What the Kaspersky breach tells us about the state of antivirus

Yesterday, Kaspersky announced that some of its internal systems had been breached. While this may have created a sense of Schadenfreude in some parts of the security community, Kaspersky has handled the situation quite well.  Instead of other companies that have suffered a breach, Kaspersky worked straight from the crisis management playbook — full disclosure, plenty of information and a plan. Kudos.

As Graham Clulely says: “In short, it handled what could have been a corporate crisis well – and reassured customers and partners that their data was safe, and the integrity of its security products had not been compromised.”

(Although one can’t help but wonder at the timing. According to the press release, the malware was found in “early spring 2015”, but the announcement is coming on June 10th — just a few weeks away from the official start of summer…)

Kaspersky is being up-front, but they are also spinning this as a research item. And that’s okay, because it is some fascinating research. This is a very interesting new malware variant, and quite sophisticated, quite likely tied to state-sponsored activities.

But they just can’t help being Kasperskyish:

From a threat actor point of view, the decision to target a world-class security company must be quite difficult. On one hand, it almost surely means the attack will be exposed – it’s very unlikely that the attack will go unnoticed. So the targeting of security companies indicates that either they are very confident they won’t get caught, or perhaps they don’t care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they’d remain undiscovered; and lost.

(Yeah, that explains the Schadenfreude part.)

Anyway, the bigger story is the state of the antivirus detections on the day following Kaspersky’s announcement.

Considering that most antivirus vendors practice what I call “hash-whoring”, where hash detections from VirusTotal or internal scans are dumped wholesale into their databases (explaining the massive size of today’s antivirus engine), the poor detection state of this variant is surprising. (Incidentally, I’m not condemning this practice — it’s a very useful stop-gap until a detection team can make a good detection — nevertheless, it’s abused way too much, especially by poorer quality, also-ran engines.)

We know what this piece of malware looks like, because Kaspersk published the complete Indicators of Compromise (IOCs). So, we can just go to VirusTotal and check the detection status:






And so on.

So, just for fun, I’ve published the hashes below, hyperlinked to VirusTotal.  You can click on them as the week progresses to see the state of detection of your antivirus product.

Action loaders:




(And, also remember to blacklist the C&C IPs: and

Is this blog post another tired rant against antivirus? Absolutely not. AV isn’t dead. It’s part of a valid belt-and-suspenders approach to security.

But, a day later, and we still see poor detection? Yeah, that part sucks.


How to Create Surveys People Won’t Hate Taking

If you know me, you know I’m a survey dork. Like, serious survey dork. I live and die by them. Testing, surveys, data.

So I was more than pleased to see Mimi An over at HubSpot take on the task of pointing out the obvious flaws in so many surveys.

It’s a good post. She doesn’t have all of the tricks, but some very useful tips. Like:

  • Make the darned thing short. Long surveys (invariably designed by committee) are a good way to get poor results.
  • Avoiding Yes/No questions.
  • Randomizing answer options to avoid “first-choice” bias
  • Correct use of matrices (pretty vital, IMHO)

And more, here.


With BlueStripe acquisition, Microsoft gives IT managers a new window on their world

Today, Microsoft announced its acquisition of BlueStripe Software. As an active board member of the company, I couldn’t be more pleased with the combination (although I will really miss working with the BlueStripe team).

BlueStripe has the mission to help IT operations teams map, monitor, and fix their distributed applications.

BlueStripe’s software, FactFinder, is a type of Application Performance Management (APM) product that is very unique, and very powerful. (The use of the APM label for BlueStripe is admittedly sloppy — it’s technically, per Gartner, Application-Aware Infrastructure Performance Monitoring, or AA-IPM. Nevertheless, the label “APM” sticks and even I can’t stop using it.)

Classic APM solutions help developers and IT managers spot and resolve problems with applications. Typically, this is done in the form of some code that is inserted into an app (kind of like a “barium trace”). This is what a company like New Relic does.

The problem with the code-centric solution is that it’s great for developers to debug their apps, but it doesn’t help IT or DevOps folks. So, the typical solution to an application problem is for enterprises to hold large “bridge” calls, where IT, DevOps, and app developers all get on long and often painful conference calls to determine where the fault lies.

FactFinder doesn’t rely on any code, and is a different type of APM. Instead of code, it relies on lightweight and intelligent agents (called “collectors”) directly installed on servers and desktop systems to monitor a broad set of applications. These agents then feed up into a map of all major applications, allowing an IT executive to immediately spot (and dig down to) where the problems are.

For example, let’s imagine an application in banking. When a person inserts their ATM card, a series of actions occur behind the simple ATM transaction, often involving a series of applications residing on various servers. And, let’s say that ATM transactions typically take under 30 seconds, but suddenly, start taking over 2 minutes. Something is wrong. It could be a failed connection, a configuration issue, bad code, DNS issues, rogue applications, mis-matched bandwidth, memory or storage — whatever. With FactFinder, the IT executive gets an immediate alert, and can visually determine where the problem is, dig down and fix it.

It’s wickedly cool stuff.

FactFinder can monitor pretty much anything. Windows, Linux, Solaris, and AIX servers, and even using containers like Docker. It can even monitor response times from other servers (mainframes, 3rd party services) that are part of an application. And, it monitors both packaged applications (SAP, PeopleSoft, Exchange, etc.) and custom-built applications.

Environments are becoming insanely complex

The problem of managing complex application environments is even more difficult because of two trends: virtualization (massively multiplying the number of servers and the complexity of the environment) and the move to the cloud.

It’s not unusual for a server to have 12, 20, 50 virtual machines — on one server. And the cloud… well, it’s not “the cloud”, it’s almost always hybrid deployments in enterprises. So you have a multiplication of complexity, because you have apps and data residing on the private cloud, and apps and data on the public cloud. You get the picture. Sucks to be an IT ops person.

And this is where FactFinder becomes intensely interesting. Because it can monitor the apps in these complex environments.

Which brings me to…

Where Microsoft fits in.

In my opinion, BlueStripe is a perfect fit for Microsoft. In fact, I can’t think of a fit more perfect.

To explain, Microsoft’s centerpiece in its systems management strategy is Systems Center Operations Manager (SCOM). SCOM provides IT managers with a total view of network operations.

FactFinder provides many advantages to SCOM environments, by discovering, managing and measuring application and platform dependencies.

IT managers can have FactFinder automatically build topology diagrams (not possible now in SCOM), map a dynamic application architecture, monitor dependencies and provide full coverage of dependency failures (you can see a 30 second demo at TechEd by Nick Burling to get a quick idea of how it integrates).

Simply stated, it “turns the light on” for IT, development and DevOps as to what is happening to with applications on their network.

FactFinder in SCOM.
FactFinder in SCOM.

In addition, BlueStripe Performance Center for Windows Azure Pack adds application management – and a single view for managing application service delivery, all tied directly into the Windows Azure Pack service management workflow.

FactFinder in Azure.

Oh, that’s cool.

Well done, BlueStripe team (and the competent banking group over at Pac Crest).

And to Microsoft: You got a good one here.

business advice finance Sales

White lies to yourself about revenue may make you feel good, but the end always sucks


Revenue: It’s what CEOs are judged by. But all too often CEOs give white lies about revenue to themselves, their staff and investors.

I’m not talking about criminal stuff. It’s just, well, not being totally honest about the state of the numbers.

Let’s look at a few that I’ve seen.

Reporting new license revenue and recurring revenue as one number.

This is so common, it’s almost a joke. I routinely talk to CEOs who say “our numbers are up”, and then I ask the question: “Is the new license revenue up?” and get the real answer.

New license revenue is what’s new. A new customer, and it is the single most important revenue number.

Recurring revenue is from customers renewing a subscription or a software maintenance plan.

Recurring revenue is driven by three things, in order of importance:

  1. product quality, price and relevance,
  2. quality of technical/customer support and
  3. renewal sales activities.

If you focus on these three key drivers, recurring revenue chugs along happily. For enterprise software companies, typically 75–90% of your customers will renew their subscription (or buy a maintenance plan). 85% is a good goal. I’ve experienced as high as 100%. But that’s an outlier, and if you have 100% renewal rates, you’re not as smart as you’re lucky. Customers do drop off in a normal world.

In consumer software companies, the number is typically lower, perhaps in the 65%–70% range.

(Of course, if you’re a pure SaaS/subscription business, you’ll focus on churn.)

The biggest mistake a sales manager can make is to confuse these two revenue sources. Recurring revenue reps should not be compensated as highly as new license reps (and they often are, because the numbers are so large). They should be compensated on a good base plan, with commission tiers or bonuses tied to the percentage of existing customers who renew their license subscription, with the total dollars booked being less important.

That’s not to minimize the revenue role of a renewal rep, as they should be compensated for aggressively selling add-on licenses, additional plans, and other revenue opportunities. The point here is to put the picture into perspective.

Focus on your new license billings as your number one priority.  Have that number as a KPI that everyone knows.

Then have a separate KPI for total recurring revenue dollars and the percentage of customers renewing.

Don’t hide poor new license billings by merging the number with recurring. That’s just lying to yourself and your investors.

How to calculate renewal revenue

Companies are all over the place in terms of how they calculate renewal revenue. And, you can play with the numbers to make yourself look better.

But again, we’re looking at an honest number to run your business. In the above link, Carbonite is a company that has a good approach.

To make it simple, keep two statistics:

Renewal Count

How many customers are up for renewal in a given period?  (a)

How many of those renewed? (b)

And you get:

b/a=renewal rate

It doesn’t matter if they renew in that month, or in a different month. One simply keeps track of the rolling average of renewal rates.

Renewal Dollars

What is the dollar value of the renewals in a given period?  (a)

What were the renewal dollars (including upsells, crossells, additional licenses, etc.) in that period (b)

And you get:

b/a=renewal dollar rate


The point is to separate thinking in the organization from existing customers and new customers.

Incorrectly calculated subscription revenue

Subscription-based revenue is another method that’s often incorrectly calculated, often completely innocently.

As you probably know, there are two key calculations in subscription revenue: MRR (Monthly Recurring Revenue) and ARR (Annual Recurring Revenue).

The formula for MRR is dead simple = Total # of Paying Customers  x  Average Revenue Per User.

Now, MRR/ARR metrics are commonly used in reporting, but they are not included in GAAP or other reporting schemes. But they are very important to investors, and to the management of a SaaS company.

So here are some common errors in SaaS reporting. Some of these are surpassingly common.

  • Including quarterly or annual contracts at full value in a single month. Even if someone pays you a lump-sum quarterly or annually, you still need to divide the numbers up to match the MRR figure. (I know, it seems obvious, but I’ve seen this mistake done all too often). Bookings are different than MRR.
  • Underreporting by including fees in the MRR number. Don’t under-report the number by discounting, from the MRR number, credit card charges, delinquency, etc. It will throw off the true number. Instead, break those out separately.
  • Including one-time payments. Don’t bundle in one-time payments into your MRR. These are just that: one time payments, whether NREs, or license fees, or whatever. Report them separately.
  • Including free trials. Don’t include free trails in your MRR numbers. It’s fairly idiotic, but it does happen surprisingly more than one would expect.
  • Not netting out discounts. Net out your MRR net of discounts. In other words, if a customer gets 20% off per month for prepaying, then report the number net of discounts.

(Hat tip to Profitwell — and a shout-out, as they have a great free tool for SaaS reporting.)

Under-reporting can be almost as bad as over-reporting.
Under-reporting revenue (to be “conservative”) can also really kick you in the teeth, as I’ve learned first-hand.

Just get the right number, don’t play games and be completely honest with yourself and with your team and investors. You may not be popular in the short-term, but in the long-run, you’ll be running a better business.

And that, in the end, is what counts.


The genius of Claude Hopkins, the original dude

Claude-Hopkins (1)
The original dude

Every once in a while, someone writes a blog post about the genius of Claude Hopkins. Well, since I am not feeling particularly original today, I’ll tag along and do exactly the same thing, but perhaps with a different twist. After all, one can’t talk about Hopkins enough.

Despite what Bill Gross says (the success of startups is largely timing), you can control your destiny, and it comes down to not only the right product, but the right marketing.

There are three marketing legends, that if you read their books and apply their methods, will considerably impact your chances of success: Claude Hopkins, David Ogilvy and Al Ries.

Most anybody who has worked in marketing or advertising knows of Claude Hopkins. The ones, however, who take his words to heart, are the successful ones.

Hopkins was a rock star in his day. In 1907, he earned several million a year (in today’s dollars) at Lord and Thomas. He was the genius behind many of the biggest brands, and most are still here with us today. Heck, you can blame the fact that people use toothpaste on this guy. He made it popular.

David Ogilvy famously said “Nobody should be allowed to have anything to do with advertising until he has read this book seven times. It changed the course of my life.”

The free trial model, the freemium model, coupons, campaign tracking… so much came from Hopkins and other greats like him.

The reason? Despite what anyone thinks, what motivates people are the same factors today as they were 100 years ago. Or 2,000 years ago, for that matter. Now, obviously, tastes, technology and styles change. But the fundamental drivers of humanity are still there.

I’ll give you an example: Many years ago, I was a young product manager who had recently read some of David Ogilvy’s worksNow, if you’ve ever read Ogilvy (who came from the Hopkins school), he repeats one thing tirelessly: use plenty of copy. 

I met with our agency and they presented some design for an ad. Very light on copy, with a big headline. So, I asked the question: “Why not use more copy?”

The answer: “People don’t read these days. It’s a visual world”.

Oh really? People don’t read? Nah. They read blogs, magazine articles, trade publications, emails, Facebook posts, etc., etc. People read.

Claude Hopkins, 100 years ago, ran into the same thing. Here’s what he wrote:

Some say “Be very brief. People will read for little.” Would you say that to a salesman? With a prospect standing before him, would you confine him to any certain number of words? That would be an unthinkable handicap.

Like I said, some things never change. Once you get a person to read the headline, why not have some copy to finish off the sales message? (Now, I’m not actually in favor of the landing pages with endless, schlocky copy. Creating good landing pages and web sites with an artful mix of headlines, subheads and copy is, itself, a fine craft. But don’t worry about writing a bit. You might find that people actually read it.)

Hopkins in his own words
Let’s look at some classic Claude Hopkins quotes:

  • Advertising is salesmanship. Its principles are the principles of salesmanship…The only purpose of advertising is to make sales.
  • People don’t buy from clowns.
  • Don’t think of people in the mass. That gives you a blurred view. Think of a typical individual, man or women, who is likely to want what you sell.
  • People can be coaxed but not driven. Whatever they do they do to please themselves. The best ads ask no one to buy…The ads are based entirely on service. They offer wanted information. They site advantages to users.
  • Human nature is perpetual. In most respects it is the same today as in the time of Caesar.
  • The product itself should be its own best salesman.
  • Almost any questions can be answered, cheaply, quickly and finally, by a test campaign. That is the way to answer them, not by arguments around a table.
  • A person who desires to make an impression must stand out in some way. Being eccentric, being abnormal is not a distinction to covet. But doing admirable things in a different way gives one a great advantage.
  • Show a bright side, the happy and attractive side, and not the dark and uninviting side of things. Show beauty, not homeliness; health, not sickness. Don’t show the wrinkles you propose to remove, but the face as it will appear. Your customers know all about the wrinkles…We are attracted by sunshine, beauty, happiness, health, and success.
  • …the love of work can be cultivated, just like the love of play. The terms are interchangeable. What others call work I call play, and vice versa.
  • I know of nothing more ridiculous than gray-haired boards of directors deciding on what housewives want…We must never judge humanity by ourselves. The things we want, the things we like, may appeal to a small minority.
  • The greatest two faults in advertising lie in boasts and in selfishness. The natural instinct of a successful man is to tell what he has accomplished. He may do that to a dinner partner who cannot get away. But he cannot do that in print. Nor can he put over, at a reasonable cost, any selfish, undertaking. People will listen if you talk service to them. They will turn their backs, and always, when you seek to impress an advantage for yourself. This is important. I believe that nine-tenths of the money spent in advertising is lost because of selfish purposes blazonly presented.

Hopkins wrote My Life in Advertising and Scientific Advertising. You can pick up both, combined. Since they are both public domain, the books are readily available for download online. Ian Dewar has also put up a version of Scientific Advertising and you can also read a PDF version of My Life in Advertising.

Here are some example ads. Yes, they are dated, but in their day, they were very powerful and were behind the success of so many major brands, it’s a bit mind-blowing. And the fundamentals, again, are timeless.

Schlitz Beer
This is a famous example Hopkins used to catapult Schlitz from 5th  position in the market to #1. Before he came out with this campaign, Hopkins did an enormous amount of research, even going to brewery school to teach himself how beer is brewed. Nothing was clicking.

Then, he actually went to the Schlitz brewery, and found some amazing things: Schlitz was using water from ancient artesian wells, and going to great lengths to insure its purity.

When he asked the folks at Schlitz why they had never told anyone about these advances, they answered that “everyone in our industry does this”. But Claude realized that no one outside of the beer business knew these things. The irony is that every beer brewer advertised “purity” but, since everyone was saying it, it had zero impact on the public.

So, he simply highlighted what Schlitz was doing (again, that everyone else was doing as well).

As Hopkins says (relevant today in technology marketing), “The situation occurs in many, many lines. The maker is too close to his own product. He sees in his methods only the ordinary….That is a situation which occurs in most advertising problems. The article is not unique. It embodies no great advantages. There are few advertised products which can’t be imitated. Few who dominate a field have any exclusive advantage. They were simply the first to tell convincing facts.




Good old Claude convinced women to wash their faces with soap before their applying makeup.



Hopkins’ employer, Lord and Thomas (of Albert Lasker fame), landed the Southern California Fruit Grower’s Association account for oranges grown in California (“sunkissed”, later changed to “Sunkist”). Back then, people didn’t drink orange juice. They just ate the orange.

Homeboy Claude changed that. He marketed drinking an orange, and included a coupon for an inexpensive squeezer. Huge success. We now drink our oranges.

Thanks for the OJ, Claude!



Van Camps beans

Do you know that before Claude got involved, people didn’t buy canned beans? They cooked them themselves. Claude changed all of that.

I started a campaign to argue against home baking….I told of the sixteen hours required to bake beans at home. I told why home baking could never make beans digestible. I pictured home-baked beans, with the crisped beans on top, the mushy beans below. I told how we selected our beans, of the soft water we used, of our stream ovens where we baked beans for hours at 245 degrees. Then I offered a free sample for comparison. The result was an enormous success.


But then all the competitors caught on. So, Hopkins did a campaign reminiscent of the Progressive Insurance’s successful campaign comparing their rates against others.

He told people to buy his competitor’s product. And it was wildly successful.

After a while, when others followed us, we suffered substitution. Our rivals tried to meet it by insisting on their brand. They said in effect, “Give me the money which you give to others.” And such appeals fell on deaf ears.

I came out with headlines, “Try Our Rivals, Too.” I urged people to buy the brands suggested and compare them with Van Camp’s. That appeal won over others. If we were certain enough of our advantage to invite such comparisons, people were certain enough to buy.

That’s another big point to consider. Argue anything for your own advantage, and people will resist to the limit. But seem unselfishly to consider your customers’ desires, and they will naturally flock to you.

You can google around and find other great examples of Claude Hopkins’ genius.

The key point is that a lot of companies waste money on branding and marketing that doesn’t succeed. And while print advertising is largely dead, the principles of good advertising and marketing are timeless and are ignored at one’s peril. I have certainly used them to great success myself in every company I’ve been at.

So, the next time you’re eating a breakfast of Quaker Oats, having a nice glass of orange juice, while reading the Wall Street Journal, then brushing your teeth, then driving a car with Goodyear tires, then coming home and having a Schlitz beer with baked beans, while shopping online at Sears (well, the last three were a stretch, unless you live in a, err, certain part of the country), you can give a hat tip to Claude, the original dude. Because he was the marketer behind all of these ideas and brands, and many more.



The pathetic decline of SourceForge

It’s no news to anyone who downloads software. Most download sites are awful. Misleading practices.  Over-indulgence in advertising.

It’s all over the board. One can barely find a good download site anymore.

The best place to find a trustworthy download is directly from the developer. And even that is fraught with peril, since many developers use, well, download sites to propagate their software.

In response, many developers are using Github to provide downloads. But Github, at least for inexperienced users, is daunting.

But the most depressing is SourceForge. Made all the more pathetic by its once-proud past, SourceForge has become a sad and pitiable site. Apparently pushed mercilessly by its parent company, Dice Holdings, to make quarterly targets, the company has lost its way and is now the butt of jokes.

As Simon Phipps points out:

Once the darling of open source, SourceForge has been eclipsed by GitHub and package managers, leaving it with a long, thin tail of (mostly consumer) software. It has used increasingly desperate measures to monetize the service through questionable advertising, SEO, and adware injectors.

Couldn’t have said it better myself.

And Google seems to agree, as I tried to download Ccleaner portable today:

Sourceforge 1298123


And then there’s the confusing advertising. What button do I click?

Download misleading


So, let’s walk through an install of FileZilla. Now, before you say “oh, FileZilla is cool, it’s the evil SourceForge”, FileZilla is getting paid for SourceForge’s bundling. Shame.

Misleading sourceforge988123


First, we are mislead. “An ad-supported installer” which “might provide you with an ad during the install process”.

Utter nonsense.

Oh well, then we have to get through this warning screen. Ooops!

B sourceforge 1298123


Anyway, we finally get to the installer and this is what you get (you are defaulted to “Quick (Recommended) which will change your default search to Yahoo). The “Internet Browser” is Chromium, defaulted to search to Yahoo, and defaulted as your primary browser. Irritating.

Filezilla misleading crap


Of course, Yahoo is safe, but there has been all kinds of crapware installed in the past.

And then it continues. At least you’re opted-out of this software:

A sourceforge 1298123

Whatever. The problems of SourceForge are well documented and it’s not worth getting into in more detail.

It’s enough to say: stay the hell away from this joke of a site.


Google Streetview for Oceans. It’s gorgeous.


Google has opened up the world, the moon, the constellations, and now… underwater. Soon to be part of Google Maps, you can see the basic design with images collected by the Catlin Seaview Survey.


Bubble-talk. It’s not us. It’s China.


Yeah, we’re in a bubble. But China’s stock market is insane right now. Perhaps 1999 insane.

From the New Yorker:

Of seventeen hundred stocks on the Shenzhen Exchange, only four have fallen this year, and more than a hundred have seen their shares rise more than five hundred per cent. The Shenzhen Index as a whole has doubled since January, and is up more than two hundred per cent in the past year.

And from the Economist:

A hotel group rebranded itself as a high-speed rail company, a fireworks maker as a peer-to-peer lender and a ceramics specialist as a clean-energy group. Their reinventions as high-tech companies appear to have less to do with the gradual rebalancing of China’s economy than with the mania sweeping its stockmarket.



But perhaps the most beautiful thing of all: a pet food company trading at 221 earnings.

The problem: China’s GDP growth isn’t that hot compared to its prior spree of raping of the US economy through currency manipulation.

So… what happens if China has a crash?

It might very well be a disaster for the US.

  • The US wouldn’t sell as many treasuries (China is the largest foreign holder of US debt). I’m not sure this would have a major impact, but it wouldn’t be a good thing.
  • Less revenue for big US companies doing business in China (GM, Nike, Apple, etc.).
  • A collapse of commodity imports (copper comes to mind) which would affect our economic partners.

In the end, however, we really don’t know until it happens. But with China being a major global power, now is the time to pay attention.




How usability can make or cost you millions

At one of my last companies, we had a large contract with a cable TV retailer to sell our product over the air.

Things initially seemed to be going swimmingly well, until the buyer mentioned that our returns were “a bit high”. But “a bit high” was unnerving and I was frankly shocked that the number was where it was.

We immediately started to research the problem, and found the issue came almost entirely from usability issues.

Once fixed, our return rates plummeted and everyone was happy. Considering that this customer did millions of dollars of business with us, the impact was not insignificant.

Later, we hired a full-time UX designer and started doing lots of usability panels, and as always happens in these cases, we were embarrassed and mortified to see videos of poor new users bumbling around, trying to do something that seemed completely obvious to us. We started to make dramatic changes to the product, with significant results.

If you’ve never seen a usability study, the following two videos by Melanie Perkins, co-founder and CEO of Canva, highlight the problem. A feature that seems obvious to a developer is painful for users.

This particularly user experience came down to a “simple” action of choosing a color.

Watch the first user:


So…Canva’s solution was utterly simple: just change the default color from grey to red.

And something magical happens:

Pretty dramatic! As Melanie says:

This tiny tweak has saved hundreds of thousands of people from struggling with this step and boosted our user’s self-confidence in the process.

Usability: it’s a Good Thing.

Tags: ,

June 1st: The first and fourth ammendment

For a brief time, we have freedom from the NSA. That’s the fourth amendment part.

And today, the Supreme Court has ruled in favor of Anthony Elonis, who had previously been sentenced to a 44-month prison term after posting threatening messages on social media.

44 months for posting ugly comments.

What did he do? He posted very graphic lyrics about his wife, co-workers, a kindergarten class and law enforcement.  For this, he was fired from his job and spent three years in prison. 


He claimied he was acting as Eminem or The Whitest Kids U’Know, and he made references to his “art” and first amendment speech rights as well as using smiley faces to indicate some threats were “jokes”.

He also claimed these lyrics were therapuetic and never intended harm. That “never intended to harm” bit was the lynchpin of the Supreme Court’s ruling.

Now, his wife claimed she was terrified, and I’m certain she was. However, SCOTUS looked at it from the standpoint of intent

His violation was of a federal law which outlaws the transmission of “any communication containing any threat . . . to injure the person of another.”

However, the Supreme Court made a distinction, by saying:

The question is whether the statute also requires that the defendant be aware of the threatening nature of the communication, and—if not—whether the First Amendment requires such a showing.

In short, the Supreme Court found:

  • That the lower court’s instruction that only negligence was required with respect to a communication of a threat was not sufficient to support a conviction.
  • That the law does not indicate whether the defendant must intend the threat, and has no particular requirement as to mental state; and that scientier (a legal word meaning intent to do wrong) was not necessary to be present (citing, in part, a prior bank robbery caseL “In some cases, a general requirement that a defendant act knowingly is sufficient, but where such a requirement ‘would fail to protect the innocent actor,’ the statute ‘would need to be read to require . . . specific intent.’)

In other words, if one is stupid enough to say “I’m going to kill my neighbor” but not actually mean it, then it’s not necessarily a violation of the statute in question.

Which, I think, is good. In a completely social world, people routinely say stupid things, and to have some sort of thought police determine that a statement, said in anger, should then be subject to severe penalties, is in contradiction to the original intent of the first ammendment. 

Now, do I think Elonis is an idiot for doing what he did? Of course. But I’ll still defend his right to be an ass.


The Jobs Act — not so fast

The Jobs Act has done good things to jump-start funding.

Title II, already in place, has led to a dramatic increase in crowdfunding. However, only accredited investors (i.e. rich people) can invest.

Title IV (popularly known as Reg A+), set to take place in a couple of months, opens the field to non-accredited investors (i.e. everyone else). This is what people are talking about. (There is no Title III. While Title III significantly broadens the field for startups to raise capital, it is still not finalized.)

Among some breathless enthusiasm for Title IV are some facts that aren’t broadly understood by both investors and startups.

To explain, there are two levels to Title IV:

  • Tier 1 allows companies to raise up to $20 million.
  • Title 2 allows companies to raise up to $50 million.

Tier 1 companies do not need audited financials. However, they will still need to file their offerings in every state where the securities are offered. This could cost startups tens of thousands of dollars in legal and compliance fees (if you’ve ever been through this process, you’ll know it’s really not a big deal, but it just costs money for lawyers to file the paperwork).

Tier 2 companies don’t have to register with each state, but will have the requirement to have audited financials. Now, this is where it gets tough: audited financials for a startups are about as rare as a brass monkey’s bottom. And if they do get audited financials, it is quite expensive. (In a side story, two states have filed lawsuits against the SEC over the state exemption. They want some control over the process.)

For startups, this is tough, which means the primary beneficiaries will be companies that can actually afford these fees or have audited financials. And those companies, of course, may be just what the SEC wanted in the first place: to protect the grandmothers and orphans who may lose their money in these investments (putting aside the fact that there is actually a cap on how much a non-accredited person can invest anyway, no more than 10% of their income/net worth on a deal).

So, I don’t see the funding world changing overnight with this change, although I do think that we will see some impact.

However, another side of me can’t help but worry that we have opened a pandora’s box with all of these new investment vehicles. In fact, I’m actually glad that the SEC is being so cautious. They, like me, are quite concerned about creating a funding bubble. But that horse may have already left the proverbial barn door (pardon the mixing of metaphors).



Facebook’s move to animated gifs — what it means

Hey, you want to post an animated gif on Facebook?

Just post the url and *poof*, you’ll get your animated gif.

Animated cat viceo1231203909


However, for marketers, this is gold.

Animated gifs are easy, fast and effective ways to get a message across. People do love them (especially cats, Carlton, Will Farrel and Jonah Hill). They create an emotional response that’s hard to get with other mediums.  

And users share them, increasing the network effect of your advertising.

But they will make your Facebook page look like something similar to a Korean candy store.


With an increasingly mobile world, are web advertisers getting screwed?

There’s a troubling side effect of Google’s (and Bing’s) nearly total focus on mobile (when I say “mobile”, I mean both smartphone and tablet usage).

Search engine marketers are getting screwed, at least if they don’t want tablet or app traffic.

There are plenty of advertisers who don’t care for tablet traffic — or if there is going to be tablet (or app) traffic, they want to be able to shape it for a possibly different offering.

With Google, you can shape your Adwords spend by simply setting your mobile bid to -100%.  Poof! No more mobile ad spending.


But you can’t change tablets. And with tablets usage starting to really make a difference, that’s a challenge.

With Bing, one can reduce tablet spend by 20%. But not by 100%. They’re playing close to the same game that Google is.


App traffic is another problem. Some publishers don’t want app traffic, and as one SEM expert told me recently:

“The sneaky thing is this: in Google we routinely have to play whack-a-mole with new websites and apps they’re sending traffic from and exclude them. In one case Google lifted ~$1,000 from our wallets from app traffic, then out-and-out refused to issue a credit.”

There are already problems with SEM (fake clicks, etc.). But now, without the ability to completely fine-tune SEM spending, the impact is significant. When you’re a major Adwords buyer (I know of companies that routinely spend millions on Adwords per year), there’s a real impact to the bottom-line.

finance General markets

Dissecting the dissector: Mary Meeker’s presentation

Each year, Mary Meeker of KPCB does a data-overwhelming presentation on the state of the internets.  Her slides and slide volume are famous: this woman knows data (there are even attempts to make her slides better).

There are not many surprises in this year’s presentation, but there are important highlights that are valuable.

There’s a lot of money being made. Tell us something we didn’t know.
The presentation starts with a nice throwaway slide. It’s largely useless but a nice way for Kleiner Perkins to pat itself on the back and for Warren Buffet to feel silly.

(So the market cap of internet companies is massively bigger, because, well, the internet is massively bigger. Plus there’s this asset inflation thing going on.)


Okay, on to the meaty stuff…

If you haven’t figured it out, it is all about mobile.
Mobile, peeps! Just yesterday, I went to the website of a well-known technology company, only to find that the website was unusable on mobile (clearly, they ignored me).

But this is all not about creating mobile websites. It’s about mobile as the fundamental paradigm. The desktop is a “who cares” proposition. If this isn’t clear to everyone within hailing distance, I don’t know what else to say.

So, we start off with the obligatory OMG THERE ARE SO MANY MOBILE USERS!!112!!



But this is interesting:

Thisisinteresting 1231231238

In other words, the daily usage of digital media on mobile is now the majority of the time spent during the day. Kind of obvious, but it’s still yet another wake-up call.

But don’t worry, there’s still plenty of greenfield:



ARPU (not a typo)
Then, she talks about advertising, but in the context of Average Revenue Per User (ARPU), it’s up but the growth rate is slowing.

It’s still incredible, but…

Here’s the impossible-to-understand chart by Mary Meeker:


But someone (namely, me) puts the data into a spreadsheet and then it’s clearer what’s happening.


Okay, that looks sweet.

But now let’s graph the growth of Facebook:

Facebook average growth 19238

And Twitter:

Twitteraverage user growth 12988

Yeah.  The growth is slowing. Ugh.

Desktop advertising. A big fat “meh”.
Oh, and just in case you didn’t get the memo, desktop advertising isn’t where the party is.

Desktop yoy


TV is so… not
Now, again on that whole mobile thing, take a look at mobile screen viewing.

It’s beating TV.

Tv viewing 123008123


(And she also basically says not to even bother with horizontal videos for ads, stick to vertical.)

Enterprise software is dead. Long live enterprise software.
There are quite a few slides spent on something that I really consider important.

Enterprise software as we have known it is dying.

Instead, we have innovative and (often) amazing tools by companies like Slack (reducing email traffic materially), payment gateways (Square and Stripe), business intelligence (Domo, my personal man crush on an enterprise software company), secure documents (Docusign), customer messaging (Intercom), customer service (Directly), HR (Zenefits), spreadsheets (Anaplan), recruiting (Greenhouse), and much more.

The future 12980801823123


This is important and what I’m spending a lot of my time right now working on — the complete revolution in enterprise software, from stuff that was disintegrated and required proactive action on the part of the user, to products that are integrated and are themselves proactive (domo is a perfect example). Some of these solutions are truly awesome, and I mean that.

Big data was the first big breakthrough, but there’s a lot more behind the story. It brings the vision of software as a unifying activity, not what it has been in the past — by any stretch of the imagination.

Do I sound breathless? Yup, guilty.

So onward, soldiers, let’s look at some more slides and have a bit of fun.

Messaging is huge.
Okay, messaging is big. I mean — really big. Messaging apps are top in global usage and sessions. No surprise, since human beings spend a vast amount of their time communicating (even if it is cat videos and other crap).



Will mobile be the central communication hub? Of course. It’s already happening. And that’s really important to understand if you are into that space. Or any similar space, for that matter.

Power to the peeps.
Now, along the way, some people may have forgotten about the most critical aspect to this whole community thing: the actual user.

And the user is now the curator and creator of content. It’s really massive.

Look at this data: Power to the people, indeed.

Apowertothepeople 129381823

And listen to the kids. They are leading the pack:



Cybersecurity wake-up call.
Then we move into my wheelhouse, security, where there are no surprises. But certainly some clarity. Again, mobile, BYOD, these are real issues.

A security 1293818123


A security 18833


The global stuff.
So then we get to a touchy subject, the global economy. If you’re pro-China, now is the time to pay attention. And if you’re pro-America, now is the time to really pay attention.

Usa loving 12888123


Now the good news: Americans will have more time to spend on cat videos on their smart phones.
And with US population growth outpacing job growth, more and more people are on the dole. There is probably a bit of bread and circus going on, but one cannot discount what has happened to the US.

The dole18881233


Immigration is slightly up. And that’s good, not bad.
Immigration is up. I think this is very positive, as immigrants, despite some who scream otherwise, infuse our economy and culture with freshness and vitality.

(Wait, you think that with downward job growth, this is a problem? Actually, no. Immigrants boost economies.)

Immigrants 128388123


Life still sucks for wedding planners.
And another reason we need immigration: We are going to need fresh citizens, because a) Americans don’t marry much anymore and b) the average household size has plummeted.

Marriage and household


Pay attention to the millennials. They are the biggest portion of our workforce now.
And now, with millennials being the biggest percentage in the workforce, expect the workplace to change.

Because they have different needs and wants than other types of employees:

Millenials 12888123

Keep a spare lance around.
And freelancers (yay fiverr) are 34% of the workforce. Yup.

And that’s good news, because the economy is not going to help them.


Freelancers 1888123


Elance, Airbnb, Etsy, Thumbtack, Uber, Fiverr, etc. are all a big help to freelancers.

China is doing the Estonia thing.
Okay, in China you can use WeChat to interact with the government.

Hey — I want that here.

China wechart 999123

There’s more on China and India starting on page 150 and the rest is other useful information, particularly on UI design.

So that’s my color commentary for now. You can see the whole report, here.



Top 10 Corporate email etiquette rules

Many years ago, I held a talk at one of my companies about email etiquette. We certainly had a problem.

But by putting in place some simple rules, it really made a difference in our internal culture.

More importantly, realize that your email is a broadcast of who you are. A well-written email really is noticed by the people who matter — those who will promote you, work with you, help you. Sloppy, crappy emails are very annoying.

Email is the prime communication medium for an organization. So I thought I’d share some lessons I’ve learned over the years.  Probably none of this is new to you, but you might find a reinforcement of your own viewpoint in this list.

1. Never vent or show anger in an email. It’s so tempting to write a blistering email that gives you the last word. But it’s incredibly toxic and unproductive (and I know, because I’ve done it!). Instead, cool off and talk to the person directly.

If you’re a manager and you are cc’d on an email with this kind of behavior, kill the thread immediately. Direct communication is the only way to resolve upsets.Email1999129399991111

2. Don’t ever say anything in an email that you wouldn’t like to see on the front cover of the New York Times. Privacy is an illusion and nothing is private anymore. I don’t even need to use examples of recent embarrassments. They are a dime a dozen.
(Peter Chung’s incredibly embarrassing leak that lost him his job.)

3. Always reply to an email within 24 hours. Ideally, sooner.

There is nothing more frustrating that sending an email, only to get zero response. When it spreads as a habit by many employees, it hurts corporate culture, something I’ve seen first hand.

If you can’t reply immediately with an answer, write something to the effect that “I’ve read this, and I’ll get back to you a bit later on this.”

Organizations rely on rapid communication, and those who ignore emails are actually hurting their own company.

It’s common to think that someone who doesn’t answer your email is ignoring you, lazy, not doing their job, or a whole host of other “reasons” for not replying, when all that might be happening is that the recipient is traveling and hasn’t gotten to their inbox. But you still have to try to reply in 24 hours. It is important.

4. Don’t use fancy formatting. Stay away from colors. Stay away from different types of fonts. No pictures of unicorns, rainbows, puppies or any other such happiness. Keep it very, very clean.

Keep your signature simple. No pictures of your kids, flowers, huge and unnecessary graphics and other clutter.

Also remember that graphics often just become attachments (and too many attachments can make a spam filter suspicious), so use them carefully – if at all. (Of course, your LinkedIn information and typical business contact info is totally fine and expected.)

And don’t use patterned or colored backgrounds.


5. Grammar: Write normal, full sentences. Don’t use “ain’t”, “gonna”, and other non-standard English words.

Be careful with emoticons — use them sparingly, if at all (and only if you have familiarity with the person). I saw an email once that had something like 10 emoticons in one paragraph. It looked, well, ridiculous.

Just because it’s an email does not mean it’s a free-for-all in casualness. The basic version of Grammarly is free. Or get my book. Or just be more careful.Email2

6. Don’t write all lower case or all upper case. Write normally. Writing all in lower case means you have aspirations to be the next e.e.cummings or that you’re old or uneducated or can’t use a keyboard. And, of course, UPPER CASE MEANS YOU’RE YELLING (or old, or uneducated, or just can’t use a keyboard).

7. Punctuation: Don’t overuse exclamation marks (!!!!) or question marks (???). Separate your paragraphs. Don’t place a space between the end of your sentence and the period (surprisingly common).
Don’t overuse ellipses (ellipses show that some text has been removed). And if you do use them, remember that ellipses are always three periods…
Email 5

8. Don’t overuse CCs and don’t abuse Reply All.

Be considerate.

I had to really drill this into my employees at one company. “You don’t have to worry about covering your ass and including me on a million emails. Think of who you’re including — it should only be the people who vitally need to know about what you’re sending.”

And the Reply All — don’t get me started. However, one thing that is important is to Reply to those who need to be on the thread. You can reply to the recipient and another person(s) who need to be on the mail, noting that you’ve removed the others.  If it’s important, you can also Reply All to the group, saying you’re taking the issue off-line with a few people, so that they know the situation is under control. Just don’t abuse Reply Alls.

Also, be very careful of Blind CCs. I’ve seen this bite people in the (you know what). They Blind CC me, I reply and then everyone knows there’s a Blind cc. Use it carefully, if at all.

9. Be considerate of the recipient’s device. Not everyone reads on a desktop. Realize that your beautiful HTML email, with your italics and boldface text, may just become plaintext. Or that the big attachment you’re sending might not be viewable on someone’s mobile device.

10. Write to be understood. Don’t use a lot of scientific jargon or big words that the recipient(s) won’t absolutely understand. Write at the level of a 15–year old.

In general, good writing (whether in email or in life) is:

  • Pure
  • Clear
  • Precise

Pure means that the writing is in just correct English, without anything else added. Pure writing doesn’t include:

  • foreign language words
  • unnecessary technical words
  • old, unused words
  • slang

Clear means writing that uses normal, simple words, and does everything possible to avoid confusion. Words are not used that might be misunderstood to mean something else. Clear writing also does not show off, or use complicated terms that no one understands.

Precise means writing that intends to have the reader completely understand what is being communicated with as few words as possible. Precise writing has the goal of getting something immediately understood by the reader. It is writing that doesn’t use long, boring sentences. It doesn’t overuse words. However, it is not too short to be baffling.

The folks over at EmailTray have some more pointers.

What do you think? Are there any other items that should be on this list?