Enterprise
Auto Added by WPeMatico
Foundries.io promises standardized open source IoT device security
IoT devices currently lack a standard way of applying security. It leaves consumers, whether business or individuals, left to wonder if their devices are secure and up-to-date. Foundries.io, a company that launched today, wants to change that by offering a standard way to secure devices and deliver updates over the air.
“Our mission is solving the problem of IoT and embedded space where there is no standardized core platform like Android for phones,” Foundries.io CEO George Grey explained.
What Foundries has created is an open and secure solution that saves everyone from creating their own and reinventing the wheel every time. Grey says Foundries’ approach is not only secure, it provides a long-term solution to the device update problem by providing a way to deliver updates over the air in an automated manner on any device from tiny sensors to smart thermostats to autonomous cars.
He says this approach will allow manufacturers to apply security patches in a similar way that Apple applies regular updates to iOS. “Manufacturers can continuously make sure their devices can be updated with the latest software to fix security flaws or Zero Day flaws,” he said.
The company offers two solutions, depending on the size and complexity of your device. The Zephyr RTOS microPlatform is designed for smaller, less complex devices. For those that are more complex, Foundries offers a version of Linux called the Linux OE microPlatform.
Diagram: Foundries.io
Grey claims that these platforms free manufacturers to build secure devices without having to hire a team of security experts. But he says the real beauty of the product is that the more people who use it, the more secure it will get, as more and more test it against their products in a virtuous cycle.
You may be wondering how they can make money in this model, but they do it by charging a flat fee of $10,000 per year for Zephyr RTOS and $25,000 per year for Linux OE. These are one-time prices and apply by the product, regardless of how many units get sold and there is no lock-in, according to Grey. Companies are free to back out any time. “If you want to stop subscribing you take over maintenance and you still have access to everything up to the point,. You just have to arrange maintenance yourself,” he said.
There is also a hobbyist and education package for $10 a month.
The company spun off from research at Linaro, an organization that promotes development on top of ARM chips.
To be successful, Foundries.io needs to build a broad community of manufacturers. Today’s launch is the first step in that journey. If it eventually takes off, it has the potential to provide a consistent way of securing and updating IoT devices, a move which would certainly be welcome.
Powered by WPeMatico
Semmle, startup that makes code searchable, hauls in $21M Series B
Semmle, a startup that originally spun out of research at Oxford, announced a $21 million Series B investment today led by Accel Partners. It marked the second time Accel has led an investment in the company.
Work-Bench also participated in the round. Today’s investment brings the total to $31 million.
Semmle has warranted this kind of interest by taking a unique approach to finding vulnerabilities in code. “The key idea behind our technology is to treat code as data and treat analysis problems as simple queries against a database. What this allows you to do is very easily encode domain expertise, security expertise or any other kinds of specialist knowledge in such a way it can be easily and automatically applied to large amounts of code,” Pavel Avgustinov, Semmle co-founder and VP of platform engineering told TechCrunch.
Screenshot: Semmle
Once you create the right query, you can continuously run it against your code to prevent the same mistakes from entering the code base on subsequent builds. The key here is building the queries and the company has a couple of ways to deal with that.
They can work with customers to help them create queries, although in the long run that is not a sustainable way of working. Instead, they share queries, and encourage customers to share them with the community.
“What we find is that the great tech companies we work with have the best security teams in the world, and they are giving back what they created on the Semmle platform with other users in an open source fashion. There is a GitHub repository where we publish queries, but Microsoft and Google are doing the same thing,” Oege de Moor, company CEO and co-founder explained.
In fact, the Semmle solution is freely available to open source programmers to use with their applications, and the company currently analyzes every commit of almost 80,000 open source projects. Open source developers can run shared queries against their code or create their own.
They also have a paid version with customers like Microsoft, Google, Credit Suisse, NASA and Nasdaq. They have relied mostly on these strategic partners up until now. With today’s investment they plan to build out their sales and marketing departments to expand their customer base into a wider enterprise market.
The company spun out of research at Oxford University in 2006. They are now based in San Francisco with 60 employees, a number that should go up with this investment. They received an $8 million Series A in 2014 and $2 million seed round in 2011.
Powered by WPeMatico
Distributed teams are rewriting the rules of office(less) politics
When we think about designing our dream home, we don’t think of having a thousand roommates in the same room with no doors or walls. Yet in today’s workplace where we spend most of our day, the purveyors of corporate office design insist that tearing down walls and bringing more people closer together in the same physical space will help foster better collaboration while dissolving the friction of traditional hierarchy and office politics.
But what happens when there is no office at all?
This is the reality for Jason Fried, Founder and CEO of Basecamp, and Matt Mullenweg, Founder and CEO of Automattic (makers of WordPress), who both run teams that are 100% distributed across six continents and many time zones. Fried and Mullenweg are the founding fathers of a movement that has inspired at least a dozen other companies to follow suit, including Zapier, Github, and Buffer. Both have either written a book, or have had a book written about them on the topic.
For all of the discussions about how to hire, fire, coordinate, motivate, and retain remote teams though, what is strangely missing is a discussion about how office politics changes when there is no office at all. To that end, I wanted to seek out the experience of these companies and ask: does remote work propagate, mitigate, or change the experience of office politics? What tactics are startups using to combat office politics, and are any of them effective?
“Can we take a step back here?”
Office politics is best described by a simple example. There is a project, with its goals, metrics, and timeline, and then there’s who gets to decide how it’s run, who gets to work on it, and who gets credit for it. The process for deciding this is a messy human one. While we all want to believe that these decisions are merit-based, data-driven, and objective, we all know the reality is very different. As a flood of research shows, they come with the baggage of human bias in perceptions, heuristics, and privilege.
Office politics is the internal maneuvering and positioning to shape these biases and perceptions to achieve a goal or influence a decision. When incentives are aligned, these goals point in same direction as the company. When they don’t, dysfunction ensues.
Perhaps this sounds too Darwinian, but it is a natural and inevitable outcome of being part of any organization where humans make the decisions. There is your work, and then there’s the management of your coworker’s and boss’s perception of your work.
There is no section in your employee handbook that will tell you how to navigate office politics. These are the tacit, unofficial rules that aren’t documented. This could include reworking your wardrobe to match your boss’s style (if you don’t believe me, ask how many people at Facebook own a pair of Nike Frees). Or making time to go to weekly happy hour not because you want to, but because it’s what you were told you needed to do to get ahead.
One of my favorite memes about workplace culture is Sarah Cooper’s “10 Tricks to Appear Smart in Meetings,” which includes…
- Encouraging everyone to “take a step back” and ask “what problem are we really trying to solve”
- Nodding continuously while appearing to take notes
- Stepping out to take an “important phone call”
- Jumping out of your seat to draw a Venn diagram on the whiteboard
Sarah Cooper, The Cooper Review
These cues and signals used in physical workplaces to shape and influence perceptions do not map onto the remote workplace, which gives us a unique opportunity to study how office politics can be different through the lens of the officeless.
Friends without benefits
For employees, the analogy that coworkers are like family is true in one sense — they are the roommates that we never got to choose. Learning to work together is difficult enough, but the physical office layers on the additional challenge of learning to live together. Contrast this with remote workplaces, which Mullenweg of Automattic believes helps alleviate the “cohabitation annoyances” that come with sharing the same space, allowing employees to focus on how to best work with each other, versus how their neighbor “talks too loud on the phone, listens to bad music, or eats smelly food.”
Additionally, remote workplaces free us of the tyranny of the tacit expectations and norms that might not have anything to do with work itself. At an investment bank, everyone knows that analysts come in before the managing director does, and leave after they do. This signals that you’re working hard.
Basecamp’s Fried calls this the “presence prison,” the need to be constantly aware of where your coworkers are and what they are doing at all times, both physically and virtually. And he’s waging a crusade against it, even to the point of removing the green dot on Basecamp’s product. “As a general rule, nobody at Basecamp really knows where anyone else is at any given moment. Are they working? Dunno. Are they taking a break? Dunno. Are they at lunch? Dunno. Are they picking up their kid from school? Dunno. Don’t care.”
There is credible basis for this practice. A study of factory workers by Harvard Business School showed that workers were 10% to 15% more productive when managers weren’t watching. This increase was attributed to giving workers the space and freedom to experiment with different approaches before explaining to managers, versus the control group which tended to follow prescribed instructions under the leery watch of their managers.
Remote workplaces experience a similar phenomenon, but by coincidence. “Working hard” can’t be observed physically so it has to be explained, documented, measured, and shared across the company. Cultural norms are not left to chance, or steered by fear or pressure, which should give individuals the autonomy to focus on the work itself, versus how their work is perceived.
Lastly, while physical workplaces can be the source of meaningful friendships and community, recent research by the Wharton School of Business is just beginning to unravel the complexities behind workplace friendships, which can be fraught with tensions from obligations, reciprocity and allegiances. When conflicts arise, you need to choose between what’s best for the company, and what’s best for your relationship with that person or group. You’re not going to help Bob because your best friend Sally used to date him and he was a dick. Or you’re willing to do anything for Jim because he coaches your kid’s soccer team, and vouched for you to get that promotion.
In remote workplaces, you don’t share the same neighborhood, your kids don’t go to the same school, and you don’t have to worry about which coworkers to invite to dinner parties. Your physical/personal and work communities don’t overlap, which means you (and your company) unintentionally avoid many of the hazards of toxic workplace relationships.
On the other hand, these same relationships can be important to overall employee engagement and well-being. This is evidenced by one of the findings in Buffer’s 2018 State of Remote Work Report, which surveyed over 1900 remote workers around the world. It found that next to collaborating and communicating, loneliness was the biggest struggle for remote workers.
Graph by Buffer (State of Remote Work 2018)
So while you may be able to feel like your own boss and avoid playing office politics in your home office, ultimately being alone may be more challenging than putting on a pair of pants and going to work.
Feature, not a bug?
Physical offices can have workers butting heads with each other. Image by UpperCut Images via Getty Images.
For organizations, the single biggest difference between remote and physical teams is the greater dependence on writing to establish the permanence and portability of organizational culture, norms and habits. Writing is different than speaking because it forces concision, deliberation, and structure, and this impacts how politics plays out in remote teams.
Writing changes the politics of meetings. Every Friday, Zapier employees send out a bulletin with: (1) things I said I’d do this week and their results, (2) other issues that came up, (3) things I’m doing next week. Everyone spends the first 10 minutes of the meeting in silence reading everyone’s updates.
Remote teams practice this context setting out of necessity, but it also provides positive auxiliary benefits of “hearing” from everyone around the table, and not letting meetings default to the loudest or most senior in the room. This practice can be adopted by companies with physical workplaces as well (in fact, Zapier CEO Wade Foster borrowed this from Amazon), but it takes discipline and leadership to change behavior, particularly when it is much easier for everyone to just show up like they’re used to.
Writing changes the politics of information sharing and transparency. At Basecamp, there are no all-hands or town hall meetings. All updates, decisions, and subsequent discussions are posted publicly to the entire company. For companies, this is pretty bold. It’s like having a Facebook wall with all your friends chiming in on your questionable decisions of the distant past that you can’t erase. But the beauty is that there is now a body of written decisions and discussions that serves as a rich and permanent artifact of institutional knowledge, accessible to anyone in the company. Documenting major decisions in writing depoliticizes access to information.
Remote workplaces are not without their challenges. Even though communication can be asynchronous through writing, leadership is not. Maintaining an apolitical culture (or any culture) requires a real-time feedback loop of not only what is said, but what is done, and how it’s done. Leaders lead by example in how they speak, act, and make decisions. This is much harder in a remote setting.
A designer from WordPress notes the interpersonal challenges of leading a remote team. “I can’t always see my teammates’ faces when I deliver instructions, feedback, or design criticism. I can’t always tell how they feel. It’s difficult to know if someone is having a bad day or a bad week.”
Zapier’s Foster is also well aware of these challenges in interpersonal dynamics. In fact, he has written a 200-page manifesto on how to run remote teams, where he has an entire section devoted to coaching teammates on how to meet each other for the first time. “Because we’re wired to look for threats in any new situation… try to limit phone or video calls to 15 minutes.” Or “listen without interrupting or sharing your own stories.” And to “ask short, open ended questions.” For anyone looking for a grade school refresher on how to make new friends, Wade Foster is the Dale Carnegie of the remote workforce.
To office, or not to office
What we learn from companies like Basecamp, Automattic, and Zapier is that closer proximity is not the antidote for office politics, and certainly not the quick fix for a healthy, productive culture.
Maintaining a healthy culture takes work, with deliberate processes and planning. Remote teams have to work harder to design and maintain these processes because they don’t have the luxury of assuming shared context through a physical workspace.
The result is a wealth of new ideas for a healthier, less political culture — being thoughtful about when to bring people together, and when to give people their time apart (ending the presence prison), or when to speak, and when to read and write (to democratize meetings). It seems that remote teams have largely succeeded in turning a bug into a feature. For any company still considering tearing down those office walls and doors, it’s time to pay attention to the lessons of the officeless.
Powered by WPeMatico
Incentivai launches to simulate how hackers break blockchains
Cryptocurrency projects can crash and burn if developers don’t predict how humans will abuse their blockchains. Once a decentralized digital economy is released into the wild and the coins start to fly, it’s tough to implement fixes to the smart contracts that govern them. That’s why Incentivai is coming out of stealth today with its artificial intelligence simulations that test not just for security holes, but for how greedy or illogical humans can crater a blockchain community. Crypto developers can use Incentivai’s service to fix their systems before they go live.
“There are many ways to check the code of a smart contract, but there’s no way to make sure the economy you’ve created works as expected,” says Incentivai’s solo founder Piotr Grudzień. “I came up with the idea to build a simulation with machine learning agents that behave like humans so you can look into the future and see what your system is likely to behave like.”
Incentivai will graduate from Y Combinator next week and already has a few customers. They can either pay Incentivai to audit their project and produce a report, or they can host the AI simulation tool like a software-as-a-service. The first deployments of blockchains it’s checked will go out in a few months, and the startup has released some case studies to prove its worth.
“People do theoretical work or logic to prove that under certain conditions, this is the optimal strategy for the user. But users are not rational. There’s lots of unpredictable behavior that’s difficult to model,” Grudzień explains. Incentivai explores those illogical trading strategies so developers don’t have to tear out their hair trying to imagine them.
Protecting crypto from the human x-factor
There’s no rewind button in the blockchain world. The immutable and irreversible qualities of this decentralized technology prevent inventors from meddling with it once in use, for better or worse. If developers don’t foresee how users could make false claims and bribe others to approve them, or take other actions to screw over the system, they might not be able to thwart the attack. But given the right open-ended incentives (hence the startup’s name), AI agents will try everything they can to earn the most money, exposing the conceptual flaws in the project’s architecture.
“The strategy is the same as what DeepMind does with AlphaGo, testing different strategies,” Grudzień explains. He developed his AI chops earning a masters at Cambridge before working on natural language processing research for Microsoft.
Here’s how Incentivai works. First a developer writes the smart contracts they want to test for a product like selling insurance on the blockchain. Incentivai tells its AI agents what to optimize for and lays out all the possible actions they could take. The agents can have different identities, like a hacker trying to grab as much money as they can, a faker filing false claims or a speculator that cares about maximizing coin price while ignoring its functionality.
Incentivai then tweaks these agents to make them more or less risk averse, or care more or less about whether they disrupt the blockchain system in its totality. The startup monitors the agents and pulls out insights about how to change the system.
For example, Incentivai might learn that uneven token distribution leads to pump and dump schemes, so the developer should more evenly divide tokens and give fewer to early users. Or it might find that an insurance product where users vote on what claims should be approved needs to increase its bond price that voters pay for verifying a false claim so that it’s not profitable for voters to take bribes from fraudsters.
Grudzień has done some predictions about his own startup too. He thinks that if the use of decentralized apps rises, there will be a lot of startups trying to copy his approach to security services. He says there are already some doing token engineering audits, incentive design and consultancy, but he hasn’t seen anyone else with a functional simulation product that’s produced case studies. “As the industry matures, I think we’ll see more and more complex economic systems that need this.”
Powered by WPeMatico
Klarity uses AI to strip drudgery from contract review
Klarity, a member of the Y Combinator 2018 Summer class, wants to automate much of the contract review process by applying artificial intelligence, specifically natural language processing.
Company co-founder and CEO Andrew Antos has experienced the pain of contract reviews first hand. After graduating from Harvard Law, he landed a job spending 16 hours a day reviewing contract language, a process he called mind-numbing. He figured there had to be a way to put technology to bear on the problem and Klarity was born.
“A lot of companies are employing internal or external lawyers because their customers, vendors or suppliers are sending them a contract to sign,” Antos explained They have to get somebody to read it, understand it and figure out whether it’s something that they can sign or if it requires specific changes.
You may think that this kind of work would be difficult to automate, but Antos said that contracts have fairly standard language and most companies use ‘playbooks.’ “Think of the playbook as a checklist for NDAs, sales agreements and vendor agreements — what they are looking for and specific preferences on what they agree to or what needs to be changed,” Antos explained.
Klarity is a subscription cloud service that checks contracts in Microsoft Word documents using NLP. It makes suggestions when it sees something that doesn’t match up with the playbook checklist. The product then generates a document, and a human lawyer reviews and signs off on the suggested changes, reducing the review time from an hour or more to 10 or 15 minutes.
Screenshot: Klarity
They launched the first iteration of the product last year and have 14 companies using it with 4 paying customers so far including one of the world’s largest private equity funds. These companies signed on because they have to process huge numbers of contracts. Klarity is helping them save time and money, while applying their preferences in a consistent fashion, something that a human reviewer can have trouble doing.
He acknowledges the solution could be taking away work from human lawyers, something they think about quite a bit. Ultimately though, they believe that contract reviewing is so tedious, it is freeing up lawyers for work that requires a greater level of intellectual rigor and creativity.
Antos met his co-founder and CTO, Nischal Nadhamuni, at an MIT entrepreneurship class in 2016 and the two became fast friends. In fact, he says that they pretty much decided to start a company the first day. “We spent 3 hours walking around Cambridge and decided to work together to solve this real problem people are having.”
They applied to Y Combinator two other times before being accepted in this summer’s cohort. The third time was the charm. He says the primary value of being in YC is the community and friendships they have formed and the help they have had in refining their approach.
“It’s like having a constant mirror that helps you realize any mistakes or any suboptimal things in your business on a high speed basis,” he said.
Powered by WPeMatico
Work-Bench enterprise report predicts end of SaaS could be coming
Work-Bench, a New York City venture capital firm that spends a lot of time around Fortune 1000 companies, has put together The Work-Bench Enterprise Almanac: 2018 Edition, which you could think of as a State of the Enterprise report. It’s somewhat like Mary Meeker’s Internet Trends report, but with a focus on the tools and technologies that will be having a major impact on the enterprise in the coming year.
Perhaps the biggest take-away from the report could be that the end of SaaS as we’ve known could be coming if modern tools make it easier for companies to build software themselves. More on this later.
While the report writers state that their findings are based at least partly on anecdotal evidence, it is clearly an educated set of observations and predictions related to the company’s work with enterprise startups and the large companies they tend to target.
As they wrote in their Medium post launching the report, “Our primary aim is to help founders see the forest from the trees. For Fortune 1000 executives and other players in the ecosystem, it will help cut through the noise and marketing hype to see what really matters.” Whether that’s the case will be in the eye of the reader, but it’s a comprehensive attempt to document the state of the enterprise as they see it, and there are not too many who have done that.
The big picture
The report points out the broader landscape in which enterprise companies — startups and established players alike — are operating today. You have traditional tech companies like Cisco and HP, the mega cloud companies like Amazon, Microsoft and Google, the Growth Guard with companies like Snowflake, DataDog and Sumo Logic and the New Guard, those early stage enterprise companies gunning for the more established players.
As the report states, the mega cloud players are having a huge impact on the industry by providing the infrastructure services for startups to launch and grow without worrying about building their own data centers or scaling to meet increasing demand as a company develops.
The mega clouders also scoop up a fair number of startups. Yet they don’t devote quite the level of revenue to M&A as you might think based on how acquisitive the likes of Salesforce, Microsoft and Oracle have tended to be over the years. In fact, in spite of all the action and multi-billion deals we’ve seen, Work-Bench sees room for even more.
It’s worth pointing out that Work-Bench predicts Salesforce itself could become a target for mega cloud M&A action. They are predicting that either Amazon or Microsoft could buy the CRM giant. We saw such speculation several years ago and it turned out that Salesforce was too rich for even these company’s blood. While they may have more cash to spend, the price has probably only gone up as Salesforce acquires more and more companies and its revenue has surpassed $10 billion.
About those mega trends
The report dives into 4 main areas of coverage, none of which are likely to surprise you if you read about the enterprise regularly in this or other publications:
- Machine Learning
- Cloud
- Security
- SaaS
While all of these are really interconnected as SaaS is part of the cloud and all need security and will be (if they aren’t already) taking advantage of machine learning. Work-Bench is not seeing it in such simple terms, of course, diving into each area in detail.
The biggest take-away is perhaps that infrastructure could end up devouring SaaS in the long run. Software as a Service grew out of couple of earlier trends, the first being the rise of the Web as a way to deliver software, then the rise of mobile to move it beyond the desktop. The cloud-mobile connection is well documented and allowed companies like Uber and Airbnb, as just a couple of examples, to flourish by providing scalable infrastructure and a computer in our pockets to access their services whenever we needed them. These companies could never have existed without the combination of cloud-based infrastructure and mobile devices.
End of SaaS dominance?
But today, Work-Bench is saying that we are seeing some other trends that could be tipping the scales back to infrastructure. That includes containers and microservices, serverless, Database as a Service and React for building front ends. Work-Bench argues that if every company is truly a software company, these tools could make it easier for companies to build these kind of services cheaply and easily, and possibly bypass the SaaS vendors.
What’s more, they suggest that if these companies are doing mass customization to these services, then it might make more sense to build instead of buy, at least on one level. In the past, we have seen what happens when companies try to take these kinds of massive software projects on themselves and it hardly ever ended well. They were usually bulky, difficult to update and put the companies behind the curve competitively. Whether simplifying the entire developer tool kit would change that remains to be seen.
They don’t necessarily see companies running wholesale away from SaaS just yet to do this, but they do wonder if developers could push this trend inside of organizations as more tools appear on the landscape to make it easier to build your own.
The remainder of the report goes in depth into each of these trends, and this article just has scratched the surface of the information you’ll find there. The entire report is embedded below.
Powered by WPeMatico
Cisco’s $2.35 billion Duo acquisition front and center at earnings call
When Cisco bought Ann Arbor, Michigan security company, Duo for a whopping $2.35 billion earlier this month, it showed the growing value of security and security startups in the view of traditional tech companies like Cisco.
In yesterday’s earnings report, even before the ink had dried on the Duo acquisition contract, Cisco was reporting that its security business grew 12 percent year over year to $627 million. Given those numbers, the acquisition was top of mind in CEO Chuck Robbins’ comments to analysts.
“We recently announced our intent to acquire Duo Security to extend our intent-based networking portfolio into multi- cloud environments. Duo’s SaaS delivered solution will expand our cloud security capabilities to help enable any user on any device to securely connect to any application on any network,” he told analysts.
Indeed, security is going to continue to take center stage moving forward. “Security continues to be our customers number one concern and it is a top priority for us. Our strategy is to simplify and increase security efficacy through an architectural approach with products that work together and share analytics and actionable threat intelligence,” Robbins said.
That fits neatly with the Duo acquisition, whose guiding philosophy has been to simplify security. It is perhaps best known for its two-factor authentication tool. Often companies send a text with a code number to your phone after you change a password to prove it’s you, but even that method has proven vulnerable to attack.
What Duo does is send a message through its app to your phone asking if you are trying to sign on. You can approve if it’s you or deny if it’s not, and if you can’t get the message for some reason you can call instead to get approval. It can also verify the health of the app before granting access to a user. It’s a fairly painless and secure way to implement two-factor authentication, while making sure employees keep their software up-to-date.
Duo Approve/Deny tool in action on smartphone.
While Cisco’s security revenue accounted for a fraction of the company’s overall $12.8 billion for the quarter, the company clearly sees security as an area that could continue to grow.
Cisco hasn’t been shy about using its substantial cash holdings to expand in areas like security beyond pure networking hardware to provide a more diverse recurring revenue stream. The company currently has over $54 billion in cash on hand, according to Y Charts.
Cisco spent a fair amount money on Duo, which according to reports has $100 million in annual recurring revenue, a number that is expected to continue to grow substantially. It had raised over $121 million in venture investment since inception. In its last funding round in September 2017, the company raised $70 million on a valuation of $1.19 billion.
The acquisition price ended up more than doubling that valuation. That could be because it’s a security company with recurring revenue, and Cisco clearly wanted it badly as another piece in its security solutions portfolio, one it hopes can help keep pushing that security revenue needle ever higher.
Powered by WPeMatico
Shelf Engine uses machine learning to stop food waste from eating into store margins
Shelf Engine’s team
While running Molly’s, the Seattle-based ready meal wholesaler he founded, Stefan Kalb was upset about its 28 percent food wastage rate. Feeling that the amount was “astronomical,” he began researching how to lower it — and was shocked to discovered Molly’s was actually outperforming the industry average. Confronted by the sheer amount of food wasted by American retailers, Kalb and Bede Jordan, then a Microsoft engineer, began working on an order prediction engine.
The project quickly brought Molly’s percentage of wasted food down to the mid-teens. “It was one of the most fulfilling things I’ve ever done in my career,” Kalb told TechCrunch in an interview. Driven by its success, Kalb and Jordan launched Shelf Engine in 2016 to make the technology available to other companies. Currently participating in Y Combinator, the startup has already raised $800,000 in seed funding from Initialized Capital, the venture capital firm founded by Alexis Ohanian and Gerry Tan, and is now used at more than 180 retail points by clients including WeWork, Bartell Drugs, Natural Grocers and StockBox.
Shelf Engine’s order prediction engine analyzes historical order and sales data and makes recommendations about how much retailers should order to minimize waste and increase margins. The more retailers use Shelf Engine, the more accurate its machine learning model becomes. The system also helps suppliers, because many operate on guaranteed sales, or scan-based trading, which means they agree to take back and refund the purchase price of any products that don’t sell by their expiration date. While running Molly’s, Kalb learned what a huge pain point this is for suppliers. To alleviate that, Shelf Engine itself buys back unsold inventory from the retailers it works with, taking the risk away from their suppliers.
Kalb, Shelf Engine’s CEO, claims the startup’s customers are able to increase their gross margins by 25 percent and reduce food waste from an industry average of 30 percent to about 16-18 percent for items that expire within one to five days. (For items with a shelf life of up to 45 days, the longest that Shelf Engine manages, it can reduce waste to as little as 3-4 percent).
The food industry operates on notoriously tight margins, and Shelf Engine wants to relieve some of the pressure. Running Molly’s, which supplies corporate campuses, including Microsoft, Boeing and Amazon, gave Kalb a firsthand look at the paradox faced by retail managers. Even though a lot of food is wasted, items are also frequently out of stock at stores, annoying customers. Then there is the social and environmental impact of food waste — not only does it raise prices, food rotting in landfills is a major contributor to methane emissions.
A store manager may need to make ordering decisions about thousands of products, leaving little time for analysis. Though there are enterprise resource planning software products for food retail, Kalb says that during store visits he realized a surprisingly high number still rely on Excel spreadsheets or pen and paper to manage reoccurring orders. The process is also highly subjective, with managers ordering products based on their personal preferences, a customer’s suggestion or what they’ve noticed does well at other stores. Sometimes retailers get stuck in a cycle of overcorrecting, because if customers complain about missing out on something, managers order more inventory, only to end up with wastage, then scaling back their next order and so on.
“Americans want selection at all times, we get furious when a product is sold out, but it’s a really hard decision to make about how much challah bread to stock on a Monday,” says Kalb. “Yet we are doing that ad hoc.”
When retailers use Shelf Engine’s prediction engine, it decides how many units they need and then submits those orders to their suppliers. After products reach their sell-by dates, the retailer reports back to Shelf Engine, which only charges them for units they sold, but still pays suppliers for the full order. As time passes, Shelf Engine can make more granular predictions (for example, how precipitation correlates with the sale of specific items like juice or bread).
In addition to providing the impetus for the creation of Shelf Engine, Molly’s also helped Kalb and Jordan, its CTO, build the startup’s distribution network. Kalb says Shelf Engine has benefited from the network effect, because when a retailer signs up, their suppliers will often mention it to other retailers that they serve. Kalb says the startup is currently hiring more engineers and salespeople to help Shelf Engine leverage that and spread through the food retail industry.
“It’s a world I got to know and I came into the world fascinated with healthy food and making delicious grab-and-go meals,” says Kalb. “It turned into a fascination with this crazy market, which is so massive and still has so many opportunities to be maximized.”
Powered by WPeMatico
RunSafe could eliminate an entire class of infrastructure malware attacks
RunSafe, a Mclean Virginia startup, got started doing research for DARPA on how to defend critical infrastructure. They built a commercial product based on that initial research that they claim eliminates an entire class of attacks. Today, the company released a product called Alkemist that enables customers to install the solution without help from RunSafe.
RunSafe co-founder and CEO Joe Saunders says that the product began with the DoD research and a simple premise: “If you assume hardware in the supply chain is compromised, can you still build trusted software on top of untrusted hardware. And so we came up with techniques that we have since greatly expanded to protect the software from compromise. We eliminate an entire class of attacks and greatly reduce the attack surface for software across critical infrastructure,” he told TechCrunch.
Saunders uses a data center cooling system as an example. If someone were able to control the cooling systems, they could cause the whole data center to overheat in order to shut it down. RunSafe is designed to prevent that from happening whether it’s a data center, a power plant or water works.
The way they do this is by hardening the software binary so malware and exploitations can’t find the tools they need to execute across the infrastructure. In the data center example, that means the attacker could find their way in, and attack a single machine, but couldn’t replicate the attack across multiple machines.
“They’re looking for functions and memory and different things that they can use in their exploitation. What we do is we make it very difficult for the attack tool to find that information, and without the ability to find the memory or the functions, they can’t execute their attack,” he said.
He says that they do this by making every instance “functionally identical but logically unique” by relocating where functions and memory exist at a low level in the software. “When an exploit is looking for memory or function to exploit the software product, it can’t locate them,” Saunders said. And that makes it practically impossible to move across the system, he explained.
He points out this is a far different approach from how most security vendors approach the problem. “Other solutions that are leveraging intrusion detection or monitoring or analytics are detecting when there’s a compromise, but they’re not solving the problem — you still can be breached and the exploit can still execute. We’re eliminating the exploit,” he said.
The company works with hardware manufacturers to install their solution at the factory before they get deployed, and with customers like data center operators to protect their critical infrastructure. Prior to the release of Alkemist, the installation required some hand-holding from RunSafe. With today’s release, the customer can install the product themselves and that could increase their customer base.
RunSafe launched at the end of 2015 and released the first version of the product last year. They currently count a dozen customers and are protecting hundreds of thousands machines across their customer base and expect to cross one million protected machines by the end of the year, according to Saunders.
The company has raised $2.4 million in seed investment.
Powered by WPeMatico
Oracle open sources Graphpipe to standardize machine learning model deployment
Oracle, a company not exactly known for having the best relationship with the open source community, is releasing a new open source tool today called Graphpipe, which is designed to simplify and standardize the deployment of machine learning models.
The tool consists of a set of libraries and tools for following the standard.
Vish Abrams, whose background includes helping develop OpenStack at NASA and later helping launch Nebula, an OpenStack startup in 2011, is leading the project. He says as his team dug into the machine learning workflow, they found a gap. While teams spend lots of energy developing a machine learning model, it’s hard to actually deploy the model for customers to use. That’s where Graphpipe comes in.
He points out that it’s common with newer technologies like machine learning for people to get caught up in the hype. Even though the development process keeps improving, he says that people often don’t think about deployment.
“Graphpipe is what’s grown out of our attempt to really improve deployment stories for machine learning models, and to create an open standard around having a way of doing that to improve the space,” Abrams told TechCrunch.
As Oracle dug into this, they identified three main problems. For starters, there is no standard way to serve APIs, leaving you to use whatever your framework provides. Next, there is no standard deployment mechanism, which leaves developers to build custom ones every time. Finally, they found existing methods leave performance as an afterthought, which in machine learning could be a major problem.
“We created Graphpipe to solve these three challenges. It provides a standard, high-performance protocol for transmitting tensor data over the network, along with simple implementations of clients and servers that make deploying and querying machine learning models from any framework a breeze,” Abrams wrote in a blog post announcing the release of Graphpipe.
The company decided to make this a standard and to open source it to try and move machine learning model deployment forward. “Graphpipe sits on that intersection between solving a business problems and pushing the state of the art forward, and I think personally, the best way to do that is by have an open source approach. Often, if you’re trying to standardize something without going for the open source bits, what you end up with is a bunch of competing technologies,” he said.
Abrams acknowledged the tension that has existed between Oracle and the open source community over the years, but says they have been working to change the perception recently with contributions to Kubernetes and Oracle FN, their open source Serverless Functions Platform as examples. Ultimately he says, if the technology is interesting enough, people will give it a chance, regardless of who is putting it out there. And of course, once it’s out there, if a community builds around it, they will adapt and change it as open source projects tend to do. Abrams hopes that happens.
“We care more about the standard becoming quite broadly adopted, than we do about our particular implementation of it because that makes it easier for everyone. It’s really up to the community decide that this is valuable and interesting.” he said.
Graphpipe is available starting today on the Oracle GitHub Graphpipe page.
Powered by WPeMatico