Browsed by
Author: Anu

Lover of technology, squash, sailing, reading, cooking and eating!
Change the world! But make $29.99/mo while doing it!

Change the world! But make $29.99/mo while doing it!

I attend a few tech conferences, primarily in the consumer internet space. Usually, these conferences have some way of demo’ing a bunch of new startups trying to peddle their wares and trying to woo the investor community. The format is a little different each time, but there is some version of the company’s CEO presenting on-stage, with a panel of judges trying to, well, judge the pitch and the business.

There are a few themes that I have seen consistently across these events, irrespective of which city the conference takes place in, and what the latest and greatest topic in the internet happens to be. For the most part, the takeaways from the conference are not very much, except for a few shining and unusual experiences (for example, I met a guy yesterday who makes flying cars).

Based upon my previous experiences, I can already predict what most of the judges are going to say. Typically, the judges’ panel consists of 4-5 members, with 2-3 members from the investor community, 1 entrepreneur, and 1 media person. It’s much easier to predict what the investors and media people are going to say than what the entrepreneur is. The entrepreneur focuses mostly on the CEO, while the rest focus on the quality of the pitch (and not the content), and the addressable market. I will write in detail about the problems of the addressable market theory in a future post, but for the purposes of this post, the feedback falls mainly across the following three areas.

1. ‘Refine the pitch’, or ‘I couldn’t really understand your product’

Although it has come to be accepted that one must have a good pitch to woo the investor community, the question still arises: Why? I see the argument that the pitch must be refined because often times the investor is a super-busy person (or claims to be anyway), so the investor’s time should be used by the entrepreneur as a scarce commodity. Good investors also get pitched a lot, so if you are only getting a short attention span from them, it’s better to make the most of it quickly. But when it comes to conferences, the situation is very different. The judges, as well as the investors in the audience, are for the most part captive audiences. They can be on their iPhones checking email or whatever, but they are not really going anywhere. So, I really think that although the entrepreneur should do his best to refine the pitch, practice and try to make most of the opportunity, the investor shouldn’t really be criticizing the pitch. Instead, they should be focussing on the content behind the pitch. Most of the tech entrepreneurs (with the exception of probably Steve Jobs) are not great presenters, so let’s just leave the feedback on the pitch on the backburner. For me, when someone criticizes the pitch, it really feels like trying to find faults in the grammar and spelling of an engineering report. Yes, it makes a difference, but please be smart enough to look beyond that.

2. ‘But none of these companies are changing the world’, or ‘I dont think your product will make too much money’

Ah yes! This one is my favorite. This is not common to just investors, but the audience at large. There are multiple forces pulling the company in different directions. The main ones are 1) be innovative, and 2) make money. Of course,  I don’t believe that the market is completely efficient, but it is not completely inefficient either. So, the two forces are actually pulling the company in two different directions, not quite 180 degrees apart (180 degrees apart would be in a completely efficient market), but you get the idea. Thus, the company has to find a way to change the world, and make shit load of money right off the bat. How many companies do you know that actually did that? You know, the ones that had an innovative product that a large portion of the world is using, and that had a strong plan to make money? I know zero. The reason is that if there is a clear way to make money, then it would already have been done. Efficiency in markets exists when the knowledge required to tap an opportunity is low. As the sophistication increases in a particular space, so does efficiency, since there are more people who are now approaching expert-level thinking. Therefore, it stands to reason that the fewer the number of experts in any domain, the more opportunity that lies in that domain. Consequently, it also follows that making money is not at all obvious. One corollary to this idea is that as making money becomes more obvious, more people becomes experts to fill in the gap.

3. ‘There isn’t an addressable market out there’.

The same case could be made for Yahoo, Microsoft, Google, Facebook, Twitter, and new products that will be out there. Asking for an addressable market is really a way of saying ‘I can’t see how you will make money’.  I can kind-of understand this coming from the investor because the pressures on their business is vastly different from the pressures on an entrepreneur. Even when investors have been on the other side of the fence, the truth is that they are now in a different situation in life, and obviously, they are going to judge things based upon their perspective. Of course, some are smarter than others, and also more risk-friendly than others, but fundamentally, their goals in life have changed. What I don’t understand is when other entrepreneurs think like that.

Most of the above feedback from investors really means that they don’t really like the team, and are not confident that the team will deliver and stay the course to solve a worthy problem in the space. One of the key ways to judge startups is, of course, looking at the person presenting, what she has done in the past, how passionate she is about the problem space and how committed the team is to the problem. Notice that I didn’t say that they need to be committed to the product, but only the problem space. Most of the time, the exact problem is a little unknown and the product is only a first iteration anyway. However, the effect of the feedback from these conferences is that a lot of entrepreneurs start taking less risks instead of more. Taking risk for it’s own sake is, of course, a gambler’s trait, so I am not advocating that. I am simply advocating trying to solve bigger and more important problems, which necessarily come with greater risk. I believe that true entrepreneurs quit their jobs to do that anyway.

For further reading on similar ideas, read this excellent blog by Ben Horowitz, as well as this one by Glenn Kelman.

My hiatus from a lot of online activity

My hiatus from a lot of online activity

So, I have been away from blogging. I mostly write for my own sake and to collect my thoughts. Truth be told, I have been away from a lot of online activity, as part of my experiment on a low-information diet. I will detail the results and observations in a later post, but for now I am back, and looking forward to writing about some of the topics I have been thinking about recently.

Lessons from the Dancing Man – Build only when asked for it

Lessons from the Dancing Man – Build only when asked for it

A few weeks ago, Derek Sivers gave a talk on how to make a movement and things we could learn from a video he took (or maybe someone else did) of a dancing man in a park. I encourage everyone who hasn’t to go and read his article, but for completeness sake, and because I am not taking any ownership of the idea itself, I am embedding the video here. Derek Sivers gives a voice-over on the video, and it is very very instructive. Before I rant on an on, the lessons are obvious once you watch the video and hear Derek describe what is happening. Here you go:

Pretty amazing, isn’t it? In just 3 minutes, the video and the example of the dancing man bring the idea to the brain so forcefully that the power of the first follower becomes more than apparent. I was thrilled when I saw this video, and the lessons are profound. But I think there are also many more lessons that can be learned if we just extrapolate the example and apply it to the consumer internet (because that’s where I spend most of my time and energy these days).

To recap, the idea presented in the video is that the lone nut is a lone nut until the first follower comes along and validates the lone nut. The lone nut at this point publicly embraces the follower, and accepts him as an equal. This encourages the first follower to continue dancing, and even call out to his friends. One friend comes along, then two and soon the lone nut is transformed into a leader. There is validation, and soon there is momentum. The crowd then explodes, and people who didn’t want to join earlier for fear of appearing stupid must now join for fear of appearing uncool. Powerful idea indeed.

Consumer internet companies follow a very similar pattern as well. For every idea, every product, every feature, the product developer/entrepreneur is the lone nut. Notice that it is important that the lone nut appears to be doing his thing because that’s what he is all about. This soon attracts a few other people who have similar tastes and they join in. This is the crucial juncture. These are the people who shouldn’t leave, but keep dancing with you. These are the people who are going to attract other followers and turn your product into a movement. Unlike the free-flowing dance, the initial followers cannot express themselves in any way they want. They are restricted by the features that are available in the space. Thus, it is VERY important at this point for the product designer/entrepreneur to publicly acknowledge the initial followers and listen to their feedback. Unless you listen to their feedback, you cannot let them be part of the movement. Remember that by accepting the first follower as an equal, the lone nut transformed his idea into the follower’s idea as well. If the follower was forced to go along with the moves of the first follower, the movement would probably not have happened (unless they were doing the hustle).

If we were to place ourselves in the park with the dancing man, it is not difficult to see that if the movement had failed to pick up when there were 5-6 people, then it would have died unceremoniously. The initial followers would have stopped one by one and soon, the lone nut would go away to another part of the park. We can see this happening everywhere. If a few people leave from a party, suddenly everyone leaves from the party. A few people leaving from MySpace suddenly makes everyone leave as well. This is very very true for internet companies. Therefore, it is absolutely essential that the initial followers MUST NOT leave. These are the people who provide validity to your product, and will help it become a movement.

As an entrepreneur and of a consumer internet product, it is important for your product that there are at least some people who will form the foundation for the product by living and breathing it everyday. These people will evangelize your product and go on to attract their friends, and help transform it into a movement. Most of the other people will join because that’s what momentum does, but if you lack the support of this basic group, then the movement just might never happen.

I believe that every product begins with an idea that someone finds useful. As a result, you will always attract a few people initially. It is important at this point to listen to their feedback, and really give them something that they want, and not something that you think they might want, or something else that you think that many other people might want. Unless people are asking you for something, don’t build it.

Paperclip Storage S3 Extension

Paperclip Storage S3 Extension

I recently switched from using attachment_fu to paperclip to store images on S3 in my Rails models. Paperclip is great, as it creates the columns in the model itself without requiring another model (and hence another query to the db). I also use paperclip to store the images uploaded to Amazon’s S3, which works great for me, instead of storing images on the local filesystem.

However, there is one problem that I keep running into time and again. Every few days, I take a dump of the production database and load it in my development environment. Sometimes, I also use the same database in the test environment. The problem, of course, is that unless I duplicate all the files in S3’s storage, I dont see any images, and thus, don’t get nearly the same experience as that of production in either my dev or test environments. Additionally, I do not want to change the bucket configuration in my dev environment to point to the production bucket, as that can create additional problems when I am testing writes and deletes to that bucket.

Wouldn’t it be great that in your dev environment you could still see the images from the production bucket *if* the corresponding image in the dev bucket did not exist? Additionally, if you ever made changes (edits or deletes) to these files, then those changes would be made from the dev bucket and not the production bucket.

So, my friend Shan Bhardwaj, and I ended up writing an extension to the paperclip storage module that does exactly that. You can find the extension at http://github.com/finknottle/Paperclip-Storage-Extension

What this extension does

The paperclip plugin is great to add files to your existing model without requiring an additional model.
The paperclip storage module has a module called S3 which allows you to store your uploaded files in your S3 account.
The buckets can be defined in the configuration YAML file, typically called #{RAILS_ROOT}/config/amazon_s3.yml or
#{RAILS_ROOT}/config/s3.yml.
The configuration file looks like

development:
access_key_id: your_access_key
secret_access_key: your_secret_key
bucket: bucket_name_on_S3

production:
access_key_id: your_access_key
secret_access_key: your_secret_key
bucket: bucket_name_on_S3

The problem though is that when you are developing on your machine, or creating a test machine, but with the production environment, then you want to copy the db from your production machine, and play with the data. At this point, you usually want your files (typically images) to be available for your environment. But at the same time, you don’t want to change the files in your production bucket when you change them in your development or test environment.

This is where this extension comes in. The extension allows you to add two more configuration options to your YAML file. So that, the file then looks like

development:
access_key_id: your_access_key
secret_access_key: your_secret_key
bucket: bucket_name_on_S3
bucket_alt: alt_bucket_name
testing: true

production:
access_key_id: your_access_key
secret_access_key: your_secret_key
bucket: bucket_name_on_S3
bucket_alt: alt_bucket_name
testing: false

You can add the additional two options through a capistrano recipe or a chef recipe, based on your deployment mechanism.

Thus, in your production environment, everything will work as before, all reads and writes will occur on the production bucket defined in the configuration bucket:

However, in your test or dev environment, the reads will be done from the alt_bucket_name if it exists (production
bucket), but the writes and deletes will be done from your bucket (dev bucket).

Installation

You can get the lib from http://github.com/finknottle/Paperclip-Storage-Extension.
Simply add the paperclip_storage_ext.rb file to the #{RAILS_ROOT}/lib/ directory, and require it in the environment.rb file below the Rails Initializer block
require 'lib/paperclip_storage_ext'

If you have questions about this, feel free to drop me a line.

Why PayPal doesn’t quite work for me

Why PayPal doesn’t quite work for me

A few days ago, I bought some software for a friend. He lives in Los Angeles, so payment was obviously an issue. I had the software shipped to him directly from the vendor and paid for it myself (it had to be my credit card). We both thought that using PayPal would be super easy, and I would get payment easily enough.

I remembered that many months ago another friend of mine had sent me an invoice and I got charged a fee. Not wanting to pay any fee, I decided to send the invoice to this friend as well, but I still got charged a hefty fee. On a $96.08 transaction, PayPal charged me a fee of $3.09. This is ridiculous. The worst part is that it is not clear at all where and who gets charged a fee. Only recently have PayPal made their fee structure clear and easy to find on their website.

In either case, I don’t think I will be using PayPal anytime soon to ask my friends for money they owe me. A cheque is not too much trouble. It arrives in the mail, and I can deposit it the next time I go to withdraw some cash from my nearby ATM machine.

Rails Extend and Include

Rails Extend and Include

From time to time, I blog about the different things I learn in Ruby on Rails. Recently, I have been engrossed in the metaprogramming aspect of rails. There are some excellent tutorials on the web, but the hierarchy of how methods are called when classes or objects are extended is not discussed thoroughly anywhere. I ran many experiments and found this for myself, so hope that other people will be able to learn from this as well.

Extend vs. Include

“extending” a class with a module adds methods from the module into the class as class methods.
“including” a module into a class adds methods from the module into the class as instance methods.

There is a lot of discussion around this concept, and this is simple to demonstrate. So, if you ‘extend’ a class (say Foo) with a module with method (say bar), then you can call Foo.bar. However, if you on include the module into the class, then you can call foo.bar, where foo is an instance of the class Foo. This is pretty simple to understand.

However, what happens if you already have a method called bar in the original definition of the class. In that case, if you ‘include’ the module into the class, and then call foo.bar(), which method gets called? the bar method in the class definition, or the one defined in the module?

According to the ruby method name resolution algorithm, Ruby searches through the following steps for a name resolution:

  1. As the first step, Ruby checks the eigenclass of o for singleton method named m.
  2. If the method named m is not found in the eigenclass, Ruby search the class of o for an instance method name m.
  3. If the method m is not found in the class, Ruby searches the instance methods of any modules included by the class of o. If there are modules included, they searched in the reverse of the order which they are included.
  4. If no instance method m is found in the class of o or in its modules, then the search moves up the inheritance hierarchy of the super class. Step 2 and 3 are repeated for each class in the inheritance hierarchy until each ancestor class and its included modules have been searched.
  5. If no method named m is found after completing the search, then a method named method_missing is invoked instead. In order to find an appropriate definition of this method, the name resolution algorithm starts over at step 1. The Kernel module provides a default implementation of method_missing, so this second pass of name resolution is guaranteed to succeed.

According to this, the method bar defined in the class will win over the method included in the class. Note that if you extend the class with the module, and there is a method defined in the class as ‘self.bar’ will prevail over the one in the module.

This is pretty easy to understand. However, this gets confusing when the instance of the class itself is extended with a module.

  module Mod
     def hello
       "Hello from Mod.\n"
     end
   end

   class Klass
     def hello
       "Hello from Klass.\n"
     end
   end

   k = Klass.new
   k.hello         #=> "Hello from Klass.\n"
   k.extend(Mod)   #=> #<klass :0x401b3bc8>
   k.hello         #=> "Hello from Mod.\n"
</klass>

As you can see from the above example, if the object itself is extended with the module, then the method from the module wins over the one defined in the class.

Confusing, isn’t it?

Go ahead, cancel your AT&T contract

Go ahead, cancel your AT&T contract

AT&T sent me a notice detailing that the old ETF is no longer in effect. If you remember, AT&T charges an early termination fee (ETF) of $175 if one cancels the 1-year or 2-year contract with them which was initially used to get a larger subsidy on the cost of the phone. For people who have paid full price for the phone, like me, this was never a good idea and one of the reasons AT&T managed to keep their tentacles hooked into me.

According to the notice, AT&T wireless and Cingular customers who’ve had service any time after January 1, 1998 may be in line for their share of a $18 million cash and “cash benefit” settlement. AT&T also notes that this settlement is for their “old” ETF program, and not for the new pro-rated ETFs that they introduced in 2008.

“We strongly deny any wrongdoing, and no court has found AT&T Mobility committed any wrongdoing regarding these fees. However, we have agreed to settle to avoid the burden and cost of further litigation.

It’s important to note that the litigation involves old early termination fee policies of the old AT&T Wireless and Cingular. In 2008 we introduced a new, more flexible early termination fee policy, in which we pro-rate the ETF if you are a new or renewing wireless customer who enters a one- or two-year service agreement.”

With AT&T’s shoddy coverage in the San Francisco area, I am seriously considering breaking my contract and going towards greener pastures.

How many people LOVE your product?

How many people LOVE your product?

Or how many people hate it? I attended a session recently where one of the speakers (Dave McClure) was very passionate about this topic. And with good reason. All of us who have tried making consumer internet ideas a success know that the enemy is not people hating our product, but people just not caring enough to comment, talk about it with others, or in any other way spread the word around.

Most startups rely on some form of word of mouth propagation. Assisted by tools for sharing, it is known as viral, but the basic concept remains the same. In either case, some user has to care enough to click on something and let other people know. People will spread the word around either if they love your product or if they hate it. But if they just like it or don’t care enough, then the product has very little chance of survival. Dave, at the conference, made it more dramatic by suggesting that we think in terms of how many people are willing to ‘fuck’ or ‘kill’ our product.

After coming back home, I realized that it is still very vague. How many people want to fuck my product? I don’t know if anyone wants to fuck Amazon, but there it is, a huge success. Killing the product is easier to understand, but I still fail to imagine how many people want to kill a bad product (maybe a competitor, but the competitor is unlikely to give any press). However, when I started thinking about it, I came up with my own paradigm. In addition to asking how many people LOVE your product, it is also important to ask how many people LIVE your product.

With every consumer internet business, the early adopters are the ones that will make the business. These early adopters do things which sometimes astonish the business owner as to why they are doing it. For example, there are people who have generated thousands of reviews on epinions in the early days. Noone could have know what those people will derive, except some form of satisfaction. The key is that some people should absolutely LIVE your product day in and day out. This means that if you are in a vertical, then go and find those people who live that vertical as a lifestyle. For example, for gigzee, we want to attract the youngsters who live the whole live music/club lifestyle. If even a small number of such people use our product every day and can remember it by name, then the chances of a positive recommendation from them is going to be very high. Additionally, the chances of them recommending to someone else is also very high. These early adopters form the basis for the increasing set of users who will derive the additional benefit from the product.

So, next time when you are designing features to move from 0 to critical mass, ask yourself, how many people will LOVE your product. But don’t neglect how many people will LIVE your product.

For more on how to measure the engagement from these early adopters, read this excellent post by Andrew Chen.

Learning how to pitch

Learning how to pitch

I attended the Twiistup event last couple of days in Los Angeles. It was a great event with lots of interesting people, and some decent companies. As usual, the best part of the conference is meeting with the people, and also seeing where the energy lies in the software space right now. There were 9 companies that were selected to show-off their product, with a tenth slot open for a wildcard entry. The wildcard companies got to present the day before, with an audience vote sending them to the show-off event.

It was really amazing to see that out of the 10 or so wildcard companies, only 2 managed to pitch well. Not really well, but well. The rest 8 were terrible. For all entrepreneurs out there, before you go out to pitch, do yourself a favor, and read the two excellent books by Gene Zelazny – Say it with Presentations, and Say it with Charts.

Not only do these two books make you a better presenter, they will help you structure your content in the most logical way, and present ideas in ways that make sense. And yes, please please please, practice your pitch a few times in front of friends before pitching to others. If that makes you a little uncomfortable, well, that’s the whole idea.

GMail, why can’t I regain full control of my account after being hacked?

GMail, why can’t I regain full control of my account after being hacked?

So my gmail account got hacked. Yes, painful, but also very instructive. Firstly, I still do not know exactly how it got hacked. I don’t use any public computer. In fact, I haven’t used any other machine besides my own laptop (Mac) and my iPhone in a very very long time. I don’t sign up for any offers on the internet, and do not install any crap software. Besides, isn’t the Mac supposed to be very safe?

Anyhow, I got hacked and that’s that. The hacker then started sending emails from my account to everyone I have ever communicated with asking for money. The amazing thing about this story is that all the emails sent are very very impersonal, don’t salute the recipient in any way, and are full of grammatical and spelling errors. Yet, the content matter is so sensational (being robbed at gunpoint in some foreign country), that everyone gets worried about my safety. If I received a similar letter, I wouldn’t sit and analyze this, and would fall for it as well. So far, they have preyed on the emotions of their victims through me as the medium.

During the course of trying to get my account back, I ran into some of the issues and got a sneak peak about exactly how these hackers then try to exploit the system, GMail in particular. I had my Yahoo account set up as the secondary email in case of emergencies, or verification. The hacker was quick to change the secondary account first. Gmail has a system of sending verification to a mobile device. This too got changed quickly to some mobile number in Nigeria. During this time, I tried in vain to gain control by asking Gmail to reset my password and send me the password reset code. Gmail only shows that they sent the reset code to xxxx@yahoo.com, but not the username at the yahoo.com address. So while I was waiting for my password reset code to arrive at my yahoo.com address, the hacker was seeing password reset requests come in to the temporary yahoo address he had set up. I am sure he was laughing at my stupidity and the fact that I sent in multiple requests when the first one failed.

Ok, I was baffled. So I went through the GMail system to report that my account has been compromised. I had to fill in multiple details, including when my account was first started, and the invitation code I used to join (if at all). Obviously, I didnt have any of these, but I made best guesses, and lo and behold, GMail returned my account back to me. I was able to reset my password, and rejoice.

Alas, too soon!

After proclaiming victory, I tried to send a few emails, etc. and it all worked fine. I promptly sent emails to a huge list of people warning them that I had been hacked, and to ignore requests from me for money. There were a few people in the list that I wouldnt have minded getting some money from, but this had to be done.

The hacker, during this time, had very smartly set up a forwarding rule so that he was getting all the emails that I was receiving on my account. This, by itself, is not much. But here comes the most amazing part of how Google engineers missed seeing this as a threat, but these hackers have managed to exploit it. Before I explain what the flaw is, a little diversion into the background.

GMail allows one account to send emails while masquerading as another account. This was designed primarily so that I can have multiple gmail accounts (including Google Apps email accounts like I have a @gmail.com and a @gigzee.com account), and still be able to use one primary account and send emails from it for all the different accounts. Great idea, and I love it. All this takes to set up is a simple verification email. So, say you have a1@gmail.com and b2@gmail.com. If you want b2@gmail.com to be able to send emails and still show up as a1@gmail.com, you can go to your settings, set up another email address and this will send a verification email to a1@gmail.com. After clicking on the verification link and entering the code, b2@gmail.com can now send as a1@gmail.com. If you delete the verification email from the a1 account, there is NOTHING in the settings or account panel of a1@gmail.com that shows that b2 is still sending emails as a1.

This is exactly what the hacker has done. He has set up another gmail account, and is sending emails on behalf of my gmail account. During this time, he is also receiving the auto-forwarded emails of my account. So even though I have changed my password, and declared victory, he can still receive and send emails just as if he were in full control.

So, step 1, I removed the forwarding rule. Ok, now he cannot get any emails sent to me. Yayyy!
What about his ability to send emails? Turns out that there isn’t any additional verification after the initial verification. What’s more, there is no indication anywhere on my account settings that shows me how many other people can send emails as me. This is terrible. So while I have full control with brand new passwords, the hacker can simply keep sending emails to anyone he likes pretending to be me, ruining my reputation in the process.

GMail – I am not sure how you could have missed this in one of your threat model analyses. But please add an option in account settings where I can control who all can send emails pretending to be me. Meanwhile, the hacker has a field day in sending emails from my account, and can do so as and when he pleases. I am writing a letter to GMail as well so that they can fix this, but if you get any email from me asking for money (personal or not), please don’t wire it to somewhere in Europe. Now, if you want to hand over some cash to me in person, feel free to give me a call!

Get Adobe Flash playerPlugin by wpburn.com wordpress themes