
16 Things - dannynemer
http://a16z.com/2015/01/22/16-things/
======
tptacek
Their "Security" section is a bit naive. The questions it poses go all the way
back to the 1990s. If the Jericho Forum had started a VC fund, this page would
be their investment thesis. The 2000s saw a wave of companies try to
capitalize on "deperimiterization", some with huge capex requirements (one NAC
startup had designed and contract fabbed their own MIPS core). They all
flopped.

Maybe it's true that firewalls are less effective in 2015 than they were in
1998. The problem is: customers don't buy on effectiveness, they buy on cost-
benefit. Firewall effectiveness can drop by 90% and they will still have a
better cost-benefit than the alternatives. There's a reason for that:
firewalls are the most straightforward network implementation of Saltzer &
Schroeder's principles, and those principles are probably Right. Everywhere.
In code. On the network. In identity and access management.

Why is 2015 different? "The cloud"? If "the cloud" is what's changed, _that_
should be the thesis: we need security solutions for the cloud. Unfortunately,
that is also a tired thesis.

Similarly: the shift from prevention to recovery seems like a manifestation of
the narrative bias. Sure, there are lots of newsworthy cleanups, and one very
successful consulting- to- product- to- consulting pivot company in that
space. But customers don't derive the same value from recovery as from
prevention. The dirty secret of "recovery" work --- forensics, attribution, &c
--- is that it's driven largely by legal compliance concerns, and probably
doesn't have a great intrinsic ROI.

Maybe there's an opportunity for a "full stack" vertically integrated insurer
informed by a compliance and forensics practice.

There are markets that seem to work the way VCs want security to work. For
instance, mobile happens, and all the sudden you can build and 10+x a company
that just does for mobile apps what Google Analytics does for web pages.
Security just doesn't get valued by customers that way.

Also: "if you fight fire with fire, you're just going to get burned"... what
does that even mean? P(burn|fighting-with-fire) ≥ P(burn|fighting-without-
fire).

~~~
larrys
What bothers me are things like this which appear to be marketing messages
aimed at CYA types or to simply lather up grandpa and the media:

"The threat of people getting into our systems today is so great that every
company in the world has to embrace the notion that not only are they going to
get hacked, there’s a good chance hackers are already inside … and they just
don’t know it."

...and this:

"This set of companies comprise a very interesting category because
everybody’s going to get hacked, so now it’s just a question of how quickly we
respond when we see odd stuff going on within the company."

Specifically "everybody" and "every company". [1]

The idea that "everybody" is going to get "hacked" reminds me of the early
days of the internet when newspapers were confused by what a "hit" to a
website was. Not only would they print whatever you told them but they didn't
recognize that serving up a graphic file which created a log entry wasn't
significant in the way they thought it was. So we can just change the
definition of "company" to suit our purpose and goal.

The fact is not even close to "everybody" is going to get hacked at least in a
way that actually matters. Correct me if I am wrong (you would know the answer
to this better) but are there even enough bodies to take advantage of all the
targets assuming they had the skills and motivation to break into the targets
and do something with the information?

[1] Is this the Valley's idea of saying that they can define things in a way
that suits their purpose in other words only what they think is a company is a
company?

~~~
crdb
Well, customer data isn't stolen by actual hacking, in my experience it's
humans.

So many companies, particularly younger ones, have zero interest in putting up
barriers to access as the company grows because in the early days, everybody
was trustworthy and "because bureaucracy bad". So all the customer emails,
phones, addresses, birth dates (and, I'm guessing, in the US SSNs) routinely
fly around in Excel files called something like "Order Metadata Report" and
sent to 50 people in 5 departments each of whom has their own use for it (like
counting customers). Judging by the Sony hack it's not just SMEs.

If you want to steal data from a company, just pay a student a few hundred
bucks to take up an unpaid internship in marketing (particularly anything to
do with emails or customer segmentation) and give him a USB key and teach him
some VBA and basic SQL (making him useful for reporting). The interns always
end up running the reports so have a lot of access, usually complete access -
financial information is the only thing that's not shared around. More
advanced companies have a shared database access built into the excel files
with a single login for everybody which never changes (hello 300 angry users)
so with a copy of this file, you have perpetual up to date information long
after you're gone.

Then you try to stop them from doing this and the C-level folks will say
something like "it's OK just this time" and "please stop slowing us down".
Most of them will be gone to the next thing by the time the black swan lawsuit
hits - if there even is one. How would customers know? Why would they care?

Cf [http://xkcd.com/538/](http://xkcd.com/538/) and
[http://www.commitstrip.com/en/2014/10/28/security-
checklist/](http://www.commitstrip.com/en/2014/10/28/security-checklist/)

~~~
aragot
So genuine question: How should one manage their marketing intern so data
doesn't leak?

~~~
crdb
Well, the simple answer is don't have marketing interns. Really, you should
not have people in the company manually doing work that could be automated in
minutes - I've even seen people manually do joins (yes, two Excel sheets open,
look up one product manually on the right, copy the value over on the left,
next product, next, next...). It's bewildering that tech companies who should
know better and who have people who know better still insist that there be
people who day in, day out, 6 hours a day, process files by hand.

Next best thing is to sanitize your data; hash any personal information like
emails or phones, take a day or two to build a rudimentary BI database that
has sanitized information on it before giving people access, use work emails
to manage access to everything and log it (my team built
[https://github.com/zalora/sproxy](https://github.com/zalora/sproxy) for this
purpose), silo access, teach people SQL, and so on.

But honestly, to most management teams security is dead last on the list of
priorities; it's just another tail risk that probably won't happen, if it
happens it doesn't matter that much, doesn't cost that much, and there are a
thousand other things on their mind like growing the company which are more
important ('compliance is for when we'll be profitable' or 'we're not a bank,
it's ok'). You can't do very much when working in such a company.

------
dxbydt
I think putting Big Data & ML in one Bucket is a Big Mistake, pun intended.
From where I am (DS at a sv startup), I see a few discrete Big Buckets -

1\. Offline Big Data - This is mostly the ETL crowd - Scalding, Cascading,
Spark & associated novel startups, who provide technology to run Map Reduce
jobs on TBs & PBs of data. This isn't going away anytime soon. Investment
Banks & enterprise, financial institutions are the big customers with risk
analysis( Var, CVar) & large scale monte-carlo scenarios on diverse financial
instruments being commonplace.

2\. Online Big Data - Storm, Summingbird & friends - continually ingesting
high volume realtime data streams to provide realtime insights, which can be
substantiated by #1 later, as and when those jobs run. For eg. say you ingest
tweets realtime via a Storm pipeline & give me a running time series of how
many tweets were from which city. Meanwhile, you squirrel away these tweets in
hdfs so the offline MR job runs later & gives you exact counts.

3\. Small-data ML - The result of #1 is typically a dataset of modest size (
few MB - few GB ) that can be ingested into your favorite ML solution ( too
numerous to mention) for predictive analysis & BI purposes.

4\. Soft "AI" \- Using #2 + #3 in intelligent ad serving, traffic routing,
realtime pricing to match inventory ( eg. there are several hotels in Las
Vegas who reprice rooms based on number of passengers from commercial flights
arriving into Vegas, local weather (sunny,rainy etc.), industry convention
dates & such - all the ML + AI done out of a tiny office in SF), electricity
regulation
([https://news.ycombinator.com/item?id=8280315](https://news.ycombinator.com/item?id=8280315))
etc.

5\. AI without the quotes - tiny startups using rnn's to predict time series,
using cnn's for image captioning & other really nifty AI applications not
currently commercially exploitable at scale but definitely primed for acqui-
hire.

~~~
dsacco
I agree. I don't care so much about grouping different disciplines of big data
together, so much as putting it into the same category as machine learning.

The two definitely complement each other, but they are not the same.

------
fudged71
Considering how much is happening in the 3D printing space this year, I'm
surprised that it isn't on this list. It is an enabler of IoT and
Crowdfunding, drones, and even the "Sensorification of the Enterprise".

Cdixon even retweeted this recently: "Holograms are like print preview for 3D
printing."

Also where is Drones on this list?

~~~
zo1
" _Also where is Drones on this list?_ "

I second that, that was the first missing item that popped into my head as I
scanned over it.

~~~
bdcs
Which is weird because A16Z invested in AirWare (and they, as all VCs, love to
talk to their book!)

------
actuary
It's probably not the section that most of you will be focusing on, but the
"Insurance" section seems to be written by someone who doesn't know the
industry. Insurers are absolutely already starting to monitor driving
habits[1] and offering discounts for home monitoring devices[2]. Large
property/casualty insurance companies are sophisticated competitors that don't
hesitate to invest in promising new technologies or techniques many years
before they pay dividends. The industry is anything but "stodgy".

The idea of a crowdsourced insurance company is not a good one (to put it
mildly). The expected returns of an insurer are _highly_ correlated with the
returns of the broader market[3], because a typical large insurance company
makes little to no money writing policies and generates most or all of its
income from investments[4]. But maybe he's thinking about crowdsourcing the
insurance risk itself, not the whole insurance company with its massive
portfolio of stocks and bonds (although that's not what he said). In that
case, you get an investment that yields X% a year until and unless the
underlying insurance contract is triggered, in which case you lose your
principal. These securities actually exist[5], but as you might imagine they
are not typically purchased by individuals.

I do think the insurance industry can be disrupted. It's harder for a startup
to gain traction because economies of scale work differently in insurance than
they do in other industries, but a Google or an Amazon could do some real
damage if they wanted to invest the resources to do so. There are a lot of
interesting problems to solve. But this article totally misses the point.

[1]
[http://www.progressive.com/auto/snapshot/](http://www.progressive.com/auto/snapshot/)
[2] [https://www.statefarm.com/insurance/home-and-
property/homeow...](https://www.statefarm.com/insurance/home-and-
property/homeowners/discounts/home-monitoring-offer) [3]
[http://pages.stern.nyu.edu/~adamodar/New_Home_Page/datafile/...](http://pages.stern.nyu.edu/~adamodar/New_Home_Page/datafile/totalbeta.html)
[4]
[https://static1.st8fm.com/en_US/content_pages/1/pdf/us/2013-...](https://static1.st8fm.com/en_US/content_pages/1/pdf/us/2013-annual-
report.pdf) [5]
[http://en.wikipedia.org/wiki/Catastrophe_bond](http://en.wikipedia.org/wiki/Catastrophe_bond)

~~~
dbfclark
I couldn't possibly agree more in general, though of course I'd quibble with
many of the specifics...

As to stodginess, I'd say there's a big difference between personal/small
commercial lines and the big ticket enterprise-type stuff -- the underwriting
process goes from something data-driven to something relationship-driven very
quickly indeed. The bigger the commercial line, the more likely it's all about
who throws the best yacht parties (reinsurance in particular suffers from this
massively).

Crowdsourced insurance is indeed a terrible idea, though you could imagine
'web of trust' insurance that almost made sense -- say my ten thousand best
friends and I know that we're all great actuarial risks, perhaps because we
have some kind of information on which it's illegal to select (that we're all
in the same gym, say). We could then try to write ourselves health insurance
for cheap, because our plan would select only us gym members. You can sort of
make it work, as long as you're prepared to make the regulators hate you.

Which is the real problem, of course -- most people buy insurance because they
have to, not because they want to. Auto insurance that wouldn't pass muster
with the police, or home insurance that wouldn't satisfy the bank holding your
mortgage, doesn't solve the problem.

Do good problems exist? Sure. A web-based Managing General Agency, for
instance, could do very well for itself, but the expressed ideas in this
section are pretty terrible.

------
jfernandez
In the 'Online Video' section he calls out podcasts as an emerging/trending
medium. I'd love to hear more about where people in HN community feel it's
moving. Of course there's the obvious Serial momentum, and as a passionate
consumer of podcasts I'd love to think through with you guys a little more
where we think it'll go.

For example a YouTube-like podcast portal seems like a potential option (i.e.
moving away from the need for dedicated apps/clients for a more _mainstream_
audience), but I'm sure this isn't a novel idea.

~~~
pbreit
The subscription/download orientation of podcasting is so ridiculous. With
music and video you just find what you want and consume. I don't want to
subscribe and I don't want to download!

~~~
k-mcgrady
Subscriptions make sense with Podcasts. It's kind of like a season pass for a
TV show on iTunes. They tend to be something you follow and want each episode
of rather than something you listen to once. I think this is mainly because
finding something you like is difficult (good content, good hosts, good
length, good production values) so you stick with it when you find it.

~~~
pbreit
That's not how Hulu, Netflix and Amazon handle it. The subscribe thing is
unnecessary.

~~~
k-mcgrady
I'd like to see it on those services. Besides, you don't have to subscribe
with podcasts. You can easily just search and download a specific episode.

~~~
pbreit
You _can_ on some of them but they're still subscribe/download oriented. Which
I think is one of the reasons podcasts have remained in the background (also
the word "podcast" is tired).

------
blfr
_For instance, the cost of an endpoint CPU and memory is a 1000x cheaper than
the cost of CPU and memory in the server._ [1]

What do they mean? How was that calculated? It sounds completely wrong.

[1] [http://a16z.com/2015/01/22/cloud-client-
computing/](http://a16z.com/2015/01/22/cloud-client-computing/)

~~~
jholman
I think this "thing" is insane.

First of all, battery life. He specifically calls out phones, and "not just
phones, they could be wearables and other...", as targets for this. Every bit
of computing you do on my device is battery life I lose. You're welcome-in-
theory to use some compute on my CPU, but stay the hell away from my battery
life, which in practice means stay off my CPU. So there's that.

Second, latency is a big thing in user experience. Go ahead, follow this
author's advice, and do your JSON-to-HTML rendering on the client. See how it
affects your latency. See how it affects your user experience. See how the
latency affects your SEO standings. Try it out.

So once you realize you don't want to use client battery life, and you don't
want to use client computing anywhere it would make the user experience
perceptibly more latent, what're you left with? Yeah, sure, you could use some
background computing power in the style of SETI-at-home and so on... but if
you want users' explicit consent, you're competing with those existing for-
the-betterment-of-humanity projects, and if you don't get explicit consent,
you'd better tread mighty carefully.

~~~
maffydub
"Second, latency is a big thing in user experience. Go ahead, follow this
author's advice, and do your JSON-to-HTML rendering on the client. See how it
affects your latency. See how it affects your user experience. See how the
latency affects your SEO standings. Try it out."

I think this _is_ actually worth trying out (albeit as an experiment). If you
can send JSON to the client (and have already cached the templates) rather
than full rendered (uncacheable) HTML, you can (hopefully) reduce the amount
of data that's being transmitted. This saves you in

* latency - downloading a small JSON file will take less time than downloading a large HTML file (although with 4G and later high-bandwidth mobile data this becomes less relevant) - at what point does the additional download time offset the template-rendering CPU time?

* CPU usage (and hence battery life) - if we assume HTTPS for the download, the TLS decryption isn't free - at what point does it use less CPU to render your JSON client-side than to download a big file?

* radio usage (and hence battery life) - downloading more content means your radio must be on for longer, which is likely to use more power - at what point does the additional radio usage offset the CPU usage?

In each case, I don't know where the balance lies, but I don't think it's
clear cut that server-side HTML rendering is always a better thing on mobile
devices.

Having said that, I definitely agree with you on the battery life for general
computation point - I'm not going to be bitcoin-mining on my cellphone! ;)

------
HorizonXP
Enterprise software is definitely an area where there is plenty of
opportunity. They're aching for good software; they pay exorbitant amounts for
software that just isn't very good.

If someone can find a vertical where they can penetrate and provide real
business value, they'll do well.

~~~
btilly
The bad state of enterprise software has been obvious for decades. The fact
that it has persisted in being bad despite everyone knowing it should tell you
that there are reasons why it remains bad.

Those reasons have also been widely known for many years. They boil down that
enterprise software companies optimize for their ability to sell to decision
makers who never actually use the software. See [https://www.mail-
archive.com/kragen-tol@canonical.org/msg001...](https://www.mail-
archive.com/kragen-tol@canonical.org/msg00109.html) for a detailed
description. See [http://futureofwork.glider.com/why-enterprise-software-
sucks...](http://futureofwork.glider.com/why-enterprise-software-sucks/) for
verification that this is not simply an isolated disgruntled developer's
opinion.

------
AndrewKemendo
I wonder if they are including Augmented Reality with their Virtual reality
"Thing."

Y Combinator breaks the two out as two parts of the same RFS [1]

[1]
[https://www.ycombinator.com/rfs/#vrar](https://www.ycombinator.com/rfs/#vrar)

------
7Figures2Commas
> Crash or no crash, we should expect a significant increase in the level of
> institutional adoption this year. Specifically, a large number of companies
> will put together groups focused on what Bitcoin means to them — and as
> early as next year we’ll start to hear people ask “What’s your Bitcoin
> strategy?” in much the same way people asked “What’s your social media
> strategy?”…

This could be great news for social media _con_ sultants who have seen their
wells run dry. Now these _con_ sultants can set their sights on convincing
companies to add We Accept Bitcoin buttons to their websites.

But I believe a16z is thinking too small. Companies need to look beyond
Bitcoin. Personally, I'm tired of the Benjamin Franklin branding on the $100
bill. Bring on the modern brands. I for one am looking forward to the day when
I can convert all of my hard-earned money into LouisVuittonCoin and PepsiCoin.

------
mhd
Isn't a bingo sheet supposed to be 5 x 5?

~~~
patio11
American or Commonwealth? Most Americans play with 5x5, but in principle you
could do 3x3, 7x7, or 9x9. Commonwealth is typically 3x9, often sold in lots
of six.

------
fit2rule
Notably missing: drones. This is a seriously expanding new industry.

~~~
Plough_Jogger
The majority of their portfolio companies are based in the US, where
regulation will likely stifle the growth of commercial drones, at least during
2015.

~~~
fit2rule
Another field the US will lag behind the rest of the world, then..

------
bbcbasic
I don't know why these 16 things are more important than the other 16000
things start-ups could be working on.

Bitcoin is the interesting one, as I would love to know in 10 years time if we
look back at that with a wry smile as a fad, or if it ends up being something
everyone uses.

~~~
onewaystreet
> We don’t invest in themes; we invest in special founders with breakthrough
> ideas. Which means we don’t make investments based on a pre-existing thesis
> about a category. That said, here are a few of the things we’ve been
> observing or thinking about.

The list is nothing more than some of the things they find interesting.

~~~
bbcbasic
> The list is nothing more than some of the things they find interesting.

If that is true, I don't see the point of the article or that it warrants much
discussion.

I don't think that is the intent of the article though.

I took it as they expect these 16 themes to yield a lot of the new ideas they
will invest in. If that is the case then these 16 are quite arbitrary and I
don't see why these were chosen.

~~~
dudurocha
That would be PG point on his RFS
[https://www.ycombinator.com/rfs](https://www.ycombinator.com/rfs)

The majority of VC companies have investiment thesis. In those thesis they put
the kind of market and companies they would like to invest and why. It helps
to guide the new associates and partner on where and what to look.

------
tonyg
List of investment trends, or Black Mirror bingo card?

------
GigabyteCoin
I found a typo on the homepage: "You never need to share the car strangers and
we can pick you up and drop you off at your front door."

I assume you meant to say: "You never need to share the car WITH strangers..."

I love the idea, though.

Coming from a smaller town it's pretty hard to fathom a helicopter for hire
service ever taking off the ground where I live. So it really made me think!

If you can really cut a 2 hour commute to 6 minutes for the cost of $99 USD
and make money doing it, I imagine you will do quite well. There are many
people in NYC who value their time much higher than $49.50 an hour.

~~~
nhayden
I think you posted on the wrong thread by mistake.

~~~
GigabyteCoin
That I did indeed! Thanks for pointing it out.

------
tlogan
I have feeling that "16 big things that VC will fund" is different that "16
big things companies/people/users will pay for".

~~~
rasz_pl
VCs dont care about users. They care about exit, and that usually involves
bigger sucker buying you out.

------
kkotak
When you have gotten lucky with a couple of investments, you make a lot of
money, when you have a lot of money, a lot of people listen to what you say,
they argue with each other about what you say, this keeps them occupied and
stay out of troubles like original thinking and such, so you need to come up
with things to say, otherwise what will people do?

------
goodcjw2
Talking about "Online Video", I'd like to explicitly mention
[https://www.vessel.com](https://www.vessel.com), which Jeff Jordan implicitly
mention here: [http://a16z.com/2015/01/22/online-
video/](http://a16z.com/2015/01/22/online-video/)

------
briantakita
I'm not sure what they want to accomplish with this edict(?).

Maybe it's an attempt to influence entrepreneurs to create ideas in those 16
areas.

I mean, only those 16 areas? We are in the middle of some unprecedented
cultural shifts, and those are the 16 areas to focus on?

~~~
dinkumthinkum
For we, the readers, I think we should look at it more as kind of a
brainstorm, something to get us thinking. I think looking for more in it than
that is not what is most useful for us. Just my two cents.

------
Schwolop
I just want to know who the fuck has $6000 worth of food in their freezer?

(See Internet of Things category)

~~~
Cowen
Food suppliers, possibly restaurants.

~~~
Schwolop
Yep, good call. I didn't think outside of "consumer" headspace...

------
sparkzilla
No mention of media, which seems odd considering their investments in Buzzfeed
and Genius.

~~~
walterbell
Buzzfeed is mentioned in Full-Stack Startup.

~~~
sparkzilla
Barely mentioned

~~~
walterbell
Can a single VC fund more than one full-stack startup in the same market?

------
talles
Loved the 'Failure'

~~~
nine_k
Could anybody please explain that to me? It's super hand-wavy.

~~~
bbcbasic
I think he is saying focus on success rather than failing quickly (i.e.
pivoting).

Which at a more abstract level means focus on the goal not the process.

------
collypops
I don't see selfie sticks anywhere in that list.

------
101914
"Cloud-client computing"

------
atmosx
> [http://a16z.com/2015/01/22/digital-
> health/](http://a16z.com/2015/01/22/digital-health/)

LOL, I love these stories, especially when featuring games like these:

> [...] Tomorrow? To understand your personal diagnostic data, you might soon
> depend more upon an iPhone app developed in a garage than on your local MD.

<rant> This garage theme is annoying. The fact that Jobs and Woz had a garage
ruined garages... Seriously. They literally changed use in the post-jobs era.
If your father owned a garage and you didn't come up with (at least) Dropbox,
you're a loser!!!! </rant>

On a more serious note now.. The author seems to prefer applications written
in a garage to measure things like blood glucose levels instead of machine-
based lancets. If he were diabetic, I wonder, would he use an iPhone
application to measure his blood glucose levels, or the MD?

~~~
freehunter
Well if I were diabetic, I certainly wouldn't go to my doctor every time I
needed to check my glucose. That would get really expensive. I would instead
rely upon a home glucose checker, which could easily be integrated with an
iPhone using Bluetooth or as an attachment ala Square. Even moreso, if it
integrated with HealthKit, I could have my glucose levels over time and have
them shared with my doctor using the integration with Epic's MyChart app.

So, not as silly as you might think.

