Entries Tagged 'software' ↓

Always Tell a Story

Thinking about what works for entrepreneurs and what doesn’t, it occurred to me that it’s not always enough to do the right things. You have to do the right things in the right order.

That sounds hard. It is tough enough to know what the right things are, without also knowing what order to do them in.

But the order matters. Adding a particular investor first helps you get the interest of others. There is a right order to seek investors.

There is a right order in which to seek press and PR for your products, and possibly a different order that’s best for your company as a whole.

You could call it “strategic,” but that implies that it might be hard to figure out, or that a wrong move might cost you dearly. That’s probably not quite right; but there is usually one story that’s better than the others.

I think in the end we are all just telling stories: about ourselves, our companies, and our products. We tell a story to prospective employees, and all sales is really storytelling.

So here’s the trick: tell a good story. If you tell a story that has good characters doing interesting things in a compelling order, you’ll win.

And the inverse is also true. Tell a sad story, or a boring one, or one where the elements don’t build towards a climax, and odds are, you won’t get very far.

So the next time you’re worrying over strategy, or wondering how to get investors interested in what you’re doing, start thinking about your story: the characters, their beliefs, the heroes, and the villains.

Write a story that motivates you, and odds are, others will want to play a part too.

The How and Why of Tech

David Lee Roth

“He who knows how will always work for he who knows why.”
– David Lee Roth

There are 168 hours in a week and you must decide how to spend them. You’ll probably want to spend some sleeping and eating. What will you do with the rest?

Many people that work with technology pride themselves on knowing how to do things the best way, with the best tools. In fact, the history of technology and its evolution is all about “how” and finding new, better ways to do things.

But in some important ways, “How” is the enemy of “Why.” Why should you do one thing instead of another thing? Why is it sometimes important to choose one technology over another? Some technologists would argue that it’s important to choose the better technology. Better for what?

After about age 15, I have always bristled when people called me a “tech guy.” And I wasn’t sure why. While I may be (on the best days) intelligent enough to pay attention to and use technology well, and maybe to have read a thing or two about algorithms and software, I always felt offended by the label. It was as if people were saying that I knew “how” to do things, but that I didn’t know why.

But I do know why. I’ve read enough philosophy, literature, and scripture to have a sense of what we should be doing on this earth. So calling me a “tech guy” feels wrong. I’m as much of a “why” guy as I am a “how” guy. They’re not mutually exclusive.

People who really know “why” often end up with real power and wealth. To save time, the “why” progeny formed a tribe. They go to the right schools and give each other important-sounding jobs. And they control many people who know “how” (but who may not yet know why.) Too often, though, the offspring of powerful people don’t really know “why.” They took a shortcut and there is none.

I spend a lot of time with tech people; in tech conferences; in the tech community. And many of those people know how to do a great many things. Fewer know “why.” Some have yet to realize it’s worth knowing. That’s OK, because learning why takes time.

It’s troubling to hear good, smart tech people get into the minutiae of a “how” question that doesn’t matter. (For me, home media usually falls into this category.) When I was younger, I might have had time to figure out the details of streaming movies to three televisions. Now I just don’t care. This is why Apple is making a fortune on its products. They generally deliver good results without requiring people to waste time on the details. (Steve Jobs knows both “why” and “how.”)

Here’s a challenge, tech people: learn “why.” And understand that “how” sometimes comes at the expense of “why.” You need to balance your priorities between both and choose how you’re going to spend your time each week. If you know only “how”, and never take the time to know “why,” rest assured you’ll be working for someone else who does.

As a tech-aware person you have a head start, because today it’s not enough to know only “why.” Someone who may know why but excludes technological study from their life can’t understand the world properly today because technology shifts so quickly. Sometimes things that once were important simply become obsolete.

Sometimes I talk to tech people who think they don’t have any real power because they are not part of the old-school power-tribe. But nothing is further from the truth, for inherited power is not real power.

No one has more power than someone who knows both “how” and “why.” Become that person and you change the world.

Is Groupon the new “Jesus Startup?”

50% Off Loaves and Fishes…

Every few years a company emerges that grows so swiftly that it manages to define the zeitgeist and often helps to inflate a bubble that defies any rational explanation. Often these businesses are driven by new, disruptive ideas that take the market by storm and create a real shift in how people do things. Amazon (and online shopping), Google (and the search business), and Apple (music, smartphones, and touch computing) fall into this category. They created real, thick value.

For every one of these, there are others that grow, get tremendous buzz, and then seem to dissipate as quickly as they emerged. Or they settle into a kind of staid middle-age, their torrid teen years long forgotten. Think about 90’s darlings like IOmega, Boston Chicken, eBay, and Home Depot. It can be difficult to predict which businesses will stick around and which will fall away (or become low-growth, boring enterprises).

Groupon has emerged as the “Jesus Startup” of 2010-2011. The industry always needs one, and they tend to conform to an archetype and have a mythical story: the visionary CEO (Marc Andreesen, Evan Williams, Mark Zuckerberg) who experiences a remarkable rise to greatness. For this story and for these 15 minutes, we have Andrew Mason, the humorous and self-deprecating everyman who declares of the fledgling Groupon, “We could still fuck this up.”

The implication is that they’ve done something to “ace” it so far. But the truth is that they are just regular guys that started out doing something else (some kind of social mission charity stuff – blech – don’t talk about that, it’s not compatible with the visionary myth). And after executing on their original idea and experimenting a bit, they found themselves in the middle of a new exploding business model. Kudos for that. But as is the case with most “Jesus Startups,” there’s been a notable lack of critical thinking about what happens next.

Here’s where I think Groupon is weak.

1. Over-reliance on hypergrowth.

Groupon has posted some crazy huge numbers as they push through massive expansion into new markets. When you are turning up a new major metropolitan area every few days, gross revenue numbers are going to grow very quickly as businesses rush to be part of adobe something that’s got so much buzz. As their geographic footprint stabilizes, top-line revenue will start to level out. When that happens, the business becomes much less interesting and has a lower upside (see Home Depot, Gap, Boston Chicken, Microsoft). This is why a push to IPO while this hypergrowth is happening seems to be a priority for the company.

2. Customer fatigue.

If you have been using Groupon, Living Social, GILT, HauteLook, or any of the countless other sites that rely on daily emails to get their message out, I’ll bet your experience has been something like this: at first you reviewed the emails every day; you bought a few things; you are now buying almost nothing; now, you may not look at the emails at all; you still have unused Groupons. Time is money, and people have too much crap. Eventually, people are not going to take the time with this. And when Groupon has exhausted all the “easy hits” that drive people to buy, then what? Besides, I thought email was “dead” and for “old people.” Right? Or did I miss something? (Sure, the deals spread through Facebook or whatever social channels, but email is a huge part of the business model.) As younger folks steer away from email, it’s an open question whether the current “daily deal” model can be sustained.

3. Business fatigue.

Businesses are tripping over themselves to be part of the latest new thing and expose themselves to thousands of customers at a shot. And sure, a Groupon deal can be a great opportunity for some businesses. But many businesses (some say up to 40%) have found that doing a Groupon deal can be a costly mistake that actually damages their business. The economics of the deals deliver a fraction (typically 25%) of the face value, which often does not cover their costs. While there is some breakage (unused deal revenue that can offset losses), this still may not cover the cost and hassle the promotion entails. Additionally, businesses that undertake in smart advertising can promote themselves all year round. A business can do a Groupon deal at most once every few months – otherwise the deal just doesn’t seem “special” enough. Groupon is a great novelty that can help some businesses become better established, but I really wonder if many businesses would participate more than once or twice, when compared to ongoing targeted marketing initiatives.

4. Scale as the only barrier to competition.

There are now thousands of competitors to Groupon (Living Social is the largest). There will be thousands more. The reason why both companies have received such massive investments to date is that they need to get big to create a local sales force in every market in the world, which is obviously an expensive proposition. If they can get sufficiently big, they can build a sustainable business that will dissuade new market entrants simply because any competitor would have to build a worldwide localized sales force. And if you’ve ever had to run a local sales force, you know that it’s a very expensive, messy, people-driven business. The business that Groupon will eventually most resemble structurally is the Yellow Pages. With sales teams in every city, the major directory publishers were able to exert a near monopoly control over the interface between local businesses and consumers, and Groupon is going after the same market. The difference is in Groupon’s use of technology and use of social. Otherwise, the two businesses are nearly indistinguishable. The assumption is that Groupon’s scale will prevent competitors from gaining a foothold, but I don’t see any real reason a focused local competitor couldn’t develop a sustainable business.

5. Tone-deaf on China.

Groupon has undertaken a massive push to expand into China. That sounds great, and any US investor would likely salivate over such an aggressive, prescient-sounding move. Ah, that Mason guy, he really knows his stuff. But my friend, China-expert Christine Lu tells me that Groupon’s Berlin office has recruited 1,000 new hires for China in the last three months – many recent college graduates. But here’s the thing. I’m currently getting a daily deal from a site in Shanghai called Wufantuan that’s indistinguishable from Groupon. (50% off Mexican food in Shanghai was one recent deal.) If you know anything about the Chinese market, you know it favors locals and cloning is part of the culture. To expect Groupon to be able to achieve anything meaningful in China is wishful thinking. Google got run out of the country on a rail. You expect the powers that be there to allow a US firm to “split” revenues with Chinese businesses to provide its budding bourgeoisie with deals on burgers, skydiving, and cupcakes? Um, yeah. OK. If there’s a business there, it will be Chinese. The entire Groupon strategy with China is theater, designed to show investors that they’re “paying attention to that market” while they ready the IPO.

So, the real deal of the day is for Groupon itself. The question is whether there’s enough upside in the model – and enough “bigger suckers” out there for the average Joe to make any money on the offering before the business model settles out and becomes the next eBay, Home Depot, or Gap. These are fine, sustainable businesses, to be sure, but all are way less sexy than they once seemed. (Yes, for about 6 months in 1995, Gap was incredibly sexy.)

Before you decide that Groupon’s the next hot young thing, it’s worth asking whether you want to jump on this model right now. I believe there’s a really nice, long term, but ultimately very boring business in there that should pay a nice dividend. Meantime, the visions of hypergrowth are likely much exaggerated.

I certainly can’t criticize the trajectory that Andrew Mason and company have managed to carve out for themselves. It’s an incredible story and it’ll be fascinating to see how it unfolds. The expectations are so high, they really can’t be met.

My bet is that they will need to move on to more sustainable forms of year-round marketing for businesses and away from the aggressive 50% discount model. That’s a much less sexy place to be and it will require some real creativity to carve out a niche there. But I just don’t buy the idea that they can continue to build a business based solely on deals of the day at such aggressive discounts.

The Groupon model right now is based primarily on creating new relationships between businesses and customers. They’ll be on to something really interesting when they can help to nurture and sustain those same relationships profitably.

I originally posted this as a Facebook Note on January 22nd, and posted it here with a few slight editorial modifications. There are some good comments regarding China that are worth repeating here. There are also many good comments on that Note that are worth checking out.

From my friend Christine Lu (@christinelu):
Thanks for the mention Dave. I think they’re hiring 1K in the next few months. As in currently in the process of. Things over there have just sounded a bit weird to be a sustainable market entry strategy so I think it’s all a nice way to have a China story to prop up the IPO. The elusive vision of 1.3 billion people using Groupon. Nevermind that clones are already saturating the market and they’ll have Alibaba’s Taobao to deal with. Anyways, we discussed it a bit on Quora.

From my friend Vivian Wang (@vivwang):
The JV is a positive differentiator for both companies and will accelerate market consolidation. There are 1686 other group shopping sites as of December, yet only 29 sites have CIECC licenses to legally operate. Some believe there are only 10 serious contenders that can attractively compete. The real threat is Alibaba and Taobao, so a more international footprint into China seems warranted. One of the smarter things Groupon did was buy Mob.ly back in May, which has been developing on all mobile platforms. For a sector that’s already doing about $79B in transactions, I think the risk seems worth taking.

Hope something truly uniquely innovative comes out of this that the world has yet to see. I’d personally love to see Tencent migrate from selling a $1B of games & virtual goods to some seriously tangible merchandise. The foolish side of me actually thinks they’ll have a fair shot at it. Should be fascinating.

And from my friend Francine Hardaway (@hardaway):
I believe all this bargain stuff, especially in the US, is part of the recession and will go away when it is over and we all relax. I agree with you 100% on Groupon’s model; I am done buying stuff I don’t need, even at half price. All the people I know who love coupons (I never have) are armed with sheaves of them, and all that happens is the merchants are in price wars with one another in a race to the bottom. Sites like Groupon and Haute Look might be marketing front ends, but they are also margin-shavers for the people in the businesses they market. This HAS to be unsustainable at the end of the day, whether China is successful or not (and I bet it won’t be, because of all the people who, when we were in China, got up and said they would clone our products in half an hour).

What do you think about Groupon?

Drop Everything and Pay Attention to Firesheep Now

Firesheep is a startling plugin that allows anyone to easily impersonate the login credentials of others for dozens of sites. It works on any unencrypted WiFi connection and is stupid-simple to setup. It can be done by anyone in a matter of minutes.

Just to illustrate how easy it is to setup, I was on Virgin America flight VX67 from Washington to San Francisco yesterday.

All I had to do to get going with Firesheep was download Firefox (onto my new MacBook Air) using the in-flight WiFi, and then download the Firesheep plugin for Firefox. Just drag the plugin into Firefox and it installs. Reload Firefox and you’re ready to go.

Click “Start Capturing” and you are instantly snooping on every interaction occurring on the WiFi network. In my case yesterday, that meant snooping on everybody who was using the WiFi on my flight.

What’s At Risk?

Within just a couple of minutes, I was able to impersonate 3 people on Facebook (updating their status, exploring friends, doing anything I wanted to – of course I didn’t). Twitter is also at risk. So is Gmail. And so is Amazon.

Access to Amazon is perhaps the most worrying. Once I realized I was in under someone else’s Amazon account, I quickly shut down Firesheep: this is some scary stuff. What if I had changed the shipping address for the account and done a one-click order on a $10,000 watch or a $2,000 plasma TV?

This was all at 37,000 feet in an airplane (and way more entertaining than SkyMall). Like taking candy from a baby.

Even More Shocking…

Later in the afternoon I was at one of the Internet Industry’s high-profile events: Web 2.0 Summit produced by O’Reilly. There on the hotel’s WiFi, which was setup to serve the summit, I ran Firesheep. Within seconds I had compromised about 25 accounts, including the Twitter accounts of O’Reilly Media and TechCrunch writer Alexia Tsotsis. Change passwords, tweet-as-them, friend and de-friend people? No problem. Here’s what I saw. (Note that my accounts were vulnerable as well.)

How It Works

I have not studied this exploit carefully enough yet to explain it in full detail, but my understanding is that on an open WiFi network, it’s trivial to capture in cleartext all of the web interactions of the users around you on the same IP network. Once you can do that (something Firesheep achieves using the pcap library, capturing port 80) then you can sniff for credential information specific to particular websites. Firesheep supports a couple of dozen out of the box, including all major social networking sites (Facebook, Twitter, Gmail, Gowalla, Foursquare) but also some more obscure sites relevant to coders (Github, Pivotal Tracker). Ouch. It even has an “import” function so others can write exploits for sites that Firesheep doesn’t know about yet.

The bottom line is that these sites all need to enforce the use of HTTPS (secure HTTP) rather than HTTP *before* the login handshake occurs. This will force some emergency changes by many sites over the next few days.

This is not a new exploit – it’s always been possible to do this; Firesheep just makes it stupid easy.

A Note On Passwords vs. Encryption

You’ve encountered WiFI networks that require WEP or WPA encryption passwords. These are secure from Firesheep’s reach. However, there are a lot of WiFi networks that require “passwords” (such as those at coffee shops, hotels, etc) that are in fact open networks. Many do not even require you to login to them to exploit them via Firesheep. To put it in perspective, every Starbucks location is vulnerable to attack.

The only for-sure ways to stay safe from Firesheep for now are to 1) use only encrypted WiFi networks (that use WPA or equivalent), 2) use wired networks that you trust. Any open WiFi network can and will be vulnerable to this attack until vulnerable sites switch to using HTTPS for all authentication. Be very careful out there, folks.

Update: After talking with a few folks and thinking through this exploit a little further, I can offer a bit more complete of an explanation of how it works and why blocking it is so difficult.

The exploit does not actually capture the *password* itself (which is actually transmitted using HTTPS) but rather captures the authentication credentials which are stored (and visible) in the session cookie *after* HTTPS authentication has completed.

So, even a one-time password will not address this. And the reason boils down to ads and other unsecure content that folks want to serve as part of the site experience. To fix this problem would require serving ads (and images) via HTTPS, which would require major computing resources and will have a major impact on the web.

According to one security researcher I spoke to this evening (who formerly ran Yahoo mail), there’s no obvious way around this other than to allow both HTTP and HTTPS content to be served from the same site during the same session, something which presently causes an alert to the user (which would have the result of freaking them out). Such an alert is a good thing; turning it off is not a net gain. It shouldn’t be up to the user to have to sort out which resources the site is requesting should be secure and which ones do not need to be.

So, it’s a real dilemma. No one seems to be sure how to really address it other than to eliminate or curb the use of open networks, which is probably where it’s going to end up. So open WiFi is now basically over. Expect places that had been using it to post publicly available WPA passwords, which solves the problem.