Due to low light condition, the shutter time is longer, and even small shaking from the tapping of the camera button will make the photo un-usable.

So, we created Night Camera, the app to prevent the blur at the first place. Using the built-in iPhone accelerometer, it automatically shoots the photo when it detects the iPhone being stable, so you have a real chance to get some good photos at night.

Sounds very compelling. Basically image stabilization (or rather image selection based on stability data) on inexpensive hardware.

There is one problem with this, which is that the iPhone according to this post uses a camera module that has a fixed 200ms rolling shutter. This seems very plausible, as most camera modules of cell phone use this technique. There also is plenty of photo evidence that this is the case. With a rolling shutter, the exposure time of the CMOS sensor is fixed. In other words, the claim that the shutter time is longer at night is wrong. Unless I am missing something, the makers of the above application at least don’t understand how the iPhone camera works.

Not it may be that in general the accelerometer could be useful for enhancing image quality by reducing movement. However anecdotal evidence shows no visible improvement, and the above app has only 2.5 start on iTunes.

Typically the initial tally by the NVCA increases by 15% or so as additional closes are announced (see Estimate in the graph for where I think we will end up), but even then this number is very low the worst we have seen in the last decade. Total capital raised was $1.7 billion.

Given that a typical venture fund runs 4-5 years, and assuming 1.5 parallel funds per firm (e.g. health care and IT), the average firm has to raise funds every 3 years or go out of business. With 25 funds per quarter, this means the fundraising can sustain 300-350 firms total. Given that we have 800-900 active firms now, expect a major shakeout. It will be interesting to see where it stabilizes. The NYTimes suggests between a third and half of VC firms will disappear. This would require fund raising to go back to a level of 40 new funds per quarter, which seems possible.

And again, for the firms that survive as well as for the LPs this will be a good thing. VC returns have been too low for the past 9 years, and this development is the start of correcting this.

While low, these number are actually better than I would have expected. The total amount raised is slightly higher than last quarter. Usually the NVCA numbers in the first press release are about 5-10% below the final numbers, thus one would expect this to look even better. However about 25% of the total funding amount is just from two funds (August and Bain), this might skew the numbers. And I would expect the downturn to continue.

All that being said, it is still pretty clear there will be a shakeout in Venture Capital, and the sport in silicon valley seems to be compiling lists of the walking dead, i.e. firms that have not been able to raise funds, or are no longer making investments. Pick your favorite list from The Funded, VentureBeat (a bit broad), or PEHub (subscription required). To quote John Holman interviewed on PEHub when asked if there was an exodus from the VC industry: ” ‘exodus’ implies that they are leaving by choice, and that’s not generally the case.”

In the end I still think this is a good thing. We have too many active VC firms right now, a number of them of  questionable quality. In the end this doesn’t help anyone, not even the entrepreneur. The reduced cost of capital is outweighed by having more competitors that are being funded, and having to spend more on sales and marketing to eventually prevail over them.

A second technology that is highlighted is Siri’s personal assistant software. I am really looking forward to trying out Siri’s product when it goes into beta later this year. For full disclosure, Morgenthaler is an investor in Siri.

About 12 hours or so after booking travel I received a voice mail saying they had detected a potentially fraudulent transaction on my credit card, and it asked me to call back the number 1-888-918-7313.

I did, and a friendly call center employee asked me to provide him with the following information to proceed:

• Home phone
• Full Name
• Full date of birth
• Last 4 digits of my social security number

Now thinking about it, this seems like a really bad idea. I have no idea who I am talking to on the phone. For all I know, this could be a phishing operation abroad. You can get a 1-800 number instantly, and forward it to a Skype-In number which you then can forward anywhere. This is not even a new trick, but has been done since at least 2006.

In this case, it was legitimate. I was talking to Anthony who is working for PSCU Financial Services, who is running the Falcon system for cards issued by my bank, the Stanford Federal Credit Union. And to Anthony’s credit, when I started asking questions he immediately suggested that I should call my bank to verify the phone number. I asked him if PSCU recommends giving out the above information to someone who calls you and claims that they are working for your bank. He said they are neutral, but this is their standard practice.

The real risk here is that the SFCU is training their customers to give out personal information to anyone calling them and claiming to be their bank. Experience has shown that consumers are not good in judging what personal information is sensitive and what is not. Assume a consumer receives 3 legitimate calls over a year, and then an phishing call asking for a complete SSID. My guess is that anywhere from 10% to 50% of consumers would provide that information.

I asked Anthony of PSCU for his opinion if this is an issue. He did agree that this practice makes it more likely that consumers give out information when being called. I also talked to Nadene at SFCU member services and she agreed that this would increase the risk of consumers giving out sensitive information. She also said all the above is essentially “public record”, which I would argue at least for the full date of birth and home phone is incorrect (most states require these to be blackened out in public documents).

In the end what the banks are trying to do here is to lower the cost of fraud verification. If I call through the call center of my bank, this will add somewhere around $10-$30 in call center cost. However the downside is that the banks are essentially training their users to become easy targets of phone phishing attacks.

Thanks to my co-authors Mark Schertler and Luther Martin. Specifically Luther deserves the majority of the credit for moving this through the process over the past two (or more?) years. Also thanks to Terence Spies at Voltage, as well as Eric Rescorla, Tim Polk and Blake Ramsdell at the IETF for their support.

Only 43 venture funds where closed in Q4, and the total capital raised was $3.3 billion. This is down from 84 funds raising $11.6 billion a in Q4 of 2007. This brings venture fund raising back to the levels we saw right after the crash of 2000. I would expect to see a further decline for all of the next year in both number of funds as well as total capital. What this means for the venture industry is that if you have fully invested your old fund, and not yet raised a new fund (or at least had an initial closing), you may be in a very difficult situation. Howeve if you just raised a fund, you can expect less competition (and thus hopefully better returns) in the next few years.

The event that triggered this post was me picking up my rental car when arriving in Europe. A very friendly representative told me that unfortunately my visa card was declined when trying to charge a $700 deposit on the account. That was odd. The card usually operates as a debit card (with either signature or pin based transactions) and the account had well over $10k on the account. It was also odd as I had used the same card at the same agency 9 months before without problems.

I called SFCU Cardholder Services and a less friendly representative told me that the reason was that $700 was above my transaction limit. The limit could only be changed by the SFCU customer representatives, and they would not be in the office before Monday 9am. As it was Friday night, this meant 48+ hours without a car. We eventually booked the car with Isabelle’s card two hours later.

About 12 hours later I received a voice mail from the SFCU that my card had been flagged for a suspicious transaction, and that unless I call them back, it would be blocked. I called the SFCU Cardholder Services again, and spoke to a representative who identified himself as “Alton” working in Tampa Florida. According to him, the initial transaction was not blocked because of the transaction limit, but because it was flagged as fraudulent. This made more sense. He was not able to explain why his colleague 12 hours earlier had told me something different.

I asked him if he had indication why it was flagged. He said that their default policy is to initially block any transactions outside your home state. It is declined, but can be be authorized if they contact me successfully which should happen in a matter of hours. The only exception is if the travel has been registered in their system in advance. Essentially this means unless you pre-register your travel, the SFCU Visa Card will not work reliably outside of California.

Alton connected me to Patt who identified herself as working for PSCU in St. Petersburg, Florida. Her job was verifying transactions, and what she said mostly matched with what Alton had told me.

I appreciate that the SFCU wants to manage fraud, but initially declining any transaction that is out-of-state essentially makes their Visa Card unusable for traveling. Given the the diverse and international Stanford community, this seems especially out of place.

This is also not the first time this has happened. Over the past years the SFCU has blocked transactions or threatened to block the card due to incorrect fraud alerts about half a dozen times. And I am not the only person having this problem (see this Yelp review). One remedy that the SFCU has suggested is to pre-register any out of state travel with them. This for me is not only impractical due to the amount I travel, but also due to stop-overs and route changes. I had my card flagged once for purchasing food at Denver Airport while changing planes.

The actual analysis and flagging seems to be done by Fair Isaac’s Falcon Fraud Manager. From the SFCU’s original email when introducing this service dated November 3rd, 2006:

To enhance security on your Stanford FCU QUAD and ATM cards, we have launched the Falcon Fraud Manager, which is a state-of-the-art system for detecting card. Unusual or suspicious transactions are those that do not fall under your pattern of debit card usage. For example, if you have not conducted debit card transactions in Germany within the last two months, and a transaction is conducted in Germany with your debit card number, this would be considered a suspicious transaction. The transaction would be blocked, and a Falcon Representative would attempt to contact you.

If the representative is unable to reach you within 24 hours or you are unable to reach the representative at 1-800-871-9159, your card will be permanently blocked and you will receive a new card.

Emphasis mine. So if you fly to India from SFO (which can easily take 24 hours door to door) and don’t have a chance to call them back, they would permanently block your card. They may since have changed this policy, on their web site it now says “your card MAY be temporarily blocked until we validate the activity with you.”. I am not sure I would take the chance.

I think at its core, the SFCU has a customer relationship problem. For me, their cards are their most important product. They have outsourced the important parts of this product (customer service, fraud detection) to a external company. I have spent a lot more time with representatives of their outsourcing partner that with the SFCU themselves. The SFCU staff may be friendly and competent, but I would not even know that. If you outsource your primary customer touchpoint, you have to manage that touchpoint very carefully or pay the consquences.

I asked the SFCU for comment on this post and will update if I hear from them.

And in the mean time, does anyone have a good suggestion for a card that works internationally?

Update: Lisa Uribe from the SFCU called me and said that they could register me as someone who travels frequently and that should reduce the number of times transactions get flagged for fraud. I had asked the SFCU previously if something like this could be done and at that time customer service representative (who was not Lisa) did not know of such an option. Lisa was very competent on the phone. Again it seems that SFCU staff is a lot better than the card services staff. However when I had trouble with my card, I usually did not end up talking to SFCU staff.

According to the NVCA release, the number of venture funds closed over the last quarters is:

    1Q'07           83
    2Q'07           83
    3Q'07           78
    4Q'07           85
    1Q'08           70
    2Q'08           76
    3Q'08           55

In 3Q of this year we saw a steep drop. However the impact of the current liquidity crisis and the resulting stock market decline didn’t become fully apparent until October. If I would have to bet, I would expect 4Q to look a lot worse. Venture Beat recently wrote about this and concluded that essentially what we are seeing, is a shakeout in the VC industry. While I haven’t seen numbers yet that conclusively demonstrate this, it intuitively makes sense. Firms that were burnt badly in the post-bubble of 2000-2003, now have fully invested their funds and realize that in the current financial climate they can’t raise additional capital. One would expect new entrants in the Venture Capital space to be the most vulnerable. A firm like Morgenthaler with almost 40 years of track record and an established network of LP’s is naturally in a much better position.

For those firms that do raise funds now, prospects are not bad. Less active firms means less competition and more attractive valuations. Public markets may stay closed for a while, but private companies have a lot of cash on their balance sheets that I would expect them to eventually use for acquisitions. In the end I do think venture backed companies are a more effective model for innovation than large companies doing it themselves. If this is correct, the value chain should continue to function and venture investors will make money.

In the mean time, congratulations to the Morgenthaler team for closing their ninth fund!

OpenFlow Demo at the GEC3

We just finished the OpenFlow Demo at the GENI Engineering Conference, and it was amazing. We showed our new OpenFlow protocol running on switches from Cisco, Juniper, HP and NEC. Our experimental network stretched half way around the globe from Stanford to Tokyo via New York. It used fibers from  Internet2, CalRen and JGN2plus.

Over this network we showed how we can move around a running game server from one physical host to another without the game even getting interrupted. We demonstrated how you can route a network connection with a simple drag and drop interface (e.g. a TCP flow inside Stanford going via Tokyo and Houston). We even sent a running game server to Tokyo from Stanford, without losing the connection.

Press coverage of the demo included articles English, Japanese, Swedish and Spanish. The OpenFlow web site recieved a few thousand hits, with visitors from every major company in the networking space. All this was made possible by about 40 people from Stanford, Internet2, Cisco, Juniper, HP and NEC had been working on this for months.

As a result of this, OpenFlow is building momentum. NEC announced during the conference support for OpenFlow in their product, and more announcements will follow. By mid next year we are hoping to have pilot deployments at 6-10 universities, and I would hope we will see commercial deployments in that time frame as well. All in all a huge step forward for OpenFlow.