tcpdump -nr ipv6_traffic.pcap ip6 proto 6

tcpdump -nr ipv6_traffic.pcap ip6 protochain 6
IPv6 and UDP

tcpdump -nr ipv6_traffic.pcap ip6 proto 17

tcpdump -nr ipv6_traffic.pcap ip6 and udp
IPv6, hostIPv6 and host fec0:0:0:bebe::2

tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2
IPv6, host fec0:0:0:bebe::2 and TCP port 22

tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and tcp port 22
IPv6, host fec0:0:0:bebe::2 and everything except TCP port 22

tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and not tcp port 22

tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and protochain 6 and not tcp port 22
IPv6, host fec0:0:0:bebe::2, and all traffic to destination port TCP 22

tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and tcp dst port 22
IPv6, host fec0:0:0:bebe::2, and all traffic from source port TCP 22

tcpdump -nr ipv6_traffic.pcap ip6 host fec0:0:0:bebe::2 and tcp src port 22
If you have tested other libpcap filters not listed here and would like to share them, post them in the comment form or email them via our contact form.
———–
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I saw a new .NET decompiler this week. This a big deal because the two existing ones that I often use are no longer free, have trackback ad functions (which makes me feel like big brother is watching my hacking activities… or my customers rather), and are less updated than I would like. The new [...]

Hacking .NET Resources belongs to Security Aegis

Read more of this story at Slashdot.

If there’s one thing web developers love, it’s knowing better than conventional wisdom, but conventional wisdom is conventional for a reason: that shit works. Something’s been bothering me for a while about this node.js nonsense, but I never took the time to figure it out until I read this butthurt post from Ryan Dahl, Node’s creator. I was going to shrug it off as just another jackass who whines because Unix is hard. But, like a police officer who senses that something isn’t quite right about the family in a minivan he just pulled over and discovers fifty kilos of black horse heroin in the back, I thought that something wasn’t quite right about this guy’s aw-shucks sob story, and that maybe, just maybe, he has no idea what he is doing, and has been writing code unchecked for years.

Since you’re reading about it here, you probably know how my hunch turned out.

Node.js is a tumor on the programming community, in that not only is it completely braindead, but the people who use it go on to infect other people who can’t think for themselves, until eventually, every asshole I run into wants to tell me the gospel of event loops. Have you accepted epoll into your heart?

A Scalability Disaster Waiting to Happen

Let’s start with the most horrifying lie: that node.js is scalable because it “never blocks” (Radiation is good for you! We’ll put it in your toothpaste!). On the Node home page, they say this:

Almost no function in Node directly performs I/O, so the process never blocks. Because nothing blocks, less-than-expert programmers are able to develop fast systems.

This statement is enticing, encouraging, and completely fucking wrong.

Let’s start with a definition, because you Reddit know-it-alls keep your specifics in the pedantry. A function call is said to block when the current thread of execution’s flow waits until that function is finished before continuing. Typically, we think of I/O as “blocking”, for example, if you are calling socket.read(), the program will wait for that call to finish before continuing, as you need to do something with the return value.

Here’s a fun fact: every function call that does CPU work also blocks. This function, which calculates the n’th Fibonacci number, will block the current thread of execution because it’s using the CPU.

function fibonacci(n) {
  if (n < 2)
    return 1;
  else
    return fibonacci(n-2) + fibonacci(n-1);
}

(Yes, I know there’s a closed form solution. Shouldn’t you be in front of a mirror somewhere, figuring out how to introduce yourself to her?.)

Let’s see what happens to a node.js program that has this little gem as its request handler:

http.createServer(function (req, res) {
  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end(fibonacci(40));
}).listen(1337, "127.0.0.1");

On my older laptop, this is the result:

ted@lorenz:~$ time curl http://localhost:1337/
165580141
real	0m5.676s
user	0m0.010s
sys	0m0.000s

5 second response time. Cool. So we all know JavaScript isn’t a terribly fast language, but why is this such an indictment? It’s because Node’s evented model and brain damaged fanboys make you think everything is OK. In really abusive pseudocode, this is how an event loop works:

while(1) {
  ready_file_descriptor = event_library->poll();
  handle_request(ready_file_descriptor);
}

That’s all well and good if you know what you’re doing, but when you apply this to a server problem, you’ve pluralized that shit. If this loop is running in the same thread that handle_request is in, any programmer with a pulse will notice that the request handler can hold up the event loop, no matter how asynchronous your library is.

So, given that, let’s see how my little node server behaves under the most modest load, 10 requests, 5 concurrent:

ted@lorenz:~$ ab -n 10 -c 5 http://localhost:1337/
...
Requests per second:    0.17 [#/sec] (mean)
...

0.17 queries per second. Diesel. Sure, Node allows you to fork child processes, but at that point your threading/event model is so tightly coupled that you’ve got bigger problems than scalability.

Considering Node’s original selling point, I’m God Damned terrified of any “fast systems” that “less-than-expert programmers” bring into this world.

Node Punishes Developers Because it Disobeys the Unix Way

A long time ago, the original neckbeards decided that it was a good idea to chain together small programs that each performed a specific task, and that the universal interface between them should be text.

If you develop on a Unix platform and you abide by this principle, the operating system will reward you with simplicity and prosperity. As an example, when web applications first began, the web application was just a program that printed text to standard output. The web server was responsible for taking incoming requests, executing this program, and returning the result to the requester. We called this CGI, and it was a good way to do business until the micro-optimizers sank their grubby meathooks into it.

Conceptually, this is how any web application architecture that’s not cancer still works today: you have a web server program that’s job is to accept incoming requests, parse them, and figure out the appropriate action to take. That can be either serving a static file, running a CGI script, proxying the connection somewhere else, whatever. The point is that the HTTP server isn’t the same entity doing the application work. Developers who have been around the block call this separation of responsibility, and it exists for a reason: loosely coupled architectures are very easy to maintain.

And yet, Node seems oblivious to this. Node has (and don’t laugh, I am not making this shit up) its own HTTP server, and that’s what you’re supposed use to serve production traffic. Yeah, that example above when I called http.createServer(), that’s the preferred setup.

If you search around for “node.js deployment”, you find a bunch of people putting Nginx in front of Node, and some people use a thing called Fugue, which is another JavaScript HTTP server that forks a bunch of processes to handle incoming requests, as if somebody maybe thought that this “nonblocking” snake oil might have an issue with CPU-bound performance.

If you’re using Node, there’s a 99% probability that you are both the developer and the system administrator, because any system administrator would have talked you out of using Node in the first place. So you, the developer, must face the punishment of setting up this HTTP proxying orgy if you want to put a real web server in front of Node for things like serving statics, query rewriting, rate limiting, load balancing, SSL, or any of the other futuristic things that modern HTTP servers can do. That, and it’s another layer of health checks that your system will need.

Although, let’s be honest with ourselves here, if you’re a Node developer, you are probably serving the application directly from Node, running in a screen session under your account.

It’s Fucking JavaScript

This is probably the worst thing any server-side framework can do: be written in JavaScript.

if (typeof my_var !== "undefined" && my_var !== null) {
  // you idiots put Rasmus Lerdorf to shame
}

What is this I don’t even…

tl;dr

Node.js is an unpleasant software library and I will not use it.

Just because it hasn’t happened yet, doesn’t mean it can’t; at least that’s what a Scottish research group is hoping as it attempts to create reproductive synthetic cells made completely from metal. At this stage, the idea of sentient metallic life remains a distant sci-fi dream, but researchers at the University of Glasgow have already birthed iChells — inorganic chemical cells. These bubbles, formed from the likes of tungsten, oxygen and phosphorus, can already self-assemble, possess an internal structure, and are capable of the molecular in-and-outs expected of its biological counterparts. Researchers are still tackling how to give these little wonders the ability to self-replicate, and possibly evolve — further cementing our doom post-Robot Apocalypse. Check out our future synthetic overlord’s first steps in a video after the break.

Continue reading Scientists attempt to give spark of life to all-synthetic metal cells

Scientists attempt to give spark of life to all-synthetic metal cells originally appeared on Engadget on Mon, 19 Sep 2011 07:59:00 EDT. Please see our terms for use of feeds.

Permalink DVICE, New Scientist  |  University of Glasgow  | Email this | Comments

(Editor’s note: Jon Olafsson is chairman and co-founder of Icelandic Water Holdings. He submitted this story to VentureBeat.)

With fear running amok on Wall Street and the future economic picture so uncertain, it can be hard to raise venture capital these days. Over the last 12 months, though, we’ve managed to secure $23 million from both institutions and friends and family.

Part of the trick, we found, was having a well-researched and clearly articulated business proposition that clearly demonstrated a very substantial upside for investors.  We cast our net wide, using our own personal networks as well as those of professional fundraisers.  And while we were prepared to be flexible on terms, we refused to entertain low-ball offers.

Ultimately, though, our fundraising success came down to a few factors. Here are our secrets:

Keep it simple – The market for bottled water is well established. We had the advantage of an existing product, but that was hardly a guarantee.

We condensed the investment proposition to four essential “pillars” – the market, the source, the product and the distribution – and demonstrated how we had competitive advantages in each area.

Go with what works – A core strength of our product is the spring we draw from, located in Ölfus. Investors , we quickly learned, liked the idea of owning a part of this highly valued resource.

Emphasize the positive – Communicating success signals the potential value in your company. We were fortunate to boast a strong sales performance during the fundraising period – something we regularly communicated to potential investors. Along the way, we also highlighted our growing U.S. sales and international distribution.

Eliminate the negatives – It’s easy for VCs to say no. And it’s incumbent upon you, as the business owner, to remove the reasons for them to give that answer.

During the process, we addressed three concerns that, admittedly, were specific to our industry, but showcase what any prospective fund seeker should think of in advance:

• No track record – We ensured we had a company history, proving to investors that the product had legs.
• No distribution – We obtained distribution in US, Canada and China, showing we weren’t a product that would be landlocked in Iceland.
• No control of source – We bought the land that houses our spring, giving us the rights to the source in perpetuity.

Follow-up on all leads – We used all of our personal networks as well as those of two international investment banks to look for potential investors.  We were prepared to incentivise people to find investors, offering placing commissions of up to 4 percent.  We followed up assiduously on all leads giving further information, access to the data room, samples of the product and offering site visits to Iceland.  A successful first meeting was always a result of a personal engagement with the project on the part of the potential investor.

In the end, roughly half of the funding has come from investors who are my personal friends, with the rest coming from South African institutional investor Bidvest.

Believe in the business – There are always dark days in a business and fundraising can be especially frustrating in the current environment. We continually reminded one another about the quality of the product and the latent demand for it in international markets.

Some potential investors offered us terms that were much poorer than the ones we finally achieved.  It was our confidence in our business that gave us the strength to say no. Our existing shareholders helped support the business and the pricing by continuing to invest in the business during the process.

About the author: Icelandic Water Holdings, ehf, Chairman & Founder, Jon Olafsson has spent the last 30 years building successful companies from the ground up and transforming them into industry leaders. Best known as the chair of Northern Lights Communications — Iceland’s premier integrated media, communications and entertainment company — Olafsson has served as a critical player on the executive boards of more than 15 companies across multiple sectors including investment banking, entertainment, media, construction and land development.

Filed under: Entrepreneur Corner

We already knew Samsung loved the guys at CyanogenMod, but we didn’t think they’d start absorbing parts of its development team. According to Steve Kondik’s Facebook page, the Android facade’s head sculptor is setting up shop at Samsung Mobile. Sammy’s new software engineer told his fans that although his ‘side project,’ CyanogenMod, is not affiliated with his employer in any way, he will be “working on making Android more awesome.” Makes sense, we heard Samsung’s phones were looking for a fresh coat of awesome.

[Thanks to everyone who sent this in]

CyanogenMod founder joins Samsung Mobile, promises to make Android ‘more awesome’ originally appeared on Engadget on Tue, 16 Aug 2011 00:38:00 EDT. Please see our terms for use of feeds.

Permalink Gadget University  |  Steve Kondik (Facebook)  | Email this | Comments

Read more of this story at Slashdot.

boxoh.com – Track any shipment

whichdateworks.com – Find a date that works for everyone

everytimezone.com – A clear graphic of world time zones

followupthen.com – Quick way to set up a reminder email to yourself

www.dafont.com – Thousands of free fonts for PC and Mac

www.anonymouse.org – Surf the web without revealing your identity

encrypted.google.com – Keeps your search queries private from nosey bosses

www.hipmunk.com – Best interface for finding a flight to book

seatguru.com – Best way to find the right seat on a flight

flightstats.com – Track flights

Do you know of other sites that meet the criteria of being a useful, single-purpose, free, business utility that most people would find useful but probably don't know exist? I'll update the list from your input. (No entertainment sites, please.)

Editor’s note:This guest post is part of an in-depth series looking at the daily deal industry written by Rocky Agrawal, an entrepreneur who has worked on local products since 1995.  Read Part I, Part II, and Part III also.  He blogs at reDesign and Tweets @rakeshlobster.

Imagine you’re a small business owner. You have to choose between two propositions:

1. You can pay $62,500 for marketing. You’ll get a whole lot of customers coming through your door. No guarantees if they will ever come back, but they’ll come once.
2. I’ll pay you $21,000. You get $7,000 in about 5 days, another $7,000 in 30 days and the remainder in 60 days. In exchange, you’ll give my customers cheap products for the next year.

I’ve been working on local for a long time and I know it’s hard to get small businesses to spend money on advertising. Really hard. Even getting $200 a month ($2,400 a year) is a high hurdle to meet.

There’s no way a business will sign up for #1. Most merchants would laugh you out of the store if you asked for $60,000.

Seth Sternberg is the CEO and Co-founder of Meebo. He previously worked in M&A at IBM.

I love talking to aspiring entrepreneurs—I do it once a week at minimum.

I often get asked “what’s the role of a startup CEO?” Sometimes people are curious about the pre-launch “CEO” and ask if a startup really needs one. If that CEO isn’t an engineer, what do they do anyhow? Other times people wonder what I do today as CEO of a 180 person company. In this post I’ll cover the pre-launch role, and in a follow-up, I’ll get into the role post-launch.

So what does the CEO, who at the beginning is really the general business person, do at a pre-launch startup?

Let’s go back to the beginning of Meebo, circa April, 2005.

Co-founders Sandy Jen, Elaine Wherry and I met every Wednesday night and all day every Sunday in an effort to get Meebo off the ground. We’d never meet in my apartment—it was always either at Sandy’s or Elaine’s. Why? Because they had the better computers and the faster internet connections. Frankly, that’s pretty emblematic of one’s role as the “business person” pre-launch. I’ve touched upon this topic before in a Founder Stories interview with Chris Dixon (embedded below), but it is worth elaborating on.

For most consumer internet products, there’s not a whole lot the business person can really do pre-launch. All of the company’s value will come when the team builds and launches a product, so that should be the primary focus. There aren’t any partnerships to be struck yet, as the product has yet to build any credibility in the market. There aren’t any folks to interview, as you can’t afford to hire a full team, and you’re wasting your time looking for pre-launch financing—a controversial statement these days, I know, but that’s a topic for another post. So what can you do if the most important thing is simply to minimize all distractions in the pursuit of getting the product launched?

Buy sandwiches.

Well, really, the business person’s job, until the last 2-3 weeks before launch, is to be supportive.

When we got together on Sundays, I really couldn’t contribute very much real work. I could make the sandwich runs to the Andronico’s down the street (I still have the “buy 10, get the 11th free card” in my wallet). I could also take care of the mundane tasks like buying the domain name and paying the server bills. Heck, I could even suggest “that button might look better over there.” But that was about it. I was the support.

I began to wonder, “Should I even be here?” Frankly, it didn’t feel very good to sit there and watch Elaine and Sandy working away while I did comparatively little. I could just as well have been playing Frisbee.

When I wondered that aloud, the feedback from Elaine and Sandy was pretty clear: if you’re going to be part of this team, then we want you here.

We were all equals with our own skills that we each brought to the table. My presence, at some level, was moral support. At another level, it contributed to the team bonding that you need pre-launch. Post-launch, things will tend to get crazy, fast, so pre-built trust is critical. At the end of the day, it’s the team that really makes the startup. Strong teams—as Sandy is quick to point out—survive multiple ideas.

Let’s fast-forward to the 2-3 weeks pre-launch, however, where the business person begins to get a job.

First, go and line up the right law firm to get incorporated.

The standard deal, at least at the time, was $20K in legal fees deferred until you raise your series A. I don’t think much has changed. Make sure you get advice on which firm and partner to work with—the way your company gets incorporated can save you a lot of pain down the road. (Watch a relevant chat between Chris Dixon and Erick Schonfeld here). Do not work with a firm inexperienced in setting up startups. Rather, work with Fenwick, Wilson Sonsini, OMM, Gundersen, Orrick, and the like. And even in those firms, ensure you’re working with the folks who have startup creation experience—all partners are not created equal.

Second, figure out your launch strategy.

Do you want to line up a bunch of friends to test your product before launch? Do it. Then corral all of their feedback and help prioritize it for your co-founders. Do you need to find a couple of folks who can introduce you to a blogger or two to write about your launch? Find them and go pre-brief those bloggers. Make sure you also line up your friends to give you some social media mojo—get them to Facebook and Tweet your launch.

Third, find a good mentor or two.

It’s important to find someone who is passionate about what you’re up to and who genuinely wants to work with you and your team to help you create an awesome product. Someone who is perhaps 2-4 years ahead of the process from where you sit, who has seen good and bad, and who can guide you toward good choices and help you avoid potentially painful early mistakes. Ironic, but when you have the least experience is also when you make a bunch of choices on how you set up your company—choices which will potentially burn you or save you years down the road.

In a future post, I’ll get into the business person’s role post-launch. But before we end, one more thing: do you even need a business person pre-launch since they do seemingly so little?

The answer is yes, for three basic reasons.

First, post-launch, the business person’s job becomes very important. You want them there for their actual work product (beyond their amazing ability to remember your sandwich order) post-launch. You don’t want to go through the pain of finding this person post-launch when things get nutty. Rather, you want them lined up and ready to go from the start.

Second, just like it’s unbelievably hard to find great engineers, it’s also unbelievably hard to find great business people. Just like a bad engineering co-founder can help ruin a company and a good one can help make a company, the same goes for business folks. Once you find a great engineering co-founder, hold onto them as tight as you can. And once you find a great business co-founder, do the same.

Third, team bonding is really important. The more time you have to do this, the better. I’ve argued that there’s nothing more important in getting a company off the ground than finding and putting together the ultimate founding team. This bonding is super critical in the early days because you will likely spend years together. It’s hard to explain ust how important it is that you understand and trust each other, implicitly. The sooner you get together as a unit, the better off you all will be.

Photo credit: Flickr/FotoosVanRobin

Summer is here, and even dire workaholics should take a few hours to relax. Read one of the following books and you’ll become a better entrepreneur while you’re at it.

We asked small business leaders and VCs to name books that anyone starting a business or even thinking about it should read.

Over the past two years, these were some of the best recommendations we heard.

Click here to see the reading list >

What books have influenced your career? Add them in the comments below.

“The Fountainhead” by Ayn Rand

Charlie O’Donnell: “I don’t know any book that sums up the entrepreneurial passion and spirit better than The Fountainhead by Ayn Rand:  'The question isn't who is going to let me; it's who is going to stop me.'"

Charlie is a principal at First Round Capital.

“Out of the Crisis” by W. Edwards Deming

Roger Ehrenberg: “Big or small, this book focuses the entrepreneur/manager on respecting employees, focusing on process, and insisting on the collection and analysis of data. The development of metrics to manage the business is critical for the start-up founder.”

Roger is Managing Partner of IA Capital Partners, LLC.

“Extreme Programming Explained” by Kent Beck

Babak Nivi: “Revelatory. Develop your product like this book tells you to, unless you know better (e.g. you have experience building operating systems, space shuttles, Googles.) Buy the first edition.”

Nivi is a founder of Venture Hacks.

See the rest of the story at Business Insider

For the latest career news, visit War Room. Follow us on Twitter and Facebook.

See Also:

• 13 First-To-Market Products That Failed
• 9 PR Fiascos That Were Handled Brilliantly By Management
• The Shocking Drink And Incredible Coke History Of Subliminal Advertising

The many worlds interpretation of quantum mechanics is the idea that all possible alternate histories of the universe actually exist. At every point in time, the universe splits into a multitude of existences in which every possible outcome of each quantum process actually happens.

Still, what this new approach does have is a satisfying simplicity– it’s neat and elegant that the many worlds and the multiverse are equivalent. William of Ockham would certainly be pleased and no doubt, many modern physicists will be too.

We discuss three software attacks that might allow for escaping from a VT-d-protected driver domain in a virtualization system. We then focus on one of those attacks, and demonstrate practical and reliable code execution exploit against a Xen system. Finally, we discuss how new hardware from Intel offers a potential for protection against our attacks in the form of Interrupt Remapping (for client systems available only on the very latest Sandy Bridge processors). But we also discuss how this protection could be circumvented on a Xen system under certain circumstances…

I think the attack is likely the most complex and surprising out of all the things we have presented so far. Parts of it are even funny (if you share our weird sense of humor), such as the use of ICMP ping to generate MSIs. The paper also covers the vendors’ response. You can download the paper here.

Ben Pieratt is the founder and CEO of Svpply, a social shopping startup in New York City, and he wrote the best blog post we think we’ve ever read from a startup CEO.

The title gives the tone of the post: “I have no idea what I’m doing.”

Pieratt writes about the fact that he’s a graphic designer by training, and that all of the business-y aspects of running a startup, recruiting, etc. are hard and scary. That things don’t happen how or as fast as they should. That even when it’s not his fault that things go wrong, it’s still his fault because the buck stops with him.

The world of startup entrepreneurship can be pretty macho, with plenty of onanistic self-congratulation about how awesome it is to be an entrepreneur. Your writer has started several companies, and the fact of the matter is that it’s lonely, terrifying and not glamorous at all. Most of the time, you really have no idea what you’re doing. Being public and upfront about it shows amazing humility and strength of character, two qualities that almost always go together.

Congratulations, Ben Pieratt.

Here’s how it starts:

I am the CEO of Svpply, Inc., a social shopping S-Corp operating out of New York City. My company has been the recipient of over half-a-million in investor dollars, for the stated purpose of building an unknown, 3,000-member web service into a cultural phenomenon, and I truly have very little understanding of what I am doing.

Click here to read the whole thing →

For the latest tech news, visit SAI: Silicon Alley Insider. Follow us on Twitter and Facebook.

Join the conversation about this story »

See Also:

• Bathroom Poetry, 50 Birds And Branded Eggs: Inside The Offices Of Cloud-Photoshop Startup Aviary
• VIDEO: Networking By Any Means Necessary (With Lindsay Campbell)
• How Business Insider Got Me Invited To The White House

Abstract

In this talk Massimialiano Oldani and Bas Alberts exploit the Android Attack Surface. This talk will demonstrate the various ways Android devices may be compromised both remotely and locally. Furthermore, it will explore many of the interesting things a remote attacker can do once they have established access to your Android device.

————————————————————

This presentation was presented @ Immunity Inc.’s Infilrate 2011 conference by two senior researchers for Immunity, Inc.

Google hasn’t given up on its sci-fi ambitions to make self-driving cars a reality. The company is now lobbying Nevada to be the first state to legally allow self-driving cars on public roads, the New York Times reports.

We’re still far from seeing the self-driving cars widely deployed across the country, but landing Nevada’s approval could get the cars up and running in Las Vegas within a few years. Eventually, the cars could perform automated deliveries and serve as self-driving taxis in Vegas, policy analysts say.

The news comes about eight months after Google first announced the technology, which at the time seemed to have come straight out of an Isaac Asimov novel. And in addition to announcing it had developed self-driving cars that actually worked, Google also dropped a bombshell saying the cars had covered 140,000 miles of driving in California with occasional human control. Seven cars drove over 1,000 miles without any human intervention at all.

Google hired Las Vegas-based lobbyist David Goldwater to promote two bills that would legalize self-driving cars. One bill is an amendment to a current electric-vehicle bill that would allow licensing and testing of autonomous vehicles, while the other would allow texting while riding behind the driver’s seat of a self-driving car.

Thus far, Google has been testing the cars with a person in the driver seat (to take over in case the system fails) and passenger seat (to monitor the system). If the legislation is passed and Google’s technology reaches a point where it can be reliably deployed, the cars would be able to drive completely on their own.

Sebastian Thrun, the director of the Stanford Artificial Intelligence Laboratory and co-inventor of Google’s Street View service, previously said that the company’s goal is to prevent traffic accidents, give people more free time, and reduce carbon emissions by changing the way people use their cars.

Tags: artificial intelligence, cars, robots, self-driving cars

Companies: Google

People: Sebastian Thrun

Recently I met a great entrepreneur working in a hot space. Like many entrepreneurs he’s bootstrapping his company by running a services business on the side. Today, I passed on that opportunity. Why?

- Does not yet have a clear vision and direction

- Not working on it full time

These points are completely related BTW. If his team was full time on this they might be much closer to having clarity around the problem, value proposition and ultimate vision. But they’re not there yet. And while investors can contribute to that vision and I certainly have some ideas, the vision has to come from the company.

Speed is so important to building value. Repeat founder Mike Cassidy who has built and very successfully sold multiple companies says speed is the ultimate strategy. Everything else being equal if I’m looking at two companies going after the same space at the same stage, I’ll back the one that’s moving fastest. Hard to do that when you’re part time.

I am very sympathetic to the need to put food on the table. I get it. But, if you’re going after a big opportunity, one that needs outside investment capital and is capable of delivering the returns that capital needs, then you can’t be half in / half out. You just can’t. If the opportunity is a good one then it’s guaranteed that other teams are working on it full time. And as an investor if I really want to be in that space, I’ll go and find those other companies.

The worst is people who come and pitch and idea they will start after they quit their jobs (after they get funded). Those conversations are very short.

If you want to raise outside $ and even if you don’t but you want to build a leader in your market you need to be all in. Technology and markets move too fast. The barriers to launching companies are almost non-existent. Speed really is the ultimate strategy. So, if you’re going to launch a company find a way to do it full time.

UPDATE: If you are in Syria and your browser shows you this certificate warning on Facebook, it is not safe to login to Facebook. You may wish to use Tor to connect to Facebook, or use proxies outside of Syria.

Yesterday we learned of reports that the Syrian Telecom Ministry had launched a man-in-the-middle attack against the HTTPS version of the Facebook site. The attack is ongoing and has been seen by users of multiple Syrian ISPs. We cannot confirm the identity of the perpetrators.

The attack is not extremely sophisticated: the certificate is invalid in user’s browsers, and raises a security warning. Unfortunately, because users see these warnings for many operational reasons that are not actual man-in-the-middle attacks, they have often learned to click through them reflexively. In this instance, doing so would allow the attackers access to and control of their Facebook account. The security warning is users’ only line of defense.

EFF is very interested in collecting TLS/SSL certificates. Our SSL Observatory project has collected millions of them by scanning the public Internet. Thanks to the assistance of a Syrian citizen named Mohammad, we can also provide a copy of the fake Syrian Facebook certificate. Interested readers can find a copy in human readable and PEM encoded form.1

This is very much an amateur attempt at attacking Facebook’s HTTPS site. The certificate was not signed by a Certificate Authority that was trusted by users’ web browsers. Unfortunately, Certificate Authorities are under the direct or indirect control of numerous governments, and many governments therefore have the capability to perform versions of this attack that do not raise any errors or warnings.

1. 1. Mohammad’s machine resolved the s.static.ak.facebook.com domain to 195.59.150.24, and the www.facebook.com domain to 66.220.153.11. These addresses appear legitimate to us, so the attack was probably implemented with routers or proxies rather than DNS tampering.

Having raised a number of VC rounds personally and observed many more as an investor or friend, I’ve come to think there are a set of dominant best practices that entrepreneurs should follow.

1. Valuation: Come up with what minimum valuation you’d be happy with but never share that number with any investor.  If the number is too low, you’ve set a low ceiling. If your number is too high, you scare people off. Just like on eBay, you only get to your desired price by starting lower and getting a competitive process going. When people ask about price, simply tell them your last round post-money valuation and talk about the progress you’ve made since then.

2. Never tell VCs the names of other VCs that are interested. Reasons: 1) if you are overplaying your hand that could send a negative signal.  Most VCs know each other and talk all the time. 2) it is possible they’ll get together and offer a two-handed deal in which case you have less competition.

3. I think the optimal number of VCs to talk to seriously is about 5.  That is usually enough to get a sense of market but not so much that you get overwhelmed.  You should pick these VCs carefully – this is where trusted, experienced advisors are critical.

4. If there is a VC you really like, have a “buy it now price” and if they hit that valuation (and other terms are clean) do the deal.  Otherwise, say you’d like to “run a process” and include them in it.

5. Try to set timelines that are definite enough that investors feel some pressure to move but not so definite that you look dumb if you don’t have a term sheet by then.  (Investors have an incentive to wait – “to flip another card over” as they say – whereas entrepreneurs want to get the financing over with asap). Depending on where you are in the process, say things like “we’d like to wrap this up in the next few weeks.”

6. Once you start pitching, the clock starts ticking on your deal looking “tired.”  I’d say from your first VC meeting you have about a month before this risk kicks in.  You could have a great company but if investors get a sense that other investors have passed, they assume something is wrong with your company and/or they can wait around and invest later at their leisure.

7. The earlier stage your company is the more you should weight quality of investors vs valuation. For a Series A, you are truly partnering with the VCs.  You should consider taking a lower valuation from a top tier firm over a non top tier firm (but probably any discount over 20% is too much). If you are doing a post-profitable “momentum round” I’d just optimize for valuation and deal terms.

8. Term sheets:  talk about terms in detail over the phone.  Only accept a term sheet once you have decided that if it matches what was described you are prepared to sign it.  After sending a term sheet VCs get worried you’ll shop it and usually want it signed in 24 hours.

9. Get to know the VCs. Talk to their other portfolio companies, read their blogs, call references, etc.  You will be in business with this person for (hopefully) a long time.

10. Timing. While it’s ideal to raise money once you hit the milestones you set out initially, you also need to be opportunistic.  Right now, for example, seems to be a really good time to raise a VC round.  You could make a ton of progress over the next 6 months but the market could tank and end up in a worse place than you would be today.

Read more posts on cdixon.org »

For the latest tech news, visit SAI: Silicon Alley Insider. Follow us on Twitter and Facebook.

Join the conversation about this story »

A new report issued today by venture capital company Clearstone Venture Partners on how well the venture capital community is doing says that VCs who put their money into technology startups now will get the best return on their money since the boomtimes of the dotcom era last decade.

Titled “The State of Venture Capital in America,” the report says that because conditions have improved considerably due to a shakeout in the number of VC players involved in the tech sector, there’s been a reduction in capital allocated, making the money VCs do invest count even more.

It concluded that the top three reasons for superior performance returning to the venture capital asset class are: a scarcity of capital leading to better returns to those who are investing; far higher valuations being awarded to successful companies at their IPOs; and the rising importance of businesses going global sooner in their life cycle.

The significant decline in VC funding raised since the dot-com bubble burst — only $12 billion in 2010, versus more than $80 billion in 2000, and $37 billion in 2007 — has combined with a high uptick in money pouring into clean technology deals, which made up 17 percent of venture investments in 2010, to create ideal conditions for investing.

These factors and a sluggish IPO market could lead to a second “Golden Age” of tech investing on the part of venture capitalists, said the report.

“While the asset class has been largely abandoned by institutional investors, this disinterest will paradoxically lead to superior returns in the future,” William Quigley, managing partner at the Menlo Park, Calif.-based outfit and author of the report told VentureBeat.

That makes it a prime environment for investors looking to find bargains at the seed stage level and large payouts when popular companies such as Zynga, Facebook and Twitter do go public.

“Investors in the hot start-up companies of today, Facebook, Groupon, Zynga [etc.] will do fantastically well,” said Quigley who has seen a number of his early-stage investments go public, including MP3.com, Tickets.com, Emusic and PeopleSupport.

However, he warned that because most of the new Silicon Valley companies already have an existing product and gone global, public shareholders in these company will be taking on substantially more risk this time than they did versus their investments in the leaders from the last tech cycle.

“The iconic companies of the dot com and telecom bubble, such as Amazon.com, eBay and Juniper Networks were priced at very attractive valuations when they were offered to public shareholders  Amazon went public at less than 1 times forward 12 month revenues,” he said.  “I don’t see the same fantastic opportunity for IPO investors this time around.”

“The newest crop of high-profile IPOs will be fully priced, with all of the risk that implies for public investors,” he added.

The report also said that taking a data-driven prospective, conditions today in the private and public capital markets bode well for superior performance and a to return to the venture capital asset class this decade.

“Specifically, the rewards accruing to private investors in the leading tech companies of today far exceed what private investors used to earn from their investment in the best companies of previous tech cycles,” it said.

Companies: Amazon.com, Clearstone Venture Partners, eBay, Emusic, Facebook, Groupon, Juniper Networks, MP3.com, PeopleSupport, Tickets.com, Twitter, Zynga

People: William Quigley

Lets review different viewpoints driving why healthcare organizations implement a HIPAA Security Risk Analysis. The purpose of exploring these different perspectives is to show that the primary objectives for doing a HIPAA Security Risk Analysis can be categorically defined as either security or compliance – and that both of these objectives can be achieved if a practical approach to the analysis is utilized. Here I use the term security as the goal of safeguarding electronic protected health information (ePHI) and compliance to mean the requirement that healthcare organizations operate consistently with guiding regulatory mandates – HIPAA & HITECH Act.

While many think of security and compliance as the same thing, they are in fact unique, and not identical objectives. For example, it’s very common for organizations to consider themselves compliant with the HIPAA Security Rule, yet to be in a state of high risk of an ePHI data breach. Conversely its also possible for a health IT environment to be quite secure without being compliant. Ultimately healthcare organizations have both security and compliance risk and need to achieve both.

The following examples summarize different viewpoints. In reality most organizations undertaking a HIPAA Security Risk Analysis want to achieve both security and compliance, but there is usually an over-riding primary factor driving the effort. These viewpoints are meant to highlight those dominant factors as they tend to influence the assessment and the eventual value that is derived from the effort.

The compliance view of HIPAA Security Risk Analysis: When the objective is to become “compliant” the assessment tends to come in one of two flavors:

1. Check the box that says “we did a HIPAA Security Risk Analysis” or
2. To ensure that all of your IT controls around safeguarding ePHI are “compliant”

In either case, the risk of focusing on compliance is that it becomes a rote effort focused on just getting it done rather than getting to the essence or the intent of the regulation, which is safeguarding protected health information.

The meaningful use view HIPAA Security Risk Analysis: This view, of course, is driven primarily by meeting the HITECH Act’s meaningful use core objectives, so this is somewhat of a corollary to the previous example.  In this case the objective defined by the HITECH Act to meet meaningful use is to protect ePHI created or maintained by the EMR system. CMS defines this core objective as follows:

Objective: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.

Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.

By focusing on the intent and spirit of the regulations and leveraging a thoughtful, risk-based, and non-checkbox approach to a HIPAA Security Risk Analysis, it is possible for your healthcare organization to achieve both security and compliance.

entrepreneur

• Business IT Section – Ars Technica
• A VC
• StartupCFO : Mark MacLeod
• SAI: Silicon Alley Insider
• VentureBeat
• CVCA – Capital Rants
• Leading Geeks
• Tech Beat – BusinessWeek
• Business Pundit
• Forbes.com: Technology News
• StartupNorth
• VC Ratings

Preview this bundle

data caps are actually a very poor
way to manage demand and limit Internet congestion. All of the costs of
supplying residential broadband are for supporting the peak loads,
typically Sunday  nights for residential customers. 
Bandwidth consumed
off-peak is completely free; it literally has no marginal costs. If
ISPs really wanted to limit their costs and congestion, they would
limit speeds at peak times.  But if their goal is instead to
increase
revenue, then making consumers pay $1 or more per gigabyte is an
excellent strategy.

When we state the marginal costs of
residential wired gigabyte are below one penny, but are not zero, that
is because we are making the appropriate costing assumption that some
of an average gigabyte is transferred at costly peak times. 

Canadian consumers have been
outspoken against the excessive charges they face, and hopefully
Canadian ISPs will listen to them by raising the caps or abandoning
them altogether.

(Editor’s note: Doug Collom is vice dean and an adjunct lecturer on venture capital and entrepreneurship for Wharton | San Francisco. He submitted this story to VentureBeat.)

There really isn’t a one-size-fits-all formula that can be followed for optimizing the chances of attracting professional investment.  Each company is different and faces challenges and issues that can be overcome only through creativity, perseverance and resolve.

There are, however, some elements that are so basic they cannot be ignored.  Most institutional venture investors either expressly or intuitively address these requirements whenever they evaluate a business plan for a potential investment. Here are four to be especially aware of.

Is it a company or is it a product? – With the dramatic level of innovation that’s taking place through startups in the social media/Web 2.0/online business arena, this question is increasingly important.  Implicitly, investors want to know the product development – something that can go in a variety of directions.  For example, can the product be developed to include additional features and functionality that will effectively redefine the offering in the eyes of the customer?  Can the product be adapted to address the needs of more than a single vertical market?  Is the product so compelling that the emphasis in the business plan shifts to the customer acquisition strategy?

The mobile application market is a good example of a product category that, in general, doesn’t offer a sufficient foundation to support a company.  Individual app developers typically don’t require much capital or labor to be successful, and they don’t require professional investors.  In contrast, there are online gaming companies—Zynga, Playdom, Social Gaming Network and others—whose product roadmaps concentrate entirely on the rapid development and production of new “hits”.  Businesses like this require all the resources and disciplines of a full-fledged company to support their growth objectives.

How big does the market have to be to attract investment? – After the dot-com bust, the anecdotal answer to this question was $1 billion -  or at least an annual growth rate that would get you close to $1 billion quickly.

In 2011, there is far more latitude, depending on the business plan of the company.  With the advent of open source software, online development tools, cloud computing, and the ability to reach massive customer markets instantly through the Internet, startup companies have become much more efficient in product development and customer acquisition, and can more rapidly get to proof of concept and positive cash flow than ever before.

As a result, companies with online business models, for example, may not require nearly as much capital as they once did. Moreover, angel groups aren’t swinging for the fences the way the mainstream institutional VC firms do.  Instead, (to continue the metaphor) they’re frequently only looking to hit singles and doubles, and may be quite content to realize exits in the range of $10-$100 million.

Is prior management-level experience required? – Obviously, it doesn’t hurt.  In particularly tough times, prior executive experience in managing a VC-backed startup may be a non-waivable requisite.  Management experience of any kind is always a positive factor, since it directly relates to the credibility of the management team in the eyes of the investor.

Obviously, there are many amazing startup companies that have been built by founders with no previous experience, and lacking this experience should not deter an entrepreneur who believes he or she can build a great company.  There are effective ways to work around the experience issue if it is an impediment to getting an invitation to present before a VC firm.  Teaming up with a co-founder who does bring the necessary experience, finding a mentor who carries personal credibility, or organizing a board of advisors with relevant experience and expertise are all ways of addressing the issue.

Do you need to have customers or even first revenue? – There is a lot of dialogue around the need to “bootstrap” early stage companies to the point where a product has been developed and commercially released.  This is particularly true of social media, gaming and other online business companies.  In seeking to access professional capital, it comes down to supply and demand.  Professional investors will look to tangible indicators of success and validation of the business model in evaluating a company’s prospects.

These might include website traffic, conversion rates, your ability to launch a beta and more.  Without anything but an idea to show, very few companies get funded to any meaningful degree.

For more traditional “brick and mortar” companies, the ability to get to “proof of concept” through bootstrapping methods is much more difficult.  It is also likely that the amount of all-in professional capital necessary to support a company in this category to an acceptable exit—including the amount of so-called “seed stage” funding—is substantially higher than for a social media or gaming company, for example.  As a result, there may be a lower expectation that founders will be able to bootstrap to get to professional funding, but the emphasis will be commensurately higher on the other investment basics, including size of the market, likely market impact of the technology, barriers to entry, credibility of the management team and the like.  As a result, the bar to funding for companies in this category is fundamentally as high.

Tags: angel investors, Venture Capital

Sony’s PlayStation Network has been down for the last six days after being attacked by hackers, and Sony has just posted one of the scariest status messages we’ve ever seen.

The relevant excerpt:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.

Worst case scenario: if you use the same password and email address to register for other services like online banking, the attacker will have very little problem getting into those accounts, too.

Sony has shut down the network and engaged an outside security firm to try and figure out what happened. Sony is rebuilding the network and says it will have some services back up in a week.

The PlayStation Network has 70 million members.

For the latest tech news, visit SAI: Silicon Alley Insider. Follow us on Twitter and Facebook.

Join the conversation about this story »

See Also:

• Microsoft Lifts From Android For Windows 8 Log-On
• Maybe Steve Jobs' "Post-PC Era" Is Bunk And Tablets Really ARE A Fad
• Who Said That? 10 Unbelievable Quotes From Microsoft Execs

If you Google “how to be an Entrepreneur” you get a lot of mindless clichés like “follow your passion” or “think big.” That’s not what you are going to get here.

Again, for me, being an “entrepreneur” doesn’t mean starting the next “Faceook.” Or even starting any business at all. It means finding the challenges you have in your life, and determining creative ways to overcome those challenges. However, in this post I focus mostly on the issues that come up when you first start your company. These rules also apply if you are taking an entrepreneurial stance within a much larger company (which all employees should do).

For me, I’ve started several businesses. As I’ve described in the rest of this blog, some have succeeded, many have failed. I’m invested in about 13 private companies. I’ve advised probably another 50 private companies. Along the way I’ve compiled a list of rules that have helped me deal with every aspect of being an entrepreneur in business and some in life.

[Btw, Claudia thinks I shouldn’t put this post up. This is going to be a chapter in a book I am self-publishing in a week or so: “How to be the Luckiest Man Alive”. But I’m trying to price the book for free on Kindle so why not? Plus, once I write something, I can’t help myself. I have to put it up.]

Here’s the real rules:

A)        It’s not fun. I’m not going to explain why it’s not fun. These are rules. Not theories. I don’t need to prove them. But there’s a strong chance you can hate yourself throughout the process of being an entrepreneur. Keep sharp objects and pills away during your worst moments. And you will have them. If you are an entrepreneur and agree with me, please note this in the comments below.

B)        Try not to hire people. You’ll have to hire people to expand your business. But it’s a good discipline to really question if you need each and every hire.

C)        Get a customer. This seems obvious. But it’s not. Get a customer before you start your business, if you can. (see, “the Easiest Way to Succeed as an Entrepreneur”)

CA)  Follow me on Twitter.

D)        If you are offering a service, call it a product. Oracle did it. They claimed they had a database. But if you “bought” their database they would send in a team of consultants to help you “install” the database to fit your needs. In other words, for the first several years of their existence, they claimed to have a product but they really were a consulting company. Don’t forget this story. Products are valued higher than services.

E)        It’s OK to fail. Start over. Hopefully before you run out of money. Hopefully before you take in investor money. Or, don’t worry about it. Come up with new ideas. Start over.

F)         Be profitable. Try to be profitable immediately. This seems obvious but it isn’t. Try not to raise money. That money is expensive.

G)        When raising money: if it’s not easy then your idea is probably incapable of raising money. If its easy, then take as much as possible. If its TOO easy, then sell your company (unless you are Twitter, etc).

H)        The same goes for selling your company. If it’s not easy, then you need to build more. Then sell. To sell your company, start getting in front of your acquirers a year in advance. Send them monthly updates describing your progress. Then, when they need a company like yours, your company is the first one that comes to mind.

I)          Competition is good. It turns you into a killer. It helps you judge progress. It shows that other people value the space you are in. Your competitors are also your potential acquirors.

J)         Don’t use a PR firm. Except maybe as a secretary. You are the PR for your company. You are your companys brand. You personally.

K)        Communicate with everyone. Employees. Customers. Investors. All the time. Every day.

L)         Do everything for your customers. This is very important. Get them girlfriends or boyfriends. Speak at their charities. Visit their parents for Thanksgiving. Help them find other firms to meet their needs. Even introduce them to your competitors if you think a competitor can help them or if you think you are about to be fired. Always think first, “What’s going to make my customer happy?”

M)        Your customer is not a company. There’s a human there. What will make my human customer happy? Make him laugh. You want your customer to be happy.

N)        Show up. Go to breakfast/lunch/dinner with customers. Treat.

O)        History. Know the history of your customers in every way. Company history, personal history, marketing history, investing history, etc.

P)         Micro-manage software development. Nobody knows your product better than you do. If you aren’t a technical person, learn how to be very specific in your product specification so that your programmers can’t say: “well you didn’t say that!”

Q)        Hire local. You need to be able to see and talk to your programmers. Don’t outsource to India. I love India. But I won’t hire programmers from there while I’m living in the US.

R)        Sleep. Don’t buy into the 20 hours a day entrepreneur myth. You need to sleep 8 hours a day to have a focused mind.

S)         Exercise. Same as above. If you are unhealthy, your product will be unhealthy.

T)         Emotionally Fit. DON’T have dating problems and software development problems at the same time. VCs will smell this all over you.

U)        Pray. You need to. Be grateful where you are. And pray for success. You deserve it. Pray for the success of your customers. Heck, pray for the success of your competitors. The better they do, it means the market is getting bigger. And if one of them breaks out, they can buy you.

V)        Buy your employees gifts. Massages. Tickets. Whatever. I always imagined that at the end of each day my young, lesbian employees (for some reason, most employees at my first company were lesbian) would be calling their parents and their mom and dad would ask them: “Hi honey! How was your day today?” And I wanted them to be able to say: “It was the best!” Invite customers to masseuse day.

W)       Treat your employees like they are your children. They need boundaries. They need to be told “no!” sometimes. And sometimes you need to hit them in the face (ha ha, just kidding). But within boundaries, let them play.

X)        Don’t be greedy pricing your product. If your product is good and you price it cheap, people will buy. Then you can price upgrades, future products, and future services more expensive. Which goes along with the next rule.

Y)        Distribution is everything. Branding is everything. Get your name out there, whatever it takes. The best distribution is of course word of mouth, which is why your initial pricing doesn’t matter.

YA) Follow me on Twitter.

Z)         Don’t kill yourself. It’s not worth it. Your employees need you. Your children or future children need you. It seems odd to include this in a post about entrepreneurship but we’re also taking about keeping it real. Most books or “rules” for entrepreneurs talk about things like “think big”, “go after your dreams”. But often dreams turn into nightmares. I’ll repeat it again. Don’t kill yourself. Call me if things get too stressful. Or more importantly, make sure you take proper medication

AA)     Give employees structure. Let each employee know how his or her path to success can be achieved. All of them will either leave you or replace you eventually. That’s OK. Give them the guidelines how that might happen. Tell them how they can get rich by working for you.

BB)      Fire employees immediately. If an employee gets “the disease” he needs to be fired. If they ask for more money all the time. If they bad mouth you to other employees. If you even think they are talking behind your back, fire them. The disease has no cure. And it’s very contagious. Show no mercy. Show the employee the door. There are no second chances because the disease is incurable.

CC)      Make friends with your landlord. If you ever have to sell your company, believe it or not, you are going to need his signature (because there’s going to be a new lease owner)

DD)     Only move offices if you are so packed in that employees are sharing desks and there’s no room for people to walk.

EE)      Have killer parties. But use your personal money. Not company money. Invite employees, customers, and investors. It’s not the worst thing in the world to also invite off duty prostitutes or models.

FF)       If an employee comes to you crying, close the door or take him or her out of the building. Sit with him until it stops. Listen to what he has to say. If someone is crying then there’s been a major communication breakdown somewhere in the company. Listen to what it is and fix it. Don’t get angry at the culprit’s. Just fix the problem.

GG)     At Christmas, donate money to every customer’s favorite charity. But not for investors or employees.

HH)     Have lunch with your competitors. Listen and try not to talk. One competitor (Bill Markel from Interactive once told me a story about how the CEO of Toys R Us returned his call. He was telling me this because I never returned Bill’s calls. Ok, Bill, lesson noted.

II)        Ask advice a lot. Ask your customers advice on how you can be introduced into other parts of their company. Then they will help you. Because of the next rule…

JJ)        Hire your customers. Or not. But always leave open the possibility. Let it always dangle in the air between you and them. They can get rich with you. Maybe. Possibly. If they play along. So play.

KK)     On any demo or delivery, do one extra surprise thing that was not expected. Always add bells and whistles that the customer didn’t pay for.

LL)      Understand the demographic changes that are changing the world. Where are marketing dollars flowing and can you be in the middle. What services do aging baby boomers need? Is the world running out of clean water? Are newspapers going to survive? Etc. Etc. Read every day to understand what is going on.

LLa) Don’t go to a lot of parties or “meetups” with other entrepreneurs. Work instead while they are partying.

MM)    But, going along with the above rule, don’t listen to the doom and gloomers that are hogging the TV screen trying to tell you the world is over. They just want you to be scared so they can scoop up all the money.

NN)     You have no more free time. In your free time you are thinking of new ideas for customers, new ideas for services to offer, new products.

OO)     You have no more free time, part 2. In your free time, think of ideas for potential customers. Then send them emails: “I have 10 ideas for you. Would really like to show them to you. I think you will be blown away. Here’s five of them right now.”

OOa) Depressions, recessions, don’t matter. There’s $15 trillion in the economy. You’re allowed a piece of it:

PP)       Talk. Tell everyone you ever knew  what your company does. Your friends will help you find clients.

QQ)     Always take someone with you to a meeting. You’re bad at following up. Because you have no free time. So, if you have another employee. Let them follow up. Plus, they will like to spend time with the boss. You’re going to be a mentor.

RR)      If you are consumer focused: your advertisers are your customers. But always be thinking of new services for your consumers. Each new service has to make their life better. People’s lives are better if: they become healthier, richer, or have more sex. “Health” can be broadly defined.

SS)       If your customers are advertisers: find sponsorship opportunities for them that drive customers straight into their arms. These are the most lucrative ad deals (see rule above). Ad inventory is a horrible business model. Sponsorships are better. Then you are talking to your customer.

TT)      No friction. The harder it is for a consumer to sign up, the less consumers you will have. No confirmation emails, sign up forms, etc. The easier the better.

TTA) No fiction, part 2. If you are making a website, have as much content as you can on the front page. You don’t want people to have to click to a second or third page if you can avoid it. Stuff that first page with content. You aren’t Google. (And, 10 Unusual Things You Didn’t Know About Google)

UU)     No friction, part 3. Say “yes” to any opportunity that gets you in a room with a big decision maker. Doesn’t matter if it costs you money.

VV)     Sell your company two years before you sell it. Get in the offices of the potential buyers of your company and start updating them on your progress every month.  Ask their advice on a regular basis in the guise of just an “industry catch-up”

WW)    If you sell your company for stock, sell the stock as soon as you can. If you are selling your company for stock it means:

• a.         The market is such that lots of companies are being sold for stock.

• b.         AND, companies are using stock to buy other companies because they value their stock less than they value cash.

• c.         WHICH MEANS, that when everyone’s lockup period ends, EVERYONE will be selling stock across the country. So sell yours first.

XX)     Ideas are worthless. If you have an idea worth pursuing, then just make it. You can build any website for cheap. Hire a programmer and make a demo. Get at least one person to sign up and use your service. If you want to make Facebook pages for plumbers, find one plumber who will give you $10 to make his Facebook page. Just do it.

YY)     Don’t use a PR firm, part II. Set up a blog. Tell your personal stories (see “33 tips to being a better writer” ). Let the customer know you are human, approachable, and have a real vision as to why they need to use you. Become the voice for your industry, the advocate for your products. If you make skin care products, tell your customers every day how they can be even more beautiful than they currently are and have more sex than they are currently getting. Blog your way to PR success. Be honest and bloody.

ZZ)      Don’t save the world. If your product sounds too good to be true, then you are a liar.

ZZa) Your company is always for sale.

AAA)  Frame the first check. I’m staring at mine right now.

BBB)   No free time, part 3. Pick a random customer. Find five ideas for them that have nothing to do with your business. Call them and say, “I’ve been thinking about you. Have you tried this?”

CCC)   No resale deals. Nobody cares about reselling your service. Those are always bad deals.

DDD)   Your lawyer or accountant is not going to introduce you to any of their other clients. Those meetings are always a waste of time.

EEE)    Celebrate every success. Your employees need it. They need a massage also. Get a professional masseuse in every Friday afternoon. Nobody leaves a job where there is a masseuse.

FFF)     Sell your first company. Don’t take any chances. You don’t need to be Mark Zuckerberg. Sell your first company as quick as you can. You now have money in the bank and a notch on your belt. Make a billion on your next company.

GGG)   Pay your employees before you pay yourself.

HHH)   Give equity to get the first customer. If you have no product yet and no money, then give equity to a good partner in exchange for them being a paying customer.  Note: don’t blindly give equity. If you develop a product that someone asked for, don’t give them equity. Sell it to them. But if you want to get a big distribution partner whose funds can keep you going forever, then give equity to nail the deal.

III)       Don’t worry about anyone stealing your ideas. Ideas are worthless anyway. It’s OK to steal something that’s worthless.

IIIA) Follow me on twitter.

Questions from Readers

Question: You say no free time but you also say keep emotionally fit, physically fit, etc. How do I do this if I’m constantly thinking of ideas for old and potential customers?

Answer:  It’s not easy or everyone would be rich.

Question: if I get really stressed about clients paying, how do I get sleep at night?

Answer: medication

Question: how do I cold-call clients?

Answer: email them. Email 40 of them. It’s OK if only 1 answers. Email 40 a day but make sure you have something of value to offer.

Question: how can I find cheap programmers or designers?

Answer: if you don’t know any and you want to be cheap: use scriptlance.com, elance.com, or craigslist. But don’t hire them if they are from another country. You need to communicate with them even if it costs more money.

Question: should I hire programmers?

Answer: first…freelance. Then hire.

Question: what if I build my product but I’m not getting customers?

Answer: develop a service loosely based on your product and offer that to customers. But I hope you didn’t make a product without talking to customers to begin with?

Question: I have the best idea in the world, but for it to work it requires a lot of people to already be using it. Like Twitter.

Answer: if you’re not baked into the Silicon Valley ecosystem,  then find distribution and offer equity if you have to. Zuckerberg had Harvard. MySpace had the fans of all the local bands they set up with MySpace pages. I (in my own small way) had Thestreet.com when I set up Stockpickr.com. I also had 10 paying clients when i did my first successful business fulltime.

Question: I just lost my biggest customer and now I have to fire people. I’ve never done this before. How do I do it?

Answer:  one on meetings. Be Kind. State the facts. Say you have to let people go and that everyone is hurting but you want to keep in touch because they are a great employee. It was an honor to work with them and when business comes back you hope you can convince them come back. Then ask them if they have any questions. Your reputation and the reputation of your company are on the line here. You want to be a good guy. But you want them out of your office within 15 minutes. It’s a termination, not a negotiation. This is one reason why it’s good to start with freelancers.

Question: I have a great idea. How do I attract VCs?

Answer: build the product. Get a customer. Get money from customer. Get more customers. Build more services in the product. Get VC. Chances are by this point, the VCs are calling you.

Question: I want to build a business day trading.

Answer: bad idea

Question: I want to start a business but don’t know what my passion is:

Answer: skip to the post: “How to be the luckiest person alive”. Do the Daily Practice. Within six months your life will be completely different.

Question: I want to leave my job but I’m scared.

Answer: same as above question.  The Daily Practice turns you into a healthy Idea Machine. Plus luck will flow in from every direction.

Final rule: Things change. Every day. The title of this post, for instance, says “100 Rules”. But I gave about 70 rules (including the Q&A). Things change midway through. Be ready for it every day. In fact, every day figure out what you can change just slightly to shake things up and improve your product and company.

Throughout the rest of this blog I have examples, ideas, rules, etc. In fact, it adds up to a lot more than 100 rules. Many of the rules above are repeated in other posts ahead but use this post as a cheat sheet. If you can think of more rules for me, add them to the comments. I’ll try and put them in the upcoming book.

For the latest career news, visit War Room. Follow us on Twitter and Facebook.

Join the conversation about this story »

See Also:

• The Top 10 Sandwich Franchises
• MESSAGE TO ENTREPRENEURS: Stop Bullshitting Yourselves
• 5 Tips To Keep Cash Flowing Consistently Into Your Business

As we know all too well, most VCs you pitch will say ‘no’. So, when it comes to raising your round, you shouldn’t be jumping in a plane for every 1st meeting you get. 1st meetings mean nothing. There is no assurance that they will move ahead. Investors could be learning about the space, just seeing who’s out there or just be bored (not likely, but you never know…). So, how do you efficiently and effectively allocate your time and travel budget when you need to raise capital?

This isn’t an issue if you are in dense markets like the Valley. In one sleepy building in Palo Alto you can literally walk out of Felicis Venture‘s office go 3 feet across the hall and be in True Ventures‘ offices. If you’re not in the Valley, Boston, NYC or another market with investor density then you need to travel to raise your round.

The problem with this as I said is you need to qualify interest before hopping on a plane. Otherwise you will spend a lot of time and money with no assurances that you will be closer to getting a lead investor.

Being a frugal, Scottish and overly logical type, I recognized this early and when I was pitching for $ I would always start off with phone pitches. Now I managed to raise capital. But, now that I’m the one listening to pitches, I can tell you the experience sucks.

One day recently, we had two remote pitches. One was a 1st meeting with someone we did not know well. The other was with a team that I know and respect a lot. Both were horrible. This has nothing to do with the teams or their opportunities. Just the whole audio / visual experience.

We had issues on our side: fumbling to get our skype speaker to work, subsisting on crappy wifi. We just had trouble getting into it. I know, having met one of the pitchers in person after, that it was a crappy experience for them too. You can be pitching your heart out and you have no idea if the investor is engaged or is doing e-mail (BTW, I see investors do this often in phone-in board meetings. aka – “bored” meetings – but that’s another story…).

So what should you do? To start:

- Approach investors who focus on your sector and stage

- Get very warm, highly qualified intros to them

(You should be doing this anyway, for local or far away investors).

- Do an intro meet and greet call. Don’t do the full pitch, but in 20 minutes cover the following:

• Your background and accomplishments – to establish credibility and interest
• The elevator pitch – to clearly and quickly describe your opportunity
• Your status – to quickly qualify if you are too early for this particular investor
• Your round – again, to qualify fit with the investor

Leave 10 minutes for questions/ discussion which should hopefully set the stage for the investor to ask you to come in to do the full pitch.

Do that with a few funds /  groups in a given city and you can confidently book your trip knowing that you have some well qualified meetings and increased chance that the investor will bite and start doing diligence.

Just them excited remotely, but always pitch in person!

The focus should be on the numbers, which tell a discouraging tale.
Among the findings on price of Internet services (all as of September
2010):

Moreover, Canada trails in more than just pricing. The OECD found
gigabit to the home service in Sweden, Slovenia, Slovakia, and
Portugal, while Canada was back in the middle of the pack at 100 Mbit
service.  Canada was unsurprisingly one of the only countries
where all
offers included an explicit data cap (Australia, Iceland, and New
Zealand were the the countries). In fact, the majority of the countries
surveyed featured no data caps whatsoever.

The OECD data once again confirms that there are serious problems with
pricing and competitiveness of Canadian broadband access. In Australia,
the Minister for Broadband, Communications and the Digital Economy,
Senator Stephen Conroy, has cited
the OECD data as evidence that Australia also trails much of the
developed world. The question in Canada is whether the data will
provide a similar political support for change.

By Alasdair Allan and Pete Warden

Update (7:45 am PT) — A section titled “Who has access to this data?” was added.

Today at Where 2.0 Pete Warden and I will announce the discovery that your iPhone, and your 3G iPad, is regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps. We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.

A visualization of iPhone location data. Click to enlarge.

The presence of this data on your iPhone, your iPad, and your backups has security and privacy implications. We’ve contacted Apple’s Product Security team, but we haven’t heard back.

What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.

In the following video, we discuss how the file was discovered and take a look at the data contained in the file. Further details are posted below.

What information is being recorded?

All iPhones appear to log your location to a file called “consolidated.db.” This contains latitude-longitude coordinates along with a timestamp. The coordinates aren’t always exact, but they are pretty detailed. There can be tens of thousands of data points in this file, and it appears the collection started with iOS 4, so there’s typically around a year’s worth of information at this point. Our best guess is that the location is determined by cell-tower triangulation, and the timing of the recording is erratic, with a widely varying frequency of updates that may be triggered by traveling between cells or activity on the phone itself.

Who has access to this data?

Don’t panic. As we discuss in the video, there's no immediate harm that would seem to come from the availability of this data. Nor is there evidence to suggest this data is leaving your custody. But why this data is stored and how Apple intends to use it — or not — are important questions that need to be explored.

What are the implications of this location data?

The cell phone companies have always had this data, but it takes a court order to access it. Now this information is sitting in plain view, unprotected from the world. Beyond this, there is even more data that we have yet to look at in depth.

For example, in my own case I (Alasdair) discovered a list of hundreds of thousands of wireless access points that my iPhone has been in range of during the last year.

How can you look at your own data?

We have built an application that helps you look at your own data. It’s available at petewarden.github.com/iPhoneTracker along with the source code and deeper technical information.

What can you do about this?

An immediate step you can take is to encrypt your backups through iTunes (click on your device within iTunes and then check “Encrypt iPhone Backup” under the “Options” area).

Related:

• iPhone keeps record of everywhere you go
• Open question: How much location information are you willing to share?
• The convergence of biometrics, location and surveillance
• Radiation visualizations paint a different picture of Japan
• Apple iTunes gifts users with a privacy hole

This article was originally posted at Scientific American. It’s reprinted with permission.

The sun strikes every square meter of our planet with more than 1,360 watts of power. Half of that energy is absorbed by the atmosphere or reflected back into space. Seven hundred watts of power, on average, reaches Earth’s surface. Summed across the half of the Earth that the sun is shining on, that is 89 petawatts of power. By comparison, all of human civilization uses around 15 terrawatts of power, or one six-thousandth as much. In 14 and a half seconds, the sun provides as much energy to Earth as humanity uses in a day.

The numbers are staggering and surprising. In 88 minutes, the sun provides 470 exajoules of energy, as much energy as humanity consumes in a year. In 112 hours — less than five days — it provides 36 zettajoules of energy – as much energy as is contained in all proven reserves of oil, coal, and natural gas on this planet.

If humanity could capture one tenth of one percent of the solar energy striking the Earth — one part in one thousand — we would have access to six times as much energy as we consume in all forms today, with almost no greenhouse gas emissions. At the current rate of energy consumption increase — about 1 percent per year — we will not be using that much energy for another 180 years.

It’s small wonder, then, that scientists and entrepreneurs alike are investing in solar energy technologies to capture some of the abundant power around us. Yet solar power is still a minuscule fraction of all power generation capacity on the planet. There is at most 30 gigawatts of solar generating capacity deployed today, or about 0.2 percent of all energy production. Up until now, while solar energy has been abundant, the systems to capture it have been expensive and inefficient.

That is changing. Over the last 30 years, researchers have watched as the price of capturing solar energy has dropped exponentially. There’s now frequent talk of a “Moore’s law” in solar energy. In computing, Moore’s law dictates that the number of components that can be placed on a chip doubles every 18 months. More practically speaking, the amount of computing power you can buy for a dollar has roughly doubled every 18 months, for decades. That’s the reason that the phone in your pocket has thousands of times as much memory and ten times as much processing power as a famed Cray 1 supercomputer, while weighing ounces compared to the Cray’s 10,000-pound bulk, fitting in your pocket rather than a large room, and costing tens or hundreds of dollars rather than tens of millions.

If similar dynamics worked in solar power technology, then we would eventually have the solar equivalent of an iPhone — incredibly cheap, mass distributed energy technology that was many times more effective than the giant and centralized technologies it was born from.

So is there such a phenomenon? The National Renewable Energy Laboratory of the U.S. Department of Energy has watched solar photovoltaic price trends since 1980. They’ve seen the price per Watt of solar modules (not counting installation) drop from $22 dollars in 1980 down to under $3 today.

Is this really an exponential curve? And is it continuing to drop at the same rate, or is it leveling off in recent years? To know if a process is exponential, we plot it on a log scale.

And indeed, it follows a nearly straight line on a log scale. Some years the price changes more than others. Averaged over 30 years, the trend is for an annual 7 percent reduction in the dollars per watt of solar photovoltaic cells. While in the earlier part of this decade prices flattened for a few years, the sharp decline in 2009 made up for that and put the price reduction back on track. Data from 2010 (not included above) shows at least a 30 percent further price reduction, putting solar prices ahead of this trend.

If we look at this another way, in terms of the amount of power we can get for $100, we see a continual rise on a log scale.

What's driving these changes? There are two factors. First, solar cell manufacturers are learning — much as computer chip manufacturers keep learning — how to reduce the cost to fabricate solar.

Second, the efficiency of solar cells — the fraction of the sun's energy that strikes them that they capture — is continually improving. In the lab, researchers have achieved solar efficiencies of as high as 41 percent, an unheard of efficiency 30 years ago. Inexpensive thin-film methods have achieved laboratory efficiencies as high as 20 percent, still twice as high as most of the solar systems in deployment today.

What do these trends mean for the future? If the 7 percent decline in costs continues (and 2010 and 2011 both look likely to beat that number), then in 20 years the cost per watt of PV cells will be just over $0.50.

Indications are that the projections above are actually too conservative. First Solar corporation has announced internal production costs (though not consumer prices) of $0.75 per watt, and expects to hit $0.50 per watt in production cost in 2016. If they hit their estimates, they’ll be beating the trend above by a considerable margin.

What does the continual reduction in solar price per watt mean for electricity prices and carbon emissions? Historically, the cost of PV modules (what we’ve been using above) is about half the total installed cost of systems. The rest of the cost is installation. Fortunately, installation costs have also dropped at a similar pace to module costs. If we look at the price of electricity from solar systems in the U.S. and scale it for reductions in module cost, we get this:

The cost of solar, in the average location in the U.S., will cross the current average retail electricity price of $0.12 per kilowatt hour in around 2020, or 9 years from now. In fact, given that retail electricity prices are currently rising by a few percent per year, prices will probably cross earlier, around 2018 for the country as a whole, and as early as 2015 for the sunniest parts of America.

10 years later, in 2030, solar electricity is likely to cost half what coal electricity does today. Solar capacity is being built out at an exponential pace already. When the prices become so much more favorable than those of alternate energy sources, that pace will only accelerate.

We should always be careful of extrapolating trends out, of course. Natural processes have limits. Phenomena that look exponential eventually level off or become linear at a certain point. Yet physicists and engineers in the solar world are optimistic about their roadmaps for the coming decade. The cheapest solar modules, not yet on the market, have manufacturing costs under $1 per watt, making them contenders — when they reach the market — for breaking the $0.12 per Kwh mark.

The exponential trend in solar watts per dollar has been going on for at least 31 years now. If it continues for another 8-10, which looks extremely likely, we’ll have a power source which is as cheap as coal for electricity, with virtually no carbon emissions. If it continues for 20 years, which is also well within the realm of scientific and technical possibility, then we’ll have a green power source that is half the price of coal for electricity.

That’s good news for the world.

Photo: Evening sun by dingbat2005, on Flickr

Sources and further reading:

• Key World Energy Statistics 2010, International Energy Agency
• Tracking the Sun III: The Installed Cost of Photovoltaics in the U.S. from 1998-2009, Barbose, G., N. Darghouth, R. Wiser., LBNL-4121E, December 2010
• 2008 Solar Technologies Market Report: January 2010, (2010). 131 pp. NREL Report TP-6A2-46025; DOE/GO-102010-2867

The Internet is, by very definition, an interconnected network of networks. The resilience of the way in which the interconnection system works is fundamental to the resilience of the Internet. Thus far the Internet has coped well with disasters such as 9/11 and Hurricane Katrina – which have had very significant local impact, but the global Internet has scarcely been affected. Assorted technical problems in the interconnection system have caused a few hours of disruption but no long term effects.

But have we just been lucky ? A major new report, just published by ENISA (the European Network and Information Security Agency) tries to answer this question.

The report was written by Chris Hall, with the assistance of Ross Anderson and Richard Clayton at Cambridge and Panagiotis Trimintzios and Evangelos Ouzounis at ENISA. The full report runs to 238 pages, but for the time-challenged there’s a shorter 31 page executive summary and there will be a more ‘academic’ version of the latter at this year’s Workshop on the Economics of Information Security (WEIS 2011).

Internet interconnectivity is a complex ecosystem with many interdependent layers. Its operation is governed by the collective self-interest of the Internet’s networks, but there is no central Network Operation Centre (NOC), staffed with technicians to leap into action when trouble occurs. The open and decentralised organisation that is the very essence of the ecosystem is essential to the success and resilience of the Internet. Yet there are a number of concerns.

First, the Internet is vulnerable to various kinds of common mode technical failures where systems are disrupted in many places simultaneously; service could be substantially disrupted by failures of other utilities, particularly the electricity supply; a flu pandemic could cause the people on whose work it depends to stay at home, just as demand for home working by others was peaking; and finally, because of its open nature, the Internet is at risk of intentionally disruptive attacks.

Second, there are concerns about sustainability of the current business models. Internet service is cheap, and becoming rapidly cheaper, because the costs of service provision are mostly fixed costs; the marginal costs are low, so competition forces prices ever downwards. Some of the largest operators – the ‘Tier 1′ transit providers – are losing substantial amounts of money, and it is not clear how future capital investment will be financed. There is a risk that consolidation might reduce the current twenty-odd providers to a handful, at which point regulation may be needed to prevent monopoly pricing.

Third, dependability and economics interact in potentially pernicious ways. Most of the things that service providers can do to make the Internet more resilient, from having excess capacity to route filtering, benefit other providers much more than the firm that pays for them, leading to a potential ‘tragedy of the commons’. Similarly, security mechanisms that would help reduce the likelihood and the impact of malice, error and mischance are not implemented because no-one has found a way to roll them out that gives sufficiently incremental and sufficiently local benefit.

Fourth, there is remarkably little reliable information about the size and shape of the Internet infrastructure or its daily operation. This hinders any attempt to assess its resilience in general and the analysis of the true impact of incidents in particular. The opacity also hinders research and development of improved protocols, systems and practices by making it hard to know what the issues really are and harder yet to test proposed solutions.

So there may be significant troubles ahead which could present a real threat to economic and social welfare and lead to pressure for regulators to act. Yet despite the origin of the Internet in DARPA-funded research, the more recent history of government interaction with the Internet has been unhappy. Various governments have made ham-fisted attempts to impose censorship or surveillance, while others have defended local telecommunications monopolies or have propped up other industries that were disrupted by the Internet. As a result, Internet Service Providers (ISPs), whose good will is essential for effective regulation, have little confidence in the likely effectiveness of state action, and many would expect it to make things worse.

Any policy makers should therefore proceed with caution. At this stage, there are four types of activity that can be useful at the European (and indeed the global) level.

The first is to understand failures better, so that all may learn the lessons. This means consistent, thorough, investigation of major outages and the publication of the findings. It also means understanding the nature of success better, by supporting long term measurement of network performance, and by sustaining research in network performance.

The second is to fund key research in topics such as inter-domain routing – with an emphasis not just on the design of security mechanisms, but also on traffic engineering, traffic redirection and prioritisation, especially during a crisis, and developing an understanding of how solutions can be deployed in the real world.

The third is to promote good practice. Diverse service provision can be encouraged by explicit terms in public sector contracts, and by auditing practices that draw attention to reliance on systems that lack diversity. The public section might also promote the independent testing of equipment and protocols.

The fourth is public engagement. Greater transparency may help Internet users to be more discerning customers, creating incentives for improvement, and the public should be engaged in discussions on potentially controversial issues such as traffic prioritisation in an emergency. And finally, Private Public Partnerships (PPPs) of relevant stakeholders, operators, vendors, public actors etc. are important for self-regulation to be effective. Additionally, should more formal regulation become necessary in the future, more informed policy makers who are already engaged with industry will be able to make better decisions.

So if you’ve ever wondered how the Internet is glued together, and how it might come apart – or if you’re interested in learning about yet another area where computer security and economics interact – then this report will be fascinating reading.

One of the most frustrating aspects of raising capital is how long it can take. Even if an investor loves the idea after the 1st meeting, the process still takes months. Now that I am sitting on the other side, I have a better appreciation for why things take longer than entrepreneurs would like.  So, I thought I would share some thoughts on why things can take long and how you can accelerate the process.

We are four partners at Real Ventures, and we see a lot of opportunities. A small number of those are clearly not a fit and so we pass quickly, but the rest all require some amount of work. Plus we have an active portfolio in our 1st fund that we spend time with. And of course, we “have to” attend events, conferences, meet with other investors and generally meet people all the time. So, unlike the entrepreneur that gets to focus 100% of his or her attention on their company, as an investor, our attention is fractured in many directions.

I am fairly process driven (side effect of being a CFO for so long), and for me at least, I need dedicated blocks of time to think about a given opportunity, so that I can really get into it, think through the drivers, issues and develop a thesis for how things will play out. That can be hard to do when you have so many demands on your time. I can leave a pitch totally psyched about it, but not be able to touch the opportunity again for a week.

So, what’s the solution? Here are my suggestions for getting funded faster:

Be prepared: Have your investor materials (exec summ, pitch, financial forecast) ready to go. Make sure they are great. The goal of the exec summ is to get you a meeting. Nothing more. The goal of the pitch is to get the investor to dig deeper. Nothing more. These are sales documents. Not educational documents.

Parallel, not serial: Run a roadshow process. Dedicate a team member full time to fundraising. Hit up all investors at once.

Don’t do it alone: Before you begin, assemble your team. Make sure you have advisors and mentors who have done this and who have relevant relationships. Have a deal lawyer who knows the space.

Get introductions: All funds, including ours, have web submissions or you can e-mail info@fund.com. Don’t bother. We do genuinely look at cold submissions but place a high priority on trusted introductions. Get people investors know and trust (their porfolio CEOs, VCs, lawyers, etc) to introduce you. Ideally more than one intro.

Get a running start: I am a big fan of building investor relationships before you start fundraising. Mark Suster has a great post about investing in dots not lines. The gist is that as investor you want multiple touch points and opportunities to get to know the team and see the progress. The surest way to accelerate the deal process is to blow away investors with your progress each time you interact with them. So, meet investors before you are ready to raise so they know you and your story and can track your progress.

Start early enough: This is an extension of the last point. Don’t start the process when you have 3 months of runway left. Start early.

The right investor: If you have a SaaS, freemium or e-commerce business, I’m going to get it quickly. If you have something that I don’t focus on, it’s much tougher and is going to take longer. The point is, don’t just pitch any partner you get introduced to. Pitch the partner that is most focused on your sector.

At the right time: Timing is (almost) everything. This is true for individual investors and for the fund as a whole. As an individual, if I have other deals going on, I may not have the time to move a new opportunity forward. As a fund, if you approach us at the end of our investment cycle, the timing might not be right. It’s easy to figure out where a fund is in their investment cycle. Look at when they closed new capital. You have 3 – 5 years from that point for active investing. It’s harder to know what is on an individual partner’s plate.

Build trust: You do this by having multiple touch points with investors (to my earlier points about building relationships before fundraising) and by telling investors what you’re going to do, then next time you speak with them let  them know you did that and more! Do that a couple of times and that will get attention.

All about traction: You need to time fundraising around milestones and progress with your development and ideally goto market. Nothing will get investors to move faster than seeing a startup kill it.