This just blew my mind today, I expect it will blow yours too.
I fully expected to be going back home with my keys to let Jeannie in.
I was working at DoubleClick back in 2000 during the dotcom bomb so I got to witness first hand as CPM prices crashed from $50 to $5.
In looking at CPMs today I found something that surprised me: newspaper CPMs are approximately 25 times more expensive than online ads.
That means businesses are paying a premium for static ads that are difficult to track. The only way that makes sense to me is if companies aren’t comfortable with the newer technology.
That might also explain why radio and TV are cheaper than their paper counterparts, it requires more technology and work to create a radio spot or TV commercial than a simple static Ad.
But, I’m a bit surprised by the fact that newspaper CPMs are so much more expensive than Magazines. Maybe it’s due to the fact that smaller papers have a tighter geographic focus and are therefore more attractive to local businesses?
But this 25x differential in pricing really can’t last. I expect that means that CPMs for traditional media are going to fall rather than online CPMs rising a great deal. This will be good for companies that buy advertising, but is only going to further injure traditional media.
Last year I started teaching an entrepreneurship class at NYU Poly; while it has an official name we affectionally call it “Entrepreneurship for Hackers.” My co-teacher and I essentially teach tools similar to Steve Blank or the Lean Startup to engineering students over 13 weeks.
In our class on prototyping we cover a bunch of tools from crude sketches on paper to high fidelity mockups done in CSS. This is how POP, Prototyping on Paper, came to my attention. It is a brilliant way to do mobile mockups using only an iPhone; simply draw the app, take a picture, and then add links to sew your screens together and make a sample workflow.
One of our teams used this and I was really impressed with how simple yet powerful their prototype was. If you’ve got a great idea for an app this is a simple way to show it to your friends with only an hours work.
[T]he inner game. This is the game that takes place in the mind of the player, and it is played against such obstacles as lapses in concentration, nervousness, self-doubt and self-condemnation. In short, it is played to overcome all habits of mind which inhibit excellence in performance.
The book talks about how we each have two selves, conveniently titled Self 1 and Self 2 in the book. Self 1 is our conscious self, the ego; Self 2 is our unconscious mind that does most of the work in sports.
Trust the body to learn and to play, as you would trust another person to do a job, and in a short time it will perform beyond your expectations.
The book devotes a lot of time discussing how Self 1 talks to Self 2. If you’ve played a sport like Tennis or Golf then you’ve probably caught yourself saying things like “Play better.” At least I know that I often say things like “Come on Lucas, get it together.” That is Self 1 berating Self 2. What interests me most about this form of talking to myself is that I’d never speak to another person that way. If one of my teammates in soccer made a bad pass I’d never say that to them, instead I’d offer positive encouragement. So why do I treat myself worse than I’d treat teammates or strangers?
I believe this isn’t just applicable to sports or physical activities, I think this same sort of internal dialogue happens in many pressure situations: giving a speech, pitching an investor, or running a difficult board meeting. Getting down on oneself and thinking: “Well that was a stupid thing to say.” isn’t going to help the situation.
Letting go of the judging process is a basic key to the Inner Game;
Instead, calmly acknowledge to yourself that whatever action didn’t have the desired outcome and then let go of the recrimination. This action will allow your natural coarse correction to take over which should get you back on track. Being calm and composed, either in sports or in the boardroom, gives you mind the ability to perform at it peak which will repair situations that have begun to go off the rails.
Mom: Wasn’t DEFCON the hacker event you went to when you were 15?
Mom: How did we allow that?
Me: You didn’t know because I didn’t tell you.
I went home to VT this past weekend to visit my parents and pick up this insanely cute kitten.
Over dinner my father mentioned that he had heard an NPR story about DEFCON earlier that day. I was a part of the crew that put on DEFCON for 10 years, and I’ve been just an attendee more than a few times.
I had been at Purdue studying CS the summer before my senior year of High School. Ostensibly, it was to see how I liked the program, but I had hacker friends there and I mostly wanted to hang with them and read about the intricacies of the TCP/IP protocol.
I read this cover to cover that summer.
So that explained how they didn’t know that I went to Vegas. But then the question: how had I paid for the plane ticket. It took me a few minutes to remember; I sold t-shirts.
To finance my trip I created a t-shirt with two quotes.
Front: In this age of digital darwinism some of us are ones, you’re a zero.
On the back across the shoulders like a players name on a jersey, it said: 31337
Which is Leetspeak for elite.
It also had a quote from the “famous” hacker Erik BloodAxe: I only hack for money
I borrowed enough money from a friend to print a run, and then sold them at DEFCON. The proceeds were enough to cover my trip, and it was how I met the organizer, Jeff Moss, and became a Goon for the next 10 years.
I hadn’t thought about this in so long I had almost completely forgotten.
So I have a confession to make: I own a pinball machine. And not some little toy either, a full sized, modern, 300 pound piece of awesome. And what makes this really ridiculous is that I live in a studio apartment. So what does this have to do with investing? If you live in a NYC apartment and you buy a pinball machine, then you buy your absolute favorite. You only have room for one, so you don’t settle. I love that Spiderman machine; it is, by far, my favorite game. Since I only have room for one I didn’t worry as much about price, I went for the best. Early stage investing is similar, there are only so many deals an investor can do since their time is a limiting factor. And since the big winners are worth many times the initial investment, price is not as important. If a partner can only do one or two deals a year they have to choose the best, their absolute favorites.
This fact is at the center of a major paradigm shift in computer security. Hackers and security professionals have known forever that a sufficiently motivated attacker will always breach a system, but business leaders and the public thought that walls could keep attackers out.
No one is deluded anymore, Even Symantec has admitted that Anti Virus software doesn’t work. Though that is because they don’t think it will sell anymore and they are pushing a new solution. 😉
A real reason for this shift is that executives are now being held responsible for security; people getting fired and sued are big motivating factors. The CEO of Target was fired after their very public security breach.
We used to naively believe that security was actually possible, and that with firewalls and code reviews we could keep most attackers out.
Back at @Stake, we used to use the onion and the egg metaphor to explain defense in depth. An egg has a hard protective shell, but once it is broken, the inside is soft and gooey, like the network behind a firewall.
An onion has several protective layers. Try dropping both from six feet and the point is obvious.
So we promoted security audits, code reviews, and defense in depth. But all of these solutions assumed that a secure system could be built, that given enough layers a site would be secure.
We are now learning that it is a process for both security and response; moving faster than your attackers, not just building roadblocks in front of them.
So what’s next?
The future involves detection and response. If an attack can’t be prevented, we need to minimize the cost of losses and remediation. We should be able to quarantine and clean bad machines in seconds. “Big data” should tell us which machines have been compromised. Cloud File storage should allow us to actually protect important files since they only reside in one place, as opposed to having a copy on every laptop.
I’m thinking about three legs to the stool:
- Detection: their are multiple ways a system breach can be detected after the fact, this will bring down the time an attacker controls a machine.
- Remediation: the tools of forensics aren’t tuned to the quick quarantine and cleanup of a machine.
- Data Loss Protection: DLP has always sucked, but perhaps now that files are all stored in a single central spot we can make this really work. Perhaps we can prevent our IP from being sent out even if a machine is breached.
The attackers have won; now we may finally get secure systems.
A few days ago I made a very disturbing discovery; After I posted about PayPub, the project to allow people to get paid for leaking information, I wanted to see if anyone had created another Cypherpunk thought experiment, an assassination market:
An assassination market or market for assassinations is a prediction market where any party can place a bet (using anonymous electronic money, and pseudonymous remailers) on the date of death of a given individual, and collect a payoff if they “guess” the date accurately. <via Wikipedia>
Turns out, there is one running on ToR and it has a list of people and payouts.
|Eva Carin Beatrice Ask||Sweden||Alive||1,016.15 mBTC|
|Jyrki Tapani Katainen||Finland||Alive||1,000.00 mBTC|
|François Gérard Georges Nicolas Hollande||France||Alive||1,000.00 mBTC|
|Barack Hussein Obama II||United States||Alive||40,259.82 mBTC|
|Ben Shalom Bernanke||United States||Alive||124,219.73 mBTC|
|Keith Brian Alexander||United States||Alive||10,493.83 mBTC|
|James Robert Clapper, Jr.||United States||Alive||1,973.20 mBTC|
I assumed, like PayHub, it would be a proof of concept, but this purports to be real and it is funded. The way it works is people pledge money in Bitcoin to a pool, and you may “guess” the date of a person’s demise to win the money. According to Forbes it was started in July of 2013 and started with modest amounts for rewards:
For now, the site’s rewards are small but not insignificant. In the four months that Assassination Market has been online, six targets have been submitted by users, and bounties have been collected ranging from ten bitcoins for the murder of NSA director Keith Alexander and 40 bitcoins for the assassination of President Barack Obama to 124.14 bitcoins–the largest current bounty on the site–targeting Ben Bernanke, chairman of the Federal Reserve and public enemy number one for many of Bitcoin’s anti-banking-system users. At Bitcoin’s current rapidly rising exchanges rate, that’s nearly $75,000 for Bernanke’s would-be killer.
At first I thought the ransom on Bernanke today was close to $80M, but that was before I learned that mBTC is a thousandth of a Bitcoin, so it is actually around $80,000. Still, that is money that people have pledged for the death of another human being; even as a political statement I think that’s messed up.
<I actually wrote this several weeks ago, but then life got in the way. I think it is still relevant.>
This is the first in a (hopefully) recurring theme of posts discussing patterns I’m seeing in startup companies.
For the past few months I’ve seen a number of companies that can be described as Github for X. Basically an open storage platform where people can fork off projects. While I’ve seen a bunch of others, some good examples are:
Partly this is probably due to Githubs big fundraise. But another aspect is probably that coders are starting to branch out to other domains and they are trying to bring their tools with them.
Back in the dark ages we used RCS & CVS to track source changes. They were hard to use in teams and didn’t scale well to the Internet. Today we have incredibly powerful tools with integrated sharing platforms.
For those who’ve used these tools with a distributed team you know how powerful they can be. It is only natural that people will want to bring them to other domains.