I was beginning to understand that the best kinds of freedom involved choosing your constraints wisely, and claiming them as your own.

—Jonathan Rowson

📆 There’s a chance that I won’t have an edition on Monday. Or maybe it’ll just be shorter 🤔

It’s rare for me to skip one, but I have family stuff, I have to do my taxes, and my youngest kid threw up on the floor in the hallway at 2 AM last night… I don’t know if I’ll have the time to write ¯\_(ツ)_/¯

➗ Something I don’t hear enough about:

When you try to make everything “open,” “inter-operable,” and “cross-platform”, you gain many things. But you also *lose* some benefits and optionality.

If two things are really 100% compatible, it means that one cannot improve faster or be much better than the other.

It also stops you from doing all kinds of experimentation and big changes to your thing because that would break compatibility with others, who may not want to go in that direction for whatever reason. Even if they want to, the coordination cost will slow things down, and the design-by-committee effect probably means you end up with a worse product at the end of the process.

There are “least common denominator” issues with multi-cloud, messaging/social network platforms being interoperable, some aspects of software and hardware platforms, a lot of Web3 models, etc.

My point is just that we should remember that there are also downsides to this stuff, not just upsides.

Life is trade-offs, so getting the balance right matters more than thinking in binary terms and imagining that one side is purely 😇 while the other side is purely 👿

0% compatibility may be bad, but maybe 100% isn’t the ideal level either.

🚙💨 A hill I will die on, at least until we all have EVs and this stops mattering:

People who unnecessarily idle their engines for long periods (before you tell me about legitimate reasons, note that I’m only talking about unnecessary idling — I know that sometimes the reasons may not always be apparent).

I see it constantly. 10-20 minutes of idling in a parking lot in mild weather, getting 0 MPG, someone scrolling their phone in the driver’s seat…

This much waste is terribly ugly to me, like pouring a good single malt scotch down the drain.

Unnecessary idling around the world is probably larger than Russia’s oil exports…

Is it old myths about wear & tear or starting engines using huge amounts of fuel that need to be more properly debunked?

PSA campaigns and education in driver’s education, maybe? We’ll never get everyone, but we can do better… It’s a low-hanging fruit that saves people money with no downsides.

💚 🥃 If you are not a paid supporter yet, I hope this is the edition that makes you go:

“Hey, I think I want to support what he’s doing here.”

Thank you for that!

🧩 A Word From Our Sponsor: Heyday 🧠

Do you have 100+ browser tabs open right now? 😬

Give your memory a boost with Heyday, the research tool that automatically saves the content you view, and resurfaces it within your existing workflows. 👩‍💻

It’s like cheat codes for your memory. 😲💡

🧩 Give your memory a boost today 🧠

🏦 💰 Liberty Capital 💳 💴

🦅 Crowdstrike Investor Day Highlights 🔐

On share gains in a market that is itself growing fast:

CrowdStrike has grown its market share in a growing market. In calendar 2019, the year we went public, IDC estimated that we had approximately 7.9% share of the modern endpoint market. And in just 12 months' time, the industry saw major changes with several vendors being acquired in rapid succession. At the same time, CrowdStrike grew rapidly, gained tremendous market share and was named the leader in the market with 12.2% share.

As of midyear 2021, CrowdStrike continued to command the #1 position with market share growing to 14.2%, even with these fantastic market share gains, we continue to see meaningful opportunities ahead.

On the effectiveness of their products (in standardized tests — SentinelOne also did great there):

We are scoring 100% in detection of attacks in SE Labs EDR test. 99.9% protection rate in AV-Comparatives real-world test, and on the just release MITRE evaluation, we led the evaluation with 100% automated prevention. [...]

Upon initiation of the test, Falcon quickly identified that a breach password was being used on an account that had been compromised. This prevented the MITRE evaluator from gaining access to the environment altogether. In other words, we stopped the would-be attacker before it could even gain access, redefining what it means to stop the breach. And in order for the test to continue, we were asked to disable our identity protection capabilities, and we still achieved 100% prevention across all 9 steps. [...]

I think it's a true testament to what we've built when the evaluators have to stop the test, call you up and say, "Can you please turn off your prevention capability so we can continue the test"?

I think this early detection was achieved with the zero trust tech that they acquired with Preempt, but I’m not 100% sure.

In any case, in the real-world, the attacker can’t ask to turn off that feature!

On free cash flow and growth metrics:

As of January 31, 2022, there were a total of 43 public enterprise software companies with more than $1 billion in the last 12 months revenue. And just 5 of those companies were growing and an LTM rate of 60% or more, including CrowdStrike, Datadog, Snowflake, Toast and Twilio. Of those 5 companies, only CrowdStrike delivered 30% LTM free cash flow margin with the second closest company delivering 24%.

For outsiders to the security industry (well, I am an outsider too, but I enjoy learning about it), it may not be clear just how large the opportunity is: Kurtz mentions their legacy competitors having *hundreds of thousands* of customers, while Crowdstrike only had 16k at the end of last quarter.

They mention having focused first on larger accounts, where they have around 35% penetration, but with mid-sized and smaller companies, they’re still in the 1-3% market share range, so there’s still plenty of room to grow there if they decide to tailor their products for that space.

They also think it’s early day with federal government business, which should accelerate now that they’ve won various seals of approvals to sell into the DoD and other agencies.

An important part of their model is getting customers to use more and more modules, and this chart shows they’ve been successful at it. This matters because once you’ve got a customer to install your agent and send telemetry data, additional modules are almost pure margin.

They’re adding more seats at existing customers, but some of the net retention above 120% is also coming from more modules for existing seats.

One thing that stood out to me about Crowdstrike is how US-centric they are, with more than 70% of revenue coming from there. Seems like an opportunity, since cyber-attackers don’t care too much about borders.

Andy Jassy’s 1st letter as Amazon CEO 📨🧐

Some highlights:

Consumer revenue grew dramatically in 2020. In 2020, Amazon’s North America and International Consumer revenue grew 39% YoY on the very large 2019 revenue base of $245 billion; and, this extraordinary growth extended into 2021 with revenue increasing 43% YoY in Q1 2021. These are astounding numbers. We realized the equivalent of three years’ forecasted growth in about 15 months [...]

We spent Amazon’s first 25 years building a very large fulfillment network, and then had to double it in the last 24 months to meet customer demand.

I wrote about this in edition #238, which this great chart showing Amazon’s total square footage over time:

Just bonkers.

In every business we pursue, we’re constantly experimenting and inventing. We’re divinely discontented with customer experiences, whether they’re our own or not. We believe these customer experiences can always be better, and we strive to make customers’ lives better and easier every day. The beauty of this mission is that you never run out of runway; customers always want better, and our job is both to listen to their feedback and to imagine what else is possible and invent on their behalf.

This is basically a re-statement of the Bezos creed.

He talks about logistics improvements after 20+ years of iteration and over $100bn in investment:

In the early 2000s, it took us an average of 18 hours to get an item through our fulfillment centers and on the right truck for shipment. Now, it takes us two [...]

For perspective, in 2004, we had seven fulfillment centers in the U.S. and four in other parts of the world, and we hadn’t yet added delivery stations, which connect our fulfillment and sortation centers to the last-mile delivery vans you see driving around your neighborhood. Fast forward to the end of 2021, we had 253 fulfillment centers, 110 sortation centers, and 467 delivery stations in North America, with an additional 157 fulfillment centers, 58 sortation centers, and 588 delivery stations across the globe.

Our delivery network grew to more than 260,000 drivers worldwide, and our Amazon Air cargo fleet has more than 100 aircraft. This has represented a capital investment of over $100 billion and countless iterations and small process improvements by over a million Amazonians in the last decade and a half.

How do you replicate that? And they’re not standing still…

Going down memory lane on AWS:

We launched EC2 in 2006 with one instance size, in one data center, in one region of the world, with Linux operating system instances only (no Windows), without monitoring, load balancing, auto-scaling, or yes, persistent storage.

On making their own chips:

[we] realized that if we wanted to push price and performance further (as customers requested), we’d have to develop our own chips, too.

Our first generalized chip was Graviton, which we announced in 2018. This helped a subset of customer workloads run more cost-effectively than prior options. But, it wasn’t until 2020, after taking the learnings from Graviton and innovating on a new chip, that we had something remarkable with our Graviton2 chip, which provides up to 40% better price-performance than the comparable latest generation x86 processors. Think about how much of an impact 40% improvement on compute is. [...]

announced Graviton3 this past December (offering a 25% improvement on top of Graviton2’s relative gains).

While the first Graviton was announced in 2018, they had probably been working on it since 2016-17, so this is a 5-6 year journey to be able to differentiate their compute from the competition that doesn’t have such chips (yet).

The last portion of the letter is about 7 ways to avoid Day 2, and a big part of it comes back to *speed*.

Avoid things that bog down your teams (bureaucracy, too many things to focus on at the same time, incentives that pull in different directions, etc) and protect things that generate that speed (small teams, permission to fail, releasing early, iterating often, invention, etc).

When it comes to a focus on velocity, I think Frank Slootman (❄️) and Andy Jassy would get along well (well, they are, considering Snowflake’s deepening partnerships with AWS).

Epic raises $2bn from Sony and LEGO to build its metaverse

Apparently, building a metaverse is pretty capital-intensive:

Today Epic Games announced a $2 billion round of funding to advance the company’s vision to build the metaverse and support its continued growth. 

This round includes investments from existing investor Sony Group Corporation as well as KIRKBI, the family-owned holding and investment company behind The LEGO Group, with each party investing $1 billion respectively. (Source)

This values the company at $31.5bn post-money, also known as couch cushion change vs what Facebook Meta is spending on its metaverse longer-term…

🧪🔬 Liberty Labs 🧬 🔭

Manufacturing expert Sandy Munroe takes a tour of the new Tesla Gigafactory in Texas

His thoughts on the new 1-piece castings for the front and back of the Model Y with structural battery packs are particularly interesting. You can see how impressed he is.

Paraphrasing him a bit: “This casting replaces maybe 150 parts... Every time you have to weld two parts together, there’s a chance that something goes wrong, and it takes space in your factory to have all the robots to do this…. It’s really well-made, I mean that sincerely... It’s going to be nigh impossible for anyone else to have fewer hours per vehicle. This is brilliant.”

‘Autocomplete is the Express Route to Local Maxima’ 🏔

Friend-of-the-show and Extra-Deluxe supporter (💚💚💚💚💚 🥃) Byrne Hobart has a really interesting riff on autocomplete (the thing in Google that suggests what to search for, not to be confused with autocorrect, which is the thing that sucks on your phone):

• Autocomplete is the Express Route to Local Maxima ($)

Here’s a highlight:

People are very sensitive to how options are presented, and even to the order in which they're suggested. There are entire books about this at a macro level, but at a micro level the most common example of this is autocomplete. In search, autocomplete is a uniquely powerful tool because it combines utility and discoverability: a search product that's continuously guessing what users will want to search for is trivially able to speed up their queries, but it's also a way to surface new things users wouldn't have thought of. Autocomplete is a combination of mindreading and brainwashing, since it's guessing what you'll want to do and telling you what you ought to do. [...]

The benefit of autocomplete is identical to its downside: it provides a mostly self-improving look at what other people are searching for

🎨 🎭 Liberty Studio 👩‍🎨 🎥

🎤🎸 Steve Albini’s letter to Nirvana about being their studio engineer 💿

I remember seeing this years ago. It’s a classic, and the whole thing is great. Thanks to Shaun Usher for re-surfacing it!

Some highlights:

I think the very best thing you could do at this point is exactly what you are talking about doing: bang a record out in a couple of days, with high quality but minimal “production” and no interference from the front office bulletheads. If that is indeed what you want to do, I would love to be involved. 

If, instead, you might find yourselves in the position of being temporarily indulged by the record company, only to have them yank the chain at some point (hassling you to rework songs/sequences/production, calling-in hired guns to “sweeten” your record, turning the whole thing over to some remix jockey, whatever...) then you're in for a bummer and I want no part of it. 

I'm only interested in working on records that legitimately reflect the band's own perception of their music and existence. If you will commit yourselves to that as a tenet of the recording methodology, then I will bust my ass for you.

Authenticity! Velocity! Yes 🤘

About my methodology and philosophy:

#1: Most contemporary engineers and producers see a record as a “project,” and the band as only one element of the project. Further, they consider the recordings to be a controlled layering of specific sounds, each of which is under complete control from the moment the note is conceived through the final six. If the band gets pushed around in the process of making a record, so be it; as long as the “project” meets with the approval of the fellow in control. 

My approach is exactly the opposite. 

I consider the band the most important thing, as the creative entity that spawned both the band's personality and style and as the social entity that exists 24 hours out of each day. I do not consider it my place to tell you what to do or how to play.

Too many people are driven by ego and can’t truly help others because they try to make anything about themselves.

I like to leave room for accidents or chaos. Making a seamless record, where every note and syllable is in place and every bass drum is identical, is no trick. Any idiot with the patience and the budget to allow such foolishness can do it. I prefer to work on records that aspire to greater things, like originality, personality and enthusiasm. If every element of the music and dynamics of a band is controlled by click tracks, computers, automated mixes, gates, samplers and sequencers, then the record may not be incompetent, but it certainly won't be exceptional.

Pump it right into my veins!

I do not want and will not take a royalty on any record I record. No points. Period. I think paying a royalty to a producer or engineer is ethically indefensible. The band write the songs. The band play the music. It's the band's fans who buy the records. The band is responsible for whether it's a great record or a horrible record. Royalties belong to the band. 

I would like to be paid like a plumber: I do the job and you pay me what it's worth. The record company will expect me to ask for a point or a point and a half. If we assume three million sales, that works out to 400,000 dollars or so. There's no fucking way I would ever take that much money. I wouldn't be able to sleep. 

I have to be comfortable with the amount of money you pay me, but it's your money, and I insist that you be comfortable with it as well.

Motivated by art, not money... which is why so many wanted to work with him and he probably never had to worry about money.

aka Money as a byproduct of doing a good job at some higher goal. 💰