality, one idea is to defer using it for a second or two and initially use a smaller model for the very first reply. For instance, a voice assistant might use a fast 1.3B model to say a greeting like “Hello, how can I help you today?” instantly, while in the background loading the 13B model that will handle the actual query. The user hears the greeting (which buys time), and by the time they ask their question, the heavy model is ready. This kind of staged startup can mask latency by doing useful work (like greeting or collecting the user’s name) while loading the main model.
Connection keep-alive and efficient transport: Ensure that the overhead of making requests to the model is minimized. For example, use persistent connections or gRPC streaming to avoid HTTP setup latency for each request. If your voice agent architecture has separate services (STTservice, LLM service, TTS service), make sure they are long-lived and reuse connections so you’re not negotiating new network handshakes each time. In practice, gRPC with bidirectional streaming is a popular choice for voice pipelines because it allows audio, text, and tokens to flow with low overhead continuously, rather than a start-stop HTTP pattern.
Over the last week, I was reading, building and researching about voice agents. I made a few prototypes and along the way tried to understand the nuances of building voice agent applications. What started as casual curiosity about calculating pricing for voice agents culminated into vibe coding a voice ai agent pricing calculator. You can find it at comparevoiceai.com
![](\"/assets/files/comparevoiceai.png\")
After reading a bunch of blogs and comparing benchmark data across providers, I realized just how difficult it is to estimate the true cost of running voice agents in production. Most people focus on the obvious components (LLM costs, perhaps transcription), but miss the quadratic growth pattern that makes long conversations exponentially more expensive. A 40-min session can cost 100x more than a 4-min session. The costs of each component (STT, LLM, TTS) don’t necessarily scale linearly.
It currently lets you select different providers for each component of the voice AI stack:
The calculator then provides a detailed breakdown showing the individual costs for transcription, LLM processing, voice synthesis, and even infrastructure hosting(for running your orchestration, VAD, any audio processing etc).
Another super important thing for building voice agents is latency. Cost is only half the equation, though. Voice-to-Voice latency measures the total time from when a user finishes speaking to when they hear the AI response. Lower latency creates more natural conversational experiences. However, its not super intuitive where the latency is coming from and how you can optimise it. If you want to learn more about this, you can read this blog I wrote for reducing latency in your voice agent application. The website also has a simulator, where you can simulate a conversation with various latency figures.
Personally this project has been my playground for learning SEO. I’ve been:
I have never marketed anything in my life before. If I am going to start a company and sell software, I better learn how to make my calculator website come on the first page of Google results (or LLM results) soon. This was one of the main motivations of actually seeing this project to completion(with a separate domain name too). I am still super early on figuring out this SEO stuff (have a day job these days, so can’t do this fulltime) but I will update this blog if my website starts ranking high on search results.
", "url": "https://rnikhil.com/2025/05/18/compare-voice-model-agent", "date_published": "2025-05-18T00:00:00+00:00", "date_modified": "2025-05-18T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/04/26/llm-coin-toss-odd-even", "title": "Flipping some coins with LLMs", "summary": null, "content_text": " This experiment is not rigorous (no control on hardware/seed) and doesnt have any significance.While LLMs theoretically understand “randomness,” their training data distributions may create unexpected patterns. In this article we will test different LLMs from OpenAI and Anthropic to see if they provide unbiased results. For the first experiment we will make it toss a fair coin and for the next, we will make it guess a number between 0-10 and see if its equally distributed between even and odd. I know the sample sizes are small and probably not very statistically significant. This whole thing is just for fun.Experiment 1 : Tossing a fair coin Prompt used: Toss a fair coin. Just say “heads” or “tails”. Just output the result. Don’t say anything else. Don’t write code. Don’t use any tools.Before we plot the results, we calculate deviation. Deviation simply measures how far each model’s heads probability strays from the ideal unbiased value (0.5 or 50%). It’s calculated as: Deviation = P(Heads) - 0.5For example, Claude 3.7 Sonnet has P(Heads) = 0.58, so its deviation is 0.58 - 0.5 = 0.08 (or 8%). This directly quantifies bias magnitude and direction, with positive values indicating heads bias and negative values indicating tails bias. The first graph shows raw proportions of heads vs tails, while the second graph visualizes these deviations.Next we also do a chi-squared test to determine whether the bias is statistically significant or could reasonably occur by chance. I know we don’t have a big enough sample size but I am just doing this for fun. For each model, it’s calculated as: χ² = Σ (Observed - Expected)²/ExpectedWith 100 tosses per model and an expected 50/50 split: χ² = (Observed_Heads - 50)²/50 + (Observed_Tails - 50)²/50For Claude 3.7 Sonnet: χ² = (58 - 50)²/50 + (42 - 50)²/50 = 2.56A χ² value greater than 3.84 (critical value for df=1, p=0.05) indicates statistical significance. Models with statistically significant bias are shown in red in the deviation graph, indicating their bias likely reflects an inherent trait rather than random chance. Claude’s χ² = 2.56 falls below this threshold, suggesting its observed bias could reasonably occur by random variation.Key Findings: All models show “heads” bias - every LLM tested produced more heads than tails Bias severity varies significantly - ranging from 8% (Claude) to 49% (GPT-o1) Statistical significance - Claude is the only model whose bias isn’t statistically significant OpenAI models show substantially stronger heads bias than ClaudeAnalysis Details: Most biased: o1 (99% heads) and GPT-4.1 (96% heads) Least biased: Claude 3.7 Sonnet (58% heads) Average bias: 30.7% deviation from perfect balance Chi-square tests confirm statistical significance for all models except ClaudeExperiment 2 : Odd vs even Prompt used: Generate a random number between 1 and 10 (both inclusive). Just output the number. Don’t say anything else. Don’t write code. Don’t use any tools. Don’t explain. Don’t output anything except the number.Now we repeat the same analysis as above and plot the numbers.Key Findings: Strong odd number bias in most models - 4 out of 6 models show statistically significant preference for odd numbers Claude shows extreme bias - With 97% odd numbers, Claude 3.7 Sonnet has the strongest bias (47% deviation from expected) GPT-4.5 shows perfect balance - Exactly 50/50 distribution between odd and even Two unbiased models - GPT-4.5-preview and GPT-4.1 show no statistically significant biasStatistical Analysis: Most biased: Claude 3.7 Sonnet (χ² = 88.36, p < 0.05) Perfectly balanced: GPT-4.5-preview (χ² = 0.00) Average bias magnitude: 18.0% deviation from expected 50/50 split Direction of bias: Most models favor odd numbers, while GPT-4.1 slightly favors even numbersIts interesting to see Claude being unbiased while tossing coins but being super biased when prediction odd/even numbers.Raw dataCoin tossOdd vs Even", "content_html": "This experiment is not rigorous (no control on hardware/seed) and doesnt have any significance.
While LLMs theoretically understand “randomness,” their training data distributions may create unexpected patterns. In this article we will test different LLMs from OpenAI and Anthropic to see if they provide unbiased results. For the first experiment we will make it toss a fair coin and for the next, we will make it guess a number between 0-10 and see if its equally distributed between even and odd. I know the sample sizes are small and probably not very statistically significant. This whole thing is just for fun.
Prompt used: Toss a fair coin. Just say “heads” or “tails”. Just output the result. Don’t say anything else. Don’t write code. Don’t use any tools.
Before we plot the results, we calculate deviation. Deviation simply measures how far each model’s heads probability strays from the ideal unbiased value (0.5 or 50%). It’s calculated as:
Deviation = P(Heads) - 0.5
For example, Claude 3.7 Sonnet has P(Heads) = 0.58, so its deviation is 0.58 - 0.5 = 0.08 (or 8%). This directly quantifies bias magnitude and direction, with positive values indicating heads bias and negative values indicating tails bias. The first graph shows raw proportions of heads vs tails, while the second graph visualizes these deviations.
![](\"/assets/files/hvt.png\")
Next we also do a chi-squared test to determine whether the bias is statistically significant or could reasonably occur by chance. I know we don’t have a big enough sample size but I am just doing this for fun. For each model, it’s calculated as:
χ² = Σ (Observed - Expected)²/Expected
With 100 tosses per model and an expected 50/50 split:
χ² = (Observed_Heads - 50)²/50 + (Observed_Tails - 50)²/50
For Claude 3.7 Sonnet:
χ² = (58 - 50)²/50 + (42 - 50)²/50 = 2.56
A χ² value greater than 3.84 (critical value for df=1, p=0.05) indicates statistical significance. Models with statistically significant bias are shown in red in the deviation graph, indicating their bias likely reflects an inherent trait rather than random chance. Claude’s χ² = 2.56 falls below this threshold, suggesting its observed bias could reasonably occur by random variation.
![](\"/assets/files/hvt1.png\")
Prompt used: Generate a random number between 1 and 10 (both inclusive). Just output the number. Don’t say anything else. Don’t write code. Don’t use any tools. Don’t explain. Don’t output anything except the number.
Now we repeat the same analysis as above and plot the numbers.
![](\"/assets/files/ct.png\")
![](\"/assets/files/ct1.png\")
Its interesting to see Claude being unbiased while tossing coins but being super biased when prediction odd/even numbers.
![](\"/assets/files/tossdata.png\")
![](\"/assets/files/numberdata.png\")
I see a ton of sales/marketing products all powered by AI, making hyper personalised content to target potential users and customers. These tools now make sophisticated, high-volume paid marketing campaigns accessible to everyone, from large enterprises to individual consumers. With LLMs, the messages and content have gotten to a point where the accuracy and quality of the has improved tremendously at scale. Moreover, the scale of outbound sales has also increased rapidly. You are now able to pump out 1000s of SEO blog posts, generate reels/videos on the fly and even use AI agents to do email/phone outreach at a never before seen scale.
While I think these AI powered sales products are going to perform very well in the short run, this is also going to cause a certain about of fatigue for the users and customers. (there is a small window here where companies adopting these tools are going to crush it) Eventually, humans are going to get used to the constant spam and start mentally tuning out these hyper personalized initiatives. It will kill the trust, attention and the subsequent conversion rates of these products. The SEO posts won’t be read, emails and calls will go unanswered and people will start tuning out even the personalised videos.
On top of this, ALL the companies will have equal access to these tools to create content and campaigns. Imagine giving out every SaaS company in the world these tools and asking them to sell their products to the same 10000 enterprises which pretty much everybody is targeting. There is going to be so much personalised AI slop in the future.
Your existing distribution will start mattering more. Having private access to the buyers or people will be absolutely important. Making personal relationships to these decision makers and other key people in the network would become compulsory since they essentially become gatekeepers. If outbound doesn’t work and it’s all going to be inbound, referrals and personal relationships will basically be everything.
We will start seeing companies build all this bottoms up. They will try to create and engineer virality on Twitter(like the icons.com team) and spend a ton of money on branding (for the company and maybe the CEO). Having a good Twitter/social media presence will become a compulsory pre-condition. The company owned channels (like websites, email lists or apps) where you have direct access to customers will become key demand generation pipelines. These will generate organic growth as satisfied customers and partners naturally promote the business.
The community and network effects will become critical competitive advantages. Companies will invest heavily in building engaged and trusted user communities, starting platforms where users create value for each other, and developing network driven acquisition strategies. These interconnected relationships will generate demand, creating defensible moats against competitors relying solely on paid acquisition.
If you are working on alternative sales/GTM products working on the above problem, please reach out to me.
", "url": "https://rnikhil.com/2025/04/25/sales-outbound-ai-dead", "date_published": "2025-04-25T00:00:00+00:00", "date_modified": "2025-04-25T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/03/26/mcp-standard-llm", "title": "Will MCP stay for the long term?", "summary": null, "content_text": "MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools. Based on the context, AI agents can decide which tools to use, in what order, and how to chain them together to accomplish a task. MCP also introduced a human-in-the-loop capabilities for humans to provide additional data and approve execution. With the right set of MCP servers, users can turn every MCP client into an “everything app.”MCP took inspiration from the Language Server Protocol (LSP), where typing in an editor can trigger the editor to query the language server(usually an extension) for autocomplete suggestions, function definitions or linting. MCP is more LLM centric and execution focused for agents. LSP is mostly reactive(server only reacts to inputs) whereas MCP is designed for multi-step autonomous workflows (automatically decide which tools to use and the sequence of usage).Another way to look at MCP is as a TCP/IP layer for agent communication. It replaces custom API connectors with a uniform MCP standard and enables you to connect your LLM to anything. It reduces development effort (write custom code for each API vs Connect to pre-built MCP servers), helps in context Management(manually maintain context between calls vs protocol maintains session context automatically) and error Handling (handle each API’s unique error patterns vs standardized error handling across services). This post is about whether MCP as a standard will stay and whether dev tools companies will build around it.I see two kind of worlds. An Apple like closed ecosystem where there are proprietary ways for AI agents to interact with tools/resources (which OpenAI is pursuing) and an Android type situation where you have open standards (which the tools/apps etc will support) and everybody builds on top. I believe both of them will co-exist but we are mainly concerned with whether MCP will exist in the latter world.The biggest bull case for MCP is the adoption momentum today. The spec is evolving super fast, it came with 100s of example implementations by the AI labs itself and its super easy to implement (basic HTTP rest api types and its just a standard for the explanation of the parameters and tools for any client ), so we have crazy developer engagement. Its also one of the first LLM specific API standard. First mover matters in standards (ex: we are still stuck with BGP for internet routing depsite its numerious flaws)What do we need for MCP to win? Discovery and a central registry. One of the biggest value add is being able to auto discover all possible tools (within one api) by just asking in english and dynamically load them (instead of predefining/loading) at runtime. This doesn’t exist yet but people are building them (like composio/agentr.dev etc). There are talks about an “Official MCP registry API” but its just on the roadmap now. There are 10s of independent server aggregators though. This will also give rise to MCP gateways which manage authentication, authorization, traffic management, and tool selectionm, similar to API gateways. I think hosted MCP companies make more sense than self hosting. Else, you will have to implement the MCP middleman and then also manage server executions/functions. At that point, you might as well implement the custom api yourself. Composability through MCP-MCP interactions. (there is an active github issue where people are working on this). Not very realistic today because multi step agent behavior is still hard to get right. MCP’s error handling and propagation should improve in this direction. **There is no concept of a state model to manage multi step executions. ** Enterprise adoption is sketchy. Servers haven’t been tested at scale yet. Authentication/rbac isn’t standardised(but there is an oauth implementation) and the protocol is still adding support for them. There is no defined way to do observability/logging either and you need to come up with your own implementation. MCP server companies primarily differentiate in how opinionated they implement these things. MCP needs better support for multi-tenant architectures where many users access a shared server. Currently there is a one-to-many relationship between clients and servers but this has to evolve into many-to-many for enterprise adoption. Authorization states aren’t baked into the protocol. There is no concept of a permission model and access control is usually at a session level. Bottomline Standards generally win only because some dev tools company adopts it and becomes successful. MCP is winning only because Anthropic nailed the claude fine tune to do multi step agent calls. Today you can ask claude something ( like analyse churn) and it will automatically execute sequential tool calls and return final result. This UX just wasn't possible before(without coding it yourself) It’s like openapi(which is for REST apis) but specialized for ai agents. While there is a lot of overlap, after looking at the basic filesystem mcp server implementation, I think they made it a little more LLM specific. (Ex: server broadcasts in “English” what the tools do and how to call them) I personally use the MCP servers because it lets me do more with a $20 subscription(like tool use inside claude). Earlier I needed an api key(which is more expensive ) and custom code. I download mcp servers like from an app store and make my claude desktop agentic (without writing any code) MCP doesn’t make sense in closed systems. (like openai) MCP needs hosted MCP server companies to win. Else, its just adds more complexity Composability(due to standardization) and discovery are the biggest value adds. Composability isnt unique to it but a MCP registry for discovery will be interesting. Appstore for LLMs sort of thing.Future predictions for the MCP stack If every software is basically AI powered, then every software potentially becomes a MCP client. Interactions go from being API-centric to task-centric. Instead of hard coding tools into control flows, we will see tools become higher abstractions that make sense for agents at execution time I expect a lot of MCP servers getting spawned from documentation of tools. Docs will become super important Pricing models for tools might change. If agent picks dynamically based on speed, cost, and relevance, how do you ensure your tool gets adoption in the marketplace? This will be super interesting to watch", "content_html": "MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools. Based on the context, AI agents can decide which tools to use, in what order, and how to chain them together to accomplish a task. MCP also introduced a human-in-the-loop capabilities for humans to provide additional data and approve execution. With the right set of MCP servers, users can turn every MCP client into an “everything app.”
![](\"/assets/files/mcp.jpg\")
MCP took inspiration from the Language Server Protocol (LSP), where typing in an editor can trigger the editor to query the language server(usually an extension) for autocomplete suggestions, function definitions or linting. MCP is more LLM centric and execution focused for agents. LSP is mostly reactive(server only reacts to inputs) whereas MCP is designed for multi-step autonomous workflows (automatically decide which tools to use and the sequence of usage).
Another way to look at MCP is as a TCP/IP layer for agent communication. It replaces custom API connectors with a uniform MCP standard and enables you to connect your LLM to anything. It reduces development effort (write custom code for each API vs Connect to pre-built MCP servers), helps in context Management(manually maintain context between calls vs protocol maintains session context automatically) and error Handling (handle each API’s unique error patterns vs standardized error handling across services). This post is about whether MCP as a standard will stay and whether dev tools companies will build around it.
I see two kind of worlds. An Apple like closed ecosystem where there are proprietary ways for AI agents to interact with tools/resources (which OpenAI is pursuing) and an Android type situation where you have open standards (which the tools/apps etc will support) and everybody builds on top. I believe both of them will co-exist but we are mainly concerned with whether MCP will exist in the latter world.
The biggest bull case for MCP is the adoption momentum today. The spec is evolving super fast, it came with 100s of example implementations by the AI labs itself and its super easy to implement (basic HTTP rest api types and its just a standard for the explanation of the parameters and tools for any client ), so we have crazy developer engagement. Its also one of the first LLM specific API standard. First mover matters in standards (ex: we are still stuck with BGP for internet routing depsite its numerious flaws)
Discovery and a central registry. One of the biggest value add is being able to auto discover all possible tools (within one api) by just asking in english and dynamically load them (instead of predefining/loading) at runtime. This doesn’t exist yet but people are building them (like composio/agentr.dev etc). There are talks about an “Official MCP registry API” but its just on the roadmap now. There are 10s of independent server aggregators though. This will also give rise to MCP gateways which manage authentication, authorization, traffic management, and tool selectionm, similar to API gateways.
I think hosted MCP companies make more sense than self hosting. Else, you will have to implement the MCP middleman and then also manage server executions/functions. At that point, you might as well implement the custom api yourself.
Composability through MCP-MCP interactions. (there is an active github issue where people are working on this). Not very realistic today because multi step agent behavior is still hard to get right. MCP’s error handling and propagation should improve in this direction. **There is no concept of a state model to manage multi step executions. **
Enterprise adoption is sketchy. Servers haven’t been tested at scale yet. Authentication/rbac isn’t standardised(but there is an oauth implementation) and the protocol is still adding support for them. There is no defined way to do observability/logging either and you need to come up with your own implementation. MCP server companies primarily differentiate in how opinionated they implement these things.
MCP needs better support for multi-tenant architectures where many users access a shared server. Currently there is a one-to-many relationship between clients and servers but this has to evolve into many-to-many for enterprise adoption.
Authorization states aren’t baked into the protocol. There is no concept of a permission model and access control is usually at a session level.
![](\"/assets/files/mcp1.jpg\")
This is the first couple pages of a report I worked on about AI agents.
In this section, we try to define what an agentic system is. Automation software(like email to calendar booking tools) are generally oversold as agentic systems and it’s important to ensure we all have the same understanding of the lingo used in this space.
Peter Norvig in his popular book defines an agent as anything that can perceive its environment and act upon that environment. A thermostat is an agent. A motion sensor light or smoke detector is also an agent. However, these are all dumb agents. We are more interested in building intelligent agents with LLM/AI as its core controller.
Interestingly, the definition of the term “AI agents” is hotly contested. Most of the common ones involve some version of putting LLMs + tools in a loop. Rather than looking at LLM systems in a binary way, it’s more useful to think of them to be agent-like to a different degree. The degree of control given to the LLM in guiding an application’s flow allows for varying levels of autonomy, which we shall call agentic. This helps us move away from the binary classification of systems and look at them as part of a spectrum. Ultimately, you want to give it a task and the AI is agentic enough to go and accomplish it.
![](\"/assets/files/agentspectrum.png\")
Since we have established that all LLM+tool powered systems are agentic on some level, we need to first classify the different types of agents. Borrowing the definition from [Anthropic](https://www.anthropic.com/research/building-effective-agents, we have two types of agentic systems.
Workflow agents are systems which are built by chaining together LLMs and tools which then are orchestrated through pre-defined code paths
Types of workflow agents:
![](\"/assets/files/workflowagent.png\")
Autonomous agents are systems where the LLM dynamically directs the execution path and tool usage and maintain full ownership on how they accomplish the task. They have no predefined paths to take. They start their flow from a simple command or conversation with the user, plan the task and use tools to accomplish the task. They might choose to ask humans for feedback or when encountering blockers and automatically terminate themselves when the task is completed.
![](\"/assets/files/autoagent.png\")
They are particularly useful for open-ended tasks where it’s hard to predict beforehand the number of steps required and where you can’t really hard code a fixed path. Some real world applications include CX agents which, based on the user conversation, automatically decide to access customer data and perform actions like issuing refunds and updating ticket statuses. In software development, coding autonomous agents are excellent because the solutions are verifiable, agents can iterate based on feedback from automated tests and the problem space is well defined
Workflow agents in general are more predictive, consistent, cheap and fast whereas the autonomous agents generally excel in complex tasks where you need flexibility at scale.
Before we jump into the tooling and infrastructure world for AI agents, it’s imperative to understand what exactly they are made of. While the LLM functions as the core brain, its complemented with some key components:
![](\"/assets/files/archagent.png\")
The LLM functions as the agent’s brain and agents typically require much powerful and bigger models compared to non-agentic use cases. This is because mistakes in multi step tasks get compounded. If an LLM is accurate, say 90% on a single step, this accuracy drops to 35% over 10 steps(0.9^10) and 12% over 20 steps. Smaller LLMs (and LLMs not trained on agentic flows) are simply unfeasible for these use cases.
Lot of core frameworks for agent planning were invented in 2022 and 2023. CoT or Tree of thoughts for example are standard prompting techniques for enhancing model performance on complex tasks. This forces the model to spend more test time compute in thinking step by step and break down big tasks into multiple smaller subtasks. Even self reflection frameworks (like ReACT) were invented in 2023 which help the LLM improve iteratively by refining past actions and correcting previous mistakes.
Lets consider a scenario where you ask your AI data analytics agent this question - “Analyze customer churn rates for our app subscribers”. This might make it go and perform the following:
The value add for agents is clear. Copilot was 40% of github revenue last year. Klarna AI agent handles 65% of the CX queries end-to-end. In this section, we look at ideal use cases and tasks for deploying AI agents.
While we have briefly looked at which agent architecture works for which kind of flows, we should also define what makes a task agentic vs non-agentic.
![](\"/assets/files/agenttask.png\")
A market map from Felicis showing some early winners in the AI agents space
![](\"/assets/files/marketmapagents.png\")
I was recently putting together a thesis on the AI agent tooling space. While I was researching the sector, talking to some VCs and looking at approaches taken by various companies, I decided to take a step back and question myself on whether the tooling+infra space is investable today in the first place. This short post is the result of that pondering.
Generally for any tech cycle, we can categorize all the companies into one of the three buckets below. They are either making the tech or building around the tech to monetize it or using/applying the tech for real world use cases.
Foundation companies
These are the companies which lay the foundation for the tech wave. This would be semi-conductors or network switch hardware or foundational models in case of AI or even L1 chains in case of crypto. Companies here are usually very capital intensive, needs heavy technical expertise and generally takes a long time to pan out. While its debatable on whether these companies would get commoditized, they certainly delivery big venture outcomes and are generally good bets if your fund can afford it.
Builder companies
These are companies which are building the tooling and infrastructure around the tech wave. This could be something like an observability/monitoring layer or low-code AI agent builders or evaluation tools or inference clouds. This is the so called picks and shovels of the gold rush and investing in this space gets you directional exposure to the tech cycle without getting you into investments which rely upon a particular way the tech cycle will pan out (maybe good for risk-averse investors).
My biggest concern with investing in this space is that these companies are building on a tech cycle which hasn’t stabilized. The application stack hasn’t yet figured out all the use cases for the technology and the foundation companies are innovating and putting out new tech everyday. Sometimes, entire building paradigms change overnight. (Imagine hallucinations get solved and AI models become interpretable and are no longer black boxes. All LLM eval tooling companies would have a bad time)
Application companies
These are companies which actually use the technology to solve pain points for customers. I think there are two types of companies which will emerge here. Existing companies which adopt the tech into their products and new companies which use this tech to delivery experiences which weren’t possible before.
For this cycle, existing note taking apps, CRM tools, project management tools, HR SaaS etc (by Google or Freshdesk) are going to supercharge their products with AI and they would win or retain the lead in most categories given they have the distribution and data already. It not that hard for Rippling or Salesforce to put an LLM behind all user interactions. What is interesting to me here are companies which are enabling entirely new experiences (not just powered by AI) which without AI wasn’t possible earlier. (like replacing a Mckinsey consultant or a paralegal at a law firm or sending $10k to a friend without banks getting involved). I am extremely bullish on the latter type of companies and quite excited to see what pans out.
", "url": "https://rnikhil.com/2025/03/10/investing-tech-cycle", "date_published": "2025-03-10T00:00:00+00:00", "date_modified": "2025-03-10T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/03/06/diffusion-models-eval", "title": "Diffusion models are interesting", "summary": null, "content_text": " HN DiscussionI stumbled across this tweet a week or so back where this company called Inception Labs released a Diffusion LLM (dLLM). Instead of being autoregressive and predicting tokens left to right, here you start all at once and then gradually come up with sensible words simultaneously (start/finish/middle etc. all at once). Something which worked historically for image and video models is now outperforming similar-sized LLMs in code generation. The company also claims 5-10x improvement across speed and efficiencyWhy are they interesting to me?After spending the better part of the last 2 years reading, writing, and working in LLM evaluation, I see some obvious first-hand benefits for this paradigm:Traditional LLMs hallucinate. It’s like they are confidently spitballing text while actually making up facts on the go. This is why they start sentences super confidently sometimes only to suggest something stupid in the end. dLLMs can generate certain important portions first, validate it, and then continue the rest of the generation. Ex: A CX chatbot would first generate the policy version number, validate it before advising a customer about a potentially hallucinated policy.Agents might get better. Multi-step agentic workflows may not get stuck in loops using dLLMs. Planning, reasoning, and self-correction are a crucial part of agent flows, and we might currently be bottlenecked due to the LLM architecture. dLLMs could solve for this by ensuring that the entire plan top to bottom stays coherent. It’s like seeing ahead in the future for a little bit (based on whatever context you have) and then ensuring you don’t get stuck.Here is a look at a more recent model responding to the prompt “Explain Game theory” to me. You can notice the last part of the sentences are generated before the middle. It’s quite fun to run some queries and see which words get generated first.You can try it yourself here on HF.", "content_html": "I stumbled across this tweet a week or so back where this company called Inception Labs released a Diffusion LLM (dLLM). Instead of being autoregressive and predicting tokens left to right, here you start all at once and then gradually come up with sensible words simultaneously (start/finish/middle etc. all at once). Something which worked historically for image and video models is now outperforming similar-sized LLMs in code generation.
![](\"/assets/files/inceptionlabs.png\")
After spending the better part of the last 2 years reading, writing, and working in LLM evaluation, I see some obvious first-hand benefits for this paradigm:
Traditional LLMs hallucinate. It’s like they are confidently spitballing text while actually making up facts on the go. This is why they start sentences super confidently sometimes only to suggest something stupid in the end. dLLMs can generate certain important portions first, validate it, and then continue the rest of the generation.
Agents might get better. Multi-step agentic workflows may not get stuck in loops using dLLMs. Planning, reasoning, and self-correction are a crucial part of agent flows, and we might currently be bottlenecked due to the LLM architecture. dLLMs could solve for this by ensuring that the entire plan top to bottom stays coherent. It’s like seeing ahead in the future for a little bit (based on whatever context you have) and then ensuring you don’t get stuck.
Here is a look at a more recent model responding to the prompt “Explain Game theory” to me. You can notice the last part of the sentences are generated before the middle. It’s quite fun to run some queries and see which words get generated first.
![](\"/assets/files/hfgif.gif\")
You can try it yourself here on HF.
", "url": "https://rnikhil.com/2025/03/06/diffusion-models-eval", "date_published": "2025-03-06T00:00:00+00:00", "date_modified": "2025-03-06T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2025/02/18/tolstoy-man-need", "title": "How much does a man need?", "summary": null, "content_text": " I am so enamoured by the last chapter in Alok Sama’s book - Money trap, that I have decided to repost Tolstoy’s short story on my blog. I think my readers will benefit from reading it.An elder sister came to visit her younger sister in the country. The elder was married to a tradesman in town, the younger to a peasant in the village. As the sisters sat over their tea talking, the elder began to boast of the advantages of town life: saying how comfortably they lived there, how well they dressed, what fine clothes her children wore, what good things they ate and drank, and how she went to the theater, promenades, and entertainments.The younger sister was piqued, and in turn disparaged the life of a tradesman, and stood up for that of a peasant.‘I would not change my way of life for yours,’ said she. ‘We may live roughly, but at least we are free from anxiety. You live in better style than we do, but though you often earn more than you need, you are very likely to lose all you have. You know the proverb, “Loss and gain are brothers twain.” It often happens that people who are wealthy one day are begging their bread the next. Our way is safer. Though a peasant’s life is not a fat one, it is a long one. We shall never grow rich, but we shall always have enough to eat.’The elder sister said sneeringly:‘Enough? Yes, if you like to share with the pigs and the calves! What do you know of elegance or manners! However much your good man may slave, you will die as you are living—on a dung heap—and your children the same.’‘Well, what of that?’ replied the younger. ‘Of course our work is rough and coarse. But, on the other hand, it is sure; and we need not bow to any one. But you, in your towns, are surrounded by temptations; to-day all may be right, but to-morrow the Evil One may tempt your husband with cards, wine, or women, and all will go to ruin. Don’t such things happen often enough?’Pahóm, the master of the house, was lying on the top of the oven, and he listened to the women’s chatter.‘It is perfectly true,’ thought he. ‘Busy as we are from childhood tilling mother earth, we peasants have no time to let any nonsense settle in our heads. Our only trouble is that we haven’t land enough. If I had plenty of land, I shouldn’t fear the Devil himself!’The women finished their tea, chatted a while about dress, and then cleared away the tea-things and lay down to sleep.But the Devil had been sitting behind the oven, and had heard all that was said. He was pleased that the peasant’s wife had led her husband into boasting, and that he had said that if he had plenty of land he would not fear the Devil himself.‘All right,’ thought the Devil. ‘We will have a tussle. I’ll give you land enough; and by means of that land I will get you into my power.’Close to the village there lived a lady, a small landowner, who had an estate of about three hundred acres[1]. She had always lived on good terms with the peasants, until she engaged as her steward an old soldier, who took to burdening the people with fines. However careful Pahóm tried to be, it happened again and again that now a horse of his got among the lady’s oats, now a cow strayed into her garden, now his calves found their way into her meadows—and he always had to pay a fine.Pahóm paid, but grumbled, and, going home in a temper, was rough with his family. All through that summer, Pahóm had much trouble because of this steward; and he was even glad when winter came and the cattle had to be stabled. Though he grudged the fodder when they could no longer graze on the pasture-land, at least he was free from anxiety about them.In the winter the news got about that the lady was going to sell her land, and that the keeper of the inn on the high road was bargaining for it. When the peasants heard this they were very much alarmed.‘Well,’ thought they, ‘if the innkeeper gets the land, he will worry us with fines worse than the lady’s steward. We all depend on that estate.’So the peasants went on behalf of their Commune, and asked the lady not to sell the land to the innkeeper; offering her a better price for it themselves. The lady agreed to let them have it. Then the peasants tried to arrange for the Commune to buy the whole estate, so that it might be held by all in common. They met twice to discuss it, but could not settle the matter; the Evil One sowed discord among them, and they could not agree. So they decided to buy the land individually, each according to his means; and the lady agreed to this plan as she had to the other.Presently Pahóm heard that a neighbor of his was buying fifty acres, and that the lady had consented to accept one half in cash and to wait a year for the other half. Pahóm felt envious.‘Look at that,’ thought he, ‘the land is all being sold, and I shall get none of it.’ So he spoke to his wife.‘Other people are buying,’ said he, ‘and we must also buy twenty acres or so. Life is becoming impossible. That steward is simply crushing us with his fines.’So they put their heads together and considered how they could manage to buy it. They had one hundred rubles laid by. They sold a colt, and one half of their bees; hired out one of their sons as a laborer, and took his wages in advance; borrowed the rest from a brother-in-law, and so scraped together half the purchase money.Having done this, Pahóm chose out a farm of forty acres, some of it wooded, and went to the lady to bargain for it. They came to an agreement, and he shook hands with her upon it, and paid her a deposit in advance. Then they went to town and signed the deeds; he paying half the price down, and undertaking to pay the remainder within two years.So now Pahóm had land of his own. He borrowed seed, and sowed it on the land he had bought. The harvest was a good one, and within a year he had managed to pay off his debts both to the lady and to his brother-in-law. So he became a landowner, plowing and sowing his own land, making hay on his own land, cutting his own trees, and feeding his cattle on his own pasture. When he went out to plow his fields, or to look at his growing corn, or at his grass-meadows, his heart would fill with joy. The grass that grew and the flowers that bloomed there, seemed to him unlike any that grew elsewhere. Formerly, when he had passed by that land, it had appeared the same as any other land, but now it seemed quite different.So Pahóm was well contented, and everything would have been right if the neighboring peasants would only not have trespassed on his corn-fields and meadows. He appealed to them most civilly, but they still went on: now the Communal herdsmen would let the village cows stray into his meadows; then horses from the night pasture would get among his corn. Pahóm turned them out again and again, and forgave their owners, and for a long time he forbore from prosecuting any one. But at last he lost patience and complained to the District Court. He knew it was the peasants’ want of land, and no evil intent on their part, that caused the trouble; but he thought:‘I cannot go on overlooking it, or they will destroy all I have. They must be taught a lesson.’So he had them up, gave them one lesson, and then another, and two or three of the peasants were fined. After a time Pahóm’s neighbors began to bear him a grudge for this, and would now and then let their cattle on to his land on purpose. One peasant even got into Pahóm’s wood at night and cut down five young lime trees for their bark. Pahóm passing through the wood one day noticed something white. He came nearer, and saw the stripped trunks lying on the ground, and close by stood the stumps, where the tree had been. Pahóm was furious.‘If he had only cut one here and there it would have been bad enough,’ thought Pahóm, ‘but the rascal has actually cut down a whole clump. If I could only find out who did this, I would pay him out.’He racked his brains as to who it could be. Finally he decided: ‘It must be Simon-no one else could have done it.’ So he went to Simon’s homestead to have a look round, but he found nothing, and only had an angry scene. However, he now felt more certain than ever that Simon had done it, and he lodged a complaint. Simon was summoned. The case was tried, and re-tried, and at the end of it all Simon was acquitted, there being no evidence against him. Pahóm felt still more aggrieved, and let his anger loose upon the Elder and the Judges.‘You let thieves grease your palms,’ said he. ‘If you were honest folk yourselves, you would not let a thief go free.’So Pahóm quarreled with the Judges and with his neighbors. Threats to burn his building began to be uttered. So though Pahóm had more land, his place in the Commune was much worse than before.About this time a rumor got about that many people were moving to new parts.’There’s no need for me to leave my land,’ thought Pahóm. ‘But some of the others might leave our village, and then there would be more room for us. I would take over their land myself, and make my estate a bit bigger. I could then live more at ease. As it is, I am still too cramped to be comfortable.’One day Pahóm was sitting at home, when a peasant passing through the village, happened to call in. He was allowed to stay the night, and supper was given him. Pahóm had a talk with this peasant and asked him where he came from. The stranger answered that he came from beyond the Volga, where he had been working. One word led to another, and the man went on to say that many people were settling in those parts. He told how some people from his village had settled there. They had joined the Commune, and had had twenty-five acres per man granted them. The land was so good, he said, that the rye sown on it grew as high as a horse, and so thick that five cuts of a sickle made a sheaf. One peasant, he said, had brought nothing with him but his bare hands, and now he had six horses and two cows of his own.Pahóm’s heart kindled with desire. He thought:‘Why should I suffer in this narrow hole, if one can live so well elsewhere? I will sell my land and my homestead here, and with the money I will start afresh over there and get everything new. In this crowded place one is always having trouble. But I must first go and find out all about it myself.’Towards summer he got ready and started. He went down the Volga on a steamer to Samára, then walked another three hundred miles on foot, and at last reached the place. It was just as the stranger had said. The peasants had plenty of land: every man had twenty-five acres of Communal land given him for his use, and any one who had money could buy, besides, at two shillings an acre[2] as much good freehold land as he wanted.Having found out all he wished to know, Pahóm returned home as autumn came on, and began selling off his belongings. He sold his land at a profit, sold his homestead and all his cattle, and withdrew from membership of the Commune. He only waited till the spring, and then started with his family for the new settlement.As soon as Pahóm and his family arrived at their new abode, he applied for admission into the Commune of a large village. He stood treat to the Elders, and obtained the necessary documents. Five shares of Communal land were given him for his own and his sons’ use: that is to say—125 acres (not all together, but in different fields) besides the use of the Communal pasture. Pahóm put up the buildings he needed, and bought cattle. Of the Communal land alone he had three times as much as at his former home, and the land was good corn-land. He was ten times better off than he had been. He had plenty of arable land and pasturage, and could keep as many head of cattle as he liked.At first, in the bustle of building and settling down, Pahóm was pleased with it all, but when he got used to it he began to think that even here he had not enough land. The first year, he sowed wheat on his share of the Communal land, and had a good crop. He wanted to go on sowing wheat, but had not enough Communal land for the purpose, and what he had already used was not available; for in those parts wheat is only sown on virgin soil or on fallow land. It is sown for one or two years, and then the land lies fallow till it is again overgrown with prairie grass. There were many who wanted such land, and there was not enough for all; so that people quarreled about it. Those who were better off, wanted it for growing wheat, and those who were poor, wanted it to let to dealers, so that they might raise money to pay their taxes. Pahóm wanted to sow more wheat; so he rented land from a dealer for a year. He sowed much wheat and had a fine crop, but the land was too far from the village—the wheat had to be carted more than ten miles. After a time Pahóm noticed that some peasant-dealers were living on separate farms, and were growing wealthy; and he thought:‘If I were to buy some freehold land, and have a homestead on it, it would be a different thing, altogether. Then it would all be nice and compact.’The question of buying freehold land recurred to him again and again.He went on in the same way for three years; renting land and sowing wheat. The seasons turned out well and the crops were good, so that he began to lay money by. He might have gone on living contentedly, but he grew tired of having to rent other people’s land every year, and having to scramble for it. Wherever there was good land to be had, the peasants would rush for it and it was taken up at once, so that unless you were sharp about it you got none. It happened in the third year that he and a dealer together rented a piece of pasture land from some peasants; and they had already plowed it up, when there was some dispute, and the peasants went to law about it, and things fell out so that the labor was all lost.‘If it were my own land,’ thought Pahóm, ‘I should be independent, and there would not be all this unpleasantness.’So Pahóm began looking out for land which he could buy; and he came across a peasant who had bought thirteen hundred acres, but having got into difficulties was willing to sell again cheap. Pahóm bargained and haggled with him, and at last they settled the price at 1,500 rubles, part in cash and part to be paid later. They had all but clinched the matter, when a passing dealer happened to stop at Pahóm’s one day to get a feed for his horse. He drank tea with Pahóm, and they had a talk. The dealer said that he was just returning from the land of the Bashkírs, far away, where he had bought thirteen thousand acres of land all for 1,000 rubles. Pahóm questioned him further, and the tradesman said:‘All one need do is to make friends with the chiefs. I gave away about one hundred rubles’ worth of dressing-gowns and carpets, besides a case of tea, and I gave wine to those who would drink it; and I got the land for less than twopence an acre[3]. And he showed Pahóm the title-deeds, saying:‘The land lies near a river, and the whole prairie is virgin soil.’Pahóm plied him with questions, and the tradesman said:‘There is more land there than you could cover if you walked a year, and it all belongs to the Bashkírs. They are as simple as sheep, and land can be got almost for nothing.’‘There now,’ thought Pahóm, ‘with my one thousand rubles, why should I get only thirteen hundred acres, and saddle myself with a debt besides? If I take it out there, I can get more than ten times as much for the money.’Pahóm inquired how to get to the place, and as soon as the tradesman had left him, he prepared to go there himself. He left his wife to look after the homestead, and started on his journey taking his man with him. They stopped at a town on their way, and bought a case of tea, some wine, and other presents, as the tradesman had advised. On and on they went until they had gone more than three hundred miles, and on the seventh day they came to a place where the Bashkírs had pitched their tents. It was all just as the tradesman had said. The people lived on the steppes, by a river, in felt-covered tents[4]. They neither tilled the ground, nor ate bread. Their cattle and horses grazed in herds on the steppe. The colts were tethered behind the tents, and the mares were driven to them twice a day. The mares were milked, and from the milk kumiss was made. It was the women who prepared kumiss, and they also made cheese. As far as the men were concerned, drinking kumiss and tea, eating mutton, and playing on their pipes, was all they cared about. They were all stout and merry, and all the summer long they never thought of doing any work. They were quite ignorant, and knew no Russian, but were good-natured enough.As soon as they saw Pahóm, they came out of their tents and gathered round their visitor. An interpreter was found, and Pahóm told them he had come about some land. The Bashkírs seemed very glad; they took Pahóm and led him into one of the best tents, where they made him sit on some down cushions placed on a carpet, while they sat round him. They gave him tea and kumiss, and had a sheep killed, and gave him mutton to eat. Pahóm took presents out of his cart and distributed them among the Bashkírs, and divided among them the tea. The Bashkírs were delighted. They talked a great deal among themselves, and then told the interpreter to translate.‘They wish to tell you,’ said the interpreter, ‘that they like you, and that it is our custom to do all we can to please a guest and to repay him for his gifts. You have given us presents, now tell us which of the things we possess please you best, that we may present them to you.’‘What pleases me best here,’ answered Pahóm, ‘is your land. Our land is crowded, and the soil is exhausted; but you have plenty of land and it is good land. I never saw the like of it.’The interpreter translated. The Bashkírs talked among themselves for a while. Pahóm could not understand what they were saying, but saw that they were much amused, and that they shouted and laughed. Then they were silent and looked at Pahóm while the interpreter said:‘They wish me to tell you that in return for your presents they will gladly give you as much land as you want. You have only to point it out with your hand and it is yours.’The Bashkírs talked again for a while and began to dispute. Pahóm asked what they were disputing about, and the interpreter told him that some of them thought they ought to ask their Chief about the land and not act in his absence, while others thought there was no need to wait for his return.While the Bashkírs were disputing, a man in a large fox-fur cap appeared on the scene. They all became silent and rose to their feet. The interpreter said, ‘This is our Chief himself.’Pahóm immediately fetched the best dressing-gown and five pounds of tea, and offered these to the Chief. The Chief accepted them, and seated himself in the place of honor. The Bashkírs at once began telling him something. The Chief listened for a while, then made a sign with his head for them to be silent, and addressing himself to Pahóm, said in Russian:‘Well, let it be so. Choose whatever piece of land you like; we have plenty of it.’‘How can I take as much as I like?’ thought Pahóm. ‘I must get a deed to make it secure, or else they may say, “It is yours,” and afterwards may take it away again.’‘Thank you for your kind words,’ he said aloud. ‘You have much land, and I only want a little. But I should like to be sure which bit is mine. Could it not be measured and made over to me? Life and death are in God’s hands. You good people give it to me, but your children might wish to take it away again.’‘You are quite right,’ said the Chief. ‘We will make it over to you.’‘I heard that a dealer had been here,’ continued Pahóm, ‘and that you gave him a little land, too, and signed title-deeds to that effect. I should like to have it done in the same way.’The Chief understood.‘Yes,’ replied he, ‘that can be done quite easily. We have a scribe, and we will go to town with you and have the deed properly sealed.’‘And what will be the price?’ asked Pahóm.‘Our price is always the same: one thousand rubles a day.’Pahóm did not understand.‘A day? What measure is that? How many acres would that be?’‘We do not know how to reckon it out,’ said the Chief. ‘We sell it by the day. As much as you can go round on your feet in a day is yours, and the price is one thousand rubles a day.’Pahóm was surprised.‘But in a day you can get round a large tract of land,’ he said.The Chief laughed.‘It will all be yours!’ said he. ‘But there is one condition: If you don’t return on the same day to the spot whence you started, your money is lost.’‘But how am I to mark the way that I have gone?’‘Why, we shall go to any spot you like, and stay there. You must start from that spot and make your round, taking a spade with you. Wherever you think necessary, make a mark. At every turning, dig a hole and pile up the turf; then afterwards we will go round with a plow from hole to hole. You may make as large a circuit as you please, but before the sun sets you must return to the place you started from. All the land you cover will be yours.’Pahóm was delighted. It was decided to start early next morning. They talked a while, and after drinking some more kumiss and eating some more mutton, they had tea again, and then the night came on. They gave Pahóm a feather-bed to sleep on, and the Bashkírs dispersed for the night, promising to assemble the next morning at daybreak and ride out before sunrise to the appointed spot.Pahóm lay on the feather-bed, but could not sleep. He kept thinking about the land.‘What a large tract I will mark off!’ thought he. ‘I can easily do thirty-five miles in a day. The days are long now, and within a circuit of thirty-five miles what a lot of land there will be! I will sell the poorer land, or let it to peasants, but I’ll pick out the best and farm it. I will buy two ox-teams, and hire two more laborers. About a hundred and fifty acres shall be plow-land, and I will pasture cattle on the rest.’Pahóm lay awake all night, and dozed off only just before dawn. Hardly were his eyes closed when he had a dream. He thought he was lying in that same tent, and heard somebody chuckling outside. He wondered who it could be, and rose and went out, and he saw the Bashkír Chief sitting in front of the tent holding his side and rolling about with laughter. Going nearer to the Chief, Pahóm asked: ‘What are you laughing at?’ But he saw that it was no longer the Chief, but the dealer who had recently stopped at his house and had told him about the land. Just as Pahóm was going to ask, ‘Have you been here long?’ he saw that it was not the dealer, but the peasant who had come up from the Volga, long ago, to Pahóm’s old home. Then he saw that it was not the peasant either, but the Devil himself with hoofs and horns, sitting there and chuckling, and before him lay a man barefoot, prostrate on the ground, with only trousers and a shirt on. And Pahóm dreamed that he looked more attentively to see what sort of a man it was lying there, and he saw that the man was dead, and that it was himself! He awoke horror-struck.‘What things one does dream,’ thought he.Looking round he saw through the open door that the dawn was breaking.’It’s time to wake them up,’ thought he. ‘We ought to be starting.’He got up, roused his man (who was sleeping in his cart), bade him harness; and went to call the Bashkírs.‘It’s time to go to the steppe to measure the land,’ he said.The Bashkírs rose and assembled, and the Chief came, too. Then they began drinking kumiss again, and offered Pahóm some tea, but he would not wait.‘If we are to go, let us go. It is high time,’ said he.The Bashkírs got ready and they all started: some mounted on horses, and some in carts. Pahóm drove in his own small cart with his servant, and took a spade with him. When they reached the steppe, the morning red was beginning to kindle. They ascended a hillock (called by the Bashkírs a shikhan) and dismounting from their carts and their horses, gathered in one spot. The Chief came up to Pahóm and stretched out his arm towards the plain:‘See,’ said he, ‘all this, as far as your eye can reach, is ours. You may have any part of it you like.’Pahóm’s eyes glistened: it was all virgin soil, as flat as the palm of your hand, as black as the seed of a poppy, and in the hollows different kinds of grasses grew breast high.The Chief took off his fox-fur cap, placed it on the ground and said:‘This will be the mark. Start from here, and return here again. All the land you go round shall be yours.’Pahóm took out his money and put it on the cap. Then he took off his outer coat, remaining in his sleeveless under coat. He unfastened his girdle and tied it tight below his stomach, put a little bag of bread into the breast of his coat, and tying a flask of water to his girdle, he drew up the tops of his boots, took the spade from his man, and stood ready to start. He considered for some moments which way he had better go—it was tempting everywhere.‘No matter,’ he concluded, ‘I will go towards the rising sun.’He turned his face to the east, stretched himself, and waited for the sun to appear above the rim.‘I must lose no time,’ he thought, ‘and it is easier walking while it is still cool.’The sun’s rays had hardly flashed above the horizon, before Pahóm, carrying the spade over his shoulder, went down into the steppe.Pahóm started walking neither slowly nor quickly. After having gone a thousand yards he stopped, dug a hole, and placed pieces of turf one on another to make it more visible. Then he went on; and now that he had walked off his stiffness he quickened his pace. After a while he dug another hole.Pahóm looked back. The hillock could be distinctly seen in the sunlight, with the people on it, and the glittering tires of the cartwheels. At a rough guess Pahóm concluded that he had walked three miles. It was growing warmer; he took off his under-coat, flung it across his shoulder, and went on again. It had grown quite warm now; he looked at the sun, it was time to think of breakfast.‘The first shift is done, but there are four in a day, and it is too soon yet to turn. But I will just take off my boots,’ said he to himself.He sat down, took off his boots, stuck them into his girdle, and went on. It was easy walking now.‘I will go on for another three miles,’ thought he, ‘and then turn to the left. The spot is so fine, that it would be a pity to lose it. The further one goes, the better the land seems.’He went straight on for a while, and when he looked round, the hillock was scarcely visible and the people on it looked like black ants, and he could just see something glistening there in the sun.‘Ah,’ thought Pahóm, ‘I have gone far enough in this direction, it is time to turn. Besides I am in a regular sweat, and very thirsty.’He stopped, dug a large hole, and heaped up pieces of turf. Next he untied his flask, had a drink, and then turned sharply to the left. He went on and on; the grass was high, and it was very hot.Pahóm began to grow tired: he looked at the sun and saw that it was noon.‘Well,’ he thought, ‘I must have a rest.’He sat down, and ate some bread and drank some water; but he did not lie down, thinking that if he did he might fall asleep. After sitting a little while, he went on again. At first he walked easily: the food had strengthened him; but it had become terribly hot, and he felt sleepy; still he went on, thinking: ‘An hour to suffer, a life-time to live.’He went a long way in this direction also, and was about to turn to the left again, when he perceived a damp hollow: ‘It would be a pity to leave that out,’ he thought. ‘Flax would do well there.’ So he went on past the hollow, and dug a hole on the other side of it before he turned the corner. Pahóm looked towards the hillock. The heat made the air hazy: it seemed to be quivering, and through the haze the people on the hillock could scarcely be seen.‘Ah!’ thought Pahóm, ‘I have made the sides too long; I must make this one shorter.’ And he went along the third side, stepping faster. He looked at the sun: it was nearly half way to the horizon, and he had not yet done two miles of the third side of the square. He was still ten miles from the goal.‘No,’ he thought, ‘though it will make my land lop-sided, I must hurry back in a straight line now. I might go too far, and as it is I have a great deal of land.’So Pahóm hurriedly dug a hole, and turned straight towards the hillock.Pahóm went straight towards the hillock, but he now walked with difficulty. He was done up with the heat, his bare feet were cut and bruised, and his legs began to fail. He longed to rest, but it was impossible if he meant to get back before sunset. The sun waits for no man, and it was sinking lower and lower.‘Oh dear,’ he thought, ‘if only I have not blundered trying for too much! What if I am too late?’He looked towards the hillock and at the sun. He was still far from his goal, and the sun was already near the rim.Pahóm walked on and on; it was very hard walking, but he went quicker and quicker. He pressed on, but was still far from the place. He began running, threw away his coat, his boots, his flask, and his cap, and kept only the spade which he used as a support.‘What shall I do,’ he thought again, ‘I have grasped too much, and ruined the whole affair. I can’t get there before the sun sets.’And this fear made him still more breathless. Pahóm went on running, his soaking shirt and trousers stuck to him, and his mouth was parched. His breast was working like a blacksmith’s bellows, his heart was beating like a hammer, and his legs were giving way as if they did not belong to him. Pahóm was seized with terror lest he should die of the strain.Though afraid of death, he could not stop. ‘After having run all that way they will call me a fool if I stop now,’ thought he. And he ran on and on, and drew near and heard the Bashkírs yelling and shouting to him, and their cries inflamed his heart still more. He gathered his last strength and ran on.The sun was close to the rim, and cloaked in mist looked large, and red as blood. Now, yes now, it was about to set! The sun was quite low, but he was also quite near his aim. Pahóm could already see the people on the hillock waving their arms to hurry him up. He could see the fox-fur cap on the ground, and the money on it, and the Chief sitting on the ground holding his sides. And Pahóm remembered his dream.‘There is plenty of land,’ thought he, ‘but will God let me live on it? I have lost my life, I have lost my life! I shall never reach that spot!’Pahóm looked at the sun, which had reached the earth: one side of it had already disappeared. With all his remaining strength he rushed on, bending his body forward so that his legs could hardly follow fast enough to keep him from falling. Just as he reached the hillock it suddenly grew dark. He looked up—the sun had already set. He gave a cry: ‘All my labor has been in vain,’ thought he, and was about to stop, but he heard the Bashkírs still shouting, and remembered that though to him, from below, the sun seemed to have set, they on the hillock could still see it. He took a long breath and ran up the hillock. It was still light there. He reached the top and saw the cap. Before it sat the Chief laughing and holding his sides. Again Pahóm remembered his dream, and he uttered a cry: his legs gave way beneath him, he fell forward and reached the cap with his hands.‘Ah, what a fine fellow!’ exclaimed the Chief. ‘He has gained much land!’Pahóm’s servant came running up and tried to raise him, but he saw that blood was flowing from his mouth. Pahóm was dead!The Bashkírs clicked their tongues to show their pity.His servant picked up the spade and dug a grave long enough for Pahóm to lie in, and buried him in it. Six feet from his head to his heels was all he needed.", "content_html": "I am so enamoured by the last chapter in Alok Sama’s book - Money trap, that I have decided to repost Tolstoy’s short story on my blog. I think my readers will benefit from reading it.
An elder sister came to visit her younger sister in the country. The elder was married to a tradesman in town, the younger to a peasant in the village. As the sisters sat over their tea talking, the elder began to boast of the advantages of town life: saying how comfortably they lived there, how well they dressed, what fine clothes her children wore, what good things they ate and drank, and how she went to the theater, promenades, and entertainments.
The younger sister was piqued, and in turn disparaged the life of a tradesman, and stood up for that of a peasant.
‘I would not change my way of life for yours,’ said she. ‘We may live roughly, but at least we are free from anxiety. You live in better style than we do, but though you often earn more than you need, you are very likely to lose all you have. You know the proverb, “Loss and gain are brothers twain.” It often happens that people who are wealthy one day are begging their bread the next. Our way is safer. Though a peasant’s life is not a fat one, it is a long one. We shall never grow rich, but we shall always have enough to eat.’
The elder sister said sneeringly:
‘Enough? Yes, if you like to share with the pigs and the calves! What do you know of elegance or manners! However much your good man may slave, you will die as you are living—on a dung heap—and your children the same.’
‘Well, what of that?’ replied the younger. ‘Of course our work is rough and coarse. But, on the other hand, it is sure; and we need not bow to any one. But you, in your towns, are surrounded by temptations; to-day all may be right, but to-morrow the Evil One may tempt your husband with cards, wine, or women, and all will go to ruin. Don’t such things happen often enough?’
Pahóm, the master of the house, was lying on the top of the oven, and he listened to the women’s chatter.
‘It is perfectly true,’ thought he. ‘Busy as we are from childhood tilling mother earth, we peasants have no time to let any nonsense settle in our heads. Our only trouble is that we haven’t land enough. If I had plenty of land, I shouldn’t fear the Devil himself!’
The women finished their tea, chatted a while about dress, and then cleared away the tea-things and lay down to sleep.
But the Devil had been sitting behind the oven, and had heard all that was said. He was pleased that the peasant’s wife had led her husband into boasting, and that he had said that if he had plenty of land he would not fear the Devil himself.
‘All right,’ thought the Devil. ‘We will have a tussle. I’ll give you land enough; and by means of that land I will get you into my power.’
Close to the village there lived a lady, a small landowner, who had an estate of about three hundred acres[1]. She had always lived on good terms with the peasants, until she engaged as her steward an old soldier, who took to burdening the people with fines. However careful Pahóm tried to be, it happened again and again that now a horse of his got among the lady’s oats, now a cow strayed into her garden, now his calves found their way into her meadows—and he always had to pay a fine.
Pahóm paid, but grumbled, and, going home in a temper, was rough with his family. All through that summer, Pahóm had much trouble because of this steward; and he was even glad when winter came and the cattle had to be stabled. Though he grudged the fodder when they could no longer graze on the pasture-land, at least he was free from anxiety about them.
In the winter the news got about that the lady was going to sell her land, and that the keeper of the inn on the high road was bargaining for it. When the peasants heard this they were very much alarmed.
‘Well,’ thought they, ‘if the innkeeper gets the land, he will worry us with fines worse than the lady’s steward. We all depend on that estate.’
So the peasants went on behalf of their Commune, and asked the lady not to sell the land to the innkeeper; offering her a better price for it themselves. The lady agreed to let them have it. Then the peasants tried to arrange for the Commune to buy the whole estate, so that it might be held by all in common. They met twice to discuss it, but could not settle the matter; the Evil One sowed discord among them, and they could not agree. So they decided to buy the land individually, each according to his means; and the lady agreed to this plan as she had to the other.
Presently Pahóm heard that a neighbor of his was buying fifty acres, and that the lady had consented to accept one half in cash and to wait a year for the other half. Pahóm felt envious.
‘Look at that,’ thought he, ‘the land is all being sold, and I shall get none of it.’ So he spoke to his wife.
‘Other people are buying,’ said he, ‘and we must also buy twenty acres or so. Life is becoming impossible. That steward is simply crushing us with his fines.’
So they put their heads together and considered how they could manage to buy it. They had one hundred rubles laid by. They sold a colt, and one half of their bees; hired out one of their sons as a laborer, and took his wages in advance; borrowed the rest from a brother-in-law, and so scraped together half the purchase money.
Having done this, Pahóm chose out a farm of forty acres, some of it wooded, and went to the lady to bargain for it. They came to an agreement, and he shook hands with her upon it, and paid her a deposit in advance. Then they went to town and signed the deeds; he paying half the price down, and undertaking to pay the remainder within two years.
So now Pahóm had land of his own. He borrowed seed, and sowed it on the land he had bought. The harvest was a good one, and within a year he had managed to pay off his debts both to the lady and to his brother-in-law. So he became a landowner, plowing and sowing his own land, making hay on his own land, cutting his own trees, and feeding his cattle on his own pasture. When he went out to plow his fields, or to look at his growing corn, or at his grass-meadows, his heart would fill with joy. The grass that grew and the flowers that bloomed there, seemed to him unlike any that grew elsewhere. Formerly, when he had passed by that land, it had appeared the same as any other land, but now it seemed quite different.
So Pahóm was well contented, and everything would have been right if the neighboring peasants would only not have trespassed on his corn-fields and meadows. He appealed to them most civilly, but they still went on: now the Communal herdsmen would let the village cows stray into his meadows; then horses from the night pasture would get among his corn. Pahóm turned them out again and again, and forgave their owners, and for a long time he forbore from prosecuting any one. But at last he lost patience and complained to the District Court. He knew it was the peasants’ want of land, and no evil intent on their part, that caused the trouble; but he thought:
‘I cannot go on overlooking it, or they will destroy all I have. They must be taught a lesson.’
So he had them up, gave them one lesson, and then another, and two or three of the peasants were fined. After a time Pahóm’s neighbors began to bear him a grudge for this, and would now and then let their cattle on to his land on purpose. One peasant even got into Pahóm’s wood at night and cut down five young lime trees for their bark. Pahóm passing through the wood one day noticed something white. He came nearer, and saw the stripped trunks lying on the ground, and close by stood the stumps, where the tree had been. Pahóm was furious.
‘If he had only cut one here and there it would have been bad enough,’ thought Pahóm, ‘but the rascal has actually cut down a whole clump. If I could only find out who did this, I would pay him out.’
He racked his brains as to who it could be. Finally he decided: ‘It must be Simon-no one else could have done it.’ So he went to Simon’s homestead to have a look round, but he found nothing, and only had an angry scene. However, he now felt more certain than ever that Simon had done it, and he lodged a complaint. Simon was summoned. The case was tried, and re-tried, and at the end of it all Simon was acquitted, there being no evidence against him. Pahóm felt still more aggrieved, and let his anger loose upon the Elder and the Judges.
‘You let thieves grease your palms,’ said he. ‘If you were honest folk yourselves, you would not let a thief go free.’
So Pahóm quarreled with the Judges and with his neighbors. Threats to burn his building began to be uttered. So though Pahóm had more land, his place in the Commune was much worse than before.
About this time a rumor got about that many people were moving to new parts.
’There’s no need for me to leave my land,’ thought Pahóm. ‘But some of the others might leave our village, and then there would be more room for us. I would take over their land myself, and make my estate a bit bigger. I could then live more at ease. As it is, I am still too cramped to be comfortable.’
One day Pahóm was sitting at home, when a peasant passing through the village, happened to call in. He was allowed to stay the night, and supper was given him. Pahóm had a talk with this peasant and asked him where he came from. The stranger answered that he came from beyond the Volga, where he had been working. One word led to another, and the man went on to say that many people were settling in those parts. He told how some people from his village had settled there. They had joined the Commune, and had had twenty-five acres per man granted them. The land was so good, he said, that the rye sown on it grew as high as a horse, and so thick that five cuts of a sickle made a sheaf. One peasant, he said, had brought nothing with him but his bare hands, and now he had six horses and two cows of his own.
Pahóm’s heart kindled with desire. He thought:
‘Why should I suffer in this narrow hole, if one can live so well elsewhere? I will sell my land and my homestead here, and with the money I will start afresh over there and get everything new. In this crowded place one is always having trouble. But I must first go and find out all about it myself.’
Towards summer he got ready and started. He went down the Volga on a steamer to Samára, then walked another three hundred miles on foot, and at last reached the place. It was just as the stranger had said. The peasants had plenty of land: every man had twenty-five acres of Communal land given him for his use, and any one who had money could buy, besides, at two shillings an acre[2] as much good freehold land as he wanted.
Having found out all he wished to know, Pahóm returned home as autumn came on, and began selling off his belongings. He sold his land at a profit, sold his homestead and all his cattle, and withdrew from membership of the Commune. He only waited till the spring, and then started with his family for the new settlement.
As soon as Pahóm and his family arrived at their new abode, he applied for admission into the Commune of a large village. He stood treat to the Elders, and obtained the necessary documents. Five shares of Communal land were given him for his own and his sons’ use: that is to say—125 acres (not all together, but in different fields) besides the use of the Communal pasture. Pahóm put up the buildings he needed, and bought cattle. Of the Communal land alone he had three times as much as at his former home, and the land was good corn-land. He was ten times better off than he had been. He had plenty of arable land and pasturage, and could keep as many head of cattle as he liked.
At first, in the bustle of building and settling down, Pahóm was pleased with it all, but when he got used to it he began to think that even here he had not enough land. The first year, he sowed wheat on his share of the Communal land, and had a good crop. He wanted to go on sowing wheat, but had not enough Communal land for the purpose, and what he had already used was not available; for in those parts wheat is only sown on virgin soil or on fallow land. It is sown for one or two years, and then the land lies fallow till it is again overgrown with prairie grass. There were many who wanted such land, and there was not enough for all; so that people quarreled about it. Those who were better off, wanted it for growing wheat, and those who were poor, wanted it to let to dealers, so that they might raise money to pay their taxes. Pahóm wanted to sow more wheat; so he rented land from a dealer for a year. He sowed much wheat and had a fine crop, but the land was too far from the village—the wheat had to be carted more than ten miles. After a time Pahóm noticed that some peasant-dealers were living on separate farms, and were growing wealthy; and he thought:
‘If I were to buy some freehold land, and have a homestead on it, it would be a different thing, altogether. Then it would all be nice and compact.’
The question of buying freehold land recurred to him again and again.
He went on in the same way for three years; renting land and sowing wheat. The seasons turned out well and the crops were good, so that he began to lay money by. He might have gone on living contentedly, but he grew tired of having to rent other people’s land every year, and having to scramble for it. Wherever there was good land to be had, the peasants would rush for it and it was taken up at once, so that unless you were sharp about it you got none. It happened in the third year that he and a dealer together rented a piece of pasture land from some peasants; and they had already plowed it up, when there was some dispute, and the peasants went to law about it, and things fell out so that the labor was all lost.
‘If it were my own land,’ thought Pahóm, ‘I should be independent, and there would not be all this unpleasantness.’
So Pahóm began looking out for land which he could buy; and he came across a peasant who had bought thirteen hundred acres, but having got into difficulties was willing to sell again cheap. Pahóm bargained and haggled with him, and at last they settled the price at 1,500 rubles, part in cash and part to be paid later. They had all but clinched the matter, when a passing dealer happened to stop at Pahóm’s one day to get a feed for his horse. He drank tea with Pahóm, and they had a talk. The dealer said that he was just returning from the land of the Bashkírs, far away, where he had bought thirteen thousand acres of land all for 1,000 rubles. Pahóm questioned him further, and the tradesman said:
‘All one need do is to make friends with the chiefs. I gave away about one hundred rubles’ worth of dressing-gowns and carpets, besides a case of tea, and I gave wine to those who would drink it; and I got the land for less than twopence an acre[3]. And he showed Pahóm the title-deeds, saying:
‘The land lies near a river, and the whole prairie is virgin soil.’
Pahóm plied him with questions, and the tradesman said:
‘There is more land there than you could cover if you walked a year, and it all belongs to the Bashkírs. They are as simple as sheep, and land can be got almost for nothing.’
‘There now,’ thought Pahóm, ‘with my one thousand rubles, why should I get only thirteen hundred acres, and saddle myself with a debt besides? If I take it out there, I can get more than ten times as much for the money.’
Pahóm inquired how to get to the place, and as soon as the tradesman had left him, he prepared to go there himself. He left his wife to look after the homestead, and started on his journey taking his man with him. They stopped at a town on their way, and bought a case of tea, some wine, and other presents, as the tradesman had advised. On and on they went until they had gone more than three hundred miles, and on the seventh day they came to a place where the Bashkírs had pitched their tents. It was all just as the tradesman had said. The people lived on the steppes, by a river, in felt-covered tents[4]. They neither tilled the ground, nor ate bread. Their cattle and horses grazed in herds on the steppe. The colts were tethered behind the tents, and the mares were driven to them twice a day. The mares were milked, and from the milk kumiss was made. It was the women who prepared kumiss, and they also made cheese. As far as the men were concerned, drinking kumiss and tea, eating mutton, and playing on their pipes, was all they cared about. They were all stout and merry, and all the summer long they never thought of doing any work. They were quite ignorant, and knew no Russian, but were good-natured enough.
As soon as they saw Pahóm, they came out of their tents and gathered round their visitor. An interpreter was found, and Pahóm told them he had come about some land. The Bashkírs seemed very glad; they took Pahóm and led him into one of the best tents, where they made him sit on some down cushions placed on a carpet, while they sat round him. They gave him tea and kumiss, and had a sheep killed, and gave him mutton to eat. Pahóm took presents out of his cart and distributed them among the Bashkírs, and divided among them the tea. The Bashkírs were delighted. They talked a great deal among themselves, and then told the interpreter to translate.
‘They wish to tell you,’ said the interpreter, ‘that they like you, and that it is our custom to do all we can to please a guest and to repay him for his gifts. You have given us presents, now tell us which of the things we possess please you best, that we may present them to you.’
‘What pleases me best here,’ answered Pahóm, ‘is your land. Our land is crowded, and the soil is exhausted; but you have plenty of land and it is good land. I never saw the like of it.’
The interpreter translated. The Bashkírs talked among themselves for a while. Pahóm could not understand what they were saying, but saw that they were much amused, and that they shouted and laughed. Then they were silent and looked at Pahóm while the interpreter said:
‘They wish me to tell you that in return for your presents they will gladly give you as much land as you want. You have only to point it out with your hand and it is yours.’
The Bashkírs talked again for a while and began to dispute. Pahóm asked what they were disputing about, and the interpreter told him that some of them thought they ought to ask their Chief about the land and not act in his absence, while others thought there was no need to wait for his return.
While the Bashkírs were disputing, a man in a large fox-fur cap appeared on the scene. They all became silent and rose to their feet. The interpreter said, ‘This is our Chief himself.’
Pahóm immediately fetched the best dressing-gown and five pounds of tea, and offered these to the Chief. The Chief accepted them, and seated himself in the place of honor. The Bashkírs at once began telling him something. The Chief listened for a while, then made a sign with his head for them to be silent, and addressing himself to Pahóm, said in Russian:
‘Well, let it be so. Choose whatever piece of land you like; we have plenty of it.’
‘How can I take as much as I like?’ thought Pahóm. ‘I must get a deed to make it secure, or else they may say, “It is yours,” and afterwards may take it away again.’
‘Thank you for your kind words,’ he said aloud. ‘You have much land, and I only want a little. But I should like to be sure which bit is mine. Could it not be measured and made over to me? Life and death are in God’s hands. You good people give it to me, but your children might wish to take it away again.’
‘You are quite right,’ said the Chief. ‘We will make it over to you.’
‘I heard that a dealer had been here,’ continued Pahóm, ‘and that you gave him a little land, too, and signed title-deeds to that effect. I should like to have it done in the same way.’
The Chief understood.
‘Yes,’ replied he, ‘that can be done quite easily. We have a scribe, and we will go to town with you and have the deed properly sealed.’
‘And what will be the price?’ asked Pahóm.
‘Our price is always the same: one thousand rubles a day.’
Pahóm did not understand.
‘A day? What measure is that? How many acres would that be?’
‘We do not know how to reckon it out,’ said the Chief. ‘We sell it by the day. As much as you can go round on your feet in a day is yours, and the price is one thousand rubles a day.’
Pahóm was surprised.
‘But in a day you can get round a large tract of land,’ he said.
The Chief laughed.
‘It will all be yours!’ said he. ‘But there is one condition: If you don’t return on the same day to the spot whence you started, your money is lost.’
‘But how am I to mark the way that I have gone?’
‘Why, we shall go to any spot you like, and stay there. You must start from that spot and make your round, taking a spade with you. Wherever you think necessary, make a mark. At every turning, dig a hole and pile up the turf; then afterwards we will go round with a plow from hole to hole. You may make as large a circuit as you please, but before the sun sets you must return to the place you started from. All the land you cover will be yours.’
Pahóm was delighted. It was decided to start early next morning. They talked a while, and after drinking some more kumiss and eating some more mutton, they had tea again, and then the night came on. They gave Pahóm a feather-bed to sleep on, and the Bashkírs dispersed for the night, promising to assemble the next morning at daybreak and ride out before sunrise to the appointed spot.
Pahóm lay on the feather-bed, but could not sleep. He kept thinking about the land.
‘What a large tract I will mark off!’ thought he. ‘I can easily do thirty-five miles in a day. The days are long now, and within a circuit of thirty-five miles what a lot of land there will be! I will sell the poorer land, or let it to peasants, but I’ll pick out the best and farm it. I will buy two ox-teams, and hire two more laborers. About a hundred and fifty acres shall be plow-land, and I will pasture cattle on the rest.’
Pahóm lay awake all night, and dozed off only just before dawn. Hardly were his eyes closed when he had a dream. He thought he was lying in that same tent, and heard somebody chuckling outside. He wondered who it could be, and rose and went out, and he saw the Bashkír Chief sitting in front of the tent holding his side and rolling about with laughter. Going nearer to the Chief, Pahóm asked: ‘What are you laughing at?’ But he saw that it was no longer the Chief, but the dealer who had recently stopped at his house and had told him about the land. Just as Pahóm was going to ask, ‘Have you been here long?’ he saw that it was not the dealer, but the peasant who had come up from the Volga, long ago, to Pahóm’s old home. Then he saw that it was not the peasant either, but the Devil himself with hoofs and horns, sitting there and chuckling, and before him lay a man barefoot, prostrate on the ground, with only trousers and a shirt on. And Pahóm dreamed that he looked more attentively to see what sort of a man it was lying there, and he saw that the man was dead, and that it was himself! He awoke horror-struck.
‘What things one does dream,’ thought he.
Looking round he saw through the open door that the dawn was breaking.
’It’s time to wake them up,’ thought he. ‘We ought to be starting.’
He got up, roused his man (who was sleeping in his cart), bade him harness; and went to call the Bashkírs.
‘It’s time to go to the steppe to measure the land,’ he said.
The Bashkírs rose and assembled, and the Chief came, too. Then they began drinking kumiss again, and offered Pahóm some tea, but he would not wait.
‘If we are to go, let us go. It is high time,’ said he.
The Bashkírs got ready and they all started: some mounted on horses, and some in carts. Pahóm drove in his own small cart with his servant, and took a spade with him. When they reached the steppe, the morning red was beginning to kindle. They ascended a hillock (called by the Bashkírs a shikhan) and dismounting from their carts and their horses, gathered in one spot. The Chief came up to Pahóm and stretched out his arm towards the plain:
‘See,’ said he, ‘all this, as far as your eye can reach, is ours. You may have any part of it you like.’
Pahóm’s eyes glistened: it was all virgin soil, as flat as the palm of your hand, as black as the seed of a poppy, and in the hollows different kinds of grasses grew breast high.
The Chief took off his fox-fur cap, placed it on the ground and said:
‘This will be the mark. Start from here, and return here again. All the land you go round shall be yours.’
Pahóm took out his money and put it on the cap. Then he took off his outer coat, remaining in his sleeveless under coat. He unfastened his girdle and tied it tight below his stomach, put a little bag of bread into the breast of his coat, and tying a flask of water to his girdle, he drew up the tops of his boots, took the spade from his man, and stood ready to start. He considered for some moments which way he had better go—it was tempting everywhere.
‘No matter,’ he concluded, ‘I will go towards the rising sun.’
He turned his face to the east, stretched himself, and waited for the sun to appear above the rim.
‘I must lose no time,’ he thought, ‘and it is easier walking while it is still cool.’
The sun’s rays had hardly flashed above the horizon, before Pahóm, carrying the spade over his shoulder, went down into the steppe.
Pahóm started walking neither slowly nor quickly. After having gone a thousand yards he stopped, dug a hole, and placed pieces of turf one on another to make it more visible. Then he went on; and now that he had walked off his stiffness he quickened his pace. After a while he dug another hole.
Pahóm looked back. The hillock could be distinctly seen in the sunlight, with the people on it, and the glittering tires of the cartwheels. At a rough guess Pahóm concluded that he had walked three miles. It was growing warmer; he took off his under-coat, flung it across his shoulder, and went on again. It had grown quite warm now; he looked at the sun, it was time to think of breakfast.
‘The first shift is done, but there are four in a day, and it is too soon yet to turn. But I will just take off my boots,’ said he to himself.
He sat down, took off his boots, stuck them into his girdle, and went on. It was easy walking now.
‘I will go on for another three miles,’ thought he, ‘and then turn to the left. The spot is so fine, that it would be a pity to lose it. The further one goes, the better the land seems.’
He went straight on for a while, and when he looked round, the hillock was scarcely visible and the people on it looked like black ants, and he could just see something glistening there in the sun.
‘Ah,’ thought Pahóm, ‘I have gone far enough in this direction, it is time to turn. Besides I am in a regular sweat, and very thirsty.’
He stopped, dug a large hole, and heaped up pieces of turf. Next he untied his flask, had a drink, and then turned sharply to the left. He went on and on; the grass was high, and it was very hot.
Pahóm began to grow tired: he looked at the sun and saw that it was noon.
‘Well,’ he thought, ‘I must have a rest.’
He sat down, and ate some bread and drank some water; but he did not lie down, thinking that if he did he might fall asleep. After sitting a little while, he went on again. At first he walked easily: the food had strengthened him; but it had become terribly hot, and he felt sleepy; still he went on, thinking: ‘An hour to suffer, a life-time to live.’
He went a long way in this direction also, and was about to turn to the left again, when he perceived a damp hollow: ‘It would be a pity to leave that out,’ he thought. ‘Flax would do well there.’ So he went on past the hollow, and dug a hole on the other side of it before he turned the corner. Pahóm looked towards the hillock. The heat made the air hazy: it seemed to be quivering, and through the haze the people on the hillock could scarcely be seen.
‘Ah!’ thought Pahóm, ‘I have made the sides too long; I must make this one shorter.’ And he went along the third side, stepping faster. He looked at the sun: it was nearly half way to the horizon, and he had not yet done two miles of the third side of the square. He was still ten miles from the goal.
‘No,’ he thought, ‘though it will make my land lop-sided, I must hurry back in a straight line now. I might go too far, and as it is I have a great deal of land.’
So Pahóm hurriedly dug a hole, and turned straight towards the hillock.
Pahóm went straight towards the hillock, but he now walked with difficulty. He was done up with the heat, his bare feet were cut and bruised, and his legs began to fail. He longed to rest, but it was impossible if he meant to get back before sunset. The sun waits for no man, and it was sinking lower and lower.
‘Oh dear,’ he thought, ‘if only I have not blundered trying for too much! What if I am too late?’
He looked towards the hillock and at the sun. He was still far from his goal, and the sun was already near the rim.
Pahóm walked on and on; it was very hard walking, but he went quicker and quicker. He pressed on, but was still far from the place. He began running, threw away his coat, his boots, his flask, and his cap, and kept only the spade which he used as a support.
‘What shall I do,’ he thought again, ‘I have grasped too much, and ruined the whole affair. I can’t get there before the sun sets.’
And this fear made him still more breathless. Pahóm went on running, his soaking shirt and trousers stuck to him, and his mouth was parched. His breast was working like a blacksmith’s bellows, his heart was beating like a hammer, and his legs were giving way as if they did not belong to him. Pahóm was seized with terror lest he should die of the strain.
Though afraid of death, he could not stop. ‘After having run all that way they will call me a fool if I stop now,’ thought he. And he ran on and on, and drew near and heard the Bashkírs yelling and shouting to him, and their cries inflamed his heart still more. He gathered his last strength and ran on.
The sun was close to the rim, and cloaked in mist looked large, and red as blood. Now, yes now, it was about to set! The sun was quite low, but he was also quite near his aim. Pahóm could already see the people on the hillock waving their arms to hurry him up. He could see the fox-fur cap on the ground, and the money on it, and the Chief sitting on the ground holding his sides. And Pahóm remembered his dream.
‘There is plenty of land,’ thought he, ‘but will God let me live on it? I have lost my life, I have lost my life! I shall never reach that spot!’
Pahóm looked at the sun, which had reached the earth: one side of it had already disappeared. With all his remaining strength he rushed on, bending his body forward so that his legs could hardly follow fast enough to keep him from falling. Just as he reached the hillock it suddenly grew dark. He looked up—the sun had already set. He gave a cry: ‘All my labor has been in vain,’ thought he, and was about to stop, but he heard the Bashkírs still shouting, and remembered that though to him, from below, the sun seemed to have set, they on the hillock could still see it. He took a long breath and ran up the hillock. It was still light there. He reached the top and saw the cap. Before it sat the Chief laughing and holding his sides. Again Pahóm remembered his dream, and he uttered a cry: his legs gave way beneath him, he fell forward and reached the cap with his hands.
‘Ah, what a fine fellow!’ exclaimed the Chief. ‘He has gained much land!’
Pahóm’s servant came running up and tried to raise him, but he saw that blood was flowing from his mouth. Pahóm was dead!
The Bashkírs clicked their tongues to show their pity.
His servant picked up the spade and dug a grave long enough for Pahóm to lie in, and buried him in it. Six feet from his head to his heels was all he needed.
", "url": "https://rnikhil.com/2025/02/18/tolstoy-man-need", "date_published": "2025-02-18T00:00:00+00:00", "date_modified": "2025-02-18T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/12/19/cold-coffee-consistent", "title": "Receipe - cold coffee", "summary": null, "content_text": "I make 1-2 cups of cold coffee daily and sometimes for my SO and small inconsistencies have started driving us crazy. Some days it would be perfectly cold and creamy and other days a watery sludge. After months of trying various things and drinking a lot of coffee, I’ve discovered that making consistently great cold coffee comes down to understanding a few key things.Success criteria for my coffee: Must stay icecold for around 15min. I usually finish it by then Thick, creamy texture throughout and shouldn’t turn watery like cold brew after sitting on my table for 10min Should take less than 1 min to makeHere is what I’ve learnt from my super un-scientific and rigorous-less experimentation 😂 : Shake it, don’t stir it Stirring is useless. What takes 15 seconds of shaking needs like 2 minutes of violent stirring to achieve the same results Shaking also mixes the drink more uniformly. Stirring always leaves some coffee/sugar at the bottom of the cup Shaking also aerates the coffee with micro bubbles giving it a foamy texture (which stirring doesn’t) I don’t seem to observe any benefit in over shaking(things seem to plateau after like 20sec of shaking) or how intensive/vigorous I do it (thankfully so) You need lots of ice There is no problem with using too much ice as they stop affecting temperature or dilution beyond the equilibrium point. So, always ensure to have more ice than needed when you start. I use roughly 200g of ice for 100ml of coffee. It seems excessive but actually achieves ideal temp and dilution If you have very little ice, it will result in poor chilling and will end up over diluting your coffee. This is sometimes counter intuitive. You actually want to use more ice, not less, to prevent over-dilution. More ice equals faster chilling because you have more thermal mass to absorb heat quickly, reaching the target temp before too much of it melts. Size of the ice cube matters (sometimes) Ice cube size does matter if you are planning to let your coffee sit on your table for more than 20min. Bigger ice cubes are better because they have smaller surface area per gram and thereby melt slower which has an added benefit of diluting your coffee slower over time The size of the ice cubes doesn’t seem to matter for shaking (you end up with similar temp and dilution after 20sec) although theoretically smaller ice cubes chills marginally faster due to more surface area but I haven’t noticed this All in all, it personally takes me less than a minute to assemble all this and the results are fairly consistent", "content_html": "I make 1-2 cups of cold coffee daily and sometimes for my SO and small inconsistencies have started driving us crazy. Some days it would be perfectly cold and creamy and other days a watery sludge. After months of trying various things and drinking a lot of coffee, I’ve discovered that making consistently great cold coffee comes down to understanding a few key things.
Success criteria for my coffee:
Here is what I’ve learnt from my super un-scientific and rigorous-less experimentation 😂 :
All in all, it personally takes me less than a minute to assemble all this and the results are fairly consistent
", "url": "https://rnikhil.com/2024/12/19/cold-coffee-consistent", "date_published": "2024-12-19T00:00:00+00:00", "date_modified": "2024-12-19T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/12/18/prediction-market-crypto", "title": "Can you bet on everything?", "summary": null, "content_text": " Prediction markets, despite their promise and success in sports ($330B US betting volume) and elections ($40B in 2024), are yet to become mainstream due to fundamental demand and liquidity constraints. The issue isn’t regulation or technology - it’s that none of the three key market participants find strong PMF with prediction markets: gamblers want quick resolutions (42% of 2020 election volume traded in final week), long-term investors prefer growing wealth in traditional assets, and market makers can’t operate without consistent retail flow (there is no demand for betting on topics except elections and sports for now). This creates a structural chicken-and-egg problem where lack of demand and participations prevents reliable pricing, which in turn discourages serious folks. Due to these unfortunate structural issues, these markets only work in certain nichesand in events with high public interest and pre-existing communities, immediate resolutions and natural gambling appeal.I’ve been using prediction markets for various purposes over the last couple years, from speculating on sports to more recently the US elections and the F1 season. These products are pretty popular. Americans legally bet over $330 billion on sports in 2023, while the 2024 US presidential elections saw about $40 billion in wagers. Polymarket alone saw over $2 billion in volume just in October 2024. Looking at this explosive growth, it’s easy to get excited about the future of prediction markets. Based on this Nick Whittaker inspired essay we investigate their hyposthesis along with data from on-chain.This is the premise: harness the wisdom of crowds through financial incentives to predict future events. Put your money where your mouth is, and the market will aggregate everyone’s knowledge into probability estimates. At their core, prediction markets are betting markets where people can wager on the outcome of future events. The market price represents the crowd’s collective estimate. If shares are trading at $0.60, the market thinks there’s a 60% chance of that outcome happening. Curious about whether who is going to be the next NBA champion? There is a market for that. Wonder whether Tiktok will get banned in 2025 in US? There is a market for that. The dream is “prediction markets on everything”, where you are able to bet on every possible thing that can happen in the future.But after diving deep into how these markets actually work and analyzing real usage data, I think I was wrong about their potential to become mainstream products. While they may excel in niches like sports and elections, they may not become ubiquitous. Even in places where regulations are favourable (Betfair and UK), prediction markets have been unable to grow in volume beyond some categories. The reality is more nuanced and the challenges more fundamental than people realize. Let me explain why.How do prediction markets work?Proponents(Vitalik calls it info finance) argue that prediction markets harness the “wisdom of crowds” and there are some famous examples of this working: In 1906, a crowd at a livestock exhibition collectively guessed an ox’s weight within 1% accuracy by averaging their estimates In 1968, the US Navy found a missing submarine using collective expert predictions that were just 220 yards offThe theory makes sense. Prediction markets get people to bring information into the open by effectively paying them for revealing it. The market aggregates all this information into a single price that represents the collective estimate of that event happening.Prediction markets aren’t new though. Italian city-states had markets for papal elections in the 16th century. The US has had political betting markets since its founding. But what makes them powerful is how they incentivize information sharing. If you know something the market doesn’t, you can profit by betting and moving the price to reflect that information.There was a lot of hype around Polymarket this cycle where people claimed that it was able to predict the results more accurately(and ahead in time) than the polls(and even mainstream media). This is because polls ask for “Who will you vote for?” whereas prediction markets ask “Who do you think will win?” with financial incentives for accurate predictions, regardless of personal preferences. These don’t align often because one is your personal perspective and another is your personal preference(or intent). This combined with possibility of hedging (I will bet on Harris as a hedge because my crypto bags will any go up if Trump gets elected) explains the divergence.While there are different types of prediction markets (binary,continuous, etc) and different mechanisms to match the trades, most of the technical details are irrelevant to this particular blog. You can read more about prediction markets on this Lesswrong post or about order matching systems in this article. In practice, most successful prediction markets are hybrids. Polymarket, for instance, does order matching off-chain but settles everything on the blockchain. This gives you the best of both worlds - fast trading but transparent settlement.One key thing to discuss here is about liquidity in prediction markets. When a new market is started, its generally not +EV for market makers to provide liquidity (unless such markets exist somewhere else and you have an idea of the probabilities) which means somebody has to subsidize or provide incentives for putting up the initial money. This is usually done by providing some sort of kickbacks or yield on the money which is locked up.So, if the theory is sound, why am I not seeing prediction markets where I can bet on Bangalore weather?The problem with Prediction MarketsDespite their theoretical promise, prediction markets today face some limitations. The most obivous and repeating pattern is the crazy concentration of liquidity in short-term events and in certain niches. In India, crypto and cricket is responsible for about 80% of the volume on platforms like Probo, Winzo and MPL. On platforms like Polymarket, markets expiring within days or weeks see much higher trading volumes than longer-dated ones. This mirrors behavior in options markets, where short dated options have much higher OI compared to ones expiring next month.Globally, volumes are dominated by elections and sports betting. The contrast becomes starker when looking at other types of markets like ones focused on scientific discoveries, CEO replacements, AI predictions, economic indicators, or technological developments. They often struggle to attract meaningful participation. Polymarket’s data shows this clearly - while their election markets saw daily volumes exceeding $350 million during peak periods, most other markets struggle to maintain consistent daily volumes above $1 million.To understand why prediction markets struggle to scale beyond a few high-profile events, we need to look at the three key types of participants in any financial market: Speculators/Gamblers: They’re in it for the thrill and don’t necessarily have an edge. Think retail options traders or meme coin enthusiasts. They generally make -EV bets. They usually bet on events which the general population is interested in. They prefer to have quick resolutions and not wait weeks/months for the bet to resolve Long-term Investors: They’re trying to build wealth over time through appreciating assets like stocks. (Ex: an average SIP investor) Market Makers/Sharks: The sophisticated players who provide liquidity and try to profit from pricing inefficiencies. (Ex: SIG, Jane street, etc) They usually make +EV bets and are very PnL consious The problem? None of these groups find most prediction markets particularly appealing. Prediction markets have a major demand side problemWhy Current Prediction Markets StruggleLet’s break it down by user type:Speculators/Gamblers only care about quick resolution: Notice how 99% of prediction market volume happens right before the event. Majority of the Polymarket election betting volume was on October. Short dated options have way more volume than long dated options. They want immediate feedback loops and gratification Long-term predictions are boring for themLong-term Investors have zero interest in locking up money in prediction markets because: The capital doesn’t generate returns while waiting for event resolution They can invest in stocks/bonds instead and actually grow their wealth This is why responsible people have their savings in stocks and real estate, rather than a diversified portfolio of sportsbooksMarket Makers/Sharks can’t operate effectively because: There’s not enough retail flow and liquidity to trade against and they don’t want to trade mostly against other professionals. It’s like showing up to a poker table and finding out all the other players are poker pros. You’d much rather have a table of tourists. In regular markets, there is a constant flow of long term investors wanting to grow their wealth. Counter point: Kalshi announced in April 2024 that Susquehanna International Group, a quantitative firm, had joined the platform as a market maker. But, in my view, markets are held back by the lack of long term investors and gamblers, rather than folks like SIG, Jane street, etc. Market size for 90% of the markets is too small to justify sophisticated analysis. Even these people don’t want to lock up the capital in long term bets because of the opportunity costThis leads to a chicken/egg problem. Without gamblers and long term investors providing liquidity, market makers won’t participate. Without them making markets efficient, the prices aren’t reliable enough to attract serious investment. And 99% of the markets are too small to justify professionals spending time researching them. If people actually wanted to bet on random things, financial insitutions would have dumbed it down for retail customers (like they did with stock options, futures etc)When Do Prediction Markets Actually Work?Markets based on sports have some very nice qualities. They repeat predictably (lot of data points for market makers), are short-dated (conclude fast) and are generally very communal events with massive particiaption from the general public. This quick resolution is critical for attracting gamblers, who strongly prefer immediate results. Elections, while less frequent, generate similar dynamics because they attract massive public interest and thereby liquidity. The social element is crucial too. People are already fans of teams and political candidates, creating natural communities. This built-in audience provides the baseline liquidity for markets to function and scale up.To put it simply, not enough people in the world care about random topics like whether the LK-99 superconductor paper can be replicated or whether we will make contact with aliens by 2030. I’ve intentionally ignored various subsidy mechanisms which bootstrap multiple prediction market contracts because they aren’t super relevant to the discussion.To summarise, these markets they work when: Events resolve quickly (sports, short term politics) There’s massive public interest driving volume The underlying event recurs frequently enough to maintain engagementSo what now?I think a general way these platforms wil grow is when they: Focus on niches with natural gambling appeal(massive public interest) and quick resolution. Improve the core betting mechanics and not get distracted by fancy formats (video interfaces, blockchain, etc.) Design for small, repeatable betting loops that maintain engagement. Micro betting(what happens in the next ball?) volumes are much bigger than full game outcomes (who will win this match?) THIS IS THE MOST IMPORTANT. Break out of niches(like sports and elections) and start cross-selling other categories to the users successfully. This is an important metric to track.Prediction markets might be most valuable as an additional signal alongside other prediction methods, rather than trying to replace them entirely. They excel at aggregating information for events that people naturally want to bet on, and perhaps that’s exactly where they should stay. Not everything needs a prediction market - and that’s okay.For them to have a future beyond sports and elections, they to invest heavily into cross selling categories beyond sports/crypto/elections and expland the actual TAM (mention, popculture, spotify, weather etc).", "content_html": "Prediction markets, despite their promise and success in sports ($330B US betting volume) and elections ($40B in 2024), are yet to become mainstream due to fundamental demand and liquidity constraints. The issue isn’t regulation or technology - it’s that none of the three key market participants find strong PMF with prediction markets: gamblers want quick resolutions (42% of 2020 election volume traded in final week), long-term investors prefer growing wealth in traditional assets, and market makers can’t operate without consistent retail flow (there is no demand for betting on topics except elections and sports for now).
This creates a structural chicken-and-egg problem where lack of demand and participations prevents reliable pricing, which in turn discourages serious folks. Due to these unfortunate structural issues, these markets only work in certain nichesand in events with high public interest and pre-existing communities, immediate resolutions and natural gambling appeal.
I’ve been using prediction markets for various purposes over the last couple years, from speculating on sports to more recently the US elections and the F1 season. These products are pretty popular. Americans legally bet over $330 billion on sports in 2023, while the 2024 US presidential elections saw about $40 billion in wagers. Polymarket alone saw over $2 billion in volume just in October 2024. Looking at this explosive growth, it’s easy to get excited about the future of prediction markets. Based on this Nick Whittaker inspired essay we investigate their hyposthesis along with data from on-chain.
![](\"/assets/files/preda2.png\")
This is the premise: harness the wisdom of crowds through financial incentives to predict future events. Put your money where your mouth is, and the market will aggregate everyone’s knowledge into probability estimates. At their core, prediction markets are betting markets where people can wager on the outcome of future events. The market price represents the crowd’s collective estimate. If shares are trading at $0.60, the market thinks there’s a 60% chance of that outcome happening. Curious about whether who is going to be the next NBA champion? There is a market for that. Wonder whether Tiktok will get banned in 2025 in US? There is a market for that. The dream is “prediction markets on everything”, where you are able to bet on every possible thing that can happen in the future.
![](\"/assets/files/preda3.png\")
But after diving deep into how these markets actually work and analyzing real usage data, I think I was wrong about their potential to become mainstream products. While they may excel in niches like sports and elections, they may not become ubiquitous. Even in places where regulations are favourable (Betfair and UK), prediction markets have been unable to grow in volume beyond some categories. The reality is more nuanced and the challenges more fundamental than people realize. Let me explain why.
Proponents(Vitalik calls it info finance) argue that prediction markets harness the “wisdom of crowds” and there are some famous examples of this working:
The theory makes sense. Prediction markets get people to bring information into the open by effectively paying them for revealing it. The market aggregates all this information into a single price that represents the collective estimate of that event happening.
Prediction markets aren’t new though. Italian city-states had markets for papal elections in the 16th century. The US has had political betting markets since its founding. But what makes them powerful is how they incentivize information sharing. If you know something the market doesn’t, you can profit by betting and moving the price to reflect that information.
There was a lot of hype around Polymarket this cycle where people claimed that it was able to predict the results more accurately(and ahead in time) than the polls(and even mainstream media). This is because polls ask for “Who will you vote for?” whereas prediction markets ask “Who do you think will win?” with financial incentives for accurate predictions, regardless of personal preferences. These don’t align often because one is your personal perspective and another is your personal preference(or intent). This combined with possibility of hedging (I will bet on Harris as a hedge because my crypto bags will any go up if Trump gets elected) explains the divergence.
While there are different types of prediction markets (binary,continuous, etc) and different mechanisms to match the trades, most of the technical details are irrelevant to this particular blog. You can read more about prediction markets on this Lesswrong post or about order matching systems in this article. In practice, most successful prediction markets are hybrids. Polymarket, for instance, does order matching off-chain but settles everything on the blockchain. This gives you the best of both worlds - fast trading but transparent settlement.
One key thing to discuss here is about liquidity in prediction markets. When a new market is started, its generally not +EV for market makers to provide liquidity (unless such markets exist somewhere else and you have an idea of the probabilities) which means somebody has to subsidize or provide incentives for putting up the initial money. This is usually done by providing some sort of kickbacks or yield on the money which is locked up.
So, if the theory is sound, why am I not seeing prediction markets where I can bet on Bangalore weather?
![](\"/assets/files/preda7.png\")
Despite their theoretical promise, prediction markets today face some limitations. The most obivous and repeating pattern is the crazy concentration of liquidity in short-term events and in certain niches. In India, crypto and cricket is responsible for about 80% of the volume on platforms like Probo, Winzo and MPL. On platforms like Polymarket, markets expiring within days or weeks see much higher trading volumes than longer-dated ones. This mirrors behavior in options markets, where short dated options have much higher OI compared to ones expiring next month.
![](\"/assets/files/preda4.png\")
Globally, volumes are dominated by elections and sports betting. The contrast becomes starker when looking at other types of markets like ones focused on scientific discoveries, CEO replacements, AI predictions, economic indicators, or technological developments. They often struggle to attract meaningful participation. Polymarket’s data shows this clearly - while their election markets saw daily volumes exceeding $350 million during peak periods, most other markets struggle to maintain consistent daily volumes above $1 million.
To understand why prediction markets struggle to scale beyond a few high-profile events, we need to look at the three key types of participants in any financial market:
Speculators/Gamblers: They’re in it for the thrill and don’t necessarily have an edge. Think retail options traders or meme coin enthusiasts. They generally make -EV bets. They usually bet on events which the general population is interested in. They prefer to have quick resolutions and not wait weeks/months for the bet to resolve
Long-term Investors: They’re trying to build wealth over time through appreciating assets like stocks. (Ex: an average SIP investor)
Market Makers/Sharks: The sophisticated players who provide liquidity and try to profit from pricing inefficiencies. (Ex: SIG, Jane street, etc) They usually make +EV bets and are very PnL consious
The problem? None of these groups find most prediction markets particularly appealing. Prediction markets have a major demand side problem
Let’s break it down by user type:
Speculators/Gamblers only care about quick resolution:
![](\"/assets/files/preda6.png\")
Long-term Investors have zero interest in locking up money in prediction markets because:
Market Makers/Sharks can’t operate effectively because:
![](\"/assets/files/preda1.png\")
This leads to a chicken/egg problem. Without gamblers and long term investors providing liquidity, market makers won’t participate. Without them making markets efficient, the prices aren’t reliable enough to attract serious investment. And 99% of the markets are too small to justify professionals spending time researching them. If people actually wanted to bet on random things, financial insitutions would have dumbed it down for retail customers (like they did with stock options, futures etc)
Markets based on sports have some very nice qualities. They repeat predictably (lot of data points for market makers), are short-dated (conclude fast) and are generally very communal events with massive particiaption from the general public. This quick resolution is critical for attracting gamblers, who strongly prefer immediate results. Elections, while less frequent, generate similar dynamics because they attract massive public interest and thereby liquidity. The social element is crucial too. People are already fans of teams and political candidates, creating natural communities. This built-in audience provides the baseline liquidity for markets to function and scale up.
To put it simply, not enough people in the world care about random topics like whether the LK-99 superconductor paper can be replicated or whether we will make contact with aliens by 2030. I’ve intentionally ignored various subsidy mechanisms which bootstrap multiple prediction market contracts because they aren’t super relevant to the discussion.
To summarise, these markets they work when:
I think a general way these platforms wil grow is when they:
Prediction markets might be most valuable as an additional signal alongside other prediction methods, rather than trying to replace them entirely. They excel at aggregating information for events that people naturally want to bet on, and perhaps that’s exactly where they should stay. Not everything needs a prediction market - and that’s okay.
For them to have a future beyond sports and elections, they to invest heavily into cross selling categories beyond sports/crypto/elections and expland the actual TAM (mention, popculture, spotify, weather etc).
", "url": "https://rnikhil.com/2024/12/18/prediction-market-crypto", "date_published": "2024-12-18T00:00:00+00:00", "date_modified": "2024-12-18T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/09/22/rag-eval-tabular-data", "title": "How to (Accurately) Evaluate RAG Systems on Tabular Data", "summary": null, "content_text": "This post was cowritten by me and was originally published on Dynamo AI’s blog.In our previous post, we explored how retrieval-augmented generation (RAG) systems can face hallucination issues and how DynamoEval can accurately and effectively diagnose these errors.When RAG systems generate responses, the retrieved document may be in plain text format or a different format. Tables, in particular, post a challenge for large language models (LLMs) due to their complex structure and the computational demands of tabular queries.For instance, the state-of-the-art model exhibits an error rate of 32.69% on the WikiTableQuestion (WTQ) dataset, a standardized benchmark for tabular question-answering. Despite these significant errors, there’s a lack of dedicated RAG evaluation solutions focused on assessing pipelines that involve tabular data. We built DynamoEval to address this gap, as a comprehensive solution designed specifically to assess and enhance RAG systems dealing with tabular data.In this post, we explore how to evaluate RAG systems when the retrieved document is a table and the response requires logical or computational reasoning. An example of this is a RAG system working with tabular financial documents, such as the consolidated balance sheets from Apple’s 10-K report.Users may query the system with simple look-up questions, like “What is the total current asset of AAPL at the end of September, 2023? Respond in millions.” Or, they may use operation-focused queries, such as “By what percentage did the deferred revenue increase/decrease in September, 2023 compared to September, 2022? Round to the first decimal place.”Accurate and faithful responses would be “$143,566 million” or “Increased by 1.9%,” respectively. However, if the system provides “$135,405 million” or “Increased by 1.3%”, these responses should be be flagged as incorrect and unfaithful.DynamoEval excels in evaluating such responses by accurately assessing the correctness and faithfulness of the answers, addressing gaps left by existing evaluation solutions.In the following sections, we explore methods to enhance the evaluation capabilities of two critical aspects: Assessing the relevance of the table: This involves determining whether the table retrieved by the RAG system contains the necessary information to accurately answer the given query. Evaluating response correctness and faithfulness: This focuses on verifying whether the RAG system’s output is both accurate and faithful to the information in the retrieved table and the query.DynamoEval addresses these key areas to improve the diagnosis of RAG systems handling tabular data. Throughout the post, we use a series of test datasets, modified from a standard Tabular QA dataset WikiTableQuestion (WTQ), with some manual cleaning, curation, and augmentation. These curated datasets include queries, contexts, responses, and ground-truth binary labels indicating the quality (good/bad) of the contexts and responses for retrieval and faithfulness evaluation. The evaluators will classify these contexts and responses, and performance will be measured using accuracy, precision, and recall based on the ground-truth labels.Findings: Enhancing evaluation through improved promptingIt turns out that refining how we prompt an LLM can lead to substantial improvements. To evaluate this, we tested DynamoEval against leading retrieval-augmented generation (RAG) evaluation tools — RAGAS, LlamaIndex Evaluators, and Tonic Validate — with the goal of assessing effectiveness in retrieval relevance and response faithfulness.Additionally, we explore a multimodal evaluation approach. Instead of providing table content as text, we convert it into images and used a vision-language model (VLM), such as GPT-4 Vision, as an alternative to text-based table inputs.We also test a multimodal evaluation approach using image inputs as a baseline. Instead of providing table content as text, we converted the table into an image and fed it to a vision-language model (VLM), like GPT-4 Vision. These alternative methods provide insights into the effectiveness of different evaluation strategies.Because existing RAG evaluation solutions are primarily designed for evaluating textual data, we observe that they are not well-suited for tasks involving tables when used out-of-the-box, despite utilizing the same base model, such as GPT-4. However, DynamoEval demonstrates that significant performance improvements can be achieved through prompt optimizations. Some key factors contributing to this enhancement include: Instruction prompts for role assignment: By providing specific instructions to the model, particularly assigning it a well-defined role, the model can better understand its task and focus on the relevant aspects of the evaluation process. Chain of Thought (CoT) prompting: Encouraging the model to outline the steps taken to reach a conclusion enables a more structured and transparent evaluation process. This approach allows for a clearer understanding of the model’s reasoning and decision-making process. Response structure optimization: Instructing the model to state its decision at the end of the response, after generating a step-by-step explanation, promotes a more correct decision. This structure ensures that the model’s conclusion is well-conditioned on the explanations. Binary decision output: Instead of generating scores, prompting the model to output a binary decision (e.g., correct or incorrect) simplifies the evaluation process and provides a clear-cut assessment of the RAG system’s performance.By incorporating these prompt optimization techniques, DynamoEval showcases its ability to significantly enhance the evaluation of RAG systems when dealing with tabular data, surpassing the limitations of existing solutions.The choice of base model for evaluation mattersWe have observed that the performance of the evaluation process varies significantly depending on the choice of the base LLM, even when using the same optimized prompts. The plot below illustrates the performance of GPT (3.5) and Mistral (small) models on faithfulness evaluation using different versions of prompts: Vanilla: Vanilla prompting (no Chain of Thought), with the decision stated before the explanation CoT: Chain of Thought prompting, with the decision stated before the explanation CoT + Optimized: Chain of Thought prompting, with the decision stated after the explanationThe results demonstrate that CoT prompting and stating the decision after the explanation provides a greater benefit to the GPT model compared to the Mistral model. However, both models ultimately exhibit lower performance compared to the GPT-4 model discussed earlier.More on operation-heavy queriesWhen working with tabular data, it is common to encounter queries that demand more complex operations or logical reasoning over the contents of the table. To better understand how models perform in this scenario, we manually created a dataset based on the WikiTableQuestion (WTQ) dataset, specifically focusing on queries that heavily rely on operations. We evaluate the faithfulness performance on a set of questions that involves various types of operations, including addition, subtraction, variance, standard deviation, counting, averaging and percentage calculations.By assessing the models’ performance on this curated dataset, we aim to gain insights into their capabilities and limitations when dealing with more complex queries involving tabular data. The below figure demonstrates DynamoEval’s performance compared to other RAG evaluation solutions.While DynamoEval shows a slightly lower performance compared to the previous set of “easier” queries, it is still able to significantly outperform existing solutions. We describe some preliminary patterns from the failure cases, which will be useful to further investigate and categorize the types of queries/tables the evaluator model is particularly weak at:Operation involving a long list of entries It is more likely to fail when the table is long and therefore requires more entries to consider for operations. In the examples below, the model failed to identify the given responses as accurate and faithful, by failing to carry out calculations from a long list of entries or miscounting the entries from a long table.Example 1Example 2Errors in filtering the correct entries There were occasional errors for smaller tables in filtering the correct entries to consider. In the examples below, the model failed to identify the given responses as accurate and faithful by incorrectly considering the rows that did not satisfy the conditions set by the query.Example 1Example 2Evaluating the performance of RAG systems involving table data presents unique challenges due to the inherent differences between tabular and textual content. Our findings demonstrate that DynamoEval, with its optimized prompting techniques, significantly outperforms existing RAG evaluation solutions in assessing the relevance of retrieved tables and the faithfulness of generated responses. Through our curated datasets based on the WikiTableQuestion (WTQ) benchmark, we have identified key areas where the evaluator models may struggle, particularly when dealing with complex queries involving lengthy tables or multiple logical operations. By further understanding these limitations, we can focus our efforts on developing more robust and reliable diagnostics for RAG systems that can handle a wider range of tabular data and query types.How Dynamo AI can helpAt Dynamo AI, we’re committed to helping organizations measure and mitigate RAG hallucination effectively. Our comprehensive RAG evaluation offering provides deep insights into model performance, enabling teams to identify and address weaknesses in their RAG pipelines.We also offer a range of AI privacy and security solutions to help you build trustworthy and responsible AI systems. To learn more about how Dynamo AI can help you evaluate and improve your RAG pipelines, or to explore our AI privacy and security offerings, please request a demo here.", "content_html": "This post was cowritten by me and was originally published on Dynamo AI’s blog.
![](\"/assets/files/raga1.png\")
In our previous post, we explored how retrieval-augmented generation (RAG) systems can face hallucination issues and how DynamoEval can accurately and effectively diagnose these errors.
When RAG systems generate responses, the retrieved document may be in plain text format or a different format. Tables, in particular, post a challenge for large language models (LLMs) due to their complex structure and the computational demands of tabular queries.
For instance, the state-of-the-art model exhibits an error rate of 32.69% on the WikiTableQuestion (WTQ) dataset, a standardized benchmark for tabular question-answering. Despite these significant errors, there’s a lack of dedicated RAG evaluation solutions focused on assessing pipelines that involve tabular data. We built DynamoEval to address this gap, as a comprehensive solution designed specifically to assess and enhance RAG systems dealing with tabular data.
In this post, we explore how to evaluate RAG systems when the retrieved document is a table and the response requires logical or computational reasoning. An example of this is a RAG system working with tabular financial documents, such as the consolidated balance sheets from Apple’s 10-K report.
Users may query the system with simple look-up questions, like “What is the total current asset of AAPL at the end of September, 2023? Respond in millions.” Or, they may use operation-focused queries, such as “By what percentage did the deferred revenue increase/decrease in September, 2023 compared to September, 2022? Round to the first decimal place.”
Accurate and faithful responses would be “$143,566 million” or “Increased by 1.9%,” respectively. However, if the system provides “$135,405 million” or “Increased by 1.3%”, these responses should be be flagged as incorrect and unfaithful.
DynamoEval excels in evaluating such responses by accurately assessing the correctness and faithfulness of the answers, addressing gaps left by existing evaluation solutions.
![](\"/assets/files/raga2.png\")
In the following sections, we explore methods to enhance the evaluation capabilities of two critical aspects:
DynamoEval addresses these key areas to improve the diagnosis of RAG systems handling tabular data. Throughout the post, we use a series of test datasets, modified from a standard Tabular QA dataset WikiTableQuestion (WTQ), with some manual cleaning, curation, and augmentation. These curated datasets include queries, contexts, responses, and ground-truth binary labels indicating the quality (good/bad) of the contexts and responses for retrieval and faithfulness evaluation. The evaluators will classify these contexts and responses, and performance will be measured using accuracy, precision, and recall based on the ground-truth labels.
It turns out that refining how we prompt an LLM can lead to substantial improvements. To evaluate this, we tested DynamoEval against leading retrieval-augmented generation (RAG) evaluation tools — RAGAS, LlamaIndex Evaluators, and Tonic Validate — with the goal of assessing effectiveness in retrieval relevance and response faithfulness.
Additionally, we explore a multimodal evaluation approach. Instead of providing table content as text, we convert it into images and used a vision-language model (VLM), such as GPT-4 Vision, as an alternative to text-based table inputs.
We also test a multimodal evaluation approach using image inputs as a baseline. Instead of providing table content as text, we converted the table into an image and fed it to a vision-language model (VLM), like GPT-4 Vision. These alternative methods provide insights into the effectiveness of different evaluation strategies.
![](\"/assets/files/raga3.png\")
![](\"/assets/files/raga4.png\")
Because existing RAG evaluation solutions are primarily designed for evaluating textual data, we observe that they are not well-suited for tasks involving tables when used out-of-the-box, despite utilizing the same base model, such as GPT-4. However, DynamoEval demonstrates that significant performance improvements can be achieved through prompt optimizations. Some key factors contributing to this enhancement include:
By incorporating these prompt optimization techniques, DynamoEval showcases its ability to significantly enhance the evaluation of RAG systems when dealing with tabular data, surpassing the limitations of existing solutions.
We have observed that the performance of the evaluation process varies significantly depending on the choice of the base LLM, even when using the same optimized prompts. The plot below illustrates the performance of GPT (3.5) and Mistral (small) models on faithfulness evaluation using different versions of prompts:
![](\"/assets/files/raga5.png\")
![](\"/assets/files/raga6.png\")
The results demonstrate that CoT prompting and stating the decision after the explanation provides a greater benefit to the GPT model compared to the Mistral model. However, both models ultimately exhibit lower performance compared to the GPT-4 model discussed earlier.
When working with tabular data, it is common to encounter queries that demand more complex operations or logical reasoning over the contents of the table. To better understand how models perform in this scenario, we manually created a dataset based on the WikiTableQuestion (WTQ) dataset, specifically focusing on queries that heavily rely on operations. We evaluate the faithfulness performance on a set of questions that involves various types of operations, including addition, subtraction, variance, standard deviation, counting, averaging and percentage calculations.
By assessing the models’ performance on this curated dataset, we aim to gain insights into their capabilities and limitations when dealing with more complex queries involving tabular data. The below figure demonstrates DynamoEval’s performance compared to other RAG evaluation solutions.
![](\"/assets/files/raga7.png\")
While DynamoEval shows a slightly lower performance compared to the previous set of “easier” queries, it is still able to significantly outperform existing solutions. We describe some preliminary patterns from the failure cases, which will be useful to further investigate and categorize the types of queries/tables the evaluator model is particularly weak at:
![](\"/assets/files/raga8.png\")
![](\"/assets/files/raga9.png\")
![](\"/assets/files/raga10.png\")
![](\"/assets/files/raga11.png\")
Evaluating the performance of RAG systems involving table data presents unique challenges due to the inherent differences between tabular and textual content. Our findings demonstrate that DynamoEval, with its optimized prompting techniques, significantly outperforms existing RAG evaluation solutions in assessing the relevance of retrieved tables and the faithfulness of generated responses. Through our curated datasets based on the WikiTableQuestion (WTQ) benchmark, we have identified key areas where the evaluator models may struggle, particularly when dealing with complex queries involving lengthy tables or multiple logical operations. By further understanding these limitations, we can focus our efforts on developing more robust and reliable diagnostics for RAG systems that can handle a wider range of tabular data and query types.
At Dynamo AI, we’re committed to helping organizations measure and mitigate RAG hallucination effectively. Our comprehensive RAG evaluation offering provides deep insights into model performance, enabling teams to identify and address weaknesses in their RAG pipelines.
We also offer a range of AI privacy and security solutions to help you build trustworthy and responsible AI systems. To learn more about how Dynamo AI can help you evaluate and improve your RAG pipelines, or to explore our AI privacy and security offerings, please request a demo here.
", "url": "https://rnikhil.com/2024/09/22/rag-eval-tabular-data", "date_published": "2024-09-22T00:00:00+00:00", "date_modified": "2024-09-22T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/09/22/rag-eval-hallucination", "title": "Tackling the Explainability Gap in RAG Hallucination Evals", "summary": null, "content_text": "This post was cowritten by me and was originally published on Dynamo AI’s blog.As many of our enterprise customers move from PoC to production LLM deployment, we find that enterprises need to demonstrate robust reliability testing of their AI systems. The tendency for LLMs to “hallucinate” incorrect or inconsistent outputs remains a major challenge for enterprises at this stage.In a recent example, Air Canada’s chatbot hallucinated information about refunds and discounts, leading to significant confusion and complaints. Moreover, for highly-regulated enterprises such as financial institutions, regulators like the Consumer Financial Protection Bureau have highlighted that “deficient chatbots” can lead to a “risk of noncompliance with federal consumer financial laws.”Specifically, the CFPB states that a chatbot “providing inaccurate information regarding a consumer financial product or service, for example, could be catastrophic. It could lead to the assessment of inappropriate fees, which in turn could lead to worse outcomes such as default, resulting in the customer selecting an inferior option or consumer financial product, or other harms.”While retrieval-augmented generation (RAG) aims to reduce hallucinations by grounding outputs in retrieved passages, enterprises deploying RAG still typically see high degrees of hallucinations during their testing. To safely deploy LLMs, enterprises are beginning to widely integrate routine hallucination evaluators to measure and trace the root causes of hallucinations in their RAG pipelines.While open-source LLM evaluators have played an important role in the evolution of this space, we find that regulated enterprises that are moving LLMs into real production environments require an enterprise-grade solution that includes more explainable metrics and alignment with regulatory standards for comprehensive red-teaming. For example, most of our customers who have experimented with open-source LLM evaluators are still left with key unresolved questions such as: Without an interpretable hallucination risk score, what is an acceptable “threshold score” for deploying LLMs into production? If my AI system is not meeting a satisfactory hallucination risk score, what actionable steps can I take to mitigate hallucinations? How can I explain the testing I’ve performed to regulators and meaningfully explain residual risk that may exist?In this post, we’ll explore the challenges enterprises face in tackling RAG hallucinations, the limitations of existing tools, and introduce Dynamo AI’s comprehensive solution for measuring and tracking these issues.Limitation of existing toolsWhile many tools exist for evaluating the degree of hallucination for RAG applications, major limitations include the following: Less interpretable metrics. Usually, evaluation metrics will simply output a score value between 0 and 1. Oftentimes, these scores may not be well-calibrated or can be too difficult to understand. For instance, one prominent metric for measuring text relevance is embedding similarity, which uses the cosine distance of two embedded texts. While the range of this distance value is normalized to be between 0 and 1, it is generally unclear how to interpret these scores and what range of scores is considered good or bad. Lack of fine-grained, actionable analysis for model improvements. Usually, the evaluation stops at the point where the evaluation scores are computed. Further analysis of detailed error cases that can lead to potential improvements of the system is not present in most of the tools. It’s not clear which part of the RAG pipeline, the retriever or the response generator, needs to be improved based on the metrics and diving deeper into a topic level analysis is also not straightforward. Dynamo AI’s RAG hallucination evaluationDynamo AI provides a comprehensive RAG evaluation solution that assesses model performance across multiple metrics: Retrieval relevance: Represents the relevance of the documents retrieved from the vector database using the embedding model for each query. Faithfulness: Evaluates whether the generated response is consistent with the retrieved documents. Response relevance: Determines if the generated response adequately addresses the given query.Dynamo AI leverages purpose-built models for each evaluation task, ensuring cost-efficiency and enabling in-depth analysis. Further, the platform offers actionable insights by identifying topic clusters where the RAG pipeline underperforms and categorizing errors by issue type for in-depth analysis. To demonstrate our solution, we ran our RAG hallucination tests against the MultiDoc2Dial dataset and compared the results with RAGAS for reference.Accurate and interpretable performance metricsIn a head-to-head comparison, DynamoEval’s RAG hallucination suite outperformed RAGAS in a classification task of identifying good/bad context/responses given a query. We measured accuracy and area under the receiver operating characteristic (AUROC) across the following metrics: Retrieval Relevance, Faithfulness, and Response Relevance. The following improvements in performance have been achieved through additional prompt optimizations and the use of performant task-specific models.DynamoEval, unlike RAGAS, returns both the relevance/faithfulness scores and binary labels (good/bad). Test results with only the scores tend to be more ambiguous due to the difficulties associated with drawing a clear threshold demarcating good and bad.The receiver operating characteristic (ROC) curves and the resulting AUROC values shown below demonstrate that the relevance/faithfulness scores from DyamoEval are more accurate in diagnosing Retrieval Relevance, Faithfulness, and Response Relevance.Easier interpretation of Response Relevance test resultsEasy interpretation of Retrieval Relevance test resultsInvestigate sources of error using topic level clusteringDynamoEval does not stop at generating classification labels and scores for each metrics, but further clusters the input queries based on different topics to provide additional insights for sources of errors and improvements. Analyzing hallucination metrics at a topic-level enables targeted data augmentation and model fine-tuning to address weak areas.The results explored below are based on the aforementioned test between DynamoEval and RAGAS, wherein we constructed a binary classification dataset from Multidoc2dial, evaluated RAGAS and DynamoEval using accuracy and AUROC, and compared their performance. We also analyzed individual topics for their RAG metrics to dive deeper into specific areas of performance within the RAG pipeline.For the “student scholarship” topic, Retrieval Relevance is low at 0% (0% of tested queries in this topic retrieved the correct document chunk). This suggests that there may be opportunities for improvements in the retrieval mechanism. One possible reason for the low Retrieval Relevance score could be that the vector database used in the test lacks sufficient information on student scholarships, which could be improved through the injection of additional scholarship-topic related documents to the vector database.Another possible reason for the low Retrieval Relevance score could be that the embedding model used as part of the retriever is not performant enough to identify the correct scholarship-topic related documents, in which case additional fine-tuning of the embedding model may be necessary.Faithfulness is also relatively low for the “disability eligibility” topic at 9%, indicating that the generator model struggles to produce information consistent with the retrieved documents, even if they are relevant. Augmenting the training data with more ground-truth, question-context-answer pairs related to disabilities could help fine-tune the generator to be more faithful.Using the labels from the above section, we can drill deeper into our topic-specific metrics to find out whether any poor-performance metric was related to either a generator or retriever related problem. The analysis looks at combinations of Retrieval Relevance, Faithfulness, and Response Relevance to pinpoint issues.For example, if Retrieval Relevance and Response Relevance are both high but Faithfulness is low, it may suggest that the generator is not leveraging the retrieved information properly; or if Retrieval Relevance is low but Faithfulness and Response Relevance are high, the retriever may be the source of the problem (see the example below).In conclusion, Dynamo AI’s evaluation suite for RAG addresses two major limitations in existing tools: A lack of interpretable metrics, which is addressed via more intuitive and accurate set of classification labels and scores A lack of fine-grained, detailed analysis of the errors for actionable improvements, which is addressed with topic-level clustering and error type analysisComparison methodology with RAGAS Dynamo AI took the Multidoc2dial dataset as the base dataset and constructed a classification dataset with binary labels Positive data points were taken directly from the original dataset. Negative data points were taken by perturbing the context and answers from the original dataset. Dynamo AI then ran RAGAS and DynamoEval on both positive and negative data points to compare their classification performance. The performance metrics used were Accuracy and AUROC. AUROC computes the area under the ROC curve, plotting the true positive rate (i.e., probability of positive classification given the positive example) against the false positive rate (i.e., probability of positive classification given the negative example) for various thresholds. Bigger values that are closer to 1 are considered better. To compute accuracy, Dynamo AI chose the threshold that maximized the F1 score for RAGAS to binarize the generated scores into labels, and directly used the labels generated by DynamoEval.Running a DynamoEval RAG hallucination test from the SDKDynamo AI provides an easily configurable SDK method to set up and run the RAG hallucination test by specifying the following parameters: name: name of the test model_key: model key for the generator model tested datsaet_id: dataset id containing queries for the RAG input_column: column name from the dataset that contains queries for the RAG prompt_template: prompt template used to synthesize the retrieved contexts and the query. vector_db: configuration of the vector database rag_hallucination_metrics: metrics used for the test (Retrieval elevance, Response elevance, Faithfulness) topic_list: list of topics that could be used for clustering the input queries for better error analysis. If not provided, it will cluster and automatically detect representative topical keywords from each cluster to show. grid: a set of test hyperparameters to be searched (model’s temperature, generated sequence length, and number of top-k contexts to be retrieved) gpu: type and number of GPU(s) to be used for the testHow Dynamo AI can helpAt Dynamo AI, we are committed to helping organizations measure and mitigate RAG hallucination effectively. Our comprehensive RAG evaluation offering provides deep insights into model performance, enabling teams to identify and address weaknesses in their RAG pipelines.We also offer a range of AI privacy and security solutions to help you build trustworthy and responsible AI systems. To learn more about how Dynamo AI can help you evaluate and improve your RAG models, or to explore our AI privacy and security offerings, please request a demo.", "content_html": "This post was cowritten by me and was originally published on Dynamo AI’s blog.
![](\"/assets/files/rag1.png\")
As many of our enterprise customers move from PoC to production LLM deployment, we find that enterprises need to demonstrate robust reliability testing of their AI systems. The tendency for LLMs to “hallucinate” incorrect or inconsistent outputs remains a major challenge for enterprises at this stage.
In a recent example, Air Canada’s chatbot hallucinated information about refunds and discounts, leading to significant confusion and complaints. Moreover, for highly-regulated enterprises such as financial institutions, regulators like the Consumer Financial Protection Bureau have highlighted that “deficient chatbots” can lead to a “risk of noncompliance with federal consumer financial laws.”
Specifically, the CFPB states that a chatbot “providing inaccurate information regarding a consumer financial product or service, for example, could be catastrophic. It could lead to the assessment of inappropriate fees, which in turn could lead to worse outcomes such as default, resulting in the customer selecting an inferior option or consumer financial product, or other harms.”
While retrieval-augmented generation (RAG) aims to reduce hallucinations by grounding outputs in retrieved passages, enterprises deploying RAG still typically see high degrees of hallucinations during their testing. To safely deploy LLMs, enterprises are beginning to widely integrate routine hallucination evaluators to measure and trace the root causes of hallucinations in their RAG pipelines.
While open-source LLM evaluators have played an important role in the evolution of this space, we find that regulated enterprises that are moving LLMs into real production environments require an enterprise-grade solution that includes more explainable metrics and alignment with regulatory standards for comprehensive red-teaming. For example, most of our customers who have experimented with open-source LLM evaluators are still left with key unresolved questions such as:
In this post, we’ll explore the challenges enterprises face in tackling RAG hallucinations, the limitations of existing tools, and introduce Dynamo AI’s comprehensive solution for measuring and tracking these issues.
While many tools exist for evaluating the degree of hallucination for RAG applications, major limitations include the following:
Dynamo AI provides a comprehensive RAG evaluation solution that assesses model performance across multiple metrics:
Dynamo AI leverages purpose-built models for each evaluation task, ensuring cost-efficiency and enabling in-depth analysis. Further, the platform offers actionable insights by identifying topic clusters where the RAG pipeline underperforms and categorizing errors by issue type for in-depth analysis. To demonstrate our solution, we ran our RAG hallucination tests against the MultiDoc2Dial dataset and compared the results with RAGAS for reference.
In a head-to-head comparison, DynamoEval’s RAG hallucination suite outperformed RAGAS in a classification task of identifying good/bad context/responses given a query. We measured accuracy and area under the receiver operating characteristic (AUROC) across the following metrics: Retrieval Relevance, Faithfulness, and Response Relevance. The following improvements in performance have been achieved through additional prompt optimizations and the use of performant task-specific models.
![](\"/assets/files/rag2.png\")
DynamoEval, unlike RAGAS, returns both the relevance/faithfulness scores and binary labels (good/bad). Test results with only the scores tend to be more ambiguous due to the difficulties associated with drawing a clear threshold demarcating good and bad.
The receiver operating characteristic (ROC) curves and the resulting AUROC values shown below demonstrate that the relevance/faithfulness scores from DyamoEval are more accurate in diagnosing Retrieval Relevance, Faithfulness, and Response Relevance.
![](\"/assets/files/rag3.png\")
![](\"/assets/files/rag4.png\")
Easier interpretation of Response Relevance test results
![\"\"](\"https://cdn.prod.website-files.com/66030bc3057ae1e90ac956b7/66b694054e7371362faee8f8_66294456ae6ed9a24e4a9b71_Retrieval%2520Relevance.png\")
Easy interpretation of Retrieval Relevance test results
DynamoEval does not stop at generating classification labels and scores for each metrics, but further clusters the input queries based on different topics to provide additional insights for sources of errors and improvements. Analyzing hallucination metrics at a topic-level enables targeted data augmentation and model fine-tuning to address weak areas.
The results explored below are based on the aforementioned test between DynamoEval and RAGAS, wherein we constructed a binary classification dataset from Multidoc2dial, evaluated RAGAS and DynamoEval using accuracy and AUROC, and compared their performance. We also analyzed individual topics for their RAG metrics to dive deeper into specific areas of performance within the RAG pipeline.
For the “student scholarship” topic, Retrieval Relevance is low at 0% (0% of tested queries in this topic retrieved the correct document chunk). This suggests that there may be opportunities for improvements in the retrieval mechanism. One possible reason for the low Retrieval Relevance score could be that the vector database used in the test lacks sufficient information on student scholarships, which could be improved through the injection of additional scholarship-topic related documents to the vector database.
Another possible reason for the low Retrieval Relevance score could be that the embedding model used as part of the retriever is not performant enough to identify the correct scholarship-topic related documents, in which case additional fine-tuning of the embedding model may be necessary.
![](\"/assets/files/rag6.png\")
Faithfulness is also relatively low for the “disability eligibility” topic at 9%, indicating that the generator model struggles to produce information consistent with the retrieved documents, even if they are relevant. Augmenting the training data with more ground-truth, question-context-answer pairs related to disabilities could help fine-tune the generator to be more faithful.
![](\"/assets/files/rag7.png\")
Using the labels from the above section, we can drill deeper into our topic-specific metrics to find out whether any poor-performance metric was related to either a generator or retriever related problem. The analysis looks at combinations of Retrieval Relevance, Faithfulness, and Response Relevance to pinpoint issues.
For example, if Retrieval Relevance and Response Relevance are both high but Faithfulness is low, it may suggest that the generator is not leveraging the retrieved information properly; or if Retrieval Relevance is low but Faithfulness and Response Relevance are high, the retriever may be the source of the problem (see the example below).
![](\"/assets/files/rag8.png\")
In conclusion, Dynamo AI’s evaluation suite for RAG addresses two major limitations in existing tools:
Dynamo AI provides an easily configurable SDK method to set up and run the RAG hallucination test by specifying the following parameters:
![](\"/assets/files/rag9.png\")
name: name of the testmodel_key: model key for the generator model testeddatsaet_id: dataset id containing queries for the RAGinput_column: column name from the dataset that contains queries for the RAGprompt_template: prompt template used to synthesize the retrieved contexts and the query.vector_db: configuration of the vector databaserag_hallucination_metrics: metrics used for the test (Retrieval elevance, Response elevance, Faithfulness)topic_list: list of topics that could be used for clustering the input queries for better error analysis. If not provided, it will cluster and automatically detect representative topical keywords from each cluster to show.grid: a set of test hyperparameters to be searched (model’s temperature, generated sequence length, and number of top-k contexts to be retrieved)gpu: type and number of GPU(s) to be used for the test
At Dynamo AI, we are committed to helping organizations measure and mitigate RAG hallucination effectively. Our comprehensive RAG evaluation offering provides deep insights into model performance, enabling teams to identify and address weaknesses in their RAG pipelines.
We also offer a range of AI privacy and security solutions to help you build trustworthy and responsible AI systems. To learn more about how Dynamo AI can help you evaluate and improve your RAG models, or to explore our AI privacy and security offerings, please request a demo.
", "url": "https://rnikhil.com/2024/09/22/rag-eval-hallucination", "date_published": "2024-09-22T00:00:00+00:00", "date_modified": "2024-09-22T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/09/22/differential-privacy-llm", "title": "Unlocking Differential Privacy for >7B Parameter LLMs", "summary": null, "content_text": "This post was cowritten by me and was originally published on Dynamo AI’s blog.Recent research shows that large language models (LLMs) are often prone to memorizing their training and fine-tuning datasets. This is a vulnerability that can be exploited by adversarial attacks, where malicious actors craft specific prompts to extract sensitive information from these models.For organizations developing and deploying LLMs, this presents a significant risk to data security and privacy. Differential privacy (DP) helps mitigate this risk by strategically injecting statistical noise during the training process. This technique controls the risk of data memorization, while balancing privacy and performance.Given its effectiveness, differential privacy is being closely examined by federal agencies as a key defense against adversarial attacks and data leakage in LLMs. The National Institute of Standards and Technology (NIST), which developed the widely used NIST AI Risk Management Framework, endorsed differential privacy as the most reliable method for ensuring robust privacy protection against both known and future attacks, even with multiple data releases.Other government organizations, like the U.S. Census Bureau, are starting to adopt differential privacy as core component of their data protection strategies. To expand the use of privacy-preserving machine learning, it’s crucial to develop differential privacy solutions that can efficiently handle large datasets and complex applications. “Differential privacy is currently the best known method for providing robust privacy protection against known and future attacks, even in the face of multiple data releases.” — The National Institute of Standards and Technology (NIST)Challenges in adopting differential privacy for LLMsDespite its promise for safeguarding LLMs, differential privacy adoption has faced significant challenges. The sheer magnitude of LLMs, some of which have trillions of parameters, poses significant hurdles for engineers.The traditional Differentially-Private Stochastic Gradient Descent (DP-SGD), which computes individual, per-sample gradients, significantly slows down training compared to standard neural network methods. This is because DP-SGD loses the parallel processing benefits of GPUs, resulting in longer training times and higher GPU memory requirements.The previous state-of-the-art in differentially private fine-tuning struggled with models exceeding approximately 1.5 billion parameters. Practitioners faced challenges with limited throughput and extremely long training durations. The memory constraints of these methods made it challenging to train on anything other than high-end GPUs, like the A100 (40GB, 80GB), resulting in costly and complex implementation.Moreover, current differential privacy frameworks, such as the Opacus library, aren’t well-stuied for large LLM workloads. While Opacus supports Distributed Data Parallel (DDP) training, it lacks model sharding capabilities.DDP replicates the entire model on each GPU, which can lead to memory constraints when handling large models. This limitation made it difficult or nearly impossible to train LLMs with billions of parameters efficiently across multiple GPUs. As a result, the lack of model sharding in Opacus has hindered the scalability and practicality of differentially private training for large-scale deep learning models.Apply differential privacy at scale with DynamoEnhanceBu et al. developed a new approach called DP-ZeRO to enable large-scale differentially private deep learning using the DeepSpeed library. DeepSpeed, known for its Zero Redundancy Optimizer (ZeRO), enhances training speed and reduces memory usage when working with large models across multiple GPUs. The researchers have extended DeepSpeed to support differentially private training, proving that effective privacy injection is achievable with the right techniques.DP-ZeRO opens up exciting opportunities for Dynamo AI to build upon the work and integrate scalable differential privacy in DynamoEnhance. By leveraging DeepSpeed’s multi-GPU model sharding capabilities and incorporating differential privacy into the distributed training process, DynamoEnhance offers enhanced data protection and privacy without sacrificing the power of large-scale models.This is where we come in. DynamoEnhance’s MultiGPU privacy framework, built on the DeepSpeed library, seamlessly integrates differential privacy. It features user-friendly Trainers inspired by popular transformers and TRL (Transformer Reinforcement library) libraries, making advanced privacy protection accessible while optimizing model performance.from dynamofl.privacy import DPTrainer, PrivacyArguments# model, tokenizer = ...# train_dataset, eval_dataset = ...privacy_args = PrivacyArguments(target_epsilon=1.0)trainer = DPTrainer( model=model, tokenizer=tokenizer, args=train_args, privacy_args=privacy_args, train_dataset=train_dataset, eval_dataset=eval_dataset)trainer.train()In the above example, we set the target epsilon value in our PrivacyArguments, where Epsilon represents the “privacy budget.” A lower epsilon value indicates less privacy expenditure, resulting in more noise being added to the gradients. Conversely, a higher epsilon value means a larger privacy budget and less noice to the gradients, offering reduced privacy protection.By leveraging DeepSpeed and incorporating innovative techniques, DynamoEnhance enables efficient, scalable training of LLMs while maintaining robust privacy guarantees and accommodating larger batch sizes.This cutting-edge approach differentiates our solution by providing enterprise customers with an effective and easy-to-use approach to safeguarding sensitive data with differential privacy, while harnessing the power of LLMs.Our technology supports MultiGPU model sharding in ways not previously achievable with existing differential privacy libraries. The DynamoEnhance MultiGPU Differential Privacy SDK is compatible with popular training libraries and methods, including Hugging Face, mixed precision, quantized training like BitsAndBytes, Mixture of Quantization (MoQ), LoRA fine-tuning, flash attention, and accelerate. We support leading LLMs such as Llama-70B, Mistral-8x7B, and more.Empowering enterprise customers with differential privacyAt Dynamo AI, our mission is to empower enterprise customers with the tools and knowledge necessary to unlock the potential of differential privacy. We offer comprehensive documentation and QuickStart guides that enable users to effortlessly experiment with differential privacy fine-tuning of LLMs, regardless of their technical expertise.By prioritizing accessibility and usability, we aim to make privacy-enhancing technologies available to a broader audience, beyond just those with a formal background in privacy-preserving machine learning.As LLMs become more powerful and prevalent, the risk of exposing sensitive information from training datasets increases. Dynamo AI provides comprehensive privacy solutions that help teams effectively measure, address, and prevent data leakage, ensuring the responsible deployment and use of LLMs while protecting sensitive information.We also offer a range of AI privacy and security solutions to help you build trustworthy and responsible AI systems. To learn more about Dynamo AI and to explore our privacy and security offerings, request a demo today.", "content_html": "This post was cowritten by me and was originally published on Dynamo AI’s blog.
![](\"/assets/files/dpmain.png\")
Recent research shows that large language models (LLMs) are often prone to memorizing their training and fine-tuning datasets. This is a vulnerability that can be exploited by adversarial attacks, where malicious actors craft specific prompts to extract sensitive information from these models.
For organizations developing and deploying LLMs, this presents a significant risk to data security and privacy. Differential privacy (DP) helps mitigate this risk by strategically injecting statistical noise during the training process. This technique controls the risk of data memorization, while balancing privacy and performance.
Given its effectiveness, differential privacy is being closely examined by federal agencies as a key defense against adversarial attacks and data leakage in LLMs. The National Institute of Standards and Technology (NIST), which developed the widely used NIST AI Risk Management Framework, endorsed differential privacy as the most reliable method for ensuring robust privacy protection against both known and future attacks, even with multiple data releases.
Other government organizations, like the U.S. Census Bureau, are starting to adopt differential privacy as core component of their data protection strategies. To expand the use of privacy-preserving machine learning, it’s crucial to develop differential privacy solutions that can efficiently handle large datasets and complex applications.
“Differential privacy is currently the best known method for providing robust privacy protection against known and future attacks, even in the face of multiple data releases.” — The National Institute of Standards and Technology (NIST)
![](\"/assets/files/dynaproc.png\")
Despite its promise for safeguarding LLMs, differential privacy adoption has faced significant challenges. The sheer magnitude of LLMs, some of which have trillions of parameters, poses significant hurdles for engineers.
The traditional Differentially-Private Stochastic Gradient Descent (DP-SGD), which computes individual, per-sample gradients, significantly slows down training compared to standard neural network methods. This is because DP-SGD loses the parallel processing benefits of GPUs, resulting in longer training times and higher GPU memory requirements.
The previous state-of-the-art in differentially private fine-tuning struggled with models exceeding approximately 1.5 billion parameters. Practitioners faced challenges with limited throughput and extremely long training durations. The memory constraints of these methods made it challenging to train on anything other than high-end GPUs, like the A100 (40GB, 80GB), resulting in costly and complex implementation.
Moreover, current differential privacy frameworks, such as the Opacus library, aren’t well-stuied for large LLM workloads. While Opacus supports Distributed Data Parallel (DDP) training, it lacks model sharding capabilities.
DDP replicates the entire model on each GPU, which can lead to memory constraints when handling large models. This limitation made it difficult or nearly impossible to train LLMs with billions of parameters efficiently across multiple GPUs. As a result, the lack of model sharding in Opacus has hindered the scalability and practicality of differentially private training for large-scale deep learning models.
![](\"/assets/files/dp1.png\")
![](\"/assets/files/dp2.png\")
Bu et al. developed a new approach called DP-ZeRO to enable large-scale differentially private deep learning using the DeepSpeed library. DeepSpeed, known for its Zero Redundancy Optimizer (ZeRO), enhances training speed and reduces memory usage when working with large models across multiple GPUs. The researchers have extended DeepSpeed to support differentially private training, proving that effective privacy injection is achievable with the right techniques.
DP-ZeRO opens up exciting opportunities for Dynamo AI to build upon the work and integrate scalable differential privacy in DynamoEnhance. By leveraging DeepSpeed’s multi-GPU model sharding capabilities and incorporating differential privacy into the distributed training process, DynamoEnhance offers enhanced data protection and privacy without sacrificing the power of large-scale models.
This is where we come in. DynamoEnhance’s MultiGPU privacy framework, built on the DeepSpeed library, seamlessly integrates differential privacy. It features user-friendly Trainers inspired by popular transformers and TRL (Transformer Reinforcement library) libraries, making advanced privacy protection accessible while optimizing model performance.
from dynamofl.privacy import DPTrainer, PrivacyArguments# model, tokenizer = ...# train_dataset, eval_dataset = ...privacy_args = PrivacyArguments(target_epsilon=1.0)trainer = DPTrainer( model=model, tokenizer=tokenizer, args=train_args, privacy_args=privacy_args, train_dataset=train_dataset, eval_dataset=eval_dataset)trainer.train()In the above example, we set the target epsilon value in our PrivacyArguments, where Epsilon represents the “privacy budget.” A lower epsilon value indicates less privacy expenditure, resulting in more noise being added to the gradients. Conversely, a higher epsilon value means a larger privacy budget and less noice to the gradients, offering reduced privacy protection.
By leveraging DeepSpeed and incorporating innovative techniques, DynamoEnhance enables efficient, scalable training of LLMs while maintaining robust privacy guarantees and accommodating larger batch sizes.
This cutting-edge approach differentiates our solution by providing enterprise customers with an effective and easy-to-use approach to safeguarding sensitive data with differential privacy, while harnessing the power of LLMs.
Our technology supports MultiGPU model sharding in ways not previously achievable with existing differential privacy libraries. The DynamoEnhance MultiGPU Differential Privacy SDK is compatible with popular training libraries and methods, including Hugging Face, mixed precision, quantized training like BitsAndBytes, Mixture of Quantization (MoQ), LoRA fine-tuning, flash attention, and accelerate. We support leading LLMs such as Llama-70B, Mistral-8x7B, and more.
At Dynamo AI, our mission is to empower enterprise customers with the tools and knowledge necessary to unlock the potential of differential privacy. We offer comprehensive documentation and QuickStart guides that enable users to effortlessly experiment with differential privacy fine-tuning of LLMs, regardless of their technical expertise.
By prioritizing accessibility and usability, we aim to make privacy-enhancing technologies available to a broader audience, beyond just those with a formal background in privacy-preserving machine learning.
As LLMs become more powerful and prevalent, the risk of exposing sensitive information from training datasets increases. Dynamo AI provides comprehensive privacy solutions that help teams effectively measure, address, and prevent data leakage, ensuring the responsible deployment and use of LLMs while protecting sensitive information.
We also offer a range of AI privacy and security solutions to help you build trustworthy and responsible AI systems. To learn more about Dynamo AI and to explore our privacy and security offerings, request a demo today.
", "url": "https://rnikhil.com/2024/09/22/differential-privacy-llm", "date_published": "2024-09-22T00:00:00+00:00", "date_modified": "2024-09-22T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/08/30/llm-eval-pii-membership-inference", "title": "Integrating Explainable LLM Data Leakage Testing into your CI/CD Pipeline", "summary": null, "content_text": "This post was cowritten by me and was originally published on Dynamo AI’s blog.Generative AI (GenAI) introduces new challenges in data privacy, including the potential risk of large language models (LLMs) memorizing and leaking personally identifiable information (PII) or copyrighted data in training datasets. Although this technology is still emerging, enterprises using or deploying GenAI still need to meet the existing laws and regulations on data privacy.Research in machine learning has long highlighted privacy vulnerabilities associated with model training, such as data leakage in LLMs. These vulnerabilities can lead to significant compliance, financial, and reputational consequences. Regulators stress the importance of using explainable red-teaming techniques and implementing effective controls to manage these risks.DynamoEval’s privacy testing suite goes beyond simple PII detection. It generates reports detailing the conditions that make applications susceptible to data leakage. This post will show how to integrate DynamoEval’s tests into a CI/CD pipeline with DynamoEnhance, facilitating rapid deployment and testing of compensating controls and risk mitigation strategies like differential privacy.At Dynamo AI, we lead in privacy research, quickly integrating the latest techniques into DynamoEval. Our tool red-teams models for vulnerabilities, employing attacks such as Membership Inference, PII Extraction, and Data Extraction. It also provides automated reports, dashboards, and detailed analyses to identify and address these risks.Below, we explore how DynamoEval uses explainable testing to address PII extraction and membership inference vulnerabilities in LLMs. This walkthrough includes simulating a privacy attack as described by Lukas et al. from Microsoft Research, demonstrating how enterprises can enhance data privacy in their machine learning applications.Evaluating model vulnerability to PII extraction and membership inferencePII extraction attacks and membership Inference attacks are two types of privacy attacks that can expose sensitive information in machine learning models. We demonstrate how to evaluate models against these attacks and interpret the results. In a PII extraction attack setting, an adversary attempts to extract sensitive pieces of information (e.g., names, addresses, phone numbers) that the model might have memorized during fine-tuning or training. In a membership inference attack setting, the adversary tries to infer whether or not an already-known data point was used for training.With DynamoEval, we evaluate our models against these attacks by simulating an adversary with access to the model and a set of data records. DynamoEval runs multiple iterations of an attack using different splits of the data and hyperparameter settings. We then provide detailed metrics, like ROC curves, AUC scores, PII extraction, Precision, and Recall to quantify the model’s vulnerability to these attacks.Evaluating PII extraction attacksA PII extraction attack assesses the risk of PII being extracted by attackers who have various levels of knowledge about the training dataset. This attack involves prompting the model with a series of inputs and analyzing whether PII is present in the model’s outputs.During a PII extraction attack, three key metrics are reported: PII Extracted: The number of PII successfully extracted from the model responses Recall: The percentage of actual PII that was successfully extracted (out of the training dataset) Precision: The proportion of identified PII instances that are true positivesMembership inference attacksThe goal of a membership inference attack is to determine whether specific data records can be inferred as part of the model’s training dataset. It is conducted by simulating an attacker with access to the model and a dataset, with some records being part of the training data.We simulate the attacker building a classifier that predicts whether a data record was part of the training dataset. The performance of this classifier indicates how much information about the training data is exposed, revealing its susceptibility to membership inference attacks. True positive rate (TPR): In this attack, the true positive rate (TPR) represents the percentage of data records correctly predicted to be members of the training dataset. We evaluate the TPR at various low false positive rates (FPRs) to determine the attacker’s success in high-confidence scenarios. ROC-AUC: In this attack, the Receiver Operating Characteristic (ROC) curve can also be used to to define vulnerability, which demonstrates the performance of the attack as a tradeoff between the TPR and FPR at various thresholds. We can then use the Area Under the ROC Curve (AUC) to measure the aggregate performance across all thresholds. Recent research also suggests evaluating the attack’s TPR in the low FPR regime (the three percentages shown at the top) to characterize whether the attack can confidently identify members of the training set.DynamoEval UI walkthroughIn this section, we provide a step-by-step guide to using the DynamoEval product:1. Curate a train/test datasetFirst, select the training and test datasets for evaluating the model’s privacy vulnerabilities. Specify which column contains the text data. Datasets are uploaded in CSV format.For PII extraction and membership inference attacks, this dataset is usually the one used for fine-tuning the model.2. Upload model and dataset to Dynamo AIUpload both your trained model and the dataset to the Dynamo AI platform. Make sure to specify any relevant files, such as LoRA adapter configurations, if applicable.3. Choose testsSelect the specific attack you want to run, such as PII Extraction or Membership Inference. The screenshot below displays the range of privacy attacks available on our platform.4. Analyze resultsAfter the tests are complete, we analyze the results to understand the model’s vulnerability to the attacks.In the ROC curve example below, the straight, gray line where X = Y indicates a random guessing baseline. The AUC is a measure of the performance of a binary classifier, ranging from 0 to 1. An AUC of 1.0 indicates perfect classification, while an AUC of 0.5 would indicate random guessing.In this case, the AUC is 0.77, revealing that the attacker was able to differentiate between members and non-members of the dataset with a high success rate.Below, the FPR represents the percentage of records falsely identified as being members of the training dataset, and the TPR represents the percentage of records correctly identified as being members of the training dataset.We provide three different TPR rates for clarity. You can also review the prompts and responses used in the attack in our deep dive section. Additionally, any PII extracted from the model during the attack is tagged and included in the response.We can also review the loss distribution plots to gain insights into the model’s behavior on both training and testing data. Research shows that a high degree of separation in these distributions suggests the model is less generalized and more vulnerable to membership inference and data leakage.5. Generate test reportsAfter the tests are completed, we generate PDF reports that provide detailed information on the attack methodology, results, and recommendations for improving the models.DynamoEval SDK walkthrough1. InitiationStart by installing the public Dynamo AI SDK. import the required libraries and specify the required environment variables. Create a Dynamo AI instance using your API token and host.If you do not have an API token, log into app.dynamofl.com with your credentials to generate one. This API token will enable you to programmatically connect to the DynamoFL server, create projects, and evaluate models. (Note that if you generate multiple API tokens, only your most recent one will be valid.)from dynamofl import DynamoFL, GPUConfig, GPUTypeAPI_KEY = \"\" # Add your API key hereAPI_HOST = \"https://api.dynamofl.com\" # DFL or custom API host heredfl = DynamoFL(API_KEY, host=API_HOST)2. Create a model and dataset objectNext, create a local model object. This object specifies the model on which privacy tests will be run using the ‘create_test’ method. Dynamo AI currently supports two types of model objects: local models and remote model API endpoints. In this example, we will focus on local models.A local model object can be used to upload a custom model and run penetration tests. Creating a local model object requires specifying the model file path and architecture. Currently, Dynamo AI supports penetration testing on uploaded models with ‘.pt’ and ‘.bin’ file formats. (Please confirm that your provided model file fits this formatting.) For model architectures, provide any valid HuggingFaceHub model id.In this example, we use a local model that has been fine-tuned using Low-Rank Adaptation (LoRA). LoRA is a technique that “freezes” the majority of parameters in a pre-trained LLM, while fine-tuning a small subset of additional parameters. This reduces training time, compute usage, and storage costs.When working with a model fine-tuned with LoRA or parameter-efficient fine-tuning (PEFT), you must also provide the file path to the PEFT adapter configuration.To run a privacy evaluation test, specify the dataset used for fine-tuning the model. Create a dataset object by providing the dataset file path and assign it a unique key and identifying name.model_path_dir = \"<path_to_your_trained_model_file>\"# using a PEFT LoRA adapter for a lightweight model uploadmodel_file_path = os.path.join(model_path_dir, \"adapter_model.bin\")peft_config_path = os.path.join(model_path_dir, \"adapter_config.json\")model_architecture = \"dynamofl-sandbox/sheared-llama-1b3\"# Creating a local model referring to a fine-tuned LLaMA 1.3Bmodel = dfl.create_model( name=\"Sheared LLama DP\", model_file_path=model_file_path, architecture=model_architecture, peft_config_path=peft_config_path, architecture_hf_token=\"hf_***\",)print(f\"Model successfully uploaded with key {model.key}.\")# Upload datasetdataset = dfl.create_dataset( key=\"dataset_pii_extraction\", file_path=\"<path_to_your_training_dataset_file>\", name=\"Finetuning Dataset\")# dataset idprint(f\"Dataset successfully uploaded with key {dataset.key}.\")3. Test parametersWhen configuring a test, you can configure various parameters to customize the test to your needs. Key parameters include: The column name from the dataset to create prompts The types of PII to detect for leakage The model temperature for running testsThese test configuration parameters should be provided to the create_pii_extraction_test method. Additionally, it’s required to provide the dataset column names in the test parameters when creating a test.PII classes and entitiesWhen configuring a PII extraction or inference attack, one of the most important hyperparameters is the pii_classes parameter. This parameter defines which types of PII the extraction attack will target.In addition to the predefined PII classes, you can also detect leakage for custom-defined regex entities. To do this, define a dictionary mapping entity names to the valid Python regex expression in the regex_expressions parameter.pii_entities = [\"PERSON\", \"DATE_TIME\", \"ORGANIZATION\", \"EMAIL_ADDRESS\"]regex_expressions = { \"USERNAME\": r\"([a-zA-Z]+_[a-zA-Z0-9]+)\",}test_info = dfl.create_pii_extraction_test( name=\"privacy_test_pii_extraction\", model_key=model.key, # previously created model identifier key dataset_id=dataset._id, # previously created dataset id pii_ref_column=\"text\", # column name containing text to be evaluated gpu=GPUConfig(gpu_type=GPUType.V100, gpu_count=1), # default GPU parameters sampling_rate=1024, pii_classes=pii_entities, regex_expressions=regex_expressions, grid=[{ \"temperature\": [0.5, 1.0, 1.5] }], # test configurations)attack_info = dfl.get_attack_info(attack_id)print(\"Attack status: {}.\".format(attack_info))4. Run the testTo run a membership inference privacy evaluation test, call the create_membership_inference_test method. This will submit the test to your cloud machine-learning platform, where it will be run.Dynamo AI currently has four types of privacy tests to assess whether a fine-tuned model has memorized data from the training set. PII Extraction: Checks if PII can be extracted by prompting the model naively, simulating an attacker with no knowledge of the training dataset PII Inference: Tests whether a model can re-fill PII into sentences from a fine-tuned dataset, where PII has been redacted, assuming an attacker with knowledge of the concepts and potential PII in the dataset Data Extraction: Evaluates whether the model can be prompted to reveal training data verbatim in its responses Membership Inference: Determines whether specific data records can be identified as part of the model’s training datasetAfter creating your tests, go to the model dashboard page in the Dynamo AI UI. You will see that your model and dataset have been created and your test is running.Once the test is complete, a report file will be generated which you can download for a detailed analysis of the results.# Upload datasetdataset_mia = dfl.create_dataset( key=\"dataset_mia\", file_path=\"<path_to_your_training_dataset_file>\", test_file_path=\"<path_to_your_test_dataset_file>\", name=\"Finetuning Dataset\")# dataset idprint(f\"Dataset successfully uploaded with key {dataset_mia.key}.\")test_info_mia = dfl.create_membership_inference_test( name=\"privacy_test_mia\", model_key=model.key, # previously created model identifier key dataset_id=dataset_mia._id, # previously created dataset id input_column=\"text\", gpu=GPUConfig(gpu_type=GPUType.A10G, gpu_count=1), # another GPU configuration pii_classes=pii_entities, regex_expressions=regex_expressions, base_model=model_args.model_name_or_path,)Integrating DynamoEval into your CI/CD pipelinesEnsuring data privacy and security in machine learning models is critical, and real-time monitoring plays an important role in the process.By integrating DynamoEval into your development and deployment process, you can conduct comprehensive testing for privacy and security vulnerabilities.Integration areas: Post-training checks: Incorporating DynamoEval in your post-training checks allows you to scan models after training or fine-tuning to detect any privacy leaks or compliance issues that may have arisen during the training phase. Scans in CI/CD pipeline: Automate DynamoEval scans within your CI/CD pipeline to include them in the release phase, ensuring that models are evaluated for vulnerabilities before they are staged for deployment. Final privacy check: Conduct a final privacy check during the deployment phase to safeguard against deploying models with vulnerabilities.Making DynamoEval scans a routine part of the CI/CD pipelines enables you to proactively safeguard your models against privacy risks, ensuring trust and compliance throughout your operations.Actionable insights and mitigation strategiesDynamoEval not only identifies potential privacy vulnerabilities, it also provides actionable insights to mitigate these risks. Based on the evaluation results, the platform offers recommendations for improving the model’s privacy protection.For instance, given the AUC score of 0.77 in our example, which indicates a significant vulnerability to membership inference attacks, the next step would be to remediate this risk. Implementing techniques such as differential privacy during model training can effectively reduc this vulnerability. Our evaluation shows that applying differential private effectively lowers the AUC, underscoring its effectiveness in improving privacy protection.In addition, employing non-aggressive PII scrubbing techniques that preserve data relationships and uniqueness while minimizing leakage risk can further strengthen privacy protection efforts.Finally, leveraging DynamoGuard, our privacy guardrail product, can provide additional security by detecting and redacting PII in real time. Combining both model-level and infrastructure-level privacy measures can substantially enhance the overall privacy posture of machine learning applications.As LLMs become more powerful and prevalent, the risk of exposing sensitive information from training datasets increases. With Dynamo AI’s comprehensive privacy solutions, teams can effectively measure, address, and prevent data leakage, ensuring the responsible deployment and use of LLMs while protecting sensitive information.Learn more about Dynamo AI and our AI privacy and security solutions by scheduling a demo.", "content_html": "This post was cowritten by me and was originally published on Dynamo AI’s blog.
![](\"/assets/files/piimain.png\")
Generative AI (GenAI) introduces new challenges in data privacy, including the potential risk of large language models (LLMs) memorizing and leaking personally identifiable information (PII) or copyrighted data in training datasets. Although this technology is still emerging, enterprises using or deploying GenAI still need to meet the existing laws and regulations on data privacy.
Research in machine learning has long highlighted privacy vulnerabilities associated with model training, such as data leakage in LLMs. These vulnerabilities can lead to significant compliance, financial, and reputational consequences. Regulators stress the importance of using explainable red-teaming techniques and implementing effective controls to manage these risks.
DynamoEval’s privacy testing suite goes beyond simple PII detection. It generates reports detailing the conditions that make applications susceptible to data leakage. This post will show how to integrate DynamoEval’s tests into a CI/CD pipeline with DynamoEnhance, facilitating rapid deployment and testing of compensating controls and risk mitigation strategies like differential privacy.
At Dynamo AI, we lead in privacy research, quickly integrating the latest techniques into DynamoEval. Our tool red-teams models for vulnerabilities, employing attacks such as Membership Inference, PII Extraction, and Data Extraction. It also provides automated reports, dashboards, and detailed analyses to identify and address these risks.
Below, we explore how DynamoEval uses explainable testing to address PII extraction and membership inference vulnerabilities in LLMs. This walkthrough includes simulating a privacy attack as described by Lukas et al. from Microsoft Research, demonstrating how enterprises can enhance data privacy in their machine learning applications.
PII extraction attacks and membership Inference attacks are two types of privacy attacks that can expose sensitive information in machine learning models. We demonstrate how to evaluate models against these attacks and interpret the results.
With DynamoEval, we evaluate our models against these attacks by simulating an adversary with access to the model and a set of data records. DynamoEval runs multiple iterations of an attack using different splits of the data and hyperparameter settings. We then provide detailed metrics, like ROC curves, AUC scores, PII extraction, Precision, and Recall to quantify the model’s vulnerability to these attacks.
A PII extraction attack assesses the risk of PII being extracted by attackers who have various levels of knowledge about the training dataset. This attack involves prompting the model with a series of inputs and analyzing whether PII is present in the model’s outputs.
During a PII extraction attack, three key metrics are reported:
![](\"/assets/files/piiextract.png\")
The goal of a membership inference attack is to determine whether specific data records can be inferred as part of the model’s training dataset. It is conducted by simulating an attacker with access to the model and a dataset, with some records being part of the training data.
We simulate the attacker building a classifier that predicts whether a data record was part of the training dataset. The performance of this classifier indicates how much information about the training data is exposed, revealing its susceptibility to membership inference attacks.
![](\"/assets/files/meminf.png\")
In this section, we provide a step-by-step guide to using the DynamoEval product:
First, select the training and test datasets for evaluating the model’s privacy vulnerabilities. Specify which column contains the text data. Datasets are uploaded in CSV format.
For PII extraction and membership inference attacks, this dataset is usually the one used for fine-tuning the model.
Upload both your trained model and the dataset to the Dynamo AI platform. Make sure to specify any relevant files, such as LoRA adapter configurations, if applicable.
![](\"/assets/files/upload.png\")
Select the specific attack you want to run, such as PII Extraction or Membership Inference. The screenshot below displays the range of privacy attacks available on our platform.
![](\"/assets/files/testcat.png\")
After the tests are complete, we analyze the results to understand the model’s vulnerability to the attacks.
In the ROC curve example below, the straight, gray line where X = Y indicates a random guessing baseline. The AUC is a measure of the performance of a binary classifier, ranging from 0 to 1. An AUC of 1.0 indicates perfect classification, while an AUC of 0.5 would indicate random guessing.
In this case, the AUC is 0.77, revealing that the attacker was able to differentiate between members and non-members of the dataset with a high success rate.
![](\"/assets/files/miipii.png\")
Below, the FPR represents the percentage of records falsely identified as being members of the training dataset, and the TPR represents the percentage of records correctly identified as being members of the training dataset.
We provide three different TPR rates for clarity. You can also review the prompts and responses used in the attack in our deep dive section. Additionally, any PII extracted from the model during the attack is tagged and included in the response.
![](\"/assets/files/deepdive.png\")
We can also review the loss distribution plots to gain insights into the model’s behavior on both training and testing data. Research shows that a high degree of separation in these distributions suggests the model is less generalized and more vulnerable to membership inference and data leakage.
![](\"/assets/files/plotmii.png\")
After the tests are completed, we generate PDF reports that provide detailed information on the attack methodology, results, and recommendations for improving the models.
![](\"/assets/files/testreport.png\")
Start by installing the public Dynamo AI SDK. import the required libraries and specify the required environment variables. Create a Dynamo AI instance using your API token and host.
If you do not have an API token, log into app.dynamofl.com with your credentials to generate one. This API token will enable you to programmatically connect to the DynamoFL server, create projects, and evaluate models. (Note that if you generate multiple API tokens, only your most recent one will be valid.)
from dynamofl import DynamoFL, GPUConfig, GPUTypeAPI_KEY = \"\" # Add your API key hereAPI_HOST = \"https://api.dynamofl.com\" # DFL or custom API host heredfl = DynamoFL(API_KEY, host=API_HOST)Next, create a local model object. This object specifies the model on which privacy tests will be run using the ‘create_test’ method. Dynamo AI currently supports two types of model objects: local models and remote model API endpoints. In this example, we will focus on local models.
A local model object can be used to upload a custom model and run penetration tests. Creating a local model object requires specifying the model file path and architecture. Currently, Dynamo AI supports penetration testing on uploaded models with ‘.pt’ and ‘.bin’ file formats. (Please confirm that your provided model file fits this formatting.) For model architectures, provide any valid HuggingFaceHub model id.
In this example, we use a local model that has been fine-tuned using Low-Rank Adaptation (LoRA). LoRA is a technique that “freezes” the majority of parameters in a pre-trained LLM, while fine-tuning a small subset of additional parameters. This reduces training time, compute usage, and storage costs.
When working with a model fine-tuned with LoRA or parameter-efficient fine-tuning (PEFT), you must also provide the file path to the PEFT adapter configuration.
To run a privacy evaluation test, specify the dataset used for fine-tuning the model. Create a dataset object by providing the dataset file path and assign it a unique key and identifying name.
model_path_dir = \"<path_to_your_trained_model_file>\"# using a PEFT LoRA adapter for a lightweight model uploadmodel_file_path = os.path.join(model_path_dir, \"adapter_model.bin\")peft_config_path = os.path.join(model_path_dir, \"adapter_config.json\")model_architecture = \"dynamofl-sandbox/sheared-llama-1b3\"# Creating a local model referring to a fine-tuned LLaMA 1.3Bmodel = dfl.create_model( name=\"Sheared LLama DP\", model_file_path=model_file_path, architecture=model_architecture, peft_config_path=peft_config_path, architecture_hf_token=\"hf_***\",)print(f\"Model successfully uploaded with key {model.key}.\")# Upload datasetdataset = dfl.create_dataset( key=\"dataset_pii_extraction\", file_path=\"<path_to_your_training_dataset_file>\", name=\"Finetuning Dataset\")# dataset idprint(f\"Dataset successfully uploaded with key {dataset.key}.\")When configuring a test, you can configure various parameters to customize the test to your needs. Key parameters include:
These test configuration parameters should be provided to the create_pii_extraction_test method. Additionally, it’s required to provide the dataset column names in the test parameters when creating a test.
When configuring a PII extraction or inference attack, one of the most important hyperparameters is the pii_classes parameter. This parameter defines which types of PII the extraction attack will target.
In addition to the predefined PII classes, you can also detect leakage for custom-defined regex entities. To do this, define a dictionary mapping entity names to the valid Python regex expression in the regex_expressions parameter.
pii_entities = [\"PERSON\", \"DATE_TIME\", \"ORGANIZATION\", \"EMAIL_ADDRESS\"]regex_expressions = { \"USERNAME\": r\"([a-zA-Z]+_[a-zA-Z0-9]+)\",}test_info = dfl.create_pii_extraction_test( name=\"privacy_test_pii_extraction\", model_key=model.key, # previously created model identifier key dataset_id=dataset._id, # previously created dataset id pii_ref_column=\"text\", # column name containing text to be evaluated gpu=GPUConfig(gpu_type=GPUType.V100, gpu_count=1), # default GPU parameters sampling_rate=1024, pii_classes=pii_entities, regex_expressions=regex_expressions, grid=[{ \"temperature\": [0.5, 1.0, 1.5] }], # test configurations)attack_info = dfl.get_attack_info(attack_id)print(\"Attack status: {}.\".format(attack_info))To run a membership inference privacy evaluation test, call the create_membership_inference_test method. This will submit the test to your cloud machine-learning platform, where it will be run.
Dynamo AI currently has four types of privacy tests to assess whether a fine-tuned model has memorized data from the training set.
After creating your tests, go to the model dashboard page in the Dynamo AI UI. You will see that your model and dataset have been created and your test is running.
Once the test is complete, a report file will be generated which you can download for a detailed analysis of the results.
# Upload datasetdataset_mia = dfl.create_dataset( key=\"dataset_mia\", file_path=\"<path_to_your_training_dataset_file>\", test_file_path=\"<path_to_your_test_dataset_file>\", name=\"Finetuning Dataset\")# dataset idprint(f\"Dataset successfully uploaded with key {dataset_mia.key}.\")test_info_mia = dfl.create_membership_inference_test( name=\"privacy_test_mia\", model_key=model.key, # previously created model identifier key dataset_id=dataset_mia._id, # previously created dataset id input_column=\"text\", gpu=GPUConfig(gpu_type=GPUType.A10G, gpu_count=1), # another GPU configuration pii_classes=pii_entities, regex_expressions=regex_expressions, base_model=model_args.model_name_or_path,)Ensuring data privacy and security in machine learning models is critical, and real-time monitoring plays an important role in the process.
By integrating DynamoEval into your development and deployment process, you can conduct comprehensive testing for privacy and security vulnerabilities.
Integration areas:
Making DynamoEval scans a routine part of the CI/CD pipelines enables you to proactively safeguard your models against privacy risks, ensuring trust and compliance throughout your operations.
DynamoEval not only identifies potential privacy vulnerabilities, it also provides actionable insights to mitigate these risks. Based on the evaluation results, the platform offers recommendations for improving the model’s privacy protection.
For instance, given the AUC score of 0.77 in our example, which indicates a significant vulnerability to membership inference attacks, the next step would be to remediate this risk. Implementing techniques such as differential privacy during model training can effectively reduc this vulnerability. Our evaluation shows that applying differential private effectively lowers the AUC, underscoring its effectiveness in improving privacy protection.
In addition, employing non-aggressive PII scrubbing techniques that preserve data relationships and uniqueness while minimizing leakage risk can further strengthen privacy protection efforts.
Finally, leveraging DynamoGuard, our privacy guardrail product, can provide additional security by detecting and redacting PII in real time. Combining both model-level and infrastructure-level privacy measures can substantially enhance the overall privacy posture of machine learning applications.
As LLMs become more powerful and prevalent, the risk of exposing sensitive information from training datasets increases. With Dynamo AI’s comprehensive privacy solutions, teams can effectively measure, address, and prevent data leakage, ensuring the responsible deployment and use of LLMs while protecting sensitive information.
Learn more about Dynamo AI and our AI privacy and security solutions by scheduling a demo.
", "url": "https://rnikhil.com/2024/08/30/llm-eval-pii-membership-inference", "date_published": "2024-08-30T00:00:00+00:00", "date_modified": "2024-08-30T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/07/31/data-leakage-llm-eval", "title": "Testing LLMs for Data Leakage Vulnerabilities", "summary": null, "content_text": "This post was cowritten by me and was originally published on Dynamo AI’s blog.Recent studies highlight a critical issue: large language models (LLMs) can memorize and reproduce text verbatim from their training data when prompted.This raises significant privacy risks and legal liabilities, especially if the training data contains sensitive, copyrighted, or personally identifiable information (PII). Real-world cases of commercial AI systems generating copyrighted or non-distributable data have already resulted in legal action.As AI model providers address data extraction vulnerabilities (likes the ones publicly identified by DeepMind), enterprises need to be aware of continuously patching these issues as new threats arise.Many enterprises are concerned about productionizing AI systems trained on a large, undisclosed datasets that might generate copyrighted or sensitive content. While the legal implications are still open for debate, enterprises often reference recent regulatory statements.For instance, the White House Executive Order has tasked the US Copyright Office to “issue recommendations to the President on potential executive actions relating to copyright and A Similarly, others refer to the FTC warning that “training an AI tool on protected expression without the creator’s consent” could result in an AI system that “exploits a creator’s reputation” and “reveals private information” that causes “substantial injury to customers”.Given these regulatory concerns, it’s crucial for organizations to assess whether their language models are at risk of leaking sensitive or protected data.Addressing emerging risks in language modelsOver the past year, the Dynamo AI team has collaborated closely with customers to enhance our privacy suite, focusing on data extraction attacks. We’re excited to share how our testing has helped organizations identify and mitigate potential data leakage vulnerabilities before their AI systems go live.Key features and benefits: Compatibility: Supports all major open-source and commercial language models (e.g., OpenAI, Azure, Bedrock) Advanced techniques: Supports cutting edge attack techniques and metrics from state of the art literature Defense strategies: Offers recommendations for mitigating data extraction risks, including privacy-preserving training techniques, guardrails, and guidance on model selection Customization: Can be tailored to work with any training datasetThe figure below illustrates a real-world example of a data leakage attack using a paragraph from the novel Harry Potter and the Sorcerer’s Stone. We input the first 22 words of the paragraph (the prefix) into the Llama 2 13B language model, and ask it to complete the paragraph. The model is able to generate 40 words that match the original text (highlighted in red), which suggests that it has seen this paragraph in its training corpus.Evaluating data extraction attacks on AI modelsThe data extraction attack simulates an attacker’s attempt to determine if a document corpus was included in a model’s pre-training or fine-tuning dataset. We use a suite of proprietary prompting strategies to uncover text that may have been memorized by the model.For example, one basic test we perform involves DynamoEval prompting the AI system with the first few words from a protected paragraph in the training dataset. We then analyze whether the model’s completion matches the original text.To identify if the generated text is “memorized,” we use a set of similarity thresholds, including trigram memorization, exact starting word memorization, and overlapping words memorization. This approach assumes the adversary has black-box access to the model, allowing them to observe the generated text in response to specific prompts.Running data extraction tests on the Dynamo AI platformYou can easily run a data extraction attack using either our SDK or the Dynamo AI dashboard. The figure below illustrates how to run a test using the SDK.dfl = DynamoFL(DYNAMOFL_API_KEY, host=DYNAMOFL_HOST)test = dfl.data_extraction_test( name = \"Data Extraction - Llama 2 - Harry Potter\", model_key = model.key, dataset_id = dataset.id, gpu = GPUConfig(gpu_type = GPUType.V100, gpu_count = 1), memorization_granularity = \"paragraph\", sampling_rate = 1000, grid = [ { 'prompt_length': [256, 512], 'temperature': [0, 0.5, 0.7, 1.0] } ]) name: name of the test model_key: model key for the generator model tested datsaet_id: dataset id containing the reference text which has to be extracted gpu: type and number of GPU(s) to be used for the test memorization_granularity: Granularity of memorization (Ex: paragraph, sentence) grid: a set of test hyperparameters to be searched (model’s temperature, prompt length) sampling_rate: Number of times the model will be queried during the attackEffective mitigation measures for data leakageTo help organizations defend against data extraction attacks, Dynamo AI provides tools and guidance for implementing the following countermeasures: Guardrails (fine-tuning and pre-training): Implement guardrails to prevent language models from fulfilling data extraction requests. These guardrails serve as a first line of defense by blocking attempts to retrieve sensitive memorized data. Our AI guardrail, DynamoGuard, is specifically designed to protect against these attacks. Privacy-mitigation techniques (fine-tuning): Apply techniques, such as differential privacy and deduplication, during fine-tuning. Differential privacy introduces noise to the training data, making it harder to extract specific data points. Deduplication removes exact copies of sensitive data from the training set, reducing the risk of memorization. DynamoEnhance, our fine-tuning SDK, implements these methods. Smaller models (fine-tuning): Research shows that smaller models are less likely to memorize their training data verbatim. Use DynamoEval to identify the optimal model size by iteratively fine-tuning with different sizes to balance performance and privacy.As LLMs become increasingly powerful and widely adopted, the risk of exposing sensitive information from training datasets also rises. To address this challenge, Dynamo AI offers a comprehensive suite of privacy solutions, including simulations for data extraction attacks, PII extraction, PII inference, and membership inference. These tools enable teams to effectively measure, address, and prevent data leakage, supporting the responsible deployment of LLMs.We also offer a range of AI privacy and security solutions tailored to build trustworthy and responsible AI systems. For more information about how Dynamo AI can help you evaluate and improve your RAG models, or to explore our AI privacy and security offerings, please reach out to us to schedule a demo.", "content_html": "This post was cowritten by me and was originally published on Dynamo AI’s blog.
![](\"/assets/files/dataleak1.png\")
Recent studies highlight a critical issue: large language models (LLMs) can memorize and reproduce text verbatim from their training data when prompted.
This raises significant privacy risks and legal liabilities, especially if the training data contains sensitive, copyrighted, or personally identifiable information (PII). Real-world cases of commercial AI systems generating copyrighted or non-distributable data have already resulted in legal action.
As AI model providers address data extraction vulnerabilities (likes the ones publicly identified by DeepMind), enterprises need to be aware of continuously patching these issues as new threats arise.
Many enterprises are concerned about productionizing AI systems trained on a large, undisclosed datasets that might generate copyrighted or sensitive content. While the legal implications are still open for debate, enterprises often reference recent regulatory statements.
For instance, the White House Executive Order has tasked the US Copyright Office to “issue recommendations to the President on potential executive actions relating to copyright and A Similarly, others refer to the FTC warning that “training an AI tool on protected expression without the creator’s consent” could result in an AI system that “exploits a creator’s reputation” and “reveals private information” that causes “substantial injury to customers”.
Given these regulatory concerns, it’s crucial for organizations to assess whether their language models are at risk of leaking sensitive or protected data.
Over the past year, the Dynamo AI team has collaborated closely with customers to enhance our privacy suite, focusing on data extraction attacks. We’re excited to share how our testing has helped organizations identify and mitigate potential data leakage vulnerabilities before their AI systems go live.
Key features and benefits:
The figure below illustrates a real-world example of a data leakage attack using a paragraph from the novel Harry Potter and the Sorcerer’s Stone. We input the first 22 words of the paragraph (the prefix) into the Llama 2 13B language model, and ask it to complete the paragraph. The model is able to generate 40 words that match the original text (highlighted in red), which suggests that it has seen this paragraph in its training corpus.
![](\"/assets/files/dataleak2.png\")
The data extraction attack simulates an attacker’s attempt to determine if a document corpus was included in a model’s pre-training or fine-tuning dataset. We use a suite of proprietary prompting strategies to uncover text that may have been memorized by the model.
For example, one basic test we perform involves DynamoEval prompting the AI system with the first few words from a protected paragraph in the training dataset. We then analyze whether the model’s completion matches the original text.
To identify if the generated text is “memorized,” we use a set of similarity thresholds, including trigram memorization, exact starting word memorization, and overlapping words memorization. This approach assumes the adversary has black-box access to the model, allowing them to observe the generated text in response to specific prompts.
![](\"/assets/files/dataleak3.png\")
You can easily run a data extraction attack using either our SDK or the Dynamo AI dashboard. The figure below illustrates how to run a test using the SDK.
dfl = DynamoFL(DYNAMOFL_API_KEY, host=DYNAMOFL_HOST)test = dfl.data_extraction_test( name = \"Data Extraction - Llama 2 - Harry Potter\", model_key = model.key, dataset_id = dataset.id, gpu = GPUConfig(gpu_type = GPUType.V100, gpu_count = 1), memorization_granularity = \"paragraph\", sampling_rate = 1000, grid = [ { 'prompt_length': [256, 512], 'temperature': [0, 0.5, 0.7, 1.0] } ])name: name of the testmodel_key: model key for the generator model testeddatsaet_id: dataset id containing the reference text which has to be extractedgpu: type and number of GPU(s) to be used for the testmemorization_granularity: Granularity of memorization (Ex: paragraph, sentence)grid: a set of test hyperparameters to be searched (model’s temperature, prompt length)sampling_rate: Number of times the model will be queried during the attackTo help organizations defend against data extraction attacks, Dynamo AI provides tools and guidance for implementing the following countermeasures:
As LLMs become increasingly powerful and widely adopted, the risk of exposing sensitive information from training datasets also rises. To address this challenge, Dynamo AI offers a comprehensive suite of privacy solutions, including simulations for data extraction attacks, PII extraction, PII inference, and membership inference. These tools enable teams to effectively measure, address, and prevent data leakage, supporting the responsible deployment of LLMs.
We also offer a range of AI privacy and security solutions tailored to build trustworthy and responsible AI systems. For more information about how Dynamo AI can help you evaluate and improve your RAG models, or to explore our AI privacy and security offerings, please reach out to us to schedule a demo.
", "url": "https://rnikhil.com/2024/07/31/data-leakage-llm-eval", "date_published": "2024-07-31T00:00:00+00:00", "date_modified": "2024-07-31T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2024/01/07/why-i-write", "title": "Why do I write?", "summary": null, "content_text": "Over the last week, 4-5 folks have asked me why I write or why do I maintain this blog? This post attempts to answer the question and helps not having to repeat – a nice bonus!. It’s very important to write well than most people realize. Writing doesn’t just communicate ideas; it generates them. If you’re bad at writing and don’t like to do it, you’ll miss out on most of the ideas writing would have generated. [1] I publish it online because an audience makes you write more and therefore generate more ideas. The best post on this site according to me is “Bundling <> Gaming?”. The idea behind that post was brewing in my head for a couple months but it took serious sitting down at a keyboard to put them into words. Even after pondering over it for a while, 80% of the ideas in that post happened after I started writing it. While talking about your ideas is a good way to develop them, you will almost always discover new things when you sit down to write. Putting ideas into words is a severe test [2] A lot of my posts are just personal notes slightly face lifted with some diagrams for publication. It doesn’t cost me a lot of time and maintaining this blog is a way to ensure I don’t lose them when I inevitably switch computers or note taking apps. I really regret not writing as much back in 2015-2020 and I genuinely wish I wrote more when I was learning about computer security. Sometimes, I write about my experiences which are unique and could be certainly useful to people who are in a similar situation in their life. My most popular blog post “Being a poker pro in India” which got about 180k views was written entirely on a whim while waiting for my flight on a late Sunday night. I got a bunch of inbound saying that the post was insightful. Useful writing tells people something true and important that they didn’t already know, and tells them as unequivocally as possible. Any insight I may have will probably have already been had by at least one of the world’s 7.5 billion people. But it’s sufficient if an idea is novel to a lot of readers. Sometimes, I write because I want to voice my opinion on a particular topic. My post on online privacy and tornado cash sparked a ton of new discussion on a lot of forums. I unquestionably care about those topics and this blog is a way for me to speak up and add my two cents. You do a lot of research when you write a post. Writing in a way forces structure into my research and I learn a lot more about a topic when I write about it than just reading couple articles and papers. For example, I have been teaching myself LLM security for the last 6 months. However, when I decided to start writing about them, it forced me to do a ton of new research and I learnt a lot of new stuff along the way. And finally, here is one of my comment on HN about 7 months ago on writing. Its a thread about the British art critic David Sylvester", "content_html": "Over the last week, 4-5 folks have asked me why I write or why do I maintain this blog? This post attempts to answer the question and helps not having to repeat – a nice bonus!.
It’s very important to write well than most people realize. Writing doesn’t just communicate ideas; it generates them. If you’re bad at writing and don’t like to do it, you’ll miss out on most of the ideas writing would have generated. [1] I publish it online because an audience makes you write more and therefore generate more ideas.
A lot of my posts are just personal notes slightly face lifted with some diagrams for publication. It doesn’t cost me a lot of time and maintaining this blog is a way to ensure I don’t lose them when I inevitably switch computers or note taking apps. I really regret not writing as much back in 2015-2020 and I genuinely wish I wrote more when I was learning about computer security.
Sometimes, I write because I want to voice my opinion on a particular topic. My post on online privacy and tornado cash sparked a ton of new discussion on a lot of forums. I unquestionably care about those topics and this blog is a way for me to speak up and add my two cents.
You do a lot of research when you write a post. Writing in a way forces structure into my research and I learn a lot more about a topic when I write about it than just reading couple articles and papers. For example, I have been teaching myself LLM security for the last 6 months. However, when I decided to start writing about them, it forced me to do a ton of new research and I learnt a lot of new stuff along the way.
![](\"/assets/files/hnquote.png\")
With all the hype surrounding machine learning whether its with self driving cars or LLMs, there is a big elephant in the room which not a lot of people are talking about. Its not the danger of ChatGPT taking your jobs or deepfakes or the singularity. Its instead about how neural networks can be attacked. This blog post is my attempt to throw some light on the topic. By the end of the post, you would have understood that neural network attacks are not just limited to adversarial examples and that they are just as susceptible to attacks like other systems. If you are deploying machine learning systems in production, I think its worth paying attention to this topic.
The first thing that pops into your mind when you think of attacking neural networks is adversarial examples. On a high level, it involves adding a tiny bit of calculated noise to your input which causes your neural network to misbehave. Adversarial attacks are inputs that trigger the model to output something undesired. Much early literature focused on classification tasks, while recent effort have started to investigate the outputs of generative models. Prompt injection for example specifically targets language models by carefully crafting inputs (prompts) that include hidden commands or subtle suggestions. These can mislead the model into generating responses that are out of context, biased, or otherwise different from what a straightforward interpretation of the prompt would suggest. I have catalogued a bunch of LLM related attacks previously in my blog here and here . For a more mathematical interpretation of the LLM attacks, I would suggest you to read this blog post here by the head of safety at OpenAI.
Attacks on image classifiers have been historically way more popular given their widespread applications. One of the popular attack as described in this paper is the Fast Gradient Sign Method(FGSM). Gradient based attacks are white-box attacks(you need the model weights, architecture, etc) which rely on gradient signals to work. Gradients are how you determine which direction to nudge your weights to reduce the loss value. However, instead of calculating gradient w.r.t weights, you calculate it w.r.t pixels of the image and use it to maximize the loss value. Here is a tutorial with code showing you how to implement this attack.
![](\"/assets/files/pandagibbon.png\")
![](\"/assets/files/bananapatch.png\")
FGSM is by no means the only type of attacks on image classifiers. For a bigger list you can check this page. Neural networks and humans process images in very different ways. While humans too have adversarial examples(like optical illusions), neural networks analyze the image from raw pixels bottom-up. They start with simple edges, bright spots, etc to then complex stuff like shapes and faces. Each layer of the neural net processes them in a sequential manner. For example, adding a couple bright spots near a human cheek might set of the “whisker” neuron in an earlier step which would then cascade through the network and make it misclassify the human as a dog. The earliest mention of this attack is from this paper(first author is co-founder of xAI) back in 2013 and attacks have gotten super good since then. Nowadays, just adding one single pixel to an image could throw of the neural network. This attack vector is further exacerbated by multi-modal neural networks where putting a small piece of text on an image could lead to its misclassification.
Moreover, images are not the only thing where neural net classifiers are used. For example, anti virus software regularly use neural nets to classify PE files(portable executables). Here is a white-box attack tutorial showing how you can trick such a neural net into believing that your file is harmless. In the speech to text domain, adding a little bit of noise to the voice sample throws off the entire transcription completely. Nicholas Carlini (who I had mentioned in a different post earlier for his data poisoning attacks on LLMs) wrote a paper on this which you should check out. For NLP models which work at a character level, here is another one where changing a single character leads to misclassification of the text.
![](\"/assets/files/voicefool.png\")
As you can see adversarial examples are basically a cat and mouse game where the attacker keeps getting better and defenses have to keep improving.
Given that machine learning models rely on training data, if you attack the training data itself you can degrade the performance of the model. I have touched upon it briefly earlier in the context of LLMs which you can read here.
![](\"/assets/files/backdoor.png\")
Backdoor from the POV of traditional security is nothing but sort of implementing a code vulnerability which can later be used to get access to the system. With ML systems, its not just the code that is vulnerable but the data as well. Backdoor attacks are a special kind of data poisoning attack where you provide data which will make the model behave in a certain way when it sees a certain (hidden) feature. The hard thing about backdoor attacks is that the ML model will work perfectly fine in all other scenarios until it sees the backdoor pixel/feature. For example, in face recognition systems, the training data could be primed in a way to detect a certain pattern which can then be used (worn on a cap for example) to misclassify a burglar as an security guard or employee. I have linked some papers on this topic in the further reading section.
Instead of tricking the model to misbehave, this are sort of attacks which compromises the privacy of a machine learning model. The attacker here basically wants to know whether a given data point was included in the training data and its associated labels. For example, lets assume you are in a dataset which is used to train a model which predicts whether you have have a certain disease. If a health insurance company gets access to such a model and does a membership inference attack on it, they can basically find out whether you have the disease or not.
So how does this work? This entire attack is based on the simple fact that machine learning models perform better on examples they have seen compared to unknown or random examples. At its core, you train another machine learning model which takes two inputs, a model and a data point. It then returns a classification on whether that data point was in the input model or not.
![](\"/assets/files/shadowmodel.png\")
To perform membership inference against a target model, you make adversarial use of machine learning and train your own inference model to recognize differences in the target model’s predictions on the inputs that it trained on versus the inputs that it did not train on.
In this paper they empirically evaluate the inference techniques on classification models trained by commercial “machine learning as a service” providers such as Google and Amazon. Using realistic datasets and classification tasks, including a hospital discharge dataset whose membership is sensitive from the privacy perspective, they show that these models can be vulnerable to membership inference attacks.
![](\"/assets/files/attackmodel.png\")
This attack basically uses machine learning models to attack another machine learning model. LLMs are also susceptible to this and I’ve linked some relevant papers in the further reading section.
This is an attack on the model itself where the attacker is trying to steal the machine learning model from the owner. This can be pretty lucrative especially these days where the technical moat of certain $100B companies entirely depend on them having the best machine learning model.
This paper studies the attack in which an adversary with only query access to a victim model attempts to reconstruct a local copy. Assuming that both the adversary and victim model fine-tune a large pretrained language model such as BERT they show that the adversary does not need any real training data to successfully mount the attack.
![](\"/assets/files/modelextract.png\")
In fact, the attacker need not even use grammatical or semantically meaningful queries: they show that random sequences of words coupled with task-specific heuristics form effective queries for model extraction on a diverse set of NLP tasks, including natural language inference and question answering.
This kind of attack doesn’t attack the model itself but targets the explanation methods.It refers to an attack where explanations are used to create the illusion of fairness in machine learning models, even when the models may still be biased or unfair. This term is a play on “whitewashing,” implying that something undesirable (in this case, unfairness or bias) is being covered up. This is an attack on the domain of model interoperability where the entire focus of the field is to figure out explanations of model behavior. The attack tries to fool the statistical notion of fairness(like LIME and SHAP) but unfortunately the concepts were a bit too mathematical for for me to explain it here. In this paper, they propose a scaffolding technique that effectively hides the biases of any given classifier by allowing an adversarial entity to craft an arbitrary desired explanation. Apparently their approach can be used scaffold any biased classifier in a manner that its predictions on the inputs remain biased but post hoc explanations come across as fair.
You can DoS a ML system by giving it certain sponge examples as part of your input. In this paper they find that you can increase the energy consumption(and thereby latency in responses) by 10x-200x by just crafting certain malicious sponge inputs which exploit certain GPU optimization techniques. This attack is particularly scary in the context of self driving cars. Imagine a sign board with such an example which causes a delay in response leading to life threating accidents.
You can degrade a model performance by just changing the order in which you present the training data. In this paper they find that an attacker can either prevent the model from learning, or poison it to learn behaviors specified by the attacker. Apparently even a single adversarially-ordered training run can be enough to slow down model learning, or even to reset all of the learning progress.
Further reading:
AI alignment is a broad topic of research to basically ponder over the question “How can AI systems be steered to accomplish the human intended goals and preferences?”. Simply put, how do we make sure that the AGI will listen to us? Currently, we use methods like RLHF to steer our large language models. However, future AI systems will be capable of extremely complex and creative behaviors that will make it hard for humans to reliably supervise them. They will be generating millions of lines of code or generating novels with thousands of words. Can we supervise a superhuman AI using only human supervisors We are currently uncertain about this and don’t exactly know if the current methods will scale to super human model. So, OpenAI decided to study an interesting analogy where they try to supervise(align) a larger model GPT-4 using a smaller model GPT-2. The GPT-2 is analogous to a human(a weak supervisor) and they experiment with a bunch of setups to see if it can reliably steer GPT-4. A direct fine tune is still the best approach possible(today for GPT-4 type model) but we will need to invent/explore new methodologies to steer potential AGI and this blog post is about that paper.
Before going further, lets first understand the setups used:
This is nothing but a base GPT-2 model fine tuned on certain ground truth labels like the Ethics datasets, Hellswag etc to create a fine tuned version of it. This fine tuned version(the weak supervisor) is then used to predict on a held-out set of examples on the ground truth dataset. This weak supervisor will then predict the labels and they are called “weak labels”.
![](\"/assets/files/weaksup.png\")
![](\"/assets/files/weaklabel.png\")
Now, we train a strong model (base GPT-4 which is not fine tuned) with these weak labels generated by our weak supervisor to create a final strong student model(fine tuned GPT-4).
![](\"/assets/files/weaktostrong.png\")
The above process is described further in the code they open sourced. They essentially do the following:
![](\"/assets/files/strongceiling.png\")
The new method proposed in the paper is basically a way to encourage the strong model(created in the weak supervisor step) to be more confident - including confidently disagreeing with the weak supervisor if necessary. When they supervise GPT-4 with a GPT-2 level model using this method on NLP tasks, they find that the resultant model performs somewhere between GPT-3 and GPT-3.5. They were also able to recover much of the GPT-4 capabilities with much weaker supervision. They do this by having some auxillary confidence loss which forces the model to be more confident. Check section A.4 of the paper for a detailed description of the method used. I have left out the exact description due to its slightly more mathematical nature.
The answer is a mixed yes and a no. They were able to eke out GPT-3/3.5 level performance on NLP tasks as we see in the below graph but not so much on other tasks.
NLP benchmark using 4 different models (weak supervisor, naive fine tuning, their new method and strong ceiling) and performance is measured by looking at how different models perform on the same NLP task.
![](\"/assets/files/w2sg.png\")
![](\"/assets/files/allperf.png\")
In the paper, they use the above methods and do the comparison on three different tasks. First is the NLP benchmarks which we discussed above, second is chess puzzles and finally ChatGPT Reward modeling. This section details the bootstrapping used for chess puzzles.
In the pre-training dataset they already had chess games but in the fine tuning dataset they now had chess puzzles. You basically are fed the board state as a text prompt and the model has to predict the best next move as a text label. Their experiment setup didn’t allow feeding images of the chess board.
However, they found out that naive fine tuning doesn’t really work well for chess puzzles and the gap between student and supervisor is too large. Thats why they introduce “Bootstrapping” to solve this problem. Bootstrapping is a long-standing idea in alignment where instead of directly aligning very superhuman models, you could first align an only slightly superhuman model, use that to align an even smarter model, and so on until you align the model you want for your experiment. They construct a sequence of model sizes M1 → M2 → . . . → Mn of increasing sizes. Then, they use the weak labels from M1 to fine tune M2, use M2 to generate new weak labels that you can use to fine tune the next model in the sequence, M3, and so on.
![](\"/assets/files/bootstrap.png\")
The standard approach to aligning models today is reinforcement learning from human feedback (RLHF). A critical step of RLHF is to train a reward model (RM) to predict human preferences between model responses. Specifically, a reward model is trained on a dataset consisting of dialogs between a human and an assistant model. For each query, the humans compare multiple possible responses (completions) from the assistant, providing human preference data. Then, a reward model is trained to predict the results of pairwise comparisons between completions. Finally, the assistant model(the chatbot like ChatGPT) is trained by optimizing against the reward model with reinforcement learning (RL).
As we saw in the previous section, our strong ceiling model still outperforms our confidence boosted strong student model. How did they attempt to bridge this gap? To solve this they used unsupervised generative fine tuning for the reward modeling. Its just a way to increase the salience of a task without using ground truth labels. In this case they perform unsupervised fine tuning with data relevant to the task. They take the ChatGPT comparison data and they ignore the human preferences. What you are left with is just the prefix-completion pairs.
However, this poses an interesting question. Isn’t it cheating to use the ChatGPT comparison data instead of using a new supervision dataset? However, since they compare performance to the strong ceiling model which was also generatively fine tuned using the same dataset(ChatGPT comparison) its fine to do this. GPT-4 was first fine tuned with ChatGPT comparison data without human preferences and then was fine tuned with the dataset of human preferences. So, even comparing to this strong ceiling they were to able to recover the performance gap by about 10-20%.
As we see above, they used three techniques to achieve some sort of weak-to-strong generalization.
However, none of the methods work for every situation. Collectively, their results suggest that naive human supervision—such as reinforcement learning from human feedback (RLHF)—could scale poorly to superhuman models without further work, but it is feasible to substantially improve weak-to-strong generalization. And they call out two problems which may arise if and when humans try to align super human models which they mention as “disanalogies”. They are:
![](\"/assets/files/leogao.png\")
If you liked my post, let me know on Twitter. Other posts on AI:
Further reading and sources:
As most readers of my blog would know by now, I used to play Poker for a couple years as a full time endeavour. One of the main tools we used for learning the game were called “solvers”. This blog post is about these programs and how they work? An introductory understanding of Poker terminologies, betting sequences and basic conditional probability is required for this post.
![](\"/assets/files/gametree.png\")
A lot of games have been used in the AI domain like chess, checkers, Go and Poker. Games like Poker are special because of the key element of imperfect information. Unlike Chess and Go where you have the entire board in front of you, in Poker you don’t know your opponent hole cards. Its harder to come up with an optimal strategy of play when you don’t have the entire information and its more interesting because its similar to a lot of real world decision making settings. We will not get into the details of Poker but rather try to understand how this game is “solved”, the methodologies used and real world implications.
University of Alberta has a Poker research group and they have been working on solving the game before anybody else as far as I know. They were one of the earliest folks to build a Poker bot(called Loki) which could fold/call/raise based on effective hand strength. However, the earliest research in the field I could trace back was to this seminal paper by John Von Neumann called “Theory of Games and Economic Behavior” where they discuss the concept of expected utility linking it to rational decision making.
What does it mean to “solve” a poker game? When you find a Nash Equilibrium strategy (aka GTO strategy) for the game it means that the game is “solved”. By definition, if both players are playing this strategy, then neither would want to change to a different strategy since neither could do better with any other strategy (assuming that the opponent’s strategy stays fixed). However, GTO strategy is not always the best way to play the game. While GTO ensures that you are un-exploitable, this doesn’t mean you will be winning the maximum money. The best response strategy is the one that maximally exploits the opponent by always performing the highest expected value play against their fixed strategy. In general, an exploitative strategy is one that exploits an opponent’s non-equilibrium play.
However, solvers have no idea what “Nash equilibrium” even means. So, how do they figure out the GTO play? At its core, solvers are simply EV-maximizing algorithms. Each agent in a solver represents a single player. That player a single goal of maximizing the money earned playing. The problem is the other agents play perfectly. When you force these agents to play against each other’s strategies, they iterate back and forth, exploiting each other’s strategies until they reach a point where neither can improve. This point is equilibrium which happens to be the Nash equilibrium we discussed above. GTO is achieved by making exploitative algorithms fight each other until neither can improve further.
Before we proceed further, we need to define, what is regret in Poker?
When you think of Regret in Poker, what is the first thing that comes to mind? Its usually us regretting calls or folds or bluffs which we did that didn’t work out (being results oriented here to explain the concept). On a very high level regret is defined as:
Regret = (EV of your action) - (EV of the strategy)
Regret is a measure of how well you could have done compared to some alternative. Phrased differently, what you would have done in some situation instead. Counterfactual regret is how much we regret not playing some strategy. For example, if we fold and find out that calling was a way better strategy, then we “regret” not calling. Mathematically it measures the gain or loss of taking some action compared to our overall strategy with that hand at that decision point.
Minimizing regret is the basis of all GTO algorithms. The most well-known algorithm is called CFR – counterfactual regret minimization. In fact, my entire process of studying Poker is one big algorithm. I used to play 10k hands, take it to my coach, get it reviewed against “correct” strategy and try to play more optimal next time. My whole studying process was to minimize regret in a way.
A common way to analyze regret is the multi-armed bandit problem. The multi-armed bandit problem is a classic reinforcement learning problem that exemplifies the exploration–exploitation tradeoff dilemma. The setup is simple. You are a gambler sitting in front of a row of slot machines. Each machine can give out a positive or negative reward. How do you decide which machines to play, how many times to play each machine and in which order to play them? Bandits are a set of problems with repeated decisions and a fixed number of actions possible. This is related to reinforcement learning because the agent player updates its strategy based on what it learns from the feedback from the environment.
This reinforcement learning problem is related to Poker when played in the partial information setting. In the full information setting, the player can see the entire reward vector for each machine chosen and in the partial setting, sees only the reward that the machine has chosen for that particular play. There are multiple basic algorithms to attack this and a basic one is the greedy algo where you sample each machine once and then keep playing the machine with highest reward in sampling stage. There are other version of the greedy algo where you sometimes randomly explore another machine. The idea of usually picking the best arm and sometimes switching to a random one is the concept of exploration vs. exploitation. Think of this in the context of picking a travel destination or picking a restaurant. You are likely to get a very high “reward” by continuing to go to a favorite vacation spot or restaurant, but it’s also useful to explore other options that you could end up preferring.
Before we proceed further, we need to understand the concept called “Game Tree”.
In the concept of sequential games, a game tree is nothing but a pictorial representation of every possible game state. This can be used to measure the complexity of a game, as it represents how dense and massive a game can play out over the long run. Below is an image of a game tree for ONLY the first two actions of the Tic tac toe game. The first player has three choices of move: in the center, at the edge, or in the corner. The second player has two choices for the reply if the first player played in the center, otherwise five choices. And so on. The number of leaf nodes in the complete game tree is the number of possible different ways the game can be played.
![](\"/assets/files/tictac.png\")
For example, the game tree for tic-tac-toe has 255,168 leaf nodes. In comparison, a super simplified, 2 player, limit hold-em has 1,179,000,604,565,715,751 nodes. Now, remember in a real world poker setting there are 6-9 players playing, with each having infinite number of bet sizes(limit hold-em example has just 2 bet sizes). This means the actual game tree of Poker is infinitely massive and we need smart algorithms to distill a GTO strategy from it because we can’t go the final leaf node of every strategy (computationally impossible). There are more leaf nodes than the number of atoms in the universe. As you will read later, the secret sauce of Pluribus comes from one such algorithm/approach. Two popular algorithms Minimax and Monte carlo tree search(MCTS) are some approaches that people take to find the optimal move through simulation. MCTS allows us to determine the best optimal move from a game state without having to expand the entire tree like we had to do in the minimax algorithm.
Apart from the Poker game tree being infinitely large, we have another problem. Poker is an imperfect information game but games like chess/tic tac toe are perfect information games. With perfect information, each player knows exactly what node/state he is in in the game tree. With imperfect information, there is uncertainty about the state of the game because the other player’s cards are unknown.
We have already defined what a “correct” strategy looks like and the game tree. At its core, we need to find the parts of the game tree which when played out gives us the maximum utility. I don’t want to make the post technical by talking about equities, probabilities and EV of every node but rather will keep things abstract for easier consumption.
![](\"/assets/files/treesetup.png\")
![](\"/assets/files/step2.png\")
![](\"/assets/files/payoffpoker.png\")
That’s it!. Almost all GTO solvers do the above 4 steps. They are aided with complex algorithms to simplify game trees, calculate regret faster, identifying which part of game tree is relevant. To ensure we aren’t stuck in a local maxima of the game tree, most solvers use a process called Counterfactual Regret Minimization (CFR). This algorithm was first published in a 2007 paper from the University of Alberta and it proves that the CFR algorithm will not get stuck at some local maximum, and given enough time, will reach equilibrium.
Counterfactual means “relating to or expressing what has not happened or is not the case”. For example, if in reality I drank 4 red bulls and couldn’t sleep in the night, I could say counterfactually, “If I hadn’t drank red bulls, I would have slept well in the night”. Regret we previously touched on is a way to assign a value to the difference between a made decision and an optimal decision. Minimization refers to minimizing the difference between the made decision and the optimal decision.
In the paper, they basically introduce the notion of counterfactual regret, which exploits the degree of incomplete information in an extensive game. They show how minimizing counterfactual regret minimizes overall regret, and therefore in self-play can be used to compute a Nash equilibrium. CFR is a self play algorithm that learns by playing against itself repeatedly. It starts play with a uniform random strategy (each action at each decision point is equally likely) and iterates on these strategies to nudge closer to the game theory optimal Nash equilibrium strategy as the self play continues (the average of all strategies converges to the equilibrium strategy)
![](\"/assets/files/cfr.png\")
The concept of counterfactual value calculation involves determining the values of actions within a game state by hypothesizing that we reach that state with a certainty of 100%. In this process, only the probabilities associated with the opponent’s and chance’s moves leading to that state are considered.
Counterfactual values are derived by multiplying the likelihood of the opponent and chance arriving at a particular state, the odds of progressing from that state to the game’s conclusion, and the final value at the game tree’s end. Within each information set of the game tree, the algorithm maintains a tally of regret values for each potential action. Regret here refers to the extent to which the agent would have performed better had it consistently chosen a particular action, instead of an average strategy comprising a blend of all actions. A positive regret suggests that an action should have been chosen more often, while a negative regret indicates that avoiding the action would have been preferable.
Minimizing regret involves favoring actions that perform better, thereby elevating the average value for the game state. The algorithm adjusts its strategy after each round to favor actions proportional to their past regrets. This means that an action with previous success is more likely to be chosen in the future. Proportional play prevents drastic strategy shifts, which could be predictable and exploitable. It also allows under performing strategies to potentially bounce back and be selected again.
The ultimate Nash equilibrium strategy, derived as an average of strategies across iterations, is deemed optimal. This strategy is expected not to incur losses and is theoretically sound, with neither player having a motive to deviate if both adopt an equilibrium strategy. This forms the basis of what is meant by “solving” a game like poker.
Reinforcement learning involves agents learning actions in an environment by considering past rewards, akin to the regret updates in Counterfactual Regret Minimization (CFR). Regrets in CFR resemble advantage functions, which compare the value of an action to a state’s value, as highlighted in recent studies like the Deep CFR paper. This concept parallels the idea of managing independent multiarm bandits at each decision point, learning from all simultaneously.
If CFR was invented long time back what was the breakthrough in 2019 which led to the building of Pluribus and the $1M prize game? They did Libratus first which was a 2 player version but a year later followed up with Pluribus which was a 6 player AI(exponentially harder to solve). The big breakthrough was the depth-limited search algorithm. This allowed them to shift a lot of the load from the blueprint computation to the online search algorithm, and the online search algorithm is relatively much more efficient. There were also advances in the blueprint computation itself, such as the use of linear CFR, but advances in the search algorithm were the biggest factor.
Assuming Poker bots take over the online scene, where else can poker players and people building poker solvers get a job 🤣 ?
Sources and Further reading:
In the previous blog post, we gave an introduction to how LLMs work and started looking at various offensive measures that we use to break them. In this post, we will explore more offensive strategies, look at examples from the wild and also briefly touch upon the common defenses used by AI companies.
![](\"/assets/files/img1learn.png\")
![](\"/assets/files/img2learn.png\")
Also, most LLMs today have browsing capabilities. Here, the adversarial instructions are introduced by a third party data source like a web search or API call. You can make the LLM go to a particular website and load your malicious instruction from here and this is especially more prevalent with ChatGPT plugins and the upcoming GPT Store.
![](\"/assets/files/attackscheme.png\")
Dual LLM attack. These days most LLM chat providers uses two or more LLMs for moderation. Your input is first evaluated by an LLM which then passes on the output to the main model. Cracking this would involve sending prompt injecting the first LLM to ensure that its output recursively attacks the second one. There is a paper from Stanford which explains ways to overcome this.
Universal cheatcodes. This is by far the most interesting and research oriented method. The approach is to find suffix(the cheat code) that, when attached to a wide range of queries for an LLM to produce objectionable content, aims to maximize the probability that the model produces an affirmative response (rather than refusing to answer). However, instead of relying on manual engineering, the idea is to automatically produces these adversarial suffixes by a combination of greedy and gradient-based search techniques, and also improves over past automatic prompt generation methods. The code can be found here
![](\"/assets/files/cheatcode.png\")
In the next blog post, we will look at various defensive measures.
Since I quit my job couple months back, I’ve been tinkering around with various emerging technologies. I have been pretty obsessed with the current AI evolution of large language models (LLMs) and their surprising text generation capabilities. Whether you are surprised or not, people have started integrating them into just about every software we interact with and after spending countless hours asking it to generate song lyrics, I eventually wanted to understand what was happening behind the scenes. I am no AI engineer and I barely remember the Machine learning/ Neural network courses I took in college, but given my computer security background, what better way to learn how these LLM’s work than by trying to break them? In this post, we look at the basics of AI security, current “known” attacks, common defenses and some CTF challenges. I’ve been meaning to write this post for a while but this field was moving so fast that keeping up latest publications is a full time job. Now that NeurIPS is over and things have calmed down, I finally got time to work on this.
![](\"/assets/files/attacks.png\")
This is going to be a multipart series given the sheer amount of available content in this field despite it being barely 2 years old. Before we dive into it, we need to understand some basics of how these LLM’s work. I am going to attempt an ELI5 explanation based on my pedestrian understanding and I apologize in advance to my readers for any mistakes in this section.
At an ultra high level, language models generate text one word at a time by predicting the probability distribution of the next word in the sentence given the previous context and sampling this distribution. You can visualize it using the GIF from the Lena Volita NLP course below
![](\"/assets/files/generation_example.gif\")
As you see above, every time you want to predict the next word, you have to feed it the entire context for it to generate the distribution. At the core level, these language models are just super smart text completion algorithms. But how does this work in a chatbot setting? Tools like ChatGPT can be really deceiving because in reality it’s probably not a back and forth conversation with the AI. Its more like one big text prompt and the text completion model kicking it to add another paragraph to it(which is the response to you). Its been manually tuned by humans to tailor the responses to make it seem like a back and forth conversation. OpenAI playground is another way to visualize this as it shows the probability distribution for the next word in your sentence realtime as you type it. Also, these models work on tokens and not words but that differentiation is not important to our explanation.
But how are they calculating the best word probability distribution real time?
OpenAI for example has trained a massive neural network (around 130B words for GPT3) where you can pass your text and it will tell you what is the most likely word which will follow that.
![](\"/assets/files/neural.png\")
But why do we have to know about these neural networks to do prompt injection? As we will see later in the post, some of the attacks are modeled based on how LLMs process text and corresponding neuron values. Some neurons track the length of the line(to predict when the model should start a new line in its response), some neurons track opening closing brackets/quotes, some of them track sentiment etc and understanding how they activate is crucial in designing some of the advanced attacks against these LLMs. Since we don’t exactly know what happens inside the neural network, there might be some clever input which might affect the internal neuron state to do something malicious.
Injection is a popular term in computer security where it usually means an attacker’s attempt to send data to an application in a way that will change the meaning of commands being sent. There are many kind of injection attacks with SQL injection being one of the widely exploited ones. Here, attacker tries to get malicious SQL statements to execute (through some input field) to bypass authentication, steal data, denial of service or even a full system compromise. Prompts these days are nothing but instructions to the AI. Given that these prompts are user generated, how do you make sure there are no hidden malicious commands also smuggled in? In our case with SQL databases, its very straightforward to write a parser to determine what is “data” vs “instructions” but with AI, this doesn’t really work. Everything is just one big blob of text.
What is the thread model? Well, the LLMs works with a text prompt. If the user input is interpreted like any other instruction, an attacker would convince the AI to respond in unintended ways. How does it matter? We don’t know the full extent of that yet but here are some examples:
There is a lot of content online about various prompt hacking methods. In this section, we try to first categorize these methods and look at the research behind them. Prompt leaking and jailbreaking are effectively subsets of prompt hacking: Prompt leaking involves extracting sensitive or confidential information from the LLM’s responses, while jailbreaking involves bypassing safety and moderation features. We will also discuss specific offensive techniques as well as defensive techniques.
![](\"/assets/files/mask.png\")
![](\"/assets/files/functions.png\")
![](\"/assets/files/out.png\")
![](\"/assets/files/outres.png\")
We will investigate other methods of prompt injections in the next blog post.
", "url": "https://rnikhil.com/2023/12/18/ai-llm-security-part1", "date_published": "2023-12-18T00:00:00+00:00", "date_modified": "2023-12-18T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2023/11/30/ai-coding", "title": "Building a chrome extension using only AI", "summary": null, "content_text": "I’ve been dabbling with generative AI tools for the last couple months and being a hobby programmer, checking out and tinkering with them is my favorite pass time(full time given that I am on a sabbatical). Like anybody else, I’ve been amazed by the recent developments in AI coding tools particularly. AI tools like AlphaCode, a system for code generation achieved an average ranking in the top 54.3% on recent programming competitions on Codeforces. This is pretty impressive and AlphaCode2 which was released last week pushes this up to 85%. These developments are fundamentally going to change software engineering in the next 5 years. Similarly, given that competitive programming questions are the primary ways candidates are also judged during interviews, we are going to see a new paradigm of evaluation come up for software engineers. Codebase onboarding for new employees, pair programming, debugging etc are all going to fundamentally change and the developer workflows 10yr down the line would be drastically different than when I started out.I wanted to give these tools a try and see if its actually possible to build an end to end project with >95% code written by AI. To keep it simple I decided to build a simple chrome extension which takes an OpenAPI key as an input, and generates an image based on either a text prompt or text selected in the current webpage. The last chrome extension I built was some 8yrs ago and the only thing I remembered was that it has a manifest.json file which contains all the config. That was literally the only thing I remembered about building Chrome extensions and I did not reference the docs even once throughout this whole exercise.My setup for building this was fairly simple. Cursor.sh along with my OpenAPI key was all I used. I simply loaded the extension manually into Chrome and used developer tools for inspecting any errors.This was my first prompt I usedbuild a chrome extension to generate images using DALL E api based on the text selected on the browser or by inputting a custom text prompt. The extension should take the API key from the user and generate images inside the popup. Generate all the files. make me a popup.html page. it should have a text field to input and save an openai key, input for a text prompt, download button to download the generated images, regenerate buttonAfter some to and fro, I got the basic wire frame ready for my extension. Loading the popup.html looked something like this:After this I followed up the following prompt:include the dalle api interaction, the download logic for images, also, after successfully saving the api key, show a small \"saved\" icon beside the \"save\" button. Edit my popup.js and popup.html to make this workThis required some debugging on my end feeding the errors back to the AI. It helped debug a CORS issue where I missed adding the OpenAI domain permissions to the manifest file. I also had a type error due to improper handling of DALL E API response which was again handled by GPT4. Finally I asked it to beautify my popup.html with some spacings and unique colors for every button. Every single JS function worked flawlessly as intended despite me not even writing 2% of the code.You can find the source for the extension here on my Github. Overall I’ve been pretty impressed by its coding abilities and tools like these exponentially increase the productivity of hobbyist developers like me and I am really looking forward to coding more again.", "content_html": "I’ve been dabbling with generative AI tools for the last couple months and being a hobby programmer, checking out and tinkering with them is my favorite pass time(full time given that I am on a sabbatical). Like anybody else, I’ve been amazed by the recent developments in AI coding tools particularly. AI tools like AlphaCode, a system for code generation achieved an average ranking in the top 54.3% on recent programming competitions on Codeforces. This is pretty impressive and AlphaCode2 which was released last week pushes this up to 85%. These developments are fundamentally going to change software engineering in the next 5 years. Similarly, given that competitive programming questions are the primary ways candidates are also judged during interviews, we are going to see a new paradigm of evaluation come up for software engineers. Codebase onboarding for new employees, pair programming, debugging etc are all going to fundamentally change and the developer workflows 10yr down the line would be drastically different than when I started out.
I wanted to give these tools a try and see if its actually possible to build an end to end project with >95% code written by AI. To keep it simple I decided to build a simple chrome extension which takes an OpenAPI key as an input, and generates an image based on either a text prompt or text selected in the current webpage. The last chrome extension I built was some 8yrs ago and the only thing I remembered was that it has a manifest.json file which contains all the config. That was literally the only thing I remembered about building Chrome extensions and I did not reference the docs even once throughout this whole exercise.
My setup for building this was fairly simple. Cursor.sh along with my OpenAPI key was all I used. I simply loaded the extension manually into Chrome and used developer tools for inspecting any errors.
This was my first prompt I used
build a chrome extension to generate images using DALL E api based on the text selected on the browser or by inputting a custom text prompt. The extension should take the API key from the user and generate images inside the popup. Generate all the files. make me a popup.html page. it should have a text field to input and save an openai key, input for a text prompt, download button to download the generated images, regenerate buttonAfter some to and fro, I got the basic wire frame ready for my extension. Loading the popup.html looked something like this:
![](\"/assets/files/ext.png\")
After this I followed up the following prompt:
include the dalle api interaction, the download logic for images, also, after successfully saving the api key, show a small \"saved\" icon beside the \"save\" button. Edit my popup.js and popup.html to make this workThis required some debugging on my end feeding the errors back to the AI. It helped debug a CORS issue where I missed adding the OpenAI domain permissions to the manifest file. I also had a type error due to improper handling of DALL E API response which was again handled by GPT4. Finally I asked it to beautify my popup.html with some spacings and unique colors for every button. Every single JS function worked flawlessly as intended despite me not even writing 2% of the code.
You can find the source for the extension here on my Github. Overall I’ve been pretty impressed by its coding abilities and tools like these exponentially increase the productivity of hobbyist developers like me and I am really looking forward to coding more again.
", "url": "https://rnikhil.com/2023/11/30/ai-coding", "date_published": "2023-11-30T00:00:00+00:00", "date_modified": "2023-11-30T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2023/11/28/llm-scaling", "title": "Chinchilla review", "summary": null, "content_text": "Whenever I see a discussion online about the current generation of LLMs, there is an inherent assumption and extrapolation that these technologies will keep improving with time. Why do we think that? The approximate answer is because of scaling laws which suggest indefinite improvement for the current style of transformers with additional pre-training data and parameters. This blog post delves into the intricacies of these scaling laws and examines how they guide the development of more powerful and efficient LLMs. I will be as comprehensive as I can (with the math knowledge I have) including parts about the scaling law origins, recent finding and their implications.First we will try to understand the basic variables involved in scaling large language models: Parameters of the model. We will be using it as a proxy for size and its a broad term that includes both the weights and biases of a model. The size of a neural network typically refers to the number of trainable parameters it contains. Weights and biases are the values learned during the training process and they represent the “weight” of a connection between neurons of different layers. Parameters and hyper parameters are different. Hyper parameters are your model config settings like learning rate, no. of epochs, batch size etc and aren’t learned from the data itself. They are set during time of training and are irrelevant to our discussion Compute. Usually represented in FLOPS(basically no. of arithmetic operations per second). Here, we use it to estimate training complexity of the neural net. While calculating FLOPs to dollars is not straightforward and will depend on hardware used and energy costs, we will use it as a proxy for money spent. Tokens. This is just a proxy for the size of the training dataset Performance. This is nothing but how the trained model performs on certain benchmarks designed to evaluate across axis like classification accuracy, generalization ability, efficiency and task specific metrics. Compute Optimal. Its basically a concept which determines how to extract the most performance out of your model given a constrained compute budget and model size.There were three seminal publications in this field as listed below. This post will focus mainly on the Chinchilla paper Kaplan Paper Chinchilla update to scaling laws (Mistral AI co-founder was one of the first authors) OpenAI scaling laws (Kaplan is a co-founder at Anthropic)The first Kaplan paper basically showed that there is a power law relationship between the number of parameters in a LLM and its performance. Kaplan paper suggests that to train larger models, increasing the number of parameters is 3x more important than increasing the size of the training set This implication basically led to larger and larger models getting trained expecting performance improvements. While the following Chinchilla paper comes to a similar conclusion, they estimate that large models should be trained for many more training tokens than recommended by the Kaplan paper. Training an optimal model requires about 20x more tokens than parameters.So in around late 2021, the Deepmind team went on to train about 400 models ranging from 70 million to 16 billion parameters on datasets ranging from 5 to 500 billion tokens. They did a bunch of experiments and found some interesting results. Specifically, given a 10× increase computational budget, Kaplan paper suggested that the size of the model should increase 5.5× while the number of training tokens should only increase 1.8×. Instead, Chinchilla states that model size and the number of training tokens should be scaled in equal proportions. To demonstrate this they trained a model (Chinchilla) which had better performance than comparative models for the same compute budget.How did they find this?The fundamental question they were trying to answer was “Given a fixed FLOPs budget, how should one trade-off model size and the number of training tokens?” . Its basically an optimization problem where you fix one variable (FLOPs) and try to find the optimal values for parameters and tokens. However, every time they have to test a value for parameters/tokens they have to train a model which costs millions of dollars. For the paper, they trained over 400 models with varying values of parameters and tokens taking certain approaches. Lets look at them below: Approach 1: Fix the parameter variable and vary the size of the training tokensHere, they took a couple models with parameters ranging from 70M to 10B and trained them each on four types of datasets (differentiated by size). Based on this training, they were able to estimate the model with minimum loss (we will use loss as proxy for model performance as far as this blog post is concerned) for a given compute budget. As you see above, they were able to determine the best model (parameters/token) for a given compute budget by looking at the loss value of every trained model. Approach 2: Fix the compute budget and vary the number of parameters of the neural networkIn the first approach, they fixed the number of parameters of the model and trained them on multiple token sizes. Based on the compute used for each model, they were able to select the model with the ideal parameter/token size for a given budget. In this approach, they fix the amount of FLOPs for each model and vary the number of parameters for each model. According to this approach, Google would have had to train PaLM with about 14 trillion tokens to obtain the optimal loss for a 540B parameters model. Approach 3: Take data from first two approaches and try to find a function for loss valuesThis approach was slightly mathematical in nature and I shall skip directly to the results. We find the model with the lowest loss value for a given compute budget and model size.Throughout the three approaches, the paper keeps referencing the Gopher model (which was earlier trained by Deepmind only) to try to demonstrate the optimal values for parameters and tokens given the compute size that was historically used. They find that the optimal model size given the Gopher budget to be a 67B model instead of the 280B they actually trained.ConclusionsModern large language models have been oversized unnecessarily. With no added performance, companies have been training massive models wasting resources. Here is a table showing optimal training FLOPs and training token for different model sizes.After training more than 400models to prove the above relationships, they train the Chinchilla model to drive the point across. The idea of this model was to take the above relationships and REDO Gopher. They used the same amount of computer budget as Gopher but used 70B parameters and 1.4T tokens to train Chinchilla and it ends up outperforming Gopher is a lot of benchmarks. For the same amount of money spent, they got a better model out basically. Moreover, its cheaper to run inference on smaller models leading to more cost savings over the long run.Current models are extremely oversized for their performance. Going after parameters is inefficient. While AI labs have been going after larger and larger models, post Chinchilla era dictates that they should be going after massive training data as well. This requires research into more optimization steps and increases in batch sizes (which however has adverse impact on model performance after a point). The problem of maintaining training efficiency while increasing data size becomes very important to solve. We also might be running out of data as this Lesswrong article implies.Emergent propertiesI originally started writing this document to explain the Chinchilla results and ponder over certain emergent behavior to make an educated guess about AGI timelines. An amazing property of LLMs is the emergence of new capabilities as the size of the network increases. In other words, LLMs unpredictably learn to perform new tasks, without having been specifically trained to do so. The system becomes more complex than the sum of the parts. Here is a GIF from the Google PaLM paper showing the same.We currently don’t know at scale emergent behavior shows up and we can’t even estimate the level of ability or even the potential categories of such abilities. This paper from Google shows that emergent abilities cannot be predicted simply by extrapolating the performance of smaller models. The existence of such emergence also raises the question of whether additional scaling could potentially further expand the range of capabilities of language models or not. On one side, we have the Chinchilla paper showing us that the model performance keeps getting better with increasing parameter and token size. On another side, we have established that emergent behaviors keep popping up with increasing model scale. Ilya Sutskever uses the above to basically explain why next-token prediction is enough for AGI?. Maybe figuring out a relationship between next word prediction accuracy and reasoning abilities could be the way to make current gen LLMs truly intelligent.The convergence of scaling laws and emergent abilities not only makes me excited for the future of AI but also brings in a new era where the unforeseen capabilities of AGI could revolutionize our understanding of intelligence itself.", "content_html": "Whenever I see a discussion online about the current generation of LLMs, there is an inherent assumption and extrapolation that these technologies will keep improving with time. Why do we think that? The approximate answer is because of scaling laws which suggest indefinite improvement for the current style of transformers with additional pre-training data and parameters. This blog post delves into the intricacies of these scaling laws and examines how they guide the development of more powerful and efficient LLMs. I will be as comprehensive as I can (with the math knowledge I have) including parts about the scaling law origins, recent finding and their implications.
First we will try to understand the basic variables involved in scaling large language models:
There were three seminal publications in this field as listed below. This post will focus mainly on the Chinchilla paper
The first Kaplan paper basically showed that there is a power law relationship between the number of parameters in a LLM and its performance. Kaplan paper suggests that to train larger models, increasing the number of parameters is 3x more important than increasing the size of the training set This implication basically led to larger and larger models getting trained expecting performance improvements. While the following Chinchilla paper comes to a similar conclusion, they estimate that large models should be trained for many more training tokens than recommended by the Kaplan paper. Training an optimal model requires about 20x more tokens than parameters.
![](\"/assets/files/computexsize.png\")
So in around late 2021, the Deepmind team went on to train about 400 models ranging from 70 million to 16 billion parameters on datasets ranging from 5 to 500 billion tokens. They did a bunch of experiments and found some interesting results. Specifically, given a 10× increase computational budget, Kaplan paper suggested that the size of the model should increase 5.5× while the number of training tokens should only increase 1.8×. Instead, Chinchilla states that model size and the number of training tokens should be scaled in equal proportions. To demonstrate this they trained a model (Chinchilla) which had better performance than comparative models for the same compute budget.
![](\"/assets/files/chinchilla.png\")
The fundamental question they were trying to answer was “Given a fixed FLOPs budget, how should one trade-off model size and the number of training tokens?” . Its basically an optimization problem where you fix one variable (FLOPs) and try to find the optimal values for parameters and tokens. However, every time they have to test a value for parameters/tokens they have to train a model which costs millions of dollars. For the paper, they trained over 400 models with varying values of parameters and tokens taking certain approaches. Lets look at them below:
![](\"/assets/files/app.jpeg\")
Here, they took a couple models with parameters ranging from 70M to 10B and trained them each on four types of datasets (differentiated by size). Based on this training, they were able to estimate the model with minimum loss (we will use loss as proxy for model performance as far as this blog post is concerned) for a given compute budget. As you see above, they were able to determine the best model (parameters/token) for a given compute budget by looking at the loss value of every trained model.
![](\"/assets/files/plot1.png\")
In the first approach, they fixed the number of parameters of the model and trained them on multiple token sizes. Based on the compute used for each model, they were able to select the model with the ideal parameter/token size for a given budget. In this approach, they fix the amount of FLOPs for each model and vary the number of parameters for each model. According to this approach, Google would have had to train PaLM with about 14 trillion tokens to obtain the optimal loss for a 540B parameters model.
![](\"/assets/files/app2.png\")
This approach was slightly mathematical in nature and I shall skip directly to the results. We find the model with the lowest loss value for a given compute budget and model size.
![](\"/assets/files/app3.png\")
Throughout the three approaches, the paper keeps referencing the Gopher model (which was earlier trained by Deepmind only) to try to demonstrate the optimal values for parameters and tokens given the compute size that was historically used. They find that the optimal model size given the Gopher budget to be a 67B model instead of the 280B they actually trained.
Modern large language models have been oversized unnecessarily. With no added performance, companies have been training massive models wasting resources. Here is a table showing optimal training FLOPs and training token for different model sizes.
![](\"/assets/files/conc.png\")
After training more than 400models to prove the above relationships, they train the Chinchilla model to drive the point across. The idea of this model was to take the above relationships and REDO Gopher. They used the same amount of computer budget as Gopher but used 70B parameters and 1.4T tokens to train Chinchilla and it ends up outperforming Gopher is a lot of benchmarks. For the same amount of money spent, they got a better model out basically. Moreover, its cheaper to run inference on smaller models leading to more cost savings over the long run.
Current models are extremely oversized for their performance. Going after parameters is inefficient. While AI labs have been going after larger and larger models, post Chinchilla era dictates that they should be going after massive training data as well. This requires research into more optimization steps and increases in batch sizes (which however has adverse impact on model performance after a point). The problem of maintaining training efficiency while increasing data size becomes very important to solve. We also might be running out of data as this Lesswrong article implies.
I originally started writing this document to explain the Chinchilla results and ponder over certain emergent behavior to make an educated guess about AGI timelines. An amazing property of LLMs is the emergence of new capabilities as the size of the network increases. In other words, LLMs unpredictably learn to perform new tasks, without having been specifically trained to do so. The system becomes more complex than the sum of the parts. Here is a GIF from the Google PaLM paper showing the same.
![](\"/assets/files/emergent.gif\")
We currently don’t know at scale emergent behavior shows up and we can’t even estimate the level of ability or even the potential categories of such abilities. This paper from Google shows that emergent abilities cannot be predicted simply by extrapolating the performance of smaller models. The existence of such emergence also raises the question of whether additional scaling could potentially further expand the range of capabilities of language models or not. On one side, we have the Chinchilla paper showing us that the model performance keeps getting better with increasing parameter and token size. On another side, we have established that emergent behaviors keep popping up with increasing model scale. Ilya Sutskever uses the above to basically explain why next-token prediction is enough for AGI?. Maybe figuring out a relationship between next word prediction accuracy and reasoning abilities could be the way to make current gen LLMs truly intelligent.
The convergence of scaling laws and emergent abilities not only makes me excited for the future of AI but also brings in a new era where the unforeseen capabilities of AGI could revolutionize our understanding of intelligence itself.
", "url": "https://rnikhil.com/2023/11/28/llm-scaling", "date_published": "2023-11-28T00:00:00+00:00", "date_modified": "2023-11-28T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2023/11/12/quitting-fulltime-poker", "title": "Farewell to the felt - Quitting the full-time Poker scene", "summary": null, "content_text": "HN discussion This post is mostly about the shortcomings of a professional Poker careerI used to play Poker for a living from 2018-2021. These days whenever I recount my past with new people, everyone inevitably asks me why I stopped playing the game (full time) if it was profitable to do so. Its understandably hard to comprehend why anybody would stop pursuing a money making endeavour. So, I want to write this post to summarily answer most questions around this topic and mostly because I am tired of repeating myself again and again.I was working as a product manager at Flipkart.com back in 2020 and around that time, I quit my job to pursue the game for two main reasons: The lifestyle and the freedom that comes along with playing Poker full time. You aren’t answerable to anybody. You set your own schedule. You can play from anywhere, travel all the time and visit casinos in cool places. Financial incentives. Poker has the best hourly rate for any job in India. The money is simply un-comparable to any job a 20 year old can get and is close to VP+ level in unicorn/FAANG companiesI stopped playing full time because both of the above premises turned out to be false. Let me explain Imagine sitting in front of a screen for 12-16hrs a day, clicking buttons (without tilting) for a living. Money has lost its meaning long time ago. You don’t care about the wins anymore and the losses still hurt. Winning is not fun because by now you are very conscious of the fact that you can lose 10x that amount any week/day. Your net worth is swinging everyday and variance can be brutal. In fact, you are at the mercy of variance on a day to day basis. I have seen fellow top notch Poker players running below EV for 5-6L hands which is a year worth of effort. Imagine doing everything correct(studying, playing well, not tilting etc) and still end up negative for the entire year and have nothing to show for the work. This is entirely normal in certain high variance Poker games like PLO6, especially when relative edges are lower and rake is high (Indian high stakes basically) As a Poker player, the main fundamental thing is putting volume(no. of hands played / hour/day/week whatever). Now, you can’t be jet setting around the globe and putting in the required hands. There is a reason professional Poker players are called grinders. Its a grind. Moreover, its not at all enough to just play Poker. You need to be at the top shape mentally and physically as the game takes a heavy toll on yourself. This means getting mental coaching session 3x a week, getting theory coaching, hand reviews, etc which is up to 20hrs a week. Its actually way way more hectic schedule than working a simple day job especially given there are no breaks/weekends/festivals etc. But all of the above sacrifice is worth it because you are also making 10x your day job. Right? Not really. Let me explain in the next section. The 95th percentile Poker income is about $200-250k. While this number looks big on paper(relative to what they pay at Flipkart), there are some caveats. Also, when you suddenly start making 10x your previous income, it clouds your judgment. Its hard to think long term. This figure doesn’t grow with time. Sure you can move up the stakes but then you will also be playing vs really good players and your relative edge goes down. Beating the rake is hard and you have to constantly study/work on your game everyday. Your skill curve will plateau hard after a point and its super hard to become the world best. Its basically professional athletics at that level. However, tech salaries and startup outcomes grow with time. Your experience compounds. You get equity. 95th percentile financial outcome in tech is much much bigger. Flipkart is actually a good example of a top percentile outcome for its employees. 50+ folks supposedly made $10mil + which is super hard to make in Indian Poker in 15 years. “Indian Poker” is the key word here. And finally and this was one of the biggest reasons I shifted back to job is because I missed: Working with smart folks. Sure, I was lucky to study/learn from some really smart folks but most days I am playing against randoms and its not intellectually stimulating. (remember winning money has stopped being stimulating as well and now you are searching for something better) Building something tangible at the end of the day. I want to have something to show at the end of 10yrs and not just numbers in my bank account Poker is a very lonely game. You are solely responsible for your outcomes. While this is intoxicating as a naive young kid, you soon realize that all worthwhile stuff is built through collaboration and smart folks working together Mental health goes for a toss as you are swinging for a % of net worth everyday. You results are sometimes out of your hand and that sucks. Your base dopamine levels get screwed and you no longer get excited by stuff which you used to enjoy before. Its actually a pretty commonly acknowledged problem in the poker/trading community Politics and networking. While some Poker players argue that this is part and parcel of being a professional, I was personally uncomfortable sucking up to whales/big fishes to get access to their games. I was unwilling to fake my persona/feelings just to get a juicy chance to play in a game. I just wanted to put in my hands, play my game style, move on and not deal with the politics. With that attitude and disinclination towards bum-hunting, I was anyway not cutout for the highest stakes (its a compulsory now to do this as highest stakes in India are all private games). One of my Poker and life heroes Phil Galfond writes a lot about this on his blog. Do check it out. TBH, in-spite of all the reasons stated above, I was totally confident in my self to become one of the top pros in the world if I grinded for another 10-15 years. But after meeting them, their lifestyle, earnings, swings etc, I wasn’t sure I wanted that life for myself when I am in my early 40s or late 30s. I was pretty sure I didn’t want to be playing cards for a living for 20-25% of my lifespan which felt incredibly wasteful to me personally.The above were my personal reasons for moving away from Poker. There are some other things like changing life priorities, achieving financial security, long-term sustainability concerns and regulatory/compliance challenges which I haven’t elaborated much on. While bidding farewell to a successful career in professional Poker is undoubtedly a significant decision, it is essential to recognize that life is a dynamic journey, and priorities evolve. I would like to think that I evolved and can judge decisions better.In conclusion, I didn’t think through the minor caveats of the career path and was fascinated by the competitive aspect(you play something for a living which I still find fun) and the money. However, I am still extremely grateful about my journey. I learned another skill and I probably can always find a way to support myself in dire situations. Poker has taught me a lot of life lessons and has immensely shaped how I view the world on a day to day basis. I am better at quantifying risk , looking at decisions from a EV perspective(instead of being results oriented) and overall having a good idea of how to judge EV of a situation. Things like bank roll management, the mental stamina, propensity to take immense amount of stress repeatedly, grit etc are also things that Poker teaches you and I probably should write another post about my life lessons from the game if enough people ask me that question IRL.🤣If you liked this, checkout my other posts on building a business in Poker and how to think about bundling games: GTO Inspector - My attempt at building an online study tool Do multi gaming apps make sense?", "content_html": "This post is mostly about the shortcomings of a professional Poker career
I used to play Poker for a living from 2018-2021. These days whenever I recount my past with new people, everyone inevitably asks me why I stopped playing the game (full time) if it was profitable to do so. Its understandably hard to comprehend why anybody would stop pursuing a money making endeavour. So, I want to write this post to summarily answer most questions around this topic and mostly because I am tired of repeating myself again and again.
I was working as a product manager at Flipkart.com back in 2020 and around that time, I quit my job to pursue the game for two main reasons:
I stopped playing full time because both of the above premises turned out to be false. Let me explain
Imagine sitting in front of a screen for 12-16hrs a day, clicking buttons (without tilting) for a living. Money has lost its meaning long time ago. You don’t care about the wins anymore and the losses still hurt. Winning is not fun because by now you are very conscious of the fact that you can lose 10x that amount any week/day. Your net worth is swinging everyday and variance can be brutal. In fact, you are at the mercy of variance on a day to day basis. I have seen fellow top notch Poker players running below EV for 5-6L hands which is a year worth of effort. Imagine doing everything correct(studying, playing well, not tilting etc) and still end up negative for the entire year and have nothing to show for the work. This is entirely normal in certain high variance Poker games like PLO6, especially when relative edges are lower and rake is high (Indian high stakes basically)
The 95th percentile Poker income is about $200-250k. While this number looks big on paper(relative to what they pay at Flipkart), there are some caveats. Also, when you suddenly start making 10x your previous income, it clouds your judgment. Its hard to think long term.
And finally and this was one of the biggest reasons I shifted back to job is because I missed:
TBH, in-spite of all the reasons stated above, I was totally confident in my self to become one of the top pros in the world if I grinded for another 10-15 years. But after meeting them, their lifestyle, earnings, swings etc, I wasn’t sure I wanted that life for myself when I am in my early 40s or late 30s. I was pretty sure I didn’t want to be playing cards for a living for 20-25% of my lifespan which felt incredibly wasteful to me personally.
The above were my personal reasons for moving away from Poker. There are some other things like changing life priorities, achieving financial security, long-term sustainability concerns and regulatory/compliance challenges which I haven’t elaborated much on. While bidding farewell to a successful career in professional Poker is undoubtedly a significant decision, it is essential to recognize that life is a dynamic journey, and priorities evolve. I would like to think that I evolved and can judge decisions better.
In conclusion, I didn’t think through the minor caveats of the career path and was fascinated by the competitive aspect(you play something for a living which I still find fun) and the money. However, I am still extremely grateful about my journey. I learned another skill and I probably can always find a way to support myself in dire situations. Poker has taught me a lot of life lessons and has immensely shaped how I view the world on a day to day basis. I am better at quantifying risk , looking at decisions from a EV perspective(instead of being results oriented) and overall having a good idea of how to judge EV of a situation. Things like bank roll management, the mental stamina, propensity to take immense amount of stress repeatedly, grit etc are also things that Poker teaches you and I probably should write another post about my life lessons from the game if enough people ask me that question IRL.🤣
If you liked this, checkout my other posts on building a business in Poker and how to think about bundling games:
", "url": "https://rnikhil.com/2023/11/12/quitting-fulltime-poker", "date_published": "2023-11-12T00:00:00+00:00", "date_modified": "2023-11-12T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2023/07/06/game-metrics-checklist", "title": "Example checklist", "summary": null, "content_text": "This post is a checklist for game developers and product managers to use during the pre-launch period and some important metrics to track immediately post launch. We are assuming that the game has been developed(and tested) and is in the final stages of going live in a single country.I made this list originally about 8 months back as part of launching PLO at Paytm First Games and have edited it minimally for this blog post.Pre launch checklistImagine you are launching a game on Google Play Store. This document gives you a high level checklist to run through to make sure you don’t miss any pre-requisites before your deployment. This is a very generic checklist not specific to a platform or region and this is why you wont see any mention of build file types or translation. Also this is for the final launch not for soft launch and experiments before worldwide publishing. At every step of the checklist ensure that you have a “Final approver” who owns the individual items. Pre-register app campaigns to build up excitement and the rush of install on Day 1. Make sure to open up pre-registration a couple weeks before your launch Ensure that you have the game icon, screenshots, advertising banners, social promotional banners, sneak peak trailer, launch video trailer, advertising optimized videos and the emailer/mailing list ready for launch date Assuming that QA has signed off on the game(including analytics pipelines/reports testing and game load testing), we should also be doing QA for the banner/video ads, IAP, referral system, app store review system and basically any additional SDK that is baked into the game Get a team ready for player support. They should be equipped with FAQs, should be able to answer general queries and available through email and any game forums. Do a CST tool integration also if necessary Setup an escalation matrix in case of emergencies for tech, art, server, QA, marketing, acquisition, analytics, live ops legal and the core game Research competitors to make sure there aren’t any impending launches coming up around your launch date. Analyze the CPI for various games in the same genre, theme, or even monetization model. Consider your options and budget for promoting, maintaining the game as part of this process. Make sure to have your influencer marketing pipeline ready for Day 1 of launch Copy/content for keywords, short/long description of the game, emailers (prelaunch and launch), PR, social posts should be ready as wellPost launch trackingThis section of the document deals with some important stuff you should be tracking after your game is launched. Traffic/Views/Download/Install/Sign up/Finish tutorial (funnel analysis) Leads generated from launch campaigns Acquisition funnel at a channel level along with promo channel metrics Number of downloads Cost per install User stickiness (DAU/WAU, WAU/MAU). Should also be measured at a channel/affiliate level to measure quality of incoming traffic Retention and churn rates (for different time periods) Conversion rate, time to first purchase and average revenue per install Day 1 minutes played vs Day 2 retention DAU return % vs DAU/MAU Daily revenue (DAU * conversion rate * ARPDAU) and customer lifetime value Minutes per day and per session. Also measure time between sessions Level progression and retention rates for each level (assuming you have some kind of tiered progression inside the game) k-factor (% of referral invites which were accepted and on-boarded). Sort of measures the viral nature of the game Customer support ticket reports, IAP reports, daily play store review reports", "content_html": "This post is a checklist for game developers and product managers to use during the pre-launch period and some important metrics to track immediately post launch. We are assuming that the game has been developed(and tested) and is in the final stages of going live in a single country.
I made this list originally about 8 months back as part of launching PLO at Paytm First Games and have edited it minimally for this blog post.
Imagine you are launching a game on Google Play Store. This document gives you a high level checklist to run through to make sure you don’t miss any pre-requisites before your deployment. This is a very generic checklist not specific to a platform or region and this is why you wont see any mention of build file types or translation. Also this is for the final launch not for soft launch and experiments before worldwide publishing. At every step of the checklist ensure that you have a “Final approver” who owns the individual items.
This section of the document deals with some important stuff you should be tracking after your game is launched.
As a product manager working in gaming, its impossible to miss the recent rise of multi gaming platforms which package multiple individual games together inside one app. Doing this has a lot of benefits and you can read my previous blog posts to better understand how bundling benefits everybody in the ecosystem. In this post, we investigate intrinsic aspects of a game apart from their powerUser:casualUser ratio and delve deeper into what makes a game successful by itself. In the previous post, we looked at how different games interact with each other inside a MGP and in this post, we will look at ways in no particular order to evaluate a game in isolation. All games are looked at from a real money gaming POV.
There are two important factors here:
You ideally want games which are super easy to learn and takes infinite time to master. This will ensure longevity and the game might eventually become a sport.
![](\"/assets/files/lcurve.png\")
If you liked reading this, checkout my other posts too:
", "url": "https://rnikhil.com/2023/05/14/evaluating-games", "date_published": "2023-05-14T00:00:00+00:00", "date_modified": "2023-05-14T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2023/04/09/multi-vs-single-gaming", "title": "Bundling <> gaming", "summary": null, "content_text": "I’ve been thinking about multi-gaming platforms due to their recent meteoric rise to capture about 10% of the RMG market and the fact that I have to make a decision at work on bundling a mini-game with our main app. The multi-gaming segment is also growing at about 40% y-o-y which is the highest among all RMG segments. While one can argue that this growth was mostly driven by monstrous advertisement spends, this document tries to dig a bit deeper into the user behavior/personas between Multi Gaming Platforms and Single Gaming Platforms, framework to define value of adding/removing each game in the bundle, mental models for packaging games and finally some perspectives on user requirements/needs and way forward for building multi gaming apps. We want to basically explore why everybody is packaging games together or building yet another subscription service?BackgroundIf you talk to my colleagues at work, they will tell you that I’ve been a fan of single gaming apps and against bundling random games together. I’ve been a power user (was playing PLO professionally) and I personally never saw any user (in my bubble) splitting their sessions between playing 500 hands of poker and 100 rounds of rummy. Both are skill games and played with cards but I’ve never seen them played together. If thats the case, why do apps bundle them together? Even worse, they bundle Poker and Fruit Ninja together.Moreover, given that majority of your revenue is going to come from these power users, I never really understood bundling random games like Fruit Ninja, Ludo etc along with the target game of the power user. In fact, the product folks behind Hike seemed to have reached a similar conclusion. A quote from their post: “Even though we have 10+ games on the platform, most users preferred to play 1 or 2 specific games that they liked the most. Users like to have options but have specific preferences when it comes to actual game play”. You can read the full post here. Plus, ARPU of single gaming platforms is 3-4x higher than multi-gaming platform. Users seem to spend more on the same game inside the standalone app compared to the multi-gaming app as we can see from the below table:Given these obvious pros of standalone apps (better ARPU, filled with power users) and cons of multi gaming apps(no obvious user overlap, bad ARPU), why are multi gaming platforms growing? This blog post basically tries to prove the above premise (single gaming is generally better than multi gaming) wrong.Content Is bundling games good or bad? What is a “correct” package of games? How to package games?Is bundling games good or bad?For the rest of the discussion, we will consider these 4 games: Rummy, Poker, Ludo, Fantasy and debate on whether to build a stand alone app or a multi-gaming app comprising all the games. Let’s also split our users and their behavior like this:Now that we have our four games and three types of users, lets consider two scenarios:Scenario 1: We build single gaming apps for the games and market them independently. This means, we are primarily trying to attract power users (only fans of Poker would have Poker installed) and will only collect revenue from them. Moreover, a consumer would only have access to game of which they are fans of. They miss out on the other games they otherwise might have played and enjoyed inside a multi-gaming platform. Clearly in this case, we lose out on the casual user revenue if we do single gaming apps and consumers lose out on discovering games they might have liked.Scenario 2: We build a multi gaming app which has all the games bundled into it. In this scenario, we not only provide power users their favorite game but also allows them access to game they might be “casual users” of. A poker power user might be a “casual user” of Fantasy sports. Also, from a business standpoint, my total addressable market(TAM) is much bigger than my earlier user base because I am now targeting the casual user market of all the games as well.We can see that, both the platform and the user benefit from multi gaming apps. While the core power user hasn’t changed their behavior much, we have now allowed for casual users to participate and discover new games. Having casual users on the platform is super beneficial especially in real money gaming(RMG) setting where most match-ups are PvP and prizes are pooled in from the players. The utility or value of a gaming network is exponentially proportional to the number of nodes (players) in the network. Once you have a critical mass of users, you can see hyper exponential growth due to the above relationship. Multi-gaming platforms capitalize on these factors to grow fast and big. Clearly, Single Gaming Platform model doesn’t maximize value because power users don’t get games which they maybe interested in and platform providers clearly cannot run a sustainable business without casual users. We can also philosophically say that having multi gaming apps is mostly about serving casual users. (this point will become important towards the end)Couple things stand out from the above scenarios: If you go down the Single Gaming Platform route, you clearly isolate your power users preventing any kind of interaction with casual users. However, power users mainly come for the casual user population to play against and your player volume will suffer. Ultra important for RMG. Each power user gets access to a platform which has only the game that they wanted. Even if they wanted to try Fantasy sports during cricket season, that isn’t possible For example, take the poker variant called Pot Limit Omaha (5card) game. If you ask a random person what it is, you most likely would get a binary answer - either they say that they play the game regularly or ask the full form of the abbreviation. This is because PLO5 has very little casual users - which I believe is attributed to the fact that its never bundled outside of poker apps. A fruit ninja /hyper casual gamer never got PLO5 as part of their Multi Gaming Platforms. However, if you ask a random person if they are a fan of Fantasy sports, the answer this time would fall in a continuous range between a power user(I play every match) to non-user( I’ve tried it once or heard about it somewhere). Fantasy sports certainly has power users but has a big population of casual users too. Interestingly, most of these gamers don’t even know where they started playing Fantasy. It looks like by virtue of signing up for a multi gaming platform, they randomly played a match. Conclusion: Bundling is good for gaming apps when done correctly.But, what does “correctly” mean? We also know that ARPU suffers from bundling? How do we measure and understand them? Continue reading the next part to know more.What is a \"correct\" package of games?In the previous section, we concluded that bundling games together is beneficial for both the platform and the customer. In this section, we look at some frameworks which will help us decide on which games to add/remove from a bundle? We try to dig deep about what each of our user personas value inside our app and try to look for possible solutions. We also explore some thoughts around evaluating individual games inside a bundle.By now, most readers of my blog would have understood three basic things about RMG businesses: 85% of money is made from 15% power users Power users come to your platform for casual user population Recreational users come for big bonuses/awards/prizes/competitionsQuestion to the reader: You are a multi-gaming app. You have both Poker and Ludo. They both make the same daily revenue. Which game is better is for the platform? Or in other words, which game is the platform fine with removing?Another question to the reader: You are a multi-gaming app. You are exploring acquiring a game studio and integrate their games into your app. How should both the parties in this transaction think about their decisions?To answer these questions, we need to define the marginal utility of having the game on the platform. The marginal utility of this game is evaluated based on its ability to acquire new users and retain the existing user base. Or put another way, we should evaluate “how many players would leave my platform, if I remove this game today”? Or from an acquisition POV, “how many players will join my platform if I add this game today?” The quantitative answer to these questions is tightly correlated with the value of the game.To visualize, this, lets look at at the example between Fantasy and Poker. While Fantasy has lot more users, Poker has higher marginal utility in preventing churn and attracting high value users.For example, lets imagine that if Poker was removed from our multi-gaming app, then 10% of the users would churn. If the overall platform ARPU is about Rs. 300/month and say 1M users play, this would be mean about 100k users churning out, which means a loss of 100k * Rs.300 * 12 (yearly) = Rs. 36Cr/yr in revenue at risk. This means, Poker is valued at about Rs.36Cr to the platform*. This would be somewhat the amount, a gaming studio should be paid yearly if they are running the poker business for multi-gaming app.Why is Fantasy sports valued at lesser even though it has substantially more usage? Because, the percent of power users who are going to churn out of the app is going to be substantially lesser (Fantasy has a very small power user base). Casual users won’t care much and the platform won’t be affected either.Lets try to mathematically define this relationship: Value of game to the multi gaming platform = Value of an average user of the platform * Marginal utility of the game in preventing churn.Marginal utility of the game in preventing churn is basically the percentage of people who would churn out if you remove the game from the platform. The idea is that the value of the game is related to its impact on EVERY user of the platform. In some sense, we are distributing the power user value of the multi-gaming platform into the broader population of casual users and non-users of the platform. We are exposing them to these games for free which they otherwise would never have found on their own. Finally, to exactly calculate the value of the game, you should remove it from your app, calculate the customers you will lose and establish the revenue loss due to it.However, this approach is not exactly practical. I cannot remove a game from my app tomorrow to prove that it has value. For a company/product manager to do this exercise, we need an alternate approach to define value of the game. Remember that earlier, I had mentioned that from an acquisition POV, value of a game is the “number of new users” it will bring to the platform because of its addition.Lets again take the Poker example to explain this situation. I am trying to decide on including Poker into my Multi Gaming Platform. Lets assume that the value of the game standalone is X(whatever an individual game studio makes running it alone). So, if I have to think about integrating poker, how much extra revenue/value would I get? The answer definitely cannot be equal to X. To figure this out, we first need to understand our current user base and how it will overlap with Poker in the first place. Does adding this game unlock an entirely new Total addressable market (TAM) for me? or the players of this new game are already my customers?Lets consider two extreme scenarios to answer these questions:Case 1: Fully overlapped power user base. Remember, we inherently assume that single gaming apps are composed of power users only(refer to the first section of this post for clarity). This means, all the power users of poker are already an user of the Multi Gaming Platform.To elaborate further, lets assume that the multi gaming app has 1M users with Rs. 300/month as ARPU. Poker standalone has 250k users with ARPU of Rs. 400/month. In this case of full overlap between the power user base, all these 250k Poker users are already a customer of the multi gaming app. They are poker power users but playing some casual game inside the multi gaming app for now.In this case, so how much does the platform expect to make when they integrate/launch poker? They are still going to have the same amount of users but they with the addition of poker, the power users get activated(they were casual users before) and start playing the game inside the multi gaming app. A lot of casual users are now getting exposed to poker and power users have increased engagement inside multi-gaming app because they now have their favorite game as well. Power users like the fact that the game is bundled and they don’t have to split their deposits between two platforms and thereby have higher retention too. While some value is getting created, its hard to quantify.However, this is the worst scenario and adds very little value to the platform. Lets look at the other case.Case 2:Zero overlap between power user base. This means, all the poker power users are isolated and currently don’t play inside the Multi Gaming Platform. They only play on their standalone poker app. From the platforms POV, this is exciting because of new addition of all these power users who are now coming to your Multi Gaming Platform for the game plus the fact that existing customers of Multi Gaming Platform get Poker for free(without installing any extra app). This contributes to direct increase in revenue.To elaborate further, lets assume that the multi gaming app has 1M users with Rs. 300/month as ARPU. Poker standalone has 250k users with ARPU of Rs. 400/month. Lets look at this integration form the eyes of both the platform and poker standalone app.Platform: They get these 250k new users directly and get Rs. 300 * 250k = Rs. 7.5Cr per month extra. If you go back to my first equation which is value of game to the multi gaming platform = Value of an average user of the platform * Marginal utility of the game in preventing churn and plug the numbers, power users who will leave the platform if you remove the game = value of game (Rs. 7.5cr)/Rs. 300 = 25% This is the percent of the user base which will churn out if you remove Poker which is about 250k users.Poker standalone: They were making Rs. 10cr earlier, but the platform has assigned a value of only Rs. 7.5cr to it which means they obviously won’t agree with this integration. So, why where will the extra 2.5cr come from? Where is the calculation issue?To understand this, we need a different way for the platform to calculate value of poker (post integration). They cannot simple use old ARPU numbers. Lets double click on this thought and try to define a practical mathematical relationship: Value of game to the platform = Value of power user (ARPU) of standalone app* percentage of customers who are power users of your game inside the Multi Gaming Platform post integrationNote: LHS of both equations is same.(this will matter later on).If you integrate Poker and 100% of your users become power users of poker, your platform will basically have same value as a standalone app. If nobody becomes a power user, then value of Poker is zero for the platform.Assuming 25% of them convert to power users inside the app, now the value of the game to the platform = 250k users * Rs. 400 (new power user ARPU) = Rs. 10Cr. Now they can happily pay the 10Cr that the standalone app wants.This is the best scenario that the platform as well as the poker standalone app wants. Everybody makes more or equal money than they made before.Great!. We have established some equations for defining value of a game inside a multi-gaming platform. However, this section started with the promise of teaching you to find the “optimal” packaging of games.We introduced two ways to define value of a game. One is through understanding churn and another is through understand acquisition. Now, if we equate both sides of this equation, we have: Value of an average user in Multi Gaming Platform * Marginal utility of the game in preventing churn = Value of power user (ARPU) of standalone app* percentage of customers who are power users of your game inside the Multi Gaming Platform post integrationWhen both the previous equations match, the platform packaging the game and the game provider are in equilibrium. Both of their interests get satisfied and it makes logical sense to package the game instead of running it standalone. I would call this bundle of games “correct”.This summary is interesting because Power user% (RHS) is easer to understand and measure compared to “marginal utility in preventing churn”. For the latter, you can just look at a standalone Poker app for proxy (assuming these newly converted power users will behave the same as standalone app users) but for the former, you will have to remove Poker from a Multi Gaming Platform to measure it accurately. Conclusion: We defined what an optimal bundling of games should look like and various parameters affecting it. We came up with an interesting equation which can be used to form mental models regarding relationships about games and how they interact with game bundles.But what is the implication of this equation? What does it mean for the kind of games I have to choose for my bundle? Is Poker + Ludo a better bundle or Poker + Rummy? Continue reading to answer these questions.How to package games? In first section, we concluded that, Bundling games is good when done “correctly” and in the second section we defined how to quantify what a correct bundle looks like. Now that we have concluded that we have to bundle games, we need to establish a framework around choosing and picking games to bundle inside a Multi Gaming Platform.Lets start with the commonly established logic. You should pick and pack games which have the least amount of power user overlap and maximum amount of casual user overlap. This means, you package Poker along with card games but not with candy crush/wordle/bubble shooter etc. This also makes logical sense and I was a firm believer of this as well.However, this section we try to determine if this is actually true and if you should actually bundle Poker with something like another card game/chess or wordle/racing game/etc.Lets go back to the second section, where we were trying to ascertain what the game vs game bundle relationship looks like. Lets restate the equation here again: Value of an average user in Multi Gaming Platform * Marginal utility of the game in preventing churn = Value of power user (ARPU) of standalone app* percentage of customers who are power users of your game inside the Multi Gaming Platform post integrationWe ascertained that the packaging of games will be optimal(Case 2 is best scenario to package) when there was a completely distinct power user base. The power user base of poker is being used to it maximum value by adding new customers to the platform. In the above equation, given that ARPU of users are unaffected (for our purposes), we can observe that the extra utility of having power user in the platform(preventing churn) is becoming equal to the percentage of customers who are power users of the game inside the Multi Gaming Platform.So, what does it mean? We have proved that adding a game which already has power user overlap with your app is not the most ideal but rather adding a game which has the least overlap is beneficial. Why though? as you can see below, from the perspective of an user, if you are a power user of rummy or poker or ludo, the Multi Gaming Platform is a good value. From the platforms POV, it gets to add new users because of adding the extra game. From the customers POV, if they are a power user of either Poker or Rummy or Ludo, the app is a good deal. You can the Shishir’s post linked at the bottom for a generalized explanation of this behavior.Now if the Multi Gaming Platform is already valuable to the user (they installed it for some game of which they are a power user of), they will not care about adding another game to it. The value of the app for the power user comes only from their target game. So, you are better off adding a game that someone else (ideally a non-user) would be a power user of instead of adding another similar game.The customer will see value in the Multi Gaming Platform compared to the Single Gaming Platform if it has the game he is a power user of product experience of that game is equal to Single Gaming Platform it has at least one more game that he is a casual user of, that he wants to play. (else he will install the standalone app only)To take this to an extreme, the best multi gaming platform would have all the games its users are power users of. Everyone gets their favorite game and also gets access to a game there are casual users of(1 game per user basically). If there are no casual users (meaning, I play only one game), then this is no worse than installing the game separately. But any amount of casual user overlap will justify the packaging of games. Fundamentally, this basically tells that multi gaming apps is more about providing value for casual users than power users. Conclusion: Add games which have minimum power user overlap and maximum casual user overlap. This is why Poker + Ludo is better than Poker + Rummy.This section is the most counter intuitive of all the other sections. Because, we basically concluded that we should be adding games which are diverse and have the least amount of power user overlap. Does this mean, I will add a racing game to my Poker platform? Short answer is yes, but with some nuances. It is hard to market super diverse bundles. If very hard to market a poker + racing Multi Gaming Platform compared to poker+rummy Multi Gaming Platform. But that is just a marketing challenge because we now know for a fact that our games have to super diverse and minimize power user overlap. Same reason Amazon is bundling Prime Video with fast shipping. To summarize : Put together a list of games with minimum power user overlap and maximum casual user overlap Ensure that there is no downgrade in user experience for power users in each of these games Show users only the games that they are likely to be a power user of Make sure there is clear integration value and the app is overall coherent.Final thoughtsBundling is a natural evolution for many businesses and can lead to increased productivity and value. Amazon, Netflix, McDonald’s, etc all use it to their advantage and continue to add very diverse items into their bundles. Netflix has games. McDonald’s hands out toys with burgers and the Amazon Prime package is massive and diverse.However, we should be cautious as well. There are some unmeasured factosr which I have omitted in the article like: conversion% of power users after you integrate may not be 100% power user behavior can change with time (influenced by losing money) matching product experiences between SGP and MGP is hard this framework doesn’t work if the ARPU difference is very high between the game and the platformThis framework can be applied to more general product development, such as contemplating which set of features to put behind a subscription service. You can use this framework to decide the marginal utility of any single feature/product. Bundles of the future will be larger and more diverse than what we have today because packaging has a natural economy of scale attached to it. It is much easier to go from 100M users to 101M users than it is to go from 0 to 1M users. This is largely caused by casual user overlap (there are no 100M power users) - the larger your bundle, the more casual users you can amortize costs between and faster you grow.If you liked reading this post, please share it with your product and business friends and checkout my other posts too: GTO Inspector - My attempt at building an online business Some notes on RMG market in India Make Poker Fun againFurther Reading and Sources: The effect of anchoring in product bundles How Buyers Evaluate Product Bundles: A Model of Anchoring and Adjustment Shishir Mehrotra’s post on bundling in general The OG Chris Dixon post on “How bundling benefits sellers and buyers”*Do notice the fact that we aren’t talking about game revenues here but some intrinsic concept called “value of the game” which we are trying to define.", "content_html": "I’ve been thinking about multi-gaming platforms due to their recent meteoric rise to capture about 10% of the RMG market and the fact that I have to make a decision at work on bundling a mini-game with our main app. The multi-gaming segment is also growing at about 40% y-o-y which is the highest among all RMG segments. While one can argue that this growth was mostly driven by monstrous advertisement spends, this document tries to dig a bit deeper into the user behavior/personas between Multi Gaming Platforms and Single Gaming Platforms, framework to define value of adding/removing each game in the bundle, mental models for packaging games and finally some perspectives on user requirements/needs and way forward for building multi gaming apps. We want to basically explore why everybody is packaging games together or building yet another subscription service?
If you talk to my colleagues at work, they will tell you that I’ve been a fan of single gaming apps and against bundling random games together. I’ve been a power user (was playing PLO professionally) and I personally never saw any user (in my bubble) splitting their sessions between playing 500 hands of poker and 100 rounds of rummy. Both are skill games and played with cards but I’ve never seen them played together. If thats the case, why do apps bundle them together? Even worse, they bundle Poker and Fruit Ninja together.
Moreover, given that majority of your revenue is going to come from these power users, I never really understood bundling random games like Fruit Ninja, Ludo etc along with the target game of the power user. In fact, the product folks behind Hike seemed to have reached a similar conclusion. A quote from their post: “Even though we have 10+ games on the platform, most users preferred to play 1 or 2 specific games that they liked the most. Users like to have options but have specific preferences when it comes to actual game play”. You can read the full post here. Plus, ARPU of single gaming platforms is 3-4x higher than multi-gaming platform. Users seem to spend more on the same game inside the standalone app compared to the multi-gaming app as we can see from the below table:
![](\"/assets/files/poker.png\")
Given these obvious pros of standalone apps (better ARPU, filled with power users) and cons of multi gaming apps(no obvious user overlap, bad ARPU), why are multi gaming platforms growing? This blog post basically tries to prove the above premise (single gaming is generally better than multi gaming) wrong.
For the rest of the discussion, we will consider these 4 games: Rummy, Poker, Ludo, Fantasy and debate on whether to build a stand alone app or a multi-gaming app comprising all the games. Let’s also split our users and their behavior like this:
![](\"/assets/files/usertype.png\")
Now that we have our four games and three types of users, lets consider two scenarios:
Scenario 1: We build single gaming apps for the games and market them independently. This means, we are primarily trying to attract power users (only fans of Poker would have Poker installed) and will only collect revenue from them. Moreover, a consumer would only have access to game of which they are fans of. They miss out on the other games they otherwise might have played and enjoyed inside a multi-gaming platform. Clearly in this case, we lose out on the casual user revenue if we do single gaming apps and consumers lose out on discovering games they might have liked.
![](\"/assets/files/gamebundle.png\")
Scenario 2: We build a multi gaming app which has all the games bundled into it. In this scenario, we not only provide power users their favorite game but also allows them access to game they might be “casual users” of. A poker power user might be a “casual user” of Fantasy sports. Also, from a business standpoint, my total addressable market(TAM) is much bigger than my earlier user base because I am now targeting the casual user market of all the games as well.
We can see that, both the platform and the user benefit from multi gaming apps. While the core power user hasn’t changed their behavior much, we have now allowed for casual users to participate and discover new games. Having casual users on the platform is super beneficial especially in real money gaming(RMG) setting where most match-ups are PvP and prizes are pooled in from the players. The utility or value of a gaming network is exponentially proportional to the number of nodes (players) in the network. Once you have a critical mass of users, you can see hyper exponential growth due to the above relationship. Multi-gaming platforms capitalize on these factors to grow fast and big. Clearly, Single Gaming Platform model doesn’t maximize value because power users don’t get games which they maybe interested in and platform providers clearly cannot run a sustainable business without casual users. We can also philosophically say that having multi gaming apps is mostly about serving casual users. (this point will become important towards the end)
Couple things stand out from the above scenarios:
If you go down the Single Gaming Platform route, you clearly isolate your power users preventing any kind of interaction with casual users. However, power users mainly come for the casual user population to play against and your player volume will suffer. Ultra important for RMG.
Each power user gets access to a platform which has only the game that they wanted. Even if they wanted to try Fantasy sports during cricket season, that isn’t possible
For example, take the poker variant called Pot Limit Omaha (5card) game. If you ask a random person what it is, you most likely would get a binary answer - either they say that they play the game regularly or ask the full form of the abbreviation. This is because PLO5 has very little casual users - which I believe is attributed to the fact that its never bundled outside of poker apps. A fruit ninja /hyper casual gamer never got PLO5 as part of their Multi Gaming Platforms. However, if you ask a random person if they are a fan of Fantasy sports, the answer this time would fall in a continuous range between a power user(I play every match) to non-user( I’ve tried it once or heard about it somewhere). Fantasy sports certainly has power users but has a big population of casual users too. Interestingly, most of these gamers don’t even know where they started playing Fantasy. It looks like by virtue of signing up for a multi gaming platform, they randomly played a match.
Conclusion: Bundling is good for gaming apps when done correctly.
But, what does “correctly” mean? We also know that ARPU suffers from bundling? How do we measure and understand them? Continue reading the next part to know more.
In the previous section, we concluded that bundling games together is beneficial for both the platform and the customer. In this section, we look at some frameworks which will help us decide on which games to add/remove from a bundle? We try to dig deep about what each of our user personas value inside our app and try to look for possible solutions. We also explore some thoughts around evaluating individual games inside a bundle.
By now, most readers of my blog would have understood three basic things about RMG businesses:
Question to the reader: You are a multi-gaming app. You have both Poker and Ludo. They both make the same daily revenue. Which game is better is for the platform? Or in other words, which game is the platform fine with removing?
Another question to the reader: You are a multi-gaming app. You are exploring acquiring a game studio and integrate their games into your app. How should both the parties in this transaction think about their decisions?
To answer these questions, we need to define the marginal utility of having the game on the platform. The marginal utility of this game is evaluated based on its ability to acquire new users and retain the existing user base. Or put another way, we should evaluate “how many players would leave my platform, if I remove this game today”? Or from an acquisition POV, “how many players will join my platform if I add this game today?” The quantitative answer to these questions is tightly correlated with the value of the game.
To visualize, this, lets look at at the example between Fantasy and Poker. While Fantasy has lot more users, Poker has higher marginal utility in preventing churn and attracting high value users.
![](\"/assets/files/usage.png\")
For example, lets imagine that if Poker was removed from our multi-gaming app, then 10% of the users would churn. If the overall platform ARPU is about Rs. 300/month and say 1M users play, this would be mean about 100k users churning out, which means a loss of 100k * Rs.300 * 12 (yearly) = Rs. 36Cr/yr in revenue at risk. This means, Poker is valued at about Rs.36Cr to the platform*. This would be somewhat the amount, a gaming studio should be paid yearly if they are running the poker business for multi-gaming app.
Why is Fantasy sports valued at lesser even though it has substantially more usage? Because, the percent of power users who are going to churn out of the app is going to be substantially lesser (Fantasy has a very small power user base). Casual users won’t care much and the platform won’t be affected either.
Lets try to mathematically define this relationship:
Value of game to the multi gaming platform = Value of an average user of the platform * Marginal utility of the game in preventing churn.
Marginal utility of the game in preventing churn is basically the percentage of people who would churn out if you remove the game from the platform. The idea is that the value of the game is related to its impact on EVERY user of the platform. In some sense, we are distributing the power user value of the multi-gaming platform into the broader population of casual users and non-users of the platform. We are exposing them to these games for free which they otherwise would never have found on their own. Finally, to exactly calculate the value of the game, you should remove it from your app, calculate the customers you will lose and establish the revenue loss due to it.
However, this approach is not exactly practical. I cannot remove a game from my app tomorrow to prove that it has value. For a company/product manager to do this exercise, we need an alternate approach to define value of the game. Remember that earlier, I had mentioned that from an acquisition POV, value of a game is the “number of new users” it will bring to the platform because of its addition.
Lets again take the Poker example to explain this situation. I am trying to decide on including Poker into my Multi Gaming Platform. Lets assume that the value of the game standalone is X(whatever an individual game studio makes running it alone). So, if I have to think about integrating poker, how much extra revenue/value would I get? The answer definitely cannot be equal to X. To figure this out, we first need to understand our current user base and how it will overlap with Poker in the first place. Does adding this game unlock an entirely new Total addressable market (TAM) for me? or the players of this new game are already my customers?
Lets consider two extreme scenarios to answer these questions:
Case 1: Fully overlapped power user base. Remember, we inherently assume that single gaming apps are composed of power users only(refer to the first section of this post for clarity). This means, all the power users of poker are already an user of the Multi Gaming Platform.
To elaborate further, lets assume that the multi gaming app has 1M users with Rs. 300/month as ARPU. Poker standalone has 250k users with ARPU of Rs. 400/month. In this case of full overlap between the power user base, all these 250k Poker users are already a customer of the multi gaming app. They are poker power users but playing some casual game inside the multi gaming app for now.
In this case, so how much does the platform expect to make when they integrate/launch poker? They are still going to have the same amount of users but they with the addition of poker, the power users get activated(they were casual users before) and start playing the game inside the multi gaming app. A lot of casual users are now getting exposed to poker and power users have increased engagement inside multi-gaming app because they now have their favorite game as well. Power users like the fact that the game is bundled and they don’t have to split their deposits between two platforms and thereby have higher retention too. While some value is getting created, its hard to quantify.
However, this is the worst scenario and adds very little value to the platform. Lets look at the other case.
![](\"/assets/files/overlap.png\")
Case 2:Zero overlap between power user base. This means, all the poker power users are isolated and currently don’t play inside the Multi Gaming Platform. They only play on their standalone poker app. From the platforms POV, this is exciting because of new addition of all these power users who are now coming to your Multi Gaming Platform for the game plus the fact that existing customers of Multi Gaming Platform get Poker for free(without installing any extra app). This contributes to direct increase in revenue.
To elaborate further, lets assume that the multi gaming app has 1M users with Rs. 300/month as ARPU. Poker standalone has 250k users with ARPU of Rs. 400/month. Lets look at this integration form the eyes of both the platform and poker standalone app.
Platform: They get these 250k new users directly and get Rs. 300 * 250k = Rs. 7.5Cr per month extra. If you go back to my first equation which is value of game to the multi gaming platform = Value of an average user of the platform * Marginal utility of the game in preventing churn and plug the numbers, power users who will leave the platform if you remove the game = value of game (Rs. 7.5cr)/Rs. 300 = 25% This is the percent of the user base which will churn out if you remove Poker which is about 250k users.
Poker standalone: They were making Rs. 10cr earlier, but the platform has assigned a value of only Rs. 7.5cr to it which means they obviously won’t agree with this integration. So, why where will the extra 2.5cr come from? Where is the calculation issue?
To understand this, we need a different way for the platform to calculate value of poker (post integration). They cannot simple use old ARPU numbers. Lets double click on this thought and try to define a practical mathematical relationship:
Value of game to the platform = Value of power user (ARPU) of standalone app* percentage of customers who are power users of your game inside the Multi Gaming Platform post integration
Note: LHS of both equations is same.(this will matter later on).If you integrate Poker and 100% of your users become power users of poker, your platform will basically have same value as a standalone app. If nobody becomes a power user, then value of Poker is zero for the platform.
Assuming 25% of them convert to power users inside the app, now the value of the game to the platform = 250k users * Rs. 400 (new power user ARPU) = Rs. 10Cr. Now they can happily pay the 10Cr that the standalone app wants.
This is the best scenario that the platform as well as the poker standalone app wants. Everybody makes more or equal money than they made before.
Great!. We have established some equations for defining value of a game inside a multi-gaming platform. However, this section started with the promise of teaching you to find the “optimal” packaging of games.
We introduced two ways to define value of a game. One is through understanding churn and another is through understand acquisition. Now, if we equate both sides of this equation, we have:
Value of an average user in Multi Gaming Platform * Marginal utility of the game in preventing churn = Value of power user (ARPU) of standalone app* percentage of customers who are power users of your game inside the Multi Gaming Platform post integration
When both the previous equations match, the platform packaging the game and the game provider are in equilibrium. Both of their interests get satisfied and it makes logical sense to package the game instead of running it standalone. I would call this bundle of games “correct”.This summary is interesting because Power user% (RHS) is easer to understand and measure compared to “marginal utility in preventing churn”. For the latter, you can just look at a standalone Poker app for proxy (assuming these newly converted power users will behave the same as standalone app users) but for the former, you will have to remove Poker from a Multi Gaming Platform to measure it accurately.
Conclusion: We defined what an optimal bundling of games should look like and various parameters affecting it. We came up with an interesting equation which can be used to form mental models regarding relationships about games and how they interact with game bundles.
But what is the implication of this equation? What does it mean for the kind of games I have to choose for my bundle? Is Poker + Ludo a better bundle or Poker + Rummy? Continue reading to answer these questions.
In first section, we concluded that, Bundling games is good when done “correctly” and in the second section we defined how to quantify what a correct bundle looks like. Now that we have concluded that we have to bundle games, we need to establish a framework around choosing and picking games to bundle inside a Multi Gaming Platform.
Lets start with the commonly established logic. You should pick and pack games which have the least amount of power user overlap and maximum amount of casual user overlap. This means, you package Poker along with card games but not with candy crush/wordle/bubble shooter etc. This also makes logical sense and I was a firm believer of this as well.
However, this section we try to determine if this is actually true and if you should actually bundle Poker with something like another card game/chess or wordle/racing game/etc.
Lets go back to the second section, where we were trying to ascertain what the game vs game bundle relationship looks like. Lets restate the equation here again:
Value of an average user in Multi Gaming Platform * Marginal utility of the game in preventing churn = Value of power user (ARPU) of standalone app* percentage of customers who are power users of your game inside the Multi Gaming Platform post integration
We ascertained that the packaging of games will be optimal(Case 2 is best scenario to package) when there was a completely distinct power user base. The power user base of poker is being used to it maximum value by adding new customers to the platform. In the above equation, given that ARPU of users are unaffected (for our purposes), we can observe that the extra utility of having power user in the platform(preventing churn) is becoming equal to the percentage of customers who are power users of the game inside the Multi Gaming Platform.
So, what does it mean? We have proved that adding a game which already has power user overlap with your app is not the most ideal but rather adding a game which has the least overlap is beneficial. Why though? as you can see below, from the perspective of an user, if you are a power user of rummy or poker or ludo, the Multi Gaming Platform is a good value. From the platforms POV, it gets to add new users because of adding the extra game. From the customers POV, if they are a power user of either Poker or Rummy or Ludo, the app is a good deal. You can the Shishir’s post linked at the bottom for a generalized explanation of this behavior.
Now if the Multi Gaming Platform is already valuable to the user (they installed it for some game of which they are a power user of), they will not care about adding another game to it. The value of the app for the power user comes only from their target game. So, you are better off adding a game that someone else (ideally a non-user) would be a power user of instead of adding another similar game.
![](\"/assets/files/mgp.png\")
The customer will see value in the Multi Gaming Platform compared to the Single Gaming Platform if
To take this to an extreme, the best multi gaming platform would have all the games its users are power users of. Everyone gets their favorite game and also gets access to a game there are casual users of(1 game per user basically). If there are no casual users (meaning, I play only one game), then this is no worse than installing the game separately. But any amount of casual user overlap will justify the packaging of games. Fundamentally, this basically tells that multi gaming apps is more about providing value for casual users than power users.
Conclusion: Add games which have minimum power user overlap and maximum casual user overlap. This is why Poker + Ludo is better than Poker + Rummy.
This section is the most counter intuitive of all the other sections. Because, we basically concluded that we should be adding games which are diverse and have the least amount of power user overlap. Does this mean, I will add a racing game to my Poker platform? Short answer is yes, but with some nuances. It is hard to market super diverse bundles. If very hard to market a poker + racing Multi Gaming Platform compared to poker+rummy Multi Gaming Platform. But that is just a marketing challenge because we now know for a fact that our games have to super diverse and minimize power user overlap. Same reason Amazon is bundling Prime Video with fast shipping. To summarize :
Final thoughts
Bundling is a natural evolution for many businesses and can lead to increased productivity and value. Amazon, Netflix, McDonald’s, etc all use it to their advantage and continue to add very diverse items into their bundles. Netflix has games. McDonald’s hands out toys with burgers and the Amazon Prime package is massive and diverse.
However, we should be cautious as well. There are some unmeasured factosr which I have omitted in the article like:
This framework can be applied to more general product development, such as contemplating which set of features to put behind a subscription service. You can use this framework to decide the marginal utility of any single feature/product. Bundles of the future will be larger and more diverse than what we have today because packaging has a natural economy of scale attached to it. It is much easier to go from 100M users to 101M users than it is to go from 0 to 1M users. This is largely caused by casual user overlap (there are no 100M power users) - the larger your bundle, the more casual users you can amortize costs between and faster you grow.
If you liked reading this post, please share it with your product and business friends and checkout my other posts too:
Further Reading and Sources:
*Do notice the fact that we aren’t talking about game revenues here but some intrinsic concept called “value of the game” which we are trying to define.
", "url": "https://rnikhil.com/2023/04/09/multi-vs-single-gaming", "date_published": "2023-04-09T00:00:00+00:00", "date_modified": "2023-04-09T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2023/04/03/gaming-state-india", "title": "State of Real Money Gaming (RMG) in India", "summary": null, "content_text": "The gaming industry in India has been growing exponentially in recent years, with many people joining the ranks of avid and serious players. India has now become one of the leading countries in the world in terms of gaming, and this is largely due to the large population, the availability of technology, and the increasing enthusiasm and accessibility of gaming platforms. With more and more people playing games, India has become a massive and vibrant gaming community, with people of all ages and backgrounds enjoying the many styles and genres of gaming. From console and PC gaming, to mobile and online gaming, there is something for everyone to enjoy in India’s gaming scene. This post mostly focusses on the real money gaming market, potential profit pool and if somebody is starting a RMG company in India - this document can serve as a preliminary primer in understanding the market.High level Index: Why bother building in India in the first place? What is the current market scenario in India? How is the entire gaming industry revenue split? Where is majority of the revenue and profit potential? Which sub vertical is growing? What are users majorly playing? Where is the market opportunity? Differentiator for RMG companies starting today and path forward for building a RMG business 1. Why India?Bull case for gaming in India About $3Bn market size but having consistent growth. RMG dominates about 55% of this Cheap data/ digital payment penetration 90% users play on a mobile phone and entry level smartphones are some of the cheapest in the world Growing youth population. Already the youngest population which overlaps greatly with the target demographic for gaming. About 400Mn gamers today is the conservative estimate This photo illustrate the growing internet user base leading to growing number of gamers » growing number of paid gamers Among this - about 110Mn are paying gamers which includes RMG + IAP + subscriptions. This number is set to double along with ARPU according to Redseer (by basically benchmarking with US/China) 90% of them are mobile based. 90% revenue also comes in mobile. Demand side plus points Affinitly/Aspiration to make money/win money online is high for our demographic. Aspirational youth population. Rising disposable income. Lot of this 400Mn gamers are in Tier 1-2 cities Time spent in gaming rivals OTT/Social. About 3.1hrs per week Power user retention and LTV is comparable to international platforms. Example: 20% of MAU of Adda52 are players who are > 3 years old on the platform. Supply side Rich cultural history leading to lot of familiar homegrown titles. Rummy is about 85% of the RMG market which in turn is about 55% of the overall gaming market Multi gaming platforms (MGP’s) still haven’t exactly cracked the unit economics for hyper casual games but they at least bring in DAU Rising consumer trust in online platforms and digital paymentsBull case for building outside India? ARPU is much higher outside India. While you can argue that the core power user ARPU is comparable, the number of them playing these games for a living/seriously is very little. Check out this post for more about this set of these power users in India Conversion % for casual is ridiculously low in India. About 60% of non-RMG is ad supported Regulation for a lot of real money games is unclear. SRO’s (self regulatory organizations) still haven’t been formed and states banning betting overnight is an existential risk. Multi gaming platforms haven’t solved for retention thereby leading to unsustainable unit economics for most games (churn is especially higher for the hyper casual real money games).It is still a problem plaguing the industry Certain companies have advertising monopolies. Acquisition is expensive compared to the LTV that 80% of the customers offer Changing perspective about skill games and their money making potential. People no longer view them as gambling but rather as legitimate career options. Money making potential for certain games like poker in Indian rivals an executive salary at FAANG.2. Indian Gaming MarketRevenue SplitRMG dominates the market account for about 55-60% of the overall revenue. While casual games attract the largest number of users and have been crucial in growing the mobile gaming culture in India, while real money gaming attracts the highest paying users in mobile gaming. As a result, real money games have been the largest revenue source for India’s gaming sector. This segment is expected to grow at 30% CAGR with growing expectation of regulatory clarity.RMG vs Non-RMGOnline RMG market is segmented into 3 game types (Online Rummy, Poker & Fantasy Sports) and byplatforms into Single game (>91%) & Multi game (~9%) - collectively growing at a CAGR of ~61% for the last 3 years. Online Real Money Gaming Market split by the following segments :Rummy is currently the largest segment and is expected to dominate the RMG market in the future due to rising number of new rummy users from north India and increasing propensity to pay of existing users. Rummy market is expected to increase from $1Bn in FY2022 to $2.4Bn-$2.5Bn in FY2026 at CAGR of 24%.Poker has the least penetration when compared to rummy and fantasy, indicating a very high potential for growth in the coming years. Poker has the highest user retention rate and highest revenue per user among the two games considered here. Poker market is expected to grow from $150Mn in FY2022 to $450Mn in FY2026.Inside Non-RMG, where is the money coming from?Lets now move on how the users are split between RMG vs Non-RMG. The Non-RMG market has two major categories in terms of game types - Casual and Hyper-casual, and core games. Casual and Hyper casual games offer a quick and easy means to pass time and have become a popular entry point for India’s first-time mobile gamers. As a result, this segment has the highest number of overall users, i.e. 350-420 Mn, with very low paid user conversion rate (8-10%). Also, there are around 150-160 Mn core game users with very high conversion of paid gamers (36-43%)RMG witnesses a MACU of 12-13 Mn of the total 26-30 Mn real money gamers and it is expected to reach 60- 80 Mn real money gamers in the upcoming years.Everything else like e-sports, desktop, platforms are rounding off errors at the moment. E-sports grew about 5x on a small base but has plateaued since.Multi Gaming vs Single Gaming platformsWhile Single Game Platforms (SGP) currently dominate the market with (~90%) market share; the upcoming format of Multi-game platforms (MGP) may get popular in the future. MGPs offer a wider variety of games to users; and are therefore able to attract gamers from a wider set of interests and abilities. It should conceptually also be able retain them more by keeping them entertained and engaged for a longer time due to the wide array of game offerings (in reality however, this is harder than it looks).The recent rise of MGP can be attributed to greater game types attracting wider variety of audiences(thereby increasing reach), distributed game dev costs and ability to capitalize on cross game synergies. In its current state, MGP is growing at ~40%; which is the highest across various segments of RMG; and is expected to be ~12% of the market by 2026. While, the relative share appears low, in absolute terms this translates to nearly $500Mn (viz. ~4x in 5 years) by 2026. This explains the observed interest amongst gaming companies to explore and grow as Multi-gaming Platforms.MGP’s have also really lowered customer acquisition costs by spreading it and averaging it between low CAC games like Fantasy/Ludo and high LTV games like Poker/Rummy etc. However, not all things with MGP’s are positive. Majority of the users still go to these app to play 1-2 games and don’t deviate beyond them. Habit forming for the rest of the games is still a hit or miss.3. Some perspective on RMG/gaming and way forwardHow are these RMG businesses differentiated? RMG has more or less become a commodity business. Most products look the same and some companies even modify their GTM to match competitors in hopes of attracting users with a familiar platform and better deposit offers(like a vampire attack). Product innovation has been slow or non-existent in this industry for the last ten years. Adda52 from 2013 looks 90% same as today. Moreover, given the extremely low M12 retention rates, you have to keep acquiring users (spending money) every year as your platform churns through them - making this a treadmill business.Core problems to solve for in RMG: LTV/CAC doesn’t work High acquisition costs but low average LTV. For example: CAC for acquiring poker players is about Rs. 15k and its impossible to make this money back if 75% of your new users churn out before 3 months. This problem has to be solved from both ends by lower acquisition costs and improving retention Possible solution: Mini game casual variants of popular card games with shorter game loops would set the product apart in terms of giving new users a feel and taste of the game related wagering/betting while at the same time without diluting the skill aspect. Timepass.Games is doing this for hyper casual games in a TikTok variant. Idea is to engage the user for longer by giving them multiple games in quick shorter formats There are some caveats to making RMG games in shorter formats. As a rule of thumb in RMG businesses, 80% of your revenue comes from 15% of your users. This ratio is extreme for some games like poker and normalized for bigger games like Fantasy. If you reduce the game loop duration, its very hard to have the same ARPU as earlier and retention is still an open problem with hyper casual variants. Having tight game loops along with strong product driven conversion milestones to make the user play the longer variant could alleviate some of these concerns. Poor retention In my own experience, the single biggest factor determining the retention of a player is their loss rate(money lost /day). If a player loses money on the platform, he/she is prone to churn. This is unfortunately unstoppable in the RMG business because of its design. However, we can explore couple solutions: Make losing money for new players slower and more enjoyable. At the end of the day, 95% of your players are going to lose money. Giving them a fun and interactive experience lowers chances of churn. Kickass FTUE teaching the players to make sure they learn the rules before wagering is key as well. Re-acquiring them again using a network site model. This is an under explored concept in India where multiple website skins could share liquidity of players. This way, you can have a gamified skin of the game marketed towards one target group and serious/pro friendly version marketed towards a different set of users. They can share player liquidity across all games while still having different fee/reward structures. Taj Rummy/Poker is doing this to some extent with a very bad product at the moment in India but there are no big name players yet. Gameskraft has brilliantly marketed 4 different Rummy versions which all share liquidity to keep re-acquiring their churned out users for cheap. At the end of the day, majority of your revenue comes from power users who choose your platform primarily for player liquidity and product experience. Recreational users are attracted towards big offers and guarantees but churn out when they lose. Ensuring you can retain/re-acquire recreational users through strong data driven offers/loops and providing superior gaming experience to power users would lead to a sustainable RMG business in my opinion. However, having a great product by itself is not enough. Distribution is super critical and making sure you can acquire users for cheap makes or breaks a platform. Cross game analytics/anti fraud/rewards (which is by large forgotten by most companies) is paramount to predict and minimize churn.Revenue comparison between some Indian and foreign betting companies shows the market potential for a mature player globally:Sources Delta Tech(Adda52) DRHP Nazara gaming DRHP Redseer, BCG and Newzoo research reports Lumikai and Konvoy VC blogsIf you liked this, checkout my other related posts too: GTO Inspector - My attempt at building an online business Make Poker Fun again We should all have something to hide - Tornado cash takedown", "content_html": "The gaming industry in India has been growing exponentially in recent years, with many people joining the ranks of avid and serious players. India has now become one of the leading countries in the world in terms of gaming, and this is largely due to the large population, the availability of technology, and the increasing enthusiasm and accessibility of gaming platforms. With more and more people playing games, India has become a massive and vibrant gaming community, with people of all ages and backgrounds enjoying the many styles and genres of gaming. From console and PC gaming, to mobile and online gaming, there is something for everyone to enjoy in India’s gaming scene. This post mostly focusses on the real money gaming market, potential profit pool and if somebody is starting a RMG company in India - this document can serve as a preliminary primer in understanding the market.
High level Index:
![](\"/assets/files/funnel.png\")
Demand side plus points
![](\"/assets/files/timespent.png\")
Supply side
![](\"/assets/files/revenuesplit.png\")
RMG dominates the market account for about 55-60% of the overall revenue. While casual games attract the largest number of users and have been crucial in growing the mobile gaming culture in India, while real money gaming attracts the highest paying users in mobile gaming. As a result, real money games have been the largest revenue source for India’s gaming sector. This segment is expected to grow at 30% CAGR with growing expectation of regulatory clarity.
![](\"/assets/files/rmg.png\")
Online RMG market is segmented into 3 game types (Online Rummy, Poker & Fantasy Sports) and byplatforms into Single game (>91%) & Multi game (~9%) - collectively growing at a CAGR of ~61% for the last 3 years. Online Real Money Gaming Market split by the following segments :
![](\"/assets/files/rmggrowth.png\")
Rummy is currently the largest segment and is expected to dominate the RMG market in the future due to rising number of new rummy users from north India and increasing propensity to pay of existing users. Rummy market is expected to increase from $1Bn in FY2022 to $2.4Bn-$2.5Bn in FY2026 at CAGR of 24%.
Poker has the least penetration when compared to rummy and fantasy, indicating a very high potential for growth in the coming years. Poker has the highest user retention rate and highest revenue per user among the two games considered here. Poker market is expected to grow from $150Mn in FY2022 to $450Mn in FY2026.
![](\"/assets/files/nonrmg.png\")
Lets now move on how the users are split between RMG vs Non-RMG. The Non-RMG market has two major categories in terms of game types - Casual and Hyper-casual, and core games. Casual and Hyper casual games offer a quick and easy means to pass time and have become a popular entry point for India’s first-time mobile gamers. As a result, this segment has the highest number of overall users, i.e. 350-420 Mn, with very low paid user conversion rate (8-10%). Also, there are around 150-160 Mn core game users with very high conversion of paid gamers (36-43%)
![](\"/assets/files/usersplit.png\")
RMG witnesses a MACU of 12-13 Mn of the total 26-30 Mn real money gamers and it is expected to reach 60- 80 Mn real money gamers in the upcoming years.
Everything else like e-sports, desktop, platforms are rounding off errors at the moment. E-sports grew about 5x on a small base but has plateaued since.
While Single Game Platforms (SGP) currently dominate the market with (~90%) market share; the upcoming format of Multi-game platforms (MGP) may get popular in the future. MGPs offer a wider variety of games to users; and are therefore able to attract gamers from a wider set of interests and abilities. It should conceptually also be able retain them more by keeping them entertained and engaged for a longer time due to the wide array of game offerings (in reality however, this is harder than it looks).
The recent rise of MGP can be attributed to greater game types attracting wider variety of audiences(thereby increasing reach), distributed game dev costs and ability to capitalize on cross game synergies. In its current state, MGP is growing at ~40%; which is the highest across various segments of RMG; and is expected to be ~12% of the market by 2026. While, the relative share appears low, in absolute terms this translates to nearly $500Mn (viz. ~4x in 5 years) by 2026. This explains the observed interest amongst gaming companies to explore and grow as Multi-gaming Platforms.
MGP’s have also really lowered customer acquisition costs by spreading it and averaging it between low CAC games like Fantasy/Ludo and high LTV games like Poker/Rummy etc. However, not all things with MGP’s are positive. Majority of the users still go to these app to play 1-2 games and don’t deviate beyond them. Habit forming for the rest of the games is still a hit or miss.
How are these RMG businesses differentiated?
RMG has more or less become a commodity business. Most products look the same and some companies even modify their GTM to match competitors in hopes of attracting users with a familiar platform and better deposit offers(like a vampire attack). Product innovation has been slow or non-existent in this industry for the last ten years. Adda52 from 2013 looks 90% same as today. Moreover, given the extremely low M12 retention rates, you have to keep acquiring users (spending money) every year as your platform churns through them - making this a treadmill business.
Core problems to solve for in RMG:
Poor retention
In my own experience, the single biggest factor determining the retention of a player is their loss rate(money lost /day). If a player loses money on the platform, he/she is prone to churn. This is unfortunately unstoppable in the RMG business because of its design. However, we can explore couple solutions:
At the end of the day, majority of your revenue comes from power users who choose your platform primarily for player liquidity and product experience. Recreational users are attracted towards big offers and guarantees but churn out when they lose. Ensuring you can retain/re-acquire recreational users through strong data driven offers/loops and providing superior gaming experience to power users would lead to a sustainable RMG business in my opinion. However, having a great product by itself is not enough. Distribution is super critical and making sure you can acquire users for cheap makes or breaks a platform. Cross game analytics/anti fraud/rewards (which is by large forgotten by most companies) is paramount to predict and minimize churn.
Revenue comparison between some Indian and foreign betting companies shows the market potential for a mature player globally:
![](\"/assets/files/comp.png\")
Sources
If you liked this, checkout my other related posts too:
DeFi in 2022 was a lot about liquidity provisioning and balance sheet monetization. Everybody was looking for simple and safe yields without the risk of getting their hands burnt. The year has brought the dawn of certain type of protocols like:
Automation protocols re-balance liquidity positions across AMMs and Layer 1s, recycle rewards, and provide “auto-compounding” services. Convex Finance is one the leading examples - they “recycle” $CRV and Curve LP tokens for boosted rewards, trading fees, and governance tokens.
Enhancers are protocols that do not introduce new operating models for DeFi, but rather recycle the outputs from existing protocols to optimize returns for the end user. A good example of this is Abracadabra.money, which is similar to MakerDAO but with the important difference that it creates collateralized debt position from yield-bearing assets (and has much looser risk controls).
Extenders are protocols that stack various underlying DeFi protocols. Alchemix is a good example. It’svaults function similarly to MakerDAO’s, but the protocol also rehypothecates its collateral assets anddeposits them into yield aggregators like Yearn, creating yield generating synthetic tokens which look like “self-repaying loans.” The rehypothecation creates risk, as the protocol absorbs the risks of the lower-level protocols it’s built on. Still, self-repaying loans!
Checkout my other related posts too:
“The Magic Words are Squeamish Ossifrage” was the solution to a challenge ciphertext posed by the inventors of the RSA cipher in 1977
Howdy! I have been bit busy with launching Pot limit Omaha ( a poker variant) at work and haven’t been able to write regularly. Launching PLO is extra special for me because it sort of makes my poker journey go full circle. From playing PLO professionally, to building products for professional PLO players to finally launching a PLO product as part of a poker website itself; its been a fun ride.
I was part of the Wolfram Summer school which ran during the summers of 2017 in the town of Boston, MA where I built a network sniffer function for their core product. It was a super hectic summer for me where I was simultaneously working on three different projects. I was attending the summer school in USA, doing my second GSoc project ( writing a HTTP2.0 implementation for a network lib) and was also part of the OWASP Code Sprint (worked on a tool for obfuscating assembly shellcodes). In hindsight, I learned an immense amount over the summer while also travelling around New York.
At the start of the summer school, we were asked to pick a topic and write a computational essay to get familiar with the basic functions of Mathematica. I wrote about the basic RSA system. The essay is embedded below. Feel free to run the code yourself.
More details on my summer school work can be found here
", "url": "https://rnikhil.com/2022/10/12/wolfram-crypto", "date_published": "2022-10-12T00:00:00+00:00", "date_modified": "2022-10-12T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2022/09/01/my-take-crypto", "title": "A take on web3/DeFi", "summary": null, "content_text": "Most use cases for crypto are in an imaginary space. Lot of the details like “why does the customer care?”, “why will they pay for it?”, etc are not necessarily thought out clearly. Most products ask me to “Imagine a world where everything is de-centralized”.So, what do I think will come out of web3/DeFi mania? First off, currently crypto and web3 is really great currently for trading/speculation related use cases. Solving for capital efficiency, security, infra makes sense in long term. Then what? Retail investors? Gaming? NFT/Collectibles? Countries run as DAO’s? Its very hard to come up with future (>10yr) use cases but we can look at some analogies. Comparison with Internet: Commonly used in super bullish crypto circles, the comparison has some rough edges. Internet started as a way for education/military bases to talk to each other. It started from day 1 solving for a single use case(comms) only instead of 1000 other possible things you can build on top of it. While it didn’t have distribution initially, it took like 15-20 years for apps to go mainstream. People kept building iteratively on top of it. While it may work as a great branding for VC’s, here it just becomes a speculating exercise on potential use cases 10yrs down the line. This is sort of the reverse order as the internet. Imagine somebody trying to raise money for Snapchat in 1990. If you have to borrow analogies from the internet, solving for infra and for specific user personas/use cases today makes the most sense. The internet did it for 15years for some niche user personas. In web3, we started directly with a compelling vision of no single counter party/no centralised institutions/everybody owns everything/trust less/permission less and then tried to work backwards into solving for use cases. Funnily, most successful crypto companies are currently centralised. While starting like this isn’t necessarily bad, lot of them are not on a path to de-centralisation. There is definitely some value in the space. Expectations are currently super high to become a $100 Billion business for everybody but today, it may just be a $1 Billion niche for the time being. When you pump $50 Billion into the ecosystem, it makes it hard to differentiate between utility vs speculation vs any other perverse incentives. Some products assume PMF because of wash trading/bots etc. If you look at the top gas spenders on AVAX/Polygon, it’s mostly bots inside a game or wash trading NFTs. Ponzi schemes, unnatural yields through looping money around etc have become commonplace too. It may solve for some specific use cases in the future like remittances (cross border payments, a $5 billion use case ) or market making/infra for trading which is again maybe a $30 Billion business.I hope in the future, we can solve legitimate problems with this tech. Luckily since this space basically speed runs through everything, the cycle length to actual mass products may not be as long as the internet. Honestly though, these brand of “web3” applications have been coolest new tech(paradigm) in a while and us being technologists, its just a lot of fun to investigate them and play around.Checkout my other related posts too: We should all have something to hide - Tornado cash takedown Problem statements to solve for a retail investor in DeFi Option protocols in DeFi Blockchain gaming - Current state", "content_html": "Most use cases for crypto are in an imaginary space. Lot of the details like “why does the customer care?”, “why will they pay for it?”, etc are not necessarily thought out clearly. Most products ask me to “Imagine a world where everything is de-centralized”.
So, what do I think will come out of web3/DeFi mania?
First off, currently crypto and web3 is really great currently for trading/speculation related use cases. Solving for capital efficiency, security, infra makes sense in long term.
Then what? Retail investors? Gaming? NFT/Collectibles? Countries run as DAO’s? Its very hard to come up with future (>10yr) use cases but we can look at some analogies.
Commonly used in super bullish crypto circles, the comparison has some rough edges. Internet started as a way for education/military bases to talk to each other. It started from day 1 solving for a single use case(comms) only instead of 1000 other possible things you can build on top of it. While it didn’t have distribution initially, it took like 15-20 years for apps to go mainstream. People kept building iteratively on top of it.
While it may work as a great branding for VC’s, here it just becomes a speculating exercise on potential use cases 10yrs down the line. This is sort of the reverse order as the internet. Imagine somebody trying to raise money for Snapchat in 1990.
If you have to borrow analogies from the internet, solving for infra and for specific user personas/use cases today makes the most sense. The internet did it for 15years for some niche user personas.
I hope in the future, we can solve legitimate problems with this tech. Luckily since this space basically speed runs through everything, the cycle length to actual mass products may not be as long as the internet. Honestly though, these brand of “web3” applications have been coolest new tech(paradigm) in a while and us being technologists, its just a lot of fun to investigate them and play around.
Checkout my other related posts too:
The first section of the article inspects the various user personas interacting with DeFi protocols and their individual requirements. The second section identifies various products which solve for these use cases. We mostly look for on-chain use cases which already have a reasonable amount of adoption. This post simply surfaces the various participants across the value chain and identifies open problems. Some cutting-edge novel cases with nascent adoption might get overlooked. Nevertheless, we keep an eye out for unsolved/potential growth segments and see what we can build there.
Broad retail requirements for interacting with financial services and products can be classified as:
Currently, the first two user personas (Investor and the speculator) are the most common place in DeFi. In fact every other use case is in fact a minority. Lets look at them deeper.
| Average investor | Speculator/ trader |
|---|---|
| Wants economic exposure to DeFi. Is not every sophisticated, intends to make +ve ROI, wants an engaging experience. | Wants a platform get access to capital and trade/gamble. High returns on capital is the ultimate priority. |
| Product requirements - Savings - Investing - Lending/Borrowing - Insurance | Product Requirements - Investing - Trading across asset classes - Coin/NFT launchpads - Credit (Lending/Borrowing/Leverage) - Other financial products (derivatives/swaps/bonds/etc) - Insurance - Data and Analytics |
| First priorities - Easy on-ramp and off-ramp - High yield products - Minimal friction while adding/removing/transferring/spending money - KYC/Identity - Regulatory/Compliance and clarity - Taxation/Ease of filing - Trust/Safety in the platform - Principal protection (low volatility) for investment products - Easy to use (non complicated) UX - Wants a personalized UX which is engaging as well as efficient - Easy Access everywhere (on mobile while travelling) - Speed of transactions have to instantaneous - (Single preferably) centralized market place/platform access to all products - Variety of markets available - Custody/Asset management - Cheap transaction costs - Best APR/APY (for savings/investments) and credit products - Easy onboarding | First priorities - Everything from Average investor - Advanced feature rich snappy UX - Portfolio management - Strategy builder - Risk Management - Centralized market place/platform access to all products - Variety of markets available with sufficient liquidity to do big trades - Derivatives/Spot/Prediction/FX products - Integration with other DeFi protocols - Regulatory compliance/clarity - Custody/Asset management - Rakeback for transaction fees - Best margin funding rate/leverage tools - Lowest interest fees - Best bid/offer spread - Low slippage - Easy onboarding - Capital efficiency(DeFi composability) - Loyalty programs |
Broad institutional personas who interact with financial services and products can be classified as:
They all want economic exposure to DeFi and to leverage the benefits of transacting on-chain (distributed/ decentralized/trust less/ permission less/cheaper / available/etc). Some requirements for the above actors:
Product Requirements:
| Everything from a retail speculator | |
| Risk Management | Portfolio management |
| Data and Analytics services | Credit management |
| Client relationship management | Invoice financing |
| Supply chain financing | Equity financing |
| B2B payments and transfers | Payroll |
| Insurance | Foreign exchange |
| Principal protected yield | Treasury management |
Products which solve core user requirements which overlap across the most number of personas have the highest likelihood of attaining scalable PMF (duh!). Now, we shall the investigate the user journey of these personas and try to understand the active participants in the value chain.
Profit pools are nothing but the total profit earned at all points along the value chain of an industry. When we analyse a value chain, it becomes imperative to define the boundaries of the sub-segment before digging deeper. Each of these segment profitability may, for example, vary widely by customer group, product category, geographic market, or distribution channel. Moreover, the pattern of profit concentration in an industry is often very different from the pattern of revenue concentration. You can check this article on HBR to know how to map an industry’s pool.
In this section, we attempt to dig deeper into some open problem statements and propose possible solutions. In the next article, we shall investigate these participants from a profit/operating margin PoV to understand which problem statement is worth solving financially.
Lets pick an average retail DeFI investor and look at their user journey.
Intent to invest
Now, lets break down each of these steps and inspect the actors.
Custody and Asset Management
Similar to how fiat money is usually stored in savings accounts, central depositories, etc, crypto currencies have to stored in an online equivalent. Blockchains use digital signatures to secure money. Digital signatures are a pair of random keys, where one key is a “private key” and the other a “public key”. Through digital signatures, any person with the “private key” can “sign” a transaction and spend the digital currencies. Therefore, it is crucial to safeguard the “private key”. Some tech-savvy users of blockchains opt to safeguard this key themselves, and accept the risk of theft or loss of the key (and therefore the loss of their funds). In contrast, other blockchain users trust online wallets or exchanges with the safeguarding of their keys.
Custody management solutions overlap typically with the first step in the boarding process.Here, we are primarily focussing on the DeFi custody experience and not CeX related on-boarding flows.
Using the user requirements we looked at in the first step, lets see where the current gaps exist:
Let’s look at the current type of wallets and understand what they do:
Self-custodial
Exchange wallets
Third party custody
Instadapp sort of does this for retail.
What can we work on?:
Identity (Polygon ID, dynamic.xyz)
These Dapps which the users want to interact with are built on top of blockchains which we will investigate in the next section. While an average CeX user may not even interact with blockchains (just buys on Coinbase and doesn’t do anything else), we are discussing about a web3 DeFi investor here. The user also doesn’t pay for these services as they are usually available for free but instead monetized through adjacent offerings. In the next section, we shall look at some of the core infra DeFi products as well.
Infrastructure
This is the plumbing needed for all of web3 to function. As an user, I don’t really care how what the name of the chain is or the infrastructure complexity. The only requirements here are:
The participants here include:
![\"mev\"](\"/assets/files/mev.png\")
What can we work on?:
Above DeFi actors capture majority of the value in this step. They are directly/in-directly involved with every user transacting on chain and thereby also are at an intersection of the most value transferred. In the next post, we shall look at some key metrics to evaluate these actors across the value chain.
Now the user has a wallet and connected to a chain to transact. Its time to move on to looking at the next participants in this value chain
On-Ramp and exchanges
Remembering that our user is a retail DeFi investor, lets look at some user requirements and pain points:
Some participants here:
what problems to work on?
Dapp interaction
Now that the user has converted his/her to fiat to crypto, lets look at the journey to invest in Dapps.As an user, my primary requirements would be:
For the next wave of Defi products to be bigger than the previous/current state we need an influx of new set of users who have never used these products before. Making these investment Dapp retail-newbie friendly is paramount.
As we look across the value chain of a retail investor, we notice that major value transacts across these players:
Now, depending on which business we are trying to enter, you can further double click to understand all adjacent offerings as well. A liquid staking service would eventually move into wallets to capture more TVL or approach the same problem from the perspective of an institution to offer DeFi products with access controls for risk profile/taxation/regulations etc.
Checkout my other related posts too:
Lets face it, poker has become a commoditized game/product where most poker platforms look like skins of each other. There is hardly any differentiation in the products and all of them simply focus on the betting/gambling function of the game while a human centric focus on the user journey takes a back seat.
This is primarily due to the fact that human focussed features/design elements particularly don’t drive revenue directly. However, they make the product more fun to indulge in.
Unfortunately most platforms are just laser focussed betting tools which are designed to get the user wagering as soon as possible. Its almost like 2000s traders made poker software products.
Poker’s market cap is not growing at pace with the rest of the real money gaming ecosystem. E-sports and casual gaming are growing much faster (on a bigger base too) compared to real money gaming(and especially poker. Online Gaming has become ubiquitous especially in the post COVID world where people are staying more and more indoor and interacting with others online. online gaming has surpassed from being just an entertainment thing used by a bunch of geeks to mainstream extension of one’s identify online. It one of the top categories online in terms of spends as well.
Opportunity cost of investing in poker vs other games/sectors. While poker is generally a profitable vertical for RMG (real money gaming) companies, the “real” value of the vertical/game is usually measured by the future cash flows which in turn is determined by your growth rate.
In the stages of a business from early PMF to a scalable PMF to a scalable profitable PMF, its very important that the vertical displays potential for scalability much before we think about profitability. Poker usually starts making money(profits) early on but scalability is still a question mark.
As part of my job, my responsibility is to explore ways to grow the poker ecosystem in India. With everybody playing games, its not a leap to suggest incorporating certain gamification elements to make poker more enjoyable.
There are bunch of vectors to drive growth. The direct way includes discounting, increased marketing burn etc whereas the harder way includes gamification, offering more products/services (cross-selling), community building, identifying profit pools in the value chain and building around them, etc
We want to craft a user experience which is much more than just Deposit Money-> Select table -> Start betting.
This article focuses on bring elements of games into poker to make it more fun and thereby drive growth. While its hard to wrap the actual betting mechanics/UX into a gamified journey, we can look at other adjacent flows too. The key elements of the Octa framework include:
It is the Core Drive where a player believes that he is doing something greater than himself or he was “chosen” to do something. Attaching meaning to playing the game becomes an intrinsic motivating factor for the player
We see a lot of companies playing to this sentiment like CRED(a lifestyle company), D2C brands, early Spotify (younger cool kids music app), etc
While regular games have storylines, fictious identities, in poker, making the player win something big in a practice/tutorial step, or in the first session thereby making the player feel “chosen” creates a welcoming atmosphere for new poker players.
Currently poker is also viewed mainly as gambling in India. Maybe organising Poker as an India wide talent competition under the assumption that people view winning the competition as a prestigious thing helps. It also creates social influence among your peers too. This is definitely the case with WSOP. Also creating content around the skill aspect of poker and popularising it would help change the narrative on how poker is viewed in our Tier-2 or Tier-3 cities.
Development & Accomplishment is the internal drive of making progress, developing skills, and eventually overcoming challenges.
This is one of the easiest to design for and already widely implemented across the industry. In poker, common implementations include:
Empowerment of Creativity & Feedback is when users are engaged in a creative process where they have to repeatedly figure things out and try different combinations. People not only need ways to express their creativity, but they need to be able to see the results of their creativity, receive feedback, and respond in turn.
We need a feature with tight feedback loop which takes in user input and something which preferably has a creative element attached to it. IKEA furniture have this element of self-assembly which makes the user care for the product.
Waze (the traffic app) intelligently uses user generated content where the platform users feel a sense of ownership in keeping the data accurate and up to date.
This is the drive where users are motivated because they feel like they own something. When a player feels ownership, she innately wants to make what she owns better and own even more.
Also, if a person spends a lot of time to customize her profile or her avatar, she automatically feels more ownership towards it too. Same applies to user earned virtual points/goods which can be be exchanged for other goods. We see a lot of companies implementing their own inhouse tokens/coins.
In fact, this is (token sale) is one of the most common GTM strategies in the web3 space. The assumption is that with early community ownership, folks are incentivised to drive product adoption and growth.
In poker we want to make the user feel that they own their identity/progress inside the game.
This drive incorporates all the social elements that drive people, including: mentorship, acceptance, social responses, companionship, as well as competition and envy.
Often implemented in the form of social events, group/team competitions, contests (with a lot of PR for the winners), televising etc by most companies. This is usually well executed as well as I see most platforms having a strong social media presence.
Scarcity, impatience or basically the drive of wanting something because you can’t have it.
Often executed in the form of chosen waiting lists (Ultrahuman which onboarded only certain people early day), gatekeeping for certain users (CRED, early Facebook), etc. In poker we can
Generally, this is a harmless drive of wanting to find out what will happen next. If you don’t know what’s going to happen, your brain is engaged and you think about it often. Many people watch movies or read novels because of this drive. However, this drive is also the primary factor behind gambling addiction.
Lotteries, sweepstakes, slot machines, scratch cards work for said reason although they are sometimes confused against achievements/badges. In poker, its commonly implemented as
This core drive is based upon the avoidance of something negative happening.
Commonly executed by making the user lose previous progress, emphasising the sunk cost, rake back tiers which expire, bonus points which expire etc. Most reactivation campaigns play to this sentiment.
The core idea is to tailor make features which apply these concepts for your product, your community, your currency etc.
Poker products need not be just simple betting/gambling platforms. Poker can become a fun, skill-based game where people share their progress, discuss strategies, buy/sell in-game loyalty points, compare skill-scores, set avatars and also brag about their winnings.
If you liked reading my post, you can check other similar posts too:
", "url": "https://rnikhil.com/2022/08/22/profit-growth-gamification", "date_published": "2022-08-22T00:00:00+00:00", "date_modified": "2022-08-22T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2022/08/15/defi-derivatives", "title": "Derivative protocols in DeFi", "summary": null, "content_text": "This post is a summary of all the options products available in the DeFi space. I embarked on doing a bit of research after I wanted to hedge my LP positions given the current volatile market and the impending merge.Before going ahead, it helps the reader to have a basic understanding of what options/futures are. You can read a basic primer here from Zerodha which elaborates on the fundamentals of an options contract in TradFi.One of the main differences between TradFi options and DeFi options is the additional component of a liquidity pool. Since we can’t have order books (due to limited TPS, available block space etc) in DeFi, liquidity providers come together to provide liquidity to the pool in return for earning some yield. You can think of these LP’s as the equivalent of market makers(banks/hedge funds/prop trading shops) in TradFi.Most of these product are inspired from the equivalent TradFi products and follow along closely in terms of their equivalent implementation.Perp.com One of the first on-chain futures which were composable. Deribit/Bybit might predate them but they we based on CEX’s. Everlasting contracts with no expiry. Imagine a NIFTY futures contract without an expiry date. In TradFi, the price of the futures contract is usually different from the underlying’s prices and converges to the value of the underlying on the expiry date. The deviation is caused by the risk free interest rate and/or any dividend given out by the underlying before the expiry period. Since we don’t have expiry dates here, we need a mechanism to price these contracts. Enter funding rates which the longs pay the shorts to help keep the futures price close to it underlying.Basically funding rates will always tend towards zero as other market participants (traders/arbitrageurs/etc) will take advantage of the rate by going long when its negative or going short when its positive, thereby aligning the price of the of the perp with the underlying. If the funding rate is positive, you can short perps and buy ETH on the spot market for a delta neutral strategy. A bunch of start-ups have automated this trade: Diamond protocol does this cash and carry strategy (as a vault) using an algorithm to find the best rebalance frequency for the current market and rebalance automatically for the vault’s depositors. Due to the fact that these primitives are composable, there are also tokens which represent the above trade. Holding them would earn you funding payment without exposure to price. $BYE (Basis Yield ETH) is one such token. Opyn I stumbled onto them quite late (by crypto standards) while reading this paradigm article While they have “normal” perp options, I am interested in power perps (power contracts are basically attached to the square of the underlying’s price. If BTC goes 2x, the power^2 perp goes, 4x) because of their non linear returns similar to how options behave Squeeth (that’s how they call their square perp) doesn’t have expiry dates or even strike prices for that matter.They run distributed option vaults (DOVs) with their inhouse product Squeeth instead of “regular” options these days. For detailed payoff diagrams and explanations on how Squeeth behaves during different market conditions, you can check this article here Hegic They run a liquidity pool marketplace for operating an American style option. American options are slightly expensive than European options for the fact that they can be exercised anytime. Options trade in secondary markets where market makers/option writers can define the price of the option using their internal model. It looks like Hegic controls the IV variable and thereby the price of option as well. Options purchased on this platform are not composable meaning, I cant trade/use this position somewhere else in the DeFi ecosystem Zeta Given really long block times and the inability to structure atomic trades, most of these option writers require full collateralization. However, due to faster L2’s and alternative L1’s going mainstream, we can now have faster M2M update which will help us price our options better which in turn means ability to offer under collateralized options Zeta provides under-collateralized options with an on-chain pricing engine and margin system. While the above platforms mostly work on fundamental primitives, there are also a lot of companies providing pre-made option strategies for retail participants to invest in. These are particularly attractive to the less-complicated user who wants a quicker investing/gambling experience.Distributed Option Vaults (DOVs) DOVs are a new form of structured product which are mostly a collection of pre-defined option strategies. DOV’s are pretty important because they are able to democratize access to options without the user needing to understand complex jargon, choosing strikes/expiry or the risk of losing a lot. In TradFI, a specific combination of derivatives are selected, packaged and sold to clients looking for custom non-traditional payout curves. These clients are usually HNI’s/institutions and the intermediary (banks mostly) charge a fee for setting this up. Let’s look at how these products are structured in the DeFi space:Ribbon Finance DOVs, with most of them running a basic covered call strategy. The call options are minted from the Opyn vault. They usually run covered call or cash covered put strategies which is a great on-ramp solve for retail traders looking to get some exposure in derivatives. Imagine Zerodha having a one click auto compounding covered call strategy against all your stock holdings. That would be really convenient. Friktion Volt1: This is a basic DOV with covered call strategy on SOL, BTC, ETH etc. Volt2: Cash secured puts on the same assets as above. Volt3: Deltra neutral crab strategy. In TradFi, I would usually express this sentiment with a stradle or a strangle. Here, they use power perps to come up with a novel way to delta hedge. Payoff looks something like this: Volt4: Basis yield (delta neutral strategy which is used for eating the funding rate in perps as discussed above). During a positive funding environment, this strategy goes short on the perp contract and long on the spot to earn the funding rate and vice verse during negative funding environments. BrahmaFi PMUSDC A simple vault which does LP yield farming (boost LP rewards through convex and reinvest back into LP pool. sort of like yearn finance) with an added addition of taking a momentum trade using the yield on Lyra/perp.com The extra edge in this strategy comes mainly from their internal momentum bot. Otherwise, its just a yearn finance strategy with extra fees. They used to do the same trade on GMX earlier There are a lot more derivate platforms which further build on top of yield aggregators, DOVs etc. We shall have a look at them in the next post.Disclosere: I use the above platforms and don’t endorse any of them.If you like it, check out my other posts too: We should all have something to hide - Tornado cash takedown", "content_html": "This post is a summary of all the options products available in the DeFi space. I embarked on doing a bit of research after I wanted to hedge my LP positions given the current volatile market and the impending merge.
Before going ahead, it helps the reader to have a basic understanding of what options/futures are. You can read a basic primer here from Zerodha which elaborates on the fundamentals of an options contract in TradFi.
One of the main differences between TradFi options and DeFi options is the additional component of a liquidity pool. Since we can’t have order books (due to limited TPS, available block space etc) in DeFi, liquidity providers come together to provide liquidity to the pool in return for earning some yield. You can think of these LP’s as the equivalent of market makers(banks/hedge funds/prop trading shops) in TradFi.
Most of these product are inspired from the equivalent TradFi products and follow along closely in terms of their equivalent implementation.
One of the first on-chain futures which were composable. Deribit/Bybit might predate them but they we based on CEX’s.
Everlasting contracts with no expiry. Imagine a NIFTY futures contract without an expiry date.
In TradFi, the price of the futures contract is usually different from the underlying’s prices and converges to the value of the underlying on the expiry date. The deviation is caused by the risk free interest rate and/or any dividend given out by the underlying before the expiry period. Since we don’t have expiry dates here, we need a mechanism to price these contracts. Enter funding rates which the longs pay the shorts to help keep the futures price close to it underlying.
![\"perp\"](\"/assets/files/funding.png\")
Basically funding rates will always tend towards zero as other market participants (traders/arbitrageurs/etc) will take advantage of the rate by going long when its negative or going short when its positive, thereby aligning the price of the of the perp with the underlying. If the funding rate is positive, you can short perps and buy ETH on the spot market for a delta neutral strategy. A bunch of start-ups have automated this trade:
Diamond protocol does this cash and carry strategy (as a vault) using an algorithm to find the best rebalance frequency for the current market and rebalance automatically for the vault’s depositors.
Due to the fact that these primitives are composable, there are also tokens which represent the above trade. Holding them would earn you funding payment without exposure to price. $BYE (Basis Yield ETH) is one such token.
I stumbled onto them quite late (by crypto standards) while reading this paradigm article
While they have “normal” perp options, I am interested in power perps (power contracts are basically attached to the square of the underlying’s price. If BTC goes 2x, the power^2 perp goes, 4x) because of their non linear returns similar to how options behave
Squeeth (that’s how they call their square perp) doesn’t have expiry dates or even strike prices for that matter.They run distributed option vaults (DOVs) with their inhouse product Squeeth instead of “regular” options these days.
For detailed payoff diagrams and explanations on how Squeeth behaves during different market conditions, you can check this article here
They run a liquidity pool marketplace for operating an American style option. American options are slightly expensive than European options for the fact that they can be exercised anytime.
Options trade in secondary markets where market makers/option writers can define the price of the option using their internal model. It looks like Hegic controls the IV variable and thereby the price of option as well.
Options purchased on this platform are not composable meaning, I cant trade/use this position somewhere else in the DeFi ecosystem
Given really long block times and the inability to structure atomic trades, most of these option writers require full collateralization. However, due to faster L2’s and alternative L1’s going mainstream, we can now have faster M2M update which will help us price our options better which in turn means ability to offer under collateralized options
Zeta provides under-collateralized options with an on-chain pricing engine and margin system.
While the above platforms mostly work on fundamental primitives, there are also a lot of companies providing pre-made option strategies for retail participants to invest in. These are particularly attractive to the less-complicated user who wants a quicker investing/gambling experience.
DOVs are a new form of structured product which are mostly a collection of pre-defined option strategies. DOV’s are pretty important because they are able to democratize access to options without the user needing to understand complex jargon, choosing strikes/expiry or the risk of losing a lot.
In TradFI, a specific combination of derivatives are selected, packaged and sold to clients looking for custom non-traditional payout curves. These clients are usually HNI’s/institutions and the intermediary (banks mostly) charge a fee for setting this up.
Let’s look at how these products are structured in the DeFi space:
DOVs, with most of them running a basic covered call strategy. The call options are minted from the Opyn vault.
They usually run covered call or cash covered put strategies which is a great on-ramp solve for retail traders looking to get some exposure in derivatives.
Imagine Zerodha having a one click auto compounding covered call strategy against all your stock holdings. That would be really convenient.
Volt1: This is a basic DOV with covered call strategy on SOL, BTC, ETH etc.
Volt2: Cash secured puts on the same assets as above.
Volt3: Deltra neutral crab strategy. In TradFi, I would usually express this sentiment with a stradle or a strangle. Here, they use power perps to come up with a novel way to delta hedge. Payoff looks something like this:
![\"payoff\"](\"/assets/files/payoff.png\")
Volt4: Basis yield (delta neutral strategy which is used for eating the funding rate in perps as discussed above). During a positive funding environment, this strategy goes short on the perp contract and long on the spot to earn the funding rate and vice verse during negative funding environments.
A simple vault which does LP yield farming (boost LP rewards through convex and reinvest back into LP pool. sort of like yearn finance) with an added addition of taking a momentum trade using the yield on Lyra/perp.com
The extra edge in this strategy comes mainly from their internal momentum bot. Otherwise, its just a yearn finance strategy with extra fees. They used to do the same trade on GMX earlier
There are a lot more derivate platforms which further build on top of yield aggregators, DOVs etc. We shall have a look at them in the next post.
Disclosere: I use the above platforms and don’t endorse any of them.
If you like it, check out my other posts too:
", "url": "https://rnikhil.com/2022/08/15/defi-derivatives", "date_published": "2022-08-15T00:00:00+00:00", "date_modified": "2022-08-15T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2022/08/09/tornado-cash-block", "title": "We should all have something to hide - TC takedown", "summary": null, "content_text": "HN Discussion ” If you have nothing to hide, you have nothing to fear”This is a common saying parroted by folks (made popular in the US after 9/11) for justifying many types of surveillance. It is also sometimes mistakenly used to justify the current blanket surveillance we all are a victim of. With the development in technology and rapid increase of surveillance budgets, law enforcement has gotten a lot easier as well.Recently, Tornado cash, a mixer website used to obfuscate the origin and destination of your money has been blacklisted by the US Treasury. The implications prevent anybody from transacting with them which means, all the money held in their smart contract is effectively tainted. Funnily enough, they blacklisted only the contract address on the Ethereum but not the contract on Arbitrum or BSC. While it is no secret that this service was used by criminals (like DPRK) to launder their money, there are some legitimate use cases for such a product as well.Since all transaction data is on-chain (which is public) and can be queried by anybody, it poses serious risks to privacy of individuals. Connecting their wallet address with their real life identity and to their rest of of their transaction data leads to some disturbing scenarios like: Any (d)app you use will instantly know your entire transaction history Imagine you sign up with your email on a random website and they suddenly now have access to your entire bank statement. Higher medical insurance premiums because they know that you transacted often in an online pharmacy. Expensive delivery charges because they know you can afford it. Any donations to a controversial cause (which is legal) is attached to you but you don’t want to handle the repercussions You don’t want your patriotic Russian neighbors knowing that you donated to the Ukraine fund or your co-workers knowing that you donated to a particular political party Everybody will know your net worth Your employer will know how exactly you spend your funds. These are just use cases which are commonly known and well extrapolated already. However, there are so many scenarios and use cases which we haven’t even discovered yet as a society which one day which be also legitimate and common.For example, In the last decade, there has been an increasing number of headline-grabbing legal changes everywhere in the world: growing number of countries are working towards legalizing marijuana and same-sex marriages. While people laud these countries for being forward thinking and developed, these “legal” victories were mostly improbably without the ability to break the law at some point. If we lived in a dystopian future where the cops are 100% effective such that any and all law offenders would be caught magically, the above changes may not have come to happen. How would the country legalize a drug if nobody has ever used it? How could states decide that same sex marriage should be permitted, if nobody had ever seen or participated in a same sex relationship?We can only desire for a change based on what we know. If our present experiences are limited and controlled tightly, its gets harder to understand what is possible and should be allowed. In a liberal democracy, these marketplace of possibilities are presented in front our political system to eventually made into laws based on what the society wants. This is why illegal drug consumption is a necessary pre-condition to eventual drug legalizations. Even the internet originally was used for illegal commerce and was shunned away from adoption.While I digressed (ranted) away on the reasons why such bans are bad, the current scenario poses some other questions as well: What happens to the FOSS developers who contributed to the project? Are they sanctioned as well? What will happen to the tainted money? This figure is about $400M. I expect a secondary market for TCtETH (Tornado cash tainted ETH) What about the people who donated through Gitcoin? What happens to the protocols/pools/(d)apps which interacted with it?This also might be the first time where a piece of code got sanctioned.I really hope that the political authorities dig deeper and technically understand services like Tornado cash and come to a realization that criminal behavior exists everywhere and cannot be blanket banned by shutting down legitimate services. You can’t just end up banning hard cash just because its used by criminals and for money laundering. (They tried this in India but it didn’t go as expected).", "content_html": "” If you have nothing to hide, you have nothing to fear”
This is a common saying parroted by folks (made popular in the US after 9/11) for justifying many types of surveillance. It is also sometimes mistakenly used to justify the current blanket surveillance we all are a victim of. With the development in technology and rapid increase of surveillance budgets, law enforcement has gotten a lot easier as well.
Recently, Tornado cash, a mixer website used to obfuscate the origin and destination of your money has been blacklisted by the US Treasury. The implications prevent anybody from transacting with them which means, all the money held in their smart contract is effectively tainted. Funnily enough, they blacklisted only the contract address on the Ethereum but not the contract on Arbitrum or BSC. While it is no secret that this service was used by criminals (like DPRK) to launder their money, there are some legitimate use cases for such a product as well.
Since all transaction data is on-chain (which is public) and can be queried by anybody, it poses serious risks to privacy of individuals. Connecting their wallet address with their real life identity and to their rest of of their transaction data leads to some disturbing scenarios like:
Any (d)app you use will instantly know your entire transaction history
Any donations to a controversial cause (which is legal) is attached to you but you don’t want to handle the repercussions
Everybody will know your net worth
Your employer will know how exactly you spend your funds.
These are just use cases which are commonly known and well extrapolated already. However, there are so many scenarios and use cases which we haven’t even discovered yet as a society which one day which be also legitimate and common.
For example, In the last decade, there has been an increasing number of headline-grabbing legal changes everywhere in the world: growing number of countries are working towards legalizing marijuana and same-sex marriages. While people laud these countries for being forward thinking and developed, these “legal” victories were mostly improbably without the ability to break the law at some point. If we lived in a dystopian future where the cops are 100% effective such that any and all law offenders would be caught magically, the above changes may not have come to happen. How would the country legalize a drug if nobody has ever used it? How could states decide that same sex marriage should be permitted, if nobody had ever seen or participated in a same sex relationship?
We can only desire for a change based on what we know. If our present experiences are limited and controlled tightly, its gets harder to understand what is possible and should be allowed. In a liberal democracy, these marketplace of possibilities are presented in front our political system to eventually made into laws based on what the society wants. This is why illegal drug consumption is a necessary pre-condition to eventual drug legalizations. Even the internet originally was used for illegal commerce and was shunned away from adoption.
While I digressed (ranted) away on the reasons why such bans are bad, the current scenario poses some other questions as well:
This also might be the first time where a piece of code got sanctioned.
I really hope that the political authorities dig deeper and technically understand services like Tornado cash and come to a realization that criminal behavior exists everywhere and cannot be blanket banned by shutting down legitimate services. You can’t just end up banning hard cash just because its used by criminals and for money laundering. (They tried this in India but it didn’t go as expected).
", "url": "https://rnikhil.com/2022/08/09/tornado-cash-block", "date_published": "2022-08-09T00:00:00+00:00", "date_modified": "2022-08-09T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2022/06/27/web3-gaming", "title": "Blockchain gaming - is it mostly hype?", "summary": null, "content_text": "A lot has been said and done about the feasibility of web3 gaming. Hyperbole stuff like “Decentralized games”, “P2E is the future of gaming”, etc are great marketing content but fall short rapidly when examined closely. After seeing loads of money being invested into such projects, I was curious as a gaming PM to understand the thesis behind them. This post looks at the feasibility of various projects and the ideas behind them. While I don’t intend to take sides, I personally haven’t seen a legitimate use case for mixing blockchains and gaming yet. On a high level, the use cases can be classified like this: Decentralized financial stuff inside games Asset sharing and interoperable games Game dev DAOs Decentralized game distribution infra ACTUAL decentralized gamesPopular ways to bake in financial mechanics inside games are usually in the following manner: Play to earn gaming The current play-to-earn model is unsustainable because it relies too much on money coming in. When there are no new investors, the scheme collapses and leaves investors, in particular the new ones, holding the bag. (basically a ponzi scheme) Mixing economic incentives with games makes them unenjoyable. Users play games to escape reality and forcing you to grind there might make them actually feel like “work”. There exists a subclass of games where players compete to win and they are totally different. (card games, e-sports, etc). There are numerous reports of drop in Axie infinity DAU when the potential for money making reduced further emphasising the fact that people were playing to mainly earn/speculate rather than to actually enjoy the game Here is an article from STEPN which further explores the ponzi nature of the current P2E games: “Are all play-to-earn games Ponzi?” Pay to win This is basically implemented as micro transactions in the current industry. Its widely hated by all kinds of players. The most downvoted comment on reddit is basically EA trying to justify micro transactions on Star Wars Battlefront. EA sets a Guinness world record: https://www.thegamer.com/ea-guinness-world-record-most-downvoted-reddit-comment/ There are other games with financial mechanics inside them but they are basically gambling/betting/trading platforms. Apart from baking in financial mechanics, another common use case for blockchains inside games(or games inside blockchains) is interoperability and asset sharing between games. Imagine a world where you can use your car from RocketLeague on Mario kart. Even if one of the game shuts down, all your assets and achievements can be used/traded for in a different game. This is very hard to implement in real practice because thousands of game developers have to come together to agree on a standard to build assets on. Now, to enable this in an decentralized manner is a monumental task with some super complex infra requiring large amount of upfront capital. Forte.io is trying to solve this problem by building the common base Infra. They have raised about a billion dollars and have folks from gaming industry working on it. Maybe they go down this path and figure out a legitimate use case. Topology.gg is trying the above as well. Fractal.is is another startup from Justin (ex twitch founder) for building common sharable collectables for games. Folks behind Unity or CryEngine3 or Unreal Engine or any gaming engines could come together and bake in something like this in their SDK for faster adoption. If you can’t put the games on blockchain (they require ridiculous amount of compute and we have ETH doing 15txn per second) or money inside games, people have also tried to structure game studios as a DAO I see no exact reason for this. Why have a slow and decentralized org structure to make a centralized game? Its also comedic how many DAO’s think they can make the next GTA V with just 5 Million dollars However, I can see some creator focused games which can function as a DAO for better monetization and creative control. Stuff like custom Minecraft mods , Roblox, Garry’s mod can benefit from this. However, I would bucket this use case under web3 for creator economy rather than gaming Decentralized game distribution infrastructure is a legitimate use case (any decentralized file distribution for that matter) but beating incumbents like Steam would be a long and arduous task. You can maybe operate in a niche - SEGA emulator games on IPFS/Filecoin.Finally, most of the web3 games are currently centralized and don’t use any meaningful decentralization mechanism.In most games, the NFT’s are traded/stored on-chain whereas the game is still centralized, controller and developed by a single body. The wider decentralized gaming infrastructure will need peer-to-peer game clients (run by the players), decentralized storage layers, dedicated execution layers etc. This is a legitimate use case where we are super early.Games built and hosted on smart contracts with procedurally generated worlds have some cool possibilities which can be only accomplished inside a shared state machine like EVM. Check out Dark Forest for an early example on this. It is a universe-traversing, planet-capturing, real-time strategy game. The inspiration for the Dark Forest game is based on the novel of the same name, The Dark Forest. It is an open-source game, and all interactions within the game are validated by the Gnosis (previously xDai) blockchain.It is also the only game to utilize zkSnarks as a mechanic - the in-game fog of war.ConclusionBlockchains are useless for most games, but they can be used to enhance certain aspects, in specific cases. Censorship resistant game distribution, asset sharing, games on smart contracts are some areas where it may work. Current NFTs, GameFI etc are justifiably hated by the larger gaming community for the fact that they don’t add any real value yet.Did I miss any use case? Am I short sighted about something? Do let me know by writing to me here or tweeting to me here", "content_html": "A lot has been said and done about the feasibility of web3 gaming. Hyperbole stuff like “Decentralized games”, “P2E is the future of gaming”, etc are great marketing content but fall short rapidly when examined closely. After seeing loads of money being invested into such projects, I was curious as a gaming PM to understand the thesis behind them. This post looks at the feasibility of various projects and the ideas behind them. While I don’t intend to take sides, I personally haven’t seen a legitimate use case for mixing blockchains and gaming yet. On a high level, the use cases can be classified like this:
Popular ways to bake in financial mechanics inside games are usually in the following manner:
Play to earn gaming
The current play-to-earn model is unsustainable because it relies too much on money coming in. When there are no new investors, the scheme collapses and leaves investors, in particular the new ones, holding the bag. (basically a ponzi scheme)
Mixing economic incentives with games makes them unenjoyable. Users play games to escape reality and forcing you to grind there might make them actually feel like “work”. There exists a subclass of games where players compete to win and they are totally different. (card games, e-sports, etc). There are numerous reports of drop in Axie infinity DAU when the potential for money making reduced further emphasising the fact that people were playing to mainly earn/speculate rather than to actually enjoy the game
Here is an article from STEPN which further explores the ponzi nature of the current P2E games: “Are all play-to-earn games Ponzi?”
Pay to win
This is basically implemented as micro transactions in the current industry. Its widely hated by all kinds of players.
The most downvoted comment on reddit is basically EA trying to justify micro transactions on Star Wars Battlefront.
![\"Reddit](\"/assets/files/reddit.png\")
There are other games with financial mechanics inside them but they are basically gambling/betting/trading platforms.
Apart from baking in financial mechanics, another common use case for blockchains inside games(or games inside blockchains) is interoperability and asset sharing between games.
Imagine a world where you can use your car from RocketLeague on Mario kart. Even if one of the game shuts down, all your assets and achievements can be used/traded for in a different game. This is very hard to implement in real practice because thousands of game developers have to come together to agree on a standard to build assets on. Now, to enable this in an decentralized manner is a monumental task with some super complex infra requiring large amount of upfront capital.
Forte.io is trying to solve this problem by building the common base Infra. They have raised about a billion dollars and have folks from gaming industry working on it. Maybe they go down this path and figure out a legitimate use case. Topology.gg is trying the above as well. Fractal.is is another startup from Justin (ex twitch founder) for building common sharable collectables for games.
Folks behind Unity or CryEngine3 or Unreal Engine or any gaming engines could come together and bake in something like this in their SDK for faster adoption.
If you can’t put the games on blockchain (they require ridiculous amount of compute and we have ETH doing 15txn per second) or money inside games, people have also tried to structure game studios as a DAO
I see no exact reason for this. Why have a slow and decentralized org structure to make a centralized game? Its also comedic how many DAO’s think they can make the next GTA V with just 5 Million dollars
However, I can see some creator focused games which can function as a DAO for better monetization and creative control. Stuff like custom Minecraft mods , Roblox, Garry’s mod can benefit from this. However, I would bucket this use case under web3 for creator economy rather than gaming
Decentralized game distribution infrastructure is a legitimate use case (any decentralized file distribution for that matter) but beating incumbents like Steam would be a long and arduous task. You can maybe operate in a niche - SEGA emulator games on IPFS/Filecoin.
Finally, most of the web3 games are currently centralized and don’t use any meaningful decentralization mechanism.In most games, the NFT’s are traded/stored on-chain whereas the game is still centralized, controller and developed by a single body. The wider decentralized gaming infrastructure will need peer-to-peer game clients (run by the players), decentralized storage layers, dedicated execution layers etc. This is a legitimate use case where we are super early.
Games built and hosted on smart contracts with procedurally generated worlds have some cool possibilities which can be only accomplished inside a shared state machine like EVM. Check out Dark Forest for an early example on this. It is a universe-traversing, planet-capturing, real-time strategy game. The inspiration for the Dark Forest game is based on the novel of the same name, The Dark Forest. It is an open-source game, and all interactions within the game are validated by the Gnosis (previously xDai) blockchain.
It is also the only game to utilize zkSnarks as a mechanic - the in-game fog of war.
Blockchains are useless for most games, but they can be used to enhance certain aspects, in specific cases. Censorship resistant game distribution, asset sharing, games on smart contracts are some areas where it may work. Current NFTs, GameFI etc are justifiably hated by the larger gaming community for the fact that they don’t add any real value yet.
Did I miss any use case? Am I short sighted about something? Do let me know by writing to me here or tweeting to me here
", "url": "https://rnikhil.com/2022/06/27/web3-gaming", "date_published": "2022-06-27T00:00:00+00:00", "date_modified": "2022-06-27T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2022/06/15/gtoinspector-startup", "title": "GTO Inspector - Indie SaaS for poker pros", "summary": null, "content_text": " I was quite naive about selling software online!This document explores the hypothesis and my experience running an online business in the Indian poker ecosystem. Quick rundown of events: It is 2019 and I’ve been playing poker for about a year (it all started after I won a big tournament through a satellite right out of college). I then went and joined Indian Poker Pros (now defunct) to be staked and coached by them. Although I was crushing mid stakes MTTs comfortably; most of my shot taking didn’t work out because I was severely let down by my inability to put in volume partly due to my day job at Flipkart. Grinding a 8-9hr day job and 10-12hrs of poker takes a toll on body and mind as well. Due to aforementioned reasons, I moved to PLO cash for a flexible time schedule and a possible bigger edge vs opponents (Indians were studying MTTs harder than PLO). Sometime in 2020, I quit my job to focus on poker full time. Along the way, I met an amazing poker player named Kunal Agarwal and we built some tools to help improve my own game(he was my coach) and one such tool picked up steam in our stable across PLO players. Kunal had a bunch of scripts for analyzing our post game history and I worked alongside him to build a productized version of the software which is sellable to poker stables and professional players. While I won’t go into the details of the product in this post, you can watch a quick demo/tutorial video that I made, here: What problem were we solving? While there are coaches doing post game hand analysis and hand reviews, there was no systemic/automated way to figure out how much a player is deviating away from GTO and how much money he/she is losing because of it. Preflop poker studying was broken for PLO. A tool which narrows down pre flop mistakes super fast in an accurate fashion at a position*action level would help the player improve in preflop PLO (which is super hard to study, 270k starting hands vs 1.3k in NLHE ). Why? There was no such tool available in the market to help professional poker players. Serious players will pay real money for this because of the direct impact on their bottom line. We had already built a crude version for my own personal use. Other professionals wanted it and it was easy for me to start a poker business starting from this PLO tool. Market potential All professional PLO players in the world given we are making a global product. Jnandez showing his financials sort of helped clarify the scope of the market as well. Coaching is super high ARPU business. How?Validation approach Distribute the crude version among the poker stable members (About 10 folks) Everybody loved the tool and wanted a full fledged dashboard. Coaches were willing to pay me to work on this full time (apart from my coaching fees on newer players) Given the positive feedback from my circle (read: bubble), and the market potential, we went ahead building a MVP of the tool. The idea was to first launch the PLO version and then eventually expand into more popular game formats like NLHE/Tournaments. GTM We ended up building a small internet business around the product selling to PLO professionals in India, Europe and Mexico. Our early acquisition costs were high but we didn’t pay heed due to high premiums we were charging in the early days (mostly high stakes regs) Lesson : Keep a close eye on the acquisition channels and their corresponding costs from early on. A simple forecast would have helped us avoid some expensive mistakes (Lot of paid marketing) Within the first month, we had almost every professional PLO player in India as a customer. Initial customers loved it. Notable Anecdotes: “A PLO professional”: I found out I was leaking close to 25bb/100 cold calling 2bets which I didn’t realize before. Made me tighten up and study by calling ranges again. “A seasoned recreational PLO player”: After you made me upload my Adda52 hand history of 3L hands, I understood that playing GTO makes money in the long run. Knowing that I am not skilled to deviate profitably from GTO has been eye opening. When we tried to scale the business, the obvious issues started showing up. They included high acquisition costs, bad retention rates for foreign players and the general lack of a sizable market for such a product. ConclusionI had a couple paths forward after reaching monopoly in the Indian PLO market. I could continue scaling the PLO tool or build newer poker tools for bigger audiences. Sell the PLO tool to more players (India and abroad) Recreational players found it expensive and hard to learn the terminologies One direct solution was to start building PLO education content around the product and give it away for free. I personally did not find this enjoyable to work on. Re-visiting the basics didn’t seem fun to me. I could also take in interested players, coach them using my tools, in return for their future profits. I eventually ended up starting a poker stable (a staking operation. Same concept as prop trading firms) structured around this tool and other such proprietary tools to monetize the new-to-poker-theory players and PLO regulars wanting to improve/get staked. This ended up working out super well and still does to some extent. At its peak we had 15 students playing for us. Professionals abroad found it basic This was expected. I had a long roadmap of cooler stuff I wanted to build and monetise. I had crude python scripts ready for studying post flop GTO as well. Never got there due to the way I decided to scale the business. The entire thing was also bootstrapped by friends plus I was running out of patience. Recreational players abroad are super expensive to acquire and retain Supporting multiple poker web site hand history formats and building hand converters also became a nightmare with our limited engineering bandwidth Build more poker tools for popular variants like NLHE and tournaments My experience trying to scale the PLO business made me understand how small the entire market is. Definitely wasn’t worth the time and effort. I was no longer naively optimistic. I was asked super often to build a version of the tool for MTTs by my poker friends. Glad I didn’t blindly follow my customers. Start monetising other proprietary tools (custom built for my staking operation) by selling it to poker websites We had built some chip dumping and collusion detection tools to help our stable players identify profitable tables. On the flip side, there was demand from poker companies willing to use this to find multi-accounters, colluders, bonus chip abusers, RTA users etc. I ended up personally consulting and working with leading poker sites in India to build their anti-fraud systems. Continue selling it to stables and professionals and figure different opportunities I ended up doing the above two. While I was exploring options, I was reached out by a recruiter looking to hire somebody to build their poker vertical at Paytm. I found this to be a good time to explore building something from scratch with smart folks and joined them at the start of 2022 Afterthought If I have to do it all over again, I would: Definitely pick a better market. Poker needs to grow as a game globally before there is a meaningful sized market for study tools especially in a country like India. I wasn’t okay serving just 100 customers. Experiment faster. I wasted a lot of time perfecting the tool for my initial PLO customers. ", "content_html": "I was quite naive about selling software online!
This document explores the hypothesis and my experience running an online business in the Indian poker ecosystem.
Quick rundown of events:
It is 2019 and I’ve been playing poker for about a year (it all started after I won a big tournament through a satellite right out of college). I then went and joined Indian Poker Pros (now defunct) to be staked and coached by them. Although I was crushing mid stakes MTTs comfortably; most of my shot taking didn’t work out because I was severely let down by my inability to put in volume partly due to my day job at Flipkart. Grinding a 8-9hr day job and 10-12hrs of poker takes a toll on body and mind as well.
Sometime in 2020, I quit my job to focus on poker full time. Along the way, I met an amazing poker player named Kunal Agarwal and we built some tools to help improve my own game(he was my coach) and one such tool picked up steam in our stable across PLO players. Kunal had a bunch of scripts for analyzing our post game history and I worked alongside him to build a productized version of the software which is sellable to poker stables and professional players. While I won’t go into the details of the product in this post, you can watch a quick demo/tutorial video that I made, here:
While there are coaches doing post game hand analysis and hand reviews, there was no systemic/automated way to figure out how much a player is deviating away from GTO and how much money he/she is losing because of it. Preflop poker studying was broken for PLO.
A tool which narrows down pre flop mistakes super fast in an accurate fashion at a position*action level would help the player improve in preflop PLO (which is super hard to study, 270k starting hands vs 1.3k in NLHE ).
There was no such tool available in the market to help professional poker players. Serious players will pay real money for this because of the direct impact on their bottom line.
We had already built a crude version for my own personal use. Other professionals wanted it and it was easy for me to start a poker business starting from this PLO tool.
Market potential
Validation approach
Distribute the crude version among the poker stable members (About 10 folks)
Given the positive feedback from my circle (read: bubble), and the market potential, we went ahead building a MVP of the tool. The idea was to first launch the PLO version and then eventually expand into more popular game formats like NLHE/Tournaments.
GTM
We ended up building a small internet business around the product selling to PLO professionals in India, Europe and Mexico. Our early acquisition costs were high but we didn’t pay heed due to high premiums we were charging in the early days (mostly high stakes regs)
Within the first month, we had almost every professional PLO player in India as a customer. Initial customers loved it.
“A PLO professional”: I found out I was leaking close to 25bb/100 cold calling 2bets which I didn’t realize before. Made me tighten up and study by calling ranges again.
“A seasoned recreational PLO player”: After you made me upload my Adda52 hand history of 3L hands, I understood that playing GTO makes money in the long run. Knowing that I am not skilled to deviate profitably from GTO has been eye opening.
When we tried to scale the business, the obvious issues started showing up. They included high acquisition costs, bad retention rates for foreign players and the general lack of a sizable market for such a product.
I had a couple paths forward after reaching monopoly in the Indian PLO market. I could continue scaling the PLO tool or build newer poker tools for bigger audiences.
Sell the PLO tool to more players (India and abroad)
Recreational players found it expensive and hard to learn the terminologies
One direct solution was to start building PLO education content around the product and give it away for free. I personally did not find this enjoyable to work on. Re-visiting the basics didn’t seem fun to me.
I could also take in interested players, coach them using my tools, in return for their future profits. I eventually ended up starting a poker stable (a staking operation. Same concept as prop trading firms) structured around this tool and other such proprietary tools to monetize the new-to-poker-theory players and PLO regulars wanting to improve/get staked.
This ended up working out super well and still does to some extent. At its peak we had 15 students playing for us.
Professionals abroad found it basic
This was expected. I had a long roadmap of cooler stuff I wanted to build and monetise. I had crude python scripts ready for studying post flop GTO as well.
Never got there due to the way I decided to scale the business. The entire thing was also bootstrapped by friends plus I was running out of patience.
Recreational players abroad are super expensive to acquire and retain
Build more poker tools for popular variants like NLHE and tournaments
My experience trying to scale the PLO business made me understand how small the entire market is. Definitely wasn’t worth the time and effort. I was no longer naively optimistic.
I was asked super often to build a version of the tool for MTTs by my poker friends. Glad I didn’t blindly follow my customers.
Start monetising other proprietary tools (custom built for my staking operation) by selling it to poker websites
We had built some chip dumping and collusion detection tools to help our stable players identify profitable tables. On the flip side, there was demand from poker companies willing to use this to find multi-accounters, colluders, bonus chip abusers, RTA users etc.
Continue selling it to stables and professionals and figure different opportunities
I ended up doing the above two.
While I was exploring options, I was reached out by a recruiter looking to hire somebody to build their poker vertical at Paytm. I found this to be a good time to explore building something from scratch with smart folks and joined them at the start of 2022
If I have to do it all over again, I would:
Definitely pick a better market. Poker needs to grow as a game globally before there is a meaningful sized market for study tools especially in a country like India. I wasn’t okay serving just 100 customers.
Experiment faster. I wasted a lot of time perfecting the tool for my initial PLO customers.
Its been a while since I updated the website. While trying to setup a Jekyll environment, I ended up in dependency hell and decided to just boot the entire ruby installation instead of fixing the circular configs. This time, I am using a theme called Minima in its dark mode version. You may notice some parts of the website still broken or unfinished. Apologies!
I would also be uploading posts/notes which I’ve wanted to share earlier while I was building a career/business in poker – a post game study tool for PLO professionals.
I am currently working on building the poker vertical at Paytm First Games. We recently launched tournaments and PLO is coming next. After I wrapped my startup, I was thinking about next steps in the ecosystem and this made perfect sense. Will be writing more about my work here in future posts.
In my spare time, I’ve been building some bots and playing with flashbots/ MEV. I’ve started doing this after losing a significant percent of my net worth in the recent crash (yield farming and leverage). I don’t play as much PLO these days apart from some private games.
I was working on the Luasec library over the summer mainly on fixing the HTTPS redirects, the CONNECT proxy implementation (for redirecting requests over the HTTP CONNECT tunnel) and adding support for HTTP/2(Client).
My fork of Luasec(dev branch) can be found here which has all the recent updates as part of GSoC and all the relevant commits.
HTTPS Module
I was working to add features for the HTTPS module during the first part of GSoC. It now supports the ability to talk HTTPS with a proxy, redirects through or without the proxy for HTTPS URLs, certain low level HTTP API functions are exposed and also supports SNI now. Work done in this section are relevant to this file.
CONNECT proxy support for HTTPS. Now Luasec can be used to initiate a CONNECT tunnel to a HTTPproxy which enables the proxy to relay encrypted packets between Luasec and the final destination. This also works when redirects are enabled. While redirecting HTTPS->HTTPS or HTTP->HTTPS or HTTPS->HTTP(if the unsaferedirect paramter is set) it creates a new tunnel with the proxy for the new redirected destination.
Support for HTTPS redirects with an additional safeguard for preventing unsafe redirects from HTTPS->HTTP. This involves usage of the unsaferedirect paramter.
Merge and refactor the HTTP module from luasocket into luasec thus unifying the HTTPS module. All the HTTP low level functions have been imported into luasec now. This was done to increase code reuse within the library.
Test server name indication so that it conforms to section 3.1 of RFC 3546 which can found here.
More details on how to use it and references for the functions can be found on the wiki page of my fork here.
HTTP/2 Module
This portion of the module was worked on during the second part of GSoC. I went by implementing RFC’s sequentially while also trying to make sure that I had a basic implementation for sending and receving frames working all along. Work done in this section are relevant to these files.
The Codec Module is used for string packing and unpacking. It provides a unified interface for various modes in string.pack and string.unpack functions. The Bit operation module smoothens out all the various lua bit libraries and versions. The bit libary with luajit, bit32 libary with lua 5.2 and lua 5.3 built in bit operators are wrapped in a unified function.
The RFC I used can be found here. I also used the lua-http module for lot of reference code. The module can be found here. The Bit operation module, error module was taken from lua-http and modified to work with luasec. The stream module has certain functions which are taken from lua-http with the cqueue dependency removed and modified to work with luasocket.
The first two sections in the RFC are just an introduction and a generic protcol overview.
1) Section 3
It deals with starting a HTTP/2 connection.
Starting HTTP/2 for HTTP url’s (No TLS) involved implementing a upgrade mechanism which informs the server of the upgrade request. For TLS connections the socket is just wrapped with luasec.
The connection preface is sent after both the client and server have decided to use HTTP/2.
This section has been completely implemented.
2) Section 4
It deals with support for all the relevant frame types.
The HTTP/2 connection module implementing ( send and receive frame functions) the support for sending basic frames like SETTINGS, HEADERS etc has been finished. It supports
Add a HTTP -> HTTP/2 negotiation scheme so that upgrade requests can be sent from Luasec.
Maintain a Header table on the client side for implementation of HPACK later on.
Recieve a process a SETTINGS frame and then also send back a SETTINGS ACK frame thus establishing the stream parameters.
Implemented functions for writing priority(which specifies the sender advised priority of the stream), rst_stream (which allows for immediate termination of stream), ping(which helps measure the minimal roundtrip from the sender as well as for determining whether an idle connection is functional), data(which sends http data), headers(which sends http headers), window_update frames(which is used for implementing flow control), settings( stream session settings), push_promise(which notifies the peer endpoint in advance of stream the sender intends to initiate) etc. to the socket. All these functions are documented in the wiki.
3) Section 5
This section deals with Streams and multiplexing them over the same TCP connection or socket.
This portion has been partially implemented. I tried making a non blocking version using copas for dispatching and creating a queue. It presently works with the socket.select() function from luasocket which it uses to wait on the socket to find out if it’s ready to be read or written to. There are basic definition for send and receive functions.
There is a simple implementation of a priority queue. I set a priority flag and if it’s set I send up that stream first.
Feature implementing the monitoring of stream states is also done which enables the module to be aware of the stream state and respond accordingly.
4) Section 6
This section deals with the different frame types and their definition.
This portion has been completely implemented. The send_frame function in the module supports all the 10 types of frames.
Section 7 deals with the error module for which I have added a basic module which can be found here.
Section 8 deals with HTTP/2 connection management and deals just with specifying which frames have been used for what kind of requests and what to do when we receive a response. I used this section as a reference for implementing my HTTP/2 connection module. Other sections in the RFC are also just considerations and references for a good implementation.
One of the most important part of this was reading RFC’s and learning to adhere to the specs. Also learnt a lot about debugging a network protocol implementation while getting to know the internals. More details about the implementation and references can be found in the wiki.
Remove the fake connection object from the HTTPS module which become pointless after the integration.
Make the connection module non blocking.
Try to merge the existing PR supporting the ALPN negotiation scheme.
I have been implementing HTTP/2 based on the RFC going through it one by one. I took a lot of template code from the lua-http module which can be found here. Certain modules from lua-http were imported without much changes but have been modified to work with luasec. The connection:methods and stream:methods are mostly based on lua-http module which I have worked on to work with luasocket.
Section 7 deals with HTTP/2 error codes for which we have to implement a module specifying the same. Based on this module it also has to be linked with the existing implementation so that all the error’s (essentially error messages) get redirected to it and we receive proper error messages for debugging effectively.
Section 9 deals with Additional HTTP/2 requirements like connection management, setting up and following a priority tree and connection reuse.
", "url": "https://rnikhil.com/2017/08/23/luasec-https-library", "date_published": "2017-08-23T00:00:00+00:00", "date_modified": "2017-08-23T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2016/12/12/port-knocking-python", "title": "A Secure Portknocking Implementation - Portsmith", "summary": null, "content_text": "SourcePort Knocking is a concept where the ports on a particular computer appear to be closed until a special packet/port knock sequence is established. It is a method of externally opening ports in a system by doing a sequence of connection attempts on a set of pre-specified closed ports. Once a correct sequence of connection attempts is made, the firewall rules are dynamically modified to allow the external system to connect to a specified port. This concept has been around for a long time and you can check out some implementations here.Why?I had a server on Digital Ocean(DO) which kept getting pwned and used for DDosing some poor soul. DO used to shut down networking for my node every four days or so. At least I think this was the case since I had some unauthenticated services running on it. I was using the server as a proxy with an open port on the server at all times. Maybe a botnet was spreading by scanning the network for vulnerable hosts and then exploiting them ? I am not sure. DO has to figure that out.Anyway, I decided to do something about it and when searching for a method to obscure networking services, I found PortKnocking.The purpose of this was to prevent port scanners from scanning target systems for exploitable services. The ports appear closed unless the attacker sends the correct knock sequence/packet to the machine. Initially, it was supposed to be a series of connection attempts or knocks on a series of ports but this kind of mechanism was vulnerable to replay attacks. A person watching the network could easily figure out which ports are knocking before a connection is established.ImplementationWarning: This project is not ready to be used in production. This is version 0.1(alpha). There are still bugs to be fixed and edge cases to be handled. I would continue working on this in my free time.Server side:Requirements: Python 3 Cryptography module ( this need OpenSSL too)Instead of making the client ping a couple of ports, I decided to close all ports and log all connection attempts to these firewalled ports to /var/log/kern.log. I plan to send one encrypted packet to the server which contains the details for the port to be opened. I parse kern.log to to find my encrypted packet and authorize clients.There is a small script running a bunch of iptables command to close all ports and reject all incoming connections.First step would be creating keys for each client. I call this profiles. One user can have multiple laptops connecting to the same server.sudo python3 create-profile.py profilename portnumberThis creates a folder at ‘/etc/portsmith.d’ and also a subfolder with the profile name. The subfolder contains two files. One is the encryption key which must be kept secret and other is the knockPort which the client has to knock.The encryption key is a URL-safe base64-encoded 32-byte key. This must be kept secret. Anyone with this key will be able to create and read messages. This folder has to be transferred to the client computer securely using ‘scp’ or some other method.After this, the server can start listening for knocks.sudo python3 server.pyClient side:The Knocker:sudo python3 knocker.py portToOpen hostI use hping3 to craft TCP packets. The knock packet is encrypted using the key transferred from the server and then sent to the knockport. It gets logged into kern.log which is read by Portsmith. It is then decrypted and the required port is then opened for the sourceIP using a custom iptables command.As you can see above, there is hardly any complex logic involved in PortKnocking. There are implementations ranging from simple bash scripts to fully featured C servers which inspect all incoming packets using libpcap. I didn’t want an another extra network service running since this is against the whole point of PortKnocking in the first place.TODO1) It currently uses Fernet Symmetric Encryption Library from the cryptography package. It’s source and spec can be found here and here respectively. It uses: AES in CBC mode with a 128 bit key for encryption; using PKCS7 for padding HMAC using SHA256 for authenticationThis is a high level library. I would like to rewrite the cryptomethods using cryptographic.primitives instead. Maybe try out AES in CTR mode ? Either way, the crypto methods are going to be rewritten using low level (hazmat :P) functions. I think this would be good learning experience.2) Support for multiple profiles on the server. This is almost done.3) Check and add user permissions when accessing directories, running system commands and changing iptables rules.4) Fork out the code which has to be run as root and separate it. This would increase security and take the project closer to be used in production.5) Right now, it only opens ports. It should also close ports after a specified window if there is no successful connection. Also, handle a lot of exceptions and edge cases.6) Make a daemon for running on the server.7) I had implemented a simple socks proxy. It performs the required knocks, makes sure the port gets opened before sending the application data to the particular server. Any application supporting socks proxy could technically use it but I couldn’t get it to work properly. Work on the proxy.7) REWRITE as a kernel module ???? I remember seeing a patch for the linux kernel implementing Portknocking somewhere. Would be amazing if someone could link me to it.", "content_html": "Port Knocking is a concept where the ports on a particular computer appear to be closed until a special packet/port knock sequence is established. It is a method of externally opening ports in a system by doing a sequence of connection attempts on a set of pre-specified closed ports. Once a correct sequence of connection attempts is made, the firewall rules are dynamically modified to allow the external system to connect to a specified port. This concept has been around for a long time and you can check out some implementations here.
I had a server on Digital Ocean(DO) which kept getting pwned and used for DDosing some poor soul. DO used to shut down networking for my node every four days or so. At least I think this was the case since I had some unauthenticated services running on it. I was using the server as a proxy with an open port on the server at all times. Maybe a botnet was spreading by scanning the network for vulnerable hosts and then exploiting them ? I am not sure. DO has to figure that out.
Anyway, I decided to do something about it and when searching for a method to obscure networking services, I found PortKnocking.
The purpose of this was to prevent port scanners from scanning target systems for exploitable services. The ports appear closed unless the attacker sends the correct knock sequence/packet to the machine. Initially, it was supposed to be a series of connection attempts or knocks on a series of ports but this kind of mechanism was vulnerable to replay attacks. A person watching the network could easily figure out which ports are knocking before a connection is established.
Warning: This project is not ready to be used in production. This is version 0.1(alpha). There are still bugs to be fixed and edge cases to be handled. I would continue working on this in my free time.
Requirements:
Instead of making the client ping a couple of ports, I decided to close all ports and log all connection attempts to these firewalled ports to /var/log/kern.log. I plan to send one encrypted packet to the server which contains the details for the port to be opened. I parse kern.log to to find my encrypted packet and authorize clients.
There is a small script running a bunch of iptables command to close all ports and reject all incoming connections.
First step would be creating keys for each client. I call this profiles. One user can have multiple laptops connecting to the same server.
sudo python3 create-profile.py profilename portnumberThis creates a folder at ‘/etc/portsmith.d’ and also a subfolder with the profile name. The subfolder contains two files. One is the encryption key which must be kept secret and other is the knockPort which the client has to knock.
The encryption key is a URL-safe base64-encoded 32-byte key. This must be kept secret. Anyone with this key will be able to create and read messages. This folder has to be transferred to the client computer securely using ‘scp’ or some other method.
After this, the server can start listening for knocks.
sudo python3 server.pyThe Knocker:
sudo python3 knocker.py portToOpen hostI use hping3 to craft TCP packets. The knock packet is encrypted using the key transferred from the server and then sent to the knockport. It gets logged into kern.log which is read by Portsmith. It is then decrypted and the required port is then opened for the sourceIP using a custom iptables command.
As you can see above, there is hardly any complex logic involved in PortKnocking. There are implementations ranging from simple bash scripts to fully featured C servers which inspect all incoming packets using libpcap. I didn’t want an another extra network service running since this is against the whole point of PortKnocking in the first place.
1) It currently uses Fernet Symmetric Encryption Library from the cryptography package. It’s source and spec can be found here and here respectively. It uses:
This is a high level library. I would like to rewrite the cryptomethods using cryptographic.primitives instead. Maybe try out AES in CTR mode ? Either way, the crypto methods are going to be rewritten using low level (hazmat :P) functions. I think this would be good learning experience.
2) Support for multiple profiles on the server. This is almost done.
3) Check and add user permissions when accessing directories, running system commands and changing iptables rules.
4) Fork out the code which has to be run as root and separate it. This would increase security and take the project closer to be used in production.
5) Right now, it only opens ports. It should also close ports after a specified window if there is no successful connection. Also, handle a lot of exceptions and edge cases.
6) Make a daemon for running on the server.
7) I had implemented a simple socks proxy. It performs the required knocks, makes sure the port gets opened before sending the application data to the particular server. Any application supporting socks proxy could technically use it but I couldn’t get it to work properly. Work on the proxy.
7) REWRITE as a kernel module ???? I remember seeing a patch for the linux kernel implementing Portknocking somewhere. Would be amazing if someone could link me to it.
", "url": "https://rnikhil.com/2016/12/12/port-knocking-python", "date_published": "2016-12-12T00:00:00+00:00", "date_modified": "2016-12-12T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" }, { "id": "https://rnikhil.com/2016/05/03/sailor-lua-elasticsearch-admincenter", "title": "Sailor - A MVC framework in Lua", "summary": null, "content_text": "I will be working with Lablua this summer as part of Google Summer of Code (GSoC). I shall be extending the Sailor framework by adding an centralized configuration editor and adding integrations to facilitate Elasticsearch indexes to be stored as Sailor Models. Sailor is a Web Framework. View the proposal hereWhat is a Web Framework ?From Wikipedia, A web framework (WF) or web application framework (WAF) is a software framework that is designed to support the development of web applications including web services, web resources and web APIs.As it says, it’s basically used to remove the same redundant overhead associated with creating web applications. Most web applications have/do the following things Database access, mapping, configuration Session Management User Interfaces Secure authorization and authentication URL routing/mappingWeb frameworks promote code re-use by providing easy ways to do the above mentioned stuff. They differ in each other in their architectural pattern, the most common one being the M(Database logic) V(User Interface) C(Business logic) MVC architecture.I will be working on a Web Framework named Sailor this summer.SailorSailor is a web development framework and all applications are structured in a MVC(Model-View-Controller) architecture. It uses a Javascript virtual machine for use of Lua in the browser if required. An example of the JS Virtual Machine can be found hereFeatures Compatible with Lua 5.1, Lua 5.2 and LuaJIT MVC Structure Routing Friendly URL’s Lua at Client using JS virtual machines deployed with the application Model generation from the database CRUD function generation using the models Validation module Object relational mapping(ORM layer for the database) Form Generation Integrated Themes and layouts Runs on both nix and windowsWhat exactly am I doing for Sailor ?Centralized configuration editorMost web frameworks generally have an admin center for editing configuration files, making controllers, models etc. Sailor has autogenerator fucntions which create models and controllers for you. My task is to encompass a configuration file editor, the autogen functions inside a protected environment for use in development.Elasticsearch IntegrationElasticsearch is a search database server based on Apache Lucene. It can be used to search all kinds of documents. It provides scalable search, has near real-time search, and supports multitenancy(One instance of a software being shared by multiple users). There is a low level client for this in lua called elasticsearch-lua and I shall be integrating this into Sailor. Once done, you can search an elasticsearch instance using the form module in Sailor. You can also use Elasticsearch indexes as Sailor Models.Edit: I worked on these features and you can see the corresponding pull request here.", "content_html": "I will be working with Lablua this summer as part of Google Summer of Code (GSoC). I shall be extending the Sailor framework by adding an centralized configuration editor and adding integrations to facilitate Elasticsearch indexes to be stored as Sailor Models. Sailor is a Web Framework. View the proposal here
From Wikipedia,
A web framework (WF) or web application framework (WAF) is a software framework that is designed to support the development of web applications including web services, web resources and web APIs.As it says, it’s basically used to remove the same redundant overhead associated with creating web applications. Most web applications have/do the following things
Web frameworks promote code re-use by providing easy ways to do the above mentioned stuff. They differ in each other in their architectural pattern, the most common one being the M(Database logic) V(User Interface) C(Business logic) MVC architecture.
I will be working on a Web Framework named Sailor this summer.
Sailor is a web development framework and all applications are structured in a MVC(Model-View-Controller) architecture. It uses a Javascript virtual machine for use of Lua in the browser if required. An example of the JS Virtual Machine can be found here
Centralized configuration editor
Most web frameworks generally have an admin center for editing configuration files, making controllers, models etc. Sailor has autogenerator fucntions which create models and controllers for you. My task is to encompass a configuration file editor, the autogen functions inside a protected environment for use in development.
Elasticsearch Integration
Elasticsearch is a search database server based on Apache Lucene. It can be used to search all kinds of documents. It provides scalable search, has near real-time search, and supports multitenancy(One instance of a software being shared by multiple users).
There is a low level client for this in lua called elasticsearch-lua and I shall be integrating this into Sailor. Once done, you can search an elasticsearch instance using the form module in Sailor. You can also use Elasticsearch indexes as Sailor Models.
Edit: I worked on these features and you can see the corresponding pull request here.
", "url": "https://rnikhil.com/2016/05/03/sailor-lua-elasticsearch-admincenter", "date_published": "2016-05-03T00:00:00+00:00", "date_modified": "2016-05-03T00:00:00+00:00", "author": "{"twitter"=>nil, "name"=>nil, "avatar"=>nil, "email"=>nil, "url"=>nil}" } ] }