“He who knows how will always work for he who knows why.” – David Lee Roth
There are 168 hours in a week and you must decide how to spend them. You’ll probably want to spend some sleeping and eating. What will you do with the rest?
Many people that work with technology pride themselves on knowing how to do things the best way, with the best tools. In fact, the history of technology and its evolution is all about “how” and finding new, better ways to do things.
But in some important ways, “How” is the enemy of “Why.” Why should you do one thing instead of another thing? Why is it sometimes important to choose one technology over another? Some technologists would argue that it’s important to choose the better technology. Better for what?
After about age 15, I have always bristled when people called me a “tech guy.” And I wasn’t sure why. While I may be (on the best days) intelligent enough to pay attention to and use technology well, and maybe to have read a thing or two about algorithms and software, I always felt offended by the label. It was as if people were saying that I knew “how” to do things, but that I didn’t know why.
But I do know why. I’ve read enough philosophy, literature, and scripture to have a sense of what we should be doing on this earth. So calling me a “tech guy” feels wrong. I’m as much of a “why” guy as I am a “how” guy. They’re not mutually exclusive.
People who really know “why” often end up with real power and wealth. To save time, the “why” progeny formed a tribe. They go to the right schools and give each other important-sounding jobs. And they control many people who know “how” (but who may not yet know why.) Too often, though, the offspring of powerful people don’t really know “why.” They took a shortcut and there is none.
I spend a lot of time with tech people; in tech conferences; in the tech community. And many of those people know how to do a great many things. Fewer know “why.” Some have yet to realize it’s worth knowing. That’s OK, because learning why takes time.
It’s troubling to hear good, smart tech people get into the minutiae of a “how” question that doesn’t matter. (For me, home media usually falls into this category.) When I was younger, I might have had time to figure out the details of streaming movies to three televisions. Now I just don’t care. This is why Apple is making a fortune on its products. They generally deliver good results without requiring people to waste time on the details. (Steve Jobs knows both “why” and “how.”)
Here’s a challenge, tech people: learn “why.” And understand that “how” sometimes comes at the expense of “why.” You need to balance your priorities between both and choose how you’re going to spend your time each week. If you know only “how”, and never take the time to know “why,” rest assured you’ll be working for someone else who does.
As a tech-aware person you have a head start, because today it’s not enough to know only “why.” Someone who may know why but excludes technological study from their life can’t understand the world properly today because technology shifts so quickly. Sometimes things that once were important simply become obsolete.
Sometimes I talk to tech people who think they don’t have any real power because they are not part of the old-school power-tribe. But nothing is further from the truth, for inherited power is not real power.
No one has more power than someone who knows both “how” and “why.” Become that person and you change the world.
Every few years a company emerges that grows so swiftly that it manages to define the zeitgeist and often helps to inflate a bubble that defies any rational explanation. Often these businesses are driven by new, disruptive ideas that take the market by storm and create a real shift in how people do things. Amazon (and online shopping), Google (and the search business), and Apple (music, smartphones, and touch computing) fall into this category. They created real, thick value.
For every one of these, there are others that grow, get tremendous buzz, and then seem to dissipate as quickly as they emerged. Or they settle into a kind of staid middle-age, their torrid teen years long forgotten. Think about 90’s darlings like IOmega, Boston Chicken, eBay, and Home Depot. It can be difficult to predict which businesses will stick around and which will fall away (or become low-growth, boring enterprises).
Groupon has emerged as the “Jesus Startup” of 2010-2011. The industry always needs one, and they tend to conform to an archetype and have a mythical story: the visionary CEO (Marc Andreesen, Evan Williams, Mark Zuckerberg) who experiences a remarkable rise to greatness. For this story and for these 15 minutes, we have Andrew Mason, the humorous and self-deprecating everyman who declares of the fledgling Groupon, “We could still fuck this up.”
The implication is that they’ve done something to “ace” it so far. But the truth is that they are just regular guys that started out doing something else (some kind of social mission charity stuff – blech – don’t talk about that, it’s not compatible with the visionary myth). And after executing on their original idea and experimenting a bit, they found themselves in the middle of a new exploding business model. Kudos for that. But as is the case with most “Jesus Startups,” there’s been a notable lack of critical thinking about what happens next.
Here’s where I think Groupon is weak.
1. Over-reliance on hypergrowth.
Groupon has posted some crazy huge numbers as they push through massive expansion into new markets. When you are turning up a new major metropolitan area every few days, gross revenue numbers are going to grow very quickly as businesses rush to be part of adobe something that’s got so much buzz. As their geographic footprint stabilizes, top-line revenue will start to level out. When that happens, the business becomes much less interesting and has a lower upside (see Home Depot, Gap, Boston Chicken, Microsoft). This is why a push to IPO while this hypergrowth is happening seems to be a priority for the company.
2. Customer fatigue.
If you have been using Groupon, Living Social, GILT, HauteLook, or any of the countless other sites that rely on daily emails to get their message out, I’ll bet your experience has been something like this: at first you reviewed the emails every day; you bought a few things; you are now buying almost nothing; now, you may not look at the emails at all; you still have unused Groupons. Time is money, and people have too much crap. Eventually, people are not going to take the time with this. And when Groupon has exhausted all the “easy hits” that drive people to buy, then what? Besides, I thought email was “dead” and for “old people.” Right? Or did I miss something? (Sure, the deals spread through Facebook or whatever social channels, but email is a huge part of the business model.) As younger folks steer away from email, it’s an open question whether the current “daily deal” model can be sustained.
3. Business fatigue.
Businesses are tripping over themselves to be part of the latest new thing and expose themselves to thousands of customers at a shot. And sure, a Groupon deal can be a great opportunity for some businesses. But many businesses (some say up to 40%) have found that doing a Groupon deal can be a costly mistake that actually damages their business. The economics of the deals deliver a fraction (typically 25%) of the face value, which often does not cover their costs. While there is some breakage (unused deal revenue that can offset losses), this still may not cover the cost and hassle the promotion entails. Additionally, businesses that undertake in smart advertising can promote themselves all year round. A business can do a Groupon deal at most once every few months – otherwise the deal just doesn’t seem “special” enough. Groupon is a great novelty that can help some businesses become better established, but I really wonder if many businesses would participate more than once or twice, when compared to ongoing targeted marketing initiatives.
4. Scale as the only barrier to competition.
There are now thousands of competitors to Groupon (Living Social is the largest). There will be thousands more. The reason why both companies have received such massive investments to date is that they need to get big to create a local sales force in every market in the world, which is obviously an expensive proposition. If they can get sufficiently big, they can build a sustainable business that will dissuade new market entrants simply because any competitor would have to build a worldwide localized sales force. And if you’ve ever had to run a local sales force, you know that it’s a very expensive, messy, people-driven business. The business that Groupon will eventually most resemble structurally is the Yellow Pages. With sales teams in every city, the major directory publishers were able to exert a near monopoly control over the interface between local businesses and consumers, and Groupon is going after the same market. The difference is in Groupon’s use of technology and use of social. Otherwise, the two businesses are nearly indistinguishable. The assumption is that Groupon’s scale will prevent competitors from gaining a foothold, but I don’t see any real reason a focused local competitor couldn’t develop a sustainable business.
5. Tone-deaf on China.
Groupon has undertaken a massive push to expand into China. That sounds great, and any US investor would likely salivate over such an aggressive, prescient-sounding move. Ah, that Mason guy, he really knows his stuff. But my friend, China-expert Christine Lu tells me that Groupon’s Berlin office has recruited 1,000 new hires for China in the last three months – many recent college graduates. But here’s the thing. I’m currently getting a daily deal from a site in Shanghai called Wufantuan that’s indistinguishable from Groupon. (50% off Mexican food in Shanghai was one recent deal.) If you know anything about the Chinese market, you know it favors locals and cloning is part of the culture. To expect Groupon to be able to achieve anything meaningful in China is wishful thinking. Google got run out of the country on a rail. You expect the powers that be there to allow a US firm to “split” revenues with Chinese businesses to provide its budding bourgeoisie with deals on burgers, skydiving, and cupcakes? Um, yeah. OK. If there’s a business there, it will be Chinese. The entire Groupon strategy with China is theater, designed to show investors that they’re “paying attention to that market” while they ready the IPO.
So, the real deal of the day is for Groupon itself. The question is whether there’s enough upside in the model – and enough “bigger suckers” out there for the average Joe to make any money on the offering before the business model settles out and becomes the next eBay, Home Depot, or Gap. These are fine, sustainable businesses, to be sure, but all are way less sexy than they once seemed. (Yes, for about 6 months in 1995, Gap was incredibly sexy.)
Before you decide that Groupon’s the next hot young thing, it’s worth asking whether you want to jump on this model right now. I believe there’s a really nice, long term, but ultimately very boring business in there that should pay a nice dividend. Meantime, the visions of hypergrowth are likely much exaggerated.
I certainly can’t criticize the trajectory that Andrew Mason and company have managed to carve out for themselves. It’s an incredible story and it’ll be fascinating to see how it unfolds. The expectations are so high, they really can’t be met.
My bet is that they will need to move on to more sustainable forms of year-round marketing for businesses and away from the aggressive 50% discount model. That’s a much less sexy place to be and it will require some real creativity to carve out a niche there. But I just don’t buy the idea that they can continue to build a business based solely on deals of the day at such aggressive discounts.
The Groupon model right now is based primarily on creating new relationships between businesses and customers. They’ll be on to something really interesting when they can help to nurture and sustain those same relationships profitably.
I originally posted this as a Facebook Note on January 22nd, and posted it here with a few slight editorial modifications. There are some good comments regarding China that are worth repeating here. There are also many good comments on that Note that are worth checking out.
From my friend Christine Lu (@christinelu):
Thanks for the mention Dave. I think they’re hiring 1K in the next few months. As in currently in the process of. Things over there have just sounded a bit weird to be a sustainable market entry strategy so I think it’s all a nice way to have a China story to prop up the IPO. The elusive vision of 1.3 billion people using Groupon. Nevermind that clones are already saturating the market and they’ll have Alibaba’s Taobao to deal with. Anyways, we discussed it a bit on Quora.
From my friend Vivian Wang (@vivwang):
The JV is a positive differentiator for both companies and will accelerate market consolidation. There are 1686 other group shopping sites as of December, yet only 29 sites have CIECC licenses to legally operate. Some believe there are only 10 serious contenders that can attractively compete. The real threat is Alibaba and Taobao, so a more international footprint into China seems warranted. One of the smarter things Groupon did was buy Mob.ly back in May, which has been developing on all mobile platforms. For a sector that’s already doing about $79B in transactions, I think the risk seems worth taking.
…
Hope something truly uniquely innovative comes out of this that the world has yet to see. I’d personally love to see Tencent migrate from selling a $1B of games & virtual goods to some seriously tangible merchandise. The foolish side of me actually thinks they’ll have a fair shot at it. Should be fascinating.
And from my friend Francine Hardaway (@hardaway):
I believe all this bargain stuff, especially in the US, is part of the recession and will go away when it is over and we all relax. I agree with you 100% on Groupon’s model; I am done buying stuff I don’t need, even at half price. All the people I know who love coupons (I never have) are armed with sheaves of them, and all that happens is the merchants are in price wars with one another in a race to the bottom. Sites like Groupon and Haute Look might be marketing front ends, but they are also margin-shavers for the people in the businesses they market. This HAS to be unsustainable at the end of the day, whether China is successful or not (and I bet it won’t be, because of all the people who, when we were in China, got up and said they would clone our products in half an hour).
The 2011 Mayoral contests represent a unique opportunity to make American cities work again. Cities have already begun an inexorable return to relevance as refuges from crushing commutes, and as havens of culture and innovation. Our economy is increasingly hitched to our ability to develop and capitalize on innovative ideas, and that innovation can’t happen when folks are trapped in their cars and isolated in the matrix of suburban sprawl. Cities are the American future.
But in the early 1970’s, they were left for dead: victims of race and class warfare, they became abandoned places – a place where people work or would go to the symphony, but not places to build a life or raise children. Formerly walkable, livable cities degraded into a-la-carte destinations you could get into and out of quickly as 1950’s visions of suburbia gained dominance.
With this shift, cities’ political influence waned, and city politics evolved into a top-down enterprise. Power brokers, political clubs, and church groups conferred power on those who would play the game and wait their turn. In Baltimore, city politics became either a launching pad for state office, or a refuge of scoundrels whose city fiefdoms became ends in and of themselves. Instead of working for Baltimore, all too often our politicians have tried to enrich themselves at its expense. With minimal popular interest and the atrophy of the press, there has been increasingly less oversight. So the machine has lumbered on – unencumbered by the tempering force of investigation, new blood, or real political imagination.
In other contexts, leaders are judged on their ability to lead and deliver tangible improvements. But in our cities, it has become enough for our politicians to just not screw things up even worse than they found them. Enough isverigeapotek.com. It’s time to move forward again.
In 2010 we saw some new trends: long-term incumbents who fit the old standard – of merely not being demonstrably corrupt or incompetent – were booted out. And not because of typical anti-incumbent anger, but because people saw something else: that maybe we could demand better.
In Baltimore, 27 year-old newcomer Bill Ferguson delivered a decisive blow to 27-year incumbent State Senator George Della. Gregg Bernstein defeated long-time incumbent Baltimore City States Attorney Patricia Jessamy. These races shared two things in common: no one thought they could upset the machine, and they used the Internet to organize financial and ideological support.
The simultaneous rise in the demand for urban living along with the use of the Internet for political and community organizing will usher in an era of unprecedented change in American cities. With the 2010 races, the old system was put on notice; in 2011 it will begin to be dismantled.
I support Otis Rolley in his candidacy for Mayor of Baltimore in 2011. At 36, Otis is part of the new guard. He’s qualified – he has a masters’ degree in City Planning from MIT. He has been in Baltimore since 1998. He served 10 years in the public sector and two in the private sector. As an executive, he led the Baltimore City Department of Planning and – shockingly – produced the city’s first actual master plan in 39 years.
In his time at Planning and as a Chief of Staff, Otis was struck with one question: can’t we do better than this?
Indeed we can. Leadership is about creating a culture based on shared values. We need a leader who is willing to stand up for his values and the values of people who care and work hard, and not allow entrenched career “slugs” to dilute those efforts. He proved he could do this at the Department of Planning, empowering those who had a vision for the city, pushing out those that did not.
But while Otis was able to turn around a non-performing department and produce a workable plan for the city, he ultimately realized that the only way to see its recommendations executed was as Mayor. We should give him this opportunity.
Otis can turn around our city the same way he turned around a department: by creating a new culture. Frankly, there are a lot of people in city government who should be looking for other kinds of work. We can start there.
Otis understands that we need to start allocating our resources differently. Economic development has for too long been about big projects, like the currently proposed $900 Million Baltimore Arena redevelopment. While this plan would assuredly enrich some developers and provide ample future backing for political operators looking to entrench themselves for a lifetime in Maryland politics, we should instead be thinking about new ways to capitalize on Baltimore’s biggest economic development assets: its people and its fortunate geography.
If instead we were to invest $900 Million in the infrastructure to support entrepreneurial enterprises and startups, we could potentially create tens of thousands of jobs across a wide range of income levels. A new startup-friendly Baltimore could outperform other regions in terms of standard and cost of living as well as access to a world-class workforce. A strategic focus on manufacturing, both large and small using the latest technologies, could restore what was once a thriving middle class. Arenas, convention centers, stadiums and hotel subsidies just deliver more jobs that don’t even pay a living wage. Otis knows we can do better.
In 2011, we have a choice: do we want to be a good city, or a great city? Otis has a vision that he will articulate over the coming months as part of what should be an open and healthy debate around the future of our city, and not about personal politics. As I have come to know Otis over the past 14 months, I am confident that he is the right leader for Baltimore’s future. If you give him an opportunity to serve, you will not be disappointed.
Baltimore is Otis’ first priority. He has no aspirations for higher office. He wants to work for Baltimore and for all of you. In 2011, we have the wind at our backs – cities are on the upswing, and the Internet is connecting us in unprecedented ways. It’s time to take back our cities and make them the vital, beautiful, functional, and inclusive places we all know they can be. Otis Rolley can help us do that. This is Baltimore’s moment; let’s seize it together.
Firesheep is a startling plugin that allows anyone to easily impersonate the login credentials of others for dozens of sites. It works on any unencrypted WiFi connection and is stupid-simple to setup. It can be done by anyone in a matter of minutes.
Just to illustrate how easy it is to setup, I was on Virgin America flight VX67 from Washington to San Francisco yesterday.
All I had to do to get going with Firesheep was download Firefox (onto my new MacBook Air) using the in-flight WiFi, and then download the Firesheep plugin for Firefox. Just drag the plugin into Firefox and it installs. Reload Firefox and you’re ready to go.
Click “Start Capturing” and you are instantly snooping on every interaction occurring on the WiFi network. In my case yesterday, that meant snooping on everybody who was using the WiFi on my flight.
What’s At Risk?
Within just a couple of minutes, I was able to impersonate 3 people on Facebook (updating their status, exploring friends, doing anything I wanted to – of course I didn’t). Twitter is also at risk. So is Gmail. And so is Amazon.
Access to Amazon is perhaps the most worrying. Once I realized I was in under someone else’s Amazon account, I quickly shut down Firesheep: this is some scary stuff. What if I had changed the shipping address for the account and done a one-click order on a $10,000 watch or a $2,000 plasma TV?
This was all at 37,000 feet in an airplane (and way more entertaining than SkyMall). Like taking candy from a baby.
Even More Shocking…
Later in the afternoon I was at one of the Internet Industry’s high-profile events: Web 2.0 Summit produced by O’Reilly. There on the hotel’s WiFi, which was setup to serve the summit, I ran Firesheep. Within seconds I had compromised about 25 accounts, including the Twitter accounts of O’Reilly Media and TechCrunch writer Alexia Tsotsis. Change passwords, tweet-as-them, friend and de-friend people? No problem. Here’s what I saw. (Note that my accounts were vulnerable as well.)
How It Works
I have not studied this exploit carefully enough yet to explain it in full detail, but my understanding is that on an open WiFi network, it’s trivial to capture in cleartext all of the web interactions of the users around you on the same IP network. Once you can do that (something Firesheep achieves using the pcap library, capturing port 80) then you can sniff for credential information specific to particular websites. Firesheep supports a couple of dozen out of the box, including all major social networking sites (Facebook, Twitter, Gmail, Gowalla, Foursquare) but also some more obscure sites relevant to coders (Github, Pivotal Tracker). Ouch. It even has an “import” function so others can write exploits for sites that Firesheep doesn’t know about yet.
The bottom line is that these sites all need to enforce the use of HTTPS (secure HTTP) rather than HTTP *before* the login handshake occurs. This will force some emergency changes by many sites over the next few days.
This is not a new exploit – it’s always been possible to do this; Firesheep just makes it stupid easy.
A Note On Passwords vs. Encryption
You’ve encountered WiFI networks that require WEP or WPA encryption passwords. These are secure from Firesheep’s reach. However, there are a lot of WiFi networks that require “passwords” (such as those at coffee shops, hotels, etc) that are in fact open networks. Many do not even require you to login to them to exploit them via Firesheep. To put it in perspective, every Starbucks location is vulnerable to attack.
The only for-sure ways to stay safe from Firesheep for now are to 1) use only encrypted WiFi networks (that use WPA or equivalent), 2) use wired networks that you trust. Any open WiFi network can and will be vulnerable to this attack until vulnerable sites switch to using HTTPS for all authentication. Be very careful out there, folks.
Update: After talking with a few folks and thinking through this exploit a little further, I can offer a bit more complete of an explanation of how it works and why blocking it is so difficult.
The exploit does not actually capture the *password* itself (which is actually transmitted using HTTPS) but rather captures the authentication credentials which are stored (and visible) in the session cookie *after* HTTPS authentication has completed.
So, even a one-time password will not address this. And the reason boils down to ads and other unsecure content that folks want to serve as part of the site experience. To fix this problem would require serving ads (and images) via HTTPS, which would require major computing resources and will have a major impact on the web.
According to one security researcher I spoke to this evening (who formerly ran Yahoo mail), there’s no obvious way around this other than to allow both HTTP and HTTPS content to be served from the same site during the same session, something which presently causes an alert to the user (which would have the result of freaking them out). Such an alert is a good thing; turning it off is not a net gain. It shouldn’t be up to the user to have to sort out which resources the site is requesting should be secure and which ones do not need to be.
So, it’s a real dilemma. No one seems to be sure how to really address it other than to eliminate or curb the use of open networks, which is probably where it’s going to end up. So open WiFi is now basically over. Expect places that had been using it to post publicly available WPA passwords, which solves the problem.
I am CEO and co-founder at 410Labs, and creator of Mailstrom. I'm a serial entrepreneur, software developer, and community builder in Baltimore, Maryland, USA.