Monday, June 09, 2014

Dinosaurs in Space!

PCs and smartphones have pushed mainframes to the brink of extinction on Earth, and yet mainframes still thrive in space.

Most every satellite in orbit is a floating dinosaur - a bloated, one-off, expensive, often militarized, monolithic relic of the mainframe era. The opportunity for entrepreneurs today is to launch modern computer networks into space, disrupting our aging infrastructure with an Internet of microsats. 

Credit DeviantArt.com
So why has it taken so long for modern computing to reach space? Gravity. It’s hard to launch things. Governments have the money and patience to do it, as do large cable and telecom corporations. These players are slow to innovate, and large satellites have met their basic needs around science, defense, and communications, albeit at very high costs.

That’s changing:  several IT trends have come together to herald the extinction of these orbiting pterodactyls:
  • Moore’s law has reached the point where a single rocket launch can be amortized across dozens of tiny satellites, and the replacement cost is so low that we needn’t burden our missions with triple redundancies and a decade of testing
  • Global computing clouds make it easy to deploy ground stations; and
  • Advances in Big Data enable us to process the torrential flows of information we get from distributed networks

These trends have reduced the cost of a single aerospace mission from a billion dollars down to a hundred million just as the early-stage VC community amassed enough capital to undertake projects of this scope. And now that a handful of venture-backed startups like SpaceX and Skybox are demonstrating success, the number of aerospace business plans circulating through Sand Hill Road has climbed faster than a Falcon 9.

With each successful startup, progress accelerates and synergies emerge. As SpaceX makes launches cheaper, it opens the frontier to more entrepreneurs. Pioneers like Skybox and Planet Labs have to build end-to-end solutions for their markets, including everything from satellite buses to big data search algorithms; but there will soon evolve an ecosystem of vendors who specialize in launch mechanisms, cubesats, sensors, inter-sat communications, analytics, and software applications.

So who are the customers for a space-based Internet? At first, aerospace startups will disrupt two large markets:

·       Scientific exploration of space.  In the past, costly scientific missions such as Apollo ($355 million in 1966), ISS ($3 billion/year), Hubble ($10 billion), and Cassini ($3.3 billion) were designed and built by government agencies. Expect startups to disrupt this market with innovations in rocketry, robotics, optics, cloud computing, space suits, renewable energy, and more.

·       Communications. Government defense agencies spend considerable sums on communications to serve their space-based weapon systems and intelligence bureaus. Media and cable companies also commission satellites to serve their consumers. Microsat networks of radios will supply these customers more cheaply and reliably.

While spatial avionics improve with Moore’s Law, certainly some payloads, like telescopes and robots, cannot be miniaturized beyond the constraints of physics. But even these missions will benefit from the cheap, rapid testing available on a nanosatellite.  Just as programmers today can build entire software companies using a free A.W.S. account and the open source LAMP stack, space-faring entrepreneurs can now explore myriads of new business models by launching $1,000 cubesats out of ISS.


In addition to disrupting existing markets, microsat networks in space will enable a new and important capability:  Planetary Awareness. When we surround our planet with sensors across the frequency spectrum, we will have access to data that opens up new markets. Today, we have sensors across our landmasses, but adding sensors in space, the ocean, and the atmosphere will illuminate both natural phenomena and human logistics. 

Planetary Awareness will enable many capabilities of high social value:

o   Aviation and maritime safety: The need for tracking and communicating with aircraft and ships is in the public eye today following the loss of flight MH370.

o   Nature surveillance: Predict and monitor weather, global warming, natural disasters, and the risk of meteor damage (as pioneered by the B612 Foundation).

o   Global journalism: Expose protests, genocides, and other state-censored events.

Planetary Awareness will also open new markets of high economic value, which are much more likely to drive the success of aerospace startups:

o   Finding natural resources: Minerals and fuel sources abound upon the ocean floor (as discovered by Liquid Robotics’ fleet of WaveGliders) and near-Earth asteroids (as Planetary Resources promises to find using cheap microsats).

o   Financial services: Tracking human activity and commerce (e.g. the proverbial counting of cars in parking lots) yields valuable data to merchants, logistics providers and investors.

o   Military and geopolitical intelligence: Governments already purchase imagery for this use, but visibility will greatly expand from more frequent flyovers, video, radio surveillance, and automated analytics.

Geospatial imaging attracts many startups because it is already a robust and underserved market, but the opportunity to enable planetary awareness is much broader.  Dan Berkenstock didn’t start Skybox Imaging just to sell images and video: he had a more profound vision for the impact that startups can have on the aerospace industry.  His mission attracted co-founders from Stanford and NASA, his CEO Tom Ingersoll from Universal Space, aerospace legends like Joe Rothenberg who led the Hubble repair as well as other star engineers and investors. And now Skybox is proving that they, along with SpaceX and other nimble startups, will displace dinosaurs in space with data services driven by constellations of smart microsats. 

Wednesday, April 23, 2014

The Admins in BVP's Companies Are No Longer "Unsung" Heroes

With sincere appreciation for the thankless job executed day in and out by the admins at BVP and our portfolio companies, I spent today with a barbershop quartet making our way from San Jose to San Francisco serenading these heroes of Silicon Valley. The final stop, captured below, was at Smule to recognize office manager Erika San Miguel.

Wednesday, April 09, 2014

Jukebox Saturday Night! (and Saturday afternoon)

If you like a cappella singing, come hear Voices in Harmony along with Stanford's Mendicants and other groups who will join us this Saturday in Santa Clara at 2PM and 7:30pm.  It's shaping up to be a great show.  Tickets



Monday, March 31, 2014

How to Land a Job at a Hot Startup

Congrats to Zhen, who joins Smule today, after submitting the resume below. Zhen used Smule's Sing! app to compile his resume from 7 original tracks of vocals, violin and guitar.

Wednesday, February 26, 2014

Cyber Soothsaying: Where There's a Way, There's a Will

This week, the RSA Conference draws its annual pilgrimage of data security professionals seeking insights on market and technology trends. As a seed-stage security investor in this industry, it has been my job to predict the future of cybersecurity, and so now’s a good time to share two important rules that have served me well:


(i)                Follow the Money: what’s the most lucrative opportunity emerging for hackers today? Identify the hacker’s next big opportunity, and you know who will need to respond! This rule, for example, steered me toward spam in 2002 (Postini), online banking theft in 2004 (Cyota), geopolitical warfare in 2009 (Endgame) and DDoS attacks in 2013 (Defense.Net).

(ii)              Where There’s A Way There’s A Will. Physicists know that if a natural phenomenon can exist, then most likely it does.  The cyber corollary is that vulnerabilities in the wild WILL be exploited – it’s only a matter of time.  Poisoning the DNS, using the cloud to factor large numbers, and streaming smartphone microphones were all considered theoretical attacks, until they weren’t. Whenever we dismiss vulnerabilities as too difficult to exploit, hackers eventually humble us with their ingenuity.


Just this week we saw two important examples of this rule in action. The first is Apple’s confirmation of a glaring deficiency in their implementation of SSL that means we’ve been kidding ourselves about how secure the Mac and iPhone really are. The software engineers at Apple are mortal, and just as prone to the inevitable security lapses that plague any complex system.

The second example is a blog post by RSA about new malware on Android phones that coordinate with web based attacks to hijack banking sessions. I have been expecting this “innovation” since 2005, when I predicted that banks, plagued by the security shortcomings of passwords and biometrics, would adopt and embrace out-of-band authentication for any risky transaction:

That's why solutions in the future will move away from 2-factor authentication and toward 2-channel authentication. Since your bank knows your phone numbers, a bank computer can simply call you when it needs to confirm your identity, and authorize the specific transaction ("This is Wells Fargo--please enter the code on your screen to authorize the transfer of $50,000 from your account to the account of the Boys and Girls Club of Belfast"). This is a very inexpensive and fast solution to deploy, and requires much less customer training. Not to mention that it's secure (at least for many years, until hackers can easily identify and commandeer affiliated phone lines).

This prediction turned out well: 2-channel authentication has since become standard procedure for banks, application developers and consumers, thanks largely to three investments I made back then:

1.      If you’re a bank…
Cyota (acq. by RSA) is the market leader in assessing your transactions for risk so they can be escalated for authentication;

2.      If you’re a developer…
Twilio is the market leader in enabling apps to launch phone calls or SMS messages for out-of-band authentication (this may be Twilio’s single largest use case); and

3.      If you’re an individual…
Lifelock leads the Identity Theft market, by contacting you through multiple channels when they spot a risky transaction involving your Personally Identifiable Information.

However, as I parenthetically noted in 2005, it’s theoretically possible to “commandeer affiliated phone lines” in order to defeat 2-channel authentication. This seemed like a pretty far-fetched idea 8 years ago, but sure enough where there’s a way there’s a will, and bank accounts are where the money is! So I wasn’t too surprised to hear from RSA that hackers now intercept your SMS messages and phone calls in order to defeat the banks’ security mechanism.

It is natural that hackers focused on this attack vector because so few IT people understand the perils of mobile malware. Enterprises are busy deploying MDM and app-wrapping products, but they ignore the rampant spread of malware that  renders those solutions useless. If I root your phone and ship home screenshots every minute that you run SalesForce, what good are the MDM and MAM products? (Lucky for Airwatch, they sold out before customers caught on to this.)

This is why I funded Mojave Networks – the only company specifically building a cloud-based smartphone security service, which filters out mobile malware during both download and execution, as well as providing URL filtering, data leak prevention, and enterprise cloud app visibility.

At the time I invested, many people warned me that mobile malware is simply not a big concern. But see Rules 1 and 2 above! Smartphones house our most precious secrets, and there are so many easy ways into them. I’m predicting that enterprises and governments will quickly understand this, and scramble to secure their employees’ phones just as they do their (larger) computers.


If you want to join me in predicting the future of cyberspace, look for the money chasing hackers, and pay more heed this week at RSA to the warnings of security gurus, since no vulnerability is too hard to exploit. Where there’s a way, there’s a will.


Thursday, January 09, 2014

Bessemer's New Office in Minecraft

As BVP expands its global footprint, today our firm announced the opening of an office in an important new geography: Minecraft. With 35 million broadband-connected residents, growing at 100% per year, Minecraft has become a hotbed of innovation.

You can get to Bessemer's new office by pointing your Minecraft client to mc.bvp.com. Or, thanks to the recent integration of Twitch.TV into Minecraft, you can tour the office through this video below. (The thumbnail shows SkySat-1, the first geo-imaging sat launched by Skybox, currently imaging Bessemer's new office.) The video tour was shared on Twitch by my sons Avery and Eliot, who built the new office for BVP, on time and on budget!


Entrepreneurs with new ways to farm pigs, fabricate redstone circuitry, or defend against creepers can submit their business plans into a /kit in the office lobby. We even have office hours Wednesdays at 10am pacific. See you there!


Tuesday, November 05, 2013

The Internet's Neighborhood Watch



The Neighborhood Watch dates back to July 1, 1700 in Colonial Philadelphia with the passage of the Safe Streets bill. With no police department yet established, citizens took turns as the appointed watchmen to "go round ye town with a small bell in ye night time, to give notice of ye time of night and the weather, and anie disorders or danger."

In many ways, cyberspace today feels like Colonial Philadelphia - fraught with "disorders and dangers" and no police force capable of apprehending the offenders. No wonder then that last February President Obama signed an executive order calling on Americans in the public and private sector to establish the equivalent of a cyber Neighborhood Watch.
"It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing..."
But sharing cyber threat data is shockingly rare, despite the fact that for the last two decades, hackers have steadily organized a vibrant industry around the tools and services needed to launch cyber attacks --credit card credentials, script kiddies, zero day vulnerabilities, bot armies, and other staples of cyberwarfare are sold through web sites and channels similar to those associated with legitimate IT purchases. And yet up until 12 months ago, when a wave of cyber attacks against US banks, government agencies and media sites exposed our economy's soft underbelly, no enterprise would ever voluntarily discuss its security infrastructure, let alone acknowledge a breach or even an attack, lest they worry their constituents.

But in those 4 months from October 2012 to February 2013, everything changed. A steady drumbeat of DDoS attacks rendered our banks offline and, for the first time, account holders have demanded their banks openly address the problem. In a novel gesture of transparency and collaboration, Bank of America actually asked the Feds for help.

The US has responded by organizing industry and government to start collaborating, so that cyber attackers, as they are detected, cannot simply jump from target to target. Twenty nine federal agencies today share real-time threat data stemming from cyber incidents through an exchange integrated with all the heterogeneous security infrastructure across those agencies. Suspect IP addresses, bad app signatures, malicious domain names, fraudulent host names, and other types of black lists are now updated in real time to broadly deflect attacks as they are discovered.

Furthermore, this federal "ActiveTrust Exchange" has now been opened up to large commercial enterprises, including financial institutions (like BVP) and some mega Silicon Valley tech companies. The President's vision of a national Neighborhood Watch is now a reality.

Paul Ferguson, VP Threat Intel
The company that developed and operates ActiveTrust is Internet Identity ("IID"), a somewhat obscure company in Tacoma, Washington with deep security DNA. IID is pioneering the idea that security technology should be decoupled from security data - that you can't rely on your vendor of security hardware and software to also provide you with all the intelligence you need to filter bad traffic. Your security gear is only as good as the blacklists they enforce; without up-to-date cyber intel, you can't repel the motivated and highly targeted cyber attack.

IID now sells various services and intelligence feeds, but the primary product is membership in the ActiveTrust exchange. ActiveTrust includes highly sophisticated governance modules to anonymize and regulate what you share (to satisfy the lawyers) and what you ingest (to weed out the George Zimmermans from your Neighborhood Watch).

Based on the success of these recurring revenue services, IID has profitably bootstrapped. But the government's collaboration initiative is so important to the viability of the internet that I'm proud to report that I've reached out to IID and Bessemer has just led their first round of venture capital. The Company is now very well funded to invite many more members to join ActiveTrust, starting with critical infrastructure.

I invite you to contact sales-AT-internetidentity.com to apply for membership in ActiveTrust. Let's work together to "to give notice of ye time of night and the weather, and anie disorders or danger."







Wednesday, October 09, 2013

Richard Dawkins and Atheist A Cappella

Richard Dawkins is a frequent visitor to the Bay Area, often stopping at Kepler's to sign books, or speaking at schools (today he taught evolutionary theory to the students at Nueva). In 2009, while he was here for a book tour for Greatest Show on Earth, I hosted a fundraiser for his foundation, for which I organized the first ever atheist a cappella group from among singers I know who tire of crooning about saviors and magical births. Having read Dawkins' book Climbing Mount Improbable, we called ourselves Hereby Chants.

Photo credit: Steve Jurvetson
Well this Sunday the Hereby Chants had the honor of delivering an encore performance for Richard at a private lunch for his foundation's supporters, and here it is...