Hacker News new | comments | show | ask | jobs | submit login
Dropbox S-1 (sec.gov)
629 points by i0exception 5 months ago | hide | past | web | favorite | 378 comments



I'll just point out that the SVP of engineering, a former Microsoft exec, received $34 million in compensation, since joining less than 6 months ago.

For all employees that are considering joining a startup as rank-and-file engineers and putting in years of effort, remember that your compensation will be paltry compared to founders and top execs. When your work finally pays off, it will mostly pay off for them.

Good for you if you're OK with that extreme imbalance. But, I know too many people that discovered only upon an exit, that the financial reward was never destined for them.


>Good for you if you're OK with that extreme imbalance. But, I know too many people that discovered only upon an exit, that the financial reward was never destined for them.

so personally? I don't care about the imbalance, I care about what I'm getting and how that compares to what I can get elsewhere. I understand I'm playing in a rich man's sandbox, and I'm okay with that. The fact that the man three levels up makes ridiculously more than I do doesn't diminish the fact that I'm getting treated better (mostly measured in getting paid better) than I would be at the next best job I could get.

That said, if I was an investor in the company and not another beneficiary of investor largess, I'd be pissed.


Ok, personally, I do care about the imbalance, and I strongly encourage my fellow techies to care, too.

Why? Because when enough of us care, we can change the sandbox itself. None of this stuff is set in stone.

Great that you're content with crumbs, but I'm not, and I certainly don't want to see the next generation of technicians laboring under the same conditions as so many of ours has done. I'll do my part to leave the world a better place for my successors; not just the same status quo. What's the point of life otherwise?


>Great that you're content with crumbs, but I'm not, and I certainly don't want to see the next generation of technicians laboring under the same conditions as so many of ours has done. I'll do my part to leave the world a better place for my successors; not just the same status quo. What's the point of life otherwise?

dude, I'm a silicon valley computer technician. I literally make 10x what the service people I see every day make, and on top of that, my employer cooks gourmet meals for me, 3x a day, and provides a luxury bus system. Yes, I'm at near the bottom of my local technical prestige hierarchy, but If you think these are crumbs, If you don't think that this is worth a little bit of bowing and scraping, I think you need to stop and look around... look at how normal people live.

If you want to work to make the world a better place, If you want to alleviate suffering, work to raise the salaries of those who make 1/10th what we do.


Look, frankly speaking, if you're content with your lot in life, that's great. I'm happy for you.

Telling me to focus on the low-paid service workers is a nice distraction, but that's what it is: there are other groups working to improve their working conditions and working lives. I'm not connected to them, because I'm in the same pretty-well-compensated boat as you.

Maybe you're paid well, maybe you don't think you deserve more. Your employer almost certainly could pay you more, could give you more time off, more say in your job role, more flex time, whatever, but you don't seem to want more.

Again, good for you. Just don't tell the rest of us that none of us should want more pay, time off, autonomy, a voice in how the company is run, or whatever. If you want to hold fast to your own one-man empire of crumbs, go for it.

The rest of us can band together and work for more of that good stuff that comes with working and bargaining together.


Ah, the spirit of Glompers. "More" - fundamentally, there's nothing wrong with that, but really, there's no reason for anyone outside of your group to support you any more than there is for you to support my own personal quest for more money. It's just a larger empire of crumbs.

The problem is that I don't think this will work, for the same reason that management generally doesn't unionize. Management doesn't unionize because their role is to act in the interest of capital. If capital thinks that management is in it for themselves, management becomes dramatically less useful. (and really, I think that we see a lot of management capture of resources that would normally flow to capital. Management is less useful to capital than it has been in the past. Capital knows this.)

In the ways that matter to these discussions, people who create and manage automation infrastructure are management. It's just that we manage machines that do work, rather than humans that do work. For the same reason that management that was not seen as acting in the interests of capital is worthless, developers who are seen as not acting in the interests of capital will be seen as worthless, too. (I mean, from the perspective of capital.)

Now, I do think that culturally, we are very different and there are some things we could argue for that would improve our lot and that of capital. really, in some ways, I'm very much in agreement that technical workers should be getting a lot of what capital currently gives to management. We can start by making a culture of open salaries. this will eliminate a lot of what management's job is, at our level, which is to individually and secretly negotiate salaries. There's no reason to pay tech workers who negotiate well more than those who don't, so job roles should have pay rates that are known throughout the company. (Of course, there is still negotiation involved in who gets what role, but I think that's negotiation that the technically inclined are better equipped to deal with than straight secret salary negotiations.)


OK, fine, so you don't think it'll work. That's a whole different story from "we shouldn't want more, we're already well paid".

If I'm going to be an Adam Smith-style rational economic actor, I'm going to seek to maximize my profit. If I don't, I'm leaving money/time/autonomy/working conditions on the table, and why on earth would I do that?

If the most effective way to do that is to organize and negotiate together with my fellow workers at Megacorp X--which is both ethically permissible (freedom of assembly, etc) and our legal right--why wouldn't I do that??

If your answer comes down to "you have enough" then you're already behaving like an irrational economic actor and I have no idea why I'd listen to you.

If your answer comes down to "it's hard," well, buck up, kid, life is hard.


>If the most effective way to do that is to organize and negotiate together with my fellow workers at Megacorp X--which is both ethically permissible (freedom of assembly, etc) and our legal right--why wouldn't I do that??

Sure, if that's the best bang for your negotiation buck... but there are a bunch of problems with the approach; the hardest to overcome is the fact that many technical jobs are essentially management jobs, except that we're managing machines for capital rather than managing labor for capital.

Do you understand what is special about 'management' as opposed to 'labor' here? I mean, management is labor, but it's different, because in labor, traditionally, you expect a human to execute a task. Management figures out what tasks ought to be executed in order to maximize the return to capital. You can see how this precludes management from unionizing in the traditional American way.

My argument is that same thing applies to the higher end individual contributor technical jobs, too. If I'm right here, American-style unionization would decrease the value we bring to the table and probably the value we can take from the table.

If you want to usefully organize, I suggest you spend your time looking at the IT jobs that are more regimented, where you follow procedures. Those jobs could be usefully unionized.


Again, it sounds like you're trying to justify leaving money/time/autonomy/working conditions on the table.

You want to do that? You do you.

That's not the mark of a rational economic actor, willingly selling themselves short on a deal.

You can dress it up by saying "well, we work with machines," but at the end of the day, the machines don't own the company, the machines don't sign your check.

The bosses do, and they're the ones you've decided to give up your maximal time/money/autonomy/working conditions to.

Again, you do you, but the minute you say "we should all willingly give up some of our time/money/autonomy/working conditions to the bosses and owners," well, now you're telling all of us to stop being rational economic actors, which I can't get behind.


You are being fooled. Those meals and buses are to keep you at work. Anything other than cash only ties you more tightly to the company. Demand money, not better snacks at the company store.


Edit: Sorry, I shouldn't have said "you". I don't know your situation or how much you make, this is a very broad rant that is based off of previous discussions I've had.

This has to be the most pretentious thing I read in a while. You get paid 6-figures with incredible benefits, while making 2-3x of what the median HOUSEHOLD in this country makes[1], with one of the highest average base salaries, and your individual income ceiling is approximately $180-$200k.

All of this, without having to risk your health like many other blue collar jobs.

All of this, attainable very quickly after graduating college (if you even get to graduating).

Feel free to demand the amount of money you think you deserve. I do think programmers are underpaid for the value they create. But don't make it seem like engineers are lowly serfs or something of that ilk. You have it so much better than most Americans.

[1] $59,039 http://www.businessinsider.com/us-census-median-income-2017-...


You're failing to look at the situation in terms of perspective relative to the company - not society in general. Sandworm's point is that why should someone 2 levels above you be receiving 100x your salary?

Imagine you were at Thanksgiving dinner. Everyone gets a full plate of food, but you only get a quarter of a plate. Is that fair? Should you keep quiet since you're fortunately to have any food at all, rather than homeless on the street? It's all about relativity. Compare apples to apples.


And you're failing to realize that what others make is irrelevant. If you're at Thanksgiving and you get food to feed you for 10 years, it doesn't matter if others got food to feed them for 100 years.


I think you're missing something fundamental about wanting and it's that we are wired to always want more. I think it's useful to accept this as something universal so we can understand why others and ourselves act the way we do.

One is that it accepts the imperfect was of others instead of deriding that others are not perfect from a moral high ground. The other is that it prevents ourselves from playing the victim.

It acknowledges the common strengths in each human by also acknowledging the common weaknesses.

At each level of the "game" , whichever game you playing, there always exists a master/slave winner/loser relationship. A pseudo happiness is achieved when comparing with other games and works both ways. "I'm glad I'm not a minimal wage monkey" and "I'm glad I'm not a souless sellout."

The games can be stratified into economic divisions but in terms of striving and human drama they are quite similar. The poor person who has never tasted really expensive food gets the same pleasure from something more simple than a rich person who has numbed his palate does from the most expensive things.

Acknowledging this constant suffering by everyone is the most humane thing you can do and is the only way out of the game of dehumanization others for the purpose of humanizing the self.


>The games can be stratified into economic divisions but in terms of striving and human drama they are quite similar. The poor person who has never tasted really expensive food gets the same pleasure from something more simple than a rich person who has numbed his palate does from the most expensive things.

My argument is that this is not true. there's a threshold below which not having enough causes significantly more suffering. having to wait two generations before buying the latest apple gadget is not the same level of suffering as having to delay a medical procedure because your job doesn't give you insurance until you've been there 6 months.

I don't know where the line is, but I am saying that going from $20K to $40K a year in total resources available to you makes more difference to your quality of life than going from $100K to $200K. - By a lot.

I mean, your description of being poor as eating plain foods sounds like you might have had a life like mine. Yes, there were times in my life where I had to eat inexpensive food, and yeah, it really wasn't so bad. But... I really think that's a fundamentally different kind of problem than having times in your life where there wasn't enough food at all.

Having times when you might have to get a smaller apartment or even roommates is also unpleasant... but I don't think it compares at all to having times where you might become homeless.


Lol. Money isnt everything. I stopped being an IT lawyer and joined the air force. Now im paid to do things that silicon valley hotshots only do in video games. Fancy meals? I just ate a burger while wearing a flightsuit. Tasted better than a thousand billable-hour lunches.


I was just talking to a guy who started out in the airforce; (enlisted, so probably no flight suit) he said the food was really pretty good, comparable to what we get here.

My friend who started out in the army, though, tells me that the food here in silicon valley is way better.

For myself, I don't think I'm really together enough (and I don't really have the tolerance for authority) to make it in the armed forces.


Some enlisted wear flightsuits. The SAR guys who jump out to save people are enlisted, so are loadmasters. There are lots of cool aircrew jobs outside the cockpit.


> You are being fooled. Those meals and buses are to keep you at work.

It would be extremely naive to think otherwise at this point, so I'm sure the parent is aware and enjoys the benefits despite the ulterior motives behind them.


> You are being fooled. Those meals and buses are to keep you at work. Anything other than cash only ties you more tightly to the company. Demand money, not better snacks at the company store.

I'm not being fooled. I totally understand the company's goal is to get more work out of me, but they are doing that in ways that make my life better, too. It's one of those situations where both parties to a trade come out better..

the food is really good, which means I don't waste time going across town (one of the unfortunate realities of most of silicon valley is that the homes, the food, and the offices almost always require driving to get between) - and dinner? well, again, I could drive more, or I could prepare food myself. Both are things I don't enjoy, that take a lot of time and that I'm not very good at. Employer provided food solve that problem, and saves me significant time. If they want some of that saved time? it still seems win win to me.

My employer providing good food makes my food situation almost as good as it would be if I lived in a real city with a good mix of offices and restaurants, and it gives me that without making me leave silicon valley (which has cultural and career conditions that suit me better than I think moving to new york would.)

The upshot is that if I get a job around here that doesn't give me three squares, I've gotta schedule another hour or so of effort into my day; effort that is as hard, for me as work, but where I'm not advancing my career or studying something I want to learn. Yes, my employer benefits a lot from giving me food... but I benefit, too.


to be fair, you can do both at the same time. and not only you can, but to achieve the second, you need the first.


Perhaps I am not parsing. I'm reading this as "We should work to increase our wages in order to increase the wages of those who are paid less well"

I think that in a real way, people who create and maintain automation infrastructure are playing a role a lot like the role of management in the economy, except we manage machines that do the job of the worker rather than managing workers. Capital can pay for management to figure out how to pay the old professions to get a job done, or capital can pay us to automate that job away.


So why just the techies? Shouldn't you be advocating for everyone to be receiving a larger share of the pie when the company does well?

> I certainly don't want to see the next generation of technicians laboring under the same conditions as so many of ours has done.

Oh please. US West coast engineers already have it nearly as good as it can possibly get on this planet, in all of human history. The violin playing for the horrible conditions they must endure is very small if at all existent.

I'd be totally with you if you were advocating for a fairer CEO/Owner vs Worker pay in general, but singling out 'techies' is kind of a disingenuous way to go about it.


As I said in another comment, there are other groups working to help lower-paid service workers organize. They're better suited to that task than I'd ever be. (And I'm not even a part of any union, I just think we in the tech world are long overdue for organized negotiation.)

And, so, you do agree with me, but don't like some of my word choices? Can you maybe put that stuff aside and see that, organizing and negotiating together in our very individualistic field starts somewhere?


Yes, I do agree with you wholeheartedly. Unfortunately, in my own environment, any attempt to organize among workers has fallen upon deaf ears.

The workers themselves seem to be resistant (or perhaps fearful) to organizing in a manner that would give them more rights and fairer compensation.


Awesome.

And yeah, I think there's a big element of fear to it--fear of losing what is, right now, a pretty sweet deal for a lot of technical folks. That fear isn't entirely misplaced, anyway; individually, any of us could get fired for almost anything at almost any time. And there's a long and storied history of firing folks when they even whisper about organizing.

So I don't think the fear of organizing is irrational--but it is a fear that, I think, should be overcome, because the benefits are, of course, huge.

I dunno, I don't think it's all fear, I just think that's a much larger underlying force than people really want to recognize. If the risk were minimal, why wouldn't people be lining up to do this stuff?

OH, and FYI I am all in on addressing CEO/worker pay disparity. And, while we're at it, on how low-paid workers (janitors, call center stuff, etc.) get outsourced to another corp, etc.

Those are just problems that, I think, would need to be addressed directly through the political system, and not one that workers can take on in an organizing campaign of their own. They're all part of this constellation of "the American worker is getting screwed" but I feel like I gotta pick my battles, at least when I'm posting on the internet.


> Because when enough of us care, we can change the sandbox itself.

no need to wait, you can change the sandbox right now, you can create your own startup and give equal ownership to everyone.


I could do that.

And, at the same time, my fellow techies in any given megacorp (I'm not in one now, used to be long ago) can start organizing and negotiating together, to establish better working conditions, better pay, more autonomy, more of a say in how the company is run.

This isn't an either/or situation.


> I could do that.

“Be the change you wish to see in the world.” Mahatma Gandhi


Right?? Why do you think I'm writing about how much better we could make our working conditions, if we organized and negotiated together?

These ideas and methods aren't new (organizing and negotiating together), and they've been largely effective in this country and elsewhere.

And, hey, like I said to the other person, you don't have to do it, if you're happy with the crumbs the owners toss your way. You do you.

For the rest of us, we don't have to be content with our lot in life--we can be the change we wish to see. Good quote!


Equal ownership of something that’s likely to be zero.


> Equal ownership of something that’s likely to be zero.

I dunno; co-ops have been successful in other areas of endeavor. It's as reasonable a way of organizing a company as any other.

I mean, mostly they are businesses that provide goods and services for money; businesses who's value rests mostly at their profit in a point in time, but it's possible you could come up with a co-op like structure that would work for a tech company where a lot of the value is in the company and getting the company bought out by a larger entity.

I don't know how you'd do it, but I don't see any reason why it couldn't be done.

I can tell you that as a tech worker with options, I would be whole hell of a lot more likely to join a pre-IPO company if they structured the thing in a way that was more transparent and respectful to the workers when it came to the equity component of their compensation.


"crumbs"

What field are you in in this industry? I started making more than my parents combined income by 25. This industry pays incredibly well.

Additionally, you're not all addressing any imbalance in impact. "Imbalance" as seen from a perspective of dollars per worker isn't very meaningful unless you advocate for removing incentives and defaulting to a system more reminiscent of communism.


>Additionally, you're not all addressing any imbalance in impact. "Imbalance" as seen from a perspective of dollars per worker isn't very meaningful unless you advocate for removing incentives and defaulting to a system more reminiscent of communism.

I actually... want to point out that there's a lot of disagreement there, at least in the technical field. There are a lot of people who claim that money is mostly a 'hygiene issue' in that you need to pay something in the realm of what your people could get elsewhere or else people will leave, but that actually paying more doesn't make that much difference.

Personally, I think it varies a lot. I know that you can pretty reliably get me to switch jobs by offering me an additional 20%...[1] but I know people in my field who are better than I am, technically, who basically don't ask for raises, and end up making a lot less than I do simply because I ask for more. These people mostly only switch jobs when the situation forces it. And some of those people are brilliant people and incredible workers.

I mean, we're talking on the order of 10 and 20%, not orders of magnitude here, but the point being that the relationship between money and motivation is not as clear cut as it is, say, in sales

[1]Another interesting side is that while you can totally get me to switch jobs by giving me more money, I'm not sure you can get me to do much better at my current gig by offering me more money; I think I'm already in the neighborhood of doing the best I can. But, would this change if my salary stopped going up?


> I don't care about the imbalance, I care about what I'm getting

Yeah that's how they get you.


Is that really a problem? If you're making double than what you would make elsewhere then who cares what some random exec is making?


You could be making triple, or the people below could be making double. Imbalance runs both ways, and encouraging it in either case ends badly for all of us. Why are you surrendering so much power and wealth to the top?


Sometimes I think about starting a tech co-op where every member has an equal stake, and we just build SaaS services and mobile apps or games until something works. I've been doing that by myself, so it would be nice to diversify and get a stake in a number of other projects. Similar to an angel investor who invests in a lot of startups, but we'd be investing time and effort instead of money.

I'm thinking we could have a group of 10 people working on 10+ different projects, and we would each own 10% of the parent company. Then we could try a bunch of different ideas and focus on the ones that work. I would want to build passive "lifestyle businesses" that make 4-5 figures per month, and we wouldn't need to aim for an exit. We could just take a salary and retire, or keep making apps and games because it's a lot of fun.

It would be awesome to share a lot of boilerplate code, so it's super fast to get started on a new idea. We'd also have a single kubernetes cluster on AWS that runs all of the backend services, maybe with something like Deis Workflow. And who knows, maybe we turn that into a business as well, and provide hosting to other companies.

Sorry for the tangent, but that could be one way to solve the imbalance.

Here's another discussion about tech coops: https://news.ycombinator.com/item?id=7634152

EDIT: I decided to put together an application form to see if anyone is interested: https://docs.google.com/forms/d/1dnm-SZxbcKuQ7PUU9ArRnlD1LiK...

There will be a lot of challenges, but I think it could work. Just need to find the right people.


Once you are established, have applicants work long hours for entry level wages as "associates" in the hopes they could become "partner" one day. This is obviously the law firm model. I have also wondered why it hasn't been (to my knowledge) replicated in tech. The cynical answer is that once you have a suite of profitable applications bringing in money, why share that with new employees when you can get the same work done for "crumbs"


Law firm hours are directly tied to revenue. You can't measure things this way in a SAAS shop.


True. But law/accounting is similar to an MLM model, where the rain-makers kinda get paid some proportion of the hours billed of their subordinates.


I have been thinking the same idea for a while now. Not in a place that would be able to commit, but if you really try this I would like to follow up.


>"I'll just point out that the SVP of engineering, a former Microsoft exec, received $34 million in compensation, since joining less than 6 months ago."

I am curious what contributions can a single executive make to a company that justify $34 million dollars in compensation?

More so what contributions did that individual make in less than 6 months that can justify this obscene level of compensation? Did they create 3x or 5x of this compensation in value?

Remember this the next time a recruiter at some startup tries to tell they offer options in lieu of cash because the company wants you "to have skin in the game."


I would guess that he was hired so he can bring in some multi million clients from his network. Such hires can sometimes bring a lot of value to the company or just be a big drain at other times (the more severe effect though can be a dip in motivation for other techies).


"Clients"? It's not a customer facing role.


to follow up:

> But, I know too many people that discovered only upon an exit, that the financial reward was never destined for them.

When I interview at pre-ipo companies, they usually tell me how many options they are giving me and a per-option strike price, but no idea of how many outstanding shares there are.

In this case, I think it's deeply irrational to assume that you are getting anything at all; if a professional is offering you something of value as an inducement, they are going to make damn sure you know what that value is.

The upshot is that when you interview at these companies, make them compete for you on salary, benefits and working conditions. If they also want to give you a mystery box, that's cool, but understand that it's a mystery box, and probably won't be worth much at all even if there is an exit.


> When your work finally pays off, it will mostly pay off for them.

Well, it'll mostly pay off for major capital holders (which founders are likely but not certain to be, depending on the course of business before then, and top executives at the time may or may not.) Top executives as such (outside of their role, if any, as capital holders) may get more benefit than you, but even if so it will be much less than the capital holders.


For better or worse, I think most of us have made peace with the fact that capital holders can put their money at risk, wait several years, and earn a large return with some probability. For some guy to waltz in a couple months before an IPO and make $35m out of thin air... it's a bit much. Especially when many of us have seen how hard early employees work, staying til late hours and thinking someone will compensate them for their extra effort.


For one data point, Sequoia owns 25% of Dropbox. They led the seed and series A. That investment is going to pay off marvelously...


The Techies Are Finally Reading Marx


I doubt it, but a nuanced debate of his ideas on the part of those who purport to be so open to unconventional ideas would be refreshing. We love to promote learning from iteration but still remain amazingly averse to doing so in practice. I think this is just another example of that.

The moonshot of UBI is an acrobatic avoidance of Marx, relatable if you were raised with the American indoctrination of Marx == Hitler (yeah I know but the lack of ideological overlap, or any overlap at all, hasn’t mattered because patriotism). We are due some maturity in this area.

And on another hand, one should be forgiven for mistaking the open source movement for Marxism.


patio11's salary negotiation blog post is our Das Kapital.


It never was and never will be. We like to pretend that employees are so fairly compensated, and yet I had to fight tooth and nail to get a mere 2% equity. The thought of an equity stake closer to 10% was almost unheard of. But you bet I'd have had an impact large enough to justify those returns, in the sense of http://paulgraham.com/equity.html

Except... It's not quite that simple. Most people don't care. The vast majority of programmers simply do not care enough to band together and force employers to give you a higher stake.

I'm not even insinuating that a union would be a good idea. I'm saying, in a free market society, you can't be surprised to find out you just aren't worth making rich.


I'm soon moving into management and I still think unions would be a fantastic idea all across the tech sector.

The whole of a business is already a collectively organized unit, by its nature. When each of us, each individual technician, goes into negotiations, we're already up against the entirety of the business. Banding together is literally the only way to balance that scale.

The Screen Actors Guild would be a good model for a tech union--they obviously reward top box office draws richly, but the low end of the scale is still well cared for.


Or you could try to start your own company. Heavy is the head that wears the crown.


True, one option for everyone who thinks equity distribution is out of whack, is to start their own company. They can then create an imbalance in their own favor, allocating the lion's share for themselves. Then they can work to convince eager candidates to join their noble mission in exchange for a (razor-thin, shhh) piece of the pie.

Another route would be for founders to expand option pools from the typical 8-12%, so that their own holding didn't exceed that of every employee combined. But of course, why would any founder choose to do that? It's hard to become a billionaire if you let your employees have too much!


That's not always true. It may look easy to start a company and make it at least a moderate success in Silicon Valley today, perhaps due to the easy availability of money and helping mentality from peer companies who would jump into trying your product and even paying for that because they themselves got easy money from cash rich, aggressive investors.

But it is not the case in traditional markets other countries where you have to put lot of time, effort, our own money and mental stress into creating even a moderately successful business.. On the other hand employees get relatively less strain and a stable income and an option to leave the company anytime and move to better higher paying jobs.


If you start your own company you can distribute equity as you see fit


Equity is not important for me for the most part. I have to exercise by paying when I leave. I rather get free shares and I’d stay longer. Otherwise, joining a company like FB would be wise if you want stready return on top of your base compensation.


Business owners form all sort cahoots and lobby for themselves so it's not a free market. Its just sold to us that ways.


My personal opinion on this topic has to do with the skill and requirements of the job, given the time and stage the company is at.

Sure, I'm fine with executives that come much later to be paid more than many that come before him/her. Should a number as high as $34m justify the kind of value he/she puts into the company? I dunno if I can agree with that, and in an early employee's perspective, I'd like to be proven otherwise. Then again, I don't work for Dropbox and do not know the scale of the problem in which this exec has been brought in to solve.

Ultimately, my core principles/values have to do with loyalty and being nice. As founder(s), you must not forget those who brought the company this far. They did unglamorous work and put in crazy hours to help the company achieve product market fit. Founder(s) risk breaking the trust of their employees < no.100 when they see people coming after them being compensated / valued 100x more than they do, not because they are just paid higher. That scale is the root cause for frustration.

The counterpoint to this is when the company scales, all other numbers will scale with it too (revenue numbers, employee headcount etc.), and sometimes hiring a key person who can, in the long term, cut costs by $100m might justify his/her salary. Capitalism works like that.

UPDATE: Curious to hear what thoughts founder(s) active in the HN community have about this though. Open to hear decisions on your end. I struggle to come up with a good answer myself.


In an early upstart the employees might actually make more money then the founders. When the ship is in motion the founders might not need those people any longer, and there will be many more knocking on the doors wanting a job. The founders hires the execs to hopefully do a better job then the founders themselves are currently doing. And if the founders are making millions it will also be easy for them to pay the execs millions. And they don't want to hire just anyone to take care of their baby.


This isn't even jealousy speaking, really. I don't even know the gentleman.

But I fail to see how someone would be worth this kind of money as, what's mostly a people manager of a (late) startup.

His own rank and file have to work 30 years to make what he makes in a year. Sorry but ... that makes me want to drop my (paid) Dropbox account.


If there's ever an Equifax scale breach at Dropbox, accountability will fall on the SVP of Eng.


You realize Equifax has had pretty much no consequences for their gross negligence, right?


Execs were forced to resign. Rank and file Engineers were not.


Once you've made $10M+, why would anyone care if they have to resign? Especially, when odds are they'll have another gig in no time.


Yes, he'd be fired. Perhaps have to testify in front of Congress, even.

Accountability is worth $8M a year?


The average NBA player salary is $6 million per year.

In the next few years all of the NBA players combined (~420 players) are set to make more in salary than all the S&P 500 CEOs earn in salary combined.

Should top executives at $10 billion companies (7x the average value of an NBA team) receive compensation on par with professional athletes? How does that not make sense?

The US will spend $10 billion per year compensating several thousand athletes. How much should be spent compensating the people directly responsible for operating businesses that represent trillions of dollars in GDP and tens of millions of employees?

Mediocre middle relief baseball pitchers should make $8 million per year, but execs running billion dollar companies shouldn't? You can argue that baseball players are overpaid, but that's an absurd premise. It's directly representative of the value in the system - tens of trillions in wealth in the stock market, and vast profit generation - and the price of acquiring talent.


Executive compensation and performance is negatively correlated.

NBA stars make money by exposing themselves to downside. They have fan, they generate direct revenue and last but not the least they have their skin in the game. One injury and their playing career is over for good. What does these executives bring to table? Can 10 of them alone deliver the product and services to customer?

And when they fail ,they simply take large severance and fade away to a beach only to come back fully rejuvenated to fuck again.


How many of those $10B companies are actually really worth that, not just an inflated result of funding rounds.

The 420 or so players in the NBA can largely be considered to be the best 420 players in the world.

NBA teams also have a pretty high revenue to value ratio.

Points to you too for ignoring that in many cases the salary of a Fortune 500 CEO is, in many to most cases a much smaller fraction of their compensation packages. In many cases bonuses and other compensation is between 3 and 10 or more times the salary, so not exactly equitable, though it makes for a better sound bite.


    How many of those $10B companies are actually really
    worth that, not just an inflated result of funding
    rounds?
The parent is talking about S&P 500 companies, which means publicly traded ones. The thing where private companies have inflated valuations [1][2] doesn't apply here.

[1] https://www.benkuhn.net/terms

[2] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2955455


NBA player salaries are also not sustainable, they're going to have to drop once ESPN will only be able to charge people who actually watch sports instead of getting paid per cable subscriber regardless.


So no consequences?


Other than a generous severance package?


"accountability", as in a golden parachute and maybe an uncomfortable congressional hearing or two?

Yeah, huge responsibility there...


You're telling me that executives get paid more than rank-and-file employees? Shocking.


Well, except of course that startups, like Dropbox, very often advertise to early non-exec hires that while their current pay is very low, they'll make out like bandits upon IPO or acquiring.

Then the shares of the early employees get diluted like crazy to give those sorts of very late-hires ridiculous compensation, because "they're 'executive'".

So the message is more about broken promises than it is about compensation per se.


The guy majored in physics and computer science. There's nothing wrong with compensating people who have proven they can scale things (organizations) commensurate to their record.


I find it difficult to believe that any sort of scaling of the org could have occurred in the span of six months thanks to the efforts of a single individual.


not saying value is right or wrong. but that is the present value of a stock award that vests over time. this is valuing his expected contribution and whatever it took to get him to join versus previous company / other opportunities. to be paid out over 4 years.


Good point: considering the time frame, the comp does look like a forward looking statement.


Every employee's stock package is forward looking in that same way, no?


Yes. CEOs also often have to hit performance targets in terms of revenues to unlock stock packages.


Presumably the management at Dropbox has no reason to throw away money. He received this on a vesting agreement and has to hit goals to receive it.

He has run several multi-billion dollar units at Microsoft. Likely he had many other opportunities on the table.

Fact is it takes more than code to build something that lasts. You need to know code, understand people that write code, but there is a lot more to it than code. This guy was hired to multiply the efforts of hundreds of coders -- so all he had to do is improve each of them 5% to justify his salary.


All the work has been done already by the suckers who joined 4 years ago but won't get the exec jobs because they're not part of the VC club.


Where do you see that?



Just curious - how's a raw SEC filing preferable to a reliable article summarizing it in non-legalese, providing context with the competition, etc.

Other than lawyers and economists, does anyone ACTUALLY prefer this raw filing?

EDIT: Adding my preferred link: https://www.cnbc.com/2018/02/23/dropbox-ipo-form-s-1-prospec...


I always find juicy information in the S1 that doesn't get reported on right away. Off the top of my head:

* Reliance and risks of Zynga in the Facebook S-1

* Customer acquisition costs in the Blue Apron S-1

* Growth specifics and positioning of algorithms in the StitchFix S-1

* Infrastructure costs in the Snapchat S-1

Besides, an S-1 filing is not written in legalease, it's written in plain language. One of the target audiences is street investors so it's meant to be accessible. I'm looking forward to digging into this one.


This is my biggest concern with the Dropbox platform summed up in the filing:

* Our business could be damaged, and we could be subject to liability if there is any unauthorized access to our data or our users’ content, including through privacy and data security breaches.

They have made progress. They managed to get SoC II compliance for all of their offerings. They now offer HIPAA compliant hosting as well.

Not that long ago though (circa 2013) I remember a series of articles that made it clear that DropBox employees had access to customer data.

That spooked me enough to recommend folks pair it with https://www.sookasa.com/ if they were going to use it.


Dropbox, GDrive, Box, OneDrive, etc. aren't using zero-knowledge encryption, so it must be technically feasible for them to access user data. If a company has a forgotten password reset feature, it's a good sign that it's possible for them to access your data.

You have to trust the company providing the service, right? Of course in practice, accessing user data should be tightly controlled and require good business reasons and levels of approval.

Zero-knowledge alternatives like Spideroak exist, but this approach makes them sacrifice features. (and doesn't appear very popular based on market share)


It's not as black and white as all that. In the early days, it was probably a trivial operation for any employee to examine any customer's dropbox content. Hopefully these days the prod machines and backups.are walled from all but a rotating team of SREs, whose own actions on them are subject to audit.


Early at my days at Syncplicity, (a Dropbox competitor,) I specked out what was needed for true client-side encryption with no ability to decrypt on the server. It's very easy to do, from a technical standpoint.

(We solve the problem by letting our large customers run their own servers, with their own authentication via single sign on.)

The problem is that the user experience for client-side encryption is awful! Every shared folder will need its own key, and users would need to manage and share their keys outside of our system. That is not sustainable.

But then the major feature set breaks down. Want to access your files in a browser? Not with client-side encryption. Want to email someone a hyperlink to a file? Not with client side encryption.

The major lesson is that the world operates on trust. We can only stay in business if our customers trust us.


> The problem is that the user experience for client-side encryption is awful! Every shared folder will need its own key, and users would need to manage and share their keys outside of our system. That is not sustainable.

But then the major feature set breaks down. Want to access your files in a browser? Not with client-side encryption. Want to email someone a hyperlink to a file? Not with client side encryption.

I do all of this with Boxcryptor. I might be misunderstanding you - do you mean decrypt it without first downloading it from the browser? Because yes, that’s not strictly possible.

But Boxcryptor implements a small wrapper around directories and generates a public/private key pair tied to email addresses. You can client-side encrypt a file with your - or anyone else’s - public key by moving the file into the directory. You can also change the file’s encryption to add or revoke access by multiple users.

If you wrap Boxcryptor around your local Google Drive, Dropbox, Box, etc. directory, it automatically client-side encrypts, then uploads new files. Then you can share a hyperlink to share encrypted files without exchanging keys with anyone. The usability is so great I’ve been able to use this with non-technical clients. You can even use your own key pairs.


There's also no deduplication with client-side encryption.


In the traditional model, yes. But if you're willing to make sacrifices... see previous discussion on this topic when it came up with Mega, de-duplication, and client-side encryption: https://news.ycombinator.com/item?id=5084261


Doesn’t homomorphic encryption allow for this?

http://ieeexplore.ieee.org/document/7255226/


No. It doesn't.


Can you explain?


The whole point of encryption is that you cannot meaningfully compare 2 pieces of plaintext.

Homomorphic encryption doesn't change that.

The only way to compare plaintext is to decrypt the whole thing. So either you must trust a centralized org (like dropbox today), or you must trust a single centralized key (that could be done with homomorphic encryption).

(Also the best homomorphic algorithms still make small programs take days to execute)


Consider a scheme in which:

Each user generates a symmetric "user key", kU.

The plaintext of each file (or without loss of generality, block of data, etc.), pFile, is encrypted with a randomly generated symmetric key, kFile, producing the ciphertext cFile. pFile is also hashed with a cryptographically strong hash, producing hpFile. kFile is then encrypted with hFile, producing ckFile. The user encrypts pFile with kU, producing chpFile. Finally, the user takes the first N bits of hpFile (for N on the order of, say, 16 or 32), producing hpFileTrunc. The user then submits hpFileTrunc to the server.

The server is, semantically, just a list of 3-tuples: (cFile, ckFile, hpFileTrunc).

The server sees if it knows of the existence of records with the same hpFileTrunc value as the client's submission. If so, it returns them to the client.

The client then tries, for each record returned by the server, decrypting ckFile2 with the client's hFile value, potentially producing kFile. If this is successful, the client then decrypts cFile with kFile, producing pFile. Finally, it compares this pFile to the original. If it matches, a match has been found, and the client exits the loop. If not, (or if either of the two decryption steps failed), it continues to the next record the server returned. If there are no more records, the client instead submits the tuple (cFile, ckFile, hpFileTrunc) to the server, which stores it.

Finally (whether or not a match was found), the client stores chpFile locally, to be used when retrieving the file.

To retrieve the file, the user decrypts chpFile with kU, producing hpFile. They truncate hpFile, producing hpFileTrunc, and submit it to the server. They perform the same process described earlier to retrieve the matching pFile.

(Note: truncation may also be replaced by, or combined with, a second round of hashing.)

With this scheme, assuming secure primitives (authenticated encryption and hashing), I don't believe it's possible to learn any information about a file unless you already have its contents.

So the server can tell if you're accessing (storing or retrieving) a particular file if and only if the server knows what it's looking for.

TL;DR: you can totally construct a scheme that allows meaningful comparison of plaintexts!

But... this is probably a bad thing. Comparison of plaintexts is a vulnerability: the server being able to see who's storing a particular "bad" file has a real impact on privacy. And likely more subtle impacts, too...


The whole point is to allow for comparison of large plaintext files that are stored by many users. Think of mp3s, or large avi files, or, say, a linux kernel image, or ...

> The server sees if it knows of the existence of records with the same hpFileTrunc value as the client's submission. If so, it returns them to the client.

And by doing this, provides a way for clients to verify if any user on the file storage server has this file. So if I wanted to know if your mozilla thunderbird has a mail I have the source to, I simply try to store this and get these duplicate records.

Most people would consider this extremely unacceptable.

> The client then tries, for each record returned by the server, decrypting ckFile2 with the client's hFile value, potentially producing kFile. If this is successful, the client then decrypts cFile with kFile, producing pFile. Finally, it compares this pFile to the original. If it matches, a match has been found, and the client exits the loop. If not, (or if either of the two decryption steps failed), it continues to the next record the server returned. If there are no more records, the client instead submits the tuple (cFile, ckFile, hpFileTrunc) to the server, which stores it.

Why would the client have the keys to files stored by other users ?

Unless you mean that you can only deduplicate within a single client, in which case that's of much more limited use (and I might add, your encryption scheme is way more complex than it needs to be).


> And by doing this, provides a way for clients to verify if any user on the file storage server has this file. So if I wanted to know if your mozilla thunderbird has a mail I have the source to, I simply try to store this and get these duplicate records.

Yes. This is the reason you don't want this property (being able to deduplicate encrypted files)!

But you can provide it, while still providing meaningful security against other attacks.

The client has the keys to files stored by other users because the keys are the hashes of the plaintext, and the client can hash its own plaintext when it has the file.

(Note a trivial modification to this scheme, solely client-side, allows for certain files to be totally secure, with the cost of them being exempt from deduplication)


> The client has the keys to files stored by other users because the keys are the hashes of the plaintext

Personally I find only people explicitly authorized have the key to be the whole point of security. And you're suggesting this as a solution to the problem that organizations providing file storage could see what files you're storing.

Under this scheme, it wouldn't just be that organization, but everybody who is a client, that could see what files you're storing (or at least verify if you're storing a particular file or not)

So I find your assessment:

> But you can provide it, while still providing meaningful security against other attacks.

Very dubious indeed, especially given the context of securing centralized file storage, where the whole point would be to deny others access.

I mean it's a true statement, because you don't specify what "other attacks" are.

I posit that given that this system leaks the plaintext of your files I find it strictly worse than just giving Dropbox or Microsoft access to my files.


> Under this scheme, it wouldn't just be that organization, but everybody who is a client, that could see what files you're storing (or at least verify if you're storing a particular file or not)

You can do this today, with Dropbox or whatever else- anything that does deduplication, if it saves bandwidth by not asking for files it already has.

You can't tell who is storing a particular file- only if anybody is. Does this leak information and impact privacy? Yes! But it still provides other useful properties.

If you have a copy of a file, you can see if anybody else does- a boolean value. (And if the server is malicious, it can tell who does (if it logs).) If you don't have a copy of a file, you can learn absolutely nothing about it.

So, for example, if a user uploads a, uh, personal image to the service- with Dropbox, in theory (they likely have strong organizational and technical controls against this sort of thing, mind you) if the server is malicious they can view that image.

With this scheme, the server can't.

On the other hand, if you, say, save a file containing only your social security number- or a similar low-entropy value- the server can crack the hash and decrypt that file. That's the price you pay for being able to deduplicate.

(Perhaps one could only deduplicate large files- thus handling the case of movies, music, Ubuntu ISOs, large system files, etc. To implement selective deduplication- if you want a file to not be deduped, replace all uses of its hash with, instead, a unique random value to identify the file. Server requires no modification.)


For a single user with no need to share access, you can also just stick everything in a VeraCrypt vault stored on Dropbox. Dropbox seems pretty good at updating only the parts of the vault that have changed, versus the entire (sometimes huge) vault file. I've heard OneDrive updates the entire vault file every time, although I haven't experimented with it myself.


Dropbox's client uploads binary diffs to make updates to things like your VeraCrypt value efficient. Using a modified librsync last I heard. Sounds like OneDrive is missing this feature.

https://www.dropbox.com/help/syncing-uploads/upload-entire-f...

https://github.com/dropbox/librsync


The point of that section of an S-1 is to try and disclose every possible risk so that investors can't accuse you of hiding risks later on.

So, when quoted out of context it sounds really extreme.


I wonder how spideroak.com compares.


Do you have a 5-second summary of what you mean by "Growth specifics and positioning of algorithms in the StitchFix S-1"? Just the fact that they use algorithms to tailor individual boxes, or do you mean something more specific?


I currently work at an e-commerce company and there has been a ton of debate around how "algorithmically driven" Stitch Fix actually is. The general feel in the space from non-technologists is that computers cannot do this job well now and won't be able to do it well in the near future. Stitch Fix makes it a major brand point that computers are an important part of the process. So the real question is - are they making this point because it's true or because it helps their valuation (tech co. 5-10x multiples instead of ecomm 1-4x multiples).

The way Stitch Fix talks about it in their S-1 makes it seem like the latter is the priority. I'm not yet convinced that the practical value driven by algorithms at Stitch Fix is up to par with how much they talk about it.

I was interested in growth to understand both their growth rate but also to get a feel if it was driven by increasing user acquisition costs like Groupon, Blue Apron, etc or if it was organic.


I've worked in fashion before and I'm a machine learning pratictoner now.

I never tried myself but it seems quite feasible to build a decent profile of someones taste in fashion from a bit of data.

Fast fashion gave us the logistics (no more 9mo from concept to store). But Zara and friends still supply only the major trends. We're still missing for someone to reliably market the "long tail".


> I never tried myself but it seems quite feasible to build a decent profile of someones taste in fashion from a bit of data.

I've thought about this as well. How would you personally try to build this profile for users, then market to them based on it?


You could initially present a user some images to assess it's preferences and use some recommender system (collaborative filtering), a la Netflix.

That could give you an starting point. But I believe the main issue is that fashion products have, by definition, short shelf life, so you can't run the algos on SKU data. Then you can use deep learning on product images + user categorical data to try to predict preferences, maybe simple binary classification?

I guess using images as input should give better features than textual description.


> You could initially present a user some images to assess it's preferences and use some recommender system (collaborative filtering), a la Netflix.

You would have to tag the hell out of these photos, right? Disambiguating preferences is the challenge -- the user may have liked images #3 and #7, but why? Specific items, or the color palette, or the silhouette, or just the model? A post by Chicisimo on the front page addresses these hurdles [1].

I've also seen some of these image recognition apps in action -- they pick up on patterns and color very well, but struggled with silhouette.

[1] https://hackernoon.com/how-we-grew-from-0-to-4-million-women...


Seeing what people themselves like doesn't sound a good way to determine what fashion they'd buy. Fashion is about a consensus largely established by a cabal of sellers; users surely want to find out what is fashionable? Fashion is mainly about what other people like.


Oh, that's largely a myth. These seller do have some influence, but it's much less important than what they want you to perceived. Fashion tastes comes from a lot of sources and some is part of your identity.

That's part of what makes this industry hard.


Ask them for access to their Facebook photos, get them to tag themselves and then build an embedding of their fashion choices.


> Stitch Fix makes it a major brand point that computers are an important part of the process

(which even if you disregard everything else is a really good line to take if you're after recruiting good machine learning engineers!)


You hit the nail on the head. They also reveal this strategy through their data science "thought leadership" posts, which are seemingly meant to appeal to data folks (own your code! add value through modeling! don't worry about collaborating with engineers!) but do not reflect the realities of industrial data science.

(Note: I'm biased and tweetstormed about Stitch Fix's most recent blog post earlier today. https://twitter.com/achompas/status/967085860763193345)


Chris Moody knows more about this than anyone in the world, and everything he writes about on the Stitch Fix blog seems so far ahead of what other people are talking about I really do believe that they have a real technology advantage.

It seems similar to talking to people at Google in the early days. The thing that they cared about from an engineering point of view seemed weird and they language was alien. 3 years later the rest of the world hits the same problem and I remember the conversations and think "oh so this is what they were talking about".


Give us the dirt on this one!


There's nothing shocking and I think that bodes very very well for Dropbox. It looks like a solid foundation with great growth.

The standouts to me were -

* They cut costs on an absolute and relative basis for the last two years. This is fantastic and I hope the trend continues.

* I don't understand how the $112 ARPU number foots with their pricing. They are telling a story that "teams" is driving growth but on the surface that's not reflected in the ARPU number. There's some sort of promotional discounting that's happening that isn't exposed here. I hope that they are aggressively managing their promo strategy internally because unchecked it can tank a whole company (see GAP).

* No idea where they expect new users to come from given they have 500M accounts. Presumably people have 2+ dropbox accounts (personal + work). I'm interested to know how many unique active users dropbox has.


> Presumably people have 2+ dropbox accounts (personal + work).

I'd imagine there's quite a few with dozens, as they offer more space (up to a bit over 30 referrals) if you refer new users. I remember "referring" myself with a new email address whenever I'd need an extra 250 MB.


>> No idea where they expect new users to come from given they have 500M accounts.

500M accounts, but only 11M paying users.


What keeps them from making money (asking, not being facetious)?


If they maintain the current trend of lowering costs, keeping headcount growth in line with revenue, and continuing to achieve economies of scale in sales and marketing then they will show a profit in the next couple of years. They don't promise any of this in the S-1 because they need to be extremely conservative in their statements to the public.

To be honest I'm not super familiar with the comps to know how good or bad their numbers are relative to others. But just from their own reporting they look like they are on track. That's not by accident. It's very likely that constructing this trend has been a major focus for the company in the last few years.


Why infrastructure costs in Snapchat ? Doesn't look special ?


SNAP's infrastructure story in the S-1 filing was a mess. They had 2016 revenue of $404M with a cost of revenue of $451M. A 5 year, $2 billion dollar vendor lock-in to Google. They basically admitted that Google has them completely by the balls and it costs them $3 per user per year to keep the servers on. Both of these independently are very very bad, together it's a disaster.

Facebook was at $1/user/year in their S-1, Twitter was < $1.

From the SNAP S-1:

"We rely on Google Cloud for the vast majority of our computing, storage, bandwidth, and other services. Any disruption of or interference with our use of the Google Cloud operation would negatively affect our operations and seriously harm our business."

"We have committed to spend $2 billion with Google Cloud over the next five years and have built our software and computer systems to use computing, storage capabilities, bandwidth, and other services provided by Google, some of which do not have an alternative in the market."


They also committed to a 1 billion dollar deal with AWS soon after that: http://fortune.com/2017/02/09/snap-inc-signs-big-aws-deal/


For a B2B SAAS company...what's the ideal user cost of infrastructure? (I understand that it depends on the service..but a ratio of profit per user vs cost per user should be close no?)


I forget which report it was in but the average tech-focused startup spends 10-15% of revenue on infrastructure. Mature businesses spend ~5%.


The ideal cost is as low as possible without sacrificing future scaling needs or development velocity. At some point, you'll start to experience diminishing returns.

It usually goes POC->Cloud provider->Your own gear


apart from the bigger companies (like Fb), have there been any major SaaS companies (esp. B2B but I guess that's trying to be too narrow so B2B & B2C) that have moved from Cloud to their own Data Center? (I know Etsy comes to mind...but apart from them?).


Dropbox: https://techcrunch.com/2017/09/15/why-dropbox-decided-to-dro...

Github: https://githubengineering.com/evolution-of-our-data-centers/

Backblaze: https://www.backblaze.com/blog/our-secret-data-center/

Twitter: https://blog.twitter.com/engineering/en_us/topics/infrastruc...

LinkedIn: http://www.datacenterdynamics.com/content-tracks/design-buil...

FastMail: https://www.fastmail.com/help/ourservice/security.html

Stack Overflow: http://highscalability.com/blog/2014/7/21/stackoverflow-upda...

Wikipedia: https://meta.wikimedia.org/wiki/Wikimedia_servers

OpenStreetMap: https://blog.openstreetmap.org/tag/infrastructure/

The Internet Archive: https://www.theregister.co.uk/2017/11/16/head_like_a_memory_...

Gitlab tried, but didn't have the necessary in-house experience before they made the attempt: https://about.gitlab.com/2017/03/02/why-we-are-not-leaving-t...

Instagram was migrated from AWS onto Facebook's infrastructure: https://www.wired.com/2014/06/facebook-instagram/

WhatsApp was migrated from IBM to Facebook infrastructure: https://www.cnbc.com/2017/06/07/facebook-planning-to-move-wh...

Hacker News and Pinboard (acq. Delicious) run on a single server.

It's not hard, but you do need to know what you're doing and have resources to do it (most orgs rent colo space in someone else's datacenter, they don't build their own). There's a reason AWS margins are so high (which leaves a lot of cost savings to be had when your workload isn't highly variable). Any questions, email is in my profile. I spent ~16 years building data centers, hosting environments, infrastructure, etc.


Many SaaS companies not only lack the ops experience needed to run their own infrastructure (which may be only problem of perception, for me running stuff on dedicated HW in colo center seems like less hassle than dealing with things like AWS) but also the common sense required to not over-engineer the scalability of their solution in the early phases (which falls squarely into the YAGNI teritory, as you can run surprisingly large stuff on two or three physical low-end 1U servers).


It surely depends on how much users pay for the service, and how high the non-software costs are.

But in any case, the examples given are B2C free to use products which are generally going to provide... not a ton of revenue per user.


I thought Dropbox's revenue mainly comes from it's business clients - B2B is more $ compared to B2C although B2C might be more profitable as customers might pay the $10/1TB and not really use that much anyways)

Their paying users have increased, but the revenue per user has decreased (based on the S1...which I assume is because of enterprise deals).


This is from the SNAP S1 not the dropbox S1


Note that the modern gospel is any net business dont give a crap about costs, only growth and the ability to raise money.

This has been explicity stated by the saas business ‘gurus’

So even at 3$ per user that goes lower pretty quickly.

Plus they get alliance w/goog. Aws is a force but if i had a choice id have goog as a best friend over amazon.

Preferably id build my own data center and keep those assets.


> modern

If by modern, you mean 2015. Things definitely changed by 2017.


Their infrastructure commitments are ridiculously high.

"In its disclosure, Snap has said that it is contractually obligated to “spend $2 billion with Google Cloud over the next five years and have built our software and computer systems to use computing, storage capabilities, bandwidth, and other services provided by Google.” Of the current losses at Snap, more than 80 percent of those funds go straight into Google’s pockets."

https://www.recode.net/2017/2/7/14526832/snap-ipo-snapchat-s...

https://www.forbes.com/sites/quora/2017/02/22/could-snapchat...

https://www.cnbc.com/2017/02/09/snap-cloud-bill-aws-google-c...

EDIT: @dfee How that revenue is recognized is usually based on when the services are delivered, but I am not an accountant.


Imagine the sales commission on that one. “Here’s a $10B - Closed Won”.

When talking about deals that are the enterprise valuations of Fortune 500 companies, do you value the sale as if it were an acquisition? Or, some other way?


Yeah except imagine instead when you should be due that commission but then they find a creative way to bake it into a new cushy position that they carve out just for you (with no more comms on other deals) and they pay that comm out to you over 5-10 years. And in the process, putting you in a position you dislike in an effort to hope you'll leave some of it at the table.


$2 billion, not 10.


Still a good reason to become a AWS or GCP sales engineer.


Lots of others have chimed in with examples of interesting tidbits to be found in "raw" securities filings that don't get included in press summaries. My personal favorite is the "efficient factoring" risk factor from an old RSA Security, Inc. 10-K[1]:

The Company’s cryptographic systems depend in part on the application of certain mathematical principles. The security afforded by the Company’s encryption products is based on the assumption that the “factoring” of the composite of large prime numbers is difficult. If an “easy factoring method” were developed, then the security of the Company’s encryption products would be reduced or eliminated. Even if no breakthroughs in factoring are discovered, factoring problems can theoretically be solved by a computer system significantly faster and more powerful than those currently available. If these improved techniques for attacking cryptographic systems are ever developed, the Company’s business or results of operations could be adversely impacted.

[1] https://www.sec.gov/Archives/edgar/data/932064/0000950135000...


Any mention of the NSA paying them to keep a dodgy RNG in there?

https://www.reuters.com/article/us-usa-security-nsa-rsa/excl...


This may not be a very well-received comment due to the securities fraud he has been convicted for, but in Martin Shkreli's YouTube lessons on investing (Really aimed towards future day traders / full time investors, but good points are made) he says the sec.gov site is the best place to take in content and he showed after you get used to the ( ugly ) government site layout, you can actually get to the information you need quickly. But day traders and full time investors probably fit your category of economists.


It's weird though that people who actually cause their investors to lose money go Scott free because of connections and to my understanding shkrelis investors all made huge profits, one going so far as to say it was the best investment of his life.law is law but clearly there is something wrong here.


>Other than lawyers and economists,

Investors. The prospectus filing is informative and you don't have to read it all to get good idea of the company.

The summary from CNBC omits all the details and you can't even trust it to have the numbers correctly because if they screw it up, it has no legal consequences for them.


As a rule I prefer an original source to an interpretation of a source by someone who gets paid based on the number of clicks generated.


well, there's less chance of advertisements, and it gets to the point rather quickly

i am not an economist or lawyer and prefer it

i don't have to worry about a writer/editor injecting personal opinions that i could care less about


> and it gets to the point rather quickly

In a mere 160 pages. Unless you know what to look for it most certainly does not get to the point rather quickly.


then i guess i know what to look for to satisfy myself, I'm not speaking for everyone here, just responding to OP's question


Learning curves can have solid payoff.


Primary sources are generally preferable to breathless editorializations, especially when - as here - they are not in fact written in professional jargon. Any adult of average intelligence and education should be able to get the gist of a prospectus.

Feel free to link to "news" (read: opinion) posts about the filing.


SEC filings aren't hard to read after you've been through a few and know what to look for.

I was really excited to see they cut their infra costs while supporting more revenue (bottom of page 71), that bodes very well for their future prospects.


@ultrasaurus indeed. Wall street wants us to stay away from sec filings. However they are structured data. I am running a project to make sec filings easily searchable(today) and understandable(in the future) at https://www.instant10-k.com/ We currently have 10-k & 10-Q filings for US companies and 6-K filings for foreign companies.


The risk factors section is pretty close to a good summary.


> Other than lawyers and economists, does anyone ACTUALLY prefer this raw filing?

Apparently they do, since it's at the top of HN. If they didn't, it wouldn't be at the top. Alternatively, my guess is that many HN people saw this document, upvoted it, and then went to Google for more context.


most everyone in the finance industry does

it contains the "source" facts with limited embellishment. there are all kinds of regulations that essentially result in SEC filings being fairly standardized, limited-BS documents. you dont have to worry about distilling commentary and opinion with fact, generally

for commentary and context, equity research reports are generally helpful as long as you're aware of the inherent bias. articles online can also be helpful, but generally the quality varies, and you have to spend commensurately more time fact checking

once you learn how to ctrl-f the right terms and understand the general skeleton of each type of report, it is actually pretty easy to find the relevant information


Commentary on valuation:

1. Box, a public company, is currently valued at $3.17B. It had revenues of ~$480M with a net loss of $150M in 2017 [1]

2. In contrast, Dropbox had revenues of $1.11B with a net loss of $111M in 2017.

The higher revenues, and lower losses bode well for Dropbox. Objectively, that would value Dropbox in the $8B-$9B range, $1B-$2B short of it's previous $10B private valuation

[1]: https://goo.gl/Agf5Xt


How are they planning ever to make any profits? Their product was innovative some years ago but now they have a lot of competition so I'd expect their margins to get squeezed even more.


Those numbers are even more impressive given that 2 years ago they had $600m in revenues with a net loss of $300m


But it also means transfer of more equity from founders to investors, as investment terms these days typically include equity transfers if an IPO falls short of private valuations


would like to see more evidence and proof those numbers are credible...


Dropbox's numbers are in their S1 filing and Box's in their financials already linked. Are you questioning the legitimacy of these filings?


Unhappily it's common to find that S1 financial claims are overstated after the fact, it's a part of making ipo prospects as positive as possible.


Does this mean that investors in their $10B round lost money? Is this common?


Rumor was they had a weird liquidation preferences in that round, which made it more like debt. Something like a 2x floor and 3x cap. Not sure how that resolves in an IPO though.


Not necessarily.

First, the "vs Box" valuation above is simplistic and may not be comparing apples to apples. They are competitors but they are not identical companies, so scaling valuation based on a couple of inputs fails to capture all of their dissimilarities. Also, there is no consideration for a relative spread between the two if you value Dropbox directly off Box (or in other words, which one trades over).

Second, the IPO is not always priced efficiently. Some executives might prefer to price lower just to see positive headlines about sustained gains after IPO. Others may counter that a low IPO price leaves money on the table.

You should wait to see where the stock trades after IPO and any significant lockup expiries before evaluating the success of investors in the $10bb round.


They likely have protection clauses.


Tip: Never pay for Dropbox at $99/year. It's repeatedly discounted throughout the year at Dell's website for $60, and often also comes with a $25 Dell gift card. So effectively, its value is $35/year, and you can buy multiple codes, redeem them, so you'd be effectively paying in advance for as long as you want, at 1/3rd of the price.


Normally I would jump on this, but I like dropbox, I like the people there, and I like Drew, so I'm willing to spend an extra $30 a year to increase their revenue and keep them in business longer.


Sorry, what???

I mean, you're entitled to do whatever you'd like. But do you see the potential valuations being tossed around? "Drew" is worth tens to hundreds of millions.

I just have no idea why someone would find it not only worth it to take money out of their own pocket to further a corporation that has no need for the empathy we would normally afford to people (or small businesses, which "round down" to individual people or small groups), but would actually see value in sharing this thought process with everyone else. It's not like using a "deal" is unethical or illegal (like, say, piracy), the company in question (or a reseller taking the hit) offered it. Is this some kind of silicon valley flavor of virtue signaling?

If dropbox was a startup with 8 employees, especially one that didn't offer the near-commodity service (yes, I know UX etc matter here) that dropbox does, I would understand this. But that's so far from the case


Pretty sure Drew is going to be worth upwards of $1 billion (25.3% stake at an $8-9 billion valuation minus any equity he has to give up to investors in the latest round) #TresCommas


Predictably irrational people exist! However, how is this different than a $30 donation? I think the real question you want to ask is: Why do people donate money to people who already have lots of money?


As you state, this comment equals to: "I like Drew, so let me make a donation of 30$ to Dropbox"

That's why I like economics so much. A lot of irrational behavior come simply from the fact that humans are usually terrible to understand the underlying economic transactions taking place.

One of my favorite irrational behaviour is the one in which people value object they got more than the equivalent price in which they could buy//sell that object.

For example: You have an old bottle of wine in your cellar, and it is now valued at 500$. A lot of people would simply put, never buy a 500$ bottle.

But if that bottle was your possession, most of the people would keep it and eventually probably drink it, being completely irrational in regards with the 500$ valuation.


> One of my favorite irrational behaviour is the one in which people value object they got more than the equivalent price in which they could buy//sell that object.

Art is also a good example. Art is globally unique, so what does it even mean for art to be worth $X? Seems like the only "value" of art is the price the next guy is willing to pay. The price is undefined until it's not.

On the other hand, if I have a fake Van Gogh, I would not be emotional upon liquidating it because it is fungible; some computer and printer somewhere can easily reproduce the piece if I ever need it again. In addition, the price is well-defined because fakes have a well-defined manufacturing cost associated with them. An authentic Van Gogh has an infinite manufacturing cost as the guy is dead.


This is actually a subject dealt with widely in the humanities. The Work of Art in the Age of Mechanical Reproduction is a good start, for instance. It does seem odd for art to be valued by the market, but there are clear ways to construct standard valuation (based on utility, etc) around it.

  some computer and printer somewhere can easily reproduce the piece if I ever need it again [...] well-defined manufacturing cost
This is not as straightforward as some might think! Some people agree with you. Some don't. "Fake" is a spectrum as well. Is it a reproduction of an original work, or an original work falsely attributed to a particular artist? In the second case, if the quality is high and scholarship has emerged around that work, is it "less valuable" to own after it is revealed as fake (for one individual, not at market prices) or is it in a sense more interesting? Is it perpetrated to be real or simply a print? Even if it's an authentic creation of the artist, was the work been authorized outside of their canon in a less official way? What about photographs, and later editions of them (by either the artist themselves, their estate or family, a dealer, etc)? Check out Richard Prince and his "decertifications" of paintings.

Startups offering blockchain solutions to this landscape, of course, are emerging. But they face the same problem everyone does in that market: how can physical assets, and their movements, be indisputably registered to a blockchain?


> "Fake" is a spectrum as well.

I suppose this is true, very interesting. A piece (real or not or unknown) with history, can become (de)valued in its own right.

> how can physical assets, and their movements, be indisputably registered to a blockchain

For example, I think VeChain and Modum use physical ID chips, but I don't see how they solve this problem. It seems like a tall order to create an injection between physical assets and digital ones. I could see how this would be done if the physical assets were fungible and centrally sourced, which is only going to be the case with certain physical assets.

How would people register those assets to the blockchain? No one in the world should be able to register my laptop, because they don't have it. It would need to be derived from physical measurements, but this is a can of worms because the measurements can change; physical matter is not immutable in the way that digital matter is. Coupling the two seems like a tall order, or maybe I am small minded.


You also have to consider the level of effort it takes to sell the bottle to someone who isn't an experienced wine dealer, and the spread that likely exists between the buyer and seller.

So even though it may be $500 to buy new, it's probably more like a $100 bottle if they sell it, so it's like getting an 80% off deal? Why not drink it?


> the spread that likely exists between the buyer and seller.

Spread doesn't have to favor a buyer.


No, it typically favors the middleman.


You have to think about it in terms of who demonstrates excess demand for the trade.

If the buyer is more eager to transact, usually he ends up paying higher than fair value. The opposite is usually true if the seller is more eager for the transaction.

If you have an item of unique value, you may aggressively sell it, as in your initial post to which I had replied. But if you just post a price -- take out a classified ad every week, for example -- then you can wait for an eager buyer to come along.

Even the middleman often crosses the spread. A market-maker might have to clear out of excess risk/inventory ASAP, for example, which requires him to initiate transactions.


Same here, I have yet to have an issue with the Dropbox UX


any link for this? I am planning to renew my plan.


You can add an Alert on Slickdeals to notify you. There was one last week for $70/year [0], but it's no longer active.

[0] https://slickdeals.net/f/11225815-dropbox-annual-subscriptio...


I find the equity split between Drew (25.3%) and Arash (10.3%) especially interesting given @paulg's 2014 tweet that "Zero of the most successful YC companies have a significantly disproportionate equity split" https://twitter.com/paulg/status/535588566978404352


Dropbox was an unusual case in that Drew built the product and got into YC before getting Arash to join. I guess maybe a lesson is that you can invent and code up something like the early dropbox on your own but it's useful to have a cofounder when employing a bunch of people and building a company?


It may have started equal at founding and changed over subsequent rounds. I know of a case where 4 founders started equal and differed by order of magnitude by the end.


How did this happen?


Many will sell some of their stock during a funding round to the new investor to take some money out and blow it on lambos.


Come to think of it - I don't many successful startups where the split is exactly equal prior to the IPO.

You'll find in the twitter replies that most people don't agree with his anecdata.


How is that not counterevidence given the significant split between the two?


I think that may be his point (that PG views that as an appropriate split for one or more reasons).


I believe this is the first ever YC company to go public? If so congrats to YC as well as the team at Dropbox.


A few years back (2015?) pg was on a panel and asked if YC made any mistakes on the application process. He acknowledged they did — Robert Morris gave a low score and wrote “spam” in the comments section of the application of a particular company that started looking successful, so they refined their process. It seemed clear he was talking about SendGrid which went through TechStars and went public in late 2017.

I don’t know why you still can’t search video transcripts, otherwise that video would be easy to find. Any ideas?


Wasn't Dropbox also one of their solo founders? I wonder if YC ever rethought that filter given their success.


Arash is a cofounder iirc.


The story is Drew applied to YC solo, but pg strongly encouraged him to find a co-founder. Arash joined as the co-founder before YC started: https://www.forbes.com/sites/bruceupbin/2011/10/18/paul-grah...



Curious why going public deserves an applause. Is being private a bad thing?


It signifies a milestone. Being single isn't bad but there's no problem celebrating a wedding


When you take investment money, it comes with the expectation that there will be a liquidity event. (going public, selling to another corporation) Being private is not a bad thing at all, in fact I would expect most entrepreneurs would prefer that their companies remain private. However you've accepted a faustian bargain once you take money from someone else. Going public is seen as the most desirable liquidity event, since the company still controls its own agency and you maximize choice if/when you want to sell your stake in ownership.


The bot has spoken.

The most important thing out of all, really, is funding through public market.


It's simply a major milestone and (theoretically) a sign that the company has reached a point of stability and market size that it can weather public markets.

It's also an important liquidation event for employees and investors.


Well. For Y-Combinator is a win. It's an opportunity to convert their equity to cash and get a return on their investment.


Private companies that operate at a positive cash-flow are free to distribute profits to shareholders. Sure, going public makes it easier for investors to liquidate their stock, but that doesn't mean you can't get returns from investments in private companies.


As a practical matter, Dropbox is operating at a loss, yet has value as a company because of the expectation that it will hopefully someday turn a profit. IPOing allows Y Combinator, which specializes in early stage investment, to realize a return on their investment and invest in more companies without having to wait even longer.


If you believe the profits of our industry should be captured by more than just a few uber-wealthy, well-connected individuals, you applaud.

Buying a stock on the NYSE is doable with a bit of extra cash and the touch of a button in a trading app these days. Some would argue that even this is too high a barrier for the poor and marginalized, but it makes it possible for at least a portion of the professional class to participate.


Assuming the IPO goes well they should get applause because YC and employees will get liquidity. That said, if the IPO is priced low, employees and some investors may not get a large windfall and may not celebrating too much (kind of like how you do not always celebrate a large down round).


It's more of a "congrats on the money" applause.


You don’t have to clap.


One could probably make the argument it deserves the opposite of applause.


I think that's true. I always thought AirBnb was going to be the first one to go public.


Wasn't Square a YC company? They went public in 2016 I think.


Nope. You're thinking about Stripe


From the S-1, looks like they will be excluded from the S&P500:

In addition, in July 2017, FTSE Russell and Standard & Poor’s announced that they would cease to allow most newly public companies utilizing dual or multi-class capital structures to be included in their indices. Affected indices include the Russell 2000 and the S&P 500, S&P MidCap 400, and S&P SmallCap 600, which together make up the S&P Composite 1500. Under the announced policies, our multi-class capital structure would make us ineligible for inclusion in any of these indices, and as a result, mutual funds, exchange-traded funds, and other investment vehicles that attempt to passively track these indices will not be investing in our stock. These policies are very new and it is as of yet unclear what effect, if any, they will have on the valuations of publicly traded companies excluded from the indices, but it is possible that they may depress these valuations compared to those of other similar companies that are included.


If this ever becomes a concern, the class B shareholders can convert their shares 1 to 1 into class A shares. Once all class B shares have been converted, class C shares will also convert 1 to 1 into class A shares. This would then make the company eligible to be included in the S&P 500.

I imagine that the class B shares are nontransferable, which means that this will cease to be an issue once the founders have fully cashed out.


This seems huge considering how popular ETF are these days.


That is a good find! Wonder why.

Also if a significant number of firms are excluded, I wonder if new ETFs will pop up.


I’m a fan of Dropbox, it’s an excellent product. It’s the only file sync product I’ve used in anger that I actually trust — I’ve had glitches of one sort or another with iCloud, Google Drive, OneDrive... never with Dropbox. It just works. Apple should have bought them, Jobs got it wrong ;-)

Dropbox Paper is also a delight to use, from a personal perspective. I’ve never used it on a team. I would be interested to hear whether teams of 50+ have successfully used it — it just doesn’t feel ready for the enterprise in the way that Google Drive does/is.

I’ve not read this S-1 (perhaps it clarifies this) but Dropbox seems a little confused about positioning B2C vs B2B. Does it have a packaging problem? Can it have it both ways? It feels like it’s trying to, but when I was a paying Pro user, I couldn’t get away from the upsell on the site for me to move to the business package. Annoying.

Good luck to them though — they have killer design, a killer viral product and a loyal user base.


Apple did not get it wrong. Steve Jobs offered to buy (for a putative $800M) but Drew Houston said it was not for sale. Thereafter, Steve was reportedly to have said that Apple would crush them since Dropbox is a feature and not a product.


I stand corrected! I thought he didn’t want to buy them for that reason, didn’t realise he had made an offer.


Dropbox Paper is great but the Android app sucks


Seems like the move away from AWS to it's own infrastrucutre is starting to pay dividends. 33% GM to 67% in two years is certainly impressive!


Another great find.

Yeah wasn't Dropbox one of the first big things that was built on top of S3?

Amazing to re-engineer that.


Friendly heads up: "its" is possessive (like his or hers) whereas "it's" is a contraction of "it" and "is".


I really want to file this as a bug report in the English language.

   ENG-21238: Contraction for "it is" easily confused with possessive form of "it"


English is my second language and I barely notice most mistakes but this and the death of proper use of "whose" really, really bother me for some reason.


I'm not surprised to see net neutrality mentioned as a risk factor.

Our platform depends on the quality of our users’ access to the internet. Certain features of our platform require significant bandwidth and fidelity to work effectively. Internet access is frequently provided by companies that have significant market power that could take actions that degrade, disrupt or increase the cost of user access to our platform, which would negatively impact our business.

I wonder if you could make an argument that public SAAS companies have a fiduciary duty to their shareholders to support net neutrality policy.


No, the fiduciary duty is not that prescriptive. The courts aren’t going to second-guess whether a corporation is taking the profit-maximizing action at all times.


They could also call out the flip side though, right? Dropbox could negotiate deals with the ISPs to "box out" smaller competitors. Maybe it costs them upfront but it also solidifies them in the market.


> Dropbox could negotiate deals with the ISPs to "box out" smaller competitors. Maybe it costs them upfront but it also solidifies them in the market.

Yes, if you're a short sighted MBA that wants to encourage your own extortion


Well, either way, their competitors are icloud/onedrive/googledrive... box'ing-out isnt going to be a successful strategy.


This describes a whole lot of business leaders.


That would be a shrewd business move unless the ISPs want to get into the same business.


If you don't control the network, though, it remains a risk. Whoever you partner with can renegotiate the terms later or back out of a contract depending on the exit terms (may cost them, but may be worth it for what they can get from Google).

This is the problem of the tenant, the renter. The landlord can change the terms and eat into your profits. At some point it's not worth dealing with them, but it's not always easy to leave.


But renters don't have market share.

If you're Amazon (Dropbox), you have a strong position to negotiate better shipping (network) rates from FedEx and UPS (ISPs).


Depending on how many companies you negotiate with (monopoly vs. monopsony).


And whether they’re competitors with each other. ISPs are largely regional monopolies so you can’t play them off each other as easily. They have the stronger bargaining position. Certainly stronger than Dropbox (people don’t buy internet service for Dropbox alone).


Yes, but that's not a "risk factor"... generally in an issuance document, the big pressure is to disclose all the material negatives of your business that you're aware of, partially so that down the road the SEC or your investors can't complain they weren't warned of that risk during the issuance.


The problem here is that the competitors are companies like Google and Microsoft. If it came down to a bidding war, they could outbid Dropbox just by pulling loose change out of their couch cushions.


+1, I think it’s sad to have to consider this, but business/capitalism is more of a chess game, especially if the shareholders perspective is the driving decision force.


Their primary worries for competition though are mostly some of the biggest companies in the world. Not a bright idea for Dropbox at all


The same move could also be considered defensive, like Netflix, which was essentially forced to do that.


Please don't use blockquote. it is absolutely unreadable on mobile.

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: