Month: October 2017
We live in a digital world with a false sense of security. While watching Blade Runner 2049 I smiled during a scene near the end where Deckard says to K, “What Have You Done?!?!?” I expect that this false sense of security will still exist in 2049 if humans manage to still be around.
The first big piece of security news this weekend was ‘All wifi networks’ are vulnerable to hacking, security expert discovers. It only a Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping, but, well, that’s most Wi-Fi networks. If you want the real details, the website Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse goes into depth about KRACK Attacks. And yes, KRACK is already up on Wikipedia.
Here’s the summary, which is mildly disconcerting (that’s sarcasm if you missed it …):
The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. To prevent the attack, users must update affected products as soon as security updates become available. Note that if your device supports Wi-Fi, it is most likely affected. During our initial research, we discovered ourselves that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks. For more information about specific products, consult the database of CERT/CC, or contact your vendor.
I was cruising along in my naive security bliss this morning when I saw the article Millions of high-security crypto keys crippled by newly discovered flaw. It turns out that a key RSA library that is widely used has a deep flaw in it and has been being used to generate weak keys since 2012.
A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.
The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it’s located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.
I’m sure there will be a lot more written about each of these flaws in the next few days. I expect every security vendor is hard at work this morning figuring out what to patch, how to do it, what to tell their customers, and how to get all the patches out in the world as fast as possible.
The constraint, of course, will be on the user side. A large number of customers of the flawed products won’t update their side of things very quickly. And many more bad guys now have a very clear roadmap for another attack vector with high vulnerability.
Be safe out there. Well, at least realize that whatever you generate digitally isn’t as safe and secure as you might think it is.
My partners Chris Moody, Seth Levine, and Lindel Eakman are all blogging right now. My other two partners, Ryan McIntyre and Jason Mendelson have blogged in the past, ut took a break in 2017. Also, the Foundry Group blog is always active, with occasional thought pieces but mostly updates on initial financings both for companies and other funds that we invest in.
So, I thought I’d point you at Moody, Seth, and Lindel’s blogs (and some posts) in case you are interested in following more of what we are doing at Foundry Group.
Moody’s recent post Two Steps Forward, One Step Back talks about being a few months into his gig as a VC, after his announcement of his transition from operator to VC in Joining Foundry Group.
Seth has started a Friday series named Friday Fun because the world needs more fun. His longer thought pieces like The Feature -> Product -> Company Continuum, How to value your SaaS company, and Reading Your VC Pitch Meeting are must-read posts for me – and for every founder and company executive. Also, Seth’s not afraid to be very personal and open, as he shows in his post Drowning.
Lindel is getting into a grove with posts like Saying “No” too often is part of being a good investor, Mi Casa Es Su Casa – How we seek to interact with our family of GPs, and Venture Risk and Return circa 2017. Very few LPs blog, so it’s neat to add Lindel’s perspective as a fund investor into the mix.
If you are following and reading me, I encourage you to follow and read my partners to get the full view of how we think about things at Foundry Group.
On October 19th, Engage Boulder is hosting a breakfast with me from 7:30am to 9:30am to discuss the past, present, and future of Boulder. I’ve lived and worked here since 1995 so I’ve seen, and be involved in, a lot of the evolution of our city over this period of time. I’m hoping to have a thoughtful and open conversation about a lot of the issues that are coming up around our local election. If you are interested, please join us.
Recently, the Daily Camera did an excellent series of profiles on the fourteen candidates running for the five open Boulder City Council positions. I recently endorsed five specific people: Jan Burton, Eric Budd, Jill Grano, Mark McIntyre, and Bill Rigler. Following are excellent profiles from interviews with each of them that I encourage you to read to get to know them, and their viewpoints, better.
Jan Burton: Bring smarter budgeting of time and money to Boulder
Eric Budd: Tech-savvy new urbanist wants younger voices in Boulder politics
Jill Adler Grano: Real estate pro pushes new ideas for Boulder zoning
Mark McIntyre: Boulder is changing, should continue to innovate
Bill Rigler: Lone renter on Boulder ballot says better public process within reach
Our local election, like our recent national election, has had some extreme animus creep into it. It’s not my nature to engage with what I view as irrational and ad-hominem hostility, especially when I view it as disingenuous. So, I was happy to see the Editorial by Dave Krieger, for the Daily Camera editorial board, call some of this out in a measured way. It’s worth a read, but listed are a few of the key statements.
“We came away convinced that Boulder will be in capable hands no matter which five of the 14 are elected. We think some of the fear-mongering that has already appeared in the campaign verges on the ridiculous.”
“We think today’s Boulder is a vibrant, bustling small city known nationally for the cutting-edge research of its university, federal labs and high-tech sector, but struggling to maintain its historically funky feel due to soaring property values and creeping gentrification. So we endorse forward-looking candidates seeking innovative ways to keep Boulder from becoming a gated community of wealthy white folks. We think this is what “progressive” means in the 21st century.”
“We do not share the view that Boulder is going to hell in a handbasket. There is no question it has undergone a growth spurt since the last recession, in part based on pent-up demand from that slowdown. It could have done a better job encouraging creative design of new buildings that better fit their surroundings. We have high hopes that a new planning director, in concert with a new council, may improve this process.”
“Colorado’s growth appears to be slowing, which may allow everyone to take a breath and lower the civic temperature. Boulder has too much going for it to engage in a divisive war choosing among a strong slate of City Council candidates.”
If you are game to have a calm and constructive conversation around this, please join me for breakfast on 10/19.
I was in Atlanta yesterday for Techstars Atlanta Demo Day. I’ll be here again today for Venture Atlanta and then I’m on to Kansas City for Techstars Kansas City Demo Day.
Rule #1: Don’t eat the bugs on the window of the 23rd floor of your hotel.
I’m being a lot more deliberate about my travel these days. I’m also being more careful about how I do it. I’m eating a lot smarter, not drinking at all, and making sure I get at least seven hours of sleep a night. While I hate shaking hands, I’ve given up trying to do fist bumps because I end up with numerous awkward semi-handshake-hand-grab moments. And I’ve stopped staying up late trying to get all my email from the day responded to like I did for 20 years.
I like Atlanta. I haven’t been here in a while but it’s pretty awesome to see how the startup community has grown in the past five years. While hot and humid today, it’s different from my norm so it’s an intriguing but easy adventure. While the bugs aren’t as big as the ones I grew up with in Dallas, they remind me of my childhood.
I had dinner with my brother Daniel and my cousin Kenny (who lives here) last night at the original Ted’s Montana’s Grill that’s on the corner of Luckie Street and Ted Turner Drive. We sat in the booth next to the one Ted frequents. The conversation was intense and wonderful. Something about all that made me smile just now.
Rule #2: Keep a sense of humor through all the absurdity. And, there’s a lot these days.
Building An Autonomous and Virtual World: Softbank Teams With Mapbox
The physical world will be the reference coordinates for the fleets of robot cars of our imagination. We’re living through the transformation from digital to virtual, and Softbank leading today’s investment of $164 million in Mapbox accelerates this even faster.
I’ve posted about the massive founder crush my partners and I have on Eric Gundersen, the CEO of Mapbox. When we led Eric’s first financing — a $10 million round and the first capital into the bootstrapped team — we believed mobile location and mapping would be big. Four years later to the week, our vision is dwarfed by the reality that location is at the heart of everything from ride-sharing and autonomous driving, to IoT and AR/VR. We are excited to again participate in this round.
It is no surprise that Eric and Masa both have this bold vision. Both share an exceptional way of dreaming and executing. I remember Eric showing me the maps from his time with the World Bank and UN. There was no AR or autonomous back when he was in Afghanistan, but there was a need for location data and a better mapping platform. In the years since, with massive customer launches like Snapchat and the Weather Channel, the horizontal scale of Mapbox’s platform is now much more obvious.
Knowing Eric and the team, this idealistic passion will not only scale as a company grows, it will set the trajectory for building a product and a company that changes how we experience the world. When I asked Eric a couple years ago about how far he wants to take this he responded:
“It simply would be a mistake to stop building right now — it’s too early. We’re going to be inside of everything.”
We’re long on the team at Mapbox, and it’s obvious to me why Softbank is also enthusiastic. I’m very loyal to my friends at Softbank and love any opportunity to work with them. Back in 1997, Softbank Technology Ventures (which became Mobius Venture Capital) was the first VC fund I helped raise. Ron Fisher, the Vice Chairman of Softbank, was responsible for watching over us, is one of my favorite people on the planet, and has been an incredible mentor to me.
This team and our world are at a unique moment in time. It’s is going to be incredible to watch Eric keep building.
I finished marathon #25 today and checked South Dakota off the list. I ran it with ten friends (nine of us did the marathon, two did the half) who were all part of my Chorus team that I started in June.
While this was one of the most enjoyable marathon weekends that I’ve had, it was a rough marathon for me. I finished it in a personal worst of 5:58:26 (gun time right at 6:00:00 – the clock said 5:59:59, but the website says 6:00:00.)
Things went wrong almost from the beginning. The weather was in the low 30s so I couldn’t decide whether to wear pants or just run in shorts. I was hot in the first mile and my stomach was rumbling. At mile three, we looped back around to the start so I went into the Crazy Horse Visitor Center, took my pants off, and took a five-minute bathroom break to make sure I was empty. The Visitor Center was warm, so when I went outside to start running again I immediately stiffened up. At least my gut felt better.
I caught up with my friend Mahendra (co-author with me of Startup Boards). I had planned to run the race alone, but I settled into a nice pace with him as we comfortably cruised through a long downhill section (that we knew we’d have to turn around and come back up later, but well – that was later.)
Around mile 8 I had a sharp pain in my left calf. I never get cramps, so this startled me and I limped on it for fifteen or so seconds. When I realized that it was seizing up, I stopped to stretch it out, but the damage was done. I didn’t have a pain free step on my left leg for the rest of the marathon.
Mahendra was awesome. Instead of going ahead, he waited with me for a minute while the cramp subsided. We walked for a few minutes until I felt like I could run again. We then ran side by side for the remaining 18 miles. A marathon typically gets difficult for me between mile 15 and 20. Today’s was hard for the last 18 miles. That’s a long way to be uncomfortable.
The downhill segment went from mile 4 to mile 10, where there was a turnaround point. Amy was at the turnaround and as she saw me coming she asked if I was ok. Apparently, my gait was off enough that it was noticeable.
For a moment, I thought about calling it quits. I’ve finished every marathon I’ve started and given the Chorus team activity, I quickly got over my doubt about staying on the course. Mahendra (standing to the right of me) and I said goodbye to Amy and started back uphill.
After seven miles, we crested the hill. By mile 17 we were both pretty done and were just shuffling through each mile. The course was extremely well crewed, which was great, but the snow started around mile 17 and by the end we were cold, wet, and mildly manic. When we turned the last corner and saw 5:59:00 on the clock, I told Mahendra to get moving since I didn’t want the clock to hit 6:00 (even though we had 90 seconds or so banked from the start.) We crossed the line right at 5:59:59.
The amazing thing was the performance of Team Chorus in this race. The marathon winner, Jason Burke, was on our team, as were #5 (Winter Mead) and #6 (Gary Ditsch – my coach). On the women’s side, one of our teammates Lou Anderson came in 14th.
Everyone else turned in impressive times. Ryan Martens finished (his first marathon!) in 4:14:37 (with Lou). Christina Sollenberger also finished her first marathon in 4:35:02. And Donna Miller finished her first marathon in 5:04:52. Bryan Oki finished his first half marathon in 2:00:02 and Davis Godbout got his first half marathon done in in 1:47:11.
As we had a post-race meal and told race stories, we all agreed how much Chorus had helped us on both our training and motivating us for the race. I have some new friends for life. While not a great marathon for me, it was a great weekend.
And Amy – you are the most awesome marathon sherpa ever!
Among all the distressing news of the world, I heard today that AOL Instant Messenger is shutting down on 12/15/17.
AIM was the first instant messenger I used. My AOL account handle was bfeld, which stuck and is generally my handle for all things (like Twitter) unless someone else grabbed it, in which case it’s bradfeld.
On 9/11/01, I was in NYC. I had taken a redeye the night before so I took a nap in the hotel room after I checked in and slept through the first World Trade Center tower collapse. When I woke up I was disoriented from my redeye and totally confused (like many) as to what was going on. I called Amy and caught her on the way to the airport (she was heading to NYC) and had been trying to reach me but couldn’t. There were tears but we figured out enough that she turned around and went home.
That was the last phone call I was able to make for a while. I was in the Benjamin Hotel and the phone wasn’t able to dial out. My cell phone couldn’t get a signal. As a last resort, I turned on my computer to see if I could connect to the hotel Internet.
That worked just fine. All of my IM apps opened up (AOL, Yahoo, Microsoft, and ICQ). Email worked fine also.
So for the rest of 9/11, until I went to Jenny Lawton’s house in the evening with Paul Berberian and Nick Cuccaro to get Jenny’s car and drive home to Boulder, I hovered over my computer.
AOL IM was probably 10x more active than the other IM apps combined. Amy and I went back and forth in real time throughout the day. My Mobius partners were equally distributed across AOL and Yahoo and a few randoms were on Microsoft and ICQ.
The little yellow AIM man was burned into my brain that day. I can’t imagine getting through 9/11 without him – and AIM.
AIM – you served me well for many years. Thank you. May you rest in peace for all of digital eternity.
I had a long conversation with a friend last night that included a segment about men, sex, and power. I had just finished Ellen Pao’s book Reset: My Fight for Inclusion and Lasting Change which I thought was phenomenal (more in a separate post soon) so there was a lot in my mind about this topic.
I woke up to several articles this morning that reinforced a simple concept that so many people miss. Sexual harassment – while it includes sex – is also about power.
Let’s start with Harvey Weinstein. For a preview, read the shorter article titled Another man behaving badly in Hollywood — this time, Harvey Weinstein. What a shocker. This line about narcissism is reflected in the behavior of many prominent men.
“I have always argued that power, particularly the Hollywood strain, infantilizes. Success in Hollywood frequently reduces fully grown adults to narcissistic babies. Babies have no self-control. They scream and cry when they get mad. Their needs are uninhibited. Gratification must be instant. Weinstein may be a talented moviemaker. But he is also just another overgrown Hollywood man-baby.”
The longer article in the New York Times that kicked this off, Decades of Sexual Harassment Accusations Against Harvey Weinstein, is worth a complete read. As you put the pieces together, Weinstein’s public response is similar to many self-reflective apologies that come out of this situation when things finally become public.
Back to the first article, here is another great section from Robin Abcarian.
“Weinstein’s behavior is also an excellent example of the hypocrisy that is so rampant in Hollywood — and politics, for that matter. He is a liberal Democrat who publicly champions women’s rights and professional advancement but demeans and exploits them in private. (And yes, I do include Bill Clinton on that list.) The conservative equivalent is the anti-abortion crusader who privately urges his mistress to abort an inconvenient pregnancy or the “devout” Christian who ditches his sick wife to marry his mistress.”
Power. And that led me to the second story I woke up to, which is the anti-abortion crusader, Tim Murphy, who privately urges his mistress to abort an inconvenient pregnancy. The article Inside Tim Murphy’s reign of terror shows very clearly how power is at the root of this. The statement from Congressman Tim Murphy is another typical one, which basically says “I’m resigning, I’ll spend my time remaining working on important things, I’ve accomplished a lot, and please leave me alone.”
At least Harvey Weinstein said, “I appreciate the way I’ve behaved with colleagues in the past has caused a lot of pain, and I sincerely apologize for it.” But, this was his fourth paragraph. As my mother taught me, the way to apologize is to start with the sentence “I’m sorry.” You can write anything you want after that, but start with the apology – that’s the lead – don’t bury it.
I’m really hopeful that we are at the tipping point of sexual harassment being completely unacceptable. I have a profound appreciation for the women coming forward with their experiences. I know there are many multiples of these stories being suppressed by non-disparagement clauses that were signed and sealed with money to keep people quiet. That’s just another form of power being used in this situation.
Last week Rover launched on-demand dog walking in Denver. They’re enhancing their existing marketplace experience by adding an assignment option, similar to Uber and Lyft, and bringing it to Colorado. It’s another exciting move by the company, and their Denver announcement caused me to me reflect on my five years as an investor and board member at Rover.
https://youtu.be/UsL3kJrpMSw
Three thoughts came to mind.
Rover executes. I can’t believe that Rover has rolled out an entirely new way to purchase dog walking in three cities, with their fourth on the way, and we’re not yet three months on the other side of the DogVacay integration. That integration – a result of Rover acquiring DogVacay, both started and ended in Q2, and surpassed the best-case-scenario metrics that the team presented to the board. While we talk about the power of “just executing” in the startup world, Rover is a case study of execution in action.
Rover is completely obsessed with its customers. Only an absolute determination to get the customer experience right would drive this team to build two separate versions of a new product, given the complexity of their overall business. But Rover shares this common trait of product-obsession with other great teams that I’ve known as an investor and board member, and it’s inspiring to watch. This is yet another instance of a team that knows what it’s doing, listens carefully to its customers, and, like my dog Cooper, jumps all over things to make sure that it gets its experience right.
Rover is an old-school example of how great companies drive customer loyalty. Their monthly new customer LTVs have increased steadily every year as a result of customer loyalty for six years in a row, without a single counter-example. While some increases can be accomplished through branding or marketing initiatives, Rover has done it the old-fashioned way, which is through careful and thoughtful sequencing of product launches and improvements to the marketplace.
If you live in Denver, give Rover’s on-demand dog walking experience a try and let me know what you think. I’ll pass it on to the team at Rover, as I know they will be very interested in your feedback.