Feature Friday: Password Management

I posted about The Interview last Thursday and the next morning I woke to a message from Facebook:

suspicous login attempt

I can’t imagine the login attempt on my Facebook was in reaction to my blog post about The Interview, but as Andy Grove famously said “only the paranoid survive” and so I spent some time changing passwords that morning.

I don’t want to get too much into my personal security setup but I will say this. I try out a bunch of services every week and many of them ask me to create a login. I use a fairly basic login for those services. But for anything that is serious, I like strong passwords that are unique for each service.

I find a password manager to be helpful in managing all of them. The big issue with a password manager is you are creating a single point of failure by using one. But if the alternative is easy to guess passwords that you use frequently, I think going with a password manager is the better alternative. A couple popular ones are Dashlane and 1Password.

I also use two-factor authentication on services that offer it and, as I have posted here, I like using the Authy app to generate the tokens for me on my phone.

One thing I have decided to change in the wake of that Facebook login attempt is to treat social media services differently. I used to think that social media services weren’t “serious security issues” and did not worry too much about them. I’ve decided that isn’t right and I now treat social media services similarly to banking and productivity services (like email and cloud storage).

But even if you lock down your own services tightly, you still have to be worried about what you put into email and other messaging apps because the person you send the messages to you may not be as secure as you are. That’s one of the many lessons from the Sony hack. A friend of mine told me she only puts into email things she is prepared to have read on the nightly news. That’s a high standard and one that I am going to strive for myself. Given the nature of my work, it’s going to be a hard one to reach.

I think we can expect hacking and other forms of attacks on our personal data and systems to increase significantly in the next five years. If you are looking for a good new year’s resolution, I think taking security more seriously, and specifically using unique strong passwords and two-factor auth on all of your important services would be a good one. I already do that but I am always looking to do more of this sort of thing. Andy Grove’s mantra is a good one in this regard.

Merry Christmas Everyone

It’s Christmas Day, a holiday in much of the world and one of the biggest religious holidays of the year. We are spending it with family and friends on a beach in the caribbean. I hope that all of you are spending the day with friends and family. I know that Christmas is a tough day for some and I hope that you have someone close to you to spend it with.

If you are looking for something to do, I would suggest watching The Interview, which we discussed here last week. I have no idea if this movie is any good or not. What I do know is that a massive online viewership on “day and date” would be a big thing for the film industry. First and foremost, it sends a message to whomever hacked Sony that attacking a film studio is not going to stop a film from being shown. That, in and of itself, is an important message to be sent and we can all send it by watching this film.

Sadly, The Interview is only available to be viewed/downloaded in the US today. This is from the website:

While we do hope to see the release of The Interview across the globe, for the time being this is limited to the USA only. You can only purchase the movie with a US card, and can only stream it from a US IP address.

That’s a bummer and highly relevant to what we discussed here yesterday. I’m going to use a VPN to spoof our IP so we can watch it today. But this whole geo blocking stuff is so annoying.

But there is something else important going on here. The theater operators have to date been very hostile to the idea that a film studio would put a film out directly to viewers over the Internet on the same “day and date” that the film is released in the theaters. If Sony has a massive online viewership of The Interview today, that could change the dynamic between the film studios and the theater industry. And that would also be a good thing.

So I’m going to figure out how to download and watch The Interview today. I hope everyone who cares about this stuff joins me. This could be a watershed moment for over the top online film distribution.

The Not So Global Internet

We’ve talked about this stuff before, but not lately. The promise of the Internet is you can connect a server to the Internet anywhere in the world and reach users anywhere in the world. You can login to the Internet anywhere in the world and reach services anywhere in the world. In reality it doesn’t work like that in many places for many services.

We are in the caribbean this week celebrating the year end holiday with friends and family. Yesterday we installed a VPN client so that the Gotham Gal could do some online shopping on a website that only sells to users in the US. We also installed a bittorrent client so that a friend of my son could watch films he had rented on iTunes before he came down here.

The latter experience was particularly frustrating. My son’s friend rented the films on iTunes in NYC, flew down here, then when he tried to play them, they would not play because of IP blocking, but the rental clock (24 hours) started ticking anyway and he lost the rental rights he had paid for.

So we installed a bittorrent client, downloaded the films, and watched them. We figured that my son’s friend had paid for them so we might as well watch them.

I’m not really down with spoofing my IP address or pirating films. I would way rather do things on the up and up on the Internet. But when companies break the Internet to enforce some random geography restriction, and when there are easy to use workarounds, it’s human nature to use them.

The worst thing about all of this, as I’ve blogged before, is that these restrictions teach us the workarounds. The Gotham Gal had never used a VPN before. My son’s friend didn’t have a bittorrent client on his computer. Now they are well versed in these technologies. That’s life on the Internet in late 2014. I’m hoping someday it won’t be like that.

College and Entrepreneurship

After I tweeted out a link to yesterday’s post, I had this twitter exchange:

I took some time today to look through our portfolio and estimate the percentage.

I believe 21 founders out of a total of 72 that we have backed in the history of USV did not graduate from college. That’s about 30%.

However, I believe 17 founders have advanced degrees, including a few PhDs. So roughly a quarter of the founders we’ve backed have invested heavily in their higher education.

There are no specific credentials required to get funded by USV or most other VC firms. You need to be credible as an entrepreneur. That means being able to see, recruit, make, and sell. If you can do that, and if you can prove you can do that to investors, you’ve got a great shot at getting funded.

Finding ROI In Higher Education

The news is full of stories where students paid hundreds of thousands of dollars to go to college (and beyond) only to find themselves stuck in dead end jobs and unable to pay off the cost of student loans. We have a crisis in the US in higher education. The costs have risen and the benefits have declined.

It has gotten to the point where I believe if you have to personally shoulder the cost of your higher education, you should think twice about the traditional model. If you can get scholarships or if your parents are willing to pay the tuition bills, I still think its a valuable experience, but sadly it is not one that makes sense if you have to make the investment personally.

So what are we going to do about that? We need to find new models. And one new model that is working in NYC is The Flatiron School. The Flatiron School started two years ago and teaches students, both high school grads and college grads, how to become software engineers in a twelve week course that costs $15,000. Scholarships are available for students who cannot afford that investment.

Today The Flatiron School has published an audited report that validates the notion that their model produces graduates who can find high paying jobs. Here is a summary of the report and this is the “money slide” from it:

cost and benefit of flatiron

So for a high school graduate, the tuition at Flatiron can be paid back with six months of after tax income. For a college graduate, you can increase your pay by ~$30k by spending $15k. You get that payback in one year of after tax income.

For the average college grad, it takes roughly three years of all of your after tax income to pay off your college costs. If you go on and do Flatiron, you can pay off everything with two years of after tax income.

Anyway you cut the numbers, The Flatiron School is a great investment. Part of it is that the students learn a valuable skill – software development. Part of it is that the cost of delivering that education are very reasonable. And it isn’t that they do this on the cheap. Here is the work required from a student at The Flatiron School:

educational activity at Flatiron

There’s been a lot of talk that online education is the answer to lowering the costs of higher education. The huge investment in MOOCS that happened a few years ago was based on that notion. The reality is that online education is a part of the answer but not the silver bullet that some thought it would be. I gave a talk at Wharton a couple years ago about this.

The answer to lowering the cost and increasing the benefits of higher education requires a multitude of changes to the current model. And one of them is teaching students skills that are directly related to job requirements. Doing that makes students more employable and more valuable.

This is not a criticism of the liberal arts model, per se. As Steve Jobs said in this interview, learning to code is a liberal art. This is a criticism of administrations and faculties that are rigid in their interpretation of what liberal arts and education should mean. This is a criticism of not evolving and changing with the times. This is a criticism of thinking what worked yesterday will work tomorrow.

And mostly this is a criticism of not making hard choices. Schools that are happy to add courses, faculty, and buildings are not willing to eliminate courses, faculty, and buildings. When you always add and never subtract, you get cost structures that are not sustainable.

The Flatiron School is an example of what can be done with a blank slate. They have figured out how to give students highly relevant and valuable skills at a cost that is both affordable and recoupable very quickly. Adam, Avi, Sara and the entire team has created a model that should be an inspiration for others.

What I Write About And What I Don’t

There was a discussion in the comments on this week’s fun friday post about me “pimping” our portfolio too much. To which I responded with this:

i am my portfolio. its all the same thing. i go to bed thinking about it and wake up thinking about it. i would blog way more about it than i do but i can’t talk about most of the stuff that is going on in my portfolio.

It’s the latter point I want to talk about a bit today. Every day I run a bunch of blog topics through my head before deciding what I am going to write about. And most of them get rejected because they are “too close to home” meaning they are too specific to something that is going on right now in my work life. There is one thing right now, for example, that would make a great blog post but there is no way I can talk about it. That is almost always the case.

Here are some rules I live by:

1) If an entrepreneur walks into our office and tells us/me something that is not publicly known, it is confidential unless I explicitly ask for permission to mention it on AVC and receive permission.

2) If something happens in our portfolio, in a board meeting, in the company, or even in the market, and it is not public, then it remains confidential and I do not blog about it unless I’m asked to.

3) I don’t mention people by name unless I ask them and they OK it. There are times I don’t comply with this one perfectly. Last week I mentioned AVC community member Kirk Love in a blog post by name but left his wife’s name out. Kirk is known to this community and the mention was pretty harmless. This is something I manage as best I can. I think I do a decent job of it but it’s always a calculation.

4) If its a grey area, I don’t blog about it. Better to be safe than sorry.

What I should do and don’t, at least right now, is write down all of these things I’d like to write about but can’t, so that I could come back to them in the future when they are in a place where it is possible to talk about them. Not everything gets to that place. But a lot of things do. I will think about starting to do that.

I find myself in the middle of, or have a courtside seat for, a lot of super interesting things. But I can’t and don’t write about most of them. Which is a bummer for me and a bummer for all of you too.

Video Of The Week: A History Lesson On Why We Need Neutral Networks

My partner Brad went down to Chattanooga where they have a gigabit fiber network around the city and attended an event about connectivity and what it does for society.

In this short (~10mins) talk he gives a history lesson on how we got permissionless innovation on the Internet and why we could lose it.

Fun Friday: Year End Music List

Every year since I started this blog, I’ve shared my favorite music of the year with the AVC readers.

In the early years, I would post different album every day for ten days (or eleven) in the process of putting together a top ten list. I moved away from albums a few years ago because I just don’t listen that way very much anymore.

I’ve moved to SoundCloud playlists and today I’m publishing my Essential Tracks of 2014 playlist here at AVC. It’s also available On SoundCloud and everywhere that SoundCloud is available (your phone, your browser, your Sonos, etc, etc). Enjoy.

The Interview Mess

So Sony has decided to pull the plug on The Interview after the major theater chains decided against showing the film.

This is a fascinating story on so many levels. It is not clear  to me who was behind the hacking attack on Sony, but there are some obvious candidates. We are witnessing cyber warfare in real time. And there are real costs involved. Who knows how much Sony has lost or will lose as a result of the hacking incident and all the repercussions. But we do know that The Interview cost $42mm to make and there were “tens of millions” of marketing and distribution costs already spent as well. All of that comes from the article I linked to at the start of this post.

How will this impact the entertainment business going forward? Will they now harden all of their systems? Yes. Will the cybersecurity industry get a boost from this incident? Yes. Will it change how they think about making films and other entertainment? I would have to imagine the answer to that question is yes.

And what of the film itself? Should we allow censorship of this form to exist in our society? Should the film get released in some form?

I think the Internet, which was the source of so much harm to Sony, should also provide the answer to what happens to this film. If I were Sony, I would put the film out on BiTorrent, and any other Internet services that want it. Give it to Netflix if they want it. Give it to iTunes if they want it. Give it to HBO if they want it. Give it to Showtime if they want it. Essentially give the film to the world and let the world, via the Internet, decide what they want to do with it.

Of course this is about money to Sony. $42mm is a lot of money to write off. And it is a lot more than that given all the extra costs. But keeping the film locked away in a vault is also a cost. Both to Sony and to society. It says that the attack worked. I think the best thing Sony can do at this point is give the world the film and let us all decide what we think about it. We should not let cyberterrorist censorship have its way.

What’s Next

I am always thinking about what is next and I feel like I’m spending even more time this year thinking about this. All of us at USV seem to be pondering this question a lot right now.

I came across this nice post by Ben Thompson in which he ponders the question out loud, which is my favorite way to ponder.

Here is the money quote:

While the introduction of the iPhone seems like it was just yesterday (at least it does to me!), we are quickly approaching seven years – about the midway point of this epoch, if the PC and Internet are any indication.4 I sense, though, that we may be moving a bit more quickly: the work/productivity and communications applications have really come into focus this year, and while the battle to see what companies ride those applications to dominance will be interesting, it’s highly likely that the foundation is being layed for the core technology of the next epoch:

Ben’s framework is roughly similar to ours but his conclusions are a bit different as follows:

1) I would substitute personal mesh for wearables

2) I would substitute the blockchain stack for bitcoin

3) I would bet on messenger as the next mobile OS over anything else. We have already seen that happen in China.

But in any case, posts like Ben’s and what comes of them (this) are super helpful. Thanks Ben.