Emergent ChaosAnd yet it's the bold ideas that generate the biggest returns. Any really good new idea will seem bad to most people; otherwise someone would already be doing it. And yet most VCs are driven by consensus, not just within their firms, but within the VC community. The biggest factor determining how a VC will feel about your startup is how other VCs feel about it. I doubt they realize it, but this algorithm guarantees they'll miss all the very best ideas. The more people who have to like a new idea, the more outliers you lose.Paul is absolutely right. The more people who have to like a new idea, the more outliers you miss. However, any really good new idea is likely a combination of one really good insight, and several bad ones. It's hard to dis-entangle them until you engage with the market. There's a real question of how expensive that will be. There's also the question of will a really bold new inventor listen enough to make the idea successful?
When I was at Zero-Knowledge, we spent a lot of time exploring ideas which have now come to fruition. Zero-Knowledge, under the name RadialPoint, is thriving. Selling security and privacy to consumers makes sense as part of an ISP package. Making it work, and figuring out what people were ready for, took a while. Some of the bits that they weren't ready for, and perhaps weren't ready for the market include the IP level privacy, a problem that the Tor Project is hard at work on. We also worked hard on 'private credentials, which Credentica launched as U-Prove, and has since been acquired by Microsoft.
We had lots of new ideas at Zero-Knowledge, and a set of happy outcomes (as shareholders know).
But Zero-Knowledge, while bold, wasn't even absolutely new. It was built on the ideas of the cypherpunks, and we even had a Chief Cypherpunk. Similarly, Google wasn't the first of the search engines. It was innovative in how it worked, but it was several years after Yahoo!, AltaVista, and Ask. The bold ideas took a while to become profitable ideas.
So I think that it's absolutely wonderful that we have a creative, chaotic froth of very little companies, and that Paul helps make that happen. I wish there were more. I love seeing what emerges from that chaotic experimentation. But that experimentation can be tremendously expensive, with people chasing many variations of the ideas.
Paul is chasing a variation on how funding happens. He believes passionately in that vision, and is putting his money where his mouth is. Will it work? Who knows? I'm glad there's chaotic experimentation, and if Paul succeeds, I'm sure he'll have many imitators.
Bookmark this post:
So how do banks make money? It's 'easy.' They sell you a loan at a higher rate than they'd be willing to settle for. A mortgage is a big, unpleasant, complex process that includes some stranger pawing through your financial life. Making a bad choice is worrisome. Most people apparently get very few quotes, and are told that their rate depends on their credit score.
There's a strong imbalance in the information that each side has, and my friends at SmartHippo have just launched a site to help correct that imbalance.
If you're getting a mortgage, or just want to compare, check these folks out. I really like what they're doing and where they're going.
What would it be like if buying lemonade was as complicated as shopping for mortgage rates? See what happens when little Jenna opens a lemonade stand and tries to maximize profit at the expense of her customers.
Bookmark this post:
Zero-Knowledge Systems was one of the hottest startups of the internet bubble. Unlike internet companies selling pet food or delivering snacks to stoners, Zero-Knowledge was focused on bringing privacy to all internet users. We had some fantastic technology which was years ahead of its time. And people often ask me "whatever happened to them?"
The company has re-focused its business model, changed its name to Radialpoint, become profitable, and become the fastest growing company in Quebec (based on 5 year revenue growth). As Austin Hill writes in "Radialpoint gets some Prophetic Love:"
I want to congratulate my brother Hamnett, father Hammie and the entire team at Radialpoint who were just honored by Profit Magazine as the fastest growing company in Quebec (measured in 5 year revenue growth) and the 32 fastest in Canada.I'll join Austin in sending the entire Radialpoint team congratulations.
It's a great team, and they've done a fantastic job transitioning from promise to a reality for their partners and customers.
Bookmark this post:
"It's too late, baby"
Yeah, I'm dating myself, but Tapestry was huge, and she and Goffin had some serious songwriting chops.
Anyway, the "it" about which it's too late is, yes, a relationship. An important relationship. A relationship which, while admittedly not exclusive, is "open" in a hopefully honest, fulfilling, respectful way. That relationship is the one you have with your personal information.
Well, bad news. That info is all over town, for anybody who can pay the bills, and you don't know the half of it. That, at least, is the opinion of David Cowan, a VC at Bessemer Venture Partners, blogging about Lifelock:
It would be quite a stretch for you to imagine that somehow your data remain safely stored among all the vendors, doctors, banks, web sites, and government agenices[sic] whom you've engaged in your lifetime. More likely, your personal credentials are all for sale in black market exchanges like this one.In other words, the horses are out of the barn. There's little point trying to re-tool or regulate the world's IT infrastructure to contain consumer data. Even if your concern is future generations whose identities are still safe from thieves, there are so many ways for data to leak that it's futile to expect brittle secrets like our social security numbers to be both useful and sustainably confidential.
Here, Cowan echoes the response I got over a beer when I asked a knowledgeable observer of the financial industry how he'd estimate the number of compromised identities (I figured he'd know about fraud detection and so on). I knew I was in for some fun when his response began with "You're not going to like the answer...". It seems that in his opinion all our PII belongs to them. It's merely a question of monetizing it. (Listen closely -- that sound you hear is Lindstrom saying "Yessss!!!")
I am not qualified to assess whether Lifelock or Debix, or any other player in this space is a sensible investment. I will say that, as I understand it, their value proposition could be obliterated with a stroke of the pen, which leads me to a conclusion, and to a question.
That smart people are willing to attach their names and wallets to these enterprises shows me that US consumers won't have true control over access to their personal information for the foreseeable future because legislation providing it is seemingly not forthcoming.
To those who argue that the data are already all out there, my question is "Is that a falsifiable hypothesis?"
Bookmark this post:
What's most interesting to me is how new companies are trying to tap into customer enthusiasm to build not only value for their customers, but a community. The companies that really succeed at building a community will find it a double edged sword--their communities will be their biggest asset, and the hardest thing to change. At the same time, it's done great things for companies like Flickr, and it's a welcome change to be treated as a person, rather than as a monetizable eyeball.
Bookmark this post:
Bookmark this post:
There's a fascinating article in the New York Times last week, "Expunged Criminal Records Live to Tell Tales" about how companies like Choicepoint which collect and sell public records don't pick up orders to expunge those records.
I didn't have much to add, and figured the Times doesn't need me to pimp their articles (they get a few more readers each day than we do), so I let it alone.
Then I saw Gunnar Peterson discuss "Brian Chess on Evolving Risk Models:"
When a company starts its life it wants to take on as much risk as it possibly can, do something hard and prove it in the marketplace. If it is not too risky then a big company may take you out or there may be no market. Over time a successful company's market risk should go down as it gains market share.These design and implementation choices also live to tell tales. I expect over the next few years, a rise of highly effective testing tools will act as a force multiplier for elite researchers, making it less and less possible to expunge evidence or records of security choices made. We're going to have to start asking questions about security activity during the procurement process. Think of it as background checks for your software.Where this becomes interesting from a security standpoint is that early in the company's lifecycle, the business has high market risk, but little security risk, there is not much in the way of assets to target. But over time as the business gains market share its security risks grow. This puts security in a very interesting position where there have to make up for a lot of lost time even if the decisions to delay security made sense at the time, the risk profile have readjusted to the point where more mature businesses who are established in the market and have relatively little residual market risk, at the same time the business takes on more and more security risk. In general this means the code, the config, data and identity architectures all must play catch up to deal with the risk profile over time.
Bookmark this post:
I'm also really excited to share the news that my friends at Debix have launched their service, and it's now available to the public. It is, in my opinion, the best identity theft preventative measure available today, and you should seriously consider signing up.The way it works is that they put a lock on your credit file, so that creditors opening new accounts need to contact you, through Debix, in order to open a new account. This is better than a standard fraud alert because Debix maintains records. So if someone opens an account and you weren't contacted, it's not a matter of he said/she said. There's a neutral party who can vouch for what didn't happen. This is better than credit monitoring because you prevent problems, rather than try to clean them up.
As Bo Holland, the CEO, says, there's nothing like putting the person who knows--you--at the center of your credit transactions.
Disclosure: I have a financial relationship with Debix.
Bookmark this post:
I have read repeatedly, most recently at Bejtlich's blog, that with the IBM-ISS and now Secureworks/LURHQ deals, Counterpane "must" be looking to get bought out. Why? As with management consultancies, could there not be room for a boutique that does one thing really well? Help me out, here.
Bookmark this post:
Now that ISS has been purchased by IBM? Or is consolidation not really happening?
Bookmark this post:
In "I Smell a Movement," Chris talks about the City-sec movement, of security people getting together for beer, and about groups like ISSA.
So the question I'd like to ask is why do these groups keep emerging so chaotically? Why can't the extant groups, usually formed for the same reasons, succeed?
I think there are two main reasons, the first involving group dynamics, and the second involving group dynamics success catastrophes.
As a group grows, there are lots of dynamics. One of those is that functional groups can get more done than individuals. There are also communication and alignment costs, which is why adding more programmers to a late project makes it later. Christopher Allen has written extensively about this in his posts on Dunbar numbers, such as "The Dunbar Number as a Limit to Group Sizes."
As a professional networking group hits some critical mass of interested early adopters, those early adopters put in work and get lots of value. Since a goal of the group is networking, they excitedly invite more people, telling them how great it is. The group grows. Newcomers may not invest the same level of energy (after all, things are working great, let's drink more!) As that happens, the selection functions that controlled early membership: Did you find out about it because you read the right blogs? Did you make time to attend?
As the group grows, the activities and energy that made it work may no longer suit what the group has become. This is why lots of startup founders leave: They're great in the early stages, but as they build the company, the very skills that made the early days work become dysfunctional. Startups often do this, at great cost, because there's a board of directors who are focused on a financial outcome. Professional societies, who take their boards from the enthusiastic membership, may not have that same focus. These groups want more of what made them valuable early on.
Thus, the habits and skills that make a group successful can end up holding it back. It's the catastrophe that follows success, and its why we have a growing list of professional organizations that don't do quite what some people want. When the groups don't serve the purpose, some enthusiastic people will set out to fill that gap, either in a market or in a social setting.
So what can you do about it? Me, I plan to drink lots of beer at the next SeaSec.
Photo: Zombarmy06 by Father.Jack.
Bookmark this post:
Helga Tawil Souri reclines on the couch at a friend's house in the Palestinian West Bank, getting sucked into an Egyptian movie about a woman in an insane asylum. Right before the climactic face-off, though, the screen goes black, and a different movie pops on. A visitor to the area, Souri is startled and a bit peeved. Her host, a dentist named Abu Mohammed, grins knowingly. He picks up his cell phone and dials the manager of the local television station. After gossiping and speculating about the weather for a few minutes, Mohammed gets to the point: "Look, if it's not too much trouble, can you put the movie back on?" Five minutes later, televisions across the area flicker, the image on the screen shifts, and the original film's conclusion airs.The article discusses how a lack of regulation creates a confused, amateurish, open space for people to experiment with TV, and then concludes:
Fellow journalist Walid Batrawi shares Kuttab's goals and has helped draft reforms for the Palestinian Authority calling for minimum levels of investment, education, and staffing for each station. The restrictions were supposed to go into effect in 2000 and would have put many small operations out of business.Indeed, putting small, nimble, responsive organizations out of business is often either an explicit goal or unavoidable side effect of regulation. I've been watching the acquisitions of both Sourcefire and NCipher fall victim to regulatory inquiries which move too slowly for the acquirer to wait around. As a startup guy, this worries the heck out of me. You can never have too many opportunities for exit (right, Siteadvisor?). Sarbanes-Oxley has already cut back on the ability of startups to go public, raising that bar. National and international regulators are now exercising another bar. Every opportunity for exit is a chance to value the business, reassess the market, and weigh anticipated growth versus a chance to make value gains liquid. But I digress.
I'm not a big believer in using violence, or the threat of violence, to control a market. I think people should be allowed free speech, even in the case of the Palestinian Authority, which has long funneled US and EU aid into the creation and broadcast of anti-Semetic propaganda on official TV stations. Let a thousand flowers bloom, even if some of them are ugly.
Just don't use regulation to prevent them from growing.
Bookmark this post:
I've just finished reading "The Pursuit of Wow!" by Tom Peters. The essential message is that if you're not enthused by what you're doing, change things until you're enthused. It's a great reminder of the importance of passion for delivering great products and services.
Unfortunately, as a startup veteran, there's a conflict that I run up against often. We need to get a product out the door to get customers to either bring us to profitability, or the next phase of the plan. That getting product out the door — what Microsoft folks mean when they say "shipping is a feature" — people can't use what you've built until you give it to them. Building great stuff requires not only great dedication, but often fast iterative cycles so you can see the responses to what you're doing.
Often times, those iterative versions aren't what you want them to be. Sometimes, they fall short of the vision you've set out. Learning to balance the virtue of shipping and the pursuit of wow has been one of the hardest lessons in building startups.
Bookmark this post:
Ethan Zuckerman did a great job of blogging from TED. The most interesting post for me was his summary of David Pogue's talk:
But he’s a big fan of the iPod and the “cult of simplicity”. Despite violating every rule of product design - going up against Microsoft, having fewer features, having a proprietary, closed format - it succeeded because people love simplicity. Simplicity sells - just look at Google.That's courage in a product manager. No new features. Wow.He shows us Dragon, which he uses to answer email, using voice macros. Responding to hate mail, he says “piss off” and gets a polite paragraph responding to an angry mail. He points out that the most recent version of the software had NO new features - it just worked better, and he thanks Dragon for making it work, not adding more cruft.
(Billy photo from Discoveret.)
Bookmark this post:
The comments on "Patents and Innovation" and "New Products, Emerging from Chaos" have been really good. I want to draw your attention to them, because I'm impressed at how much has been added.
I'm really enjoying the feedback, and the ability to continue a thread that's emerged from a comment. I'm also curious what I can do to encourage more comments and interaction?
[Update: Speaking of patents, Rob Sama sent me a link to a Wall St Journal editorial that was published this morning, entitled "Patently Absurd:"
The bitter legal fight over BlackBerry patents may soon inconvenience millions of users of that handheld email device. But that's nothing compared to the damage that a broken U.S. patent system is doing to the larger American economy.]
(Wright Bros patent #831, 393 from First to Fly.)
Bookmark this post:
In responding to "New Products, Emerging from Chaos," Albatross makes a good comment about how the RSA patent expiry didn't lead to an immediate outpouring of new products. Albratross also mentions how transaction costs encourage people to look for new ways to solve a problem. Mordaxus says there has been an explosion in the use of cryptography since the RSA patent expired — it just took a while.
Even though neither commenter mentioned it, I want to start with the issue of language, which is the elephant in the room. The most trenchant critique of the system involves language. There are important disconnects between the words used to describe the patent system, and the reality of the system.
The way the courts interpret "new" and "non-obvious" has lost all relation to the plain language meaning of the words. That disconnect drives a great deal of anger at and disdain for the system. The form in which software patents have evolved means the original bargain, of disclosure for protection, does not work in my field. Software engineers don't read patents. They are, almost without exception, incomprehensible. I recall being shocked to hear that chemists actually read each other's patents.
Language issues aside, what about the system? Does it encourage innovation?
Patents do help investors to justify their investment in ideas. The RSA cryptosystem can be written on an index card in an understandable way. It was fairly clearly new and non-obvious. As Adam Back pointed out, it could also be implemented with a very small amount of code. So how to defend an investment in an idea that's so simple? How do you prevent fast second-movers from entering a market and co-opting the work of innovators?
You can argue that you should not. The open source folks often make this argument, and say that competition is good for them and for consumers. At the same time, if a business requires investment, that investment is made easier to get if some level of legal protection is available. Patents are not a complete answer. I remember the first, and only time, I used patents as my answer to the question "What happens when Microsoft enters this market?" As the investor patiently explained to me, people buy things that solve their problems, not cool technologies. There are very, very few problems that only have a single solution. The patented invention may be better, but people don't buy inventions, they buy things that improve their lives. The other parts of a system - brand, packaging, convenience - may make up for `inferior' technology.
The claim that you should not prevent fast second-movers from entering a market is little comfort for the entrepreneur considering which idea to pursue. It is even less comfort for the innovative researcher who has come up with an idea they think is excellent. How to build a product? Entrepreneurs and innovators need more than luck and enthusiasm to make successful products. While patents are not the whole answer to how to compete, they can indeed be an important part of an answer.
So while patents can encourage innovation, the transaction costs can discourage it. Here, the (legal) innovation shown by Philips in their licensing programs for the CD ("CD Licensing - Philips Intellectual Property and Standards") is worth learning from. The standard terms they make available make it easy to decide if your business can work with theirs.
That certainly encourages innovation.
(Dog Cakes photo by Johnny V.)
Bookmark this post:
In a trenchant comment on "Secretly Admiring," Victor Lighthill writes:
Not to disrespect Ron Rivest or Credentica's Stefan Brands, but patenting your ideas in crypto is, historically, a great way to ensure that it takes them 15 years to go from concept to use.While there may be important grains of truth in this, and while I've railed against patents, and think the system is substantially flawed, I don't think patents are the mainstay of what holds back new products.
When someone invents something fundamentally new—and much of what's invented in cryptography does enable substantially new ways of allocating risk—the new idea needs to be the subject of experimentation. Much of this experimentation takes place in thought experiments and little prototypes. Some of it takes the form of startup companies trying to find the right combination of features to wrap around the core of it to bring something new to the market segments Geoff Moore calls 'visionary' or 'early adopters.' He spends much quite a few pages considering how companies can go from those markets to the 'early mass market.' (I shall now dramatically oversimplify his work in "Crossing the Chasm" and "Inside the Tornado.")
Much of the transition involves creating a set of circumstances, including successful deployments in specialized markets and generating 'recommenders' who will advise others about their success with your product. All of this takes both time and money. It requires luck. It requires a vicious clarity regarding strengths and weaknesses, at the product, team and personal levels. It also requires crafting a message that aids potential customers see how your product can transform their lives or businesses.
The first messages that are crafted are almost always wrong. Edison thought that the telephone would be used to broadcast concerts and lectures. Great entrepreneurs can sometimes react and find a new message. It took a great deal of experimentation for the combination of air-conditioning and movies to be discovered, and for that form to really take off and create Hollywood.
Do patents slow down the process? Somewhat. There's an awful lot more going on in entrepreneurship. Look at other bits of cryptography, not patented, like SSL or IPSec, and tell me that patents are the only issue. There's clearly a lot more to be overcome.
("London - Big Ben Tripout" by 'Don't look back!')
Bookmark this post:
The other day on "On Point," I heard some astoundingly clear exposition of executive management, in the words of Dr. Bernadine Healy, the former CEO of the Red Cross. The program, Examining The Red Cross was promoted as:
When 9/11 came, the Red Cross was there -- with mountains of Americans' donations and support for the stricken. And then came criticism and the ouster of its chief.Dr. Healy was crystal clear on the need for governance and adherence to mission. She praised the effective response of some parts of the organization, and had specific examples of failures, like having no response at the Pentagon on 9/11, except two volunteers who showed up without support of their local organization.When Hurricane Katrina came, the Red Cross was there again, with more mountains of American charity. And again came criticism -- more heated this time -- that the Red Cross response was too slow, too patchy, too heavy-handed. And again, yesterday, another chief of the organization was shown the door.
Executive management is not complex. It is merely exceptionally hard. What needs to be done as a manager can be captured in a small book. (I suggest "What Management Is" by Joan Magretta.) What needs to be done to ensure that goals are properly set and met is often intellectually and emotionally challenging. Nevertheless, the high level goals are simple, and Dr. Healy expounded on them beautifully.
