A ‘Cambrian Explosion’ needs more than just sheer numbers – it needs tremendous diversity and variety.  While there are certainly signs of diversification,  the more remarkable aspect of today’s environment seems to have more to do with how many startups there are and not how many different startups there are.  

From The Cambrian Explosion of Startups

The sheer number of new startups forming and getting funded these days is dizzying. It’s never been easier to start a company to harness new technologies and turn them into products. Traditional venture capital may not even be able to keep up with it. We are at the beginnings of what may very well become a Cambrian Explosion of startups, which will have implications well beyond the technology industry to the entire economy.


Tuned into a cyber security discussion today with Richard Clarke who shared insights into what he calls the CHEW (Crime Hacktivisim Espionage and War) of cyber security. The talk was hosted by Veracode where Mr. Clarke is a recent addition to their Board. Some highlights below:

 Increasingly offensive nature of cyberwar

  • 20-30 nations have created offensive cyberwar units
  • U.S. Cyber Command and Pentagon developing offensive tools and DARPA spending money on researching advanced offensive tools.
  • Stuxnet was the first cyber weapon to gain attention.
  • Every(!!) (his emphasis) major company and government agency has been penetrated.

Regulatory activity

  • Regulatory agencies have acted:  HIPAA now has teeth.  FERC is starting to hand out violations and fining T&D companies for non-compliance.
  • SEC has guided that breaches beyond those involving PII be disclosed. Companies would be required to report when they suffer a breach that could have a material impact on their business. He gave the example of a chemical company who has its secret formula to its newest compound stolen. This goes beyond notification for when PII is stolen, which is current standard. (While increased scrutiny from the investment community would help drive compliance, a policy that requires companies to judge the severity of a breach has many unintended consequences. Niloo Howe of Paladin Capital addresses this issue nicely here. In short, disclose breaches not risks, create safe harbors and define standards.)

What can be done to secure SMBs

  • Triptych of firewalls, encryption and anti-virus are necessary by not sufficient.
  • Institutionalize requirements for 3rd party software verification by embedding them in the RFP process.  Some of the biggest offenders are remote debugging interfaces that are used during development but are sometimes not removed before the product ships. Apparently this was the case with the water plant in Illinois. You never what is in the software till you get it and rigorously vet it.
  • Use multiple automated tested techniques to conduct independent assessments.
  • Include more stakeholders. Some CIOs don’t care about security.  They’re really focused on uptime and availability. But more stakeholders can be brought into the process. Legal council, board-level audit committees and CSOs of the gates, guns and guards variety all have vested interested in securing the cyber assets of a company.
  • Go to the cloud. Many SMBs don’t have the resources to protect themselves, but they can and should be demanding more in the way of security from their cloud providers.  

Security of outsourced software

  • He doesn’t believe the built-in bias that outsourced software is any less secure than that developed domestically.  Doesn’t think the origin of software makes a difference in the treat level. Domestic developers can be bribed, self-motivated or negligent. Only real protection is software validation and inspection.
  • Supported late Bush administrations push into addressing supply chain concerns. Current supply chains relient on commercial and off-the-shelf software and could riddled with vulnerabilities. 

    Rules for visiting China?

    • Go with clean devices. And when you come back, give them away.  He has no doubt that the devices of western visitors to China are being targeted and penetrated.  

    Immersive definitely got my attention and was one of my favorites from the TechStars NYC demo day last spring. 


    Face Recognition Makes the Leap From Sci-Fi

    SceneTap, a new app for smart phones, uses cameras with facial detection software to scout bar scenes. Without identifying specific bar patrons, it posts information like the average age of a crowd and the ratio of men to women, helping bar-hoppers decide where to go. More than 50 bars in Chicago participate.

    Full Story: New York Times

    Someone needs to declare war on latency.  Latency of all kinds, not just network delays but app switching, page rendering, UI element activation, etc. Both Fire and iPad2 have 1GHz dual-core processors and ample RAM.  They should be able to achieve a much higher level of responsiveness.  I had high hopes for Silk and thought a browser with optimized server-side elements could lead to a lightening fast user experience.  Such a shame to match advanced network-side tech with crummy device/software performance.  Defeats the purpose. 


    “Most problematic, though, the Fire does not have anything like the polish or speed of an iPad. You feel that $200 price tag with every swipe of your finger. Animations are sluggish and jerky — even the page turns that you’d think would be the pride of the Kindle team. Taps sometimes don’t register. There are no progress or “wait” indicators, so you frequently don’t know if the machine has even registered your touch commands. The momentum of the animations hasn’t been calculated right, so the whole thing feels ornery”

    The Fire Aside, Amazon’s Lower-Priced Kindles Also Shine – NYTimes.com

    fuck. bummer.