In JC’s Newsletter, I share the articles, documentaries, and books I enjoyed the most in the last week, with some comments on how we relate to them at Alan. I do not endorse all the articles I share, they are up for debate.
I’m doing it because a) I love reading, it is the way that I get most of my ideas, b) I’m already sharing those ideas with my team, and c) I would love to get your perspective on those.
How to avoid over-planning, how to avoid bureaucracy, how to keep simplifying the rules
IKEA founder Ingvar Kamprad on simplicity: "There have to be rules to enable a lot of people to function together in a community or a company.
But the more complicated the rules are, the harder they are to comply with. Complicated rules paralyse!
Historical baggage, fear and unwillingness to take responsibility are the breeding ground for bureaucracy. Indecisiveness generates more statistics, more studies, more committees, more bureaucracy.
Bureaucracy complicates and paralyses!
Planning is often synonymous with bureaucracy.
Planning is, of course, needed to lay out guidelines for your work and to enable a company to function in the long term.
But do not forget that exaggerated planning is the most common cause of corporate death.
Exaggerated planning constrains your freedom of action and leaves you less time to get things done.
Complicated planning paralyses.
So let simplicity and common sense guide your planning.
👉 Your Board of Directors is Probably Going to Fire You (Reaction Wheel)
❓Why am I sharing this article?
I’m very aligned with this, and it is the evolution we are taking more and more.
The board meeting is not the place to convey important information for the first time.
If you have news, tell your board members soon afterwards.
Not immediately, perhaps—give yourself some time to come up with your messaging—but as soon as possible.
And when you do, do it on the phone and one board member at a time.
Tell them the news, tell them what you think the company should do about it, and then listen to what they have to say.
Do not invite your board members to surprise you.
If you ask open-ended questions or initiate free-form discussions, you are asking to be surprised.
Inviting them to freestyle in the meeting has the possibility of starting a downward spiral: one board member says something you should have done or should do and the others start to chip in until it becomes a pile-on.
The board members should have seen the information presented before the meeting (and not just because you sent the deck—half of them won’t read it beforehand—you must talk to them.)
You should know beforehand how each board member will react to the information presented.
In your first several board meetings, when it is just you and your co-founder and your first investor, ignore my above advice and be frank.
Automatically remove from the board investor representative falling below a certain threshold of ownership (typically [10-15%] fully diluted)
Resist asks of observer seats
Push back sidekicks willing to join official directors
Limit independent director terms to 2 years with no automatic renewal
Cette disposition, traitée au niveau du pacte d’actionnaires, permet de dédramatiser la sortie du board d’un investisseur des tours précédents en le transformant en un événement purement administratif. Il est à noter que, pour des questions diverses qui ne sont pas dans l’intérêt direct de la société (engagements auprès de leurs souscripteurs, prestige personnel, gain d’expérience ou de réseau, etc.), certains investisseurs font de la résistance sur ce sujet, d’autant plus que la société bénéficie d’une traction importante.
Board discussions:
Spend > 80% of timing discussing strategy & talents
Interesting set-up for when you are a public company. How could it inspire us for our board pack or monthly?
Or in our letter to shareholders? Should we add a video?
Just to set the scene: Netflix always releases a shareholder letter and a pre-recorded earnings interview conducted by an analyst who I assume is selected by Netflix
Macro
👉 Thread by Tarek Mansour about inflation (PingThread)
❓Why am I sharing this article?
Because I think it is an interesting counterpoint.
That being said, it feels that inflation is going to be caused mostly by energy price in Europe which should not follow the bullwhip effect in the short-term.
What if I told you that DEFLATION should be one of the main concerns right now?
The Bullwhip Effect is a supply-chain term: a small change in consumer demand can lead to increasingly big changes as it trickles through the supply chain stack.
At each stage, the forecast for demand has been distorted.
It’s hard to forecast demand
We overestimate good news: everyone would like to believe they’re growing more than they are
What happens when the demand returns to normal? Inventory surplus:
The craziness of Q4 2021 + Q1 2022 strongly signaled “huge consumer demand” to all industries.
As consumer sentiment is heavily shifting, the demand for everything is going to drop drastically.
But it’s already too late: everyone’s already stocked up on inventory to prepare for tons of demand.
Prices go down.
And depending on how much overloading we’ve done on the supply side: prices might go down pretty hard.
So hard, that we might go into deflation...
Security
❓Why am I sharing these articles?
Because I believe they can give good ideas on what to avoid while witnessing the level of sophistication of hackers.
👉 Law Enforcement and User Data, Tradeoffs and Trust, Centralization and Encryption (Stratechery)
Apple Inc. and Meta Platforms Inc., the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials.
Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.”
The fraudulent legal requests are part of a months-long campaign that targeted many technology companies and began as early as January 2021, according to two of the people. The forged legal requests are believed to be sent via hacked email domains belonging to law enforcement agencies in multiple countries, according to the three people and an additional person investigating the matter.
The forged requests were made to appear legitimate. In some instances, the documents included the forged signatures of real or fictional law enforcement officers, according to two of the people. By compromising law enforcement email systems, the hackers may have found legitimate legal requests and used them as a template to create forgeries, according to one of the people.
➡️ It is really scary. What do we learn from this?
I find it really scary and pretty sure it is going to happen in the future. How do we make the team aware of those kinds of threats?
👉 How a fake job offer took down the world’s most popular crypto game (The Block)
❓Why am I sharing this article?
The level of sophistication is really high and I see how it could happen (I had similar stories in France of fake job offers for economic intelligence reasons)
We can’t stop people from taking interviews obviously, but how to educate them on not using their professional computer to download such documents? It seems an impossible task and not even recommended.
Hackers duped a senior engineer at Axie Infinity into applying for a job at a fictitious company.
The scheme resulted in the loss of $540 million in crypto earlier this year.
The approaches were made through the professional networking site LinkedIn.
After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package.
The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems.
From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total control.
North Korea’s Lazarus had abused LinkedIn and WhatsApp by posing as recruiters to target aerospace and defense contractors.
👉 The Twitter Whistleblower, mDAUs and Bots, Musk’s Akorn Lifeline (Stratechery)
❓Why am I sharing this article?
Most hacks will be social engineering.
On approximately January 4, 2009, an intruder used an automated password guessing tool to derive an employee’s administrative password, after submitting thousands of guesses into Twitter’s public login webpage. The password was a weak, lowercase, letter-only, common dictionary word.
Using this password, the intruder could access nonpublic user information and nonpublic tweets for any Twitter user. In addition, the intruder could, and did, reset user passwords, some of which the intruder posted on a website.
Thereafter, certain of these fraudulently-reset user passwords were obtained and used by other intruders to send unauthorized tweets from user accounts, including one tweet, purportedly from Barack Obama, that offered his more than 150,000 followers a chance to win $500 in free gasoline, in exchange for filling out a survey.
Unauthorized tweets also were sent from eight (8) other accounts, including the Fox News account. On approximately April 27, 2009, an intruder compromised an employee’s personal email account, and was able to infer the employee’s Twitter administrative password, based on two similar passwords, which had been stored in the account, in plain text, for at least six (6) months prior to the attack.
Using this password, the intruder could access nonpublic user information and nonpublic tweets for any Twitter user. In addition, the intruder could, and did, reset at least one user’s password.
The 2020 hack was then the largest hack of a social media platform in history, and triggered a global security incident. Moreover, the hack did not involve malware, zero-day exploits, supercomputers brute-forcing their way past encryption, or any other sophisticated approach.
In fact, it was pretty simple: Pretending to be Twitter IT support, the teenage hackers simply called some Twitter employees and asked them for their passwords. A few employees were duped and complied and — given systemic flaws in Twitter’s access controls — those credentials ‘were enough to achieve “God Mode,” where the teenagers could impostertweet from any account they wanted.
Thanks for reading 💡JC's Newsletter! Subscribe for free to receive new posts and support my work.
