Category Archives: Uncategorized

Thinking outside the box about the Equifax breach

Gus Hurwitz had a thoughtful post about the Equifax breach on the American Enterprise Institute blog.

(Full disclosure: Like most techies, I flirt with Libertarianism but basically don’t think much of it.  Living in Washington DC, which effectively has no government, has taught me a lot about the limitations of the philosophy)

Instead of piling on to Equifax, and pummeling them for not having had better security practices, he instead points out that breaches are quite mundane, and that the vectors whereby breaches occur are quite mundane.  In this case, it sounds as if yet another contractor allowed yet another intrusion because of yet another failure to apply known patches.

What Hurwitz points out, in essence is that the occurrence of these “outlying” events is almost certain in systems of enough size and complexity.  Your one server will almost never go down.  Your 10,000-server farm is certain to have numerous servers down at any point in time.

To put it another way, the attackers on a system like Equifax’ don’t have to coordinate.  They can all try at various times and in various ways, and eventually they will succeed.

The defenders, on the other hand, being a centralized group with a castle and a moat, have to be perfect in their defense or the enemy will get in.  Centralized systems have a very hard time fighting decentralized systems.

So Hurwitz asks an interesting question: how can we make the defense of a system like Equifax’ be more decentralized?

One answer is: notify a consumer when their credit data gets pinged, and require the consumer to affirm that the ping was genuine.

I just signed up, in the wake of the breach, for a service that does just that.  Unfortunately, the service is only alive for 90 days and doesn’t auto-renew.  So I have to remember to do so.  Yet another attack surface.  But better than nothing.

Why not have such a service be the default?

Could Putin be the big winner?

The wave of Brexit/nationalism/white supremacy/anti-immigrant/isolationalism/jingoism  call-it-what-you-will seems to be very real.

I wonder many things about where President Trump will play in all this, but one persistent question I have is: will he actually be effective at stuff he does?

If not, the big winner internationally could be Putin.  He has nothing to lose, he seems light-years more capable of doing what he says he is going to do, and, unlike the Chinese, is not hostage to the rich West (they are tied to us as surely as we are tied to them).

This article in the Times today highlights how the world alt-right looks to Putin as a, if you’ll pardon the expression, “white knight.”

Creepy thing to wonder about, but just because it’s creepy doesn’t mean it couldn’t happen.

Omar Mateen: Lone Wolf

I’ve been puzzling over his motivations since the massacre, and suddenly realized something today: he’s the lone wolf that security agencies have been warning us about for a while.

He clearly had a mixed-up history and “broke bad” at some point.  But he didn’t really have a way to give shape to his badness until, really until ISIS burst on the scene.

Watching the other massacres, he realized he could affiliate himself with ISIS — no need for a pesky trip to Syria or even much contact with them — and then carry out an attack.

He did impinge on the FBI and other radars several times, but, because there was nothing further to his plotting — no connections, no ties, no infrastructure — there was no way to escalate our interest in him, no way to pick him out from millions of mixed-up bad-breaking people who might look to ISIS for some kind of justification for their bad feeling.

I sympathize with our security guys: lone wolves are probably the “long tail” of their job, and very very hard to know how to triage the severity of the threat posed by a lone wolf.

But that’s what it looks like he was.  An ISIS wannabe.

Trump, Clinton, and Democratic “smart wins” fallacy

I was born the year Adlai Stevenson first lost to Eisenhower for President.  Eisenhower, like Trump, had never held public office (although it could be argued that his D-Day invasion at least didn’t go bankrupt).  Stevenson was a clever, intellectual, and even witty Governor, so he had run a state (something that voters think well of historically in the U.S., better, say, than being in the House or Senate).

Yet Stevenson lost to Ike, lost badly.  Ike’s slogan: “I Like Ike.”  No rocket science.  No “fitness for office”.  No “I’m way more qualified than he is.”

Democrats for my entire life seem to have not gotten the message from this: smart doesn’t pay in politics.  Quals don’t pay in politics.  Experience doesn’t pay in politics.

Likeable pays in politics.  “Good guy” (or good gal) pays in politics.  “I get where he/she’s coming from” pays in politics.

It looks like this Democratic idiocy is going to play out again this election season (or I guess I’m worried it will; hope it won’t).

Hilary will emphasize her brains, her experience, her fitness for office.  She’ll get no more likable than she is now.  And guess what?  I’m worried she’ll lose.

Trump is a master of the Homeric epithet.  “Lyin’ Ted”.  “Little Marco.”  “Crooked Hillary.”  He coins them, and then he works them over and over, until his audience absorbs them.  In the era of the sound byte, the byte has to be repeated over and over until it sinks in.

The Clinton campaign needs a Homeric epithet against Trump, one that doesn’t have to do with fitness for office, or intelligence, or capabilities, and one that will sink in.  “Nasty Trump”?  “Tiny Trump”? (hands, other parts, smallness of personality and vision.)

“Software Business and Product Strategy”, by David Black. A Thoughtful Book

I just finished my friend David Black‘s book “Software Business and Product Strategy”.  A thoughtful book and, thanks to the stories, a good read.

David’s thesis is that software businesses are somewhat different from other businesses in that:

  1. Software is intangible
  2. All meaningful software projects are really building something for the first time
  3. A software spec is almost the same thing as the software itself (try that for an injection-molded plastic part!)
  4. The substrate for software — computer hardware — is still doubling in power something like every 18 months

He then draws out the implications of these differences.  He says that the principles for building a successful software business are well-understood and even simple, but, like many simple things, are quite hard to execute.

There are a lot of riches in this book.  He talks about “positioning” and “execution” as the two major sources of sofware-business woe, and says some great things about both.

And he talks about sources of failure in software executive teams, the main one being a kind of noble hubris that makes tech innovators want to solve the biggest, most complex, most general problems first when the game is to solve the simplest, most pressing specific problems first.

This is “noble” hubris because wanting to solve big problems is a great and lofty aim.  But in order to solve them one has to build up a track record of solving specific problems first, and that requires — see it coming — attention to “positioning” and “execution”.

The richness of the book is in the scads of stories.  David has lived through more software businesses than most of us and has thought deeply about what went right and wrong with them.

Check it out.

Three “Value Promises” I like

I’m not crazy about new jargon, but when old jargon completely loses its luster it’s time to replace.

“Awesome” certainly needs replacement.  So, IMHO, does “value proposition”.  It’s like when you repeat a word over and over until it sounds meaningless?  That’s what’s happened to me with Value Proposition.

So let’s try a new term for it, a “value promise”.

Arguably it’s a slightly better term.  A “proposition” is an entire proposal, a “business plan”, if you will.  In this era of Lean this and Lean that, a “value promise” is a Lean “value proposition.”  It’s part of a complete package.  It’s an element.

Here are three Value Promises I think are quite interesting in a business:

  1. The “Amazon” Promise.  Amazon got its start by promising that you could get any book in the world at the site.  Now they kind of promise that you can get anything at all in the world at the site.  Any business that promises “all of <x>” is a powerful promise:
    • “Everything you wanted to know about sex (but were afraid to ask”
    • For my future website on “Intelligent Pitching”, I want to promise “everything you need to know about pitching”.
    • Zappos: “every kind of shoe”
  2. The “Progressive” Promise.  Progressive Insurance made a big impression on me by promising to get you the best price on insurance, even if it’s a competitor’s offering.  Extremely useful in new markets where the very form of a solution is still not understood and there are competing approches:
    • “We’ll help you understand the best solution to your problem, including our competitors'”
    • “We’ll help you evaluate your timeshare agreement regardless of its form and tell you how to renegotiate it if appropriate”
  3. The “Hammacher Schlemer” Promise.  Hammacher Schlemer is a gadget catalog (grandmother of SkyMall or Sharper Image), and every item in the catalog is either “best” or “only” in its category.  “Best Turkish towel bath robe”.  “Only infrared drone taser.”  This value promise is very important for establishing competitive differentiation.  Compared to your competitors, where are you “best” or “only”.  And if your “best or only” is some squirrely little niche, how do you pivot?

Leaving Valhalla, Experimenting with car replacement

Well, the news is I left @ValhallaVC after 12 years.

I had been thinking for some time of ways to expand my writing, speaking, teaching, coaching, and mentoring, which have given me more and more satisfaction in the past few years.  When the opportunity presented itself, my partners at Valhalla and I worked through an amiable separation, and, since April 30, here I am.

Lots of food for thought in this, and I’m talking with friends and business buddies about the implications and the next steps.

But, unexpectedly, I’ve begun to wonder about keeping 2 cars in the family.

I had toyed with alternative commutes to Tysons (some 13 miles each way) over the years.  I tried the Silver Line several times (apologies to non-DC audience for these local details) and found it was pretty good in the morning and routinely problematic in the afternoons.  There was, as Roseanne Roseannadanna used to say, “always something.”

I also looked into a ZipCar at the Tysons end of the commute, figuring that I could get out there by public transportation and then use the ZipCar for errands.  The arithmetic never seemed to work out: it was way too much per putative errand.

Now that I’m not commuting at all, however, the arithmetic looks a little different.

If I could bike around for a batch of local local errands and then use either Car2Go or ZipCar for less local trips, it might actually work out.

First, the bike.

I trotted out my hybrid bike from the garage last weekend and found that it has a broken spoke.  I’ll either fix it or have “them” fix it.  My (Valhalla) partner Harry says that a spoke replacement is either easy or it isn’t.  That makes sense to me.

Car2Go and ZipCar are not entirely competitors.  The wisdom of the InterTubes seems to be that Car2Go is more like a taxi and ZipCar is more like a rental car.

Car2Go cars are small and relatively useless for anything besides getting your body someplace (or back from someplace).  New Yorkers I know will schlep groceries or plywood or even (in the case of my friend Ellen) 50-lb bags of sand in a taxi, but that’s extreme.  It’s mostly about personal transportation.

ZipCar is for longer trips, with a more varied selection of cars/trucks, and the possibility of doing some serious hauling if necessary.

Car2Go has one fee for a lifetime signup, and then hourly usage fees.  ZipCar has an annual fee (as well as — how lame is this? — an “initiation” fee) in addition to hourly fees.  And apparently Car2Go pays out for short trips, ZipCar for longer ones.

So I signed up for Car2Go, and am waiting for them to approve my membership (based, they say, on my driving record, which is decent).  And then I’ll see about ZipCar, which has those Other Fees.

Debbie’s take on Trump

We’ve been poring over Trump commentary in the past couple of weeks with horrified fascination.

On the one hand, it’s delightful to preside over the collapse of a political party devoted to hating science and keeping women barefoot and pregnant.

On the other hand, the idea of Trump-as-President is scary.

There’s no shortage of Hitler comparisons around, but he really isn’t much like Hitler (at least not yet).  He’s not very ideological.  He doesn’t lead a fascist movement.  (Although he does smart over past wounds to the US.  And he is a racist, down to the remarks about who some of his best friends are.)

But my wife Debbie came up with the right analogy today.

“Trump’s really like Kim Jong Un in a nice suit,” she said.  And that said it all.

“Elevator Pitch” and her sisters

Crisply saying what you’re up to is a real art form, and, like any art, there are more bad examples than good.

One of my pet peeves is the “Uber of <mumble>” tag line.

“What do you guys do?”

“Oh, we’re the Uber of musical instruments.”

OK.  What does that mean?  It has to be explained anyhow.  It’s almost never obvious.  And so the tag line fails in its mission, which is to crisply say what you’re up to.

In fact, cutesy metaphors like this almost never work.

In this case, if you said, instead, “we let owners lend out their musical instruments to paying users, like Uber,” you would accomplish much more with fewer net words, and, by the way, you’d say something about your business model and your value proposition.

Tag lines, elevator pitches, one-liners, one-minute summaries, they are invitations to confuse instead of summarize.


I think people hate elevator pitches because they make the power assymetry between the pitch-or and the pitch-ee obvious.

Imagine the situation: you’re in the elevator with your “prospect”, and you have a very short amount of time to get his/her interest for your project.  It’s sell or die.  You are the Pursuer, and they are the Pursued.  It’s an invitation to a Righteous Indignation Party, and, as we know, crappy humor and indignation are closely related.


But put yourself in the recipient’s shoes for a moment.  Someone you know nothing about is about to make a demand on you: for your time, for your attention; for your investment, perhaps.  If the first words out of their mouths are, “think of it like Uber for musical instruments,” the encounter will not go well.

If the first words, instead, are “I’m trying to raise money for a business idea letting owners lend out their musical instruments for money.  Are you interested?” it’s, as they say, a horse of a different color.

Spend the time to boil down your statement to something crisp, not something cute.