Hello!
The comments on this profile are unclaimed and thus are unverified.
Do they belong to you? Claim these comments.
trevelyan
Is this you? Claim Profile »
1 week ago
in What VCs Are Worrying About on A VC
Fred,
You argue there is "no lack of good opportunities, [and] no lack of talent." Yet you believe there is an oversupply of capital? How does this make sense? If there are good investment options relative to the rest of the market that suggests an undersupply of capital.
If the strongest concerns are with exit markets, that means VC exit strategies are not aligned with market realities. In the presence of good investment options, that is evidence of historically poor investment decisions, and/or poor execution by funded companies. As a the founder of a small bootstrapped business I find it hard to sympathize. Not every business needs to be on life support. Why are people funding those that do?
You argue there is "no lack of good opportunities, [and] no lack of talent." Yet you believe there is an oversupply of capital? How does this make sense? If there are good investment options relative to the rest of the market that suggests an undersupply of capital.
If the strongest concerns are with exit markets, that means VC exit strategies are not aligned with market realities. In the presence of good investment options, that is evidence of historically poor investment decisions, and/or poor execution by funded companies. As a the founder of a small bootstrapped business I find it hard to sympathize. Not every business needs to be on life support. Why are people funding those that do?
1 reply
fredwilson
there's an oversupply of capital because VCs want to pile too much money into companies that are already funded and me too competitors.
10 months ago
in Firefox’s SSL policy is not bad, you idiot on Noah's Mark
Server identity verification can and should be tested in the same manner that Google Apps does it - stick a new page up on your server or add a new CNAME record to prove you control the domain.
If domain names can be registered for under $10, why should domain name verification cost hundreds of dollars per year?
If domain names can be registered for under $10, why should domain name verification cost hundreds of dollars per year?
1 reply
noah
Because they are different services - note the keyword _verification_ in that second part. The first part, the "I want a domain name here plzthx", isn't a complicated problem because there aren't many (enforced) trust/identity strings attached. Also, because there are an inordinate amount of domains being registered and a much smaller number of sites getting SSL certs, I can only imagine the cost for the first will be much cheaper than the second. Sounds pretty simple to me.
Oh, and the real answer is, "because they charge that much and people will pay it." Enter capitalism.
Your suggestion, in the first paragraph, is for how a "trusted" authority should establish trust with an untrusted endpoint - you do some activity to prove to that party that you "own" the domain, and that third party, which is a trusted authority by some other definition, is depended on for its verification of your site. Maybe that is enough to establish trust, but how does it relate to the post?
If you want to complain about the methods CAs use to verify identity, then that is a different discussion. If you feel a CA charges too much for its services, find a different one. The digicert price I found was after clicking 2 links in a google search. I bet you can find better prices without looking too hard.
Or you get behind someone like CACert.org, who gives out free (as in beer) certs and (I believe) is still trying to be accepted by mozilla as a trusted root CA:
https://bugzilla.mozilla.org/show_bug.cgi?id=21...
Mozilla has a nice, fair, and public policy for how to become a trusted CA:
http://www.mozilla.org/projects/security/certs/...
So I don't think there are major roadblocks preventing somebody from using your method to establish trust and charging less than $100 a year and getting accepted by mozilla as a root CA. Except, you know, capitalism.
Oh, and the real answer is, "because they charge that much and people will pay it." Enter capitalism.
Your suggestion, in the first paragraph, is for how a "trusted" authority should establish trust with an untrusted endpoint - you do some activity to prove to that party that you "own" the domain, and that third party, which is a trusted authority by some other definition, is depended on for its verification of your site. Maybe that is enough to establish trust, but how does it relate to the post?
If you want to complain about the methods CAs use to verify identity, then that is a different discussion. If you feel a CA charges too much for its services, find a different one. The digicert price I found was after clicking 2 links in a google search. I bet you can find better prices without looking too hard.
Or you get behind someone like CACert.org, who gives out free (as in beer) certs and (I believe) is still trying to be accepted by mozilla as a trusted root CA:
https://bugzilla.mozilla.org/show_bug.cgi?id=21...
Mozilla has a nice, fair, and public policy for how to become a trusted CA:
http://www.mozilla.org/projects/security/certs/...
So I don't think there are major roadblocks preventing somebody from using your method to establish trust and charging less than $100 a year and getting accepted by mozilla as a root CA. Except, you know, capitalism.
